* Replace `unwrap_u8` with `into`
Leverages the `From<Choice>` impl for `bool` where applicable instead,
which results in clearer logic which more closely matches `bool`.
* Added raw_sign() and raw_sign_prehashed() functions
* Renamed `nonce` to `hash_prefix` in signing because it's really not a nonce
* Moved raw signing to hazmat module
* impl From<EdwardsPoint> for VerifyingKey
* Brought back ExpandedSecretKey; made raw_* functions take it as input
* Added remaining features to docs.rs feature set
* Removed redundant ExpandedSecretKey def; made raw signing use a generic CtxDigest
* Implemented raw_verify with generic CtxDigest
* Implemented raw_verify_prehashed with generic MsgDigest and CtxDigest
* Wrote hazmat tests; fixed errors; switched ordering of MsgDigest and CtxDigest
* Updated changelog
* ExpandedSecretKey::from_bytes takes an array and is now infallible
* Add TODO comment for split_array_ref
* Added from_slice and TryFrom<&[u8]> for ExpandedSecretKey
---------
Co-authored-by: Tony Arcieri <bascule@gmail.com>
* Updated to new curve25519 scalar API
* Removed clamping from constructors; clamping is always done during scalar-point multiplication
* Updated test to reflect new functionality
* Updated changelog
* Add `Scalar` and `MontgomeryPoint` conversions
- Adds `SigningKey::to_scalar` to extract the private scalar
- Adds `VerifyingKey::to_montgomery` to map the verifying key's
`EdwardsPoint` to a `MontgomeryPoint`
- Also adds corresponding `From<&T>` impls which call the inherent
methods.
This is useful for systems which are keyed using Ed25519 keys which
would like to use X25519 for D-H. Having inherent methods means it's
possible to call these methods without having to import `Scalar` and
`MontgomeryPoint` from `curve25519-dalek`.
This is of course a bit circuitous: we could just multiply `Scalar` by
`EdwardsPoint` and use the resulting `EdwardsPoint` as the D-H shared
secret, however it seems many protocols have adopted this approach of
mapping to `MontgomeryPoint` and using that for the shared secret, since
X25519 is traditionally used for ECDH with Curve25519.
* Add reference to eprint 2021/509
* Basic X25519 Diffie-Hellman test
* Remove dependency on `packed_simd`
* Support SIMD on stable Rust
* Move `packed_simd.rs` to `vector` module
* Add comment header to `packed_simd.rs`
* Initialize SIMD registers using intrinsics instead of `transmute`
* Use a splat inside of `unpack_pair`
* Update README: the AVX2 backend now works on stable Rust
* Add a CI job to also build the AVX2 SIMD backend on Rust stable
* Added SIMD MSRV test
* Removed Scalar::{from_bits, from_bytes_clamped}; all constructible scalars are now reduced mod l
* Made Scalar::reduce() not pub; fixed test warning
* Added benches for scalar add/sub/mul
* Docs
* Added EdwardsPoint::mul_base_clamped and gated Scalar::from_bits behind legacy_compatibility
* Added unit test for Mul impl on unreduced Scalars
* Added Montgomery::mul_base_clamped
* Added BasepointTable::mul_base_clamped
* Removed invalid scalar arithmetic test; this functionality is no longer supported
* Made clamp_integer() const
* Updated readme and changelog
* Added BasepointTable::mul_base_clamped to tests
* Added proper deprecation notice to Scalar::from_bits; added legacy_compatibility to Makefile and docsrs flags
* Add no_std to CI
* Add serde to no_std feature test
* Try out cargo hack
* No serde - expect success
* Add build for no-default-features
* Exclude default
* Add getrandom to bring convenience random init functions
* Fix doc name
* Rename new to random_from_rng
* Deprecate new() in favor of random_from_rng()
* Simplify constructors documentation
Co-authored-by: Ciprian Dorin Craciun <ciprian@volution.ro>
* Fixes cfg with target from env
* Derive cleanup
* Default to curve25519_dalek_bits="32" on unknown target
* Give out warning (thanks @jcape)
Co-authored-by: ryan <ryankurte@users.noreply.github.com>
Co-authored-by: James Cape <james@mobilecoin.com>
