mirror of
https://codeberg.org/ziglang/zig.git
synced 2025-12-06 13:54:21 +00:00
332fbb4b02
Most of the functions related to points on the Edwards25519 curve check that input points are not in a small-order subgroup. They don't check that points are on the prime-order subgroup, because this is expensive, and not always necessary. However, applications may require such a check in order to ensure that a public key is valid, and that a secret key counterpart exists. Many functions in the public API of libsodium related to arithmetic over Edwards25519 also do that check unconditionally. This is expensive, but a good way to catch bugs in protocols and implementations. So, add a `rejectUnexpectedSubgroup()` function to achieve this. The documentation on the edwards25519->curve25519 conversion function was also updated, in order to explain how to match libsodium's behavior if necessary. We use an addition chain to multiply the point by the order of the prime group. An alternative we may implement later is Pornin's point halving technique: https://eprint.iacr.org/2022/1164.pdf
38 lines
1.7 KiB
Zig
38 lines
1.7 KiB
Zig
/// MAC verification failed - The tag doesn't verify for the given ciphertext and secret key
|
|
pub const AuthenticationError = error{AuthenticationFailed};
|
|
|
|
/// The requested output length is too long for the chosen algorithm
|
|
pub const OutputTooLongError = error{OutputTooLong};
|
|
|
|
/// Finite field operation returned the identity element
|
|
pub const IdentityElementError = error{IdentityElement};
|
|
|
|
/// Encoded input cannot be decoded
|
|
pub const EncodingError = error{InvalidEncoding};
|
|
|
|
/// The signature doesn't verify for the given message and public key
|
|
pub const SignatureVerificationError = error{SignatureVerificationFailed};
|
|
|
|
/// Both a public and secret key have been provided, but they are incompatible
|
|
pub const KeyMismatchError = error{KeyMismatch};
|
|
|
|
/// Encoded input is not in canonical form
|
|
pub const NonCanonicalError = error{NonCanonical};
|
|
|
|
/// Square root has no solutions
|
|
pub const NotSquareError = error{NotSquare};
|
|
|
|
/// Verification string doesn't match the provided password and parameters
|
|
pub const PasswordVerificationError = error{PasswordVerificationFailed};
|
|
|
|
/// Parameters would be insecure to use
|
|
pub const WeakParametersError = error{WeakParameters};
|
|
|
|
/// Public key would be insecure to use
|
|
pub const WeakPublicKeyError = error{WeakPublicKey};
|
|
|
|
/// Point is not in the prime order group
|
|
pub const UnexpectedSubgroupError = error{UnexpectedSubgroup};
|
|
|
|
/// Any error related to cryptography operations
|
|
pub const Error = AuthenticationError || OutputTooLongError || IdentityElementError || EncodingError || SignatureVerificationError || KeyMismatchError || NonCanonicalError || NotSquareError || PasswordVerificationError || WeakParametersError || WeakPublicKeyError || UnexpectedSubgroupError;
|