git.codecow.com Git - Monocypher.git/commit

author	Loup Vaillant <loup@loup-vaillant.fr>
	Sat, 12 Feb 2022 10:13:22 +0000 (11:13 +0100)
committer	Loup Vaillant <loup@loup-vaillant.fr>
	Sat, 12 Feb 2022 10:28:36 +0000 (11:28 +0100)
commit	25f56775b3cc845d4de23873fd53ca72f8f4ca89
tree	2d66dd54d46a9ceffb6fc747f2ee1fe0a2c148f4	tree \| snapshot
parent	d9e961bcb6414cc086d1a14bb43e4321ff4b87eb	commit \| diff

Fix invsqrt() boolean return

The invsqrt() function used to return true when its operand was a
non-zero square.  Thing is, it was used to determine whether it was a
square, *period*.  If the operand was zero, we had the wrong answer.

This introduced two "errors" visible by the end user:

* The all-zero X25519 point could not be mapped back to an Elligator 2
  representative.  In practice that point is never used, but that does
  not comply with the original paper.

* The (0, 1) EdDSa public key could not be serialised, causing any
  signature verification associated with it to fail. This one we really
  don't care, because even though it is on the curve, that point has low
  order, and legitimate public keys all have prime order.

Fixes #231

src/monocypher.c		diff \| blob \| history
tests/gen/elligator-inverse.py		diff \| blob \| history
tests/gen/vectors/elligator_inv		diff \| blob \| history
tests/test.c		diff \| blob \| history