Merge branch 'dalek-cryptography:main' into master

.github/workflows/rust.yml

@@ -0,0 +1,102 @@
+name: Rust
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ main, develop ]
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test-u32:
+    name: Test u32 backend
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: stable
+        override: true
+    - uses: actions-rs/cargo@v1
+      with:
+        command: test
+        args: --no-default-features --features "std u32_backend"
+
+  test-u64:
+    name: Test u64 backend
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: stable
+        override: true
+    - uses: actions-rs/cargo@v1
+      with:
+        command: test
+        args: --no-default-features --features "std u64_backend"
+
+  test-simd:
+    name: Test simd backend (nightly)
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: nightly
+        override: true
+    - uses: actions-rs/cargo@v1
+      with:
+        command: test
+        args: --no-default-features --features "std simd_backend"
+
+  test-defaults-serde:
+    name: Test default feature selection and serde
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: stable
+        override: true
+    - uses: actions-rs/cargo@v1
+      with:
+        command: test
+        args: --features "serde"
+
+  test-alloc-u32:
+    name: Test no_std+alloc with u32 backend
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: stable
+        override: true
+    - uses: actions-rs/cargo@v1
+      with:
+        command: test
+        args: --lib --no-default-features --features "alloc u32_backend"
+
+  bench:
+    name: Check that benchmarks compile
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: stable
+        override: true
+    - uses: actions-rs/cargo@v1
+      with:
+        command: bench
+        # This filter selects no benchmarks, so we don't run any, only build them.
+        args: "DONTRUNBENCHMARKS"

.travis.yml

@@ -9,8 +9,12 @@ env:
   - TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std u32_backend'
   # Tests the u64 backend
   - TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std u64_backend'
-  # Tests the avx2 backend
-  - TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std avx2_backend'
+  # Tests the fiat_u32 backend
+  - TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std fiat_u32_backend'
+  # Tests the fiat_u64 backend
+  - TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std fiat_u64_backend'
+  # Tests the simd backend
+  - TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std simd_backend'
   # Tests serde support and default feature selection
   - TEST_COMMAND=test EXTRA_FLAGS='' FEATURES='serde'
   # Tests building without std. We have to select a backend, so we select the one
@@ -21,9 +25,9 @@ env:
 
 matrix:
   exclude:
-    # Test the avx2 backend only on nightly
+    # Test the simd backend only on nightly
     - rust: stable
-      env: TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std avx2_backend'
+      env: TEST_COMMAND=test EXTRA_FLAGS='--no-default-features' FEATURES='std simd_backend'
     # Test no_std+alloc only on nightly
     - rust: stable
       env: TEST_COMMAND=test EXTRA_FLAGS='--lib --no-default-features' FEATURES='alloc u32_backend'

CHANGELOG.md

@@ -1,18 +1,84 @@
 # Changelog
 
-Entries are listed in reverse chronological order.
+Entries are listed in reverse chronological order per undeprecated
+major series.
 
-## 3.0.0
+## 3.x series
+
+### 3.2.0
+
+* Add support for getting the identity element for the Montgomery
+  form of curve25519, which is useful in certain protocols for
+  checking contributory behaviour in derivation of shared secrets.
+
+### 3.1.2
+
+* Revert a commit which mistakenly removed support for `zeroize` traits
+  for some point types, as well as elligator2 support for Edwards points.
+
+### 3.1.1
+
+* Fix documentation builds on nightly due to syntax changes to
+  `#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]`.
+
+### 3.1.0
+
+* Add support for the Elligator2 encoding for Edwards points.
+* Add two optional formally-verified field arithmetic backends which
+  use the Fiat Crypto project's Rust code, which is generated from
+  proofs of functional correctness checked by the Coq theorem proving
+  system.
+* Add support for additional sizes of precomputed tables for basepoint
+  scalar multiplication.
+* Fix an unused import.
+* Add support for using the `zeroize` traits with all point types.
+  Note that points are not automatically zeroized on Drop, but that
+  consumers of `curve25519-dalek` should call these methods manually
+  when needed.
+
+### 3.0.3
+
+* Fix documentation builds on nightly due to syntax changes to
+  `#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]`.
+
+### 3.0.2
+
+* Multiple documentation typo fixes.
+* Fixes to make using `alloc`+`no_std` possible for stable Rust.
+
+### 3.0.1
+
+* Update the optional `packed-simd` dependency to rely on a newer,
+  maintained version of the `packed-simd-2` crate.
+
+### 3.0.0
 
 * Update the `digest` dependency to `0.9`.  This requires a major version
   because the `digest` traits are part of the public API, but there are
   otherwise no changes to the API.
 
-## 2.1.0
+## 2.x series
+
+### 2.1.3
+
+* Fix documentation builds on nightly due to syntax changes to
+  `#![fg_attr(feature = "nightly", doc = include_str!("../README.md"))]`.
+
+### 2.1.2
+
+* Multiple documenation typo fixes.
+* Fix `alloc` feature working with stable rust.
+
+### 2.1.1
+
+* Update the optional `packed-simd` dependency to rely on a newer,
+  maintained version of the `packed-simd-2` crate.
+
+### 2.1.0
 
 * Make `Scalar::from_bits` a `const fn`, allowing its use in `const` contexts.
 
-## 2.0.0
+### 2.0.0
 
 * Fix a data modeling error in the `serde` feature pointed out by Trevor Perrin
   which caused points and scalars to be serialized with length fields rather
@@ -31,13 +97,24 @@ Entries are listed in reverse chronological order.
 The only significant change is the data model change to the `serde` feature;
 besides the `rand_core` version bump, there are no other user-visible changes.
 
-## 1.2.4
+## 1.x series
+
+### 1.2.6
+
+* Fixes to make using alloc+no_std possible for stable Rust.
+
+### 1.2.5
+
+* Update the optional `packed-simd` dependency to rely on a newer,
+  maintained version of the `packed-simd-2` crate.
+
+### 1.2.4
 
 * Specify a semver bound for `clear_on_drop` rather than an exact version,
   addressing an issue where changes to inline assembly in rustc prevented
   `clear_on_drop` from working without an update.
 
-## 1.2.3
+### 1.2.3
 
 * Fix an issue identified by a Quarkslab audit (and Jack Grigg), where manually
   constructing unreduced `Scalar` values, as needed for X/Ed25519, and then
@@ -51,14 +128,14 @@ besides the `rand_core` version bump, there are no other user-visible changes.
 * Fix compilation on nightly broken due to changes to the `#[doc(include)]` path
   root (not quite correctly done in 1.2.2).
 
-## 1.2.2
+### 1.2.2
 
 * Fix a typo in an internal doc-comment.
 * Add the "crypto" tag to crate metadata.
 * Fix compilation on nightly broken due to changes to the `#[doc(include)]` path
   root.
 
-## 1.2.1
+### 1.2.1
 
 * Fix a bug in bucket index calculations in the Pippenger multiscalar algorithm
   for very large input sizes.
@@ -67,7 +144,7 @@ besides the `rand_core` version bump, there are no other user-visible changes.
 * Ensure that that multiscalar and NAF computations work correctly on extremal
   `Scalar` values constructed via `from_bits`.
 
-## 1.2.0
+### 1.2.0
 
 * New multiscalar multiplication algorithm with better performance for
   large problem sizes.  The backend algorithm is selected
@@ -76,24 +153,24 @@ besides the `rand_core` version bump, there are no other user-visible changes.
 * Equality of Edwards points is now checked in projective coordinates.
 * Serde can now be used with `no_std`.
 
-## 1.1.4
+### 1.1.4
 
 * Fix typos in documentation comments.
 * Remove unnecessary `Default` bound on `Scalar::from_hash`.
 
-## 1.1.3
+### 1.1.3
 
 * Reverts the change in 1.1.0 to allow owned and borrowed RNGs, which caused a breakage due to a subtle interaction with ownership rules.  (The `RngCore` change is retained).
 
-## 1.1.2
+### 1.1.2
 
 * Disabled KaTeX on `docs.rs` pending proper [support upstream](https://github.com/rust-lang/docs.rs/issues/302).
 
 ## 1.1.1
 
 * Fixed an issue related to `#[cfg(rustdoc)]` which prevented documenting multiple backends.
 
-## 1.1.0
+### 1.1.0
 
 * Adds support for precomputation for multiscalar multiplication.
 * Restructures the internal source tree into `serial` and `vector` backends (no change to external API).
@@ -102,19 +179,19 @@ besides the `rand_core` version bump, there are no other user-visible changes.
 * Replaces the `rand` dependency with `rand_core`.
 * Generalizes trait bounds on `RistrettoPoint::random()` and `Scalar::random()` to allow owned and borrowed RNGs and to allow `RngCore` instead of `Rng`.
 
-## 1.0.3
+### 1.0.3
 
 * Adds `ConstantTimeEq` implementation for compressed points.
 
-## 1.0.2
+### 1.0.2
 
 * Fixes a typo in the naming of variables in Ristretto formulas (no change to functionality).
 
-## 1.0.1
+### 1.0.1
 
 * Depends on the stable `2.0` version of `subtle` instead of `2.0.0-pre.0`.
 
-## 1.0.0
+### 1.0.0
 
 Initial stable release.  Yanked due to a dependency mistake (see above).
 

Cargo.toml

@@ -4,7 +4,8 @@ name = "curve25519-dalek"
 # - update CHANGELOG
 # - update html_root_url
 # - update README if required by semver
-version = "3.0.0"
+# - if README was updated, also update module documentation in src/lib.rs
+version = "3.2.0"
 authors = ["Isis Lovecruft <[email protected]>",
            "Henry de Valence <[email protected]>"]
 readme = "README.md"
@@ -32,7 +33,8 @@ travis-ci = { repository = "dalek-cryptography/curve25519-dalek", branch = "mast
 [dev-dependencies]
 sha2 = { version = "0.9", default-features = false }
 bincode = "1"
-criterion = "0.3.0"
+criterion = { version = "0.3.0", features = ["html_reports"] }
+hex = "0.4.2"
 rand = "0.7"
 
 [[bench]]
@@ -45,8 +47,11 @@ byteorder = { version = "^1.2.3", default-features = false, features = ["i128"]
 digest = { version = "0.9", default-features = false }
 subtle = { version = "^2.2.1", default-features = false }
 serde = { version = "1.0", default-features = false, optional = true, features = ["derive"] }
+# The original packed_simd package was orphaned, see
+# https://github.com/rust-lang/packed_simd/issues/303#issuecomment-701361161
 packed_simd = { version = "0.3.4", package = "packed_simd_2", features = ["into_bits"], optional = true }
 zeroize = { version = "1", default-features = false }
+fiat-crypto = { version = "0.1.6", optional = true}
 
 [features]
 nightly = ["subtle/nightly"]
@@ -58,6 +63,10 @@ alloc = ["zeroize/alloc"]
 u32_backend = []
 # The u64 backend uses u64s with u128 products.
 u64_backend = []
+# fiat-u64 backend (with formally-verified field arith) uses u64s with u128 products.
+fiat_u64_backend = ["fiat-crypto"]
+# fiat-u32 backend (with formally-verified field arith) uses u32s with u64 products.
+fiat_u32_backend = ["fiat-crypto"]
 # The SIMD backend uses parallel formulas, using either AVX2 or AVX512-IFMA.
 simd_backend = ["nightly", "u64_backend", "packed_simd"]
 # DEPRECATED: this is now an alias for `simd_backend` and may be removed

LICENSE

@@ -1,4 +1,5 @@
-Copyright (c) 2016-2019 Isis Agora Lovecruft, Henry de Valence. All rights reserved.
+Copyright (c) 2016-2021 isis agora lovecruft. All rights reserved.
+Copyright (c) 2016-2021 Henry de Valence. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are

Makefile

@@ -1,4 +1,4 @@
-FEATURES := nightly yolocrypto avx2_backend
+FEATURES := nightly simd_backend
 
 doc:
 	cargo rustdoc --features "$(FEATURES)" -- --html-in-header docs/assets/rustdoc-include-katex-header.html