The old API takes the public key as an input.  If the wrong public key
is passed, then the private key may be revealed to the attacker (via the
usual two-signatures-one-nonce vulnerability).  As a countermeasure, the
API now instead rederives the pubkey and asserts equality.  This makes it
twice as slow.

The new API stores the public and private keypair in one struct, which is
initialized by expanding the private key.  This protects against mistakes.

The old API is soft-deprecated.  I might add a deprecation attribute
later.

This reverts commit 540d9b8158.

The commit appears to break the build

https://sourceforge.net/p/ed448goldilocks/code/merge-requests/15/

https://sourceforge.net/p/ed448goldilocks/code/merge-requests/14/

Tweak the message indicating the location of generated code to be clear
that the code has yet to be generated.

Apply Modern CMake best practices and use target_include_directories
rather than include_directories for defining where to find header files.
Where possible, scope was reduced to PRIVATE, indicating that the headers
are required only for compilation, not when linking against the target.

Additionally, the generated headers that are required for the decaf libs
to work have been added to their build interface. This means that other
projects that use CMake to build this project will correctly link against
the decaf and decaf-static targets.

The existing code checked if a directory existed and if it did, it would
not attempt to create it. However, this proved to be flaky on Mac and Linux.
The check would frequently report the directory as not existing, but the
attempt to create the directory would cause an exception.

Bump version number in CMakeLists.txt, thanks Johan Pascal.
Change test scripts to avoid GCC warnings, thanks Sofi Celi.
Add full RFC 8032 test vectors, thanks Sofi Celi.

git://git.code.sf.net/p/ed448goldilocks/code

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows_testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

windows testing

Revert "windows testing"

This reverts commit 4b1047d433.

Revert "windows testing"

This reverts commit 4deaad7796.

Revert "windows testing"

This reverts commit ce1af72cd1.

windows testing

- decaf_tables.c are back in the source tree to help cross-compilation

Switch everything over to the Ristretto variant of the Decaf encoding,
for compatibility with https://github.com/isislovecruft/curve25519-dalek
and others.  Documentation coming sometime at https://ristretto.group/.

For now, suffice it to say that Ristretto has the same API and security
properties, but slightly different input and output bytes.

Also close Ticket 9, renaming "mul_by_cofactor_and_encode" functions to
"mul_by_ratio_and_encode" with an appropriate #defined ENCODE_RATIO.
This is because the base points in RFC 7748 and RFC 8032 have different
relationships with the libdecaf base points.  With this change,
mul_by_ratio_and_encode'ing the base point will result in
[EDDSA|X25519|X448]_ENCODE_RATIO times the RFC 8032 EdDSA and RFC 7748
X25519|X448 base point.

Merge branch 'ristretto-work'