Add generator length check and n-is-power-of-two checks

cathieyun · cathieyun · commit 5c80d4499d6b · 2018-08-14T18:28:13.000-07:00
diff --git a/src/errors.rs b/src/errors.rs
@@ -21,6 +21,9 @@ pub enum ProofError {
     /// proof with non-power-of-two aggregation size.
     #[fail(display = "Invalid aggregation size, m must be a power of 2")]
     InvalidAggregation,
+    /// This error occurs when the generators are of the wrong length.
+    #[fail(display = "Invalid generators length, must be equal to n.")]
+    InvalidGeneratorsLength,
     /// This error results from an internal error during proving.
     ///
     /// The single-party prover is implemented by performing
diff --git a/src/range_proof/mod.rs b/src/range_proof/mod.rs
@@ -78,6 +78,12 @@ impl RangeProof {
         if values.len() != blindings.len() {
             return Err(ProofError::WrongNumBlindingFactors);
         }
+        if generators.n != n {
+            return Err(ProofError::InvalidGeneratorsLength);
+        }
+        if !(n == 8 || n == 16 || n == 32 || n == 64) {
+            return Err(ProofError::InvalidBitsize);
+        }
 
         let dealer = Dealer::new(generators, n, values.len(), transcript)?;
 
@@ -145,6 +151,12 @@ impl RangeProof {
     ) -> Result<(), ProofError> {
         // First, replay the "interactive" protocol using the proof
         // data to recompute all challenges.
+        if gens.n != n {
+            return Err(ProofError::InvalidGeneratorsLength);
+        }
+        if !(n == 8 || n == 16 || n == 32 || n == 64) {
+            return Err(ProofError::InvalidBitsize);
+        }
 
         let m = value_commitments.len();
 
