hush
/
libsodium
8
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity
Browse Source

Add specialized ge_mul_l() to multiply by the order of the main subgroup

next
Frank Denis 7 years ago
parent
6de26b59d7
commit
eaab512788
3 changed files with 58 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 55
      src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c
  2. 9
      src/libsodium/crypto_sign/ed25519/ref10/keypair.c
  3. 2
      src/libsodium/include/sodium/private/curve25519_ref10.h

55
src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c
View File

@ -1913,6 +1913,61 @@ ge_scalarmult_base(ge_p3 *h, const unsigned char *a)
}
}
/* multiply by the order of the main subgroup l = 2^252+27742317777372353535851937790883648493 */
void
ge_mul_l(ge_p3 *r, const ge_p3 *A)
{
static const signed char aslide[253] = {
13, 0, 0, 0, 0, -1, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, -5, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 11, 0, 0, 0, 0, 0, 11, 0, 0, 0, 0, -13, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 3, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, 0, 15, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 7, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1
};
ge_cached Ai[8];
ge_p1p1 t;
ge_p3 u;
ge_p3 A2;
int i;
ge_p3_to_cached(&Ai[0], A);
ge_p3_dbl(&t, A);
ge_p1p1_to_p3(&A2, &t);
ge_add(&t, &A2, &Ai[0]);
ge_p1p1_to_p3(&u, &t);
ge_p3_to_cached(&Ai[1], &u);
ge_add(&t, &A2, &Ai[1]);
ge_p1p1_to_p3(&u, &t);
ge_p3_to_cached(&Ai[2], &u);
ge_add(&t, &A2, &Ai[2]);
ge_p1p1_to_p3(&u, &t);
ge_p3_to_cached(&Ai[3], &u);
ge_add(&t, &A2, &Ai[3]);
ge_p1p1_to_p3(&u, &t);
ge_p3_to_cached(&Ai[4], &u);
ge_add(&t, &A2, &Ai[4]);
ge_p1p1_to_p3(&u, &t);
ge_p3_to_cached(&Ai[5], &u);
ge_add(&t, &A2, &Ai[5]);
ge_p1p1_to_p3(&u, &t);
ge_p3_to_cached(&Ai[6], &u);
ge_add(&t, &A2, &Ai[6]);
ge_p1p1_to_p3(&u, &t);
ge_p3_to_cached(&Ai[7], &u);
ge_p3_0(r);
for (i = 252; i >= 0; --i) {
ge_p3_dbl(&t, r);
if (aslide[i] > 0) {
ge_p1p1_to_p3(&u, &t);
ge_add(&t, &u, &Ai[aslide[i] / 2]);
} else if (aslide[i] < 0) {
ge_p1p1_to_p3(&u, &t);
ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
}
ge_p1p1_to_p3(r, &t);
}
}
/*
Input:
a[0]+256*a[1]+...+256^31*a[31] = a

9
src/libsodium/crypto_sign/ed25519/ref10/keypair.c
View File

@ -42,13 +42,6 @@ crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk)
return ret;
}
/* 2^252+27742317777372353535851937790883648493 */
static const unsigned char L[32] = {
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7,
0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
int
crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
const unsigned char *ed25519_pk)
@ -62,7 +55,7 @@ crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
ge_frombytes_negate_vartime(&A, ed25519_pk) != 0) {
return -1;
}
ge_scalarmult_vartime(&pl, L, &A);
ge_mul_l(&pl, &A);
if (fe_isnonzero(pl.X)) {
return -1;
}

2
src/libsodium/include/sodium/private/curve25519_ref10.h
View File

@ -123,6 +123,7 @@ typedef struct {
#define ge_scalarmult_base crypto_core_curve25519_ref10_ge_scalarmult_base
#define ge_double_scalarmult_vartime crypto_core_curve25519_ref10_ge_double_scalarmult_vartime
#define ge_scalarmult_vartime crypto_core_curve25519_ref10_ge_scalarmult_vartime
#define ge_mul_l crypto_core_curve25519_ref10_ge_mul_l
extern void ge_tobytes(unsigned char *,const ge_p2 *);
extern void ge_p3_tobytes(unsigned char *,const ge_p3 *);
@ -145,6 +146,7 @@ extern void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *);
extern void ge_scalarmult_base(ge_p3 *,const unsigned char *);
extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *);
extern void ge_scalarmult_vartime(ge_p3 *,const unsigned char *,const ge_p3 *);
extern void ge_mul_l(ge_p3 *r, const ge_p3 *A);
/*
The set of scalars is \Z/l

Write Preview
Loading…
Cancel
Save