dualcone 0.0.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.txt +12 -18
- data/README.md +10 -17
- data/ext/dualcone/dualcone.c +45 -5
- data/ext/dualcone/extconf.rb +9 -8
- data/lib/dualcone/version.rb +1 -1
- data/vendor/libhydrogen/LICENSE +1 -1
- data/vendor/libhydrogen/Makefile +1 -1
- data/vendor/libhydrogen/README.md +3 -1
- data/vendor/libhydrogen/hydrogen.c +2 -1
- data/vendor/libhydrogen/hydrogen.h +24 -24
- data/vendor/libhydrogen/impl/common.h +3 -3
- data/vendor/libhydrogen/impl/core.h +2 -4
- data/vendor/libhydrogen/impl/gimli-core/sse2.h +1 -1
- data/vendor/libhydrogen/impl/hash.h +6 -6
- data/vendor/libhydrogen/impl/hydrogen_p.h +12 -12
- data/vendor/libhydrogen/impl/pwhash.h +6 -6
- data/vendor/libhydrogen/impl/random/avr.h +61 -0
- data/vendor/libhydrogen/impl/random/esp32.h +32 -0
- data/vendor/libhydrogen/impl/random/mbed.h +44 -0
- data/vendor/libhydrogen/impl/random/nrf52832.h +41 -0
- data/vendor/libhydrogen/impl/random/particle.h +26 -0
- data/vendor/libhydrogen/impl/random/riot.h +10 -0
- data/vendor/libhydrogen/impl/random/rtthread.h +37 -0
- data/vendor/libhydrogen/impl/random/stm32.h +47 -0
- data/vendor/libhydrogen/impl/random/unix.h +85 -0
- data/vendor/libhydrogen/impl/random/wasi.h +12 -0
- data/vendor/libhydrogen/impl/random/windows.h +20 -0
- data/vendor/libhydrogen/impl/random.h +19 -337
- data/vendor/libhydrogen/impl/secretbox.h +1 -1
- data/vendor/libhydrogen/impl/sign.h +2 -2
- data/vendor/libhydrogen/impl/x25519.h +22 -20
- metadata +46 -6
@@ -6,351 +6,33 @@ static TLS struct {
|
|
6
6
|
} hydro_random_context;
|
7
7
|
|
8
8
|
#if defined(AVR) && !defined(__unix__)
|
9
|
-
#include
|
10
|
-
|
11
|
-
static bool
|
12
|
-
hydro_random_rbit(uint16_t x)
|
13
|
-
{
|
14
|
-
uint8_t x8;
|
15
|
-
|
16
|
-
x8 = ((uint8_t)(x >> 8)) ^ (uint8_t) x;
|
17
|
-
x8 = (x8 >> 4) ^ (x8 & 0xf);
|
18
|
-
x8 = (x8 >> 2) ^ (x8 & 0x3);
|
19
|
-
x8 = (x8 >> 1) ^ x8;
|
20
|
-
|
21
|
-
return (bool) (x8 & 1);
|
22
|
-
}
|
23
|
-
|
24
|
-
static int
|
25
|
-
hydro_random_init(void)
|
26
|
-
{
|
27
|
-
const char ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
|
28
|
-
hydro_hash_state st;
|
29
|
-
uint16_t ebits = 0;
|
30
|
-
uint16_t tc;
|
31
|
-
bool a, b;
|
32
|
-
|
33
|
-
cli();
|
34
|
-
MCUSR = 0;
|
35
|
-
WDTCSR |= _BV(WDCE) | _BV(WDE);
|
36
|
-
WDTCSR = _BV(WDIE);
|
37
|
-
sei();
|
38
|
-
|
39
|
-
hydro_hash_init(&st, ctx, NULL);
|
40
|
-
|
41
|
-
while (ebits < 256) {
|
42
|
-
delay(1);
|
43
|
-
tc = TCNT1;
|
44
|
-
hydro_hash_update(&st, (const uint8_t *) &tc, sizeof tc);
|
45
|
-
a = hydro_random_rbit(tc);
|
46
|
-
delay(1);
|
47
|
-
tc = TCNT1;
|
48
|
-
b = hydro_random_rbit(tc);
|
49
|
-
hydro_hash_update(&st, (const uint8_t *) &tc, sizeof tc);
|
50
|
-
if (a == b) {
|
51
|
-
continue;
|
52
|
-
}
|
53
|
-
hydro_hash_update(&st, (const uint8_t *) &b, sizeof b);
|
54
|
-
ebits++;
|
55
|
-
}
|
56
|
-
|
57
|
-
cli();
|
58
|
-
MCUSR = 0;
|
59
|
-
WDTCSR |= _BV(WDCE) | _BV(WDE);
|
60
|
-
WDTCSR = 0;
|
61
|
-
sei();
|
62
|
-
|
63
|
-
hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
|
64
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
65
|
-
|
66
|
-
return 0;
|
67
|
-
}
|
68
|
-
|
69
|
-
ISR(WDT_vect) {}
|
70
|
-
|
9
|
+
# include "random/avr.h"
|
71
10
|
#elif (defined(ESP32) || defined(ESP8266)) && !defined(__unix__)
|
72
|
-
|
73
|
-
// Important: RF *must* be activated on ESP board
|
74
|
-
// https://techtutorialsx.com/2017/12/22/esp32-arduino-random-number-generation/
|
75
|
-
|
76
|
-
#include <esp_system.h>
|
77
|
-
|
78
|
-
static int
|
79
|
-
hydro_random_init(void)
|
80
|
-
{
|
81
|
-
const char ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
|
82
|
-
hydro_hash_state st;
|
83
|
-
uint16_t ebits = 0;
|
84
|
-
|
85
|
-
hydro_hash_init(&st, ctx, NULL);
|
86
|
-
|
87
|
-
while (ebits < 256) {
|
88
|
-
uint32_t r = esp_random();
|
89
|
-
|
90
|
-
delay(10);
|
91
|
-
hydro_hash_update(&st, (const uint32_t *) &r, sizeof r);
|
92
|
-
ebits += 32;
|
93
|
-
}
|
94
|
-
|
95
|
-
hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
|
96
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
97
|
-
|
98
|
-
return 0;
|
99
|
-
}
|
100
|
-
|
11
|
+
# include "random/esp32.h"
|
101
12
|
#elif defined(PARTICLE) && defined(PLATFORM_ID) && PLATFORM_ID > 2 && !defined(__unix__)
|
102
|
-
|
103
|
-
// Note: All particle platforms except for the Spark Core have a HW RNG. Only allow building on
|
104
|
-
// supported platforms for now. PLATFORM_ID definitions:
|
105
|
-
// https://github.com/particle-iot/device-os/blob/mesh-develop/hal/shared/platforms.h
|
106
|
-
|
107
|
-
#include "Particle.h"
|
108
|
-
|
109
|
-
static int
|
110
|
-
hydro_random_init(void)
|
111
|
-
{
|
112
|
-
const char ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
|
113
|
-
hydro_hash_state st;
|
114
|
-
uint16_t ebits = 0;
|
115
|
-
|
116
|
-
hydro_hash_init(&st, ctx, NULL);
|
117
|
-
|
118
|
-
while (ebits < 256) {
|
119
|
-
uint32_t r = HAL_RNG_GetRandomNumber();
|
120
|
-
hydro_hash_update(&st, (const uint32_t *) &r, sizeof r);
|
121
|
-
ebits += 32;
|
122
|
-
}
|
123
|
-
|
124
|
-
hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
|
125
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
126
|
-
|
127
|
-
return 0;
|
128
|
-
}
|
129
|
-
|
13
|
+
# include "random/particle.h"
|
130
14
|
#elif (defined(NRF52832_XXAA) || defined(NRF52832_XXAB)) && !defined(__unix__)
|
131
|
-
|
132
|
-
// Important: The SoftDevice *must* be activated to enable reading from the RNG
|
133
|
-
// http://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.nrf52832.ps.v1.1%2Frng.html
|
134
|
-
|
135
|
-
#include <nrf_soc.h>
|
136
|
-
|
137
|
-
static int
|
138
|
-
hydro_random_init(void)
|
139
|
-
{
|
140
|
-
const char ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
|
141
|
-
hydro_hash_state st;
|
142
|
-
const uint8_t total_bytes = 32;
|
143
|
-
uint8_t remaining_bytes = total_bytes;
|
144
|
-
uint8_t available_bytes;
|
145
|
-
uint8_t rand_buffer[32];
|
146
|
-
|
147
|
-
hydro_hash_init(&st, ctx, NULL);
|
148
|
-
|
149
|
-
for (;;) {
|
150
|
-
if (sd_rand_application_bytes_available_get(&available_bytes) != NRF_SUCCESS) {
|
151
|
-
return -1;
|
152
|
-
}
|
153
|
-
if (available_bytes > 0) {
|
154
|
-
if (available_bytes > remaining_bytes) {
|
155
|
-
available_bytes = remaining_bytes;
|
156
|
-
}
|
157
|
-
if (sd_rand_application_vector_get(rand_buffer, available_bytes) != NRF_SUCCESS) {
|
158
|
-
return -1;
|
159
|
-
}
|
160
|
-
hydro_hash_update(&st, rand_buffer, total_bytes);
|
161
|
-
remaining_bytes -= available_bytes;
|
162
|
-
}
|
163
|
-
if (remaining_bytes <= 0) {
|
164
|
-
break;
|
165
|
-
}
|
166
|
-
delay(10);
|
167
|
-
}
|
168
|
-
hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
|
169
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
170
|
-
|
171
|
-
return 0;
|
172
|
-
}
|
173
|
-
|
15
|
+
# include "random/nrf52832.h"
|
174
16
|
#elif defined(_WIN32)
|
175
|
-
|
176
|
-
#include <windows.h>
|
177
|
-
#define RtlGenRandom SystemFunction036
|
178
|
-
#if defined(__cplusplus)
|
179
|
-
extern "C"
|
180
|
-
#endif
|
181
|
-
BOOLEAN NTAPI
|
182
|
-
RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
|
183
|
-
#pragma comment(lib, "advapi32.lib")
|
184
|
-
|
185
|
-
static int
|
186
|
-
hydro_random_init(void)
|
187
|
-
{
|
188
|
-
if (!RtlGenRandom((PVOID) hydro_random_context.state,
|
189
|
-
(ULONG) sizeof hydro_random_context.state)) {
|
190
|
-
return -1;
|
191
|
-
}
|
192
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
193
|
-
|
194
|
-
return 0;
|
195
|
-
}
|
196
|
-
|
17
|
+
# include "random/windows.h"
|
197
18
|
#elif defined(__wasi__)
|
198
|
-
|
199
|
-
#include <unistd.h>
|
200
|
-
|
201
|
-
static int
|
202
|
-
hydro_random_init(void)
|
203
|
-
{
|
204
|
-
if (getentropy(hydro_random_context.state, sizeof hydro_random_context.state) != 0) {
|
205
|
-
return -1;
|
206
|
-
}
|
207
|
-
hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
|
208
|
-
|
209
|
-
return 0;
|
210
|
-
}
|
211
|
-
|
19
|
+
# include "random/wasi.h"
|
212
20
|
#elif defined(__unix__)
|
213
|
-
|
214
|
-
#include <errno.h>
|
215
|
-
#include <fcntl.h>
|
216
|
-
#ifdef __linux__
|
217
|
-
#include <poll.h>
|
218
|
-
#endif
|
219
|
-
#include <sys/types.h>
|
220
|
-
#include <unistd.h>
|
221
|
-
|
222
|
-
#ifdef __linux__
|
223
|
-
static int
|
224
|
-
hydro_random_block_on_dev_random(void)
|
225
|
-
{
|
226
|
-
struct pollfd pfd;
|
227
|
-
int fd;
|
228
|
-
int pret;
|
229
|
-
|
230
|
-
fd = open("/dev/random", O_RDONLY);
|
231
|
-
if (fd == -1) {
|
232
|
-
return 0;
|
233
|
-
}
|
234
|
-
pfd.fd = fd;
|
235
|
-
pfd.events = POLLIN;
|
236
|
-
pfd.revents = 0;
|
237
|
-
do {
|
238
|
-
pret = poll(&pfd, 1, -1);
|
239
|
-
} while (pret < 0 && (errno == EINTR || errno == EAGAIN));
|
240
|
-
if (pret != 1) {
|
241
|
-
(void) close(fd);
|
242
|
-
errno = EIO;
|
243
|
-
return -1;
|
244
|
-
}
|
245
|
-
return close(fd);
|
246
|
-
}
|
247
|
-
#endif
|
248
|
-
|
249
|
-
static ssize_t
|
250
|
-
hydro_random_safe_read(const int fd, void *const buf_, size_t len)
|
251
|
-
{
|
252
|
-
unsigned char *buf = (unsigned char *) buf_;
|
253
|
-
ssize_t readnb;
|
254
|
-
|
255
|
-
do {
|
256
|
-
while ((readnb = read(fd, buf, len)) < (ssize_t) 0 && (errno == EINTR || errno == EAGAIN)) {
|
257
|
-
}
|
258
|
-
if (readnb < (ssize_t) 0) {
|
259
|
-
return readnb;
|
260
|
-
}
|
261
|
-
if (readnb == (ssize_t) 0) {
|
262
|
-
break;
|
263
|
-
}
|
264
|
-
len -= (size_t) readnb;
|
265
|
-
buf += readnb;
|
266
|
-
} while (len > (ssize_t) 0);
|
267
|
-
|
268
|
-
return (ssize_t)(buf - (unsigned char *) buf_);
|
269
|
-
}
|
270
|
-
|
271
|
-
static int
|
272
|
-
hydro_random_init(void)
|
273
|
-
{
|
274
|
-
uint8_t tmp[gimli_BLOCKBYTES + 8];
|
275
|
-
int fd;
|
276
|
-
int ret = -1;
|
277
|
-
|
278
|
-
#ifdef __linux__
|
279
|
-
if (hydro_random_block_on_dev_random() != 0) {
|
280
|
-
return -1;
|
281
|
-
}
|
282
|
-
#endif
|
283
|
-
do {
|
284
|
-
fd = open("/dev/urandom", O_RDONLY);
|
285
|
-
if (fd == -1 && errno != EINTR) {
|
286
|
-
return -1;
|
287
|
-
}
|
288
|
-
} while (fd == -1);
|
289
|
-
if (hydro_random_safe_read(fd, tmp, sizeof tmp) == (ssize_t) sizeof tmp) {
|
290
|
-
memcpy(hydro_random_context.state, tmp, gimli_BLOCKBYTES);
|
291
|
-
memcpy(&hydro_random_context.counter, tmp + gimli_BLOCKBYTES, 8);
|
292
|
-
hydro_memzero(tmp, sizeof tmp);
|
293
|
-
ret = 0;
|
294
|
-
}
|
295
|
-
ret |= close(fd);
|
296
|
-
|
297
|
-
return ret;
|
298
|
-
}
|
299
|
-
|
21
|
+
# include "random/unix.h"
|
300
22
|
#elif defined(TARGET_LIKE_MBED)
|
301
|
-
|
302
|
-
#
|
303
|
-
#include
|
304
|
-
|
305
|
-
#
|
306
|
-
|
307
|
-
|
308
|
-
hydro_random_init(void)
|
309
|
-
{
|
310
|
-
mbedtls_entropy_context entropy;
|
311
|
-
uint16_t pos = 0;
|
312
|
-
|
313
|
-
mbedtls_entropy_init(&entropy);
|
314
|
-
|
315
|
-
// Pull data directly out of the entropy pool for the state, as it's small enough.
|
316
|
-
if (mbedtls_entropy_func(&entropy, (uint8_t *) &hydro_random_context.counter,
|
317
|
-
sizeof hydro_random_context.counter) != 0) {
|
318
|
-
return -1;
|
319
|
-
}
|
320
|
-
// mbedtls_entropy_func can't provide more than MBEDTLS_ENTROPY_BLOCK_SIZE in one go.
|
321
|
-
// This constant depends of mbedTLS configuration (whether the PRNG is backed by SHA256/SHA512
|
322
|
-
// at this time) Therefore, if necessary, we get entropy multiple times.
|
323
|
-
|
324
|
-
do {
|
325
|
-
const uint8_t dataLeftToConsume = gimli_BLOCKBYTES - pos;
|
326
|
-
const uint8_t currentChunkSize = (dataLeftToConsume > MBEDTLS_ENTROPY_BLOCK_SIZE)
|
327
|
-
? MBEDTLS_ENTROPY_BLOCK_SIZE
|
328
|
-
: dataLeftToConsume;
|
329
|
-
|
330
|
-
// Forces mbedTLS to fetch fresh entropy, then get some to feed libhydrogen.
|
331
|
-
if (mbedtls_entropy_gather(&entropy) != 0 ||
|
332
|
-
mbedtls_entropy_func(&entropy, &hydro_random_context.state[pos], currentChunkSize) !=
|
333
|
-
0) {
|
334
|
-
return -1;
|
335
|
-
}
|
336
|
-
pos += MBEDTLS_ENTROPY_BLOCK_SIZE;
|
337
|
-
} while (pos < gimli_BLOCKBYTES);
|
338
|
-
|
339
|
-
mbedtls_entropy_free(&entropy);
|
340
|
-
|
341
|
-
return 0;
|
342
|
-
}
|
343
|
-
|
344
|
-
#else
|
345
|
-
#error Need an entropy source
|
346
|
-
#endif
|
347
|
-
|
23
|
+
# include "random/mbed.h"
|
24
|
+
#elif defined(RIOT_VERSION)
|
25
|
+
# include "random/riot.h"
|
26
|
+
#elif defined(STM32F4)
|
27
|
+
# include "random/stm32.h"
|
28
|
+
#elif defined(__RTTHREAD__)
|
29
|
+
# include "random/rtthread.h"
|
348
30
|
#else
|
349
|
-
#error Unsupported platform
|
31
|
+
# error Unsupported platform
|
350
32
|
#endif
|
351
33
|
|
352
34
|
static void
|
353
|
-
|
35
|
+
hydro_random_ensure_initialized(void)
|
354
36
|
{
|
355
37
|
if (hydro_random_context.initialized == 0) {
|
356
38
|
if (hydro_random_init() != 0) {
|
@@ -377,7 +59,7 @@ hydro_random_u32(void)
|
|
377
59
|
{
|
378
60
|
uint32_t v;
|
379
61
|
|
380
|
-
|
62
|
+
hydro_random_ensure_initialized();
|
381
63
|
if (hydro_random_context.available < 4) {
|
382
64
|
hydro_random_ratchet();
|
383
65
|
}
|
@@ -413,7 +95,7 @@ hydro_random_buf(void *out, size_t out_len)
|
|
413
95
|
size_t i;
|
414
96
|
size_t leftover;
|
415
97
|
|
416
|
-
|
98
|
+
hydro_random_ensure_initialized();
|
417
99
|
for (i = 0; i < out_len / gimli_RATE; i++) {
|
418
100
|
gimli_core_u8(hydro_random_context.state, 0);
|
419
101
|
memcpy(p + i * gimli_RATE, hydro_random_context.state, gimli_RATE);
|
@@ -461,5 +143,5 @@ void
|
|
461
143
|
hydro_random_reseed(void)
|
462
144
|
{
|
463
145
|
hydro_random_context.initialized = 0;
|
464
|
-
|
146
|
+
hydro_random_ensure_initialized();
|
465
147
|
}
|
@@ -1,6 +1,6 @@
|
|
1
1
|
#define hydro_sign_CHALLENGEBYTES 32
|
2
|
-
#define hydro_sign_NONCEBYTES
|
3
|
-
#define hydro_sign_PREHASHBYTES
|
2
|
+
#define hydro_sign_NONCEBYTES 32
|
3
|
+
#define hydro_sign_PREHASHBYTES 64
|
4
4
|
|
5
5
|
static void
|
6
6
|
hydro_sign_p2(uint8_t sig[hydro_x25519_BYTES], const uint8_t challenge[hydro_sign_CHALLENGEBYTES],
|
@@ -15,13 +15,13 @@ typedef uint64_t hydro_x25519_limb_t;
|
|
15
15
|
typedef __uint128_t hydro_x25519_dlimb_t;
|
16
16
|
typedef __int128_t hydro_x25519_sdlimb_t;
|
17
17
|
#define hydro_x25519_eswap_limb(X) LOAD64_LE((const uint8_t *) &(X))
|
18
|
-
#define hydro_x25519_LIMB(x)
|
18
|
+
#define hydro_x25519_LIMB(x) x##ull
|
19
19
|
#elif hydro_x25519_WBITS == 32
|
20
20
|
typedef uint32_t hydro_x25519_limb_t;
|
21
21
|
typedef uint64_t hydro_x25519_dlimb_t;
|
22
22
|
typedef int64_t hydro_x25519_sdlimb_t;
|
23
23
|
#define hydro_x25519_eswap_limb(X) LOAD32_LE((const uint8_t *) &(X))
|
24
|
-
#define hydro_x25519_LIMB(x)
|
24
|
+
#define hydro_x25519_LIMB(x) (uint32_t)(x##ull), (uint32_t) ((x##ull) >> 32)
|
25
25
|
#else
|
26
26
|
#error "Need to know hydro_x25519_WBITS"
|
27
27
|
#endif
|
@@ -109,10 +109,10 @@ hydro_x25519_sub(hydro_x25519_fe out, const hydro_x25519_fe a, const hydro_x2551
|
|
109
109
|
int i;
|
110
110
|
|
111
111
|
for (i = 0; i < hydro_x25519_NLIMBS; i++) {
|
112
|
-
out[i] = (hydro_x25519_limb_t)(carry = carry + a[i] - b[i]);
|
112
|
+
out[i] = (hydro_x25519_limb_t) (carry = carry + a[i] - b[i]);
|
113
113
|
carry >>= hydro_x25519_WBITS;
|
114
114
|
}
|
115
|
-
hydro_x25519_propagate(out, (hydro_x25519_limb_t)(1 + carry));
|
115
|
+
hydro_x25519_propagate(out, (hydro_x25519_limb_t) (1 + carry));
|
116
116
|
}
|
117
117
|
|
118
118
|
static void
|
@@ -138,15 +138,17 @@ hydro_x25519_swapout(uint8_t *out, hydro_x25519_limb_t *x)
|
|
138
138
|
}
|
139
139
|
|
140
140
|
static void
|
141
|
-
hydro_x25519_mul(hydro_x25519_fe out, const hydro_x25519_fe a, const
|
141
|
+
hydro_x25519_mul(hydro_x25519_fe out, const hydro_x25519_fe a, const hydro_x25519_limb_t b[],
|
142
|
+
const int nb)
|
142
143
|
{
|
143
144
|
hydro_x25519_limb_t accum[2 * hydro_x25519_NLIMBS] = { 0 };
|
144
145
|
hydro_x25519_limb_t carry2;
|
145
146
|
int i, j;
|
146
147
|
|
147
148
|
for (i = 0; i < nb; i++) {
|
148
|
-
carry2 = 0;
|
149
149
|
hydro_x25519_limb_t mand = b[i];
|
150
|
+
carry2 = 0;
|
151
|
+
|
150
152
|
for (j = 0; j < hydro_x25519_NLIMBS; j++) {
|
151
153
|
accum[i + j] = hydro_x25519_umaal(&carry2, accum[i + j], mand, a[j]);
|
152
154
|
}
|
@@ -207,7 +209,7 @@ hydro_x25519_canon(hydro_x25519_fe x)
|
|
207
209
|
carry = -19;
|
208
210
|
res = 0;
|
209
211
|
for (i = 0; i < hydro_x25519_NLIMBS; i++) {
|
210
|
-
res |= x[i] = (hydro_x25519_limb_t)(carry += x[i]);
|
212
|
+
res |= x[i] = (hydro_x25519_limb_t) (carry += x[i]);
|
211
213
|
carry >>= hydro_x25519_WBITS;
|
212
214
|
}
|
213
215
|
return ((hydro_x25519_dlimb_t) res - 1) >> hydro_x25519_WBITS;
|
@@ -218,17 +220,17 @@ hydro_x25519_ladder_part1(hydro_x25519_fe xs[5])
|
|
218
220
|
{
|
219
221
|
hydro_x25519_limb_t *x2 = xs[0], *z2 = xs[1], *x3 = xs[2], *z3 = xs[3], *t1 = xs[4];
|
220
222
|
|
221
|
-
hydro_x25519_add(t1, x2, z2);
|
222
|
-
hydro_x25519_sub(z2, x2, z2);
|
223
|
-
hydro_x25519_add(x2, x3, z3);
|
224
|
-
hydro_x25519_sub(z3, x3, z3);
|
225
|
-
hydro_x25519_mul1(z3, t1);
|
226
|
-
hydro_x25519_mul1(x2, z2);
|
227
|
-
hydro_x25519_add(x3, z3, x2);
|
228
|
-
hydro_x25519_sub(z3, z3, x2);
|
229
|
-
hydro_x25519_sqr1(t1);
|
230
|
-
hydro_x25519_sqr1(z2);
|
231
|
-
hydro_x25519_sub(x2, t1, z2);
|
223
|
+
hydro_x25519_add(t1, x2, z2); // t1 = A
|
224
|
+
hydro_x25519_sub(z2, x2, z2); // z2 = B
|
225
|
+
hydro_x25519_add(x2, x3, z3); // x2 = C
|
226
|
+
hydro_x25519_sub(z3, x3, z3); // z3 = D
|
227
|
+
hydro_x25519_mul1(z3, t1); // z3 = DA
|
228
|
+
hydro_x25519_mul1(x2, z2); // x3 = BC
|
229
|
+
hydro_x25519_add(x3, z3, x2); // x3 = DA+CB
|
230
|
+
hydro_x25519_sub(z3, z3, x2); // z3 = DA-CB
|
231
|
+
hydro_x25519_sqr1(t1); // t1 = AA
|
232
|
+
hydro_x25519_sqr1(z2); // z2 = BB
|
233
|
+
hydro_x25519_sub(x2, t1, z2); // x2 = E = AA-BB
|
232
234
|
hydro_x25519_mul(z2, x2, hydro_x25519_a24, // z2 = E*a24
|
233
235
|
sizeof(hydro_x25519_a24) / sizeof(hydro_x25519_a24[0]));
|
234
236
|
hydro_x25519_add(z2, z2, t1); // z2 = E*a24 + AA
|
@@ -275,7 +277,7 @@ hydro_x25519_core(hydro_x25519_fe xs[5], const uint8_t scalar[hydro_x25519_BYTES
|
|
275
277
|
bytei |= 0x40;
|
276
278
|
}
|
277
279
|
}
|
278
|
-
doswap = 1U + ~(hydro_x25519_limb_t)((bytei >> (i % 8)) & 1);
|
280
|
+
doswap = 1U + ~(hydro_x25519_limb_t) ((bytei >> (i % 8)) & 1);
|
279
281
|
hydro_x25519_condswap(x2, x3, swap ^ doswap);
|
280
282
|
swap = doswap;
|
281
283
|
hydro_x25519_ladder_part1(xs);
|
@@ -372,7 +374,7 @@ hydro_x25519_sc_montmul(hydro_x25519_scalar_t out, const hydro_x25519_scalar_t a
|
|
372
374
|
/* Reduce */
|
373
375
|
hydro_x25519_sdlimb_t scarry = 0;
|
374
376
|
for (i = 0; i < hydro_x25519_NLIMBS; i++) {
|
375
|
-
out[i] = (hydro_x25519_limb_t)(scarry = scarry + out[i] - hydro_x25519_sc_p[i]);
|
377
|
+
out[i] = (hydro_x25519_limb_t) (scarry = scarry + out[i] - hydro_x25519_sc_p[i]);
|
376
378
|
scarry >>= hydro_x25519_WBITS;
|
377
379
|
}
|
378
380
|
hydro_x25519_limb_t need_add = (hydro_x25519_limb_t) - (scarry + hic);
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dualcone
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tom Richards
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-05-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: climate_control
|
@@ -109,7 +109,35 @@ dependencies:
|
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
|
-
name:
|
112
|
+
name: rubocop-performance
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rubocop-rake
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rubocop-rspec
|
113
141
|
requirement: !ruby/object:Gem::Requirement
|
114
142
|
requirements:
|
115
143
|
- - ">="
|
@@ -155,15 +183,27 @@ files:
|
|
155
183
|
- vendor/libhydrogen/impl/kx.h
|
156
184
|
- vendor/libhydrogen/impl/pwhash.h
|
157
185
|
- vendor/libhydrogen/impl/random.h
|
186
|
+
- vendor/libhydrogen/impl/random/avr.h
|
187
|
+
- vendor/libhydrogen/impl/random/esp32.h
|
188
|
+
- vendor/libhydrogen/impl/random/mbed.h
|
189
|
+
- vendor/libhydrogen/impl/random/nrf52832.h
|
190
|
+
- vendor/libhydrogen/impl/random/particle.h
|
191
|
+
- vendor/libhydrogen/impl/random/riot.h
|
192
|
+
- vendor/libhydrogen/impl/random/rtthread.h
|
193
|
+
- vendor/libhydrogen/impl/random/stm32.h
|
194
|
+
- vendor/libhydrogen/impl/random/unix.h
|
195
|
+
- vendor/libhydrogen/impl/random/wasi.h
|
196
|
+
- vendor/libhydrogen/impl/random/windows.h
|
158
197
|
- vendor/libhydrogen/impl/secretbox.h
|
159
198
|
- vendor/libhydrogen/impl/sign.h
|
160
199
|
- vendor/libhydrogen/impl/x25519.h
|
161
200
|
homepage: https://github.com/t-richards/dualcone
|
162
201
|
licenses:
|
163
|
-
-
|
202
|
+
- ISC
|
164
203
|
metadata:
|
165
204
|
homepage_uri: https://github.com/t-richards/dualcone
|
166
205
|
source_code_uri: https://github.com/t-richards/dualcone
|
206
|
+
rubygems_mfa_required: 'true'
|
167
207
|
post_install_message:
|
168
208
|
rdoc_options: []
|
169
209
|
require_paths:
|
@@ -172,14 +212,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
172
212
|
requirements:
|
173
213
|
- - ">="
|
174
214
|
- !ruby/object:Gem::Version
|
175
|
-
version: 2.
|
215
|
+
version: 2.5.0
|
176
216
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
177
217
|
requirements:
|
178
218
|
- - ">="
|
179
219
|
- !ruby/object:Gem::Version
|
180
220
|
version: '0'
|
181
221
|
requirements: []
|
182
|
-
rubygems_version: 3.
|
222
|
+
rubygems_version: 3.3.8
|
183
223
|
signing_key:
|
184
224
|
specification_version: 4
|
185
225
|
summary: A Ruby source code protection system.
|