Skip to content

Commit 396805b

Browse files
kayabaNervemcginty
kayabaNerve
authored and
mcginty
committed
dependency: upgrade to curve25519-dalek 4.0 (#161)
Uses mul_base_clamped, credit to @tarcieri for the suggestion.
1 parent a11d0d9 commit 396805b

File tree

2 files changed

+8
-18
lines changed

2 files changed

+8
-18
lines changed

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ aes-gcm = { version = "0.9", optional = true }
4545
chacha20poly1305 = { version = "0.9", optional = true }
4646
blake2 = { version = "0.10", optional = true }
4747
sha2 = { version = "0.10", optional = true }
48-
curve25519-dalek = { version = "=4.0.0-rc.1", optional = true }
48+
curve25519-dalek = { version = "4", optional = true }
4949

5050
pqcrypto-kyber = { version = "0.7", optional = true }
5151
pqcrypto-traits = { version = "0.3", optional = true }

src/resolvers/default.rs

Lines changed: 7 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ use chacha20poly1305::{
55
aead::{AeadInPlace, NewAead},
66
ChaCha20Poly1305,
77
};
8-
use curve25519_dalek::{edwards::EdwardsPoint, montgomery::MontgomeryPoint, scalar::Scalar};
8+
use curve25519_dalek::montgomery::MontgomeryPoint;
99
#[cfg(feature = "pqclean_kyber1024")]
1010
use pqcrypto_kyber::kyber1024;
1111
#[cfg(feature = "pqclean_kyber1024")]
@@ -72,7 +72,7 @@ impl CryptoResolver for DefaultResolver {
7272
/// Wraps x25519-dalek.
7373
#[derive(Default)]
7474
struct Dh25519 {
75-
privkey: Scalar,
75+
privkey: [u8; 32],
7676
pubkey: [u8; 32],
7777
}
7878

@@ -128,21 +128,11 @@ impl Random for OsRng {}
128128

129129
impl Dh25519 {
130130
fn derive_pubkey(&mut self) {
131-
// TODO: use `MontgomeryPoint::mul_base` in final v4 release of curve25519-dalek
132-
// See dalek-cryptography/curve25519-dalek#503
133-
let point = EdwardsPoint::mul_base(&self.privkey).to_montgomery();
131+
let point = MontgomeryPoint::mul_base_clamped(self.privkey);
134132
self.pubkey = point.to_bytes();
135133
}
136134
}
137135

138-
fn clamp_scalar(mut scalar: [u8; 32]) -> Scalar {
139-
scalar[0] &= 248;
140-
scalar[31] &= 127;
141-
scalar[31] |= 64;
142-
143-
Scalar::from_bits(scalar)
144-
}
145-
146136
impl Dh for Dh25519 {
147137
fn name(&self) -> &'static str {
148138
"25519"
@@ -159,14 +149,14 @@ impl Dh for Dh25519 {
159149
fn set(&mut self, privkey: &[u8]) {
160150
let mut bytes = [0u8; 32];
161151
copy_slices!(privkey, bytes);
162-
self.privkey = clamp_scalar(bytes);
152+
self.privkey = bytes;
163153
self.derive_pubkey();
164154
}
165155

166156
fn generate(&mut self, rng: &mut dyn Random) {
167157
let mut bytes = [0u8; 32];
168158
rng.fill_bytes(&mut bytes);
169-
self.privkey = clamp_scalar(bytes);
159+
self.privkey = bytes;
170160
self.derive_pubkey();
171161
}
172162

@@ -175,13 +165,13 @@ impl Dh for Dh25519 {
175165
}
176166

177167
fn privkey(&self) -> &[u8] {
178-
self.privkey.as_bytes()
168+
&self.privkey
179169
}
180170

181171
fn dh(&self, pubkey: &[u8], out: &mut [u8]) -> Result<(), Error> {
182172
let mut pubkey_owned = [0u8; 32];
183173
copy_slices!(&pubkey[..32], pubkey_owned);
184-
let result = (self.privkey * MontgomeryPoint(pubkey_owned)).to_bytes();
174+
let result = MontgomeryPoint(pubkey_owned).mul_clamped(self.privkey).to_bytes();
185175
copy_slices!(result, out);
186176
Ok(())
187177
}

0 commit comments

Comments
 (0)