commit 5e1b46bfa06e42c3ee31c7c8ad521718da3a82dd
parent 09df2660e393349d5cec05ebc18b3096b8085e66
Author: Pedram Fardzadeh <p.fardzadeh@protonmail.com>
Date: Mon, 11 Mar 2024 23:57:29 +0100
elligator: API changes for encoding + function documentations
Diffstat:
3 files changed, 157 insertions(+), 152 deletions(-)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
@@ -2664,22 +2664,6 @@ GNUNET_CRYPTO_edx25519_public_key_derive (
size_t seedsize,
struct GNUNET_CRYPTO_Edx25519PublicKey *result);
-/**
- * Note: Included in header for testing purposes. GNUNET_CRYPTO_ecdhe_elligator_decoding will be the correct API for the direct map.
- * TODO: Make static.
- * @ingroup crypto
- * Encodes an element of the underlying finite field, so called representative, of Curve25519 to a point on the curve
- * This transformation is deterministic
- *
- * @param representative element of the finite field
- * @param point destination for the calculated point on the curve
- * @param high_y destination set to "True" if corresponding y-coordinate is > 2 ^ 254 - 10
- */
-bool
-GNUNET_CRYPTO_ecdhe_elligator_direct_map (uint8_t *point,
- bool *high_y,
- uint8_t *representative);
-
/**
* @ingroup crypto
@@ -2687,9 +2671,9 @@ GNUNET_CRYPTO_ecdhe_elligator_direct_map (uint8_t *point,
*
* @param representative serialized elligator representative of an element of Curves25519's finite field
* @param point destination for the calculated point on the curve
- * @param high_y value pointed to will be set to true if corresponding y-coordinate is > 2 ^ 254 - 10, otherwise 0. Can be set to NULL if not needed.
+ * @param high_y bool pointed to will be set to 'true' if corresponding y-coordinate is > 2 ^ 254 - 10, otherwise 0. Can be set to NULL if not needed.
*/
-bool
+void
GNUNET_CRYPTO_ecdhe_elligator_decoding (
struct GNUNET_CRYPTO_EcdhePublicKey *point,
bool *high_y,
@@ -2697,23 +2681,25 @@ GNUNET_CRYPTO_ecdhe_elligator_decoding (
/**
* @ingroup crypto
- * Encodes a point on Curve25519 to a an element of the underlying finite field
- * This transformation is deterministic
+ * Encodes a point on Curve25519 to a an element of the underlying finite field.
+ * This transformation is deterministic.
*
- * @param point a point on the curve
+ * @param r storage for the calculated representative
+ * @param pub a point on the curve
* @param high_y encodes if y-coordinate is > 2 ^254 - 10, which determines the representative value out of two
- * @param representative destination for the calculated element of the finite field
+ * @return 'true' if the given point can be encoded into a representative. Otherwise 'false' is returned and the content of the representative storage is undefined
*/
bool
-GNUNET_CRYPTO_ecdhe_elligator_inverse_map (uint8_t *representative,
- const uint8_t *point,
- bool high_y);
+GNUNET_CRYPTO_ecdhe_elligator_encoding (
+ struct GNUNET_CRYPTO_ElligatorRepresentative *r,
+ const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
+ bool high_y);
/**
* @ingroup crypto
- * Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point
- * following Method 1 in description https://elligator.org/key-exchange section Step 2: Generate a “special” public key
+ * Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
+ * Following Method 1 in description https://elligator.org/key-exchange section Step 2: Generate a “special” public key.
*
* @param pub valid public key for elligator inverse map
* @param pk private key for generating valid public key
@@ -2727,7 +2713,7 @@ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (
/**
* @ingroup crypto
- * Generates a private key for Curve25519 and the elligator representative of the corresponding public key
+ * Generates a private key for Curve25519 and the elligator representative of the corresponding public key.
*
* @param repr representative of the public key
* @param pk Curve25519 private key
@@ -2740,8 +2726,8 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
/**
* @ingroup crypto
* Carries out ecdh encapsulation with given public key and the private key from a freshly created ephemeral key pair.
+ * Following the terminology in https://eprint.iacr.org/2021/509.pdf.
*
- * Following the terminology in https://eprint.iacr.org/2021/509.pdf
* @param pub given edwards curve public key (X)
* @param r representative of ephemeral public key A to use for the ECDH (direct_map(r)=A=aG)
* @param key_material where to write the key material H(aX)=H(x(aG))
@@ -2756,8 +2742,8 @@ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (
/**
* @ingroup crypto
* Carries out ecdh decapsulation with own private key and the representative of the received public key.
+ * Following the terminology in https://eprint.iacr.org/2021/509.pdf.
*
- * Following the terminology in https://eprint.iacr.org/2021/509.pdf
* @param priv own private key (x)
* @param r received representative r, from which we can obtain the public key A (direct_map(r)=A=aG)
* @param key_material where to write the key material H(xA)=H(a(xG))
diff --git a/src/lib/util/crypto_elligator.c b/src/lib/util/crypto_elligator.c
@@ -95,87 +95,87 @@ static const uint8_t lookupTable[8][crypto_scalarmult_SCALARBYTES] = {
// main.c from Kleshnis's elligator implementation
static const unsigned char p_bytes[P_BYTES] = {
- 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0x7f
+ 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
static const unsigned char negative_1_bytes[P_BYTES] = {
- 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0x7f
+ 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
static const unsigned char negative_2_bytes[P_BYTES] = {
- 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0x7f
+ 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
static const unsigned char divide_negative_1_2_bytes[P_BYTES] = {
- 0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0x3f
+ 0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f
};
static const unsigned char divide_plus_p_3_8_bytes[P_BYTES] = {
- 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0x0f
+ 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f
};
static const unsigned char divide_minus_p_1_2_bytes[P_BYTES] = {
- 0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0x3f
+ 0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f
};
static const unsigned char square_root_negative_1_bytes[P_BYTES] = {
- 0xb0, 0xa0, 0x0e, 0x4a, 0x27, 0x1b, 0xee, 0xc4, 0x78, 0xe4, 0x2f, 0xad, 0x06,
- 0x18, 0x43, 0x2f,
- 0xa7, 0xd7, 0xfb, 0x3d, 0x99, 0x00, 0x4d, 0x2b, 0x0b, 0xdf, 0xc1, 0x4f, 0x80,
- 0x24, 0x83, 0x2b
+ 0xb0, 0xa0, 0x0e, 0x4a, 0x27, 0x1b, 0xee, 0xc4,
+ 0x78, 0xe4, 0x2f, 0xad, 0x06, 0x18, 0x43, 0x2f,
+ 0xa7, 0xd7, 0xfb, 0x3d, 0x99, 0x00, 0x4d, 0x2b,
+ 0x0b, 0xdf, 0xc1, 0x4f, 0x80, 0x24, 0x83, 0x2b
};
static const unsigned char A_bytes[P_BYTES] = {
- 0x06, 0x6d, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00
+ 0x06, 0x6d, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static const unsigned char negative_A_bytes[P_BYTES] = {
- 0xe7, 0x92, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0x7f
+ 0xe7, 0x92, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
static const unsigned char u_bytes[P_BYTES] = {
- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00
+ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static const unsigned char inverted_u_bytes[P_BYTES] = {
- 0xf7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0x3f
+ 0xf7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f
};
static const unsigned char d_bytes[P_BYTES] = {
- 0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75, 0xab, 0xd8, 0x41, 0x41, 0x4d,
- 0x0a, 0x70, 0x00,
- 0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c, 0x73, 0xfe, 0x6f, 0x2b, 0xee,
- 0x6c, 0x03, 0x52
+ 0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
+ 0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
+ 0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
+ 0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
};
static mp_limb_t p[P_LIMBS];
@@ -193,6 +193,7 @@ static mp_limb_t d[P_LIMBS];
static mp_size_t scratch_space_length;
+// TODO
static void
decode_bytes (mp_limb_t *number, const uint8_t *bytes)
{
@@ -206,8 +207,7 @@ decode_bytes (mp_limb_t *number, const uint8_t *bytes)
}
-// Erases the number
-
+// TODO
static void
encode_bytes (uint8_t *bytes, mp_limb_t *number)
{
@@ -218,6 +218,9 @@ encode_bytes (uint8_t *bytes, mp_limb_t *number)
}
+/**
+ * Initialize elligator scratch space.
+*/
void __attribute__ ((constructor))
GNUNET_CRYPTO_ecdhe_elligator_initialize ()
{
@@ -268,14 +271,12 @@ GNUNET_CRYPTO_ecdhe_elligator_initialize ()
mpn_sec_powm_itch (P_LIMBS, P_BITS - 1, P_LIMBS),
// For Elligator_2_Curve25519_convert_from_Ed25519
- /*
mpn_sec_sqr_itch (P_LIMBS),
mpn_sec_div_r_itch (P_LIMBS + P_LIMBS, P_LIMBS),
mpn_sec_mul_itch (P_LIMBS, P_LIMBS),
mpn_sec_add_1_itch (P_LIMBS),
mpn_sec_powm_itch (P_LIMBS, P_BITS - 1, P_LIMBS),
mpn_sec_sub_1_itch (P_LIMBS)
- */
};
for (size_t i = 0; i < sizeof scratch_space_lengths
@@ -291,8 +292,14 @@ GNUNET_CRYPTO_ecdhe_elligator_initialize ()
}
-// Returns trash if the number is a quadratic non-residue
-
+/**
+ * Calculates the root of a given number.
+ * Returns trash if the number is a quadratic non-residue.
+ *
+ * @param root storage for calculated root
+ * @param number value for which the root is calculated
+ * @param scratch_space buffer for calculation
+ */
static void
least_square_root (mp_limb_t *root,
const mp_limb_t *number,
@@ -332,10 +339,14 @@ least_square_root (mp_limb_t *root,
bool
-GNUNET_CRYPTO_ecdhe_elligator_inverse_map (uint8_t *representative,
- const uint8_t *point,
- bool high_y)
+GNUNET_CRYPTO_ecdhe_elligator_encoding (
+ struct GNUNET_CRYPTO_ElligatorRepresentative *r,
+ const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
+ bool high_y)
{
+ uint8_t *representative = (uint8_t *) r->r;
+ uint8_t *point = (uint8_t *) pub->q_y;
+
mp_limb_t scratch_space[scratch_space_length];
mp_limb_t a[P_LIMBS + P_LIMBS];
@@ -384,10 +395,21 @@ GNUNET_CRYPTO_ecdhe_elligator_inverse_map (uint8_t *representative,
}
-bool
-GNUNET_CRYPTO_ecdhe_elligator_direct_map (uint8_t *point,
- bool *high_y,
- uint8_t *representative)
+/**
+ * Takes a number of the underlying finite field of Curve25519 and projects it into a valid point on that curve.
+ * This function works deterministically.
+ * This step is also known as elligators "decoding" step.
+ * Taken from https://github.com/Kleshni/Elligator-2/blob/master/main.c.
+ *
+ * @param point storage for calculated point on Curve25519
+ * @param high_y The 'high_y' argument of the corresponding GNUNET_CRYPTO_ecdhe_elligator_encoding call
+ * @param representative Given representative
+ * @return 'false' if extra step during direct map calculation is needed, otherwise 'true'
+ */
+static bool
+elligator_direct_map (uint8_t *point,
+ bool *high_y,
+ uint8_t *representative)
{
mp_limb_t scratch_space[scratch_space_length];
@@ -444,7 +466,7 @@ GNUNET_CRYPTO_ecdhe_elligator_direct_map (uint8_t *point,
}
-bool
+void
GNUNET_CRYPTO_ecdhe_elligator_decoding (
struct GNUNET_CRYPTO_EcdhePublicKey *point,
bool *high_y,
@@ -459,15 +481,25 @@ GNUNET_CRYPTO_ecdhe_elligator_decoding (
high_y_ptr = high_y;
struct GNUNET_CRYPTO_ElligatorRepresentative r_tmp;
- memcpy (&r_tmp, &representative->r, sizeof(r_tmp.r));
+ memcpy (&r_tmp.r, &representative->r, sizeof(r_tmp.r));
r_tmp.r[31] &= 63;
// GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"Print high_y\n");
- return GNUNET_CRYPTO_ecdhe_elligator_direct_map ((uint8_t *) point->q_y,
- high_y_ptr,
- (uint8_t *) r_tmp.r);
+ elligator_direct_map ((uint8_t *) point->q_y,
+ high_y_ptr,
+ (uint8_t *) r_tmp.r);
}
+/**
+ * Takes a number of the underlying finite field of Curve25519 and projects it into a valid point on that curve.
+ * This function works deterministically.
+ * This step is also known as elligators "decoding" step.
+ * Taken from https://github.com/Kleshni/Elligator-2/blob/master/main.c.
+ *
+ * @param point storage for calculated point on Curve25519
+ * @param source Ed25519 curve point
+ * @return 'false' if source is not a valid Ed25519 point. In this case the 'point' array will be undefined but dependend on source.
+ */
static bool
convert_from_ed_to_curve (uint8_t *point,
const uint8_t *source)
@@ -595,12 +627,11 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
sizeof(int8_t));
high_y = random_tweak & 1;
- validKey = GNUNET_CRYPTO_ecdhe_elligator_inverse_map (
- (unsigned char*) &(repr->r),
- (unsigned char*) pub.q_y,
- high_y ?
- GNUNET_YES :
- GNUNET_NO);
+ validKey = GNUNET_CRYPTO_ecdhe_elligator_encoding (repr,
+ &pub,
+ high_y ?
+ GNUNET_YES :
+ GNUNET_NO);
}
// Setting most significant bit and second most significant bit randomly
diff --git a/src/lib/util/test_crypto_elligator.c b/src/lib/util/test_crypto_elligator.c
@@ -7,36 +7,38 @@
// Test vector from https://github.com/Kleshni/Elligator-2/blob/master/test-vectors.c
+// Using Decoding as a wrapper around direct_map
static int
testDirectMap (void)
{
int ok = GNUNET_OK;
uint8_t repr1[32] = {
- 0x17, 0x9f, 0x24, 0x73, 0x0d, 0xed, 0x2c, 0xe3, 0x17, 0x39, 0x08, 0xec,
- 0x61, 0x96, 0x46, 0x53,
- 0xb8, 0x02, 0x7e, 0x38, 0x3f, 0x40, 0x34, 0x6c, 0x1c, 0x9b, 0x4d, 0x2b,
- 0xdb, 0x1d, 0xb7, 0x6c
+ 0x95, 0xa1, 0x60, 0x19, 0x04, 0x1d, 0xbe, 0xfe,
+ 0xd9, 0x83, 0x20, 0x48, 0xed, 0xe1, 0x19, 0x28,
+ 0xd9, 0x03, 0x65, 0xf2, 0x4a, 0x38, 0xaa, 0x7a,
+ 0xef, 0x1b, 0x97, 0xe2, 0x39, 0x54, 0x10, 0x1b
};
uint8_t point1[32] = {
- 0x10, 0x74, 0x54, 0x97, 0xd3, 0x5c, 0x6e, 0xde, 0x6e, 0xa6, 0xb3, 0x30,
- 0x54, 0x6a, 0x6f, 0xcb,
- 0xf1, 0x5c, 0x90, 0x3a, 0x7b, 0xe2, 0x8a, 0xe6, 0x9b, 0x1c, 0xa1, 0x4e,
- 0x0b, 0xf0, 0x9b, 0x60
+ 0x79, 0x4f, 0x05, 0xba, 0x3e, 0x3a, 0x72, 0x95,
+ 0x80, 0x22, 0x46, 0x8c, 0x88, 0x98, 0x1e, 0x0b,
+ 0xe5, 0x78, 0x2b, 0xe1, 0xe1, 0x14, 0x5c, 0xe2,
+ 0xc3, 0xc6, 0xfd, 0xe1, 0x6d, 0xed, 0x53, 0x63
};
- uint8_t pointResult[32];
+ struct GNUNET_CRYPTO_EcdhePublicKey pointResult = {0};
+ struct GNUNET_CRYPTO_ElligatorRepresentative representative = {0};
+ memcpy (&representative.r, &repr1, sizeof(repr1));
+
bool highYResult;
- bool isLeastSqrRoot = GNUNET_CRYPTO_ecdhe_elligator_direct_map (pointResult,
- &highYResult,
- repr1);
- if (isLeastSqrRoot == false)
- {
- ok = GNUNET_OK;
- }
- if (memcmp (point1,pointResult,sizeof(point1)) != 0)
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (
+ &pointResult,
+ &highYResult,
+ &representative);
+
+ if (memcmp (point1, pointResult.q_y, sizeof(point1)) != 0)
{
ok = GNUNET_SYSERR;
}
@@ -51,29 +53,33 @@ testInverseMap (void)
{
int ok = GNUNET_OK;
uint8_t point1[32] = {
- 0x33, 0x95, 0x19, 0x64, 0x00, 0x3c, 0x94, 0x08, 0x78, 0x06, 0x3c, 0xcf,
- 0xd0, 0x34, 0x8a, 0xf4,
- 0x21, 0x50, 0xca, 0x16, 0xd2, 0x64,0x6f, 0x2c, 0x58, 0x56, 0xe8, 0x33, 0x83,
- 0x77, 0xd8, 0x00
+ 0x33, 0x95, 0x19, 0x64, 0x00, 0x3c, 0x94, 0x08,
+ 0x78, 0x06, 0x3c, 0xcf, 0xd0, 0x34, 0x8a, 0xf4,
+ 0x21, 0x50, 0xca, 0x16, 0xd2, 0x64, 0x6f, 0x2c,
+ 0x58, 0x56, 0xe8, 0x33, 0x83, 0x77, 0xd8, 0x00
};
uint8_t repr1[32] = {
- 0x99, 0x9b, 0x59, 0x1b, 0x66, 0x97, 0xd0, 0x74, 0xf2, 0x66, 0x19, 0x22,0x77,
- 0xd5, 0x54, 0xde,
- 0xc3, 0xc2, 0x4c, 0x2e,0xf6, 0x10, 0x81, 0x01, 0xf6, 0x3d, 0x94, 0xf7, 0xff,
- 0xf3, 0xa0, 0x13
+ 0x99, 0x9b, 0x59, 0x1b, 0x66, 0x97, 0xd0, 0x74,
+ 0xf2, 0x66, 0x19, 0x22, 0x77, 0xd5, 0x54, 0xde,
+ 0xc3, 0xc2, 0x4c, 0x2e, 0xf6, 0x10, 0x81, 0x01,
+ 0xf6, 0x3d, 0x94, 0xf7, 0xff, 0xf3, 0xa0, 0x13
};
- uint8_t reprResult1[32];
+ // uint8_t reprResult1[32];
+ struct GNUNET_CRYPTO_ElligatorRepresentative r = {0};
+ struct GNUNET_CRYPTO_EcdhePublicKey pub = {0};
+ memcpy (&pub.q_y,&point1,sizeof(point1));
bool yHigh1 = false;
- bool success = GNUNET_CRYPTO_ecdhe_elligator_inverse_map (reprResult1,
- point1,
- yHigh1);
+
+ bool success = GNUNET_CRYPTO_ecdhe_elligator_encoding (&r,
+ &pub,
+ yHigh1);
if (success == false)
{
ok = GNUNET_SYSERR;
}
- if (memcmp (repr1,reprResult1,sizeof(repr1)) != 0)
+ if (memcmp (&repr1,&r.r,sizeof(repr1)) != 0)
{
ok = GNUNET_SYSERR;
}
@@ -104,11 +110,6 @@ testGeneratePkScalarMult (void)
}
crypto_scalarmult_base (pubPrimeCurve, pk.d);
- // printf ("pubWholeCurve\n");
- // printLittleEndianHex (pubWholeCurve,32);
- // printf ("pubPrimeCurve\n");
- // printLittleEndianHex (pubPrimeCurve,32);
- // TODO: Currently utilizing ecdsa function for ecdhe testing, due to clamping. Clean this part later.
struct GNUNET_CRYPTO_EcdsaPrivateKey clampedPk;
GNUNET_CRYPTO_ecdsa_key_create (&clampedPk);
crypto_scalarmult_base (pubWholeCurve.q_y, clampedPk.d);
@@ -204,14 +205,8 @@ testTimeDecoding (void)
{
fprintf (stderr, "%s", ".");
fflush (stderr);
- if (false ==
- GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, NULL, &repr[i]))
- {
- fprintf (stderr,
- "GNUNET_CRYPTO_ecdhe_elligator_decoding SYSERR\n");
- ok = GNUNET_SYSERR;
- continue;
- }
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, NULL, &repr[i]);
+
}
printf ("%d decoded public keys generated in %s\n",
@@ -253,13 +248,6 @@ elligatorKEM ()
}
-/*
-*More tests to implement:
-* Adding more test vectors from different sources for inverse and direct map
- * check if inverse map rightfully fails for points which are not "encodable"
-*/
-
-
int
main (int argc, char *argv[])
{
