scalarmult: import curve methods; be standard

This commit is contained in:
Christophe Diederichs 2020-06-16 15:53:27 +02:00
parent 8aae7efea2
commit 67a4ba77cb

View File

@ -1,3 +1,5 @@
const { _9, _121665, gf, inv25519, pack25519, unpack25519, sel25519, A, M, Z, S } = require('./ed25519.js')
module.exports = { module.exports = {
crypto_scalarmult, crypto_scalarmult,
crypto_scalarmult_base, crypto_scalarmult_base,
@ -9,56 +11,56 @@ function crypto_scalarmult(q, n, p) {
check(q, crypto_scalarmult_BYTES) check(q, crypto_scalarmult_BYTES)
check(n, crypto_scalarmult_SCALARBYTES) check(n, crypto_scalarmult_SCALARBYTES)
check(p, crypto_scalarmult_BYTES) check(p, crypto_scalarmult_BYTES)
var z = new Uint8Array(32); var z = new Uint8Array(32)
var x = new Float64Array(80), r, i; var x = new Float64Array(80), r, i
var a = gf(), b = gf(), c = gf(), var a = gf(), b = gf(), c = gf(),
d = gf(), e = gf(), f = gf(); d = gf(), e = gf(), f = gf()
for (i = 0; i < 31; i++) z[i] = n[i]; for (i = 0; i < 31; i++) z[i] = n[i]
z[31]=(n[31]&127)|64; z[31] = (n[31] & 127) | 64
z[0]&=248; z[0] &= 248
unpack25519(x,p); unpack25519(x, p)
for (i = 0; i < 16; i++) { for (i = 0; i < 16; i++) {
b[i]=x[i]; b[i] = x[i]
d[i]=a[i]=c[i]=0; d[i] = a[i] = c[i] = 0
} }
a[0]=d[0]=1; a[0] = d[0] = 1
for (i = 254; i >= 0; --i) { for (i = 254; i >= 0; --i) {
r=(z[i>>>3]>>>(i&7))&1; r = (z[i >>> 3] >>> (i & 7)) & 1
sel25519(a,b,r); sel25519(a, b, r)
sel25519(c,d,r); sel25519(c, d, r)
A(e,a,c); A(e, a, c)
Z(a,a,c); Z(a, a, c)
A(c,b,d); A(c, b, d)
Z(b,b,d); Z(b, b, d)
S(d,e); S(d, e)
S(f,a); S(f, a)
M(a,c,a); M(a, c, a)
M(c,b,e); M(c, b, e)
A(e,a,c); A(e, a, c)
Z(a,a,c); Z(a, a, c)
S(b,a); S(b, a)
Z(c,d,f); Z(c, d, f)
M(a,c,_121665); M(a, c, _121665)
A(a,a,d); A(a, a, d)
M(c,c,a); M(c, c, a)
M(a,d,f); M(a, d, f)
M(d,b,x); M(d, b, x)
S(b,e); S(b, e)
sel25519(a,b,r); sel25519(a, b, r)
sel25519(c,d,r); sel25519(c, d, r)
} }
for (i = 0; i < 16; i++) { for (i = 0; i < 16; i++) {
x[i+16]=a[i]; x[i + 16] = a[i]
x[i+32]=c[i]; x[i + 32] = c[i]
x[i+48]=b[i]; x[i + 48] = b[i]
x[i+64]=d[i]; x[i + 64] = d[i]
} }
var x32 = x.subarray(32); var x32 = x.subarray(32)
var x16 = x.subarray(16); var x16 = x.subarray(16)
inv25519(x32,x32); inv25519(x32, x32)
M(x16,x16,x32); M(x16, x16, x32)
pack25519(q,x16); pack25519(q, x16)
return 0; return 0
} }
module.exports = { module.exports = {
@ -69,14 +71,13 @@ module.exports = {
} }
function crypto_scalarmult_base (q, n) { function crypto_scalarmult_base (q, n) {
return crypto_scalarmult(q, n, _9); return crypto_scalarmult(q, n, _9)
} }
function check (buf, len) { function check (buf, len) {
if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : '')) if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : ''))
} }
var crypto_scalarmult_BYTES = 32
var crypto_scalarmult_BYTES, var crypto_scalarmult_SCALARBYTES = 32
crypto_scalarmult_SCALARBYTES = 32, var crypto_scalarmult_BYTES = 32
crypto_scalarmult_BYTES, var crypto_scalarmult_SCALARBYTES = 32
crypto_scalarmult_SCALARBYTES = 32