147 Commits (4adb584654460c30267d1799861ba81980fc0d4c)

Author SHA1 Message Date
  Michael Hamburg 4adb584654 ed25519 prehashed test vector. ed448 prehashed test vectors look invalid?? 9 years ago
  Michael Hamburg 3b9ffc4cc7 separate Ed25519ph from Ed25519 with awful CRTP hack 9 years ago
  Michael Hamburg f1df5e4714 lowerCamelCase -> snake_case. Put decaf_ in front of all (most?) identifiers, except for SHAKE which is being removed before 1.0 release (for future refactoring) 9 years ago
  Michael Hamburg 595855b434 move eddsa.hxx to its own header. sha512.hxx; rework shake.hxx header; create prehash object. TODO: test prehash 9 years ago
  Michael Hamburg 798b189a77 minor changes; clear a few TODOs 9 years ago
  Michael Hamburg 6225bfd2f4 EdDSA is go! 9 years ago
  Michael Hamburg 1f716044ca eddsa provisional pass 9 years ago
  Michael Hamburg d9a9bb96b5 eddsa-25519 now using sha512. But problem! We are using IsoEd25519 so we actually need an isogeny anyway to get to Ed25519 proper 9 years ago
  Michael Hamburg 0fa687437f sha512 9 years ago
  Michael Hamburg b06db0c78a EdDSA now supports multiple hashes as defined in curve_data.py. We still dont have sha512 though. 9 years ago
  Michael Hamburg 9d0bac672f move context arguments to the end of hash functions. Ed25519 doesnt support contexts. 9 years ago
  Michael Hamburg b1c6de6309 EdDSA 448 seems to be working. Needs more testing, code moved around. EdDSA 255 not working yet; needs SHA512 9 years ago
  Michael Hamburg fffb77ac2d eddsa sign seems to work for ed448. needs more testing of course 9 years ago
  Michael Hamburg d0e74a585a eddsa key generation, at least for goldilocks. needs parameterized hash function; sign/verify; rename; put in right place 9 years ago
  Michael Hamburg 650356c5f5 elligator overflow bits. 9 years ago
  Michael Hamburg 050dcc186f test/bench now uses run_for_all_curves<> 9 years ago
  Michael Hamburg c0310ba553 whoops, actually save the change the removes the todo comment 9 years ago
  Michael Hamburg c9abcef055 add some pathological test cases, clearing a few TODO items. Also scalar_set_unsigned now takes a uint64_t instead of a word_t 9 years ago
  Michael Hamburg 37e0886300 simplify elligator, in a way that shouldnt change its output. I think it uses the opposite convention from the paper for sign(s) though. 9 years ago
  Michael Hamburg c7a3efd496 fix typo in 32-bit code 9 years ago
  Mike Hamburg 5f38747a15 Montgomery ladder now uses non-reduced arith for speed. Also, it is tested to be CT 9 years ago
  Michael Hamburg 2eacff6ad6 rfc7748 implementation, but their names will probably change 9 years ago
  Michael Hamburg 4de70b837c separate out strobe and spongerng from shake. strobe is experimental. spongerng is experimental internally but the interface should be pretty good (except for any camelCase vs snake_case issues). shake should be stable 9 years ago
  Mike Hamburg 24e33a2f86 reasonable suite of ct tests now. also change scalar randomizer to generate +128 bits 9 years ago
  Mike Hamburg 9f1cc0e2af some more ct tests; serializeInto -> serialize_into. still need more ct tests, unification of snake vs camel case 9 years ago
  Mike Hamburg 51ac192b79 ct tests are in; succeed if -DNDEBUG is passed. Should carefully audit assertions. 9 years ago
  Michael Hamburg d81592ba71 make test_ct, except it probably doesnt work; definitely not on a mac with no memcheck.h installed 9 years ago
  Michael Hamburg 81403de10c knock out a couple TODOs 9 years ago
  Michael Hamburg 957ec6cd2c restore shared secret benchmarks 9 years ago
  Michael Hamburg f92d14e08a crypto.hxx is now a thin wrapper around crypto.h 9 years ago
  Michael Hamburg 1c97140893 working on python generation 9 years ago
  Michael Hamburg ee076bcc3d usage is static void 9 years ago
  Michael Hamburg b5a2757f21 clear a couple fixmes 9 years ago
  Michael Hamburg 64adbd1082 split c crypto routines for now (a bit of a hack :-/) 9 years ago
  Michael Hamburg 565522ffdf trying to update to the latest version of strobe. lots of stuff in flux though 9 years ago
  Mike Hamburg 704b424982 dual scalarmul because of TLS discussion 9 years ago
  Michael Hamburg a1f5348e18 beginning to separate errors from bools. not there yet though 9 years ago
  Michael Hamburg 88a60a294d add Group::FIELD_MODULUS_TYPE for testing purposes 9 years ago
  Michael Hamburg 49629216f8 simplify elligator (todo: test more? eg 1/(1-d) on 25519) 9 years ago
  Michael Hamburg 3ba3edc418 fix bench /0; some effort to bzero stack variables 9 years ago
  Michael Hamburg e95b7c7f0e made scalar inverse WARN_UNUSED and made it throw. Small fix to sagetest. Changed some places that assumed that success is true, in case I want to adopt the proposal that success is 0 9 years ago
  Michael Hamburg bc252f835a whups public_include 9 years ago
  Michael Hamburg 0f78ec28fc fix bug in tagforget 9 years ago
  Michael Hamburg d30a160bbb bench with ++ crypto 9 years ago
  Michael Hamburg b35f966cf4 add serializable class, though i might repent of this because i dont want a vtable 9 years ago
  Michael Hamburg 4dd77e0149 switch SecureBuffer to vector 9 years ago
  Mike Hamburg b849d2cd91 working on securebuffer problems, might just switch things to vector 9 years ago
  Michael Hamburg cdab495338 Cross-curve compilation working! Still a bunch of FIXMEs though 9 years ago
  Mike Hamburg 8a1315e15f get rid of unchecked isqrt. will be a tiny slowdown for p448 invert, called only in batch_invert 9 years ago
  Mike Hamburg eab2a41d13 switch from xy positive to 1/xy positive; this is because it can make laddered direct_scalarmul almost sane. almost. 9 years ago