4rkal/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-01-28 18:56:31 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

remove unused X25519 conversion functions

Browse Source
This commit is contained in:
jeffro256 2025-01-09 00:27:27 -06:00
parent d3bc1ee957
commit f85d3cb5c2
No known key found for this signature in database
GPG Key ID: 6F79797A6E392442
3 changed files with 2 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
src/crypto/crypto-ops.c
View File

@ -3844,11 +3844,6 @@ static void edwardsYZ_to_x25519(unsigned char *xbytes, const fe Y, const fe Z) {
fe_tobytes(xbytes, tmp0); // tobytes((Z + Y) / (Z - Y))
}
void ge_p2_to_x25519(unsigned char *xbytes, const ge_p2 *h)
{
edwardsYZ_to_x25519(xbytes, h->Y, h->Z);
}
void ge_p3_to_x25519(unsigned char *xbytes, const ge_p3 *h)
{
edwardsYZ_to_x25519(xbytes, h->Y, h->Z);
@ -3910,6 +3905,8 @@ int edwards_bytes_to_x25519_vartime(unsigned char *xbytes, const unsigned char *
Y[8] = h8;
Y[9] = h9;
/* End fe_frombytes.c */
fe Z;
fe_1(Z);
@ -3918,110 +3915,6 @@ int edwards_bytes_to_x25519_vartime(unsigned char *xbytes, const unsigned char *
return 0;
}
int ge_fromx25519_vartime(ge_p3 *h, const unsigned char *s) {
fe u;
fe v;
fe vxx;
fe check;
/* From fe_frombytes.c */
int64_t h0 = load_4(s);
int64_t h1 = load_3(s + 4) << 6;
int64_t h2 = load_3(s + 7) << 5;
int64_t h3 = load_3(s + 10) << 3;
int64_t h4 = load_3(s + 13) << 2;
int64_t h5 = load_4(s + 16);
int64_t h6 = load_3(s + 20) << 7;
int64_t h7 = load_3(s + 23) << 5;
int64_t h8 = load_3(s + 26) << 4;
int64_t h9 = (load_3(s + 29) & 8388607) << 2;
int64_t carry0;
int64_t carry1;
int64_t carry2;
int64_t carry3;
int64_t carry4;
int64_t carry5;
int64_t carry6;
int64_t carry7;
int64_t carry8;
int64_t carry9;
/* Validate the number to be canonical */
if (h9 == 33554428 && h8 == 268435440 && h7 == 536870880 && h6 == 2147483520 &&
h5 == 4294967295 && h4 == 67108860 && h3 == 134217720 && h2 == 536870880 &&
h1 == 1073741760 && h0 >= 4294967277) {
return -1;
}
carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
/* End fe_frombytes.c */
/* Start ge_fromx25519_vartime specific code */
check[0] = h0;
check[1] = h1;
check[2] = h2;
check[3] = h3;
check[4] = h4;
check[5] = h5;
check[6] = h6;
check[7] = h7;
check[8] = h8;
check[9] = h9; /* load s into `check`, where s is the X coordinate of the X25519 point */
fe_1(v); /* v = 1 */
fe_copy(u, v); /* u = 1 */
u[0] = -1; /* u = -1 */
fe_add(u, u, check); /* u = s - 1 */
fe_add(v, v, check); /* v = s + 1 */
fe_invert(v, v); /* v = 1 / (s + 1) */
fe_mul(h->Y, u, v); /* Y = (s - 1) / (s + 1) */
/* End ge_fromx25519_vartime specific code */
fe_1(h->Z);
fe_sq(u, h->Y);
fe_mul(v, u, fe_d);
fe_sub(u, u, h->Z); /* u = y^2-1 */
fe_add(v, v, h->Z); /* v = dy^2+1 */
fe_divpowm1(h->X, u, v); /* x = uv^3(uv^7)^((q-5)/8) */
fe_sq(vxx, h->X);
fe_mul(vxx, vxx, v);
fe_sub(check, vxx, u); /* vx^2-u */
if (fe_isnonzero(check)) {
fe_add(check, vxx, u); /* vx^2+u */
if (fe_isnonzero(check)) {
return -1;
}
fe_mul(h->X, h->X, fe_sqrtm1);
}
if (fe_isnegative(h->X)) {
/* If x = 0, the sign must be positive */
if (!fe_isnonzero(h->X)) {
return -1;
}
fe_neg(h->X, h->X);
}
fe_mul(h->T, h->X, h->Y);
return 0;
}
int ge_p3_is_point_at_infinity_vartime(const ge_p3 *p) {
// https://eprint.iacr.org/2008/522
// X == T == 0 and Y/Z == 1

6
src/crypto/crypto-ops.h
View File

@ -159,15 +159,9 @@ int sc_isnonzero(const unsigned char *); /* Doesn't normalize */
/**
* brief: Convert Ed25519 y-coord to X25519 x-coord, AKA "ConvertPointE()" in the Carrot spec
*/
void ge_p2_to_x25519(unsigned char *xbytes, const ge_p2 *h);
void ge_p3_to_x25519(unsigned char *xbytes, const ge_p3 *h);
int edwards_bytes_to_x25519_vartime(unsigned char *xbytes, const unsigned char *s);
/**
* brief: Convert X25519 x-coord to Ed25519 point with positive sign
*/
int ge_fromx25519_vartime(ge_p3 *h, const unsigned char *s);
// internal
uint64_t load_3(const unsigned char *in);
uint64_t load_4(const unsigned char *in);

20
tests/unit_tests/crypto.cpp
View File

@ -616,23 +616,3 @@ TEST(Crypto, ConvertPointE_EraseSign)
EXPECT_EQ(P_mont, negP_mont);
}
TEST(Crypto, ge_fromx25519_vartime_Base)
{
const crypto::x25519_pubkey B = {{9}};
crypto::public_key G_actual;
ge_p3 G_actual_p3;
ge_fromx25519_vartime(&G_actual_p3, B.data);
ge_p3_tobytes(to_bytes(G_actual), &G_actual_p3);
EXPECT_EQ(crypto::get_G(), G_actual);
}
TEST(Crypto, ge_fromx25519_vartime_RandomPointNominalSuccess)
{
const crypto::x25519_pubkey P = crypto::x25519_pubkey_gen();
ge_p3 h;
EXPECT_EQ(0, ge_fromx25519_vartime(&h, P.data));
}