Fix public() using proper bear mulgen

This commit is contained in:
Giovanni Petrantoni 2020-02-17 14:31:14 +09:00 committed by Dmitriy Ryajov
parent 93a480e6f3
commit cb156f3260
2 changed files with 9 additions and 15 deletions

View File

@ -44,7 +44,6 @@ const
[218.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255], [218.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255],
[219.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 25], [219.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 25],
] ]
Basepoint*: Curve25519Key = [9.byte, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
proc byteswap*(buf: var Curve25519Key) {.inline.} = proc byteswap*(buf: var Curve25519Key) {.inline.} =
for i in 0..<16: for i in 0..<16:
@ -73,16 +72,20 @@ proc mul*(_: type[Curve25519], dst: var Curve25519Key, scalar: Curve25519Key, po
EC_curve25519) EC_curve25519)
assert res == 1 assert res == 1
proc mulgen*(_: type[Curve25519], dst: var Curve25519Key, scalar: Curve25519Key) = proc mulgen*(_: type[Curve25519], dst: var Curve25519Key, point: Curve25519Key) =
let defaultBrEc = brEcGetDefault() let defaultBrEc = brEcGetDefault()
var
rpoint = point
rpoint.byteswap()
block iterate: block iterate:
while true: while true:
block derive: block derive:
let let
size = defaultBrEc.mulgen( size = defaultBrEc.mulgen(
cast[pcuchar](addr dst[0]), cast[pcuchar](addr dst[0]),
cast[pcuchar](unsafeaddr scalar[0]), cast[pcuchar](addr rpoint[0]),
Curve25519KeySize, Curve25519KeySize,
EC_curve25519) EC_curve25519)
assert size == Curve25519KeySize assert size == Curve25519KeySize
@ -92,5 +95,5 @@ proc mulgen*(_: type[Curve25519], dst: var Curve25519Key, scalar: Curve25519Key)
break iterate break iterate
proc public*(private: Curve25519Key): Curve25519Key = proc public*(private: Curve25519Key): Curve25519Key =
Curve25519.mul(result, Basepoint, private) Curve25519.mulgen(result, private)

View File

@ -482,16 +482,6 @@ suite "Key interface test suite":
check text.toHex == plain.toHex check text.toHex == plain.toHex
test "Curve25519": test "Curve25519":
# from https://github.com/TomCrypto/pycurve25519/blob/48ba3c58fabc4ea4f23e977474d069bb95be6776/test_curve25519.py#L5
for _ in 0..<1024:
var
private: Curve25519Key
check randomBytes(private) == Curve25519KeySize
Curve25519.mulgen(private, private)
check (private[0].int and (not 248)) == 0
check (private[31].int and (not 127)) == 0
check (private[31].int and 64) != 0
# from bearssl test_crypto.c # from bearssl test_crypto.c
var var
res: Curve25519Key res: Curve25519Key
@ -522,6 +512,7 @@ suite "Key interface test suite":
private2 = fromHex("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb").intoCurve25519Key private2 = fromHex("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb").intoCurve25519Key
p1Pub = private1.public() p1Pub = private1.public()
p2Pub = private2.public() p2Pub = private2.public()
p2Gen: Curve25519Key
check p1Pub.toHex == "8520F0098930A754748B7DDCB43EF75A0DBF3A0D26381AF4EBA4A98EAA9B4E6A" check p1Pub.toHex == "8520F0098930A754748B7DDCB43EF75A0DBF3A0D26381AF4EBA4A98EAA9B4E6A"
check p2Pub.toHex == "DE9EDB7D7B7DC1B4D35B61C2ECE435373F8343C85B78674DADFC7E146F882B4F" check p2Pub.toHex == "DE9EDB7D7B7DC1B4D35B61C2ECE435373F8343C85B78674DADFC7E146F882B4F"