RubyGems - ed25519 - Versions diffs - 1.2.1 → 1.3.0 - Mend

ed25519 1.2.1 → 1.3.0

Files changed (56) hide show

checksums.yaml +5 -5
data/CHANGES.md +51 -17
data/LICENSE +1 -1
data/README.md +29 -14
data/ed25519.png +0 -0
data/ext/ed25519_jruby/org/{cryptosphere → cryptorb}/Ed25519Provider.java +1 -1
data/ext/ed25519_ref10/extconf.rb +2 -2
data/ext/ed25519_ref10/fe.c +1085 -0
data/ext/ed25519_ref10/ge.c +407 -0
data/lib/ed25519/verify_key.rb +2 -1
data/lib/ed25519/version.rb +1 -1
data/lib/ed25519.rb +8 -8
data/lib/ed25519_jruby.jar +0 -0
metadata +23 -60
data/.gitignore +0 -16
data/.rspec +0 -5
data/.rubocop.yml +0 -35
data/.travis.yml +0 -15
data/CODE_OF_CONDUCT.md +0 -74
data/Gemfile +0 -12
data/Rakefile +0 -27
data/ed25519.gemspec +0 -32
data/ext/ed25519_ref10/fe_0.c +0 -19
data/ext/ed25519_ref10/fe_1.c +0 -19
data/ext/ed25519_ref10/fe_add.c +0 -57
data/ext/ed25519_ref10/fe_cmov.c +0 -63
data/ext/ed25519_ref10/fe_copy.c +0 -29
data/ext/ed25519_ref10/fe_frombytes.c +0 -71
data/ext/ed25519_ref10/fe_invert.c +0 -14
data/ext/ed25519_ref10/fe_isnegative.c +0 -16
data/ext/ed25519_ref10/fe_isnonzero.c +0 -19
data/ext/ed25519_ref10/fe_mul.c +0 -252
data/ext/ed25519_ref10/fe_neg.c +0 -45
data/ext/ed25519_ref10/fe_pow22523.c +0 -13
data/ext/ed25519_ref10/fe_sq.c +0 -148
data/ext/ed25519_ref10/fe_sq2.c +0 -159
data/ext/ed25519_ref10/fe_sub.c +0 -57
data/ext/ed25519_ref10/fe_tobytes.c +0 -119
data/ext/ed25519_ref10/ge_add.c +0 -11
data/ext/ed25519_ref10/ge_double_scalarmult.c +0 -96
data/ext/ed25519_ref10/ge_frombytes.c +0 -50
data/ext/ed25519_ref10/ge_madd.c +0 -11
data/ext/ed25519_ref10/ge_msub.c +0 -11
data/ext/ed25519_ref10/ge_p1p1_to_p2.c +0 -12
data/ext/ed25519_ref10/ge_p1p1_to_p3.c +0 -13
data/ext/ed25519_ref10/ge_p2_0.c +0 -8
data/ext/ed25519_ref10/ge_p2_dbl.c +0 -11
data/ext/ed25519_ref10/ge_p3_0.c +0 -9
data/ext/ed25519_ref10/ge_p3_dbl.c +0 -12
data/ext/ed25519_ref10/ge_p3_to_cached.c +0 -17
data/ext/ed25519_ref10/ge_p3_to_p2.c +0 -12
data/ext/ed25519_ref10/ge_p3_tobytes.c +0 -14
data/ext/ed25519_ref10/ge_precomp_0.c +0 -8
data/ext/ed25519_ref10/ge_scalarmult_base.c +0 -104
data/ext/ed25519_ref10/ge_sub.c +0 -11
data/ext/ed25519_ref10/ge_tobytes.c +0 -14

data/ext/ed25519_ref10/fe_tobytes.c DELETED Viewed

@@ -1,119 +0,0 @@
-#include "fe.h"
-/*
-Preconditions:
-  |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-Write p=2^255-19; q=floor(h/p).
-Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-Proof:
-  Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
-  Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
-  Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
-  Then 0<y<1.
-  Write r=h-pq.
-  Have 0<=r<=p-1=2^255-20.
-  Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-  Write x=r+19(2^-255)r+y.
-  Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-  Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
-  so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-*/
-void fe_tobytes(unsigned char *s,const fe h)
-{
-  int32_t h0 = h[0];
-  int32_t h1 = h[1];
-  int32_t h2 = h[2];
-  int32_t h3 = h[3];
-  int32_t h4 = h[4];
-  int32_t h5 = h[5];
-  int32_t h6 = h[6];
-  int32_t h7 = h[7];
-  int32_t h8 = h[8];
-  int32_t h9 = h[9];
-  int32_t q;
-  int32_t carry0;
-  int32_t carry1;
-  int32_t carry2;
-  int32_t carry3;
-  int32_t carry4;
-  int32_t carry5;
-  int32_t carry6;
-  int32_t carry7;
-  int32_t carry8;
-  int32_t carry9;
-  q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
-  q = (h0 + q) >> 26;
-  q = (h1 + q) >> 25;
-  q = (h2 + q) >> 26;
-  q = (h3 + q) >> 25;
-  q = (h4 + q) >> 26;
-  q = (h5 + q) >> 25;
-  q = (h6 + q) >> 26;
-  q = (h7 + q) >> 25;
-  q = (h8 + q) >> 26;
-  q = (h9 + q) >> 25;
-  /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
-  h0 += 19 * q;
-  /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
-  carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26;
-  carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25;
-  carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26;
-  carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25;
-  carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26;
-  carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25;
-  carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26;
-  carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25;
-  carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26;
-  carry9 = h9 >> 25;               h9 -= carry9 << 25;
-                  /* h10 = carry9 */
-  /*
-  Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
-  Have h0+...+2^230 h9 between 0 and 2^255-1;
-  evidently 2^255 h10-2^255 q = 0.
-  Goal: Output h0+...+2^230 h9.
-  */
-  s[0] = h0 >> 0;
-  s[1] = h0 >> 8;
-  s[2] = h0 >> 16;
-  s[3] = (h0 >> 24) | (h1 << 2);
-  s[4] = h1 >> 6;
-  s[5] = h1 >> 14;
-  s[6] = (h1 >> 22) | (h2 << 3);
-  s[7] = h2 >> 5;
-  s[8] = h2 >> 13;
-  s[9] = (h2 >> 21) | (h3 << 5);
-  s[10] = h3 >> 3;
-  s[11] = h3 >> 11;
-  s[12] = (h3 >> 19) | (h4 << 6);
-  s[13] = h4 >> 2;
-  s[14] = h4 >> 10;
-  s[15] = h4 >> 18;
-  s[16] = h5 >> 0;
-  s[17] = h5 >> 8;
-  s[18] = h5 >> 16;
-  s[19] = (h5 >> 24) | (h6 << 1);
-  s[20] = h6 >> 7;
-  s[21] = h6 >> 15;
-  s[22] = (h6 >> 23) | (h7 << 3);
-  s[23] = h7 >> 5;
-  s[24] = h7 >> 13;
-  s[25] = (h7 >> 21) | (h8 << 4);
-  s[26] = h8 >> 4;
-  s[27] = h8 >> 12;
-  s[28] = (h8 >> 20) | (h9 << 6);
-  s[29] = h9 >> 2;
-  s[30] = h9 >> 10;
-  s[31] = h9 >> 18;
-}

data/ext/ed25519_ref10/ge_add.c DELETED Viewed

@@ -1,11 +0,0 @@
-#include "ge.h"
-/*
-r = p + q
-*/
-void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
-  fe t0;
-#include "ge_add.h"
-}

data/ext/ed25519_ref10/ge_double_scalarmult.c DELETED Viewed

@@ -1,96 +0,0 @@
-#include "ge.h"
-static void slide(signed char *r,const unsigned char *a)
-{
-  int i;
-  int b;
-  int k;
-  for (i = 0;i < 256;++i)
-    r[i] = 1 & (a[i >> 3] >> (i & 7));
-  for (i = 0;i < 256;++i)
-    if (r[i]) {
-      for (b = 1;b <= 6 && i + b < 256;++b) {
-        if (r[i + b]) {
-          if (r[i] + (r[i + b] << b) <= 15) {
-            r[i] += r[i + b] << b; r[i + b] = 0;
-          } else if (r[i] - (r[i + b] << b) >= -15) {
-            r[i] -= r[i + b] << b;
-            for (k = i + b;k < 256;++k) {
-              if (!r[k]) {
-                r[k] = 1;
-                break;
-              }
-              r[k] = 0;
-            }
-          } else
-            break;
-        }
-      }
-    }
-}
-static ge_precomp Bi[8] = {
-#include "base2.h"
-} ;
-/*
-r = a * A + b * B
-where a = a[0]+256*a[1]+...+256^31 a[31].
-and b = b[0]+256*b[1]+...+256^31 b[31].
-B is the Ed25519 base point (x,4/5) with x positive.
-*/
-void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
-{
-  signed char aslide[256];
-  signed char bslide[256];
-  ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
-  ge_p1p1 t;
-  ge_p3 u;
-  ge_p3 A2;
-  int i;
-  slide(aslide,a);
-  slide(bslide,b);
-  ge_p3_to_cached(&Ai[0],A);
-  ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t);
-  ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u);
-  ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u);
-  ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u);
-  ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u);
-  ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u);
-  ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u);
-  ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u);
-  ge_p2_0(r);
-  for (i = 255;i >= 0;--i) {
-    if (aslide[i] || bslide[i]) break;
-  }
-  for (;i >= 0;--i) {
-    ge_p2_dbl(&t,r);
-    if (aslide[i] > 0) {
-      ge_p1p1_to_p3(&u,&t);
-      ge_add(&t,&u,&Ai[aslide[i]/2]);
-    } else if (aslide[i] < 0) {
-      ge_p1p1_to_p3(&u,&t);
-      ge_sub(&t,&u,&Ai[(-aslide[i])/2]);
-    }
-    if (bslide[i] > 0) {
-      ge_p1p1_to_p3(&u,&t);
-      ge_madd(&t,&u,&Bi[bslide[i]/2]);
-    } else if (bslide[i] < 0) {
-      ge_p1p1_to_p3(&u,&t);
-      ge_msub(&t,&u,&Bi[(-bslide[i])/2]);
-    }
-    ge_p1p1_to_p2(r,&t);
-  }
-}

data/ext/ed25519_ref10/ge_frombytes.c DELETED Viewed

@@ -1,50 +0,0 @@
-#include "ge.h"
-static const fe d = {
-#include "d.h"
-} ;
-static const fe sqrtm1 = {
-#include "sqrtm1.h"
-} ;
-int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
-{
-  fe u;
-  fe v;
-  fe v3;
-  fe vxx;
-  fe check;
-  fe_frombytes(h->Y,s);
-  fe_1(h->Z);
-  fe_sq(u,h->Y);
-  fe_mul(v,u,d);
-  fe_sub(u,u,h->Z);       /* u = y^2-1 */
-  fe_add(v,v,h->Z);       /* v = dy^2+1 */
-  fe_sq(v3,v);
-  fe_mul(v3,v3,v);        /* v3 = v^3 */
-  fe_sq(h->X,v3);
-  fe_mul(h->X,h->X,v);
-  fe_mul(h->X,h->X,u);    /* x = uv^7 */
-  fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */
-  fe_mul(h->X,h->X,v3);
-  fe_mul(h->X,h->X,u);    /* x = uv^3(uv^7)^((q-5)/8) */
-  fe_sq(vxx,h->X);
-  fe_mul(vxx,vxx,v);
-  fe_sub(check,vxx,u);    /* vx^2-u */
-  if (fe_isnonzero(check)) {
-    fe_add(check,vxx,u);  /* vx^2+u */
-    if (fe_isnonzero(check)) return -1;
-    fe_mul(h->X,h->X,sqrtm1);
-  }
-  if (fe_isnegative(h->X) == (s[31] >> 7))
-    fe_neg(h->X,h->X);
-  fe_mul(h->T,h->X,h->Y);
-  return 0;
-}

data/ext/ed25519_ref10/ge_madd.c DELETED Viewed

@@ -1,11 +0,0 @@
-#include "ge.h"
-/*
-r = p + q
-*/
-void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
-  fe t0;
-#include "ge_madd.h"
-}

data/ext/ed25519_ref10/ge_msub.c DELETED Viewed

@@ -1,11 +0,0 @@
-#include "ge.h"
-/*
-r = p - q
-*/
-void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
-  fe t0;
-#include "ge_msub.h"
-}

data/ext/ed25519_ref10/ge_p1p1_to_p2.c DELETED Viewed

@@ -1,12 +0,0 @@
-#include "ge.h"
-/*
-r = p
-*/
-extern void ge_p1p1_to_p2(ge_p2 *r,const ge_p1p1 *p)
-{
-  fe_mul(r->X,p->X,p->T);
-  fe_mul(r->Y,p->Y,p->Z);
-  fe_mul(r->Z,p->Z,p->T);
-}

data/ext/ed25519_ref10/ge_p1p1_to_p3.c DELETED Viewed

@@ -1,13 +0,0 @@
-#include "ge.h"
-/*
-r = p
-*/
-extern void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p)
-{
-  fe_mul(r->X,p->X,p->T);
-  fe_mul(r->Y,p->Y,p->Z);
-  fe_mul(r->Z,p->Z,p->T);
-  fe_mul(r->T,p->X,p->Y);
-}

data/ext/ed25519_ref10/ge_p2_0.c DELETED Viewed

@@ -1,8 +0,0 @@
-#include "ge.h"
-void ge_p2_0(ge_p2 *h)
-{
-  fe_0(h->X);
-  fe_1(h->Y);
-  fe_1(h->Z);
-}

data/ext/ed25519_ref10/ge_p2_dbl.c DELETED Viewed

@@ -1,11 +0,0 @@
-#include "ge.h"
-/*
-r = 2 * p
-*/
-void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
-{
-  fe t0;
-#include "ge_p2_dbl.h"
-}

data/ext/ed25519_ref10/ge_p3_0.c DELETED Viewed

@@ -1,9 +0,0 @@
-#include "ge.h"
-void ge_p3_0(ge_p3 *h)
-{
-  fe_0(h->X);
-  fe_1(h->Y);
-  fe_1(h->Z);
-  fe_0(h->T);
-}

data/ext/ed25519_ref10/ge_p3_dbl.c DELETED Viewed

@@ -1,12 +0,0 @@
-#include "ge.h"
-/*
-r = 2 * p
-*/
-void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p)
-{
-  ge_p2 q;
-  ge_p3_to_p2(&q,p);
-  ge_p2_dbl(r,&q);
-}

data/ext/ed25519_ref10/ge_p3_to_cached.c DELETED Viewed

@@ -1,17 +0,0 @@
-#include "ge.h"
-/*
-r = p
-*/
-static const fe d2 = {
-#include "d2.h"
-} ;
-extern void ge_p3_to_cached(ge_cached *r,const ge_p3 *p)
-{
-  fe_add(r->YplusX,p->Y,p->X);
-  fe_sub(r->YminusX,p->Y,p->X);
-  fe_copy(r->Z,p->Z);
-  fe_mul(r->T2d,p->T,d2);
-}

data/ext/ed25519_ref10/ge_p3_to_p2.c DELETED Viewed

@@ -1,12 +0,0 @@
-#include "ge.h"
-/*
-r = p
-*/
-extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p)
-{
-  fe_copy(r->X,p->X);
-  fe_copy(r->Y,p->Y);
-  fe_copy(r->Z,p->Z);
-}

data/ext/ed25519_ref10/ge_p3_tobytes.c DELETED Viewed

@@ -1,14 +0,0 @@
-#include "ge.h"
-void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
-{
-  fe recip;
-  fe x;
-  fe y;
-  fe_invert(recip,h->Z);
-  fe_mul(x,h->X,recip);
-  fe_mul(y,h->Y,recip);
-  fe_tobytes(s,y);
-  s[31] ^= fe_isnegative(x) << 7;
-}

data/ext/ed25519_ref10/ge_precomp_0.c DELETED Viewed

@@ -1,8 +0,0 @@
-#include "ge.h"
-void ge_precomp_0(ge_precomp *h)
-{
-  fe_1(h->yplusx);
-  fe_1(h->yminusx);
-  fe_0(h->xy2d);
-}

