x25519 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 15e4b54930cad9efae470089ed69b14837394163
-  data.tar.gz: b64d42b7a3d9f39ebc2668ce489799ba2f849bef
+  metadata.gz: 25356788bb752f943f14d47eb09477c80e8831f3
+  data.tar.gz: c90ad445482d6d376bb957187ba1c01a4ade1c7d
 SHA512:
-  metadata.gz: f1ccbe8cf45e64fa096399e1814059078a52c0148f51e299abf3b6faeeea88b81c5e913c668a467df999393bbe99ba5dbb67914094b6eda2634bb52690d4421d
-  data.tar.gz: 910e1e2d8a354c4d19a0c8b4bba50f4e452c64addcf7119f9359786eb640d94f73abfd1916ebaeb48fef8c77e034798afb337b1a10c64ce74587880232f0d548
+  metadata.gz: e16c1bfd49e7dd844676159714e6145d357259002800a1033b7993c7ac4049e238dba7c5b8aa1bdff12dced90dfc5a5e70caaf054a3f401eed6efdcd9da7d12f
+  data.tar.gz: 173e2fecb31f6b0bc09287fe9d7b7bba563e2cac1ca8b9877290b86241cd7cbbb0b4c8d20f212c2dfd777327a50ef6ac403966f9babac4ced0c38fddc4bfba60

data/CHANGES.md

@@ -1,3 +1,10 @@
+# [0.2.0] (2017-12-12)
+
+[0.2.0]: https://github.com/cryptosphere/x25519/compare/v0.1.0...v0.2.0
+
+* [#5](https://github.com/cryptosphere/x25519/pull/5)
+  Rewrite gem in Ruby with minimal native extensions
+
 # 0.1.0 (2017-12-11)
 
 * Initial release

data/Rakefile

@@ -6,8 +6,10 @@ require "rake/clean"
 CLEAN.include("**/*.o", "**/*.so", "**/*.bundle", "pkg", "tmp")
 
 require "rake/extensiontask"
-Rake::ExtensionTask.new("x25519") do |ext|
-  ext.ext_dir = "ext/x25519"
+%w[precomputed ref10].each do |provider|
+  Rake::ExtensionTask.new("x25519_#{provider}") do |ext|
+    ext.ext_dir = "ext/x25519_#{provider}"
+  end
 end
 
 require "rspec/core/rake_task"

data/ext/x25519_precomputed/extconf.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# rubocop:disable Style/GlobalVars
+
+require "mkmf"
+
+$CFLAGS << " -Wall -O3 -pedantic -std=c99 -mbmi -mbmi2 -march=native -mtune=native"
+
+create_makefile "x25519_precomputed"

data/ext/x25519_precomputed/x25519_precomputed.c

@@ -0,0 +1,86 @@
+/*
+Ruby C extension providing bindings to the rfc7748_precomputed implementation of
+the X25519 Diffie-Hellman algorithm
+*/
+
+#include "ruby.h"
+#include "x25519_precomputed.h"
+
+static VALUE mX25519 = Qnil;
+static VALUE mX25519_Precomputed = Qnil;
+
+static VALUE mX25519_Scalar_multiply(VALUE self, VALUE scalar, VALUE montgomery_u);
+static VALUE mX25519_Scalar_multiply_base(VALUE self, VALUE scalar);
+static VALUE mX25519_is_available(VALUE self);
+
+/* Initialize the x25519_precomputed C extension */
+void Init_x25519_precomputed()
+{
+    mX25519 = rb_define_module("X25519");
+    mX25519_Precomputed = rb_define_module_under(mX25519, "Precomputed");
+
+    rb_define_singleton_method(mX25519_Precomputed, "multiply", mX25519_Scalar_multiply, 2);
+    rb_define_singleton_method(mX25519_Precomputed, "multiply_base", mX25519_Scalar_multiply_base, 1);
+    rb_define_singleton_method(mX25519_Precomputed, "available?", mX25519_is_available, 0);
+}
+
+/* Variable-base scalar multiplication */
+static VALUE mX25519_Scalar_multiply(VALUE self, VALUE scalar, VALUE montgomery_u)
+{
+    /* X25519_KEY ensures inputs are aligned at 32-bytes */
+    X25519_KEY raw_scalar, raw_montgomery_u, product;
+
+    StringValue(scalar);
+    if(RSTRING_LEN(scalar) != X25519_KEYSIZE_BYTES) {
+        rb_raise(
+            rb_eArgError,
+            "expected %d-byte scalar, got %ld",
+            X25519_KEYSIZE_BYTES,
+            RSTRING_LEN(scalar)
+        );
+    }
+
+    StringValue(montgomery_u);
+    if(RSTRING_LEN(montgomery_u) != X25519_KEYSIZE_BYTES) {
+        rb_raise(
+            rb_eArgError,
+            "expected %d-byte Montgomery-u coordinate, got %ld",
+            X25519_KEYSIZE_BYTES,
+            RSTRING_LEN(montgomery_u)
+        );
+    }
+
+    memcpy(raw_scalar, RSTRING_PTR(scalar), X25519_KEYSIZE_BYTES);
+    memcpy(raw_montgomery_u, RSTRING_PTR(montgomery_u), X25519_KEYSIZE_BYTES);
+    x25519_precomputed_scalarmult(product, raw_scalar, raw_montgomery_u);
+
+    return rb_str_new((const char *)product, X25519_KEYSIZE_BYTES);
+}
+
+/* Fixed-base scalar multiplication */
+static VALUE mX25519_Scalar_multiply_base(VALUE self, VALUE scalar)
+{
+    /* X25519_KEY ensures inputs are aligned at 32-bytes */
+    X25519_KEY raw_scalar, product;
+
+    StringValue(scalar);
+    if(RSTRING_LEN(scalar) != X25519_KEYSIZE_BYTES) {
+        rb_raise(
+            rb_eArgError,
+            "expected %d-byte scalar, got %ld",
+            X25519_KEYSIZE_BYTES,
+            RSTRING_LEN(scalar)
+        );
+    }
+
+    memcpy(raw_scalar, RSTRING_PTR(scalar), X25519_KEYSIZE_BYTES);
+    x25519_precomputed_scalarmult_base(product, raw_scalar);
+
+    return rb_str_new((const char *)product, X25519_KEYSIZE_BYTES);
+}
+
+/* Is the x25519_precomputed backend supported on this CPU? */
+static VALUE mX25519_is_available(VALUE self)
+{
+    return check_4th_gen_intel_core_features() ? Qtrue : Qfalse;
+}

