dependency: upgrade to curve25519-dalek 4.0 (#161)

Uses mul_base_clamped, credit to @tarcieri for the suggestion.
mcginty · Aug 16, 2023 · 396805b · 396805b
1 parent a11d0d9
commit 396805b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 18 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -45,7 +45,7 @@ aes-gcm = { version = "0.9", optional = true }
 chacha20poly1305 = { version = "0.9", optional = true }
 blake2 = { version = "0.10", optional = true }
 sha2 = { version = "0.10", optional = true }
-curve25519-dalek = { version = "=4.0.0-rc.1", optional = true }
+curve25519-dalek = { version = "4", optional = true }
 
 pqcrypto-kyber = { version = "0.7", optional = true }
 pqcrypto-traits = { version = "0.3", optional = true }

diff --git a/src/resolvers/default.rs b/src/resolvers/default.rs
@@ -5,7 +5,7 @@ use chacha20poly1305::{
     aead::{AeadInPlace, NewAead},
     ChaCha20Poly1305,
 };
-use curve25519_dalek::{edwards::EdwardsPoint, montgomery::MontgomeryPoint, scalar::Scalar};
+use curve25519_dalek::montgomery::MontgomeryPoint;
 #[cfg(feature = "pqclean_kyber1024")]
 use pqcrypto_kyber::kyber1024;
 #[cfg(feature = "pqclean_kyber1024")]
@@ -72,7 +72,7 @@ impl CryptoResolver for DefaultResolver {
 /// Wraps x25519-dalek.
 #[derive(Default)]
 struct Dh25519 {
-    privkey: Scalar,
+    privkey: [u8; 32],
     pubkey:  [u8; 32],
 }
 
@@ -128,21 +128,11 @@ impl Random for OsRng {}
 
 impl Dh25519 {
     fn derive_pubkey(&mut self) {
-        // TODO: use `MontgomeryPoint::mul_base` in final v4 release of curve25519-dalek
-        // See dalek-cryptography/curve25519-dalek#503
-        let point = EdwardsPoint::mul_base(&self.privkey).to_montgomery();
+        let point = MontgomeryPoint::mul_base_clamped(self.privkey);
         self.pubkey = point.to_bytes();
     }
 }
 
-fn clamp_scalar(mut scalar: [u8; 32]) -> Scalar {
-    scalar[0] &= 248;
-    scalar[31] &= 127;
-    scalar[31] |= 64;
-
-    Scalar::from_bits(scalar)
-}
-
 impl Dh for Dh25519 {
     fn name(&self) -> &'static str {
         "25519"
@@ -159,14 +149,14 @@ impl Dh for Dh25519 {
     fn set(&mut self, privkey: &[u8]) {
         let mut bytes = [0u8; 32];
         copy_slices!(privkey, bytes);
-        self.privkey = clamp_scalar(bytes);
+        self.privkey = bytes;
         self.derive_pubkey();
     }
 
     fn generate(&mut self, rng: &mut dyn Random) {
         let mut bytes = [0u8; 32];
         rng.fill_bytes(&mut bytes);
-        self.privkey = clamp_scalar(bytes);
+        self.privkey = bytes;
         self.derive_pubkey();
     }
 
@@ -175,13 +165,13 @@ impl Dh for Dh25519 {
     }
 
     fn privkey(&self) -> &[u8] {
-        self.privkey.as_bytes()
+        &self.privkey
     }
 
     fn dh(&self, pubkey: &[u8], out: &mut [u8]) -> Result<(), Error> {
         let mut pubkey_owned = [0u8; 32];
         copy_slices!(&pubkey[..32], pubkey_owned);
-        let result = (self.privkey * MontgomeryPoint(pubkey_owned)).to_bytes();
+        let result = MontgomeryPoint(pubkey_owned).mul_clamped(self.privkey).to_bytes();
         copy_slices!(result, out);
         Ok(())
     }