Skip to content

Commit 3f23126

Browse files
apoelstraapoelstra
committed
rangeproof: refactor rangeproof_genrand into two functions
This is purely to reduce the number of arguments being passed into one function at once. Also improves const-correctness.
1 parent 26bb149 commit 3f23126

File tree

1 file changed

+40
-19
lines changed

1 file changed

+40
-19
lines changed

src/modules/rangeproof/rangeproof_impl.h

+40-19
Original file line numberDiff line numberDiff line change
@@ -261,41 +261,56 @@ SECP256K1_INLINE static void secp256k1_rangeproof_serialize_point(unsigned char*
261261
secp256k1_fe_get_b32(data + 1, &pointx);
262262
}
263263

264-
SECP256K1_INLINE static int secp256k1_rangeproof_genrand(secp256k1_scalar *sec, secp256k1_scalar *s, unsigned char *message,
265-
size_t *rsizes, size_t rings, const unsigned char *nonce, const secp256k1_ge *commit, const unsigned char *proof, size_t len, const secp256k1_ge* genp) {
266-
unsigned char tmp[32];
264+
SECP256K1_INLINE static void secp256k1_rangeproof_init_rng(
265+
secp256k1_rfc6979_hmac_sha256* rng,
266+
const unsigned char* nonce,
267+
const secp256k1_ge* commit,
268+
const unsigned char *proof,
269+
const size_t len,
270+
const secp256k1_ge* genp
271+
) {
267272
unsigned char rngseed[32 + 33 + 33 + 10];
268-
secp256k1_rfc6979_hmac_sha256 rng;
273+
VERIFY_CHECK(len <= 10);
274+
275+
memcpy(rngseed, nonce, 32);
276+
secp256k1_rangeproof_serialize_point(rngseed + 32, commit);
277+
secp256k1_rangeproof_serialize_point(rngseed + 32 + 33, genp);
278+
memcpy(rngseed + 33 + 33 + 32, proof, len);
279+
secp256k1_rfc6979_hmac_sha256_initialize(rng, rngseed, 32 + 33 + 33 + len);
280+
}
281+
282+
SECP256K1_INLINE static int secp256k1_rangeproof_genrand(
283+
secp256k1_scalar *sec,
284+
secp256k1_scalar *s,
285+
unsigned char *message,
286+
const secp256k1_rangeproof_header* header,
287+
secp256k1_rfc6979_hmac_sha256* rng
288+
) {
289+
unsigned char tmp[32];
269290
secp256k1_scalar acc;
270291
int overflow;
271292
int ret;
272293
size_t i;
273294
size_t j;
274295
int b;
275296
size_t npub;
276-
VERIFY_CHECK(len <= 10);
277-
memcpy(rngseed, nonce, 32);
278-
secp256k1_rangeproof_serialize_point(rngseed + 32, commit);
279-
secp256k1_rangeproof_serialize_point(rngseed + 32 + 33, genp);
280-
memcpy(rngseed + 33 + 33 + 32, proof, len);
281-
secp256k1_rfc6979_hmac_sha256_initialize(&rng, rngseed, 32 + 33 + 33 + len);
282297
secp256k1_scalar_clear(&acc);
283298
npub = 0;
284299
ret = 1;
285-
for (i = 0; i < rings; i++) {
286-
if (i < rings - 1) {
287-
secp256k1_rfc6979_hmac_sha256_generate(&rng, tmp, 32);
300+
for (i = 0; i < header->n_rings; i++) {
301+
if (i < header->n_rings - 1) {
302+
secp256k1_rfc6979_hmac_sha256_generate(rng, tmp, 32);
288303
do {
289-
secp256k1_rfc6979_hmac_sha256_generate(&rng, tmp, 32);
304+
secp256k1_rfc6979_hmac_sha256_generate(rng, tmp, 32);
290305
secp256k1_scalar_set_b32(&sec[i], tmp, &overflow);
291306
} while (overflow || secp256k1_scalar_is_zero(&sec[i]));
292307
secp256k1_scalar_add(&acc, &acc, &sec[i]);
293308
} else {
294309
secp256k1_scalar_negate(&acc, &acc);
295310
sec[i] = acc;
296311
}
297-
for (j = 0; j < rsizes[i]; j++) {
298-
secp256k1_rfc6979_hmac_sha256_generate(&rng, tmp, 32);
312+
for (j = 0; j < header->rsizes[i]; j++) {
313+
secp256k1_rfc6979_hmac_sha256_generate(rng, tmp, 32);
299314
if (message) {
300315
for (b = 0; b < 32; b++) {
301316
tmp[b] ^= message[(i * 4 + j) * 32 + b];
@@ -307,7 +322,7 @@ SECP256K1_INLINE static int secp256k1_rangeproof_genrand(secp256k1_scalar *sec,
307322
npub++;
308323
}
309324
}
310-
secp256k1_rfc6979_hmac_sha256_finalize(&rng);
325+
secp256k1_rfc6979_hmac_sha256_finalize(rng);
311326
secp256k1_scalar_clear(&acc);
312327
memset(tmp, 0, 32);
313328
return ret;
@@ -328,6 +343,7 @@ SECP256K1_INLINE static int secp256k1_rangeproof_sign_impl(const secp256k1_ecmul
328343
unsigned char tmp[33];
329344
unsigned char *signs; /* Location of sign flags in the proof. */
330345
uint64_t v;
346+
secp256k1_rfc6979_hmac_sha256 genrand_rng;
331347
secp256k1_borromean_sz_closure secidx_closure;
332348
size_t len; /* Number of bytes used so far. */
333349
size_t i;
@@ -389,7 +405,8 @@ SECP256K1_INLINE static int secp256k1_rangeproof_sign_impl(const secp256k1_ecmul
389405
}
390406
prep[idx] = 128;
391407
}
392-
if (!secp256k1_rangeproof_genrand(sec, s, prep, header.rsizes, header.n_rings, nonce, commit, proof, len, genp)) {
408+
secp256k1_rangeproof_init_rng(&genrand_rng, nonce, commit, proof, len, genp);
409+
if (!secp256k1_rangeproof_genrand(sec, s, prep, &header, &genrand_rng)) {
393410
return 0;
394411
}
395412
memset(prep, 0, 4096);
@@ -481,6 +498,7 @@ SECP256K1_INLINE static void secp256k1_rangeproof_ch32xor(unsigned char *x, cons
481498
SECP256K1_INLINE static int secp256k1_rangeproof_rewind_inner(secp256k1_scalar *blind, uint64_t *v,
482499
unsigned char *m, size_t *mlen, secp256k1_scalar *ev, secp256k1_scalar *s,
483500
secp256k1_rangeproof_header* header, const unsigned char *nonce, const secp256k1_ge *commit, const unsigned char *proof, size_t len, const secp256k1_ge *genp) {
501+
secp256k1_rfc6979_hmac_sha256 genrand_rng;
484502
secp256k1_scalar s_orig[128];
485503
secp256k1_scalar sec[32];
486504
secp256k1_scalar stmp;
@@ -496,7 +514,10 @@ SECP256K1_INLINE static int secp256k1_rangeproof_rewind_inner(secp256k1_scalar *
496514
size_t npub;
497515
memset(prep, 0, 4096);
498516
/* Reconstruct the provers random values. */
499-
secp256k1_rangeproof_genrand(sec, s_orig, prep, header->rsizes, header->n_rings, nonce, commit, proof, len, genp);
517+
secp256k1_rangeproof_init_rng(&genrand_rng, nonce, commit, proof, len, genp);
518+
if (!secp256k1_rangeproof_genrand(sec, s_orig, prep, header, &genrand_rng)) {
519+
return 0;
520+
}
500521
*v = UINT64_MAX;
501522
secp256k1_scalar_clear(blind);
502523
if (header->n_rings == 1 && header->rsizes[0] == 1) {

0 commit comments

Comments
 (0)