lib/rbnacl/group_elements/curve25519.rb in rbnacl-4.0.1 vs lib/rbnacl/group_elements/curve25519.rb in rbnacl-4.0.2

@@ -16,10 +16,13 @@
       STANDARD_GROUP_ELEMENT = ["0900000000000000000000000000000000000000000000000000000000000000"].pack("H*").freeze
 
       # Order of the standard group
       STANDARD_GROUP_ORDER = 2**252 + 27_742_317_777_372_353_535_851_937_790_883_648_493
 
+      # Degenerate key (all-zeroes, results in an all-zero shared secret)
+      DEGENERATE_KEY = ("\0" * 32).freeze
+
       include KeyComparator
       include Serializable
 
       extend Sodium
 
@@ -42,10 +45,12 @@
       #
       # @return [RbNaCl::Point] the Point at this location
       def initialize(point)
         @point = point.to_str
 
+        raise CryptoError, "degenerate key detected" if @point == DEGENERATE_KEY
+
         # FIXME: really should have a separate constant here for group element size
         # Group elements and scalars are both 32-bits, but that's for convenience
         Util.check_length(@point, SCALARBYTES, "group element")
       end
 
@@ -59,12 +64,12 @@
       def mult(integer)
         integer = integer.to_str
         Util.check_length(integer, SCALARBYTES, "integer")
 
         result = Util.zeros(SCALARBYTES)
-        self.class.scalarmult_curve25519(result, integer, @point)
 
+        raise CryptoError, "degenerate key detected" unless self.class.scalarmult_curve25519(result, integer, @point)
         self.class.new(result)
       end
 
       # Return the point serialized as bytes
       #
@@ -77,9 +82,10 @@
 
       # NaCl's standard base point for all Curve25519 public keys
       #
       # @return [RbNaCl::Point] standard base point (a.k.a. standard group element)
       def self.base
+        # TODO: better support fixed-based scalar multiplication (this glosses over native support)
         @base_point
       end
       class << self
         attr_reader :base_point
       end