GNUnet 0.28.0-dev.2-5-gff43856e1
 
Loading...
Searching...
No Matches
Macros | Functions | Variables
crypto_elligator.c File Reference
#include "platform.h"
#include "gnunet_common.h"
#include <sodium.h>
#include "gnunet_util_lib.h"
#include "benchmark.h"
#include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <gmp.h>
#include <limits.h>
Include dependency graph for crypto_elligator.c:

Go to the source code of this file.

Macros

#define P_BITS   (256)
 
#define P_BYTES   ((P_BITS + CHAR_BIT - 1) / CHAR_BIT)
 
#define P_LIMBS   ((P_BITS + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
 

Functions

static void decode_bytes (mp_limb_t *number, const uint8_t *bytes)
 This function decodes the byte buffer into the MPI limb.
 
static void encode_bytes (uint8_t *bytes, mp_limb_t *number)
 This function encodes the MPI limb into a byte buffer.
 
void GNUNET_CRYPTO_ecdhe_elligator_initialize (void)
 
void __attribute__ ((constructor))
 Initialize elligator scratch space.
 
static void least_square_root (mp_limb_t *root, const mp_limb_t *number, mp_limb_t *scratch_space)
 Calculates the root of a given number.
 
bool GNUNET_CRYPTO_ecdhe_elligator_encoding (uint8_t random_tweak, struct GNUNET_CRYPTO_ElligatorRepresentative *r, const struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Encodes a point on Curve25519 to a an element of the underlying finite field.
 
static bool elligator_direct_map (uint8_t *point, bool *high_y, uint8_t *representative)
 Takes a number of the underlying finite field of Curve25519 and projects it into a valid point on that curve.
 
void GNUNET_CRYPTO_ecdhe_elligator_decoding (struct GNUNET_CRYPTO_EcdhePublicKey *point, bool *high_y, const struct GNUNET_CRYPTO_ElligatorRepresentative *representative)
 Clears the most significant bit and second most significant bit of the serialized representaive before applying elligator direct map.
 
static bool convert_from_ed_to_curve (uint8_t *point, const uint8_t *source)
 Takes a number of the underlying finite field of Curve25519 and projects it into a valid point on that curve.
 
static enum GNUNET_GenericReturnValue elligator_generate_public_key (const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *pk, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand (uint8_t random_tweak, const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *sk, struct GNUNET_CRYPTO_EcdhePublicKey *pk, struct GNUNET_CRYPTO_ElligatorRepresentative *repr)
 Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdhe_elligator_key_get_public (const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *sk, struct GNUNET_CRYPTO_EcdhePublicKey *pk, struct GNUNET_CRYPTO_ElligatorRepresentative *repr)
 Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
 
void GNUNET_CRYPTO_ecdhe_elligator_key_create (struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *sk)
 Generates a private key for Curve25519.
 

Variables

static const uint8_t lookupTable [8][crypto_scalarmult_SCALARBYTES]
 
static const unsigned char p_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char negative_1_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char negative_2_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char divide_negative_1_2_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char divide_plus_p_3_8_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char divide_minus_p_1_2_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char square_root_negative_1_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char A_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char negative_A_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char u_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char inverted_u_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static const unsigned char d_bytes [(((256)+CHAR_BIT - 1)/CHAR_BIT)]
 
static mp_limb_t p [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t negative_1 [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t negative_2 [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t divide_negative_1_2 [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t divide_plus_p_3_8 [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t divide_minus_p_1_2 [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t square_root_negative_1 [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t A [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t negative_A [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t u [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t inverted_u [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_limb_t d [(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
 
static mp_size_t scratch_space_length
 

Macro Definition Documentation

◆ P_BITS

#define P_BITS   (256)

Definition at line 91 of file crypto_elligator.c.

◆ P_BYTES

#define P_BYTES   ((P_BITS + CHAR_BIT - 1) / CHAR_BIT)

Definition at line 92 of file crypto_elligator.c.

◆ P_LIMBS

#define P_LIMBS   ((P_BITS + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)

Definition at line 93 of file crypto_elligator.c.

Function Documentation

◆ decode_bytes()

static void decode_bytes ( mp_limb_t *  number,
const uint8_t *  bytes 
)
static

This function decodes the byte buffer into the MPI limb.

Parameters
numberdecoded number
bytesinput bytes to decode into number

Definition at line 204 of file crypto_elligator.c.

205{
206 mp_limb_t scratch_space[1];
207
208 for (size_t i = 0; i < P_BYTES; ++i)
209 {
210 mpn_lshift (number, number, P_LIMBS, 8);
211 mpn_sec_add_1 (number, number, 1, bytes[P_BYTES - i - 1], scratch_space);
212 }
213}
P_BYTES
#define P_BYTES
Definition crypto_elligator.c:92
P_LIMBS
#define P_LIMBS
Definition crypto_elligator.c:93
number
uint32_t number
Definition plugin_gnsrecord_abd.c:277

References number, P_BYTES, and P_LIMBS.

Referenced by __attribute__(), convert_from_ed_to_curve(), elligator_direct_map(), and GNUNET_CRYPTO_ecdhe_elligator_encoding().

Here is the caller graph for this function:

◆ encode_bytes()

static void encode_bytes ( uint8_t *  bytes,
mp_limb_t *  number 
)
static

This function encodes the MPI limb into a byte buffer.

Parameters
bytesoutput bytes
numbernumber to encode

Definition at line 224 of file crypto_elligator.c.

225{
226 for (size_t i = 0; i < P_BYTES; ++i)
227 {
228 bytes[P_BYTES - i - 1] = mpn_lshift (number, number, P_LIMBS, 8);
229 }
230}

References number, P_BYTES, and P_LIMBS.

Referenced by convert_from_ed_to_curve(), elligator_direct_map(), and GNUNET_CRYPTO_ecdhe_elligator_encoding().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_elligator_initialize()

void GNUNET_CRYPTO_ecdhe_elligator_initialize ( void  )

◆ __attribute__()

void __attribute__ ( (constructor)  )

Initialize elligator scratch space.

Definition at line 239 of file crypto_elligator.c.

241{
242 static bool initialized = false;
243
244 mp_size_t scratch_space_lengths[] = {
245 // For least_square_root
246
247 mpn_sec_powm_itch (P_LIMBS, P_BITS - 1, P_LIMBS),
248 mpn_sec_sqr_itch (P_LIMBS),
249 mpn_sec_div_r_itch (P_LIMBS + P_LIMBS, P_LIMBS),
250 mpn_sec_sub_1_itch (P_LIMBS),
251 mpn_sec_mul_itch (P_LIMBS, P_LIMBS),
252
253 // For Elligator_2_Curve25519_encode
254
255 mpn_sec_powm_itch (P_LIMBS, P_BITS - 1, P_LIMBS),
256 mpn_sec_mul_itch (P_LIMBS, P_LIMBS),
257 mpn_sec_div_r_itch (P_LIMBS + P_LIMBS, P_LIMBS),
258 mpn_sec_sqr_itch (P_LIMBS),
259 mpn_sec_sub_1_itch (P_LIMBS),
260
261 // For Elligator_2_Curve25519_decode
262
263 mpn_sec_sqr_itch (P_LIMBS),
264 mpn_sec_div_r_itch (P_LIMBS + P_LIMBS, P_LIMBS),
265 mpn_sec_div_r_itch (P_LIMBS, P_LIMBS),
266 mpn_sec_mul_itch (P_LIMBS, P_LIMBS),
267 mpn_sec_add_1_itch (P_LIMBS),
268 mpn_sec_powm_itch (P_LIMBS, P_BITS - 1, P_LIMBS),
269
270 // For Elligator_2_Curve25519_convert_from_Ed25519
271 mpn_sec_sqr_itch (P_LIMBS),
272 mpn_sec_div_r_itch (P_LIMBS + P_LIMBS, P_LIMBS),
273 mpn_sec_mul_itch (P_LIMBS, P_LIMBS),
274 mpn_sec_add_1_itch (P_LIMBS),
275 mpn_sec_powm_itch (P_LIMBS, P_BITS - 1, P_LIMBS),
276 mpn_sec_sub_1_itch (P_LIMBS)
277 };
278
279 if (initialized)
280 {
281 return;
282 }
283
284 decode_bytes (p, p_bytes);
285 decode_bytes (negative_1, negative_1_bytes);
286 decode_bytes (negative_2, negative_2_bytes);
287 decode_bytes (divide_negative_1_2, divide_negative_1_2_bytes);
288 decode_bytes (divide_plus_p_3_8, divide_plus_p_3_8_bytes);
289 decode_bytes (divide_minus_p_1_2, divide_minus_p_1_2_bytes);
290 decode_bytes (square_root_negative_1, square_root_negative_1_bytes);
291 decode_bytes (A, A_bytes);
292 decode_bytes (negative_A, negative_A_bytes);
293 decode_bytes (u, u_bytes);
294 decode_bytes (inverted_u, inverted_u_bytes);
295 decode_bytes (d, d_bytes);
296
297
298 for (size_t i = 0; i < sizeof scratch_space_lengths
299 / sizeof *scratch_space_lengths; ++i)
300 {
301 if (scratch_space_lengths[i] > scratch_space_length)
302 {
303 scratch_space_length = scratch_space_lengths[i];
304 }
305 }
306
307 initialized = true;
308}
decode_bytes
static void decode_bytes(mp_limb_t *number, const uint8_t *bytes)
This function decodes the byte buffer into the MPI limb.
Definition crypto_elligator.c:204
divide_minus_p_1_2
static mp_limb_t divide_minus_p_1_2[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:186
negative_A
static mp_limb_t negative_A[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:189
negative_2
static mp_limb_t negative_2[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:183
P_BITS
#define P_BITS
Definition crypto_elligator.c:91
square_root_negative_1
static mp_limb_t square_root_negative_1[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:187
p
static mp_limb_t p[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:181
divide_minus_p_1_2_bytes
static const unsigned char divide_minus_p_1_2_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:132
negative_A_bytes
static const unsigned char negative_A_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:153
d
static mp_limb_t d[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:192
u_bytes
static const unsigned char u_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:160
p_bytes
static const unsigned char p_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:97
negative_1_bytes
static const unsigned char negative_1_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:104
negative_2_bytes
static const unsigned char negative_2_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:111
scratch_space_length
static mp_size_t scratch_space_length
Definition crypto_elligator.c:194
A_bytes
static const unsigned char A_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:146
square_root_negative_1_bytes
static const unsigned char square_root_negative_1_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:139
d_bytes
static const unsigned char d_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:174
negative_1
static mp_limb_t negative_1[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:182
divide_plus_p_3_8_bytes
static const unsigned char divide_plus_p_3_8_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:125
divide_negative_1_2_bytes
static const unsigned char divide_negative_1_2_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:118
A
static mp_limb_t A[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:188
inverted_u
static mp_limb_t inverted_u[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:191
divide_plus_p_3_8
static mp_limb_t divide_plus_p_3_8[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:185
u
static mp_limb_t u[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:190
inverted_u_bytes
static const unsigned char inverted_u_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
Definition crypto_elligator.c:167
divide_negative_1_2
static mp_limb_t divide_negative_1_2[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:184
initialized
static int initialized
Have we been initialized?
Definition plugin.c:57

References A, A_bytes, d, d_bytes, decode_bytes(), divide_minus_p_1_2, divide_minus_p_1_2_bytes, divide_negative_1_2, divide_negative_1_2_bytes, divide_plus_p_3_8, divide_plus_p_3_8_bytes, initialized, inverted_u, inverted_u_bytes, negative_1, negative_1_bytes, negative_2, negative_2_bytes, negative_A, negative_A_bytes, p, P_BITS, p_bytes, P_LIMBS, scratch_space_length, square_root_negative_1, square_root_negative_1_bytes, u, and u_bytes.

Here is the call graph for this function:

◆ least_square_root()

static void least_square_root ( mp_limb_t *  root,
const mp_limb_t *  number,
mp_limb_t *  scratch_space 
)
static

Calculates the root of a given number.

Returns trash if the number is a quadratic non-residue.

Parameters
rootstorage for calculated root
numbervalue for which the root is calculated
scratch_spacebuffer for calculation

Definition at line 320 of file crypto_elligator.c.

323{
324 mp_limb_t a[P_LIMBS + P_LIMBS];
325 mp_limb_t b[P_LIMBS];
326 mp_limb_t condition;
327
328 // root := number ^ ((p + 3) / 8)
329
330 mpn_add_n (b, number, p, P_LIMBS); // The next function requires a nonzero input
331 mpn_sec_powm (root, b, P_LIMBS, divide_plus_p_3_8, P_BITS - 1, p, P_LIMBS,
332 scratch_space);
333
334 // If root ^ 2 != number, root := root * square_root(-1)
335
336 mpn_sec_sqr (a, root, P_LIMBS, scratch_space);
337 mpn_sec_div_r (a, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
338 mpn_sub_n (b, a, number, P_LIMBS);
339
340 condition = mpn_sec_sub_1 (b, b, P_LIMBS, 1, scratch_space) ^ 1;
341
342 mpn_sec_mul (a, root, P_LIMBS, square_root_negative_1, P_LIMBS,
343 scratch_space);
344 mpn_sec_div_r (a, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
345
346 mpn_cnd_swap (condition, root, a, P_LIMBS);
347
348 // If root > (p - 1) / 2, root := -root
349
350 condition = mpn_sub_n (a, divide_minus_p_1_2, root, P_LIMBS);
351
352 mpn_sub_n (a, p, root, P_LIMBS); // If root = 0, a := p
353
354 mpn_cnd_swap (condition, root, a, P_LIMBS);
355}

References divide_minus_p_1_2, divide_plus_p_3_8, number, p, P_BITS, P_LIMBS, and square_root_negative_1.

Referenced by GNUNET_CRYPTO_ecdhe_elligator_encoding().

Here is the caller graph for this function:

◆ elligator_direct_map()

static bool elligator_direct_map ( uint8_t *  point,
bool *  high_y,
uint8_t *  representative 
)
static

Takes a number of the underlying finite field of Curve25519 and projects it into a valid point on that curve.

This function works deterministically. This step is also known as elligators "decoding" step. Taken from https://github.com/Kleshni/Elligator-2/blob/master/main.c.

Parameters
pointstorage for calculated point on Curve25519
high_yThe 'high_y' argument of the corresponding GNUNET_CRYPTO_ecdhe_elligator_encoding call
representativeGiven representative
Returns
'false' if extra step during direct map calculation is needed, otherwise 'true'

Definition at line 447 of file crypto_elligator.c.

450{
451 mp_limb_t scratch_space[scratch_space_length];
452
453 mp_limb_t a[P_LIMBS + P_LIMBS];
454 mp_limb_t b[P_LIMBS + P_LIMBS];
455 mp_limb_t c[P_LIMBS];
456 mp_limb_t e[P_LIMBS + P_LIMBS];
457 bool result;
458
459 // a := representative
460
461 decode_bytes (a, representative);
462
463 // Determine whether a < (p - 1) / 2
464
465 result = mpn_sub_n (b, divide_minus_p_1_2, a, P_LIMBS) ^ 1;
466
467 // b := -A / (1 + u * a ^ 2)
468
469 mpn_sec_sqr (b, a, P_LIMBS, scratch_space);
470 mpn_sec_div_r (b, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
471 mpn_sec_mul (a, u, P_LIMBS, b, P_LIMBS, scratch_space);
472 mpn_sec_div_r (a, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
473 mpn_sec_add_1 (b, a, P_LIMBS, 1, scratch_space);
474 mpn_sec_powm (a, b, P_LIMBS, negative_2, P_BITS - 1, p, P_LIMBS,
475 scratch_space);
476 mpn_sec_mul (b, a, P_LIMBS, negative_A, P_LIMBS, scratch_space);
477 mpn_sec_div_r (b, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
478
479 // a := b ^ 3 + A * b ^ 2 + b (with 1-bit overflow)
480
481 mpn_sec_sqr (a, b, P_LIMBS, scratch_space);
482 mpn_sec_div_r (a, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
483 mpn_add_n (c, b, A, P_LIMBS);
484 mpn_sec_mul (e, c, P_LIMBS, a, P_LIMBS, scratch_space);
485 mpn_sec_div_r (e, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
486 mpn_add_n (a, e, b, P_LIMBS);
487
488 // If a is a quadratic residue modulo p, point := b and high_y := 1
489 // Otherwise point := -b - A and high_y := 0
490
491 mpn_sub_n (c, p, b, P_LIMBS);
492 mpn_add_n (c, c, negative_A, P_LIMBS);
493 mpn_sec_div_r (c, P_LIMBS, p, P_LIMBS, scratch_space);
494
495 mpn_sec_powm (e, a, P_LIMBS, divide_minus_p_1_2, P_BITS - 1, p, P_LIMBS,
496 scratch_space);
497 *high_y = mpn_sub_n (e, e, divide_minus_p_1_2, P_LIMBS);
498
499 mpn_cnd_swap (*high_y, b, c, P_LIMBS);
500
501 encode_bytes (point, c);
502
503 return result;
504}
encode_bytes
static void encode_bytes(uint8_t *bytes, mp_limb_t *number)
This function encodes the MPI limb into a byte buffer.
Definition crypto_elligator.c:224
result
static int result
Global testing status.
Definition gnunet-regex-profiler.c:240

References A, decode_bytes(), divide_minus_p_1_2, encode_bytes(), negative_2, negative_A, p, P_BITS, P_LIMBS, result, scratch_space_length, and u.

Referenced by GNUNET_CRYPTO_ecdhe_elligator_decoding().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ convert_from_ed_to_curve()

static bool convert_from_ed_to_curve ( uint8_t *  point,
const uint8_t *  source 
)
static

Takes a number of the underlying finite field of Curve25519 and projects it into a valid point on that curve.

This function works deterministically. This step is also known as elligators "decoding" step. Taken from https://github.com/Kleshni/Elligator-2/blob/master/main.c.

Parameters
pointstorage for calculated point on Curve25519
sourceEd25519 curve point
Returns
'false' if source is not a valid Ed25519 point. In this case the 'point' array will be undefined but dependent on source.

Definition at line 542 of file crypto_elligator.c.

544{
545 mp_limb_t scratch_space[scratch_space_length];
546
547 mp_limb_t y[P_LIMBS];
548 mp_limb_t a[P_LIMBS + P_LIMBS];
549 mp_limb_t b[P_LIMBS + P_LIMBS];
550 mp_limb_t c[P_LIMBS + P_LIMBS];
551
552 uint8_t y_bytes[P_BYTES];
553 bool result;
554
555 memcpy (y_bytes, source, 31);
556
557 y_bytes[31] = source[31] & 0x7f;
558
559 decode_bytes (y, y_bytes);
560
561 // Check if y < p
562
563 result = mpn_sub_n (a, y, p, P_LIMBS);
564
565 // a := (y ^ 2 - 1) / (1 + d * y ^ 2)
566
567 mpn_sec_sqr (a, y, P_LIMBS, scratch_space);
568 mpn_sec_div_r (a, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
569 mpn_sec_mul (b, a, P_LIMBS, d, P_LIMBS, scratch_space);
570 mpn_sec_add_1 (b, b, P_LIMBS, 1, scratch_space);
571 mpn_sec_div_r (b, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
572 mpn_sec_powm (c, b, P_LIMBS, negative_2, P_BITS - 1, p, P_LIMBS,
573 scratch_space);
574 mpn_add_n (b, a, negative_1, P_LIMBS);
575 mpn_sec_mul (a, b, P_LIMBS, c, P_LIMBS, scratch_space);
576 mpn_sec_div_r (a, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
577
578 // Check, whether a is a square modulo p (including a = 0)
579
580 mpn_add_n (a, a, p, P_LIMBS);
581 mpn_sec_powm (b, a, P_LIMBS, divide_negative_1_2, P_BITS - 1, p, P_LIMBS,
582 scratch_space);
583
584 result &= mpn_sub_n (c, b, divide_minus_p_1_2, P_LIMBS);
585
586 // If a = p, the parity bit must be 0
587
588 mpn_sub_n (a, a, p, P_LIMBS);
589
590 result ^= mpn_sec_sub_1 (a, a, P_LIMBS, 1, scratch_space) & source[31] >> 7;
591
592 // If y != 1, c := (1 + y) / (1 - y), otherwise c := 0
593
594 mpn_sub_n (a, p, y, P_LIMBS);
595 mpn_sec_add_1 (a, a, P_LIMBS, 1, scratch_space);
596 mpn_sec_powm (b, a, P_LIMBS, negative_2, P_BITS - 1, p, P_LIMBS,
597 scratch_space);
598 mpn_sec_add_1 (a, y, P_LIMBS, 1, scratch_space);
599 mpn_sec_mul (c, a, P_LIMBS, b, P_LIMBS, scratch_space);
600 mpn_sec_div_r (c, P_LIMBS + P_LIMBS, p, P_LIMBS, scratch_space);
601
602 encode_bytes (point, c);
603
604 return result;
605}
source
static GstElement * source
Appsrc instance into which we write data for the pipeline.
Definition gnunet-helper-audio-playback-gst.c:67

References d, decode_bytes(), divide_minus_p_1_2, divide_negative_1_2, encode_bytes(), negative_1, negative_2, p, P_BITS, P_BYTES, P_LIMBS, result, scratch_space_length, and source.

Referenced by elligator_generate_public_key().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ elligator_generate_public_key()

static enum GNUNET_GenericReturnValue elligator_generate_public_key ( const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey pk,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)
static

Definition at line 609 of file crypto_elligator.c.

612{
613 // eHigh
614 // crypto_scalarmult_ed25519_base clamps the scalar pk->d and return only 0 if pk->d is zero
615 unsigned char eHigh[crypto_scalarmult_SCALARBYTES] = {0};
616 int sLow = (pk->d)[0] % 8;
617 unsigned char eLow[crypto_scalarmult_SCALARBYTES] = {0};
618 unsigned char edPub[crypto_scalarmult_SCALARBYTES] = {0};
619 GNUNET_assert (0 == crypto_scalarmult_ed25519_base (eHigh, pk->d));
620
621 // eLow: choose a random point of low order
622 memcpy (eLow, lookupTable[sLow], crypto_scalarmult_SCALARBYTES);
623
624 // eHigh + eLow
625 if (crypto_core_ed25519_add (edPub, eLow, eHigh) == -1)
626 {
627 return GNUNET_SYSERR;
628 }
629
630 if (convert_from_ed_to_curve (pub->q_y, edPub) == false)
631 {
632 return GNUNET_SYSERR;
633 }
634 return GNUNET_OK;
635}
lookupTable
static const uint8_t lookupTable[8][crypto_scalarmult_SCALARBYTES]
Definition crypto_elligator.c:41
convert_from_ed_to_curve
static bool convert_from_ed_to_curve(uint8_t *point, const uint8_t *source)
Takes a number of the underlying finite field of Curve25519 and projects it into a valid point on tha...
Definition crypto_elligator.c:542
pk
struct GNUNET_CRYPTO_BlindablePrivateKey pk
Private key from command line option, or NULL.
Definition gnunet-identity.c:126
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition gnunet-scrypt.c:47
GNUNET_OK
@ GNUNET_OK
Definition gnunet_common.h:114
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition gnunet_common.h:112
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition gnunet_common.h:960
GNUNET_CRYPTO_EddsaPublicKey::q_y
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Definition gnunet_crypto_lib.h:213

References convert_from_ed_to_curve(), GNUNET_assert, GNUNET_OK, GNUNET_SYSERR, lookupTable, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand().

Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ lookupTable

const uint8_t lookupTable[8][crypto_scalarmult_SCALARBYTES]
static

Definition at line 41 of file crypto_elligator.c.

41 {
42 {
43 0x26, 0xE8, 0x95, 0x8F, 0xC2, 0xB2, 0x27, 0xB0,
44 0x45, 0xC3, 0xF4, 0x89, 0xF2, 0xEF, 0x98, 0xF0,
45 0xD5, 0xDF, 0xAC, 0x05, 0xD3, 0xC6, 0x33, 0x39,
46 0xB1, 0x38, 0x02, 0x88, 0x6D, 0x53, 0xFC, 0x05
47 },
48 {
49 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
50 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
51 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
52 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
53 },
54 {
55 0xC7, 0x17, 0x6A, 0x70, 0x3D, 0x4D, 0xD8, 0x4F,
56 0xBA, 0x3C, 0x0B, 0x76, 0x0D, 0x10, 0x67, 0x0F,
57 0x2A, 0x20, 0x53, 0xFA, 0x2C, 0x39, 0xCC, 0xC6,
58 0x4E, 0xC7, 0xFD, 0x77, 0x92, 0xAC, 0x03, 0x7A
59 },
60 {
61 0xEC, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
62 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
63 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
64 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F
65 }, {
66 0xC7, 0x17, 0x6A, 0x70, 0x3D, 0x4D, 0xD8, 0x4F,
67 0xBA, 0x3C, 0x0B, 0x76, 0x0D, 0x10, 0x67, 0x0F,
68 0x2A, 0x20, 0x53, 0xFA, 0x2C, 0x39, 0xCC, 0xC6,
69 0x4E, 0xC7, 0xFD, 0x77, 0x92, 0xAC, 0x03, 0xFA
70 }, {
71 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
72 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
73 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
74 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
75 }, {
76 0x26, 0xE8, 0x95, 0x8F, 0xC2, 0xB2, 0x27, 0xB0,
77 0x45, 0xC3, 0xF4, 0x89, 0xF2, 0xEF, 0x98, 0xF0,
78 0xD5, 0xDF, 0xAC, 0x05, 0xD3, 0xC6, 0x33, 0x39,
79 0xB1, 0x38, 0x02, 0x88, 0x6D, 0x53, 0xFC, 0x85
80 },{
81 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
82 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
83 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
84 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
85 }
86};

Referenced by elligator_generate_public_key().

◆ p_bytes

const unsigned char p_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
}

Definition at line 97 of file crypto_elligator.c.

97 {
98 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
99 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
100 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
101 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
102};

Referenced by __attribute__().

◆ negative_1_bytes

const unsigned char negative_1_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
}

Definition at line 104 of file crypto_elligator.c.

104 {
105 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
106 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
107 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
108 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
109};

Referenced by __attribute__().

◆ negative_2_bytes

const unsigned char negative_2_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
}

Definition at line 111 of file crypto_elligator.c.

111 {
112 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
113 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
114 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
115 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
116};

Referenced by __attribute__().

◆ divide_negative_1_2_bytes

const unsigned char divide_negative_1_2_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f
}

Definition at line 118 of file crypto_elligator.c.

118 {
119 0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
120 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
121 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
122 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f
123};

Referenced by __attribute__().

◆ divide_plus_p_3_8_bytes

const unsigned char divide_plus_p_3_8_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f
}

Definition at line 125 of file crypto_elligator.c.

125 {
126 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
127 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
128 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
129 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f
130};

Referenced by __attribute__().

◆ divide_minus_p_1_2_bytes

const unsigned char divide_minus_p_1_2_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f
}

Definition at line 132 of file crypto_elligator.c.

132 {
133 0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
134 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
135 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
136 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f
137};

Referenced by __attribute__().

◆ square_root_negative_1_bytes

const unsigned char square_root_negative_1_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xb0, 0xa0, 0x0e, 0x4a, 0x27, 0x1b, 0xee, 0xc4,
0x78, 0xe4, 0x2f, 0xad, 0x06, 0x18, 0x43, 0x2f,
0xa7, 0xd7, 0xfb, 0x3d, 0x99, 0x00, 0x4d, 0x2b,
0x0b, 0xdf, 0xc1, 0x4f, 0x80, 0x24, 0x83, 0x2b
}

Definition at line 139 of file crypto_elligator.c.

139 {
140 0xb0, 0xa0, 0x0e, 0x4a, 0x27, 0x1b, 0xee, 0xc4,
141 0x78, 0xe4, 0x2f, 0xad, 0x06, 0x18, 0x43, 0x2f,
142 0xa7, 0xd7, 0xfb, 0x3d, 0x99, 0x00, 0x4d, 0x2b,
143 0x0b, 0xdf, 0xc1, 0x4f, 0x80, 0x24, 0x83, 0x2b
144};

Referenced by __attribute__().

◆ A_bytes

const unsigned char A_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0x06, 0x6d, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
}

Definition at line 146 of file crypto_elligator.c.

146 {
147 0x06, 0x6d, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00,
148 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
150 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
151};

Referenced by __attribute__().

◆ negative_A_bytes

const unsigned char negative_A_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xe7, 0x92, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
}

Definition at line 153 of file crypto_elligator.c.

153 {
154 0xe7, 0x92, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff,
155 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
156 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
157 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
158};

Referenced by __attribute__().

◆ u_bytes

const unsigned char u_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
}

Definition at line 160 of file crypto_elligator.c.

160 {
161 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
162 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
163 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
164 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
165};

Referenced by __attribute__().

◆ inverted_u_bytes

const unsigned char inverted_u_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xf7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f
}

Definition at line 167 of file crypto_elligator.c.

167 {
168 0xf7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
169 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
170 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
171 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f
172};

Referenced by __attribute__().

