cleaner crypto for converting output to leaf tuple

j-berman · Aug 3, 2024 · 5e76191 · 5e76191
1 parent 30fc80b
commit 5e76191
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 14 deletions.
diff --git a/src/crypto/crypto-ops.c b/src/crypto/crypto-ops.c
@@ -1330,7 +1330,7 @@ void ge_double_scalarmult_base_vartime_p3(ge_p3 *r3, const unsigned char *a, con
 
 /* From fe_frombytes.c */
 
-int fe_y_frombytes_vartime(fe y, const unsigned char *s) {
+int fe_frombytes_vartime(fe y, const unsigned char *s) {
 
   int64_t h0 = load_4(s);
   int64_t h1 = load_3(s + 4) << 6;
@@ -1394,7 +1394,7 @@ int ge_frombytes_vartime(ge_p3 *h, const unsigned char *s) {
   fe vxx;
   fe check;
 
-  if (fe_y_frombytes_vartime(h->Y, s) != 0) {
+  if (fe_frombytes_vartime(h->Y, s) != 0) {
     return -1;
   }
 
@@ -3886,16 +3886,16 @@ int ge_p3_is_point_at_infinity_vartime(const ge_p3 *p) {
 }
 
 // https://www.ietf.org/archive/id/draft-ietf-lwig-curve-representations-02.pdf E.2
-void fe_y_to_wei_x(unsigned char *wei_x, const fe y)
+void fe_ed_y_to_wei_x(unsigned char *wei_x, const fe ed_y)
 {
   fe one;
   fe_1(one);
 
   // (1+y),(1-y)
   fe one_plus_y;
-  fe_add(one_plus_y, one, y);
+  fe_add(one_plus_y, one, ed_y);
   fe one_minus_y;
-  fe_sub(one_minus_y, one, y);
+  fe_sub(one_minus_y, one, ed_y);
 
   // (1/(1-y))*(1+y)
   fe inv_one_minus_y;

diff --git a/src/crypto/crypto-ops.h b/src/crypto/crypto-ops.h
@@ -88,7 +88,7 @@ void ge_double_scalarmult_base_vartime_p3(ge_p3 *, const unsigned char *, const
 
 extern const fe fe_sqrtm1;
 extern const fe fe_d;
-int fe_y_frombytes_vartime(fe, const unsigned char *);
+int fe_frombytes_vartime(fe, const unsigned char *);
 int ge_frombytes_vartime(ge_p3 *, const unsigned char *);
 
 /* From ge_p1p1_to_p2.c */
@@ -170,4 +170,4 @@ void fe_0(fe h);
 
 int ge_p3_is_point_at_infinity_vartime(const ge_p3 *p);
 
-void fe_y_to_wei_x(unsigned char *wei_x, const fe y);
+void fe_ed_y_to_wei_x(unsigned char *wei_x, const fe ed_y);
diff --git a/src/fcmp/curve_trees.cpp b/src/fcmp/curve_trees.cpp
@@ -635,9 +635,14 @@ LeafTupleContext CurveTrees<Helios, Selene>::output_to_leaf_context(
     rct::key O, C;
 
     if (!rct::clear_torsion(rct::pk2rct(output_pubkey), O))
-        throw std::runtime_error("output pub key is invalid, failed to clear torsion");
+        throw std::runtime_error("output pub key is invalid");
     if (!rct::clear_torsion(commitment, C))
-        throw std::runtime_error("commitment is invalid, failed to clear torsion");
+        throw std::runtime_error("commitment is invalid");
+
+    if (O == rct::I)
+        throw std::runtime_error("O cannot equal identity");
+    if (C == rct::I)
+        throw std::runtime_error("C cannot equal identity");
 
     PreprocessedLeafTuple o_c{
             .O = std::move(O),

diff --git a/src/fcmp/curve_trees.h b/src/fcmp/curve_trees.h
@@ -133,7 +133,7 @@ struct PreprocessedLeafTuple final
 {
     // Output pubkey that has been checked valid and torsion cleared
     rct::key O;
-    // Commitment that has been torsion cleared
+    // Commitment that has been checked valid and torsion cleared
     rct::key C;
 };
 static_assert(sizeof(PreprocessedLeafTuple) == (32+32), "db expects 64 bytes for pre-processed leaf tuples");

diff --git a/src/ringct/rctOps.cpp b/src/ringct/rctOps.cpp
@@ -738,16 +738,16 @@ namespace rct {
         ge_p3 torsion_cleared_point;
         ge_p1p1_to_p3(&torsion_cleared_point, &point_inv_8_mul_8);
         ge_p3_tobytes(k_out.bytes, &torsion_cleared_point);
-        if (k_out == I)
-            return false;
         return true;
     }
 
     bool point_to_wei_x(const key &pub, key &wei_x) {
+        if (pub == I)
+            return false;
         fe y;
-        if (fe_y_frombytes_vartime(y, pub.bytes) != 0)
+        if (fe_frombytes_vartime(y, pub.bytes) != 0)
             return false;
-        fe_y_to_wei_x(wei_x.bytes, y);
+        fe_ed_y_to_wei_x(wei_x.bytes, y);
         return true;
     }
 }