Seems already resolved on the main branch. I guess a 1.0.3 tag would be nice!
1.0.2 build failure due to array-parameter warning treated as failure
add SER_BYTES to gf_serialize prototype
adjust comments in ristretto.sage
indicate that x86 word_is_zero affects the carry flag
test for subgroup membership in ed448 (sage).
add flags for strongly binding EdDSA signatures, per https://eprint.iacr.org/2020/1244.pdf
Merge commit '02becbc6da2caa5549cac36023fe8e1648283d90'
document how to run tests...
amd64 is the arch name on FreeBSD..
wrap commands with code block, drop make test as missing..
Merge branch 'pyupdate' of https://www.funkthat.com/gitea/jmg/ed448goldilocks
add a couple test vectors from the RFC...
old versions of clang can only handle a single argument
update to new build infra, python 3, and add instructions..
forgot that FreeBSD's lib format is slightly different, this should work
document how to run tests...
Thanks, sorry for the slow response.
Build with gcc
Build with gcc
Updated windows build fixes and others build script fix
add note to history
Fix two security bugs.
Fix windows build
Fix windows build
Thanks! No worry, you're not slow at all. I don't think the explicit cast would do harm. I'll come back if it does.
Merged, sorry to be slow. I also changed the cast in bit_to_mask to be explicit, since otherwise you have to know the C promotion rules to verify correctness ... hope that doesn't break anything in Windows.
explicitly upcast mask, for clarity
HI Mike, any chance to review this MR? Is it acceptable like this?
Indeed something was wrong with XCode12/cmake3.19 but it is all set now.
You're right. The C99 standard perfectly defines assigning -1 to an unsigned value (http://c0x.coding-guidelines.com/6.3.1.3.html). So I removed the convoluted way of doing this simple thing but created anyway a function bit_to_mask in order to make it easier to disable the C4146 warning. I also re-enable the array bound check, I don't even remember why it was off in the first place. I has report of a problem building using Xcode12. I'll let you know soon if I find out if the problem is in the build...
Makes sense, but is there a way to just disable C4146, or maybe we should have a bit_to_mask function? That would be preferable to modifying the code. Also, looking at the CMake files, what fails if we re-enable array bounds warnings? Those seem nice to have in security code.
Ok, if I understood well your concern is to avoid branching when producing the mask? Windows compiler won't let you use the trick of setting -1 into a unsigned int to turn it to 0xffffffff. Please , check the new commit I just pushed, It is not the most efficient way to do it but it is branchless, makes windows compiler happy and is not really significant on the global performances. Let me know if this is acceptable for you.
Thanks Johan. This mostly looks good, but the ternary operator is no good because it will cause side-channel problems. Can you change that back to masking?
Build on windows
Updated windows build fixes and others build script fix
update HISTORY to mention the malleability flaw
a couple more tests for EdDSA malleability
fix malleability bug from https://eprint.iacr.org/2020/1244.pdf and add test vectors
fix bug in ristretto elligator: it should be able to take improper field elements as input
optimize s^2 -> s2, thanks Fabio Scotoni
dont double generator for Ed448RistrettoPoint
update ristretto.sage for python3. Also add Ed448RistrettoPoint for reference
Add safer version of EdDSA signing API.
doc generation
You're welcome, closing.
Ha, indeed. Thanks
Do you have doxygen and dot installed? If not, then cmake complains about not finding them.
cmake ... make make test all above passed successfully. make doc -> empty output cat Makefile | grep doc -> empty output Looks like 'doc' goal was not generated.
After running cmake, make doc should work. At least if you have doxygen and dot on your system. Are you seeing otherwise?
doc generation
Compilation error with gcc 9.1
Yes that fixes it, thanks!
Fixed now?
fix issues when compiling on GCC 9.1
Compilation error with gcc 9.1
Thanks Johan Pascal: remove gf_hibit, since it was a relic from p521 days
also remove X_SER_BYTES while were at it
I'd be happy to retry if your PR builds properly on my machines though.
Add includes to build interface of decaf libs
This breaks the build on my Mac (with cmake 3.11.3), so I unmerged it. I get an error of CMake Error at src/curve25519/CMakeLists.txt:23 (target_link_libraries): Object library target "CURVE25519" may not link to anything. I'm not a cmake wizard, so I didn't know how to fix it. Commenting out such lines gave an error that it couldn't find word.h.
Revert "Add includes to build interface of decaf libs"
errno.eexist
Tweak generated code message
Merge /u/mariusvolkhart/ed448goldilocks/ branch mv/messaging into master
Merge /u/mariusvolkhart/ed448goldilocks/ branch mv/cmakeIncludes into master
Add includes to build interface of decaf libs
Fix flaky statement in Python generator
Tweak generated code message
Add includes to build interface of decaf libs
I should clarify - this happens when running using the CMake generated build. I did not try any other ways
Fix flaky statement in Python generator
I'd like to provide some feedback on the CMake system. I' very happy to see it, but there are a few things that don't quite work as expected. For the sake of simplicity, CMake works in 2 steps: configure and build. Configure creates the build files using a generator such as makefiles or Ninja, and Build actually runs the build tool. The current setup reports during the Configuration step Generated source code in /path/to/goldilocks/build_dir/goldilocks/src/GENERATED. This is incorrect, as the generated...
Build on windows
Minor changes.
v1.0
NEON detection
From the CMAKE file this may not affect android builds. If not, then defer to 2.0 or later. Can't let optimized flags for all the platforms block deployment.
NEON detection
I merged /u/jeannotlapin's cmake build system, but I would like the community to test it before closing this issue.
Merged this in the newer one
Building scripts
Building scripts improved
So sorry to be slow. Someone else has also submitted a proposal for #4. I will try to wade through them this week and merge one. I've been bogged down with the NIST postquantum competition and lots of work, but I should be more available soon.
Hi Mike, any thoughts on merging? Scripts are working on a large range of linux distributions/architecture and macOS. I managed to build on windows 7 using MSVC 2017 cmake support but the tests crash/fail and benchs are very very slow, there is some more work to be done on that but otherwise I think it closes ticket #4 johan
Allow overriding of CC/CXX
Works fine with the patch you've pushed to master, thanks!
CC= -> CC?= in Makefile, thanks Timo Gurr
Try it now?
Allow overriding of CC/CXX
minor fixes: fix unreachable code, fix an integer used in boolean context, thanks to Sofi Celi
fix sagetest; thanks sofi
fix python2/3 ord issue
add tests for identity and torquing
double and encode in ristretto.sage for decaf ed25519. kinda sloppy, but good enough for a poc since im not going to implement in c yet anyway
double and encode in ristretto.sage for decaf ed448, not ed25519
doubleAndEncode for ristretto in sage doc
Hi Mike, sorry I couldn't figure a way to just update my last merge request with these new commits. johan