From 15649c5849fa15674550a8250c2937c4304dc9bb Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 23 Oct 2017 00:00:25 +0200 Subject: [PATCH] + ge_is_less_than_p() --- .../curve25519/ref10/curve25519_ref10.c | 21 +++++++++++++++++-- .../include/sodium/private/curve25519_ref10.h | 2 ++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c b/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c index 818406ce..a7c174f3 100644 --- a/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c +++ b/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c @@ -2126,6 +2126,23 @@ ge_is_on_main_subgroup(const ge_p3 *p) return fe_iszero(pl.X); } +int +ge_is_less_than_p(const unsigned char *s) +{ + unsigned char c; + unsigned char d; + unsigned int i; + + c = (s[31] & 0x7f) ^ 0x7f; + for (i = 30; i > 0; i--) { + c |= s[i] ^ 0xff; + } + c = (((unsigned int) c) - 1U) >> 8; + d = (0xed - 1U - (unsigned int) s[0]) >> 8; + + return 1 - (c & d & 1); +} + int ge_has_small_order(const unsigned char s[32]) { @@ -2153,11 +2170,11 @@ ge_has_small_order(const unsigned char s[32]) { 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, - /* p (order 4) */ + /* p (=0, order 4) */ { 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, - /* p+1 (order 2) */ + /* p+1 (=1, order 1) */ { 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f } diff --git a/src/libsodium/include/sodium/private/curve25519_ref10.h b/src/libsodium/include/sodium/private/curve25519_ref10.h index f153a8ff..3533957b 100644 --- a/src/libsodium/include/sodium/private/curve25519_ref10.h +++ b/src/libsodium/include/sodium/private/curve25519_ref10.h @@ -104,6 +104,7 @@ typedef struct { #define ge_scalarmult_base crypto_core_curve25519_ref10_ge_scalarmult_base #define ge_double_scalarmult_vartime crypto_core_curve25519_ref10_ge_double_scalarmult_vartime #define ge_scalarmult_vartime crypto_core_curve25519_ref10_ge_scalarmult_vartime +#define ge_is_less_than_p crypto_core_curve25519_ref10_ge_is_less_than_p #define ge_is_on_curve crypto_core_curve25519_ref10_ge_is_on_curve #define ge_is_on_main_subgroup crypto_core_curve25519_ref10_ge_is_on_main_subgroup #define ge_has_small_order crypto_core_curve25519_ref10_ge_has_small_order @@ -120,6 +121,7 @@ extern void ge_scalarmult_base(ge_p3 *,const unsigned char *); extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *); extern void ge_scalarmult(ge_p3 *,const unsigned char *,const ge_p3 *); extern void ge_scalarmult_vartime(ge_p3 *,const unsigned char *,const ge_p3 *); +extern int ge_is_less_than_p(const unsigned char *s); extern int ge_is_on_curve(const ge_p3 *p); extern int ge_is_on_main_subgroup(const ge_p3 *p); extern int ge_has_small_order(const unsigned char s[32]);