Fix public() using proper bear mulgen
This commit is contained in:
parent
93a480e6f3
commit
cb156f3260
|
@ -44,7 +44,6 @@ const
|
||||||
[218.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255],
|
[218.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255],
|
||||||
[219.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 25],
|
[219.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 25],
|
||||||
]
|
]
|
||||||
Basepoint*: Curve25519Key = [9.byte, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
|
||||||
|
|
||||||
proc byteswap*(buf: var Curve25519Key) {.inline.} =
|
proc byteswap*(buf: var Curve25519Key) {.inline.} =
|
||||||
for i in 0..<16:
|
for i in 0..<16:
|
||||||
|
@ -73,16 +72,20 @@ proc mul*(_: type[Curve25519], dst: var Curve25519Key, scalar: Curve25519Key, po
|
||||||
EC_curve25519)
|
EC_curve25519)
|
||||||
assert res == 1
|
assert res == 1
|
||||||
|
|
||||||
proc mulgen*(_: type[Curve25519], dst: var Curve25519Key, scalar: Curve25519Key) =
|
proc mulgen*(_: type[Curve25519], dst: var Curve25519Key, point: Curve25519Key) =
|
||||||
let defaultBrEc = brEcGetDefault()
|
let defaultBrEc = brEcGetDefault()
|
||||||
|
|
||||||
|
var
|
||||||
|
rpoint = point
|
||||||
|
rpoint.byteswap()
|
||||||
|
|
||||||
block iterate:
|
block iterate:
|
||||||
while true:
|
while true:
|
||||||
block derive:
|
block derive:
|
||||||
let
|
let
|
||||||
size = defaultBrEc.mulgen(
|
size = defaultBrEc.mulgen(
|
||||||
cast[pcuchar](addr dst[0]),
|
cast[pcuchar](addr dst[0]),
|
||||||
cast[pcuchar](unsafeaddr scalar[0]),
|
cast[pcuchar](addr rpoint[0]),
|
||||||
Curve25519KeySize,
|
Curve25519KeySize,
|
||||||
EC_curve25519)
|
EC_curve25519)
|
||||||
assert size == Curve25519KeySize
|
assert size == Curve25519KeySize
|
||||||
|
@ -92,5 +95,5 @@ proc mulgen*(_: type[Curve25519], dst: var Curve25519Key, scalar: Curve25519Key)
|
||||||
break iterate
|
break iterate
|
||||||
|
|
||||||
proc public*(private: Curve25519Key): Curve25519Key =
|
proc public*(private: Curve25519Key): Curve25519Key =
|
||||||
Curve25519.mul(result, Basepoint, private)
|
Curve25519.mulgen(result, private)
|
||||||
|
|
||||||
|
|
|
@ -482,16 +482,6 @@ suite "Key interface test suite":
|
||||||
check text.toHex == plain.toHex
|
check text.toHex == plain.toHex
|
||||||
|
|
||||||
test "Curve25519":
|
test "Curve25519":
|
||||||
# from https://github.com/TomCrypto/pycurve25519/blob/48ba3c58fabc4ea4f23e977474d069bb95be6776/test_curve25519.py#L5
|
|
||||||
for _ in 0..<1024:
|
|
||||||
var
|
|
||||||
private: Curve25519Key
|
|
||||||
check randomBytes(private) == Curve25519KeySize
|
|
||||||
Curve25519.mulgen(private, private)
|
|
||||||
check (private[0].int and (not 248)) == 0
|
|
||||||
check (private[31].int and (not 127)) == 0
|
|
||||||
check (private[31].int and 64) != 0
|
|
||||||
|
|
||||||
# from bearssl test_crypto.c
|
# from bearssl test_crypto.c
|
||||||
var
|
var
|
||||||
res: Curve25519Key
|
res: Curve25519Key
|
||||||
|
@ -522,6 +512,7 @@ suite "Key interface test suite":
|
||||||
private2 = fromHex("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb").intoCurve25519Key
|
private2 = fromHex("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb").intoCurve25519Key
|
||||||
p1Pub = private1.public()
|
p1Pub = private1.public()
|
||||||
p2Pub = private2.public()
|
p2Pub = private2.public()
|
||||||
|
p2Gen: Curve25519Key
|
||||||
check p1Pub.toHex == "8520F0098930A754748B7DDCB43EF75A0DBF3A0D26381AF4EBA4A98EAA9B4E6A"
|
check p1Pub.toHex == "8520F0098930A754748B7DDCB43EF75A0DBF3A0D26381AF4EBA4A98EAA9B4E6A"
|
||||||
check p2Pub.toHex == "DE9EDB7D7B7DC1B4D35B61C2ECE435373F8343C85B78674DADFC7E146F882B4F"
|
check p2Pub.toHex == "DE9EDB7D7B7DC1B4D35B61C2ECE435373F8343C85B78674DADFC7E146F882B4F"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue