ed25519-donna/modm: neg, sub added

6 years ago · 6a20ba5586
parent 5708a7257f
commit 6a20ba5586
3 changed files with 168 additions and 0 deletions
--- a/ed25519-donna/modm-donna-32bit.c
+++ b/ed25519-donna/modm-donna-32bit.c
@ -149,6 +149,33 @@ void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y)
 	reduce256_modm(r);
 }

+/* -x modulo m */
+void neg256_modm(bignum256modm r, const bignum256modm x) {
+	bignum256modm_element_t b = 0, pb;
+
+	/* r = m - x */
+	pb = 0;
+	pb += x[0]; b = lt_modm(modm_m[0], pb); r[0] = (modm_m[0] - pb + (b << 30)); pb = b;
+	pb += x[1]; b = lt_modm(modm_m[1], pb); r[1] = (modm_m[1] - pb + (b << 30)); pb = b;
+	pb += x[2]; b = lt_modm(modm_m[2], pb); r[2] = (modm_m[2] - pb + (b << 30)); pb = b;
+	pb += x[3]; b = lt_modm(modm_m[3], pb); r[3] = (modm_m[3] - pb + (b << 30)); pb = b;
+	pb += x[4]; b = lt_modm(modm_m[4], pb); r[4] = (modm_m[4] - pb + (b << 30)); pb = b;
+	pb += x[5]; b = lt_modm(modm_m[5], pb); r[5] = (modm_m[5] - pb + (b << 30)); pb = b;
+	pb += x[6]; b = lt_modm(modm_m[6], pb); r[6] = (modm_m[6] - pb + (b << 30)); pb = b;
+	pb += x[7]; b = lt_modm(modm_m[7], pb); r[7] = (modm_m[7] - pb + (b << 30)); pb = b;
+	pb += x[8]; b = lt_modm(modm_m[8], pb); r[8] = (modm_m[8] - pb + (b << 16));
+
+	// if x==0, reduction is required
+	reduce256_modm(r);
+}
+
+/* subtraction x-y % m */
+void sub256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
+	bignum256modm negy;
+	neg256_modm(negy, y);
+	add256_modm(r, x, negy);
+}
+
 /* multiplication modulo m */
 void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
 	bignum256modm r1, q1;
--- a/ed25519-donna/modm-donna-32bit.h
+++ b/ed25519-donna/modm-donna-32bit.h
@ -31,6 +31,12 @@ void barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignu
 /* addition modulo m */
 void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y);

+/* -x modulo m */
+void neg256_modm(bignum256modm r, const bignum256modm x);
+
+/* subtraction x-y modulo m */
+void sub256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y);
+
 /* multiplication modulo m */
 void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y);

--- a/tests/test_check.c
+++ b/tests/test_check.c
@ -54,6 +54,7 @@
 #include "secp256k1.h"
 #include "nist256p1.h"
 #include "ed25519-donna/ed25519.h"
+#include "ed25519-donna/ed25519-donna.h"
 #include "ed25519-donna/ed25519-keccak.h"
 #include "script.h"
 #include "rfc6979.h"
@ -3377,6 +3378,134 @@ START_TEST(test_ed25519_cosi) {
 }
 END_TEST

+START_TEST(test_ed25519_modl_add)
+{
+	char tests[][3][65] = {
+		{"0000000000000000000000000000000000000000000000000000000000000000",
+		 "0000000000000000000000000000000000000000000000000000000000000000",
+		 "0000000000000000000000000000000000000000000000000000000000000000",
+		},
+
+		{"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a",
+		 "0000000000000000000000000000000000000000000000000000000000000000",
+		 "eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a"
+		},
+
+		{"0000000000000000000000000000000000000000000000000000000000000000",
+		 "eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a",
+		 "eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a"
+		},
+
+		{"0100000000000000000000000000000000000000000000000000000000000000",
+		 "0200000000000000000000000000000000000000000000000000000000000000",
+		 "0300000000000000000000000000000000000000000000000000000000000000"
+		},
+
+		{"e3d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
+		 "0a00000000000000000000000000000000000000000000000000000000000000",
+		 "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+
+		{"f7bb3bf42b3e58e2edd06f173fc7bfbc7aaf657217946b75648447101136aa08",
+		 "3c16b013109cc27ff39805be2abe04ba4cd6a8526a1d3023047693e950936c06",
+		 "33d2eb073cda1a62e16975d56985c476c7850ec581b19b9868fadaf961c9160f"
+		},
+	};
+
+	unsigned char buff[32];
+	bignum256modm a={0}, b={0}, c={0};
+
+	for (size_t i = 0; i < (sizeof(tests) / sizeof(*tests)); i++) {
+		expand256_modm(a, fromhex(tests[i][0]), 32);
+		expand256_modm(b, fromhex(tests[i][1]), 32);
+		add256_modm(c, a, b);
+		contract256_modm(buff, c);
+		ck_assert_mem_eq(buff, fromhex(tests[i][2]), 32);
+	}
+}
+END_TEST
+
+START_TEST(test_ed25519_modl_neg)
+{
+	char tests[][2][65] = {
+		{"05d0f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
+		 "e803000000000000000000000000000000000000000000000000000000000000"},
+
+		{"4d4df45c1a631258d69cf7a2def9de1400000000000000000000000000000010",
+		 "a086010000000000000000000000000000000000000000000000000000000000"},
+
+		{"25958944a1b7d4073975ca48996a1d740d0ed98ceec366760c5358da681e9608",
+		 "c83e6c1879ab3d509d272d5a458fc1a0f2f12673113c9989f3aca72597e16907"},
+
+		{"0100000000000000000000000000000000000000000000000000000000000000",
+		 "ecd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010"},
+
+		{"ecd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
+		 "0100000000000000000000000000000000000000000000000000000000000000"},
+
+		{"0000000000000000000000000000000000000000000000000000000000000000",
+		 "0000000000000000000000000000000000000000000000000000000000000000"},
+	};
+
+	unsigned char buff[32];
+	bignum256modm a={0}, b={0};
+
+	for (size_t i = 0; i < (sizeof(tests) / sizeof(*tests)); i++) {
+		expand256_modm(a, fromhex(tests[i][0]), 32);
+		neg256_modm(b, a);
+		contract256_modm((unsigned char *) buff, b);
+		ck_assert_mem_eq(buff, fromhex(tests[i][1]), 32);
+	}
+}
+END_TEST
+
+START_TEST(test_ed25519_modl_sub)
+{
+	char tests[][3][65] = {
+		{"0000000000000000000000000000000000000000000000000000000000000000",
+		 "0000000000000000000000000000000000000000000000000000000000000000",
+		 "0000000000000000000000000000000000000000000000000000000000000000",
+		},
+
+		{"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a",
+		 "53732f60e51ee3a48d21d2d526548c0dadbb79a185678fd7710613d0e76aad0c",
+		 "8859d1d1deee0767a4ff1b72a3e0d0327573c69bbff5fc07cfa61414e6ef3b0e"
+		},
+
+		{"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a",
+		 "0000000000000000000000000000000000000000000000000000000000000000",
+		 "eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a"
+		},
+
+		{"0000000000000000000000000000000000000000000000000000000000000000",
+		 "39897fbebf137a34572b014b0638ac0186d17874e3cc142ebdfe24327f5b8509",
+		 "b44a769e5a4f98237f71f657d8c132137a2e878b1c33ebd14201dbcd80a47a06"
+		},
+
+		{"0200000000000000000000000000000000000000000000000000000000000000",
+		 "e3d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
+		 "0c00000000000000000000000000000000000000000000000000000000000000"
+		},
+
+		{"e3d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
+		 "0800000000000000000000000000000000000000000000000000000000000000",
+		 "dbd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010"
+		},
+	};
+
+	unsigned char buff[32];
+	bignum256modm a={0}, b={0}, c={0};
+
+	for (size_t i = 0; i < (sizeof(tests) / sizeof(*tests)); i++) {
+		expand256_modm(a, fromhex(tests[i][0]), 32);
+		expand256_modm(b, fromhex(tests[i][1]), 32);
+		sub256_modm(c, a, b);
+		contract256_modm(buff, c);
+		ck_assert_mem_eq(buff, fromhex(tests[i][2]), 32);
+	}
+}
+END_TEST
+
 static void test_bip32_ecdh_init_node(HDNode *node, const char *seed_str, const char *curve_name) {
 	hdnode_from_seed((const uint8_t *)seed_str, strlen(seed_str), curve_name, node);
 	hdnode_fill_public_key(node);
@ -4602,6 +4731,12 @@ Suite *test_suite(void)
 	tcase_add_test(tc, test_ed25519_cosi);
 	suite_add_tcase(s, tc);

+	tc = tcase_create("ed25519_modm");
+	tcase_add_test(tc, test_ed25519_modl_add);
+	tcase_add_test(tc, test_ed25519_modl_neg);
+	tcase_add_test(tc, test_ed25519_modl_sub);
+	suite_add_tcase(s, tc);
+
 	tc = tcase_create("script");
 	tcase_add_test(tc, test_output_script);
 	suite_add_tcase(s, tc);