diff options
Diffstat (limited to 'external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref')
8 files changed, 0 insertions, 985 deletions
diff --git a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/api.h b/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/api.h deleted file mode 100644 index 5cb0f760..00000000 --- a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/api.h +++ /dev/null @@ -1,12 +0,0 @@ - -#include "crypto_sign_edwards25519sha512batch.h" - -#define crypto_sign crypto_sign_edwards25519sha512batch -#define crypto_sign_open crypto_sign_edwards25519sha512batch_open -#define crypto_sign_keypair crypto_sign_edwards25519sha512batch_keypair -#define crypto_sign_BYTES crypto_sign_edwards25519sha512batch_BYTES -#define crypto_sign_PUBLICKEYBYTES crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES -#define crypto_sign_SECRETKEYBYTES crypto_sign_edwards25519sha512batch_SECRETKEYBYTES -#define crypto_sign_IMPLEMENTATION crypto_sign_edwards25519sha512batch_IMPLEMENTATION -#define crypto_sign_VERSION crypto_sign_edwards25519sha512batch_VERSION - diff --git a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519.h b/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519.h deleted file mode 100644 index 98c613fa..00000000 --- a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef FE25519_H -#define FE25519_H - -#define fe25519 crypto_sign_edwards25519sha512batch_fe25519 -#define fe25519_unpack crypto_sign_edwards25519sha512batch_fe25519_unpack -#define fe25519_pack crypto_sign_edwards25519sha512batch_fe25519_pack -#define fe25519_cmov crypto_sign_edwards25519sha512batch_fe25519_cmov -#define fe25519_setone crypto_sign_edwards25519sha512batch_fe25519_setone -#define fe25519_setzero crypto_sign_edwards25519sha512batch_fe25519_setzero -#define fe25519_neg crypto_sign_edwards25519sha512batch_fe25519_neg -#define fe25519_getparity crypto_sign_edwards25519sha512batch_fe25519_getparity -#define fe25519_add crypto_sign_edwards25519sha512batch_fe25519_add -#define fe25519_sub crypto_sign_edwards25519sha512batch_fe25519_sub -#define fe25519_mul crypto_sign_edwards25519sha512batch_fe25519_mul -#define fe25519_square crypto_sign_edwards25519sha512batch_fe25519_square -#define fe25519_pow crypto_sign_edwards25519sha512batch_fe25519_pow -#define fe25519_sqrt_vartime crypto_sign_edwards25519sha512batch_fe25519_sqrt_vartime -#define fe25519_invert crypto_sign_edwards25519sha512batch_fe25519_invert - -#include "crypto_uint32.h" - -typedef struct { - crypto_uint32 v[32]; -} fe25519; - -void fe25519_unpack(fe25519 *r, const unsigned char x[32]); - -void fe25519_pack(unsigned char r[32], const fe25519 *x); - -void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); - -void fe25519_setone(fe25519 *r); - -void fe25519_setzero(fe25519 *r); - -void fe25519_neg(fe25519 *r, const fe25519 *x); - -unsigned char fe25519_getparity(const fe25519 *x); - -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_square(fe25519 *r, const fe25519 *x); - -void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e); - -int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity); - -void fe25519_invert(fe25519 *r, const fe25519 *x); - -#endif diff --git a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519_edwards25519sha512batch.c b/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519_edwards25519sha512batch.c deleted file mode 100644 index df7a923e..00000000 --- a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519_edwards25519sha512batch.c +++ /dev/null @@ -1,348 +0,0 @@ -#include "fe25519.h" - -#define WINDOWSIZE 4 /* Should be 1,2, or 4 */ -#define WINDOWMASK ((1<<WINDOWSIZE)-1) - -static void reduce_add_sub(fe25519 *r) -{ - crypto_uint32 t; - int i,rep; - - for(rep=0;rep<4;rep++) - { - t = r->v[31] >> 7; - r->v[31] &= 127; - t *= 19; - r->v[0] += t; - for(i=0;i<31;i++) - { - t = r->v[i] >> 8; - r->v[i+1] += t; - r->v[i] &= 