github.com/jiajun1992/watercarver@v0.0.0-20191031150618-dfc2b17c0c4a/StadiumForWaterCarver/src/edgamal_internal_impl.h (about) 1 // ed25519 imports 2 // #include "curve25519-donna-64bit.h" 3 // #include "ed25519-donna-basepoint-table.h" 4 // #include "ed25519-donna-impl-base.h" 5 // #include "modm-donna-64bit.h" 6 7 #include <stdint.h> 8 #include <stdio.h> 9 #include <string.h> 10 11 #include "ed.c" 12 13 static const edgamal_curve_point edgamal_zeropoint = { 14 {0x0007ffffffffffed,0x0007ffffffffffff,0x0007ffffffffffff,0x0007ffffffffffff,0x0007ffffffffffff}, 15 {0x0007ffffffffffee,0x0007ffffffffffff,0x0007ffffffffffff,0x0007ffffffffffff,0x0007ffffffffffff}, 16 {0x0000000000000001,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000}, 17 {0x0007ffffffffffed,0x0007ffffffffffff,0x0007ffffffffffff,0x0007ffffffffffff,0x0007ffffffffffff}}; 18 19 static const edgamal_curve_point edgamal_basepoint = { 20 {0x00062d608f25d51a,0x000412a4b4f6592a,0x00075b7171a4b31d,0x0001ff60527118fe,0x000216936d3cd6e5}, 21 {0x0006666666666658,0x0004cccccccccccc,0x0001999999999999,0x0003333333333333,0x0006666666666666}, 22 {0x0000000000000001,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000}, 23 {0x00068ab3a5b7dda3,0x00000eea2a5eadbb,0x0002af8df483c27e,0x000332b375274732,0x00067875f0fd78b7}}; 24 25 26 static inline void edgamal_renormalize_point(edgamal_curve_point *out, const edgamal_curve_point *in) { 27 bignum25519 zi, one = {1}; 28 29 curve25519_recip(zi, in->z); 30 curve25519_mul(out->x, in->x, zi); 31 curve25519_mul(out->y, in->y, zi); 32 curve25519_mul(out->t, out->x, out->y); 33 curve25519_copy(out->z, one); 34 } 35 36 static inline void edgamal_copy_point(edgamal_curve_point *out, const edgamal_curve_point *in) { 37 curve25519_copy(out->x, in->x); 38 curve25519_copy(out->y, in->y); 39 curve25519_copy(out->z, in->z); 40 curve25519_copy(out->t, in->t); 41 } 42 43 // TODO should be able to compare by cross-multiplying denominators instead of dividing by z 44 static inline int edgamal_compare_points(const edgamal_curve_point *a, const edgamal_curve_point *b) { 45 uint8_t temp1[32], temp2[32]; 46 47 edgamal_compress_point(temp1, a); 48 edgamal_compress_point(temp2, b); 49 50 return memcmp(temp1, temp2, 32); 51 } 52 static inline int edgamal_compare_scalars(const edgamal_curve_scalar a, const edgamal_curve_scalar b) { 53 bignum256modm t_a, t_b; 54 edgamal_curve_scalar p_a, p_b; 55 56 // TODO inefficient 57 expand256_modm(t_a, a, 32); 58 expand256_modm(t_b, b, 32); 59 60 contract256_modm(p_a, t_a); 61 contract256_modm(p_b, t_b); 62 63 return memcmp(p_a, p_b, 32); 64 } 65 66 #include <assert.h> 67 static inline void edgamal_compress_point(uint8_t out[32], const edgamal_curve_point *in) { 68 ge25519_pack(out, in); 69 } 70 static inline void edgamal_decompress_point(edgamal_curve_point *out, const uint8_t in[32]) { 71 int r = ge25519_unpack_vartime(out, in); 72 if (r == 0) { 73 printf("warning: encountered faulty point\n"); 74 } 75 /* assert (r != 0); */ 76 } 77 78 static inline void edgamal_serialize_point(uint8_t out[128], const edgamal_curve_point *in) { 79 curve25519_contract(&out[ 0], in->x); 80 curve25519_contract(&out[32], in->y); 81 curve25519_contract(&out[64], in->z); 82 curve25519_contract(&out[96], in->t); 83 } 84 static inline void edgamal_deserialize_point(edgamal_curve_point *out, const uint8_t in[128]) { 85 curve25519_expand(out->x, &in[ 0]); 86 curve25519_expand(out->y, &in[32]); 87 curve25519_expand(out->z, &in[64]); 88 curve25519_expand(out->t, &in[96]); 89 } 90 91 static inline void edgamal_random_scalar(edgamal_curve_scalar s) { 92 ed25519_randombytes_unsafe(s, EDGAMAL_CURVE_SCALAR_SIZE); 93 } 94 static inline void edgamal_random_point(edgamal_curve_point *p) { 95 edgamal_curve_scalar temp; 96 edgamal_curve_point raw; 97 98 ed25519_randombytes_unsafe(&temp, EDGAMAL_CURVE_SCALAR_SIZE); 99 edgamal_scalar_multiply_basepoint(&raw, temp); 100 } 101 static inline void edgamal_random_pair(edgamal_curve_scalar s, edgamal_curve_point *p) { 102 edgamal_curve_point raw; 103 104 ed25519_randombytes_unsafe(s, EDGAMAL_CURVE_SCALAR_SIZE); 105 edgamal_scalar_multiply_basepoint(&raw, s); 106 } 107 108 static inline void edgamal_add_scalars(edgamal_curve_scalar out, const edgamal_curve_scalar a, const edgamal_curve_scalar b) { 109 bignum256modm t_out, t_a, t_b; 110 111 expand256_modm(t_a, a, EDGAMAL_CURVE_SCALAR_SIZE); 112 expand256_modm(t_b, b, EDGAMAL_CURVE_SCALAR_SIZE); 113 114 add256_modm(t_out, t_a, t_b); 115 116 contract256_modm(out, t_out); 117 } 118 static inline void edgamal_multiply_scalars(edgamal_curve_scalar out, const edgamal_curve_scalar a, const edgamal_curve_scalar b) { 119 bignum256modm t_out, t_a, t_b; 120 121 expand256_modm(t_a, a, EDGAMAL_CURVE_SCALAR_SIZE); 122 expand256_modm(t_b, b, EDGAMAL_CURVE_SCALAR_SIZE); 123 124 mul256_modm(t_out, t_a, t_b); 125 126 contract256_modm(out, t_out); 127 } 128 129 static inline void edgamal_add_points(edgamal_curve_point *r, const edgamal_curve_point *p, const edgamal_curve_point *q) { 130 ge25519_add(r, p, q); 131 } 132 static inline void edgamal_double_point(edgamal_curve_point *out, const edgamal_curve_point *in) { 133 ge25519_double(out, in); 134 } 135 static inline void edgamal_negate_point(edgamal_curve_point *out, const edgamal_curve_point *in) { 136 curve25519_neg(out->x, in->x); 137 curve25519_copy(out->y, in->y); 138 curve25519_copy(out->z, in->z); 139 curve25519_neg(out->t, in->t); 140 } 141 static inline void edgamal_scalar_multiply_point(edgamal_curve_point *out, const edgamal_curve_point *base, const edgamal_curve_scalar exponent) { 142 bignum256modm temp; 143 144 expand256_modm(temp, exponent, EDGAMAL_CURVE_SCALAR_SIZE); // TODO this is vartime 145 146 ge25519_scale_vartime(out, base, temp); 147 } 148 static inline void edgamal_scalar_multiply_basepoint(edgamal_curve_point *out, const edgamal_curve_scalar exponent) { 149 bignum256modm temp; 150 151 expand256_modm(temp, exponent, EDGAMAL_CURVE_SCALAR_SIZE); // TODO this is vartime 152 153 ge25519_scalarmult_base_niels(out, ge25519_niels_base_multiples, temp); 154 } 155 156 // static inline void edgamal_print_point(const edgamal_curve_point *p) 157 #define edgamal_print_point(p) \ 158 int i; \ 159 printf("x:"); \ 160 for (i = 0; i < 5; i++) { \ 161 printf("0x%016llx,", p->x[i]); \ 162 } \ 163 \ 164 printf(" y:"); \ 165 for (i = 0; i < 5; i++) { \ 166 printf("0x%016llx,", p->y[i]); \ 167 } \ 168 \ 169 printf(" t:"); \ 170 for (i = 0; i < 5; i++) { \ 171 printf("0x%016llx,", p->t[i]); \ 172 } \ 173 \ 174 printf(" z:"); \ 175 for (i = 0; i < 5; i++) { \ 176 printf("0x%016llx,", p->z[i]); \ 177 } \ 178 179 // static inline void edgamal_print_point_packed(const edgamal_curve_point *p) 180 #define edgamal_print_point_packed(p) \ 181 uint8_t temp[32]; \ 182 \ 183 edgamal_compress_point(temp, p); \ 184 \ 185 int i; \ 186 for (i = 0; i < 32; i++) { \ 187 printf("%02hhx ", temp[i]); \ 188 } \ 189