arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-07-17 20:18:10 +00:00
Code Issues Releases Wiki Activity

fixup! feat(crypto): implement elligator2

Browse Source
This commit is contained in:
Ondřej Vejpustek 2024-04-02 16:42:28 +02:00
parent 3b95013915
commit db58a0d0f9
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/elligator2.c
View File

@ -47,11 +47,13 @@ static void curve25519_cmov(bignum25519 out, const bignum25519 a,
memzero(a_copy, sizeof(a_copy)); memzero(a_copy, sizeof(a_copy));
} }
bool map_to_curve_elligator2_curve25519(const bignum25519 input, bool map_to_curve_elligator2_curve25519(const uint8_t input[32],
curve25519_key output) { curve25519_key output) {
// https://www.rfc-editor.org/rfc/rfc9380.html#map-to-curve25519 // https://www.rfc-editor.org/rfc/rfc9380.html#map-to-curve25519
// The procedure from the above link is used, with the exception that the // The procedure from the above link is used, with the exception that the
// y-coordinate of the output point is not computed, because it is not needed. // y-coordinate of the output point is not computed, because it is not needed.
bignum25519 input_bignum = {0};
curve25519_expand(input_bignum, (unsigned char*)input);
// c3 = sqrt(-1) // c3 = sqrt(-1)
bignum25519 c3 = {0}; bignum25519 c3 = {0};
@ -69,7 +71,7 @@ bool map_to_curve_elligator2_curve25519(const bignum25519 input,
// tv1 = u^2 // tv1 = u^2
bignum25519 tv1 = {0}; bignum25519 tv1 = {0};
curve25519_square(tv1, input); curve25519_square(tv1, input_bignum);
// tv1 = 2 * tv1 // tv1 = 2 * tv1
curve25519_add_reduce(tv1, tv1, tv1); curve25519_add_reduce(tv1, tv1, tv1);
@ -153,7 +155,7 @@ bool map_to_curve_elligator2_curve25519(const bignum25519 input,
// y21 = y11 * u // y21 = y11 * u
bignum25519 y21 = {0}; bignum25519 y21 = {0};
curve25519_mul(y21, y11, input); curve25519_mul(y21, y11, input_bignum);
memzero(y11, sizeof(y11)); memzero(y11, sizeof(y11));
// y21 = y21 * c2 // y21 = y21 * c2

3
crypto/elligator2.h
View File

@ -20,8 +20,9 @@
#ifndef __ELLIGATOR2_H__ #ifndef __ELLIGATOR2_H__
#define __ELLIGATOR2_H__ #define __ELLIGATOR2_H__
#include <stdint.h>
#include "ed25519-donna/ed25519.h" #include "ed25519-donna/ed25519.h"
bool map_to_curve_elligator2_curve25519(const bignum25519 input, bool map_to_curve_elligator2_curve25519(const uint8_t input[32],
curve25519_key output); curve25519_key output);
#endif #endif

4
crypto/tests/test_check.c
View File

@ -10551,13 +10551,11 @@ START_TEST(test_elligator2) {
uint8_t input[32] = {0}; uint8_t input[32] = {0};
uint8_t output[32] = {0}; uint8_t output[32] = {0};
uint8_t expected_output[32] = {0}; uint8_t expected_output[32] = {0};
bignum25519 input_bignum = {0};
memcpy(input, fromhex(tests[i].input), 32); memcpy(input, fromhex(tests[i].input), 32);
curve25519_expand(input_bignum, input);
memcpy(expected_output, fromhex(tests[i].output), 32); memcpy(expected_output, fromhex(tests[i].output), 32);
int res = map_to_curve_elligator2_curve25519(input_bignum, output); int res = map_to_curve_elligator2_curve25519(input, output);
ck_assert_int_eq(res, true); ck_assert_int_eq(res, true);
ck_assert_mem_eq(output, expected_output, 32); ck_assert_mem_eq(output, expected_output, 32);
} }