255; - } - } -} - -static void reduce_mul(fe25519 *r) -{ - crypto_uint32 t; - int i,rep; - - for(rep=0;rep<2;rep++) - { - t = r->v[31] >> 7; - r->v[31] &= 127; - t *= 19; - r->v[0] += t; - for(i=0;i<31;i++) - { - t = r->v[i] >> 8; - r->v[i+1] += t; - r->v[i] &= 255; - } - } -} - -/* reduction modulo 2^255-19 */ -static void freeze(fe25519 *r) -{ - int i; - unsigned int m = (r->v[31] == 127); - for(i=30;i>1;i--) - m *= (r->v[i] == 255); - m *= (r->v[0] >= 237); - - r->v[31] -= m*127; - for(i=30;i>0;i--) - r->v[i] -= m*255; - r->v[0] -= m*237; -} - -/*freeze input before calling isone*/ -static int isone(const fe25519 *x) -{ - int i; - int r = (x->v[0] == 1); - for(i=1;i<32;i++) - r *= (x->v[i] == 0); - return r; -} - -/*freeze input before calling iszero*/ -static int iszero(const fe25519 *x) -{ - int i; - int r = (x->v[0] == 0); - for(i=1;i<32;i++) - r *= (x->v[i] == 0); - return r; -} - - -static int issquare(const fe25519 *x) -{ - unsigned char e[32] = {0xf6,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3f}; /* (p-1)/2 */ - fe25519 t; - - fe25519_pow(&t,x,e); - freeze(&t); - return isone(&t) || iszero(&t); -} - -void fe25519_unpack(fe25519 *r, const unsigned char x[32]) -{ - int i; - for(i=0;i<32;i++) r->v[i] = x[i]; - r->v[31] &= 127; -} - -/* Assumes input x being reduced mod 2^255 */ -void fe25519_pack(unsigned char r[32], const fe25519 *x) -{ - int i; - unsigned int m; - for(i=0;i<32;i++) - r[i] = x->v[i]; - - /* freeze byte array */ - m = (r[31] == 127); /* XXX: some compilers might use branches; fix */ - for(i=30;i>1;i--) - m *= (r[i] == 255); - m *= (r[0] >= 237); - r[31] -= m*127; - for(i=30;i>0;i--) - r[i] -= m*255; - r[0] -= m*237; -} - -void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) -{ - unsigned char nb = 1-b; - int i; - for(i=0;i<32;i++) r->v[i] = nb * r->v[i] + b * x->v[i]; -} - -unsigned char fe25519_getparity(const fe25519 *x) -{ - fe25519 t; - int i; - for(i=0;i<32;i++) t.v[i] = x->v[i]; - freeze(&t); - return t.v[0] & 1; -} - -void fe25519_setone(fe25519 *r) -{ - int i; - r->v[0] = 1; - for(i=1;i<32;i++) r->v[i]=0; -} - -void fe25519_setzero(fe25519 *r) -{ - int i; - for(i=0;i<32;i++) r->v[i]=0; -} - -void fe25519_neg(fe25519 *r, const fe25519 *x) -{ - fe25519 t; - int i; - for(i=0;i<32;i++) t.v[i]=x->v[i]; - fe25519_setzero(r); - fe25519_sub(r, r, &t); -} - -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i; - for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; - reduce_add_sub(r); -} - -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i; - crypto_uint32 t[32]; - t[0] = x->v[0] + 0x1da; - t[31] = x->v[31] + 0xfe; - for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; - for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; - reduce_add_sub(r); -} - -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i,j; - crypto_uint32 t[63]; - for(i=0;i<63;i++)t[i] = 0; - - for(i=0;i<32;i++) - for(j=0;j<32;j++) - t[i+j] += x->v[i] * y->v[j]; - - for(i=32;i<63;i++) - r->v[i-32] = t[i-32] + 38*t[i]; - r->v[31] = t[31]; /* result now in r[0]...r[31] */ - - reduce_mul(r); -} - -void fe25519_square(fe25519 *r, const fe25519 *x) -{ - fe25519_mul(r, x, x); -} - -/*XXX: Make constant time! */ -void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e) -{ - /* - fe25519 g; - fe25519_setone(&g); - int i; - unsigned char j; - for(i=32;i>0;i--) - { - for(j=128;j>0;j>>=1) - { - fe25519_square(&g,&g); - if(e[i-1] & j) - fe25519_mul(&g,&g,x); - } - } - for(i=0;i<32;i++) r->v[i] = g.v[i]; - */ - fe25519 g; - int i,j,k; - fe25519 t; - unsigned char w; - fe25519 pre[(1 << WINDOWSIZE)]; - - fe25519_setone(&g); - - // Precomputation - fe25519_setone(pre); - pre[1] = *x; - for(i=2;i<(1<<WINDOWSIZE);i+=2) - { - fe25519_square(pre+i, pre+i/2); - fe25519_mul(pre+i+1, pre+i, pre+1); - } - - // Fixed-window scalar multiplication - for(i=32;i>0;i--) - { - for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE) - { - for(k=0;k<WINDOWSIZE;k++) - fe25519_square(&g, &g); - // Cache-timing resistant loading of precomputed value: - w = (e[i-1]>>j) & WINDOWMASK; - t = pre[0]; - for(k=1;k<(1<<WINDOWSIZE);k++) - fe25519_cmov(&t, &pre[k], k==w); - fe25519_mul(&g, &g, &t); - } - } - *r = g; -} - -/* Return 0 on success, 1 otherwise */ -int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity) -{ - unsigned char e[32] = {0xfb,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x1f}; /* (p-1)/4 */ - unsigned char e2[32] = {0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0f}; /* (p+3)/8 */ - unsigned char e3[32] = {0xfd,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0f}; /* (p-5)/8 */ - fe25519 p = {{0}}; - fe25519 d; - int i; - - /* See HAC, Alg. 3.37 */ - if (!issquare(x)) return -1; - fe25519_pow(&d,x,e); - freeze(&d); - if(isone(&d)) - fe25519_pow(r,x,e2); - else - { - for(i=0;i<32;i++) - d.v[i] = 4*x->v[i]; - fe25519_pow(&d,&d,e3); - for(i=0;i<32;i++) - r->v[i] = 2*x->v[i]; - fe25519_mul(r,r,&d); - } - freeze(r); - if((r->v[0] & 1) != (parity & 1)) - { - fe25519_sub(r,&p,r); - } - return 0; -} - -void fe25519_invert(fe25519 *r, const fe25519 *x) -{ - fe25519 z2; - fe25519 z9; - fe25519 z11; - fe25519 z2_5_0; - fe25519 z2_10_0; - fe25519 z2_20_0; - fe25519 z2_50_0; - fe25519 z2_100_0; - fe25519 t0; - fe25519 t1; - int i; - - /* 2 */ fe25519_square(&z2,x); - /* 4 */ fe25519_square(&t1,&z2); - /* 8 */ fe25519_square(&t0,&t1); - /* 9 */ fe25519_mul(&z9,&t0,x); - /* 11 */ fe25519_mul(&z11,&z9,&z2); - /* 22 */ fe25519_square(&t0,&z11); - /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); - - /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); - /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); - /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); - /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); - /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); - - /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); - /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); - - /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); - /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); - - /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); - /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); - /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } - /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); - - /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); - /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); - - /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); - /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); - /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } - /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); - - /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); - /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); - - /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); - /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); - /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); - /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); - /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); - /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); -} diff --git a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519.h b/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519.h deleted file mode 100644 index 49ad163a..00000000 --- a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef GE25519_H -#define GE25519_H - -#include "fe25519.h" -#include "sc25519.h" - -#define ge25519 crypto_sign_edwards25519sha512batch_ge25519 -#define ge25519_unpack_vartime crypto_sign_edwards25519sha512batch_ge25519_unpack_vartime -#define ge25519_pack crypto_sign_edwards25519sha512batch_ge25519_pack -#define ge25519_add crypto_sign_edwards25519sha512batch_ge25519_add -#define ge25519_double crypto_sign_edwards25519sha512batch_ge25519_double -#define ge25519_scalarmult crypto_sign_edwards25519sha512batch_ge25519_scalarmult -#define ge25519_scalarmult_base crypto_sign_edwards25519sha512batch_ge25519_scalarmult_base - -typedef struct { - fe25519 x; - fe25519 y; - fe25519 z; - fe25519 t; -} ge25519; - -int ge25519_unpack_vartime(ge25519 *r, const unsigned char p[32]); - -void ge25519_pack(unsigned char r[32], const ge25519 *p); - -void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q); - -void ge25519_double(ge25519 *r, const ge25519 *p); - -void ge25519_scalarmult(ge25519 *r, const ge25519 *p, const sc25519 *s); - -void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); - -#endif diff --git a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519_edwards25519sha512batch.c b/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519_edwards25519sha512batch.c deleted file mode 100644 index 253b68f4..00000000 --- a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519_edwards25519sha512batch.c +++ /dev/null @@ -1,230 +0,0 @@ -#include "fe25519.h" -#include "sc25519.h" -#include "ge25519.h" - -/* - * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 - * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 - * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); - */ - -typedef struct -{ - fe25519 x; - fe25519 z; - fe25519 y; - fe25519 t; -} ge25519_p1p1; - -typedef struct -{ - fe25519 x; - fe25519 y; - fe25519 z; -} ge25519_p2; - -#define ge25519_p3 ge25519 - -/* Windowsize for fixed-window scalar multiplication */ -#define WINDOWSIZE 2 /* Should be 1,2, or 4 */ -#define WINDOWMASK ((1<<WINDOWSIZE)-1) - -/* packed parameter d in the Edwards curve equation */ -static const unsigned char ecd[32] = {0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, - 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}; - -/* Packed coordinates of the base point */ -static const unsigned char ge25519_base_x[32] = {0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, - 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}; -static const unsigned char ge25519_base_y[32] = {0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}; -static const unsigned char ge25519_base_z[32] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; -static const unsigned char ge25519_base_t[32] = {0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, - 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}; - -/* Packed coordinates of the neutral element */ -static const unsigned char ge25519_neutral_x[32] = {0}; -static const unsigned char ge25519_neutral_y[32] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; -static const unsigned char ge25519_neutral_z[32] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; -static const unsigned char ge25519_neutral_t[32] = {0}; - -static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) -{ - fe25519_mul(&r->x, &p->x, &p->t); - fe25519_mul(&r->y, &p->y, &p->z); - fe25519_mul(&r->z, &p->z, &p->t); -} - -static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) -{ - p1p1_to_p2((ge25519_p2 *)r, p); - fe25519_mul(&r->t, &p->x, &p->y); -} - -/* Constant-time version of: if(b) r = p */ -static void cmov_p3(ge25519_p3 *r, const ge25519_p3 *p, unsigned char b) -{ - fe25519_cmov(&r->x, &p->x, b); - fe25519_cmov(&r->y, &p->y, b); - fe25519_cmov(&r->z, &p->z, b); - fe25519_cmov(&r->t, &p->t, b); -} - -/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ -static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) -{ - fe25519 a,b,c,d; - fe25519_square(&a, &p->x); - fe25519_square(&b, &p->y); - fe25519_square(&c, &p->z); - fe25519_add(&c, &c, &c); - fe25519_neg(&d, &a); - - fe25519_add(&r->x, &p->x, &p->y); - fe25519_square(&r->x, &r->x); - fe25519_sub(&r->x, &r->x, &a); - fe25519_sub(&r->x, &r->x, &b); - fe25519_add(&r->z, &d, &b); - fe25519_sub(&r->t, &r->z, &c); - fe25519_sub(&r->y, &d, &b); -} - -static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) -{ - fe25519 a, b, c, d, t, fd; - fe25519_unpack(&fd, ecd); - - fe25519_sub(&a, &p->y, &p->x); // A = (Y1-X1)*(Y2-X2) - fe25519_sub(&t, &q->y, &q->x); - fe25519_mul(&a, &a, &t); - fe25519_add(&b, &p->x, &p->y); // B = (Y1+X1)*(Y2+X2) - fe25519_add(&t, &q->x, &q->y); - fe25519_mul(&b, &b, &t); - fe25519_mul(&c, &p->t, &q->t); //C = T1*k*T2 - fe25519_mul(&c, &c, &fd); - fe25519_add(&c, &c, &c); //XXX: Can save this addition by precomputing 2*ecd - fe25519_mul(&d, &p->z, &q->z); //D = Z1*2*Z2 - fe25519_add(&d, &d, &d); - fe25519_sub(&r->x, &b, &a); // E = B-A - fe25519_sub(&r->t, &d, &c); // F = D-C - fe25519_add(&r->z, &d, &c); // G = D+C - fe25519_add(&r->y, &b, &a); // H = B+A -} - -/* ******************************************************************** - * EXPORTED FUNCTIONS - ******************************************************************** */ - -/* return 0 on success, -1 otherwise */ -int ge25519_unpack_vartime(ge25519_p3 *r, const unsigned char p[32]) -{ - int ret; - fe25519 t, fd; - unsigned char par; - - fe25519_setone(&r->z); - fe25519_unpack(&fd, ecd); - par = p[31] >> 7; - fe25519_unpack(&r->y, p); - fe25519_square(&r->x, &r->y); - fe25519_mul(&t, &r->x, &fd); - fe25519_sub(&r->x, &r->x, &r->z); - fe25519_add(&t, &r->z, &t); - fe25519_invert(&t, &t); - fe25519_mul(&r->x, &r->x, &t); - ret = fe25519_sqrt_vartime(&r->x, &r->x, par); - fe25519_mul(&r->t, &r->x, &r->y); - return ret; -} - -void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) -{ - fe25519 tx, ty, zi; - fe25519_invert(&zi, &p->z); - fe25519_mul(&tx, &p->x, &zi); - fe25519_mul(&ty, &p->y, &zi); - fe25519_pack(r, &ty); - r[31] ^= fe25519_getparity(&tx) << 7; -} - -void ge25519_add(ge25519_p3 *r, const ge25519_p3 *p, const ge25519_p3 *q) -{ - ge25519_p1p1 grp1p1; - add_p1p1(&grp1p1, p, q); - p1p1_to_p3(r, &grp1p1); -} - -void ge25519_double(ge25519_p3 *r, const ge25519_p3 *p) -{ - ge25519_p1p1 grp1p1; - dbl_p1p1(&grp1p1, (const ge25519_p2 *)p); - p1p1_to_p3(r, &grp1p1); -} - -void ge25519_scalarmult(ge25519_p3 *r, const ge25519_p3 *p, const sc25519 *s) -{ - int i,j,k; - ge25519_p3 g; - ge25519_p3 pre[(1 << WINDOWSIZE)]; - ge25519_p3 t; - ge25519_p1p1 tp1p1; - unsigned char w; - unsigned char sb[32]; - - fe25519_unpack(&g.x, ge25519_neutral_x); - fe25519_unpack(&g.y, ge25519_neutral_y); - fe25519_unpack(&g.z, ge25519_neutral_z); - fe25519_unpack(&g.t, ge25519_neutral_t); - - sc25519_to32bytes(sb, s); - - // Precomputation - pre[0] = g; - pre[1] = *p; - for(i=2;i<(1<<WINDOWSIZE);i+=2) - { - dbl_p1p1(&tp1p1, (ge25519_p2 *)(pre+i/2)); - p1p1_to_p3(pre+i, &tp1p1); - add_p1p1(&tp1p1, pre+i, pre+1); - p1p1_to_p3(pre+i+1, &tp1p1); - } - - // Fixed-window scalar multiplication - for(i=32;i>0;i--) - { - for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE) - { - for(k=0;k<WINDOWSIZE-1;k++) - { - dbl_p1p1(&tp1p1, (ge25519_p2 *)&g); - p1p1_to_p2((ge25519_p2 *)&g, &tp1p1); - } - dbl_p1p1(&tp1p1, (ge25519_p2 *)&g); - p1p1_to_p3(&g, &tp1p1); - // Cache-timing resistant loading of precomputed value: - w = (sb[i-1]>>j) & WINDOWMASK; - t = pre[0]; - for(k=1;k<(1<<WINDOWSIZE);k++) - cmov_p3(&t, &pre[k], k==w); - - add_p1p1(&tp1p1, &g, &t); - if(j != 0) p1p1_to_p2((ge25519_p2 *)&g, &tp1p1); - else p1p1_to_p3(&g, &tp1p1); /* convert to p3 representation at the end */ - } - } - r->x = g.x; - r->y = g.y; - r->z = g.z; - r->t = g.t; -} - -void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) -{ - /* XXX: Better algorithm for known-base-point scalar multiplication */ - ge25519_p3 t; - fe25519_unpack(&t.x, ge25519_base_x); - fe25519_unpack(&t.y, ge25519_base_y); - fe25519_unpack(&t.z, ge25519_base_z); - fe25519_unpack(&t.t, ge25519_base_t); - ge25519_scalarmult(r, &t, s); -} diff --git a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519.h b/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519.h deleted file mode 100644 index f791dea4..00000000 --- a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519.h +++ /dev/null @@ -1,51 +0,0 @@ -#ifndef SC25519_H -#define SC25519_H - -#define sc25519 crypto_sign_edwards25519sha512batch_sc25519 -#define sc25519_from32bytes crypto_sign_edwards25519sha512batch_sc25519_from32bytes -#define sc25519_from64bytes crypto_sign_edwards25519sha512batch_sc25519_from64bytes -#define sc25519_to32bytes crypto_sign_edwards25519sha512batch_sc25519_to32bytes -#define sc25519_pack crypto_sign_edwards25519sha512batch_sc25519_pack -#define sc25519_getparity crypto_sign_edwards25519sha512batch_sc25519_getparity -#define sc25519_setone crypto_sign_edwards25519sha512batch_sc25519_setone -#define sc25519_setzero crypto_sign_edwards25519sha512batch_sc25519_setzero -#define sc25519_neg crypto_sign_edwards25519sha512batch_sc25519_neg -#define sc25519_add crypto_sign_edwards25519sha512batch_sc25519_add -#define sc25519_sub crypto_sign_edwards25519sha512batch_sc25519_sub -#define sc25519_mul crypto_sign_edwards25519sha512batch_sc25519_mul -#define sc25519_square crypto_sign_edwards25519sha512batch_sc25519_square -#define sc25519_invert crypto_sign_edwards25519sha512batch_sc25519_invert - -#include "crypto_uint32.h" - -typedef struct { - crypto_uint32 v[32]; -} sc25519; - -void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); - -void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); - -void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); - -void sc25519_pack(unsigned char r[32], const sc25519 *x); - -unsigned char sc25519_getparity(const sc25519 *x); - -void sc25519_setone(sc25519 *r); - -void sc25519_setzero(sc25519 *r); - -void sc25519_neg(sc25519 *r, const sc25519 *x); - -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_sub(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_square(sc25519 *r, const sc25519 *x); - -void sc25519_invert(sc25519 *r, const sc25519 *x); - -#endif diff --git a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519_edwards25519sha512batch.c b/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519_edwards25519sha512batch.c deleted file mode 100644 index 085e3f92..00000000 --- a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519_edwards25519sha512batch.c +++ /dev/null @@ -1,150 +0,0 @@ -#include "sc25519.h" - -/*Arithmetic modulo the group order n = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ - -static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; - -static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, - 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; - -/* Reduce coefficients of r before calling reduce_add_sub */ -static void reduce_add_sub(sc25519 *r) -{ - int i, b, pb=0, nb; - unsigned char t[32]; - - for(i=0;i<32;i++) - { - b = (r->v[i]<pb+m[i]); - t[i] = r->v[i]-pb-m[i]+b*256; - pb = b; - } - nb = 1-b; - for(i=0;i<32;i++) - r->v[i] = r->v[i]*b + t[i]*nb; -} - -/* Reduce coefficients of x before calling barrett_reduce */ -static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) -{ - /* See HAC, Alg. 14.42 */ - int i,j; - crypto_uint32 q2[66] = {0}; - crypto_uint32 *q3 = q2 + 33; - crypto_uint32 r1[33]; - crypto_uint32 r2[33] = {0}; - crypto_uint32 carry; - int b, pb=0; - - for(i=0;i<33;i++) - for(j=0;j<33;j++) - if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; - carry = q2[31] >> 8; - q2[32] += carry; - carry = q2[32] >> 8; - q2[33] += carry; - - for(i=0;i<33;i++)r1[i] = x[i]; - for(i=0;i<32;i++) { - for(j=0;j<33;j++) { - if(i+j < 33) { - /* coverity[overrun-local] */ - r2[i+j] += m[i]*q3[j]; - } - } - } - for(i=0;i<32;i++) - { - carry = r2[i] >> 8; - r2[i+1] += carry; - r2[i] &= 0xff; - } - - for(i=0;i<32;i++) - { - b = (r1[i]<pb+r2[i]); - r->v[i] = r1[i]-pb-r2[i]+b*256; - pb = b; - } - - /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 - * If so: Handle it here! - */ - - reduce_add_sub(r); - reduce_add_sub(r); -} - -/* -static int iszero(const sc25519 *x) -{ - // Implement - return 0; -} -*/ - -void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) -{ - int i; - crypto_uint32 t[64] = {0}; - for(i=0;i<32;i++) t[i] = x[i]; - barrett_reduce(r, t); -} - -void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) -{ - int i; - crypto_uint32 t[64] = {0}; - for(i=0;i<64;i++) t[i] = x[i]; - barrett_reduce(r, t); -} - -/* XXX: What we actually want for crypto_group is probably just something like - * void sc25519_frombytes(sc25519 *r, const unsigned char *x, size_t xlen) - */ - -void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) -{ - int i; - for(i=0;i<32;i++) r[i] = x->v[i]; -} - -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - int i, carry; - for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; - for(i=0;i<31;i++) - { - carry = r->v[i] >> 8; - r->v[i+1] += carry; - r->v[i] &= 0xff; - } - reduce_add_sub(r); -} - -void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - int i,j,carry; - crypto_uint32 t[64]; - for(i=0;i<64;i++)t[i] = 0; - - for(i=0;i<32;i++) - for(j=0;j<32;j++) - t[i+j] += x->v[i] * y->v[j]; - - /* Reduce coefficients */ - for(i=0;i<63;i++) - { - carry = t[i] >> 8; - t[i+1] += carry; - t[i] &= 0xff; - } - - barrett_reduce(r, t); -} - -void sc25519_square(sc25519 *r, const sc25519 *x) -{ - sc25519_mul(r, x, x); -} diff --git a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c b/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c deleted file mode 100644 index b3c0c0d5..00000000 --- a/external_libs/python/pyzmq-14.7.0/bundled/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c +++ /dev/null @@ -1,106 +0,0 @@ -#include "api.h" -#include "crypto_hash_sha512.h" -#include "randombytes.h" -#include "crypto_verify_32.h" - -#include "ge25519.h" - -int crypto_sign_keypair( - unsigned char *pk, - unsigned char *sk - ) -{ - sc25519 scsk; - ge25519 gepk; - - randombytes_buf(sk, 32); - crypto_hash_sha512(sk, sk, 32); - sk[0] &= 248; - sk[31] &= 127; - sk[31] |= 64; - - sc25519_from32bytes(&scsk,sk); - - ge25519_scalarmult_base(&gepk, &scsk); - ge25519_pack(pk, &gepk); - return 0; -} - -int crypto_sign( - unsigned char *sm,unsigned long long *smlen_p, - const unsigned char *m,unsigned long long mlen, - const unsigned char *sk - ) -{ - sc25519 sck, scs, scsk; - ge25519 ger; - unsigned char r[32]; - unsigned char s[32]; - unsigned long long i; - unsigned char hmg[crypto_hash_sha512_BYTES]; - unsigned char hmr[crypto_hash_sha512_BYTES]; - - if (smlen_p != NULL) { - *smlen_p = mlen+64; - } - for(i=0;i<mlen;i++) - sm[32 + i] = m[i]; - for(i=0;i<32;i++) - sm[i] = sk[32+i]; - crypto_hash_sha512(hmg, sm, mlen+32); /* Generate k as h(m,sk[32],...,sk[63]) */ - - sc25519_from64bytes(&sck, hmg); - ge25519_scalarmult_base(&ger, &sck); - ge25519_pack(r, &ger); - - for(i=0;i<32;i++) - sm[i] = r[i]; - - crypto_hash_sha512(hmr, sm, mlen+32); /* Compute h(m,r) */ - sc25519_from64bytes(&scs, hmr); - sc25519_mul(&scs, &scs, &sck); - - sc25519_from32bytes(&scsk, sk); - sc25519_add(&scs, &scs, &scsk); - - sc25519_to32bytes(s,&scs); /* cat s */ - for(i=0;i<32;i++) - sm[mlen+32+i] = s[i]; - - return 0; -} - -int crypto_sign_open( - unsigned char *m,unsigned long long *mlen_p, - const unsigned char *sm,unsigned long long smlen, - const unsigned char *pk - ) -{ - unsigned long long i; - unsigned char t1[32], t2[32]; - ge25519 get1, get2, gepk; - sc25519 schmr, scs; - unsigned char hmr[crypto_hash_sha512_BYTES]; - - if (ge25519_unpack_vartime(&get1, sm)) return -1; - if (ge25519_unpack_vartime(&gepk, pk)) return -1; - - crypto_hash_sha512(hmr,sm,smlen-32); - - sc25519_from64bytes(&schmr, hmr); - ge25519_scalarmult(&get1, &get1, &schmr); - ge25519_add(&get1, &get1, &gepk); - ge25519_pack(t1, &get1); - - sc25519_from32bytes(&scs, &sm[smlen-32]); - ge25519_scalarmult_base(&get2, &scs); - ge25519_pack(t2, &get2); - - for(i=0;i<smlen-64;i++) { - m[i] = sm[i + 32]; - } - if (mlen_p != NULL) { - *mlen_p = smlen-64; - } - return crypto_verify_32(t1, t2); -} |