refactor and fix mulgen (curve25519) (#293)

* refactor and fix mulgen (curve25519)

* crypto tests fixing
This commit is contained in:
Giovanni Petrantoni 2020-08-04 14:07:53 +09:00 committed by GitHub
parent b6877b8aac
commit 504e0444d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 22 deletions

View File

@ -80,30 +80,33 @@ proc mul*(_: type[Curve25519], dst: var Curve25519Key, scalar: Curve25519Key, po
EC_curve25519) EC_curve25519)
assert res == 1 assert res == 1
proc mulgen*(_: type[Curve25519], dst: var Curve25519Key, point: Curve25519Key) = proc mulgen(_: type[Curve25519], dst: var Curve25519Key, point: Curve25519Key): bool =
let defaultBrEc = brEcGetDefault() let defaultBrEc = brEcGetDefault()
var var
rpoint = point rpoint = point
rpoint.byteswap() rpoint.byteswap()
block iterate:
while true:
block derive:
let let
size = defaultBrEc.mulgen( size = defaultBrEc.mulgen(
cast[pcuchar](addr dst[0]), cast[pcuchar](addr dst[0]),
cast[pcuchar](addr rpoint[0]), cast[pcuchar](addr rpoint[0]),
Curve25519KeySize, Curve25519KeySize,
EC_curve25519) EC_curve25519)
assert size == Curve25519KeySize
for forbid in ForbiddenCurveValues:
if dst == forbid:
break derive
break iterate
proc public*(private: Curve25519Key): Curve25519Key = assert size == Curve25519KeySize
Curve25519.mulgen(result, private)
if dst in ForbiddenCurveValues:
false
else:
true
proc public*(private: Curve25519Key): Result[Curve25519Key, cstring] =
var res: Curve25519Key
if Curve25519.mulgen(res, private):
ok(res)
else:
err("mulgen produced a forbidden key")
proc random*(_: type[Curve25519Key], rng: var BrHmacDrbgContext): Curve25519Key = proc random*(_: type[Curve25519Key], rng: var BrHmacDrbgContext): Curve25519Key =
var res: Curve25519Key var res: Curve25519Key

View File

@ -88,7 +88,7 @@ type
proc genKeyPair(rng: var BrHmacDrbgContext): KeyPair = proc genKeyPair(rng: var BrHmacDrbgContext): KeyPair =
result.privateKey = Curve25519Key.random(rng) result.privateKey = Curve25519Key.random(rng)
result.publicKey = result.privateKey.public() result.publicKey = result.privateKey.public().tryGet()
proc hashProtocol(name: string): MDigest[256] = proc hashProtocol(name: string): MDigest[256] =
# If protocol_name is less than or equal to HASHLEN bytes in length, # If protocol_name is less than or equal to HASHLEN bytes in length,

View File

@ -505,14 +505,14 @@ suite "Key interface test suite":
# RFC vectors # RFC vectors
private1 = fromHex("a8abababababababababababababababababababababababababababababab6b").intoCurve25519Key private1 = fromHex("a8abababababababababababababababababababababababababababababab6b").intoCurve25519Key
check private1.public().toHex == "E3712D851A0E5D79B831C5E34AB22B41A198171DE209B8B8FACA23A11C624859" check private1.public().get().toHex == "E3712D851A0E5D79B831C5E34AB22B41A198171DE209B8B8FACA23A11C624859"
private1 = fromHex("c8cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd4d").intoCurve25519Key private1 = fromHex("c8cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd4d").intoCurve25519Key
check private1.public().toHex == "B5BEA823D9C9FF576091C54B7C596C0AE296884F0E150290E88455D7FBA6126F" check private1.public().get().toHex == "B5BEA823D9C9FF576091C54B7C596C0AE296884F0E150290E88455D7FBA6126F"
private1 = fromHex("77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a").intoCurve25519Key private1 = fromHex("77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a").intoCurve25519Key
var var
private2 = fromHex("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb").intoCurve25519Key private2 = fromHex("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb").intoCurve25519Key
p1Pub = private1.public() p1Pub = private1.public().get()
p2Pub = private2.public() p2Pub = private2.public().get()
check p1Pub.toHex == "8520F0098930A754748B7DDCB43EF75A0DBF3A0D26381AF4EBA4A98EAA9B4E6A" check p1Pub.toHex == "8520F0098930A754748B7DDCB43EF75A0DBF3A0D26381AF4EBA4A98EAA9B4E6A"
check p2Pub.toHex == "DE9EDB7D7B7DC1B4D35B61C2ECE435373F8343C85B78674DADFC7E146F882B4F" check p2Pub.toHex == "DE9EDB7D7B7DC1B4D35B61C2ECE435373F8343C85B78674DADFC7E146F882B4F"