Skip to content

Update sodium_compat to 1.24.0 #10672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
SergeyBiryukov wants to merge 1 commit into from
+28 −4
Closed

Update sodium_compat to 1.24.0 #10672

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 22 additions & 4 deletions src/wp-includes/sodium_compat/src/Core/Ed25519.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,22 @@ public static function publickey_from_secretkey($sk)
return self::sk_to_pk($sk);
}

/**
* Returns TRUE if $A represents a point on the order of the Edwards25519 prime order subgroup.
* Returns FALSE if $A is on a different subgroup.
*
* @param ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A
* @return bool
*
* @throws SodiumException
*/
public static function is_on_main_subgroup(ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A)
{
$p1 = self::ge_mul_l($A);
$t = self::fe_sub($p1->Y, $p1->Z);
return self::fe_isnonzero($p1->X) && self::fe_isnonzero($t);
}

/**
* @param string $pk
* @return string
Expand All @@ -118,9 +134,8 @@ public static function pk_to_curve25519($pk)
throw new SodiumException('Public key is on a small order');
}
$A = self::ge_frombytes_negate_vartime(self::substr($pk, 0, 32));
$p1 = self::ge_mul_l($A);
if (!self::fe_isnonzero($p1->X)) {
throw new SodiumException('Unexpected zero result');
if (!self::is_on_main_subgroup($A)) {
throw new SodiumException('Public key is not on a member of the main subgroup');
}

# fe_1(one_minus_y);
Expand Down Expand Up @@ -287,7 +302,7 @@ public static function verify_detached($sig, $message, $pk)
throw new SodiumException('Argument 3 must be CRYPTO_SIGN_PUBLICKEYBYTES long');
}
if ((self::chrToInt($sig[63]) & 240) && self::check_S_lt_L(self::substr($sig, 32, 32))) {
throw new SodiumException('S < L - Invalid signature');
throw new SodiumException('S >= L - Invalid signature');
}
if (self::small_order($sig)) {
throw new SodiumException('Signature is on too small of an order');
Expand All @@ -311,6 +326,9 @@ public static function verify_detached($sig, $message, $pk)

/** @var ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A */
$A = self::ge_frombytes_negate_vartime($pk);
if (!self::is_on_main_subgroup($A)) {
throw new SodiumException('Public key is not on a member of the main subgroup');
}

/** @var string $hDigest */
$hDigest = hash(
Expand Down
6 changes: 6 additions & 0 deletions src/wp-includes/sodium_compat/src/File.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -786,8 +786,14 @@ public static function verify(
// Set ParagonIE_Sodium_Compat::$fastMult to true to speed up verification.
ParagonIE_Sodium_Compat::$fastMult = true;

if (ParagonIE_Sodium_Core_Ed25519::small_order($publicKey)) {
throw new SodiumException('Public key has small order');
}
/** @var ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A */
$A = ParagonIE_Sodium_Core_Ed25519::ge_frombytes_negate_vartime($publicKey);
if (!ParagonIE_Sodium_Core_Ed25519::is_on_main_subgroup($A)) {
throw new SodiumException('Public key is not on a member of the main subgroup');
}

$hs = hash_init('sha512');
self::hash_update($hs, self::substr($sig, 0, 32));
Expand Down
Loading