ed25519 1.2.2 → 1.2.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (42) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +12 -5
  3. data/README.md +2 -2
  4. data/ed25519.gemspec +1 -1
  5. data/ext/ed25519_ref10/fe.c +1085 -0
  6. data/ext/ed25519_ref10/ge.c +407 -0
  7. data/lib/ed25519/version.rb +1 -1
  8. metadata +4 -36
  9. data/ext/ed25519_ref10/fe_0.c +0 -19
  10. data/ext/ed25519_ref10/fe_1.c +0 -19
  11. data/ext/ed25519_ref10/fe_add.c +0 -57
  12. data/ext/ed25519_ref10/fe_cmov.c +0 -63
  13. data/ext/ed25519_ref10/fe_copy.c +0 -29
  14. data/ext/ed25519_ref10/fe_frombytes.c +0 -71
  15. data/ext/ed25519_ref10/fe_invert.c +0 -14
  16. data/ext/ed25519_ref10/fe_isnegative.c +0 -16
  17. data/ext/ed25519_ref10/fe_isnonzero.c +0 -19
  18. data/ext/ed25519_ref10/fe_mul.c +0 -252
  19. data/ext/ed25519_ref10/fe_neg.c +0 -45
  20. data/ext/ed25519_ref10/fe_pow22523.c +0 -13
  21. data/ext/ed25519_ref10/fe_sq.c +0 -148
  22. data/ext/ed25519_ref10/fe_sq2.c +0 -159
  23. data/ext/ed25519_ref10/fe_sub.c +0 -57
  24. data/ext/ed25519_ref10/fe_tobytes.c +0 -119
  25. data/ext/ed25519_ref10/ge_add.c +0 -11
  26. data/ext/ed25519_ref10/ge_double_scalarmult.c +0 -96
  27. data/ext/ed25519_ref10/ge_frombytes.c +0 -50
  28. data/ext/ed25519_ref10/ge_madd.c +0 -11
  29. data/ext/ed25519_ref10/ge_msub.c +0 -11
  30. data/ext/ed25519_ref10/ge_p1p1_to_p2.c +0 -12
  31. data/ext/ed25519_ref10/ge_p1p1_to_p3.c +0 -13
  32. data/ext/ed25519_ref10/ge_p2_0.c +0 -8
  33. data/ext/ed25519_ref10/ge_p2_dbl.c +0 -11
  34. data/ext/ed25519_ref10/ge_p3_0.c +0 -9
  35. data/ext/ed25519_ref10/ge_p3_dbl.c +0 -12
  36. data/ext/ed25519_ref10/ge_p3_to_cached.c +0 -17
  37. data/ext/ed25519_ref10/ge_p3_to_p2.c +0 -12
  38. data/ext/ed25519_ref10/ge_p3_tobytes.c +0 -14
  39. data/ext/ed25519_ref10/ge_precomp_0.c +0 -8
  40. data/ext/ed25519_ref10/ge_scalarmult_base.c +0 -104
  41. data/ext/ed25519_ref10/ge_sub.c +0 -11
  42. data/ext/ed25519_ref10/ge_tobytes.c +0 -14
data/ext/ed25519_ref10/ge_add.c DELETED
@@ -1,11 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = p + q
5
- */
6
-
7
- void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
8
- {
9
- fe t0;
10
- #include "ge_add.h"
11
- }
data/ext/ed25519_ref10/ge_double_scalarmult.c DELETED
@@ -1,96 +0,0 @@
1
- #include "ge.h"
2
-
3
- static void slide(signed char *r,const unsigned char *a)
4
- {
5
- int i;
6
- int b;
7
- int k;
8
-
9
- for (i = 0;i < 256;++i)
10
- r[i] = 1 & (a[i >> 3] >> (i & 7));
11
-
12
- for (i = 0;i < 256;++i)
13
- if (r[i]) {
14
- for (b = 1;b <= 6 && i + b < 256;++b) {
15
- if (r[i + b]) {
16
- if (r[i] + (r[i + b] << b) <= 15) {
17
- r[i] += r[i + b] << b; r[i + b] = 0;
18
- } else if (r[i] - (r[i + b] << b) >= -15) {
19
- r[i] -= r[i + b] << b;
20
- for (k = i + b;k < 256;++k) {
21
- if (!r[k]) {
22
- r[k] = 1;
23
- break;
24
- }
25
- r[k] = 0;
26
- }
27
- } else
28
- break;
29
- }
30
- }
31
- }
32
-
33
- }
34
-
35
- static ge_precomp Bi[8] = {
36
- #include "base2.h"
37
- } ;
38
-
39
- /*
40
- r = a * A + b * B
41
- where a = a[0]+256*a[1]+...+256^31 a[31].
42
- and b = b[0]+256*b[1]+...+256^31 b[31].
43
- B is the Ed25519 base point (x,4/5) with x positive.
44
- */
45
-
46
- void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
47
- {
48
- signed char aslide[256];
49
- signed char bslide[256];
50
- ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
51
- ge_p1p1 t;
52
- ge_p3 u;
53
- ge_p3 A2;
54
- int i;
55
-
56
- slide(aslide,a);
57
- slide(bslide,b);
58
-
59
- ge_p3_to_cached(&Ai[0],A);
60
- ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t);
61
- ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u);
62
- ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u);
63
- ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u);
64
- ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u);
65
- ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u);
66
- ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u);
67
- ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u);
68
-
69
- ge_p2_0(r);
70
-
71
- for (i = 255;i >= 0;--i) {
72
- if (aslide[i] || bslide[i]) break;
73
- }
74
-
75
- for (;i >= 0;--i) {
76
- ge_p2_dbl(&t,r);
77
-
78
- if (aslide[i] > 0) {
79
- ge_p1p1_to_p3(&u,&t);
80
- ge_add(&t,&u,&Ai[aslide[i]/2]);
81
- } else if (aslide[i] < 0) {
82
- ge_p1p1_to_p3(&u,&t);
83
- ge_sub(&t,&u,&Ai[(-aslide[i])/2]);
84
- }
85
-
86
- if (bslide[i] > 0) {
87
- ge_p1p1_to_p3(&u,&t);
88
- ge_madd(&t,&u,&Bi[bslide[i]/2]);
89
- } else if (bslide[i] < 0) {
90
- ge_p1p1_to_p3(&u,&t);
91
- ge_msub(&t,&u,&Bi[(-bslide[i])/2]);
92
- }
93
-
94
- ge_p1p1_to_p2(r,&t);
95
- }
96
- }
data/ext/ed25519_ref10/ge_frombytes.c DELETED
@@ -1,50 +0,0 @@
1
- #include "ge.h"
2
-
3
- static const fe d = {
4
- #include "d.h"
5
- } ;
6
-
7
- static const fe sqrtm1 = {
8
- #include "sqrtm1.h"
9
- } ;
10
-
11
- int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
12
- {
13
- fe u;
14
- fe v;
15
- fe v3;
16
- fe vxx;
17
- fe check;
18
-
19
- fe_frombytes(h->Y,s);
20
- fe_1(h->Z);
21
- fe_sq(u,h->Y);
22
- fe_mul(v,u,d);
23
- fe_sub(u,u,h->Z); /* u = y^2-1 */
24
- fe_add(v,v,h->Z); /* v = dy^2+1 */
25
-
26
- fe_sq(v3,v);
27
- fe_mul(v3,v3,v); /* v3 = v^3 */
28
- fe_sq(h->X,v3);
29
- fe_mul(h->X,h->X,v);
30
- fe_mul(h->X,h->X,u); /* x = uv^7 */
31
-
32
- fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */
33
- fe_mul(h->X,h->X,v3);
34
- fe_mul(h->X,h->X,u); /* x = uv^3(uv^7)^((q-5)/8) */
35
-
36
- fe_sq(vxx,h->X);
37
- fe_mul(vxx,vxx,v);
38
- fe_sub(check,vxx,u); /* vx^2-u */
39
- if (fe_isnonzero(check)) {
40
- fe_add(check,vxx,u); /* vx^2+u */
41
- if (fe_isnonzero(check)) return -1;
42
- fe_mul(h->X,h->X,sqrtm1);
43
- }
44
-
45
- if (fe_isnegative(h->X) == (s[31] >> 7))
46
- fe_neg(h->X,h->X);
47
-
48
- fe_mul(h->T,h->X,h->Y);
49
- return 0;
50
- }
data/ext/ed25519_ref10/ge_madd.c DELETED
@@ -1,11 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = p + q
5
- */
6
-
7
- void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
8
- {
9
- fe t0;
10
- #include "ge_madd.h"
11
- }
data/ext/ed25519_ref10/ge_msub.c DELETED
@@ -1,11 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = p - q
5
- */
6
-
7
- void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
8
- {
9
- fe t0;
10
- #include "ge_msub.h"
11
- }
data/ext/ed25519_ref10/ge_p1p1_to_p2.c DELETED
@@ -1,12 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = p
5
- */
6
-
7
- extern void ge_p1p1_to_p2(ge_p2 *r,const ge_p1p1 *p)
8
- {
9
- fe_mul(r->X,p->X,p->T);
10
- fe_mul(r->Y,p->Y,p->Z);
11
- fe_mul(r->Z,p->Z,p->T);
12
- }
data/ext/ed25519_ref10/ge_p1p1_to_p3.c DELETED
@@ -1,13 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = p
5
- */
6
-
7
- extern void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p)
8
- {
9
- fe_mul(r->X,p->X,p->T);
10
- fe_mul(r->Y,p->Y,p->Z);
11
- fe_mul(r->Z,p->Z,p->T);
12
- fe_mul(r->T,p->X,p->Y);
13
- }
data/ext/ed25519_ref10/ge_p2_0.c DELETED
@@ -1,8 +0,0 @@
1
- #include "ge.h"
2
-
3
- void ge_p2_0(ge_p2 *h)
4
- {
5
- fe_0(h->X);
6
- fe_1(h->Y);
7
- fe_1(h->Z);
8
- }
data/ext/ed25519_ref10/ge_p2_dbl.c DELETED
@@ -1,11 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = 2 * p
5
- */
6
-
7
- void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
8
- {
9
- fe t0;
10
- #include "ge_p2_dbl.h"
11
- }
data/ext/ed25519_ref10/ge_p3_0.c DELETED
@@ -1,9 +0,0 @@
1
- #include "ge.h"
2
-
3
- void ge_p3_0(ge_p3 *h)
4
- {
5
- fe_0(h->X);
6
- fe_1(h->Y);
7
- fe_1(h->Z);
8
- fe_0(h->T);
9
- }
data/ext/ed25519_ref10/ge_p3_dbl.c DELETED
@@ -1,12 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = 2 * p
5
- */
6
-
7
- void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p)
8
- {
9
- ge_p2 q;
10
- ge_p3_to_p2(&q,p);
11
- ge_p2_dbl(r,&q);
12
- }
data/ext/ed25519_ref10/ge_p3_to_cached.c DELETED
@@ -1,17 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = p
5
- */
6
-
7
- static const fe d2 = {
8
- #include "d2.h"
9
- } ;
10
-
11
- extern void ge_p3_to_cached(ge_cached *r,const ge_p3 *p)
12
- {
13
- fe_add(r->YplusX,p->Y,p->X);
14
- fe_sub(r->YminusX,p->Y,p->X);
15
- fe_copy(r->Z,p->Z);
16
- fe_mul(r->T2d,p->T,d2);
17
- }
data/ext/ed25519_ref10/ge_p3_to_p2.c DELETED
@@ -1,12 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = p
5
- */
6
-
7
- extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p)
8
- {
9
- fe_copy(r->X,p->X);
10
- fe_copy(r->Y,p->Y);
11
- fe_copy(r->Z,p->Z);
12
- }
data/ext/ed25519_ref10/ge_p3_tobytes.c DELETED
@@ -1,14 +0,0 @@
1
- #include "ge.h"
2
-
3
- void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
4
- {
5
- fe recip;
6
- fe x;
7
- fe y;
8
-
9
- fe_invert(recip,h->Z);
10
- fe_mul(x,h->X,recip);
11
- fe_mul(y,h->Y,recip);
12
- fe_tobytes(s,y);
13
- s[31] ^= fe_isnegative(x) << 7;
14
- }
data/ext/ed25519_ref10/ge_precomp_0.c DELETED
@@ -1,8 +0,0 @@
1
- #include "ge.h"
2
-
3
- void ge_precomp_0(ge_precomp *h)
4
- {
5
- fe_1(h->yplusx);
6
- fe_1(h->yminusx);
7
- fe_0(h->xy2d);
8
- }
data/ext/ed25519_ref10/ge_scalarmult_base.c DELETED
@@ -1,104 +0,0 @@
1
- #include "ge.h"
2
-
3
- static uint8_t equal(int8_t b,int8_t c)
4
- {
5
- uint8_t ub = b;
6
- uint8_t uc = c;
7
- uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */
8
- uint32_t y = x; /* 0: yes; 1..255: no */
9
- y -= 1; /* 4294967295: yes; 0..254: no */
10
- y >>= 31; /* 1: yes; 0: no */
11
- return y;
12
- }
13
-
14
- static uint8_t negative(int8_t b)
15
- {
16
- unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
17
- x >>= 63; /* 1: yes; 0: no */
18
- return x;
19
- }
20
-
21
- static void cmov(ge_precomp *t,ge_precomp *u,int8_t b)
22
- {
23
- fe_cmov(t->yplusx,u->yplusx,b);
24
- fe_cmov(t->yminusx,u->yminusx,b);
25
- fe_cmov(t->xy2d,u->xy2d,b);
26
- }
27
-
28
- /* base[i][j] = (j+1)*256^i*B */
29
- static ge_precomp base[32][8] = {
30
- #include "base.h"
31
- } ;
32
-
33
- static void select(ge_precomp *t,int pos,int8_t b)
34
- {
35
- ge_precomp minust;
36
- uint8_t bnegative = negative(b);
37
- uint8_t babs = b - (((-bnegative) & b) << 1);
38
-
39
- ge_precomp_0(t);
40
- cmov(t,&base[pos][0],equal(babs,1));
41
- cmov(t,&base[pos][1],equal(babs,2));
42
- cmov(t,&base[pos][2],equal(babs,3));
43
- cmov(t,&base[pos][3],equal(babs,4));
44
- cmov(t,&base[pos][4],equal(babs,5));
45
- cmov(t,&base[pos][5],equal(babs,6));
46
- cmov(t,&base[pos][6],equal(babs,7));
47
- cmov(t,&base[pos][7],equal(babs,8));
48
- fe_copy(minust.yplusx,t->yminusx);
49
- fe_copy(minust.yminusx,t->yplusx);
50
- fe_neg(minust.xy2d,t->xy2d);
51
- cmov(t,&minust,bnegative);
52
- }
53
-
54
- /*
55
- h = a * B
56
- where a = a[0]+256*a[1]+...+256^31 a[31]
57
- B is the Ed25519 base point (x,4/5) with x positive.
58
-
59
- Preconditions:
60
- a[31] <= 127
61
- */
62
-
63
- void ge_scalarmult_base(ge_p3 *h,const uint8_t *a)
64
- {
65
- int8_t e[64];
66
- int8_t carry;
67
- ge_p1p1 r;
68
- ge_p2 s;
69
- ge_precomp t;
70
- int i;
71
-
72
- for (i = 0;i < 32;++i) {
73
- e[2 * i + 0] = (a[i] >> 0) & 15;
74
- e[2 * i + 1] = (a[i] >> 4) & 15;
75
- }
76
- /* each e[i] is between 0 and 15 */
77
- /* e[63] is between 0 and 7 */
78
-
79
- carry = 0;
80
- for (i = 0;i < 63;++i) {
81
- e[i] += carry;
82
- carry = e[i] + 8;
83
- carry >>= 4;
84
- e[i] -= carry << 4;
85
- }
86
- e[63] += carry;
87
- /* each e[i] is between -8 and 8 */
88
-
89
- ge_p3_0(h);
90
- for (i = 1;i < 64;i += 2) {
91
- select(&t,i / 2,e[i]);
92
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
93
- }
94
-
95
- ge_p3_dbl(&r,h); ge_p1p1_to_p2(&s,&r);
96
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
97
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
98
- ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r);
99
-
100
- for (i = 0;i < 64;i += 2) {
101
- select(&t,i / 2,e[i]);
102
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
103
- }
104
- }
data/ext/ed25519_ref10/ge_sub.c DELETED
@@ -1,11 +0,0 @@
1
- #include "ge.h"
2
-
3
- /*
4
- r = p - q
5
- */
6
-
7
- void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
8
- {
9
- fe t0;
10
- #include "ge_sub.h"
11
- }
data/ext/ed25519_ref10/ge_tobytes.c DELETED
@@ -1,14 +0,0 @@
1
- #include "ge.h"
2
-
3
- void ge_tobytes(unsigned char *s,const ge_p2 *h)
4
- {
5
- fe recip;
6
- fe x;
7
- fe y;
8
-
9
- fe_invert(recip,h->Z);
10
- fe_mul(x,h->X,recip);
11
- fe_mul(y,h->Y,recip);
12
- fe_tobytes(s,y);
13
- s[31] ^= fe_isnegative(x) << 7;
14
- }