diff --git a/ed25519-donna/ge25519.c b/ed25519-donna/ge25519.c index da1fac7b74..7bb3d2e202 100644 --- a/ed25519-donna/ge25519.c +++ b/ed25519-donna/ge25519.c @@ -369,10 +369,4 @@ int ge25519_unpack_vartime(ge25519 *r, const unsigned char *s){ void ge25519_scalarmult_base_wrapper(ge25519 *r, const bignum256modm s){ ge25519_scalarmult_base_niels(r, ge25519_niels_base_multiples, s); - ge25519_norm(r, r); -} - -void ge25519_scalarmult_wrapper(ge25519 *r, const ge25519 *P, const bignum256modm a){ - ge25519_scalarmult(r, P, a); - ge25519_norm(r, r); } diff --git a/ed25519-donna/ge25519.h b/ed25519-donna/ge25519.h index 964c6aef17..f94fe62365 100644 --- a/ed25519-donna/ge25519.h +++ b/ed25519-donna/ge25519.h @@ -71,7 +71,4 @@ int ge25519_unpack_vartime(ge25519 *r, const unsigned char *s); /* aG, wrapper for niels base mult. */ void ge25519_scalarmult_base_wrapper(ge25519 *r, const bignum256modm s); -/* aP, wrapper. General purpose, normalizes after multiplication */ -void ge25519_scalarmult_wrapper(ge25519 *r, const ge25519 *P, const bignum256modm a); - #endif diff --git a/monero/xmr.c b/monero/xmr.c index ccac66d951..7a35763489 100644 --- a/monero/xmr.c +++ b/monero/xmr.c @@ -71,7 +71,6 @@ void xmr_derivation_to_scalar(bignum256modm s, const ge25519 * p, uint32_t outpu void xmr_generate_key_derivation(ge25519 * r, const ge25519 * A, const bignum256modm b){ ge25519 bA; ge25519_scalarmult(&bA, A, b); - ge25519_norm(&bA, &bA); ge25519_mul8(r, &bA); } @@ -83,58 +82,36 @@ void xmr_derive_private_key(bignum256modm s, const ge25519 * deriv, uint32_t idx void xmr_derive_public_key(ge25519 * r, const ge25519 * deriv, uint32_t idx, const ge25519 * base){ bignum256modm s={0}; ge25519 p2; - ge25519_pniels Bp; - ge25519_p1p1 p1; xmr_derivation_to_scalar(s, deriv, idx); ge25519_scalarmult_base_niels(&p2, ge25519_niels_base_multiples, s); - ge25519_norm(&p2, &p2); - - ge25519_full_to_pniels(&Bp, base); - ge25519_pnielsadd_p1p1(&p1, &p2, &Bp, 0); - ge25519_p1p1_to_full(r, &p1); + ge25519_add(r, base, &p2, 0); } void xmr_add_keys2(ge25519 * r, const bignum256modm a, const bignum256modm b, const ge25519 * B){ // aG + bB, G is basepoint ge25519 aG, bB; - ge25519_pniels bBn; - ge25519_p1p1 p1; ge25519_scalarmult_base_niels(&aG, ge25519_niels_base_multiples, a); ge25519_scalarmult(&bB, B, b); - ge25519_norm(&bB, &bB); - ge25519_norm(&aG, &aG); - - ge25519_full_to_pniels(&bBn, &bB); - ge25519_pnielsadd_p1p1(&p1, &aG, &bBn, 0); - ge25519_p1p1_to_full(r, &p1); + ge25519_add(r, &aG, &bB, 0); } void xmr_add_keys2_vartime(ge25519 * r, const bignum256modm a, const bignum256modm b, const ge25519 * B){ // aG + bB, G is basepoint ge25519_double_scalarmult_vartime(r, B, b, a); - ge25519_norm(r, r); } void xmr_add_keys3(ge25519 * r, const bignum256modm a, const ge25519 * A, const bignum256modm b, const ge25519 * B){ // aA + bB ge25519 aA, bB; - ge25519_pniels bBn; - ge25519_p1p1 p1; ge25519_scalarmult(&aA, A, a); ge25519_scalarmult(&bB, B, b); - ge25519_norm(&bB, &bB); - ge25519_norm(&aA, &aA); - - ge25519_full_to_pniels(&bBn, &bB); - ge25519_pnielsadd_p1p1(&p1, &aA, &bBn, 0); - ge25519_p1p1_to_full(r, &p1); + ge25519_add(r, &aA, &bB, 0); } void xmr_add_keys3_vartime(ge25519 * r, const bignum256modm a, const ge25519 * A, const bignum256modm b, const ge25519 * B){ // aA + bB ge25519_double_scalarmult_vartime2(r, A, a, B, b); - ge25519_norm(r, r); } void xmr_get_subaddress_secret_key(bignum256modm r, uint32_t major, uint32_t minor, const bignum256modm m){ diff --git a/tests/test_check.c b/tests/test_check.c index 86389b46a7..c609eb0809 100644 --- a/tests/test_check.c +++ b/tests/test_check.c @@ -5093,7 +5093,7 @@ Suite *test_suite(void) tcase_add_test(tc, test_xmr_ge25519_base); tcase_add_test(tc, test_xmr_ge25519_check); tcase_add_test(tc, test_xmr_ge25519_scalarmult_base_wrapper); - tcase_add_test(tc, test_xmr_ge25519_scalarmult_wrapper); + tcase_add_test(tc, test_xmr_ge25519_scalarmult); tcase_add_test(tc, test_xmr_ge25519_ops); suite_add_tcase(s, tc); diff --git a/tests/test_check_monero.h b/tests/test_check_monero.h index c76edefc1a..86e355d2a6 100644 --- a/tests/test_check_monero.h +++ b/tests/test_check_monero.h @@ -511,7 +511,7 @@ START_TEST(test_xmr_ge25519_scalarmult_base_wrapper) END_TEST -START_TEST(test_xmr_ge25519_scalarmult_wrapper) +START_TEST(test_xmr_ge25519_scalarmult) { static const struct { char *sc; @@ -562,7 +562,7 @@ START_TEST(test_xmr_ge25519_scalarmult_wrapper) expand256_modm(sc, fromhex(tests[i].sc), 32); ge25519_unpack_vartime(&pt, fromhex(tests[i].pt)); ge25519_unpack_vartime(&pt2, fromhex(tests[i].pt2)); - ge25519_scalarmult_wrapper(&pt3, &pt, sc); + ge25519_scalarmult(&pt3, &pt, sc); ck_assert_int_eq(ge25519_eq(&pt3, &pt2), 1); } } @@ -574,18 +574,27 @@ START_TEST(test_xmr_ge25519_ops) int tests[] = {1, 2, 7, 8, 637, 9912, 12345}; for (size_t i = 0; i < (sizeof(tests) / sizeof(*tests)); i++) { struct ge25519_t a, b, c, d; - bignum256modm s1 = {0}, s2 = {0}, s3 = {0}; + bignum256modm s1 = {0}, s2 = {0}, s3 = {0}, s4 = {0}; set256_modm(s1, tests[i]); set256_modm(s2, 8 * tests[i]); set256_modm(s3, 8); + set256_modm(s4, 2); + + ge25519_scalarmult_base_niels(&a, ge25519_niels_base_multiples, s1); + ge25519_scalarmult_base_niels(&b, ge25519_niels_base_multiples, s2); + ge25519_scalarmult(&c, &a, s4); + ge25519_scalarmult(&c, &c, s4); + ge25519_scalarmult(&c, &c, s4); + ck_assert_int_eq(ge25519_eq(&c, &b), 1); + ck_assert_int_eq(ge25519_eq(&a, &b), 0); ge25519_scalarmult_base_wrapper(&a, s1); ge25519_mul8(&b, &a); ge25519_scalarmult_base_wrapper(&c, s2); ck_assert_int_eq(ge25519_eq(&b, &c), 1); - ge25519_scalarmult_wrapper(&d, &a, s3); + ge25519_scalarmult(&d, &a, s3); ck_assert_int_eq(ge25519_eq(&d, &c), 1); ge25519_copy(&a, &b);