Ensure pairing functions don't overwrite the input.

armfazh · armfazh · commit a4b760124d58 · 2024-04-05T17:31:38.000-07:00
diff --git a/ecc/bls12381/g1.go b/ecc/bls12381/g1.go
@@ -392,7 +392,8 @@ func G1Generator() *G1 {
 }
 
 // affinize converts an entire slice to affine at once
-func affinize(points []*G1) {
+func affinize(points []*G1) (out []G1) {
+	out = make([]G1, len(points))
 	if len(points) == 0 {
 		return
 	}
@@ -410,8 +411,9 @@ func affinize(points []*G1) {
 		zinv.Mul(w, &ws[i])
 		w.Mul(w, &points[i].z)
 
-		points[i].x.Mul(&points[i].x, zinv)
-		points[i].y.Mul(&points[i].y, zinv)
-		points[i].z.SetOne()
+		out[i].x.Mul(&points[i].x, zinv)
+		out[i].y.Mul(&points[i].y, zinv)
+		out[i].z.SetOne()
 	}
+	return
 }
diff --git a/ecc/bls12381/g1_test.go b/ecc/bls12381/g1_test.go
@@ -218,17 +218,14 @@ func TestG1Affinize(t *testing.T) {
 	N := 20
 	testTimes := 1 << 6
 	g1 := make([]*G1, N)
-	g2 := make([]*G1, N)
 	for i := 0; i < testTimes; i++ {
 		for j := 0; j < N; j++ {
 			g1[j] = randomG1(t)
-			g2[j] = &G1{}
-			*g2[j] = *g1[j]
 		}
-		affinize(g2)
+		g2 := affinize(g1)
 		for j := 0; j < N; j++ {
 			g1[j].toAffine()
-			if !g1[j].IsEqual(g2[j]) {
+			if !g1[j].IsEqual(&g2[j]) {
 				t.Fatal("failure to preserve points")
 			}
 			if g2[j].z.IsEqual(&g1[j].z) != 1 {
diff --git a/ecc/bls12381/pair.go b/ecc/bls12381/pair.go
@@ -4,9 +4,10 @@ import "github.com/cloudflare/circl/ecc/bls12381/ff"
 
 // Pair calculates the ate-pairing of P and Q.
 func Pair(P *G1, Q *G2) *Gt {
-	P.toAffine()
+	affP := *P
+	affP.toAffine()
 	mi := &ff.Fp12{}
-	miller(mi, P, Q)
+	miller(mi, &affP, Q)
 	e := &Gt{}
 	finalExp(e, mi)
 	return e
@@ -82,9 +83,9 @@ func ProdPair(P []*G1, Q []*G2, n []*Scalar) *Gt {
 	out := new(ff.Fp12)
 	out.SetOne()
 
-	affinize(P)
-	for i := range P {
-		miller(mi, P[i], Q[i])
+	affineP := affinize(P)
+	for i := range affineP {
+		miller(mi, &affineP[i], Q[i])
 		nb, _ := n[i].MarshalBinary()
 		ei.Exp(mi, nb)
 		out.Mul(out, ei)
@@ -105,13 +106,12 @@ func ProdPairFrac(P []*G1, Q []*G2, signs []int) *Gt {
 	out := new(ff.Fp12)
 	out.SetOne()
 
-	affinize(P)
-	for i := range P {
-		g := *P[i]
+	affineP := affinize(P)
+	for i := range affineP {
 		if signs[i] == -1 {
-			g.Neg()
+			affineP[i].Neg()
 		}
-		miller(mi, &g, Q[i])
+		miller(mi, &affineP[i], Q[i])
 		out.Mul(mi, out)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -392,7 +392,8 @@ func G1Generator() *G1 {`
`392`	`392`	`}`
`393`	`393`
`394`	`394`	`// affinize converts an entire slice to affine at once`
`395`		`-func affinize(points []*G1) {`
	`395`	`+func affinize(points []*G1) (out []G1) {`
	`396`	`+ out = make([]G1, len(points))`
`396`	`397`	`if len(points) == 0 {`
`397`	`398`	`return`
`398`	`399`	`}`
`@@ -410,8 +411,9 @@ func affinize(points []*G1) {`
`410`	`411`	`zinv.Mul(w, &ws[i])`
`411`	`412`	`w.Mul(w, &points[i].z)`
`412`	`413`
`413`		`- points[i].x.Mul(&points[i].x, zinv)`
`414`		`- points[i].y.Mul(&points[i].y, zinv)`
`415`		`- points[i].z.SetOne()`
	`414`	`+ out[i].x.Mul(&points[i].x, zinv)`
	`415`	`+ out[i].y.Mul(&points[i].y, zinv)`
	`416`	`+ out[i].z.SetOne()`
`416`	`417`	`}`
	`418`	`+ return`
`417`	`419`	`}`