Skip to content

Commit 0202d83

Browse files
committed
Merge #199: surjectionproof: make sure that n_used_pubkeys > 0 in generate
5ac8fb0 surjectionproof: make sure that n_used_pubkeys > 0 in generate (Jonas Nick) Pull request description: ACKs for top commit: apoelstra: utACK 5ac8fb0 Tree-SHA512: 915f7181e69e2c4e1f830d6c2620a2d9b0af4d2ae8a63709b489b01ed9e13ccfeeaedebd4680cf2d927cd473a6ae88602cf29e2fdd116cb597fba6c0ab77720d
2 parents 7ff446d + 5ac8fb0 commit 0202d83

File tree

2 files changed

+27
-9
lines changed

2 files changed

+27
-9
lines changed

src/modules/surjection/main_impl.h

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -298,6 +298,10 @@ int secp256k1_surjectionproof_generate(const secp256k1_context* ctx, secp256k1_s
298298
CHECK(proof->initialized == 1);
299299
#endif
300300

301+
n_used_pubkeys = secp256k1_surjectionproof_n_used_inputs(ctx, proof);
302+
/* This must be true if the proof was created with surjectionproof_initialize */
303+
ARG_CHECK(n_used_pubkeys > 0);
304+
301305
/* Compute secret key */
302306
secp256k1_scalar_set_b32(&tmps, input_blinding_key, &overflow);
303307
if (overflow) {
@@ -321,7 +325,7 @@ int secp256k1_surjectionproof_generate(const secp256k1_context* ctx, secp256k1_s
321325

322326
/* Compute public keys */
323327
n_total_pubkeys = secp256k1_surjectionproof_n_total_inputs(ctx, proof);
324-
n_used_pubkeys = secp256k1_surjectionproof_n_used_inputs(ctx, proof);
328+
325329
if (n_used_pubkeys > n_total_pubkeys || n_total_pubkeys != n_ephemeral_input_tags) {
326330
return 0;
327331
}

src/modules/surjection/tests_impl.h

Lines changed: 22 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -173,31 +173,45 @@ static void test_surjectionproof_api(void) {
173173
CHECK(secp256k1_surjectionproof_verify(vrfy, &proof, ephemeral_input_tags, n_inputs, NULL) == 0);
174174
CHECK(ecount == 16);
175175

176+
/* Test how surjectionproof_generate fails when the proof was not created
177+
* with surjectionproof_initialize */
178+
ecount = 0;
179+
CHECK(secp256k1_surjectionproof_generate(sign, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1);
180+
{
181+
secp256k1_surjectionproof tmp_proof = proof;
182+
tmp_proof.n_inputs = 0;
183+
CHECK(secp256k1_surjectionproof_generate(sign, &tmp_proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0);
184+
}
185+
CHECK(ecount == 1);
186+
187+
CHECK(secp256k1_surjectionproof_generate(sign, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1);
188+
176189
/* Check serialize */
190+
ecount = 0;
177191
serialized_len = sizeof(serialized_proof);
178192
CHECK(secp256k1_surjectionproof_serialize(none, serialized_proof, &serialized_len, &proof) != 0);
179-
CHECK(ecount == 16);
193+
CHECK(ecount == 0);
180194
serialized_len = sizeof(serialized_proof);
181195
CHECK(secp256k1_surjectionproof_serialize(none, NULL, &serialized_len, &proof) == 0);
182-
CHECK(ecount == 17);
196+
CHECK(ecount == 1);
183197
serialized_len = sizeof(serialized_proof);
184198
CHECK(secp256k1_surjectionproof_serialize(none, serialized_proof, NULL, &proof) == 0);
185-
CHECK(ecount == 18);
199+
CHECK(ecount == 2);
186200
serialized_len = sizeof(serialized_proof);
187201
CHECK(secp256k1_surjectionproof_serialize(none, serialized_proof, &serialized_len, NULL) == 0);
188-
CHECK(ecount == 19);
202+
CHECK(ecount == 3);
189203

190204
serialized_len = sizeof(serialized_proof);
191205
CHECK(secp256k1_surjectionproof_serialize(none, serialized_proof, &serialized_len, &proof) != 0);
192206
/* Check parse */
193207
CHECK(secp256k1_surjectionproof_parse(none, &proof, serialized_proof, serialized_len) != 0);
194-
CHECK(ecount == 19);
208+
CHECK(ecount == 3);
195209
CHECK(secp256k1_surjectionproof_parse(none, NULL, serialized_proof, serialized_len) == 0);
196-
CHECK(ecount == 20);
210+
CHECK(ecount == 4);
197211
CHECK(secp256k1_surjectionproof_parse(none, &proof, NULL, serialized_len) == 0);
198-
CHECK(ecount == 21);
212+
CHECK(ecount == 5);
199213
CHECK(secp256k1_surjectionproof_parse(none, &proof, serialized_proof, 0) == 0);
200-
CHECK(ecount == 21);
214+
CHECK(ecount == 5);
201215

202216
secp256k1_context_destroy(none);
203217
secp256k1_context_destroy(sign);

0 commit comments

Comments
 (0)