Merge pull request #134 from dalek-cryptography/rework-gens

Check generator lengths in range proof

Author: cathieyun

src/errors.rs

@@ -15,12 +15,15 @@ pub enum ProofError {
     WrongNumBlindingFactors,
     /// This error occurs when attempting to create a proof with
     /// bitsize other than \\(8\\), \\(16\\), \\(32\\), or \\(64\\).
-    #[fail(display = "Invalid bitsize, must have n = 8,16,32,64")]
+    #[fail(display = "Invalid bitsize, must have n = 8,16,32,64.")]
     InvalidBitsize,
     /// This error occurs when attempting to create an aggregated
     /// proof with non-power-of-two aggregation size.
-    #[fail(display = "Invalid aggregation size, m must be a power of 2")]
+    #[fail(display = "Invalid aggregation size, m must be a power of 2.")]
     InvalidAggregation,
+    /// This error occurs when the generators are of the wrong length.
+    #[fail(display = "Invalid generators length, must be equal to n.")]
+    InvalidGeneratorsLength,
     /// This error results from an internal error during proving.
     ///
     /// The single-party prover is implemented by performing

src/range_proof/mod.rs

@@ -78,6 +78,12 @@ impl RangeProof {
         if values.len() != blindings.len() {
             return Err(ProofError::WrongNumBlindingFactors);
         }
+        if generators.n != n {
+            return Err(ProofError::InvalidGeneratorsLength);
+        }
+        if !(n == 8 || n == 16 || n == 32 || n == 64) {
+            return Err(ProofError::InvalidBitsize);
+        }
 
         let dealer = Dealer::new(generators, n, values.len(), transcript)?;
 
@@ -145,6 +151,12 @@ impl RangeProof {
     ) -> Result<(), ProofError> {
         // First, replay the "interactive" protocol using the proof
         // data to recompute all challenges.
+        if gens.n != n {
+            return Err(ProofError::InvalidGeneratorsLength);
+        }
+        if !(n == 8 || n == 16 || n == 32 || n == 64) {
+            return Err(ProofError::InvalidBitsize);
+        }
 
         let m = value_commitments.len();