fixup! feat(crypto): implement elligator2

2025-07-14 02:28:19 +00:00 · 2024-04-02 16:42:28 +02:00 · 2024-04-02 16:42:28 +02:00 · db58a0d0f9
commit db58a0d0f9
parent 3b95013915
3 changed files with 8 additions and 7 deletions
--- a/crypto/elligator2.c
+++ b/crypto/elligator2.c
@ -47,11 +47,13 @@ static void curve25519_cmov(bignum25519 out, const bignum25519 a,
  memzero(a_copy, sizeof(a_copy));
 }

-bool map_to_curve_elligator2_curve25519(const bignum25519 input,
+bool map_to_curve_elligator2_curve25519(const uint8_t input[32],
                                        curve25519_key output) {
  // https://www.rfc-editor.org/rfc/rfc9380.html#map-to-curve25519
  // The procedure from the above link is used, with the exception that the
  // y-coordinate of the output point is not computed, because it is not needed.
+  bignum25519 input_bignum = {0};
+  curve25519_expand(input_bignum, (unsigned char*)input);

  // c3 = sqrt(-1)
  bignum25519 c3 = {0};
@ -69,7 +71,7 @@ bool map_to_curve_elligator2_curve25519(const bignum25519 input,

  // tv1 = u^2
  bignum25519 tv1 = {0};
-  curve25519_square(tv1, input);
+  curve25519_square(tv1, input_bignum);

  // tv1 = 2 * tv1
  curve25519_add_reduce(tv1, tv1, tv1);
@ -153,7 +155,7 @@ bool map_to_curve_elligator2_curve25519(const bignum25519 input,

  // y21 = y11 * u
  bignum25519 y21 = {0};
-  curve25519_mul(y21, y11, input);
+  curve25519_mul(y21, y11, input_bignum);
  memzero(y11, sizeof(y11));

  // y21 = y21 * c2
--- a/crypto/elligator2.h
+++ b/crypto/elligator2.h
@ -20,8 +20,9 @@

 #ifndef __ELLIGATOR2_H__
 #define __ELLIGATOR2_H__
+#include <stdint.h>
 #include "ed25519-donna/ed25519.h"

-bool map_to_curve_elligator2_curve25519(const bignum25519 input,
+bool map_to_curve_elligator2_curve25519(const uint8_t input[32],
                                        curve25519_key output);
 #endif
--- a/crypto/tests/test_check.c
+++ b/crypto/tests/test_check.c
@ -10551,13 +10551,11 @@ START_TEST(test_elligator2) {
    uint8_t input[32] = {0};
    uint8_t output[32] = {0};
    uint8_t expected_output[32] = {0};
-    bignum25519 input_bignum = {0};

    memcpy(input, fromhex(tests[i].input), 32);
-    curve25519_expand(input_bignum, input);
    memcpy(expected_output, fromhex(tests[i].output), 32);

-    int res = map_to_curve_elligator2_curve25519(input_bignum, output);
+    int res = map_to_curve_elligator2_curve25519(input, output);
    ck_assert_int_eq(res, true);
    ck_assert_mem_eq(output, expected_output, 32);
  }