diff --git a/src/kzg_single_proofs.c b/src/kzg_single_proofs.c index 7766fc2..fc9911c 100644 --- a/src/kzg_single_proofs.c +++ b/src/kzg_single_proofs.c @@ -21,9 +21,12 @@ void commit_to_poly(blst_p1 *out, const KZGSettings *ks, const poly *p) { } // Compute KZG proof for polynomial at position x0 -void compute_proof_single(blst_p1 *out, const KZGSettings *ks, poly *p, const uint64_t x0) { +C_KZG_RET compute_proof_single(blst_p1 *out, const KZGSettings *ks, poly *p, const uint64_t x0) { poly divisor, q; blst_fr tmp; + uint64_t len; + + ASSERT(p->length >= 2, C_KZG_BADARGS); // The divisor is x - x0 poly_init(&divisor, 2); @@ -32,13 +35,17 @@ void compute_proof_single(blst_p1 *out, const KZGSettings *ks, poly *p, const ui divisor.coeffs[1] = one; // Calculate q = p / (x - x0) - poly_init(&q, poly_quotient_length(p, &divisor)); - poly_long_div(&q, p, &divisor); + // Discard the return codes since we already checked above that all should be fine. + (void) poly_quotient_length(&len, p, &divisor); + poly_init(&q, len); + (void) poly_long_div(&q, p, &divisor); linear_combination_g1(out, ks->secret_g1, q.coeffs, q.length); poly_free(q); poly_free(divisor); + + return C_KZG_OK; } bool check_proof_single(const KZGSettings *ks, const blst_p1 *commitment, const blst_p1 *proof, const blst_fr *x, blst_fr *y) { diff --git a/src/kzg_single_proofs.h b/src/kzg_single_proofs.h index 84fa203..d66cfa8 100644 --- a/src/kzg_single_proofs.h +++ b/src/kzg_single_proofs.h @@ -19,5 +19,5 @@ #include "poly.h" void commit_to_poly(blst_p1 *out, const KZGSettings *ks, const poly *p); -void compute_proof_single(blst_p1 *out, const KZGSettings *ks, poly *p, const uint64_t x0); +C_KZG_RET compute_proof_single(blst_p1 *out, const KZGSettings *ks, poly *p, const uint64_t x0); bool check_proof_single(const KZGSettings *ks, const blst_p1 *commitment, const blst_p1 *proof, const blst_fr *x, blst_fr *y); diff --git a/src/kzg_single_proofs_test.c b/src/kzg_single_proofs_test.c index 873426c..d28f745 100644 --- a/src/kzg_single_proofs_test.c +++ b/src/kzg_single_proofs_test.c @@ -58,7 +58,7 @@ void proof_single(void) { new_kzg_settings(&ks, &fs, s1, s2, 17); commit_to_poly(&commitment, &ks, &p); - compute_proof_single(&proof, &ks, &p, 17); + TEST_CHECK(C_KZG_OK == compute_proof_single(&proof, &ks, &p, 17)); fr_from_uint64(&x, 17); poly_eval(&value, &p, &x); @@ -69,9 +69,23 @@ void proof_single(void) { free(s2); } +void proof_single_error(void) { + poly p; + blst_p1 proof; + KZGSettings ks; + + // Check it barfs on a constant polynomial + poly_init(&p, 1); + + TEST_CHECK(C_KZG_BADARGS == compute_proof_single(&proof, &ks, &p, 17)); + + poly_free(p); +} + TEST_LIST = { {"KZG_SINGLE_PRROFS_TEST", title}, {"proof_single", proof_single}, + {"proof_single_error", proof_single}, { NULL, NULL } /* zero record marks the end of the list */ }; diff --git a/src/poly.c b/src/poly.c index 329b6e2..bbd64f2 100644 --- a/src/poly.c +++ b/src/poly.c @@ -47,8 +47,10 @@ void poly_eval(blst_fr *out, const poly *p, const blst_fr *x) { } // Call this to find out how much space to allocate for the result -uint64_t poly_quotient_length(const poly *dividend, const poly *divisor) { - return dividend->length - divisor->length + 1; +C_KZG_RET poly_quotient_length(uint64_t *out, const poly *dividend, const poly *divisor) { + ASSERT(dividend->length >= divisor->length, C_KZG_BADARGS); + *out = dividend->length - divisor->length + 1; + return C_KZG_OK; } // `out` must have been pre-allocated to the correct size, and the length is provided diff --git a/src/poly.h b/src/poly.h index 123d590..8c92a07 100644 --- a/src/poly.h +++ b/src/poly.h @@ -26,5 +26,5 @@ typedef struct { void poly_init(poly *out, const uint64_t length); void poly_free(poly p); void poly_eval(blst_fr *out, const poly *p, const blst_fr *x); -uint64_t poly_quotient_length(const poly *dividend, const poly *divisor); +C_KZG_RET poly_quotient_length(uint64_t *out, const poly *dividend, const poly *divisor); C_KZG_RET poly_long_div(poly *out, const poly *dividend, const poly *divisor); diff --git a/src/poly_test.c b/src/poly_test.c index c54f0a8..cf40779 100644 --- a/src/poly_test.c +++ b/src/poly_test.c @@ -22,9 +22,19 @@ void title(void) {;} void poly_div_length(void) { poly a, b; + uint64_t len; poly_init(&a, 17); poly_init(&b, 5); - TEST_CHECK(13 == poly_quotient_length(&a, &b)); + TEST_CHECK(C_KZG_OK == poly_quotient_length(&len, &a, &b)); + TEST_CHECK(13 == len); +} + +void poly_div_length_bad(void) { + poly a, b; + uint64_t len; + poly_init(&a, 5); + poly_init(&b, 17); + TEST_CHECK(C_KZG_BADARGS == poly_quotient_length(&len, &a, &b)); } void poly_div_0(void) { @@ -55,7 +65,7 @@ void poly_div_0(void) { actual.length = 2; actual.coeffs = c; - TEST_CHECK(poly_long_div(&actual, ÷nd, &divisor) == C_KZG_OK); + TEST_CHECK(C_KZG_OK == poly_long_div(&actual, ÷nd, &divisor)); TEST_CHECK(fr_equal(&expected[0], &actual.coeffs[0])); TEST_CHECK(fr_equal(&expected[1], &actual.coeffs[1])); } @@ -90,7 +100,7 @@ void poly_div_1(void) { actual.length = 3; actual.coeffs = c; - TEST_CHECK(poly_long_div(&actual, ÷nd, &divisor) == C_KZG_OK); + TEST_CHECK(C_KZG_OK == poly_long_div(&actual, ÷nd, &divisor)); TEST_CHECK(fr_equal(&expected[0], &actual.coeffs[0])); TEST_CHECK(fr_equal(&expected[1], &actual.coeffs[1])); TEST_CHECK(fr_equal(&expected[2], &actual.coeffs[2])); @@ -98,7 +108,7 @@ void poly_div_1(void) { void poly_wrong_size(void) { poly dividend, divisor, result; - TEST_CHECK(poly_long_div(&result, ÷nd, &divisor) == C_KZG_BADARGS); + TEST_CHECK(C_KZG_BADARGS == poly_long_div(&result, ÷nd, &divisor)); } void poly_eval_check(void) { @@ -120,6 +130,7 @@ TEST_LIST = { {"POLY_TEST", title}, {"poly_div_length", poly_div_length}, + {"poly_div_length_bad", poly_div_length_bad}, {"poly_div_0", poly_div_0}, {"poly_div_1", poly_div_1}, {"poly_wrong_size", poly_wrong_size},