Merge branch 'release/0.9.0'

Author: plotskogwq

.travis.yml

@@ -6,12 +6,12 @@ rust:
   - nightly
 
 env:
-  - TEST_COMMAND=test FEATURES=--features="yolocrypto"
-  - TEST_COMMAND=test FEATURES=--features="yolocrypto serde"
-  - TEST_COMMAND=test FEATURES=--features="yolocrypto nightly"
-  - TEST_COMMAND=bench FEATURES=--features="yolocrypto bench"
-  - TEST_COMMAND=bench FEATURES=--features="yolocrypto nightly bench"
-  - TEST_COMMAND=build FEATURES=--no-default-features
+  - TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='yolocrypto'
+  - TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='yolocrypto serde'
+  - TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='yolocrypto nightly'
+  - TEST_COMMAND=bench EXTRA_FLAGS='' FEATURES='yolocrypto bench'
+  - TEST_COMMAND=bench EXTRA_FLAGS='' FEATURES='yolocrypto nightly bench'
+  - TEST_COMMAND=build EXTRA_FLAGS=--no-default-features FEATURES='' 
 
 matrix:
   exclude:
@@ -20,23 +20,23 @@ matrix:
     # run benchmarks, which causes dalek not to build on stable.  See
     # https://github.com/isislovecruft/curve25519-dalek/pull/38#issuecomment-286027562
     - rust: stable
-      env: TEST_COMMAND=bench FEATURES=--features="yolocrypto bench"
+      env: TEST_COMMAND=bench EXTRA_FLAGS='' FEATURES='yolocrypto bench'
     - rust: beta
-      env: TEST_COMMAND=bench FEATURES=--features="yolocrypto bench"
+      env: TEST_COMMAND=bench EXTRA_FLAGS='' FEATURES='yolocrypto bench'
     - rust: stable
-      env: TEST_COMMAND=bench FEATURES=--features="yolocrypto nightly bench"
+      env: TEST_COMMAND=bench EXTRA_FLAGS='' FEATURES='yolocrypto nightly bench'
     - rust: beta
-      env: TEST_COMMAND=bench FEATURES=--features="yolocrypto nightly bench"
+      env: TEST_COMMAND=bench EXTRA_FLAGS='' FEATURES='yolocrypto nightly bench'
     # Test nightly features, such as radix_51, only on nightly.
     - rust: stable
-      env: TEST_COMMAND=test FEATURES=--features="yolocrypto nightly"
+      env: TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='yolocrypto nightly'
     - rust: beta
-      env: TEST_COMMAND=test FEATURES=--features="yolocrypto nightly"
+      env: TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='yolocrypto nightly'
     # Test no_std only on nightly.
     - rust: stable
-      env: TEST_COMMAND=build FEATURES=--no-default-features
+      env: TEST_COMMAND=build EXTRA_FLAGS=--no-default-features FEATURES=''
     - rust: beta
-      env: TEST_COMMAND=build FEATURES=--no-default-features
+      env: TEST_COMMAND=build EXTRA_FLAGS=--no-default-features FEATURES=''
 
 script:
-  - cargo $TEST_COMMAND $FEATURES
+  - cargo $TEST_COMMAND --features="$FEATURES" $EXTRA_FLAGS

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "curve25519-dalek"
-version = "0.8.1"
+version = "0.9.0"
 authors = ["Isis Lovecruft <[email protected]>",
            "Henry de Valence <[email protected]>"]
 readme = "README.md"

README.md

@@ -1,5 +1,5 @@
 
-# curve25519-dalek  ![](https://img.shields.io/crates/v/curve25519-dalek.svg) ![](https://docs.rs/curve25519-dalek/badge.svg) ![](https://travis-ci.org/isislovecruft/curve25519-dalek.svg?branch=master)
+# curve25519-dalek  [![](https://img.shields.io/crates/v/curve25519-dalek.svg)](https://crates.io/curve25519-dalek) [![](https://docs.rs/curve25519-dalek/badge.svg)](https://docs.rs/curve25519-dalek) [![](https://travis-ci.org/isislovecruft/curve25519-dalek.svg?branch=master)](https://travis-ci.org/isislovecruft/curve25519-dalek)
 
 **A low-level cryptographic library for point, group, field, and scalar
 operations on a curve isomorphic to the twisted Edwards curve defined by -x²+y²
@@ -44,7 +44,7 @@ Extensive documentation is available [here](https://docs.rs/curve25519-dalek).
 To install, add the following to the dependencies section of your project's
 `Cargo.toml`:
 
-    curve25519-dalek = "^0.8"
+    curve25519-dalek = "^0.9"
 
 Then, in your library or executable source, add:
 
@@ -57,7 +57,6 @@ fast.
 ## TODO
 
 * Implement hashing to a point on the curve (Elligator).
-* Maybe use serde for serialization.
 * Make a new `mask` type in `subtle.rs` and return that instead of `u8`s.
 * Implement all utilities in Golang's `crypto/subtle` package, and
   move the module to its own crate.

fuzz/.gitignore

@@ -0,0 +1,4 @@
+
+target
+corpus
+artifacts

fuzz/Cargo.toml

@@ -0,0 +1,24 @@
+
+[package]
+name = "curve25519-dalek-fuzz"
+version = "0.0.1"
+authors = ["Automatically generated"]
+publish = false
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies.curve25519-dalek]
+path = ".."
+features = ["yolocrypto"]
+
+[dependencies.libfuzzer-sys]
+git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "decaf"
+path = "fuzzers/decaf.rs"

fuzz/fuzzers/decaf.rs

@@ -0,0 +1,21 @@
+#![no_main]
+#[macro_use] extern crate libfuzzer_sys;
+extern crate curve25519_dalek;
+
+use curve25519_dalek::curve::ValidityCheck;
+use curve25519_dalek::decaf::DecafPoint;
+use curve25519_dalek::field::FieldElement;
+
+fuzz_target!(|data: &[u8]| {
+    if data.len() != 32 {
+        return;
+    }
+    let mut field_bytes = [0u8; 32];
+    for (by, data) in field_bytes.iter_mut().zip(data.iter()) {
+        *by = *data;
+    }
+    let fe = FieldElement::from_bytes(&field_bytes);
+    let p = DecafPoint::elligator_decaf_flavour(&fe);
+    assert!(p.0.is_valid());
+    p.compress();
+});

src/constants.rs

@@ -55,6 +55,23 @@ pub const a_minus_d: FieldElement    = FieldElement([
      8787816,    6275908,   3247719,  18696448,  12055116, ]);
 #[cfg(feature="radix_51")]
 pub const a_minus_d: FieldElement = FieldElement([1321844580190025, 1785434093556034, 589740348686294, 217950738957124, 809005158844672]);
+#[cfg(feature="radix_51")]
+pub const invsqrt_a_minus_d: FieldElement = FieldElement([
+    278908739862762, 821645201101625, 8113234426968, 1777959178193151, 2118520810568447
+]);
+#[cfg(not(feature="radix_51"))]
+pub const invsqrt_a_minus_d: FieldElement = FieldElement([
+    6111485, 4156064, -27798727, 12243468, -25904040,
+    120897, 20826367, -7060776, 6093568, -1986012
+]);
+#[cfg(feature="radix_51")]
+pub const inv_a_minus_d: FieldElement = FieldElement([
+    2251799813563563, 2251799813685247, 2251799813685247, 2251799813685247, 2251799813685247
+]);
+#[cfg(not(feature="radix_51"))]
+pub const inv_a_minus_d: FieldElement = FieldElement([
+    -121666, 0, 0, 0, 0, 0, 0, 0, 0, 0
+]);
 
 /// (p-1)/2, in little-endian bytes.
 pub const HALF_P_MINUS_1_BYTES: [u8; 32] =
@@ -3247,5 +3264,10 @@ mod test {
         let a = FieldElement::minus_one();
         let a_minus_d = &a - &constants::d;
         assert_eq!(a_minus_d, constants::a_minus_d);
+        let (_, invsqrt_a_minus_d) = constants::a_minus_d.invsqrt();
+        assert_eq!(invsqrt_a_minus_d, constants::invsqrt_a_minus_d);
+        let inv_a_minus_d = invsqrt_a_minus_d.square();
+        assert_eq!(inv_a_minus_d, constants::inv_a_minus_d);
+        assert_eq!(&inv_a_minus_d * &a_minus_d, FieldElement::one());
     }
 }

src/curve.rs

@@ -83,13 +83,14 @@ use collections::Vec;
 use core::fmt::Debug;
 use core::iter::Iterator;
 use core::ops::{Add, Sub, Neg};
+use core::ops::{AddAssign, SubAssign};
 use core::ops::{Mul, MulAssign};
 use core::ops::Index;
 
 use constants;
 use field::FieldElement;
 use scalar::Scalar;
-use subtle::arrays_equal_ct;
+use subtle::arrays_equal;
 use subtle::bytes_equal_ct;
 use subtle::CTAssignable;
 use subtle::CTEq;
@@ -517,8 +518,8 @@ impl CTAssignable for ExtendedPoint {
 
 impl CTEq for ExtendedPoint {
     fn ct_eq(&self, other: &ExtendedPoint) -> u8 {
-        arrays_equal_ct( self.compress_edwards().as_bytes(),
-                        other.compress_edwards().as_bytes())
+        arrays_equal( self.compress_edwards().as_bytes(),
+                      other.compress_edwards().as_bytes())
     }
 }
 
@@ -802,13 +803,29 @@ impl<'a,'b> Add<&'b ExtendedPoint> for &'a ExtendedPoint {
     }
 }
 
+impl<'b> AddAssign<&'b ExtendedPoint> for ExtendedPoint {
+    fn add_assign(&mut self, _rhs: &'b ExtendedPoint) {
+        *self = (self as &ExtendedPoint) + _rhs;
+    }
+}
+
 impl<'a,'b> Sub<&'b ExtendedPoint> for &'a ExtendedPoint {
     type Output = ExtendedPoint;
     fn sub(self, other: &'b ExtendedPoint) -> ExtendedPoint {
         (self - &other.to_projective_niels()).to_extended()
     }
 }
 
+impl<'b> SubAssign<&'b ExtendedPoint> for ExtendedPoint {
+    fn sub_assign(&mut self, _rhs: &'b ExtendedPoint) {
+        *self = (self as &ExtendedPoint) - _rhs;
+    }
+}
+
+// ------------------------------------------------------------------------
+// Negation
+// ------------------------------------------------------------------------
+
 impl<'a> Neg for &'a ExtendedPoint {
     type Output = ExtendedPoint;
 
@@ -1654,6 +1671,18 @@ mod bench {
     use super::*;
     use super::test::{A_SCALAR};
 
+    #[bench]
+    fn edwards_decompress(b: &mut Bencher) {
+        let B = &constants::BASE_CMPRSSD;
+        b.iter(|| B.decompress().unwrap());
+    }
+
+    #[bench]
+    fn edwards_compress(b: &mut Bencher) {
+        let B = &constants::ED25519_BASEPOINT;
+        b.iter(|| B.compress_edwards());
+    }
+
     #[bench]
     fn basepoint_mult(b: &mut Bencher) {
         let B = &constants::ED25519_BASEPOINT_TABLE;