Further clean up and some additional unit tests.

rick-r3 · rick-r3 · commit 7eb3c57f02eb · 2018-04-12T14:32:50.000+01:00
diff --git a/src/net/i2p/crypto/eddsa/EdDSAPublicKey.java b/src/net/i2p/crypto/eddsa/EdDSAPublicKey.java
@@ -40,7 +40,7 @@
 public class EdDSAPublicKey implements EdDSAKey, PublicKey {
     private static final long serialVersionUID = 9837459837498475L;
     private final GroupElement A;
-    private final GroupElement Aneg;
+    private GroupElement Aneg = null;
     private final byte[] Abyte;
     private final EdDSAParameterSpec edDsaSpec;
 
@@ -52,7 +52,6 @@ public class EdDSAPublicKey implements EdDSAKey, PublicKey {
 
     public EdDSAPublicKey(EdDSAPublicKeySpec spec) {
         this.A = spec.getA();
-        this.Aneg = spec.getNegativeA();
         this.Abyte = this.A.toByteArray();
         this.edDsaSpec = spec.getParams();
     }
@@ -250,7 +249,13 @@ public GroupElement getA() {
     }
 
     public GroupElement getNegativeA() {
-        return Aneg;
+        // Only read Aneg once, otherwise read re-ordering might occur between here and return. Requires all GroupElement's fields to be final.
+        GroupElement ourAneg = Aneg;
+        if(ourAneg == null) {
+            ourAneg = A.negate();
+            Aneg = ourAneg;
+        }
+        return ourAneg;
     }
 
     public byte[] getAbyte() {
diff --git a/src/net/i2p/crypto/eddsa/math/GroupElement.java b/src/net/i2p/crypto/eddsa/math/GroupElement.java
@@ -50,7 +50,7 @@ public enum Representation {
         P2,
         /** Extended ($P^3$): $(X:Y:Z:T)$ satisfying $x=X/Z, y=Y/Z, XY=ZT$ */
         P3,
-        /** P3 but also populate dblPrecmp */
+        /** Can only be requested.  Results in P3 representation but also populates dblPrecmp. */
         P3PrecomputedDouble,
         /** Completed ($P \times P$): $((X:Z),(Y:T))$ satisfying $x=X/Z, y=Y/T$ */
         P1P1,
@@ -74,11 +74,30 @@ public static GroupElement p2(
             final FieldElement X,
             final FieldElement Y,
             final FieldElement Z) {
-        return new GroupElement(curve, Representation.P2, X, Y, Z, null, false);
+        return new GroupElement(curve, Representation.P2, X, Y, Z, null);
     }
 
     /**
-     * Creates a new group element in P3 representation.
+     * Creates a new group element in P3 representation, without pre-computation.
+     *
+     * @param curve The curve.
+     * @param X The $X$ coordinate.
+     * @param Y The $Y$ coordinate.
+     * @param Z The $Z$ coordinate.
+     * @param T The $T$ coordinate.
+     * @return The group element in P3 representation.
+     */
+    public static GroupElement p3(
+            final Curve curve,
+            final FieldElement X,
+            final FieldElement Y,
+            final FieldElement Z,
+            final FieldElement T) {
+        return p3(curve, X, Y, Z, T, false);
+    }
+
+    /**
+     * Creates a new group element in P3 representation, potentially with pre-computation.
      *
      * @param curve The curve.
      * @param X The $X$ coordinate.
@@ -114,7 +133,7 @@ public static GroupElement p1p1(
             final FieldElement Y,
             final FieldElement Z,
             final FieldElement T) {
-        return new GroupElement(curve, Representation.P1P1, X, Y, Z, T, false);
+        return new GroupElement(curve, Representation.P1P1, X, Y, Z, T);
     }
 
     /**
@@ -131,7 +150,7 @@ public static GroupElement precomp(
             final FieldElement ypx,
             final FieldElement ymx,
             final FieldElement xy2d) {
-        return new GroupElement(curve, Representation.PRECOMP, ypx, ymx, xy2d, null, false);
+        return new GroupElement(curve, Representation.PRECOMP, ypx, ymx, xy2d, null);
     }
 
     /**
@@ -150,7 +169,7 @@ public static GroupElement cached(
             final FieldElement YmX,
             final FieldElement Z,
             final FieldElement T2d) {
-        return new GroupElement(curve, Representation.CACHED, YpX, YmX, Z, T2d, false);
+        return new GroupElement(curve, Representation.CACHED, YpX, YmX, Z, T2d);
     }
 
     /**
@@ -200,7 +219,27 @@ public static GroupElement cached(
     final GroupElement[] dblPrecmp;
 
     /**
-     * Creates a group element for a curve.
+     * Creates a group element for a curve, without any pre-computation.
+     *
+     * @param curve The curve.
+     * @param repr The representation used to represent the group element.
+     * @param X The $X$ coordinate.
+     * @param Y The $Y$ coordinate.
+     * @param Z The $Z$ coordinate.
+     * @param T The $T$ coordinate.
+     */
+    public GroupElement(
+            final Curve curve,
+            final Representation repr,
+            final FieldElement X,
+            final FieldElement Y,
+            final FieldElement Z,
+            final FieldElement T) {
+        this(curve, repr, X, Y, Z, T, false);
+    }
+
+    /**
+     * Creates a group element for a curve, with optional pre-computation.
      *
      * @param curve The curve.
      * @param repr The representation used to represent the group element.
@@ -229,7 +268,7 @@ public GroupElement(
     }
 
     /**
-     * Creates a group element for a curve from a given encoded point.
+     * Creates a group element for a curve from a given encoded point. No pre-computation.
      * <p>
      * A point $(x,y)$ is encoded by storing $y$ in bit 0 to bit 254 and the sign of $x$ in bit 255.
      * $x$ is recovered in the following way:
@@ -249,7 +288,7 @@ public GroupElement(final Curve curve, final byte[] s) {
     }
 
     /**
-     * Creates a group element for a curve from a given encoded point.
+     * Creates a group element for a curve from a given encoded point.  With optional pre-computation.
      * <p>
      * A point $(x,y)$ is encoded by storing $y$ in bit 0 to bit 254 and the sign of $x$ in bit 255.
      * $x$ is recovered in the following way:
@@ -265,7 +304,6 @@ public GroupElement(final Curve curve, final byte[] s) {
      * @param s The encoded point.
      * @param precomputeSingleAndDouble If true, populate both precmp and dblPrecmp, else set both to null.
      */
-    // TODO
     public GroupElement(final Curve curve, final byte[] s, boolean precomputeSingleAndDouble) {
         FieldElement x, y, yy, u, v, v3, vxx, check;
         y = curve.getField().fromByteArray(s);
diff --git a/test/net/i2p/crypto/eddsa/math/GroupElementTest.java b/test/net/i2p/crypto/eddsa/math/GroupElementTest.java
@@ -68,10 +68,24 @@ public void testP2() {
     }
 
     /**
-     * Test method for {@link GroupElement#p3(Curve, FieldElement, FieldElement, FieldElement, FieldElement, boolean)}.
+     * Test method for {@link GroupElement#p3(Curve, FieldElement, FieldElement, FieldElement, FieldElement)}.
      */
     @Test
     public void testP3() {
+        final GroupElement t = GroupElement.p3(curve, ZERO, ONE, ONE, ZERO);
+        assertThat(t.curve, is(equalTo(curve)));
+        assertThat(t.repr, is(GroupElement.Representation.P3));
+        assertThat(t.X, is(ZERO));
+        assertThat(t.Y, is(ONE));
+        assertThat(t.Z, is(ONE));
+        assertThat(t.T, is(ZERO));
+    }
+
+    /**
+     * Test method for {@link GroupElement#p3(Curve, FieldElement, FieldElement, FieldElement, FieldElement, boolean)}.
+     */
+    @Test
+    public void testP3WithExplicitFlag() {
         final GroupElement t = GroupElement.p3(curve, ZERO, ONE, ONE, ZERO, false);
         assertThat(t.curve, is(equalTo(curve)));
         assertThat(t.repr, is(GroupElement.Representation.P3));
@@ -124,10 +138,24 @@ public void testCached() {
     }
 
     /**
-     * Test method for {@link GroupElement#GroupElement(Curve, GroupElement.Representation, FieldElement, FieldElement, FieldElement, FieldElement, boolean)}.
+     * Test method for {@link GroupElement#GroupElement(Curve, GroupElement.Representation, FieldElement, FieldElement, FieldElement, FieldElement)}.
      */
     @Test
     public void testGroupElementCurveRepresentationFieldElementFieldElementFieldElementFieldElement() {
+        final GroupElement t = new GroupElement(curve, GroupElement.Representation.P3, ZERO, ONE, ONE, ZERO);
+        assertThat(t.curve, is(equalTo(curve)));
+        assertThat(t.repr, is(GroupElement.Representation.P3));
+        assertThat(t.X, is(ZERO));
+        assertThat(t.Y, is(ONE));
+        assertThat(t.Z, is(ONE));
+        assertThat(t.T, is(ZERO));
+    }
+
+    /**
+     * Test method for {@link GroupElement#GroupElement(Curve, GroupElement.Representation, FieldElement, FieldElement, FieldElement, FieldElement, boolean)}.
+     */
+    @Test
+    public void testGroupElementCurveRepresentationFieldElementFieldElementFieldElementFieldElementWithExplicitFlag() {
         final GroupElement t = new GroupElement(curve, GroupElement.Representation.P3, ZERO, ONE, ONE, ZERO, false);
         assertThat(t.curve, is(equalTo(curve)));
         assertThat(t.repr, is(GroupElement.Representation.P3));
@@ -157,7 +185,7 @@ public void testToAndFromByteArray() {
     @Test
     public void testGroupElementByteArray() {
         final GroupElement t = new GroupElement(curve, BYTES_PKR);
-        final GroupElement s = GroupElement.p3(curve, PKR[0], PKR[1], ONE, PKR[0].multiply(PKR[1]),false);
+        final GroupElement s = GroupElement.p3(curve, PKR[0], PKR[1], ONE, PKR[0].multiply(PKR[1]));
         assertThat(t, is(equalTo(s)));
     }
 
@@ -391,6 +419,29 @@ public void toP3ReturnsExpectedResultIfGroupElementHasP3Representation() {
         }
     }
 
+    @Test
+    public void toP3PrecomputeDoubleReturnsExpectedResultIfGroupElementHasP1P1Representation() {
+        for (int i=0; i<10; i++) {
+            // Arrange:
+            final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.P1P1);
+
+            // Act:
+            final GroupElement h1 = g.toP3PrecomputeDouble();
+            final GroupElement h2 = MathUtils.toRepresentation(g, GroupElement.Representation.P3PrecomputedDouble);
+
+            // Assert:
+            Assert.assertThat(h1, IsEqual.equalTo(h2));
+            Assert.assertThat(h1.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.P3));
+            Assert.assertThat(h1.getX(), IsEqual.equalTo(g.getX().multiply(g.getT())));
+            Assert.assertThat(h1.getY(), IsEqual.equalTo(g.getY().multiply(g.getZ())));
+            Assert.assertThat(h1.getZ(), IsEqual.equalTo(g.getZ().multiply(g.getT())));
+            Assert.assertThat(h1.getT(), IsEqual.equalTo(g.getX().multiply(g.getY())));
+            Assert.assertThat(h1.precmp, IsNull.nullValue());
+            Assert.assertThat(h1.dblPrecmp, IsNull.notNullValue());
+            Assert.assertThat(h1.dblPrecmp, IsEqual.equalTo(h2.dblPrecmp));
+        }
+    }
+
     @Test (expected = IllegalArgumentException.class)
     public void toCachedThrowsIfGroupElementHasP2Representation() {
         // Arrange:
@@ -529,7 +580,7 @@ public void dblReturnsExpectedResult() {
 
     @Test
     public void addingNeutralGroupElementDoesNotChangeGroupElement() {
-        final GroupElement neutral = GroupElement.p3(curve, curve.getField().ZERO, curve.getField().ONE, curve.getField().ONE, curve.getField().ZERO, false);
+        final GroupElement neutral = GroupElement.p3(curve, curve.getField().ZERO, curve.getField().ONE, curve.getField().ONE, curve.getField().ZERO);
         for (int i=0; i<1000; i++) {
             // Arrange:
             final GroupElement g = MathUtils.getRandomGroupElement();
diff --git a/test/net/i2p/crypto/eddsa/math/MathUtils.java b/test/net/i2p/crypto/eddsa/math/MathUtils.java
@@ -260,6 +260,7 @@ public static GroupElement toRepresentation(final GroupElement g, final GroupEle
         switch (g.getRepresentation()) {
             case P2:
             case P3:
+            case P3PrecomputedDouble:
                 x = gX.multiply(gZ.modInverse(getQ())).mod(getQ());
                 y = gY.multiply(gZ.modInverse(getQ())).mod(getQ());
                 break;
@@ -294,6 +295,13 @@ public static GroupElement toRepresentation(final GroupElement g, final GroupEle
                         toFieldElement(y),
                         getField().ONE,
                         toFieldElement(x.multiply(y).mod(getQ())), false);
+            case P3PrecomputedDouble:
+                return GroupElement.p3(
+                        curve,
+                        toFieldElement(x),
+                        toFieldElement(y),
+                        getField().ONE,
+                        toFieldElement(x.multiply(y).mod(getQ())), true);
             case P1P1:
                 return GroupElement.p1p1(
                         curve,
diff --git a/test/net/i2p/crypto/eddsa/spec/EdDSANamedCurveTableTest.java b/test/net/i2p/crypto/eddsa/spec/EdDSANamedCurveTableTest.java
@@ -11,6 +11,7 @@
  */
 package net.i2p.crypto.eddsa.spec;
 
+import static net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.ED_25519;
 import static org.hamcrest.Matchers.*;
 import static org.junit.Assert.*;
 
@@ -33,4 +34,10 @@ public void curveNamesAreCaseInspecific() {
         assertThat(lower, is(equalTo(mixed)));
         assertThat(upper, is(equalTo(mixed)));
     }
+
+    @Test
+    public void testConstant() {
+        EdDSANamedCurveSpec spec = EdDSANamedCurveTable.getByName("Ed25519");
+        assertThat("Named curve and constant should match", spec, is(equalTo(ED_25519)));
+    }
 }
