Merge branch 'main' into amore

relic-toolkit · Jan 27, 2025 · aefe9f4 · aefe9f4
2 parents ea9d01c + 7b8be9b
commit aefe9f4
Show file tree

Hide file tree

Showing 12 changed files with 60 additions and 39 deletions.
diff --git a/bench/bench_ep.c b/bench/bench_ep.c
@@ -575,15 +575,15 @@ static void arith(void) {
 	}
 
 	BENCH_RUN("ep_map") {
-		uint8_t msg[5];
-		rand_bytes(msg, 5);
-		BENCH_ADD(ep_map(p, msg, 5));
+		uint8_t msg[4 * RLC_FP_BYTES];
+		rand_bytes(msg, ep_map_rnd_size());
+		BENCH_ADD(ep_map(p, msg, ep_map_rnd_size()));
 	} BENCH_END;
 
 	BENCH_RUN("ep_map_rnd") {
-		uint8_t msg[5];
-		rand_bytes(msg, 5);
-		BENCH_ADD(ep_map_rnd(p, msg, 5));
+		uint8_t msg[4 * RLC_FP_BYTES];
+		rand_bytes(msg, ep_map_rnd_size());
+		BENCH_ADD(ep_map_rnd(p, msg, ep_map_rnd_size()));
 	} BENCH_END;
 
 #if EP_MAP == BASIC || !defined(STRIP)

diff --git a/include/relic_ed.h b/include/relic_ed.h
@@ -112,10 +112,8 @@ typedef struct {
 	fp_st y;
 	/** The third coordinate (projective representation). */
 	fp_st z;
-#if ED_ADD == EXTND || !defined(STRIP)
 	/** The forth coordinate (extended coordinates) */
 	fp_st t;
-#endif
 	/** Flag to indicate the coordinate system of this point. */
 	int coord;
 } ed_st;

diff --git a/include/relic_ep.h b/include/relic_ep.h
@@ -1288,6 +1288,13 @@ void ep_map_sswum(ep_t p, const uint8_t *msg, size_t len);
  */
 void ep_map_swift(ep_t p, const uint8_t *msg, size_t len);
 
+/**
+ * Returns number of bytes required as input for secure hashing.
+ * 
+ @return the number of uniform bytes required for hashing.
+ */
+size_t ep_map_rnd_size(void);
+
 /**
  * Maps a random byte array to a point in a prime elliptic curve.
  *

diff --git a/include/relic_label.h b/include/relic_label.h
@@ -1014,6 +1014,7 @@
 #undef ep_map_basic
 #undef ep_map_sswum
 #undef ep_map_swift
+#undef ep_map_rnd_size
 #undef ep_map_rnd
 #undef ep_pck
 #undef ep_upk
@@ -1109,6 +1110,7 @@
 #define ep_map_basic 	RLC_PREFIX(ep_map_basic)
 #define ep_map_sswum 	RLC_PREFIX(ep_map_sswum)
 #define ep_map_swift 	RLC_PREFIX(ep_map_swift)
+#define ep_map_rnd_size 	RLC_PREFIX(ep_map_rnd_size)
 #define ep_map_rnd 	RLC_PREFIX(ep_map_rnd)
 #define ep_pck 	RLC_PREFIX(ep_pck)
 #define ep_upk 	RLC_PREFIX(ep_upk)

diff --git a/include/relic_pp.h b/include/relic_pp.h
@@ -485,12 +485,10 @@
  * @param[in] P				- the first elliptic curve point.
  * @param[in] Q				- the second elliptic curve point.
  */
-#if PP_MAP == TATEP
+#if PP_MAP == TATEP || PP_MAP == OATEP
 #define pp_map_k1(R, P, Q)		pp_map_tatep_k1(R, P, Q)
 #elif PP_MAP == WEILP
 #define pp_map_k1(R, P, Q)		pp_map_weilp_k1(R, P, Q)
-#elif PP_MAP == OATEP
-#define pp_map_k1(R, P, Q)		pp_map_tatep_k1(R, P, Q)
 #endif
 
 /**
@@ -501,12 +499,10 @@
  * @param[in] P				- the first elliptic curve point.
  * @param[in] Q				- the second elliptic curve point.
  */
-#if PP_MAP == TATEP
+#if PP_MAP == TATEP || PP_MAP == OATEP
 #define pp_map_k2(R, P, Q)		pp_map_tatep_k2(R, P, Q)
 #elif PP_MAP == WEILP
 #define pp_map_k2(R, P, Q)		pp_map_weilp_k2(R, P, Q)
-#elif PP_MAP == OATEP
-#define pp_map_k2(R, P, Q)		pp_map_tatep_k2(R, P, Q)
 #endif
 
