ed25519 1.0.0-jruby
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +15 -0
- data/.rspec +5 -0
- data/.rubocop.yml +35 -0
- data/.travis.yml +13 -0
- data/CHANGES.md +16 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +12 -0
- data/LICENSE +22 -0
- data/README.md +159 -0
- data/Rakefile +27 -0
- data/ed25519.gemspec +32 -0
- data/ed25519.png +0 -0
- data/ext/ed25519_java/org/cryptosphere/ed25519.java +228 -0
- data/ext/ed25519_ref10/api.h +4 -0
- data/ext/ed25519_ref10/base.h +1344 -0
- data/ext/ed25519_ref10/base2.h +40 -0
- data/ext/ed25519_ref10/d.h +1 -0
- data/ext/ed25519_ref10/d2.h +1 -0
- data/ext/ed25519_ref10/ed25519_ref10.c +99 -0
- data/ext/ed25519_ref10/ed25519_ref10.h +33 -0
- data/ext/ed25519_ref10/extconf.rb +9 -0
- data/ext/ed25519_ref10/fe.h +56 -0
- data/ext/ed25519_ref10/fe_0.c +19 -0
- data/ext/ed25519_ref10/fe_1.c +19 -0
- data/ext/ed25519_ref10/fe_add.c +57 -0
- data/ext/ed25519_ref10/fe_cmov.c +63 -0
- data/ext/ed25519_ref10/fe_copy.c +29 -0
- data/ext/ed25519_ref10/fe_frombytes.c +71 -0
- data/ext/ed25519_ref10/fe_invert.c +14 -0
- data/ext/ed25519_ref10/fe_isnegative.c +16 -0
- data/ext/ed25519_ref10/fe_isnonzero.c +19 -0
- data/ext/ed25519_ref10/fe_mul.c +252 -0
- data/ext/ed25519_ref10/fe_neg.c +45 -0
- data/ext/ed25519_ref10/fe_pow22523.c +13 -0
- data/ext/ed25519_ref10/fe_sq.c +148 -0
- data/ext/ed25519_ref10/fe_sq2.c +159 -0
- data/ext/ed25519_ref10/fe_sub.c +57 -0
- data/ext/ed25519_ref10/fe_tobytes.c +119 -0
- data/ext/ed25519_ref10/ge.h +95 -0
- data/ext/ed25519_ref10/ge_add.c +11 -0
- data/ext/ed25519_ref10/ge_add.h +97 -0
- data/ext/ed25519_ref10/ge_double_scalarmult.c +96 -0
- data/ext/ed25519_ref10/ge_frombytes.c +50 -0
- data/ext/ed25519_ref10/ge_madd.c +11 -0
- data/ext/ed25519_ref10/ge_madd.h +88 -0
- data/ext/ed25519_ref10/ge_msub.c +11 -0
- data/ext/ed25519_ref10/ge_msub.h +88 -0
- data/ext/ed25519_ref10/ge_p1p1_to_p2.c +12 -0
- data/ext/ed25519_ref10/ge_p1p1_to_p3.c +13 -0
- data/ext/ed25519_ref10/ge_p2_0.c +8 -0
- data/ext/ed25519_ref10/ge_p2_dbl.c +11 -0
- data/ext/ed25519_ref10/ge_p2_dbl.h +73 -0
- data/ext/ed25519_ref10/ge_p3_0.c +9 -0
- data/ext/ed25519_ref10/ge_p3_dbl.c +12 -0
- data/ext/ed25519_ref10/ge_p3_to_cached.c +17 -0
- data/ext/ed25519_ref10/ge_p3_to_p2.c +12 -0
- data/ext/ed25519_ref10/ge_p3_tobytes.c +14 -0
- data/ext/ed25519_ref10/ge_precomp_0.c +8 -0
- data/ext/ed25519_ref10/ge_scalarmult_base.c +104 -0
- data/ext/ed25519_ref10/ge_sub.c +11 -0
- data/ext/ed25519_ref10/ge_sub.h +97 -0
- data/ext/ed25519_ref10/ge_tobytes.c +14 -0
- data/ext/ed25519_ref10/keypair.c +22 -0
- data/ext/ed25519_ref10/open.c +47 -0
- data/ext/ed25519_ref10/pow22523.h +160 -0
- data/ext/ed25519_ref10/pow225521.h +160 -0
- data/ext/ed25519_ref10/sc.h +17 -0
- data/ext/ed25519_ref10/sc_muladd.c +366 -0
- data/ext/ed25519_ref10/sc_reduce.c +272 -0
- data/ext/ed25519_ref10/sha512.c +304 -0
- data/ext/ed25519_ref10/sha512.h +8 -0
- data/ext/ed25519_ref10/sign.c +41 -0
- data/ext/ed25519_ref10/sqrtm1.h +1 -0
- data/ext/ed25519_ref10/verify.c +40 -0
- data/lib/ed25519.rb +65 -0
- data/lib/ed25519/provider/jruby.rb +39 -0
- data/lib/ed25519/signing_key.rb +39 -0
- data/lib/ed25519/verify_key.rb +44 -0
- data/lib/ed25519/version.rb +5 -0
- data/lib/ed25519_java.jar +0 -0
- metadata +138 -0
@@ -0,0 +1,40 @@
|
|
1
|
+
{
|
2
|
+
{ 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
|
3
|
+
{ -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
|
4
|
+
{ -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
|
5
|
+
},
|
6
|
+
{
|
7
|
+
{ 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
|
8
|
+
{ 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
|
9
|
+
{ 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
|
10
|
+
},
|
11
|
+
{
|
12
|
+
{ 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
|
13
|
+
{ 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
|
14
|
+
{ 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
|
15
|
+
},
|
16
|
+
{
|
17
|
+
{ 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
|
18
|
+
{ -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
|
19
|
+
{ 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
|
20
|
+
},
|
21
|
+
{
|
22
|
+
{ -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
|
23
|
+
{ -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
|
24
|
+
{ 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
|
25
|
+
},
|
26
|
+
{
|
27
|
+
{ -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
|
28
|
+
{ 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
|
29
|
+
{ 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
|
30
|
+
},
|
31
|
+
{
|
32
|
+
{ -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
|
33
|
+
{ -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
|
34
|
+
{ -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
|
35
|
+
},
|
36
|
+
{
|
37
|
+
{ -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
|
38
|
+
{ -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
|
39
|
+
{ -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
|
40
|
+
},
|
@@ -0,0 +1 @@
|
|
1
|
+
-10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116
|
@@ -0,0 +1 @@
|
|
1
|
+
-21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199
|
@@ -0,0 +1,99 @@
|
|
1
|
+
#include "ruby.h"
|
2
|
+
#include "ed25519_ref10.h"
|
3
|
+
|
4
|
+
static VALUE mEd25519 = Qnil;
|
5
|
+
static VALUE mEd25519_Provider = Qnil;
|
6
|
+
static VALUE mEd25519_Provider_Ref10 = Qnil;
|
7
|
+
|
8
|
+
static VALUE mEd25519_Provider_Ref10_create_keypair(VALUE self, VALUE seed);
|
9
|
+
static VALUE mEd25519_Provider_Ref10_sign(VALUE self, VALUE signing_key, VALUE msg);
|
10
|
+
static VALUE mEd25519_Provider_Ref10_verify(VALUE self, VALUE verify_key, VALUE signature, VALUE msg);
|
11
|
+
|
12
|
+
void Init_ed25519_ref10()
|
13
|
+
{
|
14
|
+
mEd25519 = rb_define_module("Ed25519");
|
15
|
+
mEd25519_Provider = rb_define_module_under(mEd25519, "Provider");
|
16
|
+
mEd25519_Provider_Ref10 = rb_define_module_under(mEd25519_Provider, "Ref10");
|
17
|
+
|
18
|
+
rb_define_singleton_method(mEd25519_Provider_Ref10, "create_keypair", mEd25519_Provider_Ref10_create_keypair, 1);
|
19
|
+
rb_define_singleton_method(mEd25519_Provider_Ref10, "sign", mEd25519_Provider_Ref10_sign, 2);
|
20
|
+
rb_define_singleton_method(mEd25519_Provider_Ref10, "verify", mEd25519_Provider_Ref10_verify, 3);
|
21
|
+
}
|
22
|
+
|
23
|
+
static VALUE mEd25519_Provider_Ref10_create_keypair(VALUE self, VALUE seed)
|
24
|
+
{
|
25
|
+
uint8_t verify_key[PUBLICKEYBYTES];
|
26
|
+
uint8_t keypair[SECRETKEYBYTES];
|
27
|
+
|
28
|
+
StringValue(seed);
|
29
|
+
|
30
|
+
if(RSTRING_LEN(seed) != SECRETKEYBYTES / 2) {
|
31
|
+
rb_raise(rb_eArgError, "seed must be exactly %d bytes", SECRETKEYBYTES / 2);
|
32
|
+
}
|
33
|
+
|
34
|
+
crypto_sign_ed25519_ref10_seed_keypair(verify_key, keypair, (uint8_t *)RSTRING_PTR(seed));
|
35
|
+
|
36
|
+
return rb_str_new((const char *)keypair, SECRETKEYBYTES);
|
37
|
+
}
|
38
|
+
|
39
|
+
static VALUE mEd25519_Provider_Ref10_sign(VALUE self, VALUE signing_key, VALUE msg)
|
40
|
+
{
|
41
|
+
uint8_t *sig_and_msg;
|
42
|
+
uint64_t sig_and_msg_len;
|
43
|
+
VALUE result;
|
44
|
+
|
45
|
+
StringValue(signing_key);
|
46
|
+
StringValue(msg);
|
47
|
+
|
48
|
+
if(RSTRING_LEN(signing_key) != SECRETKEYBYTES) {
|
49
|
+
rb_raise(rb_eArgError, "private signing keys must be %d bytes", SECRETKEYBYTES);
|
50
|
+
}
|
51
|
+
|
52
|
+
sig_and_msg = (uint8_t *)xmalloc(SIGNATUREBYTES + RSTRING_LEN(msg));
|
53
|
+
crypto_sign_ed25519_ref10(
|
54
|
+
sig_and_msg, &sig_and_msg_len,
|
55
|
+
(uint8_t *)RSTRING_PTR(msg), RSTRING_LEN(msg),
|
56
|
+
(uint8_t *)RSTRING_PTR(signing_key)
|
57
|
+
);
|
58
|
+
|
59
|
+
result = rb_str_new((const char *)sig_and_msg, SIGNATUREBYTES);
|
60
|
+
xfree(sig_and_msg);
|
61
|
+
|
62
|
+
return result;
|
63
|
+
}
|
64
|
+
|
65
|
+
static VALUE mEd25519_Provider_Ref10_verify(VALUE self, VALUE verify_key, VALUE signature, VALUE msg)
|
66
|
+
{
|
67
|
+
uint8_t *sig_and_msg, *buffer;
|
68
|
+
uint64_t sig_and_msg_len, buffer_len;
|
69
