[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 01/04: elligator: code cleanup
From: |
gnunet |
Subject: |
[gnunet] 01/04: elligator: code cleanup |
Date: |
Wed, 06 Mar 2024 11:32:52 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit ae50b256e873150251d9a621715e55809457579d
Author: Pedram Fardzadeh <p.fardzadeh@protonmail.com>
AuthorDate: Mon Mar 4 00:15:15 2024 +0100
elligator: code cleanup
---
src/include/gnunet_crypto_lib.h | 93 ++++++++++++++--------------
src/lib/util/crypto_elligator.c | 113 ++++++-----------------------------
src/lib/util/test_crypto_elligator.c | 52 ++--------------
3 files changed, 69 insertions(+), 189 deletions(-)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 4580f795d..7b7d559cc 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -973,7 +973,7 @@ GNUNET_CRYPTO_hash_from_string2 (const char *enc,
* @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong
encoding
*/
#define GNUNET_CRYPTO_hash_from_string(enc, result) \
- GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
+ GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
/**
@@ -2215,15 +2215,15 @@ GNUNET_CRYPTO_eddsa_sign_ (
* @param[out] sig where to write the signature
*/
#define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \
- /* check size is set correctly */ \
- GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \
- /* check 'ps' begins with the purpose */ \
- GNUNET_static_assert (((void*) (ps)) == \
- ((void*) &(ps)->purpose)); \
- GNUNET_assert (GNUNET_OK == \
- GNUNET_CRYPTO_eddsa_sign_ (priv, \
- &(ps)->purpose, \
- sig)); \
+ /* check size is set correctly */ \
+ GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_assert (GNUNET_OK == \
+ GNUNET_CRYPTO_eddsa_sign_ (priv, \
+ &(ps)->purpose, \
+ sig)); \
} while (0)
@@ -2277,15 +2277,15 @@ GNUNET_CRYPTO_eddsa_sign_raw (
* @param[out] sig where to write the signature
*/
#define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \
- /* check size is set correctly */ \
- GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
- /* check 'ps' begins with the purpose */ \
- GNUNET_static_assert (((void*) (ps)) == \
- ((void*) &(ps)->purpose)); \
- GNUNET_assert (GNUNET_OK == \
- GNUNET_CRYPTO_ecdsa_sign_ (priv, \
- &(ps)->purpose, \
- sig)); \
+ /* check size is set correctly */ \
+ GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_assert (GNUNET_OK == \
+ GNUNET_CRYPTO_ecdsa_sign_ (priv, \
+ &(ps)->purpose, \
+ sig)); \
} while (0)
/**
@@ -2324,15 +2324,15 @@ GNUNET_CRYPTO_edx25519_sign_ (
* @param[out] sig where to write the signature
*/
#define GNUNET_CRYPTO_edx25519_sign(priv,ps,sig) do { \
- /* check size is set correctly */ \
- GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
- /* check 'ps' begins with the purpose */ \
- GNUNET_static_assert (((void*) (ps)) == \
- ((void*) &(ps)->purpose)); \
- GNUNET_assert (GNUNET_OK == \
- GNUNET_CRYPTO_edx25519_sign_ (priv, \
- &(ps)->purpose, \
- sig)); \
+ /* check size is set correctly */ \
+ GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_assert (GNUNET_OK == \
+ GNUNET_CRYPTO_edx25519_sign_ (priv, \
+ &(ps)->purpose, \
+ sig)); \
} while (0)
@@ -2686,7 +2686,7 @@ GNUNET_CRYPTO_ecdhe_elligator_direct_map (uint8_t *point,
bool *high_y,
*
* @param serialized_representative serialized version of an element of
Curves25519's finite field
* @param point destination for the calculated point on the curve
- * @param high_y destination set to "True" if corresponding y-coordinate is >
2 ^ 254 - 10
+ * @param high_y value pointed to will be set to true if corresponding
y-coordinate is > 2 ^ 254 - 10, otherwise 0. Can be set to NULL if not needed.
*/
bool
GNUNET_CRYPTO_ecdhe_elligator_decoding (struct
@@ -2726,13 +2726,13 @@ GNUNET_CRYPTO_ecdhe_elligator_initialize (void);
* @param pk private key for generating valid public key
*/
int
-GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (unsigned char
- pub[
-
crypto_scalarmult_SCALARBYTES
- ],
- struct
-
GNUNET_CRYPTO_EcdhePrivateKey
- *pk);
+ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (unsigned char
+ pub[
+
crypto_scalarmult_SCALARBYTES
+ ],
+ struct
+
GNUNET_CRYPTO_EcdhePrivateKey
+ *pk);
/**
@@ -2741,9 +2741,8 @@ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key
(unsigned char
*
* @param repr representative of the public key
* @param pk Curve25519 private key
- * @return GNUNET_OK if creation successful
*/
-enum GNUNET_GenericReturnValue
+void
GNUNET_CRYPTO_ecdhe_elligator_key_create (
struct GNUNET_CRYPTO_ElligatorRepresentative *repr,
struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
@@ -4232,15 +4231,15 @@ GNUNET_CRYPTO_sign_raw_ (
* @param[out] sig where to write the signature
*/
#define GNUNET_CRYPTO_sign(priv,ps,sig) do { \
- /* check size is set correctly */
\
- GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));
\
- /* check 'ps' begins with the purpose */
\
- GNUNET_static_assert (((void*) (ps)) ==
\
- ((void*) &(ps)->purpose));
\
- GNUNET_assert (GNUNET_OK ==
\
- GNUNET_CRYPTO_sign_ (priv, \
- &(ps)->purpose, \
- sig)); \
+ /* check size is set correctly */ \
+ GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_assert (GNUNET_OK == \
+ GNUNET_CRYPTO_sign_ (priv, \
+ &(ps)->purpose, \
+ sig)); \
} while (0)
diff --git a/src/lib/util/crypto_elligator.c b/src/lib/util/crypto_elligator.c
index e512696a7..7ff37be46 100644
--- a/src/lib/util/crypto_elligator.c
+++ b/src/lib/util/crypto_elligator.c
@@ -451,9 +451,18 @@ GNUNET_CRYPTO_ecdhe_elligator_decoding (struct
GNUNET_CRYPTO_ElligatorRepresentative *
representative)
{
+ // if sign of direct map transformation not needed whether throw it away
+ bool high_y_local;
+ bool *high_y_ptr;
+ if (NULL == high_y)
+ high_y_ptr = &high_y_local;
+ else
+ high_y_ptr = high_y;
+
representative->r[31] &= 63;
+ // GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"Print high_y\n");
return GNUNET_CRYPTO_ecdhe_elligator_direct_map ((uint8_t *) point->q_y,
- high_y,
+ high_y_ptr,
(uint8_t *)
representative->r);
}
@@ -536,10 +545,9 @@ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key
(unsigned char
*pk)
{
// eHigh
- // Note crypto_scalarmult_ed25519_base clamps the scalar (here pk->d). TODO:
test this
- // TODO: if pk-d is zero cryto_scalarmult... return -1, otherwise 0. Problem
if 0? Unlikely anyway
+ // crypto_scalarmult_ed25519_base clamps the scalar pk->d and return only 0
if pk->d is zero
unsigned char eHigh[crypto_scalarmult_SCALARBYTES] = {0};
- crypto_scalarmult_ed25519_base (eHigh, pk->d);
+ GNUNET_assert (0 == crypto_scalarmult_ed25519_base (eHigh, pk->d));
// eLow: choose a random point of low order
int sLow = (pk->d)[0] % 8;
@@ -553,13 +561,6 @@ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key
(unsigned char
return GNUNET_SYSERR;
}
- // Convert point in Ed25519 to Montgomery point
- // TODO: libsodium convert function doesn't work. Figure out why. Maybe
because we work on the whole curve rather than the prime subgroup.
