Commit 2bcccebd authored by Michael Hamburg's avatar Michael Hamburg
Browse files

expose mul_by_cofactor_and_encode_like_x, but need to adjust clearing ratios

parent 164342eb
......@@ -409,7 +409,7 @@ decaf_error_t decaf_x25519 (
void decaf_255_point_mul_by_cofactor_and_encode_like_x25519 (
uint8_t out[DECAF_X25519_PUBLIC_BYTES],
const decaf_255_point_t p
);
) DECAF_API_VIS DECAF_NONNULL;
/** The base point for X25519 Diffie-Hellman */
extern const uint8_t decaf_x25519_base_point[DECAF_X25519_PUBLIC_BYTES] DECAF_API_VIS;
......
......@@ -261,6 +261,9 @@ public:
/** Bytes required for EdDSA encoding */
static const size_t EDDSA_BYTES = DECAF_EDDSA_25519_PUBLIC_BYTES;
/** Bytes required for EdDSA encoding */
static const size_t LADDER_BYTES = DECAF_X25519_PUBLIC_BYTES;
/**
* Size of a stegged element.
*
......@@ -364,6 +367,27 @@ public:
return ret;
}
/** Multiply out cofactor and encode like X25519/X448. */
inline SecureBuffer mul_by_cofactor_and_encode_like_ladder() const {
SecureBuffer ret(LADDER_BYTES);
decaf_255_point_mul_by_cofactor_and_encode_like_x25519(ret.data(),p);
return ret;
}
/** Multiply out cofactor and encode like EdDSA. */
inline void mul_by_cofactor_and_encode_like_eddsa(
FixedBuffer<DECAF_EDDSA_25519_PUBLIC_BYTES> &out
) const {
decaf_255_point_mul_by_cofactor_and_encode_like_eddsa(out.data(),p);
}
/** Multiply out cofactor and encode like X25519/X448. */
inline void mul_by_cofactor_and_encode_like_ladder(
FixedBuffer<LADDER_BYTES> &out
) const {
decaf_255_point_mul_by_cofactor_and_encode_like_x25519(out.data(),p);
}
/**
* Map uniformly to the curve from a hash buffer.
* The empty or all-zero string maps to the identity, as does the string "\\x01".
......
......@@ -409,7 +409,7 @@ decaf_error_t decaf_x448 (
void decaf_448_point_mul_by_cofactor_and_encode_like_x448 (
uint8_t out[DECAF_X448_PUBLIC_BYTES],
const decaf_448_point_t p
);
) DECAF_API_VIS DECAF_NONNULL;
/** The base point for X448 Diffie-Hellman */
extern const uint8_t decaf_x448_base_point[DECAF_X448_PUBLIC_BYTES] DECAF_API_VIS;
......
......@@ -261,6 +261,9 @@ public:
/** Bytes required for EdDSA encoding */
static const size_t EDDSA_BYTES = DECAF_EDDSA_448_PUBLIC_BYTES;
/** Bytes required for EdDSA encoding */
static const size_t LADDER_BYTES = DECAF_X448_PUBLIC_BYTES;
/**
* Size of a stegged element.
*
......@@ -364,6 +367,27 @@ public:
return ret;
}
/** Multiply out cofactor and encode like X25519/X448. */
inline SecureBuffer mul_by_cofactor_and_encode_like_ladder() const {
SecureBuffer ret(LADDER_BYTES);
decaf_448_point_mul_by_cofactor_and_encode_like_x448(ret.data(),p);
return ret;
}
/** Multiply out cofactor and encode like EdDSA. */
inline void mul_by_cofactor_and_encode_like_eddsa(
FixedBuffer<DECAF_EDDSA_448_PUBLIC_BYTES> &out
) const {
decaf_448_point_mul_by_cofactor_and_encode_like_eddsa(out.data(),p);
}
/** Multiply out cofactor and encode like X25519/X448. */
inline void mul_by_cofactor_and_encode_like_ladder(
FixedBuffer<LADDER_BYTES> &out
) const {
decaf_448_point_mul_by_cofactor_and_encode_like_x448(out.data(),p);
}
/**
* Map uniformly to the curve from a hash buffer.
