When we multiply the basepoint of
curve25519 with a scalar number, an exception is thrown.
Integer gx(group.GetSubgroupGenerator().x); Integer gy(group.GetSubgroupGenerator().y); ECP::Point g(gx, gy); ECP::Point P(group.GetCurve().ScalarMultiply(g, 3)); Exception thrown at 0x005B4412 in CryptoExample.exe: 0xC0000005: Access violation reading location 0x00000000.
How can we take generator, other than basepoint in this curve?
Integer gx(group.GetSubgroupGenerator().x); Integer gy(group.GetSubgroupGenerator().y); ECP::Point g(gx, gy); ECP::Point P(group.GetCurve().ScalarMultiply(g, 3));
group.GetCurve() is likely returning
NULL because no curve has been set. But the curve25519 gear is probably not going to function correctly using the standard way of doing things (like shown at Scalar multiplication on secp521r1 using Crypto++). In fact, if you run the following code:
GroupParameters group; group.Initialize(ASN1::X25519());
Then the code will result in an exception because the domain parameters are missing in
$ ./test.exe terminate called after throwing an instance of 'CryptoPP::UnknownOID' what(): BER decode error: unknown object identifier
The curve25519 gear is special in Crypto++. Rather than using the library's underlying
Integer class and typical field operations through
GroupParameters object, it uses a constant time implementation from Andrew Moon called Donna. The library then wraps Moon's Donna code and provides most expected operation using Crypto++ objects like
However, "... and provides most expected operation" stops precisely at the lower-level objects like
DL_GroupParameters_EC, which is the interface you are trying to use.
You might also want to take a look at the functions available in
int curve25519_mult (byte publicKey, const byte secretKey) Generate a public key. More... int curve25519_mult (byte sharedKey, const byte secretKey, const byte othersKey) Generate a shared key. More...
Those are the scalar multiplications you are looking for. The first
curve25519_mult uses a basepoint of 9. The second
curve25519_mult allows you to specify an arbitrary basepoint.
donna.h should be a private header, but we had to expose it because of the missing curve operations. However, Donna is still missing functions for
Double, though they could probably be exported if needed.
The Crypto++ library uses Andrew Moon's constant time ed25519-donna. The curve25519 gear appears to be like most other comparable public key objects in the Crypto++ library but it is mostly a facade. The Crypto++ classes are just wrappers around Moon's code that present some of the expected interface for callers. A side effect of the integration is, there is no general Point, Curve, or GroupParameters so you can't perform arbitrary calculations with curve25519.
The reason curve25519 is special is, we needed to provide the gear, but wanted to avoid a lot of changes required to properly support it. The library supports short Weierstrass curves well, but has nearly no support for Edwards and Twisted Edward curves.
Eventually curve25519 will be properly added to the library.
User contributions licensed under CC BY-SA 3.0