+10 -29

ec/crypto_ec.ml

reviewed

··· 65 65 module Precompute : sig 66 66 val generator_tables : unit -> string array array array 67 67 end 68 68 - end 69 68 70 70 - module type Point = sig 71 71 - type point 72 72 - type scalar 73 73 - 74 74 - val of_octets : string -> (point, error) result 75 75 - val to_octets : ?compress:bool -> point -> string 76 76 - val scalar_of_octets : string -> (scalar, error) result 77 77 - val scalar_to_octets : scalar -> string 78 78 - val generator : point 79 79 - val add : point -> point -> point 80 80 - val scalar_mult : scalar -> point -> point 69 69 + module Primitive : sig 70 70 + val generator : pub 71 71 + val add : pub -> pub -> pub 72 72 + val scalar_mult : priv -> pub -> pub 73 73 + end 81 74 end 82 75 83 76 module type Dh_dsa = sig 84 77 module Dh : Dh 85 78 module Dsa : Dsa 86 86 - module Point : Point 87 79 end 88 80 89 81 type field_element = string ··· 776 768 module Precompute = struct 777 769 let generator_tables = S.generator_tables 778 770 end 779 779 - end 780 771 781 781 - module Make_point (P : Point_ops) (S : Scalar) : 782 782 - Point with type point = point and type scalar = scalar = struct 783 783 - type nonrec point = point 784 784 - type nonrec scalar = scalar 785 785 - 786 786 - let of_octets = P.of_octets 787 787 - let to_octets ?(compress = false) p = P.to_octets ~compress p 788 788 - let scalar_of_octets = S.of_octets 789 789 - let scalar_to_octets = S.to_octets 790 790 - let generator = P.params_g 791 791 - let add = P.add 792 792 - let scalar_mult = S.scalar_mult 772 772 + module Primitive = struct 773 773 + let generator = P.params_g 774 774 + let add = P.add 775 775 + let scalar_mult = S.scalar_mult 776 776 + end 793 777 end 794 778 795 779 module P256 : Dh_dsa = struct ··· 910 894 module Dh = Make_dh (Params) (P) (S) 911 895 module Fn = Make_Fn (Params) (Foreign_n) 912 896 module Dsa = Make_dsa (Params) (Fn) (P) (S) (Digestif.SHA256) 913 913 - module Point = Make_point (P) (S) 914 897 end 915 898 916 899 module P384 : Dh_dsa = struct ··· 1031 1014 module Dh = Make_dh (Params) (P) (S) 1032 1015 module Fn = Make_Fn (Params) (Foreign_n) 1033 1016 module Dsa = Make_dsa (Params) (Fn) (P) (S) (Digestif.SHA384) 1034 1034 - module Point = Make_point (P) (S) 1035 1017 end 1036 1018 1037 1019 module P521 : Dh_dsa = struct ··· 1156 1138 module Dh = Make_dh (Params) (P) (S) 1157 1139 module Fn = Make_Fn (Params) (Foreign_n) 1158 1140 module Dsa = Make_dsa (Params) (Fn) (P) (S) (Digestif.SHA512) 1159 1159 - module Point = Make_point (P) (S) 1160 1141 end 1161 1142 1162 1143 module X25519 = struct

+9 -33

ec/crypto_ec.mli

reviewed

··· 147 147 the generator point for the curve. Useful only to bootstrap tables 148 148 necessary for scalar multiplication. *) 149 149 end 150 150 - end 151 150 152 152 - (** Low-level point arithmetic. *) 153 153 - module type Point = sig 154 154 - type point 155 155 - (** The type for points on the elliptic curve. *) 156 156 - 157 157 - type scalar 158 158 - (** The type for scalars. *) 159 159 - 160 160 - val of_octets : string -> (point, error) result 161 161 - (** [of_octets buf] decodes a point from [buf] in uncompressed or compressed 162 162 - SEC 1 format. Returns an error if the point is not on the curve. *) 163 163 - 164 164 - val to_octets : ?compress:bool -> point -> string 165 165 - (** [to_octets ~compress point] encodes [point] to SEC 1 format. If [compress] 166 166 - is [true] (default [false]), the compressed format is used. *) 167 167 - 168 168 - val scalar_of_octets : string -> (scalar, error) result 169 169 - (** [scalar_of_octets buf] decodes a scalar from [buf]. Returns an error if 170 170 - the scalar is not in the valid range \[1, n-1\] where n is the group 171 171 - order. *) 151 151 + (** {2 Primitive operations} *) 172 152 173 173 - val scalar_to_octets : scalar -> string 174 174 - (** [scalar_to_octets scalar] encodes [scalar] to a byte string. *) 153 153 + module Primitive : sig 154 154 + val generator : pub 155 155 + (** [generator] is the generator point (base point) of the curve. *) 175 156 176 176 - val generator : point 177 177 - (** [generator] is the generator point (base point) of the curve. *) 157 157 + val add : pub -> pub -> pub 158 158 + (** [add p q] is the sum of points [p] and [q]. *) 178 159 179 179 - val add : point -> point -> point 180 180 - (** [add p q] is the sum of points [p] and [q]. *) 181 181 - 182 182 - val scalar_mult : scalar -> point -> point 183 183 - (** [scalar_mult s p] is the scalar multiplication of [p] by [s]. *) 160 160 + val scalar_mult : priv -> pub -> pub 161 161 + (** [scalar_mult s p] is the scalar multiplication of [p] by [s]. *) 162 162 + end 184 163 end 185 164 186 165 (** Elliptic curve with Diffie-Hellman and DSA. *) ··· 190 169 191 170 module Dsa : Dsa 192 171 (** Digital signature algorithm. *) 193 193 - 194 194 - module Point : Point 195 195 - (** Low-level point arithmetic. *) 196 172 end 197 173 198 174 module P256 : Dh_dsa

+30 -32

test/test_crypto_ec.ml

reviewed

··· 999 999 let open C in 1000 1000 let test_generator_not_identity () = 1001 1001 (* Generator should not be the identity (at infinity) *) 1002 1002 - let g = Point.generator in 1003 1003 - let g_bytes = Point.to_octets g in 1002 1002 + let g = Dsa.Primitive.generator in 1003 1003 + let g_bytes = Dsa.pub_to_octets g in 1004 1004 (* Generator serialized should not be just the identity point *) 1005 1005 Alcotest.(check bool) 1006 1006 "generator has non-trivial encoding" true 1007 1007 (String.length g_bytes > 1) 1008 1008 in 1009 1009 let test_point_serialization_roundtrip () = 1010 1010 - (* Generate a key pair and check that the public key roundtrips through Point *) 1010 1010 + (* Generate a key pair and check that the public key roundtrips *) 1011 1011 let _priv, pub = Dsa.generate () in 1012 1012 let pub_bytes = Dsa.pub_to_octets pub in 1013 1013 - match Point.of_octets pub_bytes with 1013 1013 + match Dsa.pub_of_octets pub_bytes with 1014 1014 | Ok point -> 1015 1015 - let point_bytes = Point.to_octets point in 1015 1015 + let point_bytes = Dsa.pub_to_octets point in 1016 1016 Alcotest.(check string) "point roundtrip" pub_bytes point_bytes 1017 1017 - | Error e -> Alcotest.failf "of_octets failed: %a" pp_error e 1017 1017 + | Error e -> Alcotest.failf "pub_of_octets failed: %a" pp_error e 1018 1018 in 1019 1019 let test_point_compressed_serialization () = 1020 1020 let _priv, pub = Dsa.generate () in 1021 1021 let pub_bytes = Dsa.pub_to_octets pub in 1022 1022 - match Point.of_octets pub_bytes with 1022 1022 + match Dsa.pub_of_octets pub_bytes with 1023 1023 | Ok point -> ( 1024 1024 - let compressed = Point.to_octets ~compress:true point in 1024 1024 + let compressed = Dsa.pub_to_octets ~compress:true point in 1025 1025 (* Compressed form should be shorter *) 1026 1026 Alcotest.(check bool) 1027 1027 "compressed is shorter" true 1028 1028 (String.length compressed < String.length pub_bytes); 1029 1029 (* Should be able to decode compressed form *) 1030 1030 - match Point.of_octets compressed with 1030 1030 + match Dsa.pub_of_octets compressed with 1031 1031 | Ok point' -> 1032 1032 - let uncompressed = Point.to_octets point' in 1032 1032 + let uncompressed = Dsa.pub_to_octets point' in 1033 1033 Alcotest.(check string) 1034 1034 "compressed roundtrip" pub_bytes uncompressed 1035 1035 - | Error e -> Alcotest.failf "compressed of_octets failed: %a" pp_error e 1036 1036 - ) 1037 1037 - | Error e -> Alcotest.failf "of_octets failed: %a" pp_error e 1035 1035 + | Error e -> 1036 1036 + Alcotest.failf "compressed pub_of_octets failed: %a" pp_error e) 1037 1037 + | Error e -> Alcotest.failf "pub_of_octets failed: %a" pp_error e 1038 1038 in 1039 1039 let test_scalar_serialization_roundtrip () = 1040 1040 (* Generate a key and check scalar roundtrip *) 1041 1041 - let secret, _pub = Dh.gen_key () in 1042 1042 - let secret_bytes = Dh.secret_to_octets secret in 1043 1043 - match Point.scalar_of_octets secret_bytes with 1041 1041 + let priv, _pub = Dsa.generate () in 1042 1042 + let priv_bytes = Dsa.priv_to_octets priv in 1043 1043 + match Dsa.priv_of_octets priv_bytes with 1044 1044 | Ok scalar -> 1045 1045 - let scalar_bytes = Point.scalar_to_octets scalar in 1046 1046 - Alcotest.(check string) "scalar roundtrip" secret_bytes scalar_bytes 1047 1047 - | Error e -> Alcotest.failf "scalar_of_octets failed: %a" pp_error e 1045 1045 + let scalar_bytes = Dsa.priv_to_octets scalar in 1046 1046 + Alcotest.(check string) "scalar roundtrip" priv_bytes scalar_bytes 1047 1047 + | Error e -> Alcotest.failf "priv_of_octets failed: %a" pp_error e 1048 1048 in 1049 1049 let test_scalar_mult_with_generator () = 1050 1050 (* scalar_mult with generator should give the same result as pub_of_priv *) 1051 1051 let priv, pub = Dsa.generate () in 1052 1052 - let priv_bytes = Dsa.priv_to_octets priv in 1053 1052 let pub_bytes = Dsa.pub_to_octets pub in 1054 1054 - match Point.scalar_of_octets priv_bytes with 1055 1055 - | Ok scalar -> 1056 1056 - let computed_pub = Point.scalar_mult scalar Point.generator in 1057 1057 - let computed_bytes = Point.to_octets computed_pub in 1058 1058 - Alcotest.(check string) "scalar_mult generator" pub_bytes computed_bytes 1059 1059 - | Error e -> Alcotest.failf "scalar_of_octets failed: %a" pp_error e 1053 1053 + let computed_pub = Dsa.Primitive.scalar_mult priv Dsa.Primitive.generator in 1054 1054 + let computed_bytes = Dsa.pub_to_octets computed_pub in 1055 1055 + Alcotest.(check string) "scalar_mult generator" pub_bytes computed_bytes 1060 1056 in 1061 1057 let test_point_add () = 1062 1058 (* Test that P + P = 2P (scalar_mult 2 P) *) 1063 1063 - let g = Point.generator in 1064 1064 - let g_plus_g = Point.add g g in 1059 1059 + let g = Dsa.Primitive.generator in 1060 1060 + let g_plus_g = Dsa.Primitive.add g g in 1065 1061 (* scalar 2 in big-endian encoding *) 1066 1062 let two = 1067 1063 let buf = Bytes.make Dsa.byte_length '\000' in 1068 1064 Bytes.set_uint8 buf (Dsa.byte_length - 1) 2; 1069 1065 Bytes.to_string buf 1070 1066 in 1071 1071 - match Point.scalar_of_octets two with 1067 1067 + match Dsa.priv_of_octets two with 1072 1068 | Ok scalar_2 -> 1073 1073 - let two_g = Point.scalar_mult scalar_2 g in 1069 1069 + let two_g = Dsa.Primitive.scalar_mult scalar_2 g in 1074 1070 Alcotest.(check string) 1075 1075 - "G + G = 2G" (Point.to_octets g_plus_g) (Point.to_octets two_g) 1076 1076 - | Error e -> Alcotest.failf "scalar_of_octets 2 failed: %a" pp_error e 1071 1071 + "G + G = 2G" 1072 1072 + (Dsa.pub_to_octets g_plus_g) 1073 1073 + (Dsa.pub_to_octets two_g) 1074 1074 + | Error e -> Alcotest.failf "priv_of_octets 2 failed: %a" pp_error e 1077 1075 in 1078 1076 [ 1079 1077 (name ^ " Point generator", `Quick, test_generator_not_identity);