From 2bcccebd8d44d6efb044dcdc729a6a697a529e0f Mon Sep 17 00:00:00 2001 From: Michael Hamburg Date: Sat, 7 Oct 2017 19:14:20 -0700 Subject: [PATCH] expose mul_by_cofactor_and_encode_like_x, but need to adjust clearing ratios --- src/GENERATED/include/decaf/point_255.h | 2 +- src/GENERATED/include/decaf/point_255.hxx | 24 +++++++++++++++++++++++ src/GENERATED/include/decaf/point_448.h | 2 +- src/GENERATED/include/decaf/point_448.hxx | 24 +++++++++++++++++++++++ src/per_curve/point.tmpl.h | 2 +- src/per_curve/point.tmpl.hxx | 24 +++++++++++++++++++++++ test/ristretto.cxx | 10 ++++++++-- 7 files changed, 83 insertions(+), 5 deletions(-) diff --git a/src/GENERATED/include/decaf/point_255.h b/src/GENERATED/include/decaf/point_255.h index 79ba778..7dfb44f 100644 --- a/src/GENERATED/include/decaf/point_255.h +++ b/src/GENERATED/include/decaf/point_255.h @@ -409,7 +409,7 @@ decaf_error_t decaf_x25519 ( void decaf_255_point_mul_by_cofactor_and_encode_like_x25519 ( uint8_t out[DECAF_X25519_PUBLIC_BYTES], const decaf_255_point_t p -); +) DECAF_API_VIS DECAF_NONNULL; /** The base point for X25519 Diffie-Hellman */ extern const uint8_t decaf_x25519_base_point[DECAF_X25519_PUBLIC_BYTES] DECAF_API_VIS; diff --git a/src/GENERATED/include/decaf/point_255.hxx b/src/GENERATED/include/decaf/point_255.hxx index 63c0cf8..f3af7bc 100644 --- a/src/GENERATED/include/decaf/point_255.hxx +++ b/src/GENERATED/include/decaf/point_255.hxx @@ -261,6 +261,9 @@ public: /** Bytes required for EdDSA encoding */ static const size_t EDDSA_BYTES = DECAF_EDDSA_25519_PUBLIC_BYTES; + /** Bytes required for EdDSA encoding */ + static const size_t LADDER_BYTES = DECAF_X25519_PUBLIC_BYTES; + /** * Size of a stegged element. * @@ -364,6 +367,27 @@ public: return ret; } + /** Multiply out cofactor and encode like X25519/X448. */ + inline SecureBuffer mul_by_cofactor_and_encode_like_ladder() const { + SecureBuffer ret(LADDER_BYTES); + decaf_255_point_mul_by_cofactor_and_encode_like_x25519(ret.data(),p); + return ret; + } + + /** Multiply out cofactor and encode like EdDSA. */ + inline void mul_by_cofactor_and_encode_like_eddsa( + FixedBuffer &out + ) const { + decaf_255_point_mul_by_cofactor_and_encode_like_eddsa(out.data(),p); + } + + /** Multiply out cofactor and encode like X25519/X448. */ + inline void mul_by_cofactor_and_encode_like_ladder( + FixedBuffer &out + ) const { + decaf_255_point_mul_by_cofactor_and_encode_like_x25519(out.data(),p); + } + /** * Map uniformly to the curve from a hash buffer. * The empty or all-zero string maps to the identity, as does the string "\\x01". diff --git a/src/GENERATED/include/decaf/point_448.h b/src/GENERATED/include/decaf/point_448.h index 35c83dd..084eaf3 100644 --- a/src/GENERATED/include/decaf/point_448.h +++ b/src/GENERATED/include/decaf/point_448.h @@ -409,7 +409,7 @@ decaf_error_t decaf_x448 ( void decaf_448_point_mul_by_cofactor_and_encode_like_x448 ( uint8_t out[DECAF_X448_PUBLIC_BYTES], const decaf_448_point_t p -); +) DECAF_API_VIS DECAF_NONNULL; /** The base point for X448 Diffie-Hellman */ extern const uint8_t decaf_x448_base_point[DECAF_X448_PUBLIC_BYTES] DECAF_API_VIS; diff --git a/src/GENERATED/include/decaf/point_448.hxx b/src/GENERATED/include/decaf/point_448.hxx index 7ffd0f3..22716f8 100644 --- a/src/GENERATED/include/decaf/point_448.hxx +++ b/src/GENERATED/include/decaf/point_448.hxx @@ -261,6 +261,9 @@ public: /** Bytes required for EdDSA encoding */ static const size_t EDDSA_BYTES = DECAF_EDDSA_448_PUBLIC_BYTES; + /** Bytes required for EdDSA encoding */ + static const size_t LADDER_BYTES = DECAF_X448_PUBLIC_BYTES; + /** * Size of a stegged element. * @@ -364,6 +367,27 @@ public: return ret; } + /** Multiply out cofactor and encode like