From 6f22ae09be14e33976e1a4add7c3fdfec07cb627 Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Sat, 25 Jan 2025 20:00:38 +0100 Subject: [PATCH 1/8] Add error handling to EP hash function. --- include/relic_ep.h | 7 +++++++ src/ep/relic_ep_map.c | 25 ++++++++++++++++++++++--- test/test_ep.c | 21 +++++++++++---------- 3 files changed, 40 insertions(+), 13 deletions(-) diff --git a/include/relic_ep.h b/include/relic_ep.h index f81a9c95c..781a847b8 100644 --- a/include/relic_ep.h +++ b/include/relic_ep.h @@ -1286,6 +1286,13 @@ void ep_map_sswum(ep_t p, const uint8_t *msg, size_t len); */ void ep_map_swift(ep_t p, const uint8_t *msg, size_t len); +/** + * Returns number of bytes required as input for secure hashing. + * + @return the number of uniform bytes required for hashing. + */ +size_t ep_map_rnd_size(void); + /** * Maps a random byte array to a point in a prime elliptic curve. * diff --git a/src/ep/relic_ep_map.c b/src/ep/relic_ep_map.c index 971b036a1..5f759ab79 100644 --- a/src/ep/relic_ep_map.c +++ b/src/ep/relic_ep_map.c @@ -490,7 +490,7 @@ void ep_map_sswum(ep_t p, const uint8_t *msg, size_t len) { void (*const map_fn)(ep_t, const fp_t) = (ep_curve_is_ctmap() || abNeq0 ? ep_map_sswu : ep_map_svdw); - ep_map_sswum_impl(p, r, len, map_fn); + ep_map_sswum_impl(p, r, 2 * elm, map_fn); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); @@ -538,9 +538,30 @@ void ep_map_swift(ep_t p, const uint8_t *msg, size_t len) { #endif +size_t ep_map_rnd_size(void) { + const size_t elm = (FP_PRIME + ep_param_level() + 7) / 8; + +#if EP_MAP == BASIC || !defined(STRIP) + return elm; +#elif EP_MAP == SSWUM || !defined(STRIP) + return 2 * elm; +#elif EP_MAP == SWIFT || !defined(STRIP) + return 2 * elm + 1; +#endif +} + void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) { + /* Make sure that input is long enough for any of the hash functons. */ + if (len < ep_map_rnd_size()) { + RLC_THROW(ERR_NO_BUFFER); + ep_set_infty(p); + return; + } + #if EP_MAP == BASIC || !defined(STRIP) ep_map_basic_impl(p, uniform_bytes, len); +#elif EP_MAP == SSWUM || !defined(STRIP) + ep_map_swift_impl(p, uniform_bytes, len); #elif EP_MAP == SWIFT || !defined(STRIP) /* figure out which hash function to use */ const int abNeq0 = (ep_curve_opt_a() != RLC_ZERO) && @@ -549,7 +570,5 @@ void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) { (ep_curve_is_ctmap() || abNeq0 ? ep_map_sswu : ep_map_svdw); ep_map_sswum_impl(p, uniform_bytes, len, map_fn); -#elif EP_MAP == SSWUM || !defined(STRIP) - ep_map_swift_impl(p, uniform_bytes, len); #endif } diff --git a/test/test_ep.c b/test/test_ep.c index c7a7c1bdb..6651c6ccf 100644 --- a/test/test_ep.c +++ b/test/test_ep.c @@ -1353,7 +1353,8 @@ static int hashing(void) { int code = RLC_ERR; ep_t a; bn_t n; - uint8_t msg[5]; + /* Allocate buffer with plenty of room. */ + uint8_t msg[4 * RLC_FP_BYTES]; ep_null(a); bn_null(n); @@ -1365,12 +1366,12 @@ static int hashing(void) { ep_curve_get_ord(n); TEST_CASE("point hashing is correct") { - rand_bytes(msg, sizeof(msg)); - ep_map(a, msg, sizeof(msg)); + rand_bytes(msg, ep_map_rnd_size()); + ep_map(a, msg, ep_map_rnd_size()); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end); ep_mul(a, a, n); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end); - ep_map_rnd(a, msg, sizeof(msg)); + ep_map_rnd(a, msg, ep_map_rnd_size()); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end); ep_mul(a, a, n); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end); @@ -1379,8 +1380,8 @@ static int hashing(void) { #if EP_MAP == BASIC || !defined(STRIP) TEST_CASE("basic point hashing is correct") { - rand_bytes(msg, sizeof(msg)); - ep_map_basic(a, msg, sizeof(msg)); + rand_bytes(msg, ep_map_rnd_size()); + ep_map_basic(a, msg, ep_map_rnd_size()); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end); ep_mul(a, a, n); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end); @@ -1390,8 +1391,8 @@ static int hashing(void) { #if EP_MAP == SSWUM || !defined(STRIP) TEST_CASE("simplified SWU point hashing is correct") { - rand_bytes(msg, sizeof(msg)); - ep_map_sswum(a, msg, sizeof(msg)); + rand_bytes(msg, ep_map_rnd_size()); + ep_map_sswum(a, msg, ep_map_rnd_size()); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end); ep_mul(a, a, n); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end); @@ -1403,8 +1404,8 @@ static int hashing(void) { if (!ep_curve_is_super()) { if (ep_curve_opt_a() == RLC_ZERO || ep_curve_opt_b() == RLC_ZERO) { TEST_CASE("swift point hashing is correct") { - rand_bytes(msg, sizeof(msg)); - ep_map_swift(a, msg, sizeof(msg)); + rand_bytes(msg, ep_map_rnd_size()); + ep_map_swift(a, msg, ep_map_rnd_size()); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end); ep_mul(a, a, n); TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end); From 0cff31bb9e157ab9c81b1c7ac38c3cbf29cccb2d Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Sat, 25 Jan 2025 20:28:21 +0100 Subject: [PATCH 2/8] Refine hashing support. --- bench/bench_ep.c | 12 ++++++------ include/relic_label.h | 2 ++ src/ep/relic_ep_map.c | 6 ------ 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/bench/bench_ep.c b/bench/bench_ep.c index 430cc0904..0b5422bdc 100644 --- a/bench/bench_ep.c +++ b/bench/bench_ep.c @@ -575,15 +575,15 @@ static void arith(void) { } BENCH_RUN("ep_map") { - uint8_t msg[5]; - rand_bytes(msg, 5); - BENCH_ADD(ep_map(p, msg, 5)); + uint8_t msg[4 * RLC_FP_BYTES]; + rand_bytes(msg, ep_map_rnd_size()); + BENCH_ADD(ep_map(p, msg, ep_map_rnd_size())); } BENCH_END; BENCH_RUN("ep_map_rnd") { - uint8_t msg[5]; - rand_bytes(msg, 5); - BENCH_ADD(ep_map_rnd(p, msg, 5)); + uint8_t msg[4 * RLC_FP_BYTES]; + rand_bytes(msg, ep_map_rnd_size()); + BENCH_ADD(ep_map_rnd(p, msg, ep_map_rnd_size())); } BENCH_END; #if EP_MAP == BASIC || !defined(STRIP) diff --git a/include/relic_label.h b/include/relic_label.h index 715d8c1f5..c65a4c64d 100644 --- a/include/relic_label.h +++ b/include/relic_label.h @@ -1012,6 +1012,7 @@ #undef ep_map_basic #undef ep_map_sswum #undef ep_map_swift +#undef ep_map_rnd_size #undef ep_map_rnd #undef ep_pck #undef ep_upk @@ -1107,6 +1108,7 @@ #define ep_map_basic RLC_PREFIX(ep_map_basic) #define ep_map_sswum RLC_PREFIX(ep_map_sswum) #define ep_map_swift RLC_PREFIX(ep_map_swift) +#define ep_map_rnd_size RLC_PREFIX(ep_map_rnd_size) #define ep_map_rnd RLC_PREFIX(ep_map_rnd) #define ep_pck RLC_PREFIX(ep_pck) #define ep_upk RLC_PREFIX(ep_upk) diff --git a/src/ep/relic_ep_map.c b/src/ep/relic_ep_map.c index 5f759ab79..b4689697a 100644 --- a/src/ep/relic_ep_map.c +++ b/src/ep/relic_ep_map.c @@ -541,13 +541,7 @@ void ep_map_swift(ep_t p, const uint8_t *msg, size_t len) { size_t ep_map_rnd_size(void) { const size_t elm = (FP_PRIME + ep_param_level() + 7) / 8; -#if EP_MAP == BASIC || !defined(STRIP) - return elm; -#elif EP_MAP == SSWUM || !defined(STRIP) - return 2 * elm; -#elif EP_MAP == SWIFT || !defined(STRIP) return 2 * elm + 1; -#endif } void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) { From 322fce671925085a10a6326c86910f1bcf2767bb Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Mon, 27 Jan 2025 09:15:00 +0100 Subject: [PATCH 3/8] Update relic_ep_map.c and remove buggy STRIPs --- src/ep/relic_ep_map.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ep/relic_ep_map.c b/src/ep/relic_ep_map.c index b4689697a..acae80436 100644 --- a/src/ep/relic_ep_map.c +++ b/src/ep/relic_ep_map.c @@ -552,11 +552,11 @@ void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) { return; } -#if EP_MAP == BASIC || !defined(STRIP) +#if EP_MAP == BASIC ep_map_basic_impl(p, uniform_bytes, len); -#elif EP_MAP == SSWUM || !defined(STRIP) +#elif EP_MAP == SSWUM ep_map_swift_impl(p, uniform_bytes, len); -#elif EP_MAP == SWIFT || !defined(STRIP) +#elif EP_MAP == SWIFT /* figure out which hash function to use */ const int abNeq0 = (ep_curve_opt_a() != RLC_ZERO) && (ep_curve_opt_b() != RLC_ZERO); From 1f8ef05310bcb9972559288e7fab2c535e34d020 Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Mon, 27 Jan 2025 09:40:22 +0100 Subject: [PATCH 4/8] Shorten config. --- include/relic_pp.h | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/include/relic_pp.h b/include/relic_pp.h index 541bf2953..c1d1d2cc4 100644 --- a/include/relic_pp.h +++ b/include/relic_pp.h @@ -485,12 +485,10 @@ * @param[in] P - the first elliptic curve point. * @param[in] Q - the second elliptic curve point. */ -#if PP_MAP == TATEP +#if PP_MAP == TATEP || PP_MAP == OATEP #define pp_map_k1(R, P, Q) pp_map_tatep_k1(R, P, Q) #elif PP_MAP == WEILP #define pp_map_k1(R, P, Q) pp_map_weilp_k1(R, P, Q) -#elif PP_MAP == OATEP -#define pp_map_k1(R, P, Q) pp_map_tatep_k1(R, P, Q) #endif /** @@ -501,12 +499,10 @@ * @param[in] P - the first elliptic curve point. * @param[in] Q - the second elliptic curve point. */ -#if PP_MAP == TATEP +#if PP_MAP == TATEP || PP_MAP == OATEP #define pp_map_k2(R, P, Q) pp_map_tatep_k2(R, P, Q) #elif PP_MAP == WEILP #define pp_map_k2(R, P, Q) pp_map_weilp_k2(R, P, Q) -#elif PP_MAP == OATEP -#define pp_map_k2(R, P, Q) pp_map_tatep_k2(R, P, Q) #endif /** From 802ce0df190567d80306239dc5c75fda70a98c37 Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Mon, 27 Jan 2025 10:03:05 +0100 Subject: [PATCH 5/8] Some fixes to STRIP support. --- include/relic_ed.h | 2 -- src/ep/relic_ep_map.c | 4 ++-- src/ep/relic_ep_mul.c | 2 -- src/ep/relic_ep_mul_cof.c | 2 ++ src/epx/relic_ep2_mul.c | 7 ------- 5 files changed, 4 insertions(+), 13 deletions(-) diff --git a/include/relic_ed.h b/include/relic_ed.h index b741ebef2..1ca21fc9a 100644 --- a/include/relic_ed.h +++ b/include/relic_ed.h @@ -112,10 +112,8 @@ typedef struct { fp_st y; /** The third coordinate (projective representation). */ fp_st z; -#if ED_ADD == EXTND || !defined(STRIP) /** The forth coordinate (extended coordinates) */ fp_st t; -#endif /** Flag to indicate the coordinate system of this point. */ int coord; } ed_st; diff --git a/src/ep/relic_ep_map.c b/src/ep/relic_ep_map.c index acae80436..c4f72cea3 100644 --- a/src/ep/relic_ep_map.c +++ b/src/ep/relic_ep_map.c @@ -554,9 +554,9 @@ void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) { #if EP_MAP == BASIC ep_map_basic_impl(p, uniform_bytes, len); -#elif EP_MAP == SSWUM - ep_map_swift_impl(p, uniform_bytes, len); #elif EP_MAP == SWIFT + ep_map_swift_impl(p, uniform_bytes, len); +#elif EP_MAP == SSWUM /* figure out which hash function to use */ const int abNeq0 = (ep_curve_opt_a() != RLC_ZERO) && (ep_curve_opt_b() != RLC_ZERO); diff --git a/src/ep/relic_ep_mul.c b/src/ep/relic_ep_mul.c index 692035db5..1c965db50 100644 --- a/src/ep/relic_ep_mul.c +++ b/src/ep/relic_ep_mul.c @@ -193,7 +193,6 @@ static void ep_mul_naf_imp(ep_t r, const ep_t p, const bn_t k) { #endif /* EP_PLAIN || EP_SUPER */ #endif /* EP_MUL == LWNAF */ -#if EP_MUL == LWREG || !defined(STRIP) #if defined(EP_ENDOM) static void ep_mul_reg_glv(ep_t r, const ep_t p, const bn_t k) { @@ -404,7 +403,6 @@ static void ep_mul_reg_imp(ep_t r, const ep_t p, const bn_t k) { } #endif /* EP_PLAIN || EP_SUPER */ -#endif /* EP_MUL == LWREG */ /*============================================================================*/ /* Public definitions */ diff --git a/src/ep/relic_ep_mul_cof.c b/src/ep/relic_ep_mul_cof.c index a0dd8f5e6..f69415f43 100644 --- a/src/ep/relic_ep_mul_cof.c +++ b/src/ep/relic_ep_mul_cof.c @@ -147,6 +147,8 @@ void ep_mul_cof(ep_t r, const ep_t p) { break; #endif default: + (void)u; + (void)v; /* multiply by cofactor to get the correct group. */ ep_curve_get_cof(k); ep_mul_big(r, p, k); diff --git a/src/epx/relic_ep2_mul.c b/src/epx/relic_ep2_mul.c index 6ccb28655..6732bfa08 100644 --- a/src/epx/relic_ep2_mul.c +++ b/src/epx/relic_ep2_mul.c @@ -124,8 +124,6 @@ static void ep2_mul_gls_imp(ep2_t r, const ep2_t p, const bn_t k) { #endif /* EP_MUL == LWNAF */ -#if EP_MUL == LWREG || !defined(STRIP) - static void ep2_mul_reg_gls(ep2_t r, const ep2_t p, const bn_t k) { size_t l; bn_t n, _k[4], u; @@ -243,7 +241,6 @@ static void ep2_mul_reg_gls(ep2_t r, const ep2_t p, const bn_t k) { } } -#endif /* EP_MUL == LWREG */ #endif /* EP_ENDOM */ #if defined(EP_PLAIN) || defined(EP_SUPER) @@ -614,8 +611,6 @@ void ep2_mul_lwnaf(ep2_t r, const ep2_t p, const bn_t k) { #endif -#if EP_MUL == LWREG || !defined(STRIP) - void ep2_mul_lwreg(ep2_t r, const ep2_t p, const bn_t k) { if (bn_is_zero(k) || ep2_is_infty(p)) { ep2_set_infty(r); @@ -634,8 +629,6 @@ void ep2_mul_lwreg(ep2_t r, const ep2_t p, const bn_t k) { #endif } -#endif - void ep2_mul_gen(ep2_t r, const bn_t k) { if (bn_is_zero(k)) { ep2_set_infty(r); From c9ec538d09b15d95835151a020716873e06064c9 Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Mon, 27 Jan 2025 10:25:18 +0100 Subject: [PATCH 6/8] Add ifdef guards here. --- src/epx/relic_ep2_curve.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/epx/relic_ep2_curve.c b/src/epx/relic_ep2_curve.c index 1d7697339..5f6fc7f7a 100644 --- a/src/epx/relic_ep2_curve.c +++ b/src/epx/relic_ep2_curve.c @@ -802,8 +802,9 @@ void ep2_curve_set_twist(int type) { fp2_new(u); bn_new(r); bn_new(h); - + switch (ep_param_get()) { +#if defined(EP_ENDOM) #if FP_PRIME == 158 case BN_P158: ASSIGN(BN_P158); @@ -866,6 +867,7 @@ void ep2_curve_set_twist(int type) { ASSIGN(B12_P1150); break; #endif +#endif /* EP_ENDOM */ default: (void)str; RLC_THROW(ERR_NO_VALID); From c56cb2c8ed0fe649d6301a62082262b61e2950ca Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Mon, 27 Jan 2025 10:36:14 +0100 Subject: [PATCH 7/8] Only compile this function if ENDOM is turned on. --- src/ep/relic_ep_psi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ep/relic_ep_psi.c b/src/ep/relic_ep_psi.c index d080fcbbb..767f7d9c0 100644 --- a/src/ep/relic_ep_psi.c +++ b/src/ep/relic_ep_psi.c @@ -36,6 +36,8 @@ /* Public definitions */ /*============================================================================*/ +#if defined(EP_ENDOM) + void ep_psi(ep_t r, const ep_t p) { if (ep_is_infty(p)) { ep_set_infty(r); @@ -53,3 +55,4 @@ void ep_psi(ep_t r, const ep_t p) { } } +#endif \ No newline at end of file From 7b8be9bee7f16add0bdbbecb1c3ed490285a4302 Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Mon, 27 Jan 2025 21:28:10 +0100 Subject: [PATCH 8/8] Make randomness required for hashing more precise. --- src/ep/relic_ep_map.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/ep/relic_ep_map.c b/src/ep/relic_ep_map.c index c4f72cea3..e553d647f 100644 --- a/src/ep/relic_ep_map.c +++ b/src/ep/relic_ep_map.c @@ -541,7 +541,13 @@ void ep_map_swift(ep_t p, const uint8_t *msg, size_t len) { size_t ep_map_rnd_size(void) { const size_t elm = (FP_PRIME + ep_param_level() + 7) / 8; +#if EP_MAP == BASIC + return elm; +#elif EP_MAP == SSWUM + return 2 * elm; +#elif EP_MAP == SWIFT return 2 * elm + 1; +#endif } void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) {