Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to new Scalar API #120

Merged
merged 6 commits into from
Mar 31, 2023
Merged

Update to new Scalar API #120

merged 6 commits into from
Mar 31, 2023

Conversation

rozbb
Copy link
Collaborator

@rozbb rozbb commented Mar 21, 2023
edited
Loading

This removes all uses of Scalar::[from_bits, from_bits_clamped}. Some comments inline.

I'll update the git dependency once dalek-cryptography/curve25519-dalek#519 drops.

rozbb
rozbb commented Mar 21, 2023
View reviewed changes
src/x25519.rs

impl EphemeralSecret {
/// Perform a Diffie-Hellman key agreement between `self` and
/// `their_public` key to produce a [`SharedSecret`].
pub fn diffie_hellman(self, their_public: &PublicKey) -> SharedSecret {
SharedSecret(self.0 * their_public.0)
SharedSecret(their_public.0.mul_clamped(self.0))
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is equivalent because, in the old code, self.0 was the result of Scalar::from_bits_clamped, which was unreduced.

src/x25519.rs
@@ -112,7 +111,7 @@ impl EphemeralSecret {
impl<'a> From<&'a EphemeralSecret> for PublicKey {
/// Given an x25519 [`EphemeralSecret`] key, compute its corresponding [`PublicKey`].
fn from(secret: &'a EphemeralSecret) -> PublicKey {
PublicKey(EdwardsPoint::mul_base(&secret.0).to_montgomery())
PublicKey(EdwardsPoint::mul_base_clamped(secret.0).to_montgomery())
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same reasoning here, and in the multiple copies of this below

src/x25519.rs Show resolved Hide resolved
src/x25519.rs
fn from(bytes: AllowUnreducedScalarBytes) -> Scalar {
Scalar::from_bits_clamped(bytes.0)
}
}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can remove this because (de)serialization of StaticSecret is all bytes now

@rozbb rozbb requested a review from tarcieri March 21, 2023 07:11
@rozbb rozbb mentioned this pull request Mar 27, 2023
Merged
rozbb
rozbb commented Mar 31, 2023
View reviewed changes
src/x25519.rs Show resolved Hide resolved
@rozbb
Copy link
Collaborator Author

rozbb commented Mar 31, 2023

@tarcieri Ok one last look. I changed all the constructors to not clamp the inputs (this is what age does). Clamping is always done when doing scalar-point multiplication.

tarcieri
tarcieri approved these changes Mar 31, 2023
View reviewed changes
Copy link
Contributor

@tarcieri tarcieri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@rozbb rozbb merged commit 25fa593 into dalek-cryptography:main Mar 31, 2023
@pinkforest pinkforest mentioned this pull request Jun 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tarcieri tarcieri tarcieri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rozbb @tarcieri