Impl VerifyingKey::is_weak (dalek-cryptography#277)

* Implemented VerifyingKey::is_weak

* Added unit test for VerifyingKey::is_weak

Author: rozbb

src/verifying.rs

@@ -163,6 +163,15 @@ impl VerifyingKey {
         Context::new(self, context_value)
     }
 
+    /// Returns whether this is a _weak_ public key, i.e., if this public key has low order.
+    ///
+    /// A weak public key can be used to generate a siganture that's valid for almost every
+    /// message. [`Self::verify_strict`] denies weak keys, but if you want to check for this
+    /// property before verification, then use this method.
+    pub fn is_weak(&self) -> bool {
+        self.1.is_small_order()
+    }
+
     /// Internal utility function for clamping a scalar representation and multiplying by the
     /// basepont to produce a public key.
     fn clamp_and_mul_base(bits: [u8; 32]) -> VerifyingKey {

tests/ed25519.rs

@@ -228,6 +228,9 @@ mod vectors {
         assert!(vk.verify(message1, &sig).is_ok());
         assert!(vk.verify(message2, &sig).is_ok());
 
+        // Check that this public key appears as weak
+        assert!(vk.is_weak());
+
         // Now check that the sigs fail under verify_strict. This is because verify_strict rejects
         // small order pubkeys.
         assert!(vk.verify_strict(message1, &sig).is_err());
@@ -306,6 +309,9 @@ mod integrations {
         good_sig = signing_key.sign(&good);
         bad_sig = signing_key.sign(&bad);
 
+        // Check that an honestly generated public key is not weak
+        assert!(!verifying_key.is_weak());
+
         assert!(
             signing_key.verify(&good, &good_sig).is_ok(),
             "Verification of a valid signature failed!"