change 2torque to torque, which is 4torque in ed25519 case

9 years ago · 202ed7fea2
--- a/include/decaf_255.h
+++ b/include/decaf_255.h
@@ -486,7 +486,7 @@ decaf_bool_t decaf_255_point_valid (
 * @param [out] q The point to torque.
 * @param [in] p The point to torque.
 */
 void decaf_255_point_debugging_2torque (
 void decaf_255_point_debugging_torque (
     decaf_255_point_t q,
     const decaf_255_point_t p
 ) API_VIS NONNULL2 NOINLINE;
--- a/include/decaf_255.hxx
+++ b/include/decaf_255.hxx
@@ -580,7 +580,7 @@ public:
    }
    
    inline Point& debugging_torque_in_place() {
        decaf_255_point_debugging_2torque(p,p);
        decaf_255_point_debugging_torque(p,p);
        return *this;
    }
    
--- a/include/decaf_448.h
+++ b/include/decaf_448.h
@@ -486,7 +486,7 @@ decaf_bool_t decaf_448_point_valid (
 * @param [out] q The point to torque.
 * @param [in] p The point to torque.
 */
 void decaf_448_point_debugging_2torque (
 void decaf_448_point_debugging_torque (
     decaf_448_point_t q,
     const decaf_448_point_t p
 ) API_VIS NONNULL2 NOINLINE;
--- a/include/decaf_448.hxx
+++ b/include/decaf_448.hxx
@@ -580,7 +580,7 @@ public:
    }
    
    inline Point& debugging_torque_in_place() {
        decaf_448_point_debugging_2torque(p,p);
        decaf_448_point_debugging_torque(p,p);
        return *this;
    }
    
--- a/src/decaf.c
+++ b/src/decaf.c
@@ -891,7 +891,7 @@ decaf_448_invert_elligator_nonuniform (
    return succ;
 }

 void decaf_448_point_debugging_2torque (
 void decaf_448_point_debugging_torque (
    decaf_448_point_t q,
    const decaf_448_point_t p
 ) {
--- a/src/decaf_fast.c
+++ b/src/decaf_fast.c
@@ -481,7 +481,8 @@ static void deisogenize (
    gf_s *__restrict__ minus_t_over_s,
    const point_t p,
    decaf_bool_t toggle_hibit_s,
    decaf_bool_t toggle_hibit_t_over_s
    decaf_bool_t toggle_hibit_t_over_s,
    decaf_bool_t toggle_rotation
 ) {
    gf c, d, x, t;
    gf_s *b = s, *a = minus_t_over_s;
@@ -514,7 +515,7 @@ static void deisogenize (
         * Pink bike shed: frob = zx * 1/tz
         */
        gf_mul ( a, b, c ); /* this is the case for PinkBikeShed */
        cond_sel ( a, a, SQRT_ONE_MINUS_D, rotate );
        cond_sel ( a, a, SQRT_ONE_MINUS_D, rotate^toggle_rotation );
        gf_sub ( e, ZERO, x );
        cond_sel ( x, p->y, e, rotate );
    }
@@ -534,7 +535,7 @@ static void deisogenize (

 void API_NS(point_encode)( unsigned char ser[SER_BYTES], const point_t p ) {
    gf s, mtos;
    deisogenize(s,mtos,p,0,0);
    deisogenize(s,mtos,p,0,0,0);
    gf_encode ( ser, s );
 }

@@ -1165,7 +1166,7 @@ uint16_t API_NS(point_from_hash_nonuniform) (
    
    assert(API_NS(point_valid)(p));
    
    return (~square & 1) | (sgn_t_over_s & 2) | (sgn_r0 & 4) | (over & 8);
    return (~square & 1) | (sgn_t_over_s & 2) | (sgn_r0 & 4) | (over & 16);
 }

 decaf_bool_t
@@ -1176,9 +1177,10 @@ API_NS(invert_elligator_nonuniform) (
 ) {
    decaf_bool_t sgn_s = -(hint & 1),
        sgn_t_over_s = -(hint>>1 & 1),
        sgn_r0 = -(hint>>2 & 1);
        sgn_r0 = -(hint>>2 & 1),
        sgn_ed_T = -(hint>>3 & 1);
    gf a, b, c, d;
    deisogenize(a,c,p,sgn_s,sgn_t_over_s);
    deisogenize(a,c,p,sgn_s,sgn_t_over_s,sgn_ed_T);
    
    /* ok, a = s; c = -t/s */
    gf_mul(b,c,a);
@@ -1254,14 +1256,23 @@ decaf_bool_t API_NS(point_valid) (
    return out;
 }

 void API_NS(point_debugging_2torque) (
 void API_NS(point_debugging_torque) (
    point_t q,
    const point_t p
 ) {
 #if 0
    gf_sub(q->x,ZERO,p->x);
    gf_sub(q->y,ZERO,p->y);
    gf_cpy(q->z,p->z);
    gf_cpy(q->t,p->t);
 #else
    gf tmp;
    gf_mul(tmp,p->x,SQRT_MINUS_ONE);
    gf_mul(q->x,p->y,SQRT_MINUS_ONE);
    gf_cpy(q->y,tmp);
    gf_cpy(q->z,p->z);
    gf_sub(q->t,ZERO,p->t);
 #endif
 }

 static void gf_batch_invert (
--- a/test/test_decaf.cxx
+++ b/test/test_decaf.cxx
@@ -156,10 +156,10 @@ static void test_elligator() {
    decaf::SpongeRng rng(decaf::Block("test_elligator"));
    Test test("Elligator");
    
    for (int i=0; i<16; i++) {
    for (int i=0; i<32; i++) {
        decaf::SecureBuffer b1(Point::HASH_BYTES);
        Point p = Point::identity();
        if (i>=8) p.debugging_torque_in_place();
        for (int j=0; j<i/8; j++) p.debugging_torque_in_place();
        bool succ = p.invert_elligator(b1,i&7);
        Point q;
        unsigned char hint = q.set_to_hash(b1);
@@ -172,7 +172,7 @@ static void test_elligator() {
        }
    }

    for (int i=0; i<NTESTS && test.passing_now; i++) {
    for (int i=0; i<NTESTS && (i<16 || test.passing_now); i++) {
        size_t len = (i % (2*Point::HASH_BYTES + 3));
        decaf::SecureBuffer b1(len), b2(len);
        rng.read(b1);
@@ -181,7 +181,7 @@ static void test_elligator() {
            memcpy(&b2[Point::HASH_BYTES], &b1[Point::HASH_BYTES], len-Point::HASH_BYTES);
        Point s;
        unsigned char hint = s.set_to_hash(b1);
        if (i&1) s.debugging_torque_in_place();
        for (int j=0; j<(i&3); j++) s.debugging_torque_in_place();
        bool succ = s.invert_elligator(b2,hint);
        if (!succ || memcmp(b1,b2,len)) {
            test.fail();