diff --git a/src/crypto/crypto-ops.c b/src/crypto/crypto-ops.c index edfc61c3c..b8dbbc799 100644 --- a/src/crypto/crypto-ops.c +++ b/src/crypto/crypto-ops.c @@ -1330,7 +1330,7 @@ void ge_double_scalarmult_base_vartime_p3(ge_p3 *r3, const unsigned char *a, con /* From fe_frombytes.c */ -int fe_y_frombytes_vartime(fe y, const unsigned char *s) { +int fe_frombytes_vartime(fe y, const unsigned char *s) { int64_t h0 = load_4(s); int64_t h1 = load_3(s + 4) << 6; @@ -1394,7 +1394,7 @@ int ge_frombytes_vartime(ge_p3 *h, const unsigned char *s) { fe vxx; fe check; - if (fe_y_frombytes_vartime(h->Y, s) != 0) { + if (fe_frombytes_vartime(h->Y, s) != 0) { return -1; } @@ -3886,16 +3886,16 @@ int ge_p3_is_point_at_infinity_vartime(const ge_p3 *p) { } // https://www.ietf.org/archive/id/draft-ietf-lwig-curve-representations-02.pdf E.2 -void fe_y_to_wei_x(unsigned char *wei_x, const fe y) +void fe_ed_y_to_wei_x(unsigned char *wei_x, const fe ed_y) { fe one; fe_1(one); // (1+y),(1-y) fe one_plus_y; - fe_add(one_plus_y, one, y); + fe_add(one_plus_y, one, ed_y); fe one_minus_y; - fe_sub(one_minus_y, one, y); + fe_sub(one_minus_y, one, ed_y); // (1/(1-y))*(1+y) fe inv_one_minus_y; diff --git a/src/crypto/crypto-ops.h b/src/crypto/crypto-ops.h index ff4ceaf60..7ab738872 100644 --- a/src/crypto/crypto-ops.h +++ b/src/crypto/crypto-ops.h @@ -88,7 +88,7 @@ void ge_double_scalarmult_base_vartime_p3(ge_p3 *, const unsigned char *, const extern const fe fe_sqrtm1; extern const fe fe_d; -int fe_y_frombytes_vartime(fe, const unsigned char *); +int fe_frombytes_vartime(fe, const unsigned char *); int ge_frombytes_vartime(ge_p3 *, const unsigned char *); /* From ge_p1p1_to_p2.c */ @@ -170,4 +170,4 @@ void fe_0(fe h); int ge_p3_is_point_at_infinity_vartime(const ge_p3 *p); -void fe_y_to_wei_x(unsigned char *wei_x, const fe y); +void fe_ed_y_to_wei_x(unsigned char *wei_x, const fe ed_y); diff --git a/src/fcmp/curve_trees.cpp b/src/fcmp/curve_trees.cpp index d03099319..891243406 100644 --- a/src/fcmp/curve_trees.cpp +++ b/src/fcmp/curve_trees.cpp @@ -635,9 +635,14 @@ LeafTupleContext CurveTrees::output_to_leaf_context( rct::key O, C; if (!rct::clear_torsion(rct::pk2rct(output_pubkey), O)) - throw std::runtime_error("output pub key is invalid, failed to clear torsion"); + throw std::runtime_error("output pub key is invalid"); if (!rct::clear_torsion(commitment, C)) - throw std::runtime_error("commitment is invalid, failed to clear torsion"); + throw std::runtime_error("commitment is invalid"); + + if (O == rct::I) + throw std::runtime_error("O cannot equal identity"); + if (C == rct::I) + throw std::runtime_error("C cannot equal identity"); PreprocessedLeafTuple o_c{ .O = std::move(O), diff --git a/src/fcmp/curve_trees.h b/src/fcmp/curve_trees.h index 867894211..96abb1c7a 100644 --- a/src/fcmp/curve_trees.h +++ b/src/fcmp/curve_trees.h @@ -133,7 +133,7 @@ struct PreprocessedLeafTuple final { // Output pubkey that has been checked valid and torsion cleared rct::key O; - // Commitment that has been torsion cleared + // Commitment that has been checked valid and torsion cleared rct::key C; }; static_assert(sizeof(PreprocessedLeafTuple) == (32+32), "db expects 64 bytes for pre-processed leaf tuples"); diff --git a/src/ringct/rctOps.cpp b/src/ringct/rctOps.cpp index 4d9cefb75..e865f4398 100644 --- a/src/ringct/rctOps.cpp +++ b/src/ringct/rctOps.cpp @@ -738,16 +738,16 @@ namespace rct { ge_p3 torsion_cleared_point; ge_p1p1_to_p3(&torsion_cleared_point, &point_inv_8_mul_8); ge_p3_tobytes(k_out.bytes, &torsion_cleared_point); - if (k_out == I) - return false; return true; } bool point_to_wei_x(const key &pub, key &wei_x) { - fe y; - if (fe_y_frombytes_vartime(y, pub.bytes) != 0) + if (pub == I) return false; - fe_y_to_wei_x(wei_x.bytes, y); + fe y; + if (fe_frombytes_vartime(y, pub.bytes) != 0) + return false; + fe_ed_y_to_wei_x(wei_x.bytes, y); return true; } }