Skip to content

Commit 1233fbe

Browse files
apoelstraapoelstra
committed
rangeproof: refactor rangeproof_genrand into two functions
This is purely to reduce the number of arguments being passed into one function at once. Also improves const-correctness.
1 parent 7a9fdfa commit 1233fbe

File tree

1 file changed

+40
-19
lines changed

1 file changed

+40
-19
lines changed

src/modules/rangeproof/rangeproof_impl.h

+40-19
Original file line numberDiff line numberDiff line change
@@ -257,41 +257,56 @@ SECP256K1_INLINE static void secp256k1_rangeproof_serialize_point(unsigned char*
257257
secp256k1_fe_get_b32(data + 1, &pointx);
258258
}
259259

260-
SECP256K1_INLINE static int secp256k1_rangeproof_genrand(secp256k1_scalar *sec, secp256k1_scalar *s, unsigned char *message,
261-
size_t *rsizes, size_t rings, const unsigned char *nonce, const secp256k1_ge *commit, const unsigned char *proof, size_t len, const secp256k1_ge* genp) {
262-
unsigned char tmp[32];
260+
SECP256K1_INLINE static void secp256k1_rangeproof_init_rng(
261+
secp256k1_rfc6979_hmac_sha256* rng,
262+
const unsigned char* nonce,
263+
const secp256k1_ge* commit,
264+
const unsigned char *proof,
265+
const size_t len,
266+
const secp256k1_ge* genp
267+
) {
263268
unsigned char rngseed[32 + 33 + 33 + 10];
264-
secp256k1_rfc6979_hmac_sha256 rng;
269+
VERIFY_CHECK(len <= 10);
270+
271+
memcpy(rngseed, nonce, 32);
272+
secp256k1_rangeproof_serialize_point(rngseed + 32, commit);
273+
secp256k1_rangeproof_serialize_point(rngseed + 32 + 33, genp);
274+
memcpy(rngseed + 33 + 33 + 32, proof, len);
275+
secp256k1_rfc6979_hmac_sha256_initialize(rng, rngseed, 32 + 33 + 33 + len);
276+
}
277+
278+
SECP256K1_INLINE static int secp256k1_rangeproof_genrand(
279+
secp256k1_scalar *sec,
280+
secp256k1_scalar *s,
281+
unsigned char *message,
282+
const secp256k1_rangeproof_header* header,
283+
secp256k1_rfc6979_hmac_sha256* rng
284+
) {
285+
unsigned char tmp[32];
265286
secp256k1_scalar acc;
266287
int overflow;
267288
int ret;
268289
size_t i;
269290
size_t j;
270291
int b;
271292
size_t npub;
272-
VERIFY_CHECK(len <= 10);
273-
memcpy(rngseed, nonce, 32);
274-
secp256k1_rangeproof_serialize_point(rngseed + 32, commit);
275-
secp256k1_rangeproof_serialize_point(rngseed + 32 + 33, genp);
276-
memcpy(rngseed + 33 + 33 + 32, proof, len);
277-
secp256k1_rfc6979_hmac_sha256_initialize(&rng, rngseed, 32 + 33 + 33 + len);
278293
secp256k1_scalar_clear(&acc);
279294
npub = 0;
280295
ret = 1;
281-
for (i = 0; i < rings; i++) {
282-
if (i < rings - 1) {
283-
secp256k1_rfc6979_hmac_sha256_generate(&rng, tmp, 32);
296+
for (i = 0; i < header->n_rings; i++) {
297+
if (i < header->n_rings - 1) {
298+
secp256k1_rfc6979_hmac_sha256_generate(rng, tmp, 32);
284299
do {
285-
secp256k1_rfc6979_hmac_sha256_generate(&rng, tmp, 32);
300+
secp256k1_rfc6979_hmac_sha256_generate(rng, tmp, 32);
286301
secp256k1_scalar_set_b32(&sec[i], tmp, &overflow);
287302
