mirror of
https://github.com/jedisct1/libsodium.git
synced 2024-12-19 10:05:05 -07:00
Add crypto_core_{ed25519,ristretto255}_scalar_mul
This commit is contained in:
parent
2d87abe21a
commit
db6f43d25e
@ -158,6 +158,13 @@ crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
|
||||
crypto_core_ed25519_scalar_add(z, x, yn);
|
||||
}
|
||||
|
||||
void
|
||||
crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x,
|
||||
const unsigned char *y)
|
||||
{
|
||||
sc25519_mul(z, x, y);
|
||||
}
|
||||
|
||||
void
|
||||
crypto_core_ed25519_scalar_reduce(unsigned char *r,
|
||||
const unsigned char *s)
|
||||
|
@ -108,6 +108,13 @@ crypto_core_ristretto255_scalar_sub(unsigned char *z, const unsigned char *x,
|
||||
crypto_core_ed25519_scalar_sub(z, x, y);
|
||||
}
|
||||
|
||||
void
|
||||
crypto_core_ristretto255_scalar_mul(unsigned char *z, const unsigned char *x,
|
||||
const unsigned char *y)
|
||||
{
|
||||
sc25519_mul(z, x, y);
|
||||
}
|
||||
|
||||
void
|
||||
crypto_core_ristretto255_scalar_reduce(unsigned char *r,
|
||||
const unsigned char *s)
|
||||
|
@ -1081,7 +1081,7 @@ ge25519_has_small_order(const unsigned char s[32])
|
||||
where l = 2^252 + 27742317777372353535851937790883648493.
|
||||
*/
|
||||
|
||||
static void
|
||||
void
|
||||
sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32])
|
||||
{
|
||||
int64_t a0 = 2097151 & load_3(a);
|
||||
|
@ -68,6 +68,11 @@ void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
|
||||
const unsigned char *y)
|
||||
__attribute__ ((nonnull));
|
||||
|
||||
SODIUM_EXPORT
|
||||
void crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x,
|
||||
const unsigned char *y)
|
||||
__attribute__ ((nonnull));
|
||||
|
||||
/*
|
||||
* The interval `s` is sampled from should be at least 317 bits to ensure almost
|
||||
* uniformity of `r` over `L`.
|
||||
|
@ -74,6 +74,12 @@ void crypto_core_ristretto255_scalar_sub(unsigned char *z,
|
||||
const unsigned char *y)
|
||||
__attribute__ ((nonnull));
|
||||
|
||||
SODIUM_EXPORT
|
||||
void crypto_core_ristretto255_scalar_mul(unsigned char *z,
|
||||
const unsigned char *x,
|
||||
const unsigned char *y)
|
||||
__attribute__ ((nonnull));
|
||||
|
||||
/*
|
||||
* The interval `s` is sampled from should be at least 317 bits to ensure almost
|
||||
* uniformity of `r` over `L`.
|
||||
|
@ -334,6 +334,43 @@ main(void)
|
||||
sc, crypto_core_ed25519_SCALARBYTES);
|
||||
printf("sub2: %s\n", hex);
|
||||
|
||||
memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES);
|
||||
memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
|
||||
for (i = 0; i < 100; i++) {
|
||||
crypto_core_ed25519_scalar_mul(sc, sc, sc2);
|
||||
crypto_core_ed25519_scalar_mul(sc2, sc, sc2);
|
||||
}
|
||||
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
|
||||
sc2, crypto_core_ed25519_SCALARBYTES);
|
||||
printf("mul: %s\n", hex);
|
||||
for (i = 0; i < 1000; i++) {
|
||||
crypto_core_ed25519_scalar_random(sc);
|
||||
memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
|
||||
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
|
||||
assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
|
||||
|
||||
sc2[0]++;
|
||||
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
|
||||
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);
|
||||
|
||||
sc2[0]++;
|
||||
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
|
||||
crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
|
||||
crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
|
||||
assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
|
||||
|
||||
crypto_core_ed25519_scalar_random(sc2);
|
||||
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
|
||||
crypto_core_ed25519_scalar_invert(sc2, sc2);
|
||||
crypto_core_ed25519_scalar_mul(sc3, sc3, sc2);
|
||||
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);
|
||||
|
||||
sc[31] |= 0x11;
|
||||
memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
|
||||
sc2[0] = 1;
|
||||
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
|
||||
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) != 0);
|
||||
}
|
||||
sodium_free(hex);
|
||||
sodium_free(sc64);
|
||||
sodium_free(sc3);
|
||||
|
@ -14,4 +14,5 @@ add1: f7567cd87c82ec1c355a6304c143bcc9ecedededededededededededededed0d
|
||||
sub1: f67c79849de0253ba142949e1db6224b13121212121212121212121212121202
|
||||
add2: b02e8581ce62f69922427c23f970f7e951525252525252525252525252525202
|
||||
sub2: 3da570db4b001cbeb35a7b7fe588e72aaeadadadadadadadadadadadadadad0d
|
||||
mul: 4453ef38408c06677c1b810e4bf8b1991f01c88716fbfa2f075a518b77da400b
|
||||
OK
|
||||
|
Loading…
Reference in New Issue
Block a user