Add a crypto_core_ed25519_NONREDUCEDSCALARBYTES constant

and reject 0 in crypto_core_ed25519_random()
2018-12-24 17:26:38 +01:00 · 2018-12-24 17:26:38 +01:00 · 59bd82edab
commit 59bd82edab
parent c0652ef7ca
3 changed files with 18 additions and 4 deletions
--- a/src/libsodium/crypto_core/ed25519/core_ed25519.c
+++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c
@ -74,7 +74,8 @@ crypto_core_ed25519_scalar_random(unsigned char *r)
    do {
        randombytes_buf(r, crypto_core_ed25519_SCALARBYTES);
        r[crypto_core_ed25519_SCALARBYTES - 1] &= 0x1f;
-    } while (sc25519_is_canonical(r) == 0);
+    } while (sc25519_is_canonical(r) == 0 ||
+             sodium_is_zero(r, crypto_core_ed25519_SCALARBYTES));
 }

 int
@ -86,9 +87,10 @@ crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
 }

 void
-crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char s[64])
+crypto_core_ed25519_scalar_reduce(unsigned char *r,
+                                  const unsigned char s[crypto_core_ed25519_NONREDUCEDSCALARBYTES])
 {
-    unsigned char t[64];
+    unsigned char t[crypto_core_ed25519_NONREDUCEDSCALARBYTES];

    memcpy(t, s, sizeof t);
    sc25519_reduce(t);
@ -102,6 +104,12 @@ crypto_core_ed25519_bytes(void)
    return crypto_core_ed25519_BYTES;
 }

+size_t
+crypto_core_ed25519_nonreducedscalarbytes(void)
+{
+    return crypto_core_ed25519_NONREDUCEDSCALARBYTES;
+}
+
 size_t
 crypto_core_ed25519_uniformbytes(void)
 {
--- a/src/libsodium/include/sodium/crypto_core_ed25519.h
+++ b/src/libsodium/include/sodium/crypto_core_ed25519.h
@ -20,6 +20,10 @@ size_t crypto_core_ed25519_uniformbytes(void);
 SODIUM_EXPORT
 size_t crypto_core_ed25519_scalarbytes(void);

+#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_nonreducedscalarbytes(void);
+
 SODIUM_EXPORT
 int crypto_core_ed25519_is_valid_point(const unsigned char *p)
            __attribute__ ((nonnull));
--- a/test/default/core_ed25519.c
+++ b/test/default/core_ed25519.c
@ -30,7 +30,7 @@ add_P(unsigned char * const S)
 static void
 add_l64(unsigned char * const S)
 {
-    static const unsigned char l[64] =
+    static const unsigned char l[crypto_core_ed25519_NONREDUCEDSCALARBYTES] =
      { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
        0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -182,6 +182,8 @@ main(void)

    assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes());
    assert(crypto_core_ed25519_SCALARBYTES == crypto_core_ed25519_scalarbytes());
+    assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES == crypto_core_ed25519_nonreducedscalarbytes());
+    assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= crypto_core_ed25519_SCALARBYTES);
    assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes());
    assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES);