expose mul_by_cofactor_and_encode_like_x, but need to adjust clearing ratios

src/GENERATED/include/decaf/point_255.h

@@ -409,7 +409,7 @@ decaf_error_t decaf_x25519 (
 void decaf_255_point_mul_by_cofactor_and_encode_like_x25519 (
     uint8_t out[DECAF_X25519_PUBLIC_BYTES],
     const decaf_255_point_t p
-);
+) DECAF_API_VIS DECAF_NONNULL;
 
 /** The base point for X25519 Diffie-Hellman */
 extern const uint8_t decaf_x25519_base_point[DECAF_X25519_PUBLIC_BYTES] DECAF_API_VIS;

src/GENERATED/include/decaf/point_255.hxx

@@ -261,6 +261,9 @@ public:
     /** Bytes required for EdDSA encoding */
     static const size_t EDDSA_BYTES = DECAF_EDDSA_25519_PUBLIC_BYTES;
 
+    /** Bytes required for EdDSA encoding */
+    static const size_t LADDER_BYTES = DECAF_X25519_PUBLIC_BYTES;
+
     /**
      * Size of a stegged element.
      * 
@@ -364,6 +367,27 @@ public:
         return ret;
     }
 
+    /** Multiply out cofactor and encode like X25519/X448. */
+    inline SecureBuffer mul_by_cofactor_and_encode_like_ladder() const {
+        SecureBuffer ret(LADDER_BYTES);
+        decaf_255_point_mul_by_cofactor_and_encode_like_x25519(ret.data(),p);
+        return ret;
+    }
+
+    /** Multiply out cofactor and encode like EdDSA. */
+    inline void mul_by_cofactor_and_encode_like_eddsa(
+        FixedBuffer<DECAF_EDDSA_25519_PUBLIC_BYTES> &out
+    ) const {
+        decaf_255_point_mul_by_cofactor_and_encode_like_eddsa(out.data(),p);
+    }
+
+    /** Multiply out cofactor and encode like X25519/X448. */
+    inline void mul_by_cofactor_and_encode_like_ladder(
+        FixedBuffer<LADDER_BYTES> &out
+    ) const {
+        decaf_255_point_mul_by_cofactor_and_encode_like_x25519(out.data(),p);
+    }
+
     /**
      * Map uniformly to the curve from a hash buffer.
      * The empty or all-zero string maps to the identity, as does the string "\\x01".

src/GENERATED/include/decaf/point_448.h

@@ -409,7 +409,7 @@ decaf_error_t decaf_x448 (
 void decaf_448_point_mul_by_cofactor_and_encode_like_x448 (
     uint8_t out[DECAF_X448_PUBLIC_BYTES],
     const decaf_448_point_t p
-);
+) DECAF_API_VIS DECAF_NONNULL;
 
 /** The base point for X448 Diffie-Hellman */
 extern const uint8_t decaf_x448_base_point[DECAF_X448_PUBLIC_BYTES] DECAF_API_VIS;

src/GENERATED/include/decaf/point_448.hxx

@@ -261,6 +261,9 @@ public:
     /** Bytes required for EdDSA encoding */
     static const size_t EDDSA_BYTES = DECAF_EDDSA_448_PUBLIC_BYTES;
 
+    /** Bytes required for EdDSA encoding */
+    static const size_t LADDER_BYTES = DECAF_X448_PUBLIC_BYTES;
+
     /**
      * Size of a stegged element.
      * 
@@ -364,6 +367,27 @@ public:
         return ret;
     }
 
+    /** Multiply out cofactor and encode like X25519/X448. */
+    inline SecureBuffer mul_by_cofactor_and_encode_like_ladder() const {
+        SecureBuffer ret(LADDER_BYTES);
+        decaf_448_point_mul_by_cofactor_and_encode_like_x448(ret.data(),p);
+        return ret;
+    }
+
+    /** Multiply out cofactor and encode like EdDSA. */
+    inline void mul_by_cofactor_and_encode_like_eddsa(
+        FixedBuffer<DECAF_EDDSA_448_PUBLIC_BYTES> &out
+    ) const {
+        decaf_448_point_mul_by_cofactor_and_encode_like_eddsa(out.data(),p);
+    }
+
+    /** Multiply out cofactor and encode like X25519/X448. */
+    inline void mul_by_cofactor_and_encode_like_ladder(
+        FixedBuffer<LADDER_BYTES> &out
+    ) const {
+        decaf_448_point_mul_by_cofactor_and_encode_like_x448(out.data(),p);
+    }
+
     /**
      * Map uniformly to the curve from a hash buffer.
      * The empty or all-zero string maps to the identity, as does the string "\\x01".

src/per_curve/point.tmpl.h

@@ -394,7 +394,7 @@ decaf_error_t decaf_x$(gf_shortname) (
 void $(c_ns)_point_mul_by_cofactor_and_encode_like_x$(gf_shortname) (
     uint8_t out[DECAF_X$(gf_shortname)_PUBLIC_BYTES],
     const $(c_ns)_point_t p
-);
+) DECAF_API_VIS DECAF_NONNULL;
 
 /** The base point for X$(gf_shortname) Diffie-Hellman */
 extern const uint8_t decaf_x$(gf_shortname)_base_point[DECAF_X$(gf_shortname)_PUBLIC_BYTES] DECAF_API_VIS;

src/per_curve/point.tmpl.hxx

@@ -248,6 +248,9 @@ public:
     /** Bytes required for EdDSA encoding */
     static const size_t EDDSA_BYTES = DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES;
 
+    /** Bytes required for EdDSA encoding */
+    static const size_t LADDER_BYTES = DECAF_X$(gf_shortname)_PUBLIC_BYTES;
+
     /**
      * Size of a stegged element.
      * 
@@ -351,6 +354,27 @@ public:
         return ret;
     }
 
+    /** Multiply out cofactor and encode like X25519/X448. */
+    inline SecureBuffer mul_by_cofactor_and_encode_like_ladder() const {
+        SecureBuffer ret(LADDER_BYTES);
+        $(c_ns)_point_mul_by_cofactor_and_encode_like_x$(gf_shortname)(ret.data(),p);
+        return ret;
+    }
+
+    /** Multiply out cofactor and encode like EdDSA. */
+    inline void mul_by_cofactor_and_encode_like_eddsa(
+        FixedBuffer<DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES> &out
+    ) const {
+        $(c_ns)_point_mul_by_cofactor_and_encode_like_eddsa(out.data(),p);
+    }
+
+    /** Multiply out cofactor and encode like X25519/X448. */
+    inline void mul_by_cofactor_and_encode_like_ladder(
+        FixedBuffer<LADDER_BYTES> &out
+    ) const {
+        $(c_ns)_point_mul_by_cofactor_and_encode_like_x$(gf_shortname)(out.data(),p);
+    }
+
     /**
      * Map uniformly to the curve from a hash buffer.
      * The empty or all-zero string maps to the identity, as does the string "\\x01".

test/ristretto.cxx

@@ -69,7 +69,7 @@ void usage() {
     fprintf(stderr,"  -E: Display output as Elligator inverses\n");
     fprintf(stderr,"  -D: Display output in EdDSA format (times clearing ratio)\n");
     fprintf(stderr,"  -R: Display raw xyzt\n");
-    //fprintf(stderr,"  -C: Display output in X[25519|448] format\n");
+    fprintf(stderr,"  -C: Display output in X[25519|448] format\n");
     fprintf(stderr,"  -H: ... divide by clearing ratio first\n");
     fprintf(stderr,"\n");
     fprintf(stderr,"  Ways to create points:\n");
@@ -98,7 +98,7 @@ public:
         typename Group::Point a,b;
         typename Group::Scalar s;
         bool plus=false, empty=true, elligator=false, mul=false, scalar=false,
-            scalarempty=true, neg=false, einv=false, like_eddsa=false, decoeff=false, raw=false;
+            scalarempty=true, neg=false, einv=false, like_eddsa=false, like_x=false, decoeff=false, raw=false;
         if (done || error) return;
         for (int i=1; i<g_argc && !error; i++) {
             bool point = false;
@@ -117,6 +117,8 @@ public:
                 raw = true;
             } else if (!strcmp(g_argv[i],"-D")) {
                 like_eddsa = true;
+            } else if (!strcmp(g_argv[i],"-C")) {
+                like_x = true;
             } else if (!strcmp(g_argv[i],"-H")) {
                 decoeff = true;
             } else if (!strcmp(g_argv[i],"*")) {
@@ -180,6 +182,10 @@ public:
                 SecureBuffer b = a.mul_by_cofactor_and_encode_like_eddsa();
                 printhex(b.data(),b.size());
                 printf("\n");
+            } else if (like_x) {
+                SecureBuffer b = a.mul_by_cofactor_and_encode_like_ladder();
+                printhex(b.data(),b.size());
+                printf("\n");
             } else {
                 a.serialize_into(tmp);
                 printhex(tmp,sizeof(tmp));