RubyGems - rbnacl-libsodium - Versions diffs - 1.0.6 → 1.0.7 - Mend

rbnacl-libsodium 1.0.6 → 1.0.7

Files changed (243) hide show

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519.h DELETED

@@ -1,34 +0,0 @@
-#ifndef GE25519_H
-#define GE25519_H
-#include "fe25519.h"
-#include "sc25519.h"
-#define ge25519 crypto_sign_edwards25519sha512batch_ge25519
-#define ge25519_unpack_vartime crypto_sign_edwards25519sha512batch_ge25519_unpack_vartime
-#define ge25519_pack crypto_sign_edwards25519sha512batch_ge25519_pack
-#define ge25519_add crypto_sign_edwards25519sha512batch_ge25519_add
-#define ge25519_double crypto_sign_edwards25519sha512batch_ge25519_double
-#define ge25519_scalarmult crypto_sign_edwards25519sha512batch_ge25519_scalarmult
-#define ge25519_scalarmult_base crypto_sign_edwards25519sha512batch_ge25519_scalarmult_base
-typedef struct {
-  fe25519 x;
-  fe25519 y;
-  fe25519 z;
-  fe25519 t;
-} ge25519;
-int ge25519_unpack_vartime(ge25519 *r, const unsigned char p[32]);
-void ge25519_pack(unsigned char r[32], const ge25519 *p);
-void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q);
-void ge25519_double(ge25519 *r, const ge25519 *p);
-void ge25519_scalarmult(ge25519 *r, const ge25519 *p, const sc25519 *s);
-void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
-#endif

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519_edwards25519sha512batch.c DELETED

