diff --git a/ccryptolib/x25519c.lua b/ccryptolib/x25519c.lua index ee00bc6..406a1f4 100644 --- a/ccryptolib/x25519c.lua +++ b/ccryptolib/x25519c.lua @@ -6,8 +6,8 @@ local ed = require "ccryptolib.internal.edwards25519" local sha512 = require "ccryptolib.internal.sha512" local random = require "ccryptolib.random" ---- Transforms an X25519 secret key into a masked key. -local function maskExchangeSk(sk) +--- Masks an exchange secret key. +local function maskX(sk) expect(1, sk, "string") assert(#sk == 32, "secret key length must be 32") local mask = random.random(32) @@ -17,11 +17,11 @@ local function maskExchangeSk(sk) return fq.encode(xr) .. mask end ---- Transforms an Ed25519 secret key into a masked key. -function maskSignatureSk(sk) +--- Masks a signature secret key. +function maskS(sk) expect(1, sk, "string") assert(#sk == 32, "secret key length must be 32") - return maskExchangeSk(sha512.digest(sk):sub(1, 32)) + return maskX(sha512.digest(sk):sub(1, 32)) end --- Rerandomizes the masking on a masked key. @@ -42,7 +42,7 @@ end -- the first being the key that has been masked. The ephemeral key changes every -- time @{remask} is called. -- -local function exchangeEsk(sk) +local function ephemeralSk(sk) expect(1, sk, "string") assert(#sk == 64, "masked secret key length must be 64") return sk:sub(33) @@ -107,14 +107,14 @@ local function exchangeOnPoint(sk, P) end --- Returns the X25519 public key of this masked key. -local function exchangePk(sk) +local function publicKeyX(sk) expect(1, sk, "string") assert(#sk == 64, "masked secret key length must be 64") return (exchangeOnPoint(sk, c25.G)) end --- Returns the Ed25519 public key of this masked key. -local function signaturePk(sk) +local function publicKeyS(sk) expect(1, sk, "string") assert(#sk == 64, "masked secret key length must be 64") local xr = fq.decode(sk:sub(1, 32)) @@ -132,7 +132,7 @@ end -- May incorrectly return 0 with negligible chance if the mask happens to match -- the masked key. I haven't checked if clamping prevents that from happening. -- -local function exchange(sk, pk) +local function exchangeX(sk, pk) expect(1, sk, "string") assert(#sk == 64, "masked secret key length must be 64") expect(2, pk, "string") @@ -146,7 +146,7 @@ end -- regular exchange. Using this function on the result of @{signaturePk} leads -- to the same value as using @{exchange} on the result of @{exchangePk}. -- -local function exchangeEd(sk, pk) +local function exchangeS(sk, pk) expect(1, sk, "string") assert(#sk == 64, "masked secret key length must be 64") expect(2, pk, "string") @@ -181,13 +181,13 @@ local function sign(sk, pk, msg) end return { - maskExchangeSk = maskExchangeSk, - maskSignatureSk = maskSignatureSk, + maskX = maskX, + maskS = maskS, remask = remask, - exchangePk = exchangePk, - exchangeEsk = exchangeEsk, - signaturePk = signaturePk, - exchange = exchange, - exchangeEd = exchangeEd, + publicKeyX = publicKeyX, + ephemeralSk = ephemeralSk, + publicKeyS = publicKeyS, + exchangeX = exchangeX, + exchangeS = exchangeS, sign = sign, } diff --git a/spec/x25519c_spec.lua b/spec/x25519c_spec.lua index 0f0615f..00440eb 100644 --- a/spec/x25519c_spec.lua +++ b/spec/x25519c_spec.lua @@ -7,12 +7,12 @@ local util = require "spec.util" local x25519c = require "ccryptolib.x25519c" local function exchange(sk, pk) - local sk = x25519c.maskExchangeSk(sk) + local sk = x25519c.maskX(sk) sk = x25519c.remask(sk) - return (x25519c.exchange(sk, pk)) + return (x25519c.exchangeX(sk, pk)) end -describe("x25519c.exchange", function() +describe("x25519c.exchangeX", function() it("passes the section 5.2 test vector #1", function() local x = util.hexcat { "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",