1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-24 04:25:10 -07:00

Add a crypto_core_ed25519_NONREDUCEDSCALARBYTES constant

and reject 0 in crypto_core_ed25519_random()
This commit is contained in:
Frank Denis 2018-12-24 17:26:38 +01:00
parent c0652ef7ca
commit 59bd82edab
3 changed files with 18 additions and 4 deletions

View File

@ -74,7 +74,8 @@ crypto_core_ed25519_scalar_random(unsigned char *r)
do { do {
randombytes_buf(r, crypto_core_ed25519_SCALARBYTES); randombytes_buf(r, crypto_core_ed25519_SCALARBYTES);
r[crypto_core_ed25519_SCALARBYTES - 1] &= 0x1f; r[crypto_core_ed25519_SCALARBYTES - 1] &= 0x1f;
} while (sc25519_is_canonical(r) == 0); } while (sc25519_is_canonical(r) == 0 ||
sodium_is_zero(r, crypto_core_ed25519_SCALARBYTES));
} }
int int
@ -86,9 +87,10 @@ crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
} }
void void
crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char s[64]) crypto_core_ed25519_scalar_reduce(unsigned char *r,
const unsigned char s[crypto_core_ed25519_NONREDUCEDSCALARBYTES])
{ {
unsigned char t[64]; unsigned char t[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
memcpy(t, s, sizeof t); memcpy(t, s, sizeof t);
sc25519_reduce(t); sc25519_reduce(t);
@ -102,6 +104,12 @@ crypto_core_ed25519_bytes(void)
return crypto_core_ed25519_BYTES; return crypto_core_ed25519_BYTES;
} }
size_t
crypto_core_ed25519_nonreducedscalarbytes(void)
{
return crypto_core_ed25519_NONREDUCEDSCALARBYTES;
}
size_t size_t
crypto_core_ed25519_uniformbytes(void) crypto_core_ed25519_uniformbytes(void)
{ {

View File

@ -20,6 +20,10 @@ size_t crypto_core_ed25519_uniformbytes(void);
SODIUM_EXPORT SODIUM_EXPORT
size_t crypto_core_ed25519_scalarbytes(void); size_t crypto_core_ed25519_scalarbytes(void);
#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64
SODIUM_EXPORT
size_t crypto_core_ed25519_nonreducedscalarbytes(void);
SODIUM_EXPORT SODIUM_EXPORT
int crypto_core_ed25519_is_valid_point(const unsigned char *p) int crypto_core_ed25519_is_valid_point(const unsigned char *p)
__attribute__ ((nonnull)); __attribute__ ((nonnull));

View File

@ -30,7 +30,7 @@ add_P(unsigned char * const S)
static void static void
add_l64(unsigned char * const S) add_l64(unsigned char * const S)
{ {
static const unsigned char l[64] = static const unsigned char l[crypto_core_ed25519_NONREDUCEDSCALARBYTES] =
{ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -182,6 +182,8 @@ main(void)
assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes()); assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes());
assert(crypto_core_ed25519_SCALARBYTES == crypto_core_ed25519_scalarbytes()); assert(crypto_core_ed25519_SCALARBYTES == crypto_core_ed25519_scalarbytes());
assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES == crypto_core_ed25519_nonreducedscalarbytes());
assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= crypto_core_ed25519_SCALARBYTES);
assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes()); assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes());
assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES); assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES);