set random two highest bits

libi2pd/Elligator.cpp

@@ -1,3 +1,4 @@
+#include <openssl/rand.h>
 #include "Crypto.h"
 #include "Elligator.h"
 
@@ -39,7 +40,7 @@ namespace crypto
 		BN_free (u); BN_free (iu); 
 	}
 
-	bool Elligator2::Encode (const uint8_t * key, uint8_t * encoded, bool highY) const
+	bool Elligator2::Encode (const uint8_t * key, uint8_t * encoded) const
     {
 		bool ret = true;
 		BN_CTX * ctx = BN_CTX_new ();
@@ -62,6 +63,10 @@ namespace crypto
 		
 		if (Legendre (uxxA, ctx) != -1)
 		{	
+            uint8_t randByte; // random highest bits and high y
+            RAND_bytes (&randByte, 1);
+            bool highY = randByte & 0x01;
+    	
 			BIGNUM * r = BN_CTX_get (ctx);
 			if (highY)
 			{
@@ -78,6 +83,7 @@ namespace crypto
 			SquareRoot (r, r, ctx);
 			bn2buf (r, encoded, 32);
 		
+            encoded[0] |= (randByte & 0xC0); // copy two highest bits from randByte
 			for (size_t i = 0; i < 16; i++) // To Little Endian
 			{
 				uint8_t tmp = encoded[i];
@@ -105,6 +111,7 @@ namespace crypto
 			encoded1[i] = encoded[31 - i];
 			encoded1[31 - i] = encoded[i];
 		}
+        encoded1[0] &= 0x3F; // drop two highest bits
 
 		BIGNUM * r = BN_CTX_get (ctx); BN_bin2bn (encoded1, 32, r);
 

libi2pd/Elligator.h

@@ -17,7 +17,7 @@ namespace crypto
 			Elligator2 ();
 			~Elligator2 ();
 
-			bool Encode (const uint8_t * key, uint8_t * encoded, bool highY = false) const;
+			bool Encode (const uint8_t * key, uint8_t * encoded) const;
 			bool Decode (const uint8_t * encoded, uint8_t * key) const;
 
 		private: