mirror of https://github.com/gtank/ristretto255
ristretto255: check element minimality by comparing Bytes output
This commit is contained in:
parent
363fa10df6
commit
118379a17a
18
fe.go
18
fe.go
|
@ -109,21 +109,3 @@ func fieldElementFromDecimal(s string) *radix51.FieldElement {
|
||||||
}
|
}
|
||||||
return new(radix51.FieldElement).FromBig(n)
|
return new(radix51.FieldElement).FromBig(n)
|
||||||
}
|
}
|
||||||
|
|
||||||
// The order of the field, 2^255 - 19, in 51-bit little endian form.
|
|
||||||
var fieldOrder = [5]uint64{0x7ffffffffffed, 0x7ffffffffffff, 0x7ffffffffffff, 0x7ffffffffffff, 0x7ffffffffffff}
|
|
||||||
|
|
||||||
// feMinimal returns true if the given field element is less than the order of the field.
|
|
||||||
func feMinimal(fe *radix51.FieldElement) bool {
|
|
||||||
for i := 4; ; i-- {
|
|
||||||
v := fe[i]
|
|
||||||
if v > fieldOrder[i] {
|
|
||||||
return false
|
|
||||||
} else if v < fieldOrder[i] {
|
|
||||||
break
|
|
||||||
} else if i == 0 {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
package ristretto255
|
package ristretto255
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"errors"
|
"errors"
|
||||||
|
|
||||||
"github.com/gtank/ristretto255/internal/edwards25519"
|
"github.com/gtank/ristretto255/internal/edwards25519"
|
||||||
|
@ -191,8 +192,8 @@ func (ee *Element) Encode() []byte {
|
||||||
return s.Bytes(nil)
|
return s.Bytes(nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decode decodes the canonical bytestring encoding of an element into a Ristretto element.
|
// Decode decodes the canonical bytestring encoding of an element into a
|
||||||
// Returns nil on success.
|
// Ristretto element.
|
||||||
func (e *Element) Decode(in []byte) error {
|
func (e *Element) Decode(in []byte) error {
|
||||||
if len(in) != 32 {
|
if len(in) != 32 {
|
||||||
return errInvalidEncoding
|
return errInvalidEncoding
|
||||||
|
@ -203,8 +204,13 @@ func (e *Element) Decode(in []byte) error {
|
||||||
s.FromBytes(in)
|
s.FromBytes(in)
|
||||||
|
|
||||||
// If the resulting value is >= p, decoding fails.
|
// If the resulting value is >= p, decoding fails.
|
||||||
|
var buf [32]byte
|
||||||
|
if !bytes.Equal(s.Bytes(buf[:0]), in) {
|
||||||
|
return errInvalidEncoding
|
||||||
|
}
|
||||||
|
|
||||||
// If IS_NEGATIVE(s) returns TRUE, decoding fails.
|
// If IS_NEGATIVE(s) returns TRUE, decoding fails.
|
||||||
if !feMinimal(s) || s.IsNegative() == 1 {
|
if s.IsNegative() == 1 {
|
||||||
return errInvalidEncoding
|
return errInvalidEncoding
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue