mirror of
https://github.com/monero-project/monero.git
synced 2025-01-22 06:21:06 -05:00
cleaner crypto for converting output to leaf tuple
This commit is contained in:
parent
30fc80b33e
commit
5e76191afe
@ -1330,7 +1330,7 @@ void ge_double_scalarmult_base_vartime_p3(ge_p3 *r3, const unsigned char *a, con
|
||||
|
||||
/* From fe_frombytes.c */
|
||||
|
||||
int fe_y_frombytes_vartime(fe y, const unsigned char *s) {
|
||||
int fe_frombytes_vartime(fe y, const unsigned char *s) {
|
||||
|
||||
int64_t h0 = load_4(s);
|
||||
int64_t h1 = load_3(s + 4) << 6;
|
||||
@ -1394,7 +1394,7 @@ int ge_frombytes_vartime(ge_p3 *h, const unsigned char *s) {
|
||||
fe vxx;
|
||||
fe check;
|
||||
|
||||
if (fe_y_frombytes_vartime(h->Y, s) != 0) {
|
||||
if (fe_frombytes_vartime(h->Y, s) != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -3886,16 +3886,16 @@ int ge_p3_is_point_at_infinity_vartime(const ge_p3 *p) {
|
||||
}
|
||||
|
||||
// https://www.ietf.org/archive/id/draft-ietf-lwig-curve-representations-02.pdf E.2
|
||||
void fe_y_to_wei_x(unsigned char *wei_x, const fe y)
|
||||
void fe_ed_y_to_wei_x(unsigned char *wei_x, const fe ed_y)
|
||||
{
|
||||
fe one;
|
||||
fe_1(one);
|
||||
|
||||
// (1+y),(1-y)
|
||||
fe one_plus_y;
|
||||
fe_add(one_plus_y, one, y);
|
||||
fe_add(one_plus_y, one, ed_y);
|
||||
fe one_minus_y;
|
||||
fe_sub(one_minus_y, one, y);
|
||||
fe_sub(one_minus_y, one, ed_y);
|
||||
|
||||
// (1/(1-y))*(1+y)
|
||||
fe inv_one_minus_y;
|
||||
|
@ -88,7 +88,7 @@ void ge_double_scalarmult_base_vartime_p3(ge_p3 *, const unsigned char *, const
|
||||
|
||||
extern const fe fe_sqrtm1;
|
||||
extern const fe fe_d;
|
||||
int fe_y_frombytes_vartime(fe, const unsigned char *);
|
||||
int fe_frombytes_vartime(fe, const unsigned char *);
|
||||
int ge_frombytes_vartime(ge_p3 *, const unsigned char *);
|
||||
|
||||
/* From ge_p1p1_to_p2.c */
|
||||
@ -170,4 +170,4 @@ void fe_0(fe h);
|
||||
|
||||
int ge_p3_is_point_at_infinity_vartime(const ge_p3 *p);
|
||||
|
||||
void fe_y_to_wei_x(unsigned char *wei_x, const fe y);
|
||||
void fe_ed_y_to_wei_x(unsigned char *wei_x, const fe ed_y);
|
||||
|
@ -635,9 +635,14 @@ LeafTupleContext CurveTrees<Helios, Selene>::output_to_leaf_context(
|
||||
rct::key O, C;
|
||||
|
||||
if (!rct::clear_torsion(rct::pk2rct(output_pubkey), O))
|
||||
throw std::runtime_error("output pub key is invalid, failed to clear torsion");
|
||||
throw std::runtime_error("output pub key is invalid");
|
||||
if (!rct::clear_torsion(commitment, C))
|
||||
throw std::runtime_error("commitment is invalid, failed to clear torsion");
|
||||
throw std::runtime_error("commitment is invalid");
|
||||
|
||||
if (O == rct::I)
|
||||
throw std::runtime_error("O cannot equal identity");
|
||||
if (C == rct::I)
|
||||
throw std::runtime_error("C cannot equal identity");
|
||||
|
||||
PreprocessedLeafTuple o_c{
|
||||
.O = std::move(O),
|
||||
|
@ -133,7 +133,7 @@ struct PreprocessedLeafTuple final
|
||||
{
|
||||
// Output pubkey that has been checked valid and torsion cleared
|
||||
rct::key O;
|
||||
// Commitment that has been torsion cleared
|
||||
// Commitment that has been checked valid and torsion cleared
|
||||
rct::key C;
|
||||
};
|
||||
static_assert(sizeof(PreprocessedLeafTuple) == (32+32), "db expects 64 bytes for pre-processed leaf tuples");
|
||||
|
@ -738,16 +738,16 @@ namespace rct {
|
||||
ge_p3 torsion_cleared_point;
|
||||
ge_p1p1_to_p3(&torsion_cleared_point, &point_inv_8_mul_8);
|
||||
ge_p3_tobytes(k_out.bytes, &torsion_cleared_point);
|
||||
if (k_out == I)
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool point_to_wei_x(const key &pub, key &wei_x) {
|
||||
fe y;
|
||||
if (fe_y_frombytes_vartime(y, pub.bytes) != 0)
|
||||
if (pub == I)
|
||||
return false;
|
||||
fe_y_to_wei_x(wei_x.bytes, y);
|
||||
fe y;
|
||||
if (fe_frombytes_vartime(y, pub.bytes) != 0)
|
||||
return false;
|
||||
fe_ed_y_to_wei_x(wei_x.bytes, y);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user