data/ext/ed25519_ref10/ge_scalarmult_base.c DELETED Viewed

@@ -1,104 +0,0 @@
-#include "ge.h"
-static uint8_t equal(int8_t b,int8_t c)
-{
-  uint8_t ub = b;
-  uint8_t uc = c;
-  uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */
-  uint32_t y = x; /* 0: yes; 1..255: no */
-  y -= 1; /* 4294967295: yes; 0..254: no */
-  y >>= 31; /* 1: yes; 0: no */
-  return y;
-}
-static uint8_t negative(int8_t b)
-{
-  unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
-  x >>= 63; /* 1: yes; 0: no */
-  return x;
-}
-static void cmov(ge_precomp *t,ge_precomp *u,int8_t b)
-{
-  fe_cmov(t->yplusx,u->yplusx,b);
-  fe_cmov(t->yminusx,u->yminusx,b);
-  fe_cmov(t->xy2d,u->xy2d,b);
-}
-/* base[i][j] = (j+1)*256^i*B */
-static ge_precomp base[32][8] = {
-#include "base.h"
-} ;
-static void select(ge_precomp *t,int pos,int8_t b)
-{
-  ge_precomp minust;
-  uint8_t bnegative = negative(b);
-  uint8_t babs = b - (((-bnegative) & b) << 1);
-  ge_precomp_0(t);
-  cmov(t,&base[pos][0],equal(babs,1));
-  cmov(t,&base[pos][1],equal(babs,2));
-  cmov(t,&base[pos][2],equal(babs,3));
-  cmov(t,&base[pos][3],equal(babs,4));
-  cmov(t,&base[pos][4],equal(babs,5));
-  cmov(t,&base[pos][5],equal(babs,6));
-  cmov(t,&base[pos][6],equal(babs,7));
-  cmov(t,&base[pos][7],equal(babs,8));
-  fe_copy(minust.yplusx,t->yminusx);
-  fe_copy(minust.yminusx,t->yplusx);
-  fe_neg(minust.xy2d,t->xy2d);
-  cmov(t,&minust,bnegative);
-}
-/*
-h = a * B
-where a = a[0]+256*a[1]+...+256^31 a[31]
-B is the Ed25519 base point (x,4/5) with x positive.
-Preconditions:
-  a[31] <= 127
-*/
-void ge_scalarmult_base(ge_p3 *h,const uint8_t *a)
-{
-  int8_t e[64];
-  int8_t carry;
-  ge_p1p1 r;
-  ge_p2 s;
-  ge_precomp t;
-  int i;
-  for (i = 0;i < 32;++i) {
-    e[2 * i + 0] = (a[i] >> 0) & 15;
-    e[2 * i + 1] = (a[i] >> 4) & 15;
-  }
-  /* each e[i] is between 0 and 15 */
-  /* e[63] is between 0 and 7 */
-  carry = 0;
-  for (i = 0;i < 63;++i) {
-    e[i] += carry;
-    carry = e[i] + 8;
-    carry >>= 4;
-    e[i] -= carry << 4;
-  }
-  e[63] += carry;
-  /* each e[i] is between -8 and 8 */
-  ge_p3_0(h);
-  for (i = 1;i < 64;i += 2) {
-    select(&t,i / 2,e[i]);
-    ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
-  }
-  ge_p3_dbl(&r,h);  ge_p1p1_to_p2(&s,&r);
-  ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
-  ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
-  ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r);
-  for (i = 0;i < 64;i += 2) {
-    select(&t,i / 2,e[i]);
-    ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
-  }
-}

data/ext/ed25519_ref10/ge_sub.c DELETED Viewed

@@ -1,11 +0,0 @@
-#include "ge.h"
-/*
-r = p - q
-*/
-void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
-  fe t0;
-#include "ge_sub.h"
-}

data/ext/ed25519_ref10/ge_tobytes.c DELETED Viewed

@@ -1,14 +0,0 @@
-#include "ge.h"
-void ge_tobytes(unsigned char *s,const ge_p2 *h)
-{
-  fe recip;
-  fe x;
-  fe y;
-  fe_invert(recip,h->Z);
-  fe_mul(x,h->X,recip);
-  fe_mul(y,h->Y,recip);
-  fe_tobytes(s,y);
-  s[31] ^= fe_isnegative(x) << 7;
-}