 /**

diff --git a/src/ep/relic_ep_map.c b/src/ep/relic_ep_map.c
@@ -490,7 +490,7 @@ void ep_map_sswum(ep_t p, const uint8_t *msg, size_t len) {
 		void (*const map_fn)(ep_t, const fp_t) = 
 				(ep_curve_is_ctmap() || abNeq0 ? ep_map_sswu : ep_map_svdw);
 
-		ep_map_sswum_impl(p, r, len, map_fn);
+		ep_map_sswum_impl(p, r, 2 * elm, map_fn);
 	}
 	RLC_CATCH_ANY {
 		RLC_THROW(ERR_CAUGHT);
@@ -538,18 +538,37 @@ void ep_map_swift(ep_t p, const uint8_t *msg, size_t len) {
 
 #endif
 
+size_t ep_map_rnd_size(void) {
+	const size_t elm = (FP_PRIME + ep_param_level() + 7) / 8;
+
+#if EP_MAP == BASIC
+	return elm;
+#elif EP_MAP == SSWUM
+	return 2 * elm;
+#elif EP_MAP == SWIFT
+	return 2 * elm + 1;
+#endif
+}
+
 void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) {
-#if EP_MAP == BASIC || !defined(STRIP)
+	/* Make sure that input is long enough for any of the hash functons. */
+	if (len < ep_map_rnd_size()) {
+		RLC_THROW(ERR_NO_BUFFER);
+		ep_set_infty(p);
+		return;
+	}
+
+#if EP_MAP == BASIC
 	ep_map_basic_impl(p, uniform_bytes, len);
-#elif EP_MAP == SWIFT || !defined(STRIP)
+#elif EP_MAP == SWIFT
+	ep_map_swift_impl(p, uniform_bytes, len);
+#elif EP_MAP == SSWUM
 	/* figure out which hash function to use */
 	const int abNeq0 = (ep_curve_opt_a() != RLC_ZERO) &&
 			(ep_curve_opt_b() != RLC_ZERO);
 	void (*const map_fn)(ep_t, const fp_t) = 
 			(ep_curve_is_ctmap() || abNeq0 ? ep_map_sswu : ep_map_svdw);
 
 	ep_map_sswum_impl(p, uniform_bytes, len, map_fn);
-#elif EP_MAP == SSWUM || !defined(STRIP)
-	ep_map_swift_impl(p, uniform_bytes, len);
 #endif
 }
diff --git a/src/ep/relic_ep_mul.c b/src/ep/relic_ep_mul.c
@@ -193,7 +193,6 @@ static void ep_mul_naf_imp(ep_t r, const ep_t p, const bn_t k) {
 #endif /* EP_PLAIN || EP_SUPER */
 #endif /* EP_MUL == LWNAF */
 
-#if EP_MUL == LWREG || !defined(STRIP)
 #if defined(EP_ENDOM)
 
 static void ep_mul_reg_glv(ep_t r, const ep_t p, const bn_t k) {
@@ -404,7 +403,6 @@ static void ep_mul_reg_imp(ep_t r, const ep_t p, const bn_t k) {
 }
 
 #endif /* EP_PLAIN || EP_SUPER */
-#endif /* EP_MUL == LWREG */
 
 /*============================================================================*/
 /* Public definitions                                                         */

diff --git a/src/ep/relic_ep_mul_cof.c b/src/ep/relic_ep_mul_cof.c
@@ -147,6 +147,8 @@ void ep_mul_cof(ep_t r, const ep_t p) {
 				break;
 #endif
 			default:
+				(void)u;
+				(void)v;
 				/* multiply by cofactor to get the correct group. */
 				ep_curve_get_cof(k);
 				ep_mul_big(r, p, k);

diff --git a/src/ep/relic_ep_psi.c b/src/ep/relic_ep_psi.c
@@ -36,6 +36,8 @@
 /* Public definitions                                                         */
 /*============================================================================*/
 
+#if defined(EP_ENDOM)
+
 void ep_psi(ep_t r, const ep_t p) {
 	if (ep_is_infty(p)) {
 		ep_set_infty(r);
@@ -53,3 +55,4 @@ void ep_psi(ep_t r, const ep_t p) {
  	}
 }
 