- /*if (crypto_sign_ed25519_pk_to_curve25519 (pub, edPub) == -1)
- {
- return -1;
- }*/
-
if (Elligator_2_Curve25519_convert_from_Ed25519 (pub, edPub) == false)
{
return GNUNET_SYSERR;
@@ -568,86 +569,7 @@ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key
(unsigned char
}
-/**
-Doesn't work because crypto_scalarmult clamps the scalar. We don't want this.
-Unfortunately a "noclamp" version of multiplication is only available for
edwards25519 in libsodium.
-We therefore can't implement the second (alternative) method for
generate_public_key.
-Keeping this code for discussion. Delete later.
-
-// Curve25519 point (only x-coordinate) which is needed for the alternativ
method of
-//GNUNET_CRYPTO_ecdhe_elligator_generate_public_key_alternativ
-static const unsigned char kPoint[] = {
- 0xD8, 0x86, 0x1A, 0xA2, 0x78, 0x7A, 0xD9, 0x26,
- 0x8B, 0x74, 0x74, 0xB6, 0x82, 0xE3, 0xBE, 0xC3,
- 0xCE, 0x36, 0x9A, 0x1E, 0x5E, 0x31, 0x47, 0xA2,
- 0x6D, 0x37, 0x7C, 0xFD, 0x20, 0xB5, 0xDF, 0x75
-};
-
-// Curve25519 order of prime order subgroup
-static const unsigned char L[] = {
- 0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58,
- 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
-};
-
-static void multiplyLittleEndianArray(const unsigned char *input, int
multiplier, unsigned char *output, int arraySize) {
- int carry = 0;
-
- for (int i = 0; i < arraySize; ++i) {
- int result = input[i] * multiplier + carry;
- output[i] = result & 0xFF; // Store the lower 8 bits in the output
array
- carry = result >> 8; // Carry the remaining bits to the next
iteration
- }
-}
-
-static void addLittleEndianArrays(const unsigned char *array1, const unsigned
char *array2, unsigned char *result, int arraySize) {
- int carry = 0;
-
- for (int i = 0; i < arraySize; ++i) {
- int sum = array1[i] + array2[i] + carry;
- result[i] = sum & 0xFF; // Store the lower 8 bits in the result array
- carry = sum >> 8; // Carry the remaining bits to the next
iteration
- }
-}
-
-Would call GNUNET_CRYPTO_ecdhe_key_create (struct
GNUNET_CRYPTO_EcdhePrivateKey *pk) for pk which is not clamped
-Following Method 1 in description https://elligator.org/key-exchange section
Step 2: Generate a “special” public key
-int
-GNUNET_CRYPTO_ecdhe_elligator_generate_public_key_alternativ (unsigned char
- pub[
-
crypto_scalarmult_SCALARBYTES
- ],
- struct
-
GNUNET_CRYPTO_EcdhePrivateKey
- *pk)
-{
- unsigned char sClamp[crypto_scalarmult_BYTES] = {0};
- memcpy(sClamp, pk->d, sizeof(sClamp));
- sClamp[0] &= 248;
- sClamp[31] &= 127;
- sClamp[31] |= 64;
-
- unsigned char sLow[crypto_scalarmult_BYTES] = {0};
- int multiplier = (pk->d)[0] % 8;
- multiplyLittleEndianArray(L, multiplier, sLow, 32);
- unsigned char sDirty[crypto_scalarmult_BYTES] = {0};
- addLittleEndianArrays(sClamp, sLow, sDirty, 32);
-
- int check = crypto_scalarmult(pub, sDirty,
- kPoint);
-
- if (check == -1)
- {
- printf("crypto_scalarmult didn't work\n");
- return -1;
- }
-
- return 0;
-}
-**/
-
-enum GNUNET_GenericReturnValue
+void
GNUNET_CRYPTO_ecdhe_elligator_key_create (
struct GNUNET_CRYPTO_ElligatorRepresentative *repr,
struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
@@ -665,10 +587,12 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
pk,
sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
- if (GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (pub, pk) ==
- GNUNET_SYSERR)
+
+ // Continue if generate_public_key fails
+ if (GNUNET_SYSERR ==
+ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (pub, pk))
{
- return GNUNET_SYSERR;
+ continue;
}
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
@@ -695,5 +619,4 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
{
repr->r[31] |= 64;
}
- return GNUNET_OK;
}
diff --git a/src/lib/util/test_crypto_elligator.c
b/src/lib/util/test_crypto_elligator.c
index 488a296d6..463cb0a0c 100644
--- a/src/lib/util/test_crypto_elligator.c
+++ b/src/lib/util/test_crypto_elligator.c
@@ -121,23 +121,6 @@ testGeneratePkScalarMult (void)
}
-/*
-* Test Description: Simply testing, if function goes through.
-*/
-static int
-testKeyPairEasy (void)
-{
- struct GNUNET_CRYPTO_ElligatorRepresentative repr;
- struct GNUNET_CRYPTO_EcdhePrivateKey pk;
- int i = GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk);
- if (i == GNUNET_SYSERR)
- {
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
/*
* Test Description: After generating a valid private key and the corresponding
representative with
* GNUNET_CRYPTO_ecdhe_elligator_key_create(), check if using the direct map
results in the corresponding public key.
@@ -148,20 +131,15 @@ testInverseDirect (void)
struct GNUNET_CRYPTO_ElligatorRepresentative repr;
struct GNUNET_CRYPTO_EcdhePublicKey point;
struct GNUNET_CRYPTO_EcdhePrivateKey pk;
- int i = GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk);
- if (i == -1)
- {
- return GNUNET_SYSERR;
- }
+ GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk);
unsigned char pub[crypto_scalarmult_SCALARBYTES];
- bool highY;
if (GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (pub, &pk) == -1)
{
return GNUNET_SYSERR;
}
- GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, &highY, &repr);
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, NULL, &repr);
if (memcmp (pub, point.q_y, sizeof(point.q_y)) != 0)
{
@@ -194,14 +172,7 @@ testTimeKeyGenerate (void)
{
fprintf (stderr, "%s", ".");
fflush (stderr);
- if (GNUNET_SYSERR ==
- GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk))
- {
- fprintf (stderr,
- "GNUNET_CRYPTO_ecdhe_elligator_key_create SYSERR\n");
- ok = GNUNET_SYSERR;
- }
- // printLittleEndianHex(repr.r,32);
+ GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk);
}
printf ("%d encoded public keys generated in %s\n",
ITER,
@@ -218,20 +189,12 @@ testTimeDecoding (void)
struct GNUNET_CRYPTO_EcdhePublicKey point;
struct GNUNET_CRYPTO_ElligatorRepresentative repr[ITER];
struct GNUNET_CRYPTO_EcdhePrivateKey pk;
- bool high_y;
struct GNUNET_TIME_Absolute start;
int ok = GNUNET_OK;
for (unsigned int i = 0; i < ITER; i++)
{
- if (GNUNET_SYSERR ==
- GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr[i], &pk))
- {
- fprintf (stderr,
- "GNUNET_CRYPTO_ecdhe_elligator_key_create SYSERR\n");
- ok = GNUNET_SYSERR;
- continue;
- }
+ GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr[i], &pk);
}
fprintf (stderr, "%s", "W");
@@ -242,7 +205,7 @@ testTimeDecoding (void)
fprintf (stderr, "%s", ".");
fflush (stderr);
if (false ==
- GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, &high_y, &repr[i]))
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, NULL, &repr[i]))
{
fprintf (stderr,
"GNUNET_CRYPTO_ecdhe_elligator_decoding SYSERR\n");
@@ -289,11 +252,6 @@ main (int argc, char *argv[])
printf ("generate PK failed!");
failure_count++;
}
- if (GNUNET_OK != testKeyPairEasy ())
- {
- printf ("key generation doesn't work!");
- failure_count++;
- }
if (GNUNET_OK != testInverseDirect ())
{
printf ("Inverse and direct map failed!");
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.