Add error handling to EP hash function.

relic-toolkit · Jan 25, 2025 · 6f22ae0 · 6f22ae0
1 parent eef556a
commit 6f22ae0
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 13 deletions.
diff --git a/include/relic_ep.h b/include/relic_ep.h
@@ -1286,6 +1286,13 @@ void ep_map_sswum(ep_t p, const uint8_t *msg, size_t len);
  */
 void ep_map_swift(ep_t p, const uint8_t *msg, size_t len);
 
+/**
+ * Returns number of bytes required as input for secure hashing.
+ * 
+ @return the number of uniform bytes required for hashing.
+ */
+size_t ep_map_rnd_size(void);
+
 /**
  * Maps a random byte array to a point in a prime elliptic curve.
  *

diff --git a/src/ep/relic_ep_map.c b/src/ep/relic_ep_map.c
@@ -490,7 +490,7 @@ void ep_map_sswum(ep_t p, const uint8_t *msg, size_t len) {
 		void (*const map_fn)(ep_t, const fp_t) = 
 				(ep_curve_is_ctmap() || abNeq0 ? ep_map_sswu : ep_map_svdw);
 
-		ep_map_sswum_impl(p, r, len, map_fn);
+		ep_map_sswum_impl(p, r, 2 * elm, map_fn);
 	}
 	RLC_CATCH_ANY {
 		RLC_THROW(ERR_CAUGHT);
@@ -538,9 +538,30 @@ void ep_map_swift(ep_t p, const uint8_t *msg, size_t len) {
 
 #endif
 
+size_t ep_map_rnd_size(void) {
+	const size_t elm = (FP_PRIME + ep_param_level() + 7) / 8;
+
+#if EP_MAP == BASIC || !defined(STRIP)
+	return elm;
+#elif EP_MAP == SSWUM || !defined(STRIP)
+	return 2 * elm;
+#elif EP_MAP == SWIFT || !defined(STRIP)
+	return 2 * elm + 1;
+#endif
+}
+
 void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) {
+	/* Make sure that input is long enough for any of the hash functons. */
+	if (len < ep_map_rnd_size()) {
+		RLC_THROW(ERR_NO_BUFFER);
+		ep_set_infty(p);
+		return;
+	}
+
 #if EP_MAP == BASIC || !defined(STRIP)
 	ep_map_basic_impl(p, uniform_bytes, len);
+#elif EP_MAP == SSWUM || !defined(STRIP)
+	ep_map_swift_impl(p, uniform_bytes, len);
 #elif EP_MAP == SWIFT || !defined(STRIP)
 	/* figure out which hash function to use */
 	const int abNeq0 = (ep_curve_opt_a() != RLC_ZERO) &&
@@ -549,7 +570,5 @@ void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) {
 			(ep_curve_is_ctmap() || abNeq0 ? ep_map_sswu : ep_map_svdw);
 
 	ep_map_sswum_impl(p, uniform_bytes, len, map_fn);
-#elif EP_MAP == SSWUM || !defined(STRIP)
-	ep_map_swift_impl(p, uniform_bytes, len);
 #endif
 }
diff --git a/test/test_ep.c b/test/test_ep.c
@@ -1353,7 +1353,8 @@ static int hashing(void) {
 	int code = RLC_ERR;
 	ep_t a;
 	bn_t n;
-	uint8_t msg[5];
+	/* Allocate buffer with plenty of room. */
+	uint8_t msg[4 * RLC_FP_BYTES];
 
 	ep_null(a);
 	bn_null(n);
@@ -1365,12 +1366,12 @@ static int hashing(void) {
 		ep_curve_get_ord(n);
 
 		TEST_CASE("point hashing is correct") {
-			rand_bytes(msg, sizeof(msg));
-			ep_map(a, msg, sizeof(msg));
+			rand_bytes(msg, ep_map_rnd_size());
+			ep_map(a, msg, ep_map_rnd_size());
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 			ep_mul(a, a, n);
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
-			ep_map_rnd(a, msg, sizeof(msg));
+			ep_map_rnd(a, msg, ep_map_rnd_size());
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 			ep_mul(a, a, n);
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
@@ -1379,8 +1380,8 @@ static int hashing(void) {
 
 #if EP_MAP == BASIC || !defined(STRIP)
 		TEST_CASE("basic point hashing is correct") {
-			rand_bytes(msg, sizeof(msg));
-			ep_map_basic(a, msg, sizeof(msg));
+			rand_bytes(msg, ep_map_rnd_size());
+			ep_map_basic(a, msg, ep_map_rnd_size());
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 			ep_mul(a, a, n);
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
@@ -1390,8 +1391,8 @@ static int hashing(void) {
 
 #if EP_MAP == SSWUM || !defined(STRIP)
 		TEST_CASE("simplified SWU point hashing is correct") {
-			rand_bytes(msg, sizeof(msg));
-			ep_map_sswum(a, msg, sizeof(msg));
+			rand_bytes(msg, ep_map_rnd_size());
+			ep_map_sswum(a, msg, ep_map_rnd_size());
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 			ep_mul(a, a, n);
 			TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
@@ -1403,8 +1404,8 @@ static int hashing(void) {
 		if (!ep_curve_is_super()) {
 			if (ep_curve_opt_a() == RLC_ZERO || ep_curve_opt_b() == RLC_ZERO) {
 				TEST_CASE("swift point hashing is correct") {
-					rand_bytes(msg, sizeof(msg));
-					ep_map_swift(a, msg, sizeof(msg));
+					rand_bytes(msg, ep_map_rnd_size());
+					ep_map_swift(a, msg, ep_map_rnd_size());
 					TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
 					ep_mul(a, a, n);
 					TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);