1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 20:15:19 -07:00

Add crypto_core_{ed25519,ristretto255}_scalar_mul

This commit is contained in:
Frank Denis 2019-04-15 10:12:19 +02:00
parent 2d87abe21a
commit db6f43d25e
7 changed files with 64 additions and 1 deletions

View File

@ -158,6 +158,13 @@ crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
crypto_core_ed25519_scalar_add(z, x, yn);
}
void
crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x,
const unsigned char *y)
{
sc25519_mul(z, x, y);
}
void
crypto_core_ed25519_scalar_reduce(unsigned char *r,
const unsigned char *s)

View File

@ -108,6 +108,13 @@ crypto_core_ristretto255_scalar_sub(unsigned char *z, const unsigned char *x,
crypto_core_ed25519_scalar_sub(z, x, y);
}
void
crypto_core_ristretto255_scalar_mul(unsigned char *z, const unsigned char *x,
const unsigned char *y)
{
sc25519_mul(z, x, y);
}
void
crypto_core_ristretto255_scalar_reduce(unsigned char *r,
const unsigned char *s)

View File

@ -1081,7 +1081,7 @@ ge25519_has_small_order(const unsigned char s[32])
where l = 2^252 + 27742317777372353535851937790883648493.
*/
static void
void
sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32])
{
int64_t a0 = 2097151 & load_3(a);

View File

@ -68,6 +68,11 @@ void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
const unsigned char *y)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x,
const unsigned char *y)
__attribute__ ((nonnull));
/*
* The interval `s` is sampled from should be at least 317 bits to ensure almost
* uniformity of `r` over `L`.

View File

@ -74,6 +74,12 @@ void crypto_core_ristretto255_scalar_sub(unsigned char *z,
const unsigned char *y)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ristretto255_scalar_mul(unsigned char *z,
const unsigned char *x,
const unsigned char *y)
__attribute__ ((nonnull));
/*
* The interval `s` is sampled from should be at least 317 bits to ensure almost
* uniformity of `r` over `L`.

View File

@ -334,6 +334,43 @@ main(void)
sc, crypto_core_ed25519_SCALARBYTES);
printf("sub2: %s\n", hex);
memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES);
memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
for (i = 0; i < 100; i++) {
crypto_core_ed25519_scalar_mul(sc, sc, sc2);
crypto_core_ed25519_scalar_mul(sc2, sc, sc2);
}
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc2, crypto_core_ed25519_SCALARBYTES);
printf("mul: %s\n", hex);
for (i = 0; i < 1000; i++) {
crypto_core_ed25519_scalar_random(sc);
memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
sc2[0]++;
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);
sc2[0]++;
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_random(sc2);
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
crypto_core_ed25519_scalar_invert(sc2, sc2);
crypto_core_ed25519_scalar_mul(sc3, sc3, sc2);
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);
sc[31] |= 0x11;
memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
sc2[0] = 1;
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) != 0);
}
sodium_free(hex);
sodium_free(sc64);
sodium_free(sc3);

View File

@ -14,4 +14,5 @@ add1: f7567cd87c82ec1c355a6304c143bcc9ecedededededededededededededed0d
sub1: f67c79849de0253ba142949e1db6224b13121212121212121212121212121202
add2: b02e8581ce62f69922427c23f970f7e951525252525252525252525252525202
sub2: 3da570db4b001cbeb35a7b7fe588e72aaeadadadadadadadadadadadadadad0d
mul: 4453ef38408c06677c1b810e4bf8b1991f01c88716fbfa2f075a518b77da400b
OK