ed25519 0.1.0 → 1.0.0

data/ext/ed25519_ref10/base2.h

@@ -0,0 +1,40 @@
+ {
+  { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
+  { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
+  { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
+ },
+ {
+  { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
+  { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
+  { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
+ },
+ {
+  { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
+  { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
+  { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
+ },
+ {
+  { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
+  { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
+  { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
+ },
+ {
+  { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
+  { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
+  { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
+ },
+ {
+  { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
+  { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
+  { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
+ },
+ {
+  { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
+  { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
+  { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
+ },
+ {
+  { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
+  { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
+  { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
+ },

data/ext/ed25519_ref10/d.h

@@ -0,0 +1 @@
+-10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116

data/ext/ed25519_ref10/d2.h

@@ -0,0 +1 @@
+-21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199

data/ext/ed25519_ref10/ed25519_ref10.c

@@ -0,0 +1,99 @@
+#include "ruby.h"
+#include "ed25519_ref10.h"
+
+static VALUE mEd25519 = Qnil;
+static VALUE mEd25519_Provider = Qnil;
+static VALUE mEd25519_Provider_Ref10 = Qnil;
+
+static VALUE mEd25519_Provider_Ref10_create_keypair(VALUE self, VALUE seed);
+static VALUE mEd25519_Provider_Ref10_sign(VALUE self, VALUE signing_key, VALUE msg);
+static VALUE mEd25519_Provider_Ref10_verify(VALUE self, VALUE verify_key, VALUE signature, VALUE msg);
+
+void Init_ed25519_ref10()
+{
+    mEd25519 = rb_define_module("Ed25519");
+    mEd25519_Provider = rb_define_module_under(mEd25519, "Provider");
+    mEd25519_Provider_Ref10 = rb_define_module_under(mEd25519_Provider, "Ref10");
+
+    rb_define_singleton_method(mEd25519_Provider_Ref10, "create_keypair", mEd25519_Provider_Ref10_create_keypair, 1);
+    rb_define_singleton_method(mEd25519_Provider_Ref10, "sign", mEd25519_Provider_Ref10_sign, 2);
+    rb_define_singleton_method(mEd25519_Provider_Ref10, "verify", mEd25519_Provider_Ref10_verify, 3);
+}
+
+static VALUE mEd25519_Provider_Ref10_create_keypair(VALUE self, VALUE seed)
+{
+    uint8_t verify_key[PUBLICKEYBYTES];
+    uint8_t keypair[SECRETKEYBYTES];
+
+    StringValue(seed);
+
+    if(RSTRING_LEN(seed) != SECRETKEYBYTES / 2) {
+        rb_raise(rb_eArgError, "seed must be exactly %d bytes", SECRETKEYBYTES / 2);
+    }
+
+    crypto_sign_ed25519_ref10_seed_keypair(verify_key, keypair, (uint8_t *)RSTRING_PTR(seed));
+
+    return rb_str_new((const char *)keypair, SECRETKEYBYTES);
+}
+
+static VALUE mEd25519_Provider_Ref10_sign(VALUE self, VALUE signing_key, VALUE msg)
+{
+    uint8_t *sig_and_msg;
+    uint64_t sig_and_msg_len;
+    VALUE result;
+
+    StringValue(signing_key);
+    StringValue(msg);
+
+    if(RSTRING_LEN(signing_key) != SECRETKEYBYTES) {
+        rb_raise(rb_eArgError, "private signing keys must be %d bytes", SECRETKEYBYTES);
+    }
+
+    sig_and_msg = (uint8_t *)xmalloc(SIGNATUREBYTES + RSTRING_LEN(msg));
+    crypto_sign_ed25519_ref10(
+        sig_and_msg, &sig_and_msg_len,
+        (uint8_t *)RSTRING_PTR(msg), RSTRING_LEN(msg),
+        (uint8_t *)RSTRING_PTR(signing_key)
+    );
+
+    result = rb_str_new((const char *)sig_and_msg, SIGNATUREBYTES);
+    xfree(sig_and_msg);
+
+    return result;
+}
+
+static VALUE mEd25519_Provider_Ref10_verify(VALUE self, VALUE verify_key, VALUE signature, VALUE msg)
+{
+    uint8_t *sig_and_msg, *buffer;
+    uint64_t sig_and_msg_len, buffer_len;
+    int result;
+
+    StringValue(verify_key);
+    StringValue(signature);
+    StringValue(msg);
+
+    if(RSTRING_LEN(verify_key) != PUBLICKEYBYTES) {
+      rb_raise(rb_eArgError, "public verify keys must be %d bytes", PUBLICKEYBYTES);
+    }
+
+    if(RSTRING_LEN(signature) != SIGNATUREBYTES) {
+      rb_raise(rb_eArgError, "signatures must be %d bytes", SIGNATUREBYTES);
+    }
+
+    sig_and_msg_len = SIGNATUREBYTES + RSTRING_LEN(msg);
+    sig_and_msg = (unsigned char *)xmalloc(sig_and_msg_len);
+    buffer      = (unsigned char *)xmalloc(sig_and_msg_len);
+    memcpy(sig_and_msg, RSTRING_PTR(signature), SIGNATUREBYTES);
+    memcpy(sig_and_msg + SIGNATUREBYTES, RSTRING_PTR(msg), RSTRING_LEN(msg));
+
+    result = crypto_sign_open_ed25519_ref10(
+        buffer, &buffer_len,
+        sig_and_msg, sig_and_msg_len,
+        (uint8_t *)RSTRING_PTR(verify_key)
+    );
+
+    xfree(sig_and_msg);
+    xfree(buffer);
+
+    return result == 0 ? Qtrue : Qfalse;
+}

data/ext/ed25519_ref10/ed25519_ref10.h

@@ -0,0 +1,33 @@
+#ifndef ED25519_REF10_H
+#define ED25519_REF10_H
+
+#include <stdint.h>
+
+#define SECRETKEYBYTES 64
+#define PUBLICKEYBYTES 32
+#define SIGNATUREBYTES 64
+
+#define ED25519_KEYSIZE_BYTES 32
+typedef uint8_t ED25519_KEY[ED25519_KEYSIZE_BYTES];
+
+/* Generate an Ed25519 keypair from a seed value */
+int crypto_sign_ed25519_ref10_seed_keypair(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
+/* Compute an Ed25519 signature over the given message */
+int crypto_sign_ed25519_ref10(
+  uint8_t *sm, uint64_t *smlen,
+  const uint8_t *m, uint64_t mlen,
+  const uint8_t *sk
+);
+
+/* Verify the given signature is authentic */
+int crypto_sign_open_ed25519_ref10(
+  uint8_t *m, uint64_t *mlen,
+  const uint8_t *sm, uint64_t smlen,
+  const uint8_t *pk
+);
+
+/* Constant-time comparison function */
+int crypto_verify_32(const uint8_t *x,const uint8_t *y);
+
+#endif /* ED25519_REF10_H */

data/ext/ed25519_ref10/extconf.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# rubocop:disable Style/GlobalVars
+
+require "mkmf"
+
+$CFLAGS << " -Wall -O3 -pedantic -std=c99"
+
+create_makefile "ed25519_ref10"

data/ext/ed25519_ref10/fe.h

@@ -0,0 +1,56 @@
+#ifndef FE_H
+#define FE_H
+
+#include "ed25519_ref10.h"
+
+typedef int32_t fe[10];
+
+/*
+fe means field element.
+Here the field is \Z/(2^255-19).
+An element t, entries t[0]...t[9], represents the integer
+t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
+Bounds on each t[i] vary depending on context.
+*/
+
+#define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes
+#define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes
+#define fe_copy crypto_sign_ed25519_ref10_fe_copy
+#define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero
+#define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative
+#define fe_0 crypto_sign_ed25519_ref10_fe_0
+#define fe_1 crypto_sign_ed25519_ref10_fe_1
+#define fe_cswap crypto_sign_ed25519_ref10_fe_cswap
+#define fe_cmov crypto_sign_ed25519_ref10_fe_cmov
+#define fe_add crypto_sign_ed25519_ref10_fe_add
+#define fe_sub crypto_sign_ed25519_ref10_fe_sub
+#define fe_neg crypto_sign_ed25519_ref10_fe_neg
+#define fe_mul crypto_sign_ed25519_ref10_fe_mul
+#define fe_sq crypto_sign_ed25519_ref10_fe_sq
+#define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2
+#define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666
+#define fe_invert crypto_sign_ed25519_ref10_fe_invert
+#define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523
+
+extern void fe_frombytes(fe,const unsigned char *);
+extern void fe_tobytes(unsigned char *,const fe);
+
+extern void fe_copy(fe,const fe);
+extern int fe_isnonzero(const fe);
+extern int fe_isnegative(const fe);
+extern void fe_0(fe);
+extern void fe_1(fe);
+extern void fe_cswap(fe,fe,unsigned int);
+extern void fe_cmov(fe,const fe,unsigned int);
+
+extern void fe_add(fe,const fe,const fe);
+extern void fe_sub(fe,const fe,const fe);
+extern void fe_neg(fe,const fe);
+extern void fe_mul(fe,const fe,const fe);
+extern void fe_sq(fe,const fe);
+extern void fe_sq2(fe,const fe);
+extern void fe_mul121666(fe,const fe);
+extern void fe_invert(fe,const fe);
+extern void fe_pow22523(fe,const fe);
+
+#endif

data/ext/ed25519_ref10/fe_0.c

@@ -0,0 +1,19 @@
+#include "fe.h"
+
+/*
+h = 0
+*/
+
+void fe_0(fe h)
+{
+  h[0] = 0;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}

data/ext/ed25519_ref10/fe_1.c

@@ -0,0 +1,19 @@
+#include "fe.h"
+
+/*
+h = 1
+*/
+
+void fe_1(fe h)
+{
+  h[0] = 1;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}

data/ext/ed25519_ref10/fe_add.c

@@ -0,0 +1,57 @@
+#include "fe.h"
+
+/*
+h = f + g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+void fe_add(fe h,const fe f,const fe g)
+{
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int32_t g0 = g[0];
+  int32_t g1 = g[1];
+  int32_t g2 = g[2];
+  int32_t g3 = g[3];
+  int32_t g4 = g[4];
+  int32_t g5 = g[5];
+  int32_t g6 = g[6];
+  int32_t g7 = g[7];
+  int32_t g8 = g[8];
+  int32_t g9 = g[9];
+  int32_t h0 = f0 + g0;
+  int32_t h1 = f1 + g1;
+  int32_t h2 = f2 + g2;
+  int32_t h3 = f3 + g3;
+  int32_t h4 = f4 + g4;
+  int32_t h5 = f5 + g5;
+  int32_t h6 = f6 + g6;
+  int32_t h7 = f7 + g7;
+  int32_t h8 = f8 + g8;
+  int32_t h9 = f9 + g9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}

data/ext/ed25519_ref10/fe_cmov.c

@@ -0,0 +1,63 @@
+#include "fe.h"
+
+/*
+Replace (f,g) with (g,g) if b == 1;
+replace (f,g) with (f,g) if b == 0.
+
+Preconditions: b in {0,1}.
+*/
+
+void fe_cmov(fe f,const fe g,unsigned int b)
+{
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int32_t g0 = g[0];
+  int32_t g1 = g[1];
+  int32_t g2 = g[2];
+  int32_t g3 = g[3];
+  int32_t g4 = g[4];
+  int32_t g5 = g[5];
+  int32_t g6 = g[6];
+  int32_t g7 = g[7];
+  int32_t g8 = g[8];
+  int32_t g9 = g[9];
+  int32_t x0 = f0 ^ g0;
+  int32_t x1 = f1 ^ g1;
+  int32_t x2 = f2 ^ g2;
+  int32_t x3 = f3 ^ g3;
+  int32_t x4 = f4 ^ g4;
+  int32_t x5 = f5 ^ g5;
+  int32_t x6 = f6 ^ g6;
+  int32_t x7 = f7 ^ g7;
+  int32_t x8 = f8 ^ g8;
+  int32_t x9 = f9 ^ g9;
+  b = -b;
+  x0 &= b;
+  x1 &= b;
+  x2 &= b;
+  x3 &= b;
+  x4 &= b;
+  x5 &= b;
+  x6 &= b;
+  x7 &= b;
+  x8 &= b;
+  x9 &= b;
+  f[0] = f0 ^ x0;
+  f[1] = f1 ^ x1;
+  f[2] = f2 ^ x2;
+  f[3] = f3 ^ x3;
+  f[4] = f4 ^ x4;
+  f[5] = f5 ^ x5;
+  f[6] = f6 ^ x6;
+  f[7] = f7 ^ x7;
+  f[8] = f8 ^ x8;
+  f[9] = f9 ^ x9;
+}

data/ext/ed25519_ref10/fe_copy.c

@@ -0,0 +1,29 @@
+#include "fe.h"
+
+/*
+h = f
+*/
+
+void fe_copy(fe h,const fe f)
+{
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  h[0] = f0;
+  h[1] = f1;
+  h[2] = f2;
+  h[3] = f3;
+  h[4] = f4;
+  h[5] = f5;
+  h[6] = f6;
+  h[7] = f7;
+  h[8] = f8;
+  h[9] = f9;
+}

data/ext/ed25519_ref10/fe_frombytes.c

@@ -0,0 +1,71 @@
+#include "fe.h"
+
+static uint64_t load_3(const unsigned char *in)
+{
+  uint64_t result;
+  result = (uint64_t) in[0];
+  result |= ((uint64_t) in[1]) << 8;
+  result |= ((uint64_t) in[2]) << 16;
+  return result;
+}
+
+static uint64_t load_4(const unsigned char *in)
+{
+  uint64_t result;
+  result = (uint64_t) in[0];
+  result |= ((uint64_t) in[1]) << 8;
+  result |= ((uint64_t) in[2]) << 16;
+  result |= ((uint64_t) in[3]) << 24;
+  return result;
+}
+
+/*
+Ignores top bit of h.
+*/
+
+void fe_frombytes(fe h,const unsigned char *s)
+{
+  int64_t h0 = load_4(s);
+  int64_t h1 = load_3(s + 4) << 6;
+  int64_t h2 = load_3(s + 7) << 5;
+  int64_t h3 = load_3(s + 10) << 3;
+  int64_t h4 = load_3(s + 13) << 2;
+  int64_t h5 = load_4(s + 16);
+  int64_t h6 = load_3(s + 20) << 7;
+  int64_t h7 = load_3(s + 23) << 5;
+  int64_t h8 = load_3(s + 26) << 4;
+  int64_t h9 = (load_3(s + 29) & 8388607) << 2;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+  carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+  carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+
+  carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+  carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
+}