sarah
/
ristretto255
mirror of https://github.com/gtank/ristretto255
1
0
Fork 0
Code Issues Releases Wiki Activity

ristretto255: check element minimality by comparing Bytes output

This commit is contained in:
Filippo Valsorda 2019-04-19 13:25:05 -04:00 committed by Henry de Valence
parent 363fa10df6
commit 118379a17a
2 changed files with 9 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
fe.go
View File

@ -109,21 +109,3 @@ func fieldElementFromDecimal(s string) *radix51.FieldElement {
}
return new(radix51.FieldElement).FromBig(n)
}
// The order of the field, 2^255 - 19, in 51-bit little endian form.
var fieldOrder = [5]uint64{0x7ffffffffffed, 0x7ffffffffffff, 0x7ffffffffffff, 0x7ffffffffffff, 0x7ffffffffffff}
// feMinimal returns true if the given field element is less than the order of the field.
func feMinimal(fe *radix51.FieldElement) bool {
for i := 4; ; i-- {
v := fe[i]
if v > fieldOrder[i] {
return false
} else if v < fieldOrder[i] {
break
} else if i == 0 {
return false
}
}
return true
}

12
ristretto255.go
View File

@ -8,6 +8,7 @@
package ristretto255
import (
"bytes"
"errors"
"github.com/gtank/ristretto255/internal/edwards25519"
@ -191,8 +192,8 @@ func (ee *Element) Encode() []byte {
return s.Bytes(nil)
}
// Decode decodes the canonical bytestring encoding of an element into a Ristretto element.
// Returns nil on success.
// Decode decodes the canonical bytestring encoding of an element into a
// Ristretto element.
func (e *Element) Decode(in []byte) error {
if len(in) != 32 {
return errInvalidEncoding
@ -203,8 +204,13 @@ func (e *Element) Decode(in []byte) error {
s.FromBytes(in)
// If the resulting value is >= p, decoding fails.
var buf [32]byte
if !bytes.Equal(s.Bytes(buf[:0]), in) {
return errInvalidEncoding
}
// If IS_NEGATIVE(s) returns TRUE, decoding fails.
if !feMinimal(s) || s.IsNegative() == 1 {
if s.IsNegative() == 1 {
return errInvalidEncoding
}