From f62476fd9dda2371c2a5c888690b275634b49c9f Mon Sep 17 00:00:00 2001 From: Loup Vaillant Date: Thu, 12 Jan 2023 18:54:06 +0100 Subject: [PATCH] Renamed Elligator function with a common prefix --- src/monocypher.c | 8 ++++---- src/monocypher.h | 10 +++++----- tests/test.c | 34 +++++++++++++++++----------------- tests/tis-ci.c | 4 ++-- 4 files changed, 28 insertions(+), 28 deletions(-) diff --git a/src/monocypher.c b/src/monocypher.c index 8a27753..5f3c61b 100644 --- a/src/monocypher.c +++ b/src/monocypher.c @@ -2573,7 +2573,7 @@ static const fe A = {486662}; // u2 = w * -1 * -non_square * r^2 // u2 = w * non_square * r^2 // u2 = u -void crypto_hidden_to_curve(u8 curve[32], const u8 hidden[32]) +void crypto_elligator_map(u8 curve[32], const u8 hidden[32]) { fe r, u, t1, t2, t3; fe_frombytes_mask(r, hidden, 2); // r is encoded in 254 bits. @@ -2633,7 +2633,7 @@ void crypto_hidden_to_curve(u8 curve[32], const u8 hidden[32]) // If v is negative, we return isr * (u+A): // isr * (u+A) = sqrt(-1 / (non_square * u * (u+A)) * (u+A) // isr * (u+A) = sqrt(-(u+A) / (non_square * u) -int crypto_curve_to_hidden(u8 hidden[32], const u8 public_key[32], u8 tweak) +int crypto_elligator_rev(u8 hidden[32], const u8 public_key[32], u8 tweak) { fe t1, t2, t3; fe_frombytes(t1, public_key); // t1 = u @@ -2664,7 +2664,7 @@ int crypto_curve_to_hidden(u8 hidden[32], const u8 public_key[32], u8 tweak) return is_square - 1; } -void crypto_hidden_key_pair(u8 hidden[32], u8 secret_key[32], u8 seed[32]) +void crypto_elligator_key_pair(u8 hidden[32], u8 secret_key[32], u8 seed[32]) { u8 pk [32]; // public key u8 buf[64]; // seed + representative @@ -2672,7 +2672,7 @@ void crypto_hidden_key_pair(u8 hidden[32], u8 secret_key[32], u8 seed[32]) do { crypto_chacha20_djb(buf, 0, 64, buf+32, zero, 0); crypto_x25519_dirty_fast(pk, buf); // or the "small" version - } while(crypto_curve_to_hidden(buf+32, pk, buf[32])); + } while(crypto_elligator_rev(buf+32, pk, buf[32])); // Note that the return value of crypto_curve_to_hidden() is // independent from its tweak parameter. // Therefore, buf[32] is not actually reused. Either we loop one diff --git a/src/monocypher.h b/src/monocypher.h index 308a547..463f17c 100644 --- a/src/monocypher.h +++ b/src/monocypher.h @@ -332,13 +332,13 @@ void crypto_x25519_to_eddsa(uint8_t eddsa[32], const uint8_t x25519[32]); // ----------- // Elligator mappings proper -void crypto_hidden_to_curve(uint8_t curve [32], const uint8_t hidden[32]); -int crypto_curve_to_hidden(uint8_t hidden[32], const uint8_t curve [32], - uint8_t tweak); +void crypto_elligator_map(uint8_t curve [32], const uint8_t hidden[32]); +int crypto_elligator_rev(uint8_t hidden[32], const uint8_t curve [32], + uint8_t tweak); // Easy to use key pair generation -void crypto_hidden_key_pair(uint8_t hidden[32], uint8_t secret_key[32], - uint8_t seed[32]); +void crypto_elligator_key_pair(uint8_t hidden[32], uint8_t secret_key[32], + uint8_t seed[32]); #ifdef __cplusplus } diff --git a/tests/test.c b/tests/test.c index 60e67ba..5986634 100644 --- a/tests/test.c +++ b/tests/test.c @@ -974,7 +974,7 @@ static void elligator_dir(vector_reader *reader) { vector in = next_input(reader); vector out = next_output(reader); - crypto_hidden_to_curve(out.buf, in.buf); + crypto_elligator_map(out.buf, in.buf); } static void elligator_inv(vector_reader *reader) @@ -983,7 +983,7 @@ static void elligator_inv(vector_reader *reader) u8 tweak = next_input(reader).buf[0]; u8 failure = next_input(reader).buf[0]; vector out = next_output(reader); - int check = crypto_curve_to_hidden(out.buf, point.buf, tweak); + int check = crypto_elligator_rev(out.buf, point.buf, tweak); ASSERT((u8)check == failure); } @@ -998,11 +998,11 @@ static void test_elligator() u8 r2[32]; memcpy(r2, r, 32); r2[31] = (r[31] & 0x3f) | 0x40; u8 r3[32]; memcpy(r3, r, 32); r3[31] = (r[31] & 0x3f) | 0x80; u8 r4[32]; memcpy(r4, r, 32); r4[31] = (r[31] & 0x3f) | 0xc0; - u8 u [32]; crypto_hidden_to_curve(u , r ); - u8 u1[32]; crypto_hidden_to_curve(u1, r1); - u8 u2[32]; crypto_hidden_to_curve(u2, r2); - u8 u3[32]; crypto_hidden_to_curve(u3, r3); - u8 u4[32]; crypto_hidden_to_curve(u4, r4); + u8 u [32]; crypto_elligator_map(u , r ); + u8 u1[32]; crypto_elligator_map(u1, r1); + u8 u2[32]; crypto_elligator_map(u2, r2); + u8 u3[32]; crypto_elligator_map(u3, r3); + u8 u4[32]; crypto_elligator_map(u4, r4); ASSERT_EQUAL(u, u1, 32); ASSERT_EQUAL(u, u2, 32); ASSERT_EQUAL(u, u3, 32); @@ -1015,8 +1015,8 @@ static void test_elligator() u8 separate[32]; RANDOM_INPUT(r, 32); memcpy(overlapping + 31, r, 32); - crypto_hidden_to_curve(overlapping + i, overlapping + 31); - crypto_hidden_to_curve(separate, r); + crypto_elligator_map(overlapping + i, overlapping + 31); + crypto_elligator_map(separate, r); ASSERT_EQUAL(separate, overlapping + i, 32); } @@ -1029,8 +1029,8 @@ static void test_elligator() RANDOM_INPUT(pk, 33); u8 tweak = pk[32]; memcpy(overlapping + 31, pk, 32); - int a = crypto_curve_to_hidden(overlapping+i, overlapping+31, tweak); - int b = crypto_curve_to_hidden(separate, pk, tweak); + int a = crypto_elligator_rev(overlapping+i, overlapping+31, tweak); + int b = crypto_elligator_rev(separate, pk, tweak); ASSERT(a == b); if (a == 0) { // The buffers are the same only if written to to begin with @@ -1066,14 +1066,14 @@ static void test_elligator() // We want to set the bits 1 (sign) and 6-7 (padding) u8 tweak = (u8)((i & 1) + (i << 5)); u8 r[32]; - if (crypto_curve_to_hidden(r, pkf, tweak)) { + if (crypto_elligator_rev(r, pkf, tweak)) { continue; // retry untill success (doesn't increment the tweak) } // Verify that the tweak's msb are copied to the representative ASSERT((tweak >> 6) == (r[31] >> 6)); // Round trip - u8 pkr[32]; crypto_hidden_to_curve(pkr, r); + u8 pkr[32]; crypto_elligator_map(pkr, r); ASSERT_EQUAL(pkr, pkf, 32); // Dirty and safe keys are compatible @@ -1088,8 +1088,8 @@ static void test_elligator() RANDOM_INPUT(seed, 32); RANDOM_INPUT(sk2 , 32); u8 r [32]; - u8 sk1[32]; crypto_hidden_key_pair(r, sk1, seed); - u8 pkr[32]; crypto_hidden_to_curve(pkr, r); + u8 sk1[32]; crypto_elligator_key_pair(r, sk1, seed); + u8 pkr[32]; crypto_elligator_map(pkr, r); u8 pk1[32]; crypto_x25519_public_key(pk1, sk1); u8 e1 [32]; crypto_x25519(e1, sk2, pk1); u8 e2 [32]; crypto_x25519(e2, sk2, pkr); @@ -1103,8 +1103,8 @@ static void test_elligator() RANDOM_INPUT(s1, 32); u8 *s2 = over + 63; memcpy(s2, s1, 32); - crypto_hidden_key_pair(sep , sep + 32, s1); - crypto_hidden_key_pair(over + i, over + i + 32, s2); + crypto_elligator_key_pair(sep , sep + 32, s1); + crypto_elligator_key_pair(over + i, over + i + 32, s2); ASSERT_EQUAL(sep, over + i, 64); } } diff --git a/tests/tis-ci.c b/tests/tis-ci.c index 9bc1a7a..0626238 100644 --- a/tests/tis-ci.c +++ b/tests/tis-ci.c @@ -234,7 +234,7 @@ static void elligator_dir(vector_reader *reader) { vector in = next_input(reader); vector out = next_output(reader); - crypto_hidden_to_curve(out.buf, in.buf); + crypto_elligator_map(out.buf, in.buf); } static void elligator_inv(vector_reader *reader) @@ -243,7 +243,7 @@ static void elligator_inv(vector_reader *reader) u8 tweak = next_input(reader).buf[0]; u8 failure = next_input(reader).buf[0]; vector out = next_output(reader); - int check = crypto_curve_to_hidden(out.buf, point.buf, tweak); + int check = crypto_elligator_rev(out.buf, point.buf, tweak); ASSERT((u8)check == failure); if (check) { out.buf[0] = 0; -- 2.47.3