ed-precompiled_ed25519 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGES.md +88 -0
- data/LICENSE +22 -0
- data/README.md +181 -0
- data/ed25519.png +0 -0
- data/ext/ed25519_jruby/LICENSE.txt +123 -0
- data/ext/ed25519_jruby/README.md +77 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAEngine.java +491 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAKey.java +31 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAPrivateKey.java +338 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAPublicKey.java +275 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSASecurityProvider.java +59 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyFactory.java +75 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyPairGenerator.java +97 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/Utils.java +103 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Constants.java +23 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Curve.java +100 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Encoding.java +54 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Field.java +99 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/FieldElement.java +76 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/GroupElement.java +1034 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ScalarOps.java +34 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/BigIntegerFieldElement.java +131 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/BigIntegerLittleEndianEncoding.java +102 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/BigIntegerScalarOps.java +37 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/package.html +6 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java +988 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java +256 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ed25519/Ed25519ScalarOps.java +693 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAGenParameterSpec.java +32 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSANamedCurveSpec.java +35 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSANamedCurveTable.java +71 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAParameterSpec.java +97 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAPrivateKeySpec.java +133 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAPublicKeySpec.java +61 -0
- data/ext/ed25519_jruby/org/cryptorb/Ed25519Provider.java +95 -0
- data/ext/ed25519_ref10/api.h +4 -0
- data/ext/ed25519_ref10/base.h +1344 -0
- data/ext/ed25519_ref10/base2.h +40 -0
- data/ext/ed25519_ref10/d.h +1 -0
- data/ext/ed25519_ref10/d2.h +1 -0
- data/ext/ed25519_ref10/ed25519_ref10.c +99 -0
- data/ext/ed25519_ref10/ed25519_ref10.h +33 -0
- data/ext/ed25519_ref10/extconf.rb +7 -0
- data/ext/ed25519_ref10/fe.c +1085 -0
- data/ext/ed25519_ref10/fe.h +56 -0
- data/ext/ed25519_ref10/ge.c +407 -0
- data/ext/ed25519_ref10/ge.h +95 -0
- data/ext/ed25519_ref10/ge_add.h +97 -0
- data/ext/ed25519_ref10/ge_madd.h +88 -0
- data/ext/ed25519_ref10/ge_msub.h +88 -0
- data/ext/ed25519_ref10/ge_p2_dbl.h +73 -0
- data/ext/ed25519_ref10/ge_sub.h +97 -0
- data/ext/ed25519_ref10/keypair.c +22 -0
- data/ext/ed25519_ref10/open.c +47 -0
- data/ext/ed25519_ref10/pow22523.h +160 -0
- data/ext/ed25519_ref10/pow225521.h +160 -0
- data/ext/ed25519_ref10/sc.h +17 -0
- data/ext/ed25519_ref10/sc_muladd.c +366 -0
- data/ext/ed25519_ref10/sc_reduce.c +272 -0
- data/ext/ed25519_ref10/sha512.c +304 -0
- data/ext/ed25519_ref10/sha512.h +8 -0
- data/ext/ed25519_ref10/sign.c +41 -0
- data/ext/ed25519_ref10/sqrtm1.h +1 -0
- data/ext/ed25519_ref10/verify.c +40 -0
- data/lib/ed25519/signing_key.rb +60 -0
- data/lib/ed25519/verify_key.rb +45 -0
- data/lib/ed25519/version.rb +5 -0
- data/lib/ed25519.rb +77 -0
- metadata +126 -0
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* EdDSA-Java by str4d
|
|
3
|
+
*
|
|
4
|
+
* To the extent possible under law, the person who associated CC0 with
|
|
5
|
+
* EdDSA-Java has waived all copyright and related or neighboring rights
|
|
6
|
+
* to EdDSA-Java.
|
|
7
|
+
*
|
|
8
|
+
* You should have received a copy of the CC0 legalcode along with this
|
|
9
|
+
* work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
|
|
10
|
+
*
|
|
11
|
+
*/
|
|
12
|
+
package net.i2p.crypto.eddsa.math;
|
|
13
|
+
|
|
14
|
+
public interface ScalarOps {
|
|
15
|
+
/**
|
|
16
|
+
* Reduce the given scalar mod $l$.
|
|
17
|
+
* <p>
|
|
18
|
+
* From the Ed25519 paper:<br>
|
|
19
|
+
* Here we interpret $2b$-bit strings in little-endian form as integers in
|
|
20
|
+
* $\{0, 1,..., 2^{(2b)}-1\}$.
|
|
21
|
+
* @param s the scalar to reduce
|
|
22
|
+
* @return $s \bmod l$
|
|
23
|
+
*/
|
|
24
|
+
public byte[] reduce(byte[] s);
|
|
25
|
+
|
|
26
|
+
/**
|
|
27
|
+
* $r = (a * b + c) \bmod l$
|
|
28
|
+
* @param a a scalar
|
|
29
|
+
* @param b a scalar
|
|
30
|
+
* @param c a scalar
|
|
31
|
+
* @return $(a*b + c) \bmod l$
|
|
32
|
+
*/
|
|
33
|
+
public byte[] multiplyAndAdd(byte[] a, byte[] b, byte[] c);
|
|
34
|
+
}
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* EdDSA-Java by str4d
|
|
3
|
+
*
|
|
4
|
+
* To the extent possible under law, the person who associated CC0 with
|
|
5
|
+
* EdDSA-Java has waived all copyright and related or neighboring rights
|
|
6
|
+
* to EdDSA-Java.
|
|
7
|
+
*
|
|
8
|
+
* You should have received a copy of the CC0 legalcode along with this
|
|
9
|
+
* work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
|
|
10
|
+
*
|
|
11
|
+
*/
|
|
12
|
+
package net.i2p.crypto.eddsa.math.bigint;
|
|
13
|
+
|
|
14
|
+
import java.io.Serializable;
|
|
15
|
+
import java.math.BigInteger;
|
|
16
|
+
|
|
17
|
+
import net.i2p.crypto.eddsa.math.Field;
|
|
18
|
+
import net.i2p.crypto.eddsa.math.FieldElement;
|
|
19
|
+
|
|
20
|
+
/**
|
|
21
|
+
* A particular element of the field \Z/(2^255-19).
|
|
22
|
+
* @author str4d
|
|
23
|
+
*
|
|
24
|
+
*/
|
|
25
|
+
public class BigIntegerFieldElement extends FieldElement implements Serializable {
|
|
26
|
+
private static final long serialVersionUID = 4890398908392808L;
|
|
27
|
+
/**
|
|
28
|
+
* Variable is package private for encoding.
|
|
29
|
+
*/
|
|
30
|
+
final BigInteger bi;
|
|
31
|
+
|
|
32
|
+
public BigIntegerFieldElement(Field f, BigInteger bi) {
|
|
33
|
+
super(f);
|
|
34
|
+
this.bi = bi;
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
public boolean isNonZero() {
|
|
38
|
+
return !bi.equals(BigInteger.ZERO);
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
public FieldElement add(FieldElement val) {
|
|
42
|
+
return new BigIntegerFieldElement(f, bi.add(((BigIntegerFieldElement)val).bi)).mod(f.getQ());
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
@Override
|
|
46
|
+
public FieldElement addOne() {
|
|
47
|
+
return new BigIntegerFieldElement(f, bi.add(BigInteger.ONE)).mod(f.getQ());
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
public FieldElement subtract(FieldElement val) {
|
|
51
|
+
return new BigIntegerFieldElement(f, bi.subtract(((BigIntegerFieldElement)val).bi)).mod(f.getQ());
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
@Override
|
|
55
|
+
public FieldElement subtractOne() {
|
|
56
|
+
return new BigIntegerFieldElement(f, bi.subtract(BigInteger.ONE)).mod(f.getQ());
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
public FieldElement negate() {
|
|
60
|
+
return f.getQ().subtract(this);
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
@Override
|
|
64
|
+
public FieldElement divide(FieldElement val) {
|
|
65
|
+
return divide(((BigIntegerFieldElement)val).bi);
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
public FieldElement divide(BigInteger val) {
|
|
69
|
+
return new BigIntegerFieldElement(f, bi.divide(val)).mod(f.getQ());
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
public FieldElement multiply(FieldElement val) {
|
|
73
|
+
return new BigIntegerFieldElement(f, bi.multiply(((BigIntegerFieldElement)val).bi)).mod(f.getQ());
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
public FieldElement square() {
|
|
77
|
+
return multiply(this);
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
public FieldElement squareAndDouble() {
|
|
81
|
+
FieldElement sq = square();
|
|
82
|
+
return sq.add(sq);
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
public FieldElement invert() {
|
|
86
|
+
// Euler's theorem
|
|
87
|
+
//return modPow(f.getQm2(), f.getQ());
|
|
88
|
+
return new BigIntegerFieldElement(f, bi.modInverse(((BigIntegerFieldElement)f.getQ()).bi));
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
public FieldElement mod(FieldElement m) {
|
|
92
|
+
return new BigIntegerFieldElement(f, bi.mod(((BigIntegerFieldElement)m).bi));
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
public FieldElement modPow(FieldElement e, FieldElement m) {
|
|
96
|
+
return new BigIntegerFieldElement(f, bi.modPow(((BigIntegerFieldElement)e).bi, ((BigIntegerFieldElement)m).bi));
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
public FieldElement pow(FieldElement e){
|
|
100
|
+
return modPow(e, f.getQ());
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
public FieldElement pow22523(){
|
|
104
|
+
return pow(f.getQm5d8());
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
@Override
|
|
108
|
+
public FieldElement cmov(FieldElement val, int b) {
|
|
109
|
+
// Not constant-time, but it doesn't really matter because none of the underlying BigInteger operations
|
|
110
|
+
// are either, so there's not much point in trying hard here ...
|
|
111
|
+
return b == 0 ? this : val;
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
@Override
|
|
115
|
+
public int hashCode() {
|
|
116
|
+
return bi.hashCode();
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
@Override
|
|
120
|
+
public boolean equals(Object obj) {
|
|
121
|
+
if (!(obj instanceof BigIntegerFieldElement))
|
|
122
|
+
return false;
|
|
123
|
+
BigIntegerFieldElement fe = (BigIntegerFieldElement) obj;
|
|
124
|
+
return bi.equals(fe.bi);
|
|
125
|
+
}
|
|
126
|
+
|
|
127
|
+
@Override
|
|
128
|
+
public String toString() {
|
|
129
|
+
return "[BigIntegerFieldElement val="+bi+"]";
|
|
130
|
+
}
|
|
131
|
+
}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* EdDSA-Java by str4d
|
|
3
|
+
*
|
|
4
|
+
* To the extent possible under law, the person who associated CC0 with
|
|
5
|
+
* EdDSA-Java has waived all copyright and related or neighboring rights
|
|
6
|
+
* to EdDSA-Java.
|
|
7
|
+
*
|
|
8
|
+
* You should have received a copy of the CC0 legalcode along with this
|
|
9
|
+
* work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
|
|
10
|
+
*
|
|
11
|
+
*/
|
|
12
|
+
package net.i2p.crypto.eddsa.math.bigint;
|
|
13
|
+
|
|
14
|
+
import java.io.Serializable;
|
|
15
|
+
import java.math.BigInteger;
|
|
16
|
+
|
|
17
|
+
import net.i2p.crypto.eddsa.math.Encoding;
|
|
18
|
+
import net.i2p.crypto.eddsa.math.Field;
|
|
19
|
+
import net.i2p.crypto.eddsa.math.FieldElement;
|
|
20
|
+
|
|
21
|
+
public class BigIntegerLittleEndianEncoding extends Encoding implements Serializable {
|
|
22
|
+
private static final long serialVersionUID = 3984579843759837L;
|
|
23
|
+
/**
|
|
24
|
+
* Mask where only the first b-1 bits are set.
|
|
25
|
+
*/
|
|
26
|
+
private BigInteger mask;
|
|
27
|
+
|
|
28
|
+
@Override
|
|
29
|
+
public synchronized void setField(Field f) {
|
|
30
|
+
super.setField(f);
|
|
31
|
+
mask = BigInteger.ONE.shiftLeft(f.getb()-1).subtract(BigInteger.ONE);
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
public byte[] encode(FieldElement x) {
|
|
35
|
+
return encode(((BigIntegerFieldElement)x).bi.and(mask));
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
/**
|
|
39
|
+
* Convert $x$ to little endian.
|
|
40
|
+
* Constant time.
|
|
41
|
+
*
|
|
42
|
+
* @param x the BigInteger value to encode
|
|
43
|
+
* @return array of length $b/8$
|
|
44
|
+
* @throws IllegalStateException if field not set
|
|
45
|
+
*/
|
|
46
|
+
public byte[] encode(BigInteger x) {
|
|
47
|
+
if (f == null)
|
|
48
|
+
throw new IllegalStateException("field not set");
|
|
49
|
+
byte[] in = x.toByteArray();
|
|
50
|
+
byte[] out = new byte[f.getb()/8];
|
|
51
|
+
for (int i = 0; i < in.length; i++) {
|
|
52
|
+
out[i] = in[in.length-1-i];
|
|
53
|
+
}
|
|
54
|
+
for (int i = in.length; i < out.length; i++) {
|
|
55
|
+
out[i] = 0;
|
|
56
|
+
}
|
|
57
|
+
return out;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
/**
|
|
61
|
+
* Decode a FieldElement from its $(b-1)$-bit encoding.
|
|
62
|
+
* The highest bit is masked out.
|
|
63
|
+
*
|
|
64
|
+
* @param in the $(b-1)$-bit encoding of a FieldElement.
|
|
65
|
+
* @return the FieldElement represented by 'val'.
|
|
66
|
+
* @throws IllegalStateException if field not set
|
|
67
|
+
* @throws IllegalArgumentException if encoding is invalid
|
|
68
|
+
*/
|
|
69
|
+
public FieldElement decode(byte[] in) {
|
|
70
|
+
if (f == null)
|
|
71
|
+
throw new IllegalStateException("field not set");
|
|
72
|
+
if (in.length != f.getb()/8)
|
|
73
|
+
throw new IllegalArgumentException("Not a valid encoding");
|
|
74
|
+
return new BigIntegerFieldElement(f, toBigInteger(in).and(mask));
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* Convert in to big endian
|
|
79
|
+
*
|
|
80
|
+
* @param in the $(b-1)$-bit encoding of a FieldElement.
|
|
81
|
+
* @return the decoded value as a BigInteger
|
|
82
|
+
*/
|
|
83
|
+
public BigInteger toBigInteger(byte[] in) {
|
|
84
|
+
byte[] out = new byte[in.length];
|
|
85
|
+
for (int i = 0; i < in.length; i++) {
|
|
86
|
+
out[i] = in[in.length-1-i];
|
|
87
|
+
}
|
|
88
|
+
return new BigInteger(1, out);
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
/**
|
|
92
|
+
* From the Ed25519 paper:<br>
|
|
93
|
+
* $x$ is negative if the $(b-1)$-bit encoding of $x$ is lexicographically larger
|
|
94
|
+
* than the $(b-1)$-bit encoding of $-x$. If $q$ is an odd prime and the encoding
|
|
95
|
+
* is the little-endian representation of $\{0, 1,\dots, q-1\}$ then the negative
|
|
96
|
+
* elements of $F_q$ are $\{1, 3, 5,\dots, q-2\}$.
|
|
97
|
+
* @return true if negative
|
|
98
|
+
*/
|
|
99
|
+
public boolean isNegative(FieldElement x) {
|
|
100
|
+
return ((BigIntegerFieldElement)x).bi.testBit(0);
|
|
101
|
+
}
|
|
102
|
+
}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* EdDSA-Java by str4d
|
|
3
|
+
*
|
|
4
|
+
* To the extent possible under law, the person who associated CC0 with
|
|
5
|
+
* EdDSA-Java has waived all copyright and related or neighboring rights
|
|
6
|
+
* to EdDSA-Java.
|
|
7
|
+
*
|
|
8
|
+
* You should have received a copy of the CC0 legalcode along with this
|
|
9
|
+
* work. If not, see <https://creativecommons.org/publicdomain/zero/1.0/>.
|
|
10
|
+
*
|
|
11
|
+
*/
|
|
12
|
+
package net.i2p.crypto.eddsa.math.bigint;
|
|
13
|
+
|
|
14
|
+
import java.math.BigInteger;
|
|
15
|
+
|
|
16
|
+
import net.i2p.crypto.eddsa.math.Field;
|
|
17
|
+
import net.i2p.crypto.eddsa.math.ScalarOps;
|
|
18
|
+
|
|
19
|
+
public class BigIntegerScalarOps implements ScalarOps {
|
|
20
|
+
private final BigInteger l;
|
|
21
|
+
private final BigIntegerLittleEndianEncoding enc;
|
|
22
|
+
|
|
23
|
+
public BigIntegerScalarOps(Field f, BigInteger l) {
|
|
24
|
+
this.l = l;
|
|
25
|
+
enc = new BigIntegerLittleEndianEncoding();
|
|
26
|
+
enc.setField(f);
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
public byte[] reduce(byte[] s) {
|
|
30
|
+
return enc.encode(enc.toBigInteger(s).mod(l));
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
public byte[] multiplyAndAdd(byte[] a, byte[] b, byte[] c) {
|
|
34
|
+
return enc.encode(enc.toBigInteger(a).multiply(enc.toBigInteger(b)).add(enc.toBigInteger(c)).mod(l));
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
}
|