Auto merge of #51 - ebfull:several-fixups, r=ebfull

Several fixups Closes #50 Closes #48 Closes #46 Also, CI changes this PR will test: Closes #43 Closes #44
zkcrypto · Sep 28, 2017 · 5bb8e3a · 5bb8e3a
2 parents 2540ab3 + 4aa51bd
commit 5bb8e3a
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 5 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,5 +1,7 @@
 [package]
 name = "pairing"
+
+# Remember to change version string in README.md.
 version = "0.11.0"
 authors = ["Sean Bowe <ewillbefull@gmail.com>"]
 license = "MIT/Apache-2.0"
@@ -17,4 +19,4 @@ clippy = { version = "0.0.151", optional = true }
 [features]
 unstable-features = []
 u128-support = []
-default = ["u128-support"]
+default = []
diff --git a/README.md b/README.md
@@ -4,6 +4,20 @@ This is a Rust crate for using pairing-friendly elliptic curves. Currently, only
 
 ## [Documentation](https://docs.rs/pairing/)
 
+Bring the `pairing` crate into your project just as you normally would.
+
+If you're using a supported platform and the nightly Rust compiler, you can enable the `u128-support` feature for faster arithmetic.
+
+```toml
+[dependencies.pairing]
+version = "0.11"
+features = ["u128-support"]
+```
+
+## Security Warnings
+
+This library does not make any guarantees about constant-time operations, memory access patterns, or resistance to side-channel attacks.
+
 ## License
 
 Licensed under either of

diff --git a/src/bls12_381/fq.rs b/src/bls12_381/fq.rs
@@ -415,7 +415,10 @@ impl ::rand::Rand for Fq {
     fn rand<R: ::rand::Rng>(rng: &mut R) -> Self {
         loop {
             let mut tmp = Fq(FqRepr::rand(rng));
-            tmp.0.divn(REPR_SHAVE_BITS);
+
+            // Mask away the unused bits at the beginning.
+            tmp.0.as_mut()[5] &= 0xffffffffffffffff >> REPR_SHAVE_BITS;
+
             if tmp.is_valid() {
                 return tmp
             }

diff --git a/src/bls12_381/fr.rs b/src/bls12_381/fr.rs
@@ -237,7 +237,10 @@ impl ::rand::Rand for Fr {
     fn rand<R: ::rand::Rng>(rng: &mut R) -> Self {
         loop {
             let mut tmp = Fr(FrRepr::rand(rng));
-            tmp.0.divn(REPR_SHAVE_BITS);
+
+            // Mask away the unused bits at the beginning.
+            tmp.0.as_mut()[3] &= 0xffffffffffffffff >> REPR_SHAVE_BITS;
+
             if tmp.is_valid() {
                 return tmp
             }

diff --git a/src/wnaf.rs b/src/wnaf.rs
@@ -108,7 +108,7 @@ impl<G: CurveProjective> Wnaf<(), Vec<G>, Vec<i64>> {
         // Return a Wnaf object that immutably borrows the computed base storage location,
         // but mutably borrows the scalar storage location.
         Wnaf {
-            base: &self.base,
+            base: &self.base[..],
             scalar: &mut self.scalar,
             window_size: window_size
         }
@@ -131,7 +131,7 @@ impl<G: CurveProjective> Wnaf<(), Vec<G>, Vec<i64>> {
         // immutably borrows the computed wNAF form scalar location.
         Wnaf {
             base: &mut self.base,
-            scalar: &self.scalar,
+            scalar: &self.scalar[..],
             window_size: window_size
         }
     }