jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
512 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: a59d1045e4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a59d1045e4'
${ noResults }
ed448goldilocks/test/ristretto.cxx

215 lines
7.9 KiB
Raw Blame History 

  1. /**

  2.  * @file ristretto.cxx

  3.  * @author Mike Hamburg

  4.  *

  5.  * @copyright

  6.  *   Copyright (c) 2015 Cryptography Research, Inc.  \n

  7.  *   Released under the MIT License.  See LICENSE.txt for license information.

  8.  *

  9.  * @brief Ristretto implementation widget

  10.  */

  11. 

  12. #include <decaf.hxx>

  13. #include <stdio.h>

  14. using namespace decaf;

  15. 

  16. static inline int hexi(char c) {

  17.     if (c >= '0' && c <= '9') return c-'0';

  18.     if (c >= 'a' && c <= 'f') return c-'a'+0xa;

  19.     if (c >= 'A' && c <= 'F') return c-'A'+0xa;

  20.     return -1;

  21. }

  22. 

  23. static int parsehex(uint8_t *out, size_t sizeof_out, const char *hex) {

  24.     size_t l = strlen(hex);

  25.     if (l%2 != 0) {

  26.         fprintf(stderr,"String should be hex, but has odd length\n: %s\n", hex);

  27.         return -1;

  28.     } else if (l/2 > sizeof_out) {

  29.         fprintf(stderr,"Argument is too long: %s\n", hex);

  30.         return -1;

  31.     }

  32.     

  33.     memset(out,0,sizeof_out);

  34.     int ret1,ret2;

  35.     for (size_t i=0; i<l/2; i++) {

  36.         if (   (ret1 = hexi(hex[2*i  ])) < 0

  37.         || (ret2 = hexi(hex[2*i+1])) < 0) {

  38.             fprintf(stderr,"Invalid hex %s\n",hex);

  39.             return -1;

  40.         }

  41.         out[i] = ret1*16+ret2;

  42.     }

  43.     return 0;

  44. }

  45. 

  46. static void printhex(const uint8_t *in, size_t sizeof_in) {

  47.     for (; sizeof_in > 0; in++,sizeof_in--) {

  48.         printf("%02x",*in);

  49.     }

  50. }

  51. 

  52. 

  53. static int g_argc = 0;

  54. static char **g_argv = NULL;

  55. static int error = 0;

  56. static int done = 0;

  57. 

  58. static void usage() {

  59.     const char *me=g_argv[0];

  60.     if (!me) me = "ristretto";

  61.     for (unsigned i=0; g_argv[0][i]; i++) {

  62.         if (g_argv[0][i] == '/' && g_argv[0][i+1] != 0 && g_argv[0][i+1] != '/') {

  63.             me = &g_argv[0][i];

  64.         }

  65.     }

  66.     

  67.     fprintf(stderr,"Usage: %s [points] [operations] ...\n", me);

  68.     fprintf(stderr,"  -b 255|448: Set which group to use (sometimes inferred from lengths)\n");

  69.     fprintf(stderr,"  -E: Display output as Elligator inverses\n");

  70.     fprintf(stderr,"  -D: Display output in EdDSA format (times clearing ratio)\n");

  71.     fprintf(stderr,"  -R: Display raw xyzt\n");

  72.     fprintf(stderr,"  -C: Display output in X[25519|448] format\n");

  73.     fprintf(stderr,"  -H: ... divide by encoding ratio first\n");

  74.     fprintf(stderr,"\n");

  75.     fprintf(stderr,"  Ways to create points:\n");

  76.     fprintf(stderr,"    [hex]: Point from point data as hex\n");

  77.     fprintf(stderr,"    -e [hex]: Create point by hashing to curve using elligator\n");

  78.     fprintf(stderr,"    base: Base point of curve\n");

  79.     fprintf(stderr,"    identity: Identity point of curve\n");

  80.     fprintf(stderr,"\n");

  81.     fprintf(stderr,"  Operations:\n");

  82.     fprintf(stderr,"    -n [point]: negative of point\n");

  83.     fprintf(stderr,"    -s [scalar] * [point]: Hash to curve using elligator\n");

  84.     fprintf(stderr,"    [point] + [point]: Add two points\n");

  85.     fprintf(stderr,"\n");

  86.     fprintf(stderr,"  NB: this is a debugging widget.  It doesn't yet have order of operations.\n");

  87.     fprintf(stderr,"  *** DON'T USE THIS UTILITY FOR ACTUAL CRYPTO! ***\n");

  88.     fprintf(stderr,"  It's only for debugging!\n");

  89.     fprintf(stderr,"\n");

  90.     

  91.     exit(-2);

  92. }

  93. 

  94. template<typename Group> class Run {

  95. public:

  96.     static void run() {

  97.         uint8_t tmp[Group::Point::SER_BYTES];

  98.         typename Group::Point a,b;

  99.         typename Group::Scalar s;

  100.         bool plus=false, empty=true, elligator=false, mul=false, scalar=false, div=false, torque=false,

  101.             scalarempty=true, neg=false, einv=false, like_eddsa=false, like_x=false, decoeff=false, raw=false;

  102.         if (done || error) return;

  103.         for (int i=1; i<g_argc && !error; i++) {

  104.             bool point = false;

  105.             

