echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Elligator2 cleanups, thx orignal

Browse Source
This commit is contained in:
zzz
2019-12-10 15:26:53 +00:00
parent 831c1945a5
commit faf130cf38
1 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
router/java/src/net/i2p/router/crypto/ratchet/Elligator2.java
View File

@ -129,7 +129,7 @@ class Elligator2 {
negative_multiply3_u_x_plus_x_A = negative_multiply3_u_x_plus_x_A.mod(p); negative_multiply3_u_x_plus_x_A = negative_multiply3_u_x_plus_x_A.mod(p);
// If -ux(x + A) is not a square modulo p // If -ux(x + A) is not a square modulo p
if (legendre(negative_multiply3_u_x_plus_x_A, p) == -1) { if (legendre(negative_multiply3_u_x_plus_x_A) == -1) {
return null; return null;
} }
@ -161,7 +161,7 @@ class Elligator2 {
* Returns an array with the point and the second argument of the corresponding call to the `encode` function. * Returns an array with the point and the second argument of the corresponding call to the `encode` function.
* It's also able to return null if the representative is invalid (there are only 10 invalid representatives). * It's also able to return null if the representative is invalid (there are only 10 invalid representatives).
* *
* @param representative the encoded data, 32 bytes * @param representative the encoded data, little endian, 32 bytes
* @return x or null on failure * @return x or null on failure
*/ */
public static PublicKey decode(byte[] representative) { public static PublicKey decode(byte[] representative) {
@ -175,11 +175,11 @@ class Elligator2 {
* It's also able to return null if the representative is invalid (there are only 10 invalid representatives). * It's also able to return null if the representative is invalid (there are only 10 invalid representatives).
* *
* @param alternative out parameter, or null if you don't care * @param alternative out parameter, or null if you don't care
* @param representative the encoded data, 32 bytes * @param representative the encoded data, little endian, 32 bytes
* @return x or null on failure * @return x or null on failure
*/ */
public static PublicKey decode(AtomicBoolean alternative, byte[] representative) { public static PublicKey decode(AtomicBoolean alternative, byte[] representative) {
if (representative.length != 32) if (representative.length != REPRESENTATIVE_LENGTH)
throw new IllegalArgumentException("must be 32 bytes"); throw new IllegalArgumentException("must be 32 bytes");
if (DISABLE) if (DISABLE)
return new PublicKey(EncType.ECIES_X25519, representative); return new PublicKey(EncType.ECIES_X25519, representative);
@ -213,7 +213,7 @@ class Elligator2 {
t = t.mod(p); t = t.mod(p);
// e = Legendre symbol (t / p) // e = Legendre symbol (t / p)
int e = legendre(t, p); int e = legendre(t);
BigInteger x; BigInteger x;
if (e == 1) { if (e == 1) {
@ -261,15 +261,16 @@ class Elligator2 {
* https://gmplib.org/manual/Number-Theoretic-Functions.html * https://gmplib.org/manual/Number-Theoretic-Functions.html
* https://en.wikipedia.org/wiki/Legendre_symbol * https://en.wikipedia.org/wiki/Legendre_symbol
* *
* @param a must already be mod(p)
*
* @return -1/0/1 * @return -1/0/1
*/ */
private static int legendre(BigInteger a, BigInteger p) { private static int legendre(BigInteger a) {
if (a.mod(p).signum() == 0) if (a.signum() == 0)
return 0; return 0;
if (!(a instanceof NativeBigInteger)) if (!(a instanceof NativeBigInteger))
a = new NativeBigInteger(a); a = new NativeBigInteger(a);
BigInteger pm1d2 = p.subtract(BigInteger.ONE).divide(TWO); BigInteger mp = a.modPow(divide_minus_p_1_2, p);
BigInteger mp = a.modPow(pm1d2, p);
// mp is either 1 or (p - 1) (0x7ffff...fffec) // mp is either 1 or (p - 1) (0x7ffff...fffec)
//System.out.println("Legendre value: " + mp.toString(16)); //System.out.println("Legendre value: " + mp.toString(16));
int cmp = mp.compareTo(BigInteger.ONE); int cmp = mp.compareTo(BigInteger.ONE);