forked from data61/MP-SPDZ
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCurveElement.cpp
142 lines (123 loc) · 3.18 KB
/
CurveElement.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
/*
* Element.cpp
*
*/
#include <ECDSA/CurveElement.h>
#include "Math/gfp.hpp"
unsigned char CurveElement::zero[crypto_core_ristretto255_BYTES];
void CurveElement::init()
{
Scalar::init_field(
(bigint(1) << 252) + bigint("27742317777372353535851937790883648493"),
false);
if(sodium_init() == -1)
throw runtime_error("cannot initalize sodium");
unsigned char tmp[crypto_core_ristretto255_SCALARBYTES];
memset(tmp, 0, sizeof(tmp));
crypto_scalarmult_ristretto255_base(zero, tmp);
}
void CurveElement::convert(unsigned char* res, const Scalar& other)
{
bigint tmp;
tmp = other;
assert(tmp.__get_mp()->_mp_size * sizeof(mp_limb_t) <= crypto_core_ristretto255_SCALARBYTES);
memset(res, 0, crypto_core_ristretto255_SCALARBYTES);
memcpy(res, tmp.__get_mp()->_mp_d, abs(tmp.__get_mp()->_mp_size) * sizeof(mp_limb_t));
}
CurveElement::CurveElement()
{
memcpy(a, zero, sizeof(a));
check();
}
CurveElement::CurveElement(const Scalar& other)
{
unsigned char tmp[crypto_core_ristretto255_SCALARBYTES];
convert(tmp, other);
crypto_scalarmult_ristretto255_base(a, tmp);
check();
}
CurveElement::CurveElement(word other)
{
if (other == 0)
{
*this = CurveElement();
return;
}
unsigned char tmp[crypto_core_ristretto255_SCALARBYTES];
memset(tmp, 0, sizeof(tmp));
memcpy(tmp, &other, sizeof(other));
crypto_scalarmult_ristretto255_base(a, tmp);
check();
}
void CurveElement::check()
{
#ifdef CURVE_CHECK
if (crypto_core_ristretto255_is_valid_point(a) != 1)
throw runtime_error("curve point not valid");
#endif
}
CurveElement CurveElement::operator +(const CurveElement& other) const
{
CurveElement res;
crypto_core_ristretto255_add(res.a, a, other.a);
res.check();
return res;
}
CurveElement CurveElement::operator -(const CurveElement& other) const
{
CurveElement res;
crypto_core_ristretto255_sub(res.a, a, other.a);
res.check();
return res;
}
CurveElement CurveElement::operator *(const Scalar& other) const
{
CurveElement res;
unsigned char tmp[crypto_core_ristretto255_SCALARBYTES];
convert(tmp, other);
if (crypto_scalarmult_ristretto255(res.a, tmp, a) < 0)
{
cerr << "EC multiplication by zero" << endl;
}
res.check();
return res;
}
CurveElement& CurveElement::operator +=(const CurveElement& other)
{
*this = *this + other;
return *this;
}
bool CurveElement::operator ==(const CurveElement& other) const
{
for (size_t i = 0; i < sizeof a; i++)
if (a[i] != other.a[i])
return false;
return true;
}
bool CurveElement::operator !=(const CurveElement& other) const
{
return not (*this == other);
}
void CurveElement::pack(octetStream& os) const
{
os.append(a, sizeof(a));
}
void CurveElement::unpack(octetStream& os)
{
os.consume(a, sizeof(a));
check();
}
ostream& operator <<(ostream& s, const CurveElement& x)
{
s << hex << *(word*)x.get();
return s;
}
octetStream CurveElement::hash(size_t n_bytes) const
{
octetStream os;
pack(os);
auto res = os.hash();
assert(n_bytes >= res.get_length());
res.resize_precise(n_bytes);
return res;
}