data/ext/{x25519/rfc7748_precomputed/rfc7748_precomputed.h → x25519_precomputed/x25519_precomputed.h}

@@ -30,4 +30,8 @@
 #define X25519_KEYSIZE_BYTES 32
 typedef ALIGN uint8_t X25519_KEY[X25519_KEYSIZE_BYTES];
 
+void x25519_precomputed_scalarmult(uint8_t *shared, uint8_t *private_key, uint8_t *session_key);
+void x25519_precomputed_scalarmult_base(uint8_t *session_key, uint8_t *private_key);
+int check_4th_gen_intel_core_features();
+
 #endif /* RFC7748_PRECOMPUTED_H */

data/ext/{x25519/rfc7748_precomputed → x25519_precomputed}/x25519_x64.c

@@ -17,7 +17,7 @@
 */
 #include "fp25519_x64.h"
 #include "table_ladder_x25519.h"
-#include "rfc7748_precomputed.h"
+#include "x25519_precomputed.h"
 
 /****** Implementation of Montgomery Ladder Algorithm ************/
 static inline void cswap_x64(uint64_t bit, uint64_t *const px, uint64_t *const py)
@@ -32,7 +32,7 @@ static inline void cswap_x64(uint64_t bit, uint64_t *const px, uint64_t *const p
     }
 }
 
-void x25519_rfc7748_precomputed_scalarmult(uint8_t *shared, uint8_t *private_key, uint8_t *session_key)
+void x25519_precomputed_scalarmult(uint8_t *shared, uint8_t *private_key, uint8_t *session_key)
 {
 	ALIGN uint64_t buffer[4*NUM_WORDS_ELTFP25519_X64];
 	ALIGN uint64_t coordinates[4*NUM_WORDS_ELTFP25519_X64];
@@ -133,7 +133,7 @@ void x25519_rfc7748_precomputed_scalarmult(uint8_t *shared, uint8_t *private_key
 	private_key[0]  = (uint8_t)(save & 0xFF);
 }
 
-void x25519_rfc7748_precomputed_scalarmult_base(uint8_t *session_key, uint8_t *private_key)
+void x25519_precomputed_scalarmult_base(uint8_t *session_key, uint8_t *private_key)
 {
 	ALIGN uint64_t buffer[4*NUM_WORDS_ELTFP25519_X64];
 	ALIGN uint64_t coordinates[4*NUM_WORDS_ELTFP25519_X64];

data/ext/{x25519/ref10 → x25519_ref10}/base.c

@@ -1,8 +1,5 @@
 #include "fe.h"
-
-int x25519_ref10_scalarmult(uint8_t *q,
-  const uint8_t *n,
-  const uint8_t *p);
+#include "x25519_ref10.h"
 
 static const uint8_t x25519_basepoint[32] = {9};
 

data/ext/x25519_ref10/extconf.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# rubocop:disable Style/GlobalVars
+
+require "mkmf"
+
+$CFLAGS << " -Wall -O3 -pedantic -std=c99"
+
+create_makefile "x25519_ref10"

data/ext/{x25519/ref10 → x25519_ref10}/scalarmult.c

@@ -1,4 +1,5 @@
 #include "fe.h"
+#include "x25519_ref10.h"
 
