Fix todo in edwards25519 #592
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
🔒 Could not start CI tests due to missing safe PR label. Please contact a DEDIS maintainer. |
1 similar comment
|
🔒 Could not start CI tests due to missing safe PR label. Please contact a DEDIS maintainer. |
thehoul
commented
Dec 17, 2025
var_mod.go and const_mod.go now have a NewUint() method to create a mod from a uint64
Accordingly adapt hashToField, expandMessageXDM and expandMessageXOF
thehoul
force-pushed
the
fix-todo-edwards25519
branch
from
6b7afe6 to
01e3fba
Compare
Contributor
|
I would try to remove the line kyber/.github/workflows/tests.yml Line 7 in 570c22f |
jbsv
reviewed
Dec 24, 2025
fix failing tests on 32B architectures
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
i2OSP converts x > 0 to a byte string of the specified length xLen. To obtain the bytes, the int was converted into a
compatible.IntandBytes()was called on it using a temporarycompatiblemod.Mod. The TODO requested to review this modulo used.Indeed, the modulo is a problem: in the case of x = 256 and xLen=2, the program shoud return the byte array [1,0] but panics. This is because the modulo used is 127 and thus
Bytes()panics because the Int (256) is larger than the modulus (127).The first problem is that any value that fits on more than 1 byte passed as input will cause the program to panic, no matter the value of xLen.
The second problem is that in the context of an bad input (i.e. some x that requires more bytes than xLen), the program will panic (for the same reason) instead of returning an error. This is not an acceptable behaviour since depending on the inputs, the program will sometimes panic and sometimes return an error for the same reason. For backward compatibility, the program should never crash if the inputs are bad but return an error instead.
Fix
The modulus is now the largest value representable on xLen bytes. This ensures that as long as the input value x can fit on xLen bytes, the program will never panic.
This does not entirely fix the problem because, in the case of bad inputs (i.e x not representable on xLen) bytes, the modulo created will be too small and
Bytes()will panic. We also need to check ifx > mod. We can do this easily since both are uint64 and it automatically implies that x requires more than xLen (since the modulo created is the largest representable value with xLen bytes)Thus:
(1 << (8 * xLen)) -1compatiblemod.Mod,const_modandvar_modnow implement a methodNewUint()to create a modulus from a uint64