ed25519 1.0.0-jruby

Sign up to get free protection for your applications and to get access to all the features.
Files changed (82) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +15 -0
  3. data/.rspec +5 -0
  4. data/.rubocop.yml +35 -0
  5. data/.travis.yml +13 -0
  6. data/CHANGES.md +16 -0
  7. data/CODE_OF_CONDUCT.md +74 -0
  8. data/Gemfile +12 -0
  9. data/LICENSE +22 -0
  10. data/README.md +159 -0
  11. data/Rakefile +27 -0
  12. data/ed25519.gemspec +32 -0
  13. data/ed25519.png +0 -0
  14. data/ext/ed25519_java/org/cryptosphere/ed25519.java +228 -0
  15. data/ext/ed25519_ref10/api.h +4 -0
  16. data/ext/ed25519_ref10/base.h +1344 -0
  17. data/ext/ed25519_ref10/base2.h +40 -0
  18. data/ext/ed25519_ref10/d.h +1 -0
  19. data/ext/ed25519_ref10/d2.h +1 -0
  20. data/ext/ed25519_ref10/ed25519_ref10.c +99 -0
  21. data/ext/ed25519_ref10/ed25519_ref10.h +33 -0
  22. data/ext/ed25519_ref10/extconf.rb +9 -0
  23. data/ext/ed25519_ref10/fe.h +56 -0
  24. data/ext/ed25519_ref10/fe_0.c +19 -0
  25. data/ext/ed25519_ref10/fe_1.c +19 -0
  26. data/ext/ed25519_ref10/fe_add.c +57 -0
  27. data/ext/ed25519_ref10/fe_cmov.c +63 -0
  28. data/ext/ed25519_ref10/fe_copy.c +29 -0
  29. data/ext/ed25519_ref10/fe_frombytes.c +71 -0
  30. data/ext/ed25519_ref10/fe_invert.c +14 -0
  31. data/ext/ed25519_ref10/fe_isnegative.c +16 -0
  32. data/ext/ed25519_ref10/fe_isnonzero.c +19 -0
  33. data/ext/ed25519_ref10/fe_mul.c +252 -0
  34. data/ext/ed25519_ref10/fe_neg.c +45 -0
  35. data/ext/ed25519_ref10/fe_pow22523.c +13 -0
  36. data/ext/ed25519_ref10/fe_sq.c +148 -0
  37. data/ext/ed25519_ref10/fe_sq2.c +159 -0
  38. data/ext/ed25519_ref10/fe_sub.c +57 -0
  39. data/ext/ed25519_ref10/fe_tobytes.c +119 -0
  40. data/ext/ed25519_ref10/ge.h +95 -0
  41. data/ext/ed25519_ref10/ge_add.c +11 -0
  42. data/ext/ed25519_ref10/ge_add.h +97 -0
  43. data/ext/ed25519_ref10/ge_double_scalarmult.c +96 -0
  44. data/ext/ed25519_ref10/ge_frombytes.c +50 -0
  45. data/ext/ed25519_ref10/ge_madd.c +11 -0
  46. data/ext/ed25519_ref10/ge_madd.h +88 -0
  47. data/ext/ed25519_ref10/ge_msub.c +11 -0
  48. data/ext/ed25519_ref10/ge_msub.h +88 -0
  49. data/ext/ed25519_ref10/ge_p1p1_to_p2.c +12 -0
  50. data/ext/ed25519_ref10/ge_p1p1_to_p3.c +13 -0
  51. data/ext/ed25519_ref10/ge_p2_0.c +8 -0
  52. data/ext/ed25519_ref10/ge_p2_dbl.c +11 -0
  53. data/ext/ed25519_ref10/ge_p2_dbl.h +73 -0
  54. data/ext/ed25519_ref10/ge_p3_0.c +9 -0
  55. data/ext/ed25519_ref10/ge_p3_dbl.c +12 -0
  56. data/ext/ed25519_ref10/ge_p3_to_cached.c +17 -0
  57. data/ext/ed25519_ref10/ge_p3_to_p2.c +12 -0
  58. data/ext/ed25519_ref10/ge_p3_tobytes.c +14 -0
  59. data/ext/ed25519_ref10/ge_precomp_0.c +8 -0
  60. data/ext/ed25519_ref10/ge_scalarmult_base.c +104 -0
  61. data/ext/ed25519_ref10/ge_sub.c +11 -0
  62. data/ext/ed25519_ref10/ge_sub.h +97 -0
  63. data/ext/ed25519_ref10/ge_tobytes.c +14 -0
  64. data/ext/ed25519_ref10/keypair.c +22 -0
  65. data/ext/ed25519_ref10/open.c +47 -0
  66. data/ext/ed25519_ref10/pow22523.h +160 -0
  67. data/ext/ed25519_ref10/pow225521.h +160 -0
  68. data/ext/ed25519_ref10/sc.h +17 -0
  69. data/ext/ed25519_ref10/sc_muladd.c +366 -0
  70. data/ext/ed25519_ref10/sc_reduce.c +272 -0
  71. data/ext/ed25519_ref10/sha512.c +304 -0
  72. data/ext/ed25519_ref10/sha512.h +8 -0
  73. data/ext/ed25519_ref10/sign.c +41 -0
  74. data/ext/ed25519_ref10/sqrtm1.h +1 -0
  75. data/ext/ed25519_ref10/verify.c +40 -0
  76. data/lib/ed25519.rb +65 -0
  77. data/lib/ed25519/provider/jruby.rb +39 -0
  78. data/lib/ed25519/signing_key.rb +39 -0
  79. data/lib/ed25519/verify_key.rb +44 -0
  80. data/lib/ed25519/version.rb +5 -0
  81. data/lib/ed25519_java.jar +0 -0
  82. metadata +138 -0
@@ -0,0 +1,40 @@
1
+ {
2
+ { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
3
+ { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
4
+ { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
5
+ },
6
+ {
7
+ { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
8
+ { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
9
+ { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
10
+ },
11
+ {
12
+ { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
13
+ { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
14
+ { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
15
+ },
16
+ {
17
+ { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
18
+ { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
19
+ { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
20
+ },
21
+ {
22
+ { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
23
+ { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
24
+ { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
25
+ },
26
+ {
27
+ { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
28
+ { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
29
+ { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
30
+ },
31
+ {
32
+ { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
33
+ { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
34
+ { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
35
+ },
36
+ {
37
+ { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
38
+ { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
39
+ { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
40
+ },
@@ -0,0 +1 @@
1
+ -10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116
@@ -0,0 +1 @@
1
+ -21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199
@@ -0,0 +1,99 @@
1
+ #include "ruby.h"
2
+ #include "ed25519_ref10.h"
3
+
4
+ static VALUE mEd25519 = Qnil;
5
+ static VALUE mEd25519_Provider = Qnil;
6
+ static VALUE mEd25519_Provider_Ref10 = Qnil;
7
+
8
+ static VALUE mEd25519_Provider_Ref10_create_keypair(VALUE self, VALUE seed);
9
+ static VALUE mEd25519_Provider_Ref10_sign(VALUE self, VALUE signing_key, VALUE msg);
10
+ static VALUE mEd25519_Provider_Ref10_verify(VALUE self, VALUE verify_key, VALUE signature, VALUE msg);
11
+
12
+ void Init_ed25519_ref10()
13
+ {
14
+ mEd25519 = rb_define_module("Ed25519");
15
+ mEd25519_Provider = rb_define_module_under(mEd25519, "Provider");
16
+ mEd25519_Provider_Ref10 = rb_define_module_under(mEd25519_Provider, "Ref10");
17
+
18
+ rb_define_singleton_method(mEd25519_Provider_Ref10, "create_keypair", mEd25519_Provider_Ref10_create_keypair, 1);
19
+ rb_define_singleton_method(mEd25519_Provider_Ref10, "sign", mEd25519_Provider_Ref10_sign, 2);
20
+ rb_define_singleton_method(mEd25519_Provider_Ref10, "verify", mEd25519_Provider_Ref10_verify, 3);
21
+ }
22
+
23
+ static VALUE mEd25519_Provider_Ref10_create_keypair(VALUE self, VALUE seed)
24
+ {
25
+ uint8_t verify_key[PUBLICKEYBYTES];
26
+ uint8_t keypair[SECRETKEYBYTES];
27
+
28
+ StringValue(seed);
29
+
30
+ if(RSTRING_LEN(seed) != SECRETKEYBYTES / 2) {
31
+ rb_raise(rb_eArgError, "seed must be exactly %d bytes", SECRETKEYBYTES / 2);
32
+ }
33
+
34
+ crypto_sign_ed25519_ref10_seed_keypair(verify_key, keypair, (uint8_t *)RSTRING_PTR(seed));