} while (overflow || secp256k1_scalar_is_zero(&sec[i]));
288303
secp256k1_scalar_add(&acc, &acc, &sec[i]);
289304
} else {
290305
secp256k1_scalar_negate(&acc, &acc);
291306
sec[i] = acc;
292307
}
293-
for (j = 0; j < rsizes[i]; j++) {
294-
secp256k1_rfc6979_hmac_sha256_generate(&rng, tmp, 32);
308+
for (j = 0; j < header->rsizes[i]; j++) {
309+
secp256k1_rfc6979_hmac_sha256_generate(rng, tmp, 32);
295310
if (message) {
296311
for (b = 0; b < 32; b++) {
297312
tmp[b] ^= message[(i * 4 + j) * 32 + b];
@@ -303,7 +318,7 @@ SECP256K1_INLINE static int secp256k1_rangeproof_genrand(secp256k1_scalar *sec,
303318
npub++;
304319
}
305320
}
306-
secp256k1_rfc6979_hmac_sha256_finalize(&rng);
321+
secp256k1_rfc6979_hmac_sha256_finalize(rng);
307322
secp256k1_scalar_clear(&acc);
308323
memset(tmp, 0, 32);
309324
return ret;
@@ -326,6 +341,7 @@ SECP256K1_INLINE static int secp256k1_rangeproof_sign_impl(const secp256k1_ecmul
326341
unsigned char *signs; /* Location of sign flags in the proof. */
327342
uint64_t v;
328343
size_t secidx[32]; /* Which digit is the correct one. */
344+
secp256k1_rfc6979_hmac_sha256 genrand_rng;
329345
size_t len; /* Number of bytes used so far. */
330346
size_t i;
331347
size_t pub_idx;
@@ -388,7 +404,8 @@ SECP256K1_INLINE static int secp256k1_rangeproof_sign_impl(const secp256k1_ecmul
388404
}
389405
prep[idx] = 128;
390406
}
391-
if (!secp256k1_rangeproof_genrand(sec, s, prep, header.rsizes, header.n_rings, nonce, commit, proof, len, genp)) {
407+
secp256k1_rangeproof_init_rng(&genrand_rng, nonce, commit, proof, len, genp);
408+
if (!secp256k1_rangeproof_genrand(sec, s, prep, &header, &genrand_rng)) {
392409
return 0;
393410
}
394411
memset(prep, 0, 4096);
@@ -485,6 +502,7 @@ SECP256K1_INLINE static void secp256k1_rangeproof_ch32xor(unsigned char *x, cons
485502
SECP256K1_INLINE static int secp256k1_rangeproof_rewind_inner(secp256k1_scalar *blind, uint64_t *v,
486503
unsigned char *m, size_t *mlen, secp256k1_scalar *ev, secp256k1_scalar *s,
487504
secp256k1_rangeproof_header* header, const unsigned char *nonce, const secp256k1_ge *commit, const unsigned char *proof, size_t len, const secp256k1_ge *genp) {
505+
secp256k1_rfc6979_hmac_sha256 genrand_rng;
488506
secp256k1_scalar s_orig[128];
489507
secp256k1_scalar sec[32];
490508
secp256k1_scalar stmp;
@@ -499,7 +517,10 @@ SECP256K1_INLINE static int secp256k1_rangeproof_rewind_inner(secp256k1_scalar *
499517
size_t npub;
500518
memset(prep, 0, 4096);
501519
/* Reconstruct the provers random values. */
502-
secp256k1_rangeproof_genrand(sec, s_orig, prep, header->rsizes, header->n_rings, nonce, commit, proof, len, genp);
520+
secp256k1_rangeproof_init_rng(&genrand_rng, nonce, commit, proof, len, genp);
521+
if (!secp256k1_rangeproof_genrand(sec, s_orig, prep, header, &genrand_rng)) {
522+
return 0;
523+
}
503524
*v = UINT64_MAX;
504525
secp256k1_scalar_clear(blind);
505526
if (header->n_rings == 1 && header->rsizes[0] == 1) {

0 commit comments

Comments
 (0)