You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Section 7.1.3 states that DH results MUST be rejected if they are the point at infinity. Currently (including the current PR), this check is only implemented for X25519. There should be a similar check for X448 and the NIST curves.
A suggestion for the P-curves: I actually don't explicitly check for the point at infinity in rust-hpke. Instead, I mandate that all private keys be in the range (0,p-1] (a pretty standard requirement), and that received pubkeys not be the point at infinity (already mandated by the spec). The combination of these two requirements means that sk * pk cannot be the point at infinity, since pk has order p and sk is not 0 mod p.
The text was updated successfully, but these errors were encountered:
Section 7.1.3 states that DH results MUST be rejected if they are the point at infinity. Currently (including the current PR), this check is only implemented for X25519. There should be a similar check for X448 and the NIST curves.
A suggestion for the P-curves: I actually don't explicitly check for the point at infinity in rust-hpke. Instead, I mandate that all private keys be in the range (0,p-1] (a pretty standard requirement), and that received pubkeys not be the point at infinity (already mandated by the spec). The combination of these two requirements means that
sk * pkcannot be the point at infinity, sincepkhas orderpandskis not0modp.The text was updated successfully, but these errors were encountered: