dualcone 0.0.1 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE.txt +12 -18
- data/README.md +10 -17
- data/ext/dualcone/dualcone.c +45 -5
- data/ext/dualcone/extconf.rb +9 -8
- data/lib/dualcone/version.rb +1 -1
- data/vendor/libhydrogen/LICENSE +1 -1
- data/vendor/libhydrogen/Makefile +1 -1
- data/vendor/libhydrogen/README.md +3 -1
- data/vendor/libhydrogen/hydrogen.c +2 -1
- data/vendor/libhydrogen/hydrogen.h +24 -24
- data/vendor/libhydrogen/impl/common.h +3 -3
- data/vendor/libhydrogen/impl/core.h +2 -4
- data/vendor/libhydrogen/impl/gimli-core/sse2.h +1 -1
- data/vendor/libhydrogen/impl/hash.h +6 -6
- data/vendor/libhydrogen/impl/hydrogen_p.h +12 -12
- data/vendor/libhydrogen/impl/pwhash.h +6 -6
- data/vendor/libhydrogen/impl/random/avr.h +61 -0
- data/vendor/libhydrogen/impl/random/esp32.h +32 -0
- data/vendor/libhydrogen/impl/random/mbed.h +44 -0
- data/vendor/libhydrogen/impl/random/nrf52832.h +41 -0
- data/vendor/libhydrogen/impl/random/particle.h +26 -0
- data/vendor/libhydrogen/impl/random/riot.h +10 -0
- data/vendor/libhydrogen/impl/random/rtthread.h +37 -0
- data/vendor/libhydrogen/impl/random/stm32.h +47 -0
- data/vendor/libhydrogen/impl/random/unix.h +85 -0
- data/vendor/libhydrogen/impl/random/wasi.h +12 -0
- data/vendor/libhydrogen/impl/random/windows.h +20 -0
- data/vendor/libhydrogen/impl/random.h +19 -337
- data/vendor/libhydrogen/impl/secretbox.h +1 -1
- data/vendor/libhydrogen/impl/sign.h +2 -2
- data/vendor/libhydrogen/impl/x25519.h +22 -20
- metadata +46 -6
@@ -6,351 +6,33 @@ static TLS struct {
|
|
6
6
|
} hydro_random_context;
|
7
7
|
|
8
8
|
#if defined(AVR) && !defined(__unix__)
|
9
|
-
#include
|
10
|
-
|
11
|
-
static bool
|
12
|
-
hydro_random_rbit(uint16_t x)
|
13
|
-
{
|
14
|
-
uint8_t x8;
|
15
|
-
|
16
|
-
x8 = ((uint8_t)(x >> 8)) ^ (uint8_t) x;
|
17
|
-
x8 = (x8 >> 4) ^ (x8 & 0xf);
|
18
|
-
x8 = (x8 >> 2) ^ (x8 & 0x3);
|
19
|
-
x8 = (x8 >> 1) ^ x8;
|
20
|
-
|
21
|
-
return (bool) (x8 & 1);
|
22
|
-
}
|
23
|
-
|
24
|
-
static int
|
25
|
-
hydro_random_init(void)
|
26
|
-
{
|
27
|
-
const char ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
|
28
|
-
hydro_hash_state st;
|
29
|
-
uint16_t ebits = 0;
|
30
|
-
uint16_t tc;
|
31
|
-
bool a, b;
|
32
|
-
|
33
|
-
cli();
|
34
|
-
MCUSR = 0;
|
35
|
-
WDTCSR |= _BV(WDCE) | _BV(WDE);
|
36
|
-
WDTCSR = _BV(WDIE);
|
37
|
-
sei();
|
38
|
-
|
39
|
-
hydro_hash_init(&st, ctx, NULL);
|
40
|
-
|
41
|
-
while (ebits < 256) {
|
42
|
-
delay(1);
|
43
|
-
tc = TCNT1;
|
44
|
-
hydro_hash_update(&st, (const uint8_t *) &tc, sizeof tc);
|
45
|
-
a = hydro_random_rbit(tc);
|
46
|
-
delay(1);
|
47
|
-
tc = TCNT1;
|
48
|
-
b = hydro_random_rbit(tc);
|
49
|
-
hydro_hash_update(&st, (const uint8_t *) &tc, sizeof tc);
|
50
|
-
if (a == b) {
|
51
|
-
continue;
|
52
|
-
}
|
53
|
-
hydro_hash_update(&st, (const uint8_t *) &b, sizeof b);
|
54
|
-
ebits++;
|
55
|
-
}
|
56
|
-
|
57
|
-
cli();
|
58
|
-
MCUSR = 0;
|
59
|
-
WDTCSR |= _BV(WDCE) | _BV(WDE);
|
60
|
-
WDTCSR = 0;
|
61
|
-
sei();
|
62
|
-
|
63
|
-
hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
|
64
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
65
|
-
|
66
|
-
return 0;
|
67
|
-
}
|
68
|
-
|
69
|
-
ISR(WDT_vect) {}
|
70
|
-
|
9
|
+
# include "random/avr.h"
|
71
10
|
#elif (defined(ESP32) || defined(ESP8266)) && !defined(__unix__)
|
72
|
-
|
73
|
-
// Important: RF *must* be activated on ESP board
|
74
|
-
// https://techtutorialsx.com/2017/12/22/esp32-arduino-random-number-generation/
|
75
|
-
|
76
|
-
#include <esp_system.h>
|
77
|
-
|
78
|
-
static int
|
79
|
-
hydro_random_init(void)
|
80
|
-
{
|
81
|
-
const char ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
|
82
|
-
hydro_hash_state st;
|
83
|
-
uint16_t ebits = 0;
|
84
|
-
|
85
|
-
hydro_hash_init(&st, ctx, NULL);
|
86
|
-
|
87
|
-
while (ebits < 256) {
|
88
|
-
uint32_t r = esp_random();
|
89
|
-
|
90
|
-
delay(10);
|
91
|
-
hydro_hash_update(&st, (const uint32_t *) &r, sizeof r);
|
92
|
-
ebits += 32;
|
93
|
-
}
|
94
|
-
|
95
|
-
hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
|
96
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
97
|
-
|
98
|
-
return 0;
|
99
|
-
}
|
100
|
-
|
11
|
+
# include "random/esp32.h"
|
101
12
|
#elif defined(PARTICLE) && defined(PLATFORM_ID) && PLATFORM_ID > 2 && !defined(__unix__)
|
102
|
-
|
103
|
-
// Note: All particle platforms except for the Spark Core have a HW RNG. Only allow building on
|
104
|
-
// supported platforms for now. PLATFORM_ID definitions:
|
105
|
-
// https://github.com/particle-iot/device-os/blob/mesh-develop/hal/shared/platforms.h
|
106
|
-
|
107
|
-
#include "Particle.h"
|
108
|
-
|
109
|
-
static int
|
110
|
-
hydro_random_init(void)
|
111
|
-
{
|
112
|
-
const char ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
|
113
|
-
hydro_hash_state st;
|
114
|
-
uint16_t ebits = 0;
|
115
|
-
|
116
|
-
hydro_hash_init(&st, ctx, NULL);
|
117
|
-
|
118
|
-
while (ebits < 256) {
|
119
|
-
uint32_t r = HAL_RNG_GetRandomNumber();
|
120
|
-
hydro_hash_update(&st, (const uint32_t *) &r, sizeof r);
|
121
|
-
ebits += 32;
|
122
|
-
}
|
123
|
-
|
124
|
-
hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
|
125
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
126
|
-
|
127
|
-
return 0;
|
128
|
-
}
|
129
|
-
|
13
|
+
# include "random/particle.h"
|
130
14
|
#elif (defined(NRF52832_XXAA) || defined(NRF52832_XXAB)) && !defined(__unix__)
|
131
|
-
|
132
|
-
// Important: The SoftDevice *must* be activated to enable reading from the RNG
|
133
|
-
// http://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.nrf52832.ps.v1.1%2Frng.html
|
134
|
-
|
135
|
-
#include <nrf_soc.h>
|
136
|
-
|
137
|
-
static int
|
138
|
-
hydro_random_init(void)
|
139
|
-
{
|
140
|
-
const char ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
|
141
|
-
hydro_hash_state st;
|
142
|
-
const uint8_t total_bytes = 32;
|
143
|
-
uint8_t remaining_bytes = total_bytes;
|
144
|
-
uint8_t available_bytes;
|
145
|
-
uint8_t rand_buffer[32];
|
146
|
-
|
147
|
-
hydro_hash_init(&st, ctx, NULL);
|
148
|
-
|
149
|
-
for (;;) {
|
150
|
-
if (sd_rand_application_bytes_available_get(&available_bytes) != NRF_SUCCESS) {
|
151
|
-
return -1;
|
152
|
-
}
|
153
|
-
if (available_bytes > 0) {
|
154
|
-
if (available_bytes > remaining_bytes) {
|
155
|
-
available_bytes = remaining_bytes;
|
156
|
-
}
|
157
|
-
if (sd_rand_application_vector_get(rand_buffer, available_bytes) != NRF_SUCCESS) {
|
158
|
-
return -1;
|
159
|
-
}
|
160
|
-
hydro_hash_update(&st, rand_buffer, total_bytes);
|
161
|
-
remaining_bytes -= available_bytes;
|
162
|
-
}
|
163
|
-
if (remaining_bytes <= 0) {
|
164
|
-
break;
|
165
|
-
}
|
166
|
-
delay(10);
|
167
|
-
}
|
168
|
-
hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
|
169
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
170
|
-
|
171
|
-
return 0;
|
172
|
-
}
|
173
|
-
|
15
|
+
# include "random/nrf52832.h"
|
174
16
|
#elif defined(_WIN32)
|
175
|
-
|
176
|
-
#include <windows.h>
|
177
|
-
#define RtlGenRandom SystemFunction036
|
178
|
-
#if defined(__cplusplus)
|
179
|
-
extern "C"
|
180
|
-
#endif
|
181
|
-
BOOLEAN NTAPI
|
182
|
-
RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
|
183
|
-
#pragma comment(lib, "advapi32.lib")
|
184
|
-
|
185
|
-
static int
|
186
|
-
hydro_random_init(void)
|
187
|
-
{
|
188
|
-
if (!RtlGenRandom((PVOID) hydro_random_context.state,
|
189
|
-
(ULONG) sizeof hydro_random_context.state)) {
|
190
|
-
return -1;
|
191
|
-
}
|
192
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
193
|
-
|
194
|
-
return 0;
|
195
|
-
}
|
196
|
-
|
17
|
+
# include "random/windows.h"
|
197
18
|
#elif defined(__wasi__)
|
198
|
-
|
199
|
-
#include <unistd.h>
|
200
|
-
|
201
|
-
static int
|
202
|
-
hydro_random_init(void)
|
203
|
-
{
|
204
|
-
if (getentropy(hydro_random_context.state, sizeof hydro_random_context.state) != 0) {
|
205
|
-
return -1;
|
206
|
-
}
|
207
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
208
|
-
|
209
|
-
return 0;
|
210
|
-
}
|
211
|
-
|
19
|
+
# include "random/wasi.h"
|
212
20
|
#elif defined(__unix__)
|
213
|
-
|
214
|
-
#include <errno.h>
|
215
|
-
#include <fcntl.h>
|
216
|
-
#ifdef __linux__
|
217
|
-
#include <poll.h>
|
218
|
-
#endif
|
219
|
-
#include <sys/types.h>
|
220
|
-
#include <unistd.h>
|
221
|
-
|
222
|
-
#ifdef __linux__
|
223
|
-
static int
|
224
|
-
hydro_random_block_on_dev_random(void)
|
225
|
-
{
|
226
|
-
struct pollfd pfd;
|
227
|
-
int fd;
|
228
|
-
int pret;
|
229
|
-
|
230
|
-
fd = open("/dev/random", O_RDONLY);
|
231
|
-
if (fd == -1) {
|
232
|
-
return 0;
|
233
|
-
}
|
234
|
-
pfd.fd = fd;
|
235
|
-
pfd.events = POLLIN;
|
236
|
-
pfd.revents = 0;
|
237
|
-
do {
|
238
|
-
pret = poll(&pfd, 1, -1);
|
239
|
-
} while (pret < 0 && (errno == EINTR || errno == EAGAIN));
|
240
|
-
if (pret != 1) {
|
241
|
-
(void) close(fd);
|
242
|
-
errno = EIO;
|
243
|
-
return -1;
|
244
|
-
}
|
245
|
-
return close(fd);
|
246
|
-
}
|
247
|
-
#endif
|
248
|
-
|
249
|
-
static ssize_t
|
250
|
-
hydro_random_safe_read(const int fd, void *const buf_, size_t len)
|
251
|
-
{
|
252
|
-
unsigned char *buf = (unsigned char *) buf_;
|
253
|
-
ssize_t readnb;
|
254
|
-
|
255
|
-
do {
|
256
|
-
while ((readnb = read(fd, buf, len)) < (ssize_t) 0 && (errno == EINTR || errno == EAGAIN)) {
|
257
|
-
}
|
258
|
-
if (readnb < (ssize_t) 0) {
|
259
|
-
return readnb;
|
260
|
-
}
|
261
|
-
if (readnb == (ssize_t) 0) {
|
262
|
-
break;
|
263
|
-
}
|
264
|
-
len -= (size_t) readnb;
|
265
|
-
buf += readnb;
|
266
|
-
} while (len > (ssize_t) 0);
|
267
|
-
|
268
|
-
return (ssize_t)(buf - (unsigned char *) buf_);
|
269
|
-
}
|
270
|
-
|
271
|
-
static int
|
272
|
-
hydro_random_init(void)
|
273
|
-
{
|
274
|
-
uint8_t tmp[gimli_BLOCKBYTES + 8];
|
275
|
-
int fd;
|
276
|
-
int ret = -1;
|
277
|
-
|
278
|
-
#ifdef __linux__
|
279
|
-
if (hydro_random_block_on_dev_random() != 0) {
|
280
|
-
return -1;
|
281
|
-
}
|
282
|
-
#endif
|
283
|
-
do {
|
284
|
-
fd = open("/dev/urandom", O_RDONLY);
|
285
|
-
if (fd == -1 && errno != EINTR) {
|
286
|
-
return -1;
|
287
|
-
}
|
288
|
-
} while (fd == -1);
|
289
|
-
if (hydro_random_safe_read(fd, tmp, sizeof tmp) == (ssize_t) sizeof tmp) {
|
290
|
-
memcpy(hydro_random_context.state, tmp, gimli_BLOCKBYTES);
|
291
|
-
memcpy(&hydro_random_context.counter, tmp + gimli_BLOCKBYTES, 8);
|
292
|
-
hydro_memzero(tmp, sizeof tmp);
|
293
|
-
ret = 0;
|
294
|
-
}
|
295
|
-
ret |= close(fd);
|
296
|
-
|
297
|
-
return ret;
|
298
|
-
}
|
299
|
-
|
21
|
+
# include "random/unix.h"
|
300
22
|
#elif defined(TARGET_LIKE_MBED)
|
301
|
-
|
302
|
-
#
|
303
|
-
#include
|
304
|
-
|
305
|
-
#
|
306
|
-
|
307
|
-
|
308
|
-
hydro_random_init(void)
|
309
|
-
{
|
310
|
-
mbedtls_entropy_context entropy;
|
311
|
-
uint16_t pos = 0;
|
312
|
-
|
313
|
-
mbedtls_entropy_init(&entropy);
|
314
|
-
|
315
|
-
// Pull data directly out of the entropy pool for the state, as it's small enough.
|
316
|
-
if (mbedtls_entropy_func(&entropy, (uint8_t *) &hydro_random_context.counter,
|
317
|
-
sizeof hydro_random_context.counter) != 0) {
|
318
|
-
return -1;
|
319
|
-
}
|
320
|
-
// mbedtls_entropy_func can't provide more than MBEDTLS_ENTROPY_BLOCK_SIZE in one go.
|
321
|
-
// This constant depends of mbedTLS configuration (whether the PRNG is backed by SHA256/SHA512
|
322
|
-
// at this time) Therefore, if necessary, we get entropy multiple times.
|
323
|
-
|
324
|
-
do {
|
325
|
-
const uint8_t dataLeftToConsume = gimli_BLOCKBYTES - pos;
|
326
|
-
const uint8_t currentChunkSize = (dataLeftToConsume > MBEDTLS_ENTROPY_BLOCK_SIZE)
|
327
|
-
? MBEDTLS_ENTROPY_BLOCK_SIZE
|
328
|
-
: dataLeftToConsume;
|
329
|
-
|
330
|
-
// Forces mbedTLS to fetch fresh entropy, then get some to feed libhydrogen.
|
331
|
-
if (mbedtls_entropy_gather(&entropy) != 0 ||
|
332
|
-
mbedtls_entropy_func(&entropy, &hydro_random_context.state[pos], currentChunkSize) !=
|
333
|
-
0) {
|
334
|
-
return -1;
|
335
|
-
}
|
336
|
-
pos += MBEDTLS_ENTROPY_BLOCK_SIZE;
|
337
|
-
} while (pos < gimli_BLOCKBYTES);
|
338
|
-
|
339
|
-
mbedtls_entropy_free(&entropy);
|
340
|
-
|
341
|
-
return 0;
|
342
|
-
}
|
343
|
-
|
344
|
-
#else
|
345
|
-
#error Need an entropy source
|
346
|
-
#endif
|
347
|
-
|
23
|
+
# include "random/mbed.h"
|
24
|
+
#elif defined(RIOT_VERSION)
|
25
|
+
# include "random/riot.h"
|
26
|
+
#elif defined(STM32F4)
|
27
|
+
# include "random/stm32.h"
|
28
|
+
#elif defined(__RTTHREAD__)
|
29
|
+
# include "random/rtthread.h"
|
348
30
|
#else
|
349
|
-
#error Unsupported platform
|
31
|
+
# error Unsupported platform
|
350
32
|
#endif
|
351
33
|
|
352
34
|
static void
|
353
|
-
|
35
|
+
hydro_random_ensure_initialized(void)
|
354
36
|
{
|
355
37
|
if (hydro_random_context.initialized == 0) {
|
356
38
|
if (hydro_random_init() != 0) {
|
@@ -377,7 +59,7 @@ hydro_random_u32(void)
|
|
377
59
|
{
|
378
60
|
uint32_t v;
|
379
61
|
|
380
|
-
|
62
|
+
hydro_random_ensure_initialized();
|
381
63
|
if (hydro_random_context.available < 4) {
|
382
64
|
hydro_random_ratchet();
|
383
65
|
}
|
@@ -413,7 +95,7 @@ hydro_random_buf(void *out, size_t out_len)
|
|
413
95
|
size_t i;
|
414
96
|
size_t leftover;
|
415
97
|
|
416
|
-
|
98
|
+
hydro_random_ensure_initialized();
|
417
99
|
for (i = 0; i < out_len / gimli_RATE; i++) {
|
418
100
|
gimli_core_u8(hydro_random_context.state, 0);
|
419
101
|
memcpy(p + i * gimli_RATE, hydro_random_context.state, gimli_RATE);
|
@@ -461,5 +143,5 @@ void
|
|
461
143
|
hydro_random_reseed(void)
|
462
144
|
{
|
463
145
|
hydro_random_context.initialized = 0;
|
464
|
-
|
146
|
+
hydro_random_ensure_initialized();
|
465
147
|
}
|
@@ -1,6 +1,6 @@
|
|
1
1
|
#define hydro_sign_CHALLENGEBYTES 32
|
2
|
-
#define hydro_sign_NONCEBYTES
|
3
|
-
#define hydro_sign_PREHASHBYTES
|
2
|
+
#define hydro_sign_NONCEBYTES 32
|
3
|
+
#define hydro_sign_PREHASHBYTES 64
|
4
4
|
|
5
5
|
static void
|
6
6
|
hydro_sign_p2(uint8_t sig[hydro_x25519_BYTES], const uint8_t challenge[hydro_sign_CHALLENGEBYTES],
|
@@ -15,13 +15,13 @@ typedef uint64_t hydro_x25519_limb_t;
|
|
15
15
|
typedef __uint128_t hydro_x25519_dlimb_t;
|
16
16
|
typedef __int128_t hydro_x25519_sdlimb_t;
|
17
17
|
#define hydro_x25519_eswap_limb(X) LOAD64_LE((const uint8_t *) &(X))
|
18
|
-
#define hydro_x25519_LIMB(x)
|
18
|
+
#define hydro_x25519_LIMB(x) x##ull
|
19
19
|
#elif hydro_x25519_WBITS == 32
|
20
20
|
typedef uint32_t hydro_x25519_limb_t;
|
21
21
|
typedef uint64_t hydro_x25519_dlimb_t;
|
22
22
|
typedef int64_t hydro_x25519_sdlimb_t;
|
23
23
|
#define hydro_x25519_eswap_limb(X) LOAD32_LE((const uint8_t *) &(X))
|
24
|
-
#define hydro_x25519_LIMB(x)
|
24
|
+
#define hydro_x25519_LIMB(x) (uint32_t)(x##ull), (uint32_t) ((x##ull) >> 32)
|
25
25
|
#else
|
26
26
|
#error "Need to know hydro_x25519_WBITS"
|
27
27
|
#endif
|
@@ -109,10 +109,10 @@ hydro_x25519_sub(hydro_x25519_fe out, const hydro_x25519_fe a, const hydro_x2551
|
|
109
109
|
int i;
|
110
110
|
|
111
111
|
for (i = 0; i < hydro_x25519_NLIMBS; i++) {
|
112
|
-
out[i] = (hydro_x25519_limb_t)(carry = carry + a[i] - b[i]);
|
112
|
+
out[i] = (hydro_x25519_limb_t) (carry = carry + a[i] - b[i]);
|
113
113
|
carry >>= hydro_x25519_WBITS;
|
114
114
|
}
|
115
|
-
hydro_x25519_propagate(out, (hydro_x25519_limb_t)(1 + carry));
|
115
|
+
hydro_x25519_propagate(out, (hydro_x25519_limb_t) (1 + carry));
|
116
116
|
}
|
117
117
|
|
118
118
|
static void
|
@@ -138,15 +138,17 @@ hydro_x25519_swapout(uint8_t *out, hydro_x25519_limb_t *x)
|
|
138
138
|
}
|
139
139
|
|
140
140
|
static void
|
141
|
-
hydro_x25519_mul(hydro_x25519_fe out, const hydro_x25519_fe a, const
|
141
|
+
hydro_x25519_mul(hydro_x25519_fe out, const hydro_x25519_fe a, const hydro_x25519_limb_t b[],
|
142
|
+
const int nb)
|
142
143
|
{
|
143
144
|
hydro_x25519_limb_t accum[2 * hydro_x25519_NLIMBS] = { 0 };
|
144
145
|
hydro_x25519_limb_t carry2;
|
145
146
|
int i, j;
|
146
147
|
|
147
148
|
for (i = 0; i < nb; i++) {
|
148
|
-
carry2 = 0;
|
149
149
|
hydro_x25519_limb_t mand = b[i];
|
150
|
+
carry2 = 0;
|
151
|
+
|
150
152
|
for (j = 0; j < hydro_x25519_NLIMBS; j++) {
|
151
153
|
accum[i + j] = hydro_x25519_umaal(&carry2, accum[i + j], mand, a[j]);
|
152
154
|
}
|
@@ -207,7 +209,7 @@ hydro_x25519_canon(hydro_x25519_fe x)
|
|
207
209
|
carry = -19;
|
208
210
|
res = 0;
|
209
211
|
for (i = 0; i < hydro_x25519_NLIMBS; i++) {
|
210
|
-
res |= x[i] = (hydro_x25519_limb_t)(carry += x[i]);
|
212
|
+
res |= x[i] = (hydro_x25519_limb_t) (carry += x[i]);
|
211
213
|
carry >>= hydro_x25519_WBITS;
|
212
214
|
}
|
213
215
|
return ((hydro_x25519_dlimb_t) res - 1) >> hydro_x25519_WBITS;
|
@@ -218,17 +220,17 @@ hydro_x25519_ladder_part1(hydro_x25519_fe xs[5])
|
|
218
220
|
{
|
219
221
|
hydro_x25519_limb_t *x2 = xs[0], *z2 = xs[1], *x3 = xs[2], *z3 = xs[3], *t1 = xs[4];
|
220
222
|
|
221
|
-
hydro_x25519_add(t1, x2, z2);
|
222
|
-
hydro_x25519_sub(z2, x2, z2);
|
223
|
-
hydro_x25519_add(x2, x3, z3);
|
224
|
-
hydro_x25519_sub(z3, x3, z3);
|
225
|
-
hydro_x25519_mul1(z3, t1);
|
226
|
-
hydro_x25519_mul1(x2, z2);
|
227
|
-
hydro_x25519_add(x3, z3, x2);
|
228
|
-
hydro_x25519_sub(z3, z3, x2);
|
229
|
-
hydro_x25519_sqr1(t1);
|
230
|
-
hydro_x25519_sqr1(z2);
|
231
|
-
hydro_x25519_sub(x2, t1, z2);
|
223
|
+
hydro_x25519_add(t1, x2, z2); // t1 = A
|
224
|
+
hydro_x25519_sub(z2, x2, z2); // z2 = B
|
225
|
+
hydro_x25519_add(x2, x3, z3); // x2 = C
|
226
|
+
hydro_x25519_sub(z3, x3, z3); // z3 = D
|
227
|
+
hydro_x25519_mul1(z3, t1); // z3 = DA
|
228
|
+
hydro_x25519_mul1(x2, z2); // x3 = BC
|
229
|
+
hydro_x25519_add(x3, z3, x2); // x3 = DA+CB
|
230
|
+
hydro_x25519_sub(z3, z3, x2); // z3 = DA-CB
|
231
|
+
hydro_x25519_sqr1(t1); // t1 = AA
|
232
|
+
hydro_x25519_sqr1(z2); // z2 = BB
|
233
|
+
hydro_x25519_sub(x2, t1, z2); // x2 = E = AA-BB
|
232
234
|
hydro_x25519_mul(z2, x2, hydro_x25519_a24, // z2 = E*a24
|
233
235
|
sizeof(hydro_x25519_a24) / sizeof(hydro_x25519_a24[0]));
|
234
236
|
hydro_x25519_add(z2, z2, t1); // z2 = E*a24 + AA
|
@@ -275,7 +277,7 @@ hydro_x25519_core(hydro_x25519_fe xs[5], const uint8_t scalar[hydro_x25519_BYTES
|
|
275
277
|
bytei |= 0x40;
|
276
278
|
}
|
277
279
|
}
|
278
|
-
doswap = 1U + ~(hydro_x25519_limb_t)((bytei >> (i % 8)) & 1);
|
280
|
+
doswap = 1U + ~(hydro_x25519_limb_t) ((bytei >> (i % 8)) & 1);
|
279
281
|
hydro_x25519_condswap(x2, x3, swap ^ doswap);
|
280
282
|
swap = doswap;
|
281
283
|
hydro_x25519_ladder_part1(xs);
|
@@ -372,7 +374,7 @@ hydro_x25519_sc_montmul(hydro_x25519_scalar_t out, const hydro_x25519_scalar_t a
|
|
372
374
|
/* Reduce */
|
373
375
|
hydro_x25519_sdlimb_t scarry = 0;
|
374
376
|
for (i = 0; i < hydro_x25519_NLIMBS; i++) {
|
375
|
-
out[i] = (hydro_x25519_limb_t)(scarry = scarry + out[i] - hydro_x25519_sc_p[i]);
|
377
|
+
out[i] = (hydro_x25519_limb_t) (scarry = scarry + out[i] - hydro_x25519_sc_p[i]);
|
376
378
|
scarry >>= hydro_x25519_WBITS;
|
377
379
|
}
|
378
380
|
hydro_x25519_limb_t need_add = (hydro_x25519_limb_t) - (scarry + hic);
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dualcone
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tom Richards
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-05-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: climate_control
|
@@ -109,7 +109,35 @@ dependencies:
|
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
|
-
name:
|
112
|
+
name: rubocop-performance
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rubocop-rake
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rubocop-rspec
|
113
141
|
requirement: !ruby/object:Gem::Requirement
|
114
142
|
requirements:
|
115
143
|
- - ">="
|
@@ -155,15 +183,27 @@ files:
|
|
155
183
|
- vendor/libhydrogen/impl/kx.h
|
156
184
|
- vendor/libhydrogen/impl/pwhash.h
|
157
185
|
- vendor/libhydrogen/impl/random.h
|
186
|
+
- vendor/libhydrogen/impl/random/avr.h
|
187
|
+
- vendor/libhydrogen/impl/random/esp32.h
|
188
|
+
- vendor/libhydrogen/impl/random/mbed.h
|
189
|
+
- vendor/libhydrogen/impl/random/nrf52832.h
|
190
|
+
- vendor/libhydrogen/impl/random/particle.h
|
191
|
+
- vendor/libhydrogen/impl/random/riot.h
|
192
|
+
- vendor/libhydrogen/impl/random/rtthread.h
|
193
|
+
- vendor/libhydrogen/impl/random/stm32.h
|
194
|
+
- vendor/libhydrogen/impl/random/unix.h
|
195
|
+
- vendor/libhydrogen/impl/random/wasi.h
|
196
|
+
- vendor/libhydrogen/impl/random/windows.h
|
158
197
|
- vendor/libhydrogen/impl/secretbox.h
|
159
198
|
- vendor/libhydrogen/impl/sign.h
|
160
199
|
- vendor/libhydrogen/impl/x25519.h
|
161
200
|
homepage: https://github.com/t-richards/dualcone
|
162
201
|
licenses:
|
163
|
-
-
|
202
|
+
- ISC
|
164
203
|
metadata:
|
165
204
|
homepage_uri: https://github.com/t-richards/dualcone
|
166
205
|
source_code_uri: https://github.com/t-richards/dualcone
|
206
|
+
rubygems_mfa_required: 'true'
|
167
207
|
post_install_message:
|
168
208
|
rdoc_options: []
|
169
209
|
require_paths:
|
@@ -172,14 +212,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
172
212
|
requirements:
|
173
213
|
- - ">="
|
174
214
|
- !ruby/object:Gem::Version
|
175
|
-
version: 2.
|
215
|
+
version: 2.5.0
|
176
216
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
177
217
|
requirements:
|
178
218
|
- - ">="
|
179
219
|
- !ruby/object:Gem::Version
|
180
220
|
version: '0'
|
181
221
|
requirements: []
|
182
|
-
rubygems_version: 3.
|
222
|
+
rubygems_version: 3.3.8
|
183
223
|
signing_key:
|
184
224
|
specification_version: 4
|
185
225
|
summary: A Ruby source code protection system.
|