◆ d_bytes

const unsigned char d_bytes[(((256)+CHAR_BIT - 1)/CHAR_BIT)]
static
Initial value:
= {
0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
}

Definition at line 174 of file crypto_elligator.c.

174 {
175 0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
176 0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
177 0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
178 0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
179};

Referenced by __attribute__().

◆ p

mp_limb_t p[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 181 of file crypto_elligator.c.

Referenced by __attribute__(), convert_from_ed_to_curve(), elligator_direct_map(), GNUNET_CRYPTO_ecdhe_elligator_encoding(), and least_square_root().

◆ negative_1

mp_limb_t negative_1[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 182 of file crypto_elligator.c.

Referenced by __attribute__(), and convert_from_ed_to_curve().

◆ negative_2

mp_limb_t negative_2[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 183 of file crypto_elligator.c.

Referenced by __attribute__(), convert_from_ed_to_curve(), elligator_direct_map(), and GNUNET_CRYPTO_ecdhe_elligator_encoding().

◆ divide_negative_1_2

mp_limb_t divide_negative_1_2[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 184 of file crypto_elligator.c.

Referenced by __attribute__(), and convert_from_ed_to_curve().

◆ divide_plus_p_3_8

mp_limb_t divide_plus_p_3_8[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 185 of file crypto_elligator.c.

Referenced by __attribute__(), and least_square_root().

◆ divide_minus_p_1_2

mp_limb_t divide_minus_p_1_2[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 186 of file crypto_elligator.c.

Referenced by __attribute__(), convert_from_ed_to_curve(), elligator_direct_map(), and least_square_root().

◆ square_root_negative_1

mp_limb_t square_root_negative_1[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 187 of file crypto_elligator.c.

Referenced by __attribute__(), and least_square_root().

◆ A

mp_limb_t A[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 188 of file crypto_elligator.c.

Referenced by __attribute__(), elligator_direct_map(), and GNUNET_CRYPTO_ecdhe_elligator_encoding().

◆ negative_A

mp_limb_t negative_A[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 189 of file crypto_elligator.c.

Referenced by __attribute__(), and elligator_direct_map().

◆ u

mp_limb_t u[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 190 of file crypto_elligator.c.

Referenced by __attribute__(), _nss_gns_gethostbyname2_r(), bind_abstime(), bind_nbotime(), bind_u16(), bind_u32(), bind_u64(), compute_scalar_product(), elligator_direct_map(), encrypt_fair(), extract_abs_time(), extract_abs_time_nbo(), extract_uint16(), extract_uint32(), extract_uint64(), GDS_u_connect(), GDS_u_drop(), GDS_u_hold(), GDS_u_send(), GDS_u_try_connect(), getopt_set_keywords(), gns_resolve_name(), GNUNET_uri_parse(), load_underlay(), qconv_abs_time(), qconv_rel_time(), shutdown_task(), shutdown_task(), u_address_add(), and update_network_size_estimate().

◆ inverted_u

mp_limb_t inverted_u[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 191 of file crypto_elligator.c.

Referenced by __attribute__(), and GNUNET_CRYPTO_ecdhe_elligator_encoding().

◆ d

mp_limb_t d[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static

Definition at line 192 of file crypto_elligator.c.

Referenced by __attribute__(), compute_lagrange_coefficient(), convert_from_ed_to_curve(), decode_private_ecdsa_key(), decrypt_new_element(), diff_create(), feed_buffer_to_gst(), GCCH_handle_channel_plaintext_data(), get_app(), get_audiobin(), get_coder(), get_delay_randomization(), gg_load_configuration(), gg_setup_gst_bus(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_FS_indexing_init(), GNUNET_hton_double(), GNUNET_memcmp_ct_(), GNUNET_ntoh_double(), gnunet_read(), GNUNET_TIME_randomize(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), keygen_reveal_get_enc_preshare(), keygen_reveal_get_exp_coeff(), keygen_reveal_get_exp_preshare(), keygen_round1_new_element(), keygen_round2_new_element(), num_to_regex(), on_appsink_new_sample(), and state_changed_cb().

◆ scratch_space_length

mp_size_t scratch_space_length
static

Definition at line 194 of file crypto_elligator.c.

Referenced by __attribute__(), convert_from_ed_to_curve(), elligator_direct_map(), and GNUNET_CRYPTO_ecdhe_elligator_encoding().