Unify Curve25519 scalar masking functions.

The C functions `x25519_scalar_mask()` and `GFp_ed25519_scalar_mask()` are equivalent. Just keep one, with an updated name. We prefer the implementation that most closely tracks the X25519 and Ed25519 RFCs. I agree to license my contributions to each file under the terms given at the top of each file I changed.
2017-05-03 15:12:42 -07:00 · 2017-05-03 15:12:42 -07:00 · 503116373d
commit 503116373d
parent ee84bc9b80
2 changed files with 7 additions and 16 deletions
--- a/crypto/curve25519/curve25519.c
+++ b/crypto/curve25519/curve25519.c
@ -30,6 +30,7 @@


 /* Prevent -Wmissing-prototypes warnings. */
+void GFp_curve25519_scalar_mask(uint8_t a[32]);
 void GFp_fe_invert(fe out, const fe z);
 uint8_t GFp_fe_isnegative(const fe f);
 void GFp_fe_mul(fe h, const fe f, const fe g);
@ -4520,13 +4521,9 @@ void GFp_x25519_sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b,
  s[31] = (uint8_t)(s11 >> 17);
 }

-
-/* Prototype to avoid -Wmissing-prototypes warnings. */
-void GFp_ed25519_scalar_mask(uint8_t a[32]);
-
-void GFp_ed25519_scalar_mask(uint8_t a[32]) {
+void GFp_curve25519_scalar_mask(uint8_t a[32]) {
  a[0] &= 248;
-  a[31] &= 63;
+  a[31] &= 127;
  a[31] |= 64;
 }

@ -4618,12 +4615,6 @@ static void GFp_fe_mul121666(fe h, fe f) {
  h[9] = (int32_t)h9;
 }

-static void x25519_scalar_mask(uint8_t e[32]) {
-  e[0] &= 248;
-  e[31] &= 127;
-  e[31] |= 64;
-}
-
 static void x25519_scalar_mult_generic(uint8_t out[32],
                                       const uint8_t scalar[32],
                                       const uint8_t point[32]) {
@ -4631,7 +4622,7 @@ static void x25519_scalar_mult_generic(uint8_t out[32],

  uint8_t e[32];
  memcpy(e, scalar, 32);
-  x25519_scalar_mask(e);
+  GFp_curve25519_scalar_mask(e);
  fe_frombytes(x1, point);
  fe_1(x2);
  fe_0(z2);
@ -4718,7 +4709,7 @@ void GFp_x25519_public_from_private(uint8_t out_public_value[32],

  uint8_t e[32];
  memcpy(e, private_key, 32);
-  x25519_scalar_mask(e);
+  GFp_curve25519_scalar_mask(e);

  ge_p3 A;
  GFp_x25519_ge_scalarmult_base(&A, e);
--- a/src/ec/curve25519/ed25519.rs
+++ b/src/ec/curve25519/ed25519.rs
@ -150,7 +150,7 @@ impl<'a> Ed25519KeyPair {

        let mut scalar = [0u8; SCALAR_LEN];
        scalar.copy_from_slice(&scalar_encoded);
-        unsafe { GFp_ed25519_scalar_mask(&mut scalar) };
+        unsafe { GFp_curve25519_scalar_mask(&mut scalar) };

        let mut prefix = [0u8; PREFIX_LEN];
        prefix.copy_from_slice(prefix_encoded);
@ -289,7 +289,7 @@ fn digest_scalar(digest: digest::Digest) -> Scalar {
 }

 extern  {
-    fn GFp_ed25519_scalar_mask(a: &mut Scalar);
+    fn GFp_curve25519_scalar_mask(a: &mut Scalar);
    fn GFp_ge_double_scalarmult_vartime(r: &mut Point, a_coeff: &Scalar,
                                        a: &ExtPoint, b_coeff: &Scalar);
    fn GFp_x25519_ge_scalarmult_base(h: &mut ExtPoint, a: &Seed);