*_is_less_than_*() -> *_is_canonical()
and reject non-canonical public keys in ed25519_scalarmult()
This commit is contained in:
Frank Denis
parent
15649c5849
commit
89bc2d6976
@ -2127,7 +2127,7 @@ ge_is_on_main_subgroup(const ge_p3 *p)
|
||||
}
|
||||
|
||||
int
|
||||
ge_is_less_than_p(const unsigned char *s)
|
||||
ge_is_canonical(const unsigned char *s)
|
||||
{
|
||||
unsigned char c;
|
||||
unsigned char d;
|
||||
@ -3018,7 +3018,7 @@ sc_reduce(unsigned char *s)
|
||||
}
|
||||
|
||||
int
|
||||
sc_is_less_than_L(const unsigned char *s)
|
||||
sc_is_canonical(const unsigned char *s)
|
||||
{
|
||||
/* 2^252+27742317777372353535851937790883648493 */
|
||||
static const unsigned char L[32] = {
|
||||
|
||||
@ -17,7 +17,7 @@ crypto_sign_ed25519_scalarmult(unsigned char *q, const unsigned char *n,
|
||||
ge_p3 Q;
|
||||
ge_p3 P;
|
||||
|
||||
if (ge_has_small_order(p) != 0 ||
|
||||
if (ge_is_canonical(p) != 0 || ge_has_small_order(p) != 0 ||
|
||||
ge_frombytes_negate_vartime(&P, p) != 0 ||
|
||||
ge_is_on_main_subgroup(&P) == 0) {
|
||||
return -1;
|
||||
|
||||
@ -26,8 +26,7 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
|
||||
ge_p2 R;
|
||||
|
||||
#ifndef ED25519_COMPAT
|
||||
if (sc_is_less_than_L(sig + 32) == 0 ||
|
||||
ge_has_small_order(sig) != 0) {
|
||||
if (sc_is_canonical(sig + 32) == 0 || ge_has_small_order(sig) != 0) {
|
||||
return -1;
|
||||
}
|
||||
#else
|
||||
|
||||
@ -104,7 +104,7 @@ typedef struct {
|
||||
#define ge_scalarmult_base crypto_core_curve25519_ref10_ge_scalarmult_base
|
||||
#define ge_double_scalarmult_vartime crypto_core_curve25519_ref10_ge_double_scalarmult_vartime
|
||||
#define ge_scalarmult_vartime crypto_core_curve25519_ref10_ge_scalarmult_vartime
|
||||
#define ge_is_less_than_p crypto_core_curve25519_ref10_ge_is_less_than_p
|
||||
#define ge_is_canonical crypto_core_curve25519_ref10_ge_is_canonical
|
||||
#define ge_is_on_curve crypto_core_curve25519_ref10_ge_is_on_curve
|
||||
#define ge_is_on_main_subgroup crypto_core_curve25519_ref10_ge_is_on_main_subgroup
|
||||
#define ge_has_small_order crypto_core_curve25519_ref10_ge_has_small_order
|
||||
@ -121,7 +121,7 @@ extern void ge_scalarmult_base(ge_p3 *,const unsigned char *);
|
||||
extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *);
|
||||
extern void ge_scalarmult(ge_p3 *,const unsigned char *,const ge_p3 *);
|
||||
extern void ge_scalarmult_vartime(ge_p3 *,const unsigned char *,const ge_p3 *);
|
||||
extern int ge_is_less_than_p(const unsigned char *s);
|
||||
extern int ge_is_canonical(const unsigned char *s);
|
||||
extern int ge_is_on_curve(const ge_p3 *p);
|
||||
extern int ge_is_on_main_subgroup(const ge_p3 *p);
|
||||
extern int ge_has_small_order(const unsigned char s[32]);
|
||||
@ -133,10 +133,10 @@ extern int ge_has_small_order(const unsigned char s[32]);
|
||||
|
||||
#define sc_reduce crypto_core_curve25519_ref10_sc_reduce
|
||||
#define sc_muladd crypto_core_curve25519_ref10_sc_muladd
|
||||
#define sc_is_less_than_L crypto_core_curve25519_ref10_sc_is_less_than_L
|
||||
#define sc_is_canonical crypto_core_curve25519_ref10_sc_is_canonical
|
||||
|
||||
extern void sc_reduce(unsigned char *);
|
||||
extern void sc_muladd(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
|
||||
extern int sc_is_less_than_L(const unsigned char *s);
|
||||
extern int sc_is_canonical(const unsigned char *s);
|
||||
|
||||
#endif
|
||||
|
||||
Loading…
Reference in New Issue
Block a user