commit 680fa880d63daa6058a084f1c107162e40e18aa8 (tree)
parent 8d0671157cdf8bc8b89d047138b42227420a5388
Author: Frank Denis <124872+jedisct1@users.noreply.github.com>
Date: Thu, 22 Jul 2021 01:27:42 +0200
std.crypto: handle the top bit in 25519.field.fromBytes64() (#9435)
The only known use case for this is the hash-to-curve operation where the top bit is always cleared.
But the function is public, so let's make it work as one would expect in the general case.
Also fix the comment by the way.
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/std/crypto/25519/field.zig b/lib/std/crypto/25519/field.zig
@@ -93,7 +93,7 @@ pub const Fe = struct {
return s;
}
- /// Map a 64-bit big endian string into a field element
+ /// Map a 64 bytes big endian string into a field element
pub fn fromBytes64(s: [64]u8) Fe {
var fl: [32]u8 = undefined;
var gl: [32]u8 = undefined;
@@ -106,7 +106,7 @@ pub const Fe = struct {
gl[31] &= 0x7f;
var fe_f = fromBytes(fl);
const fe_g = fromBytes(gl);
- fe_f.limbs[0] += (s[32] >> 7) * 19;
+ fe_f.limbs[0] += (s[32] >> 7) * 19 + @as(u10, s[0] >> 7) * 722;
i = 0;
while (i < 5) : (i += 1) {
fe_f.limbs[i] += 38 * fe_g.limbs[i];