|
+
int result;
|
70
|
+
|
71
|
+
StringValue(verify_key);
|
72
|
+
StringValue(signature);
|
73
|
+
StringValue(msg);
|
74
|
+
|
75
|
+
if(RSTRING_LEN(verify_key) != PUBLICKEYBYTES) {
|
76
|
+
rb_raise(rb_eArgError, "public verify keys must be %d bytes", PUBLICKEYBYTES);
|
77
|
+
}
|
78
|
+
|
79
|
+
if(RSTRING_LEN(signature) != SIGNATUREBYTES) {
|
80
|
+
rb_raise(rb_eArgError, "signatures must be %d bytes", SIGNATUREBYTES);
|
81
|
+
}
|
82
|
+
|
83
|
+
sig_and_msg_len = SIGNATUREBYTES + RSTRING_LEN(msg);
|
84
|
+
sig_and_msg = (unsigned char *)xmalloc(sig_and_msg_len);
|
85
|
+
buffer = (unsigned char *)xmalloc(sig_and_msg_len);
|
86
|
+
memcpy(sig_and_msg, RSTRING_PTR(signature), SIGNATUREBYTES);
|
87
|
+
memcpy(sig_and_msg + SIGNATUREBYTES, RSTRING_PTR(msg), RSTRING_LEN(msg));
|
88
|
+
|
89
|
+
result = crypto_sign_open_ed25519_ref10(
|
90
|
+
buffer, &buffer_len,
|
91
|
+
sig_and_msg, sig_and_msg_len,
|
92
|
+
(uint8_t *)RSTRING_PTR(verify_key)
|
93
|
+
);
|
94
|
+
|
95
|
+
xfree(sig_and_msg);
|
96
|
+
xfree(buffer);
|
97
|
+
|
98
|
+
return result == 0 ? Qtrue : Qfalse;
|
99
|
+
}
|
@@ -0,0 +1,33 @@
|
|
1
|
+
#ifndef ED25519_REF10_H
|
2
|
+
#define ED25519_REF10_H
|
3
|
+
|
4
|
+
#include <stdint.h>
|
5
|
+
|
6
|
+
#define SECRETKEYBYTES 64
|
7
|
+
#define PUBLICKEYBYTES 32
|
8
|
+
#define SIGNATUREBYTES 64
|
9
|
+
|
10
|
+
#define ED25519_KEYSIZE_BYTES 32
|
11
|
+
typedef uint8_t ED25519_KEY[ED25519_KEYSIZE_BYTES];
|
12
|
+
|
13
|
+
/* Generate an Ed25519 keypair from a seed value */
|
14
|
+
int crypto_sign_ed25519_ref10_seed_keypair(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
|
15
|
+
|
16
|
+
/* Compute an Ed25519 signature over the given message */
|
17
|
+
int crypto_sign_ed25519_ref10(
|
18
|
+
uint8_t *sm, uint64_t *smlen,
|
19
|
+
const uint8_t *m, uint64_t mlen,
|
20
|
+
const uint8_t *sk
|
21
|
+
);
|
22
|
+
|
23
|
+
/* Verify the given signature is authentic */
|
24
|
+
int crypto_sign_open_ed25519_ref10(
|
25
|
+
uint8_t *m, uint64_t *mlen,
|
26
|
+
const uint8_t *sm, uint64_t smlen,
|
27
|
+
const uint8_t *pk
|
28
|
+
);
|
29
|
+
|
30
|
+
/* Constant-time comparison function */
|
31
|
+
int crypto_verify_32(const uint8_t *x,const uint8_t *y);
|
32
|
+
|
33
|
+
#endif /* ED25519_REF10_H */
|
@@ -0,0 +1,56 @@
|
|
1
|
+
#ifndef FE_H
|
2
|
+
#define FE_H
|
3
|
+
|
4
|
+
#include "ed25519_ref10.h"
|
5
|
+
|
6
|
+
typedef int32_t fe[10];
|
7
|
+
|
8
|
+
/*
|
9
|
+
fe means field element.
|
10
|
+
Here the field is \Z/(2^255-19).
|
11
|
+
An element t, entries t[0]...t[9], represents the integer
|
12
|
+
t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
|
13
|
+
Bounds on each t[i] vary depending on context.
|
14
|
+
*/
|
15
|
+
|
16
|
+
#define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes
|
17
|
+
#define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes
|
18
|
+
#define fe_copy crypto_sign_ed25519_ref10_fe_copy
|
19
|
+
#define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero
|
20
|
+
#define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative
|
21
|
+
#define fe_0 crypto_sign_ed25519_ref10_fe_0
|
22
|
+
#define fe_1 crypto_sign_ed25519_ref10_fe_1
|
23
|
+
#define fe_cswap crypto_sign_ed25519_ref10_fe_cswap
|
24
|
+
#define fe_cmov crypto_sign_ed25519_ref10_fe_cmov
|
25
|
+
#define fe_add crypto_sign_ed25519_ref10_fe_add
|
26
|
+
#define fe_sub crypto_sign_ed25519_ref10_fe_sub
|
27
|
+
#define fe_neg crypto_sign_ed25519_ref10_fe_neg
|
28
|
+
#define fe_mul crypto_sign_ed25519_ref10_fe_mul
|
29
|
+
#define fe_sq crypto_sign_ed25519_ref10_fe_sq
|
30
|
+
#define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2
|
31
|
+
#define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666
|
32
|
+
#define fe_invert crypto_sign_ed25519_ref10_fe_invert
|
33
|
+
#define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523
|
34
|
+
|
35
|
+
extern void fe_frombytes(fe,const unsigned char *);
|
36
|
+
extern void fe_tobytes(unsigned char *,const fe);
|
37
|
+
|
38
|
+
extern void fe_copy(fe,const fe);
|
39
|
+
extern int fe_isnonzero(const fe);
|
40
|
+
extern int fe_isnegative(const fe);
|
41
|
+
extern void fe_0(fe);
|
42
|
+
extern void fe_1(fe);
|
43
|
+
extern void fe_cswap(fe,fe,unsigned int);
|
44
|
+
extern void fe_cmov(fe,const fe,unsigned int);
|
45
|
+
|
46
|
+
extern void fe_add(fe,const fe,const fe);
|
47
|
+
extern void fe_sub(fe,const fe,const fe);
|
48
|
+
extern void fe_neg(fe,const fe);
|
49
|
+
extern void fe_mul(fe,const fe,const fe);
|
50
|
+
extern void fe_sq(fe,const fe);
|
51
|
+
extern void fe_sq2(fe,const fe);
|
52
|
+
extern void fe_mul121666(fe,const fe);
|
53
|
+
extern void fe_invert(fe,const fe);
|
54
|
+
extern void fe_pow22523(fe,const fe);
|
55
|
+
|
56
|
+
#endif
|
@@ -0,0 +1,57 @@
|
|
1
|
+
#include "fe.h"
|
2
|
+
|
3
|
+
/*
|
4
|
+
h = f + g
|
5
|
+
Can overlap h with f or g.
|
6
|
+
|
7
|
+
Preconditions:
|
8
|
+
|f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
|
9
|
+
|g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
|
10
|
+
|
11
|
+
Postconditions:
|
12
|
+
|h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
|
13
|
+
*/
|
14
|
+
|
15
|
+
void fe_add(fe h,const fe f,const fe g)
|
16
|
+
{
|
17
|
+
int32_t f0 = f[0];
|
18
|
+
int32_t f1 = f[1];
|
19
|
+
int32_t f2 = f[2];
|
20
|
+
int32_t f3 = f[3];
|
21
|
+
int32_t f4 = f[4];
|
22
|
+
int32_t f5 = f[5];
|
23
|
+
int32_t f6 = f[6];
|
24
|
+
int32_t f7 = f[7];
|
25
|
+
int32_t f8 = f[8];
|
26
|
+
int32_t f9 = f[9];
|
27
|
+
int32_t g0 = g[0];
|
28
|
+
int32_t g1 = g[1];
|
29
|
+
int32_t g2 = g[2];
|
30
|
+
int32_t g3 = g[3];
|
31
|
+
int32_t g4 = g[4];
|
32
|
+
int32_t g5 = g[5];
|
33
|
+
int32_t g6 = g[6];
|
34
|
+
int32_t g7 = g[7];
|
35
|
+
int32_t g8 = g[8];
|
36
|
+
int32_t g9 = g[9];
|
37
|
+
int32_t h0 = f0 + g0;
|
38
|
+
int32_t h1 = f1 + g1;
|
39
|
+
int32_t h2 = f2 + g2;
|
40
|
+
int32_t h3 = f3 + g3;
|
41
|
+
int32_t h4 = f4 + g4;
|
42
|
+
int32_t h5 = f5 + g5;
|
43
|
+
int32_t h6 = f6 + g6;
|
44
|
+
int32_t h7 = f7 + g7;
|
45
|
+
int32_t h8 = f8 + g8;
|
46
|
+
int32_t h9 = f9 + g9;
|
47
|
+
h[0] = h0;
|
48
|
+
h[1] = h1;
|
49
|
+
h[2] = h2;
|
50
|
+
h[3] = h3;
|
51
|
+
h[4] = h4;
|
52
|
+
h[5] = h5;
|
53
|
+
h[6] = h6;
|
54
|
+
h[7] = h7;
|
55
|
+
h[8] = h8;
|
56
|
+
h[9] = h9;
|
57
|
+
}
|
@@ -0,0 +1,63 @@
|
|
1
|
+
#include "fe.h"
|
2
|
+
|
3
|
+
/*
|
4
|
+
Replace (f,g) with (g,g) if b == 1;
|
5
|
+
replace (f,g) with (f,g) if b == 0.
|
6
|
+
|
7
|
+
Preconditions: b in {0,1}.
|
8
|
+
*/
|
9
|
+
|
10
|
+
void fe_cmov(fe f,const fe g,unsigned int b)
|
11
|
+
{
|
12
|
+
int32_t f0 = f[0];
|
13
|
+
int32_t f1 = f[1];
|
14
|
+
int32_t f2 = f[2];
|
15
|
+
int32_t f3 = f[3];
|
16
|
+
int32_t f4 = f[4];
|
17
|
+
int32_t f5 = f[5];
|
18
|
+
int32_t f6 = f[6];
|
19
|
+
int32_t f7 = f[7];
|
20
|
+
int32_t f8 = f[8];
|
21
|
+
int32_t f9 = f[9];
|
22
|
+
int32_t g0 = g[0];
|
23
|
+
int32_t g1 = g[1];
|
24
|
+
int32_t g2 = g[2];
|
25
|
+
int32_t g3 = g[3];
|
26
|
+
int32_t g4 = g[4];
|
27
|
+
int32_t g5 = g[5];
|
28
|
+
int32_t g6 = g[6];
|
29
|
+
int32_t g7 = g[7];
|
30
|
+
int32_t g8 = g[8];
|
31
|
+
int32_t g9 = g[9];
|
32
|
+
int32_t x0 = f0 ^ g0;
|
33
|
+
int32_t x1 = f1 ^ g1;
|
34
|
+
int32_t x2 = f2 ^ g2;
|
35
|
+
int32_t x3 = f3 ^ g3;
|
36
|
+
int32_t x4 = f4 ^ g4;
|
37
|
+
int32_t x5 = f5 ^ g5;
|
38
|
+
int32_t x6 = f6 ^ g6;
|
39
|
+
int32_t x7 = f7 ^ g7;
|
40
|
+
int32_t x8 = f8 ^ g8;
|
41
|
+
int32_t x9 = f9 ^ g9;
|
42
|
+
b = -b;
|
43
|
+
x0 &= b;
|
44
|
+
x1 &= b;
|
45
|
+
x2 &= b;
|
46
|
+
x3 &= b;
|
47
|
+
x4 &= b;
|
48
|
+
x5 &= b;
|
49
|
+
x6 &= b;
|
50
|
+
x7 &= b;
|
51
|
+
x8 &= b;
|
52
|
+
x9 &= b;
|
53
|
+
f[0] = f0 ^ x0;
|
54
|
+
f[1] = f1 ^ x1;
|
55
|
+
f[2] = f2 ^ x2;
|
56
|
+
f[3] = f3 ^ x3;
|
57
|
+
f[4] = f4 ^ x4;
|
58
|
+
f[5] = f5 ^ x5;
|
59
|
+
f[6] = f6 ^ x6;
|
60
|
+
f[7] = f7 ^ x7;
|
61
|
+
f[8] = f8 ^ x8;
|
62
|
+
f[9] = f9 ^ x9;
|
63
|
+
}
|
@@ -0,0 +1,29 @@
|
|
1
|
+
#include "fe.h"
|
2
|
+
|
3
|
+
/*
|
4
|
+
h = f
|
5
|
+
*/
|
6
|
+
|
7
|
+
void fe_copy(fe h,const fe f)
|
8
|
+
{
|
9
|
+
int32_t f0 = f[0];
|
10
|
+
int32_t f1 = f[1];
|
11
|
+
int32_t f2 = f[2];
|
12
|
+
int32_t f3 = f[3];
|
13
|
+
int32_t f4 = f[4];
|
14
|
+
int32_t f5 = f[5];
|
15
|
+
int32_t f6 = f[6];
|
16
|
+
int32_t f7 = f[7];
|
17
|
+
int32_t f8 = f[8];
|
18
|
+
int32_t f9 = f[9];
|
19
|
+
h[0] = f0;
|
20
|
+
h[1] = f1;
|
21
|
+
h[2] = f2;
|
22
|
+
h[3] = f3;
|
23
|
+
h[4] = f4;
|
24
|
+
h[5] = f5;
|
25
|
+
h[6] = f6;
|
26
|
+
h[7] = f7;
|
27
|
+
h[8] = f8;
|
28
|
+
h[9] = f9;
|
29
|
+
}
|
@@ -0,0 +1,71 @@
|
|
1
|
+
#include "fe.h"
|
2
|
+
|
3
|
+
static uint64_t load_3(const unsigned char *in)
|
4
|
+
{
|
5
|
+
uint64_t result;
|
6
|
+
