Skip to content

Commit

Permalink
ed: update VerifyingKey::from_bytes with ZIP-215 info
Browse files Browse the repository at this point in the history
Removes the previous warning that points are unvalidated: they're
validated using the ZIP-215 rules, which allows unreduced y-coordinates.
Points are ensured valid by performing decompression, which finds a
solution to the curve equation, or returns an error.

Adds references to ZIP-215 and #626
which is an issue about potentially adding support for the RFC8032/NIST
validation criteria in the future.
  • Loading branch information
tarcieri committed Sep 19, 2024
1 parent b636fb8 commit 0a21b1c
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions ed25519-dalek/src/verifying.rs
Original file line number Diff line number Diff line change
Expand Up @@ -124,11 +124,8 @@ impl VerifyingKey {

/// Construct a `VerifyingKey` from a slice of bytes.
///
/// # Warning
///
/// The caller is responsible for ensuring that the bytes passed into this
/// method actually represent a `curve25519_dalek::curve::CompressedEdwardsY`
/// and that said compressed point is actually a point on the curve.
/// Verifies the point is valid under [ZIP-215] rules. RFC 8032 / NIST point validation criteria
/// are currently unsupported (see [dalek-cryptography/curve25519-dalek#626]).
///
/// # Example
///
Expand Down Expand Up @@ -156,6 +153,9 @@ impl VerifyingKey {
///
/// A `Result` whose okay value is an EdDSA `VerifyingKey` or whose error value
/// is a `SignatureError` describing the error that occurred.
///
/// [ZIP-215]: https://zips.z.cash/zip-0215
/// [dalek-cryptography/curve25519-dalek#626]: https://github.com/dalek-cryptography/curve25519-dalek/issues/626
#[inline]
pub fn from_bytes(bytes: &[u8; PUBLIC_KEY_LENGTH]) -> Result<VerifyingKey, SignatureError> {
let compressed = CompressedEdwardsY(*bytes);
Expand Down

0 comments on commit 0a21b1c

Please sign in to comment.