1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 20:15:19 -07:00

Ensure that we use non-zero random scalars for inversion

This commit is contained in:
Frank Denis 2019-04-15 10:18:15 +02:00
parent db6f43d25e
commit 22c289d195

View File

@ -147,7 +147,9 @@ main(void)
for (i = 0; i < 1000; i++) { for (i = 0; i < 1000; i++) {
randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES);
crypto_core_ed25519_from_uniform(p, h); crypto_core_ed25519_from_uniform(p, h);
crypto_core_ed25519_scalar_random(sc); do {
crypto_core_ed25519_scalar_random(sc);
} while (sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
if (crypto_scalarmult_ed25519_noclamp(p2, sc, p) != 0) { if (crypto_scalarmult_ed25519_noclamp(p2, sc, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed\n"); printf("crypto_scalarmult_ed25519_noclamp() failed\n");
} }
@ -359,7 +361,9 @@ main(void)
crypto_core_ed25519_scalar_sub(sc3, sc3, sc); crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES)); assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_random(sc2); do {
crypto_core_ed25519_scalar_random(sc2);
} while (sodium_is_zero(sc2, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc3, sc, sc2); crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
crypto_core_ed25519_scalar_invert(sc2, sc2); crypto_core_ed25519_scalar_invert(sc2, sc2);
crypto_core_ed25519_scalar_mul(sc3, sc3, sc2); crypto_core_ed25519_scalar_mul(sc3, sc3, sc2);