* The empty or all-zero string maps to the identity, as does the string "\\x01".
......
......@@ -394,7 +394,7 @@ decaf_error_t decaf_x$(gf_shortname) (
void $(c_ns)_point_mul_by_cofactor_and_encode_like_x$(gf_shortname) (
uint8_t out[DECAF_X$(gf_shortname)_PUBLIC_BYTES],
const $(c_ns)_point_t p
);
) DECAF_API_VIS DECAF_NONNULL;
/** The base point for X$(gf_shortname) Diffie-Hellman */
extern const uint8_t decaf_x$(gf_shortname)_base_point[DECAF_X$(gf_shortname)_PUBLIC_BYTES] DECAF_API_VIS;
......
......@@ -248,6 +248,9 @@ public:
/** Bytes required for EdDSA encoding */
static const size_t EDDSA_BYTES = DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES;
/** Bytes required for EdDSA encoding */
static const size_t LADDER_BYTES = DECAF_X$(gf_shortname)_PUBLIC_BYTES;
/**
* Size of a stegged element.
*
......@@ -351,6 +354,27 @@ public:
return ret;
}
/** Multiply out cofactor and encode like X25519/X448. */
inline SecureBuffer mul_by_cofactor_and_encode_like_ladder() const {
SecureBuffer ret(LADDER_BYTES);
$(c_ns)_point_mul_by_cofactor_and_encode_like_x$(gf_shortname)(ret.data(),p);
return ret;
}
/** Multiply out cofactor and encode like EdDSA. */
inline void mul_by_cofactor_and_encode_like_eddsa(
FixedBuffer<DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES> &out
) const {
$(c_ns)_point_mul_by_cofactor_and_encode_like_eddsa(out.data(),p);
}
/** Multiply out cofactor and encode like X25519/X448. */
inline void mul_by_cofactor_and_encode_like_ladder(
FixedBuffer<LADDER_BYTES> &out
) const {
$(c_ns)_point_mul_by_cofactor_and_encode_like_x$(gf_shortname)(out.data(),p);
}
/**
* Map uniformly to the curve from a hash buffer.
* The empty or all-zero string maps to the identity, as does the string "\\x01".
......
......@@ -69,7 +69,7 @@ void usage() {
fprintf(stderr," -E: Display output as Elligator inverses\n");
fprintf(stderr," -D: Display output in EdDSA format (times clearing ratio)\n");
fprintf(stderr," -R: Display raw xyzt\n");
//fprintf(stderr," -C: Display output in X[25519|448] format\n");
fprintf(stderr," -C: Display output in X[25519|448] format\n");
fprintf(stderr," -H: ... divide by clearing ratio first\n");
fprintf(stderr,"\n");
fprintf(stderr," Ways to create points:\n");
......@@ -98,7 +98,7 @@ public:
typename Group::Point a,b;
typename Group::Scalar s;
bool plus=false, empty=true, elligator=false, mul=false, scalar=false,
scalarempty=true, neg=false, einv=false, like_eddsa=false, decoeff=false, raw=false;
scalarempty=true, neg=false, einv=false, like_eddsa=false, like_x=false, decoeff=false, raw=false;
if (done || error) return;
for (int i=1; i<g_argc && !error; i++) {
bool point = false;
......@@ -117,6 +117,8 @@ public:
raw = true;
} else if (!strcmp(g_argv[i],"-D")) {
like_eddsa = true;
} else if (!strcmp(g_argv[i],"-C")) {
like_x = true;
} else if (!strcmp(g_argv[i],"-H")) {
decoeff = true;
} else if (!strcmp(g_argv[i],"*")) {
......@@ -180,6 +182,10 @@ public:
SecureBuffer b = a.mul_by_cofactor_and_encode_like_eddsa();
printhex(b.data(),b.size());
printf("\n");
} else if (like_x) {
SecureBuffer b = a.mul_by_cofactor_and_encode_like_ladder();
printhex(b.data(),b.size());
printf("\n");
} else {
a.serialize_into(tmp);
printhex(tmp,sizeof(tmp));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment