Commit ac0fe3a3 authored by Bernard van Gastel's avatar Bernard van Gastel
Browse files

Improved naming.

parent d81c4d7c
...@@ -39,12 +39,12 @@ struct Scalar { ...@@ -39,12 +39,12 @@ struct Scalar {
std::string_view raw() const { std::string_view raw() const {
return {reinterpret_cast<const char*>(value), sizeof(value)}; return {reinterpret_cast<const char*>(value), sizeof(value)};
} }
GroupElement base() const; GroupElement mult_base() const;
Scalar invert() const ; // s * s^-1 = 1 Scalar invert() const ; // s * s^-1 = 1
Scalar complement() const ; // s + comp = 1 (mod L) Scalar complement() const ; // s + comp = 1 (mod L)
Scalar operator-() const; // negate Scalar operator-() const; // negate
bool zero() const; bool is_zero() const;
bool valid() const; bool is_valid() const;
std::string hex() const; std::string hex() const;
static Scalar FromHex(std::string_view view); static Scalar FromHex(std::string_view view);
// returns a scalar != 0 // returns a scalar != 0
...@@ -72,8 +72,8 @@ struct GroupElement { ...@@ -72,8 +72,8 @@ struct GroupElement {
std::string_view raw() const { std::string_view raw() const {
return {reinterpret_cast<const char*>(value), sizeof(value)}; return {reinterpret_cast<const char*>(value), sizeof(value)};
} }
bool zero() const; bool is_zero() const;
bool valid() const; bool is_valid() const;
std::string hex() const; std::string hex() const;
static GroupElement FromHex(std::string_view view); static GroupElement FromHex(std::string_view view);
// returns a group element which can be zero // returns a group element which can be zero
......
...@@ -20,7 +20,7 @@ static_assert(crypto_core_ristretto255_BYTES == GroupElement::BYTES); ...@@ -20,7 +20,7 @@ static_assert(crypto_core_ristretto255_BYTES == GroupElement::BYTES);
// documentation of libsodium primitives: https://libsodium.gitbook.io/doc/advanced/point-arithmetic/ristretto // documentation of libsodium primitives: https://libsodium.gitbook.io/doc/advanced/point-arithmetic/ristretto
GroupElement Scalar::base() const { GroupElement Scalar::mult_base() const {
GroupElement r; GroupElement r;
if (crypto_scalarmult_ristretto255_base(r.value, value) != 0) if (crypto_scalarmult_ristretto255_base(r.value, value) != 0)
throw std::invalid_argument("base of scalar gave error (probably scalar is 0)"); throw std::invalid_argument("base of scalar gave error (probably scalar is 0)");
...@@ -41,10 +41,10 @@ Scalar Scalar::complement() const { ...@@ -41,10 +41,10 @@ Scalar Scalar::complement() const {
crypto_core_ristretto255_scalar_complement(r.value, value); crypto_core_ristretto255_scalar_complement(r.value, value);
return r; return r;
} }
[[maybe_unused]] bool Scalar::zero() const { bool Scalar::is_zero() const {
return sodium_is_zero(value, sizeof(value)); return sodium_is_zero(value, sizeof(value));
} }
bool Scalar::valid() const { bool Scalar::is_valid() const {
// sc25519_is_canonical() from ed25519_ref10.c // sc25519_is_canonical() from ed25519_ref10.c
/* 2^252+27742317777372353535851937790883648493 */ /* 2^252+27742317777372353535851937790883648493 */
...@@ -74,7 +74,7 @@ Scalar Scalar::FromHex(std::string_view view) { ...@@ -74,7 +74,7 @@ Scalar Scalar::FromHex(std::string_view view) {
throw std::invalid_argument("Scalar::FromHex expected different size"); throw std::invalid_argument("Scalar::FromHex expected different size");
Scalar retval; Scalar retval;
::FromHex(retval.value, view); ::FromHex(retval.value, view);
if (!retval.valid() || retval.zero()) if (!retval.is_valid() || retval.is_zero())
throw std::invalid_argument("Scalar::FromHex produced invalid or zero Scalar"); throw std::invalid_argument("Scalar::FromHex produced invalid or zero Scalar");
return retval; return retval;
} }
...@@ -89,15 +89,15 @@ Scalar Scalar::Random() { ...@@ -89,15 +89,15 @@ Scalar Scalar::Random() {
Scalar Scalar::FromHash(uint8_t (&value)[64]) { Scalar Scalar::FromHash(uint8_t (&value)[64]) {
Scalar r; Scalar r;
crypto_core_ristretto255_scalar_reduce(r.value, value); crypto_core_ristretto255_scalar_reduce(r.value, value);
r.value[0] |= r.zero() ? 0x1 : 0x0; r.value[0] |= r.is_zero() ? 0x1 : 0x0;
EXPECT(r.valid()); EXPECT(r.valid());
EXPECT(!r.zero()); EXPECT(!r.zero());
return r; return r;
} }
[[maybe_unused]] bool GroupElement::zero() const { bool GroupElement::is_zero() const {
return sodium_is_zero(value, sizeof(value)); return sodium_is_zero(value, sizeof(value));
} }
bool GroupElement::valid() const { bool GroupElement::is_valid() const {
return crypto_core_ristretto255_is_valid_point(value); return crypto_core_ristretto255_is_valid_point(value);
} }
std::string GroupElement::hex() const { std::string GroupElement::hex() const {
...@@ -108,7 +108,7 @@ GroupElement GroupElement::FromHex(std::string_view view) { ...@@ -108,7 +108,7 @@ GroupElement GroupElement::FromHex(std::string_view view) {
throw std::invalid_argument("GroupElement::FromHex expected different size"); throw std::invalid_argument("GroupElement::FromHex expected different size");
GroupElement retval; GroupElement retval;
::FromHex(retval.value, view); ::FromHex(retval.value, view);
if (!retval.valid() || retval.zero()) if (!retval.is_valid() || retval.is_zero())
throw std::invalid_argument("GroupElement::FromHex produced invalid or zero GroupElement"); throw std::invalid_argument("GroupElement::FromHex produced invalid or zero GroupElement");
return retval; return retval;
} }
...@@ -167,13 +167,13 @@ Scalar operator/(const Scalar& lhs, const Scalar& rhs) { ...@@ -167,13 +167,13 @@ Scalar operator/(const Scalar& lhs, const Scalar& rhs) {
GroupElement operator*(const Scalar& lhs, const GroupElement& rhs) { GroupElement operator*(const Scalar& lhs, const GroupElement& rhs) {
GroupElement r; GroupElement r;
if (0 != crypto_scalarmult_ristretto255(r.value, lhs.value, rhs.value)) if (0 != crypto_scalarmult_ristretto255(r.value, lhs.value, rhs.value))
throw std::invalid_argument("Scalar*GroupElement gave error (probably one of them is 0)"); throw std::invalid_argument("Scalar*GroupElement gave error (one of them is 0)");
return r; return r;
} }
GroupElement operator/(const GroupElement& lhs, const Scalar& rhs) { GroupElement operator/(const GroupElement& lhs, const Scalar& rhs) {
GroupElement r; GroupElement r;
if (0 != crypto_scalarmult_ristretto255(r.value, rhs.invert().value, lhs.value)) if (0 != crypto_scalarmult_ristretto255(r.value, rhs.invert().value, lhs.value))
throw std::invalid_argument("GroupElement/Scalar gave error (probably one of them is 0)"); throw std::invalid_argument("GroupElement/Scalar gave error (one of them is 0)");
return r; return r;
} }
bool operator==(const GroupElement& lhs, const GroupElement& rhs) { bool operator==(const GroupElement& lhs, const GroupElement& rhs) {
...@@ -187,7 +187,7 @@ bool operator!=(const GroupElement& lhs, const GroupElement& rhs) { ...@@ -187,7 +187,7 @@ bool operator!=(const GroupElement& lhs, const GroupElement& rhs) {
} }
GroupElement operator*(const Scalar& lhs, const _G&) { GroupElement operator*(const Scalar& lhs, const _G&) {
return lhs.base(); return lhs.mult_base();
} }
void RandomBytes(void* ptr, std::size_t length) { void RandomBytes(void* ptr, std::size_t length) {
......
...@@ -31,8 +31,8 @@ bool pep::ElGamal::operator!=(const ElGamal& rhs) const { ...@@ -31,8 +31,8 @@ bool pep::ElGamal::operator!=(const ElGamal& rhs) const {
// encrypt message M using public key Y // encrypt message M using public key Y
ElGamal pep::Encrypt(const GroupElement& M, const GroupElement& Y) { ElGamal pep::Encrypt(const GroupElement& M, const GroupElement& Y) {
auto r = Scalar::Random(); auto r = Scalar::Random();
EXPECT(!r.zero()); // Random() does never return a zero scalar EXPECT(!r.is_zero()); // Random() does never return a zero scalar
ENSURE(!Y.zero()); // we should not encrypt anything with an empty public key, as this will result in plain text send over the line ENSURE(!Y.is_zero()); // we should not encrypt anything with an empty public key, as this will result in plain text send over the line
return {r * G, M + r*Y, Y}; return {r * G, M + r*Y, Y};
} }
......
...@@ -25,7 +25,7 @@ std::tuple<GroupElement,Proof> pep::CreateProof(const Scalar& a /*secret*/, cons ...@@ -25,7 +25,7 @@ std::tuple<GroupElement,Proof> pep::CreateProof(const Scalar& a /*secret*/, cons
} }
[[nodiscard]] bool pep::VerifyProof(const GroupElement& A, const GroupElement& M, const GroupElement& N, const GroupElement& C1, const GroupElement& C2, const Scalar& s) { [[nodiscard]] bool pep::VerifyProof(const GroupElement& A, const GroupElement& M, const GroupElement& N, const GroupElement& C1, const GroupElement& C2, const Scalar& s) {
if (!A.valid() || !M.valid() || !N.valid() || !C1.valid() || !C2.valid() || !s.valid()) if (!A.is_valid() || !M.is_valid() || !N.is_valid() || !C1.is_valid() || !C2.is_valid() || !s.is_valid())
return false; return false;
HashSHA512 hash; HashSHA512 hash;
SHA512(hash, SHA512(hash,
...@@ -59,7 +59,7 @@ ProvedRerandomize pep::ProveRerandomize(const ElGamal& in, const Scalar& s) { ...@@ -59,7 +59,7 @@ ProvedRerandomize pep::ProveRerandomize(const ElGamal& in, const Scalar& s) {
} }
[[nodiscard]] std::optional<ElGamal> pep::VerifyRerandomize(const GroupElement& B, const GroupElement& C, const GroupElement& Y, const GroupElement& S, const Proof& py) { [[nodiscard]] std::optional<ElGamal> pep::VerifyRerandomize(const GroupElement& B, const GroupElement& C, const GroupElement& Y, const GroupElement& S, const Proof& py) {
// slightly different than the others, as we reuse the structure of a standard proof to reconstruct the Rerandomize operation after sending // slightly different than the others, as we reuse the structure of a standard proof to reconstruct the Rerandomize operation after sending
return B.valid() && C.valid() && VerifyProof(S, Y, py) ? return B.is_valid() && C.is_valid() && VerifyProof(S, Y, py) ?
ElGamal{S + B, py.value() + C, Y} : std::optional<ElGamal>(); ElGamal{S + B, py.value() + C, Y} : std::optional<ElGamal>();
} }
[[nodiscard]] std::optional<ElGamal> pep::VerifyRerandomize(const ElGamal& in, const ProvedRerandomize& p) { [[nodiscard]] std::optional<ElGamal> pep::VerifyRerandomize(const ElGamal& in, const ProvedRerandomize& p) {
...@@ -75,7 +75,7 @@ ProvedReshuffle pep::ProveReshuffle(const ElGamal& in, const Scalar& n) { ...@@ -75,7 +75,7 @@ ProvedReshuffle pep::ProveReshuffle(const ElGamal& in, const Scalar& n) {
return {AB, pb, AC, pc}; return {AB, pb, AC, pc};
} }
[[nodiscard]] std::optional<ElGamal> pep::VerifyReshuffle(const GroupElement& B, const GroupElement& C, const GroupElement& Y, const GroupElement& AB, const Proof& pb, const GroupElement& AC, const Proof& pc) { [[nodiscard]] std::optional<ElGamal> pep::VerifyReshuffle(const GroupElement& B, const GroupElement& C, const GroupElement& Y, const GroupElement& AB, const Proof& pb, const GroupElement& AC, const Proof& pc) {
return VerifyProof(AB, B, pb) && VerifyProof(AC, C, pc) && Y.valid() ? return VerifyProof(AB, B, pb) && VerifyProof(AC, C, pc) && Y.is_valid() ?
ElGamal{pb.value(), pc.value(), Y} : std::optional<ElGamal>(); ElGamal{pb.value(), pc.value(), Y} : std::optional<ElGamal>();
} }
[[nodiscard]] std::optional<ElGamal> pep::VerifyReshuffle(const ElGamal& in, const ProvedReshuffle& p) { [[nodiscard]] std::optional<ElGamal> pep::VerifyReshuffle(const ElGamal& in, const ProvedReshuffle& p) {
...@@ -91,7 +91,7 @@ ProvedRekey pep::ProveRekey(const ElGamal& in, const Scalar& k) { ...@@ -91,7 +91,7 @@ ProvedRekey pep::ProveRekey(const ElGamal& in, const Scalar& k) {
} }
[[nodiscard]] std::optional<ElGamal> pep::VerifyRekey(const GroupElement& B, const GroupElement& C, const GroupElement& Y, const GroupElement& AB, const Proof& pb, const GroupElement& AY, const Proof& py) { [[nodiscard]] std::optional<ElGamal> pep::VerifyRekey(const GroupElement& B, const GroupElement& C, const GroupElement& Y, const GroupElement& AB, const Proof& pb, const GroupElement& AY, const Proof& py) {
return VerifyProof(AB, B, pb) && C.valid() && VerifyProof(AY, Y, py) ? return VerifyProof(AB, B, pb) && C.is_valid() && VerifyProof(AY, Y, py) ?
ElGamal{pb.value(), C, py.value()} : std::optional<ElGamal>(); ElGamal{pb.value(), C, py.value()} : std::optional<ElGamal>();
} }
......
...@@ -24,13 +24,13 @@ TEST_CASE("PEP.Base", "[PEP]") { ...@@ -24,13 +24,13 @@ TEST_CASE("PEP.Base", "[PEP]") {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
}; };
Scalar s; Scalar s;
CHECK(s.valid()); CHECK(s.is_valid());
CHECK(s.zero()); CHECK(s.is_zero());
memcpy(s.value, too_large_scalar, sizeof(too_large_scalar)); memcpy(s.value, too_large_scalar, sizeof(too_large_scalar));
CHECK(!s.valid()); CHECK(!s.is_valid());
GroupElement M; GroupElement M;
CHECK(M.valid()); CHECK(M.is_valid());
CHECK(M.zero()); CHECK(M.is_zero());
s = Scalar::Random(); s = Scalar::Random();
CHECK_THROWS(s*M); CHECK_THROWS(s*M);
} }
...@@ -63,13 +63,13 @@ TEST_CASE("PEP.SecureRemotePassword", "[PEP]") { ...@@ -63,13 +63,13 @@ TEST_CASE("PEP.SecureRemotePassword", "[PEP]") {
auto u = Scalar::FromHash(hashAB); auto u = Scalar::FromHash(hashAB);
// client // client
ENSURE(!B.zero()); ENSURE(!B.is_zero());
ENSURE(!u.zero()); ENSURE(!u.is_zero());
CHECK(Scalar() + Scalar() == Scalar()); // test if zero() works CHECK(Scalar() + Scalar() == Scalar()); // test if zero() works
auto S_C = (a + u*x)*(B - V); auto S_C = (a + u*x)*(B - V);
// server // server
ENSURE(!A.zero()); ENSURE(!A.is_zero());
auto S_S = b*(A + u*V); auto S_S = b*(A + u*V);
CHECK(S_C == S_S); CHECK(S_C == S_S);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment