mirror of https://github.com/gtank/ristretto255
ristretto255: check element minimality by comparing Bytes output
This commit is contained in:
parent
363fa10df6
commit
118379a17a
18
fe.go
18
fe.go
|
@ -109,21 +109,3 @@ func fieldElementFromDecimal(s string) *radix51.FieldElement {
|
|||
}
|
||||
return new(radix51.FieldElement).FromBig(n)
|
||||
}
|
||||
|
||||
// The order of the field, 2^255 - 19, in 51-bit little endian form.
|
||||
var fieldOrder = [5]uint64{0x7ffffffffffed, 0x7ffffffffffff, 0x7ffffffffffff, 0x7ffffffffffff, 0x7ffffffffffff}
|
||||
|
||||
// feMinimal returns true if the given field element is less than the order of the field.
|
||||
func feMinimal(fe *radix51.FieldElement) bool {
|
||||
for i := 4; ; i-- {
|
||||
v := fe[i]
|
||||
if v > fieldOrder[i] {
|
||||
return false
|
||||
} else if v < fieldOrder[i] {
|
||||
break
|
||||
} else if i == 0 {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
package ristretto255
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
|
||||
"github.com/gtank/ristretto255/internal/edwards25519"
|
||||
|
@ -191,8 +192,8 @@ func (ee *Element) Encode() []byte {
|
|||
return s.Bytes(nil)
|
||||
}
|
||||
|
||||
// Decode decodes the canonical bytestring encoding of an element into a Ristretto element.
|
||||
// Returns nil on success.
|
||||
// Decode decodes the canonical bytestring encoding of an element into a
|
||||
// Ristretto element.
|
||||
func (e *Element) Decode(in []byte) error {
|
||||
if len(in) != 32 {
|
||||
return errInvalidEncoding
|
||||
|
@ -203,8 +204,13 @@ func (e *Element) Decode(in []byte) error {
|
|||
s.FromBytes(in)
|
||||
|
||||
// If the resulting value is >= p, decoding fails.
|
||||
var buf [32]byte
|
||||
if !bytes.Equal(s.Bytes(buf[:0]), in) {
|
||||
return errInvalidEncoding
|
||||
}
|
||||
|
||||
// If IS_NEGATIVE(s) returns TRUE, decoding fails.
|
||||
if !feMinimal(s) || s.IsNegative() == 1 {
|
||||
if s.IsNegative() == 1 {
|
||||
return errInvalidEncoding
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue