Skip to content

Commit 755b24a

Browse files
committed
update ed25519 utils
1 parent 7fef058 commit 755b24a

File tree

6 files changed

+39
-214
lines changed

6 files changed

+39
-214
lines changed

lib/bip/ecc/keys/ed25519_monero_keys.dart

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,7 @@ class MoneroPrivateKey implements IPrivateKey {
168168
if (keyBytes.length != Ed25519KeysConst.privKeyByteLen) {
169169
throw const ArgumentException("invalid private key length");
170170
}
171-
if (!Ed25519Utils.isValidScalar(keyBytes)) {
171+
if (!Ed25519Utils.scCheck(keyBytes)) {
172172
throw const ArgumentException("Invalid monero private key.");
173173
}
174174
final gn = Curves.generatorED25519;

lib/crypto/crypto/cdsa/crypto_ops/operations/ops.dart

Lines changed: 10 additions & 190 deletions
Original file line numberDiff line numberDiff line change
@@ -113,190 +113,10 @@ class CryptoOps {
113113
static void scReduce32Copy(List<int> scopy, List<int> s) {
114114
s.asMin32("scReduce32Copy");
115115
scopy.asMin32("scReduce32Copy");
116-
BigInt s0 = _b2097151 & _load3(s, 0);
117-
BigInt s1 = _b2097151 & (_load4(s, 2) >> 5);
118-
BigInt s2 = _b2097151 & (_load3(s, 5) >> 2);
119-
BigInt s3 = _b2097151 & (_load4(s, 7) >> 7);
120-
BigInt s4 = _b2097151 & (_load4(s, 10) >> 4);
121-
BigInt s5 = _b2097151 & (_load3(s, 13) >> 1);
122-
BigInt s6 = _b2097151 & (_load4(s, 15) >> 6);
123-
BigInt s7 = _b2097151 & (_load3(s, 18) >> 3);
124-
BigInt s8 = _b2097151 & _load3(s, 21);
125-
BigInt s9 = _b2097151 & (_load4(s, 23) >> 5);
126-
BigInt s10 = _b2097151 & (_load3(s, 26) >> 2);
127-
BigInt s11 = (_load4(s, 28) >> 7);
128-
BigInt s12 = BigInt.zero;
129-
BigInt carry0;
130-
BigInt carry1;
131-
BigInt carry2;
132-
BigInt carry3;
133-
BigInt carry4;
134-
BigInt carry5;
135-
BigInt carry6;
136-
BigInt carry7;
137-
BigInt carry8;
138-
BigInt carry9;
139-
BigInt carry10;
140-
BigInt carry11;
141-
142-
carry0 = (s0 + _bitMaskFor20) >> 21;
143-
s1 += carry0;
144-
s0 -= carry0 << 21;
145-
carry2 = (s2 + _bitMaskFor20) >> 21;
146-
s3 += carry2;
147-
s2 -= carry2 << 21;
148-
carry4 = (s4 + _bitMaskFor20) >> 21;
149-
s5 += carry4;
150-
s4 -= carry4 << 21;
151-
carry6 = (s6 + _bitMaskFor20) >> 21;
152-
s7 += carry6;
153-
s6 -= carry6 << 21;
154-
carry8 = (s8 + _bitMaskFor20) >> 21;
155-
s9 += carry8;
156-
s8 -= carry8 << 21;
157-
carry10 = (s10 + _bitMaskFor20) >> 21;
158-
s11 += carry10;
159-
s10 -= carry10 << 21;
160-
161-
carry1 = (s1 + _bitMaskFor20) >> 21;
162-
s2 += carry1;
163-
s1 -= carry1 << 21;
164-
carry3 = (s3 + _bitMaskFor20) >> 21;
165-
s4 += carry3;
166-
s3 -= carry3 << 21;
167-
carry5 = (s5 + _bitMaskFor20) >> 21;
168-
s6 += carry5;
169-
s5 -= carry5 << 21;
170-
carry7 = (s7 + _bitMaskFor20) >> 21;
171-
s8 += carry7;
172-
s7 -= carry7 << 21;
173-
carry9 = (s9 + _bitMaskFor20) >> 21;
174-
s10 += carry9;
175-
s9 -= carry9 << 21;
176-
carry11 = (s11 + _bitMaskFor20) >> 21;
177-
s12 += carry11;
178-
s11 -= carry11 << 21;
179-
180-
s0 += s12 * 666643.toBigInt;
181-
s1 += s12 * 470296.toBigInt;
182-
s2 += s12 * 654183.toBigInt;
183-
s3 -= s12 * 997805.toBigInt;
184-