35
+
36
+ return rb_str_new((const char *)keypair, SECRETKEYBYTES);
37
+ }
38
+
39
+ static VALUE mEd25519_Provider_Ref10_sign(VALUE self, VALUE signing_key, VALUE msg)
40
+ {
41
+ uint8_t *sig_and_msg;
42
+ uint64_t sig_and_msg_len;
43
+ VALUE result;
44
+
45
+ StringValue(signing_key);
46
+ StringValue(msg);
47
+
48
+ if(RSTRING_LEN(signing_key) != SECRETKEYBYTES) {
49
+ rb_raise(rb_eArgError, "private signing keys must be %d bytes", SECRETKEYBYTES);
50
+ }
51
+
52
+ sig_and_msg = (uint8_t *)xmalloc(SIGNATUREBYTES + RSTRING_LEN(msg));
53
+ crypto_sign_ed25519_ref10(
54
+ sig_and_msg, &sig_and_msg_len,
55
+ (uint8_t *)RSTRING_PTR(msg), RSTRING_LEN(msg),
56
+ (uint8_t *)RSTRING_PTR(signing_key)
57
+ );
58
+
59
+ result = rb_str_new((const char *)sig_and_msg, SIGNATUREBYTES);
60
+ xfree(sig_and_msg);
61
+
62
+ return result;
63
+ }
64
+
65
+ static VALUE mEd25519_Provider_Ref10_verify(VALUE self, VALUE verify_key, VALUE signature, VALUE msg)
66
+ {
67
+ uint8_t *sig_and_msg, *buffer;
68
+ uint64_t sig_and_msg_len, buffer_len;
69
+ int result;
70
+
71
+ StringValue(verify_key);
72
+ StringValue(signature);
73
+ StringValue(msg);
74
+
75
+ if(RSTRING_LEN(verify_key) != PUBLICKEYBYTES) {
76
+ rb_raise(rb_eArgError, "public verify keys must be %d bytes", PUBLICKEYBYTES);
77
+ }
78
+
79
+ if(RSTRING_LEN(signature) != SIGNATUREBYTES) {
80
+ rb_raise(rb_eArgError, "signatures must be %d bytes", SIGNATUREBYTES);
81
+ }
82
+
83
+ sig_and_msg_len = SIGNATUREBYTES + RSTRING_LEN(msg);
84
+ sig_and_msg = (unsigned char *)xmalloc(sig_and_msg_len);
85
+ buffer = (unsigned char *)xmalloc(sig_and_msg_len);
86
+ memcpy(sig_and_msg, RSTRING_PTR(signature), SIGNATUREBYTES);
87
+ memcpy(sig_and_msg + SIGNATUREBYTES, RSTRING_PTR(msg), RSTRING_LEN(msg));
88
+
89
+ result = crypto_sign_open_ed25519_ref10(
90
+ buffer, &buffer_len,
91
+ sig_and_msg, sig_and_msg_len,
92
+ (uint8_t *)RSTRING_PTR(verify_key)
93
+ );
94
+
95
+ xfree(sig_and_msg);
96
+ xfree(buffer);
97
+
98
+ return result == 0 ? Qtrue : Qfalse;
99
+ }
@@ -0,0 +1,33 @@
1
+ #ifndef ED25519_REF10_H
2
+ #define ED25519_REF10_H
3
+
4
+ #include <stdint.h>
5
+
6
+ #define SECRETKEYBYTES 64
7
+ #define PUBLICKEYBYTES 32
8
+ #define SIGNATUREBYTES 64
9
+
10
+ #define ED25519_KEYSIZE_BYTES 32
11
+ typedef uint8_t ED25519_KEY[ED25519_KEYSIZE_BYTES];
12
+
13
+ /* Generate an Ed25519 keypair from a seed value */
14
+ int crypto_sign_ed25519_ref10_seed_keypair(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
15
+
16
+ /* Compute an Ed25519 signature over the given message */
17
+ int crypto_sign_ed25519_ref10(
18
+ uint8_t *sm, uint64_t *smlen,
19
+ const uint8_t *m, uint64_t mlen,
20
+ const uint8_t *sk
21
+ );
22
+
23
+ /* Verify the given signature is authentic */
24
+ int crypto_sign_open_ed25519_ref10(
25
+ uint8_t *m, uint64_t *mlen,
26
+ const uint8_t *sm, uint64_t smlen,
27
+ const uint8_t *pk
28
+ );
29
+
30
+ /* Constant-time comparison function */
31
+ int crypto_verify_32(const uint8_t *x,const uint8_t *y);
32
+
33
+ #endif /* ED25519_REF10_H */
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ # rubocop:disable Style/GlobalVars
4
+
5
+ require "mkmf"
6
+
7
+ $CFLAGS << " -Wall -O3 -pedantic -std=c99"
8
+
9
+ create_makefile "ed25519_ref10"
@@ -0,0 +1,56 @@
1
+ #ifndef FE_H
2
+ #define FE_H
3
+
4
+ #include "ed25519_ref10.h"
5
+
6
+ typedef int32_t fe[10];
7
+
8
+ /*
9
+ fe means field element.
10
+ Here the field is \Z/(2^255-19).
11
+ An element t, entries t[0]...t[9], represents the integer
12
+ t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
13
+ Bounds on each t[i] vary depending on context.
14
+ */
15
+
16
+ #define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes
17
+ #define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes
18
+ #define fe_copy crypto_sign_ed25519_ref10_fe_copy
19
+ #define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero
20
+ #define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative
21
+ #define fe_0 crypto_sign_ed25519_ref10_fe_0
22
+ #define fe_1 crypto_sign_ed25519_ref10_fe_1
23
+ #define fe_cswap crypto_sign_ed25519_ref10_fe_cswap
24
+ #define fe_cmov crypto_sign_ed25519_ref10_fe_cmov
25
+ #define fe_add crypto_sign_ed25519_ref10_fe_add
26
+ #define fe_sub crypto_sign_ed25519_ref10_fe_sub
27
+ #define fe_neg crypto_sign_ed25519_ref10_fe_neg
28
+ #define fe_mul crypto_sign_ed25519_ref10_fe_mul
29
+ #define fe_sq crypto_sign_ed25519_ref10_fe_sq
30
+ #define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2
31
+ #define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666
32
+ #define fe_invert crypto_sign_ed25519_ref10_fe_invert
33
+ #define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523
34
+
35
+ extern void fe_frombytes(fe,const unsigned char *);
36
+ extern void fe_tobytes(unsigned char *,const fe);
37
+
38
+ extern void fe_copy(fe,const fe);
39
+ extern int fe_isnonzero(const fe);
40
+ extern int fe_isnegative(const fe);
41
+ extern void fe_0(fe);
42
+ extern void fe_1(fe);
43
+ extern void fe_cswap(fe,fe,unsigned int);
44
+ extern void fe_cmov(fe,const fe,unsigned int);
45
+
46
+ extern void fe_add(fe,const fe,const fe);
47
+ extern void fe_sub(fe,const fe,const fe);
48
+ extern void fe_neg(fe,const fe);
49
+ extern void fe_mul(fe,const fe,const fe);
50
+ extern void fe_sq(fe,const fe);
51
+ extern void fe_sq2(fe,const fe);
52
+ extern void fe_mul121666(fe,const fe);
53
+ extern void fe_invert(fe,const fe);
54
+ extern void fe_pow22523(fe,const fe);
55
+
56
+ #endif
@@ -0,0 +1,19 @@
1
+ #include "fe.h"
2
+
3
+ /*
4
+ h = 0
5
+ */
6
+
7
+ void fe_0(fe h)
8
+ {
9
+ h[0] = 0;
10
+ h[1] = 0;
11
+ h[2] = 0;
12
+ h[3] = 0;
13
+ h[4] = 0;
14
+ h[5] = 0;
15
+ h[6] = 0;
16
+ h[7] = 0;
17
+ h[8] = 0;
18
+ h[9] = 0;
19
+ }
@@ -0,0 +1,19 @@
1
+ #include "fe.h"
2
+
3
+ /*
4
+ h = 1
5
+ */
6
+
7
+ void fe_1(fe h)
8
+ {
9
+ h[0] = 1;
10
+ h[1] = 0;
11
+ h[2] = 0;
12
+ h[3] = 0;
13
+ h[4] = 0;
14
+ h[5] = 0;
15
+ h[6] = 0;
16
+ h[7] = 0;
17
+ h[8] = 0;
18
+ h[9] = 0;
19
+ }
@@ -0,0 +1,57 @@
1
+ #include "fe.h"
2
+
3
+ /*
4
+ h = f + g
5
+ Can overlap h with f or g.
6
+
7
+ Preconditions:
8
+ |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
9
+ |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
10
+
11
+ Postconditions:
12
+ |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
13
+ */
14
+
15
+ void fe_add(fe h,const fe f,const fe g)
16
+ {
17
+ int32_t f0 = f[0];
18
+ int32_t f1 = f[1];
19
+ int32_t f2 = f[2];
20
+ int32_t f3 = f[3];
21
+ int32_t f4 = f[4];
22
+ int32_t f5 = f[5];
23
+ int32_t f6 = f[6];
24
+ int32_t f7 = f[7];
25
+ int32_t f8 = f[8];
26
+ int32_t f9 = f[9];
27
+ int32_t g0 = g[0];
28
+ int32_t g1 = g[1];
29
+ int32_t g2 = g[2];
30
+ int32_t g3 = g[3];
31
+ int32_t g4 = g[4];
32
+ int32_t g5 = g[5];
33
+ int32_t g6 = g[6];
34
+ int32_t g7 = g[7];
35
+ int32_t g8 = g[8];
36
+ int32_t g9 = g[9];
37
+ int32_t h0 = f0 + g0;
38
+ int32_t h1 = f1 + g1;
39
+ int32_t h2 = f2 + g2;
40
+ int32_t h3 = f3 + g3;
41
+ int32_t h4 = f4 + g4;
42
+ int32_t h5 = f5 + g5;
43
+ int32_t h6 = f6 + g6;
44
+ int32_t h7 = f7 + g7;
45
+ int32_t h8 = f8 + g8;
46
+ int32_t h9 = f9 + g9;
47
+ h[0] = h0;
48
+ h[1] = h1;
49
+ h[2] = h2;
50
+ h[3] = h3;
51
+ h[4] = h4;
52
+ h[5] = h5;
53
+ h[6] = h6;
54
+ h[7] = h7;
55
+ h[8] = h8;
56
+ h[9] = h9;
57
+ }
@@ -0,0 +1,63 @@
1
+ #include "fe.h"
2
+
3
+ /*
4
+ Replace (f,g) with (g,g) if b == 1;
5
+ replace (f,g) with (f,g) if b == 0.
6
+
7
+ Preconditions: b in {0,1}.
8
+ */
9
+
10
+ void fe_cmov(fe f,const fe g,unsigned int b)
11
+ {
12
+ int32_t f0 = f[0];
13
+ int32_t f1 = f[1];
14
+ int32_t f2 = f[2];
15
+ int32_t f3 = f[3];
16
+ int32_t f4 = f[4];
17
+ int32_t f5 = f[5];
18
+ int32_t f6 = f[6];
19
+ int32_t f7 = f[7];
20
+ int32_t f8 = f[8];
21
+ int32_t f9 = f[9];
22
+ int32_t g0 = g[0];
23
+ int32_t g1 = g[1];
24
+ int32_t g2 = g[2];
25
+ int32_t g3 = g[3];
26
+ int32_t g4 = g[4];
27
+ int32_t g5 = g[5];
28
+ int32_t g6 = g[6];
29
+ int32_t g7 = g[7];
30
+ int32_t g8 = g[8];
31
+ int32_t g9 = g[9];
32
+ int32_t x0 = f0 ^ g0;
33
+ int32_t x1 = f1 ^ g1;
34
+ int32_t x2 = f2 ^ g2;
35
+ int32_t x3 = f3 ^ g3;
36
+ int32_t x4 = f4 ^ g4;
37
+ int32_t x5 = f5 ^ g5;
38
+ int32_t x6 = f6 ^ g6;
39
+ int32_t x7 = f7 ^ g7;
40
+ int32_t x8 = f8 ^ g8;
41
+ int32_t x9 = f9 ^ g9;
42
+ b = -b;
43
+ x0 &= b;
44
+ x1 &= b;
45
+ x2 &= b;
46
+ x3 &= b;
47
+ x4 &= b;
48
+ x5 &= b;
49
+ x6 &= b;
50
+ x7 &= b;
51
+ x8 &= b;
52
+ x9 &= b;
53
+ f[0] = f0 ^ x0;
54
+ f[1] = f1 ^ x1;
55
+ f[2] = f2 ^ x2;
56
+ f[3] = f3 ^ x3;
57
+ f[4] = f4 ^ x4;
58
+ f[5] = f5 ^ x5;
59
+ f[6] = f6 ^ x6;
60
+ f[7] = f7 ^ x7;
61
+ f[8] = f8 ^ x8;
62
+ f[9] = f9 ^ x9;
63
+ }
@@ -0,0 +1,29 @@
1
+ #include "fe.h"
2
