f add magic to s2c context

jonasnick · jonasnick · commit 6b4e4c826047 · 2019-02-11T09:59:22.000Z
diff --git a/include/secp256k1.h b/include/secp256k1.h
@@ -92,9 +92,13 @@ typedef struct {
  *
  *  The exact representation of data inside is implementation defined and not
  *  guaranteed to be portable between different platforms or versions. It is however
- *  guaranteed to be 128 bytes in size, and can be safely copied/moved.
+ *  guaranteed to be 136 bytes in size, and can be safely copied/moved.
  */
 typedef struct {
+    /* magic is set during initialization. It allows functions casting to
+     * s2c_commit_contexts from a void pointer to check if they actually got an
+     * s2c_commit_context and if it has been initialized. */
+    unsigned char magic[8];
     unsigned char data[32];
     unsigned char data_hash[32];
     secp256k1_pubkey original_pubnonce;
diff --git a/src/secp256k1.c b/src/secp256k1.c
@@ -686,13 +686,15 @@ static int secp256k1_ec_commit_verify(const secp256k1_context* ctx, const secp25
     return secp256k1_gej_is_infinity(&pj);
 }
 
+static uint64_t s2c_commit_context_magic = 0xd5bafd089f7e1c63;
 int secp256k1_s2c_commit_context_create(secp256k1_context *ctx, secp256k1_s2c_commit_context *s2c_ctx, const unsigned char *data32) {
     secp256k1_sha256 sha;
 
     VERIFY_CHECK(ctx != NULL);
     ARG_CHECK(s2c_ctx != NULL);
     ARG_CHECK(data32 != NULL);
 
+    memcpy(s2c_ctx->magic, &s2c_commit_context_magic, sizeof(s2c_ctx->magic));
     memcpy(s2c_ctx->data, data32, 32);
     secp256k1_sha256_initialize(&sha);
     secp256k1_sha256_write(&sha, data32, 32);
@@ -733,6 +735,7 @@ static int secp256k1_nonce_function_bipschnorr_no_s2c_tweak(const secp256k1_cont
     } else {
         /* Prepare for a sign-to-contract commitment if data is provided */
         secp256k1_s2c_commit_context *s2c_ctx = (secp256k1_s2c_commit_context *)data;
+        ARG_CHECK(memcmp(s2c_ctx->magic, &s2c_commit_context_magic, sizeof(s2c_ctx->magic)) == 0);
         secp256k1_sha256_write(&sha, s2c_ctx->data_hash, 32);
         secp256k1_sha256_finalize(&sha, nonce32);
 
diff --git a/src/tests.c b/src/tests.c
@@ -4112,9 +4112,12 @@ void test_nonce_function_bipschnorr_s2c(void) {
     unsigned char algo16[16];
     unsigned char data32[32];
     secp256k1_s2c_commit_context s2c_ctx;
+    secp256k1_s2c_commit_context s2c_ctx_2;
     secp256k1_pubkey pubnonce;
     secp256k1_pubkey original_nonce;
+    int32_t ecount = 0;
 
+    secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount);
     secp256k1_rand256(msg32);
     secp256k1_rand256(key32);
     secp256k1_rand256(data32);
@@ -4125,6 +4128,10 @@ void test_nonce_function_bipschnorr_s2c(void) {
     CHECK(secp256k1_s2c_commit_get_original_nonce(ctx, &original_nonce, &s2c_ctx) == 1);
     CHECK(secp256k1_ec_pubkey_create(ctx, &pubnonce, nonce32) == 1);
     CHECK(secp256k1_ec_commit_verify(ctx, &pubnonce, &original_nonce, data32, 32) == 1);
+
+    CHECK(ecount == 0);
+    CHECK(secp256k1_nonce_function_bipschnorr(ctx, nonce32, msg32, key32, algo16, &s2c_ctx_2, 0) == 0);
+    CHECK(ecount == 1);
 }
 
 void run_nonce_function_bipschnorr_tests(void) {