result = (uint64_t) in[0];
|
7
|
+
result |= ((uint64_t) in[1]) << 8;
|
8
|
+
result |= ((uint64_t) in[2]) << 16;
|
9
|
+
return result;
|
10
|
+
}
|
11
|
+
|
12
|
+
static uint64_t load_4(const unsigned char *in)
|
13
|
+
{
|
14
|
+
uint64_t result;
|
15
|
+
result = (uint64_t) in[0];
|
16
|
+
result |= ((uint64_t) in[1]) << 8;
|
17
|
+
result |= ((uint64_t) in[2]) << 16;
|
18
|
+
result |= ((uint64_t) in[3]) << 24;
|
19
|
+
return result;
|
20
|
+
}
|
21
|
+
|
22
|
+
/*
|
23
|
+
Ignores top bit of h.
|
24
|
+
*/
|
25
|
+
|
26
|
+
void fe_frombytes(fe h,const unsigned char *s)
|
27
|
+
{
|
28
|
+
int64_t h0 = load_4(s);
|
29
|
+
int64_t h1 = load_3(s + 4) << 6;
|
30
|
+
int64_t h2 = load_3(s + 7) << 5;
|
31
|
+
int64_t h3 = load_3(s + 10) << 3;
|
32
|
+
int64_t h4 = load_3(s + 13) << 2;
|
33
|
+
int64_t h5 = load_4(s + 16);
|
34
|
+
int64_t h6 = load_3(s + 20) << 7;
|
35
|
+
int64_t h7 = load_3(s + 23) << 5;
|
36
|
+
int64_t h8 = load_3(s + 26) << 4;
|
37
|
+
int64_t h9 = (load_3(s + 29) & 8388607) << 2;
|
38
|
+
int64_t carry0;
|
39
|
+
int64_t carry1;
|
40
|
+
int64_t carry2;
|
41
|
+
int64_t carry3;
|
42
|
+
int64_t carry4;
|
43
|
+
int64_t carry5;
|
44
|
+
int64_t carry6;
|
45
|
+
int64_t carry7;
|
46
|
+
int64_t carry8;
|
47
|
+
int64_t carry9;
|
48
|
+
|
49
|
+
carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
|
50
|
+
carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
|
51
|
+
carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
|
52
|
+
carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
|
53
|
+
carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
|
54
|
+
|
55
|
+
carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
|
56
|
+
carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
|
57
|
+
carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
|
58
|
+
carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
|
59
|
+
carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
|
60
|
+
|
61
|
+
h[0] = (int32_t)h0;
|
62
|
+
h[1] = (int32_t)h1;
|
63
|
+
h[2] = (int32_t)h2;
|
64
|
+
h[3] = (int32_t)h3;
|
65
|
+
h[4] = (int32_t)h4;
|
66
|
+
h[5] = (int32_t)h5;
|
67
|
+
h[6] = (int32_t)h6;
|
68
|
+
h[7] = (int32_t)h7;
|
69
|
+
h[8] = (int32_t)h8;
|
70
|
+
h[9] = (int32_t)h9;
|
71
|
+
}
|