+
3
+ /*
4
+ h = f
5
+ */
6
+
7
+ void fe_copy(fe h,const fe f)
8
+ {
9
+ int32_t f0 = f[0];
10
+ int32_t f1 = f[1];
11
+ int32_t f2 = f[2];
12
+ int32_t f3 = f[3];
13
+ int32_t f4 = f[4];
14
+ int32_t f5 = f[5];
15
+ int32_t f6 = f[6];
16
+ int32_t f7 = f[7];
17
+ int32_t f8 = f[8];
18
+ int32_t f9 = f[9];
19
+ h[0] = f0;
20
+ h[1] = f1;
21
+ h[2] = f2;
22
+ h[3] = f3;
23
+ h[4] = f4;
24
+ h[5] = f5;
25
+ h[6] = f6;
26
+ h[7] = f7;
27
+ h[8] = f8;
28
+ h[9] = f9;
29
+ }
@@ -0,0 +1,71 @@
1
+ #include "fe.h"
2
+
3
+ static uint64_t load_3(const unsigned char *in)
4
+ {
5
+ uint64_t result;
6
+ result = (uint64_t) in[0];
7
+ result |= ((uint64_t) in[1]) << 8;
8
+ result |= ((uint64_t) in[2]) << 16;
9
+ return result;
10
+ }
11
+
12
+ static uint64_t load_4(const unsigned char *in)
13
+ {
14
+ uint64_t result;
15
+ result = (uint64_t) in[0];
16
+ result |= ((uint64_t) in[1]) << 8;
17
+ result |= ((uint64_t) in[2]) << 16;
18
+ result |= ((uint64_t) in[3]) << 24;
19
+ return result;
20
+ }
21
+
22
+ /*
23
+ Ignores top bit of h.
24
+ */
25
+
26
+ void fe_frombytes(fe h,const unsigned char *s)
27
+ {
28
+ int64_t h0 = load_4(s);
29
+ int64_t h1 = load_3(s + 4) << 6;
30
+ int64_t h2 = load_3(s + 7) << 5;
31
+ int64_t h3 = load_3(s + 10) << 3;
32
+ int64_t h4 = load_3(s + 13) << 2;
33
+ int64_t h5 = load_4(s + 16);
34
+ int64_t h6 = load_3(s + 20) << 7;
35
+ int64_t h7 = load_3(s + 23) << 5;
36
+ int64_t h8 = load_3(s + 26) << 4;
37
+ int64_t h9 = (load_3(s + 29) & 8388607) << 2;
38
+ int64_t carry0;
39
+ int64_t carry1;
40
+ int64_t carry2;
41
+ int64_t carry3;
42
+ int64_t carry4;
43
+ int64_t carry5;
44
+ int64_t carry6;
45
+ int64_t carry7;
46
+ int64_t carry8;
47
+ int64_t carry9;
48
+
49
+ carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
50
+ carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
51
+ carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
52
+ carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
53
+ carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
54
+
55
+ carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
56
+ carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
57
+ carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
58
+ carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
59
+ carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
60
+
61
+ h[0] = (int32_t)h0;
62
+ h[1] = (int32_t)h1;
63
+ h[2] = (int32_t)h2;
64
+ h[3] = (int32_t)h3;
65
+ h[4] = (int32_t)h4;
66
+ h[5] = (int32_t)h5;
67
+ h[6] = (int32_t)h6;
68
+ h[7] = (int32_t)h7;
69
+ h[8] = (int32_t)h8;
70
+ h[9] = (int32_t)h9;
71
+ }