X25519/X448. */ + inline SecureBuffer mul_by_cofactor_and_encode_like_ladder() const { + SecureBuffer ret(LADDER_BYTES); + decaf_448_point_mul_by_cofactor_and_encode_like_x448(ret.data(),p); + return ret; + } + + /** Multiply out cofactor and encode like EdDSA. */ + inline void mul_by_cofactor_and_encode_like_eddsa( + FixedBuffer &out + ) const { + decaf_448_point_mul_by_cofactor_and_encode_like_eddsa(out.data(),p); + } + + /** Multiply out cofactor and encode like X25519/X448. */ + inline void mul_by_cofactor_and_encode_like_ladder( + FixedBuffer &out + ) const { + decaf_448_point_mul_by_cofactor_and_encode_like_x448(out.data(),p); + } + /** * Map uniformly to the curve from a hash buffer. * The empty or all-zero string maps to the identity, as does the string "\\x01". diff --git a/src/per_curve/point.tmpl.h b/src/per_curve/point.tmpl.h index c0565f2..9744b2b 100644 --- a/src/per_curve/point.tmpl.h +++ b/src/per_curve/point.tmpl.h @@ -394,7 +394,7 @@ decaf_error_t decaf_x$(gf_shortname) ( void $(c_ns)_point_mul_by_cofactor_and_encode_like_x$(gf_shortname) ( uint8_t out[DECAF_X$(gf_shortname)_PUBLIC_BYTES], const $(c_ns)_point_t p -); +) DECAF_API_VIS DECAF_NONNULL; /** The base point for X$(gf_shortname) Diffie-Hellman */ extern const uint8_t decaf_x$(gf_shortname)_base_point[DECAF_X$(gf_shortname)_PUBLIC_BYTES] DECAF_API_VIS; diff --git a/src/per_curve/point.tmpl.hxx b/src/per_curve/point.tmpl.hxx index 850f400..0489e8c 100644 --- a/src/per_curve/point.tmpl.hxx +++ b/src/per_curve/point.tmpl.hxx @@ -248,6 +248,9 @@ public: /** Bytes required for EdDSA encoding */ static const size_t EDDSA_BYTES = DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES; + /** Bytes required for EdDSA encoding */ + static const size_t LADDER_BYTES = DECAF_X$(gf_shortname)_PUBLIC_BYTES; + /** * Size of a stegged element. * @@ -351,6 +354,27 @@ public: return ret; } + /** Multiply out cofactor and encode like X25519/X448. */ + inline SecureBuffer mul_by_cofactor_and_encode_like_ladder() const { + SecureBuffer ret(LADDER_BYTES); + $(c_ns)_point_mul_by_cofactor_and_encode_like_x$(gf_shortname)(ret.data(),p); + return ret; + } + + /** Multiply out cofactor and encode like EdDSA. */ + inline void mul_by_cofactor_and_encode_like_eddsa( + FixedBuffer &out + ) const { + $(c_ns)_point_mul_by_cofactor_and_encode_like_eddsa(out.data(),p); + } + + /** Multiply out cofactor and encode like X25519/X448. */ + inline void mul_by_cofactor_and_encode_like_ladder( + FixedBuffer &out + ) const { + $(c_ns)_point_mul_by_cofactor_and_encode_like_x$(gf_shortname)(out.data(),p); + } + /** * Map uniformly to the curve from a hash buffer. * The empty or all-zero string maps to the identity, as does the string "\\x01". diff --git a/test/ristretto.cxx b/test/ristretto.cxx index b4482b8..ad480c2 100644 --- a/test/ristretto.cxx +++ b/test/ristretto.cxx @@ -69,7 +69,7 @@ void usage() { fprintf(stderr," -E: Display output as Elligator inverses\n"); fprintf(stderr," -D: Display output in EdDSA format (times clearing ratio)\n"); fprintf(stderr," -R: Display raw xyzt\n"); - //fprintf(stderr," -C: Display output in X[25519|448] format\n"); + fprintf(stderr," -C: Display output in X[25519|448] format\n"); fprintf(stderr," -H: ... divide by clearing ratio first\n"); fprintf(stderr,"\n"); fprintf(stderr," Ways to create points:\n"); @@ -98,7 +98,7 @@ public: typename Group::Point a,b; typename Group::Scalar s; bool plus=false, empty=true, elligator=false, mul=false, scalar=false, - scalarempty=true, neg=false, einv=false, like_eddsa=false, decoeff=false, raw=false; + scalarempty=true, neg=false, einv=false, like_eddsa=false, like_x=false, decoeff=false, raw=false; if (done || error) return; for (int i=1; i