+#endif
diff --git a/src/epx/relic_ep2_curve.c b/src/epx/relic_ep2_curve.c
@@ -802,8 +802,9 @@ void ep2_curve_set_twist(int type) {
 		fp2_new(u);
 		bn_new(r);
 		bn_new(h);
-
+		
 		switch (ep_param_get()) {
+#if defined(EP_ENDOM)
 #if FP_PRIME == 158
 			case BN_P158:
 				ASSIGN(BN_P158);
@@ -866,6 +867,7 @@ void ep2_curve_set_twist(int type) {
 				ASSIGN(B12_P1150);
 				break;
 #endif
+#endif /* EP_ENDOM */
 			default:
 				(void)str;
 				RLC_THROW(ERR_NO_VALID);

diff --git a/src/epx/relic_ep2_mul.c b/src/epx/relic_ep2_mul.c
@@ -132,8 +132,6 @@ static void ep2_mul_gls_imp(ep2_t r, const ep2_t p, const bn_t k) {
 
 #endif /* EP_MUL == LWNAF */
 
-#if EP_MUL == LWREG || !defined(STRIP)
-
 static void ep2_mul_reg_gls(ep2_t r, const ep2_t p, const bn_t k) {
 	size_t l;
 	bn_t n, _k[4], u;
@@ -251,7 +249,6 @@ static void ep2_mul_reg_gls(ep2_t r, const ep2_t p, const bn_t k) {
 	}
 }
 
-#endif /* EP_MUL == LWREG */
 #endif /* EP_ENDOM */
 
 #if defined(EP_PLAIN) || defined(EP_SUPER)
@@ -622,8 +619,6 @@ void ep2_mul_lwnaf(ep2_t r, const ep2_t p, const bn_t k) {
 
 #endif
 
-#if EP_MUL == LWREG || !defined(STRIP)
-
 void ep2_mul_lwreg(ep2_t r, const ep2_t p, const bn_t k) {
 	if (bn_is_zero(k) || ep2_is_infty(p)) {
 		ep2_set_infty(r);
@@ -642,8 +637,6 @@ void ep2_mul_lwreg(ep2_t r, const ep2_t p, const bn_t k) {
 #endif
 }
 
-#endif
-
 void ep2_mul_gen(ep2_t r, const bn_t k) {
 	if (bn_is_zero(k)) {
 		ep2_set_infty(r);

diff --git a/test/test_ep.c b/test/test_ep.c
@@ -1353,7 +1353,8 @@ static int hashing(void) {
 	int code = RLC_ERR;
 	ep_t a;
 	bn_t n;
-	uint8_t msg[5];
+	/* Allocate buffer with plenty of room. */
+	uint8_t msg[4 * RLC_FP_BYTES];
 
 	ep_null(a);
 	bn_null(n);
@@ -1365,12 +1366,12 @@ static int hashing(void) {
 		ep_curve_get_ord(n);
 
 		TEST_CASE("point hashing is correct") {
-			rand_bytes(msg, sizeof(msg));
-			ep_map(a, msg, sizeof(msg));
+			rand_bytes(msg, ep_map_rnd_size());
+			ep_map(a, msg, ep_map_rnd_size());
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 			ep_mul(a, a, n);
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
-			ep_map_rnd(a, msg, sizeof(msg));
+			ep_map_rnd(a, msg, ep_map_rnd_size());
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 			ep_mul(a, a, n);
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
@@ -1379,8 +1380,8 @@ static int hashing(void) {
 
 #if EP_MAP == BASIC || !defined(STRIP)
 		TEST_CASE("basic point hashing is correct") {
-			rand_bytes(msg, sizeof(msg));
-			ep_map_basic(a, msg, sizeof(msg));
+			rand_bytes(msg, ep_map_rnd_size());
+			ep_map_basic(a, msg, ep_map_rnd_size());
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 			ep_mul(a, a, n);
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
@@ -1390,8 +1391,8 @@ static int hashing(void) {
 
 #if EP_MAP == SSWUM || !defined(STRIP)
 		TEST_CASE("simplified SWU point hashing is correct") {
-			rand_bytes(msg, sizeof(msg));
-			ep_map_sswum(a, msg, sizeof(msg));
+			rand_bytes(msg, ep_map_rnd_size());
+			ep_map_sswum(a, msg, ep_map_rnd_size());
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 			ep_mul(a, a, n);
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
@@ -1403,8 +1404,8 @@ static int hashing(void) {
 		if (!ep_curve_is_super()) {
 			if (ep_curve_opt_a() == RLC_ZERO || ep_curve_opt_b() == RLC_ZERO) {
 				TEST_CASE("swift point hashing is correct") {
-					rand_bytes(msg, sizeof(msg));
-					ep_map_swift(a, msg, sizeof(msg));
+					rand_bytes(msg, ep_map_rnd_size());
+					ep_map_swift(a, msg, ep_map_rnd_size());
 					TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 					ep_mul(a, a, n);
 					TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);