 int x25519_ref10_scalarmult(uint8_t *q, const uint8_t *n, const uint8_t *p)
 {

data/ext/x25519_ref10/x25519_ref10.c

@@ -0,0 +1,80 @@
+/*
+Ruby C extension providing bindings to the ref10 implementation of the
+X25519 Diffie-Hellman algorithm
+*/
+
+#include "ruby.h"
+#include "x25519_ref10.h"
+
+static VALUE mX25519 = Qnil;
+static VALUE mX25519_Ref10 = Qnil;
+
+static VALUE mX25519_Scalar_multiply(VALUE self, VALUE scalar, VALUE montgomery_u);
+static VALUE mX25519_Scalar_multiply_base(VALUE self, VALUE scalar);
+
+/* Initialize the x25519_ref10 C extension */
+void Init_x25519_ref10()
+{
+    mX25519 = rb_define_module("X25519");
+    mX25519_Ref10 = rb_define_module_under(mX25519, "Ref10");
+
+    rb_define_singleton_method(mX25519_Ref10, "multiply", mX25519_Scalar_multiply, 2);
+    rb_define_singleton_method(mX25519_Ref10, "multiply_base", mX25519_Scalar_multiply_base, 1);
+}
+
+/* Variable-base scalar multiplication */
+static VALUE mX25519_Scalar_multiply(VALUE self, VALUE scalar, VALUE montgomery_u)
+{
+    X25519_KEY product;
+
+    StringValue(scalar);
+    if(RSTRING_LEN(scalar) != X25519_KEYSIZE_BYTES) {
+        rb_raise(
+            rb_eArgError,
+            "expected %d-byte scalar, got %ld",
+            X25519_KEYSIZE_BYTES,
+            RSTRING_LEN(scalar)
+        );
+    }
+
+    StringValue(montgomery_u);
+    if(RSTRING_LEN(montgomery_u) != X25519_KEYSIZE_BYTES) {
+        rb_raise(
+            rb_eArgError,
+            "expected %d-byte Montgomery-u coordinate, got %ld",
+            X25519_KEYSIZE_BYTES,
+            RSTRING_LEN(montgomery_u)
+        );
+    }
+
+    x25519_ref10_scalarmult(
+        product,
+        (const uint8_t *)RSTRING_PTR(scalar),
+        (const uint8_t *)RSTRING_PTR(montgomery_u)
+    );
+
+    return rb_str_new((const char *)product, X25519_KEYSIZE_BYTES);
+}
+
+/* Fixed-base scalar multiplication */
+static VALUE mX25519_Scalar_multiply_base(VALUE self, VALUE scalar)
+{
+    X25519_KEY product;
+
+    StringValue(scalar);
+    if(RSTRING_LEN(scalar) != X25519_KEYSIZE_BYTES) {
+        rb_raise(
+            rb_eArgError,
+            "expected %d-byte scalar, got %ld",
+            X25519_KEYSIZE_BYTES,
+            RSTRING_LEN(scalar)
+        );
+    }
+
+    x25519_ref10_scalarmult_base(
+        product,
+        (const uint8_t *)RSTRING_PTR(scalar)
+    );
+
+    return rb_str_new((const char *)product, X25519_KEYSIZE_BYTES);
+}

data/ext/x25519_ref10/x25519_ref10.h

@@ -0,0 +1,15 @@
+#ifndef RFC7748_REF10_H
+#define RFC7748_REF10_H
+
+#include <stdint.h>
+
+#define X25519_KEYSIZE_BYTES 32
+typedef uint8_t X25519_KEY[X25519_KEYSIZE_BYTES];
+
+/* Fixed-base scalar multiplication */
+int x25519_ref10_scalarmult(uint8_t *q, const uint8_t *n, const uint8_t *p);
+
+/* Variable-base scalar multiplication */
+int x25519_ref10_scalarmult_base(uint8_t *q, const uint8_t *n);
+
+#endif /* RFC7748_REF10_H */

data/lib/x25519.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require "securerandom"
+
+require "x25519/version"
+
+require "x25519/montgomery_u"
+require "x25519/scalar"
+
+# Native extension backends
+require "x25519_ref10"
+require "x25519_precomputed"
+
+# The X25519 elliptic curve Diffie-Hellman algorithm
+module X25519
+  module_function
+
+  # Size of an X25519 key (public or private) in bytes
+  KEY_SIZE = 32
+
+  # X25519::Precomputed requires a 4th generation Intel Core CPU or newer,
+  # so only enable it if we detect we're on a supported platform. Otherwise,
+  # fall back to the ref10 portable C implementation.
+  @provider = if X25519::Precomputed.available?
+                X25519::Precomputed
+              else
+                X25519::Ref10
+              end
+
+  # Selected provider based on the logic above
+  def provider
+    @provider
+  end
+
+  # Raw Diffie-Hellman function that acts directly on bytestrings. An
+  # alternative to the object-oriented API
+  #
+  # @param scalar_bytes [String] a serialized private scalar
+  # @param montgomery_u_bytes [String] a point we wish to multiply by the scalar
+  #
+  # @return [String] resulting point, serialized as bytes
+  def diffie_hellman(scalar_bytes, montgomery_u_bytes)
+    validate_key_bytes(scalar_bytes)
+    validate_key_bytes(montgomery_u_bytes)
+    X25519.provider.multiply(scalar_bytes, montgomery_u_bytes)
+  end
+
+  # Ensure a serialized key meets the requirements
+  def validate_key_bytes(key_bytes)
+    raise TypeError, "expected String, got #{key_bytes.class}" unless key_bytes.is_a?(String)
+    return true if key_bytes.bytesize == KEY_SIZE
+    raise ArgumentError, "expected #{KEY_SIZE}-byte String, got #{key_bytes.bytesize}"
+  end
+end

