zxq9/resolver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
Craig Everett
2026-05-29 17:03:48 +09:00
parent a6397b64a5
commit b67fc1b5ac
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/shake.erl
+3 -3
View File
@@ -58,17 +58,17 @@ p() -> 16#7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED.
ed25519_pk_to_x25519(<<ED25519_PK:32/binary>>) -> ed25519_pk_to_x25519(<<ED25519_PK:32/binary>>) ->
<<CompressedInt:256/little-integer>> = ED25519_PK, <<CompressedInt:256/little-integer>> = ED25519_PK,
%% Clear the sign bit (MSB) to get the raw y-coordinate % Clear the sign bit (MSB) to get the raw y-coordinate
Y = CompressedInt band ((1 bsl 255) - 1), Y = CompressedInt band ((1 bsl 255) - 1),
%% Compute u = (1 + y) / (1 - y) mod P % Compute u = (1 + y) / (1 - y) mod P
Num = (1 + Y) rem p(), Num = (1 + Y) rem p(),
Den = (1 - Y + p()) rem p(), Den = (1 - Y + p()) rem p(),
case Den =:= 0 of case Den =:= 0 of
true -> true ->
% If y == 1, the point maps to the point at infinity. % If y == 1, the point maps to the point at infinity.
% On X25519, this translates to u = 0. % On X25519, this translates to u = 0.
% TODO: Ask Peter whether this case should actually fail...?
<<0:256/little-integer>>; <<0:256/little-integer>>;
false -> false ->
U = (Num * mod_inv(Den, p())) rem p(), U = (Num * mod_inv(Den, p())) rem p(),