Validate PolynomialMod2 coefficients

Thanks to Bing Shi
weidai11 · Nov 20, 2023 · 641ae35 · 641ae35 · noloader · Nov 20, 2023
1 parent eb383b8
commit 641ae35
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/gf2n.cpp b/gf2n.cpp
@@ -135,9 +135,14 @@ PolynomialMod2 PolynomialMod2::Monomial(size_t i)
 
 PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2)
 {
+	// Asserts and checks due to Bing Shi
 	CRYPTOPP_ASSERT(t0 > t1);
 	CRYPTOPP_ASSERT(t1 > t2);
 
+	// The test is odd because of ECIES<EC2N>. The basis is t0, but the other coefficients are not in descending order.
+	if (t1 > t0 || t2 > t0)
+		throw InvalidArgument("PolynomialMod2: coefficients must be in descending order");
+
 	PolynomialMod2 r((word)0, t0+1);
 	r.SetBit(t0);
 	r.SetBit(t1);
@@ -147,11 +152,16 @@ PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2)
 
 PolynomialMod2 PolynomialMod2::Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4)
 {
+	// Asserts and checks due to Bing Shi
 	CRYPTOPP_ASSERT(t0 > t1);
 	CRYPTOPP_ASSERT(t1 > t2);
 	CRYPTOPP_ASSERT(t2 > t3);
 	CRYPTOPP_ASSERT(t3 > t4);
 
+	// The test is odd because of ECIES<EC2N>. The basis is t0, but the other coefficients are not in descending order.
+	if (t1 > t0 || t2 > t0 || t3 > t0 || t4 > t0)
+		throw InvalidArgument("PolynomialMod2: coefficients must be in descending order");
+
 	PolynomialMod2 r((word)0, t0+1);
 	r.SetBit(t0);
 	r.SetBit(t1);
@@ -663,7 +673,12 @@ GF2NT::GF2NT(unsigned int c0, unsigned int c1, unsigned int c2)
 	, t0(c0), t1(c1)
 	, result((word)0, m)
 {
+	// Asserts and checks due to Bing Shi
 	CRYPTOPP_ASSERT(c0 > c1 && c1 > c2 && c2==0);
+
+	// The test is odd because of ECIES<EC2N>. The basis is c0, but the other coefficients are not in descending order.
+	if (c1 > c0 || c2 > c0)
+		throw InvalidArgument("GF2NT: coefficients must be in descending order");
 }
 
 const GF2NT::Element& GF2NT::MultiplicativeInverse(const Element &a) const
@@ -972,7 +987,12 @@ GF2NP * BERDecodeGF2NP(BufferedTransformation &bt)
 GF2NT233::GF2NT233(unsigned int c0, unsigned int c1, unsigned int c2)
 	: GF2NT(c0, c1, c2)
 {
+	// Asserts and checks due to Bing Shi
 	CRYPTOPP_ASSERT(c0 > c1 && c1 > c2 && c2==0);
+
+	// The test is odd because of ECIES<EC2N>. The basis is c0, but the other coefficients are not in descending order.
+	if (c1 > c0 || c2 > c0)
+		throw InvalidArgument("GF2NT: coefficients must be in descending order");
 }
 
 const GF2NT::Element& GF2NT233::Multiply(const Element &a, const Element &b) const