Add unclamped versions of scalarmult_ed25519*()

2018-12-18 22:46:56 +01:00 · 2018-12-18 22:46:56 +01:00 · b42082d6d2
commit b42082d6d2
parent 536ed00d2c
2 changed files with 58 additions and 17 deletions
--- a/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c
+++ b/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c
@ -28,9 +28,9 @@ _crypto_scalarmult_ed25519_clamp(unsigned char k[32])
    k[31] |= 64;
 }

-int
-crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
-                          const unsigned char *p)
+static int
+_crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
+                           const unsigned char *p, const int clamp)
 {
    unsigned char *t = q;
    ge25519_p3     Q;
@ -44,7 +44,9 @@ crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
    for (i = 0; i < 32; ++i) {
        t[i] = n[i];
    }
-    _crypto_scalarmult_ed25519_clamp(t);
+    if (clamp != 0) {
+        _crypto_scalarmult_ed25519_clamp(t);
+    }
    ge25519_scalarmult(&Q, t, &P);
    ge25519_p3_tobytes(q, &Q);
    if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) {
@ -53,24 +55,54 @@ crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
    return 0;
 }

+int
+crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
+                          const unsigned char *p)
+{
+    return _crypto_scalarmult_ed25519(q, n, p, 1);
+}
+
+int
+crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n,
+                                  const unsigned char *p)
+{
+    return _crypto_scalarmult_ed25519(q, n, p, 0);
+}
+
+static int
+_crypto_scalarmult_ed25519_base(unsigned char *q,
+                                const unsigned char *n, const int clamp)
+{
+    unsigned char *t = q;
+    ge25519_p3     Q;
+    unsigned int   i;
+
+    for (i = 0; i < 32; ++i) {
+        t[i] = n[i];
+    }
+    if (clamp != 0) {
+        _crypto_scalarmult_ed25519_clamp(t);
+    }
+    ge25519_scalarmult_base(&Q, t);
+    ge25519_p3_tobytes(q, &Q);
+    if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) {
+        return -1;
+    }
+    return 0;
+}
+
 int
 crypto_scalarmult_ed25519_base(unsigned char *q,
                               const unsigned char *n)
 {
-    unsigned char *t = q;
-    ge25519_p3     Q;
-    unsigned int   i;
+    return _crypto_scalarmult_ed25519_base(q, n, 1);
+}

-    for (i = 0; i < 32; ++i) {
-        t[i] = n[i];
-    }
-    _crypto_scalarmult_ed25519_clamp(t);
-    ge25519_scalarmult_base(&Q, t);
-    ge25519_p3_tobytes(q, &Q);
-    if (sodium_is_zero(n, 32) != 0) {
-        return -1;
-    }
-    return 0;
+int
+crypto_scalarmult_ed25519_base_noclamp(unsigned char *q,
+                                       const unsigned char *n)
+{
+    return _crypto_scalarmult_ed25519_base(q, n, 0);
 }

 size_t
--- a/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h
+++ b/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h
@ -31,10 +31,19 @@ int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
                              const unsigned char *p)
            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));

+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n,
+                                      const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
 SODIUM_EXPORT
 int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n)
            __attribute__ ((nonnull));

+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
 #ifdef __cplusplus
 }
 #endif