s4 += s12 * 136657.toBigInt;
185-
s5 -= s12 * 683901.toBigInt;
186-
s12 = 0.toBigInt;
187-
188-
carry0 = s0 >> 21;
189-
s1 += carry0;
190-
s0 -= carry0 << 21;
191-
carry1 = s1 >> 21;
192-
s2 += carry1;
193-
s1 -= carry1 << 21;
194-
carry2 = s2 >> 21;
195-
s3 += carry2;
196-
s2 -= carry2 << 21;
197-
carry3 = s3 >> 21;
198-
s4 += carry3;
199-
s3 -= carry3 << 21;
200-
carry4 = s4 >> 21;
201-
s5 += carry4;
202-
s4 -= carry4 << 21;
203-
carry5 = s5 >> 21;
204-
s6 += carry5;
205-
s5 -= carry5 << 21;
206-
carry6 = s6 >> 21;
207-
s7 += carry6;
208-
s6 -= carry6 << 21;
209-
carry7 = s7 >> 21;
210-
s8 += carry7;
211-
s7 -= carry7 << 21;
212-
carry8 = s8 >> 21;
213-
s9 += carry8;
214-
s8 -= carry8 << 21;
215-
carry9 = s9 >> 21;
216-
s10 += carry9;
217-
s9 -= carry9 << 21;
218-
carry10 = s10 >> 21;
219-
s11 += carry10;
220-
s10 -= carry10 << 21;
221-
carry11 = s11 >> 21;
222-
s12 += carry11;
223-
s11 -= carry11 << 21;
224-
225-
s0 += s12 * 666643.toBigInt;
226-
s1 += s12 * 470296.toBigInt;
227-
s2 += s12 * 654183.toBigInt;
228-
s3 -= s12 * 997805.toBigInt;
229-
s4 += s12 * 136657.toBigInt;
230-
s5 -= s12 * 683901.toBigInt;
231-
232-
carry0 = s0 >> 21;
233-
s1 += carry0;
234-
s0 -= carry0 << 21;
235-
carry1 = s1 >> 21;
236-
s2 += carry1;
237-
s1 -= carry1 << 21;
238-
carry2 = s2 >> 21;
239-
s3 += carry2;
240-
s2 -= carry2 << 21;
241-
carry3 = s3 >> 21;
242-
s4 += carry3;
243-
s3 -= carry3 << 21;
244-
carry4 = s4 >> 21;
245-
s5 += carry4;
246-
s4 -= carry4 << 21;
247-
carry5 = s5 >> 21;
248-
s6 += carry5;
249-
s5 -= carry5 << 21;
250-
carry6 = s6 >> 21;
251-
s7 += carry6;
252-
s6 -= carry6 << 21;
253-
carry7 = s7 >> 21;
254-
s8 += carry7;
255-
s7 -= carry7 << 21;
256-
carry8 = s8 >> 21;
257-
s9 += carry8;
258-
s8 -= carry8 << 21;
259-
carry9 = s9 >> 21;
260-
s10 += carry9;
261-
s9 -= carry9 << 21;
262-
carry10 = s10 >> 21;
263-
s11 += carry10;
264-
s10 -= carry10 << 21;
265-
final List<BigInt> sBig = List<BigInt>.filled(32, BigInt.zero);
266-
sBig[0] = s0 >> 0;
267-
sBig[1] = s0 >> 8;
268-
sBig[2] = (s0 >> 16) | (s1 << 5);
269-
sBig[3] = s1 >> 3;
270-
sBig[4] = s1 >> 11;
271-
sBig[5] = (s1 >> 19) | (s2 << 2);
272-
sBig[6] = s2 >> 6;
273-
sBig[7] = (s2 >> 14) | (s3 << 7);
274-
sBig[8] = s3 >> 1;
275-
sBig[9] = s3 >> 9;
276-
sBig[10] = (s3 >> 17) | (s4 << 4);
277-
sBig[11] = s4 >> 4;
278-
sBig[12] = s4 >> 12;
279-
sBig[13] = (s4 >> 20) | (s5 << 1);
280-
sBig[14] = s5 >> 7;
281-
sBig[15] = (s5 >> 15) | (s6 << 6);
282-
sBig[16] = s6 >> 2;
283-
sBig[17] = s6 >> 10;
284-
sBig[18] = (s6 >> 18) | (s7 << 3);
285-
sBig[19] = s7 >> 5;
286-
sBig[20] = s7 >> 13;
287-
sBig[21] = s8 >> 0;
288-
sBig[22] = s8 >> 8;
289-
sBig[23] = (s8 >> 16) | (s9 << 5);
290-
sBig[24] = s9 >> 3;
291-
sBig[25] = s9 >> 11;
292-
sBig[26] = (s9 >> 19) | (s10 << 2);
293-
sBig[27] = s10 >> 6;
294-
sBig[28] = (s10 >> 14) | (s11 << 7);
295-
sBig[29] = s11 >> 1;
296-
sBig[30] = s11 >> 9;
297-
sBig[31] = s11 >> 17;
298-
for (int i = 0; i < sBig.length; i++) {
299-
scopy[i] = sBig[i].toUnsignedInt8;
116+
final r = s.clone();
117+
scReduce32(r);
118+
for (int i = 0; i < 32; i++) {
119+
scopy[i] = r[i];
300120
}
301121
}
302122

@@ -5052,7 +4872,7 @@ class CryptoOps {
50524872
}
50534873

50544874
/// these method is not related to cryptoOps
5055-
static List<EDPoint> geDsmPrecompVartimeFast(EDPoint point) {
4875+
static List<EDPoint> geDsmPrecompVar(EDPoint point) {
50564876
final List<EDPoint> oddMultiples = [];
50574877
final twoP = point.doublePoint();
50584878
var current = point;
@@ -5065,7 +4885,7 @@ class CryptoOps {
50654885
return oddMultiples;
50664886
}
50674887

5068-
static EDPoint geDoubleScalarMultPrecompVartimeFast(
4888+
static EDPoint geDoubleScalarMultPrecompPointVar(
50694889
List<int> a, List<EDPoint> aI, List<int> b, List<EDPoint> bI) {
50704890
final aslide = List<int>.filled(256, 0);
50714891
final bslide = List<int>.filled(256, 0);
@@ -5117,7 +4937,7 @@ class CryptoOps {
51174937
return r;
51184938
}
51194939

5120-
static EDPoint geTripleScalarMultBaseVartimeFast(
4940+
static EDPoint geTripleScalarMultBasePointVar(
51214941
{required List<int> a,
51224942
required List<int> b,
51234943
required List<EDPoint> bI,
@@ -5190,13 +5010,13 @@ class CryptoOps {
51905010
return r;
51915011
}
51925012

5193-
static EDPoint geDoubleScalarMultBaseVartimeFast(
5013+
static EDPoint geDoubleScalarMultBasePointVar(
51945014
{required List<int> a, required EDPoint gA, required List<int> b}) {
51955015
final aslide = List<int>.filled(256, 0);
51965016
final bslide = List<int>.filled(256, 0);
51975017
CryptoOps.slide(aslide, a);
51985018
CryptoOps.slide(bslide, b);
5199-
final aI = geDsmPrecompVartimeFast(gA);
5019+
final aI = geDsmPrecompVar(gA);
52005020
final Map<int, String> res = {};
52015021
EDPoint? r;
52025022
// Logg.error("calll ?!");
@@ -5244,7 +5064,7 @@ class CryptoOps {
52445064
return r;
52455065
}
52465066

5247-
static EDPoint geTripleScalarMultPrecompVartimeFast(
5067+
static EDPoint geTripleScalarMultPrecompPointVar(
52485068
List<int> a,
52495069
List<EDPoint> aI,
52505070
List<int> b,

lib/crypto/crypto/cdsa/utils/ed25519.dart

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -129,8 +129,16 @@ class Ed25519Utils {
129129
}
130130
}
131131

132+
static EDPoint? mybeAsPoint(List<int> point) {
133+
try {
134+
return EDPoint.fromBytes(curve: Curves.curveEd25519, data: point);
135+
} catch (e) {
136+
return null;
137+
}
138+
}
139+
132140
/// check scalar is valid
133-
static bool isValidScalar(List<int> bytes) {
141+
static bool scCheck(List<int> bytes) {
134142
return CryptoOps.scCheck(bytes) == 0;
135143
}
136144

@@ -175,40 +183,40 @@ class Ed25519Utils {
175183
return res;
176184
}
177185

178-
static List<int> scMulFast(List<int> scalar, List<int> scalar2) {
186+
static List<int> scMulVar(List<int> scalar, List<int> scalar2) {
179187
final a = BigintUtils.fromBytes(scalar, byteOrder: Endian.little);
180188
final b = BigintUtils.fromBytes(scalar2, byteOrder: Endian.little);
181189
final r = (b * a) % Curves.generatorED25519.order!;
182190
return BigintUtils.toBytes(r, length: 32, order: Endian.little);
183191
}
184192

185-
static List<int> scMulFastBigInt(List<int> scalar, BigInt scalar2) {
193+
static List<int> scMulVarBigInt(List<int> scalar, BigInt scalar2) {
186194
final a = BigintUtils.fromBytes(scalar, byteOrder: Endian.little);
187195
final r = (scalar2 * a) % Curves.generatorED25519.order!;
188196
return BigintUtils.toBytes(r, length: 32, order: Endian.little);
189197
}
190198

191-
static List<int> scSubFast(List<int> scalar, List<int> scalar2) {
199+
static List<int> scSubVar(List<int> scalar, List<int> scalar2) {
192200
final a = BigintUtils.fromBytes(scalar, byteOrder: Endian.little);
193201
final b = BigintUtils.fromBytes(scalar2, byteOrder: Endian.little);
194202
final r = (a - b) % Curves.generatorED25519.order!;
195203
return BigintUtils.toBytes(r, length: 32, order: Endian.little);
196204
}
197205

198-
static List<int> scSubFastBig(List<int> scalar, BigInt scalar2) {
206+
static List<int> scSubVarBigInt(List<int> scalar, BigInt scalar2) {
199207
final a = BigintUtils.fromBytes(scalar, byteOrder: Endian.little);
200208
final r = (a - scalar2) % Curves.generatorED25519.order!;
201209
return BigintUtils.toBytes(r, length: 32, order: Endian.little);
202210
}
203211

204-
static List<int> scAddFast(List<int> scalar, List<int> scalar2) {
212+
static List<int> scAddVar(List<int> scalar, List<int> scalar2) {
205213
final a = BigintUtils.fromBytes(scalar, byteOrder: Endian.little);
206214
final b = BigintUtils.fromBytes(scalar2, byteOrder: Endian.little);
207215
final r = (a + b) % Curves.generatorED25519.order!;
208216
return BigintUtils.toBytes(r, length: 32, order: Endian.little);
209217
}
210218

211-
static List<int> scAddFastBig(List<int> scalar, BigInt scalar2) {
219+
static List<int> scAddVarBig(List<int> scalar, BigInt scalar2) {
212220
final a = BigintUtils.fromBytes(scalar, byteOrder: Endian.little);
213221
final r = (a + scalar2) % Curves.generatorED25519.order!;
214222
return BigintUtils.toBytes(r, length: 32, order: Endian.little);
@@ -218,7 +226,7 @@ class Ed25519Utils {
218226
return BigintUtils.fromBytes(scalar, byteOrder: Endian.little);
219227
}
220228

221-
static List<int> scMulAddFast(
229+
static List<int> scMulAddVar(
222230
List<int> scalar, List<int> scalar2, List<int> scalar3) {
223231
final a = BigintUtils.fromBytes(scalar, byteOrder: Endian.little);
224232
final b = BigintUtils.fromBytes(scalar2, byteOrder: Endian.little);
@@ -227,7 +235,7 @@ class Ed25519Utils {
227235
return BigintUtils.toBytes(r, length: 32, order: Endian.little);
228236
}
229237

230-
static bool scCheckFast(List<int> scalar) {
238+
static bool scCheckVar(List<int> scalar) {
231239
assert(scalar.length == 32, 'invalid scalar size');
232240
final order = Curves.generatorED25519.order!;
233241
final scalarInt = BigintUtils.fromBytes(scalar, byteOrder: Endian.little);

lib/crypto/crypto/cdsa/utils/secp256k1.dart

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ class Secp256k1Utils {
2121
}
2222

2323
/// check scalar is valid and not zero
24-
static bool isValidScalar(Secp256k1Scalar scalar) {
24+
static bool scCheck(Secp256k1Scalar scalar) {
2525
return Secp256k1.secp256k1ScalarCheckOverflow(scalar) == 0 &&
2626
Secp256k1.secp256k1ScalarIsZero(scalar) == 0;
2727
}

0 commit comments

Comments
 (0)