data/lib/x25519/montgomery_u.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module X25519
+  # X25519 public keys and shared secrets
+  #
+  # Montgomery-u coordinates of points on the elliptic curve used by X25519
+  # (a.k.a. Curve25519)
+  class MontgomeryU
+    # Create an object representing a Montgomery-u coordinate from a bytestring
+    #
+    # @param bytes [String] 32-byte compressed Montgomery-u coordinate
+    def initialize(bytes)
+      X25519.validate_key_bytes(bytes)
+      @bytes = bytes
+    end
+
+    # Return a compressed Montgomery-u coordinate serialized as a bytestring
+    #
+    # @return [String] bytestring serialization of a Montgomery-u coordinate
+    def to_bytes
+      @bytes
+    end
+
+    # Show hex representation of serialized coordinate in string inspection
+    def inspect
+      "#<#{self.class}:#{@bytes.unpack('H*').first}>"
+    end
+  end
+end

data/lib/x25519/scalar.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module X25519
+  # X25519 private keys
+  #
+  # Scalars are the integer component of scalar multiplication, multiplied
+  # against an elliptic curve point.
+  class Scalar
+    # Securely generate a random scalar
+    def self.generate
+      new(SecureRandom.random_bytes(X25519::KEY_SIZE))
+    end
+
+    # Create an X25519 scalar object from a bytestring
+    #
+    # @param bytes [String] 32-byte random secret scalar
+    def initialize(bytes)
+      X25519.validate_key_bytes(bytes)
+      @bytes = bytes
+    end
+
+    # Variable-base scalar multiplication a.k.a. Diffie-Hellman
+    #
+    # This can be used to obtain a shared secret from a public key
+    #
+    # @param montgomery_u [X25519::MontgomeryU] coordinate of the public key/point to perform D-H with
+    #
+    # @return [X25519::MontgomeryU] resulting point (i.e. D-H shared secret)
+    def multiply(montgomery_u)
+      raise TypeError, "expected X25519::MontgomeryU, got #{montgomery_u}" unless montgomery_u.is_a?(MontgomeryU)
+      MontgomeryU.new(X25519.provider.multiply(@bytes, montgomery_u.to_bytes))
+    end
+    alias diffie_hellman multiply
+
+    # Fixed-base scalar multiplication. Calculates a public key from a
+    # private scalar
+    #
+    # @return [X25519::MontgomeryU] resulting point (i.e. public key)
+    def multiply_base
+      MontgomeryU.new(X25519.provider.multiply_base(@bytes))
+    end
+    alias public_key multiply_base
+
+    # Return a bytestring representation of this scalar
+    #
+    # @return [String] scalar converted to a bytestring
+    def to_bytes
+      @bytes
+    end
+
+    # String inspection that does not leak the private scalar
+    def inspect
+      to_s
+    end
+  end
+end

data/lib/x25519/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module X25519
+  VERSION = "0.2.0"
+end

data/x25519.gemspec

@@ -1,15 +1,19 @@
 # frozen_string_literal: true
 
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "x25519/version"
+
 Gem::Specification.new do |spec|
   spec.name          = "x25519"
-  spec.version       = "0.1.0"
+  spec.version       = X25519::VERSION
   spec.authors       = ["Tony Arcieri"]
   spec.email         = ["bascule@gmail.com"]
   spec.summary       = "Public key cryptography library providing the X25519 D-H function"
   spec.description = <<-DESCRIPTION.strip.gsub(/\s+/, " ")
     An efficient public key cryptography library for Ruby providing key
     exchange/agreement via the X25519 (a.k.a. Curve25519) Elliptic Curve
-    Diffie-Hellman function as described in [RFC7748].
+    Diffie-Hellman function as described in RFC 7748.
   DESCRIPTION
   spec.homepage      = "https://github.com/cryptosphere/x25519"
   spec.license       = "MIT"
@@ -18,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
   spec.platform      = Gem::Platform::RUBY
-  spec.extensions    = "ext/x25519/extconf.rb"
+  spec.extensions    = ["ext/x25519_precomputed/extconf.rb", "ext/x25519_ref10/extconf.rb"]
 
   spec.required_ruby_version = ">= 2.2.2"
   spec.add_development_dependency "bundler", "~> 1.16"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: x25519
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Tony Arcieri
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-11 00:00:00.000000000 Z
+date: 2017-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -26,12 +26,13 @@ dependencies:
         version: '1.16'
 description: An efficient public key cryptography library for Ruby providing key exchange/agreement
   via the X25519 (a.k.a. Curve25519) Elliptic Curve Diffie-Hellman function as described
-  in [RFC7748].
+  in RFC 7748.
 email:
 - bascule@gmail.com
 executables: []
 extensions:
-- ext/x25519/extconf.rb
+- ext/x25519_precomputed/extconf.rb
+- ext/x25519_ref10/extconf.rb
 extra_rdoc_files: []
 files:
 - ".gitignore"
@@ -44,33 +45,39 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- ext/x25519/cputest.c
-- ext/x25519/extconf.rb
-- ext/x25519/ref10/api.h
-- ext/x25519/ref10/base.c
-- ext/x25519/ref10/fe.h
-- ext/x25519/ref10/fe_0.c
-- ext/x25519/ref10/fe_1.c
-- ext/x25519/ref10/fe_add.c
-- ext/x25519/ref10/fe_copy.c
-- ext/x25519/ref10/fe_cswap.c
-- ext/x25519/ref10/fe_frombytes.c
-- ext/x25519/ref10/fe_invert.c
-- ext/x25519/ref10/fe_mul.c
-- ext/x25519/ref10/fe_mul121666.c
-- ext/x25519/ref10/fe_sq.c
-- ext/x25519/ref10/fe_sub.c
-- ext/x25519/ref10/fe_tobytes.c
-- ext/x25519/ref10/montgomery.h
-- ext/x25519/ref10/pow225521.h
-- ext/x25519/ref10/scalarmult.c
-- ext/x25519/rfc7748_precomputed/fp25519_x64.c
-- ext/x25519/rfc7748_precomputed/fp25519_x64.h
-- ext/x25519/rfc7748_precomputed/rfc7748_precomputed.h
-- ext/x25519/rfc7748_precomputed/table_ladder_x25519.h
-- ext/x25519/rfc7748_precomputed/x25519_x64.c
-- ext/x25519/x25519.c
-- ext/x25519/x25519.h
+- ext/x25519_precomputed/cputest.c
+- ext/x25519_precomputed/extconf.rb
+- ext/x25519_precomputed/fp25519_x64.c
+- ext/x25519_precomputed/fp25519_x64.h
+- ext/x25519_precomputed/table_ladder_x25519.h
+- ext/x25519_precomputed/x25519_precomputed.c
+- ext/x25519_precomputed/x25519_precomputed.h
+- ext/x25519_precomputed/x25519_x64.c
+- ext/x25519_ref10/api.h
+- ext/x25519_ref10/base.c
+- ext/x25519_ref10/extconf.rb
+- ext/x25519_ref10/fe.h
+- ext/x25519_ref10/fe_0.c
+- ext/x25519_ref10/fe_1.c
+- ext/x25519_ref10/fe_add.c
+- ext/x25519_ref10/fe_copy.c
+- ext/x25519_ref10/fe_cswap.c
+- ext/x25519_ref10/fe_frombytes.c
+- ext/x25519_ref10/fe_invert.c
+- ext/x25519_ref10/fe_mul.c
+- ext/x25519_ref10/fe_mul121666.c
+- ext/x25519_ref10/fe_sq.c
+- ext/x25519_ref10/fe_sub.c
+- ext/x25519_ref10/fe_tobytes.c
+- ext/x25519_ref10/montgomery.h
+- ext/x25519_ref10/pow225521.h
+- ext/x25519_ref10/scalarmult.c
+- ext/x25519_ref10/x25519_ref10.c
+- ext/x25519_ref10/x25519_ref10.h
+- lib/x25519.rb
+- lib/x25519/montgomery_u.rb
+- lib/x25519/scalar.rb
+- lib/x25519/version.rb
 - x25519.gemspec
 homepage: https://github.com/cryptosphere/x25519
 licenses:

data/ext/x25519/extconf.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-# rubocop:disable Style/GlobalVars
-
-require "mkmf"
-
-abort("missing posix_memalign()") unless have_func("posix_memalign", "stdlib.h")
-
-$INCFLAGS << " -I$(srcdir)/ref10 -I$(srcdir)/rfc7748_precomputed"
-
-# Check for Intel 4th Gen Core CPU features
-# TODO: move this detection completely to runtime
-cputest_c = <<SRC
-  #{File.read(File.expand_path('cputest.c', __dir__))}
-  int main() {
-    return check_4th_gen_intel_core_features() != 1;
-  }
-SRC
-
-if try_run(cputest_c)
-  $defs.push("-DHAVE_4TH_GEN_INTEL_CORE")
-  $CFLAGS << " -Wall -O3 -pedantic -std=c99 -mbmi -mbmi2 -march=native -mtune=native"
-  $srcs = Dir.glob(File.join(__dir__, "**", "*.c"))
-else
-  # Do not include the rfc7748_precomputed sources if we do not have a 4th gen+ Core CPU
-  $srcs = Dir.glob(File.join(__dir__, "*.c")) + Dir.glob(File.expand_path("ref10/*.c", __dir__))
-end
-
-$objs = $srcs.map { |src| src.sub(/\.c$/, ".o") }
-
-create_makefile "x25519"

data/ext/x25519/x25519.c

@@ -1,325 +0,0 @@
-/* Ruby C extension providing bindings to the X25519 Diffie-Hellman algorithm */
-
-#define _POSIX_C_SOURCE 200809L
-#include <stdlib.h>
-
-#include "ruby.h"
-#include "x25519.h"
-
-/* The X25519::VERSION */
-#define GEM_VERSION "0.1.0"
-
-/* X25519 module method prototypes */
-static VALUE X25519_backend(VALUE self);
-static VALUE X25519_self_test(VALUE self);
-static VALUE X25519_diffie_hellman(VALUE self, VALUE public_key, VALUE secret_key);
-
-/* X25519::Scalar prototypes */
-static VALUE cX25519_Scalar_allocate(VALUE klass);
-static void cX25519_Scalar_mark(X25519_KEY *scalar);
-static void cX25519_Scalar_free(X25519_KEY *scalar);
-static VALUE cX25519_Scalar_generate(VALUE self);
-static VALUE cX25519_Scalar_initialize(VALUE self, VALUE bytes);
-static VALUE cX25519_Scalar_multiply_base(VALUE self);
-static VALUE cX25519_Scalar_multiply(VALUE self, VALUE montgomery_u);
-static VALUE cX25519_Scalar_to_bytes(VALUE self);
-
-/* X25519::MontgomeryU prototypes */
-static VALUE cX25519_MontgomeryU_allocate(VALUE klass);
-static void cX25519_MontgomeryU_mark(X25519_KEY *coord);
-static void cX25519_MontgomeryU_free(X25519_KEY *coord);
-static VALUE cX25519_MontgomeryU_initialize(VALUE self, VALUE bytes);
-static VALUE cX25519_MontgomeryU_to_bytes(VALUE self);
-
-static VALUE mX25519 = Qnil;
-static VALUE cX25519_Scalar  = Qnil;
-static VALUE cX25519_MontgomeryU = Qnil;
-
-/* Are we on a 4th gen Intel Core CPU architecture that supports the
-   rfc7748_precomputed backend? */
-static int use_rfc7748_precomputed = 0;
-
-/* Initialize the Ruby module */
-void Init_x25519()
-{
-    /* Test for support for the rfc7748_precomputed backend */
-    use_rfc7748_precomputed = check_4th_gen_intel_core_features();
-
-    /* Used for key generation */
-    rb_require("securerandom");
-
-    mX25519 = rb_define_module("X25519");
-    rb_define_const(mX25519, "VERSION", rb_str_new2(GEM_VERSION));
-    rb_define_singleton_method(mX25519, "backend", X25519_backend, 0);
-    rb_define_singleton_method(mX25519, "self_test", X25519_self_test, 0);
-    rb_define_singleton_method(mX25519, "diffie_hellman", X25519_diffie_hellman, 2);
-
-    cX25519_Scalar = rb_define_class_under(mX25519, "Scalar", rb_cObject);
-    rb_define_alloc_func(cX25519_Scalar, cX25519_Scalar_allocate);
-    rb_define_singleton_method(cX25519_Scalar, "generate", cX25519_Scalar_generate, 0);
-    rb_define_method(cX25519_Scalar, "initialize", cX25519_Scalar_initialize, 1);
-    rb_define_method(cX25519_Scalar, "multiply_base", cX25519_Scalar_multiply_base, 0);
-    rb_define_method(cX25519_Scalar, "public_key", cX25519_Scalar_multiply_base, 0);
-    rb_define_method(cX25519_Scalar, "multiply", cX25519_Scalar_multiply, 1);
-    rb_define_method(cX25519_Scalar, "diffie_hellman", cX25519_Scalar_multiply, 1);
-    rb_define_method(cX25519_Scalar, "to_bytes", cX25519_Scalar_to_bytes, 0);
-    rb_define_method(cX25519_Scalar, "to_str", cX25519_Scalar_to_bytes, 0);
-
-    cX25519_MontgomeryU = rb_define_class_under(mX25519, "MontgomeryU", rb_cObject);
-    rb_define_alloc_func(cX25519_MontgomeryU, cX25519_MontgomeryU_allocate);
-    rb_define_method(cX25519_MontgomeryU, "initialize", cX25519_MontgomeryU_initialize, 1);
-    rb_define_method(cX25519_MontgomeryU, "to_bytes", cX25519_MontgomeryU_to_bytes, 0);
-    rb_define_method(cX25519_MontgomeryU, "to_str", cX25519_MontgomeryU_to_bytes, 0);
-
-    /* Run the self-test on load to ensure everything is working */
-    rb_funcall(mX25519, rb_intern("self_test"), 0);
-}
-
-/* Return a symbol identifying the backend in use */
-static VALUE X25519_backend(VALUE self)
-{
-    switch(use_rfc7748_precomputed) {
-        case 1:
-            return ID2SYM(rb_intern("rfc7748_precomputed"));
-        case 0:
-            return ID2SYM(rb_intern("ref10"));
-        default:
-            rb_raise(rb_eRuntimeError, "invalid X25519 backend! (%d)", use_rfc7748_precomputed);
-    }
-}
-
-/* Perform an end-to-end test of the Ruby binding to ensure it's working correctly */
-static VALUE X25519_self_test(VALUE self)
-{
-    VALUE sk, pk, shared;
-
-    /* Test vectors from RFC 7748 */
-    X25519_KEY ietf_cfrg_key0 = {
-        0xa5,0x46,0xe3,0x6b,0xf0,0x52,0x7c,0x9d,
-        0x3b,0x16,0x15,0x4b,0x82,0x46,0x5e,0xdd,
-        0x62,0x14,0x4c,0x0a,0xc1,0xfc,0x5a,0x18,
-        0x50,0x6a,0x22,0x44,0xba,0x44,0x9a,0xc4
-    };
-
-    X25519_KEY ietf_cfrg_input_coord0 = {
-        0xe6,0xdb,0x68,0x67,0x58,0x30,0x30,0xdb,
-        0x35,0x94,0xc1,0xa4,0x24,0xb1,0x5f,0x7c,
-        0x72,0x66,0x24,0xec,0x26,0xb3,0x35,0x3b,
-        0x10,0xa9,0x03,0xa6,0xd0,0xab,0x1c,0x4c
-    };
-
-    X25519_KEY ietf_cfrg_output_coord0 = {
-        0xc3,0xda,0x55,0x37,0x9d,0xe9,0xc6,0x90,
-        0x8e,0x94,0xea,0x4d,0xf2,0x8d,0x08,0x4f,
-        0x32,0xec,0xcf,0x03,0x49,0x1c,0x71,0xf7,
-        0x54,0xb4,0x07,0x55,0x77,0xa2,0x85,0x52
-    };
-
-    sk = rb_str_new((const char *)&ietf_cfrg_key0, X25519_KEYSIZE_BYTES);
-    pk = rb_str_new((const char *)&ietf_cfrg_input_coord0, X25519_KEYSIZE_BYTES);
-
-    shared = rb_funcall(mX25519, rb_intern("diffie_hellman"), 2, sk, pk);
-
-    if(RSTRING_LEN(shared) != X25519_KEYSIZE_BYTES ||
-       memcmp(RSTRING_PTR(shared), ietf_cfrg_output_coord0, X25519_KEYSIZE_BYTES) != 0)
-    {
-        rb_raise(rb_eRuntimeError, "X25519 self-test failed!");
-    }
-
-    return Qtrue;
-}
-
-/* Compute Diffie-Hellman for the given key and Montgomery-u coordinate
- * (i.e. variable base scalar multiplication) */
-static VALUE X25519_diffie_hellman(VALUE self, VALUE secret_key, VALUE public_key)
-{
-    VALUE scalar, coord, shared;
-
-    scalar = rb_class_new_instance(1, &secret_key, cX25519_Scalar);
-    coord  = rb_class_new_instance(1, &public_key, cX25519_MontgomeryU);
-    shared = rb_funcall(scalar, rb_intern("multiply"), 1, coord);
-
-    return rb_funcall(shared, rb_intern("to_bytes"), 0);
-}
-
-/********************************
- * X25519::Scalar: private keys *
- ********************************/
-
-static VALUE cX25519_Scalar_allocate(VALUE klass)
-{
-    X25519_KEY *scalar = NULL;
-
-    /* Ensure allocation with the correct (32-byte) memory alignent */
-    if(posix_memalign((void **)&scalar, ALIGN_BYTES, X25519_KEYSIZE_BYTES)) {
-        rb_fatal("x25519: can't allocate memory with posix_memalign()");
-    }
-
-    /* Avoid using unitialized memory */
-    memset(scalar, 0, X25519_KEYSIZE_BYTES);
-
-    return Data_Wrap_Struct(klass, cX25519_Scalar_mark, cX25519_Scalar_free, scalar);
-}
-
-static void cX25519_Scalar_mark(X25519_KEY *scalar)
-{
-}
-
-static void cX25519_Scalar_free(X25519_KEY *scalar)
-{
-    free(scalar);
-}
-
-/* Generate a random X25519 private scalar */
-static VALUE cX25519_Scalar_generate(VALUE self)
-{
-    VALUE rb_mSecureRandom, scalar_bytes;
-    rb_mSecureRandom = rb_const_get(rb_cObject, rb_intern("SecureRandom"));
-
-    scalar_bytes = rb_funcall(
-        rb_mSecureRandom,
-        rb_intern("random_bytes"),
-        1,
-        INT2NUM(X25519_KEYSIZE_BYTES)
-    );
-
-    return rb_class_new_instance(1, &scalar_bytes, self);
-}
-
-/* Create an X25519::Scalar from a String containing bytes */
-static VALUE cX25519_Scalar_initialize(VALUE self, VALUE bytes)
-{
-    X25519_KEY *scalar = NULL;
-    Data_Get_Struct(self, X25519_KEY, scalar);
-
-    StringValue(bytes);
-    if(RSTRING_LEN(bytes) != X25519_KEYSIZE_BYTES) {
-        rb_raise(
-            rb_eArgError,
-            "expected %d-byte scalar, got %ld",
-            X25519_KEYSIZE_BYTES,
-            RSTRING_LEN(bytes)
-        );
-    }
-
-    memcpy(scalar, RSTRING_PTR(bytes), X25519_KEYSIZE_BYTES);
-
-    return self;
-}
-
-/* Obtain a public key for an X25519 private scalar
- * (i.e. fixed base scalar multiplication ) */
-static VALUE cX25519_Scalar_multiply_base(VALUE self)
-{
-    X25519_KEY *scalar = NULL, public_key;
-    VALUE public_key_str;
-
-    Data_Get_Struct(self, X25519_KEY, scalar);
-
-    /* Avoid using unitialized memory */
-    memset(&public_key, 0, X25519_KEYSIZE_BYTES);
-
-    /* Compute public key from private scalar using fixed-base scalar multiplication */
-    if(use_rfc7748_precomputed) {
-        x25519_rfc7748_precomputed_scalarmult_base(public_key, *scalar);
-    } else {
-        x25519_ref10_scalarmult_base(public_key, *scalar);
-    }
-
-    public_key_str = rb_str_new((const char *)&public_key, X25519_KEYSIZE_BYTES);
-    return rb_class_new_instance(1, &public_key_str, cX25519_MontgomeryU);
-}
-
-/* Obtain a public key for an X25519 private scalar
- * (i.e. fixed base scalar multiplication ) */
-static VALUE cX25519_Scalar_multiply(VALUE self, VALUE montgomery_u)
-{
-    X25519_KEY *scalar = NULL, *coord = NULL, product;
-    VALUE product_str;
-
-    if(rb_obj_class(montgomery_u) != cX25519_MontgomeryU) {
-        rb_raise(rb_eTypeError, "wrong argument type (expected X25519::MontgomeryU)");
-    }
-
-    Data_Get_Struct(self, X25519_KEY, scalar);
-    Data_Get_Struct(montgomery_u, X25519_KEY, coord);
-
-    /* Avoid using unitialized memory */
-    memset(&product, 0, X25519_KEYSIZE_BYTES);
-
-    /* Compute the Diffie-Hellman shared secret */
-    if(use_rfc7748_precomputed) {
-        x25519_rfc7748_precomputed_scalarmult(product, *scalar, *coord);
-    } else {
-        x25519_ref10_scalarmult(product, *scalar, *coord);
-    }
-
-    product_str = rb_str_new((const char *)&product, X25519_KEYSIZE_BYTES);
-    return rb_class_new_instance(1, &product_str, cX25519_MontgomeryU);
-}
-
-/* Return a String containing the raw bytes of this scalar */
-static VALUE cX25519_Scalar_to_bytes(VALUE self)
-{
-    X25519_KEY *scalar = NULL;
-    Data_Get_Struct(self, X25519_KEY, scalar);
-
-    return rb_str_new((const char *)scalar, X25519_KEYSIZE_BYTES);;
-}
-
-/************************************
- * X25519::MontgomeryU: public keys *
- ************************************/
-
-static VALUE cX25519_MontgomeryU_allocate(VALUE klass)
-{
-    X25519_KEY *coord = NULL;
-
-    /* Ensure allocation with the correct (32-byte) memory alignent */
-    if(posix_memalign((void **)&coord, ALIGN_BYTES, X25519_KEYSIZE_BYTES)) {
-        rb_fatal("x25519: can't allocate memory with posix_memalign()");
-    }
-
-    /* Avoid using unitialized memory */
-    memset(coord, 0, X25519_KEYSIZE_BYTES);
-
-    return Data_Wrap_Struct(klass, cX25519_MontgomeryU_mark, cX25519_MontgomeryU_free, coord);
-}
-
-static void cX25519_MontgomeryU_mark(X25519_KEY *coord)
-{
-}
-
-static void cX25519_MontgomeryU_free(X25519_KEY *coord)
-{
-    free(coord);
-}
-
-static VALUE cX25519_MontgomeryU_initialize(VALUE self, VALUE bytes)
-{
-    X25519_KEY *coord = NULL;
-    Data_Get_Struct(self, X25519_KEY, coord);
-
-    StringValue(bytes);
-    if(RSTRING_LEN(bytes) != X25519_KEYSIZE_BYTES) {
-        rb_raise(
-            rb_eArgError,
-            "expected %d-byte scalar, got %ld",
-            X25519_KEYSIZE_BYTES,
-            RSTRING_LEN(bytes)
-        );
-    }
-
-    memcpy(coord, RSTRING_PTR(bytes), X25519_KEYSIZE_BYTES);
-
-    return self;
-}
-
-/* Return a String containing the raw bytes of this scalar */
-static VALUE cX25519_MontgomeryU_to_bytes(VALUE self)
-{
-    X25519_KEY *coord = NULL;
-    Data_Get_Struct(self, X25519_KEY, coord);
-
-    return rb_str_new((const char *)coord, X25519_KEYSIZE_BYTES);;
-}

data/ext/x25519/x25519.h

@@ -1,24 +0,0 @@
-#include "rfc7748_precomputed.h"
-
-/* Detect support for 4th gen (e.g. Haswell) or newer CPUs */
-int check_4th_gen_intel_core_features();
-
-/**********************************
- * rfc7748_precomputed prototypes *
- **********************************/
-
-/* Fixed-base scalar multiplication */
-void x25519_rfc7748_precomputed_scalarmult_base(uint8_t *session_key, uint8_t *private_key);
-
-/* Variable-base scalar multiplication */
-void x25519_rfc7748_precomputed_scalarmult(uint8_t *shared, uint8_t *private_key, uint8_t *session_key);
-
-/********************
- * ref10 prototypes *
- ********************/
-
-/* Fixed-base scalar multiplication */
-int x25519_ref10_scalarmult_base(uint8_t *q, const uint8_t *n);
-
-/* Variable-base scalar multiplication */
-int x25519_ref10_scalarmult(uint8_t *q, const uint8_t *n, const uint8_t *p);