src/include/barrett_field.h:
- Requires review: corrected failure to cast to (mask_t) prior to negation. (Or, if this is wrong; should cast to needed bitwidth explicitly.)
- Changed type of nwords_out to uint32_t to agree with header.
src/include/intrinsics.h:
- Fixed up various preprocessor statements to check for definition rather than value of built-ins.
- Added macro to use Clang’s __builtin_readcyclecounter on platforms on which it’s available. (Which is most platforms these days.)
src/include/magic.h: Preprocessor “if” versus “if defined”.
src/include/word.h: Fixed ifdefs; enabled support for memset_s on Darwin. Added explicit cast to mask_t.
Added void to function definitions and declarations in the following files (not including void is okay in modern C++, but not modern C, IIRC):
include/goldilocks.h, src/crandom.c, src/goldilocks.c, src/include/api.h, src/include/intrinsics.h, test/bench.c, test/test.c, test/test.h, test/test_arithmetic.c, test/test_goldilocks.c, test/test_pointops.c, test/test_scalarmul.c, test/test_sha512.c
Trying to work around an apparent GCC bug on SSE2, thanks Samuel
Neves.
Added an experimental NEON arch. It's fast. It's not yet GCC clean.
It needs some more work on general cleanliness too.
improve GCC-cleanness, etc.
Disable the crandom output buffer so that it won't return duplicate
data across fork(). I should still stir in more entropy into the
buffer at least when RDRAND is available, but this should prevent
disasters for now.
The Elligator code in the current version is incompatible with past
versions due to a minor tweak. It wasn't being called by any of
the API functions, though.
Removing "magic" constants and type names. So for example p448_t
is now field_t (though maybe it should really be felem_t?). This
should enable other curves with the Goldilocks code in the not-too-
distant future.
Added CRANDOM_MIGHT_IS_MUST so that you don't have to -D a bunch of
things on the command line.
You can `make bat` to make an eBAT which probably doesn't work.
I haven't implemented the improved nonce generation from the
curves@moderncrypto.org thread yet.
(you knew this would happen).
Added ARM NEON support.
Added support for precomputation on public keys, which speeds up
later signatures and ECDH calls. See history.txt or the doc for
details.
Reworked internals so that private keys can be derived from any
32-byte secret random value. This also means that secret keys
can be "compressed" for cold storage.
Added more tests. Running the tests now requires GMP, though
Goldilocks itself does not.
Linking now uses visibility instead of exported.sym.
Rework the directory structure into something saner, with src/ test/ include/ and build/
Beginning some tests. Also, now support scan-build.
Now support 32-bit including vectorless ARM. NEON is not yet supported, because I don't
have a test machine.
Many internal changes, improvements, and bug fixes.
Changed the formats of private keys and shared secrets.
Added SHA512 support. It's slow and probably has endian bugs.
Signatures are now supported.
Renamed a bunch of internal functions to be more readable and
consistent.
Began documenting functions with Doxygen.
See HISTORY.txt for more details.
Mike Hamburg
Nicholas Wilson
David Leon Gil