@@ -1,230 +0,0 @@
-#include "fe25519.h"
-#include "sc25519.h"
-#include "ge25519.h"
-/*
- * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2
- * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555
- * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960);
- */
-typedef struct
-{
-  fe25519 x;
-  fe25519 z;
-  fe25519 y;
-  fe25519 t;
-} ge25519_p1p1;
-typedef struct
-{
-  fe25519 x;
-  fe25519 y;
-  fe25519 z;
-} ge25519_p2;
-#define ge25519_p3 ge25519
-/* Windowsize for fixed-window scalar multiplication */
-#define WINDOWSIZE 2                      /* Should be 1,2, or 4 */
-#define WINDOWMASK ((1<<WINDOWSIZE)-1)
-/* packed parameter d in the Edwards curve equation */
-static const unsigned char ecd[32] = {0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00,
-                                      0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52};
-/* Packed coordinates of the base point */
-static const unsigned char ge25519_base_x[32] = {0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69,
-                                                 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21};
-static const unsigned char ge25519_base_y[32] = {0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
-                                                 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66};
-static const unsigned char ge25519_base_z[32] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
-static const unsigned char ge25519_base_t[32] = {0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20,
-                                                 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67};
-/* Packed coordinates of the neutral element */
-static const unsigned char ge25519_neutral_x[32] = {0};
-static const unsigned char ge25519_neutral_y[32] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
-static const unsigned char ge25519_neutral_z[32] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
-static const unsigned char ge25519_neutral_t[32] = {0};
-static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p)
-{
-  fe25519_mul(&r->x, &p->x, &p->t);
-  fe25519_mul(&r->y, &p->y, &p->z);
-  fe25519_mul(&r->z, &p->z, &p->t);
-}
-static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p)
-{
-  p1p1_to_p2((ge25519_p2 *)r, p);
-  fe25519_mul(&r->t, &p->x, &p->y);
-}
-/* Constant-time version of: if(b) r = p */
-static void cmov_p3(ge25519_p3 *r, const ge25519_p3 *p, unsigned char b)
-{
-  fe25519_cmov(&r->x, &p->x, b);
-  fe25519_cmov(&r->y, &p->y, b);
-  fe25519_cmov(&r->z, &p->z, b);
-  fe25519_cmov(&r->t, &p->t, b);
-}
-/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */
-static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p)
-{
-  fe25519 a,b,c,d;
-  fe25519_square(&a, &p->x);
-  fe25519_square(&b, &p->y);
-  fe25519_square(&c, &p->z);
-  fe25519_add(&c, &c, &c);
-  fe25519_neg(&d, &a);
-  fe25519_add(&r->x, &p->x, &p->y);
-  fe25519_square(&r->x, &r->x);
-  fe25519_sub(&r->x, &r->x, &a);
-  fe25519_sub(&r->x, &r->x, &b);
-  fe25519_add(&r->z, &d, &b);
-  fe25519_sub(&r->t, &r->z, &c);
-  fe25519_sub(&r->y, &d, &b);
-}
-static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q)
-{
-  fe25519 a, b, c, d, t, fd;
-  fe25519_unpack(&fd, ecd);
-  fe25519_sub(&a, &p->y, &p->x); // A = (Y1-X1)*(Y2-X2)
-  fe25519_sub(&t, &q->y, &q->x);
-  fe25519_mul(&a, &a, &t);
-  fe25519_add(&b, &p->x, &p->y); // B = (Y1+X1)*(Y2+X2)
-  fe25519_add(&t, &q->x, &q->y);
-  fe25519_mul(&b, &b, &t);
-  fe25519_mul(&c, &p->t, &q->t); //C = T1*k*T2
-  fe25519_mul(&c, &c, &fd);
-  fe25519_add(&c, &c, &c);       //XXX: Can save this addition by precomputing 2*ecd
-  fe25519_mul(&d, &p->z, &q->z); //D = Z1*2*Z2
-  fe25519_add(&d, &d, &d);
-  fe25519_sub(&r->x, &b, &a); // E = B-A
-  fe25519_sub(&r->t, &d, &c); // F = D-C
-  fe25519_add(&r->z, &d, &c); // G = D+C
-  fe25519_add(&r->y, &b, &a); // H = B+A
-}
-/* ********************************************************************
- *                    EXPORTED FUNCTIONS
- ******************************************************************** */
-/* return 0 on success, -1 otherwise */
-int ge25519_unpack_vartime(ge25519_p3 *r, const unsigned char p[32])
-{
-  int ret;
-  fe25519 t, fd;
-  unsigned char par;
-  fe25519_setone(&r->z);
-  fe25519_unpack(&fd, ecd);
-  par = p[31] >> 7;
-  fe25519_unpack(&r->y, p);
-  fe25519_square(&r->x, &r->y);
-  fe25519_mul(&t, &r->x, &fd);
-  fe25519_sub(&r->x, &r->x, &r->z);
-  fe25519_add(&t, &r->z, &t);
-  fe25519_invert(&t, &t);
-  fe25519_mul(&r->x, &r->x, &t);
-  ret = fe25519_sqrt_vartime(&r->x, &r->x, par);
-  fe25519_mul(&r->t, &r->x, &r->y);
-  return ret;
-}
-void ge25519_pack(unsigned char r[32], const ge25519_p3 *p)
-{
-  fe25519 tx, ty, zi;
-  fe25519_invert(&zi, &p->z);
-  fe25519_mul(&tx, &p->x, &zi);
-  fe25519_mul(&ty, &p->y, &zi);
-  fe25519_pack(r, &ty);
-  r[31] ^= fe25519_getparity(&tx) << 7;
-}
-void ge25519_add(ge25519_p3 *r, const ge25519_p3 *p, const ge25519_p3 *q)
-{
-  ge25519_p1p1 grp1p1;
-  add_p1p1(&grp1p1, p, q);
-  p1p1_to_p3(r, &grp1p1);
-}
-void ge25519_double(ge25519_p3 *r, const ge25519_p3 *p)
-{
-  ge25519_p1p1 grp1p1;
-  dbl_p1p1(&grp1p1, (const ge25519_p2 *)p);
-  p1p1_to_p3(r, &grp1p1);
-}
-void ge25519_scalarmult(ge25519_p3 *r, const ge25519_p3 *p, const sc25519 *s)
-{
-  int i,j,k;
-  ge25519_p3 g;
-  ge25519_p3 pre[(1 << WINDOWSIZE)];
-  ge25519_p3 t;
-  ge25519_p1p1 tp1p1;
-  unsigned char w;
-  unsigned char sb[32];
-  fe25519_unpack(&g.x, ge25519_neutral_x);
-  fe25519_unpack(&g.y, ge25519_neutral_y);
-  fe25519_unpack(&g.z, ge25519_neutral_z);
-  fe25519_unpack(&g.t, ge25519_neutral_t);
-  sc25519_to32bytes(sb, s);
-  // Precomputation
-  pre[0] = g;
-  pre[1] = *p;
-  for(i=2;i<(1<<WINDOWSIZE);i+=2)
-  {
-    dbl_p1p1(&tp1p1, (ge25519_p2 *)(pre+i/2));
-    p1p1_to_p3(pre+i, &tp1p1);
-    add_p1p1(&tp1p1, pre+i, pre+1);
-    p1p1_to_p3(pre+i+1, &tp1p1);
-  }
-  // Fixed-window scalar multiplication
-  for(i=32;i>0;i--)
-  {
-    for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE)
-    {
-      for(k=0;k<WINDOWSIZE-1;k++)
-      {
-        dbl_p1p1(&tp1p1, (ge25519_p2 *)&g);
-        p1p1_to_p2((ge25519_p2 *)&g, &tp1p1);
-      }
-      dbl_p1p1(&tp1p1, (ge25519_p2 *)&g);
-      p1p1_to_p3(&g, &tp1p1);
-      // Cache-timing resistant loading of precomputed value:
-      w = (sb[i-1]>>j) & WINDOWMASK;
-      t = pre[0];
-      for(k=1;k<(1<<WINDOWSIZE);k++)
-        cmov_p3(&t, &pre[k], k==w);
-      add_p1p1(&tp1p1, &g, &t);
-      if(j != 0) p1p1_to_p2((ge25519_p2 *)&g, &tp1p1);
-      else p1p1_to_p3(&g, &tp1p1); /* convert to p3 representation at the end */
-    }
-  }
-  r->x = g.x;
-  r->y = g.y;
-  r->z = g.z;
-  r->t = g.t;
-}
-void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s)
-{
-  /* XXX: Better algorithm for known-base-point scalar multiplication */
-  ge25519_p3 t;
-  fe25519_unpack(&t.x, ge25519_base_x);
-  fe25519_unpack(&t.y, ge25519_base_y);
-  fe25519_unpack(&t.z, ge25519_base_z);
-  fe25519_unpack(&t.t, ge25519_base_t);
-  ge25519_scalarmult(r, &t, s);
-}

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519.h DELETED

@@ -1,51 +0,0 @@
-#ifndef SC25519_H
-#define SC25519_H
-#define sc25519 crypto_sign_edwards25519sha512batch_sc25519
-#define sc25519_from32bytes crypto_sign_edwards25519sha512batch_sc25519_from32bytes
-#define sc25519_from64bytes crypto_sign_edwards25519sha512batch_sc25519_from64bytes
-#define sc25519_to32bytes crypto_sign_edwards25519sha512batch_sc25519_to32bytes
-#define sc25519_pack crypto_sign_edwards25519sha512batch_sc25519_pack
-#define sc25519_getparity crypto_sign_edwards25519sha512batch_sc25519_getparity
-#define sc25519_setone crypto_sign_edwards25519sha512batch_sc25519_setone
-#define sc25519_setzero crypto_sign_edwards25519sha512batch_sc25519_setzero
-#define sc25519_neg crypto_sign_edwards25519sha512batch_sc25519_neg
-#define sc25519_add crypto_sign_edwards25519sha512batch_sc25519_add
-#define sc25519_sub crypto_sign_edwards25519sha512batch_sc25519_sub
-#define sc25519_mul crypto_sign_edwards25519sha512batch_sc25519_mul
-#define sc25519_square crypto_sign_edwards25519sha512batch_sc25519_square
-#define sc25519_invert crypto_sign_edwards25519sha512batch_sc25519_invert
-#include "crypto_uint32.h"
-typedef struct {
-  crypto_uint32 v[32];
-} sc25519;
-void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
-void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]);
-void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
-void sc25519_pack(unsigned char r[32], const sc25519 *x);
-unsigned char sc25519_getparity(const sc25519 *x);
-void sc25519_setone(sc25519 *r);
-void sc25519_setzero(sc25519 *r);
-void sc25519_neg(sc25519 *r, const sc25519 *x);
-void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
-void sc25519_sub(sc25519 *r, const sc25519 *x, const sc25519 *y);
-void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);
-void sc25519_square(sc25519 *r, const sc25519 *x);
-void sc25519_invert(sc25519 *r, const sc25519 *x);
-#endif

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519_edwards25519sha512batch.c DELETED

@@ -1,150 +0,0 @@
-#include "sc25519.h"
-/*Arithmetic modulo the group order n = 2^252 +  27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */
-static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14,
-                                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10};
-static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21,
-                                     0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F};
-/* Reduce coefficients of r before calling reduce_add_sub */
-static void reduce_add_sub(sc25519 *r)
-{
-  int i, b, pb=0, nb;
-  unsigned char t[32];
-  for(i=0;i<32;i++)
-  {
-    b = (r->v[i]<pb+m[i]);
-    t[i] = r->v[i]-pb-m[i]+b*256;
-    pb = b;
-  }
-  nb = 1-b;
-  for(i=0;i<32;i++)
-    r->v[i] = r->v[i]*b + t[i]*nb;
-}
-/* Reduce coefficients of x before calling barrett_reduce */
-static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
-{
-  /* See HAC, Alg. 14.42 */
-  int i,j;
-  crypto_uint32 q2[66] = {0};
-  crypto_uint32 *q3 = q2 + 33;
-  crypto_uint32 r1[33];
-  crypto_uint32 r2[33] = {0};
-  crypto_uint32 carry;
-  int b, pb=0;
-  for(i=0;i<33;i++)
-    for(j=0;j<33;j++)
-      if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
-  carry = q2[31] >> 8;
-  q2[32] += carry;
-  carry = q2[32] >> 8;
-  q2[33] += carry;
-  for(i=0;i<33;i++)r1[i] = x[i];
-  for(i=0;i<32;i++) {
-    for(j=0;j<33;j++) {
-      if(i+j < 33) {
-          /* coverity[overrun-local] */
-          r2[i+j] += m[i]*q3[j];
-      }
-    }
-  }
-  for(i=0;i<32;i++)
-  {
-    carry = r2[i] >> 8;
-    r2[i+1] += carry;
-    r2[i] &= 0xff;
-  }
-  for(i=0;i<32;i++)
-  {
-    b = (r1[i]<pb+r2[i]);
-    r->v[i] = r1[i]-pb-r2[i]+b*256;
-    pb = b;
-  }
-  /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3
-   * If so: Handle  it here!
-   */
-  reduce_add_sub(r);
-  reduce_add_sub(r);
-}
-/*
-static int iszero(const sc25519 *x)
-{
-  // Implement
-  return 0;
-}
-*/
-void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
-{
-  int i;
-  crypto_uint32 t[64] = {0};
-  for(i=0;i<32;i++) t[i] = x[i];
-  barrett_reduce(r, t);
-}
-void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
-{
-  int i;
-  crypto_uint32 t[64] = {0};
-  for(i=0;i<64;i++) t[i] = x[i];
-  barrett_reduce(r, t);
-}
-/* XXX: What we actually want for crypto_group is probably just something like
- * void sc25519_frombytes(sc25519 *r, const unsigned char *x, size_t xlen)
- */
-void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
-{
-  int i;
-  for(i=0;i<32;i++) r[i] = x->v[i];
-}
-void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y)
-{
-  int i, carry;
-  for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
-  for(i=0;i<31;i++)
-  {
-    carry = r->v[i] >> 8;
-    r->v[i+1] += carry;
-    r->v[i] &= 0xff;
-  }
-  reduce_add_sub(r);
-}
-void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
-{
-  int i,j,carry;
-  crypto_uint32 t[64];
-  for(i=0;i<64;i++)t[i] = 0;
-  for(i=0;i<32;i++)
-    for(j=0;j<32;j++)
-      t[i+j] += x->v[i] * y->v[j];
-  /* Reduce coefficients */
-  for(i=0;i<63;i++)
-  {
-    carry = t[i] >> 8;
-    t[i+1] += carry;
-    t[i] &= 0xff;
-  }
-  barrett_reduce(r, t);
-}
-void sc25519_square(sc25519 *r, const sc25519 *x)
-{
-  sc25519_mul(r, x, x);
-}