  106.             if (!strcmp(g_argv[i],"-b") && ++i<g_argc) {

  107.                 if (atoi(g_argv[i]) == Group::bits()) continue;

  108.                 else return;

  109.             } else if (!strcmp(g_argv[i],"+")) {

  110.                 if (elligator || scalar || empty) usage();

  111.                 plus = true;

  112.             } else if (!strcmp(g_argv[i],"-n")) {

  113.                 neg = !neg;

  114.             } else if (!strcmp(g_argv[i],"-E")) {

  115.                 einv = true;

  116.             } else if (!strcmp(g_argv[i],"-R")) {

  117.                 raw = true;

  118.             } else if (!strcmp(g_argv[i],"-D")) {

  119.                 like_eddsa = true;

  120.             } else if (!strcmp(g_argv[i],"-C")) {

  121.                 like_x = true;

  122.             } else if (!strcmp(g_argv[i],"-H")) {

  123.                 decoeff = true;

  124.             } else if (!strcmp(g_argv[i],"-T")) {

  125.                 torque = true;

  126.             } else if (!strcmp(g_argv[i],"*")) {

  127.                 if (elligator || scalar || scalarempty || div) usage();

  128.                 mul = true;

  129.             } else if (!strcmp(g_argv[i],"/")) {

  130.                 if (elligator || scalar || scalarempty || mul) usage();

  131.                 div = true;

  132.             } else if (!strcmp(g_argv[i],"-s")) {

  133.                 if (elligator || scalar || !scalarempty) usage();

  134.                 scalar = true;

  135.             } else if (!strcmp(g_argv[i],"-e")) {

  136.                 if (elligator || scalar) usage();

  137.                 elligator = true;

  138.             } else if (!strcmp(g_argv[i],"base")) {

  139.                 if (elligator || scalar) usage();

  140.                 b = b.base();

  141.                 point = true;

  142.             } else if (!strcmp(g_argv[i],"identity")) {

  143.                 if (elligator || scalar) usage();

  144.                 b = b.identity();

  145.                 point = true;

  146.             } else if ((strlen(g_argv[i]) == 2*sizeof(tmp)

  147.                     || ((scalar || elligator) && strlen(g_argv[i]) <= 2*sizeof(tmp)))

  148.                         && !(error=parsehex(tmp,sizeof(tmp),g_argv[i]))) {

  149.                 if (scalar) {

  150.                     s = Block(tmp,sizeof(tmp)); scalar=false; scalarempty=false;

  151.                 } else if (elligator) {

  152.                     point = true;

  153.                     b.set_to_hash(Block(tmp,sizeof(tmp))); elligator=false;

  154.                 } else if (DECAF_SUCCESS != b.decode(Block(tmp,sizeof(tmp)))) {

  155.                     fprintf(stderr,"Error: %s isn't in the group\n",g_argv[i]);

  156.                     error = -1;

  157.                 } else {

  158.                     point = true;

  159.                 }

  160.             } else if (error || !empty) usage();

  161. 

  162.             if (point) {

  163.                 if (neg) { b = -b; neg = false; }

  164.                 if (div) { b /= s; div=false; }

  165.                 if (torque) { b = b.debugging_torque(); torque=false; }

  166.                 if (mul) { b *= s; mul=false; }

  167.                 if (empty) { a = b; empty=false; }

  168.                 else if (plus) { a += b; plus=false; }

  169.                 else usage();

  170.             }

  171.         }

  172.         

  173.         if (!error && !empty) {

  174.             if (einv) {

  175.                 uint8_t buffer[Group::Point::HASH_BYTES];

  176.                 for (int h=0; h<1<<Group::Point::INVERT_ELLIGATOR_WHICH_BITS; h++) {

  177.                     if (DECAF_SUCCESS == a.invert_elligator(

  178.                         Buffer(buffer,sizeof(buffer)), h

  179.                     )) {

  180.                         printhex(buffer,sizeof(buffer));

  181.                         printf("\n");

  182.                     }

  183.                 }

  184.             } else if (raw) {

  185.                 printhex((const uint8_t *)&a, sizeof(a));

  186.                 printf("\n");

  187.             } else if (like_eddsa) {

  188.                 if (decoeff) a /= (Group::Point::EDDSA_ENCODE_RATIO);

  189.                 SecureBuffer b = a.mul_by_ratio_and_encode_like_eddsa();

  190.                 printhex(b.data(),b.size());

  191.                 printf("\n");

  192.             } else if (like_x) {

  193.                 if (decoeff) a /= (Group::Point::LADDER_ENCODE_RATIO);

  194.                 SecureBuffer b = a.mul_by_ratio_and_encode_like_ladder();

  195.                 printhex(b.data(),b.size());

  196.                 printf("\n");

  197.             } else {

  198.                 a.serialize_into(tmp);

  199.                 printhex(tmp,sizeof(tmp));

  200.                 printf("\n");

  201.             }

  202.             done = true;

  203.         }

  204.         

  205.     }

  206. };

  207. 

  208. int main(int argc, char **argv) {

  209.     g_argc = argc;

  210.     g_argv = argv;

  211.     run_for_all_curves<Run>();

  212.     if (!done) usage();

  213.     return (error<0) ? -error : error;

  214. }