Add SecretToPublicKey function for ed25519

Also remove IsClamped. Clamping occurs with ed25519, but it happens inside the Donna code. It is not needed elsewhere for ed25519.
author: Jeffrey Walton <noloader@gmail.com> 2019-02-07 15:00:00 -0500
committer: Jeffrey Walton <noloader@gmail.com> 2019-02-07 15:00:00 -0500
commit: 4caa5ee724d33b31e9cb7d57964b461ecec76c5a (patch)
tree: 8d07873048c1c7eead80b92c70eca77bc8ec4866 /xed25519.cpp
parent: dde43de786bb890b98e6903a075d4a732aa3b9a7 (diff)
download: cryptopp-git-4caa5ee724d33b31e9cb7d57964b461ecec76c5a.tar.gz
1 files changed, 10 insertions, 22 deletions
diff --git a/xed25519.cpp b/xed25519.cpp
index f8544f34..78d0f53d 100644
--- a/xed25519.cpp
+++ b/xed25519.cpp
@@ -365,18 +365,12 @@ bool x25519::Agree(byte *agreedValue, const byte *privateKey, const byte *otherP
 
 // ******************** ed25519 Signer ************************* //
 
-void ed25519PrivateKey::ClampKeys(byte y[PUBLIC_KEYLENGTH], byte x[SECRET_KEYLENGTH]) const
+void ed25519PrivateKey::SecretToPublicKey(byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]) const
 {
-    x[0] &= 248; x[31] &= 127; x[31] |= 64;
     int ret = Donna::ed25519_publickey(y, x);
     CRYPTOPP_ASSERT(ret == 0); CRYPTOPP_UNUSED(ret);
 }
 
-bool ed25519PrivateKey::IsClamped(const byte x[SECRET_KEYLENGTH]) const
-{
-    return (x[0] & 248) == x[0] && (x[31] & 127) == x[31] && (x[31] | 64) == x[31];
-}
-
 bool ed25519PrivateKey::IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const
 {
     return HasSmallOrder(y);
@@ -385,17 +379,14 @@ bool ed25519PrivateKey::IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const
 bool ed25519PrivateKey::Validate(RandomNumberGenerator &rng, unsigned int level) const
 {
     CRYPTOPP_UNUSED(rng);
-    CRYPTOPP_ASSERT(IsClamped(m_sk) == true);
     CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false);
 
-    if (level >= 1 && IsClamped(m_sk) == false)
-        return false;
-    if (level >= 2 && IsSmallOrder(m_pk) == true)
+    if (level >= 1 && IsSmallOrder(m_pk) == true)
         return false;
     if (level >= 3)
     {
         SecByteBlock sk(m_sk, SECRET_KEYLENGTH), pk(PUBLIC_KEYLENGTH);
-        ClampKeys(pk, sk);
+        SecretToPublicKey(pk, sk);
 
         // Secret key is already clamped, bufs are equal
         if (VerifyBufsEqual(pk, m_pk, PUBLIC_KEYLENGTH) == false)
@@ -454,11 +445,10 @@ void ed25519PrivateKey::AssignFrom(const NameValuePairs &source)
         m_oid = oid;
     }
 
-    bool clamp = false;
-    if (source.GetValue("Clamp", clamp) && clamp == true)
-        ClampKeys(m_pk, m_sk);
+    bool derive = false;
+    if (source.GetValue("DerivePublicKey", derive) && derive == true)
+        SecretToPublicKey(m_pk, m_sk);
 
-    CRYPTOPP_ASSERT(IsClamped(m_sk) == true);
     CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false);
 }
 
@@ -469,7 +459,6 @@ void ed25519PrivateKey::GenerateRandom(RandomNumberGenerator &rng, const NameVal
         rng.IncorporateEntropy(seed.begin(), seed.size());
 
     rng.GenerateBlock(m_sk, SECRET_KEYLENGTH);
-    m_sk[0] &= 248; m_sk[31] &= 127; m_sk[31] |= 64;
     int ret = Donna::ed25519_publickey(m_pk, m_sk);
     CRYPTOPP_ASSERT(ret == 0); CRYPTOPP_UNUSED(ret);
 }
@@ -537,7 +526,6 @@ void ed25519PrivateKey::BERDecode(BufferedTransformation &bt)
     if (generatePublicKey)
         Donna::ed25519_publickey(m_pk, m_sk);
 
-    CRYPTOPP_ASSERT(IsClamped(m_sk) == true);
     CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false);
 }
 
@@ -601,7 +589,7 @@ void ed25519PrivateKey::SetPrivateExponent (const byte x[SECRET_KEYLENGTH])
 {
     AssignFrom(MakeParameters
         (Name::PrivateExponent(), ConstByteArrayParameter(x, SECRET_KEYLENGTH))
-        ("Clamp", true));
+        ("DerivePublicKey", true));
 }
 
 void ed25519PrivateKey::SetPrivateExponent (const Integer &x)
@@ -613,7 +601,7 @@ void ed25519PrivateKey::SetPrivateExponent (const Integer &x)
 
     AssignFrom(MakeParameters
         (Name::PrivateExponent(), ConstByteArrayParameter(bx, SECRET_KEYLENGTH, false))
-        ("Clamp", true));
+        ("DerivePublicKey", true));
 }
 
 const Integer& ed25519PrivateKey::GetPrivateExponent() const
@@ -635,7 +623,7 @@ ed25519Signer::ed25519Signer(const byte x[SECRET_KEYLENGTH])
 {
     AccessPrivateKey().AssignFrom(MakeParameters
         (Name::PrivateExponent(), ConstByteArrayParameter(x, SECRET_KEYLENGTH, false))
-        ("Clamp", true));
+        ("DerivePublicKey", true));
 }
 
 ed25519Signer::ed25519Signer(const Integer &y, const Integer &x)
@@ -661,7 +649,7 @@ ed25519Signer::ed25519Signer(const Integer &x)
 
     AccessPrivateKey().AssignFrom(MakeParameters
         (Name::PrivateExponent(), ConstByteArrayParameter(bx, SECRET_KEYLENGTH, false))
-        ("Clamp", true));
+        ("DerivePublicKey", true));
 }
 
 ed25519Signer::ed25519Signer(RandomNumberGenerator &rng)
author	Jeffrey Walton <noloader@gmail.com>	2019-02-07 15:00:00 -0500
committer	Jeffrey Walton <noloader@gmail.com>	2019-02-07 15:00:00 -0500
commit	4caa5ee724d33b31e9cb7d57964b461ecec76c5a (patch)
tree	8d07873048c1c7eead80b92c70eca77bc8ec4866 /xed25519.cpp
parent	dde43de786bb890b98e6903a075d4a732aa3b9a7 (diff)
download	cryptopp-git-4caa5ee724d33b31e9cb7d57964b461ecec76c5a.tar.gz