forked from dalek-cryptography/curve25519-dalek
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
roll back changes outside of elligator2
- Loading branch information
Showing
76 changed files
with
35,738 additions
and
199 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,263 @@ | ||
# Changelog | ||
|
||
Entries are listed in reverse chronological order per undeprecated | ||
major series. | ||
|
||
## 4.x series | ||
|
||
### 4.1.2 | ||
|
||
* Fix nightly SIMD build | ||
|
||
### 4.1.1 | ||
|
||
* Mark `constants::BASEPOINT_ORDER` deprecated from pub API | ||
* Add implementation for `PrimeFieldBits`, behind the `group-bits` feature flag. | ||
|
||
### 4.1.0 | ||
|
||
* Add arbitrary integer multiplication with `MontgomeryPoint::mul_bits_be` | ||
* Add implementations of the `ff` and `group` traits, behind the `group` feature flag | ||
* Adapt to new types introduced in `fiat-crypto` 0.2 in `fiat` backend | ||
* Fix `no_std` for `fiat` backend | ||
* Mark `Scalar::clamp_integer` as `#[must_use]` | ||
* Various documentation fixes | ||
|
||
### 4.0.0 | ||
|
||
#### Breaking changes | ||
|
||
* Update the MSRV from 1.41 to 1.60 | ||
* Provide SemVer policy | ||
* Make `digest` an optional feature | ||
* Make `rand_core` an optional feature | ||
* Remove `std` feature flag | ||
* Remove `nightly` feature flag | ||
* Automatic serial backend selection between `u32` and `u64` over the default `u32` | ||
* Backend `simd` is now automatically selected over `serial` when a supported CPU is detected | ||
* Backend override is now via cfg(curve25519_dalek_backend) over additive features | ||
* Provide override to select `u32` or `u64` backend via cfg(curve25519_dalek_bits) | ||
* Replace methods `Scalar::{zero, one}` with constants `Scalar::{ZERO, ONE}` | ||
* Deprecate `EdwardsPoint::hash_from_bytes` and rename it `EdwardsPoint::nonspec_map_to_curve` | ||
* Require including a new trait, `use curve25519_dalek::traits::BasepointTable` | ||
whenever using `EdwardsBasepointTable` or `RistrettoBasepointTable` | ||
* `Scalar::from_canonical_bytes` now returns `CtOption` | ||
* `Scalar::is_canonical` now returns `Choice` | ||
* Remove `Scalar::from_bytes_clamped` and `Scalar::reduce` | ||
* Deprecate and feature-gate `Scalar::from_bits` behind `legacy_compatibility` | ||
|
||
#### Other changes | ||
|
||
* Add `EdwardsPoint::{mul_base, mul_base_clamped}`, `MontgomeryPoint::{mul_base, mul_base_clamped}`, and `BasepointTable::mul_base_clamped` | ||
* Add `precomputed-tables` feature | ||
* Update Maintenance Policies for SemVer | ||
* Migrate documentation to docs.rs hosted | ||
* Fix backend documentation generation | ||
* Fix panic when `Ristretto::double_and_compress_batch` receives the identity point | ||
* Remove `byteorder` dependency | ||
* Update the `criterion` dependency to 0.4.0 | ||
* Include README.md into crate Documentation | ||
* Update the `rand_core` dependency version and the `rand` dev-dependency | ||
version. | ||
* Relax the `zeroize` dependency to `^1` | ||
* Update the edition from 2015 to 2021 | ||
|
||
## 3.x series | ||
|
||
### 3.2.0 | ||
|
||
* Add support for getting the identity element for the Montgomery | ||
form of curve25519, which is useful in certain protocols for | ||
checking contributory behaviour in derivation of shared secrets. | ||
|
||
### 3.1.2 | ||
|
||
* Revert a commit which mistakenly removed support for `zeroize` traits | ||
for some point types, as well as elligator2 support for Edwards points. | ||
|
||
### 3.1.1 | ||
|
||
* Fix documentation builds on nightly due to syntax changes to | ||
`#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]`. | ||
|
||
### 3.1.0 | ||
|
||
* Add support for the Elligator2 encoding for Edwards points. | ||
* Add two optional formally-verified field arithmetic backends which | ||
use the Fiat Crypto project's Rust code, which is generated from | ||
proofs of functional correctness checked by the Coq theorem proving | ||
system. | ||
* Add support for additional sizes of precomputed tables for basepoint | ||
scalar multiplication. | ||
* Fix an unused import. | ||
* Add support for using the `zeroize` traits with all point types. | ||
Note that points are not automatically zeroized on Drop, but that | ||
consumers of `curve25519-dalek` should call these methods manually | ||
when needed. | ||
|
||
### 3.0.3 | ||
|
||
* Fix documentation builds on nightly due to syntax changes to | ||
`#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]`. | ||
|
||
### 3.0.2 | ||
|
||
* Multiple documentation typo fixes. | ||
* Fixes to make using `alloc`+`no_std` possible for stable Rust. | ||
|
||
### 3.0.1 | ||
|
||
* Update the optional `packed-simd` dependency to rely on a newer, | ||
maintained version of the `packed-simd-2` crate. | ||
|
||
### 3.0.0 | ||
|
||
#### Breaking changes | ||
|
||
* Update the `digest` dependency to `0.9`. This requires a major version | ||
because the `digest` traits are part of the public API, but there are | ||
otherwise no changes to the API. | ||
|
||
## 2.x series | ||
|
||
### 2.1.3 | ||
|
||
* Fix documentation builds on nightly due to syntax changes to | ||
`#![fg_attr(feature = "nightly", doc = include_str!("../README.md"))]`. | ||
|
||
### 2.1.2 | ||
|
||
* Multiple documentation typo fixes. | ||
* Fix `alloc` feature working with stable rust. | ||
|
||
### 2.1.1 | ||
|
||
* Update the optional `packed-simd` dependency to rely on a newer, | ||
maintained version of the `packed-simd-2` crate. | ||
|
||
### 2.1.0 | ||
|
||
* Make `Scalar::from_bits` a `const fn`, allowing its use in `const` contexts. | ||
|
||
### 2.0.0 | ||
|
||
The only significant change is the data model change to the `serde` feature; | ||
besides the `rand_core` version bump, there are no other user-visible changes. | ||
|
||
#### Breaking changes | ||
|
||
* Fix a data modeling error in the `serde` feature pointed out by Trevor Perrin | ||
which caused points and scalars to be serialized with length fields rather | ||
than as fixed-size 32-byte arrays. This is a breaking change, but it fixes | ||
compatibility with `serde-json` and ensures that the `serde-bincode` encoding | ||
matches the conventional encoding for X/Ed25519. | ||
* Update `rand_core` to `0.5`, allowing use with new `rand` versions. | ||
|
||
#### Other changes | ||
|
||
* Switch from `clear_on_drop` to `zeroize` (by Tony Arcieri). | ||
* Require `subtle = ^2.2.1` and remove the note advising nightly Rust, which is | ||
no longer required as of that version of `subtle`. See the `subtle` | ||
changelog for more details. | ||
* Update `README.md` for `2.x` series. | ||
* Remove the `build.rs` hack which loaded the entire crate into its own | ||
`build.rs` to generate constants, and keep the constants in the source code. | ||
|
||
## 1.x series | ||
|
||
### 1.2.6 | ||
|
||
* Fixes to make using alloc+no_std possible for stable Rust. | ||
|
||
### 1.2.5 | ||
|
||
* Update the optional `packed-simd` dependency to rely on a newer, | ||
maintained version of the `packed-simd-2` crate. | ||
|
||
### 1.2.4 | ||
|
||
* Specify a semver bound for `clear_on_drop` rather than an exact version, | ||
addressing an issue where changes to inline assembly in rustc prevented | ||
`clear_on_drop` from working without an update. | ||
|
||
### 1.2.3 | ||
|
||
* Fix an issue identified by a Quarkslab audit (and Jack Grigg), where manually | ||
constructing unreduced `Scalar` values, as needed for X/Ed25519, and then | ||
performing scalar/scalar arithmetic could compute incorrect results. | ||
* Switch to upstream Rust intrinsics for the IFMA backend now that they exist in | ||
Rust and don't need to be defined locally. | ||
* Ensure that the NAF computation works correctly, even for parameters never | ||
used elsewhere in the codebase. | ||
* Minor refactoring to EdwardsPoint decompression. | ||
* Fix broken links in documentation. | ||
* Fix compilation on nightly broken due to changes to the `#[doc(include)]` path | ||
root (not quite correctly done in 1.2.2). | ||
|
||
### 1.2.2 | ||
|
||
* Fix a typo in an internal doc-comment. | ||
* Add the "crypto" tag to crate metadata. | ||
* Fix compilation on nightly broken due to changes to the `#[doc(include)]` path | ||
root. | ||
|
||
### 1.2.1 | ||
|
||
* Fix a bug in bucket index calculations in the Pippenger multiscalar algorithm | ||
for very large input sizes. | ||
* Add a more extensive randomized multiscalar multiplication consistency check | ||
to the test suite to prevent regressions. | ||
* Ensure that that multiscalar and NAF computations work correctly on extremal | ||
`Scalar` values constructed via `from_bits`. | ||
|
||
### 1.2.0 | ||
|
||
* New multiscalar multiplication algorithm with better performance for | ||
large problem sizes. The backend algorithm is selected | ||
transparently using the size hints of the input iterators, so no | ||
changes are required for client crates to start using it. | ||
* Equality of Edwards points is now checked in projective coordinates. | ||
* Serde can now be used with `no_std`. | ||
|
||
### 1.1.4 | ||
|
||
* Fix typos in documentation comments. | ||
* Remove unnecessary `Default` bound on `Scalar::from_hash`. | ||
|
||
### 1.1.3 | ||
|
||
* Reverts the change in 1.1.0 to allow owned and borrowed RNGs, which caused a breakage due to a subtle interaction with ownership rules. (The `RngCore` change is retained). | ||
|
||
### 1.1.2 | ||
|
||
* Disabled KaTeX on `docs.rs` pending proper [support upstream](https://github.com/rust-lang/docs.rs/issues/302). | ||
|
||
## 1.1.1 | ||
|
||
* Fixed an issue related to `#[cfg(rustdoc)]` which prevented documenting multiple backends. | ||
|
||
### 1.1.0 | ||
|
||
* Adds support for precomputation for multiscalar multiplication. | ||
* Restructures the internal source tree into `serial` and `vector` backends (no change to external API). | ||
* Adds a new IFMA backend which sets speed records. | ||
* The `avx2_backend` feature is now an alias for the `simd_backend` feature, which autoselects an appropriate vector backend (currently AVX2 or IFMA). | ||
* Replaces the `rand` dependency with `rand_core`. | ||
* Generalizes trait bounds on `RistrettoPoint::random()` and `Scalar::random()` to allow owned and borrowed RNGs and to allow `RngCore` instead of `Rng`. | ||
|
||
### 1.0.3 | ||
|
||
* Adds `ConstantTimeEq` implementation for compressed points. | ||
|
||
### 1.0.2 | ||
|
||
* Fixes a typo in the naming of variables in Ristretto formulas (no change to functionality). | ||
|
||
### 1.0.1 | ||
|
||
* Depends on the stable `2.0` version of `subtle` instead of `2.0.0-pre.0`. | ||
|
||
### 1.0.0 | ||
|
||
Initial stable release. Yanked due to a dependency mistake (see above). | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
[package] | ||
name = "curve25519-dalek" | ||
# Before incrementing: | ||
# - update CHANGELOG | ||
# - update README if required by semver | ||
# - if README was updated, also update module documentation in src/lib.rs | ||
version = "4.1.2" | ||
edition = "2021" | ||
rust-version = "1.60.0" | ||
authors = ["Isis Lovecruft <[email protected]>", | ||
"Henry de Valence <[email protected]>"] | ||
readme = "README.md" | ||
license = "BSD-3-Clause" | ||
repository = "https://github.com/dalek-cryptography/curve25519-dalek/tree/main/curve25519-dalek" | ||
homepage = "https://github.com/dalek-cryptography/curve25519-dalek" | ||
documentation = "https://docs.rs/curve25519-dalek" | ||
categories = ["cryptography", "no-std"] | ||
keywords = ["cryptography", "crypto", "ristretto", "curve25519", "ristretto255"] | ||
description = "A pure-Rust implementation of group operations on ristretto255 and Curve25519" | ||
exclude = [ | ||
"**/.gitignore", | ||
".gitignore", | ||
] | ||
|
||
[package.metadata.docs.rs] | ||
rustdoc-args = [ | ||
"--html-in-header", "docs/assets/rustdoc-include-katex-header.html", | ||
"--cfg", "docsrs", | ||
] | ||
features = ["serde", "rand_core", "digest", "legacy_compatibility", "group-bits"] | ||
|
||
[dev-dependencies] | ||
sha2 = { version = "0.10", default-features = false } | ||
bincode = "1" | ||
criterion = { version = "0.5", features = ["html_reports"] } | ||
hex = "0.4.2" | ||
rand = "0.8" | ||
rand_core = { version = "0.6", default-features = false, features = ["getrandom"] } | ||
|
||
[build-dependencies] | ||
rustc_version = "0.4.0" | ||
|
||
[[bench]] | ||
name = "dalek_benchmarks" | ||
harness = false | ||
required-features = ["alloc", "rand_core"] | ||
|
||
[dependencies] | ||
cfg-if = "1" | ||
ff = { version = "0.13", default-features = false, optional = true } | ||
group = { version = "0.13", default-features = false, optional = true } | ||
rand_core = { version = "0.6.4", default-features = false, optional = true } | ||
digest = { version = "0.10", default-features = false, optional = true } | ||
subtle = { version = "2.3.0", default-features = false } | ||
serde = { version = "1.0", default-features = false, optional = true, features = ["derive"] } | ||
zeroize = { version = "1", default-features = false, optional = true } | ||
|
||
[target.'cfg(target_arch = "x86_64")'.dependencies] | ||
cpufeatures = "0.2.6" | ||
|
||
[target.'cfg(curve25519_dalek_backend = "fiat")'.dependencies] | ||
fiat-crypto = { version = "0.2.1", default-features = false } | ||
|
||
[features] | ||
default = ["alloc", "precomputed-tables", "zeroize"] | ||
alloc = ["zeroize?/alloc"] | ||
precomputed-tables = [] | ||
legacy_compatibility = [] | ||
group = ["dep:group", "rand_core"] | ||
group-bits = ["group", "ff/bits"] | ||
|
||
[target.'cfg(all(not(curve25519_dalek_backend = "fiat"), not(curve25519_dalek_backend = "serial"), target_arch = "x86_64"))'.dependencies] | ||
curve25519-dalek-derive = { version = "0.1", path = "../curve25519-dalek-derive" } |
Oops, something went wrong.