[Zerocoin] Fix limits for random number generators in GMP bignum implementation

Author: random-zebra

src/libzerocoin/bignum.h

@@ -68,13 +68,13 @@ class CBigNum
     * @param range The upper bound on the number.
     * @return
     */
-    static CBigNum  randBignum(const CBigNum& range);
+    static CBigNum randBignum(const CBigNum& range);
 
     /** Generates a cryptographically secure random k-bit number
     * @param k The bit length of the number.
     * @return
     */
-    static CBigNum RandKBitBigum(const uint32_t k);
+    static CBigNum randKBitBignum(const uint32_t k);
 
     /**Returns the size in bits of the underlying bignum.
      *
@@ -122,7 +122,7 @@ class CBigNum
         * @param e the exponent as an int
         * @return
         */
-    CBigNum pow(const int e) const ;
+    CBigNum pow(const int e) const;
 
     /**
      * exponentiation this^e

src/libzerocoin/bignum_gmp.cpp

@@ -48,13 +48,18 @@ CBigNum::CBigNum(const std::vector<unsigned char>& vch)
     setvch(vch);
 }
 
+/** PRNGs use OpenSSL for consistency with seed initialization **/
+
 /** Generates a cryptographically secure random number between zero and range exclusive
 * i.e. 0 < returned number < range
 * @param range The upper bound on the number.
 * @return
 */
 CBigNum CBigNum::randBignum(const CBigNum& range)
 {
+    if (range < 2)
+        return 0;
+
     size_t size = (mpz_sizeinbase (range.bn, 2) + CHAR_BIT-1) / CHAR_BIT;
     std::vector<unsigned char> buf(size);
 
@@ -64,14 +69,14 @@ CBigNum CBigNum::randBignum(const CBigNum& range)
     CBigNum ret(buf);
     if (ret < 0)
         mpz_neg(ret.bn, ret.bn);
-    return ret;
+    return 1 + (ret % (range-1));
 }
 
 /** Generates a cryptographically secure random k-bit number
 * @param k The bit length of the number.
 * @return
 */
-CBigNum CBigNum::RandKBitBigum(const uint32_t k)
+CBigNum CBigNum::randKBitBignum(const uint32_t k)
 {
     std::vector<unsigned char> buf((k+7)/8);
 
@@ -81,7 +86,7 @@ CBigNum CBigNum::RandKBitBigum(const uint32_t k)
     CBigNum ret(buf);
     if (ret < 0)
         mpz_neg(ret.bn, ret.bn);
-    return ret;
+    return ret % (CBigNum(1) << k);
 }
 
 /**Returns the size in bits of the underlying bignum.
@@ -256,7 +261,7 @@ CBigNum CBigNum::inverse(const CBigNum& m) const
  */
 CBigNum CBigNum::generatePrime(const unsigned int numBits, bool safe)
 {
-    CBigNum rand = RandKBitBigum(numBits);
+    CBigNum rand = randKBitBignum(numBits);
     CBigNum prime;
     mpz_nextprime(prime.bn, rand.bn);
     return prime;

src/libzerocoin/bignum_openssl.cpp

@@ -70,7 +70,7 @@ CBigNum CBigNum::randBignum(const CBigNum& range)
 * @param k The bit length of the number.
 * @return
 */
-CBigNum CBigNum::RandKBitBigum(const uint32_t k)
+CBigNum CBigNum::randKBitBignum(const uint32_t k)
 {
     CBigNum ret;
     if(!BN_rand(ret.bn, k, -1, 0)){

src/test/zerocoin_denomination_tests.cpp

@@ -91,7 +91,7 @@ BOOST_AUTO_TEST_CASE(zerocoin_spend_test241)
             nTotalAmount += currentAmount;
             CBigNum value;
             CBigNum rand;
-            CBigNum serial = CBigNum::RandKBitBigum(256);
+            CBigNum serial = CBigNum::randKBitBignum(256);
             bool isUsed = false;
             CMintMeta meta;
             meta.denom = denom;
@@ -175,7 +175,7 @@ BOOST_AUTO_TEST_CASE(zerocoin_spend_test115)
             nTotalAmount += currentAmount;
             CBigNum value;
             CBigNum rand;
-            CBigNum serial = CBigNum::RandKBitBigum(256);
+            CBigNum serial = CBigNum::randKBitBignum(256);
             bool isUsed = false;
             CMintMeta meta;
             meta.denom = denom;
@@ -259,7 +259,7 @@ BOOST_AUTO_TEST_CASE(zerocoin_spend_test_from_245)
             nTotalAmount += currentAmount;
             CBigNum value;
             CBigNum rand;
-            CBigNum serial = CBigNum::RandKBitBigum(256);
+            CBigNum serial = CBigNum::randKBitBignum(256);
             bool isUsed = false;
             CMintMeta meta;
             meta.denom = denom;
@@ -361,7 +361,7 @@ BOOST_AUTO_TEST_CASE(zerocoin_spend_test_from_145)
             nTotalAmount += currentAmount;
             CBigNum value;
             CBigNum rand;
-            CBigNum serial = CBigNum::RandKBitBigum(256);
+            CBigNum serial = CBigNum::randKBitBignum(256);
             bool isUsed = false;
             CMintMeta meta;
             meta.denom = denom;
@@ -467,7 +467,7 @@ BOOST_AUTO_TEST_CASE(zerocoin_spend_test99)
             nTotalAmount += currentAmount;
             CBigNum value;
             CBigNum rand;
-            CBigNum serial = CBigNum::RandKBitBigum(256);
+            CBigNum serial = CBigNum::randKBitBignum(256);
             bool isUsed = false;
             CMintMeta meta;
             meta.denom = denom;

src/test/zerocoin_implementation_tests.cpp

@@ -396,7 +396,7 @@ BOOST_AUTO_TEST_CASE(checkzerocoinspend_test)
     //Get the checksum of the accumulator we use for the spend and also add it to our checksum map
     uint32_t nChecksum_v2 = GetChecksum(accumulator_v2.getValue());
     //AddAccumulatorChecksum(nChecksum_v2, accumulator_v2.getValue(), true);
-    uint256 ptxHash = CBigNum::RandKBitBigum(256).getuint256();
+    uint256 ptxHash = CBigNum::randKBitBignum(256).getuint256();
     CoinSpend coinSpend_v2(Params().Zerocoin_Params(false), Params().Zerocoin_Params(false), privateCoin_v2, accumulator_v2, nChecksum_v2, witness_v2, ptxHash, SpendType::SPEND);
 
     BOOST_CHECK_MESSAGE(coinSpend_v2.HasValidSerial(Params().Zerocoin_Params(false)), "coinspend_v2 does not have a valid serial");