diff --git a/components/brave_wallet/rust/BUILD.gn b/components/brave_wallet/rust/BUILD.gn index 487f88c4291e..edd1bbbc7ca7 100644 --- a/components/brave_wallet/rust/BUILD.gn +++ b/components/brave_wallet/rust/BUILD.gn @@ -14,7 +14,7 @@ rust_static_library("rust_lib") { deps = [ "//brave/third_party/rust/bech32/v0_9:lib", - "//brave/third_party/rust/curve25519_dalek/v3:lib", - "//brave/third_party/rust/ed25519_dalek_bip32/v0_2:lib", + "//brave/third_party/rust/curve25519_dalek/v4:lib", + "//brave/third_party/rust/ed25519_dalek_bip32/v0_3:lib", ] } diff --git a/components/brave_wallet/rust/Cargo.toml b/components/brave_wallet/rust/Cargo.toml index 02ff67a7be03..0d5cb009ca6c 100644 --- a/components/brave_wallet/rust/Cargo.toml +++ b/components/brave_wallet/rust/Cargo.toml @@ -8,8 +8,8 @@ license = "MPL-2.0" [dependencies] cxx = { version = "1.0", features = [ "alloc", "std" ] } -ed25519-dalek-bip32 = "0.2.0" -curve25519-dalek = "3.2.0" +ed25519-dalek-bip32 = "0.3.0" +curve25519-dalek = "4.1.3" bech32 = "0.9.1" [lib] diff --git a/components/brave_wallet/rust/lib.rs b/components/brave_wallet/rust/lib.rs index 000de1d56aad..8fdd2f987045 100644 --- a/components/brave_wallet/rust/lib.rs +++ b/components/brave_wallet/rust/lib.rs @@ -6,16 +6,15 @@ use bech32::Error as Bech32Error; use bech32::FromBase32; use core::fmt; -use curve25519_dalek; use ed25519_dalek_bip32::derivation_path::{ ChildIndexError, DerivationPath, DerivationPathParseError, }; use ed25519_dalek_bip32::ed25519_dalek::{ - Keypair, SecretKey, Signature, SignatureError, Signer, KEYPAIR_LENGTH, PUBLIC_KEY_LENGTH, + Signature, SignatureError, Signer, SigningKey, KEYPAIR_LENGTH, PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, SIGNATURE_LENGTH, }; use ed25519_dalek_bip32::Error as Ed25519Bip32Error; -use ed25519_dalek_bip32::{ChildIndex, ExtendedSecretKey}; +use ed25519_dalek_bip32::{ChildIndex, ExtendedSigningKey}; use ffi::Bech32DecodeVariant; #[macro_export] @@ -144,6 +143,7 @@ pub enum Error { ChildIndex(ChildIndexError), Signature(SignatureError), Bech32(Bech32Error), + KeyLengthMismatch, } impl_error!(Ed25519Bip32Error, Ed25519Bip32); @@ -160,6 +160,9 @@ impl fmt::Display for Error { Error::ChildIndex(e) => write!(f, "Error: {}", e.to_string()), Error::Signature(e) => write!(f, "Error: {}", e.to_string()), Error::Bech32(e) => write!(f, "Error: {}", e.to_string()), + Error::KeyLengthMismatch => { + write!(f, "Error: raw key bytes were not the expected length") + } } } } @@ -170,7 +173,7 @@ pub struct Bech32Decoded { } pub struct Bech32DecodeValue(Bech32Decoded); -pub struct Ed25519DalekExtendedSecretKey(ExtendedSecretKey); +pub struct Ed25519DalekExtendedSecretKey(ExtendedSigningKey); pub struct Ed25519DalekSignature(Signature); struct Ed25519DalekExtendedSecretKeyResult(Result); @@ -178,7 +181,11 @@ struct Ed25519DalekSignatureResult(Result); struct Ed25519DalekVerificationResult(Result<(), Error>); struct Bech32DecodeResult(Result); -impl_result!(Ed25519DalekExtendedSecretKey, Ed25519DalekExtendedSecretKeyResult, ExtendedSecretKey); +impl_result!( + Ed25519DalekExtendedSecretKey, + Ed25519DalekExtendedSecretKeyResult, + ExtendedSigningKey +); impl_result!(Ed25519DalekSignature, Ed25519DalekSignatureResult, Signature); impl_result!(Bech32DecodeValue, Bech32DecodeResult, Bech32Decoded); @@ -220,25 +227,36 @@ fn generate_ed25519_extended_secret_key_from_seed( bytes: &[u8], ) -> Box { Box::new(Ed25519DalekExtendedSecretKeyResult::from( - ExtendedSecretKey::from_seed(bytes).map_err(|err| Error::from(err)), + ExtendedSigningKey::from_seed(bytes).map_err(Error::from), )) } + fn generate_ed25519_extended_secret_key_from_bytes( bytes: &[u8], ) -> Box { - Box::new(Ed25519DalekExtendedSecretKeyResult::from( - SecretKey::from_bytes(bytes).map_err(|err| Error::from(err)).and_then(|secret_key| { - Ok(ExtendedSecretKey { + let key_result = match bytes.try_into() { + Err(_) => Err(Error::KeyLengthMismatch), + Ok(array) => { + let signing_key = SigningKey::from_bytes(array); + Ok(ExtendedSigningKey { depth: 0, child_index: ChildIndex::Normal(0), - secret_key, + signing_key, chain_code: [0; 32], }) - }), - )) + } + }; + Box::new(Ed25519DalekExtendedSecretKeyResult::from(key_result)) } + fn bytes_are_curve25519_point(bytes: &[u8]) -> bool { - curve25519_dalek::edwards::CompressedEdwardsY::from_slice(bytes).decompress().is_some() + match curve25519_dalek::edwards::CompressedEdwardsY::from_slice(bytes) { + // If the y coordinate decompresses, it represents a curve point. + Ok(point) => point.decompress().is_some(), + // Creating the CompressedEdwardsY failed, so bytes does not represent + // a curve point, probably the slice wasn't the expected size. + Err(_) => false, + } } fn decode_bech32(input: &str) -> Box { @@ -276,34 +294,31 @@ impl Ed25519DalekExtendedSecretKey { )) } fn keypair_raw(&self) -> [u8; KEYPAIR_LENGTH] { - let mut bytes: [u8; KEYPAIR_LENGTH] = [0u8; KEYPAIR_LENGTH]; - bytes[..SECRET_KEY_LENGTH].copy_from_slice(&self.0.secret_key.to_bytes()); - bytes[SECRET_KEY_LENGTH..].copy_from_slice(&self.0.public_key().to_bytes()); - bytes + self.0.signing_key.to_keypair_bytes() } fn secret_key_raw(&self) -> [u8; SECRET_KEY_LENGTH] { - self.0.secret_key.to_bytes() + self.0.signing_key.to_bytes() } fn public_key_raw(&self) -> [u8; PUBLIC_KEY_LENGTH] { - self.0.public_key().to_bytes() + self.0.verifying_key().to_bytes() } + fn sign(self: &Ed25519DalekExtendedSecretKey, msg: &[u8]) -> Box { Box::new(Ed25519DalekSignatureResult::from( - Keypair::from_bytes(&self.keypair_raw()) - .map_err(|err| Error::from(err)) - .and_then(|keypair| Ok(keypair.try_sign(msg)?)), + self.0.signing_key.try_sign(msg).map_err(Error::from), )) } + fn verify( self: &Ed25519DalekExtendedSecretKey, msg: &[u8], sig: &[u8], ) -> Box { - Box::new(Ed25519DalekVerificationResult::from( - Keypair::from_bytes(&self.keypair_raw()) - .map_err(|err| Error::from(err)) - .and_then(|keypair| Ok(keypair.verify(msg, &Signature::from_bytes(sig)?)?)), - )) + let sig_result = match Signature::from_slice(sig) { + Ok(signature) => self.0.signing_key.verify(msg, &signature).map_err(Error::from), + Err(e) => Err(Error::from(e)), + }; + Box::new(Ed25519DalekVerificationResult::from(sig_result)) } } diff --git a/components/challenge_bypass_ristretto/rust/cxx/BUILD.gn b/components/challenge_bypass_ristretto/rust/cxx/BUILD.gn index 2e4295510bba..b4933a3e0a94 100644 --- a/components/challenge_bypass_ristretto/rust/cxx/BUILD.gn +++ b/components/challenge_bypass_ristretto/rust/cxx/BUILD.gn @@ -13,11 +13,11 @@ rust_static_library("rust_lib") { cxx_bindings = [ "src/lib.rs" ] deps = [ - "//brave/third_party/rust/challenge_bypass_ristretto/v1:lib", + "//brave/third_party/rust/challenge_bypass_ristretto/v2:lib", "//brave/third_party/rust/derive_more/v0_99:lib", - "//brave/third_party/rust/hmac/v0_10:lib", - "//brave/third_party/rust/rand/v0_7:lib", - "//brave/third_party/rust/sha2/v0_9:lib", + "//brave/third_party/rust/hmac/v0_12:lib", + "//brave/third_party/rust/sha2/v0_10:lib", "//third_party/rust/lazy_static/v1:lib", + "//third_party/rust/rand/v0_8:lib", ] } diff --git a/components/challenge_bypass_ristretto/rust/cxx/Cargo.toml b/components/challenge_bypass_ristretto/rust/cxx/Cargo.toml index b9b4e957f810..49db2dee133e 100644 --- a/components/challenge_bypass_ristretto/rust/cxx/Cargo.toml +++ b/components/challenge_bypass_ristretto/rust/cxx/Cargo.toml @@ -6,10 +6,10 @@ edition = "2018" license = "MPL-2.0" [dependencies] -challenge-bypass-ristretto = { version = "1.0.2", features = ["base64"] } +challenge-bypass-ristretto = { version = "2.0.0", features = ["base64"] } cxx = { version = "1.0" } derive_more = "0.99" -hmac = "0.10" +hmac = "0.12" lazy_static = "1.4.0" -rand = "0.7" -sha2 = "0.9" +rand = { version = "0.8", features = ["getrandom"] } +sha2 = "0.10" diff --git a/components/skus/browser/rs/lib/BUILD.gn b/components/skus/browser/rs/lib/BUILD.gn index 25391ea1ea54..d6a092aa1500 100644 --- a/components/skus/browser/rs/lib/BUILD.gn +++ b/components/skus/browser/rs/lib/BUILD.gn @@ -26,18 +26,18 @@ rust_static_library("rust_lib") { deps = [ "//brave/third_party/rust/async_trait/v0_1:lib", "//brave/third_party/rust/bigdecimal/v0_1:lib", - "//brave/third_party/rust/challenge_bypass_ristretto/v1:lib", + "//brave/third_party/rust/challenge_bypass_ristretto/v2:lib", "//brave/third_party/rust/chrono/v0_4:lib", "//brave/third_party/rust/data_encoding/v2:lib", "//brave/third_party/rust/futures_retry/v0_5:lib", - "//brave/third_party/rust/hmac/v0_10:lib", + "//brave/third_party/rust/hmac/v0_12:lib", "//brave/third_party/rust/http/v1:lib", - "//brave/third_party/rust/rand/v0_7:lib", - "//brave/third_party/rust/sha2/v0_9:lib", + "//brave/third_party/rust/sha2/v0_10:lib", "//brave/third_party/rust/tracing/v0_1:lib", "//brave/third_party/rust/urlencoding/v1:lib", "//brave/third_party/rust/uuid/v1:lib", "//third_party/rust/base64/v0_13:lib", + "//third_party/rust/rand/v0_8:lib", "//third_party/rust/serde/v1:lib", "//third_party/rust/serde_json/v1:lib", ] diff --git a/components/skus/browser/rs/lib/Cargo.toml b/components/skus/browser/rs/lib/Cargo.toml index 71e12333acc7..ceabe6a4b00c 100644 --- a/components/skus/browser/rs/lib/Cargo.toml +++ b/components/skus/browser/rs/lib/Cargo.toml @@ -15,19 +15,19 @@ required-features = ["e2e_test"] [dependencies] http = { version = "1" } async-trait = "0.1.64" -rand = { version = "0.7" } +rand = { version = "0.8", features = ["getrandom"] } serde_json = "1.0" -sha2 = "0.9" +sha2 = "0.10" data-encoding = "2.1.2" tracing = { version = "0.1", default-features = false, features = ["release_max_level_debug"] } bigdecimal = { version = "0.1", features = ["serde"] } serde = { version = "1.0", features = ["derive"] } chrono = { version = "0.4", default-features = false, features = ["clock", "serde"] } uuid = { version = "1", features = ["v4"] } -challenge-bypass-ristretto = { version = "1.0.2", features = ["serde_base64"] } +challenge-bypass-ristretto = { version = "2.0.0", features = ["serde_base64"] } futures-retry = "0.5.0" urlencoding = "1.1.1" -hmac = "0.10" +hmac = "0.12" base64 = "0.13.0" git-version = { version = "0.3.5", optional = true } @@ -40,4 +40,7 @@ tracing-subscriber = { version = "0.2.0", default-features = false, features = [ [features] default = [] e2e_test = [] -wasm = ["chrono/wasmbind", "futures-retry/wasm", "challenge-bypass-ristretto/nightly", "rand/wasm-bindgen"] +wasm = ["chrono/wasmbind", "futures-retry/wasm"] + +[patch.crates-io.futures-retry] +path = "../../../../../third_party/rust/futures_retry/v0_5/crate" diff --git a/components/skus/browser/rs/lib/src/cache.rs b/components/skus/browser/rs/lib/src/cache.rs index 9972ca4d8894..8c001c5829e1 100644 --- a/components/skus/browser/rs/lib/src/cache.rs +++ b/components/skus/browser/rs/lib/src/cache.rs @@ -1,3 +1,8 @@ +// Copyright (c) 2022 The Brave Authors. All rights reserved. +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this file, +// You can obtain one at https://mozilla.org/MPL/2.0/. + use std::collections::HashMap; use std::iter; use std::time::Duration; diff --git a/components/skus/browser/rs/lib/src/errors.rs b/components/skus/browser/rs/lib/src/errors.rs index 98f455d1941c..79ecce6ce895 100644 --- a/components/skus/browser/rs/lib/src/errors.rs +++ b/components/skus/browser/rs/lib/src/errors.rs @@ -1,3 +1,8 @@ +// Copyright (c) 2022 The Brave Authors. All rights reserved. +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this file, +// You can obtain one at https://mozilla.org/MPL/2.0/. + use core::fmt; use core::fmt::Display; diff --git a/components/skus/browser/rs/lib/src/http.rs b/components/skus/browser/rs/lib/src/http.rs index 362dc578335e..e3f32d007395 100644 --- a/components/skus/browser/rs/lib/src/http.rs +++ b/components/skus/browser/rs/lib/src/http.rs @@ -1,3 +1,8 @@ +// Copyright (c) 2022 The Brave Authors. All rights reserved. +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this file, +// You can obtain one at https://mozilla.org/MPL/2.0/. + use std::cmp; use std::time::Duration; @@ -89,7 +94,7 @@ where | InternalError::InvalidResponse(_) => { // Default to an exponential backoff with jitter along the full range // https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/ - rng.gen_range(0, cmp::min(MAX_DELAY_MS, BASE_DELAY_MS * (1 << current_attempt))) + rng.gen_range(0..cmp::min(MAX_DELAY_MS, BASE_DELAY_MS * (1 << current_attempt))) } InternalError::RetryLater(Some(after)) => { let after_ms = (after.as_millis() as u64) + 1; @@ -107,7 +112,7 @@ where // If the server instructed us with a specific delay, delay for at least that long // while incorporating some random delay based on our current attempt cmp::min( - after_ms + rng.gen_range(0, BASE_DELAY_MS * (1 << current_attempt)), + after_ms + rng.gen_range(0..BASE_DELAY_MS * (1 << current_attempt)), MAX_DELAY_MS, ) } diff --git a/components/skus/browser/rs/lib/src/lib.rs b/components/skus/browser/rs/lib/src/lib.rs index afebd6848b20..203f39fe78a8 100644 --- a/components/skus/browser/rs/lib/src/lib.rs +++ b/components/skus/browser/rs/lib/src/lib.rs @@ -1,3 +1,8 @@ +// Copyright (c) 2022 The Brave Authors. All rights reserved. +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this file, +// You can obtain one at https://mozilla.org/MPL/2.0/. + pub mod cache; pub mod errors; pub mod http; diff --git a/components/skus/browser/rs/lib/src/sdk/credentials/mod.rs b/components/skus/browser/rs/lib/src/sdk/credentials/mod.rs index 341fa5456cd6..c3de363973ad 100644 --- a/components/skus/browser/rs/lib/src/sdk/credentials/mod.rs +++ b/components/skus/browser/rs/lib/src/sdk/credentials/mod.rs @@ -149,12 +149,13 @@ where .unwrap_or_default() .into_iter() .filter_map(|tlv2_cred| { + let valid_from = tlv2_cred.valid_from; tlv2_cred .unblinded_creds .unwrap_or_default() .into_iter() - .filter(|single_cred| !single_cred.spent && tlv2_cred.valid_from > now) - .map(|_| tlv2_cred.valid_from) + .filter(|single_cred| !single_cred.spent && valid_from > now) + .map(|_| valid_from) .next() }) .min(); // Find the smallest valid_from among them diff --git a/third_party/rust/base64ct/v1/BUILD.gn b/third_party/rust/base64ct/v1/BUILD.gn new file mode 100644 index 000000000000..96ffa66248d9 --- /dev/null +++ b/third_party/rust/base64ct/v1/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2024 The Brave Authors. All rights reserved. +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at https://mozilla.org/MPL/2.0/. + +# @generated from third_party/rust/chromium_crates_io/BUILD.gn.hbs by +# tools/crates/gnrt. +# Do not edit! + +import("//build/rust/cargo_crate.gni") + +cargo_crate("lib") { + crate_name = "base64ct" + epoch = "1" + crate_type = "rlib" + crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/lib.rs" + sources = [ + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/bcrypt.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/crypt.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/shacrypt.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/standard.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/url.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/decoder.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/encoder.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/encoding.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/errors.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/line_ending.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/test_vectors.rs", + ] + inputs = [ "//brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/../README.md" ] + + build_native_rust_unit_tests = false + edition = "2021" + cargo_pkg_version = "1.6.0" + cargo_pkg_authors = "RustCrypto Developers" + cargo_pkg_name = "base64ct" + cargo_pkg_description = "Pure Rust implementation of Base64 (RFC 4648) which avoids any usages of data-dependent branches/LUTs and thereby provides portable \"best effort\" constant-time operation and embedded-friendly no_std support" + library_configs -= [ "//build/config/compiler:chromium_code" ] + library_configs += [ "//build/config/compiler:no_chromium_code" ] + executable_configs -= [ "//build/config/compiler:chromium_code" ] + executable_configs += [ "//build/config/compiler:no_chromium_code" ] + proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] + proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] + features = [ "alloc" ] +} diff --git a/third_party/rust/base64ct/v1/README.chromium b/third_party/rust/base64ct/v1/README.chromium new file mode 100644 index 000000000000..46bbf52c3f47 --- /dev/null +++ b/third_party/rust/base64ct/v1/README.chromium @@ -0,0 +1,12 @@ +Name: base64ct +URL: https://crates.io/crates/base64ct +Description: Pure Rust implementation of Base64 (RFC 4648) which avoids any usages of +data-dependent branches/LUTs and thereby provides portable "best effort" +constant-time operation and embedded-friendly no_std support + +Version: 1.6.0 +Security Critical: yes +Shipped: yes +License: Apache 2.0 +License File: //brave/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/LICENSE-APACHE +Revision: 084b09a7a694009a6f3d66e3ed5e11ca4fd2ac80 diff --git a/third_party/rust/byteorder/v1/BUILD.gn b/third_party/rust/byteorder/v1/BUILD.gn index d3f94137b17b..783d09db691e 100644 --- a/third_party/rust/byteorder/v1/BUILD.gn +++ b/third_party/rust/byteorder/v1/BUILD.gn @@ -33,8 +33,5 @@ cargo_crate("lib") { executable_configs += [ "//build/config/compiler:no_chromium_code" ] proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] - features = [ - "i128", - "std", - ] + features = [ "std" ] } diff --git a/third_party/rust/challenge_bypass_ristretto/v1/BUILD.gn b/third_party/rust/challenge_bypass_ristretto/v2/BUILD.gn similarity index 69% rename from third_party/rust/challenge_bypass_ristretto/v1/BUILD.gn rename to third_party/rust/challenge_bypass_ristretto/v2/BUILD.gn index 83ec39734885..b283dc936068 100644 --- a/third_party/rust/challenge_bypass_ristretto/v1/BUILD.gn +++ b/third_party/rust/challenge_bypass_ristretto/v2/BUILD.gn @@ -11,26 +11,25 @@ import("//build/rust/cargo_crate.gni") cargo_crate("lib") { crate_name = "challenge_bypass_ristretto" - epoch = "1" + epoch = "2" crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/lib.rs" + crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/lib.rs" sources = [ - "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/dleq.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/dleq_merlin.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/errors.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/lib.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/macros.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/oprf.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/voprf.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/dleq.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/errors.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/macros.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/oprf.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/voprf.rs", ] inputs = [ - "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/../README.md", - "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/../docs/PROTOCOL.md", + "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/../README.md", + "//brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/../docs/PROTOCOL.md", ] build_native_rust_unit_tests = false edition = "2018" - cargo_pkg_version = "1.0.2" + cargo_pkg_version = "2.0.0" cargo_pkg_authors = "eV " cargo_pkg_name = "challenge-bypass-ristretto" cargo_pkg_description = "A rust implemention of the privacy pass cryptographic protocol using the Ristretto group (WIP)" @@ -42,13 +41,13 @@ cargo_crate("lib") { proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] deps = [ "//brave/third_party/rust/base64/v0_13:lib", - "//brave/third_party/rust/crypto_mac/v0_10:lib", - "//brave/third_party/rust/curve25519_dalek/v3:lib", - "//brave/third_party/rust/digest/v0_9:lib", - "//brave/third_party/rust/hmac/v0_10:lib", - "//brave/third_party/rust/rand/v0_7:lib", - "//brave/third_party/rust/rand_chacha/v0_2:lib", - "//brave/third_party/rust/rand_core/v0_5:lib", + "//brave/third_party/rust/crypto_mac/v0_11:lib", + "//brave/third_party/rust/curve25519_dalek/v4:lib", + "//brave/third_party/rust/digest/v0_10:lib", + "//brave/third_party/rust/hmac/v0_12:lib", + "//brave/third_party/rust/rand/v0_8:lib", + "//brave/third_party/rust/rand_chacha/v0_3:lib", + "//brave/third_party/rust/rand_core/v0_6:lib", "//brave/third_party/rust/serde/v1:lib", "//brave/third_party/rust/subtle/v2:lib", "//brave/third_party/rust/zeroize/v1:lib", @@ -59,6 +58,5 @@ cargo_crate("lib") { "serde", "serde_base64", "std", - "u64_backend", ] } diff --git a/third_party/rust/challenge_bypass_ristretto/v1/README.chromium b/third_party/rust/challenge_bypass_ristretto/v2/README.chromium similarity index 75% rename from third_party/rust/challenge_bypass_ristretto/v1/README.chromium rename to third_party/rust/challenge_bypass_ristretto/v2/README.chromium index d182dfc76f32..081994ed527b 100644 --- a/third_party/rust/challenge_bypass_ristretto/v1/README.chromium +++ b/third_party/rust/challenge_bypass_ristretto/v2/README.chromium @@ -1,9 +1,9 @@ Name: challenge-bypass-ristretto URL: https://crates.io/crates/challenge-bypass-ristretto Description: A rust implemention of the privacy pass cryptographic protocol using the Ristretto group (WIP) -Version: 1.0.2 +Version: 2.0.0 Security Critical: yes Shipped: yes License: Mozilla Public License 2.0 -License File: //brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/LICENSE -Revision: 48910ab1e0c6a52cd757abdc234aa4d6db214c09 +License File: //brave/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/LICENSE +Revision: 6e5b0fbf4a7c974cb2c18f23431e68ac37aac615 diff --git a/third_party/rust/challenge_bypass_ristretto_cxx/v1/README.chromium b/third_party/rust/challenge_bypass_ristretto_cxx/v1/README.chromium deleted file mode 100644 index a0b45faa2595..000000000000 --- a/third_party/rust/challenge_bypass_ristretto_cxx/v1/README.chromium +++ /dev/null @@ -1,8 +0,0 @@ -Name: challenge-bypass-ristretto-cxx -URL: https://crates.io/crates/challenge-bypass-ristretto-cxx -Description: -Version: 1.0.0 -Security Critical: yes -Shipped: yes -License: Mozilla Public License 2.0 -License File: diff --git a/third_party/rust/chromium_crates_io/Cargo.lock b/third_party/rust/chromium_crates_io/Cargo.lock index 81912fdadebe..b12533faea5f 100644 --- a/third_party/rust/chromium_crates_io/Cargo.lock +++ b/third_party/rust/chromium_crates_io/Cargo.lock @@ -147,6 +147,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" name = "base64" version = "0.13.1" +[[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "bech32" version = "0.9.1" @@ -268,7 +273,7 @@ name = "brave_wallet" version = "1.0.0" dependencies = [ "bech32", - "curve25519-dalek 3.2.0", + "curve25519-dalek", "cxx", "ed25519-dalek-bip32", ] @@ -340,17 +345,17 @@ dependencies = [ [[package]] name = "challenge-bypass-ristretto" -version = "1.0.2" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "base64", - "crypto-mac 0.10.1", - "curve25519-dalek 3.2.0", - "digest 0.9.0", - "hmac 0.10.1", - "rand 0.7.3", - "rand_chacha 0.2.2", - "rand_core 0.5.1", + "crypto-mac 0.11.1", + "curve25519-dalek", + "digest 0.10.7", + "hmac 0.12.1", + "rand 0.8.5", + "rand_chacha 0.3.1", + "rand_core 0.6.4", "serde", "subtle", "zeroize", @@ -363,10 +368,10 @@ dependencies = [ "challenge-bypass-ristretto", "cxx", "derive_more", - "hmac 0.10.1", + "hmac 0.12.1", "lazy_static", - "rand 0.7.3", - "sha2 0.9.9", + "rand 0.8.5", + "sha2 0.10.8", ] [[package]] @@ -420,6 +425,11 @@ dependencies = [ "zeroize", ] +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "constant_time_eq" version = "0.2.5" @@ -482,15 +492,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "crypto-mac" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "generic-array", - "subtle", -] - [[package]] name = "crypto-mac" version = "0.11.1" @@ -543,26 +544,14 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "3.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "byteorder", - "digest 0.9.0", - "rand_core 0.5.1", - "subtle", - "zeroize", -] - -[[package]] -name = "curve25519-dalek" -version = "4.1.1" +version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", + "digest 0.10.7", "fiat-crypto", - "platforms", "rand_core 0.6.4", "rustc_version", "serde", @@ -626,6 +615,15 @@ dependencies = [ "syn 1.0.109", ] +[[package]] +name = "der" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "const-oid", + "zeroize", +] + [[package]] name = "deranged" version = "0.3.11" @@ -684,28 +682,30 @@ dependencies = [ [[package]] name = "ed25519" -version = "1.5.3" +version = "2.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ + "pkcs8", "signature", ] [[package]] name = "ed25519-dalek" -version = "1.0.1" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ - "curve25519-dalek 3.2.0", + "curve25519-dalek", "ed25519", - "rand 0.7.3", + "rand_core 0.6.4", "serde", - "sha2 0.9.9", + "sha2 0.10.8", + "subtle", "zeroize", ] [[package]] name = "ed25519-dalek-bip32" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "derivation-path", @@ -1124,15 +1124,6 @@ dependencies = [ "digest 0.9.0", ] -[[package]] -name = "hmac" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "crypto-mac 0.10.1", - "digest 0.9.0", -] - [[package]] name = "hmac" version = "0.11.0" @@ -1777,9 +1768,13 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] -name = "platforms" -version = "3.2.0" +name = "pkcs8" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "der", + "spki", +] [[package]] name = "poly1305" @@ -1804,7 +1799,7 @@ dependencies = [ "base64", "bincode", "bitvec", - "curve25519-dalek 4.1.1", + "curve25519-dalek", "derive_more", "rand 0.8.5", "rand_core 0.6.4", @@ -2245,8 +2240,11 @@ dependencies = [ [[package]] name = "signature" -version = "1.6.4" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "rand_core 0.6.4", +] [[package]] name = "siphasher" @@ -2264,12 +2262,12 @@ dependencies = [ "chrono", "data-encoding", "futures-retry", - "hmac 0.10.1", + "hmac 0.12.1", "http", - "rand 0.7.3", + "rand 0.8.5", "serde", "serde_json", - "sha2 0.9.9", + "sha2 0.10.8", "tracing", "urlencoding", "uuid", @@ -2332,6 +2330,15 @@ name = "spin" version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "sta-rs" version = "0.3.0" diff --git a/third_party/rust/chromium_crates_io/gnrt_config.toml b/third_party/rust/chromium_crates_io/gnrt_config.toml index 246897ce9d4b..2408c533b805 100644 --- a/third_party/rust/chromium_crates_io/gnrt_config.toml +++ b/third_party/rust/chromium_crates_io/gnrt_config.toml @@ -112,10 +112,16 @@ license_files = ['LICENCE'] [crate.arrayref] license_files = ['LICENSE'] +[crate.base64ct] +extra_input_roots = [ "../README.md" ] + [crate.bitvec] extra_input_roots = ['../doc', '../README.md' ] license_files = ['LICENSE.txt'] +[crate.const-oid] +extra_input_roots = [ "../README.md" ] + [crate.cbor4ii] extra_input_roots = [ "../README.md" ] @@ -171,6 +177,9 @@ extra_input_roots = [ "../README.md" ] [crate.deranged] license_files = ['LICENSE-Apache'] +[crate.der] +extra_input_roots = [ "../README.md" ] + [crate.derivation-path] license_files = ['../../../../../common/licenses/Apache-2.0'] @@ -297,8 +306,8 @@ license_files = ['LICENSE-Apache'] [crate.num-traits] extra_kv = { rustflags = [ "--cfg", "has_i128", "--cfg", "has_to_int_unchecked", "--cfg", "has_reverse_bits", "--cfg", "has_leading_trailing_ones", "--cfg", "has_int_assignop_ref", "--cfg", "has_div_euclid", "--cfg", "has_copysign" ] } -[crate.platforms] -extra_src_roots = [ "target" ] +[crate.pkcs8] +extra_input_roots = [ "../README.md" ] [crate.powerfmt] license_files = ['LICENSE-Apache'] @@ -355,6 +364,9 @@ extra_input_roots = [ "../README.md" ] [crate.siphasher] license_files = ['../../../../../common/licenses/Apache-2.0'] +[crate.spki] +extra_input_roots = [ "../README.md" ] + [crate.sta-rs] license_files = ['LICENSE'] diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/.cargo_vcs_info.json new file mode 100644 index 000000000000..ecd2e9ca9a18 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "084b09a7a694009a6f3d66e3ed5e11ca4fd2ac80" + }, + "path_in_vcs": "base64ct" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/CHANGELOG.md new file mode 100644 index 000000000000..73d4ddd9a5db --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/CHANGELOG.md @@ -0,0 +1,148 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## 1.6.0 (2023-02-26) +### Changed +- MSRV 1.60 ([#802]) +- Lint improvements ([#824]) + +[#802]: https://github.com/RustCrypto/formats/pull/802 +[#824]: https://github.com/RustCrypto/formats/pull/824 + +## 1.5.3 (2022-10-18) +### Added +- `Base64ShaCrypt` alphabet ([#742]) + +### Changed +- Use `RangeInclusive` for `DecodeStep` ([#713]) + +[#713]: https://github.com/RustCrypto/formats/pull/713 +[#742]: https://github.com/RustCrypto/formats/pull/742 + +## 1.5.2 (2022-08-22) +### Fixed +- Return `Ok(0)` in `io::Read` impl to signal end of stream ([#704]) + +[#704]: https://github.com/RustCrypto/formats/pull/704 + +## 1.5.1 (2022-06-26) +### Fixed +- Last block validation ([#680]) + +[#680]: https://github.com/RustCrypto/formats/pull/680 + +## 1.5.0 (2022-03-29) +### Fixed +- Ensure checked arithmetic with `clippy::integer_arithmetic` lint ([#557]) +- Prevent foreign impls of `Encoding` by bounding sealed `Variant` trait ([#562]) + +[#557]: https://github.com/RustCrypto/formats/pull/557 +[#562]: https://github.com/RustCrypto/formats/pull/562 + +## 1.4.1 (2022-03-11) +### Changed +- Rename `Decoder::decoded_len` => `::remaining_len` ([#500]) + +[#500]: https://github.com/RustCrypto/formats/pull/500 + +## 1.4.0 (2022-03-10) [YANKED] +### Added +- Buffered `Encoder` type ([#366], [#455], [#457]) +- `Decoder::decoded_len` method ([#403]) +- Impl `std::io::Read` for `Decoder` ([#404]) +- Bounds for `Encoding`/`Variant` ZSTs ([#405], [#408]) + +[#366]: https://github.com/RustCrypto/formats/pull/366 +[#403]: https://github.com/RustCrypto/formats/pull/403 +[#404]: https://github.com/RustCrypto/formats/pull/404 +[#405]: https://github.com/RustCrypto/formats/pull/405 +[#408]: https://github.com/RustCrypto/formats/pull/408 +[#455]: https://github.com/RustCrypto/formats/pull/455 +[#457]: https://github.com/RustCrypto/formats/pull/457 + +## 1.3.3 (2021-12-28) +### Fixed +- Potential infinite loop in `Decoder::decode` ([#305]) + +[#305]: https://github.com/RustCrypto/formats/pull/305 + +## 1.3.2 (2021-12-26) [YANKED] +### Fixed +- `Decoder` unpadding ([#299]) +- Edge case when using `Decoder::new_wrapped` ([#300]) + +[#299]: https://github.com/RustCrypto/formats/pull/299 +[#300]: https://github.com/RustCrypto/formats/pull/300 + +## 1.3.1 (2021-12-20) [YANKED] +### Added +- `Decoder::new_wrapped` with support for line-wrapped Base64 ([#292], [#293], [#294]) + +[#292]: https://github.com/RustCrypto/formats/pull/292 +[#293]: https://github.com/RustCrypto/formats/pull/292 +[#294]: https://github.com/RustCrypto/formats/pull/294 + +## 1.3.0 (2021-12-02) [YANKED] +### Added +- Stateful `Decoder` type ([#266]) + +[#266]: https://github.com/RustCrypto/formats/pull/266 + +## 1.2.0 (2021-11-03) +### Changed +- Rust 2021 edition upgrade; MSRV 1.56 ([#136]) + +### Fixed +- Benchmarks ([#135]) + +[#135]: https://github.com/RustCrypto/formats/pull/135 +[#136]: https://github.com/RustCrypto/formats/pull/136 + +## 1.1.1 (2021-10-14) +### Changed +- Update `Util::Lookup` paper references ([#32]) + +[#32]: https://github.com/RustCrypto/formats/pull/32 + +## 1.1.0 (2021-09-14) +### Changed +- Moved to `formats` repo; MSRV 1.51+ ([#2]) + +[#2]: https://github.com/RustCrypto/formats/pull/2 + +## 1.0.1 (2021-08-14) +### Fixed +- Make `Encoding::decode` reject invalid padding + +## 1.0.0 (2021-03-17) +### Changed +- Bump MSRV to 1.47+ + +### Fixed +- MSRV-dependent TODOs in implementation + +## 0.2.1 (2021-03-07) +### Fixed +- MSRV docs + +## 0.2.0 (2021-02-01) +### Changed +- Refactor with `Encoding` trait +- Internal refactoring + +## 0.1.2 (2021-01-31) +### Added +- bcrypt encoding +- `crypt(3)` encoding + +### Changed +- Internal refactoring + +## 0.1.1 (2021-01-27) +- Minor code improvements + +## 0.1.0 (2021-01-26) +- Initial release diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/Cargo.toml new file mode 100644 index 000000000000..6cf4e32c254e --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/Cargo.toml @@ -0,0 +1,55 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +edition = "2021" +rust-version = "1.60" +name = "base64ct" +version = "1.6.0" +authors = ["RustCrypto Developers"] +description = """ +Pure Rust implementation of Base64 (RFC 4648) which avoids any usages of +data-dependent branches/LUTs and thereby provides portable \"best effort\" +constant-time operation and embedded-friendly no_std support +""" +documentation = "https://docs.rs/base64ct" +readme = "README.md" +keywords = [ + "crypto", + "base64", + "pem", + "phc", +] +categories = [ + "cryptography", + "encoding", + "no-std", + "parser-implementations", +] +license = "Apache-2.0 OR MIT" +repository = "https://github.com/RustCrypto/formats/tree/master/base64ct" + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = [ + "--cfg", + "docsrs", +] + +[dev-dependencies.base64] +version = "0.21" + +[dev-dependencies.proptest] +version = "1" + +[features] +alloc = [] +std = ["alloc"] diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/Cargo.toml.orig new file mode 100644 index 000000000000..d8c6cf890602 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/Cargo.toml.orig @@ -0,0 +1,29 @@ +[package] +name = "base64ct" +version = "1.6.0" +description = """ +Pure Rust implementation of Base64 (RFC 4648) which avoids any usages of +data-dependent branches/LUTs and thereby provides portable "best effort" +constant-time operation and embedded-friendly no_std support +""" +authors = ["RustCrypto Developers"] +license = "Apache-2.0 OR MIT" +documentation = "https://docs.rs/base64ct" +repository = "https://github.com/RustCrypto/formats/tree/master/base64ct" +categories = ["cryptography", "encoding", "no-std", "parser-implementations"] +keywords = ["crypto", "base64", "pem", "phc"] +readme = "README.md" +edition = "2021" +rust-version = "1.60" + +[dev-dependencies] +base64 = "0.21" +proptest = "1" + +[features] +alloc = [] +std = ["alloc"] + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = ["--cfg", "docsrs"] diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/LICENSE-APACHE b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/LICENSE-APACHE similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/LICENSE-APACHE rename to third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/LICENSE-APACHE diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/LICENSE-MIT b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/LICENSE-MIT similarity index 89% rename from third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/LICENSE-MIT rename to third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/LICENSE-MIT index e8f255f7a68c..da278e6844d5 100644 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/LICENSE-MIT +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/LICENSE-MIT @@ -1,4 +1,5 @@ -Copyright (c) 2018-2020 The Rust Secure Code Working Group +Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com) +Copyright (c) 2021 The RustCrypto Project Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/README.md b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/README.md new file mode 100644 index 000000000000..b808f43096e5 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/README.md @@ -0,0 +1,86 @@ +# [RustCrypto]: Constant-Time Base64 + +[![crate][crate-image]][crate-link] +[![Docs][docs-image]][docs-link] +[![Build Status][build-image]][build-link] +![Apache2/MIT licensed][license-image] +![Rust Version][rustc-image] +[![Project Chat][chat-image]][chat-link] + +Pure Rust implementation of Base64 ([RFC 4648]). + +Implements multiple Base64 alphabets without data-dependent branches or lookup +tables, thereby providing portable "best effort" constant-time operation. + +Supports `no_std` environments and avoids heap allocations in the core API +(but also provides optional `alloc` support for convenience). + +[Documentation][docs-link] + +## About + +This crate implements several Base64 alphabets in constant-time for sidechannel +resistance, aimed at purposes like encoding/decoding the "PEM" format used to +store things like cryptographic private keys (i.e. in the [`pem-rfc7468`] crate). + +The paper [Util::Lookup: Exploiting key decoding in cryptographic libraries][Util::Lookup] +demonstrates how the leakage from non-constant-time Base64 parsers can be used +to practically extract RSA private keys from SGX enclaves. + +The padded variants require (`=`) padding. Unpadded variants expressly +reject such padding. + +Whitespace is expressly disallowed, with the exception of the +[`Decoder::new_wrapped`] and [`Encoder::new_wrapped`] modes which provide +fixed-width line wrapping. + +## Supported Base64 variants + +- Standard Base64: `[A-Z]`, `[a-z]`, `[0-9]`, `+`, `/` +- URL-safe Base64: `[A-Z]`, `[a-z]`, `[0-9]`, `-`, `_` +- bcrypt Base64: `.`, `/`, `[A-Z]`, `[a-z]`, `[0-9]` +- `crypt(3)` Base64: `.`, `-`, `[0-9]`, `[A-Z]`, `[a-z]` + +## Minimum Supported Rust Version + +This crate requires **Rust 1.60** at a minimum. + +We may change the MSRV in the future, but it will be accompanied by a minor +version bump. + +## License + +Licensed under either of: + + * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) + * [MIT license](http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you, as defined in the Apache-2.0 license, shall be +dual licensed as above, without any additional terms or conditions. + +[//]: # (badges) + +[crate-image]: https://buildstats.info/crate/base64ct +[crate-link]: https://crates.io/crates/base64ct +[docs-image]: https://docs.rs/base64ct/badge.svg +[docs-link]: https://docs.rs/base64ct/ +[build-image]: https://github.com/RustCrypto/formats/actions/workflows/base64ct.yml/badge.svg +[build-link]: https://github.com/RustCrypto/formats/actions/workflows/base64ct.yml +[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg +[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg +[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/300570-formats + +[//]: # (links) + +[RustCrypto]: https://github.com/rustcrypto +[RFC 4648]: https://tools.ietf.org/html/rfc4648 +[`pem-rfc7468`]: https://github.com/RustCrypto/formats/tree/master/pem-rfc7468 +[Util::Lookup]: https://arxiv.org/pdf/2108.04600.pdf +[`Decoder::new_wrapped`]: https://docs.rs/base64ct/latest/base64ct/struct.Decoder.html#method.new_wrapped +[`Encoder::new_wrapped`]: https://docs.rs/base64ct/latest/base64ct/struct.Encoder.html#method.new_wrapped diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/benches/mod.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/benches/mod.rs new file mode 100644 index 000000000000..4d1b8c65b4a7 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/benches/mod.rs @@ -0,0 +1,62 @@ +//! `base64ct` benchmarks + +#![feature(test)] +extern crate test; + +use base64ct::{Base64Unpadded, Encoding}; +use test::Bencher; + +const B64_LEN: usize = 100_002; +const RAW_LEN: usize = (3 * B64_LEN) / 4; + +#[inline(never)] +fn get_raw_data() -> Vec { + (0..RAW_LEN).map(|i| i as u8).collect() +} + +#[inline(never)] +fn get_b64_data() -> String { + (0..B64_LEN) + .map(|i| match (i % 64) as u8 { + v @ 0..=25 => (v + 'A' as u8) as char, + v @ 26..=51 => (v - 26 + 'a' as u8) as char, + v @ 52..=61 => (v - 52 + '0' as u8) as char, + 62 => '+', + _ => '/', + }) + .collect() +} + +#[bench] +fn decode_bench(b: &mut Bencher) { + let b64_data = get_b64_data(); + let mut buf = get_raw_data(); + b.iter(|| { + let out = Base64Unpadded::decode(&b64_data, &mut buf).unwrap(); + test::black_box(out); + }); + b.bytes = RAW_LEN as u64; +} + +#[bench] +fn decode_in_place_bench(b: &mut Bencher) { + let mut b64_data = get_b64_data().into_bytes(); + b.iter(|| { + // since it works on the same buffer over and over, + // almost always `out` will be an error + let out = Base64Unpadded::decode_in_place(&mut b64_data); + let _ = test::black_box(out); + }); + b.bytes = RAW_LEN as u64; +} + +#[bench] +fn encode_bench(b: &mut Bencher) { + let mut buf = get_b64_data().into_bytes(); + let raw_data = get_raw_data(); + b.iter(|| { + let out = Base64Unpadded::encode(&raw_data, &mut buf).unwrap(); + test::black_box(out); + }); + b.bytes = RAW_LEN as u64; +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet.rs new file mode 100644 index 000000000000..d888e72e71c9 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet.rs @@ -0,0 +1,124 @@ +//! Base64 alphabets. + +// TODO(tarcieri): explicitly checked/wrapped arithmetic +#![allow(clippy::integer_arithmetic)] + +use core::{fmt::Debug, ops::RangeInclusive}; + +pub mod bcrypt; +pub mod crypt; +pub mod shacrypt; +pub mod standard; +pub mod url; + +/// Core encoder/decoder functions for a particular Base64 alphabet. +pub trait Alphabet: 'static + Copy + Debug + Eq + Send + Sized + Sync { + /// First character in this Base64 alphabet. + const BASE: u8; + + /// Decoder passes + const DECODER: &'static [DecodeStep]; + + /// Encoder passes + const ENCODER: &'static [EncodeStep]; + + /// Is this encoding padded? + const PADDED: bool; + + /// Unpadded equivalent of this alphabet. + /// + /// For alphabets that are unpadded to begin with, this should be `Self`. + type Unpadded: Alphabet; + + /// Decode 3 bytes of a Base64 message. + #[inline(always)] + fn decode_3bytes(src: &[u8], dst: &mut [u8]) -> i16 { + debug_assert_eq!(src.len(), 4); + debug_assert!(dst.len() >= 3, "dst too short: {}", dst.len()); + + let c0 = Self::decode_6bits(src[0]); + let c1 = Self::decode_6bits(src[1]); + let c2 = Self::decode_6bits(src[2]); + let c3 = Self::decode_6bits(src[3]); + + dst[0] = ((c0 << 2) | (c1 >> 4)) as u8; + dst[1] = ((c1 << 4) | (c2 >> 2)) as u8; + dst[2] = ((c2 << 6) | c3) as u8; + + ((c0 | c1 | c2 | c3) >> 8) & 1 + } + + /// Decode 6-bits of a Base64 message. + fn decode_6bits(src: u8) -> i16 { + let mut ret: i16 = -1; + + for step in Self::DECODER { + ret += match step { + DecodeStep::Range(range, offset) => { + // Compute exclusive range from inclusive one + let start = *range.start() as i16 - 1; + let end = *range.end() as i16 + 1; + (((start - src as i16) & (src as i16 - end)) >> 8) & (src as i16 + *offset) + } + DecodeStep::Eq(value, offset) => { + let start = *value as i16 - 1; + let end = *value as i16 + 1; + (((start - src as i16) & (src as i16 - end)) >> 8) & *offset + } + }; + } + + ret + } + + /// Encode 3-bytes of a Base64 message. + #[inline(always)] + fn encode_3bytes(src: &[u8], dst: &mut [u8]) { + debug_assert_eq!(src.len(), 3); + debug_assert!(dst.len() >= 4, "dst too short: {}", dst.len()); + + let b0 = src[0] as i16; + let b1 = src[1] as i16; + let b2 = src[2] as i16; + + dst[0] = Self::encode_6bits(b0 >> 2); + dst[1] = Self::encode_6bits(((b0 << 4) | (b1 >> 4)) & 63); + dst[2] = Self::encode_6bits(((b1 << 2) | (b2 >> 6)) & 63); + dst[3] = Self::encode_6bits(b2 & 63); + } + + /// Encode 6-bits of a Base64 message. + #[inline(always)] + fn encode_6bits(src: i16) -> u8 { + let mut diff = src + Self::BASE as i16; + + for &step in Self::ENCODER { + diff += match step { + EncodeStep::Apply(threshold, offset) => ((threshold as i16 - diff) >> 8) & offset, + EncodeStep::Diff(threshold, offset) => ((threshold as i16 - src) >> 8) & offset, + }; + } + + diff as u8 + } +} + +/// Constant-time decoder step. +#[derive(Debug)] +pub enum DecodeStep { + /// Match the given range, offsetting the input on match. + Range(RangeInclusive, i16), + + /// Match the given value, returning the associated offset on match. + Eq(u8, i16), +} + +/// Constant-time encoder step. +#[derive(Copy, Clone, Debug)] +pub enum EncodeStep { + /// Apply the given offset to the cumulative result on match. + Apply(u8, i16), + + /// Compute a difference using the given offset on match. + Diff(u8, i16), +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/bcrypt.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/bcrypt.rs new file mode 100644 index 000000000000..4227dbfcf055 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/bcrypt.rs @@ -0,0 +1,33 @@ +//! bcrypt Base64 encoding. + +use super::{Alphabet, DecodeStep, EncodeStep}; + +/// bcrypt Base64 encoding. +/// +/// ```text +/// ./ [A-Z] [a-z] [0-9] +/// 0x2e-0x2f, 0x41-0x5a, 0x61-0x7a, 0x30-0x39 +/// ``` +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct Base64Bcrypt; + +impl Alphabet for Base64Bcrypt { + const BASE: u8 = b'.'; + + const DECODER: &'static [DecodeStep] = &[ + DecodeStep::Range(b'.'..=b'/', -45), + DecodeStep::Range(b'A'..=b'Z', -62), + DecodeStep::Range(b'a'..=b'z', -68), + DecodeStep::Range(b'0'..=b'9', 7), + ]; + + const ENCODER: &'static [EncodeStep] = &[ + EncodeStep::Apply(b'/', 17), + EncodeStep::Apply(b'Z', 6), + EncodeStep::Apply(b'z', -75), + ]; + + const PADDED: bool = false; + + type Unpadded = Self; +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/crypt.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/crypt.rs new file mode 100644 index 000000000000..5d97c33ac5bf --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/crypt.rs @@ -0,0 +1,29 @@ +//! `crypt(3)` Base64 encoding. + +use super::{Alphabet, DecodeStep, EncodeStep}; + +/// `crypt(3)` Base64 encoding. +/// +/// ```text +/// [.-9] [A-Z] [a-z] +/// 0x2e-0x39, 0x41-0x5a, 0x61-0x7a +/// ``` +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct Base64Crypt; + +impl Alphabet for Base64Crypt { + const BASE: u8 = b'.'; + + const DECODER: &'static [DecodeStep] = &[ + DecodeStep::Range(b'.'..=b'9', -45), + DecodeStep::Range(b'A'..=b'Z', -52), + DecodeStep::Range(b'a'..=b'z', -58), + ]; + + const ENCODER: &'static [EncodeStep] = + &[EncodeStep::Apply(b'9', 7), EncodeStep::Apply(b'Z', 6)]; + + const PADDED: bool = false; + + type Unpadded = Self; +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/shacrypt.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/shacrypt.rs new file mode 100644 index 000000000000..ef8d362f94da --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/shacrypt.rs @@ -0,0 +1,65 @@ +//! `crypt(3)` Base64 encoding for sha* family. + +use super::{Alphabet, DecodeStep, EncodeStep}; + +/// `crypt(3)` Base64 encoding for the following schemes. +/// * sha1_crypt, +/// * sha256_crypt, +/// * sha512_crypt, +/// * md5_crypt +/// +/// ```text +/// [.-9] [A-Z] [a-z] +/// 0x2e-0x39, 0x41-0x5a, 0x61-0x7a +/// ``` +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct Base64ShaCrypt; + +impl Alphabet for Base64ShaCrypt { + const BASE: u8 = b'.'; + + const DECODER: &'static [DecodeStep] = &[ + DecodeStep::Range(b'.'..=b'9', -45), + DecodeStep::Range(b'A'..=b'Z', -52), + DecodeStep::Range(b'a'..=b'z', -58), + ]; + + const ENCODER: &'static [EncodeStep] = + &[EncodeStep::Apply(b'9', 7), EncodeStep::Apply(b'Z', 6)]; + + const PADDED: bool = false; + + type Unpadded = Self; + + #[inline(always)] + fn decode_3bytes(src: &[u8], dst: &mut [u8]) -> i16 { + debug_assert_eq!(src.len(), 4); + debug_assert!(dst.len() >= 3, "dst too short: {}", dst.len()); + + let c0 = Self::decode_6bits(src[0]); + let c1 = Self::decode_6bits(src[1]); + let c2 = Self::decode_6bits(src[2]); + let c3 = Self::decode_6bits(src[3]); + + dst[0] = (c0 | ((c1 & 0x3) << 6)) as u8; + dst[1] = ((c1 >> 2) | ((c2 & 0xF) << 4)) as u8; + dst[2] = ((c2 >> 4) | (c3 << 2)) as u8; + + ((c0 | c1 | c2 | c3) >> 8) & 1 + } + + #[inline(always)] + fn encode_3bytes(src: &[u8], dst: &mut [u8]) { + debug_assert_eq!(src.len(), 3); + debug_assert!(dst.len() >= 4, "dst too short: {}", dst.len()); + + let b0 = src[0] as i16; + let b1 = src[1] as i16; + let b2 = src[2] as i16; + + dst[0] = Self::encode_6bits(b0 & 63); + dst[1] = Self::encode_6bits(((b1 << 2) | (b0 >> 6)) & 63); + dst[2] = Self::encode_6bits(((b2 << 4) | (b1 >> 4)) & 63); + dst[3] = Self::encode_6bits(b2 >> 2); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/standard.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/standard.rs new file mode 100644 index 000000000000..90eab69f16cc --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/standard.rs @@ -0,0 +1,54 @@ +//! Standard Base64 encoding. + +use super::{Alphabet, DecodeStep, EncodeStep}; + +/// Standard Base64 encoding with `=` padding. +/// +/// ```text +/// [A-Z] [a-z] [0-9] + / +/// 0x41-0x5a, 0x61-0x7a, 0x30-0x39, 0x2b, 0x2f +/// ``` +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct Base64; + +impl Alphabet for Base64 { + const BASE: u8 = b'A'; + const DECODER: &'static [DecodeStep] = DECODER; + const ENCODER: &'static [EncodeStep] = ENCODER; + const PADDED: bool = true; + type Unpadded = Base64Unpadded; +} + +/// Standard Base64 encoding *without* padding. +/// +/// ```text +/// [A-Z] [a-z] [0-9] + / +/// 0x41-0x5a, 0x61-0x7a, 0x30-0x39, 0x2b, 0x2f +/// ``` +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct Base64Unpadded; + +impl Alphabet for Base64Unpadded { + const BASE: u8 = b'A'; + const DECODER: &'static [DecodeStep] = DECODER; + const ENCODER: &'static [EncodeStep] = ENCODER; + const PADDED: bool = false; + type Unpadded = Self; +} + +/// Standard Base64 decoder +const DECODER: &[DecodeStep] = &[ + DecodeStep::Range(b'A'..=b'Z', -64), + DecodeStep::Range(b'a'..=b'z', -70), + DecodeStep::Range(b'0'..=b'9', 5), + DecodeStep::Eq(b'+', 63), + DecodeStep::Eq(b'/', 64), +]; + +/// Standard Base64 encoder +const ENCODER: &[EncodeStep] = &[ + EncodeStep::Diff(25, 6), + EncodeStep::Diff(51, -75), + EncodeStep::Diff(61, -(b'+' as i16 - 0x1c)), + EncodeStep::Diff(62, b'/' as i16 - b'+' as i16 - 1), +]; diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/url.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/url.rs new file mode 100644 index 000000000000..432edb85277e --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/alphabet/url.rs @@ -0,0 +1,54 @@ +//! URL-safe Base64 encoding. + +use super::{Alphabet, DecodeStep, EncodeStep}; + +/// URL-safe Base64 encoding with `=` padding. +/// +/// ```text +/// [A-Z] [a-z] [0-9] - _ +/// 0x41-0x5a, 0x61-0x7a, 0x30-0x39, 0x2d, 0x5f +/// ``` +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct Base64Url; + +impl Alphabet for Base64Url { + const BASE: u8 = b'A'; + const DECODER: &'static [DecodeStep] = DECODER; + const ENCODER: &'static [EncodeStep] = ENCODER; + const PADDED: bool = true; + type Unpadded = Base64UrlUnpadded; +} + +/// URL-safe Base64 encoding *without* padding. +/// +/// ```text +/// [A-Z] [a-z] [0-9] - _ +/// 0x41-0x5a, 0x61-0x7a, 0x30-0x39, 0x2d, 0x5f +/// ``` +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct Base64UrlUnpadded; + +impl Alphabet for Base64UrlUnpadded { + const BASE: u8 = b'A'; + const DECODER: &'static [DecodeStep] = DECODER; + const ENCODER: &'static [EncodeStep] = ENCODER; + const PADDED: bool = false; + type Unpadded = Self; +} + +/// URL-safe Base64 decoder +const DECODER: &[DecodeStep] = &[ + DecodeStep::Range(b'A'..=b'Z', -64), + DecodeStep::Range(b'a'..=b'z', -70), + DecodeStep::Range(b'0'..=b'9', 5), + DecodeStep::Eq(b'-', 63), + DecodeStep::Eq(b'_', 64), +]; + +/// URL-safe Base64 encoder +const ENCODER: &[EncodeStep] = &[ + EncodeStep::Diff(25, 6), + EncodeStep::Diff(51, -75), + EncodeStep::Diff(61, -(b'-' as i16 - 0x20)), + EncodeStep::Diff(62, b'_' as i16 - b'-' as i16 - 1), +]; diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/decoder.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/decoder.rs new file mode 100644 index 000000000000..b1010469162a --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/decoder.rs @@ -0,0 +1,618 @@ +//! Buffered Base64 decoder. + +use crate::{ + encoding, + line_ending::{CHAR_CR, CHAR_LF}, + Encoding, + Error::{self, InvalidLength}, + MIN_LINE_WIDTH, +}; +use core::{cmp, marker::PhantomData}; + +#[cfg(feature = "alloc")] +use {alloc::vec::Vec, core::iter}; + +#[cfg(feature = "std")] +use std::io; + +#[cfg(doc)] +use crate::{Base64, Base64Unpadded}; + +/// Stateful Base64 decoder with support for buffered, incremental decoding. +/// +/// The `E` type parameter can be any type which impls [`Encoding`] such as +/// [`Base64`] or [`Base64Unpadded`]. +#[derive(Clone)] +pub struct Decoder<'i, E: Encoding> { + /// Current line being processed. + line: Line<'i>, + + /// Base64 input data reader. + line_reader: LineReader<'i>, + + /// Length of the remaining data after Base64 decoding. + remaining_len: usize, + + /// Block buffer used for non-block-aligned data. + block_buffer: BlockBuffer, + + /// Phantom parameter for the Base64 encoding in use. + encoding: PhantomData, +} + +impl<'i, E: Encoding> Decoder<'i, E> { + /// Create a new decoder for a byte slice containing contiguous + /// (non-newline-delimited) Base64-encoded data. + /// + /// # Returns + /// - `Ok(decoder)` on success. + /// - `Err(Error::InvalidLength)` if the input buffer is empty. + pub fn new(input: &'i [u8]) -> Result { + let line_reader = LineReader::new_unwrapped(input)?; + let remaining_len = line_reader.decoded_len::()?; + + Ok(Self { + line: Line::default(), + line_reader, + remaining_len, + block_buffer: BlockBuffer::default(), + encoding: PhantomData, + }) + } + + /// Create a new decoder for a byte slice containing Base64 which + /// line wraps at the given line length. + /// + /// Trailing newlines are not supported and must be removed in advance. + /// + /// Newlines are handled according to what are roughly [RFC7468] conventions: + /// + /// ```text + /// [parsers] MUST handle different newline conventions + /// ``` + /// + /// RFC7468 allows any of the following as newlines, and allows a mixture + /// of different types of newlines: + /// + /// ```text + /// eol = CRLF / CR / LF + /// ``` + /// + /// # Returns + /// - `Ok(decoder)` on success. + /// - `Err(Error::InvalidLength)` if the input buffer is empty or the line + /// width is zero. + /// + /// [RFC7468]: https://datatracker.ietf.org/doc/html/rfc7468 + pub fn new_wrapped(input: &'i [u8], line_width: usize) -> Result { + let line_reader = LineReader::new_wrapped(input, line_width)?; + let remaining_len = line_reader.decoded_len::()?; + + Ok(Self { + line: Line::default(), + line_reader, + remaining_len, + block_buffer: BlockBuffer::default(), + encoding: PhantomData, + }) + } + + /// Fill the provided buffer with data decoded from Base64. + /// + /// Enough Base64 input data must remain to fill the entire buffer. + /// + /// # Returns + /// - `Ok(bytes)` if the expected amount of data was read + /// - `Err(Error::InvalidLength)` if the exact amount of data couldn't be read + pub fn decode<'o>(&mut self, out: &'o mut [u8]) -> Result<&'o [u8], Error> { + if self.is_finished() { + return Err(InvalidLength); + } + + let mut out_pos = 0; + + while out_pos < out.len() { + // If there's data in the block buffer, use it + if !self.block_buffer.is_empty() { + let out_rem = out.len().checked_sub(out_pos).ok_or(InvalidLength)?; + let bytes = self.block_buffer.take(out_rem)?; + out[out_pos..][..bytes.len()].copy_from_slice(bytes); + out_pos = out_pos.checked_add(bytes.len()).ok_or(InvalidLength)?; + } + + // Advance the line reader if necessary + if self.line.is_empty() && !self.line_reader.is_empty() { + self.advance_line()?; + } + + // Attempt to decode a stride of block-aligned data + let in_blocks = self.line.len() / 4; + let out_rem = out.len().checked_sub(out_pos).ok_or(InvalidLength)?; + let out_blocks = out_rem / 3; + let blocks = cmp::min(in_blocks, out_blocks); + let in_aligned = self.line.take(blocks.checked_mul(4).ok_or(InvalidLength)?); + + if !in_aligned.is_empty() { + let out_buf = &mut out[out_pos..][..blocks.checked_mul(3).ok_or(InvalidLength)?]; + let decoded_len = self.perform_decode(in_aligned, out_buf)?.len(); + out_pos = out_pos.checked_add(decoded_len).ok_or(InvalidLength)?; + } + + if out_pos < out.len() { + if self.is_finished() { + // If we're out of input then we've been requested to decode + // more data than is actually available. + return Err(InvalidLength); + } else { + // If we still have data available but haven't completely + // filled the output slice, we're in a situation where + // either the input or output isn't block-aligned, so fill + // the internal block buffer. + self.fill_block_buffer()?; + } + } + } + + self.remaining_len = self + .remaining_len + .checked_sub(out.len()) + .ok_or(InvalidLength)?; + + Ok(out) + } + + /// Decode all remaining Base64 data, placing the result into `buf`. + /// + /// If successful, this function will return the total number of bytes + /// decoded into `buf`. + #[cfg(feature = "alloc")] + pub fn decode_to_end<'o>(&mut self, buf: &'o mut Vec) -> Result<&'o [u8], Error> { + let start_len = buf.len(); + let remaining_len = self.remaining_len(); + let total_len = start_len.checked_add(remaining_len).ok_or(InvalidLength)?; + + if total_len > buf.capacity() { + buf.reserve(total_len.checked_sub(buf.capacity()).ok_or(InvalidLength)?); + } + + // Append `decoded_len` zeroes to the vector + buf.extend(iter::repeat(0).take(remaining_len)); + self.decode(&mut buf[start_len..])?; + Ok(&buf[start_len..]) + } + + /// Get the length of the remaining data after Base64 decoding. + /// + /// Decreases every time data is decoded. + pub fn remaining_len(&self) -> usize { + self.remaining_len + } + + /// Has all of the input data been decoded? + pub fn is_finished(&self) -> bool { + self.line.is_empty() && self.line_reader.is_empty() && self.block_buffer.is_empty() + } + + /// Fill the block buffer with data. + fn fill_block_buffer(&mut self) -> Result<(), Error> { + let mut buf = [0u8; BlockBuffer::SIZE]; + + let decoded = if self.line.len() < 4 && !self.line_reader.is_empty() { + // Handle input block which is split across lines + let mut tmp = [0u8; 4]; + + // Copy remaining data in the line into tmp + let line_end = self.line.take(4); + tmp[..line_end.len()].copy_from_slice(line_end); + + // Advance the line and attempt to fill tmp + self.advance_line()?; + let len = 4usize.checked_sub(line_end.len()).ok_or(InvalidLength)?; + let line_begin = self.line.take(len); + tmp[line_end.len()..][..line_begin.len()].copy_from_slice(line_begin); + + let tmp_len = line_begin + .len() + .checked_add(line_end.len()) + .ok_or(InvalidLength)?; + + self.perform_decode(&tmp[..tmp_len], &mut buf) + } else { + let block = self.line.take(4); + self.perform_decode(block, &mut buf) + }?; + + self.block_buffer.fill(decoded) + } + + /// Advance the internal buffer to the next line. + fn advance_line(&mut self) -> Result<(), Error> { + debug_assert!(self.line.is_empty(), "expected line buffer to be empty"); + + if let Some(line) = self.line_reader.next().transpose()? { + self.line = line; + Ok(()) + } else { + Err(InvalidLength) + } + } + + /// Perform Base64 decoding operation. + fn perform_decode<'o>(&self, src: &[u8], dst: &'o mut [u8]) -> Result<&'o [u8], Error> { + if self.is_finished() { + E::decode(src, dst) + } else { + E::Unpadded::decode(src, dst) + } + } +} + +#[cfg(feature = "std")] +impl<'i, E: Encoding> io::Read for Decoder<'i, E> { + fn read(&mut self, buf: &mut [u8]) -> io::Result { + if self.is_finished() { + return Ok(0); + } + let slice = match buf.get_mut(..self.remaining_len()) { + Some(bytes) => bytes, + None => buf, + }; + + self.decode(slice)?; + Ok(slice.len()) + } + + fn read_to_end(&mut self, buf: &mut Vec) -> io::Result { + if self.is_finished() { + return Ok(0); + } + Ok(self.decode_to_end(buf)?.len()) + } + + fn read_exact(&mut self, buf: &mut [u8]) -> io::Result<()> { + self.decode(buf)?; + Ok(()) + } +} + +/// Base64 decode buffer for a 1-block input. +/// +/// This handles a partially decoded block of data, i.e. data which has been +/// decoded but not read. +#[derive(Clone, Default, Debug)] +struct BlockBuffer { + /// 3 decoded bytes from a 4-byte Base64-encoded input. + decoded: [u8; Self::SIZE], + + /// Length of the buffer. + length: usize, + + /// Position within the buffer. + position: usize, +} + +impl BlockBuffer { + /// Size of the buffer in bytes. + const SIZE: usize = 3; + + /// Fill the buffer by decoding up to 3 bytes of decoded Base64 input. + fn fill(&mut self, decoded_input: &[u8]) -> Result<(), Error> { + debug_assert!(self.is_empty()); + + if decoded_input.len() > Self::SIZE { + return Err(InvalidLength); + } + + self.position = 0; + self.length = decoded_input.len(); + self.decoded[..decoded_input.len()].copy_from_slice(decoded_input); + Ok(()) + } + + /// Take a specified number of bytes from the buffer. + /// + /// Returns as many bytes as possible, or an empty slice if the buffer has + /// already been read to completion. + fn take(&mut self, mut nbytes: usize) -> Result<&[u8], Error> { + debug_assert!(self.position <= self.length); + let start_pos = self.position; + let remaining_len = self.length.checked_sub(start_pos).ok_or(InvalidLength)?; + + if nbytes > remaining_len { + nbytes = remaining_len; + } + + self.position = self.position.checked_add(nbytes).ok_or(InvalidLength)?; + Ok(&self.decoded[start_pos..][..nbytes]) + } + + /// Have all of the bytes in this buffer been consumed? + fn is_empty(&self) -> bool { + self.position == self.length + } +} + +/// A single line of linewrapped data, providing a read buffer. +#[derive(Clone, Debug)] +pub struct Line<'i> { + /// Remaining data in the line + remaining: &'i [u8], +} + +impl<'i> Default for Line<'i> { + fn default() -> Self { + Self::new(&[]) + } +} + +impl<'i> Line<'i> { + /// Create a new line which wraps the given input data. + fn new(bytes: &'i [u8]) -> Self { + Self { remaining: bytes } + } + + /// Take up to `nbytes` from this line buffer. + fn take(&mut self, nbytes: usize) -> &'i [u8] { + let (bytes, rest) = if nbytes < self.remaining.len() { + self.remaining.split_at(nbytes) + } else { + (self.remaining, [].as_ref()) + }; + + self.remaining = rest; + bytes + } + + /// Slice off a tail of a given length. + fn slice_tail(&self, nbytes: usize) -> Result<&'i [u8], Error> { + let offset = self.len().checked_sub(nbytes).ok_or(InvalidLength)?; + self.remaining.get(offset..).ok_or(InvalidLength) + } + + /// Get the number of bytes remaining in this line. + fn len(&self) -> usize { + self.remaining.len() + } + + /// Is the buffer for this line empty? + fn is_empty(&self) -> bool { + self.len() == 0 + } + + /// Trim the newline off the end of this line. + fn trim_end(&self) -> Self { + Line::new(match self.remaining { + [line @ .., CHAR_CR, CHAR_LF] => line, + [line @ .., CHAR_CR] => line, + [line @ .., CHAR_LF] => line, + line => line, + }) + } +} + +/// Iterator over multi-line Base64 input. +#[derive(Clone)] +struct LineReader<'i> { + /// Remaining linewrapped data to be processed. + remaining: &'i [u8], + + /// Line width. + line_width: Option, +} + +impl<'i> LineReader<'i> { + /// Create a new reader which operates over continugous unwrapped data. + fn new_unwrapped(bytes: &'i [u8]) -> Result { + if bytes.is_empty() { + Err(InvalidLength) + } else { + Ok(Self { + remaining: bytes, + line_width: None, + }) + } + } + + /// Create a new reader which operates over linewrapped data. + fn new_wrapped(bytes: &'i [u8], line_width: usize) -> Result { + if line_width < MIN_LINE_WIDTH { + return Err(InvalidLength); + } + + let mut reader = Self::new_unwrapped(bytes)?; + reader.line_width = Some(line_width); + Ok(reader) + } + + /// Is this line reader empty? + fn is_empty(&self) -> bool { + self.remaining.is_empty() + } + + /// Get the total length of the data decoded from this line reader. + fn decoded_len(&self) -> Result { + let mut buffer = [0u8; 4]; + let mut lines = self.clone(); + let mut line = match lines.next().transpose()? { + Some(l) => l, + None => return Ok(0), + }; + let mut base64_len = 0usize; + + loop { + base64_len = base64_len.checked_add(line.len()).ok_or(InvalidLength)?; + + match lines.next().transpose()? { + Some(l) => { + // Store the end of the line in the buffer so we can + // reassemble the last block to determine the real length + buffer.copy_from_slice(line.slice_tail(4)?); + + line = l + } + + // To compute an exact decoded length we need to decode the + // last Base64 block and get the decoded length. + // + // This is what the somewhat complex code below is doing. + None => { + // Compute number of bytes in the last block (may be unpadded) + let base64_last_block_len = match base64_len % 4 { + 0 => 4, + n => n, + }; + + // Compute decoded length without the last block + let decoded_len = encoding::decoded_len( + base64_len + .checked_sub(base64_last_block_len) + .ok_or(InvalidLength)?, + ); + + // Compute the decoded length of the last block + let mut out = [0u8; 3]; + let last_block_len = if line.len() < base64_last_block_len { + let buffered_part_len = base64_last_block_len + .checked_sub(line.len()) + .ok_or(InvalidLength)?; + + let offset = 4usize.checked_sub(buffered_part_len).ok_or(InvalidLength)?; + + for i in 0..buffered_part_len { + buffer[i] = buffer[offset.checked_add(i).ok_or(InvalidLength)?]; + } + + buffer[buffered_part_len..][..line.len()].copy_from_slice(line.remaining); + let buffer_len = buffered_part_len + .checked_add(line.len()) + .ok_or(InvalidLength)?; + + E::decode(&buffer[..buffer_len], &mut out)?.len() + } else { + let last_block = line.slice_tail(base64_last_block_len)?; + E::decode(last_block, &mut out)?.len() + }; + + return decoded_len.checked_add(last_block_len).ok_or(InvalidLength); + } + } + } + } +} + +impl<'i> Iterator for LineReader<'i> { + type Item = Result, Error>; + + fn next(&mut self) -> Option, Error>> { + if let Some(line_width) = self.line_width { + let rest = match self.remaining.get(line_width..) { + None | Some([]) => { + if self.remaining.is_empty() { + return None; + } else { + let line = Line::new(self.remaining).trim_end(); + self.remaining = &[]; + return Some(Ok(line)); + } + } + Some([CHAR_CR, CHAR_LF, rest @ ..]) => rest, + Some([CHAR_CR, rest @ ..]) => rest, + Some([CHAR_LF, rest @ ..]) => rest, + _ => { + // Expected a leading newline + return Some(Err(Error::InvalidEncoding)); + } + }; + + let line = Line::new(&self.remaining[..line_width]); + self.remaining = rest; + Some(Ok(line)) + } else if !self.remaining.is_empty() { + let line = Line::new(self.remaining).trim_end(); + self.remaining = b""; + + if line.is_empty() { + None + } else { + Some(Ok(line)) + } + } else { + None + } + } +} + +#[cfg(test)] +mod tests { + use crate::{alphabet::Alphabet, test_vectors::*, Base64, Base64Unpadded, Decoder}; + + #[cfg(feature = "std")] + use {alloc::vec::Vec, std::io::Read}; + + #[test] + fn decode_padded() { + decode_test(PADDED_BIN, || { + Decoder::::new(PADDED_BASE64.as_bytes()).unwrap() + }) + } + + #[test] + fn decode_unpadded() { + decode_test(UNPADDED_BIN, || { + Decoder::::new(UNPADDED_BASE64.as_bytes()).unwrap() + }) + } + + #[test] + fn decode_multiline_padded() { + decode_test(MULTILINE_PADDED_BIN, || { + Decoder::::new_wrapped(MULTILINE_PADDED_BASE64.as_bytes(), 70).unwrap() + }) + } + + #[test] + fn decode_multiline_unpadded() { + decode_test(MULTILINE_UNPADDED_BIN, || { + Decoder::::new_wrapped(MULTILINE_UNPADDED_BASE64.as_bytes(), 70) + .unwrap() + }) + } + + #[cfg(feature = "std")] + #[test] + fn read_multiline_padded() { + let mut decoder = + Decoder::::new_wrapped(MULTILINE_PADDED_BASE64.as_bytes(), 70).unwrap(); + + let mut buf = Vec::new(); + let len = decoder.read_to_end(&mut buf).unwrap(); + + assert_eq!(len, MULTILINE_PADDED_BIN.len()); + assert_eq!(buf.as_slice(), MULTILINE_PADDED_BIN); + } + + /// Core functionality of a decoding test + fn decode_test<'a, F, V>(expected: &[u8], f: F) + where + F: Fn() -> Decoder<'a, V>, + V: Alphabet, + { + for chunk_size in 1..expected.len() { + let mut decoder = f(); + let mut remaining_len = decoder.remaining_len(); + let mut buffer = [0u8; 1024]; + + for chunk in expected.chunks(chunk_size) { + assert!(!decoder.is_finished()); + let decoded = decoder.decode(&mut buffer[..chunk.len()]).unwrap(); + assert_eq!(chunk, decoded); + + remaining_len -= decoded.len(); + assert_eq!(remaining_len, decoder.remaining_len()); + } + + assert!(decoder.is_finished()); + assert_eq!(decoder.remaining_len(), 0); + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/encoder.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/encoder.rs new file mode 100644 index 000000000000..0ce8c2f36345 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/encoder.rs @@ -0,0 +1,363 @@ +//! Buffered Base64 encoder. + +use crate::{ + Encoding, + Error::{self, InvalidLength}, + LineEnding, MIN_LINE_WIDTH, +}; +use core::{cmp, marker::PhantomData, str}; + +#[cfg(feature = "std")] +use std::io; + +#[cfg(doc)] +use crate::{Base64, Base64Unpadded}; + +/// Stateful Base64 encoder with support for buffered, incremental encoding. +/// +/// The `E` type parameter can be any type which impls [`Encoding`] such as +/// [`Base64`] or [`Base64Unpadded`]. +pub struct Encoder<'o, E: Encoding> { + /// Output buffer. + output: &'o mut [u8], + + /// Cursor within the output buffer. + position: usize, + + /// Block buffer used for non-block-aligned data. + block_buffer: BlockBuffer, + + /// Configuration and state for line-wrapping the output at a specified + /// column. + line_wrapper: Option, + + /// Phantom parameter for the Base64 encoding in use. + encoding: PhantomData, +} + +impl<'o, E: Encoding> Encoder<'o, E> { + /// Create a new encoder which writes output to the given byte slice. + /// + /// Output constructed using this method is not line-wrapped. + pub fn new(output: &'o mut [u8]) -> Result { + if output.is_empty() { + return Err(InvalidLength); + } + + Ok(Self { + output, + position: 0, + block_buffer: BlockBuffer::default(), + line_wrapper: None, + encoding: PhantomData, + }) + } + + /// Create a new encoder which writes line-wrapped output to the given byte + /// slice. + /// + /// Output will be wrapped at the specified interval, using the provided + /// line ending. Use [`LineEnding::default()`] to use the conventional line + /// ending for the target OS. + /// + /// Minimum allowed line width is 4. + pub fn new_wrapped( + output: &'o mut [u8], + width: usize, + ending: LineEnding, + ) -> Result { + let mut encoder = Self::new(output)?; + encoder.line_wrapper = Some(LineWrapper::new(width, ending)?); + Ok(encoder) + } + + /// Encode the provided buffer as Base64, writing it to the output buffer. + /// + /// # Returns + /// - `Ok(bytes)` if the expected amount of data was read + /// - `Err(Error::InvalidLength)` if there is insufficient space in the output buffer + pub fn encode(&mut self, mut input: &[u8]) -> Result<(), Error> { + // If there's data in the block buffer, fill it + if !self.block_buffer.is_empty() { + self.process_buffer(&mut input)?; + } + + while !input.is_empty() { + // Attempt to encode a stride of block-aligned data + let in_blocks = input.len() / 3; + let out_blocks = self.remaining().len() / 4; + let mut blocks = cmp::min(in_blocks, out_blocks); + + // When line wrapping, cap the block-aligned stride at near/at line length + if let Some(line_wrapper) = &self.line_wrapper { + line_wrapper.wrap_blocks(&mut blocks)?; + } + + if blocks > 0 { + let len = blocks.checked_mul(3).ok_or(InvalidLength)?; + let (in_aligned, in_rem) = input.split_at(len); + input = in_rem; + self.perform_encode(in_aligned)?; + } + + // If there's remaining non-aligned data, fill the block buffer + if !input.is_empty() { + self.process_buffer(&mut input)?; + } + } + + Ok(()) + } + + /// Get the position inside of the output buffer where the write cursor + /// is currently located. + pub fn position(&self) -> usize { + self.position + } + + /// Finish encoding data, returning the resulting Base64 as a `str`. + pub fn finish(self) -> Result<&'o str, Error> { + self.finish_with_remaining().map(|(base64, _)| base64) + } + + /// Finish encoding data, returning the resulting Base64 as a `str` + /// along with the remaining space in the output buffer. + pub fn finish_with_remaining(mut self) -> Result<(&'o str, &'o mut [u8]), Error> { + if !self.block_buffer.is_empty() { + let buffer_len = self.block_buffer.position; + let block = self.block_buffer.bytes; + self.perform_encode(&block[..buffer_len])?; + } + + let (base64, remaining) = self.output.split_at_mut(self.position); + Ok((str::from_utf8(base64)?, remaining)) + } + + /// Borrow the remaining data in the buffer. + fn remaining(&mut self) -> &mut [u8] { + &mut self.output[self.position..] + } + + /// Fill the block buffer with data, consuming and encoding it when the + /// buffer is full. + fn process_buffer(&mut self, input: &mut &[u8]) -> Result<(), Error> { + self.block_buffer.fill(input)?; + + if self.block_buffer.is_full() { + let block = self.block_buffer.take(); + self.perform_encode(&block)?; + } + + Ok(()) + } + + /// Perform Base64 encoding operation. + fn perform_encode(&mut self, input: &[u8]) -> Result { + let mut len = E::encode(input, self.remaining())?.as_bytes().len(); + + // Insert newline characters into the output as needed + if let Some(line_wrapper) = &mut self.line_wrapper { + line_wrapper.insert_newlines(&mut self.output[self.position..], &mut len)?; + } + + self.position = self.position.checked_add(len).ok_or(InvalidLength)?; + Ok(len) + } +} + +#[cfg(feature = "std")] +impl<'o, E: Encoding> io::Write for Encoder<'o, E> { + fn write(&mut self, buf: &[u8]) -> io::Result { + self.encode(buf)?; + Ok(buf.len()) + } + + fn flush(&mut self) -> io::Result<()> { + // TODO(tarcieri): return an error if there's still data remaining in the buffer? + Ok(()) + } +} + +/// Base64 encode buffer for a 1-block output. +/// +/// This handles a partial block of data, i.e. data which hasn't been +#[derive(Clone, Default, Debug)] +struct BlockBuffer { + /// 3 decoded bytes to be encoded to a 4-byte Base64-encoded input. + bytes: [u8; Self::SIZE], + + /// Position within the buffer. + position: usize, +} + +impl BlockBuffer { + /// Size of the buffer in bytes: 3-bytes of unencoded input which + /// Base64 encode to 4-bytes of output. + const SIZE: usize = 3; + + /// Fill the remaining space in the buffer with the input data. + fn fill(&mut self, input: &mut &[u8]) -> Result<(), Error> { + let remaining = Self::SIZE.checked_sub(self.position).ok_or(InvalidLength)?; + let len = cmp::min(input.len(), remaining); + self.bytes[self.position..][..len].copy_from_slice(&input[..len]); + self.position = self.position.checked_add(len).ok_or(InvalidLength)?; + *input = &input[len..]; + Ok(()) + } + + /// Take the output buffer, resetting the position to 0. + fn take(&mut self) -> [u8; Self::SIZE] { + debug_assert!(self.is_full()); + let result = self.bytes; + *self = Default::default(); + result + } + + /// Is the buffer empty? + fn is_empty(&self) -> bool { + self.position == 0 + } + + /// Is the buffer full? + fn is_full(&self) -> bool { + self.position == Self::SIZE + } +} + +/// Helper for wrapping Base64 at a given line width. +#[derive(Debug)] +struct LineWrapper { + /// Number of bytes remaining in the current line. + remaining: usize, + + /// Column at which Base64 should be wrapped. + width: usize, + + /// Newline characters to use at the end of each line. + ending: LineEnding, +} + +impl LineWrapper { + /// Create a new linewrapper. + fn new(width: usize, ending: LineEnding) -> Result { + if width < MIN_LINE_WIDTH { + return Err(InvalidLength); + } + + Ok(Self { + remaining: width, + width, + ending, + }) + } + + /// Wrap the number of blocks to encode near/at EOL. + fn wrap_blocks(&self, blocks: &mut usize) -> Result<(), Error> { + if blocks.checked_mul(4).ok_or(InvalidLength)? >= self.remaining { + *blocks = self.remaining / 4; + } + + Ok(()) + } + + /// Insert newlines into the output buffer as needed. + fn insert_newlines(&mut self, mut buffer: &mut [u8], len: &mut usize) -> Result<(), Error> { + let mut buffer_len = *len; + + if buffer_len <= self.remaining { + self.remaining = self + .remaining + .checked_sub(buffer_len) + .ok_or(InvalidLength)?; + + return Ok(()); + } + + buffer = &mut buffer[self.remaining..]; + buffer_len = buffer_len + .checked_sub(self.remaining) + .ok_or(InvalidLength)?; + + // The `wrap_blocks` function should ensure the buffer is no larger than a Base64 block + debug_assert!(buffer_len <= 4, "buffer too long: {}", buffer_len); + + // Ensure space in buffer to add newlines + let buffer_end = buffer_len + .checked_add(self.ending.len()) + .ok_or(InvalidLength)?; + + if buffer_end >= buffer.len() { + return Err(InvalidLength); + } + + // Shift the buffer contents to make space for the line ending + for i in (0..buffer_len).rev() { + buffer[i.checked_add(self.ending.len()).ok_or(InvalidLength)?] = buffer[i]; + } + + buffer[..self.ending.len()].copy_from_slice(self.ending.as_bytes()); + *len = (*len).checked_add(self.ending.len()).ok_or(InvalidLength)?; + self.remaining = self.width.checked_sub(buffer_len).ok_or(InvalidLength)?; + + Ok(()) + } +} + +#[cfg(test)] +mod tests { + use crate::{alphabet::Alphabet, test_vectors::*, Base64, Base64Unpadded, Encoder, LineEnding}; + + #[test] + fn encode_padded() { + encode_test::(PADDED_BIN, PADDED_BASE64, None); + } + + #[test] + fn encode_unpadded() { + encode_test::(UNPADDED_BIN, UNPADDED_BASE64, None); + } + + #[test] + fn encode_multiline_padded() { + encode_test::(MULTILINE_PADDED_BIN, MULTILINE_PADDED_BASE64, Some(70)); + } + + #[test] + fn encode_multiline_unpadded() { + encode_test::(MULTILINE_UNPADDED_BIN, MULTILINE_UNPADDED_BASE64, Some(70)); + } + + #[test] + fn no_trailing_newline_when_aligned() { + let mut buffer = [0u8; 64]; + let mut encoder = Encoder::::new_wrapped(&mut buffer, 64, LineEnding::LF).unwrap(); + encoder.encode(&[0u8; 48]).unwrap(); + + // Ensure no newline character is present in this case + assert_eq!( + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + encoder.finish().unwrap() + ); + } + + /// Core functionality of an encoding test. + fn encode_test(input: &[u8], expected: &str, wrapped: Option) { + let mut buffer = [0u8; 1024]; + + for chunk_size in 1..input.len() { + let mut encoder = match wrapped { + Some(line_width) => { + Encoder::::new_wrapped(&mut buffer, line_width, LineEnding::LF) + } + None => Encoder::::new(&mut buffer), + } + .unwrap(); + + for chunk in input.chunks(chunk_size) { + encoder.encode(chunk).unwrap(); + } + + assert_eq!(expected, encoder.finish().unwrap()); + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/encoding.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/encoding.rs new file mode 100644 index 000000000000..83cbc32fe74f --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/encoding.rs @@ -0,0 +1,376 @@ +//! Base64 encodings + +use crate::{ + alphabet::Alphabet, + errors::{Error, InvalidEncodingError, InvalidLengthError}, +}; +use core::str; + +#[cfg(feature = "alloc")] +use alloc::{string::String, vec::Vec}; + +#[cfg(doc)] +use crate::{Base64, Base64Bcrypt, Base64Crypt, Base64Unpadded, Base64Url, Base64UrlUnpadded}; + +/// Padding character +const PAD: u8 = b'='; + +/// Base64 encoding trait. +/// +/// This trait must be imported to make use of any Base64 alphabet defined +/// in this crate. +/// +/// The following encoding types impl this trait: +/// +/// - [`Base64`]: standard Base64 encoding with `=` padding. +/// - [`Base64Bcrypt`]: bcrypt Base64 encoding. +/// - [`Base64Crypt`]: `crypt(3)` Base64 encoding. +/// - [`Base64Unpadded`]: standard Base64 encoding *without* padding. +/// - [`Base64Url`]: URL-safe Base64 encoding with `=` padding. +/// - [`Base64UrlUnpadded`]: URL-safe Base64 encoding *without* padding. +pub trait Encoding: Alphabet { + /// Decode a Base64 string into the provided destination buffer. + fn decode(src: impl AsRef<[u8]>, dst: &mut [u8]) -> Result<&[u8], Error>; + + /// Decode a Base64 string in-place. + /// + /// NOTE: this method does not (yet) validate that padding is well-formed, + /// if the given Base64 encoding is padded. + fn decode_in_place(buf: &mut [u8]) -> Result<&[u8], InvalidEncodingError>; + + /// Decode a Base64 string into a byte vector. + #[cfg(feature = "alloc")] + fn decode_vec(input: &str) -> Result, Error>; + + /// Encode the input byte slice as Base64. + /// + /// Writes the result into the provided destination slice, returning an + /// ASCII-encoded Base64 string value. + fn encode<'a>(src: &[u8], dst: &'a mut [u8]) -> Result<&'a str, InvalidLengthError>; + + /// Encode input byte slice into a [`String`] containing Base64. + /// + /// # Panics + /// If `input` length is greater than `usize::MAX/4`. + #[cfg(feature = "alloc")] + fn encode_string(input: &[u8]) -> String; + + /// Get the length of Base64 produced by encoding the given bytes. + /// + /// WARNING: this function will return `0` for lengths greater than `usize::MAX/4`! + fn encoded_len(bytes: &[u8]) -> usize; +} + +impl Encoding for T { + fn decode(src: impl AsRef<[u8]>, dst: &mut [u8]) -> Result<&[u8], Error> { + let (src_unpadded, mut err) = if T::PADDED { + let (unpadded_len, e) = decode_padding(src.as_ref())?; + (&src.as_ref()[..unpadded_len], e) + } else { + (src.as_ref(), 0) + }; + + let dlen = decoded_len(src_unpadded.len()); + + if dlen > dst.len() { + return Err(Error::InvalidLength); + } + + let dst = &mut dst[..dlen]; + + let mut src_chunks = src_unpadded.chunks_exact(4); + let mut dst_chunks = dst.chunks_exact_mut(3); + for (s, d) in (&mut src_chunks).zip(&mut dst_chunks) { + err |= Self::decode_3bytes(s, d); + } + let src_rem = src_chunks.remainder(); + let dst_rem = dst_chunks.into_remainder(); + + err |= !(src_rem.is_empty() || src_rem.len() >= 2) as i16; + let mut tmp_out = [0u8; 3]; + let mut tmp_in = [b'A'; 4]; + tmp_in[..src_rem.len()].copy_from_slice(src_rem); + err |= Self::decode_3bytes(&tmp_in, &mut tmp_out); + dst_rem.copy_from_slice(&tmp_out[..dst_rem.len()]); + + if err == 0 { + validate_last_block::(src.as_ref(), dst)?; + Ok(dst) + } else { + Err(Error::InvalidEncoding) + } + } + + // TODO(tarcieri): explicitly checked/wrapped arithmetic + #[allow(clippy::integer_arithmetic)] + fn decode_in_place(mut buf: &mut [u8]) -> Result<&[u8], InvalidEncodingError> { + // TODO: eliminate unsafe code when LLVM12 is stable + // See: https://github.com/rust-lang/rust/issues/80963 + let mut err = if T::PADDED { + let (unpadded_len, e) = decode_padding(buf)?; + buf = &mut buf[..unpadded_len]; + e + } else { + 0 + }; + + let dlen = decoded_len(buf.len()); + let full_chunks = buf.len() / 4; + + for chunk in 0..full_chunks { + // SAFETY: `p3` and `p4` point inside `buf`, while they may overlap, + // read and write are clearly separated from each other and done via + // raw pointers. + #[allow(unsafe_code)] + unsafe { + debug_assert!(3 * chunk + 3 <= buf.len()); + debug_assert!(4 * chunk + 4 <= buf.len()); + + let p3 = buf.as_mut_ptr().add(3 * chunk) as *mut [u8; 3]; + let p4 = buf.as_ptr().add(4 * chunk) as *const [u8; 4]; + + let mut tmp_out = [0u8; 3]; + err |= Self::decode_3bytes(&*p4, &mut tmp_out); + *p3 = tmp_out; + } + } + + let src_rem_pos = 4 * full_chunks; + let src_rem_len = buf.len() - src_rem_pos; + let dst_rem_pos = 3 * full_chunks; + let dst_rem_len = dlen - dst_rem_pos; + + err |= !(src_rem_len == 0 || src_rem_len >= 2) as i16; + let mut tmp_in = [b'A'; 4]; + tmp_in[..src_rem_len].copy_from_slice(&buf[src_rem_pos..]); + let mut tmp_out = [0u8; 3]; + + err |= Self::decode_3bytes(&tmp_in, &mut tmp_out); + + if err == 0 { + // SAFETY: `dst_rem_len` is always smaller than 4, so we don't + // read outside of `tmp_out`, write and the final slicing never go + // outside of `buf`. + #[allow(unsafe_code)] + unsafe { + debug_assert!(dst_rem_pos + dst_rem_len <= buf.len()); + debug_assert!(dst_rem_len <= tmp_out.len()); + debug_assert!(dlen <= buf.len()); + + core::ptr::copy_nonoverlapping( + tmp_out.as_ptr(), + buf.as_mut_ptr().add(dst_rem_pos), + dst_rem_len, + ); + Ok(buf.get_unchecked(..dlen)) + } + } else { + Err(InvalidEncodingError) + } + } + + #[cfg(feature = "alloc")] + fn decode_vec(input: &str) -> Result, Error> { + let mut output = vec![0u8; decoded_len(input.len())]; + let len = Self::decode(input, &mut output)?.len(); + + if len <= output.len() { + output.truncate(len); + Ok(output) + } else { + Err(Error::InvalidLength) + } + } + + fn encode<'a>(src: &[u8], dst: &'a mut [u8]) -> Result<&'a str, InvalidLengthError> { + let elen = match encoded_len_inner(src.len(), T::PADDED) { + Some(v) => v, + None => return Err(InvalidLengthError), + }; + + if elen > dst.len() { + return Err(InvalidLengthError); + } + + let dst = &mut dst[..elen]; + + let mut src_chunks = src.chunks_exact(3); + let mut dst_chunks = dst.chunks_exact_mut(4); + + for (s, d) in (&mut src_chunks).zip(&mut dst_chunks) { + Self::encode_3bytes(s, d); + } + + let src_rem = src_chunks.remainder(); + + if T::PADDED { + if let Some(dst_rem) = dst_chunks.next() { + let mut tmp = [0u8; 3]; + tmp[..src_rem.len()].copy_from_slice(src_rem); + Self::encode_3bytes(&tmp, dst_rem); + + let flag = src_rem.len() == 1; + let mask = (flag as u8).wrapping_sub(1); + dst_rem[2] = (dst_rem[2] & mask) | (PAD & !mask); + dst_rem[3] = PAD; + } + } else { + let dst_rem = dst_chunks.into_remainder(); + + let mut tmp_in = [0u8; 3]; + let mut tmp_out = [0u8; 4]; + tmp_in[..src_rem.len()].copy_from_slice(src_rem); + Self::encode_3bytes(&tmp_in, &mut tmp_out); + dst_rem.copy_from_slice(&tmp_out[..dst_rem.len()]); + } + + debug_assert!(str::from_utf8(dst).is_ok()); + + // SAFETY: values written by `encode_3bytes` are valid one-byte UTF-8 chars + #[allow(unsafe_code)] + Ok(unsafe { str::from_utf8_unchecked(dst) }) + } + + #[cfg(feature = "alloc")] + fn encode_string(input: &[u8]) -> String { + let elen = encoded_len_inner(input.len(), T::PADDED).expect("input is too big"); + let mut dst = vec![0u8; elen]; + let res = Self::encode(input, &mut dst).expect("encoding error"); + + debug_assert_eq!(elen, res.len()); + debug_assert!(str::from_utf8(&dst).is_ok()); + + // SAFETY: `dst` is fully written and contains only valid one-byte UTF-8 chars + #[allow(unsafe_code)] + unsafe { + String::from_utf8_unchecked(dst) + } + } + + fn encoded_len(bytes: &[u8]) -> usize { + encoded_len_inner(bytes.len(), T::PADDED).unwrap_or(0) + } +} + +/// Validate padding is of the expected length compute unpadded length. +/// +/// Note that this method does not explicitly check that the padded data +/// is valid in and of itself: that is performed by `validate_last_block` as a +/// final step. +/// +/// Returns length-related errors eagerly as a [`Result`], and data-dependent +/// errors (i.e. malformed padding bytes) as `i16` to be combined with other +/// encoding-related errors prior to branching. +#[inline(always)] +pub(crate) fn decode_padding(input: &[u8]) -> Result<(usize, i16), InvalidEncodingError> { + if input.len() % 4 != 0 { + return Err(InvalidEncodingError); + } + + let unpadded_len = match *input { + [.., b0, b1] => is_pad_ct(b0) + .checked_add(is_pad_ct(b1)) + .and_then(|len| len.try_into().ok()) + .and_then(|len| input.len().checked_sub(len)) + .ok_or(InvalidEncodingError)?, + _ => input.len(), + }; + + let padding_len = input + .len() + .checked_sub(unpadded_len) + .ok_or(InvalidEncodingError)?; + + let err = match *input { + [.., b0] if padding_len == 1 => is_pad_ct(b0) ^ 1, + [.., b0, b1] if padding_len == 2 => (is_pad_ct(b0) & is_pad_ct(b1)) ^ 1, + _ => { + if padding_len == 0 { + 0 + } else { + return Err(InvalidEncodingError); + } + } + }; + + Ok((unpadded_len, err)) +} + +/// Validate that the last block of the decoded data round-trips back to the +/// encoded data. +fn validate_last_block(encoded: &[u8], decoded: &[u8]) -> Result<(), Error> { + if encoded.is_empty() && decoded.is_empty() { + return Ok(()); + } + + // TODO(tarcieri): explicitly checked/wrapped arithmetic + #[allow(clippy::integer_arithmetic)] + fn last_block_start(bytes: &[u8], block_size: usize) -> usize { + (bytes.len().saturating_sub(1) / block_size) * block_size + } + + let enc_block = encoded + .get(last_block_start(encoded, 4)..) + .ok_or(Error::InvalidEncoding)?; + + let dec_block = decoded + .get(last_block_start(decoded, 3)..) + .ok_or(Error::InvalidEncoding)?; + + // Round-trip encode the decoded block + let mut buf = [0u8; 4]; + let block = T::encode(dec_block, &mut buf)?; + + // Non-short-circuiting comparison of padding + // TODO(tarcieri): better constant-time mechanisms (e.g. `subtle`)? + if block + .as_bytes() + .iter() + .zip(enc_block.iter()) + .fold(0, |acc, (a, b)| acc | (a ^ b)) + == 0 + { + Ok(()) + } else { + Err(Error::InvalidEncoding) + } +} + +/// Get the length of the output from decoding the provided *unpadded* +/// Base64-encoded input. +/// +/// Note that this function does not fully validate the Base64 is well-formed +/// and may return incorrect results for malformed Base64. +// TODO(tarcieri): explicitly checked/wrapped arithmetic +#[allow(clippy::integer_arithmetic)] +#[inline(always)] +pub(crate) fn decoded_len(input_len: usize) -> usize { + // overflow-proof computation of `(3*n)/4` + let k = input_len / 4; + let l = input_len - 4 * k; + 3 * k + (3 * l) / 4 +} + +/// Branchless match that a given byte is the `PAD` character +// TODO(tarcieri): explicitly checked/wrapped arithmetic +#[allow(clippy::integer_arithmetic)] +#[inline(always)] +fn is_pad_ct(input: u8) -> i16 { + ((((PAD as i16 - 1) - input as i16) & (input as i16 - (PAD as i16 + 1))) >> 8) & 1 +} + +// TODO(tarcieri): explicitly checked/wrapped arithmetic +#[allow(clippy::integer_arithmetic)] +#[inline(always)] +const fn encoded_len_inner(n: usize, padded: bool) -> Option { + match n.checked_mul(4) { + Some(q) => { + if padded { + Some(((q / 3) + 3) & !3) + } else { + Some((q / 3) + (q % 3 != 0) as usize) + } + } + None => None, + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/errors.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/errors.rs new file mode 100644 index 000000000000..de08e6981015 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/errors.rs @@ -0,0 +1,84 @@ +//! Error types + +use core::fmt; + +const INVALID_ENCODING_MSG: &str = "invalid Base64 encoding"; +const INVALID_LENGTH_MSG: &str = "invalid Base64 length"; + +/// Insufficient output buffer length. +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct InvalidLengthError; + +impl fmt::Display for InvalidLengthError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { + f.write_str(INVALID_LENGTH_MSG) + } +} + +#[cfg(feature = "std")] +impl std::error::Error for InvalidLengthError {} + +/// Invalid encoding of provided Base64 string. +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct InvalidEncodingError; + +impl fmt::Display for InvalidEncodingError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { + f.write_str(INVALID_ENCODING_MSG) + } +} + +#[cfg(feature = "std")] +impl std::error::Error for InvalidEncodingError {} + +/// Generic error, union of [`InvalidLengthError`] and [`InvalidEncodingError`]. +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub enum Error { + /// Invalid encoding of provided Base64 string. + InvalidEncoding, + + /// Insufficient output buffer length. + InvalidLength, +} + +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { + let s = match self { + Self::InvalidEncoding => INVALID_ENCODING_MSG, + Self::InvalidLength => INVALID_LENGTH_MSG, + }; + f.write_str(s) + } +} + +impl From for Error { + #[inline] + fn from(_: InvalidEncodingError) -> Error { + Error::InvalidEncoding + } +} + +impl From for Error { + #[inline] + fn from(_: InvalidLengthError) -> Error { + Error::InvalidLength + } +} + +impl From for Error { + #[inline] + fn from(_: core::str::Utf8Error) -> Error { + Error::InvalidEncoding + } +} + +#[cfg(feature = "std")] +impl From for std::io::Error { + fn from(err: Error) -> std::io::Error { + // TODO(tarcieri): better customize `ErrorKind`? + std::io::Error::new(std::io::ErrorKind::InvalidData, err) + } +} + +#[cfg(feature = "std")] +impl std::error::Error for Error {} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/lib.rs new file mode 100644 index 000000000000..f1094f9f15a6 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/lib.rs @@ -0,0 +1,105 @@ +#![no_std] +#![cfg_attr(docsrs, feature(doc_auto_cfg))] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![doc = include_str!("../README.md")] +#![warn( + clippy::integer_arithmetic, + clippy::mod_module_files, + clippy::panic, + clippy::panic_in_result_fn, + clippy::unwrap_used, + missing_docs, + rust_2018_idioms, + unsafe_code, + unused_lifetimes, + unused_qualifications +)] + +//! # Usage +//! +//! ## Allocating (enable `alloc` crate feature) +//! +//! ``` +//! # #[cfg(feature = "alloc")] +//! # { +//! use base64ct::{Base64, Encoding}; +//! +//! let bytes = b"example bytestring!"; +//! let encoded = Base64::encode_string(bytes); +//! assert_eq!(encoded, "ZXhhbXBsZSBieXRlc3RyaW5nIQ=="); +//! +//! let decoded = Base64::decode_vec(&encoded).unwrap(); +//! assert_eq!(decoded, bytes); +//! # } +//! ``` +//! +//! ## Heapless `no_std` usage +//! +//! ``` +//! use base64ct::{Base64, Encoding}; +//! +//! const BUF_SIZE: usize = 128; +//! +//! let bytes = b"example bytestring!"; +//! assert!(Base64::encoded_len(bytes) <= BUF_SIZE); +//! +//! let mut enc_buf = [0u8; BUF_SIZE]; +//! let encoded = Base64::encode(bytes, &mut enc_buf).unwrap(); +//! assert_eq!(encoded, "ZXhhbXBsZSBieXRlc3RyaW5nIQ=="); +//! +//! let mut dec_buf = [0u8; BUF_SIZE]; +//! let decoded = Base64::decode(encoded, &mut dec_buf).unwrap(); +//! assert_eq!(decoded, bytes); +//! ``` +//! +//! # Implementation +//! +//! Implemented using integer arithmetic alone without any lookup tables or +//! data-dependent branches, thereby providing portable "best effort" +//! constant-time operation. +//! +//! Not constant-time with respect to message length (only data). +//! +//! Adapted from the following constant-time C++ implementation of Base64: +//! +//! +//! +//! Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com). +//! Derived code is dual licensed MIT + Apache 2 (with permission from Sc00bz). + +#[cfg(feature = "alloc")] +#[macro_use] +extern crate alloc; +#[cfg(feature = "std")] +extern crate std; + +mod alphabet; +mod decoder; +mod encoder; +mod encoding; +mod errors; +mod line_ending; + +#[cfg(test)] +mod test_vectors; + +pub use crate::{ + alphabet::{ + bcrypt::Base64Bcrypt, + crypt::Base64Crypt, + shacrypt::Base64ShaCrypt, + standard::{Base64, Base64Unpadded}, + url::{Base64Url, Base64UrlUnpadded}, + }, + decoder::Decoder, + encoder::Encoder, + encoding::Encoding, + errors::{Error, InvalidEncodingError, InvalidLengthError}, + line_ending::LineEnding, +}; + +/// Minimum supported line width. +const MIN_LINE_WIDTH: usize = 4; diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/line_ending.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/line_ending.rs new file mode 100644 index 000000000000..dfb168eab82f --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/line_ending.rs @@ -0,0 +1,53 @@ +//! Line endings. + +/// Carriage return +pub(crate) const CHAR_CR: u8 = 0x0d; + +/// Line feed +pub(crate) const CHAR_LF: u8 = 0x0a; + +/// Line endings: variants of newline characters that can be used with Base64. +/// +/// Use [`LineEnding::default`] to get an appropriate line ending for the +/// current operating system. +#[allow(clippy::upper_case_acronyms)] +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub enum LineEnding { + /// Carriage return: `\r` (Pre-OS X Macintosh) + CR, + + /// Line feed: `\n` (Unix OSes) + LF, + + /// Carriage return + line feed: `\r\n` (Windows) + CRLF, +} + +impl Default for LineEnding { + // Default line ending matches conventions for target OS + #[cfg(windows)] + fn default() -> LineEnding { + LineEnding::CRLF + } + #[cfg(not(windows))] + fn default() -> LineEnding { + LineEnding::LF + } +} + +#[allow(clippy::len_without_is_empty)] +impl LineEnding { + /// Get the byte serialization of this [`LineEnding`]. + pub fn as_bytes(self) -> &'static [u8] { + match self { + LineEnding::CR => &[CHAR_CR], + LineEnding::LF => &[CHAR_LF], + LineEnding::CRLF => &[CHAR_CR, CHAR_LF], + } + } + + /// Get the encoded length of this [`LineEnding`]. + pub fn len(self) -> usize { + self.as_bytes().len() + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/test_vectors.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/test_vectors.rs new file mode 100644 index 000000000000..61f49581eddb --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/src/test_vectors.rs @@ -0,0 +1,70 @@ +//! Base64 test vectors. + +/// Padded Base64-encoded example +pub(crate) const PADDED_BASE64: &str = + "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHwf2HMM5TRXvo2SQJjsNkiDD5KqiiNjrGVv3UUh+mMT5RHxiRtOnlqvjhQtBq0VpmpCV/PwUdhOig4vkbqAcEc="; +pub(crate) const PADDED_BIN: &[u8] = &[ + 0, 0, 0, 19, 101, 99, 100, 115, 97, 45, 115, 104, 97, 50, 45, 110, 105, 115, 116, 112, 50, 53, + 54, 0, 0, 0, 8, 110, 105, 115, 116, 112, 50, 53, 54, 0, 0, 0, 65, 4, 124, 31, 216, 115, 12, + 229, 52, 87, 190, 141, 146, 64, 152, 236, 54, 72, 131, 15, 146, 170, 138, 35, 99, 172, 101, + 111, 221, 69, 33, 250, 99, 19, 229, 17, 241, 137, 27, 78, 158, 90, 175, 142, 20, 45, 6, 173, + 21, 166, 106, 66, 87, 243, 240, 81, 216, 78, 138, 14, 47, 145, 186, 128, 112, 71, +]; + +/// Unpadded Base64-encoded example +pub(crate) const UNPADDED_BASE64: &str = + "AAAAC3NzaC1lZDI1NTE5AAAAILM+rvN+ot98qgEN796jTiQfZfG1KaT0PtFDJ/XFSqti"; +pub(crate) const UNPADDED_BIN: &[u8] = &[ + 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 32, 179, 62, 174, 243, + 126, 162, 223, 124, 170, 1, 13, 239, 222, 163, 78, 36, 31, 101, 241, 181, 41, 164, 244, 62, + 209, 67, 39, 245, 197, 74, 171, 98, +]; + +/// Padded multi-line Base64 example (from the `ssh-key` crate's `id_ed25519`) +pub(crate) const MULTILINE_PADDED_BASE64: &str = + "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\n\ + QyNTUxOQAAACCzPq7zfqLffKoBDe/eo04kH2XxtSmk9D7RQyf1xUqrYgAAAJgAIAxdACAM\n\ + XQAAAAtzc2gtZWQyNTUxOQAAACCzPq7zfqLffKoBDe/eo04kH2XxtSmk9D7RQyf1xUqrYg\n\ + AAAEC2BsIi0QwW2uFscKTUUXNHLsYX4FxlaSDSblbAj7WR7bM+rvN+ot98qgEN796jTiQf\n\ + ZfG1KaT0PtFDJ/XFSqtiAAAAEHVzZXJAZXhhbXBsZS5jb20BAgMEBQ=="; +pub(crate) const MULTILINE_PADDED_BIN: &[u8] = &[ + 111, 112, 101, 110, 115, 115, 104, 45, 107, 101, 121, 45, 118, 49, 0, 0, 0, 0, 4, 110, 111, + 110, 101, 0, 0, 0, 4, 110, 111, 110, 101, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 51, 0, 0, 0, 11, + 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 32, 179, 62, 174, 243, 126, 162, 223, + 124, 170, 1, 13, 239, 222, 163, 78, 36, 31, 101, 241, 181, 41, 164, 244, 62, 209, 67, 39, 245, + 197, 74, 171, 98, 0, 0, 0, 152, 0, 32, 12, 93, 0, 32, 12, 93, 0, 0, 0, 11, 115, 115, 104, 45, + 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 32, 179, 62, 174, 243, 126, 162, 223, 124, 170, 1, 13, + 239, 222, 163, 78, 36, 31, 101, 241, 181, 41, 164, 244, 62, 209, 67, 39, 245, 197, 74, 171, 98, + 0, 0, 0, 64, 182, 6, 194, 34, 209, 12, 22, 218, 225, 108, 112, 164, 212, 81, 115, 71, 46, 198, + 23, 224, 92, 101, 105, 32, 210, 110, 86, 192, 143, 181, 145, 237, 179, 62, 174, 243, 126, 162, + 223, 124, 170, 1, 13, 239, 222, 163, 78, 36, 31, 101, 241, 181, 41, 164, 244, 62, 209, 67, 39, + 245, 197, 74, 171, 98, 0, 0, 0, 16, 117, 115, 101, 114, 64, 101, 120, 97, 109, 112, 108, 101, + 46, 99, 111, 109, 1, 2, 3, 4, 5, +]; + +/// Unpadded multi-line Base64 example (from the `ssh-key` crate's `id_ecdsa_p256`). +pub(crate) const MULTILINE_UNPADDED_BASE64: &str = + "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n\ + 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQR8H9hzDOU0V76NkkCY7DZIgw+Sqooj\n\ + Y6xlb91FIfpjE+UR8YkbTp5ar44ULQatFaZqQlfz8FHYTooOL5G6gHBHAAAAsB8RBhUfEQ\n\ + YVAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHwf2HMM5TRXvo2S\n\ + QJjsNkiDD5KqiiNjrGVv3UUh+mMT5RHxiRtOnlqvjhQtBq0VpmpCV/PwUdhOig4vkbqAcE\n\ + cAAAAhAMp4pkd0v643EjIkk38DmJYBiXB6ygqGRc60NZxCO6B5AAAAEHVzZXJAZXhhbXBs\n\ + ZS5jb20BAgMEBQYH"; +pub(crate) const MULTILINE_UNPADDED_BIN: &[u8] = &[ + 111, 112, 101, 110, 115, 115, 104, 45, 107, 101, 121, 45, 118, 49, 0, 0, 0, 0, 4, 110, 111, + 110, 101, 0, 0, 0, 4, 110, 111, 110, 101, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 104, 0, 0, 0, 19, + 101, 99, 100, 115, 97, 45, 115, 104, 97, 50, 45, 110, 105, 115, 116, 112, 50, 53, 54, 0, 0, 0, + 8, 110, 105, 115, 116, 112, 50, 53, 54, 0, 0, 0, 65, 4, 124, 31, 216, 115, 12, 229, 52, 87, + 190, 141, 146, 64, 152, 236, 54, 72, 131, 15, 146, 170, 138, 35, 99, 172, 101, 111, 221, 69, + 33, 250, 99, 19, 229, 17, 241, 137, 27, 78, 158, 90, 175, 142, 20, 45, 6, 173, 21, 166, 106, + 66, 87, 243, 240, 81, 216, 78, 138, 14, 47, 145, 186, 128, 112, 71, 0, 0, 0, 176, 31, 17, 6, + 21, 31, 17, 6, 21, 0, 0, 0, 19, 101, 99, 100, 115, 97, 45, 115, 104, 97, 50, 45, 110, 105, 115, + 116, 112, 50, 53, 54, 0, 0, 0, 8, 110, 105, 115, 116, 112, 50, 53, 54, 0, 0, 0, 65, 4, 124, 31, + 216, 115, 12, 229, 52, 87, 190, 141, 146, 64, 152, 236, 54, 72, 131, 15, 146, 170, 138, 35, 99, + 172, 101, 111, 221, 69, 33, 250, 99, 19, 229, 17, 241, 137, 27, 78, 158, 90, 175, 142, 20, 45, + 6, 173, 21, 166, 106, 66, 87, 243, 240, 81, 216, 78, 138, 14, 47, 145, 186, 128, 112, 71, 0, 0, + 0, 33, 0, 202, 120, 166, 71, 116, 191, 174, 55, 18, 50, 36, 147, 127, 3, 152, 150, 1, 137, 112, + 122, 202, 10, 134, 69, 206, 180, 53, 156, 66, 59, 160, 121, 0, 0, 0, 16, 117, 115, 101, 114, + 64, 101, 120, 97, 109, 112, 108, 101, 46, 99, 111, 109, 1, 2, 3, 4, 5, 6, 7, +]; diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/bcrypt.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/bcrypt.rs new file mode 100644 index 000000000000..4ecbfa74d4b3 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/bcrypt.rs @@ -0,0 +1,68 @@ +//! bcrypt Base64 tests + +#[macro_use] +mod common; + +use crate::common::*; +use base64ct::Base64Bcrypt; + +const TEST_VECTORS: &[TestVector] = &[ + TestVector { raw: b"", b64: "" }, + TestVector { + raw: b"\0", + b64: "..", + }, + TestVector { + raw: b"***", + b64: "Igmo", + }, + TestVector { + raw: b"\x01\x02\x03\x04", + b64: ".OGB/.", + }, + TestVector { + raw: b"\xAD\xAD\xAD\xAD\xAD", + b64: "pY0rpYy", + }, + TestVector { + raw: b"\xFF\xEF\xFE\xFF\xEF\xFE", + b64: "98989898", + }, + TestVector { + raw: b"\xFF\xFF\xFF\xFF\xFF", + b64: "9999996", + }, + TestVector { + raw: b"\x40\xC1\x3F\xBD\x05\x4C\x72\x2A\xA3\xC2\xF2\x11\x73\xC0\x69\xEA\ + \x49\x7D\x35\x29\x6B\xCC\x24\x65\xF6\xF9\xD0\x41\x08\x7B\xD7\xA9", + b64: "OKC9tOTKagohutGPa6/n4ij7LQjpxAPj7tlOOOf5z4i", + }, + TestVector { + raw: b"\x00\x10\x83\x10Q\x87 \x92\x8B0\xD3\x8FA\x14\x93QU\x97a\x96\x9Bq\ + \xD7\x9F\x82\x18\xA3\x92Y\xA7\xA2\x9A\xAB\xB2\xDB\xAF\xC3\x1C\xB3\ + \xFB\xF0\x00", + b64: "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx89..", + }, +]; + +impl_tests!(Base64Bcrypt); + +#[test] +fn reject_trailing_whitespace() { + let input = "OKC9tOTKagohutGPa6/n4ij7LQjpxAPj7tlOOOf5z4i\n"; + let mut buf = [0u8; 1024]; + assert_eq!( + Base64Bcrypt::decode(input, &mut buf), + Err(Error::InvalidEncoding) + ); +} + +#[test] +fn unpadded_reject_trailing_equals() { + let input = "OKC9tOTKagohutGPa6/n4ij7LQjpxAPj7tlOOOf5z4i="; + let mut buf = [0u8; 1024]; + assert_eq!( + Base64Bcrypt::decode(input, &mut buf), + Err(Error::InvalidEncoding) + ); +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/common/mod.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/common/mod.rs new file mode 100644 index 000000000000..3910b33b9759 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/common/mod.rs @@ -0,0 +1,80 @@ +//! Common testing functionality + +/// Base64 test vector +pub struct TestVector { + pub raw: &'static [u8], + pub b64: &'static str, +} + +/// Generate test suite for a particular Base64 flavor +#[macro_export] +macro_rules! impl_tests { + ($encoding:ty) => { + use base64ct::{Encoding, Error}; + + #[test] + fn encode_test_vectors() { + let mut buf = [0u8; 1024]; + + for vector in TEST_VECTORS { + let out = <$encoding>::encode(vector.raw, &mut buf).unwrap(); + assert_eq!(<$encoding>::encoded_len(vector.raw), vector.b64.len()); + assert_eq!(vector.b64, &out[..]); + + #[cfg(feature = "alloc")] + { + let out = <$encoding>::encode_string(vector.raw); + assert_eq!(vector.b64, &out[..]); + } + } + } + + #[test] + fn decode_test_vectors() { + let mut buf = [0u8; 1024]; + + for vector in TEST_VECTORS { + let out = <$encoding>::decode(vector.b64, &mut buf).unwrap(); + assert_eq!(vector.raw, &out[..]); + + let n = vector.b64.len(); + buf[..n].copy_from_slice(vector.b64.as_bytes()); + let out = <$encoding>::decode_in_place(&mut buf[..n]).unwrap(); + assert_eq!(vector.raw, out); + + #[cfg(feature = "alloc")] + { + let out = <$encoding>::decode_vec(vector.b64).unwrap(); + assert_eq!(vector.raw, &out[..]); + } + } + } + + #[test] + fn encode_and_decode_various_lengths() { + let data = [b'X'; 64]; + let mut inbuf = [0u8; 1024]; + let mut outbuf = [0u8; 1024]; + + for i in 0..data.len() { + let encoded = <$encoding>::encode(&data[..i], &mut inbuf).unwrap(); + + // Make sure it round trips + let decoded = <$encoding>::decode(encoded, &mut outbuf).unwrap(); + assert_eq!(decoded, &data[..i]); + + let elen = <$encoding>::encode(&data[..i], &mut inbuf).unwrap().len(); + let buf = &mut inbuf[..elen]; + let decoded = <$encoding>::decode_in_place(buf).unwrap(); + assert_eq!(decoded, &data[..i]); + + #[cfg(feature = "alloc")] + { + let encoded = <$encoding>::encode_string(&data[..i]); + let decoded = <$encoding>::decode_vec(&encoded).unwrap(); + assert_eq!(decoded, &data[..i]); + } + } + } + }; +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/crypt.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/crypt.rs new file mode 100644 index 000000000000..cc285f9bd607 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/crypt.rs @@ -0,0 +1,68 @@ +//! `crypt(3)` Base64 tests + +#[macro_use] +mod common; + +use crate::common::*; +use base64ct::Base64Crypt; + +const TEST_VECTORS: &[TestVector] = &[ + TestVector { raw: b"", b64: "" }, + TestVector { + raw: b"\0", + b64: "..", + }, + TestVector { + raw: b"***", + b64: "8Wce", + }, + TestVector { + raw: b"\x01\x02\x03\x04", + b64: ".E61/.", + }, + TestVector { + raw: b"\xAD\xAD\xAD\xAD\xAD", + b64: "fOqhfOo", + }, + TestVector { + raw: b"\xFF\xEF\xFE\xFF\xEF\xFE", + b64: "zyzyzyzy", + }, + TestVector { + raw: b"\xFF\xFF\xFF\xFF\xFF", + b64: "zzzzzzw", + }, + TestVector { + raw: b"\x40\xC1\x3F\xBD\x05\x4C\x72\x2A\xA3\xC2\xF2\x11\x73\xC0\x69\xEA\ + \x49\x7D\x35\x29\x6B\xCC\x24\x65\xF6\xF9\xD0\x41\x08\x7B\xD7\xA9", + b64: "EA2zjEJAQWeXkj6FQw/duYZxBGZfn0FZxjbEEEVvpuY", + }, + TestVector { + raw: b"\x00\x10\x83\x10Q\x87 \x92\x8B0\xD3\x8FA\x14\x93QU\x97a\x96\x9Bq\ + \xD7\x9F\x82\x18\xA3\x92Y\xA7\xA2\x9A\xAB\xB2\xDB\xAF\xC3\x1C\xB3\ + \xFB\xF0\x00", + b64: "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnyz..", + }, +]; + +impl_tests!(Base64Crypt); + +#[test] +fn reject_trailing_whitespace() { + let input = "OKC9tOTKagohutGPa6/n4ij7LQjpxAPj7tlOOOf5z4i\n"; + let mut buf = [0u8; 1024]; + assert_eq!( + Base64Crypt::decode(input, &mut buf), + Err(Error::InvalidEncoding) + ); +} + +#[test] +fn unpadded_reject_trailing_equals() { + let input = "OKC9tOTKagohutGPa6/n4ij7LQjpxAPj7tlOOOf5z4i="; + let mut buf = [0u8; 1024]; + assert_eq!( + Base64Crypt::decode(input, &mut buf), + Err(Error::InvalidEncoding) + ); +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/proptests.proptest-regressions b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/proptests.proptest-regressions new file mode 100644 index 000000000000..473fcecd2a7b --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/proptests.proptest-regressions @@ -0,0 +1,10 @@ +# Seeds for failure cases proptest has generated in the past. It is +# automatically read and these particular cases re-run before any +# novel cases are generated. +# +# It is recommended to check this file in to source control so that +# everyone who runs the test benefits from these saved cases. +cc ea4af6a6a3c5feddd17be51d3bb3d863881547acf50b553e76da3f34f8b755d4 # shrinks to base64ish = "" +cc 348d4acf2c3d1e8db3772f5645179e24b50178747469da9709e60800175eef80 # shrinks to bytes = [240, 144, 128, 128, 240, 144, 128, 128, 32, 32, 32, 194, 161, 48, 97, 97, 65, 194, 161, 32, 97, 194, 161, 32, 240, 144, 128, 128, 194, 161, 48, 32, 97, 194, 161, 240, 144, 128, 128, 32, 224, 160, 128, 97, 224, 160, 128, 48, 48, 194, 161, 32, 240, 144, 128, 128, 11, 65, 97, 48, 65, 65, 97, 11, 240, 144, 128, 128, 240, 144, 128, 128, 48, 224, 160, 128, 194, 161, 32, 32, 194, 161, 32, 48, 97, 240, 144, 128, 128, 224, 160, 128, 240, 144, 128, 128, 0, 224, 160, 128, 32, 240, 144, 128, 128, 0, 32, 32, 97, 240, 144, 128, 128, 240, 144, 128, 128, 240, 144, 128, 128, 240, 144, 128, 128, 0, 0, 240, 144, 128, 128, 32, 240, 144, 128, 128, 32, 48, 65, 11, 32, 65, 48, 48, 65, 65, 194, 161, 32, 224, 160, 128, 240, 144, 128, 128, 224, 160, 128, 0, 65, 0, 65, 32, 194, 161, 240, 144, 128, 128, 32, 65, 32, 0, 97, 32, 97, 11, 11, 48, 97, 97, 240, 144, 128, 128, 65, 240, 144, 128, 128, 194, 161], line_width = 10, chunk_size = 163 +cc 0c0ee7f6a60d24431333f5c39c506b818a6c21022e39288619c8f78f29d30b1c # shrinks to bytes = [240, 144, 128, 128, 194, 161, 194, 161, 240, 144, 128, 128, 194, 161, 240, 144, 128, 128, 65, 224, 160, 128, 97, 224, 160, 128, 32, 97, 32, 65, 224, 160, 128, 0, 97, 0, 240, 144, 128, 128, 97, 194, 161, 32, 240, 144, 128, 128, 11, 48, 32, 65, 32, 240, 144, 128, 128, 97, 194, 161, 48, 48, 240, 144, 128, 128, 194, 161, 194, 161, 32, 194, 161, 48, 0, 32, 48, 224, 160, 128, 65, 240, 144, 128, 128, 11, 65, 11, 240, 144, 128, 128, 32, 32, 194, 161, 240, 144, 128, 128, 224, 160, 128, 240, 144, 128, 128, 194, 161, 224, 160, 128, 65, 32, 240, 144, 128, 128, 32, 240, 144, 128, 128, 48, 240, 144, 128, 128, 0, 48, 240, 144, 128, 128, 48, 65, 65, 11, 0, 65, 240, 144, 128, 128, 240, 144, 128, 128, 32, 65, 240, 144, 128, 128, 112, 75, 46, 232, 143, 132, 240, 159, 149, 180, 101, 92, 11, 42, 98, 244, 142, 150, 136, 83, 13, 243, 189, 168, 131, 194, 154, 9, 243, 129, 165, 130, 241, 138, 188, 150, 39, 241, 170, 133, 154, 39, 61, 244, 136, 146, 157, 46, 91, 108, 34, 66, 0, 239, 187, 191, 34, 240, 158, 187, 152, 241, 187, 172, 188, 46, 239, 191, 189, 244, 143, 139, 131, 13, 13, 226, 128, 174, 60, 200, 186, 194, 151, 27, 105, 43, 226, 128, 174, 70, 0, 38, 127, 194, 133, 195, 177, 123, 127, 121, 241, 128, 141, 141, 244, 137, 146, 189, 55, 54, 9, 240, 159, 149, 180, 2, 209, 168, 239, 187, 191, 11, 34, 123, 32, 42, 242, 171, 149, 149, 102, 241, 174, 190, 188, 242, 144, 186, 145, 1, 84, 34, 56, 7, 0, 194, 188, 43, 117, 48, 96, 11, 60, 242, 190, 170, 187, 47, 99, 37, 241, 175, 142, 186, 240, 178, 162, 136, 46, 2, 241, 176, 162, 162, 37, 242, 148, 135, 179, 11, 36, 104, 244, 130, 136, 177], line_width = 24, chunk_size = 240 +cc b6d81102accbff17f00786b06c6040fc59fee8aa087033c9b5604d2a3f246afd # shrinks to bytes = [32, 65, 11, 97, 97, 32, 240, 144, 128, 128, 97, 32, 65, 0, 0, 32, 240, 144, 128, 128, 97, 65, 97, 97, 240, 144, 128, 128, 240, 144, 128, 128, 65, 48, 240, 144, 128, 128, 240, 144, 128, 128, 32, 0, 97, 97, 240, 144, 128, 128, 65, 32, 194, 161, 65, 0, 32, 11, 97, 32, 32, 11, 32, 240, 144, 128, 128, 240, 144, 128, 128, 194, 128, 32, 48, 65, 32, 240, 144, 128, 128, 240, 144, 128, 128, 240, 144, 128, 128, 194, 161, 32, 194, 161, 48, 224, 160, 128, 240, 144, 128, 128, 97, 32, 0, 48, 240, 144, 128, 128, 0, 11, 240, 144, 128, 128, 97, 240, 144, 128, 128, 11, 32, 0, 32, 0, 194, 161, 194, 161, 56, 242, 150, 180, 168, 243, 187, 153, 181, 46, 36, 121, 70, 8, 226, 128, 174, 242, 135, 172, 189, 0, 194, 169, 244, 130, 145, 146, 240, 159, 149, 180, 63, 240, 184, 155, 139, 27, 243, 185, 138, 139, 194, 162, 46, 242, 148, 129, 171, 195, 143, 56, 241, 147, 151, 173, 240, 159, 149, 180, 33, 89, 36, 37, 240, 159, 149, 180, 200, 186, 117, 194, 165, 77, 241, 171, 180, 143, 60, 96, 242, 175, 134, 177, 27, 1, 42, 242, 145, 189, 151, 92, 39, 96, 38, 243, 181, 148, 171, 243, 164, 185, 188, 47, 195, 181, 0, 226, 128, 174, 13, 233, 136, 141, 57, 200, 186, 243, 129, 145, 159, 242, 137, 177, 176, 122, 61, 243, 140, 180, 151, 239, 191, 189, 80, 194, 144, 121, 42, 239, 191, 189, 231, 173, 145, 75, 91, 0, 123, 238, 154, 139, 58, 240, 179, 187, 172, 107, 13, 13, 123, 241, 152, 132, 160, 242, 130, 149, 190, 92, 239, 187, 191, 117, 241, 182, 130, 165, 241, 165, 155, 168, 39, 60, 0, 0, 13, 200, 186, 83, 37, 243, 174, 183, 166, 11, 0, 237, 134, 157, 39, 58, 113, 44, 243, 135, 142, 174, 9, 9, 195, 184, 74, 241, 146, 132, 133, 34, 58, 92, 123, 239, 187, 191, 37, 58, 239, 187, 191, 77, 9, 243, 183, 143, 189, 243, 159, 143, 171, 243, 162, 128, 179, 241, 137, 158, 163, 127, 60, 195, 159, 106, 47, 242, 135, 154, 161, 51, 243, 160, 136, 149, 91, 241, 175, 181, 149, 96, 58, 46, 11, 37, 107, 32, 52, 237, 136, 144, 77, 194, 156, 42, 13, 39, 61, 2, 59, 48, 58, 240, 159, 149, 180, 4, 96, 127, 230, 166, 145, 58, 239, 187, 191, 242, 135, 132, 146, 241, 178, 129, 185, 36], line_width = 118, chunk_size = 147 diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/proptests.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/proptests.rs new file mode 100644 index 000000000000..4d5e1890a466 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/proptests.rs @@ -0,0 +1,152 @@ +//! Equivalence tests between `base64` crate and `base64ct`. + +#![cfg(feature = "std")] +// TODO(tarcieri): fix `base64` crate deprecations +// warning: use of deprecated function `base64::encode`: Use Engine::encode +#![allow(deprecated)] + +use base64ct::{Base64 as Base64ct, Encoding}; +use proptest::{prelude::*, string::*}; +use std::iter; + +/// Incremental Base64 decoder. +type Decoder<'a> = base64ct::Decoder<'a, Base64ct>; + +/// Incremental Base64 encoder. +type Encoder<'a> = base64ct::Encoder<'a, Base64ct>; + +proptest! { + /// Ensure `base64ct` decodes data encoded by `base64` ref crate + #[test] + fn decode_equiv(bytes in bytes_regex(".{0,256}").unwrap()) { + let encoded = base64::encode(&bytes); + let decoded = Base64ct::decode_vec(&encoded); + prop_assert_eq!(Ok(bytes), decoded); + } + + /// Ensure that `base64ct`'s incremental decoder is able to decode randomly + /// generated inputs encoded by the `base64` ref crate + #[test] + fn decode_incremental(bytes in bytes_regex(".{1,256}").unwrap(), chunk_size in 1..256usize) { + let encoded = base64::encode(&bytes); + let chunk_size = match chunk_size % bytes.len() { + 0 => 1, + n => n + }; + + let mut buffer = [0u8; 384]; + let mut decoder = Decoder::new(encoded.as_bytes()).unwrap(); + let mut remaining_len = decoder.remaining_len(); + + for chunk in bytes.chunks(chunk_size) { + prop_assert!(!decoder.is_finished()); + + let decoded = decoder.decode(&mut buffer[..chunk.len()]); + prop_assert_eq!(Ok(chunk), decoded); + + remaining_len -= decoded.unwrap().len(); + prop_assert_eq!(remaining_len, decoder.remaining_len()); + } + + prop_assert!(decoder.is_finished()); + prop_assert_eq!(decoder.remaining_len(), 0); + } + + #[test] + fn decode_incremental_wrapped( + bytes in bytes_regex(".{1,256}").unwrap(), + line_width in 4..128usize, + chunk_size in 1..256usize + ) { + for line_ending in ["\r", "\n", "\r\n"] { + let encoded = base64::encode(&bytes); + + let mut encoded_wrapped = Vec::new(); + let mut lines = encoded.as_bytes().chunks_exact(line_width); + + for line in &mut lines { + encoded_wrapped.extend_from_slice(line); + encoded_wrapped.extend_from_slice(line_ending.as_bytes()); + } + + let last = lines.remainder(); + + if last.is_empty() { + encoded_wrapped.truncate(encoded_wrapped.len() - line_ending.len()); + } else { + encoded_wrapped.extend_from_slice(last); + } + + let chunk_size = match chunk_size % bytes.len() { + 0 => 1, + n => n + }; + + let mut buffer = [0u8; 384]; + let mut decoder = Decoder::new_wrapped(&encoded_wrapped, line_width).unwrap(); + let mut remaining_len = decoder.remaining_len(); + + for chunk in bytes.chunks(chunk_size) { + prop_assert!(!decoder.is_finished()); + + let decoded = decoder.decode(&mut buffer[..chunk.len()]); + prop_assert_eq!(Ok(chunk), decoded); + + remaining_len -= decoded.unwrap().len(); + prop_assert_eq!(remaining_len, decoder.remaining_len()); + } + + prop_assert!(decoder.is_finished()); + prop_assert_eq!(decoder.remaining_len(), 0); + } + } + + /// Ensure `base64ct` and `base64` ref crate decode randomly generated + /// inputs equivalently. + /// + /// Inputs are selected to be valid characters in the standard Base64 + /// padded alphabet, but are not necessarily valid Base64. + #[test] + fn decode_random(base64ish in string_regex("[A-Za-z0-9+/]{0,256}").unwrap()) { + let base64ish_padded = match base64ish.len() % 4 { + 0 => base64ish, + n => { + let padding_len = 4 - n; + base64ish + &iter::repeat("=").take(padding_len).collect::() + } + }; + + let decoded_ct = Base64ct::decode_vec(&base64ish_padded).ok(); + let decoded_ref = base64::decode(&base64ish_padded).ok(); + prop_assert_eq!(decoded_ct, decoded_ref); + } + + /// Ensure `base64ct` and the `base64` ref crate encode randomly generated + /// inputs equivalently. + #[test] + fn encode_equiv(bytes in bytes_regex(".{0,256}").unwrap()) { + let encoded_ct = Base64ct::encode_string(&bytes); + let encoded_ref = base64::encode(&bytes); + prop_assert_eq!(encoded_ct, encoded_ref); + } + + /// Ensure that `base64ct`'s incremental encoder is able to encode randomly + /// generated inputs which match what's encoded by the `base64` ref crate + #[test] + fn encode_incremental(bytes in bytes_regex(".{1,256}").unwrap(), chunk_size in 1..256usize) { + let expected = base64::encode(&bytes); + let chunk_size = match chunk_size % bytes.len() { + 0 => 1, + n => n + }; + + let mut buffer = [0u8; 1024]; + let mut encoder = Encoder::new(&mut buffer).unwrap(); + + for chunk in bytes.chunks(chunk_size) { + encoder.encode(chunk).unwrap(); + } + + prop_assert_eq!(expected, encoder.finish().unwrap()); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/shacrypt.rs b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/shacrypt.rs new file mode 100644 index 000000000000..a69f7c7d14dc --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/base64ct-1.6.0/tests/shacrypt.rs @@ -0,0 +1,98 @@ +//! `crypt(3)` Base64 tests + +#[macro_use] +mod common; + +use crate::common::*; +use base64ct::Base64ShaCrypt; + +const TEST_VECTORS: &[TestVector] = &[ + TestVector { raw: b"", b64: "" }, + TestVector { + raw: b"\x55", + b64: "J/", + }, + TestVector { + raw: b"\x55\xaa", + b64: "Jd8", + }, + TestVector { + raw: b"\x55\xaa\x55", + b64: "JdOJ", + }, + TestVector { + raw: b"\x55\xaa\x55\xaa", + b64: "JdOJe0", + }, + TestVector { + raw: b"\x55\xaa\x55\xaa\x55", + b64: "JdOJeK3", + }, + TestVector { + raw: b"\x55\xaa\x55\xaa\x55\xaa", + b64: "JdOJeKZe", + }, + TestVector { + raw: b"\x55\xaa\x55\xaf", + b64: "JdOJj0", + }, + TestVector { + raw: b"\x55\xaa\x55\xaa\x5f", + b64: "JdOJey3", + }, + TestVector { + raw: b"\0", + b64: "..", + }, + TestVector { + raw: b"***", + b64: "ecW8", + }, + TestVector { + raw: b"\x01\x02\x03\x04", + b64: "/6k.2.", + }, + TestVector { + raw: b"\xAD\xAD\xAD\xAD\xAD", + b64: "hqOfhq8", + }, + TestVector { + raw: b"\xFF\xEF\xFE\xFF\xEF\xFE", + b64: "zzizzziz", + }, + TestVector { + raw: b"\xFF\xFF\xFF\xFF\xFF", + b64: "zzzzzzD", + }, + TestVector { + raw: b"\x40\xC1\x3F\xBD\x05\x4C\x72\x2A\xA3\xC2\xF2\x11\x73\xC0\x69\xEA\ + \x49\x7D\x35\x29\x6B\xCC\x24\x65\xF6\xF9\xD0\x41\x08\x7B\xD7\xA9", + b64: ".3wDxK.Hmdmc09T2n/QOebITpYmOAHGNqbDo/VkSLb8", + }, + TestVector { + raw: b"@ \x0cDa\x1cH\xa2,L\xe3 Scalar; -} - -impl TranscriptProtocol for Transcript { - fn dleq_domain_sep(&mut self) { - self.append_message(b"dom-sep", b"dleq"); - } - - fn batch_dleq_domain_sep(&mut self) { - self.append_message(b"dom-sep", b"batch-dleq"); - } - - fn commit_point(&mut self, label: &'static [u8], point: &CompressedRistretto) { - self.append_message(label, point.as_bytes()); - } - - fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar { - let mut buf = [0; 64]; - self.challenge_bytes(label, &mut buf); - Scalar::from_bytes_mod_order_wide(&buf) - } -} - -#[cfg(test)] -mod tests { - use super::*; - - use crate::voprf::Token; - use rand::rngs::OsRng; - use sha2::Sha512; - - #[test] - #[allow(non_snake_case)] - fn dleq_proof_works() { - let mut rng = OsRng; - - let key1 = SigningKey::random(&mut rng); - let key2 = SigningKey::random(&mut rng); - - let P = RistrettoPoint::random(&mut rng); - let Q = key1.k * P; - - let mut verifier = Transcript::new(b"dleqtest"); - let proof = DLEQProof::_new(&mut verifier, P, Q, &key1).unwrap(); - - let mut verifier = Transcript::new(b"dleqtest"); - assert!(proof._verify(&mut verifier, P, Q, &key1.public_key).is_ok()); - - let P = RistrettoPoint::random(&mut rng); - let Q = key2.k * P; - - let mut transcript = Transcript::new(b"dleqtest"); - let proof = DLEQProof::_new(&mut transcript, P, Q, &key1).unwrap(); - - let mut transcript = Transcript::new(b"dleqtest"); - assert!(!proof - ._verify(&mut transcript, P, Q, &key1.public_key) - .is_ok()); - } - - #[test] - #[allow(non_snake_case)] - fn batch_dleq_proof_works() { - use std::vec::Vec; - - let mut rng = OsRng; - - let key = SigningKey::random(&mut rng); - - let blinded_tokens = vec![Token::random::(&mut rng).blind()]; - let signed_tokens: Vec = blinded_tokens - .iter() - .filter_map(|t| key.sign(t).ok()) - .collect(); - - let mut transcript = Transcript::new(b"batchdleqtest"); - let batch_proof = - BatchDLEQProof::new(&mut transcript, &blinded_tokens, &signed_tokens, &key).unwrap(); - - let mut transcript = Transcript::new(b"batchdleqtest"); - assert!(batch_proof - .verify( - &mut transcript, - &blinded_tokens, - &signed_tokens, - &key.public_key - ) - .is_ok()); - } -} - -/// A `DLEQProof` is a proof of the equivalence of the discrete logarithm between two pairs of points. -#[allow(non_snake_case)] -pub struct DLEQProof { - /// `c` is a `Scalar` - /// \\(c=H_3(X,Y,P,Q,A,B)\\) - pub(crate) c: Scalar, - /// `s` is a `Scalar` - /// \\(s = (t - ck) \mod q\\) - pub(crate) s: Scalar, -} - -#[cfg(feature = "base64")] -impl_base64!(DLEQProof); - -#[cfg(feature = "serde")] -impl_serde!(DLEQProof); - -#[allow(non_snake_case)] -impl DLEQProof { - /// Construct a new `DLEQProof` - fn _new( - transcript: &mut Transcript, - P: RistrettoPoint, - Q: RistrettoPoint, - secret_key: &SigningKey, - ) -> Result { - let X = constants::RISTRETTO_BASEPOINT_COMPRESSED; - let Y = secret_key.public_key.0; - - transcript.dleq_domain_sep(); - - transcript.commit_point(b"X", &X); - transcript.commit_point(b"Y", &Y); - transcript.commit_point(b"P", &P.compress()); - transcript.commit_point(b"Q", &Q.compress()); - - let mut rng = transcript - .build_rng() - .rekey_with_witness_bytes(b"k", secret_key.k.as_bytes()) - .finalize(&mut ChaChaRng::from_seed([0; 32])); - - let t = Scalar::random(&mut rng); - - let A = t * X - .decompress() - .ok_or(TokenError(InternalError::PointDecompressionError))?; - let B = t * P; - - transcript.commit_point(b"A", &A.compress()); - transcript.commit_point(b"B", &B.compress()); - - let c = transcript.challenge_scalar(b"c"); - - let s = t - c * secret_key.k; - - Ok(DLEQProof { c, s }) - } - - /// Verify the `DLEQProof` - fn _verify( - &self, - transcript: &mut Transcript, - P: RistrettoPoint, - Q: RistrettoPoint, - public_key: &PublicKey, - ) -> Result<(), TokenError> { - let X = constants::RISTRETTO_BASEPOINT_COMPRESSED; - let Y = public_key.0; - - transcript.dleq_domain_sep(); - - let A = (&self.s * &constants::RISTRETTO_BASEPOINT_TABLE) - + (self.c - * Y.decompress() - .ok_or(TokenError(InternalError::PointDecompressionError))?); - let B = (self.s * P) + (self.c * Q); - - let P = P.compress(); - let Q = Q.compress(); - let A = A.compress(); - let B = B.compress(); - - transcript.commit_point(b"X", &X); - transcript.commit_point(b"Y", &Y); - transcript.commit_point(b"P", &P); - transcript.commit_point(b"Q", &Q); - transcript.commit_point(b"A", &A); - transcript.commit_point(b"B", &B); - - let c = transcript.challenge_scalar(b"c"); - - if c == self.c { - Ok(()) - } else { - Err(TokenError(InternalError::VerifyError)) - } - } -} - -impl DLEQProof { - /// Convert this `DLEQProof` to a byte array. - pub fn to_bytes(&self) -> [u8; DLEQ_PROOF_LENGTH] { - let mut proof_bytes: [u8; DLEQ_PROOF_LENGTH] = [0u8; DLEQ_PROOF_LENGTH]; - - proof_bytes[..32].copy_from_slice(&self.c.to_bytes()); - proof_bytes[32..].copy_from_slice(&self.s.to_bytes()); - proof_bytes - } - - fn bytes_length_error() -> TokenError { - TokenError(InternalError::BytesLengthError { - name: "DLEQProof", - length: DLEQ_PROOF_LENGTH, - }) - } - - /// Construct a `DLEQProof` from a slice of bytes. - pub fn from_bytes(bytes: &[u8]) -> Result { - if bytes.len() != DLEQ_PROOF_LENGTH { - return Err(DLEQProof::bytes_length_error()); - } - - let mut c_bits: [u8; 32] = [0u8; 32]; - let mut s_bits: [u8; 32] = [0u8; 32]; - - c_bits.copy_from_slice(&bytes[..32]); - s_bits.copy_from_slice(&bytes[32..]); - - let c = Scalar::from_canonical_bytes(c_bits) - .ok_or(TokenError(InternalError::ScalarFormatError))?; - let s = Scalar::from_canonical_bytes(s_bits) - .ok_or(TokenError(InternalError::ScalarFormatError))?; - - Ok(DLEQProof { c, s }) - } -} - -/// A `BatchDLEQProof` is a proof of the equivalence of the discrete logarithm between a common -/// pair of points and one or more other pairs of points. -#[allow(non_snake_case)] -pub struct BatchDLEQProof(DLEQProof); - -#[cfg(feature = "base64")] -impl_base64!(BatchDLEQProof); - -#[cfg(feature = "serde")] -impl_serde!(BatchDLEQProof); - -#[allow(non_snake_case)] -impl BatchDLEQProof { - fn calculate_composites( - transcript: &mut Transcript, - blinded_tokens: &[BlindedToken], - signed_tokens: &[SignedToken], - public_key: &PublicKey, - ) -> Result<(RistrettoPoint, RistrettoPoint), TokenError> { - if blinded_tokens.len() != signed_tokens.len() { - return Err(TokenError(InternalError::LengthMismatchError)); - } - - transcript.commit_point(b"X", &constants::RISTRETTO_BASEPOINT_COMPRESSED); - transcript.commit_point(b"Y", &public_key.0); - - for (Pi, Qi) in blinded_tokens.iter().zip(signed_tokens.iter()) { - transcript.commit_point(b"Pi", &Pi.0); - transcript.commit_point(b"Qi", &Qi.0); - } - - let c_m: Vec = iter::repeat_with(|| transcript.challenge_scalar(b"c_i")) - .take(blinded_tokens.len()) - .collect(); - - let M = RistrettoPoint::optional_multiscalar_mul( - &c_m, - blinded_tokens.iter().map(|Pi| Pi.0.decompress()), - ) - .ok_or(TokenError(InternalError::PointDecompressionError))?; - - let Z = RistrettoPoint::optional_multiscalar_mul( - &c_m, - signed_tokens.iter().map(|Qi| Qi.0.decompress()), - ) - .ok_or(TokenError(InternalError::PointDecompressionError))?; - - Ok((M, Z)) - } - - /// Construct a new `BatchDLEQProof` - pub fn new( - transcript: &mut Transcript, - blinded_tokens: &[BlindedToken], - signed_tokens: &[SignedToken], - signing_key: &SigningKey, - ) -> Result { - transcript.dleq_domain_sep(); - - let (M, Z) = BatchDLEQProof::calculate_composites( - transcript, - blinded_tokens, - signed_tokens, - &signing_key.public_key, - )?; - - Ok(BatchDLEQProof(DLEQProof::_new( - transcript, - M, - Z, - signing_key, - )?)) - } - - /// Verify a `BatchDLEQProof` - pub fn verify( - &self, - transcript: &mut Transcript, - blinded_tokens: &[BlindedToken], - signed_tokens: &[SignedToken], - public_key: &PublicKey, - ) -> Result<(), TokenError> { - transcript.dleq_domain_sep(); - - let (M, Z) = BatchDLEQProof::calculate_composites( - transcript, - blinded_tokens, - signed_tokens, - public_key, - )?; - - self.0._verify(transcript, M, Z, public_key) - } -} - -impl BatchDLEQProof { - /// Convert this `BatchDLEQProof` to a byte array. - pub fn to_bytes(&self) -> [u8; DLEQ_PROOF_LENGTH] { - self.0.to_bytes() - } - - #[cfg(feature = "serde")] - fn bytes_length_error() -> TokenError { - DLEQProof::bytes_length_error() - } - - /// Construct a `BatchDLEQProof` from a slice of bytes. - pub fn from_bytes(bytes: &[u8]) -> Result { - DLEQProof::from_bytes(bytes).map(BatchDLEQProof) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.cargo_vcs_info.json new file mode 100644 index 000000000000..33c87617e420 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "6e5b0fbf4a7c974cb2c18f23431e68ac37aac615" + }, + "path_in_vcs": "" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/renovate.json b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/renovate.json new file mode 100644 index 000000000000..6f29be584880 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "local>brave-intl/renovate-config" + ] +} diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/.github/workflows/audit.yml b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/workflows/audit.yml similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/.github/workflows/audit.yml rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/workflows/audit.yml diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/.github/workflows/ci.yml b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/workflows/ci.yml similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/.github/workflows/ci.yml rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/workflows/ci.yml diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/.github/workflows/clippy.yml b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/workflows/clippy.yml similarity index 68% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/.github/workflows/clippy.yml rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/workflows/clippy.yml index c650ed691f8b..b6b616368b0e 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/.github/workflows/clippy.yml +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/.github/workflows/clippy.yml @@ -12,11 +12,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - - uses: actions-rs/toolchain@v1 - with: - toolchain: nightly-2021-10-17 - components: clippy - override: true - uses: actions-rs/clippy-check@v1 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/Cargo.toml similarity index 80% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/Cargo.toml rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/Cargo.toml index 7dbcc0b37b62..bed70511b595 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/Cargo.toml +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/Cargo.toml @@ -12,7 +12,7 @@ [package] edition = "2018" name = "challenge-bypass-ristretto" -version = "1.0.2" +version = "2.0.0" authors = ["eV "] exclude = [ ".gitignore", @@ -25,7 +25,6 @@ license = "MPL-2.0" repository = "https://github.com/brave-intl/challenge-bypass-ristretto" [package.metadata.docs.rs] -features = ["nightly"] rustdoc-args = [ "--document-private-items", "--html-in-header", @@ -41,31 +40,33 @@ version = "0.13" optional = true [dependencies.crypto-mac] -version = "0.10" +version = "0.11" [dependencies.curve25519-dalek] -version = "3" +version = "4" +features = [ + "precomputed-tables", + "zeroize", + "rand_core", + "digest", +] default-features = false [dependencies.digest] -version = "0.9" - -[dependencies.hmac] version = "0.10" -[dependencies.merlin] -version = "2" -optional = true +[dependencies.hmac] +version = "0.12" [dependencies.rand] -version = "0.7" +version = "0.8" default-features = false [dependencies.rand_chacha] -version = "0.2.2" +version = "0.3" [dependencies.rand_core] -version = "0.5.1" +version = "0.6" [dependencies.serde] version = "^1.0.0" @@ -83,11 +84,11 @@ version = "1.3" version = "0.13" [dev-dependencies.criterion] -version = "0.3.4" +version = "0.5" features = ["html_reports"] [dev-dependencies.rand] -version = "0.7" +version = "0.8" default-features = true [dev-dependencies.serde] @@ -98,24 +99,16 @@ features = ["derive"] version = "1.0" [dev-dependencies.sha2] -version = "0.9" +version = "0.10" [features] alloc = ["curve25519-dalek/alloc"] -avx2_backend = ["curve25519-dalek/avx2_backend"] -default = [ - "std", - "u64_backend", -] -nightly = ["curve25519-dalek/nightly"] +default = ["std"] serde_base64 = [ "serde", "base64", ] std = [ "alloc", - "curve25519-dalek/std", "subtle/std", ] -u32_backend = ["curve25519-dalek/u32_backend"] -u64_backend = ["curve25519-dalek/u64_backend"] diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/Cargo.toml.orig similarity index 59% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/Cargo.toml.orig rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/Cargo.toml.orig index 2f66ec33c064..d50c3e89409c 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/Cargo.toml.orig +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/Cargo.toml.orig @@ -2,7 +2,7 @@ authors = ["eV "] edition = "2018" name = "challenge-bypass-ristretto" -version = "1.0.2" +version = "2.0.0" readme = "README.md" license = "MPL-2.0" repository = "https://github.com/brave-intl/challenge-bypass-ristretto" @@ -14,13 +14,13 @@ exclude = [ ] [dependencies] -crypto-mac = "0.10" -curve25519-dalek = { version = "3", default-features = false } -digest = "0.9" -hmac = "0.10" -rand = { version = "0.7", default-features = false } -rand_core = "0.5.1" -rand_chacha = "0.2.2" +crypto-mac = "0.11" +curve25519-dalek = { version = "4", default-features = false, features = ["precomputed-tables", "zeroize", "rand_core", "digest"]} +digest = "0.10" +hmac = "0.12" +rand = { version = "0.8", default-features = false } +rand_core = "0.6" +rand_chacha = "0.3" subtle = { version = "^2.2", default-features = false } zeroize = "1.3" @@ -33,30 +33,21 @@ optional = true version = "^1.0.0" default-features = false -[dependencies.merlin] -optional = true -version = "2" - [dev-dependencies] serde_json = "1.0" serde = { version = "^1.0.0", features = ["derive"] } -sha2 = "0.9" +sha2 = "0.10" base64 = "0.13" -rand = { version = "0.7", default-features = true } -criterion = { version = "0.3.4", features = ["html_reports"] } +rand = { version = "0.8", default-features = true } +criterion = { version = "0.5", features = ["html_reports"] } [features] -nightly = ["curve25519-dalek/nightly"] -default = ["std", "u64_backend"] -std = ["alloc", "curve25519-dalek/std", "subtle/std"] +default = ["std"] +std = ["alloc", "subtle/std"] alloc = ["curve25519-dalek/alloc"] -u32_backend = ["curve25519-dalek/u32_backend"] -u64_backend = ["curve25519-dalek/u64_backend"] -avx2_backend = ["curve25519-dalek/avx2_backend"] serde_base64 = ["serde", "base64"] [package.metadata.docs.rs] -features = ["nightly"] rustdoc-args = [ "--document-private-items", "--html-in-header", diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/LICENSE b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/LICENSE similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/LICENSE rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/LICENSE diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/Makefile b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/Makefile new file mode 100644 index 000000000000..91a98057fb57 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/Makefile @@ -0,0 +1,4 @@ +.PHONY: docs + +docs: + cargo rustdoc -- --document-private-items --html-in-header ./rustdoc-include-katex-header.html diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/README.md b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/README.md similarity index 90% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/README.md rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/README.md index 10aa14196ef4..80431425f41d 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/README.md +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/README.md @@ -1,4 +1,4 @@ -# challenge-bypass-ristretto [![](https://img.shields.io/crates/v/challenge-bypass-ristretto.svg)](https://crates.io/crates/challenge-bypass-ristretto) [![](https://docs.rs/challenge-bypass-ristretto/badge.svg)](https://docs.rs/challenge-bypass-ristretto) [![Build Status](https://travis-ci.org/brave-intl/challenge-bypass-ristretto.svg?branch=master)](https://travis-ci.org/brave-intl/challenge-bypass-ristretto) +# challenge-bypass-ristretto [![](https://img.shields.io/crates/v/challenge-bypass-ristretto.svg)](https://crates.io/crates/challenge-bypass-ristretto) [![](https://docs.rs/challenge-bypass-ristretto/badge.svg)](https://docs.rs/challenge-bypass-ristretto) [![Build Status](https://github.com/brave-intl/challenge-bypass-ristretto/workflows/CI/badge.svg)](https://github.com/brave-intl/challenge-bypass-ristretto/actions) **A rust implemention of the [privacy pass cryptographic protocol](https://www.petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf) @@ -99,10 +99,6 @@ The optional features include `base64` and `serde`. * `base64` exposes methods for base64 encoding / decoding of the various structures. * `serde` implements the [serde](https://serde.rs) `Serialize` / `Deserialize` traits. -`merlin` is an experimental feature that uses [merlin](https://github.com/dalek-cryptography/merlin) to implement the DLEQ proofs. This diverges from -the original protocol specified in the privacy pass paper. It is not yet stable / intended for use and -is implemented in [`src/dleq_merlin.rs`]. - # Development Install rust. @@ -115,6 +111,5 @@ Run `cargo build` Run `cargo test` -[`src/dleq_merlin.rs`]: src/dleq_merlin.rs [`tests/e2e.rs`]: tests/e2e.rs [a more detailed writeup is also available]: https://docs.rs/challenge-bypass-ristretto#cryptographic-protocol diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/benches/benchmarks.rs b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/benches/benchmarks.rs similarity index 98% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/benches/benchmarks.rs rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/benches/benchmarks.rs index 0f8fbe80fe45..b2ac9e776e85 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/benches/benchmarks.rs +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/benches/benchmarks.rs @@ -31,7 +31,7 @@ pub fn e2e_server_benchmarks(c: &mut Criterion) { let signing_req = client.create_tokens(n_tokens); - c.bench_function("sing pre-tokens", |b| { + c.bench_function("sign pre-tokens", |b| { b.iter(|| { let _signing_resp = server.sign_tokens(signing_req.clone()); }); @@ -72,7 +72,6 @@ struct Client { unblinded_tokens: Vec, } -#[cfg(not(feature = "merlin"))] impl Client { fn create_tokens(&mut self, n: u8) -> SigningRequest { let mut rng = OsRng; @@ -137,7 +136,6 @@ struct Server { spent_tokens: Vec, } -#[cfg(not(feature = "merlin"))] impl Server { fn sign_tokens(&self, req: SigningRequest) -> SigningResponse { let mut rng = OsRng; diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/docs/PROTOCOL.md b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/docs/PROTOCOL.md similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/docs/PROTOCOL.md rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/docs/PROTOCOL.md diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/rustdoc-include-katex-header.html b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/rustdoc-include-katex-header.html similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/rustdoc-include-katex-header.html rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/rustdoc-include-katex-header.html diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/rustfmt.toml b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/rustfmt.toml similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/rustfmt.toml rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/rustfmt.toml diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/dleq.rs b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/dleq.rs similarity index 97% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/dleq.rs rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/dleq.rs index 1d5e08a78aca..adff20872030 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/dleq.rs +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/dleq.rs @@ -1,7 +1,7 @@ #[cfg(all(feature = "alloc", not(feature = "std")))] use alloc::vec::Vec; -#[cfg(all(feature = "std"))] +#[cfg(feature = "std")] use std::vec::Vec; use core::iter; @@ -49,7 +49,7 @@ impl DLEQProof { { let t = Scalar::random(rng); - let A = &t * &constants::RISTRETTO_BASEPOINT_TABLE; + let A = t * constants::RISTRETTO_BASEPOINT_POINT; let B = t * P; let mut h = D::default(); @@ -113,7 +113,7 @@ impl DLEQProof { let X = constants::RISTRETTO_BASEPOINT_COMPRESSED; let Y = public_key.0; - let A = (&self.s * &constants::RISTRETTO_BASEPOINT_TABLE) + let A = (self.s * constants::RISTRETTO_BASEPOINT_POINT) + (self.c * Y.decompress() .ok_or(TokenError(InternalError::PointDecompressionError))?); @@ -195,9 +195,9 @@ impl DLEQProof { c_bits.copy_from_slice(&bytes[..32]); s_bits.copy_from_slice(&bytes[32..]); - let c = Scalar::from_canonical_bytes(c_bits) + let c = Option::from(Scalar::from_canonical_bytes(c_bits)) .ok_or(TokenError(InternalError::ScalarFormatError))?; - let s = Scalar::from_canonical_bytes(s_bits) + let s = Option::from(Scalar::from_canonical_bytes(s_bits)) .ok_or(TokenError(InternalError::ScalarFormatError))?; Ok(DLEQProof { c, s }) @@ -379,7 +379,7 @@ mod tests { let proof = DLEQProof::_new::(&mut rng, P, Q, &key1); - assert!(!proof._verify::(P, Q, &key1.public_key).is_ok()); + assert!(proof._verify::(P, Q, &key1.public_key).is_err()); } #[allow(non_snake_case)] @@ -393,9 +393,7 @@ mod tests { ("tviSLm/W8oFds67y9lMs990fjh08hQNV17/4V2bmOQY=", "5ufRlCvVKvXp1yuxxS7Jvw9LSwQUl6Q/MlT6HY2l1Hc=", "zOVEbK4KQ1GBW97YUVNguoN+NntwtGi1t+EeioMusXY=", "lH2gNbwqSC1nYYxT3I7fNQagTsD4OvSbzwrSCpanQkQ=", "NJF9U3TWiCWMd6Qh/vA90F/2N6udsXbTvifNxf0rzgbhInoEvYDi5jZAZUQEi7x7mmP8iFq7+ukoOroy6/8jCw=="), ("Ge3prZ2jJSoh1A3ZvrSfaSA1kDziGW2I+Gmh6jniaAs=", "2nNCd5YN9H5EYlOL9/kmLYNBMkaLwnG3wjyd7jw2QAY=", "YHdAzlpSTAMy3mB+F4mPwlyVl+V9Yt4f3cDPNJpWdns=", "gEnqgXg3FDaCQFayTXrIfpbZ2n0P6FD/95LuMsdIfFk=", "Fj2/YunbQs5XxSyLxl/fC4dAfRlErGurTtHHSfGKyQTzrLZrO7VghmGFQaMAXZ+jg+6v99YL6FWj1Y/5WFt2Aw=="), ]; - for i in 0..vectors.len() { - let (k, Y, P, Q_b64, dleq_b64) = vectors[i]; - + for (k, Y, P, Q_b64, dleq_b64) in vectors { let server_key = SigningKey::decode_base64(k).unwrap(); assert_eq!(server_key.public_key.encode_base64(), Y); @@ -430,9 +428,7 @@ mod tests { ("siv+BM3AvP8Jv1aL4MFhMs9Xa6jxUNhFXpTWDfGrZQQ=", "XgFOlHEz5zm5dtx6ptYIXNg1NsJ/3vAq+cf/9eBkbxI=", "dsaMl4/9FcOFtaW3l65y1Z9ETJR36aTcXPMp+w4HGUY=,aH2q1HiReMA/Ney2NNZCgl+5GKK9xrxVwdC+THq9pFY=,uGRqS51VD7DuK0gSpMb3owRld57W6DqOyZpygXJVpmI=,Bvv+lqtCg39SD1H218rPZdQTmYPe2HD3QScntqw1oFA=,9IHWUyv/SCwZ4WKEGi58+bQ5nHsaDBXCku2vOzGvgUY=", "4lPV/OyNjVy4VTUvaROxCuq4ryfegkt7jt5IhrX9THo=,4EAmV5Mv3a/IQFsfVlaFxErNc96Ns980FT4yLlCdoxA=,bgGM37uBMLdRRAd1cu/4Iq+FzFwzRFLVhqp2uGFnPQc=,rCn4OuWnV5tTsgcPJAYRSqfONZf9k/92fwzWHtUxxh8=,lHCDzazDlU0w735u7OQmJM96WGeaNFILanawmC9EwFE=", "jotItTWLW/kpDeh8KJQtNqM7ON0YibEJ7R8VnMHP7Cs=", "Pu49xb3Ixn+Dfg6s+wgjyoPy7ickB5lM7/MxQVdpaUI=", "N6vDmGbYZ0aa9S2JqWSYppiX1AV33QDXGc8FHaF0aQ9y6Hp68UEkI2x5AJQ3URqS+5/x1AuucMH0AOMcLNqODg=="), ("jTTf/D0gicaG++cQJ1X4qYaOqk4YPo0p6Mo2B95kJAg=", "LCtewONuYTXljy+oK73/m7CON/vr/e1r4aDaVE3xDnc=", "GsomH3aBo6qBHaNGzZZ/pNOviBTbZrUfpthgYU5jAmU=,wHvznjZDA9L8dgQGEj7wf1/QGxunE5/WYdxUpQX4Umc=,ZMxkDV7epUgmpix38jBfWv42VeMQefypY56dnysikWA=,aEy+/J0AFmjYGTjcv5y942fleEk/0rwqlD+kXSn0vCM=,QJMHfIYUraWdJKzenROtgLyjU9MrDtDDwFfDNIcjCHA=", "aGUXY5bBYoDmw4x1muwHzKp1w2sITQMeDfsyxv9EUDc=,qh0wfC/wAdclIJ79R+IIpPJLJM5aBe/i5i54dQOn3Vk=,zCi7XaHyO/b9SfN2AYuJcC60zqnIorkXMjjbixhEKxk=,XlBf7DyH5FtcUyr9Gfnj8i3cnKKPtWGHXm/LpIQX4gM=,wHtZg2i40wdxQvHehZEunTHiODSuEMv8suwFaqynmTQ=", "osUDqpps33Jw0k7vEHFCAk+iywlE7YrXrX5RfqC0olA=", "LnD9wlZrDo3v6dw56owm6NazoBLKwtqMPWdtxSRVWxc=", "KVEotBgIaz5Rymqpy4paroHGQyD/80FdvLCrONxDzQUWgNZxZ6aiCJ2VxIGP+6+86FZXS1sXGgs3dwft/VMCCw=="), ]; - for i in 0..vectors.len() { - let (k, Y, P, Q, M_b64, Z_b64, dleq_b64) = vectors[i]; - + for (k, Y, P, Q, M_b64, Z_b64, dleq_b64) in vectors { let server_key = SigningKey::decode_base64(k).unwrap(); assert_eq!(server_key.public_key.encode_base64(), Y); diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/errors.rs b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/errors.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/errors.rs rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/errors.rs diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/lib.rs similarity index 90% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/lib.rs rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/lib.rs index 5ee871417590..a42af275a979 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/lib.rs +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/lib.rs @@ -2,7 +2,6 @@ #![cfg_attr(all(feature = "alloc", not(feature = "std")), feature(alloc))] #![deny(missing_docs)] #![cfg_attr(feature = "cargo-clippy", allow(clippy::many_single_char_names))] -//! [`src/dleq_merlin.rs`]: javascript:void(0) //! [`tests/e2e.rs`]: javascript:void(0) //! [a more detailed writeup is also available]: #cryptographic-protocol //! [`T`]: struct.TokenPreimage.html#method.T @@ -32,10 +31,7 @@ mod macros; mod oprf; -#[cfg(not(feature = "merlin"))] mod dleq; -#[cfg(feature = "merlin")] -mod dleq_merlin; pub mod errors; pub mod voprf; diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/macros.rs b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/macros.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/macros.rs rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/macros.rs diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/oprf.rs b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/oprf.rs similarity index 97% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/oprf.rs rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/oprf.rs index 4c988dc44fa6..b8add4ba7acb 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/oprf.rs +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/oprf.rs @@ -4,9 +4,9 @@ use curve25519_dalek::constants; use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint}; use curve25519_dalek::scalar::Scalar; use digest::generic_array::typenum::U64; -use digest::Digest; +use digest::{Digest, KeyInit}; use hmac::digest::generic_array::GenericArray; -use hmac::{Mac, NewMac}; +use hmac::Mac; use rand::{CryptoRng, Rng}; use subtle::{Choice, ConstantTimeEq}; use zeroize::Zeroize; @@ -198,7 +198,7 @@ impl Token { let mut blinding_factor_bits: [u8; 32] = [0u8; 32]; blinding_factor_bits.copy_from_slice(&bytes[TOKEN_PREIMAGE_LENGTH..]); - let blinding_factor = Scalar::from_canonical_bytes(blinding_factor_bits) + let blinding_factor = Option::from(Scalar::from_canonical_bytes(blinding_factor_bits)) .ok_or(TokenError(InternalError::ScalarFormatError))?; Ok(Token { @@ -319,7 +319,7 @@ impl SigningKey { /// Generates a new random `SigningKey` using the provided random number generator. pub fn random(rng: &mut T) -> Self { let k = Scalar::random(rng); - let Y = &k * &constants::RISTRETTO_BASEPOINT_TABLE; + let Y = k * constants::RISTRETTO_BASEPOINT_POINT; SigningKey { k, public_key: PublicKey(Y.compress()), @@ -369,10 +369,10 @@ impl SigningKey { let mut bits: [u8; 32] = [0u8; 32]; bits.copy_from_slice(&bytes[..32]); - let k = Scalar::from_canonical_bytes(bits) + let k = Option::from(Scalar::from_canonical_bytes(bits)) .ok_or(TokenError(InternalError::ScalarFormatError))?; - let Y = &k * &constants::RISTRETTO_BASEPOINT_TABLE; + let Y: RistrettoPoint = k * constants::RISTRETTO_BASEPOINT_POINT; Ok(SigningKey { public_key: PublicKey(Y.compress()), @@ -510,9 +510,9 @@ impl VerificationKey { /// Use the `VerificationKey` to "sign" a message, producing a `VerificationSignature` pub fn sign(&self, message: &[u8]) -> VerificationSignature where - D: Mac + NewMac, + D: Mac + KeyInit, { - let mut mac = D::new_varkey(self.0.as_ref()).unwrap(); + let mut mac = ::new_from_slice(self.0.as_ref()).unwrap(); mac.update(message); VerificationSignature(mac.finalize().into_bytes()) @@ -522,7 +522,7 @@ impl VerificationKey { /// provided `VerificationSignature` pub fn verify(&self, sig: &VerificationSignature, message: &[u8]) -> bool where - D: Mac + NewMac, + D: Mac + KeyInit, { &self.sign::(message) == sig } @@ -584,8 +584,6 @@ mod tests { use rand::rngs::OsRng; use sha2::Sha512; - use base64; - use super::*; type HmacSha512 = Hmac; @@ -605,9 +603,7 @@ mod tests { ("N8oRiMuSrYdp9TMKp++AP8ridXqdX6BoPOucx2eRCQE=", "mnikks9ySHzZGMgoPZ0SRA8/JJkMh5aA+m3eqeMfqTE=", "9sNH3G618rH0vy3TKBMNRQDKOb66LUKBo9jOtMsezeN4sgAp+2pMVDMS5BATkVxXAW5dpoGUTMJ3+cfnX0plSg==", "f44zH9r/YnCyaHZnKtEc/68diotEo1GjQ5MWepNEXAk=", "EEH0FTbmxN5XoXnAHmIH0y4VjcixJ5U9T8WqXgP2IAg=", "Km0KASMeIqj0s5vswz+WEYptTx2Y0fOb9cVjb+UKexw=", "lNDdKND+R/JmDrM08Q7w7ePoXT7/hgzGU6xVBU5RFig="), ("Nye8fMOQJv1HjCY6qxG0Br661wjd8OwNI1O0ZbkmGAc=", "5szoRS3/9jdVTmhswiS9yyaLeC2I0CfBAUzfe0zGjz8=", "OkOqxU+boJmNIhmzusoRGUDVJLfPlGd9bFV3UPpNueEHfu21um4zwQSuJUQ8hr8VgzU63fb93Rmk/0kRiOPUhw==", "ZBztTnJvQKmPkxfgzGzufhRa6o4oUPublpOIhODHKA4=", "lD1eLLmRw7ebLOd51OQSps51cZGTIg2DM+GL38bQQww=", "qA27hu9S60UX0jfnWJQgUBllQvfOPu+jQVkphi6Sv24=", "HhPZFQiNAYzG+niNmUiWut2g/YMhox86h1XyZypQfVk="), ]; - for i in 0..vectors.len() { - let (k, Y, seed, r, P, Q, W) = vectors[i]; - + for (k, Y, seed, r, P, Q, W) in vectors { let server_key = SigningKey::decode_base64(k).unwrap(); let seed = base64::decode(seed).unwrap(); @@ -635,7 +631,7 @@ mod tests { W_bits.copy_from_slice(&W_bytes[..32]); let W = CompressedRistretto(W_bits); - let unblinded_token_expected = UnblindedToken { W: W, t: token.t }; + let unblinded_token_expected = UnblindedToken { W, t: token.t }; assert!(unblinded_token.encode_base64() == unblinded_token_expected.encode_base64()); } } diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/voprf.rs b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/voprf.rs similarity index 57% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/voprf.rs rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/voprf.rs index f1d44b2d01a6..953b39854602 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/src/voprf.rs +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/src/voprf.rs @@ -1,8 +1,5 @@ //! An implementation of a verifiable oblivious pseudorandom function -#[cfg(not(feature = "merlin"))] pub use crate::dleq::*; -#[cfg(feature = "merlin")] -pub use crate::dleq_merlin::*; pub use crate::oprf::*; diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tests/e2e.rs b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tests/e2e.rs similarity index 98% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tests/e2e.rs rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tests/e2e.rs index 6e7b2f28710d..da39e914f621 100644 --- a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tests/e2e.rs +++ b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tests/e2e.rs @@ -41,7 +41,6 @@ struct Client { unblinded_tokens: Vec, } -#[cfg(not(feature = "merlin"))] impl Client { fn create_tokens(&mut self, n: u8) -> SigningRequest { let mut rng = OsRng; @@ -106,7 +105,6 @@ struct Server { spent_tokens: Vec, } -#[cfg(not(feature = "merlin"))] impl Server { fn sign_tokens(&self, req: SigningRequest) -> SigningResponse { let mut rng = OsRng; @@ -158,7 +156,6 @@ impl Server { } #[test] -#[cfg(not(feature = "merlin"))] fn e2e_works() { let mut rng = OsRng; let signing_key = SigningKey::random(&mut rng); diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/dleq-test-gen/go.mod b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/dleq-test-gen/go.mod similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/dleq-test-gen/go.mod rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/dleq-test-gen/go.mod diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/dleq-test-gen/go.sum b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/dleq-test-gen/go.sum similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/dleq-test-gen/go.sum rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/dleq-test-gen/go.sum diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/dleq-test-gen/main.go b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/dleq-test-gen/main.go similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/dleq-test-gen/main.go rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/dleq-test-gen/main.go diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/oprf-test-gen/go.mod b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/oprf-test-gen/go.mod similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/oprf-test-gen/go.mod rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/oprf-test-gen/go.mod diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/oprf-test-gen/go.sum b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/oprf-test-gen/go.sum similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/oprf-test-gen/go.sum rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/oprf-test-gen/go.sum diff --git a/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/oprf-test-gen/main.go b/third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/oprf-test-gen/main.go similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-1.0.2/tools/oprf-test-gen/main.go rename to third_party/rust/chromium_crates_io/vendor/challenge-bypass-ristretto-2.0.0/tools/oprf-test-gen/main.go diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/.cargo_vcs_info.json new file mode 100644 index 000000000000..a460abcc266c --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "4432bcc0b2b721865740517e609e166e01726ccc" + }, + "path_in_vcs": "const-oid" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/CHANGELOG.md new file mode 100644 index 000000000000..f47c0c413c0e --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/CHANGELOG.md @@ -0,0 +1,197 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## 0.9.6 (2023-12-14) +### Added +- RFC 6962 OID ([#1282]) + +[#1282]: https://github.com/RustCrypto/formats/pull/1282 + +## 0.9.5 (2023-08-02) +### Added +- rfc8410 (curve25519) OIDS. ([#867]) + +[#867]: https://github.com/RustCrypto/formats/pull/867 + +## 0.9.4 (2023-07-10) +### Added +- rfc8894 (SCEP) OIDs. ([#1114]) + +[#1114]: https://github.com/RustCrypto/formats/pull/1114 + +## 0.9.3 (2023-06-29) +### Added +- `Database::find_names_for_oid` ([#1129]) + +[#1129]: https://github.com/RustCrypto/formats/pull/1129 + +## 0.9.2 (2023-02-26) +### Added +- Implement `Arbitrary` trait ([#761]) + +[#761]: https://github.com/RustCrypto/formats/pull/761 + +## 0.9.1 (2022-11-12) +### Added +- clippy lints for checked arithmetic and panics ([#561]) +- `DynAssociatedOid` trait ([#758]) + +[#561]: https://github.com/RustCrypto/formats/pull/561 +[#758]: https://github.com/RustCrypto/formats/pull/758 + +## 0.9.0 (2022-03-11) +### Added +- Fallible `const fn` parser + `::new_unwrap` ([#458], [#459]) +- OID database gated under the `db` feature ([#451], [#453], [#456], [#488]) +- `AssociatedOid` trait ([#479]) +- `ObjectIdentifier::push_arc` ([#504]) +- `ObjectIdentifier::parent` ([#505]) + +### Changed +- `ObjectIdentifier::new` now returns a `Result` ([#458]) + +[#451]: https://github.com/RustCrypto/formats/pull/451 +[#453]: https://github.com/RustCrypto/formats/pull/453 +[#456]: https://github.com/RustCrypto/formats/pull/456 +[#458]: https://github.com/RustCrypto/formats/pull/458 +[#459]: https://github.com/RustCrypto/formats/pull/459 +[#479]: https://github.com/RustCrypto/formats/pull/479 +[#488]: https://github.com/RustCrypto/formats/pull/488 +[#504]: https://github.com/RustCrypto/formats/pull/504 +[#505]: https://github.com/RustCrypto/formats/pull/505 + +## 0.8.0 (2022-01-17) +### Changed +- Leverage `const_panic`; MSRV 1.57 ([#341]) + +[#341]: https://github.com/RustCrypto/formats/pull/341 + +## 0.7.1 (2021-11-30) +### Changed +- Increase `MAX_SIZE` to 39 ([#258]) + +[#258]: https://github.com/RustCrypto/formats/pull/258 + +## 0.7.0 (2021-11-14) [YANKED] +### Changed +- Rust 2021 edition upgrade; MSRV 1.56 ([#136]) +- Rename `MAX_LENGTH` to `MAX_SIZE`; bump to `31` ([#174]) +- Make `length` the first field of `ObjectIdentifier` ([#178]) + +### Fixed +- `debug_assert!` false positive on large arc ([#180]) + +[#136]: https://github.com/RustCrypto/formats/pull/136 +[#174]: https://github.com/RustCrypto/formats/pull/174 +[#178]: https://github.com/RustCrypto/formats/pull/178 +[#180]: https://github.com/RustCrypto/formats/pull/180 + +## 0.6.2 (2021-10-14) +### Fixed +- Off-by-one error parsing large BER arcs ([#84]) + +[#84]: https://github.com/RustCrypto/formats/pull/84 + +## 0.6.1 (2021-09-14) [YANKED] +### Changed +- Moved to `formats` repo ([#2]) + +[#2]: https://github.com/RustCrypto/formats/pull/2 + +## 0.6.0 (2021-06-03) [YANKED] +### Changed +- Modernize and remove deprecations; MSRV 1.51+ + +## 0.5.2 (2021-04-20) +### Added +- Expand README.md + +## 0.5.1 (2021-04-15) +### Added +- `ObjectIdentifier::MAX_LENGTH` constant + +### Changed +- Deprecate `ObjectIdentifier::max_len()` function + +## 0.5.0 (2021-03-21) +### Added +- `TryFrom<&[u8]>` impl on `ObjectIdentifier` + +## Changed +- MSRV 1.47+ +- Renamed the following methods: + - `ObjectIdentifier::new` => `ObjectIdentifier::from_arcs` + - `ObjectIdentifier::parse` => `ObjectIdentifier::new` + - `ObjectIdentifier::from_ber` => `ObjectIdentifier::from_bytes` + +### Removed +- Deprecated methods +- `alloc` feature - only used by aforementioned deprecated methods +- `TryFrom<&[Arc]>` impl on `ObjectIdentifier` - use `::from_arcs` + +## 0.4.5 (2021-03-04) +### Added +- `Hash` and `Ord` impls on `ObjectIdentifier` + +## 0.4.4 (2021-02-28) +### Added +- `ObjectIdentifier::as_bytes` method + +### Changed +- Internal representation changed to BER/DER +- Deprecated `ObjectIdentifier::ber_len`, `::write_ber`, and `::to_ber` + +## 0.4.3 (2021-02-24) +### Added +- Const-friendly OID string parser + +## 0.4.2 (2021-02-19) +### Fixed +- Bug in root arc calculation + +## 0.4.1 (2020-12-21) +### Fixed +- Bug in const initializer + +## 0.4.0 (2020-12-16) +### Added +- `Arcs` iterator + +### Changed +- Rename "nodes" to "arcs" +- Layout optimization +- Refactor and improve length limits + +## 0.3.5 (2020-12-12) +### Added +- `ObjectIdentifier::{write_ber, to_ber}` methods + +## 0.3.4 (2020-12-06) +### Changed +- Documentation improvements + +## 0.3.3 (2020-12-05) +### Changed +- Improve description in Cargo.toml/README.md + +## 0.3.2 (2020-12-05) +### Changed +- Documentation improvements + +## 0.3.1 (2020-12-05) +### Added +- Impl `TryFrom<&[u32]>` for ObjectIdentifier + +## 0.3.0 (2020-12-05) [YANKED] +### Added +- Byte and string parsers + +## 0.2.0 (2020-09-05) +### Changed +- Validate OIDs are well-formed; MSRV 1.46+ + +## 0.1.0 (2020-08-04) +- Initial release diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/Cargo.toml new file mode 100644 index 000000000000..cc58c4ccbffa --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/Cargo.toml @@ -0,0 +1,58 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +edition = "2021" +rust-version = "1.57" +name = "const-oid" +version = "0.9.6" +authors = ["RustCrypto Developers"] +description = """ +Const-friendly implementation of the ISO/IEC Object Identifier (OID) standard +as defined in ITU X.660, with support for BER/DER encoding/decoding as well as +heapless no_std (i.e. embedded) support +""" +documentation = "https://docs.rs/const-oid" +readme = "README.md" +keywords = [ + "iso", + "iec", + "itu", + "oid", +] +categories = [ + "cryptography", + "data-structures", + "encoding", + "no-std", + "parser-implementations", +] +license = "Apache-2.0 OR MIT" +repository = "https://github.com/RustCrypto/formats/tree/master/const-oid" + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = [ + "--cfg", + "docsrs", +] + +[dependencies.arbitrary] +version = "1.2" +features = ["derive"] +optional = true + +[dev-dependencies.hex-literal] +version = "0.3" + +[features] +db = [] +std = [] diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/Cargo.toml.orig new file mode 100644 index 000000000000..368373d15cf2 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/Cargo.toml.orig @@ -0,0 +1,31 @@ +[package] +name = "const-oid" +version = "0.9.6" +authors = ["RustCrypto Developers"] +license = "Apache-2.0 OR MIT" +description = """ +Const-friendly implementation of the ISO/IEC Object Identifier (OID) standard +as defined in ITU X.660, with support for BER/DER encoding/decoding as well as +heapless no_std (i.e. embedded) support +""" +documentation = "https://docs.rs/const-oid" +repository = "https://github.com/RustCrypto/formats/tree/master/const-oid" +categories = ["cryptography", "data-structures", "encoding", "no-std", "parser-implementations"] +keywords = ["iso", "iec", "itu", "oid"] +readme = "README.md" +edition = "2021" +rust-version = "1.57" + +[dependencies] +arbitrary = { version = "1.2", optional = true, features = ["derive"] } + +[dev-dependencies] +hex-literal = "0.3" + +[features] +std = [] +db = [] + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = ["--cfg", "docsrs"] diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/LICENSE-APACHE b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/LICENSE-APACHE similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/LICENSE-APACHE rename to third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/LICENSE-APACHE diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/LICENSE-MIT b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/LICENSE-MIT similarity index 94% rename from third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/LICENSE-MIT rename to third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/LICENSE-MIT index 8dcb85b30273..1b78809158a4 100644 --- a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/LICENSE-MIT +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/LICENSE-MIT @@ -1,4 +1,4 @@ -Copyright (c) 2017 Artyom Pavlov +Copyright (c) 2020-2022 The RustCrypto Project Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/README.md b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/README.md new file mode 100644 index 000000000000..fae3cfc3f9a3 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/README.md @@ -0,0 +1,96 @@ +# [RustCrypto]: Object Identifiers (OIDs) + +[![crate][crate-image]][crate-link] +[![Docs][docs-image]][docs-link] +[![Build Status][build-image]][build-link] +![Apache2/MIT licensed][license-image] +![Rust Version][rustc-image] +[![Project Chat][chat-image]][chat-link] + +Const-friendly implementation of the ISO/IEC Object Identifier (OID) standard +as defined in ITU [X.660], with support for BER/DER encoding/decoding as well +as heapless `no_std` (i.e. embedded) environments. + +[Documentation][docs-link] + +## About OIDs + +Object Identifiers, a.k.a. OIDs, are an International Telecommunications +Union (ITU) and ISO/IEC standard for naming any object, concept, or "thing" +with a globally unambiguous persistent name. + +The ITU's [X.660] standard provides the OID specification. Every OID is part of +a hierarchical namespace which begins with a *root OID*, which is either the +ITU's root OID (0), the ISO's root OID (1), or the joint ISO/ITU root OID (2). + +The following is an example of an OID, in this case identifying the +`rsaEncryption` algorithm: + +```text +1.2.840.113549.1.1.1 +``` + +For more information, see: + +## Implementation + +This library supports parsing OIDs in const contexts, e.g.: + +```rust +use const_oid::ObjectIdentifier; + +pub const MY_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1"); +``` + +The OID parser is implemented entirely in terms of `const fn` and without the +use of proc macros. + +Additionally, it also includes a `const fn` OID serializer, and stores the OIDs +parsed from const contexts encoded using the BER/DER serialization +(sans header). + +This allows `ObjectIdentifier` to impl `AsRef<[u8]>` which can be used to +obtain the BER/DER serialization of an OID, even one declared `const`. + +Additionally, it impls `FromStr` and `TryFrom<&[u8]>` and functions just as +well as a runtime OID library. + +## Minimum Supported Rust Version + +This crate requires **Rust 1.57** at a minimum. + +We may change the MSRV in the future, but it will be accompanied by a minor +version bump. + +## License + +Licensed under either of: + +* [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) +* [MIT license](http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you, as defined in the Apache-2.0 license, shall be +dual licensed as above, without any additional terms or conditions. + +[//]: # (badges) + +[crate-image]: https://buildstats.info/crate/const-oid +[crate-link]: https://crates.io/crates/const-oid +[docs-image]: https://docs.rs/const-oid/badge.svg +[docs-link]: https://docs.rs/const-oid/ +[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.57+-blue.svg +[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg +[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/300570-formats +[build-image]: https://github.com/RustCrypto/formats/workflows/const-oid/badge.svg?branch=master&event=push +[build-link]: https://github.com/RustCrypto/formats/actions + +[//]: # (links) + +[RustCrypto]: https://github.com/rustcrypto +[X.660]: https://www.itu.int/rec/T-REC-X.660 diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/arcs.rs b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/arcs.rs new file mode 100644 index 000000000000..7bf7a9a13e10 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/arcs.rs @@ -0,0 +1,170 @@ +//! Arcs are integer values which exist within an OID's hierarchy. + +use crate::{Error, ObjectIdentifier, Result}; +use core::mem; + +/// Type alias used to represent an "arc" (i.e. integer identifier value). +/// +/// X.660 does not define a maximum size of an arc. +/// +/// The current representation is `u32`, which has been selected as being +/// sufficient to cover the current PKCS/PKIX use cases this library has been +/// used in conjunction with. +/// +/// Future versions may potentially make it larger if a sufficiently important +/// use case is discovered. +pub type Arc = u32; + +/// Maximum value of the first arc in an OID. +pub(crate) const ARC_MAX_FIRST: Arc = 2; + +/// Maximum value of the second arc in an OID. +pub(crate) const ARC_MAX_SECOND: Arc = 39; + +/// Maximum number of bytes supported in an arc. +const ARC_MAX_BYTES: usize = mem::size_of::(); + +/// Maximum value of the last byte in an arc. +const ARC_MAX_LAST_OCTET: u8 = 0b11110000; // Max bytes of leading 1-bits + +/// [`Iterator`] over [`Arc`] values (a.k.a. nodes) in an [`ObjectIdentifier`]. +/// +/// This iterates over all arcs in an OID, including the root. +pub struct Arcs<'a> { + /// OID we're iterating over + oid: &'a ObjectIdentifier, + + /// Current position within the serialized DER bytes of this OID + cursor: Option, +} + +impl<'a> Arcs<'a> { + /// Create a new iterator over the arcs of this OID + pub(crate) fn new(oid: &'a ObjectIdentifier) -> Self { + Self { oid, cursor: None } + } + + /// Try to parse the next arc in this OID. + /// + /// This method is fallible so it can be used as a first pass to determine + /// that the arcs in the OID are well-formed. + pub(crate) fn try_next(&mut self) -> Result> { + match self.cursor { + // Indicates we're on the root OID + None => { + let root = RootArcs::try_from(self.oid.as_bytes()[0])?; + self.cursor = Some(0); + Ok(Some(root.first_arc())) + } + Some(0) => { + let root = RootArcs::try_from(self.oid.as_bytes()[0])?; + self.cursor = Some(1); + Ok(Some(root.second_arc())) + } + Some(offset) => { + let mut result = 0; + let mut arc_bytes = 0; + + loop { + let len = checked_add!(offset, arc_bytes); + + match self.oid.as_bytes().get(len).cloned() { + // The arithmetic below includes advance checks + // against `ARC_MAX_BYTES` and `ARC_MAX_LAST_OCTET` + // which ensure the operations will not overflow. + #[allow(clippy::integer_arithmetic)] + Some(byte) => { + arc_bytes = checked_add!(arc_bytes, 1); + + if (arc_bytes > ARC_MAX_BYTES) && (byte & ARC_MAX_LAST_OCTET != 0) { + return Err(Error::ArcTooBig); + } + + result = result << 7 | (byte & 0b1111111) as Arc; + + if byte & 0b10000000 == 0 { + self.cursor = Some(checked_add!(offset, arc_bytes)); + return Ok(Some(result)); + } + } + None => { + if arc_bytes == 0 { + return Ok(None); + } else { + return Err(Error::Base128); + } + } + } + } + } + } + } +} + +impl<'a> Iterator for Arcs<'a> { + type Item = Arc; + + fn next(&mut self) -> Option { + // ObjectIdentifier constructors should ensure the OID is well-formed + self.try_next().expect("OID malformed") + } +} + +/// Byte containing the first and second arcs of an OID. +/// +/// This is represented this way in order to reduce the overall size of the +/// [`ObjectIdentifier`] struct. +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +struct RootArcs(u8); + +impl RootArcs { + /// Create [`RootArcs`] from the first and second arc values represented + /// as `Arc` integers. + pub(crate) const fn new(first_arc: Arc, second_arc: Arc) -> Result { + if first_arc > ARC_MAX_FIRST { + return Err(Error::ArcInvalid { arc: first_arc }); + } + + if second_arc > ARC_MAX_SECOND { + return Err(Error::ArcInvalid { arc: second_arc }); + } + + // The checks above ensure this operation will not overflow + #[allow(clippy::integer_arithmetic)] + let byte = (first_arc * (ARC_MAX_SECOND + 1)) as u8 + second_arc as u8; + + Ok(Self(byte)) + } + + /// Get the value of the first arc + #[allow(clippy::integer_arithmetic)] + pub(crate) const fn first_arc(self) -> Arc { + self.0 as Arc / (ARC_MAX_SECOND + 1) + } + + /// Get the value of the second arc + #[allow(clippy::integer_arithmetic)] + pub(crate) const fn second_arc(self) -> Arc { + self.0 as Arc % (ARC_MAX_SECOND + 1) + } +} + +impl TryFrom for RootArcs { + type Error = Error; + + // Ensured not to overflow by constructor invariants + #[allow(clippy::integer_arithmetic)] + fn try_from(octet: u8) -> Result { + let first = octet as Arc / (ARC_MAX_SECOND + 1); + let second = octet as Arc % (ARC_MAX_SECOND + 1); + let result = Self::new(first, second)?; + debug_assert_eq!(octet, result.0); + Ok(result) + } +} + +impl From for u8 { + fn from(root_arcs: RootArcs) -> u8 { + root_arcs.0 + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/checked.rs b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/checked.rs new file mode 100644 index 000000000000..7ff16a2a7b33 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/checked.rs @@ -0,0 +1,11 @@ +//! Checked arithmetic helpers. + +/// `const fn`-friendly checked addition helper. +macro_rules! checked_add { + ($a:expr, $b:expr) => { + match $a.checked_add($b) { + Some(n) => n, + None => return Err(Error::Length), + } + }; +} diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/db.rs b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/db.rs new file mode 100644 index 000000000000..e4b7a47b4b95 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/db.rs @@ -0,0 +1,164 @@ +//! OID Names Database +//! +//! The contents of this database are generated from the official IANA +//! [Object Identifier Descriptors] Registry CSV file and from [RFC 5280]. +//! If we are missing values you care about, please contribute a patch to +//! `oiddbgen` (a subcrate in the source code) to generate the values from +//! the relevant standard. +//! +//! [RFC 5280]: https://datatracker.ietf.org/doc/html/rfc5280 +//! [Object Identifier Descriptors]: https://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml#ldap-parameters-3 + +#![allow(clippy::integer_arithmetic, missing_docs)] + +mod gen; + +pub use gen::*; + +use crate::{Error, ObjectIdentifier}; + +/// A const implementation of byte equals. +const fn eq(lhs: &[u8], rhs: &[u8]) -> bool { + if lhs.len() != rhs.len() { + return false; + } + + let mut i = 0usize; + while i < lhs.len() { + if lhs[i] != rhs[i] { + return false; + } + + i += 1; + } + + true +} + +/// A const implementation of case-insensitive ASCII equals. +const fn eq_case(lhs: &[u8], rhs: &[u8]) -> bool { + if lhs.len() != rhs.len() { + return false; + } + + let mut i = 0usize; + while i < lhs.len() { + if !lhs[i].eq_ignore_ascii_case(&rhs[i]) { + return false; + } + + i += 1; + } + + true +} + +/// A query interface for OIDs/Names. +#[derive(Copy, Clone)] +pub struct Database<'a>(&'a [(&'a ObjectIdentifier, &'a str)]); + +impl<'a> Database<'a> { + /// Looks up a name for an OID. + /// + /// Errors if the input is not a valid OID. + /// Returns the input if no name is found. + pub fn resolve<'b>(&self, oid: &'b str) -> Result<&'b str, Error> + where + 'a: 'b, + { + Ok(self.by_oid(&oid.parse()?).unwrap_or(oid)) + } + + /// Finds a named oid by its associated OID. + pub const fn by_oid(&self, oid: &ObjectIdentifier) -> Option<&'a str> { + let mut i = 0; + + while i < self.0.len() { + let lhs = self.0[i].0; + if lhs.length == oid.length && eq(&lhs.bytes, &oid.bytes) { + return Some(self.0[i].1); + } + + i += 1; + } + + None + } + + /// Finds a named oid by its associated name. + pub const fn by_name(&self, name: &str) -> Option<&'a ObjectIdentifier> { + let mut i = 0; + + while i < self.0.len() { + let lhs = self.0[i].1; + if eq_case(lhs.as_bytes(), name.as_bytes()) { + return Some(self.0[i].0); + } + + i += 1; + } + + None + } + + /// Return the list of matched name for the OID. + pub const fn find_names_for_oid(&self, oid: ObjectIdentifier) -> Names<'a> { + Names { + database: *self, + oid, + position: 0, + } + } +} + +/// Iterator returning the multiple names that may be associated with an OID. +pub struct Names<'a> { + database: Database<'a>, + oid: ObjectIdentifier, + position: usize, +} + +impl<'a> Iterator for Names<'a> { + type Item = &'a str; + + fn next(&mut self) -> Option<&'a str> { + let mut i = self.position; + + while i < self.database.0.len() { + let lhs = self.database.0[i].0; + + if lhs.as_bytes().eq(self.oid.as_bytes()) { + self.position = i + 1; + return Some(self.database.0[i].1); + } + + i += 1; + } + + None + } +} + +#[cfg(test)] +mod tests { + use crate::ObjectIdentifier; + + use super::rfc4519::CN; + + #[test] + fn by_oid() { + let cn = super::DB.by_oid(&CN).expect("cn not found"); + assert_eq!("cn", cn); + + let none = ObjectIdentifier::new_unwrap("0.1.2.3.4.5.6.7.8.9"); + assert_eq!(None, super::DB.by_oid(&none)); + } + + #[test] + fn by_name() { + let cn = super::DB.by_name("CN").expect("cn not found"); + assert_eq!(&CN, cn); + + assert_eq!(None, super::DB.by_name("purplePeopleEater")); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/db/gen.rs b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/db/gen.rs new file mode 100644 index 000000000000..9c603d824fc2 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/db/gen.rs @@ -0,0 +1,4248 @@ +#![doc = "!! DO NOT EDIT !!: This file is auto-generated by oiddbgen."] +pub mod rfc1274 { + pub const TEXT_ENCODED_OR_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.2"); + pub const OTHER_MAILBOX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.22"); + pub const LAST_MODIFIED_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.23"); + pub const LAST_MODIFIED_BY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.24"); + pub const A_RECORD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.26"); + pub const MD_RECORD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.27"); + pub const MX_RECORD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.28"); + pub const NS_RECORD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.29"); + pub const SOA_RECORD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.30"); + pub const CNAME_RECORD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.31"); + pub const JANET_MAILBOX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.46"); + pub const MAIL_PREFERENCE_OPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.47"); + pub const DSA_QUALITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.49"); + pub const SUBTREE_MINIMUM_QUALITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.51"); + pub const SUBTREE_MAXIMUM_QUALITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.52"); + pub const PERSONAL_SIGNATURE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.53"); + pub const DIT_REDIRECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.54"); + pub const AUDIO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.55"); + pub const PHOTO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.7"); + pub const DNS_DOMAIN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.15"); + pub const PILOT_ORGANIZATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.20"); + pub const PILOT_DSA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.21"); + pub const QUALITY_LABELLED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.22"); + pub const PILOT_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.3"); + pub const PILOT_PERSON: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.4"); +} +pub mod rfc2079 { + pub const LABELED_URI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.250.1.57"); + pub const LABELED_URI_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.250.3.15"); +} +pub mod rfc2164 { + pub const RFC_822_TO_X_400_MAPPING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.1.1"); + pub const X_400_TO_RFC_822_MAPPING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.1.2"); + pub const OMITTED_OR_ADDRESS_COMPONENT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.1.3"); + pub const MIXER_GATEWAY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.1.4"); + pub const ASSOCIATED_X_400_GATEWAY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.2.3"); + pub const ASSOCIATED_OR_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.2.6"); + pub const OR_ADDRESS_COMPONENT_TYPE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.2.7"); + pub const ASSOCIATED_INTERNET_GATEWAY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.2.8"); + pub const MCGAM_TABLES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.2.9"); +} +pub mod rfc2247 { + pub const DOMAIN_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.345"); +} +pub mod rfc2252 { + pub const PRESENTATION_ADDRESS_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.22"); + pub const PROTOCOL_INFORMATION_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.24"); +} +pub mod rfc2256 { + pub const KNOWLEDGE_INFORMATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.2"); + pub const PRESENTATION_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.29"); + pub const SUPPORTED_APPLICATION_CONTEXT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.30"); + pub const PROTOCOL_INFORMATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.48"); + pub const DMD_NAME: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.54"); + pub const STATE_OR_PROVINCE_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.8"); + pub const STREET_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.9"); + pub const APPLICATION_ENTITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.12"); + pub const DSA: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.13"); + pub const DMD: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.20"); +} +pub mod rfc2293 { + pub const SUBTREE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.1.1"); + pub const TABLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.1.2"); + pub const TABLE_ENTRY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.1.3"); + pub const TEXT_TABLE_ENTRY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.1.4"); + pub const DISTINGUISHED_NAME_TABLE_ENTRY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.1.5"); + pub const TEXT_TABLE_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.2.1"); + pub const TEXT_TABLE_VALUE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.2.2"); + pub const DISTINGUISHED_NAME_TABLE_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.453.7.2.3"); +} +pub mod rfc2589 { + pub const DYNAMIC_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.119.2"); + pub const ENTRY_TTL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.119.3"); + pub const DYNAMIC_SUBTREES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.119.4"); +} +pub mod rfc2739 { + pub const CAL_CAL_URI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113556.1.4.478"); + pub const CAL_FBURL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113556.1.4.479"); + pub const CAL_CAPURI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113556.1.4.480"); + pub const CAL_CAL_ADR_URI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113556.1.4.481"); + pub const CAL_OTHER_CAL_UR_IS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113556.1.4.482"); + pub const CAL_OTHER_FBUR_LS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113556.1.4.483"); + pub const CAL_OTHER_CAPUR_IS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113556.1.4.484"); + pub const CAL_OTHER_CAL_ADR_UR_IS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113556.1.4.485"); + pub const CAL_ENTRY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113556.1.5.87"); +} +pub mod rfc2798 { + pub const JPEG_PHOTO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.60"); + pub const CAR_LICENSE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.1.1"); + pub const DEPARTMENT_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.1.2"); + pub const USER_PKCS_12: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.1.216"); + pub const DISPLAY_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.1.241"); + pub const EMPLOYEE_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.1.3"); + pub const PREFERRED_LANGUAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.1.39"); + pub const EMPLOYEE_TYPE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.1.4"); + pub const USER_SMIME_CERTIFICATE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.1.40"); + pub const INET_ORG_PERSON: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.2.2"); +} +pub mod rfc3280 { + pub const EMAIL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.1"); + pub const EMAIL_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.1"); + pub const PSEUDONYM: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.65"); +} +pub mod rfc3296 { + pub const REF: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.1.34"); + pub const REFERRAL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113730.3.2.6"); +} +pub mod rfc3671 { + pub const COLLECTIVE_ATTRIBUTE_SUBENTRIES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.18.12"); + pub const COLLECTIVE_EXCLUSIONS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.18.7"); + pub const COLLECTIVE_ATTRIBUTE_SUBENTRY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.20.2"); + pub const C_O: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.10.1"); + pub const C_OU: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.11.1"); + pub const C_POSTAL_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.16.1"); + pub const C_POSTAL_CODE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.17.1"); + pub const C_POST_OFFICE_BOX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.18.1"); + pub const C_PHYSICAL_DELIVERY_OFFICE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.19.1"); + pub const C_TELEPHONE_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.20.1"); + pub const C_TELEX_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.21.1"); + pub const C_FACSIMILE_TELEPHONE_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.23.1"); + pub const C_INTERNATIONAL_ISDN_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.25.1"); + pub const C_L: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.7.1"); + pub const C_ST: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.8.1"); + pub const C_STREET: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.9.1"); +} +pub mod rfc3672 { + pub const SUBENTRY: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.17.0"); + pub const ADMINISTRATIVE_ROLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.18.5"); + pub const SUBTREE_SPECIFICATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.18.6"); + pub const AUTONOMOUS_AREA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.23.1"); + pub const ACCESS_CONTROL_SPECIFIC_AREA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.23.2"); + pub const ACCESS_CONTROL_INNER_AREA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.23.3"); + pub const SUBSCHEMA_ADMIN_SPECIFIC_AREA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.23.4"); + pub const COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.23.5"); + pub const COLLECTIVE_ATTRIBUTE_INNER_AREA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.23.6"); +} +pub mod rfc3687 { + pub const COMPONENT_FILTER_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.36.79672281.1.13.2"); + pub const RDN_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.36.79672281.1.13.3"); + pub const PRESENT_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.36.79672281.1.13.5"); + pub const ALL_COMPONENTS_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.36.79672281.1.13.6"); + pub const DIRECTORY_COMPONENTS_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.36.79672281.1.13.7"); +} +pub mod rfc3698 { + pub const STORED_PREFIX_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.41"); +} +pub mod rfc3703 { + pub const PCIM_POLICY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.1"); + pub const PCIM_RULE_ACTION_ASSOCIATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.10"); + pub const PCIM_CONDITION_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.11"); + pub const PCIM_TPC_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.12"); + pub const PCIM_CONDITION_VENDOR_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.13"); + pub const PCIM_ACTION_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.14"); + pub const PCIM_ACTION_VENDOR_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.15"); + pub const PCIM_POLICY_INSTANCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.16"); + pub const PCIM_ELEMENT_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.17"); + pub const PCIM_REPOSITORY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.18"); + pub const PCIM_REPOSITORY_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.19"); + pub const PCIM_GROUP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.2"); + pub const PCIM_REPOSITORY_INSTANCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.20"); + pub const PCIM_SUBTREES_PTR_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.21"); + pub const PCIM_GROUP_CONTAINMENT_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.22"); + pub const PCIM_RULE_CONTAINMENT_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.23"); + pub const PCIM_GROUP_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.3"); + pub const PCIM_GROUP_INSTANCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.4"); + pub const PCIM_RULE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.5"); + pub const PCIM_RULE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.6"); + pub const PCIM_RULE_INSTANCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.7"); + pub const PCIM_RULE_CONDITION_ASSOCIATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.8"); + pub const PCIM_RULE_VALIDITY_ASSOCIATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.1.9"); + pub const PCIM_RULE_VALIDITY_PERIOD_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.10"); + pub const PCIM_RULE_USAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.11"); + pub const PCIM_RULE_PRIORITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.12"); + pub const PCIM_RULE_MANDATORY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.13"); + pub const PCIM_RULE_SEQUENCED_ACTIONS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.14"); + pub const PCIM_ROLES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.15"); + pub const PCIM_CONDITION_GROUP_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.16"); + pub const PCIM_CONDITION_NEGATED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.17"); + pub const PCIM_CONDITION_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.18"); + pub const PCIM_CONDITION_DN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.19"); + pub const PCIM_VALIDITY_CONDITION_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.20"); + pub const PCIM_TIME_PERIOD_CONDITION_DN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.21"); + pub const PCIM_ACTION_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.22"); + pub const PCIM_ACTION_ORDER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.23"); + pub const PCIM_ACTION_DN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.24"); + pub const PCIM_TPC_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.25"); + pub const PCIM_TPC_MONTH_OF_YEAR_MASK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.26"); + pub const PCIM_TPC_DAY_OF_MONTH_MASK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.27"); + pub const PCIM_TPC_DAY_OF_WEEK_MASK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.28"); + pub const PCIM_TPC_TIME_OF_DAY_MASK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.29"); + pub const PCIM_KEYWORDS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.3"); + pub const PCIM_TPC_LOCAL_OR_UTC_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.30"); + pub const PCIM_VENDOR_CONSTRAINT_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.31"); + pub const PCIM_VENDOR_CONSTRAINT_ENCODING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.32"); + pub const PCIM_VENDOR_ACTION_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.33"); + pub const PCIM_VENDOR_ACTION_ENCODING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.34"); + pub const PCIM_POLICY_INSTANCE_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.35"); + pub const PCIM_REPOSITORY_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.36"); + pub const PCIM_SUBTREES_AUX_CONTAINED_SET: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.37"); + pub const PCIM_GROUPS_AUX_CONTAINED_SET: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.38"); + pub const PCIM_RULES_AUX_CONTAINED_SET: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.39"); + pub const PCIM_GROUP_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.4"); + pub const PCIM_RULE_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.5"); + pub const PCIM_RULE_ENABLED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.6"); + pub const PCIM_RULE_CONDITION_LIST_TYPE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.7"); + pub const PCIM_RULE_CONDITION_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.8"); + pub const PCIM_RULE_ACTION_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.6.2.9"); +} +pub mod rfc3712 { + pub const PRINTER_XRI_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1107"); + pub const PRINTER_ALIASES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1108"); + pub const PRINTER_CHARSET_CONFIGURED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1109"); + pub const PRINTER_JOB_PRIORITY_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1110"); + pub const PRINTER_JOB_K_OCTETS_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1111"); + pub const PRINTER_CURRENT_OPERATOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1112"); + pub const PRINTER_SERVICE_PERSON: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1113"); + pub const PRINTER_DELIVERY_ORIENTATION_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1114"); + pub const PRINTER_STACKING_ORDER_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1115"); + pub const PRINTER_OUTPUT_FEATURES_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1116"); + pub const PRINTER_MEDIA_LOCAL_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1117"); + pub const PRINTER_COPIES_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1118"); + pub const PRINTER_NATURAL_LANGUAGE_CONFIGURED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1119"); + pub const PRINTER_PRINT_QUALITY_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1120"); + pub const PRINTER_RESOLUTION_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1121"); + pub const PRINTER_MEDIA_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1122"); + pub const PRINTER_SIDES_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1123"); + pub const PRINTER_NUMBER_UP_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1124"); + pub const PRINTER_FINISHINGS_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1125"); + pub const PRINTER_PAGES_PER_MINUTE_COLOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1126"); + pub const PRINTER_PAGES_PER_MINUTE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1127"); + pub const PRINTER_COMPRESSION_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1128"); + pub const PRINTER_COLOR_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1129"); + pub const PRINTER_DOCUMENT_FORMAT_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1130"); + pub const PRINTER_CHARSET_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1131"); + pub const PRINTER_MULTIPLE_DOCUMENT_JOBS_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1132"); + pub const PRINTER_IPP_VERSIONS_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1133"); + pub const PRINTER_MORE_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1134"); + pub const PRINTER_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1135"); + pub const PRINTER_LOCATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1136"); + pub const PRINTER_GENERATED_NATURAL_LANGUAGE_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1137"); + pub const PRINTER_MAKE_AND_MODEL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1138"); + pub const PRINTER_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1139"); + pub const PRINTER_URI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.4.1140"); + pub const PRINTER_LPR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.6.253"); + pub const SLP_SERVICE_PRINTER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.6.254"); + pub const PRINTER_SERVICE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.6.255"); + pub const PRINTER_IPP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.6.256"); + pub const PRINTER_SERVICE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.6.257"); + pub const PRINTER_ABSTRACT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.6.258"); +} +pub mod rfc4104 { + pub const PCELS_POLICY_SET: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.1"); + pub const PCELS_ACTION_ASSOCIATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.10"); + pub const PCELS_SIMPLE_CONDITION_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.11"); + pub const PCELS_COMPOUND_CONDITION_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.12"); + pub const PCELS_COMPOUND_FILTER_CONDITION_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.13"); + pub const PCELS_SIMPLE_ACTION_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.14"); + pub const PCELS_COMPOUND_ACTION_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.15"); + pub const PCELS_VARIABLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.16"); + pub const PCELS_EXPLICIT_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.17"); + pub const PCELS_IMPLICIT_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.18"); + pub const PCELS_SOURCE_I_PV_4_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.19"); + pub const PCELS_POLICY_SET_ASSOCIATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.2"); + pub const PCELS_SOURCE_I_PV_6_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.20"); + pub const PCELS_DESTINATION_I_PV_4_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.21"); + pub const PCELS_DESTINATION_I_PV_6_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.22"); + pub const PCELS_SOURCE_PORT_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.23"); + pub const PCELS_DESTINATION_PORT_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.24"); + pub const PCELS_IP_PROTOCOL_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.25"); + pub const PCELS_IP_VERSION_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.26"); + pub const PCELS_IP_TO_S_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.27"); + pub const PCELS_DSCP_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.28"); + pub const PCELS_FLOW_ID_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.29"); + pub const PCELS_GROUP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.3"); + pub const PCELS_SOURCE_MAC_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.30"); + pub const PCELS_DESTINATION_MAC_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.31"); + pub const PCELS_VLAN_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.32"); + pub const PCELS_CO_S_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.33"); + pub const PCELS_ETHERTYPE_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.34"); + pub const PCELS_SOURCE_SAP_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.35"); + pub const PCELS_DESTINATION_SAP_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.36"); + pub const PCELS_SNAPOUI_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.37"); + pub const PCELS_SNAP_TYPE_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.38"); + pub const PCELS_FLOW_DIRECTION_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.39"); + pub const PCELS_GROUP_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.4"); + pub const PCELS_VALUE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.40"); + pub const PCELS_I_PV_4_ADDR_VALUE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.41"); + pub const PCELS_I_PV_6_ADDR_VALUE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.42"); + pub const PCELS_MAC_ADDR_VALUE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.43"); + pub const PCELS_STRING_VALUE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.44"); + pub const PCELS_BIT_STRING_VALUE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.45"); + pub const PCELS_INTEGER_VALUE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.46"); + pub const PCELS_BOOLEAN_VALUE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.47"); + pub const PCELS_REUSABLE_CONTAINER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.48"); + pub const PCELS_REUSABLE_CONTAINER_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.49"); + pub const PCELS_GROUP_INSTANCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.5"); + pub const PCELS_REUSABLE_CONTAINER_INSTANCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.50"); + pub const PCELS_ROLE_COLLECTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.51"); + pub const PCELS_FILTER_ENTRY_BASE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.52"); + pub const PCELS_IP_HEADERS_FILTER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.53"); + pub const PCELS_8021_FILTER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.54"); + pub const PCELS_FILTER_LIST_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.55"); + pub const PCELS_VENDOR_VARIABLE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.56"); + pub const PCELS_VENDOR_VALUE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.57"); + pub const PCELS_RULE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.6"); + pub const PCELS_RULE_AUX_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.7"); + pub const PCELS_RULE_INSTANCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.8"); + pub const PCELS_CONDITION_ASSOCIATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.1.9"); + pub const PCELS_POLICY_SET_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.1"); + pub const PCELS_EXECUTION_STRATEGY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.10"); + pub const PCELS_VARIABLE_DN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.11"); + pub const PCELS_VALUE_DN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.12"); + pub const PCELS_IS_MIRRORED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.13"); + pub const PCELS_VARIABLE_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.14"); + pub const PCELS_EXPECTED_VALUE_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.15"); + pub const PCELS_VARIABLE_MODEL_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.16"); + pub const PCELS_VARIABLE_MODEL_PROPERTY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.17"); + pub const PCELS_EXPECTED_VALUE_TYPES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.18"); + pub const PCELS_VALUE_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.19"); + pub const PCELS_DECISION_STRATEGY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.2"); + pub const PCELS_I_PV_4_ADDR_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.20"); + pub const PCELS_I_PV_6_ADDR_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.21"); + pub const PCELS_MAC_ADDR_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.22"); + pub const PCELS_STRING_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.23"); + pub const PCELS_BIT_STRING_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.24"); + pub const PCELS_INTEGER_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.25"); + pub const PCELS_BOOLEAN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.26"); + pub const PCELS_REUSABLE_CONTAINER_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.27"); + pub const PCELS_REUSABLE_CONTAINER_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.28"); + pub const PCELS_ROLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.29"); + pub const PCELS_POLICY_SET_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.3"); + pub const PCELS_ROLE_COLLECTION_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.30"); + pub const PCELS_ELEMENT_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.31"); + pub const PCELS_FILTER_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.32"); + pub const PCELS_FILTER_IS_NEGATED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.33"); + pub const PCELS_IP_HDR_VERSION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.34"); + pub const PCELS_IP_HDR_SOURCE_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.35"); + pub const PCELS_IP_HDR_SOURCE_ADDRESS_END_OF_RANGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.36"); + pub const PCELS_IP_HDR_SOURCE_MASK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.37"); + pub const PCELS_IP_HDR_DEST_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.38"); + pub const PCELS_IP_HDR_DEST_ADDRESS_END_OF_RANGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.39"); + pub const PCELS_PRIORITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.4"); + pub const PCELS_IP_HDR_DEST_MASK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.40"); + pub const PCELS_IP_HDR_PROTOCOL_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.41"); + pub const PCELS_IP_HDR_SOURCE_PORT_START: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.42"); + pub const PCELS_IP_HDR_SOURCE_PORT_END: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.43"); + pub const PCELS_IP_HDR_DEST_PORT_START: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.44"); + pub const PCELS_IP_HDR_DEST_PORT_END: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.45"); + pub const PCELS_IP_HDR_DSCP_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.46"); + pub const PCELS_IP_HDR_FLOW_LABEL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.47"); + pub const PCELS_8021_HDR_SOURCE_MAC_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.48"); + pub const PCELS_8021_HDR_SOURCE_MAC_MASK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.49"); + pub const PCELS_POLICY_SET_DN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.5"); + pub const PCELS_8021_HDR_DEST_MAC_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.50"); + pub const PCELS_8021_HDR_DEST_MAC_MASK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.51"); + pub const PCELS_8021_HDR_PROTOCOL_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.52"); + pub const PCELS_8021_HDR_PRIORITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.53"); + pub const PCELS_8021_HDR_VLANID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.54"); + pub const PCELS_FILTER_LIST_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.55"); + pub const PCELS_FILTER_DIRECTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.56"); + pub const PCELS_FILTER_ENTRY_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.57"); + pub const PCELS_VENDOR_VARIABLE_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.58"); + pub const PCELS_VENDOR_VARIABLE_ENCODING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.59"); + pub const PCELS_CONDITION_LIST_TYPE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.6"); + pub const PCELS_VENDOR_VALUE_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.60"); + pub const PCELS_VENDOR_VALUE_ENCODING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.61"); + pub const PCELS_RULE_VALIDITY_PERIOD_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.62"); + pub const PCELS_CONDITION_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.7"); + pub const PCELS_ACTION_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.8"); + pub const PCELS_SEQUENCED_ACTIONS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.9.2.9"); +} +pub mod rfc4237 { + pub const VPIM_USER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.1.1"); + pub const VPIM_TELEPHONE_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.1"); + pub const VPIM_SUB_MAILBOXES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.10"); + pub const VPIM_RFC_822_MAILBOX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.2"); + pub const VPIM_SPOKEN_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.3"); + pub const VPIM_SUPPORTED_UA_BEHAVIORS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.4"); + pub const VPIM_SUPPORTED_AUDIO_MEDIA_TYPES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.5"); + pub const VPIM_SUPPORTED_MESSAGE_CONTEXT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.6"); + pub const VPIM_TEXT_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.7"); + pub const VPIM_EXTENDED_ABSENCE_STATUS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.8"); + pub const VPIM_MAX_MESSAGE_SIZE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.11.2.9"); +} +pub mod rfc4403 { + pub const UDDIV_3_SERVICE_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.32"); + pub const UDDI_BUSINESS_ENTITY_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.1"); + pub const UDDIV_3_ENTITY_OBITUARY_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.10"); + pub const UDDI_CONTACT_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.2"); + pub const UDDI_ADDRESS_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.3"); + pub const UDDI_BUSINESS_SERVICE_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.4"); + pub const UDDI_BINDING_TEMPLATE_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.5"); + pub const UDDI_T_MODEL_INSTANCE_INFO_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.6"); + pub const UDDI_T_MODEL_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.7"); + pub const UDDI_PUBLISHER_ASSERTION_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.8"); + pub const UDDIV_3_SUBSCRIPTION_NAME_FORM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.15.9"); + pub const UDDI_BUSINESS_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.1"); + pub const UDDI_E_MAIL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.10"); + pub const UDDI_SORT_CODE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.11"); + pub const UDDI_T_MODEL_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.12"); + pub const UDDI_ADDRESS_LINE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.13"); + pub const UDDI_IDENTIFIER_BAG: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.14"); + pub const UDDI_CATEGORY_BAG: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.15"); + pub const UDDI_KEYED_REFERENCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.16"); + pub const UDDI_SERVICE_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.17"); + pub const UDDI_BINDING_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.18"); + pub const UDDI_ACCESS_POINT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.19"); + pub const UDDI_AUTHORIZED_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.2"); + pub const UDDI_HOSTING_REDIRECTOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.20"); + pub const UDDI_INSTANCE_DESCRIPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.21"); + pub const UDDI_INSTANCE_PARMS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.22"); + pub const UDDI_OVERVIEW_DESCRIPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.23"); + pub const UDDI_OVERVIEW_URL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.24"); + pub const UDDI_FROM_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.25"); + pub const UDDI_TO_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.26"); + pub const UDDI_UUID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.27"); + pub const UDDI_IS_HIDDEN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.28"); + pub const UDDI_IS_PROJECTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.29"); + pub const UDDI_OPERATOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.3"); + pub const UDDI_LANG: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.30"); + pub const UDDIV_3_BUSINESS_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.31"); + pub const UDDIV_3_BINDING_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.33"); + pub const UDDIV_3_TMODEL_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.34"); + pub const UDDIV_3_DIGITAL_SIGNATURE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.35"); + pub const UDDIV_3_NODE_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.36"); + pub const UDDIV_3_ENTITY_MODIFICATION_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.37"); + pub const UDDIV_3_SUBSCRIPTION_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.38"); + pub const UDDIV_3_SUBSCRIPTION_FILTER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.39"); + pub const UDDI_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.4"); + pub const UDDIV_3_NOTIFICATION_INTERVAL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.40"); + pub const UDDIV_3_MAX_ENTITIES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.41"); + pub const UDDIV_3_EXPIRES_AFTER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.42"); + pub const UDDIV_3_BRIEF_RESPONSE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.43"); + pub const UDDIV_3_ENTITY_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.44"); + pub const UDDIV_3_ENTITY_CREATION_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.45"); + pub const UDDIV_3_ENTITY_DELETION_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.46"); + pub const UDDI_DESCRIPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.5"); + pub const UDDI_DISCOVERY_UR_LS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.6"); + pub const UDDI_USE_TYPE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.7"); + pub const UDDI_PERSON_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.8"); + pub const UDDI_PHONE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.4.9"); + pub const UDDI_BUSINESS_ENTITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.1"); + pub const UDDIV_3_ENTITY_OBITUARY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.10"); + pub const UDDI_CONTACT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.2"); + pub const UDDI_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.3"); + pub const UDDI_BUSINESS_SERVICE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.4"); + pub const UDDI_BINDING_TEMPLATE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.5"); + pub const UDDI_T_MODEL_INSTANCE_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.6"); + pub const UDDI_T_MODEL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.7"); + pub const UDDI_PUBLISHER_ASSERTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.8"); + pub const UDDIV_3_SUBSCRIPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.10.6.9"); +} +pub mod rfc4512 { + pub const EXTENSIBLE_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.120.111"); + pub const SUPPORTED_CONTROL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.120.13"); + pub const SUPPORTED_SASL_MECHANISMS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.120.14"); + pub const SUPPORTED_LDAP_VERSION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.120.15"); + pub const LDAP_SYNTAXES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.120.16"); + pub const NAMING_CONTEXTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.120.5"); + pub const ALT_SERVER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.120.6"); + pub const SUPPORTED_EXTENSION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.101.120.7"); + pub const SUPPORTED_FEATURES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.4203.1.3.5"); + pub const CREATE_TIMESTAMP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.18.1"); + pub const SUBSCHEMA_SUBENTRY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.18.10"); + pub const MODIFY_TIMESTAMP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.18.2"); + pub const CREATORS_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.18.3"); + pub const MODIFIERS_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.18.4"); + pub const SUBSCHEMA: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.20.1"); + pub const DIT_STRUCTURE_RULES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.21.1"); + pub const GOVERNING_STRUCTURE_RULE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.21.10"); + pub const DIT_CONTENT_RULES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.21.2"); + pub const MATCHING_RULES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.21.4"); + pub const ATTRIBUTE_TYPES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.21.5"); + pub const OBJECT_CLASSES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.21.6"); + pub const NAME_FORMS: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.21.7"); + pub const MATCHING_RULE_USE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.21.8"); + pub const STRUCTURAL_OBJECT_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.21.9"); + pub const OBJECT_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.0"); + pub const ALIASED_OBJECT_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.1"); + pub const TOP: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.0"); + pub const ALIAS: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.1"); +} +pub mod rfc4517 { + pub const CASE_EXACT_IA_5_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.109.114.1"); + pub const CASE_IGNORE_IA_5_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.109.114.2"); + pub const CASE_IGNORE_IA_5_SUBSTRINGS_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.109.114.3"); + pub const OBJECT_IDENTIFIER_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.0"); + pub const DISTINGUISHED_NAME_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.1"); + pub const NUMERIC_STRING_SUBSTRINGS_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.10"); + pub const CASE_IGNORE_LIST_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.11"); + pub const CASE_IGNORE_LIST_SUBSTRINGS_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.12"); + pub const BOOLEAN_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.13"); + pub const INTEGER_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.14"); + pub const INTEGER_ORDERING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.15"); + pub const BIT_STRING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.16"); + pub const OCTET_STRING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.17"); + pub const OCTET_STRING_ORDERING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.18"); + pub const CASE_IGNORE_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.2"); + pub const TELEPHONE_NUMBER_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.20"); + pub const TELEPHONE_NUMBER_SUBSTRINGS_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.21"); + pub const UNIQUE_MEMBER_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.23"); + pub const GENERALIZED_TIME_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.27"); + pub const GENERALIZED_TIME_ORDERING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.28"); + pub const INTEGER_FIRST_COMPONENT_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.29"); + pub const CASE_IGNORE_ORDERING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.3"); + pub const OBJECT_IDENTIFIER_FIRST_COMPONENT_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.30"); + pub const DIRECTORY_STRING_FIRST_COMPONENT_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.31"); + pub const WORD_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.32"); + pub const KEYWORD_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.33"); + pub const CASE_IGNORE_SUBSTRINGS_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.4"); + pub const CASE_EXACT_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.5"); + pub const CASE_EXACT_ORDERING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.6"); + pub const CASE_EXACT_SUBSTRINGS_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.7"); + pub const NUMERIC_STRING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.8"); + pub const NUMERIC_STRING_ORDERING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.9"); +} +pub mod rfc4519 { + pub const UID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.1"); + pub const USER_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.1"); + pub const DC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.25"); + pub const DOMAIN_COMPONENT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.25"); + pub const UID_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.3.1"); + pub const DC_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.1466.344"); + pub const O: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.10"); + pub const ORGANIZATION_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.10"); + pub const OU: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.11"); + pub const ORGANIZATIONAL_UNIT_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.11"); + pub const TITLE: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.12"); + pub const DESCRIPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.13"); + pub const SEARCH_GUIDE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.14"); + pub const BUSINESS_CATEGORY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.15"); + pub const POSTAL_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.16"); + pub const POSTAL_CODE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.17"); + pub const POST_OFFICE_BOX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.18"); + pub const PHYSICAL_DELIVERY_OFFICE_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.19"); + pub const TELEPHONE_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.20"); + pub const TELEX_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.21"); + pub const TELETEX_TERMINAL_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.22"); + pub const FACSIMILE_TELEPHONE_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.23"); + pub const X_121_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.24"); + pub const INTERNATIONALI_SDN_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.25"); + pub const REGISTERED_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.26"); + pub const DESTINATION_INDICATOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.27"); + pub const PREFERRED_DELIVERY_METHOD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.28"); + pub const CN: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.3"); + pub const COMMON_NAME: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.3"); + pub const MEMBER: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.31"); + pub const OWNER: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.32"); + pub const ROLE_OCCUPANT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.33"); + pub const SEE_ALSO: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.34"); + pub const USER_PASSWORD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.35"); + pub const SN: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.4"); + pub const SURNAME: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.4"); + pub const NAME: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.41"); + pub const GIVEN_NAME: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.42"); + pub const INITIALS: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.43"); + pub const GENERATION_QUALIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.44"); + pub const X_500_UNIQUE_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.45"); + pub const DN_QUALIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.46"); + pub const ENHANCED_SEARCH_GUIDE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.47"); + pub const DISTINGUISHED_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.49"); + pub const SERIAL_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.5"); + pub const UNIQUE_MEMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.50"); + pub const HOUSE_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.51"); + pub const C: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.6"); + pub const COUNTRY_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.6"); + pub const L: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.7"); + pub const LOCALITY_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.7"); + pub const ST: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.8"); + pub const STREET: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.9"); + pub const RESIDENTIAL_PERSON: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.10"); + pub const APPLICATION_PROCESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.11"); + pub const DEVICE: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.14"); + pub const GROUP_OF_UNIQUE_NAMES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.17"); + pub const COUNTRY: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.2"); + pub const LOCALITY: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.3"); + pub const ORGANIZATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.4"); + pub const ORGANIZATIONAL_UNIT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.5"); + pub const PERSON: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.6"); + pub const ORGANIZATIONAL_PERSON: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.7"); + pub const ORGANIZATIONAL_ROLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.8"); + pub const GROUP_OF_NAMES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.9"); +} +pub mod rfc4523 { + pub const CERTIFICATE_EXACT_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.34"); + pub const CERTIFICATE_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.35"); + pub const CERTIFICATE_PAIR_EXACT_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.36"); + pub const CERTIFICATE_PAIR_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.37"); + pub const CERTIFICATE_LIST_EXACT_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.38"); + pub const CERTIFICATE_LIST_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.39"); + pub const ALGORITHM_IDENTIFIER_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.13.40"); + pub const USER_CERTIFICATE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.36"); + pub const CA_CERTIFICATE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.37"); + pub const AUTHORITY_REVOCATION_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.38"); + pub const CERTIFICATE_REVOCATION_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.39"); + pub const CROSS_CERTIFICATE_PAIR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.40"); + pub const SUPPORTED_ALGORITHMS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.52"); + pub const DELTA_REVOCATION_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.4.53"); + pub const STRONG_AUTHENTICATION_USER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.15"); + pub const CERTIFICATION_AUTHORITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.16"); + pub const CERTIFICATION_AUTHORITY_V_2: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.16.2"); + pub const USER_SECURITY_INFORMATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.18"); + pub const CRL_DISTRIBUTION_POINT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.6.19"); + pub const PKI_USER: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.21"); + pub const PKI_CA: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.22"); + pub const DELTA_CRL: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.6.23"); +} +pub mod rfc4524 { + pub const MANAGER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.10"); + pub const DOCUMENT_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.11"); + pub const DOCUMENT_TITLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.12"); + pub const DOCUMENT_VERSION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.13"); + pub const DOCUMENT_AUTHOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.14"); + pub const DOCUMENT_LOCATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.15"); + pub const HOME_PHONE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.20"); + pub const HOME_TELEPHONE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.20"); + pub const SECRETARY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.21"); + pub const MAIL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.3"); + pub const RFC_822_MAILBOX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.3"); + pub const ASSOCIATED_DOMAIN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.37"); + pub const ASSOCIATED_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.38"); + pub const HOME_POSTAL_ADDRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.39"); + pub const INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.4"); + pub const PERSONAL_TITLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.40"); + pub const MOBILE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.41"); + pub const MOBILE_TELEPHONE_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.41"); + pub const PAGER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.42"); + pub const PAGER_TELEPHONE_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.42"); + pub const CO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.43"); + pub const FRIENDLY_COUNTRY_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.43"); + pub const UNIQUE_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.44"); + pub const ORGANIZATIONAL_STATUS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.45"); + pub const BUILDING_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.48"); + pub const DRINK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.5"); + pub const FAVOURITE_DRINK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.5"); + pub const SINGLE_LEVEL_QUALITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.50"); + pub const DOCUMENT_PUBLISHER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.56"); + pub const ROOM_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.6"); + pub const USER_CLASS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.8"); + pub const HOST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.9"); + pub const DOMAIN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.13"); + pub const RFC_822_LOCAL_PART: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.14"); + pub const DOMAIN_RELATED_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.17"); + pub const FRIENDLY_COUNTRY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.18"); + pub const SIMPLE_SECURITY_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.19"); + pub const ACCOUNT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.5"); + pub const DOCUMENT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.6"); + pub const ROOM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.7"); + pub const DOCUMENT_SERIES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.4.8"); +} +pub mod rfc4530 { + pub const UUID_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.16.2"); + pub const UUID_ORDERING_MATCH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.16.3"); + pub const ENTRY_UUID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.16.4"); +} +pub mod rfc4876 { + pub const DEFAULT_SERVER_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.0"); + pub const DEFAULT_SEARCH_BASE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.1"); + pub const CREDENTIAL_LEVEL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.10"); + pub const OBJECTCLASS_MAP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.11"); + pub const DEFAULT_SEARCH_SCOPE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.12"); + pub const SERVICE_CREDENTIAL_LEVEL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.13"); + pub const SERVICE_SEARCH_DESCRIPTOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.14"); + pub const SERVICE_AUTHENTICATION_METHOD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.15"); + pub const DEREFERENCE_ALIASES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.16"); + pub const PREFERRED_SERVER_LIST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.2"); + pub const SEARCH_TIME_LIMIT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.3"); + pub const BIND_TIME_LIMIT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.4"); + pub const FOLLOW_REFERRALS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.5"); + pub const AUTHENTICATION_METHOD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.6"); + pub const PROFILE_TTL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.7"); + pub const ATTRIBUTE_MAP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.1.9"); + pub const DUA_CONFIG_PROFILE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11.1.3.1.2.5"); +} +pub mod rfc5020 { + pub const ENTRY_DN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.20"); +} +pub mod rfc5280 { + pub const PKCS_9: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9"); + pub const ID_PKIX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7"); + pub const ID_PE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1"); + pub const ID_PE_AUTHORITY_INFO_ACCESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1.1"); + pub const ID_PE_SUBJECT_INFO_ACCESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1.11"); + pub const ID_QT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.2"); + pub const ID_QT_CPS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.2.1"); + pub const ID_QT_UNOTICE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.2.2"); + pub const ID_KP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3"); + pub const ID_KP_SERVER_AUTH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.1"); + pub const ID_KP_CLIENT_AUTH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.2"); + pub const ID_KP_CODE_SIGNING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.3"); + pub const ID_KP_EMAIL_PROTECTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.4"); + pub const ID_KP_TIME_STAMPING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.8"); + pub const ID_KP_OCSP_SIGNING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.9"); + pub const ID_AD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48"); + pub const ID_AD_OCSP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1"); + pub const ID_AD_CA_ISSUERS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.2"); + pub const ID_AD_TIME_STAMPING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.3"); + pub const ID_AD_CA_REPOSITORY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.5"); + pub const HOLD_INSTRUCTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.2.840.10040.2"); + pub const ID_HOLDINSTRUCTION_NONE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.2.840.10040.2.1"); + pub const ID_HOLDINSTRUCTION_CALLISSUER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.2.840.10040.2.2"); + pub const ID_HOLDINSTRUCTION_REJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.2.840.10040.2.3"); + pub const ID_CE: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.29"); + pub const ID_CE_SUBJECT_KEY_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.14"); + pub const ID_CE_KEY_USAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.15"); + pub const ID_CE_PRIVATE_KEY_USAGE_PERIOD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.16"); + pub const ID_CE_SUBJECT_ALT_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.17"); + pub const ID_CE_ISSUER_ALT_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.18"); + pub const ID_CE_BASIC_CONSTRAINTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.19"); + pub const ID_CE_CRL_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.20"); + pub const ID_CE_CRL_REASONS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.21"); + pub const ID_CE_HOLD_INSTRUCTION_CODE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.23"); + pub const ID_CE_INVALIDITY_DATE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.24"); + pub const ID_CE_DELTA_CRL_INDICATOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.27"); + pub const ID_CE_ISSUING_DISTRIBUTION_POINT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.28"); + pub const ID_CE_CERTIFICATE_ISSUER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.29"); + pub const ID_CE_NAME_CONSTRAINTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.30"); + pub const ID_CE_CRL_DISTRIBUTION_POINTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.31"); + pub const ID_CE_CERTIFICATE_POLICIES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.32"); + pub const ANY_POLICY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.32.0"); + pub const ID_CE_POLICY_MAPPINGS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.33"); + pub const ID_CE_AUTHORITY_KEY_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.35"); + pub const ID_CE_POLICY_CONSTRAINTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.36"); + pub const ID_CE_EXT_KEY_USAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.37"); + pub const ANY_EXTENDED_KEY_USAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.37.0"); + pub const ID_CE_FRESHEST_CRL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.46"); + pub const ID_CE_INHIBIT_ANY_POLICY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.54"); + pub const ID_CE_SUBJECT_DIRECTORY_ATTRIBUTES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.9"); + pub const ID_AT: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4"); +} +pub mod rfc5911 { + pub const ID_PBKDF_2: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.5.12"); + pub const ID_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.1"); + pub const ID_SIGNED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.2"); + pub const ID_ENVELOPED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.3"); + pub const ID_DIGESTED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.5"); + pub const ID_ENCRYPTED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.6"); + pub const SMIME_CAPABILITIES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.15"); + pub const ID_SMIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16"); + pub const ID_CT_RECEIPT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.1"); + pub const ID_CT_FIRMWARE_PACKAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.16"); + pub const ID_CT_FIRMWARE_LOAD_RECEIPT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.17"); + pub const ID_CT_FIRMWARE_LOAD_ERROR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.18"); + pub const ID_CT_AUTH_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.2"); + pub const ID_CT_AUTH_ENVELOPED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.23"); + pub const ID_CT_CONTENT_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.6"); + pub const ID_CAP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.11"); + pub const ID_CAP_PREFER_BINARY_INSIDE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.11.1"); + pub const ID_AA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2"); + pub const ID_AA_RECEIPT_REQUEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.1"); + pub const ID_AA_CONTENT_REFERENCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.10"); + pub const ID_AA_ENCRYP_KEY_PREF: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.11"); + pub const ID_AA_SIGNING_CERTIFICATE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.12"); + pub const ID_AA_SECURITY_LABEL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.2"); + pub const ID_AA_ML_EXPAND_HISTORY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.3"); + pub const ID_AA_FIRMWARE_PACKAGE_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.35"); + pub const ID_AA_TARGET_HARDWARE_I_DS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.36"); + pub const ID_AA_DECRYPT_KEY_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.37"); + pub const ID_AA_IMPL_CRYPTO_ALGS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.38"); + pub const ID_AA_WRAPPED_FIRMWARE_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.39"); + pub const ID_AA_CONTENT_HINT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.4"); + pub const ID_AA_COMMUNITY_IDENTIFIERS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.40"); + pub const ID_AA_FIRMWARE_PACKAGE_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.42"); + pub const ID_AA_IMPL_COMPRESS_ALGS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.43"); + pub const ID_AA_SIGNING_CERTIFICATE_V_2: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.47"); + pub const ID_AA_ER_INTERNAL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.49"); + pub const ID_AA_MSG_SIG_DIGEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.5"); + pub const ID_AA_ER_EXTERNAL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.50"); + pub const ID_AA_CONTENT_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.7"); + pub const ID_AA_EQUIVALENT_LABELS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.9"); + pub const ID_ALG_SSDH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.3.10"); + pub const ID_ALG_ESDH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.3.5"); + pub const ID_ALG_CMS_3_DE_SWRAP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.3.6"); + pub const ID_ALG_CMSRC_2_WRAP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.3.7"); + pub const ID_SKD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8"); + pub const ID_SKD_GL_USE_KEK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.1"); + pub const ID_SKD_GLA_QUERY_REQUEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.11"); + pub const ID_SKD_GLA_QUERY_RESPONSE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.12"); + pub const ID_SKD_GL_PROVIDE_CERT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.13"); + pub const ID_SKD_GL_MANAGE_CERT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.14"); + pub const ID_SKD_GL_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.15"); + pub const ID_SKD_GL_DELETE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.2"); + pub const ID_SKD_GL_ADD_MEMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.3"); + pub const ID_SKD_GL_DELETE_MEMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.4"); + pub const ID_SKD_GL_REKEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.5"); + pub const ID_SKD_GL_ADD_OWNER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.6"); + pub const ID_SKD_GL_REMOVE_OWNER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.7"); + pub const ID_SKD_GL_KEY_COMPROMISE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.8"); + pub const ID_SKD_GLK_REFRESH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8.9"); + pub const ID_CONTENT_TYPE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.3"); + pub const ID_MESSAGE_DIGEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.4"); + pub const ID_SIGNING_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.5"); + pub const ID_COUNTERSIGNATURE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.6"); + pub const RC_2_CBC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.3.2"); + pub const DES_EDE_3_CBC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.3.7"); + pub const LTANS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.11"); + pub const ID_CET_SKD_FAIL_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.15.1"); + pub const ID_CMC_GLA_RR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.99"); + pub const ID_CMC_GLA_SKD_ALG_REQUEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.99.1"); + pub const ID_CMC_GLA_SKD_ALG_RESPONSE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.99.2"); + pub const ID_ON_HARDWARE_MODULE_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.8.4"); + pub const HMAC_SHA_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.8.1.2"); + pub const AES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1"); + pub const ID_AES_128_CBC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.2"); + pub const ID_AES_192_CBC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.22"); + pub const ID_AES_192_WRAP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.25"); + pub const ID_AES_192_GCM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.26"); + pub const ID_AES_192_CCM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.27"); + pub const ID_AES_256_CBC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.42"); + pub const ID_AES_256_WRAP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.45"); + pub const ID_AES_256_GCM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.46"); + pub const ID_AES_256_CCM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.47"); + pub const ID_AES_128_WRAP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.5"); + pub const ID_AES_128_GCM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.6"); + pub const ID_AES_128_CCM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.1.7"); +} +pub mod rfc5912 { + pub const ID_DSA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.10040.4.1"); + pub const DSA_WITH_SHA_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.10040.4.3"); + pub const ID_EC_PUBLIC_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.10045.2.1"); + pub const SECP_256_R_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.10045.3.1.7"); + pub const ECDSA_WITH_SHA_224: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.10045.4.3.1"); + pub const ECDSA_WITH_SHA_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.10045.4.3.2"); + pub const ECDSA_WITH_SHA_384: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.10045.4.3.3"); + pub const ECDSA_WITH_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.10045.4.3.4"); + pub const DHPUBLICNUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.10046.2.1"); + pub const ID_PASSWORD_BASED_MAC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113533.7.66.13"); + pub const ID_DH_BASED_MAC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113533.7.66.30"); + pub const PKCS_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1"); + pub const RSA_ENCRYPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1"); + pub const ID_RSASSA_PSS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.10"); + pub const SHA_256_WITH_RSA_ENCRYPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.11"); + pub const SHA_384_WITH_RSA_ENCRYPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.12"); + pub const SHA_512_WITH_RSA_ENCRYPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.13"); + pub const SHA_224_WITH_RSA_ENCRYPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.14"); + pub const MD_2_WITH_RSA_ENCRYPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.2"); + pub const MD_5_WITH_RSA_ENCRYPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.4"); + pub const SHA_1_WITH_RSA_ENCRYPTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.5"); + pub const ID_RSAES_OAEP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.7"); + pub const ID_MGF_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.8"); + pub const ID_P_SPECIFIED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.9"); + pub const PKCS_9: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9"); + pub const ID_EXTENSION_REQ: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.14"); + pub const ID_SMIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16"); + pub const ID_CT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1"); + pub const ID_CT_SCVP_CERT_VAL_REQUEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.10"); + pub const ID_CT_SCVP_CERT_VAL_RESPONSE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.11"); + pub const ID_CT_SCVP_VAL_POL_REQUEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.12"); + pub const ID_CT_SCVP_VAL_POL_RESPONSE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.13"); + pub const ID_CT_ENC_KEY_WITH_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.21"); + pub const ID_AA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2"); + pub const ID_AA_CMC_UNSIGNED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.34"); + pub const ID_MD_2: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.2.2"); + pub const ID_MD_5: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.2.5"); + pub const SECT_163_K_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.1"); + pub const SECT_163_R_2: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.15"); + pub const SECT_283_K_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.16"); + pub const SECT_283_R_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.17"); + pub const SECT_233_K_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.26"); + pub const SECT_233_R_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.27"); + pub const SECP_224_R_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.33"); + pub const SECP_384_R_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.34"); + pub const SECP_521_R_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.35"); + pub const SECT_409_K_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.36"); + pub const SECT_409_R_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.37"); + pub const SECT_571_K_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.38"); + pub const SECT_571_R_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.0.39"); + pub const ID_EC_DH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.1.12"); + pub const ID_EC_MQV: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.132.1.13"); + pub const ID_SHA_1: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.14.3.2.26"); + pub const ID_PKIX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7"); + pub const ID_PE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1"); + pub const ID_PE_AUTHORITY_INFO_ACCESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1.1"); + pub const ID_PE_AC_PROXYING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1.10"); + pub const ID_PE_SUBJECT_INFO_ACCESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1.11"); + pub const ID_PE_AC_AUDIT_IDENTITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1.4"); + pub const ID_PE_AA_CONTROLS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1.6"); + pub const ID_ACA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.10"); + pub const ID_ACA_AUTHENTICATION_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.10.1"); + pub const ID_ACA_ACCESS_IDENTITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.10.2"); + pub const ID_ACA_CHARGING_IDENTITY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.10.3"); + pub const ID_ACA_GROUP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.10.4"); + pub const ID_ACA_ENC_ATTRS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.10.6"); + pub const ID_CCT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.12"); + pub const ID_CCT_PKI_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.12.2"); + pub const ID_CCT_PKI_RESPONSE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.12.3"); + pub const ID_STC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.17"); + pub const ID_STC_BUILD_PKC_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.17.1"); + pub const ID_STC_BUILD_VALID_PKC_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.17.2"); + pub const ID_STC_BUILD_STATUS_CHECKED_PKC_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.17.3"); + pub const ID_STC_BUILD_AA_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.17.4"); + pub const ID_STC_BUILD_VALID_AA_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.17.5"); + pub const ID_STC_BUILD_STATUS_CHECKED_AA_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.17.6"); + pub const ID_STC_STATUS_CHECK_AC_AND_BUILD_STATUS_CHECKED_AA_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.17.7"); + pub const ID_SWB: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18"); + pub const ID_SWB_PKC_BEST_CERT_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.1"); + pub const ID_SWB_PKC_CERT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.10"); + pub const ID_SWB_AC_CERT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.11"); + pub const ID_SWB_PKC_ALL_CERT_PATHS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.12"); + pub const ID_SWB_PKC_EE_REVOCATION_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.13"); + pub const ID_SWB_PKC_C_AS_REVOCATION_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.14"); + pub const ID_SWB_PKC_REVOCATION_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.2"); + pub const ID_SWB_PKC_PUBLIC_KEY_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.4"); + pub const ID_SWB_AA_CERT_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.5"); + pub const ID_SWB_AA_REVOCATION_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.6"); + pub const ID_SWB_AC_REVOCATION_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.7"); + pub const ID_SWB_RELAYED_RESPONSES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18.9"); + pub const ID_SVP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19"); + pub const ID_SVP_DEFAULT_VAL_POLICY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19.1"); + pub const ID_SVP_NAME_VAL_ALG: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19.2"); + pub const ID_SVP_BASIC_VAL_ALG: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19.3"); + pub const NAME_COMP_ALG_SET: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19.4"); + pub const ID_NVA_DN_COMP_ALG: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19.4"); + pub const ID_QT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.2"); + pub const ID_QT_CPS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.2.1"); + pub const ID_QT_UNOTICE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.2.2"); + pub const ID_KP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3"); + pub const ID_KP_SERVER_AUTH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.1"); + pub const ID_KP_SCVP_SERVER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.15"); + pub const ID_KP_SCVP_CLIENT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.16"); + pub const ID_KP_CLIENT_AUTH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.2"); + pub const ID_KP_CODE_SIGNING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.3"); + pub const ID_KP_EMAIL_PROTECTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.4"); + pub const ID_KP_TIME_STAMPING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.8"); + pub const ID_KP_OCSP_SIGNING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.9"); + pub const ID_IT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4"); + pub const ID_IT_CA_PROT_ENC_CERT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.1"); + pub const ID_IT_KEY_PAIR_PARAM_REQ: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.10"); + pub const ID_IT_KEY_PAIR_PARAM_REP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.11"); + pub const ID_IT_REV_PASSPHRASE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.12"); + pub const ID_IT_IMPLICIT_CONFIRM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.13"); + pub const ID_IT_CONFIRM_WAIT_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.14"); + pub const ID_IT_ORIG_PKI_MESSAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.15"); + pub const ID_IT_SUPP_LANG_TAGS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.16"); + pub const ID_IT_SIGN_KEY_PAIR_TYPES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.2"); + pub const ID_IT_ENC_KEY_PAIR_TYPES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.3"); + pub const ID_IT_PREFERRED_SYMM_ALG: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.4"); + pub const ID_IT_CA_KEY_UPDATE_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.5"); + pub const ID_IT_CURRENT_CRL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.6"); + pub const ID_IT_UNSUPPORTED_OI_DS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4.7"); + pub const ID_AD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48"); + pub const ID_AD_OCSP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1"); + pub const ID_AD_CA_ISSUERS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.2"); + pub const ID_AD_TIME_STAMPING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.3"); + pub const ID_AD_CA_REPOSITORY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.5"); + pub const ID_PKIP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5"); + pub const ID_REG_CTRL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.1"); + pub const ID_REG_CTRL_REG_TOKEN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.1.1"); + pub const ID_REG_CTRL_AUTHENTICATOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.1.2"); + pub const ID_REG_CTRL_PKI_PUBLICATION_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.1.3"); + pub const ID_REG_CTRL_PKI_ARCHIVE_OPTIONS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.1.4"); + pub const ID_REG_CTRL_OLD_CERT_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.1.5"); + pub const ID_REG_CTRL_PROTOCOL_ENCR_KEY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.1.6"); + pub const ID_REG_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.2"); + pub const ID_REG_INFO_UTF_8_PAIRS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.2.1"); + pub const ID_REG_INFO_CERT_REQ: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.2.2"); + pub const ID_ALG_NO_SIGNATURE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.6.2"); + pub const ID_CMC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7"); + pub const ID_CMC_STATUS_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.1"); + pub const ID_CMC_DECRYPTED_POP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.10"); + pub const ID_CMC_LRA_POP_WITNESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.11"); + pub const ID_CMC_GET_CERT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.15"); + pub const ID_CMC_GET_CRL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.16"); + pub const ID_CMC_REVOKE_REQUEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.17"); + pub const ID_CMC_REG_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.18"); + pub const ID_CMC_RESPONSE_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.19"); + pub const ID_CMC_IDENTIFICATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.2"); + pub const ID_CMC_QUERY_PENDING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.21"); + pub const ID_CMC_POP_LINK_RANDOM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.22"); + pub const ID_CMC_POP_LINK_WITNESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.23"); + pub const ID_CMC_CONFIRM_CERT_ACCEPTANCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.24"); + pub const ID_CMC_STATUS_INFO_V_2: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.25"); + pub const ID_CMC_TRUSTED_ANCHORS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.26"); + pub const ID_CMC_AUTH_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.27"); + pub const ID_CMC_BATCH_REQUESTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.28"); + pub const ID_CMC_BATCH_RESPONSES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.29"); + pub const ID_CMC_IDENTITY_PROOF: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.3"); + pub const ID_CMC_PUBLISH_CERT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.30"); + pub const ID_CMC_MOD_CERT_TEMPLATE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.31"); + pub const ID_CMC_CONTROL_PROCESSED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.32"); + pub const ID_CMC_IDENTITY_PROOF_V_2: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.33"); + pub const ID_CMC_POP_LINK_WITNESS_V_2: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.34"); + pub const ID_CMC_DATA_RETURN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.4"); + pub const ID_CMC_TRANSACTION_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.5"); + pub const ID_CMC_SENDER_NONCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.6"); + pub const ID_CMC_RECIPIENT_NONCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.7"); + pub const ID_CMC_ADD_EXTENSIONS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.8"); + pub const ID_CMC_ENCRYPTED_POP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.9"); + pub const ID_KEY_EXCHANGE_ALGORITHM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.2.1.1.22"); + pub const ID_SHA_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.2.1"); + pub const ID_SHA_384: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.2.2"); + pub const ID_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.2.3"); + pub const ID_SHA_224: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.2.4"); + pub const DSA_WITH_SHA_224: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.1"); + pub const DSA_WITH_SHA_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.2"); + pub const HOLD_INSTRUCTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.2.840.10040.2"); + pub const ID_HOLDINSTRUCTION_NONE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.2.840.10040.2.1"); + pub const ID_HOLDINSTRUCTION_CALLISSUER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.2.840.10040.2.2"); + pub const ID_HOLDINSTRUCTION_REJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.2.840.10040.2.3"); + pub const ID_CE: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.29"); + pub const ID_CE_SUBJECT_KEY_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.14"); + pub const ID_CE_KEY_USAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.15"); + pub const ID_CE_PRIVATE_KEY_USAGE_PERIOD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.16"); + pub const ID_CE_SUBJECT_ALT_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.17"); + pub const ID_CE_ISSUER_ALT_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.18"); + pub const ID_CE_BASIC_CONSTRAINTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.19"); + pub const ID_CE_CRL_NUMBER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.20"); + pub const ID_CE_CRL_REASONS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.21"); + pub const ID_CE_HOLD_INSTRUCTION_CODE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.23"); + pub const ID_CE_INVALIDITY_DATE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.24"); + pub const ID_CE_DELTA_CRL_INDICATOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.27"); + pub const ID_CE_ISSUING_DISTRIBUTION_POINT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.28"); + pub const ID_CE_CERTIFICATE_ISSUER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.29"); + pub const ID_CE_NAME_CONSTRAINTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.30"); + pub const ID_CE_CRL_DISTRIBUTION_POINTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.31"); + pub const ID_CE_CERTIFICATE_POLICIES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.32"); + pub const ID_CE_POLICY_MAPPINGS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.33"); + pub const ID_CE_AUTHORITY_KEY_IDENTIFIER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.35"); + pub const ID_CE_POLICY_CONSTRAINTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.36"); + pub const ID_CE_EXT_KEY_USAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.37"); + pub const ANY_EXTENDED_KEY_USAGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.37.0"); + pub const ID_CE_FRESHEST_CRL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.46"); + pub const ID_CE_INHIBIT_ANY_POLICY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.54"); + pub const ID_CE_TARGET_INFORMATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.55"); + pub const ID_CE_NO_REV_AVAIL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.56"); + pub const ID_CE_SUBJECT_DIRECTORY_ATTRIBUTES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.5.29.9"); + pub const ID_AT: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4"); + pub const ID_AT_ROLE: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.5.4.72"); +} +pub mod rfc6109 { + pub const LDIF_LOCATION_URL_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.16572.2.1.1"); + pub const PROVIDER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.16572.2.1.2"); + pub const PROVIDER_CERTIFICATE_HASH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.16572.2.2.1"); + pub const PROVIDER_CERTIFICATE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.16572.2.2.2"); + pub const PROVIDER_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.16572.2.2.3"); + pub const MAIL_RECEIPT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.16572.2.2.4"); + pub const MANAGED_DOMAINS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.16572.2.2.5"); + pub const LDIF_LOCATION_URL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.16572.2.2.6"); + pub const PROVIDER_UNIT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.16572.2.2.7"); +} +pub mod rfc6268 { + pub const RSADSI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549"); + pub const ID_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.1"); + pub const ID_SIGNED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.2"); + pub const ID_ENVELOPED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.3"); + pub const ID_DIGESTED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.5"); + pub const ID_ENCRYPTED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.7.6"); + pub const ID_CT_CONTENT_COLLECTION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.19"); + pub const ID_CT_AUTH_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.2"); + pub const ID_CT_CONTENT_WITH_ATTRS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.20"); + pub const ID_CT_AUTH_ENVELOPED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.23"); + pub const ID_CT_CONTENT_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.6"); + pub const ID_CT_COMPRESSED_DATA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1.9"); + pub const ID_AA_BINARY_SIGNING_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2.46"); + pub const ID_ALG_ZLIB_COMPRESS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.3.8"); + pub const ID_AA_MULTIPLE_SIGNATURES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.2.51"); + pub const ID_CONTENT_TYPE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.3"); + pub const ID_MESSAGE_DIGEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.4"); + pub const ID_SIGNING_TIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.5"); + pub const ID_COUNTERSIGNATURE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.6"); + pub const DIGEST_ALGORITHM: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.2"); + pub const ID_HMAC_WITH_SHA_384: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.2.10"); + pub const ID_HMAC_WITH_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.2.11"); + pub const ID_HMAC_WITH_SHA_224: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.2.8"); + pub const ID_HMAC_WITH_SHA_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.2.9"); +} +pub mod rfc6960 { + pub const ID_PKIX_OCSP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1"); + pub const ID_PKIX_OCSP_BASIC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.1"); + pub const ID_PKIX_OCSP_NONCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.2"); + pub const ID_PKIX_OCSP_CRL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.3"); + pub const ID_PKIX_OCSP_RESPONSE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.4"); + pub const ID_PKIX_OCSP_NOCHECK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.5"); + pub const ID_PKIX_OCSP_ARCHIVE_CUTOFF: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.6"); + pub const ID_PKIX_OCSP_SERVICE_LOCATOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.7"); + pub const ID_PKIX_OCSP_PREF_SIG_ALGS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.8"); + pub const ID_PKIX_OCSP_EXTENDED_REVOKE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.9"); +} +pub mod rfc6962 { + pub const GOOGLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11129"); + pub const CT_PRECERT_SCTS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11129.2.4.2"); + pub const CT_PRECERT_POISON: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11129.2.4.3"); + pub const CT_PRECERT_SIGNING_CERT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11129.2.4.4"); +} +pub mod rfc7107 { + pub const ID_SMIME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16"); + pub const ID_MOD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.0"); + pub const ID_CT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.1"); + pub const ID_EIT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.10"); + pub const ID_CAP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.11"); + pub const ID_PSKC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.12"); + pub const ID_AA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.2"); + pub const ID_ALG: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.3"); + pub const ID_CD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.4"); + pub const ID_SPQ: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.5"); + pub const ID_CTI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.6"); + pub const ID_TSP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.7"); + pub const ID_SKD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.8"); + pub const ID_STI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.9"); +} +pub mod rfc7299 { + pub const ID_PKIX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7"); + pub const ID_MOD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.0"); + pub const ID_PE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1"); + pub const ID_ACA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.10"); + pub const ID_QCS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.11"); + pub const ID_CCT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.12"); + pub const ID_TEST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.13"); + pub const ID_CP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.14"); + pub const ID_CET: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.15"); + pub const ID_RI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.16"); + pub const ID_SCT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.17"); + pub const ID_SWB: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.18"); + pub const ID_SVP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19"); + pub const ID_NVAE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19.2"); + pub const ID_BVAE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19.3"); + pub const ID_DNVAE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.19.4"); + pub const ID_QT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.2"); + pub const ID_LOGO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.20"); + pub const ID_PPL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.21"); + pub const ID_MR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.22"); + pub const ID_SKIS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.23"); + pub const ID_KP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3"); + pub const ID_IT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.4"); + pub const ID_AD: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48"); + pub const ID_PKIX_OCSP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1"); + pub const ID_PKIP: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5"); + pub const ID_REG_CTRL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.1"); + pub const ID_REG_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.5.2"); + pub const ID_ALG: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.6"); + pub const ID_CMC: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7"); + pub const ID_CMC_GLA_RR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.7.99"); + pub const ID_ON: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.8"); + pub const ID_PDA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.9"); +} +pub mod rfc7532 { + pub const FEDFS_UUID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.1"); + pub const FEDFS_FSL_PORT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.10"); + pub const FEDFS_NFS_PATH: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.100"); + pub const FEDFS_NSDB_CONTAINER_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.1001"); + pub const FEDFS_FSN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.1002"); + pub const FEDFS_FSL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.1003"); + pub const FEDFS_NFS_FSL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.1004"); + pub const FEDFS_NFS_MAJOR_VER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.101"); + pub const FEDFS_NFS_MINOR_VER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.102"); + pub const FEDFS_NFS_CURRENCY: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.103"); + pub const FEDFS_NFS_GEN_FLAG_WRITABLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.104"); + pub const FEDFS_NFS_GEN_FLAG_GOING: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.105"); + pub const FEDFS_NFS_GEN_FLAG_SPLIT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.106"); + pub const FEDFS_NFS_TRANS_FLAG_RDMA: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.107"); + pub const FEDFS_NFS_CLASS_SIMUL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.108"); + pub const FEDFS_NFS_CLASS_HANDLE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.109"); + pub const FEDFS_FSL_TTL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.11"); + pub const FEDFS_NFS_CLASS_FILEID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.110"); + pub const FEDFS_NFS_CLASS_WRITEVER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.111"); + pub const FEDFS_NFS_CLASS_CHANGE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.112"); + pub const FEDFS_NFS_CLASS_READDIR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.113"); + pub const FEDFS_NFS_READ_RANK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.114"); + pub const FEDFS_NFS_READ_ORDER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.115"); + pub const FEDFS_NFS_WRITE_RANK: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.116"); + pub const FEDFS_NFS_WRITE_ORDER: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.117"); + pub const FEDFS_NFS_VAR_SUB: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.118"); + pub const FEDFS_NFS_VALID_FOR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.119"); + pub const FEDFS_ANNOTATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.12"); + pub const FEDFS_NFS_URI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.120"); + pub const FEDFS_DESCR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.13"); + pub const FEDFS_NCE_DN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.14"); + pub const FEDFS_FSN_TTL: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.15"); + pub const FEDFS_NET_ADDR: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.2"); + pub const FEDFS_NET_PORT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.3"); + pub const FEDFS_FSN_UUID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.4"); + pub const FEDFS_NSDB_NAME: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.5"); + pub const FEDFS_NSDB_PORT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.6"); + pub const FEDFS_NCE_PREFIX: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.7"); + pub const FEDFS_FSL_UUID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.8"); + pub const FEDFS_FSL_HOST: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.4.1.31103.1.9"); +} +pub mod rfc7612 { + pub const PRINTER_DEVICE_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.24.46.1.101"); + pub const PRINTER_DEVICE_SERVICE_COUNT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.24.46.1.102"); + pub const PRINTER_UUID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.24.46.1.104"); + pub const PRINTER_CHARGE_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.24.46.1.105"); + pub const PRINTER_CHARGE_INFO_URI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.24.46.1.106"); + pub const PRINTER_GEO_LOCATION: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.24.46.1.107"); + pub const PRINTER_IPP_FEATURES_SUPPORTED: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.18.0.2.24.46.1.108"); +} +pub mod rfc8284 { + pub const JID_OBJECT: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.23.1"); + pub const JID: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("1.3.6.1.1.23.2"); +} +pub mod rfc8410 { + pub const ID_EDWARDS_CURVE_ALGS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.101"); + pub const ID_X_25519: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.101.110"); + pub const ID_X_448: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.101.111"); + pub const ID_ED_25519: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.101.112"); + pub const ID_ED_448: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("1.3.101.113"); +} +pub mod rfc8894 { + pub const ID_VERI_SIGN: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113733"); + pub const ID_PKI: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113733.1"); + pub const ID_ATTRIBUTES: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113733.1.9"); + pub const ID_MESSAGE_TYPE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113733.1.9.2"); + pub const ID_PKI_STATUS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113733.1.9.3"); + pub const ID_FAIL_INFO: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113733.1.9.4"); + pub const ID_SENDER_NONCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113733.1.9.5"); + pub const ID_RECIPIENT_NONCE: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113733.1.9.6"); + pub const ID_TRANSACTION_ID: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.113733.1.9.7"); +} +pub const DB: super::Database<'static> = super::Database(&[ + (&rfc1274::TEXT_ENCODED_OR_ADDRESS, "textEncodedORAddress"), + (&rfc1274::OTHER_MAILBOX, "otherMailbox"), + (&rfc1274::LAST_MODIFIED_TIME, "lastModifiedTime"), + (&rfc1274::LAST_MODIFIED_BY, "lastModifiedBy"), + (&rfc1274::A_RECORD, "aRecord"), + (&rfc1274::MD_RECORD, "mDRecord"), + (&rfc1274::MX_RECORD, "mXRecord"), + (&rfc1274::NS_RECORD, "nSRecord"), + (&rfc1274::SOA_RECORD, "sOARecord"), + (&rfc1274::CNAME_RECORD, "cNAMERecord"), + (&rfc1274::JANET_MAILBOX, "janetMailbox"), + (&rfc1274::MAIL_PREFERENCE_OPTION, "mailPreferenceOption"), + (&rfc1274::DSA_QUALITY, "dSAQuality"), + (&rfc1274::SUBTREE_MINIMUM_QUALITY, "subtreeMinimumQuality"), + (&rfc1274::SUBTREE_MAXIMUM_QUALITY, "subtreeMaximumQuality"), + (&rfc1274::PERSONAL_SIGNATURE, "personalSignature"), + (&rfc1274::DIT_REDIRECT, "dITRedirect"), + (&rfc1274::AUDIO, "audio"), + (&rfc1274::PHOTO, "photo"), + (&rfc1274::DNS_DOMAIN, "dNSDomain"), + (&rfc1274::PILOT_ORGANIZATION, "pilotOrganization"), + (&rfc1274::PILOT_DSA, "pilotDSA"), + (&rfc1274::QUALITY_LABELLED_DATA, "qualityLabelledData"), + (&rfc1274::PILOT_OBJECT, "pilotObject"), + (&rfc1274::PILOT_PERSON, "pilotPerson"), + (&rfc2079::LABELED_URI, "labeledURI"), + (&rfc2079::LABELED_URI_OBJECT, "labeledURIObject"), + (&rfc2164::RFC_822_TO_X_400_MAPPING, "rFC822ToX400Mapping"), + (&rfc2164::X_400_TO_RFC_822_MAPPING, "x400ToRFC822Mapping"), + ( + &rfc2164::OMITTED_OR_ADDRESS_COMPONENT, + "omittedORAddressComponent", + ), + (&rfc2164::MIXER_GATEWAY, "mixerGateway"), + (&rfc2164::ASSOCIATED_X_400_GATEWAY, "associatedX400Gateway"), + (&rfc2164::ASSOCIATED_OR_ADDRESS, "associatedORAddress"), + ( + &rfc2164::OR_ADDRESS_COMPONENT_TYPE, + "oRAddressComponentType", + ), + ( + &rfc2164::ASSOCIATED_INTERNET_GATEWAY, + "associatedInternetGateway", + ), + (&rfc2164::MCGAM_TABLES, "mcgamTables"), + (&rfc2247::DOMAIN_NAME_FORM, "domainNameForm"), + ( + &rfc2252::PRESENTATION_ADDRESS_MATCH, + "presentationAddressMatch", + ), + ( + &rfc2252::PROTOCOL_INFORMATION_MATCH, + "protocolInformationMatch", + ), + (&rfc2256::KNOWLEDGE_INFORMATION, "knowledgeInformation"), + (&rfc2256::PRESENTATION_ADDRESS, "presentationAddress"), + ( + &rfc2256::SUPPORTED_APPLICATION_CONTEXT, + "supportedApplicationContext", + ), + (&rfc2256::PROTOCOL_INFORMATION, "protocolInformation"), + (&rfc2256::DMD_NAME, "dmdName"), + (&rfc2256::STATE_OR_PROVINCE_NAME, "stateOrProvinceName"), + (&rfc2256::STREET_ADDRESS, "streetAddress"), + (&rfc2256::APPLICATION_ENTITY, "applicationEntity"), + (&rfc2256::DSA, "dSA"), + (&rfc2256::DMD, "dmd"), + (&rfc2293::SUBTREE, "subtree"), + (&rfc2293::TABLE, "table"), + (&rfc2293::TABLE_ENTRY, "tableEntry"), + (&rfc2293::TEXT_TABLE_ENTRY, "textTableEntry"), + ( + &rfc2293::DISTINGUISHED_NAME_TABLE_ENTRY, + "distinguishedNameTableEntry", + ), + (&rfc2293::TEXT_TABLE_KEY, "textTableKey"), + (&rfc2293::TEXT_TABLE_VALUE, "textTableValue"), + ( + &rfc2293::DISTINGUISHED_NAME_TABLE_KEY, + "distinguishedNameTableKey", + ), + (&rfc2589::DYNAMIC_OBJECT, "dynamicObject"), + (&rfc2589::ENTRY_TTL, "entryTtl"), + (&rfc2589::DYNAMIC_SUBTREES, "dynamicSubtrees"), + (&rfc2739::CAL_CAL_URI, "calCalURI"), + (&rfc2739::CAL_FBURL, "calFBURL"), + (&rfc2739::CAL_CAPURI, "calCAPURI"), + (&rfc2739::CAL_CAL_ADR_URI, "calCalAdrURI"), + (&rfc2739::CAL_OTHER_CAL_UR_IS, "calOtherCalURIs"), + (&rfc2739::CAL_OTHER_FBUR_LS, "calOtherFBURLs"), + (&rfc2739::CAL_OTHER_CAPUR_IS, "calOtherCAPURIs"), + (&rfc2739::CAL_OTHER_CAL_ADR_UR_IS, "calOtherCalAdrURIs"), + (&rfc2739::CAL_ENTRY, "calEntry"), + (&rfc2798::JPEG_PHOTO, "jpegPhoto"), + (&rfc2798::CAR_LICENSE, "carLicense"), + (&rfc2798::DEPARTMENT_NUMBER, "departmentNumber"), + (&rfc2798::USER_PKCS_12, "userPKCS12"), + (&rfc2798::DISPLAY_NAME, "displayName"), + (&rfc2798::EMPLOYEE_NUMBER, "employeeNumber"), + (&rfc2798::PREFERRED_LANGUAGE, "preferredLanguage"), + (&rfc2798::EMPLOYEE_TYPE, "employeeType"), + (&rfc2798::USER_SMIME_CERTIFICATE, "userSMIMECertificate"), + (&rfc2798::INET_ORG_PERSON, "inetOrgPerson"), + (&rfc3280::EMAIL, "email"), + (&rfc3280::EMAIL_ADDRESS, "emailAddress"), + (&rfc3280::PSEUDONYM, "pseudonym"), + (&rfc3296::REF, "ref"), + (&rfc3296::REFERRAL, "referral"), + ( + &rfc3671::COLLECTIVE_ATTRIBUTE_SUBENTRIES, + "collectiveAttributeSubentries", + ), + (&rfc3671::COLLECTIVE_EXCLUSIONS, "collectiveExclusions"), + ( + &rfc3671::COLLECTIVE_ATTRIBUTE_SUBENTRY, + "collectiveAttributeSubentry", + ), + (&rfc3671::C_O, "c-o"), + (&rfc3671::C_OU, "c-ou"), + (&rfc3671::C_POSTAL_ADDRESS, "c-PostalAddress"), + (&rfc3671::C_POSTAL_CODE, "c-PostalCode"), + (&rfc3671::C_POST_OFFICE_BOX, "c-PostOfficeBox"), + ( + &rfc3671::C_PHYSICAL_DELIVERY_OFFICE, + "c-PhysicalDeliveryOffice", + ), + (&rfc3671::C_TELEPHONE_NUMBER, "c-TelephoneNumber"), + (&rfc3671::C_TELEX_NUMBER, "c-TelexNumber"), + ( + &rfc3671::C_FACSIMILE_TELEPHONE_NUMBER, + "c-FacsimileTelephoneNumber", + ), + ( + &rfc3671::C_INTERNATIONAL_ISDN_NUMBER, + "c-InternationalISDNNumber", + ), + (&rfc3671::C_L, "c-l"), + (&rfc3671::C_ST, "c-st"), + (&rfc3671::C_STREET, "c-street"), + (&rfc3672::SUBENTRY, "subentry"), + (&rfc3672::ADMINISTRATIVE_ROLE, "administrativeRole"), + (&rfc3672::SUBTREE_SPECIFICATION, "subtreeSpecification"), + (&rfc3672::AUTONOMOUS_AREA, "autonomousArea"), + ( + &rfc3672::ACCESS_CONTROL_SPECIFIC_AREA, + "accessControlSpecificArea", + ), + ( + &rfc3672::ACCESS_CONTROL_INNER_AREA, + "accessControlInnerArea", + ), + ( + &rfc3672::SUBSCHEMA_ADMIN_SPECIFIC_AREA, + "subschemaAdminSpecificArea", + ), + ( + &rfc3672::COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA, + "collectiveAttributeSpecificArea", + ), + ( + &rfc3672::COLLECTIVE_ATTRIBUTE_INNER_AREA, + "collectiveAttributeInnerArea", + ), + (&rfc3687::COMPONENT_FILTER_MATCH, "componentFilterMatch"), + (&rfc3687::RDN_MATCH, "rdnMatch"), + (&rfc3687::PRESENT_MATCH, "presentMatch"), + (&rfc3687::ALL_COMPONENTS_MATCH, "allComponentsMatch"), + ( + &rfc3687::DIRECTORY_COMPONENTS_MATCH, + "directoryComponentsMatch", + ), + (&rfc3698::STORED_PREFIX_MATCH, "storedPrefixMatch"), + (&rfc3703::PCIM_POLICY, "pcimPolicy"), + ( + &rfc3703::PCIM_RULE_ACTION_ASSOCIATION, + "pcimRuleActionAssociation", + ), + (&rfc3703::PCIM_CONDITION_AUX_CLASS, "pcimConditionAuxClass"), + (&rfc3703::PCIM_TPC_AUX_CLASS, "pcimTPCAuxClass"), + ( + &rfc3703::PCIM_CONDITION_VENDOR_AUX_CLASS, + "pcimConditionVendorAuxClass", + ), + (&rfc3703::PCIM_ACTION_AUX_CLASS, "pcimActionAuxClass"), + ( + &rfc3703::PCIM_ACTION_VENDOR_AUX_CLASS, + "pcimActionVendorAuxClass", + ), + (&rfc3703::PCIM_POLICY_INSTANCE, "pcimPolicyInstance"), + (&rfc3703::PCIM_ELEMENT_AUX_CLASS, "pcimElementAuxClass"), + (&rfc3703::PCIM_REPOSITORY, "pcimRepository"), + ( + &rfc3703::PCIM_REPOSITORY_AUX_CLASS, + "pcimRepositoryAuxClass", + ), + (&rfc3703::PCIM_GROUP, "pcimGroup"), + (&rfc3703::PCIM_REPOSITORY_INSTANCE, "pcimRepositoryInstance"), + ( + &rfc3703::PCIM_SUBTREES_PTR_AUX_CLASS, + "pcimSubtreesPtrAuxClass", + ), + ( + &rfc3703::PCIM_GROUP_CONTAINMENT_AUX_CLASS, + "pcimGroupContainmentAuxClass", + ), + ( + &rfc3703::PCIM_RULE_CONTAINMENT_AUX_CLASS, + "pcimRuleContainmentAuxClass", + ), + (&rfc3703::PCIM_GROUP_AUX_CLASS, "pcimGroupAuxClass"), + (&rfc3703::PCIM_GROUP_INSTANCE, "pcimGroupInstance"), + (&rfc3703::PCIM_RULE, "pcimRule"), + (&rfc3703::PCIM_RULE_AUX_CLASS, "pcimRuleAuxClass"), + (&rfc3703::PCIM_RULE_INSTANCE, "pcimRuleInstance"), + ( + &rfc3703::PCIM_RULE_CONDITION_ASSOCIATION, + "pcimRuleConditionAssociation", + ), + ( + &rfc3703::PCIM_RULE_VALIDITY_ASSOCIATION, + "pcimRuleValidityAssociation", + ), + ( + &rfc3703::PCIM_RULE_VALIDITY_PERIOD_LIST, + "pcimRuleValidityPeriodList", + ), + (&rfc3703::PCIM_RULE_USAGE, "pcimRuleUsage"), + (&rfc3703::PCIM_RULE_PRIORITY, "pcimRulePriority"), + (&rfc3703::PCIM_RULE_MANDATORY, "pcimRuleMandatory"), + ( + &rfc3703::PCIM_RULE_SEQUENCED_ACTIONS, + "pcimRuleSequencedActions", + ), + (&rfc3703::PCIM_ROLES, "pcimRoles"), + ( + &rfc3703::PCIM_CONDITION_GROUP_NUMBER, + "pcimConditionGroupNumber", + ), + (&rfc3703::PCIM_CONDITION_NEGATED, "pcimConditionNegated"), + (&rfc3703::PCIM_CONDITION_NAME, "pcimConditionName"), + (&rfc3703::PCIM_CONDITION_DN, "pcimConditionDN"), + ( + &rfc3703::PCIM_VALIDITY_CONDITION_NAME, + "pcimValidityConditionName", + ), + ( + &rfc3703::PCIM_TIME_PERIOD_CONDITION_DN, + "pcimTimePeriodConditionDN", + ), + (&rfc3703::PCIM_ACTION_NAME, "pcimActionName"), + (&rfc3703::PCIM_ACTION_ORDER, "pcimActionOrder"), + (&rfc3703::PCIM_ACTION_DN, "pcimActionDN"), + (&rfc3703::PCIM_TPC_TIME, "pcimTPCTime"), + ( + &rfc3703::PCIM_TPC_MONTH_OF_YEAR_MASK, + "pcimTPCMonthOfYearMask", + ), + ( + &rfc3703::PCIM_TPC_DAY_OF_MONTH_MASK, + "pcimTPCDayOfMonthMask", + ), + (&rfc3703::PCIM_TPC_DAY_OF_WEEK_MASK, "pcimTPCDayOfWeekMask"), + (&rfc3703::PCIM_TPC_TIME_OF_DAY_MASK, "pcimTPCTimeOfDayMask"), + (&rfc3703::PCIM_KEYWORDS, "pcimKeywords"), + ( + &rfc3703::PCIM_TPC_LOCAL_OR_UTC_TIME, + "pcimTPCLocalOrUtcTime", + ), + ( + &rfc3703::PCIM_VENDOR_CONSTRAINT_DATA, + "pcimVendorConstraintData", + ), + ( + &rfc3703::PCIM_VENDOR_CONSTRAINT_ENCODING, + "pcimVendorConstraintEncoding", + ), + (&rfc3703::PCIM_VENDOR_ACTION_DATA, "pcimVendorActionData"), + ( + &rfc3703::PCIM_VENDOR_ACTION_ENCODING, + "pcimVendorActionEncoding", + ), + ( + &rfc3703::PCIM_POLICY_INSTANCE_NAME, + "pcimPolicyInstanceName", + ), + (&rfc3703::PCIM_REPOSITORY_NAME, "pcimRepositoryName"), + ( + &rfc3703::PCIM_SUBTREES_AUX_CONTAINED_SET, + "pcimSubtreesAuxContainedSet", + ), + ( + &rfc3703::PCIM_GROUPS_AUX_CONTAINED_SET, + "pcimGroupsAuxContainedSet", + ), + ( + &rfc3703::PCIM_RULES_AUX_CONTAINED_SET, + "pcimRulesAuxContainedSet", + ), + (&rfc3703::PCIM_GROUP_NAME, "pcimGroupName"), + (&rfc3703::PCIM_RULE_NAME, "pcimRuleName"), + (&rfc3703::PCIM_RULE_ENABLED, "pcimRuleEnabled"), + ( + &rfc3703::PCIM_RULE_CONDITION_LIST_TYPE, + "pcimRuleConditionListType", + ), + (&rfc3703::PCIM_RULE_CONDITION_LIST, "pcimRuleConditionList"), + (&rfc3703::PCIM_RULE_ACTION_LIST, "pcimRuleActionList"), + (&rfc3712::PRINTER_XRI_SUPPORTED, "printer-xri-supported"), + (&rfc3712::PRINTER_ALIASES, "printer-aliases"), + ( + &rfc3712::PRINTER_CHARSET_CONFIGURED, + "printer-charset-configured", + ), + ( + &rfc3712::PRINTER_JOB_PRIORITY_SUPPORTED, + "printer-job-priority-supported", + ), + ( + &rfc3712::PRINTER_JOB_K_OCTETS_SUPPORTED, + "printer-job-k-octets-supported", + ), + ( + &rfc3712::PRINTER_CURRENT_OPERATOR, + "printer-current-operator", + ), + (&rfc3712::PRINTER_SERVICE_PERSON, "printer-service-person"), + ( + &rfc3712::PRINTER_DELIVERY_ORIENTATION_SUPPORTED, + "printer-delivery-orientation-supported", + ), + ( + &rfc3712::PRINTER_STACKING_ORDER_SUPPORTED, + "printer-stacking-order-supported", + ), + ( + &rfc3712::PRINTER_OUTPUT_FEATURES_SUPPORTED, + "printer-output-features-supported", + ), + ( + &rfc3712::PRINTER_MEDIA_LOCAL_SUPPORTED, + "printer-media-local-supported", + ), + ( + &rfc3712::PRINTER_COPIES_SUPPORTED, + "printer-copies-supported", + ), + ( + &rfc3712::PRINTER_NATURAL_LANGUAGE_CONFIGURED, + "printer-natural-language-configured", + ), + ( + &rfc3712::PRINTER_PRINT_QUALITY_SUPPORTED, + "printer-print-quality-supported", + ), + ( + &rfc3712::PRINTER_RESOLUTION_SUPPORTED, + "printer-resolution-supported", + ), + (&rfc3712::PRINTER_MEDIA_SUPPORTED, "printer-media-supported"), + (&rfc3712::PRINTER_SIDES_SUPPORTED, "printer-sides-supported"), + ( + &rfc3712::PRINTER_NUMBER_UP_SUPPORTED, + "printer-number-up-supported", + ), + ( + &rfc3712::PRINTER_FINISHINGS_SUPPORTED, + "printer-finishings-supported", + ), + ( + &rfc3712::PRINTER_PAGES_PER_MINUTE_COLOR, + "printer-pages-per-minute-color", + ), + ( + &rfc3712::PRINTER_PAGES_PER_MINUTE, + "printer-pages-per-minute", + ), + ( + &rfc3712::PRINTER_COMPRESSION_SUPPORTED, + "printer-compression-supported", + ), + (&rfc3712::PRINTER_COLOR_SUPPORTED, "printer-color-supported"), + ( + &rfc3712::PRINTER_DOCUMENT_FORMAT_SUPPORTED, + "printer-document-format-supported", + ), + ( + &rfc3712::PRINTER_CHARSET_SUPPORTED, + "printer-charset-supported", + ), + ( + &rfc3712::PRINTER_MULTIPLE_DOCUMENT_JOBS_SUPPORTED, + "printer-multiple-document-jobs-supported", + ), + ( + &rfc3712::PRINTER_IPP_VERSIONS_SUPPORTED, + "printer-ipp-versions-supported", + ), + (&rfc3712::PRINTER_MORE_INFO, "printer-more-info"), + (&rfc3712::PRINTER_NAME, "printer-name"), + (&rfc3712::PRINTER_LOCATION, "printer-location"), + ( + &rfc3712::PRINTER_GENERATED_NATURAL_LANGUAGE_SUPPORTED, + "printer-generated-natural-language-supported", + ), + (&rfc3712::PRINTER_MAKE_AND_MODEL, "printer-make-and-model"), + (&rfc3712::PRINTER_INFO, "printer-info"), + (&rfc3712::PRINTER_URI, "printer-uri"), + (&rfc3712::PRINTER_LPR, "printerLPR"), + (&rfc3712::SLP_SERVICE_PRINTER, "slpServicePrinter"), + (&rfc3712::PRINTER_SERVICE, "printerService"), + (&rfc3712::PRINTER_IPP, "printerIPP"), + ( + &rfc3712::PRINTER_SERVICE_AUX_CLASS, + "printerServiceAuxClass", + ), + (&rfc3712::PRINTER_ABSTRACT, "printerAbstract"), + (&rfc4104::PCELS_POLICY_SET, "pcelsPolicySet"), + (&rfc4104::PCELS_ACTION_ASSOCIATION, "pcelsActionAssociation"), + ( + &rfc4104::PCELS_SIMPLE_CONDITION_AUX_CLASS, + "pcelsSimpleConditionAuxClass", + ), + ( + &rfc4104::PCELS_COMPOUND_CONDITION_AUX_CLASS, + "pcelsCompoundConditionAuxClass", + ), + ( + &rfc4104::PCELS_COMPOUND_FILTER_CONDITION_AUX_CLASS, + "pcelsCompoundFilterConditionAuxClass", + ), + ( + &rfc4104::PCELS_SIMPLE_ACTION_AUX_CLASS, + "pcelsSimpleActionAuxClass", + ), + ( + &rfc4104::PCELS_COMPOUND_ACTION_AUX_CLASS, + "pcelsCompoundActionAuxClass", + ), + (&rfc4104::PCELS_VARIABLE, "pcelsVariable"), + ( + &rfc4104::PCELS_EXPLICIT_VARIABLE_AUX_CLASS, + "pcelsExplicitVariableAuxClass", + ), + ( + &rfc4104::PCELS_IMPLICIT_VARIABLE_AUX_CLASS, + "pcelsImplicitVariableAuxClass", + ), + ( + &rfc4104::PCELS_SOURCE_I_PV_4_VARIABLE_AUX_CLASS, + "pcelsSourceIPv4VariableAuxClass", + ), + ( + &rfc4104::PCELS_POLICY_SET_ASSOCIATION, + "pcelsPolicySetAssociation", + ), + ( + &rfc4104::PCELS_SOURCE_I_PV_6_VARIABLE_AUX_CLASS, + "pcelsSourceIPv6VariableAuxClass", + ), + ( + &rfc4104::PCELS_DESTINATION_I_PV_4_VARIABLE_AUX_CLASS, + "pcelsDestinationIPv4VariableAuxClass", + ), + ( + &rfc4104::PCELS_DESTINATION_I_PV_6_VARIABLE_AUX_CLASS, + "pcelsDestinationIPv6VariableAuxClass", + ), + ( + &rfc4104::PCELS_SOURCE_PORT_VARIABLE_AUX_CLASS, + "pcelsSourcePortVariableAuxClass", + ), + ( + &rfc4104::PCELS_DESTINATION_PORT_VARIABLE_AUX_CLASS, + "pcelsDestinationPortVariableAuxClass", + ), + ( + &rfc4104::PCELS_IP_PROTOCOL_VARIABLE_AUX_CLASS, + "pcelsIPProtocolVariableAuxClass", + ), + ( + &rfc4104::PCELS_IP_VERSION_VARIABLE_AUX_CLASS, + "pcelsIPVersionVariableAuxClass", + ), + ( + &rfc4104::PCELS_IP_TO_S_VARIABLE_AUX_CLASS, + "pcelsIPToSVariableAuxClass", + ), + ( + &rfc4104::PCELS_DSCP_VARIABLE_AUX_CLASS, + "pcelsDSCPVariableAuxClass", + ), + ( + &rfc4104::PCELS_FLOW_ID_VARIABLE_AUX_CLASS, + "pcelsFlowIdVariableAuxClass", + ), + (&rfc4104::PCELS_GROUP, "pcelsGroup"), + ( + &rfc4104::PCELS_SOURCE_MAC_VARIABLE_AUX_CLASS, + "pcelsSourceMACVariableAuxClass", + ), + ( + &rfc4104::PCELS_DESTINATION_MAC_VARIABLE_AUX_CLASS, + "pcelsDestinationMACVariableAuxClass", + ), + ( + &rfc4104::PCELS_VLAN_VARIABLE_AUX_CLASS, + "pcelsVLANVariableAuxClass", + ), + ( + &rfc4104::PCELS_CO_S_VARIABLE_AUX_CLASS, + "pcelsCoSVariableAuxClass", + ), + ( + &rfc4104::PCELS_ETHERTYPE_VARIABLE_AUX_CLASS, + "pcelsEthertypeVariableAuxClass", + ), + ( + &rfc4104::PCELS_SOURCE_SAP_VARIABLE_AUX_CLASS, + "pcelsSourceSAPVariableAuxClass", + ), + ( + &rfc4104::PCELS_DESTINATION_SAP_VARIABLE_AUX_CLASS, + "pcelsDestinationSAPVariableAuxClass", + ), + ( + &rfc4104::PCELS_SNAPOUI_VARIABLE_AUX_CLASS, + "pcelsSNAPOUIVariableAuxClass", + ), + ( + &rfc4104::PCELS_SNAP_TYPE_VARIABLE_AUX_CLASS, + "pcelsSNAPTypeVariableAuxClass", + ), + ( + &rfc4104::PCELS_FLOW_DIRECTION_VARIABLE_AUX_CLASS, + "pcelsFlowDirectionVariableAuxClass", + ), + (&rfc4104::PCELS_GROUP_AUX_CLASS, "pcelsGroupAuxClass"), + (&rfc4104::PCELS_VALUE_AUX_CLASS, "pcelsValueAuxClass"), + ( + &rfc4104::PCELS_I_PV_4_ADDR_VALUE_AUX_CLASS, + "pcelsIPv4AddrValueAuxClass", + ), + ( + &rfc4104::PCELS_I_PV_6_ADDR_VALUE_AUX_CLASS, + "pcelsIPv6AddrValueAuxClass", + ), + ( + &rfc4104::PCELS_MAC_ADDR_VALUE_AUX_CLASS, + "pcelsMACAddrValueAuxClass", + ), + ( + &rfc4104::PCELS_STRING_VALUE_AUX_CLASS, + "pcelsStringValueAuxClass", + ), + ( + &rfc4104::PCELS_BIT_STRING_VALUE_AUX_CLASS, + "pcelsBitStringValueAuxClass", + ), + ( + &rfc4104::PCELS_INTEGER_VALUE_AUX_CLASS, + "pcelsIntegerValueAuxClass", + ), + ( + &rfc4104::PCELS_BOOLEAN_VALUE_AUX_CLASS, + "pcelsBooleanValueAuxClass", + ), + (&rfc4104::PCELS_REUSABLE_CONTAINER, "pcelsReusableContainer"), + ( + &rfc4104::PCELS_REUSABLE_CONTAINER_AUX_CLASS, + "pcelsReusableContainerAuxClass", + ), + (&rfc4104::PCELS_GROUP_INSTANCE, "pcelsGroupInstance"), + ( + &rfc4104::PCELS_REUSABLE_CONTAINER_INSTANCE, + "pcelsReusableContainerInstance", + ), + (&rfc4104::PCELS_ROLE_COLLECTION, "pcelsRoleCollection"), + (&rfc4104::PCELS_FILTER_ENTRY_BASE, "pcelsFilterEntryBase"), + (&rfc4104::PCELS_IP_HEADERS_FILTER, "pcelsIPHeadersFilter"), + (&rfc4104::PCELS_8021_FILTER, "pcels8021Filter"), + ( + &rfc4104::PCELS_FILTER_LIST_AUX_CLASS, + "pcelsFilterListAuxClass", + ), + ( + &rfc4104::PCELS_VENDOR_VARIABLE_AUX_CLASS, + "pcelsVendorVariableAuxClass", + ), + ( + &rfc4104::PCELS_VENDOR_VALUE_AUX_CLASS, + "pcelsVendorValueAuxClass", + ), + (&rfc4104::PCELS_RULE, "pcelsRule"), + (&rfc4104::PCELS_RULE_AUX_CLASS, "pcelsRuleAuxClass"), + (&rfc4104::PCELS_RULE_INSTANCE, "pcelsRuleInstance"), + ( + &rfc4104::PCELS_CONDITION_ASSOCIATION, + "pcelsConditionAssociation", + ), + (&rfc4104::PCELS_POLICY_SET_NAME, "pcelsPolicySetName"), + (&rfc4104::PCELS_EXECUTION_STRATEGY, "pcelsExecutionStrategy"), + (&rfc4104::PCELS_VARIABLE_DN, "pcelsVariableDN"), + (&rfc4104::PCELS_VALUE_DN, "pcelsValueDN"), + (&rfc4104::PCELS_IS_MIRRORED, "pcelsIsMirrored"), + (&rfc4104::PCELS_VARIABLE_NAME, "pcelsVariableName"), + ( + &rfc4104::PCELS_EXPECTED_VALUE_LIST, + "pcelsExpectedValueList", + ), + ( + &rfc4104::PCELS_VARIABLE_MODEL_CLASS, + "pcelsVariableModelClass", + ), + ( + &rfc4104::PCELS_VARIABLE_MODEL_PROPERTY, + "pcelsVariableModelProperty", + ), + ( + &rfc4104::PCELS_EXPECTED_VALUE_TYPES, + "pcelsExpectedValueTypes", + ), + (&rfc4104::PCELS_VALUE_NAME, "pcelsValueName"), + (&rfc4104::PCELS_DECISION_STRATEGY, "pcelsDecisionStrategy"), + (&rfc4104::PCELS_I_PV_4_ADDR_LIST, "pcelsIPv4AddrList"), + (&rfc4104::PCELS_I_PV_6_ADDR_LIST, "pcelsIPv6AddrList"), + (&rfc4104::PCELS_MAC_ADDR_LIST, "pcelsMACAddrList"), + (&rfc4104::PCELS_STRING_LIST, "pcelsStringList"), + (&rfc4104::PCELS_BIT_STRING_LIST, "pcelsBitStringList"), + (&rfc4104::PCELS_INTEGER_LIST, "pcelsIntegerList"), + (&rfc4104::PCELS_BOOLEAN, "pcelsBoolean"), + ( + &rfc4104::PCELS_REUSABLE_CONTAINER_NAME, + "pcelsReusableContainerName", + ), + ( + &rfc4104::PCELS_REUSABLE_CONTAINER_LIST, + "pcelsReusableContainerList", + ), + (&rfc4104::PCELS_ROLE, "pcelsRole"), + (&rfc4104::PCELS_POLICY_SET_LIST, "pcelsPolicySetList"), + ( + &rfc4104::PCELS_ROLE_COLLECTION_NAME, + "pcelsRoleCollectionName", + ), + (&rfc4104::PCELS_ELEMENT_LIST, "pcelsElementList"), + (&rfc4104::PCELS_FILTER_NAME, "pcelsFilterName"), + (&rfc4104::PCELS_FILTER_IS_NEGATED, "pcelsFilterIsNegated"), + (&rfc4104::PCELS_IP_HDR_VERSION, "pcelsIPHdrVersion"), + ( + &rfc4104::PCELS_IP_HDR_SOURCE_ADDRESS, + "pcelsIPHdrSourceAddress", + ), + ( + &rfc4104::PCELS_IP_HDR_SOURCE_ADDRESS_END_OF_RANGE, + "pcelsIPHdrSourceAddressEndOfRange", + ), + (&rfc4104::PCELS_IP_HDR_SOURCE_MASK, "pcelsIPHdrSourceMask"), + (&rfc4104::PCELS_IP_HDR_DEST_ADDRESS, "pcelsIPHdrDestAddress"), + ( + &rfc4104::PCELS_IP_HDR_DEST_ADDRESS_END_OF_RANGE, + "pcelsIPHdrDestAddressEndOfRange", + ), + (&rfc4104::PCELS_PRIORITY, "pcelsPriority"), + (&rfc4104::PCELS_IP_HDR_DEST_MASK, "pcelsIPHdrDestMask"), + (&rfc4104::PCELS_IP_HDR_PROTOCOL_ID, "pcelsIPHdrProtocolID"), + ( + &rfc4104::PCELS_IP_HDR_SOURCE_PORT_START, + "pcelsIPHdrSourcePortStart", + ), + ( + &rfc4104::PCELS_IP_HDR_SOURCE_PORT_END, + "pcelsIPHdrSourcePortEnd", + ), + ( + &rfc4104::PCELS_IP_HDR_DEST_PORT_START, + "pcelsIPHdrDestPortStart", + ), + ( + &rfc4104::PCELS_IP_HDR_DEST_PORT_END, + "pcelsIPHdrDestPortEnd", + ), + (&rfc4104::PCELS_IP_HDR_DSCP_LIST, "pcelsIPHdrDSCPList"), + (&rfc4104::PCELS_IP_HDR_FLOW_LABEL, "pcelsIPHdrFlowLabel"), + ( + &rfc4104::PCELS_8021_HDR_SOURCE_MAC_ADDRESS, + "pcels8021HdrSourceMACAddress", + ), + ( + &rfc4104::PCELS_8021_HDR_SOURCE_MAC_MASK, + "pcels8021HdrSourceMACMask", + ), + (&rfc4104::PCELS_POLICY_SET_DN, "pcelsPolicySetDN"), + ( + &rfc4104::PCELS_8021_HDR_DEST_MAC_ADDRESS, + "pcels8021HdrDestMACAddress", + ), + ( + &rfc4104::PCELS_8021_HDR_DEST_MAC_MASK, + "pcels8021HdrDestMACMask", + ), + ( + &rfc4104::PCELS_8021_HDR_PROTOCOL_ID, + "pcels8021HdrProtocolID", + ), + (&rfc4104::PCELS_8021_HDR_PRIORITY, "pcels8021HdrPriority"), + (&rfc4104::PCELS_8021_HDR_VLANID, "pcels8021HdrVLANID"), + (&rfc4104::PCELS_FILTER_LIST_NAME, "pcelsFilterListName"), + (&rfc4104::PCELS_FILTER_DIRECTION, "pcelsFilterDirection"), + (&rfc4104::PCELS_FILTER_ENTRY_LIST, "pcelsFilterEntryList"), + ( + &rfc4104::PCELS_VENDOR_VARIABLE_DATA, + "pcelsVendorVariableData", + ), + ( + &rfc4104::PCELS_VENDOR_VARIABLE_ENCODING, + "pcelsVendorVariableEncoding", + ), + ( + &rfc4104::PCELS_CONDITION_LIST_TYPE, + "pcelsConditionListType", + ), + (&rfc4104::PCELS_VENDOR_VALUE_DATA, "pcelsVendorValueData"), + ( + &rfc4104::PCELS_VENDOR_VALUE_ENCODING, + "pcelsVendorValueEncoding", + ), + ( + &rfc4104::PCELS_RULE_VALIDITY_PERIOD_LIST, + "pcelsRuleValidityPeriodList", + ), + (&rfc4104::PCELS_CONDITION_LIST, "pcelsConditionList"), + (&rfc4104::PCELS_ACTION_LIST, "pcelsActionList"), + (&rfc4104::PCELS_SEQUENCED_ACTIONS, "pcelsSequencedActions"), + (&rfc4237::VPIM_USER, "vPIMUser"), + (&rfc4237::VPIM_TELEPHONE_NUMBER, "vPIMTelephoneNumber"), + (&rfc4237::VPIM_SUB_MAILBOXES, "vPIMSubMailboxes"), + (&rfc4237::VPIM_RFC_822_MAILBOX, "vPIMRfc822Mailbox"), + (&rfc4237::VPIM_SPOKEN_NAME, "vPIMSpokenName"), + ( + &rfc4237::VPIM_SUPPORTED_UA_BEHAVIORS, + "vPIMSupportedUABehaviors", + ), + ( + &rfc4237::VPIM_SUPPORTED_AUDIO_MEDIA_TYPES, + "vPIMSupportedAudioMediaTypes", + ), + ( + &rfc4237::VPIM_SUPPORTED_MESSAGE_CONTEXT, + "vPIMSupportedMessageContext", + ), + (&rfc4237::VPIM_TEXT_NAME, "vPIMTextName"), + ( + &rfc4237::VPIM_EXTENDED_ABSENCE_STATUS, + "vPIMExtendedAbsenceStatus", + ), + (&rfc4237::VPIM_MAX_MESSAGE_SIZE, "vPIMMaxMessageSize"), + (&rfc4403::UDDIV_3_SERVICE_KEY, "uddiv3ServiceKey"), + ( + &rfc4403::UDDI_BUSINESS_ENTITY_NAME_FORM, + "uddiBusinessEntityNameForm", + ), + ( + &rfc4403::UDDIV_3_ENTITY_OBITUARY_NAME_FORM, + "uddiv3EntityObituaryNameForm", + ), + (&rfc4403::UDDI_CONTACT_NAME_FORM, "uddiContactNameForm"), + (&rfc4403::UDDI_ADDRESS_NAME_FORM, "uddiAddressNameForm"), + ( + &rfc4403::UDDI_BUSINESS_SERVICE_NAME_FORM, + "uddiBusinessServiceNameForm", + ), + ( + &rfc4403::UDDI_BINDING_TEMPLATE_NAME_FORM, + "uddiBindingTemplateNameForm", + ), + ( + &rfc4403::UDDI_T_MODEL_INSTANCE_INFO_NAME_FORM, + "uddiTModelInstanceInfoNameForm", + ), + (&rfc4403::UDDI_T_MODEL_NAME_FORM, "uddiTModelNameForm"), + ( + &rfc4403::UDDI_PUBLISHER_ASSERTION_NAME_FORM, + "uddiPublisherAssertionNameForm", + ), + ( + &rfc4403::UDDIV_3_SUBSCRIPTION_NAME_FORM, + "uddiv3SubscriptionNameForm", + ), + (&rfc4403::UDDI_BUSINESS_KEY, "uddiBusinessKey"), + (&rfc4403::UDDI_E_MAIL, "uddiEMail"), + (&rfc4403::UDDI_SORT_CODE, "uddiSortCode"), + (&rfc4403::UDDI_T_MODEL_KEY, "uddiTModelKey"), + (&rfc4403::UDDI_ADDRESS_LINE, "uddiAddressLine"), + (&rfc4403::UDDI_IDENTIFIER_BAG, "uddiIdentifierBag"), + (&rfc4403::UDDI_CATEGORY_BAG, "uddiCategoryBag"), + (&rfc4403::UDDI_KEYED_REFERENCE, "uddiKeyedReference"), + (&rfc4403::UDDI_SERVICE_KEY, "uddiServiceKey"), + (&rfc4403::UDDI_BINDING_KEY, "uddiBindingKey"), + (&rfc4403::UDDI_ACCESS_POINT, "uddiAccessPoint"), + (&rfc4403::UDDI_AUTHORIZED_NAME, "uddiAuthorizedName"), + (&rfc4403::UDDI_HOSTING_REDIRECTOR, "uddiHostingRedirector"), + ( + &rfc4403::UDDI_INSTANCE_DESCRIPTION, + "uddiInstanceDescription", + ), + (&rfc4403::UDDI_INSTANCE_PARMS, "uddiInstanceParms"), + ( + &rfc4403::UDDI_OVERVIEW_DESCRIPTION, + "uddiOverviewDescription", + ), + (&rfc4403::UDDI_OVERVIEW_URL, "uddiOverviewURL"), + (&rfc4403::UDDI_FROM_KEY, "uddiFromKey"), + (&rfc4403::UDDI_TO_KEY, "uddiToKey"), + (&rfc4403::UDDI_UUID, "uddiUUID"), + (&rfc4403::UDDI_IS_HIDDEN, "uddiIsHidden"), + (&rfc4403::UDDI_IS_PROJECTION, "uddiIsProjection"), + (&rfc4403::UDDI_OPERATOR, "uddiOperator"), + (&rfc4403::UDDI_LANG, "uddiLang"), + (&rfc4403::UDDIV_3_BUSINESS_KEY, "uddiv3BusinessKey"), + (&rfc4403::UDDIV_3_BINDING_KEY, "uddiv3BindingKey"), + (&rfc4403::UDDIV_3_TMODEL_KEY, "uddiv3TmodelKey"), + ( + &rfc4403::UDDIV_3_DIGITAL_SIGNATURE, + "uddiv3DigitalSignature", + ), + (&rfc4403::UDDIV_3_NODE_ID, "uddiv3NodeId"), + ( + &rfc4403::UDDIV_3_ENTITY_MODIFICATION_TIME, + "uddiv3EntityModificationTime", + ), + (&rfc4403::UDDIV_3_SUBSCRIPTION_KEY, "uddiv3SubscriptionKey"), + ( + &rfc4403::UDDIV_3_SUBSCRIPTION_FILTER, + "uddiv3SubscriptionFilter", + ), + (&rfc4403::UDDI_NAME, "uddiName"), + ( + &rfc4403::UDDIV_3_NOTIFICATION_INTERVAL, + "uddiv3NotificationInterval", + ), + (&rfc4403::UDDIV_3_MAX_ENTITIES, "uddiv3MaxEntities"), + (&rfc4403::UDDIV_3_EXPIRES_AFTER, "uddiv3ExpiresAfter"), + (&rfc4403::UDDIV_3_BRIEF_RESPONSE, "uddiv3BriefResponse"), + (&rfc4403::UDDIV_3_ENTITY_KEY, "uddiv3EntityKey"), + ( + &rfc4403::UDDIV_3_ENTITY_CREATION_TIME, + "uddiv3EntityCreationTime", + ), + ( + &rfc4403::UDDIV_3_ENTITY_DELETION_TIME, + "uddiv3EntityDeletionTime", + ), + (&rfc4403::UDDI_DESCRIPTION, "uddiDescription"), + (&rfc4403::UDDI_DISCOVERY_UR_LS, "uddiDiscoveryURLs"), + (&rfc4403::UDDI_USE_TYPE, "uddiUseType"), + (&rfc4403::UDDI_PERSON_NAME, "uddiPersonName"), + (&rfc4403::UDDI_PHONE, "uddiPhone"), + (&rfc4403::UDDI_BUSINESS_ENTITY, "uddiBusinessEntity"), + (&rfc4403::UDDIV_3_ENTITY_OBITUARY, "uddiv3EntityObituary"), + (&rfc4403::UDDI_CONTACT, "uddiContact"), + (&rfc4403::UDDI_ADDRESS, "uddiAddress"), + (&rfc4403::UDDI_BUSINESS_SERVICE, "uddiBusinessService"), + (&rfc4403::UDDI_BINDING_TEMPLATE, "uddiBindingTemplate"), + ( + &rfc4403::UDDI_T_MODEL_INSTANCE_INFO, + "uddiTModelInstanceInfo", + ), + (&rfc4403::UDDI_T_MODEL, "uddiTModel"), + (&rfc4403::UDDI_PUBLISHER_ASSERTION, "uddiPublisherAssertion"), + (&rfc4403::UDDIV_3_SUBSCRIPTION, "uddiv3Subscription"), + (&rfc4512::EXTENSIBLE_OBJECT, "extensibleObject"), + (&rfc4512::SUPPORTED_CONTROL, "supportedControl"), + ( + &rfc4512::SUPPORTED_SASL_MECHANISMS, + "supportedSASLMechanisms", + ), + (&rfc4512::SUPPORTED_LDAP_VERSION, "supportedLDAPVersion"), + (&rfc4512::LDAP_SYNTAXES, "ldapSyntaxes"), + (&rfc4512::NAMING_CONTEXTS, "namingContexts"), + (&rfc4512::ALT_SERVER, "altServer"), + (&rfc4512::SUPPORTED_EXTENSION, "supportedExtension"), + (&rfc4512::SUPPORTED_FEATURES, "supportedFeatures"), + (&rfc4512::CREATE_TIMESTAMP, "createTimestamp"), + (&rfc4512::SUBSCHEMA_SUBENTRY, "subschemaSubentry"), + (&rfc4512::MODIFY_TIMESTAMP, "modifyTimestamp"), + (&rfc4512::CREATORS_NAME, "creatorsName"), + (&rfc4512::MODIFIERS_NAME, "modifiersName"), + (&rfc4512::SUBSCHEMA, "subschema"), + (&rfc4512::DIT_STRUCTURE_RULES, "dITStructureRules"), + (&rfc4512::GOVERNING_STRUCTURE_RULE, "governingStructureRule"), + (&rfc4512::DIT_CONTENT_RULES, "dITContentRules"), + (&rfc4512::MATCHING_RULES, "matchingRules"), + (&rfc4512::ATTRIBUTE_TYPES, "attributeTypes"), + (&rfc4512::OBJECT_CLASSES, "objectClasses"), + (&rfc4512::NAME_FORMS, "nameForms"), + (&rfc4512::MATCHING_RULE_USE, "matchingRuleUse"), + (&rfc4512::STRUCTURAL_OBJECT_CLASS, "structuralObjectClass"), + (&rfc4512::OBJECT_CLASS, "objectClass"), + (&rfc4512::ALIASED_OBJECT_NAME, "aliasedObjectName"), + (&rfc4512::TOP, "top"), + (&rfc4512::ALIAS, "alias"), + (&rfc4517::CASE_EXACT_IA_5_MATCH, "caseExactIA5Match"), + (&rfc4517::CASE_IGNORE_IA_5_MATCH, "caseIgnoreIA5Match"), + ( + &rfc4517::CASE_IGNORE_IA_5_SUBSTRINGS_MATCH, + "caseIgnoreIA5SubstringsMatch", + ), + (&rfc4517::OBJECT_IDENTIFIER_MATCH, "objectIdentifierMatch"), + (&rfc4517::DISTINGUISHED_NAME_MATCH, "distinguishedNameMatch"), + ( + &rfc4517::NUMERIC_STRING_SUBSTRINGS_MATCH, + "numericStringSubstringsMatch", + ), + (&rfc4517::CASE_IGNORE_LIST_MATCH, "caseIgnoreListMatch"), + ( + &rfc4517::CASE_IGNORE_LIST_SUBSTRINGS_MATCH, + "caseIgnoreListSubstringsMatch", + ), + (&rfc4517::BOOLEAN_MATCH, "booleanMatch"), + (&rfc4517::INTEGER_MATCH, "integerMatch"), + (&rfc4517::INTEGER_ORDERING_MATCH, "integerOrderingMatch"), + (&rfc4517::BIT_STRING_MATCH, "bitStringMatch"), + (&rfc4517::OCTET_STRING_MATCH, "octetStringMatch"), + ( + &rfc4517::OCTET_STRING_ORDERING_MATCH, + "octetStringOrderingMatch", + ), + (&rfc4517::CASE_IGNORE_MATCH, "caseIgnoreMatch"), + (&rfc4517::TELEPHONE_NUMBER_MATCH, "telephoneNumberMatch"), + ( + &rfc4517::TELEPHONE_NUMBER_SUBSTRINGS_MATCH, + "telephoneNumberSubstringsMatch", + ), + (&rfc4517::UNIQUE_MEMBER_MATCH, "uniqueMemberMatch"), + (&rfc4517::GENERALIZED_TIME_MATCH, "generalizedTimeMatch"), + ( + &rfc4517::GENERALIZED_TIME_ORDERING_MATCH, + "generalizedTimeOrderingMatch", + ), + ( + &rfc4517::INTEGER_FIRST_COMPONENT_MATCH, + "integerFirstComponentMatch", + ), + ( + &rfc4517::CASE_IGNORE_ORDERING_MATCH, + "caseIgnoreOrderingMatch", + ), + ( + &rfc4517::OBJECT_IDENTIFIER_FIRST_COMPONENT_MATCH, + "objectIdentifierFirstComponentMatch", + ), + ( + &rfc4517::DIRECTORY_STRING_FIRST_COMPONENT_MATCH, + "directoryStringFirstComponentMatch", + ), + (&rfc4517::WORD_MATCH, "wordMatch"), + (&rfc4517::KEYWORD_MATCH, "keywordMatch"), + ( + &rfc4517::CASE_IGNORE_SUBSTRINGS_MATCH, + "caseIgnoreSubstringsMatch", + ), + (&rfc4517::CASE_EXACT_MATCH, "caseExactMatch"), + ( + &rfc4517::CASE_EXACT_ORDERING_MATCH, + "caseExactOrderingMatch", + ), + ( + &rfc4517::CASE_EXACT_SUBSTRINGS_MATCH, + "caseExactSubstringsMatch", + ), + (&rfc4517::NUMERIC_STRING_MATCH, "numericStringMatch"), + ( + &rfc4517::NUMERIC_STRING_ORDERING_MATCH, + "numericStringOrderingMatch", + ), + (&rfc4519::UID, "uid"), + (&rfc4519::USER_ID, "userId"), + (&rfc4519::DC, "DC"), + (&rfc4519::DOMAIN_COMPONENT, "domainComponent"), + (&rfc4519::UID_OBJECT, "uidObject"), + (&rfc4519::DC_OBJECT, "dcObject"), + (&rfc4519::O, "o"), + (&rfc4519::ORGANIZATION_NAME, "organizationName"), + (&rfc4519::OU, "ou"), + (&rfc4519::ORGANIZATIONAL_UNIT_NAME, "organizationalUnitName"), + (&rfc4519::TITLE, "title"), + (&rfc4519::DESCRIPTION, "description"), + (&rfc4519::SEARCH_GUIDE, "searchGuide"), + (&rfc4519::BUSINESS_CATEGORY, "businessCategory"), + (&rfc4519::POSTAL_ADDRESS, "postalAddress"), + (&rfc4519::POSTAL_CODE, "postalCode"), + (&rfc4519::POST_OFFICE_BOX, "postOfficeBox"), + ( + &rfc4519::PHYSICAL_DELIVERY_OFFICE_NAME, + "physicalDeliveryOfficeName", + ), + (&rfc4519::TELEPHONE_NUMBER, "telephoneNumber"), + (&rfc4519::TELEX_NUMBER, "telexNumber"), + ( + &rfc4519::TELETEX_TERMINAL_IDENTIFIER, + "teletexTerminalIdentifier", + ), + ( + &rfc4519::FACSIMILE_TELEPHONE_NUMBER, + "facsimileTelephoneNumber", + ), + (&rfc4519::X_121_ADDRESS, "x121Address"), + ( + &rfc4519::INTERNATIONALI_SDN_NUMBER, + "internationaliSDNNumber", + ), + (&rfc4519::REGISTERED_ADDRESS, "registeredAddress"), + (&rfc4519::DESTINATION_INDICATOR, "destinationIndicator"), + ( + &rfc4519::PREFERRED_DELIVERY_METHOD, + "preferredDeliveryMethod", + ), + (&rfc4519::CN, "cn"), + (&rfc4519::COMMON_NAME, "commonName"), + (&rfc4519::MEMBER, "member"), + (&rfc4519::OWNER, "owner"), + (&rfc4519::ROLE_OCCUPANT, "roleOccupant"), + (&rfc4519::SEE_ALSO, "seeAlso"), + (&rfc4519::USER_PASSWORD, "userPassword"), + (&rfc4519::SN, "sn"), + (&rfc4519::SURNAME, "surname"), + (&rfc4519::NAME, "name"), + (&rfc4519::GIVEN_NAME, "givenName"), + (&rfc4519::INITIALS, "initials"), + (&rfc4519::GENERATION_QUALIFIER, "generationQualifier"), + (&rfc4519::X_500_UNIQUE_IDENTIFIER, "x500UniqueIdentifier"), + (&rfc4519::DN_QUALIFIER, "dnQualifier"), + (&rfc4519::ENHANCED_SEARCH_GUIDE, "enhancedSearchGuide"), + (&rfc4519::DISTINGUISHED_NAME, "distinguishedName"), + (&rfc4519::SERIAL_NUMBER, "serialNumber"), + (&rfc4519::UNIQUE_MEMBER, "uniqueMember"), + (&rfc4519::HOUSE_IDENTIFIER, "houseIdentifier"), + (&rfc4519::C, "c"), + (&rfc4519::COUNTRY_NAME, "countryName"), + (&rfc4519::L, "L"), + (&rfc4519::LOCALITY_NAME, "localityName"), + (&rfc4519::ST, "st"), + (&rfc4519::STREET, "street"), + (&rfc4519::RESIDENTIAL_PERSON, "residentialPerson"), + (&rfc4519::APPLICATION_PROCESS, "applicationProcess"), + (&rfc4519::DEVICE, "device"), + (&rfc4519::GROUP_OF_UNIQUE_NAMES, "groupOfUniqueNames"), + (&rfc4519::COUNTRY, "country"), + (&rfc4519::LOCALITY, "locality"), + (&rfc4519::ORGANIZATION, "organization"), + (&rfc4519::ORGANIZATIONAL_UNIT, "organizationalUnit"), + (&rfc4519::PERSON, "person"), + (&rfc4519::ORGANIZATIONAL_PERSON, "organizationalPerson"), + (&rfc4519::ORGANIZATIONAL_ROLE, "organizationalRole"), + (&rfc4519::GROUP_OF_NAMES, "groupOfNames"), + (&rfc4523::CERTIFICATE_EXACT_MATCH, "certificateExactMatch"), + (&rfc4523::CERTIFICATE_MATCH, "certificateMatch"), + ( + &rfc4523::CERTIFICATE_PAIR_EXACT_MATCH, + "certificatePairExactMatch", + ), + (&rfc4523::CERTIFICATE_PAIR_MATCH, "certificatePairMatch"), + ( + &rfc4523::CERTIFICATE_LIST_EXACT_MATCH, + "certificateListExactMatch", + ), + (&rfc4523::CERTIFICATE_LIST_MATCH, "certificateListMatch"), + ( + &rfc4523::ALGORITHM_IDENTIFIER_MATCH, + "algorithmIdentifierMatch", + ), + (&rfc4523::USER_CERTIFICATE, "userCertificate"), + (&rfc4523::CA_CERTIFICATE, "cACertificate"), + ( + &rfc4523::AUTHORITY_REVOCATION_LIST, + "authorityRevocationList", + ), + ( + &rfc4523::CERTIFICATE_REVOCATION_LIST, + "certificateRevocationList", + ), + (&rfc4523::CROSS_CERTIFICATE_PAIR, "crossCertificatePair"), + (&rfc4523::SUPPORTED_ALGORITHMS, "supportedAlgorithms"), + (&rfc4523::DELTA_REVOCATION_LIST, "deltaRevocationList"), + ( + &rfc4523::STRONG_AUTHENTICATION_USER, + "strongAuthenticationUser", + ), + (&rfc4523::CERTIFICATION_AUTHORITY, "certificationAuthority"), + ( + &rfc4523::CERTIFICATION_AUTHORITY_V_2, + "certificationAuthority-V2", + ), + ( + &rfc4523::USER_SECURITY_INFORMATION, + "userSecurityInformation", + ), + (&rfc4523::CRL_DISTRIBUTION_POINT, "cRLDistributionPoint"), + (&rfc4523::PKI_USER, "pkiUser"), + (&rfc4523::PKI_CA, "pkiCA"), + (&rfc4523::DELTA_CRL, "deltaCRL"), + (&rfc4524::MANAGER, "manager"), + (&rfc4524::DOCUMENT_IDENTIFIER, "documentIdentifier"), + (&rfc4524::DOCUMENT_TITLE, "documentTitle"), + (&rfc4524::DOCUMENT_VERSION, "documentVersion"), + (&rfc4524::DOCUMENT_AUTHOR, "documentAuthor"), + (&rfc4524::DOCUMENT_LOCATION, "documentLocation"), + (&rfc4524::HOME_PHONE, "homePhone"), + (&rfc4524::HOME_TELEPHONE, "homeTelephone"), + (&rfc4524::SECRETARY, "secretary"), + (&rfc4524::MAIL, "mail"), + (&rfc4524::RFC_822_MAILBOX, "RFC822Mailbox"), + (&rfc4524::ASSOCIATED_DOMAIN, "associatedDomain"), + (&rfc4524::ASSOCIATED_NAME, "associatedName"), + (&rfc4524::HOME_POSTAL_ADDRESS, "homePostalAddress"), + (&rfc4524::INFO, "info"), + (&rfc4524::PERSONAL_TITLE, "personalTitle"), + (&rfc4524::MOBILE, "mobile"), + (&rfc4524::MOBILE_TELEPHONE_NUMBER, "mobileTelephoneNumber"), + (&rfc4524::PAGER, "pager"), + (&rfc4524::PAGER_TELEPHONE_NUMBER, "pagerTelephoneNumber"), + (&rfc4524::CO, "co"), + (&rfc4524::FRIENDLY_COUNTRY_NAME, "friendlyCountryName"), + (&rfc4524::UNIQUE_IDENTIFIER, "uniqueIdentifier"), + (&rfc4524::ORGANIZATIONAL_STATUS, "organizationalStatus"), + (&rfc4524::BUILDING_NAME, "buildingName"), + (&rfc4524::DRINK, "drink"), + (&rfc4524::FAVOURITE_DRINK, "favouriteDrink"), + (&rfc4524::SINGLE_LEVEL_QUALITY, "singleLevelQuality"), + (&rfc4524::DOCUMENT_PUBLISHER, "documentPublisher"), + (&rfc4524::ROOM_NUMBER, "roomNumber"), + (&rfc4524::USER_CLASS, "userClass"), + (&rfc4524::HOST, "host"), + (&rfc4524::DOMAIN, "domain"), + (&rfc4524::RFC_822_LOCAL_PART, "RFC822LocalPart"), + (&rfc4524::DOMAIN_RELATED_OBJECT, "domainRelatedObject"), + (&rfc4524::FRIENDLY_COUNTRY, "friendlyCountry"), + (&rfc4524::SIMPLE_SECURITY_OBJECT, "simpleSecurityObject"), + (&rfc4524::ACCOUNT, "account"), + (&rfc4524::DOCUMENT, "document"), + (&rfc4524::ROOM, "room"), + (&rfc4524::DOCUMENT_SERIES, "documentSeries"), + (&rfc4530::UUID_MATCH, "uuidMatch"), + (&rfc4530::UUID_ORDERING_MATCH, "uuidOrderingMatch"), + (&rfc4530::ENTRY_UUID, "entryUUID"), + (&rfc4876::DEFAULT_SERVER_LIST, "defaultServerList"), + (&rfc4876::DEFAULT_SEARCH_BASE, "defaultSearchBase"), + (&rfc4876::CREDENTIAL_LEVEL, "credentialLevel"), + (&rfc4876::OBJECTCLASS_MAP, "objectclassMap"), + (&rfc4876::DEFAULT_SEARCH_SCOPE, "defaultSearchScope"), + (&rfc4876::SERVICE_CREDENTIAL_LEVEL, "serviceCredentialLevel"), + ( + &rfc4876::SERVICE_SEARCH_DESCRIPTOR, + "serviceSearchDescriptor", + ), + ( + &rfc4876::SERVICE_AUTHENTICATION_METHOD, + "serviceAuthenticationMethod", + ), + (&rfc4876::DEREFERENCE_ALIASES, "dereferenceAliases"), + (&rfc4876::PREFERRED_SERVER_LIST, "preferredServerList"), + (&rfc4876::SEARCH_TIME_LIMIT, "searchTimeLimit"), + (&rfc4876::BIND_TIME_LIMIT, "bindTimeLimit"), + (&rfc4876::FOLLOW_REFERRALS, "followReferrals"), + (&rfc4876::AUTHENTICATION_METHOD, "authenticationMethod"), + (&rfc4876::PROFILE_TTL, "profileTTL"), + (&rfc4876::ATTRIBUTE_MAP, "attributeMap"), + (&rfc4876::DUA_CONFIG_PROFILE, "DUAConfigProfile"), + (&rfc5020::ENTRY_DN, "entryDN"), + (&rfc5280::PKCS_9, "pkcs-9"), + (&rfc5280::ID_PKIX, "id-pkix"), + (&rfc5280::ID_PE, "id-pe"), + ( + &rfc5280::ID_PE_AUTHORITY_INFO_ACCESS, + "id-pe-authorityInfoAccess", + ), + ( + &rfc5280::ID_PE_SUBJECT_INFO_ACCESS, + "id-pe-subjectInfoAccess", + ), + (&rfc5280::ID_QT, "id-qt"), + (&rfc5280::ID_QT_CPS, "id-qt-cps"), + (&rfc5280::ID_QT_UNOTICE, "id-qt-unotice"), + (&rfc5280::ID_KP, "id-kp"), + (&rfc5280::ID_KP_SERVER_AUTH, "id-kp-serverAuth"), + (&rfc5280::ID_KP_CLIENT_AUTH, "id-kp-clientAuth"), + (&rfc5280::ID_KP_CODE_SIGNING, "id-kp-codeSigning"), + (&rfc5280::ID_KP_EMAIL_PROTECTION, "id-kp-emailProtection"), + (&rfc5280::ID_KP_TIME_STAMPING, "id-kp-timeStamping"), + (&rfc5280::ID_KP_OCSP_SIGNING, "id-kp-OCSPSigning"), + (&rfc5280::ID_AD, "id-ad"), + (&rfc5280::ID_AD_OCSP, "id-ad-ocsp"), + (&rfc5280::ID_AD_CA_ISSUERS, "id-ad-caIssuers"), + (&rfc5280::ID_AD_TIME_STAMPING, "id-ad-timeStamping"), + (&rfc5280::ID_AD_CA_REPOSITORY, "id-ad-caRepository"), + (&rfc5280::HOLD_INSTRUCTION, "holdInstruction"), + (&rfc5280::ID_HOLDINSTRUCTION_NONE, "id-holdinstruction-none"), + ( + &rfc5280::ID_HOLDINSTRUCTION_CALLISSUER, + "id-holdinstruction-callissuer", + ), + ( + &rfc5280::ID_HOLDINSTRUCTION_REJECT, + "id-holdinstruction-reject", + ), + (&rfc5280::ID_CE, "id-ce"), + ( + &rfc5280::ID_CE_SUBJECT_KEY_IDENTIFIER, + "id-ce-subjectKeyIdentifier", + ), + (&rfc5280::ID_CE_KEY_USAGE, "id-ce-keyUsage"), + ( + &rfc5280::ID_CE_PRIVATE_KEY_USAGE_PERIOD, + "id-ce-privateKeyUsagePeriod", + ), + (&rfc5280::ID_CE_SUBJECT_ALT_NAME, "id-ce-subjectAltName"), + (&rfc5280::ID_CE_ISSUER_ALT_NAME, "id-ce-issuerAltName"), + (&rfc5280::ID_CE_BASIC_CONSTRAINTS, "id-ce-basicConstraints"), + (&rfc5280::ID_CE_CRL_NUMBER, "id-ce-cRLNumber"), + (&rfc5280::ID_CE_CRL_REASONS, "id-ce-cRLReasons"), + ( + &rfc5280::ID_CE_HOLD_INSTRUCTION_CODE, + "id-ce-holdInstructionCode", + ), + (&rfc5280::ID_CE_INVALIDITY_DATE, "id-ce-invalidityDate"), + ( + &rfc5280::ID_CE_DELTA_CRL_INDICATOR, + "id-ce-deltaCRLIndicator", + ), + ( + &rfc5280::ID_CE_ISSUING_DISTRIBUTION_POINT, + "id-ce-issuingDistributionPoint", + ), + ( + &rfc5280::ID_CE_CERTIFICATE_ISSUER, + "id-ce-certificateIssuer", + ), + (&rfc5280::ID_CE_NAME_CONSTRAINTS, "id-ce-nameConstraints"), + ( + &rfc5280::ID_CE_CRL_DISTRIBUTION_POINTS, + "id-ce-cRLDistributionPoints", + ), + ( + &rfc5280::ID_CE_CERTIFICATE_POLICIES, + "id-ce-certificatePolicies", + ), + (&rfc5280::ANY_POLICY, "anyPolicy"), + (&rfc5280::ID_CE_POLICY_MAPPINGS, "id-ce-policyMappings"), + ( + &rfc5280::ID_CE_AUTHORITY_KEY_IDENTIFIER, + "id-ce-authorityKeyIdentifier", + ), + ( + &rfc5280::ID_CE_POLICY_CONSTRAINTS, + "id-ce-policyConstraints", + ), + (&rfc5280::ID_CE_EXT_KEY_USAGE, "id-ce-extKeyUsage"), + (&rfc5280::ANY_EXTENDED_KEY_USAGE, "anyExtendedKeyUsage"), + (&rfc5280::ID_CE_FRESHEST_CRL, "id-ce-freshestCRL"), + (&rfc5280::ID_CE_INHIBIT_ANY_POLICY, "id-ce-inhibitAnyPolicy"), + ( + &rfc5280::ID_CE_SUBJECT_DIRECTORY_ATTRIBUTES, + "id-ce-subjectDirectoryAttributes", + ), + (&rfc5280::ID_AT, "id-at"), + (&rfc5911::ID_PBKDF_2, "id-PBKDF2"), + (&rfc5911::ID_DATA, "id-data"), + (&rfc5911::ID_SIGNED_DATA, "id-signedData"), + (&rfc5911::ID_ENVELOPED_DATA, "id-envelopedData"), + (&rfc5911::ID_DIGESTED_DATA, "id-digestedData"), + (&rfc5911::ID_ENCRYPTED_DATA, "id-encryptedData"), + (&rfc5911::SMIME_CAPABILITIES, "smimeCapabilities"), + (&rfc5911::ID_SMIME, "id-smime"), + (&rfc5911::ID_CT_RECEIPT, "id-ct-receipt"), + (&rfc5911::ID_CT_FIRMWARE_PACKAGE, "id-ct-firmwarePackage"), + ( + &rfc5911::ID_CT_FIRMWARE_LOAD_RECEIPT, + "id-ct-firmwareLoadReceipt", + ), + ( + &rfc5911::ID_CT_FIRMWARE_LOAD_ERROR, + "id-ct-firmwareLoadError", + ), + (&rfc5911::ID_CT_AUTH_DATA, "id-ct-authData"), + ( + &rfc5911::ID_CT_AUTH_ENVELOPED_DATA, + "id-ct-authEnvelopedData", + ), + (&rfc5911::ID_CT_CONTENT_INFO, "id-ct-contentInfo"), + (&rfc5911::ID_CAP, "id-cap"), + ( + &rfc5911::ID_CAP_PREFER_BINARY_INSIDE, + "id-cap-preferBinaryInside", + ), + (&rfc5911::ID_AA, "id-aa"), + (&rfc5911::ID_AA_RECEIPT_REQUEST, "id-aa-receiptRequest"), + (&rfc5911::ID_AA_CONTENT_REFERENCE, "id-aa-contentReference"), + (&rfc5911::ID_AA_ENCRYP_KEY_PREF, "id-aa-encrypKeyPref"), + ( + &rfc5911::ID_AA_SIGNING_CERTIFICATE, + "id-aa-signingCertificate", + ), + (&rfc5911::ID_AA_SECURITY_LABEL, "id-aa-securityLabel"), + (&rfc5911::ID_AA_ML_EXPAND_HISTORY, "id-aa-mlExpandHistory"), + ( + &rfc5911::ID_AA_FIRMWARE_PACKAGE_ID, + "id-aa-firmwarePackageID", + ), + ( + &rfc5911::ID_AA_TARGET_HARDWARE_I_DS, + "id-aa-targetHardwareIDs", + ), + (&rfc5911::ID_AA_DECRYPT_KEY_ID, "id-aa-decryptKeyID"), + (&rfc5911::ID_AA_IMPL_CRYPTO_ALGS, "id-aa-implCryptoAlgs"), + ( + &rfc5911::ID_AA_WRAPPED_FIRMWARE_KEY, + "id-aa-wrappedFirmwareKey", + ), + (&rfc5911::ID_AA_CONTENT_HINT, "id-aa-contentHint"), + ( + &rfc5911::ID_AA_COMMUNITY_IDENTIFIERS, + "id-aa-communityIdentifiers", + ), + ( + &rfc5911::ID_AA_FIRMWARE_PACKAGE_INFO, + "id-aa-firmwarePackageInfo", + ), + (&rfc5911::ID_AA_IMPL_COMPRESS_ALGS, "id-aa-implCompressAlgs"), + ( + &rfc5911::ID_AA_SIGNING_CERTIFICATE_V_2, + "id-aa-signingCertificateV2", + ), + (&rfc5911::ID_AA_ER_INTERNAL, "id-aa-er-internal"), + (&rfc5911::ID_AA_MSG_SIG_DIGEST, "id-aa-msgSigDigest"), + (&rfc5911::ID_AA_ER_EXTERNAL, "id-aa-er-external"), + ( + &rfc5911::ID_AA_CONTENT_IDENTIFIER, + "id-aa-contentIdentifier", + ), + (&rfc5911::ID_AA_EQUIVALENT_LABELS, "id-aa-equivalentLabels"), + (&rfc5911::ID_ALG_SSDH, "id-alg-SSDH"), + (&rfc5911::ID_ALG_ESDH, "id-alg-ESDH"), + (&rfc5911::ID_ALG_CMS_3_DE_SWRAP, "id-alg-CMS3DESwrap"), + (&rfc5911::ID_ALG_CMSRC_2_WRAP, "id-alg-CMSRC2wrap"), + (&rfc5911::ID_SKD, "id-skd"), + (&rfc5911::ID_SKD_GL_USE_KEK, "id-skd-glUseKEK"), + (&rfc5911::ID_SKD_GLA_QUERY_REQUEST, "id-skd-glaQueryRequest"), + ( + &rfc5911::ID_SKD_GLA_QUERY_RESPONSE, + "id-skd-glaQueryResponse", + ), + (&rfc5911::ID_SKD_GL_PROVIDE_CERT, "id-skd-glProvideCert"), + (&rfc5911::ID_SKD_GL_MANAGE_CERT, "id-skd-glManageCert"), + (&rfc5911::ID_SKD_GL_KEY, "id-skd-glKey"), + (&rfc5911::ID_SKD_GL_DELETE, "id-skd-glDelete"), + (&rfc5911::ID_SKD_GL_ADD_MEMBER, "id-skd-glAddMember"), + (&rfc5911::ID_SKD_GL_DELETE_MEMBER, "id-skd-glDeleteMember"), + (&rfc5911::ID_SKD_GL_REKEY, "id-skd-glRekey"), + (&rfc5911::ID_SKD_GL_ADD_OWNER, "id-skd-glAddOwner"), + (&rfc5911::ID_SKD_GL_REMOVE_OWNER, "id-skd-glRemoveOwner"), + (&rfc5911::ID_SKD_GL_KEY_COMPROMISE, "id-skd-glKeyCompromise"), + (&rfc5911::ID_SKD_GLK_REFRESH, "id-skd-glkRefresh"), + (&rfc5911::ID_CONTENT_TYPE, "id-contentType"), + (&rfc5911::ID_MESSAGE_DIGEST, "id-messageDigest"), + (&rfc5911::ID_SIGNING_TIME, "id-signingTime"), + (&rfc5911::ID_COUNTERSIGNATURE, "id-countersignature"), + (&rfc5911::RC_2_CBC, "rc2-cbc"), + (&rfc5911::DES_EDE_3_CBC, "des-ede3-cbc"), + (&rfc5911::LTANS, "ltans"), + (&rfc5911::ID_CET_SKD_FAIL_INFO, "id-cet-skdFailInfo"), + (&rfc5911::ID_CMC_GLA_RR, "id-cmc-glaRR"), + ( + &rfc5911::ID_CMC_GLA_SKD_ALG_REQUEST, + "id-cmc-gla-skdAlgRequest", + ), + ( + &rfc5911::ID_CMC_GLA_SKD_ALG_RESPONSE, + "id-cmc-gla-skdAlgResponse", + ), + ( + &rfc5911::ID_ON_HARDWARE_MODULE_NAME, + "id-on-hardwareModuleName", + ), + (&rfc5911::HMAC_SHA_1, "hMAC-SHA1"), + (&rfc5911::AES, "aes"), + (&rfc5911::ID_AES_128_CBC, "id-aes128-CBC"), + (&rfc5911::ID_AES_192_CBC, "id-aes192-CBC"), + (&rfc5911::ID_AES_192_WRAP, "id-aes192-wrap"), + (&rfc5911::ID_AES_192_GCM, "id-aes192-GCM"), + (&rfc5911::ID_AES_192_CCM, "id-aes192-CCM"), + (&rfc5911::ID_AES_256_CBC, "id-aes256-CBC"), + (&rfc5911::ID_AES_256_WRAP, "id-aes256-wrap"), + (&rfc5911::ID_AES_256_GCM, "id-aes256-GCM"), + (&rfc5911::ID_AES_256_CCM, "id-aes256-CCM"), + (&rfc5911::ID_AES_128_WRAP, "id-aes128-wrap"), + (&rfc5911::ID_AES_128_GCM, "id-aes128-GCM"), + (&rfc5911::ID_AES_128_CCM, "id-aes128-CCM"), + (&rfc5912::ID_DSA, "id-dsa"), + (&rfc5912::DSA_WITH_SHA_1, "dsa-with-sha1"), + (&rfc5912::ID_EC_PUBLIC_KEY, "id-ecPublicKey"), + (&rfc5912::SECP_256_R_1, "secp256r1"), + (&rfc5912::ECDSA_WITH_SHA_224, "ecdsa-with-SHA224"), + (&rfc5912::ECDSA_WITH_SHA_256, "ecdsa-with-SHA256"), + (&rfc5912::ECDSA_WITH_SHA_384, "ecdsa-with-SHA384"), + (&rfc5912::ECDSA_WITH_SHA_512, "ecdsa-with-SHA512"), + (&rfc5912::DHPUBLICNUMBER, "dhpublicnumber"), + (&rfc5912::ID_PASSWORD_BASED_MAC, "id-PasswordBasedMac"), + (&rfc5912::ID_DH_BASED_MAC, "id-DHBasedMac"), + (&rfc5912::PKCS_1, "pkcs-1"), + (&rfc5912::RSA_ENCRYPTION, "rsaEncryption"), + (&rfc5912::ID_RSASSA_PSS, "id-RSASSA-PSS"), + ( + &rfc5912::SHA_256_WITH_RSA_ENCRYPTION, + "sha256WithRSAEncryption", + ), + ( + &rfc5912::SHA_384_WITH_RSA_ENCRYPTION, + "sha384WithRSAEncryption", + ), + ( + &rfc5912::SHA_512_WITH_RSA_ENCRYPTION, + "sha512WithRSAEncryption", + ), + ( + &rfc5912::SHA_224_WITH_RSA_ENCRYPTION, + "sha224WithRSAEncryption", + ), + (&rfc5912::MD_2_WITH_RSA_ENCRYPTION, "md2WithRSAEncryption"), + (&rfc5912::MD_5_WITH_RSA_ENCRYPTION, "md5WithRSAEncryption"), + (&rfc5912::SHA_1_WITH_RSA_ENCRYPTION, "sha1WithRSAEncryption"), + (&rfc5912::ID_RSAES_OAEP, "id-RSAES-OAEP"), + (&rfc5912::ID_MGF_1, "id-mgf1"), + (&rfc5912::ID_P_SPECIFIED, "id-pSpecified"), + (&rfc5912::PKCS_9, "pkcs-9"), + (&rfc5912::ID_EXTENSION_REQ, "id-ExtensionReq"), + (&rfc5912::ID_SMIME, "id-smime"), + (&rfc5912::ID_CT, "id-ct"), + ( + &rfc5912::ID_CT_SCVP_CERT_VAL_REQUEST, + "id-ct-scvp-certValRequest", + ), + ( + &rfc5912::ID_CT_SCVP_CERT_VAL_RESPONSE, + "id-ct-scvp-certValResponse", + ), + ( + &rfc5912::ID_CT_SCVP_VAL_POL_REQUEST, + "id-ct-scvp-valPolRequest", + ), + ( + &rfc5912::ID_CT_SCVP_VAL_POL_RESPONSE, + "id-ct-scvp-valPolResponse", + ), + (&rfc5912::ID_CT_ENC_KEY_WITH_ID, "id-ct-encKeyWithID"), + (&rfc5912::ID_AA, "id-aa"), + (&rfc5912::ID_AA_CMC_UNSIGNED_DATA, "id-aa-cmc-unsignedData"), + (&rfc5912::ID_MD_2, "id-md2"), + (&rfc5912::ID_MD_5, "id-md5"), + (&rfc5912::SECT_163_K_1, "sect163k1"), + (&rfc5912::SECT_163_R_2, "sect163r2"), + (&rfc5912::SECT_283_K_1, "sect283k1"), + (&rfc5912::SECT_283_R_1, "sect283r1"), + (&rfc5912::SECT_233_K_1, "sect233k1"), + (&rfc5912::SECT_233_R_1, "sect233r1"), + (&rfc5912::SECP_224_R_1, "secp224r1"), + (&rfc5912::SECP_384_R_1, "secp384r1"), + (&rfc5912::SECP_521_R_1, "secp521r1"), + (&rfc5912::SECT_409_K_1, "sect409k1"), + (&rfc5912::SECT_409_R_1, "sect409r1"), + (&rfc5912::SECT_571_K_1, "sect571k1"), + (&rfc5912::SECT_571_R_1, "sect571r1"), + (&rfc5912::ID_EC_DH, "id-ecDH"), + (&rfc5912::ID_EC_MQV, "id-ecMQV"), + (&rfc5912::ID_SHA_1, "id-sha1"), + (&rfc5912::ID_PKIX, "id-pkix"), + (&rfc5912::ID_PE, "id-pe"), + ( + &rfc5912::ID_PE_AUTHORITY_INFO_ACCESS, + "id-pe-authorityInfoAccess", + ), + (&rfc5912::ID_PE_AC_PROXYING, "id-pe-ac-proxying"), + ( + &rfc5912::ID_PE_SUBJECT_INFO_ACCESS, + "id-pe-subjectInfoAccess", + ), + (&rfc5912::ID_PE_AC_AUDIT_IDENTITY, "id-pe-ac-auditIdentity"), + (&rfc5912::ID_PE_AA_CONTROLS, "id-pe-aaControls"), + (&rfc5912::ID_ACA, "id-aca"), + ( + &rfc5912::ID_ACA_AUTHENTICATION_INFO, + "id-aca-authenticationInfo", + ), + (&rfc5912::ID_ACA_ACCESS_IDENTITY, "id-aca-accessIdentity"), + ( + &rfc5912::ID_ACA_CHARGING_IDENTITY, + "id-aca-chargingIdentity", + ), + (&rfc5912::ID_ACA_GROUP, "id-aca-group"), + (&rfc5912::ID_ACA_ENC_ATTRS, "id-aca-encAttrs"), + (&rfc5912::ID_CCT, "id-cct"), + (&rfc5912::ID_CCT_PKI_DATA, "id-cct-PKIData"), + (&rfc5912::ID_CCT_PKI_RESPONSE, "id-cct-PKIResponse"), + (&rfc5912::ID_STC, "id-stc"), + (&rfc5912::ID_STC_BUILD_PKC_PATH, "id-stc-build-pkc-path"), + ( + &rfc5912::ID_STC_BUILD_VALID_PKC_PATH, + "id-stc-build-valid-pkc-path", + ), + ( + &rfc5912::ID_STC_BUILD_STATUS_CHECKED_PKC_PATH, + "id-stc-build-status-checked-pkc-path", + ), + (&rfc5912::ID_STC_BUILD_AA_PATH, "id-stc-build-aa-path"), + ( + &rfc5912::ID_STC_BUILD_VALID_AA_PATH, + "id-stc-build-valid-aa-path", + ), + ( + &rfc5912::ID_STC_BUILD_STATUS_CHECKED_AA_PATH, + "id-stc-build-status-checked-aa-path", + ), + ( + &rfc5912::ID_STC_STATUS_CHECK_AC_AND_BUILD_STATUS_CHECKED_AA_PATH, + "id-stc-status-check-ac-and-build-status-checked-aa-path", + ), + (&rfc5912::ID_SWB, "id-swb"), + ( + &rfc5912::ID_SWB_PKC_BEST_CERT_PATH, + "id-swb-pkc-best-cert-path", + ), + (&rfc5912::ID_SWB_PKC_CERT, "id-swb-pkc-cert"), + (&rfc5912::ID_SWB_AC_CERT, "id-swb-ac-cert"), + ( + &rfc5912::ID_SWB_PKC_ALL_CERT_PATHS, + "id-swb-pkc-all-cert-paths", + ), + ( + &rfc5912::ID_SWB_PKC_EE_REVOCATION_INFO, + "id-swb-pkc-ee-revocation-info", + ), + ( + &rfc5912::ID_SWB_PKC_C_AS_REVOCATION_INFO, + "id-swb-pkc-CAs-revocation-info", + ), + ( + &rfc5912::ID_SWB_PKC_REVOCATION_INFO, + "id-swb-pkc-revocation-info", + ), + ( + &rfc5912::ID_SWB_PKC_PUBLIC_KEY_INFO, + "id-swb-pkc-public-key-info", + ), + (&rfc5912::ID_SWB_AA_CERT_PATH, "id-swb-aa-cert-path"), + ( + &rfc5912::ID_SWB_AA_REVOCATION_INFO, + "id-swb-aa-revocation-info", + ), + ( + &rfc5912::ID_SWB_AC_REVOCATION_INFO, + "id-swb-ac-revocation-info", + ), + ( + &rfc5912::ID_SWB_RELAYED_RESPONSES, + "id-swb-relayed-responses", + ), + (&rfc5912::ID_SVP, "id-svp"), + ( + &rfc5912::ID_SVP_DEFAULT_VAL_POLICY, + "id-svp-defaultValPolicy", + ), + (&rfc5912::ID_SVP_NAME_VAL_ALG, "id-svp-nameValAlg"), + (&rfc5912::ID_SVP_BASIC_VAL_ALG, "id-svp-basicValAlg"), + (&rfc5912::NAME_COMP_ALG_SET, "NameCompAlgSet"), + (&rfc5912::ID_NVA_DN_COMP_ALG, "id-nva-dnCompAlg"), + (&rfc5912::ID_QT, "id-qt"), + (&rfc5912::ID_QT_CPS, "id-qt-cps"), + (&rfc5912::ID_QT_UNOTICE, "id-qt-unotice"), + (&rfc5912::ID_KP, "id-kp"), + (&rfc5912::ID_KP_SERVER_AUTH, "id-kp-serverAuth"), + (&rfc5912::ID_KP_SCVP_SERVER, "id-kp-scvpServer"), + (&rfc5912::ID_KP_SCVP_CLIENT, "id-kp-scvpClient"), + (&rfc5912::ID_KP_CLIENT_AUTH, "id-kp-clientAuth"), + (&rfc5912::ID_KP_CODE_SIGNING, "id-kp-codeSigning"), + (&rfc5912::ID_KP_EMAIL_PROTECTION, "id-kp-emailProtection"), + (&rfc5912::ID_KP_TIME_STAMPING, "id-kp-timeStamping"), + (&rfc5912::ID_KP_OCSP_SIGNING, "id-kp-OCSPSigning"), + (&rfc5912::ID_IT, "id-it"), + (&rfc5912::ID_IT_CA_PROT_ENC_CERT, "id-it-caProtEncCert"), + (&rfc5912::ID_IT_KEY_PAIR_PARAM_REQ, "id-it-keyPairParamReq"), + (&rfc5912::ID_IT_KEY_PAIR_PARAM_REP, "id-it-keyPairParamRep"), + (&rfc5912::ID_IT_REV_PASSPHRASE, "id-it-revPassphrase"), + (&rfc5912::ID_IT_IMPLICIT_CONFIRM, "id-it-implicitConfirm"), + (&rfc5912::ID_IT_CONFIRM_WAIT_TIME, "id-it-confirmWaitTime"), + (&rfc5912::ID_IT_ORIG_PKI_MESSAGE, "id-it-origPKIMessage"), + (&rfc5912::ID_IT_SUPP_LANG_TAGS, "id-it-suppLangTags"), + ( + &rfc5912::ID_IT_SIGN_KEY_PAIR_TYPES, + "id-it-signKeyPairTypes", + ), + (&rfc5912::ID_IT_ENC_KEY_PAIR_TYPES, "id-it-encKeyPairTypes"), + (&rfc5912::ID_IT_PREFERRED_SYMM_ALG, "id-it-preferredSymmAlg"), + (&rfc5912::ID_IT_CA_KEY_UPDATE_INFO, "id-it-caKeyUpdateInfo"), + (&rfc5912::ID_IT_CURRENT_CRL, "id-it-currentCRL"), + (&rfc5912::ID_IT_UNSUPPORTED_OI_DS, "id-it-unsupportedOIDs"), + (&rfc5912::ID_AD, "id-ad"), + (&rfc5912::ID_AD_OCSP, "id-ad-ocsp"), + (&rfc5912::ID_AD_CA_ISSUERS, "id-ad-caIssuers"), + (&rfc5912::ID_AD_TIME_STAMPING, "id-ad-timeStamping"), + (&rfc5912::ID_AD_CA_REPOSITORY, "id-ad-caRepository"), + (&rfc5912::ID_PKIP, "id-pkip"), + (&rfc5912::ID_REG_CTRL, "id-regCtrl"), + (&rfc5912::ID_REG_CTRL_REG_TOKEN, "id-regCtrl-regToken"), + ( + &rfc5912::ID_REG_CTRL_AUTHENTICATOR, + "id-regCtrl-authenticator", + ), + ( + &rfc5912::ID_REG_CTRL_PKI_PUBLICATION_INFO, + "id-regCtrl-pkiPublicationInfo", + ), + ( + &rfc5912::ID_REG_CTRL_PKI_ARCHIVE_OPTIONS, + "id-regCtrl-pkiArchiveOptions", + ), + (&rfc5912::ID_REG_CTRL_OLD_CERT_ID, "id-regCtrl-oldCertID"), + ( + &rfc5912::ID_REG_CTRL_PROTOCOL_ENCR_KEY, + "id-regCtrl-protocolEncrKey", + ), + (&rfc5912::ID_REG_INFO, "id-regInfo"), + (&rfc5912::ID_REG_INFO_UTF_8_PAIRS, "id-regInfo-utf8Pairs"), + (&rfc5912::ID_REG_INFO_CERT_REQ, "id-regInfo-certReq"), + (&rfc5912::ID_ALG_NO_SIGNATURE, "id-alg-noSignature"), + (&rfc5912::ID_CMC, "id-cmc"), + (&rfc5912::ID_CMC_STATUS_INFO, "id-cmc-statusInfo"), + (&rfc5912::ID_CMC_DECRYPTED_POP, "id-cmc-decryptedPOP"), + (&rfc5912::ID_CMC_LRA_POP_WITNESS, "id-cmc-lraPOPWitness"), + (&rfc5912::ID_CMC_GET_CERT, "id-cmc-getCert"), + (&rfc5912::ID_CMC_GET_CRL, "id-cmc-getCRL"), + (&rfc5912::ID_CMC_REVOKE_REQUEST, "id-cmc-revokeRequest"), + (&rfc5912::ID_CMC_REG_INFO, "id-cmc-regInfo"), + (&rfc5912::ID_CMC_RESPONSE_INFO, "id-cmc-responseInfo"), + (&rfc5912::ID_CMC_IDENTIFICATION, "id-cmc-identification"), + (&rfc5912::ID_CMC_QUERY_PENDING, "id-cmc-queryPending"), + (&rfc5912::ID_CMC_POP_LINK_RANDOM, "id-cmc-popLinkRandom"), + (&rfc5912::ID_CMC_POP_LINK_WITNESS, "id-cmc-popLinkWitness"), + ( + &rfc5912::ID_CMC_CONFIRM_CERT_ACCEPTANCE, + "id-cmc-confirmCertAcceptance", + ), + (&rfc5912::ID_CMC_STATUS_INFO_V_2, "id-cmc-statusInfoV2"), + (&rfc5912::ID_CMC_TRUSTED_ANCHORS, "id-cmc-trustedAnchors"), + (&rfc5912::ID_CMC_AUTH_DATA, "id-cmc-authData"), + (&rfc5912::ID_CMC_BATCH_REQUESTS, "id-cmc-batchRequests"), + (&rfc5912::ID_CMC_BATCH_RESPONSES, "id-cmc-batchResponses"), + (&rfc5912::ID_CMC_IDENTITY_PROOF, "id-cmc-identityProof"), + (&rfc5912::ID_CMC_PUBLISH_CERT, "id-cmc-publishCert"), + (&rfc5912::ID_CMC_MOD_CERT_TEMPLATE, "id-cmc-modCertTemplate"), + ( + &rfc5912::ID_CMC_CONTROL_PROCESSED, + "id-cmc-controlProcessed", + ), + ( + &rfc5912::ID_CMC_IDENTITY_PROOF_V_2, + "id-cmc-identityProofV2", + ), + ( + &rfc5912::ID_CMC_POP_LINK_WITNESS_V_2, + "id-cmc-popLinkWitnessV2", + ), + (&rfc5912::ID_CMC_DATA_RETURN, "id-cmc-dataReturn"), + (&rfc5912::ID_CMC_TRANSACTION_ID, "id-cmc-transactionId"), + (&rfc5912::ID_CMC_SENDER_NONCE, "id-cmc-senderNonce"), + (&rfc5912::ID_CMC_RECIPIENT_NONCE, "id-cmc-recipientNonce"), + (&rfc5912::ID_CMC_ADD_EXTENSIONS, "id-cmc-addExtensions"), + (&rfc5912::ID_CMC_ENCRYPTED_POP, "id-cmc-encryptedPOP"), + ( + &rfc5912::ID_KEY_EXCHANGE_ALGORITHM, + "id-keyExchangeAlgorithm", + ), + (&rfc5912::ID_SHA_256, "id-sha256"), + (&rfc5912::ID_SHA_384, "id-sha384"), + (&rfc5912::ID_SHA_512, "id-sha512"), + (&rfc5912::ID_SHA_224, "id-sha224"), + (&rfc5912::DSA_WITH_SHA_224, "dsa-with-sha224"), + (&rfc5912::DSA_WITH_SHA_256, "dsa-with-sha256"), + (&rfc5912::HOLD_INSTRUCTION, "holdInstruction"), + (&rfc5912::ID_HOLDINSTRUCTION_NONE, "id-holdinstruction-none"), + ( + &rfc5912::ID_HOLDINSTRUCTION_CALLISSUER, + "id-holdinstruction-callissuer", + ), + ( + &rfc5912::ID_HOLDINSTRUCTION_REJECT, + "id-holdinstruction-reject", + ), + (&rfc5912::ID_CE, "id-ce"), + ( + &rfc5912::ID_CE_SUBJECT_KEY_IDENTIFIER, + "id-ce-subjectKeyIdentifier", + ), + (&rfc5912::ID_CE_KEY_USAGE, "id-ce-keyUsage"), + ( + &rfc5912::ID_CE_PRIVATE_KEY_USAGE_PERIOD, + "id-ce-privateKeyUsagePeriod", + ), + (&rfc5912::ID_CE_SUBJECT_ALT_NAME, "id-ce-subjectAltName"), + (&rfc5912::ID_CE_ISSUER_ALT_NAME, "id-ce-issuerAltName"), + (&rfc5912::ID_CE_BASIC_CONSTRAINTS, "id-ce-basicConstraints"), + (&rfc5912::ID_CE_CRL_NUMBER, "id-ce-cRLNumber"), + (&rfc5912::ID_CE_CRL_REASONS, "id-ce-cRLReasons"), + ( + &rfc5912::ID_CE_HOLD_INSTRUCTION_CODE, + "id-ce-holdInstructionCode", + ), + (&rfc5912::ID_CE_INVALIDITY_DATE, "id-ce-invalidityDate"), + ( + &rfc5912::ID_CE_DELTA_CRL_INDICATOR, + "id-ce-deltaCRLIndicator", + ), + ( + &rfc5912::ID_CE_ISSUING_DISTRIBUTION_POINT, + "id-ce-issuingDistributionPoint", + ), + ( + &rfc5912::ID_CE_CERTIFICATE_ISSUER, + "id-ce-certificateIssuer", + ), + (&rfc5912::ID_CE_NAME_CONSTRAINTS, "id-ce-nameConstraints"), + ( + &rfc5912::ID_CE_CRL_DISTRIBUTION_POINTS, + "id-ce-cRLDistributionPoints", + ), + ( + &rfc5912::ID_CE_CERTIFICATE_POLICIES, + "id-ce-certificatePolicies", + ), + (&rfc5912::ID_CE_POLICY_MAPPINGS, "id-ce-policyMappings"), + ( + &rfc5912::ID_CE_AUTHORITY_KEY_IDENTIFIER, + "id-ce-authorityKeyIdentifier", + ), + ( + &rfc5912::ID_CE_POLICY_CONSTRAINTS, + "id-ce-policyConstraints", + ), + (&rfc5912::ID_CE_EXT_KEY_USAGE, "id-ce-extKeyUsage"), + (&rfc5912::ANY_EXTENDED_KEY_USAGE, "anyExtendedKeyUsage"), + (&rfc5912::ID_CE_FRESHEST_CRL, "id-ce-freshestCRL"), + (&rfc5912::ID_CE_INHIBIT_ANY_POLICY, "id-ce-inhibitAnyPolicy"), + ( + &rfc5912::ID_CE_TARGET_INFORMATION, + "id-ce-targetInformation", + ), + (&rfc5912::ID_CE_NO_REV_AVAIL, "id-ce-noRevAvail"), + ( + &rfc5912::ID_CE_SUBJECT_DIRECTORY_ATTRIBUTES, + "id-ce-subjectDirectoryAttributes", + ), + (&rfc5912::ID_AT, "id-at"), + (&rfc5912::ID_AT_ROLE, "id-at-role"), + (&rfc6109::LDIF_LOCATION_URL_OBJECT, "LDIFLocationURLObject"), + (&rfc6109::PROVIDER, "provider"), + ( + &rfc6109::PROVIDER_CERTIFICATE_HASH, + "providerCertificateHash", + ), + (&rfc6109::PROVIDER_CERTIFICATE, "providerCertificate"), + (&rfc6109::PROVIDER_NAME, "providerName"), + (&rfc6109::MAIL_RECEIPT, "mailReceipt"), + (&rfc6109::MANAGED_DOMAINS, "managedDomains"), + (&rfc6109::LDIF_LOCATION_URL, "LDIFLocationURL"), + (&rfc6109::PROVIDER_UNIT, "providerUnit"), + (&rfc6268::RSADSI, "rsadsi"), + (&rfc6268::ID_DATA, "id-data"), + (&rfc6268::ID_SIGNED_DATA, "id-signedData"), + (&rfc6268::ID_ENVELOPED_DATA, "id-envelopedData"), + (&rfc6268::ID_DIGESTED_DATA, "id-digestedData"), + (&rfc6268::ID_ENCRYPTED_DATA, "id-encryptedData"), + ( + &rfc6268::ID_CT_CONTENT_COLLECTION, + "id-ct-contentCollection", + ), + (&rfc6268::ID_CT_AUTH_DATA, "id-ct-authData"), + (&rfc6268::ID_CT_CONTENT_WITH_ATTRS, "id-ct-contentWithAttrs"), + ( + &rfc6268::ID_CT_AUTH_ENVELOPED_DATA, + "id-ct-authEnvelopedData", + ), + (&rfc6268::ID_CT_CONTENT_INFO, "id-ct-contentInfo"), + (&rfc6268::ID_CT_COMPRESSED_DATA, "id-ct-compressedData"), + ( + &rfc6268::ID_AA_BINARY_SIGNING_TIME, + "id-aa-binarySigningTime", + ), + (&rfc6268::ID_ALG_ZLIB_COMPRESS, "id-alg-zlibCompress"), + ( + &rfc6268::ID_AA_MULTIPLE_SIGNATURES, + "id-aa-multipleSignatures", + ), + (&rfc6268::ID_CONTENT_TYPE, "id-contentType"), + (&rfc6268::ID_MESSAGE_DIGEST, "id-messageDigest"), + (&rfc6268::ID_SIGNING_TIME, "id-signingTime"), + (&rfc6268::ID_COUNTERSIGNATURE, "id-countersignature"), + (&rfc6268::DIGEST_ALGORITHM, "digestAlgorithm"), + (&rfc6268::ID_HMAC_WITH_SHA_384, "id-hmacWithSHA384"), + (&rfc6268::ID_HMAC_WITH_SHA_512, "id-hmacWithSHA512"), + (&rfc6268::ID_HMAC_WITH_SHA_224, "id-hmacWithSHA224"), + (&rfc6268::ID_HMAC_WITH_SHA_256, "id-hmacWithSHA256"), + (&rfc6960::ID_PKIX_OCSP, "id-pkix-ocsp"), + (&rfc6960::ID_PKIX_OCSP_BASIC, "id-pkix-ocsp-basic"), + (&rfc6960::ID_PKIX_OCSP_NONCE, "id-pkix-ocsp-nonce"), + (&rfc6960::ID_PKIX_OCSP_CRL, "id-pkix-ocsp-crl"), + (&rfc6960::ID_PKIX_OCSP_RESPONSE, "id-pkix-ocsp-response"), + (&rfc6960::ID_PKIX_OCSP_NOCHECK, "id-pkix-ocsp-nocheck"), + ( + &rfc6960::ID_PKIX_OCSP_ARCHIVE_CUTOFF, + "id-pkix-ocsp-archive-cutoff", + ), + ( + &rfc6960::ID_PKIX_OCSP_SERVICE_LOCATOR, + "id-pkix-ocsp-service-locator", + ), + ( + &rfc6960::ID_PKIX_OCSP_PREF_SIG_ALGS, + "id-pkix-ocsp-pref-sig-algs", + ), + ( + &rfc6960::ID_PKIX_OCSP_EXTENDED_REVOKE, + "id-pkix-ocsp-extended-revoke", + ), + (&rfc6962::GOOGLE, "google"), + (&rfc6962::CT_PRECERT_SCTS, "ct-precert-scts"), + (&rfc6962::CT_PRECERT_POISON, "ct-precert-poison"), + (&rfc6962::CT_PRECERT_SIGNING_CERT, "ct-precert-signing-cert"), + (&rfc7107::ID_SMIME, "id-smime"), + (&rfc7107::ID_MOD, "id-mod"), + (&rfc7107::ID_CT, "id-ct"), + (&rfc7107::ID_EIT, "id-eit"), + (&rfc7107::ID_CAP, "id-cap"), + (&rfc7107::ID_PSKC, "id-pskc"), + (&rfc7107::ID_AA, "id-aa"), + (&rfc7107::ID_ALG, "id-alg"), + (&rfc7107::ID_CD, "id-cd"), + (&rfc7107::ID_SPQ, "id-spq"), + (&rfc7107::ID_CTI, "id-cti"), + (&rfc7107::ID_TSP, "id-tsp"), + (&rfc7107::ID_SKD, "id-skd"), + (&rfc7107::ID_STI, "id-sti"), + (&rfc7299::ID_PKIX, "id-pkix"), + (&rfc7299::ID_MOD, "id-mod"), + (&rfc7299::ID_PE, "id-pe"), + (&rfc7299::ID_ACA, "id-aca"), + (&rfc7299::ID_QCS, "id-qcs"), + (&rfc7299::ID_CCT, "id-cct"), + (&rfc7299::ID_TEST, "id-TEST"), + (&rfc7299::ID_CP, "id-cp"), + (&rfc7299::ID_CET, "id-cet"), + (&rfc7299::ID_RI, "id-ri"), + (&rfc7299::ID_SCT, "id-sct"), + (&rfc7299::ID_SWB, "id-swb"), + (&rfc7299::ID_SVP, "id-svp"), + (&rfc7299::ID_NVAE, "id-nvae"), + (&rfc7299::ID_BVAE, "id-bvae"), + (&rfc7299::ID_DNVAE, "id-dnvae"), + (&rfc7299::ID_QT, "id-qt"), + (&rfc7299::ID_LOGO, "id-logo"), + (&rfc7299::ID_PPL, "id-ppl"), + (&rfc7299::ID_MR, "id-mr"), + (&rfc7299::ID_SKIS, "id-skis"), + (&rfc7299::ID_KP, "id-kp"), + (&rfc7299::ID_IT, "id-it"), + (&rfc7299::ID_AD, "id-ad"), + (&rfc7299::ID_PKIX_OCSP, "id-pkix-ocsp"), + (&rfc7299::ID_PKIP, "id-pkip"), + (&rfc7299::ID_REG_CTRL, "id-regCtrl"), + (&rfc7299::ID_REG_INFO, "id-regInfo"), + (&rfc7299::ID_ALG, "id-alg"), + (&rfc7299::ID_CMC, "id-cmc"), + (&rfc7299::ID_CMC_GLA_RR, "id-cmc-glaRR"), + (&rfc7299::ID_ON, "id-on"), + (&rfc7299::ID_PDA, "id-pda"), + (&rfc7532::FEDFS_UUID, "fedfsUuid"), + (&rfc7532::FEDFS_FSL_PORT, "fedfsFslPort"), + (&rfc7532::FEDFS_NFS_PATH, "fedfsNfsPath"), + ( + &rfc7532::FEDFS_NSDB_CONTAINER_INFO, + "fedfsNsdbContainerInfo", + ), + (&rfc7532::FEDFS_FSN, "fedfsFsn"), + (&rfc7532::FEDFS_FSL, "fedfsFsl"), + (&rfc7532::FEDFS_NFS_FSL, "fedfsNfsFsl"), + (&rfc7532::FEDFS_NFS_MAJOR_VER, "fedfsNfsMajorVer"), + (&rfc7532::FEDFS_NFS_MINOR_VER, "fedfsNfsMinorVer"), + (&rfc7532::FEDFS_NFS_CURRENCY, "fedfsNfsCurrency"), + ( + &rfc7532::FEDFS_NFS_GEN_FLAG_WRITABLE, + "fedfsNfsGenFlagWritable", + ), + (&rfc7532::FEDFS_NFS_GEN_FLAG_GOING, "fedfsNfsGenFlagGoing"), + (&rfc7532::FEDFS_NFS_GEN_FLAG_SPLIT, "fedfsNfsGenFlagSplit"), + (&rfc7532::FEDFS_NFS_TRANS_FLAG_RDMA, "fedfsNfsTransFlagRdma"), + (&rfc7532::FEDFS_NFS_CLASS_SIMUL, "fedfsNfsClassSimul"), + (&rfc7532::FEDFS_NFS_CLASS_HANDLE, "fedfsNfsClassHandle"), + (&rfc7532::FEDFS_FSL_TTL, "fedfsFslTTL"), + (&rfc7532::FEDFS_NFS_CLASS_FILEID, "fedfsNfsClassFileid"), + (&rfc7532::FEDFS_NFS_CLASS_WRITEVER, "fedfsNfsClassWritever"), + (&rfc7532::FEDFS_NFS_CLASS_CHANGE, "fedfsNfsClassChange"), + (&rfc7532::FEDFS_NFS_CLASS_READDIR, "fedfsNfsClassReaddir"), + (&rfc7532::FEDFS_NFS_READ_RANK, "fedfsNfsReadRank"), + (&rfc7532::FEDFS_NFS_READ_ORDER, "fedfsNfsReadOrder"), + (&rfc7532::FEDFS_NFS_WRITE_RANK, "fedfsNfsWriteRank"), + (&rfc7532::FEDFS_NFS_WRITE_ORDER, "fedfsNfsWriteOrder"), + (&rfc7532::FEDFS_NFS_VAR_SUB, "fedfsNfsVarSub"), + (&rfc7532::FEDFS_NFS_VALID_FOR, "fedfsNfsValidFor"), + (&rfc7532::FEDFS_ANNOTATION, "fedfsAnnotation"), + (&rfc7532::FEDFS_NFS_URI, "fedfsNfsURI"), + (&rfc7532::FEDFS_DESCR, "fedfsDescr"), + (&rfc7532::FEDFS_NCE_DN, "fedfsNceDN"), + (&rfc7532::FEDFS_FSN_TTL, "fedfsFsnTTL"), + (&rfc7532::FEDFS_NET_ADDR, "fedfsNetAddr"), + (&rfc7532::FEDFS_NET_PORT, "fedfsNetPort"), + (&rfc7532::FEDFS_FSN_UUID, "fedfsFsnUuid"), + (&rfc7532::FEDFS_NSDB_NAME, "fedfsNsdbName"), + (&rfc7532::FEDFS_NSDB_PORT, "fedfsNsdbPort"), + (&rfc7532::FEDFS_NCE_PREFIX, "fedfsNcePrefix"), + (&rfc7532::FEDFS_FSL_UUID, "fedfsFslUuid"), + (&rfc7532::FEDFS_FSL_HOST, "fedfsFslHost"), + (&rfc7612::PRINTER_DEVICE_ID, "printer-device-id"), + ( + &rfc7612::PRINTER_DEVICE_SERVICE_COUNT, + "printer-device-service-count", + ), + (&rfc7612::PRINTER_UUID, "printer-uuid"), + (&rfc7612::PRINTER_CHARGE_INFO, "printer-charge-info"), + (&rfc7612::PRINTER_CHARGE_INFO_URI, "printer-charge-info-uri"), + (&rfc7612::PRINTER_GEO_LOCATION, "printer-geo-location"), + ( + &rfc7612::PRINTER_IPP_FEATURES_SUPPORTED, + "printer-ipp-features-supported", + ), + (&rfc8284::JID_OBJECT, "JIDObject"), + (&rfc8284::JID, "jid"), + (&rfc8410::ID_EDWARDS_CURVE_ALGS, "id-edwards-curve-algs"), + (&rfc8410::ID_X_25519, "id-X25519"), + (&rfc8410::ID_X_448, "id-X448"), + (&rfc8410::ID_ED_25519, "id-Ed25519"), + (&rfc8410::ID_ED_448, "id-Ed448"), + (&rfc8894::ID_VERI_SIGN, "id-VeriSign"), + (&rfc8894::ID_PKI, "id-pki"), + (&rfc8894::ID_ATTRIBUTES, "id-attributes"), + (&rfc8894::ID_MESSAGE_TYPE, "id-messageType"), + (&rfc8894::ID_PKI_STATUS, "id-pkiStatus"), + (&rfc8894::ID_FAIL_INFO, "id-failInfo"), + (&rfc8894::ID_SENDER_NONCE, "id-senderNonce"), + (&rfc8894::ID_RECIPIENT_NONCE, "id-recipientNonce"), + (&rfc8894::ID_TRANSACTION_ID, "id-transactionID"), +]); diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/encoder.rs b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/encoder.rs new file mode 100644 index 000000000000..4df3aab4507d --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/encoder.rs @@ -0,0 +1,165 @@ +//! OID encoder with `const` support. + +use crate::{ + arcs::{ARC_MAX_FIRST, ARC_MAX_SECOND}, + Arc, Error, ObjectIdentifier, Result, +}; + +/// BER/DER encoder +#[derive(Debug)] +pub(crate) struct Encoder { + /// Current state + state: State, + + /// Bytes of the OID being encoded in-progress + bytes: [u8; ObjectIdentifier::MAX_SIZE], + + /// Current position within the byte buffer + cursor: usize, +} + +/// Current state of the encoder +#[derive(Debug)] +enum State { + /// Initial state - no arcs yet encoded + Initial, + + /// First arc parsed + FirstArc(Arc), + + /// Encoding base 128 body of the OID + Body, +} + +impl Encoder { + /// Create a new encoder initialized to an empty default state. + pub(crate) const fn new() -> Self { + Self { + state: State::Initial, + bytes: [0u8; ObjectIdentifier::MAX_SIZE], + cursor: 0, + } + } + + /// Extend an existing OID. + pub(crate) const fn extend(oid: ObjectIdentifier) -> Self { + Self { + state: State::Body, + bytes: oid.bytes, + cursor: oid.length as usize, + } + } + + /// Encode an [`Arc`] as base 128 into the internal buffer. + pub(crate) const fn arc(mut self, arc: Arc) -> Result { + match self.state { + State::Initial => { + if arc > ARC_MAX_FIRST { + return Err(Error::ArcInvalid { arc }); + } + + self.state = State::FirstArc(arc); + Ok(self) + } + // Ensured not to overflow by `ARC_MAX_SECOND` check + #[allow(clippy::integer_arithmetic)] + State::FirstArc(first_arc) => { + if arc > ARC_MAX_SECOND { + return Err(Error::ArcInvalid { arc }); + } + + self.state = State::Body; + self.bytes[0] = (first_arc * (ARC_MAX_SECOND + 1)) as u8 + arc as u8; + self.cursor = 1; + Ok(self) + } + // TODO(tarcieri): finer-grained overflow safety / checked arithmetic + #[allow(clippy::integer_arithmetic)] + State::Body => { + // Total number of bytes in encoded arc - 1 + let nbytes = base128_len(arc); + + // Shouldn't overflow on any 16-bit+ architectures + if self.cursor + nbytes + 1 >= ObjectIdentifier::MAX_SIZE { + return Err(Error::Length); + } + + let new_cursor = self.cursor + nbytes + 1; + + // TODO(tarcieri): use `?` when stable in `const fn` + match self.encode_base128_byte(arc, nbytes, false) { + Ok(mut encoder) => { + encoder.cursor = new_cursor; + Ok(encoder) + } + Err(err) => Err(err), + } + } + } + } + + /// Finish encoding an OID. + pub(crate) const fn finish(self) -> Result { + if self.cursor >= 2 { + Ok(ObjectIdentifier { + bytes: self.bytes, + length: self.cursor as u8, + }) + } else { + Err(Error::NotEnoughArcs) + } + } + + /// Encode a single byte of a Base 128 value. + const fn encode_base128_byte(mut self, mut n: u32, i: usize, continued: bool) -> Result { + let mask = if continued { 0b10000000 } else { 0 }; + + // Underflow checked by branch + #[allow(clippy::integer_arithmetic)] + if n > 0x80 { + self.bytes[checked_add!(self.cursor, i)] = (n & 0b1111111) as u8 | mask; + n >>= 7; + + if i > 0 { + self.encode_base128_byte(n, i.saturating_sub(1), true) + } else { + Err(Error::Base128) + } + } else { + self.bytes[self.cursor] = n as u8 | mask; + Ok(self) + } + } +} + +/// Compute the length - 1 of an arc when encoded in base 128. +const fn base128_len(arc: Arc) -> usize { + match arc { + 0..=0x7f => 0, + 0x80..=0x3fff => 1, + 0x4000..=0x1fffff => 2, + 0x200000..=0x1fffffff => 3, + _ => 4, + } +} + +#[cfg(test)] +mod tests { + use super::Encoder; + use hex_literal::hex; + + /// OID `1.2.840.10045.2.1` encoded as ASN.1 BER/DER + const EXAMPLE_OID_BER: &[u8] = &hex!("2A8648CE3D0201"); + + #[test] + fn encode() { + let encoder = Encoder::new(); + let encoder = encoder.arc(1).unwrap(); + let encoder = encoder.arc(2).unwrap(); + let encoder = encoder.arc(840).unwrap(); + let encoder = encoder.arc(10045).unwrap(); + let encoder = encoder.arc(2).unwrap(); + let encoder = encoder.arc(1).unwrap(); + assert_eq!(&encoder.bytes[..encoder.cursor], EXAMPLE_OID_BER); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/error.rs b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/error.rs new file mode 100644 index 000000000000..528ce785c4d5 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/error.rs @@ -0,0 +1,83 @@ +//! Error types + +use crate::Arc; +use core::fmt; + +/// Result type +pub type Result = core::result::Result; + +/// OID errors. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub enum Error { + /// Arc exceeds allowed range (i.e. for first or second OID) + ArcInvalid { + /// Arc value that is erroneous. + arc: Arc, + }, + + /// Arc is too big (exceeds 32-bit limits of this library). + /// + /// Technically the size of an arc is not constrained by X.660, however + /// this library has elected to use `u32` as the arc representation as + /// sufficient for PKIX/PKCS usages. + ArcTooBig, + + /// Base 128 encoding error (used in BER/DER serialization of arcs). + Base128, + + /// Expected a digit, but was provided something else. + DigitExpected { + /// What was found instead of a digit + actual: u8, + }, + + /// Input data is empty. + Empty, + + /// OID length is invalid (too short or too long). + Length, + + /// Minimum 3 arcs required. + NotEnoughArcs, + + /// Trailing `.` character at end of input. + TrailingDot, +} + +impl Error { + /// Escalate this error into a panic. + /// + /// This is a workaround until `Result::unwrap` is allowed in `const fn`. + #[allow(clippy::panic)] + pub(crate) const fn panic(self) -> ! { + match self { + Error::ArcInvalid { .. } | Error::ArcTooBig => panic!("OID contains invalid arc"), + Error::Base128 => panic!("OID contains arc with invalid base 128 encoding"), + Error::DigitExpected { .. } => panic!("OID expected to start with digit"), + Error::Empty => panic!("OID value is empty"), + Error::Length => panic!("OID length invalid"), + Error::NotEnoughArcs => panic!("OID requires minimum of 3 arcs"), + Error::TrailingDot => panic!("OID ends with invalid trailing '.'"), + } + } +} + +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match *self { + Error::ArcInvalid { arc } => write!(f, "OID contains out-of-range arc: {}", arc), + Error::ArcTooBig => f.write_str("OID contains arc which is larger than 32-bits"), + Error::Base128 => f.write_str("OID contains arc with invalid base 128 encoding"), + Error::DigitExpected { actual } => { + write!(f, "expected digit, got '{}'", char::from(actual)) + } + Error::Empty => f.write_str("OID value is empty"), + Error::Length => f.write_str("OID length invalid"), + Error::NotEnoughArcs => f.write_str("OID requires minimum of 3 arcs"), + Error::TrailingDot => f.write_str("OID ends with invalid trailing '.'"), + } + } +} + +#[cfg(feature = "std")] +impl std::error::Error for Error {} diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/lib.rs new file mode 100644 index 000000000000..5bdef085dfe3 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/lib.rs @@ -0,0 +1,280 @@ +#![no_std] +#![cfg_attr(docsrs, feature(doc_cfg))] +#![doc = include_str!("../README.md")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![forbid(unsafe_code)] +#![warn( + clippy::integer_arithmetic, + clippy::panic, + clippy::panic_in_result_fn, + clippy::unwrap_used, + missing_docs, + rust_2018_idioms, + unused_lifetimes, + unused_qualifications +)] + +#[cfg(feature = "std")] +extern crate std; + +#[macro_use] +mod checked; + +mod arcs; +mod encoder; +mod error; +mod parser; + +#[cfg(feature = "db")] +#[cfg_attr(docsrs, doc(cfg(feature = "db")))] +pub mod db; + +pub use crate::{ + arcs::{Arc, Arcs}, + error::{Error, Result}, +}; + +use crate::encoder::Encoder; +use core::{fmt, str::FromStr}; + +/// A trait which associates an OID with a type. +pub trait AssociatedOid { + /// The OID associated with this type. + const OID: ObjectIdentifier; +} + +/// A trait which associates a dynamic, `&self`-dependent OID with a type, +/// which may change depending on the type's value. +/// +/// This trait is object safe and auto-impl'd for any types which impl +/// [`AssociatedOid`]. +pub trait DynAssociatedOid { + /// Get the OID associated with this value. + fn oid(&self) -> ObjectIdentifier; +} + +impl DynAssociatedOid for T { + fn oid(&self) -> ObjectIdentifier { + T::OID + } +} + +/// Object identifier (OID). +/// +/// OIDs are hierarchical structures consisting of "arcs", i.e. integer +/// identifiers. +/// +/// # Validity +/// +/// In order for an OID to be considered valid by this library, it must meet +/// the following criteria: +/// +/// - The OID MUST have at least 3 arcs +/// - The first arc MUST be within the range 0-2 +/// - The second arc MUST be within the range 0-39 +/// - The BER/DER encoding of the OID MUST be shorter than +/// [`ObjectIdentifier::MAX_SIZE`] +#[derive(Copy, Clone, Eq, Hash, PartialEq, PartialOrd, Ord)] +pub struct ObjectIdentifier { + /// Length in bytes + length: u8, + + /// Array containing BER/DER-serialized bytes (no header) + bytes: [u8; Self::MAX_SIZE], +} + +#[allow(clippy::len_without_is_empty)] +impl ObjectIdentifier { + /// Maximum size of a BER/DER-encoded OID in bytes. + pub const MAX_SIZE: usize = 39; // makes `ObjectIdentifier` 40-bytes total w\ 1-byte length + + /// Parse an [`ObjectIdentifier`] from the dot-delimited string form, + /// panicking on parse errors. + /// + /// This function exists as a workaround for `unwrap` not yet being + /// stable in `const fn` contexts, and is intended to allow the result to + /// be bound to a constant value: + /// + /// ``` + /// use const_oid::ObjectIdentifier; + /// + /// pub const MY_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1"); + /// ``` + /// + /// In future versions of Rust it should be possible to replace this with + /// `ObjectIdentifier::new(...).unwrap()`. + /// + /// Use [`ObjectIdentifier::new`] for fallible parsing. + // TODO(tarcieri): remove this when `Result::unwrap` is `const fn` + pub const fn new_unwrap(s: &str) -> Self { + match Self::new(s) { + Ok(oid) => oid, + Err(err) => err.panic(), + } + } + + /// Parse an [`ObjectIdentifier`] from the dot-delimited string form. + pub const fn new(s: &str) -> Result { + // TODO(tarcieri): use `?` when stable in `const fn` + match parser::Parser::parse(s) { + Ok(parser) => parser.finish(), + Err(err) => Err(err), + } + } + + /// Parse an OID from a slice of [`Arc`] values (i.e. integers). + pub fn from_arcs(arcs: impl IntoIterator) -> Result { + let mut encoder = Encoder::new(); + + for arc in arcs { + encoder = encoder.arc(arc)?; + } + + encoder.finish() + } + + /// Parse an OID from from its BER/DER encoding. + pub fn from_bytes(ber_bytes: &[u8]) -> Result { + let len = ber_bytes.len(); + + match len { + 0 => return Err(Error::Empty), + 3..=Self::MAX_SIZE => (), + _ => return Err(Error::NotEnoughArcs), + } + let mut bytes = [0u8; Self::MAX_SIZE]; + bytes[..len].copy_from_slice(ber_bytes); + + let oid = Self { + bytes, + length: len as u8, + }; + + // Ensure arcs are well-formed + let mut arcs = oid.arcs(); + while arcs.try_next()?.is_some() {} + + Ok(oid) + } + + /// Get the BER/DER serialization of this OID as bytes. + /// + /// Note that this encoding omits the tag/length, and only contains the + /// value portion of the encoded OID. + pub fn as_bytes(&self) -> &[u8] { + &self.bytes[..self.length as usize] + } + + /// Return the arc with the given index, if it exists. + pub fn arc(&self, index: usize) -> Option { + self.arcs().nth(index) + } + + /// Iterate over the arcs (a.k.a. nodes) of an [`ObjectIdentifier`]. + /// + /// Returns [`Arcs`], an iterator over [`Arc`] values. + pub fn arcs(&self) -> Arcs<'_> { + Arcs::new(self) + } + + /// Get the length of this [`ObjectIdentifier`] in arcs. + pub fn len(&self) -> usize { + self.arcs().count() + } + + /// Get the parent OID of this one (if applicable). + pub fn parent(&self) -> Option { + let num_arcs = self.len().checked_sub(1)?; + Self::from_arcs(self.arcs().take(num_arcs)).ok() + } + + /// Push an additional arc onto this OID, returning the child OID. + pub const fn push_arc(self, arc: Arc) -> Result { + // TODO(tarcieri): use `?` when stable in `const fn` + match Encoder::extend(self).arc(arc) { + Ok(encoder) => encoder.finish(), + Err(err) => Err(err), + } + } +} + +impl AsRef<[u8]> for ObjectIdentifier { + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } +} + +impl FromStr for ObjectIdentifier { + type Err = Error; + + fn from_str(string: &str) -> Result { + Self::new(string) + } +} + +impl TryFrom<&[u8]> for ObjectIdentifier { + type Error = Error; + + fn try_from(ber_bytes: &[u8]) -> Result { + Self::from_bytes(ber_bytes) + } +} + +impl From<&ObjectIdentifier> for ObjectIdentifier { + fn from(oid: &ObjectIdentifier) -> ObjectIdentifier { + *oid + } +} + +impl fmt::Debug for ObjectIdentifier { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "ObjectIdentifier({})", self) + } +} + +impl fmt::Display for ObjectIdentifier { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + let len = self.arcs().count(); + + for (i, arc) in self.arcs().enumerate() { + write!(f, "{}", arc)?; + + if let Some(j) = i.checked_add(1) { + if j < len { + write!(f, ".")?; + } + } + } + + Ok(()) + } +} + +// Implement by hand because the derive would create invalid values. +// Use the constructor to create a valid oid with at least 3 arcs. +#[cfg(feature = "arbitrary")] +impl<'a> arbitrary::Arbitrary<'a> for ObjectIdentifier { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + let first = u.int_in_range(0..=arcs::ARC_MAX_FIRST)?; + let second = u.int_in_range(0..=arcs::ARC_MAX_SECOND)?; + let third = u.arbitrary()?; + + let mut oid = Self::from_arcs([first, second, third]) + .map_err(|_| arbitrary::Error::IncorrectFormat)?; + + for arc in u.arbitrary_iter()? { + oid = oid + .push_arc(arc?) + .map_err(|_| arbitrary::Error::IncorrectFormat)?; + } + + Ok(oid) + } + + fn size_hint(depth: usize) -> (usize, Option) { + (Arc::size_hint(depth).0.saturating_mul(3), None) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/parser.rs b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/parser.rs new file mode 100644 index 000000000000..6f875faaa656 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/parser.rs @@ -0,0 +1,112 @@ +//! OID string parser with `const` support. + +use crate::{encoder::Encoder, Arc, Error, ObjectIdentifier, Result}; + +/// Const-friendly OID string parser. +/// +/// Parses an OID from the dotted string representation. +#[derive(Debug)] +pub(crate) struct Parser { + /// Current arc in progress + current_arc: Arc, + + /// BER/DER encoder + encoder: Encoder, +} + +impl Parser { + /// Parse an OID from a dot-delimited string e.g. `1.2.840.113549.1.1.1` + pub(crate) const fn parse(s: &str) -> Result { + let bytes = s.as_bytes(); + + if bytes.is_empty() { + return Err(Error::Empty); + } + + match bytes[0] { + b'0'..=b'9' => Self { + current_arc: 0, + encoder: Encoder::new(), + } + .parse_bytes(bytes), + actual => Err(Error::DigitExpected { actual }), + } + } + + /// Finish parsing, returning the result + pub(crate) const fn finish(self) -> Result { + self.encoder.finish() + } + + /// Parse the remaining bytes + const fn parse_bytes(mut self, bytes: &[u8]) -> Result { + match bytes { + // TODO(tarcieri): use `?` when stable in `const fn` + [] => match self.encoder.arc(self.current_arc) { + Ok(encoder) => { + self.encoder = encoder; + Ok(self) + } + Err(err) => Err(err), + }, + // TODO(tarcieri): checked arithmetic + #[allow(clippy::integer_arithmetic)] + [byte @ b'0'..=b'9', remaining @ ..] => { + let digit = byte.saturating_sub(b'0'); + self.current_arc = self.current_arc * 10 + digit as Arc; + self.parse_bytes(remaining) + } + [b'.', remaining @ ..] => { + if remaining.is_empty() { + return Err(Error::TrailingDot); + } + + // TODO(tarcieri): use `?` when stable in `const fn` + match self.encoder.arc(self.current_arc) { + Ok(encoder) => { + self.encoder = encoder; + self.current_arc = 0; + self.parse_bytes(remaining) + } + Err(err) => Err(err), + } + } + [byte, ..] => Err(Error::DigitExpected { actual: *byte }), + } + } +} + +#[cfg(test)] +mod tests { + use super::Parser; + use crate::Error; + + #[test] + fn parse() { + let oid = Parser::parse("1.23.456").unwrap().finish().unwrap(); + assert_eq!(oid, "1.23.456".parse().unwrap()); + } + + #[test] + fn reject_empty_string() { + assert_eq!(Parser::parse("").err().unwrap(), Error::Empty); + } + + #[test] + fn reject_non_digits() { + assert_eq!( + Parser::parse("X").err().unwrap(), + Error::DigitExpected { actual: b'X' } + ); + + assert_eq!( + Parser::parse("1.2.X").err().unwrap(), + Error::DigitExpected { actual: b'X' } + ); + } + + #[test] + fn reject_trailing_dot() { + assert_eq!(Parser::parse("1.23.").err().unwrap(), Error::TrailingDot); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/tests/lib.rs b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/tests/lib.rs new file mode 100644 index 000000000000..e91dfc6cae46 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/tests/lib.rs @@ -0,0 +1,209 @@ +//! `const-oid` crate tests + +// TODO(tarcieri): test full set of OID encoding constraints specified here: +// + +use const_oid::{Error, ObjectIdentifier}; +use hex_literal::hex; +use std::string::ToString; + +/// Example OID value with a root arc of `0` (and large arc). +const EXAMPLE_OID_0_STR: &str = "0.9.2342.19200300.100.1.1"; +const EXAMPLE_OID_0_BER: &[u8] = &hex!("0992268993F22C640101"); +const EXAMPLE_OID_0: ObjectIdentifier = ObjectIdentifier::new_unwrap(EXAMPLE_OID_0_STR); + +/// Example OID value with a root arc of `1`. +const EXAMPLE_OID_1_STR: &str = "1.2.840.10045.2.1"; +const EXAMPLE_OID_1_BER: &[u8] = &hex!("2A8648CE3D0201"); +const EXAMPLE_OID_1: ObjectIdentifier = ObjectIdentifier::new_unwrap(EXAMPLE_OID_1_STR); + +/// Example OID value with a root arc of `2`. +const EXAMPLE_OID_2_STR: &str = "2.16.840.1.101.3.4.1.42"; +const EXAMPLE_OID_2_BER: &[u8] = &hex!("60864801650304012A"); +const EXAMPLE_OID_2: ObjectIdentifier = ObjectIdentifier::new_unwrap(EXAMPLE_OID_2_STR); + +/// Example OID value with a large arc +const EXAMPLE_OID_LARGE_ARC_STR: &str = "0.9.2342.19200300.100.1.1"; +const EXAMPLE_OID_LARGE_ARC_BER: &[u8] = &hex!("0992268993F22C640101"); +const EXAMPLE_OID_LARGE_ARC: ObjectIdentifier = + ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.1"); + +#[test] +fn from_bytes() { + let oid0 = ObjectIdentifier::from_bytes(EXAMPLE_OID_0_BER).unwrap(); + assert_eq!(oid0.arc(0).unwrap(), 0); + assert_eq!(oid0.arc(1).unwrap(), 9); + assert_eq!(oid0, EXAMPLE_OID_0); + + let oid1 = ObjectIdentifier::from_bytes(EXAMPLE_OID_1_BER).unwrap(); + assert_eq!(oid1.arc(0).unwrap(), 1); + assert_eq!(oid1.arc(1).unwrap(), 2); + assert_eq!(oid1, EXAMPLE_OID_1); + + let oid2 = ObjectIdentifier::from_bytes(EXAMPLE_OID_2_BER).unwrap(); + assert_eq!(oid2.arc(0).unwrap(), 2); + assert_eq!(oid2.arc(1).unwrap(), 16); + assert_eq!(oid2, EXAMPLE_OID_2); + + let oid3 = ObjectIdentifier::from_bytes(EXAMPLE_OID_LARGE_ARC_BER).unwrap(); + assert_eq!(oid3.arc(0).unwrap(), 0); + assert_eq!(oid3.arc(1).unwrap(), 9); + assert_eq!(oid3.arc(2).unwrap(), 2342); + assert_eq!(oid3.arc(3).unwrap(), 19200300); + assert_eq!(oid3.arc(4).unwrap(), 100); + assert_eq!(oid3.arc(5).unwrap(), 1); + assert_eq!(oid3.arc(6).unwrap(), 1); + assert_eq!(oid3, EXAMPLE_OID_LARGE_ARC); + + // Empty + assert_eq!(ObjectIdentifier::from_bytes(&[]), Err(Error::Empty)); + + // Truncated + assert_eq!( + ObjectIdentifier::from_bytes(&[42]), + Err(Error::NotEnoughArcs) + ); + assert_eq!( + ObjectIdentifier::from_bytes(&[42, 134]), + Err(Error::NotEnoughArcs) + ); +} + +#[test] +fn from_str() { + let oid0 = EXAMPLE_OID_0_STR.parse::().unwrap(); + assert_eq!(oid0.arc(0).unwrap(), 0); + assert_eq!(oid0.arc(1).unwrap(), 9); + assert_eq!(oid0, EXAMPLE_OID_0); + + let oid1 = EXAMPLE_OID_1_STR.parse::().unwrap(); + assert_eq!(oid1.arc(0).unwrap(), 1); + assert_eq!(oid1.arc(1).unwrap(), 2); + assert_eq!(oid1, EXAMPLE_OID_1); + + let oid2 = EXAMPLE_OID_2_STR.parse::().unwrap(); + assert_eq!(oid2.arc(0).unwrap(), 2); + assert_eq!(oid2.arc(1).unwrap(), 16); + assert_eq!(oid2, EXAMPLE_OID_2); + + let oid3 = EXAMPLE_OID_LARGE_ARC_STR + .parse::() + .unwrap(); + assert_eq!(oid3.arc(0).unwrap(), 0); + assert_eq!(oid3.arc(1).unwrap(), 9); + assert_eq!(oid3.arc(2).unwrap(), 2342); + assert_eq!(oid3.arc(3).unwrap(), 19200300); + assert_eq!(oid3.arc(4).unwrap(), 100); + assert_eq!(oid3.arc(5).unwrap(), 1); + assert_eq!(oid3.arc(6).unwrap(), 1); + assert_eq!(oid3, EXAMPLE_OID_LARGE_ARC); + + // Too short + assert_eq!("1.2".parse::(), Err(Error::NotEnoughArcs)); + + // Truncated + assert_eq!( + "1.2.840.10045.2.".parse::(), + Err(Error::TrailingDot) + ); + + // Invalid first arc + assert_eq!( + "3.2.840.10045.2.1".parse::(), + Err(Error::ArcInvalid { arc: 3 }) + ); + + // Invalid second arc + assert_eq!( + "1.40.840.10045.2.1".parse::(), + Err(Error::ArcInvalid { arc: 40 }) + ); +} + +#[test] +fn display() { + assert_eq!(EXAMPLE_OID_0.to_string(), EXAMPLE_OID_0_STR); + assert_eq!(EXAMPLE_OID_1.to_string(), EXAMPLE_OID_1_STR); + assert_eq!(EXAMPLE_OID_2.to_string(), EXAMPLE_OID_2_STR); + assert_eq!(EXAMPLE_OID_LARGE_ARC.to_string(), EXAMPLE_OID_LARGE_ARC_STR); +} + +#[test] +fn try_from_u32_slice() { + let oid1 = ObjectIdentifier::from_arcs([1, 2, 840, 10045, 2, 1]).unwrap(); + assert_eq!(oid1.arc(0).unwrap(), 1); + assert_eq!(oid1.arc(1).unwrap(), 2); + assert_eq!(EXAMPLE_OID_1, oid1); + + let oid2 = ObjectIdentifier::from_arcs([2, 16, 840, 1, 101, 3, 4, 1, 42]).unwrap(); + assert_eq!(oid2.arc(0).unwrap(), 2); + assert_eq!(oid2.arc(1).unwrap(), 16); + assert_eq!(EXAMPLE_OID_2, oid2); + + // Too short + assert_eq!( + ObjectIdentifier::from_arcs([1, 2]), + Err(Error::NotEnoughArcs) + ); + + // Invalid first arc + assert_eq!( + ObjectIdentifier::from_arcs([3, 2, 840, 10045, 3, 1, 7]), + Err(Error::ArcInvalid { arc: 3 }) + ); + + // Invalid second arc + assert_eq!( + ObjectIdentifier::from_arcs([1, 40, 840, 10045, 3, 1, 7]), + Err(Error::ArcInvalid { arc: 40 }) + ); +} + +#[test] +fn as_bytes() { + assert_eq!(EXAMPLE_OID_1.as_bytes(), EXAMPLE_OID_1_BER); + assert_eq!(EXAMPLE_OID_2.as_bytes(), EXAMPLE_OID_2_BER); +} + +#[test] +fn parse_empty() { + assert_eq!(ObjectIdentifier::new(""), Err(Error::Empty)); +} + +#[test] +fn parse_not_enough_arcs() { + assert_eq!(ObjectIdentifier::new("1.2"), Err(Error::NotEnoughArcs)); +} + +#[test] +fn parse_invalid_first_arc() { + assert_eq!( + ObjectIdentifier::new("3.2.840.10045.3.1.7"), + Err(Error::ArcInvalid { arc: 3 }) + ); +} + +#[test] +fn parse_invalid_second_arc() { + assert_eq!( + ObjectIdentifier::new("1.40.840.10045.3.1.7"), + Err(Error::ArcInvalid { arc: 40 }) + ); +} + +#[test] +fn parent() { + let oid = ObjectIdentifier::new("1.2.3.4").unwrap(); + let parent = oid.parent().unwrap(); + assert_eq!(parent, ObjectIdentifier::new("1.2.3").unwrap()); + assert_eq!(parent.parent(), None); +} + +#[test] +fn push_arc() { + let oid = ObjectIdentifier::new("1.2.3").unwrap(); + assert_eq!( + oid.push_arc(4).unwrap(), + ObjectIdentifier::new("1.2.3.4").unwrap() + ); +} diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/.cargo_vcs_info.json deleted file mode 100644 index db10f63abab7..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/.cargo_vcs_info.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "git": { - "sha1": "6580afb3b14453944d014b11078d3c18643ebba2" - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/CHANGELOG.md deleted file mode 100644 index 9be3e3df9193..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/CHANGELOG.md +++ /dev/null @@ -1,80 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -## 0.10.1 (2021-07-20) -### Changed -- Pin `subtle` dependency to v2.4 ([#690]) - -[#690]: https://github.com/RustCrypto/traits/pull/690 - -## 0.10.0 (2020-10-15) -### Changed -- Replace `block-cipher` crate with new `cipher` crate ([#337], [#338]) - -[#338]: https://github.com/RustCrypto/traits/pull/338 -[#337]: https://github.com/RustCrypto/traits/pull/337 - -## 0.9.1 (2020-08-12) -### Added -- Re-export the `block-cipher` crate ([#257]) - -[#257]: https://github.com/RustCrypto/traits/pull/257 - -## 0.9.0 (2020-08-10) -### Added -- `FromBlockCipher` trait and blanket implementation of the `NewMac` trait -for it ([#217]) - -### Changed -- Updated test vectors storage to `blobby v0.3` ([#217]) - -### Removed -- `impl_write!` macro ([#217]) - -[#217]: https://github.com/RustCrypto/traits/pull/217 - -## 0.8.0 (2020-06-04) -### Added -- `impl_write!` macro ([#134]) - -### Changed -- Bump `generic-array` dependency to v0.14 ([#144]) -- Split `Mac` initialization into `NewMac` trait ([#133]) -- Rename `MacResult` => `Output`, `code` => `into_bytes` ([#114]) -- Rename `Input::input` to `Update::update` ([#111]) -- Update to 2018 edition ([#108]) -- Bump `subtle` dependency from v1.0 to v2.0 ([#33]) - -[#144]: https://github.com/RustCrypto/traits/pull/95 -[#134]: https://github.com/RustCrypto/traits/pull/134 -[#133]: https://github.com/RustCrypto/traits/pull/133 -[#114]: https://github.com/RustCrypto/traits/pull/114 -[#111]: https://github.com/RustCrypto/traits/pull/111 -[#108]: https://github.com/RustCrypto/traits/pull/108 -[#33]: https://github.com/RustCrypto/traits/pull/33 - -## 0.7.0 (2018-10-01) - -## 0.6.2 (2018-06-21) - -## 0.6.1 (2018-06-20) - -## 0.6.0 (2017-11-26) - -## 0.5.2 (2017-11-20) - -## 0.5.1 (2017-11-15) - -## 0.5.0 (2017-11-14) - -## 0.4.0 (2017-06-12) - -## 0.3.0 (2017-05-14) - -## 0.2.0 (2017-05-14) - -## 0.1.0 (2016-10-14) diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/Cargo.toml deleted file mode 100644 index 72bcffceeb27..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/Cargo.toml +++ /dev/null @@ -1,45 +0,0 @@ -# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO -# -# When uploading crates to the registry Cargo will automatically -# "normalize" Cargo.toml files for maximal compatibility -# with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies -# -# If you believe there's an error in this file please file an -# issue against the rust-lang/cargo repository. If you're -# editing this file be aware that the upstream Cargo.toml -# will likely look very different (and much more reasonable) - -[package] -edition = "2018" -name = "crypto-mac" -version = "0.10.1" -authors = ["RustCrypto Developers"] -description = "Trait for Message Authentication Code (MAC) algorithms" -documentation = "https://docs.rs/crypto-mac" -readme = "README.md" -keywords = ["crypto", "mac"] -categories = ["cryptography", "no-std"] -license = "MIT OR Apache-2.0" -repository = "https://github.com/RustCrypto/traits" -[package.metadata.docs.rs] -all-features = true -rustdoc-args = ["--cfg", "docsrs"] -[dependencies.blobby] -version = "0.3" -optional = true - -[dependencies.cipher] -version = "0.2" -optional = true - -[dependencies.generic-array] -version = "0.14" - -[dependencies.subtle] -version = "=2.4" -default-features = false - -[features] -dev = ["blobby"] -std = [] diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/Cargo.toml.orig deleted file mode 100644 index ea161da60e94..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/Cargo.toml.orig +++ /dev/null @@ -1,26 +0,0 @@ -[package] -name = "crypto-mac" -description = "Trait for Message Authentication Code (MAC) algorithms" -version = "0.10.1" # Also update html_root_url in lib.rs when bumping this -authors = ["RustCrypto Developers"] -license = "MIT OR Apache-2.0" -readme = "README.md" -edition = "2018" -documentation = "https://docs.rs/crypto-mac" -repository = "https://github.com/RustCrypto/traits" -keywords = ["crypto", "mac"] -categories = ["cryptography", "no-std"] - -[dependencies] -generic-array = "0.14" -cipher = { version = "0.2", optional = true, path = "../cipher" } -subtle = { version = "=2.4", default-features = false } -blobby = { version = "0.3", optional = true } - -[features] -dev = ["blobby"] -std = [] - -[package.metadata.docs.rs] -all-features = true -rustdoc-args = ["--cfg", "docsrs"] diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/README.md b/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/README.md deleted file mode 100644 index 889d6c2449b8..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# RustCrypto: Message Authentication Code Traits - -[![crate][crate-image]][crate-link] -[![Docs][docs-image]][docs-link] -![Apache2/MIT licensed][license-image] -![Rust Version][rustc-image] -[![Project Chat][chat-image]][chat-link] -[![Build Status][build-image]][build-link] - -Traits for [Message Authentication Code] (MAC) algorithms. - -See [RustCrypto/MACs] for implementations which use this trait. - -[Documentation][docs-link] - -## Minimum Supported Rust Version - -Rust **1.41** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above - -## License - -Licensed under either of: - - * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) - * [MIT license](http://opensource.org/licenses/MIT) - -at your option. - -### Contribution - -Unless you explicitly state otherwise, any contribution intentionally submitted -for inclusion in the work by you, as defined in the Apache-2.0 license, shall be -dual licensed as above, without any additional terms or conditions. - -[//]: # (badges) - -[crate-image]: https://img.shields.io/crates/v/crypto-mac.svg -[crate-link]: https://crates.io/crates/crypto-mac -[docs-image]: https://docs.rs/crypto-mac/badge.svg -[docs-link]: https://docs.rs/crypto-mac/ -[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.41+-blue.svg -[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg -[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260044-MACs -[build-image]: https://github.com/RustCrypto/traits/workflows/crypto-mac/badge.svg?branch=master&event=push -[build-link]: https://github.com/RustCrypto/traits/actions?query=workflow%3Acrypto-mac - -[//]: # (general links) - -[Message Authentication Code]: https://en.wikipedia.org/wiki/Message_authentication_code -[RustCrypto/MACs]: https://github.com/RustCrypto/MACs diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/dev.rs b/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/dev.rs deleted file mode 100644 index e2348501e02d..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/dev.rs +++ /dev/null @@ -1,88 +0,0 @@ -//! Development-related functionality - -pub use blobby; - -/// Define test -#[macro_export] -#[cfg_attr(docsrs, doc(cfg(feature = "dev")))] -macro_rules! new_test { - ($name:ident, $test_name:expr, $mac:ty) => { - #[test] - fn $name() { - use crypto_mac::dev::blobby::Blob3Iterator; - use crypto_mac::{Mac, NewMac}; - - fn run_test(key: &[u8], input: &[u8], tag: &[u8]) -> Option<&'static str> { - let mut mac = <$mac as NewMac>::new_varkey(key).unwrap(); - mac.update(input); - let result = mac.finalize_reset(); - if &result.into_bytes()[..] != tag { - return Some("whole message"); - } - // test if reset worked correctly - mac.update(input); - if mac.verify(&tag).is_err() { - return Some("after reset"); - } - - let mut mac = <$mac as NewMac>::new_varkey(key).unwrap(); - // test reading byte by byte - for i in 0..input.len() { - mac.update(&input[i..i + 1]); - } - if let Err(_) = mac.verify(tag) { - return Some("message byte-by-byte"); - } - None - } - - let data = include_bytes!(concat!("data/", $test_name, ".blb")); - - for (i, row) in Blob3Iterator::new(data).unwrap().enumerate() { - let [key, input, tag] = row.unwrap(); - if let Some(desc) = run_test(key, input, tag) { - panic!( - "\n\ - Failed test №{}: {}\n\ - key:\t{:?}\n\ - input:\t{:?}\n\ - tag:\t{:?}\n", - i, desc, key, input, tag, - ); - } - } - } - }; -} - -/// Define benchmark -#[macro_export] -#[cfg_attr(docsrs, doc(cfg(feature = "dev")))] -macro_rules! bench { - ($name:ident, $engine:path, $bs:expr) => { - #[bench] - fn $name(b: &mut Bencher) { - let key = Default::default(); - let mut mac = <$engine>::new(&key); - let data = [0; $bs]; - - b.iter(|| { - mac.update(&data); - }); - - b.bytes = $bs; - } - }; - - ($engine:path) => { - extern crate test; - - use crypto_mac::{Mac, NewMac}; - use test::Bencher; - - $crate::bench!(bench1_10, $engine, 10); - $crate::bench!(bench2_100, $engine, 100); - $crate::bench!(bench3_1000, $engine, 1000); - $crate::bench!(bench3_10000, $engine, 10000); - }; -} diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/errors.rs b/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/errors.rs deleted file mode 100644 index 7bcb0fd34092..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/errors.rs +++ /dev/null @@ -1,27 +0,0 @@ -use core::fmt; - -/// Error type for signaling failed MAC verification -#[derive(Default, Debug, Copy, Clone, Eq, PartialEq)] -pub struct MacError; - -/// Error type for signaling invalid key length for MAC initialization -#[derive(Default, Debug, Copy, Clone, Eq, PartialEq)] -pub struct InvalidKeyLength; - -impl fmt::Display for MacError { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str("failed MAC verification") - } -} - -impl fmt::Display for InvalidKeyLength { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str("invalid key length") - } -} - -#[cfg(feature = "std")] -impl std::error::Error for MacError {} - -#[cfg(feature = "std")] -impl std::error::Error for InvalidKeyLength {} diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/lib.rs deleted file mode 100644 index 22b2201f6290..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/lib.rs +++ /dev/null @@ -1,160 +0,0 @@ -//! This crate provides trait for Message Authentication Code (MAC) algorithms. - -#![no_std] -#![cfg_attr(docsrs, feature(doc_cfg))] -#![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_root_url = "https://docs.rs/crypto-mac/0.10.1" -)] -#![forbid(unsafe_code)] -#![warn(missing_docs, rust_2018_idioms)] - -#[cfg(feature = "std")] -extern crate std; - -#[cfg(feature = "cipher")] -pub use cipher; -#[cfg(feature = "cipher")] -use cipher::{BlockCipher, NewBlockCipher}; - -#[cfg(feature = "dev")] -#[cfg_attr(docsrs, doc(cfg(feature = "dev")))] -pub mod dev; - -mod errors; - -pub use crate::errors::{InvalidKeyLength, MacError}; -pub use generic_array::{self, typenum::consts}; - -use generic_array::typenum::Unsigned; -use generic_array::{ArrayLength, GenericArray}; -use subtle::{Choice, ConstantTimeEq}; - -/// Key for an algorithm that implements [`NewMac`]. -pub type Key = GenericArray::KeySize>; - -/// Instantiate a [`Mac`] algorithm. -pub trait NewMac: Sized { - /// Key size in bytes with which cipher guaranteed to be initialized. - type KeySize: ArrayLength; - - /// Initialize new MAC instance from key with fixed size. - fn new(key: &Key) -> Self; - - /// Initialize new MAC instance from key with variable size. - /// - /// Default implementation will accept only keys with length equal to - /// `KeySize`, but some MACs can accept range of key lengths. - fn new_varkey(key: &[u8]) -> Result { - if key.len() != Self::KeySize::to_usize() { - Err(InvalidKeyLength) - } else { - Ok(Self::new(GenericArray::from_slice(key))) - } - } -} - -/// The [`Mac`] trait defines methods for a Message Authentication algorithm. -pub trait Mac: Clone { - /// Output size of the [[`Mac`]] - type OutputSize: ArrayLength; - - /// Update MAC state with the given data. - fn update(&mut self, data: &[u8]); - - /// Reset [`Mac`] instance. - fn reset(&mut self); - - /// Obtain the result of a [`Mac`] computation as a [`Output`] and consume - /// [`Mac`] instance. - fn finalize(self) -> Output; - - /// Obtain the result of a [`Mac`] computation as a [`Output`] and reset - /// [`Mac`] instance. - fn finalize_reset(&mut self) -> Output { - let res = self.clone().finalize(); - self.reset(); - res - } - - /// Check if tag/code value is correct for the processed input. - fn verify(self, tag: &[u8]) -> Result<(), MacError> { - let choice = self.finalize().bytes.ct_eq(tag); - - if choice.unwrap_u8() == 1 { - Ok(()) - } else { - Err(MacError) - } - } -} - -/// [`Output`] is a thin wrapper around bytes array which provides a safe `Eq` -/// implementation that runs in a fixed time. -#[derive(Clone)] -pub struct Output { - bytes: GenericArray, -} - -impl Output { - /// Create a new MAC [`Output`]. - pub fn new(bytes: GenericArray) -> Output { - Output { bytes } - } - - /// Get the MAC tag/code value as a byte array. - /// - /// Be very careful using this method, since incorrect use of the tag value - /// may permit timing attacks which defeat the security provided by the - /// [`Mac`] trait. - pub fn into_bytes(self) -> GenericArray { - self.bytes - } -} - -impl ConstantTimeEq for Output { - fn ct_eq(&self, other: &Self) -> Choice { - self.bytes.ct_eq(&other.bytes) - } -} - -impl PartialEq for Output { - fn eq(&self, x: &Output) -> bool { - self.ct_eq(x).unwrap_u8() == 1 - } -} - -impl Eq for Output {} - -#[cfg(feature = "cipher")] -#[cfg_attr(docsrs, doc(cfg(feature = "cipher")))] -/// Trait for MAC functions which can be created from block cipher. -pub trait FromBlockCipher { - /// Block cipher type - type Cipher: BlockCipher; - - /// Create new MAC isntance from provided block cipher. - fn from_cipher(cipher: Self::Cipher) -> Self; -} - -#[cfg(feature = "cipher")] -#[cfg_attr(docsrs, doc(cfg(feature = "cipher")))] -impl NewMac for T -where - T: FromBlockCipher, - T::Cipher: NewBlockCipher, -{ - type KeySize = <::Cipher as NewBlockCipher>::KeySize; - - fn new(key: &Key) -> Self { - let cipher = ::Cipher::new(key); - Self::from_cipher(cipher) - } - - fn new_varkey(key: &[u8]) -> Result { - ::Cipher::new_varkey(key) - .map_err(|_| InvalidKeyLength) - .map(Self::from_cipher) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/.cargo_vcs_info.json deleted file mode 100644 index c8ac5fe47fa8..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/.cargo_vcs_info.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "git": { - "sha1": "09a726cc8c995a7565d80148536df21f1f287659" - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/CHANGELOG.md deleted file mode 100644 index 000b9654c1c4..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/CHANGELOG.md +++ /dev/null @@ -1,197 +0,0 @@ -# Changelog - -Entries are listed in reverse chronological order per undeprecated -major series. - -## 3.x series - -### 3.2.0 - -* Add support for getting the identity element for the Montgomery - form of curve25519, which is useful in certain protocols for - checking contributory behaviour in derivation of shared secrets. - -### 3.1.2 - -* Revert a commit which mistakenly removed support for `zeroize` traits - for some point types, as well as elligator2 support for Edwards points. - -### 3.1.1 - -* Fix documentation builds on nightly due to syntax changes to - `#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]`. - -### 3.1.0 - -* Add support for the Elligator2 encoding for Edwards points. -* Add two optional formally-verified field arithmetic backends which - use the Fiat Crypto project's Rust code, which is generated from - proofs of functional correctness checked by the Coq theorem proving - system. -* Add support for additional sizes of precomputed tables for basepoint - scalar multiplication. -* Fix an unused import. -* Add support for using the `zeroize` traits with all point types. - Note that points are not automatically zeroized on Drop, but that - consumers of `curve25519-dalek` should call these methods manually - when needed. - -### 3.0.3 - -* Fix documentation builds on nightly due to syntax changes to - `#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]`. - -### 3.0.2 - -* Multiple documentation typo fixes. -* Fixes to make using `alloc`+`no_std` possible for stable Rust. - -### 3.0.1 - -* Update the optional `packed-simd` dependency to rely on a newer, - maintained version of the `packed-simd-2` crate. - -### 3.0.0 - -* Update the `digest` dependency to `0.9`. This requires a major version - because the `digest` traits are part of the public API, but there are - otherwise no changes to the API. - -## 2.x series - -### 2.1.3 - -* Fix documentation builds on nightly due to syntax changes to - `#![fg_attr(feature = "nightly", doc = include_str!("../README.md"))]`. - -### 2.1.2 - -* Multiple documenation typo fixes. -* Fix `alloc` feature working with stable rust. - -### 2.1.1 - -* Update the optional `packed-simd` dependency to rely on a newer, - maintained version of the `packed-simd-2` crate. - -### 2.1.0 - -* Make `Scalar::from_bits` a `const fn`, allowing its use in `const` contexts. - -### 2.0.0 - -* Fix a data modeling error in the `serde` feature pointed out by Trevor Perrin - which caused points and scalars to be serialized with length fields rather - than as fixed-size 32-byte arrays. This is a breaking change, but it fixes - compatibility with `serde-json` and ensures that the `serde-bincode` encoding - matches the conventional encoding for X/Ed25519. -* Update `rand_core` to `0.5`, allowing use with new `rand` versions. -* Switch from `clear_on_drop` to `zeroize` (by Tony Arcieri). -* Require `subtle = ^2.2.1` and remove the note advising nightly Rust, which is - no longer required as of that version of `subtle`. See the `subtle` - changelog for more details. -* Update `README.md` for `2.x` series. -* Remove the `build.rs` hack which loaded the entire crate into its own - `build.rs` to generate constants, and keep the constants in the source code. - -The only significant change is the data model change to the `serde` feature; -besides the `rand_core` version bump, there are no other user-visible changes. - -## 1.x series - -### 1.2.6 - -* Fixes to make using alloc+no_std possible for stable Rust. - -### 1.2.5 - -* Update the optional `packed-simd` dependency to rely on a newer, - maintained version of the `packed-simd-2` crate. - -### 1.2.4 - -* Specify a semver bound for `clear_on_drop` rather than an exact version, - addressing an issue where changes to inline assembly in rustc prevented - `clear_on_drop` from working without an update. - -### 1.2.3 - -* Fix an issue identified by a Quarkslab audit (and Jack Grigg), where manually - constructing unreduced `Scalar` values, as needed for X/Ed25519, and then - performing scalar/scalar arithmetic could compute incorrect results. -* Switch to upstream Rust intrinsics for the IFMA backend now that they exist in - Rust and don't need to be defined locally. -* Ensure that the NAF computation works correctly, even for parameters never - used elsewhere in the codebase. -* Minor refactoring to EdwardsPoint decompression. -* Fix broken links in documentation. -* Fix compilation on nightly broken due to changes to the `#[doc(include)]` path - root (not quite correctly done in 1.2.2). - -### 1.2.2 - -* Fix a typo in an internal doc-comment. -* Add the "crypto" tag to crate metadata. -* Fix compilation on nightly broken due to changes to the `#[doc(include)]` path - root. - -### 1.2.1 - -* Fix a bug in bucket index calculations in the Pippenger multiscalar algorithm - for very large input sizes. -* Add a more extensive randomized multiscalar multiplication consistency check - to the test suite to prevent regressions. -* Ensure that that multiscalar and NAF computations work correctly on extremal - `Scalar` values constructed via `from_bits`. - -### 1.2.0 - -* New multiscalar multiplication algorithm with better performance for - large problem sizes. The backend algorithm is selected - transparently using the size hints of the input iterators, so no - changes are required for client crates to start using it. -* Equality of Edwards points is now checked in projective coordinates. -* Serde can now be used with `no_std`. - -### 1.1.4 - -* Fix typos in documentation comments. -* Remove unnecessary `Default` bound on `Scalar::from_hash`. - -### 1.1.3 - -* Reverts the change in 1.1.0 to allow owned and borrowed RNGs, which caused a breakage due to a subtle interaction with ownership rules. (The `RngCore` change is retained). - -### 1.1.2 - -* Disabled KaTeX on `docs.rs` pending proper [support upstream](https://github.com/rust-lang/docs.rs/issues/302). - -## 1.1.1 - -* Fixed an issue related to `#[cfg(rustdoc)]` which prevented documenting multiple backends. - -### 1.1.0 - -* Adds support for precomputation for multiscalar multiplication. -* Restructures the internal source tree into `serial` and `vector` backends (no change to external API). -* Adds a new IFMA backend which sets speed records. -* The `avx2_backend` feature is now an alias for the `simd_backend` feature, which autoselects an appropriate vector backend (currently AVX2 or IFMA). -* Replaces the `rand` dependency with `rand_core`. -* Generalizes trait bounds on `RistrettoPoint::random()` and `Scalar::random()` to allow owned and borrowed RNGs and to allow `RngCore` instead of `Rng`. - -### 1.0.3 - -* Adds `ConstantTimeEq` implementation for compressed points. - -### 1.0.2 - -* Fixes a typo in the naming of variables in Ristretto formulas (no change to functionality). - -### 1.0.1 - -* Depends on the stable `2.0` version of `subtle` instead of `2.0.0-pre.0`. - -### 1.0.0 - -Initial stable release. Yanked due to a dependency mistake (see above). - diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/CODE_OF_CONDUCT.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/CODE_OF_CONDUCT.md deleted file mode 100644 index a802fde53a06..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,8 +0,0 @@ -# Code of Conduct - -We follow the [Rust Code of Conduct](http://www.rust-lang.org/conduct.html), -with the following additional clauses: - -* We respect the rights to privacy and anonymity for contributors and people in - the community. If someone wishes to contribute under a pseudonym different to - their primary identity, that wish is to be respected by all contributors. diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/CONTRIBUTING.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/CONTRIBUTING.md deleted file mode 100644 index d4e0ff8e5e97..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/CONTRIBUTING.md +++ /dev/null @@ -1,19 +0,0 @@ -# Contributing to curve25519-dalek - -If you have questions or comments, please feel free to email the -authors. - -For feature requests, suggestions, and bug reports, please open an issue on -[our Github](https://github.com/dalek-cryptography/curve25519-dalek). (Or, send us -an email if you're opposed to using Github for whatever reason.) - -Patches are welcomed as pull requests on -[our Github](https://github.com/dalek-cryptography/curve25519-dalek), as well as by -email (preferably sent to all of the authors listed in `Cargo.toml`). - -All issues on curve25519-dalek are mentored, if you want help with a bug just -ask @isislovecruft or @hdevalence. - -Some issues are easier than others. The `easy` label can be used to find the -easy issues. If you want to work on an issue, please leave a comment so that we -can assign it to you! diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/Cargo.toml deleted file mode 100644 index 9a8d462e894a..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/Cargo.toml +++ /dev/null @@ -1,97 +0,0 @@ -# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO -# -# When uploading crates to the registry Cargo will automatically -# "normalize" Cargo.toml files for maximal compatibility -# with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies -# -# If you believe there's an error in this file please file an -# issue against the rust-lang/cargo repository. If you're -# editing this file be aware that the upstream Cargo.toml -# will likely look very different (and much more reasonable) - -[package] -name = "curve25519-dalek" -version = "3.2.0" -authors = ["Isis Lovecruft ", "Henry de Valence "] -exclude = ["**/.gitignore", ".gitignore", ".travis.yml"] -description = "A pure-Rust implementation of group operations on ristretto255 and Curve25519" -homepage = "https://dalek.rs/curve25519-dalek" -documentation = "https://docs.rs/curve25519-dalek" -readme = "README.md" -keywords = ["cryptography", "crypto", "ristretto", "curve25519", "ristretto255"] -categories = ["cryptography", "no-std"] -license = "BSD-3-Clause" -repository = "https://github.com/dalek-cryptography/curve25519-dalek" -[package.metadata.docs.rs] -features = ["nightly", "simd_backend"] - -[[bench]] -name = "dalek_benchmarks" -harness = false -[dependencies.byteorder] -version = "^1.2.3" -features = ["i128"] -default-features = false - -[dependencies.digest] -version = "0.9" -default-features = false - -[dependencies.fiat-crypto] -version = "0.1.6" -optional = true - -[dependencies.packed_simd] -version = "0.3.4" -features = ["into_bits"] -optional = true -package = "packed_simd_2" - -[dependencies.rand_core] -version = "0.5" -default-features = false - -[dependencies.serde] -version = "1.0" -features = ["derive"] -optional = true -default-features = false - -[dependencies.subtle] -version = "^2.2.1" -default-features = false - -[dependencies.zeroize] -version = "1" -default-features = false -[dev-dependencies.bincode] -version = "1" - -[dev-dependencies.criterion] -version = "0.3.0" - -[dev-dependencies.hex] -version = "0.4.2" - -[dev-dependencies.rand] -version = "0.7" - -[dev-dependencies.sha2] -version = "0.9" -default-features = false - -[features] -alloc = ["zeroize/alloc"] -avx2_backend = ["simd_backend"] -default = ["std", "u64_backend"] -fiat_u32_backend = ["fiat-crypto"] -fiat_u64_backend = ["fiat-crypto"] -nightly = ["subtle/nightly"] -simd_backend = ["nightly", "u64_backend", "packed_simd"] -std = ["alloc", "subtle/std", "rand_core/std"] -u32_backend = [] -u64_backend = [] -[badges.travis-ci] -branch = "master" -repository = "dalek-cryptography/curve25519-dalek" diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/Cargo.toml.orig deleted file mode 100644 index b6ccc62e6979..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/Cargo.toml.orig +++ /dev/null @@ -1,74 +0,0 @@ -[package] -name = "curve25519-dalek" -# Before incrementing: -# - update CHANGELOG -# - update html_root_url -# - update README if required by semver -# - if README was updated, also update module documentation in src/lib.rs -version = "3.2.0" -authors = ["Isis Lovecruft ", - "Henry de Valence "] -readme = "README.md" -license = "BSD-3-Clause" -repository = "https://github.com/dalek-cryptography/curve25519-dalek" -homepage = "https://dalek.rs/curve25519-dalek" -documentation = "https://docs.rs/curve25519-dalek" -categories = ["cryptography", "no-std"] -keywords = ["cryptography", "crypto", "ristretto", "curve25519", "ristretto255"] -description = "A pure-Rust implementation of group operations on ristretto255 and Curve25519" -exclude = [ - "**/.gitignore", - ".gitignore", - ".travis.yml", -] - -[package.metadata.docs.rs] -# Disabled for now since this is borked; tracking https://github.com/rust-lang/docs.rs/issues/302 -# rustdoc-args = ["--html-in-header", ".cargo/registry/src/github.com-1ecc6299db9ec823/curve25519-dalek-0.13.2/rustdoc-include-katex-header.html"] -features = ["nightly", "simd_backend"] - -[badges] -travis-ci = { repository = "dalek-cryptography/curve25519-dalek", branch = "master"} - -[dev-dependencies] -sha2 = { version = "0.9", default-features = false } -bincode = "1" -criterion = "0.3.0" -hex = "0.4.2" -rand = "0.7" - -[[bench]] -name = "dalek_benchmarks" -harness = false - -[dependencies] -rand_core = { version = "0.5", default-features = false } -byteorder = { version = "^1.2.3", default-features = false, features = ["i128"] } -digest = { version = "0.9", default-features = false } -subtle = { version = "^2.2.1", default-features = false } -serde = { version = "1.0", default-features = false, optional = true, features = ["derive"] } -# The original packed_simd package was orphaned, see -# https://github.com/rust-lang/packed_simd/issues/303#issuecomment-701361161 -packed_simd = { version = "0.3.4", package = "packed_simd_2", features = ["into_bits"], optional = true } -zeroize = { version = "1", default-features = false } -fiat-crypto = { version = "0.1.6", optional = true} - -[features] -nightly = ["subtle/nightly"] -default = ["std", "u64_backend"] -std = ["alloc", "subtle/std", "rand_core/std"] -alloc = ["zeroize/alloc"] - -# The u32 backend uses u32s with u64 products. -u32_backend = [] -# The u64 backend uses u64s with u128 products. -u64_backend = [] -# fiat-u64 backend (with formally-verified field arith) uses u64s with u128 products. -fiat_u64_backend = ["fiat-crypto"] -# fiat-u32 backend (with formally-verified field arith) uses u32s with u64 products. -fiat_u32_backend = ["fiat-crypto"] -# The SIMD backend uses parallel formulas, using either AVX2 or AVX512-IFMA. -simd_backend = ["nightly", "u64_backend", "packed_simd"] -# DEPRECATED: this is now an alias for `simd_backend` and may be removed -# in some future release. -avx2_backend = ["simd_backend"] diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/Makefile b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/Makefile deleted file mode 100644 index 7d870571f6d9..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -FEATURES := nightly simd_backend - -doc: - cargo rustdoc --features "$(FEATURES)" -- --html-in-header docs/assets/rustdoc-include-katex-header.html - -doc-internal: - cargo rustdoc --features "$(FEATURES)" -- --html-in-header docs/assets/rustdoc-include-katex-header.html --document-private-items - diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/README.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/README.md deleted file mode 100644 index 2600cce1d4c2..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/README.md +++ /dev/null @@ -1,226 +0,0 @@ - -# curve25519-dalek [![](https://img.shields.io/crates/v/curve25519-dalek.svg)](https://crates.io/crates/curve25519-dalek) [![](https://img.shields.io/badge/dynamic/json.svg?label=docs&uri=https%3A%2F%2Fcrates.io%2Fapi%2Fv1%2Fcrates%2Fcurve25519-dalek%2Fversions&query=%24.versions%5B0%5D.num&colorB=4F74A6)](https://doc.dalek.rs) [![](https://travis-ci.org/dalek-cryptography/curve25519-dalek.svg?branch=master)](https://travis-ci.org/dalek-cryptography/curve25519-dalek) - - - -**A pure-Rust implementation of group operations on Ristretto and Curve25519.** - -`curve25519-dalek` is a library providing group operations on the Edwards and -Montgomery forms of Curve25519, and on the prime-order Ristretto group. - -`curve25519-dalek` is not intended to provide implementations of any particular -crypto protocol. Rather, implementations of those protocols (such as -[`x25519-dalek`][x25519-dalek] and [`ed25519-dalek`][ed25519-dalek]) should use -`curve25519-dalek` as a library. - -`curve25519-dalek` is intended to provide a clean and safe _mid-level_ API for use -implementing a wide range of ECC-based crypto protocols, such as key agreement, -signatures, anonymous credentials, rangeproofs, and zero-knowledge proof -systems. - -In particular, `curve25519-dalek` implements Ristretto, which constructs a -prime-order group from a non-prime-order Edwards curve. This provides the -speed and safety benefits of Edwards curve arithmetic, without the pitfalls of -cofactor-related abstraction mismatches. - -# Documentation - -The semver-stable, public-facing `curve25519-dalek` API is documented -[here][docs-external]. In addition, the unstable internal implementation -details are documented [here][docs-internal]. - -The `curve25519-dalek` documentation requires a custom HTML header to include -KaTeX for math support. Unfortunately `cargo doc` does not currently support -this, but docs can be built using -```sh -make doc -make doc-internal -``` - -# Use - -To import `curve25519-dalek`, add the following to the dependencies section of -your project's `Cargo.toml`: -```toml -curve25519-dalek = "3" -``` - -The sole breaking change in the `3.x` series was an update to the `digest` -version, and in terms of non-breaking changes it includes: - -* support for using `alloc` instead of `std` on stable Rust, -* the Elligator2 encoding for Edwards points, -* a fix to use `packed_simd2`, -* various documentation fixes and improvements, -* support for configurably-sized, precomputed lookup tables for basepoint scalar - multiplication, -* two new formally-verified field arithmetic backends which use the Fiat Crypto - Rust code, which is generated from proofs of functional correctness checked by - the Coq theorem proving system, and -* support for explicitly calling the `zeroize` traits for all point types. - -The `2.x` series has API almost entirely unchanged from the `1.x` series, -except that: - -* an error in the data modeling for the (optional) `serde` feature was - corrected, so that when the `2.x`-series `serde` implementation is used - with `serde-bincode`, the derived serialization matches the usual X/Ed25519 - formats; -* the `rand` version was updated. - -See `CHANGELOG.md` for more details. - -# Backends and Features - -The `nightly` feature enables features available only when using a Rust nightly -compiler. In particular, it is required for rendering documentation and for -the SIMD backends. - -Curve arithmetic is implemented using one of the following backends: - -* a `u32` backend using serial formulas and `u64` products; -* a `u64` backend using serial formulas and `u128` products; -* an `avx2` backend using [parallel formulas][parallel_doc] and `avx2` instructions (sets speed records); -* an `ifma` backend using [parallel formulas][parallel_doc] and `ifma` instructions (sets speed records); - -By default the `u64` backend is selected. To select a specific backend, use: -```sh -cargo build --no-default-features --features "std u32_backend" -cargo build --no-default-features --features "std u64_backend" -# Requires nightly, RUSTFLAGS="-C target_feature=+avx2" to use avx2 -cargo build --no-default-features --features "std simd_backend" -# Requires nightly, RUSTFLAGS="-C target_feature=+avx512ifma" to use ifma -cargo build --no-default-features --features "std simd_backend" -``` -Crates using `curve25519-dalek` can either select a backend on behalf of their -users, or expose feature flags that control the `curve25519-dalek` backend. - -The `std` feature is enabled by default, but it can be disabled for no-`std` -builds using `--no-default-features`. Note that this requires explicitly -selecting an arithmetic backend using one of the `_backend` features. -If no backend is selected, compilation will fail. - -# Safety - -The `curve25519-dalek` types are designed to make illegal states -unrepresentable. For example, any instance of an `EdwardsPoint` is -guaranteed to hold a point on the Edwards curve, and any instance of a -`RistrettoPoint` is guaranteed to hold a valid point in the Ristretto -group. - -All operations are implemented using constant-time logic (no -secret-dependent branches, no secret-dependent memory accesses), -unless specifically marked as being variable-time code. -We believe that our constant-time logic is lowered to constant-time -assembly, at least on `x86_64` targets. - -As an additional guard against possible future compiler optimizations, -the `subtle` crate places an optimization barrier before every -conditional move or assignment. More details can be found in [the -documentation for the `subtle` crate][subtle_doc]. - -Some functionality (e.g., multiscalar multiplication or batch -inversion) requires heap allocation for temporary buffers. All -heap-allocated buffers of potentially secret data are explicitly -zeroed before release. - -However, we do not attempt to zero stack data, for two reasons. -First, it's not possible to do so correctly: we don't have control -over stack allocations, so there's no way to know how much data to -wipe. Second, because `curve25519-dalek` provides a mid-level API, -the correct place to start zeroing stack data is likely not at the -entrypoints of `curve25519-dalek` functions, but at the entrypoints of -functions in other crates. - -The implementation is memory-safe, and contains no significant -`unsafe` code. The SIMD backend uses `unsafe` internally to call SIMD -intrinsics. These are marked `unsafe` only because invoking them on an -inappropriate CPU would cause `SIGILL`, but the entire backend is only -compiled with appropriate `target_feature`s, so this cannot occur. - -# Performance - -Benchmarks are run using [`criterion.rs`][criterion]: - -```sh -cargo bench --no-default-features --features "std u32_backend" -cargo bench --no-default-features --features "std u64_backend" -# Uses avx2 or ifma only if compiled for an appropriate target. -export RUSTFLAGS="-C target_cpu=native" -cargo bench --no-default-features --features "std simd_backend" -``` - -Performance is a secondary goal behind correctness, safety, and -clarity, but we aim to be competitive with other implementations. - -# FFI - -Unfortunately, we have no plans to add FFI to `curve25519-dalek` directly. The -reason is that we use Rust features to provide an API that maintains safety -invariants, which are not possible to maintain across an FFI boundary. For -instance, as described in the _Safety_ section above, invalid points are -impossible to construct, and this would not be the case if we exposed point -operations over FFI. - -However, `curve25519-dalek` is designed as a *mid-level* API, aimed at -implementing other, higher-level primitives. Instead of providing FFI at the -mid-level, our suggestion is to implement the higher-level primitive (a -signature, PAKE, ZKP, etc) in Rust, using `curve25519-dalek` as a dependency, -and have that crate provide a minimal, byte-buffer-oriented FFI specific to -that primitive. - -# Contributing - -Please see [CONTRIBUTING.md][contributing]. - -Patches and pull requests should be make against the `develop` -branch, **not** `master`. - -# About - -**SPOILER ALERT:** *The Twelfth Doctor's first encounter with the Daleks is in -his second full episode, "Into the Dalek". A beleaguered ship of the "Combined -Galactic Resistance" has discovered a broken Dalek that has turned "good", -desiring to kill all other Daleks. The Doctor, Clara and a team of soldiers -are miniaturized and enter the Dalek, which the Doctor names Rusty. They -repair the damage, but accidentally restore it to its original nature, causing -it to go on the rampage and alert the Dalek fleet to the whereabouts of the -rebel ship. However, the Doctor manages to return Rusty to its previous state -by linking his mind with the Dalek's: Rusty shares the Doctor's view of the -universe's beauty, but also his deep hatred of the Daleks. Rusty destroys the -other Daleks and departs the ship, determined to track down and bring an end -to the Dalek race.* - -`curve25519-dalek` is authored by Isis Agora Lovecruft and Henry de Valence. - -Portions of this library were originally a port of [Adam Langley's -Golang ed25519 library](https://github.com/agl/ed25519), which was in -turn a port of the reference `ref10` implementation. Most of this code, -including the 32-bit field arithmetic, has since been rewritten. - -The fast `u32` and `u64` scalar arithmetic was implemented by Andrew Moon, and -the addition chain for scalar inversion was provided by Brian Smith. The -optimised batch inversion was contributed by Sean Bowe and Daira Hopwood. - -The `no_std` and `zeroize` support was contributed by Tony Arcieri. - -The formally verified backends, `fiat_u32_backend` and `fiat_u64_backend`, which -integrate with the Rust generated by the -[Fiat Crypto project](https://github.com/mit-plv/fiat-crypto) were contributed -by François Garillot. - -Thanks also to Ashley Hauck, Lucas Salibian, Manish Goregaokar, Jack Grigg, -Pratyush Mishra, Michael Rosenberg, and countless others for their -contributions. - -[ed25519-dalek]: https://github.com/dalek-cryptography/ed25519-dalek -[x25519-dalek]: https://github.com/dalek-cryptography/x25519-dalek -[contributing]: https://github.com/dalek-cryptography/curve25519-dalek/blob/master/CONTRIBUTING.md -[docs-external]: https://doc.dalek.rs/curve25519_dalek/ -[docs-internal]: https://doc-internal.dalek.rs/curve25519_dalek/ -[criterion]: https://github.com/japaric/criterion.rs -[parallel_doc]: https://doc-internal.dalek.rs/curve25519_dalek/backend/vector/avx2/index.html -[subtle_doc]: https://doc.dalek.rs/subtle/ diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/benches/dalek_benchmarks.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/benches/dalek_benchmarks.rs deleted file mode 100644 index 136d0e73069c..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/benches/dalek_benchmarks.rs +++ /dev/null @@ -1,363 +0,0 @@ -#![allow(non_snake_case)] - -extern crate rand; -use rand::rngs::OsRng; -use rand::thread_rng; - -#[macro_use] -extern crate criterion; - -use criterion::measurement::Measurement; -use criterion::BatchSize; -use criterion::Criterion; -use criterion::{BenchmarkGroup, BenchmarkId}; - -extern crate curve25519_dalek; - -use curve25519_dalek::constants; -use curve25519_dalek::scalar::Scalar; - -static BATCH_SIZES: [usize; 5] = [1, 2, 4, 8, 16]; -static MULTISCALAR_SIZES: [usize; 13] = [1, 2, 4, 8, 16, 32, 64, 128, 256, 384, 512, 768, 1024]; - -mod edwards_benches { - use super::*; - - use curve25519_dalek::edwards::EdwardsPoint; - - fn compress(c: &mut Criterion) { - let B = &constants::ED25519_BASEPOINT_POINT; - c.bench_function("EdwardsPoint compression", move |b| b.iter(|| B.compress())); - } - - fn decompress(c: &mut Criterion) { - let B_comp = &constants::ED25519_BASEPOINT_COMPRESSED; - c.bench_function("EdwardsPoint decompression", move |b| { - b.iter(|| B_comp.decompress().unwrap()) - }); - } - - fn consttime_fixed_base_scalar_mul(c: &mut Criterion) { - let B = &constants::ED25519_BASEPOINT_TABLE; - let s = Scalar::from(897987897u64).invert(); - c.bench_function("Constant-time fixed-base scalar mul", move |b| { - b.iter(|| B * &s) - }); - } - - fn consttime_variable_base_scalar_mul(c: &mut Criterion) { - let B = &constants::ED25519_BASEPOINT_POINT; - let s = Scalar::from(897987897u64).invert(); - c.bench_function("Constant-time variable-base scalar mul", move |b| { - b.iter(|| B * s) - }); - } - - fn vartime_double_base_scalar_mul(c: &mut Criterion) { - c.bench_function("Variable-time aA+bB, A variable, B fixed", |bench| { - let mut rng = thread_rng(); - let A = &Scalar::random(&mut rng) * &constants::ED25519_BASEPOINT_TABLE; - bench.iter_batched( - || (Scalar::random(&mut rng), Scalar::random(&mut rng)), - |(a, b)| EdwardsPoint::vartime_double_scalar_mul_basepoint(&a, &A, &b), - BatchSize::SmallInput, - ); - }); - } - - criterion_group! { - name = edwards_benches; - config = Criterion::default(); - targets = - compress, - decompress, - consttime_fixed_base_scalar_mul, - consttime_variable_base_scalar_mul, - vartime_double_base_scalar_mul, - } -} - -mod multiscalar_benches { - use super::*; - - use curve25519_dalek::edwards::EdwardsPoint; - use curve25519_dalek::edwards::VartimeEdwardsPrecomputation; - use curve25519_dalek::traits::MultiscalarMul; - use curve25519_dalek::traits::VartimeMultiscalarMul; - use curve25519_dalek::traits::VartimePrecomputedMultiscalarMul; - - fn construct_scalars(n: usize) -> Vec { - let mut rng = thread_rng(); - (0..n).map(|_| Scalar::random(&mut rng)).collect() - } - - fn construct_points(n: usize) -> Vec { - let mut rng = thread_rng(); - (0..n) - .map(|_| &Scalar::random(&mut rng) * &constants::ED25519_BASEPOINT_TABLE) - .collect() - } - - fn construct(n: usize) -> (Vec, Vec) { - (construct_scalars(n), construct_points(n)) - } - - fn consttime_multiscalar_mul(c: &mut BenchmarkGroup) { - for multiscalar_size in &MULTISCALAR_SIZES { - c.bench_with_input( - BenchmarkId::new( - "Constant-time variable-base multiscalar multiplication", - *multiscalar_size, - ), - &multiscalar_size, - |b, &&size| { - let points = construct_points(size); - // This is supposed to be constant-time, but we might as well - // rerandomize the scalars for every call just in case. - b.iter_batched( - || construct_scalars(size), - |scalars| EdwardsPoint::multiscalar_mul(&scalars, &points), - BatchSize::SmallInput, - ); - }, - ); - } - } - - fn vartime_multiscalar_mul(c: &mut BenchmarkGroup) { - for multiscalar_size in &MULTISCALAR_SIZES { - c.bench_with_input( - BenchmarkId::new( - "Variable-time variable-base multiscalar multiplication", - *multiscalar_size, - ), - &multiscalar_size, - |b, &&size| { - let points = construct_points(size); - // Rerandomize the scalars for every call to prevent - // false timings from better caching (e.g., the CPU - // cache lifts exactly the right table entries for the - // benchmark into the highest cache levels). - b.iter_batched( - || construct_scalars(size), - |scalars| EdwardsPoint::vartime_multiscalar_mul(&scalars, &points), - BatchSize::SmallInput, - ); - }, - ); - } - } - - fn vartime_precomputed_pure_static(c: &mut BenchmarkGroup) { - for multiscalar_size in &MULTISCALAR_SIZES { - c.bench_with_input( - BenchmarkId::new( - "Variable-time fixed-base multiscalar multiplication", - &multiscalar_size, - ), - &multiscalar_size, - move |b, &&total_size| { - let static_size = total_size; - - let static_points = construct_points(static_size); - let precomp = VartimeEdwardsPrecomputation::new(&static_points); - // Rerandomize the scalars for every call to prevent - // false timings from better caching (e.g., the CPU - // cache lifts exactly the right table entries for the - // benchmark into the highest cache levels). - b.iter_batched( - || construct_scalars(static_size), - |scalars| precomp.vartime_multiscalar_mul(&scalars), - BatchSize::SmallInput, - ); - }, - ); - } - } - - fn vartime_precomputed_helper( - c: &mut BenchmarkGroup, - dynamic_fraction: f64, - ) { - for multiscalar_size in &MULTISCALAR_SIZES { - c.bench_with_input( - BenchmarkId::new( - "Variable-time mixed-base multiscalar multiplication ({:.0}pct dyn)", - format!("({:.0}pct dyn)", 100.0 * dynamic_fraction), - ), - &multiscalar_size, - move |b, &&total_size| { - let dynamic_size = ((total_size as f64) * dynamic_fraction) as usize; - let static_size = total_size - dynamic_size; - - let static_points = construct_points(static_size); - let dynamic_points = construct_points(dynamic_size); - let precomp = VartimeEdwardsPrecomputation::new(&static_points); - // Rerandomize the scalars for every call to prevent - // false timings from better caching (e.g., the CPU - // cache lifts exactly the right table entries for the - // benchmark into the highest cache levels). Timings - // should be independent of points so we don't - // randomize them. - b.iter_batched( - || { - ( - construct_scalars(static_size), - construct_scalars(dynamic_size), - ) - }, - |(static_scalars, dynamic_scalars)| { - precomp.vartime_mixed_multiscalar_mul( - &static_scalars, - &dynamic_scalars, - &dynamic_points, - ) - }, - BatchSize::SmallInput, - ); - }, - ); - } - } - - fn multiscalar_multiplications(c: &mut Criterion) { - let mut group: BenchmarkGroup<_> = c.benchmark_group("Multiscalar muls"); - - consttime_multiscalar_mul(&mut group); - vartime_multiscalar_mul(&mut group); - vartime_precomputed_pure_static(&mut group); - - let dynamic_fracs = [0.0, 0.2, 0.5]; - for frac in dynamic_fracs.iter() { - vartime_precomputed_helper(&mut group, *frac); - } - group.finish(); - } - - criterion_group! { - name = multiscalar_benches; - // Lower the sample size to run the benchmarks faster - config = Criterion::default().sample_size(15); - targets = - multiscalar_multiplications, - } -} - -mod ristretto_benches { - use super::*; - use curve25519_dalek::ristretto::RistrettoPoint; - - fn compress(c: &mut Criterion) { - c.bench_function("RistrettoPoint compression", |b| { - let B = &constants::RISTRETTO_BASEPOINT_POINT; - b.iter(|| B.compress()) - }); - } - - fn decompress(c: &mut Criterion) { - c.bench_function("RistrettoPoint decompression", |b| { - let B_comp = &constants::RISTRETTO_BASEPOINT_COMPRESSED; - b.iter(|| B_comp.decompress().unwrap()) - }); - } - - fn double_and_compress_batch(c: &mut BenchmarkGroup) { - for batch_size in &BATCH_SIZES { - c.bench_with_input( - BenchmarkId::new("Batch Ristretto double-and-encode", *batch_size), - &batch_size, - |b, &&size| { - let mut rng = OsRng; - let points: Vec = (0..size) - .map(|_| RistrettoPoint::random(&mut rng)) - .collect(); - b.iter(|| RistrettoPoint::double_and_compress_batch(&points)); - }, - ); - } - } - - fn double_and_compress_group(c: &mut Criterion) { - let mut group: BenchmarkGroup<_> = c.benchmark_group("double & compress batched"); - double_and_compress_batch(&mut group); - group.finish(); - } - - criterion_group! { - name = ristretto_benches; - config = Criterion::default(); - targets = - compress, - decompress, - double_and_compress_group, - } -} - -mod montgomery_benches { - use super::*; - - fn montgomery_ladder(c: &mut Criterion) { - c.bench_function("Montgomery pseudomultiplication", |b| { - let B = constants::X25519_BASEPOINT; - let s = Scalar::from(897987897u64).invert(); - b.iter(|| B * s); - }); - } - - criterion_group! { - name = montgomery_benches; - config = Criterion::default(); - targets = montgomery_ladder, - } -} - -mod scalar_benches { - use super::*; - - fn scalar_inversion(c: &mut Criterion) { - c.bench_function("Scalar inversion", |b| { - let s = Scalar::from(897987897u64).invert(); - b.iter(|| s.invert()); - }); - } - - fn batch_scalar_inversion(c: &mut BenchmarkGroup) { - for batch_size in &BATCH_SIZES { - c.bench_with_input( - BenchmarkId::new("Batch scalar inversion", *batch_size), - &batch_size, - |b, &&size| { - let mut rng = OsRng; - let scalars: Vec = - (0..size).map(|_| Scalar::random(&mut rng)).collect(); - b.iter(|| { - let mut s = scalars.clone(); - Scalar::batch_invert(&mut s); - }); - }, - ); - } - } - - fn batch_scalar_inversion_group(c: &mut Criterion) { - let mut group: BenchmarkGroup<_> = c.benchmark_group("batch scalar inversion"); - batch_scalar_inversion(&mut group); - group.finish(); - } - - criterion_group! { - name = scalar_benches; - config = Criterion::default(); - targets = - scalar_inversion, - batch_scalar_inversion_group, - } -} - -criterion_main!( - scalar_benches::scalar_benches, - montgomery_benches::montgomery_benches, - ristretto_benches::ristretto_benches, - edwards_benches::edwards_benches, - multiscalar_benches::multiscalar_benches, -); diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/dalek-logo-clear.png b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/dalek-logo-clear.png deleted file mode 100644 index d3170d80b215..000000000000 Binary files a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/dalek-logo-clear.png and /dev/null differ diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/dalek-logo.png b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/dalek-logo.png deleted file mode 100644 index 83d6a0c52776..000000000000 Binary files a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/dalek-logo.png and /dev/null differ diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/dalek-logo.svg b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/dalek-logo.svg deleted file mode 100644 index 3e87a44be176..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/dalek-logo.svg +++ /dev/null @@ -1 +0,0 @@ -dalek \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/rustdoc-include-katex-header.html b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/rustdoc-include-katex-header.html deleted file mode 100644 index bc4e3d8a98d4..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/assets/rustdoc-include-katex-header.html +++ /dev/null @@ -1,10 +0,0 @@ - - - - - diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/parallel-formulas.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/parallel-formulas.md deleted file mode 100644 index f84d1ccd42db..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/parallel-formulas.md +++ /dev/null @@ -1,333 +0,0 @@ -Vectorized implementations of field and point operations, using a -modification of the 4-way parallel formulas of Hisil, Wong, Carter, -and Dawson. - -These notes explain the parallel formulas and our strategy for using -them with SIMD operations. There are two backend implementations: one -using AVX2, and the other using AVX512-IFMA. - -# Overview - -The 2008 paper [_Twisted Edwards Curves Revisited_][hwcd08] by Hisil, -Wong, Carter, and Dawson (HWCD) introduced the “extended coordinates” -and mixed-model representations which are used by most Edwards curve -implementations. - -However, they also describe 4-way parallel formulas for point addition -and doubling: a unified addition algorithm taking an effective -\\(2\mathbf M + 1\mathbf D\\), a doubling algorithm taking an -effective \\(1\mathbf M + 1\mathbf S\\), and a dedicated (i.e., for -distinct points) addition algorithm taking an effective \\(2 \mathbf M -\\). They compare these formulas with a 2-way parallel variant of the -Montgomery ladder. - -Unlike their serial formulas, which are used widely, their parallel -formulas do not seem to have been implemented in software before. The -2-way parallel Montgomery ladder was used in 2015 by Tung Chou's -`sandy2x` implementation. Curiously, however, although the [`sandy2x` -paper][sandy2x] also implements Edwards arithmetic, and cites HWCD08, -it doesn't mention their parallel Edwards formulas. -A 2015 paper by Hernández and López describes an AVX2 implementation -of X25519. Neither the paper nor the code are publicly available, but -it apparently gives only a [slight speedup][avx2trac], suggesting that -it uses a 4-way parallel Montgomery ladder rather than parallel -Edwards formulas. - -The reason may be that HWCD08 describe their formulas as operating on -four independent processors, which would make a software -implementation impractical: all of the operations are too low-latency -to effectively synchronize. But a closer inspection reveals that the -(more expensive) multiplication and squaring steps are uniform, while -the instruction divergence occurs in the (much cheaper) addition and -subtraction steps. This means that a SIMD implementation can perform -the expensive steps uniformly, and handle divergence in the -inexpensive steps using masking. - -These notes describe modifications to the original parallel formulas -to allow a SIMD implementation, and this module contains -implementations of the modified formulas targeting either AVX2 or -AVX512-IFMA. - -# Parallel formulas in HWCD'08 - -The doubling formula is presented in the HWCD paper as follows: - -| Cost | Processor 1 | Processor 2 | Processor 3 | Processor 4 | -|------------------|--------------------------------|--------------------------------|--------------------------------|--------------------------------| -| | idle | idle | idle | \\( R\_1 \gets X\_1 + Y\_1 \\) | -| \\(1\mathbf S\\) | \\( R\_2 \gets X\_1\^2 \\) | \\( R\_3 \gets Y\_1\^2 \\) | \\( R\_4 \gets Z\_1\^2 \\) | \\( R\_5 \gets R\_1\^2 \\) | -| | \\( R\_6 \gets R\_2 + R\_3 \\) | \\( R\_7 \gets R\_2 - R\_3 \\) | \\( R\_4 \gets 2 R\_4 \\) | idle | -| | idle | \\( R\_1 \gets R\_4 + R\_7 \\) | idle | \\( R\_2 \gets R\_6 - R\_5 \\) | -| \\(1\mathbf M\\) | \\( X\_3 \gets R\_1 R\_2 \\) | \\( Y\_3 \gets R\_6 R\_7 \\) | \\( T\_3 \gets R\_2 R\_6 \\) | \\( Z\_3 \gets R\_1 R\_7 \\) | - -and the unified addition algorithm is presented as follows: - -| Cost | Processor 1 | Processor 2 | Processor 3 | Processor 4 | -|------------------|--------------------------------|--------------------------------|--------------------------------|--------------------------------| -| | \\( R\_1 \gets Y\_1 - X\_1 \\) | \\( R\_2 \gets Y\_2 - X\_2 \\) | \\( R\_3 \gets Y\_1 + X\_1 \\) | \\( R\_4 \gets Y\_2 + X\_2 \\) | -| \\(1\mathbf M\\) | \\( R\_5 \gets R\_1 R\_2 \\) | \\( R\_6 \gets R\_3 R\_4 \\) | \\( R\_7 \gets T\_1 T\_2 \\) | \\( R\_8 \gets Z\_1 Z\_2 \\) | -| \\(1\mathbf D\\) | idle | idle | \\( R\_7 \gets k R\_7 \\) | \\( R\_8 \gets 2 R\_8 \\) | -| | \\( R\_1 \gets R\_6 - R\_5 \\) | \\( R\_2 \gets R\_8 - R\_7 \\) | \\( R\_3 \gets R\_8 + R\_7 \\) | \\( R\_4 \gets R\_6 + R\_5 \\) | -| \\(1\mathbf M\\) | \\( X\_3 \gets R\_1 R\_2 \\) | \\( Y\_3 \gets R\_3 R\_4 \\) | \\( T\_3 \gets R\_1 R\_4 \\) | \\( Z\_3 \gets R\_2 R\_3 \\) | - -Here \\(\mathbf M\\) and \\(\mathbf S\\) represent the cost of -multiplication and squaring of generic field elements, \\(\mathbf D\\) -represents the cost of multiplication by a curve constant (in this -case \\( k = 2d \\)). - -Notice that the \\(1\mathbf M\\) and \\(1\mathbf S\\) steps are -uniform. The non-uniform steps are all inexpensive additions or -subtractions, with the exception of the multiplication by the curve -constant \\(k = 2d\\): -$$ -R\_7 \gets 2 d R\_7. -$$ - -HWCD suggest parallelising this step by breaking \\(k = 2d\\) into four -parts as \\(k = k_0 + 2\^n k_1 + 2\^{2n} k_2 + 2\^{3n} k_3 \\) and -computing \\(k_i R_7 \\) in parallel. This is quite awkward, but if -the curve constant is a ratio \\( d = d\_1/d\_2 \\), then projective -coordinates allow us to instead compute -$$ -(R\_5, R\_6, R\_7, R\_8) \gets (d\_2 R\_5, d\_2 R\_6, 2d\_1 R\_7, d\_2 R\_8). -$$ -This can be performed as a uniform multiplication by a vector of -constants, and if \\(d\_1, d\_2\\) are small, it is relatively -inexpensive. (This trick was suggested by Mike Hamburg). -In the Curve25519 case, we have -$$ -d = \frac{d\_1}{d\_2} = \frac{-121665}{121666}; -$$ -Since \\(2 \cdot 121666 < 2\^{18}\\), all the constants above fit (up -to sign) in 32 bits, so this can be done in parallel as four -multiplications by small constants \\( (121666, 121666, 2\cdot 121665, -2\cdot 121666) \\), followed by a negation to compute \\( - 2\cdot 121665\\). - -# Modified parallel formulas - -Using the modifications sketched above, we can write SIMD-friendly -versions of the parallel formulas as follows. To avoid confusion with -the original formulas, temporary variables are named \\(S\\) instead -of \\(R\\) and are in static single-assignment form. - -## Addition - -To add points -\\(P_1 = (X_1 : Y_1 : Z_1 : T_1) \\) -and -\\(P_2 = (X_2 : Y_2 : Z_2 : T_2 ) \\), -we compute -$$ -\begin{aligned} -(S\_0 &&,&& S\_1 &&,&& S\_2 &&,&& S\_3 ) -&\gets -(Y\_1 - X\_1&&,&& Y\_1 + X\_1&&,&& Y\_2 - X\_2&&,&& Y\_2 + X\_2) -\\\\ -(S\_4 &&,&& S\_5 &&,&& S\_6 &&,&& S\_7 ) -&\gets -(S\_0 \cdot S\_2&&,&& S\_1 \cdot S\_3&&,&& Z\_1 \cdot Z\_2&&,&& T\_1 \cdot T\_2) -\\\\ -(S\_8 &&,&& S\_9 &&,&& S\_{10} &&,&& S\_{11} ) -&\gets -(d\_2 \cdot S\_4 &&,&& d\_2 \cdot S\_5 &&,&& 2 d\_2 \cdot S\_6 &&,&& 2 d\_1 \cdot S\_7 ) -\\\\ -(S\_{12} &&,&& S\_{13} &&,&& S\_{14} &&,&& S\_{15}) -&\gets -(S\_9 - S\_8&&,&& S\_9 + S\_8&&,&& S\_{10} - S\_{11}&&,&& S\_{10} + S\_{11}) -\\\\ -(X\_3&&,&& Y\_3&&,&& Z\_3&&,&& T\_3) -&\gets -(S\_{12} \cdot S\_{14}&&,&& S\_{15} \cdot S\_{13}&&,&& S\_{15} \cdot S\_{14}&&,&& S\_{12} \cdot S\_{13}) -\end{aligned} -$$ -to obtain \\( P\_3 = (X\_3 : Y\_3 : Z\_3 : T\_3) = P\_1 + P\_2 \\). -This costs \\( 2\mathbf M + 1 \mathbf D\\). - -## Readdition - -If the point \\( P_2 = (X\_2 : Y\_2 : Z\_2 : T\_2) \\) is fixed, we -can cache the multiplication of the curve constants by computing -$$ -\begin{aligned} -(S\_2' &&,&& S\_3' &&,&& Z\_2' &&,&& T\_2' ) -&\gets -(d\_2 \cdot (Y\_2 - X\_2)&&,&& d\_2 \cdot (Y\_1 + X\_1)&&,&& 2d\_2 \cdot Z\_2 &&,&& 2d\_1 \cdot T\_2). -\end{aligned} -$$ -This costs \\( 1\mathbf D\\); with \\( (S\_2', S\_3', Z\_2', T\_2')\\) -in hand, the addition formulas above become -$$ -\begin{aligned} -(S\_0 &&,&& S\_1 &&,&& Z\_1 &&,&& T\_1 ) -&\gets -(Y\_1 - X\_1&&,&& Y\_1 + X\_1&&,&& Z\_1 &&,&& T\_1) -\\\\ -(S\_8 &&,&& S\_9 &&,&& S\_{10} &&,&& S\_{11} ) -&\gets -(S\_0 \cdot S\_2' &&,&& S\_1 \cdot S\_3'&&,&& Z\_1 \cdot Z\_2' &&,&& T\_1 \cdot T\_2') -\\\\ -(S\_{12} &&,&& S\_{13} &&,&& S\_{14} &&,&& S\_{15}) -&\gets -(S\_9 - S\_8&&,&& S\_9 + S\_8&&,&& S\_{10} - S\_{11}&&,&& S\_{10} + S\_{11}) -\\\\ -(X\_3&&,&& Y\_3&&,&& Z\_3&&,&& T\_3) -&\gets -(S\_{12} \cdot S\_{14}&&,&& S\_{15} \cdot S\_{13}&&,&& S\_{15} \cdot S\_{14}&&,&& S\_{12} \cdot S\_{13}) -\end{aligned} -$$ -which costs only \\( 2\mathbf M \\). This precomputation is -essentially similar to the precomputation that HWCD suggest for their -serial formulas. Because the cost of precomputation and then -readdition is the same as addition, it's sufficient to only -implement caching and readdition. - -## Doubling - -The non-uniform portions of the (re)addition formulas have a fairly -regular structure. Unfortunately, this is not the case for the -doubling formulas, which are much less nice. - -To double a point \\( P = (X\_1 : Y\_1 : Z\_1 : T\_1) \\), we compute -$$ -\begin{aligned} -(X\_1 &&,&& Y\_1 &&,&& Z\_1 &&,&& S\_0) -&\gets -(X\_1 &&,&& Y\_1 &&,&& Z\_1 &&,&& X\_1 + Y\_1) -\\\\ -(S\_1 &&,&& S\_2 &&,&& S\_3 &&,&& S\_4 ) -&\gets -(X\_1\^2 &&,&& Y\_1\^2&&,&& Z\_1\^2 &&,&& S\_0\^2) -\\\\ -(S\_5 &&,&& S\_6 &&,&& S\_8 &&,&& S\_9 ) -&\gets -(S\_1 + S\_2 &&,&& S\_1 - S\_2 &&,&& S\_1 + 2S\_3 - S\_2 &&,&& S\_1 + S\_2 - S\_4) -\\\\ -(X\_3 &&,&& Y\_3 &&,&& Z\_3 &&,&& T\_3 ) -&\gets -(S\_8 \cdot S\_9 &&,&& S\_5 \cdot S\_6 &&,&& S\_8 \cdot S\_6 &&,&& S\_5 \cdot S\_9) -\end{aligned} -$$ -to obtain \\( P\_3 = (X\_3 : Y\_3 : Z\_3 : T\_3) = [2]P\_1 \\). - -The intermediate step between the squaring and multiplication requires -a long chain of additions. For the IFMA-based implementation, this is not a problem; for the AVX2-based implementation, it is, but with some care and finesse, it's possible to arrange the computation without requiring an intermediate reduction. - -# Implementation - -These formulas aren't specific to a particular representation of field -element vectors, whose optimum choice is determined by the details of -the instruction set. However, it's not possible to perfectly separate -the implementation of the field element vectors from the -implementation of the point operations. Instead, the [`avx2`] and -[`ifma`] backends provide `ExtendedPoint` and `CachedPoint` types, and -the [`scalar_mul`] code uses one of the backend types by a type alias. - -# Comparison to non-vectorized formulas - -In theory, the parallel Edwards formulas seem to allow a \\(4\\)-way -speedup from parallelism. However, an actual vectorized -implementation has several slowdowns that cut into this speedup. - -First, the parallel formulas can only use the available vector -multiplier. For AVX2, this is a \\( 32 \times 32 \rightarrow 64 -\\)-bit integer multiplier, so the speedup from vectorization must -overcome the disadvantage of losing the \\( 64 \times 64 \rightarrow -128\\)-bit (serial) integer multiplier. The effect of this slowdown -is microarchitecture-dependent, since it requires accounting for the -total number of multiplications and additions and their relative -costs. IFMA allows using a \\( 52 \times 52 \rightarrow 104 \\)-bit -multiplier, but the high and low halves need to be computed -separately, and the reduction requires extra work because it's not -possible to pre-multiply by \\(19\\). - -Second, the parallel doubling formulas incur both a theoretical and -practical slowdown. The parallel formulas described above work on the -\\( \mathbb P\^3 \\) “extended” coordinates. The \\( \mathbb P\^2 \\) -model introduced earlier by [Bernstein, Birkner, Joye, Lange, and -Peters][bbjlp08] allows slightly faster doublings, so HWCD suggest -mixing coordinate systems while performing scalar multiplication -(attributing the idea to [a 1998 paper][cmo98] by Cohen, Miyagi, and -Ono). The \\( T \\) coordinate is not required for doublings, so when -doublings are followed by doublings, its computation can be skipped. -More details on this approach and the different coordinate systems can -be found in the [`curve_models` module documentation][curve_models]. - -Unfortunately, this optimization is not compatible with the parallel -formulas, which cannot save time by skipping a single variable, so the -parallel doubling formulas do slightly more work when counting the -total number of field multiplications and squarings. - -In addition, the parallel doubling formulas have a less regular -pattern of additions and subtractions than the parallel addition -formulas, so the vectorization overhead is proportionately greater. -Both the parallel addition and parallel doubling formulas also require -some shuffling to rearrange data within the vectors, which places more -pressure on the shuffle unit than is desirable. - -This means that the speedup from using a vectorized implementation of -parallel Edwards formulas is likely to be greatest in applications -that do fewer doublings and more additions (like a large multiscalar -multiplication) rather than applications that do fewer additions and -more doublings (like a double-base scalar multiplication). - -Third, Amdahl's law says that the speedup is limited to the portion -which can be parallelized. Normally, the field multiplications -dominate the cost of point operations, but with the IFMA backend, the -multiplications are so fast that the non-parallel additions end up as -a significant portion of the total time. - -Fourth, current Intel CPUs perform thermal throttling when using wide -vector instructions. A detailed description can be found in §15.26 of -[the Intel Optimization Manual][intel], but using wide vector -instructions prevents the core from operating at higher frequencies. -The core can return to the higher-frequency state after 2 -milliseconds, but this timer is reset every time high-power -instructions are used. - -Any speedup from vectorization therefore has to be weighed against a -slowdown for the next few million instructions. For a mixed workload, -where point operations are interspersed with other tasks, this can -reduce overall performance. This implementation is therefore probably -not suitable for basic applications, like signatures, but is -worthwhile for complex applications, like zero-knowledge proofs, which -do sustained work. - -# Future work - -There are several directions for future improvement: - -* Using the vectorized field arithmetic code to parallelize across - point operations rather than within a single point operation. This - is less flexible, but would give a speedup both from allowing use of - the faster mixed-model arithmetic and from reducing shuffle - pressure. One approach in this direction would be to implement - batched scalar-point operations using vectors of points (AoSoA - layout). This less generally useful but would give a speedup for - Bulletproofs. - -* Extending the IFMA implementation to use the full width of AVX512, - either handling the extra parallelism internally to a single point - operation (by using a 2-way parallel implementation of field - arithmetic instead of a wordsliced one), or externally, - parallelizing across point operations. Internal parallelism would - be preferable but might require too much shuffle pressure. For now, - the only available CPU which runs IFMA operations executes them at - 256-bits wide anyways, so this isn't yet important. - -* Generalizing the implementation to NEON instructions. The current - point arithmetic code is written in terms of field element vectors, - which are in turn implemented using platform SIMD vectors. It - should be possible to write an alternate implementation of the - `FieldElement2625x4` using NEON without changing the point - arithmetic. NEON has 128-bit vectors rather than 256-bit vectors, - but this may still be worthwhile compared to a serial - implementation. - - -[sandy2x]: https://eprint.iacr.org/2015/943.pdf -[avx2trac]: https://trac.torproject.org/projects/tor/ticket/8897#comment:28 -[hwcd08]: https://www.iacr.org/archive/asiacrypt2008/53500329/53500329.pdf -[curve_models]: https://doc-internal.dalek.rs/curve25519_dalek/backend/serial/curve_models/index.html -[bbjlp08]: https://eprint.iacr.org/2008/013 -[cmo98]: https://link.springer.com/content/pdf/10.1007%2F3-540-49649-1_6.pdf -[intel]: https://software.intel.com/sites/default/files/managed/9e/bc/64-ia-32-architectures-optimization-manual.pdf diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/mod.rs deleted file mode 100644 index 18f8af797cc7..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/mod.rs +++ /dev/null @@ -1,65 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Pluggable implementations for different architectures. -//! -//! The backend code is split into two parts: a serial backend, -//! and a vector backend. -//! -//! The [`serial`] backend contains 32- and 64-bit implementations of -//! field arithmetic and scalar arithmetic, as well as implementations -//! of point operations using the mixed-model strategy (passing -//! between different curve models depending on the operation). -//! -//! The [`vector`] backend contains implementations of vectorized -//! field arithmetic, used to implement point operations using a novel -//! implementation strategy derived from parallel formulas of Hisil, -//! Wong, Carter, and Dawson. -//! -//! Because the two strategies give rise to different curve models, -//! it's not possible to reuse exactly the same scalar multiplication -//! code (or to write it generically), so both serial and vector -//! backends contain matching implementations of scalar multiplication -//! algorithms. These are intended to be selected by a `#[cfg]`-based -//! type alias. -//! -//! The [`vector`] backend is selected by the `simd_backend` cargo -//! feature; it uses the [`serial`] backend for non-vectorized operations. - -#[cfg(not(any( - feature = "u32_backend", - feature = "u64_backend", - feature = "fiat_u32_backend", - feature = "fiat_u64_backend", - feature = "simd_backend", -)))] -compile_error!( - "no curve25519-dalek backend cargo feature enabled! \ - please enable one of: u32_backend, u64_backend, fiat_u32_backend, fiat_u64_backend, simd_backend" -); - -pub mod serial; - -#[cfg(any( - all( - feature = "simd_backend", - any(target_feature = "avx2", target_feature = "avx512ifma") - ), - all(feature = "nightly", rustdoc) -))] -#[cfg_attr( - feature = "nightly", - doc(cfg(any(all( - feature = "simd_backend", - any(target_feature = "avx2", target_feature = "avx512ifma") - )))) -)] -pub mod vector; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/curve_models/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/curve_models/mod.rs deleted file mode 100644 index 9d10d9221a6e..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/curve_models/mod.rs +++ /dev/null @@ -1,551 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Internal curve representations which are not part of the public API. -//! -//! # Curve representations -//! -//! Internally, we use several different models for the curve. Here -//! is a sketch of the relationship between the models, following [a -//! post][smith-moderncrypto] -//! by Ben Smith on the `moderncrypto` mailing list. This is also briefly -//! discussed in section 2.5 of [_Montgomery curves and their -//! arithmetic_][costello-smith-2017] by Costello and Smith. -//! -//! Begin with the affine equation for the curve, -//! $$ -//! -x\^2 + y\^2 = 1 + dx\^2y\^2. -//! $$ -//! Next, pass to the projective closure \\(\mathbb P\^1 \times \mathbb -//! P\^1 \\) by setting \\(x=X/Z\\), \\(y=Y/T.\\) Clearing denominators -//! gives the model -//! $$ -//! -X\^2T\^2 + Y\^2Z\^2 = Z\^2T\^2 + dX\^2Y\^2. -//! $$ -//! In `curve25519-dalek`, this is represented as the `CompletedPoint` -//! struct. -//! To map from \\(\mathbb P\^1 \times \mathbb P\^1 \\), a product of -//! two lines, to \\(\mathbb P\^3\\), we use the [Segre -//! embedding](https://en.wikipedia.org/wiki/Segre_embedding) -//! $$ -//! \sigma : ((X:Z),(Y:T)) \mapsto (XY:XT:ZY:ZT). -//! $$ -//! Using coordinates \\( (W_0:W_1:W_2:W_3) \\) for \\(\mathbb P\^3\\), -//! the image \\(\sigma (\mathbb P\^1 \times \mathbb P\^1) \\) is the -//! surface defined by \\( W_0 W_3 = W_1 W_2 \\), and under \\( -//! \sigma\\), the equation above becomes -//! $$ -//! -W\_1\^2 + W\_2\^2 = W\_3\^2 + dW\_0\^2, -//! $$ -//! so that the curve is given by the pair of equations -//! $$ -//! \begin{aligned} -//! -W\_1\^2 + W\_2\^2 &= W\_3\^2 + dW\_0\^2, \\\\ W_0 W_3 &= W_1 W_2. -//! \end{aligned} -//! $$ -//! Up to variable naming, this is exactly the "extended" curve model -//! introduced in [_Twisted Edwards Curves -//! Revisited_][hisil-wong-carter-dawson-2008] by Hisil, Wong, Carter, -//! and Dawson. In `curve25519-dalek`, it is represented as the -//! `EdwardsPoint` struct. We can map from \\(\mathbb P\^3 \\) to -//! \\(\mathbb P\^2 \\) by sending \\( (W\_0:W\_1:W\_2:W\_3) \\) to \\( -//! (W\_1:W\_2:W\_3) \\). Notice that -//! $$ -//! \frac {W\_1} {W\_3} = \frac {XT} {ZT} = \frac X Z = x, -//! $$ -//! and -//! $$ -//! \frac {W\_2} {W\_3} = \frac {YZ} {ZT} = \frac Y T = y, -//! $$ -//! so this is the same as if we had started with the affine model -//! and passed to \\( \mathbb P\^2 \\) by setting \\( x = W\_1 / W\_3 -//! \\), \\(y = W\_2 / W\_3 \\). -//! Up to variable naming, this is the projective representation -//! introduced in in [_Twisted Edwards -//! Curves_][bernstein-birkner-joye-lange-peters-2008] by Bernstein, -//! Birkner, Joye, Lange, and Peters. In `curve25519-dalek`, it is -//! represented by the `ProjectivePoint` struct. -//! -//! # Passing between curve models -//! -//! Although the \\( \mathbb P\^3 \\) model provides faster addition -//! formulas, the \\( \mathbb P\^2 \\) model provides faster doubling -//! formulas. Hisil, Wong, Carter, and Dawson therefore suggest mixing -//! coordinate systems for scalar multiplication, attributing the idea -//! to [a 1998 paper][cohen-miyaji-ono-1998] of Cohen, Miyagi, and Ono. -//! -//! Their suggestion is to vary the formulas used by context, using a -//! \\( \mathbb P\^2 \rightarrow \mathbb P\^2 \\) doubling formula when -//! a doubling is followed -//! by another doubling, a \\( \mathbb P\^2 \rightarrow \mathbb P\^3 \\) -//! doubling formula when a doubling is followed by an addition, and -//! computing point additions using a \\( \mathbb P\^3 \times \mathbb P\^3 -//! \rightarrow \mathbb P\^2 \\) formula. -//! -//! The `ref10` reference implementation of [Ed25519][ed25519], by -//! Bernstein, Duif, Lange, Schwabe, and Yang, tweaks -//! this strategy, factoring the addition formulas through the -//! completion \\( \mathbb P\^1 \times \mathbb P\^1 \\), so that the -//! output of an addition or doubling always lies in \\( \mathbb P\^1 \times -//! \mathbb P\^1\\), and the choice of which formula to use is replaced -//! by a choice of whether to convert the result to \\( \mathbb P\^2 \\) -//! or \\(\mathbb P\^3 \\). However, this tweak is not described in -//! their paper, only in their software. -//! -//! Our naming for the `CompletedPoint` (\\(\mathbb P\^1 \times \mathbb -//! P\^1 \\)), `ProjectivePoint` (\\(\mathbb P\^2 \\)), and -//! `EdwardsPoint` (\\(\mathbb P\^3 \\)) structs follows the naming in -//! Adam Langley's [Golang ed25519][agl-ed25519] implementation, which -//! `curve25519-dalek` was originally derived from. -//! -//! Finally, to accelerate readditions, we use two cached point formats -//! in "Niels coordinates", named for Niels Duif, -//! one for the affine model and one for the \\( \mathbb P\^3 \\) model: -//! -//! * `AffineNielsPoint`: \\( (y+x, y-x, 2dxy) \\) -//! * `ProjectiveNielsPoint`: \\( (Y+X, Y-X, Z, 2dXY) \\) -//! -//! [smith-moderncrypto]: https://moderncrypto.org/mail-archive/curves/2016/000807.html -//! [costello-smith-2017]: https://eprint.iacr.org/2017/212 -//! [hisil-wong-carter-dawson-2008]: https://www.iacr.org/archive/asiacrypt2008/53500329/53500329.pdf -//! [bernstein-birkner-joye-lange-peters-2008]: https://eprint.iacr.org/2008/013 -//! [cohen-miyaji-ono-1998]: https://link.springer.com/content/pdf/10.1007%2F3-540-49649-1_6.pdf -//! [ed25519]: https://eprint.iacr.org/2011/368 -//! [agl-ed25519]: https://github.com/agl/ed25519 - -#![allow(non_snake_case)] - -use core::fmt::Debug; -use core::ops::{Add, Neg, Sub}; - -use subtle::Choice; -use subtle::ConditionallySelectable; - -use zeroize::Zeroize; - -use constants; - -use edwards::EdwardsPoint; -use field::FieldElement; -use traits::ValidityCheck; - -// ------------------------------------------------------------------------ -// Internal point representations -// ------------------------------------------------------------------------ - -/// A `ProjectivePoint` is a point \\((X:Y:Z)\\) on the \\(\mathbb -/// P\^2\\) model of the curve. -/// A point \\((x,y)\\) in the affine model corresponds to -/// \\((x:y:1)\\). -/// -/// More details on the relationships between the different curve models -/// can be found in the module-level documentation. -#[derive(Copy, Clone)] -pub struct ProjectivePoint { - pub X: FieldElement, - pub Y: FieldElement, - pub Z: FieldElement, -} - -/// A `CompletedPoint` is a point \\(((X:Z), (Y:T))\\) on the \\(\mathbb -/// P\^1 \times \mathbb P\^1 \\) model of the curve. -/// A point (x,y) in the affine model corresponds to \\( ((x:1),(y:1)) -/// \\). -/// -/// More details on the relationships between the different curve models -/// can be found in the module-level documentation. -#[derive(Copy, Clone)] -#[allow(missing_docs)] -pub struct CompletedPoint { - pub X: FieldElement, - pub Y: FieldElement, - pub Z: FieldElement, - pub T: FieldElement, -} - -/// A pre-computed point in the affine model for the curve, represented as -/// \\((y+x, y-x, 2dxy)\\) in "Niels coordinates". -/// -/// More details on the relationships between the different curve models -/// can be found in the module-level documentation. -// Safe to derive Eq because affine coordinates. -#[derive(Copy, Clone, Eq, PartialEq)] -#[allow(missing_docs)] -pub struct AffineNielsPoint { - pub y_plus_x: FieldElement, - pub y_minus_x: FieldElement, - pub xy2d: FieldElement, -} - -impl Zeroize for AffineNielsPoint { - fn zeroize(&mut self) { - self.y_plus_x.zeroize(); - self.y_minus_x.zeroize(); - self.xy2d.zeroize(); - } -} - -/// A pre-computed point on the \\( \mathbb P\^3 \\) model for the -/// curve, represented as \\((Y+X, Y-X, Z, 2dXY)\\) in "Niels coordinates". -/// -/// More details on the relationships between the different curve models -/// can be found in the module-level documentation. -#[derive(Copy, Clone)] -pub struct ProjectiveNielsPoint { - pub Y_plus_X: FieldElement, - pub Y_minus_X: FieldElement, - pub Z: FieldElement, - pub T2d: FieldElement, -} - -impl Zeroize for ProjectiveNielsPoint { - fn zeroize(&mut self) { - self.Y_plus_X.zeroize(); - self.Y_minus_X.zeroize(); - self.Z.zeroize(); - self.T2d.zeroize(); - } -} - -// ------------------------------------------------------------------------ -// Constructors -// ------------------------------------------------------------------------ - -use traits::Identity; - -impl Identity for ProjectivePoint { - fn identity() -> ProjectivePoint { - ProjectivePoint { - X: FieldElement::zero(), - Y: FieldElement::one(), - Z: FieldElement::one(), - } - } -} - -impl Identity for ProjectiveNielsPoint { - fn identity() -> ProjectiveNielsPoint { - ProjectiveNielsPoint{ - Y_plus_X: FieldElement::one(), - Y_minus_X: FieldElement::one(), - Z: FieldElement::one(), - T2d: FieldElement::zero(), - } - } -} - -impl Default for ProjectiveNielsPoint { - fn default() -> ProjectiveNielsPoint { - ProjectiveNielsPoint::identity() - } -} - -impl Identity for AffineNielsPoint { - fn identity() -> AffineNielsPoint { - AffineNielsPoint{ - y_plus_x: FieldElement::one(), - y_minus_x: FieldElement::one(), - xy2d: FieldElement::zero(), - } - } -} - -impl Default for AffineNielsPoint { - fn default() -> AffineNielsPoint { - AffineNielsPoint::identity() - } -} - -// ------------------------------------------------------------------------ -// Validity checks (for debugging, not CT) -// ------------------------------------------------------------------------ - -impl ValidityCheck for ProjectivePoint { - fn is_valid(&self) -> bool { - // Curve equation is -x^2 + y^2 = 1 + d*x^2*y^2, - // homogenized as (-X^2 + Y^2)*Z^2 = Z^4 + d*X^2*Y^2 - let XX = self.X.square(); - let YY = self.Y.square(); - let ZZ = self.Z.square(); - let ZZZZ = ZZ.square(); - let lhs = &(&YY - &XX) * &ZZ; - let rhs = &ZZZZ + &(&constants::EDWARDS_D * &(&XX * &YY)); - - lhs == rhs - } -} - -// ------------------------------------------------------------------------ -// Constant-time assignment -// ------------------------------------------------------------------------ - -impl ConditionallySelectable for ProjectiveNielsPoint { - fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { - ProjectiveNielsPoint { - Y_plus_X: FieldElement::conditional_select(&a.Y_plus_X, &b.Y_plus_X, choice), - Y_minus_X: FieldElement::conditional_select(&a.Y_minus_X, &b.Y_minus_X, choice), - Z: FieldElement::conditional_select(&a.Z, &b.Z, choice), - T2d: FieldElement::conditional_select(&a.T2d, &b.T2d, choice), - } - } - - fn conditional_assign(&mut self, other: &Self, choice: Choice) { - self.Y_plus_X.conditional_assign(&other.Y_plus_X, choice); - self.Y_minus_X.conditional_assign(&other.Y_minus_X, choice); - self.Z.conditional_assign(&other.Z, choice); - self.T2d.conditional_assign(&other.T2d, choice); - } -} - -impl ConditionallySelectable for AffineNielsPoint { - fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { - AffineNielsPoint { - y_plus_x: FieldElement::conditional_select(&a.y_plus_x, &b.y_plus_x, choice), - y_minus_x: FieldElement::conditional_select(&a.y_minus_x, &b.y_minus_x, choice), - xy2d: FieldElement::conditional_select(&a.xy2d, &b.xy2d, choice), - } - } - - fn conditional_assign(&mut self, other: &Self, choice: Choice) { - self.y_plus_x.conditional_assign(&other.y_plus_x, choice); - self.y_minus_x.conditional_assign(&other.y_minus_x, choice); - self.xy2d.conditional_assign(&other.xy2d, choice); - } -} - -// ------------------------------------------------------------------------ -// Point conversions -// ------------------------------------------------------------------------ - -impl ProjectivePoint { - /// Convert this point from the \\( \mathbb P\^2 \\) model to the - /// \\( \mathbb P\^3 \\) model. - /// - /// This costs \\(3 \mathrm M + 1 \mathrm S\\). - pub fn to_extended(&self) -> EdwardsPoint { - EdwardsPoint { - X: &self.X * &self.Z, - Y: &self.Y * &self.Z, - Z: self.Z.square(), - T: &self.X * &self.Y, - } - } -} - -impl CompletedPoint { - /// Convert this point from the \\( \mathbb P\^1 \times \mathbb P\^1 - /// \\) model to the \\( \mathbb P\^2 \\) model. - /// - /// This costs \\(3 \mathrm M \\). - pub fn to_projective(&self) -> ProjectivePoint { - ProjectivePoint { - X: &self.X * &self.T, - Y: &self.Y * &self.Z, - Z: &self.Z * &self.T, - } - } - - /// Convert this point from the \\( \mathbb P\^1 \times \mathbb P\^1 - /// \\) model to the \\( \mathbb P\^3 \\) model. - /// - /// This costs \\(4 \mathrm M \\). - pub fn to_extended(&self) -> EdwardsPoint { - EdwardsPoint { - X: &self.X * &self.T, - Y: &self.Y * &self.Z, - Z: &self.Z * &self.T, - T: &self.X * &self.Y, - } - } -} - -// ------------------------------------------------------------------------ -// Doubling -// ------------------------------------------------------------------------ - -impl ProjectivePoint { - /// Double this point: return self + self - pub fn double(&self) -> CompletedPoint { // Double() - let XX = self.X.square(); - let YY = self.Y.square(); - let ZZ2 = self.Z.square2(); - let X_plus_Y = &self.X + &self.Y; - let X_plus_Y_sq = X_plus_Y.square(); - let YY_plus_XX = &YY + &XX; - let YY_minus_XX = &YY - &XX; - - CompletedPoint{ - X: &X_plus_Y_sq - &YY_plus_XX, - Y: YY_plus_XX, - Z: YY_minus_XX, - T: &ZZ2 - &YY_minus_XX - } - } -} - -// ------------------------------------------------------------------------ -// Addition and Subtraction -// ------------------------------------------------------------------------ - -// XXX(hdevalence) These were doc(hidden) so they don't appear in the -// public API docs. -// However, that prevents them being used with --document-private-items, -// so comment out the doc(hidden) for now until this is resolved -// -// upstream rust issue: https://github.com/rust-lang/rust/issues/46380 -//#[doc(hidden)] -impl<'a, 'b> Add<&'b ProjectiveNielsPoint> for &'a EdwardsPoint { - type Output = CompletedPoint; - - fn add(self, other: &'b ProjectiveNielsPoint) -> CompletedPoint { - let Y_plus_X = &self.Y + &self.X; - let Y_minus_X = &self.Y - &self.X; - let PP = &Y_plus_X * &other.Y_plus_X; - let MM = &Y_minus_X * &other.Y_minus_X; - let TT2d = &self.T * &other.T2d; - let ZZ = &self.Z * &other.Z; - let ZZ2 = &ZZ + &ZZ; - - CompletedPoint{ - X: &PP - &MM, - Y: &PP + &MM, - Z: &ZZ2 + &TT2d, - T: &ZZ2 - &TT2d - } - } -} - -//#[doc(hidden)] -impl<'a, 'b> Sub<&'b ProjectiveNielsPoint> for &'a EdwardsPoint { - type Output = CompletedPoint; - - fn sub(self, other: &'b ProjectiveNielsPoint) -> CompletedPoint { - let Y_plus_X = &self.Y + &self.X; - let Y_minus_X = &self.Y - &self.X; - let PM = &Y_plus_X * &other.Y_minus_X; - let MP = &Y_minus_X * &other.Y_plus_X; - let TT2d = &self.T * &other.T2d; - let ZZ = &self.Z * &other.Z; - let ZZ2 = &ZZ + &ZZ; - - CompletedPoint{ - X: &PM - &MP, - Y: &PM + &MP, - Z: &ZZ2 - &TT2d, - T: &ZZ2 + &TT2d - } - } -} - -//#[doc(hidden)] -impl<'a, 'b> Add<&'b AffineNielsPoint> for &'a EdwardsPoint { - type Output = CompletedPoint; - - fn add(self, other: &'b AffineNielsPoint) -> CompletedPoint { - let Y_plus_X = &self.Y + &self.X; - let Y_minus_X = &self.Y - &self.X; - let PP = &Y_plus_X * &other.y_plus_x; - let MM = &Y_minus_X * &other.y_minus_x; - let Txy2d = &self.T * &other.xy2d; - let Z2 = &self.Z + &self.Z; - - CompletedPoint{ - X: &PP - &MM, - Y: &PP + &MM, - Z: &Z2 + &Txy2d, - T: &Z2 - &Txy2d - } - } -} - -//#[doc(hidden)] -impl<'a, 'b> Sub<&'b AffineNielsPoint> for &'a EdwardsPoint { - type Output = CompletedPoint; - - fn sub(self, other: &'b AffineNielsPoint) -> CompletedPoint { - let Y_plus_X = &self.Y + &self.X; - let Y_minus_X = &self.Y - &self.X; - let PM = &Y_plus_X * &other.y_minus_x; - let MP = &Y_minus_X * &other.y_plus_x; - let Txy2d = &self.T * &other.xy2d; - let Z2 = &self.Z + &self.Z; - - CompletedPoint{ - X: &PM - &MP, - Y: &PM + &MP, - Z: &Z2 - &Txy2d, - T: &Z2 + &Txy2d - } - } -} - -// ------------------------------------------------------------------------ -// Negation -// ------------------------------------------------------------------------ - -impl<'a> Neg for &'a ProjectiveNielsPoint { - type Output = ProjectiveNielsPoint; - - fn neg(self) -> ProjectiveNielsPoint { - ProjectiveNielsPoint{ - Y_plus_X: self.Y_minus_X, - Y_minus_X: self.Y_plus_X, - Z: self.Z, - T2d: -(&self.T2d), - } - } -} - -impl<'a> Neg for &'a AffineNielsPoint { - type Output = AffineNielsPoint; - - fn neg(self) -> AffineNielsPoint { - AffineNielsPoint{ - y_plus_x: self.y_minus_x, - y_minus_x: self.y_plus_x, - xy2d: -(&self.xy2d) - } - } -} - -// ------------------------------------------------------------------------ -// Debug traits -// ------------------------------------------------------------------------ - -impl Debug for ProjectivePoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "ProjectivePoint{{\n\tX: {:?},\n\tY: {:?},\n\tZ: {:?}\n}}", - &self.X, &self.Y, &self.Z) - } -} - -impl Debug for CompletedPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "CompletedPoint{{\n\tX: {:?},\n\tY: {:?},\n\tZ: {:?},\n\tT: {:?}\n}}", - &self.X, &self.Y, &self.Z, &self.T) - } -} - -impl Debug for AffineNielsPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "AffineNielsPoint{{\n\ty_plus_x: {:?},\n\ty_minus_x: {:?},\n\txy2d: {:?}\n}}", - &self.y_plus_x, &self.y_minus_x, &self.xy2d) - } -} - -impl Debug for ProjectiveNielsPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "ProjectiveNielsPoint{{\n\tY_plus_X: {:?},\n\tY_minus_X: {:?},\n\tZ: {:?},\n\tT2d: {:?}\n}}", - &self.Y_plus_X, &self.Y_minus_X, &self.Z, &self.T2d) - } -} - - diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u32/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u32/field.rs deleted file mode 100644 index 2864c955e2a6..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u32/field.rs +++ /dev/null @@ -1,260 +0,0 @@ -// -*- mode: rust; coding: utf-8; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2018 Isis Lovecruft, Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - Isis Agora Lovecruft -// - Henry de Valence - -//! Field arithmetic modulo \\(p = 2\^{255} - 19\\), using \\(32\\)-bit -//! limbs with \\(64\\)-bit products. -//! -//! This code was originally derived from Adam Langley's Golang ed25519 -//! implementation, and was then rewritten to use unsigned limbs instead -//! of signed limbs. -//! -//! This uses the formally-verified field arithmetic generated by the -//! [fiat-crypto project](https://github.com/mit-plv/fiat-crypto) - -use core::fmt::Debug; -use core::ops::Neg; -use core::ops::{Add, AddAssign}; -use core::ops::{Mul, MulAssign}; -use core::ops::{Sub, SubAssign}; - -use subtle::Choice; -use subtle::ConditionallySelectable; - -use zeroize::Zeroize; - -use fiat_crypto::curve25519_32::*; - -/// A `FieldElement2625` represents an element of the field -/// \\( \mathbb Z / (2\^{255} - 19)\\). -/// -/// In the 32-bit implementation, a `FieldElement` is represented in -/// radix \\(2\^{25.5}\\) as ten `u32`s. This means that a field -/// element \\(x\\) is represented as -/// $$ -/// x = \sum\_{i=0}\^9 x\_i 2\^{\lceil i \frac {51} 2 \rceil} -/// = x\_0 + x\_1 2\^{26} + x\_2 2\^{51} + x\_3 2\^{77} + \cdots + x\_9 2\^{230}; -/// $$ -/// the coefficients are alternately bounded by \\(2\^{25}\\) and -/// \\(2\^{26}\\). The limbs are allowed to grow between reductions up -/// to \\(2\^{25+b}\\) or \\(2\^{26+b}\\), where \\(b = 1.75\\). -/// -/// # Note -/// -/// The `curve25519_dalek::field` module provides a type alias -/// `curve25519_dalek::field::FieldElement` to either `FieldElement51` -/// or `FieldElement2625`. -/// -/// The backend-specific type `FieldElement2625` should not be used -/// outside of the `curve25519_dalek::field` module. -#[derive(Copy, Clone)] -pub struct FieldElement2625(pub(crate) [u32; 10]); - -impl Debug for FieldElement2625 { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "FieldElement2625({:?})", &self.0[..]) - } -} - -impl Zeroize for FieldElement2625 { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -impl<'b> AddAssign<&'b FieldElement2625> for FieldElement2625 { - fn add_assign(&mut self, _rhs: &'b FieldElement2625) { - let input = self.0; - fiat_25519_add(&mut self.0, &input, &_rhs.0); - let input = self.0; - fiat_25519_carry(&mut self.0, &input); - } -} - -impl<'a, 'b> Add<&'b FieldElement2625> for &'a FieldElement2625 { - type Output = FieldElement2625; - fn add(self, _rhs: &'b FieldElement2625) -> FieldElement2625 { - let mut output = *self; - fiat_25519_add(&mut output.0, &self.0, &_rhs.0); - let input = output.0; - fiat_25519_carry(&mut output.0, &input); - output - } -} - -impl<'b> SubAssign<&'b FieldElement2625> for FieldElement2625 { - fn sub_assign(&mut self, _rhs: &'b FieldElement2625) { - let input = self.0; - fiat_25519_sub(&mut self.0, &input, &_rhs.0); - let input = self.0; - fiat_25519_carry(&mut self.0, &input); - } -} - -impl<'a, 'b> Sub<&'b FieldElement2625> for &'a FieldElement2625 { - type Output = FieldElement2625; - fn sub(self, _rhs: &'b FieldElement2625) -> FieldElement2625 { - let mut output = *self; - fiat_25519_sub(&mut output.0, &self.0, &_rhs.0); - let input = output.0; - fiat_25519_carry(&mut output.0, &input); - output - } -} - -impl<'b> MulAssign<&'b FieldElement2625> for FieldElement2625 { - fn mul_assign(&mut self, _rhs: &'b FieldElement2625) { - let input = self.0; - fiat_25519_carry_mul(&mut self.0, &input, &_rhs.0); - } -} - -impl<'a, 'b> Mul<&'b FieldElement2625> for &'a FieldElement2625 { - type Output = FieldElement2625; - fn mul(self, _rhs: &'b FieldElement2625) -> FieldElement2625 { - let mut output = *self; - fiat_25519_carry_mul(&mut output.0, &self.0, &_rhs.0); - output - } -} - -impl<'a> Neg for &'a FieldElement2625 { - type Output = FieldElement2625; - fn neg(self) -> FieldElement2625 { - let mut output = *self; - fiat_25519_opp(&mut output.0, &self.0); - let input = output.0; - fiat_25519_carry(&mut output.0, &input); - output - } -} - -impl ConditionallySelectable for FieldElement2625 { - fn conditional_select( - a: &FieldElement2625, - b: &FieldElement2625, - choice: Choice, - ) -> FieldElement2625 { - let mut output = [0u32; 10]; - fiat_25519_selectznz(&mut output, choice.unwrap_u8() as fiat_25519_u1, &a.0, &b.0); - FieldElement2625(output) - } - - fn conditional_assign(&mut self, other: &FieldElement2625, choice: Choice) { - let mut output = [0u32; 10]; - let choicebit = choice.unwrap_u8() as fiat_25519_u1; - fiat_25519_cmovznz_u32(&mut output[0], choicebit, self.0[0], other.0[0]); - fiat_25519_cmovznz_u32(&mut output[1], choicebit, self.0[1], other.0[1]); - fiat_25519_cmovznz_u32(&mut output[2], choicebit, self.0[2], other.0[2]); - fiat_25519_cmovznz_u32(&mut output[3], choicebit, self.0[3], other.0[3]); - fiat_25519_cmovznz_u32(&mut output[4], choicebit, self.0[4], other.0[4]); - fiat_25519_cmovznz_u32(&mut output[5], choicebit, self.0[5], other.0[5]); - fiat_25519_cmovznz_u32(&mut output[6], choicebit, self.0[6], other.0[6]); - fiat_25519_cmovznz_u32(&mut output[7], choicebit, self.0[7], other.0[7]); - fiat_25519_cmovznz_u32(&mut output[8], choicebit, self.0[8], other.0[8]); - fiat_25519_cmovznz_u32(&mut output[9], choicebit, self.0[9], other.0[9]); - *self = FieldElement2625(output); - } - - fn conditional_swap(a: &mut FieldElement2625, b: &mut FieldElement2625, choice: Choice) { - u32::conditional_swap(&mut a.0[0], &mut b.0[0], choice); - u32::conditional_swap(&mut a.0[1], &mut b.0[1], choice); - u32::conditional_swap(&mut a.0[2], &mut b.0[2], choice); - u32::conditional_swap(&mut a.0[3], &mut b.0[3], choice); - u32::conditional_swap(&mut a.0[4], &mut b.0[4], choice); - u32::conditional_swap(&mut a.0[5], &mut b.0[5], choice); - u32::conditional_swap(&mut a.0[6], &mut b.0[6], choice); - u32::conditional_swap(&mut a.0[7], &mut b.0[7], choice); - u32::conditional_swap(&mut a.0[8], &mut b.0[8], choice); - u32::conditional_swap(&mut a.0[9], &mut b.0[9], choice); - } -} - -impl FieldElement2625 { - /// Invert the sign of this field element - pub fn negate(&mut self) { - let neg = self.neg(); - self.0 = neg.0; - } - - /// Construct zero. - pub fn zero() -> FieldElement2625 { - FieldElement2625([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) - } - - /// Construct one. - pub fn one() -> FieldElement2625 { - FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]) - } - - /// Construct -1. - pub fn minus_one() -> FieldElement2625 { - FieldElement2625([ - 0x3ffffec, 0x1ffffff, 0x3ffffff, 0x1ffffff, 0x3ffffff, 0x1ffffff, 0x3ffffff, 0x1ffffff, - 0x3ffffff, 0x1ffffff, - ]) - } - - /// Given `k > 0`, return `self^(2^k)`. - pub fn pow2k(&self, k: u32) -> FieldElement2625 { - debug_assert!(k > 0); - let mut z = self.square(); - for _ in 1..k { - z = z.square(); - } - z - } - - /// Load a `FieldElement2625` from the low 255 bits of a 256-bit - /// input. - /// - /// # Warning - /// - /// This function does not check that the input used the canonical - /// representative. It masks the high bit, but it will happily - /// decode 2^255 - 18 to 1. Applications that require a canonical - /// encoding of every field element should decode, re-encode to - /// the canonical encoding, and check that the input was - /// canonical. - pub fn from_bytes(data: &[u8; 32]) -> FieldElement2625 { - let mut temp = [0u8; 32]; - temp.copy_from_slice(data); - temp[31] &= 127u8; - let mut output = [0u32; 10]; - fiat_25519_from_bytes(&mut output, &temp); - FieldElement2625(output) - } - - /// Serialize this `FieldElement51` to a 32-byte array. The - /// encoding is canonical. - pub fn to_bytes(&self) -> [u8; 32] { - let mut bytes = [0u8; 32]; - fiat_25519_to_bytes(&mut bytes, &self.0); - return bytes; - } - - /// Compute `self^2`. - pub fn square(&self) -> FieldElement2625 { - let mut output = *self; - fiat_25519_carry_square(&mut output.0, &self.0); - output - } - - /// Compute `2*self^2`. - pub fn square2(&self) -> FieldElement2625 { - let mut output = *self; - let mut temp = *self; - // Void vs return type, measure cost of copying self - fiat_25519_carry_square(&mut temp.0, &self.0); - fiat_25519_add(&mut output.0, &temp.0, &temp.0); - let input = output.0; - fiat_25519_carry(&mut output.0, &input); - output - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u64/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u64/field.rs deleted file mode 100644 index 7e381b6c48ce..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u64/field.rs +++ /dev/null @@ -1,249 +0,0 @@ -// -*- mode: rust; coding: utf-8; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2018 Isis Lovecruft, Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - Isis Agora Lovecruft -// - Henry de Valence - -//! Field arithmetic modulo \\(p = 2\^{255} - 19\\), using \\(64\\)-bit -//! limbs with \\(128\\)-bit products. -//! -//! This uses the formally-verified field arithmetic generated by the -//! [fiat-crypto project](https://github.com/mit-plv/fiat-crypto) - -use core::fmt::Debug; -use core::ops::Neg; -use core::ops::{Add, AddAssign}; -use core::ops::{Mul, MulAssign}; -use core::ops::{Sub, SubAssign}; - -use subtle::Choice; -use subtle::ConditionallySelectable; - -use zeroize::Zeroize; - -use fiat_crypto::curve25519_64::*; - -/// A `FieldElement51` represents an element of the field -/// \\( \mathbb Z / (2\^{255} - 19)\\). -/// -/// In the 64-bit implementation, a `FieldElement` is represented in -/// radix \\(2\^{51}\\) as five `u64`s; the coefficients are allowed to -/// grow up to \\(2\^{54}\\) between reductions modulo \\(p\\). -/// -/// # Note -/// -/// The `curve25519_dalek::field` module provides a type alias -/// `curve25519_dalek::field::FieldElement` to either `FieldElement51` -/// or `FieldElement2625`. -/// -/// The backend-specific type `FieldElement51` should not be used -/// outside of the `curve25519_dalek::field` module. -#[derive(Copy, Clone)] -pub struct FieldElement51(pub(crate) [u64; 5]); - -impl Debug for FieldElement51 { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "FieldElement51({:?})", &self.0[..]) - } -} - -impl Zeroize for FieldElement51 { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -impl<'b> AddAssign<&'b FieldElement51> for FieldElement51 { - fn add_assign(&mut self, _rhs: &'b FieldElement51) { - let input = self.0; - fiat_25519_add(&mut self.0, &input, &_rhs.0); - let input = self.0; - fiat_25519_carry(&mut self.0, &input); - } -} - -impl<'a, 'b> Add<&'b FieldElement51> for &'a FieldElement51 { - type Output = FieldElement51; - fn add(self, _rhs: &'b FieldElement51) -> FieldElement51 { - let mut output = *self; - fiat_25519_add(&mut output.0, &self.0, &_rhs.0); - let input = output.0; - fiat_25519_carry(&mut output.0, &input); - output - } -} - -impl<'b> SubAssign<&'b FieldElement51> for FieldElement51 { - fn sub_assign(&mut self, _rhs: &'b FieldElement51) { - let input = self.0; - fiat_25519_sub(&mut self.0, &input, &_rhs.0); - let input = self.0; - fiat_25519_carry(&mut self.0, &input); - } -} - -impl<'a, 'b> Sub<&'b FieldElement51> for &'a FieldElement51 { - type Output = FieldElement51; - fn sub(self, _rhs: &'b FieldElement51) -> FieldElement51 { - let mut output = *self; - fiat_25519_sub(&mut output.0, &self.0, &_rhs.0); - let input = output.0; - fiat_25519_carry(&mut output.0, &input); - output - } -} - -impl<'b> MulAssign<&'b FieldElement51> for FieldElement51 { - fn mul_assign(&mut self, _rhs: &'b FieldElement51) { - let input = self.0; - fiat_25519_carry_mul(&mut self.0, &input, &_rhs.0); - } -} - -impl<'a, 'b> Mul<&'b FieldElement51> for &'a FieldElement51 { - type Output = FieldElement51; - fn mul(self, _rhs: &'b FieldElement51) -> FieldElement51 { - let mut output = *self; - fiat_25519_carry_mul(&mut output.0, &self.0, &_rhs.0); - output - } -} - -impl<'a> Neg for &'a FieldElement51 { - type Output = FieldElement51; - fn neg(self) -> FieldElement51 { - let mut output = *self; - fiat_25519_opp(&mut output.0, &self.0); - let input = output.0; - fiat_25519_carry(&mut output.0, &input); - output - } -} - -impl ConditionallySelectable for FieldElement51 { - fn conditional_select( - a: &FieldElement51, - b: &FieldElement51, - choice: Choice, - ) -> FieldElement51 { - let mut output = [0u64; 5]; - fiat_25519_selectznz(&mut output, choice.unwrap_u8() as fiat_25519_u1, &a.0, &b.0); - FieldElement51(output) - } - - fn conditional_swap(a: &mut FieldElement51, b: &mut FieldElement51, choice: Choice) { - u64::conditional_swap(&mut a.0[0], &mut b.0[0], choice); - u64::conditional_swap(&mut a.0[1], &mut b.0[1], choice); - u64::conditional_swap(&mut a.0[2], &mut b.0[2], choice); - u64::conditional_swap(&mut a.0[3], &mut b.0[3], choice); - u64::conditional_swap(&mut a.0[4], &mut b.0[4], choice); - } - - fn conditional_assign(&mut self, _rhs: &FieldElement51, choice: Choice) { - let mut output = [0u64; 5]; - let choicebit = choice.unwrap_u8() as fiat_25519_u1; - fiat_25519_cmovznz_u64(&mut output[0], choicebit, self.0[0], _rhs.0[0]); - fiat_25519_cmovznz_u64(&mut output[1], choicebit, self.0[1], _rhs.0[1]); - fiat_25519_cmovznz_u64(&mut output[2], choicebit, self.0[2], _rhs.0[2]); - fiat_25519_cmovznz_u64(&mut output[3], choicebit, self.0[3], _rhs.0[3]); - fiat_25519_cmovznz_u64(&mut output[4], choicebit, self.0[4], _rhs.0[4]); - *self = FieldElement51(output); - } -} - -impl FieldElement51 { - /// Construct zero. - pub fn zero() -> FieldElement51 { - FieldElement51([0, 0, 0, 0, 0]) - } - - /// Construct one. - pub fn one() -> FieldElement51 { - FieldElement51([1, 0, 0, 0, 0]) - } - - /// Construct -1. - pub fn minus_one() -> FieldElement51 { - FieldElement51([ - 2251799813685228, - 2251799813685247, - 2251799813685247, - 2251799813685247, - 2251799813685247, - ]) - } - - /// Given 64-bit input limbs, reduce to enforce the bound 2^(51 + epsilon). - #[inline(always)] - #[allow(dead_code)] // Need this to not complain about reduce not being used - fn reduce(mut limbs: [u64; 5]) -> FieldElement51 { - let input = limbs; - fiat_25519_carry(&mut limbs, &input); - FieldElement51(limbs) - } - - /// Load a `FieldElement51` from the low 255 bits of a 256-bit - /// input. - /// - /// # Warning - /// - /// This function does not check that the input used the canonical - /// representative. It masks the high bit, but it will happily - /// decode 2^255 - 18 to 1. Applications that require a canonical - /// encoding of every field element should decode, re-encode to - /// the canonical encoding, and check that the input was - /// canonical. - /// - pub fn from_bytes(bytes: &[u8; 32]) -> FieldElement51 { - let mut temp = [0u8; 32]; - temp.copy_from_slice(bytes); - temp[31] &= 127u8; - let mut output = [0u64; 5]; - fiat_25519_from_bytes(&mut output, &temp); - FieldElement51(output) - } - - /// Serialize this `FieldElement51` to a 32-byte array. The - /// encoding is canonical. - pub fn to_bytes(&self) -> [u8; 32] { - let mut bytes = [0u8; 32]; - fiat_25519_to_bytes(&mut bytes, &self.0); - return bytes; - } - - /// Given `k > 0`, return `self^(2^k)`. - pub fn pow2k(&self, mut k: u32) -> FieldElement51 { - let mut output = *self; - loop { - let input = output.0; - fiat_25519_carry_square(&mut output.0, &input); - k -= 1; - if k == 0 { - return output; - } - } - } - - /// Returns the square of this field element. - pub fn square(&self) -> FieldElement51 { - let mut output = *self; - fiat_25519_carry_square(&mut output.0, &self.0); - output - } - - /// Returns 2 times the square of this field element. - pub fn square2(&self) -> FieldElement51 { - let mut output = *self; - let mut temp = *self; - // Void vs return type, measure cost of copying self - fiat_25519_carry_square(&mut temp.0, &self.0); - fiat_25519_add(&mut output.0, &temp.0, &temp.0); - let input = output.0; - fiat_25519_carry(&mut output.0, &input); - output - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/mod.rs deleted file mode 100644 index 971afe97f4fb..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/mod.rs +++ /dev/null @@ -1,55 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Serial implementations of field, scalar, point arithmetic. -//! -//! When the vector backend is disabled, the crate uses the -//! mixed-model strategy for implementing point operations and scalar -//! multiplication; see the [`curve_models`](self::curve_models) and -//! [`scalar_mul`](self::scalar_mul) documentation for more -//! information. -//! -//! When the vector backend is enabled, the field and scalar -//! implementations are still used for non-vectorized operations. -//! -//! Note: at this time the `u32` and `u64` backends cannot be built -//! together. - -#[cfg(not(any( - feature = "u32_backend", - feature = "u64_backend", - feature = "fiat_u32_backend", - feature = "fiat_u64_backend" -)))] -compile_error!( - "no curve25519-dalek backend cargo feature enabled! \ - please enable one of: u32_backend, u64_backend, fiat_u32_backend, fiat_u64_backend" -); - -#[cfg(feature = "u32_backend")] -pub mod u32; - -#[cfg(feature = "u64_backend")] -pub mod u64; - -#[cfg(feature = "fiat_u32_backend")] -pub mod fiat_u32; - -#[cfg(feature = "fiat_u64_backend")] -pub mod fiat_u64; - -pub mod curve_models; - -#[cfg(not(all( - feature = "simd_backend", - any(target_feature = "avx2", target_feature = "avx512ifma") -)))] -pub mod scalar_mul; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/mod.rs deleted file mode 100644 index 8bdad1fe0888..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/mod.rs +++ /dev/null @@ -1,31 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Implementations of various scalar multiplication algorithms. -//! -//! Note that all of these implementations use serial code for field -//! arithmetic with the multi-model strategy described in the -//! `curve_models` module. The vectorized AVX2 backend has its own -//! scalar multiplication implementations, since it only uses one -//! curve model. - -pub mod variable_base; - -pub mod vartime_double_base; - -#[cfg(feature = "alloc")] -pub mod straus; - -#[cfg(feature = "alloc")] -pub mod precomputed_straus; - -#[cfg(feature = "alloc")] -pub mod pippenger; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/pippenger.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/pippenger.rs deleted file mode 100644 index 575291d68180..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/pippenger.rs +++ /dev/null @@ -1,202 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2019 Oleg Andreev -// See LICENSE for licensing information. -// -// Authors: -// - Oleg Andreev - -//! Implementation of a variant of Pippenger's algorithm. - -#![allow(non_snake_case)] - -use core::borrow::Borrow; - -use edwards::EdwardsPoint; -use scalar::Scalar; -use traits::VartimeMultiscalarMul; - -#[allow(unused_imports)] -use prelude::*; - -/// Implements a version of Pippenger's algorithm. -/// -/// The algorithm works as follows: -/// -/// Let `n` be a number of point-scalar pairs. -/// Let `w` be a window of bits (6..8, chosen based on `n`, see cost factor). -/// -/// 1. Prepare `2^(w-1) - 1` buckets with indices `[1..2^(w-1))` initialized with identity points. -/// Bucket 0 is not needed as it would contain points multiplied by 0. -/// 2. Convert scalars to a radix-`2^w` representation with signed digits in `[-2^w/2, 2^w/2]`. -/// Note: only the last digit may equal `2^w/2`. -/// 3. Starting with the last window, for each point `i=[0..n)` add it to a a bucket indexed by -/// the point's scalar's value in the window. -/// 4. Once all points in a window are sorted into buckets, add buckets by multiplying each -/// by their index. Efficient way of doing it is to start with the last bucket and compute two sums: -/// intermediate sum from the last to the first, and the full sum made of all intermediate sums. -/// 5. Shift the resulting sum of buckets by `w` bits by using `w` doublings. -/// 6. Add to the return value. -/// 7. Repeat the loop. -/// -/// Approximate cost w/o wNAF optimizations (A = addition, D = doubling): -/// -/// ```ascii -/// cost = (n*A + 2*(2^w/2)*A + w*D + A)*256/w -/// | | | | | -/// | | | | looping over 256/w windows -/// | | | adding to the result -/// sorting points | shifting the sum by w bits (to the next window, starting from last window) -/// one by one | -/// into buckets adding/subtracting all buckets -/// multiplied by their indexes -/// using a sum of intermediate sums -/// ``` -/// -/// For large `n`, dominant factor is (n*256/w) additions. -/// However, if `w` is too big and `n` is not too big, then `(2^w/2)*A` could dominate. -/// Therefore, the optimal choice of `w` grows slowly as `n` grows. -/// -/// This algorithm is adapted from section 4 of . -pub struct Pippenger; - -#[cfg(any(feature = "alloc", feature = "std"))] -impl VartimeMultiscalarMul for Pippenger { - type Point = EdwardsPoint; - - fn optional_multiscalar_mul(scalars: I, points: J) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator>, - { - use traits::Identity; - - let mut scalars = scalars.into_iter(); - let size = scalars.by_ref().size_hint().0; - - // Digit width in bits. As digit width grows, - // number of point additions goes down, but amount of - // buckets and bucket additions grows exponentially. - let w = if size < 500 { - 6 - } else if size < 800 { - 7 - } else { - 8 - }; - - let max_digit: usize = 1 << w; - let digits_count: usize = Scalar::to_radix_2w_size_hint(w); - let buckets_count: usize = max_digit / 2; // digits are signed+centered hence 2^w/2, excluding 0-th bucket - - // Collect optimized scalars and points in buffers for repeated access - // (scanning the whole set per digit position). - let scalars = scalars - .map(|s| s.borrow().to_radix_2w(w)); - - let points = points - .into_iter() - .map(|p| p.map(|P| P.to_projective_niels())); - - let scalars_points = scalars - .zip(points) - .map(|(s, maybe_p)| maybe_p.map(|p| (s, p))) - .collect::>>()?; - - // Prepare 2^w/2 buckets. - // buckets[i] corresponds to a multiplication factor (i+1). - let mut buckets: Vec<_> = (0..buckets_count) - .map(|_| EdwardsPoint::identity()) - .collect(); - - let mut columns = (0..digits_count).rev().map(|digit_index| { - // Clear the buckets when processing another digit. - for i in 0..buckets_count { - buckets[i] = EdwardsPoint::identity(); - } - - // Iterate over pairs of (point, scalar) - // and add/sub the point to the corresponding bucket. - // Note: if we add support for precomputed lookup tables, - // we'll be adding/subtracting point premultiplied by `digits[i]` to buckets[0]. - for (digits, pt) in scalars_points.iter() { - // Widen digit so that we don't run into edge cases when w=8. - let digit = digits[digit_index] as i16; - if digit > 0 { - let b = (digit - 1) as usize; - buckets[b] = (&buckets[b] + pt).to_extended(); - } else if digit < 0 { - let b = (-digit - 1) as usize; - buckets[b] = (&buckets[b] - pt).to_extended(); - } - } - - // Add the buckets applying the multiplication factor to each bucket. - // The most efficient way to do that is to have a single sum with two running sums: - // an intermediate sum from last bucket to the first, and a sum of intermediate sums. - // - // For example, to add buckets 1*A, 2*B, 3*C we need to add these points: - // C - // C B - // C B A Sum = C + (C+B) + (C+B+A) - let mut buckets_intermediate_sum = buckets[buckets_count - 1]; - let mut buckets_sum = buckets[buckets_count - 1]; - for i in (0..(buckets_count - 1)).rev() { - buckets_intermediate_sum += buckets[i]; - buckets_sum += buckets_intermediate_sum; - } - - buckets_sum - }); - - // Take the high column as an initial value to avoid wasting time doubling the identity element in `fold()`. - // `unwrap()` always succeeds because we know we have more than zero digits. - let hi_column = columns.next().unwrap(); - - Some( - columns - .fold(hi_column, |total, p| total.mul_by_pow_2(w as u32) + p), - ) - } -} - -#[cfg(test)] -mod test { - use super::*; - use constants; - use scalar::Scalar; - - #[test] - fn test_vartime_pippenger() { - // Reuse points across different tests - let mut n = 512; - let x = Scalar::from(2128506u64).invert(); - let y = Scalar::from(4443282u64).invert(); - let points: Vec<_> = (0..n) - .map(|i| constants::ED25519_BASEPOINT_POINT * Scalar::from(1 + i as u64)) - .collect(); - let scalars: Vec<_> = (0..n) - .map(|i| x + (Scalar::from(i as u64) * y)) // fast way to make ~random but deterministic scalars - .collect(); - - let premultiplied: Vec = scalars - .iter() - .zip(points.iter()) - .map(|(sc, pt)| sc * pt) - .collect(); - - while n > 0 { - let scalars = &scalars[0..n].to_vec(); - let points = &points[0..n].to_vec(); - let control: EdwardsPoint = premultiplied[0..n].iter().sum(); - - let subject = Pippenger::vartime_multiscalar_mul(scalars.clone(), points.clone()); - - assert_eq!(subject.compress(), control.compress()); - - n = n / 2; - } - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/precomputed_straus.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/precomputed_straus.rs deleted file mode 100644 index 97f5e860b3f0..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/precomputed_straus.rs +++ /dev/null @@ -1,110 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2019 Henry de Valence. -// See LICENSE for licensing information. -// -// Authors: -// - Henry de Valence - -//! Precomputation for Straus's method. - -#![allow(non_snake_case)] - -use core::borrow::Borrow; - -use backend::serial::curve_models::{ - AffineNielsPoint, CompletedPoint, ProjectiveNielsPoint, ProjectivePoint, -}; -use edwards::EdwardsPoint; -use scalar::Scalar; -use traits::Identity; -use traits::VartimePrecomputedMultiscalarMul; -use window::{NafLookupTable5, NafLookupTable8}; - -#[allow(unused_imports)] -use prelude::*; - -pub struct VartimePrecomputedStraus { - static_lookup_tables: Vec>, -} - -impl VartimePrecomputedMultiscalarMul for VartimePrecomputedStraus { - type Point = EdwardsPoint; - - fn new(static_points: I) -> Self - where - I: IntoIterator, - I::Item: Borrow, - { - Self { - static_lookup_tables: static_points - .into_iter() - .map(|P| NafLookupTable8::::from(P.borrow())) - .collect(), - } - } - - fn optional_mixed_multiscalar_mul( - &self, - static_scalars: I, - dynamic_scalars: J, - dynamic_points: K, - ) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - K: IntoIterator>, - { - let static_nafs = static_scalars - .into_iter() - .map(|c| c.borrow().non_adjacent_form(5)) - .collect::>(); - let dynamic_nafs: Vec<_> = dynamic_scalars - .into_iter() - .map(|c| c.borrow().non_adjacent_form(5)) - .collect::>(); - - let dynamic_lookup_tables = dynamic_points - .into_iter() - .map(|P_opt| P_opt.map(|P| NafLookupTable5::::from(&P))) - .collect::>>()?; - - let sp = self.static_lookup_tables.len(); - let dp = dynamic_lookup_tables.len(); - assert_eq!(sp, static_nafs.len()); - assert_eq!(dp, dynamic_nafs.len()); - - // We could save some doublings by looking for the highest - // nonzero NAF coefficient, but since we might have a lot of - // them to search, it's not clear it's worthwhile to check. - let mut S = ProjectivePoint::identity(); - for j in (0..256).rev() { - let mut R: CompletedPoint = S.double(); - - for i in 0..dp { - let t_ij = dynamic_nafs[i][j]; - if t_ij > 0 { - R = &R.to_extended() + &dynamic_lookup_tables[i].select(t_ij as usize); - } else if t_ij < 0 { - R = &R.to_extended() - &dynamic_lookup_tables[i].select(-t_ij as usize); - } - } - - for i in 0..sp { - let t_ij = static_nafs[i][j]; - if t_ij > 0 { - R = &R.to_extended() + &self.static_lookup_tables[i].select(t_ij as usize); - } else if t_ij < 0 { - R = &R.to_extended() - &self.static_lookup_tables[i].select(-t_ij as usize); - } - } - - S = R.to_projective(); - } - - Some(S.to_extended()) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/straus.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/straus.rs deleted file mode 100644 index a361df52db96..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/straus.rs +++ /dev/null @@ -1,196 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Implementation of the interleaved window method, also known as Straus' method. - -#![allow(non_snake_case)] - -use core::borrow::Borrow; - -use edwards::EdwardsPoint; -use scalar::Scalar; -use traits::MultiscalarMul; -use traits::VartimeMultiscalarMul; - -#[allow(unused_imports)] -use prelude::*; - -/// Perform multiscalar multiplication by the interleaved window -/// method, also known as Straus' method (since it was apparently -/// [first published][solution] by Straus in 1964, as a solution to [a -/// problem][problem] posted in the American Mathematical Monthly in -/// 1963). -/// -/// It is easy enough to reinvent, and has been repeatedly. The basic -/// idea is that when computing -/// \\[ -/// Q = s_1 P_1 + \cdots + s_n P_n -/// \\] -/// by means of additions and doublings, the doublings can be shared -/// across the \\( P_i \\\). -/// -/// We implement two versions, a constant-time algorithm using fixed -/// windows and a variable-time algorithm using sliding windows. They -/// are slight variations on the same idea, and are described in more -/// detail in the respective implementations. -/// -/// [solution]: https://www.jstor.org/stable/2310929 -/// [problem]: https://www.jstor.org/stable/2312273 -pub struct Straus {} - -impl MultiscalarMul for Straus { - type Point = EdwardsPoint; - - /// Constant-time Straus using a fixed window of size \\(4\\). - /// - /// Our goal is to compute - /// \\[ - /// Q = s_1 P_1 + \cdots + s_n P_n. - /// \\] - /// - /// For each point \\( P_i \\), precompute a lookup table of - /// \\[ - /// P_i, 2P_i, 3P_i, 4P_i, 5P_i, 6P_i, 7P_i, 8P_i. - /// \\] - /// - /// For each scalar \\( s_i \\), compute its radix-\\(2^4\\) - /// signed digits \\( s_{i,j} \\), i.e., - /// \\[ - /// s_i = s_{i,0} + s_{i,1} 16^1 + ... + s_{i,63} 16^{63}, - /// \\] - /// with \\( -8 \leq s_{i,j} < 8 \\). Since \\( 0 \leq |s_{i,j}| - /// \leq 8 \\), we can retrieve \\( s_{i,j} P_i \\) from the - /// lookup table with a conditional negation: using signed - /// digits halves the required table size. - /// - /// Then as in the single-base fixed window case, we have - /// \\[ - /// \begin{aligned} - /// s_i P_i &= P_i (s_{i,0} + s_{i,1} 16^1 + \cdots + s_{i,63} 16^{63}) \\\\ - /// s_i P_i &= P_i s_{i,0} + P_i s_{i,1} 16^1 + \cdots + P_i s_{i,63} 16^{63} \\\\ - /// s_i P_i &= P_i s_{i,0} + 16(P_i s_{i,1} + 16( \cdots +16P_i s_{i,63})\cdots ) - /// \end{aligned} - /// \\] - /// so each \\( s_i P_i \\) can be computed by alternately adding - /// a precomputed multiple \\( P_i s_{i,j} \\) of \\( P_i \\) and - /// repeatedly doubling. - /// - /// Now consider the two-dimensional sum - /// \\[ - /// \begin{aligned} - /// s\_1 P\_1 &=& P\_1 s\_{1,0} &+& 16 (P\_1 s\_{1,1} &+& 16 ( \cdots &+& 16 P\_1 s\_{1,63}&) \cdots ) \\\\ - /// + & & + & & + & & & & + & \\\\ - /// s\_2 P\_2 &=& P\_2 s\_{2,0} &+& 16 (P\_2 s\_{2,1} &+& 16 ( \cdots &+& 16 P\_2 s\_{2,63}&) \cdots ) \\\\ - /// + & & + & & + & & & & + & \\\\ - /// \vdots & & \vdots & & \vdots & & & & \vdots & \\\\ - /// + & & + & & + & & & & + & \\\\ - /// s\_n P\_n &=& P\_n s\_{n,0} &+& 16 (P\_n s\_{n,1} &+& 16 ( \cdots &+& 16 P\_n s\_{n,63}&) \cdots ) - /// \end{aligned} - /// \\] - /// The sum of the left-hand column is the result \\( Q \\); by - /// computing the two-dimensional sum on the right column-wise, - /// top-to-bottom, then right-to-left, we need to multiply by \\( - /// 16\\) only once per column, sharing the doublings across all - /// of the input points. - fn multiscalar_mul(scalars: I, points: J) -> EdwardsPoint - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - { - use zeroize::Zeroizing; - - use backend::serial::curve_models::ProjectiveNielsPoint; - use window::LookupTable; - use traits::Identity; - - let lookup_tables: Vec<_> = points - .into_iter() - .map(|point| LookupTable::::from(point.borrow())) - .collect(); - - // This puts the scalar digits into a heap-allocated Vec. - // To ensure that these are erased, pass ownership of the Vec into a - // Zeroizing wrapper. - let scalar_digits_vec: Vec<_> = scalars - .into_iter() - .map(|s| s.borrow().to_radix_16()) - .collect(); - let scalar_digits = Zeroizing::new(scalar_digits_vec); - - let mut Q = EdwardsPoint::identity(); - for j in (0..64).rev() { - Q = Q.mul_by_pow_2(4); - let it = scalar_digits.iter().zip(lookup_tables.iter()); - for (s_i, lookup_table_i) in it { - // R_i = s_{i,j} * P_i - let R_i = lookup_table_i.select(s_i[j]); - // Q = Q + R_i - Q = (&Q + &R_i).to_extended(); - } - } - - Q - } -} - -impl VartimeMultiscalarMul for Straus { - type Point = EdwardsPoint; - - /// Variable-time Straus using a non-adjacent form of width \\(5\\). - /// - /// This is completely similar to the constant-time code, but we - /// use a non-adjacent form for the scalar, and do not do table - /// lookups in constant time. - /// - /// The non-adjacent form has signed, odd digits. Using only odd - /// digits halves the table size (since we only need odd - /// multiples), or gives fewer additions for the same table size. - fn optional_multiscalar_mul(scalars: I, points: J) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator>, - { - use backend::serial::curve_models::{CompletedPoint, ProjectiveNielsPoint, ProjectivePoint}; - use window::NafLookupTable5; - use traits::Identity; - - let nafs: Vec<_> = scalars - .into_iter() - .map(|c| c.borrow().non_adjacent_form(5)) - .collect(); - - let lookup_tables = points - .into_iter() - .map(|P_opt| P_opt.map(|P| NafLookupTable5::::from(&P))) - .collect::>>()?; - - let mut r = ProjectivePoint::identity(); - - for i in (0..256).rev() { - let mut t: CompletedPoint = r.double(); - - for (naf, lookup_table) in nafs.iter().zip(lookup_tables.iter()) { - if naf[i] > 0 { - t = &t.to_extended() + &lookup_table.select(naf[i] as usize); - } else if naf[i] < 0 { - t = &t.to_extended() - &lookup_table.select(-naf[i] as usize); - } - } - - r = t.to_projective(); - } - - Some(r.to_extended()) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/variable_base.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/variable_base.rs deleted file mode 100644 index a4ff2ed532de..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/variable_base.rs +++ /dev/null @@ -1,46 +0,0 @@ -#![allow(non_snake_case)] - -use traits::Identity; -use scalar::Scalar; -use edwards::EdwardsPoint; -use backend::serial::curve_models::ProjectiveNielsPoint; -use window::LookupTable; - -/// Perform constant-time, variable-base scalar multiplication. -pub(crate) fn mul(point: &EdwardsPoint, scalar: &Scalar) -> EdwardsPoint { - // Construct a lookup table of [P,2P,3P,4P,5P,6P,7P,8P] - let lookup_table = LookupTable::::from(point); - // Setting s = scalar, compute - // - // s = s_0 + s_1*16^1 + ... + s_63*16^63, - // - // with `-8 ≤ s_i < 8` for `0 ≤ i < 63` and `-8 ≤ s_63 ≤ 8`. - let scalar_digits = scalar.to_radix_16(); - // Compute s*P as - // - // s*P = P*(s_0 + s_1*16^1 + s_2*16^2 + ... + s_63*16^63) - // s*P = P*s_0 + P*s_1*16^1 + P*s_2*16^2 + ... + P*s_63*16^63 - // s*P = P*s_0 + 16*(P*s_1 + 16*(P*s_2 + 16*( ... + P*s_63)...)) - // - // We sum right-to-left. - - // Unwrap first loop iteration to save computing 16*identity - let mut tmp2; - let mut tmp3 = EdwardsPoint::identity(); - let mut tmp1 = &tmp3 + &lookup_table.select(scalar_digits[63]); - // Now tmp1 = s_63*P in P1xP1 coords - for i in (0..63).rev() { - tmp2 = tmp1.to_projective(); // tmp2 = (prev) in P2 coords - tmp1 = tmp2.double(); // tmp1 = 2*(prev) in P1xP1 coords - tmp2 = tmp1.to_projective(); // tmp2 = 2*(prev) in P2 coords - tmp1 = tmp2.double(); // tmp1 = 4*(prev) in P1xP1 coords - tmp2 = tmp1.to_projective(); // tmp2 = 4*(prev) in P2 coords - tmp1 = tmp2.double(); // tmp1 = 8*(prev) in P1xP1 coords - tmp2 = tmp1.to_projective(); // tmp2 = 8*(prev) in P2 coords - tmp1 = tmp2.double(); // tmp1 = 16*(prev) in P1xP1 coords - tmp3 = tmp1.to_extended(); // tmp3 = 16*(prev) in P3 coords - tmp1 = &tmp3 + &lookup_table.select(scalar_digits[i]); - // Now tmp1 = s_i*P + 16*(prev) in P1xP1 coords - } - tmp1.to_extended() -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/vartime_double_base.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/vartime_double_base.rs deleted file mode 100644 index 03517f933e03..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/vartime_double_base.rs +++ /dev/null @@ -1,62 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence -#![allow(non_snake_case)] - -use constants; -use traits::Identity; -use scalar::Scalar; -use edwards::EdwardsPoint; -use backend::serial::curve_models::{ProjectiveNielsPoint, ProjectivePoint}; -use window::NafLookupTable5; - -/// Compute \\(aA + bB\\) in variable time, where \\(B\\) is the Ed25519 basepoint. -pub fn mul(a: &Scalar, A: &EdwardsPoint, b: &Scalar) -> EdwardsPoint { - let a_naf = a.non_adjacent_form(5); - let b_naf = b.non_adjacent_form(8); - - // Find starting index - let mut i: usize = 255; - for j in (0..256).rev() { - i = j; - if a_naf[i] != 0 || b_naf[i] != 0 { - break; - } - } - - let table_A = NafLookupTable5::::from(A); - let table_B = &constants::AFFINE_ODD_MULTIPLES_OF_BASEPOINT; - - let mut r = ProjectivePoint::identity(); - loop { - let mut t = r.double(); - - if a_naf[i] > 0 { - t = &t.to_extended() + &table_A.select(a_naf[i] as usize); - } else if a_naf[i] < 0 { - t = &t.to_extended() - &table_A.select(-a_naf[i] as usize); - } - - if b_naf[i] > 0 { - t = &t.to_extended() + &table_B.select(b_naf[i] as usize); - } else if b_naf[i] < 0 { - t = &t.to_extended() - &table_B.select(-b_naf[i] as usize); - } - - r = t.to_projective(); - - if i == 0 { - break; - } - i -= 1; - } - - r.to_extended() -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/constants.rs deleted file mode 100644 index af509cf5c329..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/constants.rs +++ /dev/null @@ -1,4789 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! This module contains various constants (such as curve parameters -//! and useful field elements like `sqrt(-1)`), as well as -//! lookup tables of pre-computed points. - -use backend::serial::curve_models::AffineNielsPoint; -use super::field::FieldElement2625; -use super::scalar::Scalar29; -use edwards::{EdwardsBasepointTable, EdwardsPoint}; -use window::{LookupTable, NafLookupTable8}; - -/// The value of minus one, equal to `-&FieldElement::one()` -pub(crate) const MINUS_ONE: FieldElement2625 = FieldElement2625([ - 67108844, 33554431, 67108863, 33554431, 67108863, 33554431, 67108863, 33554431, 67108863, 33554431 -]); - -/// Edwards `d` value, equal to `-121665/121666 mod p`. -pub(crate) const EDWARDS_D: FieldElement2625 = FieldElement2625([ - 56195235, 13857412, 51736253, 6949390, 114729, 24766616, 60832955, 30306712, 48412415, 21499315, -]); - -/// Edwards `2*d` value, equal to `2*(-121665/121666) mod p`. -pub(crate) const EDWARDS_D2: FieldElement2625 = FieldElement2625([ - 45281625, 27714825, 36363642, 13898781, 229458, 15978800, 54557047, 27058993, 29715967, 9444199, -]); - -/// One minus edwards `d` value squared, equal to `(1 - (-121665/121666) mod p) pow 2` -pub(crate) const ONE_MINUS_EDWARDS_D_SQUARED: FieldElement2625 = FieldElement2625([ - 6275446, 16937061, 44170319, 29780721, 11667076, 7397348, 39186143, 1766194, 42675006, 672202 -]); - -/// Edwards `d` value minus one squared, equal to `(((-121665/121666) mod p) - 1) pow 2` -pub(crate) const EDWARDS_D_MINUS_ONE_SQUARED: FieldElement2625 = FieldElement2625([ - 15551776, 22456977, 53683765, 23429360, 55212328, 10178283, 40474537, 4729243, 61826754, 23438029 -]); - -/// `= sqrt(a*d - 1)`, where `a = -1 (mod p)`, `d` are the Edwards curve parameters. -pub(crate) const SQRT_AD_MINUS_ONE: FieldElement2625 = FieldElement2625([ - 24849947, 33400850, 43495378, 6347714, 46036536, 32887293, 41837720, 18186727, 66238516, - 14525638, -]); - -/// `= 1/sqrt(a-d)`, where `a = -1 (mod p)`, `d` are the Edwards curve parameters. -pub(crate) const INVSQRT_A_MINUS_D: FieldElement2625 = FieldElement2625([ - 6111466, 4156064, 39310137, 12243467, 41204824, 120896, 20826367, 26493656, 6093567, 31568420, -]); - -/// Precomputed value of one of the square roots of -1 (mod p) -pub(crate) const SQRT_M1: FieldElement2625 = FieldElement2625([ - 34513072, 25610706, 9377949, 3500415, 12389472, 33281959, 41962654, 31548777, 326685, 11406482, -]); - -/// `APLUS2_OVER_FOUR` is (A+2)/4. (This is used internally within the Montgomery ladder.) -pub(crate) const APLUS2_OVER_FOUR: FieldElement2625 = - FieldElement2625([121666, 0, 0, 0, 0, 0, 0, 0, 0, 0]); - -/// `MONTGOMERY_A` is equal to 486662, which is a constant of the curve equation -/// for Curve25519 in its Montgomery form. (This is used internally within the -/// Elligator map.) -pub(crate) const MONTGOMERY_A: FieldElement2625 = - FieldElement2625([486662, 0, 0, 0, 0, 0, 0, 0, 0, 0]); - -/// `MONTGOMERY_A_NEG` is equal to -486662. (This is used internally within the -/// Elligator map.) -pub(crate) const MONTGOMERY_A_NEG: FieldElement2625 = FieldElement2625([ - 66622183, 33554431, 67108863, 33554431, 67108863, 33554431, 67108863, 33554431, 67108863, 33554431, -]); - -/// `L` is the order of base point, i.e. 2^252 + -/// 27742317777372353535851937790883648493 -pub(crate) const L: Scalar29 = Scalar29([ - 0x1cf5d3ed, 0x009318d2, 0x1de73596, 0x1df3bd45, 0x0000014d, 0x00000000, 0x00000000, 0x00000000, - 0x00100000, -]); - -/// `L` * `LFACTOR` = -1 (mod 2^29) -pub(crate) const LFACTOR: u32 = 0x12547e1b; - -/// `R` = R % L where R = 2^261 -pub(crate) const R: Scalar29 = Scalar29([ - 0x114df9ed, 0x1a617303, 0x0f7c098c, 0x16793167, 0x1ffd656e, 0x1fffffff, 0x1fffffff, 0x1fffffff, - 0x000fffff, -]); - -/// `RR` = (R^2) % L where R = 2^261 -pub(crate) const RR: Scalar29 = Scalar29([ - 0x0b5f9d12, 0x1e141b17, 0x158d7f3d, 0x143f3757, 0x1972d781, 0x042feb7c, 0x1ceec73d, 0x1e184d1e, - 0x0005046d, -]); - -/// The Ed25519 basepoint, as an `EdwardsPoint`. -/// -/// This is called `_POINT` to distinguish it from -/// `ED25519_BASEPOINT_TABLE`, which should be used for scalar -/// multiplication (it's much faster). -pub const ED25519_BASEPOINT_POINT: EdwardsPoint = EdwardsPoint { - X: FieldElement2625([ - 52811034, 25909283, 16144682, 17082669, 27570973, 30858332, 40966398, 8378388, 20764389, - 8758491, - ]), - Y: FieldElement2625([ - 40265304, 26843545, 13421772, 20132659, 26843545, 6710886, 53687091, 13421772, 40265318, - 26843545, - ]), - Z: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - T: FieldElement2625([ - 28827043, 27438313, 39759291, 244362, 8635006, 11264893, 19351346, 13413597, 16611511, - 27139452, - ]), -}; - -/// The 8-torsion subgroup \\(\mathcal E [8]\\). -/// -/// In the case of Curve25519, it is cyclic; the \\(i\\)-th element of -/// the array is \\([i]P\\), where \\(P\\) is a point of order \\(8\\) -/// generating \\(\mathcal E[8]\\). -/// -/// Thus \\(\mathcal E[4]\\) is the points indexed by `0,2,4,6`, and -/// \\(\mathcal E[2]\\) is the points indexed by `0,4`. -/// The Ed25519 basepoint has y = 4/5. This is called `_POINT` to -/// distinguish it from `_TABLE`, which should be used for scalar -/// multiplication (it's much faster). -pub const EIGHT_TORSION: [EdwardsPoint; 8] = EIGHT_TORSION_INNER_DOC_HIDDEN; - -/// Inner item used to hide limb constants from cargo doc output. -#[doc(hidden)] -pub const EIGHT_TORSION_INNER_DOC_HIDDEN: [EdwardsPoint; 8] = [ - EdwardsPoint { - X: FieldElement2625([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - Y: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - Z: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - T: FieldElement2625([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - }, - EdwardsPoint { - X: FieldElement2625([ - 21352778, 5345713, 4660180, 25206575, 24143089, 14568123, 30185756, 21306662, 33579924, - 8345318, - ]), - Y: FieldElement2625([ - 6952903, 1265500, 60246523, 7057497, 4037696, 5447722, 35427965, 15325401, 19365852, - 31985330, - ]), - Z: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - T: FieldElement2625([ - 41846657, 21581751, 11716001, 27684820, 48915701, 16297738, 20670665, 24995334, - 3541542, 28543251, - ]), - }, - EdwardsPoint { - X: FieldElement2625([ - 32595773, 7943725, 57730914, 30054016, 54719391, 272472, 25146209, 2005654, 66782178, - 22147949, - ]), - Y: FieldElement2625([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - Z: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - T: FieldElement2625([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - }, - EdwardsPoint { - X: FieldElement2625([ - 21352778, 5345713, 4660180, 25206575, 24143089, 14568123, 30185756, 21306662, 33579924, - 8345318, - ]), - Y: FieldElement2625([ - 60155942, 32288931, 6862340, 26496934, 63071167, 28106709, 31680898, 18229030, - 47743011, 1569101, - ]), - Z: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - T: FieldElement2625([ - 25262188, 11972680, 55392862, 5869611, 18193162, 17256693, 46438198, 8559097, 63567321, - 5011180, - ]), - }, - EdwardsPoint { - X: FieldElement2625([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - Y: FieldElement2625([ - 67108844, 33554431, 67108863, 33554431, 67108863, 33554431, 67108863, 33554431, - 67108863, 33554431, - ]), - Z: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - T: FieldElement2625([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - }, - EdwardsPoint { - X: FieldElement2625([ - 45756067, 28208718, 62448683, 8347856, 42965774, 18986308, 36923107, 12247769, - 33528939, 25209113, - ]), - Y: FieldElement2625([ - 60155942, 32288931, 6862340, 26496934, 63071167, 28106709, 31680898, 18229030, - 47743011, 1569101, - ]), - Z: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - T: FieldElement2625([ - 41846657, 21581751, 11716001, 27684820, 48915701, 16297738, 20670665, 24995334, - 3541542, 28543251, - ]), - }, - EdwardsPoint { - X: FieldElement2625([ - 34513072, 25610706, 9377949, 3500415, 12389472, 33281959, 41962654, 31548777, 326685, - 11406482, - ]), - Y: FieldElement2625([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - Z: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - T: FieldElement2625([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - }, - EdwardsPoint { - X: FieldElement2625([ - 45756067, 28208718, 62448683, 8347856, 42965774, 18986308, 36923107, 12247769, - 33528939, 25209113, - ]), - Y: FieldElement2625([ - 6952903, 1265500, 60246523, 7057497, 4037696, 5447722, 35427965, 15325401, 19365852, - 31985330, - ]), - Z: FieldElement2625([1, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - T: FieldElement2625([ - 25262188, 11972680, 55392862, 5869611, 18193162, 17256693, 46438198, 8559097, 63567321, - 5011180, - ]), - }, -]; - -/// Table containing precomputed multiples of the Ed25519 basepoint \\(B = (x, 4/5)\\). -pub const ED25519_BASEPOINT_TABLE: EdwardsBasepointTable = ED25519_BASEPOINT_TABLE_INNER_DOC_HIDDEN; - -/// Inner constant, used to avoid filling the docs with precomputed points. -#[doc(hidden)] -pub const ED25519_BASEPOINT_TABLE_INNER_DOC_HIDDEN: EdwardsBasepointTable = - EdwardsBasepointTable([ - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 93076338, 52752828, 29566454, 37215328, 54414518, 37569218, 94653489, 21800160, - 61029707, 35602036, - ]), - y_minus_x: FieldElement2625([ - 54563134, 934261, 64385954, 3049989, 66381436, 9406985, 12720692, 5043384, - 19500929, 18085054, - ]), - xy2d: FieldElement2625([ - 58370664, 4489569, 9688441, 18769238, 10184608, 21191052, 29287918, 11864899, - 42594502, 29115885, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 54292951, 54132516, 45527619, 11784319, 41753206, 30803714, 55390960, 29739860, - 66750418, 23343128, - ]), - y_minus_x: FieldElement2625([ - 45405608, 6903824, 27185491, 6451973, 37531140, 24000426, 51492312, 11189267, - 40279186, 28235350, - ]), - xy2d: FieldElement2625([ - 26966623, 11152617, 32442495, 15396054, 14353839, 20802097, 63980037, 24013313, - 51636816, 29387734, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 82745136, 23865874, 24204772, 25642034, 67725840, 16869169, 94896463, 52336674, - 28944398, 32004408, - ]), - y_minus_x: FieldElement2625([ - 16568933, 4717097, 55552716, 32452109, 15682895, 21747389, 16354576, 21778470, - 7689661, 11199574, - ]), - xy2d: FieldElement2625([ - 30464137, 27578307, 55329429, 17883566, 23220364, 15915852, 7512774, 10017326, - 49359771, 23634074, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 50071967, 13921891, 78054670, 27521000, 27105051, 17470053, 105291517, - 15006021, 70393432, 27277891, - ]), - y_minus_x: FieldElement2625([ - 23599295, 25248385, 55915199, 25867015, 13236773, 10506355, 7464579, 9656445, - 13059162, 10374397, - ]), - xy2d: FieldElement2625([ - 7798537, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, 29715387, - 66467155, 33453106, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 77970208, 11473153, 27284546, 35535607, 37044514, 46132292, 99976748, 48069538, - 118779423, 44373810, - ]), - y_minus_x: FieldElement2625([ - 4708026, 6336745, 20377586, 9066809, 55836755, 6594695, 41455196, 12483687, - 54440373, 5581305, - ]), - xy2d: FieldElement2625([ - 19563141, 16186464, 37722007, 4097518, 10237984, 29206317, 28542349, 13850243, - 43430843, 17738489, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 51736881, 20691677, 32573249, 4720197, 107781206, 39429941, 115029100, - 18329611, 124398787, 21468653, - ]), - y_minus_x: FieldElement2625([ - 58559652, 109982, 15149363, 2178705, 22900618, 4543417, 3044240, 17864545, - 1762327, 14866737, - ]), - xy2d: FieldElement2625([ - 48909169, 17603008, 56635573, 1707277, 49922944, 3916100, 38872452, 3959420, - 27914454, 4383652, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 72262591, 43463716, 68832610, 30776557, 97632468, 39071304, 86589715, 38784565, - 43156424, 18378665, - ]), - y_minus_x: FieldElement2625([ - 36839857, 30090922, 7665485, 10083793, 28475525, 1649722, 20654025, 16520125, - 30598449, 7715701, - ]), - xy2d: FieldElement2625([ - 28881826, 14381568, 9657904, 3680757, 46927229, 7843315, 35708204, 1370707, - 29794553, 32145132, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 14499452, 64379265, 33917749, 62854211, 95603724, 14271266, 97399599, 10876453, - 33954766, 35936157, - ]), - y_minus_x: FieldElement2625([ - 59913433, 30899068, 52378708, 462250, 39384538, 3941371, 60872247, 3696004, - 34808032, 15351954, - ]), - xy2d: FieldElement2625([ - 27431194, 8222322, 16448760, 29646437, 48401861, 11938354, 34147463, 30583916, - 29551812, 10109425, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 53451805, 20399000, 102933977, 45331528, 88556249, 40073815, 64730579, - 31926875, 77201646, 28790260, - ]), - y_minus_x: FieldElement2625([ - 27939166, 14210322, 4677035, 16277044, 44144402, 21156292, 34600109, 12005537, - 49298737, 12803509, - ]), - xy2d: FieldElement2625([ - 17228999, 17892808, 65875336, 300139, 65883994, 21839654, 30364212, 24516238, - 18016356, 4397660, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 56150002, 25864224, 4776340, 18600194, 27850027, 17952220, 40489757, 14544524, - 49631360, 34537070, - ]), - y_minus_x: FieldElement2625([ - 29253598, 15796703, 64244882, 23645547, 10057022, 3163536, 7332899, 29434304, - 46061167, 9934962, - ]), - xy2d: FieldElement2625([ - 5793284, 16271923, 42977250, 23438027, 29188559, 1206517, 52360934, 4559894, - 36984942, 22656481, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 39464893, 55615857, 83391519, 22517938, 28414020, 52096600, 24191032, 38096129, - 53770554, 39054999, - ]), - y_minus_x: FieldElement2625([ - 12650548, 32057319, 9052870, 11355358, 49428827, 25154267, 49678271, 12264342, - 10874051, 13524335, - ]), - xy2d: FieldElement2625([ - 25556948, 30508442, 714650, 2510400, 23394682, 23139102, 33119037, 5080568, - 44580805, 5376627, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 108129445, 29543378, 50095164, 30016803, 60382070, 35475328, 44787558, - 57661420, 71644630, 35123438, - ]), - y_minus_x: FieldElement2625([ - 64853442, 14606629, 45416424, 25514613, 28430648, 8775819, 36614302, 3044289, - 31848280, 12543772, - ]), - xy2d: FieldElement2625([ - 45080285, 2943892, 35251351, 6777305, 13784462, 29262229, 39731668, 31491700, - 7718481, 14474653, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 69494160, 36008644, 44477543, 33601034, 62670928, 51428448, 67765827, 26317766, - 91425031, 28300864, - ]), - y_minus_x: FieldElement2625([ - 13741529, 10911568, 33875447, 24950694, 46931033, 32521134, 33040650, 20129900, - 46379407, 8321685, - ]), - xy2d: FieldElement2625([ - 21060490, 31341688, 15712756, 29218333, 1639039, 10656336, 23845965, 21679594, - 57124405, 608371, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 53436113, 18466845, 56219170, 25997372, 61071954, 11305546, 68232832, 60328286, - 94338261, 33578318, - ]), - y_minus_x: FieldElement2625([ - 43864724, 33260226, 55364135, 14712570, 37643165, 31524814, 12797023, 27114124, - 65475458, 16678953, - ]), - xy2d: FieldElement2625([ - 37608244, 4770661, 51054477, 14001337, 7830047, 9564805, 65600720, 28759386, - 49939598, 4904952, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 91168402, 48171434, 86146020, 18514523, 86874956, 18648002, 72278074, 16191879, - 69237100, 29227598, - ]), - y_minus_x: FieldElement2625([ - 50127693, 4124965, 58568254, 22900634, 30336521, 19449185, 37302527, 916032, - 60226322, 30567899, - ]), - xy2d: FieldElement2625([ - 44477957, 12419371, 59974635, 26081060, 50629959, 16739174, 285431, 2763829, - 15736322, 4143876, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 69488197, 11839344, 62998462, 27565766, 78383161, 34349388, 67321664, 18959768, - 23527083, 17096164, - ]), - y_minus_x: FieldElement2625([ - 33431108, 22423954, 49269897, 17927531, 8909498, 8376530, 34483524, 4087880, - 51919953, 19138217, - ]), - xy2d: FieldElement2625([ - 1767664, 7197987, 53903638, 31531796, 54017513, 448825, 5799055, 4357868, - 62334673, 17231393, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 6721947, 47388255, 43585475, 32003117, 93463156, 21691110, 90474010, 29604699, - 74499753, 36314231, - ]), - y_minus_x: FieldElement2625([ - 4409022, 2052381, 23373853, 10530217, 7676779, 20668478, 21302352, 29290375, - 1244379, 20634787, - ]), - xy2d: FieldElement2625([ - 62687625, 7169618, 4982368, 30596842, 30256824, 30776892, 14086412, 9208236, - 15886429, 16489664, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 69104920, 43930080, 81455230, 46865633, 60234728, 17116020, 120524529, - 33952799, 36502408, 32841498, - ]), - y_minus_x: FieldElement2625([ - 41801399, 9795879, 64331450, 14878808, 33577029, 14780362, 13348553, 12076947, - 36272402, 5113181, - ]), - xy2d: FieldElement2625([ - 49338080, 11797795, 31950843, 13929123, 41220562, 12288343, 36767763, 26218045, - 13847710, 5387222, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 48526682, 30138214, 84933706, 64767897, 89853205, 56666252, 75871923, 37172217, - 47508201, 43925422, - ]), - y_minus_x: FieldElement2625([ - 20246567, 19185054, 22358228, 33010720, 18507282, 23140436, 14554436, 24808340, - 32232923, 16763880, - ]), - xy2d: FieldElement2625([ - 9648486, 10094563, 26416693, 14745928, 36734546, 27081810, 11094160, 15689506, - 3140038, 17044340, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 50948773, 39027126, 31895587, 38299426, 75932378, 43920116, 39884063, 43003044, - 38334409, 33920726, - ]), - y_minus_x: FieldElement2625([ - 19153450, 11523972, 56012374, 27051289, 42461232, 5420646, 28344573, 8041113, - 719605, 11671788, - ]), - xy2d: FieldElement2625([ - 8678006, 2694440, 60300850, 2517371, 4964326, 11152271, 51675948, 18287915, - 27000812, 23358879, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 119059805, 40688742, 75748150, 30739554, 59873175, 43976173, 67672928, - 38890528, 73859840, 19033405, - ]), - y_minus_x: FieldElement2625([ - 11836410, 29574944, 26297893, 16080799, 23455045, 15735944, 1695823, 24735310, - 8169719, 16220347, - ]), - xy2d: FieldElement2625([ - 48993007, 8653646, 17578566, 27461813, 59083086, 17541668, 55964556, 30926767, - 61118155, 19388398, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 43800347, 22586119, 82322091, 23473217, 36255258, 22504427, 27884328, 36401716, - 69764724, 35292826, - ]), - y_minus_x: FieldElement2625([ - 39571412, 19301410, 41772562, 25551651, 57738101, 8129820, 21651608, 30315096, - 48021414, 22549153, - ]), - xy2d: FieldElement2625([ - 1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, 5821408, - 10478196, 8544890, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 32173083, 50979553, 24896205, 37475929, 22579055, 63698010, 19270447, 45771905, - 84897880, 63712868, - ]), - y_minus_x: FieldElement2625([ - 36555903, 31326030, 51530034, 23407230, 13243888, 517024, 15479401, 29701199, - 30460519, 1052596, - ]), - xy2d: FieldElement2625([ - 55493970, 13323617, 32618793, 8175907, 51878691, 12596686, 27491595, 28942073, - 3179267, 24075541, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 99055914, 52742212, 62468279, 18214510, 51982886, 27514722, 52352086, 17142691, - 19072639, 24043372, - ]), - y_minus_x: FieldElement2625([ - 11685058, 11822410, 3158003, 19601838, 33402193, 29389366, 5977895, 28339415, - 473098, 5040608, - ]), - xy2d: FieldElement2625([ - 46817982, 8198641, 39698732, 11602122, 1290375, 30754672, 28326861, 1721092, - 47550222, 30422825, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 74990396, 10687936, 74687587, 7738377, 48157852, 31000479, 88929649, 8076148, - 39240368, 11538388, - ]), - y_minus_x: FieldElement2625([ - 47173198, 3899860, 18283497, 26752864, 51380203, 22305220, 8754524, 7446702, - 61432810, 5797015, - ]), - xy2d: FieldElement2625([ - 55813245, 29760862, 51326753, 25589858, 12708868, 25098233, 2014098, 24503858, - 64739691, 27677090, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 111745333, 55540121, 106535706, 34700805, 86065554, 50194990, 68301593, - 29840232, 82232482, 44365936, - ]), - y_minus_x: FieldElement2625([ - 14352079, 30134717, 48166819, 10822654, 32750596, 4699007, 67038501, 15776355, - 38222085, 21579878, - ]), - xy2d: FieldElement2625([ - 38867681, 25481956, 62129901, 28239114, 29416930, 1847569, 46454691, 17069576, - 4714546, 23953777, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 15200313, 41923004, 86787964, 15970073, 35236190, 35513882, 24611598, 29010600, - 55362987, 45894651, - ]), - y_minus_x: FieldElement2625([ - 12876937, 23074376, 33134380, 6590940, 60801088, 14872439, 9613953, 8241152, - 15370987, 9608631, - ]), - xy2d: FieldElement2625([ - 62965568, 21540023, 8446280, 33162829, 4407737, 13629032, 59383996, 15866073, - 38898243, 24740332, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 26660609, 51431209, 75502596, 33912478, 59707572, 34547419, 43204630, 34413128, - 87680086, 41974987, - ]), - y_minus_x: FieldElement2625([ - 14620696, 13067227, 51661590, 8264466, 14106269, 15080814, 33531827, 12516406, - 45534429, 21077682, - ]), - xy2d: FieldElement2625([ - 236881, 10476226, 57258, 18877408, 6472997, 2466984, 17258519, 7256740, - 8791136, 15069930, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 68385255, 24182513, 90058498, 17231624, 43615824, 61406677, 81820737, 38428660, - 36445723, 31223040, - ]), - y_minus_x: FieldElement2625([ - 5855666, 4990204, 53397016, 7294283, 59304582, 1924646, 65685689, 25642053, - 34039526, 9234252, - ]), - xy2d: FieldElement2625([ - 20590503, 24535444, 31529743, 26201766, 64402029, 10650547, 31559055, 21944845, - 18979185, 13396066, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 24474268, 38522535, 22267081, 37961786, 91172745, 25229251, 48291976, 13594781, - 33514650, 40576390, - ]), - y_minus_x: FieldElement2625([ - 55541958, 26988926, 45743778, 15928891, 40950559, 4315420, 41160136, 29637754, - 45628383, 12868081, - ]), - xy2d: FieldElement2625([ - 38473832, 13504660, 19988037, 31421671, 21078224, 6443208, 45662757, 2244499, - 54653067, 25465048, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 36513317, 13793478, 61256044, 33873567, 41385691, 60844964, 100195408, 8957936, - 51875216, 39094952, - ]), - y_minus_x: FieldElement2625([ - 55478669, 22050529, 58989363, 25911358, 2620055, 1022908, 43398120, 31985447, - 50980335, 18591624, - ]), - xy2d: FieldElement2625([ - 23152952, 775386, 27395463, 14006635, 57407746, 4649511, 1689819, 892185, - 55595587, 18348483, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 76878974, 43141169, 93604957, 37878551, 68665374, 30004407, 94562682, 38317558, - 47929249, 39421565, - ]), - y_minus_x: FieldElement2625([ - 34343820, 1927589, 31726409, 28801137, 23962433, 17534932, 27846558, 5931263, - 37359161, 17445976, - ]), - xy2d: FieldElement2625([ - 27461885, 30576896, 22380809, 1815854, 44075111, 30522493, 7283489, 18406359, - 47582163, 7734628, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 59098581, 57518046, 55988459, 39750469, 29344157, 20123547, 74694158, 30377805, - 85658360, 48856500, - ]), - y_minus_x: FieldElement2625([ - 34450527, 27383209, 59436070, 22502750, 6258877, 13504381, 10458790, 27135971, - 58236621, 8424745, - ]), - xy2d: FieldElement2625([ - 24687186, 8613276, 36441818, 30320886, 1863891, 31723888, 19206233, 7134917, - 55824382, 32725512, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 11334880, 24336410, 75134156, 46261950, 84632755, 23078360, 77352601, 18868970, - 62042829, 50053268, - ]), - y_minus_x: FieldElement2625([ - 8911542, 6887158, 57524604, 26595841, 11145640, 24010752, 17303924, 19430194, - 6536640, 10543906, - ]), - xy2d: FieldElement2625([ - 38162480, 15479762, 49642029, 568875, 65611181, 11223453, 64439674, 16928857, - 39873154, 8876770, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 41365946, 54541999, 118567760, 32707823, 101191041, 32758142, 33627041, - 15824473, 66504438, 24514614, - ]), - y_minus_x: FieldElement2625([ - 10330056, 70051, 7957388, 24551765, 9764901, 15609756, 27698697, 28664395, - 1657393, 3084098, - ]), - xy2d: FieldElement2625([ - 10477963, 26084172, 12119565, 20303627, 29016246, 28188843, 31280318, 14396151, - 36875289, 15272408, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 54820536, 36723894, 28813182, 16658753, 92225296, 27923965, 109043770, - 54472724, 42094105, 35504935, - ]), - y_minus_x: FieldElement2625([ - 40928506, 9489186, 11053416, 18808271, 36055143, 5825629, 58724558, 24786899, - 15341278, 8373727, - ]), - xy2d: FieldElement2625([ - 28685821, 7759505, 52730348, 21551571, 35137043, 4079241, 298136, 23321830, - 64230656, 15190419, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 34175950, 47360767, 52771378, 51314432, 110213106, 10940926, 75778582, - 36296824, 108184414, 60233859, - ]), - y_minus_x: FieldElement2625([ - 65528476, 21825014, 41129205, 22109408, 49696989, 22641577, 9291593, 17306653, - 54954121, 6048604, - ]), - xy2d: FieldElement2625([ - 36803549, 14843443, 1539301, 11864366, 20201677, 1900163, 13934231, 5128323, - 11213262, 9168384, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 40828313, 44562278, 19408959, 32613674, 115624762, 29225850, 62020803, - 22449281, 20470156, 50710163, - ]), - y_minus_x: FieldElement2625([ - 43972811, 9282191, 14855179, 18164354, 59746048, 19145871, 44324911, 14461607, - 14042978, 5230683, - ]), - xy2d: FieldElement2625([ - 29969548, 30812838, 50396996, 25001989, 9175485, 31085458, 21556950, 3506042, - 61174973, 21104723, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 63964099, 42299092, 19704002, 38135710, 46678177, 6830682, 45824694, 42525944, - 38569674, 48880994, - ]), - y_minus_x: FieldElement2625([ - 47644235, 10110287, 49846336, 30050539, 43608476, 1355668, 51585814, 15300987, - 46594746, 9168259, - ]), - xy2d: FieldElement2625([ - 61755510, 4488612, 43305616, 16314346, 7780487, 17915493, 38160505, 9601604, - 33087103, 24543045, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 47665675, 18041531, 46311396, 21109108, 104393280, 43783891, 39664534, - 52108332, 61111992, 49219103, - ]), - y_minus_x: FieldElement2625([ - 23294591, 16921819, 44458082, 25083453, 27844203, 11461195, 13099750, 31094076, - 18151675, 13417686, - ]), - xy2d: FieldElement2625([ - 42385932, 29377914, 35958184, 5988918, 40250079, 6685064, 1661597, 21002991, - 15271675, 18101767, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 78541887, 20325766, 75348494, 28274914, 65123427, 32828713, 48410099, 35721975, - 60187562, 20114249, - ]), - y_minus_x: FieldElement2625([ - 35672693, 15575145, 30436815, 12192228, 44645511, 9395378, 57191156, 24915434, - 12215109, 12028277, - ]), - xy2d: FieldElement2625([ - 14098381, 6555944, 23007258, 5757252, 51681032, 20603929, 30123439, 4617780, - 50208775, 32898803, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 63082644, 51868028, 79002030, 47273095, 52299401, 35401816, 51288864, 43708440, - 91082124, 20869957, - ]), - y_minus_x: FieldElement2625([ - 40577025, 29858441, 65199965, 2534300, 35238307, 17004076, 18341389, 22134481, - 32013173, 23450893, - ]), - xy2d: FieldElement2625([ - 41629544, 10876442, 55337778, 18929291, 54739296, 1838103, 21911214, 6354752, - 4425632, 32716610, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 56675456, 18941465, 89338721, 30463384, 53917697, 34331160, 116802352, - 55088400, 71833867, 47599401, - ]), - y_minus_x: FieldElement2625([ - 19268631, 26250011, 1555348, 8692754, 45634805, 23643767, 6347389, 32142648, - 47586572, 17444675, - ]), - xy2d: FieldElement2625([ - 42244775, 12986007, 56209986, 27995847, 55796492, 33405905, 19541417, 8180106, - 9282262, 10282508, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 108012627, 37982977, 58447667, 20360168, 71207265, 52943606, 15522533, 8372215, - 72651459, 22851748, - ]), - y_minus_x: FieldElement2625([ - 56546323, 14895632, 26814552, 16880582, 49628109, 31065071, 64326972, 6993760, - 49014979, 10114654, - ]), - xy2d: FieldElement2625([ - 47001790, 32625013, 31422703, 10427861, 59998115, 6150668, 38017109, 22025285, - 25953724, 33448274, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 62874448, 59069571, 57989737, 36600431, 69210472, 54501569, 86498882, 39648727, - 63793584, 46385556, - ]), - y_minus_x: FieldElement2625([ - 51110167, 7578151, 5310217, 14408357, 33560244, 33329692, 31575953, 6326196, - 7381791, 31132593, - ]), - xy2d: FieldElement2625([ - 46206085, 3296810, 24736065, 17226043, 18374253, 7318640, 6295303, 8082724, - 51746375, 12339663, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 27724736, 35845589, 73197064, 19369633, 68901590, 39412065, 80957277, 15768921, - 92200031, 14856293, - ]), - y_minus_x: FieldElement2625([ - 48242193, 8331042, 24373479, 8541013, 66406866, 24284974, 12927299, 20858939, - 44926390, 24541532, - ]), - xy2d: FieldElement2625([ - 55685435, 28132841, 11632844, 3405020, 30536730, 21880393, 39848098, 13866389, - 30146206, 9142070, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 71032974, 18246915, 120400605, 23499470, 79400683, 32886065, 39406089, 9326383, - 58871006, 37725725, - ]), - y_minus_x: FieldElement2625([ - 51186905, 16037936, 6713787, 16606682, 45496729, 2790943, 26396185, 3731949, - 345228, 28091483, - ]), - xy2d: FieldElement2625([ - 45781307, 13448258, 25284571, 1143661, 20614966, 24705045, 2031538, 21163201, - 50855680, 19972348, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 98125037, 16832002, 93480255, 52657630, 62081513, 14854136, 17477601, 37397089, - 28012649, 50703444, - ]), - y_minus_x: FieldElement2625([ - 62033029, 9368965, 58546785, 28953529, 51858910, 6970559, 57918991, 16292056, - 58241707, 3507939, - ]), - xy2d: FieldElement2625([ - 29439664, 3537914, 23333589, 6997794, 49553303, 22536363, 51899661, 18503164, - 57943934, 6580395, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 54922984, 59429075, 83547131, 10826159, 58412047, 27318820, 84969307, 24280585, - 65013061, 42858998, - ]), - y_minus_x: FieldElement2625([ - 20714545, 29217521, 29088194, 7406487, 11426967, 28458727, 14792666, 18945815, - 5289420, 33077305, - ]), - xy2d: FieldElement2625([ - 50443312, 22903641, 60948518, 20248671, 9192019, 31751970, 17271489, 12349094, - 26939669, 29802138, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 54218947, 9373457, 98704712, 16374214, 21471720, 13221525, 39825369, 54760304, - 63410056, 33672318, - ]), - y_minus_x: FieldElement2625([ - 22263325, 26994382, 3984569, 22379786, 51994855, 32987646, 28311252, 5358056, - 43789084, 541963, - ]), - xy2d: FieldElement2625([ - 16259200, 3261970, 2309254, 18019958, 50223152, 28972515, 24134069, 16848603, - 53771797, 20002236, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 76487005, 20414245, 111371745, 20809166, 95307144, 59864765, 64709178, - 32837080, 67799289, 48430675, - ]), - y_minus_x: FieldElement2625([ - 24977353, 33240048, 58884894, 20089345, 28432342, 32378079, 54040059, 21257083, - 44727879, 6618998, - ]), - xy2d: FieldElement2625([ - 65570671, 11685645, 12944378, 13682314, 42719353, 19141238, 8044828, 19737104, - 32239828, 27901670, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 48505798, 38317421, 66182613, 42439735, 105805247, 30367115, 76890510, - 23204372, 32779358, 5095274, - ]), - y_minus_x: FieldElement2625([ - 34100715, 28339925, 34843976, 29869215, 9460460, 24227009, 42507207, 14506723, - 21639561, 30924196, - ]), - xy2d: FieldElement2625([ - 50707921, 20442216, 25239337, 15531969, 3987758, 29055114, 65819361, 26690896, - 17874573, 558605, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 53508716, 10240080, 76280747, 16131052, 46239610, 43154131, 100608350, - 38634582, 69194755, 38674192, - ]), - y_minus_x: FieldElement2625([ - 44903700, 31034903, 50727262, 414690, 42089314, 2170429, 30634760, 25190818, - 35108870, 27794547, - ]), - xy2d: FieldElement2625([ - 60263160, 15791201, 8550074, 32241778, 29928808, 21462176, 27534429, 26362287, - 44757485, 12961481, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 42616785, 57538092, 10368192, 11582341, 110820435, 31309143, 83642793, 8206995, - 104023076, 28394792, - ]), - y_minus_x: FieldElement2625([ - 55987368, 30172197, 2307365, 6362031, 66973409, 8868176, 50273234, 7031274, - 7589640, 8945490, - ]), - xy2d: FieldElement2625([ - 34956097, 8917966, 6661220, 21876816, 65916803, 17761038, 7251488, 22372252, - 24099108, 19098262, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 72128384, 25646961, 71352990, 18840075, 107284455, 40007595, 47990681, - 20265406, 127985831, 56828126, - ]), - y_minus_x: FieldElement2625([ - 10853575, 10721687, 26480089, 5861829, 44113045, 1972174, 65242217, 22996533, - 63745412, 27113307, - ]), - xy2d: FieldElement2625([ - 50106456, 5906789, 221599, 26991285, 7828207, 20305514, 24362660, 31546264, - 53242455, 7421391, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 75248772, 27007934, 99366509, 27663885, 97484582, 1886180, 113042620, 48995682, - 95935221, 29431402, - ]), - y_minus_x: FieldElement2625([ - 6267067, 9695052, 7709135, 16950835, 34239795, 31668296, 14795159, 25714308, - 13746020, 31812384, - ]), - xy2d: FieldElement2625([ - 28584883, 7787108, 60375922, 18503702, 22846040, 25983196, 63926927, 33190907, - 4771361, 25134474, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 92058101, 6376278, 39642383, 25379823, 48462709, 23623825, 100652432, 54967168, - 70678489, 44897024, - ]), - y_minus_x: FieldElement2625([ - 26514970, 4740088, 27912651, 3697550, 19331575, 22082093, 6809885, 4608608, - 7325975, 18753361, - ]), - xy2d: FieldElement2625([ - 55490446, 19000001, 42787651, 7655127, 65739590, 5214311, 39708324, 10258389, - 49462170, 25367739, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 11431185, 49377439, 93679108, 47883555, 85138853, 38350513, 35662684, 49135095, - 76389221, 29580744, - ]), - y_minus_x: FieldElement2625([ - 66948081, 23228174, 44253547, 29249434, 46247496, 19933429, 34297962, 22372809, - 51563772, 4387440, - ]), - xy2d: FieldElement2625([ - 46309467, 12194511, 3937617, 27748540, 39954043, 9340369, 42594872, 8548136, - 20617071, 26072431, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 66170039, 29623845, 58394552, 49679149, 91711988, 27329038, 53333511, 55233041, - 91454545, 10325459, - ]), - y_minus_x: FieldElement2625([ - 47253587, 31985546, 44906155, 8714033, 14007766, 6928528, 16318175, 32543743, - 4766742, 3552007, - ]), - xy2d: FieldElement2625([ - 45357481, 16823515, 1351762, 32751011, 63099193, 3950934, 3217514, 14481909, - 10988822, 29559670, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 15564288, 19242862, 70210106, 39238579, 97555643, 25503075, 79785990, 27049088, - 58813011, 46850436, - ]), - y_minus_x: FieldElement2625([ - 57666574, 6624295, 36809900, 21640754, 62437882, 31497052, 31521203, 9614054, - 37108040, 12074673, - ]), - xy2d: FieldElement2625([ - 4771172, 33419193, 14290748, 20464580, 27992297, 14998318, 65694928, 31997715, - 29832612, 17163397, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 7064865, 59567690, 115055764, 62041325, 48217593, 30641695, 92934105, 38847728, - 39986203, 46656021, - ]), - y_minus_x: FieldElement2625([ - 64810282, 2439669, 59642254, 1719964, 39841323, 17225986, 32512468, 28236839, - 36752793, 29363474, - ]), - xy2d: FieldElement2625([ - 37102324, 10162315, 33928688, 3981722, 50626726, 20484387, 14413973, 9515896, - 19568978, 9628812, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 33053784, 33753789, 83003454, 35137490, 94489106, 28973996, 49269969, 61002024, - 60817076, 36992171, - ]), - y_minus_x: FieldElement2625([ - 48129987, 3884492, 19469877, 12726490, 15913552, 13614290, 44147131, 70103, - 7463304, 4176122, - ]), - xy2d: FieldElement2625([ - 39984863, 10659916, 11482427, 17484051, 12771466, 26919315, 34389459, 28231680, - 24216881, 5944158, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 76002989, 41005405, 64444714, 57343111, 106137209, 21165315, 19345745, - 48235228, 78741856, 5847884, - ]), - y_minus_x: FieldElement2625([ - 26942781, 31239115, 9129563, 28647825, 26024104, 11769399, 55590027, 6367193, - 57381634, 4782139, - ]), - xy2d: FieldElement2625([ - 19916442, 28726022, 44198159, 22140040, 25606323, 27581991, 33253852, 8220911, - 6358847, 31680575, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 67910273, 31472729, 16569427, 44619599, 29875703, 33651059, 75017251, 29073951, - 53570360, 34941586, - ]), - y_minus_x: FieldElement2625([ - 19646058, 5720633, 55692158, 12814208, 11607948, 12749789, 14147075, 15156355, - 45242033, 11835259, - ]), - xy2d: FieldElement2625([ - 19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, 15467869, - 40548314, 5052482, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 64091413, 43612637, 69089700, 37518674, 22160965, 12322533, 60677741, 20936246, - 12228556, 26550755, - ]), - y_minus_x: FieldElement2625([ - 32944382, 14922211, 44263970, 5188527, 21913450, 24834489, 4001464, 13238564, - 60994061, 8653814, - ]), - xy2d: FieldElement2625([ - 22865569, 28901697, 27603667, 21009037, 14348957, 8234005, 24808405, 5719875, - 28483275, 2841751, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 117796741, 32441125, 66781144, 21446575, 21886281, 51556090, 65220896, - 33238773, 87040921, 20815228, - ]), - y_minus_x: FieldElement2625([ - 55452759, 10087520, 58243976, 28018288, 47830290, 30498519, 3999227, 13239134, - 62331395, 19644223, - ]), - xy2d: FieldElement2625([ - 1382174, 21859713, 17266789, 9194690, 53784508, 9720080, 20403944, 11284705, - 53095046, 3093229, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 83759766, 56070931, 66044684, 35125060, 58779117, 40907184, 66806439, 16271224, - 43059443, 26862581, - ]), - y_minus_x: FieldElement2625([ - 45197768, 27626490, 62497547, 27994275, 35364760, 22769138, 24123613, 15193618, - 45456747, 16815042, - ]), - xy2d: FieldElement2625([ - 57172930, 29264984, 41829040, 4372841, 2087473, 10399484, 31870908, 14690798, - 17361620, 11864968, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 55801216, 39764803, 80315437, 39360751, 105200035, 19587230, 54777658, - 26067830, 41530403, 50868174, - ]), - y_minus_x: FieldElement2625([ - 14668443, 21284197, 26039038, 15305210, 25515617, 4542480, 10453892, 6577524, - 9145645, 27110552, - ]), - xy2d: FieldElement2625([ - 5974855, 3053895, 57675815, 23169240, 35243739, 3225008, 59136222, 3936127, - 61456591, 30504127, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 97734231, 28825031, 41552902, 20761565, 46624288, 41249530, 17097187, 50805368, - 106217947, 35358062, - ]), - y_minus_x: FieldElement2625([ - 63555773, 9865098, 61880298, 4272700, 61435032, 16864731, 14911343, 12196514, - 45703375, 7047411, - ]), - xy2d: FieldElement2625([ - 20093258, 9920966, 55970670, 28210574, 13161586, 12044805, 34252013, 4124600, - 34765036, 23296865, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 46320021, 14084653, 53577151, 41396578, 19119037, 19731827, 71861240, 24839791, - 45429205, 35842469, - ]), - y_minus_x: FieldElement2625([ - 40289628, 30270716, 29965058, 3039786, 52635099, 2540456, 29457502, 14625692, - 42289247, 12570231, - ]), - xy2d: FieldElement2625([ - 66045306, 22002608, 16920317, 12494842, 1278292, 27685323, 45948920, 30055751, - 55134159, 4724942, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 85069815, 21778897, 62967895, 23851901, 58232301, 32143814, 54201480, 24894499, - 104641427, 35458286, - ]), - y_minus_x: FieldElement2625([ - 23134274, 19275300, 56426866, 31942495, 20684484, 15770816, 54119114, 3190295, - 26955097, 14109738, - ]), - xy2d: FieldElement2625([ - 15308788, 5320727, 36995055, 19235554, 22902007, 7767164, 29425325, 22276870, - 31960941, 11934971, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 39713134, 41990227, 71218507, 12222638, 109589860, 14818667, 87747037, - 38429459, 77600255, 34934149, - ]), - y_minus_x: FieldElement2625([ - 53949449, 9197840, 3875503, 24618324, 65725151, 27674630, 33518458, 16176658, - 21432314, 12180697, - ]), - xy2d: FieldElement2625([ - 55321537, 11500837, 13787581, 19721842, 44678184, 10140204, 1465425, 12689540, - 56807545, 19681548, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 72522936, 18168390, 46101199, 43198001, 79943833, 34740580, 64485947, 32212200, - 26128230, 39587344, - ]), - y_minus_x: FieldElement2625([ - 40771450, 19788269, 32496024, 19900513, 17847800, 20885276, 3604024, 8316894, - 41233830, 23117073, - ]), - xy2d: FieldElement2625([ - 3296484, 6223048, 24680646, 21307972, 44056843, 5903204, 58246567, 28915267, - 12376616, 3188849, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 29190450, 18895386, 27549112, 32370916, 70628929, 22857130, 32049514, 26245319, - 50999629, 57256556, - ]), - y_minus_x: FieldElement2625([ - 52364359, 24245275, 735817, 32955454, 46701176, 28496527, 25246077, 17758763, - 18640740, 32593455, - ]), - xy2d: FieldElement2625([ - 60180029, 17123636, 10361373, 5642961, 4910474, 12345252, 35470478, 33060001, - 10530746, 1053335, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 104951742, 52922057, 120679510, 54991489, 47651803, 56453479, 102755357, - 30605445, 24018830, 48581076, - ]), - y_minus_x: FieldElement2625([ - 44516310, 30409154, 64819587, 5953842, 53668675, 9425630, 25310643, 13003497, - 64794073, 18408815, - ]), - xy2d: FieldElement2625([ - 39688860, 32951110, 59064879, 31885314, 41016598, 13987818, 39811242, 187898, - 43942445, 31022696, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 45364447, 19743956, 68953703, 38575859, 123783328, 17642957, 76825530, - 49821353, 62038646, 34280530, - ]), - y_minus_x: FieldElement2625([ - 29370903, 27500434, 7334070, 18212173, 9385286, 2247707, 53446902, 28714970, - 30007387, 17731091, - ]), - xy2d: FieldElement2625([ - 66172485, 16086690, 23751945, 33011114, 65941325, 28365395, 9137108, 730663, - 9835848, 4555336, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 43732410, 34964877, 44855110, 54209249, 97976497, 49381408, 17693929, 34099128, - 55123565, 45977077, - ]), - y_minus_x: FieldElement2625([ - 31117226, 21338698, 53606025, 6561946, 57231997, 20796761, 61990178, 29457725, - 29120152, 13924425, - ]), - xy2d: FieldElement2625([ - 49707966, 19321222, 19675798, 30819676, 56101901, 27695611, 57724924, 22236731, - 7240930, 33317044, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 35747087, 22207651, 119210280, 27698212, 111764387, 54956091, 68331198, - 37943914, 70402500, 51557120, - ]), - y_minus_x: FieldElement2625([ - 50424044, 19110186, 11038543, 11054958, 53307689, 30215898, 42789283, 7733546, - 12796905, 27218610, - ]), - xy2d: FieldElement2625([ - 58349431, 22736595, 41689999, 10783768, 36493307, 23807620, 38855524, 3647835, - 3222231, 22393970, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 85714958, 35247531, 108769341, 51938590, 71221215, 43599452, 23603892, - 31506198, 59558087, 36039416, - ]), - y_minus_x: FieldElement2625([ - 9255298, 30423235, 54952701, 32550175, 13098012, 24339566, 16377219, 31451620, - 47306788, 30519729, - ]), - xy2d: FieldElement2625([ - 44379556, 7496159, 61366665, 11329248, 19991973, 30206930, 35390715, 9936965, - 37011176, 22935634, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 88987435, 28553134, 71447199, 47198328, 64071998, 13160959, 86817760, 5415496, - 59748361, 29445138, - ]), - y_minus_x: FieldElement2625([ - 27736842, 10103576, 12500508, 8502413, 63695848, 23920873, 10436917, 32004156, - 43449720, 25422331, - ]), - xy2d: FieldElement2625([ - 19492550, 21450067, 37426887, 32701801, 63900692, 12403436, 30066266, 8367329, - 13243957, 8709688, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 79123950, 36355692, 95306994, 10151020, 91926984, 28811298, 55914672, 27908697, - 72259831, 40828617, - ]), - y_minus_x: FieldElement2625([ - 2831347, 21062286, 1478974, 6122054, 23825128, 20820846, 31097298, 6083058, - 31021603, 23760822, - ]), - xy2d: FieldElement2625([ - 64578913, 31324785, 445612, 10720828, 53259337, 22048494, 43601132, 16354464, - 15067285, 19406725, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 74949787, 47592304, 100852864, 49488446, 66380650, 29911725, 88512851, - 34612017, 47729401, 21151211, - ]), - y_minus_x: FieldElement2625([ - 915865, 17085158, 15608284, 24765302, 42751837, 6060029, 49737545, 8410996, - 59888403, 16527024, - ]), - xy2d: FieldElement2625([ - 32922597, 32997445, 20336073, 17369864, 10903704, 28169945, 16957573, 52992, - 23834301, 6588044, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 32752011, 44787382, 70490858, 24839565, 22652987, 22810329, 17159698, 50243539, - 46794283, 32248439, - ]), - y_minus_x: FieldElement2625([ - 62419196, 9166775, 41398568, 22707125, 11576751, 12733943, 7924251, 30802151, - 1976122, 26305405, - ]), - xy2d: FieldElement2625([ - 21251203, 16309901, 64125849, 26771309, 30810596, 12967303, 156041, 30183180, - 12331344, 25317235, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 75760459, 29077399, 118132091, 28557436, 80111370, 36505236, 96163290, - 28447461, 77116999, 28886530, - ]), - y_minus_x: FieldElement2625([ - 31486061, 15114593, 52847614, 12951353, 14369431, 26166587, 16347320, 19892343, - 8684154, 23021480, - ]), - xy2d: FieldElement2625([ - 19443825, 11385320, 24468943, 23895364, 43189605, 2187568, 40845657, 27467510, - 31316347, 14219878, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 38514355, 1193784, 99354083, 11392484, 31092169, 49277233, 94254877, 40546840, - 29126554, 42761822, - ]), - y_minus_x: FieldElement2625([ - 32382916, 1110093, 18477781, 11028262, 39697101, 26006320, 62128346, 10843781, - 59151264, 19118701, - ]), - xy2d: FieldElement2625([ - 2814918, 7836403, 27519878, 25686276, 46214848, 22000742, 45614304, 8550129, - 28346258, 1994730, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 47530546, 41639976, 53108344, 29605809, 69894701, 17323124, 47591912, 40729325, - 22628101, 41669612, - ]), - y_minus_x: FieldElement2625([ - 36703732, 955510, 55975026, 18476362, 34661776, 20276352, 41457285, 3317159, - 57165847, 930271, - ]), - xy2d: FieldElement2625([ - 51805164, 26720662, 28856489, 1357446, 23421993, 1057177, 24091212, 32165462, - 44343487, 22903716, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 44357614, 28250434, 54201256, 54339997, 51297351, 25757378, 52269845, 50554643, - 65241844, 41953401, - ]), - y_minus_x: FieldElement2625([ - 35139535, 2106402, 62372504, 1362500, 12813763, 16200670, 22981545, 27263159, - 18009407, 17781660, - ]), - xy2d: FieldElement2625([ - 49887941, 24009210, 39324209, 14166834, 29815394, 7444469, 29551787, 29827013, - 19288548, 1325865, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 82209002, 51273111, 110293748, 32549332, 107767535, 49063838, 79485593, - 30075285, 100274970, 25511681, - ]), - y_minus_x: FieldElement2625([ - 20909212, 13023121, 57899112, 16251777, 61330449, 25459517, 12412150, 10018715, - 2213263, 19676059, - ]), - xy2d: FieldElement2625([ - 32529814, 22479743, 30361438, 16864679, 57972923, 1513225, 22922121, 6382134, - 61341936, 8371347, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 77032307, 44825931, 79725657, 37099153, 104219359, 31832804, 12891686, - 25361300, 40665920, 44040575, - ]), - y_minus_x: FieldElement2625([ - 44511638, 26541766, 8587002, 25296571, 4084308, 20584370, 361725, 2610596, - 43187334, 22099236, - ]), - xy2d: FieldElement2625([ - 5408392, 32417741, 62139741, 10561667, 24145918, 14240566, 31319731, 29318891, - 19985174, 30118346, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 53114388, 50171252, 81658109, 36895530, 99264821, 13648975, 49531796, 8849296, - 67173894, 41925115, - ]), - y_minus_x: FieldElement2625([ - 58787919, 21504805, 31204562, 5839400, 46481576, 32497154, 47665921, 6922163, - 12743482, 23753914, - ]), - xy2d: FieldElement2625([ - 64747493, 12678784, 28815050, 4759974, 43215817, 4884716, 23783145, 11038569, - 18800704, 255233, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 61839168, 31780545, 13957885, 41545147, 23132994, 34283205, 80502710, 42621388, - 86367551, 52355070, - ]), - y_minus_x: FieldElement2625([ - 64172210, 22726896, 56676774, 14516792, 63468078, 4372540, 35173943, 2209389, - 65584811, 2055793, - ]), - xy2d: FieldElement2625([ - 580882, 16705327, 5468415, 30871414, 36182444, 18858431, 59905517, 24560042, - 37087844, 7394434, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 90947654, 35377159, 118479284, 48797157, 75426955, 29821327, 45436683, - 30062226, 62287122, 48354352, - ]), - y_minus_x: FieldElement2625([ - 13345610, 9759151, 3371034, 17416641, 16353038, 8577942, 31129804, 13496856, - 58052846, 7402517, - ]), - xy2d: FieldElement2625([ - 2286874, 29118501, 47066405, 31546095, 53412636, 5038121, 11006906, 17794080, - 8205060, 1607563, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 81522931, 25552299, 70440693, 63900646, 89358013, 27960243, 85473524, 30647473, - 30019586, 24525154, - ]), - y_minus_x: FieldElement2625([ - 39420813, 1585952, 56333811, 931068, 37988643, 22552112, 52698034, 12029092, - 9944378, 8024, - ]), - xy2d: FieldElement2625([ - 4368715, 29844802, 29874199, 18531449, 46878477, 22143727, 50994269, 32555346, - 58966475, 5640029, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 77408455, 13746482, 11661824, 16234854, 74739102, 5998373, 76918751, 16859867, - 82328661, 19226648, - ]), - y_minus_x: FieldElement2625([ - 27425505, 27835351, 3055005, 10660664, 23458024, 595578, 51710259, 32381236, - 48766680, 9742716, - ]), - xy2d: FieldElement2625([ - 6744077, 2427284, 26042789, 2720740, 66260958, 1118973, 32324614, 7406442, - 12420155, 1994844, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 81121366, 62084143, 115833273, 23975961, 107732385, 29617991, 121184249, - 22644627, 91428792, 27108098, - ]), - y_minus_x: FieldElement2625([ - 16412671, 29047065, 10772640, 15929391, 50040076, 28895810, 10555944, 23070383, - 37006495, 28815383, - ]), - xy2d: FieldElement2625([ - 22397363, 25786748, 57815702, 20761563, 17166286, 23799296, 39775798, 6199365, - 21880021, 21303672, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 62825538, 5368522, 35991846, 41717820, 103894664, 36763558, 83666014, 42445160, - 75949308, 38512191, - ]), - y_minus_x: FieldElement2625([ - 51661137, 709326, 60189418, 22684253, 37330941, 6522331, 45388683, 12130071, - 52312361, 5005756, - ]), - xy2d: FieldElement2625([ - 64994094, 19246303, 23019041, 15765735, 41839181, 6002751, 10183197, 20315106, - 50713577, 31378319, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 115191953, 35186435, 80575154, 59113763, 110577275, 16573535, 35094956, - 30497327, 22208661, 35554900, - ]), - y_minus_x: FieldElement2625([ - 3065054, 32141671, 41510189, 33192999, 49425798, 27851016, 58944651, 11248526, - 63417650, 26140247, - ]), - xy2d: FieldElement2625([ - 10379208, 27508878, 8877318, 1473647, 37817580, 21046851, 16690914, 2553332, - 63976176, 16400288, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 82825513, 34808697, 115745037, 41000704, 58659945, 6344163, 45011593, 26268851, - 26894936, 42686498, - ]), - y_minus_x: FieldElement2625([ - 24158868, 12938817, 11085297, 25376834, 39045385, 29097348, 36532400, 64451, - 60291780, 30861549, - ]), - xy2d: FieldElement2625([ - 13488534, 7794716, 22236231, 5989356, 25426474, 20976224, 2350709, 30135921, - 62420857, 2364225, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 83443897, 9132433, 92749446, 40233319, 68834491, 42072368, 55301839, 21856974, - 15445874, 25756331, - ]), - y_minus_x: FieldElement2625([ - 29004188, 25687351, 28661401, 32914020, 54314860, 25611345, 31863254, 29418892, - 66830813, 17795152, - ]), - xy2d: FieldElement2625([ - 60986784, 18687766, 38493958, 14569918, 56250865, 29962602, 10343411, 26578142, - 37280576, 22738620, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 94190495, 37018415, 14099041, 29036828, 68725166, 27348827, 96651499, 15372178, - 84402661, 34515140, - ]), - y_minus_x: FieldElement2625([ - 20263915, 11434237, 61343429, 11236809, 13505955, 22697330, 50997518, 6493121, - 47724353, 7639713, - ]), - xy2d: FieldElement2625([ - 64278047, 18715199, 25403037, 25339236, 58791851, 17380732, 18006286, 17510682, - 29994676, 17746311, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 76878673, 38757082, 110060329, 19923038, 106166724, 21992806, 42495722, - 53248081, 35924287, 34263895, - ]), - y_minus_x: FieldElement2625([ - 12286395, 13076066, 45333675, 32377809, 42105665, 4057651, 35090736, 24663557, - 16102006, 13205847, - ]), - xy2d: FieldElement2625([ - 13733362, 5599946, 10557076, 3195751, 61550873, 8536969, 41568694, 8525971, - 10151379, 10394400, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 71133505, 17416880, 89545125, 12276533, 58009849, 64422764, 86807091, 11743038, - 100915394, 42488844, - ]), - y_minus_x: FieldElement2625([ - 51229064, 29029191, 58528116, 30620370, 14634844, 32856154, 57659786, 3137093, - 55571978, 11721157, - ]), - xy2d: FieldElement2625([ - 17555920, 28540494, 8268605, 2331751, 44370049, 9761012, 9319229, 8835153, - 57903375, 32274386, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 66647436, 25724417, 87722981, 16688287, 59594098, 28747312, 89409167, 34059860, - 73217325, 27371016, - ]), - y_minus_x: FieldElement2625([ - 62038564, 12367916, 36445330, 3234472, 32617080, 25131790, 29880582, 20071101, - 40210373, 25686972, - ]), - xy2d: FieldElement2625([ - 35133562, 5726538, 26934134, 10237677, 63935147, 32949378, 24199303, 3795095, - 7592688, 18562353, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 21594413, 18590204, 84575271, 63031641, 32537082, 36294330, 73516586, 12018832, - 38852812, 37852843, - ]), - y_minus_x: FieldElement2625([ - 46458361, 21592935, 39872588, 570497, 3767144, 31836892, 13891941, 31985238, - 13717173, 10805743, - ]), - xy2d: FieldElement2625([ - 52432215, 17910135, 15287173, 11927123, 24177847, 25378864, 66312432, 14860608, - 40169934, 27690595, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 80071405, 38866230, 57048095, 45212711, 85964149, 25600230, 80395126, 54300159, - 62727806, 9882021, - ]), - y_minus_x: FieldElement2625([ - 18512060, 11319350, 46985740, 15090308, 18818594, 5271736, 44380960, 3666878, - 43141434, 30255002, - ]), - xy2d: FieldElement2625([ - 60319844, 30408388, 16192428, 13241070, 15898607, 19348318, 57023983, 26893321, - 64705764, 5276064, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 97278672, 28236783, 93415069, 55358004, 94923826, 40623698, 74261714, 37239413, - 68558087, 13082860, - ]), - y_minus_x: FieldElement2625([ - 10342807, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, 15056736, - 46092426, 25352431, - ]), - xy2d: FieldElement2625([ - 33958735, 3261607, 22745853, 7948688, 19370557, 18376767, 40936887, 6482813, - 56808784, 22494330, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 32869439, 61700319, 25609741, 49233102, 56421094, 51637792, 26112419, 36075440, - 44444575, 40459246, - ]), - y_minus_x: FieldElement2625([ - 29506904, 4457497, 3377935, 23757988, 36598817, 12935079, 1561737, 3841096, - 38105225, 26896789, - ]), - xy2d: FieldElement2625([ - 10340844, 26924055, 48452231, 31276001, 12621150, 20215377, 30878496, 21730062, - 41524312, 5181965, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 25940096, 20896407, 17324187, 56801490, 58437394, 15029093, 91505116, 17103509, - 64786011, 21165857, - ]), - y_minus_x: FieldElement2625([ - 45343161, 9916822, 65808455, 4079497, 66080518, 11909558, 1782390, 12641087, - 20603771, 26992690, - ]), - xy2d: FieldElement2625([ - 48226577, 21881051, 24849421, 11501709, 13161720, 28785558, 1925522, 11914390, - 4662781, 7820689, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 79349895, 33128449, 75241554, 42948365, 32846759, 31954812, 29749455, 45727356, - 83245615, 48818451, - ]), - y_minus_x: FieldElement2625([ - 56758909, 18873868, 58896884, 2330219, 49446315, 19008651, 10658212, 6671822, - 19012087, 3772772, - ]), - xy2d: FieldElement2625([ - 3753511, 30133366, 10617073, 2028709, 14841030, 26832768, 28718731, 17791548, - 20527770, 12988982, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 52286341, 27757162, 63400876, 12689772, 66209881, 22639565, 110034681, - 56543919, 70408527, 54683910, - ]), - y_minus_x: FieldElement2625([ - 50331161, 18301130, 57466446, 4978982, 3308785, 8755439, 6943197, 6461331, - 41525717, 8991217, - ]), - xy2d: FieldElement2625([ - 49882601, 1816361, 65435576, 27467992, 31783887, 25378441, 34160718, 7417949, - 36866577, 1507264, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 29692644, 40384323, 56610063, 37889327, 88054838, 21647935, 38221255, 41763822, - 14606361, 22907359, - ]), - y_minus_x: FieldElement2625([ - 63627275, 8707080, 32188102, 5672294, 22096700, 1711240, 34088169, 9761486, - 4170404, 31469107, - ]), - xy2d: FieldElement2625([ - 55521375, 14855944, 62981086, 32022574, 40459774, 15084045, 22186522, 16002000, - 52832027, 25153633, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 62297389, 47315460, 35404986, 31070512, 63796392, 41423478, 59995291, 23934339, - 80349708, 44520301, - ]), - y_minus_x: FieldElement2625([ - 59366301, 25297669, 52340529, 19898171, 43876480, 12387165, 4498947, 14147411, - 29514390, 4302863, - ]), - xy2d: FieldElement2625([ - 53695440, 21146572, 20757301, 19752600, 14785142, 8976368, 62047588, 31410058, - 17846987, 19582505, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 64864393, 32799703, 62511833, 32488122, 60861691, 35009730, 112569999, - 24339641, 61886162, 46204698, - ]), - y_minus_x: FieldElement2625([ - 57202067, 17484121, 21134159, 12198166, 40044289, 708125, 387813, 13770293, - 47974538, 10958662, - ]), - xy2d: FieldElement2625([ - 22470984, 12369526, 23446014, 28113323, 45588061, 23855708, 55336367, 21979976, - 42025033, 4271861, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 109048144, 57055220, 47199530, 48916026, 61124505, 35713623, 67184238, - 62830334, 101691505, 42024103, - ]), - y_minus_x: FieldElement2625([ - 15854951, 4148314, 58214974, 7259001, 11666551, 13824734, 36577666, 2697371, - 24154791, 24093489, - ]), - xy2d: FieldElement2625([ - 15446137, 17747788, 29759746, 14019369, 30811221, 23944241, 35526855, 12840103, - 24913809, 9815020, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 62399559, 27940162, 35267365, 21265538, 52665326, 44353845, 125114051, - 46993199, 85843991, 43020669, - ]), - y_minus_x: FieldElement2625([ - 11933045, 9281483, 5081055, 28370608, 64480701, 28648802, 59381042, 22658328, - 44380208, 16199063, - ]), - xy2d: FieldElement2625([ - 14576810, 379472, 40322331, 25237195, 37682355, 22741457, 67006097, 1876698, - 30801119, 2164795, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 15995067, 36754305, 13672554, 13712240, 47730029, 62461217, 121136116, - 51612593, 53616055, 34822483, - ]), - y_minus_x: FieldElement2625([ - 56818250, 29895392, 63822271, 10948817, 23037027, 3794475, 63638526, 20954210, - 50053494, 3565903, - ]), - xy2d: FieldElement2625([ - 29210069, 24135095, 61189071, 28601646, 10834810, 20226706, 50596761, 22733718, - 39946641, 19523900, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 121055819, 49063018, 83772567, 25398281, 38758921, 42573554, 37925442, - 29785008, 69352974, 19552452, - ]), - y_minus_x: FieldElement2625([ - 61955989, 29753495, 57802388, 27482848, 16243068, 14684434, 41435776, 17373631, - 13491505, 4641841, - ]), - xy2d: FieldElement2625([ - 10813398, 643330, 47920349, 32825515, 30292061, 16954354, 27548446, 25833190, - 14476988, 20787001, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 77400943, 9984944, 73590300, 41834336, 59857349, 40587174, 27282936, 31910173, - 106304917, 12651322, - ]), - y_minus_x: FieldElement2625([ - 35923332, 32741048, 22271203, 11835308, 10201545, 15351028, 17099662, 3988035, - 21721536, 30405492, - ]), - xy2d: FieldElement2625([ - 10202177, 27008593, 35735631, 23979793, 34958221, 25434748, 54202543, 3852693, - 13216206, 14842320, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 51293205, 22953365, 60569911, 26295436, 60124204, 26972653, 35608016, 47320255, - 106783330, 43454614, - ]), - y_minus_x: FieldElement2625([ - 14465486, 19721101, 34974879, 18815558, 39665676, 12990491, 33046193, 15796406, - 60056998, 25514317, - ]), - xy2d: FieldElement2625([ - 30924398, 25274812, 6359015, 20738097, 16508376, 9071735, 41620263, 15413634, - 9524356, 26535554, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 12274182, 20378885, 99736504, 65323537, 73845487, 13267304, 72346523, 28444948, - 82772379, 37590215, - ]), - y_minus_x: FieldElement2625([ - 64157555, 8903984, 17349946, 601635, 50676049, 28941875, 53376124, 17665097, - 44850385, 4659090, - ]), - xy2d: FieldElement2625([ - 50192582, 28601458, 36715152, 18395610, 20774811, 15897498, 5736189, 15026997, - 64930608, 20098846, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 58249865, 31335375, 28571665, 56953346, 66634395, 23448733, 63307367, 33832526, - 23440561, 33264224, - ]), - y_minus_x: FieldElement2625([ - 10226222, 27625730, 15139955, 120818, 52241171, 5218602, 32937275, 11551483, - 50536904, 26111567, - ]), - xy2d: FieldElement2625([ - 17932739, 21117156, 43069306, 10749059, 11316803, 7535897, 22503767, 5561594, - 63462240, 3898660, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 74858752, 32584864, 50769132, 33537967, 42090752, 15122142, 65535333, 40706961, - 88940025, 34799664, - ]), - y_minus_x: FieldElement2625([ - 26958440, 18896406, 4314585, 8346991, 61431100, 11960071, 34519569, 32934396, - 36706772, 16838219, - ]), - xy2d: FieldElement2625([ - 54942968, 9166946, 33491384, 13673479, 29787085, 13096535, 6280834, 14587357, - 44770839, 13987524, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 109867800, 7778773, 88224864, 49127028, 62275597, 28196653, 62807965, 28429792, - 59639082, 30696363, - ]), - y_minus_x: FieldElement2625([ - 9681908, 26817309, 35157219, 13591837, 60225043, 386949, 31622781, 6439245, - 52527852, 4091396, - ]), - xy2d: FieldElement2625([ - 58682418, 1470726, 38999185, 31957441, 3978626, 28430809, 47486180, 12092162, - 29077877, 18812444, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 72378032, 26694705, 120987516, 25533715, 25932562, 35317984, 61502753, - 28048550, 47091016, 2357888, - ]), - y_minus_x: FieldElement2625([ - 32264008, 18146780, 61721128, 32394338, 65017541, 29607531, 23104803, 20684524, - 5727337, 189038, - ]), - xy2d: FieldElement2625([ - 14609104, 24599962, 61108297, 16931650, 52531476, 25810533, 40363694, 10942114, - 41219933, 18669734, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 87622345, 39112362, 51504250, 41383962, 93522806, 31535027, 45729895, 41026212, - 13913676, 28416557, - ]), - y_minus_x: FieldElement2625([ - 41534488, 11967825, 29233242, 12948236, 60354399, 4713226, 58167894, 14059179, - 12878652, 8511905, - ]), - xy2d: FieldElement2625([ - 41452044, 3393630, 64153449, 26478905, 64858154, 9366907, 36885446, 6812973, - 5568676, 30426776, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 78738868, 12144453, 69225203, 47160468, 94487748, 49231348, 49700110, 20050058, - 119822531, 8070816, - ]), - y_minus_x: FieldElement2625([ - 27117677, 23547054, 35826092, 27984343, 1127281, 12772488, 37262958, 10483305, - 55556115, 32525717, - ]), - xy2d: FieldElement2625([ - 10637467, 27866368, 5674780, 1072708, 40765276, 26572129, 65424888, 9177852, - 39615702, 15431202, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 87633990, 44446997, 121475255, 12779441, 104724694, 16150073, 105977209, - 14943140, 52052074, 25618500, - ]), - y_minus_x: FieldElement2625([ - 37084402, 5626925, 66557297, 23573344, 753597, 11981191, 25244767, 30314666, - 63752313, 9594023, - ]), - xy2d: FieldElement2625([ - 43356201, 2636869, 61944954, 23450613, 585133, 7877383, 11345683, 27062142, - 13352334, 22577348, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 65177046, 28146973, 70413512, 54223994, 84124668, 62231772, 104433876, - 25801948, 53893326, 33235227, - ]), - y_minus_x: FieldElement2625([ - 20239939, 6607058, 6203985, 3483793, 48721888, 32775202, 46385121, 15077869, - 44358105, 14523816, - ]), - xy2d: FieldElement2625([ - 27406023, 27512775, 27423595, 29057038, 4996213, 10002360, 38266833, 29008937, - 36936121, 28748764, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 78483087, 12660714, 17861383, 21013599, 78044431, 34653658, 53222787, 24462691, - 106490683, 44912934, - ]), - y_minus_x: FieldElement2625([ - 54378055, 10311866, 1510375, 10778093, 64989409, 24408729, 32676002, 11149336, - 40985213, 4985767, - ]), - xy2d: FieldElement2625([ - 48012542, 341146, 60911379, 33315398, 15756972, 24757770, 66125820, 13794113, - 47694557, 17933176, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 73598907, 45494717, 25495922, 59382504, 75777235, 24803115, 70476466, 40524436, - 65417798, 58104073, - ]), - y_minus_x: FieldElement2625([ - 1656478, 13457317, 15370807, 6364910, 13605745, 8362338, 47934242, 28078708, - 50312267, 28522993, - ]), - xy2d: FieldElement2625([ - 44835530, 20030007, 67044178, 29220208, 48503227, 22632463, 46537798, 26546453, - 67009010, 23317098, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 84856310, 43593691, 86477162, 29503840, 46478228, 51067577, 99101545, 17696455, - 104957364, 28042459, - ]), - y_minus_x: FieldElement2625([ - 31932008, 28568291, 47496481, 16366579, 22023614, 88450, 11371999, 29810185, - 4882241, 22927527, - ]), - xy2d: FieldElement2625([ - 29796488, 37186, 19818052, 10115756, 55279832, 3352735, 18551198, 3272828, - 61917932, 29392022, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 12501267, 4044383, 58495907, 53716478, 101787674, 38691029, 47878485, 30024734, - 330069, 29895023, - ]), - y_minus_x: FieldElement2625([ - 6384877, 2899513, 17807477, 7663917, 64749976, 12363164, 25366522, 24980540, - 66837568, 12071498, - ]), - xy2d: FieldElement2625([ - 58743349, 29511910, 25133447, 29037077, 60897836, 2265926, 34339246, 1936674, - 61949167, 3829362, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 28425947, 27718999, 66531773, 28857233, 120000172, 40425360, 75030413, - 26986644, 26333139, 47822096, - ]), - y_minus_x: FieldElement2625([ - 56041645, 11871230, 27385719, 22994888, 62522949, 22365119, 10004785, 24844944, - 45347639, 8930323, - ]), - xy2d: FieldElement2625([ - 45911060, 17158396, 25654215, 31829035, 12282011, 11008919, 1541940, 4757911, - 40617363, 17145491, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 80646107, 25794941, 113612887, 44516357, 61186043, 20336366, 53952279, - 39771685, 118274028, 47369420, - ]), - y_minus_x: FieldElement2625([ - 49686272, 15157789, 18705543, 29619, 24409717, 33293956, 27361680, 9257833, - 65152338, 31777517, - ]), - xy2d: FieldElement2625([ - 42063564, 23362465, 15366584, 15166509, 54003778, 8423555, 37937324, 12361134, - 48422886, 4578289, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 91688613, 3711569, 68451186, 22374305, 107212592, 47679386, 44564334, 14074918, - 21964432, 41789689, - ]), - y_minus_x: FieldElement2625([ - 60580251, 31142934, 9442965, 27628844, 12025639, 32067012, 64127349, 31885225, - 13006805, 2355433, - ]), - xy2d: FieldElement2625([ - 50803946, 19949172, 60476436, 28412082, 16974358, 22643349, 27202043, 1719366, - 1141648, 20758196, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 54244901, 53888877, 58790596, 56090772, 60298717, 28710537, 13475065, 30420460, - 32674894, 47269477, - ]), - y_minus_x: FieldElement2625([ - 11423316, 28086373, 32344215, 8962751, 24989809, 9241752, 53843611, 16086211, - 38367983, 17912338, - ]), - xy2d: FieldElement2625([ - 65699196, 12530727, 60740138, 10847386, 19531186, 19422272, 55399715, 7791793, - 39862921, 4383346, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 38137947, 38825878, 65842854, 23817442, 121762491, 50287029, 62246456, - 62202414, 27193555, 39799623, - ]), - y_minus_x: FieldElement2625([ - 51914908, 5362277, 65324971, 2695833, 4960227, 12840725, 23061898, 3260492, - 22510453, 8577507, - ]), - xy2d: FieldElement2625([ - 54476394, 11257345, 34415870, 13548176, 66387860, 10879010, 31168030, 13952092, - 37537372, 29918525, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 70986166, 23981692, 99525555, 38959755, 56104456, 19897796, 70868632, 45489751, - 72720723, 41718449, - ]), - y_minus_x: FieldElement2625([ - 50833043, 14667796, 15906460, 12155291, 44997715, 24514713, 32003001, 24722143, - 5773084, 25132323, - ]), - xy2d: FieldElement2625([ - 43320746, 25300131, 1950874, 8937633, 18686727, 16459170, 66203139, 12376319, - 31632953, 190926, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 109624102, 17415545, 58684872, 13378745, 81271271, 6901327, 58820115, 38062995, - 41767308, 29926903, - ]), - y_minus_x: FieldElement2625([ - 8884438, 27670423, 6023973, 10104341, 60227295, 28612898, 18722940, 18768427, - 65436375, 827624, - ]), - xy2d: FieldElement2625([ - 34388281, 17265135, 34605316, 7101209, 13354605, 2659080, 65308289, 19446395, - 42230385, 1541285, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 70010192, 32436744, 70989239, 57049475, 116596786, 29941649, 45306746, - 29986950, 87565708, 31669398, - ]), - y_minus_x: FieldElement2625([ - 27019610, 12299467, 53450576, 31951197, 54247203, 28692960, 47568713, 28538373, - 29439640, 15138866, - ]), - xy2d: FieldElement2625([ - 21536104, 26928012, 34661045, 22864223, 44700786, 5175813, 61688824, 17193268, - 7779327, 109896, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 97388589, 48203181, 59063992, 39979989, 80748484, 32810922, 28698389, 45734550, - 23177718, 33000357, - ]), - y_minus_x: FieldElement2625([ - 26572828, 3405927, 35407164, 12890904, 47843196, 5335865, 60615096, 2378491, - 4439158, 20275085, - ]), - xy2d: FieldElement2625([ - 44392139, 3489069, 57883598, 33221678, 18875721, 32414337, 14819433, 20822905, - 49391106, 28092994, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 62052362, 50120982, 83062524, 37322183, 56672364, 49181491, 66287909, 35731656, - 75658945, 18440266, - ]), - y_minus_x: FieldElement2625([ - 48635543, 16596774, 66727204, 15663610, 22860960, 15585581, 39264755, 29971692, - 43848403, 25125843, - ]), - xy2d: FieldElement2625([ - 34628313, 15707274, 58902952, 27902350, 29464557, 2713815, 44383727, 15860481, - 45206294, 1494192, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 47546754, 53021470, 41524990, 24254879, 80236705, 34314140, 21923481, 16529112, - 75851568, 46521448, - ]), - y_minus_x: FieldElement2625([ - 38643965, 1553204, 32536856, 23080703, 42417258, 33148257, 58194238, 30620535, - 37205105, 15553882, - ]), - xy2d: FieldElement2625([ - 21877890, 3230008, 9881174, 10539357, 62311749, 2841331, 11543572, 14513274, - 19375923, 20906471, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 75941133, 52613378, 80362373, 38692006, 72146734, 37633208, 24880817, 60886148, - 69971515, 9455042, - ]), - y_minus_x: FieldElement2625([ - 29306751, 5123106, 20245049, 19404543, 9592565, 8447059, 65031740, 30564351, - 15511448, 4789663, - ]), - xy2d: FieldElement2625([ - 46429108, 7004546, 8824831, 24119455, 63063159, 29803695, 61354101, 108892, - 23513200, 16652362, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 100961536, 37699212, 62632834, 26975308, 77878902, 26398889, 60458447, - 54172563, 115898528, 43767290, - ]), - y_minus_x: FieldElement2625([ - 2756062, 8598110, 7383731, 26694540, 22312758, 32449420, 21179800, 2600940, - 57120566, 21047965, - ]), - xy2d: FieldElement2625([ - 42463153, 13317461, 36659605, 17900503, 21365573, 22684775, 11344423, 864440, - 64609187, 16844368, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 107784906, 6148327, 49924452, 19080277, 85891792, 33278434, 44547329, 33765731, - 69828620, 38495428, - ]), - y_minus_x: FieldElement2625([ - 65784982, 3911312, 60160120, 14759764, 37081714, 7851206, 21690126, 8518463, - 26699843, 5276295, - ]), - xy2d: FieldElement2625([ - 53958991, 27125364, 9396248, 365013, 24703301, 23065493, 1321585, 149635, - 51656090, 7159368, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 77096625, 30149672, 84616825, 43059961, 76840398, 31388917, 89464872, 41866607, - 89586081, 25151046, - ]), - y_minus_x: FieldElement2625([ - 18155857, 17049442, 19744715, 9006923, 15154154, 23015456, 24256459, 28689437, - 44560690, 9334108, - ]), - xy2d: FieldElement2625([ - 2986088, 28642539, 10776627, 30080588, 10620589, 26471229, 45695018, 14253544, - 44521715, 536905, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 71486582, 41670267, 91675941, 15495313, 78733938, 46619030, 74499414, 44144056, - 77946923, 51688439, - ]), - y_minus_x: FieldElement2625([ - 47766460, 867879, 9277171, 30335973, 52677291, 31567988, 19295825, 17757482, - 6378259, 699185, - ]), - xy2d: FieldElement2625([ - 7895007, 4057113, 60027092, 20476675, 49222032, 33231305, 66392824, 15693154, - 62063800, 20180469, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 59371282, 27685029, 119651408, 26147511, 78494517, 46756047, 31730677, - 22591592, 63190227, 23885106, - ]), - y_minus_x: FieldElement2625([ - 10188286, 17783598, 59772502, 13427542, 22223443, 14896287, 30743455, 7116568, - 45322357, 5427592, - ]), - xy2d: FieldElement2625([ - 696102, 13206899, 27047647, 22922350, 15285304, 23701253, 10798489, 28975712, - 19236242, 12477404, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 55879406, 44798227, 50054593, 25513566, 66320635, 58940896, 63211193, 44734935, - 43939347, 41288075, - ]), - y_minus_x: FieldElement2625([ - 17800790, 19518253, 40108434, 21787760, 23887826, 3149671, 23466177, 23016261, - 10322026, 15313801, - ]), - xy2d: FieldElement2625([ - 26246234, 11968874, 32263343, 28085704, 6830754, 20231401, 51314159, 33452449, - 42659621, 10890803, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 35743198, 43825794, 54448238, 27287163, 83799070, 54046319, 119235514, - 50039361, 92289660, 28219547, - ]), - y_minus_x: FieldElement2625([ - 66522290, 10376443, 34522450, 22268075, 19801892, 10997610, 2276632, 9482883, - 316878, 13820577, - ]), - xy2d: FieldElement2625([ - 57226037, 29044064, 64993357, 16457135, 56008783, 11674995, 30756178, 26039378, - 30696929, 29841583, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 100097781, 23951019, 12499365, 41465219, 56491606, 21622917, 59766047, - 57123466, 34759345, 7392472, - ]), - y_minus_x: FieldElement2625([ - 58253184, 15927860, 9866406, 29905021, 64711949, 16898650, 36699387, 24419436, - 25112946, 30627788, - ]), - xy2d: FieldElement2625([ - 64604801, 33117465, 25621773, 27875660, 15085041, 28074555, 42223985, 20028237, - 5537437, 19640113, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 55883261, 2320284, 57524584, 10149186, 100773065, 5808646, 119341477, 31824763, - 98343453, 39645030, - ]), - y_minus_x: FieldElement2625([ - 57475529, 116425, 26083934, 2897444, 60744427, 30866345, 609720, 15878753, - 60138459, 24519663, - ]), - xy2d: FieldElement2625([ - 39351007, 247743, 51914090, 24551880, 23288160, 23542496, 43239268, 6503645, - 20650474, 1804084, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 106627923, 49010854, 76081380, 42024039, 82749485, 37994278, 70230858, - 56779150, 94951478, 33352103, - ]), - y_minus_x: FieldElement2625([ - 51801891, 2839643, 22530074, 10026331, 4602058, 5048462, 28248656, 5031932, - 55733782, 12714368, - ]), - xy2d: FieldElement2625([ - 20807691, 26283607, 29286140, 11421711, 39232341, 19686201, 45881388, 1035545, - 47375635, 12796919, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 79185725, 52807577, 58323861, 21705509, 42096072, 49955115, 49517368, 20654993, - 70589528, 51926048, - ]), - y_minus_x: FieldElement2625([ - 34747315, 5457596, 28548107, 7833186, 7303070, 21600887, 42745799, 17632556, - 33734809, 2771024, - ]), - xy2d: FieldElement2625([ - 45719598, 421931, 26597266, 6860826, 22486084, 26817260, 49971378, 29344205, - 42556581, 15673396, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 46924223, 35892647, 19788684, 57487908, 63107597, 24813538, 46837679, 38287685, - 70836007, 20619983, - ]), - y_minus_x: FieldElement2625([ - 6120100, 814863, 55314462, 32931715, 6812204, 17806661, 2019593, 7975683, - 31123697, 22595451, - ]), - xy2d: FieldElement2625([ - 30069250, 22119100, 30434653, 2958439, 18399564, 32578143, 12296868, 9204260, - 50676426, 9648164, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 32705413, 32003455, 97814521, 41005496, 55303257, 43186244, 70414129, 38803035, - 108209395, 22176929, - ]), - y_minus_x: FieldElement2625([ - 17219846, 2375039, 35537917, 27978816, 47649184, 9219902, 294711, 15298639, - 2662509, 17257359, - ]), - xy2d: FieldElement2625([ - 65935918, 25995736, 62742093, 29266687, 45762450, 25120105, 32087528, 32331655, - 32247247, 19164571, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 14312609, 34775988, 17395389, 58408721, 62163121, 58424228, 106019982, - 23916613, 51081240, 20175586, - ]), - y_minus_x: FieldElement2625([ - 65680039, 23875441, 57873182, 6549686, 59725795, 33085767, 23046501, 9803137, - 17597934, 2346211, - ]), - xy2d: FieldElement2625([ - 18510781, 15337574, 26171504, 981392, 44867312, 7827555, 43617730, 22231079, - 3059832, 21771562, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 77250443, 39637338, 84938156, 31606788, 76938955, 13613135, 41552228, 28009845, - 33606651, 37146527, - ]), - y_minus_x: FieldElement2625([ - 33114149, 17665080, 40583177, 20211034, 33076704, 8716171, 1151462, 1521897, - 66126199, 26716628, - ]), - xy2d: FieldElement2625([ - 34169699, 29298616, 23947180, 33230254, 34035889, 21248794, 50471177, 3891703, - 26353178, 693168, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 97483084, 35150011, 117333688, 46741361, 71709207, 33961335, 76694157, - 33153763, 31375463, 47924397, - ]), - y_minus_x: FieldElement2625([ - 52738210, 25781902, 1510300, 6434173, 48324075, 27291703, 32732229, 20445593, - 17901440, 16011505, - ]), - xy2d: FieldElement2625([ - 18171223, 21619806, 54608461, 15197121, 56070717, 18324396, 47936623, 17508055, - 8764034, 12309598, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 73084753, 28311243, 47649501, 23872684, 55567586, 14015781, 110551971, - 34782749, 17544095, 22960650, - ]), - y_minus_x: FieldElement2625([ - 5811932, 31839139, 3442886, 31285122, 48741515, 25194890, 49064820, 18144304, - 61543482, 12348899, - ]), - xy2d: FieldElement2625([ - 35709185, 11407554, 25755363, 6891399, 63851926, 14872273, 42259511, 8141294, - 56476330, 32968952, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 121542424, 34248456, 62032718, 46854775, 81124121, 19103037, 124519055, - 22225380, 30944592, 1130208, - ]), - y_minus_x: FieldElement2625([ - 8247747, 26843490, 40546482, 25845122, 52706924, 18905521, 4652151, 2488540, - 23550156, 33283200, - ]), - xy2d: FieldElement2625([ - 17294297, 29765994, 7026747, 15626851, 22990044, 113481, 2267737, 27646286, - 66700045, 33416712, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 83199930, 17300505, 85708115, 40895109, 69246500, 32332774, 63744702, 48105367, - 70369388, 26388160, - ]), - y_minus_x: FieldElement2625([ - 62198760, 20221544, 18550886, 10864893, 50649539, 26262835, 44079994, 20349526, - 54360141, 2701325, - ]), - xy2d: FieldElement2625([ - 58534169, 16099414, 4629974, 17213908, 46322650, 27548999, 57090500, 9276970, - 11329923, 1862132, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 14763057, 17650824, 103299457, 3689865, 70620756, 43867957, 45157775, 45773662, - 58070900, 32614131, - ]), - y_minus_x: FieldElement2625([ - 8894987, 30108338, 6150752, 3013931, 301220, 15693451, 35127648, 30644714, - 51670695, 11595569, - ]), - xy2d: FieldElement2625([ - 15214943, 3537601, 40870142, 19495559, 4418656, 18323671, 13947275, 10730794, - 53619402, 29190761, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 64570539, 41237224, 99867876, 33817540, 104232996, 25598978, 111885603, - 23365795, 68085971, 34254425, - ]), - y_minus_x: FieldElement2625([ - 54642373, 4195083, 57897332, 550903, 51543527, 12917919, 19118110, 33114591, - 36574330, 19216518, - ]), - xy2d: FieldElement2625([ - 31788442, 19046775, 4799988, 7372237, 8808585, 18806489, 9408236, 23502657, - 12493931, 28145115, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 41428258, 5260743, 47873055, 27269961, 63412921, 16566086, 94327144, 36161552, - 29375954, 6024730, - ]), - y_minus_x: FieldElement2625([ - 842132, 30759739, 62345482, 24831616, 26332017, 21148791, 11831879, 6985184, - 57168503, 2854095, - ]), - xy2d: FieldElement2625([ - 62261602, 25585100, 2516241, 27706719, 9695690, 26333246, 16512644, 960770, - 12121869, 16648078, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 51890193, 48221527, 53772634, 35568148, 97707150, 33090294, 35603941, 25672367, - 20237805, 36392843, - ]), - y_minus_x: FieldElement2625([ - 47820798, 4453151, 15298546, 17376044, 22115042, 17581828, 12544293, 20083975, - 1068880, 21054527, - ]), - xy2d: FieldElement2625([ - 57549981, 17035596, 33238497, 13506958, 30505848, 32439836, 58621956, 30924378, - 12521377, 4845654, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 106019188, 44298538, 64150483, 43754095, 74868174, 54020263, 70518210, - 32681031, 127735421, 20668560, - ]), - y_minus_x: FieldElement2625([ - 43547042, 6230155, 46726851, 10655313, 43068279, 21933259, 10477733, 32314216, - 63995636, 13974497, - ]), - xy2d: FieldElement2625([ - 12966261, 15550616, 35069916, 31939085, 21025979, 32924988, 5642324, 7188737, - 18895762, 12629579, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 14741860, 18607545, 89286071, 21833194, 68388604, 41613031, 11758139, 34343875, - 32195180, 37450109, - ]), - y_minus_x: FieldElement2625([ - 10758205, 15755439, 62598914, 9243697, 62229442, 6879878, 64904289, 29988312, - 58126794, 4429646, - ]), - xy2d: FieldElement2625([ - 64654951, 15725972, 46672522, 23143759, 61304955, 22514211, 59972993, 21911536, - 18047435, 18272689, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 41935825, 55801698, 29759954, 45331216, 111955344, 51288407, 78101976, - 54258026, 49488161, 57700395, - ]), - y_minus_x: FieldElement2625([ - 21987233, 700364, 42603816, 14972007, 59334599, 27836036, 32155025, 2581431, - 37149879, 8773374, - ]), - xy2d: FieldElement2625([ - 41540495, 454462, 53896929, 16126714, 25240068, 8594567, 20656846, 12017935, - 59234475, 19634276, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 73137027, 39817509, 103205921, 55807152, 66289943, 36016203, 102376553, - 61640820, 65387074, 30777706, - ]), - y_minus_x: FieldElement2625([ - 54829870, 16624276, 987579, 27631834, 32908202, 1248608, 7719845, 29387734, - 28408819, 6816612, - ]), - xy2d: FieldElement2625([ - 56750770, 25316602, 19549650, 21385210, 22082622, 16147817, 20613181, 13982702, - 56769294, 5067942, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 36602859, 29732664, 79183544, 13582411, 47230892, 35998382, 47389577, 12746131, - 72440074, 57002919, - ]), - y_minus_x: FieldElement2625([ - 30528792, 3601899, 65151774, 4619784, 39747042, 18118043, 24180792, 20984038, - 27679907, 31905504, - ]), - xy2d: FieldElement2625([ - 9402385, 19597367, 32834042, 10838634, 40528714, 20317236, 26653273, 24868867, - 22611443, 20839026, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 89299435, 34672460, 22736440, 48684895, 103757035, 27563109, 86298488, - 62459921, 71963721, 40176570, - ]), - y_minus_x: FieldElement2625([ - 58798126, 30600981, 58846284, 30166382, 56707132, 33282502, 13424425, 29987205, - 26404408, 13001963, - ]), - xy2d: FieldElement2625([ - 35867026, 18138731, 64114613, 8939345, 11562230, 20713762, 41044498, 21932711, - 51703708, 11020692, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 68974887, 59159374, 59210213, 23253421, 12483314, 47031979, 70284499, 21130268, - 28761761, 34961166, - ]), - y_minus_x: FieldElement2625([ - 66660290, 31776765, 13018550, 3194501, 57528444, 22392694, 24760584, 29207344, - 25577410, 20175752, - ]), - xy2d: FieldElement2625([ - 42818486, 4759344, 66418211, 31701615, 2066746, 10693769, 37513074, 9884935, - 57739938, 4745409, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 57967561, 39604145, 47577802, 29213020, 102956929, 43498706, 51646855, - 55797011, 78040786, 21622500, - ]), - y_minus_x: FieldElement2625([ - 50547351, 14112679, 59096219, 4817317, 59068400, 22139825, 44255434, 10856640, - 46638094, 13434653, - ]), - xy2d: FieldElement2625([ - 22759470, 23480998, 50342599, 31683009, 13637441, 23386341, 1765143, 20900106, - 28445306, 28189722, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 29875044, 46048045, 69904399, 63322533, 68819482, 48735613, 56913146, 24765756, - 9074233, 34721612, - ]), - y_minus_x: FieldElement2625([ - 40903181, 11014232, 57266213, 30918946, 40200743, 7532293, 48391976, 24018933, - 3843902, 9367684, - ]), - xy2d: FieldElement2625([ - 56139269, 27150720, 9591133, 9582310, 11349256, 108879, 16235123, 8601684, - 66969667, 4242894, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 89201818, 53917740, 65066069, 21585919, 99295616, 55591475, 60534521, 36025091, - 106800361, 16625499, - ]), - y_minus_x: FieldElement2625([ - 56051142, 3042015, 13770083, 24296510, 584235, 33009577, 59338006, 2602724, - 39757248, 14247412, - ]), - xy2d: FieldElement2625([ - 6314156, 23289540, 34336361, 15957556, 56951134, 168749, 58490057, 14290060, - 27108877, 32373552, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 58522248, 26383465, 80350645, 44514587, 34117848, 19759835, 100656839, - 22495542, 107069276, 34536304, - ]), - y_minus_x: FieldElement2625([ - 22833421, 9293594, 34459416, 19935764, 57971897, 14756818, 44180005, 19583651, - 56629059, 17356469, - ]), - xy2d: FieldElement2625([ - 59340277, 3326785, 38997067, 10783823, 19178761, 14905060, 22680049, 13906969, - 51175174, 3797898, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 88830182, 29341685, 54902740, 42864613, 63226624, 19901321, 90849087, 30845199, - 87600846, 59066711, - ]), - y_minus_x: FieldElement2625([ - 9209251, 18419377, 53852306, 27386633, 66377847, 15289672, 25947805, 15286587, - 30997318, 26851369, - ]), - xy2d: FieldElement2625([ - 7392013, 16618386, 23946583, 25514540, 53843699, 32020573, 52911418, 31232855, - 17649997, 33304352, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 57807757, 52915036, 97718388, 30504888, 41933794, 32270679, 51867297, 24028707, - 64875610, 41216577, - ]), - y_minus_x: FieldElement2625([ - 49550191, 1763593, 33994528, 15908609, 37067994, 21380136, 7335079, 25082233, - 63934189, 3440182, - ]), - xy2d: FieldElement2625([ - 47219164, 27577423, 42997570, 23865561, 10799742, 16982475, 40449, 29122597, - 4862399, 1133, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 34252636, 25680474, 61686474, 48415381, 50789832, 41510573, 74366924, 33866292, - 36513872, 26175010, - ]), - y_minus_x: FieldElement2625([ - 63335436, 31988495, 28985339, 7499440, 24445838, 9325937, 29727763, 16527196, - 18278453, 15405622, - ]), - xy2d: FieldElement2625([ - 62726958, 8508651, 47210498, 29880007, 61124410, 15149969, 53795266, 843522, - 45233802, 13626196, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 69390312, 20067376, 56193445, 30944521, 68988221, 49718638, 56324981, 37508223, - 80449702, 15928662, - ]), - y_minus_x: FieldElement2625([ - 31727126, 26374577, 48671360, 25270779, 2875792, 17164102, 41838969, 26539605, - 43656557, 5964752, - ]), - xy2d: FieldElement2625([ - 4100401, 27594980, 49929526, 6017713, 48403027, 12227140, 40424029, 11344143, - 2538215, 25983677, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 57675240, 6123112, 78268667, 31397823, 97125143, 48520672, 46633880, 35039852, - 66479607, 17595569, - ]), - y_minus_x: FieldElement2625([ - 40304287, 4260918, 11851389, 9658551, 35091757, 16367491, 46903439, 20363143, - 11659921, 22439314, - ]), - xy2d: FieldElement2625([ - 26180377, 10015009, 36264640, 24973138, 5418196, 9480663, 2231568, 23384352, - 33100371, 32248261, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 82229958, 28352560, 56718958, 48982252, 39598926, 17561924, 88779810, 38041106, - 61177053, 19088051, - ]), - y_minus_x: FieldElement2625([ - 16166467, 24070699, 56004733, 6023907, 35182066, 32189508, 2340059, 17299464, - 56373093, 23514607, - ]), - xy2d: FieldElement2625([ - 28042865, 29997343, 54982337, 12259705, 63391366, 26608532, 6766452, 24864833, - 18036435, 5803270, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 66291264, 40318343, 78912424, 35140016, 78067310, 30883266, 23855390, 4598332, - 60949433, 19436993, - ]), - y_minus_x: FieldElement2625([ - 36077558, 19298237, 17332028, 31170912, 31312681, 27587249, 696308, 50292, - 47013125, 11763583, - ]), - xy2d: FieldElement2625([ - 66514282, 31040148, 34874710, 12643979, 12650761, 14811489, 665117, 20940800, - 47335652, 22840869, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 97573435, 55845991, 62981386, 20819953, 86944190, 60003250, 109821551, - 35630203, 50088706, 34546902, - ]), - y_minus_x: FieldElement2625([ - 18357166, 26559999, 7766381, 16342475, 37783946, 411173, 14578841, 8080033, - 55534529, 22952821, - ]), - xy2d: FieldElement2625([ - 19598397, 10334610, 12555054, 2555664, 18821899, 23214652, 21873262, 16014234, - 26224780, 16452269, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 36884920, 5145195, 73053412, 49940397, 71085598, 35564328, 122839923, 25936244, - 46575034, 37253081, - ]), - y_minus_x: FieldElement2625([ - 14187449, 3448569, 56472628, 22743496, 44444983, 30120835, 7268409, 22663988, - 27394300, 12015369, - ]), - xy2d: FieldElement2625([ - 19695742, 16087646, 28032085, 12999827, 6817792, 11427614, 20244189, 32241655, - 53849736, 30151970, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 97968948, 12735207, 65220619, 28854697, 50133957, 35811371, 126051714, - 45852742, 58558339, 23160969, - ]), - y_minus_x: FieldElement2625([ - 61389038, 22309106, 65198214, 15569034, 26642876, 25966672, 61319509, 18435777, - 62132699, 12651792, - ]), - xy2d: FieldElement2625([ - 64260450, 9953420, 11531313, 28271553, 26895122, 20857343, 53990043, 17036529, - 9768697, 31021214, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 109498250, 35449081, 66821165, 28850346, 82457582, 25397901, 32767512, - 46319882, 72048958, 44232657, - ]), - y_minus_x: FieldElement2625([ - 18860224, 15980149, 48121624, 31991861, 40875851, 22482575, 59264981, 13944023, - 42736516, 16582018, - ]), - xy2d: FieldElement2625([ - 51604604, 4970267, 37215820, 4175592, 46115652, 31354675, 55404809, 15444559, - 56105103, 7989036, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 98599278, 39122492, 64696060, 35736814, 34772016, 38086117, 35030594, 39754637, - 47422750, 52308692, - ]), - y_minus_x: FieldElement2625([ - 49800177, 17674491, 35586086, 33551600, 34221481, 16375548, 8680158, 17182719, - 28550067, 26697300, - ]), - xy2d: FieldElement2625([ - 38981977, 27866340, 16837844, 31733974, 60258182, 12700015, 37068883, 4364037, - 1155602, 5988841, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 88999280, 20281524, 121593716, 12154347, 59276991, 48854927, 90257846, - 29083950, 91727270, 41837612, - ]), - y_minus_x: FieldElement2625([ - 33972757, 23041680, 9975415, 6841041, 35549071, 16356535, 3070187, 26528504, - 1466168, 10740210, - ]), - xy2d: FieldElement2625([ - 65599446, 18066246, 53605478, 22898515, 32799043, 909394, 53169961, 27774712, - 34944214, 18227391, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 71069668, 19286628, 39082773, 51190812, 47704004, 46701299, 82676190, 34505938, - 63848542, 32980496, - ]), - y_minus_x: FieldElement2625([ - 24740822, 5052253, 37014733, 8961360, 25877428, 6165135, 42740684, 14397371, - 59728495, 27410326, - ]), - xy2d: FieldElement2625([ - 38220480, 3510802, 39005586, 32395953, 55870735, 22922977, 51667400, 19101303, - 65483377, 27059617, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 67902144, 24323953, 75945165, 27318724, 39747955, 31184838, 100261706, - 62223612, 57202662, 32932579, - ]), - y_minus_x: FieldElement2625([ - 5666214, 525582, 20782575, 25516013, 42570364, 14657739, 16099374, 1468826, - 60937436, 18367850, - ]), - xy2d: FieldElement2625([ - 62249590, 29775088, 64191105, 26806412, 7778749, 11688288, 36704511, 23683193, - 65549940, 23690785, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 10896313, 25834728, 67933138, 34027032, 114757419, 36564017, 25248957, - 48337770, 36527387, 17796587, - ]), - y_minus_x: FieldElement2625([ - 10566929, 12612572, 35164652, 11118702, 54475488, 12362878, 21752402, 8822496, - 24003793, 14264025, - ]), - xy2d: FieldElement2625([ - 27713843, 26198459, 56100623, 9227529, 27050101, 2504721, 23886875, 20436907, - 13958494, 27821979, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 110736080, 38421656, 39861735, 37454952, 29838368, 25342141, 102328328, - 23512649, 74449384, 51698795, - ]), - y_minus_x: FieldElement2625([ - 4646495, 25543308, 44342840, 22021777, 23184552, 8566613, 31366726, 32173371, - 52042079, 23179239, - ]), - xy2d: FieldElement2625([ - 49838347, 12723031, 50115803, 14878793, 21619651, 27356856, 27584816, 3093888, - 58265170, 3849920, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 58043933, 35657603, 92670503, 51983125, 61869038, 43137389, 99585908, 24536476, - 72111157, 18004172, - ]), - y_minus_x: FieldElement2625([ - 55051311, 22376525, 21115584, 20189277, 8808711, 21523724, 16489529, 13378448, - 41263148, 12741425, - ]), - xy2d: FieldElement2625([ - 61162478, 10645102, 36197278, 15390283, 63821882, 26435754, 24306471, 15852464, - 28834118, 25908360, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 49773097, 24447374, 109686448, 42989383, 58636779, 32971069, 54018092, - 34010272, 87570721, 39045736, - ]), - y_minus_x: FieldElement2625([ - 13669229, 17458950, 54626889, 23351392, 52539093, 21661233, 42112877, 11293806, - 38520660, 24132599, - ]), - xy2d: FieldElement2625([ - 28497909, 6272777, 34085870, 14470569, 8906179, 32328802, 18504673, 19389266, - 29867744, 24758489, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 50901822, 47071627, 39309233, 19856633, 24009063, 60734973, 60741262, 53933471, - 22853427, 29542421, - ]), - y_minus_x: FieldElement2625([ - 24191359, 16712145, 53177067, 15217830, 14542237, 1646131, 18603514, 22516545, - 12876622, 31441985, - ]), - xy2d: FieldElement2625([ - 17902668, 4518229, 66697162, 30725184, 26878216, 5258055, 54248111, 608396, - 16031844, 3723494, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 105584936, 12763726, 46662418, 41131935, 33001347, 54091119, 17558840, - 59235974, 23896952, 29240187, - ]), - y_minus_x: FieldElement2625([ - 47103464, 21542479, 31520463, 605201, 2543521, 5991821, 64163800, 7229063, - 57189218, 24727572, - ]), - xy2d: FieldElement2625([ - 28816026, 298879, 38943848, 17633493, 19000927, 31888542, 54428030, 30605106, - 49057085, 31471516, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 16000882, 33209536, 70601955, 55661665, 37604267, 20394642, 79686603, 49595699, - 47393623, 7847706, - ]), - y_minus_x: FieldElement2625([ - 10151868, 10572098, 27312476, 7922682, 14825339, 4723128, 34252933, 27035413, - 57088296, 3852847, - ]), - xy2d: FieldElement2625([ - 55678375, 15697595, 45987307, 29133784, 5386313, 15063598, 16514493, 17622322, - 29330898, 18478208, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 41609110, 29175637, 51885955, 26653220, 83724594, 35606215, 70412565, 33569921, - 106668931, 45868821, - ]), - y_minus_x: FieldElement2625([ - 15683501, 27551389, 18109119, 23573784, 15337967, 27556609, 50391428, 15921865, - 16103996, 29823217, - ]), - xy2d: FieldElement2625([ - 43939021, 22773182, 13588191, 31925625, 63310306, 32479502, 47835256, 5402698, - 37293151, 23713330, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 90299521, 35939014, 34394523, 37016585, 104314072, 32025298, 55842007, 8911516, - 109011869, 36294143, - ]), - y_minus_x: FieldElement2625([ - 21374101, 30000182, 33584214, 9874410, 15377179, 11831242, 33578960, 6134906, - 4931255, 11987849, - ]), - xy2d: FieldElement2625([ - 67101132, 30575573, 50885377, 7277596, 105524, 33232381, 35628324, 13861387, - 37032554, 10117929, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 37607694, 22809559, 40945095, 13051538, 41483300, 38644074, 127892224, - 40258509, 79998882, 15728939, - ]), - y_minus_x: FieldElement2625([ - 45136504, 21783052, 66157804, 29135591, 14704839, 2695116, 903376, 23126293, - 12885166, 8311031, - ]), - xy2d: FieldElement2625([ - 49592363, 5352193, 10384213, 19742774, 7506450, 13453191, 26423267, 4384730, - 1888765, 28119028, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 108400371, 64001550, 120723127, 30371924, 98005322, 19632702, 101966083, - 20846561, 47644429, 30214188, - ]), - y_minus_x: FieldElement2625([ - 43500868, 30888657, 66582772, 4651135, 5765089, 4618330, 6092245, 14845197, - 17151279, 23700316, - ]), - xy2d: FieldElement2625([ - 42278406, 20820711, 51942885, 10367249, 37577956, 33289075, 22825804, 26467153, - 50242379, 16176524, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 43525570, 40119392, 87172552, 37352659, 129477549, 40913655, 69115045, - 23191005, 38362610, 56911354, - ]), - y_minus_x: FieldElement2625([ - 56482264, 29068029, 53788301, 28429114, 3432135, 27161203, 23632036, 31613822, - 32808309, 1099883, - ]), - xy2d: FieldElement2625([ - 15030958, 5768825, 39657628, 30667132, 60681485, 18193060, 51830967, 26745081, - 2051440, 18328567, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 63746522, 26315059, 74626753, 43379423, 90664713, 33849800, 72257261, 52954675, - 44422508, 50188091, - ]), - y_minus_x: FieldElement2625([ - 4577067, 16802144, 13249840, 18250104, 19958762, 19017158, 18559669, 22794883, - 8402477, 23690159, - ]), - xy2d: FieldElement2625([ - 38702534, 32502850, 40318708, 32646733, 49896449, 22523642, 9453450, 18574360, - 17983009, 9967138, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 41346351, 40079153, 93694351, 43523701, 24709297, 34774792, 65430873, 7806336, - 84616260, 37205991, - ]), - y_minus_x: FieldElement2625([ - 56688388, 29436320, 14584638, 15971087, 51340543, 8861009, 26556809, 27979875, - 48555541, 22197296, - ]), - xy2d: FieldElement2625([ - 2839082, 14284142, 4029895, 3472686, 14402957, 12689363, 40466743, 8459446, - 61503401, 25932490, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 62269556, 30018987, 76853824, 2871047, 92222842, 36741449, 109106914, 32705364, - 84366947, 25576692, - ]), - y_minus_x: FieldElement2625([ - 18164541, 22959256, 49953981, 32012014, 19237077, 23809137, 23357532, 18337424, - 26908269, 12150756, - ]), - xy2d: FieldElement2625([ - 36843994, 25906566, 5112248, 26517760, 65609056, 26580174, 43167, 28016731, - 34806789, 16215818, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 60209940, 43378825, 54804084, 29153342, 102820586, 27277595, 99683352, - 46087336, 59605791, 24879084, - ]), - y_minus_x: FieldElement2625([ - 39765323, 17038963, 39957339, 22831480, 946345, 16291093, 254968, 7168080, - 21676107, 31611404, - ]), - xy2d: FieldElement2625([ - 21260942, 25129680, 50276977, 21633609, 43430902, 3968120, 63456915, 27338965, - 63552672, 25641356, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 16544735, 46804798, 50304435, 49100673, 62525860, 46311689, 64646555, 24874095, - 48201831, 23891632, - ]), - y_minus_x: FieldElement2625([ - 64693606, 17976703, 18312302, 4964443, 51836334, 20900867, 26820650, 16690659, - 25459437, 28989823, - ]), - xy2d: FieldElement2625([ - 41964155, 11425019, 28423002, 22533875, 60963942, 17728207, 9142794, 31162830, - 60676445, 31909614, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 44004193, 39807907, 16964146, 29785560, 109103755, 54812425, 39651637, - 50764205, 73444554, 40804420, - ]), - y_minus_x: FieldElement2625([ - 36775618, 13979674, 7503222, 21186118, 55152142, 28932738, 36836594, 2682241, - 25993170, 21075909, - ]), - xy2d: FieldElement2625([ - 4364628, 5930691, 32304656, 23509878, 59054082, 15091130, 22857016, 22955477, - 31820367, 15075278, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 98987979, 24635738, 84367624, 33645057, 126175891, 28636721, 91271651, - 23903545, 116247489, 46387475, - ]), - y_minus_x: FieldElement2625([ - 19073683, 14851414, 42705695, 21694263, 7625277, 11091125, 47489674, 2074448, - 57694925, 14905376, - ]), - xy2d: FieldElement2625([ - 24483648, 21618865, 64589997, 22007013, 65555733, 15355505, 41826784, 9253128, - 27628530, 25998952, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 84706452, 41895034, 86464480, 34106618, 26198469, 30377849, 71702187, 24396849, - 120106852, 48851446, - ]), - y_minus_x: FieldElement2625([ - 510886, 14337390, 35323607, 16638631, 6328095, 2713355, 46891447, 21690211, - 8683220, 2921426, - ]), - xy2d: FieldElement2625([ - 18606791, 11874196, 27155355, 28272950, 43077121, 6265445, 41930624, 32275507, - 4674689, 13890525, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 13609605, 13069022, 106845367, 20498522, 91469449, 43147405, 82086020, - 43389536, 71498550, 33842827, - ]), - y_minus_x: FieldElement2625([ - 9922506, 33035038, 13613106, 5883594, 48350519, 33120168, 54804801, 8317627, - 23388070, 16052080, - ]), - xy2d: FieldElement2625([ - 12719997, 11937594, 35138804, 28525742, 26900119, 8561328, 46953177, 21921452, - 52354592, 22741539, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 83070703, 47704840, 93825794, 32888599, 111423399, 47157999, 78938436, - 41022275, 38286735, 34483706, - ]), - y_minus_x: FieldElement2625([ - 11038231, 21972036, 39798381, 26237869, 56610336, 17246600, 43629330, 24182562, - 45715720, 2465073, - ]), - xy2d: FieldElement2625([ - 20017144, 29231206, 27915241, 1529148, 12396362, 15675764, 13817261, 23896366, - 2463390, 28932292, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 50749967, 20890520, 122152544, 38550884, 65852441, 34628003, 76692421, - 12851106, 71112760, 46228148, - ]), - y_minus_x: FieldElement2625([ - 65377275, 18398561, 63845933, 16143081, 19294135, 13385325, 14741514, 24450706, - 7903885, 2348101, - ]), - xy2d: FieldElement2625([ - 24536016, 17039225, 12715591, 29692277, 1511292, 10047386, 63266518, 26425272, - 38731325, 10048126, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 54486638, 27349611, 97827688, 2591311, 56491836, 12192839, 85982162, 59811773, - 34811106, 15221631, - ]), - y_minus_x: FieldElement2625([ - 40630742, 22450567, 11546243, 31701949, 9180879, 7656409, 45764914, 2095754, - 29769758, 6593415, - ]), - xy2d: FieldElement2625([ - 35114656, 30646970, 4176911, 3264766, 12538965, 32686321, 26312344, 27435754, - 30958053, 8292160, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 98538667, 53149747, 96282394, 15632447, 12174511, 64348770, 99917693, 37531617, - 93251999, 30405555, - ]), - y_minus_x: FieldElement2625([ - 22648882, 1402143, 44308880, 13746058, 7936347, 365344, 58440231, 31879998, - 63350620, 31249806, - ]), - xy2d: FieldElement2625([ - 51616947, 8012312, 64594134, 20851969, 43143017, 23300402, 65496150, 32018862, - 50444388, 8194477, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 27338047, 26047012, 59694639, 10140404, 48082437, 26964542, 94386054, 42409807, - 95681149, 36559595, - ]), - y_minus_x: FieldElement2625([ - 26287105, 4821776, 25476601, 29408529, 63344350, 17765447, 49100281, 1182478, - 41014043, 20474836, - ]), - xy2d: FieldElement2625([ - 59937691, 3178079, 23970071, 6201893, 49913287, 29065239, 45232588, 19571804, - 32208682, 32356184, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 50451143, 36372074, 56822501, 14811297, 73133531, 46903936, 39793359, 56611021, - 39436277, 22014573, - ]), - y_minus_x: FieldElement2625([ - 15941010, 24148500, 45741813, 8062054, 31876073, 33315803, 51830470, 32110002, - 15397330, 29424239, - ]), - xy2d: FieldElement2625([ - 8934485, 20068965, 43822466, 20131190, 34662773, 14047985, 31170398, 32113411, - 39603297, 15087183, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 115860466, 31397939, 24524912, 16876564, 82629290, 27193655, 118715321, - 11461894, 83897392, 27685489, - ]), - y_minus_x: FieldElement2625([ - 65161459, 16013772, 21750665, 3714552, 49707082, 17498998, 63338576, 23231111, - 31322513, 21938797, - ]), - xy2d: FieldElement2625([ - 21426636, 27904214, 53460576, 28206894, 38296674, 28633461, 48833472, 18933017, - 13040861, 21441484, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 78402740, 46032517, 107081326, 48638180, 104910306, 14748870, 14555558, - 20137329, 68722574, 38451366, - ]), - y_minus_x: FieldElement2625([ - 41213962, 15323293, 58619073, 25496531, 25967125, 20128972, 2825959, 28657387, - 43137087, 22287016, - ]), - xy2d: FieldElement2625([ - 51184079, 28324551, 49665331, 6410663, 3622847, 10243618, 20615400, 12405433, - 43355834, 25118015, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 127126414, 46110638, 114026375, 9025185, 50036385, 4333800, 71487300, 35986461, - 23097948, 32988414, - ]), - y_minus_x: FieldElement2625([ - 4565804, 17528778, 20084411, 25711615, 1724998, 189254, 24767264, 10103221, - 48596551, 2424777, - ]), - xy2d: FieldElement2625([ - 366633, 21577626, 8173089, 26664313, 30788633, 5745705, 59940186, 1344108, - 63466311, 12412658, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 110215918, 41244716, 82038279, 33386174, 102006892, 53695876, 91271559, - 51782359, 63967361, 44733816, - ]), - y_minus_x: FieldElement2625([ - 18289503, 18829478, 8056944, 16430056, 45379140, 7842513, 61107423, 32067534, - 48424218, 22110928, - ]), - xy2d: FieldElement2625([ - 476239, 6601091, 60956074, 23831056, 17503544, 28690532, 27672958, 13403813, - 11052904, 5219329, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 87787372, 25178693, 34436965, 42403554, 129207969, 48129182, 98295834, - 29580701, 9014761, 58529808, - ]), - y_minus_x: FieldElement2625([ - 53464795, 23204192, 51146355, 5075807, 65594203, 22019831, 34006363, 9160279, - 8473550, 30297594, - ]), - xy2d: FieldElement2625([ - 24900749, 14435722, 17209120, 18261891, 44516588, 9878982, 59419555, 17218610, - 42540382, 11788947, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 63990690, 22159237, 53306774, 48351872, 76761311, 26708527, 47071426, 43965164, - 42540393, 32095740, - ]), - y_minus_x: FieldElement2625([ - 51449703, 16736705, 44641714, 10215877, 58011687, 7563910, 11871841, 21049238, - 48595538, 8464117, - ]), - xy2d: FieldElement2625([ - 43708233, 8348506, 52522913, 32692717, 63158658, 27181012, 14325288, 8628612, - 33313881, 25183915, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 46921853, 28586496, 89476219, 38825978, 66011746, 28765593, 109412060, - 23317576, 58168128, 61290594, - ]), - y_minus_x: FieldElement2625([ - 60160060, 31759219, 34483180, 17533252, 32635413, 26180187, 15989196, 20716244, - 28358191, 29300528, - ]), - xy2d: FieldElement2625([ - 43547083, 30755372, 34757181, 31892468, 57961144, 10429266, 50471180, 4072015, - 61757200, 5596588, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 105981130, 30164382, 79421759, 39767609, 3117141, 49632997, 29266238, 36111653, - 68877164, 15373192, - ]), - y_minus_x: FieldElement2625([ - 59865506, 30307471, 62515396, 26001078, 66980936, 32642186, 66017961, 29049440, - 42448372, 3442909, - ]), - xy2d: FieldElement2625([ - 36898293, 5124042, 14181784, 8197961, 18964734, 21615339, 22597930, 7176455, - 48523386, 13365929, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 59231455, 32054473, 75433536, 38244510, 73370723, 34444877, 24538106, 24984246, - 57419264, 30522764, - ]), - y_minus_x: FieldElement2625([ - 25008885, 22782833, 62803832, 23916421, 16265035, 15721635, 683793, 21730648, - 15723478, 18390951, - ]), - xy2d: FieldElement2625([ - 57448220, 12374378, 40101865, 26528283, 59384749, 21239917, 11879681, 5400171, - 519526, 32318556, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 22258378, 50776631, 59239045, 14613015, 44588609, 30603508, 46754982, 40870398, - 16648396, 41160072, - ]), - y_minus_x: FieldElement2625([ - 59027556, 25089834, 58885552, 9719709, 19259459, 18206220, 23994941, 28272877, - 57640015, 4763277, - ]), - xy2d: FieldElement2625([ - 45409620, 9220968, 51378240, 1084136, 41632757, 30702041, 31088446, 25789909, - 55752334, 728111, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 26047201, 55357393, 127317403, 50587064, 91200930, 9158118, 62835319, 20998873, - 104852291, 28056158, - ]), - y_minus_x: FieldElement2625([ - 17510331, 33231575, 5854288, 8403524, 17133918, 30441820, 38997856, 12327944, - 10750447, 10014012, - ]), - xy2d: FieldElement2625([ - 56796096, 3936951, 9156313, 24656749, 16498691, 32559785, 39627812, 32887699, - 3424690, 7540221, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 97431206, 26590321, 78469868, 29411114, 74542167, 4989747, 127146306, 50791643, - 57864597, 48812477, - ]), - y_minus_x: FieldElement2625([ - 13054543, 30774935, 19155473, 469045, 54626067, 4566041, 5631406, 2711395, - 1062915, 28418087, - ]), - xy2d: FieldElement2625([ - 47868616, 22299832, 37599834, 26054466, 61273100, 13005410, 61042375, 12194496, - 32960380, 1459310, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 86960860, 40582355, 90778216, 43574797, 75695366, 26896524, 67503060, 27452546, - 85746866, 55933926, - ]), - y_minus_x: FieldElement2625([ - 31395515, 15098109, 26581030, 8030562, 50580950, 28547297, 9012485, 25970078, - 60465776, 28111795, - ]), - xy2d: FieldElement2625([ - 57916680, 31207054, 65111764, 4529533, 25766844, 607986, 67095642, 9677542, - 34813975, 27098423, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 64664330, 33404494, 96457765, 8186664, 68982624, 12489862, 103283149, 25714738, - 59256019, 58970434, - ]), - y_minus_x: FieldElement2625([ - 51872508, 18120922, 7766469, 746860, 26346930, 23332670, 39775412, 10754587, - 57677388, 5203575, - ]), - xy2d: FieldElement2625([ - 31834314, 14135496, 66338857, 5159117, 20917671, 16786336, 59640890, 26216907, - 31809242, 7347066, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 57502122, 21680191, 87523322, 46588417, 80825387, 21862550, 86906833, 21343176, - 82301739, 31466941, - ]), - y_minus_x: FieldElement2625([ - 54445282, 31372712, 1168161, 29749623, 26747876, 19416341, 10609329, 12694420, - 33473243, 20172328, - ]), - xy2d: FieldElement2625([ - 33184999, 11180355, 15832085, 22169002, 65475192, 225883, 15089336, 22530529, - 60973201, 14480052, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 98417562, 27934433, 98139703, 31657332, 82783410, 26971548, 72605071, 13685226, - 27595050, 42291707, - ]), - y_minus_x: FieldElement2625([ - 46790012, 18404192, 10933842, 17376410, 8335351, 26008410, 36100512, 20943827, - 26498113, 66511, - ]), - xy2d: FieldElement2625([ - 22644435, 24792703, 50437087, 4884561, 64003250, 19995065, 30540765, 29267685, - 53781076, 26039336, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 106199862, 9834843, 85726071, 30873119, 63706907, 53801357, 75314402, 13585436, - 117090263, 48669869, - ]), - y_minus_x: FieldElement2625([ - 23711543, 32881517, 31206560, 25191721, 6164646, 23844445, 33572981, 32128335, - 8236920, 16492939, - ]), - xy2d: FieldElement2625([ - 43198286, 20038905, 40809380, 29050590, 25005589, 25867162, 19574901, 10071562, - 6708380, 27332008, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 69210217, 28624377, 86811594, 35922006, 118790560, 34602105, 72409880, - 42883131, 29955600, 55430554, - ]), - y_minus_x: FieldElement2625([ - 3096359, 9271816, 45488000, 18032587, 52260867, 25961494, 41216721, 20918836, - 57191288, 6216607, - ]), - xy2d: FieldElement2625([ - 34493015, 338662, 41913253, 2510421, 37895298, 19734218, 24822829, 27407865, - 40341383, 7525078, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 44042196, 53123240, 83242349, 25658253, 130828162, 34333218, 66198527, - 30771936, 47722230, 45548532, - ]), - y_minus_x: FieldElement2625([ - 21691500, 19929806, 66467532, 19187410, 3285880, 30070836, 42044197, 9718257, - 59631427, 13381417, - ]), - xy2d: FieldElement2625([ - 18445390, 29352196, 14979845, 11622458, 65381754, 29971451, 23111647, 27179185, - 28535281, 15779576, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 30098034, 36644094, 124983340, 16662133, 45801924, 44862842, 53040409, - 12021729, 77064149, 17251075, - ]), - y_minus_x: FieldElement2625([ - 9734894, 18977602, 59635230, 24415696, 2060391, 11313496, 48682835, 9924398, - 20194861, 13380996, - ]), - xy2d: FieldElement2625([ - 40730762, 25589224, 44941042, 15789296, 49053522, 27385639, 65123949, 15707770, - 26342023, 10146099, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 41091971, 33334488, 88448054, 33513043, 86854119, 30675731, 37471583, 35781471, - 21612325, 33008704, - ]), - y_minus_x: FieldElement2625([ - 54031477, 1184227, 23562814, 27583990, 46757619, 27205717, 25764460, 12243797, - 46252298, 11649657, - ]), - xy2d: FieldElement2625([ - 57077370, 11262625, 27384172, 2271902, 26947504, 17556661, 39943, 6114064, - 33514190, 2333242, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 112784121, 54687041, 75228644, 40774344, 45278341, 58092729, 60429112, - 54438225, 91459440, 20104430, - ]), - y_minus_x: FieldElement2625([ - 62992557, 22282898, 43222677, 4843614, 37020525, 690622, 35572776, 23147595, - 8317859, 12352766, - ]), - xy2d: FieldElement2625([ - 18200138, 19078521, 34021104, 30857812, 43406342, 24451920, 43556767, 31266881, - 20712162, 6719373, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 26656189, 39629685, 59250307, 35440503, 105873684, 37816756, 78226393, - 29791221, 26224234, 30256974, - ]), - y_minus_x: FieldElement2625([ - 49939907, 18700334, 63713187, 17184554, 47154818, 14050419, 21728352, 9493610, - 18620611, 17125804, - ]), - xy2d: FieldElement2625([ - 53785524, 13325348, 11432106, 5964811, 18609221, 6062965, 61839393, 23828875, - 36407290, 17074774, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 43248307, 55875704, 94070219, 35195292, 34695751, 16816491, 79357372, 28313792, - 80844205, 35488493, - ]), - y_minus_x: FieldElement2625([ - 25089769, 6742589, 17081145, 20148166, 21909292, 17486451, 51972569, 29789085, - 45830866, 5473615, - ]), - xy2d: FieldElement2625([ - 31883658, 25593331, 1083431, 21982029, 22828470, 13290673, 59983779, 12469655, - 29111212, 28103418, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 91353792, 52058456, 107954750, 36345970, 52111264, 50221109, 91476329, - 39943270, 56813276, 34006814, - ]), - y_minus_x: FieldElement2625([ - 41468082, 30136590, 5217915, 16224624, 19987036, 29472163, 42872612, 27639183, - 15766061, 8407814, - ]), - xy2d: FieldElement2625([ - 46701865, 13990230, 15495425, 16395525, 5377168, 15166495, 58191841, 29165478, - 59040954, 2276717, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 30157899, 46478498, 116505677, 42800183, 87003891, 36922573, 43281276, - 38650650, 89849239, 26251014, - ]), - y_minus_x: FieldElement2625([ - 2041139, 19298082, 7783686, 13876377, 41161879, 20201972, 24051123, 13742383, - 51471265, 13295221, - ]), - xy2d: FieldElement2625([ - 33338218, 25048699, 12532112, 7977527, 9106186, 31839181, 49388668, 28941459, - 62657506, 18884987, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 47063564, 39008528, 52762315, 40001577, 28862070, 35438083, 64639597, 29412551, - 74879432, 43175028, - ]), - y_minus_x: FieldElement2625([ - 23208049, 7979712, 33071466, 8149229, 1758231, 22719437, 30945527, 31860109, - 33606523, 18786461, - ]), - xy2d: FieldElement2625([ - 1439939, 17283952, 66028874, 32760649, 4625401, 10647766, 62065063, 1220117, - 30494170, 22113633, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 62071265, 20526136, 64138304, 30492664, 82749837, 26852765, 40369837, 34480481, - 65424524, 20220784, - ]), - y_minus_x: FieldElement2625([ - 13908495, 30005160, 30919927, 27280607, 45587000, 7989038, 9021034, 9078865, - 3353509, 4033511, - ]), - xy2d: FieldElement2625([ - 37445433, 18440821, 32259990, 33209950, 24295848, 20642309, 23161162, 8839127, - 27485041, 7356032, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 76769853, 34259874, 79088928, 28184277, 65480320, 14661172, 60762722, 36179446, - 95539899, 50337029, - ]), - y_minus_x: FieldElement2625([ - 43269631, 25243016, 41163352, 7480957, 49427195, 25200248, 44562891, 14150564, - 15970762, 4099461, - ]), - xy2d: FieldElement2625([ - 29262576, 16756590, 26350592, 24760869, 8529670, 22346382, 13617292, 23617289, - 11465738, 8317062, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 41615764, 26591503, 99609063, 24135380, 44070139, 31252209, 82007500, 37402886, - 88078197, 28396915, - ]), - y_minus_x: FieldElement2625([ - 46724414, 19206718, 48772458, 13884721, 34069410, 2842113, 45498038, 29904543, - 11177094, 14989547, - ]), - xy2d: FieldElement2625([ - 42612143, 21838415, 16959895, 2278463, 12066309, 10137771, 13515641, 2581286, - 38621356, 9930239, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 49357223, 31456605, 83653163, 54099563, 118302919, 18605349, 18345766, - 53705111, 83400343, 28240393, - ]), - y_minus_x: FieldElement2625([ - 33879670, 2553287, 32678213, 9875984, 8534129, 6889387, 57432090, 6957616, - 4368891, 9788741, - ]), - xy2d: FieldElement2625([ - 16660737, 7281060, 56278106, 12911819, 20108584, 25452756, 45386327, 24941283, - 16250551, 22443329, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 47343357, 35944957, 117666696, 14161978, 69014150, 39969338, 71798447, - 10604806, 104027325, 4782745, - ]), - y_minus_x: FieldElement2625([ - 65754325, 14736940, 59741422, 20261545, 7710541, 19398842, 57127292, 4383044, - 22546403, 437323, - ]), - xy2d: FieldElement2625([ - 31665558, 21373968, 50922033, 1491338, 48740239, 3294681, 27343084, 2786261, - 36475274, 19457415, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 52641566, 32870716, 33734756, 41002983, 19294359, 14334329, 47418233, 35909750, - 47824192, 27440058, - ]), - y_minus_x: FieldElement2625([ - 15121312, 17758270, 6377019, 27523071, 56310752, 20596586, 18952176, 15496498, - 37728731, 11754227, - ]), - xy2d: FieldElement2625([ - 64471568, 20071356, 8488726, 19250536, 12728760, 31931939, 7141595, 11724556, - 22761615, 23420291, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 16918416, 11729663, 49025285, 36577418, 103201995, 53769203, 38367677, - 21327038, 32851221, 11717399, - ]), - y_minus_x: FieldElement2625([ - 11166615, 7338049, 60386341, 4531519, 37640192, 26252376, 31474878, 3483633, - 65915689, 29523600, - ]), - xy2d: FieldElement2625([ - 66923210, 9921304, 31456609, 20017994, 55095045, 13348922, 33142652, 6546660, - 47123585, 29606055, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 101757113, 44821142, 55911756, 25655328, 31703693, 37410335, 58571732, - 20721383, 36336829, 18068118, - ]), - y_minus_x: FieldElement2625([ - 49102387, 12709067, 3991746, 27075244, 45617340, 23004006, 35973516, 17504552, - 10928916, 3011958, - ]), - xy2d: FieldElement2625([ - 60151107, 17960094, 31696058, 334240, 29576716, 14796075, 36277808, 20749251, - 18008030, 10258577, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 44660220, 49210000, 74127342, 29144428, 36794597, 32352840, 65255398, 34921551, - 92236737, 6671742, - ]), - y_minus_x: FieldElement2625([ - 29701166, 19180498, 56230743, 9279287, 67091296, 13127209, 21382910, 11042292, - 25838796, 4642684, - ]), - xy2d: FieldElement2625([ - 46678630, 14955536, 42982517, 8124618, 61739576, 27563961, 30468146, 19653792, - 18423288, 4177476, - ]), - }, - ]), - ]); - -/// Odd multiples of the basepoint `[B, 3B, 5B, 7B, 9B, 11B, 13B, 15B, ..., 127B]`. -pub(crate) const AFFINE_ODD_MULTIPLES_OF_BASEPOINT: NafLookupTable8 = - NafLookupTable8([ - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 93076338, 52752828, 29566454, 37215328, 54414518, 37569218, 94653489, 21800160, - 61029707, 35602036, - ]), - y_minus_x: FieldElement2625([ - 54563134, 934261, 64385954, 3049989, 66381436, 9406985, 12720692, 5043384, - 19500929, 18085054, - ]), - xy2d: FieldElement2625([ - 58370664, 4489569, 9688441, 18769238, 10184608, 21191052, 29287918, 11864899, - 42594502, 29115885, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 82745136, 23865874, 24204772, 25642034, 67725840, 16869169, 94896463, 52336674, - 28944398, 32004408, - ]), - y_minus_x: FieldElement2625([ - 16568933, 4717097, 55552716, 32452109, 15682895, 21747389, 16354576, 21778470, - 7689661, 11199574, - ]), - xy2d: FieldElement2625([ - 30464137, 27578307, 55329429, 17883566, 23220364, 15915852, 7512774, 10017326, - 49359771, 23634074, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 77970208, 11473153, 27284546, 35535607, 37044514, 46132292, 99976748, 48069538, - 118779423, 44373810, - ]), - y_minus_x: FieldElement2625([ - 4708026, 6336745, 20377586, 9066809, 55836755, 6594695, 41455196, 12483687, - 54440373, 5581305, - ]), - xy2d: FieldElement2625([ - 19563141, 16186464, 37722007, 4097518, 10237984, 29206317, 28542349, 13850243, - 43430843, 17738489, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 72262591, 43463716, 68832610, 30776557, 97632468, 39071304, 86589715, 38784565, - 43156424, 18378665, - ]), - y_minus_x: FieldElement2625([ - 36839857, 30090922, 7665485, 10083793, 28475525, 1649722, 20654025, 16520125, - 30598449, 7715701, - ]), - xy2d: FieldElement2625([ - 28881826, 14381568, 9657904, 3680757, 46927229, 7843315, 35708204, 1370707, - 29794553, 32145132, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 44589852, 26862249, 14201701, 24808930, 43598457, 42399157, 85583074, 32192981, - 54046167, 47376308, - ]), - y_minus_x: FieldElement2625([ - 60653668, 25714560, 3374701, 28813570, 40010246, 22982724, 31655027, 26342105, - 18853321, 19333481, - ]), - xy2d: FieldElement2625([ - 4566811, 20590564, 38133974, 21313742, 59506191, 30723862, 58594505, 23123294, - 2207752, 30344648, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 41954014, 62923042, 96790006, 41423232, 60254202, 24130566, 121780363, 32891430, - 103106264, 17421994, - ]), - y_minus_x: FieldElement2625([ - 25576264, 30851218, 7349803, 21739588, 16472781, 9300885, 3844789, 15725684, - 171356, 6466918, - ]), - xy2d: FieldElement2625([ - 23103977, 13316479, 9739013, 17404951, 817874, 18515490, 8965338, 19466374, - 36393951, 16193876, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 100695917, 36735143, 64714733, 47558118, 50205389, 17283591, 84347261, 38283886, - 49034350, 9256799, - ]), - y_minus_x: FieldElement2625([ - 41926547, 29380300, 32336397, 5036987, 45872047, 11360616, 22616405, 9761698, - 47281666, 630304, - ]), - xy2d: FieldElement2625([ - 53388152, 2639452, 42871404, 26147950, 9494426, 27780403, 60554312, 17593437, - 64659607, 19263131, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 63957664, 28508356, 76391577, 40420576, 102310665, 32691407, 48168288, 15033783, - 92213982, 25659555, - ]), - y_minus_x: FieldElement2625([ - 42782475, 15950225, 35307649, 18961608, 55446126, 28463506, 1573891, 30928545, - 2198789, 17749813, - ]), - xy2d: FieldElement2625([ - 64009494, 10324966, 64867251, 7453182, 61661885, 30818928, 53296841, 17317989, - 34647629, 21263748, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 17735022, 27114469, 76149336, 40765111, 43325570, 26153544, 26948151, 45905235, - 38656900, 62179684, - ]), - y_minus_x: FieldElement2625([ - 2154119, 14782993, 28737794, 11906199, 36205504, 26488101, 19338132, 16910143, - 50209922, 29794297, - ]), - xy2d: FieldElement2625([ - 29935700, 6336041, 20999566, 30405369, 13628497, 24612108, 61639745, 22359641, - 56973806, 18684690, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 29792811, 31379227, 113441390, 20675662, 58452680, 54138549, 42892249, 32958636, - 31674345, 24275271, - ]), - y_minus_x: FieldElement2625([ - 7606599, 22131225, 17376912, 15235046, 32822971, 7512882, 30227203, 14344178, - 9952094, 8804749, - ]), - xy2d: FieldElement2625([ - 32575079, 3961822, 36404898, 17773250, 67073898, 1319543, 30641032, 7823672, - 63309858, 18878784, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 77823924, 52933642, 26572931, 18690221, 109143683, 23989794, 79129572, 53326100, - 38888709, 55889506, - ]), - y_minus_x: FieldElement2625([ - 37146997, 554126, 63326061, 20925660, 49205290, 8620615, 53375504, 25938867, - 8752612, 31225894, - ]), - xy2d: FieldElement2625([ - 4529887, 12416158, 60388162, 30157900, 15427957, 27628808, 61150927, 12724463, - 23658330, 23690055, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 102043267, 54823614, 45810225, 19657305, 54297192, 7413280, 66851983, 39718512, - 25005048, 18002658, - ]), - y_minus_x: FieldElement2625([ - 5403481, 24654166, 61855580, 13522652, 14989680, 1879017, 43913069, 25724172, - 20315901, 421248, - ]), - xy2d: FieldElement2625([ - 34818947, 1705239, 25347020, 7938434, 51632025, 1720023, 54809726, 32655885, - 64907986, 5517607, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 88543525, 16557377, 80359887, 30047148, 91602876, 27723948, 62710290, 52707861, - 7715736, 61648232, - ]), - y_minus_x: FieldElement2625([ - 14461032, 6393639, 22681353, 14533514, 52493587, 3544717, 57780998, 24657863, - 59891807, 31628125, - ]), - xy2d: FieldElement2625([ - 60864886, 31199953, 18524951, 11247802, 43517645, 21165456, 26204394, 27268421, - 63221077, 29979135, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 97491378, 10077555, 94805128, 42472719, 30231379, 17961119, 76201413, 41182329, - 41405214, 31798052, - ]), - y_minus_x: FieldElement2625([ - 13670592, 720327, 7131696, 19360499, 66651570, 16947532, 3061924, 22871019, - 39814495, 20141336, - ]), - xy2d: FieldElement2625([ - 44847187, 28379568, 38472030, 23697331, 49441718, 3215393, 1669253, 30451034, - 62323912, 29368533, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 74923758, 35244493, 27222384, 30715870, 48444195, 28125622, 116052444, 32330148, - 92609232, 35372537, - ]), - y_minus_x: FieldElement2625([ - 39340596, 15199968, 52787715, 18781603, 18787729, 5464578, 11652644, 8722118, - 57056621, 5153960, - ]), - xy2d: FieldElement2625([ - 5733861, 14534448, 59480402, 15892910, 30737296, 188529, 491756, 17646733, - 33071791, 15771063, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 85239571, 21331573, 119690709, 30172286, 44350959, 55826224, 68258766, 16209406, - 20222151, 32139086, - ]), - y_minus_x: FieldElement2625([ - 52372801, 13847470, 52690845, 3802477, 48387139, 10595589, 13745896, 3112846, - 50361463, 2761905, - ]), - xy2d: FieldElement2625([ - 45982696, 12273933, 15897066, 704320, 31367969, 3120352, 11710867, 16405685, - 19410991, 10591627, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 82008850, 34439758, 89319886, 49124188, 34309215, 29866047, 80308709, 27738519, - 71739865, 46909287, - ]), - y_minus_x: FieldElement2625([ - 36631997, 23300851, 59535242, 27474493, 59924914, 29067704, 17551261, 13583017, - 37580567, 31071178, - ]), - xy2d: FieldElement2625([ - 22641770, 21277083, 10843473, 1582748, 37504588, 634914, 15612385, 18139122, - 59415250, 22563863, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 76721854, 52814714, 41722368, 35285867, 53022548, 38255176, 93163883, 27627617, - 87963092, 33729456, - ]), - y_minus_x: FieldElement2625([ - 61915349, 11733561, 59403492, 31381562, 29521830, 16845409, 54973419, 26057054, - 49464700, 796779, - ]), - xy2d: FieldElement2625([ - 3855018, 8248512, 12652406, 88331, 2948262, 971326, 15614761, 9441028, 29507685, - 8583792, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 76968870, 14808584, 76708906, 57649718, 23400175, 24077237, 63783137, 37471119, - 56750251, 30681804, - ]), - y_minus_x: FieldElement2625([ - 33709664, 3740344, 52888604, 25059045, 46197996, 22678812, 45207164, 6431243, - 21300862, 27646257, - ]), - xy2d: FieldElement2625([ - 49811511, 9216232, 25043921, 18738174, 29145960, 3024227, 65580502, 530149, - 66809973, 22275500, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 23499366, 24936714, 38355445, 35908587, 82540167, 39280880, 46809413, 41143783, - 72530804, 49676198, - ]), - y_minus_x: FieldElement2625([ - 45162189, 23851397, 9380591, 15192763, 36034862, 15525765, 5277811, 25040629, - 33286237, 31693326, - ]), - xy2d: FieldElement2625([ - 62424427, 13336013, 49368582, 1581264, 30884213, 15048226, 66823504, 4736577, - 53805192, 29608355, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 25190215, 26304748, 58928336, 42665707, 64280342, 38580230, 61299598, 20659504, - 30387592, 32519377, - ]), - y_minus_x: FieldElement2625([ - 14480213, 17057820, 2286692, 32980967, 14693157, 22197912, 49247898, 9909859, - 236428, 16857435, - ]), - xy2d: FieldElement2625([ - 7877514, 29872867, 45886243, 25902853, 41998762, 6241604, 35694938, 15657879, - 56797932, 8609105, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 54245189, 32562161, 57887697, 19509733, 45323534, 37472546, 27606727, 59528498, - 74398957, 44973176, - ]), - y_minus_x: FieldElement2625([ - 28964163, 20950093, 44929966, 26145892, 34786807, 18058153, 18187179, 27016486, - 42438836, 14869174, - ]), - xy2d: FieldElement2625([ - 55703901, 1222455, 64329400, 24533246, 11330890, 9135834, 3589529, 19555234, - 53275553, 1207212, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 33323313, 35603165, 79328585, 6017848, 71286345, 23804207, 86644124, 44008367, - 55775078, 31816581, - ]), - y_minus_x: FieldElement2625([ - 64814718, 27217688, 29891310, 4504619, 8548709, 21986323, 62140656, 12555980, - 34377058, 21436823, - ]), - xy2d: FieldElement2625([ - 49069441, 9880212, 33350825, 24576421, 24446077, 15616561, 19302117, 9370836, - 55172180, 28526191, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 95404934, 26757208, 123864063, 4572839, 69249194, 43584425, 53559055, 41742046, - 41167331, 24643278, - ]), - y_minus_x: FieldElement2625([ - 35101859, 30958612, 66105296, 3168612, 22836264, 10055966, 22893634, 13045780, - 28576558, 30704591, - ]), - xy2d: FieldElement2625([ - 59987873, 21166324, 43296694, 15387892, 39447987, 19996270, 5059183, 19972934, - 30207804, 29631666, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 67444156, 16132892, 88330413, 37924284, 68147855, 57949418, 91481571, 24889160, - 62329722, 50712214, - ]), - y_minus_x: FieldElement2625([ - 56922508, 1347520, 23300731, 27393371, 42651667, 8512932, 27610931, 24436993, - 3998295, 3835244, - ]), - xy2d: FieldElement2625([ - 16327050, 22776956, 14746360, 22599650, 23700920, 11727222, 25900154, 21823218, - 34907363, 25105813, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 59807886, 12089757, 115624210, 41476837, 67589715, 26361580, 71355762, 44268661, - 67753061, 13128476, - ]), - y_minus_x: FieldElement2625([ - 7174885, 26592113, 59892333, 6465478, 4145835, 17673606, 38764952, 22293290, - 1360980, 25805937, - ]), - xy2d: FieldElement2625([ - 40179568, 6331649, 42386021, 20205884, 15635073, 6103612, 56391180, 6789942, - 7597240, 24095312, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 54776568, 36935932, 18757261, 41429535, 67215081, 34700142, 86560976, 61204154, - 26496794, 19612129, - ]), - y_minus_x: FieldElement2625([ - 46701540, 24101444, 49515651, 25946994, 45338156, 9941093, 55509371, 31298943, - 1347425, 15381335, - ]), - xy2d: FieldElement2625([ - 53576449, 26135856, 17092785, 3684747, 57829121, 27109516, 2987881, 10987137, - 52269096, 15465522, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 80033010, 26264316, 72380996, 10039544, 94605936, 30615493, 60406855, 30400829, - 120765849, 45301372, - ]), - y_minus_x: FieldElement2625([ - 35668062, 24246990, 47788280, 25128298, 37456967, 19518969, 43459670, 10724644, - 7294162, 4471290, - ]), - xy2d: FieldElement2625([ - 33813988, 3549109, 101112, 21464449, 4858392, 3029943, 59999440, 21424738, - 34313875, 1512799, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 29494960, 28240930, 51093230, 28823678, 92791151, 54796794, 77571888, 37795542, - 75765856, 10649531, - ]), - y_minus_x: FieldElement2625([ - 63536751, 7572551, 62249759, 25202639, 32046232, 32318941, 29315141, 15424555, - 24706712, 28857648, - ]), - xy2d: FieldElement2625([ - 47618751, 5819839, 19528172, 20715950, 40655763, 20611047, 4960954, 6496879, - 2790858, 28045273, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 85174457, 55843901, 111946683, 31021158, 32797785, 48944265, 78338887, 31144772, - 82688001, 38470222, - ]), - y_minus_x: FieldElement2625([ - 49664705, 3638040, 57888693, 19234931, 40104182, 28143840, 28667142, 18386877, - 18584835, 3592929, - ]), - xy2d: FieldElement2625([ - 12065039, 18867394, 6430594, 17107159, 1727094, 13096957, 61520237, 27056604, - 27026997, 13543966, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 68512926, 37577278, 94695528, 14209106, 95849194, 30038709, 51818051, 20241476, - 68980056, 42251074, - ]), - y_minus_x: FieldElement2625([ - 17325298, 33376175, 65271265, 4931225, 31708266, 6292284, 23064744, 22072792, - 43945505, 9236924, - ]), - xy2d: FieldElement2625([ - 51955585, 20268063, 61151838, 26383348, 4766519, 20788033, 21173534, 27030753, - 9509140, 7790046, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 24124086, 38918775, 28620390, 10538620, 59433851, 19581010, 60862718, 43500219, - 77600721, 32213801, - ]), - y_minus_x: FieldElement2625([ - 7062127, 13930079, 2259902, 6463144, 32137099, 24748848, 41557343, 29331342, - 47345194, 13022814, - ]), - xy2d: FieldElement2625([ - 18921826, 392002, 55817981, 6420686, 8000611, 22415972, 14722962, 26246290, - 20604450, 8079345, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 67710253, 26257798, 51499391, 46550521, 30228769, 53940987, 76234206, 43362242, - 77953697, 21034392, - ]), - y_minus_x: FieldElement2625([ - 25817710, 8020883, 50134679, 21244805, 47057788, 8766556, 29308546, 22307963, - 49449920, 23874253, - ]), - xy2d: FieldElement2625([ - 11081015, 13522660, 12474691, 29260223, 48687631, 9341946, 16850694, 18637605, - 6199839, 14303642, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 64518173, 19894035, 117213833, 43031641, 79641718, 39533880, 66531934, 41205092, - 117735515, 13989682, - ]), - y_minus_x: FieldElement2625([ - 6921800, 4421166, 59739491, 30510778, 43106355, 30941531, 9363541, 3394240, - 50874187, 23872585, - ]), - xy2d: FieldElement2625([ - 54293979, 23466866, 47184247, 20627378, 8313211, 5865878, 5948507, 32290343, - 52583140, 23139870, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 111574723, 24134616, 49842442, 23485580, 34844037, 45228427, 67103167, 25858409, - 38508586, 35097070, - ]), - y_minus_x: FieldElement2625([ - 19879846, 15259900, 25020018, 14261729, 22075205, 25189303, 787540, 31325033, - 62422289, 16131171, - ]), - xy2d: FieldElement2625([ - 39487053, 27893575, 34654176, 25620816, 60209846, 23603919, 8931189, 12275052, - 38626469, 33438928, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 105416367, 9568747, 62672739, 49685015, 106242995, 4547918, 18403901, 38581738, - 60829966, 33150322, - ]), - y_minus_x: FieldElement2625([ - 7950033, 25841033, 47276506, 3884935, 62418883, 2342083, 50269031, 14194015, - 27013685, 3320257, - ]), - xy2d: FieldElement2625([ - 35270691, 18076829, 46994271, 4273335, 43595882, 31742297, 58328702, 4594760, - 49180851, 18144010, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 30194115, 50068680, 49746331, 27470090, 40428285, 23271051, 70252167, 16153483, - 123511881, 27809602, - ]), - y_minus_x: FieldElement2625([ - 27113466, 6865046, 4512771, 29327742, 29021084, 7405965, 33302911, 9322435, - 4307527, 32438240, - ]), - xy2d: FieldElement2625([ - 29337813, 24673346, 10359233, 30347534, 57709483, 9930840, 60607771, 24076133, - 20985293, 22480923, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 14579237, 33467236, 85745988, 15769997, 101228358, 21649866, 82685456, 59023858, - 86175344, 24337101, - ]), - y_minus_x: FieldElement2625([ - 4472119, 14702190, 10432042, 22460027, 708461, 18783996, 34234374, 30870323, - 63796457, 10370850, - ]), - xy2d: FieldElement2625([ - 36957127, 19555637, 16244231, 24367549, 58999881, 13440043, 35147632, 8718974, - 43101064, 18487380, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 21818223, 34477173, 23913863, 22441963, 129271975, 14842154, 43035020, 9485973, - 53819529, 22318987, - ]), - y_minus_x: FieldElement2625([ - 10874834, 4351765, 66252340, 17269436, 64427034, 30735311, 5883785, 28998531, - 44403022, 26064601, - ]), - xy2d: FieldElement2625([ - 64017630, 9755550, 37507935, 22752543, 4031638, 29903925, 47267417, 32706846, - 39147952, 21635901, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 81365001, 44927611, 97395185, 43985591, 66242539, 38517499, 52937891, 37374973, - 73352483, 38476849, - ]), - y_minus_x: FieldElement2625([ - 43460763, 24260930, 21493330, 30888969, 23329454, 24545577, 58286855, 12750266, - 22391140, 26198125, - ]), - xy2d: FieldElement2625([ - 20477567, 24078713, 1674568, 4102219, 25208396, 13972305, 30389482, 19572626, - 1485666, 17679765, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 100511110, 23887606, 116505658, 30877106, 45483774, 25222431, 67931340, 37154158, - 32618865, 18610785, - ]), - y_minus_x: FieldElement2625([ - 48647066, 166413, 55454758, 8889513, 21027475, 32728181, 43100067, 4690060, - 7520989, 16421303, - ]), - xy2d: FieldElement2625([ - 14868391, 20996450, 64836606, 1042490, 27060176, 10253541, 53431276, 19516737, - 41808946, 2239538, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 50228416, 29594943, 62030348, 10307368, 70970997, 20292574, 126292474, 51543890, - 67827181, 15848795, - ]), - y_minus_x: FieldElement2625([ - 5548701, 17911007, 33137864, 32764443, 31146554, 17931096, 64023370, 7290289, - 6361313, 32861205, - ]), - xy2d: FieldElement2625([ - 63374742, 30320053, 4091667, 30955480, 44819449, 2212055, 52638826, 22391938, - 38484599, 7051029, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 50485560, 7033600, 57711425, 10740562, 72347547, 42328739, 7593987, 46950560, - 85560721, 41970063, - ]), - y_minus_x: FieldElement2625([ - 40930651, 3776911, 39108529, 2508077, 19371703, 7626128, 4092943, 15778278, - 42044145, 24540103, - ]), - xy2d: FieldElement2625([ - 44128555, 8867576, 8645499, 22222278, 11497130, 4344907, 10788462, 23382703, - 3547104, 15368835, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 81786515, 51902785, 74560130, 22753403, 52379722, 41395524, 57994925, 6818020, - 57707296, 16352835, - ]), - y_minus_x: FieldElement2625([ - 21622574, 18581624, 36511951, 1212467, 36930308, 7910192, 20622927, 2438677, - 52628762, 29068327, - ]), - xy2d: FieldElement2625([ - 6797431, 2854059, 4269865, 8037366, 32016522, 15223213, 34765784, 15297582, - 3559197, 26425254, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 107761639, 61759660, 79235166, 8794359, 48418924, 60111631, 87862210, 33613219, - 68436482, 40229362, - ]), - y_minus_x: FieldElement2625([ - 52388944, 32880897, 37676257, 8253690, 32826330, 2707379, 25088512, 17182878, - 15053907, 11601568, - ]), - xy2d: FieldElement2625([ - 43894091, 25425955, 50962615, 28097648, 30129084, 13258436, 39364589, 8197601, - 58181660, 15003422, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 13470722, 47835674, 31012390, 30525035, 89789519, 50713267, 39648035, 13815677, - 94028755, 62582101, - ]), - y_minus_x: FieldElement2625([ - 54478677, 14782829, 56712503, 7094748, 41775828, 29409658, 9084386, 30179063, - 64014926, 32519086, - ]), - xy2d: FieldElement2625([ - 6314429, 20018828, 12535891, 19610611, 10074031, 28087963, 50489447, 26314252, - 24553876, 32746308, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 105768482, 46629424, 103418946, 65789027, 85765355, 28316167, 56299027, 22780838, - 122676432, 32376204, - ]), - y_minus_x: FieldElement2625([ - 5654403, 26425050, 39347935, 963424, 5032477, 19850195, 30011537, 11153401, - 63182039, 13343989, - ]), - xy2d: FieldElement2625([ - 1130444, 29814849, 40569426, 8144467, 24179188, 6267924, 63847147, 2912740, - 63870704, 29186744, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 49722534, 11073633, 52865263, 50829611, 33921405, 38614719, 32360242, 35465390, - 50107050, 45035301, - ]), - y_minus_x: FieldElement2625([ - 2003571, 2472803, 46902183, 1716406, 58609069, 15922982, 43766122, 27456369, - 33468339, 29346282, - ]), - xy2d: FieldElement2625([ - 18834217, 8245144, 29896065, 3490830, 62967493, 7220277, 146130, 18459164, - 57533060, 30070422, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 77805507, 38474121, 73459597, 18553340, 107508318, 52705654, 33655873, 27331956, - 44498407, 13768350, - ]), - y_minus_x: FieldElement2625([ - 23652128, 27647291, 43351590, 13262712, 65238054, 26296349, 11902126, 2949002, - 34445239, 25602117, - ]), - xy2d: FieldElement2625([ - 55906958, 19046111, 28501158, 28224561, 14495533, 14714956, 32929972, 2643566, - 17034893, 11645825, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 38181639, 29751709, 73650473, 17760526, 80753587, 17992258, 72670209, 41214427, - 87524152, 37630124, - ]), - y_minus_x: FieldElement2625([ - 6498441, 12053607, 10375600, 14764370, 24795955, 16159258, 57849421, 16071837, - 31008329, 3792564, - ]), - xy2d: FieldElement2625([ - 47930485, 9176956, 54248931, 8732776, 58000258, 10333519, 96092, 29273884, - 13051277, 20121493, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 54190492, 49837594, 61282066, 10734597, 67926686, 36967416, 115462142, 30339271, - 37200685, 30036936, - ]), - y_minus_x: FieldElement2625([ - 21193614, 19929501, 18841215, 29565554, 64002173, 11123558, 14111648, 6069945, - 30307604, 25935103, - ]), - xy2d: FieldElement2625([ - 58539773, 2098685, 38301131, 15844175, 41633654, 16934366, 15145895, 5543861, - 64050790, 6595361, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 34107945, 34731353, 51956038, 5614778, 79079051, 30288154, 47460410, 22186730, - 30689695, 19628976, - ]), - y_minus_x: FieldElement2625([ - 25043248, 19224237, 46048097, 32289319, 29339134, 12397721, 37385860, 12978240, - 57951631, 31419653, - ]), - xy2d: FieldElement2625([ - 46038439, 28501736, 62566522, 12609283, 35236982, 30457796, 64113609, 14800343, - 6412849, 6276813, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 124528774, 39505727, 83050803, 41361190, 116071796, 37845759, 61633481, 38385016, - 71255100, 31629488, - ]), - y_minus_x: FieldElement2625([ - 249426, 17196749, 35434953, 13884216, 11701636, 24553269, 51821986, 12900910, - 34844073, 16150118, - ]), - xy2d: FieldElement2625([ - 2520516, 14697628, 15319213, 22684490, 62866663, 29666431, 13872507, 7473319, - 12419515, 2958466, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 101517167, 22298305, 98222207, 59471046, 61547444, 50370568, 97111094, 42539051, - 14298448, 49873561, - ]), - y_minus_x: FieldElement2625([ - 19427905, 12004555, 9971383, 28189868, 32306269, 23648270, 34176633, 10760437, - 53354280, 5634974, - ]), - xy2d: FieldElement2625([ - 30044319, 23677863, 60273406, 14563839, 9734978, 19808149, 30899064, 30835691, - 22828539, 23633348, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 25513026, 37111929, 37113703, 29589233, 77394412, 34745965, 95889446, 61766763, - 92876242, 37566563, - ]), - y_minus_x: FieldElement2625([ - 42139852, 9176396, 16274786, 33467453, 52558621, 7190768, 1490604, 31312359, - 44767199, 18491072, - ]), - xy2d: FieldElement2625([ - 4272877, 21431483, 45594743, 13027605, 59232641, 24151956, 38390319, 12906718, - 45915869, 15503563, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 29874396, 35808736, 25494239, 37976524, 43036007, 37144111, 18198811, 35141252, - 53490316, 47742788, - ]), - y_minus_x: FieldElement2625([ - 59518553, 28520621, 59946871, 29462027, 3630300, 29398589, 60425462, 24588735, - 53129947, 28399367, - ]), - xy2d: FieldElement2625([ - 18192774, 12787801, 32021061, 9158184, 48389348, 16385092, 11799402, 9492011, - 43154220, 15950102, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 68768204, 54638026, 33464925, 53430209, 66037964, 35360373, 22565155, 39168685, - 46605438, 51897954, - ]), - y_minus_x: FieldElement2625([ - 57660336, 29715319, 64414626, 32753338, 16894121, 935644, 53848937, 22684138, - 10541713, 14174330, - ]), - xy2d: FieldElement2625([ - 22888141, 12700209, 40301697, 6435658, 56329485, 5524686, 56715961, 6520808, - 15754965, 9355803, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 79549820, 26746924, 54931884, 38547877, 49672847, 19708985, 52599424, 12757151, - 93328625, 39524327, - ]), - y_minus_x: FieldElement2625([ - 33888606, 13911610, 18921581, 1162763, 46616901, 13799218, 29525142, 21929286, - 59295464, 503508, - ]), - xy2d: FieldElement2625([ - 57865531, 22043577, 17998312, 3038439, 52838371, 9832208, 43311531, 660991, - 25265267, 18977724, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 64010269, 23727746, 42277281, 48089313, 102316973, 34946803, 127880577, 38411468, - 114816699, 43712746, - ]), - y_minus_x: FieldElement2625([ - 56859315, 32558245, 41017090, 22610758, 13704990, 23215119, 2475037, 32344984, - 12799418, 11135856, - ]), - xy2d: FieldElement2625([ - 1867214, 27167702, 19772099, 16925005, 15366693, 25797692, 10829276, 15372827, - 26582557, 31642714, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 57265197, 20059797, 107314987, 30587501, 60553812, 25602102, 29690666, 37127097, - 103070929, 51772159, - ]), - y_minus_x: FieldElement2625([ - 56432653, 6329655, 42770975, 4187982, 30677076, 9335071, 60103332, 14755050, - 9451294, 574767, - ]), - xy2d: FieldElement2625([ - 52859018, 2867107, 56258365, 15719081, 5959372, 8703738, 29137781, 21575537, - 20249840, 31808689, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 74749335, 47235127, 9995910, 52200224, 92069015, 8964515, 33248715, 21201554, - 57573145, 31605506, - ]), - y_minus_x: FieldElement2625([ - 56307055, 23891752, 3613811, 30787942, 49031222, 26667524, 26985478, 31973510, - 26785294, 29587427, - ]), - xy2d: FieldElement2625([ - 30891460, 5254655, 47414930, 12769216, 42912782, 11830405, 7411958, 1394027, - 18778535, 18209370, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 61227949, 26179350, 57501473, 13585864, 102855675, 40344975, 54134826, 59707765, - 74122694, 12256219, - ]), - y_minus_x: FieldElement2625([ - 5975515, 16302413, 24341148, 28270615, 18786096, 22405501, 28243950, 28328004, - 53412289, 4381960, - ]), - xy2d: FieldElement2625([ - 9394648, 8758552, 26189703, 16642536, 35993528, 5117040, 5977877, 13955594, - 19244020, 24493735, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 111388362, 51822507, 30193028, 3993472, 110736308, 44014764, 107346699, 48464072, - 92830877, 56442511, - ]), - y_minus_x: FieldElement2625([ - 7236795, 30433657, 63588571, 620817, 11118384, 24979014, 66780154, 19877679, - 16217590, 26311105, - ]), - xy2d: FieldElement2625([ - 42540794, 21657271, 16455973, 23630199, 3992015, 21894417, 44876052, 19291718, - 55429803, 30442389, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement2625([ - 69421833, 26972132, 58859271, 20240912, 119664007, 29643940, 93968457, 34515112, - 110902491, 44996669, - ]), - y_minus_x: FieldElement2625([ - 3428668, 27807272, 41139948, 24786894, 4167808, 21423270, 52199622, 8021269, - 53172251, 18070808, - ]), - xy2d: FieldElement2625([ - 30631113, 26363656, 21279866, 23275794, 18311406, 466071, 42527968, 7989982, - 29641567, 29446694, - ]), - }, - ]); diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/field.rs deleted file mode 100644 index c8f3e5e7f321..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/field.rs +++ /dev/null @@ -1,578 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Field arithmetic modulo \\(p = 2\^{255} - 19\\), using \\(32\\)-bit -//! limbs with \\(64\\)-bit products. -//! -//! This code was originally derived from Adam Langley's Golang ed25519 -//! implementation, and was then rewritten to use unsigned limbs instead -//! of signed limbs. - -use core::fmt::Debug; -use core::ops::Neg; -use core::ops::{Add, AddAssign}; -use core::ops::{Mul, MulAssign}; -use core::ops::{Sub, SubAssign}; - -use subtle::Choice; -use subtle::ConditionallySelectable; - -use zeroize::Zeroize; - -/// A `FieldElement2625` represents an element of the field -/// \\( \mathbb Z / (2\^{255} - 19)\\). -/// -/// In the 32-bit implementation, a `FieldElement` is represented in -/// radix \\(2\^{25.5}\\) as ten `u32`s. This means that a field -/// element \\(x\\) is represented as -/// $$ -/// x = \sum\_{i=0}\^9 x\_i 2\^{\lceil i \frac {51} 2 \rceil} -/// = x\_0 + x\_1 2\^{26} + x\_2 2\^{51} + x\_3 2\^{77} + \cdots + x\_9 2\^{230}; -/// $$ -/// the coefficients are alternately bounded by \\(2\^{25}\\) and -/// \\(2\^{26}\\). The limbs are allowed to grow between reductions up -/// to \\(2\^{25+b}\\) or \\(2\^{26+b}\\), where \\(b = 1.75\\). -/// -/// # Note -/// -/// The `curve25519_dalek::field` module provides a type alias -/// `curve25519_dalek::field::FieldElement` to either `FieldElement51` -/// or `FieldElement2625`. -/// -/// The backend-specific type `FieldElement2625` should not be used -/// outside of the `curve25519_dalek::field` module. -#[derive(Copy, Clone)] -pub struct FieldElement2625(pub (crate) [u32; 10]); - -impl Debug for FieldElement2625 { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "FieldElement2625({:?})", &self.0[..]) - } -} - -impl Zeroize for FieldElement2625 { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -impl<'b> AddAssign<&'b FieldElement2625> for FieldElement2625 { - fn add_assign(&mut self, _rhs: &'b FieldElement2625) { - for i in 0..10 { - self.0[i] += _rhs.0[i]; - } - } -} - -impl<'a, 'b> Add<&'b FieldElement2625> for &'a FieldElement2625 { - type Output = FieldElement2625; - fn add(self, _rhs: &'b FieldElement2625) -> FieldElement2625 { - let mut output = *self; - output += _rhs; - output - } -} - -impl<'b> SubAssign<&'b FieldElement2625> for FieldElement2625 { - fn sub_assign(&mut self, _rhs: &'b FieldElement2625) { - // See comment in FieldElement51::Sub - // - // Compute a - b as ((a + 2^4 * p) - b) to avoid underflow. - let b = &_rhs.0; - self.0 = FieldElement2625::reduce([ - ((self.0[0] + (0x3ffffed << 4)) - b[0]) as u64, - ((self.0[1] + (0x1ffffff << 4)) - b[1]) as u64, - ((self.0[2] + (0x3ffffff << 4)) - b[2]) as u64, - ((self.0[3] + (0x1ffffff << 4)) - b[3]) as u64, - ((self.0[4] + (0x3ffffff << 4)) - b[4]) as u64, - ((self.0[5] + (0x1ffffff << 4)) - b[5]) as u64, - ((self.0[6] + (0x3ffffff << 4)) - b[6]) as u64, - ((self.0[7] + (0x1ffffff << 4)) - b[7]) as u64, - ((self.0[8] + (0x3ffffff << 4)) - b[8]) as u64, - ((self.0[9] + (0x1ffffff << 4)) - b[9]) as u64, - ]).0; - } -} - -impl<'a, 'b> Sub<&'b FieldElement2625> for &'a FieldElement2625 { - type Output = FieldElement2625; - fn sub(self, _rhs: &'b FieldElement2625) -> FieldElement2625 { - let mut output = *self; - output -= _rhs; - output - } -} - -impl<'b> MulAssign<&'b FieldElement2625> for FieldElement2625 { - fn mul_assign(&mut self, _rhs: &'b FieldElement2625) { - let result = (self as &FieldElement2625) * _rhs; - self.0 = result.0; - } -} - -impl<'a, 'b> Mul<&'b FieldElement2625> for &'a FieldElement2625 { - type Output = FieldElement2625; - fn mul(self, _rhs: &'b FieldElement2625) -> FieldElement2625 { - /// Helper function to multiply two 32-bit integers with 64 bits - /// of output. - #[inline(always)] - fn m(x: u32, y: u32) -> u64 { (x as u64) * (y as u64) } - - // Alias self, _rhs for more readable formulas - let x: &[u32;10] = &self.0; let y: &[u32;10] = &_rhs.0; - - // We assume that the input limbs x[i], y[i] are bounded by: - // - // x[i], y[i] < 2^(26 + b) if i even - // x[i], y[i] < 2^(25 + b) if i odd - // - // where b is a (real) parameter representing the excess bits of - // the limbs. We track the bitsizes of all variables through - // the computation and solve at the end for the allowable - // headroom bitsize b (which determines how many additions we - // can perform between reductions or multiplications). - - let y1_19 = 19 * y[1]; // This fits in a u32 - let y2_19 = 19 * y[2]; // iff 26 + b + lg(19) < 32 - let y3_19 = 19 * y[3]; // if b < 32 - 26 - 4.248 = 1.752 - let y4_19 = 19 * y[4]; - let y5_19 = 19 * y[5]; // below, b<2.5: this is a bottleneck, - let y6_19 = 19 * y[6]; // could be avoided by promoting to - let y7_19 = 19 * y[7]; // u64 here instead of in m() - let y8_19 = 19 * y[8]; - let y9_19 = 19 * y[9]; - - // What happens when we multiply x[i] with y[j] and place the - // result into the (i+j)-th limb? - // - // x[i] represents the value x[i]*2^ceil(i*51/2) - // y[j] represents the value y[j]*2^ceil(j*51/2) - // z[i+j] represents the value z[i+j]*2^ceil((i+j)*51/2) - // x[i]*y[j] represents the value x[i]*y[i]*2^(ceil(i*51/2)+ceil(j*51/2)) - // - // Since the radix is already accounted for, the result placed - // into the (i+j)-th limb should be - // - // x[i]*y[i]*2^(ceil(i*51/2)+ceil(j*51/2) - ceil((i+j)*51/2)). - // - // The value of ceil(i*51/2)+ceil(j*51/2) - ceil((i+j)*51/2) is - // 1 when both i and j are odd, and 0 otherwise. So we add - // - // x[i]*y[j] if either i or j is even - // 2*x[i]*y[j] if i and j are both odd - // - // by using precomputed multiples of x[i] for odd i: - - let x1_2 = 2 * x[1]; // This fits in a u32 iff 25 + b + 1 < 32 - let x3_2 = 2 * x[3]; // iff b < 6 - let x5_2 = 2 * x[5]; - let x7_2 = 2 * x[7]; - let x9_2 = 2 * x[9]; - - let z0 = m(x[0],y[0]) + m(x1_2,y9_19) + m(x[2],y8_19) + m(x3_2,y7_19) + m(x[4],y6_19) + m(x5_2,y5_19) + m(x[6],y4_19) + m(x7_2,y3_19) + m(x[8],y2_19) + m(x9_2,y1_19); - let z1 = m(x[0],y[1]) + m(x[1],y[0]) + m(x[2],y9_19) + m(x[3],y8_19) + m(x[4],y7_19) + m(x[5],y6_19) + m(x[6],y5_19) + m(x[7],y4_19) + m(x[8],y3_19) + m(x[9],y2_19); - let z2 = m(x[0],y[2]) + m(x1_2,y[1]) + m(x[2],y[0]) + m(x3_2,y9_19) + m(x[4],y8_19) + m(x5_2,y7_19) + m(x[6],y6_19) + m(x7_2,y5_19) + m(x[8],y4_19) + m(x9_2,y3_19); - let z3 = m(x[0],y[3]) + m(x[1],y[2]) + m(x[2],y[1]) + m(x[3],y[0]) + m(x[4],y9_19) + m(x[5],y8_19) + m(x[6],y7_19) + m(x[7],y6_19) + m(x[8],y5_19) + m(x[9],y4_19); - let z4 = m(x[0],y[4]) + m(x1_2,y[3]) + m(x[2],y[2]) + m(x3_2,y[1]) + m(x[4],y[0]) + m(x5_2,y9_19) + m(x[6],y8_19) + m(x7_2,y7_19) + m(x[8],y6_19) + m(x9_2,y5_19); - let z5 = m(x[0],y[5]) + m(x[1],y[4]) + m(x[2],y[3]) + m(x[3],y[2]) + m(x[4],y[1]) + m(x[5],y[0]) + m(x[6],y9_19) + m(x[7],y8_19) + m(x[8],y7_19) + m(x[9],y6_19); - let z6 = m(x[0],y[6]) + m(x1_2,y[5]) + m(x[2],y[4]) + m(x3_2,y[3]) + m(x[4],y[2]) + m(x5_2,y[1]) + m(x[6],y[0]) + m(x7_2,y9_19) + m(x[8],y8_19) + m(x9_2,y7_19); - let z7 = m(x[0],y[7]) + m(x[1],y[6]) + m(x[2],y[5]) + m(x[3],y[4]) + m(x[4],y[3]) + m(x[5],y[2]) + m(x[6],y[1]) + m(x[7],y[0]) + m(x[8],y9_19) + m(x[9],y8_19); - let z8 = m(x[0],y[8]) + m(x1_2,y[7]) + m(x[2],y[6]) + m(x3_2,y[5]) + m(x[4],y[4]) + m(x5_2,y[3]) + m(x[6],y[2]) + m(x7_2,y[1]) + m(x[8],y[0]) + m(x9_2,y9_19); - let z9 = m(x[0],y[9]) + m(x[1],y[8]) + m(x[2],y[7]) + m(x[3],y[6]) + m(x[4],y[5]) + m(x[5],y[4]) + m(x[6],y[3]) + m(x[7],y[2]) + m(x[8],y[1]) + m(x[9],y[0]); - - // How big is the contribution to z[i+j] from x[i], y[j]? - // - // Using the bounds above, we get: - // - // i even, j even: x[i]*y[j] < 2^(26+b)*2^(26+b) = 2*2^(51+2*b) - // i odd, j even: x[i]*y[j] < 2^(25+b)*2^(26+b) = 1*2^(51+2*b) - // i even, j odd: x[i]*y[j] < 2^(26+b)*2^(25+b) = 1*2^(51+2*b) - // i odd, j odd: 2*x[i]*y[j] < 2*2^(25+b)*2^(25+b) = 1*2^(51+2*b) - // - // We perform inline reduction mod p by replacing 2^255 by 19 - // (since 2^255 - 19 = 0 mod p). This adds a factor of 19, so - // we get the bounds (z0 is the biggest one, but calculated for - // posterity here in case finer estimation is needed later): - // - // z0 < ( 2 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 )*2^(51 + 2b) = 249*2^(51 + 2*b) - // z1 < ( 1 + 1 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 )*2^(51 + 2b) = 154*2^(51 + 2*b) - // z2 < ( 2 + 1 + 2 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 )*2^(51 + 2b) = 195*2^(51 + 2*b) - // z3 < ( 1 + 1 + 1 + 1 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 )*2^(51 + 2b) = 118*2^(51 + 2*b) - // z4 < ( 2 + 1 + 2 + 1 + 2 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 )*2^(51 + 2b) = 141*2^(51 + 2*b) - // z5 < ( 1 + 1 + 1 + 1 + 1 + 1 + 1*19 + 1*19 + 1*19 + 1*19 )*2^(51 + 2b) = 82*2^(51 + 2*b) - // z6 < ( 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1*19 + 2*19 + 1*19 )*2^(51 + 2b) = 87*2^(51 + 2*b) - // z7 < ( 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1*19 + 1*19 )*2^(51 + 2b) = 46*2^(51 + 2*b) - // z6 < ( 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1*19 )*2^(51 + 2b) = 33*2^(51 + 2*b) - // z7 < ( 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 )*2^(51 + 2b) = 10*2^(51 + 2*b) - // - // So z[0] fits into a u64 if 51 + 2*b + lg(249) < 64 - // if b < 2.5. - FieldElement2625::reduce([z0, z1, z2, z3, z4, z5, z6, z7, z8, z9]) - } -} - -impl<'a> Neg for &'a FieldElement2625 { - type Output = FieldElement2625; - fn neg(self) -> FieldElement2625 { - let mut output = *self; - output.negate(); - output - } -} - -impl ConditionallySelectable for FieldElement2625 { - fn conditional_select( - a: &FieldElement2625, - b: &FieldElement2625, - choice: Choice, - ) -> FieldElement2625 { - FieldElement2625([ - u32::conditional_select(&a.0[0], &b.0[0], choice), - u32::conditional_select(&a.0[1], &b.0[1], choice), - u32::conditional_select(&a.0[2], &b.0[2], choice), - u32::conditional_select(&a.0[3], &b.0[3], choice), - u32::conditional_select(&a.0[4], &b.0[4], choice), - u32::conditional_select(&a.0[5], &b.0[5], choice), - u32::conditional_select(&a.0[6], &b.0[6], choice), - u32::conditional_select(&a.0[7], &b.0[7], choice), - u32::conditional_select(&a.0[8], &b.0[8], choice), - u32::conditional_select(&a.0[9], &b.0[9], choice), - ]) - } - - fn conditional_assign(&mut self, other: &FieldElement2625, choice: Choice) { - self.0[0].conditional_assign(&other.0[0], choice); - self.0[1].conditional_assign(&other.0[1], choice); - self.0[2].conditional_assign(&other.0[2], choice); - self.0[3].conditional_assign(&other.0[3], choice); - self.0[4].conditional_assign(&other.0[4], choice); - self.0[5].conditional_assign(&other.0[5], choice); - self.0[6].conditional_assign(&other.0[6], choice); - self.0[7].conditional_assign(&other.0[7], choice); - self.0[8].conditional_assign(&other.0[8], choice); - self.0[9].conditional_assign(&other.0[9], choice); - } - - fn conditional_swap(a: &mut FieldElement2625, b: &mut FieldElement2625, choice: Choice) { - u32::conditional_swap(&mut a.0[0], &mut b.0[0], choice); - u32::conditional_swap(&mut a.0[1], &mut b.0[1], choice); - u32::conditional_swap(&mut a.0[2], &mut b.0[2], choice); - u32::conditional_swap(&mut a.0[3], &mut b.0[3], choice); - u32::conditional_swap(&mut a.0[4], &mut b.0[4], choice); - u32::conditional_swap(&mut a.0[5], &mut b.0[5], choice); - u32::conditional_swap(&mut a.0[6], &mut b.0[6], choice); - u32::conditional_swap(&mut a.0[7], &mut b.0[7], choice); - u32::conditional_swap(&mut a.0[8], &mut b.0[8], choice); - u32::conditional_swap(&mut a.0[9], &mut b.0[9], choice); - } -} - -impl FieldElement2625 { - /// Invert the sign of this field element - pub fn negate(&mut self) { - // Compute -b as ((2^4 * p) - b) to avoid underflow. - let neg = FieldElement2625::reduce([ - ((0x3ffffed << 4) - self.0[0]) as u64, - ((0x1ffffff << 4) - self.0[1]) as u64, - ((0x3ffffff << 4) - self.0[2]) as u64, - ((0x1ffffff << 4) - self.0[3]) as u64, - ((0x3ffffff << 4) - self.0[4]) as u64, - ((0x1ffffff << 4) - self.0[5]) as u64, - ((0x3ffffff << 4) - self.0[6]) as u64, - ((0x1ffffff << 4) - self.0[7]) as u64, - ((0x3ffffff << 4) - self.0[8]) as u64, - ((0x1ffffff << 4) - self.0[9]) as u64, - ]); - self.0 = neg.0; - } - - /// Construct zero. - pub fn zero() -> FieldElement2625 { - FieldElement2625([ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ]) - } - - /// Construct one. - pub fn one() -> FieldElement2625 { - FieldElement2625([ 1, 0, 0, 0, 0, 0, 0, 0, 0, 0 ]) - } - - /// Construct -1. - pub fn minus_one() -> FieldElement2625 { - FieldElement2625([ - 0x3ffffec, 0x1ffffff, 0x3ffffff, 0x1ffffff, 0x3ffffff, - 0x1ffffff, 0x3ffffff, 0x1ffffff, 0x3ffffff, 0x1ffffff, - ]) - } - - /// Given `k > 0`, return `self^(2^k)`. - pub fn pow2k(&self, k: u32) -> FieldElement2625 { - debug_assert!( k > 0 ); - let mut z = self.square(); - for _ in 1..k { - z = z.square(); - } - z - } - - /// Given unreduced coefficients `z[0], ..., z[9]` of any size, - /// carry and reduce them mod p to obtain a `FieldElement2625` - /// whose coefficients have excess `b < 0.007`. - /// - /// In other words, each coefficient of the result is bounded by - /// either `2^(25 + 0.007)` or `2^(26 + 0.007)`, as appropriate. - fn reduce(mut z: [u64; 10]) -> FieldElement2625 { - - const LOW_25_BITS: u64 = (1 << 25) - 1; - const LOW_26_BITS: u64 = (1 << 26) - 1; - - /// Carry the value from limb i = 0..8 to limb i+1 - #[inline(always)] - fn carry(z: &mut [u64; 10], i: usize) { - debug_assert!(i < 9); - if i % 2 == 0 { - // Even limbs have 26 bits - z[i+1] += z[i] >> 26; - z[i] &= LOW_26_BITS; - } else { - // Odd limbs have 25 bits - z[i+1] += z[i] >> 25; - z[i] &= LOW_25_BITS; - } - } - - // Perform two halves of the carry chain in parallel. - carry(&mut z, 0); carry(&mut z, 4); - carry(&mut z, 1); carry(&mut z, 5); - carry(&mut z, 2); carry(&mut z, 6); - carry(&mut z, 3); carry(&mut z, 7); - // Since z[3] < 2^64, c < 2^(64-25) = 2^39, - // so z[4] < 2^26 + 2^39 < 2^39.0002 - carry(&mut z, 4); carry(&mut z, 8); - // Now z[4] < 2^26 - // and z[5] < 2^25 + 2^13.0002 < 2^25.0004 (good enough) - - // Last carry has a multiplication by 19: - z[0] += 19*(z[9] >> 25); - z[9] &= LOW_25_BITS; - - // Since z[9] < 2^64, c < 2^(64-25) = 2^39, - // so z[0] + 19*c < 2^26 + 2^43.248 < 2^43.249. - carry(&mut z, 0); - // Now z[1] < 2^25 - 2^(43.249 - 26) - // < 2^25.007 (good enough) - // and we're done. - - FieldElement2625([ - z[0] as u32, z[1] as u32, z[2] as u32, z[3] as u32, z[4] as u32, - z[5] as u32, z[6] as u32, z[7] as u32, z[8] as u32, z[9] as u32, - ]) - } - - /// Load a `FieldElement51` from the low 255 bits of a 256-bit - /// input. - /// - /// # Warning - /// - /// This function does not check that the input used the canonical - /// representative. It masks the high bit, but it will happily - /// decode 2^255 - 18 to 1. Applications that require a canonical - /// encoding of every field element should decode, re-encode to - /// the canonical encoding, and check that the input was - /// canonical. - pub fn from_bytes(data: &[u8; 32]) -> FieldElement2625 { //FeFromBytes - #[inline] - fn load3(b: &[u8]) -> u64 { - (b[0] as u64) | ((b[1] as u64) << 8) | ((b[2] as u64) << 16) - } - - #[inline] - fn load4(b: &[u8]) -> u64 { - (b[0] as u64) | ((b[1] as u64) << 8) | ((b[2] as u64) << 16) | ((b[3] as u64) << 24) - } - - let mut h = [0u64;10]; - const LOW_23_BITS: u64 = (1 << 23) - 1; - h[0] = load4(&data[ 0..]); - h[1] = load3(&data[ 4..]) << 6; - h[2] = load3(&data[ 7..]) << 5; - h[3] = load3(&data[10..]) << 3; - h[4] = load3(&data[13..]) << 2; - h[5] = load4(&data[16..]); - h[6] = load3(&data[20..]) << 7; - h[7] = load3(&data[23..]) << 5; - h[8] = load3(&data[26..]) << 4; - h[9] = (load3(&data[29..]) & LOW_23_BITS) << 2; - - FieldElement2625::reduce(h) - } - - /// Serialize this `FieldElement51` to a 32-byte array. The - /// encoding is canonical. - pub fn to_bytes(&self) -> [u8; 32] { - - let inp = &self.0; - // Reduce the value represented by `in` to the range [0,2*p) - let mut h: [u32; 10] = FieldElement2625::reduce([ - // XXX this cast is annoying - inp[0] as u64, inp[1] as u64, inp[2] as u64, inp[3] as u64, inp[4] as u64, - inp[5] as u64, inp[6] as u64, inp[7] as u64, inp[8] as u64, inp[9] as u64, - ]).0; - - // Let h be the value to encode. - // - // Write h = pq + r with 0 <= r < p. We want to compute r = h mod p. - // - // Since h < 2*p, q = 0 or 1, with q = 0 when h < p and q = 1 when h >= p. - // - // Notice that h >= p <==> h + 19 >= p + 19 <==> h + 19 >= 2^255. - // Therefore q can be computed as the carry bit of h + 19. - - let mut q: u32 = (h[0] + 19) >> 26; - q = (h[1] + q) >> 25; - q = (h[2] + q) >> 26; - q = (h[3] + q) >> 25; - q = (h[4] + q) >> 26; - q = (h[5] + q) >> 25; - q = (h[6] + q) >> 26; - q = (h[7] + q) >> 25; - q = (h[8] + q) >> 26; - q = (h[9] + q) >> 25; - - debug_assert!( q == 0 || q == 1 ); - - // Now we can compute r as r = h - pq = r - (2^255-19)q = r + 19q - 2^255q - - const LOW_25_BITS: u32 = (1 << 25) - 1; - const LOW_26_BITS: u32 = (1 << 26) - 1; - - h[0] += 19*q; - - // Now carry the result to compute r + 19q... - h[1] += h[0] >> 26; - h[0] = h[0] & LOW_26_BITS; - h[2] += h[1] >> 25; - h[1] = h[1] & LOW_25_BITS; - h[3] += h[2] >> 26; - h[2] = h[2] & LOW_26_BITS; - h[4] += h[3] >> 25; - h[3] = h[3] & LOW_25_BITS; - h[5] += h[4] >> 26; - h[4] = h[4] & LOW_26_BITS; - h[6] += h[5] >> 25; - h[5] = h[5] & LOW_25_BITS; - h[7] += h[6] >> 26; - h[6] = h[6] & LOW_26_BITS; - h[8] += h[7] >> 25; - h[7] = h[7] & LOW_25_BITS; - h[9] += h[8] >> 26; - h[8] = h[8] & LOW_26_BITS; - - // ... but instead of carrying the value - // (h[9] >> 25) = q*2^255 into another limb, - // discard it, subtracting the value from h. - debug_assert!( (h[9] >> 25) == 0 || (h[9] >> 25) == 1); - h[9] = h[9] & LOW_25_BITS; - - let mut s = [0u8; 32]; - s[0] = (h[0] >> 0) as u8; - s[1] = (h[0] >> 8) as u8; - s[2] = (h[0] >> 16) as u8; - s[3] = ((h[0] >> 24) | (h[1] << 2)) as u8; - s[4] = (h[1] >> 6) as u8; - s[5] = (h[1] >> 14) as u8; - s[6] = ((h[1] >> 22) | (h[2] << 3)) as u8; - s[7] = (h[2] >> 5) as u8; - s[8] = (h[2] >> 13) as u8; - s[9] = ((h[2] >> 21) | (h[3] << 5)) as u8; - s[10] = (h[3] >> 3) as u8; - s[11] = (h[3] >> 11) as u8; - s[12] = ((h[3] >> 19) | (h[4] << 6)) as u8; - s[13] = (h[4] >> 2) as u8; - s[14] = (h[4] >> 10) as u8; - s[15] = (h[4] >> 18) as u8; - s[16] = (h[5] >> 0) as u8; - s[17] = (h[5] >> 8) as u8; - s[18] = (h[5] >> 16) as u8; - s[19] = ((h[5] >> 24) | (h[6] << 1)) as u8; - s[20] = (h[6] >> 7) as u8; - s[21] = (h[6] >> 15) as u8; - s[22] = ((h[6] >> 23) | (h[7] << 3)) as u8; - s[23] = (h[7] >> 5) as u8; - s[24] = (h[7] >> 13) as u8; - s[25] = ((h[7] >> 21) | (h[8] << 4)) as u8; - s[26] = (h[8] >> 4) as u8; - s[27] = (h[8] >> 12) as u8; - s[28] = ((h[8] >> 20) | (h[9] << 6)) as u8; - s[29] = (h[9] >> 2) as u8; - s[30] = (h[9] >> 10) as u8; - s[31] = (h[9] >> 18) as u8; - - // Check that high bit is cleared - debug_assert!((s[31] & 0b1000_0000u8) == 0u8); - - s - } - - fn square_inner(&self) -> [u64; 10] { - // Optimized version of multiplication for the case of squaring. - // Pre- and post- conditions identical to multiplication function. - let x = &self.0; - let x0_2 = 2 * x[0]; - let x1_2 = 2 * x[1]; - let x2_2 = 2 * x[2]; - let x3_2 = 2 * x[3]; - let x4_2 = 2 * x[4]; - let x5_2 = 2 * x[5]; - let x6_2 = 2 * x[6]; - let x7_2 = 2 * x[7]; - let x5_19 = 19 * x[5]; - let x6_19 = 19 * x[6]; - let x7_19 = 19 * x[7]; - let x8_19 = 19 * x[8]; - let x9_19 = 19 * x[9]; - - /// Helper function to multiply two 32-bit integers with 64 bits - /// of output. - #[inline(always)] - fn m(x: u32, y: u32) -> u64 { (x as u64) * (y as u64) } - - // This block is rearranged so that instead of doing a 32-bit multiplication by 38, we do a - // 64-bit multiplication by 2 on the results. This is because lg(38) is too big: we would - // have less than 1 bit of headroom left, which is too little. - let mut z = [0u64;10]; - z[0] = m(x[0],x[0]) + m(x2_2,x8_19) + m(x4_2,x6_19) + (m(x1_2,x9_19) + m(x3_2,x7_19) + m(x[5],x5_19))*2; - z[1] = m(x0_2,x[1]) + m(x3_2,x8_19) + m(x5_2,x6_19) + (m(x[2],x9_19) + m(x[4],x7_19))*2; - z[2] = m(x0_2,x[2]) + m(x1_2,x[1]) + m(x4_2,x8_19) + m(x[6],x6_19) + (m(x3_2,x9_19) + m(x5_2,x7_19))*2; - z[3] = m(x0_2,x[3]) + m(x1_2,x[2]) + m(x5_2,x8_19) + (m(x[4],x9_19) + m(x[6],x7_19))*2; - z[4] = m(x0_2,x[4]) + m(x1_2,x3_2) + m(x[2],x[2]) + m(x6_2,x8_19) + (m(x5_2,x9_19) + m(x[7],x7_19))*2; - z[5] = m(x0_2,x[5]) + m(x1_2,x[4]) + m(x2_2,x[3]) + m(x7_2,x8_19) + m(x[6],x9_19)*2; - z[6] = m(x0_2,x[6]) + m(x1_2,x5_2) + m(x2_2,x[4]) + m(x3_2,x[3]) + m(x[8],x8_19) + m(x7_2,x9_19)*2; - z[7] = m(x0_2,x[7]) + m(x1_2,x[6]) + m(x2_2,x[5]) + m(x3_2,x[4]) + m(x[8],x9_19)*2; - z[8] = m(x0_2,x[8]) + m(x1_2,x7_2) + m(x2_2,x[6]) + m(x3_2,x5_2) + m(x[4],x[4]) + m(x[9],x9_19)*2; - z[9] = m(x0_2,x[9]) + m(x1_2,x[8]) + m(x2_2,x[7]) + m(x3_2,x[6]) + m(x4_2,x[5]) ; - - z - } - - /// Compute `self^2`. - pub fn square(&self) -> FieldElement2625 { - FieldElement2625::reduce(self.square_inner()) - } - - /// Compute `2*self^2`. - pub fn square2(&self) -> FieldElement2625 { - let mut coeffs = self.square_inner(); - for i in 0..self.0.len() { - coeffs[i] += coeffs[i]; - } - FieldElement2625::reduce(coeffs) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/scalar.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/scalar.rs deleted file mode 100644 index 8dd54bd298cd..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/scalar.rs +++ /dev/null @@ -1,529 +0,0 @@ -//! Arithmetic mod 2^252 + 27742317777372353535851937790883648493 -//! with 9 29-bit unsigned limbs -//! -//! To see that this is safe for intermediate results, note that -//! the largest limb in a 9 by 9 product of 29-bit limbs will be -//! (0x1fffffff^2) * 9 = 0x23fffffdc0000009 (62 bits). -//! -//! For a one level Karatsuba decomposition, the specific ranges -//! depend on how the limbs are combined, but will stay within -//! -0x1ffffffe00000008 (62 bits with sign bit) to -//! 0x43fffffbc0000011 (63 bits), which is still safe. - -use core::fmt::Debug; -use core::ops::{Index, IndexMut}; - -use zeroize::Zeroize; - -use constants; - -/// The `Scalar29` struct represents an element in ℤ/lℤ as 9 29-bit limbs -#[derive(Copy,Clone)] -pub struct Scalar29(pub [u32; 9]); - -impl Debug for Scalar29 { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "Scalar29: {:?}", &self.0[..]) - } -} - -impl Zeroize for Scalar29 { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -impl Index for Scalar29 { - type Output = u32; - fn index(&self, _index: usize) -> &u32 { - &(self.0[_index]) - } -} - -impl IndexMut for Scalar29 { - fn index_mut(&mut self, _index: usize) -> &mut u32 { - &mut (self.0[_index]) - } -} - -/// u32 * u32 = u64 multiply helper -#[inline(always)] -fn m(x: u32, y: u32) -> u64 { - (x as u64) * (y as u64) -} - -impl Scalar29 { - /// Return the zero scalar. - pub fn zero() -> Scalar29 { - Scalar29([0,0,0,0,0,0,0,0,0]) - } - - /// Unpack a 32 byte / 256 bit scalar into 9 29-bit limbs. - pub fn from_bytes(bytes: &[u8; 32]) -> Scalar29 { - let mut words = [0u32; 8]; - for i in 0..8 { - for j in 0..4 { - words[i] |= (bytes[(i * 4) + j] as u32) << (j * 8); - } - } - - let mask = (1u32 << 29) - 1; - let top_mask = (1u32 << 24) - 1; - let mut s = Scalar29::zero(); - - s[ 0] = words[0] & mask; - s[ 1] = ((words[0] >> 29) | (words[1] << 3)) & mask; - s[ 2] = ((words[1] >> 26) | (words[2] << 6)) & mask; - s[ 3] = ((words[2] >> 23) | (words[3] << 9)) & mask; - s[ 4] = ((words[3] >> 20) | (words[4] << 12)) & mask; - s[ 5] = ((words[4] >> 17) | (words[5] << 15)) & mask; - s[ 6] = ((words[5] >> 14) | (words[6] << 18)) & mask; - s[ 7] = ((words[6] >> 11) | (words[7] << 21)) & mask; - s[ 8] = (words[7] >> 8) & top_mask; - - s - } - - /// Reduce a 64 byte / 512 bit scalar mod l. - pub fn from_bytes_wide(bytes: &[u8; 64]) -> Scalar29 { - let mut words = [0u32; 16]; - for i in 0..16 { - for j in 0..4 { - words[i] |= (bytes[(i * 4) + j] as u32) << (j * 8); - } - } - - let mask = (1u32 << 29) - 1; - let mut lo = Scalar29::zero(); - let mut hi = Scalar29::zero(); - - lo[0] = words[ 0] & mask; - lo[1] = ((words[ 0] >> 29) | (words[ 1] << 3)) & mask; - lo[2] = ((words[ 1] >> 26) | (words[ 2] << 6)) & mask; - lo[3] = ((words[ 2] >> 23) | (words[ 3] << 9)) & mask; - lo[4] = ((words[ 3] >> 20) | (words[ 4] << 12)) & mask; - lo[5] = ((words[ 4] >> 17) | (words[ 5] << 15)) & mask; - lo[6] = ((words[ 5] >> 14) | (words[ 6] << 18)) & mask; - lo[7] = ((words[ 6] >> 11) | (words[ 7] << 21)) & mask; - lo[8] = ((words[ 7] >> 8) | (words[ 8] << 24)) & mask; - hi[0] = ((words[ 8] >> 5) | (words[ 9] << 27)) & mask; - hi[1] = (words[ 9] >> 2) & mask; - hi[2] = ((words[ 9] >> 31) | (words[10] << 1)) & mask; - hi[3] = ((words[10] >> 28) | (words[11] << 4)) & mask; - hi[4] = ((words[11] >> 25) | (words[12] << 7)) & mask; - hi[5] = ((words[12] >> 22) | (words[13] << 10)) & mask; - hi[6] = ((words[13] >> 19) | (words[14] << 13)) & mask; - hi[7] = ((words[14] >> 16) | (words[15] << 16)) & mask; - hi[8] = words[15] >> 13 ; - - lo = Scalar29::montgomery_mul(&lo, &constants::R); // (lo * R) / R = lo - hi = Scalar29::montgomery_mul(&hi, &constants::RR); // (hi * R^2) / R = hi * R - - Scalar29::add(&hi, &lo) // (hi * R) + lo - } - - /// Pack the limbs of this `Scalar29` into 32 bytes. - pub fn to_bytes(&self) -> [u8; 32] { - let mut s = [0u8; 32]; - - s[0] = (self.0[ 0] >> 0) as u8; - s[1] = (self.0[ 0] >> 8) as u8; - s[2] = (self.0[ 0] >> 16) as u8; - s[3] = ((self.0[ 0] >> 24) | (self.0[ 1] << 5)) as u8; - s[4] = (self.0[ 1] >> 3) as u8; - s[5] = (self.0[ 1] >> 11) as u8; - s[6] = (self.0[ 1] >> 19) as u8; - s[7] = ((self.0[ 1] >> 27) | (self.0[ 2] << 2)) as u8; - s[8] = (self.0[ 2] >> 6) as u8; - s[9] = (self.0[ 2] >> 14) as u8; - s[10] = ((self.0[ 2] >> 22) | (self.0[ 3] << 7)) as u8; - s[11] = (self.0[ 3] >> 1) as u8; - s[12] = (self.0[ 3] >> 9) as u8; - s[13] = (self.0[ 3] >> 17) as u8; - s[14] = ((self.0[ 3] >> 25) | (self.0[ 4] << 4)) as u8; - s[15] = (self.0[ 4] >> 4) as u8; - s[16] = (self.0[ 4] >> 12) as u8; - s[17] = (self.0[ 4] >> 20) as u8; - s[18] = ((self.0[ 4] >> 28) | (self.0[ 5] << 1)) as u8; - s[19] = (self.0[ 5] >> 7) as u8; - s[20] = (self.0[ 5] >> 15) as u8; - s[21] = ((self.0[ 5] >> 23) | (self.0[ 6] << 6)) as u8; - s[22] = (self.0[ 6] >> 2) as u8; - s[23] = (self.0[ 6] >> 10) as u8; - s[24] = (self.0[ 6] >> 18) as u8; - s[25] = ((self.0[ 6] >> 26) | (self.0[ 7] << 3)) as u8; - s[26] = (self.0[ 7] >> 5) as u8; - s[27] = (self.0[ 7] >> 13) as u8; - s[28] = (self.0[ 7] >> 21) as u8; - s[29] = (self.0[ 8] >> 0) as u8; - s[30] = (self.0[ 8] >> 8) as u8; - s[31] = (self.0[ 8] >> 16) as u8; - - s - } - - /// Compute `a + b` (mod l). - pub fn add(a: &Scalar29, b: &Scalar29) -> Scalar29 { - let mut sum = Scalar29::zero(); - let mask = (1u32 << 29) - 1; - - // a + b - let mut carry: u32 = 0; - for i in 0..9 { - carry = a[i] + b[i] + (carry >> 29); - sum[i] = carry & mask; - } - - // subtract l if the sum is >= l - Scalar29::sub(&sum, &constants::L) - } - - /// Compute `a - b` (mod l). - pub fn sub(a: &Scalar29, b: &Scalar29) -> Scalar29 { - let mut difference = Scalar29::zero(); - let mask = (1u32 << 29) - 1; - - // a - b - let mut borrow: u32 = 0; - for i in 0..9 { - borrow = a[i].wrapping_sub(b[i] + (borrow >> 31)); - difference[i] = borrow & mask; - } - - // conditionally add l if the difference is negative - let underflow_mask = ((borrow >> 31) ^ 1).wrapping_sub(1); - let mut carry: u32 = 0; - for i in 0..9 { - carry = (carry >> 29) + difference[i] + (constants::L[i] & underflow_mask); - difference[i] = carry & mask; - } - - difference - } - - /// Compute `a * b`. - /// - /// This is implemented with a one-level refined Karatsuba decomposition - #[inline(always)] - pub (crate) fn mul_internal(a: &Scalar29, b: &Scalar29) -> [u64; 17] { - let mut z = [0u64; 17]; - - z[0] = m(a[0],b[0]); // c00 - z[1] = m(a[0],b[1]) + m(a[1],b[0]); // c01 - z[2] = m(a[0],b[2]) + m(a[1],b[1]) + m(a[2],b[0]); // c02 - z[3] = m(a[0],b[3]) + m(a[1],b[2]) + m(a[2],b[1]) + m(a[3],b[0]); // c03 - z[4] = m(a[0],b[4]) + m(a[1],b[3]) + m(a[2],b[2]) + m(a[3],b[1]) + m(a[4],b[0]); // c04 - z[5] = m(a[1],b[4]) + m(a[2],b[3]) + m(a[3],b[2]) + m(a[4],b[1]); // c05 - z[6] = m(a[2],b[4]) + m(a[3],b[3]) + m(a[4],b[2]); // c06 - z[7] = m(a[3],b[4]) + m(a[4],b[3]); // c07 - z[8] = (m(a[4],b[4])).wrapping_sub(z[3]); // c08 - c03 - - z[10] = z[5].wrapping_sub(m(a[5],b[5])); // c05mc10 - z[11] = z[6].wrapping_sub(m(a[5],b[6]) + m(a[6],b[5])); // c06mc11 - z[12] = z[7].wrapping_sub(m(a[5],b[7]) + m(a[6],b[6]) + m(a[7],b[5])); // c07mc12 - z[13] = m(a[5],b[8]) + m(a[6],b[7]) + m(a[7],b[6]) + m(a[8],b[5]); // c13 - z[14] = m(a[6],b[8]) + m(a[7],b[7]) + m(a[8],b[6]); // c14 - z[15] = m(a[7],b[8]) + m(a[8],b[7]); // c15 - z[16] = m(a[8],b[8]); // c16 - - z[ 5] = z[10].wrapping_sub(z[ 0]); // c05mc10 - c00 - z[ 6] = z[11].wrapping_sub(z[ 1]); // c06mc11 - c01 - z[ 7] = z[12].wrapping_sub(z[ 2]); // c07mc12 - c02 - z[ 8] = z[ 8].wrapping_sub(z[13]); // c08mc13 - c03 - z[ 9] = z[14].wrapping_add(z[ 4]); // c14 + c04 - z[10] = z[15].wrapping_add(z[10]); // c15 + c05mc10 - z[11] = z[16].wrapping_add(z[11]); // c16 + c06mc11 - - let aa = [ - a[0]+a[5], - a[1]+a[6], - a[2]+a[7], - a[3]+a[8] - ]; - - let bb = [ - b[0]+b[5], - b[1]+b[6], - b[2]+b[7], - b[3]+b[8] - ]; - - z[ 5] = (m(aa[0],bb[0])) .wrapping_add(z[ 5]); // c20 + c05mc10 - c00 - z[ 6] = (m(aa[0],bb[1]) + m(aa[1],bb[0])) .wrapping_add(z[ 6]); // c21 + c06mc11 - c01 - z[ 7] = (m(aa[0],bb[2]) + m(aa[1],bb[1]) + m(aa[2],bb[0])) .wrapping_add(z[ 7]); // c22 + c07mc12 - c02 - z[ 8] = (m(aa[0],bb[3]) + m(aa[1],bb[2]) + m(aa[2],bb[1]) + m(aa[3],bb[0])) .wrapping_add(z[ 8]); // c23 + c08mc13 - c03 - z[ 9] = (m(aa[0], b[4]) + m(aa[1],bb[3]) + m(aa[2],bb[2]) + m(aa[3],bb[1]) + m(a[4],bb[0])).wrapping_sub(z[ 9]); // c24 - c14 - c04 - z[10] = ( m(aa[1], b[4]) + m(aa[2],bb[3]) + m(aa[3],bb[2]) + m(a[4],bb[1])).wrapping_sub(z[10]); // c25 - c15 - c05mc10 - z[11] = ( m(aa[2], b[4]) + m(aa[3],bb[3]) + m(a[4],bb[2])).wrapping_sub(z[11]); // c26 - c16 - c06mc11 - z[12] = ( m(aa[3], b[4]) + m(a[4],bb[3])).wrapping_sub(z[12]); // c27 - c07mc12 - - z - } - - /// Compute `a^2`. - #[inline(always)] - fn square_internal(a: &Scalar29) -> [u64; 17] { - let aa = [ - a[0]*2, - a[1]*2, - a[2]*2, - a[3]*2, - a[4]*2, - a[5]*2, - a[6]*2, - a[7]*2 - ]; - - [ - m( a[0],a[0]), - m(aa[0],a[1]), - m(aa[0],a[2]) + m( a[1],a[1]), - m(aa[0],a[3]) + m(aa[1],a[2]), - m(aa[0],a[4]) + m(aa[1],a[3]) + m( a[2],a[2]), - m(aa[0],a[5]) + m(aa[1],a[4]) + m(aa[2],a[3]), - m(aa[0],a[6]) + m(aa[1],a[5]) + m(aa[2],a[4]) + m( a[3],a[3]), - m(aa[0],a[7]) + m(aa[1],a[6]) + m(aa[2],a[5]) + m(aa[3],a[4]), - m(aa[0],a[8]) + m(aa[1],a[7]) + m(aa[2],a[6]) + m(aa[3],a[5]) + m( a[4],a[4]), - m(aa[1],a[8]) + m(aa[2],a[7]) + m(aa[3],a[6]) + m(aa[4],a[5]), - m(aa[2],a[8]) + m(aa[3],a[7]) + m(aa[4],a[6]) + m( a[5],a[5]), - m(aa[3],a[8]) + m(aa[4],a[7]) + m(aa[5],a[6]), - m(aa[4],a[8]) + m(aa[5],a[7]) + m( a[6],a[6]), - m(aa[5],a[8]) + m(aa[6],a[7]), - m(aa[6],a[8]) + m( a[7],a[7]), - m(aa[7],a[8]), - m( a[8],a[8]), - ] - } - - /// Compute `limbs/R` (mod l), where R is the Montgomery modulus 2^261 - #[inline(always)] - pub (crate) fn montgomery_reduce(limbs: &[u64; 17]) -> Scalar29 { - - #[inline(always)] - fn part1(sum: u64) -> (u64, u32) { - let p = (sum as u32).wrapping_mul(constants::LFACTOR) & ((1u32 << 29) - 1); - ((sum + m(p,constants::L[0])) >> 29, p) - } - - #[inline(always)] - fn part2(sum: u64) -> (u64, u32) { - let w = (sum as u32) & ((1u32 << 29) - 1); - (sum >> 29, w) - } - - // note: l5,l6,l7 are zero, so their multiplies can be skipped - let l = &constants::L; - - // the first half computes the Montgomery adjustment factor n, and begins adding n*l to make limbs divisible by R - let (carry, n0) = part1( limbs[ 0]); - let (carry, n1) = part1(carry + limbs[ 1] + m(n0,l[1])); - let (carry, n2) = part1(carry + limbs[ 2] + m(n0,l[2]) + m(n1,l[1])); - let (carry, n3) = part1(carry + limbs[ 3] + m(n0,l[3]) + m(n1,l[2]) + m(n2,l[1])); - let (carry, n4) = part1(carry + limbs[ 4] + m(n0,l[4]) + m(n1,l[3]) + m(n2,l[2]) + m(n3,l[1])); - let (carry, n5) = part1(carry + limbs[ 5] + m(n1,l[4]) + m(n2,l[3]) + m(n3,l[2]) + m(n4,l[1])); - let (carry, n6) = part1(carry + limbs[ 6] + m(n2,l[4]) + m(n3,l[3]) + m(n4,l[2]) + m(n5,l[1])); - let (carry, n7) = part1(carry + limbs[ 7] + m(n3,l[4]) + m(n4,l[3]) + m(n5,l[2]) + m(n6,l[1])); - let (carry, n8) = part1(carry + limbs[ 8] + m(n0,l[8]) + m(n4,l[4]) + m(n5,l[3]) + m(n6,l[2]) + m(n7,l[1])); - - // limbs is divisible by R now, so we can divide by R by simply storing the upper half as the result - let (carry, r0) = part2(carry + limbs[ 9] + m(n1,l[8]) + m(n5,l[4]) + m(n6,l[3]) + m(n7,l[2]) + m(n8,l[1])); - let (carry, r1) = part2(carry + limbs[10] + m(n2,l[8]) + m(n6,l[4]) + m(n7,l[3]) + m(n8,l[2])); - let (carry, r2) = part2(carry + limbs[11] + m(n3,l[8]) + m(n7,l[4]) + m(n8,l[3])); - let (carry, r3) = part2(carry + limbs[12] + m(n4,l[8]) + m(n8,l[4])); - let (carry, r4) = part2(carry + limbs[13] + m(n5,l[8]) ); - let (carry, r5) = part2(carry + limbs[14] + m(n6,l[8]) ); - let (carry, r6) = part2(carry + limbs[15] + m(n7,l[8]) ); - let (carry, r7) = part2(carry + limbs[16] + m(n8,l[8])); - let r8 = carry as u32; - - // result may be >= l, so attempt to subtract l - Scalar29::sub(&Scalar29([r0,r1,r2,r3,r4,r5,r6,r7,r8]), l) - } - - /// Compute `a * b` (mod l). - #[inline(never)] - pub fn mul(a: &Scalar29, b: &Scalar29) -> Scalar29 { - let ab = Scalar29::montgomery_reduce(&Scalar29::mul_internal(a, b)); - Scalar29::montgomery_reduce(&Scalar29::mul_internal(&ab, &constants::RR)) - } - - /// Compute `a^2` (mod l). - #[inline(never)] - #[allow(dead_code)] // XXX we don't expose square() via the Scalar API - pub fn square(&self) -> Scalar29 { - let aa = Scalar29::montgomery_reduce(&Scalar29::square_internal(self)); - Scalar29::montgomery_reduce(&Scalar29::mul_internal(&aa, &constants::RR)) - } - - /// Compute `(a * b) / R` (mod l), where R is the Montgomery modulus 2^261 - #[inline(never)] - pub fn montgomery_mul(a: &Scalar29, b: &Scalar29) -> Scalar29 { - Scalar29::montgomery_reduce(&Scalar29::mul_internal(a, b)) - } - - /// Compute `(a^2) / R` (mod l) in Montgomery form, where R is the Montgomery modulus 2^261 - #[inline(never)] - pub fn montgomery_square(&self) -> Scalar29 { - Scalar29::montgomery_reduce(&Scalar29::square_internal(self)) - } - - /// Puts a Scalar29 in to Montgomery form, i.e. computes `a*R (mod l)` - #[inline(never)] - pub fn to_montgomery(&self) -> Scalar29 { - Scalar29::montgomery_mul(self, &constants::RR) - } - - /// Takes a Scalar29 out of Montgomery form, i.e. computes `a/R (mod l)` - pub fn from_montgomery(&self) -> Scalar29 { - let mut limbs = [0u64; 17]; - for i in 0..9 { - limbs[i] = self[i] as u64; - } - Scalar29::montgomery_reduce(&limbs) - } -} - -#[cfg(test)] -mod test { - use super::*; - - /// Note: x is 2^253-1 which is slightly larger than the largest scalar produced by - /// this implementation (l-1), and should verify there are no overflows for valid scalars - /// - /// x = 2^253-1 = 14474011154664524427946373126085988481658748083205070504932198000989141204991 - /// x = 7237005577332262213973186563042994240801631723825162898930247062703686954002 mod l - /// x = 5147078182513738803124273553712992179887200054963030844803268920753008712037*R mod l in Montgomery form - pub static X: Scalar29 = Scalar29( - [0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff, - 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff, - 0x001fffff]); - - /// x^2 = 3078544782642840487852506753550082162405942681916160040940637093560259278169 mod l - pub static XX: Scalar29 = Scalar29( - [0x00217559, 0x000b3401, 0x103ff43b, 0x1462a62c, - 0x1d6f9f38, 0x18e7a42f, 0x09a3dcee, 0x008dbe18, - 0x0006ce65]); - - /// x^2 = 2912514428060642753613814151688322857484807845836623976981729207238463947987*R mod l in Montgomery form - pub static XX_MONT: Scalar29 = Scalar29( - [0x152b4d2e, 0x0571d53b, 0x1da6d964, 0x188663b6, - 0x1d1b5f92, 0x19d50e3f, 0x12306c29, 0x0c6f26fe, - 0x00030edb]); - - /// y = 6145104759870991071742105800796537629880401874866217824609283457819451087098 - pub static Y: Scalar29 = Scalar29( - [0x1e1458fa, 0x165ba838, 0x1d787b36, 0x0e577f3a, - 0x1d2baf06, 0x1d689a19, 0x1fff3047, 0x117704ab, - 0x000d9601]); - - /// x*y = 36752150652102274958925982391442301741 - pub static XY: Scalar29 = Scalar29( - [0x0ba7632d, 0x017736bb, 0x15c76138, 0x0c69daa1, - 0x000001ba, 0x00000000, 0x00000000, 0x00000000, - 0x00000000]); - - /// x*y = 3783114862749659543382438697751927473898937741870308063443170013240655651591*R mod l in Montgomery form - pub static XY_MONT: Scalar29 = Scalar29( - [0x077b51e1, 0x1c64e119, 0x02a19ef5, 0x18d2129e, - 0x00de0430, 0x045a7bc8, 0x04cfc7c9, 0x1c002681, - 0x000bdc1c]); - - /// a = 2351415481556538453565687241199399922945659411799870114962672658845158063753 - pub static A: Scalar29 = Scalar29( - [0x07b3be89, 0x02291b60, 0x14a99f03, 0x07dc3787, - 0x0a782aae, 0x16262525, 0x0cfdb93f, 0x13f5718d, - 0x000532da]); - - /// b = 4885590095775723760407499321843594317911456947580037491039278279440296187236 - pub static B: Scalar29 = Scalar29( - [0x15421564, 0x1e69fd72, 0x093d9692, 0x161785be, - 0x1587d69f, 0x09d9dada, 0x130246c0, 0x0c0a8e72, - 0x000acd25]); - - /// a+b = 0 - /// a-b = 4702830963113076907131374482398799845891318823599740229925345317690316127506 - pub static AB: Scalar29 = Scalar29( - [0x0f677d12, 0x045236c0, 0x09533e06, 0x0fb86f0f, - 0x14f0555c, 0x0c4c4a4a, 0x19fb727f, 0x07eae31a, - 0x000a65b5]); - - // c = (2^512 - 1) % l = 1627715501170711445284395025044413883736156588369414752970002579683115011840 - pub static C: Scalar29 = Scalar29( - [0x049c0f00, 0x00308f1a, 0x0164d1e9, 0x1c374ed1, - 0x1be65d00, 0x19e90bfa, 0x08f73bb1, 0x036f8613, - 0x00039941]); - - #[test] - fn mul_max() { - let res = Scalar29::mul(&X, &X); - for i in 0..9 { - assert!(res[i] == XX[i]); - } - } - - #[test] - fn square_max() { - let res = X.square(); - for i in 0..9 { - assert!(res[i] == XX[i]); - } - } - - #[test] - fn montgomery_mul_max() { - let res = Scalar29::montgomery_mul(&X, &X); - for i in 0..9 { - assert!(res[i] == XX_MONT[i]); - } - } - - #[test] - fn montgomery_square_max() { - let res = X.montgomery_square(); - for i in 0..9 { - assert!(res[i] == XX_MONT[i]); - } - } - - #[test] - fn mul() { - let res = Scalar29::mul(&X, &Y); - for i in 0..9 { - assert!(res[i] == XY[i]); - } - } - - #[test] - fn montgomery_mul() { - let res = Scalar29::montgomery_mul(&X, &Y); - for i in 0..9 { - assert!(res[i] == XY_MONT[i]); - } - } - - #[test] - fn add() { - let res = Scalar29::add(&A, &B); - let zero = Scalar29::zero(); - for i in 0..9 { - assert!(res[i] == zero[i]); - } - } - - #[test] - fn sub() { - let res = Scalar29::sub(&A, &B); - for i in 0..9 { - assert!(res[i] == AB[i]); - } - } - - #[test] - fn from_bytes_wide() { - let bignum = [255u8; 64]; // 2^512 - 1 - let reduced = Scalar29::from_bytes_wide(&bignum); - for i in 0..9 { - assert!(reduced[i] == C[i]); - } - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/constants.rs deleted file mode 100644 index 6cbc0b50c38c..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/constants.rs +++ /dev/null @@ -1,7759 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! This module contains backend-specific constant values, such as the 64-bit limbs of curve constants. - -use backend::serial::curve_models::AffineNielsPoint; -use super::field::FieldElement51; -use super::scalar::Scalar52; -use edwards::{EdwardsBasepointTable, EdwardsPoint}; -use window::{LookupTable, NafLookupTable8}; - -/// The value of minus one, equal to `-&FieldElement::one()` -pub(crate) const MINUS_ONE: FieldElement51 = FieldElement51([ - 2251799813685228, - 2251799813685247, - 2251799813685247, - 2251799813685247, - 2251799813685247 -]); - -/// Edwards `d` value, equal to `-121665/121666 mod p`. -pub(crate) const EDWARDS_D: FieldElement51 = FieldElement51([ - 929955233495203, - 466365720129213, - 1662059464998953, - 2033849074728123, - 1442794654840575, -]); - -/// Edwards `2*d` value, equal to `2*(-121665/121666) mod p`. -pub(crate) const EDWARDS_D2: FieldElement51 = FieldElement51([ - 1859910466990425, - 932731440258426, - 1072319116312658, - 1815898335770999, - 633789495995903, -]); - -/// One minus edwards `d` value squared, equal to `(1 - (-121665/121666) mod p) pow 2` -pub(crate) const ONE_MINUS_EDWARDS_D_SQUARED: FieldElement51 = FieldElement51([ - 1136626929484150, - 1998550399581263, - 496427632559748, - 118527312129759, - 45110755273534 -]); - -/// Edwards `d` value minus one squared, equal to `(((-121665/121666) mod p) - 1) pow 2` -pub(crate) const EDWARDS_D_MINUS_ONE_SQUARED: FieldElement51 = FieldElement51([ - 1507062230895904, - 1572317787530805, - 683053064812840, - 317374165784489, - 1572899562415810 -]); - -/// `= sqrt(a*d - 1)`, where `a = -1 (mod p)`, `d` are the Edwards curve parameters. -pub(crate) const SQRT_AD_MINUS_ONE: FieldElement51 = FieldElement51([ - 2241493124984347, - 425987919032274, - 2207028919301688, - 1220490630685848, - 974799131293748, -]); - -/// `= 1/sqrt(a-d)`, where `a = -1 (mod p)`, `d` are the Edwards curve parameters. -pub(crate) const INVSQRT_A_MINUS_D: FieldElement51 = FieldElement51([ - 278908739862762, - 821645201101625, - 8113234426968, - 1777959178193151, - 2118520810568447, -]); - -/// Precomputed value of one of the square roots of -1 (mod p) -pub(crate) const SQRT_M1: FieldElement51 = FieldElement51([ - 1718705420411056, - 234908883556509, - 2233514472574048, - 2117202627021982, - 765476049583133, -]); - -/// `APLUS2_OVER_FOUR` is (A+2)/4. (This is used internally within the Montgomery ladder.) -pub(crate) const APLUS2_OVER_FOUR: FieldElement51 = FieldElement51([121666, 0, 0, 0, 0]); - -/// `MONTGOMERY_A` is equal to 486662, which is a constant of the curve equation -/// for Curve25519 in its Montgomery form. (This is used internally within the -/// Elligator map.) -pub(crate) const MONTGOMERY_A: FieldElement51 = FieldElement51([486662, 0, 0, 0, 0]); - -/// `MONTGOMERY_A_NEG` is equal to -486662. (This is used internally within the -/// Elligator map.) -pub(crate) const MONTGOMERY_A_NEG: FieldElement51 = FieldElement51([ - 2251799813198567, - 2251799813685247, - 2251799813685247, - 2251799813685247, - 2251799813685247, -]); - -/// `L` is the order of base point, i.e. 2^252 + 27742317777372353535851937790883648493 -pub(crate) const L: Scalar52 = Scalar52([ - 0x0002631a5cf5d3ed, - 0x000dea2f79cd6581, - 0x000000000014def9, - 0x0000000000000000, - 0x0000100000000000, -]); - -/// `L` * `LFACTOR` = -1 (mod 2^52) -pub(crate) const LFACTOR: u64 = 0x51da312547e1b; - -/// `R` = R % L where R = 2^260 -pub(crate) const R: Scalar52 = Scalar52([ - 0x000f48bd6721e6ed, - 0x0003bab5ac67e45a, - 0x000fffffeb35e51b, - 0x000fffffffffffff, - 0x00000fffffffffff, -]); - -/// `RR` = (R^2) % L where R = 2^260 -pub(crate) const RR: Scalar52 = Scalar52([ - 0x0009d265e952d13b, - 0x000d63c715bea69f, - 0x0005be65cb687604, - 0x0003dceec73d217f, - 0x000009411b7c309a, -]); - -/// The Ed25519 basepoint, as an `EdwardsPoint`. -/// -/// This is called `_POINT` to distinguish it from -/// `ED25519_BASEPOINT_TABLE`, which should be used for scalar -/// multiplication (it's much faster). -pub const ED25519_BASEPOINT_POINT: EdwardsPoint = EdwardsPoint { - X: FieldElement51([ - 1738742601995546, - 1146398526822698, - 2070867633025821, - 562264141797630, - 587772402128613, - ]), - Y: FieldElement51([ - 1801439850948184, - 1351079888211148, - 450359962737049, - 900719925474099, - 1801439850948198, - ]), - Z: FieldElement51([1, 0, 0, 0, 0]), - T: FieldElement51([ - 1841354044333475, - 16398895984059, - 755974180946558, - 900171276175154, - 1821297809914039, - ]), -}; - -/// The 8-torsion subgroup \\(\mathcal E [8]\\). -/// -/// In the case of Curve25519, it is cyclic; the \\(i\\)-th element of -/// the array is \\([i]P\\), where \\(P\\) is a point of order \\(8\\) -/// generating \\(\mathcal E[8]\\). -/// -/// Thus \\(\mathcal E[4]\\) is the points indexed by `0,2,4,6`, and -/// \\(\mathcal E[2]\\) is the points indexed by `0,4`. -pub const EIGHT_TORSION: [EdwardsPoint; 8] = EIGHT_TORSION_INNER_DOC_HIDDEN; - -/// Inner item used to hide limb constants from cargo doc output. -#[doc(hidden)] -pub const EIGHT_TORSION_INNER_DOC_HIDDEN: [EdwardsPoint; 8] = [ - EdwardsPoint { - X: FieldElement51([0, 0, 0, 0, 0]), - Y: FieldElement51([1, 0, 0, 0, 0]), - Z: FieldElement51([1, 0, 0, 0, 0]), - T: FieldElement51([0, 0, 0, 0, 0]), - }, - EdwardsPoint { - X: FieldElement51([ - 358744748052810, - 1691584618240980, - 977650209285361, - 1429865912637724, - 560044844278676, - ]), - Y: FieldElement51([ - 84926274344903, - 473620666599931, - 365590438845504, - 1028470286882429, - 2146499180330972, - ]), - Z: FieldElement51([1, 0, 0, 0, 0]), - T: FieldElement51([ - 1448326834587521, - 1857896831960481, - 1093722731865333, - 1677408490711241, - 1915505153018406, - ]), - }, - EdwardsPoint { - X: FieldElement51([ - 533094393274173, - 2016890930128738, - 18285341111199, - 134597186663265, - 1486323764102114, - ]), - Y: FieldElement51([0, 0, 0, 0, 0]), - Z: FieldElement51([1, 0, 0, 0, 0]), - T: FieldElement51([0, 0, 0, 0, 0]), - }, - EdwardsPoint { - X: FieldElement51([ - 358744748052810, - 1691584618240980, - 977650209285361, - 1429865912637724, - 560044844278676, - ]), - Y: FieldElement51([ - 2166873539340326, - 1778179147085316, - 1886209374839743, - 1223329526802818, - 105300633354275, - ]), - Z: FieldElement51([1, 0, 0, 0, 0]), - T: FieldElement51([ - 803472979097708, - 393902981724766, - 1158077081819914, - 574391322974006, - 336294660666841, - ]), - }, - EdwardsPoint { - X: FieldElement51([0, 0, 0, 0, 0]), - Y: FieldElement51([ - 2251799813685228, - 2251799813685247, - 2251799813685247, - 2251799813685247, - 2251799813685247, - ]), - Z: FieldElement51([1, 0, 0, 0, 0]), - T: FieldElement51([0, 0, 0, 0, 0]), - }, - EdwardsPoint { - X: FieldElement51([ - 1893055065632419, - 560215195444267, - 1274149604399886, - 821933901047523, - 1691754969406571, - ]), - Y: FieldElement51([ - 2166873539340326, - 1778179147085316, - 1886209374839743, - 1223329526802818, - 105300633354275, - ]), - Z: FieldElement51([1, 0, 0, 0, 0]), - T: FieldElement51([ - 1448326834587521, - 1857896831960481, - 1093722731865333, - 1677408490711241, - 1915505153018406, - ]), - }, - EdwardsPoint { - X: FieldElement51([ - 1718705420411056, - 234908883556509, - 2233514472574048, - 2117202627021982, - 765476049583133, - ]), - Y: FieldElement51([0, 0, 0, 0, 0]), - Z: FieldElement51([1, 0, 0, 0, 0]), - T: FieldElement51([0, 0, 0, 0, 0]), - }, - EdwardsPoint { - X: FieldElement51([ - 1893055065632419, - 560215195444267, - 1274149604399886, - 821933901047523, - 1691754969406571, - ]), - Y: FieldElement51([ - 84926274344903, - 473620666599931, - 365590438845504, - 1028470286882429, - 2146499180330972, - ]), - Z: FieldElement51([1, 0, 0, 0, 0]), - T: FieldElement51([ - 803472979097708, - 393902981724766, - 1158077081819914, - 574391322974006, - 336294660666841, - ]), - }, -]; - -/// Table containing precomputed multiples of the Ed25519 basepoint \\(B = (x, 4/5)\\). -pub const ED25519_BASEPOINT_TABLE: EdwardsBasepointTable = ED25519_BASEPOINT_TABLE_INNER_DOC_HIDDEN; - -/// Inner constant, used to avoid filling the docs with precomputed points. -#[doc(hidden)] -pub const ED25519_BASEPOINT_TABLE_INNER_DOC_HIDDEN: EdwardsBasepointTable = - EdwardsBasepointTable([ - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3540182452943730, - 2497478415033846, - 2521227595762870, - 1462984067271729, - 2389212253076811, - ]), - y_minus_x: FieldElement51([ - 62697248952638, - 204681361388450, - 631292143396476, - 338455783676468, - 1213667448819585, - ]), - xy2d: FieldElement51([ - 301289933810280, - 1259582250014073, - 1422107436869536, - 796239922652654, - 1953934009299142, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3632771708514775, - 790832306631235, - 2067202295274102, - 1995808275510000, - 1566530869037010, - ]), - y_minus_x: FieldElement51([ - 463307831301544, - 432984605774163, - 1610641361907204, - 750899048855000, - 1894842303421586, - ]), - xy2d: FieldElement51([ - 748439484463711, - 1033211726465151, - 1396005112841647, - 1611506220286469, - 1972177495910992, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1601611775252272, - 1720807796594148, - 1132070835939856, - 3512254832574799, - 2147779492816910, - ]), - y_minus_x: FieldElement51([ - 316559037616741, - 2177824224946892, - 1459442586438991, - 1461528397712656, - 751590696113597, - ]), - xy2d: FieldElement51([ - 1850748884277385, - 1200145853858453, - 1068094770532492, - 672251375690438, - 1586055907191707, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 934282339813791, - 1846903124198670, - 1172395437954843, - 1007037127761661, - 1830588347719256, - ]), - y_minus_x: FieldElement51([ - 1694390458783935, - 1735906047636159, - 705069562067493, - 648033061693059, - 696214010414170, - ]), - xy2d: FieldElement51([ - 1121406372216585, - 192876649532226, - 190294192191717, - 1994165897297032, - 2245000007398739, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 769950342298400, - 2384754244604994, - 3095885746880802, - 3225892188161580, - 2977876099231263, - ]), - y_minus_x: FieldElement51([ - 425251763115706, - 608463272472562, - 442562545713235, - 837766094556764, - 374555092627893, - ]), - xy2d: FieldElement51([ - 1086255230780037, - 274979815921559, - 1960002765731872, - 929474102396301, - 1190409889297339, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1388594989461809, - 316767091099457, - 2646098655878230, - 1230079486801004, - 1440737038838979, - ]), - y_minus_x: FieldElement51([ - 7380825640100, - 146210432690483, - 304903576448906, - 1198869323871120, - 997689833219095, - ]), - xy2d: FieldElement51([ - 1181317918772081, - 114573476638901, - 262805072233344, - 265712217171332, - 294181933805782, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2916800678241215, - 2065379846933858, - 2622030924071124, - 2602788184473875, - 1233371373142984, - ]), - y_minus_x: FieldElement51([ - 2019367628972465, - 676711900706637, - 110710997811333, - 1108646842542025, - 517791959672113, - ]), - xy2d: FieldElement51([ - 965130719900578, - 247011430587952, - 526356006571389, - 91986625355052, - 2157223321444601, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 4320419353804412, - 4218074731744053, - 957728544705548, - 729906502578991, - 2411634706750414, - ]), - y_minus_x: FieldElement51([ - 2073601412052185, - 31021124762708, - 264500969797082, - 248034690651703, - 1030252227928288, - ]), - xy2d: FieldElement51([ - 551790716293402, - 1989538725166328, - 801169423371717, - 2052451893578887, - 678432056995012, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1368953770187805, - 3042147450398169, - 2689308289352409, - 2142576377050579, - 1932081720066286, - ]), - y_minus_x: FieldElement51([ - 953638594433374, - 1092333936795051, - 1419774766716690, - 805677984380077, - 859228993502513, - ]), - xy2d: FieldElement51([ - 1200766035879111, - 20142053207432, - 1465634435977050, - 1645256912097844, - 295121984874596, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1735718747031538, - 1248237894295956, - 1204753118328107, - 976066523550493, - 2317743583219840, - ]), - y_minus_x: FieldElement51([ - 1060098822528990, - 1586825862073490, - 212301317240126, - 1975302711403555, - 666724059764335, - ]), - xy2d: FieldElement51([ - 1091990273418756, - 1572899409348578, - 80968014455247, - 306009358661350, - 1520450739132526, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3732317023121341, - 1511153322193951, - 3496143672676420, - 2556587964178488, - 2620936670181690, - ]), - y_minus_x: FieldElement51([ - 2151330273626164, - 762045184746182, - 1688074332551515, - 823046109005759, - 907602769079491, - ]), - xy2d: FieldElement51([ - 2047386910586836, - 168470092900250, - 1552838872594810, - 340951180073789, - 360819374702533, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1982622644432037, - 2014393600336956, - 2380709022489462, - 3869592437614438, - 2357094095599062, - ]), - y_minus_x: FieldElement51([ - 980234343912898, - 1712256739246056, - 588935272190264, - 204298813091998, - 841798321043288, - ]), - xy2d: FieldElement51([ - 197561292938973, - 454817274782871, - 1963754960082318, - 2113372252160468, - 971377527342673, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2416499262514576, - 2254927265442919, - 3451304785234000, - 1766155447043651, - 1899238924683527, - ]), - y_minus_x: FieldElement51([ - 732262946680281, - 1674412764227063, - 2182456405662809, - 1350894754474250, - 558458873295247, - ]), - xy2d: FieldElement51([ - 2103305098582922, - 1960809151316468, - 715134605001343, - 1454892949167181, - 40827143824949, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1239289043050193, - 1744654158124578, - 758702410031698, - 4048562808759936, - 2253402870349013, - ]), - y_minus_x: FieldElement51([ - 2232056027107988, - 987343914584615, - 2115594492994461, - 1819598072792159, - 1119305654014850, - ]), - xy2d: FieldElement51([ - 320153677847348, - 939613871605645, - 641883205761567, - 1930009789398224, - 329165806634126, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3232730304159378, - 1242488692177892, - 1251446316964684, - 1086618677993530, - 1961430968465772, - ]), - y_minus_x: FieldElement51([ - 276821765317453, - 1536835591188030, - 1305212741412361, - 61473904210175, - 2051377036983058, - ]), - xy2d: FieldElement51([ - 833449923882501, - 1750270368490475, - 1123347002068295, - 185477424765687, - 278090826653186, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 794524995833413, - 1849907304548286, - 2305148486158393, - 1272368559505216, - 1147304168324779, - ]), - y_minus_x: FieldElement51([ - 1504846112759364, - 1203096289004681, - 562139421471418, - 274333017451844, - 1284344053775441, - ]), - xy2d: FieldElement51([ - 483048732424432, - 2116063063343382, - 30120189902313, - 292451576741007, - 1156379271702225, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3180171966714267, - 2147692869914563, - 1455665844462196, - 1986737809425946, - 2437006863943337, - ]), - y_minus_x: FieldElement51([ - 137732961814206, - 706670923917341, - 1387038086865771, - 1965643813686352, - 1384777115696347, - ]), - xy2d: FieldElement51([ - 481144981981577, - 2053319313589856, - 2065402289827512, - 617954271490316, - 1106602634668125, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2948097833334040, - 3145099472726142, - 1148636718636008, - 2278533891034865, - 2203955659340680, - ]), - y_minus_x: FieldElement51([ - 657390353372855, - 998499966885562, - 991893336905797, - 810470207106761, - 343139804608786, - ]), - xy2d: FieldElement51([ - 791736669492960, - 934767652997115, - 824656780392914, - 1759463253018643, - 361530362383518, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2022541353055578, - 4346500076272714, - 3802807888710933, - 2494585331103411, - 2947785218648809, - ]), - y_minus_x: FieldElement51([ - 1287487199965223, - 2215311941380308, - 1552928390931986, - 1664859529680196, - 1125004975265243, - ]), - xy2d: FieldElement51([ - 677434665154918, - 989582503122485, - 1817429540898386, - 1052904935475344, - 1143826298169798, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2619066141993637, - 2570231002607651, - 2947429167440602, - 2885885471266079, - 2276381426249673, - ]), - y_minus_x: FieldElement51([ - 773360688841258, - 1815381330538070, - 363773437667376, - 539629987070205, - 783280434248437, - ]), - xy2d: FieldElement51([ - 180820816194166, - 168937968377394, - 748416242794470, - 1227281252254508, - 1567587861004268, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2730575372268893, - 2062896624554806, - 2951191072970647, - 2609899222113120, - 1277310261461760, - ]), - y_minus_x: FieldElement51([ - 1984740906540026, - 1079164179400229, - 1056021349262661, - 1659958556483663, - 1088529069025527, - ]), - xy2d: FieldElement51([ - 580736401511151, - 1842931091388998, - 1177201471228238, - 2075460256527244, - 1301133425678027, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1515728832059163, - 1575261009617579, - 1510246567196186, - 2442877836294952, - 2368461529974388, - ]), - y_minus_x: FieldElement51([ - 1295295738269652, - 1714742313707026, - 545583042462581, - 2034411676262552, - 1513248090013606, - ]), - xy2d: FieldElement51([ - 230710545179830, - 30821514358353, - 760704303452229, - 390668103790604, - 573437871383156, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3421179921230875, - 2514967047430861, - 4274701112739695, - 3071700566936367, - 4275698278559832, - ]), - y_minus_x: FieldElement51([ - 2102254323485823, - 1570832666216754, - 34696906544624, - 1993213739807337, - 70638552271463, - ]), - xy2d: FieldElement51([ - 894132856735058, - 548675863558441, - 845349339503395, - 1942269668326667, - 1615682209874691, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3539470031223082, - 1222355136884919, - 1846481788678694, - 1150426571265110, - 1613523400722047, - ]), - y_minus_x: FieldElement51([ - 793388516527298, - 1315457083650035, - 1972286999342417, - 1901825953052455, - 338269477222410, - ]), - xy2d: FieldElement51([ - 550201530671806, - 778605267108140, - 2063911101902983, - 115500557286349, - 2041641272971022, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 717255318455100, - 519313764361315, - 2080406977303708, - 541981206705521, - 774328150311600, - ]), - y_minus_x: FieldElement51([ - 261715221532238, - 1795354330069993, - 1496878026850283, - 499739720521052, - 389031152673770, - ]), - xy2d: FieldElement51([ - 1997217696294013, - 1717306351628065, - 1684313917746180, - 1644426076011410, - 1857378133465451, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3727234538477877, - 2328731709971226, - 3368528843456914, - 2002544139318041, - 2977347647489186, - ]), - y_minus_x: FieldElement51([ - 2022306639183567, - 726296063571875, - 315345054448644, - 1058733329149221, - 1448201136060677, - ]), - xy2d: FieldElement51([ - 1710065158525665, - 1895094923036397, - 123988286168546, - 1145519900776355, - 1607510767693874, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2813405189107769, - 1071733543815036, - 2383296312486238, - 1946868434569998, - 3079937947649451, - ]), - y_minus_x: FieldElement51([ - 1548495173745801, - 442310529226540, - 998072547000384, - 553054358385281, - 644824326376171, - ]), - xy2d: FieldElement51([ - 1445526537029440, - 2225519789662536, - 914628859347385, - 1064754194555068, - 1660295614401091, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3451490036797185, - 2275827949507588, - 2318438102929588, - 2309425969971222, - 2816893781664854, - ]), - y_minus_x: FieldElement51([ - 876926774220824, - 554618976488214, - 1012056309841565, - 839961821554611, - 1414499340307677, - ]), - xy2d: FieldElement51([ - 703047626104145, - 1266841406201770, - 165556500219173, - 486991595001879, - 1011325891650656, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1622861044480487, - 1156394801573634, - 4120932379100752, - 2578903799462977, - 2095342781472283, - ]), - y_minus_x: FieldElement51([ - 334886927423922, - 489511099221528, - 129160865966726, - 1720809113143481, - 619700195649254, - ]), - xy2d: FieldElement51([ - 1646545795166119, - 1758370782583567, - 714746174550637, - 1472693650165135, - 898994790308209, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2585203586724508, - 2547572356138185, - 1693106465353609, - 912330357530760, - 2723035471635610, - ]), - y_minus_x: FieldElement51([ - 1811196219982022, - 1068969825533602, - 289602974833439, - 1988956043611592, - 863562343398367, - ]), - xy2d: FieldElement51([ - 906282429780072, - 2108672665779781, - 432396390473936, - 150625823801893, - 1708930497638539, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 925664675702309, - 2273216662253932, - 4083236455546587, - 601157008940112, - 2623617868729744, - ]), - y_minus_x: FieldElement51([ - 1479786007267725, - 1738881859066675, - 68646196476567, - 2146507056100328, - 1247662817535471, - ]), - xy2d: FieldElement51([ - 52035296774456, - 939969390708103, - 312023458773250, - 59873523517659, - 1231345905848899, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2895154920100990, - 2541986621181021, - 2013561737429022, - 2571447883196794, - 2645536492181409, - ]), - y_minus_x: FieldElement51([ - 129358342392716, - 1932811617704777, - 1176749390799681, - 398040349861790, - 1170779668090425, - ]), - xy2d: FieldElement51([ - 2051980782668029, - 121859921510665, - 2048329875753063, - 1235229850149665, - 519062146124755, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3859970785658325, - 2667608874045675, - 1350468408164765, - 2038620059057678, - 3278704299674360, - ]), - y_minus_x: FieldElement51([ - 1837656083115103, - 1510134048812070, - 906263674192061, - 1821064197805734, - 565375124676301, - ]), - xy2d: FieldElement51([ - 578027192365650, - 2034800251375322, - 2128954087207123, - 478816193810521, - 2196171989962750, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1633188840273120, - 3104586986058956, - 1548762607215795, - 1266275218902681, - 3359018017010381, - ]), - y_minus_x: FieldElement51([ - 462189358480054, - 1784816734159228, - 1611334301651368, - 1303938263943540, - 707589560319424, - ]), - xy2d: FieldElement51([ - 1038829280972848, - 38176604650029, - 753193246598573, - 1136076426528122, - 595709990562434, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3660251634545082, - 2194984964010832, - 2198361797561729, - 1061962440055713, - 1645147963442934, - ]), - y_minus_x: FieldElement51([ - 4701053362120, - 1647641066302348, - 1047553002242085, - 1923635013395977, - 206970314902065, - ]), - xy2d: FieldElement51([ - 1750479161778571, - 1362553355169293, - 1891721260220598, - 966109370862782, - 1024913988299801, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2464498862816952, - 1117950018299774, - 1873945661751056, - 3655602735669306, - 2382695896337945, - ]), - y_minus_x: FieldElement51([ - 636808533673210, - 1262201711667560, - 390951380330599, - 1663420692697294, - 561951321757406, - ]), - xy2d: FieldElement51([ - 520731594438141, - 1446301499955692, - 273753264629267, - 1565101517999256, - 1019411827004672, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3178327305714638, - 3443653291096626, - 734233225181170, - 2435838701226518, - 4042225960010590, - ]), - y_minus_x: FieldElement51([ - 1464651961852572, - 1483737295721717, - 1519450561335517, - 1161429831763785, - 405914998179977, - ]), - xy2d: FieldElement51([ - 996126634382301, - 796204125879525, - 127517800546509, - 344155944689303, - 615279846169038, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2990523894660505, - 2188666632415295, - 1961313708559162, - 1506545807547587, - 3403101452654988, - ]), - y_minus_x: FieldElement51([ - 622917337413835, - 1218989177089035, - 1284857712846592, - 970502061709359, - 351025208117090, - ]), - xy2d: FieldElement51([ - 2067814584765580, - 1677855129927492, - 2086109782475197, - 235286517313238, - 1416314046739645, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2838644076315587, - 2559244195637442, - 458399356043425, - 2853867838192310, - 3280348017100490, - ]), - y_minus_x: FieldElement51([ - 678489922928203, - 2016657584724032, - 90977383049628, - 1026831907234582, - 615271492942522, - ]), - xy2d: FieldElement51([ - 301225714012278, - 1094837270268560, - 1202288391010439, - 644352775178361, - 1647055902137983, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1210746697896459, - 1416608304244708, - 2938287290903104, - 3496931005119382, - 3303038150540984, - ]), - y_minus_x: FieldElement51([ - 1135604073198207, - 1683322080485474, - 769147804376683, - 2086688130589414, - 900445683120379, - ]), - xy2d: FieldElement51([ - 1971518477615628, - 401909519527336, - 448627091057375, - 1409486868273821, - 1214789035034363, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1364039144731711, - 1897497433586190, - 2203097701135459, - 2397261210496499, - 1349844460790698, - ]), - y_minus_x: FieldElement51([ - 1045230323257973, - 818206601145807, - 630513189076103, - 1672046528998132, - 807204017562437, - ]), - xy2d: FieldElement51([ - 439961968385997, - 386362664488986, - 1382706320807688, - 309894000125359, - 2207801346498567, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3480804500082836, - 3172443782216110, - 2375775707596425, - 2933223806901024, - 1400559197080972, - ]), - y_minus_x: FieldElement51([ - 2003766096898049, - 170074059235165, - 1141124258967971, - 1485419893480973, - 1573762821028725, - ]), - xy2d: FieldElement51([ - 729905708611432, - 1270323270673202, - 123353058984288, - 426460209632942, - 2195574535456672, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1271140255321216, - 2044363183174497, - 2303925201319937, - 3696920060379952, - 3194341800024331, - ]), - y_minus_x: FieldElement51([ - 1761608437466135, - 583360847526804, - 1586706389685493, - 2157056599579261, - 1170692369685772, - ]), - xy2d: FieldElement51([ - 871476219910823, - 1878769545097794, - 2241832391238412, - 548957640601001, - 690047440233174, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2548994545820755, - 1366347803776819, - 3552985325930849, - 561849853336293, - 1533554921345731, - ]), - y_minus_x: FieldElement51([ - 999628998628371, - 1132836708493400, - 2084741674517453, - 469343353015612, - 678782988708035, - ]), - xy2d: FieldElement51([ - 2189427607417022, - 699801937082607, - 412764402319267, - 1478091893643349, - 2244675696854460, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3964091869651792, - 2456213404310121, - 3657538451018088, - 2660781114515010, - 3112882032961968, - ]), - y_minus_x: FieldElement51([ - 508561155940631, - 966928475686665, - 2236717801150132, - 424543858577297, - 2089272956986143, - ]), - xy2d: FieldElement51([ - 221245220129925, - 1156020201681217, - 491145634799213, - 542422431960839, - 828100817819207, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2405556784925632, - 1299874139923976, - 2644898978945750, - 1058234455773021, - 996989038681183, - ]), - y_minus_x: FieldElement51([ - 559086812798481, - 573177704212711, - 1629737083816402, - 1399819713462595, - 1646954378266038, - ]), - xy2d: FieldElement51([ - 1887963056288059, - 228507035730124, - 1468368348640282, - 930557653420194, - 613513962454686, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1224529808187534, - 1577022856702685, - 2206946542980843, - 625883007765001, - 2531730607197406, - ]), - y_minus_x: FieldElement51([ - 1076287717051609, - 1114455570543035, - 187297059715481, - 250446884292121, - 1885187512550540, - ]), - xy2d: FieldElement51([ - 902497362940219, - 76749815795675, - 1657927525633846, - 1420238379745202, - 1340321636548352, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1129576631190765, - 3533793823712575, - 996844254743017, - 2509676177174497, - 3402650555740265, - ]), - y_minus_x: FieldElement51([ - 628740660038789, - 1943038498527841, - 467786347793886, - 1093341428303375, - 235413859513003, - ]), - xy2d: FieldElement51([ - 237425418909360, - 469614029179605, - 1512389769174935, - 1241726368345357, - 441602891065214, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3988217766743784, - 726531315520507, - 1833335034432527, - 1629442561574747, - 2876218732971333, - ]), - y_minus_x: FieldElement51([ - 1960754663920689, - 497040957888962, - 1909832851283095, - 1271432136996826, - 2219780368020940, - ]), - xy2d: FieldElement51([ - 1537037379417136, - 1358865369268262, - 2130838645654099, - 828733687040705, - 1999987652890901, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 629042105241795, - 1098854999137608, - 887281544569320, - 3674901833560025, - 2259711072636808, - ]), - y_minus_x: FieldElement51([ - 1811562332665373, - 1501882019007673, - 2213763501088999, - 359573079719636, - 36370565049116, - ]), - xy2d: FieldElement51([ - 218907117361280, - 1209298913016966, - 1944312619096112, - 1130690631451061, - 1342327389191701, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1369976867854685, - 1396479602419169, - 4017456468084104, - 2203659200586298, - 3250127649802489, - ]), - y_minus_x: FieldElement51([ - 2230701885562825, - 1348173180338974, - 2172856128624598, - 1426538746123771, - 444193481326151, - ]), - xy2d: FieldElement51([ - 784210426627951, - 918204562375674, - 1284546780452985, - 1324534636134684, - 1872449409642708, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2571438643225542, - 2848082470493653, - 2037902696412607, - 1557219121643918, - 341938082688094, - ]), - y_minus_x: FieldElement51([ - 1901860206695915, - 2004489122065736, - 1625847061568236, - 973529743399879, - 2075287685312905, - ]), - xy2d: FieldElement51([ - 1371853944110545, - 1042332820512553, - 1949855697918254, - 1791195775521505, - 37487364849293, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 687200189577836, - 1082536651125675, - 2896024754556794, - 2592723009743198, - 2595381160432643, - ]), - y_minus_x: FieldElement51([ - 2082717129583892, - 27829425539422, - 145655066671970, - 1690527209845512, - 1865260509673478, - ]), - xy2d: FieldElement51([ - 1059729620568824, - 2163709103470266, - 1440302280256872, - 1769143160546397, - 869830310425069, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3861316033464273, - 777277757338816, - 2101121130363987, - 550762194946473, - 1905542338659364, - ]), - y_minus_x: FieldElement51([ - 2024821921041576, - 426948675450149, - 595133284085473, - 471860860885970, - 600321679413000, - ]), - xy2d: FieldElement51([ - 598474602406721, - 1468128276358244, - 1191923149557635, - 1501376424093216, - 1281662691293476, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1721138489890688, - 1264336102277790, - 2684864359106535, - 1359988423149465, - 3813671107094695, - ]), - y_minus_x: FieldElement51([ - 719520245587143, - 393380711632345, - 132350400863381, - 1543271270810729, - 1819543295798660, - ]), - xy2d: FieldElement51([ - 396397949784152, - 1811354474471839, - 1362679985304303, - 2117033964846756, - 498041172552279, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1812471844975748, - 1856491995543149, - 126579494584102, - 3288044672967868, - 1975108050082549, - ]), - y_minus_x: FieldElement51([ - 650623932407995, - 1137551288410575, - 2125223403615539, - 1725658013221271, - 2134892965117796, - ]), - xy2d: FieldElement51([ - 522584000310195, - 1241762481390450, - 1743702789495384, - 2227404127826575, - 1686746002148897, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 427904865186293, - 1703211129693455, - 1585368107547509, - 3688784302429584, - 3012988348299225, - ]), - y_minus_x: FieldElement51([ - 318101947455002, - 248138407995851, - 1481904195303927, - 309278454311197, - 1258516760217879, - ]), - xy2d: FieldElement51([ - 1275068538599310, - 513726919533379, - 349926553492294, - 688428871968420, - 1702400196000666, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3313663849950481, - 3213411074010628, - 2573659446386085, - 3297400443644764, - 1985130202504037, - ]), - y_minus_x: FieldElement51([ - 1558816436882417, - 1962896332636523, - 1337709822062152, - 1501413830776938, - 294436165831932, - ]), - xy2d: FieldElement51([ - 818359826554971, - 1862173000996177, - 626821592884859, - 573655738872376, - 1749691246745455, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1988022651432119, - 3333911312271288, - 1834020786104820, - 3706626690108935, - 692929915223121, - ]), - y_minus_x: FieldElement51([ - 2146513703733331, - 584788900394667, - 464965657279958, - 2183973639356127, - 238371159456790, - ]), - xy2d: FieldElement51([ - 1129007025494441, - 2197883144413266, - 265142755578169, - 971864464758890, - 1983715884903702, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1291366624493056, - 2633256531874362, - 1711482489312443, - 1815233647702022, - 3144079596677715, - ]), - y_minus_x: FieldElement51([ - 444548969917454, - 1452286453853356, - 2113731441506810, - 645188273895859, - 810317625309512, - ]), - xy2d: FieldElement51([ - 2242724082797924, - 1373354730327868, - 1006520110883049, - 2147330369940688, - 1151816104883620, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3997520014069025, - 4163522956860564, - 2056329390702073, - 2607026987995097, - 3131032608056347, - ]), - y_minus_x: FieldElement51([ - 163723479936298, - 115424889803150, - 1156016391581227, - 1894942220753364, - 1970549419986329, - ]), - xy2d: FieldElement51([ - 681981452362484, - 267208874112496, - 1374683991933094, - 638600984916117, - 646178654558546, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2265178468539480, - 2358037120714814, - 1944412051589650, - 4093776581610705, - 2482502633520820, - ]), - y_minus_x: FieldElement51([ - 260683893467075, - 854060306077237, - 913639551980112, - 4704576840123, - 280254810808712, - ]), - xy2d: FieldElement51([ - 715374893080287, - 1173334812210491, - 1806524662079626, - 1894596008000979, - 398905715033393, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2751826223412909, - 3848231101880618, - 1420380351989369, - 3237011375206737, - 392444930785632, - ]), - y_minus_x: FieldElement51([ - 2096421546958141, - 1922523000950363, - 789831022876840, - 427295144688779, - 320923973161730, - ]), - xy2d: FieldElement51([ - 1927770723575450, - 1485792977512719, - 1850996108474547, - 551696031508956, - 2126047405475647, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2112099158080129, - 2994370617594963, - 2258284371762679, - 1951119898618915, - 2344890196388664, - ]), - y_minus_x: FieldElement51([ - 383905201636970, - 859946997631870, - 855623867637644, - 1017125780577795, - 794250831877809, - ]), - xy2d: FieldElement51([ - 77571826285752, - 999304298101753, - 487841111777762, - 1038031143212339, - 339066367948762, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2926794589205781, - 2517835660016036, - 826951213393477, - 1405007746162285, - 1781791018620876, - ]), - y_minus_x: FieldElement51([ - 1001412661522686, - 348196197067298, - 1666614366723946, - 888424995032760, - 580747687801357, - ]), - xy2d: FieldElement51([ - 1939560076207777, - 1409892634407635, - 552574736069277, - 383854338280405, - 190706709864139, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2177087163428741, - 1439255351721944, - 3459870654068041, - 2230616362004768, - 1396886392021913, - ]), - y_minus_x: FieldElement51([ - 676962063230039, - 1880275537148808, - 2046721011602706, - 888463247083003, - 1318301552024067, - ]), - xy2d: FieldElement51([ - 1466980508178206, - 617045217998949, - 652303580573628, - 757303753529064, - 207583137376902, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3762856566592150, - 2357202940576524, - 2745234706458093, - 1091943425335975, - 1802717338077427, - ]), - y_minus_x: FieldElement51([ - 1853982405405128, - 1878664056251147, - 1528011020803992, - 1019626468153565, - 1128438412189035, - ]), - xy2d: FieldElement51([ - 1963939888391106, - 293456433791664, - 697897559513649, - 985882796904380, - 796244541237972, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2668570812315008, - 2641455366112301, - 1314476859406755, - 1749382513022778, - 3413705412424739, - ]), - y_minus_x: FieldElement51([ - 1428358296490651, - 1027115282420478, - 304840698058337, - 441410174026628, - 1819358356278573, - ]), - xy2d: FieldElement51([ - 204943430200135, - 1554861433819175, - 216426658514651, - 264149070665950, - 2047097371738319, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1934415182909015, - 1393285083565062, - 2768209145458208, - 3409490548679139, - 2372839480279515, - ]), - y_minus_x: FieldElement51([ - 662035583584445, - 286736105093098, - 1131773000510616, - 818494214211439, - 472943792054479, - ]), - xy2d: FieldElement51([ - 665784778135882, - 1893179629898606, - 808313193813106, - 276797254706413, - 1563426179676396, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 945205108984213, - 2778077376644543, - 1324180513733565, - 1666970227868664, - 2405347422974421, - ]), - y_minus_x: FieldElement51([ - 2031433403516252, - 203996615228162, - 170487168837083, - 981513604791390, - 843573964916831, - ]), - xy2d: FieldElement51([ - 1476570093962618, - 838514669399805, - 1857930577281364, - 2017007352225784, - 317085545220047, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1461557121912823, - 1600674043318359, - 2157134900399597, - 1670641601940616, - 2379565397488531, - ]), - y_minus_x: FieldElement51([ - 1293543509393474, - 2143624609202546, - 1058361566797508, - 214097127393994, - 946888515472729, - ]), - xy2d: FieldElement51([ - 357067959932916, - 1290876214345711, - 521245575443703, - 1494975468601005, - 800942377643885, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2817916472785262, - 820247422481739, - 994464017954148, - 2578957425371613, - 2344391131796991, - ]), - y_minus_x: FieldElement51([ - 617256647603209, - 1652107761099439, - 1857213046645471, - 1085597175214970, - 817432759830522, - ]), - xy2d: FieldElement51([ - 771808161440705, - 1323510426395069, - 680497615846440, - 851580615547985, - 1320806384849017, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1219260086131896, - 2898968820282063, - 2331400938444953, - 2161724213426747, - 2656661710745446, - ]), - y_minus_x: FieldElement51([ - 1327968293887866, - 1335500852943256, - 1401587164534264, - 558137311952440, - 1551360549268902, - ]), - xy2d: FieldElement51([ - 417621685193956, - 1429953819744454, - 396157358457099, - 1940470778873255, - 214000046234152, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1268047918491954, - 2172375426948536, - 1533916099229249, - 1761293575457130, - 3842422480712013, - ]), - y_minus_x: FieldElement51([ - 1627072914981959, - 2211603081280073, - 1912369601616504, - 1191770436221309, - 2187309757525860, - ]), - xy2d: FieldElement51([ - 1149147819689533, - 378692712667677, - 828475842424202, - 2218619146419342, - 70688125792186, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3551539230764990, - 3690416477138006, - 3788528892189659, - 2053896748919837, - 3260220846276494, - ]), - y_minus_x: FieldElement51([ - 2040723824657366, - 399555637875075, - 632543375452995, - 872649937008051, - 1235394727030233, - ]), - xy2d: FieldElement51([ - 2211311599327900, - 2139787259888175, - 938706616835350, - 12609661139114, - 2081897930719789, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1324994503390431, - 2588782144267879, - 1183998925654176, - 3343454479598522, - 2300527487656566, - ]), - y_minus_x: FieldElement51([ - 1845522914617879, - 1222198248335542, - 150841072760134, - 1927029069940982, - 1189913404498011, - ]), - xy2d: FieldElement51([ - 1079559557592645, - 2215338383666441, - 1903569501302605, - 49033973033940, - 305703433934152, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2346453219102138, - 3637921163538246, - 3313930291577009, - 2288353761164521, - 3085469462634093, - ]), - y_minus_x: FieldElement51([ - 1432015813136298, - 440364795295369, - 1395647062821501, - 1976874522764578, - 934452372723352, - ]), - xy2d: FieldElement51([ - 1296625309219774, - 2068273464883862, - 1858621048097805, - 1492281814208508, - 2235868981918946, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1490330266465551, - 1858795661361448, - 3688040948655011, - 2546373032584894, - 3459939824714180, - ]), - y_minus_x: FieldElement51([ - 1282462923712748, - 741885683986255, - 2027754642827561, - 518989529541027, - 1826610009555945, - ]), - xy2d: FieldElement51([ - 1525827120027511, - 723686461809551, - 1597702369236987, - 244802101764964, - 1502833890372311, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2365421849929742, - 3485539881431101, - 2925909765963743, - 2114345180342964, - 2418564326541511, - ]), - y_minus_x: FieldElement51([ - 2041668749310338, - 2184405322203901, - 1633400637611036, - 2110682505536899, - 2048144390084644, - ]), - xy2d: FieldElement51([ - 503058759232932, - 760293024620937, - 2027152777219493, - 666858468148475, - 1539184379870952, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1916168475367211, - 3167426246226591, - 883217071712574, - 363427871374304, - 1976029821251593, - ]), - y_minus_x: FieldElement51([ - 678039535434506, - 570587290189340, - 1605302676614120, - 2147762562875701, - 1706063797091704, - ]), - xy2d: FieldElement51([ - 1439489648586438, - 2194580753290951, - 832380563557396, - 561521973970522, - 584497280718389, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2439789269177838, - 681223515948274, - 1933493571072456, - 1872921007304880, - 2739962177820919, - ]), - y_minus_x: FieldElement51([ - 1413466089534451, - 410844090765630, - 1397263346404072, - 408227143123410, - 1594561803147811, - ]), - xy2d: FieldElement51([ - 2102170800973153, - 719462588665004, - 1479649438510153, - 1097529543970028, - 1302363283777685, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3193865531532443, - 3321113493038208, - 2007341951411050, - 2322773230131539, - 1419433790163705, - ]), - y_minus_x: FieldElement51([ - 1146565545556377, - 1661971299445212, - 406681704748893, - 564452436406089, - 1109109865829139, - ]), - xy2d: FieldElement51([ - 2214421081775077, - 1165671861210569, - 1890453018796184, - 3556249878661, - 442116172656317, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3005630360306059, - 1666955059895018, - 1530775289309243, - 3371786842789394, - 2164156153857579, - ]), - y_minus_x: FieldElement51([ - 615171919212796, - 1523849404854568, - 854560460547503, - 2067097370290715, - 1765325848586042, - ]), - xy2d: FieldElement51([ - 1094538949313667, - 1796592198908825, - 870221004284388, - 2025558921863561, - 1699010892802384, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1951351290725195, - 1916457206844795, - 2449824998123274, - 1909076887557594, - 1938542290318919, - ]), - y_minus_x: FieldElement51([ - 1014323197538413, - 869150639940606, - 1756009942696599, - 1334952557375672, - 1544945379082874, - ]), - xy2d: FieldElement51([ - 764055910920305, - 1603590757375439, - 146805246592357, - 1843313433854297, - 954279890114939, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 80113526615731, - 764536758732259, - 3306939158785481, - 2721052465444637, - 2869697326116762, - ]), - y_minus_x: FieldElement51([ - 74497112547268, - 740094153192149, - 1745254631717581, - 727713886503130, - 1283034364416928, - ]), - xy2d: FieldElement51([ - 525892105991110, - 1723776830270342, - 1476444848991936, - 573789489857760, - 133864092632978, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2794411533877810, - 1986812262899320, - 1162535242465837, - 2733298779828712, - 2796400347268869, - ]), - y_minus_x: FieldElement51([ - 64123227344372, - 1239927720647794, - 1360722983445904, - 222610813654661, - 62429487187991, - ]), - xy2d: FieldElement51([ - 1793193323953132, - 91096687857833, - 70945970938921, - 2158587638946380, - 1537042406482111, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1895854577604590, - 3646695522634664, - 1728548428495943, - 3392664713925397, - 2815445147288308, - ]), - y_minus_x: FieldElement51([ - 141358280486863, - 91435889572504, - 1087208572552643, - 1829599652522921, - 1193307020643647, - ]), - xy2d: FieldElement51([ - 1611230858525381, - 950720175540785, - 499589887488610, - 2001656988495019, - 88977313255908, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3440880315164906, - 2184348804772596, - 3292618539427567, - 2018318290311833, - 1712060030915354, - ]), - y_minus_x: FieldElement51([ - 873966876953756, - 1090638350350440, - 1708559325189137, - 672344594801910, - 1320437969700239, - ]), - xy2d: FieldElement51([ - 1508590048271766, - 1131769479776094, - 101550868699323, - 428297785557897, - 561791648661744, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3008217384184691, - 2489682092917849, - 2136263418594015, - 1701968045454886, - 2955512998822720, - ]), - y_minus_x: FieldElement51([ - 1781187809325462, - 1697624151492346, - 1381393690939988, - 175194132284669, - 1483054666415238, - ]), - xy2d: FieldElement51([ - 2175517777364616, - 708781536456029, - 955668231122942, - 1967557500069555, - 2021208005604118, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3366935780292116, - 2476017186636029, - 915967306279221, - 593866251291540, - 2813546907893254, - ]), - y_minus_x: FieldElement51([ - 1443163092879439, - 391875531646162, - 2180847134654632, - 464538543018753, - 1594098196837178, - ]), - xy2d: FieldElement51([ - 850858855888869, - 319436476624586, - 327807784938441, - 740785849558761, - 17128415486016, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2132756334090048, - 2788047633840893, - 2300706964962114, - 2860273011285942, - 3513489358708031, - ]), - y_minus_x: FieldElement51([ - 1525176236978354, - 974205476721062, - 293436255662638, - 148269621098039, - 137961998433963, - ]), - xy2d: FieldElement51([ - 1121075518299410, - 2071745529082111, - 1265567917414828, - 1648196578317805, - 496232102750820, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2374121042985030, - 3274721891178932, - 2001275453369483, - 2017441881607947, - 3245005694463250, - ]), - y_minus_x: FieldElement51([ - 654925550560074, - 1168810995576858, - 575655959430926, - 905758704861388, - 496774564663534, - ]), - xy2d: FieldElement51([ - 1954109525779738, - 2117022646152485, - 338102630417180, - 1194140505732026, - 107881734943492, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1714785840001267, - 4288299832366837, - 1876380234251965, - 2056717182974196, - 1645855254384642, - ]), - y_minus_x: FieldElement51([ - 106431476499341, - 62482972120563, - 1513446655109411, - 807258751769522, - 538491469114, - ]), - xy2d: FieldElement51([ - 2002850762893643, - 1243624520538135, - 1486040410574605, - 2184752338181213, - 378495998083531, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 922510868424903, - 1089502620807680, - 402544072617374, - 1131446598479839, - 1290278588136533, - ]), - y_minus_x: FieldElement51([ - 1867998812076769, - 715425053580701, - 39968586461416, - 2173068014586163, - 653822651801304, - ]), - xy2d: FieldElement51([ - 162892278589453, - 182585796682149, - 75093073137630, - 497037941226502, - 133871727117371, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 4166396390264918, - 1608999621851577, - 1987629837704609, - 1519655314857977, - 1819193753409464, - ]), - y_minus_x: FieldElement51([ - 1949315551096831, - 1069003344994464, - 1939165033499916, - 1548227205730856, - 1933767655861407, - ]), - xy2d: FieldElement51([ - 1730519386931635, - 1393284965610134, - 1597143735726030, - 416032382447158, - 1429665248828629, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 360275475604546, - 2799635544748326, - 2467160717872776, - 2848446553564254, - 2584509464110332, - ]), - y_minus_x: FieldElement51([ - 47602113726801, - 1522314509708010, - 437706261372925, - 814035330438027, - 335930650933545, - ]), - xy2d: FieldElement51([ - 1291597595523886, - 1058020588994081, - 402837842324045, - 1363323695882781, - 2105763393033193, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2361321796251793, - 3967057562270386, - 1112231216891515, - 2046641005101484, - 2386048970842261, - ]), - y_minus_x: FieldElement51([ - 2156991030936798, - 2227544497153325, - 1869050094431622, - 754875860479115, - 1754242344267058, - ]), - xy2d: FieldElement51([ - 1846089562873800, - 98894784984326, - 1412430299204844, - 171351226625762, - 1100604760929008, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2335972195815721, - 2751510784385293, - 425749630620777, - 1762872794206857, - 2864642415813208, - ]), - y_minus_x: FieldElement51([ - 868309334532756, - 1703010512741873, - 1952690008738057, - 4325269926064, - 2071083554962116, - ]), - xy2d: FieldElement51([ - 523094549451158, - 401938899487815, - 1407690589076010, - 2022387426254453, - 158660516411257, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 612867287630009, - 2700012425789062, - 2823428891104443, - 1466796750919375, - 1728478129663858, - ]), - y_minus_x: FieldElement51([ - 1723848973783452, - 2208822520534681, - 1718748322776940, - 1974268454121942, - 1194212502258141, - ]), - xy2d: FieldElement51([ - 1254114807944608, - 977770684047110, - 2010756238954993, - 1783628927194099, - 1525962994408256, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2484263871921055, - 1948628555342433, - 1835348780427694, - 1031609499437291, - 2316271920603621, - ]), - y_minus_x: FieldElement51([ - 767338676040683, - 754089548318405, - 1523192045639075, - 435746025122062, - 512692508440385, - ]), - xy2d: FieldElement51([ - 1255955808701983, - 1700487367990941, - 1166401238800299, - 1175121994891534, - 1190934801395380, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2600943821853521, - 1337012557669161, - 1475912332999108, - 3573418268585706, - 2299411105589567, - ]), - y_minus_x: FieldElement51([ - 877519947135419, - 2172838026132651, - 272304391224129, - 1655143327559984, - 886229406429814, - ]), - xy2d: FieldElement51([ - 375806028254706, - 214463229793940, - 572906353144089, - 572168269875638, - 697556386112979, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1168827102357825, - 823864273033637, - 4323338565789945, - 788062026895923, - 2851378154428610, - ]), - y_minus_x: FieldElement51([ - 1948116082078088, - 2054898304487796, - 2204939184983900, - 210526805152138, - 786593586607626, - ]), - xy2d: FieldElement51([ - 1915320147894736, - 156481169009469, - 655050471180417, - 592917090415421, - 2165897438660879, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1726336468579724, - 1119932070398949, - 1929199510967666, - 2285718602008207, - 1836837863503149, - ]), - y_minus_x: FieldElement51([ - 829996854845988, - 217061778005138, - 1686565909803640, - 1346948817219846, - 1723823550730181, - ]), - xy2d: FieldElement51([ - 384301494966394, - 687038900403062, - 2211195391021739, - 254684538421383, - 1245698430589680, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1247567493562669, - 4229981908141095, - 2435671288478202, - 806570235643434, - 2540261331753164, - ]), - y_minus_x: FieldElement51([ - 1449077384734201, - 38285445457996, - 2136537659177832, - 2146493000841573, - 725161151123125, - ]), - xy2d: FieldElement51([ - 1201928866368855, - 800415690605445, - 1703146756828343, - 997278587541744, - 1858284414104014, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2608268623334125, - 3034173730618399, - 1718002439402869, - 3644022065904502, - 663171266061950, - ]), - y_minus_x: FieldElement51([ - 759628738230460, - 1012693474275852, - 353780233086498, - 246080061387552, - 2030378857679162, - ]), - xy2d: FieldElement51([ - 2040672435071076, - 888593182036908, - 1298443657189359, - 1804780278521327, - 354070726137060, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1894938527423184, - 3715012855162525, - 2726210319182898, - 2499094776718546, - 877975941029127, - ]), - y_minus_x: FieldElement51([ - 207937160991127, - 12966911039119, - 820997788283092, - 1010440472205286, - 1701372890140810, - ]), - xy2d: FieldElement51([ - 218882774543183, - 533427444716285, - 1233243976733245, - 435054256891319, - 1509568989549904, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 4140638349397055, - 3303977572025869, - 3465353617009382, - 2420981822812579, - 2715174081801119, - ]), - y_minus_x: FieldElement51([ - 299137589460312, - 1594371588983567, - 868058494039073, - 257771590636681, - 1805012993142921, - ]), - xy2d: FieldElement51([ - 1806842755664364, - 2098896946025095, - 1356630998422878, - 1458279806348064, - 347755825962072, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1402334161391744, - 3811883484731547, - 1008585416617746, - 1147797150908892, - 1420416683642459, - ]), - y_minus_x: FieldElement51([ - 665506704253369, - 273770475169863, - 799236974202630, - 848328990077558, - 1811448782807931, - ]), - xy2d: FieldElement51([ - 1468412523962641, - 771866649897997, - 1931766110147832, - 799561180078482, - 524837559150077, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2223212657821831, - 2882216061048914, - 2144451165500327, - 3068710944633039, - 3276150872095279, - ]), - y_minus_x: FieldElement51([ - 1266603897524861, - 156378408858100, - 1275649024228779, - 447738405888420, - 253186462063095, - ]), - xy2d: FieldElement51([ - 2022215964509735, - 136144366993649, - 1800716593296582, - 1193970603800203, - 871675847064218, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1862751661970309, - 851596246739884, - 1519315554814041, - 3794598280232697, - 3669775149586767, - ]), - y_minus_x: FieldElement51([ - 1228168094547481, - 334133883362894, - 587567568420081, - 433612590281181, - 603390400373205, - ]), - xy2d: FieldElement51([ - 121893973206505, - 1843345804916664, - 1703118377384911, - 497810164760654, - 101150811654673, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2710146069631716, - 2542709749304591, - 1452768413850678, - 2802722688939463, - 1537286854336537, - ]), - y_minus_x: FieldElement51([ - 584322311184395, - 380661238802118, - 114839394528060, - 655082270500073, - 2111856026034852, - ]), - xy2d: FieldElement51([ - 996965581008991, - 2148998626477022, - 1012273164934654, - 1073876063914522, - 1688031788934939, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3175286832534829, - 2085106799623354, - 2779882615305384, - 1606206360876187, - 2987706905397772, - ]), - y_minus_x: FieldElement51([ - 1697697887804317, - 1335343703828273, - 831288615207040, - 949416685250051, - 288760277392022, - ]), - xy2d: FieldElement51([ - 1419122478109648, - 1325574567803701, - 602393874111094, - 2107893372601700, - 1314159682671307, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2201150872731785, - 2180241023425241, - 2349463270108411, - 1633405770247823, - 3100744856129234, - ]), - y_minus_x: FieldElement51([ - 1173339555550611, - 818605084277583, - 47521504364289, - 924108720564965, - 735423405754506, - ]), - xy2d: FieldElement51([ - 830104860549448, - 1886653193241086, - 1600929509383773, - 1475051275443631, - 286679780900937, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3828911108518224, - 3282698983453994, - 2396700729978777, - 4216472406664814, - 2820189914640497, - ]), - y_minus_x: FieldElement51([ - 278388655910247, - 487143369099838, - 927762205508727, - 181017540174210, - 1616886700741287, - ]), - xy2d: FieldElement51([ - 1191033906638969, - 940823957346562, - 1606870843663445, - 861684761499847, - 658674867251089, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1875032594195527, - 1427106132796197, - 2976536204647406, - 3153660325729987, - 2887068310954007, - ]), - y_minus_x: FieldElement51([ - 622869792298357, - 1903919278950367, - 1922588621661629, - 1520574711600434, - 1087100760174640, - ]), - xy2d: FieldElement51([ - 25465949416618, - 1693639527318811, - 1526153382657203, - 125943137857169, - 145276964043999, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2466539671654587, - 920212862967914, - 4191701364657517, - 3463662605460468, - 2336897329405367, - ]), - y_minus_x: FieldElement51([ - 2006245852772938, - 734762734836159, - 254642929763427, - 1406213292755966, - 239303749517686, - ]), - xy2d: FieldElement51([ - 1619678837192149, - 1919424032779215, - 1357391272956794, - 1525634040073113, - 1310226789796241, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3292563523447371, - 1704449869235351, - 2857062884141577, - 1998838089036354, - 1312142911487502, - ]), - y_minus_x: FieldElement51([ - 1996723311435669, - 1844342766567060, - 985455700466044, - 1165924681400960, - 311508689870129, - ]), - xy2d: FieldElement51([ - 43173156290518, - 2202883069785309, - 1137787467085917, - 1733636061944606, - 1394992037553852, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 670078326344559, - 2807454838744604, - 2723759199967685, - 2141455487356408, - 849015953823125, - ]), - y_minus_x: FieldElement51([ - 2197214573372804, - 794254097241315, - 1030190060513737, - 267632515541902, - 2040478049202624, - ]), - xy2d: FieldElement51([ - 1812516004670529, - 1609256702920783, - 1706897079364493, - 258549904773295, - 996051247540686, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1540374301420565, - 1764656898914615, - 1810104162020396, - 3175608592848336, - 2916189887881826, - ]), - y_minus_x: FieldElement51([ - 1323460699404750, - 1262690757880991, - 871777133477900, - 1060078894988977, - 1712236889662886, - ]), - xy2d: FieldElement51([ - 1696163952057966, - 1391710137550823, - 608793846867416, - 1034391509472039, - 1780770894075012, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1367603834210822, - 4383788460268472, - 890353773628143, - 1908908219165595, - 2522636708938139, - ]), - y_minus_x: FieldElement51([ - 597536315471731, - 40375058742586, - 1942256403956049, - 1185484645495932, - 312666282024145, - ]), - xy2d: FieldElement51([ - 1919411405316294, - 1234508526402192, - 1066863051997083, - 1008444703737597, - 1348810787701552, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2102881477513865, - 3822074379630609, - 1573617900503707, - 2270462449417831, - 2232324307922097, - ]), - y_minus_x: FieldElement51([ - 1853931367696942, - 8107973870707, - 350214504129299, - 775206934582587, - 1752317649166792, - ]), - xy2d: FieldElement51([ - 1417148368003523, - 721357181628282, - 505725498207811, - 373232277872983, - 261634707184480, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2186733281493248, - 2250694917008620, - 1014829812957440, - 2731797975137637, - 2335366007561721, - ]), - y_minus_x: FieldElement51([ - 1268116367301224, - 560157088142809, - 802626839600444, - 2210189936605713, - 1129993785579988, - ]), - xy2d: FieldElement51([ - 615183387352312, - 917611676109240, - 878893615973325, - 978940963313282, - 938686890583575, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 522024729211672, - 3296859129001056, - 1892245413707789, - 1907891107684253, - 2059998109500714, - ]), - y_minus_x: FieldElement51([ - 1799679152208884, - 912132775900387, - 25967768040979, - 432130448590461, - 274568990261996, - ]), - xy2d: FieldElement51([ - 98698809797682, - 2144627600856209, - 1907959298569602, - 811491302610148, - 1262481774981493, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1791451399743152, - 1713538728337276, - 2370149810942738, - 1882306388849953, - 158235232210248, - ]), - y_minus_x: FieldElement51([ - 1217809823321928, - 2173947284933160, - 1986927836272325, - 1388114931125539, - 12686131160169, - ]), - xy2d: FieldElement51([ - 1650875518872272, - 1136263858253897, - 1732115601395988, - 734312880662190, - 1252904681142109, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2624786269799113, - 2777230729143418, - 2116279931702134, - 2753222527273063, - 1907002872974924, - ]), - y_minus_x: FieldElement51([ - 803147181835288, - 868941437997146, - 316299302989663, - 943495589630550, - 571224287904572, - ]), - xy2d: FieldElement51([ - 227742695588364, - 1776969298667369, - 628602552821802, - 457210915378118, - 2041906378111140, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 815000523470260, - 3164885502413555, - 3303859931956420, - 1345536665214222, - 541623413135555, - ]), - y_minus_x: FieldElement51([ - 1580216071604333, - 1877997504342444, - 857147161260913, - 703522726778478, - 2182763974211603, - ]), - xy2d: FieldElement51([ - 1870080310923419, - 71988220958492, - 1783225432016732, - 615915287105016, - 1035570475990230, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2982787564515398, - 857613889540279, - 1083813157271766, - 1002817255970169, - 1719228484436074, - ]), - y_minus_x: FieldElement51([ - 377616581647602, - 1581980403078513, - 804044118130621, - 2034382823044191, - 643844048472185, - ]), - xy2d: FieldElement51([ - 176957326463017, - 1573744060478586, - 528642225008045, - 1816109618372371, - 1515140189765006, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1888911448245718, - 3638910709296328, - 4176303607751676, - 1731539523700948, - 2230378382645454, - ]), - y_minus_x: FieldElement51([ - 443392177002051, - 233793396845137, - 2199506622312416, - 1011858706515937, - 974676837063129, - ]), - xy2d: FieldElement51([ - 1846351103143623, - 1949984838808427, - 671247021915253, - 1946756846184401, - 1929296930380217, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 849646212451983, - 1410198775302919, - 2325567699868943, - 1641663456615811, - 3014056086137659, - ]), - y_minus_x: FieldElement51([ - 692017667358279, - 723305578826727, - 1638042139863265, - 748219305990306, - 334589200523901, - ]), - xy2d: FieldElement51([ - 22893968530686, - 2235758574399251, - 1661465835630252, - 925707319443452, - 1203475116966621, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3053098849470395, - 3985092410411378, - 1664508947088595, - 2719548934677170, - 3899298398220870, - ]), - y_minus_x: FieldElement51([ - 903105258014366, - 427141894933047, - 561187017169777, - 1884330244401954, - 1914145708422219, - ]), - xy2d: FieldElement51([ - 1344191060517578, - 1960935031767890, - 1518838929955259, - 1781502350597190, - 1564784025565682, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2925523165433334, - 1979969272514922, - 3427087126180756, - 1187589090978665, - 1881897672213940, - ]), - y_minus_x: FieldElement51([ - 1917185587363432, - 1098342571752737, - 5935801044414, - 2000527662351839, - 1538640296181569, - ]), - xy2d: FieldElement51([ - 2495540013192, - 678856913479236, - 224998292422872, - 219635787698590, - 1972465269000940, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 271413961212179, - 3604851875156899, - 2596511104968730, - 2014925838520661, - 2006221033113941, - ]), - y_minus_x: FieldElement51([ - 194583029968109, - 514316781467765, - 829677956235672, - 1676415686873082, - 810104584395840, - ]), - xy2d: FieldElement51([ - 1980510813313589, - 1948645276483975, - 152063780665900, - 129968026417582, - 256984195613935, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1860190562533083, - 1936576191345085, - 2712900106391212, - 1811043097042829, - 3209286562992083, - ]), - y_minus_x: FieldElement51([ - 796664815624365, - 1543160838872951, - 1500897791837765, - 1667315977988401, - 599303877030711, - ]), - xy2d: FieldElement51([ - 1151480509533204, - 2136010406720455, - 738796060240027, - 319298003765044, - 1150614464349587, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1731069268103131, - 2987442261301335, - 1364750481334267, - 2669032653668119, - 3178908082812908, - ]), - y_minus_x: FieldElement51([ - 1017222050227968, - 1987716148359, - 2234319589635701, - 621282683093392, - 2132553131763026, - ]), - xy2d: FieldElement51([ - 1567828528453324, - 1017807205202360, - 565295260895298, - 829541698429100, - 307243822276582, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 249079270936229, - 1501514259790706, - 3199709537890096, - 944551802437486, - 2804458577667728, - ]), - y_minus_x: FieldElement51([ - 2089966982947227, - 1854140343916181, - 2151980759220007, - 2139781292261749, - 158070445864917, - ]), - xy2d: FieldElement51([ - 1338766321464554, - 1906702607371284, - 1519569445519894, - 115384726262267, - 1393058953390992, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3616421371950629, - 3764188048593604, - 1926731583198685, - 2041482526432505, - 3172200936019022, - ]), - y_minus_x: FieldElement51([ - 1884844597333588, - 601480070269079, - 620203503079537, - 1079527400117915, - 1202076693132015, - ]), - xy2d: FieldElement51([ - 840922919763324, - 727955812569642, - 1303406629750194, - 522898432152867, - 294161410441865, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2605560604520539, - 1598361541848742, - 3374705511887547, - 4174333403844152, - 2670907514351827, - ]), - y_minus_x: FieldElement51([ - 359856369838236, - 180914355488683, - 861726472646627, - 218807937262986, - 575626773232501, - ]), - xy2d: FieldElement51([ - 755467689082474, - 909202735047934, - 730078068932500, - 936309075711518, - 2007798262842972, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1609384177904054, - 2614544999293875, - 1335318541768200, - 3052765584121496, - 2799677792952659, - ]), - y_minus_x: FieldElement51([ - 984339177776787, - 815727786505884, - 1645154585713747, - 1659074964378553, - 1686601651984156, - ]), - xy2d: FieldElement51([ - 1697863093781930, - 599794399429786, - 1104556219769607, - 830560774794755, - 12812858601017, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1168737550514982, - 897832437380552, - 463140296333799, - 2554364413707795, - 2008360505135500, - ]), - y_minus_x: FieldElement51([ - 1856930662813910, - 678090852002597, - 1920179140755167, - 1259527833759868, - 55540971895511, - ]), - xy2d: FieldElement51([ - 1158643631044921, - 476554103621892, - 178447851439725, - 1305025542653569, - 103433927680625, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2176793111709008, - 3828525530035639, - 2009350167273522, - 2012390194631546, - 2125297410909580, - ]), - y_minus_x: FieldElement51([ - 825403285195098, - 2144208587560784, - 1925552004644643, - 1915177840006985, - 1015952128947864, - ]), - xy2d: FieldElement51([ - 1807108316634472, - 1534392066433717, - 347342975407218, - 1153820745616376, - 7375003497471, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3234860815484973, - 2683011703586488, - 2201903782961092, - 3069193724749589, - 2214616493042166, - ]), - y_minus_x: FieldElement51([ - 228567918409756, - 865093958780220, - 358083886450556, - 159617889659320, - 1360637926292598, - ]), - xy2d: FieldElement51([ - 234147501399755, - 2229469128637390, - 2175289352258889, - 1397401514549353, - 1885288963089922, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3363562226636810, - 2504649386192636, - 3300514047508588, - 2397910909286693, - 1237505378776769, - ]), - y_minus_x: FieldElement51([ - 1113790697840279, - 1051167139966244, - 1045930658550944, - 2011366241542643, - 1686166824620755, - ]), - xy2d: FieldElement51([ - 1054097349305049, - 1872495070333352, - 182121071220717, - 1064378906787311, - 100273572924182, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3558210666856834, - 1627717417672446, - 2302783034773665, - 1109249951172249, - 3122001602766640, - ]), - y_minus_x: FieldElement51([ - 104233794644221, - 1548919791188248, - 2224541913267306, - 2054909377116478, - 1043803389015153, - ]), - xy2d: FieldElement51([ - 216762189468802, - 707284285441622, - 190678557969733, - 973969342604308, - 1403009538434867, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3530824104723725, - 2596576648903557, - 2525521909702446, - 4086000250496689, - 634517197663803, - ]), - y_minus_x: FieldElement51([ - 343805853118335, - 1302216857414201, - 566872543223541, - 2051138939539004, - 321428858384280, - ]), - xy2d: FieldElement51([ - 470067171324852, - 1618629234173951, - 2000092177515639, - 7307679772789, - 1117521120249968, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2529951391976704, - 1810282338562946, - 1771599529530998, - 3635459223356879, - 2937173228157088, - ]), - y_minus_x: FieldElement51([ - 577009397403102, - 1791440261786291, - 2177643735971638, - 174546149911960, - 1412505077782326, - ]), - xy2d: FieldElement51([ - 893719721537457, - 1201282458018197, - 1522349501711173, - 58011597740583, - 1130406465887139, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 412607348255434, - 1280455764199780, - 2233277987330768, - 2265979894086913, - 2583384512102412, - ]), - y_minus_x: FieldElement51([ - 262483770854550, - 990511055108216, - 526885552771698, - 571664396646158, - 354086190278723, - ]), - xy2d: FieldElement51([ - 1820352417585487, - 24495617171480, - 1547899057533253, - 10041836186225, - 480457105094042, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2023310314989233, - 2889705151211129, - 2106474638900686, - 2809620524769320, - 1687858215057825, - ]), - y_minus_x: FieldElement51([ - 1144168702609745, - 604444390410187, - 1544541121756138, - 1925315550126027, - 626401428894002, - ]), - xy2d: FieldElement51([ - 1922168257351784, - 2018674099908659, - 1776454117494445, - 956539191509034, - 36031129147635, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2796444352433270, - 1039872944430373, - 3128550222815858, - 2962457525011798, - 3468752501170219, - ]), - y_minus_x: FieldElement51([ - 58242421545916, - 2035812695641843, - 2118491866122923, - 1191684463816273, - 46921517454099, - ]), - xy2d: FieldElement51([ - 272268252444639, - 1374166457774292, - 2230115177009552, - 1053149803909880, - 1354288411641016, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1857910905368338, - 1754729879288912, - 3137745277795125, - 1516096106802165, - 1602902393369811, - ]), - y_minus_x: FieldElement51([ - 1193437069800958, - 901107149704790, - 999672920611411, - 477584824802207, - 364239578697845, - ]), - xy2d: FieldElement51([ - 886299989548838, - 1538292895758047, - 1590564179491896, - 1944527126709657, - 837344427345298, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3006358179063534, - 1712186480903617, - 3955456640022779, - 3002110732175033, - 2770795853936147, - ]), - y_minus_x: FieldElement51([ - 1309847803895382, - 1462151862813074, - 211370866671570, - 1544595152703681, - 1027691798954090, - ]), - xy2d: FieldElement51([ - 803217563745370, - 1884799722343599, - 1357706345069218, - 2244955901722095, - 730869460037413, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2941099284981214, - 1831210565161070, - 3626987155270686, - 3358084791231418, - 1893781834054268, - ]), - y_minus_x: FieldElement51([ - 696351368613042, - 1494385251239250, - 738037133616932, - 636385507851544, - 927483222611406, - ]), - xy2d: FieldElement51([ - 1949114198209333, - 1104419699537997, - 783495707664463, - 1747473107602770, - 2002634765788641, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1607325776830197, - 2782683755100581, - 1451089452727894, - 3833490970768671, - 496100432831153, - ]), - y_minus_x: FieldElement51([ - 1068900648804224, - 2006891997072550, - 1134049269345549, - 1638760646180091, - 2055396084625778, - ]), - xy2d: FieldElement51([ - 2222475519314561, - 1870703901472013, - 1884051508440561, - 1344072275216753, - 1318025677799069, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 155711679280637, - 681100400509288, - 389811735211209, - 2135723811340709, - 2660533024889373, - ]), - y_minus_x: FieldElement51([ - 7813206966729, - 194444201427550, - 2071405409526507, - 1065605076176312, - 1645486789731291, - ]), - xy2d: FieldElement51([ - 16625790644959, - 1647648827778410, - 1579910185572704, - 436452271048548, - 121070048451050, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3289062842237779, - 2820185594063076, - 2549752917829677, - 3810384325616458, - 2238221839292470, - ]), - y_minus_x: FieldElement51([ - 190565267697443, - 672855706028058, - 338796554369226, - 337687268493904, - 853246848691734, - ]), - xy2d: FieldElement51([ - 1763863028400139, - 766498079432444, - 1321118624818005, - 69494294452268, - 858786744165651, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3543856582248253, - 1456632109855637, - 3352431060735432, - 1386133165675320, - 3484698163879000, - ]), - y_minus_x: FieldElement51([ - 366253102478259, - 525676242508811, - 1449610995265438, - 1183300845322183, - 185960306491545, - ]), - xy2d: FieldElement51([ - 28315355815982, - 460422265558930, - 1799675876678724, - 1969256312504498, - 1051823843138725, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2408714813047231, - 3857948219405196, - 1665208410108429, - 2569443092377519, - 1383783705665319, - ]), - y_minus_x: FieldElement51([ - 54684536365732, - 2210010038536222, - 1194984798155308, - 535239027773705, - 1516355079301361, - ]), - xy2d: FieldElement51([ - 1484387703771650, - 198537510937949, - 2186282186359116, - 617687444857508, - 647477376402122, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2147715541830533, - 2751832352131065, - 2898179830570073, - 2604027669016369, - 1488268620408051, - ]), - y_minus_x: FieldElement51([ - 159386186465542, - 1877626593362941, - 618737197060512, - 1026674284330807, - 1158121760792685, - ]), - xy2d: FieldElement51([ - 1744544377739822, - 1964054180355661, - 1685781755873170, - 2169740670377448, - 1286112621104591, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2333777063470241, - 3919742931398333, - 3920783633320113, - 1605016835177614, - 1353960708075544, - ]), - y_minus_x: FieldElement51([ - 1602253788689063, - 439542044889886, - 2220348297664483, - 657877410752869, - 157451572512238, - ]), - xy2d: FieldElement51([ - 1029287186166717, - 65860128430192, - 525298368814832, - 1491902500801986, - 1461064796385400, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2660016802414475, - 2121095722306988, - 913562102267595, - 1879708920318308, - 2492861262121979, - ]), - y_minus_x: FieldElement51([ - 1185483484383269, - 1356339572588553, - 584932367316448, - 102132779946470, - 1792922621116791, - ]), - xy2d: FieldElement51([ - 1966196870701923, - 2230044620318636, - 1425982460745905, - 261167817826569, - 46517743394330, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2358877405280588, - 3136759755857592, - 2279106683482647, - 2224911448949389, - 3216151871930471, - ]), - y_minus_x: FieldElement51([ - 1730194207717538, - 431790042319772, - 1831515233279467, - 1372080552768581, - 1074513929381760, - ]), - xy2d: FieldElement51([ - 1450880638731607, - 1019861580989005, - 1229729455116861, - 1174945729836143, - 826083146840706, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1899935429242705, - 1602068751520477, - 940583196550370, - 2334230882739107, - 1540863155745695, - ]), - y_minus_x: FieldElement51([ - 2136688454840028, - 2099509000964294, - 1690800495246475, - 1217643678575476, - 828720645084218, - ]), - xy2d: FieldElement51([ - 765548025667841, - 462473984016099, - 998061409979798, - 546353034089527, - 2212508972466858, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2298375097456408, - 3144370785258318, - 1281983193144089, - 1491520128287375, - 75847005908304, - ]), - y_minus_x: FieldElement51([ - 1801436127943107, - 1734436817907890, - 1268728090345068, - 167003097070711, - 2233597765834956, - ]), - xy2d: FieldElement51([ - 1997562060465113, - 1048700225534011, - 7615603985628, - 1855310849546841, - 2242557647635213, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1161017320376250, - 2744424393854291, - 2169815802355236, - 3228296595417790, - 1770879511019628, - ]), - y_minus_x: FieldElement51([ - 1357044908364776, - 729130645262438, - 1762469072918979, - 1365633616878458, - 181282906404941, - ]), - xy2d: FieldElement51([ - 1080413443139865, - 1155205815510486, - 1848782073549786, - 622566975152580, - 124965574467971, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1184526762066993, - 247622751762817, - 2943928830891604, - 3071818503097743, - 2188697339828084, - ]), - y_minus_x: FieldElement51([ - 2020536369003019, - 202261491735136, - 1053169669150884, - 2056531979272544, - 778165514694311, - ]), - xy2d: FieldElement51([ - 237404399610207, - 1308324858405118, - 1229680749538400, - 720131409105291, - 1958958863624906, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2767383321724075, - 2269456792542436, - 1717918437373988, - 1568052070792483, - 2298775616809171, - ]), - y_minus_x: FieldElement51([ - 281527309158085, - 36970532401524, - 866906920877543, - 2222282602952734, - 1289598729589882, - ]), - xy2d: FieldElement51([ - 1278207464902042, - 494742455008756, - 1262082121427081, - 1577236621659884, - 1888786707293291, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 353042527954210, - 1830056151907359, - 1111731275799225, - 2426760769524072, - 404312815582674, - ]), - y_minus_x: FieldElement51([ - 2064251142068628, - 1666421603389706, - 1419271365315441, - 468767774902855, - 191535130366583, - ]), - xy2d: FieldElement51([ - 1716987058588002, - 1859366439773457, - 1767194234188234, - 64476199777924, - 1117233614485261, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3236091949205521, - 2386938060636506, - 2220652137473166, - 1722843421165029, - 2442282371698157, - ]), - y_minus_x: FieldElement51([ - 298845952651262, - 1166086588952562, - 1179896526238434, - 1347812759398693, - 1412945390096208, - ]), - xy2d: FieldElement51([ - 1143239552672925, - 906436640714209, - 2177000572812152, - 2075299936108548, - 325186347798433, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2972824668060020, - 2936287674948563, - 3625238557779406, - 2193186935276994, - 1387043709851261, - ]), - y_minus_x: FieldElement51([ - 418098668140962, - 715065997721283, - 1471916138376055, - 2168570337288357, - 937812682637044, - ]), - xy2d: FieldElement51([ - 1043584187226485, - 2143395746619356, - 2209558562919611, - 482427979307092, - 847556718384018, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1248731221520740, - 1465200936117687, - 2792603306395388, - 2304778448366139, - 2513234303861356, - ]), - y_minus_x: FieldElement51([ - 1057329623869501, - 620334067429122, - 461700859268034, - 2012481616501857, - 297268569108938, - ]), - xy2d: FieldElement51([ - 1055352180870759, - 1553151421852298, - 1510903185371259, - 1470458349428097, - 1226259419062731, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3744788603986897, - 3042126439258578, - 3441906842094992, - 3641194565844440, - 3872208010289441, - ]), - y_minus_x: FieldElement51([ - 47000654413729, - 1004754424173864, - 1868044813557703, - 173236934059409, - 588771199737015, - ]), - xy2d: FieldElement51([ - 30498470091663, - 1082245510489825, - 576771653181956, - 806509986132686, - 1317634017056939, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2672107869436803, - 3745154677001249, - 2417006535213335, - 4136645508605033, - 2065456951573058, - ]), - y_minus_x: FieldElement51([ - 1115636332012334, - 1854340990964155, - 83792697369514, - 1972177451994021, - 457455116057587, - ]), - xy2d: FieldElement51([ - 1698968457310898, - 1435137169051090, - 1083661677032510, - 938363267483709, - 340103887207182, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1995325341336555, - 911500251774648, - 2415810569088940, - 855378419194761, - 3825401211214090, - ]), - y_minus_x: FieldElement51([ - 241719380661528, - 310028521317150, - 1215881323380194, - 1408214976493624, - 2141142156467363, - ]), - xy2d: FieldElement51([ - 1315157046163473, - 727368447885818, - 1363466668108618, - 1668921439990361, - 1398483384337907, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2326829491984875, - 3267188020145720, - 1849729037055211, - 4191614430138232, - 2696204044080201, - ]), - y_minus_x: FieldElement51([ - 2053597130993710, - 2024431685856332, - 2233550957004860, - 2012407275509545, - 872546993104440, - ]), - xy2d: FieldElement51([ - 1217269667678610, - 599909351968693, - 1390077048548598, - 1471879360694802, - 739586172317596, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3970118453066023, - 1560510726633957, - 3156262694845170, - 1418028351780051, - 2346204163137185, - ]), - y_minus_x: FieldElement51([ - 2132502667405250, - 214379346175414, - 1502748313768060, - 1960071701057800, - 1353971822643138, - ]), - xy2d: FieldElement51([ - 319394212043702, - 2127459436033571, - 717646691535162, - 663366796076914, - 318459064945314, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2657789238608841, - 1960452633787082, - 2919148848086913, - 3744474074452359, - 1451061489880786, - ]), - y_minus_x: FieldElement51([ - 947085906234007, - 323284730494107, - 1485778563977200, - 728576821512394, - 901584347702286, - ]), - xy2d: FieldElement51([ - 1575783124125742, - 2126210792434375, - 1569430791264065, - 1402582372904727, - 1891780248341114, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3090232019245924, - 4249503325136911, - 3270591693593114, - 1662001808174330, - 2330127946643001, - ]), - y_minus_x: FieldElement51([ - 739152638255629, - 2074935399403557, - 505483666745895, - 1611883356514088, - 628654635394878, - ]), - xy2d: FieldElement51([ - 1822054032121349, - 643057948186973, - 7306757352712, - 577249257962099, - 284735863382083, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3618358370049178, - 1448606567552085, - 3730680834630016, - 2417602993041145, - 1115718458123497, - ]), - y_minus_x: FieldElement51([ - 204146226972102, - 1630511199034723, - 2215235214174763, - 174665910283542, - 956127674017216, - ]), - xy2d: FieldElement51([ - 1562934578796716, - 1070893489712745, - 11324610642270, - 958989751581897, - 2172552325473805, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1770564423056008, - 2987323445349813, - 1326060113795288, - 1509650369341127, - 2317692235267932, - ]), - y_minus_x: FieldElement51([ - 623682558650637, - 1337866509471512, - 990313350206649, - 1314236615762469, - 1164772974270275, - ]), - xy2d: FieldElement51([ - 223256821462517, - 723690150104139, - 1000261663630601, - 933280913953265, - 254872671543046, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1969087237026022, - 2876595539132372, - 1335555107635968, - 2069986355593023, - 3963899963027150, - ]), - y_minus_x: FieldElement51([ - 1236103475266979, - 1837885883267218, - 1026072585230455, - 1025865513954973, - 1801964901432134, - ]), - xy2d: FieldElement51([ - 1115241013365517, - 1712251818829143, - 2148864332502771, - 2096001471438138, - 2235017246626125, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3551068012286861, - 2047148477845620, - 2165648650132450, - 1612539282026145, - 2765997725314138, - ]), - y_minus_x: FieldElement51([ - 118352772338543, - 1067608711804704, - 1434796676193498, - 1683240170548391, - 230866769907437, - ]), - xy2d: FieldElement51([ - 1850689576796636, - 1601590730430274, - 1139674615958142, - 1954384401440257, - 76039205311, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1723387471374172, - 3249101280723658, - 2785727448808904, - 2272728458379212, - 1756575222802512, - ]), - y_minus_x: FieldElement51([ - 2146711623855116, - 503278928021499, - 625853062251406, - 1109121378393107, - 1033853809911861, - ]), - xy2d: FieldElement51([ - 571005965509422, - 2005213373292546, - 1016697270349626, - 56607856974274, - 914438579435146, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1346698876211176, - 2076651707527589, - 3336561384795453, - 2517134292513653, - 1068954492309670, - ]), - y_minus_x: FieldElement51([ - 1769967932677654, - 1695893319756416, - 1151863389675920, - 1781042784397689, - 400287774418285, - ]), - xy2d: FieldElement51([ - 1851867764003121, - 403841933237558, - 820549523771987, - 761292590207581, - 1743735048551143, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 410915148140008, - 2107072311871739, - 3256167275561751, - 2351484709082008, - 1180818713503223, - ]), - y_minus_x: FieldElement51([ - 285945406881439, - 648174397347453, - 1098403762631981, - 1366547441102991, - 1505876883139217, - ]), - xy2d: FieldElement51([ - 672095903120153, - 1675918957959872, - 636236529315028, - 1569297300327696, - 2164144194785875, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1902708175321798, - 3287143344600686, - 1178560808893262, - 2552895497743394, - 1280977479761117, - ]), - y_minus_x: FieldElement51([ - 1615357281742403, - 404257611616381, - 2160201349780978, - 1160947379188955, - 1578038619549541, - ]), - xy2d: FieldElement51([ - 2013087639791217, - 822734930507457, - 1785668418619014, - 1668650702946164, - 389450875221715, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2705718263383616, - 2358206633614248, - 2072540975937134, - 308588860670238, - 1304394580755385, - ]), - y_minus_x: FieldElement51([ - 1295082798350326, - 2091844511495996, - 1851348972587817, - 3375039684596, - 789440738712837, - ]), - xy2d: FieldElement51([ - 2083069137186154, - 848523102004566, - 993982213589257, - 1405313299916317, - 1532824818698468, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3747761112537659, - 1397203457344778, - 4026750030752190, - 2391102557240943, - 2318403398028034, - ]), - y_minus_x: FieldElement51([ - 1782411379088302, - 1096724939964781, - 27593390721418, - 542241850291353, - 1540337798439873, - ]), - xy2d: FieldElement51([ - 693543956581437, - 171507720360750, - 1557908942697227, - 1074697073443438, - 1104093109037196, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 345288228393400, - 3351443383432420, - 2386681722088990, - 1740551994106739, - 2500011992985018, - ]), - y_minus_x: FieldElement51([ - 231429562203065, - 1526290236421172, - 2021375064026423, - 1520954495658041, - 806337791525116, - ]), - xy2d: FieldElement51([ - 1079623667189886, - 872403650198613, - 766894200588288, - 2163700860774109, - 2023464507911816, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 854645372543796, - 1936406001954827, - 2403260476226501, - 3077125552956802, - 1554306377287555, - ]), - y_minus_x: FieldElement51([ - 1497138821904622, - 1044820250515590, - 1742593886423484, - 1237204112746837, - 849047450816987, - ]), - xy2d: FieldElement51([ - 667962773375330, - 1897271816877105, - 1399712621683474, - 1143302161683099, - 2081798441209593, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2378947665252234, - 1936114012888109, - 1704424366552046, - 3108474694401560, - 2968403435020606, - ]), - y_minus_x: FieldElement51([ - 1072409664800960, - 2146937497077528, - 1508780108920651, - 935767602384853, - 1112800433544068, - ]), - xy2d: FieldElement51([ - 333549023751292, - 280219272863308, - 2104176666454852, - 1036466864875785, - 536135186520207, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2625466093568366, - 2398257055215356, - 2555916080813104, - 2667888562832962, - 3510376944868638, - ]), - y_minus_x: FieldElement51([ - 1186115062588401, - 2251609796968486, - 1098944457878953, - 1153112761201374, - 1791625503417267, - ]), - xy2d: FieldElement51([ - 1870078460219737, - 2129630962183380, - 852283639691142, - 292865602592851, - 401904317342226, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1361070124828016, - 815664541425524, - 3278598711049919, - 1951790935390646, - 2807674705520038, - ]), - y_minus_x: FieldElement51([ - 1546301003424277, - 459094500062839, - 1097668518375311, - 1780297770129643, - 720763293687608, - ]), - xy2d: FieldElement51([ - 1212405311403990, - 1536693382542438, - 61028431067459, - 1863929423417129, - 1223219538638038, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1294303766540260, - 3435357279640341, - 3134071170918340, - 2315654383110622, - 2213283684565086, - ]), - y_minus_x: FieldElement51([ - 339050984211414, - 601386726509773, - 413735232134068, - 966191255137228, - 1839475899458159, - ]), - xy2d: FieldElement51([ - 235605972169408, - 2174055643032978, - 1538335001838863, - 1281866796917192, - 1815940222628465, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1632352921721536, - 1833328609514701, - 2092779091951987, - 4175756015558474, - 2210068022482918, - ]), - y_minus_x: FieldElement51([ - 35271216625062, - 1712350667021807, - 983664255668860, - 98571260373038, - 1232645608559836, - ]), - xy2d: FieldElement51([ - 1998172393429622, - 1798947921427073, - 784387737563581, - 1589352214827263, - 1589861734168180, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1733739258725305, - 2283515530744786, - 2453769758904107, - 3243892858242237, - 1194308773174555, - ]), - y_minus_x: FieldElement51([ - 846415389605137, - 746163495539180, - 829658752826080, - 592067705956946, - 957242537821393, - ]), - xy2d: FieldElement51([ - 1758148849754419, - 619249044817679, - 168089007997045, - 1371497636330523, - 1867101418880350, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2578433797894864, - 2513559319756263, - 1700682323676192, - 1577907266349064, - 3469447477068264, - ]), - y_minus_x: FieldElement51([ - 1714182387328607, - 1477856482074168, - 574895689942184, - 2159118410227270, - 1555532449716575, - ]), - xy2d: FieldElement51([ - 853828206885131, - 998498946036955, - 1835887550391235, - 207627336608048, - 258363815956050, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2392941288336925, - 3488528558590503, - 2894901233585134, - 1646615130509172, - 1208239602291765, - ]), - y_minus_x: FieldElement51([ - 1501663228068911, - 1354879465566912, - 1444432675498247, - 897812463852601, - 855062598754348, - ]), - xy2d: FieldElement51([ - 714380763546606, - 1032824444965790, - 1774073483745338, - 1063840874947367, - 1738680636537158, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1640635546696233, - 2884968766877360, - 2212651044092395, - 2282390772269100, - 2620315074574625, - ]), - y_minus_x: FieldElement51([ - 1171650314802029, - 1567085444565577, - 1453660792008405, - 757914533009261, - 1619511342778196, - ]), - xy2d: FieldElement51([ - 420958967093237, - 971103481109486, - 2169549185607107, - 1301191633558497, - 1661514101014240, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3158923465503550, - 1332556122804145, - 4075855067109735, - 3619414031128206, - 1982558335973171, - ]), - y_minus_x: FieldElement51([ - 1121533090144639, - 1021251337022187, - 110469995947421, - 1511059774758394, - 2110035908131662, - ]), - xy2d: FieldElement51([ - 303213233384524, - 2061932261128138, - 352862124777736, - 40828818670255, - 249879468482660, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 856559257852200, - 2760317478634258, - 3629993581580163, - 3975258940632376, - 1962275756614520, - ]), - y_minus_x: FieldElement51([ - 1445691340537320, - 40614383122127, - 402104303144865, - 485134269878232, - 1659439323587426, - ]), - xy2d: FieldElement51([ - 20057458979482, - 1183363722525800, - 2140003847237215, - 2053873950687614, - 2112017736174909, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2228654250927986, - 3735391177100515, - 1368661293910955, - 3328311098862539, - 526650682059607, - ]), - y_minus_x: FieldElement51([ - 709481497028540, - 531682216165724, - 316963769431931, - 1814315888453765, - 258560242424104, - ]), - xy2d: FieldElement51([ - 1053447823660455, - 1955135194248683, - 1010900954918985, - 1182614026976701, - 1240051576966610, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1957943897155478, - 1788667368028035, - 2389492723714354, - 2252839333292309, - 3078204576998275, - ]), - y_minus_x: FieldElement51([ - 1848942433095597, - 1582009882530495, - 1849292741020143, - 1068498323302788, - 2001402229799484, - ]), - xy2d: FieldElement51([ - 1528282417624269, - 2142492439828191, - 2179662545816034, - 362568973150328, - 1591374675250271, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2411826493119617, - 2484141002903963, - 2149181472355544, - 598041771119831, - 2435658815595421, - ]), - y_minus_x: FieldElement51([ - 2013278155187349, - 662660471354454, - 793981225706267, - 411706605985744, - 804490933124791, - ]), - xy2d: FieldElement51([ - 2051892037280204, - 488391251096321, - 2230187337030708, - 930221970662692, - 679002758255210, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1530723630438670, - 875873929577927, - 2593359947955236, - 2701702933216000, - 1055551308214178, - ]), - y_minus_x: FieldElement51([ - 1461835919309432, - 1955256480136428, - 180866187813063, - 1551979252664528, - 557743861963950, - ]), - xy2d: FieldElement51([ - 359179641731115, - 1324915145732949, - 902828372691474, - 294254275669987, - 1887036027752957, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 4295071423139571, - 2038225437857463, - 1317528426475850, - 1398989128982787, - 2027639881006861, - ]), - y_minus_x: FieldElement51([ - 2072902725256516, - 312132452743412, - 309930885642209, - 996244312618453, - 1590501300352303, - ]), - xy2d: FieldElement51([ - 1397254305160710, - 695734355138021, - 2233992044438756, - 1776180593969996, - 1085588199351115, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2692366865016258, - 2506694600041928, - 2745669038615469, - 1556322069683365, - 3819256354004466, - ]), - y_minus_x: FieldElement51([ - 1950722461391320, - 1907845598854797, - 1822757481635527, - 2121567704750244, - 73811931471221, - ]), - xy2d: FieldElement51([ - 387139307395758, - 2058036430315676, - 1220915649965325, - 1794832055328951, - 1230009312169328, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1765973779329498, - 2911143873132225, - 2271621715291913, - 3553728154996461, - 3368065817761132, - ]), - y_minus_x: FieldElement51([ - 1127572801181483, - 1224743760571696, - 1276219889847274, - 1529738721702581, - 1589819666871853, - ]), - xy2d: FieldElement51([ - 2181229378964934, - 2190885205260020, - 1511536077659137, - 1246504208580490, - 668883326494241, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2689666469258543, - 2920826224880015, - 2333696811665585, - 523874406393177, - 2496851874620484, - ]), - y_minus_x: FieldElement51([ - 1975438052228868, - 1071801519999806, - 594652299224319, - 1877697652668809, - 1489635366987285, - ]), - xy2d: FieldElement51([ - 958592545673770, - 233048016518599, - 851568750216589, - 567703851596087, - 1740300006094761, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2014540178270324, - 192672779514432, - 2465676996326778, - 2194819933853410, - 1716422829364835, - ]), - y_minus_x: FieldElement51([ - 1540769606609725, - 2148289943846077, - 1597804156127445, - 1230603716683868, - 815423458809453, - ]), - xy2d: FieldElement51([ - 1738560251245018, - 1779576754536888, - 1783765347671392, - 1880170990446751, - 1088225159617541, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2911103727614740, - 1956447718227572, - 1830568515922666, - 3092868863429656, - 1669607124206367, - ]), - y_minus_x: FieldElement51([ - 1143465490433355, - 1532194726196059, - 1093276745494697, - 481041706116088, - 2121405433561163, - ]), - xy2d: FieldElement51([ - 1686424298744462, - 1451806974487153, - 266296068846582, - 1834686947542675, - 1720762336132256, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3141016840074207, - 3295090436969907, - 3107924901237156, - 1669272323124635, - 1603340330827879, - ]), - y_minus_x: FieldElement51([ - 1206396181488998, - 333158148435054, - 1402633492821422, - 1120091191722026, - 1945474114550509, - ]), - xy2d: FieldElement51([ - 766720088232571, - 1512222781191002, - 1189719893490790, - 2091302129467914, - 2141418006894941, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2671463460991841, - 1998875112167986, - 3678399683938955, - 3406728169064757, - 2738338345823434, - ]), - y_minus_x: FieldElement51([ - 938160078005954, - 1421776319053174, - 1941643234741774, - 180002183320818, - 1414380336750546, - ]), - xy2d: FieldElement51([ - 398001940109652, - 1577721237663248, - 1012748649830402, - 1540516006905144, - 1011684812884559, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1653276489969611, - 2257881638852872, - 1921777941170835, - 1604139841794531, - 3113010867325889, - ]), - y_minus_x: FieldElement51([ - 996661541407379, - 1455877387952927, - 744312806857277, - 139213896196746, - 1000282908547789, - ]), - xy2d: FieldElement51([ - 1450817495603008, - 1476865707053229, - 1030490562252053, - 620966950353376, - 1744760161539058, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2811528223687828, - 2288856475326432, - 2038622963352005, - 1637244893271723, - 3278365165924196, - ]), - y_minus_x: FieldElement51([ - 962165956135846, - 1116599660248791, - 182090178006815, - 1455605467021751, - 196053588803284, - ]), - xy2d: FieldElement51([ - 796863823080135, - 1897365583584155, - 420466939481601, - 2165972651724672, - 932177357788289, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 877047233620613, - 1375632631944375, - 2895573425567369, - 2911822552533124, - 2271153746017078, - ]), - y_minus_x: FieldElement51([ - 2216943882299338, - 394841323190322, - 2222656898319671, - 558186553950529, - 1077236877025190, - ]), - xy2d: FieldElement51([ - 801118384953213, - 1914330175515892, - 574541023311511, - 1471123787903705, - 1526158900256288, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3201417702772463, - 2207116611267330, - 3164719852826535, - 2752958352884036, - 2314162374456719, - ]), - y_minus_x: FieldElement51([ - 1474518386765335, - 1760793622169197, - 1157399790472736, - 1622864308058898, - 165428294422792, - ]), - xy2d: FieldElement51([ - 1961673048027128, - 102619413083113, - 1051982726768458, - 1603657989805485, - 1941613251499678, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1401939116319247, - 2587106153588320, - 2323846009771033, - 862423201496005, - 3102318568216632, - ]), - y_minus_x: FieldElement51([ - 1234706593321979, - 1083343891215917, - 898273974314935, - 1640859118399498, - 157578398571149, - ]), - xy2d: FieldElement51([ - 1143483057726416, - 1992614991758919, - 674268662140796, - 1773370048077526, - 674318359920189, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1835401379538542, - 173900035308392, - 818247630716732, - 4013900225838034, - 1021506399448290, - ]), - y_minus_x: FieldElement51([ - 1506632088156630, - 2127481795522179, - 513812919490255, - 140643715928370, - 442476620300318, - ]), - xy2d: FieldElement51([ - 2056683376856736, - 219094741662735, - 2193541883188309, - 1841182310235800, - 556477468664293, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3566819241596075, - 1049075855992602, - 4318372866671791, - 2518704280870781, - 2040482348591519, - ]), - y_minus_x: FieldElement51([ - 94096246544434, - 922482381166992, - 24517828745563, - 2139430508542503, - 2097139044231004, - ]), - xy2d: FieldElement51([ - 537697207950515, - 1399352016347350, - 1563663552106345, - 2148749520888918, - 549922092988516, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1747985413252415, - 680511052635695, - 1809559829982725, - 2846074064615302, - 2453472984431229, - ]), - y_minus_x: FieldElement51([ - 323583936109569, - 1973572998577657, - 1192219029966558, - 79354804385273, - 1374043025560347, - ]), - xy2d: FieldElement51([ - 213277331329947, - 416202017849623, - 1950535221091783, - 1313441578103244, - 2171386783823658, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2440888617915079, - 993969372859109, - 3147669935222235, - 3799101348983503, - 1477373024911349, - ]), - y_minus_x: FieldElement51([ - 1620578418245010, - 541035331188469, - 2235785724453865, - 2154865809088198, - 1974627268751826, - ]), - xy2d: FieldElement51([ - 1346805451740245, - 1350981335690626, - 942744349501813, - 2155094562545502, - 1012483751693409, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2107080134091762, - 1132567062788208, - 1824935377687210, - 769194804343737, - 1857941799971888, - ]), - y_minus_x: FieldElement51([ - 1074666112436467, - 249279386739593, - 1174337926625354, - 1559013532006480, - 1472287775519121, - ]), - xy2d: FieldElement51([ - 1872620123779532, - 1892932666768992, - 1921559078394978, - 1270573311796160, - 1438913646755037, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3089190001333428, - 3264053113908846, - 989780015893986, - 1351393287739814, - 2580427560230798, - ]), - y_minus_x: FieldElement51([ - 1028328827183114, - 1711043289969857, - 1350832470374933, - 1923164689604327, - 1495656368846911, - ]), - xy2d: FieldElement51([ - 1900828492104143, - 430212361082163, - 687437570852799, - 832514536673512, - 1685641495940794, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3094432661621646, - 605670026766215, - 290836444839585, - 2415010588577604, - 2213815011799644, - ]), - y_minus_x: FieldElement51([ - 1176336383453996, - 1725477294339771, - 12700622672454, - 678015708818208, - 162724078519879, - ]), - xy2d: FieldElement51([ - 1448049969043497, - 1789411762943521, - 385587766217753, - 90201620913498, - 832999441066823, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2767886146978542, - 2240508292484615, - 3603469341851756, - 3475055379001735, - 3002035638112385, - ]), - y_minus_x: FieldElement51([ - 1263624896582495, - 1102602401673328, - 526302183714372, - 2152015839128799, - 1483839308490010, - ]), - xy2d: FieldElement51([ - 442991718646863, - 1599275157036458, - 1925389027579192, - 899514691371390, - 350263251085160, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1689713572022124, - 2845654372939621, - 3229894858477217, - 1985127338729498, - 3927868934032873, - ]), - y_minus_x: FieldElement51([ - 1557207018622683, - 340631692799603, - 1477725909476187, - 614735951619419, - 2033237123746766, - ]), - xy2d: FieldElement51([ - 968764929340557, - 1225534776710944, - 662967304013036, - 1155521416178595, - 791142883466590, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1487081286167458, - 3244839255500182, - 1792378982844639, - 2950452258685122, - 2153908693179753, - ]), - y_minus_x: FieldElement51([ - 1123181311102823, - 685575944875442, - 507605465509927, - 1412590462117473, - 568017325228626, - ]), - xy2d: FieldElement51([ - 560258797465417, - 2193971151466401, - 1824086900849026, - 579056363542056, - 1690063960036441, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1918407319222397, - 2605567366745211, - 1930426334528098, - 1564816146005724, - 4113142195393344, - ]), - y_minus_x: FieldElement51([ - 2131325168777276, - 1176636658428908, - 1756922641512981, - 1390243617176012, - 1966325177038383, - ]), - xy2d: FieldElement51([ - 2063958120364491, - 2140267332393533, - 699896251574968, - 273268351312140, - 375580724713232, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2024297515263178, - 2668759143407935, - 3330814048702549, - 2423412039258430, - 1031677520051052, - ]), - y_minus_x: FieldElement51([ - 2033900009388450, - 1744902869870788, - 2190580087917640, - 1949474984254121, - 231049754293748, - ]), - xy2d: FieldElement51([ - 343868674606581, - 550155864008088, - 1450580864229630, - 481603765195050, - 896972360018042, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2151139328380127, - 2566545695770176, - 2311556639460451, - 1676664391494650, - 2048348075599360, - ]), - y_minus_x: FieldElement51([ - 1528930066340597, - 1605003907059576, - 1055061081337675, - 1458319101947665, - 1234195845213142, - ]), - xy2d: FieldElement51([ - 830430507734812, - 1780282976102377, - 1425386760709037, - 362399353095425, - 2168861579799910, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3407562046415562, - 980662895504005, - 2053766700883521, - 2742766027762854, - 2762205690726604, - ]), - y_minus_x: FieldElement51([ - 1683750316716132, - 652278688286128, - 1221798761193539, - 1897360681476669, - 319658166027343, - ]), - xy2d: FieldElement51([ - 618808732869972, - 72755186759744, - 2060379135624181, - 1730731526741822, - 48862757828238, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3714971784278753, - 3394840525452699, - 614590986558882, - 1409210575145591, - 1882816996436803, - ]), - y_minus_x: FieldElement51([ - 2230133264691131, - 563950955091024, - 2042915975426398, - 827314356293472, - 672028980152815, - ]), - xy2d: FieldElement51([ - 264204366029760, - 1654686424479449, - 2185050199932931, - 2207056159091748, - 506015669043634, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1784446333136550, - 1973746527984364, - 334856327359575, - 3408569589569858, - 3275749938360725, - ]), - y_minus_x: FieldElement51([ - 2065270940578383, - 31477096270353, - 306421879113491, - 181958643936686, - 1907105536686083, - ]), - xy2d: FieldElement51([ - 1496516440779464, - 1748485652986458, - 872778352227340, - 818358834654919, - 97932669284220, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2723435829455580, - 2924255216478824, - 1804995246884102, - 1842309243470804, - 3753662318666930, - ]), - y_minus_x: FieldElement51([ - 1013216974933691, - 538921919682598, - 1915776722521558, - 1742822441583877, - 1886550687916656, - ]), - xy2d: FieldElement51([ - 2094270000643336, - 303971879192276, - 40801275554748, - 649448917027930, - 1818544418535447, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2241737709499146, - 549397817447461, - 838180519319392, - 1725686958520781, - 3957438894582995, - ]), - y_minus_x: FieldElement51([ - 1216074541925116, - 50120933933509, - 1565829004133810, - 721728156134580, - 349206064666188, - ]), - xy2d: FieldElement51([ - 948617110470858, - 346222547451945, - 1126511960599975, - 1759386906004538, - 493053284802266, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1454933046815146, - 3126495827951610, - 1467170975468587, - 1432316382418897, - 2111710746366763, - ]), - y_minus_x: FieldElement51([ - 2105387117364450, - 1996463405126433, - 1303008614294500, - 851908115948209, - 1353742049788635, - ]), - xy2d: FieldElement51([ - 750300956351719, - 1487736556065813, - 15158817002104, - 1511998221598392, - 971739901354129, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1874648163531674, - 2124487685930551, - 1810030029384882, - 918400043048335, - 2838148440985898, - ]), - y_minus_x: FieldElement51([ - 1235084464747900, - 1166111146432082, - 1745394857881591, - 1405516473883040, - 4463504151617, - ]), - xy2d: FieldElement51([ - 1663810156463827, - 327797390285791, - 1341846161759410, - 1964121122800605, - 1747470312055380, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 660005247548214, - 2071860029952887, - 3610548013635355, - 911703252219106, - 3266179736709079, - ]), - y_minus_x: FieldElement51([ - 2206641276178231, - 1690587809721504, - 1600173622825126, - 2156096097634421, - 1106822408548216, - ]), - xy2d: FieldElement51([ - 1344788193552206, - 1949552134239140, - 1735915881729557, - 675891104100469, - 1834220014427292, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1920949492387945, - 2410685102072778, - 2322108077349280, - 2877838278583064, - 3719881539786256, - ]), - y_minus_x: FieldElement51([ - 622221042073383, - 1210146474039168, - 1742246422343683, - 1403839361379025, - 417189490895736, - ]), - xy2d: FieldElement51([ - 22727256592983, - 168471543384997, - 1324340989803650, - 1839310709638189, - 504999476432775, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3565040332441556, - 1721896294296941, - 2304063388272514, - 2065069734239231, - 3056710287109878, - ]), - y_minus_x: FieldElement51([ - 1337466662091884, - 1287645354669772, - 2018019646776184, - 652181229374245, - 898011753211715, - ]), - xy2d: FieldElement51([ - 1969792547910734, - 779969968247557, - 2011350094423418, - 1823964252907487, - 1058949448296945, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2459143550747250, - 1118176942430252, - 3010694408233412, - 806764629546265, - 1157700123092949, - ]), - y_minus_x: FieldElement51([ - 1273565321399022, - 1638509681964574, - 759235866488935, - 666015124346707, - 897983460943405, - ]), - xy2d: FieldElement51([ - 1717263794012298, - 1059601762860786, - 1837819172257618, - 1054130665797229, - 680893204263559, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2237039662793603, - 2249022333361206, - 2058613546633703, - 2401253908530527, - 2215176649164581, - ]), - y_minus_x: FieldElement51([ - 79472182719605, - 1851130257050174, - 1825744808933107, - 821667333481068, - 781795293511946, - ]), - xy2d: FieldElement51([ - 755822026485370, - 152464789723500, - 1178207602290608, - 410307889503239, - 156581253571278, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3669985309815545, - 2736319981413860, - 3898537095128197, - 3653287498355512, - 1349185550126960, - ]), - y_minus_x: FieldElement51([ - 1495380034400429, - 325049476417173, - 46346894893933, - 1553408840354856, - 828980101835683, - ]), - xy2d: FieldElement51([ - 1280337889310282, - 2070832742866672, - 1640940617225222, - 2098284908289951, - 450929509534434, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2659503167684029, - 2378371955168899, - 2537839641198868, - 1999255076709337, - 2030511179441770, - ]), - y_minus_x: FieldElement51([ - 1254958221100483, - 1153235960999843, - 942907704968834, - 637105404087392, - 1149293270147267, - ]), - xy2d: FieldElement51([ - 894249020470196, - 400291701616810, - 406878712230981, - 1599128793487393, - 1145868722604026, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3749755063888563, - 2361916158338507, - 1128535642171975, - 1900106496009660, - 2381592531146157, - ]), - y_minus_x: FieldElement51([ - 452487513298665, - 1352120549024569, - 1173495883910956, - 1999111705922009, - 367328130454226, - ]), - xy2d: FieldElement51([ - 1717539401269642, - 1475188995688487, - 891921989653942, - 836824441505699, - 1885988485608364, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3493583935107776, - 2439136865632830, - 3370281625921440, - 2680547565621609, - 2282158712612572, - ]), - y_minus_x: FieldElement51([ - 2022432361201842, - 1088816090685051, - 1977843398539868, - 1854834215890724, - 564238862029357, - ]), - xy2d: FieldElement51([ - 938868489100585, - 1100285072929025, - 1017806255688848, - 1957262154788833, - 152787950560442, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3119119231364171, - 2872271776627789, - 2477832016990963, - 2593801257642876, - 1761675818237335, - ]), - y_minus_x: FieldElement51([ - 1295072362439987, - 931227904689414, - 1355731432641687, - 922235735834035, - 892227229410209, - ]), - xy2d: FieldElement51([ - 1680989767906154, - 535362787031440, - 2136691276706570, - 1942228485381244, - 1267350086882274, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2617818047455756, - 2684460443440843, - 2378209521329782, - 1973842949591661, - 2897427157127624, - ]), - y_minus_x: FieldElement51([ - 535509430575217, - 546885533737322, - 1524675609547799, - 2138095752851703, - 1260738089896827, - ]), - xy2d: FieldElement51([ - 1159906385590467, - 2198530004321610, - 714559485023225, - 81880727882151, - 1484020820037082, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1377485731340769, - 2046328105512000, - 1802058637158797, - 2313945950453421, - 1356993908853900, - ]), - y_minus_x: FieldElement51([ - 2013612215646735, - 1830770575920375, - 536135310219832, - 609272325580394, - 270684344495013, - ]), - xy2d: FieldElement51([ - 1237542585982777, - 2228682050256790, - 1385281931622824, - 593183794882890, - 493654978552689, - ]), - }, - ]), - LookupTable([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2299141301692989, - 1891414891220256, - 983894663308928, - 2427961581972066, - 3378060928864955, - ]), - y_minus_x: FieldElement51([ - 1694030170963455, - 502038567066200, - 1691160065225467, - 949628319562187, - 275110186693066, - ]), - xy2d: FieldElement51([ - 1124515748676336, - 1661673816593408, - 1499640319059718, - 1584929449166988, - 558148594103306, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1784525599998356, - 1619698033617383, - 2097300287550715, - 2510065271789004, - 1905684794832757, - ]), - y_minus_x: FieldElement51([ - 1288941072872766, - 931787902039402, - 190731008859042, - 2006859954667190, - 1005931482221702, - ]), - xy2d: FieldElement51([ - 1465551264822703, - 152905080555927, - 680334307368453, - 173227184634745, - 666407097159852, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2111017076203943, - 3630560299479595, - 1248583954016455, - 3604089008549670, - 1895180776543895, - ]), - y_minus_x: FieldElement51([ - 171348223915638, - 662766099800389, - 462338943760497, - 466917763340314, - 656911292869115, - ]), - xy2d: FieldElement51([ - 488623681976577, - 866497561541722, - 1708105560937768, - 1673781214218839, - 1506146329818807, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2412225278142205, - 950394373239688, - 2682296937026182, - 711676555398831, - 320964687779005, - ]), - y_minus_x: FieldElement51([ - 988979367990485, - 1359729327576302, - 1301834257246029, - 294141160829308, - 29348272277475, - ]), - xy2d: FieldElement51([ - 1434382743317910, - 100082049942065, - 221102347892623, - 186982837860588, - 1305765053501834, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2205916462268190, - 2751663643476068, - 961960554686615, - 2409862576442233, - 1841471168298304, - ]), - y_minus_x: FieldElement51([ - 1191737341426592, - 1847042034978363, - 1382213545049056, - 1039952395710448, - 788812858896859, - ]), - xy2d: FieldElement51([ - 1346965964571152, - 1291881610839830, - 2142916164336056, - 786821641205979, - 1571709146321039, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 787164375951248, - 2454669019058437, - 3608390234717387, - 1431233331032509, - 786341368775957, - ]), - y_minus_x: FieldElement51([ - 492448143532951, - 304105152670757, - 1761767168301056, - 233782684697790, - 1981295323106089, - ]), - xy2d: FieldElement51([ - 665807507761866, - 1343384868355425, - 895831046139653, - 439338948736892, - 1986828765695105, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3007896024559801, - 1721699973539148, - 2510565115413133, - 1390588532210644, - 1212530909934781, - ]), - y_minus_x: FieldElement51([ - 852891097972275, - 1816988871354562, - 1543772755726524, - 1174710635522444, - 202129090724628, - ]), - xy2d: FieldElement51([ - 1205281565824323, - 22430498399418, - 992947814485516, - 1392458699738672, - 688441466734558, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3302427242100220, - 1955849529137134, - 2171162376368357, - 2343545681983462, - 447733118757825, - ]), - y_minus_x: FieldElement51([ - 1287181461435438, - 622722465530711, - 880952150571872, - 741035693459198, - 311565274989772, - ]), - xy2d: FieldElement51([ - 1003649078149734, - 545233927396469, - 1849786171789880, - 1318943684880434, - 280345687170552, - ]), - }, - ]), - ]); - -/// Odd multiples of the basepoint `[B, 3B, 5B, 7B, 9B, 11B, 13B, 15B, ..., 127B]`. -pub(crate) const AFFINE_ODD_MULTIPLES_OF_BASEPOINT: NafLookupTable8 = - NafLookupTable8([ - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3540182452943730, - 2497478415033846, - 2521227595762870, - 1462984067271729, - 2389212253076811, - ]), - y_minus_x: FieldElement51([ - 62697248952638, - 204681361388450, - 631292143396476, - 338455783676468, - 1213667448819585, - ]), - xy2d: FieldElement51([ - 301289933810280, - 1259582250014073, - 1422107436869536, - 796239922652654, - 1953934009299142, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1601611775252272, - 1720807796594148, - 1132070835939856, - 3512254832574799, - 2147779492816910, - ]), - y_minus_x: FieldElement51([ - 316559037616741, - 2177824224946892, - 1459442586438991, - 1461528397712656, - 751590696113597, - ]), - xy2d: FieldElement51([ - 1850748884277385, - 1200145853858453, - 1068094770532492, - 672251375690438, - 1586055907191707, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 769950342298400, - 2384754244604994, - 3095885746880802, - 3225892188161580, - 2977876099231263, - ]), - y_minus_x: FieldElement51([ - 425251763115706, - 608463272472562, - 442562545713235, - 837766094556764, - 374555092627893, - ]), - xy2d: FieldElement51([ - 1086255230780037, - 274979815921559, - 1960002765731872, - 929474102396301, - 1190409889297339, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2916800678241215, - 2065379846933858, - 2622030924071124, - 2602788184473875, - 1233371373142984, - ]), - y_minus_x: FieldElement51([ - 2019367628972465, - 676711900706637, - 110710997811333, - 1108646842542025, - 517791959672113, - ]), - xy2d: FieldElement51([ - 965130719900578, - 247011430587952, - 526356006571389, - 91986625355052, - 2157223321444601, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1802695059464988, - 1664899123557221, - 2845359304426105, - 2160434469266658, - 3179370264440279, - ]), - y_minus_x: FieldElement51([ - 1725674970513508, - 1933645953859181, - 1542344539275782, - 1767788773573747, - 1297447965928905, - ]), - xy2d: FieldElement51([ - 1381809363726107, - 1430341051343062, - 2061843536018959, - 1551778050872521, - 2036394857967624, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 4222693909998302, - 2779866139518454, - 1619374932191226, - 2207306624415883, - 1169170329061080, - ]), - y_minus_x: FieldElement51([ - 2070390218572616, - 1458919061857835, - 624171843017421, - 1055332792707765, - 433987520732508, - ]), - xy2d: FieldElement51([ - 893653801273833, - 1168026499324677, - 1242553501121234, - 1306366254304474, - 1086752658510815, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2465253816303469, - 3191571337672685, - 1159882208056013, - 2569188183312765, - 621213314200686, - ]), - y_minus_x: FieldElement51([ - 1971678598905747, - 338026507889165, - 762398079972271, - 655096486107477, - 42299032696322, - ]), - xy2d: FieldElement51([ - 177130678690680, - 1754759263300204, - 1864311296286618, - 1180675631479880, - 1292726903152791, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1913163449625248, - 2712579013977241, - 2193883288642313, - 1008900146920800, - 1721983679009502, - ]), - y_minus_x: FieldElement51([ - 1070401523076875, - 1272492007800961, - 1910153608563310, - 2075579521696771, - 1191169788841221, - ]), - xy2d: FieldElement51([ - 692896803108118, - 500174642072499, - 2068223309439677, - 1162190621851337, - 1426986007309901, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1819621230288238, - 2735700366193240, - 1755134670739586, - 3080648199451191, - 4172807995775876, - ]), - y_minus_x: FieldElement51([ - 992069868904071, - 799011518185730, - 1777586403832768, - 1134820506145684, - 1999461475558530, - ]), - xy2d: FieldElement51([ - 425204543703124, - 2040469794090382, - 1651690622153809, - 1500530168597569, - 1253908377065966, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2105824306960939, - 1387520302709358, - 3633176580451016, - 2211816663841753, - 1629085891776489, - ]), - y_minus_x: FieldElement51([ - 1485201376284999, - 1022406647424656, - 504181009209019, - 962621520820995, - 590876713147230, - ]), - xy2d: FieldElement51([ - 265873406365287, - 1192742653492898, - 88553098803050, - 525037770869640, - 1266933811251234, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3552316659826612, - 1254279525791875, - 1609927932077699, - 3578654071679972, - 3750681296069893, - ]), - y_minus_x: FieldElement51([ - 37186803519861, - 1404297334376301, - 578519728836650, - 1740727951192592, - 2095534282477028, - ]), - xy2d: FieldElement51([ - 833234263154399, - 2023862470013762, - 1854137933982069, - 853924318090959, - 1589812702805850, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3679150557957763, - 1319179453661745, - 497496853611112, - 2665464286942351, - 1208137952365560, - ]), - y_minus_x: FieldElement51([ - 1654513078530905, - 907489875842908, - 126098711296368, - 1726320004173677, - 28269495058173, - ]), - xy2d: FieldElement51([ - 114436686957443, - 532739313025996, - 115428841215897, - 2191499400074366, - 370280402676434, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1111146849833253, - 2016430049079759, - 1860522747477948, - 3537164738290194, - 4137142824844184, - ]), - y_minus_x: FieldElement51([ - 429069864577128, - 975327637149449, - 237881983565075, - 1654761232378630, - 2122527599091807, - ]), - xy2d: FieldElement51([ - 2093793463548278, - 754827233241879, - 1420389751719629, - 1829952782588138, - 2011865756773717, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 676293365438898, - 2850296017886344, - 1205350322490195, - 2763699392265669, - 2133931188538142, - ]), - y_minus_x: FieldElement51([ - 48340340349120, - 1299261101494832, - 1137329686775218, - 1534848106674340, - 1351662218216799, - ]), - xy2d: FieldElement51([ - 1904520614137939, - 1590301001714014, - 215781420985270, - 2043534301034629, - 1970888949300424, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2365217962409710, - 2061307169694064, - 1887478590157603, - 2169639621284316, - 2373810867477200, - ]), - y_minus_x: FieldElement51([ - 1020052624656948, - 1260412094216707, - 366721640607121, - 585331442306596, - 345876457758061, - ]), - xy2d: FieldElement51([ - 975390299880933, - 1066555195234642, - 12651997758352, - 1184252205433068, - 1058378155074223, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1431537716602643, - 2024827957433813, - 3746434518400495, - 1087794891033550, - 2156817571680455, - ]), - y_minus_x: FieldElement51([ - 929288033346881, - 255179964546973, - 711057989588035, - 208899572612840, - 185348357387383, - ]), - xy2d: FieldElement51([ - 823689746424808, - 47266130989546, - 209403309368097, - 1100966895202707, - 710792075292719, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2311213117823762, - 3296668540922318, - 2004276520649823, - 1861500579441125, - 3148029033359833, - ]), - y_minus_x: FieldElement51([ - 1563693677475261, - 1843782073741194, - 1950700654453170, - 911540858113949, - 2085151496302359, - ]), - xy2d: FieldElement51([ - 1427880892005482, - 106216431121745, - 42608394782284, - 1217295886989793, - 1514235272796882, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3544335535746750, - 2367994491347456, - 2567261456502612, - 1854058085060971, - 2263545563461076, - ]), - y_minus_x: FieldElement51([ - 787426011300053, - 2105981035769060, - 1130476291127206, - 1748659348100075, - 53470983013756, - ]), - xy2d: FieldElement51([ - 553548273865386, - 5927805718390, - 65184587381926, - 633576679686953, - 576048559439973, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 993787326657446, - 3868807161609258, - 1615796046728943, - 2514644292681953, - 2059021068660907, - ]), - y_minus_x: FieldElement51([ - 251010270518880, - 1681684095763484, - 1521949356387564, - 431593457045116, - 1855308922422910, - ]), - xy2d: FieldElement51([ - 618490909691959, - 1257497595618257, - 202952467594088, - 35577762721238, - 1494883566841973, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1673474571932262, - 2409784519770613, - 2636095316260487, - 2761112584601925, - 3333713288149876, - ]), - y_minus_x: FieldElement51([ - 1600640202645197, - 1019569075331823, - 1041916487915822, - 1680448171313267, - 2126903137527901, - ]), - xy2d: FieldElement51([ - 894964745143659, - 106116880092678, - 1009869382959477, - 317866368542032, - 1986983122763912, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1765281781276487, - 2863247187455184, - 2589075472439062, - 1386435905543054, - 2182338478845320, - ]), - y_minus_x: FieldElement51([ - 1144730936996693, - 2213315231278180, - 1489676672185125, - 665039429138074, - 1131283313040268, - ]), - xy2d: FieldElement51([ - 2004734176670602, - 1738311085075235, - 418866995976618, - 1050782508034394, - 577747313404652, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2185209688340293, - 1309276076461009, - 2514740038571278, - 3994889904012999, - 3018098826231021, - ]), - y_minus_x: FieldElement51([ - 1405936970888515, - 1754621155316654, - 1211862168554999, - 1813045702919083, - 997853418197172, - ]), - xy2d: FieldElement51([ - 82037622045021, - 1646398333621944, - 613095452763466, - 1312329542583705, - 81014679202721, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2389287991277873, - 403851022333257, - 1597473361477193, - 2953351602509212, - 2135174663049062, - ]), - y_minus_x: FieldElement51([ - 1826548187201150, - 302299893734126, - 1475477168615781, - 842617616347376, - 1438600873676130, - ]), - xy2d: FieldElement51([ - 663049852468609, - 1649295727846569, - 1048009692742781, - 628866177992421, - 1914360327429204, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1795645928096646, - 306878154408959, - 2924901319092394, - 2801261341654799, - 1653782432983523, - ]), - y_minus_x: FieldElement51([ - 2077597317438627, - 212642017882064, - 674844477518888, - 875487498687554, - 2060550250171182, - ]), - xy2d: FieldElement51([ - 1420448018683809, - 1032663994771382, - 1341927003385267, - 1340360916546159, - 1988547473895228, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1082660122598844, - 2545055705583789, - 3888919679589007, - 1670283344995811, - 3403239134794618, - ]), - y_minus_x: FieldElement51([ - 90430593339788, - 1838338032241275, - 571293238480915, - 1639938867416883, - 257378872001111, - ]), - xy2d: FieldElement51([ - 1528535658865034, - 1516636853043960, - 787000569996728, - 1464531394704506, - 1684822625133795, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 811329918113934, - 2783463529007378, - 1769095754634835, - 2970819621866866, - 881037178164325, - ]), - y_minus_x: FieldElement51([ - 1784566501964517, - 433890943689325, - 1186055625589419, - 1496077405487512, - 1731807117886548, - ]), - xy2d: FieldElement51([ - 424909811816304, - 1355993963741797, - 409606483251841, - 455665350637068, - 1617009023642808, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2478728492077816, - 2780289048655501, - 2328687177473769, - 4107341333582032, - 1316147724308250, - ]), - y_minus_x: FieldElement51([ - 1617420574301156, - 1741273341070467, - 667135503486508, - 2100436564640123, - 1032223920000865, - ]), - xy2d: FieldElement51([ - 1753947659404033, - 247279202390193, - 1819288880178945, - 737334285670249, - 1037873664856104, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1762568490530034, - 673742465299012, - 2054571050635888, - 2040165159255111, - 3040123733327257, - ]), - y_minus_x: FieldElement51([ - 1627187989987422, - 1686331580821752, - 1309895873498183, - 719718719104086, - 300063199808722, - ]), - xy2d: FieldElement51([ - 238176707016164, - 1440454788877048, - 203336037573144, - 1437789888677072, - 101522256664211, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1895216760098480, - 1934324337975022, - 3677350688973167, - 2536415965456176, - 714678003308640, - ]), - y_minus_x: FieldElement51([ - 508185358728815, - 1691320535341855, - 2168887448239256, - 1035124393070661, - 1936603999698584, - ]), - xy2d: FieldElement51([ - 390562831571647, - 1390223890708972, - 1383183990676371, - 435998174196410, - 1882086414390730, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3747620842612921, - 2081794785291195, - 3284594056262745, - 2090090346797895, - 2581692978935809, - ]), - y_minus_x: FieldElement51([ - 244144781251265, - 1290834426417077, - 1888701171101942, - 1233922456644870, - 241117402207491, - ]), - xy2d: FieldElement51([ - 1266169390045455, - 1148042013187970, - 878921907853942, - 1815738019658093, - 908920199341621, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2521768507305118, - 953557056811112, - 2015863732865770, - 1358382511861315, - 2835421647899992, - ]), - y_minus_x: FieldElement51([ - 2239837206240498, - 330928973149665, - 422268062913642, - 1481280019493032, - 619879520439841, - ]), - xy2d: FieldElement51([ - 1360166735366017, - 1770556573948510, - 1395061284191031, - 1814003148068126, - 522781147076884, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2611794802645686, - 707234844948070, - 1314059396506491, - 2919250341703934, - 2161831667832785, - ]), - y_minus_x: FieldElement51([ - 934831784182383, - 433734253968318, - 1660867106725771, - 1968393082772831, - 873946300968490, - ]), - xy2d: FieldElement51([ - 26306827827554, - 430884999378685, - 1504310424376419, - 1761358720837522, - 542195685418530, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1762131062631725, - 3123952634417535, - 3619918390837537, - 2909990877347294, - 1411594230004385, - ]), - y_minus_x: FieldElement51([ - 538272372224622, - 1425714779586199, - 588313661410172, - 1497062084392578, - 1602174047128512, - ]), - xy2d: FieldElement51([ - 907490361939255, - 1963620338391363, - 626927432296975, - 1250748516081414, - 959901171882527, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1335066153744413, - 2887804660779657, - 2653073855954038, - 2765226981667422, - 938831784476763, - ]), - y_minus_x: FieldElement51([ - 296699434737224, - 2047543711075683, - 2076451038937139, - 227783599906901, - 1602062110967627, - ]), - xy2d: FieldElement51([ - 1574834773194203, - 1384279952062839, - 393652417255803, - 2166968242848859, - 1552890441390820, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1619646774410947, - 1576090644023562, - 3035228391320965, - 1735328519940543, - 2355324535937066, - ]), - y_minus_x: FieldElement51([ - 1024074573633446, - 957088456885874, - 1690425531356997, - 2102187380180052, - 1082544623222033, - ]), - xy2d: FieldElement51([ - 1871906170635853, - 1719383891167200, - 1584032250247862, - 823764804192117, - 2244048510084261, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 642147846489775, - 3334304977145699, - 305205716788147, - 2589176626729533, - 2224680511484174, - ]), - y_minus_x: FieldElement51([ - 1734162377166545, - 260713621840346, - 157174591942595, - 952544272517991, - 222818702471733, - ]), - xy2d: FieldElement51([ - 1213115494182947, - 286778704335711, - 2130189536016490, - 308349182281342, - 1217623948685491, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3360052266973635, - 1843486583624091, - 1561693837124349, - 1084041964025479, - 1866270922024009, - ]), - y_minus_x: FieldElement51([ - 460705465481210, - 1968151453817859, - 497005926994844, - 625618055866751, - 2176893440866887, - ]), - xy2d: FieldElement51([ - 1655800250476757, - 2036588542300609, - 666447448675243, - 1615721995750683, - 1508669225186765, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2245948203759141, - 1058306669699396, - 1452898014240582, - 3961024141962768, - 1633235287338608, - ]), - y_minus_x: FieldElement51([ - 986647273684279, - 1507266907811370, - 1260572633649005, - 2071672342077446, - 695976026010857, - ]), - xy2d: FieldElement51([ - 1312356620823495, - 1635278548098567, - 901946076841033, - 585120475533168, - 1240667113237384, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2313723935779695, - 1506054666773895, - 996040223525031, - 636592914999692, - 1497801917020297, - ]), - y_minus_x: FieldElement51([ - 292042016419794, - 1158932298133044, - 2062611870323738, - 1946058478962569, - 1749165808126286, - ]), - xy2d: FieldElement51([ - 654683942212830, - 1526897351349087, - 2006818439922838, - 2194919327350361, - 1451960776874416, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3015041017808905, - 2951823141773809, - 2584865668253675, - 2508192032998563, - 2582137700042019, - ]), - y_minus_x: FieldElement51([ - 1628123495344283, - 2072923641214546, - 1647225812023982, - 855655925244679, - 1758126430071140, - ]), - xy2d: FieldElement51([ - 1615895096489599, - 275295258643784, - 937665541219916, - 1313496726746346, - 1186468946422626, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1603070202850694, - 2072127623773242, - 1692648737212158, - 2493373404187852, - 1248948672117105, - ]), - y_minus_x: FieldElement51([ - 11167836031898, - 596565174397990, - 2196351068723859, - 314744641791907, - 1102014997250781, - ]), - xy2d: FieldElement51([ - 1409047922401191, - 69960384467966, - 688103515547600, - 1309746102488044, - 150292892873778, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1986083055103168, - 691715819340300, - 1361811659746933, - 3459052030333434, - 1063594696046061, - ]), - y_minus_x: FieldElement51([ - 1201987338414749, - 2198784582460616, - 1203335513981498, - 489243077045066, - 2205278143582433, - ]), - xy2d: FieldElement51([ - 2034744376624534, - 2077387101466387, - 148448542974969, - 1502697574577258, - 473186584705655, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 472016956315960, - 720786972252993, - 2840633661190043, - 3150798753357827, - 2816563335499153, - ]), - y_minus_x: FieldElement51([ - 253464247569755, - 168314237403057, - 511780806170295, - 1058862316549135, - 1646858476817137, - ]), - xy2d: FieldElement51([ - 595092995922219, - 1491311840717691, - 291581784452778, - 1569186646367854, - 1031385061400544, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3483137021572755, - 1526955102024322, - 2778006642704458, - 457549634924205, - 1097420237736736, - ]), - y_minus_x: FieldElement51([ - 1246991699537710, - 81367319519439, - 530844036072196, - 163656863755855, - 1950742455979290, - ]), - xy2d: FieldElement51([ - 191532664076407, - 539378506082089, - 1021612562876554, - 1026603384732632, - 1773368780410653, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 4144620731387879, - 590179521333342, - 4034023318016108, - 2255745030335426, - 2699746851701250, - ]), - y_minus_x: FieldElement51([ - 2206599697359952, - 553895797384417, - 181689161933786, - 1153123447919104, - 778568064152659, - ]), - xy2d: FieldElement51([ - 1706307000059211, - 1885601289314487, - 889758608505788, - 550131729999853, - 1006862664714268, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3210197754285058, - 2048500453422630, - 3403309827888207, - 927154428508963, - 4199813798872019, - ]), - y_minus_x: FieldElement51([ - 992058915374933, - 476120535358775, - 1973648780784340, - 2025282643598818, - 2182318983793230, - ]), - xy2d: FieldElement51([ - 1343440812005821, - 1316045839091795, - 1884951299078063, - 1765919609219175, - 2197567554627988, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3129247779382818, - 4415026969054274, - 1900265885969643, - 1528796215447059, - 2172730393748688, - ]), - y_minus_x: FieldElement51([ - 1773355092297603, - 64654329538271, - 1332124041660957, - 748492100858001, - 895500006200535, - ]), - xy2d: FieldElement51([ - 2000840647851980, - 546565968824914, - 420633283457524, - 195470736374507, - 1958689297569520, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 743138980705446, - 3411117504637167, - 2591389959690621, - 2380042066577202, - 3022267940115114, - ]), - y_minus_x: FieldElement51([ - 165947002229363, - 115186103724967, - 1068573292121517, - 1842565776920938, - 1969395681111987, - ]), - xy2d: FieldElement51([ - 553322266190633, - 234265665613185, - 484544650202821, - 1238773526575826, - 2017991917953668, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2581954631514051, - 1245093644265357, - 3537016673825374, - 1834216551713857, - 923978372152807, - ]), - y_minus_x: FieldElement51([ - 1855378315339552, - 890045579230758, - 1764718173975590, - 197904186055854, - 1718129022310327, - ]), - xy2d: FieldElement51([ - 1278162928734862, - 1894118254109862, - 987503995465517, - 177406744098996, - 781538103127693, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1996603431230215, - 1191888797552937, - 1207440075928499, - 2765853449051137, - 2525314961343288, - ]), - y_minus_x: FieldElement51([ - 808903879370889, - 990820108751280, - 1084429472258867, - 1078562781312589, - 254514692695625, - ]), - xy2d: FieldElement51([ - 615855140068469, - 586046731175395, - 693470779212674, - 1964537100203868, - 1350330550265229, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3344544372023708, - 720386671449874, - 2480841360702110, - 2036034126860286, - 2015744690201389, - ]), - y_minus_x: FieldElement51([ - 1337446193390478, - 1984110761311871, - 746489405020285, - 407347127604128, - 1740475330360596, - ]), - xy2d: FieldElement51([ - 140840424783613, - 1063284623568331, - 1136446106453878, - 372042229029799, - 442607248430694, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2330781679120937, - 376801425148230, - 2032603686676107, - 1488926293635130, - 1317278311532959, - ]), - y_minus_x: FieldElement51([ - 1290116731380016, - 2166899563471713, - 831997001838078, - 870954980505220, - 2108537278055823, - ]), - xy2d: FieldElement51([ - 1912719171026343, - 846194720551034, - 2043988124740726, - 993234269653961, - 421229796383281, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2651184584992902, - 2775702557638963, - 2539786009779572, - 2575974880015305, - 2122619079836732, - ]), - y_minus_x: FieldElement51([ - 1154054290132562, - 931753998725577, - 1647742001778052, - 865765466488226, - 1083816107290025, - ]), - xy2d: FieldElement51([ - 986341121095108, - 1522330369638573, - 1990880546211047, - 501525962272123, - 198539304862139, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1496414019192687, - 3991034436173951, - 3380311659062196, - 2854747485359158, - 3346958036643152, - ]), - y_minus_x: FieldElement51([ - 805612068303425, - 1891790027761335, - 1587008567571549, - 722120737390201, - 378156757163816, - ]), - xy2d: FieldElement51([ - 1588994517921951, - 977362751042302, - 1329302387067714, - 2069348224564088, - 1586007159625211, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2490539421551682, - 1985699850375015, - 2331762317128172, - 4145097393776678, - 2521049460190674, - ]), - y_minus_x: FieldElement51([ - 615817553313996, - 2245962768078178, - 482564324326173, - 2101336843140780, - 1240914880829407, - ]), - xy2d: FieldElement51([ - 1438242482238189, - 874267817785463, - 1620810389770625, - 866155221338671, - 1040426546798301, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 2403083624110300, - 2548561409802975, - 2492699136535911, - 2358289519456539, - 3203964320363148, - ]), - y_minus_x: FieldElement51([ - 1913986535403097, - 1977163223054199, - 1972905914623196, - 1650122133472502, - 1905849310819035, - ]), - xy2d: FieldElement51([ - 858174816360838, - 614595356564037, - 1099584959044836, - 636998087084906, - 1070393269058348, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3666695924830668, - 3585640662737501, - 2372994528684236, - 2628565977288995, - 3482812783469694, - ]), - y_minus_x: FieldElement51([ - 1994161359147952, - 2198039369802658, - 62790022842537, - 1522306785848169, - 951223194802833, - ]), - xy2d: FieldElement51([ - 852296621440717, - 431889737774209, - 370755457746189, - 437604073958073, - 627857326892757, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1794955764684156, - 2586904290013612, - 1322647643615887, - 856117964085888, - 2652432778663153, - ]), - y_minus_x: FieldElement51([ - 933592377399646, - 78031722952813, - 926049890685253, - 1471649501316246, - 33789909190376, - ]), - xy2d: FieldElement51([ - 1479319468832059, - 203906207621608, - 659828362330083, - 44358398435755, - 1273573524210803, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1592342143350813, - 3227219208247713, - 2345240352078765, - 2577750109932929, - 2933512841197243, - ]), - y_minus_x: FieldElement51([ - 2184946892642995, - 1517382324576002, - 1557940277419806, - 2170635134813213, - 747314658627002, - ]), - xy2d: FieldElement51([ - 1823193620577742, - 1135817878516419, - 1731253819308581, - 1031652967267804, - 2123506616999453, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1346190246005805, - 2052692552023851, - 1718128041785940, - 2491557332978474, - 3474370880388305, - ]), - y_minus_x: FieldElement51([ - 424776012994573, - 281050757243423, - 626466040846420, - 990194703866532, - 38571969885982, - ]), - xy2d: FieldElement51([ - 192408346595466, - 1054889725292349, - 584097975693004, - 1447909807397749, - 2134645004369136, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3169895788615063, - 3503097743181446, - 601598510029975, - 1422812237223371, - 2121009661378329, - ]), - y_minus_x: FieldElement51([ - 1603348391996783, - 2066143816131699, - 1789627290363958, - 2145705961178118, - 1985578641438222, - ]), - xy2d: FieldElement51([ - 352633958653380, - 856927627345554, - 793925083122702, - 93551575767286, - 1222010153634215, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1756866499986349, - 911731956999969, - 2707505543214075, - 4006920335263786, - 822501008147910, - ]), - y_minus_x: FieldElement51([ - 1094036422864347, - 1897208881572508, - 1503607738246960, - 1901060196071406, - 294068411105729, - ]), - xy2d: FieldElement51([ - 587776484399576, - 1116861711228807, - 343398777436088, - 936544065763093, - 1643746750211060, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 3477749685790410, - 267997399528836, - 2953780922004404, - 3252368924080907, - 3787792887348381, - ]), - y_minus_x: FieldElement51([ - 2042368155872443, - 41662387210459, - 1676313264498480, - 1333968523426810, - 1765708383352310, - ]), - xy2d: FieldElement51([ - 1453394896690938, - 1585795827439909, - 1469309456804303, - 1294645324464404, - 2042954198665899, - ]), - }, - AffineNielsPoint { - y_plus_x: FieldElement51([ - 1810069207599881, - 1358344669503239, - 1989371257548167, - 2316270051121225, - 3019675451276507, - ]), - y_minus_x: FieldElement51([ - 1866114438287676, - 1663420339568364, - 1437691317033088, - 538298302628038, - 1212711449614363, - ]), - xy2d: FieldElement51([ - 1769235035677897, - 1562012115317882, - 31277513664750, - 536198657928416, - 1976134212537183, - ]), - }, - ]); diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/field.rs deleted file mode 100644 index a73d4b5d54cf..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/field.rs +++ /dev/null @@ -1,564 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Field arithmetic modulo \\(p = 2\^{255} - 19\\), using \\(64\\)-bit -//! limbs with \\(128\\)-bit products. - -use core::fmt::Debug; -use core::ops::Neg; -use core::ops::{Add, AddAssign}; -use core::ops::{Mul, MulAssign}; -use core::ops::{Sub, SubAssign}; - -use subtle::Choice; -use subtle::ConditionallySelectable; - -use zeroize::Zeroize; - -/// A `FieldElement51` represents an element of the field -/// \\( \mathbb Z / (2\^{255} - 19)\\). -/// -/// In the 64-bit implementation, a `FieldElement` is represented in -/// radix \\(2\^{51}\\) as five `u64`s; the coefficients are allowed to -/// grow up to \\(2\^{54}\\) between reductions modulo \\(p\\). -/// -/// # Note -/// -/// The `curve25519_dalek::field` module provides a type alias -/// `curve25519_dalek::field::FieldElement` to either `FieldElement51` -/// or `FieldElement2625`. -/// -/// The backend-specific type `FieldElement51` should not be used -/// outside of the `curve25519_dalek::field` module. -#[derive(Copy, Clone)] -pub struct FieldElement51(pub (crate) [u64; 5]); - -impl Debug for FieldElement51 { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "FieldElement51({:?})", &self.0[..]) - } -} - -impl Zeroize for FieldElement51 { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -impl<'b> AddAssign<&'b FieldElement51> for FieldElement51 { - fn add_assign(&mut self, _rhs: &'b FieldElement51) { - for i in 0..5 { - self.0[i] += _rhs.0[i]; - } - } -} - -impl<'a, 'b> Add<&'b FieldElement51> for &'a FieldElement51 { - type Output = FieldElement51; - fn add(self, _rhs: &'b FieldElement51) -> FieldElement51 { - let mut output = *self; - output += _rhs; - output - } -} - -impl<'b> SubAssign<&'b FieldElement51> for FieldElement51 { - fn sub_assign(&mut self, _rhs: &'b FieldElement51) { - let result = (self as &FieldElement51) - _rhs; - self.0 = result.0; - } -} - -impl<'a, 'b> Sub<&'b FieldElement51> for &'a FieldElement51 { - type Output = FieldElement51; - fn sub(self, _rhs: &'b FieldElement51) -> FieldElement51 { - // To avoid underflow, first add a multiple of p. - // Choose 16*p = p << 4 to be larger than 54-bit _rhs. - // - // If we could statically track the bitlengths of the limbs - // of every FieldElement51, we could choose a multiple of p - // just bigger than _rhs and avoid having to do a reduction. - // - // Since we don't yet have type-level integers to do this, we - // have to add an explicit reduction call here. - FieldElement51::reduce([ - (self.0[0] + 36028797018963664u64) - _rhs.0[0], - (self.0[1] + 36028797018963952u64) - _rhs.0[1], - (self.0[2] + 36028797018963952u64) - _rhs.0[2], - (self.0[3] + 36028797018963952u64) - _rhs.0[3], - (self.0[4] + 36028797018963952u64) - _rhs.0[4], - ]) - } -} - -impl<'b> MulAssign<&'b FieldElement51> for FieldElement51 { - fn mul_assign(&mut self, _rhs: &'b FieldElement51) { - let result = (self as &FieldElement51) * _rhs; - self.0 = result.0; - } -} - -impl<'a, 'b> Mul<&'b FieldElement51> for &'a FieldElement51 { - type Output = FieldElement51; - fn mul(self, _rhs: &'b FieldElement51) -> FieldElement51 { - /// Helper function to multiply two 64-bit integers with 128 - /// bits of output. - #[inline(always)] - fn m(x: u64, y: u64) -> u128 { (x as u128) * (y as u128) } - - // Alias self, _rhs for more readable formulas - let a: &[u64; 5] = &self.0; - let b: &[u64; 5] = &_rhs.0; - - // Precondition: assume input limbs a[i], b[i] are bounded as - // - // a[i], b[i] < 2^(51 + b) - // - // where b is a real parameter measuring the "bit excess" of the limbs. - - // 64-bit precomputations to avoid 128-bit multiplications. - // - // This fits into a u64 whenever 51 + b + lg(19) < 64. - // - // Since 51 + b + lg(19) < 51 + 4.25 + b - // = 55.25 + b, - // this fits if b < 8.75. - let b1_19 = b[1] * 19; - let b2_19 = b[2] * 19; - let b3_19 = b[3] * 19; - let b4_19 = b[4] * 19; - - // Multiply to get 128-bit coefficients of output - let c0: u128 = m(a[0],b[0]) + m(a[4],b1_19) + m(a[3],b2_19) + m(a[2],b3_19) + m(a[1],b4_19); - let mut c1: u128 = m(a[1],b[0]) + m(a[0],b[1]) + m(a[4],b2_19) + m(a[3],b3_19) + m(a[2],b4_19); - let mut c2: u128 = m(a[2],b[0]) + m(a[1],b[1]) + m(a[0],b[2]) + m(a[4],b3_19) + m(a[3],b4_19); - let mut c3: u128 = m(a[3],b[0]) + m(a[2],b[1]) + m(a[1],b[2]) + m(a[0],b[3]) + m(a[4],b4_19); - let mut c4: u128 = m(a[4],b[0]) + m(a[3],b[1]) + m(a[2],b[2]) + m(a[1],b[3]) + m(a[0],b[4]); - - // How big are the c[i]? We have - // - // c[i] < 2^(102 + 2*b) * (1+i + (4-i)*19) - // < 2^(102 + lg(1 + 4*19) + 2*b) - // < 2^(108.27 + 2*b) - // - // The carry (c[i] >> 51) fits into a u64 when - // 108.27 + 2*b - 51 < 64 - // 2*b < 6.73 - // b < 3.365. - // - // So we require b < 3 to ensure this fits. - debug_assert!(a[0] < (1 << 54)); debug_assert!(b[0] < (1 << 54)); - debug_assert!(a[1] < (1 << 54)); debug_assert!(b[1] < (1 << 54)); - debug_assert!(a[2] < (1 << 54)); debug_assert!(b[2] < (1 << 54)); - debug_assert!(a[3] < (1 << 54)); debug_assert!(b[3] < (1 << 54)); - debug_assert!(a[4] < (1 << 54)); debug_assert!(b[4] < (1 << 54)); - - // Casting to u64 and back tells the compiler that the carry is - // bounded by 2^64, so that the addition is a u128 + u64 rather - // than u128 + u128. - - const LOW_51_BIT_MASK: u64 = (1u64 << 51) - 1; - let mut out = [0u64; 5]; - - c1 += ((c0 >> 51) as u64) as u128; - out[0] = (c0 as u64) & LOW_51_BIT_MASK; - - c2 += ((c1 >> 51) as u64) as u128; - out[1] = (c1 as u64) & LOW_51_BIT_MASK; - - c3 += ((c2 >> 51) as u64) as u128; - out[2] = (c2 as u64) & LOW_51_BIT_MASK; - - c4 += ((c3 >> 51) as u64) as u128; - out[3] = (c3 as u64) & LOW_51_BIT_MASK; - - let carry: u64 = (c4 >> 51) as u64; - out[4] = (c4 as u64) & LOW_51_BIT_MASK; - - // To see that this does not overflow, we need out[0] + carry * 19 < 2^64. - // - // c4 < a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0 + (carry from c3) - // < 5*(2^(51 + b) * 2^(51 + b)) + (carry from c3) - // < 2^(102 + 2*b + lg(5)) + 2^64. - // - // When b < 3 we get - // - // c4 < 2^110.33 so that carry < 2^59.33 - // - // so that - // - // out[0] + carry * 19 < 2^51 + 19 * 2^59.33 < 2^63.58 - // - // and there is no overflow. - out[0] = out[0] + carry * 19; - - // Now out[1] < 2^51 + 2^(64 -51) = 2^51 + 2^13 < 2^(51 + epsilon). - out[1] += out[0] >> 51; - out[0] &= LOW_51_BIT_MASK; - - // Now out[i] < 2^(51 + epsilon) for all i. - FieldElement51(out) - } -} - -impl<'a> Neg for &'a FieldElement51 { - type Output = FieldElement51; - fn neg(self) -> FieldElement51 { - let mut output = *self; - output.negate(); - output - } -} - -impl ConditionallySelectable for FieldElement51 { - fn conditional_select( - a: &FieldElement51, - b: &FieldElement51, - choice: Choice, - ) -> FieldElement51 { - FieldElement51([ - u64::conditional_select(&a.0[0], &b.0[0], choice), - u64::conditional_select(&a.0[1], &b.0[1], choice), - u64::conditional_select(&a.0[2], &b.0[2], choice), - u64::conditional_select(&a.0[3], &b.0[3], choice), - u64::conditional_select(&a.0[4], &b.0[4], choice), - ]) - } - - fn conditional_swap(a: &mut FieldElement51, b: &mut FieldElement51, choice: Choice) { - u64::conditional_swap(&mut a.0[0], &mut b.0[0], choice); - u64::conditional_swap(&mut a.0[1], &mut b.0[1], choice); - u64::conditional_swap(&mut a.0[2], &mut b.0[2], choice); - u64::conditional_swap(&mut a.0[3], &mut b.0[3], choice); - u64::conditional_swap(&mut a.0[4], &mut b.0[4], choice); - } - - fn conditional_assign(&mut self, other: &FieldElement51, choice: Choice) { - self.0[0].conditional_assign(&other.0[0], choice); - self.0[1].conditional_assign(&other.0[1], choice); - self.0[2].conditional_assign(&other.0[2], choice); - self.0[3].conditional_assign(&other.0[3], choice); - self.0[4].conditional_assign(&other.0[4], choice); - } -} - -impl FieldElement51 { - /// Invert the sign of this field element - pub fn negate(&mut self) { - // See commentary in the Sub impl - let neg = FieldElement51::reduce([ - 36028797018963664u64 - self.0[0], - 36028797018963952u64 - self.0[1], - 36028797018963952u64 - self.0[2], - 36028797018963952u64 - self.0[3], - 36028797018963952u64 - self.0[4], - ]); - self.0 = neg.0; - } - - /// Construct zero. - pub fn zero() -> FieldElement51 { - FieldElement51([ 0, 0, 0, 0, 0 ]) - } - - /// Construct one. - pub fn one() -> FieldElement51 { - FieldElement51([ 1, 0, 0, 0, 0 ]) - } - - /// Construct -1. - pub fn minus_one() -> FieldElement51 { - FieldElement51([2251799813685228, 2251799813685247, 2251799813685247, 2251799813685247, 2251799813685247]) - } - - /// Given 64-bit input limbs, reduce to enforce the bound 2^(51 + epsilon). - #[inline(always)] - fn reduce(mut limbs: [u64; 5]) -> FieldElement51 { - const LOW_51_BIT_MASK: u64 = (1u64 << 51) - 1; - - // Since the input limbs are bounded by 2^64, the biggest - // carry-out is bounded by 2^13. - // - // The biggest carry-in is c4 * 19, resulting in - // - // 2^51 + 19*2^13 < 2^51.0000000001 - // - // Because we don't need to canonicalize, only to reduce the - // limb sizes, it's OK to do a "weak reduction", where we - // compute the carry-outs in parallel. - - let c0 = limbs[0] >> 51; - let c1 = limbs[1] >> 51; - let c2 = limbs[2] >> 51; - let c3 = limbs[3] >> 51; - let c4 = limbs[4] >> 51; - - limbs[0] &= LOW_51_BIT_MASK; - limbs[1] &= LOW_51_BIT_MASK; - limbs[2] &= LOW_51_BIT_MASK; - limbs[3] &= LOW_51_BIT_MASK; - limbs[4] &= LOW_51_BIT_MASK; - - limbs[0] += c4 * 19; - limbs[1] += c0; - limbs[2] += c1; - limbs[3] += c2; - limbs[4] += c3; - - FieldElement51(limbs) - } - - /// Load a `FieldElement51` from the low 255 bits of a 256-bit - /// input. - /// - /// # Warning - /// - /// This function does not check that the input used the canonical - /// representative. It masks the high bit, but it will happily - /// decode 2^255 - 18 to 1. Applications that require a canonical - /// encoding of every field element should decode, re-encode to - /// the canonical encoding, and check that the input was - /// canonical. - /// - pub fn from_bytes(bytes: &[u8; 32]) -> FieldElement51 { - let load8 = |input: &[u8]| -> u64 { - (input[0] as u64) - | ((input[1] as u64) << 8) - | ((input[2] as u64) << 16) - | ((input[3] as u64) << 24) - | ((input[4] as u64) << 32) - | ((input[5] as u64) << 40) - | ((input[6] as u64) << 48) - | ((input[7] as u64) << 56) - }; - - let low_51_bit_mask = (1u64 << 51) - 1; - FieldElement51( - // load bits [ 0, 64), no shift - [ load8(&bytes[ 0..]) & low_51_bit_mask - // load bits [ 48,112), shift to [ 51,112) - , (load8(&bytes[ 6..]) >> 3) & low_51_bit_mask - // load bits [ 96,160), shift to [102,160) - , (load8(&bytes[12..]) >> 6) & low_51_bit_mask - // load bits [152,216), shift to [153,216) - , (load8(&bytes[19..]) >> 1) & low_51_bit_mask - // load bits [192,256), shift to [204,112) - , (load8(&bytes[24..]) >> 12) & low_51_bit_mask - ]) - } - - /// Serialize this `FieldElement51` to a 32-byte array. The - /// encoding is canonical. - pub fn to_bytes(&self) -> [u8; 32] { - // Let h = limbs[0] + limbs[1]*2^51 + ... + limbs[4]*2^204. - // - // Write h = pq + r with 0 <= r < p. - // - // We want to compute r = h mod p. - // - // If h < 2*p = 2^256 - 38, - // then q = 0 or 1, - // - // with q = 0 when h < p - // and q = 1 when h >= p. - // - // Notice that h >= p <==> h + 19 >= p + 19 <==> h + 19 >= 2^255. - // Therefore q can be computed as the carry bit of h + 19. - - // First, reduce the limbs to ensure h < 2*p. - let mut limbs = FieldElement51::reduce(self.0).0; - - let mut q = (limbs[0] + 19) >> 51; - q = (limbs[1] + q) >> 51; - q = (limbs[2] + q) >> 51; - q = (limbs[3] + q) >> 51; - q = (limbs[4] + q) >> 51; - - // Now we can compute r as r = h - pq = r - (2^255-19)q = r + 19q - 2^255q - - limbs[0] += 19*q; - - // Now carry the result to compute r + 19q ... - let low_51_bit_mask = (1u64 << 51) - 1; - limbs[1] += limbs[0] >> 51; - limbs[0] = limbs[0] & low_51_bit_mask; - limbs[2] += limbs[1] >> 51; - limbs[1] = limbs[1] & low_51_bit_mask; - limbs[3] += limbs[2] >> 51; - limbs[2] = limbs[2] & low_51_bit_mask; - limbs[4] += limbs[3] >> 51; - limbs[3] = limbs[3] & low_51_bit_mask; - // ... but instead of carrying (limbs[4] >> 51) = 2^255q - // into another limb, discard it, subtracting the value - limbs[4] = limbs[4] & low_51_bit_mask; - - // Now arrange the bits of the limbs. - let mut s = [0u8;32]; - s[ 0] = limbs[0] as u8; - s[ 1] = (limbs[0] >> 8) as u8; - s[ 2] = (limbs[0] >> 16) as u8; - s[ 3] = (limbs[0] >> 24) as u8; - s[ 4] = (limbs[0] >> 32) as u8; - s[ 5] = (limbs[0] >> 40) as u8; - s[ 6] = ((limbs[0] >> 48) | (limbs[1] << 3)) as u8; - s[ 7] = (limbs[1] >> 5) as u8; - s[ 8] = (limbs[1] >> 13) as u8; - s[ 9] = (limbs[1] >> 21) as u8; - s[10] = (limbs[1] >> 29) as u8; - s[11] = (limbs[1] >> 37) as u8; - s[12] = ((limbs[1] >> 45) | (limbs[2] << 6)) as u8; - s[13] = (limbs[2] >> 2) as u8; - s[14] = (limbs[2] >> 10) as u8; - s[15] = (limbs[2] >> 18) as u8; - s[16] = (limbs[2] >> 26) as u8; - s[17] = (limbs[2] >> 34) as u8; - s[18] = (limbs[2] >> 42) as u8; - s[19] = ((limbs[2] >> 50) | (limbs[3] << 1)) as u8; - s[20] = (limbs[3] >> 7) as u8; - s[21] = (limbs[3] >> 15) as u8; - s[22] = (limbs[3] >> 23) as u8; - s[23] = (limbs[3] >> 31) as u8; - s[24] = (limbs[3] >> 39) as u8; - s[25] = ((limbs[3] >> 47) | (limbs[4] << 4)) as u8; - s[26] = (limbs[4] >> 4) as u8; - s[27] = (limbs[4] >> 12) as u8; - s[28] = (limbs[4] >> 20) as u8; - s[29] = (limbs[4] >> 28) as u8; - s[30] = (limbs[4] >> 36) as u8; - s[31] = (limbs[4] >> 44) as u8; - - // High bit should be zero. - debug_assert!((s[31] & 0b1000_0000u8) == 0u8); - - s - } - - /// Given `k > 0`, return `self^(2^k)`. - pub fn pow2k(&self, mut k: u32) -> FieldElement51 { - - debug_assert!( k > 0 ); - - /// Multiply two 64-bit integers with 128 bits of output. - #[inline(always)] - fn m(x: u64, y: u64) -> u128 { (x as u128) * (y as u128) } - - let mut a: [u64; 5] = self.0; - - loop { - // Precondition: assume input limbs a[i] are bounded as - // - // a[i] < 2^(51 + b) - // - // where b is a real parameter measuring the "bit excess" of the limbs. - - // Precomputation: 64-bit multiply by 19. - // - // This fits into a u64 whenever 51 + b + lg(19) < 64. - // - // Since 51 + b + lg(19) < 51 + 4.25 + b - // = 55.25 + b, - // this fits if b < 8.75. - let a3_19 = 19 * a[3]; - let a4_19 = 19 * a[4]; - - // Multiply to get 128-bit coefficients of output. - // - // The 128-bit multiplications by 2 turn into 1 slr + 1 slrd each, - // which doesn't seem any better or worse than doing them as precomputations - // on the 64-bit inputs. - let c0: u128 = m(a[0], a[0]) + 2*( m(a[1], a4_19) + m(a[2], a3_19) ); - let mut c1: u128 = m(a[3], a3_19) + 2*( m(a[0], a[1]) + m(a[2], a4_19) ); - let mut c2: u128 = m(a[1], a[1]) + 2*( m(a[0], a[2]) + m(a[4], a3_19) ); - let mut c3: u128 = m(a[4], a4_19) + 2*( m(a[0], a[3]) + m(a[1], a[2]) ); - let mut c4: u128 = m(a[2], a[2]) + 2*( m(a[0], a[4]) + m(a[1], a[3]) ); - - // Same bound as in multiply: - // c[i] < 2^(102 + 2*b) * (1+i + (4-i)*19) - // < 2^(102 + lg(1 + 4*19) + 2*b) - // < 2^(108.27 + 2*b) - // - // The carry (c[i] >> 51) fits into a u64 when - // 108.27 + 2*b - 51 < 64 - // 2*b < 6.73 - // b < 3.365. - // - // So we require b < 3 to ensure this fits. - debug_assert!(a[0] < (1 << 54)); - debug_assert!(a[1] < (1 << 54)); - debug_assert!(a[2] < (1 << 54)); - debug_assert!(a[3] < (1 << 54)); - debug_assert!(a[4] < (1 << 54)); - - const LOW_51_BIT_MASK: u64 = (1u64 << 51) - 1; - - // Casting to u64 and back tells the compiler that the carry is bounded by 2^64, so - // that the addition is a u128 + u64 rather than u128 + u128. - c1 += ((c0 >> 51) as u64) as u128; - a[0] = (c0 as u64) & LOW_51_BIT_MASK; - - c2 += ((c1 >> 51) as u64) as u128; - a[1] = (c1 as u64) & LOW_51_BIT_MASK; - - c3 += ((c2 >> 51) as u64) as u128; - a[2] = (c2 as u64) & LOW_51_BIT_MASK; - - c4 += ((c3 >> 51) as u64) as u128; - a[3] = (c3 as u64) & LOW_51_BIT_MASK; - - let carry: u64 = (c4 >> 51) as u64; - a[4] = (c4 as u64) & LOW_51_BIT_MASK; - - // To see that this does not overflow, we need a[0] + carry * 19 < 2^64. - // - // c4 < a2^2 + 2*a0*a4 + 2*a1*a3 + (carry from c3) - // < 2^(102 + 2*b + lg(5)) + 2^64. - // - // When b < 3 we get - // - // c4 < 2^110.33 so that carry < 2^59.33 - // - // so that - // - // a[0] + carry * 19 < 2^51 + 19 * 2^59.33 < 2^63.58 - // - // and there is no overflow. - a[0] = a[0] + carry * 19; - - // Now a[1] < 2^51 + 2^(64 -51) = 2^51 + 2^13 < 2^(51 + epsilon). - a[1] += a[0] >> 51; - a[0] &= LOW_51_BIT_MASK; - - // Now all a[i] < 2^(51 + epsilon) and a = self^(2^k). - - k = k - 1; - if k == 0 { - break; - } - } - - FieldElement51(a) - } - - /// Returns the square of this field element. - pub fn square(&self) -> FieldElement51 { - self.pow2k(1) - } - - /// Returns 2 times the square of this field element. - pub fn square2(&self) -> FieldElement51 { - let mut square = self.pow2k(1); - for i in 0..5 { - square.0[i] *= 2; - } - - square - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/scalar.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/scalar.rs deleted file mode 100644 index cee69da0ec47..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/scalar.rs +++ /dev/null @@ -1,450 +0,0 @@ -//! Arithmetic mod \\(2\^{252} + 27742317777372353535851937790883648493\\) -//! with five \\(52\\)-bit unsigned limbs. -//! -//! \\(51\\)-bit limbs would cover the desired bit range (\\(253\\) -//! bits), but isn't large enough to reduce a \\(512\\)-bit number with -//! Montgomery multiplication, so \\(52\\) bits is used instead. To see -//! that this is safe for intermediate results, note that the largest -//! limb in a \\(5\times 5\\) product of \\(52\\)-bit limbs will be -//! -//! ```text -//! (0xfffffffffffff^2) * 5 = 0x4ffffffffffff60000000000005 (107 bits). -//! ``` - -use core::fmt::Debug; -use core::ops::{Index, IndexMut}; - -use zeroize::Zeroize; - -use constants; - -/// The `Scalar52` struct represents an element in -/// \\(\mathbb Z / \ell \mathbb Z\\) as 5 \\(52\\)-bit limbs. -#[derive(Copy,Clone)] -pub struct Scalar52(pub [u64; 5]); - -impl Debug for Scalar52 { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "Scalar52: {:?}", &self.0[..]) - } -} - -impl Zeroize for Scalar52 { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -impl Index for Scalar52 { - type Output = u64; - fn index(&self, _index: usize) -> &u64 { - &(self.0[_index]) - } -} - -impl IndexMut for Scalar52 { - fn index_mut(&mut self, _index: usize) -> &mut u64 { - &mut (self.0[_index]) - } -} - -/// u64 * u64 = u128 multiply helper -#[inline(always)] -fn m(x: u64, y: u64) -> u128 { - (x as u128) * (y as u128) -} - -impl Scalar52 { - /// Return the zero scalar - pub fn zero() -> Scalar52 { - Scalar52([0,0,0,0,0]) - } - - /// Unpack a 32 byte / 256 bit scalar into 5 52-bit limbs. - pub fn from_bytes(bytes: &[u8; 32]) -> Scalar52 { - let mut words = [0u64; 4]; - for i in 0..4 { - for j in 0..8 { - words[i] |= (bytes[(i * 8) + j] as u64) << (j * 8); - } - } - - let mask = (1u64 << 52) - 1; - let top_mask = (1u64 << 48) - 1; - let mut s = Scalar52::zero(); - - s[ 0] = words[0] & mask; - s[ 1] = ((words[0] >> 52) | (words[1] << 12)) & mask; - s[ 2] = ((words[1] >> 40) | (words[2] << 24)) & mask; - s[ 3] = ((words[2] >> 28) | (words[3] << 36)) & mask; - s[ 4] = (words[3] >> 16) & top_mask; - - s - } - - /// Reduce a 64 byte / 512 bit scalar mod l - pub fn from_bytes_wide(bytes: &[u8; 64]) -> Scalar52 { - let mut words = [0u64; 8]; - for i in 0..8 { - for j in 0..8 { - words[i] |= (bytes[(i * 8) + j] as u64) << (j * 8); - } - } - - let mask = (1u64 << 52) - 1; - let mut lo = Scalar52::zero(); - let mut hi = Scalar52::zero(); - - lo[0] = words[ 0] & mask; - lo[1] = ((words[ 0] >> 52) | (words[ 1] << 12)) & mask; - lo[2] = ((words[ 1] >> 40) | (words[ 2] << 24)) & mask; - lo[3] = ((words[ 2] >> 28) | (words[ 3] << 36)) & mask; - lo[4] = ((words[ 3] >> 16) | (words[ 4] << 48)) & mask; - hi[0] = (words[ 4] >> 4) & mask; - hi[1] = ((words[ 4] >> 56) | (words[ 5] << 8)) & mask; - hi[2] = ((words[ 5] >> 44) | (words[ 6] << 20)) & mask; - hi[3] = ((words[ 6] >> 32) | (words[ 7] << 32)) & mask; - hi[4] = words[ 7] >> 20 ; - - lo = Scalar52::montgomery_mul(&lo, &constants::R); // (lo * R) / R = lo - hi = Scalar52::montgomery_mul(&hi, &constants::RR); // (hi * R^2) / R = hi * R - - Scalar52::add(&hi, &lo) - } - - /// Pack the limbs of this `Scalar52` into 32 bytes - pub fn to_bytes(&self) -> [u8; 32] { - let mut s = [0u8; 32]; - - s[0] = (self.0[ 0] >> 0) as u8; - s[1] = (self.0[ 0] >> 8) as u8; - s[2] = (self.0[ 0] >> 16) as u8; - s[3] = (self.0[ 0] >> 24) as u8; - s[4] = (self.0[ 0] >> 32) as u8; - s[5] = (self.0[ 0] >> 40) as u8; - s[6] = ((self.0[ 0] >> 48) | (self.0[ 1] << 4)) as u8; - s[7] = (self.0[ 1] >> 4) as u8; - s[8] = (self.0[ 1] >> 12) as u8; - s[9] = (self.0[ 1] >> 20) as u8; - s[10] = (self.0[ 1] >> 28) as u8; - s[11] = (self.0[ 1] >> 36) as u8; - s[12] = (self.0[ 1] >> 44) as u8; - s[13] = (self.0[ 2] >> 0) as u8; - s[14] = (self.0[ 2] >> 8) as u8; - s[15] = (self.0[ 2] >> 16) as u8; - s[16] = (self.0[ 2] >> 24) as u8; - s[17] = (self.0[ 2] >> 32) as u8; - s[18] = (self.0[ 2] >> 40) as u8; - s[19] = ((self.0[ 2] >> 48) | (self.0[ 3] << 4)) as u8; - s[20] = (self.0[ 3] >> 4) as u8; - s[21] = (self.0[ 3] >> 12) as u8; - s[22] = (self.0[ 3] >> 20) as u8; - s[23] = (self.0[ 3] >> 28) as u8; - s[24] = (self.0[ 3] >> 36) as u8; - s[25] = (self.0[ 3] >> 44) as u8; - s[26] = (self.0[ 4] >> 0) as u8; - s[27] = (self.0[ 4] >> 8) as u8; - s[28] = (self.0[ 4] >> 16) as u8; - s[29] = (self.0[ 4] >> 24) as u8; - s[30] = (self.0[ 4] >> 32) as u8; - s[31] = (self.0[ 4] >> 40) as u8; - - s - } - - /// Compute `a + b` (mod l) - pub fn add(a: &Scalar52, b: &Scalar52) -> Scalar52 { - let mut sum = Scalar52::zero(); - let mask = (1u64 << 52) - 1; - - // a + b - let mut carry: u64 = 0; - for i in 0..5 { - carry = a[i] + b[i] + (carry >> 52); - sum[i] = carry & mask; - } - - // subtract l if the sum is >= l - Scalar52::sub(&sum, &constants::L) - } - - /// Compute `a - b` (mod l) - pub fn sub(a: &Scalar52, b: &Scalar52) -> Scalar52 { - let mut difference = Scalar52::zero(); - let mask = (1u64 << 52) - 1; - - // a - b - let mut borrow: u64 = 0; - for i in 0..5 { - borrow = a[i].wrapping_sub(b[i] + (borrow >> 63)); - difference[i] = borrow & mask; - } - - // conditionally add l if the difference is negative - let underflow_mask = ((borrow >> 63) ^ 1).wrapping_sub(1); - let mut carry: u64 = 0; - for i in 0..5 { - carry = (carry >> 52) + difference[i] + (constants::L[i] & underflow_mask); - difference[i] = carry & mask; - } - - difference - } - - /// Compute `a * b` - #[inline(always)] - pub (crate) fn mul_internal(a: &Scalar52, b: &Scalar52) -> [u128; 9] { - let mut z = [0u128; 9]; - - z[0] = m(a[0],b[0]); - z[1] = m(a[0],b[1]) + m(a[1],b[0]); - z[2] = m(a[0],b[2]) + m(a[1],b[1]) + m(a[2],b[0]); - z[3] = m(a[0],b[3]) + m(a[1],b[2]) + m(a[2],b[1]) + m(a[3],b[0]); - z[4] = m(a[0],b[4]) + m(a[1],b[3]) + m(a[2],b[2]) + m(a[3],b[1]) + m(a[4],b[0]); - z[5] = m(a[1],b[4]) + m(a[2],b[3]) + m(a[3],b[2]) + m(a[4],b[1]); - z[6] = m(a[2],b[4]) + m(a[3],b[3]) + m(a[4],b[2]); - z[7] = m(a[3],b[4]) + m(a[4],b[3]); - z[8] = m(a[4],b[4]); - - z - } - - /// Compute `a^2` - #[inline(always)] - fn square_internal(a: &Scalar52) -> [u128; 9] { - let aa = [ - a[0]*2, - a[1]*2, - a[2]*2, - a[3]*2, - ]; - - [ - m( a[0],a[0]), - m(aa[0],a[1]), - m(aa[0],a[2]) + m( a[1],a[1]), - m(aa[0],a[3]) + m(aa[1],a[2]), - m(aa[0],a[4]) + m(aa[1],a[3]) + m( a[2],a[2]), - m(aa[1],a[4]) + m(aa[2],a[3]), - m(aa[2],a[4]) + m( a[3],a[3]), - m(aa[3],a[4]), - m(a[4],a[4]) - ] - } - - /// Compute `limbs/R` (mod l), where R is the Montgomery modulus 2^260 - #[inline(always)] - pub (crate) fn montgomery_reduce(limbs: &[u128; 9]) -> Scalar52 { - - #[inline(always)] - fn part1(sum: u128) -> (u128, u64) { - let p = (sum as u64).wrapping_mul(constants::LFACTOR) & ((1u64 << 52) - 1); - ((sum + m(p,constants::L[0])) >> 52, p) - } - - #[inline(always)] - fn part2(sum: u128) -> (u128, u64) { - let w = (sum as u64) & ((1u64 << 52) - 1); - (sum >> 52, w) - } - - // note: l[3] is zero, so its multiples can be skipped - let l = &constants::L; - - // the first half computes the Montgomery adjustment factor n, and begins adding n*l to make limbs divisible by R - let (carry, n0) = part1( limbs[0]); - let (carry, n1) = part1(carry + limbs[1] + m(n0,l[1])); - let (carry, n2) = part1(carry + limbs[2] + m(n0,l[2]) + m(n1,l[1])); - let (carry, n3) = part1(carry + limbs[3] + m(n1,l[2]) + m(n2,l[1])); - let (carry, n4) = part1(carry + limbs[4] + m(n0,l[4]) + m(n2,l[2]) + m(n3,l[1])); - - // limbs is divisible by R now, so we can divide by R by simply storing the upper half as the result - let (carry, r0) = part2(carry + limbs[5] + m(n1,l[4]) + m(n3,l[2]) + m(n4,l[1])); - let (carry, r1) = part2(carry + limbs[6] + m(n2,l[4]) + m(n4,l[2])); - let (carry, r2) = part2(carry + limbs[7] + m(n3,l[4]) ); - let (carry, r3) = part2(carry + limbs[8] + m(n4,l[4])); - let r4 = carry as u64; - - // result may be >= l, so attempt to subtract l - Scalar52::sub(&Scalar52([r0,r1,r2,r3,r4]), l) - } - - /// Compute `a * b` (mod l) - #[inline(never)] - pub fn mul(a: &Scalar52, b: &Scalar52) -> Scalar52 { - let ab = Scalar52::montgomery_reduce(&Scalar52::mul_internal(a, b)); - Scalar52::montgomery_reduce(&Scalar52::mul_internal(&ab, &constants::RR)) - } - - /// Compute `a^2` (mod l) - #[inline(never)] - #[allow(dead_code)] // XXX we don't expose square() via the Scalar API - pub fn square(&self) -> Scalar52 { - let aa = Scalar52::montgomery_reduce(&Scalar52::square_internal(self)); - Scalar52::montgomery_reduce(&Scalar52::mul_internal(&aa, &constants::RR)) - } - - /// Compute `(a * b) / R` (mod l), where R is the Montgomery modulus 2^260 - #[inline(never)] - pub fn montgomery_mul(a: &Scalar52, b: &Scalar52) -> Scalar52 { - Scalar52::montgomery_reduce(&Scalar52::mul_internal(a, b)) - } - - /// Compute `(a^2) / R` (mod l) in Montgomery form, where R is the Montgomery modulus 2^260 - #[inline(never)] - pub fn montgomery_square(&self) -> Scalar52 { - Scalar52::montgomery_reduce(&Scalar52::square_internal(self)) - } - - /// Puts a Scalar52 in to Montgomery form, i.e. computes `a*R (mod l)` - #[inline(never)] - pub fn to_montgomery(&self) -> Scalar52 { - Scalar52::montgomery_mul(self, &constants::RR) - } - - /// Takes a Scalar52 out of Montgomery form, i.e. computes `a/R (mod l)` - #[inline(never)] - pub fn from_montgomery(&self) -> Scalar52 { - let mut limbs = [0u128; 9]; - for i in 0..5 { - limbs[i] = self[i] as u128; - } - Scalar52::montgomery_reduce(&limbs) - } -} - - -#[cfg(test)] -mod test { - use super::*; - - /// Note: x is 2^253-1 which is slightly larger than the largest scalar produced by - /// this implementation (l-1), and should show there are no overflows for valid scalars - /// - /// x = 14474011154664524427946373126085988481658748083205070504932198000989141204991 - /// x = 7237005577332262213973186563042994240801631723825162898930247062703686954002 mod l - /// x = 3057150787695215392275360544382990118917283750546154083604586903220563173085*R mod l in Montgomery form - pub static X: Scalar52 = Scalar52( - [0x000fffffffffffff, 0x000fffffffffffff, 0x000fffffffffffff, 0x000fffffffffffff, - 0x00001fffffffffff]); - - /// x^2 = 3078544782642840487852506753550082162405942681916160040940637093560259278169 mod l - pub static XX: Scalar52 = Scalar52( - [0x0001668020217559, 0x000531640ffd0ec0, 0x00085fd6f9f38a31, 0x000c268f73bb1cf4, - 0x000006ce65046df0]); - - /// x^2 = 4413052134910308800482070043710297189082115023966588301924965890668401540959*R mod l in Montgomery form - pub static XX_MONT: Scalar52 = Scalar52( - [0x000c754eea569a5c, 0x00063b6ed36cb215, 0x0008ffa36bf25886, 0x000e9183614e7543, - 0x0000061db6c6f26f]); - - /// y = 6145104759870991071742105800796537629880401874866217824609283457819451087098 - pub static Y: Scalar52 = Scalar52( - [0x000b75071e1458fa, 0x000bf9d75e1ecdac, 0x000433d2baf0672b, 0x0005fffcc11fad13, - 0x00000d96018bb825]); - - /// x*y = 36752150652102274958925982391442301741 mod l - pub static XY: Scalar52 = Scalar52( - [0x000ee6d76ba7632d, 0x000ed50d71d84e02, 0x00000000001ba634, 0x0000000000000000, - 0x0000000000000000]); - - /// x*y = 658448296334113745583381664921721413881518248721417041768778176391714104386*R mod l in Montgomery form - pub static XY_MONT: Scalar52 = Scalar52( - [0x0006d52bf200cfd5, 0x00033fb1d7021570, 0x000f201bc07139d8, 0x0001267e3e49169e, - 0x000007b839c00268]); - - /// a = 2351415481556538453565687241199399922945659411799870114962672658845158063753 - pub static A: Scalar52 = Scalar52( - [0x0005236c07b3be89, 0x0001bc3d2a67c0c4, 0x000a4aa782aae3ee, 0x0006b3f6e4fec4c4, - 0x00000532da9fab8c]); - - /// b = 4885590095775723760407499321843594317911456947580037491039278279440296187236 - pub static B: Scalar52 = Scalar52( - [0x000d3fae55421564, 0x000c2df24f65a4bc, 0x0005b5587d69fb0b, 0x00094c091b013b3b, - 0x00000acd25605473]); - - /// a+b = 0 - /// a-b = 4702830963113076907131374482398799845891318823599740229925345317690316127506 - pub static AB: Scalar52 = Scalar52( - [0x000a46d80f677d12, 0x0003787a54cf8188, 0x0004954f0555c7dc, 0x000d67edc9fd8989, - 0x00000a65b53f5718]); - - // c = (2^512 - 1) % l = 1627715501170711445284395025044413883736156588369414752970002579683115011840 - pub static C: Scalar52 = Scalar52( - [0x000611e3449c0f00, 0x000a768859347a40, 0x0007f5be65d00e1b, 0x0009a3dceec73d21, - 0x00000399411b7c30]); - - #[test] - fn mul_max() { - let res = Scalar52::mul(&X, &X); - for i in 0..5 { - assert!(res[i] == XX[i]); - } - } - - #[test] - fn square_max() { - let res = X.square(); - for i in 0..5 { - assert!(res[i] == XX[i]); - } - } - - #[test] - fn montgomery_mul_max() { - let res = Scalar52::montgomery_mul(&X, &X); - for i in 0..5 { - assert!(res[i] == XX_MONT[i]); - } - } - - #[test] - fn montgomery_square_max() { - let res = X.montgomery_square(); - for i in 0..5 { - assert!(res[i] == XX_MONT[i]); - } - } - - #[test] - fn mul() { - let res = Scalar52::mul(&X, &Y); - for i in 0..5 { - assert!(res[i] == XY[i]); - } - } - - #[test] - fn montgomery_mul() { - let res = Scalar52::montgomery_mul(&X, &Y); - for i in 0..5 { - assert!(res[i] == XY_MONT[i]); - } - } - - #[test] - fn add() { - let res = Scalar52::add(&A, &B); - let zero = Scalar52::zero(); - for i in 0..5 { - assert!(res[i] == zero[i]); - } - } - - #[test] - fn sub() { - let res = Scalar52::sub(&A, &B); - for i in 0..5 { - assert!(res[i] == AB[i]); - } - } - - #[test] - fn from_bytes_wide() { - let bignum = [255u8; 64]; // 2^512 - 1 - let reduced = Scalar52::from_bytes_wide(&bignum); - for i in 0..5 { - assert!(reduced[i] == C[i]); - } - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/constants.rs deleted file mode 100644 index 122068e31025..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/constants.rs +++ /dev/null @@ -1,3428 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! This module contains constants used by the AVX2 backend. - -use packed_simd::u32x8; - -use backend::vector::avx2::edwards::{CachedPoint, ExtendedPoint}; -use backend::vector::avx2::field::FieldElement2625x4; -use window::NafLookupTable8; - -/// The identity element as an `ExtendedPoint`. -pub(crate) static EXTENDEDPOINT_IDENTITY: ExtendedPoint = ExtendedPoint(FieldElement2625x4([ - u32x8::new(0, 1, 0, 0, 1, 0, 0, 0), - u32x8::splat(0), - u32x8::splat(0), - u32x8::splat(0), - u32x8::splat(0), -])); - -/// The identity element as a `CachedPoint`. -pub(crate) static CACHEDPOINT_IDENTITY: CachedPoint = CachedPoint(FieldElement2625x4([ - u32x8::new(121647, 121666, 0, 0, 243332, 67108845, 0, 33554431), - u32x8::new(67108864, 0, 33554431, 0, 0, 67108863, 0, 33554431), - u32x8::new(67108863, 0, 33554431, 0, 0, 67108863, 0, 33554431), - u32x8::new(67108863, 0, 33554431, 0, 0, 67108863, 0, 33554431), - u32x8::new(67108863, 0, 33554431, 0, 0, 67108863, 0, 33554431), -])); - -/// The low limbs of (2p, 2p, 2p, 2p), so that -/// ```ascii,no_run -/// (2p, 2p, 2p, 2p) = [P_TIMES_2_LO, P_TIMES_2_HI, P_TIMES_2_HI, P_TIMES_2_HI, P_TIMES_2_HI] -/// ``` -pub(crate) static P_TIMES_2_LO: u32x8 = u32x8::new( - 67108845 << 1, - 67108845 << 1, - 33554431 << 1, - 33554431 << 1, - 67108845 << 1, - 67108845 << 1, - 33554431 << 1, - 33554431 << 1, -); - -/// The high limbs of (2p, 2p, 2p, 2p), so that -/// ```ascii,no_run -/// (2p, 2p, 2p, 2p) = [P_TIMES_2_LO, P_TIMES_2_HI, P_TIMES_2_HI, P_TIMES_2_HI, P_TIMES_2_HI] -/// ``` -pub(crate) static P_TIMES_2_HI: u32x8 = u32x8::new( - 67108863 << 1, - 67108863 << 1, - 33554431 << 1, - 33554431 << 1, - 67108863 << 1, - 67108863 << 1, - 33554431 << 1, - 33554431 << 1, -); - -/// The low limbs of (16p, 16p, 16p, 16p), so that -/// ```ascii,no_run -/// (16p, 16p, 16p, 16p) = [P_TIMES_16_LO, P_TIMES_16_HI, P_TIMES_16_HI, P_TIMES_16_HI, P_TIMES_16_HI] -/// ``` -pub(crate) static P_TIMES_16_LO: u32x8 = u32x8::new( - 67108845 << 4, - 67108845 << 4, - 33554431 << 4, - 33554431 << 4, - 67108845 << 4, - 67108845 << 4, - 33554431 << 4, - 33554431 << 4, -); - -/// The high limbs of (16p, 16p, 16p, 16p), so that -/// ```ascii,no_run -/// (16p, 16p, 16p, 16p) = [P_TIMES_16_LO, P_TIMES_16_HI, P_TIMES_16_HI, P_TIMES_16_HI, P_TIMES_16_HI] -/// ``` -pub(crate) static P_TIMES_16_HI: u32x8 = u32x8::new( - 67108863 << 4, - 67108863 << 4, - 33554431 << 4, - 33554431 << 4, - 67108863 << 4, - 67108863 << 4, - 33554431 << 4, - 33554431 << 4, -); - -/// Odd multiples of the Ed25519 basepoint: -pub(crate) static BASEPOINT_ODD_LOOKUP_TABLE: NafLookupTable8 = NafLookupTable8([ - CachedPoint(FieldElement2625x4([ - u32x8::new( - 3571425, - 10045002, - 19036563, - 1096096, - 243332, - 65897020, - 0, - 28963681, - ), - u32x8::new( - 30896895, - 63055514, - 1614915, - 5095970, - 0, - 53791688, - 0, - 31258312, - ), - u32x8::new( - 13347627, - 40339464, - 2236269, - 11185503, - 0, - 22520087, - 0, - 8659512, - ), - u32x8::new( - 11125413, - 29139905, - 32037254, - 28360723, - 0, - 64556417, - 0, - 9635759, - ), - u32x8::new( - 33268144, - 47262491, - 4336918, - 15795740, - 0, - 22027545, - 0, - 4846528, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 47099681, - 31447946, - 29365447, - 24740513, - 42991046, - 18317844, - 16051644, - 21404226, - ), - u32x8::new( - 31708133, - 28909527, - 2366091, - 13703791, - 469246, - 54159622, - 2601402, - 32988002, - ), - u32x8::new( - 63432457, - 30251794, - 15163516, - 18491340, - 28144087, - 35605455, - 13682295, - 18474872, - ), - u32x8::new( - 12221607, - 4967598, - 26061980, - 26008006, - 20226147, - 9726961, - 17410, - 18051083, - ), - u32x8::new( - 60569645, - 62487085, - 11911242, - 21920922, - 4092105, - 38186967, - 22431483, - 31366585, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 18147205, - 62587998, - 2554617, - 536692, - 11924528, - 26674131, - 17645433, - 24341419, - ), - u32x8::new( - 11573357, - 27579485, - 31491870, - 29000885, - 10800976, - 51902791, - 28076395, - 20464029, - ), - u32x8::new( - 56031649, - 10856669, - 11791193, - 26769430, - 25306956, - 5922200, - 6630685, - 9385098, - ), - u32x8::new( - 31319348, - 23906711, - 16290213, - 32142166, - 61106354, - 17181823, - 3548308, - 12022566, - ), - u32x8::new( - 5904298, - 50218605, - 11826440, - 5492249, - 10379071, - 3472255, - 172742, - 31948344, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 10625852, - 15193821, - 22918394, - 23676410, - 53695416, - 54987793, - 10067515, - 11747680, - ), - u32x8::new( - 65013325, - 1309652, - 29616320, - 28922974, - 60360891, - 19621771, - 9938982, - 30406429, - ), - u32x8::new( - 54967954, - 65931918, - 5595602, - 25719523, - 64909864, - 30566415, - 15945272, - 8495317, - ), - u32x8::new( - 1167157, - 55265018, - 11507029, - 31641054, - 43497904, - 2367338, - 12937761, - 27517066, - ), - u32x8::new( - 656704, - 2544994, - 13006713, - 480979, - 38471594, - 62541240, - 25353597, - 11531760, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 22176662, - 3984313, - 27495285, - 4110608, - 2909584, - 30594106, - 15677919, - 2549183, - ), - u32x8::new( - 33979105, - 62269905, - 2071511, - 6894756, - 53189950, - 47232857, - 6408191, - 6123225, - ), - u32x8::new( - 32553873, - 63948030, - 12612401, - 3633166, - 24054373, - 37626618, - 14481327, - 8520484, - ), - u32x8::new( - 56552486, - 10749438, - 12034813, - 28811946, - 1445640, - 36755601, - 12104575, - 10257833, - ), - u32x8::new( - 22795808, - 48761311, - 1136056, - 9380768, - 1411523, - 5341811, - 27318329, - 9686767, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 21157200, - 39156966, - 20473176, - 4934657, - 61478183, - 45121537, - 5429856, - 13035023, - ), - u32x8::new( - 7954529, - 58789246, - 31440083, - 7054221, - 38438565, - 36856107, - 1364112, - 14548122, - ), - u32x8::new( - 26120083, - 36321360, - 4919997, - 31687496, - 33757765, - 36237559, - 15243054, - 32163861, - ), - u32x8::new( - 25878307, - 46544824, - 19455951, - 2414935, - 16844726, - 56521560, - 32680554, - 26660660, - ), - u32x8::new( - 48360220, - 43407178, - 12187042, - 24925816, - 7423722, - 25746484, - 12814654, - 17395963, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 63153652, - 32195955, - 4087908, - 8431689, - 30392384, - 47203165, - 8986649, - 9053039, - ), - u32x8::new( - 63659241, - 47988767, - 2931872, - 19953600, - 11747107, - 51610101, - 20952181, - 13364887, - ), - u32x8::new( - 3659197, - 58790649, - 5930099, - 2605312, - 28477896, - 580728, - 20579735, - 2610622, - ), - u32x8::new( - 41781607, - 17161358, - 10690531, - 24368015, - 47027031, - 36742339, - 5414694, - 13156365, - ), - u32x8::new( - 13237853, - 51182423, - 8954802, - 29006542, - 22643989, - 56896541, - 22830593, - 10289708, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 1401265, - 58846825, - 30911620, - 32239180, - 15391552, - 15200821, - 6339309, - 16403588, - ), - u32x8::new( - 55913797, - 29541724, - 1664461, - 21709410, - 38470488, - 47097092, - 17674945, - 32666066, - ), - u32x8::new( - 22844482, - 10797709, - 27548106, - 31638735, - 34500968, - 26611503, - 19727211, - 13160873, - ), - u32x8::new( - 31485204, - 14496164, - 13981208, - 10276888, - 5748808, - 35024436, - 2740987, - 7479021, - ), - u32x8::new( - 58541207, - 14866135, - 32344041, - 545930, - 62661488, - 6941250, - 27940205, - 11976112, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 39849808, - 44781685, - 15697329, - 24387845, - 12501486, - 50260092, - 23199481, - 31929024, - ), - u32x8::new( - 24823070, - 27956017, - 27034296, - 10316465, - 47664045, - 11152446, - 15719183, - 30181617, - ), - u32x8::new( - 20771189, - 19969144, - 31433937, - 19185213, - 27565920, - 10384445, - 2893359, - 9255362, - ), - u32x8::new( - 42894974, - 11925545, - 32134441, - 32738810, - 55916336, - 32479272, - 19563550, - 5511385, - ), - u32x8::new( - 17857161, - 47809169, - 14564114, - 27997751, - 33024640, - 38669671, - 31956536, - 27313245, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 58237774, - 15917425, - 18872208, - 19394230, - 17374297, - 6101419, - 4839741, - 6596900, - ), - u32x8::new( - 66947393, - 15744215, - 18368993, - 17750160, - 41006525, - 9205497, - 2629667, - 32170865, - ), - u32x8::new( - 66481381, - 1919414, - 28338762, - 7372967, - 33819153, - 4156199, - 27126309, - 12739816, - ), - u32x8::new( - 44117158, - 58545296, - 22521371, - 11809712, - 28998792, - 50731010, - 30215699, - 25748377, - ), - u32x8::new( - 23561284, - 4160244, - 9035405, - 24895184, - 39761639, - 59253416, - 8684759, - 22487864, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 12671134, - 56419053, - 16092401, - 30038207, - 4002647, - 47822606, - 7151311, - 28430768, - ), - u32x8::new( - 61041684, - 35765374, - 30598048, - 19666539, - 44150175, - 40140037, - 290469, - 28442674, - ), - u32x8::new( - 18847796, - 1371617, - 33316881, - 13199936, - 43646578, - 17068881, - 12074900, - 1537415, - ), - u32x8::new( - 10052225, - 38316070, - 27469797, - 5297537, - 50725570, - 20435349, - 10339121, - 2779737, - ), - u32x8::new( - 18372189, - 15466385, - 24762130, - 22217964, - 23503887, - 47844464, - 10415034, - 2606889, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 55082775, - 45300503, - 16032654, - 5964396, - 17743504, - 24634761, - 19493066, - 5184611, - ), - u32x8::new( - 50172633, - 35093294, - 10040575, - 23616256, - 4543900, - 61852191, - 4049821, - 7423669, - ), - u32x8::new( - 20295398, - 40009376, - 10487190, - 15670429, - 51972856, - 58649552, - 20436392, - 3432497, - ), - u32x8::new( - 35189420, - 54117751, - 12825868, - 6283038, - 27540739, - 30648758, - 22658912, - 9466689, - ), - u32x8::new( - 51737549, - 40725785, - 17409814, - 25201086, - 21156239, - 34176168, - 26814520, - 5956424, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 8211442, - 8014184, - 6260823, - 22108096, - 32182620, - 51844847, - 2466270, - 28582231, - ), - u32x8::new( - 27199739, - 3848333, - 31738017, - 10892045, - 4963982, - 65391770, - 32551997, - 28906469, - ), - u32x8::new( - 16606846, - 32207068, - 26404535, - 7614129, - 45416902, - 65584718, - 13821785, - 2646060, - ), - u32x8::new( - 36090634, - 57981287, - 32247670, - 22837502, - 31003861, - 55448117, - 6062915, - 20369975, - ), - u32x8::new( - 27381403, - 50578107, - 522631, - 29521058, - 31137497, - 40220737, - 27628049, - 1824195, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 59402443, - 17056879, - 29262689, - 6131785, - 52551472, - 43367471, - 29423199, - 18899208, - ), - u32x8::new( - 5749414, - 43514612, - 11365899, - 21514624, - 65591890, - 60945892, - 19841732, - 5628567, - ), - u32x8::new( - 19334369, - 52500268, - 12307673, - 5267367, - 3212103, - 9035822, - 29142161, - 30520954, - ), - u32x8::new( - 57261330, - 6819646, - 22089161, - 9800373, - 55155453, - 62250856, - 13766735, - 25244545, - ), - u32x8::new( - 54370226, - 61888301, - 24496089, - 2540581, - 65637506, - 60274355, - 18154273, - 11687259, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 12521903, - 26014045, - 13995625, - 33360175, - 23605474, - 7376434, - 27229267, - 17195036, - ), - u32x8::new( - 59482891, - 10074423, - 574357, - 3857753, - 61377787, - 50306685, - 5241065, - 20234396, - ), - u32x8::new( - 23674717, - 6997172, - 20771841, - 16858511, - 40565304, - 29973136, - 7049812, - 14585010, - ), - u32x8::new( - 1427477, - 13295732, - 31762066, - 31499740, - 60419925, - 54666164, - 22009424, - 8089609, - ), - u32x8::new( - 58154031, - 41593020, - 15342328, - 957047, - 38937260, - 37037498, - 24871992, - 32973409, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 30654745, - 51286025, - 21206982, - 2433562, - 12780105, - 31732574, - 33087964, - 33081189, - ), - u32x8::new( - 66640017, - 42720009, - 16567620, - 15300745, - 1530367, - 33001123, - 20930247, - 21042661, - ), - u32x8::new( - 15003356, - 5294119, - 22985605, - 18928772, - 32628461, - 18230172, - 14773298, - 27193722, - ), - u32x8::new( - 27555, - 65346287, - 17017174, - 7837720, - 21499787, - 42855613, - 22474984, - 13675085, - ), - u32x8::new( - 24164369, - 50130116, - 5973149, - 24152073, - 1577334, - 25400030, - 18648484, - 32228854, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 49518649, - 59119280, - 31670678, - 20396561, - 61728330, - 651402, - 176032, - 9529498, - ), - u32x8::new( - 61765532, - 9082232, - 32794568, - 15526956, - 48543100, - 32614212, - 19001206, - 25680229, - ), - u32x8::new( - 32086091, - 10373081, - 8996131, - 31822823, - 35788988, - 49973190, - 30542040, - 17858455, - ), - u32x8::new( - 48130197, - 58121889, - 27753291, - 29923268, - 54448075, - 43300790, - 9336565, - 15770022, - ), - u32x8::new( - 57725546, - 20557498, - 9366233, - 16023566, - 16189031, - 2837363, - 24315301, - 27003505, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 28286608, - 10767548, - 18220739, - 5413236, - 48253387, - 58255702, - 11864864, - 28527159, - ), - u32x8::new( - 45038176, - 58655197, - 25648758, - 10951484, - 42564382, - 34542843, - 23146954, - 22234334, - ), - u32x8::new( - 14858710, - 24978793, - 15040559, - 4379220, - 47621477, - 40271440, - 15650420, - 1998736, - ), - u32x8::new( - 24106391, - 9626149, - 344505, - 25253814, - 34579800, - 59687089, - 25718289, - 25904133, - ), - u32x8::new( - 1981195, - 37751302, - 26132048, - 1764722, - 13288231, - 28808622, - 12531301, - 18292949, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 13869851, - 31448904, - 14963539, - 7581293, - 20536485, - 35021083, - 21257574, - 33356609, - ), - u32x8::new( - 36903364, - 18429241, - 11097857, - 5943856, - 60583077, - 40015815, - 30509523, - 31915271, - ), - u32x8::new( - 49161801, - 40681915, - 67892, - 25454357, - 22779677, - 25798439, - 15964829, - 5863227, - ), - u32x8::new( - 60810637, - 4496471, - 5217137, - 14095116, - 50942411, - 50712663, - 2507380, - 26844507, - ), - u32x8::new( - 34579752, - 53519385, - 10859797, - 18816024, - 42552864, - 39478521, - 6783896, - 17277037, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 43287109, - 27900723, - 33182187, - 2766754, - 17041989, - 1018260, - 33392790, - 4830032, - ), - u32x8::new( - 60194178, - 30788903, - 24728888, - 14513195, - 20897010, - 28843233, - 20111980, - 17475240, - ), - u32x8::new( - 46042274, - 19257042, - 4628173, - 31649727, - 27388316, - 66631493, - 11541886, - 6408028, - ), - u32x8::new( - 57024680, - 49536568, - 32050358, - 31321917, - 17437691, - 49672356, - 2884755, - 20493991, - ), - u32x8::new( - 59553007, - 46782643, - 29001173, - 1814088, - 21930692, - 51319706, - 14965872, - 30748046, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 16441817, - 36111849, - 6900424, - 602234, - 46522199, - 16441484, - 8135070, - 21726541, - ), - u32x8::new( - 37711225, - 32701959, - 11679112, - 13125533, - 32154135, - 9407918, - 26554289, - 620848, - ), - u32x8::new( - 19233407, - 30086864, - 14679568, - 2797374, - 4892806, - 7993077, - 247658, - 5632804, - ), - u32x8::new( - 37427262, - 26675495, - 27125659, - 13496131, - 50718473, - 40115609, - 28505351, - 27837393, - ), - u32x8::new( - 196819, - 18410429, - 7070012, - 21691388, - 29763371, - 24754123, - 9727048, - 10930179, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 28319289, - 40734650, - 16225680, - 24739184, - 64272368, - 35356897, - 7866648, - 13635853, - ), - u32x8::new( - 34165295, - 48328447, - 27041670, - 23643655, - 48949950, - 52963288, - 30411133, - 6045174, - ), - u32x8::new( - 18583559, - 41649834, - 9813585, - 26098520, - 25682734, - 26733526, - 19276490, - 10654728, - ), - u32x8::new( - 34867476, - 52715968, - 5694571, - 13380978, - 15134994, - 1831255, - 8608001, - 17266401, - ), - u32x8::new( - 59925903, - 44282172, - 27802465, - 1855069, - 14234749, - 36635487, - 11302294, - 10938429, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 8373273, - 49064494, - 4932071, - 32997499, - 38472880, - 29335908, - 14504412, - 22460029, - ), - u32x8::new( - 31795930, - 50785923, - 25835990, - 25790073, - 65669841, - 11360450, - 9969157, - 9008164, - ), - u32x8::new( - 50262498, - 45869261, - 16124434, - 15336007, - 882762, - 42522623, - 11277198, - 26296377, - ), - u32x8::new( - 42332732, - 59129236, - 14452816, - 567985, - 208061, - 34722729, - 32008143, - 14828749, - ), - u32x8::new( - 17937794, - 36846032, - 32102665, - 4442466, - 19745435, - 31633451, - 7146411, - 15812027, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 30741269, - 38648744, - 12562645, - 30092623, - 25073992, - 28730659, - 27911745, - 30000958, - ), - u32x8::new( - 2859794, - 25991700, - 17776078, - 27091930, - 2328322, - 60061146, - 18581824, - 18039008, - ), - u32x8::new( - 58206333, - 17917354, - 1972306, - 11853766, - 2655376, - 60543390, - 18416710, - 13287440, - ), - u32x8::new( - 62746330, - 61423885, - 21246577, - 2266675, - 60099139, - 14804707, - 14772234, - 20679434, - ), - u32x8::new( - 26987698, - 15488817, - 715616, - 2339565, - 51980752, - 17333865, - 21965103, - 10839820, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 18672548, - 57660959, - 16042910, - 19519287, - 62865851, - 17580961, - 26628347, - 23774759, - ), - u32x8::new( - 368070, - 3464471, - 25888304, - 30370559, - 52396053, - 45426828, - 28745251, - 9246829, - ), - u32x8::new( - 29090099, - 57950037, - 23104657, - 4903923, - 10987778, - 56163684, - 23621539, - 10332760, - ), - u32x8::new( - 53338235, - 44851161, - 21606845, - 31069622, - 4243630, - 34464392, - 11286454, - 5802022, - ), - u32x8::new( - 46710757, - 63389067, - 11642865, - 1980986, - 12967337, - 28162061, - 3854192, - 30432268, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 12179834, - 41005450, - 12809619, - 33525228, - 4624405, - 46957889, - 16968743, - 11827816, - ), - u32x8::new( - 51521162, - 12466775, - 31791271, - 15303651, - 49798465, - 62714504, - 6509600, - 12918560, - ), - u32x8::new( - 20445559, - 1756449, - 28848701, - 7920171, - 9835040, - 5900071, - 28757409, - 12376688, - ), - u32x8::new( - 18259496, - 14281012, - 21767026, - 10232236, - 20000226, - 12400540, - 4104902, - 23570543, - ), - u32x8::new( - 3687440, - 26546648, - 13328821, - 26841081, - 49822734, - 22334054, - 244496, - 24862543, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 59523541, - 62195428, - 3853227, - 13954801, - 12387708, - 47627615, - 27221350, - 17899572, - ), - u32x8::new( - 63193587, - 36343307, - 14595132, - 6880795, - 1364792, - 37648434, - 3259017, - 20536046, - ), - u32x8::new( - 30362834, - 10440372, - 9574624, - 11729232, - 63861613, - 21748389, - 5530846, - 2721586, - ), - u32x8::new( - 18339760, - 1550632, - 17170271, - 25732971, - 28459263, - 63142237, - 21642345, - 31557672, - ), - u32x8::new( - 10611282, - 5204623, - 18049257, - 214175, - 19432723, - 49809070, - 26010406, - 27449522, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 19770733, - 26478685, - 9464541, - 29158041, - 28604307, - 45196604, - 7586524, - 6641859, - ), - u32x8::new( - 65654484, - 52230498, - 30886612, - 19112823, - 47271809, - 38942611, - 16020035, - 10773481, - ), - u32x8::new( - 27464323, - 54451016, - 20646645, - 17732915, - 23008717, - 53626684, - 3253189, - 15614410, - ), - u32x8::new( - 52381752, - 40693008, - 7063024, - 28469981, - 51159478, - 44543211, - 19941777, - 5985451, - ), - u32x8::new( - 13553668, - 35524849, - 14788737, - 1883845, - 12385775, - 47958835, - 29135466, - 1776722, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 36719806, - 20827965, - 23175373, - 32996806, - 42041892, - 65708790, - 5467143, - 20884008, - ), - u32x8::new( - 43256281, - 40770646, - 17244063, - 31959819, - 64366384, - 43544617, - 25057754, - 12628720, - ), - u32x8::new( - 17337782, - 58472057, - 27906934, - 15305274, - 30292418, - 39284317, - 16946773, - 24806712, - ), - u32x8::new( - 6485126, - 32447403, - 16261486, - 13561940, - 49439635, - 10738368, - 16419889, - 8897231, - ), - u32x8::new( - 44812203, - 40122262, - 25496058, - 2759794, - 25295304, - 52178368, - 24154195, - 29334408, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 42307254, - 57217102, - 1088936, - 3832827, - 33905401, - 23130334, - 6958056, - 12622851, - ), - u32x8::new( - 3881189, - 14870059, - 19712830, - 6071598, - 38147944, - 60776394, - 3427938, - 13765703, - ), - u32x8::new( - 7666911, - 24227591, - 17077136, - 22967588, - 6874639, - 30915523, - 11451695, - 24292224, - ), - u32x8::new( - 13659529, - 31984463, - 28764736, - 20506164, - 64729627, - 49321636, - 28284636, - 25472371, - ), - u32x8::new( - 39360308, - 42281399, - 9446504, - 868960, - 49227724, - 21351115, - 30561851, - 11292096, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 7071115, - 46444090, - 5387916, - 15432877, - 27226682, - 41506862, - 2398278, - 3978240, - ), - u32x8::new( - 51009614, - 54216973, - 24368938, - 31392616, - 38456150, - 62313644, - 6729154, - 99724, - ), - u32x8::new( - 17474332, - 62857913, - 2619930, - 30659308, - 18268181, - 32809239, - 22826292, - 24561895, - ), - u32x8::new( - 38187020, - 67003092, - 14118280, - 16500577, - 18808560, - 64983716, - 25712929, - 32518261, - ), - u32x8::new( - 25735813, - 62284262, - 10824872, - 20558596, - 48149681, - 31162667, - 22608274, - 26285185, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 963440, - 63742255, - 10230323, - 25515008, - 32506414, - 6105697, - 25980317, - 24645129, - ), - u32x8::new( - 7162189, - 8101249, - 14679265, - 33443386, - 2002396, - 8541405, - 19442276, - 4795881, - ), - u32x8::new( - 8116694, - 51463069, - 4415528, - 25599140, - 55805721, - 39582709, - 6719436, - 30033839, - ), - u32x8::new( - 14468202, - 42181869, - 25188826, - 9639755, - 47546189, - 62711146, - 32762447, - 18338064, - ), - u32x8::new( - 33880058, - 32810909, - 8969931, - 13095238, - 38360605, - 40138517, - 9246134, - 4928058, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 63655588, - 17883670, - 9410246, - 26162761, - 5000571, - 7349225, - 23785252, - 32751089, - ), - u32x8::new( - 28568737, - 10733123, - 9342397, - 21570673, - 54096560, - 32467591, - 20494687, - 21511513, - ), - u32x8::new( - 47675157, - 47932807, - 29250946, - 15672208, - 59760469, - 9945465, - 14939287, - 18437405, - ), - u32x8::new( - 37985267, - 8609815, - 31573002, - 3373596, - 47828883, - 20834216, - 13248616, - 24154292, - ), - u32x8::new( - 5543543, - 29553242, - 3386453, - 30501150, - 25058089, - 15236571, - 8814395, - 32462955, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 39158670, - 15322548, - 20495103, - 3312736, - 14557171, - 12985179, - 8044741, - 3176899, - ), - u32x8::new( - 24673290, - 29693310, - 21412266, - 18324699, - 2154518, - 40329021, - 17500543, - 3954277, - ), - u32x8::new( - 36758685, - 38738957, - 165513, - 14691866, - 3070475, - 10424235, - 17096536, - 16896898, - ), - u32x8::new( - 59790459, - 43094586, - 8720681, - 10423589, - 1122030, - 31545615, - 4463786, - 31811293, - ), - u32x8::new( - 49778992, - 60881044, - 20509974, - 5832494, - 64155961, - 31483358, - 4511231, - 20307815, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 2863373, - 40876242, - 26865913, - 24067353, - 15726407, - 40919070, - 12953902, - 9931535, - ), - u32x8::new( - 60934877, - 42512204, - 21649141, - 21945190, - 52211954, - 60984193, - 7046207, - 5363493, - ), - u32x8::new( - 4205971, - 64068464, - 18197273, - 7327176, - 51527794, - 21166920, - 20669933, - 11828242, - ), - u32x8::new( - 59782815, - 49617225, - 15379924, - 457923, - 9320508, - 21498914, - 3242540, - 31563182, - ), - u32x8::new( - 27714753, - 8664670, - 3366162, - 26338598, - 56775518, - 25796006, - 13129151, - 21388876, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 59276548, - 49972346, - 16795002, - 33455915, - 48430097, - 53857205, - 18627071, - 32474471, - ), - u32x8::new( - 42160315, - 50705892, - 13530540, - 28012698, - 19833221, - 55886870, - 20191784, - 9644313, - ), - u32x8::new( - 20372416, - 28414713, - 24084234, - 31804096, - 33815377, - 36131001, - 17251241, - 18291088, - ), - u32x8::new( - 56234667, - 14920441, - 2033267, - 29572003, - 1724043, - 45519699, - 17873735, - 501988, - ), - u32x8::new( - 50031659, - 31517850, - 15697583, - 1016845, - 43104661, - 54769582, - 8008601, - 27257051, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 52951491, - 66542164, - 14853573, - 30444631, - 12045973, - 24321813, - 16545674, - 18160646, - ), - u32x8::new( - 60107911, - 1126003, - 5947677, - 19486116, - 41119984, - 30860440, - 7935395, - 13354438, - ), - u32x8::new( - 17841328, - 11063269, - 1664538, - 26687568, - 6268968, - 22280371, - 17275484, - 4523163, - ), - u32x8::new( - 15886041, - 56799482, - 15446552, - 21712778, - 1005290, - 17827215, - 4978741, - 6854882, - ), - u32x8::new( - 34319277, - 47731002, - 20321804, - 28544575, - 29591814, - 63376351, - 24754545, - 26001714, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 66783087, - 5234346, - 46102, - 8566476, - 19947339, - 20180418, - 25398238, - 3726678, - ), - u32x8::new( - 63890180, - 46380965, - 20674069, - 5366544, - 59661487, - 48406612, - 31533614, - 7071217, - ), - u32x8::new( - 13104676, - 1406631, - 24326736, - 19854367, - 61039528, - 11019904, - 31967425, - 19219275, - ), - u32x8::new( - 39003597, - 30143957, - 15351834, - 8639435, - 57309582, - 61436794, - 15830475, - 10090318, - ), - u32x8::new( - 45923044, - 6700175, - 99413, - 21263025, - 23762647, - 53905481, - 6063914, - 10065424, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 42822326, - 57678669, - 4052879, - 25452667, - 54049411, - 2373092, - 22337016, - 7701046, - ), - u32x8::new( - 44382355, - 43307377, - 16761537, - 30373573, - 49790216, - 23230748, - 25655306, - 10519391, - ), - u32x8::new( - 919475, - 59371245, - 1273450, - 25558666, - 9724711, - 8556709, - 25755845, - 10887647, - ), - u32x8::new( - 25465699, - 44651158, - 17658392, - 11257418, - 29735193, - 22885150, - 7094716, - 26828565, - ), - u32x8::new( - 48237389, - 47661599, - 27054393, - 7328070, - 27280193, - 65616691, - 23062005, - 4170709, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 26535281, - 60238317, - 30343788, - 25790743, - 37993933, - 24614372, - 9523840, - 10401918, - ), - u32x8::new( - 2783987, - 29468958, - 4697011, - 19804475, - 37246678, - 46797720, - 10261254, - 18942252, - ), - u32x8::new( - 58135580, - 60247753, - 25301938, - 6844561, - 20949454, - 39844754, - 4552026, - 919057, - ), - u32x8::new( - 6694071, - 44126261, - 32285330, - 31370180, - 24603698, - 53328179, - 13971149, - 5325636, - ), - u32x8::new( - 64879487, - 582094, - 17982081, - 19190425, - 24951286, - 26923842, - 29077174, - 33286062, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 54863941, - 67016431, - 1224043, - 23371240, - 62940074, - 52101083, - 13523637, - 30366406, - ), - u32x8::new( - 36324581, - 25407485, - 18258623, - 4698602, - 50300544, - 2658516, - 26300935, - 2611030, - ), - u32x8::new( - 27183975, - 21791014, - 18105064, - 9875199, - 58118912, - 54198635, - 6400311, - 14767984, - ), - u32x8::new( - 33918318, - 42937962, - 14809334, - 22136592, - 10636588, - 29082337, - 29829692, - 28549776, - ), - u32x8::new( - 61080905, - 854212, - 12202487, - 20004503, - 9256495, - 6903981, - 20567109, - 347423, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 41391822, - 34336880, - 22362564, - 14247996, - 12115604, - 41583344, - 7639288, - 28910945, - ), - u32x8::new( - 62066617, - 59758859, - 26665947, - 11614812, - 65737664, - 45704543, - 30324810, - 12868376, - ), - u32x8::new( - 17491771, - 43589814, - 9454919, - 26047850, - 52629282, - 39304244, - 3868968, - 19296062, - ), - u32x8::new( - 17826638, - 30413590, - 32534225, - 32741469, - 15012391, - 14365713, - 33039233, - 14791399, - ), - u32x8::new( - 64115596, - 59197067, - 32739005, - 23275744, - 32954320, - 22241406, - 20788442, - 4942942, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 31956192, - 59570132, - 2784352, - 4237732, - 47222312, - 4860927, - 18658867, - 15279314, - ), - u32x8::new( - 63240583, - 28160478, - 23524941, - 13390861, - 66437406, - 57718120, - 33345312, - 28896298, - ), - u32x8::new( - 39026193, - 46239965, - 21440243, - 25070488, - 64012383, - 60999016, - 16517060, - 29565907, - ), - u32x8::new( - 18118181, - 60161496, - 4212092, - 23976240, - 36277753, - 62363144, - 5816868, - 16964362, - ), - u32x8::new( - 18196138, - 62490693, - 281468, - 7934713, - 56027312, - 62015725, - 4837237, - 32932252, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 29885826, - 51028067, - 30418143, - 33438769, - 62542283, - 39442528, - 31535876, - 143299, - ), - u32x8::new( - 17143063, - 56709783, - 14451852, - 15782104, - 32762665, - 14047066, - 26295037, - 5432487, - ), - u32x8::new( - 75151, - 533606, - 7539077, - 30926189, - 38410914, - 23771680, - 4872443, - 29199566, - ), - u32x8::new( - 61522396, - 48934708, - 16223126, - 207380, - 11171993, - 47975147, - 14164574, - 352966, - ), - u32x8::new( - 15449006, - 56530757, - 26796528, - 12045834, - 63738697, - 40667227, - 33001582, - 9101885, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 43331297, - 18431341, - 25801195, - 17267698, - 19365485, - 57295202, - 22218985, - 21284590, - ), - u32x8::new( - 2429849, - 19152559, - 10762172, - 22564684, - 21880390, - 66866426, - 20357935, - 22641906, - ), - u32x8::new( - 19771185, - 31652693, - 3666117, - 28136958, - 23624283, - 55101502, - 6313920, - 6783662, - ), - u32x8::new( - 3487137, - 7092443, - 11001876, - 26196524, - 47319246, - 44542068, - 17594073, - 15027760, - ), - u32x8::new( - 49563607, - 32191113, - 4991283, - 25400512, - 46539152, - 4155103, - 32368171, - 201203, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 20548943, - 14334571, - 4073874, - 6368588, - 53208883, - 56484515, - 15970071, - 25561889, - ), - u32x8::new( - 49915097, - 44030795, - 11202344, - 29284344, - 60258023, - 66225712, - 8075764, - 12383512, - ), - u32x8::new( - 45248912, - 4933668, - 9592153, - 5819559, - 31030983, - 38174071, - 32435814, - 7442522, - ), - u32x8::new( - 62688129, - 48218381, - 22089545, - 12897361, - 21050881, - 34278889, - 7569163, - 3225449, - ), - u32x8::new( - 19050183, - 51089071, - 32935757, - 22640195, - 66122318, - 47144608, - 18743677, - 25177079, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 41186817, - 46681702, - 31819867, - 32997133, - 38559207, - 27147015, - 30293819, - 16762988, - ), - u32x8::new( - 24154689, - 51762873, - 23883879, - 13510519, - 55338250, - 61224161, - 11663149, - 30803960, - ), - u32x8::new( - 18104238, - 14117824, - 11724021, - 21362053, - 65704761, - 35530242, - 13498058, - 33522849, - ), - u32x8::new( - 63812888, - 23995539, - 28920539, - 24005193, - 26412223, - 36582218, - 4251418, - 26160309, - ), - u32x8::new( - 16822053, - 66064082, - 3482145, - 31979593, - 45937188, - 54475379, - 612917, - 7976478, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 46509314, - 55327128, - 8944536, - 274914, - 26432930, - 53829300, - 21192572, - 3569894, - ), - u32x8::new( - 20919764, - 64356651, - 30642344, - 17215170, - 20335124, - 11203745, - 18663316, - 19024174, - ), - u32x8::new( - 59297055, - 53842463, - 3680204, - 9806710, - 54004169, - 51484914, - 29807998, - 20134199, - ), - u32x8::new( - 14781592, - 22628010, - 26877930, - 25880359, - 30434803, - 190607, - 30184292, - 8991040, - ), - u32x8::new( - 64400983, - 64591751, - 854562, - 28216111, - 20010398, - 50414793, - 9803872, - 22687008, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 15091184, - 32550863, - 8818643, - 4244752, - 43123513, - 64565526, - 408838, - 13206998, - ), - u32x8::new( - 16405061, - 60379639, - 31489017, - 20949281, - 27568751, - 38734986, - 8364264, - 12451020, - ), - u32x8::new( - 16005217, - 58008076, - 1406778, - 26546927, - 39571784, - 56365493, - 31274296, - 8918790, - ), - u32x8::new( - 23271122, - 19453469, - 27718201, - 32742670, - 234332, - 36785342, - 22601675, - 14331046, - ), - u32x8::new( - 40636025, - 22442705, - 22115403, - 23745859, - 41164945, - 61012, - 12499614, - 542137, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 62776018, - 32835413, - 17373246, - 17187309, - 54469193, - 21770290, - 15923753, - 28996575, - ), - u32x8::new( - 59385210, - 63082298, - 12568449, - 8509004, - 9483342, - 16105238, - 5756054, - 26890758, - ), - u32x8::new( - 53987996, - 38201748, - 5521661, - 19060159, - 18663191, - 9093637, - 27786835, - 31189196, - ), - u32x8::new( - 65872678, - 43635130, - 27903055, - 25020300, - 65772737, - 38110437, - 5213502, - 21909342, - ), - u32x8::new( - 4438979, - 9680838, - 10212446, - 4764184, - 13235684, - 58245995, - 20264570, - 21024049, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 60835961, - 48209103, - 31049052, - 4688268, - 12426713, - 59829045, - 22302488, - 29008521, - ), - u32x8::new( - 50401667, - 29716596, - 23531224, - 7581281, - 49071895, - 6952617, - 14934683, - 8218256, - ), - u32x8::new( - 1601446, - 36631413, - 31774811, - 29625330, - 56786114, - 8331539, - 23129509, - 19783344, - ), - u32x8::new( - 59514327, - 64513110, - 1772300, - 5701338, - 5737511, - 16147555, - 9461515, - 5703271, - ), - u32x8::new( - 33072974, - 54300426, - 11940114, - 1308663, - 15627555, - 4931627, - 28443714, - 20924342, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 18135013, - 20358426, - 4922557, - 10015355, - 65729669, - 34786528, - 26248549, - 29194359, - ), - u32x8::new( - 797666, - 34997544, - 24316856, - 25107230, - 24612576, - 4761401, - 15307321, - 32404252, - ), - u32x8::new( - 16501152, - 60565831, - 9487105, - 9316022, - 24986054, - 31917592, - 3962024, - 2501883, - ), - u32x8::new( - 63356796, - 50432342, - 18044926, - 30566881, - 42032028, - 31415202, - 13524600, - 16119907, - ), - u32x8::new( - 3927286, - 57022374, - 9265437, - 21620772, - 19481940, - 3806938, - 24836192, - 14572399, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 10785787, - 46564798, - 368445, - 33181384, - 5319843, - 52687136, - 30347110, - 29837357, - ), - u32x8::new( - 56436732, - 47859251, - 24141084, - 22250712, - 59046084, - 4963427, - 33463413, - 17168859, - ), - u32x8::new( - 15512044, - 6366740, - 4737504, - 27644548, - 30307977, - 25037929, - 14593903, - 12836490, - ), - u32x8::new( - 63878897, - 34013023, - 5860752, - 7244096, - 3689461, - 57012135, - 18389096, - 11589351, - ), - u32x8::new( - 4682110, - 36302830, - 653422, - 22316819, - 14081831, - 5657024, - 11088376, - 24110612, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 39907267, - 45940262, - 24887471, - 18342609, - 878445, - 40456159, - 12019082, - 345107, - ), - u32x8::new( - 12794982, - 28893944, - 9447505, - 11387200, - 16961963, - 13916996, - 10893728, - 25898006, - ), - u32x8::new( - 44934162, - 53465865, - 3583620, - 1102334, - 53917811, - 63478576, - 2426066, - 10389549, - ), - u32x8::new( - 45096036, - 37595344, - 19367718, - 20257175, - 10280866, - 41653449, - 27665642, - 375926, - ), - u32x8::new( - 45847901, - 24064074, - 32494820, - 32204556, - 10720704, - 51079060, - 1297436, - 29853825, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 66303987, - 36060363, - 16494578, - 24962147, - 11971403, - 49538586, - 25060560, - 1964341, - ), - u32x8::new( - 25988481, - 27641502, - 24909517, - 27237087, - 66646363, - 52777626, - 16360849, - 10459972, - ), - u32x8::new( - 43930529, - 34374176, - 31225968, - 8807030, - 10394758, - 35904854, - 25325589, - 19335583, - ), - u32x8::new( - 25094697, - 34380951, - 20051185, - 32287161, - 11739332, - 53887441, - 30517319, - 26601892, - ), - u32x8::new( - 8868546, - 35635502, - 32513071, - 28248087, - 51946989, - 14222744, - 19198839, - 23261841, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 51218008, - 5070126, - 11046681, - 5320810, - 61212079, - 34104447, - 23895089, - 6460727, - ), - u32x8::new( - 39843528, - 46278671, - 10426120, - 25624792, - 66658766, - 37140083, - 28933107, - 12969597, - ), - u32x8::new( - 59635793, - 40220191, - 5751421, - 173680, - 58321825, - 740337, - 1412847, - 7682623, - ), - u32x8::new( - 975962, - 56440763, - 20812276, - 22631115, - 49095824, - 19883130, - 2419746, - 31043648, - ), - u32x8::new( - 66208703, - 39669328, - 22525915, - 3748897, - 65994776, - 34533552, - 8126286, - 18326047, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 64176557, - 3912400, - 19351673, - 30068471, - 31190055, - 24221683, - 33142424, - 28698542, - ), - u32x8::new( - 34784792, - 4109933, - 3867193, - 19557314, - 2112512, - 32715890, - 24550117, - 16595976, - ), - u32x8::new( - 35542761, - 48024875, - 10925431, - 31526577, - 66577735, - 23189821, - 13375709, - 1735095, - ), - u32x8::new( - 59699254, - 43854093, - 29783239, - 24777271, - 19600372, - 39924461, - 2896720, - 1472185, - ), - u32x8::new( - 56389656, - 35980854, - 33172342, - 1370336, - 23707480, - 57654949, - 7850973, - 12655016, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 38372660, - 57101970, - 7044964, - 12732710, - 57535705, - 6043201, - 30858914, - 10946592, - ), - u32x8::new( - 21023468, - 6946992, - 26403324, - 23901823, - 35695559, - 23440687, - 4763891, - 6514074, - ), - u32x8::new( - 28662273, - 30933699, - 9352242, - 26354829, - 37402243, - 3145176, - 8770289, - 525937, - ), - u32x8::new( - 54933102, - 36695832, - 3281859, - 4755022, - 23043294, - 32794379, - 15618886, - 23602412, - ), - u32x8::new( - 9931565, - 29897140, - 2480737, - 24193701, - 7833615, - 2284939, - 893926, - 13421882, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 22917795, - 22088359, - 28978099, - 19794863, - 60542318, - 29878494, - 31053731, - 9080720, - ), - u32x8::new( - 23679072, - 52547035, - 28424916, - 20647332, - 4008761, - 28267029, - 12961289, - 1589095, - ), - u32x8::new( - 55616194, - 26678929, - 14998265, - 23274397, - 54625466, - 46244264, - 28627706, - 33030665, - ), - u32x8::new( - 11527330, - 6449415, - 26531607, - 3472938, - 41541592, - 62607682, - 19862690, - 20564723, - ), - u32x8::new( - 32843805, - 49066843, - 28425824, - 19521495, - 48792073, - 48242878, - 27392443, - 13175986, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 16185025, - 61537525, - 2961305, - 1492442, - 25123147, - 3095034, - 31896958, - 33089615, - ), - u32x8::new( - 64748157, - 18336595, - 16522231, - 25426312, - 65718949, - 35485695, - 30554083, - 10205918, - ), - u32x8::new( - 39626934, - 39271045, - 16420458, - 9826240, - 56483981, - 27128085, - 3783403, - 13360006, - ), - u32x8::new( - 30793778, - 66771960, - 17241420, - 6564573, - 61102581, - 29974476, - 32385512, - 9011754, - ), - u32x8::new( - 28068166, - 11862220, - 14323567, - 12380617, - 52090465, - 16029056, - 24495309, - 21409233, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 59411973, - 57437124, - 11695483, - 17586857, - 16108987, - 43449109, - 31098002, - 6248476, - ), - u32x8::new( - 42258047, - 61595931, - 29308533, - 11742653, - 43042345, - 27373650, - 30165249, - 21929989, - ), - u32x8::new( - 49907221, - 9620337, - 21888081, - 20981082, - 56288861, - 61562203, - 33223566, - 3582446, - ), - u32x8::new( - 57535017, - 41003416, - 22080416, - 14463796, - 65518565, - 18127889, - 24370863, - 33332664, - ), - u32x8::new( - 66655380, - 6430175, - 471782, - 11947673, - 30596400, - 18898659, - 15930721, - 4211851, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 6757410, - 65455566, - 13584784, - 11362173, - 10797127, - 24451471, - 19541370, - 29309435, - ), - u32x8::new( - 40360156, - 17685025, - 18326181, - 3846903, - 13693365, - 63049479, - 31900359, - 23385063, - ), - u32x8::new( - 52455038, - 57513503, - 22163311, - 27095042, - 48610726, - 66454160, - 12085341, - 26357004, - ), - u32x8::new( - 22097042, - 14063840, - 6705778, - 14342902, - 66139825, - 20702105, - 31279090, - 7495745, - ), - u32x8::new( - 27360710, - 49314837, - 18774847, - 7146436, - 37066216, - 42004961, - 22409916, - 10524446, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 1497507, - 33054449, - 11839906, - 2960428, - 40538463, - 18884538, - 25018820, - 4073970, - ), - u32x8::new( - 54484385, - 43640735, - 2808257, - 20710708, - 39840730, - 27222424, - 21783544, - 11848522, - ), - u32x8::new( - 45765237, - 48200555, - 9299019, - 9393151, - 34818188, - 56098995, - 13575233, - 21012731, - ), - u32x8::new( - 4265428, - 49627650, - 24960282, - 9425650, - 47883651, - 2797524, - 11853190, - 22877329, - ), - u32x8::new( - 25008173, - 64199503, - 380047, - 12107343, - 12329448, - 11914399, - 764281, - 29687002, - ), - ])), - CachedPoint(FieldElement2625x4([ - u32x8::new( - 35889734, - 23047226, - 4022841, - 7017445, - 7274086, - 53316179, - 25100176, - 15310676, - ), - u32x8::new( - 42409427, - 30270106, - 6823853, - 31551384, - 40645017, - 66489807, - 18021817, - 32669351, - ), - u32x8::new( - 39827134, - 43680850, - 28297996, - 20258133, - 26058742, - 52643238, - 22238331, - 21690533, - ), - u32x8::new( - 60808002, - 17499995, - 30042246, - 29310584, - 48219954, - 29389518, - 8680514, - 17844709, - ), - u32x8::new( - 6452896, - 50116553, - 9532047, - 26821214, - 44524351, - 50428429, - 21904953, - 12608048, - ), - ])), -]); diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/edwards.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/edwards.rs deleted file mode 100644 index 821d5161384d..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/edwards.rs +++ /dev/null @@ -1,545 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Parallel Edwards Arithmetic for Curve25519. -//! -//! This module currently has two point types: -//! -//! * `ExtendedPoint`: a point stored in vector-friendly format, with -//! vectorized doubling and addition; -//! -//! * `CachedPoint`: used for readdition. -//! -//! Details on the formulas can be found in the documentation for the -//! parent `avx2` module. -//! -//! This API is designed to be safe: vectorized points can only be -//! created from serial points (which do validation on decompression), -//! and operations on valid points return valid points, so invalid -//! point states should be unrepresentable. -//! -//! This design goal is met, with one exception: the `Neg` -//! implementation for the `CachedPoint` performs a lazy negation, so -//! that subtraction can be efficiently implemented as a negation and -//! an addition. Repeatedly negating a `CachedPoint` will cause its -//! coefficients to grow and eventually overflow. Repeatedly negating -//! a point should not be necessary anyways. - -#![allow(non_snake_case)] - -use core::convert::From; -use core::ops::{Add, Neg, Sub}; - -use subtle::Choice; -use subtle::ConditionallySelectable; - -use edwards; -use window::{LookupTable, NafLookupTable5, NafLookupTable8}; - -use traits::Identity; - -use super::constants; -use super::field::{FieldElement2625x4, Lanes, Shuffle}; - -/// A point on Curve25519, using parallel Edwards formulas for curve -/// operations. -/// -/// # Invariant -/// -/// The coefficients of an `ExtendedPoint` are bounded with -/// \\( b < 0.007 \\). -#[derive(Copy, Clone, Debug)] -pub struct ExtendedPoint(pub(super) FieldElement2625x4); - -impl From for ExtendedPoint { - fn from(P: edwards::EdwardsPoint) -> ExtendedPoint { - ExtendedPoint(FieldElement2625x4::new(&P.X, &P.Y, &P.Z, &P.T)) - } -} - -impl From for edwards::EdwardsPoint { - fn from(P: ExtendedPoint) -> edwards::EdwardsPoint { - let tmp = P.0.split(); - edwards::EdwardsPoint { - X: tmp[0], - Y: tmp[1], - Z: tmp[2], - T: tmp[3], - } - } -} - -impl ConditionallySelectable for ExtendedPoint { - fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { - ExtendedPoint(FieldElement2625x4::conditional_select(&a.0, &b.0, choice)) - } - - fn conditional_assign(&mut self, other: &Self, choice: Choice) { - self.0.conditional_assign(&other.0, choice); - } -} - -impl Default for ExtendedPoint { - fn default() -> ExtendedPoint { - ExtendedPoint::identity() - } -} - -impl Identity for ExtendedPoint { - fn identity() -> ExtendedPoint { - constants::EXTENDEDPOINT_IDENTITY - } -} - -impl ExtendedPoint { - /// Compute the double of this point. - pub fn double(&self) -> ExtendedPoint { - // Want to compute (X1 Y1 Z1 X1+Y1). - // Not sure how to do this less expensively than computing - // (X1 Y1 Z1 T1) --(256bit shuffle)--> (X1 Y1 X1 Y1) - // (X1 Y1 X1 Y1) --(2x128b shuffle)--> (Y1 X1 Y1 X1) - // and then adding. - - // Set tmp0 = (X1 Y1 X1 Y1) - let mut tmp0 = self.0.shuffle(Shuffle::ABAB); - - // Set tmp1 = (Y1 X1 Y1 X1) - let mut tmp1 = tmp0.shuffle(Shuffle::BADC); - - // Set tmp0 = (X1 Y1 Z1 X1+Y1) - tmp0 = self.0.blend(tmp0 + tmp1, Lanes::D); - - // Set tmp1 = tmp0^2, negating the D values - tmp1 = tmp0.square_and_negate_D(); - // Now tmp1 = (S1 S2 S3 -S4) with b < 0.007 - - // See discussion of bounds in the module-level documentation. - // We want to compute - // - // + | S1 | S1 | S1 | S1 | - // + | S2 | | | S2 | - // + | | | S3 | | - // + | | | S3 | | - // + | | | |-S4 | - // + | | 2p | 2p | | - // - | | S2 | S2 | | - // ======================= - // S5 S6 S8 S9 - - let zero = FieldElement2625x4::zero(); - let S_1 = tmp1.shuffle(Shuffle::AAAA); - let S_2 = tmp1.shuffle(Shuffle::BBBB); - - tmp0 = zero.blend(tmp1 + tmp1, Lanes::C); - // tmp0 = (0, 0, 2S_3, 0) - tmp0 = tmp0.blend(tmp1, Lanes::D); - // tmp0 = (0, 0, 2S_3, -S_4) - tmp0 = tmp0 + S_1; - // tmp0 = ( S_1, S_1, S_1 + 2S_3, S_1 - S_4) - tmp0 = tmp0 + zero.blend(S_2, Lanes::AD); - // tmp0 = (S_1 + S_2, S_1, S_1 + 2S_3, S_1 + S_2 - S_4) - tmp0 = tmp0 + zero.blend(S_2.negate_lazy(), Lanes::BC); - // tmp0 = (S_1 + S_2, S_1 - S_2, S_1 - S_2 + 2S_3, S_1 + S_2 - S_4) - // b < ( 1.01, 1.6, 2.33, 1.6) - // Now tmp0 = (S_5, S_6, S_8, S_9) - - // Set tmp1 = ( S_9, S_6, S_6, S_9) - // b < ( 1.6, 1.6, 1.6, 1.6) - tmp1 = tmp0.shuffle(Shuffle::DBBD); - // Set tmp0 = ( S_8, S_5, S_8, S_5) - // b < (2.33, 1.01, 2.33, 1.01) - tmp0 = tmp0.shuffle(Shuffle::CACA); - - // Bounds on (tmp0, tmp1) are (2.33, 1.6) < (2.5, 1.75). - ExtendedPoint(&tmp0 * &tmp1) - } - - pub fn mul_by_pow_2(&self, k: u32) -> ExtendedPoint { - let mut tmp: ExtendedPoint = *self; - for _ in 0..k { - tmp = tmp.double(); - } - tmp - } -} - -/// A cached point with some precomputed variables used for readdition. -/// -/// # Warning -/// -/// It is not safe to negate this point more than once. -/// -/// # Invariant -/// -/// As long as the `CachedPoint` is not repeatedly negated, its -/// coefficients will be bounded with \\( b < 1.0 \\). -#[derive(Copy, Clone, Debug)] -pub struct CachedPoint(pub(super) FieldElement2625x4); - -impl From for CachedPoint { - fn from(P: ExtendedPoint) -> CachedPoint { - let mut x = P.0; - - x = x.blend(x.diff_sum(), Lanes::AB); - // x = (Y2 - X2, Y2 + X2, Z2, T2) = (S2 S3 Z2 T2) - - x = x * (121666, 121666, 2 * 121666, 2 * 121665); - // x = (121666*S2 121666*S3 2*121666*Z2 2*121665*T2) - - x = x.blend(-x, Lanes::D); - // x = (121666*S2 121666*S3 2*121666*Z2 -2*121665*T2) - - // The coefficients of the output are bounded with b < 0.007. - CachedPoint(x) - } -} - -impl Default for CachedPoint { - fn default() -> CachedPoint { - CachedPoint::identity() - } -} - -impl Identity for CachedPoint { - fn identity() -> CachedPoint { - constants::CACHEDPOINT_IDENTITY - } -} - -impl ConditionallySelectable for CachedPoint { - fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { - CachedPoint(FieldElement2625x4::conditional_select(&a.0, &b.0, choice)) - } - - fn conditional_assign(&mut self, other: &Self, choice: Choice) { - self.0.conditional_assign(&other.0, choice); - } -} - -impl<'a> Neg for &'a CachedPoint { - type Output = CachedPoint; - /// Lazily negate the point. - /// - /// # Warning - /// - /// Because this method does not perform a reduction, it is not - /// safe to repeatedly negate a point. - fn neg(self) -> CachedPoint { - let swapped = self.0.shuffle(Shuffle::BACD); - CachedPoint(swapped.blend(swapped.negate_lazy(), Lanes::D)) - } -} - -impl<'a, 'b> Add<&'b CachedPoint> for &'a ExtendedPoint { - type Output = ExtendedPoint; - - /// Add an `ExtendedPoint` and a `CachedPoint`. - fn add(self, other: &'b CachedPoint) -> ExtendedPoint { - // The coefficients of an `ExtendedPoint` are reduced after - // every operation. If the `CachedPoint` was negated, its - // coefficients grow by one bit. So on input, `self` is - // bounded with `b < 0.007` and `other` is bounded with - // `b < 1.0`. - - let mut tmp = self.0; - - tmp = tmp.blend(tmp.diff_sum(), Lanes::AB); - // tmp = (Y1-X1 Y1+X1 Z1 T1) = (S0 S1 Z1 T1) with b < 1.6 - - // (tmp, other) bounded with b < (1.6, 1.0) < (2.5, 1.75). - tmp = &tmp * &other.0; - // tmp = (S0*S2' S1*S3' Z1*Z2' T1*T2') = (S8 S9 S10 S11) - - tmp = tmp.shuffle(Shuffle::ABDC); - // tmp = (S8 S9 S11 S10) - - tmp = tmp.diff_sum(); - // tmp = (S9-S8 S9+S8 S10-S11 S10+S11) = (S12 S13 S14 S15) - - let t0 = tmp.shuffle(Shuffle::ADDA); - // t0 = (S12 S15 S15 S12) - let t1 = tmp.shuffle(Shuffle::CBCB); - // t1 = (S14 S13 S14 S13) - - // All coefficients of t0, t1 are bounded with b < 1.6. - // Return (S12*S14 S15*S13 S15*S14 S12*S13) = (X3 Y3 Z3 T3) - ExtendedPoint(&t0 * &t1) - } -} - -impl<'a, 'b> Sub<&'b CachedPoint> for &'a ExtendedPoint { - type Output = ExtendedPoint; - - /// Implement subtraction by negating the point and adding. - /// - /// Empirically, this seems about the same cost as a custom - /// subtraction impl (maybe because the benefit is cancelled by - /// increased code size?) - fn sub(self, other: &'b CachedPoint) -> ExtendedPoint { - self + &(-other) - } -} - -impl<'a> From<&'a edwards::EdwardsPoint> for LookupTable { - fn from(point: &'a edwards::EdwardsPoint) -> Self { - let P = ExtendedPoint::from(*point); - let mut points = [CachedPoint::from(P); 8]; - for i in 0..7 { - points[i + 1] = (&P + &points[i]).into(); - } - LookupTable(points) - } -} - -impl<'a> From<&'a edwards::EdwardsPoint> for NafLookupTable5 { - fn from(point: &'a edwards::EdwardsPoint) -> Self { - let A = ExtendedPoint::from(*point); - let mut Ai = [CachedPoint::from(A); 8]; - let A2 = A.double(); - for i in 0..7 { - Ai[i + 1] = (&A2 + &Ai[i]).into(); - } - // Now Ai = [A, 3A, 5A, 7A, 9A, 11A, 13A, 15A] - NafLookupTable5(Ai) - } -} - -impl<'a> From<&'a edwards::EdwardsPoint> for NafLookupTable8 { - fn from(point: &'a edwards::EdwardsPoint) -> Self { - let A = ExtendedPoint::from(*point); - let mut Ai = [CachedPoint::from(A); 64]; - let A2 = A.double(); - for i in 0..63 { - Ai[i + 1] = (&A2 + &Ai[i]).into(); - } - // Now Ai = [A, 3A, 5A, 7A, 9A, 11A, 13A, 15A, ..., 127A] - NafLookupTable8(Ai) - } -} - -#[cfg(test)] -mod test { - use super::*; - - fn serial_add(P: edwards::EdwardsPoint, Q: edwards::EdwardsPoint) -> edwards::EdwardsPoint { - use backend::serial::u64::field::FieldElement51; - - let (X1, Y1, Z1, T1) = (P.X, P.Y, P.Z, P.T); - let (X2, Y2, Z2, T2) = (Q.X, Q.Y, Q.Z, Q.T); - - macro_rules! print_var { - ($x:ident) => { - println!("{} = {:?}", stringify!($x), $x.to_bytes()); - }; - } - - let S0 = &Y1 - &X1; // R1 - let S1 = &Y1 + &X1; // R3 - let S2 = &Y2 - &X2; // R2 - let S3 = &Y2 + &X2; // R4 - print_var!(S0); - print_var!(S1); - print_var!(S2); - print_var!(S3); - println!(""); - - let S4 = &S0 * &S2; // R5 = R1 * R2 - let S5 = &S1 * &S3; // R6 = R3 * R4 - let S6 = &Z1 * &Z2; // R8 - let S7 = &T1 * &T2; // R7 - print_var!(S4); - print_var!(S5); - print_var!(S6); - print_var!(S7); - println!(""); - - let S8 = &S4 * &FieldElement51([ 121666,0,0,0,0]); // R5 - let S9 = &S5 * &FieldElement51([ 121666,0,0,0,0]); // R6 - let S10 = &S6 * &FieldElement51([2*121666,0,0,0,0]); // R8 - let S11 = &S7 * &(-&FieldElement51([2*121665,0,0,0,0])); // R7 - print_var!(S8); - print_var!(S9); - print_var!(S10); - print_var!(S11); - println!(""); - - let S12 = &S9 - &S8; // R1 - let S13 = &S9 + &S8; // R4 - let S14 = &S10 - &S11; // R2 - let S15 = &S10 + &S11; // R3 - print_var!(S12); - print_var!(S13); - print_var!(S14); - print_var!(S15); - println!(""); - - let X3 = &S12 * &S14; // R1 * R2 - let Y3 = &S15 * &S13; // R3 * R4 - let Z3 = &S15 * &S14; // R2 * R3 - let T3 = &S12 * &S13; // R1 * R4 - - edwards::EdwardsPoint { - X: X3, - Y: Y3, - Z: Z3, - T: T3, - } - } - - fn addition_test_helper(P: edwards::EdwardsPoint, Q: edwards::EdwardsPoint) { - // Test the serial implementation of the parallel addition formulas - let R_serial: edwards::EdwardsPoint = serial_add(P.into(), Q.into()).into(); - - // Test the vector implementation of the parallel readdition formulas - let cached_Q = CachedPoint::from(ExtendedPoint::from(Q)); - let R_vector: edwards::EdwardsPoint = (&ExtendedPoint::from(P) + &cached_Q).into(); - let S_vector: edwards::EdwardsPoint = (&ExtendedPoint::from(P) - &cached_Q).into(); - - println!("Testing point addition:"); - println!("P = {:?}", P); - println!("Q = {:?}", Q); - println!("cached Q = {:?}", cached_Q); - println!("R = P + Q = {:?}", &P + &Q); - println!("R_serial = {:?}", R_serial); - println!("R_vector = {:?}", R_vector); - println!("S = P - Q = {:?}", &P - &Q); - println!("S_vector = {:?}", S_vector); - assert_eq!(R_serial.compress(), (&P + &Q).compress()); - assert_eq!(R_vector.compress(), (&P + &Q).compress()); - assert_eq!(S_vector.compress(), (&P - &Q).compress()); - println!("OK!\n"); - } - - #[test] - fn vector_addition_vs_serial_addition_vs_edwards_extendedpoint() { - use constants; - use scalar::Scalar; - - println!("Testing id +- id"); - let P = edwards::EdwardsPoint::identity(); - let Q = edwards::EdwardsPoint::identity(); - addition_test_helper(P, Q); - - println!("Testing id +- B"); - let P = edwards::EdwardsPoint::identity(); - let Q = constants::ED25519_BASEPOINT_POINT; - addition_test_helper(P, Q); - - println!("Testing B +- B"); - let P = constants::ED25519_BASEPOINT_POINT; - let Q = constants::ED25519_BASEPOINT_POINT; - addition_test_helper(P, Q); - - println!("Testing B +- kB"); - let P = constants::ED25519_BASEPOINT_POINT; - let Q = &constants::ED25519_BASEPOINT_TABLE * &Scalar::from(8475983829u64); - addition_test_helper(P, Q); - } - - fn serial_double(P: edwards::EdwardsPoint) -> edwards::EdwardsPoint { - let (X1, Y1, Z1, _T1) = (P.X, P.Y, P.Z, P.T); - - macro_rules! print_var { - ($x:ident) => { - println!("{} = {:?}", stringify!($x), $x.to_bytes()); - }; - } - - let S0 = &X1 + &Y1; // R1 - print_var!(S0); - println!(""); - - let S1 = X1.square(); - let S2 = Y1.square(); - let S3 = Z1.square(); - let S4 = S0.square(); - print_var!(S1); - print_var!(S2); - print_var!(S3); - print_var!(S4); - println!(""); - - let S5 = &S1 + &S2; - let S6 = &S1 - &S2; - let S7 = &S3 + &S3; - let S8 = &S7 + &S6; - let S9 = &S5 - &S4; - print_var!(S5); - print_var!(S6); - print_var!(S7); - print_var!(S8); - print_var!(S9); - println!(""); - - let X3 = &S8 * &S9; - let Y3 = &S5 * &S6; - let Z3 = &S8 * &S6; - let T3 = &S5 * &S9; - - edwards::EdwardsPoint { - X: X3, - Y: Y3, - Z: Z3, - T: T3, - } - } - - fn doubling_test_helper(P: edwards::EdwardsPoint) { - let R1: edwards::EdwardsPoint = serial_double(P.into()).into(); - let R2: edwards::EdwardsPoint = ExtendedPoint::from(P).double().into(); - println!("Testing point doubling:"); - println!("P = {:?}", P); - println!("(serial) R1 = {:?}", R1); - println!("(vector) R2 = {:?}", R2); - println!("P + P = {:?}", &P + &P); - assert_eq!(R1.compress(), (&P + &P).compress()); - assert_eq!(R2.compress(), (&P + &P).compress()); - println!("OK!\n"); - } - - #[test] - fn vector_doubling_vs_serial_doubling_vs_edwards_extendedpoint() { - use constants; - use scalar::Scalar; - - println!("Testing [2]id"); - let P = edwards::EdwardsPoint::identity(); - doubling_test_helper(P); - - println!("Testing [2]B"); - let P = constants::ED25519_BASEPOINT_POINT; - doubling_test_helper(P); - - println!("Testing [2]([k]B)"); - let P = &constants::ED25519_BASEPOINT_TABLE * &Scalar::from(8475983829u64); - doubling_test_helper(P); - } - - #[test] - fn basepoint_odd_lookup_table_verify() { - use constants; - use backend::vector::avx2::constants::{BASEPOINT_ODD_LOOKUP_TABLE}; - - let basepoint_odd_table = NafLookupTable8::::from(&constants::ED25519_BASEPOINT_POINT); - println!("basepoint_odd_lookup_table = {:?}", basepoint_odd_table); - - let table_B = &BASEPOINT_ODD_LOOKUP_TABLE; - for (b_vec, base_vec) in table_B.0.iter().zip(basepoint_odd_table.0.iter()) { - let b_splits = b_vec.0.split(); - let base_splits = base_vec.0.split(); - - assert_eq!(base_splits[0], b_splits[0]); - assert_eq!(base_splits[1], b_splits[1]); - assert_eq!(base_splits[2], b_splits[2]); - assert_eq!(base_splits[3], b_splits[3]); - } - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/field.rs deleted file mode 100644 index 94a06eebd051..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/field.rs +++ /dev/null @@ -1,986 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! An implementation of 4-way vectorized 32bit field arithmetic using -//! AVX2. -//! -//! The `FieldElement2625x4` struct provides a vector of four field -//! elements, implemented using AVX2 operations. Its API is designed -//! to abstract away the platform-dependent details, so that point -//! arithmetic can be implemented only in terms of a vector of field -//! elements. -//! -//! At this level, the API is optimized for speed and not safety. The -//! `FieldElement2625x4` does not always perform reductions. The pre- -//! and post-conditions on the bounds of the coefficients are -//! documented for each method, but it is the caller's responsibility -//! to ensure that there are no overflows. - -#![allow(non_snake_case)] - -const A_LANES: u8 = 0b0000_0101; -const B_LANES: u8 = 0b0000_1010; -const C_LANES: u8 = 0b0101_0000; -const D_LANES: u8 = 0b1010_0000; - -#[allow(unused)] -const A_LANES64: u8 = 0b00_00_00_11; -#[allow(unused)] -const B_LANES64: u8 = 0b00_00_11_00; -#[allow(unused)] -const C_LANES64: u8 = 0b00_11_00_00; -#[allow(unused)] -const D_LANES64: u8 = 0b11_00_00_00; - -use core::ops::{Add, Mul, Neg}; -use packed_simd::{i32x8, u32x8, u64x4, IntoBits}; - -use backend::vector::avx2::constants::{P_TIMES_16_HI, P_TIMES_16_LO, P_TIMES_2_HI, P_TIMES_2_LO}; -use backend::serial::u64::field::FieldElement51; - -/// Unpack 32-bit lanes into 64-bit lanes: -/// ```ascii,no_run -/// (a0, b0, a1, b1, c0, d0, c1, d1) -/// ``` -/// into -/// ```ascii,no_run -/// (a0, 0, b0, 0, c0, 0, d0, 0) -/// (a1, 0, b1, 0, c1, 0, d1, 0) -/// ``` -#[inline(always)] -fn unpack_pair(src: u32x8) -> (u32x8, u32x8) { - let a: u32x8; - let b: u32x8; - let zero = i32x8::new(0, 0, 0, 0, 0, 0, 0, 0); - unsafe { - use core::arch::x86_64::_mm256_unpackhi_epi32; - use core::arch::x86_64::_mm256_unpacklo_epi32; - a = _mm256_unpacklo_epi32(src.into_bits(), zero.into_bits()).into_bits(); - b = _mm256_unpackhi_epi32(src.into_bits(), zero.into_bits()).into_bits(); - } - (a, b) -} - -/// Repack 64-bit lanes into 32-bit lanes: -/// ```ascii,no_run -/// (a0, 0, b0, 0, c0, 0, d0, 0) -/// (a1, 0, b1, 0, c1, 0, d1, 0) -/// ``` -/// into -/// ```ascii,no_run -/// (a0, b0, a1, b1, c0, d0, c1, d1) -/// ``` -#[inline(always)] -fn repack_pair(x: u32x8, y: u32x8) -> u32x8 { - unsafe { - use core::arch::x86_64::_mm256_blend_epi32; - use core::arch::x86_64::_mm256_shuffle_epi32; - - // Input: x = (a0, 0, b0, 0, c0, 0, d0, 0) - // Input: y = (a1, 0, b1, 0, c1, 0, d1, 0) - - let x_shuffled = _mm256_shuffle_epi32(x.into_bits(), 0b11_01_10_00); - let y_shuffled = _mm256_shuffle_epi32(y.into_bits(), 0b10_00_11_01); - - // x' = (a0, b0, 0, 0, c0, d0, 0, 0) - // y' = ( 0, 0, a1, b1, 0, 0, c1, d1) - - return _mm256_blend_epi32(x_shuffled, y_shuffled, 0b11001100).into_bits(); - } -} - -/// The `Lanes` enum represents a subset of the lanes `A,B,C,D` of a -/// `FieldElement2625x4`. -/// -/// It's used to specify blend operations without -/// having to know details about the data layout of the -/// `FieldElement2625x4`. -#[derive(Copy, Clone, Debug)] -pub enum Lanes { - C, - D, - AB, - AC, - CD, - AD, - BC, - ABCD, -} - -/// The `Shuffle` enum represents a shuffle of a `FieldElement2625x4`. -/// -/// The enum variants are named by what they do to a vector \\( -/// (A,B,C,D) \\); for instance, `Shuffle::BADC` turns \\( (A, B, C, -/// D) \\) into \\( (B, A, D, C) \\). -#[derive(Copy, Clone, Debug)] -pub enum Shuffle { - AAAA, - BBBB, - CACA, - DBBD, - ADDA, - CBCB, - ABAB, - BADC, - BACD, - ABDC, -} - -/// A vector of four field elements. -/// -/// Each operation on a `FieldElement2625x4` has documented effects on -/// the bounds of the coefficients. This API is designed for speed -/// and not safety; it is the caller's responsibility to ensure that -/// the post-conditions of one operation are compatible with the -/// pre-conditions of the next. -#[derive(Clone, Copy, Debug)] -pub struct FieldElement2625x4(pub(crate) [u32x8; 5]); - -use subtle::Choice; -use subtle::ConditionallySelectable; - -impl ConditionallySelectable for FieldElement2625x4 { - fn conditional_select( - a: &FieldElement2625x4, - b: &FieldElement2625x4, - choice: Choice, - ) -> FieldElement2625x4 { - let mask = (-(choice.unwrap_u8() as i32)) as u32; - let mask_vec = u32x8::splat(mask); - FieldElement2625x4([ - a.0[0] ^ (mask_vec & (a.0[0] ^ b.0[0])), - a.0[1] ^ (mask_vec & (a.0[1] ^ b.0[1])), - a.0[2] ^ (mask_vec & (a.0[2] ^ b.0[2])), - a.0[3] ^ (mask_vec & (a.0[3] ^ b.0[3])), - a.0[4] ^ (mask_vec & (a.0[4] ^ b.0[4])), - ]) - } - - fn conditional_assign( - &mut self, - other: &FieldElement2625x4, - choice: Choice, - ) { - let mask = (-(choice.unwrap_u8() as i32)) as u32; - let mask_vec = u32x8::splat(mask); - self.0[0] ^= mask_vec & (self.0[0] ^ other.0[0]); - self.0[1] ^= mask_vec & (self.0[1] ^ other.0[1]); - self.0[2] ^= mask_vec & (self.0[2] ^ other.0[2]); - self.0[3] ^= mask_vec & (self.0[3] ^ other.0[3]); - self.0[4] ^= mask_vec & (self.0[4] ^ other.0[4]); - } -} - -impl FieldElement2625x4 { - /// Split this vector into an array of four (serial) field - /// elements. - pub fn split(&self) -> [FieldElement51; 4] { - let mut out = [FieldElement51::zero(); 4]; - for i in 0..5 { - let a_2i = self.0[i].extract(0) as u64; // - let b_2i = self.0[i].extract(1) as u64; // - let a_2i_1 = self.0[i].extract(2) as u64; // `. - let b_2i_1 = self.0[i].extract(3) as u64; // | pre-swapped to avoid - let c_2i = self.0[i].extract(4) as u64; // | a cross lane shuffle - let d_2i = self.0[i].extract(5) as u64; // .' - let c_2i_1 = self.0[i].extract(6) as u64; // - let d_2i_1 = self.0[i].extract(7) as u64; // - - out[0].0[i] = a_2i + (a_2i_1 << 26); - out[1].0[i] = b_2i + (b_2i_1 << 26); - out[2].0[i] = c_2i + (c_2i_1 << 26); - out[3].0[i] = d_2i + (d_2i_1 << 26); - } - - out - } - - /// Rearrange the elements of this vector according to `control`. - /// - /// The `control` parameter should be a compile-time constant, so - /// that when this function is inlined, LLVM is able to lower the - /// shuffle using an immediate. - #[inline] - pub fn shuffle(&self, control: Shuffle) -> FieldElement2625x4 { - #[inline(always)] - fn shuffle_lanes(x: u32x8, control: Shuffle) -> u32x8 { - unsafe { - use core::arch::x86_64::_mm256_permutevar8x32_epi32; - - let c: u32x8 = match control { - Shuffle::AAAA => u32x8::new(0, 0, 2, 2, 0, 0, 2, 2), - Shuffle::BBBB => u32x8::new(1, 1, 3, 3, 1, 1, 3, 3), - Shuffle::CACA => u32x8::new(4, 0, 6, 2, 4, 0, 6, 2), - Shuffle::DBBD => u32x8::new(5, 1, 7, 3, 1, 5, 3, 7), - Shuffle::ADDA => u32x8::new(0, 5, 2, 7, 5, 0, 7, 2), - Shuffle::CBCB => u32x8::new(4, 1, 6, 3, 4, 1, 6, 3), - Shuffle::ABAB => u32x8::new(0, 1, 2, 3, 0, 1, 2, 3), - Shuffle::BADC => u32x8::new(1, 0, 3, 2, 5, 4, 7, 6), - Shuffle::BACD => u32x8::new(1, 0, 3, 2, 4, 5, 6, 7), - Shuffle::ABDC => u32x8::new(0, 1, 2, 3, 5, 4, 7, 6), - }; - // Note that this gets turned into a generic LLVM - // shuffle-by-constants, which can be lowered to a simpler - // instruction than a generic permute. - _mm256_permutevar8x32_epi32(x.into_bits(), c.into_bits()).into_bits() - } - } - - FieldElement2625x4([ - shuffle_lanes(self.0[0], control), - shuffle_lanes(self.0[1], control), - shuffle_lanes(self.0[2], control), - shuffle_lanes(self.0[3], control), - shuffle_lanes(self.0[4], control), - ]) - } - - /// Blend `self` with `other`, taking lanes specified in `control` from `other`. - /// - /// The `control` parameter should be a compile-time constant, so - /// that this function can be inlined and LLVM can lower it to a - /// blend instruction using an immediate. - #[inline] - pub fn blend(&self, other: FieldElement2625x4, control: Lanes) -> FieldElement2625x4 { - #[inline(always)] - fn blend_lanes(x: u32x8, y: u32x8, control: Lanes) -> u32x8 { - unsafe { - use core::arch::x86_64::_mm256_blend_epi32; - - // This would be much cleaner if we could factor out the match - // statement on the control. Unfortunately, rustc forgets - // constant-info very quickly, so we can't even write - // ``` - // match control { - // Lanes::C => { - // let imm = C_LANES as i32; - // _mm256_blend_epi32(..., imm) - // ``` - // let alone - // ``` - // let imm = match control { - // Lanes::C => C_LANES as i32, - // } - // _mm256_blend_epi32(..., imm) - // ``` - // even though both of these would be constant-folded by LLVM - // at a lower level (as happens in the shuffle implementation, - // which does not require a shuffle immediate but *is* lowered - // to immediate shuffles anyways). - match control { - Lanes::C => { - _mm256_blend_epi32(x.into_bits(), y.into_bits(), C_LANES as i32).into_bits() - } - Lanes::D => { - _mm256_blend_epi32(x.into_bits(), y.into_bits(), D_LANES as i32).into_bits() - } - Lanes::AD => { - _mm256_blend_epi32(x.into_bits(), y.into_bits(), (A_LANES | D_LANES) as i32) - .into_bits() - } - Lanes::AB => { - _mm256_blend_epi32(x.into_bits(), y.into_bits(), (A_LANES | B_LANES) as i32) - .into_bits() - } - Lanes::AC => { - _mm256_blend_epi32(x.into_bits(), y.into_bits(), (A_LANES | C_LANES) as i32) - .into_bits() - } - Lanes::CD => { - _mm256_blend_epi32(x.into_bits(), y.into_bits(), (C_LANES | D_LANES) as i32) - .into_bits() - } - Lanes::BC => { - _mm256_blend_epi32(x.into_bits(), y.into_bits(), (B_LANES | C_LANES) as i32) - .into_bits() - } - Lanes::ABCD => _mm256_blend_epi32( - x.into_bits(), - y.into_bits(), - (A_LANES | B_LANES | C_LANES | D_LANES) as i32, - ).into_bits(), - } - } - } - - FieldElement2625x4([ - blend_lanes(self.0[0], other.0[0], control), - blend_lanes(self.0[1], other.0[1], control), - blend_lanes(self.0[2], other.0[2], control), - blend_lanes(self.0[3], other.0[3], control), - blend_lanes(self.0[4], other.0[4], control), - ]) - } - - /// Construct a vector of zeros. - pub fn zero() -> FieldElement2625x4 { - FieldElement2625x4([u32x8::splat(0); 5]) - } - - /// Convenience wrapper around `new(x,x,x,x)`. - pub fn splat(x: &FieldElement51) -> FieldElement2625x4 { - FieldElement2625x4::new(x, x, x, x) - } - - /// Create a `FieldElement2625x4` from four `FieldElement51`s. - /// - /// # Postconditions - /// - /// The resulting `FieldElement2625x4` is bounded with \\( b < 0.0002 \\). - pub fn new( - x0: &FieldElement51, - x1: &FieldElement51, - x2: &FieldElement51, - x3: &FieldElement51, - ) -> FieldElement2625x4 { - let mut buf = [u32x8::splat(0); 5]; - let low_26_bits = (1 << 26) - 1; - for i in 0..5 { - let a_2i = (x0.0[i] & low_26_bits) as u32; - let a_2i_1 = (x0.0[i] >> 26) as u32; - let b_2i = (x1.0[i] & low_26_bits) as u32; - let b_2i_1 = (x1.0[i] >> 26) as u32; - let c_2i = (x2.0[i] & low_26_bits) as u32; - let c_2i_1 = (x2.0[i] >> 26) as u32; - let d_2i = (x3.0[i] & low_26_bits) as u32; - let d_2i_1 = (x3.0[i] >> 26) as u32; - - buf[i] = u32x8::new(a_2i, b_2i, a_2i_1, b_2i_1, c_2i, d_2i, c_2i_1, d_2i_1); - } - - // We don't know that the original `FieldElement51`s were - // fully reduced, so the odd limbs may exceed 2^25. - // Reduce them to be sure. - FieldElement2625x4(buf).reduce() - } - - /// Given \\((A,B,C,D)\\), compute \\((-A,-B,-C,-D)\\), without - /// performing a reduction. - /// - /// # Preconditions - /// - /// The coefficients of `self` must be bounded with \\( b < 0.999 \\). - /// - /// # Postconditions - /// - /// The coefficients of the result are bounded with \\( b < 1 \\). - #[inline] - pub fn negate_lazy(&self) -> FieldElement2625x4 { - // The limbs of self are bounded with b < 0.999, while the - // smallest limb of 2*p is 67108845 > 2^{26+0.9999}, so - // underflows are not possible. - FieldElement2625x4([ - P_TIMES_2_LO - self.0[0], - P_TIMES_2_HI - self.0[1], - P_TIMES_2_HI - self.0[2], - P_TIMES_2_HI - self.0[3], - P_TIMES_2_HI - self.0[4], - ]) - } - - /// Given `self = (A,B,C,D)`, compute `(B - A, B + A, D - C, D + C)`. - /// - /// # Preconditions - /// - /// The coefficients of `self` must be bounded with \\( b < 0.01 \\). - /// - /// # Postconditions - /// - /// The coefficients of the result are bounded with \\( b < 1.6 \\). - #[inline] - pub fn diff_sum(&self) -> FieldElement2625x4 { - // tmp1 = (B, A, D, C) - let tmp1 = self.shuffle(Shuffle::BADC); - // tmp2 = (-A, B, -C, D) - let tmp2 = self.blend(self.negate_lazy(), Lanes::AC); - // (B - A, B + A, D - C, D + C) bounded with b < 1.6 - tmp1 + tmp2 - } - - /// Reduce this vector of field elements \\(\mathrm{mod} p\\). - /// - /// # Postconditions - /// - /// The coefficients of the result are bounded with \\( b < 0.0002 \\). - #[inline] - pub fn reduce(&self) -> FieldElement2625x4 { - let shifts = i32x8::new(26, 26, 25, 25, 26, 26, 25, 25); - let masks = u32x8::new( - (1 << 26) - 1, - (1 << 26) - 1, - (1 << 25) - 1, - (1 << 25) - 1, - (1 << 26) - 1, - (1 << 26) - 1, - (1 << 25) - 1, - (1 << 25) - 1, - ); - - // Let c(x) denote the carryout of the coefficient x. - // - // Given ( x0, y0, x1, y1, z0, w0, z1, w1), - // compute (c(x1), c(y1), c(x0), c(y0), c(z1), c(w1), c(z0), c(w0)). - // - // The carryouts are bounded by 2^(32 - 25) = 2^7. - let rotated_carryout = |v: u32x8| -> u32x8 { - unsafe { - use core::arch::x86_64::_mm256_srlv_epi32; - use core::arch::x86_64::_mm256_shuffle_epi32; - - let c = _mm256_srlv_epi32(v.into_bits(), shifts.into_bits()); - _mm256_shuffle_epi32(c, 0b01_00_11_10).into_bits() - } - }; - - // Combine (lo, lo, lo, lo, lo, lo, lo, lo) - // with (hi, hi, hi, hi, hi, hi, hi, hi) - // to (lo, lo, hi, hi, lo, lo, hi, hi) - // - // This allows combining carryouts, e.g., - // - // lo (c(x1), c(y1), c(x0), c(y0), c(z1), c(w1), c(z0), c(w0)) - // hi (c(x3), c(y3), c(x2), c(y2), c(z3), c(w3), c(z2), c(w2)) - // -> (c(x1), c(y1), c(x2), c(y2), c(z1), c(w1), c(z2), c(w2)) - // - // which is exactly the vector of carryins for - // - // ( x2, y2, x3, y3, z2, w2, z3, w3). - // - let combine = |v_lo: u32x8, v_hi: u32x8| -> u32x8 { - unsafe { - use core::arch::x86_64::_mm256_blend_epi32; - _mm256_blend_epi32(v_lo.into_bits(), v_hi.into_bits(), 0b11_00_11_00).into_bits() - } - }; - - let mut v = self.0; - - let c10 = rotated_carryout(v[0]); - v[0] = (v[0] & masks) + combine(u32x8::splat(0), c10); - - let c32 = rotated_carryout(v[1]); - v[1] = (v[1] & masks) + combine(c10, c32); - - let c54 = rotated_carryout(v[2]); - v[2] = (v[2] & masks) + combine(c32, c54); - - let c76 = rotated_carryout(v[3]); - v[3] = (v[3] & masks) + combine(c54, c76); - - let c98 = rotated_carryout(v[4]); - v[4] = (v[4] & masks) + combine(c76, c98); - - let c9_19: u32x8 = unsafe { - use core::arch::x86_64::_mm256_mul_epu32; - use core::arch::x86_64::_mm256_shuffle_epi32; - - // Need to rearrange c98, since vpmuludq uses the low - // 32-bits of each 64-bit lane to compute the product: - // - // c98 = (c(x9), c(y9), c(x8), c(y8), c(z9), c(w9), c(z8), c(w8)); - // c9_spread = (c(x9), c(x8), c(y9), c(y8), c(z9), c(z8), c(w9), c(w8)). - let c9_spread = _mm256_shuffle_epi32(c98.into_bits(), 0b11_01_10_00); - - // Since the carryouts are bounded by 2^7, their products with 19 - // are bounded by 2^11.25. This means that - // - // c9_19_spread = (19*c(x9), 0, 19*c(y9), 0, 19*c(z9), 0, 19*c(w9), 0). - let c9_19_spread = _mm256_mul_epu32(c9_spread, u64x4::splat(19).into_bits()); - - // Unshuffle: - // c9_19 = (19*c(x9), 19*c(y9), 0, 0, 19*c(z9), 19*c(w9), 0, 0). - _mm256_shuffle_epi32(c9_19_spread, 0b11_01_10_00).into_bits() - }; - - // Add the final carryin. - v[0] = v[0] + c9_19; - - // Each output coefficient has exactly one carryin, which is - // bounded by 2^11.25, so they are bounded as - // - // c_even < 2^26 + 2^11.25 < 26.00006 < 2^{26+b} - // c_odd < 2^25 + 2^11.25 < 25.0001 < 2^{25+b} - // - // where b = 0.0002. - FieldElement2625x4(v) - } - - /// Given an array of wide coefficients, reduce them to a `FieldElement2625x4`. - /// - /// # Postconditions - /// - /// The coefficients of the result are bounded with \\( b < 0.007 \\). - #[inline] - fn reduce64(mut z: [u64x4; 10]) -> FieldElement2625x4 { - // These aren't const because splat isn't a const fn - let LOW_25_BITS: u64x4 = u64x4::splat((1 << 25) - 1); - let LOW_26_BITS: u64x4 = u64x4::splat((1 << 26) - 1); - - // Carry the value from limb i = 0..8 to limb i+1 - let carry = |z: &mut [u64x4; 10], i: usize| { - debug_assert!(i < 9); - if i % 2 == 0 { - // Even limbs have 26 bits - z[i + 1] = z[i + 1] + (z[i] >> 26); - z[i] = z[i] & LOW_26_BITS; - } else { - // Odd limbs have 25 bits - z[i + 1] = z[i + 1] + (z[i] >> 25); - z[i] = z[i] & LOW_25_BITS; - } - }; - - // Perform two halves of the carry chain in parallel. - carry(&mut z, 0); carry(&mut z, 4); - carry(&mut z, 1); carry(&mut z, 5); - carry(&mut z, 2); carry(&mut z, 6); - carry(&mut z, 3); carry(&mut z, 7); - // Since z[3] < 2^64, c < 2^(64-25) = 2^39, - // so z[4] < 2^26 + 2^39 < 2^39.0002 - carry(&mut z, 4); carry(&mut z, 8); - // Now z[4] < 2^26 - // and z[5] < 2^25 + 2^13.0002 < 2^25.0004 (good enough) - - // Last carry has a multiplication by 19. In the serial case we - // do a 64-bit multiplication by 19, but here we want to do a - // 32-bit multiplication. However, if we only know z[9] < 2^64, - // the carry is bounded as c < 2^(64-25) = 2^39, which is too - // big. To ensure c < 2^32, we would need z[9] < 2^57. - // Instead, we split the carry in two, with c = c_0 + c_1*2^26. - - let c = z[9] >> 25; - z[9] = z[9] & LOW_25_BITS; - let mut c0: u64x4 = c & LOW_26_BITS; // c0 < 2^26; - let mut c1: u64x4 = c >> 26; // c1 < 2^(39-26) = 2^13; - - unsafe { - use core::arch::x86_64::_mm256_mul_epu32; - let x19 = u64x4::splat(19); - c0 = _mm256_mul_epu32(c0.into_bits(), x19.into_bits()).into_bits(); // c0 < 2^30.25 - c1 = _mm256_mul_epu32(c1.into_bits(), x19.into_bits()).into_bits(); // c1 < 2^17.25 - } - - z[0] = z[0] + c0; // z0 < 2^26 + 2^30.25 < 2^30.33 - z[1] = z[1] + c1; // z1 < 2^25 + 2^17.25 < 2^25.0067 - carry(&mut z, 0); // z0 < 2^26, z1 < 2^25.0067 + 2^4.33 = 2^25.007 - - // The output coefficients are bounded with - // - // b = 0.007 for z[1] - // b = 0.0004 for z[5] - // b = 0 for other z[i]. - // - // So the packed result is bounded with b = 0.007. - FieldElement2625x4([ - repack_pair(z[0].into_bits(), z[1].into_bits()), - repack_pair(z[2].into_bits(), z[3].into_bits()), - repack_pair(z[4].into_bits(), z[5].into_bits()), - repack_pair(z[6].into_bits(), z[7].into_bits()), - repack_pair(z[8].into_bits(), z[9].into_bits()), - ]) - } - - /// Square this field element, and negate the result's \\(D\\) value. - /// - /// # Preconditions - /// - /// The coefficients of `self` must be bounded with \\( b < 1.5 \\). - /// - /// # Postconditions - /// - /// The coefficients of the result are bounded with \\( b < 0.007 \\). - pub fn square_and_negate_D(&self) -> FieldElement2625x4 { - #[inline(always)] - fn m(x: u32x8, y: u32x8) -> u64x4 { - use core::arch::x86_64::_mm256_mul_epu32; - unsafe { _mm256_mul_epu32(x.into_bits(), y.into_bits()).into_bits() } - } - - #[inline(always)] - fn m_lo(x: u32x8, y: u32x8) -> u32x8 { - use core::arch::x86_64::_mm256_mul_epu32; - unsafe { _mm256_mul_epu32(x.into_bits(), y.into_bits()).into_bits() } - } - - let v19 = u32x8::new(19, 0, 19, 0, 19, 0, 19, 0); - - let (x0, x1) = unpack_pair(self.0[0]); - let (x2, x3) = unpack_pair(self.0[1]); - let (x4, x5) = unpack_pair(self.0[2]); - let (x6, x7) = unpack_pair(self.0[3]); - let (x8, x9) = unpack_pair(self.0[4]); - - let x0_2 = x0 << 1; - let x1_2 = x1 << 1; - let x2_2 = x2 << 1; - let x3_2 = x3 << 1; - let x4_2 = x4 << 1; - let x5_2 = x5 << 1; - let x6_2 = x6 << 1; - let x7_2 = x7 << 1; - - let x5_19 = m_lo(v19, x5); - let x6_19 = m_lo(v19, x6); - let x7_19 = m_lo(v19, x7); - let x8_19 = m_lo(v19, x8); - let x9_19 = m_lo(v19, x9); - - let mut z0 = m(x0, x0) + m(x2_2,x8_19) + m(x4_2,x6_19) + ((m(x1_2,x9_19) + m(x3_2,x7_19) + m(x5,x5_19)) << 1); - let mut z1 = m(x0_2,x1) + m(x3_2,x8_19) + m(x5_2,x6_19) + ((m(x2,x9_19) + m(x4,x7_19)) << 1); - let mut z2 = m(x0_2,x2) + m(x1_2,x1) + m(x4_2,x8_19) + m(x6,x6_19) + ((m(x3_2,x9_19) + m(x5_2,x7_19)) << 1); - let mut z3 = m(x0_2,x3) + m(x1_2,x2) + m(x5_2,x8_19) + ((m(x4,x9_19) + m(x6,x7_19)) << 1); - let mut z4 = m(x0_2,x4) + m(x1_2,x3_2) + m(x2, x2) + m(x6_2,x8_19) + ((m(x5_2,x9_19) + m(x7,x7_19)) << 1); - let mut z5 = m(x0_2,x5) + m(x1_2,x4) + m(x2_2,x3) + m(x7_2,x8_19) + ((m(x6,x9_19)) << 1); - let mut z6 = m(x0_2,x6) + m(x1_2,x5_2) + m(x2_2,x4) + m(x3_2,x3) + m(x8,x8_19) + ((m(x7_2,x9_19)) << 1); - let mut z7 = m(x0_2,x7) + m(x1_2,x6) + m(x2_2,x5) + m(x3_2,x4) + ((m(x8,x9_19)) << 1); - let mut z8 = m(x0_2,x8) + m(x1_2,x7_2) + m(x2_2,x6) + m(x3_2,x5_2) + m(x4,x4) + ((m(x9,x9_19)) << 1); - let mut z9 = m(x0_2,x9) + m(x1_2,x8) + m(x2_2,x7) + m(x3_2,x6) + m(x4_2,x5); - - // The biggest z_i is bounded as z_i < 249*2^(51 + 2*b); - // if b < 1.5 we get z_i < 4485585228861014016. - // - // The limbs of the multiples of p are bounded above by - // - // 0x3fffffff << 37 = 9223371899415822336 < 2^63 - // - // and below by - // - // 0x1fffffff << 37 = 4611685880988434432 - // > 4485585228861014016 - // - // So these multiples of p are big enough to avoid underflow - // in subtraction, and small enough to fit within u64 - // with room for a carry. - - let low__p37 = u64x4::splat(0x3ffffed << 37); - let even_p37 = u64x4::splat(0x3ffffff << 37); - let odd__p37 = u64x4::splat(0x1ffffff << 37); - - let negate_D = |x: u64x4, p: u64x4| -> u64x4 { - unsafe { - use core::arch::x86_64::_mm256_blend_epi32; - _mm256_blend_epi32(x.into_bits(), (p - x).into_bits(), D_LANES64 as i32).into_bits() - } - }; - - z0 = negate_D(z0, low__p37); - z1 = negate_D(z1, odd__p37); - z2 = negate_D(z2, even_p37); - z3 = negate_D(z3, odd__p37); - z4 = negate_D(z4, even_p37); - z5 = negate_D(z5, odd__p37); - z6 = negate_D(z6, even_p37); - z7 = negate_D(z7, odd__p37); - z8 = negate_D(z8, even_p37); - z9 = negate_D(z9, odd__p37); - - FieldElement2625x4::reduce64([z0, z1, z2, z3, z4, z5, z6, z7, z8, z9]) - } -} - -impl Neg for FieldElement2625x4 { - type Output = FieldElement2625x4; - - /// Negate this field element, performing a reduction. - /// - /// If the coefficients are known to be small, use `negate_lazy` - /// to avoid performing a reduction. - /// - /// # Preconditions - /// - /// The coefficients of `self` must be bounded with \\( b < 4.0 \\). - /// - /// # Postconditions - /// - /// The coefficients of the result are bounded with \\( b < 0.0002 \\). - #[inline] - fn neg(self) -> FieldElement2625x4 { - FieldElement2625x4([ - P_TIMES_16_LO - self.0[0], - P_TIMES_16_HI - self.0[1], - P_TIMES_16_HI - self.0[2], - P_TIMES_16_HI - self.0[3], - P_TIMES_16_HI - self.0[4], - ]).reduce() - } -} - -impl Add for FieldElement2625x4 { - type Output = FieldElement2625x4; - /// Add two `FieldElement2625x4`s, without performing a reduction. - #[inline] - fn add(self, rhs: FieldElement2625x4) -> FieldElement2625x4 { - FieldElement2625x4([ - self.0[0] + rhs.0[0], - self.0[1] + rhs.0[1], - self.0[2] + rhs.0[2], - self.0[3] + rhs.0[3], - self.0[4] + rhs.0[4], - ]) - } -} - -impl Mul<(u32, u32, u32, u32)> for FieldElement2625x4 { - type Output = FieldElement2625x4; - /// Perform a multiplication by a vector of small constants. - /// - /// # Postconditions - /// - /// The coefficients of the result are bounded with \\( b < 0.007 \\). - #[inline] - fn mul(self, scalars: (u32, u32, u32, u32)) -> FieldElement2625x4 { - unsafe { - use core::arch::x86_64::_mm256_mul_epu32; - - let consts = u32x8::new(scalars.0, 0, scalars.1, 0, scalars.2, 0, scalars.3, 0); - - let (b0, b1) = unpack_pair(self.0[0]); - let (b2, b3) = unpack_pair(self.0[1]); - let (b4, b5) = unpack_pair(self.0[2]); - let (b6, b7) = unpack_pair(self.0[3]); - let (b8, b9) = unpack_pair(self.0[4]); - - FieldElement2625x4::reduce64([ - _mm256_mul_epu32(b0.into_bits(), consts.into_bits()).into_bits(), - _mm256_mul_epu32(b1.into_bits(), consts.into_bits()).into_bits(), - _mm256_mul_epu32(b2.into_bits(), consts.into_bits()).into_bits(), - _mm256_mul_epu32(b3.into_bits(), consts.into_bits()).into_bits(), - _mm256_mul_epu32(b4.into_bits(), consts.into_bits()).into_bits(), - _mm256_mul_epu32(b5.into_bits(), consts.into_bits()).into_bits(), - _mm256_mul_epu32(b6.into_bits(), consts.into_bits()).into_bits(), - _mm256_mul_epu32(b7.into_bits(), consts.into_bits()).into_bits(), - _mm256_mul_epu32(b8.into_bits(), consts.into_bits()).into_bits(), - _mm256_mul_epu32(b9.into_bits(), consts.into_bits()).into_bits(), - ]) - } - } -} - -impl<'a, 'b> Mul<&'b FieldElement2625x4> for &'a FieldElement2625x4 { - type Output = FieldElement2625x4; - /// Multiply `self` by `rhs`. - /// - /// # Preconditions - /// - /// The coefficients of `self` must be bounded with \\( b < 2.5 \\). - /// - /// The coefficients of `rhs` must be bounded with \\( b < 1.75 \\). - /// - /// # Postconditions - /// - /// The coefficients of the result are bounded with \\( b < 0.007 \\). - /// - fn mul(self, rhs: &'b FieldElement2625x4) -> FieldElement2625x4 { - #[inline(always)] - fn m(x: u32x8, y: u32x8) -> u64x4 { - use core::arch::x86_64::_mm256_mul_epu32; - unsafe { _mm256_mul_epu32(x.into_bits(), y.into_bits()).into_bits() } - } - - #[inline(always)] - fn m_lo(x: u32x8, y: u32x8) -> u32x8 { - use core::arch::x86_64::_mm256_mul_epu32; - unsafe { _mm256_mul_epu32(x.into_bits(), y.into_bits()).into_bits() } - } - - let (x0, x1) = unpack_pair(self.0[0]); - let (x2, x3) = unpack_pair(self.0[1]); - let (x4, x5) = unpack_pair(self.0[2]); - let (x6, x7) = unpack_pair(self.0[3]); - let (x8, x9) = unpack_pair(self.0[4]); - - let (y0, y1) = unpack_pair(rhs.0[0]); - let (y2, y3) = unpack_pair(rhs.0[1]); - let (y4, y5) = unpack_pair(rhs.0[2]); - let (y6, y7) = unpack_pair(rhs.0[3]); - let (y8, y9) = unpack_pair(rhs.0[4]); - - let v19 = u32x8::new(19, 0, 19, 0, 19, 0, 19, 0); - - let y1_19 = m_lo(v19, y1); // This fits in a u32 - let y2_19 = m_lo(v19, y2); // iff 26 + b + lg(19) < 32 - let y3_19 = m_lo(v19, y3); // if b < 32 - 26 - 4.248 = 1.752 - let y4_19 = m_lo(v19, y4); - let y5_19 = m_lo(v19, y5); - let y6_19 = m_lo(v19, y6); - let y7_19 = m_lo(v19, y7); - let y8_19 = m_lo(v19, y8); - let y9_19 = m_lo(v19, y9); - - let x1_2 = x1 + x1; // This fits in a u32 iff 25 + b + 1 < 32 - let x3_2 = x3 + x3; // iff b < 6 - let x5_2 = x5 + x5; - let x7_2 = x7 + x7; - let x9_2 = x9 + x9; - - let z0 = m(x0,y0) + m(x1_2,y9_19) + m(x2,y8_19) + m(x3_2,y7_19) + m(x4,y6_19) + m(x5_2,y5_19) + m(x6,y4_19) + m(x7_2,y3_19) + m(x8,y2_19) + m(x9_2,y1_19); - let z1 = m(x0,y1) + m(x1,y0) + m(x2,y9_19) + m(x3,y8_19) + m(x4,y7_19) + m(x5,y6_19) + m(x6,y5_19) + m(x7,y4_19) + m(x8,y3_19) + m(x9,y2_19); - let z2 = m(x0,y2) + m(x1_2,y1) + m(x2,y0) + m(x3_2,y9_19) + m(x4,y8_19) + m(x5_2,y7_19) + m(x6,y6_19) + m(x7_2,y5_19) + m(x8,y4_19) + m(x9_2,y3_19); - let z3 = m(x0,y3) + m(x1,y2) + m(x2,y1) + m(x3,y0) + m(x4,y9_19) + m(x5,y8_19) + m(x6,y7_19) + m(x7,y6_19) + m(x8,y5_19) + m(x9,y4_19); - let z4 = m(x0,y4) + m(x1_2,y3) + m(x2,y2) + m(x3_2,y1) + m(x4,y0) + m(x5_2,y9_19) + m(x6,y8_19) + m(x7_2,y7_19) + m(x8,y6_19) + m(x9_2,y5_19); - let z5 = m(x0,y5) + m(x1,y4) + m(x2,y3) + m(x3,y2) + m(x4,y1) + m(x5,y0) + m(x6,y9_19) + m(x7,y8_19) + m(x8,y7_19) + m(x9,y6_19); - let z6 = m(x0,y6) + m(x1_2,y5) + m(x2,y4) + m(x3_2,y3) + m(x4,y2) + m(x5_2,y1) + m(x6,y0) + m(x7_2,y9_19) + m(x8,y8_19) + m(x9_2,y7_19); - let z7 = m(x0,y7) + m(x1,y6) + m(x2,y5) + m(x3,y4) + m(x4,y3) + m(x5,y2) + m(x6,y1) + m(x7,y0) + m(x8,y9_19) + m(x9,y8_19); - let z8 = m(x0,y8) + m(x1_2,y7) + m(x2,y6) + m(x3_2,y5) + m(x4,y4) + m(x5_2,y3) + m(x6,y2) + m(x7_2,y1) + m(x8,y0) + m(x9_2,y9_19); - let z9 = m(x0,y9) + m(x1,y8) + m(x2,y7) + m(x3,y6) + m(x4,y5) + m(x5,y4) + m(x6,y3) + m(x7,y2) + m(x8,y1) + m(x9,y0); - - // The bounds on z[i] are the same as in the serial 32-bit code - // and the comment below is copied from there: - - // How big is the contribution to z[i+j] from x[i], y[j]? - // - // Using the bounds above, we get: - // - // i even, j even: x[i]*y[j] < 2^(26+b)*2^(26+b) = 2*2^(51+2*b) - // i odd, j even: x[i]*y[j] < 2^(25+b)*2^(26+b) = 1*2^(51+2*b) - // i even, j odd: x[i]*y[j] < 2^(26+b)*2^(25+b) = 1*2^(51+2*b) - // i odd, j odd: 2*x[i]*y[j] < 2*2^(25+b)*2^(25+b) = 1*2^(51+2*b) - // - // We perform inline reduction mod p by replacing 2^255 by 19 - // (since 2^255 - 19 = 0 mod p). This adds a factor of 19, so - // we get the bounds (z0 is the biggest one, but calculated for - // posterity here in case finer estimation is needed later): - // - // z0 < ( 2 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 )*2^(51 + 2b) = 249*2^(51 + 2*b) - // z1 < ( 1 + 1 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 )*2^(51 + 2b) = 154*2^(51 + 2*b) - // z2 < ( 2 + 1 + 2 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 )*2^(51 + 2b) = 195*2^(51 + 2*b) - // z3 < ( 1 + 1 + 1 + 1 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 + 1*19 )*2^(51 + 2b) = 118*2^(51 + 2*b) - // z4 < ( 2 + 1 + 2 + 1 + 2 + 1*19 + 2*19 + 1*19 + 2*19 + 1*19 )*2^(51 + 2b) = 141*2^(51 + 2*b) - // z5 < ( 1 + 1 + 1 + 1 + 1 + 1 + 1*19 + 1*19 + 1*19 + 1*19 )*2^(51 + 2b) = 82*2^(51 + 2*b) - // z6 < ( 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1*19 + 2*19 + 1*19 )*2^(51 + 2b) = 87*2^(51 + 2*b) - // z7 < ( 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1*19 + 1*19 )*2^(51 + 2b) = 46*2^(51 + 2*b) - // z8 < ( 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1*19 )*2^(51 + 2b) = 33*2^(51 + 2*b) - // z9 < ( 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 )*2^(51 + 2b) = 10*2^(51 + 2*b) - // - // So z[0] fits into a u64 if 51 + 2*b + lg(249) < 64 - // if b < 2.5. - - // In fact this bound is slightly sloppy, since it treats both - // inputs x and y as being bounded by the same parameter b, - // while they are in fact bounded by b_x and b_y, and we - // already require that b_y < 1.75 in order to fit the - // multiplications by 19 into a u32. The tighter bound on b_y - // means we could get a tighter bound on the outputs, or a - // looser bound on b_x. - FieldElement2625x4::reduce64([z0, z1, z2, z3, z4, z5, z6, z7, z8, z9]) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn scale_by_curve_constants() { - let mut x = FieldElement2625x4::splat(&FieldElement51::one()); - - x = x * (121666, 121666, 2*121666, 2*121665); - - let xs = x.split(); - assert_eq!(xs[0], FieldElement51([121666, 0, 0, 0, 0])); - assert_eq!(xs[1], FieldElement51([121666, 0, 0, 0, 0])); - assert_eq!(xs[2], FieldElement51([2 * 121666, 0, 0, 0, 0])); - assert_eq!(xs[3], FieldElement51([2 * 121665, 0, 0, 0, 0])); - } - - #[test] - fn diff_sum_vs_serial() { - let x0 = FieldElement51([10000, 10001, 10002, 10003, 10004]); - let x1 = FieldElement51([10100, 10101, 10102, 10103, 10104]); - let x2 = FieldElement51([10200, 10201, 10202, 10203, 10204]); - let x3 = FieldElement51([10300, 10301, 10302, 10303, 10304]); - - let vec = FieldElement2625x4::new(&x0, &x1, &x2, &x3).diff_sum(); - - let result = vec.split(); - - assert_eq!(result[0], &x1 - &x0); - assert_eq!(result[1], &x1 + &x0); - assert_eq!(result[2], &x3 - &x2); - assert_eq!(result[3], &x3 + &x2); - } - - #[test] - fn square_vs_serial() { - let x0 = FieldElement51([10000, 10001, 10002, 10003, 10004]); - let x1 = FieldElement51([10100, 10101, 10102, 10103, 10104]); - let x2 = FieldElement51([10200, 10201, 10202, 10203, 10204]); - let x3 = FieldElement51([10300, 10301, 10302, 10303, 10304]); - - let vec = FieldElement2625x4::new(&x0, &x1, &x2, &x3); - - let result = vec.square_and_negate_D().split(); - - assert_eq!(result[0], &x0 * &x0); - assert_eq!(result[1], &x1 * &x1); - assert_eq!(result[2], &x2 * &x2); - assert_eq!(result[3], -&(&x3 * &x3)); - } - - #[test] - fn multiply_vs_serial() { - let x0 = FieldElement51([10000, 10001, 10002, 10003, 10004]); - let x1 = FieldElement51([10100, 10101, 10102, 10103, 10104]); - let x2 = FieldElement51([10200, 10201, 10202, 10203, 10204]); - let x3 = FieldElement51([10300, 10301, 10302, 10303, 10304]); - - let vec = FieldElement2625x4::new(&x0, &x1, &x2, &x3); - let vecprime = vec.clone(); - - let result = (&vec * &vecprime).split(); - - assert_eq!(result[0], &x0 * &x0); - assert_eq!(result[1], &x1 * &x1); - assert_eq!(result[2], &x2 * &x2); - assert_eq!(result[3], &x3 * &x3); - } - - #[test] - fn test_unpack_repack_pair() { - let x0 = FieldElement51([10000 + (10001 << 26), 0, 0, 0, 0]); - let x1 = FieldElement51([10100 + (10101 << 26), 0, 0, 0, 0]); - let x2 = FieldElement51([10200 + (10201 << 26), 0, 0, 0, 0]); - let x3 = FieldElement51([10300 + (10301 << 26), 0, 0, 0, 0]); - - let vec = FieldElement2625x4::new(&x0, &x1, &x2, &x3); - - let src = vec.0[0]; - - let (a, b) = unpack_pair(src); - - let expected_a = u32x8::new(10000, 0, 10100, 0, 10200, 0, 10300, 0); - let expected_b = u32x8::new(10001, 0, 10101, 0, 10201, 0, 10301, 0); - - assert_eq!(a, expected_a); - assert_eq!(b, expected_b); - - let expected_src = repack_pair(a, b); - - assert_eq!(src, expected_src); - } - - #[test] - fn new_split_roundtrips() { - let x0 = FieldElement51::from_bytes(&[0x10; 32]); - let x1 = FieldElement51::from_bytes(&[0x11; 32]); - let x2 = FieldElement51::from_bytes(&[0x12; 32]); - let x3 = FieldElement51::from_bytes(&[0x13; 32]); - - let vec = FieldElement2625x4::new(&x0, &x1, &x2, &x3); - - let splits = vec.split(); - - assert_eq!(x0, splits[0]); - assert_eq!(x1, splits[1]); - assert_eq!(x2, splits[2]); - assert_eq!(x3, splits[3]); - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/mod.rs deleted file mode 100644 index 527fdc125a68..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/mod.rs +++ /dev/null @@ -1,21 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -#![cfg_attr( - feature = "nightly", - doc(include = "../../../../docs/avx2-notes.md") -)] - -pub(crate) mod field; - -pub(crate) mod edwards; - -pub(crate) mod constants; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/constants.rs deleted file mode 100644 index fd89058d6107..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/constants.rs +++ /dev/null @@ -1,2062 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2018-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - Henry de Valence - -//! This module contains constants used by the IFMA backend. - -use packed_simd::u64x4; - -use window::NafLookupTable8; - -use super::edwards::{CachedPoint, ExtendedPoint}; -use super::field::{F51x4Reduced, F51x4Unreduced}; - -/// The identity element as an `ExtendedPoint`. -pub(crate) static EXTENDEDPOINT_IDENTITY: ExtendedPoint = ExtendedPoint(F51x4Unreduced([ - u64x4::new(0, 1, 1, 0), - u64x4::new(0, 0, 0, 0), - u64x4::new(0, 0, 0, 0), - u64x4::new(0, 0, 0, 0), - u64x4::new(0, 0, 0, 0), -])); - -/// The identity element as a `CachedPoint`. -pub(crate) static CACHEDPOINT_IDENTITY: CachedPoint = CachedPoint(F51x4Reduced([ - u64x4::new(121647, 121666, 243332, 2251799813685229), - u64x4::new(2251799813685248, 0, 0, 2251799813685247), - u64x4::new(2251799813685247, 0, 0, 2251799813685247), - u64x4::new(2251799813685247, 0, 0, 2251799813685247), - u64x4::new(2251799813685247, 0, 0, 2251799813685247), -])); - -/// Odd multiples of the Ed25519 basepoint: -pub(crate) static BASEPOINT_ODD_LOOKUP_TABLE: NafLookupTable8 = NafLookupTable8([ - CachedPoint(F51x4Reduced([ - u64x4::new(1277522120965857, 73557767439946, 243332, 1943719795065404), - u64x4::new(108375142003455, 341984820733594, 0, 2097709862669256), - u64x4::new(150073485536043, 750646439938056, 0, 581130035634455), - u64x4::new(2149983732744869, 1903255931888577, 0, 646644904824193), - u64x4::new(291045673509296, 1060034214701851, 0, 325245010451737), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1970681836121889, - 1660307753655178, - 1077207637163462, - 1436413309977108, - ), - u64x4::new( - 158785710838757, - 919645875412951, - 174577133496574, - 2213787394009350, - ), - u64x4::new( - 1017606396438281, - 1240932851489554, - 918203302506967, - 1239827708070863, - ), - u64x4::new( - 1748989883612327, - 1745367742532782, - 1168385548387, - 1211387683826673, - ), - u64x4::new( - 799349980018733, - 1471088235739693, - 1505351346057417, - 2104975925096407, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 171437462972293, - 36016853025886, - 1184164975342640, - 1633525003912147, - ), - u64x4::new( - 2113383632509037, - 1946216474924125, - 1884174984466256, - 1373317790955847, - ), - u64x4::new( - 791293623466401, - 1796466048084189, - 444977763198796, - 629823271230872, - ), - u64x4::new( - 1093217720067380, - 2157024270666135, - 238122980108466, - 806820763806847, - ), - u64x4::new( - 793658959468458, - 368578641413741, - 11592529764159, - 2144017075993471, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1538027396670268, - 1588896993892061, - 675619548648376, - 788373514423313, - ), - u64x4::new( - 1987517656073805, - 1940987929951188, - 666993851697339, - 2040540928108427, - ), - u64x4::new( - 375514548584082, - 1726008037083790, - 1070069155000872, - 570111103756303, - ), - u64x4::new( - 772223645372213, - 2123395244967674, - 868238486911408, - 1846639042240362, - ), - u64x4::new( - 872865734460736, - 32277956842850, - 1701451131455402, - 773883376061880, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1845177363882902, - 275858237213625, - 1052127336883600, - 171072805852218, - ), - u64x4::new( - 139016783952609, - 462699304987089, - 430046471494974, - 410922720999257, - ), - u64x4::new( - 846403935976337, - 243817706931454, - 971825428236901, - 571800039596794, - ), - u64x4::new( - 807642685434918, - 1933536976438782, - 812324278898440, - 688391556487313, - ), - u64x4::new( - 76239450396192, - 629532732688863, - 1833302026979779, - 650067934544499, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1373931604989264, - 331159264656614, - 364391529321767, - 874765630865409, - ), - u64x4::new( - 2109908262150241, - 473400816504190, - 91544045127333, - 976307977609515, - ), - u64x4::new( - 330175435673491, - 2126511895885904, - 1022944071588421, - 2158480209801463, - ), - u64x4::new( - 1305666795527971, - 162063591028664, - 2193154870675382, - 1789166662611800, - ), - u64x4::new( - 817858592500508, - 1672743239440202, - 859976879916778, - 1167423340862516, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 274334925170164, - 565841102587251, - 603083835949120, - 607539210240861, - ), - u64x4::new( - 196754662972649, - 1339063476699167, - 1406077076979491, - 896902435668469, - ), - u64x4::new( - 397962210956733, - 174839587476217, - 1381082665748936, - 175195877334136, - ), - u64x4::new( - 717429432748391, - 1635309821746318, - 363374010274647, - 882908746261699, - ), - u64x4::new( - 600946602802781, - 1946596133370711, - 1532135183320341, - 690530671668253, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 2074443704000945, - 2163534804938345, - 425423840926528, - 1100826171404853, - ), - u64x4::new( - 111700142796101, - 1456893872751964, - 1186145518682968, - 2192182627706116, - ), - u64x4::new( - 1848722121856066, - 2123239575044749, - 1323870754599272, - 883211262889775, - ), - u64x4::new( - 938263017712916, - 689670293631396, - 183944529557576, - 501908638166580, - ), - u64x4::new( - 2170571907220631, - 36636756989655, - 1875035480138608, - 803703278398018, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1053429956874064, - 1636640618139765, - 1556890827801070, - 2142720579528828, - ), - u64x4::new( - 1814240918422814, - 692326274601777, - 1054896561802157, - 2025454041705534, - ), - u64x4::new( - 2109495823888757, - 1287497869997176, - 194170063200096, - 621116840113213, - ), - u64x4::new( - 2156505873679998, - 2197064359737385, - 1312887672223536, - 369862818895912, - ), - u64x4::new( - 977381163563657, - 1878897311974033, - 2144566861359744, - 1832960882773351, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1266492498289486, - 1301524759372145, - 324789537938521, - 442710471023019, - ), - u64x4::new( - 1232722320001345, - 1191193089162455, - 176474006074813, - 2158950213252857, - ), - u64x4::new( - 1901782191467749, - 494791441598902, - 1820415815322129, - 854954583485223, - ), - u64x4::new( - 1511383667649702, - 792536415032464, - 2027741263854728, - 1727944381044738, - ), - u64x4::new( - 606355788891204, - 1670687521471220, - 582824350365415, - 1509135066079912, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1079942762813598, - 2015830004785901, - 479916361323351, - 1907956590950158, - ), - u64x4::new( - 2053400302939156, - 1319799126867070, - 19493088767391, - 1908755581402373, - ), - u64x4::new( - 2235858054780980, - 885832711204321, - 810332865560178, - 103174191215441, - ), - u64x4::new( - 1843466881032833, - 355511728384038, - 693846715794114, - 186545012724117, - ), - u64x4::new( - 1661758432892509, - 1491022339899281, - 698941123765263, - 174945407208560, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1075933251927831, - 400263885306647, - 1308157532880528, - 347933379126665, - ), - u64x4::new( - 673811632329433, - 1584860147186478, - 271778891257244, - 498194055154207, - ), - u64x4::new( - 703783427747558, - 1051624728592032, - 1371463103351544, - 230351033002960, - ), - u64x4::new( - 860729466483372, - 421647596766583, - 1520613871336707, - 635298775280054, - ), - u64x4::new( - 1168352891728845, - 1691216293752089, - 1799491997061519, - 399728882318504, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 420156727446514, - 1483649215777128, - 165508610199900, - 1918121104840431, - ), - u64x4::new( - 2129902293682427, - 730952770435213, - 2184527544565390, - 1939880362232986, - ), - u64x4::new( - 1771978364905086, - 510975579746524, - 927564335219142, - 177574146260558, - ), - u64x4::new( - 2164104536437514, - 1532598873799015, - 406875369182421, - 1367005937406517, - ), - u64x4::new( - 35073200082587, - 1981124717036219, - 1854087014063833, - 122419694385217, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1963785875777739, - 411497142699119, - 1974557512687408, - 1268304422747183, - ), - u64x4::new( - 762752575978150, - 1443822019541748, - 1331556159904338, - 377726798263780, - ), - u64x4::new( - 825953972847841, - 353487068141356, - 1955697322427207, - 2048226560172078, - ), - u64x4::new( - 1482378558684434, - 657691905625918, - 923870001994493, - 1694132799397736, - ), - u64x4::new( - 1643904759603122, - 170495566698285, - 1218312703413378, - 784318735038131, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 939230507241903, - 2238763473105245, - 1827325199528162, - 1153939339775538, - ), - u64x4::new( - 38544505283339, - 258889431497015, - 351721979677947, - 1357907379592829, - ), - u64x4::new( - 1393974676373341, - 1131355528938676, - 473104915298872, - 978783482501776, - ), - u64x4::new( - 2131516168980501, - 2113911780991092, - 1477027502354261, - 542884524860340, - ), - u64x4::new( - 1029606261349423, - 64226378557628, - 1669131167474348, - 2212808057234874, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1423176501543193, - 163313632579593, - 2220495688893001, - 2220041045291870, - ), - u64x4::new( - 1111834224023697, - 1026815658023689, - 1404605100939775, - 1412149108248227, - ), - u64x4::new( - 1542537854906076, - 1270288391129127, - 991419278941933, - 1824939809581980, - ), - u64x4::new( - 1142003215657891, - 525980550896367, - 1508270666157963, - 917719462309053, - ), - u64x4::new( - 400851268057105, - 1620818232405188, - 1251478578139510, - 2162841805361886, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 2125383272208441, - 1368790097335984, - 11813369275978, - 639513785921674, - ), - u64x4::new( - 2200806265616284, - 1041996387620216, - 1275149397833084, - 1723371028064068, - ), - u64x4::new( - 603720163891275, - 2135593511176153, - 2049641644431548, - 1198460677818310, - ), - u64x4::new( - 1862491879401621, - 2008116580769441, - 626566325260235, - 1058308304975798, - ), - u64x4::new( - 628557314314858, - 1075323332046522, - 1631772244117095, - 1812174547405683, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1222773123817104, - 363276129291452, - 796237592807883, - 1914425291893078, - ), - u64x4::new( - 1721259057429088, - 734941709009373, - 1553365830564638, - 1492120931079419, - ), - u64x4::new( - 1009354843273686, - 293884504384873, - 1050281954944357, - 134132942667344, - ), - u64x4::new( - 23119363298711, - 1694754778833445, - 1725925193393496, - 1738396998222001, - ), - u64x4::new( - 1753692057254667, - 118428526447110, - 840961387840295, - 1227619055408558, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1004186117579547, - 508771992330056, - 1426571663072421, - 2238524171903259, - ), - u64x4::new( - 744764613007812, - 398885442368825, - 2047459490294949, - 2141797621077959, - ), - u64x4::new( - 4556204156489, - 1708213022802363, - 1071381560923933, - 393474529142567, - ), - u64x4::new( - 350116198213005, - 945907227204695, - 168267474358731, - 1801504420122711, - ), - u64x4::new( - 728788674520360, - 1262722049156121, - 455259596607008, - 1159442365834489, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 2226818917892677, - 185673745808179, - 2240952219732549, - 324137961621908, - ), - u64x4::new( - 1659527641857410, - 973964060249383, - 1349692151487730, - 1172743533370593, - ), - u64x4::new( - 310591478467746, - 2123977244137170, - 774562885265820, - 430035546191685, - ), - u64x4::new( - 2150863173197992, - 2101978317708856, - 193592648406011, - 1375328504508580, - ), - u64x4::new( - 1946235834250479, - 121741431658675, - 1004342690620100, - 2063466488599450, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 463079632200153, - 40415275714025, - 545935352782679, - 1458043501600908, - ), - u64x4::new( - 783771976559993, - 880839641726471, - 1782028201271831, - 41664413404590, - ), - u64x4::new( - 985129151724159, - 187728621410000, - 16620051933318, - 378011085567733, - ), - u64x4::new( - 1820372198168638, - 905710046480679, - 1912961774249737, - 1868135861067161, - ), - u64x4::new( - 474460473983187, - 1455684425673661, - 652771171116843, - 733511920760779, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1088886980746809, - 1660218575261626, - 527921875040240, - 915086639857889, - ), - u64x4::new( - 1814735788528175, - 1586698876186367, - 2040856637532862, - 405684812785624, - ), - u64x4::new( - 658578559700999, - 1751442070931114, - 1293623371490094, - 715026719042518, - ), - u64x4::new( - 382156225644820, - 897982285504960, - 577673183555858, - 1158728558309719, - ), - u64x4::new( - 1865791902475663, - 124491617513788, - 758484125168765, - 734065580770143, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 330985690350617, - 2214424721795630, - 973374650780848, - 1507267060932964, - ), - u64x4::new( - 1733823971011290, - 1730742552292995, - 669018866977489, - 604527664126146, - ), - u64x4::new( - 1082092498645474, - 1029182053935309, - 756799947765834, - 1764720030308351, - ), - u64x4::new( - 969912105693756, - 38116887248276, - 2148030115687613, - 995140534653865, - ), - u64x4::new( - 2154373397460354, - 298128883464656, - 479587543632539, - 1061127201140779, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 843064865526549, - 2019481782959016, - 1873125524281672, - 2013330239022371, - ), - u64x4::new( - 1192932403815186, - 1818108671859220, - 1247005102016258, - 1210577394628058, - ), - u64x4::new( - 132359273326717, - 795492788299178, - 1235924489372816, - 891705064411550, - ), - u64x4::new( - 1425833709104858, - 152114045731085, - 991347902581315, - 1387773338707683, - ), - u64x4::new( - 48024203807922, - 157005564892977, - 1474053161953744, - 727448023498345, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1076621484026788, - 1309917234320927, - 1786998180233659, - 1595497085944737, - ), - u64x4::new( - 1737334672694726, - 2038133716999447, - 1929061192400917, - 620544235219084, - ), - u64x4::new( - 1550527313469747, - 329096759623509, - 1585214659209474, - 693419841748324, - ), - u64x4::new( - 1450010875912315, - 2085047082180569, - 757421110771886, - 389367139787400, - ), - u64x4::new( - 781339490566117, - 132941783448971, - 258650459725225, - 2042274962585613, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 859638991542650, - 2249840007426442, - 1138753070862357, - 793751342318913, - ), - u64x4::new( - 2133476133447306, - 1027010646129239, - 436851910892865, - 866949948830344, - ), - u64x4::new( - 1936003572431223, - 531513680252193, - 1929877059408416, - 830585477662503, - ), - u64x4::new( - 1460760405777960, - 686673748420916, - 275475330051554, - 1581792376993692, - ), - u64x4::new( - 894482039456784, - 1801274480988632, - 16407898635278, - 1668497039215206, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 258585746227669, - 936490904651492, - 1826793887434108, - 1201219990633823, - ), - u64x4::new( - 979462791643635, - 461762372210187, - 218708929991480, - 1378150755760178, - ), - u64x4::new( - 642542170229970, - 787135445552820, - 371168855880557, - 182642566486693, - ), - u64x4::new( - 1152277399721904, - 1726910452705576, - 1452393215705343, - 2117799581546845, - ), - u64x4::new( - 1211265143925330, - 14373046151823, - 1745528818271507, - 1842106288572078, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 635154614562157, - 1956763034454109, - 509123035953043, - 445727657534780, - ), - u64x4::new( - 2072765509783252, - 1282639891593570, - 1075086397362049, - 722996110178195, - ), - u64x4::new( - 1385572918825603, - 1190035835509576, - 218317841176013, - 1047865370756924, - ), - u64x4::new( - 473991569426488, - 1910588123704592, - 1338270051770806, - 401676861680875, - ), - u64x4::new( - 992455353618436, - 126422733426929, - 1955248037756399, - 119233843022643, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1555272991526078, - 2214378187116349, - 366893798097444, - 1401502118355702, - ), - u64x4::new( - 1157229521930713, - 2144787187506262, - 1681597469697840, - 847499096518697, - ), - u64x4::new( - 1872802655800758, - 1027119609820793, - 1137278714788290, - 1664750301179485, - ), - u64x4::new( - 1091289858897030, - 910126419483563, - 1101920147235731, - 597083075893952, - ), - u64x4::new( - 1711011533670315, - 185206680336278, - 1620960612579784, - 1968598849170880, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 73077300235958, - 257216723095630, - 466947267713785, - 847105214181598, - ), - u64x4::new( - 1322905631406309, - 407458059314731, - 230045063190376, - 923800751267786, - ), - u64x4::new( - 1146027205000415, - 1541328763727623, - 768510249199119, - 1630223587589059, - ), - u64x4::new( - 1930368769879433, - 1376145403022159, - 1898149855343131, - 1709421930518180, - ), - u64x4::new( - 633944191571764, - 58314960742839, - 2050971151574988, - 757799756090059, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 361576929158539, - 1035682890165818, - 160945739362874, - 266975208626222, - ), - u64x4::new( - 1635371797076046, - 2106722851965197, - 451585919077206, - 6692426667180, - ), - u64x4::new( - 175820543533852, - 2057511393764025, - 1531846543720469, - 1648320903946519, - ), - u64x4::new( - 947461770620940, - 1107335044817620, - 1725565474111216, - 2182263619949220, - ), - u64x4::new( - 726444888601221, - 1379664085279206, - 1517215633290417, - 1763968936542507, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 686545355846512, - 1712283265573167, - 1743509592736302, - 1653906616429153, - ), - u64x4::new( - 985108805667149, - 2244347650874753, - 1304749057936860, - 321846134330589, - ), - u64x4::new( - 296321076156886, - 1717929256240029, - 450933772486425, - 2015536856431605, - ), - u64x4::new( - 1690393512821866, - 646913049470189, - 2198650647576397, - 1230646705710442, - ), - u64x4::new( - 601961913448442, - 878806578800541, - 620497587492381, - 330716414244629, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 631510982676132, - 1755753187697174, - 1596201246674299, - 2197888384902121, - ), - u64x4::new( - 626957678275745, - 1447583371478595, - 1375375216702128, - 1443613232818823, - ), - u64x4::new( - 1962997804660501, - 1051744123184519, - 1002558639300437, - 1237313314603385, - ), - u64x4::new( - 2118828335274995, - 226398203764759, - 889099617161107, - 1620967117678504, - ), - u64x4::new( - 227261019362935, - 2046897556746842, - 591524060355369, - 2178552047369691, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1375403119051662, - 222313965014452, - 539873444241395, - 213198095917915, - ), - u64x4::new( - 1436952871599114, - 1229749762725246, - 1174441562267670, - 265367077740349, - ), - u64x4::new( - 11107426165917, - 985954476039181, - 1147329112365579, - 1133931640328107, - ), - u64x4::new( - 585235055006843, - 699515259687482, - 299559608721134, - 2134819767146767, - ), - u64x4::new( - 1376401105588528, - 391412107507860, - 302743651807545, - 1362834426455518, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1802940904616205, - 1615132760193234, - 869321663313735, - 666494072545310, - ), - u64x4::new( - 1452849320020701, - 1472716813676364, - 472862999490802, - 359937983286145, - ), - u64x4::new( - 1221198323133843, - 491718521756528, - 1387135774113906, - 793779904904008, - ), - u64x4::new( - 1032129287829151, - 30730741946697, - 217603185195068, - 2118169309744162, - ), - u64x4::new( - 225899335574721, - 1767553399797342, - 881082465669982, - 1435383196392870, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1127093564374276, - 2245188499702906, - 1250041622887441, - 2179324911668149, - ), - u64x4::new( - 908019210866875, - 1879900391060964, - 1355047706206597, - 647218945377302, - ), - u64x4::new( - 1616265604422592, - 2134336781521657, - 1157711219915601, - 1227494173135033, - ), - u64x4::new( - 136450294813355, - 1984543542455033, - 1199486053011083, - 33687889941331, - ), - u64x4::new( - 1053447012707371, - 68239344331930, - 537448158443925, - 1829189783369646, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 996806463322563, - 2043104667851348, - 1110361398300309, - 1218740346887957, - ), - u64x4::new( - 399141907016839, - 1307691109658227, - 532535384961264, - 896201194398872, - ), - u64x4::new( - 111705272106160, - 1790972382466021, - 1159338112559144, - 303544352897203, - ), - u64x4::new( - 1036600573322969, - 1457119922663674, - 334117653665514, - 460023361701263, - ), - u64x4::new( - 1363773215189933, - 1915594049343802, - 1661249423378694, - 1744945551969247, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 3093919631215, - 574886478077610, - 1704446919728971, - 250093147254210, - ), - u64x4::new( - 1387413348737796, - 360142717826981, - 2116185073015983, - 474541388374100, - ), - u64x4::new( - 1632539630892580, - 1332404016215719, - 2145297637794728, - 1289783723173504, - ), - u64x4::new( - 1030244179060173, - 579782698595797, - 1062365251139982, - 677149839815546, - ), - u64x4::new( - 6671539419876, - 1426937459653775, - 406942403696343, - 675479224223817, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 271984148441782, - 1708099625818957, - 1499011822959235, - 516808451044836, - ), - u64x4::new( - 1124847751346323, - 2038336022958449, - 1721698491022600, - 705944403212572, - ), - u64x4::new( - 85459783780275, - 1715213099986669, - 1728445509034791, - 730657630359717, - ), - u64x4::new( - 1185034652652387, - 755472578204310, - 476118360897817, - 1800434542785310, - ), - u64x4::new( - 1815589628676941, - 491778500674079, - 1547664984392513, - 279891608681267, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 2036337168672113, - 1730787524684269, - 639134121311693, - 698060925015524, - ), - u64x4::new( - 315211075189491, - 1329055848835358, - 688621136402134, - 1271193060119448, - ), - u64x4::new( - 1697984374314012, - 459330773536457, - 305481314707918, - 61676911066002, - ), - u64x4::new( - 2166631826859191, - 2105217187401781, - 937587962768434, - 357397435365683, - ), - u64x4::new( - 1206757093145471, - 1287847622009294, - 1951336140421622, - 2233789834777410, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 82144190081093, - 1568417433687791, - 907555979158442, - 2037855062523867, - ), - u64x4::new( - 1225315484058853, - 315317868015613, - 1765025920288384, - 175223259828436, - ), - u64x4::new( - 1215010304871271, - 662713408454950, - 429517658575616, - 991062684008811, - ), - u64x4::new( - 993837615254894, - 1485561584889450, - 2001836754226476, - 1915943063896801, - ), - u64x4::new( - 818895101625673, - 1342479472068804, - 1380235330010671, - 23315169761453, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1500726307559118, - 956166860173424, - 512663951564436, - 1940180717699824, - ), - u64x4::new( - 1789521472720825, - 779456898652427, - 2035063615853504, - 863582140589407, - ), - u64x4::new( - 634508890793787, - 1748041666732214, - 259642099961634, - 1294936839797812, - ), - u64x4::new( - 2183334898697038, - 2197242820694806, - 2217225409073703, - 992633998226449, - ), - u64x4::new( - 2197077498155916, - 1562008797791883, - 1395088759904208, - 331715244679294, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 186854731652320, - 284389440026580, - 1252175415119400, - 1025377410100223, - ), - u64x4::new( - 1578732129417607, - 898645497852382, - 2237766074482974, - 1939197790303592, - ), - u64x4::new( - 1438830390640145, - 1682452015845597, - 1108441197232223, - 1984134492898664, - ), - u64x4::new( - 282668727301669, - 1609018289552856, - 390363439795705, - 1138459124667912, - ), - u64x4::new( - 18889015928490, - 532489638086725, - 324621535996080, - 2210046082697453, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 2041327051605378, - 2244037852176483, - 2116336876147147, - 9616672544864, - ), - u64x4::new( - 969847387559191, - 1059119127679639, - 1764630094670633, - 364568045311834, - ), - u64x4::new( - 505938893153679, - 2075421412172902, - 326984153045666, - 1959549727324704, - ), - u64x4::new( - 1088715617911260, - 13917085151028, - 950568481355929, - 23687195265771, - ), - u64x4::new( - 1798284568673198, - 808382292203333, - 2214698741961545, - 610817203275867, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1731488929623777, - 1158815615106413, - 1491090861948525, - 1428384712900962, - ), - u64x4::new( - 722237139522457, - 1514290328911535, - 1366197913116230, - 1519472657321210, - ), - u64x4::new( - 246028966932273, - 1888239319448405, - 423720022211163, - 455243905681470, - ), - u64x4::new( - 738323403716001, - 1758018973481179, - 1180718299482318, - 1008495946606708, - ), - u64x4::new( - 334959381596119, - 1704599537529481, - 2172191232106896, - 13502508918495, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 273393076768079, - 427388720298603, - 1071733376018227, - 1715429388968611, - ), - u64x4::new( - 751776629892313, - 1965239102856011, - 541955408230119, - 831043488876080, - ), - u64x4::new( - 643718536393104, - 390543998404644, - 2176730661486279, - 499459234889079, - ), - u64x4::new( - 1482404333915009, - 865527293526285, - 507957951411713, - 216456252558825, - ), - u64x4::new( - 2210281256300231, - 1519357818277551, - 1257866936775246, - 1689605217672864, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 2135395168187905, - 2214400157568614, - 2032983817870823, - 1124945109072647, - ), - u64x4::new( - 1602820011758145, - 906675633903289, - 782700735390986, - 2067218823525601, - ), - u64x4::new( - 786785748926382, - 1433583123655616, - 905839404290873, - 2249680349963778, - ), - u64x4::new( - 1940824582370584, - 1610961256326291, - 285307858781375, - 1755588655461194, - ), - u64x4::new( - 233682812055333, - 2146114223476434, - 41132209533476, - 535292431776371, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 600257696476418, - 18449221564824, - 1422209458591138, - 239571584769716, - ), - u64x4::new( - 2056372917056980, - 1155290566623531, - 1252473955568148, - 1276690716882081, - ), - u64x4::new( - 246974369025311, - 658117221519903, - 2000380937898441, - 1351183273924850, - ), - u64x4::new( - 1803747363753112, - 1736801515030186, - 2025633577199091, - 603378480769167, - ), - u64x4::new( - 57348749438551, - 1893551220299655, - 657926732731806, - 1522499384853705, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 591809128842736, - 284860517232591, - 27436696863545, - 886306697195798, - ), - u64x4::new( - 2113192175751749, - 1405882509906423, - 561316282804847, - 835573846576266, - ), - u64x4::new( - 94407289485409, - 1781534171669004, - 2098782516531528, - 598529921520053, - ), - u64x4::new( - 1860137004504786, - 2197323407480349, - 1516772733981532, - 961740253777086, - ), - u64x4::new( - 1484139612868217, - 1593557644636881, - 838834937143441, - 36382198263380, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1165898865828562, - 1153420815042389, - 1068625028915785, - 1945927229911090, - ), - u64x4::new( - 843454394017146, - 571029655293754, - 386282254545998, - 1804608237584150, - ), - u64x4::new( - 370552451091100, - 1279105656351124, - 1864742949668631, - 2093071521726981, - ), - u64x4::new( - 1872542389052198, - 1679083953574330, - 349872262454465, - 1470311090717925, - ), - u64x4::new( - 685345654160323, - 319718985807814, - 1359932285384164, - 1410900103316331, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 2083666668832889, - 314624387816655, - 1496694646480345, - 1946728950459189, - ), - u64x4::new( - 1579153761571203, - 508771185291380, - 1002249659402007, - 551517831173801, - ), - u64x4::new( - 2132371471626150, - 1988122278556533, - 1552195130653890, - 1327637750292755, - ), - u64x4::new( - 118937099181527, - 382610380973142, - 634951529106471, - 382740054041699, - ), - u64x4::new( - 801287519643470, - 87822941589258, - 1908825350108451, - 1404208826499115, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 330347226380261, - 672119116965146, - 1761510370768005, - 1959200302484704, - ), - u64x4::new( - 1631876583009250, - 1684917718484264, - 1027256947805920, - 2174612545251129, - ), - u64x4::new( - 636668855699872, - 625187713984839, - 265886954766790, - 167898557908504, - ), - u64x4::new( - 1210974548180860, - 2051308710365526, - 907620584086428, - 1081788677970850, - ), - u64x4::new( - 621792955460854, - 1450945504745382, - 1666728650687828, - 977937146451674, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 24725936182267, - 2226765032752574, - 2036560083102883, - 2002351185719584, - ), - u64x4::new( - 1620080779405308, - 1493220053370419, - 2245691691038916, - 1152182628629603, - ), - u64x4::new( - 317928527147500, - 1855194218440212, - 979380281964169, - 861442286685289, - ), - u64x4::new( - 393308472784625, - 486143087279967, - 1234071346236405, - 777748237119399, - ), - u64x4::new( - 43850412814718, - 1497656407486446, - 744128331046695, - 1618035787321792, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1670169946550211, - 1230951698726438, - 806586940221293, - 23159779184607, - ), - u64x4::new( - 634011340979302, - 764182085034744, - 731065727766955, - 1737985776442180, - ), - u64x4::new( - 240492712141842, - 73976435954441, - 162810587166835, - 697230894340912, - ), - u64x4::new( - 1299745598348388, - 1359436039694544, - 1856609816731554, - 25228008461513, - ), - u64x4::new( - 2180690501932381, - 2161211192848458, - 87069466793408, - 2003456332883860, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1106932458043379, - 1675181364231371, - 1681785724775243, - 131824742557210, - ), - u64x4::new( - 1671649414647169, - 1827849994880670, - 1097958057111899, - 701956891169434, - ), - u64x4::new( - 2095539283710881, - 591029812888096, - 1699571518315654, - 1297589045812566, - ), - u64x4::new( - 1345612272298537, - 2166754730876055, - 2047982622154948, - 1785222806258129, - ), - u64x4::new( - 2181915268829890, - 1895697064378670, - 1288412327355885, - 1561075738281368, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 741330264098392, - 357073519729966, - 1603572339180975, - 433572083688575, - ), - u64x4::new( - 699685108971208, - 1719650727634959, - 1941668009419214, - 870374958347891, - ), - u64x4::new( - 385971389331537, - 11655507719711, - 94814615497633, - 515572102810609, - ), - u64x4::new( - 1396688200590426, - 1518748475144123, - 162386454324368, - 2083303971579002, - ), - u64x4::new( - 1511688632419263, - 251584258592336, - 545345887993880, - 1229840230314160, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1298668855706029, - 2017860934939344, - 2224150456036391, - 1925926576297971, - ), - u64x4::new( - 259522963883544, - 1312469129541229, - 1647530465049600, - 1113737129047154, - ), - u64x4::new( - 733193298663145, - 2115712816303403, - 897628702762311, - 116440277571901, - ), - u64x4::new( - 1998719395229750, - 1662774553684237, - 194395608126452, - 98796702872301, - ), - u64x4::new( - 2226158244229144, - 91961728239158, - 526869903032152, - 849263805316773, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 472779569333556, - 854477760843410, - 2070906720349401, - 734613359834689, - ), - u64x4::new( - 1771897100487404, - 1604024196006064, - 319699348925383, - 437152129592623, - ), - u64x4::new( - 627618365135361, - 1768642666037955, - 588564169143939, - 35295037750744, - ), - u64x4::new( - 220241884231278, - 319104161410840, - 1048165719448798, - 1583931089774347, - ), - u64x4::new( - 166479451884333, - 1623611819962804, - 59990366193679, - 900727256046987, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 1944687327687331, - 1328410791053991, - 2083980670913902, - 609396833380574, - ), - u64x4::new( - 1907563845734496, - 1385619047697883, - 869817384774457, - 106642388505109, - ), - u64x4::new( - 1006516581737154, - 1561918369633937, - 1921172883211450, - 2216650451558824, - ), - u64x4::new( - 1780506017391778, - 233064930371847, - 1332962603425752, - 1380075261612354, - ), - u64x4::new( - 1907624789747741, - 1310065402098523, - 1838275780706825, - 884225500782782, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 198729830692545, - 100156148743413, - 2140568641558859, - 2220606475942394, - ), - u64x4::new( - 1108788217903741, - 1706330932366163, - 2050449866410661, - 684907598542847, - ), - u64x4::new( - 1101958322366646, - 659427843062405, - 253899933868173, - 896574852821269, - ), - u64x4::new( - 1157052140740658, - 440541103447032, - 2173354981480949, - 604768603561932, - ), - u64x4::new( - 961238337866054, - 830849154351308, - 1643852412409441, - 1436749321770368, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 784870637473285, - 1180234052037572, - 2086951602998715, - 419328169540373, - ), - u64x4::new( - 1966862397394559, - 788036164772123, - 2024355635709481, - 1471696676696146, - ), - u64x4::new( - 1468884300957205, - 1408016588131185, - 2229595828577885, - 240413942963547, - ), - u64x4::new( - 1481791691942441, - 970648959691160, - 1635500996148197, - 2236917233261585, - ), - u64x4::new( - 31660820731028, - 801794768903647, - 1069092619607344, - 282652554845923, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 911659428682786, - 762502588057038, - 1311399152500807, - 1966922911783311, - ), - u64x4::new( - 1229849228728540, - 258161307933217, - 2140796867375541, - 1569345075547911, - ), - u64x4::new( - 1487354676143742, - 1818317546165791, - 811033554173350, - 1768788663337616, - ), - u64x4::new( - 450017165913234, - 962535873747168, - 2099104262993585, - 503030952485785, - ), - u64x4::new( - 1259958681304518, - 479589250923541, - 1503904042161640, - 706283657294305, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 794562643024291, - 198670993088241, - 1678984629358943, - 273399517554618, - ), - u64x4::new( - 188458991574433, - 1389872130156447, - 1461868931574746, - 795140878721432, - ), - u64x4::new( - 624046647169653, - 630363741191019, - 911018499983500, - 1410140563046579, - ), - u64x4::new( - 1675056174405076, - 632544713589250, - 795454163559811, - 1535271563341780, - ), - u64x4::new( - 25504547444781, - 812510098987855, - 51290042016232, - 1992260991700127, - ), - ])), - CachedPoint(F51x4Reduced([ - u64x4::new( - 269968325452358, - 470932785179706, - 1684444304834150, - 1027482126748243, - ), - u64x4::new( - 457941065342419, - 2117377568137882, - 1209423706730905, - 2192403099717071, - ), - u64x4::new( - 1899046404863678, - 1359500336071762, - 1492389156724726, - 1455627081827750, - ), - u64x4::new( - 2016101061876546, - 1967000012916571, - 582539481696050, - 1197538178790094, - ), - u64x4::new( - 639684852217504, - 1799941252757449, - 1470016556327743, - 846111828965901, - ), - ])), -]); diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/edwards.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/edwards.rs deleted file mode 100644 index 5c8d81961156..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/edwards.rs +++ /dev/null @@ -1,315 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2018-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - Henry de Valence - -#![allow(non_snake_case)] - -use traits::Identity; - -use std::ops::{Add, Neg, Sub}; - -use subtle::Choice; -use subtle::ConditionallySelectable; - -use edwards; -use window::{LookupTable, NafLookupTable5, NafLookupTable8}; - -use super::constants; -use super::field::{F51x4Reduced, F51x4Unreduced, Lanes, Shuffle}; - -#[derive(Copy, Clone, Debug)] -pub struct ExtendedPoint(pub(super) F51x4Unreduced); - -#[derive(Copy, Clone, Debug)] -pub struct CachedPoint(pub(super) F51x4Reduced); - -impl From for ExtendedPoint { - fn from(P: edwards::EdwardsPoint) -> ExtendedPoint { - ExtendedPoint(F51x4Unreduced::new(&P.X, &P.Y, &P.Z, &P.T)) - } -} - -impl From for edwards::EdwardsPoint { - fn from(P: ExtendedPoint) -> edwards::EdwardsPoint { - let reduced = F51x4Reduced::from(P.0); - let tmp = F51x4Unreduced::from(reduced).split(); - edwards::EdwardsPoint { - X: tmp[0], - Y: tmp[1], - Z: tmp[2], - T: tmp[3], - } - } -} - -impl From for CachedPoint { - fn from(P: ExtendedPoint) -> CachedPoint { - let mut x = P.0; - - x = x.blend(&x.diff_sum(), Lanes::AB); - x = &F51x4Reduced::from(x) * (121666, 121666, 2 * 121666, 2 * 121665); - x = x.blend(&x.negate_lazy(), Lanes::D); - - CachedPoint(F51x4Reduced::from(x)) - } -} - -impl Default for ExtendedPoint { - fn default() -> ExtendedPoint { - ExtendedPoint::identity() - } -} - -impl Identity for ExtendedPoint { - fn identity() -> ExtendedPoint { - constants::EXTENDEDPOINT_IDENTITY - } -} - -impl ExtendedPoint { - pub fn double(&self) -> ExtendedPoint { - // (Y1 X1 T1 Z1) -- uses vpshufd (1c latency @ 1/c) - let mut tmp0 = self.0.shuffle(Shuffle::BADC); - - // (X1+Y1 X1+Y1 X1+Y1 X1+Y1) -- can use vpinserti128 - let mut tmp1 = (self.0 + tmp0).shuffle(Shuffle::ABAB); - - // (X1 Y1 Z1 X1+Y1) - tmp0 = self.0.blend(&tmp1, Lanes::D); - - tmp1 = F51x4Reduced::from(tmp0).square(); - // Now tmp1 = (S1 S2 S3 S4) - - // We want to compute - // - // + | S1 | S1 | S1 | S1 | - // + | S2 | | | S2 | - // + | | | S3 | | - // + | | | S3 | | - // + | |16p |16p |16p | - // - | | S2 | S2 | | - // - | | | | S4 | - // ======================= - // S5 S6 S8 S9 - - let zero = F51x4Unreduced::zero(); - - let S1_S1_S1_S1 = tmp1.shuffle(Shuffle::AAAA); - let S2_S2_S2_S2 = tmp1.shuffle(Shuffle::BBBB); - - let S2_S2_S2_S4 = S2_S2_S2_S2.blend(&tmp1, Lanes::D).negate_lazy(); - - tmp0 = S1_S1_S1_S1 + zero.blend(&(tmp1 + tmp1), Lanes::C); - tmp0 = tmp0 + zero.blend(&S2_S2_S2_S2, Lanes::AD); - tmp0 = tmp0 + zero.blend(&S2_S2_S2_S4, Lanes::BCD); - - let tmp2 = F51x4Reduced::from(tmp0); - - ExtendedPoint(&tmp2.shuffle(Shuffle::DBBD) * &tmp2.shuffle(Shuffle::CACA)) - } - - pub fn mul_by_pow_2(&self, k: u32) -> ExtendedPoint { - let mut tmp: ExtendedPoint = *self; - for _ in 0..k { - tmp = tmp.double(); - } - tmp - } -} - -impl<'a, 'b> Add<&'b CachedPoint> for &'a ExtendedPoint { - type Output = ExtendedPoint; - - /// Add an `ExtendedPoint` and a `CachedPoint`. - fn add(self, other: &'b CachedPoint) -> ExtendedPoint { - let mut tmp = self.0; - - tmp = tmp.blend(&tmp.diff_sum(), Lanes::AB); - // tmp = (Y1-X1 Y1+X1 Z1 T1) = (S0 S1 Z1 T1) - - tmp = &F51x4Reduced::from(tmp) * &other.0; - // tmp = (S0*S2' S1*S3' Z1*Z2' T1*T2') = (S8 S9 S10 S11) - - tmp = tmp.shuffle(Shuffle::ABDC); - // tmp = (S8 S9 S11 S10) - - let tmp = F51x4Reduced::from(tmp.diff_sum()); - // tmp = (S9-S8 S9+S8 S10-S11 S10+S11) = (S12 S13 S14 S15) - - let t0 = tmp.shuffle(Shuffle::ADDA); - // t0 = (S12 S15 S15 S12) - let t1 = tmp.shuffle(Shuffle::CBCB); - // t1 = (S14 S13 S14 S13) - - // Return (S12*S14 S15*S13 S15*S14 S12*S13) = (X3 Y3 Z3 T3) - ExtendedPoint(&t0 * &t1) - } -} - -impl Default for CachedPoint { - fn default() -> CachedPoint { - CachedPoint::identity() - } -} - -impl Identity for CachedPoint { - fn identity() -> CachedPoint { - constants::CACHEDPOINT_IDENTITY - } -} - -impl ConditionallySelectable for CachedPoint { - fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { - CachedPoint(F51x4Reduced::conditional_select(&a.0, &b.0, choice)) - } - - fn conditional_assign(&mut self, other: &Self, choice: Choice) { - self.0.conditional_assign(&other.0, choice); - } -} - -impl<'a> Neg for &'a CachedPoint { - type Output = CachedPoint; - - fn neg(self) -> CachedPoint { - let swapped = self.0.shuffle(Shuffle::BACD); - CachedPoint(swapped.blend(&(-self.0), Lanes::D)) - } -} - -impl<'a, 'b> Sub<&'b CachedPoint> for &'a ExtendedPoint { - type Output = ExtendedPoint; - - /// Implement subtraction by negating the point and adding. - fn sub(self, other: &'b CachedPoint) -> ExtendedPoint { - self + &(-other) - } -} - -impl<'a> From<&'a edwards::EdwardsPoint> for LookupTable { - fn from(point: &'a edwards::EdwardsPoint) -> Self { - let P = ExtendedPoint::from(*point); - let mut points = [CachedPoint::from(P); 8]; - for i in 0..7 { - points[i + 1] = (&P + &points[i]).into(); - } - LookupTable(points) - } -} - -impl<'a> From<&'a edwards::EdwardsPoint> for NafLookupTable5 { - fn from(point: &'a edwards::EdwardsPoint) -> Self { - let A = ExtendedPoint::from(*point); - let mut Ai = [CachedPoint::from(A); 8]; - let A2 = A.double(); - for i in 0..7 { - Ai[i + 1] = (&A2 + &Ai[i]).into(); - } - // Now Ai = [A, 3A, 5A, 7A, 9A, 11A, 13A, 15A] - NafLookupTable5(Ai) - } -} - -impl<'a> From<&'a edwards::EdwardsPoint> for NafLookupTable8 { - fn from(point: &'a edwards::EdwardsPoint) -> Self { - let A = ExtendedPoint::from(*point); - let mut Ai = [CachedPoint::from(A); 64]; - let A2 = A.double(); - for i in 0..63 { - Ai[i + 1] = (&A2 + &Ai[i]).into(); - } - // Now Ai = [A, 3A, 5A, 7A, 9A, 11A, 13A, 15A, ..., 127A] - NafLookupTable8(Ai) - } -} - -#[cfg(test)] -mod test { - use super::*; - - fn addition_test_helper(P: edwards::EdwardsPoint, Q: edwards::EdwardsPoint) { - // Test the serial implementation of the parallel addition formulas - //let R_serial: edwards::EdwardsPoint = serial_add(P.into(), Q.into()).into(); - - // Test the vector implementation of the parallel readdition formulas - let cached_Q = CachedPoint::from(ExtendedPoint::from(Q)); - let R_vector: edwards::EdwardsPoint = (&ExtendedPoint::from(P) + &cached_Q).into(); - let S_vector: edwards::EdwardsPoint = (&ExtendedPoint::from(P) - &cached_Q).into(); - - println!("Testing point addition:"); - println!("P = {:?}", P); - println!("Q = {:?}", Q); - println!("cached Q = {:?}", cached_Q); - println!("R = P + Q = {:?}", &P + &Q); - //println!("R_serial = {:?}", R_serial); - println!("R_vector = {:?}", R_vector); - println!("S = P - Q = {:?}", &P - &Q); - println!("S_vector = {:?}", S_vector); - //assert_eq!(R_serial.compress(), (&P + &Q).compress()); - assert_eq!(R_vector.compress(), (&P + &Q).compress()); - assert_eq!(S_vector.compress(), (&P - &Q).compress()); - println!("OK!\n"); - } - - #[test] - fn vector_addition_vs_serial_addition_vs_edwards_extendedpoint() { - use constants; - use scalar::Scalar; - - println!("Testing id +- id"); - let P = edwards::EdwardsPoint::identity(); - let Q = edwards::EdwardsPoint::identity(); - addition_test_helper(P, Q); - - println!("Testing id +- B"); - let P = edwards::EdwardsPoint::identity(); - let Q = constants::ED25519_BASEPOINT_POINT; - addition_test_helper(P, Q); - - println!("Testing B +- B"); - let P = constants::ED25519_BASEPOINT_POINT; - let Q = constants::ED25519_BASEPOINT_POINT; - addition_test_helper(P, Q); - - println!("Testing B +- kB"); - let P = constants::ED25519_BASEPOINT_POINT; - let Q = &constants::ED25519_BASEPOINT_TABLE * &Scalar::from(8475983829u64); - addition_test_helper(P, Q); - } - - fn doubling_test_helper(P: edwards::EdwardsPoint) { - //let R1: edwards::EdwardsPoint = serial_double(P.into()).into(); - let R2: edwards::EdwardsPoint = ExtendedPoint::from(P).double().into(); - println!("Testing point doubling:"); - println!("P = {:?}", P); - //println!("(serial) R1 = {:?}", R1); - println!("(vector) R2 = {:?}", R2); - println!("P + P = {:?}", &P + &P); - //assert_eq!(R1.compress(), (&P + &P).compress()); - assert_eq!(R2.compress(), (&P + &P).compress()); - println!("OK!\n"); - } - - #[test] - fn vector_doubling_vs_serial_doubling_vs_edwards_extendedpoint() { - use constants; - use scalar::Scalar; - - println!("Testing [2]id"); - let P = edwards::EdwardsPoint::identity(); - doubling_test_helper(P); - - println!("Testing [2]B"); - let P = constants::ED25519_BASEPOINT_POINT; - doubling_test_helper(P); - - println!("Testing [2]([k]B)"); - let P = &constants::ED25519_BASEPOINT_TABLE * &Scalar::from(8475983829u64); - doubling_test_helper(P); - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/field.rs deleted file mode 100644 index a393b22fd085..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/field.rs +++ /dev/null @@ -1,826 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -#![allow(non_snake_case)] - -use core::ops::{Add, Mul, Neg}; -use packed_simd::{u64x4, IntoBits}; - -use backend::serial::u64::field::FieldElement51; - -/// A wrapper around `vpmadd52luq` that works on `u64x4`. -#[inline(always)] -unsafe fn madd52lo(z: u64x4, x: u64x4, y: u64x4) -> u64x4 { - use core::arch::x86_64::_mm256_madd52lo_epu64; - _mm256_madd52lo_epu64(z.into_bits(), x.into_bits(), y.into_bits()).into_bits() -} - -/// A wrapper around `vpmadd52huq` that works on `u64x4`. -#[inline(always)] -unsafe fn madd52hi(z: u64x4, x: u64x4, y: u64x4) -> u64x4 { - use core::arch::x86_64::_mm256_madd52hi_epu64; - _mm256_madd52hi_epu64(z.into_bits(), x.into_bits(), y.into_bits()).into_bits() -} - -/// A vector of four field elements in radix 2^51, with unreduced coefficients. -#[derive(Copy, Clone, Debug)] -pub struct F51x4Unreduced(pub(crate) [u64x4; 5]); - -/// A vector of four field elements in radix 2^51, with reduced coefficients. -#[derive(Copy, Clone, Debug)] -pub struct F51x4Reduced(pub(crate) [u64x4; 5]); - -#[derive(Copy, Clone)] -pub enum Shuffle { - AAAA, - BBBB, - BADC, - BACD, - ADDA, - CBCB, - ABDC, - ABAB, - DBBD, - CACA, -} - -#[inline(always)] -fn shuffle_lanes(x: u64x4, control: Shuffle) -> u64x4 { - unsafe { - use core::arch::x86_64::_mm256_permute4x64_epi64 as perm; - - match control { - Shuffle::AAAA => perm(x.into_bits(), 0b00_00_00_00).into_bits(), - Shuffle::BBBB => perm(x.into_bits(), 0b01_01_01_01).into_bits(), - Shuffle::BADC => perm(x.into_bits(), 0b10_11_00_01).into_bits(), - Shuffle::BACD => perm(x.into_bits(), 0b11_10_00_01).into_bits(), - Shuffle::ADDA => perm(x.into_bits(), 0b00_11_11_00).into_bits(), - Shuffle::CBCB => perm(x.into_bits(), 0b01_10_01_10).into_bits(), - Shuffle::ABDC => perm(x.into_bits(), 0b10_11_01_00).into_bits(), - Shuffle::ABAB => perm(x.into_bits(), 0b01_00_01_00).into_bits(), - Shuffle::DBBD => perm(x.into_bits(), 0b11_01_01_11).into_bits(), - Shuffle::CACA => perm(x.into_bits(), 0b00_10_00_10).into_bits(), - } - } -} - -#[derive(Copy, Clone)] -pub enum Lanes { - D, - C, - AB, - AC, - AD, - BCD, -} - -#[inline] -fn blend_lanes(x: u64x4, y: u64x4, control: Lanes) -> u64x4 { - unsafe { - use core::arch::x86_64::_mm256_blend_epi32 as blend; - - match control { - Lanes::D => blend(x.into_bits(), y.into_bits(), 0b11_00_00_00).into_bits(), - Lanes::C => blend(x.into_bits(), y.into_bits(), 0b00_11_00_00).into_bits(), - Lanes::AB => blend(x.into_bits(), y.into_bits(), 0b00_00_11_11).into_bits(), - Lanes::AC => blend(x.into_bits(), y.into_bits(), 0b00_11_00_11).into_bits(), - Lanes::AD => blend(x.into_bits(), y.into_bits(), 0b11_00_00_11).into_bits(), - Lanes::BCD => blend(x.into_bits(), y.into_bits(), 0b11_11_11_00).into_bits(), - } - } -} - -impl F51x4Unreduced { - pub fn zero() -> F51x4Unreduced { - F51x4Unreduced([u64x4::splat(0); 5]) - } - - pub fn new( - x0: &FieldElement51, - x1: &FieldElement51, - x2: &FieldElement51, - x3: &FieldElement51, - ) -> F51x4Unreduced { - F51x4Unreduced([ - u64x4::new(x0.0[0], x1.0[0], x2.0[0], x3.0[0]), - u64x4::new(x0.0[1], x1.0[1], x2.0[1], x3.0[1]), - u64x4::new(x0.0[2], x1.0[2], x2.0[2], x3.0[2]), - u64x4::new(x0.0[3], x1.0[3], x2.0[3], x3.0[3]), - u64x4::new(x0.0[4], x1.0[4], x2.0[4], x3.0[4]), - ]) - } - - pub fn split(&self) -> [FieldElement51; 4] { - let x = &self.0; - [ - FieldElement51([ - x[0].extract(0), - x[1].extract(0), - x[2].extract(0), - x[3].extract(0), - x[4].extract(0), - ]), - FieldElement51([ - x[0].extract(1), - x[1].extract(1), - x[2].extract(1), - x[3].extract(1), - x[4].extract(1), - ]), - FieldElement51([ - x[0].extract(2), - x[1].extract(2), - x[2].extract(2), - x[3].extract(2), - x[4].extract(2), - ]), - FieldElement51([ - x[0].extract(3), - x[1].extract(3), - x[2].extract(3), - x[3].extract(3), - x[4].extract(3), - ]), - ] - } - - #[inline] - pub fn diff_sum(&self) -> F51x4Unreduced { - // tmp1 = (B, A, D, C) - let tmp1 = self.shuffle(Shuffle::BADC); - // tmp2 = (-A, B, -C, D) - let tmp2 = self.blend(&self.negate_lazy(), Lanes::AC); - // (B - A, B + A, D - C, D + C) - tmp1 + tmp2 - } - - #[inline] - pub fn negate_lazy(&self) -> F51x4Unreduced { - let lo = u64x4::splat(36028797018963664u64); - let hi = u64x4::splat(36028797018963952u64); - F51x4Unreduced([ - lo - self.0[0], - hi - self.0[1], - hi - self.0[2], - hi - self.0[3], - hi - self.0[4], - ]) - } - - #[inline] - pub fn shuffle(&self, control: Shuffle) -> F51x4Unreduced { - F51x4Unreduced([ - shuffle_lanes(self.0[0], control), - shuffle_lanes(self.0[1], control), - shuffle_lanes(self.0[2], control), - shuffle_lanes(self.0[3], control), - shuffle_lanes(self.0[4], control), - ]) - } - - #[inline] - pub fn blend(&self, other: &F51x4Unreduced, control: Lanes) -> F51x4Unreduced { - F51x4Unreduced([ - blend_lanes(self.0[0], other.0[0], control), - blend_lanes(self.0[1], other.0[1], control), - blend_lanes(self.0[2], other.0[2], control), - blend_lanes(self.0[3], other.0[3], control), - blend_lanes(self.0[4], other.0[4], control), - ]) - } -} - -impl Neg for F51x4Reduced { - type Output = F51x4Reduced; - - fn neg(self) -> F51x4Reduced { - F51x4Unreduced::from(self).negate_lazy().into() - } -} - -use subtle::Choice; -use subtle::ConditionallySelectable; - -impl ConditionallySelectable for F51x4Reduced { - #[inline] - fn conditional_select(a: &F51x4Reduced, b: &F51x4Reduced, choice: Choice) -> F51x4Reduced { - let mask = (-(choice.unwrap_u8() as i64)) as u64; - let mask_vec = u64x4::splat(mask); - F51x4Reduced([ - a.0[0] ^ (mask_vec & (a.0[0] ^ b.0[0])), - a.0[1] ^ (mask_vec & (a.0[1] ^ b.0[1])), - a.0[2] ^ (mask_vec & (a.0[2] ^ b.0[2])), - a.0[3] ^ (mask_vec & (a.0[3] ^ b.0[3])), - a.0[4] ^ (mask_vec & (a.0[4] ^ b.0[4])), - ]) - } - - #[inline] - fn conditional_assign(&mut self, other: &F51x4Reduced, choice: Choice) { - let mask = (-(choice.unwrap_u8() as i64)) as u64; - let mask_vec = u64x4::splat(mask); - self.0[0] ^= mask_vec & (self.0[0] ^ other.0[0]); - self.0[1] ^= mask_vec & (self.0[1] ^ other.0[1]); - self.0[2] ^= mask_vec & (self.0[2] ^ other.0[2]); - self.0[3] ^= mask_vec & (self.0[3] ^ other.0[3]); - self.0[4] ^= mask_vec & (self.0[4] ^ other.0[4]); - } -} - -impl F51x4Reduced { - #[inline] - pub fn shuffle(&self, control: Shuffle) -> F51x4Reduced { - F51x4Reduced([ - shuffle_lanes(self.0[0], control), - shuffle_lanes(self.0[1], control), - shuffle_lanes(self.0[2], control), - shuffle_lanes(self.0[3], control), - shuffle_lanes(self.0[4], control), - ]) - } - - #[inline] - pub fn blend(&self, other: &F51x4Reduced, control: Lanes) -> F51x4Reduced { - F51x4Reduced([ - blend_lanes(self.0[0], other.0[0], control), - blend_lanes(self.0[1], other.0[1], control), - blend_lanes(self.0[2], other.0[2], control), - blend_lanes(self.0[3], other.0[3], control), - blend_lanes(self.0[4], other.0[4], control), - ]) - } - - #[inline] - pub fn square(&self) -> F51x4Unreduced { - unsafe { - let x = &self.0; - - // Represent values with coeff. 2 - let mut z0_2 = u64x4::splat(0); - let mut z1_2 = u64x4::splat(0); - let mut z2_2 = u64x4::splat(0); - let mut z3_2 = u64x4::splat(0); - let mut z4_2 = u64x4::splat(0); - let mut z5_2 = u64x4::splat(0); - let mut z6_2 = u64x4::splat(0); - let mut z7_2 = u64x4::splat(0); - let mut z9_2 = u64x4::splat(0); - - // Represent values with coeff. 4 - let mut z2_4 = u64x4::splat(0); - let mut z3_4 = u64x4::splat(0); - let mut z4_4 = u64x4::splat(0); - let mut z5_4 = u64x4::splat(0); - let mut z6_4 = u64x4::splat(0); - let mut z7_4 = u64x4::splat(0); - let mut z8_4 = u64x4::splat(0); - - let mut z0_1 = u64x4::splat(0); - z0_1 = madd52lo(z0_1, x[0], x[0]); - - let mut z1_1 = u64x4::splat(0); - z1_2 = madd52lo(z1_2, x[0], x[1]); - z1_2 = madd52hi(z1_2, x[0], x[0]); - - z2_4 = madd52hi(z2_4, x[0], x[1]); - let mut z2_1 = z2_4 << 2; - z2_2 = madd52lo(z2_2, x[0], x[2]); - z2_1 = madd52lo(z2_1, x[1], x[1]); - - z3_4 = madd52hi(z3_4, x[0], x[2]); - let mut z3_1 = z3_4 << 2; - z3_2 = madd52lo(z3_2, x[1], x[2]); - z3_2 = madd52lo(z3_2, x[0], x[3]); - z3_2 = madd52hi(z3_2, x[1], x[1]); - - z4_4 = madd52hi(z4_4, x[1], x[2]); - z4_4 = madd52hi(z4_4, x[0], x[3]); - let mut z4_1 = z4_4 << 2; - z4_2 = madd52lo(z4_2, x[1], x[3]); - z4_2 = madd52lo(z4_2, x[0], x[4]); - z4_1 = madd52lo(z4_1, x[2], x[2]); - - z5_4 = madd52hi(z5_4, x[1], x[3]); - z5_4 = madd52hi(z5_4, x[0], x[4]); - let mut z5_1 = z5_4 << 2; - z5_2 = madd52lo(z5_2, x[2], x[3]); - z5_2 = madd52lo(z5_2, x[1], x[4]); - z5_2 = madd52hi(z5_2, x[2], x[2]); - - z6_4 = madd52hi(z6_4, x[2], x[3]); - z6_4 = madd52hi(z6_4, x[1], x[4]); - let mut z6_1 = z6_4 << 2; - z6_2 = madd52lo(z6_2, x[2], x[4]); - z6_1 = madd52lo(z6_1, x[3], x[3]); - - z7_4 = madd52hi(z7_4, x[2], x[4]); - let mut z7_1 = z7_4 << 2; - z7_2 = madd52lo(z7_2, x[3], x[4]); - z7_2 = madd52hi(z7_2, x[3], x[3]); - - z8_4 = madd52hi(z8_4, x[3], x[4]); - let mut z8_1 = z8_4 << 2; - z8_1 = madd52lo(z8_1, x[4], x[4]); - - let mut z9_1 = u64x4::splat(0); - z9_2 = madd52hi(z9_2, x[4], x[4]); - - z5_1 += z5_2 << 1; - z6_1 += z6_2 << 1; - z7_1 += z7_2 << 1; - z9_1 += z9_2 << 1; - - let mut t0 = u64x4::splat(0); - let mut t1 = u64x4::splat(0); - let r19 = u64x4::splat(19); - - t0 = madd52hi(t0, r19, z9_1); - t1 = madd52lo(t1, r19, z9_1 >> 52); - - z4_2 = madd52lo(z4_2, r19, z8_1 >> 52); - z3_2 = madd52lo(z3_2, r19, z7_1 >> 52); - z2_2 = madd52lo(z2_2, r19, z6_1 >> 52); - z1_2 = madd52lo(z1_2, r19, z5_1 >> 52); - - z0_2 = madd52lo(z0_2, r19, t0 + t1); - z1_2 = madd52hi(z1_2, r19, z5_1); - z2_2 = madd52hi(z2_2, r19, z6_1); - z3_2 = madd52hi(z3_2, r19, z7_1); - z4_2 = madd52hi(z4_2, r19, z8_1); - - z0_1 = madd52lo(z0_1, r19, z5_1); - z1_1 = madd52lo(z1_1, r19, z6_1); - z2_1 = madd52lo(z2_1, r19, z7_1); - z3_1 = madd52lo(z3_1, r19, z8_1); - z4_1 = madd52lo(z4_1, r19, z9_1); - - F51x4Unreduced([ - z0_1 + z0_2 + z0_2, - z1_1 + z1_2 + z1_2, - z2_1 + z2_2 + z2_2, - z3_1 + z3_2 + z3_2, - z4_1 + z4_2 + z4_2, - ]) - } - } -} - -impl From for F51x4Unreduced { - #[inline] - fn from(x: F51x4Reduced) -> F51x4Unreduced { - F51x4Unreduced(x.0) - } -} - -impl From for F51x4Reduced { - #[inline] - fn from(x: F51x4Unreduced) -> F51x4Reduced { - let mask = u64x4::splat((1 << 51) - 1); - let r19 = u64x4::splat(19); - - // Compute carryouts in parallel - let c0 = x.0[0] >> 51; - let c1 = x.0[1] >> 51; - let c2 = x.0[2] >> 51; - let c3 = x.0[3] >> 51; - let c4 = x.0[4] >> 51; - - unsafe { - F51x4Reduced([ - madd52lo(x.0[0] & mask, c4, r19), - (x.0[1] & mask) + c0, - (x.0[2] & mask) + c1, - (x.0[3] & mask) + c2, - (x.0[4] & mask) + c3, - ]) - } - } -} - -impl Add for F51x4Unreduced { - type Output = F51x4Unreduced; - #[inline] - fn add(self, rhs: F51x4Unreduced) -> F51x4Unreduced { - F51x4Unreduced([ - self.0[0] + rhs.0[0], - self.0[1] + rhs.0[1], - self.0[2] + rhs.0[2], - self.0[3] + rhs.0[3], - self.0[4] + rhs.0[4], - ]) - } -} - -impl<'a> Mul<(u32, u32, u32, u32)> for &'a F51x4Reduced { - type Output = F51x4Unreduced; - #[inline] - fn mul(self, scalars: (u32, u32, u32, u32)) -> F51x4Unreduced { - unsafe { - let x = &self.0; - let y = u64x4::new( - scalars.0 as u64, - scalars.1 as u64, - scalars.2 as u64, - scalars.3 as u64, - ); - let r19 = u64x4::splat(19); - - let mut z0_1 = u64x4::splat(0); - let mut z1_1 = u64x4::splat(0); - let mut z2_1 = u64x4::splat(0); - let mut z3_1 = u64x4::splat(0); - let mut z4_1 = u64x4::splat(0); - let mut z1_2 = u64x4::splat(0); - let mut z2_2 = u64x4::splat(0); - let mut z3_2 = u64x4::splat(0); - let mut z4_2 = u64x4::splat(0); - let mut z5_2 = u64x4::splat(0); - - // Wave 0 - z4_2 = madd52hi(z4_2, y, x[3]); - z5_2 = madd52hi(z5_2, y, x[4]); - z4_1 = madd52lo(z4_1, y, x[4]); - z0_1 = madd52lo(z0_1, y, x[0]); - z3_1 = madd52lo(z3_1, y, x[3]); - z2_1 = madd52lo(z2_1, y, x[2]); - z1_1 = madd52lo(z1_1, y, x[1]); - z3_2 = madd52hi(z3_2, y, x[2]); - - // Wave 2 - z2_2 = madd52hi(z2_2, y, x[1]); - z1_2 = madd52hi(z1_2, y, x[0]); - z0_1 = madd52lo(z0_1, z5_2 + z5_2, r19); - - F51x4Unreduced([ - z0_1, - z1_1 + z1_2 + z1_2, - z2_1 + z2_2 + z2_2, - z3_1 + z3_2 + z3_2, - z4_1 + z4_2 + z4_2, - ]) - } - } -} - -impl<'a, 'b> Mul<&'b F51x4Reduced> for &'a F51x4Reduced { - type Output = F51x4Unreduced; - #[inline] - fn mul(self, rhs: &'b F51x4Reduced) -> F51x4Unreduced { - unsafe { - // Inputs - let x = &self.0; - let y = &rhs.0; - - // Accumulators for terms with coeff 1 - let mut z0_1 = u64x4::splat(0); - let mut z1_1 = u64x4::splat(0); - let mut z2_1 = u64x4::splat(0); - let mut z3_1 = u64x4::splat(0); - let mut z4_1 = u64x4::splat(0); - let mut z5_1 = u64x4::splat(0); - let mut z6_1 = u64x4::splat(0); - let mut z7_1 = u64x4::splat(0); - let mut z8_1 = u64x4::splat(0); - - // Accumulators for terms with coeff 2 - let mut z0_2 = u64x4::splat(0); - let mut z1_2 = u64x4::splat(0); - let mut z2_2 = u64x4::splat(0); - let mut z3_2 = u64x4::splat(0); - let mut z4_2 = u64x4::splat(0); - let mut z5_2 = u64x4::splat(0); - let mut z6_2 = u64x4::splat(0); - let mut z7_2 = u64x4::splat(0); - let mut z8_2 = u64x4::splat(0); - let mut z9_2 = u64x4::splat(0); - - // LLVM doesn't seem to do much work reordering IFMA - // instructions, so try to organize them into "waves" of 8 - // independent operations (4c latency, 0.5 c throughput - // means 8 in flight) - - // Wave 0 - z4_1 = madd52lo(z4_1, x[2], y[2]); - z5_2 = madd52hi(z5_2, x[2], y[2]); - z5_1 = madd52lo(z5_1, x[4], y[1]); - z6_2 = madd52hi(z6_2, x[4], y[1]); - z6_1 = madd52lo(z6_1, x[4], y[2]); - z7_2 = madd52hi(z7_2, x[4], y[2]); - z7_1 = madd52lo(z7_1, x[4], y[3]); - z8_2 = madd52hi(z8_2, x[4], y[3]); - - // Wave 1 - z4_1 = madd52lo(z4_1, x[3], y[1]); - z5_2 = madd52hi(z5_2, x[3], y[1]); - z5_1 = madd52lo(z5_1, x[3], y[2]); - z6_2 = madd52hi(z6_2, x[3], y[2]); - z6_1 = madd52lo(z6_1, x[3], y[3]); - z7_2 = madd52hi(z7_2, x[3], y[3]); - z7_1 = madd52lo(z7_1, x[3], y[4]); - z8_2 = madd52hi(z8_2, x[3], y[4]); - - // Wave 2 - z8_1 = madd52lo(z8_1, x[4], y[4]); - z9_2 = madd52hi(z9_2, x[4], y[4]); - z4_1 = madd52lo(z4_1, x[4], y[0]); - z5_2 = madd52hi(z5_2, x[4], y[0]); - z5_1 = madd52lo(z5_1, x[2], y[3]); - z6_2 = madd52hi(z6_2, x[2], y[3]); - z6_1 = madd52lo(z6_1, x[2], y[4]); - z7_2 = madd52hi(z7_2, x[2], y[4]); - - let z8 = z8_1 + z8_2 + z8_2; - let z9 = z9_2 + z9_2; - - // Wave 3 - z3_1 = madd52lo(z3_1, x[3], y[0]); - z4_2 = madd52hi(z4_2, x[3], y[0]); - z4_1 = madd52lo(z4_1, x[1], y[3]); - z5_2 = madd52hi(z5_2, x[1], y[3]); - z5_1 = madd52lo(z5_1, x[1], y[4]); - z6_2 = madd52hi(z6_2, x[1], y[4]); - z2_1 = madd52lo(z2_1, x[2], y[0]); - z3_2 = madd52hi(z3_2, x[2], y[0]); - - let z6 = z6_1 + z6_2 + z6_2; - let z7 = z7_1 + z7_2 + z7_2; - - // Wave 4 - z3_1 = madd52lo(z3_1, x[2], y[1]); - z4_2 = madd52hi(z4_2, x[2], y[1]); - z4_1 = madd52lo(z4_1, x[0], y[4]); - z5_2 = madd52hi(z5_2, x[0], y[4]); - z1_1 = madd52lo(z1_1, x[1], y[0]); - z2_2 = madd52hi(z2_2, x[1], y[0]); - z2_1 = madd52lo(z2_1, x[1], y[1]); - z3_2 = madd52hi(z3_2, x[1], y[1]); - - let z5 = z5_1 + z5_2 + z5_2; - - // Wave 5 - z3_1 = madd52lo(z3_1, x[1], y[2]); - z4_2 = madd52hi(z4_2, x[1], y[2]); - z0_1 = madd52lo(z0_1, x[0], y[0]); - z1_2 = madd52hi(z1_2, x[0], y[0]); - z1_1 = madd52lo(z1_1, x[0], y[1]); - z2_1 = madd52lo(z2_1, x[0], y[2]); - z2_2 = madd52hi(z2_2, x[0], y[1]); - z3_2 = madd52hi(z3_2, x[0], y[2]); - - let mut t0 = u64x4::splat(0); - let mut t1 = u64x4::splat(0); - let r19 = u64x4::splat(19); - - // Wave 6 - t0 = madd52hi(t0, r19, z9); - t1 = madd52lo(t1, r19, z9 >> 52); - z3_1 = madd52lo(z3_1, x[0], y[3]); - z4_2 = madd52hi(z4_2, x[0], y[3]); - z1_2 = madd52lo(z1_2, r19, z5 >> 52); - z2_2 = madd52lo(z2_2, r19, z6 >> 52); - z3_2 = madd52lo(z3_2, r19, z7 >> 52); - z0_1 = madd52lo(z0_1, r19, z5); - - // Wave 7 - z4_1 = madd52lo(z4_1, r19, z9); - z1_1 = madd52lo(z1_1, r19, z6); - z0_2 = madd52lo(z0_2, r19, t0 + t1); - z4_2 = madd52hi(z4_2, r19, z8); - z2_1 = madd52lo(z2_1, r19, z7); - z1_2 = madd52hi(z1_2, r19, z5); - z2_2 = madd52hi(z2_2, r19, z6); - z3_2 = madd52hi(z3_2, r19, z7); - - // Wave 8 - z3_1 = madd52lo(z3_1, r19, z8); - z4_2 = madd52lo(z4_2, r19, z8 >> 52); - - F51x4Unreduced([ - z0_1 + z0_2 + z0_2, - z1_1 + z1_2 + z1_2, - z2_1 + z2_2 + z2_2, - z3_1 + z3_2 + z3_2, - z4_1 + z4_2 + z4_2, - ]) - } - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn vpmadd52luq() { - let x = u64x4::splat(2); - let y = u64x4::splat(3); - let mut z = u64x4::splat(5); - - z = unsafe { madd52lo(z, x, y) }; - - assert_eq!(z, u64x4::splat(5 + 2 * 3)); - } - - #[test] - fn new_split_round_trip_on_reduced_input() { - // Invert a small field element to get a big one - let a = FieldElement51([2438, 24, 243, 0, 0]).invert(); - - let ax4 = F51x4Unreduced::new(&a, &a, &a, &a); - let splits = ax4.split(); - - for i in 0..4 { - assert_eq!(a, splits[i]); - } - } - - #[test] - fn new_split_round_trip_on_unreduced_input() { - // Invert a small field element to get a big one - let a = FieldElement51([2438, 24, 243, 0, 0]).invert(); - // ... but now multiply it by 16 without reducing coeffs - let a16 = FieldElement51([ - a.0[0] << 4, - a.0[1] << 4, - a.0[2] << 4, - a.0[3] << 4, - a.0[4] << 4, - ]); - - let a16x4 = F51x4Unreduced::new(&a16, &a16, &a16, &a16); - let splits = a16x4.split(); - - for i in 0..4 { - assert_eq!(a16, splits[i]); - } - } - - #[test] - fn test_reduction() { - // Invert a small field element to get a big one - let a = FieldElement51([2438, 24, 243, 0, 0]).invert(); - // ... but now multiply it by 128 without reducing coeffs - let abig = FieldElement51([ - a.0[0] << 4, - a.0[1] << 4, - a.0[2] << 4, - a.0[3] << 4, - a.0[4] << 4, - ]); - - let abigx4: F51x4Reduced = F51x4Unreduced::new(&abig, &abig, &abig, &abig).into(); - - let splits = F51x4Unreduced::from(abigx4).split(); - let c = &a * &FieldElement51([(1 << 4), 0, 0, 0, 0]); - - for i in 0..4 { - assert_eq!(c, splits[i]); - } - } - - #[test] - fn mul_matches_serial() { - // Invert a small field element to get a big one - let a = FieldElement51([2438, 24, 243, 0, 0]).invert(); - let b = FieldElement51([98098, 87987897, 0, 1, 0]).invert(); - let c = &a * &b; - - let ax4: F51x4Reduced = F51x4Unreduced::new(&a, &a, &a, &a).into(); - let bx4: F51x4Reduced = F51x4Unreduced::new(&b, &b, &b, &b).into(); - let cx4 = &ax4 * &bx4; - - let splits = cx4.split(); - - for i in 0..4 { - assert_eq!(c, splits[i]); - } - } - - #[test] - fn iterated_mul_matches_serial() { - // Invert a small field element to get a big one - let a = FieldElement51([2438, 24, 243, 0, 0]).invert(); - let b = FieldElement51([98098, 87987897, 0, 1, 0]).invert(); - let mut c = &a * &b; - for _i in 0..1024 { - c = &a * &c; - c = &b * &c; - } - - let ax4: F51x4Reduced = F51x4Unreduced::new(&a, &a, &a, &a).into(); - let bx4: F51x4Reduced = F51x4Unreduced::new(&b, &b, &b, &b).into(); - let mut cx4 = &ax4 * &bx4; - for _i in 0..1024 { - cx4 = &ax4 * &F51x4Reduced::from(cx4); - cx4 = &bx4 * &F51x4Reduced::from(cx4); - } - - let splits = cx4.split(); - - for i in 0..4 { - assert_eq!(c, splits[i]); - } - } - - #[test] - fn square_matches_mul() { - // Invert a small field element to get a big one - let a = FieldElement51([2438, 24, 243, 0, 0]).invert(); - - let ax4: F51x4Reduced = F51x4Unreduced::new(&a, &a, &a, &a).into(); - let cx4 = &ax4 * &ax4; - let cx4_sq = ax4.square(); - - let splits = cx4.split(); - let splits_sq = cx4_sq.split(); - - for i in 0..4 { - assert_eq!(splits_sq[i], splits[i]); - } - } - - #[test] - fn iterated_square_matches_serial() { - // Invert a small field element to get a big one - let mut a = FieldElement51([2438, 24, 243, 0, 0]).invert(); - let mut ax4 = F51x4Unreduced::new(&a, &a, &a, &a); - for _j in 0..1024 { - a = a.square(); - ax4 = F51x4Reduced::from(ax4).square(); - - let splits = ax4.split(); - for i in 0..4 { - assert_eq!(a, splits[i]); - } - } - } - - #[test] - fn iterated_u32_mul_matches_serial() { - // Invert a small field element to get a big one - let a = FieldElement51([2438, 24, 243, 0, 0]).invert(); - let b = FieldElement51([121665, 0, 0, 0, 0]); - let mut c = &a * &b; - for _i in 0..1024 { - c = &b * &c; - } - - let ax4 = F51x4Unreduced::new(&a, &a, &a, &a); - let bx4 = (121665u32, 121665u32, 121665u32, 121665u32); - let mut cx4 = &F51x4Reduced::from(ax4) * bx4; - for _i in 0..1024 { - cx4 = &F51x4Reduced::from(cx4) * bx4; - } - - let splits = cx4.split(); - - for i in 0..4 { - assert_eq!(c, splits[i]); - } - } - - #[test] - fn shuffle_AAAA() { - let x0 = FieldElement51::from_bytes(&[0x10; 32]); - let x1 = FieldElement51::from_bytes(&[0x11; 32]); - let x2 = FieldElement51::from_bytes(&[0x12; 32]); - let x3 = FieldElement51::from_bytes(&[0x13; 32]); - - let x = F51x4Unreduced::new(&x0, &x1, &x2, &x3); - - let y = x.shuffle(Shuffle::AAAA); - let splits = y.split(); - - assert_eq!(splits[0], x0); - assert_eq!(splits[1], x0); - assert_eq!(splits[2], x0); - assert_eq!(splits[3], x0); - } - - #[test] - fn blend_AB() { - let x0 = FieldElement51::from_bytes(&[0x10; 32]); - let x1 = FieldElement51::from_bytes(&[0x11; 32]); - let x2 = FieldElement51::from_bytes(&[0x12; 32]); - let x3 = FieldElement51::from_bytes(&[0x13; 32]); - - let x = F51x4Unreduced::new(&x0, &x1, &x2, &x3); - let z = F51x4Unreduced::new(&x3, &x2, &x1, &x0); - - let y = x.blend(&z, Lanes::AB); - let splits = y.split(); - - assert_eq!(splits[0], x3); - assert_eq!(splits[1], x2); - assert_eq!(splits[2], x2); - assert_eq!(splits[3], x3); - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/mod.rs deleted file mode 100644 index 6191ecc0c25a..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/mod.rs +++ /dev/null @@ -1,19 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2018-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - Henry de Valence - -#![cfg_attr( - feature = "nightly", - doc(include = "../../../../docs/ifma-notes.md") -)] - -pub mod field; - -pub mod edwards; - -pub mod constants; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/mod.rs deleted file mode 100644 index 29a6f6572f2e..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/mod.rs +++ /dev/null @@ -1,43 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -// Conditionally include the notes if we're on nightly (so we can include docs at all). -#![cfg_attr( - feature = "nightly", - doc(include = "../../../docs/parallel-formulas.md") -)] - -#[cfg(not(any(target_feature = "avx2", target_feature = "avx512ifma", rustdoc)))] -compile_error!("simd_backend selected without target_feature=+avx2 or +avx512ifma"); - -#[cfg(any( - all(target_feature = "avx2", not(target_feature = "avx512ifma")), - rustdoc -))] -#[doc(cfg(all(target_feature = "avx2", not(target_feature = "avx512ifma"))))] -pub mod avx2; -#[cfg(any( - all(target_feature = "avx2", not(target_feature = "avx512ifma")), - rustdoc -))] -pub(crate) use self::avx2::{ - constants::BASEPOINT_ODD_LOOKUP_TABLE, edwards::CachedPoint, edwards::ExtendedPoint, -}; - -#[cfg(any(target_feature = "avx512ifma", rustdoc))] -#[doc(cfg(target_feature = "avx512ifma"))] -pub mod ifma; -#[cfg(target_feature = "avx512ifma")] -pub(crate) use self::ifma::{ - constants::BASEPOINT_ODD_LOOKUP_TABLE, edwards::CachedPoint, edwards::ExtendedPoint, -}; - -pub mod scalar_mul; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/mod.rs deleted file mode 100644 index 36a7047a2813..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/mod.rs +++ /dev/null @@ -1,23 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -pub mod variable_base; - -pub mod vartime_double_base; - -#[cfg(feature = "alloc")] -pub mod straus; - -#[cfg(feature = "alloc")] -pub mod precomputed_straus; - -#[cfg(feature = "alloc")] -pub mod pippenger; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/pippenger.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/pippenger.rs deleted file mode 100644 index 7f9e24156931..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/pippenger.rs +++ /dev/null @@ -1,164 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2019 Oleg Andreev -// See LICENSE for licensing information. -// -// Authors: -// - Oleg Andreev - -#![allow(non_snake_case)] - -use core::borrow::Borrow; - -use backend::vector::{CachedPoint, ExtendedPoint}; -use edwards::EdwardsPoint; -use scalar::Scalar; -use traits::{Identity, VartimeMultiscalarMul}; - -#[allow(unused_imports)] -use prelude::*; - -/// Implements a version of Pippenger's algorithm. -/// -/// See the documentation in the serial `scalar_mul::pippenger` module for details. -pub struct Pippenger; - -#[cfg(any(feature = "alloc", feature = "std"))] -impl VartimeMultiscalarMul for Pippenger { - type Point = EdwardsPoint; - - fn optional_multiscalar_mul(scalars: I, points: J) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator>, - { - let mut scalars = scalars.into_iter(); - let size = scalars.by_ref().size_hint().0; - let w = if size < 500 { - 6 - } else if size < 800 { - 7 - } else { - 8 - }; - - let max_digit: usize = 1 << w; - let digits_count: usize = Scalar::to_radix_2w_size_hint(w); - let buckets_count: usize = max_digit / 2; // digits are signed+centered hence 2^w/2, excluding 0-th bucket - - // Collect optimized scalars and points in a buffer for repeated access - // (scanning the whole collection per each digit position). - let scalars = scalars - .into_iter() - .map(|s| s.borrow().to_radix_2w(w)); - - let points = points - .into_iter() - .map(|p| p.map(|P| CachedPoint::from(ExtendedPoint::from(P)))); - - let scalars_points = scalars - .zip(points) - .map(|(s, maybe_p)| maybe_p.map(|p| (s, p))) - .collect::>>()?; - - // Prepare 2^w/2 buckets. - // buckets[i] corresponds to a multiplication factor (i+1). - let mut buckets: Vec = (0..buckets_count) - .map(|_| ExtendedPoint::identity()) - .collect(); - - let mut columns = (0..digits_count).rev().map(|digit_index| { - // Clear the buckets when processing another digit. - for i in 0..buckets_count { - buckets[i] = ExtendedPoint::identity(); - } - - // Iterate over pairs of (point, scalar) - // and add/sub the point to the corresponding bucket. - // Note: if we add support for precomputed lookup tables, - // we'll be adding/subtractiong point premultiplied by `digits[i]` to buckets[0]. - for (digits, pt) in scalars_points.iter() { - // Widen digit so that we don't run into edge cases when w=8. - let digit = digits[digit_index] as i16; - if digit > 0 { - let b = (digit - 1) as usize; - buckets[b] = &buckets[b] + pt; - } else if digit < 0 { - let b = (-digit - 1) as usize; - buckets[b] = &buckets[b] - pt; - } - } - - // Add the buckets applying the multiplication factor to each bucket. - // The most efficient way to do that is to have a single sum with two running sums: - // an intermediate sum from last bucket to the first, and a sum of intermediate sums. - // - // For example, to add buckets 1*A, 2*B, 3*C we need to add these points: - // C - // C B - // C B A Sum = C + (C+B) + (C+B+A) - let mut buckets_intermediate_sum = buckets[buckets_count - 1]; - let mut buckets_sum = buckets[buckets_count - 1]; - for i in (0..(buckets_count - 1)).rev() { - buckets_intermediate_sum = - &buckets_intermediate_sum + &CachedPoint::from(buckets[i]); - buckets_sum = &buckets_sum + &CachedPoint::from(buckets_intermediate_sum); - } - - buckets_sum - }); - - // Take the high column as an initial value to avoid wasting time doubling the identity element in `fold()`. - // `unwrap()` always succeeds because we know we have more than zero digits. - let hi_column = columns.next().unwrap(); - - Some( - columns - .fold(hi_column, |total, p| { - &total.mul_by_pow_2(w as u32) + &CachedPoint::from(p) - }) - .into(), - ) - } -} - -#[cfg(test)] -mod test { - use super::*; - use constants; - use scalar::Scalar; - - #[test] - fn test_vartime_pippenger() { - // Reuse points across different tests - let mut n = 512; - let x = Scalar::from(2128506u64).invert(); - let y = Scalar::from(4443282u64).invert(); - let points: Vec<_> = (0..n) - .map(|i| constants::ED25519_BASEPOINT_POINT * Scalar::from(1 + i as u64)) - .collect(); - let scalars: Vec<_> = (0..n) - .map(|i| x + (Scalar::from(i as u64) * y)) // fast way to make ~random but deterministic scalars - .collect(); - - let premultiplied: Vec = scalars - .iter() - .zip(points.iter()) - .map(|(sc, pt)| sc * pt) - .collect(); - - while n > 0 { - let scalars = &scalars[0..n].to_vec(); - let points = &points[0..n].to_vec(); - let control: EdwardsPoint = premultiplied[0..n].iter().sum(); - - let subject = Pippenger::vartime_multiscalar_mul(scalars.clone(), points.clone()); - - assert_eq!(subject.compress(), control.compress()); - - n = n / 2; - } - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/precomputed_straus.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/precomputed_straus.rs deleted file mode 100644 index 2c6fdf5edde5..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/precomputed_straus.rs +++ /dev/null @@ -1,107 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2019 Henry de Valence. -// See LICENSE for licensing information. -// -// Authors: -// - Henry de Valence - -//! Precomputation for Straus's method. - -#![allow(non_snake_case)] - -use core::borrow::Borrow; - -use backend::vector::{CachedPoint, ExtendedPoint}; -use edwards::EdwardsPoint; -use scalar::Scalar; -use traits::Identity; -use traits::VartimePrecomputedMultiscalarMul; -use window::{NafLookupTable5, NafLookupTable8}; - -#[allow(unused_imports)] -use prelude::*; - - -pub struct VartimePrecomputedStraus { - static_lookup_tables: Vec>, -} - -impl VartimePrecomputedMultiscalarMul for VartimePrecomputedStraus { - type Point = EdwardsPoint; - - fn new(static_points: I) -> Self - where - I: IntoIterator, - I::Item: Borrow, - { - Self { - static_lookup_tables: static_points - .into_iter() - .map(|P| NafLookupTable8::::from(P.borrow())) - .collect(), - } - } - - fn optional_mixed_multiscalar_mul( - &self, - static_scalars: I, - dynamic_scalars: J, - dynamic_points: K, - ) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - K: IntoIterator>, - { - let static_nafs = static_scalars - .into_iter() - .map(|c| c.borrow().non_adjacent_form(5)) - .collect::>(); - let dynamic_nafs: Vec<_> = dynamic_scalars - .into_iter() - .map(|c| c.borrow().non_adjacent_form(5)) - .collect::>(); - - let dynamic_lookup_tables = dynamic_points - .into_iter() - .map(|P_opt| P_opt.map(|P| NafLookupTable5::::from(&P))) - .collect::>>()?; - - let sp = self.static_lookup_tables.len(); - let dp = dynamic_lookup_tables.len(); - assert_eq!(sp, static_nafs.len()); - assert_eq!(dp, dynamic_nafs.len()); - - // We could save some doublings by looking for the highest - // nonzero NAF coefficient, but since we might have a lot of - // them to search, it's not clear it's worthwhile to check. - let mut R = ExtendedPoint::identity(); - for j in (0..256).rev() { - R = R.double(); - - for i in 0..dp { - let t_ij = dynamic_nafs[i][j]; - if t_ij > 0 { - R = &R + &dynamic_lookup_tables[i].select(t_ij as usize); - } else if t_ij < 0 { - R = &R - &dynamic_lookup_tables[i].select(-t_ij as usize); - } - } - - for i in 0..sp { - let t_ij = static_nafs[i][j]; - if t_ij > 0 { - R = &R + &self.static_lookup_tables[i].select(t_ij as usize); - } else if t_ij < 0 { - R = &R - &self.static_lookup_tables[i].select(-t_ij as usize); - } - } - } - - Some(R.into()) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/straus.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/straus.rs deleted file mode 100644 index b6c02f97668c..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/straus.rs +++ /dev/null @@ -1,108 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -#![allow(non_snake_case)] - -use core::borrow::Borrow; - -use zeroize::Zeroizing; - -use backend::vector::{CachedPoint, ExtendedPoint}; -use edwards::EdwardsPoint; -use scalar::Scalar; -use window::{LookupTable, NafLookupTable5}; -use traits::{Identity, MultiscalarMul, VartimeMultiscalarMul}; - -#[allow(unused_imports)] -use prelude::*; - -/// Multiscalar multiplication using interleaved window / Straus' -/// method. See the `Straus` struct in the serial backend for more -/// details. -/// -/// This exists as a seperate implementation from that one because the -/// AVX2 code uses different curve models (it does not pass between -/// multiple models during scalar mul), and it has to convert the -/// point representation on the fly. -pub struct Straus {} - -impl MultiscalarMul for Straus { - type Point = EdwardsPoint; - - fn multiscalar_mul(scalars: I, points: J) -> EdwardsPoint - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - { - // Construct a lookup table of [P,2P,3P,4P,5P,6P,7P,8P] - // for each input point P - let lookup_tables: Vec<_> = points - .into_iter() - .map(|point| LookupTable::::from(point.borrow())) - .collect(); - - let scalar_digits_vec: Vec<_> = scalars - .into_iter() - .map(|s| s.borrow().to_radix_16()) - .collect(); - // Pass ownership to a `Zeroizing` wrapper - let scalar_digits = Zeroizing::new(scalar_digits_vec); - - let mut Q = ExtendedPoint::identity(); - for j in (0..64).rev() { - Q = Q.mul_by_pow_2(4); - let it = scalar_digits.iter().zip(lookup_tables.iter()); - for (s_i, lookup_table_i) in it { - // Q = Q + s_{i,j} * P_i - Q = &Q + &lookup_table_i.select(s_i[j]); - } - } - Q.into() - } -} - -impl VartimeMultiscalarMul for Straus { - type Point = EdwardsPoint; - - fn optional_multiscalar_mul(scalars: I, points: J) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator>, - { - let nafs: Vec<_> = scalars - .into_iter() - .map(|c| c.borrow().non_adjacent_form(5)) - .collect(); - let lookup_tables: Vec<_> = points - .into_iter() - .map(|P_opt| P_opt.map(|P| NafLookupTable5::::from(&P))) - .collect::>>()?; - - let mut Q = ExtendedPoint::identity(); - - for i in (0..256).rev() { - Q = Q.double(); - - for (naf, lookup_table) in nafs.iter().zip(lookup_tables.iter()) { - if naf[i] > 0 { - Q = &Q + &lookup_table.select(naf[i] as usize); - } else if naf[i] < 0 { - Q = &Q - &lookup_table.select(-naf[i] as usize); - } - } - } - - Some(Q.into()) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/variable_base.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/variable_base.rs deleted file mode 100644 index f53c4a0c90a3..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/variable_base.rs +++ /dev/null @@ -1,32 +0,0 @@ -#![allow(non_snake_case)] - -use backend::vector::{CachedPoint, ExtendedPoint}; -use edwards::EdwardsPoint; -use scalar::Scalar; -use traits::Identity; -use window::LookupTable; - -/// Perform constant-time, variable-base scalar multiplication. -pub fn mul(point: &EdwardsPoint, scalar: &Scalar) -> EdwardsPoint { - // Construct a lookup table of [P,2P,3P,4P,5P,6P,7P,8P] - let lookup_table = LookupTable::::from(point); - // Setting s = scalar, compute - // - // s = s_0 + s_1*16^1 + ... + s_63*16^63, - // - // with `-8 ≤ s_i < 8` for `0 ≤ i < 63` and `-8 ≤ s_63 ≤ 8`. - let scalar_digits = scalar.to_radix_16(); - // Compute s*P as - // - // s*P = P*(s_0 + s_1*16^1 + s_2*16^2 + ... + s_63*16^63) - // s*P = P*s_0 + P*s_1*16^1 + P*s_2*16^2 + ... + P*s_63*16^63 - // s*P = P*s_0 + 16*(P*s_1 + 16*(P*s_2 + 16*( ... + P*s_63)...)) - // - // We sum right-to-left. - let mut Q = ExtendedPoint::identity(); - for i in (0..64).rev() { - Q = Q.mul_by_pow_2(4); - Q = &Q + &lookup_table.select(scalar_digits[i]); - } - Q.into() -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/vartime_double_base.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/vartime_double_base.rs deleted file mode 100644 index 3f7cc3eb626c..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/vartime_double_base.rs +++ /dev/null @@ -1,62 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -#![allow(non_snake_case)] - -use backend::vector::BASEPOINT_ODD_LOOKUP_TABLE; -use backend::vector::{CachedPoint, ExtendedPoint}; -use edwards::EdwardsPoint; -use scalar::Scalar; -use traits::Identity; -use window::NafLookupTable5; - -/// Compute \\(aA + bB\\) in variable time, where \\(B\\) is the Ed25519 basepoint. -pub fn mul(a: &Scalar, A: &EdwardsPoint, b: &Scalar) -> EdwardsPoint { - let a_naf = a.non_adjacent_form(5); - let b_naf = b.non_adjacent_form(8); - - // Find starting index - let mut i: usize = 255; - for j in (0..256).rev() { - i = j; - if a_naf[i] != 0 || b_naf[i] != 0 { - break; - } - } - - let table_A = NafLookupTable5::::from(A); - let table_B = &BASEPOINT_ODD_LOOKUP_TABLE; - - let mut Q = ExtendedPoint::identity(); - - loop { - Q = Q.double(); - - if a_naf[i] > 0 { - Q = &Q + &table_A.select(a_naf[i] as usize); - } else if a_naf[i] < 0 { - Q = &Q - &table_A.select(-a_naf[i] as usize); - } - - if b_naf[i] > 0 { - Q = &Q + &table_B.select(b_naf[i] as usize); - } else if b_naf[i] < 0 { - Q = &Q - &table_B.select(-b_naf[i] as usize); - } - - if i == 0 { - break; - } - i -= 1; - } - - Q.into() -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/constants.rs deleted file mode 100644 index 19c46e5aa4b3..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/constants.rs +++ /dev/null @@ -1,181 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Various constants, such as the Ristretto and Ed25519 basepoints. -//! -//! Most of the constants are given with -//! `LONG_DESCRIPTIVE_UPPER_CASE_NAMES`, but they can be brought into -//! scope using a `let` binding: -//! -//! ``` -//! use curve25519_dalek::constants; -//! use curve25519_dalek::traits::IsIdentity; -//! -//! let B = &constants::RISTRETTO_BASEPOINT_TABLE; -//! let l = &constants::BASEPOINT_ORDER; -//! -//! let A = l * B; -//! assert!(A.is_identity()); -//! ``` - -#![allow(non_snake_case)] - -use edwards::CompressedEdwardsY; -use ristretto::RistrettoPoint; -use ristretto::CompressedRistretto; -use montgomery::MontgomeryPoint; -use scalar::Scalar; - -#[cfg(feature = "fiat_u32_backend")] -pub use backend::serial::fiat_u32::constants::*; -#[cfg(feature = "fiat_u64_backend")] -pub use backend::serial::fiat_u64::constants::*; -#[cfg(feature = "u64_backend")] -pub use backend::serial::u64::constants::*; -#[cfg(feature = "u32_backend")] -pub use backend::serial::u32::constants::*; - -/// The Ed25519 basepoint, in `CompressedEdwardsY` format. -/// -/// This is the little-endian byte encoding of \\( 4/5 \pmod p \\), -/// which is the \\(y\\)-coordinate of the Ed25519 basepoint. -/// -/// The sign bit is 0 since the basepoint has \\(x\\) chosen to be positive. -pub const ED25519_BASEPOINT_COMPRESSED: CompressedEdwardsY = - CompressedEdwardsY([0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66]); - -/// The X25519 basepoint, in `MontgomeryPoint` format. -pub const X25519_BASEPOINT: MontgomeryPoint = - MontgomeryPoint([0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); - -/// The Ristretto basepoint, in `CompressedRistretto` format. -pub const RISTRETTO_BASEPOINT_COMPRESSED: CompressedRistretto = - CompressedRistretto([0xe2, 0xf2, 0xae, 0x0a, 0x6a, 0xbc, 0x4e, 0x71, - 0xa8, 0x84, 0xa9, 0x61, 0xc5, 0x00, 0x51, 0x5f, - 0x58, 0xe3, 0x0b, 0x6a, 0xa5, 0x82, 0xdd, 0x8d, - 0xb6, 0xa6, 0x59, 0x45, 0xe0, 0x8d, 0x2d, 0x76]); - -/// The Ristretto basepoint, as a `RistrettoPoint`. -/// -/// This is called `_POINT` to distinguish it from `_TABLE`, which -/// provides fast scalar multiplication. -pub const RISTRETTO_BASEPOINT_POINT: RistrettoPoint = RistrettoPoint(ED25519_BASEPOINT_POINT); - -/// `BASEPOINT_ORDER` is the order of the Ristretto group and of the Ed25519 basepoint, i.e., -/// $$ -/// \ell = 2^\{252\} + 27742317777372353535851937790883648493. -/// $$ -pub const BASEPOINT_ORDER: Scalar = Scalar{ - bytes: [ - 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, - 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, - ], -}; - -use ristretto::RistrettoBasepointTable; -/// The Ristretto basepoint, as a `RistrettoBasepointTable` for scalar multiplication. -pub const RISTRETTO_BASEPOINT_TABLE: RistrettoBasepointTable - = RistrettoBasepointTable(ED25519_BASEPOINT_TABLE); - -#[cfg(test)] -mod test { - use field::FieldElement; - use traits::{IsIdentity, ValidityCheck}; - use constants; - - #[test] - fn test_eight_torsion() { - for i in 0..8 { - let Q = constants::EIGHT_TORSION[i].mul_by_pow_2(3); - assert!(Q.is_valid()); - assert!(Q.is_identity()); - } - } - - #[test] - fn test_four_torsion() { - for i in (0..8).filter(|i| i % 2 == 0) { - let Q = constants::EIGHT_TORSION[i].mul_by_pow_2(2); - assert!(Q.is_valid()); - assert!(Q.is_identity()); - } - } - - #[test] - fn test_two_torsion() { - for i in (0..8).filter(|i| i % 4 == 0) { - let Q = constants::EIGHT_TORSION[i].mul_by_pow_2(1); - assert!(Q.is_valid()); - assert!(Q.is_identity()); - } - } - - /// Test that SQRT_M1 is the positive square root of -1 - #[test] - fn test_sqrt_minus_one() { - let minus_one = FieldElement::minus_one(); - let sqrt_m1_sq = &constants::SQRT_M1 * &constants::SQRT_M1; - assert_eq!(minus_one, sqrt_m1_sq); - assert_eq!(constants::SQRT_M1.is_negative().unwrap_u8(), 0); - } - - #[test] - fn test_sqrt_constants_sign() { - let minus_one = FieldElement::minus_one(); - let (was_nonzero_square, invsqrt_m1) = minus_one.invsqrt(); - assert_eq!(was_nonzero_square.unwrap_u8(), 1u8); - let sign_test_sqrt = &invsqrt_m1 * &constants::SQRT_M1; - assert_eq!(sign_test_sqrt, minus_one); - } - - /// Test that d = -121665/121666 - #[test] - #[cfg(feature = "u32_backend")] - fn test_d_vs_ratio() { - use backend::serial::u32::field::FieldElement2625; - let a = -&FieldElement2625([121665,0,0,0,0,0,0,0,0,0]); - let b = FieldElement2625([121666,0,0,0,0,0,0,0,0,0]); - let d = &a * &b.invert(); - let d2 = &d + &d; - assert_eq!(d, constants::EDWARDS_D); - assert_eq!(d2, constants::EDWARDS_D2); - } - - /// Test that d = -121665/121666 - #[test] - #[cfg(feature = "u64_backend")] - fn test_d_vs_ratio() { - use backend::serial::u64::field::FieldElement51; - let a = -&FieldElement51([121665,0,0,0,0]); - let b = FieldElement51([121666,0,0,0,0]); - let d = &a * &b.invert(); - let d2 = &d + &d; - assert_eq!(d, constants::EDWARDS_D); - assert_eq!(d2, constants::EDWARDS_D2); - } - - #[test] - fn test_sqrt_ad_minus_one() { - let a = FieldElement::minus_one(); - let ad_minus_one = &(&a * &constants::EDWARDS_D) + &a; - let should_be_ad_minus_one = constants::SQRT_AD_MINUS_ONE.square(); - assert_eq!(should_be_ad_minus_one, ad_minus_one); - } - -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/edwards.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/edwards.rs deleted file mode 100644 index f33df9532f74..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/edwards.rs +++ /dev/null @@ -1,1810 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2020 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Group operations for Curve25519, in Edwards form. -//! -//! ## Encoding and Decoding -//! -//! Encoding is done by converting to and from a `CompressedEdwardsY` -//! struct, which is a typed wrapper around `[u8; 32]`. -//! -//! ## Equality Testing -//! -//! The `EdwardsPoint` struct implements the `subtle::ConstantTimeEq` -//! trait for constant-time equality checking, and the Rust `Eq` trait -//! for variable-time equality checking. -//! -//! ## Cofactor-related functions -//! -//! The order of the group of points on the curve \\(\mathcal E\\) -//! is \\(|\mathcal E| = 8\ell \\), so its structure is \\( \mathcal -//! E = \mathcal E[8] \times \mathcal E[\ell]\\). The torsion -//! subgroup \\( \mathcal E[8] \\) consists of eight points of small -//! order. Technically, all of \\(\mathcal E\\) is torsion, but we -//! use the word only to refer to the small \\(\mathcal E[8]\\) part, not -//! the large prime-order \\(\mathcal E[\ell]\\) part. -//! -//! To test if a point is in \\( \mathcal E[8] \\), use -//! `EdwardsPoint::is_small_order()`. -//! -//! To test if a point is in \\( \mathcal E[\ell] \\), use -//! `EdwardsPoint::is_torsion_free()`. -//! -//! To multiply by the cofactor, use `EdwardsPoint::mul_by_cofactor()`. -//! -//! To avoid dealing with cofactors entirely, consider using Ristretto. -//! -//! ## Scalars -//! -//! Scalars are represented by the `Scalar` struct. To construct a scalar with a specific bit -//! pattern, see `Scalar::from_bits()`. -//! -//! ## Scalar Multiplication -//! -//! Scalar multiplication on Edwards points is provided by: -//! -//! * the `*` operator between a `Scalar` and a `EdwardsPoint`, which -//! performs constant-time variable-base scalar multiplication; -//! -//! * the `*` operator between a `Scalar` and a -//! `EdwardsBasepointTable`, which performs constant-time fixed-base -//! scalar multiplication; -//! -//! * an implementation of the -//! [`MultiscalarMul`](../traits/trait.MultiscalarMul.html) trait for -//! constant-time variable-base multiscalar multiplication; -//! -//! * an implementation of the -//! [`VartimeMultiscalarMul`](../traits/trait.VartimeMultiscalarMul.html) -//! trait for variable-time variable-base multiscalar multiplication; -//! -//! ## Implementation -//! -//! The Edwards arithmetic is implemented using the “extended twisted -//! coordinates” of Hisil, Wong, Carter, and Dawson, and the -//! corresponding complete formulas. For more details, -//! see the [`curve_models` submodule][curve_models] -//! of the internal documentation. -//! -//! ## Validity Checking -//! -//! There is no function for checking whether a point is valid. -//! Instead, the `EdwardsPoint` struct is guaranteed to hold a valid -//! point on the curve. -//! -//! We use the Rust type system to make invalid points -//! unrepresentable: `EdwardsPoint` objects can only be created via -//! successful decompression of a compressed point, or else by -//! operations on other (valid) `EdwardsPoint`s. -//! -//! [curve_models]: https://doc-internal.dalek.rs/curve25519_dalek/backend/serial/curve_models/index.html - -// We allow non snake_case names because coordinates in projective space are -// traditionally denoted by the capitalisation of their respective -// counterparts in affine space. Yeah, you heard me, rustc, I'm gonna have my -// affine and projective cakes and eat both of them too. -#![allow(non_snake_case)] - -use core::borrow::Borrow; -use core::fmt::Debug; -use core::iter::Iterator; -use core::iter::Sum; -use core::ops::{Add, Neg, Sub}; -use core::ops::{AddAssign, SubAssign}; -use core::ops::{Mul, MulAssign}; - -use digest::{generic_array::typenum::U64, Digest}; -use subtle::Choice; -use subtle::ConditionallyNegatable; -use subtle::ConditionallySelectable; -use subtle::ConstantTimeEq; - -use zeroize::Zeroize; - -use constants; - -use field::FieldElement; -use scalar::Scalar; - -use montgomery::MontgomeryPoint; - -use backend::serial::curve_models::AffineNielsPoint; -use backend::serial::curve_models::CompletedPoint; -use backend::serial::curve_models::ProjectiveNielsPoint; -use backend::serial::curve_models::ProjectivePoint; - -use window::LookupTable; -use window::LookupTableRadix16; -use window::LookupTableRadix32; -use window::LookupTableRadix64; -use window::LookupTableRadix128; -use window::LookupTableRadix256; - -#[allow(unused_imports)] -use prelude::*; - -use traits::BasepointTable; -use traits::ValidityCheck; -use traits::{Identity, IsIdentity}; - -#[cfg(any(feature = "alloc", feature = "std"))] -use traits::MultiscalarMul; -#[cfg(any(feature = "alloc", feature = "std"))] -use traits::{VartimeMultiscalarMul, VartimePrecomputedMultiscalarMul}; - -#[cfg(not(all( - feature = "simd_backend", - any(target_feature = "avx2", target_feature = "avx512ifma") -)))] -use backend::serial::scalar_mul; -#[cfg(all( - feature = "simd_backend", - any(target_feature = "avx2", target_feature = "avx512ifma") -))] -use backend::vector::scalar_mul; - -// ------------------------------------------------------------------------ -// Compressed points -// ------------------------------------------------------------------------ - -/// In "Edwards y" / "Ed25519" format, the curve point \\((x,y)\\) is -/// determined by the \\(y\\)-coordinate and the sign of \\(x\\). -/// -/// The first 255 bits of a `CompressedEdwardsY` represent the -/// \\(y\\)-coordinate. The high bit of the 32nd byte gives the sign of \\(x\\). -#[derive(Copy, Clone, Eq, PartialEq, Hash)] -pub struct CompressedEdwardsY(pub [u8; 32]); - -impl ConstantTimeEq for CompressedEdwardsY { - fn ct_eq(&self, other: &CompressedEdwardsY) -> Choice { - self.as_bytes().ct_eq(other.as_bytes()) - } -} - -impl Debug for CompressedEdwardsY { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "CompressedEdwardsY: {:?}", self.as_bytes()) - } -} - -impl CompressedEdwardsY { - /// View this `CompressedEdwardsY` as an array of bytes. - pub fn as_bytes(&self) -> &[u8; 32] { - &self.0 - } - - /// Copy this `CompressedEdwardsY` to an array of bytes. - pub fn to_bytes(&self) -> [u8; 32] { - self.0 - } - - /// Attempt to decompress to an `EdwardsPoint`. - /// - /// Returns `None` if the input is not the \\(y\\)-coordinate of a - /// curve point. - pub fn decompress(&self) -> Option { - let Y = FieldElement::from_bytes(self.as_bytes()); - let Z = FieldElement::one(); - let YY = Y.square(); - let u = &YY - &Z; // u = y²-1 - let v = &(&YY * &constants::EDWARDS_D) + &Z; // v = dy²+1 - let (is_valid_y_coord, mut X) = FieldElement::sqrt_ratio_i(&u, &v); - - if is_valid_y_coord.unwrap_u8() != 1u8 { return None; } - - // FieldElement::sqrt_ratio_i always returns the nonnegative square root, - // so we negate according to the supplied sign bit. - let compressed_sign_bit = Choice::from(self.as_bytes()[31] >> 7); - X.conditional_negate(compressed_sign_bit); - - Some(EdwardsPoint{ X, Y, Z, T: &X * &Y }) - } -} - -// ------------------------------------------------------------------------ -// Serde support -// ------------------------------------------------------------------------ -// Serializes to and from `EdwardsPoint` directly, doing compression -// and decompression internally. This means that users can create -// structs containing `EdwardsPoint`s and use Serde's derived -// serializers to serialize those structures. - -#[cfg(feature = "serde")] -use serde::{self, Serialize, Deserialize, Serializer, Deserializer}; -#[cfg(feature = "serde")] -use serde::de::Visitor; - -#[cfg(feature = "serde")] -impl Serialize for EdwardsPoint { - fn serialize(&self, serializer: S) -> Result - where S: Serializer - { - use serde::ser::SerializeTuple; - let mut tup = serializer.serialize_tuple(32)?; - for byte in self.compress().as_bytes().iter() { - tup.serialize_element(byte)?; - } - tup.end() - } -} - -#[cfg(feature = "serde")] -impl Serialize for CompressedEdwardsY { - fn serialize(&self, serializer: S) -> Result - where S: Serializer - { - use serde::ser::SerializeTuple; - let mut tup = serializer.serialize_tuple(32)?; - for byte in self.as_bytes().iter() { - tup.serialize_element(byte)?; - } - tup.end() - } -} - -#[cfg(feature = "serde")] -impl<'de> Deserialize<'de> for EdwardsPoint { - fn deserialize(deserializer: D) -> Result - where D: Deserializer<'de> - { - struct EdwardsPointVisitor; - - impl<'de> Visitor<'de> for EdwardsPointVisitor { - type Value = EdwardsPoint; - - fn expecting(&self, formatter: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - formatter.write_str("a valid point in Edwards y + sign format") - } - - fn visit_seq(self, mut seq: A) -> Result - where A: serde::de::SeqAccess<'de> - { - let mut bytes = [0u8; 32]; - for i in 0..32 { - bytes[i] = seq.next_element()? - .ok_or(serde::de::Error::invalid_length(i, &"expected 32 bytes"))?; - } - CompressedEdwardsY(bytes) - .decompress() - .ok_or(serde::de::Error::custom("decompression failed")) - } - } - - deserializer.deserialize_tuple(32, EdwardsPointVisitor) - } -} - -#[cfg(feature = "serde")] -impl<'de> Deserialize<'de> for CompressedEdwardsY { - fn deserialize(deserializer: D) -> Result - where D: Deserializer<'de> - { - struct CompressedEdwardsYVisitor; - - impl<'de> Visitor<'de> for CompressedEdwardsYVisitor { - type Value = CompressedEdwardsY; - - fn expecting(&self, formatter: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - formatter.write_str("32 bytes of data") - } - - fn visit_seq(self, mut seq: A) -> Result - where A: serde::de::SeqAccess<'de> - { - let mut bytes = [0u8; 32]; - for i in 0..32 { - bytes[i] = seq.next_element()? - .ok_or(serde::de::Error::invalid_length(i, &"expected 32 bytes"))?; - } - Ok(CompressedEdwardsY(bytes)) - } - } - - deserializer.deserialize_tuple(32, CompressedEdwardsYVisitor) - } -} - -// ------------------------------------------------------------------------ -// Internal point representations -// ------------------------------------------------------------------------ - -/// An `EdwardsPoint` represents a point on the Edwards form of Curve25519. -#[derive(Copy, Clone)] -#[allow(missing_docs)] -pub struct EdwardsPoint { - pub(crate) X: FieldElement, - pub(crate) Y: FieldElement, - pub(crate) Z: FieldElement, - pub(crate) T: FieldElement, -} - -// ------------------------------------------------------------------------ -// Constructors -// ------------------------------------------------------------------------ - -impl Identity for CompressedEdwardsY { - fn identity() -> CompressedEdwardsY { - CompressedEdwardsY([1, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0]) - } -} - -impl Default for CompressedEdwardsY { - fn default() -> CompressedEdwardsY { - CompressedEdwardsY::identity() - } -} - -impl CompressedEdwardsY { - /// Construct a `CompressedEdwardsY` from a slice of bytes. - /// - /// # Panics - /// - /// If the input `bytes` slice does not have a length of 32. - pub fn from_slice(bytes: &[u8]) -> CompressedEdwardsY { - let mut tmp = [0u8; 32]; - - tmp.copy_from_slice(bytes); - - CompressedEdwardsY(tmp) - } -} - -impl Identity for EdwardsPoint { - fn identity() -> EdwardsPoint { - EdwardsPoint { - X: FieldElement::zero(), - Y: FieldElement::one(), - Z: FieldElement::one(), - T: FieldElement::zero(), - } - } -} - -impl Default for EdwardsPoint { - fn default() -> EdwardsPoint { - EdwardsPoint::identity() - } -} - -// ------------------------------------------------------------------------ -// Zeroize implementations for wiping points from memory -// ------------------------------------------------------------------------ - -impl Zeroize for CompressedEdwardsY { - /// Reset this `CompressedEdwardsY` to the compressed form of the identity element. - fn zeroize(&mut self) { - self.0.zeroize(); - self.0[0] = 1; - } -} - -impl Zeroize for EdwardsPoint { - /// Reset this `CompressedEdwardsPoint` to the identity element. - fn zeroize(&mut self) { - self.X.zeroize(); - self.Y = FieldElement::one(); - self.Z = FieldElement::one(); - self.T.zeroize(); - } -} - -// ------------------------------------------------------------------------ -// Validity checks (for debugging, not CT) -// ------------------------------------------------------------------------ - -impl ValidityCheck for EdwardsPoint { - fn is_valid(&self) -> bool { - let point_on_curve = self.to_projective().is_valid(); - let on_segre_image = (&self.X * &self.Y) == (&self.Z * &self.T); - - point_on_curve && on_segre_image - } -} - -// ------------------------------------------------------------------------ -// Constant-time assignment -// ------------------------------------------------------------------------ - -impl ConditionallySelectable for EdwardsPoint { - fn conditional_select(a: &EdwardsPoint, b: &EdwardsPoint, choice: Choice) -> EdwardsPoint { - EdwardsPoint { - X: FieldElement::conditional_select(&a.X, &b.X, choice), - Y: FieldElement::conditional_select(&a.Y, &b.Y, choice), - Z: FieldElement::conditional_select(&a.Z, &b.Z, choice), - T: FieldElement::conditional_select(&a.T, &b.T, choice), - } - } -} - -// ------------------------------------------------------------------------ -// Equality -// ------------------------------------------------------------------------ - -impl ConstantTimeEq for EdwardsPoint { - fn ct_eq(&self, other: &EdwardsPoint) -> Choice { - // We would like to check that the point (X/Z, Y/Z) is equal to - // the point (X'/Z', Y'/Z') without converting into affine - // coordinates (x, y) and (x', y'), which requires two inversions. - // We have that X = xZ and X' = x'Z'. Thus, x = x' is equivalent to - // (xZ)Z' = (x'Z')Z, and similarly for the y-coordinate. - - (&self.X * &other.Z).ct_eq(&(&other.X * &self.Z)) - & (&self.Y * &other.Z).ct_eq(&(&other.Y * &self.Z)) - } -} - -impl PartialEq for EdwardsPoint { - fn eq(&self, other: &EdwardsPoint) -> bool { - self.ct_eq(other).unwrap_u8() == 1u8 - } -} - -impl Eq for EdwardsPoint {} - -// ------------------------------------------------------------------------ -// Point conversions -// ------------------------------------------------------------------------ - -impl EdwardsPoint { - /// Convert to a ProjectiveNielsPoint - pub(crate) fn to_projective_niels(&self) -> ProjectiveNielsPoint { - ProjectiveNielsPoint{ - Y_plus_X: &self.Y + &self.X, - Y_minus_X: &self.Y - &self.X, - Z: self.Z, - T2d: &self.T * &constants::EDWARDS_D2, - } - } - - /// Convert the representation of this point from extended - /// coordinates to projective coordinates. - /// - /// Free. - pub(crate) fn to_projective(&self) -> ProjectivePoint { - ProjectivePoint{ - X: self.X, - Y: self.Y, - Z: self.Z, - } - } - - /// Dehomogenize to a AffineNielsPoint. - /// Mainly for testing. - pub(crate) fn to_affine_niels(&self) -> AffineNielsPoint { - let recip = self.Z.invert(); - let x = &self.X * &recip; - let y = &self.Y * &recip; - let xy2d = &(&x * &y) * &constants::EDWARDS_D2; - AffineNielsPoint{ - y_plus_x: &y + &x, - y_minus_x: &y - &x, - xy2d - } - } - - /// Convert this `EdwardsPoint` on the Edwards model to the - /// corresponding `MontgomeryPoint` on the Montgomery model. - /// - /// This function has one exceptional case; the identity point of - /// the Edwards curve is sent to the 2-torsion point \\((0,0)\\) - /// on the Montgomery curve. - /// - /// Note that this is a one-way conversion, since the Montgomery - /// model does not retain sign information. - pub fn to_montgomery(&self) -> MontgomeryPoint { - // We have u = (1+y)/(1-y) = (Z+Y)/(Z-Y). - // - // The denominator is zero only when y=1, the identity point of - // the Edwards curve. Since 0.invert() = 0, in this case we - // compute the 2-torsion point (0,0). - let U = &self.Z + &self.Y; - let W = &self.Z - &self.Y; - let u = &U * &W.invert(); - MontgomeryPoint(u.to_bytes()) - } - - /// Compress this point to `CompressedEdwardsY` format. - pub fn compress(&self) -> CompressedEdwardsY { - let recip = self.Z.invert(); - let x = &self.X * &recip; - let y = &self.Y * &recip; - let mut s: [u8; 32]; - - s = y.to_bytes(); - s[31] ^= x.is_negative().unwrap_u8() << 7; - CompressedEdwardsY(s) - } - - /// Perform hashing to the group using the Elligator2 map - /// - /// See https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#section-6.7.1 - pub fn hash_from_bytes(bytes: &[u8]) -> EdwardsPoint - where - D: Digest + Default, - { - let mut hash = D::new(); - hash.update(bytes); - let h = hash.finalize(); - let mut res = [0u8; 32]; - res.copy_from_slice(&h[..32]); - - let sign_bit = (res[31] & 0x80) >> 7; - - let fe = FieldElement::from_bytes(&res); - - let M1 = crate::montgomery::elligator_encode(&fe); - let E1_opt = M1.to_edwards(sign_bit); - - E1_opt - .expect("Montgomery conversion to Edwards point in Elligator failed") - .mul_by_cofactor() - } -} - -// ------------------------------------------------------------------------ -// Doubling -// ------------------------------------------------------------------------ - -impl EdwardsPoint { - /// Add this point to itself. - pub(crate) fn double(&self) -> EdwardsPoint { - self.to_projective().double().to_extended() - } -} - -// ------------------------------------------------------------------------ -// Addition and Subtraction -// ------------------------------------------------------------------------ - -impl<'a, 'b> Add<&'b EdwardsPoint> for &'a EdwardsPoint { - type Output = EdwardsPoint; - fn add(self, other: &'b EdwardsPoint) -> EdwardsPoint { - (self + &other.to_projective_niels()).to_extended() - } -} - -define_add_variants!(LHS = EdwardsPoint, RHS = EdwardsPoint, Output = EdwardsPoint); - -impl<'b> AddAssign<&'b EdwardsPoint> for EdwardsPoint { - fn add_assign(&mut self, _rhs: &'b EdwardsPoint) { - *self = (self as &EdwardsPoint) + _rhs; - } -} - -define_add_assign_variants!(LHS = EdwardsPoint, RHS = EdwardsPoint); - -impl<'a, 'b> Sub<&'b EdwardsPoint> for &'a EdwardsPoint { - type Output = EdwardsPoint; - fn sub(self, other: &'b EdwardsPoint) -> EdwardsPoint { - (self - &other.to_projective_niels()).to_extended() - } -} - -define_sub_variants!(LHS = EdwardsPoint, RHS = EdwardsPoint, Output = EdwardsPoint); - -impl<'b> SubAssign<&'b EdwardsPoint> for EdwardsPoint { - fn sub_assign(&mut self, _rhs: &'b EdwardsPoint) { - *self = (self as &EdwardsPoint) - _rhs; - } -} - -define_sub_assign_variants!(LHS = EdwardsPoint, RHS = EdwardsPoint); - -impl Sum for EdwardsPoint -where - T: Borrow -{ - fn sum(iter: I) -> Self - where - I: Iterator - { - iter.fold(EdwardsPoint::identity(), |acc, item| acc + item.borrow()) - } -} - - -// ------------------------------------------------------------------------ -// Negation -// ------------------------------------------------------------------------ - -impl<'a> Neg for &'a EdwardsPoint { - type Output = EdwardsPoint; - - fn neg(self) -> EdwardsPoint { - EdwardsPoint{ - X: -(&self.X), - Y: self.Y, - Z: self.Z, - T: -(&self.T), - } - } -} - -impl Neg for EdwardsPoint { - type Output = EdwardsPoint; - - fn neg(self) -> EdwardsPoint { - -&self - } -} - -// ------------------------------------------------------------------------ -// Scalar multiplication -// ------------------------------------------------------------------------ - -impl<'b> MulAssign<&'b Scalar> for EdwardsPoint { - fn mul_assign(&mut self, scalar: &'b Scalar) { - let result = (self as &EdwardsPoint) * scalar; - *self = result; - } -} - -define_mul_assign_variants!(LHS = EdwardsPoint, RHS = Scalar); - -define_mul_variants!(LHS = EdwardsPoint, RHS = Scalar, Output = EdwardsPoint); -define_mul_variants!(LHS = Scalar, RHS = EdwardsPoint, Output = EdwardsPoint); - -impl<'a, 'b> Mul<&'b Scalar> for &'a EdwardsPoint { - type Output = EdwardsPoint; - /// Scalar multiplication: compute `scalar * self`. - /// - /// For scalar multiplication of a basepoint, - /// `EdwardsBasepointTable` is approximately 4x faster. - fn mul(self, scalar: &'b Scalar) -> EdwardsPoint { - scalar_mul::variable_base::mul(self, scalar) - } -} - -impl<'a, 'b> Mul<&'b EdwardsPoint> for &'a Scalar { - type Output = EdwardsPoint; - - /// Scalar multiplication: compute `scalar * self`. - /// - /// For scalar multiplication of a basepoint, - /// `EdwardsBasepointTable` is approximately 4x faster. - fn mul(self, point: &'b EdwardsPoint) -> EdwardsPoint { - point * self - } -} - -// ------------------------------------------------------------------------ -// Multiscalar Multiplication impls -// ------------------------------------------------------------------------ - -// These use the iterator's size hint and the target settings to -// forward to a specific backend implementation. - -#[cfg(feature = "alloc")] -impl MultiscalarMul for EdwardsPoint { - type Point = EdwardsPoint; - - fn multiscalar_mul(scalars: I, points: J) -> EdwardsPoint - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - { - // Sanity-check lengths of input iterators - let mut scalars = scalars.into_iter(); - let mut points = points.into_iter(); - - // Lower and upper bounds on iterators - let (s_lo, s_hi) = scalars.by_ref().size_hint(); - let (p_lo, p_hi) = points.by_ref().size_hint(); - - // They should all be equal - assert_eq!(s_lo, p_lo); - assert_eq!(s_hi, Some(s_lo)); - assert_eq!(p_hi, Some(p_lo)); - - // Now we know there's a single size. When we do - // size-dependent algorithm dispatch, use this as the hint. - let _size = s_lo; - - scalar_mul::straus::Straus::multiscalar_mul(scalars, points) - } -} - -#[cfg(feature = "alloc")] -impl VartimeMultiscalarMul for EdwardsPoint { - type Point = EdwardsPoint; - - fn optional_multiscalar_mul(scalars: I, points: J) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator>, - { - // Sanity-check lengths of input iterators - let mut scalars = scalars.into_iter(); - let mut points = points.into_iter(); - - // Lower and upper bounds on iterators - let (s_lo, s_hi) = scalars.by_ref().size_hint(); - let (p_lo, p_hi) = points.by_ref().size_hint(); - - // They should all be equal - assert_eq!(s_lo, p_lo); - assert_eq!(s_hi, Some(s_lo)); - assert_eq!(p_hi, Some(p_lo)); - - // Now we know there's a single size. - // Use this as the hint to decide which algorithm to use. - let size = s_lo; - - if size < 190 { - scalar_mul::straus::Straus::optional_multiscalar_mul(scalars, points) - } else { - scalar_mul::pippenger::Pippenger::optional_multiscalar_mul(scalars, points) - } - } -} - -/// Precomputation for variable-time multiscalar multiplication with `EdwardsPoint`s. -// This wraps the inner implementation in a facade type so that we can -// decouple stability of the inner type from the stability of the -// outer type. -#[cfg(feature = "alloc")] -pub struct VartimeEdwardsPrecomputation(scalar_mul::precomputed_straus::VartimePrecomputedStraus); - -#[cfg(feature = "alloc")] -impl VartimePrecomputedMultiscalarMul for VartimeEdwardsPrecomputation { - type Point = EdwardsPoint; - - fn new(static_points: I) -> Self - where - I: IntoIterator, - I::Item: Borrow, - { - Self(scalar_mul::precomputed_straus::VartimePrecomputedStraus::new(static_points)) - } - - fn optional_mixed_multiscalar_mul( - &self, - static_scalars: I, - dynamic_scalars: J, - dynamic_points: K, - ) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - K: IntoIterator>, - { - self.0 - .optional_mixed_multiscalar_mul(static_scalars, dynamic_scalars, dynamic_points) - } -} - -impl EdwardsPoint { - /// Compute \\(aA + bB\\) in variable time, where \\(B\\) is the Ed25519 basepoint. - pub fn vartime_double_scalar_mul_basepoint( - a: &Scalar, - A: &EdwardsPoint, - b: &Scalar, - ) -> EdwardsPoint { - scalar_mul::vartime_double_base::mul(a, A, b) - } -} - -macro_rules! impl_basepoint_table { - (Name = $name:ident, LookupTable = $table:ident, Point = $point:ty, Radix = $radix:expr, Additions = $adds:expr) => { - -/// A precomputed table of multiples of a basepoint, for accelerating -/// fixed-base scalar multiplication. One table, for the Ed25519 -/// basepoint, is provided in the `constants` module. -/// -/// The basepoint tables are reasonably large, so they should probably be boxed. -/// -/// The sizes for the tables and the number of additions required for one scalar -/// multiplication are as follows: -/// -/// * [`EdwardsBasepointTableRadix16`]: 30KB, 64A -/// (this is the default size, and is used for [`ED25519_BASEPOINT_TABLE`]) -/// * [`EdwardsBasepointTableRadix64`]: 120KB, 43A -/// * [`EdwardsBasepointTableRadix128`]: 240KB, 37A -/// * [`EdwardsBasepointTableRadix256`]: 480KB, 33A -/// -/// # Why 33 additions for radix-256? -/// -/// Normally, the radix-256 tables would allow for only 32 additions per scalar -/// multiplication. However, due to the fact that standardised definitions of -/// legacy protocols—such as x25519—require allowing unreduced 255-bit scalar -/// invariants, when converting such an unreduced scalar's representation to -/// radix-\\(2^{8}\\), we cannot guarantee the carry bit will fit in the last -/// coefficient (the coefficients are `i8`s). When, \\(w\\), the power-of-2 of -/// the radix, is \\(w < 8\\), we can fold the final carry onto the last -/// coefficient, \\(d\\), because \\(d < 2^{w/2}\\), so -/// $$ -/// d + carry \cdot 2^{w} = d + 1 \cdot 2^{w} < 2^{w+1} < 2^{8} -/// $$ -/// When \\(w = 8\\), we can't fit \\(carry \cdot 2^{w}\\) into an `i8`, so we -/// add the carry bit onto an additional coefficient. -#[derive(Clone)] -pub struct $name(pub(crate) [$table; 32]); - -impl BasepointTable for $name { - type Point = $point; - - /// Create a table of precomputed multiples of `basepoint`. - fn create(basepoint: &$point) -> $name { - // XXX use init_with - let mut table = $name([$table::default(); 32]); - let mut P = *basepoint; - for i in 0..32 { - // P = (2w)^i * B - table.0[i] = $table::from(&P); - P = P.mul_by_pow_2($radix + $radix); - } - table - } - - /// Get the basepoint for this table as an `EdwardsPoint`. - fn basepoint(&self) -> $point { - // self.0[0].select(1) = 1*(16^2)^0*B - // but as an `AffineNielsPoint`, so add identity to convert to extended. - (&<$point>::identity() + &self.0[0].select(1)).to_extended() - } - - /// The computation uses Pippeneger's algorithm, as described for the - /// specific case of radix-16 on page 13 of the Ed25519 paper. - /// - /// # Piggenger's Algorithm Generalised - /// - /// Write the scalar \\(a\\) in radix-\\(w\\), where \\(w\\) is a power of - /// 2, with coefficients in \\([\frac{-w}{2},\frac{w}{2})\\), i.e., - /// $$ - /// a = a\_0 + a\_1 w\^1 + \cdots + a\_{x} w\^{x}, - /// $$ - /// with - /// $$ - /// \frac{-w}{2} \leq a_i < \frac{w}{2}, \cdots, \frac{-w}{2} \leq a\_{x} \leq \frac{w}{2} - /// $$ - /// and the number of additions, \\(x\\), is given by \\(x = \lceil \frac{256}{w} \rceil\\). - /// Then - /// $$ - /// a B = a\_0 B + a\_1 w\^1 B + \cdots + a\_{x-1} w\^{x-1} B. - /// $$ - /// Grouping even and odd coefficients gives - /// $$ - /// \begin{aligned} - /// a B = \quad a\_0 w\^0 B +& a\_2 w\^2 B + \cdots + a\_{x-2} w\^{x-2} B \\\\ - /// + a\_1 w\^1 B +& a\_3 w\^3 B + \cdots + a\_{x-1} w\^{x-1} B \\\\ - /// = \quad(a\_0 w\^0 B +& a\_2 w\^2 B + \cdots + a\_{x-2} w\^{x-2} B) \\\\ - /// + w(a\_1 w\^0 B +& a\_3 w\^2 B + \cdots + a\_{x-1} w\^{x-2} B). \\\\ - /// \end{aligned} - /// $$ - /// For each \\(i = 0 \ldots 31\\), we create a lookup table of - /// $$ - /// [w\^{2i} B, \ldots, \frac{w}{2}\cdotw\^{2i} B], - /// $$ - /// and use it to select \\( y \cdot w\^{2i} \cdot B \\) in constant time. - /// - /// The radix-\\(w\\) representation requires that the scalar is bounded - /// by \\(2\^{255}\\), which is always the case. - /// - /// The above algorithm is trivially generalised to other powers-of-2 radices. - fn basepoint_mul(&self, scalar: &Scalar) -> $point { - let a = scalar.to_radix_2w($radix); - - let tables = &self.0; - let mut P = <$point>::identity(); - - for i in (0..$adds).filter(|x| x % 2 == 1) { - P = (&P + &tables[i/2].select(a[i])).to_extended(); - } - - P = P.mul_by_pow_2($radix); - - for i in (0..$adds).filter(|x| x % 2 == 0) { - P = (&P + &tables[i/2].select(a[i])).to_extended(); - } - - P - } -} - -impl<'a, 'b> Mul<&'b Scalar> for &'a $name { - type Output = $point; - - /// Construct an `EdwardsPoint` from a `Scalar` \\(a\\) by - /// computing the multiple \\(aB\\) of this basepoint \\(B\\). - fn mul(self, scalar: &'b Scalar) -> $point { - // delegate to a private function so that its documentation appears in internal docs - self.basepoint_mul(scalar) - } -} - -impl<'a, 'b> Mul<&'a $name> for &'b Scalar { - type Output = $point; - - /// Construct an `EdwardsPoint` from a `Scalar` \\(a\\) by - /// computing the multiple \\(aB\\) of this basepoint \\(B\\). - fn mul(self, basepoint_table: &'a $name) -> $point { - basepoint_table * self - } -} - -impl Debug for $name { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "{:?}([\n", stringify!($name))?; - for i in 0..32 { - write!(f, "\t{:?},\n", &self.0[i])?; - } - write!(f, "])") - } -} - -}} // End macro_rules! impl_basepoint_table - -// The number of additions required is ceil(256/w) where w is the radix representation. -impl_basepoint_table! {Name = EdwardsBasepointTableRadix16, LookupTable = LookupTableRadix16, Point = EdwardsPoint, Radix = 4, Additions = 64} -impl_basepoint_table! {Name = EdwardsBasepointTableRadix32, LookupTable = LookupTableRadix32, Point = EdwardsPoint, Radix = 5, Additions = 52} -impl_basepoint_table! {Name = EdwardsBasepointTableRadix64, LookupTable = LookupTableRadix64, Point = EdwardsPoint, Radix = 6, Additions = 43} -impl_basepoint_table! {Name = EdwardsBasepointTableRadix128, LookupTable = LookupTableRadix128, Point = EdwardsPoint, Radix = 7, Additions = 37} -impl_basepoint_table! {Name = EdwardsBasepointTableRadix256, LookupTable = LookupTableRadix256, Point = EdwardsPoint, Radix = 8, Additions = 33} - -// ------------------------------------------------------------------------------------- -// BEGIN legacy 3.x series code for backwards compatibility with BasepointTable trait -// ------------------------------------------------------------------------------------- - -/// A precomputed table of multiples of a basepoint, for accelerating -/// fixed-base scalar multiplication. One table, for the Ed25519 -/// basepoint, is provided in the `constants` module. -/// -/// The basepoint tables are reasonably large, so they should probably be boxed. -/// -/// The sizes for the tables and the number of additions required for one scalar -/// multiplication are as follows: -/// -/// * [`EdwardsBasepointTableRadix16`]: 30KB, 64A -/// (this is the default size, and is used for [`ED25519_BASEPOINT_TABLE`]) -/// * [`EdwardsBasepointTableRadix64`]: 120KB, 43A -/// * [`EdwardsBasepointTableRadix128`]: 240KB, 37A -/// * [`EdwardsBasepointTableRadix256`]: 480KB, 33A -/// -/// # Why 33 additions for radix-256? -/// -/// Normally, the radix-256 tables would allow for only 32 additions per scalar -/// multiplication. However, due to the fact that standardised definitions of -/// legacy protocols—such as x25519—require allowing unreduced 255-bit scalar -/// invariants, when converting such an unreduced scalar's representation to -/// radix-\\(2^{8}\\), we cannot guarantee the carry bit will fit in the last -/// coefficient (the coefficients are `i8`s). When, \\(w\\), the power-of-2 of -/// the radix, is \\(w < 8\\), we can fold the final carry onto the last -/// coefficient, \\(d\\), because \\(d < 2^{w/2}\\), so -/// $$ -/// d + carry \cdot 2^{w} = d + 1 \cdot 2^{w} < 2^{w+1} < 2^{8} -/// $$ -/// When \\(w = 8\\), we can't fit \\(carry \cdot 2^{w}\\) into an `i8`, so we -/// add the carry bit onto an additional coefficient. -#[derive(Clone)] -pub struct EdwardsBasepointTable(pub(crate) [LookupTable; 32]); - -impl EdwardsBasepointTable { - /// Create a table of precomputed multiples of `basepoint`. - #[allow(warnings)] - pub fn create(basepoint: &EdwardsPoint) -> EdwardsBasepointTable { - Self(EdwardsBasepointTableRadix16::create(basepoint).0) - } - - /// The computation uses Pippenger's algorithm, as described on - /// page 13 of the Ed25519 paper. Write the scalar \\(a\\) in radix \\(16\\) with - /// coefficients in \\([-8,8)\\), i.e., - /// $$ - /// a = a\_0 + a\_1 16\^1 + \cdots + a\_{63} 16\^{63}, - /// $$ - /// with \\(-8 \leq a_i < 8\\), \\(-8 \leq a\_{63} \leq 8\\). Then - /// $$ - /// a B = a\_0 B + a\_1 16\^1 B + \cdots + a\_{63} 16\^{63} B. - /// $$ - /// Grouping even and odd coefficients gives - /// $$ - /// \begin{aligned} - /// a B = \quad a\_0 16\^0 B +& a\_2 16\^2 B + \cdots + a\_{62} 16\^{62} B \\\\ - /// + a\_1 16\^1 B +& a\_3 16\^3 B + \cdots + a\_{63} 16\^{63} B \\\\ - /// = \quad(a\_0 16\^0 B +& a\_2 16\^2 B + \cdots + a\_{62} 16\^{62} B) \\\\ - /// + 16(a\_1 16\^0 B +& a\_3 16\^2 B + \cdots + a\_{63} 16\^{62} B). \\\\ - /// \end{aligned} - /// $$ - /// For each \\(i = 0 \ldots 31\\), we create a lookup table of - /// $$ - /// [16\^{2i} B, \ldots, 8\cdot16\^{2i} B], - /// $$ - /// and use it to select \\( x \cdot 16\^{2i} \cdot B \\) in constant time. - /// - /// The radix-\\(16\\) representation requires that the scalar is bounded - /// by \\(2\^{255}\\), which is always the case. - #[allow(warnings)] - pub fn basepoint_mul(&self, scalar: &Scalar) -> EdwardsPoint { - let a = scalar.to_radix_16(); - - let tables = &self.0; - let mut P = EdwardsPoint::identity(); - - for i in (0..64).filter(|x| x % 2 == 1) { - P = (&P + &tables[i/2].select(a[i])).to_extended(); - } - - P = P.mul_by_pow_2(4); - - for i in (0..64).filter(|x| x % 2 == 0) { - P = (&P + &tables[i/2].select(a[i])).to_extended(); - } - - P - } - - /// Get the basepoint for this table as an `EdwardsPoint`. - #[allow(warnings)] - pub fn basepoint(&self) -> EdwardsPoint { - (&EdwardsPoint::identity() + &self.0[0].select(1)).to_extended() - } -} - -impl<'a, 'b> Mul<&'b Scalar> for &'a EdwardsBasepointTable { - type Output = EdwardsPoint; - - /// Construct an `EdwardsPoint` from a `Scalar` \\(a\\) by - /// computing the multiple \\(aB\\) of this basepoint \\(B\\). - fn mul(self, scalar: &'b Scalar) -> EdwardsPoint { - // delegate to a private function so that its documentation appears in internal docs - self.basepoint_mul(scalar) - } -} - -impl<'a, 'b> Mul<&'a EdwardsBasepointTable> for &'b Scalar { - type Output = EdwardsPoint; - - /// Construct an `EdwardsPoint` from a `Scalar` \\(a\\) by - /// computing the multiple \\(aB\\) of this basepoint \\(B\\). - fn mul(self, basepoint_table: &'a EdwardsBasepointTable) -> EdwardsPoint { - basepoint_table * self - } -} - -// ------------------------------------------------------------------------------------- -// END legacy 3.x series code for backwards compatibility with BasepointTable trait -// ------------------------------------------------------------------------------------- - -macro_rules! impl_basepoint_table_conversions { - (LHS = $lhs:ty, RHS = $rhs:ty) => { - impl<'a> From<&'a $lhs> for $rhs { - fn from(table: &'a $lhs) -> $rhs { - <$rhs>::create(&table.basepoint()) - } - } - - impl<'a> From<&'a $rhs> for $lhs { - fn from(table: &'a $rhs) -> $lhs { - <$lhs>::create(&table.basepoint()) - } - } - } -} - -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix16, RHS = EdwardsBasepointTableRadix32} -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix16, RHS = EdwardsBasepointTableRadix64} -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix16, RHS = EdwardsBasepointTableRadix128} -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix16, RHS = EdwardsBasepointTableRadix256} - -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix32, RHS = EdwardsBasepointTableRadix64} -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix32, RHS = EdwardsBasepointTableRadix128} -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix32, RHS = EdwardsBasepointTableRadix256} - -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix64, RHS = EdwardsBasepointTableRadix128} -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix64, RHS = EdwardsBasepointTableRadix256} - -impl_basepoint_table_conversions!{LHS = EdwardsBasepointTableRadix128, RHS = EdwardsBasepointTableRadix256} - -impl EdwardsPoint { - /// Multiply by the cofactor: return \\([8]P\\). - pub fn mul_by_cofactor(&self) -> EdwardsPoint { - self.mul_by_pow_2(3) - } - - /// Compute \\([2\^k] P \\) by successive doublings. Requires \\( k > 0 \\). - pub(crate) fn mul_by_pow_2(&self, k: u32) -> EdwardsPoint { - debug_assert!( k > 0 ); - let mut r: CompletedPoint; - let mut s = self.to_projective(); - for _ in 0..(k-1) { - r = s.double(); s = r.to_projective(); - } - // Unroll last iteration so we can go directly to_extended() - s.double().to_extended() - } - - /// Determine if this point is of small order. - /// - /// # Return - /// - /// * `true` if `self` is in the torsion subgroup \\( \mathcal E[8] \\); - /// * `false` if `self` is not in the torsion subgroup \\( \mathcal E[8] \\). - /// - /// # Example - /// - /// ``` - /// use curve25519_dalek::constants; - /// - /// // Generator of the prime-order subgroup - /// let P = constants::ED25519_BASEPOINT_POINT; - /// // Generator of the torsion subgroup - /// let Q = constants::EIGHT_TORSION[1]; - /// - /// // P has large order - /// assert_eq!(P.is_small_order(), false); - /// - /// // Q has small order - /// assert_eq!(Q.is_small_order(), true); - /// ``` - pub fn is_small_order(&self) -> bool { - self.mul_by_cofactor().is_identity() - } - - /// Determine if this point is “torsion-free”, i.e., is contained in - /// the prime-order subgroup. - /// - /// # Return - /// - /// * `true` if `self` has zero torsion component and is in the - /// prime-order subgroup; - /// * `false` if `self` has a nonzero torsion component and is not - /// in the prime-order subgroup. - /// - /// # Example - /// - /// ``` - /// use curve25519_dalek::constants; - /// - /// // Generator of the prime-order subgroup - /// let P = constants::ED25519_BASEPOINT_POINT; - /// // Generator of the torsion subgroup - /// let Q = constants::EIGHT_TORSION[1]; - /// - /// // P is torsion-free - /// assert_eq!(P.is_torsion_free(), true); - /// - /// // P + Q is not torsion-free - /// assert_eq!((P+Q).is_torsion_free(), false); - /// ``` - pub fn is_torsion_free(&self) -> bool { - (self * constants::BASEPOINT_ORDER).is_identity() - } -} - -// ------------------------------------------------------------------------ -// Debug traits -// ------------------------------------------------------------------------ - -impl Debug for EdwardsPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "EdwardsPoint{{\n\tX: {:?},\n\tY: {:?},\n\tZ: {:?},\n\tT: {:?}\n}}", - &self.X, &self.Y, &self.Z, &self.T) - } -} - -// ------------------------------------------------------------------------ -// Tests -// ------------------------------------------------------------------------ - -#[cfg(test)] -mod test { - use field::FieldElement; - use scalar::Scalar; - use subtle::ConditionallySelectable; - use constants; - use super::*; - - /// X coordinate of the basepoint. - /// = 15112221349535400772501151409588531511454012693041857206046113283949847762202 - static BASE_X_COORD_BYTES: [u8; 32] = - [0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, - 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21]; - - /// Compressed Edwards Y form of 2*basepoint. - static BASE2_CMPRSSD: CompressedEdwardsY = - CompressedEdwardsY([0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0xe, - 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, - 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, - 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22]); - - /// Compressed Edwards Y form of 16*basepoint. - static BASE16_CMPRSSD: CompressedEdwardsY = - CompressedEdwardsY([0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, - 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, - 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, - 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70]); - - /// 4493907448824000747700850167940867464579944529806937181821189941592931634714 - pub static A_SCALAR: Scalar = Scalar{ - bytes: [ - 0x1a, 0x0e, 0x97, 0x8a, 0x90, 0xf6, 0x62, 0x2d, - 0x37, 0x47, 0x02, 0x3f, 0x8a, 0xd8, 0x26, 0x4d, - 0xa7, 0x58, 0xaa, 0x1b, 0x88, 0xe0, 0x40, 0xd1, - 0x58, 0x9e, 0x7b, 0x7f, 0x23, 0x76, 0xef, 0x09, - ], - }; - - /// 2506056684125797857694181776241676200180934651973138769173342316833279714961 - pub static B_SCALAR: Scalar = Scalar{ - bytes: [ - 0x91, 0x26, 0x7a, 0xcf, 0x25, 0xc2, 0x09, 0x1b, - 0xa2, 0x17, 0x74, 0x7b, 0x66, 0xf0, 0xb3, 0x2e, - 0x9d, 0xf2, 0xa5, 0x67, 0x41, 0xcf, 0xda, 0xc4, - 0x56, 0xa7, 0xd4, 0xaa, 0xb8, 0x60, 0x8a, 0x05, - ], - }; - - /// A_SCALAR * basepoint, computed with ed25519.py - pub static A_TIMES_BASEPOINT: CompressedEdwardsY = CompressedEdwardsY([ - 0xea, 0x27, 0xe2, 0x60, 0x53, 0xdf, 0x1b, 0x59, - 0x56, 0xf1, 0x4d, 0x5d, 0xec, 0x3c, 0x34, 0xc3, - 0x84, 0xa2, 0x69, 0xb7, 0x4c, 0xc3, 0x80, 0x3e, - 0xa8, 0xe2, 0xe7, 0xc9, 0x42, 0x5e, 0x40, 0xa5]); - - /// A_SCALAR * (A_TIMES_BASEPOINT) + B_SCALAR * BASEPOINT - /// computed with ed25519.py - static DOUBLE_SCALAR_MULT_RESULT: CompressedEdwardsY = CompressedEdwardsY([ - 0x7d, 0xfd, 0x6c, 0x45, 0xaf, 0x6d, 0x6e, 0x0e, - 0xba, 0x20, 0x37, 0x1a, 0x23, 0x64, 0x59, 0xc4, - 0xc0, 0x46, 0x83, 0x43, 0xde, 0x70, 0x4b, 0x85, - 0x09, 0x6f, 0xfe, 0x35, 0x4f, 0x13, 0x2b, 0x42]); - - /// Test round-trip decompression for the basepoint. - #[test] - fn basepoint_decompression_compression() { - let base_X = FieldElement::from_bytes(&BASE_X_COORD_BYTES); - let bp = constants::ED25519_BASEPOINT_COMPRESSED.decompress().unwrap(); - assert!(bp.is_valid()); - // Check that decompression actually gives the correct X coordinate - assert_eq!(base_X, bp.X); - assert_eq!(bp.compress(), constants::ED25519_BASEPOINT_COMPRESSED); - } - - /// Test sign handling in decompression - #[test] - fn decompression_sign_handling() { - // Manually set the high bit of the last byte to flip the sign - let mut minus_basepoint_bytes = constants::ED25519_BASEPOINT_COMPRESSED.as_bytes().clone(); - minus_basepoint_bytes[31] |= 1 << 7; - let minus_basepoint = CompressedEdwardsY(minus_basepoint_bytes) - .decompress().unwrap(); - // Test projective coordinates exactly since we know they should - // only differ by a flipped sign. - assert_eq!(minus_basepoint.X, -(&constants::ED25519_BASEPOINT_POINT.X)); - assert_eq!(minus_basepoint.Y, constants::ED25519_BASEPOINT_POINT.Y); - assert_eq!(minus_basepoint.Z, constants::ED25519_BASEPOINT_POINT.Z); - assert_eq!(minus_basepoint.T, -(&constants::ED25519_BASEPOINT_POINT.T)); - } - - /// Test that computing 1*basepoint gives the correct basepoint. - #[test] - fn basepoint_mult_one_vs_basepoint() { - let bp = &constants::ED25519_BASEPOINT_TABLE * &Scalar::one(); - let compressed = bp.compress(); - assert_eq!(compressed, constants::ED25519_BASEPOINT_COMPRESSED); - } - - /// Test that `EdwardsBasepointTable::basepoint()` gives the correct basepoint. - #[test] - fn basepoint_table_basepoint_function_correct() { - let bp = constants::ED25519_BASEPOINT_TABLE.basepoint(); - assert_eq!(bp.compress(), constants::ED25519_BASEPOINT_COMPRESSED); - } - - /// Test `impl Add for EdwardsPoint` - /// using basepoint + basepoint versus the 2*basepoint constant. - #[test] - fn basepoint_plus_basepoint_vs_basepoint2() { - let bp = constants::ED25519_BASEPOINT_POINT; - let bp_added = &bp + &bp; - assert_eq!(bp_added.compress(), BASE2_CMPRSSD); - } - - /// Test `impl Add for EdwardsPoint` - /// using the basepoint, basepoint2 constants - #[test] - fn basepoint_plus_basepoint_projective_niels_vs_basepoint2() { - let bp = constants::ED25519_BASEPOINT_POINT; - let bp_added = (&bp + &bp.to_projective_niels()).to_extended(); - assert_eq!(bp_added.compress(), BASE2_CMPRSSD); - } - - /// Test `impl Add for EdwardsPoint` - /// using the basepoint, basepoint2 constants - #[test] - fn basepoint_plus_basepoint_affine_niels_vs_basepoint2() { - let bp = constants::ED25519_BASEPOINT_POINT; - let bp_affine_niels = bp.to_affine_niels(); - let bp_added = (&bp + &bp_affine_niels).to_extended(); - assert_eq!(bp_added.compress(), BASE2_CMPRSSD); - } - - /// Check that equality of `EdwardsPoints` handles projective - /// coordinates correctly. - #[test] - fn extended_point_equality_handles_scaling() { - let mut two_bytes = [0u8; 32]; two_bytes[0] = 2; - let id1 = EdwardsPoint::identity(); - let id2 = EdwardsPoint{ - X: FieldElement::zero(), - Y: FieldElement::from_bytes(&two_bytes), - Z: FieldElement::from_bytes(&two_bytes), - T: FieldElement::zero() - }; - assert_eq!(id1.ct_eq(&id2).unwrap_u8(), 1u8); - } - - /// Sanity check for conversion to precomputed points - #[test] - fn to_affine_niels_clears_denominators() { - // construct a point as aB so it has denominators (ie. Z != 1) - let aB = &constants::ED25519_BASEPOINT_TABLE * &A_SCALAR; - let aB_affine_niels = aB.to_affine_niels(); - let also_aB = (&EdwardsPoint::identity() + &aB_affine_niels).to_extended(); - assert_eq!( aB.compress(), - also_aB.compress()); - } - - /// Test basepoint_mult versus a known scalar multiple from ed25519.py - #[test] - fn basepoint_mult_vs_ed25519py() { - let aB = &constants::ED25519_BASEPOINT_TABLE * &A_SCALAR; - assert_eq!(aB.compress(), A_TIMES_BASEPOINT); - } - - /// Test that multiplication by the basepoint order kills the basepoint - #[test] - fn basepoint_mult_by_basepoint_order() { - let B = &constants::ED25519_BASEPOINT_TABLE; - let should_be_id = B * &constants::BASEPOINT_ORDER; - assert!(should_be_id.is_identity()); - } - - /// Test precomputed basepoint mult - #[test] - fn test_precomputed_basepoint_mult() { - let aB_1 = &constants::ED25519_BASEPOINT_TABLE * &A_SCALAR; - let aB_2 = &constants::ED25519_BASEPOINT_POINT * &A_SCALAR; - assert_eq!(aB_1.compress(), aB_2.compress()); - } - - /// Test scalar_mul versus a known scalar multiple from ed25519.py - #[test] - fn scalar_mul_vs_ed25519py() { - let aB = &constants::ED25519_BASEPOINT_POINT * &A_SCALAR; - assert_eq!(aB.compress(), A_TIMES_BASEPOINT); - } - - /// Test basepoint.double() versus the 2*basepoint constant. - #[test] - fn basepoint_double_vs_basepoint2() { - assert_eq!(constants::ED25519_BASEPOINT_POINT.double().compress(), - BASE2_CMPRSSD); - } - - /// Test that computing 2*basepoint is the same as basepoint.double() - #[test] - fn basepoint_mult_two_vs_basepoint2() { - let two = Scalar::from(2u64); - let bp2 = &constants::ED25519_BASEPOINT_TABLE * &two; - assert_eq!(bp2.compress(), BASE2_CMPRSSD); - } - - /// Test that all the basepoint table types compute the same results. - #[test] - fn basepoint_tables() { - let P = &constants::ED25519_BASEPOINT_POINT; - let a = A_SCALAR; - - let table_radix16 = EdwardsBasepointTableRadix16::create(&P); - let table_radix32 = EdwardsBasepointTableRadix32::create(&P); - let table_radix64 = EdwardsBasepointTableRadix64::create(&P); - let table_radix128 = EdwardsBasepointTableRadix128::create(&P); - let table_radix256 = EdwardsBasepointTableRadix256::create(&P); - - let aP = (&constants::ED25519_BASEPOINT_TABLE * &a).compress(); - let aP16 = (&table_radix16 * &a).compress(); - let aP32 = (&table_radix32 * &a).compress(); - let aP64 = (&table_radix64 * &a).compress(); - let aP128 = (&table_radix128 * &a).compress(); - let aP256 = (&table_radix256 * &a).compress(); - - assert_eq!(aP, aP16); - assert_eq!(aP16, aP32); - assert_eq!(aP32, aP64); - assert_eq!(aP64, aP128); - assert_eq!(aP128, aP256); - } - - // Check a unreduced scalar multiplication by the basepoint tables. - #[test] - fn basepoint_tables_unreduced_scalar() { - let P = &constants::ED25519_BASEPOINT_POINT; - let a = Scalar::from_bits([ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - ]); - - let table_radix16 = EdwardsBasepointTableRadix16::create(&P); - let table_radix32 = EdwardsBasepointTableRadix32::create(&P); - let table_radix64 = EdwardsBasepointTableRadix64::create(&P); - let table_radix128 = EdwardsBasepointTableRadix128::create(&P); - let table_radix256 = EdwardsBasepointTableRadix256::create(&P); - - let aP = (&constants::ED25519_BASEPOINT_TABLE * &a).compress(); - let aP16 = (&table_radix16 * &a).compress(); - let aP32 = (&table_radix32 * &a).compress(); - let aP64 = (&table_radix64 * &a).compress(); - let aP128 = (&table_radix128 * &a).compress(); - let aP256 = (&table_radix256 * &a).compress(); - - assert_eq!(aP, aP16); - assert_eq!(aP16, aP32); - assert_eq!(aP32, aP64); - assert_eq!(aP64, aP128); - assert_eq!(aP128, aP256); - } - - /// Check that converting to projective and then back to extended round-trips. - #[test] - fn basepoint_projective_extended_round_trip() { - assert_eq!(constants::ED25519_BASEPOINT_POINT - .to_projective().to_extended().compress(), - constants::ED25519_BASEPOINT_COMPRESSED); - } - - /// Test computing 16*basepoint vs mul_by_pow_2(4) - #[test] - fn basepoint16_vs_mul_by_pow_2_4() { - let bp16 = constants::ED25519_BASEPOINT_POINT.mul_by_pow_2(4); - assert_eq!(bp16.compress(), BASE16_CMPRSSD); - } - - #[test] - fn impl_sum() { - - // Test that sum works for non-empty iterators - let BASE = constants::ED25519_BASEPOINT_POINT; - - let s1 = Scalar::from(999u64); - let P1 = &BASE * &s1; - - let s2 = Scalar::from(333u64); - let P2 = &BASE * &s2; - - let vec = vec![P1.clone(), P2.clone()]; - let sum: EdwardsPoint = vec.iter().sum(); - - assert_eq!(sum, P1 + P2); - - // Test that sum works for the empty iterator - let empty_vector: Vec = vec![]; - let sum: EdwardsPoint = empty_vector.iter().sum(); - - assert_eq!(sum, EdwardsPoint::identity()); - - // Test that sum works on owning iterators - let s = Scalar::from(2u64); - let mapped = vec.iter().map(|x| x * s); - let sum: EdwardsPoint = mapped.sum(); - - assert_eq!(sum, &P1 * &s + &P2 * &s); - } - - - /// Test that the conditional assignment trait works for AffineNielsPoints. - #[test] - fn conditional_assign_for_affine_niels_point() { - let id = AffineNielsPoint::identity(); - let mut p1 = AffineNielsPoint::identity(); - let bp = constants::ED25519_BASEPOINT_POINT.to_affine_niels(); - - p1.conditional_assign(&bp, Choice::from(0)); - assert_eq!(p1, id); - p1.conditional_assign(&bp, Choice::from(1)); - assert_eq!(p1, bp); - } - - #[test] - fn is_small_order() { - // The basepoint has large prime order - assert!(!constants::ED25519_BASEPOINT_POINT.is_small_order()); - // constants::EIGHT_TORSION has all points of small order. - for torsion_point in &constants::EIGHT_TORSION { - assert!(torsion_point.is_small_order()); - } - } - - #[test] - fn compressed_identity() { - assert_eq!(EdwardsPoint::identity().compress(), - CompressedEdwardsY::identity()); - } - - #[test] - fn is_identity() { - assert!( EdwardsPoint::identity().is_identity()); - assert!(!constants::ED25519_BASEPOINT_POINT.is_identity()); - } - - /// Rust's debug builds have overflow and underflow trapping, - /// and enable `debug_assert!()`. This performs many scalar - /// multiplications to attempt to trigger possible overflows etc. - /// - /// For instance, the `u64` `Mul` implementation for - /// `FieldElements` requires the input `Limb`s to be bounded by - /// 2^54, but we cannot enforce this dynamically at runtime, or - /// statically at compile time (until Rust gets type-level - /// integers, at which point we can encode "bits of headroom" into - /// the type system and prove correctness). - #[test] - fn monte_carlo_overflow_underflow_debug_assert_test() { - let mut P = constants::ED25519_BASEPOINT_POINT; - // N.B. each scalar_mul does 1407 field mults, 1024 field squarings, - // so this does ~ 1M of each operation. - for _ in 0..1_000 { - P *= &A_SCALAR; - } - } - - #[test] - fn scalarmult_extended_point_works_both_ways() { - let G: EdwardsPoint = constants::ED25519_BASEPOINT_POINT; - let s: Scalar = A_SCALAR; - - let P1 = &G * &s; - let P2 = &s * &G; - - assert!(P1.compress().to_bytes() == P2.compress().to_bytes()); - } - - // A single iteration of a consistency check for MSM. - fn multiscalar_consistency_iter(n: usize) { - use core::iter; - let mut rng = rand::thread_rng(); - - // Construct random coefficients x0, ..., x_{n-1}, - // followed by some extra hardcoded ones. - let xs = (0..n) - .map(|_| Scalar::random(&mut rng)) - // The largest scalar allowed by the type system, 2^255-1 - .chain(iter::once(Scalar::from_bits([0xff; 32]))) - .collect::>(); - let check = xs.iter() - .map(|xi| xi * xi) - .sum::(); - - // Construct points G_i = x_i * B - let Gs = xs.iter() - .map(|xi| xi * &constants::ED25519_BASEPOINT_TABLE) - .collect::>(); - - // Compute H1 = (consttime) - let H1 = EdwardsPoint::multiscalar_mul(&xs, &Gs); - // Compute H2 = (vartime) - let H2 = EdwardsPoint::vartime_multiscalar_mul(&xs, &Gs); - // Compute H3 = = sum(xi^2) * B - let H3 = &check * &constants::ED25519_BASEPOINT_TABLE; - - assert_eq!(H1, H3); - assert_eq!(H2, H3); - } - - // Use different multiscalar sizes to hit different internal - // parameters. - - #[test] - fn multiscalar_consistency_n_100() { - let iters = 50; - for _ in 0..iters { - multiscalar_consistency_iter(100); - } - } - - #[test] - fn multiscalar_consistency_n_250() { - let iters = 50; - for _ in 0..iters { - multiscalar_consistency_iter(250); - } - } - - #[test] - fn multiscalar_consistency_n_500() { - let iters = 50; - for _ in 0..iters { - multiscalar_consistency_iter(500); - } - } - - #[test] - fn multiscalar_consistency_n_1000() { - let iters = 50; - for _ in 0..iters { - multiscalar_consistency_iter(1000); - } - } - - #[test] - fn vartime_precomputed_vs_nonprecomputed_multiscalar() { - let mut rng = rand::thread_rng(); - - let B = &::constants::ED25519_BASEPOINT_TABLE; - - let static_scalars = (0..128) - .map(|_| Scalar::random(&mut rng)) - .collect::>(); - - let dynamic_scalars = (0..128) - .map(|_| Scalar::random(&mut rng)) - .collect::>(); - - let check_scalar: Scalar = static_scalars - .iter() - .chain(dynamic_scalars.iter()) - .map(|s| s * s) - .sum(); - - let static_points = static_scalars.iter().map(|s| s * B).collect::>(); - let dynamic_points = dynamic_scalars.iter().map(|s| s * B).collect::>(); - - let precomputation = VartimeEdwardsPrecomputation::new(static_points.iter()); - - let P = precomputation.vartime_mixed_multiscalar_mul( - &static_scalars, - &dynamic_scalars, - &dynamic_points, - ); - - use traits::VartimeMultiscalarMul; - let Q = EdwardsPoint::vartime_multiscalar_mul( - static_scalars.iter().chain(dynamic_scalars.iter()), - static_points.iter().chain(dynamic_points.iter()), - ); - - let R = &check_scalar * B; - - assert_eq!(P.compress(), R.compress()); - assert_eq!(Q.compress(), R.compress()); - } - - mod vartime { - use super::super::*; - use super::{A_SCALAR, B_SCALAR, A_TIMES_BASEPOINT, DOUBLE_SCALAR_MULT_RESULT}; - - /// Test double_scalar_mul_vartime vs ed25519.py - #[test] - fn double_scalar_mul_basepoint_vs_ed25519py() { - let A = A_TIMES_BASEPOINT.decompress().unwrap(); - let result = EdwardsPoint::vartime_double_scalar_mul_basepoint(&A_SCALAR, &A, &B_SCALAR); - assert_eq!(result.compress(), DOUBLE_SCALAR_MULT_RESULT); - } - - #[test] - fn multiscalar_mul_vs_ed25519py() { - let A = A_TIMES_BASEPOINT.decompress().unwrap(); - let result = EdwardsPoint::vartime_multiscalar_mul( - &[A_SCALAR, B_SCALAR], - &[A, constants::ED25519_BASEPOINT_POINT] - ); - assert_eq!(result.compress(), DOUBLE_SCALAR_MULT_RESULT); - } - - #[test] - fn multiscalar_mul_vartime_vs_consttime() { - let A = A_TIMES_BASEPOINT.decompress().unwrap(); - let result_vartime = EdwardsPoint::vartime_multiscalar_mul( - &[A_SCALAR, B_SCALAR], - &[A, constants::ED25519_BASEPOINT_POINT] - ); - let result_consttime = EdwardsPoint::multiscalar_mul( - &[A_SCALAR, B_SCALAR], - &[A, constants::ED25519_BASEPOINT_POINT] - ); - - assert_eq!(result_vartime.compress(), result_consttime.compress()); - } - } - - #[test] - #[cfg(feature = "serde")] - fn serde_bincode_basepoint_roundtrip() { - use bincode; - - let encoded = bincode::serialize(&constants::ED25519_BASEPOINT_POINT).unwrap(); - let enc_compressed = bincode::serialize(&constants::ED25519_BASEPOINT_COMPRESSED).unwrap(); - assert_eq!(encoded, enc_compressed); - - // Check that the encoding is 32 bytes exactly - assert_eq!(encoded.len(), 32); - - let dec_uncompressed: EdwardsPoint = bincode::deserialize(&encoded).unwrap(); - let dec_compressed: CompressedEdwardsY = bincode::deserialize(&encoded).unwrap(); - - assert_eq!(dec_uncompressed, constants::ED25519_BASEPOINT_POINT); - assert_eq!(dec_compressed, constants::ED25519_BASEPOINT_COMPRESSED); - - // Check that the encoding itself matches the usual one - let raw_bytes = constants::ED25519_BASEPOINT_COMPRESSED.as_bytes(); - let bp: EdwardsPoint = bincode::deserialize(raw_bytes).unwrap(); - assert_eq!(bp, constants::ED25519_BASEPOINT_POINT); - } - - //////////////////////////////////////////////////////////// - // Signal tests from // - // https://github.com/signalapp/libsignal-protocol-c/ // - //////////////////////////////////////////////////////////// - - fn test_vectors() -> Vec> { - vec![ - vec![ - "214f306e1576f5a7577636fe303ca2c625b533319f52442b22a9fa3b7ede809f", - "c95becf0f93595174633b9d4d6bbbeb88e16fa257176f877ce426e1424626052", - ], - vec![ - "2eb10d432702ea7f79207da95d206f82d5a3b374f5f89f17a199531f78d3bea6", - "d8f8b508edffbb8b6dab0f602f86a9dd759f800fe18f782fdcac47c234883e7f", - ], - vec![ - "84cbe9accdd32b46f4a8ef51c85fd39d028711f77fb00e204a613fc235fd68b9", - "93c73e0289afd1d1fc9e4e78a505d5d1b2642fbdf91a1eff7d281930654b1453", - ], - vec![ - "c85165952490dc1839cb69012a3d9f2cc4b02343613263ab93a26dc89fd58267", - "43cbe8685fd3c90665b91835debb89ff1477f906f5170f38a192f6a199556537", - ], - vec![ - "26e7fc4a78d863b1a4ccb2ce0951fbcd021e106350730ee4157bacb4502e1b76", - "b6fc3d738c2c40719479b2f23818180cdafa72a14254d4016bbed8f0b788a835", - ], - vec![ - "1618c08ef0233f94f0f163f9435ec7457cd7a8cd4bb6b160315d15818c30f7a2", - "da0b703593b29dbcd28ebd6e7baea17b6f61971f3641cae774f6a5137a12294c", - ], - vec![ - "48b73039db6fcdcb6030c4a38e8be80b6390d8ae46890e77e623f87254ef149c", - "ca11b25acbc80566603eabeb9364ebd50e0306424c61049e1ce9385d9f349966", - ], - vec![ - "a744d582b3a34d14d311b7629da06d003045ae77cebceeb4e0e72734d63bd07d", - "fad25a5ea15d4541258af8785acaf697a886c1b872c793790e60a6837b1adbc0", - ], - vec![ - "80a6ff33494c471c5eff7efb9febfbcf30a946fe6535b3451cda79f2154a7095", - "57ac03913309b3f8cd3c3d4c49d878bb21f4d97dc74a1eaccbe5c601f7f06f47", - ], - vec![ - "f06fc939bc10551a0fd415aebf107ef0b9c4ee1ef9a164157bdd089127782617", - "785b2a6a00a5579cc9da1ff997ce8339b6f9fb46c6f10cf7a12ff2986341a6e0", - ], - ] - } - - #[test] - fn elligator_signal_test_vectors() { - for vector in test_vectors().iter() { - let input = hex::decode(vector[0]).unwrap(); - let output = hex::decode(vector[1]).unwrap(); - - let point = EdwardsPoint::hash_from_bytes::(&input); - assert_eq!(point.compress().to_bytes(), output[..]); - } - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/field.rs deleted file mode 100644 index 109cff249407..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/field.rs +++ /dev/null @@ -1,476 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis agora lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - Isis Agora Lovecruft -// - Henry de Valence - -//! Field arithmetic modulo \\(p = 2\^{255} - 19\\). -//! -//! The `curve25519_dalek::field` module provides a type alias -//! `curve25519_dalek::field::FieldElement` to a field element type -//! defined in the `backend` module; either `FieldElement51` or -//! `FieldElement2625`. -//! -//! Field operations defined in terms of machine -//! operations, such as field multiplication or squaring, are defined in -//! the backend implementation. -//! -//! Field operations defined in terms of other field operations, such as -//! field inversion or square roots, are defined here. - -use core::cmp::{Eq, PartialEq}; - -use subtle::ConditionallySelectable; -use subtle::ConditionallyNegatable; -use subtle::Choice; -use subtle::ConstantTimeEq; - -use constants; -use backend; - -#[cfg(feature = "fiat_u32_backend")] -pub use backend::serial::fiat_u32::field::*; -#[cfg(feature = "fiat_u64_backend")] -pub use backend::serial::fiat_u64::field::*; -/// A `FieldElement` represents an element of the field -/// \\( \mathbb Z / (2\^{255} - 19)\\). -/// -/// The `FieldElement` type is an alias for one of the platform-specific -/// implementations. -/// Using formally-verified field arithmetic from fiat-crypto -#[cfg(feature = "fiat_u32_backend")] -pub type FieldElement = backend::serial::fiat_u32::field::FieldElement2625; -#[cfg(feature = "fiat_u64_backend")] -pub type FieldElement = backend::serial::fiat_u64::field::FieldElement51; - -#[cfg(feature = "u64_backend")] -pub use backend::serial::u64::field::*; -/// A `FieldElement` represents an element of the field -/// \\( \mathbb Z / (2\^{255} - 19)\\). -/// -/// The `FieldElement` type is an alias for one of the platform-specific -/// implementations. -#[cfg(feature = "u64_backend")] -pub type FieldElement = backend::serial::u64::field::FieldElement51; - -#[cfg(feature = "u32_backend")] -pub use backend::serial::u32::field::*; -/// A `FieldElement` represents an element of the field -/// \\( \mathbb Z / (2\^{255} - 19)\\). -/// -/// The `FieldElement` type is an alias for one of the platform-specific -/// implementations. -#[cfg(feature = "u32_backend")] -pub type FieldElement = backend::serial::u32::field::FieldElement2625; - -impl Eq for FieldElement {} - -impl PartialEq for FieldElement { - fn eq(&self, other: &FieldElement) -> bool { - self.ct_eq(other).unwrap_u8() == 1u8 - } -} - -impl ConstantTimeEq for FieldElement { - /// Test equality between two `FieldElement`s. Since the - /// internal representation is not canonical, the field elements - /// are normalized to wire format before comparison. - fn ct_eq(&self, other: &FieldElement) -> Choice { - self.to_bytes().ct_eq(&other.to_bytes()) - } -} - -impl FieldElement { - /// Determine if this `FieldElement` is negative, in the sense - /// used in the ed25519 paper: `x` is negative if the low bit is - /// set. - /// - /// # Return - /// - /// If negative, return `Choice(1)`. Otherwise, return `Choice(0)`. - pub fn is_negative(&self) -> Choice { - let bytes = self.to_bytes(); - (bytes[0] & 1).into() - } - - /// Determine if this `FieldElement` is zero. - /// - /// # Return - /// - /// If zero, return `Choice(1)`. Otherwise, return `Choice(0)`. - pub fn is_zero(&self) -> Choice { - let zero = [0u8; 32]; - let bytes = self.to_bytes(); - - bytes.ct_eq(&zero) - } - - /// Compute (self^(2^250-1), self^11), used as a helper function - /// within invert() and pow22523(). - fn pow22501(&self) -> (FieldElement, FieldElement) { - // Instead of managing which temporary variables are used - // for what, we define as many as we need and leave stack - // allocation to the compiler - // - // Each temporary variable t_i is of the form (self)^e_i. - // Squaring t_i corresponds to multiplying e_i by 2, - // so the pow2k function shifts e_i left by k places. - // Multiplying t_i and t_j corresponds to adding e_i + e_j. - // - // Temporary t_i Nonzero bits of e_i - // - let t0 = self.square(); // 1 e_0 = 2^1 - let t1 = t0.square().square(); // 3 e_1 = 2^3 - let t2 = self * &t1; // 3,0 e_2 = 2^3 + 2^0 - let t3 = &t0 * &t2; // 3,1,0 - let t4 = t3.square(); // 4,2,1 - let t5 = &t2 * &t4; // 4,3,2,1,0 - let t6 = t5.pow2k(5); // 9,8,7,6,5 - let t7 = &t6 * &t5; // 9,8,7,6,5,4,3,2,1,0 - let t8 = t7.pow2k(10); // 19..10 - let t9 = &t8 * &t7; // 19..0 - let t10 = t9.pow2k(20); // 39..20 - let t11 = &t10 * &t9; // 39..0 - let t12 = t11.pow2k(10); // 49..10 - let t13 = &t12 * &t7; // 49..0 - let t14 = t13.pow2k(50); // 99..50 - let t15 = &t14 * &t13; // 99..0 - let t16 = t15.pow2k(100); // 199..100 - let t17 = &t16 * &t15; // 199..0 - let t18 = t17.pow2k(50); // 249..50 - let t19 = &t18 * &t13; // 249..0 - - (t19, t3) - } - - /// Given a slice of public `FieldElements`, replace each with its inverse. - /// - /// All input `FieldElements` **MUST** be nonzero. - #[cfg(feature = "alloc")] - pub fn batch_invert(inputs: &mut [FieldElement]) { - // Montgomery’s Trick and Fast Implementation of Masked AES - // Genelle, Prouff and Quisquater - // Section 3.2 - - let n = inputs.len(); - let mut scratch = vec![FieldElement::one(); n]; - - // Keep an accumulator of all of the previous products - let mut acc = FieldElement::one(); - - // Pass through the input vector, recording the previous - // products in the scratch space - for (input, scratch) in inputs.iter().zip(scratch.iter_mut()) { - *scratch = acc; - acc = &acc * input; - } - - // acc is nonzero iff all inputs are nonzero - assert_eq!(acc.is_zero().unwrap_u8(), 0); - - // Compute the inverse of all products - acc = acc.invert(); - - // Pass through the vector backwards to compute the inverses - // in place - for (input, scratch) in inputs.iter_mut().rev().zip(scratch.into_iter().rev()) { - let tmp = &acc * input; - *input = &acc * &scratch; - acc = tmp; - } - } - - /// Given a nonzero field element, compute its inverse. - /// - /// The inverse is computed as self^(p-2), since - /// x^(p-2)x = x^(p-1) = 1 (mod p). - /// - /// This function returns zero on input zero. - pub fn invert(&self) -> FieldElement { - // The bits of p-2 = 2^255 -19 -2 are 11010111111...11. - // - // nonzero bits of exponent - let (t19, t3) = self.pow22501(); // t19: 249..0 ; t3: 3,1,0 - let t20 = t19.pow2k(5); // 254..5 - let t21 = &t20 * &t3; // 254..5,3,1,0 - - t21 - } - - /// Raise this field element to the power (p-5)/8 = 2^252 -3. - fn pow_p58(&self) -> FieldElement { - // The bits of (p-5)/8 are 101111.....11. - // - // nonzero bits of exponent - let (t19, _) = self.pow22501(); // 249..0 - let t20 = t19.pow2k(2); // 251..2 - let t21 = self * &t20; // 251..2,0 - - t21 - } - - /// Given `FieldElements` `u` and `v`, compute either `sqrt(u/v)` - /// or `sqrt(i*u/v)` in constant time. - /// - /// This function always returns the nonnegative square root. - /// - /// # Return - /// - /// - `(Choice(1), +sqrt(u/v)) ` if `v` is nonzero and `u/v` is square; - /// - `(Choice(1), zero) ` if `u` is zero; - /// - `(Choice(0), zero) ` if `v` is zero and `u` is nonzero; - /// - `(Choice(0), +sqrt(i*u/v))` if `u/v` is nonsquare (so `i*u/v` is square). - /// - pub fn sqrt_ratio_i(u: &FieldElement, v: &FieldElement) -> (Choice, FieldElement) { - // Using the same trick as in ed25519 decoding, we merge the - // inversion, the square root, and the square test as follows. - // - // To compute sqrt(α), we can compute β = α^((p+3)/8). - // Then β^2 = ±α, so multiplying β by sqrt(-1) if necessary - // gives sqrt(α). - // - // To compute 1/sqrt(α), we observe that - // 1/β = α^(p-1 - (p+3)/8) = α^((7p-11)/8) - // = α^3 * (α^7)^((p-5)/8). - // - // We can therefore compute sqrt(u/v) = sqrt(u)/sqrt(v) - // by first computing - // r = u^((p+3)/8) v^(p-1-(p+3)/8) - // = u u^((p-5)/8) v^3 (v^7)^((p-5)/8) - // = (uv^3) (uv^7)^((p-5)/8). - // - // If v is nonzero and u/v is square, then r^2 = ±u/v, - // so vr^2 = ±u. - // If vr^2 = u, then sqrt(u/v) = r. - // If vr^2 = -u, then sqrt(u/v) = r*sqrt(-1). - // - // If v is zero, r is also zero. - - let v3 = &v.square() * v; - let v7 = &v3.square() * v; - let mut r = &(u * &v3) * &(u * &v7).pow_p58(); - let check = v * &r.square(); - - let i = &constants::SQRT_M1; - - let correct_sign_sqrt = check.ct_eq( u); - let flipped_sign_sqrt = check.ct_eq( &(-u)); - let flipped_sign_sqrt_i = check.ct_eq(&(&(-u)*i)); - - let r_prime = &constants::SQRT_M1 * &r; - r.conditional_assign(&r_prime, flipped_sign_sqrt | flipped_sign_sqrt_i); - - // Choose the nonnegative square root. - let r_is_negative = r.is_negative(); - r.conditional_negate(r_is_negative); - - let was_nonzero_square = correct_sign_sqrt | flipped_sign_sqrt; - - (was_nonzero_square, r) - } - - /// Attempt to compute `sqrt(1/self)` in constant time. - /// - /// Convenience wrapper around `sqrt_ratio_i`. - /// - /// This function always returns the nonnegative square root. - /// - /// # Return - /// - /// - `(Choice(1), +sqrt(1/self)) ` if `self` is a nonzero square; - /// - `(Choice(0), zero) ` if `self` is zero; - /// - `(Choice(0), +sqrt(i/self)) ` if `self` is a nonzero nonsquare; - /// - pub fn invsqrt(&self) -> (Choice, FieldElement) { - FieldElement::sqrt_ratio_i(&FieldElement::one(), self) - } -} - -#[cfg(test)] -mod test { - use field::*; - use subtle::ConditionallyNegatable; - - /// Random element a of GF(2^255-19), from Sage - /// a = 1070314506888354081329385823235218444233221\ - /// 2228051251926706380353716438957572 - static A_BYTES: [u8; 32] = - [ 0x04, 0xfe, 0xdf, 0x98, 0xa7, 0xfa, 0x0a, 0x68, - 0x84, 0x92, 0xbd, 0x59, 0x08, 0x07, 0xa7, 0x03, - 0x9e, 0xd1, 0xf6, 0xf2, 0xe1, 0xd9, 0xe2, 0xa4, - 0xa4, 0x51, 0x47, 0x36, 0xf3, 0xc3, 0xa9, 0x17]; - - /// Byte representation of a**2 - static ASQ_BYTES: [u8; 32] = - [ 0x75, 0x97, 0x24, 0x9e, 0xe6, 0x06, 0xfe, 0xab, - 0x24, 0x04, 0x56, 0x68, 0x07, 0x91, 0x2d, 0x5d, - 0x0b, 0x0f, 0x3f, 0x1c, 0xb2, 0x6e, 0xf2, 0xe2, - 0x63, 0x9c, 0x12, 0xba, 0x73, 0x0b, 0xe3, 0x62]; - - /// Byte representation of 1/a - static AINV_BYTES: [u8; 32] = - [0x96, 0x1b, 0xcd, 0x8d, 0x4d, 0x5e, 0xa2, 0x3a, - 0xe9, 0x36, 0x37, 0x93, 0xdb, 0x7b, 0x4d, 0x70, - 0xb8, 0x0d, 0xc0, 0x55, 0xd0, 0x4c, 0x1d, 0x7b, - 0x90, 0x71, 0xd8, 0xe9, 0xb6, 0x18, 0xe6, 0x30]; - - /// Byte representation of a^((p-5)/8) - static AP58_BYTES: [u8; 32] = - [0x6a, 0x4f, 0x24, 0x89, 0x1f, 0x57, 0x60, 0x36, - 0xd0, 0xbe, 0x12, 0x3c, 0x8f, 0xf5, 0xb1, 0x59, - 0xe0, 0xf0, 0xb8, 0x1b, 0x20, 0xd2, 0xb5, 0x1f, - 0x15, 0x21, 0xf9, 0xe3, 0xe1, 0x61, 0x21, 0x55]; - - #[test] - fn a_mul_a_vs_a_squared_constant() { - let a = FieldElement::from_bytes(&A_BYTES); - let asq = FieldElement::from_bytes(&ASQ_BYTES); - assert_eq!(asq, &a * &a); - } - - #[test] - fn a_square_vs_a_squared_constant() { - let a = FieldElement::from_bytes(&A_BYTES); - let asq = FieldElement::from_bytes(&ASQ_BYTES); - assert_eq!(asq, a.square()); - } - - #[test] - fn a_square2_vs_a_squared_constant() { - let a = FieldElement::from_bytes(&A_BYTES); - let asq = FieldElement::from_bytes(&ASQ_BYTES); - assert_eq!(a.square2(), &asq+&asq); - } - - #[test] - fn a_invert_vs_inverse_of_a_constant() { - let a = FieldElement::from_bytes(&A_BYTES); - let ainv = FieldElement::from_bytes(&AINV_BYTES); - let should_be_inverse = a.invert(); - assert_eq!(ainv, should_be_inverse); - assert_eq!(FieldElement::one(), &a * &should_be_inverse); - } - - #[test] - fn batch_invert_a_matches_nonbatched() { - let a = FieldElement::from_bytes(&A_BYTES); - let ap58 = FieldElement::from_bytes(&AP58_BYTES); - let asq = FieldElement::from_bytes(&ASQ_BYTES); - let ainv = FieldElement::from_bytes(&AINV_BYTES); - let a2 = &a + &a; - let a_list = vec![a, ap58, asq, ainv, a2]; - let mut ainv_list = a_list.clone(); - FieldElement::batch_invert(&mut ainv_list[..]); - for i in 0..5 { - assert_eq!(a_list[i].invert(), ainv_list[i]); - } - } - - #[test] - fn sqrt_ratio_behavior() { - let zero = FieldElement::zero(); - let one = FieldElement::one(); - let i = constants::SQRT_M1; - let two = &one + &one; // 2 is nonsquare mod p. - let four = &two + &two; // 4 is square mod p. - - // 0/0 should return (1, 0) since u is 0 - let (choice, sqrt) = FieldElement::sqrt_ratio_i(&zero, &zero); - assert_eq!(choice.unwrap_u8(), 1); - assert_eq!(sqrt, zero); - assert_eq!(sqrt.is_negative().unwrap_u8(), 0); - - // 1/0 should return (0, 0) since v is 0, u is nonzero - let (choice, sqrt) = FieldElement::sqrt_ratio_i(&one, &zero); - assert_eq!(choice.unwrap_u8(), 0); - assert_eq!(sqrt, zero); - assert_eq!(sqrt.is_negative().unwrap_u8(), 0); - - // 2/1 is nonsquare, so we expect (0, sqrt(i*2)) - let (choice, sqrt) = FieldElement::sqrt_ratio_i(&two, &one); - assert_eq!(choice.unwrap_u8(), 0); - assert_eq!(sqrt.square(), &two * &i); - assert_eq!(sqrt.is_negative().unwrap_u8(), 0); - - // 4/1 is square, so we expect (1, sqrt(4)) - let (choice, sqrt) = FieldElement::sqrt_ratio_i(&four, &one); - assert_eq!(choice.unwrap_u8(), 1); - assert_eq!(sqrt.square(), four); - assert_eq!(sqrt.is_negative().unwrap_u8(), 0); - - // 1/4 is square, so we expect (1, 1/sqrt(4)) - let (choice, sqrt) = FieldElement::sqrt_ratio_i(&one, &four); - assert_eq!(choice.unwrap_u8(), 1); - assert_eq!(&sqrt.square() * &four, one); - assert_eq!(sqrt.is_negative().unwrap_u8(), 0); - } - - #[test] - fn a_p58_vs_ap58_constant() { - let a = FieldElement::from_bytes(&A_BYTES); - let ap58 = FieldElement::from_bytes(&AP58_BYTES); - assert_eq!(ap58, a.pow_p58()); - } - - #[test] - fn equality() { - let a = FieldElement::from_bytes(&A_BYTES); - let ainv = FieldElement::from_bytes(&AINV_BYTES); - assert!(a == a); - assert!(a != ainv); - } - - /// Notice that the last element has the high bit set, which - /// should be ignored - static B_BYTES: [u8;32] = - [113, 191, 169, 143, 91, 234, 121, 15, - 241, 131, 217, 36, 230, 101, 92, 234, - 8, 208, 170, 251, 97, 127, 70, 210, - 58, 23, 166, 87, 240, 169, 184, 178]; - - #[test] - fn from_bytes_highbit_is_ignored() { - let mut cleared_bytes = B_BYTES; - cleared_bytes[31] &= 127u8; - let with_highbit_set = FieldElement::from_bytes(&B_BYTES); - let without_highbit_set = FieldElement::from_bytes(&cleared_bytes); - assert_eq!(without_highbit_set, with_highbit_set); - } - - #[test] - fn conditional_negate() { - let one = FieldElement::one(); - let minus_one = FieldElement::minus_one(); - let mut x = one; - x.conditional_negate(Choice::from(1)); - assert_eq!(x, minus_one); - x.conditional_negate(Choice::from(0)); - assert_eq!(x, minus_one); - x.conditional_negate(Choice::from(1)); - assert_eq!(x, one); - } - - #[test] - fn encoding_is_canonical() { - // Encode 1 wrongly as 1 + (2^255 - 19) = 2^255 - 18 - let one_encoded_wrongly_bytes: [u8;32] = [0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f]; - // Decode to a field element - let one = FieldElement::from_bytes(&one_encoded_wrongly_bytes); - // .. then check that the encoding is correct - let one_bytes = one.to_bytes(); - assert_eq!(one_bytes[0], 1); - for i in 1..32 { - assert_eq!(one_bytes[i], 0); - } - } - - #[test] - fn batch_invert_empty() { - FieldElement::batch_invert(&mut []); - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/lib.rs deleted file mode 100644 index f33ffded17dc..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/lib.rs +++ /dev/null @@ -1,320 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -#![no_std] -#![cfg_attr(feature = "nightly", feature(test))] -#![cfg_attr(feature = "nightly", feature(doc_cfg))] -#![cfg_attr(feature = "simd_backend", feature(stdsimd))] - -// Refuse to compile if documentation is missing. -#![deny(missing_docs)] - -#![doc(html_logo_url = "https://doc.dalek.rs/assets/dalek-logo-clear.png")] -#![doc(html_root_url = "https://docs.rs/curve25519-dalek/3.2.0")] - -//! # curve25519-dalek [![](https://img.shields.io/crates/v/curve25519-dalek.svg)](https://crates.io/crates/curve25519-dalek) [![](https://img.shields.io/badge/dynamic/json.svg?label=docs&uri=https%3A%2F%2Fcrates.io%2Fapi%2Fv1%2Fcrates%2Fcurve25519-dalek%2Fversions&query=%24.versions%5B0%5D.num&colorB=4F74A6)](https://doc.dalek.rs) [![](https://travis-ci.org/dalek-cryptography/curve25519-dalek.svg?branch=master)](https://travis-ci.org/dalek-cryptography/curve25519-dalek) -//! -//! -//! -//! **A pure-Rust implementation of group operations on Ristretto and Curve25519.** -//! -//! `curve25519-dalek` is a library providing group operations on the Edwards and -//! Montgomery forms of Curve25519, and on the prime-order Ristretto group. -//! -//! `curve25519-dalek` is not intended to provide implementations of any particular -//! crypto protocol. Rather, implementations of those protocols (such as -//! [`x25519-dalek`][x25519-dalek] and [`ed25519-dalek`][ed25519-dalek]) should use -//! `curve25519-dalek` as a library. -//! -//! `curve25519-dalek` is intended to provide a clean and safe _mid-level_ API for use -//! implementing a wide range of ECC-based crypto protocols, such as key agreement, -//! signatures, anonymous credentials, rangeproofs, and zero-knowledge proof -//! systems. -//! -//! In particular, `curve25519-dalek` implements Ristretto, which constructs a -//! prime-order group from a non-prime-order Edwards curve. This provides the -//! speed and safety benefits of Edwards curve arithmetic, without the pitfalls of -//! cofactor-related abstraction mismatches. -//! -//! # Documentation -//! -//! The semver-stable, public-facing `curve25519-dalek` API is documented -//! [here][docs-external]. In addition, the unstable internal implementation -//! details are documented [here][docs-internal]. -//! -//! The `curve25519-dalek` documentation requires a custom HTML header to include -//! KaTeX for math support. Unfortunately `cargo doc` does not currently support -//! this, but docs can be built using -//! ```sh -//! make doc -//! make doc-internal -//! ``` -//! -//! # Use -//! -//! To import `curve25519-dalek`, add the following to the dependencies section of -//! your project's `Cargo.toml`: -//! ```toml -//! curve25519-dalek = "3" -//! ``` -//! -//! The sole breaking change in the `3.x` series was an update to the `digest` -//! version, and in terms of non-breaking changes it includes: -//! -//! * support for using `alloc` instead of `std` on stable Rust, -//! * the Elligator2 encoding for Edwards points, -//! * a fix to use `packed_simd2`, -//! * various documentation fixes and improvements, -//! * support for configurably-sized, precomputed lookup tables for basepoint scalar -//! multiplication, -//! * two new formally-verified field arithmetic backends which use the Fiat Crypto -//! Rust code, which is generated from proofs of functional correctness checked by -//! the Coq theorem proving system, and -//! * support for explicitly calling the `zeroize` traits for all point types. -//! -//! The `2.x` series has API almost entirely unchanged from the `1.x` series, -//! except that: -//! -//! * an error in the data modeling for the (optional) `serde` feature was -//! corrected, so that when the `2.x`-series `serde` implementation is used -//! with `serde-bincode`, the derived serialization matches the usual X/Ed25519 -//! formats; -//! * the `rand` version was updated. -//! -//! See `CHANGELOG.md` for more details. -//! -//! # Backends and Features -//! -//! The `nightly` feature enables features available only when using a Rust nightly -//! compiler. In particular, it is required for rendering documentation and for -//! the SIMD backends. -//! -//! Curve arithmetic is implemented using one of the following backends: -//! -//! * a `u32` backend using serial formulas and `u64` products; -//! * a `u64` backend using serial formulas and `u128` products; -//! * an `avx2` backend using [parallel formulas][parallel_doc] and `avx2` instructions (sets speed records); -//! * an `ifma` backend using [parallel formulas][parallel_doc] and `ifma` instructions (sets speed records); -//! -//! By default the `u64` backend is selected. To select a specific backend, use: -//! ```sh -//! cargo build --no-default-features --features "std u32_backend" -//! cargo build --no-default-features --features "std u64_backend" -//! # Requires nightly, RUSTFLAGS="-C target_feature=+avx2" to use avx2 -//! cargo build --no-default-features --features "std simd_backend" -//! # Requires nightly, RUSTFLAGS="-C target_feature=+avx512ifma" to use ifma -//! cargo build --no-default-features --features "std simd_backend" -//! ``` -//! Crates using `curve25519-dalek` can either select a backend on behalf of their -//! users, or expose feature flags that control the `curve25519-dalek` backend. -//! -//! The `std` feature is enabled by default, but it can be disabled for no-`std` -//! builds using `--no-default-features`. Note that this requires explicitly -//! selecting an arithmetic backend using one of the `_backend` features. -//! If no backend is selected, compilation will fail. -//! -//! # Safety -//! -//! The `curve25519-dalek` types are designed to make illegal states -//! unrepresentable. For example, any instance of an `EdwardsPoint` is -//! guaranteed to hold a point on the Edwards curve, and any instance of a -//! `RistrettoPoint` is guaranteed to hold a valid point in the Ristretto -//! group. -//! -//! All operations are implemented using constant-time logic (no -//! secret-dependent branches, no secret-dependent memory accesses), -//! unless specifically marked as being variable-time code. -//! We believe that our constant-time logic is lowered to constant-time -//! assembly, at least on `x86_64` targets. -//! -//! As an additional guard against possible future compiler optimizations, -//! the `subtle` crate places an optimization barrier before every -//! conditional move or assignment. More details can be found in [the -//! documentation for the `subtle` crate][subtle_doc]. -//! -//! Some functionality (e.g., multiscalar multiplication or batch -//! inversion) requires heap allocation for temporary buffers. All -//! heap-allocated buffers of potentially secret data are explicitly -//! zeroed before release. -//! -//! However, we do not attempt to zero stack data, for two reasons. -//! First, it's not possible to do so correctly: we don't have control -//! over stack allocations, so there's no way to know how much data to -//! wipe. Second, because `curve25519-dalek` provides a mid-level API, -//! the correct place to start zeroing stack data is likely not at the -//! entrypoints of `curve25519-dalek` functions, but at the entrypoints of -//! functions in other crates. -//! -//! The implementation is memory-safe, and contains no significant -//! `unsafe` code. The SIMD backend uses `unsafe` internally to call SIMD -//! intrinsics. These are marked `unsafe` only because invoking them on an -//! inappropriate CPU would cause `SIGILL`, but the entire backend is only -//! compiled with appropriate `target_feature`s, so this cannot occur. -//! -//! # Performance -//! -//! Benchmarks are run using [`criterion.rs`][criterion]: -//! -//! ```sh -//! cargo bench --no-default-features --features "std u32_backend" -//! cargo bench --no-default-features --features "std u64_backend" -//! # Uses avx2 or ifma only if compiled for an appropriate target. -//! export RUSTFLAGS="-C target_cpu=native" -//! cargo bench --no-default-features --features "std simd_backend" -//! ``` -//! -//! Performance is a secondary goal behind correctness, safety, and -//! clarity, but we aim to be competitive with other implementations. -//! -//! # FFI -//! -//! Unfortunately, we have no plans to add FFI to `curve25519-dalek` directly. The -//! reason is that we use Rust features to provide an API that maintains safety -//! invariants, which are not possible to maintain across an FFI boundary. For -//! instance, as described in the _Safety_ section above, invalid points are -//! impossible to construct, and this would not be the case if we exposed point -//! operations over FFI. -//! -//! However, `curve25519-dalek` is designed as a *mid-level* API, aimed at -//! implementing other, higher-level primitives. Instead of providing FFI at the -//! mid-level, our suggestion is to implement the higher-level primitive (a -//! signature, PAKE, ZKP, etc) in Rust, using `curve25519-dalek` as a dependency, -//! and have that crate provide a minimal, byte-buffer-oriented FFI specific to -//! that primitive. -//! -//! # Contributing -//! -//! Please see [CONTRIBUTING.md][contributing]. -//! -//! Patches and pull requests should be make against the `develop` -//! branch, **not** `master`. -//! -//! # About -//! -//! **SPOILER ALERT:** *The Twelfth Doctor's first encounter with the Daleks is in -//! his second full episode, "Into the Dalek". A beleaguered ship of the "Combined -//! Galactic Resistance" has discovered a broken Dalek that has turned "good", -//! desiring to kill all other Daleks. The Doctor, Clara and a team of soldiers -//! are miniaturized and enter the Dalek, which the Doctor names Rusty. They -//! repair the damage, but accidentally restore it to its original nature, causing -//! it to go on the rampage and alert the Dalek fleet to the whereabouts of the -//! rebel ship. However, the Doctor manages to return Rusty to its previous state -//! by linking his mind with the Dalek's: Rusty shares the Doctor's view of the -//! universe's beauty, but also his deep hatred of the Daleks. Rusty destroys the -//! other Daleks and departs the ship, determined to track down and bring an end -//! to the Dalek race.* -//! -//! `curve25519-dalek` is authored by Isis Agora Lovecruft and Henry de Valence. -//! -//! Portions of this library were originally a port of [Adam Langley's -//! Golang ed25519 library](https://!github.com/agl/ed25519), which was in -//! turn a port of the reference `ref10` implementation. Most of this code, -//! including the 32-bit field arithmetic, has since been rewritten. -//! -//! The fast `u32` and `u64` scalar arithmetic was implemented by Andrew Moon, and -//! the addition chain for scalar inversion was provided by Brian Smith. The -//! optimised batch inversion was contributed by Sean Bowe and Daira Hopwood. -//! -//! The `no_std` and `zeroize` support was contributed by Tony Arcieri. -//! -//! The formally verified backends, `fiat_u32_backend` and `fiat_u64_backend`, which -//! integrate with the Rust generated by the -//! [Fiat Crypto project](https://github.com/mit-plv/fiat-crypto) were contributed -//! by François Garillot. -//! -//! Thanks also to Ashley Hauck, Lucas Salibian, Manish Goregaokar, Jack Grigg, -//! Pratyush Mishra, Michael Rosenberg, and countless others for their -//! contributions. -//! -//! [ed25519-dalek]: https://github.com/dalek-cryptography/ed25519-dalek -//! [x25519-dalek]: https://github.com/dalek-cryptography/x25519-dalek -//! [contributing]: https://github.com/dalek-cryptography/curve25519-dalek/blob/master/CONTRIBUTING.md -//! [docs-external]: https://doc.dalek.rs/curve25519_dalek/ -//! [docs-internal]: https://doc-internal.dalek.rs/curve25519_dalek/ -//! [criterion]: https://github.com/japaric/criterion.rs -//! [parallel_doc]: https://doc-internal.dalek.rs/curve25519_dalek/backend/vector/avx2/index.html -//! [subtle_doc]: https://doc.dalek.rs/subtle/ - -//------------------------------------------------------------------------ -// External dependencies: -//------------------------------------------------------------------------ - -#[cfg(all(feature = "alloc", not(feature = "std")))] -#[macro_use] -extern crate alloc; - -#[cfg(feature = "std")] -#[macro_use] -extern crate std; - -#[cfg(all(feature = "nightly", feature = "packed_simd"))] -extern crate packed_simd; - -extern crate byteorder; -pub extern crate digest; -extern crate rand_core; -extern crate zeroize; - -#[cfg(any(feature = "fiat_u64_backend", feature = "fiat_u32_backend"))] -extern crate fiat_crypto; - -// Used for traits related to constant-time code. -extern crate subtle; - -#[cfg(all(test, feature = "serde"))] -extern crate bincode; -#[cfg(feature = "serde")] -extern crate serde; - -// Internal macros. Must come first! -#[macro_use] -pub(crate) mod macros; - -//------------------------------------------------------------------------ -// curve25519-dalek public modules -//------------------------------------------------------------------------ - -// Scalar arithmetic mod l = 2^252 + ..., the order of the Ristretto group -pub mod scalar; - -// Point operations on the Montgomery form of Curve25519 -pub mod montgomery; - -// Point operations on the Edwards form of Curve25519 -pub mod edwards; - -// Group operations on the Ristretto group -pub mod ristretto; - -// Useful constants, like the Ed25519 basepoint -pub mod constants; - -// External (and internal) traits. -pub mod traits; - -//------------------------------------------------------------------------ -// curve25519-dalek internal modules -//------------------------------------------------------------------------ - -// Finite field arithmetic mod p = 2^255 - 19 -pub(crate) mod field; - -// Arithmetic backends (using u32, u64, etc) live here -pub(crate) mod backend; - -// Crate-local prelude (for alloc-dependent features like `Vec`) -pub(crate) mod prelude; - -// Generic code for window lookups -pub(crate) mod window; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/macros.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/macros.rs deleted file mode 100644 index 84a2ce128d7a..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/macros.rs +++ /dev/null @@ -1,124 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis agora lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Internal macros. - -/// Define borrow and non-borrow variants of `Add`. -macro_rules! define_add_variants { - (LHS = $lhs:ty, RHS = $rhs:ty, Output = $out:ty) => { - impl<'b> Add<&'b $rhs> for $lhs { - type Output = $out; - fn add(self, rhs: &'b $rhs) -> $out { - &self + rhs - } - } - - impl<'a> Add<$rhs> for &'a $lhs { - type Output = $out; - fn add(self, rhs: $rhs) -> $out { - self + &rhs - } - } - - impl Add<$rhs> for $lhs { - type Output = $out; - fn add(self, rhs: $rhs) -> $out { - &self + &rhs - } - } - } -} - -/// Define non-borrow variants of `AddAssign`. -macro_rules! define_add_assign_variants { - (LHS = $lhs:ty, RHS = $rhs:ty) => { - impl AddAssign<$rhs> for $lhs { - fn add_assign(&mut self, rhs: $rhs) { - *self += &rhs; - } - } - } -} - -/// Define borrow and non-borrow variants of `Sub`. -macro_rules! define_sub_variants { - (LHS = $lhs:ty, RHS = $rhs:ty, Output = $out:ty) => { - impl<'b> Sub<&'b $rhs> for $lhs { - type Output = $out; - fn sub(self, rhs: &'b $rhs) -> $out { - &self - rhs - } - } - - impl<'a> Sub<$rhs> for &'a $lhs { - type Output = $out; - fn sub(self, rhs: $rhs) -> $out { - self - &rhs - } - } - - impl Sub<$rhs> for $lhs { - type Output = $out; - fn sub(self, rhs: $rhs) -> $out { - &self - &rhs - } - } - } -} - -/// Define non-borrow variants of `SubAssign`. -macro_rules! define_sub_assign_variants { - (LHS = $lhs:ty, RHS = $rhs:ty) => { - impl SubAssign<$rhs> for $lhs { - fn sub_assign(&mut self, rhs: $rhs) { - *self -= &rhs; - } - } - } -} - -/// Define borrow and non-borrow variants of `Mul`. -macro_rules! define_mul_variants { - (LHS = $lhs:ty, RHS = $rhs:ty, Output = $out:ty) => { - impl<'b> Mul<&'b $rhs> for $lhs { - type Output = $out; - fn mul(self, rhs: &'b $rhs) -> $out { - &self * rhs - } - } - - impl<'a> Mul<$rhs> for &'a $lhs { - type Output = $out; - fn mul(self, rhs: $rhs) -> $out { - self * &rhs - } - } - - impl Mul<$rhs> for $lhs { - type Output = $out; - fn mul(self, rhs: $rhs) -> $out { - &self * &rhs - } - } - } -} - -/// Define non-borrow variants of `MulAssign`. -macro_rules! define_mul_assign_variants { - (LHS = $lhs:ty, RHS = $rhs:ty) => { - impl MulAssign<$rhs> for $lhs { - fn mul_assign(&mut self, rhs: $rhs) { - *self *= &rhs; - } - } - } -} - diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/montgomery.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/montgomery.rs deleted file mode 100644 index 88afbd90a505..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/montgomery.rs +++ /dev/null @@ -1,479 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Scalar multiplication on the Montgomery form of Curve25519. -//! -//! To avoid notational confusion with the Edwards code, we use -//! variables \\( u, v \\) for the Montgomery curve, so that “Montgomery -//! \\(u\\)” here corresponds to “Montgomery \\(x\\)” elsewhere. -//! -//! Montgomery arithmetic works not on the curve itself, but on the -//! \\(u\\)-line, which discards sign information and unifies the curve -//! and its quadratic twist. See [_Montgomery curves and their -//! arithmetic_][costello-smith] by Costello and Smith for more details. -//! -//! The `MontgomeryPoint` struct contains the affine \\(u\\)-coordinate -//! \\(u\_0(P)\\) of a point \\(P\\) on either the curve or the twist. -//! Here the map \\(u\_0 : \mathcal M \rightarrow \mathbb F\_p \\) is -//! defined by \\(u\_0((u,v)) = u\\); \\(u\_0(\mathcal O) = 0\\). See -//! section 5.4 of Costello-Smith for more details. -//! -//! # Scalar Multiplication -//! -//! Scalar multiplication on `MontgomeryPoint`s is provided by the `*` -//! operator, which implements the Montgomery ladder. -//! -//! # Edwards Conversion -//! -//! The \\(2\\)-to-\\(1\\) map from the Edwards model to the Montgomery -//! \\(u\\)-line is provided by `EdwardsPoint::to_montgomery()`. -//! -//! To lift a `MontgomeryPoint` to an `EdwardsPoint`, use -//! `MontgomeryPoint::to_edwards()`, which takes a sign parameter. -//! This function rejects `MontgomeryPoints` which correspond to points -//! on the twist. -//! -//! [costello-smith]: https://eprint.iacr.org/2017/212.pdf - -// We allow non snake_case names because coordinates in projective space are -// traditionally denoted by the capitalisation of their respective -// counterparts in affine space. Yeah, you heard me, rustc, I'm gonna have my -// affine and projective cakes and eat both of them too. -#![allow(non_snake_case)] - -use core::ops::{Mul, MulAssign}; - -use constants::{APLUS2_OVER_FOUR, MONTGOMERY_A, MONTGOMERY_A_NEG}; -use edwards::{CompressedEdwardsY, EdwardsPoint}; -use field::FieldElement; -use scalar::Scalar; - -use traits::Identity; - -use subtle::Choice; -use subtle::ConstantTimeEq; -use subtle::{ConditionallyNegatable, ConditionallySelectable}; - -use zeroize::Zeroize; - -/// Holds the \\(u\\)-coordinate of a point on the Montgomery form of -/// Curve25519 or its twist. -#[derive(Copy, Clone, Debug, Hash)] -#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))] -pub struct MontgomeryPoint(pub [u8; 32]); - -/// Equality of `MontgomeryPoint`s is defined mod p. -impl ConstantTimeEq for MontgomeryPoint { - fn ct_eq(&self, other: &MontgomeryPoint) -> Choice { - let self_fe = FieldElement::from_bytes(&self.0); - let other_fe = FieldElement::from_bytes(&other.0); - - self_fe.ct_eq(&other_fe) - } -} - -impl Default for MontgomeryPoint { - fn default() -> MontgomeryPoint { - MontgomeryPoint([0u8; 32]) - } -} - -impl PartialEq for MontgomeryPoint { - fn eq(&self, other: &MontgomeryPoint) -> bool { - self.ct_eq(other).unwrap_u8() == 1u8 - } -} - -impl Eq for MontgomeryPoint {} - -impl Identity for MontgomeryPoint { - /// Return the group identity element, which has order 4. - fn identity() -> MontgomeryPoint { - MontgomeryPoint([0u8; 32]) - } -} - -impl Zeroize for MontgomeryPoint { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -impl MontgomeryPoint { - /// View this `MontgomeryPoint` as an array of bytes. - pub fn as_bytes<'a>(&'a self) -> &'a [u8; 32] { - &self.0 - } - - /// Convert this `MontgomeryPoint` to an array of bytes. - pub fn to_bytes(&self) -> [u8; 32] { - self.0 - } - - /// Attempt to convert to an `EdwardsPoint`, using the supplied - /// choice of sign for the `EdwardsPoint`. - /// - /// # Inputs - /// - /// * `sign`: a `u8` donating the desired sign of the resulting - /// `EdwardsPoint`. `0` denotes positive and `1` negative. - /// - /// # Return - /// - /// * `Some(EdwardsPoint)` if `self` is the \\(u\\)-coordinate of a - /// point on (the Montgomery form of) Curve25519; - /// - /// * `None` if `self` is the \\(u\\)-coordinate of a point on the - /// twist of (the Montgomery form of) Curve25519; - /// - pub fn to_edwards(&self, sign: u8) -> Option { - // To decompress the Montgomery u coordinate to an - // `EdwardsPoint`, we apply the birational map to obtain the - // Edwards y coordinate, then do Edwards decompression. - // - // The birational map is y = (u-1)/(u+1). - // - // The exceptional points are the zeros of the denominator, - // i.e., u = -1. - // - // But when u = -1, v^2 = u*(u^2+486662*u+1) = 486660. - // - // Since this is nonsquare mod p, u = -1 corresponds to a point - // on the twist, not the curve, so we can reject it early. - - let u = FieldElement::from_bytes(&self.0); - - if u == FieldElement::minus_one() { return None; } - - let one = FieldElement::one(); - - let y = &(&u - &one) * &(&u + &one).invert(); - - let mut y_bytes = y.to_bytes(); - y_bytes[31] ^= sign << 7; - - CompressedEdwardsY(y_bytes).decompress() - } -} - -/// Perform the Elligator2 mapping to a Montgomery point. -/// -/// See -// -// TODO Determine how much of the hash-to-group API should be exposed after the CFRG -// draft gets into a more polished/accepted state. -#[allow(unused)] -pub(crate) fn elligator_encode(r_0: &FieldElement) -> MontgomeryPoint { - let one = FieldElement::one(); - let d_1 = &one + &r_0.square2(); /* 2r^2 */ - - let d = &MONTGOMERY_A_NEG * &(d_1.invert()); /* A/(1+2r^2) */ - - let d_sq = &d.square(); - let au = &MONTGOMERY_A * &d; - - let inner = &(d_sq + &au) + &one; - let eps = &d * &inner; /* eps = d^3 + Ad^2 + d */ - - let (eps_is_sq, _eps) = FieldElement::sqrt_ratio_i(&eps, &one); - - let zero = FieldElement::zero(); - let Atemp = FieldElement::conditional_select(&MONTGOMERY_A, &zero, eps_is_sq); /* 0, or A if nonsquare*/ - let mut u = &d + &Atemp; /* d, or d+A if nonsquare */ - u.conditional_negate(!eps_is_sq); /* d, or -d-A if nonsquare */ - - MontgomeryPoint(u.to_bytes()) -} - -/// A `ProjectivePoint` holds a point on the projective line -/// \\( \mathbb P(\mathbb F\_p) \\), which we identify with the Kummer -/// line of the Montgomery curve. -#[derive(Copy, Clone, Debug)] -struct ProjectivePoint { - pub U: FieldElement, - pub W: FieldElement, -} - -impl Identity for ProjectivePoint { - fn identity() -> ProjectivePoint { - ProjectivePoint { - U: FieldElement::one(), - W: FieldElement::zero(), - } - } -} - -impl Default for ProjectivePoint { - fn default() -> ProjectivePoint { - ProjectivePoint::identity() - } -} - -impl ConditionallySelectable for ProjectivePoint { - fn conditional_select( - a: &ProjectivePoint, - b: &ProjectivePoint, - choice: Choice, - ) -> ProjectivePoint { - ProjectivePoint { - U: FieldElement::conditional_select(&a.U, &b.U, choice), - W: FieldElement::conditional_select(&a.W, &b.W, choice), - } - } -} - -impl ProjectivePoint { - /// Dehomogenize this point to affine coordinates. - /// - /// # Return - /// - /// * \\( u = U / W \\) if \\( W \neq 0 \\); - /// * \\( 0 \\) if \\( W \eq 0 \\); - pub fn to_affine(&self) -> MontgomeryPoint { - let u = &self.U * &self.W.invert(); - MontgomeryPoint(u.to_bytes()) - } -} - -/// Perform the double-and-add step of the Montgomery ladder. -/// -/// Given projective points -/// \\( (U\_P : W\_P) = u(P) \\), -/// \\( (U\_Q : W\_Q) = u(Q) \\), -/// and the affine difference -/// \\( u\_{P-Q} = u(P-Q) \\), set -/// $$ -/// (U\_P : W\_P) \gets u([2]P) -/// $$ -/// and -/// $$ -/// (U\_Q : W\_Q) \gets u(P + Q). -/// $$ -fn differential_add_and_double( - P: &mut ProjectivePoint, - Q: &mut ProjectivePoint, - affine_PmQ: &FieldElement, -) { - let t0 = &P.U + &P.W; - let t1 = &P.U - &P.W; - let t2 = &Q.U + &Q.W; - let t3 = &Q.U - &Q.W; - - let t4 = t0.square(); // (U_P + W_P)^2 = U_P^2 + 2 U_P W_P + W_P^2 - let t5 = t1.square(); // (U_P - W_P)^2 = U_P^2 - 2 U_P W_P + W_P^2 - - let t6 = &t4 - &t5; // 4 U_P W_P - - let t7 = &t0 * &t3; // (U_P + W_P) (U_Q - W_Q) = U_P U_Q + W_P U_Q - U_P W_Q - W_P W_Q - let t8 = &t1 * &t2; // (U_P - W_P) (U_Q + W_Q) = U_P U_Q - W_P U_Q + U_P W_Q - W_P W_Q - - let t9 = &t7 + &t8; // 2 (U_P U_Q - W_P W_Q) - let t10 = &t7 - &t8; // 2 (W_P U_Q - U_P W_Q) - - let t11 = t9.square(); // 4 (U_P U_Q - W_P W_Q)^2 - let t12 = t10.square(); // 4 (W_P U_Q - U_P W_Q)^2 - - let t13 = &APLUS2_OVER_FOUR * &t6; // (A + 2) U_P U_Q - - let t14 = &t4 * &t5; // ((U_P + W_P)(U_P - W_P))^2 = (U_P^2 - W_P^2)^2 - let t15 = &t13 + &t5; // (U_P - W_P)^2 + (A + 2) U_P W_P - - let t16 = &t6 * &t15; // 4 (U_P W_P) ((U_P - W_P)^2 + (A + 2) U_P W_P) - - let t17 = affine_PmQ * &t12; // U_D * 4 (W_P U_Q - U_P W_Q)^2 - let t18 = t11; // W_D * 4 (U_P U_Q - W_P W_Q)^2 - - P.U = t14; // U_{P'} = (U_P + W_P)^2 (U_P - W_P)^2 - P.W = t16; // W_{P'} = (4 U_P W_P) ((U_P - W_P)^2 + ((A + 2)/4) 4 U_P W_P) - Q.U = t18; // U_{Q'} = W_D * 4 (U_P U_Q - W_P W_Q)^2 - Q.W = t17; // W_{Q'} = U_D * 4 (W_P U_Q - U_P W_Q)^2 -} - -define_mul_assign_variants!(LHS = MontgomeryPoint, RHS = Scalar); - -define_mul_variants!(LHS = MontgomeryPoint, RHS = Scalar, Output = MontgomeryPoint); -define_mul_variants!(LHS = Scalar, RHS = MontgomeryPoint, Output = MontgomeryPoint); - -/// Multiply this `MontgomeryPoint` by a `Scalar`. -impl<'a, 'b> Mul<&'b Scalar> for &'a MontgomeryPoint { - type Output = MontgomeryPoint; - - /// Given `self` \\( = u\_0(P) \\), and a `Scalar` \\(n\\), return \\( u\_0([n]P) \\). - fn mul(self, scalar: &'b Scalar) -> MontgomeryPoint { - // Algorithm 8 of Costello-Smith 2017 - let affine_u = FieldElement::from_bytes(&self.0); - let mut x0 = ProjectivePoint::identity(); - let mut x1 = ProjectivePoint { - U: affine_u, - W: FieldElement::one(), - }; - - let bits: [i8; 256] = scalar.bits(); - - for i in (0..255).rev() { - let choice: u8 = (bits[i + 1] ^ bits[i]) as u8; - - debug_assert!(choice == 0 || choice == 1); - - ProjectivePoint::conditional_swap(&mut x0, &mut x1, choice.into()); - differential_add_and_double(&mut x0, &mut x1, &affine_u); - } - ProjectivePoint::conditional_swap(&mut x0, &mut x1, Choice::from(bits[0] as u8)); - - x0.to_affine() - } -} - -impl<'b> MulAssign<&'b Scalar> for MontgomeryPoint { - fn mul_assign(&mut self, scalar: &'b Scalar) { - *self = (self as &MontgomeryPoint) * scalar; - } -} - -impl<'a, 'b> Mul<&'b MontgomeryPoint> for &'a Scalar { - type Output = MontgomeryPoint; - - fn mul(self, point: &'b MontgomeryPoint) -> MontgomeryPoint { - point * self - } -} - -// ------------------------------------------------------------------------ -// Tests -// ------------------------------------------------------------------------ - -#[cfg(test)] -mod test { - use super::*; - use constants; - use core::convert::TryInto; - - use rand_core::OsRng; - - #[test] - fn identity_in_different_coordinates() { - let id_projective = ProjectivePoint::identity(); - let id_montgomery = id_projective.to_affine(); - - assert!(id_montgomery == MontgomeryPoint::identity()); - } - - #[test] - fn identity_in_different_models() { - assert!(EdwardsPoint::identity().to_montgomery() == MontgomeryPoint::identity()); - } - - #[test] - #[cfg(feature = "serde")] - fn serde_bincode_basepoint_roundtrip() { - use bincode; - - let encoded = bincode::serialize(&constants::X25519_BASEPOINT).unwrap(); - let decoded: MontgomeryPoint = bincode::deserialize(&encoded).unwrap(); - - assert_eq!(encoded.len(), 32); - assert_eq!(decoded, constants::X25519_BASEPOINT); - - let raw_bytes = constants::X25519_BASEPOINT.as_bytes(); - let bp: MontgomeryPoint = bincode::deserialize(raw_bytes).unwrap(); - assert_eq!(bp, constants::X25519_BASEPOINT); - } - - /// Test Montgomery -> Edwards on the X/Ed25519 basepoint - #[test] - fn basepoint_montgomery_to_edwards() { - // sign bit = 0 => basepoint - assert_eq!( - constants::ED25519_BASEPOINT_POINT, - constants::X25519_BASEPOINT.to_edwards(0).unwrap() - ); - // sign bit = 1 => minus basepoint - assert_eq!( - - constants::ED25519_BASEPOINT_POINT, - constants::X25519_BASEPOINT.to_edwards(1).unwrap() - ); - } - - /// Test Edwards -> Montgomery on the X/Ed25519 basepoint - #[test] - fn basepoint_edwards_to_montgomery() { - assert_eq!( - constants::ED25519_BASEPOINT_POINT.to_montgomery(), - constants::X25519_BASEPOINT - ); - } - - /// Check that Montgomery -> Edwards fails for points on the twist. - #[test] - fn montgomery_to_edwards_rejects_twist() { - let one = FieldElement::one(); - - // u = 2 corresponds to a point on the twist. - let two = MontgomeryPoint((&one+&one).to_bytes()); - - assert!(two.to_edwards(0).is_none()); - - // u = -1 corresponds to a point on the twist, but should be - // checked explicitly because it's an exceptional point for the - // birational map. For instance, libsignal will accept it. - let minus_one = MontgomeryPoint((-&one).to_bytes()); - - assert!(minus_one.to_edwards(0).is_none()); - } - - #[test] - fn eq_defined_mod_p() { - let mut u18_bytes = [0u8; 32]; u18_bytes[0] = 18; - let u18 = MontgomeryPoint(u18_bytes); - let u18_unred = MontgomeryPoint([255; 32]); - - assert_eq!(u18, u18_unred); - } - - #[test] - fn montgomery_ladder_matches_edwards_scalarmult() { - let mut csprng: OsRng = OsRng; - - let s: Scalar = Scalar::random(&mut csprng); - let p_edwards: EdwardsPoint = &constants::ED25519_BASEPOINT_TABLE * &s; - let p_montgomery: MontgomeryPoint = p_edwards.to_montgomery(); - - let expected = s * p_edwards; - let result = s * p_montgomery; - - assert_eq!(result, expected.to_montgomery()) - } - - const ELLIGATOR_CORRECT_OUTPUT: [u8; 32] = [ - 0x5f, 0x35, 0x20, 0x00, 0x1c, 0x6c, 0x99, 0x36, 0xa3, 0x12, 0x06, 0xaf, 0xe7, 0xc7, 0xac, - 0x22, 0x4e, 0x88, 0x61, 0x61, 0x9b, 0xf9, 0x88, 0x72, 0x44, 0x49, 0x15, 0x89, 0x9d, 0x95, - 0xf4, 0x6e, - ]; - - #[test] - #[cfg(feature = "std")] // Vec - fn montgomery_elligator_correct() { - let bytes: std::vec::Vec = (0u8..32u8).collect(); - let bits_in: [u8; 32] = (&bytes[..]).try_into().expect("Range invariant broken"); - - let fe = FieldElement::from_bytes(&bits_in); - let eg = elligator_encode(&fe); - assert_eq!(eg.to_bytes(), ELLIGATOR_CORRECT_OUTPUT); - } - - #[test] - fn montgomery_elligator_zero_zero() { - let zero = [0u8; 32]; - let fe = FieldElement::from_bytes(&zero); - let eg = elligator_encode(&fe); - assert_eq!(eg.to_bytes(), zero); - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/prelude.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/prelude.rs deleted file mode 100644 index 5c0a611a3a1d..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/prelude.rs +++ /dev/null @@ -1,19 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Crate-local prelude (for alloc-dependent features like `Vec`) - -// TODO: switch to alloc::prelude -#[cfg(all(feature = "alloc", not(feature = "std")))] -pub use alloc::vec::Vec; - -#[cfg(feature = "std")] -pub use std::vec::Vec; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/ristretto.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/ristretto.rs deleted file mode 100644 index b9e37343bd7b..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/ristretto.rs +++ /dev/null @@ -1,1384 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2020 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -// We allow non snake_case names because coordinates in projective space are -// traditionally denoted by the capitalisation of their respective -// counterparts in affine space. Yeah, you heard me, rustc, I'm gonna have my -// affine and projective cakes and eat both of them too. -#![allow(non_snake_case)] - -//! An implementation of [Ristretto][ristretto_main], which provides a -//! prime-order group. -//! -//! # The Ristretto Group -//! -//! Ristretto is a modification of Mike Hamburg's Decaf scheme to work -//! with cofactor-\\(8\\) curves, such as Curve25519. -//! -//! The introduction of the Decaf paper, [_Decaf: -//! Eliminating cofactors through point -//! compression_](https://eprint.iacr.org/2015/673.pdf), notes that while -//! most cryptographic systems require a group of prime order, most -//! concrete implementations using elliptic curve groups fall short – -//! they either provide a group of prime order, but with incomplete or -//! variable-time addition formulae (for instance, most Weierstrass -//! models), or else they provide a fast and safe implementation of a -//! group whose order is not quite a prime \\(q\\), but \\(hq\\) for a -//! small cofactor \\(h\\) (for instance, Edwards curves, which have -//! cofactor at least \\(4\\)). -//! -//! This abstraction mismatch is commonly “handled” by pushing the -//! complexity upwards, adding ad-hoc protocol modifications. But -//! these modifications require careful analysis and are a recurring -//! source of [vulnerabilities][cryptonote] and [design -//! complications][ed25519_hkd]. -//! -//! Instead, Decaf (and Ristretto) use a quotient group to implement a -//! prime-order group using a non-prime-order curve. This provides -//! the correct abstraction for cryptographic systems, while retaining -//! the speed and safety benefits of an Edwards curve. -//! -//! Decaf is named “after the procedure which divides the effect of -//! coffee by \\(4\\)”. However, Curve25519 has a cofactor of -//! \\(8\\). To eliminate its cofactor, Ristretto restricts further; -//! this [additional restriction][ristretto_coffee] gives the -//! _Ristretto_ encoding. -//! -//! More details on why Ristretto is necessary can be found in the -//! [Why Ristretto?][why_ristretto] section of the Ristretto website. -//! -//! Ristretto -//! points are provided in `curve25519-dalek` by the `RistrettoPoint` -//! struct. -//! -//! ## Encoding and Decoding -//! -//! Encoding is done by converting to and from a `CompressedRistretto` -//! struct, which is a typed wrapper around `[u8; 32]`. -//! -//! The encoding is not batchable, but it is possible to -//! double-and-encode in a batch using -//! `RistrettoPoint::double_and_compress_batch`. -//! -//! ## Equality Testing -//! -//! Testing equality of points on an Edwards curve in projective -//! coordinates requires an expensive inversion. By contrast, equality -//! checking in the Ristretto group can be done in projective -//! coordinates without requiring an inversion, so it is much faster. -//! -//! The `RistrettoPoint` struct implements the -//! `subtle::ConstantTimeEq` trait for constant-time equality -//! checking, and the Rust `Eq` trait for variable-time equality -//! checking. -//! -//! ## Scalars -//! -//! Scalars are represented by the `Scalar` struct. Each scalar has a -//! canonical representative mod the group order. To attempt to load -//! a supposedly-canonical scalar, use -//! `Scalar::from_canonical_bytes()`. To check whether a -//! representative is canonical, use `Scalar::is_canonical()`. -//! -//! ## Scalar Multiplication -//! -//! Scalar multiplication on Ristretto points is provided by: -//! -//! * the `*` operator between a `Scalar` and a `RistrettoPoint`, which -//! performs constant-time variable-base scalar multiplication; -//! -//! * the `*` operator between a `Scalar` and a -//! `RistrettoBasepointTable`, which performs constant-time fixed-base -//! scalar multiplication; -//! -//! * an implementation of the -//! [`MultiscalarMul`](../traits/trait.MultiscalarMul.html) trait for -//! constant-time variable-base multiscalar multiplication; -//! -//! * an implementation of the -//! [`VartimeMultiscalarMul`](../traits/trait.VartimeMultiscalarMul.html) -//! trait for variable-time variable-base multiscalar multiplication; -//! -//! ## Random Points and Hashing to Ristretto -//! -//! The Ristretto group comes equipped with an Elligator map. This is -//! used to implement -//! -//! * `RistrettoPoint::random()`, which generates random points from an -//! RNG; -//! -//! * `RistrettoPoint::from_hash()` and -//! `RistrettoPoint::hash_from_bytes()`, which perform hashing to the -//! group. -//! -//! The Elligator map itself is not currently exposed. -//! -//! ## Implementation -//! -//! The Decaf suggestion is to use a quotient group, such as \\(\mathcal -//! E / \mathcal E[4]\\) or \\(2 \mathcal E / \mathcal E[2] \\), to -//! implement a prime-order group using a non-prime-order curve. -//! -//! This requires only changing -//! -//! 1. the function for equality checking (so that two representatives -//! of the same coset are considered equal); -//! 2. the function for encoding (so that two representatives of the -//! same coset are encoded as identical bitstrings); -//! 3. the function for decoding (so that only the canonical encoding of -//! a coset is accepted). -//! -//! Internally, each coset is represented by a curve point; two points -//! \\( P, Q \\) may represent the same coset in the same way that two -//! points with different \\(X,Y,Z\\) coordinates may represent the -//! same point. The group operations are carried out with no overhead -//! using Edwards formulas. -//! -//! Notes on the details of the encoding can be found in the -//! [Details][ristretto_notes] section of the Ristretto website. -//! -//! [cryptonote]: -//! https://moderncrypto.org/mail-archive/curves/2017/000898.html -//! [ed25519_hkd]: -//! https://moderncrypto.org/mail-archive/curves/2017/000858.html -//! [ristretto_coffee]: -//! https://en.wikipedia.org/wiki/Ristretto -//! [ristretto_notes]: -//! https://ristretto.group/details/index.html -//! [why_ristretto]: -//! https://ristretto.group/why_ristretto.html -//! [ristretto_main]: -//! https://ristretto.group/ - -use core::borrow::Borrow; -use core::fmt::Debug; -use core::iter::Sum; -use core::ops::{Add, Neg, Sub}; -use core::ops::{AddAssign, SubAssign}; -use core::ops::{Mul, MulAssign}; - -use rand_core::{CryptoRng, RngCore}; - -use digest::generic_array::typenum::U64; -use digest::Digest; - -use constants; -use field::FieldElement; - -use subtle::Choice; -use subtle::ConditionallySelectable; -use subtle::ConditionallyNegatable; -use subtle::ConstantTimeEq; - -use zeroize::Zeroize; - -use edwards::EdwardsBasepointTable; -use edwards::EdwardsPoint; - -#[allow(unused_imports)] -use prelude::*; - -use scalar::Scalar; - -use traits::Identity; -#[cfg(any(feature = "alloc", feature = "std"))] -use traits::{MultiscalarMul, VartimeMultiscalarMul, VartimePrecomputedMultiscalarMul}; - -#[cfg(not(all( - feature = "simd_backend", - any(target_feature = "avx2", target_feature = "avx512ifma") -)))] -use backend::serial::scalar_mul; -#[cfg(all( - feature = "simd_backend", - any(target_feature = "avx2", target_feature = "avx512ifma") -))] -use backend::vector::scalar_mul; - -// ------------------------------------------------------------------------ -// Compressed points -// ------------------------------------------------------------------------ - -/// A Ristretto point, in compressed wire format. -/// -/// The Ristretto encoding is canonical, so two points are equal if and -/// only if their encodings are equal. -#[derive(Copy, Clone, Eq, PartialEq, Hash)] -pub struct CompressedRistretto(pub [u8; 32]); - -impl ConstantTimeEq for CompressedRistretto { - fn ct_eq(&self, other: &CompressedRistretto) -> Choice { - self.as_bytes().ct_eq(other.as_bytes()) - } -} - -impl CompressedRistretto { - /// Copy the bytes of this `CompressedRistretto`. - pub fn to_bytes(&self) -> [u8; 32] { - self.0 - } - - /// View this `CompressedRistretto` as an array of bytes. - pub fn as_bytes(&self) -> &[u8; 32] { - &self.0 - } - - /// Construct a `CompressedRistretto` from a slice of bytes. - /// - /// # Panics - /// - /// If the input `bytes` slice does not have a length of 32. - pub fn from_slice(bytes: &[u8]) -> CompressedRistretto { - let mut tmp = [0u8; 32]; - - tmp.copy_from_slice(bytes); - - CompressedRistretto(tmp) - } - - /// Attempt to decompress to an `RistrettoPoint`. - /// - /// # Return - /// - /// - `Some(RistrettoPoint)` if `self` was the canonical encoding of a point; - /// - /// - `None` if `self` was not the canonical encoding of a point. - pub fn decompress(&self) -> Option { - // Step 1. Check s for validity: - // 1.a) s must be 32 bytes (we get this from the type system) - // 1.b) s < p - // 1.c) s is nonnegative - // - // Our decoding routine ignores the high bit, so the only - // possible failure for 1.b) is if someone encodes s in 0..18 - // as s+p in 2^255-19..2^255-1. We can check this by - // converting back to bytes, and checking that we get the - // original input, since our encoding routine is canonical. - - let s = FieldElement::from_bytes(self.as_bytes()); - let s_bytes_check = s.to_bytes(); - let s_encoding_is_canonical = - &s_bytes_check[..].ct_eq(self.as_bytes()); - let s_is_negative = s.is_negative(); - - if s_encoding_is_canonical.unwrap_u8() == 0u8 || s_is_negative.unwrap_u8() == 1u8 { - return None; - } - - // Step 2. Compute (X:Y:Z:T). - let one = FieldElement::one(); - let ss = s.square(); - let u1 = &one - &ss; // 1 + as² - let u2 = &one + &ss; // 1 - as² where a=-1 - let u2_sqr = u2.square(); // (1 - as²)² - - // v == ad(1+as²)² - (1-as²)² where d=-121665/121666 - let v = &(&(-&constants::EDWARDS_D) * &u1.square()) - &u2_sqr; - - let (ok, I) = (&v * &u2_sqr).invsqrt(); // 1/sqrt(v*u_2²) - - let Dx = &I * &u2; // 1/sqrt(v) - let Dy = &I * &(&Dx * &v); // 1/u2 - - // x == | 2s/sqrt(v) | == + sqrt(4s²/(ad(1+as²)² - (1-as²)²)) - let mut x = &(&s + &s) * &Dx; - let x_neg = x.is_negative(); - x.conditional_negate(x_neg); - - // y == (1-as²)/(1+as²) - let y = &u1 * &Dy; - - // t == ((1+as²) sqrt(4s²/(ad(1+as²)² - (1-as²)²)))/(1-as²) - let t = &x * &y; - - if ok.unwrap_u8() == 0u8 || t.is_negative().unwrap_u8() == 1u8 || y.is_zero().unwrap_u8() == 1u8 { - None - } else { - Some(RistrettoPoint(EdwardsPoint{X: x, Y: y, Z: one, T: t})) - } - } -} - -impl Identity for CompressedRistretto { - fn identity() -> CompressedRistretto { - CompressedRistretto([0u8; 32]) - } -} - -impl Default for CompressedRistretto { - fn default() -> CompressedRistretto { - CompressedRistretto::identity() - } -} - -// ------------------------------------------------------------------------ -// Serde support -// ------------------------------------------------------------------------ -// Serializes to and from `RistrettoPoint` directly, doing compression -// and decompression internally. This means that users can create -// structs containing `RistrettoPoint`s and use Serde's derived -// serializers to serialize those structures. - -#[cfg(feature = "serde")] -use serde::{self, Serialize, Deserialize, Serializer, Deserializer}; -#[cfg(feature = "serde")] -use serde::de::Visitor; - -#[cfg(feature = "serde")] -impl Serialize for RistrettoPoint { - fn serialize(&self, serializer: S) -> Result - where S: Serializer - { - use serde::ser::SerializeTuple; - let mut tup = serializer.serialize_tuple(32)?; - for byte in self.compress().as_bytes().iter() { - tup.serialize_element(byte)?; - } - tup.end() - } -} - -#[cfg(feature = "serde")] -impl Serialize for CompressedRistretto { - fn serialize(&self, serializer: S) -> Result - where S: Serializer - { - use serde::ser::SerializeTuple; - let mut tup = serializer.serialize_tuple(32)?; - for byte in self.as_bytes().iter() { - tup.serialize_element(byte)?; - } - tup.end() - } -} - -#[cfg(feature = "serde")] -impl<'de> Deserialize<'de> for RistrettoPoint { - fn deserialize(deserializer: D) -> Result - where D: Deserializer<'de> - { - struct RistrettoPointVisitor; - - impl<'de> Visitor<'de> for RistrettoPointVisitor { - type Value = RistrettoPoint; - - fn expecting(&self, formatter: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - formatter.write_str("a valid point in Ristretto format") - } - - fn visit_seq(self, mut seq: A) -> Result - where A: serde::de::SeqAccess<'de> - { - let mut bytes = [0u8; 32]; - for i in 0..32 { - bytes[i] = seq.next_element()? - .ok_or(serde::de::Error::invalid_length(i, &"expected 32 bytes"))?; - } - CompressedRistretto(bytes) - .decompress() - .ok_or(serde::de::Error::custom("decompression failed")) - } - } - - deserializer.deserialize_tuple(32, RistrettoPointVisitor) - } -} - -#[cfg(feature = "serde")] -impl<'de> Deserialize<'de> for CompressedRistretto { - fn deserialize(deserializer: D) -> Result - where D: Deserializer<'de> - { - struct CompressedRistrettoVisitor; - - impl<'de> Visitor<'de> for CompressedRistrettoVisitor { - type Value = CompressedRistretto; - - fn expecting(&self, formatter: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - formatter.write_str("32 bytes of data") - } - - fn visit_seq(self, mut seq: A) -> Result - where A: serde::de::SeqAccess<'de> - { - let mut bytes = [0u8; 32]; - for i in 0..32 { - bytes[i] = seq.next_element()? - .ok_or(serde::de::Error::invalid_length(i, &"expected 32 bytes"))?; - } - Ok(CompressedRistretto(bytes)) - } - } - - deserializer.deserialize_tuple(32, CompressedRistrettoVisitor) - } -} - -// ------------------------------------------------------------------------ -// Internal point representations -// ------------------------------------------------------------------------ - -/// A `RistrettoPoint` represents a point in the Ristretto group for -/// Curve25519. Ristretto, a variant of Decaf, constructs a -/// prime-order group as a quotient group of a subgroup of (the -/// Edwards form of) Curve25519. -/// -/// Internally, a `RistrettoPoint` is implemented as a wrapper type -/// around `EdwardsPoint`, with custom equality, compression, and -/// decompression routines to account for the quotient. This means that -/// operations on `RistrettoPoint`s are exactly as fast as operations on -/// `EdwardsPoint`s. -/// -#[derive(Copy, Clone)] -pub struct RistrettoPoint(pub(crate) EdwardsPoint); - -impl RistrettoPoint { - /// Compress this point using the Ristretto encoding. - pub fn compress(&self) -> CompressedRistretto { - let mut X = self.0.X; - let mut Y = self.0.Y; - let Z = &self.0.Z; - let T = &self.0.T; - - let u1 = &(Z + &Y) * &(Z - &Y); - let u2 = &X * &Y; - // Ignore return value since this is always square - let (_, invsqrt) = (&u1 * &u2.square()).invsqrt(); - let i1 = &invsqrt * &u1; - let i2 = &invsqrt * &u2; - let z_inv = &i1 * &(&i2 * T); - let mut den_inv = i2; - - let iX = &X * &constants::SQRT_M1; - let iY = &Y * &constants::SQRT_M1; - let ristretto_magic = &constants::INVSQRT_A_MINUS_D; - let enchanted_denominator = &i1 * ristretto_magic; - - let rotate = (T * &z_inv).is_negative(); - - X.conditional_assign(&iY, rotate); - Y.conditional_assign(&iX, rotate); - den_inv.conditional_assign(&enchanted_denominator, rotate); - - Y.conditional_negate((&X * &z_inv).is_negative()); - - let mut s = &den_inv * &(Z - &Y); - let s_is_negative = s.is_negative(); - s.conditional_negate(s_is_negative); - - CompressedRistretto(s.to_bytes()) - } - - /// Double-and-compress a batch of points. The Ristretto encoding - /// is not batchable, since it requires an inverse square root. - /// - /// However, given input points \\( P\_1, \ldots, P\_n, \\) - /// it is possible to compute the encodings of their doubles \\( - /// \mathrm{enc}( [2]P\_1), \ldots, \mathrm{enc}( [2]P\_n ) \\) - /// in a batch. - /// - /// ``` - /// # extern crate curve25519_dalek; - /// # use curve25519_dalek::ristretto::RistrettoPoint; - /// extern crate rand_core; - /// use rand_core::OsRng; - /// - /// # // Need fn main() here in comment so the doctest compiles - /// # // See https://doc.rust-lang.org/book/documentation.html#documentation-as-tests - /// # fn main() { - /// let mut rng = OsRng; - /// let points: Vec = - /// (0..32).map(|_| RistrettoPoint::random(&mut rng)).collect(); - /// - /// let compressed = RistrettoPoint::double_and_compress_batch(&points); - /// - /// for (P, P2_compressed) in points.iter().zip(compressed.iter()) { - /// assert_eq!(*P2_compressed, (P + P).compress()); - /// } - /// # } - /// ``` - #[cfg(feature = "alloc")] - pub fn double_and_compress_batch<'a, I>(points: I) -> Vec - where I: IntoIterator - { - #[derive(Copy, Clone, Debug)] - struct BatchCompressState { - e: FieldElement, - f: FieldElement, - g: FieldElement, - h: FieldElement, - eg: FieldElement, - fh: FieldElement, - } - - impl BatchCompressState { - fn efgh(&self) -> FieldElement { - &self.eg * &self.fh - } - } - - impl<'a> From<&'a RistrettoPoint> for BatchCompressState { - fn from(P: &'a RistrettoPoint) -> BatchCompressState { - let XX = P.0.X.square(); - let YY = P.0.Y.square(); - let ZZ = P.0.Z.square(); - let dTT = &P.0.T.square() * &constants::EDWARDS_D; - - let e = &P.0.X * &(&P.0.Y + &P.0.Y); // = 2*X*Y - let f = &ZZ + &dTT; // = Z^2 + d*T^2 - let g = &YY + &XX; // = Y^2 - a*X^2 - let h = &ZZ - &dTT; // = Z^2 - d*T^2 - - let eg = &e * &g; - let fh = &f * &h; - - BatchCompressState{ e, f, g, h, eg, fh } - } - } - - let states: Vec = points.into_iter().map(BatchCompressState::from).collect(); - - let mut invs: Vec = states.iter().map(|state| state.efgh()).collect(); - - FieldElement::batch_invert(&mut invs[..]); - - states.iter().zip(invs.iter()).map(|(state, inv): (&BatchCompressState, &FieldElement)| { - let Zinv = &state.eg * &inv; - let Tinv = &state.fh * &inv; - - let mut magic = constants::INVSQRT_A_MINUS_D; - - let negcheck1 = (&state.eg * &Zinv).is_negative(); - - let mut e = state.e; - let mut g = state.g; - let mut h = state.h; - - let minus_e = -&e; - let f_times_sqrta = &state.f * &constants::SQRT_M1; - - e.conditional_assign(&state.g, negcheck1); - g.conditional_assign(&minus_e, negcheck1); - h.conditional_assign(&f_times_sqrta, negcheck1); - - magic.conditional_assign(&constants::SQRT_M1, negcheck1); - - let negcheck2 = (&(&h * &e) * &Zinv).is_negative(); - - g.conditional_negate(negcheck2); - - let mut s = &(&h - &g) * &(&magic * &(&g * &Tinv)); - - let s_is_negative = s.is_negative(); - s.conditional_negate(s_is_negative); - - CompressedRistretto(s.to_bytes()) - }).collect() - } - - - /// Return the coset self + E[4], for debugging. - fn coset4(&self) -> [EdwardsPoint; 4] { - [ self.0 - , &self.0 + &constants::EIGHT_TORSION[2] - , &self.0 + &constants::EIGHT_TORSION[4] - , &self.0 + &constants::EIGHT_TORSION[6] - ] - } - - /// Computes the Ristretto Elligator map. - /// - /// # Note - /// - /// This method is not public because it's just used for hashing - /// to a point -- proper elligator support is deferred for now. - pub(crate) fn elligator_ristretto_flavor(r_0: &FieldElement) -> RistrettoPoint { - let i = &constants::SQRT_M1; - let d = &constants::EDWARDS_D; - let one_minus_d_sq = &constants::ONE_MINUS_EDWARDS_D_SQUARED; - let d_minus_one_sq = &constants::EDWARDS_D_MINUS_ONE_SQUARED; - let mut c = constants::MINUS_ONE; - - let one = FieldElement::one(); - - let r = i * &r_0.square(); - let N_s = &(&r + &one) * &one_minus_d_sq; - let D = &(&c - &(d * &r)) * &(&r + d); - - let (Ns_D_is_sq, mut s) = FieldElement::sqrt_ratio_i(&N_s, &D); - let mut s_prime = &s * r_0; - let s_prime_is_pos = !s_prime.is_negative(); - s_prime.conditional_negate(s_prime_is_pos); - - s.conditional_assign(&s_prime, !Ns_D_is_sq); - c.conditional_assign(&r, !Ns_D_is_sq); - - let N_t = &(&(&c * &(&r - &one)) * &d_minus_one_sq) - &D; - let s_sq = s.square(); - - use backend::serial::curve_models::CompletedPoint; - - // The conversion from W_i is exactly the conversion from P1xP1. - RistrettoPoint(CompletedPoint{ - X: &(&s + &s) * &D, - Z: &N_t * &constants::SQRT_AD_MINUS_ONE, - Y: &FieldElement::one() - &s_sq, - T: &FieldElement::one() + &s_sq, - }.to_extended()) - } - - /// Return a `RistrettoPoint` chosen uniformly at random using a user-provided RNG. - /// - /// # Inputs - /// - /// * `rng`: any RNG which implements the `RngCore + CryptoRng` interface. - /// - /// # Returns - /// - /// A random element of the Ristretto group. - /// - /// # Implementation - /// - /// Uses the Ristretto-flavoured Elligator 2 map, so that the - /// discrete log of the output point with respect to any other - /// point should be unknown. The map is applied twice and the - /// results are added, to ensure a uniform distribution. - pub fn random(rng: &mut R) -> Self { - let mut uniform_bytes = [0u8; 64]; - rng.fill_bytes(&mut uniform_bytes); - - RistrettoPoint::from_uniform_bytes(&uniform_bytes) - } - - /// Hash a slice of bytes into a `RistrettoPoint`. - /// - /// Takes a type parameter `D`, which is any `Digest` producing 64 - /// bytes of output. - /// - /// Convenience wrapper around `from_hash`. - /// - /// # Implementation - /// - /// Uses the Ristretto-flavoured Elligator 2 map, so that the - /// discrete log of the output point with respect to any other - /// point should be unknown. The map is applied twice and the - /// results are added, to ensure a uniform distribution. - /// - /// # Example - /// - /// ``` - /// # extern crate curve25519_dalek; - /// # use curve25519_dalek::ristretto::RistrettoPoint; - /// extern crate sha2; - /// use sha2::Sha512; - /// - /// # // Need fn main() here in comment so the doctest compiles - /// # // See https://doc.rust-lang.org/book/documentation.html#documentation-as-tests - /// # fn main() { - /// let msg = "To really appreciate architecture, you may even need to commit a murder"; - /// let P = RistrettoPoint::hash_from_bytes::(msg.as_bytes()); - /// # } - /// ``` - /// - pub fn hash_from_bytes(input: &[u8]) -> RistrettoPoint - where D: Digest + Default - { - let mut hash = D::default(); - hash.update(input); - RistrettoPoint::from_hash(hash) - } - - /// Construct a `RistrettoPoint` from an existing `Digest` instance. - /// - /// Use this instead of `hash_from_bytes` if it is more convenient - /// to stream data into the `Digest` than to pass a single byte - /// slice. - pub fn from_hash(hash: D) -> RistrettoPoint - where D: Digest + Default - { - // dealing with generic arrays is clumsy, until const generics land - let output = hash.finalize(); - let mut output_bytes = [0u8; 64]; - output_bytes.copy_from_slice(&output.as_slice()); - - RistrettoPoint::from_uniform_bytes(&output_bytes) - } - - /// Construct a `RistrettoPoint` from 64 bytes of data. - /// - /// If the input bytes are uniformly distributed, the resulting - /// point will be uniformly distributed over the group, and its - /// discrete log with respect to other points should be unknown. - /// - /// # Implementation - /// - /// This function splits the input array into two 32-byte halves, - /// takes the low 255 bits of each half mod p, applies the - /// Ristretto-flavored Elligator map to each, and adds the results. - pub fn from_uniform_bytes(bytes: &[u8; 64]) -> RistrettoPoint { - let mut r_1_bytes = [0u8; 32]; - r_1_bytes.copy_from_slice(&bytes[0..32]); - let r_1 = FieldElement::from_bytes(&r_1_bytes); - let R_1 = RistrettoPoint::elligator_ristretto_flavor(&r_1); - - let mut r_2_bytes = [0u8; 32]; - r_2_bytes.copy_from_slice(&bytes[32..64]); - let r_2 = FieldElement::from_bytes(&r_2_bytes); - let R_2 = RistrettoPoint::elligator_ristretto_flavor(&r_2); - - // Applying Elligator twice and adding the results ensures a - // uniform distribution. - &R_1 + &R_2 - } -} - -impl Identity for RistrettoPoint { - fn identity() -> RistrettoPoint { - RistrettoPoint(EdwardsPoint::identity()) - } -} - -impl Default for RistrettoPoint { - fn default() -> RistrettoPoint { - RistrettoPoint::identity() - } -} - -// ------------------------------------------------------------------------ -// Equality -// ------------------------------------------------------------------------ - -impl PartialEq for RistrettoPoint { - fn eq(&self, other: &RistrettoPoint) -> bool { - self.ct_eq(other).unwrap_u8() == 1u8 - } -} - -impl ConstantTimeEq for RistrettoPoint { - /// Test equality between two `RistrettoPoint`s. - /// - /// # Returns - /// - /// * `Choice(1)` if the two `RistrettoPoint`s are equal; - /// * `Choice(0)` otherwise. - fn ct_eq(&self, other: &RistrettoPoint) -> Choice { - let X1Y2 = &self.0.X * &other.0.Y; - let Y1X2 = &self.0.Y * &other.0.X; - let X1X2 = &self.0.X * &other.0.X; - let Y1Y2 = &self.0.Y * &other.0.Y; - - X1Y2.ct_eq(&Y1X2) | X1X2.ct_eq(&Y1Y2) - } -} - -impl Eq for RistrettoPoint {} - -// ------------------------------------------------------------------------ -// Arithmetic -// ------------------------------------------------------------------------ - -impl<'a, 'b> Add<&'b RistrettoPoint> for &'a RistrettoPoint { - type Output = RistrettoPoint; - - fn add(self, other: &'b RistrettoPoint) -> RistrettoPoint { - RistrettoPoint(&self.0 + &other.0) - } -} - -define_add_variants!(LHS = RistrettoPoint, RHS = RistrettoPoint, Output = RistrettoPoint); - -impl<'b> AddAssign<&'b RistrettoPoint> for RistrettoPoint { - fn add_assign(&mut self, _rhs: &RistrettoPoint) { - *self = (self as &RistrettoPoint) + _rhs; - } -} - -define_add_assign_variants!(LHS = RistrettoPoint, RHS = RistrettoPoint); - -impl<'a, 'b> Sub<&'b RistrettoPoint> for &'a RistrettoPoint { - type Output = RistrettoPoint; - - fn sub(self, other: &'b RistrettoPoint) -> RistrettoPoint { - RistrettoPoint(&self.0 - &other.0) - } -} - -define_sub_variants!(LHS = RistrettoPoint, RHS = RistrettoPoint, Output = RistrettoPoint); - -impl<'b> SubAssign<&'b RistrettoPoint> for RistrettoPoint { - fn sub_assign(&mut self, _rhs: &RistrettoPoint) { - *self = (self as &RistrettoPoint) - _rhs; - } -} - -define_sub_assign_variants!(LHS = RistrettoPoint, RHS = RistrettoPoint); - -impl Sum for RistrettoPoint -where - T: Borrow -{ - fn sum(iter: I) -> Self - where - I: Iterator - { - iter.fold(RistrettoPoint::identity(), |acc, item| acc + item.borrow()) - } -} - -impl<'a> Neg for &'a RistrettoPoint { - type Output = RistrettoPoint; - - fn neg(self) -> RistrettoPoint { - RistrettoPoint(-&self.0) - } -} - -impl Neg for RistrettoPoint { - type Output = RistrettoPoint; - - fn neg(self) -> RistrettoPoint { - -&self - } -} - -impl<'b> MulAssign<&'b Scalar> for RistrettoPoint { - fn mul_assign(&mut self, scalar: &'b Scalar) { - let result = (self as &RistrettoPoint) * scalar; - *self = result; - } -} - -impl<'a, 'b> Mul<&'b Scalar> for &'a RistrettoPoint { - type Output = RistrettoPoint; - /// Scalar multiplication: compute `scalar * self`. - fn mul(self, scalar: &'b Scalar) -> RistrettoPoint { - RistrettoPoint(self.0 * scalar) - } -} - -impl<'a, 'b> Mul<&'b RistrettoPoint> for &'a Scalar { - type Output = RistrettoPoint; - - /// Scalar multiplication: compute `self * scalar`. - fn mul(self, point: &'b RistrettoPoint) -> RistrettoPoint { - RistrettoPoint(self * point.0) - } -} - -define_mul_assign_variants!(LHS = RistrettoPoint, RHS = Scalar); - -define_mul_variants!(LHS = RistrettoPoint, RHS = Scalar, Output = RistrettoPoint); -define_mul_variants!(LHS = Scalar, RHS = RistrettoPoint, Output = RistrettoPoint); - -// ------------------------------------------------------------------------ -// Multiscalar Multiplication impls -// ------------------------------------------------------------------------ - -// These use iterator combinators to unwrap the underlying points and -// forward to the EdwardsPoint implementations. - -#[cfg(feature = "alloc")] -impl MultiscalarMul for RistrettoPoint { - type Point = RistrettoPoint; - - fn multiscalar_mul(scalars: I, points: J) -> RistrettoPoint - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - { - let extended_points = points.into_iter().map(|P| P.borrow().0); - RistrettoPoint( - EdwardsPoint::multiscalar_mul(scalars, extended_points) - ) - } -} - -#[cfg(feature = "alloc")] -impl VartimeMultiscalarMul for RistrettoPoint { - type Point = RistrettoPoint; - - fn optional_multiscalar_mul(scalars: I, points: J) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator>, - { - let extended_points = points.into_iter().map(|opt_P| opt_P.map(|P| P.borrow().0)); - - EdwardsPoint::optional_multiscalar_mul(scalars, extended_points).map(RistrettoPoint) - } -} - -/// Precomputation for variable-time multiscalar multiplication with `RistrettoPoint`s. -// This wraps the inner implementation in a facade type so that we can -// decouple stability of the inner type from the stability of the -// outer type. -#[cfg(feature = "alloc")] -pub struct VartimeRistrettoPrecomputation(scalar_mul::precomputed_straus::VartimePrecomputedStraus); - -#[cfg(feature = "alloc")] -impl VartimePrecomputedMultiscalarMul for VartimeRistrettoPrecomputation { - type Point = RistrettoPoint; - - fn new(static_points: I) -> Self - where - I: IntoIterator, - I::Item: Borrow, - { - Self( - scalar_mul::precomputed_straus::VartimePrecomputedStraus::new( - static_points.into_iter().map(|P| P.borrow().0), - ), - ) - } - - fn optional_mixed_multiscalar_mul( - &self, - static_scalars: I, - dynamic_scalars: J, - dynamic_points: K, - ) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - K: IntoIterator>, - { - self.0 - .optional_mixed_multiscalar_mul( - static_scalars, - dynamic_scalars, - dynamic_points.into_iter().map(|P_opt| P_opt.map(|P| P.0)), - ) - .map(RistrettoPoint) - } -} - -impl RistrettoPoint { - /// Compute \\(aA + bB\\) in variable time, where \\(B\\) is the - /// Ristretto basepoint. - pub fn vartime_double_scalar_mul_basepoint( - a: &Scalar, - A: &RistrettoPoint, - b: &Scalar, - ) -> RistrettoPoint { - RistrettoPoint( - EdwardsPoint::vartime_double_scalar_mul_basepoint(a, &A.0, b) - ) - } -} - -/// A precomputed table of multiples of a basepoint, used to accelerate -/// scalar multiplication. -/// -/// A precomputed table of multiples of the Ristretto basepoint is -/// available in the `constants` module: -/// ``` -/// use curve25519_dalek::constants; -/// use curve25519_dalek::scalar::Scalar; -/// -/// let a = Scalar::from(87329482u64); -/// let P = &a * &constants::RISTRETTO_BASEPOINT_TABLE; -/// ``` -#[derive(Clone)] -pub struct RistrettoBasepointTable(pub(crate) EdwardsBasepointTable); - -impl<'a, 'b> Mul<&'b Scalar> for &'a RistrettoBasepointTable { - type Output = RistrettoPoint; - - fn mul(self, scalar: &'b Scalar) -> RistrettoPoint { - RistrettoPoint(&self.0 * scalar) - } -} - -impl<'a, 'b> Mul<&'a RistrettoBasepointTable> for &'b Scalar { - type Output = RistrettoPoint; - - fn mul(self, basepoint_table: &'a RistrettoBasepointTable) -> RistrettoPoint { - RistrettoPoint(self * &basepoint_table.0) - } -} - -impl RistrettoBasepointTable { - /// Create a precomputed table of multiples of the given `basepoint`. - pub fn create(basepoint: &RistrettoPoint) -> RistrettoBasepointTable { - RistrettoBasepointTable(EdwardsBasepointTable::create(&basepoint.0)) - } - - /// Get the basepoint for this table as a `RistrettoPoint`. - pub fn basepoint(&self) -> RistrettoPoint { - RistrettoPoint(self.0.basepoint()) - } -} - -// ------------------------------------------------------------------------ -// Constant-time conditional selection -// ------------------------------------------------------------------------ - -impl ConditionallySelectable for RistrettoPoint { - /// Conditionally select between `self` and `other`. - /// - /// # Example - /// - /// ``` - /// # extern crate subtle; - /// # extern crate curve25519_dalek; - /// # - /// use subtle::ConditionallySelectable; - /// use subtle::Choice; - /// # - /// # use curve25519_dalek::traits::Identity; - /// # use curve25519_dalek::ristretto::RistrettoPoint; - /// # use curve25519_dalek::constants; - /// # fn main() { - /// - /// let A = RistrettoPoint::identity(); - /// let B = constants::RISTRETTO_BASEPOINT_POINT; - /// - /// let mut P = A; - /// - /// P = RistrettoPoint::conditional_select(&A, &B, Choice::from(0)); - /// assert_eq!(P, A); - /// P = RistrettoPoint::conditional_select(&A, &B, Choice::from(1)); - /// assert_eq!(P, B); - /// # } - /// ``` - fn conditional_select( - a: &RistrettoPoint, - b: &RistrettoPoint, - choice: Choice, - ) -> RistrettoPoint { - RistrettoPoint(EdwardsPoint::conditional_select(&a.0, &b.0, choice)) - } -} - -// ------------------------------------------------------------------------ -// Debug traits -// ------------------------------------------------------------------------ - -impl Debug for CompressedRistretto { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "CompressedRistretto: {:?}", self.as_bytes()) - } -} - -impl Debug for RistrettoPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - let coset = self.coset4(); - write!(f, "RistrettoPoint: coset \n{:?}\n{:?}\n{:?}\n{:?}", - coset[0], coset[1], coset[2], coset[3]) - } -} - -// ------------------------------------------------------------------------ -// Zeroize traits -// ------------------------------------------------------------------------ - -impl Zeroize for CompressedRistretto { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -impl Zeroize for RistrettoPoint { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -// ------------------------------------------------------------------------ -// Tests -// ------------------------------------------------------------------------ - -#[cfg(test)] -mod test { - use rand_core::OsRng; - - use scalar::Scalar; - use constants; - use edwards::CompressedEdwardsY; - use traits::{Identity}; - use super::*; - - #[test] - #[cfg(feature = "serde")] - fn serde_bincode_basepoint_roundtrip() { - use bincode; - - let encoded = bincode::serialize(&constants::RISTRETTO_BASEPOINT_POINT).unwrap(); - let enc_compressed = bincode::serialize(&constants::RISTRETTO_BASEPOINT_COMPRESSED).unwrap(); - assert_eq!(encoded, enc_compressed); - - // Check that the encoding is 32 bytes exactly - assert_eq!(encoded.len(), 32); - - let dec_uncompressed: RistrettoPoint = bincode::deserialize(&encoded).unwrap(); - let dec_compressed: CompressedRistretto = bincode::deserialize(&encoded).unwrap(); - - assert_eq!(dec_uncompressed, constants::RISTRETTO_BASEPOINT_POINT); - assert_eq!(dec_compressed, constants::RISTRETTO_BASEPOINT_COMPRESSED); - - // Check that the encoding itself matches the usual one - let raw_bytes = constants::RISTRETTO_BASEPOINT_COMPRESSED.as_bytes(); - let bp: RistrettoPoint = bincode::deserialize(raw_bytes).unwrap(); - assert_eq!(bp, constants::RISTRETTO_BASEPOINT_POINT); - } - - #[test] - fn scalarmult_ristrettopoint_works_both_ways() { - let P = constants::RISTRETTO_BASEPOINT_POINT; - let s = Scalar::from(999u64); - - let P1 = &P * &s; - let P2 = &s * &P; - - assert!(P1.compress().as_bytes() == P2.compress().as_bytes()); - } - - #[test] - fn impl_sum() { - - // Test that sum works for non-empty iterators - let BASE = constants::RISTRETTO_BASEPOINT_POINT; - - let s1 = Scalar::from(999u64); - let P1 = &BASE * &s1; - - let s2 = Scalar::from(333u64); - let P2 = &BASE * &s2; - - let vec = vec![P1.clone(), P2.clone()]; - let sum: RistrettoPoint = vec.iter().sum(); - - assert_eq!(sum, P1 + P2); - - // Test that sum works for the empty iterator - let empty_vector: Vec = vec![]; - let sum: RistrettoPoint = empty_vector.iter().sum(); - - assert_eq!(sum, RistrettoPoint::identity()); - - // Test that sum works on owning iterators - let s = Scalar::from(2u64); - let mapped = vec.iter().map(|x| x * s); - let sum: RistrettoPoint = mapped.sum(); - - assert_eq!(sum, &P1 * &s + &P2 * &s); - } - - #[test] - fn decompress_negative_s_fails() { - // constants::d is neg, so decompression should fail as |d| != d. - let bad_compressed = CompressedRistretto(constants::EDWARDS_D.to_bytes()); - assert!(bad_compressed.decompress().is_none()); - } - - #[test] - fn decompress_id() { - let compressed_id = CompressedRistretto::identity(); - let id = compressed_id.decompress().unwrap(); - let mut identity_in_coset = false; - for P in &id.coset4() { - if P.compress() == CompressedEdwardsY::identity() { - identity_in_coset = true; - } - } - assert!(identity_in_coset); - } - - #[test] - fn compress_id() { - let id = RistrettoPoint::identity(); - assert_eq!(id.compress(), CompressedRistretto::identity()); - } - - #[test] - fn basepoint_roundtrip() { - let bp_compressed_ristretto = constants::RISTRETTO_BASEPOINT_POINT.compress(); - let bp_recaf = bp_compressed_ristretto.decompress().unwrap().0; - // Check that bp_recaf differs from bp by a point of order 4 - let diff = &constants::RISTRETTO_BASEPOINT_POINT.0 - &bp_recaf; - let diff4 = diff.mul_by_pow_2(2); - assert_eq!(diff4.compress(), CompressedEdwardsY::identity()); - } - - #[test] - fn encodings_of_small_multiples_of_basepoint() { - // Table of encodings of i*basepoint - // Generated using ristretto.sage - let compressed = [ - CompressedRistretto([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), - CompressedRistretto([226, 242, 174, 10, 106, 188, 78, 113, 168, 132, 169, 97, 197, 0, 81, 95, 88, 227, 11, 106, 165, 130, 221, 141, 182, 166, 89, 69, 224, 141, 45, 118]), - CompressedRistretto([106, 73, 50, 16, 247, 73, 156, 209, 127, 236, 181, 16, 174, 12, 234, 35, 161, 16, 232, 213, 185, 1, 248, 172, 173, 211, 9, 92, 115, 163, 185, 25]), - CompressedRistretto([148, 116, 31, 93, 93, 82, 117, 94, 206, 79, 35, 240, 68, 238, 39, 213, 209, 234, 30, 43, 209, 150, 180, 98, 22, 107, 22, 21, 42, 157, 2, 89]), - CompressedRistretto([218, 128, 134, 39, 115, 53, 139, 70, 111, 250, 223, 224, 179, 41, 58, 179, 217, 253, 83, 197, 234, 108, 149, 83, 88, 245, 104, 50, 45, 175, 106, 87]), - CompressedRistretto([232, 130, 177, 49, 1, 107, 82, 193, 211, 51, 112, 128, 24, 124, 247, 104, 66, 62, 252, 203, 181, 23, 187, 73, 90, 184, 18, 196, 22, 15, 244, 78]), - CompressedRistretto([246, 71, 70, 211, 201, 43, 19, 5, 14, 216, 216, 2, 54, 167, 240, 0, 124, 59, 63, 150, 47, 91, 167, 147, 209, 154, 96, 30, 187, 29, 244, 3]), - CompressedRistretto([68, 245, 53, 32, 146, 110, 200, 31, 189, 90, 56, 120, 69, 190, 183, 223, 133, 169, 106, 36, 236, 225, 135, 56, 189, 207, 166, 167, 130, 42, 23, 109]), - CompressedRistretto([144, 50, 147, 216, 242, 40, 126, 190, 16, 226, 55, 77, 193, 165, 62, 11, 200, 135, 229, 146, 105, 159, 2, 208, 119, 213, 38, 60, 221, 85, 96, 28]), - CompressedRistretto([2, 98, 42, 206, 143, 115, 3, 163, 28, 175, 198, 63, 143, 196, 143, 220, 22, 225, 200, 200, 210, 52, 178, 240, 214, 104, 82, 130, 169, 7, 96, 49]), - CompressedRistretto([32, 112, 111, 215, 136, 178, 114, 10, 30, 210, 165, 218, 212, 149, 43, 1, 244, 19, 188, 240, 231, 86, 77, 232, 205, 200, 22, 104, 158, 45, 185, 95]), - CompressedRistretto([188, 232, 63, 139, 165, 221, 47, 165, 114, 134, 76, 36, 186, 24, 16, 249, 82, 43, 198, 0, 74, 254, 149, 135, 122, 199, 50, 65, 202, 253, 171, 66]), - CompressedRistretto([228, 84, 158, 225, 107, 154, 160, 48, 153, 202, 32, 140, 103, 173, 175, 202, 250, 76, 63, 62, 78, 83, 3, 222, 96, 38, 227, 202, 143, 248, 68, 96]), - CompressedRistretto([170, 82, 224, 0, 223, 46, 22, 245, 95, 177, 3, 47, 195, 59, 196, 39, 66, 218, 214, 189, 90, 143, 192, 190, 1, 103, 67, 108, 89, 72, 80, 31]), - CompressedRistretto([70, 55, 107, 128, 244, 9, 178, 157, 194, 181, 246, 240, 197, 37, 145, 153, 8, 150, 229, 113, 111, 65, 71, 124, 211, 0, 133, 171, 127, 16, 48, 30]), - CompressedRistretto([224, 196, 24, 247, 200, 217, 196, 205, 215, 57, 91, 147, 234, 18, 79, 58, 217, 144, 33, 187, 104, 29, 252, 51, 2, 169, 217, 154, 46, 83, 230, 78]), - ]; - let mut bp = RistrettoPoint::identity(); - for i in 0..16 { - assert_eq!(bp.compress(), compressed[i]); - bp = &bp + &constants::RISTRETTO_BASEPOINT_POINT; - } - } - - #[test] - fn four_torsion_basepoint() { - let bp = constants::RISTRETTO_BASEPOINT_POINT; - let bp_coset = bp.coset4(); - for i in 0..4 { - assert_eq!(bp, RistrettoPoint(bp_coset[i])); - } - } - - #[test] - fn four_torsion_random() { - let mut rng = OsRng; - let B = &constants::RISTRETTO_BASEPOINT_TABLE; - let P = B * &Scalar::random(&mut rng); - let P_coset = P.coset4(); - for i in 0..4 { - assert_eq!(P, RistrettoPoint(P_coset[i])); - } - } - - #[test] - fn elligator_vs_ristretto_sage() { - // Test vectors extracted from ristretto.sage. - // - // Notice that all of the byte sequences have bit 255 set to 0; this is because - // ristretto.sage does not mask the high bit of a field element. When the high bit is set, - // the ristretto.sage elligator implementation gives different results, since it takes a - // different field element as input. - let bytes: [[u8;32]; 16] = [ - [184, 249, 135, 49, 253, 123, 89, 113, 67, 160, 6, 239, 7, 105, 211, 41, 192, 249, 185, 57, 9, 102, 70, 198, 15, 127, 7, 26, 160, 102, 134, 71], - [229, 14, 241, 227, 75, 9, 118, 60, 128, 153, 226, 21, 183, 217, 91, 136, 98, 0, 231, 156, 124, 77, 82, 139, 142, 134, 164, 169, 169, 62, 250, 52], - [115, 109, 36, 220, 180, 223, 99, 6, 204, 169, 19, 29, 169, 68, 84, 23, 21, 109, 189, 149, 127, 205, 91, 102, 172, 35, 112, 35, 134, 69, 186, 34], - [16, 49, 96, 107, 171, 199, 164, 9, 129, 16, 64, 62, 241, 63, 132, 173, 209, 160, 112, 215, 105, 50, 157, 81, 253, 105, 1, 154, 229, 25, 120, 83], - [156, 131, 161, 162, 236, 251, 5, 187, 167, 171, 17, 178, 148, 210, 90, 207, 86, 21, 79, 161, 167, 215, 234, 1, 136, 242, 182, 248, 38, 85, 79, 86], - [251, 177, 124, 54, 18, 101, 75, 235, 245, 186, 19, 46, 133, 157, 229, 64, 10, 136, 181, 185, 78, 144, 254, 167, 137, 49, 107, 10, 61, 10, 21, 25], - [232, 193, 20, 68, 240, 77, 186, 77, 183, 40, 44, 86, 150, 31, 198, 212, 76, 81, 3, 217, 197, 8, 126, 128, 126, 152, 164, 208, 153, 44, 189, 77], - [173, 229, 149, 177, 37, 230, 30, 69, 61, 56, 172, 190, 219, 115, 167, 194, 71, 134, 59, 75, 28, 244, 118, 26, 162, 97, 64, 16, 15, 189, 30, 64], - [106, 71, 61, 107, 250, 117, 42, 151, 91, 202, 212, 100, 52, 188, 190, 21, 125, 218, 31, 18, 253, 241, 160, 133, 57, 242, 3, 164, 189, 68, 111, 75], - [112, 204, 182, 90, 220, 198, 120, 73, 173, 107, 193, 17, 227, 40, 162, 36, 150, 141, 235, 55, 172, 183, 12, 39, 194, 136, 43, 153, 244, 118, 91, 89], - [111, 24, 203, 123, 254, 189, 11, 162, 51, 196, 163, 136, 204, 143, 10, 222, 33, 112, 81, 205, 34, 35, 8, 66, 90, 6, 164, 58, 170, 177, 34, 25], - [225, 183, 30, 52, 236, 82, 6, 183, 109, 25, 227, 181, 25, 82, 41, 193, 80, 77, 161, 80, 242, 203, 79, 204, 136, 245, 131, 110, 237, 106, 3, 58], - [207, 246, 38, 56, 30, 86, 176, 90, 27, 200, 61, 42, 221, 27, 56, 210, 79, 178, 189, 120, 68, 193, 120, 167, 77, 185, 53, 197, 124, 128, 191, 126], - [1, 136, 215, 80, 240, 46, 63, 147, 16, 244, 230, 207, 82, 189, 74, 50, 106, 169, 138, 86, 30, 131, 214, 202, 166, 125, 251, 228, 98, 24, 36, 21], - [210, 207, 228, 56, 155, 116, 207, 54, 84, 195, 251, 215, 249, 199, 116, 75, 109, 239, 196, 251, 194, 246, 252, 228, 70, 146, 156, 35, 25, 39, 241, 4], - [34, 116, 123, 9, 8, 40, 93, 189, 9, 103, 57, 103, 66, 227, 3, 2, 157, 107, 134, 219, 202, 74, 230, 154, 78, 107, 219, 195, 214, 14, 84, 80], - ]; - let encoded_images: [CompressedRistretto; 16] = [ - CompressedRistretto([176, 157, 237, 97, 66, 29, 140, 166, 168, 94, 26, 157, 212, 216, 229, 160, 195, 246, 232, 239, 169, 112, 63, 193, 64, 32, 152, 69, 11, 190, 246, 86]), - CompressedRistretto([234, 141, 77, 203, 181, 225, 250, 74, 171, 62, 15, 118, 78, 212, 150, 19, 131, 14, 188, 238, 194, 244, 141, 138, 166, 162, 83, 122, 228, 201, 19, 26]), - CompressedRistretto([232, 231, 51, 92, 5, 168, 80, 36, 173, 179, 104, 68, 186, 149, 68, 40, 140, 170, 27, 103, 99, 140, 21, 242, 43, 62, 250, 134, 208, 255, 61, 89]), - CompressedRistretto([208, 120, 140, 129, 177, 179, 237, 159, 252, 160, 28, 13, 206, 5, 211, 241, 192, 218, 1, 97, 130, 241, 20, 169, 119, 46, 246, 29, 79, 80, 77, 84]), - CompressedRistretto([202, 11, 236, 145, 58, 12, 181, 157, 209, 6, 213, 88, 75, 147, 11, 119, 191, 139, 47, 142, 33, 36, 153, 193, 223, 183, 178, 8, 205, 120, 248, 110]), - CompressedRistretto([26, 66, 231, 67, 203, 175, 116, 130, 32, 136, 62, 253, 215, 46, 5, 214, 166, 248, 108, 237, 216, 71, 244, 173, 72, 133, 82, 6, 143, 240, 104, 41]), - CompressedRistretto([40, 157, 102, 96, 201, 223, 200, 197, 150, 181, 106, 83, 103, 126, 143, 33, 145, 230, 78, 6, 171, 146, 210, 143, 112, 5, 245, 23, 183, 138, 18, 120]), - CompressedRistretto([220, 37, 27, 203, 239, 196, 176, 131, 37, 66, 188, 243, 185, 250, 113, 23, 167, 211, 154, 243, 168, 215, 54, 171, 159, 36, 195, 81, 13, 150, 43, 43]), - CompressedRistretto([232, 121, 176, 222, 183, 196, 159, 90, 238, 193, 105, 52, 101, 167, 244, 170, 121, 114, 196, 6, 67, 152, 80, 185, 221, 7, 83, 105, 176, 208, 224, 121]), - CompressedRistretto([226, 181, 183, 52, 241, 163, 61, 179, 221, 207, 220, 73, 245, 242, 25, 236, 67, 84, 179, 222, 167, 62, 167, 182, 32, 9, 92, 30, 165, 127, 204, 68]), - CompressedRistretto([226, 119, 16, 242, 200, 139, 240, 87, 11, 222, 92, 146, 156, 243, 46, 119, 65, 59, 1, 248, 92, 183, 50, 175, 87, 40, 206, 53, 208, 220, 148, 13]), - CompressedRistretto([70, 240, 79, 112, 54, 157, 228, 146, 74, 122, 216, 88, 232, 62, 158, 13, 14, 146, 115, 117, 176, 222, 90, 225, 244, 23, 94, 190, 150, 7, 136, 96]), - CompressedRistretto([22, 71, 241, 103, 45, 193, 195, 144, 183, 101, 154, 50, 39, 68, 49, 110, 51, 44, 62, 0, 229, 113, 72, 81, 168, 29, 73, 106, 102, 40, 132, 24]), - CompressedRistretto([196, 133, 107, 11, 130, 105, 74, 33, 204, 171, 133, 221, 174, 193, 241, 36, 38, 179, 196, 107, 219, 185, 181, 253, 228, 47, 155, 42, 231, 73, 41, 78]), - CompressedRistretto([58, 255, 225, 197, 115, 208, 160, 143, 39, 197, 82, 69, 143, 235, 92, 170, 74, 40, 57, 11, 171, 227, 26, 185, 217, 207, 90, 185, 197, 190, 35, 60]), - CompressedRistretto([88, 43, 92, 118, 223, 136, 105, 145, 238, 186, 115, 8, 214, 112, 153, 253, 38, 108, 205, 230, 157, 130, 11, 66, 101, 85, 253, 110, 110, 14, 148, 112]), - ]; - for i in 0..16 { - let r_0 = FieldElement::from_bytes(&bytes[i]); - let Q = RistrettoPoint::elligator_ristretto_flavor(&r_0); - assert_eq!(Q.compress(), encoded_images[i]); - } - } - - #[test] - fn random_roundtrip() { - let mut rng = OsRng; - let B = &constants::RISTRETTO_BASEPOINT_TABLE; - for _ in 0..100 { - let P = B * &Scalar::random(&mut rng); - let compressed_P = P.compress(); - let Q = compressed_P.decompress().unwrap(); - assert_eq!(P, Q); - } - } - - #[test] - fn double_and_compress_1024_random_points() { - let mut rng = OsRng; - - let points: Vec = - (0..1024).map(|_| RistrettoPoint::random(&mut rng)).collect(); - - let compressed = RistrettoPoint::double_and_compress_batch(&points); - - for (P, P2_compressed) in points.iter().zip(compressed.iter()) { - assert_eq!(*P2_compressed, (P + P).compress()); - } - } - - #[test] - fn vartime_precomputed_vs_nonprecomputed_multiscalar() { - let mut rng = rand::thread_rng(); - - let B = &::constants::RISTRETTO_BASEPOINT_TABLE; - - let static_scalars = (0..128) - .map(|_| Scalar::random(&mut rng)) - .collect::>(); - - let dynamic_scalars = (0..128) - .map(|_| Scalar::random(&mut rng)) - .collect::>(); - - let check_scalar: Scalar = static_scalars - .iter() - .chain(dynamic_scalars.iter()) - .map(|s| s * s) - .sum(); - - let static_points = static_scalars.iter().map(|s| s * B).collect::>(); - let dynamic_points = dynamic_scalars.iter().map(|s| s * B).collect::>(); - - let precomputation = VartimeRistrettoPrecomputation::new(static_points.iter()); - - let P = precomputation.vartime_mixed_multiscalar_mul( - &static_scalars, - &dynamic_scalars, - &dynamic_points, - ); - - use traits::VartimeMultiscalarMul; - let Q = RistrettoPoint::vartime_multiscalar_mul( - static_scalars.iter().chain(dynamic_scalars.iter()), - static_points.iter().chain(dynamic_points.iter()), - ); - - let R = &check_scalar * B; - - assert_eq!(P.compress(), R.compress()); - assert_eq!(Q.compress(), R.compress()); - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/scalar.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/scalar.rs deleted file mode 100644 index 00de74081936..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/scalar.rs +++ /dev/null @@ -1,1754 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// Portions Copyright 2017 Brian Smith -// See LICENSE for licensing information. -// -// Authors: -// - Isis Agora Lovecruft -// - Henry de Valence -// - Brian Smith - -//! Arithmetic on scalars (integers mod the group order). -//! -//! Both the Ristretto group and the Ed25519 basepoint have prime order -//! \\( \ell = 2\^{252} + 27742317777372353535851937790883648493 \\). -//! -//! This code is intended to be useful with both the Ristretto group -//! (where everything is done modulo \\( \ell \\)), and the X/Ed25519 -//! setting, which mandates specific bit-twiddles that are not -//! well-defined modulo \\( \ell \\). -//! -//! All arithmetic on `Scalars` is done modulo \\( \ell \\). -//! -//! # Constructing a scalar -//! -//! To create a [`Scalar`](struct.Scalar.html) from a supposedly canonical encoding, use -//! [`Scalar::from_canonical_bytes`](struct.Scalar.html#method.from_canonical_bytes). -//! -//! This function does input validation, ensuring that the input bytes -//! are the canonical encoding of a `Scalar`. -//! If they are, we'll get -//! `Some(Scalar)` in return: -//! -//! ``` -//! use curve25519_dalek::scalar::Scalar; -//! -//! let one_as_bytes: [u8; 32] = Scalar::one().to_bytes(); -//! let a: Option = Scalar::from_canonical_bytes(one_as_bytes); -//! -//! assert!(a.is_some()); -//! ``` -//! -//! However, if we give it bytes representing a scalar larger than \\( \ell \\) -//! (in this case, \\( \ell + 2 \\)), we'll get `None` back: -//! -//! ``` -//! use curve25519_dalek::scalar::Scalar; -//! -//! let l_plus_two_bytes: [u8; 32] = [ -//! 0xef, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, -//! 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, -//! 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -//! 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, -//! ]; -//! let a: Option = Scalar::from_canonical_bytes(l_plus_two_bytes); -//! -//! assert!(a.is_none()); -//! ``` -//! -//! Another way to create a `Scalar` is by reducing a \\(256\\)-bit integer mod -//! \\( \ell \\), for which one may use the -//! [`Scalar::from_bytes_mod_order`](struct.Scalar.html#method.from_bytes_mod_order) -//! method. In the case of the second example above, this would reduce the -//! resultant scalar \\( \mod \ell \\), producing \\( 2 \\): -//! -//! ``` -//! use curve25519_dalek::scalar::Scalar; -//! -//! let l_plus_two_bytes: [u8; 32] = [ -//! 0xef, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, -//! 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, -//! 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -//! 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, -//! ]; -//! let a: Scalar = Scalar::from_bytes_mod_order(l_plus_two_bytes); -//! -//! let two: Scalar = Scalar::one() + Scalar::one(); -//! -//! assert!(a == two); -//! ``` -//! -//! There is also a constructor that reduces a \\(512\\)-bit integer, -//! [`Scalar::from_bytes_mod_order_wide`](struct.Scalar.html#method.from_bytes_mod_order_wide). -//! -//! To construct a `Scalar` as the hash of some input data, use -//! [`Scalar::hash_from_bytes`](struct.Scalar.html#method.hash_from_bytes), -//! which takes a buffer, or -//! [`Scalar::from_hash`](struct.Scalar.html#method.from_hash), -//! which allows an IUF API. -//! -//! ``` -//! # extern crate curve25519_dalek; -//! # extern crate sha2; -//! # -//! # fn main() { -//! use sha2::{Digest, Sha512}; -//! use curve25519_dalek::scalar::Scalar; -//! -//! // Hashing a single byte slice -//! let a = Scalar::hash_from_bytes::(b"Abolish ICE"); -//! -//! // Streaming data into a hash object -//! let mut hasher = Sha512::default(); -//! hasher.update(b"Abolish "); -//! hasher.update(b"ICE"); -//! let a2 = Scalar::from_hash(hasher); -//! -//! assert_eq!(a, a2); -//! # } -//! ``` -//! -//! Finally, to create a `Scalar` with a specific bit-pattern -//! (e.g., for compatibility with X/Ed25519 -//! ["clamping"](https://github.com/isislovecruft/ed25519-dalek/blob/f790bd2ce/src/ed25519.rs#L349)), -//! use [`Scalar::from_bits`](struct.Scalar.html#method.from_bits). This -//! constructs a scalar with exactly the bit pattern given, without any -//! assurances as to reduction modulo the group order: -//! -//! ``` -//! use curve25519_dalek::scalar::Scalar; -//! -//! let l_plus_two_bytes: [u8; 32] = [ -//! 0xef, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, -//! 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, -//! 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -//! 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, -//! ]; -//! let a: Scalar = Scalar::from_bits(l_plus_two_bytes); -//! -//! let two: Scalar = Scalar::one() + Scalar::one(); -//! -//! assert!(a != two); // the scalar is not reduced (mod l)… -//! assert!(! a.is_canonical()); // …and therefore is not canonical. -//! assert!(a.reduce() == two); // if we were to reduce it manually, it would be. -//! ``` -//! -//! The resulting `Scalar` has exactly the specified bit pattern, -//! **except for the highest bit, which will be set to 0**. - -use core::borrow::Borrow; -use core::cmp::{Eq, PartialEq}; -use core::fmt::Debug; -use core::iter::{Product, Sum}; -use core::ops::Index; -use core::ops::Neg; -use core::ops::{Add, AddAssign}; -use core::ops::{Mul, MulAssign}; -use core::ops::{Sub, SubAssign}; - -#[allow(unused_imports)] -use prelude::*; - -use rand_core::{CryptoRng, RngCore}; - -use digest::generic_array::typenum::U64; -use digest::Digest; - -use subtle::Choice; -use subtle::ConditionallySelectable; -use subtle::ConstantTimeEq; - -use zeroize::Zeroize; - -use backend; -use constants; - -/// An `UnpackedScalar` represents an element of the field GF(l), optimized for speed. -/// -/// This is a type alias for one of the scalar types in the `backend` -/// module. -#[cfg(feature = "fiat_u32_backend")] -type UnpackedScalar = backend::serial::fiat_u32::scalar::Scalar29; -#[cfg(feature = "fiat_u64_backend")] -type UnpackedScalar = backend::serial::fiat_u64::scalar::Scalar52; - -/// An `UnpackedScalar` represents an element of the field GF(l), optimized for speed. -/// -/// This is a type alias for one of the scalar types in the `backend` -/// module. -#[cfg(feature = "u64_backend")] -type UnpackedScalar = backend::serial::u64::scalar::Scalar52; - -/// An `UnpackedScalar` represents an element of the field GF(l), optimized for speed. -/// -/// This is a type alias for one of the scalar types in the `backend` -/// module. -#[cfg(feature = "u32_backend")] -type UnpackedScalar = backend::serial::u32::scalar::Scalar29; - - -/// The `Scalar` struct holds an integer \\(s < 2\^{255} \\) which -/// represents an element of \\(\mathbb Z / \ell\\). -#[derive(Copy, Clone, Hash)] -pub struct Scalar { - /// `bytes` is a little-endian byte encoding of an integer representing a scalar modulo the - /// group order. - /// - /// # Invariant - /// - /// The integer representing this scalar must be bounded above by \\(2\^{255}\\), or - /// equivalently the high bit of `bytes[31]` must be zero. - /// - /// This ensures that there is room for a carry bit when computing a NAF representation. - // - // XXX This is pub(crate) so we can write literal constants. If const fns were stable, we could - // make the Scalar constructors const fns and use those instead. - pub(crate) bytes: [u8; 32], -} - -impl Scalar { - /// Construct a `Scalar` by reducing a 256-bit little-endian integer - /// modulo the group order \\( \ell \\). - pub fn from_bytes_mod_order(bytes: [u8; 32]) -> Scalar { - // Temporarily allow s_unreduced.bytes > 2^255 ... - let s_unreduced = Scalar{bytes}; - - // Then reduce mod the group order and return the reduced representative. - let s = s_unreduced.reduce(); - debug_assert_eq!(0u8, s[31] >> 7); - - s - } - - /// Construct a `Scalar` by reducing a 512-bit little-endian integer - /// modulo the group order \\( \ell \\). - pub fn from_bytes_mod_order_wide(input: &[u8; 64]) -> Scalar { - UnpackedScalar::from_bytes_wide(input).pack() - } - - /// Attempt to construct a `Scalar` from a canonical byte representation. - /// - /// # Return - /// - /// - `Some(s)`, where `s` is the `Scalar` corresponding to `bytes`, - /// if `bytes` is a canonical byte representation; - /// - `None` if `bytes` is not a canonical byte representation. - pub fn from_canonical_bytes(bytes: [u8; 32]) -> Option { - // Check that the high bit is not set - if (bytes[31] >> 7) != 0u8 { return None; } - let candidate = Scalar::from_bits(bytes); - - if candidate.is_canonical() { - Some(candidate) - } else { - None - } - } - - /// Construct a `Scalar` from the low 255 bits of a 256-bit integer. - /// - /// This function is intended for applications like X25519 which - /// require specific bit-patterns when performing scalar - /// multiplication. - pub const fn from_bits(bytes: [u8; 32]) -> Scalar { - let mut s = Scalar{bytes}; - // Ensure that s < 2^255 by masking the high bit - s.bytes[31] &= 0b0111_1111; - - s - } -} - -impl Debug for Scalar { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "Scalar{{\n\tbytes: {:?},\n}}", &self.bytes) - } -} - -impl Eq for Scalar {} -impl PartialEq for Scalar { - fn eq(&self, other: &Self) -> bool { - self.ct_eq(other).unwrap_u8() == 1u8 - } -} - -impl ConstantTimeEq for Scalar { - fn ct_eq(&self, other: &Self) -> Choice { - self.bytes.ct_eq(&other.bytes) - } -} - -impl Index for Scalar { - type Output = u8; - - /// Index the bytes of the representative for this `Scalar`. Mutation is not permitted. - fn index(&self, _index: usize) -> &u8 { - &(self.bytes[_index]) - } -} - -impl<'b> MulAssign<&'b Scalar> for Scalar { - fn mul_assign(&mut self, _rhs: &'b Scalar) { - *self = UnpackedScalar::mul(&self.unpack(), &_rhs.unpack()).pack(); - } -} - -define_mul_assign_variants!(LHS = Scalar, RHS = Scalar); - -impl<'a, 'b> Mul<&'b Scalar> for &'a Scalar { - type Output = Scalar; - fn mul(self, _rhs: &'b Scalar) -> Scalar { - UnpackedScalar::mul(&self.unpack(), &_rhs.unpack()).pack() - } -} - -define_mul_variants!(LHS = Scalar, RHS = Scalar, Output = Scalar); - -impl<'b> AddAssign<&'b Scalar> for Scalar { - fn add_assign(&mut self, _rhs: &'b Scalar) { - *self = *self + _rhs; - } -} - -define_add_assign_variants!(LHS = Scalar, RHS = Scalar); - -impl<'a, 'b> Add<&'b Scalar> for &'a Scalar { - type Output = Scalar; - #[allow(non_snake_case)] - fn add(self, _rhs: &'b Scalar) -> Scalar { - // The UnpackedScalar::add function produces reduced outputs - // if the inputs are reduced. However, these inputs may not - // be reduced -- they might come from Scalar::from_bits. So - // after computing the sum, we explicitly reduce it mod l - // before repacking. - let sum = UnpackedScalar::add(&self.unpack(), &_rhs.unpack()); - let sum_R = UnpackedScalar::mul_internal(&sum, &constants::R); - let sum_mod_l = UnpackedScalar::montgomery_reduce(&sum_R); - sum_mod_l.pack() - } -} - -define_add_variants!(LHS = Scalar, RHS = Scalar, Output = Scalar); - -impl<'b> SubAssign<&'b Scalar> for Scalar { - fn sub_assign(&mut self, _rhs: &'b Scalar) { - *self = *self - _rhs; - } -} - -define_sub_assign_variants!(LHS = Scalar, RHS = Scalar); - -impl<'a, 'b> Sub<&'b Scalar> for &'a Scalar { - type Output = Scalar; - #[allow(non_snake_case)] - fn sub(self, rhs: &'b Scalar) -> Scalar { - // The UnpackedScalar::sub function requires reduced inputs - // and produces reduced output. However, these inputs may not - // be reduced -- they might come from Scalar::from_bits. So - // we explicitly reduce the inputs. - let self_R = UnpackedScalar::mul_internal(&self.unpack(), &constants::R); - let self_mod_l = UnpackedScalar::montgomery_reduce(&self_R); - let rhs_R = UnpackedScalar::mul_internal(&rhs.unpack(), &constants::R); - let rhs_mod_l = UnpackedScalar::montgomery_reduce(&rhs_R); - - UnpackedScalar::sub(&self_mod_l, &rhs_mod_l).pack() - } -} - -define_sub_variants!(LHS = Scalar, RHS = Scalar, Output = Scalar); - -impl<'a> Neg for &'a Scalar { - type Output = Scalar; - #[allow(non_snake_case)] - fn neg(self) -> Scalar { - let self_R = UnpackedScalar::mul_internal(&self.unpack(), &constants::R); - let self_mod_l = UnpackedScalar::montgomery_reduce(&self_R); - UnpackedScalar::sub(&UnpackedScalar::zero(), &self_mod_l).pack() - } -} - -impl<'a> Neg for Scalar { - type Output = Scalar; - fn neg(self) -> Scalar { - -&self - } -} - -impl ConditionallySelectable for Scalar { - fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { - let mut bytes = [0u8; 32]; - for i in 0..32 { - bytes[i] = u8::conditional_select(&a.bytes[i], &b.bytes[i], choice); - } - Scalar { bytes } - } -} - -#[cfg(feature = "serde")] -use serde::{self, Serialize, Deserialize, Serializer, Deserializer}; -#[cfg(feature = "serde")] -use serde::de::Visitor; - -#[cfg(feature = "serde")] -impl Serialize for Scalar { - fn serialize(&self, serializer: S) -> Result - where S: Serializer - { - use serde::ser::SerializeTuple; - let mut tup = serializer.serialize_tuple(32)?; - for byte in self.as_bytes().iter() { - tup.serialize_element(byte)?; - } - tup.end() - } -} - -#[cfg(feature = "serde")] -impl<'de> Deserialize<'de> for Scalar { - fn deserialize(deserializer: D) -> Result - where D: Deserializer<'de> - { - struct ScalarVisitor; - - impl<'de> Visitor<'de> for ScalarVisitor { - type Value = Scalar; - - fn expecting(&self, formatter: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - formatter.write_str("a valid point in Edwards y + sign format") - } - - fn visit_seq(self, mut seq: A) -> Result - where A: serde::de::SeqAccess<'de> - { - let mut bytes = [0u8; 32]; - for i in 0..32 { - bytes[i] = seq.next_element()? - .ok_or(serde::de::Error::invalid_length(i, &"expected 32 bytes"))?; - } - Scalar::from_canonical_bytes(bytes) - .ok_or(serde::de::Error::custom( - &"scalar was not canonically encoded" - )) - } - } - - deserializer.deserialize_tuple(32, ScalarVisitor) - } -} - -impl Product for Scalar -where - T: Borrow -{ - fn product(iter: I) -> Self - where - I: Iterator - { - iter.fold(Scalar::one(), |acc, item| acc * item.borrow()) - } -} - -impl Sum for Scalar -where - T: Borrow -{ - fn sum(iter: I) -> Self - where - I: Iterator - { - iter.fold(Scalar::zero(), |acc, item| acc + item.borrow()) - } -} - -impl Default for Scalar { - fn default() -> Scalar { - Scalar::zero() - } -} - -impl From for Scalar { - fn from(x: u8) -> Scalar { - let mut s_bytes = [0u8; 32]; - s_bytes[0] = x; - Scalar{ bytes: s_bytes } - } -} - -impl From for Scalar { - fn from(x: u16) -> Scalar { - use byteorder::{ByteOrder, LittleEndian}; - let mut s_bytes = [0u8; 32]; - LittleEndian::write_u16(&mut s_bytes, x); - Scalar{ bytes: s_bytes } - } -} - -impl From for Scalar { - fn from(x: u32) -> Scalar { - use byteorder::{ByteOrder, LittleEndian}; - let mut s_bytes = [0u8; 32]; - LittleEndian::write_u32(&mut s_bytes, x); - Scalar{ bytes: s_bytes } - } -} - -impl From for Scalar { - /// Construct a scalar from the given `u64`. - /// - /// # Inputs - /// - /// An `u64` to convert to a `Scalar`. - /// - /// # Returns - /// - /// A `Scalar` corresponding to the input `u64`. - /// - /// # Example - /// - /// ``` - /// use curve25519_dalek::scalar::Scalar; - /// - /// let fourtytwo = Scalar::from(42u64); - /// let six = Scalar::from(6u64); - /// let seven = Scalar::from(7u64); - /// - /// assert!(fourtytwo == six * seven); - /// ``` - fn from(x: u64) -> Scalar { - use byteorder::{ByteOrder, LittleEndian}; - let mut s_bytes = [0u8; 32]; - LittleEndian::write_u64(&mut s_bytes, x); - Scalar{ bytes: s_bytes } - } -} - -impl From for Scalar { - fn from(x: u128) -> Scalar { - use byteorder::{ByteOrder, LittleEndian}; - let mut s_bytes = [0u8; 32]; - LittleEndian::write_u128(&mut s_bytes, x); - Scalar{ bytes: s_bytes } - } -} - -impl Zeroize for Scalar { - fn zeroize(&mut self) { - self.bytes.zeroize(); - } -} - -impl Scalar { - /// Return a `Scalar` chosen uniformly at random using a user-provided RNG. - /// - /// # Inputs - /// - /// * `rng`: any RNG which implements the `RngCore + CryptoRng` interface. - /// - /// # Returns - /// - /// A random scalar within ℤ/lℤ. - /// - /// # Example - /// - /// ``` - /// extern crate rand_core; - /// # extern crate curve25519_dalek; - /// # - /// # fn main() { - /// use curve25519_dalek::scalar::Scalar; - /// - /// use rand_core::OsRng; - /// - /// let mut csprng = OsRng; - /// let a: Scalar = Scalar::random(&mut csprng); - /// # } - pub fn random(rng: &mut R) -> Self { - let mut scalar_bytes = [0u8; 64]; - rng.fill_bytes(&mut scalar_bytes); - Scalar::from_bytes_mod_order_wide(&scalar_bytes) - } - - /// Hash a slice of bytes into a scalar. - /// - /// Takes a type parameter `D`, which is any `Digest` producing 64 - /// bytes (512 bits) of output. - /// - /// Convenience wrapper around `from_hash`. - /// - /// # Example - /// - /// ``` - /// # extern crate curve25519_dalek; - /// # use curve25519_dalek::scalar::Scalar; - /// extern crate sha2; - /// - /// use sha2::Sha512; - /// - /// # // Need fn main() here in comment so the doctest compiles - /// # // See https://doc.rust-lang.org/book/documentation.html#documentation-as-tests - /// # fn main() { - /// let msg = "To really appreciate architecture, you may even need to commit a murder"; - /// let s = Scalar::hash_from_bytes::(msg.as_bytes()); - /// # } - /// ``` - pub fn hash_from_bytes(input: &[u8]) -> Scalar - where D: Digest + Default - { - let mut hash = D::default(); - hash.update(input); - Scalar::from_hash(hash) - } - - /// Construct a scalar from an existing `Digest` instance. - /// - /// Use this instead of `hash_from_bytes` if it is more convenient - /// to stream data into the `Digest` than to pass a single byte - /// slice. - /// - /// # Example - /// - /// ``` - /// # extern crate curve25519_dalek; - /// # use curve25519_dalek::scalar::Scalar; - /// extern crate sha2; - /// - /// use sha2::Digest; - /// use sha2::Sha512; - /// - /// # fn main() { - /// let mut h = Sha512::new() - /// .chain("To really appreciate architecture, you may even need to commit a murder.") - /// .chain("While the programs used for The Manhattan Transcripts are of the most extreme") - /// .chain("nature, they also parallel the most common formula plot: the archetype of") - /// .chain("murder. Other phantasms were occasionally used to underline the fact that") - /// .chain("perhaps all architecture, rather than being about functional standards, is") - /// .chain("about love and death."); - /// - /// let s = Scalar::from_hash(h); - /// - /// println!("{:?}", s.to_bytes()); - /// assert!(s == Scalar::from_bits([ 21, 88, 208, 252, 63, 122, 210, 152, - /// 154, 38, 15, 23, 16, 167, 80, 150, - /// 192, 221, 77, 226, 62, 25, 224, 148, - /// 239, 48, 176, 10, 185, 69, 168, 11, ])); - /// # } - /// ``` - pub fn from_hash(hash: D) -> Scalar - where D: Digest - { - let mut output = [0u8; 64]; - output.copy_from_slice(hash.finalize().as_slice()); - Scalar::from_bytes_mod_order_wide(&output) - } - - /// Convert this `Scalar` to its underlying sequence of bytes. - /// - /// # Example - /// - /// ``` - /// use curve25519_dalek::scalar::Scalar; - /// - /// let s: Scalar = Scalar::zero(); - /// - /// assert!(s.to_bytes() == [0u8; 32]); - /// ``` - pub fn to_bytes(&self) -> [u8; 32] { - self.bytes - } - - /// View the little-endian byte encoding of the integer representing this Scalar. - /// - /// # Example - /// - /// ``` - /// use curve25519_dalek::scalar::Scalar; - /// - /// let s: Scalar = Scalar::zero(); - /// - /// assert!(s.as_bytes() == &[0u8; 32]); - /// ``` - pub fn as_bytes(&self) -> &[u8; 32] { - &self.bytes - } - - /// Construct the scalar \\( 0 \\). - pub fn zero() -> Self { - Scalar { bytes: [0u8; 32]} - } - - /// Construct the scalar \\( 1 \\). - pub fn one() -> Self { - Scalar { - bytes: [ - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - ], - } - } - - /// Given a nonzero `Scalar`, compute its multiplicative inverse. - /// - /// # Warning - /// - /// `self` **MUST** be nonzero. If you cannot - /// *prove* that this is the case, you **SHOULD NOT USE THIS - /// FUNCTION**. - /// - /// # Returns - /// - /// The multiplicative inverse of the this `Scalar`. - /// - /// # Example - /// - /// ``` - /// use curve25519_dalek::scalar::Scalar; - /// - /// // x = 2238329342913194256032495932344128051776374960164957527413114840482143558222 - /// let X: Scalar = Scalar::from_bytes_mod_order([ - /// 0x4e, 0x5a, 0xb4, 0x34, 0x5d, 0x47, 0x08, 0x84, - /// 0x59, 0x13, 0xb4, 0x64, 0x1b, 0xc2, 0x7d, 0x52, - /// 0x52, 0xa5, 0x85, 0x10, 0x1b, 0xcc, 0x42, 0x44, - /// 0xd4, 0x49, 0xf4, 0xa8, 0x79, 0xd9, 0xf2, 0x04, - /// ]); - /// // 1/x = 6859937278830797291664592131120606308688036382723378951768035303146619657244 - /// let XINV: Scalar = Scalar::from_bytes_mod_order([ - /// 0x1c, 0xdc, 0x17, 0xfc, 0xe0, 0xe9, 0xa5, 0xbb, - /// 0xd9, 0x24, 0x7e, 0x56, 0xbb, 0x01, 0x63, 0x47, - /// 0xbb, 0xba, 0x31, 0xed, 0xd5, 0xa9, 0xbb, 0x96, - /// 0xd5, 0x0b, 0xcd, 0x7a, 0x3f, 0x96, 0x2a, 0x0f, - /// ]); - /// - /// let inv_X: Scalar = X.invert(); - /// assert!(XINV == inv_X); - /// let should_be_one: Scalar = &inv_X * &X; - /// assert!(should_be_one == Scalar::one()); - /// ``` - pub fn invert(&self) -> Scalar { - self.unpack().invert().pack() - } - - /// Given a slice of nonzero (possibly secret) `Scalar`s, - /// compute their inverses in a batch. - /// - /// # Return - /// - /// Each element of `inputs` is replaced by its inverse. - /// - /// The product of all inverses is returned. - /// - /// # Warning - /// - /// All input `Scalars` **MUST** be nonzero. If you cannot - /// *prove* that this is the case, you **SHOULD NOT USE THIS - /// FUNCTION**. - /// - /// # Example - /// - /// ``` - /// # extern crate curve25519_dalek; - /// # use curve25519_dalek::scalar::Scalar; - /// # fn main() { - /// let mut scalars = [ - /// Scalar::from(3u64), - /// Scalar::from(5u64), - /// Scalar::from(7u64), - /// Scalar::from(11u64), - /// ]; - /// - /// let allinv = Scalar::batch_invert(&mut scalars); - /// - /// assert_eq!(allinv, Scalar::from(3*5*7*11u64).invert()); - /// assert_eq!(scalars[0], Scalar::from(3u64).invert()); - /// assert_eq!(scalars[1], Scalar::from(5u64).invert()); - /// assert_eq!(scalars[2], Scalar::from(7u64).invert()); - /// assert_eq!(scalars[3], Scalar::from(11u64).invert()); - /// # } - /// ``` - #[cfg(feature = "alloc")] - pub fn batch_invert(inputs: &mut [Scalar]) -> Scalar { - // This code is essentially identical to the FieldElement - // implementation, and is documented there. Unfortunately, - // it's not easy to write it generically, since here we want - // to use `UnpackedScalar`s internally, and `Scalar`s - // externally, but there's no corresponding distinction for - // field elements. - - use zeroize::Zeroizing; - - let n = inputs.len(); - let one: UnpackedScalar = Scalar::one().unpack().to_montgomery(); - - // Place scratch storage in a Zeroizing wrapper to wipe it when - // we pass out of scope. - let scratch_vec = vec![one; n]; - let mut scratch = Zeroizing::new(scratch_vec); - - // Keep an accumulator of all of the previous products - let mut acc = Scalar::one().unpack().to_montgomery(); - - // Pass through the input vector, recording the previous - // products in the scratch space - for (input, scratch) in inputs.iter_mut().zip(scratch.iter_mut()) { - *scratch = acc; - - // Avoid unnecessary Montgomery multiplication in second pass by - // keeping inputs in Montgomery form - let tmp = input.unpack().to_montgomery(); - *input = tmp.pack(); - acc = UnpackedScalar::montgomery_mul(&acc, &tmp); - } - - // acc is nonzero iff all inputs are nonzero - debug_assert!(acc.pack() != Scalar::zero()); - - // Compute the inverse of all products - acc = acc.montgomery_invert().from_montgomery(); - - // We need to return the product of all inverses later - let ret = acc.pack(); - - // Pass through the vector backwards to compute the inverses - // in place - for (input, scratch) in inputs.iter_mut().rev().zip(scratch.iter().rev()) { - let tmp = UnpackedScalar::montgomery_mul(&acc, &input.unpack()); - *input = UnpackedScalar::montgomery_mul(&acc, &scratch).pack(); - acc = tmp; - } - - ret - } - - /// Get the bits of the scalar. - pub(crate) fn bits(&self) -> [i8; 256] { - let mut bits = [0i8; 256]; - for i in 0..256 { - // As i runs from 0..256, the bottom 3 bits index the bit, - // while the upper bits index the byte. - bits[i] = ((self.bytes[i>>3] >> (i&7)) & 1u8) as i8; - } - bits - } - - /// Compute a width-\\(w\\) "Non-Adjacent Form" of this scalar. - /// - /// A width-\\(w\\) NAF of a positive integer \\(k\\) is an expression - /// $$ - /// k = \sum_{i=0}\^m n\_i 2\^i, - /// $$ - /// where each nonzero - /// coefficient \\(n\_i\\) is odd and bounded by \\(|n\_i| < 2\^{w-1}\\), - /// \\(n\_{m-1}\\) is nonzero, and at most one of any \\(w\\) consecutive - /// coefficients is nonzero. (Hankerson, Menezes, Vanstone; def 3.32). - /// - /// The length of the NAF is at most one more than the length of - /// the binary representation of \\(k\\). This is why the - /// `Scalar` type maintains an invariant that the top bit is - /// \\(0\\), so that the NAF of a scalar has at most 256 digits. - /// - /// Intuitively, this is like a binary expansion, except that we - /// allow some coefficients to grow in magnitude up to - /// \\(2\^{w-1}\\) so that the nonzero coefficients are as sparse - /// as possible. - /// - /// When doing scalar multiplication, we can then use a lookup - /// table of precomputed multiples of a point to add the nonzero - /// terms \\( k_i P \\). Using signed digits cuts the table size - /// in half, and using odd digits cuts the table size in half - /// again. - /// - /// To compute a \\(w\\)-NAF, we use a modification of Algorithm 3.35 of HMV: - /// - /// 1. \\( i \gets 0 \\) - /// 2. While \\( k \ge 1 \\): - /// 1. If \\(k\\) is odd, \\( n_i \gets k \operatorname{mods} 2^w \\), \\( k \gets k - n_i \\). - /// 2. If \\(k\\) is even, \\( n_i \gets 0 \\). - /// 3. \\( k \gets k / 2 \\), \\( i \gets i + 1 \\). - /// 3. Return \\( n_0, n_1, ... , \\) - /// - /// Here \\( \bar x = x \operatorname{mods} 2^w \\) means the - /// \\( \bar x \\) with \\( \bar x \equiv x \pmod{2^w} \\) and - /// \\( -2^{w-1} \leq \bar x < 2^w \\). - /// - /// We implement this by scanning across the bits of \\(k\\) from - /// least-significant bit to most-significant-bit. - /// Write the bits of \\(k\\) as - /// $$ - /// k = \sum\_{i=0}\^m k\_i 2^i, - /// $$ - /// and split the sum as - /// $$ - /// k = \sum\_{i=0}^{w-1} k\_i 2^i + 2^w \sum\_{i=0} k\_{i+w} 2^i - /// $$ - /// where the first part is \\( k \mod 2^w \\). - /// - /// If \\( k \mod 2^w\\) is odd, and \\( k \mod 2^w < 2^{w-1} \\), then we emit - /// \\( n_0 = k \mod 2^w \\). Instead of computing - /// \\( k - n_0 \\), we just advance \\(w\\) bits and reindex. - /// - /// If \\( k \mod 2^w\\) is odd, and \\( k \mod 2^w \ge 2^{w-1} \\), then - /// \\( n_0 = k \operatorname{mods} 2^w = k \mod 2^w - 2^w \\). - /// The quantity \\( k - n_0 \\) is - /// $$ - /// \begin{aligned} - /// k - n_0 &= \sum\_{i=0}^{w-1} k\_i 2^i + 2^w \sum\_{i=0} k\_{i+w} 2^i - /// - \sum\_{i=0}^{w-1} k\_i 2^i + 2^w \\\\ - /// &= 2^w + 2^w \sum\_{i=0} k\_{i+w} 2^i - /// \end{aligned} - /// $$ - /// so instead of computing the subtraction, we can set a carry - /// bit, advance \\(w\\) bits, and reindex. - /// - /// If \\( k \mod 2^w\\) is even, we emit \\(0\\), advance 1 bit - /// and reindex. In fact, by setting all digits to \\(0\\) - /// initially, we don't need to emit anything. - pub(crate) fn non_adjacent_form(&self, w: usize) -> [i8; 256] { - // required by the NAF definition - debug_assert!( w >= 2 ); - // required so that the NAF digits fit in i8 - debug_assert!( w <= 8 ); - - use byteorder::{ByteOrder, LittleEndian}; - - let mut naf = [0i8; 256]; - - let mut x_u64 = [0u64; 5]; - LittleEndian::read_u64_into(&self.bytes, &mut x_u64[0..4]); - - let width = 1 << w; - let window_mask = width - 1; - - let mut pos = 0; - let mut carry = 0; - while pos < 256 { - // Construct a buffer of bits of the scalar, starting at bit `pos` - let u64_idx = pos / 64; - let bit_idx = pos % 64; - let bit_buf: u64; - if bit_idx < 64 - w { - // This window's bits are contained in a single u64 - bit_buf = x_u64[u64_idx] >> bit_idx; - } else { - // Combine the current u64's bits with the bits from the next u64 - bit_buf = (x_u64[u64_idx] >> bit_idx) | (x_u64[1+u64_idx] << (64 - bit_idx)); - } - - // Add the carry into the current window - let window = carry + (bit_buf & window_mask); - - if window & 1 == 0 { - // If the window value is even, preserve the carry and continue. - // Why is the carry preserved? - // If carry == 0 and window & 1 == 0, then the next carry should be 0 - // If carry == 1 and window & 1 == 0, then bit_buf & 1 == 1 so the next carry should be 1 - pos += 1; - continue; - } - - if window < width/2 { - carry = 0; - naf[pos] = window as i8; - } else { - carry = 1; - naf[pos] = (window as i8).wrapping_sub(width as i8); - } - - pos += w; - } - - naf - } - - /// Write this scalar in radix 16, with coefficients in \\([-8,8)\\), - /// i.e., compute \\(a\_i\\) such that - /// $$ - /// a = a\_0 + a\_1 16\^1 + \cdots + a_{63} 16\^{63}, - /// $$ - /// with \\(-8 \leq a_i < 8\\) for \\(0 \leq i < 63\\) and \\(-8 \leq a_{63} \leq 8\\). - pub(crate) fn to_radix_16(&self) -> [i8; 64] { - debug_assert!(self[31] <= 127); - let mut output = [0i8; 64]; - - // Step 1: change radix. - // Convert from radix 256 (bytes) to radix 16 (nibbles) - #[inline(always)] - fn bot_half(x: u8) -> u8 { (x >> 0) & 15 } - #[inline(always)] - fn top_half(x: u8) -> u8 { (x >> 4) & 15 } - - for i in 0..32 { - output[2*i ] = bot_half(self[i]) as i8; - output[2*i+1] = top_half(self[i]) as i8; - } - // Precondition note: since self[31] <= 127, output[63] <= 7 - - // Step 2: recenter coefficients from [0,16) to [-8,8) - for i in 0..63 { - let carry = (output[i] + 8) >> 4; - output[i ] -= carry << 4; - output[i+1] += carry; - } - // Precondition note: output[63] is not recentered. It - // increases by carry <= 1. Thus output[63] <= 8. - - output - } - - /// Returns a size hint indicating how many entries of the return - /// value of `to_radix_2w` are nonzero. - pub(crate) fn to_radix_2w_size_hint(w: usize) -> usize { - debug_assert!(w >= 4); - debug_assert!(w <= 8); - - let digits_count = match w { - 4 => (256 + w - 1)/w as usize, - 5 => (256 + w - 1)/w as usize, - 6 => (256 + w - 1)/w as usize, - 7 => (256 + w - 1)/w as usize, - // See comment in to_radix_2w on handling the terminal carry. - 8 => (256 + w - 1)/w + 1 as usize, - _ => panic!("invalid radix parameter"), - }; - - debug_assert!(digits_count <= 64); - digits_count - } - - /// Creates a representation of a Scalar in radix 32, 64, 128 or 256 for use with the Pippenger algorithm. - /// For lower radix, use `to_radix_16`, which is used by the Straus multi-scalar multiplication. - /// Higher radixes are not supported to save cache space. Radix 256 is near-optimal even for very - /// large inputs. - /// - /// Radix below 32 or above 256 is prohibited. - /// This method returns digits in a fixed-sized array, excess digits are zeroes. - /// - /// ## Scalar representation - /// - /// Radix \\(2\^w\\), with \\(n = ceil(256/w)\\) coefficients in \\([-(2\^w)/2,(2\^w)/2)\\), - /// i.e., scalar is represented using digits \\(a\_i\\) such that - /// $$ - /// a = a\_0 + a\_1 2\^1w + \cdots + a_{n-1} 2\^{w*(n-1)}, - /// $$ - /// with \\(-2\^w/2 \leq a_i < 2\^w/2\\) for \\(0 \leq i < (n-1)\\) and \\(-2\^w/2 \leq a_{n-1} \leq 2\^w/2\\). - /// - pub(crate) fn to_radix_2w(&self, w: usize) -> [i8; 64] { - debug_assert!(w >= 4); - debug_assert!(w <= 8); - - if w == 4 { - return self.to_radix_16(); - } - - use byteorder::{ByteOrder, LittleEndian}; - - // Scalar formatted as four `u64`s with carry bit packed into the highest bit. - let mut scalar64x4 = [0u64; 4]; - LittleEndian::read_u64_into(&self.bytes, &mut scalar64x4[0..4]); - - let radix: u64 = 1 << w; - let window_mask: u64 = radix - 1; - - let mut carry = 0u64; - let mut digits = [0i8; 64]; - let digits_count = (256 + w - 1)/w as usize; - for i in 0..digits_count { - // Construct a buffer of bits of the scalar, starting at `bit_offset`. - let bit_offset = i*w; - let u64_idx = bit_offset / 64; - let bit_idx = bit_offset % 64; - - // Read the bits from the scalar - let bit_buf: u64; - if bit_idx < 64 - w || u64_idx == 3 { - // This window's bits are contained in a single u64, - // or it's the last u64 anyway. - bit_buf = scalar64x4[u64_idx] >> bit_idx; - } else { - // Combine the current u64's bits with the bits from the next u64 - bit_buf = (scalar64x4[u64_idx] >> bit_idx) | (scalar64x4[1+u64_idx] << (64 - bit_idx)); - } - - // Read the actual coefficient value from the window - let coef = carry + (bit_buf & window_mask); // coef = [0, 2^r) - - // Recenter coefficients from [0,2^w) to [-2^w/2, 2^w/2) - carry = (coef + (radix/2) as u64) >> w; - digits[i] = ((coef as i64) - (carry << w) as i64) as i8; - } - - // When w < 8, we can fold the final carry onto the last digit d, - // because d < 2^w/2 so d + carry*2^w = d + 1*2^w < 2^(w+1) < 2^8. - // - // When w = 8, we can't fit carry*2^w into an i8. This should - // not happen anyways, because the final carry will be 0 for - // reduced scalars, but the Scalar invariant allows 255-bit scalars. - // To handle this, we expand the size_hint by 1 when w=8, - // and accumulate the final carry onto another digit. - match w { - 8 => digits[digits_count] += carry as i8, - _ => digits[digits_count-1] += (carry << w) as i8, - } - - digits - } - - /// Unpack this `Scalar` to an `UnpackedScalar` for faster arithmetic. - pub(crate) fn unpack(&self) -> UnpackedScalar { - UnpackedScalar::from_bytes(&self.bytes) - } - - /// Reduce this `Scalar` modulo \\(\ell\\). - #[allow(non_snake_case)] - pub fn reduce(&self) -> Scalar { - let x = self.unpack(); - let xR = UnpackedScalar::mul_internal(&x, &constants::R); - let x_mod_l = UnpackedScalar::montgomery_reduce(&xR); - x_mod_l.pack() - } - - /// Check whether this `Scalar` is the canonical representative mod \\(\ell\\). - /// - /// This is intended for uses like input validation, where variable-time code is acceptable. - /// - /// ``` - /// # extern crate curve25519_dalek; - /// # extern crate subtle; - /// # use curve25519_dalek::scalar::Scalar; - /// # use subtle::ConditionallySelectable; - /// # fn main() { - /// // 2^255 - 1, since `from_bits` clears the high bit - /// let _2_255_minus_1 = Scalar::from_bits([0xff;32]); - /// assert!(!_2_255_minus_1.is_canonical()); - /// - /// let reduced = _2_255_minus_1.reduce(); - /// assert!(reduced.is_canonical()); - /// # } - /// ``` - pub fn is_canonical(&self) -> bool { - *self == self.reduce() - } -} - -impl UnpackedScalar { - /// Pack the limbs of this `UnpackedScalar` into a `Scalar`. - fn pack(&self) -> Scalar { - Scalar{ bytes: self.to_bytes() } - } - - /// Inverts an UnpackedScalar in Montgomery form. - pub fn montgomery_invert(&self) -> UnpackedScalar { - // Uses the addition chain from - // https://briansmith.org/ecc-inversion-addition-chains-01#curve25519_scalar_inversion - let _1 = self; - let _10 = _1.montgomery_square(); - let _100 = _10.montgomery_square(); - let _11 = UnpackedScalar::montgomery_mul(&_10, &_1); - let _101 = UnpackedScalar::montgomery_mul(&_10, &_11); - let _111 = UnpackedScalar::montgomery_mul(&_10, &_101); - let _1001 = UnpackedScalar::montgomery_mul(&_10, &_111); - let _1011 = UnpackedScalar::montgomery_mul(&_10, &_1001); - let _1111 = UnpackedScalar::montgomery_mul(&_100, &_1011); - - // _10000 - let mut y = UnpackedScalar::montgomery_mul(&_1111, &_1); - - #[inline] - fn square_multiply(y: &mut UnpackedScalar, squarings: usize, x: &UnpackedScalar) { - for _ in 0..squarings { - *y = y.montgomery_square(); - } - *y = UnpackedScalar::montgomery_mul(y, x); - } - - square_multiply(&mut y, 123 + 3, &_101); - square_multiply(&mut y, 2 + 2, &_11); - square_multiply(&mut y, 1 + 4, &_1111); - square_multiply(&mut y, 1 + 4, &_1111); - square_multiply(&mut y, 4, &_1001); - square_multiply(&mut y, 2, &_11); - square_multiply(&mut y, 1 + 4, &_1111); - square_multiply(&mut y, 1 + 3, &_101); - square_multiply(&mut y, 3 + 3, &_101); - square_multiply(&mut y, 3, &_111); - square_multiply(&mut y, 1 + 4, &_1111); - square_multiply(&mut y, 2 + 3, &_111); - square_multiply(&mut y, 2 + 2, &_11); - square_multiply(&mut y, 1 + 4, &_1011); - square_multiply(&mut y, 2 + 4, &_1011); - square_multiply(&mut y, 6 + 4, &_1001); - square_multiply(&mut y, 2 + 2, &_11); - square_multiply(&mut y, 3 + 2, &_11); - square_multiply(&mut y, 3 + 2, &_11); - square_multiply(&mut y, 1 + 4, &_1001); - square_multiply(&mut y, 1 + 3, &_111); - square_multiply(&mut y, 2 + 4, &_1111); - square_multiply(&mut y, 1 + 4, &_1011); - square_multiply(&mut y, 3, &_101); - square_multiply(&mut y, 2 + 4, &_1111); - square_multiply(&mut y, 3, &_101); - square_multiply(&mut y, 1 + 2, &_11); - - y - } - - /// Inverts an UnpackedScalar not in Montgomery form. - pub fn invert(&self) -> UnpackedScalar { - self.to_montgomery().montgomery_invert().from_montgomery() - } -} - -#[cfg(test)] -mod test { - use super::*; - use constants; - - /// x = 2238329342913194256032495932344128051776374960164957527413114840482143558222 - pub static X: Scalar = Scalar{ - bytes: [ - 0x4e, 0x5a, 0xb4, 0x34, 0x5d, 0x47, 0x08, 0x84, - 0x59, 0x13, 0xb4, 0x64, 0x1b, 0xc2, 0x7d, 0x52, - 0x52, 0xa5, 0x85, 0x10, 0x1b, 0xcc, 0x42, 0x44, - 0xd4, 0x49, 0xf4, 0xa8, 0x79, 0xd9, 0xf2, 0x04, - ], - }; - /// 1/x = 6859937278830797291664592131120606308688036382723378951768035303146619657244 - pub static XINV: Scalar = Scalar{ - bytes: [ - 0x1c, 0xdc, 0x17, 0xfc, 0xe0, 0xe9, 0xa5, 0xbb, - 0xd9, 0x24, 0x7e, 0x56, 0xbb, 0x01, 0x63, 0x47, - 0xbb, 0xba, 0x31, 0xed, 0xd5, 0xa9, 0xbb, 0x96, - 0xd5, 0x0b, 0xcd, 0x7a, 0x3f, 0x96, 0x2a, 0x0f, - ], - }; - /// y = 2592331292931086675770238855846338635550719849568364935475441891787804997264 - pub static Y: Scalar = Scalar{ - bytes: [ - 0x90, 0x76, 0x33, 0xfe, 0x1c, 0x4b, 0x66, 0xa4, - 0xa2, 0x8d, 0x2d, 0xd7, 0x67, 0x83, 0x86, 0xc3, - 0x53, 0xd0, 0xde, 0x54, 0x55, 0xd4, 0xfc, 0x9d, - 0xe8, 0xef, 0x7a, 0xc3, 0x1f, 0x35, 0xbb, 0x05, - ], - }; - - /// x*y = 5690045403673944803228348699031245560686958845067437804563560795922180092780 - static X_TIMES_Y: Scalar = Scalar{ - bytes: [ - 0x6c, 0x33, 0x74, 0xa1, 0x89, 0x4f, 0x62, 0x21, - 0x0a, 0xaa, 0x2f, 0xe1, 0x86, 0xa6, 0xf9, 0x2c, - 0xe0, 0xaa, 0x75, 0xc2, 0x77, 0x95, 0x81, 0xc2, - 0x95, 0xfc, 0x08, 0x17, 0x9a, 0x73, 0x94, 0x0c, - ], - }; - - /// sage: l = 2^252 + 27742317777372353535851937790883648493 - /// sage: big = 2^256 - 1 - /// sage: repr((big % l).digits(256)) - static CANONICAL_2_256_MINUS_1: Scalar = Scalar{ - bytes: [ - 28, 149, 152, 141, 116, 49, 236, 214, - 112, 207, 125, 115, 244, 91, 239, 198, - 254, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 15, - ], - }; - - static A_SCALAR: Scalar = Scalar{ - bytes: [ - 0x1a, 0x0e, 0x97, 0x8a, 0x90, 0xf6, 0x62, 0x2d, - 0x37, 0x47, 0x02, 0x3f, 0x8a, 0xd8, 0x26, 0x4d, - 0xa7, 0x58, 0xaa, 0x1b, 0x88, 0xe0, 0x40, 0xd1, - 0x58, 0x9e, 0x7b, 0x7f, 0x23, 0x76, 0xef, 0x09, - ], - }; - - static A_NAF: [i8; 256] = - [0,13,0,0,0,0,0,0,0,7,0,0,0,0,0,0,-9,0,0,0,0,-11,0,0,0,0,3,0,0,0,0,1, - 0,0,0,0,9,0,0,0,0,-5,0,0,0,0,0,0,3,0,0,0,0,11,0,0,0,0,11,0,0,0,0,0, - -9,0,0,0,0,0,-3,0,0,0,0,9,0,0,0,0,0,1,0,0,0,0,0,0,-1,0,0,0,0,0,9,0, - 0,0,0,-15,0,0,0,0,-7,0,0,0,0,-9,0,0,0,0,0,5,0,0,0,0,13,0,0,0,0,0,-3,0, - 0,0,0,-11,0,0,0,0,-7,0,0,0,0,-13,0,0,0,0,11,0,0,0,0,-9,0,0,0,0,0,1,0,0, - 0,0,0,-15,0,0,0,0,1,0,0,0,0,7,0,0,0,0,0,0,0,0,5,0,0,0,0,0,13,0,0,0, - 0,0,0,11,0,0,0,0,0,15,0,0,0,0,0,-9,0,0,0,0,0,0,0,-1,0,0,0,0,0,0,0,7, - 0,0,0,0,0,-15,0,0,0,0,0,15,0,0,0,0,15,0,0,0,0,15,0,0,0,0,0,1,0,0,0,0]; - - static LARGEST_ED25519_S: Scalar = Scalar { - bytes: [ - 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, - ], - }; - - static CANONICAL_LARGEST_ED25519_S_PLUS_ONE: Scalar = Scalar { - bytes: [ - 0x7e, 0x34, 0x47, 0x75, 0x47, 0x4a, 0x7f, 0x97, - 0x23, 0xb6, 0x3a, 0x8b, 0xe9, 0x2a, 0xe7, 0x6d, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, - ], - }; - - static CANONICAL_LARGEST_ED25519_S_MINUS_ONE: Scalar = Scalar { - bytes: [ - 0x7c, 0x34, 0x47, 0x75, 0x47, 0x4a, 0x7f, 0x97, - 0x23, 0xb6, 0x3a, 0x8b, 0xe9, 0x2a, 0xe7, 0x6d, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, - ], - }; - - #[test] - fn fuzzer_testcase_reduction() { - // LE bytes of 24519928653854221733733552434404946937899825954937634815 - let a_bytes = [255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - // LE bytes of 4975441334397345751130612518500927154628011511324180036903450236863266160640 - let b_bytes = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 210, 210, 210, 255, 255, 255, 255, 10]; - // LE bytes of 6432735165214683820902750800207468552549813371247423777071615116673864412038 - let c_bytes = [134, 171, 119, 216, 180, 128, 178, 62, 171, 132, 32, 62, 34, 119, 104, 193, 47, 215, 181, 250, 14, 207, 172, 93, 75, 207, 211, 103, 144, 204, 56, 14]; - - let a = Scalar::from_bytes_mod_order(a_bytes); - let b = Scalar::from_bytes_mod_order(b_bytes); - let c = Scalar::from_bytes_mod_order(c_bytes); - - let mut tmp = [0u8; 64]; - - // also_a = (a mod l) - tmp[0..32].copy_from_slice(&a_bytes[..]); - let also_a = Scalar::from_bytes_mod_order_wide(&tmp); - - // also_b = (b mod l) - tmp[0..32].copy_from_slice(&b_bytes[..]); - let also_b = Scalar::from_bytes_mod_order_wide(&tmp); - - let expected_c = &a * &b; - let also_expected_c = &also_a * &also_b; - - assert_eq!(c, expected_c); - assert_eq!(c, also_expected_c); - } - - #[test] - fn non_adjacent_form_test_vector() { - let naf = A_SCALAR.non_adjacent_form(5); - for i in 0..256 { - assert_eq!(naf[i], A_NAF[i]); - } - } - - fn non_adjacent_form_iter(w: usize, x: &Scalar) { - let naf = x.non_adjacent_form(w); - - // Reconstruct the scalar from the computed NAF - let mut y = Scalar::zero(); - for i in (0..256).rev() { - y += y; - let digit = if naf[i] < 0 { - -Scalar::from((-naf[i]) as u64) - } else { - Scalar::from(naf[i] as u64) - }; - y += digit; - } - - assert_eq!(*x, y); - } - - #[test] - fn non_adjacent_form_random() { - let mut rng = rand::thread_rng(); - for _ in 0..1_000 { - let x = Scalar::random(&mut rng); - for w in &[5, 6, 7, 8] { - non_adjacent_form_iter(*w, &x); - } - } - } - - #[test] - fn from_u64() { - let val: u64 = 0xdeadbeefdeadbeef; - let s = Scalar::from(val); - assert_eq!(s[7], 0xde); - assert_eq!(s[6], 0xad); - assert_eq!(s[5], 0xbe); - assert_eq!(s[4], 0xef); - assert_eq!(s[3], 0xde); - assert_eq!(s[2], 0xad); - assert_eq!(s[1], 0xbe); - assert_eq!(s[0], 0xef); - } - - #[test] - fn scalar_mul_by_one() { - let test_scalar = &X * &Scalar::one(); - for i in 0..32 { - assert!(test_scalar[i] == X[i]); - } - } - - #[test] - fn add_reduces() { - // Check that the addition works - assert_eq!( - (LARGEST_ED25519_S + Scalar::one()).reduce(), - CANONICAL_LARGEST_ED25519_S_PLUS_ONE - ); - // Check that the addition reduces - assert_eq!( - LARGEST_ED25519_S + Scalar::one(), - CANONICAL_LARGEST_ED25519_S_PLUS_ONE - ); - } - - #[test] - fn sub_reduces() { - // Check that the subtraction works - assert_eq!( - (LARGEST_ED25519_S - Scalar::one()).reduce(), - CANONICAL_LARGEST_ED25519_S_MINUS_ONE - ); - // Check that the subtraction reduces - assert_eq!( - LARGEST_ED25519_S - Scalar::one(), - CANONICAL_LARGEST_ED25519_S_MINUS_ONE - ); - } - - #[test] - fn quarkslab_scalar_overflow_does_not_occur() { - // Check that manually-constructing large Scalars with - // from_bits cannot produce incorrect results. - // - // The from_bits function is required to implement X/Ed25519, - // while all other methods of constructing a Scalar produce - // reduced Scalars. However, this "invariant loophole" allows - // constructing large scalars which are not reduced mod l. - // - // This issue was discovered independently by both Jack - // "str4d" Grigg (issue #238), who noted that reduction was - // not performed on addition, and Laurent Grémy & Nicolas - // Surbayrole of Quarkslab, who noted that it was possible to - // cause an overflow and compute incorrect results. - // - // This test is adapted from the one suggested by Quarkslab. - - let large_bytes = [ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, - ]; - - let a = Scalar::from_bytes_mod_order(large_bytes); - let b = Scalar::from_bits(large_bytes); - - assert_eq!(a, b.reduce()); - - let a_3 = a + a + a; - let b_3 = b + b + b; - - assert_eq!(a_3, b_3); - - let neg_a = -a; - let neg_b = -b; - - assert_eq!(neg_a, neg_b); - - let minus_a_3 = Scalar::zero() - a - a - a; - let minus_b_3 = Scalar::zero() - b - b - b; - - assert_eq!(minus_a_3, minus_b_3); - assert_eq!(minus_a_3, -a_3); - assert_eq!(minus_b_3, -b_3); - } - - #[test] - fn impl_add() { - let two = Scalar::from(2u64); - let one = Scalar::one(); - let should_be_two = &one + &one; - assert_eq!(should_be_two, two); - } - - #[allow(non_snake_case)] - #[test] - fn impl_mul() { - let should_be_X_times_Y = &X * &Y; - assert_eq!(should_be_X_times_Y, X_TIMES_Y); - } - - #[allow(non_snake_case)] - #[test] - fn impl_product() { - // Test that product works for non-empty iterators - let X_Y_vector = vec![X, Y]; - let should_be_X_times_Y: Scalar = X_Y_vector.iter().product(); - assert_eq!(should_be_X_times_Y, X_TIMES_Y); - - // Test that product works for the empty iterator - let one = Scalar::one(); - let empty_vector = vec![]; - let should_be_one: Scalar = empty_vector.iter().product(); - assert_eq!(should_be_one, one); - - // Test that product works for iterators where Item = Scalar - let xs = [Scalar::from(2u64); 10]; - let ys = [Scalar::from(3u64); 10]; - // now zs is an iterator with Item = Scalar - let zs = xs.iter().zip(ys.iter()).map(|(x,y)| x * y); - - let x_prod: Scalar = xs.iter().product(); - let y_prod: Scalar = ys.iter().product(); - let z_prod: Scalar = zs.product(); - - assert_eq!(x_prod, Scalar::from(1024u64)); - assert_eq!(y_prod, Scalar::from(59049u64)); - assert_eq!(z_prod, Scalar::from(60466176u64)); - assert_eq!(x_prod * y_prod, z_prod); - - } - - #[test] - fn impl_sum() { - - // Test that sum works for non-empty iterators - let two = Scalar::from(2u64); - let one_vector = vec![Scalar::one(), Scalar::one()]; - let should_be_two: Scalar = one_vector.iter().sum(); - assert_eq!(should_be_two, two); - - // Test that sum works for the empty iterator - let zero = Scalar::zero(); - let empty_vector = vec![]; - let should_be_zero: Scalar = empty_vector.iter().sum(); - assert_eq!(should_be_zero, zero); - - // Test that sum works for owned types - let xs = [Scalar::from(1u64); 10]; - let ys = [Scalar::from(2u64); 10]; - // now zs is an iterator with Item = Scalar - let zs = xs.iter().zip(ys.iter()).map(|(x,y)| x + y); - - let x_sum: Scalar = xs.iter().sum(); - let y_sum: Scalar = ys.iter().sum(); - let z_sum: Scalar = zs.sum(); - - assert_eq!(x_sum, Scalar::from(10u64)); - assert_eq!(y_sum, Scalar::from(20u64)); - assert_eq!(z_sum, Scalar::from(30u64)); - assert_eq!(x_sum + y_sum, z_sum); - } - - #[test] - fn square() { - let expected = &X * &X; - let actual = X.unpack().square().pack(); - for i in 0..32 { - assert!(expected[i] == actual[i]); - } - } - - #[test] - fn reduce() { - let biggest = Scalar::from_bytes_mod_order([0xff; 32]); - assert_eq!(biggest, CANONICAL_2_256_MINUS_1); - } - - #[test] - fn from_bytes_mod_order_wide() { - let mut bignum = [0u8; 64]; - // set bignum = x + 2^256x - for i in 0..32 { - bignum[ i] = X[i]; - bignum[32+i] = X[i]; - } - // 3958878930004874126169954872055634648693766179881526445624823978500314864344 - // = x + 2^256x (mod l) - let reduced = Scalar{ - bytes: [ - 216, 154, 179, 139, 210, 121, 2, 71, - 69, 99, 158, 216, 23, 173, 63, 100, - 204, 0, 91, 50, 219, 153, 57, 249, - 28, 82, 31, 197, 100, 165, 192, 8, - ], - }; - let test_red = Scalar::from_bytes_mod_order_wide(&bignum); - for i in 0..32 { - assert!(test_red[i] == reduced[i]); - } - } - - #[allow(non_snake_case)] - #[test] - fn invert() { - let inv_X = X.invert(); - assert_eq!(inv_X, XINV); - let should_be_one = &inv_X * &X; - assert_eq!(should_be_one, Scalar::one()); - } - - // Negating a scalar twice should result in the original scalar. - #[allow(non_snake_case)] - #[test] - fn neg_twice_is_identity() { - let negative_X = -&X; - let should_be_X = -&negative_X; - - assert_eq!(should_be_X, X); - } - - #[test] - fn to_bytes_from_bytes_roundtrips() { - let unpacked = X.unpack(); - let bytes = unpacked.to_bytes(); - let should_be_unpacked = UnpackedScalar::from_bytes(&bytes); - - assert_eq!(should_be_unpacked.0, unpacked.0); - } - - #[test] - fn montgomery_reduce_matches_from_bytes_mod_order_wide() { - let mut bignum = [0u8; 64]; - - // set bignum = x + 2^256x - for i in 0..32 { - bignum[ i] = X[i]; - bignum[32+i] = X[i]; - } - // x + 2^256x (mod l) - // = 3958878930004874126169954872055634648693766179881526445624823978500314864344 - let expected = Scalar{ - bytes: [ - 216, 154, 179, 139, 210, 121, 2, 71, - 69, 99, 158, 216, 23, 173, 63, 100, - 204, 0, 91, 50, 219, 153, 57, 249, - 28, 82, 31, 197, 100, 165, 192, 8 - ], - }; - let reduced = Scalar::from_bytes_mod_order_wide(&bignum); - - // The reduced scalar should match the expected - assert_eq!(reduced.bytes, expected.bytes); - - // (x + 2^256x) * R - let interim = UnpackedScalar::mul_internal(&UnpackedScalar::from_bytes_wide(&bignum), - &constants::R); - // ((x + 2^256x) * R) / R (mod l) - let montgomery_reduced = UnpackedScalar::montgomery_reduce(&interim); - - // The Montgomery reduced scalar should match the reduced one, as well as the expected - assert_eq!(montgomery_reduced.0, reduced.unpack().0); - assert_eq!(montgomery_reduced.0, expected.unpack().0) - } - - #[test] - fn canonical_decoding() { - // canonical encoding of 1667457891 - let canonical_bytes = [99, 99, 99, 99, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,]; - - // encoding of - // 7265385991361016183439748078976496179028704920197054998554201349516117938192 - // = 28380414028753969466561515933501938171588560817147392552250411230663687203 (mod l) - // non_canonical because unreduced mod l - let non_canonical_bytes_because_unreduced = [16; 32]; - - // encoding with high bit set, to check that the parser isn't pre-masking the high bit - let non_canonical_bytes_because_highbit = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128]; - - assert!( Scalar::from_canonical_bytes(canonical_bytes).is_some() ); - assert!( Scalar::from_canonical_bytes(non_canonical_bytes_because_unreduced).is_none() ); - assert!( Scalar::from_canonical_bytes(non_canonical_bytes_because_highbit).is_none() ); - } - - #[test] - #[cfg(feature = "serde")] - fn serde_bincode_scalar_roundtrip() { - use bincode; - let encoded = bincode::serialize(&X).unwrap(); - let parsed: Scalar = bincode::deserialize(&encoded).unwrap(); - assert_eq!(parsed, X); - - // Check that the encoding is 32 bytes exactly - assert_eq!(encoded.len(), 32); - - // Check that the encoding itself matches the usual one - assert_eq!( - X, - bincode::deserialize(X.as_bytes()).unwrap(), - ); - } - - #[cfg(debug_assertions)] - #[test] - #[should_panic] - fn batch_invert_with_a_zero_input_panics() { - let mut xs = vec![Scalar::one(); 16]; - xs[3] = Scalar::zero(); - // This should panic in debug mode. - Scalar::batch_invert(&mut xs); - } - - #[test] - fn batch_invert_empty() { - assert_eq!(Scalar::one(), Scalar::batch_invert(&mut [])); - } - - #[test] - fn batch_invert_consistency() { - let mut x = Scalar::from(1u64); - let mut v1: Vec<_> = (0..16).map(|_| {let tmp = x; x = x + x; tmp}).collect(); - let v2 = v1.clone(); - - let expected: Scalar = v1.iter().product(); - let expected = expected.invert(); - let ret = Scalar::batch_invert(&mut v1); - assert_eq!(ret, expected); - - for (a, b) in v1.iter().zip(v2.iter()) { - assert_eq!(a * b, Scalar::one()); - } - } - - fn test_pippenger_radix_iter(scalar: Scalar, w: usize) { - let digits_count = Scalar::to_radix_2w_size_hint(w); - let digits = scalar.to_radix_2w(w); - - let radix = Scalar::from((1< -// - Henry de Valence - -//! Module for common traits. - -#![allow(non_snake_case)] - -use core::borrow::Borrow; - -use subtle; - -use scalar::Scalar; - -// ------------------------------------------------------------------------ -// Public Traits -// ------------------------------------------------------------------------ - -/// Trait for getting the identity element of a point type. -pub trait Identity { - /// Returns the identity element of the curve. - /// Can be used as a constructor. - fn identity() -> Self; -} - -/// Trait for testing if a curve point is equivalent to the identity point. -pub trait IsIdentity { - /// Return true if this element is the identity element of the curve. - fn is_identity(&self) -> bool; -} - -/// Implement generic identity equality testing for a point representations -/// which have constant-time equality testing and a defined identity -/// constructor. -impl IsIdentity for T -where - T: subtle::ConstantTimeEq + Identity, -{ - fn is_identity(&self) -> bool { - self.ct_eq(&T::identity()).unwrap_u8() == 1u8 - } -} - -/// A precomputed table of basepoints, for optimising scalar multiplications. -pub trait BasepointTable { - /// The type of point contained within this table. - type Point; - - /// Generate a new precomputed basepoint table from the given basepoint. - fn create(basepoint: &Self::Point) -> Self; - - /// Retrieve the original basepoint from this table. - fn basepoint(&self) -> Self::Point; - - /// Multiply a `scalar` by this precomputed basepoint table, in constant time. - fn basepoint_mul(&self, scalar: &Scalar) -> Self::Point; -} - -/// A trait for constant-time multiscalar multiplication without precomputation. -pub trait MultiscalarMul { - /// The type of point being multiplied, e.g., `RistrettoPoint`. - type Point; - - /// Given an iterator of (possibly secret) scalars and an iterator of - /// public points, compute - /// $$ - /// Q = c\_1 P\_1 + \cdots + c\_n P\_n. - /// $$ - /// - /// It is an error to call this function with two iterators of different lengths. - /// - /// # Examples - /// - /// The trait bound aims for maximum flexibility: the inputs must be - /// convertable to iterators (`I: IntoIter`), and the iterator's items - /// must be `Borrow` (or `Borrow`), to allow - /// iterators returning either `Scalar`s or `&Scalar`s. - /// - /// ``` - /// use curve25519_dalek::constants; - /// use curve25519_dalek::traits::MultiscalarMul; - /// use curve25519_dalek::ristretto::RistrettoPoint; - /// use curve25519_dalek::scalar::Scalar; - /// - /// // Some scalars - /// let a = Scalar::from(87329482u64); - /// let b = Scalar::from(37264829u64); - /// let c = Scalar::from(98098098u64); - /// - /// // Some points - /// let P = constants::RISTRETTO_BASEPOINT_POINT; - /// let Q = P + P; - /// let R = P + Q; - /// - /// // A1 = a*P + b*Q + c*R - /// let abc = [a,b,c]; - /// let A1 = RistrettoPoint::multiscalar_mul(&abc, &[P,Q,R]); - /// // Note: (&abc).into_iter(): Iterator - /// - /// // A2 = (-a)*P + (-b)*Q + (-c)*R - /// let minus_abc = abc.iter().map(|x| -x); - /// let A2 = RistrettoPoint::multiscalar_mul(minus_abc, &[P,Q,R]); - /// // Note: minus_abc.into_iter(): Iterator - /// - /// assert_eq!(A1.compress(), (-A2).compress()); - /// ``` - fn multiscalar_mul(scalars: I, points: J) -> Self::Point - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow; -} - -/// A trait for variable-time multiscalar multiplication without precomputation. -pub trait VartimeMultiscalarMul { - /// The type of point being multiplied, e.g., `RistrettoPoint`. - type Point; - - /// Given an iterator of public scalars and an iterator of - /// `Option`s of points, compute either `Some(Q)`, where - /// $$ - /// Q = c\_1 P\_1 + \cdots + c\_n P\_n, - /// $$ - /// if all points were `Some(P_i)`, or else return `None`. - /// - /// This function is particularly useful when verifying statements - /// involving compressed points. Accepting `Option` allows - /// inlining point decompression into the multiscalar call, - /// avoiding the need for temporary buffers. - /// ``` - /// use curve25519_dalek::constants; - /// use curve25519_dalek::traits::VartimeMultiscalarMul; - /// use curve25519_dalek::ristretto::RistrettoPoint; - /// use curve25519_dalek::scalar::Scalar; - /// - /// // Some scalars - /// let a = Scalar::from(87329482u64); - /// let b = Scalar::from(37264829u64); - /// let c = Scalar::from(98098098u64); - /// let abc = [a,b,c]; - /// - /// // Some points - /// let P = constants::RISTRETTO_BASEPOINT_POINT; - /// let Q = P + P; - /// let R = P + Q; - /// let PQR = [P, Q, R]; - /// - /// let compressed = [P.compress(), Q.compress(), R.compress()]; - /// - /// // Now we can compute A1 = a*P + b*Q + c*R using P, Q, R: - /// let A1 = RistrettoPoint::vartime_multiscalar_mul(&abc, &PQR); - /// - /// // Or using the compressed points: - /// let A2 = RistrettoPoint::optional_multiscalar_mul( - /// &abc, - /// compressed.iter().map(|pt| pt.decompress()), - /// ); - /// - /// assert_eq!(A2, Some(A1)); - /// - /// // It's also possible to mix compressed and uncompressed points: - /// let A3 = RistrettoPoint::optional_multiscalar_mul( - /// abc.iter() - /// .chain(abc.iter()), - /// compressed.iter().map(|pt| pt.decompress()) - /// .chain(PQR.iter().map(|&pt| Some(pt))), - /// ); - /// - /// assert_eq!(A3, Some(A1+A1)); - /// ``` - fn optional_multiscalar_mul(scalars: I, points: J) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator>; - - /// Given an iterator of public scalars and an iterator of - /// public points, compute - /// $$ - /// Q = c\_1 P\_1 + \cdots + c\_n P\_n, - /// $$ - /// using variable-time operations. - /// - /// It is an error to call this function with two iterators of different lengths. - /// - /// # Examples - /// - /// The trait bound aims for maximum flexibility: the inputs must be - /// convertable to iterators (`I: IntoIter`), and the iterator's items - /// must be `Borrow` (or `Borrow`), to allow - /// iterators returning either `Scalar`s or `&Scalar`s. - /// - /// ``` - /// use curve25519_dalek::constants; - /// use curve25519_dalek::traits::VartimeMultiscalarMul; - /// use curve25519_dalek::ristretto::RistrettoPoint; - /// use curve25519_dalek::scalar::Scalar; - /// - /// // Some scalars - /// let a = Scalar::from(87329482u64); - /// let b = Scalar::from(37264829u64); - /// let c = Scalar::from(98098098u64); - /// - /// // Some points - /// let P = constants::RISTRETTO_BASEPOINT_POINT; - /// let Q = P + P; - /// let R = P + Q; - /// - /// // A1 = a*P + b*Q + c*R - /// let abc = [a,b,c]; - /// let A1 = RistrettoPoint::vartime_multiscalar_mul(&abc, &[P,Q,R]); - /// // Note: (&abc).into_iter(): Iterator - /// - /// // A2 = (-a)*P + (-b)*Q + (-c)*R - /// let minus_abc = abc.iter().map(|x| -x); - /// let A2 = RistrettoPoint::vartime_multiscalar_mul(minus_abc, &[P,Q,R]); - /// // Note: minus_abc.into_iter(): Iterator - /// - /// assert_eq!(A1.compress(), (-A2).compress()); - /// ``` - fn vartime_multiscalar_mul(scalars: I, points: J) -> Self::Point - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - Self::Point: Clone, - { - Self::optional_multiscalar_mul( - scalars, - points.into_iter().map(|P| Some(P.borrow().clone())), - ) - .unwrap() - } -} - -/// A trait for variable-time multiscalar multiplication with precomputation. -/// -/// A general multiscalar multiplication with precomputation can be written as -/// $$ -/// Q = a_1 A_1 + \cdots + a_n A_n + b_1 B_1 + \cdots + b_m B_m, -/// $$ -/// where the \\(B_i\\) are *static* points, for which precomputation -/// is possible, and the \\(A_j\\) are *dynamic* points, for which -/// precomputation is not possible. -/// -/// This trait has three methods for performing this computation: -/// -/// * [`vartime_multiscalar_mul`], which handles the special case -/// where \\(n = 0\\) and there are no dynamic points; -/// -/// * [`vartime_mixed_multiscalar_mul`], which takes the dynamic -/// points as already-validated `Point`s and is infallible; -/// -/// * [`optional_mixed_multiscalar_mul`], which takes the dynamic -/// points as `Option`s and returns an `Option`, -/// allowing decompression to be composed into the input iterators. -/// -/// All methods require that the lengths of the input iterators be -/// known and matching, as if they were `ExactSizeIterator`s. (It -/// does not require `ExactSizeIterator` only because that trait is -/// broken). -pub trait VartimePrecomputedMultiscalarMul: Sized { - /// The type of point to be multiplied, e.g., `RistrettoPoint`. - type Point: Clone; - - /// Given the static points \\( B_i \\), perform precomputation - /// and return the precomputation data. - fn new(static_points: I) -> Self - where - I: IntoIterator, - I::Item: Borrow; - - /// Given `static_scalars`, an iterator of public scalars - /// \\(b_i\\), compute - /// $$ - /// Q = b_1 B_1 + \cdots + b_m B_m, - /// $$ - /// where the \\(B_j\\) are the points that were supplied to `new`. - /// - /// It is an error to call this function with iterators of - /// inconsistent lengths. - /// - /// The trait bound aims for maximum flexibility: the input must - /// be convertable to iterators (`I: IntoIter`), and the - /// iterator's items must be `Borrow`, to allow iterators - /// returning either `Scalar`s or `&Scalar`s. - fn vartime_multiscalar_mul(&self, static_scalars: I) -> Self::Point - where - I: IntoIterator, - I::Item: Borrow, - { - use core::iter; - - Self::vartime_mixed_multiscalar_mul( - self, - static_scalars, - iter::empty::(), - iter::empty::(), - ) - } - - /// Given `static_scalars`, an iterator of public scalars - /// \\(b_i\\), `dynamic_scalars`, an iterator of public scalars - /// \\(a_i\\), and `dynamic_points`, an iterator of points - /// \\(A_i\\), compute - /// $$ - /// Q = a_1 A_1 + \cdots + a_n A_n + b_1 B_1 + \cdots + b_m B_m, - /// $$ - /// where the \\(B_j\\) are the points that were supplied to `new`. - /// - /// It is an error to call this function with iterators of - /// inconsistent lengths. - /// - /// The trait bound aims for maximum flexibility: the inputs must be - /// convertable to iterators (`I: IntoIter`), and the iterator's items - /// must be `Borrow` (or `Borrow`), to allow - /// iterators returning either `Scalar`s or `&Scalar`s. - fn vartime_mixed_multiscalar_mul( - &self, - static_scalars: I, - dynamic_scalars: J, - dynamic_points: K, - ) -> Self::Point - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - K: IntoIterator, - K::Item: Borrow, - { - Self::optional_mixed_multiscalar_mul( - self, - static_scalars, - dynamic_scalars, - dynamic_points.into_iter().map(|P| Some(P.borrow().clone())), - ) - .unwrap() - } - - /// Given `static_scalars`, an iterator of public scalars - /// \\(b_i\\), `dynamic_scalars`, an iterator of public scalars - /// \\(a_i\\), and `dynamic_points`, an iterator of points - /// \\(A_i\\), compute - /// $$ - /// Q = a_1 A_1 + \cdots + a_n A_n + b_1 B_1 + \cdots + b_m B_m, - /// $$ - /// where the \\(B_j\\) are the points that were supplied to `new`. - /// - /// If any of the dynamic points were `None`, return `None`. - /// - /// It is an error to call this function with iterators of - /// inconsistent lengths. - /// - /// This function is particularly useful when verifying statements - /// involving compressed points. Accepting `Option` allows - /// inlining point decompression into the multiscalar call, - /// avoiding the need for temporary buffers. - fn optional_mixed_multiscalar_mul( - &self, - static_scalars: I, - dynamic_scalars: J, - dynamic_points: K, - ) -> Option - where - I: IntoIterator, - I::Item: Borrow, - J: IntoIterator, - J::Item: Borrow, - K: IntoIterator>; -} - -// ------------------------------------------------------------------------ -// Private Traits -// ------------------------------------------------------------------------ - -/// Trait for checking whether a point is on the curve. -/// -/// This trait is only for debugging/testing, since it should be -/// impossible for a `curve25519-dalek` user to construct an invalid -/// point. -pub(crate) trait ValidityCheck { - /// Checks whether the point is on the curve. Not CT. - fn is_valid(&self) -> bool; -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/window.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/window.rs deleted file mode 100644 index 2cf1fbe7eed6..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/window.rs +++ /dev/null @@ -1,228 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! Code for fixed- and sliding-window functionality - -#![allow(non_snake_case)] - -use core::fmt::Debug; - -use subtle::ConditionallyNegatable; -use subtle::ConditionallySelectable; -use subtle::ConstantTimeEq; -use subtle::Choice; - -use traits::Identity; - -use edwards::EdwardsPoint; -use backend::serial::curve_models::ProjectiveNielsPoint; -use backend::serial::curve_models::AffineNielsPoint; - -use zeroize::Zeroize; - -macro_rules! impl_lookup_table { - (Name = $name:ident, Size = $size:expr, SizeNeg = $neg:expr, SizeRange = $range:expr, ConversionRange = $conv_range:expr) => { - -/// A lookup table of precomputed multiples of a point \\(P\\), used to -/// compute \\( xP \\) for \\( -8 \leq x \leq 8 \\). -/// -/// The computation of \\( xP \\) is done in constant time by the `select` function. -/// -/// Since `LookupTable` does not implement `Index`, it's more difficult -/// to accidentally use the table directly. Unfortunately the table is -/// only `pub(crate)` so that we can write hardcoded constants, so it's -/// still technically possible. It would be nice to prevent direct -/// access to the table. -#[derive(Copy, Clone)] -pub struct $name(pub(crate) [T; $size]); - -impl $name -where - T: Identity + ConditionallySelectable + ConditionallyNegatable, -{ - /// Given \\(-8 \leq x \leq 8\\), return \\(xP\\) in constant time. - pub fn select(&self, x: i8) -> T { - debug_assert!(x >= $neg); - debug_assert!(x as i16 <= $size as i16); // XXX We have to convert to i16s here for the radix-256 case.. this is wrong. - - // Compute xabs = |x| - let xmask = x as i16 >> 7; - let xabs = (x as i16 + xmask) ^ xmask; - - // Set t = 0 * P = identity - let mut t = T::identity(); - for j in $range { - // Copy `points[j-1] == j*P` onto `t` in constant time if `|x| == j`. - let c = (xabs as u16).ct_eq(&(j as u16)); - t.conditional_assign(&self.0[j - 1], c); - } - // Now t == |x| * P. - - let neg_mask = Choice::from((xmask & 1) as u8); - t.conditional_negate(neg_mask); - // Now t == x * P. - - t - } -} - -impl Default for $name { - fn default() -> $name { - $name([T::default(); $size]) - } -} - -impl Debug for $name { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "{:?}(", stringify!($name))?; - - for x in self.0.iter() { - write!(f, "{:?}", x)?; - } - - write!(f, ")") - } -} - -impl<'a> From<&'a EdwardsPoint> for $name { - fn from(P: &'a EdwardsPoint) -> Self { - let mut points = [P.to_projective_niels(); $size]; - for j in $conv_range { - points[j + 1] = (P + &points[j]).to_extended().to_projective_niels(); - } - $name(points) - } -} - -impl<'a> From<&'a EdwardsPoint> for $name { - fn from(P: &'a EdwardsPoint) -> Self { - let mut points = [P.to_affine_niels(); $size]; - // XXX batch inversion would be good if perf mattered here - for j in $conv_range { - points[j + 1] = (P + &points[j]).to_extended().to_affine_niels() - } - $name(points) - } -} - -impl Zeroize for $name -where - T: Copy + Default + Zeroize -{ - fn zeroize(&mut self) { - for x in self.0.iter_mut() { - x.zeroize(); - } - } -} - -}} // End macro_rules! impl_lookup_table - -// The first one has to be named "LookupTable" because it's used as a constructor for consts. -impl_lookup_table! {Name = LookupTable, Size = 8, SizeNeg = -8, SizeRange = 1 .. 9, ConversionRange = 0 .. 7} // radix-16 -impl_lookup_table! {Name = LookupTableRadix32, Size = 16, SizeNeg = -16, SizeRange = 1 .. 17, ConversionRange = 0 .. 15} // radix-32 -impl_lookup_table! {Name = LookupTableRadix64, Size = 32, SizeNeg = -32, SizeRange = 1 .. 33, ConversionRange = 0 .. 31} // radix-64 -impl_lookup_table! {Name = LookupTableRadix128, Size = 64, SizeNeg = -64, SizeRange = 1 .. 65, ConversionRange = 0 .. 63} // radix-128 -impl_lookup_table! {Name = LookupTableRadix256, Size = 128, SizeNeg = -128, SizeRange = 1 .. 129, ConversionRange = 0 .. 127} // radix-256 - -// For homogeneity we then alias it to "LookupTableRadix16". -pub type LookupTableRadix16 = LookupTable; - -/// Holds odd multiples 1A, 3A, ..., 15A of a point A. -#[derive(Copy, Clone)] -pub(crate) struct NafLookupTable5(pub(crate) [T; 8]); - -impl NafLookupTable5 { - /// Given public, odd \\( x \\) with \\( 0 < x < 2^4 \\), return \\(xA\\). - pub fn select(&self, x: usize) -> T { - debug_assert_eq!(x & 1, 1); - debug_assert!(x < 16); - - self.0[x / 2] - } -} - -impl Debug for NafLookupTable5 { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "NafLookupTable5({:?})", self.0) - } -} - -impl<'a> From<&'a EdwardsPoint> for NafLookupTable5 { - fn from(A: &'a EdwardsPoint) -> Self { - let mut Ai = [A.to_projective_niels(); 8]; - let A2 = A.double(); - for i in 0..7 { - Ai[i + 1] = (&A2 + &Ai[i]).to_extended().to_projective_niels(); - } - // Now Ai = [A, 3A, 5A, 7A, 9A, 11A, 13A, 15A] - NafLookupTable5(Ai) - } -} - -impl<'a> From<&'a EdwardsPoint> for NafLookupTable5 { - fn from(A: &'a EdwardsPoint) -> Self { - let mut Ai = [A.to_affine_niels(); 8]; - let A2 = A.double(); - for i in 0..7 { - Ai[i + 1] = (&A2 + &Ai[i]).to_extended().to_affine_niels(); - } - // Now Ai = [A, 3A, 5A, 7A, 9A, 11A, 13A, 15A] - NafLookupTable5(Ai) - } -} - -/// Holds stuff up to 8. -#[derive(Copy, Clone)] -pub(crate) struct NafLookupTable8(pub(crate) [T; 64]); - -impl NafLookupTable8 { - pub fn select(&self, x: usize) -> T { - debug_assert_eq!(x & 1, 1); - debug_assert!(x < 128); - - self.0[x / 2] - } -} - -impl Debug for NafLookupTable8 { - fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result { - write!(f, "NafLookupTable8([\n")?; - for i in 0..64 { - write!(f, "\t{:?},\n", &self.0[i])?; - } - write!(f, "])") - } -} - -impl<'a> From<&'a EdwardsPoint> for NafLookupTable8 { - fn from(A: &'a EdwardsPoint) -> Self { - let mut Ai = [A.to_projective_niels(); 64]; - let A2 = A.double(); - for i in 0..63 { - Ai[i + 1] = (&A2 + &Ai[i]).to_extended().to_projective_niels(); - } - // Now Ai = [A, 3A, 5A, 7A, 9A, 11A, 13A, 15A, ..., 127A] - NafLookupTable8(Ai) - } -} - -impl<'a> From<&'a EdwardsPoint> for NafLookupTable8 { - fn from(A: &'a EdwardsPoint) -> Self { - let mut Ai = [A.to_affine_niels(); 64]; - let A2 = A.double(); - for i in 0..63 { - Ai[i + 1] = (&A2 + &Ai[i]).to_extended().to_affine_niels(); - } - // Now Ai = [A, 3A, 5A, 7A, 9A, 11A, 13A, 15A, ..., 127A] - NafLookupTable8(Ai) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/LICENSE b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/LICENSE deleted file mode 100644 index ff3475745249..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/LICENSE +++ /dev/null @@ -1,65 +0,0 @@ -Copyright (c) 2016-2021 isis agora lovecruft. All rights reserved. -Copyright (c) 2016-2021 Henry de Valence. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS -IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -======================================================================== - -Portions of curve25519-dalek were originally derived from Adam Langley's -Go ed25519 implementation, found at , -under the following licence: - -======================================================================== - -Copyright (c) 2012 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS -IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER -OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/avx2-notes.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/avx2-notes.md deleted file mode 100644 index ccb502233e2b..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/avx2-notes.md +++ /dev/null @@ -1,140 +0,0 @@ -An AVX2 implementation of the vectorized point operation strategy. - -# Field element representation - -Our strategy is to implement 4-wide multiplication and squaring by -wordslicing, using one 64-bit AVX2 lane for each field element. Field -elements are represented in the usual way as 10 `u32` limbs in radix -\\(25.5\\) (i.e., alternating between \\(2\^{26}\\) for even limbs and -\\(2\^{25}\\) for odd limbs). This has the effect that passing between -the parallel 32-bit AVX2 representation and the serial 64-bit -representation (which uses radix \\(2^{51}\\)) amounts to regrouping -digits. - -The field element representation is oriented around the AVX2 -`vpmuludq` instruction, which multiplies the low 32 bits of each -64-bit lane of each operand to produce a 64-bit result. - -```text,no_run -(a1 ?? b1 ?? c1 ?? d1 ??) -(a2 ?? b2 ?? c2 ?? d2 ??) - -(a1*a2 b1*b2 c1*c2 d1*d2) -``` - -To unpack 32-bit values into 64-bit lanes for use in multiplication -it would be convenient to use the `vpunpck[lh]dq` instructions, -which unpack and interleave the low and high 32-bit lanes of two -source vectors. -However, the AVX2 versions of these instructions are designed to -operate only within 128-bit lanes of the 256-bit vectors, so that -interleaving the low lanes of `(a0 b0 c0 d0 a1 b1 c1 d1)` with zero -gives `(a0 00 b0 00 a1 00 b1 00)`. Instead, we pre-shuffle the data -layout as `(a0 b0 a1 b1 c0 d0 c1 d1)` so that we can unpack the -"low" and "high" parts as - -```text,no_run -(a0 00 b0 00 c0 00 d0 00) -(a1 00 b1 00 c1 00 d1 00) -``` - -The data layout for a vector of four field elements \\( (a,b,c,d) -\\) with limbs \\( a_0, a_1, \ldots, a_9 \\) is as `[u32x8; 5]` in -the form - -```text,no_run -(a0 b0 a1 b1 c0 d0 c1 d1) -(a2 b2 a3 b3 c2 d2 c3 d3) -(a4 b4 a5 b5 c4 d4 c5 d5) -(a6 b6 a7 b7 c6 d6 c7 d7) -(a8 b8 a9 b9 c8 d8 c9 d9) -``` - -Since this breaks cleanly into two 128-bit lanes, it may be possible -to adapt it to 128-bit vector instructions such as NEON without too -much difficulty. - -# Avoiding Overflow in Doubling - -To analyze the size of the field element coefficients during the -computations, we can parameterize the bounds on the limbs of each -field element by \\( b \in \mathbb R \\) representing the excess bits -above that limb's radix, so that each limb is bounded by either -\\(2\^{25+b} \\) or \\( 2\^{26+b} \\), as appropriate. - -The multiplication routine requires that its inputs are bounded with -\\( b < 1.75 \\), in order to fit a multiplication by \\( 19 \\) -into 32 bits. Since \\( \lg 19 < 4.25 \\), \\( 19x < 2\^{32} \\) -when \\( x < 2\^{27.75} = 2\^{26 + 1.75} \\). However, this is only -required for one of the inputs; the other can grow up to \\( b < 2.5 -\\). - -In addition, the multiplication and squaring routines do not -canonically reduce their outputs, but can leave some small uncarried -excesses, so that their reduced outputs are bounded with -\\( b < 0.007 \\). - -The non-parallel portion of the doubling formulas is -$$ -\begin{aligned} -(S\_5 &&,&& S\_6 &&,&& S\_8 &&,&& S\_9 ) -&\gets -(S\_1 + S\_2 &&,&& S\_1 - S\_2 &&,&& S\_1 + 2S\_3 - S\_2 &&,&& S\_1 + S\_2 - S\_4) -\end{aligned} -$$ - -Computing \\( (S\_5, S\_6, S\_8, S\_9 ) \\) as -$$ -\begin{matrix} - & S\_1 & S\_1 & S\_1 & S\_1 \\\\ -+& S\_2 & & & S\_2 \\\\ -+& & & S\_3 & \\\\ -+& & & S\_3 & \\\\ -+& & 2p & 2p & 2p \\\\ --& & S\_2 & S\_2 & \\\\ --& & & & S\_4 \\\\ -=& S\_5 & S\_6 & S\_8 & S\_9 -\end{matrix} -$$ -results in bit-excesses \\( < (1.01, 1.60, 2.33, 2.01)\\) for -\\( (S\_5, S\_6, S\_8, S\_9 ) \\). The products we want to compute -are then -$$ -\begin{aligned} -X\_3 &\gets S\_8 S\_9 \leftrightarrow (2.33, 2.01) \\\\ -Y\_3 &\gets S\_5 S\_6 \leftrightarrow (1.01, 1.60) \\\\ -Z\_3 &\gets S\_8 S\_6 \leftrightarrow (2.33, 1.60) \\\\ -T\_3 &\gets S\_5 S\_9 \leftrightarrow (1.01, 2.01) -\end{aligned} -$$ -which are too large: it's not possible to arrange the multiplicands so -that one vector has \\(b < 2.5\\) and the other has \\( b < 1.75 \\). -However, if we flip the sign of \\( S\_4 = S\_0\^2 \\) during -squaring, so that we output \\(S\_4' = -S\_4 \pmod p\\), then we can -compute -$$ -\begin{matrix} - & S\_1 & S\_1 & S\_1 & S\_1 \\\\ -+& S\_2 & & & S\_2 \\\\ -+& & & S\_3 & \\\\ -+& & & S\_3 & \\\\ -+& & & & S\_4' \\\\ -+& & 2p & 2p & \\\\ --& & S\_2 & S\_2 & \\\\ -=& S\_5 & S\_6 & S\_8 & S\_9 -\end{matrix} -$$ -resulting in bit-excesses \\( < (1.01, 1.60, 2.33, 1.60)\\) for -\\( (S\_5, S\_6, S\_8, S\_9 ) \\). The products we want to compute -are then -$$ -\begin{aligned} -X\_3 &\gets S\_8 S\_9 \leftrightarrow (2.33, 1.60) \\\\ -Y\_3 &\gets S\_5 S\_6 \leftrightarrow (1.01, 1.60) \\\\ -Z\_3 &\gets S\_8 S\_6 \leftrightarrow (2.33, 1.60) \\\\ -T\_3 &\gets S\_5 S\_9 \leftrightarrow (1.01, 1.60) -\end{aligned} -$$ -whose right-hand sides are all bounded with \\( b < 1.75 \\) and -whose left-hand sides are all bounded with \\( b < 2.5 \\), -so that we can avoid any intermediate reductions. diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/ifma-notes.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/ifma-notes.md deleted file mode 100644 index c6fd3b3a8b2e..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/ifma-notes.md +++ /dev/null @@ -1,580 +0,0 @@ -An AVX512-IFMA implementation of the vectorized point operation -strategy. - -# IFMA instructions - -AVX512-IFMA is an extension to AVX-512 consisting of two instructions: - -* `vpmadd52luq`: packed multiply of unsigned 52-bit integers and add - the low 52 product bits to 64-bit accumulators; -* `vpmadd52huq`: packed multiply of unsigned 52-bit integers and add - the high 52 product bits to 64-bit accumulators; - -These operate on 64-bit lanes of their source vectors, taking the low -52 bits of each lane of each source vector, computing the 104-bit -products of each pair, and then adding either the high or low 52 bits -of the 104-bit products to the 64-bit lanes of the destination vector. -The multiplication is performed internally by reusing circuitry for -floating-point arithmetic. Although these instructions are part of -AVX512, the AVX512VL (vector length) extension (present whenever IFMA -is) allows using them with 512, 256, or 128-bit operands. - -This provides a major advantage to vectorized integer operations: -previously, vector operations could only use a \\(32 \times 32 -\rightarrow 64\\)-bit multiplier, while serial code could use a -\\(64\times 64 \rightarrow 128\\)-bit multiplier. - -## IFMA for big-integer multiplications - -A detailed example of the intended use of the IFMA instructions can be -found in a 2016 paper by Gueron and Krasnov, [_Accelerating Big -Integer Arithmetic Using Intel IFMA Extensions_][2016_gueron_krasnov]. -The basic idea is that multiplication of large integers (such as 1024, -2048, or more bits) can be performed as follows. - -First, convert a “packed” 64-bit representation -\\[ -\begin{aligned} -x &= x'_0 + x'_1 2^{64} + x'_2 2^{128} + \cdots \\\\ -y &= y'_0 + y'_1 2^{64} + y'_2 2^{128} + \cdots -\end{aligned} -\\] -into a “redundant” 52-bit representation -\\[ -\begin{aligned} -x &= x_0 + x_1 2^{52} + x_2 2^{104} + \cdots \\\\ -y &= y_0 + y_1 2^{52} + y_2 2^{104} + \cdots -\end{aligned} -\\] -with each \\(x_i, y_j\\) in a 64-bit lane. - -Writing the product as \\(z = z_0 + z_1 2^{52} + z_2 2^{104} + \cdots\\), -the “schoolbook” multiplication strategy gives -\\[ -\begin{aligned} -&z_0 &&=& x_0 & y_0 & & & & & & & & \\\\ -&z_1 &&=& x_1 & y_0 &+ x_0 & y_1 & & & & & & \\\\ -&z_2 &&=& x_2 & y_0 &+ x_1 & y_1 &+ x_0 & y_2 & & & & \\\\ -&z_3 &&=& x_3 & y_0 &+ x_2 & y_1 &+ x_1 & y_2 &+ x_0 & y_3 & & \\\\ -&z_4 &&=& \vdots\\;&\\;\vdots &+ x_3 & y_1 &+ x_2 & y_2 &+ x_1 & y_3 &+ \cdots& \\\\ -&z_5 &&=& & & \vdots\\;&\\;\vdots &+ x_3 & y_2 &+ x_2 & y_3 &+ \cdots& \\\\ -&z_6 &&=& & & & & \vdots\\;&\\;\vdots &+ x_3 & y_3 &+ \cdots& \\\\ -&z_7 &&=& & & & & & & \vdots\\;&\\;\vdots &+ \cdots& \\\\ -&\vdots&&=& & & & & & & & & \ddots& \\\\ -\end{aligned} -\\] -Notice that the product coefficient \\(z_k\\), representing the value -\\(z_k 2^{52k}\\), is the sum of all product terms -\\( -(x_i 2^{52 i}) (y_j 2^{52 j}) -\\) -with \\(k = i + j\\). -Write the IFMA operators \\(\mathrm{lo}(a,b)\\), denoting the low -\\(52\\) bits of \\(ab\\), and -\\(\mathrm{hi}(a,b)\\), denoting the high \\(52\\) bits of -\\(ab\\). -Now we can rewrite the product terms as -\\[ -\begin{aligned} -(x_i 2^{52 i}) (y_j 2^{52 j}) -&= -2^{52 (i+j)}( -\mathrm{lo}(x_i, y_j) + -\mathrm{hi}(x_i, y_j) 2^{52} -) -\\\\ -&= -\mathrm{lo}(x_i, y_j) 2^{52 (i+j)} + -\mathrm{hi}(x_i, y_j) 2^{52 (i+j+1)}. -\end{aligned} -\\] -This means that the low half of \\(x_i y_j\\) can be accumulated onto -the product limb \\(z_{i+j}\\) and the high half can be directly -accumulated onto the next-higher product limb \\(z_{i+j+1}\\) with no -additional operations. This allows rewriting the schoolbook -multiplication into the form -\\[ -\begin{aligned} -&z_0 &&=& \mathrm{lo}(x_0,&y_0) & & & & & & & & & & \\\\ -&z_1 &&=& \mathrm{lo}(x_1,&y_0) &+\mathrm{hi}(x_0,&y_0) &+\mathrm{lo}(x_0,&y_1) & & & & & & \\\\ -&z_2 &&=& \mathrm{lo}(x_2,&y_0) &+\mathrm{hi}(x_1,&y_0) &+\mathrm{lo}(x_1,&y_1) &+\mathrm{hi}(x_0,&y_1) &+\mathrm{lo}(x_0,&y_2) & & \\\\ -&z_3 &&=& \mathrm{lo}(x_3,&y_0) &+\mathrm{hi}(x_2,&y_0) &+\mathrm{lo}(x_2,&y_1) &+\mathrm{hi}(x_1,&y_1) &+\mathrm{lo}(x_1,&y_2) &+ \cdots& \\\\ -&z_4 &&=& \vdots\\;&\\;\vdots &+\mathrm{hi}(x_3,&y_0) &+\mathrm{lo}(x_3,&y_1) &+\mathrm{hi}(x_2,&y_1) &+\mathrm{lo}(x_2,&y_2) &+ \cdots& \\\\ -&z_5 &&=& & & \vdots\\;&\\;\vdots & \vdots\\;&\\;\vdots &+\mathrm{hi}(x_3,&y_1) &+\mathrm{lo}(x_3,&y_2) &+ \cdots& \\\\ -&z_6 &&=& & & & & & & \vdots\\;&\\;\vdots & \vdots\\;&\\;\vdots &+ \cdots& \\\\ -&\vdots&&=& & & & & & & & & & & \ddots& \\\\ -\end{aligned} -\\] -Gueron and Krasnov implement multiplication by constructing vectors -out of the columns of this diagram, so that the source operands for -the IFMA instructions are of the form \\((x_0, x_1, x_2, \ldots)\\) -and \\((y_i, y_i, y_i, \ldots)\\). -After performing the multiplication, -the product terms \\(z_i\\) are then repacked into a 64-bit representation. - -## An alternative strategy - -The strategy described above is aimed at big-integer multiplications, -such as 1024, 2048, or 4096 bits, which would be used for applications -like RSA. However, elliptic curve cryptography uses much smaller field -sizes, such as 256 or 384 bits, so a different strategy is needed. - -The parallel Edwards formulas provide parallelism at the level of the -formulas for curve operations. This means that instead of scanning -through the terms of the source operands and parallelizing *within* a -field element (as described above), we can arrange the computation in -product-scanning form and parallelize *across* field elements (as -described below). - -The parallel Edwards -formulas provide 4-way parallelism, so they can be implemented using -256-bit vectors using a single 64-bit lane for each element, or using -512-bit vectors using two 64-bit lanes. -The only available CPU supporting IFMA (the -i3-8121U) executes 512-bit IFMA instructions at half rate compared to -256-bit instructions, so for now there's no throughput advantage to -using 512-bit IFMA instructions, and this implementation uses 256-bit -vectors. - -To extend this to 512-bit vectors, it's only only necessary to achieve -2-way parallelism, and it's possible (with a small amount of overhead) -to create a hybrid strategy that operates entirely within 128-bit -lanes. This means that cross-lane operations can use the faster -`vpshufd` (1c latency) instead of a general shuffle instruction (3c -latency). - -# Choice of radix - -The inputs to IFMA instructions are 52 bits wide, so the radix \\(r\\) -used to represent a multiprecision integer must be \\( r \leq 52 \\). -The obvious choice is the "native" radix \\(r = 52\\). - -As described above, this choice -has the advantage that for \\(x_i, y_j \in [0,2^{52})\\), the product term -\\[ -\begin{aligned} -(x_i 2^{52 i}) (y_j 2^{52 j}) -&= -2^{52 (i+j)}( -\mathrm{lo}(x_i, y_j) + -\mathrm{hi}(x_i, y_j) 2^{52} -) -\\\\ -&= -\mathrm{lo}(x_i, y_j) 2^{52 (i+j)} + -\mathrm{hi}(x_i, y_j) 2^{52 (i+j+1)}, -\end{aligned} -\\] -so that the low and high halves of the product can be directly accumulated -onto the product limbs. -In contrast, when using a smaller radix \\(r = 52 - k\\), -the product term has the form -\\[ -\begin{aligned} -(x_i 2^{r i}) (y_j 2^{r j}) -&= -2^{r (i+j)}( -\mathrm{lo}(x_i, y_j) + -\mathrm{hi}(x_i, y_j) 2^{52} -) -\\\\ -&= -\mathrm{lo}(x_i, y_j) 2^{r (i+j)} + -( -\mathrm{hi}(x_i, y_j) 2^k -) -2^{r (i+j+1)}. -\end{aligned} -\\] -What's happening is that the product \\(x_i y_j\\) of size \\(2r\\) -bits is split not at \\(r\\) but at \\(52\\), so \\(k\\) product bits -are placed into the low half instead of the high half. This means -that the high half of the product cannot be directly accumulated onto -\\(z_{i+j+1}\\), but must first be multiplied by \\(2^k\\) (i.e., left -shifted by \\(k\\)). In addition, the low half of the product is -\\(52\\) bits large instead of \\(r\\) bits. - -## Handling offset product terms - -[Drucker and Gueron][2018_drucker_gueron] analyze the choice of radix -in the context of big-integer squaring, outlining three ways to handle -the offset product terms, before concluding that all of them are -suboptimal: - -1. Shift the results after accumulation; -2. Shift the input operands before multiplication; -3. Split the MAC operation, accumulating into a zeroed register, - shifting the result, and then adding. - -The first option is rejected because it could double-shift some -previously accumulated terms, the second doesn't work because the -inputs could become larger than \\(52\\) bits, and the third requires -additional instructions to handle the shifting and adding. - -Based on an analysis of total number of instructions, they suggest an -addition to the instruction set, which they call `FMSA` (fused -multiply-shift-add). This would shift the result according to an 8-bit -immediate value before accumulating it into the destination register. - -However, this change to the instruction set doesn't seem to be -necessary. Instead, the product terms can be grouped according to -their coefficients, accumulated together, then shifted once before -adding them to the final sum. This uses an extra register, shift, and -add, but only once per product term (accumulation target), not once -per source term (as in the Drucker-Gueron paper). - -Moreover, because IFMA instructions execute only on two ports -(presumably 0 and 1), while adds and shifts can execute on three ports -(0, 1, and 5), the adds and shifts can execute independently of the -IFMA operations, as long as there is not too much pressure on port 5. -This means that, although the total number of instructions increases, -the shifts and adds do not necessarily increase the execution time, as -long as throughput is limited by IFMA operations. - -Finally, because IFMA instructions have 4 cycle latency and 0.5/1 -cycle throughput (for 256/512 bit vectors), maximizing IFMA throughput -requires either 8 (for 256) or 4 (for 512) independent operations. So -accumulating groups of terms independently before adding them at the -end may be necessary anyways, in order to prevent long chains of -dependent instructions. - -## Advantages of a smaller radix - -Using a smaller radix has other advantages. Although radix \\(52\\) -is an unsaturated representation from the point of view of the -\\(64\\)-bit accumulators (because up to 4096 product terms can be -accumulated without carries), it's a saturated representation from the -point of view of the multiplier (since \\(52\\)-bit values are the -maximum input size). - -Because the inputs to a multiplication must have all of their limbs -bounded by \\(2^{52}\\), limbs in excess of \\(2^{52}\\) must be -reduced before they can be used as an input. The -[Gueron-Krasnov][2016_gueron_krasnov] paper suggests normalizing -values using a standard, sequential carry chain: for each limb, add -the carryin from reducing the previous limb, compute the carryout and -reduce the current limb, then move to the next limb. - -However, when using a smaller radix, such as \\(51\\), each limb can -store a carry bit and still be used as the input to a multiplication. -This means that the inputs do not need to be normalized, and instead -of using a sequential carry chain, we can compute all carryouts in -parallel, reduce all limbs in parallel, and then add the carryins in -parallel (possibly growing the limb values by one bit). - -Because the output of this partial reduction is an acceptable -multiplication input, we can "close the loop" using partial reductions -and never have to normalize to a canonical representation through the -entire computation, in contrast to the Gueron-Krasnov approach, which -converts back to a packed representation after every operation. (This -idea seems to trace back to at least as early as [this 1999 -paper][1999_walter]). - -Using \\(r = 51\\) is enough to keep a carry bit in each limb and -avoid normalizations. What about an even smaller radix? One reason -to choose a smaller radix would be to align the limb boundaries with -an inline reduction (for instance, choosing \\(r = 43\\) for the -Mersenne field \\(p = 2^{127} - 1\\)), but for \\(p = 2^{255 - 19}\\), -\\(r = 51 = 255/5\\) is the natural choice. - -# Multiplication - -The inputs to a multiplication are two field elements -\\[ -\begin{aligned} -x &= x_0 + x_1 2^{51} + x_2 2^{102} + x_3 2^{153} + x_4 2^{204} \\\\ -y &= y_0 + y_1 2^{51} + y_2 2^{102} + y_3 2^{153} + y_4 2^{204}, -\end{aligned} -\\] -with limbs in range \\([0,2^{52})\\). - -Writing the product terms as -\\[ -\begin{aligned} -z &= z_0 + z_1 2^{51} + z_2 2^{102} + z_3 2^{153} + z_4 2^{204} \\\\ - &+ z_5 2^{255} + z_6 2^{306} + z_7 2^{357} + z_8 2^{408} + z_9 2^{459}, -\end{aligned} -\\] -a schoolbook multiplication in product scanning form takes the form -\\[ -\begin{aligned} -z_0 &= x_0 y_0 \\\\ -z_1 &= x_1 y_0 + x_0 y_1 \\\\ -z_2 &= x_2 y_0 + x_1 y_1 + x_0 y_2 \\\\ -z_3 &= x_3 y_0 + x_2 y_1 + x_1 y_2 + x_0 y_3 \\\\ -z_4 &= x_4 y_0 + x_3 y_1 + x_2 y_2 + x_1 y_3 + x_0 y_4 \\\\ -z_5 &= x_4 y_1 + x_3 y_2 + x_2 y_3 + x_1 y_4 \\\\ -z_6 &= x_4 y_2 + x_3 y_3 + x_2 y_4 \\\\ -z_7 &= x_4 y_3 + x_3 y_4 \\\\ -z_8 &= x_4 y_4 \\\\ -z_9 &= 0 \\\\ -\end{aligned} -\\] -Each term \\(x_i y_j\\) can be written in terms of IFMA operations as -\\[ -x_i y_j = \mathrm{lo}(x_i,y_j) + 2\mathrm{hi}(x_i,y_j)2^{51}. -\\] -Substituting this equation into the schoolbook multiplication, then -moving terms to eliminate the \\(2^{51}\\) factors gives -\\[ -\begin{aligned} -z_0 &= \mathrm{lo}(x_0, y_0) \\\\ - &+ \qquad 0 \\\\ -z_1 &= \mathrm{lo}(x_1, y_0) + \mathrm{lo}(x_0, y_1) \\\\ - &+ \qquad 2( \mathrm{hi}(x_0, y_0) )\\\\ -z_2 &= \mathrm{lo}(x_2, y_0) + \mathrm{lo}(x_1, y_1) + \mathrm{lo}(x_0, y_2) \\\\ - &+ \qquad 2( \mathrm{hi}(x_1, y_0) + \mathrm{hi}(x_0, y_1) )\\\\ -z_3 &= \mathrm{lo}(x_3, y_0) + \mathrm{lo}(x_2, y_1) + \mathrm{lo}(x_1, y_2) + \mathrm{lo}(x_0, y_3) \\\\ - &+ \qquad 2( \mathrm{hi}(x_2, y_0) + \mathrm{hi}(x_1, y_1) + \mathrm{hi}(x_0, y_2) )\\\\ -z_4 &= \mathrm{lo}(x_4, y_0) + \mathrm{lo}(x_3, y_1) + \mathrm{lo}(x_2, y_2) + \mathrm{lo}(x_1, y_3) + \mathrm{lo}(x_0, y_4) \\\\ - &+ \qquad 2( \mathrm{hi}(x_3, y_0) + \mathrm{hi}(x_2, y_1) + \mathrm{hi}(x_1, y_2) + \mathrm{hi}(x_0, y_3) )\\\\ -z_5 &= \mathrm{lo}(x_4, y_1) + \mathrm{lo}(x_3, y_2) + \mathrm{lo}(x_2, y_3) + \mathrm{lo}(x_1, y_4) \\\\ - &+ \qquad 2( \mathrm{hi}(x_4, y_0) + \mathrm{hi}(x_3, y_1) + \mathrm{hi}(x_2, y_2) + \mathrm{hi}(x_1, y_3) + \mathrm{hi}(x_0, y_4) )\\\\ -z_6 &= \mathrm{lo}(x_4, y_2) + \mathrm{lo}(x_3, y_3) + \mathrm{lo}(x_2, y_4) \\\\ - &+ \qquad 2( \mathrm{hi}(x_4, y_1) + \mathrm{hi}(x_3, y_2) + \mathrm{hi}(x_2, y_3) + \mathrm{hi}(x_1, y_4) )\\\\ -z_7 &= \mathrm{lo}(x_4, y_3) + \mathrm{lo}(x_3, y_4) \\\\ - &+ \qquad 2( \mathrm{hi}(x_4, y_2) + \mathrm{hi}(x_3, y_3) + \mathrm{hi}(x_2, y_4) )\\\\ -z_8 &= \mathrm{lo}(x_4, y_4) \\\\ - &+ \qquad 2( \mathrm{hi}(x_4, y_3) + \mathrm{hi}(x_3, y_4) )\\\\ -z_9 &= 0 \\\\ - &+ \qquad 2( \mathrm{hi}(x_4, y_4) )\\\\ -\end{aligned} -\\] -As noted above, our strategy will be to multiply and accumulate the -terms with coefficient \\(2\\) separately from those with coefficient -\\(1\\), before combining them at the end. This can alternately be -thought of as accumulating product terms into a *doubly-redundant* -representation, with two limbs for each digit, before collapsing -the doubly-redundant representation by shifts and adds. - -This computation requires 25 `vpmadd52luq` and 25 `vpmadd52huq` -operations. For 256-bit vectors, IFMA operations execute on an -i3-8121U with latency 4 cycles, throughput 0.5 cycles, so executing 50 -instructions requires 25 cycles' worth of throughput. Accumulating -terms with coefficient \\(1\\) and \\(2\\) seperately means that the -longest dependency chain has length 5, so the critical path has length -20 cycles and the bottleneck is throughput. - -# Reduction modulo \\(p\\) - -The next question is how to handle the reduction modulo \\(p\\). -Because \\(p = 2^{255} - 19\\), \\(2^{255} = 19 \pmod p\\), so we can -alternately write -\\[ -\begin{aligned} -z &= z_0 + z_1 2^{51} + z_2 2^{102} + z_3 2^{153} + z_4 2^{204} \\\\ - &+ z_5 2^{255} + z_6 2^{306} + z_7 2^{357} + z_8 2^{408} + z_9 2^{459} -\end{aligned} -\\] -as -\\[ -\begin{aligned} -z &= (z_0 + 19z_5) + (z_1 + 19z_6) 2^{51} + (z_2 + 19z_7) 2^{102} + (z_3 + 19z_8) 2^{153} + (z_4 + 19z_9) 2^{204}. -\end{aligned} -\\] -When using a \\(64 \times 64 \rightarrow 128\\)-bit multiplier, this -can be handled (as in [Ed25519][ed25519_paper]) by premultiplying -source terms by \\(19\\). Since \\(\lg(19) < 4.25\\), this increases -their size by less than \\(4.25\\) bits, and the rest of the -multiplication can be shown to work out. - -Here, we have at most \\(1\\) bit of headroom. In order to allow -premultiplication, we would need to use radix \\(2^{47}\\), which -would require six limbs instead of five. Instead, we compute the high -terms \\(z_5, \ldots, z_9\\), each using two chains of IFMA -operations, then multiply by \\(19\\) and combine with the lower terms -\\(z_0, \ldots, z_4\\). There are two ways to perform the -multiplication by \\(19\\): using more IFMA operations, or using the -`vpmullq` instruction, which computes the low \\(64\\) bits of a \\(64 -\times 64\\)-bit product. However, `vpmullq` has 15c/1.5c -latency/throughput, in contrast to the 4c/0.5c latency/throughput of -IFMA operations, so it seems like a worse choice. - -The high terms \\(z_5, \ldots, z_9\\) are sums of \\(52\\)-bit terms, -so they are larger than \\(52\\) bits. Write these terms in radix \\(52\\) as -\\[ -z_{5+i} = z_{5+i}' + z_{5+i}'' 2^{52}, \qquad z_{5+i}' < 2^{52}. -\\] -Then the contribution of \\(z_{5+i}\\), taken modulo \\(p\\), is -\\[ -\begin{aligned} -z_{5+i} 2^{255} 2^{51 i} -&= -19 (z_{5+i}' + z_{5+i}'' 2^{52}) 2^{51 i} -\\\\ -&= -19 z_{5+i}' 2^{51 i} + 2 \cdot 19 z_{5+i}'' 2^{51 (i+1)} -\\\\ -\end{aligned} -\\] -The products \\(19 z_{5+i}', 19 z_{5+i}''\\) can be written in terms of IFMA operations as -\\[ -\begin{aligned} -19 z_{5+i}' &= \mathrm{lo}(19, z_{5+i}') + 2 \mathrm{hi}(19, z_{5+i}') 2^{51}, \\\\ -19 z_{5+i}'' &= \mathrm{lo}(19, z_{5+i}'') + 2 \mathrm{hi}(19, z_{5+i}'') 2^{51}. \\\\ -\end{aligned} -\\] -Because \\(z_{5+i} < 2^{64}\\), \\(z_{5+i}'' < 2^{12} \\), so \\(19 -z_{5+i}'' < 2^{17} < 2^{52} \\) and \\(\mathrm{hi}(19, z_{5+i}'') = 0\\). -Because IFMA operations ignore the high bits of their source -operands, we do not need to compute \\(z\_{5+i}'\\) explicitly: -the high bits will be ignored. -Combining these observations, we can write -\\[ -\begin{aligned} -z_{5+i} 2^{255} 2^{51 i} -&= -19 z_{5+i}' 2^{51 i} + 2 \cdot 19 z_{5+i}'' 2^{51 (i+1)} -\\\\ -&= -\mathrm{lo}(19, z_{5+i}) 2^{51 i} -\+ 2 \mathrm{hi}(19, z_{5+i}) 2^{51 (i+1)} -\+ 2 \mathrm{lo}(19, z_{5+i}/2^{52}) 2^{51 (i+1)}. -\end{aligned} -\\] - -For \\(i = 0,1,2,3\\), this allows reducing \\(z_{5+i}\\) onto -\\(z_{i}, z_{i+1}\\), and if the low terms are computed using a -doubly-redundant representation, no additional shifts are needed to -handle the \\(2\\) coefficients. For \\(i = 4\\), there's a -complication: the contribution becomes -\\[ -\begin{aligned} -z_{9} 2^{255} 2^{204} -&= -\mathrm{lo}(19, z_{9}) 2^{204} -\+ 2 \mathrm{hi}(19, z_{9}) 2^{255} -\+ 2 \mathrm{lo}(19, z_{9}/2^{52}) 2^{255} -\\\\ -&= -\mathrm{lo}(19, z_{9}) 2^{204} -\+ 2 \mathrm{hi}(19, z_{9}) 19 -\+ 2 \mathrm{lo}(19, z_{9}/2^{52}) 19 -\\\\ -&= -\mathrm{lo}(19, z_{9}) 2^{204} -\+ 2 -\mathrm{lo}(19, \mathrm{hi}(19, z_{9}) + \mathrm{lo}(19, z_{9}/2^{52})). -\\\\ -\end{aligned} -\\] - -It would be possible to cut the number of multiplications from 3 to 2 -by carrying the high part of each \\(z_i\\) onto \\(z_{i+1}\\). This -would eliminate 5 multiplications, clearing 2.5 cycles of port -pressure, at the cost of 5 additions, adding 1.66 cycles of port -pressure. But doing this would create a dependency between terms -(e.g., \\(z_{5}\\) must be computed before the reduction of -\\(z_{6}\\) can begin), whereas with the approach above, all -contributions to all terms are computed independently, to maximize ILP -and flexibility for the processor to schedule instructions. - -This strategy performs 16 IFMA operations, adding two IFMA operations -to each of the \\(2\\)-coefficient terms and one to each of the -\\(1\\)-coefficient terms. Considering the multiplication and -reduction together, we use 66 IFMA operations, requiring 33 cycles' -throughput, while the longest chain of IFMA operations is in the -reduction of \\(z_5\\) onto \\(z_1\\), of length 7 (so 28 cycles, plus -2 cycles to combine the two parts of \\(z_5\\), and the bottleneck is -again throughput. - -Once this is done, we have computed the product terms -\\[ -z = z_0 + z_1 2^{51} + z_2 2^{102} + z_3 2^{153} + z_4 2^{204}, -\\] -without reducing the \\(z_i\\) to fit in \\(52\\) bits. Because the -overall flow of operations alternates multiplications and additions or -subtractions, we would have to perform a reduction after an addition -but before the next multiplication anyways, so there's no benefit to -fully reducing the limbs at the end of a multiplication. Instead, we -leave them unreduced, and track the reduction state using the type -system to ensure that unreduced limbs are not accidentally used as an -input to a multiplication. - -# Squaring - -Squaring operates similarly to multiplication, but with the -possibility to combine identical terms. -As before, we write the input as -\\[ -\begin{aligned} -x &= x_0 + x_1 2^{51} + x_2 2^{102} + x_3 2^{153} + x_4 2^{204} -\end{aligned} -\\] -with limbs in range \\([0,2^{52})\\). -Writing the product terms as -\\[ -\begin{aligned} -z &= z_0 + z_1 2^{51} + z_2 2^{102} + z_3 2^{153} + z_4 2^{204} \\\\ - &+ z_5 2^{255} + z_6 2^{306} + z_7 2^{357} + z_8 2^{408} + z_9 2^{459}, -\end{aligned} -\\] -a schoolbook squaring in product scanning form takes the form -\\[ -\begin{aligned} -z_0 &= x_0 x_0 \\\\ -z_1 &= 2 x_1 x_0 \\\\ -z_2 &= 2 x_2 x_0 + x_1 x_1 \\\\ -z_3 &= 2 x_3 x_0 + 2 x_2 x_1 \\\\ -z_4 &= 2 x_4 x_0 + 2 x_3 x_1 + x_2 x_2 \\\\ -z_5 &= 2 x_4 x_1 + 2 x_3 x_2 \\\\ -z_6 &= 2 x_4 x_2 + x_3 x_3 \\\\ -z_7 &= 2 x_4 x_3 \\\\ -z_8 &= x_4 x_4 \\\\ -z_9 &= 0 \\\\ -\end{aligned} -\\] -As before, we write \\(x_i x_j\\) as -\\[ -x_i x_j = \mathrm{lo}(x_i,x_j) + 2\mathrm{hi}(x_i,x_j)2^{51}, -\\] -and substitute to obtain -\\[ -\begin{aligned} -z_0 &= \mathrm{lo}(x_0, x_0) + 0 \\\\ -z_1 &= 2 \mathrm{lo}(x_1, x_0) + 2 \mathrm{hi}(x_0, x_0) \\\\ -z_2 &= 2 \mathrm{lo}(x_2, x_0) + \mathrm{lo}(x_1, x_1) + 4 \mathrm{hi}(x_1, x_0) \\\\ -z_3 &= 2 \mathrm{lo}(x_3, x_0) + 2 \mathrm{lo}(x_2, x_1) + 4 \mathrm{hi}(x_2, x_0) + 2 \mathrm{hi}(x_1, x_1) \\\\ -z_4 &= 2 \mathrm{lo}(x_4, x_0) + 2 \mathrm{lo}(x_3, x_1) + \mathrm{lo}(x_2, x_2) + 4 \mathrm{hi}(x_3, x_0) + 4 \mathrm{hi}(x_2, x_1) \\\\ -z_5 &= 2 \mathrm{lo}(x_4, x_1) + 2 \mathrm{lo}(x_3, x_2) + 4 \mathrm{hi}(x_4, x_0) + 4 \mathrm{hi}(x_3, x_1) + 2 \mathrm{hi}(x_2, x_2) \\\\ -z_6 &= 2 \mathrm{lo}(x_4, x_2) + \mathrm{lo}(x_3, x_3) + 4 \mathrm{hi}(x_4, x_1) + 4 \mathrm{hi}(x_3, x_2) \\\\ -z_7 &= 2 \mathrm{lo}(x_4, x_3) + 4 \mathrm{hi}(x_4, x_2) + 2 \mathrm{hi}(x_3, x_3) \\\\ -z_8 &= \mathrm{lo}(x_4, x_4) + 4 \mathrm{hi}(x_4, x_3) \\\\ -z_9 &= 0 + 2 \mathrm{hi}(x_4, x_4) \\\\ -\end{aligned} -\\] -To implement these, we group terms by their coefficient, computing -those with coefficient \\(2\\) on set of IFMA chains, and on another -set of chains, we begin with coefficient-\\(4\\) terms, then shift -left before continuing with the coefficient-\\(1\\) terms. -The reduction strategy is the same as for multiplication. - -# Future improvements - -LLVM won't use blend operations on [256-bit vectors yet][llvm_blend], -so there's a bunch of blend instructions that could be omitted. - -Although the multiplications and squarings are much faster, there's no -speedup to the additions and subtractions, so there are diminishing -returns. In fact, the complications in the doubling formulas mean -that doubling is actually slower than readdition. This also suggests -that moving to 512-bit vectors won't be much help for a strategy aimed -at parallelism within a group operation, so to extract performance -gains from 512-bit vectors it will probably be necessary to create a -parallel-friendly multiscalar multiplication algorithm. This could -also help with reducing shuffle pressure. - -The squaring implementation could probably be optimized, but without -`perf` support on Cannonlake it's difficult to make actual -measurements. - -Another improvement would be to implement vectorized square root -computations, which would allow creating an iterator adaptor for point -decompression that bunched decompression operations and executed them -in parallel. This would accelerate batch verification. - -[2016_gueron_krasnov]: https://ieeexplore.ieee.org/document/7563269 -[2018_drucker_gueron]: https://eprint.iacr.org/2018/335 -[1999_walter]: https://pdfs.semanticscholar.org/0e6a/3e8f30b63b556679f5dff2cbfdfe9523f4fa.pdf -[ed25519_paper]: https://ed25519.cr.yp.to/ed25519-20110926.pdf -[llvm_blend]: https://bugs.llvm.org/show_bug.cgi?id=38343 diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u32/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u32/mod.rs deleted file mode 100644 index 974316e56b9a..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u32/mod.rs +++ /dev/null @@ -1,26 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2018 Isis Lovecruft, Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - Isis Agora Lovecruft -// - Henry de Valence - -//! The `u32` backend uses `u32`s and a `(u32, u32) -> u64` multiplier. -//! -//! This code is intended to be portable, but it requires that -//! multiplication of two \\(32\\)-bit values to a \\(64\\)-bit result -//! is constant-time on the target platform. -//! -//! This uses the formally-verified field arithmetic generated by the -//! [fiat-crypto project](https://github.com/mit-plv/fiat-crypto) - -#[path = "../u32/scalar.rs"] -pub mod scalar; - -pub mod field; - -#[path = "../u32/constants.rs"] -pub mod constants; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u64/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u64/mod.rs deleted file mode 100644 index 8c83062498b9..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u64/mod.rs +++ /dev/null @@ -1,28 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2018 Isis Lovecruft, Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - Isis Agora Lovecruft -// - Henry de Valence - -//! The `u64` backend uses `u64`s and a `(u64, u64) -> u128` multiplier. -//! -//! On x86_64, the idiom `(x as u128) * (y as u128)` lowers to `MUL` -//! instructions taking 64-bit inputs and producing 128-bit outputs. On -//! other platforms, this implementation is not recommended. -//! -//! On Haswell and newer, the BMI2 extension provides `MULX`, and on -//! Broadwell and newer, the ADX extension provides `ADCX` and `ADOX` -//! (allowing the CPU to compute two carry chains in parallel). These -//! will be used if available. - -#[path = "../u64/scalar.rs"] -pub mod scalar; - -pub mod field; - -#[path = "../u64/constants.rs"] -pub mod constants; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/mod.rs deleted file mode 100644 index 401ce74b40b8..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/mod.rs +++ /dev/null @@ -1,22 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2019 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! The `u32` backend uses `u32`s and a `(u32, u32) -> u64` multiplier. -//! -//! This code is intended to be portable, but it requires that -//! multiplication of two \\(32\\)-bit values to a \\(64\\)-bit result -//! is constant-time on the target platform. - -pub mod field; - -pub mod scalar; - -pub mod constants; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/mod.rs deleted file mode 100644 index aa29eb6ce671..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/mod.rs +++ /dev/null @@ -1,27 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of curve25519-dalek. -// Copyright (c) 2016-2021 isis lovecruft -// Copyright (c) 2016-2018 Henry de Valence -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft -// - Henry de Valence - -//! The `u64` backend uses `u64`s and a `(u64, u64) -> u128` multiplier. -//! -//! On x86_64, the idiom `(x as u128) * (y as u128)` lowers to `MUL` -//! instructions taking 64-bit inputs and producing 128-bit outputs. On -//! other platforms, this implementation is not recommended. -//! -//! On Haswell and newer, the BMI2 extension provides `MULX`, and on -//! Broadwell and newer, the ADX extension provides `ADCX` and `ADOX` -//! (allowing the CPU to compute two carry chains in parallel). These -//! will be used if available. - -pub mod field; - -pub mod scalar; - -pub mod constants; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/vendor/ristretto.sage b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/vendor/ristretto.sage deleted file mode 100644 index 04cf4f92156d..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/vendor/ristretto.sage +++ /dev/null @@ -1,857 +0,0 @@ -import binascii -class InvalidEncodingException(Exception): pass -class NotOnCurveException(Exception): pass -class SpecException(Exception): pass - -def lobit(x): return int(x) & 1 -def hibit(x): return lobit(2*x) -def negative(x): return lobit(x) -def enc_le(x,n): return bytearray([int(x)>>(8*i) & 0xFF for i in xrange(n)]) -def dec_le(x): return sum(b<<(8*i) for i,b in enumerate(x)) -def randombytes(n): return bytearray([randint(0,255) for _ in range(n)]) - -def optimized_version_of(spec): - """Decorator: This function is an optimized version of some specification""" - def decorator(f): - def wrapper(self,*args,**kwargs): - def pr(x): - if isinstance(x,bytearray): return binascii.hexlify(x) - else: return str(x) - try: spec_ans = getattr(self,spec,spec)(*args,**kwargs),None - except Exception as e: spec_ans = None,e - try: opt_ans = f(self,*args,**kwargs),None - except Exception as e: opt_ans = None,e - if spec_ans[1] is None and opt_ans[1] is not None: - raise - #raise SpecException("Mismatch in %s: spec returned %s but opt threw %s" - # % (f.__name__,str(spec_ans[0]),str(opt_ans[1]))) - if spec_ans[1] is not None and opt_ans[1] is None: - raise - #raise SpecException("Mismatch in %s: spec threw %s but opt returned %s" - # % (f.__name__,str(spec_ans[1]),str(opt_ans[0]))) - if spec_ans[0] != opt_ans[0]: - raise SpecException("Mismatch in %s: %s != %s" - % (f.__name__,pr(spec_ans[0]),pr(opt_ans[0]))) - if opt_ans[1] is not None: raise - else: return opt_ans[0] - wrapper.__name__ = f.__name__ - return wrapper - return decorator - -def xsqrt(x,exn=InvalidEncodingException("Not on curve")): - """Return sqrt(x)""" - if not is_square(x): raise exn - s = sqrt(x) - if negative(s): s=-s - return s - -def isqrt(x,exn=InvalidEncodingException("Not on curve")): - """Return 1/sqrt(x)""" - if x==0: return 0 - if not is_square(x): raise exn - s = sqrt(x) - #if negative(s): s=-s - return 1/s - -def inv0(x): return 1/x if x != 0 else 0 - -def isqrt_i(x): - """Return 1/sqrt(x) or 1/sqrt(zeta * x)""" - if x==0: return True,0 - gen = x.parent(-1) - while is_square(gen): gen = sqrt(gen) - if is_square(x): return True,1/sqrt(x) - else: return False,1/sqrt(x*gen) - -class QuotientEdwardsPoint(object): - """Abstract class for point an a quotiented Edwards curve; needs F,a,d,cofactor to work""" - def __init__(self,x=0,y=1): - x = self.x = self.F(x) - y = self.y = self.F(y) - if y^2 + self.a*x^2 != 1 + self.d*x^2*y^2: - raise NotOnCurveException(str(self)) - - def __repr__(self): - return "%s(0x%x,0x%x)" % (self.__class__.__name__, self.x, self.y) - - def __iter__(self): - yield self.x - yield self.y - - def __add__(self,other): - x,y = self - X,Y = other - a,d = self.a,self.d - return self.__class__( - (x*Y+y*X)/(1+d*x*y*X*Y), - (y*Y-a*x*X)/(1-d*x*y*X*Y) - ) - - def __neg__(self): return self.__class__(-self.x,self.y) - def __sub__(self,other): return self + (-other) - def __rmul__(self,other): return self*other - def __eq__(self,other): - """NB: this is the only method that is different from the usual one""" - x,y = self - X,Y = other - return x*Y == X*y or (self.cofactor==8 and -self.a*x*X == y*Y) - def __ne__(self,other): return not (self==other) - - def __mul__(self,exp): - exp = int(exp) - if exp < 0: exp,self = -exp,-self - total = self.__class__() - work = self - while exp != 0: - if exp & 1: total += work - work += work - exp >>= 1 - return total - - def xyzt(self): - x,y = self - z = self.F.random_element() - return x*z,y*z,z,x*y*z - - def torque(self): - """Apply cofactor group, except keeping the point even""" - if self.cofactor == 8: - if self.a == -1: return self.__class__(self.y*self.i, self.x*self.i) - if self.a == 1: return self.__class__(-self.y, self.x) - else: - return self.__class__(-self.x, -self.y) - - def doubleAndEncodeSpec(self): - return (self+self).encode() - - # Utility functions - @classmethod - def bytesToGf(cls,bytes,mustBeProper=True,mustBePositive=False,maskHiBits=False): - """Convert little-endian bytes to field element, sanity check length""" - if len(bytes) != cls.encLen: - raise InvalidEncodingException("wrong length %d" % len(bytes)) - s = dec_le(bytes) - if mustBeProper and s >= cls.F.order(): - raise InvalidEncodingException("%d out of range!" % s) - bitlen = int(ceil(log(cls.F.order())/log(2))) - if maskHiBits: s &= 2^bitlen-1 - s = cls.F(s) - if mustBePositive and negative(s): - raise InvalidEncodingException("%d is negative!" % s) - return s - - @classmethod - def gfToBytes(cls,x,mustBePositive=False): - """Convert little-endian bytes to field element, sanity check length""" - if negative(x) and mustBePositive: x = -x - return enc_le(x,cls.encLen) - -class RistrettoPoint(QuotientEdwardsPoint): - """The new Ristretto group""" - def encodeSpec(self): - """Unoptimized specification for encoding""" - x,y = self - if self.cofactor==8 and (negative(x*y) or y==0): (x,y) = self.torque() - if y == -1: y = 1 # Avoid divide by 0; doesn't affect impl - - if negative(x): x,y = -x,-y - s = xsqrt(self.mneg*(1-y)/(1+y),exn=Exception("Unimplemented: point is odd: " + str(self))) - return self.gfToBytes(s) - - @classmethod - def decodeSpec(cls,s): - """Unoptimized specification for decoding""" - s = cls.bytesToGf(s,mustBePositive=True) - - a,d = cls.a,cls.d - x = xsqrt(4*s^2 / (a*d*(1+a*s^2)^2 - (1-a*s^2)^2)) - y = (1+a*s^2) / (1-a*s^2) - - if cls.cofactor==8 and (negative(x*y) or y==0): - raise InvalidEncodingException("x*y has high bit") - - return cls(x,y) - - @optimized_version_of("encodeSpec") - def encode(self): - """Encode, optimized version""" - a,d,mneg = self.a,self.d,self.mneg - x,y,z,t = self.xyzt() - - if self.cofactor==8: - u1 = mneg*(z+y)*(z-y) - u2 = x*y # = t*z - isr = isqrt(u1*u2^2) - i1 = isr*u1 # sqrt(mneg*(z+y)*(z-y))/(x*y) - i2 = isr*u2 # 1/sqrt(a*(y+z)*(y-z)) - z_inv = i1*i2*t # 1/z - - if negative(t*z_inv): - if a==-1: - x,y = y*self.i,x*self.i - den_inv = self.magic * i1 - else: - x,y = -y,x - den_inv = self.i * self.magic * i1 - - else: - den_inv = i2 - - if negative(x*z_inv): y = -y - s = (z-y) * den_inv - else: - num = mneg*(z+y)*(z-y) - isr = isqrt(num*y^2) - if negative(isr^2*num*y*t): y = -y - s = isr*y*(z-y) - - return self.gfToBytes(s,mustBePositive=True) - - @optimized_version_of("doubleAndEncodeSpec") - def doubleAndEncode(self): - X,Y,Z,T = self.xyzt() - a,d,mneg = self.a,self.d,self.mneg - - if self.cofactor==8: - e = 2*X*Y - f = Z^2+d*T^2 - g = Y^2-a*X^2 - h = Z^2-d*T^2 - - inv1 = 1/(e*f*g*h) - z_inv = inv1*e*g # 1 / (f*h) - t_inv = inv1*f*h - - if negative(e*g*z_inv): - if a==-1: sqrta = self.i - else: sqrta = -1 - e,f,g,h = g,h,-e,f*sqrta - factor = self.i - else: - factor = self.magic - - if negative(h*e*z_inv): g=-g - s = (h-g)*factor*g*t_inv - - else: - foo = Y^2+a*X^2 - bar = X*Y - den = 1/(foo*bar) - if negative(2*bar^2*den): tmp = a*X^2 - else: tmp = Y^2 - s = self.magic*(Z^2-tmp)*foo*den - - return self.gfToBytes(s,mustBePositive=True) - - @classmethod - @optimized_version_of("decodeSpec") - def decode(cls,s): - """Decode, optimized version""" - s = cls.bytesToGf(s,mustBePositive=True) - - a,d = cls.a,cls.d - yden = 1-a*s^2 - ynum = 1+a*s^2 - yden_sqr = yden^2 - xden_sqr = a*d*ynum^2 - yden_sqr - - isr = isqrt(xden_sqr * yden_sqr) - - xden_inv = isr * yden - yden_inv = xden_inv * isr * xden_sqr - - x = 2*s*xden_inv - if negative(x): x = -x - y = ynum * yden_inv - - if cls.cofactor==8 and (negative(x*y) or y==0): - raise InvalidEncodingException("x*y is invalid: %d, %d" % (x,y)) - - return cls(x,y) - - @classmethod - def fromJacobiQuartic(cls,s,t,sgn=1): - """Convert point from its Jacobi Quartic representation""" - a,d = cls.a,cls.d - assert s^4 - 2*cls.a*(1-2*d/(d-a))*s^2 + 1 == t^2 - x = 2*s*cls.magic / t - y = (1+a*s^2) / (1-a*s^2) - return cls(sgn*x,y) - - @classmethod - def elligatorSpec(cls,r0): - a,d = cls.a,cls.d - r = cls.qnr * cls.bytesToGf(r0,mustBeProper=False,maskHiBits=True)^2 - den = (d*r-a)*(a*r-d) - if den == 0: return cls() - n1 = cls.a*(r+1)*(a+d)*(d-a)/den - n2 = r*n1 - if is_square(n1): - sgn,s,t = 1, xsqrt(n1), -(r-1)*(a+d)^2 / den - 1 - else: - sgn,s,t = -1,-xsqrt(n2), r*(r-1)*(a+d)^2 / den - 1 - - return cls.fromJacobiQuartic(s,t) - - @classmethod - @optimized_version_of("elligatorSpec") - def elligator(cls,r0): - a,d = cls.a,cls.d - r0 = cls.bytesToGf(r0,mustBeProper=False,maskHiBits=True) - r = cls.qnr * r0^2 - den = (d*r-a)*(a*r-d) - num = cls.a*(r+1)*(a+d)*(d-a) - - iss,isri = isqrt_i(num*den) - if iss: sgn,twiddle = 1,1 - else: sgn,twiddle = -1,r0*cls.qnr - isri *= twiddle - s = isri*num - t = -sgn*isri*s*(r-1)*(d+a)^2 - 1 - if negative(s) == iss: s = -s - return cls.fromJacobiQuartic(s,t) - - -class Decaf_1_1_Point(QuotientEdwardsPoint): - """Like current decaf but tweaked for simplicity""" - def encodeSpec(self): - """Unoptimized specification for encoding""" - a,d = self.a,self.d - x,y = self - if x==0 or y==0: return(self.gfToBytes(0)) - - if self.cofactor==8 and negative(x*y*self.isoMagic): - x,y = self.torque() - - sr = xsqrt(1-a*x^2) - altx = x*y*self.isoMagic / sr - if negative(altx): s = (1+sr)/x - else: s = (1-sr)/x - - return self.gfToBytes(s,mustBePositive=True) - - @classmethod - def decodeSpec(cls,s): - """Unoptimized specification for decoding""" - a,d = cls.a,cls.d - s = cls.bytesToGf(s,mustBePositive=True) - - if s==0: return cls() - t = xsqrt(s^4 + 2*(a-2*d)*s^2 + 1) - altx = 2*s*cls.isoMagic/t - if negative(altx): t = -t - x = 2*s / (1+a*s^2) - y = (1-a*s^2) / t - - if cls.cofactor==8 and (negative(x*y*cls.isoMagic) or y==0): - raise InvalidEncodingException("x*y is invalid: %d, %d" % (x,y)) - - return cls(x,y) - - def toJacobiQuartic(self,toggle_rotation=False,toggle_altx=False,toggle_s=False): - "Return s,t on jacobi curve" - a,d = self.a,self.d - x,y,z,t = self.xyzt() - - if self.cofactor == 8: - # Cofactor 8 version - # Simulate IMAGINE_TWIST because that's how libdecaf does it - x = self.i*x - t = self.i*t - a = -a - d = -d - - # OK, the actual libdecaf code should be here - num = (z+y)*(z-y) - den = x*y - isr = isqrt(num*(a-d)*den^2) - - iden = isr * den * self.isoMagic # 1/sqrt((z+y)(z-y)) = 1/sqrt(1-Y^2) / z - inum = isr * num # sqrt(1-Y^2) * z / xysqrt(a-d) ~ 1/sqrt(1-ax^2)/z - - if negative(iden*inum*self.i*t^2*(d-a)) != toggle_rotation: - iden,inum = inum,iden - fac = x*sqrt(a) - toggle=(a==-1) - else: - fac = y - toggle=False - - imi = self.isoMagic * self.i - altx = inum*t*imi - neg_altx = negative(altx) != toggle_altx - if neg_altx != toggle: inum =- inum - - tmp = fac*(inum*z + 1) - s = iden*tmp*imi - - negm1 = (negative(s) != toggle_s) != neg_altx - if negm1: m1 = a*fac + z - else: m1 = a*fac - z - - swap = toggle_s - - else: - # Much simpler cofactor 4 version - num = (x+t)*(x-t) - isr = isqrt(num*(a-d)*x^2) - ratio = isr*num - altx = ratio*self.isoMagic - - neg_altx = negative(altx) != toggle_altx - if neg_altx: ratio =- ratio - - tmp = ratio*z - t - s = (a-d)*isr*x*tmp - - negx = (negative(s) != toggle_s) != neg_altx - if negx: m1 = -a*t + x - else: m1 = -a*t - x - - swap = toggle_s - - if negative(s): s = -s - - return s,m1,a*tmp,swap - - def invertElligator(self,toggle_r=False,*args,**kwargs): - "Produce preimage of self under elligator, or None" - a,d = self.a,self.d - - rets = [] - - tr = [False,True] if self.cofactor == 8 else [False] - for toggle_rotation in tr: - for toggle_altx in [False,True]: - for toggle_s in [False,True]: - for toggle_r in [False,True]: - s,m1,m12,swap = self.toJacobiQuartic(toggle_rotation,toggle_altx,toggle_s) - - #print - #print toggle_rotation,toggle_altx,toggle_s - #print m1 - #print m12 - - - if self == self.__class__(): - if self.cofactor == 4: - # Hacks for identity! - if toggle_altx: m12 = 1 - elif toggle_s: m1 = 1 - elif toggle_r: continue - ## BOTH??? - - else: - m12 = 1 - imi = self.isoMagic * self.i - if toggle_rotation: - if toggle_altx: m1 = -imi - else: m1 = +imi - else: - if toggle_altx: m1 = 0 - else: m1 = a-d - - rnum = (d*a*m12-m1) - rden = ((d*a-1)*m12+m1) - if swap: rnum,rden = rden,rnum - - ok,sr = isqrt_i(rnum*rden*self.qnr) - if not ok: continue - sr *= rnum - #print "Works! %d %x" % (swap,sr) - - if negative(sr) != toggle_r: sr = -sr - ret = self.gfToBytes(sr) - if self.elligator(ret) != self and self.elligator(ret) != -self: - print "WRONG!",[toggle_rotation,toggle_altx,toggle_s] - if self.elligator(ret) == -self and self != -self: print "Negated!",[toggle_rotation,toggle_altx,toggle_s] - rets.append(bytes(ret)) - return rets - - @optimized_version_of("encodeSpec") - def encode(self): - """Encode, optimized version""" - return self.gfToBytes(self.toJacobiQuartic()[0]) - - @classmethod - @optimized_version_of("decodeSpec") - def decode(cls,s): - """Decode, optimized version""" - a,d = cls.a,cls.d - s = cls.bytesToGf(s,mustBePositive=True) - - #if s==0: return cls() - s2 = s^2 - den = 1+a*s2 - num = den^2 - 4*d*s2 - isr = isqrt(num*den^2) - altx = 2*s*isr*den*cls.isoMagic - if negative(altx): isr = -isr - x = 2*s *isr^2*den*num - y = (1-a*s^2) * isr*den - - if cls.cofactor==8 and (negative(x*y*cls.isoMagic) or y==0): - raise InvalidEncodingException("x*y is invalid: %d, %d" % (x,y)) - - return cls(x,y) - - @classmethod - def fromJacobiQuartic(cls,s,t,sgn=1): - """Convert point from its Jacobi Quartic representation""" - a,d = cls.a,cls.d - if s==0: return cls() - x = 2*s / (1+a*s^2) - y = (1-a*s^2) / t - return cls(x,sgn*y) - - @optimized_version_of("doubleAndEncodeSpec") - def doubleAndEncode(self): - X,Y,Z,T = self.xyzt() - a,d = self.a,self.d - - if self.cofactor == 8: - # Cofactor 8 version - # Simulate IMAGINE_TWIST because that's how libdecaf does it - X = self.i*X - T = self.i*T - a = -a - d = -d - # TODO: This is only being called for a=-1, so could - # be wrong for a=1 - - e = 2*X*Y - f = Y^2+a*X^2 - g = Y^2-a*X^2 - h = Z^2-d*T^2 - - eim = e*self.isoMagic - inv = 1/(eim*g*f*h) - fh_inv = eim*g*inv*self.i - - if negative(eim*g*fh_inv): - idf = g*self.isoMagic*self.i - bar = f - foo = g - test = eim*f - else: - idf = eim - bar = h - foo = -eim - test = g*h - - if negative(test*fh_inv): bar =- bar - s = idf*(foo+bar)*inv*f*h - - else: - xy = X*Y - h = Z^2-d*T^2 - inv = 1/(xy*h) - if negative(inv*2*xy^2*self.isoMagic): tmp = Y - else: tmp = X - s = tmp^2*h*inv # = X/Y or Y/X, interestingly - - return self.gfToBytes(s,mustBePositive=True) - - @classmethod - def elligatorSpec(cls,r0,fromR=False): - a,d = cls.a,cls.d - if fromR: r = r0 - else: r = cls.qnr * cls.bytesToGf(r0,mustBeProper=False,maskHiBits=True)^2 - - den = (d*r-(d-a))*((d-a)*r-d) - if den == 0: return cls() - n1 = (r+1)*(a-2*d)/den - n2 = r*n1 - if is_square(n1): - sgn,s,t = 1, xsqrt(n1), -(r-1)*(a-2*d)^2 / den - 1 - else: - sgn,s,t = -1, -xsqrt(n2), r*(r-1)*(a-2*d)^2 / den - 1 - - return cls.fromJacobiQuartic(s,t) - - @classmethod - @optimized_version_of("elligatorSpec") - def elligator(cls,r0): - a,d = cls.a,cls.d - r0 = cls.bytesToGf(r0,mustBeProper=False,maskHiBits=True) - r = cls.qnr * r0^2 - den = (d*r-(d-a))*((d-a)*r-d) - num = (r+1)*(a-2*d) - - iss,isri = isqrt_i(num*den) - if iss: sgn,twiddle = 1,1 - else: sgn,twiddle = -1,r0*cls.qnr - isri *= twiddle - s = isri*num - t = -sgn*isri*s*(r-1)*(a-2*d)^2 - 1 - if negative(s) == iss: s = -s - return cls.fromJacobiQuartic(s,t) - - def elligatorInverseBruteForce(self): - """Invert Elligator using SAGE's polynomial solver""" - a,d = self.a,self.d - R. = self.F[] - r = self.qnr * r0^2 - den = (d*r-(d-a))*((d-a)*r-d) - n1 = (r+1)*(a-2*d)/den - n2 = r*n1 - ret = set() - for s2,t in [(n1, -(r-1)*(a-2*d)^2 / den - 1), - (n2,r*(r-1)*(a-2*d)^2 / den - 1)]: - x2 = 4*s2/(1+a*s2)^2 - y = (1-a*s2) / t - - selfT = self - for i in xrange(self.cofactor/2): - xT,yT = selfT - polyX = xT^2-x2 - polyY = yT-y - sx = set(r for r,_ in polyX.numerator().roots()) - sy = set(r for r,_ in polyY.numerator().roots()) - ret = ret.union(sx.intersection(sy)) - - selfT = selfT.torque() - - ret = [self.gfToBytes(r) for r in ret] - - for r in ret: - assert self.elligator(r) in [self,-self] - - ret = [r for r in ret if self.elligator(r) == self] - - return ret - -class Ed25519Point(RistrettoPoint): - F = GF(2^255-19) - d = F(-121665/121666) - a = F(-1) - i = sqrt(F(-1)) - mneg = F(1) - qnr = i - magic = isqrt(a*d-1) - cofactor = 8 - encLen = 32 - - @classmethod - def base(cls): - return cls( 15112221349535400772501151409588531511454012693041857206046113283949847762202, 46316835694926478169428394003475163141307993866256225615783033603165251855960 - ) - -class NegEd25519Point(RistrettoPoint): - F = GF(2^255-19) - d = F(121665/121666) - a = F(1) - i = sqrt(F(-1)) - mneg = F(-1) # TODO checkme vs 1-ad or whatever - qnr = i - magic = isqrt(a*d-1) - cofactor = 8 - encLen = 32 - - @classmethod - def base(cls): - y = cls.F(4/5) - x = sqrt((y^2-1)/(cls.d*y^2-cls.a)) - if negative(x): x = -x - return cls(x,y) - -class IsoEd448Point(RistrettoPoint): - F = GF(2^448-2^224-1) - d = F(39082/39081) - a = F(1) - mneg = F(-1) - qnr = -1 - magic = isqrt(a*d-1) - cofactor = 4 - encLen = 56 - - @classmethod - def base(cls): - return cls( # RFC has it wrong - 345397493039729516374008604150537410266655260075183290216406970281645695073672344430481787759340633221708391583424041788924124567700732, - -363419362147803445274661903944002267176820680343659030140745099590306164083365386343198191849338272965044442230921818680526749009182718 - ) - -class TwistedEd448GoldilocksPoint(Decaf_1_1_Point): - F = GF(2^448-2^224-1) - d = F(-39082) - a = F(-1) - qnr = -1 - cofactor = 4 - encLen = 56 - isoMagic = IsoEd448Point.magic - - @classmethod - def base(cls): - return cls.decodeSpec(Ed448GoldilocksPoint.base().encodeSpec()) - -class Ed448GoldilocksPoint(Decaf_1_1_Point): - F = GF(2^448-2^224-1) - d = F(-39081) - a = F(1) - qnr = -1 - cofactor = 4 - encLen = 56 - isoMagic = IsoEd448Point.magic - - @classmethod - def base(cls): - return 2*cls( - 224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710, 298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660 - ) - -class IsoEd25519Point(Decaf_1_1_Point): - # TODO: twisted iso too! - # TODO: twisted iso might have to IMAGINE_TWIST or whatever - F = GF(2^255-19) - d = F(-121665) - a = F(1) - i = sqrt(F(-1)) - qnr = i - magic = isqrt(a*d-1) - cofactor = 8 - encLen = 32 - isoMagic = Ed25519Point.magic - isoA = Ed25519Point.a - - @classmethod - def base(cls): - return cls.decodeSpec(Ed25519Point.base().encode()) - -class TestFailedException(Exception): pass - -def test(cls,n): - print "Testing curve %s" % cls.__name__ - - specials = [1] - ii = cls.F(-1) - while is_square(ii): - specials.append(ii) - ii = sqrt(ii) - specials.append(ii) - for i in specials: - if negative(cls.F(i)): i = -i - i = enc_le(i,cls.encLen) - try: - Q = cls.decode(i) - QE = Q.encode() - if QE != i: - raise TestFailedException("Round trip special %s != %s" % - (binascii.hexlify(QE),binascii.hexlify(i))) - except NotOnCurveException: pass - except InvalidEncodingException: pass - - - P = cls.base() - Q = cls() - for i in xrange(n): - #print binascii.hexlify(Q.encode()) - QE = Q.encode() - QQ = cls.decode(QE) - if QQ != Q: raise TestFailedException("Round trip %s != %s" % (str(QQ),str(Q))) - - # Testing s -> 1/s: encodes -point on cofactor - s = cls.bytesToGf(QE) - if s != 0: - ss = cls.gfToBytes(1/s,mustBePositive=True) - try: - QN = cls.decode(ss) - if cls.cofactor == 8: - raise TestFailedException("1/s shouldnt work for cofactor 8") - if QN != -Q: - raise TestFailedException("s -> 1/s should negate point for cofactor 4") - except InvalidEncodingException as e: - # Should be raised iff cofactor==8 - if cls.cofactor == 4: - raise TestFailedException("s -> 1/s should work for cofactor 4") - - QT = Q - for h in xrange(cls.cofactor): - QT = QT.torque() - if QT.encode() != QE: - raise TestFailedException("Can't torque %s,%d" % (str(Q),h+1)) - - Q0 = Q + P - if Q0 == Q: raise TestFailedException("Addition doesn't work") - if Q0-P != Q: raise TestFailedException("Subtraction doesn't work") - - r = randint(1,1000) - Q1 = Q0*r - Q2 = Q0*(r+1) - if Q1 + Q0 != Q2: raise TestFailedException("Scalarmul doesn't work") - Q = Q1 - -def testElligator(cls,n): - print "Testing elligator on %s" % cls.__name__ - for i in xrange(n): - r = randombytes(cls.encLen) - P = cls.elligator(r) - if hasattr(P,"invertElligator"): - iv = P.invertElligator() - modr = bytes(cls.gfToBytes(cls.bytesToGf(r,mustBeProper=False,maskHiBits=True))) - iv2 = P.torque().invertElligator() - if modr not in iv: print "Failed to invert Elligator!" - if len(iv) != len(set(iv)): - print "Elligator inverses not unique!", len(set(iv)), len(iv) - if iv != iv2: - print "Elligator is untorqueable!" - #print [binascii.hexlify(j) for j in iv] - #print [binascii.hexlify(j) for j in iv2] - #break - else: - pass # TODO - -def gangtest(classes,n): - print "Gang test",[cls.__name__ for cls in classes] - specials = [1] - ii = classes[0].F(-1) - while is_square(ii): - specials.append(ii) - ii = sqrt(ii) - specials.append(ii) - - for i in xrange(n): - rets = [bytes((cls.base()*i).encode()) for cls in classes] - if len(set(rets)) != 1: - print "Divergence in encode at %d" % i - for c,ret in zip(classes,rets): - print c,binascii.hexlify(ret) - print - - if i < len(specials): r0 = enc_le(specials[i],classes[0].encLen) - else: r0 = randombytes(classes[0].encLen) - - rets = [bytes((cls.elligator(r0)*i).encode()) for cls in classes] - if len(set(rets)) != 1: - print "Divergence in elligator at %d" % i - for c,ret in zip(classes,rets): - print c,binascii.hexlify(ret) - print - -def testDoubleAndEncode(cls,n): - print "Testing doubleAndEncode on %s" % cls.__name__ - for i in xrange(n): - r1 = randombytes(cls.encLen) - r2 = randombytes(cls.encLen) - u = cls.elligator(r1) + cls.elligator(r2) - u.doubleAndEncode() - -testDoubleAndEncode(Ed25519Point,100) -testDoubleAndEncode(NegEd25519Point,100) -testDoubleAndEncode(IsoEd25519Point,100) -testDoubleAndEncode(IsoEd448Point,100) -testDoubleAndEncode(TwistedEd448GoldilocksPoint,100) -#test(Ed25519Point,100) -#test(NegEd25519Point,100) -#test(IsoEd25519Point,100) -#test(IsoEd448Point,100) -#test(TwistedEd448GoldilocksPoint,100) -#test(Ed448GoldilocksPoint,100) -#testElligator(Ed25519Point,100) -#testElligator(NegEd25519Point,100) -#testElligator(IsoEd25519Point,100) -#testElligator(IsoEd448Point,100) -#testElligator(Ed448GoldilocksPoint,100) -#testElligator(TwistedEd448GoldilocksPoint,100) -#gangtest([IsoEd448Point,TwistedEd448GoldilocksPoint,Ed448GoldilocksPoint],100) -#gangtest([Ed25519Point,IsoEd25519Point],100) diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/.cargo_vcs_info.json similarity index 50% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/.cargo_vcs_info.json rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/.cargo_vcs_info.json index 849368d98250..7688f4ae7c2e 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/.cargo_vcs_info.json +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/.cargo_vcs_info.json @@ -1,6 +1,6 @@ { "git": { - "sha1": "0cd099a9fb8ff9f6fedc8723d44dbb1c743e9d35" + "sha1": "5312a0311ec40df95be953eacfa8a11b9a34bc54" }, "path_in_vcs": "curve25519-dalek" } \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/CHANGELOG.md similarity index 97% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/CHANGELOG.md rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/CHANGELOG.md index 1715e3bff193..939d3bfbaf0d 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/CHANGELOG.md +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/CHANGELOG.md @@ -5,6 +5,15 @@ major series. ## 4.x series +### 4.1.3 + +* Security: Fix timing leak in Scalar subtraction on u32, u64, fiat_u32, and fiat_u64 backends +* Fix assorted new warnings and lints from rustc and clippy + +### 4.1.2 + +* Fix nightly SIMD build + ### 4.1.1 * Mark `constants::BASEPOINT_ORDER` deprecated from pub API @@ -123,7 +132,7 @@ major series. ### 2.1.2 -* Multiple documenation typo fixes. +* Multiple documentation typo fixes. * Fix `alloc` feature working with stable rust. ### 2.1.1 diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/Cargo.toml similarity index 97% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/Cargo.toml rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/Cargo.toml index a34a6ce76dc4..c3ea85df50f4 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/Cargo.toml +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/Cargo.toml @@ -13,7 +13,7 @@ edition = "2021" rust-version = "1.60.0" name = "curve25519-dalek" -version = "4.1.1" +version = "4.1.3" authors = [ "Isis Lovecruft ", "Henry de Valence ", @@ -123,9 +123,6 @@ default-features = false version = "0.10" default-features = false -[build-dependencies.platforms] -version = "3.0.2" - [build-dependencies.rustc_version] version = "0.4.0" diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/Cargo.toml.orig similarity index 98% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/Cargo.toml.orig rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/Cargo.toml.orig index b61579552533..8e480ada5ea6 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/Cargo.toml.orig +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/Cargo.toml.orig @@ -4,7 +4,7 @@ name = "curve25519-dalek" # - update CHANGELOG # - update README if required by semver # - if README was updated, also update module documentation in src/lib.rs -version = "4.1.1" +version = "4.1.3" edition = "2021" rust-version = "1.60.0" authors = ["Isis Lovecruft ", @@ -38,7 +38,6 @@ rand = "0.8" rand_core = { version = "0.6", default-features = false, features = ["getrandom"] } [build-dependencies] -platforms = "3.0.2" rustc_version = "0.4.0" [[bench]] diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/LICENSE b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/LICENSE similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/LICENSE rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/LICENSE diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/Makefile b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/Makefile similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/Makefile rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/Makefile diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/README.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/README.md similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/README.md rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/README.md diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/benches/dalek_benchmarks.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/benches/dalek_benchmarks.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/benches/dalek_benchmarks.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/benches/dalek_benchmarks.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/build.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/build.rs similarity index 67% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/build.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/build.rs index 92d2802cd5e2..97fa28524936 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/build.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/build.rs @@ -9,17 +9,31 @@ enum DalekBits { Dalek64, } +use std::fmt::Formatter; + +impl std::fmt::Display for DalekBits { + fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), std::fmt::Error> { + let w_bits = match self { + DalekBits::Dalek32 => "32", + DalekBits::Dalek64 => "64", + }; + write!(f, "{}", w_bits) + } +} + fn main() { + let target_arch = match std::env::var("CARGO_CFG_TARGET_ARCH") { + Ok(arch) => arch, + _ => "".to_string(), + }; + let curve25519_dalek_bits = match std::env::var("CARGO_CFG_CURVE25519_DALEK_BITS").as_deref() { Ok("32") => DalekBits::Dalek32, Ok("64") => DalekBits::Dalek64, - _ => deterministic::determine_curve25519_dalek_bits(), + _ => deterministic::determine_curve25519_dalek_bits(&target_arch), }; - match curve25519_dalek_bits { - DalekBits::Dalek64 => println!("cargo:rustc-cfg=curve25519_dalek_bits=\"64\""), - DalekBits::Dalek32 => println!("cargo:rustc-cfg=curve25519_dalek_bits=\"32\""), - } + println!("cargo:rustc-cfg=curve25519_dalek_bits=\"{curve25519_dalek_bits}\""); if rustc_version::version_meta() .expect("failed to detect rustc version") @@ -36,11 +50,6 @@ fn main() { println!("cargo:rustc-cfg=allow_unused_unsafe"); } - let target_arch = match std::env::var("CARGO_CFG_TARGET_ARCH") { - Ok(arch) => arch, - _ => "".to_string(), - }; - // Backend overrides / defaults let curve25519_dalek_backend = match std::env::var("CARGO_CFG_CURVE25519_DALEK_BACKEND").as_deref() { @@ -74,11 +83,12 @@ mod deterministic { use super::*; - // Standard Cargo TARGET environment variable of triplet is required - static ERR_MSG_NO_TARGET: &str = "Standard Cargo TARGET environment variable is not set"; + // Custom Rust non-cargo build tooling needs to set CARGO_CFG_TARGET_POINTER_WIDTH + static ERR_MSG_NO_POINTER_WIDTH: &str = + "Standard Cargo TARGET_POINTER_WIDTH environment variable is not set."; - // Custom Non-Rust standard target platforms require explicit settings. - static ERR_MSG_NO_PLATFORM: &str = "Unknown Rust target platform."; + // When either non-32 or 64 TARGET_POINTER_WIDTH detected + static ERR_MSG_UNKNOWN_POINTER_WIDTH: &str = "Unknown TARGET_POINTER_WIDTH detected."; // Warning when the curve25519_dalek_bits cannot be determined fn determine_curve25519_dalek_bits_warning(cause: &str) { @@ -86,41 +96,30 @@ mod deterministic { } // Determine the curve25519_dalek_bits based on Rust standard TARGET triplet - pub(super) fn determine_curve25519_dalek_bits() -> DalekBits { - use platforms::target::PointerWidth; - - // TARGET environment is supplied by Cargo - // https://doc.rust-lang.org/cargo/reference/environment-variables.html - let target_triplet = match std::env::var("TARGET") { - Ok(t) => t, + pub(super) fn determine_curve25519_dalek_bits(target_arch: &String) -> DalekBits { + let target_pointer_width = match std::env::var("CARGO_CFG_TARGET_POINTER_WIDTH") { + Ok(pw) => pw, Err(_) => { - determine_curve25519_dalek_bits_warning(ERR_MSG_NO_TARGET); - return DalekBits::Dalek32; - } - }; - - // platforms crate is the source of truth used to determine the platform - let platform = match platforms::Platform::find(&target_triplet) { - Some(p) => p, - None => { - determine_curve25519_dalek_bits_warning(ERR_MSG_NO_PLATFORM); + determine_curve25519_dalek_bits_warning(ERR_MSG_NO_POINTER_WIDTH); return DalekBits::Dalek32; } }; #[allow(clippy::match_single_binding)] - match platform.target_arch { + match &target_arch { //Issues: 449 and 456 + //TODO: When adding arch defaults use proper types not String match //TODO(Arm): Needs tests + benchmarks to back this up - //platforms::target::Arch::Arm => DalekBits::Dalek64, //TODO(Wasm32): Needs tests + benchmarks to back this up - //platforms::target::Arch::Wasm32 => DalekBits::Dalek64, - _ => match platform.target_pointer_width { - PointerWidth::U64 => DalekBits::Dalek64, - PointerWidth::U32 => DalekBits::Dalek32, + _ => match target_pointer_width.as_ref() { + "64" => DalekBits::Dalek64, + "32" => DalekBits::Dalek32, // Intended default solely for non-32/64 target pointer widths // Otherwise known target platforms only. - _ => DalekBits::Dalek32, + _ => { + determine_curve25519_dalek_bits_warning(ERR_MSG_UNKNOWN_POINTER_WIDTH); + DalekBits::Dalek32 + } }, } } diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/assets/rustdoc-include-katex-header.html b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/docs/assets/rustdoc-include-katex-header.html similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/assets/rustdoc-include-katex-header.html rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/docs/assets/rustdoc-include-katex-header.html diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/avx2-notes.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/docs/avx2-notes.md similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/avx2-notes.md rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/docs/avx2-notes.md diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/ifma-notes.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/docs/ifma-notes.md similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/ifma-notes.md rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/docs/ifma-notes.md index c6fd3b3a8b2e..faf89280af84 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/docs/ifma-notes.md +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/docs/ifma-notes.md @@ -351,7 +351,7 @@ This computation requires 25 `vpmadd52luq` and 25 `vpmadd52huq` operations. For 256-bit vectors, IFMA operations execute on an i3-8121U with latency 4 cycles, throughput 0.5 cycles, so executing 50 instructions requires 25 cycles' worth of throughput. Accumulating -terms with coefficient \\(1\\) and \\(2\\) seperately means that the +terms with coefficient \\(1\\) and \\(2\\) separately means that the longest dependency chain has length 5, so the critical path has length 20 cycles and the bottleneck is throughput. diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/parallel-formulas.md b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/docs/parallel-formulas.md similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/docs/parallel-formulas.md rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/docs/parallel-formulas.md diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/mod.rs similarity index 74% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/mod.rs index 4424e0a53a3f..9ad1dd3de6c1 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/mod.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/mod.rs @@ -87,24 +87,24 @@ where match get_selected_backend() { #[cfg(curve25519_dalek_backend = "simd")] BackendKind::Avx2 => - self::vector::scalar_mul::pippenger::spec_avx2::Pippenger::optional_multiscalar_mul::(scalars, points), + vector::scalar_mul::pippenger::spec_avx2::Pippenger::optional_multiscalar_mul::(scalars, points), #[cfg(all(curve25519_dalek_backend = "simd", nightly))] BackendKind::Avx512 => - self::vector::scalar_mul::pippenger::spec_avx512ifma_avx512vl::Pippenger::optional_multiscalar_mul::(scalars, points), + vector::scalar_mul::pippenger::spec_avx512ifma_avx512vl::Pippenger::optional_multiscalar_mul::(scalars, points), BackendKind::Serial => - self::serial::scalar_mul::pippenger::Pippenger::optional_multiscalar_mul::(scalars, points), + serial::scalar_mul::pippenger::Pippenger::optional_multiscalar_mul::(scalars, points), } } #[cfg(feature = "alloc")] pub(crate) enum VartimePrecomputedStraus { #[cfg(curve25519_dalek_backend = "simd")] - Avx2(self::vector::scalar_mul::precomputed_straus::spec_avx2::VartimePrecomputedStraus), + Avx2(vector::scalar_mul::precomputed_straus::spec_avx2::VartimePrecomputedStraus), #[cfg(all(curve25519_dalek_backend = "simd", nightly))] Avx512ifma( - self::vector::scalar_mul::precomputed_straus::spec_avx512ifma_avx512vl::VartimePrecomputedStraus, + vector::scalar_mul::precomputed_straus::spec_avx512ifma_avx512vl::VartimePrecomputedStraus, ), - Scalar(self::serial::scalar_mul::precomputed_straus::VartimePrecomputedStraus), + Scalar(serial::scalar_mul::precomputed_straus::VartimePrecomputedStraus), } #[cfg(feature = "alloc")] @@ -119,12 +119,12 @@ impl VartimePrecomputedStraus { match get_selected_backend() { #[cfg(curve25519_dalek_backend = "simd")] BackendKind::Avx2 => - VartimePrecomputedStraus::Avx2(self::vector::scalar_mul::precomputed_straus::spec_avx2::VartimePrecomputedStraus::new(static_points)), + VartimePrecomputedStraus::Avx2(vector::scalar_mul::precomputed_straus::spec_avx2::VartimePrecomputedStraus::new(static_points)), #[cfg(all(curve25519_dalek_backend = "simd", nightly))] BackendKind::Avx512 => - VartimePrecomputedStraus::Avx512ifma(self::vector::scalar_mul::precomputed_straus::spec_avx512ifma_avx512vl::VartimePrecomputedStraus::new(static_points)), + VartimePrecomputedStraus::Avx512ifma(vector::scalar_mul::precomputed_straus::spec_avx512ifma_avx512vl::VartimePrecomputedStraus::new(static_points)), BackendKind::Serial => - VartimePrecomputedStraus::Scalar(self::serial::scalar_mul::precomputed_straus::VartimePrecomputedStraus::new(static_points)) + VartimePrecomputedStraus::Scalar(serial::scalar_mul::precomputed_straus::VartimePrecomputedStraus::new(static_points)) } } @@ -179,19 +179,16 @@ where match get_selected_backend() { #[cfg(curve25519_dalek_backend = "simd")] BackendKind::Avx2 => { - self::vector::scalar_mul::straus::spec_avx2::Straus::multiscalar_mul::( - scalars, points, - ) + vector::scalar_mul::straus::spec_avx2::Straus::multiscalar_mul::(scalars, points) } #[cfg(all(curve25519_dalek_backend = "simd", nightly))] BackendKind::Avx512 => { - self::vector::scalar_mul::straus::spec_avx512ifma_avx512vl::Straus::multiscalar_mul::< - I, - J, - >(scalars, points) + vector::scalar_mul::straus::spec_avx512ifma_avx512vl::Straus::multiscalar_mul::( + scalars, points, + ) } BackendKind::Serial => { - self::serial::scalar_mul::straus::Straus::multiscalar_mul::(scalars, points) + serial::scalar_mul::straus::Straus::multiscalar_mul::(scalars, points) } } } @@ -209,21 +206,19 @@ where match get_selected_backend() { #[cfg(curve25519_dalek_backend = "simd")] BackendKind::Avx2 => { - self::vector::scalar_mul::straus::spec_avx2::Straus::optional_multiscalar_mul::( + vector::scalar_mul::straus::spec_avx2::Straus::optional_multiscalar_mul::( scalars, points, ) } #[cfg(all(curve25519_dalek_backend = "simd", nightly))] BackendKind::Avx512 => { - self::vector::scalar_mul::straus::spec_avx512ifma_avx512vl::Straus::optional_multiscalar_mul::< + vector::scalar_mul::straus::spec_avx512ifma_avx512vl::Straus::optional_multiscalar_mul::< I, J, >(scalars, points) } BackendKind::Serial => { - self::serial::scalar_mul::straus::Straus::optional_multiscalar_mul::( - scalars, points, - ) + serial::scalar_mul::straus::Straus::optional_multiscalar_mul::(scalars, points) } } } @@ -232,12 +227,12 @@ where pub fn variable_base_mul(point: &EdwardsPoint, scalar: &Scalar) -> EdwardsPoint { match get_selected_backend() { #[cfg(curve25519_dalek_backend = "simd")] - BackendKind::Avx2 => self::vector::scalar_mul::variable_base::spec_avx2::mul(point, scalar), + BackendKind::Avx2 => vector::scalar_mul::variable_base::spec_avx2::mul(point, scalar), #[cfg(all(curve25519_dalek_backend = "simd", nightly))] BackendKind::Avx512 => { - self::vector::scalar_mul::variable_base::spec_avx512ifma_avx512vl::mul(point, scalar) + vector::scalar_mul::variable_base::spec_avx512ifma_avx512vl::mul(point, scalar) } - BackendKind::Serial => self::serial::scalar_mul::variable_base::mul(point, scalar), + BackendKind::Serial => serial::scalar_mul::variable_base::mul(point, scalar), } } @@ -246,11 +241,11 @@ pub fn variable_base_mul(point: &EdwardsPoint, scalar: &Scalar) -> EdwardsPoint pub fn vartime_double_base_mul(a: &Scalar, A: &EdwardsPoint, b: &Scalar) -> EdwardsPoint { match get_selected_backend() { #[cfg(curve25519_dalek_backend = "simd")] - BackendKind::Avx2 => self::vector::scalar_mul::vartime_double_base::spec_avx2::mul(a, A, b), + BackendKind::Avx2 => vector::scalar_mul::vartime_double_base::spec_avx2::mul(a, A, b), #[cfg(all(curve25519_dalek_backend = "simd", nightly))] BackendKind::Avx512 => { - self::vector::scalar_mul::vartime_double_base::spec_avx512ifma_avx512vl::mul(a, A, b) + vector::scalar_mul::vartime_double_base::spec_avx512ifma_avx512vl::mul(a, A, b) } - BackendKind::Serial => self::serial::scalar_mul::vartime_double_base::mul(a, A, b), + BackendKind::Serial => serial::scalar_mul::vartime_double_base::mul(a, A, b), } } diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/curve_models/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/curve_models/mod.rs similarity index 98% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/curve_models/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/curve_models/mod.rs index d482d721a4eb..1343d3706e4e 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/curve_models/mod.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/curve_models/mod.rs @@ -527,7 +527,7 @@ impl<'a> Neg for &'a AffineNielsPoint { // ------------------------------------------------------------------------ impl Debug for ProjectivePoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!( f, "ProjectivePoint{{\n\tX: {:?},\n\tY: {:?},\n\tZ: {:?}\n}}", @@ -537,7 +537,7 @@ impl Debug for ProjectivePoint { } impl Debug for CompletedPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!( f, "CompletedPoint{{\n\tX: {:?},\n\tY: {:?},\n\tZ: {:?},\n\tT: {:?}\n}}", @@ -547,7 +547,7 @@ impl Debug for CompletedPoint { } impl Debug for AffineNielsPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!( f, "AffineNielsPoint{{\n\ty_plus_x: {:?},\n\ty_minus_x: {:?},\n\txy2d: {:?}\n}}", @@ -557,7 +557,7 @@ impl Debug for AffineNielsPoint { } impl Debug for ProjectiveNielsPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "ProjectiveNielsPoint{{\n\tY_plus_X: {:?},\n\tY_minus_X: {:?},\n\tZ: {:?},\n\tT2d: {:?}\n}}", &self.Y_plus_X, &self.Y_minus_X, &self.Z, &self.T2d) } diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u32/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u32/field.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u32/field.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u32/field.rs index 94e1f6d361bc..97695c3835da 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u32/field.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u32/field.rs @@ -58,7 +58,7 @@ use fiat_crypto::curve25519_32::*; pub struct FieldElement2625(pub(crate) fiat_25519_tight_field_element); impl Debug for FieldElement2625 { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "FieldElement2625({:?})", &(self.0).0[..]) } } diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u32/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u32/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u32/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u32/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u64/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u64/field.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u64/field.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u64/field.rs index c871b55c2564..2a022e23ef56 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u64/field.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u64/field.rs @@ -47,7 +47,7 @@ use fiat_crypto::curve25519_64::*; pub struct FieldElement51(pub(crate) fiat_25519_tight_field_element); impl Debug for FieldElement51 { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "FieldElement51({:?})", &(self.0).0[..]) } } diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u64/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u64/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u64/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u64/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/pippenger.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/pippenger.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/pippenger.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/pippenger.rs index 9af39e59911d..f60d9b95317c 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/pippenger.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/pippenger.rs @@ -164,7 +164,6 @@ impl VartimeMultiscalarMul for Pippenger { mod test { use super::*; use crate::constants; - use crate::scalar::Scalar; #[test] fn test_vartime_pippenger() { diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/precomputed_straus.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/precomputed_straus.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/precomputed_straus.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/precomputed_straus.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/straus.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/straus.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/straus.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/straus.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/variable_base.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/variable_base.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/variable_base.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/variable_base.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/vartime_double_base.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/vartime_double_base.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/vartime_double_base.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/vartime_double_base.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/constants.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/constants.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/constants.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/field.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/field.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/field.rs index 4e0b2133b619..7319288a0fce 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/field.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/field.rs @@ -54,7 +54,7 @@ use zeroize::Zeroize; pub struct FieldElement2625(pub(crate) [u32; 10]); impl Debug for FieldElement2625 { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "FieldElement2625({:?})", &self.0[..]) } } diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/scalar.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/scalar.rs similarity index 97% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/scalar.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/scalar.rs index c251e8bbe0ca..d3df38c8024e 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/scalar.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/scalar.rs @@ -24,7 +24,7 @@ use crate::constants; pub struct Scalar29(pub [u32; 9]); impl Debug for Scalar29 { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "Scalar29: {:?}", &self.0[..]) } } @@ -185,6 +185,14 @@ impl Scalar29 { /// Compute `a - b` (mod l). pub fn sub(a: &Scalar29, b: &Scalar29) -> Scalar29 { + // Optimization barrier to prevent compiler from inserting branch instructions + // TODO(tarcieri): find a better home (or abstraction) for this + fn black_box(value: u32) -> u32 { + // SAFETY: `u32` is a simple integer `Copy` type and `value` lives on the stack so + // a pointer to it will be valid. + unsafe { core::ptr::read_volatile(&value) } + } + let mut difference = Scalar29::ZERO; let mask = (1u32 << 29) - 1; @@ -199,7 +207,7 @@ impl Scalar29 { let underflow_mask = ((borrow >> 31) ^ 1).wrapping_sub(1); let mut carry: u32 = 0; for i in 0..9 { - carry = (carry >> 29) + difference[i] + (constants::L[i] & underflow_mask); + carry = (carry >> 29) + difference[i] + (constants::L[i] & black_box(underflow_mask)); difference[i] = carry & mask; } diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/constants.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/constants.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/constants.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/field.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/field.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/field.rs index 9659effa1f05..1263d23e45a2 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/field.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/field.rs @@ -43,7 +43,7 @@ use zeroize::Zeroize; pub struct FieldElement51(pub(crate) [u64; 5]); impl Debug for FieldElement51 { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "FieldElement51({:?})", &self.0[..]) } } diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/scalar.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/scalar.rs similarity index 96% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/scalar.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/scalar.rs index dab80cdcec6f..6c0eaf7962fc 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/scalar.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/scalar.rs @@ -25,7 +25,7 @@ use crate::constants; pub struct Scalar52(pub [u64; 5]); impl Debug for Scalar52 { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "Scalar52: {:?}", &self.0[..]) } } @@ -174,6 +174,14 @@ impl Scalar52 { /// Compute `a - b` (mod l) pub fn sub(a: &Scalar52, b: &Scalar52) -> Scalar52 { + // Optimization barrier to prevent compiler from inserting branch instructions + // TODO(tarcieri): find a better home (or abstraction) for this + fn black_box(value: u64) -> u64 { + // SAFETY: `u64` is a simple integer `Copy` type and `value` lives on the stack so + // a pointer to it will be valid. + unsafe { core::ptr::read_volatile(&value) } + } + let mut difference = Scalar52::ZERO; let mask = (1u64 << 52) - 1; @@ -188,7 +196,9 @@ impl Scalar52 { let underflow_mask = ((borrow >> 63) ^ 1).wrapping_sub(1); let mut carry: u64 = 0; for i in 0..5 { - carry = (carry >> 52) + difference[i] + (constants::L[i] & underflow_mask); + // SECURITY: `black_box` prevents LLVM from inserting a `jns` conditional on x86(_64) + // which can be used to bypass this section when `underflow_mask` is zero. + carry = (carry >> 52) + difference[i] + (constants::L[i] & black_box(underflow_mask)); difference[i] = carry & mask; } diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/constants.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/constants.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/constants.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/edwards.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/edwards.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/edwards.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/edwards.rs index cf6691e83738..fd70d7d2fef6 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/edwards.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/edwards.rs @@ -35,7 +35,6 @@ #![allow(non_snake_case)] -use core::convert::From; use core::ops::{Add, Neg, Sub}; use subtle::Choice; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/field.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/field.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/field.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/constants.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/constants.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/constants.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/edwards.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/edwards.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/edwards.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/edwards.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/field.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/field.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/field.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/packed_simd.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/packed_simd.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/packed_simd.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/packed_simd.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/mod.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/mod.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/mod.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/mod.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/pippenger.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/pippenger.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/pippenger.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/pippenger.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/precomputed_straus.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/precomputed_straus.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/precomputed_straus.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/precomputed_straus.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/straus.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/straus.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/straus.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/straus.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/variable_base.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/variable_base.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/variable_base.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/variable_base.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/vartime_double_base.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/vartime_double_base.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/vartime_double_base.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/vartime_double_base.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/constants.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/constants.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/constants.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/constants.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/diagnostics.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/diagnostics.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/diagnostics.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/diagnostics.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/edwards.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/edwards.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/edwards.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/edwards.rs index accf22776608..856fac12f2e6 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/edwards.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/edwards.rs @@ -96,7 +96,6 @@ use core::array::TryFromSliceError; use core::borrow::Borrow; use core::fmt::Debug; -use core::iter::Iterator; use core::iter::Sum; use core::ops::{Add, Neg, Sub}; use core::ops::{AddAssign, SubAssign}; @@ -110,10 +109,12 @@ use digest::{generic_array::typenum::U64, Digest}; #[cfg(feature = "group")] use { group::{cofactor::CofactorGroup, prime::PrimeGroup, GroupEncoding}, - rand_core::RngCore, subtle::CtOption, }; +#[cfg(feature = "group")] +use rand_core::RngCore; + use subtle::Choice; use subtle::ConditionallyNegatable; use subtle::ConditionallySelectable; @@ -170,7 +171,7 @@ impl ConstantTimeEq for CompressedEdwardsY { } impl Debug for CompressedEdwardsY { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "CompressedEdwardsY: {:?}", self.as_bytes()) } } @@ -258,7 +259,7 @@ impl TryFrom<&[u8]> for CompressedEdwardsY { #[cfg(feature = "serde")] use serde::de::Visitor; #[cfg(feature = "serde")] -use serde::{self, Deserialize, Deserializer, Serialize, Serializer}; +use serde::{Deserialize, Deserializer, Serialize, Serializer}; #[cfg(feature = "serde")] impl Serialize for EdwardsPoint { @@ -301,7 +302,7 @@ impl<'de> Deserialize<'de> for EdwardsPoint { impl<'de> Visitor<'de> for EdwardsPointVisitor { type Value = EdwardsPoint; - fn expecting(&self, formatter: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn expecting(&self, formatter: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { formatter.write_str("a valid point in Edwards y + sign format") } @@ -337,7 +338,7 @@ impl<'de> Deserialize<'de> for CompressedEdwardsY { impl<'de> Visitor<'de> for CompressedEdwardsYVisitor { type Value = CompressedEdwardsY; - fn expecting(&self, formatter: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn expecting(&self, formatter: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { formatter.write_str("32 bytes of data") } @@ -1052,7 +1053,7 @@ macro_rules! impl_basepoint_table { } impl Debug for $name { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "{:?}([\n", stringify!($name))?; for i in 0..32 { write!(f, "\t{:?},\n", &self.0[i])?; @@ -1263,7 +1264,7 @@ impl EdwardsPoint { // ------------------------------------------------------------------------ impl Debug for EdwardsPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!( f, "EdwardsPoint{{\n\tX: {:?},\n\tY: {:?},\n\tZ: {:?},\n\tT: {:?}\n}}", @@ -1591,8 +1592,10 @@ impl CofactorGroup for EdwardsPoint { #[cfg(test)] mod test { use super::*; - use crate::{field::FieldElement, scalar::Scalar}; - use subtle::ConditionallySelectable; + + // If `group` is set, then this is already imported in super + #[cfg(not(feature = "group"))] + use rand_core::RngCore; #[cfg(feature = "alloc")] use alloc::vec::Vec; @@ -1600,8 +1603,6 @@ mod test { #[cfg(feature = "precomputed-tables")] use crate::constants::ED25519_BASEPOINT_TABLE; - use rand_core::RngCore; - /// X coordinate of the basepoint. /// = 15112221349535400772501151409588531511454012693041857206046113283949847762202 static BASE_X_COORD_BYTES: [u8; 32] = [ diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/field.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/field.rs similarity index 94% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/field.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/field.rs index 545099d16c5e..68c9c8b89263 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/field.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/field.rs @@ -25,8 +25,6 @@ #![allow(unused_qualifications)] -use core::cmp::{Eq, PartialEq}; - use cfg_if::cfg_if; use subtle::Choice; @@ -39,11 +37,6 @@ use crate::constants; cfg_if! { if #[cfg(curve25519_dalek_backend = "fiat")] { - #[cfg(curve25519_dalek_bits = "32")] - pub use backend::serial::fiat_u32::field::*; - #[cfg(curve25519_dalek_bits = "64")] - pub use backend::serial::fiat_u64::field::*; - /// A `FieldElement` represents an element of the field /// \\( \mathbb Z / (2\^{255} - 19)\\). /// @@ -52,7 +45,7 @@ cfg_if! { /// /// Using formally-verified field arithmetic from fiat-crypto. #[cfg(curve25519_dalek_bits = "32")] - pub type FieldElement = backend::serial::fiat_u32::field::FieldElement2625; + pub(crate) type FieldElement = backend::serial::fiat_u32::field::FieldElement2625; /// A `FieldElement` represents an element of the field /// \\( \mathbb Z / (2\^{255} - 19)\\). @@ -62,25 +55,21 @@ cfg_if! { /// /// Using formally-verified field arithmetic from fiat-crypto. #[cfg(curve25519_dalek_bits = "64")] - pub type FieldElement = backend::serial::fiat_u64::field::FieldElement51; + pub(crate) type FieldElement = backend::serial::fiat_u64::field::FieldElement51; } else if #[cfg(curve25519_dalek_bits = "64")] { - pub use crate::backend::serial::u64::field::*; - /// A `FieldElement` represents an element of the field /// \\( \mathbb Z / (2\^{255} - 19)\\). /// /// The `FieldElement` type is an alias for one of the platform-specific /// implementations. - pub type FieldElement = backend::serial::u64::field::FieldElement51; + pub(crate) type FieldElement = backend::serial::u64::field::FieldElement51; } else { - pub use backend::serial::u32::field::*; - /// A `FieldElement` represents an element of the field /// \\( \mathbb Z / (2\^{255} - 19)\\). /// /// The `FieldElement` type is an alias for one of the platform-specific /// implementations. - pub type FieldElement = backend::serial::u32::field::FieldElement2625; + pub(crate) type FieldElement = backend::serial::u32::field::FieldElement2625; } } @@ -109,7 +98,7 @@ impl FieldElement { /// # Return /// /// If negative, return `Choice(1)`. Otherwise, return `Choice(0)`. - pub fn is_negative(&self) -> Choice { + pub(crate) fn is_negative(&self) -> Choice { let bytes = self.as_bytes(); (bytes[0] & 1).into() } @@ -119,7 +108,7 @@ impl FieldElement { /// # Return /// /// If zero, return `Choice(1)`. Otherwise, return `Choice(0)`. - pub fn is_zero(&self) -> Choice { + pub(crate) fn is_zero(&self) -> Choice { let zero = [0u8; 32]; let bytes = self.as_bytes(); @@ -165,11 +154,11 @@ impl FieldElement { (t19, t3) } - /// Given a slice of public `FieldElements`, replace each with its inverse. + /// Given a slice of pub(crate)lic `FieldElements`, replace each with its inverse. /// /// When an input `FieldElement` is zero, its value is unchanged. #[cfg(feature = "alloc")] - pub fn batch_invert(inputs: &mut [FieldElement]) { + pub(crate) fn batch_invert(inputs: &mut [FieldElement]) { // Montgomery’s Trick and Fast Implementation of Masked AES // Genelle, Prouff and Quisquater // Section 3.2 @@ -214,7 +203,7 @@ impl FieldElement { /// This function returns zero on input zero. #[rustfmt::skip] // keep alignment of explanatory comments #[allow(clippy::let_and_return)] - pub fn invert(&self) -> FieldElement { + pub(crate) fn invert(&self) -> FieldElement { // The bits of p-2 = 2^255 -19 -2 are 11010111111...11. // // nonzero bits of exponent @@ -251,7 +240,7 @@ impl FieldElement { /// - `(Choice(0), zero) ` if `v` is zero and `u` is nonzero; /// - `(Choice(0), +sqrt(i*u/v))` if `u/v` is nonsquare (so `i*u/v` is square). /// - pub fn sqrt_ratio_i(u: &FieldElement, v: &FieldElement) -> (Choice, FieldElement) { + pub(crate) fn sqrt_ratio_i(u: &FieldElement, v: &FieldElement) -> (Choice, FieldElement) { // Using the same trick as in ed25519 decoding, we merge the // inversion, the square root, and the square test as follows. // @@ -311,7 +300,7 @@ impl FieldElement { /// - `(Choice(0), zero) ` if `self` is zero; /// - `(Choice(0), +sqrt(i/self)) ` if `self` is a nonzero nonsquare; /// - pub fn invsqrt(&self) -> (Choice, FieldElement) { + pub(crate) fn invsqrt(&self) -> (Choice, FieldElement) { FieldElement::sqrt_ratio_i(&FieldElement::ONE, self) } } @@ -319,7 +308,6 @@ impl FieldElement { #[cfg(test)] mod test { use crate::field::*; - use subtle::ConditionallyNegatable; /// Random element a of GF(2^255-19), from Sage /// a = 1070314506888354081329385823235218444233221\ diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/lib.rs similarity index 91% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/lib.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/lib.rs index 9097a9a8fc1f..fecfe888c53f 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/lib.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/lib.rs @@ -10,7 +10,14 @@ // - Henry de Valence #![no_std] -#![cfg_attr(all(curve25519_dalek_backend = "simd", nightly), feature(stdsimd))] +#![cfg_attr( + all( + curve25519_dalek_backend = "simd", + nightly, + any(target_arch = "x86", target_arch = "x86_64") + ), + feature(stdarch_x86_avx512) +)] #![cfg_attr( all(curve25519_dalek_backend = "simd", nightly), feature(avx512_target_feature) @@ -35,6 +42,8 @@ unused_lifetimes, unused_qualifications )] +// Requires MSRV 1.77 as it does not allow build.rs gating +#![allow(unexpected_cfgs)] //------------------------------------------------------------------------ // External dependencies: diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/macros.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/macros.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/macros.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/macros.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/montgomery.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/montgomery.rs similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/montgomery.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/montgomery.rs diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/ristretto.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/ristretto.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/ristretto.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/ristretto.rs index dec7ae067950..c9d16aba38ee 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/ristretto.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/ristretto.rs @@ -364,7 +364,7 @@ impl TryFrom<&[u8]> for CompressedRistretto { #[cfg(feature = "serde")] use serde::de::Visitor; #[cfg(feature = "serde")] -use serde::{self, Deserialize, Deserializer, Serialize, Serializer}; +use serde::{Deserialize, Deserializer, Serialize, Serializer}; #[cfg(feature = "serde")] impl Serialize for RistrettoPoint { @@ -407,7 +407,7 @@ impl<'de> Deserialize<'de> for RistrettoPoint { impl<'de> Visitor<'de> for RistrettoPointVisitor { type Value = RistrettoPoint; - fn expecting(&self, formatter: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn expecting(&self, formatter: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { formatter.write_str("a valid point in Ristretto format") } @@ -443,7 +443,7 @@ impl<'de> Deserialize<'de> for CompressedRistretto { impl<'de> Visitor<'de> for CompressedRistrettoVisitor { type Value = CompressedRistretto; - fn expecting(&self, formatter: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn expecting(&self, formatter: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { formatter.write_str("32 bytes of data") } @@ -1155,13 +1155,13 @@ impl ConditionallySelectable for RistrettoPoint { // ------------------------------------------------------------------------ impl Debug for CompressedRistretto { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "CompressedRistretto: {:?}", self.as_bytes()) } } impl Debug for RistrettoPoint { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { let coset = self.coset4(); write!( f, @@ -1277,8 +1277,6 @@ impl Zeroize for RistrettoPoint { mod test { use super::*; use crate::edwards::CompressedEdwardsY; - use crate::scalar::Scalar; - use crate::traits::Identity; use rand_core::OsRng; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/scalar.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/scalar.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/scalar.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/scalar.rs index 5b9eca1daec4..6afd74eef46a 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/scalar.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/scalar.rs @@ -112,8 +112,6 @@ //! has been enabled. use core::borrow::Borrow; -use core::cmp::{Eq, PartialEq}; -use core::convert::TryInto; use core::fmt::Debug; use core::iter::{Product, Sum}; use core::ops::Index; @@ -124,13 +122,13 @@ use core::ops::{Sub, SubAssign}; use cfg_if::cfg_if; +#[cfg(feature = "group")] +use group::ff::{Field, FromUniformBytes, PrimeField}; #[cfg(feature = "group-bits")] use group::ff::{FieldBits, PrimeFieldBits}; -#[cfg(feature = "group")] -use { - group::ff::{Field, FromUniformBytes, PrimeField}, - rand_core::RngCore, -}; + +#[cfg(any(test, feature = "group"))] +use rand_core::RngCore; #[cfg(any(test, feature = "rand_core"))] use rand_core::CryptoRngCore; @@ -287,7 +285,7 @@ impl Scalar { } impl Debug for Scalar { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "Scalar{{\n\tbytes: {:?},\n}}", &self.bytes) } } @@ -402,7 +400,7 @@ impl ConditionallySelectable for Scalar { #[cfg(feature = "serde")] use serde::de::Visitor; #[cfg(feature = "serde")] -use serde::{self, Deserialize, Deserializer, Serialize, Serializer}; +use serde::{Deserialize, Deserializer, Serialize, Serializer}; #[cfg(feature = "serde")] #[cfg_attr(docsrs, doc(cfg(feature = "serde")))] @@ -432,7 +430,7 @@ impl<'de> Deserialize<'de> for Scalar { impl<'de> Visitor<'de> for ScalarVisitor { type Value = Scalar; - fn expecting(&self, formatter: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn expecting(&self, formatter: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { formatter.write_str( "a sequence of 32 bytes whose little-endian interpretation is less than the \ basepoint order ℓ", @@ -833,7 +831,7 @@ impl Scalar { } #[cfg(feature = "zeroize")] - zeroize::Zeroize::zeroize(&mut scratch); + Zeroize::zeroize(&mut scratch); ret } @@ -1235,10 +1233,12 @@ impl Field for Scalar { } fn sqrt_ratio(num: &Self, div: &Self) -> (Choice, Self) { + #[allow(unused_qualifications)] group::ff::helpers::sqrt_ratio_generic(num, div) } fn sqrt(&self) -> CtOption { + #[allow(unused_qualifications)] group::ff::helpers::sqrt_tonelli_shanks( self, [ @@ -1393,13 +1393,10 @@ pub const fn clamp_integer(mut bytes: [u8; 32]) -> [u8; 32] { #[cfg(test)] pub(crate) mod test { use super::*; - use crate::constants; #[cfg(feature = "alloc")] use alloc::vec::Vec; - use rand::RngCore; - /// x = 2238329342913194256032495932344128051776374960164957527413114840482143558222 pub static X: Scalar = Scalar { bytes: [ diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/traits.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/traits.rs similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/traits.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/traits.rs index a12592b86372..322787db5aaf 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/traits.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/traits.rs @@ -15,9 +15,8 @@ use core::borrow::Borrow; -use subtle; - use crate::scalar::{clamp_integer, Scalar}; +use subtle::ConstantTimeEq; // ------------------------------------------------------------------------ // Public Traits @@ -41,7 +40,7 @@ pub trait IsIdentity { /// constructor. impl IsIdentity for T where - T: subtle::ConstantTimeEq + Identity, + T: ConstantTimeEq + Identity, { fn is_identity(&self) -> bool { self.ct_eq(&T::identity()).into() @@ -409,6 +408,7 @@ pub trait VartimePrecomputedMultiscalarMul: Sized { /// This trait is only for debugging/testing, since it should be /// impossible for a `curve25519-dalek` user to construct an invalid /// point. +#[allow(dead_code)] pub(crate) trait ValidityCheck { /// Checks whether the point is on the curve. Not CT. fn is_valid(&self) -> bool; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/window.rs b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/window.rs similarity index 97% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/window.rs rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/window.rs index 8c575ee04c90..43c4b3abb462 100644 --- a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/window.rs +++ b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/window.rs @@ -83,7 +83,7 @@ macro_rules! impl_lookup_table { } impl Debug for $name { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "{:?}(", stringify!($name))?; for x in self.0.iter() { @@ -193,7 +193,7 @@ impl NafLookupTable5 { } impl Debug for NafLookupTable5 { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "NafLookupTable5({:?})", self.0) } } @@ -240,7 +240,7 @@ impl NafLookupTable8 { #[cfg(any(feature = "precomputed-tables", feature = "alloc"))] impl Debug for NafLookupTable8 { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { writeln!(f, "NafLookupTable8([")?; for i in 0..64 { writeln!(f, "\t{:?},", &self.0[i])?; diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/tests/build_tests.sh b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/tests/build_tests.sh similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/tests/build_tests.sh rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/tests/build_tests.sh diff --git a/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/vendor/ristretto.sage b/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/vendor/ristretto.sage similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/vendor/ristretto.sage rename to third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/vendor/ristretto.sage diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/der-0.7.9/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/.cargo_vcs_info.json new file mode 100644 index 000000000000..073cd348b956 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "9bf880934c350a5af67df17ba12bf8636486f7f9" + }, + "path_in_vcs": "der" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/CHANGELOG.md new file mode 100644 index 000000000000..d82e7235dd6d --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/CHANGELOG.md @@ -0,0 +1,465 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## 0.7.9 (2024-04-01) +### Changed +- ignore RUSTSEC-2023-0071 (backport [#1276]) +- make sure der is comptatible with potential language breaking changed (backport [#1374]) + +[#1276]: https://github.com/RustCrypto/formats/pull/1276 +[#1374]: https://github.com/RustCrypto/formats/pull/1374 + +## 0.7.8 (2023-08-07) +### Added +- `bytes` feature ([#1156]) +- impl `RefToOwned`/`OwnedToRef` for `&[u8]`/`Box<[u8]>` ([#1188]) +- `BmpString` ([#1164]) + +### Changed +- no-panic cleanup ([#1169]) +- Bump `der_derive` dependency to v0.7.2 ([#1192]) + +[#1156]: https://github.com/RustCrypto/formats/pull/1156 +[#1164]: https://github.com/RustCrypto/formats/pull/1164 +[#1169]: https://github.com/RustCrypto/formats/pull/1169 +[#1188]: https://github.com/RustCrypto/formats/pull/1188 +[#1192]: https://github.com/RustCrypto/formats/pull/1192 + +## 0.7.7 (2023-06-29) +### Added +- `TryFrom` impl for strings based on `StrOwned` ([#1064]) + +[#1064]: https://github.com/RustCrypto/formats/pull/1064 + +## 0.7.6 (2023-05-16) +### Added +- `SetOfVec::{extend, from_iter}` methods ([#1065]) +- `SetOf(Vec)::{insert, insert_ordered}` methods ([#1067]) + +### Changed +- Deprecate `SetOf(Vec)::add` ([#1067]) + +### Fixed +- Off-by-one error in `BMPString` tag ([#1037]) +- Handling of non-unique items in `SetOf`(Vec) ([#1066]) + +[#1037]: https://github.com/RustCrypto/formats/pull/1037 +[#1065]: https://github.com/RustCrypto/formats/pull/1065 +[#1066]: https://github.com/RustCrypto/formats/pull/1066 +[#1067]: https://github.com/RustCrypto/formats/pull/1067 + +## 0.7.5 (2023-04-24) +### Added +- adds support for `DateTime::INFINITY` ([#1026]) + +[#1026]: https://github.com/RustCrypto/formats/pull/1026 + +## 0.7.4 (2023-04-19) +### Added +- `Decode` and `Encode` impls for `PhantomData` ([#1009]) +- `ValueOrd` and `DerOrd` impls for `PhantomData` ([#1012]) + +### Changed +- Bump `hex-literal` dependency to v0.4.1 ([#999]) +- Bump `der_derive` dependency to v0.7.1 ([#1016]) + +[#1009]: https://github.com/RustCrypto/formats/pull/1009 +[#1012]: https://github.com/RustCrypto/formats/pull/1012 +[#1016]: https://github.com/RustCrypto/formats/pull/1016 + +## 0.7.3 (2023-04-06) +### Added +- `UtcTime::MAX_YEAR` associated constant ([#989]) + +[#989]: https://github.com/RustCrypto/formats/pull/989 + +## 0.7.2 (2023-04-04) +### Added +- Expose `NestedReader ([#925]) +- `From` impl for `Any` ([#965]) +- `Any::null` helper ([#969]) +- `Any::encode_from` ([#976]) + +[#925]: https://github.com/RustCrypto/formats/pull/925 +[#965]: https://github.com/RustCrypto/formats/pull/965 +[#969]: https://github.com/RustCrypto/formats/pull/969 +[#976]: https://github.com/RustCrypto/formats/pull/976 + +## 0.7.1 (2023-03-07) +### Changed +- Make `zeroize`'s `alloc` feature conditional ([#920]) + +[#920]: https://github.com/RustCrypto/formats/pull/920 + +## 0.7.0 (2023-02-26) [YANKED] +### Added +- `OwnedtoRef`/`RefToOwned` traits; MSRV 1.65 ([#797]) +- `OctetStringRef::decode_into` ([#817]) +- `Int` and `IntRef` types ([#823]) +- `IndefiniteLength` type ([#830]) +- `Any::value` accessor ([#833]) +- Buffered PEM reader ([#839]) +- `OctetString::into_bytes` ([#845]) +- Blanket impls on `Box` for `DecodeValue`, `EncodeValue`, and `Sequence` ([#860]) + +### Changed +- Rename `UIntRef` => `UintRef` ([#786]) +- Replace use of `dyn Writer` with `impl Writer` ([#828]) +- Rename `AnyRef::decode_into` -> `::decode_as` ([#829]) +- Bump `pem-rfc7468` dependency to v0.7 ([#894]) +- Rename `Encode::to_vec` => `::to_der` ([#898]) + +### Removed +- `Sequence::fields` method ([#828]) +- Inherent `AnyRef` decoding methods ([#829]) + +[#786]: https://github.com/RustCrypto/formats/pull/786 +[#797]: https://github.com/RustCrypto/formats/pull/797 +[#817]: https://github.com/RustCrypto/formats/pull/817 +[#823]: https://github.com/RustCrypto/formats/pull/823 +[#828]: https://github.com/RustCrypto/formats/pull/828 +[#829]: https://github.com/RustCrypto/formats/pull/829 +[#830]: https://github.com/RustCrypto/formats/pull/830 +[#833]: https://github.com/RustCrypto/formats/pull/833 +[#839]: https://github.com/RustCrypto/formats/pull/839 +[#845]: https://github.com/RustCrypto/formats/pull/845 +[#860]: https://github.com/RustCrypto/formats/pull/860 +[#894]: https://github.com/RustCrypto/formats/pull/894 +[#898]: https://github.com/RustCrypto/formats/pull/898 + +## 0.6.1 (2022-12-05) +### Added +- Rudimentary implementation of `TeletexString` and `VideotexString` ([#691]) +- Impl `ValueOrd` for `FlagSet` and `UIntRef` ([#723]) + +### Changed +- Eliminate some boilerplate code by using `Deref` ([#697]) + +[#691]: https://github.com/RustCrypto/formats/pull/691 +[#697]: https://github.com/RustCrypto/formats/pull/697 +[#723]: https://github.com/RustCrypto/formats/pull/723 + +## 0.6.0 (2022-05-08) +### Added +- Impl `ValueOrd` for `SetOf` and `SetOfVec` ([#362]) +- `SequenceRef` type ([#374]) +- Support for `SetOf` sorting on heapless `no_std` targets ([#401]) +- Support for mapping `BitString` to/from a `FlagSet` ([#412]) +- `DecodeOwned` marker trait ([#529]) +- Support for the ASN.1 `REAL` type ([#346]) +- `DecodePem` and `EncodePem` traits ([#571]) +- `Document` and `SecretDocument` types ([#571]) +- `EncodeRef`/`EncodeValueRef` wrapper types ([#604]) +- `Writer` trait ([#605]) +- `Reader` trait ([#606]) +- Streaming on-the-fly `PemReader` and `PemWriter` ([#618], [#636]) +- Owned `BitString` ([#636]) +- Owned `Any` and `OctetString` types ([#640]) + +### Changed +- Pass `Header` to `DecodeValue` ([#392]) +- Bump `const-oid` dependency to v0.9 ([#507]) +- Renamed `Decodable`/`Encodable` => `Decode`/`Encode` ([#523]) +- Enable arithmetic, casting, and panic `clippy` lints ([#556], [#579]) +- Use `&mut dyn Writer` as output for `Encode::encode` and `EncodeValue::encode_value` ([#611]) +- Bump `pem-rfc7468` dependency to v0.6 ([#620]) +- Use `Reader<'a>` as input for `Decode::decode` and `DecodeValue::decode_value` ([#633]) +- Renamed `Any` => `AnyRef` ([#637]) +- Renamed `BitString` => `BitStringRef` ([#637]) +- Renamed `Ia5String` => `Ia5StringRef` ([#637]) +- Renamed `OctetString` => `OctetStringRef` ([#637]) +- Renamed `PrintableString` => `PrintableStringRef` ([#637]) +- Renamed `Utf8String` => `Utf8StringRef` ([#637]) +- Renamed `UIntBytes` => `UIntRef` ([#637]) +- Renamed `Decoder` => `SliceReader` ([#651]) +- Renamed `Encoder` => `SliceWriter` ([#651]) + +### Fixed +- Handling of oversized unsigned `INTEGER` inputs ([#447]) + +### Removed +- `bigint` feature ([#344]) +- `OrdIsValueOrd` trait ([#359]) +- `Document` trait ([#571]) +- `OptionalRef` ([#604]) +- Decode-time SET OF ordering checks ([#625]) + +[#344]: https://github.com/RustCrypto/formats/pull/344 +[#346]: https://github.com/RustCrypto/formats/pull/346 +[#359]: https://github.com/RustCrypto/formats/pull/359 +[#362]: https://github.com/RustCrypto/formats/pull/362 +[#374]: https://github.com/RustCrypto/formats/pull/374 +[#392]: https://github.com/RustCrypto/formats/pull/392 +[#401]: https://github.com/RustCrypto/formats/pull/401 +[#412]: https://github.com/RustCrypto/formats/pull/412 +[#447]: https://github.com/RustCrypto/formats/pull/447 +[#507]: https://github.com/RustCrypto/formats/pull/507 +[#523]: https://github.com/RustCrypto/formats/pull/523 +[#529]: https://github.com/RustCrypto/formats/pull/529 +[#556]: https://github.com/RustCrypto/formats/pull/556 +[#571]: https://github.com/RustCrypto/formats/pull/571 +[#579]: https://github.com/RustCrypto/formats/pull/579 +[#604]: https://github.com/RustCrypto/formats/pull/604 +[#605]: https://github.com/RustCrypto/formats/pull/605 +[#606]: https://github.com/RustCrypto/formats/pull/606 +[#611]: https://github.com/RustCrypto/formats/pull/611 +[#618]: https://github.com/RustCrypto/formats/pull/618 +[#620]: https://github.com/RustCrypto/formats/pull/620 +[#625]: https://github.com/RustCrypto/formats/pull/625 +[#633]: https://github.com/RustCrypto/formats/pull/633 +[#636]: https://github.com/RustCrypto/formats/pull/636 +[#637]: https://github.com/RustCrypto/formats/pull/637 +[#640]: https://github.com/RustCrypto/formats/pull/640 +[#651]: https://github.com/RustCrypto/formats/pull/651 + +## 0.5.1 (2021-11-17) +### Added +- `Any::NULL` constant ([#226]) + +[#226]: https://github.com/RustCrypto/formats/pull/226 + +## 0.5.0 (2021-11-15) [YANKED] +### Added +- Support for `IMPLICIT` mode `CONTEXT-SPECIFIC` fields ([#61]) +- `DecodeValue`/`EncodeValue` traits ([#63]) +- Expose `DateTime` through public API ([#75]) +- `SEQUENCE OF` support for `[T; N]` ([#90]) +- `SequenceOf` type ([#95]) +- `SEQUENCE OF` support for `Vec` ([#96]) +- `Document` trait ([#117]) +- Basic integration with `time` crate ([#129]) +- `Tag::NumericString` ([#132]) +- Support for unused bits to `BitString` ([#141]) +- `Decoder::{peek_tag, peek_header}` ([#142]) +- Type hint in `encoder `sequence` method ([#147]) +- `Tag::Enumerated` ([#153]) +- `ErrorKind::TagNumberInvalid` ([#156]) +- `Tag::VisibleString` and `Tag::BmpString` ([#160]) +- Inherent constants for all valid `TagNumber`s ([#165]) +- `DerOrd` and `ValueOrd` traits ([#190]) +- `ContextSpecificRef` type ([#199]) + +### Changed +- Make `ContextSpecific` generic around an inner type ([#60]) +- Removed `SetOf` trait; rename `SetOfArray` => `SetOf` ([#97]) +- Rename `Message` trait to `Sequence` ([#99]) +- Make `GeneralizedTime`/`UtcTime` into `DateTime` newtypes ([#102]) +- Rust 2021 edition upgrade; MSRV 1.56 ([#136]) +- Replace `ErrorKind::Truncated` with `ErrorKind::Incomplete` ([#143]) +- Rename `ErrorKind::UnknownTagMode` => `ErrorKind::TagModeUnknown` ([#155]) +- Rename `ErrorKind::UnexpectedTag` => `ErrorKind::TagUnexpected` ([#155]) +- Rename `ErrorKind::UnknownTag` => `ErrorKind::TagUnknown` ([#155]) +- Consolidate `ErrorKind::{Incomplete, Underlength}` ([#157]) +- Rename `Tagged` => `FixedTag`; add new `Tagged` trait ([#189]) +- Use `DerOrd` for `SetOf*` types ([#200]) +- Switch `impl From for &[u8]` to `TryFrom` ([#203]) +- Bump `crypto-bigint` dependency to v0.3 ([#215]) +- Bump `const-oid` dependency to v0.7 ([#216]) +- Bump `pem-rfc7468` dependency to v0.3 ([#217]) +- Bump `der_derive` dependency to v0.5 ([#221]) + +### Removed +- `Sequence` struct ([#98]) +- `Tagged` bound on `ContextSpecific::decode_implicit` ([#161]) +- `ErrorKind::DuplicateField` ([#162]) + +[#60]: https://github.com/RustCrypto/formats/pull/60 +[#61]: https://github.com/RustCrypto/formats/pull/61 +[#63]: https://github.com/RustCrypto/formats/pull/63 +[#75]: https://github.com/RustCrypto/formats/pull/75 +[#90]: https://github.com/RustCrypto/formats/pull/90 +[#95]: https://github.com/RustCrypto/formats/pull/95 +[#96]: https://github.com/RustCrypto/formats/pull/96 +[#97]: https://github.com/RustCrypto/formats/pull/97 +[#98]: https://github.com/RustCrypto/formats/pull/98 +[#99]: https://github.com/RustCrypto/formats/pull/99 +[#102]: https://github.com/RustCrypto/formats/pull/102 +[#117]: https://github.com/RustCrypto/formats/pull/117 +[#129]: https://github.com/RustCrypto/formats/pull/129 +[#132]: https://github.com/RustCrypto/formats/pull/132 +[#136]: https://github.com/RustCrypto/formats/pull/136 +[#141]: https://github.com/RustCrypto/formats/pull/141 +[#142]: https://github.com/RustCrypto/formats/pull/142 +[#143]: https://github.com/RustCrypto/formats/pull/143 +[#147]: https://github.com/RustCrypto/formats/pull/147 +[#153]: https://github.com/RustCrypto/formats/pull/153 +[#155]: https://github.com/RustCrypto/formats/pull/155 +[#156]: https://github.com/RustCrypto/formats/pull/156 +[#157]: https://github.com/RustCrypto/formats/pull/157 +[#160]: https://github.com/RustCrypto/formats/pull/160 +[#161]: https://github.com/RustCrypto/formats/pull/161 +[#162]: https://github.com/RustCrypto/formats/pull/162 +[#165]: https://github.com/RustCrypto/formats/pull/165 +[#189]: https://github.com/RustCrypto/formats/pull/189 +[#190]: https://github.com/RustCrypto/formats/pull/190 +[#199]: https://github.com/RustCrypto/formats/pull/199 +[#200]: https://github.com/RustCrypto/formats/pull/200 +[#203]: https://github.com/RustCrypto/formats/pull/203 +[#215]: https://github.com/RustCrypto/formats/pull/215 +[#216]: https://github.com/RustCrypto/formats/pull/216 +[#217]: https://github.com/RustCrypto/formats/pull/217 +[#221]: https://github.com/RustCrypto/formats/pull/221 + +## 0.4.5 (2021-12-01) +### Fixed +- Backport [#147] type hint fix for WASM platforms to 0.4.x + +## 0.4.4 (2021-10-06) +### Removed +- Accidentally checked-in `target/` directory ([#66]) + +[#66]: https://github.com/RustCrypto/formats/pull/66 + +## 0.4.3 (2021-09-15) +### Added +- `Tag::unexpected_error` ([#33]) + +[#33]: https://github.com/RustCrypto/formats/pull/33 + +## 0.4.2 (2021-09-14) +### Changed +- Moved to `formats` repo ([#2]) + +### Fixed +- ASN.1 `SET` type now flagged with the constructed bit + +[#2]: https://github.com/RustCrypto/formats/pull/2 + +## 0.4.1 (2021-08-08) +### Fixed +- Encoding `UTCTime` for dates with `20xx` years + +## 0.4.0 (2021-06-07) +### Added +- `TagNumber` type +- Const generic integer de/encoders with support for all of Rust's integer + primitives +- `crypto-bigint` support +- `Tag` number helpers +- `Tag::octet` +- `ErrorKind::Value` helpers +- `SequenceIter` + +### Changed +- Bump `const-oid` crate dependency to v0.6 +- Make `Tag` structured +- Namespace ASN.1 types in `asn1` module +- Refactor context-specific field decoding +- MSRV 1.51 +- Rename `big-uint` crate feature to `bigint` +- Rename `BigUInt` to `UIntBytes` +- Have `Decoder::error()` return an `Error` + +### Removed +- Deprecated methods replaced by associated constants + +## 0.3.5 (2021-05-24) +### Added +- Helper methods for context-specific fields +- `ContextSpecific` field wrapper +- Decoder position tracking for errors during `Any<'a>` decoding + +### Fixed +- `From` conversion for `BitString` into `Any` + +## 0.3.4 (2021-05-16) +### Changed +- Support `Length` of up to 1 MiB + +## 0.3.3 (2021-04-15) +### Added +- `Length` constants + +### Changed +- Deprecate `const fn` methods replaced by `Length` constants + +## 0.3.2 (2021-04-15) +### Fixed +- Non-critical bug allowing `Length` to exceed the max invariant + +## 0.3.1 (2021-04-01) [YANKED] +### Added +- `PartialOrd` + `Ord` impls to all ASN.1 types + +## 0.3.0 (2021-03-22) [YANKED] +### Added +- Impl `Decode`/`Encoded`/`Tagged` for `String` +- `Length::one` and `Length::for_tlv` +- `SET OF` support with `SetOf` trait and `SetOfRef` + +### Changed +- Rename `Decodable::from_bytes` => `Decodable::from_der` +- Separate `sequence` and `message` +- Rename `ErrorKind::Oid` => `ErrorKind::MalformedOid` +- Auto-derive `From` impls for variants when deriving `Choice` +- Make `Length` use `u32` internally +- Make `Sequence` constructor private +- Bump `const_oid` to v0.5 +- Bump `der_derive` to v0.3 + +### Removed +- Deprecated methods +- `BigUIntSize` + +## 0.2.10 (2021-02-28) +### Added +- Impl `From` for `Any` + +### Changed +- Bump minimum `const-oid` dependency to v0.4.4 + +## 0.2.9 (2021-02-24) +### Added +- Support for `IA5String` + +## 0.2.8 (2021-02-22) +### Added +- `Choice` trait + +## 0.2.7 (2021-02-20) +### Added +- Export `Header` publicly +- Make `Encoder::reserve` public + +## 0.2.6 (2021-02-19) +### Added +- Make the unit type an encoding of `NULL` + +## 0.2.5 (2021-02-18) +### Added +- `ErrorKind::UnknownOid` variant + +## 0.2.4 (2021-02-16) +### Added +- `Any::is_null` method + +### Changed +- Deprecate `Any::null` method + +## 0.2.3 (2021-02-15) +### Added +- Additional `rustdoc` documentation + +## 0.2.2 (2021-02-12) +### Added +- Support for `UTCTime` and `GeneralizedTime` + +## 0.2.1 (2021-02-02) +### Added +- Support for `PrintableString` and `Utf8String` + +## 0.2.0 (2021-01-22) +### Added +- `BigUInt` type +- `i16` support +- `u8` and `u16` support +- Integer decoder helper methods + +### Fixed +- Handle leading byte of `BIT STRING`s + +## 0.1.0 (2020-12-21) +- Initial release diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/Cargo.toml new file mode 100644 index 000000000000..027b88a6e5a7 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/Cargo.toml @@ -0,0 +1,109 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +edition = "2021" +rust-version = "1.65" +name = "der" +version = "0.7.9" +authors = ["RustCrypto Developers"] +description = """ +Pure Rust embedded-friendly implementation of the Distinguished Encoding Rules +(DER) for Abstract Syntax Notation One (ASN.1) as described in ITU X.690 with +full support for heapless no_std targets +""" +readme = "README.md" +keywords = [ + "asn1", + "crypto", + "itu", + "pkcs", +] +categories = [ + "cryptography", + "data-structures", + "encoding", + "no-std", + "parser-implementations", +] +license = "Apache-2.0 OR MIT" +repository = "https://github.com/RustCrypto/formats/tree/master/der" + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = [ + "--cfg", + "docsrs", +] + +[dependencies.arbitrary] +version = "1.3" +features = ["derive"] +optional = true + +[dependencies.bytes] +version = "1" +optional = true +default-features = false + +[dependencies.const-oid] +version = "0.9.2" +optional = true + +[dependencies.der_derive] +version = "0.7.2" +optional = true + +[dependencies.flagset] +version = "0.4.3" +optional = true + +[dependencies.pem-rfc7468] +version = "0.7" +features = ["alloc"] +optional = true + +[dependencies.time] +version = "0.3.4" +optional = true +default-features = false + +[dependencies.zeroize] +version = "1.5" +optional = true +default-features = false + +[dev-dependencies.hex-literal] +version = "0.4.1" + +[dev-dependencies.proptest] +version = "1" + +[features] +alloc = ["zeroize?/alloc"] +arbitrary = [ + "dep:arbitrary", + "const-oid?/arbitrary", + "std", +] +bytes = [ + "dep:bytes", + "alloc", +] +derive = ["dep:der_derive"] +oid = ["dep:const-oid"] +pem = [ + "dep:pem-rfc7468", + "alloc", + "zeroize", +] +real = [] +std = ["alloc"] diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/Cargo.toml.orig new file mode 100644 index 000000000000..4233b40a3b44 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/Cargo.toml.orig @@ -0,0 +1,45 @@ +[package] +name = "der" +version = "0.7.9" +description = """ +Pure Rust embedded-friendly implementation of the Distinguished Encoding Rules +(DER) for Abstract Syntax Notation One (ASN.1) as described in ITU X.690 with +full support for heapless no_std targets +""" +authors = ["RustCrypto Developers"] +license = "Apache-2.0 OR MIT" +repository = "https://github.com/RustCrypto/formats/tree/master/der" +categories = ["cryptography", "data-structures", "encoding", "no-std", "parser-implementations"] +keywords = ["asn1", "crypto", "itu", "pkcs"] +readme = "README.md" +edition = "2021" +rust-version = "1.65" + +[dependencies] +arbitrary = { version = "1.3", features = ["derive"], optional = true } +bytes = { version = "1", optional = true, default-features = false } +const-oid = { version = "0.9.2", optional = true } +der_derive = { version = "0.7.2", optional = true } +flagset = { version = "0.4.3", optional = true } +pem-rfc7468 = { version = "0.7", optional = true, features = ["alloc"] } +time = { version = "0.3.4", optional = true, default-features = false } +zeroize = { version = "1.5", optional = true, default-features = false } + +[dev-dependencies] +hex-literal = "0.4.1" +proptest = "1" + +[features] +alloc = ["zeroize?/alloc"] +std = ["alloc"] + +arbitrary = ["dep:arbitrary", "const-oid?/arbitrary", "std"] +bytes = ["dep:bytes", "alloc"] +derive = ["dep:der_derive"] +oid = ["dep:const-oid"] +pem = ["dep:pem-rfc7468", "alloc", "zeroize"] +real = [] + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = ["--cfg", "docsrs"] diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/LICENSE-APACHE b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/LICENSE-APACHE similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/LICENSE-APACHE rename to third_party/rust/chromium_crates_io/vendor/der-0.7.9/LICENSE-APACHE diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/LICENSE-MIT b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/LICENSE-MIT similarity index 94% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/LICENSE-MIT rename to third_party/rust/chromium_crates_io/vendor/der-0.7.9/LICENSE-MIT index 81a3d57ac3de..e0d082780149 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/LICENSE-MIT +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/LICENSE-MIT @@ -1,4 +1,4 @@ -Copyright (c) 2018-2022 RustCrypto Developers +Copyright (c) 2020-2023 The RustCrypto Project Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/README.md b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/README.md new file mode 100644 index 000000000000..f13053ffe613 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/README.md @@ -0,0 +1,96 @@ +# [RustCrypto]: ASN.1 DER + +[![Crate][crate-image]][crate-link] +[![Docs][docs-image]][docs-link] +[![Build Status][build-image]][build-link] +![Apache2/MIT licensed][license-image] +![Rust Version][rustc-image] +[![Project Chat][chat-image]][chat-link] + +Pure Rust embedded-friendly implementation of the Distinguished Encoding Rules (DER) +for Abstract Syntax Notation One (ASN.1) as described in ITU X.690. + +[Documentation][docs-link] + +## About + +This crate provides a `no_std`-friendly implementation of a subset of ASN.1 DER +necessary for decoding/encoding the following cryptography-related formats +implemented as crates maintained by the [RustCrypto] project: + +- [`pkcs1`]: RSA Cryptography Specifications +- [`pkcs5`]: Password-Based Cryptography Specification +- [`pkcs7`]: Cryptographic Message Syntax +- [`pkcs8`]: Private-Key Information Syntax Specification +- [`pkcs10`]: Certification Request Syntax Specification +- [`sec1`]: Elliptic Curve Cryptography +- [`spki`]: X.509 Subject Public Key Info +- [`x501`]: Directory Services Types +- [`x509`]: Public Key Infrastructure Certificate + +The core implementation avoids any heap usage (with convenience methods +that allocate gated under the off-by-default `alloc` feature). + +The DER decoder in this crate performs checks to ensure that the input document +is in canonical form, and will return errors if non-canonical productions are +encountered. There is currently no way to disable these checks. + +### Features + +- Rich support for ASN.1 types used by PKCS/PKIX documents +- Performs DER canonicalization checks at decoding time +- `no_std` friendly: supports "heapless" usage +- Optionally supports `alloc` and `std` if desired +- No hard dependencies! Self-contained implementation with optional + integrations with the following crates, all of which are `no_std` friendly: + - `const-oid`: const-friendly OID implementation + - `pem-rfc7468`: PKCS/PKIX-flavored PEM library with constant-time decoder/encoders + - `time` crate: date/time library + +## Minimum Supported Rust Version + +This crate requires **Rust 1.65** at a minimum. + +We may change the MSRV in the future, but it will be accompanied by a minor +version bump. + +## License + +Licensed under either of: + + * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) + * [MIT license](http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you, as defined in the Apache-2.0 license, shall be +dual licensed as above, without any additional terms or conditions. + +[//]: # (badges) + +[crate-image]: https://buildstats.info/crate/der +[crate-link]: https://crates.io/crates/der +[docs-image]: https://docs.rs/der/badge.svg +[docs-link]: https://docs.rs/der/ +[build-image]: https://github.com/RustCrypto/formats/actions/workflows/der.yml/badge.svg +[build-link]: https://github.com/RustCrypto/formats/actions/workflows/der.yml +[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg +[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg +[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/300570-formats + +[//]: # (links) + +[RustCrypto]: https://github.com/rustcrypto +[`pkcs1`]: https://github.com/RustCrypto/formats/tree/master/pkcs1 +[`pkcs5`]: https://github.com/RustCrypto/formats/tree/master/pkcs5 +[`pkcs7`]: https://github.com/RustCrypto/formats/tree/master/pkcs7 +[`pkcs8`]: https://github.com/RustCrypto/formats/tree/master/pkcs8 +[`pkcs10`]: https://github.com/RustCrypto/formats/tree/master/pkcs10 +[`sec1`]: https://github.com/RustCrypto/formats/tree/master/sec1 +[`spki`]: https://github.com/RustCrypto/formats/tree/master/spki +[`x501`]: https://github.com/RustCrypto/formats/tree/master/x501 +[`x509`]: https://github.com/RustCrypto/formats/tree/master/x509 diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/arrayvec.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/arrayvec.rs new file mode 100644 index 000000000000..6ce608d97c9c --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/arrayvec.rs @@ -0,0 +1,145 @@ +//! Array-backed append-only vector type. +// TODO(tarcieri): use `core` impl of `ArrayVec` +// See: https://github.com/rust-lang/rfcs/pull/2990 + +use crate::{ErrorKind, Result}; + +/// Array-backed append-only vector type. +#[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub(crate) struct ArrayVec { + /// Elements of the set. + elements: [Option; N], + + /// Last populated element. + length: usize, +} + +impl ArrayVec { + /// Create a new [`ArrayVec`]. + pub fn new() -> Self { + Self { + elements: [(); N].map(|_| None), + length: 0, + } + } + + /// Push an item into this [`ArrayVec`]. + pub fn push(&mut self, item: T) -> Result<()> { + match self.length.checked_add(1) { + Some(n) if n <= N => { + self.elements[self.length] = Some(item); + self.length = n; + Ok(()) + } + _ => Err(ErrorKind::Overlength.into()), + } + } + + /// Get an element from this [`ArrayVec`]. + pub fn get(&self, index: usize) -> Option<&T> { + match self.elements.get(index) { + Some(Some(ref item)) => Some(item), + _ => None, + } + } + + /// Iterate over the elements in this [`ArrayVec`]. + pub fn iter(&self) -> Iter<'_, T> { + Iter::new(&self.elements) + } + + /// Is this [`ArrayVec`] empty? + pub fn is_empty(&self) -> bool { + self.length == 0 + } + + /// Get the number of elements in this [`ArrayVec`]. + pub fn len(&self) -> usize { + self.length + } + + /// Get the last item from this [`ArrayVec`]. + pub fn last(&self) -> Option<&T> { + self.length.checked_sub(1).and_then(|n| self.get(n)) + } + + /// Extract the inner array. + pub fn into_array(self) -> [Option; N] { + self.elements + } +} + +impl AsRef<[Option]> for ArrayVec { + fn as_ref(&self) -> &[Option] { + &self.elements[..self.length] + } +} + +impl AsMut<[Option]> for ArrayVec { + fn as_mut(&mut self) -> &mut [Option] { + &mut self.elements[..self.length] + } +} + +impl Default for ArrayVec { + fn default() -> Self { + Self::new() + } +} + +/// Iterator over the elements of an [`ArrayVec`]. +#[derive(Clone, Debug)] +pub struct Iter<'a, T> { + /// Decoder which iterates over the elements of the message. + elements: &'a [Option], + + /// Position within the iterator. + position: usize, +} + +impl<'a, T> Iter<'a, T> { + pub(crate) fn new(elements: &'a [Option]) -> Self { + Self { + elements, + position: 0, + } + } +} + +impl<'a, T> Iterator for Iter<'a, T> { + type Item = &'a T; + + fn next(&mut self) -> Option<&'a T> { + match self.elements.get(self.position) { + Some(Some(res)) => { + self.position = self.position.checked_add(1)?; + Some(res) + } + _ => None, + } + } + + fn size_hint(&self) -> (usize, Option) { + let len = self.elements.len().saturating_sub(self.position); + (len, Some(len)) + } +} + +impl<'a, T> ExactSizeIterator for Iter<'a, T> {} + +#[cfg(test)] +mod tests { + use super::ArrayVec; + use crate::ErrorKind; + + #[test] + fn add() { + let mut vec = ArrayVec::::new(); + vec.push(1).unwrap(); + vec.push(2).unwrap(); + vec.push(3).unwrap(); + + assert_eq!(vec.push(4).err().unwrap(), ErrorKind::Overlength.into()); + assert_eq!(vec.len(), 3); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1.rs new file mode 100644 index 000000000000..b04b1b58f54d --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1.rs @@ -0,0 +1,67 @@ +//! Module containing all of the various ASN.1 built-in types supported by +//! this library. + +#[macro_use] +mod internal_macros; + +mod any; +mod bit_string; +#[cfg(feature = "alloc")] +mod bmp_string; +mod boolean; +mod choice; +mod context_specific; +mod generalized_time; +mod ia5_string; +mod integer; +mod null; +mod octet_string; +#[cfg(feature = "oid")] +mod oid; +mod optional; +mod printable_string; +#[cfg(feature = "real")] +mod real; +mod sequence; +mod sequence_of; +mod set_of; +mod teletex_string; +mod utc_time; +mod utf8_string; +mod videotex_string; + +pub use self::{ + any::AnyRef, + bit_string::{BitStringIter, BitStringRef}, + choice::Choice, + context_specific::{ContextSpecific, ContextSpecificRef}, + generalized_time::GeneralizedTime, + ia5_string::Ia5StringRef, + integer::{int::IntRef, uint::UintRef}, + null::Null, + octet_string::OctetStringRef, + printable_string::PrintableStringRef, + sequence::{Sequence, SequenceRef}, + sequence_of::{SequenceOf, SequenceOfIter}, + set_of::{SetOf, SetOfIter}, + teletex_string::TeletexStringRef, + utc_time::UtcTime, + utf8_string::Utf8StringRef, + videotex_string::VideotexStringRef, +}; + +#[cfg(feature = "alloc")] +pub use self::{ + any::Any, + bit_string::BitString, + bmp_string::BmpString, + ia5_string::Ia5String, + integer::{int::Int, uint::Uint}, + octet_string::OctetString, + printable_string::PrintableString, + set_of::SetOfVec, + teletex_string::TeletexString, +}; + +#[cfg(feature = "oid")] +pub use const_oid::ObjectIdentifier; diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/any.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/any.rs new file mode 100644 index 000000000000..017a90908229 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/any.rs @@ -0,0 +1,315 @@ +//! ASN.1 `ANY` type. + +#![cfg_attr(feature = "arbitrary", allow(clippy::integer_arithmetic))] + +use crate::{ + BytesRef, Choice, Decode, DecodeValue, DerOrd, EncodeValue, Error, ErrorKind, Header, Length, + Reader, Result, SliceReader, Tag, Tagged, ValueOrd, Writer, +}; +use core::cmp::Ordering; + +#[cfg(feature = "alloc")] +use crate::SliceWriter; + +/// ASN.1 `ANY`: represents any explicitly tagged ASN.1 value. +/// +/// This is a zero-copy reference type which borrows from the input data. +/// +/// Technically `ANY` hasn't been a recommended part of ASN.1 since the X.209 +/// revision from 1988. It was deprecated and replaced by Information Object +/// Classes in X.680 in 1994, and X.690 no longer refers to it whatsoever. +/// +/// Nevertheless, this crate defines an `ANY` type as it remains a familiar +/// and useful concept which is still extensively used in things like +/// PKI-related RFCs. +#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))] +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct AnyRef<'a> { + /// Tag representing the type of the encoded value. + tag: Tag, + + /// Inner value encoded as bytes. + value: BytesRef<'a>, +} + +impl<'a> AnyRef<'a> { + /// [`AnyRef`] representation of the ASN.1 `NULL` type. + pub const NULL: Self = Self { + tag: Tag::Null, + value: BytesRef::EMPTY, + }; + + /// Create a new [`AnyRef`] from the provided [`Tag`] and DER bytes. + pub fn new(tag: Tag, bytes: &'a [u8]) -> Result { + let value = BytesRef::new(bytes).map_err(|_| ErrorKind::Length { tag })?; + Ok(Self { tag, value }) + } + + /// Infallible creation of an [`AnyRef`] from a [`BytesRef`]. + pub(crate) fn from_tag_and_value(tag: Tag, value: BytesRef<'a>) -> Self { + Self { tag, value } + } + + /// Get the raw value for this [`AnyRef`] type as a byte slice. + pub fn value(self) -> &'a [u8] { + self.value.as_slice() + } + + /// Attempt to decode this [`AnyRef`] type into the inner value. + pub fn decode_as(self) -> Result + where + T: Choice<'a> + DecodeValue<'a>, + { + if !T::can_decode(self.tag) { + return Err(self.tag.unexpected_error(None)); + } + + let header = Header { + tag: self.tag, + length: self.value.len(), + }; + + let mut decoder = SliceReader::new(self.value())?; + let result = T::decode_value(&mut decoder, header)?; + decoder.finish(result) + } + + /// Is this value an ASN.1 `NULL` value? + pub fn is_null(self) -> bool { + self == Self::NULL + } + + /// Attempt to decode this value an ASN.1 `SEQUENCE`, creating a new + /// nested reader and calling the provided argument with it. + pub fn sequence(self, f: F) -> Result + where + F: FnOnce(&mut SliceReader<'a>) -> Result, + { + self.tag.assert_eq(Tag::Sequence)?; + let mut reader = SliceReader::new(self.value.as_slice())?; + let result = f(&mut reader)?; + reader.finish(result) + } +} + +impl<'a> Choice<'a> for AnyRef<'a> { + fn can_decode(_: Tag) -> bool { + true + } +} + +impl<'a> Decode<'a> for AnyRef<'a> { + fn decode>(reader: &mut R) -> Result> { + let header = Header::decode(reader)?; + Self::decode_value(reader, header) + } +} + +impl<'a> DecodeValue<'a> for AnyRef<'a> { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Ok(Self { + tag: header.tag, + value: BytesRef::decode_value(reader, header)?, + }) + } +} + +impl EncodeValue for AnyRef<'_> { + fn value_len(&self) -> Result { + Ok(self.value.len()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.value()) + } +} + +impl Tagged for AnyRef<'_> { + fn tag(&self) -> Tag { + self.tag + } +} + +impl ValueOrd for AnyRef<'_> { + fn value_cmp(&self, other: &Self) -> Result { + self.value.der_cmp(&other.value) + } +} + +impl<'a> From> for BytesRef<'a> { + fn from(any: AnyRef<'a>) -> BytesRef<'a> { + any.value + } +} + +impl<'a> TryFrom<&'a [u8]> for AnyRef<'a> { + type Error = Error; + + fn try_from(bytes: &'a [u8]) -> Result> { + AnyRef::from_der(bytes) + } +} + +#[cfg(feature = "alloc")] +pub use self::allocating::Any; + +#[cfg(feature = "alloc")] +mod allocating { + use super::*; + use crate::{referenced::*, BytesOwned}; + use alloc::boxed::Box; + + /// ASN.1 `ANY`: represents any explicitly tagged ASN.1 value. + /// + /// This type provides the same functionality as [`AnyRef`] but owns the + /// backing data. + #[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))] + #[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] + pub struct Any { + /// Tag representing the type of the encoded value. + tag: Tag, + + /// Inner value encoded as bytes. + value: BytesOwned, + } + + impl Any { + /// Create a new [`Any`] from the provided [`Tag`] and DER bytes. + pub fn new(tag: Tag, bytes: impl Into>) -> Result { + let value = BytesOwned::new(bytes)?; + + // Ensure the tag and value are a valid `AnyRef`. + AnyRef::new(tag, value.as_slice())?; + Ok(Self { tag, value }) + } + + /// Allow access to value + pub fn value(&self) -> &[u8] { + self.value.as_slice() + } + + /// Attempt to decode this [`Any`] type into the inner value. + pub fn decode_as<'a, T>(&'a self) -> Result + where + T: Choice<'a> + DecodeValue<'a>, + { + AnyRef::from(self).decode_as() + } + + /// Encode the provided type as an [`Any`] value. + pub fn encode_from(msg: &T) -> Result + where + T: Tagged + EncodeValue, + { + let encoded_len = usize::try_from(msg.value_len()?)?; + let mut buf = vec![0u8; encoded_len]; + let mut writer = SliceWriter::new(&mut buf); + msg.encode_value(&mut writer)?; + writer.finish()?; + Any::new(msg.tag(), buf) + } + + /// Attempt to decode this value an ASN.1 `SEQUENCE`, creating a new + /// nested reader and calling the provided argument with it. + pub fn sequence<'a, F, T>(&'a self, f: F) -> Result + where + F: FnOnce(&mut SliceReader<'a>) -> Result, + { + AnyRef::from(self).sequence(f) + } + + /// [`Any`] representation of the ASN.1 `NULL` type. + pub fn null() -> Self { + Self { + tag: Tag::Null, + value: BytesOwned::default(), + } + } + } + + impl Choice<'_> for Any { + fn can_decode(_: Tag) -> bool { + true + } + } + + impl<'a> Decode<'a> for Any { + fn decode>(reader: &mut R) -> Result { + let header = Header::decode(reader)?; + Self::decode_value(reader, header) + } + } + + impl<'a> DecodeValue<'a> for Any { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let value = reader.read_vec(header.length)?; + Self::new(header.tag, value) + } + } + + impl EncodeValue for Any { + fn value_len(&self) -> Result { + Ok(self.value.len()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.value.as_slice()) + } + } + + impl<'a> From<&'a Any> for AnyRef<'a> { + fn from(any: &'a Any) -> AnyRef<'a> { + // Ensured to parse successfully in constructor + AnyRef::new(any.tag, any.value.as_slice()).expect("invalid ANY") + } + } + + impl Tagged for Any { + fn tag(&self) -> Tag { + self.tag + } + } + + impl ValueOrd for Any { + fn value_cmp(&self, other: &Self) -> Result { + self.value.der_cmp(&other.value) + } + } + + impl<'a, T> From for Any + where + T: Into>, + { + fn from(input: T) -> Any { + let anyref: AnyRef<'a> = input.into(); + Self { + tag: anyref.tag(), + value: BytesOwned::from(anyref.value), + } + } + } + + impl<'a> RefToOwned<'a> for AnyRef<'a> { + type Owned = Any; + fn ref_to_owned(&self) -> Self::Owned { + Any { + tag: self.tag(), + value: BytesOwned::from(self.value), + } + } + } + + impl OwnedToRef for Any { + type Borrowed<'a> = AnyRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + self.into() + } + } + + impl Any { + /// Is this value an ASN.1 `NULL` value? + pub fn is_null(&self) -> bool { + self.owned_to_ref() == AnyRef::NULL + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/bit_string.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/bit_string.rs new file mode 100644 index 000000000000..bf3371c40980 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/bit_string.rs @@ -0,0 +1,552 @@ +//! ASN.1 `BIT STRING` support. + +use crate::{ + BytesRef, DecodeValue, DerOrd, EncodeValue, Error, ErrorKind, FixedTag, Header, Length, Reader, + Result, Tag, ValueOrd, Writer, +}; +use core::{cmp::Ordering, iter::FusedIterator}; + +/// ASN.1 `BIT STRING` type. +/// +/// This type contains a sequence of any number of bits, modeled internally as +/// a sequence of bytes with a known number of "unused bits". +/// +/// This is a zero-copy reference type which borrows from the input data. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct BitStringRef<'a> { + /// Number of unused bits in the final octet. + unused_bits: u8, + + /// Length of this `BIT STRING` in bits. + bit_length: usize, + + /// Bitstring represented as a slice of bytes. + inner: BytesRef<'a>, +} + +impl<'a> BitStringRef<'a> { + /// Maximum number of unused bits allowed. + pub const MAX_UNUSED_BITS: u8 = 7; + + /// Create a new ASN.1 `BIT STRING` from a byte slice. + /// + /// Accepts an optional number of "unused bits" (0-7) which are omitted + /// from the final octet. This number is 0 if the value is octet-aligned. + pub fn new(unused_bits: u8, bytes: &'a [u8]) -> Result { + if (unused_bits > Self::MAX_UNUSED_BITS) || (unused_bits != 0 && bytes.is_empty()) { + return Err(Self::TAG.value_error()); + } + + let inner = BytesRef::new(bytes).map_err(|_| Self::TAG.length_error())?; + + let bit_length = usize::try_from(inner.len())? + .checked_mul(8) + .and_then(|n| n.checked_sub(usize::from(unused_bits))) + .ok_or(ErrorKind::Overflow)?; + + Ok(Self { + unused_bits, + bit_length, + inner, + }) + } + + /// Create a new ASN.1 `BIT STRING` from the given bytes. + /// + /// The "unused bits" are set to 0. + pub fn from_bytes(bytes: &'a [u8]) -> Result { + Self::new(0, bytes) + } + + /// Get the number of unused bits in this byte slice. + pub fn unused_bits(&self) -> u8 { + self.unused_bits + } + + /// Is the number of unused bits a value other than 0? + pub fn has_unused_bits(&self) -> bool { + self.unused_bits != 0 + } + + /// Get the length of this `BIT STRING` in bits. + pub fn bit_len(&self) -> usize { + self.bit_length + } + + /// Get the number of bytes/octets needed to represent this `BIT STRING` + /// when serialized in an octet-aligned manner. + pub fn byte_len(&self) -> Length { + self.inner.len() + } + + /// Is the inner byte slice empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } + + /// Borrow the inner byte slice. + /// + /// Returns `None` if the number of unused bits is *not* equal to zero, + /// i.e. if the `BIT STRING` is not octet aligned. + /// + /// Use [`BitString::raw_bytes`] to obtain access to the raw value + /// regardless of the presence of unused bits. + pub fn as_bytes(&self) -> Option<&'a [u8]> { + if self.has_unused_bits() { + None + } else { + Some(self.raw_bytes()) + } + } + + /// Borrow the raw bytes of this `BIT STRING`. + /// + /// Note that the byte string may contain extra unused bits in the final + /// octet. If the number of unused bits is expected to be 0, the + /// [`BitStringRef::as_bytes`] function can be used instead. + pub fn raw_bytes(&self) -> &'a [u8] { + self.inner.as_slice() + } + + /// Iterator over the bits of this `BIT STRING`. + pub fn bits(self) -> BitStringIter<'a> { + BitStringIter { + bit_string: self, + position: 0, + } + } +} + +impl_any_conversions!(BitStringRef<'a>, 'a); + +impl<'a> DecodeValue<'a> for BitStringRef<'a> { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let header = Header { + tag: header.tag, + length: (header.length - Length::ONE)?, + }; + + let unused_bits = reader.read_byte()?; + let inner = BytesRef::decode_value(reader, header)?; + Self::new(unused_bits, inner.as_slice()) + } +} + +impl EncodeValue for BitStringRef<'_> { + fn value_len(&self) -> Result { + self.byte_len() + Length::ONE + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write_byte(self.unused_bits)?; + writer.write(self.raw_bytes()) + } +} + +impl ValueOrd for BitStringRef<'_> { + fn value_cmp(&self, other: &Self) -> Result { + match self.unused_bits.cmp(&other.unused_bits) { + Ordering::Equal => self.inner.der_cmp(&other.inner), + ordering => Ok(ordering), + } + } +} + +impl<'a> From<&BitStringRef<'a>> for BitStringRef<'a> { + fn from(value: &BitStringRef<'a>) -> BitStringRef<'a> { + *value + } +} + +impl<'a> TryFrom<&'a [u8]> for BitStringRef<'a> { + type Error = Error; + + fn try_from(bytes: &'a [u8]) -> Result> { + BitStringRef::from_bytes(bytes) + } +} + +/// Hack for simplifying the custom derive use case. +impl<'a> TryFrom<&&'a [u8]> for BitStringRef<'a> { + type Error = Error; + + fn try_from(bytes: &&'a [u8]) -> Result> { + BitStringRef::from_bytes(bytes) + } +} + +impl<'a> TryFrom> for &'a [u8] { + type Error = Error; + + fn try_from(bit_string: BitStringRef<'a>) -> Result<&'a [u8]> { + bit_string + .as_bytes() + .ok_or_else(|| Tag::BitString.value_error()) + } +} + +impl<'a> FixedTag for BitStringRef<'a> { + const TAG: Tag = Tag::BitString; +} + +// Implement by hand because the derive would create invalid values. +// Use the constructor to create a valid value. +#[cfg(feature = "arbitrary")] +impl<'a> arbitrary::Arbitrary<'a> for BitStringRef<'a> { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + Self::new( + u.int_in_range(0..=Self::MAX_UNUSED_BITS)?, + BytesRef::arbitrary(u)?.as_slice(), + ) + .map_err(|_| arbitrary::Error::IncorrectFormat) + } + + fn size_hint(depth: usize) -> (usize, Option) { + arbitrary::size_hint::and(u8::size_hint(depth), BytesRef::size_hint(depth)) + } +} + +#[cfg(feature = "alloc")] +pub use self::allocating::BitString; + +#[cfg(feature = "alloc")] +mod allocating { + use super::*; + use crate::referenced::*; + use alloc::vec::Vec; + + /// Owned form of ASN.1 `BIT STRING` type. + /// + /// This type provides the same functionality as [`BitStringRef`] but owns the + /// backing data. + #[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] + pub struct BitString { + /// Number of unused bits in the final octet. + unused_bits: u8, + + /// Length of this `BIT STRING` in bits. + bit_length: usize, + + /// Bitstring represented as a slice of bytes. + inner: Vec, + } + + impl BitString { + /// Maximum number of unused bits allowed. + pub const MAX_UNUSED_BITS: u8 = 7; + + /// Create a new ASN.1 `BIT STRING` from a byte slice. + /// + /// Accepts an optional number of "unused bits" (0-7) which are omitted + /// from the final octet. This number is 0 if the value is octet-aligned. + pub fn new(unused_bits: u8, bytes: impl Into>) -> Result { + let inner = bytes.into(); + + // Ensure parameters parse successfully as a `BitStringRef`. + let bit_length = BitStringRef::new(unused_bits, &inner)?.bit_length; + + Ok(BitString { + unused_bits, + bit_length, + inner, + }) + } + + /// Create a new ASN.1 `BIT STRING` from the given bytes. + /// + /// The "unused bits" are set to 0. + pub fn from_bytes(bytes: &[u8]) -> Result { + Self::new(0, bytes) + } + + /// Get the number of unused bits in the octet serialization of this + /// `BIT STRING`. + pub fn unused_bits(&self) -> u8 { + self.unused_bits + } + + /// Is the number of unused bits a value other than 0? + pub fn has_unused_bits(&self) -> bool { + self.unused_bits != 0 + } + + /// Get the length of this `BIT STRING` in bits. + pub fn bit_len(&self) -> usize { + self.bit_length + } + + /// Is the inner byte slice empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } + + /// Borrow the inner byte slice. + /// + /// Returns `None` if the number of unused bits is *not* equal to zero, + /// i.e. if the `BIT STRING` is not octet aligned. + /// + /// Use [`BitString::raw_bytes`] to obtain access to the raw value + /// regardless of the presence of unused bits. + pub fn as_bytes(&self) -> Option<&[u8]> { + if self.has_unused_bits() { + None + } else { + Some(self.raw_bytes()) + } + } + + /// Borrow the raw bytes of this `BIT STRING`. + pub fn raw_bytes(&self) -> &[u8] { + self.inner.as_slice() + } + + /// Iterator over the bits of this `BIT STRING`. + pub fn bits(&self) -> BitStringIter<'_> { + BitStringRef::from(self).bits() + } + } + + impl_any_conversions!(BitString); + + impl<'a> DecodeValue<'a> for BitString { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let inner_len = (header.length - Length::ONE)?; + let unused_bits = reader.read_byte()?; + let inner = reader.read_vec(inner_len)?; + Self::new(unused_bits, inner) + } + } + + impl EncodeValue for BitString { + fn value_len(&self) -> Result { + Length::ONE + Length::try_from(self.inner.len())? + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write_byte(self.unused_bits)?; + writer.write(&self.inner) + } + } + + impl FixedTag for BitString { + const TAG: Tag = Tag::BitString; + } + + impl<'a> From<&'a BitString> for BitStringRef<'a> { + fn from(bit_string: &'a BitString) -> BitStringRef<'a> { + // Ensured to parse successfully in constructor + BitStringRef::new(bit_string.unused_bits, &bit_string.inner) + .expect("invalid BIT STRING") + } + } + + impl ValueOrd for BitString { + fn value_cmp(&self, other: &Self) -> Result { + match self.unused_bits.cmp(&other.unused_bits) { + Ordering::Equal => self.inner.der_cmp(&other.inner), + ordering => Ok(ordering), + } + } + } + + // Implement by hand because the derive would create invalid values. + // Use the constructor to create a valid value. + #[cfg(feature = "arbitrary")] + impl<'a> arbitrary::Arbitrary<'a> for BitString { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + Self::new( + u.int_in_range(0..=Self::MAX_UNUSED_BITS)?, + BytesRef::arbitrary(u)?.as_slice(), + ) + .map_err(|_| arbitrary::Error::IncorrectFormat) + } + + fn size_hint(depth: usize) -> (usize, Option) { + arbitrary::size_hint::and(u8::size_hint(depth), BytesRef::size_hint(depth)) + } + } + + impl<'a> RefToOwned<'a> for BitStringRef<'a> { + type Owned = BitString; + fn ref_to_owned(&self) -> Self::Owned { + BitString { + unused_bits: self.unused_bits, + bit_length: self.bit_length, + inner: Vec::from(self.inner.as_slice()), + } + } + } + + impl OwnedToRef for BitString { + type Borrowed<'a> = BitStringRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + self.into() + } + } +} + +/// Iterator over the bits of a [`BitString`]. +pub struct BitStringIter<'a> { + /// [`BitString`] being iterated over. + bit_string: BitStringRef<'a>, + + /// Current bit position within the iterator. + position: usize, +} + +impl<'a> Iterator for BitStringIter<'a> { + type Item = bool; + + #[allow(clippy::integer_arithmetic)] + fn next(&mut self) -> Option { + if self.position >= self.bit_string.bit_len() { + return None; + } + + let byte = self.bit_string.raw_bytes().get(self.position / 8)?; + let bit = 1u8 << (7 - (self.position % 8)); + self.position = self.position.checked_add(1)?; + Some(byte & bit != 0) + } +} + +impl<'a> ExactSizeIterator for BitStringIter<'a> { + fn len(&self) -> usize { + self.bit_string.bit_len() + } +} + +impl<'a> FusedIterator for BitStringIter<'a> {} + +#[cfg(feature = "flagset")] +impl FixedTag for flagset::FlagSet { + const TAG: Tag = BitStringRef::TAG; +} + +#[cfg(feature = "flagset")] +impl ValueOrd for flagset::FlagSet +where + T: flagset::Flags, + T::Type: Ord, +{ + fn value_cmp(&self, other: &Self) -> Result { + Ok(self.bits().cmp(&other.bits())) + } +} + +#[cfg(feature = "flagset")] +#[allow(clippy::integer_arithmetic)] +impl<'a, T> DecodeValue<'a> for flagset::FlagSet +where + T: flagset::Flags, + T::Type: From, + T::Type: core::ops::Shl, +{ + fn decode_value>(reader: &mut R, header: Header) -> Result { + let position = reader.position(); + let bits = BitStringRef::decode_value(reader, header)?; + + let mut flags = T::none().bits(); + + if bits.bit_len() > core::mem::size_of_val(&flags) * 8 { + return Err(Error::new(ErrorKind::Overlength, position)); + } + + for (i, bit) in bits.bits().enumerate() { + flags |= T::Type::from(bit) << i; + } + + Ok(Self::new_truncated(flags)) + } +} + +#[cfg(feature = "flagset")] +#[allow(clippy::integer_arithmetic)] +#[inline(always)] +fn encode_flagset(set: &flagset::FlagSet) -> (usize, [u8; 16]) +where + T: flagset::Flags, + u128: From, +{ + let bits: u128 = set.bits().into(); + let mut swap = 0u128; + + for i in 0..128 { + let on = bits & (1 << i); + swap |= on >> i << (128 - i - 1); + } + + (bits.leading_zeros() as usize, swap.to_be_bytes()) +} + +#[cfg(feature = "flagset")] +#[allow(clippy::cast_possible_truncation, clippy::integer_arithmetic)] +impl EncodeValue for flagset::FlagSet +where + T::Type: From, + T::Type: core::ops::Shl, + u128: From, +{ + fn value_len(&self) -> Result { + let (lead, buff) = encode_flagset(self); + let buff = &buff[..buff.len() - lead / 8]; + BitStringRef::new((lead % 8) as u8, buff)?.value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + let (lead, buff) = encode_flagset(self); + let buff = &buff[..buff.len() - lead / 8]; + BitStringRef::new((lead % 8) as u8, buff)?.encode_value(writer) + } +} + +#[cfg(test)] +mod tests { + use super::{BitStringRef, Result, Tag}; + use crate::asn1::AnyRef; + use hex_literal::hex; + + /// Parse a `BitString` from an ASN.1 `Any` value to test decoding behaviors. + fn parse_bitstring(bytes: &[u8]) -> Result> { + AnyRef::new(Tag::BitString, bytes)?.try_into() + } + + #[test] + fn decode_empty_bitstring() { + let bs = parse_bitstring(&hex!("00")).unwrap(); + assert_eq!(bs.as_bytes().unwrap(), &[]); + } + + #[test] + fn decode_non_empty_bitstring() { + let bs = parse_bitstring(&hex!("00010203")).unwrap(); + assert_eq!(bs.as_bytes().unwrap(), &[0x01, 0x02, 0x03]); + } + + #[test] + fn decode_bitstring_with_unused_bits() { + let bs = parse_bitstring(&hex!("066e5dc0")).unwrap(); + assert_eq!(bs.unused_bits(), 6); + assert_eq!(bs.raw_bytes(), &hex!("6e5dc0")); + + // Expected: 011011100101110111 + let mut bits = bs.bits(); + assert_eq!(bits.len(), 18); + + for bit in [0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1] { + assert_eq!(u8::from(bits.next().unwrap()), bit) + } + + // Ensure `None` is returned on successive calls + assert_eq!(bits.next(), None); + assert_eq!(bits.next(), None); + } + + #[test] + fn reject_unused_bits_in_empty_string() { + assert_eq!( + parse_bitstring(&[0x03]).err().unwrap().kind(), + Tag::BitString.value_error().kind() + ) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/bmp_string.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/bmp_string.rs new file mode 100644 index 000000000000..b4135d518bba --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/bmp_string.rs @@ -0,0 +1,164 @@ +//! ASN.1 `BMPString` support. + +use crate::{ + BytesOwned, DecodeValue, EncodeValue, Error, FixedTag, Header, Length, Reader, Result, Tag, + Writer, +}; +use alloc::{boxed::Box, vec::Vec}; +use core::{fmt, str::FromStr}; + +/// ASN.1 `BMPString` type. +/// +/// Encodes Basic Multilingual Plane (BMP) subset of Unicode (ISO 10646), +/// a.k.a. UCS-2. +#[derive(Clone, Eq, PartialEq, PartialOrd, Ord)] +pub struct BmpString { + bytes: BytesOwned, +} + +impl BmpString { + /// Create a new [`BmpString`] from its UCS-2 encoding. + pub fn from_ucs2(bytes: impl Into>) -> Result { + let bytes = bytes.into(); + + if bytes.len() % 2 != 0 { + return Err(Tag::BmpString.length_error()); + } + + let ret = Self { + bytes: bytes.try_into()?, + }; + + for maybe_char in char::decode_utf16(ret.codepoints()) { + match maybe_char { + // All surrogates paired and character is in the Basic Multilingual Plane + Ok(c) if (c as u64) < u64::from(u16::MAX) => (), + // Unpaired surrogates or characters outside Basic Multilingual Plane + _ => return Err(Tag::BmpString.value_error()), + } + } + + Ok(ret) + } + + /// Create a new [`BmpString`] from a UTF-8 string. + pub fn from_utf8(utf8: &str) -> Result { + let capacity = utf8 + .len() + .checked_mul(2) + .ok_or_else(|| Tag::BmpString.length_error())?; + + let mut bytes = Vec::with_capacity(capacity); + + for code_point in utf8.encode_utf16() { + bytes.extend(code_point.to_be_bytes()); + } + + Self::from_ucs2(bytes) + } + + /// Borrow the encoded UCS-2 as bytes. + pub fn as_bytes(&self) -> &[u8] { + self.bytes.as_ref() + } + + /// Obtain the inner bytes. + #[inline] + pub fn into_bytes(self) -> Box<[u8]> { + self.bytes.into() + } + + /// Get an iterator over characters in the string. + pub fn chars(&self) -> impl Iterator + '_ { + char::decode_utf16(self.codepoints()) + .map(|maybe_char| maybe_char.expect("unpaired surrogates checked in constructor")) + } + + /// Get an iterator over the `u16` codepoints. + pub fn codepoints(&self) -> impl Iterator + '_ { + // TODO(tarcieri): use `array_chunks` + self.as_bytes() + .chunks_exact(2) + .map(|chunk| u16::from_be_bytes([chunk[0], chunk[1]])) + } +} + +impl AsRef<[u8]> for BmpString { + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } +} + +impl<'a> DecodeValue<'a> for BmpString { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Self::from_ucs2(reader.read_vec(header.length)?) + } +} + +impl EncodeValue for BmpString { + fn value_len(&self) -> Result { + Ok(self.bytes.len()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_bytes()) + } +} + +impl FixedTag for BmpString { + const TAG: Tag = Tag::BmpString; +} + +impl FromStr for BmpString { + type Err = Error; + + fn from_str(s: &str) -> Result { + Self::from_utf8(s) + } +} + +impl fmt::Debug for BmpString { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "BmpString(\"{}\")", self) + } +} + +impl fmt::Display for BmpString { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + for c in self.chars() { + write!(f, "{}", c)?; + } + Ok(()) + } +} + +#[cfg(test)] +mod tests { + use super::BmpString; + use crate::{Decode, Encode}; + use alloc::string::ToString; + use hex_literal::hex; + + const EXAMPLE_BYTES: &[u8] = &hex!( + "1e 26 00 43 00 65 00 72 00 74" + " 00 69 00 66 00 69 00 63" + " 00 61 00 74 00 65 00 54" + " 00 65 00 6d 00 70 00 6c" + " 00 61 00 74 00 65" + ); + + const EXAMPLE_UTF8: &str = "CertificateTemplate"; + + #[test] + fn decode() { + let bmp_string = BmpString::from_der(EXAMPLE_BYTES).unwrap(); + assert_eq!(bmp_string.to_string(), EXAMPLE_UTF8); + } + + #[test] + fn encode() { + let bmp_string = BmpString::from_utf8(EXAMPLE_UTF8).unwrap(); + let encoded = bmp_string.to_der().unwrap(); + assert_eq!(encoded, EXAMPLE_BYTES); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/boolean.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/boolean.rs new file mode 100644 index 000000000000..3eb0f2e68101 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/boolean.rs @@ -0,0 +1,82 @@ +//! ASN.1 `BOOLEAN` support. + +use crate::{ + asn1::AnyRef, ord::OrdIsValueOrd, DecodeValue, EncodeValue, Error, ErrorKind, FixedTag, Header, + Length, Reader, Result, Tag, Writer, +}; + +/// Byte used to encode `true` in ASN.1 DER. From X.690 Section 11.1: +/// +/// > If the encoding represents the boolean value TRUE, its single contents +/// > octet shall have all eight bits set to one. +const TRUE_OCTET: u8 = 0b11111111; + +/// Byte used to encode `false` in ASN.1 DER. +const FALSE_OCTET: u8 = 0b00000000; + +impl<'a> DecodeValue<'a> for bool { + fn decode_value>(reader: &mut R, header: Header) -> Result { + if header.length != Length::ONE { + return Err(reader.error(ErrorKind::Length { tag: Self::TAG })); + } + + match reader.read_byte()? { + FALSE_OCTET => Ok(false), + TRUE_OCTET => Ok(true), + _ => Err(Self::TAG.non_canonical_error()), + } + } +} + +impl EncodeValue for bool { + fn value_len(&self) -> Result { + Ok(Length::ONE) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write_byte(if *self { TRUE_OCTET } else { FALSE_OCTET }) + } +} + +impl FixedTag for bool { + const TAG: Tag = Tag::Boolean; +} + +impl OrdIsValueOrd for bool {} + +impl TryFrom> for bool { + type Error = Error; + + fn try_from(any: AnyRef<'_>) -> Result { + any.try_into() + } +} + +#[cfg(test)] +mod tests { + use crate::{Decode, Encode}; + + #[test] + fn decode() { + assert_eq!(true, bool::from_der(&[0x01, 0x01, 0xFF]).unwrap()); + assert_eq!(false, bool::from_der(&[0x01, 0x01, 0x00]).unwrap()); + } + + #[test] + fn encode() { + let mut buffer = [0u8; 3]; + assert_eq!( + &[0x01, 0x01, 0xFF], + true.encode_to_slice(&mut buffer).unwrap() + ); + assert_eq!( + &[0x01, 0x01, 0x00], + false.encode_to_slice(&mut buffer).unwrap() + ); + } + + #[test] + fn reject_non_canonical() { + assert!(bool::from_der(&[0x01, 0x01, 0x01]).is_err()); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/choice.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/choice.rs new file mode 100644 index 000000000000..40c7720ca02a --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/choice.rs @@ -0,0 +1,26 @@ +//! ASN.1 `CHOICE` support. + +use crate::{Decode, FixedTag, Tag, Tagged}; + +/// ASN.1 `CHOICE` denotes a union of one or more possible alternatives. +/// +/// The types MUST have distinct tags. +/// +/// This crate models choice as a trait, with a blanket impl for all types +/// which impl `Decode + FixedTag` (i.e. they are modeled as a `CHOICE` +/// with only one possible variant) +pub trait Choice<'a>: Decode<'a> + Tagged { + /// Is the provided [`Tag`] decodable as a variant of this `CHOICE`? + fn can_decode(tag: Tag) -> bool; +} + +/// This blanket impl allows any [`Tagged`] type to function as a [`Choice`] +/// with a single alternative. +impl<'a, T> Choice<'a> for T +where + T: Decode<'a> + FixedTag, +{ + fn can_decode(tag: Tag) -> bool { + T::TAG == tag + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/context_specific.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/context_specific.rs new file mode 100644 index 000000000000..101ddf0225f3 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/context_specific.rs @@ -0,0 +1,354 @@ +//! Context-specific field. + +use crate::{ + asn1::AnyRef, Choice, Decode, DecodeValue, DerOrd, Encode, EncodeValue, EncodeValueRef, Error, + Header, Length, Reader, Result, Tag, TagMode, TagNumber, Tagged, ValueOrd, Writer, +}; +use core::cmp::Ordering; + +/// Context-specific field which wraps an owned inner value. +/// +/// This type decodes/encodes a field which is specific to a particular context +/// and is identified by a [`TagNumber`]. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct ContextSpecific { + /// Context-specific tag number sans the leading `0b10000000` class + /// identifier bit and `0b100000` constructed flag. + pub tag_number: TagNumber, + + /// Tag mode: `EXPLICIT` VS `IMPLICIT`. + pub tag_mode: TagMode, + + /// Value of the field. + pub value: T, +} + +impl ContextSpecific { + /// Attempt to decode an `EXPLICIT` ASN.1 `CONTEXT-SPECIFIC` field with the + /// provided [`TagNumber`]. + /// + /// This method has the following behavior which is designed to simplify + /// handling of extension fields, which are denoted in an ASN.1 schema + /// using the `...` ellipsis extension marker: + /// + /// - Skips over [`ContextSpecific`] fields with a tag number lower than + /// the current one, consuming and ignoring them. + /// - Returns `Ok(None)` if a [`ContextSpecific`] field with a higher tag + /// number is encountered. These fields are not consumed in this case, + /// allowing a field with a lower tag number to be omitted, then the + /// higher numbered field consumed as a follow-up. + /// - Returns `Ok(None)` if anything other than a [`ContextSpecific`] field + /// is encountered. + pub fn decode_explicit<'a, R: Reader<'a>>( + reader: &mut R, + tag_number: TagNumber, + ) -> Result> + where + T: Decode<'a>, + { + Self::decode_with(reader, tag_number, |reader| Self::decode(reader)) + } + + /// Attempt to decode an `IMPLICIT` ASN.1 `CONTEXT-SPECIFIC` field with the + /// provided [`TagNumber`]. + /// + /// This method otherwise behaves the same as `decode_explicit`, + /// but should be used in cases where the particular fields are `IMPLICIT` + /// as opposed to `EXPLICIT`. + pub fn decode_implicit<'a, R: Reader<'a>>( + reader: &mut R, + tag_number: TagNumber, + ) -> Result> + where + T: DecodeValue<'a> + Tagged, + { + Self::decode_with(reader, tag_number, |reader| { + let header = Header::decode(reader)?; + let value = T::decode_value(reader, header)?; + + if header.tag.is_constructed() != value.tag().is_constructed() { + return Err(header.tag.non_canonical_error()); + } + + Ok(Self { + tag_number, + tag_mode: TagMode::Implicit, + value, + }) + }) + } + + /// Attempt to decode a context-specific field with the given + /// helper callback. + fn decode_with<'a, F, R: Reader<'a>>( + reader: &mut R, + tag_number: TagNumber, + f: F, + ) -> Result> + where + F: FnOnce(&mut R) -> Result, + { + while let Some(octet) = reader.peek_byte() { + let tag = Tag::try_from(octet)?; + + if !tag.is_context_specific() || (tag.number() > tag_number) { + break; + } else if tag.number() == tag_number { + return Some(f(reader)).transpose(); + } else { + AnyRef::decode(reader)?; + } + } + + Ok(None) + } +} + +impl<'a, T> Choice<'a> for ContextSpecific +where + T: Decode<'a> + Tagged, +{ + fn can_decode(tag: Tag) -> bool { + tag.is_context_specific() + } +} + +impl<'a, T> Decode<'a> for ContextSpecific +where + T: Decode<'a>, +{ + fn decode>(reader: &mut R) -> Result { + let header = Header::decode(reader)?; + + match header.tag { + Tag::ContextSpecific { + number, + constructed: true, + } => Ok(Self { + tag_number: number, + tag_mode: TagMode::default(), + value: reader.read_nested(header.length, |reader| T::decode(reader))?, + }), + tag => Err(tag.unexpected_error(None)), + } + } +} + +impl EncodeValue for ContextSpecific +where + T: EncodeValue + Tagged, +{ + fn value_len(&self) -> Result { + match self.tag_mode { + TagMode::Explicit => self.value.encoded_len(), + TagMode::Implicit => self.value.value_len(), + } + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + match self.tag_mode { + TagMode::Explicit => self.value.encode(writer), + TagMode::Implicit => self.value.encode_value(writer), + } + } +} + +impl Tagged for ContextSpecific +where + T: Tagged, +{ + fn tag(&self) -> Tag { + let constructed = match self.tag_mode { + TagMode::Explicit => true, + TagMode::Implicit => self.value.tag().is_constructed(), + }; + + Tag::ContextSpecific { + number: self.tag_number, + constructed, + } + } +} + +impl<'a, T> TryFrom> for ContextSpecific +where + T: Decode<'a>, +{ + type Error = Error; + + fn try_from(any: AnyRef<'a>) -> Result> { + match any.tag() { + Tag::ContextSpecific { + number, + constructed: true, + } => Ok(Self { + tag_number: number, + tag_mode: TagMode::default(), + value: T::from_der(any.value())?, + }), + tag => Err(tag.unexpected_error(None)), + } + } +} + +impl ValueOrd for ContextSpecific +where + T: EncodeValue + ValueOrd + Tagged, +{ + fn value_cmp(&self, other: &Self) -> Result { + match self.tag_mode { + TagMode::Explicit => self.der_cmp(other), + TagMode::Implicit => self.value_cmp(other), + } + } +} + +/// Context-specific field reference. +/// +/// This type encodes a field which is specific to a particular context +/// and is identified by a [`TagNumber`]. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct ContextSpecificRef<'a, T> { + /// Context-specific tag number sans the leading `0b10000000` class + /// identifier bit and `0b100000` constructed flag. + pub tag_number: TagNumber, + + /// Tag mode: `EXPLICIT` VS `IMPLICIT`. + pub tag_mode: TagMode, + + /// Value of the field. + pub value: &'a T, +} + +impl<'a, T> ContextSpecificRef<'a, T> { + /// Convert to a [`ContextSpecific`]. + fn encoder(&self) -> ContextSpecific> { + ContextSpecific { + tag_number: self.tag_number, + tag_mode: self.tag_mode, + value: EncodeValueRef(self.value), + } + } +} + +impl<'a, T> EncodeValue for ContextSpecificRef<'a, T> +where + T: EncodeValue + Tagged, +{ + fn value_len(&self) -> Result { + self.encoder().value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + self.encoder().encode_value(writer) + } +} + +impl<'a, T> Tagged for ContextSpecificRef<'a, T> +where + T: Tagged, +{ + fn tag(&self) -> Tag { + self.encoder().tag() + } +} + +#[cfg(test)] +mod tests { + use super::ContextSpecific; + use crate::{asn1::BitStringRef, Decode, Encode, SliceReader, TagMode, TagNumber}; + use hex_literal::hex; + + // Public key data from `pkcs8` crate's `ed25519-pkcs8-v2.der` + const EXAMPLE_BYTES: &[u8] = + &hex!("A123032100A3A7EAE3A8373830BC47E1167BC50E1DB551999651E0E2DC587623438EAC3F31"); + + #[test] + fn round_trip() { + let field = ContextSpecific::>::from_der(EXAMPLE_BYTES).unwrap(); + assert_eq!(field.tag_number.value(), 1); + assert_eq!( + field.value, + BitStringRef::from_bytes(&EXAMPLE_BYTES[5..]).unwrap() + ); + + let mut buf = [0u8; 128]; + let encoded = field.encode_to_slice(&mut buf).unwrap(); + assert_eq!(encoded, EXAMPLE_BYTES); + } + + #[test] + fn context_specific_with_explicit_field() { + let tag_number = TagNumber::new(0); + + // Empty message + let mut reader = SliceReader::new(&[]).unwrap(); + assert_eq!( + ContextSpecific::::decode_explicit(&mut reader, tag_number).unwrap(), + None + ); + + // Message containing a non-context-specific type + let mut reader = SliceReader::new(&hex!("020100")).unwrap(); + assert_eq!( + ContextSpecific::::decode_explicit(&mut reader, tag_number).unwrap(), + None + ); + + // Message containing an EXPLICIT context-specific field + let mut reader = SliceReader::new(&hex!("A003020100")).unwrap(); + let field = ContextSpecific::::decode_explicit(&mut reader, tag_number) + .unwrap() + .unwrap(); + + assert_eq!(field.tag_number, tag_number); + assert_eq!(field.tag_mode, TagMode::Explicit); + assert_eq!(field.value, 0); + } + + #[test] + fn context_specific_with_implicit_field() { + // From RFC8410 Section 10.3: + // + // + // 81 33: [1] 00 19 BF 44 09 69 84 CD FE 85 41 BA C1 67 DC 3B + // 96 C8 50 86 AA 30 B6 B6 CB 0C 5C 38 AD 70 31 66 + // E1 + let context_specific_implicit_bytes = + hex!("81210019BF44096984CDFE8541BAC167DC3B96C85086AA30B6B6CB0C5C38AD703166E1"); + + let tag_number = TagNumber::new(1); + + let mut reader = SliceReader::new(&context_specific_implicit_bytes).unwrap(); + let field = ContextSpecific::>::decode_implicit(&mut reader, tag_number) + .unwrap() + .unwrap(); + + assert_eq!(field.tag_number, tag_number); + assert_eq!(field.tag_mode, TagMode::Implicit); + assert_eq!( + field.value.as_bytes().unwrap(), + &context_specific_implicit_bytes[3..] + ); + } + + #[test] + fn context_specific_skipping_unknown_field() { + let tag = TagNumber::new(1); + let mut reader = SliceReader::new(&hex!("A003020100A103020101")).unwrap(); + let field = ContextSpecific::::decode_explicit(&mut reader, tag) + .unwrap() + .unwrap(); + assert_eq!(field.value, 1); + } + + #[test] + fn context_specific_returns_none_on_greater_tag_number() { + let tag = TagNumber::new(0); + let mut reader = SliceReader::new(&hex!("A103020101")).unwrap(); + assert_eq!( + ContextSpecific::::decode_explicit(&mut reader, tag).unwrap(), + None + ); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/generalized_time.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/generalized_time.rs new file mode 100644 index 000000000000..8837917c38c5 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/generalized_time.rs @@ -0,0 +1,327 @@ +//! ASN.1 `GeneralizedTime` support. +#![cfg_attr(feature = "arbitrary", allow(clippy::integer_arithmetic))] + +use crate::{ + datetime::{self, DateTime}, + ord::OrdIsValueOrd, + DecodeValue, EncodeValue, ErrorKind, FixedTag, Header, Length, Reader, Result, Tag, Writer, +}; +use core::time::Duration; + +#[cfg(feature = "std")] +use { + crate::{asn1::AnyRef, Error}, + std::time::SystemTime, +}; + +#[cfg(feature = "time")] +use time::PrimitiveDateTime; + +/// ASN.1 `GeneralizedTime` type. +/// +/// This type implements the validity requirements specified in +/// [RFC 5280 Section 4.1.2.5.2][1], namely: +/// +/// > For the purposes of this profile, GeneralizedTime values MUST be +/// > expressed in Greenwich Mean Time (Zulu) and MUST include seconds +/// > (i.e., times are `YYYYMMDDHHMMSSZ`), even where the number of seconds +/// > is zero. GeneralizedTime values MUST NOT include fractional seconds. +/// +/// [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5.2 +#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))] +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct GeneralizedTime(DateTime); + +impl GeneralizedTime { + /// Length of an RFC 5280-flavored ASN.1 DER-encoded [`GeneralizedTime`]. + const LENGTH: usize = 15; + + /// Create a [`GeneralizedTime`] from a [`DateTime`]. + pub const fn from_date_time(datetime: DateTime) -> Self { + Self(datetime) + } + + /// Convert this [`GeneralizedTime`] into a [`DateTime`]. + pub fn to_date_time(&self) -> DateTime { + self.0 + } + + /// Create a new [`GeneralizedTime`] given a [`Duration`] since `UNIX_EPOCH` + /// (a.k.a. "Unix time") + pub fn from_unix_duration(unix_duration: Duration) -> Result { + DateTime::from_unix_duration(unix_duration) + .map(Into::into) + .map_err(|_| Self::TAG.value_error()) + } + + /// Get the duration of this timestamp since `UNIX_EPOCH`. + pub fn to_unix_duration(&self) -> Duration { + self.0.unix_duration() + } + + /// Instantiate from [`SystemTime`]. + #[cfg(feature = "std")] + pub fn from_system_time(time: SystemTime) -> Result { + DateTime::try_from(time) + .map(Into::into) + .map_err(|_| Self::TAG.value_error()) + } + + /// Convert to [`SystemTime`]. + #[cfg(feature = "std")] + pub fn to_system_time(&self) -> SystemTime { + self.0.to_system_time() + } +} + +impl_any_conversions!(GeneralizedTime); + +impl<'a> DecodeValue<'a> for GeneralizedTime { + fn decode_value>(reader: &mut R, header: Header) -> Result { + if Self::LENGTH != usize::try_from(header.length)? { + return Err(Self::TAG.value_error()); + } + + let mut bytes = [0u8; Self::LENGTH]; + reader.read_into(&mut bytes)?; + + match bytes { + // RFC 5280 requires mandatory seconds and Z-normalized time zone + [y1, y2, y3, y4, mon1, mon2, day1, day2, hour1, hour2, min1, min2, sec1, sec2, b'Z'] => { + let year = u16::from(datetime::decode_decimal(Self::TAG, y1, y2)?) + .checked_mul(100) + .and_then(|y| { + y.checked_add(datetime::decode_decimal(Self::TAG, y3, y4).ok()?.into()) + }) + .ok_or(ErrorKind::DateTime)?; + let month = datetime::decode_decimal(Self::TAG, mon1, mon2)?; + let day = datetime::decode_decimal(Self::TAG, day1, day2)?; + let hour = datetime::decode_decimal(Self::TAG, hour1, hour2)?; + let minute = datetime::decode_decimal(Self::TAG, min1, min2)?; + let second = datetime::decode_decimal(Self::TAG, sec1, sec2)?; + + DateTime::new(year, month, day, hour, minute, second) + .map_err(|_| Self::TAG.value_error()) + .and_then(|dt| Self::from_unix_duration(dt.unix_duration())) + } + _ => Err(Self::TAG.value_error()), + } + } +} + +impl EncodeValue for GeneralizedTime { + fn value_len(&self) -> Result { + Self::LENGTH.try_into() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + let year_hi = u8::try_from(self.0.year() / 100)?; + let year_lo = u8::try_from(self.0.year() % 100)?; + + datetime::encode_decimal(writer, Self::TAG, year_hi)?; + datetime::encode_decimal(writer, Self::TAG, year_lo)?; + datetime::encode_decimal(writer, Self::TAG, self.0.month())?; + datetime::encode_decimal(writer, Self::TAG, self.0.day())?; + datetime::encode_decimal(writer, Self::TAG, self.0.hour())?; + datetime::encode_decimal(writer, Self::TAG, self.0.minutes())?; + datetime::encode_decimal(writer, Self::TAG, self.0.seconds())?; + writer.write_byte(b'Z') + } +} + +impl FixedTag for GeneralizedTime { + const TAG: Tag = Tag::GeneralizedTime; +} + +impl OrdIsValueOrd for GeneralizedTime {} + +impl From<&GeneralizedTime> for GeneralizedTime { + fn from(value: &GeneralizedTime) -> GeneralizedTime { + *value + } +} + +impl From for DateTime { + fn from(utc_time: GeneralizedTime) -> DateTime { + utc_time.0 + } +} + +impl From<&GeneralizedTime> for DateTime { + fn from(utc_time: &GeneralizedTime) -> DateTime { + utc_time.0 + } +} + +impl From for GeneralizedTime { + fn from(datetime: DateTime) -> Self { + Self::from_date_time(datetime) + } +} + +impl From<&DateTime> for GeneralizedTime { + fn from(datetime: &DateTime) -> Self { + Self::from_date_time(*datetime) + } +} + +impl<'a> DecodeValue<'a> for DateTime { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Ok(GeneralizedTime::decode_value(reader, header)?.into()) + } +} + +impl EncodeValue for DateTime { + fn value_len(&self) -> Result { + GeneralizedTime::from(self).value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + GeneralizedTime::from(self).encode_value(writer) + } +} + +impl FixedTag for DateTime { + const TAG: Tag = Tag::GeneralizedTime; +} + +impl OrdIsValueOrd for DateTime {} + +#[cfg(feature = "std")] +impl<'a> DecodeValue<'a> for SystemTime { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Ok(GeneralizedTime::decode_value(reader, header)?.into()) + } +} + +#[cfg(feature = "std")] +impl EncodeValue for SystemTime { + fn value_len(&self) -> Result { + GeneralizedTime::try_from(self)?.value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + GeneralizedTime::try_from(self)?.encode_value(writer) + } +} + +#[cfg(feature = "std")] +impl From for SystemTime { + fn from(time: GeneralizedTime) -> SystemTime { + time.to_system_time() + } +} + +#[cfg(feature = "std")] +impl From<&GeneralizedTime> for SystemTime { + fn from(time: &GeneralizedTime) -> SystemTime { + time.to_system_time() + } +} + +#[cfg(feature = "std")] +impl TryFrom for GeneralizedTime { + type Error = Error; + + fn try_from(time: SystemTime) -> Result { + GeneralizedTime::from_system_time(time) + } +} + +#[cfg(feature = "std")] +impl TryFrom<&SystemTime> for GeneralizedTime { + type Error = Error; + + fn try_from(time: &SystemTime) -> Result { + GeneralizedTime::from_system_time(*time) + } +} + +#[cfg(feature = "std")] +impl<'a> TryFrom> for SystemTime { + type Error = Error; + + fn try_from(any: AnyRef<'a>) -> Result { + GeneralizedTime::try_from(any).map(|s| s.to_system_time()) + } +} + +#[cfg(feature = "std")] +impl FixedTag for SystemTime { + const TAG: Tag = Tag::GeneralizedTime; +} + +#[cfg(feature = "std")] +impl OrdIsValueOrd for SystemTime {} + +#[cfg(feature = "time")] +impl<'a> DecodeValue<'a> for PrimitiveDateTime { + fn decode_value>(reader: &mut R, header: Header) -> Result { + GeneralizedTime::decode_value(reader, header)?.try_into() + } +} + +#[cfg(feature = "time")] +impl EncodeValue for PrimitiveDateTime { + fn value_len(&self) -> Result { + GeneralizedTime::try_from(self)?.value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + GeneralizedTime::try_from(self)?.encode_value(writer) + } +} + +#[cfg(feature = "time")] +impl FixedTag for PrimitiveDateTime { + const TAG: Tag = Tag::GeneralizedTime; +} + +#[cfg(feature = "time")] +impl OrdIsValueOrd for PrimitiveDateTime {} + +#[cfg(feature = "time")] +impl TryFrom for GeneralizedTime { + type Error = Error; + + fn try_from(time: PrimitiveDateTime) -> Result { + Ok(GeneralizedTime::from_date_time(DateTime::try_from(time)?)) + } +} + +#[cfg(feature = "time")] +impl TryFrom<&PrimitiveDateTime> for GeneralizedTime { + type Error = Error; + + fn try_from(time: &PrimitiveDateTime) -> Result { + Self::try_from(*time) + } +} + +#[cfg(feature = "time")] +impl TryFrom for PrimitiveDateTime { + type Error = Error; + + fn try_from(time: GeneralizedTime) -> Result { + time.to_date_time().try_into() + } +} + +#[cfg(test)] +mod tests { + use super::GeneralizedTime; + use crate::{Decode, Encode, SliceWriter}; + use hex_literal::hex; + + #[test] + fn round_trip() { + let example_bytes = hex!("18 0f 31 39 39 31 30 35 30 36 32 33 34 35 34 30 5a"); + let utc_time = GeneralizedTime::from_der(&example_bytes).unwrap(); + assert_eq!(utc_time.to_unix_duration().as_secs(), 673573540); + + let mut buf = [0u8; 128]; + let mut encoder = SliceWriter::new(&mut buf); + utc_time.encode(&mut encoder).unwrap(); + assert_eq!(example_bytes, encoder.finish().unwrap()); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/ia5_string.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/ia5_string.rs new file mode 100644 index 000000000000..1b06dcef9dfc --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/ia5_string.rs @@ -0,0 +1,195 @@ +//! ASN.1 `IA5String` support. + +use crate::{asn1::AnyRef, FixedTag, Result, StrRef, Tag}; +use core::{fmt, ops::Deref}; + +macro_rules! impl_ia5_string { + ($type: ty) => { + impl_ia5_string!($type,); + }; + ($type: ty, $($li: lifetime)?) => { + impl_string_type!($type, $($li),*); + + impl<$($li),*> FixedTag for $type { + const TAG: Tag = Tag::Ia5String; + } + + impl<$($li),*> fmt::Debug for $type { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "Ia5String({:?})", self.as_str()) + } + } + }; +} + +/// ASN.1 `IA5String` type. +/// +/// Supports the [International Alphabet No. 5 (IA5)] character encoding, i.e. +/// the lower 128 characters of the ASCII alphabet. (Note: IA5 is now +/// technically known as the International Reference Alphabet or IRA as +/// specified in the ITU-T's T.50 recommendation). +/// +/// For UTF-8, use [`Utf8StringRef`][`crate::asn1::Utf8StringRef`]. +/// +/// This is a zero-copy reference type which borrows from the input data. +/// +/// [International Alphabet No. 5 (IA5)]: https://en.wikipedia.org/wiki/T.50_%28standard%29 +#[derive(Copy, Clone, Eq, PartialEq, PartialOrd, Ord)] +pub struct Ia5StringRef<'a> { + /// Inner value + inner: StrRef<'a>, +} + +impl<'a> Ia5StringRef<'a> { + /// Create a new `IA5String`. + pub fn new(input: &'a T) -> Result + where + T: AsRef<[u8]> + ?Sized, + { + let input = input.as_ref(); + + // Validate all characters are within IA5String's allowed set + if input.iter().any(|&c| c > 0x7F) { + return Err(Self::TAG.value_error()); + } + + StrRef::from_bytes(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } +} + +impl_ia5_string!(Ia5StringRef<'a>, 'a); + +impl<'a> Deref for Ia5StringRef<'a> { + type Target = StrRef<'a>; + + fn deref(&self) -> &Self::Target { + &self.inner + } +} + +impl<'a> From<&Ia5StringRef<'a>> for Ia5StringRef<'a> { + fn from(value: &Ia5StringRef<'a>) -> Ia5StringRef<'a> { + *value + } +} + +impl<'a> From> for AnyRef<'a> { + fn from(internationalized_string: Ia5StringRef<'a>) -> AnyRef<'a> { + AnyRef::from_tag_and_value(Tag::Ia5String, internationalized_string.inner.into()) + } +} + +#[cfg(feature = "alloc")] +pub use self::allocation::Ia5String; + +#[cfg(feature = "alloc")] +mod allocation { + use super::Ia5StringRef; + use crate::{ + asn1::AnyRef, + referenced::{OwnedToRef, RefToOwned}, + Error, FixedTag, Result, StrOwned, Tag, + }; + use alloc::string::String; + use core::{fmt, ops::Deref}; + + /// ASN.1 `IA5String` type. + /// + /// Supports the [International Alphabet No. 5 (IA5)] character encoding, i.e. + /// the lower 128 characters of the ASCII alphabet. (Note: IA5 is now + /// technically known as the International Reference Alphabet or IRA as + /// specified in the ITU-T's T.50 recommendation). + /// + /// For UTF-8, use [`String`][`alloc::string::String`]. + /// + /// [International Alphabet No. 5 (IA5)]: https://en.wikipedia.org/wiki/T.50_%28standard%29 + #[derive(Clone, Eq, PartialEq, PartialOrd, Ord)] + pub struct Ia5String { + /// Inner value + inner: StrOwned, + } + + impl Ia5String { + /// Create a new `IA5String`. + pub fn new(input: &T) -> Result + where + T: AsRef<[u8]> + ?Sized, + { + let input = input.as_ref(); + Ia5StringRef::new(input)?; + + StrOwned::from_bytes(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } + } + + impl_ia5_string!(Ia5String); + + impl Deref for Ia5String { + type Target = StrOwned; + + fn deref(&self) -> &Self::Target { + &self.inner + } + } + + impl<'a> From> for Ia5String { + fn from(international_string: Ia5StringRef<'a>) -> Ia5String { + let inner = international_string.inner.into(); + Self { inner } + } + } + + impl<'a> From<&'a Ia5String> for AnyRef<'a> { + fn from(international_string: &'a Ia5String) -> AnyRef<'a> { + AnyRef::from_tag_and_value(Tag::Ia5String, (&international_string.inner).into()) + } + } + + impl<'a> RefToOwned<'a> for Ia5StringRef<'a> { + type Owned = Ia5String; + fn ref_to_owned(&self) -> Self::Owned { + Ia5String { + inner: self.inner.ref_to_owned(), + } + } + } + + impl OwnedToRef for Ia5String { + type Borrowed<'a> = Ia5StringRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + Ia5StringRef { + inner: self.inner.owned_to_ref(), + } + } + } + + impl TryFrom for Ia5String { + type Error = Error; + + fn try_from(input: String) -> Result { + Ia5StringRef::new(&input)?; + + StrOwned::new(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } + } +} + +#[cfg(test)] +mod tests { + use super::Ia5StringRef; + use crate::Decode; + use hex_literal::hex; + + #[test] + fn parse_bytes() { + let example_bytes = hex!("16 0d 74 65 73 74 31 40 72 73 61 2e 63 6f 6d"); + let internationalized_string = Ia5StringRef::from_der(&example_bytes).unwrap(); + assert_eq!(internationalized_string.as_str(), "test1@rsa.com"); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer.rs new file mode 100644 index 000000000000..a6e913d66cf2 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer.rs @@ -0,0 +1,161 @@ +//! ASN.1 `INTEGER` support. + +pub(super) mod int; +pub(super) mod uint; + +use core::{cmp::Ordering, mem}; + +use crate::{EncodeValue, Result, SliceWriter}; + +/// Is the highest bit of the first byte in the slice set to `1`? (if present) +#[inline] +fn is_highest_bit_set(bytes: &[u8]) -> bool { + bytes + .first() + .map(|byte| byte & 0b10000000 != 0) + .unwrap_or(false) +} + +/// Compare two integer values +fn value_cmp(a: T, b: T) -> Result +where + T: Copy + EncodeValue + Sized, +{ + const MAX_INT_SIZE: usize = 16; + debug_assert!(mem::size_of::() <= MAX_INT_SIZE); + + let mut buf1 = [0u8; MAX_INT_SIZE]; + let mut encoder1 = SliceWriter::new(&mut buf1); + a.encode_value(&mut encoder1)?; + + let mut buf2 = [0u8; MAX_INT_SIZE]; + let mut encoder2 = SliceWriter::new(&mut buf2); + b.encode_value(&mut encoder2)?; + + Ok(encoder1.finish()?.cmp(encoder2.finish()?)) +} + +#[cfg(test)] +pub(crate) mod tests { + use crate::{Decode, Encode}; + + // Vectors from Section 5.7 of: + // https://luca.ntop.org/Teaching/Appunti/asn1.html + pub(crate) const I0_BYTES: &[u8] = &[0x02, 0x01, 0x00]; + pub(crate) const I127_BYTES: &[u8] = &[0x02, 0x01, 0x7F]; + pub(crate) const I128_BYTES: &[u8] = &[0x02, 0x02, 0x00, 0x80]; + pub(crate) const I256_BYTES: &[u8] = &[0x02, 0x02, 0x01, 0x00]; + pub(crate) const INEG128_BYTES: &[u8] = &[0x02, 0x01, 0x80]; + pub(crate) const INEG129_BYTES: &[u8] = &[0x02, 0x02, 0xFF, 0x7F]; + + // Additional vectors + pub(crate) const I255_BYTES: &[u8] = &[0x02, 0x02, 0x00, 0xFF]; + pub(crate) const I32767_BYTES: &[u8] = &[0x02, 0x02, 0x7F, 0xFF]; + pub(crate) const I65535_BYTES: &[u8] = &[0x02, 0x03, 0x00, 0xFF, 0xFF]; + pub(crate) const INEG32768_BYTES: &[u8] = &[0x02, 0x02, 0x80, 0x00]; + + #[test] + fn decode_i8() { + assert_eq!(0, i8::from_der(I0_BYTES).unwrap()); + assert_eq!(127, i8::from_der(I127_BYTES).unwrap()); + assert_eq!(-128, i8::from_der(INEG128_BYTES).unwrap()); + } + + #[test] + fn decode_i16() { + assert_eq!(0, i16::from_der(I0_BYTES).unwrap()); + assert_eq!(127, i16::from_der(I127_BYTES).unwrap()); + assert_eq!(128, i16::from_der(I128_BYTES).unwrap()); + assert_eq!(255, i16::from_der(I255_BYTES).unwrap()); + assert_eq!(256, i16::from_der(I256_BYTES).unwrap()); + assert_eq!(32767, i16::from_der(I32767_BYTES).unwrap()); + assert_eq!(-128, i16::from_der(INEG128_BYTES).unwrap()); + assert_eq!(-129, i16::from_der(INEG129_BYTES).unwrap()); + assert_eq!(-32768, i16::from_der(INEG32768_BYTES).unwrap()); + } + + #[test] + fn decode_u8() { + assert_eq!(0, u8::from_der(I0_BYTES).unwrap()); + assert_eq!(127, u8::from_der(I127_BYTES).unwrap()); + assert_eq!(255, u8::from_der(I255_BYTES).unwrap()); + } + + #[test] + fn decode_u16() { + assert_eq!(0, u16::from_der(I0_BYTES).unwrap()); + assert_eq!(127, u16::from_der(I127_BYTES).unwrap()); + assert_eq!(255, u16::from_der(I255_BYTES).unwrap()); + assert_eq!(256, u16::from_der(I256_BYTES).unwrap()); + assert_eq!(32767, u16::from_der(I32767_BYTES).unwrap()); + assert_eq!(65535, u16::from_der(I65535_BYTES).unwrap()); + } + + #[test] + fn encode_i8() { + let mut buffer = [0u8; 3]; + + assert_eq!(I0_BYTES, 0i8.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I127_BYTES, 127i8.encode_to_slice(&mut buffer).unwrap()); + + assert_eq!( + INEG128_BYTES, + (-128i8).encode_to_slice(&mut buffer).unwrap() + ); + } + + #[test] + fn encode_i16() { + let mut buffer = [0u8; 4]; + assert_eq!(I0_BYTES, 0i16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I127_BYTES, 127i16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I128_BYTES, 128i16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I255_BYTES, 255i16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I256_BYTES, 256i16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I32767_BYTES, 32767i16.encode_to_slice(&mut buffer).unwrap()); + + assert_eq!( + INEG128_BYTES, + (-128i16).encode_to_slice(&mut buffer).unwrap() + ); + + assert_eq!( + INEG129_BYTES, + (-129i16).encode_to_slice(&mut buffer).unwrap() + ); + + assert_eq!( + INEG32768_BYTES, + (-32768i16).encode_to_slice(&mut buffer).unwrap() + ); + } + + #[test] + fn encode_u8() { + let mut buffer = [0u8; 4]; + assert_eq!(I0_BYTES, 0u8.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I127_BYTES, 127u8.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I255_BYTES, 255u8.encode_to_slice(&mut buffer).unwrap()); + } + + #[test] + fn encode_u16() { + let mut buffer = [0u8; 5]; + assert_eq!(I0_BYTES, 0u16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I127_BYTES, 127u16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I128_BYTES, 128u16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I255_BYTES, 255u16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I256_BYTES, 256u16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I32767_BYTES, 32767u16.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(I65535_BYTES, 65535u16.encode_to_slice(&mut buffer).unwrap()); + } + + /// Integers must be encoded with a minimum number of octets + #[test] + fn reject_non_canonical() { + assert!(i8::from_der(&[0x02, 0x02, 0x00, 0x00]).is_err()); + assert!(i16::from_der(&[0x02, 0x02, 0x00, 0x00]).is_err()); + assert!(u8::from_der(&[0x02, 0x02, 0x00, 0x00]).is_err()); + assert!(u16::from_der(&[0x02, 0x02, 0x00, 0x00]).is_err()); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer/int.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer/int.rs new file mode 100644 index 000000000000..bccc5210c8fe --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer/int.rs @@ -0,0 +1,442 @@ +//! Support for encoding signed integers + +use super::{is_highest_bit_set, uint, value_cmp}; +use crate::{ + ord::OrdIsValueOrd, AnyRef, BytesRef, DecodeValue, EncodeValue, Error, ErrorKind, FixedTag, + Header, Length, Reader, Result, Tag, ValueOrd, Writer, +}; +use core::cmp::Ordering; + +#[cfg(feature = "alloc")] +pub use allocating::Int; + +macro_rules! impl_encoding_traits { + ($($int:ty => $uint:ty),+) => { + $( + impl<'a> DecodeValue<'a> for $int { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let mut buf = [0u8; Self::BITS as usize / 8]; + let max_length = u32::from(header.length) as usize; + + if max_length > buf.len() { + return Err(Self::TAG.non_canonical_error()); + } + + let bytes = reader.read_into(&mut buf[..max_length])?; + + let result = if is_highest_bit_set(bytes) { + <$uint>::from_be_bytes(decode_to_array(bytes)?) as $int + } else { + Self::from_be_bytes(uint::decode_to_array(bytes)?) + }; + + // Ensure we compute the same encoded length as the original any value + if header.length != result.value_len()? { + return Err(Self::TAG.non_canonical_error()); + } + + Ok(result) + } + } + + impl EncodeValue for $int { + fn value_len(&self) -> Result { + if *self < 0 { + negative_encoded_len(&(*self as $uint).to_be_bytes()) + } else { + uint::encoded_len(&self.to_be_bytes()) + } + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + if *self < 0 { + encode_bytes(writer, &(*self as $uint).to_be_bytes()) + } else { + uint::encode_bytes(writer, &self.to_be_bytes()) + } + } + } + + impl FixedTag for $int { + const TAG: Tag = Tag::Integer; + } + + impl ValueOrd for $int { + fn value_cmp(&self, other: &Self) -> Result { + value_cmp(*self, *other) + } + } + + impl TryFrom> for $int { + type Error = Error; + + fn try_from(any: AnyRef<'_>) -> Result { + any.decode_as() + } + } + )+ + }; +} + +impl_encoding_traits!(i8 => u8, i16 => u16, i32 => u32, i64 => u64, i128 => u128); + +/// Signed arbitrary precision ASN.1 `INTEGER` reference type. +/// +/// Provides direct access to the underlying big endian bytes which comprise +/// an signed integer value. +/// +/// Intended for use cases like very large integers that are used in +/// cryptographic applications (e.g. keys, signatures). +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct IntRef<'a> { + /// Inner value + inner: BytesRef<'a>, +} + +impl<'a> IntRef<'a> { + /// Create a new [`IntRef`] from a byte slice. + pub fn new(bytes: &'a [u8]) -> Result { + let inner = BytesRef::new(strip_leading_ones(bytes)) + .map_err(|_| ErrorKind::Length { tag: Self::TAG })?; + + Ok(Self { inner }) + } + + /// Borrow the inner byte slice which contains the least significant bytes + /// of a big endian integer value with all leading ones stripped. + pub fn as_bytes(&self) -> &'a [u8] { + self.inner.as_slice() + } + + /// Get the length of this [`IntRef`] in bytes. + pub fn len(&self) -> Length { + self.inner.len() + } + + /// Is the inner byte slice empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } +} + +impl_any_conversions!(IntRef<'a>, 'a); + +impl<'a> DecodeValue<'a> for IntRef<'a> { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let bytes = BytesRef::decode_value(reader, header)?; + validate_canonical(bytes.as_slice())?; + + let result = Self::new(bytes.as_slice())?; + + // Ensure we compute the same encoded length as the original any value. + if result.value_len()? != header.length { + return Err(Self::TAG.non_canonical_error()); + } + + Ok(result) + } +} + +impl<'a> EncodeValue for IntRef<'a> { + fn value_len(&self) -> Result { + // Signed integers always hold their full encoded form. + Ok(self.inner.len()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_bytes()) + } +} + +impl<'a> From<&IntRef<'a>> for IntRef<'a> { + fn from(value: &IntRef<'a>) -> IntRef<'a> { + *value + } +} + +impl<'a> FixedTag for IntRef<'a> { + const TAG: Tag = Tag::Integer; +} + +impl<'a> OrdIsValueOrd for IntRef<'a> {} + +#[cfg(feature = "alloc")] +mod allocating { + use super::{strip_leading_ones, validate_canonical, IntRef}; + use crate::{ + asn1::Uint, + ord::OrdIsValueOrd, + referenced::{OwnedToRef, RefToOwned}, + BytesOwned, DecodeValue, EncodeValue, ErrorKind, FixedTag, Header, Length, Reader, Result, + Tag, Writer, + }; + use alloc::vec::Vec; + + /// Signed arbitrary precision ASN.1 `INTEGER` type. + /// + /// Provides heap-allocated storage for big endian bytes which comprise an + /// signed integer value. + /// + /// Intended for use cases like very large integers that are used in + /// cryptographic applications (e.g. keys, signatures). + #[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] + pub struct Int { + /// Inner value + inner: BytesOwned, + } + + impl Int { + /// Create a new [`Int`] from a byte slice. + pub fn new(bytes: &[u8]) -> Result { + let inner = BytesOwned::new(strip_leading_ones(bytes)) + .map_err(|_| ErrorKind::Length { tag: Self::TAG })?; + + Ok(Self { inner }) + } + + /// Borrow the inner byte slice which contains the least significant bytes + /// of a big endian integer value with all leading ones stripped. + pub fn as_bytes(&self) -> &[u8] { + self.inner.as_slice() + } + + /// Get the length of this [`Int`] in bytes. + pub fn len(&self) -> Length { + self.inner.len() + } + + /// Is the inner byte slice empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } + } + + impl_any_conversions!(Int); + + impl<'a> DecodeValue<'a> for Int { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let bytes = BytesOwned::decode_value(reader, header)?; + validate_canonical(bytes.as_slice())?; + + let result = Self::new(bytes.as_slice())?; + + // Ensure we compute the same encoded length as the original any value. + if result.value_len()? != header.length { + return Err(Self::TAG.non_canonical_error()); + } + + Ok(result) + } + } + + impl EncodeValue for Int { + fn value_len(&self) -> Result { + // Signed integers always hold their full encoded form. + Ok(self.inner.len()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_bytes()) + } + } + + impl<'a> From<&IntRef<'a>> for Int { + fn from(value: &IntRef<'a>) -> Int { + let inner = BytesOwned::new(value.as_bytes()).expect("Invalid Int"); + Int { inner } + } + } + + impl From for Int { + fn from(value: Uint) -> Self { + let mut inner: Vec = Vec::new(); + + // Add leading `0x00` byte if required + if value.value_len().expect("invalid Uint") > value.len() { + inner.push(0x00); + } + + inner.extend_from_slice(value.as_bytes()); + let inner = BytesOwned::new(inner).expect("invalid Uint"); + + Int { inner } + } + } + + impl FixedTag for Int { + const TAG: Tag = Tag::Integer; + } + + impl OrdIsValueOrd for Int {} + + impl<'a> RefToOwned<'a> for IntRef<'a> { + type Owned = Int; + fn ref_to_owned(&self) -> Self::Owned { + let inner = self.inner.ref_to_owned(); + + Int { inner } + } + } + + impl OwnedToRef for Int { + type Borrowed<'a> = IntRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + let inner = self.inner.owned_to_ref(); + + IntRef { inner } + } + } +} + +/// Ensure `INTEGER` is canonically encoded. +fn validate_canonical(bytes: &[u8]) -> Result<()> { + // The `INTEGER` type always encodes a signed value and we're decoding + // as signed here, so we allow a zero extension or sign extension byte, + // but only as permitted under DER canonicalization. + match bytes { + [] => Err(Tag::Integer.non_canonical_error()), + [0x00, byte, ..] if *byte < 0x80 => Err(Tag::Integer.non_canonical_error()), + [0xFF, byte, ..] if *byte >= 0x80 => Err(Tag::Integer.non_canonical_error()), + _ => Ok(()), + } +} + +/// Decode an signed integer of the specified size. +/// +/// Returns a byte array of the requested size containing a big endian integer. +fn decode_to_array(bytes: &[u8]) -> Result<[u8; N]> { + match N.checked_sub(bytes.len()) { + Some(offset) => { + let mut output = [0xFFu8; N]; + output[offset..].copy_from_slice(bytes); + Ok(output) + } + None => { + let expected_len = Length::try_from(N)?; + let actual_len = Length::try_from(bytes.len())?; + + Err(ErrorKind::Incomplete { + expected_len, + actual_len, + } + .into()) + } + } +} + +/// Encode the given big endian bytes representing an integer as ASN.1 DER. +fn encode_bytes(writer: &mut W, bytes: &[u8]) -> Result<()> +where + W: Writer + ?Sized, +{ + writer.write(strip_leading_ones(bytes)) +} + +/// Get the encoded length for the given **negative** integer serialized as bytes. +#[inline] +fn negative_encoded_len(bytes: &[u8]) -> Result { + Length::try_from(strip_leading_ones(bytes).len()) +} + +/// Strip the leading all-ones bytes from the given byte slice. +pub(crate) fn strip_leading_ones(mut bytes: &[u8]) -> &[u8] { + while let Some((byte, rest)) = bytes.split_first() { + if *byte == 0xFF && is_highest_bit_set(rest) { + bytes = rest; + continue; + } + + break; + } + + bytes +} + +#[cfg(test)] +mod tests { + use super::{validate_canonical, IntRef}; + use crate::{asn1::integer::tests::*, Decode, Encode, SliceWriter}; + + #[test] + fn validate_canonical_ok() { + assert_eq!(validate_canonical(&[0x00]), Ok(())); + assert_eq!(validate_canonical(&[0x01]), Ok(())); + assert_eq!(validate_canonical(&[0x00, 0x80]), Ok(())); + assert_eq!(validate_canonical(&[0xFF, 0x00]), Ok(())); + } + + #[test] + fn validate_canonical_err() { + // Empty integers are always non-canonical. + assert!(validate_canonical(&[]).is_err()); + + // Positives with excessive zero extension are non-canonical. + assert!(validate_canonical(&[0x00, 0x00]).is_err()); + + // Negatives with excessive sign extension are non-canonical. + assert!(validate_canonical(&[0xFF, 0x80]).is_err()); + } + + #[test] + fn decode_intref() { + // Positive numbers decode, but have zero extensions as necessary + // (to distinguish them from negative representations). + assert_eq!(&[0], IntRef::from_der(I0_BYTES).unwrap().as_bytes()); + assert_eq!(&[127], IntRef::from_der(I127_BYTES).unwrap().as_bytes()); + assert_eq!(&[0, 128], IntRef::from_der(I128_BYTES).unwrap().as_bytes()); + assert_eq!(&[0, 255], IntRef::from_der(I255_BYTES).unwrap().as_bytes()); + + assert_eq!( + &[0x01, 0x00], + IntRef::from_der(I256_BYTES).unwrap().as_bytes() + ); + + assert_eq!( + &[0x7F, 0xFF], + IntRef::from_der(I32767_BYTES).unwrap().as_bytes() + ); + + // Negative integers decode. + assert_eq!(&[128], IntRef::from_der(INEG128_BYTES).unwrap().as_bytes()); + assert_eq!( + &[255, 127], + IntRef::from_der(INEG129_BYTES).unwrap().as_bytes() + ); + assert_eq!( + &[128, 0], + IntRef::from_der(INEG32768_BYTES).unwrap().as_bytes() + ); + } + + #[test] + fn encode_intref() { + for &example in &[ + I0_BYTES, + I127_BYTES, + I128_BYTES, + I255_BYTES, + I256_BYTES, + I32767_BYTES, + ] { + let uint = IntRef::from_der(example).unwrap(); + + let mut buf = [0u8; 128]; + let mut encoder = SliceWriter::new(&mut buf); + uint.encode(&mut encoder).unwrap(); + + let result = encoder.finish().unwrap(); + assert_eq!(example, result); + } + + for &example in &[INEG128_BYTES, INEG129_BYTES, INEG32768_BYTES] { + let uint = IntRef::from_der(example).unwrap(); + + let mut buf = [0u8; 128]; + let mut encoder = SliceWriter::new(&mut buf); + uint.encode(&mut encoder).unwrap(); + + let result = encoder.finish().unwrap(); + assert_eq!(example, result); + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer/uint.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer/uint.rs new file mode 100644 index 000000000000..95c6297c2bb8 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer/uint.rs @@ -0,0 +1,428 @@ +//! Unsigned integer decoders/encoders. + +use super::value_cmp; +use crate::{ + ord::OrdIsValueOrd, AnyRef, BytesRef, DecodeValue, EncodeValue, Error, ErrorKind, FixedTag, + Header, Length, Reader, Result, Tag, ValueOrd, Writer, +}; +use core::cmp::Ordering; + +#[cfg(feature = "alloc")] +pub use allocating::Uint; + +macro_rules! impl_encoding_traits { + ($($uint:ty),+) => { + $( + impl<'a> DecodeValue<'a> for $uint { + fn decode_value>(reader: &mut R, header: Header) -> Result { + // Integers always encodes as a signed value, unsigned gets a leading 0x00 that + // needs to be stripped off. We need to provide room for it. + const UNSIGNED_HEADROOM: usize = 1; + + let mut buf = [0u8; (Self::BITS as usize / 8) + UNSIGNED_HEADROOM]; + let max_length = u32::from(header.length) as usize; + + if max_length > buf.len() { + return Err(Self::TAG.non_canonical_error()); + } + + let bytes = reader.read_into(&mut buf[..max_length])?; + + let result = Self::from_be_bytes(decode_to_array(bytes)?); + + // Ensure we compute the same encoded length as the original any value + if header.length != result.value_len()? { + return Err(Self::TAG.non_canonical_error()); + } + + Ok(result) + } + } + + impl EncodeValue for $uint { + fn value_len(&self) -> Result { + encoded_len(&self.to_be_bytes()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + encode_bytes(writer, &self.to_be_bytes()) + } + } + + impl FixedTag for $uint { + const TAG: Tag = Tag::Integer; + } + + impl ValueOrd for $uint { + fn value_cmp(&self, other: &Self) -> Result { + value_cmp(*self, *other) + } + } + + impl TryFrom> for $uint { + type Error = Error; + + fn try_from(any: AnyRef<'_>) -> Result { + any.decode_as() + } + } + )+ + }; +} + +impl_encoding_traits!(u8, u16, u32, u64, u128); + +/// Unsigned arbitrary precision ASN.1 `INTEGER` reference type. +/// +/// Provides direct access to the underlying big endian bytes which comprise an +/// unsigned integer value. +/// +/// Intended for use cases like very large integers that are used in +/// cryptographic applications (e.g. keys, signatures). +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct UintRef<'a> { + /// Inner value + inner: BytesRef<'a>, +} + +impl<'a> UintRef<'a> { + /// Create a new [`UintRef`] from a byte slice. + pub fn new(bytes: &'a [u8]) -> Result { + let inner = BytesRef::new(strip_leading_zeroes(bytes)) + .map_err(|_| ErrorKind::Length { tag: Self::TAG })?; + + Ok(Self { inner }) + } + + /// Borrow the inner byte slice which contains the least significant bytes + /// of a big endian integer value with all leading zeros stripped. + pub fn as_bytes(&self) -> &'a [u8] { + self.inner.as_slice() + } + + /// Get the length of this [`UintRef`] in bytes. + pub fn len(&self) -> Length { + self.inner.len() + } + + /// Is the inner byte slice empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } +} + +impl_any_conversions!(UintRef<'a>, 'a); + +impl<'a> DecodeValue<'a> for UintRef<'a> { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let bytes = BytesRef::decode_value(reader, header)?.as_slice(); + let result = Self::new(decode_to_slice(bytes)?)?; + + // Ensure we compute the same encoded length as the original any value. + if result.value_len()? != header.length { + return Err(Self::TAG.non_canonical_error()); + } + + Ok(result) + } +} + +impl<'a> EncodeValue for UintRef<'a> { + fn value_len(&self) -> Result { + encoded_len(self.inner.as_slice()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + // Add leading `0x00` byte if required + if self.value_len()? > self.len() { + writer.write_byte(0)?; + } + + writer.write(self.as_bytes()) + } +} + +impl<'a> From<&UintRef<'a>> for UintRef<'a> { + fn from(value: &UintRef<'a>) -> UintRef<'a> { + *value + } +} + +impl<'a> FixedTag for UintRef<'a> { + const TAG: Tag = Tag::Integer; +} + +impl<'a> OrdIsValueOrd for UintRef<'a> {} + +#[cfg(feature = "alloc")] +mod allocating { + use super::{decode_to_slice, encoded_len, strip_leading_zeroes, UintRef}; + use crate::{ + ord::OrdIsValueOrd, + referenced::{OwnedToRef, RefToOwned}, + BytesOwned, DecodeValue, EncodeValue, ErrorKind, FixedTag, Header, Length, Reader, Result, + Tag, Writer, + }; + + /// Unsigned arbitrary precision ASN.1 `INTEGER` type. + /// + /// Provides heap-allocated storage for big endian bytes which comprise an + /// unsigned integer value. + /// + /// Intended for use cases like very large integers that are used in + /// cryptographic applications (e.g. keys, signatures). + #[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] + pub struct Uint { + /// Inner value + inner: BytesOwned, + } + + impl Uint { + /// Create a new [`Uint`] from a byte slice. + pub fn new(bytes: &[u8]) -> Result { + let inner = BytesOwned::new(strip_leading_zeroes(bytes)) + .map_err(|_| ErrorKind::Length { tag: Self::TAG })?; + + Ok(Self { inner }) + } + + /// Borrow the inner byte slice which contains the least significant bytes + /// of a big endian integer value with all leading zeros stripped. + pub fn as_bytes(&self) -> &[u8] { + self.inner.as_slice() + } + + /// Get the length of this [`Uint`] in bytes. + pub fn len(&self) -> Length { + self.inner.len() + } + + /// Is the inner byte slice empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } + } + + impl_any_conversions!(Uint); + + impl<'a> DecodeValue<'a> for Uint { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let bytes = BytesOwned::decode_value(reader, header)?; + let result = Self::new(decode_to_slice(bytes.as_slice())?)?; + + // Ensure we compute the same encoded length as the original any value. + if result.value_len()? != header.length { + return Err(Self::TAG.non_canonical_error()); + } + + Ok(result) + } + } + + impl EncodeValue for Uint { + fn value_len(&self) -> Result { + encoded_len(self.inner.as_slice()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + // Add leading `0x00` byte if required + if self.value_len()? > self.len() { + writer.write_byte(0)?; + } + + writer.write(self.as_bytes()) + } + } + + impl<'a> From<&UintRef<'a>> for Uint { + fn from(value: &UintRef<'a>) -> Uint { + let inner = BytesOwned::new(value.as_bytes()).expect("Invalid Uint"); + Uint { inner } + } + } + + impl FixedTag for Uint { + const TAG: Tag = Tag::Integer; + } + + impl OrdIsValueOrd for Uint {} + + impl<'a> RefToOwned<'a> for UintRef<'a> { + type Owned = Uint; + fn ref_to_owned(&self) -> Self::Owned { + let inner = self.inner.ref_to_owned(); + + Uint { inner } + } + } + + impl OwnedToRef for Uint { + type Borrowed<'a> = UintRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + let inner = self.inner.owned_to_ref(); + + UintRef { inner } + } + } +} + +/// Decode an unsigned integer into a big endian byte slice with all leading +/// zeroes removed. +/// +/// Returns a byte array of the requested size containing a big endian integer. +pub(crate) fn decode_to_slice(bytes: &[u8]) -> Result<&[u8]> { + // The `INTEGER` type always encodes a signed value, so for unsigned + // values the leading `0x00` byte may need to be removed. + // + // We also disallow a leading byte which would overflow a signed ASN.1 + // integer (since we're decoding an unsigned integer). + // We expect all such cases to have a leading `0x00` byte. + match bytes { + [] => Err(Tag::Integer.non_canonical_error()), + [0] => Ok(bytes), + [0, byte, ..] if *byte < 0x80 => Err(Tag::Integer.non_canonical_error()), + [0, rest @ ..] => Ok(rest), + [byte, ..] if *byte >= 0x80 => Err(Tag::Integer.value_error()), + _ => Ok(bytes), + } +} + +/// Decode an unsigned integer into a byte array of the requested size +/// containing a big endian integer. +pub(super) fn decode_to_array(bytes: &[u8]) -> Result<[u8; N]> { + let input = decode_to_slice(bytes)?; + + // Compute number of leading zeroes to add + let num_zeroes = N + .checked_sub(input.len()) + .ok_or_else(|| Tag::Integer.length_error())?; + + // Copy input into `N`-sized output buffer with leading zeroes + let mut output = [0u8; N]; + output[num_zeroes..].copy_from_slice(input); + Ok(output) +} + +/// Encode the given big endian bytes representing an integer as ASN.1 DER. +pub(crate) fn encode_bytes(encoder: &mut W, bytes: &[u8]) -> Result<()> +where + W: Writer + ?Sized, +{ + let bytes = strip_leading_zeroes(bytes); + + if needs_leading_zero(bytes) { + encoder.write_byte(0)?; + } + + encoder.write(bytes) +} + +/// Get the encoded length for the given unsigned integer serialized as bytes. +#[inline] +pub(crate) fn encoded_len(bytes: &[u8]) -> Result { + let bytes = strip_leading_zeroes(bytes); + Length::try_from(bytes.len())? + u8::from(needs_leading_zero(bytes)) +} + +/// Strip the leading zeroes from the given byte slice +pub(crate) fn strip_leading_zeroes(mut bytes: &[u8]) -> &[u8] { + while let Some((byte, rest)) = bytes.split_first() { + if *byte == 0 && !rest.is_empty() { + bytes = rest; + } else { + break; + } + } + + bytes +} + +/// Does the given integer need a leading zero? +fn needs_leading_zero(bytes: &[u8]) -> bool { + matches!(bytes.first(), Some(byte) if *byte >= 0x80) +} + +#[cfg(test)] +mod tests { + use super::{decode_to_array, UintRef}; + use crate::{asn1::integer::tests::*, AnyRef, Decode, Encode, ErrorKind, SliceWriter, Tag}; + + #[test] + fn decode_to_array_no_leading_zero() { + let arr = decode_to_array::<4>(&[1, 2]).unwrap(); + assert_eq!(arr, [0, 0, 1, 2]); + } + + #[test] + fn decode_to_array_leading_zero() { + let arr = decode_to_array::<4>(&[0x00, 0xFF, 0xFE]).unwrap(); + assert_eq!(arr, [0x00, 0x00, 0xFF, 0xFE]); + } + + #[test] + fn decode_to_array_extra_zero() { + let err = decode_to_array::<4>(&[0, 1, 2]).err().unwrap(); + assert_eq!(err.kind(), ErrorKind::Noncanonical { tag: Tag::Integer }); + } + + #[test] + fn decode_to_array_missing_zero() { + // We're decoding an unsigned integer, but this value would be signed + let err = decode_to_array::<4>(&[0xFF, 0xFE]).err().unwrap(); + assert_eq!(err.kind(), ErrorKind::Value { tag: Tag::Integer }); + } + + #[test] + fn decode_to_array_oversized_input() { + let err = decode_to_array::<1>(&[1, 2, 3]).err().unwrap(); + assert_eq!(err.kind(), ErrorKind::Length { tag: Tag::Integer }); + } + + #[test] + fn decode_uintref() { + assert_eq!(&[0], UintRef::from_der(I0_BYTES).unwrap().as_bytes()); + assert_eq!(&[127], UintRef::from_der(I127_BYTES).unwrap().as_bytes()); + assert_eq!(&[128], UintRef::from_der(I128_BYTES).unwrap().as_bytes()); + assert_eq!(&[255], UintRef::from_der(I255_BYTES).unwrap().as_bytes()); + + assert_eq!( + &[0x01, 0x00], + UintRef::from_der(I256_BYTES).unwrap().as_bytes() + ); + + assert_eq!( + &[0x7F, 0xFF], + UintRef::from_der(I32767_BYTES).unwrap().as_bytes() + ); + } + + #[test] + fn encode_uintref() { + for &example in &[ + I0_BYTES, + I127_BYTES, + I128_BYTES, + I255_BYTES, + I256_BYTES, + I32767_BYTES, + ] { + let uint = UintRef::from_der(example).unwrap(); + + let mut buf = [0u8; 128]; + let mut encoder = SliceWriter::new(&mut buf); + uint.encode(&mut encoder).unwrap(); + + let result = encoder.finish().unwrap(); + assert_eq!(example, result); + } + } + + #[test] + fn reject_oversize_without_extra_zero() { + let err = UintRef::try_from(AnyRef::new(Tag::Integer, &[0x81]).unwrap()) + .err() + .unwrap(); + + assert_eq!(err.kind(), ErrorKind::Value { tag: Tag::Integer }); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/internal_macros.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/internal_macros.rs new file mode 100644 index 000000000000..10ad99d23b9a --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/internal_macros.rs @@ -0,0 +1,75 @@ +macro_rules! impl_any_conversions { + ($type: ty) => { + impl_any_conversions!($type, ); + }; + ($type: ty, $($li: lifetime)?) => { + impl<'__der: $($li),*, $($li),*> TryFrom<$crate::AnyRef<'__der>> for $type { + type Error = $crate::Error; + + fn try_from(any: $crate::AnyRef<'__der>) -> Result<$type> { + any.decode_as() + } + } + + #[cfg(feature = "alloc")] + impl<'__der: $($li),*, $($li),*> TryFrom<&'__der $crate::Any> for $type { + type Error = $crate::Error; + + fn try_from(any: &'__der $crate::Any) -> Result<$type> { + any.decode_as() + } + } + }; +} + +macro_rules! impl_string_type { + ($type: ty, $($li: lifetime)?) => { + impl_any_conversions!($type, $($li),*); + + mod __impl_string { + use super::*; + + use crate::{ + ord::OrdIsValueOrd, BytesRef, DecodeValue, EncodeValue, Header, Length, Reader, + Result, Writer, + }; + use core::{fmt, str}; + + impl<$($li),*> AsRef for $type { + fn as_ref(&self) -> &str { + self.as_str() + } + } + + impl<$($li),*> AsRef<[u8]> for $type { + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } + } + + impl<'__der: $($li),*, $($li),*> DecodeValue<'__der> for $type { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Self::new(BytesRef::decode_value(reader, header)?.as_slice()) + } + } + + impl<$($li),*> EncodeValue for $type { + fn value_len(&self) -> Result { + self.inner.value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + self.inner.encode_value(writer) + } + } + + impl<$($li),*> OrdIsValueOrd for $type {} + + impl<$($li),*> fmt::Display for $type { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str(self.as_str()) + } + } + } + }; +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/null.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/null.rs new file mode 100644 index 000000000000..7c1e2058a1ea --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/null.rs @@ -0,0 +1,102 @@ +//! ASN.1 `NULL` support. + +use crate::{ + asn1::AnyRef, ord::OrdIsValueOrd, BytesRef, DecodeValue, EncodeValue, Error, ErrorKind, + FixedTag, Header, Length, Reader, Result, Tag, Writer, +}; + +/// ASN.1 `NULL` type. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct Null; + +impl_any_conversions!(Null); + +impl<'a> DecodeValue<'a> for Null { + fn decode_value>(reader: &mut R, header: Header) -> Result { + if header.length.is_zero() { + Ok(Null) + } else { + Err(reader.error(ErrorKind::Length { tag: Self::TAG })) + } + } +} + +impl EncodeValue for Null { + fn value_len(&self) -> Result { + Ok(Length::ZERO) + } + + fn encode_value(&self, _writer: &mut impl Writer) -> Result<()> { + Ok(()) + } +} + +impl FixedTag for Null { + const TAG: Tag = Tag::Null; +} + +impl OrdIsValueOrd for Null {} + +impl<'a> From for AnyRef<'a> { + fn from(_: Null) -> AnyRef<'a> { + AnyRef::from_tag_and_value(Tag::Null, BytesRef::default()) + } +} + +impl TryFrom> for () { + type Error = Error; + + fn try_from(any: AnyRef<'_>) -> Result<()> { + Null::try_from(any).map(|_| ()) + } +} + +impl<'a> From<()> for AnyRef<'a> { + fn from(_: ()) -> AnyRef<'a> { + Null.into() + } +} + +impl<'a> DecodeValue<'a> for () { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Null::decode_value(reader, header)?; + Ok(()) + } +} + +impl EncodeValue for () { + fn value_len(&self) -> Result { + Ok(Length::ZERO) + } + + fn encode_value(&self, _writer: &mut impl Writer) -> Result<()> { + Ok(()) + } +} + +impl FixedTag for () { + const TAG: Tag = Tag::Null; +} + +#[cfg(test)] +mod tests { + use super::Null; + use crate::{Decode, Encode}; + + #[test] + fn decode() { + Null::from_der(&[0x05, 0x00]).unwrap(); + } + + #[test] + fn encode() { + let mut buffer = [0u8; 2]; + assert_eq!(&[0x05, 0x00], Null.encode_to_slice(&mut buffer).unwrap()); + assert_eq!(&[0x05, 0x00], ().encode_to_slice(&mut buffer).unwrap()); + } + + #[test] + fn reject_non_canonical() { + assert!(Null::from_der(&[0x05, 0x81, 0x00]).is_err()); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/octet_string.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/octet_string.rs new file mode 100644 index 000000000000..53d8ecb6a5a6 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/octet_string.rs @@ -0,0 +1,257 @@ +//! ASN.1 `OCTET STRING` support. + +use crate::{ + asn1::AnyRef, ord::OrdIsValueOrd, BytesRef, Decode, DecodeValue, EncodeValue, ErrorKind, + FixedTag, Header, Length, Reader, Result, Tag, Writer, +}; + +/// ASN.1 `OCTET STRING` type: borrowed form. +/// +/// Octet strings represent contiguous sequences of octets, a.k.a. bytes. +/// +/// This is a zero-copy reference type which borrows from the input data. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct OctetStringRef<'a> { + /// Inner value + inner: BytesRef<'a>, +} + +impl<'a> OctetStringRef<'a> { + /// Create a new ASN.1 `OCTET STRING` from a byte slice. + pub fn new(slice: &'a [u8]) -> Result { + BytesRef::new(slice) + .map(|inner| Self { inner }) + .map_err(|_| ErrorKind::Length { tag: Self::TAG }.into()) + } + + /// Borrow the inner byte slice. + pub fn as_bytes(&self) -> &'a [u8] { + self.inner.as_slice() + } + + /// Get the length of the inner byte slice. + pub fn len(&self) -> Length { + self.inner.len() + } + + /// Is the inner byte slice empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } + + /// Parse `T` from this `OCTET STRING`'s contents. + pub fn decode_into>(&self) -> Result { + Decode::from_der(self.as_bytes()) + } +} + +impl_any_conversions!(OctetStringRef<'a>, 'a); + +impl AsRef<[u8]> for OctetStringRef<'_> { + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } +} + +impl<'a> DecodeValue<'a> for OctetStringRef<'a> { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let inner = BytesRef::decode_value(reader, header)?; + Ok(Self { inner }) + } +} + +impl EncodeValue for OctetStringRef<'_> { + fn value_len(&self) -> Result { + self.inner.value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + self.inner.encode_value(writer) + } +} + +impl FixedTag for OctetStringRef<'_> { + const TAG: Tag = Tag::OctetString; +} + +impl OrdIsValueOrd for OctetStringRef<'_> {} + +impl<'a> From<&OctetStringRef<'a>> for OctetStringRef<'a> { + fn from(value: &OctetStringRef<'a>) -> OctetStringRef<'a> { + *value + } +} + +impl<'a> From> for AnyRef<'a> { + fn from(octet_string: OctetStringRef<'a>) -> AnyRef<'a> { + AnyRef::from_tag_and_value(Tag::OctetString, octet_string.inner) + } +} + +impl<'a> From> for &'a [u8] { + fn from(octet_string: OctetStringRef<'a>) -> &'a [u8] { + octet_string.as_bytes() + } +} + +#[cfg(feature = "alloc")] +pub use self::allocating::OctetString; + +#[cfg(feature = "alloc")] +mod allocating { + use super::*; + use crate::referenced::*; + use alloc::vec::Vec; + + /// ASN.1 `OCTET STRING` type: owned form.. + /// + /// Octet strings represent contiguous sequences of octets, a.k.a. bytes. + /// + /// This type provides the same functionality as [`OctetStringRef`] but owns + /// the backing data. + #[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] + pub struct OctetString { + /// Bitstring represented as a slice of bytes. + pub(super) inner: Vec, + } + + impl OctetString { + /// Create a new ASN.1 `OCTET STRING`. + pub fn new(bytes: impl Into>) -> Result { + let inner = bytes.into(); + + // Ensure the bytes parse successfully as an `OctetStringRef` + OctetStringRef::new(&inner)?; + + Ok(Self { inner }) + } + + /// Borrow the inner byte slice. + pub fn as_bytes(&self) -> &[u8] { + self.inner.as_slice() + } + + /// Take ownership of the octet string. + pub fn into_bytes(self) -> Vec { + self.inner + } + + /// Get the length of the inner byte slice. + pub fn len(&self) -> Length { + self.value_len().expect("invalid OCTET STRING length") + } + + /// Is the inner byte slice empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } + } + + impl_any_conversions!(OctetString); + + impl AsRef<[u8]> for OctetString { + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } + } + + impl<'a> DecodeValue<'a> for OctetString { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Self::new(reader.read_vec(header.length)?) + } + } + + impl EncodeValue for OctetString { + fn value_len(&self) -> Result { + self.inner.len().try_into() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(&self.inner) + } + } + + impl FixedTag for OctetString { + const TAG: Tag = Tag::OctetString; + } + + impl<'a> From<&'a OctetString> for OctetStringRef<'a> { + fn from(octet_string: &'a OctetString) -> OctetStringRef<'a> { + // Ensured to parse successfully in constructor + OctetStringRef::new(&octet_string.inner).expect("invalid OCTET STRING") + } + } + + impl OrdIsValueOrd for OctetString {} + + impl<'a> RefToOwned<'a> for OctetStringRef<'a> { + type Owned = OctetString; + fn ref_to_owned(&self) -> Self::Owned { + OctetString { + inner: Vec::from(self.inner.as_slice()), + } + } + } + + impl OwnedToRef for OctetString { + type Borrowed<'a> = OctetStringRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + self.into() + } + } + + // Implement by hand because the derive would create invalid values. + // Use the constructor to create a valid value. + #[cfg(feature = "arbitrary")] + impl<'a> arbitrary::Arbitrary<'a> for OctetString { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + Self::new(Vec::arbitrary(u)?).map_err(|_| arbitrary::Error::IncorrectFormat) + } + + fn size_hint(depth: usize) -> (usize, Option) { + arbitrary::size_hint::and(u8::size_hint(depth), Vec::::size_hint(depth)) + } + } +} + +#[cfg(feature = "bytes")] +mod bytes { + use super::OctetString; + use crate::{DecodeValue, EncodeValue, FixedTag, Header, Length, Reader, Result, Tag, Writer}; + use bytes::Bytes; + + impl<'a> DecodeValue<'a> for Bytes { + fn decode_value>(reader: &mut R, header: Header) -> Result { + OctetString::decode_value(reader, header).map(|octet_string| octet_string.inner.into()) + } + } + + impl EncodeValue for Bytes { + fn value_len(&self) -> Result { + self.len().try_into() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_ref()) + } + } + + impl FixedTag for Bytes { + const TAG: Tag = Tag::OctetString; + } +} + +#[cfg(test)] +mod tests { + use crate::asn1::{OctetStringRef, PrintableStringRef}; + + #[test] + fn octet_string_decode_into() { + // PrintableString "hi" + let der = b"\x13\x02\x68\x69"; + let oct = OctetStringRef::new(der).unwrap(); + + let res = oct.decode_into::>().unwrap(); + assert_eq!(AsRef::::as_ref(&res), "hi"); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/oid.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/oid.rs new file mode 100644 index 000000000000..3daa452b2fed --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/oid.rs @@ -0,0 +1,100 @@ +//! ASN.1 `OBJECT IDENTIFIER` + +use crate::{ + asn1::AnyRef, ord::OrdIsValueOrd, DecodeValue, EncodeValue, Error, FixedTag, Header, Length, + Reader, Result, Tag, Tagged, Writer, +}; +use const_oid::ObjectIdentifier; + +#[cfg(feature = "alloc")] +use super::Any; + +impl<'a> DecodeValue<'a> for ObjectIdentifier { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let mut buf = [0u8; ObjectIdentifier::MAX_SIZE]; + let slice = buf + .get_mut(..header.length.try_into()?) + .ok_or_else(|| Self::TAG.length_error())?; + + let actual_len = reader.read_into(slice)?.len(); + debug_assert_eq!(actual_len, header.length.try_into()?); + Ok(Self::from_bytes(slice)?) + } +} + +impl EncodeValue for ObjectIdentifier { + fn value_len(&self) -> Result { + Length::try_from(self.as_bytes().len()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_bytes()) + } +} + +impl FixedTag for ObjectIdentifier { + const TAG: Tag = Tag::ObjectIdentifier; +} + +impl OrdIsValueOrd for ObjectIdentifier {} + +impl<'a> From<&'a ObjectIdentifier> for AnyRef<'a> { + fn from(oid: &'a ObjectIdentifier) -> AnyRef<'a> { + // Note: ensuring an infallible conversion is possible relies on the + // invariant that `const_oid::MAX_LEN <= Length::max()`. + // + // The `length()` test below ensures this is the case. + let value = oid + .as_bytes() + .try_into() + .expect("OID length invariant violated"); + + AnyRef::from_tag_and_value(Tag::ObjectIdentifier, value) + } +} + +#[cfg(feature = "alloc")] +impl From for Any { + fn from(oid: ObjectIdentifier) -> Any { + AnyRef::from(&oid).into() + } +} + +impl TryFrom> for ObjectIdentifier { + type Error = Error; + + fn try_from(any: AnyRef<'_>) -> Result { + any.tag().assert_eq(Tag::ObjectIdentifier)?; + Ok(ObjectIdentifier::from_bytes(any.value())?) + } +} + +#[cfg(test)] +mod tests { + use super::ObjectIdentifier; + use crate::{Decode, Encode, Length}; + + const EXAMPLE_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549"); + const EXAMPLE_OID_BYTES: &[u8; 8] = &[0x06, 0x06, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d]; + + #[test] + fn decode() { + let oid = ObjectIdentifier::from_der(EXAMPLE_OID_BYTES).unwrap(); + assert_eq!(EXAMPLE_OID, oid); + } + + #[test] + fn encode() { + let mut buffer = [0u8; 8]; + assert_eq!( + EXAMPLE_OID_BYTES, + EXAMPLE_OID.encode_to_slice(&mut buffer).unwrap() + ); + } + + #[test] + fn length() { + // Ensure an infallible `From` conversion to `Any` will never panic + assert!(ObjectIdentifier::MAX_SIZE <= Length::MAX.try_into().unwrap()); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/optional.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/optional.rs new file mode 100644 index 000000000000..ecda4f8ecd68 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/optional.rs @@ -0,0 +1,66 @@ +//! ASN.1 `OPTIONAL` as mapped to Rust's `Option` type + +use crate::{Choice, Decode, DerOrd, Encode, Length, Reader, Result, Tag, Writer}; +use core::cmp::Ordering; + +impl<'a, T> Decode<'a> for Option +where + T: Choice<'a>, // NOTE: all `Decode + Tagged` types receive a blanket `Choice` impl +{ + fn decode>(reader: &mut R) -> Result> { + if let Some(byte) = reader.peek_byte() { + if T::can_decode(Tag::try_from(byte)?) { + return T::decode(reader).map(Some); + } + } + + Ok(None) + } +} + +impl DerOrd for Option +where + T: DerOrd, +{ + fn der_cmp(&self, other: &Self) -> Result { + match self { + Some(a) => match other { + Some(b) => a.der_cmp(b), + None => Ok(Ordering::Greater), + }, + None => Ok(Ordering::Less), + } + } +} + +impl Encode for Option +where + T: Encode, +{ + fn encoded_len(&self) -> Result { + (&self).encoded_len() + } + + fn encode(&self, writer: &mut impl Writer) -> Result<()> { + (&self).encode(writer) + } +} + +impl Encode for &Option +where + T: Encode, +{ + fn encoded_len(&self) -> Result { + match self { + Some(encodable) => encodable.encoded_len(), + None => Ok(0u8.into()), + } + } + + fn encode(&self, encoder: &mut impl Writer) -> Result<()> { + match self { + Some(encodable) => encodable.encode(encoder), + None => Ok(()), + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/printable_string.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/printable_string.rs new file mode 100644 index 000000000000..d2e51d7da2d2 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/printable_string.rs @@ -0,0 +1,252 @@ +//! ASN.1 `PrintableString` support. + +use crate::{asn1::AnyRef, FixedTag, Result, StrRef, Tag}; +use core::{fmt, ops::Deref}; + +macro_rules! impl_printable_string { + ($type: ty) => { + impl_printable_string!($type,); + }; + ($type: ty, $($li: lifetime)?) => { + impl_string_type!($type, $($li),*); + + impl<$($li),*> FixedTag for $type { + const TAG: Tag = Tag::PrintableString; + } + + impl<$($li),*> fmt::Debug for $type { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "PrintableString({:?})", self.as_str()) + } + } + }; +} + +/// ASN.1 `PrintableString` type. +/// +/// Supports a subset the ASCII character set (described below). +/// +/// For UTF-8, use [`Utf8StringRef`][`crate::asn1::Utf8StringRef`] instead. +/// For the full ASCII character set, use +/// [`Ia5StringRef`][`crate::asn1::Ia5StringRef`]. +/// +/// This is a zero-copy reference type which borrows from the input data. +/// +/// # Supported characters +/// +/// The following ASCII characters/ranges are supported: +/// +/// - `A..Z` +/// - `a..z` +/// - `0..9` +/// - "` `" (i.e. space) +/// - `\` +/// - `(` +/// - `)` +/// - `+` +/// - `,` +/// - `-` +/// - `.` +/// - `/` +/// - `:` +/// - `=` +/// - `?` +#[derive(Copy, Clone, Eq, PartialEq, PartialOrd, Ord)] +pub struct PrintableStringRef<'a> { + /// Inner value + inner: StrRef<'a>, +} + +impl<'a> PrintableStringRef<'a> { + /// Create a new ASN.1 `PrintableString`. + pub fn new(input: &'a T) -> Result + where + T: AsRef<[u8]> + ?Sized, + { + let input = input.as_ref(); + + // Validate all characters are within PrintableString's allowed set + for &c in input.iter() { + match c { + b'A'..=b'Z' + | b'a'..=b'z' + | b'0'..=b'9' + | b' ' + | b'\'' + | b'(' + | b')' + | b'+' + | b',' + | b'-' + | b'.' + | b'/' + | b':' + | b'=' + | b'?' => (), + _ => return Err(Self::TAG.value_error()), + } + } + + StrRef::from_bytes(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } +} + +impl_printable_string!(PrintableStringRef<'a>, 'a); + +impl<'a> Deref for PrintableStringRef<'a> { + type Target = StrRef<'a>; + + fn deref(&self) -> &Self::Target { + &self.inner + } +} +impl<'a> From<&PrintableStringRef<'a>> for PrintableStringRef<'a> { + fn from(value: &PrintableStringRef<'a>) -> PrintableStringRef<'a> { + *value + } +} + +impl<'a> From> for AnyRef<'a> { + fn from(printable_string: PrintableStringRef<'a>) -> AnyRef<'a> { + AnyRef::from_tag_and_value(Tag::PrintableString, printable_string.inner.into()) + } +} + +#[cfg(feature = "alloc")] +pub use self::allocation::PrintableString; + +#[cfg(feature = "alloc")] +mod allocation { + use super::PrintableStringRef; + + use crate::{ + asn1::AnyRef, + referenced::{OwnedToRef, RefToOwned}, + BytesRef, Error, FixedTag, Result, StrOwned, Tag, + }; + use alloc::string::String; + use core::{fmt, ops::Deref}; + + /// ASN.1 `PrintableString` type. + /// + /// Supports a subset the ASCII character set (described below). + /// + /// For UTF-8, use [`Utf8StringRef`][`crate::asn1::Utf8StringRef`] instead. + /// For the full ASCII character set, use + /// [`Ia5StringRef`][`crate::asn1::Ia5StringRef`]. + /// + /// # Supported characters + /// + /// The following ASCII characters/ranges are supported: + /// + /// - `A..Z` + /// - `a..z` + /// - `0..9` + /// - "` `" (i.e. space) + /// - `\` + /// - `(` + /// - `)` + /// - `+` + /// - `,` + /// - `-` + /// - `.` + /// - `/` + /// - `:` + /// - `=` + /// - `?` + #[derive(Clone, Eq, PartialEq, PartialOrd, Ord)] + pub struct PrintableString { + /// Inner value + inner: StrOwned, + } + + impl PrintableString { + /// Create a new ASN.1 `PrintableString`. + pub fn new(input: &T) -> Result + where + T: AsRef<[u8]> + ?Sized, + { + let input = input.as_ref(); + PrintableStringRef::new(input)?; + + StrOwned::from_bytes(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } + } + + impl_printable_string!(PrintableString); + + impl Deref for PrintableString { + type Target = StrOwned; + + fn deref(&self) -> &Self::Target { + &self.inner + } + } + + impl<'a> From> for PrintableString { + fn from(value: PrintableStringRef<'a>) -> PrintableString { + let inner = + StrOwned::from_bytes(value.inner.as_bytes()).expect("Invalid PrintableString"); + Self { inner } + } + } + + impl<'a> From<&'a PrintableString> for AnyRef<'a> { + fn from(printable_string: &'a PrintableString) -> AnyRef<'a> { + AnyRef::from_tag_and_value( + Tag::PrintableString, + BytesRef::new(printable_string.inner.as_bytes()).expect("Invalid PrintableString"), + ) + } + } + + impl<'a> RefToOwned<'a> for PrintableStringRef<'a> { + type Owned = PrintableString; + fn ref_to_owned(&self) -> Self::Owned { + PrintableString { + inner: self.inner.ref_to_owned(), + } + } + } + + impl OwnedToRef for PrintableString { + type Borrowed<'a> = PrintableStringRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + PrintableStringRef { + inner: self.inner.owned_to_ref(), + } + } + } + + impl TryFrom for PrintableString { + type Error = Error; + + fn try_from(input: String) -> Result { + PrintableStringRef::new(&input)?; + + StrOwned::new(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } + } +} + +#[cfg(test)] +mod tests { + use super::PrintableStringRef; + use crate::Decode; + + #[test] + fn parse_bytes() { + let example_bytes = &[ + 0x13, 0x0b, 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x65, 0x72, 0x20, 0x31, + ]; + + let printable_string = PrintableStringRef::from_der(example_bytes).unwrap(); + assert_eq!(printable_string.as_str(), "Test User 1"); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/real.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/real.rs new file mode 100644 index 000000000000..b9f2e67f5222 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/real.rs @@ -0,0 +1,990 @@ +//! ASN.1 `REAL` support. + +// TODO(tarcieri): checked arithmetic +#![allow( + clippy::cast_lossless, + clippy::cast_sign_loss, + clippy::integer_arithmetic +)] + +use crate::{ + BytesRef, DecodeValue, EncodeValue, FixedTag, Header, Length, Reader, Result, StrRef, Tag, + Writer, +}; + +use super::integer::uint::strip_leading_zeroes; + +impl<'a> DecodeValue<'a> for f64 { + fn decode_value>(reader: &mut R, header: Header) -> Result { + let bytes = BytesRef::decode_value(reader, header)?.as_slice(); + + if header.length == Length::ZERO { + Ok(0.0) + } else if is_nth_bit_one::<7>(bytes) { + // Binary encoding from section 8.5.7 applies + let sign: u64 = u64::from(is_nth_bit_one::<6>(bytes)); + + // Section 8.5.7.2: Check the base -- the DER specs say that only base 2 should be supported in DER + let base = mnth_bits_to_u8::<5, 4>(bytes); + + if base != 0 { + // Real related error: base is not DER compliant (base encoded in enum) + return Err(Tag::Real.value_error()); + } + + // Section 8.5.7.3 + let scaling_factor = mnth_bits_to_u8::<3, 2>(bytes); + + // Section 8.5.7.4 + let mantissa_start; + let exponent = match mnth_bits_to_u8::<1, 0>(bytes) { + 0 => { + mantissa_start = 2; + let ebytes = (i16::from_be_bytes([0x0, bytes[1]])).to_be_bytes(); + u64::from_be_bytes([0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ebytes[0], ebytes[1]]) + } + 1 => { + mantissa_start = 3; + let ebytes = (i16::from_be_bytes([bytes[1], bytes[2]])).to_be_bytes(); + u64::from_be_bytes([0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ebytes[0], ebytes[1]]) + } + _ => { + // Real related error: encoded exponent cannot be represented on an IEEE-754 double + return Err(Tag::Real.value_error()); + } + }; + // Section 8.5.7.5: Read the remaining bytes for the mantissa + let mut n_bytes = [0x0; 8]; + for (pos, byte) in bytes[mantissa_start..].iter().rev().enumerate() { + n_bytes[7 - pos] = *byte; + } + let n = u64::from_be_bytes(n_bytes); + // Multiply byt 2^F corresponds to just a left shift + let mantissa = n << scaling_factor; + // Create the f64 + Ok(encode_f64(sign, exponent, mantissa)) + } else if is_nth_bit_one::<6>(bytes) { + // This either a special value, or it's the value minus zero is encoded, section 8.5.9 applies + match mnth_bits_to_u8::<1, 0>(bytes) { + 0 => Ok(f64::INFINITY), + 1 => Ok(f64::NEG_INFINITY), + 2 => Ok(f64::NAN), + 3 => Ok(-0.0_f64), + _ => Err(Tag::Real.value_error()), + } + } else { + let astr = StrRef::from_bytes(&bytes[1..])?; + match astr.inner.parse::() { + Ok(val) => Ok(val), + // Real related error: encoding not supported or malformed + Err(_) => Err(Tag::Real.value_error()), + } + } + } +} + +impl EncodeValue for f64 { + fn value_len(&self) -> Result { + if self.is_sign_positive() && (*self) < f64::MIN_POSITIVE { + // Zero: positive yet smaller than the minimum positive number + Ok(Length::ZERO) + } else if self.is_nan() + || self.is_infinite() + || (self.is_sign_negative() && -self < f64::MIN_POSITIVE) + { + // NaN, infinite (positive or negative), or negative zero (negative but its negative is less than the min positive number) + Ok(Length::ONE) + } else { + // The length is that of the first octets plus those needed for the exponent plus those needed for the mantissa + let (_sign, exponent, mantissa) = decode_f64(*self); + + let exponent_len = if exponent == 0 { + // Section 8.5.7.4: there must be at least one octet for exponent encoding + // But, if the exponent is zero, it'll be skipped, so we make sure force it to 1 + Length::ONE + } else { + let ebytes = exponent.to_be_bytes(); + Length::try_from(strip_leading_zeroes(&ebytes).len())? + }; + + let mantissa_len = if mantissa == 0 { + Length::ONE + } else { + let mbytes = mantissa.to_be_bytes(); + Length::try_from(strip_leading_zeroes(&mbytes).len())? + }; + + exponent_len + mantissa_len + Length::ONE + } + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + // Check if special value + // Encode zero first, if it's zero + // Special value from section 8.5.9 if non zero + if self.is_nan() + || self.is_infinite() + || (self.is_sign_negative() && -self < f64::MIN_POSITIVE) + || (self.is_sign_positive() && (*self) < f64::MIN_POSITIVE) + { + if self.is_sign_positive() && (*self) < f64::MIN_POSITIVE { + // Zero + return Ok(()); + } else if self.is_nan() { + // Not a number + writer.write_byte(0b0100_0010)?; + } else if self.is_infinite() { + if self.is_sign_negative() { + // Negative infinity + writer.write_byte(0b0100_0001)?; + } else { + // Plus infinity + writer.write_byte(0b0100_0000)?; + } + } else { + // Minus zero + writer.write_byte(0b0100_0011)?; + } + } else { + // Always use binary encoding, set bit 8 to 1 + let mut first_byte = 0b1000_0000; + + if self.is_sign_negative() { + // Section 8.5.7.1: set bit 7 to 1 if negative + first_byte |= 0b0100_0000; + } + + // Bits 6 and 5 are set to 0 to specify that binary encoding is used + // + // NOTE: the scaling factor is only used to align the implicit point of the mantissa. + // This is unnecessary in DER because the base is 2, and therefore necessarily aligned. + // Therefore, we do not modify the mantissa in anyway after this function call, which + // already adds the implicit one of the IEEE 754 representation. + let (_sign, exponent, mantissa) = decode_f64(*self); + + // Encode the exponent as two's complement on 16 bits and remove the bias + let exponent_bytes = exponent.to_be_bytes(); + let ebytes = strip_leading_zeroes(&exponent_bytes); + + match ebytes.len() { + 0 | 1 => {} + 2 => first_byte |= 0b0000_0001, + 3 => first_byte |= 0b0000_0010, + _ => { + // TODO: support multi octet exponent encoding? + return Err(Tag::Real.value_error()); + } + } + + writer.write_byte(first_byte)?; + + // Encode both bytes or just the last one, handled by encode_bytes directly + // Rust already encodes the data as two's complement, so no further processing is needed + writer.write(ebytes)?; + + // Now, encode the mantissa as unsigned binary number + let mantissa_bytes = mantissa.to_be_bytes(); + let mbytes = strip_leading_zeroes(&mantissa_bytes); + writer.write(mbytes)?; + } + + Ok(()) + } +} + +impl FixedTag for f64 { + const TAG: Tag = Tag::Real; +} + +/// Is the N-th bit 1 in the first octet? +/// NOTE: this function is zero indexed +pub(crate) fn is_nth_bit_one(bytes: &[u8]) -> bool { + if N < 8 { + bytes + .first() + .map(|byte| byte & (1 << N) != 0) + .unwrap_or(false) + } else { + false + } +} + +/// Convert bits M, N into a u8, in the first octet only +pub(crate) fn mnth_bits_to_u8(bytes: &[u8]) -> u8 { + let bit_m = is_nth_bit_one::(bytes); + let bit_n = is_nth_bit_one::(bytes); + (bit_m as u8) << 1 | bit_n as u8 +} + +/// Decode an f64 as its sign, exponent, and mantissa in u64 and in that order, using bit shifts and masks. +/// Note: this function **removes** the 1023 bias from the exponent and adds the implicit 1 +#[allow(clippy::cast_possible_truncation)] +pub(crate) fn decode_f64(f: f64) -> (u64, u64, u64) { + let bits = f.to_bits(); + let sign = bits >> 63; + let exponent = bits >> 52 & 0x7ff; + let exponent_bytes_no_bias = (exponent as i16 - 1023).to_be_bytes(); + let exponent_no_bias = u64::from_be_bytes([ + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + exponent_bytes_no_bias[0], + exponent_bytes_no_bias[1], + ]); + let mantissa = bits & 0xfffffffffffff; + (sign, exponent_no_bias, mantissa + 1) +} + +/// Encode an f64 from its sign, exponent (**without** the 1023 bias), and (mantissa - 1) using bit shifts as received by ASN1 +pub(crate) fn encode_f64(sign: u64, exponent: u64, mantissa: u64) -> f64 { + // Add the bias to the exponent + let exponent_with_bias = + (i16::from_be_bytes([exponent.to_be_bytes()[6], exponent.to_be_bytes()[7]]) + 1023) as u64; + let bits = sign << 63 | exponent_with_bias << 52 | (mantissa - 1); + f64::from_bits(bits) +} + +#[cfg(test)] +mod tests { + use crate::{Decode, Encode}; + + #[test] + fn decode_subnormal() { + assert!(f64::from_der(&[0x09, 0x01, 0b0100_0010]).unwrap().is_nan()); + let plus_infty = f64::from_der(&[0x09, 0x01, 0b0100_0000]).unwrap(); + assert!(plus_infty.is_infinite() && plus_infty.is_sign_positive()); + let neg_infty = f64::from_der(&[0x09, 0x01, 0b0100_0001]).unwrap(); + assert!(neg_infty.is_infinite() && neg_infty.is_sign_negative()); + let neg_zero = f64::from_der(&[0x09, 0x01, 0b0100_0011]).unwrap(); + assert!(neg_zero.is_sign_negative() && neg_zero.abs() < f64::EPSILON); + } + + #[test] + fn encode_subnormal() { + // All subnormal fit in three bytes + let mut buffer = [0u8; 3]; + assert_eq!( + &[0x09, 0x01, 0b0100_0010], + f64::NAN.encode_to_slice(&mut buffer).unwrap() + ); + assert_eq!( + &[0x09, 0x01, 0b0100_0000], + f64::INFINITY.encode_to_slice(&mut buffer).unwrap() + ); + assert_eq!( + &[0x09, 0x01, 0b0100_0001], + f64::NEG_INFINITY.encode_to_slice(&mut buffer).unwrap() + ); + assert_eq!( + &[0x09, 0x01, 0b0100_0011], + (-0.0_f64).encode_to_slice(&mut buffer).unwrap() + ); + } + + #[test] + fn encdec_normal() { + // The comments correspond to the decoded value from the ASN.1 playground when the bytes are inputed. + { + // rec1value R ::= 0 + let val = 0.0; + let expected = &[0x09, 0x0]; + let mut buffer = [0u8; 2]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + // rec1value R ::= { mantissa 1, base 2, exponent 0 } + let val = 1.0; + let expected = &[0x09, 0x03, 0x80, 0x00, 0x01]; + let mut buffer = [0u8; 5]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + // rec1value R ::= { mantissa -1, base 2, exponent 0 } + let val = -1.0; + let expected = &[0x09, 0x03, 0xc0, 0x00, 0x01]; + let mut buffer = [0u8; 5]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + // rec1value R ::= { mantissa -1, base 2, exponent 1 } + let val = -1.0000000000000002; + let expected = &[0x09, 0x03, 0xc0, 0x00, 0x02]; + let mut buffer = [0u8; 5]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + // rec1value R ::= { mantissa 1, base 2, exponent -1022 } + // NOTE: f64::MIN_EXP == -1021 so the exponent decoded by ASN.1 is what we expect + let val = f64::MIN_POSITIVE; + let expected = &[0x09, 0x04, 0x81, 0xfc, 0x02, 0x01]; + let mut buffer = [0u8; 7]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + // rec4value R ::= { mantissa 1, base 2, exponent 3 } + let val = 1.0000000000000016; + let expected = &[0x09, 0x03, 0x80, 0x00, 0x08]; + let mut buffer = [0u8; 5]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + // rec5value R ::= { mantissa 4222124650659841, base 2, exponent 4 } + let val = 31.0; + let expected = &[ + 0x9, 0x9, 0x80, 0x04, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + ]; + let mut buffer = [0u8; 11]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + } + + #[test] + fn encdec_irrationals() { + { + let val = core::f64::consts::PI; + let expected = &[ + 0x09, 0x09, 0x80, 0x01, 0x09, 0x21, 0xfb, 0x54, 0x44, 0x2d, 0x19, + ]; + let mut buffer = [0u8; 11]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = core::f64::consts::E; + let expected = &[ + 0x09, 0x09, 0x80, 0x01, 0x05, 0xbf, 0x0a, 0x8b, 0x14, 0x57, 0x6a, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + { + let val = core::f64::consts::LN_2; + let expected = &[ + 0x09, 0x0a, 0x81, 0xff, 0xff, 0x6, 0x2e, 0x42, 0xfe, 0xfa, 0x39, 0xf0, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + } + + #[test] + fn encdec_reasonable_f64() { + // Tests the encoding and decoding of reals with some arbitrary numbers + { + // rec1value R ::= { mantissa 2414341043715239, base 2, exponent 21 } + let val = 3221417.1584163485; + let expected = &[ + 0x9, 0x9, 0x80, 0x15, 0x8, 0x93, 0xd4, 0x94, 0x46, 0xfc, 0xa7, + ]; + let mut buffer = [0u8; 11]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + // rec1value R ::= { mantissa 2671155248072715, base 2, exponent 23 } + let val = 13364022.365665454; + let expected = &[ + 0x09, 0x09, 0x80, 0x17, 0x09, 0x7d, 0x66, 0xcb, 0xb3, 0x88, 0x0b, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + // rec1value R ::= { mantissa -4386812962460287, base 2, exponent 14 } + let val = -32343.132588105735; + let expected = &[ + 0x09, 0x09, 0xc0, 0x0e, 0x0f, 0x95, 0xc8, 0x7c, 0x52, 0xd2, 0x7f, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = -27084.866751869475; + let expected = &[ + 0x09, 0x09, 0xc0, 0x0e, 0x0a, 0x73, 0x37, 0x78, 0xdc, 0xd5, 0x4a, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + // rec1value R ::= { mantissa -4372913134428149, base 2, exponent 7 } + let val = -252.28566647111404; + let expected = &[ + 0x09, 0x09, 0xc0, 0x07, 0x0f, 0x89, 0x24, 0x2e, 0x02, 0xdf, 0xf5, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = -14.399709612928548; + let expected = &[ + 0x09, 0x09, 0xc0, 0x03, 0x0c, 0xcc, 0xa6, 0xbd, 0x06, 0xd9, 0x92, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = -0.08340570261832964; + let expected = &[ + 0x09, 0x0a, 0xc1, 0xff, 0xfc, 0x05, 0x5a, 0x13, 0x7d, 0x0b, 0xae, 0x3d, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = 0.00536851453803701; + let expected = &[ + 0x09, 0x0a, 0x81, 0xff, 0xf8, 0x05, 0xfd, 0x4b, 0xa5, 0xe7, 0x4c, 0x93, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = 0.00045183525648866433; + let expected = &[ + 0x09, 0x0a, 0x81, 0xff, 0xf4, 0x0d, 0x9c, 0x89, 0xa6, 0x59, 0x33, 0x39, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = 0.000033869092002682955; + let expected = &[ + 0x09, 0x0a, 0x81, 0xff, 0xf1, 0x01, 0xc1, 0xd5, 0x23, 0xd5, 0x54, 0x7c, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = 0.0000011770891033600088; + let expected = &[ + 0x09, 0x0a, 0x81, 0xff, 0xec, 0x03, 0xbf, 0x8f, 0x27, 0xf4, 0x62, 0x56, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = 0.00000005549514041997082; + let expected = &[ + 0x09, 0x0a, 0x81, 0xff, 0xe7, 0x0d, 0xcb, 0x31, 0xab, 0x6e, 0xb8, 0xd7, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = 0.0000000012707044685547803; + let expected = &[ + 0x09, 0x0a, 0x81, 0xff, 0xe2, 0x05, 0xd4, 0x9e, 0x0a, 0xf2, 0xff, 0x1f, + ]; + let mut buffer = [0u8; 12]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + + { + let val = 0.00000000002969611878378562; + let expected = &[ + 0x09, 0x09, 0x81, 0xff, 0xdd, 0x53, 0x5b, 0x6f, 0x97, 0xee, 0xb6, + ]; + let mut buffer = [0u8; 11]; + let encoded = val.encode_to_slice(&mut buffer).unwrap(); + assert_eq!( + expected, encoded, + "invalid encoding of {}:\ngot {:x?}\nwant: {:x?}", + val, encoded, expected + ); + let decoded = f64::from_der(encoded).unwrap(); + assert!( + (decoded - val).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + val, + decoded + ); + } + } + + #[test] + fn reject_non_canonical() { + assert!(f64::from_der(&[0x09, 0x81, 0x00]).is_err()); + } + + #[test] + fn encdec_f64() { + use super::{decode_f64, encode_f64}; + // Test that the extraction and recreation works + for val in [ + 1.0, + 0.1, + -0.1, + -1.0, + 0.0, + f64::MIN_POSITIVE, + f64::MAX, + f64::MIN, + 3.1415, + 951.2357864, + -3.1415, + -951.2357864, + ] { + let (s, e, m) = decode_f64(val); + let val2 = encode_f64(s, e, m); + assert!( + (val - val2).abs() < f64::EPSILON, + "fail - want {}\tgot {}", + val, + val2 + ); + } + } + + #[test] + fn validation_cases() { + // Caveat: these test cases are validated on the ASN.1 playground: https://asn1.io/asn1playground/ . + // The test case consists in inputing the bytes in the "decode" field and checking that the decoded + // value corresponds to the one encoded here. + // This tool encodes _all_ values that are non-zero in the ISO 6093 NR3 representation. + // This does not seem to perfectly adhere to the ITU specifications, Special Cases section. + // The implementation of this crate correctly supports decoding such values. It will, however, + // systematically encode REALs in their base 2 form, with a scaling factor where needed to + // ensure that the mantissa is either odd or zero (as per section 11.3.1). + + // Positive trivial numbers + { + let expect = 10.0; + let testcase = &[0x09, 0x05, 0x03, 0x31, 0x2E, 0x45, 0x31]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + let expect = 100.0; + let testcase = &[0x09, 0x05, 0x03, 0x31, 0x2E, 0x45, 0x32]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + let expect = 101.0; + let testcase = &[0x09, 0x08, 0x03, 0x31, 0x30, 0x31, 0x2E, 0x45, 0x2B, 0x30]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + let expect = 101.0; + let testcase = &[0x09, 0x08, 0x03, 0x31, 0x30, 0x31, 0x2E, 0x45, 0x2B, 0x30]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + let expect = 0.0; + let testcase = &[0x09, 0x00]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + let expect = 951.2357864; + let testcase = &[ + 0x09, 0x0F, 0x03, 0x39, 0x35, 0x31, 0x32, 0x33, 0x35, 0x37, 0x38, 0x36, 0x34, 0x2E, + 0x45, 0x2D, 0x37, + ]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + // Negative trivial numbers + { + let expect = -10.0; + let testcase = &[0x09, 0x06, 0x03, 0x2D, 0x31, 0x2E, 0x45, 0x31]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + let expect = -100.0; + let testcase = &[0x09, 0x06, 0x03, 0x2D, 0x31, 0x2E, 0x45, 0x32]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + let expect = -101.0; + let testcase = &[ + 0x09, 0x09, 0x03, 0x2D, 0x31, 0x30, 0x31, 0x2E, 0x45, 0x2B, 0x30, + ]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + let expect = -0.5; + let testcase = &[0x09, 0x07, 0x03, 0x2D, 0x35, 0x2E, 0x45, 0x2D, 0x31]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + let expect = -0.0; + let testcase = &[0x09, 0x03, 0x01, 0x2D, 0x30]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + { + // Test NR3 decoding + let expect = -951.2357864; + let testcase = &[ + 0x09, 0x10, 0x03, 0x2D, 0x39, 0x35, 0x31, 0x32, 0x33, 0x35, 0x37, 0x38, 0x36, 0x34, + 0x2E, 0x45, 0x2D, 0x37, + ]; + let decoded = f64::from_der(testcase).unwrap(); + assert!( + (decoded - expect).abs() < f64::EPSILON, + "wanted: {}\tgot: {}", + expect, + decoded + ); + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/sequence.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/sequence.rs new file mode 100644 index 000000000000..ad4a5d52e5a2 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/sequence.rs @@ -0,0 +1,53 @@ +//! The [`Sequence`] trait simplifies writing decoders/encoders which map ASN.1 +//! `SEQUENCE`s to Rust structs. + +use crate::{ + BytesRef, DecodeValue, EncodeValue, FixedTag, Header, Length, Reader, Result, Tag, Writer, +}; + +#[cfg(feature = "alloc")] +use alloc::boxed::Box; + +/// Marker trait for ASN.1 `SEQUENCE`s. +/// +/// This is mainly used for custom derive. +pub trait Sequence<'a>: DecodeValue<'a> + EncodeValue {} + +impl<'a, S> FixedTag for S +where + S: Sequence<'a>, +{ + const TAG: Tag = Tag::Sequence; +} + +#[cfg(feature = "alloc")] +impl<'a, T> Sequence<'a> for Box where T: Sequence<'a> {} + +/// The [`SequenceRef`] type provides raw access to the octets which comprise a +/// DER-encoded `SEQUENCE`. +/// +/// This is a zero-copy reference type which borrows from the input data. +pub struct SequenceRef<'a> { + /// Body of the `SEQUENCE`. + body: BytesRef<'a>, +} + +impl<'a> DecodeValue<'a> for SequenceRef<'a> { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Ok(Self { + body: BytesRef::decode_value(reader, header)?, + }) + } +} + +impl EncodeValue for SequenceRef<'_> { + fn value_len(&self) -> Result { + Ok(self.body.len()) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + self.body.encode_value(writer) + } +} + +impl<'a> Sequence<'a> for SequenceRef<'a> {} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/sequence_of.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/sequence_of.rs new file mode 100644 index 000000000000..befb0298f829 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/sequence_of.rs @@ -0,0 +1,230 @@ +//! ASN.1 `SEQUENCE OF` support. + +use crate::{ + arrayvec, ord::iter_cmp, ArrayVec, Decode, DecodeValue, DerOrd, Encode, EncodeValue, FixedTag, + Header, Length, Reader, Result, Tag, ValueOrd, Writer, +}; +use core::cmp::Ordering; + +#[cfg(feature = "alloc")] +use alloc::vec::Vec; + +/// ASN.1 `SEQUENCE OF` backed by an array. +/// +/// This type implements an append-only `SEQUENCE OF` type which is stack-based +/// and does not depend on `alloc` support. +// TODO(tarcieri): use `ArrayVec` when/if it's merged into `core` +// See: https://github.com/rust-lang/rfcs/pull/2990 +#[derive(Clone, Debug, Eq, PartialEq)] +pub struct SequenceOf { + inner: ArrayVec, +} + +impl SequenceOf { + /// Create a new [`SequenceOf`]. + pub fn new() -> Self { + Self { + inner: ArrayVec::new(), + } + } + + /// Add an element to this [`SequenceOf`]. + pub fn add(&mut self, element: T) -> Result<()> { + self.inner.push(element) + } + + /// Get an element of this [`SequenceOf`]. + pub fn get(&self, index: usize) -> Option<&T> { + self.inner.get(index) + } + + /// Iterate over the elements in this [`SequenceOf`]. + pub fn iter(&self) -> SequenceOfIter<'_, T> { + SequenceOfIter { + inner: self.inner.iter(), + } + } + + /// Is this [`SequenceOf`] empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } + + /// Number of elements in this [`SequenceOf`]. + pub fn len(&self) -> usize { + self.inner.len() + } +} + +impl Default for SequenceOf { + fn default() -> Self { + Self::new() + } +} + +impl<'a, T, const N: usize> DecodeValue<'a> for SequenceOf +where + T: Decode<'a>, +{ + fn decode_value>(reader: &mut R, header: Header) -> Result { + reader.read_nested(header.length, |reader| { + let mut sequence_of = Self::new(); + + while !reader.is_finished() { + sequence_of.add(T::decode(reader)?)?; + } + + Ok(sequence_of) + }) + } +} + +impl EncodeValue for SequenceOf +where + T: Encode, +{ + fn value_len(&self) -> Result { + self.iter() + .fold(Ok(Length::ZERO), |len, elem| len + elem.encoded_len()?) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + for elem in self.iter() { + elem.encode(writer)?; + } + + Ok(()) + } +} + +impl FixedTag for SequenceOf { + const TAG: Tag = Tag::Sequence; +} + +impl ValueOrd for SequenceOf +where + T: DerOrd, +{ + fn value_cmp(&self, other: &Self) -> Result { + iter_cmp(self.iter(), other.iter()) + } +} + +/// Iterator over the elements of an [`SequenceOf`]. +#[derive(Clone, Debug)] +pub struct SequenceOfIter<'a, T> { + /// Inner iterator. + inner: arrayvec::Iter<'a, T>, +} + +impl<'a, T> Iterator for SequenceOfIter<'a, T> { + type Item = &'a T; + + fn next(&mut self) -> Option<&'a T> { + self.inner.next() + } +} + +impl<'a, T> ExactSizeIterator for SequenceOfIter<'a, T> {} + +impl<'a, T, const N: usize> DecodeValue<'a> for [T; N] +where + T: Decode<'a>, +{ + fn decode_value>(reader: &mut R, header: Header) -> Result { + let sequence_of = SequenceOf::::decode_value(reader, header)?; + + // TODO(tarcieri): use `[T; N]::try_map` instead of `expect` when stable + if sequence_of.inner.len() == N { + Ok(sequence_of + .inner + .into_array() + .map(|elem| elem.expect("arrayvec length mismatch"))) + } else { + Err(Self::TAG.length_error()) + } + } +} + +impl EncodeValue for [T; N] +where + T: Encode, +{ + fn value_len(&self) -> Result { + self.iter() + .fold(Ok(Length::ZERO), |len, elem| len + elem.encoded_len()?) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + for elem in self { + elem.encode(writer)?; + } + + Ok(()) + } +} + +impl FixedTag for [T; N] { + const TAG: Tag = Tag::Sequence; +} + +impl ValueOrd for [T; N] +where + T: DerOrd, +{ + fn value_cmp(&self, other: &Self) -> Result { + iter_cmp(self.iter(), other.iter()) + } +} + +#[cfg(feature = "alloc")] +impl<'a, T> DecodeValue<'a> for Vec +where + T: Decode<'a>, +{ + fn decode_value>(reader: &mut R, header: Header) -> Result { + reader.read_nested(header.length, |reader| { + let mut sequence_of = Self::new(); + + while !reader.is_finished() { + sequence_of.push(T::decode(reader)?); + } + + Ok(sequence_of) + }) + } +} + +#[cfg(feature = "alloc")] +impl EncodeValue for Vec +where + T: Encode, +{ + fn value_len(&self) -> Result { + self.iter() + .fold(Ok(Length::ZERO), |len, elem| len + elem.encoded_len()?) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + for elem in self { + elem.encode(writer)?; + } + + Ok(()) + } +} + +#[cfg(feature = "alloc")] +impl FixedTag for Vec { + const TAG: Tag = Tag::Sequence; +} + +#[cfg(feature = "alloc")] +impl ValueOrd for Vec +where + T: DerOrd, +{ + fn value_cmp(&self, other: &Self) -> Result { + iter_cmp(self.iter(), other.iter()) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/set_of.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/set_of.rs new file mode 100644 index 000000000000..ff0131242024 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/set_of.rs @@ -0,0 +1,539 @@ +//! ASN.1 `SET OF` support. +//! +//! # Ordering Notes +//! +//! Some DER serializer implementations fail to properly sort elements of a +//! `SET OF`. This is technically non-canonical, but occurs frequently +//! enough that most DER decoders tolerate it. Unfortunately because +//! of that, we must also follow suit. +//! +//! However, all types in this module sort elements of a set at decode-time, +//! ensuring they'll be in the proper order if reserialized. + +use crate::{ + arrayvec, ord::iter_cmp, ArrayVec, Decode, DecodeValue, DerOrd, Encode, EncodeValue, Error, + ErrorKind, FixedTag, Header, Length, Reader, Result, Tag, ValueOrd, Writer, +}; +use core::cmp::Ordering; + +#[cfg(feature = "alloc")] +use {alloc::vec::Vec, core::slice}; + +/// ASN.1 `SET OF` backed by an array. +/// +/// This type implements an append-only `SET OF` type which is stack-based +/// and does not depend on `alloc` support. +// TODO(tarcieri): use `ArrayVec` when/if it's merged into `core` +// See: https://github.com/rust-lang/rfcs/pull/2990 +#[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct SetOf +where + T: DerOrd, +{ + inner: ArrayVec, +} + +impl SetOf +where + T: DerOrd, +{ + /// Create a new [`SetOf`]. + pub fn new() -> Self { + Self { + inner: ArrayVec::default(), + } + } + + /// Add an item to this [`SetOf`]. + /// + /// Items MUST be added in lexicographical order according to the + /// [`DerOrd`] impl on `T`. + #[deprecated(since = "0.7.6", note = "use `insert` or `insert_ordered` instead")] + pub fn add(&mut self, new_elem: T) -> Result<()> { + self.insert_ordered(new_elem) + } + + /// Insert an item into this [`SetOf`]. + pub fn insert(&mut self, item: T) -> Result<()> { + self.inner.push(item)?; + der_sort(self.inner.as_mut()) + } + + /// Insert an item into this [`SetOf`]. + /// + /// Items MUST be added in lexicographical order according to the + /// [`DerOrd`] impl on `T`. + pub fn insert_ordered(&mut self, item: T) -> Result<()> { + // Ensure set elements are lexicographically ordered + if let Some(last) = self.inner.last() { + check_der_ordering(last, &item)?; + } + + self.inner.push(item) + } + + /// Get the nth element from this [`SetOf`]. + pub fn get(&self, index: usize) -> Option<&T> { + self.inner.get(index) + } + + /// Iterate over the elements of this [`SetOf`]. + pub fn iter(&self) -> SetOfIter<'_, T> { + SetOfIter { + inner: self.inner.iter(), + } + } + + /// Is this [`SetOf`] empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } + + /// Number of elements in this [`SetOf`]. + pub fn len(&self) -> usize { + self.inner.len() + } +} + +impl Default for SetOf +where + T: DerOrd, +{ + fn default() -> Self { + Self::new() + } +} + +impl<'a, T, const N: usize> DecodeValue<'a> for SetOf +where + T: Decode<'a> + DerOrd, +{ + fn decode_value>(reader: &mut R, header: Header) -> Result { + reader.read_nested(header.length, |reader| { + let mut result = Self::new(); + + while !reader.is_finished() { + result.inner.push(T::decode(reader)?)?; + } + + der_sort(result.inner.as_mut())?; + validate(result.inner.as_ref())?; + Ok(result) + }) + } +} + +impl<'a, T, const N: usize> EncodeValue for SetOf +where + T: 'a + Decode<'a> + Encode + DerOrd, +{ + fn value_len(&self) -> Result { + self.iter() + .fold(Ok(Length::ZERO), |len, elem| len + elem.encoded_len()?) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + for elem in self.iter() { + elem.encode(writer)?; + } + + Ok(()) + } +} + +impl<'a, T, const N: usize> FixedTag for SetOf +where + T: Decode<'a> + DerOrd, +{ + const TAG: Tag = Tag::Set; +} + +impl TryFrom<[T; N]> for SetOf +where + T: DerOrd, +{ + type Error = Error; + + fn try_from(mut arr: [T; N]) -> Result> { + der_sort(&mut arr)?; + + let mut result = SetOf::new(); + + for elem in arr { + result.insert_ordered(elem)?; + } + + Ok(result) + } +} + +impl ValueOrd for SetOf +where + T: DerOrd, +{ + fn value_cmp(&self, other: &Self) -> Result { + iter_cmp(self.iter(), other.iter()) + } +} + +/// Iterator over the elements of an [`SetOf`]. +#[derive(Clone, Debug)] +pub struct SetOfIter<'a, T> { + /// Inner iterator. + inner: arrayvec::Iter<'a, T>, +} + +impl<'a, T> Iterator for SetOfIter<'a, T> { + type Item = &'a T; + + fn next(&mut self) -> Option<&'a T> { + self.inner.next() + } +} + +impl<'a, T> ExactSizeIterator for SetOfIter<'a, T> {} + +/// ASN.1 `SET OF` backed by a [`Vec`]. +/// +/// This type implements an append-only `SET OF` type which is heap-backed +/// and depends on `alloc` support. +#[cfg(feature = "alloc")] +#[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct SetOfVec +where + T: DerOrd, +{ + inner: Vec, +} + +#[cfg(feature = "alloc")] +impl Default for SetOfVec { + fn default() -> Self { + Self { + inner: Default::default(), + } + } +} + +#[cfg(feature = "alloc")] +impl SetOfVec +where + T: DerOrd, +{ + /// Create a new [`SetOfVec`]. + pub fn new() -> Self { + Self { + inner: Vec::default(), + } + } + + /// Create a new [`SetOfVec`] from the given iterator. + /// + /// Note: this is an inherent method instead of an impl of the + /// [`FromIterator`] trait in order to be fallible. + #[allow(clippy::should_implement_trait)] + pub fn from_iter(iter: I) -> Result + where + I: IntoIterator, + { + Vec::from_iter(iter).try_into() + } + + /// Add an element to this [`SetOfVec`]. + /// + /// Items MUST be added in lexicographical order according to the + /// [`DerOrd`] impl on `T`. + #[deprecated(since = "0.7.6", note = "use `insert` or `insert_ordered` instead")] + pub fn add(&mut self, item: T) -> Result<()> { + self.insert_ordered(item) + } + + /// Extend a [`SetOfVec`] using an iterator. + /// + /// Note: this is an inherent method instead of an impl of the + /// [`Extend`] trait in order to be fallible. + pub fn extend(&mut self, iter: I) -> Result<()> + where + I: IntoIterator, + { + self.inner.extend(iter); + der_sort(&mut self.inner) + } + + /// Insert an item into this [`SetOfVec`]. Must be unique. + pub fn insert(&mut self, item: T) -> Result<()> { + self.inner.push(item); + der_sort(&mut self.inner) + } + + /// Insert an item into this [`SetOfVec`]. Must be unique. + /// + /// Items MUST be added in lexicographical order according to the + /// [`DerOrd`] impl on `T`. + pub fn insert_ordered(&mut self, item: T) -> Result<()> { + // Ensure set elements are lexicographically ordered + if let Some(last) = self.inner.last() { + check_der_ordering(last, &item)?; + } + + self.inner.push(item); + Ok(()) + } + + /// Borrow the elements of this [`SetOfVec`] as a slice. + pub fn as_slice(&self) -> &[T] { + self.inner.as_slice() + } + + /// Get the nth element from this [`SetOfVec`]. + pub fn get(&self, index: usize) -> Option<&T> { + self.inner.get(index) + } + + /// Convert this [`SetOfVec`] into the inner [`Vec`]. + pub fn into_vec(self) -> Vec { + self.inner + } + + /// Iterate over the elements of this [`SetOfVec`]. + pub fn iter(&self) -> slice::Iter<'_, T> { + self.inner.iter() + } + + /// Is this [`SetOfVec`] empty? + pub fn is_empty(&self) -> bool { + self.inner.is_empty() + } + + /// Number of elements in this [`SetOfVec`]. + pub fn len(&self) -> usize { + self.inner.len() + } +} + +#[cfg(feature = "alloc")] +impl AsRef<[T]> for SetOfVec +where + T: DerOrd, +{ + fn as_ref(&self) -> &[T] { + self.as_slice() + } +} + +#[cfg(feature = "alloc")] +impl<'a, T> DecodeValue<'a> for SetOfVec +where + T: Decode<'a> + DerOrd, +{ + fn decode_value>(reader: &mut R, header: Header) -> Result { + reader.read_nested(header.length, |reader| { + let mut inner = Vec::new(); + + while !reader.is_finished() { + inner.push(T::decode(reader)?); + } + + der_sort(inner.as_mut())?; + validate(inner.as_ref())?; + Ok(Self { inner }) + }) + } +} + +#[cfg(feature = "alloc")] +impl<'a, T> EncodeValue for SetOfVec +where + T: 'a + Decode<'a> + Encode + DerOrd, +{ + fn value_len(&self) -> Result { + self.iter() + .fold(Ok(Length::ZERO), |len, elem| len + elem.encoded_len()?) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + for elem in self.iter() { + elem.encode(writer)?; + } + + Ok(()) + } +} + +#[cfg(feature = "alloc")] +impl FixedTag for SetOfVec +where + T: DerOrd, +{ + const TAG: Tag = Tag::Set; +} + +#[cfg(feature = "alloc")] +impl From> for Vec +where + T: DerOrd, +{ + fn from(set: SetOfVec) -> Vec { + set.into_vec() + } +} + +#[cfg(feature = "alloc")] +impl TryFrom> for SetOfVec +where + T: DerOrd, +{ + type Error = Error; + + fn try_from(mut vec: Vec) -> Result> { + der_sort(vec.as_mut_slice())?; + Ok(SetOfVec { inner: vec }) + } +} + +#[cfg(feature = "alloc")] +impl TryFrom<[T; N]> for SetOfVec +where + T: DerOrd, +{ + type Error = Error; + + fn try_from(arr: [T; N]) -> Result> { + Vec::from(arr).try_into() + } +} + +#[cfg(feature = "alloc")] +impl ValueOrd for SetOfVec +where + T: DerOrd, +{ + fn value_cmp(&self, other: &Self) -> Result { + iter_cmp(self.iter(), other.iter()) + } +} + +// Implement by hand because the derive would create invalid values. +// Use the conversion from Vec to create a valid value. +#[cfg(feature = "arbitrary")] +impl<'a, T> arbitrary::Arbitrary<'a> for SetOfVec +where + T: DerOrd + arbitrary::Arbitrary<'a>, +{ + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + Self::try_from( + u.arbitrary_iter()? + .collect::, _>>()?, + ) + .map_err(|_| arbitrary::Error::IncorrectFormat) + } + + fn size_hint(_depth: usize) -> (usize, Option) { + (0, None) + } +} + +/// Ensure set elements are lexicographically ordered using [`DerOrd`]. +fn check_der_ordering(a: &T, b: &T) -> Result<()> { + match a.der_cmp(b)? { + Ordering::Less => Ok(()), + Ordering::Equal => Err(ErrorKind::SetDuplicate.into()), + Ordering::Greater => Err(ErrorKind::SetOrdering.into()), + } +} + +/// Sort a mut slice according to its [`DerOrd`], returning any errors which +/// might occur during the comparison. +/// +/// The algorithm is insertion sort, which should perform well when the input +/// is mostly sorted to begin with. +/// +/// This function is used rather than Rust's built-in `[T]::sort_by` in order +/// to support heapless `no_std` targets as well as to enable bubbling up +/// sorting errors. +#[allow(clippy::integer_arithmetic)] +fn der_sort(slice: &mut [T]) -> Result<()> { + for i in 0..slice.len() { + let mut j = i; + + while j > 0 { + match slice[j - 1].der_cmp(&slice[j])? { + Ordering::Less => break, + Ordering::Equal => return Err(ErrorKind::SetDuplicate.into()), + Ordering::Greater => { + slice.swap(j - 1, j); + j -= 1; + } + } + } + } + + Ok(()) +} + +/// Validate the elements of a `SET OF`, ensuring that they are all in order +/// and that there are no duplicates. +fn validate(slice: &[T]) -> Result<()> { + if let Some(len) = slice.len().checked_sub(1) { + for i in 0..len { + let j = i.checked_add(1).ok_or(ErrorKind::Overflow)?; + + match slice.get(i..=j) { + Some([a, b]) => { + if a.der_cmp(b)? != Ordering::Less { + return Err(ErrorKind::SetOrdering.into()); + } + } + _ => return Err(Tag::Set.value_error()), + } + } + } + + Ok(()) +} + +#[cfg(test)] +mod tests { + use super::SetOf; + #[cfg(feature = "alloc")] + use super::SetOfVec; + use crate::ErrorKind; + + #[test] + fn setof_tryfrom_array() { + let arr = [3u16, 2, 1, 65535, 0]; + let set = SetOf::try_from(arr).unwrap(); + assert!(set.iter().copied().eq([0, 1, 2, 3, 65535])); + } + + #[test] + fn setof_tryfrom_array_reject_duplicates() { + let arr = [1u16, 1]; + let err = SetOf::try_from(arr).err().unwrap(); + assert_eq!(err.kind(), ErrorKind::SetDuplicate); + } + + #[cfg(feature = "alloc")] + #[test] + fn setofvec_tryfrom_array() { + let arr = [3u16, 2, 1, 65535, 0]; + let set = SetOfVec::try_from(arr).unwrap(); + assert_eq!(set.as_ref(), &[0, 1, 2, 3, 65535]); + } + + #[cfg(feature = "alloc")] + #[test] + fn setofvec_tryfrom_vec() { + let vec = vec![3u16, 2, 1, 65535, 0]; + let set = SetOfVec::try_from(vec).unwrap(); + assert_eq!(set.as_ref(), &[0, 1, 2, 3, 65535]); + } + + #[cfg(feature = "alloc")] + #[test] + fn setofvec_tryfrom_vec_reject_duplicates() { + let vec = vec![1u16, 1]; + let err = SetOfVec::try_from(vec).err().unwrap(); + assert_eq!(err.kind(), ErrorKind::SetDuplicate); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/teletex_string.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/teletex_string.rs new file mode 100644 index 000000000000..337c071e5e65 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/teletex_string.rs @@ -0,0 +1,217 @@ +//! ASN.1 `TeletexString` support. +//! +use crate::{asn1::AnyRef, FixedTag, Result, StrRef, Tag}; +use core::{fmt, ops::Deref}; + +macro_rules! impl_teletex_string { + ($type: ty) => { + impl_teletex_string!($type,); + }; + ($type: ty, $($li: lifetime)?) => { + impl_string_type!($type, $($li),*); + + impl<$($li),*> FixedTag for $type { + const TAG: Tag = Tag::TeletexString; + } + + impl<$($li),*> fmt::Debug for $type { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "TeletexString({:?})", self.as_str()) + } + } + }; +} + +/// ASN.1 `TeletexString` type. +/// +/// Supports a subset the ASCII character set (described below). +/// +/// For UTF-8, use [`Utf8StringRef`][`crate::asn1::Utf8StringRef`] instead. +/// For the full ASCII character set, use +/// [`Ia5StringRef`][`crate::asn1::Ia5StringRef`]. +/// +/// This is a zero-copy reference type which borrows from the input data. +/// +/// # Supported characters +/// +/// The standard defines a complex character set allowed in this type. However, quoting the ASN.1 +/// mailing list, "a sizable volume of software in the world treats TeletexString (T61String) as a +/// simple 8-bit string with mostly Windows Latin 1 (superset of iso-8859-1) encoding". +/// +#[derive(Copy, Clone, Eq, PartialEq, PartialOrd, Ord)] +pub struct TeletexStringRef<'a> { + /// Inner value + inner: StrRef<'a>, +} + +impl<'a> TeletexStringRef<'a> { + /// Create a new ASN.1 `TeletexString`. + pub fn new(input: &'a T) -> Result + where + T: AsRef<[u8]> + ?Sized, + { + let input = input.as_ref(); + + // FIXME: support higher part of the charset + if input.iter().any(|&c| c > 0x7F) { + return Err(Self::TAG.value_error()); + } + + StrRef::from_bytes(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } +} + +impl_teletex_string!(TeletexStringRef<'a>, 'a); + +impl<'a> Deref for TeletexStringRef<'a> { + type Target = StrRef<'a>; + + fn deref(&self) -> &Self::Target { + &self.inner + } +} + +impl<'a> From<&TeletexStringRef<'a>> for TeletexStringRef<'a> { + fn from(value: &TeletexStringRef<'a>) -> TeletexStringRef<'a> { + *value + } +} + +impl<'a> From> for AnyRef<'a> { + fn from(teletex_string: TeletexStringRef<'a>) -> AnyRef<'a> { + AnyRef::from_tag_and_value(Tag::TeletexString, teletex_string.inner.into()) + } +} + +#[cfg(feature = "alloc")] +pub use self::allocation::TeletexString; + +#[cfg(feature = "alloc")] +mod allocation { + use super::TeletexStringRef; + + use crate::{ + asn1::AnyRef, + referenced::{OwnedToRef, RefToOwned}, + BytesRef, Error, FixedTag, Result, StrOwned, Tag, + }; + use alloc::string::String; + use core::{fmt, ops::Deref}; + + /// ASN.1 `TeletexString` type. + /// + /// Supports a subset the ASCII character set (described below). + /// + /// For UTF-8, use [`Utf8StringRef`][`crate::asn1::Utf8StringRef`] instead. + /// For the full ASCII character set, use + /// [`Ia5StringRef`][`crate::asn1::Ia5StringRef`]. + /// + /// # Supported characters + /// + /// The standard defines a complex character set allowed in this type. However, quoting the ASN.1 + /// mailing list, "a sizable volume of software in the world treats TeletexString (T61String) as a + /// simple 8-bit string with mostly Windows Latin 1 (superset of iso-8859-1) encoding". + /// + #[derive(Clone, Eq, PartialEq, PartialOrd, Ord)] + pub struct TeletexString { + /// Inner value + inner: StrOwned, + } + + impl TeletexString { + /// Create a new ASN.1 `TeletexString`. + pub fn new(input: &T) -> Result + where + T: AsRef<[u8]> + ?Sized, + { + let input = input.as_ref(); + + TeletexStringRef::new(input)?; + + StrOwned::from_bytes(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } + } + + impl_teletex_string!(TeletexString); + + impl Deref for TeletexString { + type Target = StrOwned; + + fn deref(&self) -> &Self::Target { + &self.inner + } + } + + impl<'a> From> for TeletexString { + fn from(value: TeletexStringRef<'a>) -> TeletexString { + let inner = + StrOwned::from_bytes(value.inner.as_bytes()).expect("Invalid TeletexString"); + Self { inner } + } + } + + impl<'a> From<&'a TeletexString> for AnyRef<'a> { + fn from(teletex_string: &'a TeletexString) -> AnyRef<'a> { + AnyRef::from_tag_and_value( + Tag::TeletexString, + BytesRef::new(teletex_string.inner.as_bytes()).expect("Invalid TeletexString"), + ) + } + } + + impl<'a> RefToOwned<'a> for TeletexStringRef<'a> { + type Owned = TeletexString; + fn ref_to_owned(&self) -> Self::Owned { + TeletexString { + inner: self.inner.ref_to_owned(), + } + } + } + + impl OwnedToRef for TeletexString { + type Borrowed<'a> = TeletexStringRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + TeletexStringRef { + inner: self.inner.owned_to_ref(), + } + } + } + + impl TryFrom for TeletexString { + type Error = Error; + + fn try_from(input: String) -> Result { + TeletexStringRef::new(&input)?; + + StrOwned::new(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } + } +} + +#[cfg(test)] +mod tests { + use super::TeletexStringRef; + use crate::Decode; + use crate::SliceWriter; + + #[test] + fn parse_bytes() { + let example_bytes = &[ + 0x14, 0x0b, 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x65, 0x72, 0x20, 0x31, + ]; + + let teletex_string = TeletexStringRef::from_der(example_bytes).unwrap(); + assert_eq!(teletex_string.as_str(), "Test User 1"); + let mut out = [0_u8; 30]; + let mut writer = SliceWriter::new(&mut out); + writer.encode(&teletex_string).unwrap(); + let encoded = writer.finish().unwrap(); + assert_eq!(encoded, example_bytes); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/utc_time.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/utc_time.rs new file mode 100644 index 000000000000..9f2f1713bf8b --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/utc_time.rs @@ -0,0 +1,242 @@ +//! ASN.1 `UTCTime` support. + +use crate::{ + datetime::{self, DateTime}, + ord::OrdIsValueOrd, + DecodeValue, EncodeValue, Error, ErrorKind, FixedTag, Header, Length, Reader, Result, Tag, + Writer, +}; +use core::time::Duration; + +#[cfg(feature = "std")] +use std::time::SystemTime; + +/// ASN.1 `UTCTime` type. +/// +/// This type implements the validity requirements specified in +/// [RFC 5280 Section 4.1.2.5.1][1], namely: +/// +/// > For the purposes of this profile, UTCTime values MUST be expressed in +/// > Greenwich Mean Time (Zulu) and MUST include seconds (i.e., times are +/// > `YYMMDDHHMMSSZ`), even where the number of seconds is zero. Conforming +/// > systems MUST interpret the year field (`YY`) as follows: +/// > +/// > - Where `YY` is greater than or equal to 50, the year SHALL be +/// > interpreted as `19YY`; and +/// > - Where `YY` is less than 50, the year SHALL be interpreted as `20YY`. +/// +/// Note: Due to common operations working on `UNIX_EPOCH` [`UtcTime`]s are +/// only supported for the years 1970-2049. +/// +/// [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1 +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct UtcTime(DateTime); + +impl UtcTime { + /// Length of an RFC 5280-flavored ASN.1 DER-encoded [`UtcTime`]. + pub const LENGTH: usize = 13; + + /// Maximum year that can be represented as a `UTCTime`. + pub const MAX_YEAR: u16 = 2049; + + /// Create a [`UtcTime`] from a [`DateTime`]. + pub fn from_date_time(datetime: DateTime) -> Result { + if datetime.year() <= UtcTime::MAX_YEAR { + Ok(Self(datetime)) + } else { + Err(Self::TAG.value_error()) + } + } + + /// Convert this [`UtcTime`] into a [`DateTime`]. + pub fn to_date_time(&self) -> DateTime { + self.0 + } + + /// Create a new [`UtcTime`] given a [`Duration`] since `UNIX_EPOCH` + /// (a.k.a. "Unix time") + pub fn from_unix_duration(unix_duration: Duration) -> Result { + DateTime::from_unix_duration(unix_duration)?.try_into() + } + + /// Get the duration of this timestamp since `UNIX_EPOCH`. + pub fn to_unix_duration(&self) -> Duration { + self.0.unix_duration() + } + + /// Instantiate from [`SystemTime`]. + #[cfg(feature = "std")] + pub fn from_system_time(time: SystemTime) -> Result { + DateTime::try_from(time) + .map_err(|_| Self::TAG.value_error())? + .try_into() + } + + /// Convert to [`SystemTime`]. + #[cfg(feature = "std")] + pub fn to_system_time(&self) -> SystemTime { + self.0.to_system_time() + } +} + +impl_any_conversions!(UtcTime); + +impl<'a> DecodeValue<'a> for UtcTime { + fn decode_value>(reader: &mut R, header: Header) -> Result { + if Self::LENGTH != usize::try_from(header.length)? { + return Err(Self::TAG.value_error()); + } + + let mut bytes = [0u8; Self::LENGTH]; + reader.read_into(&mut bytes)?; + + match bytes { + // RFC 5280 requires mandatory seconds and Z-normalized time zone + [year1, year2, mon1, mon2, day1, day2, hour1, hour2, min1, min2, sec1, sec2, b'Z'] => { + let year = u16::from(datetime::decode_decimal(Self::TAG, year1, year2)?); + let month = datetime::decode_decimal(Self::TAG, mon1, mon2)?; + let day = datetime::decode_decimal(Self::TAG, day1, day2)?; + let hour = datetime::decode_decimal(Self::TAG, hour1, hour2)?; + let minute = datetime::decode_decimal(Self::TAG, min1, min2)?; + let second = datetime::decode_decimal(Self::TAG, sec1, sec2)?; + + // RFC 5280 rules for interpreting the year + let year = if year >= 50 { + year.checked_add(1900) + } else { + year.checked_add(2000) + } + .ok_or(ErrorKind::DateTime)?; + + DateTime::new(year, month, day, hour, minute, second) + .map_err(|_| Self::TAG.value_error()) + .and_then(|dt| Self::from_unix_duration(dt.unix_duration())) + } + _ => Err(Self::TAG.value_error()), + } + } +} + +impl EncodeValue for UtcTime { + fn value_len(&self) -> Result { + Self::LENGTH.try_into() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + let year = match self.0.year() { + y @ 1950..=1999 => y.checked_sub(1900), + y @ 2000..=2049 => y.checked_sub(2000), + _ => return Err(Self::TAG.value_error()), + } + .and_then(|y| u8::try_from(y).ok()) + .ok_or(ErrorKind::DateTime)?; + + datetime::encode_decimal(writer, Self::TAG, year)?; + datetime::encode_decimal(writer, Self::TAG, self.0.month())?; + datetime::encode_decimal(writer, Self::TAG, self.0.day())?; + datetime::encode_decimal(writer, Self::TAG, self.0.hour())?; + datetime::encode_decimal(writer, Self::TAG, self.0.minutes())?; + datetime::encode_decimal(writer, Self::TAG, self.0.seconds())?; + writer.write_byte(b'Z') + } +} + +impl FixedTag for UtcTime { + const TAG: Tag = Tag::UtcTime; +} + +impl OrdIsValueOrd for UtcTime {} + +impl From<&UtcTime> for UtcTime { + fn from(value: &UtcTime) -> UtcTime { + *value + } +} + +impl From for DateTime { + fn from(utc_time: UtcTime) -> DateTime { + utc_time.0 + } +} + +impl From<&UtcTime> for DateTime { + fn from(utc_time: &UtcTime) -> DateTime { + utc_time.0 + } +} + +impl TryFrom for UtcTime { + type Error = Error; + + fn try_from(datetime: DateTime) -> Result { + Self::from_date_time(datetime) + } +} + +impl TryFrom<&DateTime> for UtcTime { + type Error = Error; + + fn try_from(datetime: &DateTime) -> Result { + Self::from_date_time(*datetime) + } +} + +#[cfg(feature = "std")] +impl From for SystemTime { + fn from(utc_time: UtcTime) -> SystemTime { + utc_time.to_system_time() + } +} + +// Implement by hand because the derive would create invalid values. +// Use the conversion from DateTime to create a valid value. +// The DateTime type has a way bigger range of valid years than UtcTime, +// so the DateTime year is mapped into a valid range to throw away less inputs. +#[cfg(feature = "arbitrary")] +impl<'a> arbitrary::Arbitrary<'a> for UtcTime { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + const MIN_YEAR: u16 = 1970; + const VALID_YEAR_COUNT: u16 = UtcTime::MAX_YEAR - MIN_YEAR + 1; + const AVERAGE_SECONDS_IN_YEAR: u64 = 31_556_952; + + let datetime = DateTime::arbitrary(u)?; + let year = datetime.year(); + let duration = datetime.unix_duration(); + + // Clamp the year into a valid range to not throw away too much input + let valid_year = (year.saturating_sub(MIN_YEAR)) + .rem_euclid(VALID_YEAR_COUNT) + .saturating_add(MIN_YEAR); + let year_to_remove = year.saturating_sub(valid_year); + let valid_duration = duration + - Duration::from_secs( + u64::from(year_to_remove).saturating_mul(AVERAGE_SECONDS_IN_YEAR), + ); + + Self::from_date_time(DateTime::from_unix_duration(valid_duration).expect("supported range")) + .map_err(|_| arbitrary::Error::IncorrectFormat) + } + + fn size_hint(depth: usize) -> (usize, Option) { + DateTime::size_hint(depth) + } +} + +#[cfg(test)] +mod tests { + use super::UtcTime; + use crate::{Decode, Encode, SliceWriter}; + use hex_literal::hex; + + #[test] + fn round_trip_vector() { + let example_bytes = hex!("17 0d 39 31 30 35 30 36 32 33 34 35 34 30 5a"); + let utc_time = UtcTime::from_der(&example_bytes).unwrap(); + assert_eq!(utc_time.to_unix_duration().as_secs(), 673573540); + + let mut buf = [0u8; 128]; + let mut encoder = SliceWriter::new(&mut buf); + utc_time.encode(&mut encoder).unwrap(); + assert_eq!(example_bytes, encoder.finish().unwrap()); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/utf8_string.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/utf8_string.rs new file mode 100644 index 000000000000..6018750a01fe --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/utf8_string.rs @@ -0,0 +1,164 @@ +//! ASN.1 `UTF8String` support. + +use crate::{ + asn1::AnyRef, ord::OrdIsValueOrd, EncodeValue, Error, FixedTag, Length, Result, StrRef, Tag, + Writer, +}; +use core::{fmt, ops::Deref, str}; + +#[cfg(feature = "alloc")] +use { + crate::{DecodeValue, Header, Reader}, + alloc::{borrow::ToOwned, string::String}, +}; + +/// ASN.1 `UTF8String` type. +/// +/// Supports the full UTF-8 encoding. +/// +/// Note that the [`Decode`][`crate::Decode`] and [`Encode`][`crate::Encode`] +/// traits are impl'd for Rust's [`str`][`prim@str`] primitive, which +/// decodes/encodes as a [`Utf8StringRef`]. +/// +/// You are free to use [`str`][`prim@str`] instead of this type, however it's +/// still provided for explicitness in cases where it might be ambiguous with +/// other ASN.1 string encodings such as +/// [`PrintableStringRef`][`crate::asn1::PrintableStringRef`]. +/// +/// This is a zero-copy reference type which borrows from the input data. +#[derive(Copy, Clone, Eq, PartialEq, PartialOrd, Ord)] +pub struct Utf8StringRef<'a> { + /// Inner value + inner: StrRef<'a>, +} + +impl<'a> Utf8StringRef<'a> { + /// Create a new ASN.1 `UTF8String`. + pub fn new(input: &'a T) -> Result + where + T: AsRef<[u8]> + ?Sized, + { + StrRef::from_bytes(input.as_ref()).map(|inner| Self { inner }) + } +} + +impl_string_type!(Utf8StringRef<'a>, 'a); + +impl<'a> Deref for Utf8StringRef<'a> { + type Target = StrRef<'a>; + + fn deref(&self) -> &Self::Target { + &self.inner + } +} + +impl FixedTag for Utf8StringRef<'_> { + const TAG: Tag = Tag::Utf8String; +} + +impl<'a> From<&Utf8StringRef<'a>> for Utf8StringRef<'a> { + fn from(value: &Utf8StringRef<'a>) -> Utf8StringRef<'a> { + *value + } +} + +impl<'a> From> for AnyRef<'a> { + fn from(utf_string: Utf8StringRef<'a>) -> AnyRef<'a> { + AnyRef::from_tag_and_value(Tag::Utf8String, utf_string.inner.into()) + } +} + +impl<'a> fmt::Debug for Utf8StringRef<'a> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "Utf8String({:?})", self.as_str()) + } +} + +impl<'a> TryFrom> for &'a str { + type Error = Error; + + fn try_from(any: AnyRef<'a>) -> Result<&'a str> { + Utf8StringRef::try_from(any).map(|s| s.as_str()) + } +} + +impl EncodeValue for str { + fn value_len(&self) -> Result { + Utf8StringRef::new(self)?.value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + Utf8StringRef::new(self)?.encode_value(writer) + } +} + +impl FixedTag for str { + const TAG: Tag = Tag::Utf8String; +} + +impl OrdIsValueOrd for str {} + +#[cfg(feature = "alloc")] +impl<'a> From> for String { + fn from(s: Utf8StringRef<'a>) -> String { + s.as_str().to_owned() + } +} + +#[cfg(feature = "alloc")] +impl<'a> TryFrom> for String { + type Error = Error; + + fn try_from(any: AnyRef<'a>) -> Result { + Utf8StringRef::try_from(any).map(|s| s.as_str().to_owned()) + } +} + +#[cfg(feature = "alloc")] +impl<'a> DecodeValue<'a> for String { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Ok(String::from_utf8(reader.read_vec(header.length)?)?) + } +} + +#[cfg(feature = "alloc")] +impl EncodeValue for String { + fn value_len(&self) -> Result { + Utf8StringRef::new(self)?.value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + Utf8StringRef::new(self)?.encode_value(writer) + } +} + +#[cfg(feature = "alloc")] +impl FixedTag for String { + const TAG: Tag = Tag::Utf8String; +} + +#[cfg(feature = "alloc")] +impl OrdIsValueOrd for String {} + +#[cfg(test)] +mod tests { + use super::Utf8StringRef; + use crate::Decode; + + #[test] + fn parse_ascii_bytes() { + let example_bytes = &[ + 0x0c, 0x0b, 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x65, 0x72, 0x20, 0x31, + ]; + + let utf8_string = Utf8StringRef::from_der(example_bytes).unwrap(); + assert_eq!(utf8_string.as_str(), "Test User 1"); + } + + #[test] + fn parse_utf8_bytes() { + let example_bytes = &[0x0c, 0x06, 0x48, 0x65, 0x6c, 0x6c, 0xc3, 0xb3]; + let utf8_string = Utf8StringRef::from_der(example_bytes).unwrap(); + assert_eq!(utf8_string.as_str(), "Helló"); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/videotex_string.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/videotex_string.rs new file mode 100644 index 000000000000..55b1a49cf712 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/videotex_string.rs @@ -0,0 +1,98 @@ +//! ASN.1 `VideotexString` support. + +use crate::{asn1::AnyRef, FixedTag, Result, StrRef, Tag}; +use core::{fmt, ops::Deref}; + +/// ASN.1 `VideotexString` type. +/// +/// Supports a subset the ASCII character set (described below). +/// +/// For UTF-8, use [`Utf8StringRef`][`crate::asn1::Utf8StringRef`] instead. +/// For the full ASCII character set, use +/// [`Ia5StringRef`][`crate::asn1::Ia5StringRef`]. +/// +/// This is a zero-copy reference type which borrows from the input data. +/// +/// # Supported characters +/// +/// For the practical purposes VideotexString is treated as IA5string, disallowing non-ASCII chars. +/// +#[derive(Copy, Clone, Eq, PartialEq, PartialOrd, Ord)] +pub struct VideotexStringRef<'a> { + /// Inner value + inner: StrRef<'a>, +} + +impl<'a> VideotexStringRef<'a> { + /// Create a new ASN.1 `VideotexString`. + pub fn new(input: &'a T) -> Result + where + T: AsRef<[u8]> + ?Sized, + { + let input = input.as_ref(); + + // Validate all characters are within VideotexString's allowed set + // FIXME: treat as if it were IA5String + if input.iter().any(|&c| c > 0x7F) { + return Err(Self::TAG.value_error()); + } + + StrRef::from_bytes(input) + .map(|inner| Self { inner }) + .map_err(|_| Self::TAG.value_error()) + } +} + +impl_string_type!(VideotexStringRef<'a>, 'a); + +impl<'a> Deref for VideotexStringRef<'a> { + type Target = StrRef<'a>; + + fn deref(&self) -> &Self::Target { + &self.inner + } +} + +impl FixedTag for VideotexStringRef<'_> { + const TAG: Tag = Tag::VideotexString; +} + +impl<'a> From<&VideotexStringRef<'a>> for VideotexStringRef<'a> { + fn from(value: &VideotexStringRef<'a>) -> VideotexStringRef<'a> { + *value + } +} + +impl<'a> From> for AnyRef<'a> { + fn from(printable_string: VideotexStringRef<'a>) -> AnyRef<'a> { + AnyRef::from_tag_and_value(Tag::VideotexString, printable_string.inner.into()) + } +} + +impl<'a> From> for &'a [u8] { + fn from(printable_string: VideotexStringRef<'a>) -> &'a [u8] { + printable_string.as_bytes() + } +} + +impl<'a> fmt::Debug for VideotexStringRef<'a> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "VideotexString({:?})", self.as_str()) + } +} + +#[cfg(test)] +mod tests { + use super::VideotexStringRef; + use crate::Decode; + + #[test] + fn parse_bytes() { + let example_bytes = &[ + 0x15, 0x0b, 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x65, 0x72, 0x20, 0x31, + ]; + + let printable_string = VideotexStringRef::from_der(example_bytes).unwrap(); + assert_eq!(printable_string.as_str(), "Test User 1"); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/bytes_owned.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/bytes_owned.rs new file mode 100644 index 000000000000..b5e928e3b875 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/bytes_owned.rs @@ -0,0 +1,162 @@ +//! Common handling for types backed by byte allocation with enforcement of a +//! library-level length limitation i.e. `Length::max()`. + +use crate::{ + referenced::OwnedToRef, BytesRef, DecodeValue, DerOrd, EncodeValue, Error, Header, Length, + Reader, Result, StrRef, Writer, +}; +use alloc::{boxed::Box, vec::Vec}; +use core::cmp::Ordering; + +/// Byte slice newtype which respects the `Length::max()` limit. +#[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub(crate) struct BytesOwned { + /// Precomputed `Length` (avoids possible panicking conversions) + length: Length, + + /// Inner value + inner: Box<[u8]>, +} + +impl BytesOwned { + /// Create a new [`BytesOwned`], ensuring that the provided `slice` value + /// is shorter than `Length::max()`. + pub fn new(data: impl Into>) -> Result { + let inner: Box<[u8]> = data.into(); + + Ok(Self { + length: Length::try_from(inner.len())?, + inner, + }) + } + + /// Borrow the inner byte slice + pub fn as_slice(&self) -> &[u8] { + &self.inner + } + + /// Get the [`Length`] of this [`BytesRef`] + pub fn len(&self) -> Length { + self.length + } + + /// Is this [`BytesOwned`] empty? + pub fn is_empty(&self) -> bool { + self.len() == Length::ZERO + } +} + +impl AsRef<[u8]> for BytesOwned { + fn as_ref(&self) -> &[u8] { + self.as_slice() + } +} + +impl<'a> DecodeValue<'a> for BytesOwned { + fn decode_value>(reader: &mut R, header: Header) -> Result { + reader.read_vec(header.length).and_then(Self::new) + } +} + +impl EncodeValue for BytesOwned { + fn value_len(&self) -> Result { + Ok(self.length) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_ref()) + } +} + +impl Default for BytesOwned { + fn default() -> Self { + Self { + length: Length::ZERO, + inner: Box::new([]), + } + } +} + +impl DerOrd for BytesOwned { + fn der_cmp(&self, other: &Self) -> Result { + Ok(self.as_slice().cmp(other.as_slice())) + } +} + +impl From for Box<[u8]> { + fn from(bytes: BytesOwned) -> Box<[u8]> { + bytes.inner + } +} + +impl From> for BytesOwned { + fn from(s: StrRef<'_>) -> BytesOwned { + let bytes = s.as_bytes(); + debug_assert_eq!(bytes.len(), usize::try_from(s.length).expect("overflow")); + + BytesOwned { + inner: Box::from(bytes), + length: s.length, + } + } +} + +impl OwnedToRef for BytesOwned { + type Borrowed<'a> = BytesRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + BytesRef { + length: self.length, + inner: self.inner.as_ref(), + } + } +} + +impl From> for BytesOwned { + fn from(s: BytesRef<'_>) -> BytesOwned { + BytesOwned { + length: s.length, + inner: Box::from(s.inner), + } + } +} + +impl TryFrom<&[u8]> for BytesOwned { + type Error = Error; + + fn try_from(bytes: &[u8]) -> Result { + Self::new(bytes) + } +} + +impl TryFrom> for BytesOwned { + type Error = Error; + + fn try_from(bytes: Box<[u8]>) -> Result { + Self::new(bytes) + } +} + +impl TryFrom> for BytesOwned { + type Error = Error; + + fn try_from(bytes: Vec) -> Result { + Self::new(bytes) + } +} + +// Implement by hand because the derive would create invalid values. +// Make sure the length and the inner.len matches. +#[cfg(feature = "arbitrary")] +impl<'a> arbitrary::Arbitrary<'a> for BytesOwned { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + let length = u.arbitrary()?; + Ok(Self { + length, + inner: Box::from(u.bytes(u32::from(length) as usize)?), + }) + } + + fn size_hint(depth: usize) -> (usize, Option) { + arbitrary::size_hint::and(Length::size_hint(depth), (0, None)) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/bytes_ref.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/bytes_ref.rs new file mode 100644 index 000000000000..2cee4076ed15 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/bytes_ref.rs @@ -0,0 +1,152 @@ +//! Common handling for types backed by byte slices with enforcement of a +//! library-level length limitation i.e. `Length::max()`. + +use crate::{ + DecodeValue, DerOrd, EncodeValue, Error, Header, Length, Reader, Result, StrRef, Writer, +}; +use core::cmp::Ordering; + +#[cfg(feature = "alloc")] +use crate::StrOwned; + +/// Byte slice newtype which respects the `Length::max()` limit. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub(crate) struct BytesRef<'a> { + /// Precomputed `Length` (avoids possible panicking conversions) + pub length: Length, + + /// Inner value + pub inner: &'a [u8], +} + +impl<'a> BytesRef<'a> { + /// Constant value representing an empty byte slice. + pub const EMPTY: Self = Self { + length: Length::ZERO, + inner: &[], + }; + + /// Create a new [`BytesRef`], ensuring that the provided `slice` value + /// is shorter than `Length::max()`. + pub fn new(slice: &'a [u8]) -> Result { + Ok(Self { + length: Length::try_from(slice.len())?, + inner: slice, + }) + } + + /// Borrow the inner byte slice + pub fn as_slice(&self) -> &'a [u8] { + self.inner + } + + /// Get the [`Length`] of this [`BytesRef`] + pub fn len(self) -> Length { + self.length + } + + /// Is this [`BytesRef`] empty? + pub fn is_empty(self) -> bool { + self.len() == Length::ZERO + } +} + +impl AsRef<[u8]> for BytesRef<'_> { + fn as_ref(&self) -> &[u8] { + self.as_slice() + } +} + +impl<'a> DecodeValue<'a> for BytesRef<'a> { + fn decode_value>(reader: &mut R, header: Header) -> Result { + reader.read_slice(header.length).and_then(Self::new) + } +} + +impl EncodeValue for BytesRef<'_> { + fn value_len(&self) -> Result { + Ok(self.length) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_ref()) + } +} + +impl Default for BytesRef<'_> { + fn default() -> Self { + Self { + length: Length::ZERO, + inner: &[], + } + } +} + +impl DerOrd for BytesRef<'_> { + fn der_cmp(&self, other: &Self) -> Result { + Ok(self.as_slice().cmp(other.as_slice())) + } +} + +impl<'a> From> for BytesRef<'a> { + fn from(s: StrRef<'a>) -> BytesRef<'a> { + let bytes = s.as_bytes(); + debug_assert_eq!(bytes.len(), usize::try_from(s.length).expect("overflow")); + + BytesRef { + inner: bytes, + length: s.length, + } + } +} + +#[cfg(feature = "alloc")] +impl<'a> From<&'a StrOwned> for BytesRef<'a> { + fn from(s: &'a StrOwned) -> BytesRef<'a> { + let bytes = s.as_bytes(); + debug_assert_eq!(bytes.len(), usize::try_from(s.length).expect("overflow")); + + BytesRef { + inner: bytes, + length: s.length, + } + } +} + +impl<'a> TryFrom<&'a [u8]> for BytesRef<'a> { + type Error = Error; + + fn try_from(slice: &'a [u8]) -> Result { + Self::new(slice) + } +} + +// Implement by hand because the derive would create invalid values. +// Make sure the length and the inner.len matches. +#[cfg(feature = "arbitrary")] +impl<'a> arbitrary::Arbitrary<'a> for BytesRef<'a> { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + let length = u.arbitrary()?; + Ok(Self { + length, + inner: u.bytes(u32::from(length) as usize)?, + }) + } + + fn size_hint(depth: usize) -> (usize, Option) { + arbitrary::size_hint::and(Length::size_hint(depth), (0, None)) + } +} + +#[cfg(feature = "alloc")] +mod allocating { + use super::BytesRef; + use crate::{referenced::RefToOwned, BytesOwned}; + + impl<'a> RefToOwned<'a> for BytesRef<'a> { + type Owned = BytesOwned; + fn ref_to_owned(&self) -> Self::Owned { + BytesOwned::from(*self) + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/datetime.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/datetime.rs new file mode 100644 index 000000000000..fd09b6855dd7 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/datetime.rs @@ -0,0 +1,447 @@ +//! Date and time functionality shared between various ASN.1 types +//! (e.g. `GeneralizedTime`, `UTCTime`) + +// Adapted from the `humantime` crate. +// Copyright (c) 2016 The humantime Developers +// Released under the MIT OR Apache 2.0 licenses + +use crate::{Error, ErrorKind, Result, Tag, Writer}; +use core::{fmt, str::FromStr, time::Duration}; + +#[cfg(feature = "std")] +use std::time::{SystemTime, UNIX_EPOCH}; + +#[cfg(feature = "time")] +use time::PrimitiveDateTime; + +/// Minimum year allowed in [`DateTime`] values. +const MIN_YEAR: u16 = 1970; + +/// Maximum duration since `UNIX_EPOCH` which can be represented as a +/// [`DateTime`] (non-inclusive). +/// +/// This corresponds to: 9999-12-31T23:59:59Z +const MAX_UNIX_DURATION: Duration = Duration::from_secs(253_402_300_799); + +/// Date-and-time type shared by multiple ASN.1 types +/// (e.g. `GeneralizedTime`, `UTCTime`). +/// +/// Following conventions from RFC 5280, this type is always Z-normalized +/// (i.e. represents a UTC time). However, it isn't named "UTC time" in order +/// to prevent confusion with ASN.1 `UTCTime`. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct DateTime { + /// Full year (e.g. 2000). + /// + /// Must be >=1970 to permit positive conversions to Unix time. + year: u16, + + /// Month (1-12) + month: u8, + + /// Day of the month (1-31) + day: u8, + + /// Hour (0-23) + hour: u8, + + /// Minutes (0-59) + minutes: u8, + + /// Seconds (0-59) + seconds: u8, + + /// [`Duration`] since the Unix epoch. + unix_duration: Duration, +} + +impl DateTime { + /// This is the maximum date represented by the [`DateTime`] + /// This corresponds to: 9999-12-31T23:59:59Z + pub const INFINITY: DateTime = DateTime { + year: 9999, + month: 12, + day: 31, + hour: 23, + minutes: 59, + seconds: 59, + unix_duration: MAX_UNIX_DURATION, + }; + + /// Create a new [`DateTime`] from the given UTC time components. + // TODO(tarcieri): checked arithmetic + #[allow(clippy::integer_arithmetic)] + pub fn new(year: u16, month: u8, day: u8, hour: u8, minutes: u8, seconds: u8) -> Result { + // Basic validation of the components. + if year < MIN_YEAR + || !(1..=12).contains(&month) + || !(1..=31).contains(&day) + || !(0..=23).contains(&hour) + || !(0..=59).contains(&minutes) + || !(0..=59).contains(&seconds) + { + return Err(ErrorKind::DateTime.into()); + } + + let leap_years = + ((year - 1) - 1968) / 4 - ((year - 1) - 1900) / 100 + ((year - 1) - 1600) / 400; + + let is_leap_year = year % 4 == 0 && (year % 100 != 0 || year % 400 == 0); + + let (mut ydays, mdays): (u16, u8) = match month { + 1 => (0, 31), + 2 if is_leap_year => (31, 29), + 2 => (31, 28), + 3 => (59, 31), + 4 => (90, 30), + 5 => (120, 31), + 6 => (151, 30), + 7 => (181, 31), + 8 => (212, 31), + 9 => (243, 30), + 10 => (273, 31), + 11 => (304, 30), + 12 => (334, 31), + _ => return Err(ErrorKind::DateTime.into()), + }; + + if day > mdays || day == 0 { + return Err(ErrorKind::DateTime.into()); + } + + ydays += u16::from(day) - 1; + + if is_leap_year && month > 2 { + ydays += 1; + } + + let days = u64::from(year - 1970) * 365 + u64::from(leap_years) + u64::from(ydays); + let time = u64::from(seconds) + (u64::from(minutes) * 60) + (u64::from(hour) * 3600); + let unix_duration = Duration::from_secs(time + days * 86400); + + if unix_duration > MAX_UNIX_DURATION { + return Err(ErrorKind::DateTime.into()); + } + + Ok(Self { + year, + month, + day, + hour, + minutes, + seconds, + unix_duration, + }) + } + + /// Compute a [`DateTime`] from the given [`Duration`] since the `UNIX_EPOCH`. + /// + /// Returns `None` if the value is outside the supported date range. + // TODO(tarcieri): checked arithmetic + #[allow(clippy::integer_arithmetic)] + pub fn from_unix_duration(unix_duration: Duration) -> Result { + if unix_duration > MAX_UNIX_DURATION { + return Err(ErrorKind::DateTime.into()); + } + + let secs_since_epoch = unix_duration.as_secs(); + + /// 2000-03-01 (mod 400 year, immediately after Feb 29) + const LEAPOCH: i64 = 11017; + const DAYS_PER_400Y: i64 = 365 * 400 + 97; + const DAYS_PER_100Y: i64 = 365 * 100 + 24; + const DAYS_PER_4Y: i64 = 365 * 4 + 1; + + let days = i64::try_from(secs_since_epoch / 86400)? - LEAPOCH; + let secs_of_day = secs_since_epoch % 86400; + + let mut qc_cycles = days / DAYS_PER_400Y; + let mut remdays = days % DAYS_PER_400Y; + + if remdays < 0 { + remdays += DAYS_PER_400Y; + qc_cycles -= 1; + } + + let mut c_cycles = remdays / DAYS_PER_100Y; + if c_cycles == 4 { + c_cycles -= 1; + } + remdays -= c_cycles * DAYS_PER_100Y; + + let mut q_cycles = remdays / DAYS_PER_4Y; + if q_cycles == 25 { + q_cycles -= 1; + } + remdays -= q_cycles * DAYS_PER_4Y; + + let mut remyears = remdays / 365; + if remyears == 4 { + remyears -= 1; + } + remdays -= remyears * 365; + + let mut year = 2000 + remyears + 4 * q_cycles + 100 * c_cycles + 400 * qc_cycles; + + let months = [31, 30, 31, 30, 31, 31, 30, 31, 30, 31, 31, 29]; + let mut mon = 0; + for mon_len in months.iter() { + mon += 1; + if remdays < *mon_len { + break; + } + remdays -= *mon_len; + } + let mday = remdays + 1; + let mon = if mon + 2 > 12 { + year += 1; + mon - 10 + } else { + mon + 2 + }; + + let second = secs_of_day % 60; + let mins_of_day = secs_of_day / 60; + let minute = mins_of_day % 60; + let hour = mins_of_day / 60; + + Self::new( + year.try_into()?, + mon, + mday.try_into()?, + hour.try_into()?, + minute.try_into()?, + second.try_into()?, + ) + } + + /// Get the year. + pub fn year(&self) -> u16 { + self.year + } + + /// Get the month. + pub fn month(&self) -> u8 { + self.month + } + + /// Get the day. + pub fn day(&self) -> u8 { + self.day + } + + /// Get the hour. + pub fn hour(&self) -> u8 { + self.hour + } + + /// Get the minutes. + pub fn minutes(&self) -> u8 { + self.minutes + } + + /// Get the seconds. + pub fn seconds(&self) -> u8 { + self.seconds + } + + /// Compute [`Duration`] since `UNIX_EPOCH` from the given calendar date. + pub fn unix_duration(&self) -> Duration { + self.unix_duration + } + + /// Instantiate from [`SystemTime`]. + #[cfg(feature = "std")] + pub fn from_system_time(time: SystemTime) -> Result { + time.duration_since(UNIX_EPOCH) + .map_err(|_| ErrorKind::DateTime.into()) + .and_then(Self::from_unix_duration) + } + + /// Convert to [`SystemTime`]. + #[cfg(feature = "std")] + pub fn to_system_time(&self) -> SystemTime { + UNIX_EPOCH + self.unix_duration() + } +} + +impl FromStr for DateTime { + type Err = Error; + + fn from_str(s: &str) -> Result { + match *s.as_bytes() { + [year1, year2, year3, year4, b'-', month1, month2, b'-', day1, day2, b'T', hour1, hour2, b':', min1, min2, b':', sec1, sec2, b'Z'] => + { + let tag = Tag::GeneralizedTime; + let year = decode_year(&[year1, year2, year3, year4])?; + let month = decode_decimal(tag, month1, month2).map_err(|_| ErrorKind::DateTime)?; + let day = decode_decimal(tag, day1, day2).map_err(|_| ErrorKind::DateTime)?; + let hour = decode_decimal(tag, hour1, hour2).map_err(|_| ErrorKind::DateTime)?; + let minutes = decode_decimal(tag, min1, min2).map_err(|_| ErrorKind::DateTime)?; + let seconds = decode_decimal(tag, sec1, sec2).map_err(|_| ErrorKind::DateTime)?; + Self::new(year, month, day, hour, minutes, seconds) + } + _ => Err(ErrorKind::DateTime.into()), + } + } +} + +impl fmt::Display for DateTime { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!( + f, + "{:02}-{:02}-{:02}T{:02}:{:02}:{:02}Z", + self.year, self.month, self.day, self.hour, self.minutes, self.seconds + ) + } +} + +#[cfg(feature = "std")] +impl From for SystemTime { + fn from(time: DateTime) -> SystemTime { + time.to_system_time() + } +} + +#[cfg(feature = "std")] +impl From<&DateTime> for SystemTime { + fn from(time: &DateTime) -> SystemTime { + time.to_system_time() + } +} + +#[cfg(feature = "std")] +impl TryFrom for DateTime { + type Error = Error; + + fn try_from(time: SystemTime) -> Result { + DateTime::from_system_time(time) + } +} + +#[cfg(feature = "std")] +impl TryFrom<&SystemTime> for DateTime { + type Error = Error; + + fn try_from(time: &SystemTime) -> Result { + DateTime::from_system_time(*time) + } +} + +#[cfg(feature = "time")] +impl TryFrom for PrimitiveDateTime { + type Error = Error; + + fn try_from(time: DateTime) -> Result { + let month = time.month().try_into()?; + let date = time::Date::from_calendar_date(i32::from(time.year()), month, time.day())?; + let time = time::Time::from_hms(time.hour(), time.minutes(), time.seconds())?; + + Ok(PrimitiveDateTime::new(date, time)) + } +} + +#[cfg(feature = "time")] +impl TryFrom for DateTime { + type Error = Error; + + fn try_from(time: PrimitiveDateTime) -> Result { + DateTime::new( + time.year().try_into().map_err(|_| ErrorKind::DateTime)?, + time.month().into(), + time.day(), + time.hour(), + time.minute(), + time.second(), + ) + } +} + +// Implement by hand because the derive would create invalid values. +// Use the conversion from Duration to create a valid value. +#[cfg(feature = "arbitrary")] +impl<'a> arbitrary::Arbitrary<'a> for DateTime { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + Self::from_unix_duration(Duration::new( + u.int_in_range(0..=MAX_UNIX_DURATION.as_secs().saturating_sub(1))?, + u.int_in_range(0..=999_999_999)?, + )) + .map_err(|_| arbitrary::Error::IncorrectFormat) + } + + fn size_hint(depth: usize) -> (usize, Option) { + arbitrary::size_hint::and(u64::size_hint(depth), u32::size_hint(depth)) + } +} + +/// Decode 2-digit decimal value +// TODO(tarcieri): checked arithmetic +#[allow(clippy::integer_arithmetic)] +pub(crate) fn decode_decimal(tag: Tag, hi: u8, lo: u8) -> Result { + if hi.is_ascii_digit() && lo.is_ascii_digit() { + Ok((hi - b'0') * 10 + (lo - b'0')) + } else { + Err(tag.value_error()) + } +} + +/// Encode 2-digit decimal value +pub(crate) fn encode_decimal(writer: &mut W, tag: Tag, value: u8) -> Result<()> +where + W: Writer + ?Sized, +{ + let hi_val = value / 10; + + if hi_val >= 10 { + return Err(tag.value_error()); + } + + writer.write_byte(b'0'.checked_add(hi_val).ok_or(ErrorKind::Overflow)?)?; + writer.write_byte(b'0'.checked_add(value % 10).ok_or(ErrorKind::Overflow)?) +} + +/// Decode 4-digit year. +// TODO(tarcieri): checked arithmetic +#[allow(clippy::integer_arithmetic)] +fn decode_year(year: &[u8; 4]) -> Result { + let tag = Tag::GeneralizedTime; + let hi = decode_decimal(tag, year[0], year[1]).map_err(|_| ErrorKind::DateTime)?; + let lo = decode_decimal(tag, year[2], year[3]).map_err(|_| ErrorKind::DateTime)?; + Ok(u16::from(hi) * 100 + u16::from(lo)) +} + +#[cfg(test)] +mod tests { + use super::DateTime; + + /// Ensure a day is OK + fn is_date_valid(year: u16, month: u8, day: u8, hour: u8, minute: u8, second: u8) -> bool { + DateTime::new(year, month, day, hour, minute, second).is_ok() + } + + #[test] + fn feb_leap_year_handling() { + assert!(is_date_valid(2000, 2, 29, 0, 0, 0)); + assert!(!is_date_valid(2001, 2, 29, 0, 0, 0)); + assert!(!is_date_valid(2100, 2, 29, 0, 0, 0)); + } + + #[test] + fn from_str() { + let datetime = "2001-01-02T12:13:14Z".parse::().unwrap(); + assert_eq!(datetime.year(), 2001); + assert_eq!(datetime.month(), 1); + assert_eq!(datetime.day(), 2); + assert_eq!(datetime.hour(), 12); + assert_eq!(datetime.minutes(), 13); + assert_eq!(datetime.seconds(), 14); + } + + #[cfg(feature = "alloc")] + #[test] + fn display() { + use alloc::string::ToString; + let datetime = DateTime::new(2001, 01, 02, 12, 13, 14).unwrap(); + assert_eq!(&datetime.to_string(), "2001-01-02T12:13:14Z"); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/decode.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/decode.rs new file mode 100644 index 000000000000..fe53341b3e7a --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/decode.rs @@ -0,0 +1,99 @@ +//! Trait definition for [`Decode`]. + +use crate::{FixedTag, Header, Reader, Result, SliceReader}; +use core::marker::PhantomData; + +#[cfg(feature = "pem")] +use crate::{pem::PemLabel, PemReader}; + +#[cfg(doc)] +use crate::{Length, Tag}; + +#[cfg(feature = "alloc")] +use alloc::boxed::Box; + +/// Decoding trait. +/// +/// This trait provides the core abstraction upon which all decoding operations +/// are based. +pub trait Decode<'a>: Sized { + /// Attempt to decode this message using the provided decoder. + fn decode>(decoder: &mut R) -> Result; + + /// Parse `Self` from the provided DER-encoded byte slice. + fn from_der(bytes: &'a [u8]) -> Result { + let mut reader = SliceReader::new(bytes)?; + let result = Self::decode(&mut reader)?; + reader.finish(result) + } +} + +impl<'a, T> Decode<'a> for T +where + T: DecodeValue<'a> + FixedTag, +{ + fn decode>(reader: &mut R) -> Result { + let header = Header::decode(reader)?; + header.tag.assert_eq(T::TAG)?; + T::decode_value(reader, header) + } +} + +/// Dummy implementation for [`PhantomData`] which allows deriving +/// implementations on structs with phantom fields. +impl<'a, T> Decode<'a> for PhantomData +where + T: ?Sized, +{ + fn decode>(_reader: &mut R) -> Result> { + Ok(PhantomData) + } +} + +/// Marker trait for data structures that can be decoded from DER without +/// borrowing any data from the decoder. +/// +/// This is primarily useful for trait bounds on functions which require that +/// no data is borrowed from the decoder, for example a PEM decoder which needs +/// to first decode data from Base64. +/// +/// This trait is inspired by the [`DeserializeOwned` trait from `serde`](https://docs.rs/serde/latest/serde/de/trait.DeserializeOwned.html). +pub trait DecodeOwned: for<'a> Decode<'a> {} + +impl DecodeOwned for T where T: for<'a> Decode<'a> {} + +/// PEM decoding trait. +/// +/// This trait is automatically impl'd for any type which impls both +/// [`DecodeOwned`] and [`PemLabel`]. +#[cfg(feature = "pem")] +pub trait DecodePem: DecodeOwned + PemLabel { + /// Try to decode this type from PEM. + fn from_pem(pem: impl AsRef<[u8]>) -> Result; +} + +#[cfg(feature = "pem")] +impl DecodePem for T { + fn from_pem(pem: impl AsRef<[u8]>) -> Result { + let mut reader = PemReader::new(pem.as_ref())?; + Self::validate_pem_label(reader.type_label())?; + T::decode(&mut reader) + } +} + +/// Decode the value part of a Tag-Length-Value encoded field, sans the [`Tag`] +/// and [`Length`]. +pub trait DecodeValue<'a>: Sized { + /// Attempt to decode this message using the provided [`Reader`]. + fn decode_value>(reader: &mut R, header: Header) -> Result; +} + +#[cfg(feature = "alloc")] +impl<'a, T> DecodeValue<'a> for Box +where + T: DecodeValue<'a>, +{ + fn decode_value>(reader: &mut R, header: Header) -> Result { + Ok(Box::new(T::decode_value(reader, header)?)) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/document.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/document.rs new file mode 100644 index 000000000000..78355a67a8df --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/document.rs @@ -0,0 +1,354 @@ +//! ASN.1 DER-encoded documents stored on the heap. + +use crate::{Decode, Encode, Error, FixedTag, Length, Reader, Result, SliceReader, Tag, Writer}; +use alloc::vec::Vec; +use core::fmt::{self, Debug}; + +#[cfg(feature = "pem")] +use {crate::pem, alloc::string::String}; + +#[cfg(feature = "std")] +use std::{fs, path::Path}; + +#[cfg(all(feature = "pem", feature = "std"))] +use alloc::borrow::ToOwned; + +#[cfg(feature = "zeroize")] +use zeroize::{Zeroize, ZeroizeOnDrop, Zeroizing}; + +/// ASN.1 DER-encoded document. +/// +/// This type wraps an encoded ASN.1 DER message. The document checked to +/// ensure it contains a valid DER-encoded `SEQUENCE`. +/// +/// It implements common functionality related to encoding/decoding such +/// documents, such as PEM encapsulation as well as reading/writing documents +/// from/to the filesystem. +/// +/// The [`SecretDocument`] provides a wrapper for this type with additional +/// hardening applied. +#[derive(Clone, Eq, PartialEq)] +pub struct Document { + /// ASN.1 DER encoded bytes. + der_bytes: Vec, + + /// Length of this document. + length: Length, +} + +impl Document { + /// Get the ASN.1 DER-encoded bytes of this document. + pub fn as_bytes(&self) -> &[u8] { + self.der_bytes.as_slice() + } + + /// Convert to a [`SecretDocument`]. + #[cfg(feature = "zeroize")] + pub fn into_secret(self) -> SecretDocument { + SecretDocument(self) + } + + /// Convert to an ASN.1 DER-encoded byte vector. + pub fn into_vec(self) -> Vec { + self.der_bytes + } + + /// Return an ASN.1 DER-encoded byte vector. + pub fn to_vec(&self) -> Vec { + self.der_bytes.clone() + } + + /// Get the length of the encoded ASN.1 DER in bytes. + pub fn len(&self) -> Length { + self.length + } + + /// Try to decode the inner ASN.1 DER message contained in this + /// [`Document`] as the given type. + pub fn decode_msg<'a, T: Decode<'a>>(&'a self) -> Result { + T::from_der(self.as_bytes()) + } + + /// Encode the provided type as ASN.1 DER, storing the resulting encoded DER + /// as a [`Document`]. + pub fn encode_msg(msg: &T) -> Result { + msg.to_der()?.try_into() + } + + /// Decode ASN.1 DER document from PEM. + /// + /// Returns the PEM label and decoded [`Document`] on success. + #[cfg(feature = "pem")] + pub fn from_pem(pem: &str) -> Result<(&str, Self)> { + let (label, der_bytes) = pem::decode_vec(pem.as_bytes())?; + Ok((label, der_bytes.try_into()?)) + } + + /// Encode ASN.1 DER document as a PEM string with encapsulation boundaries + /// containing the provided PEM type `label` (e.g. `CERTIFICATE`). + #[cfg(feature = "pem")] + pub fn to_pem(&self, label: &'static str, line_ending: pem::LineEnding) -> Result { + Ok(pem::encode_string(label, line_ending, self.as_bytes())?) + } + + /// Read ASN.1 DER document from a file. + #[cfg(feature = "std")] + pub fn read_der_file(path: impl AsRef) -> Result { + fs::read(path)?.try_into() + } + + /// Write ASN.1 DER document to a file. + #[cfg(feature = "std")] + pub fn write_der_file(&self, path: impl AsRef) -> Result<()> { + Ok(fs::write(path, self.as_bytes())?) + } + + /// Read PEM-encoded ASN.1 DER document from a file. + #[cfg(all(feature = "pem", feature = "std"))] + pub fn read_pem_file(path: impl AsRef) -> Result<(String, Self)> { + Self::from_pem(&fs::read_to_string(path)?).map(|(label, doc)| (label.to_owned(), doc)) + } + + /// Write PEM-encoded ASN.1 DER document to a file. + #[cfg(all(feature = "pem", feature = "std"))] + pub fn write_pem_file( + &self, + path: impl AsRef, + label: &'static str, + line_ending: pem::LineEnding, + ) -> Result<()> { + let pem = self.to_pem(label, line_ending)?; + Ok(fs::write(path, pem.as_bytes())?) + } +} + +impl AsRef<[u8]> for Document { + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } +} + +impl Debug for Document { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("Document(")?; + + for byte in self.as_bytes() { + write!(f, "{:02X}", byte)?; + } + + f.write_str(")") + } +} + +impl<'a> Decode<'a> for Document { + fn decode>(reader: &mut R) -> Result { + let header = reader.peek_header()?; + let length = (header.encoded_len()? + header.length)?; + let bytes = reader.read_slice(length)?; + + Ok(Self { + der_bytes: bytes.into(), + length, + }) + } +} + +impl Encode for Document { + fn encoded_len(&self) -> Result { + Ok(self.len()) + } + + fn encode(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_bytes()) + } +} + +impl FixedTag for Document { + const TAG: Tag = Tag::Sequence; +} + +impl TryFrom<&[u8]> for Document { + type Error = Error; + + fn try_from(der_bytes: &[u8]) -> Result { + Self::from_der(der_bytes) + } +} + +impl TryFrom> for Document { + type Error = Error; + + fn try_from(der_bytes: Vec) -> Result { + let mut decoder = SliceReader::new(&der_bytes)?; + decode_sequence(&mut decoder)?; + decoder.finish(())?; + + let length = der_bytes.len().try_into()?; + Ok(Self { der_bytes, length }) + } +} + +/// Secret [`Document`] type. +/// +/// Useful for formats which represent potentially secret data, such as +/// cryptographic keys. +/// +/// This type provides additional hardening such as ensuring that the contents +/// are zeroized-on-drop, and also using more restrictive file permissions when +/// writing files to disk. +#[cfg(feature = "zeroize")] +#[derive(Clone)] +pub struct SecretDocument(Document); + +#[cfg(feature = "zeroize")] +impl SecretDocument { + /// Borrow the inner serialized bytes of this document. + pub fn as_bytes(&self) -> &[u8] { + self.0.as_bytes() + } + + /// Return an allocated ASN.1 DER serialization as a byte vector. + pub fn to_bytes(&self) -> Zeroizing> { + Zeroizing::new(self.0.to_vec()) + } + + /// Get the length of the encoded ASN.1 DER in bytes. + pub fn len(&self) -> Length { + self.0.len() + } + + /// Try to decode the inner ASN.1 DER message as the given type. + pub fn decode_msg<'a, T: Decode<'a>>(&'a self) -> Result { + self.0.decode_msg() + } + + /// Encode the provided type as ASN.1 DER. + pub fn encode_msg(msg: &T) -> Result { + Document::encode_msg(msg).map(Self) + } + + /// Decode ASN.1 DER document from PEM. + #[cfg(feature = "pem")] + pub fn from_pem(pem: &str) -> Result<(&str, Self)> { + Document::from_pem(pem).map(|(label, doc)| (label, Self(doc))) + } + + /// Encode ASN.1 DER document as a PEM string. + #[cfg(feature = "pem")] + pub fn to_pem( + &self, + label: &'static str, + line_ending: pem::LineEnding, + ) -> Result> { + self.0.to_pem(label, line_ending).map(Zeroizing::new) + } + + /// Read ASN.1 DER document from a file. + #[cfg(feature = "std")] + pub fn read_der_file(path: impl AsRef) -> Result { + Document::read_der_file(path).map(Self) + } + + /// Write ASN.1 DER document to a file. + #[cfg(feature = "std")] + pub fn write_der_file(&self, path: impl AsRef) -> Result<()> { + write_secret_file(path, self.as_bytes()) + } + + /// Read PEM-encoded ASN.1 DER document from a file. + #[cfg(all(feature = "pem", feature = "std"))] + pub fn read_pem_file(path: impl AsRef) -> Result<(String, Self)> { + Document::read_pem_file(path).map(|(label, doc)| (label, Self(doc))) + } + + /// Write PEM-encoded ASN.1 DER document to a file. + #[cfg(all(feature = "pem", feature = "std"))] + pub fn write_pem_file( + &self, + path: impl AsRef, + label: &'static str, + line_ending: pem::LineEnding, + ) -> Result<()> { + write_secret_file(path, self.to_pem(label, line_ending)?.as_bytes()) + } +} +#[cfg(feature = "zeroize")] +impl Debug for SecretDocument { + fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { + fmt.debug_struct("SecretDocument").finish_non_exhaustive() + } +} + +#[cfg(feature = "zeroize")] +impl Drop for SecretDocument { + fn drop(&mut self) { + self.0.der_bytes.zeroize(); + } +} + +#[cfg(feature = "zeroize")] +impl From for SecretDocument { + fn from(doc: Document) -> SecretDocument { + SecretDocument(doc) + } +} + +#[cfg(feature = "zeroize")] +impl TryFrom<&[u8]> for SecretDocument { + type Error = Error; + + fn try_from(der_bytes: &[u8]) -> Result { + Document::try_from(der_bytes).map(Self) + } +} + +#[cfg(feature = "zeroize")] +impl TryFrom> for SecretDocument { + type Error = Error; + + fn try_from(der_bytes: Vec) -> Result { + Document::try_from(der_bytes).map(Self) + } +} + +#[cfg(feature = "zeroize")] +impl ZeroizeOnDrop for SecretDocument {} + +/// Attempt to decode a ASN.1 `SEQUENCE` from the given decoder, returning the +/// entire sequence including the header. +fn decode_sequence<'a>(decoder: &mut SliceReader<'a>) -> Result<&'a [u8]> { + let header = decoder.peek_header()?; + header.tag.assert_eq(Tag::Sequence)?; + + let len = (header.encoded_len()? + header.length)?; + decoder.read_slice(len) +} + +/// Write a file containing secret data to the filesystem, restricting the +/// file permissions so it's only readable by the owner +#[cfg(all(unix, feature = "std", feature = "zeroize"))] +fn write_secret_file(path: impl AsRef, data: &[u8]) -> Result<()> { + use std::{io::Write, os::unix::fs::OpenOptionsExt}; + + /// File permissions for secret data + #[cfg(unix)] + const SECRET_FILE_PERMS: u32 = 0o600; + + fs::OpenOptions::new() + .create(true) + .write(true) + .truncate(true) + .mode(SECRET_FILE_PERMS) + .open(path) + .and_then(|mut file| file.write_all(data))?; + + Ok(()) +} + +/// Write a file containing secret data to the filesystem +// TODO(tarcieri): permissions hardening on Windows +#[cfg(all(not(unix), feature = "std", feature = "zeroize"))] +fn write_secret_file(path: impl AsRef, data: &[u8]) -> Result<()> { + fs::write(path, data)?; + Ok(()) +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/encode.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/encode.rs new file mode 100644 index 000000000000..28d7cba77e06 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/encode.rs @@ -0,0 +1,158 @@ +//! Trait definition for [`Encode`]. + +use crate::{Header, Length, Result, SliceWriter, Tagged, Writer}; +use core::marker::PhantomData; + +#[cfg(feature = "alloc")] +use {alloc::boxed::Box, alloc::vec::Vec, core::iter}; + +#[cfg(feature = "pem")] +use { + crate::PemWriter, + alloc::string::String, + pem_rfc7468::{self as pem, LineEnding, PemLabel}, +}; + +#[cfg(any(feature = "alloc", feature = "pem"))] +use crate::ErrorKind; + +#[cfg(doc)] +use crate::Tag; + +/// Encoding trait. +pub trait Encode { + /// Compute the length of this value in bytes when encoded as ASN.1 DER. + fn encoded_len(&self) -> Result; + + /// Encode this value as ASN.1 DER using the provided [`Writer`]. + fn encode(&self, encoder: &mut impl Writer) -> Result<()>; + + /// Encode this value to the provided byte slice, returning a sub-slice + /// containing the encoded message. + fn encode_to_slice<'a>(&self, buf: &'a mut [u8]) -> Result<&'a [u8]> { + let mut writer = SliceWriter::new(buf); + self.encode(&mut writer)?; + writer.finish() + } + + /// Encode this message as ASN.1 DER, appending it to the provided + /// byte vector. + #[cfg(feature = "alloc")] + fn encode_to_vec(&self, buf: &mut Vec) -> Result { + let expected_len = usize::try_from(self.encoded_len()?)?; + buf.reserve(expected_len); + buf.extend(iter::repeat(0).take(expected_len)); + + let mut writer = SliceWriter::new(buf); + self.encode(&mut writer)?; + let actual_len = writer.finish()?.len(); + + if expected_len != actual_len { + return Err(ErrorKind::Incomplete { + expected_len: expected_len.try_into()?, + actual_len: actual_len.try_into()?, + } + .into()); + } + + actual_len.try_into() + } + + /// Encode this type as DER, returning a byte vector. + #[cfg(feature = "alloc")] + fn to_der(&self) -> Result> { + let mut buf = Vec::new(); + self.encode_to_vec(&mut buf)?; + Ok(buf) + } +} + +impl Encode for T +where + T: EncodeValue + Tagged, +{ + /// Compute the length of this value in bytes when encoded as ASN.1 DER. + fn encoded_len(&self) -> Result { + self.value_len().and_then(|len| len.for_tlv()) + } + + /// Encode this value as ASN.1 DER using the provided [`Writer`]. + fn encode(&self, writer: &mut impl Writer) -> Result<()> { + self.header()?.encode(writer)?; + self.encode_value(writer) + } +} + +/// Dummy implementation for [`PhantomData`] which allows deriving +/// implementations on structs with phantom fields. +impl Encode for PhantomData +where + T: ?Sized, +{ + fn encoded_len(&self) -> Result { + Ok(Length::ZERO) + } + + fn encode(&self, _writer: &mut impl Writer) -> Result<()> { + Ok(()) + } +} + +/// PEM encoding trait. +/// +/// This trait is automatically impl'd for any type which impls both +/// [`Encode`] and [`PemLabel`]. +#[cfg(feature = "pem")] +pub trait EncodePem: Encode + PemLabel { + /// Try to encode this type as PEM. + fn to_pem(&self, line_ending: LineEnding) -> Result; +} + +#[cfg(feature = "pem")] +impl EncodePem for T { + fn to_pem(&self, line_ending: LineEnding) -> Result { + let der_len = usize::try_from(self.encoded_len()?)?; + let pem_len = pem::encapsulated_len(Self::PEM_LABEL, line_ending, der_len)?; + + let mut buf = vec![0u8; pem_len]; + let mut writer = PemWriter::new(Self::PEM_LABEL, line_ending, &mut buf)?; + self.encode(&mut writer)?; + + let actual_len = writer.finish()?; + buf.truncate(actual_len); + Ok(String::from_utf8(buf)?) + } +} + +/// Encode the value part of a Tag-Length-Value encoded field, sans the [`Tag`] +/// and [`Length`]. +pub trait EncodeValue { + /// Get the [`Header`] used to encode this value. + fn header(&self) -> Result
+ where + Self: Tagged, + { + Header::new(self.tag(), self.value_len()?) + } + + /// Compute the length of this value (sans [`Tag`]+[`Length`] header) when + /// encoded as ASN.1 DER. + fn value_len(&self) -> Result; + + /// Encode value (sans [`Tag`]+[`Length`] header) as ASN.1 DER using the + /// provided [`Writer`]. + fn encode_value(&self, encoder: &mut impl Writer) -> Result<()>; +} + +#[cfg(feature = "alloc")] +impl EncodeValue for Box +where + T: EncodeValue, +{ + fn value_len(&self) -> Result { + T::value_len(self) + } + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + T::encode_value(self, writer) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/encode_ref.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/encode_ref.rs new file mode 100644 index 000000000000..8a60a933fca0 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/encode_ref.rs @@ -0,0 +1,71 @@ +//! Wrapper object for encoding reference types. +// TODO(tarcieri): replace with blanket impls of `Encode(Value)` for reference types? + +use crate::{Encode, EncodeValue, Length, Result, Tag, Tagged, ValueOrd, Writer}; +use core::cmp::Ordering; + +/// Reference encoder: wrapper type which impls `Encode` for any reference to a +/// type which impls the same. +pub struct EncodeRef<'a, T>(pub &'a T); + +impl<'a, T> AsRef for EncodeRef<'a, T> { + fn as_ref(&self) -> &T { + self.0 + } +} + +impl<'a, T> Encode for EncodeRef<'a, T> +where + T: Encode, +{ + fn encoded_len(&self) -> Result { + self.0.encoded_len() + } + + fn encode(&self, writer: &mut impl Writer) -> Result<()> { + self.0.encode(writer) + } +} + +/// Reference value encoder: wrapper type which impls `EncodeValue` and `Tagged` +/// for any reference type which impls the same. +/// +/// By virtue of the blanket impl, this type also impls `Encode`. +pub struct EncodeValueRef<'a, T>(pub &'a T); + +impl<'a, T> AsRef for EncodeValueRef<'a, T> { + fn as_ref(&self) -> &T { + self.0 + } +} + +impl<'a, T> EncodeValue for EncodeValueRef<'a, T> +where + T: EncodeValue, +{ + fn value_len(&self) -> Result { + self.0.value_len() + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + self.0.encode_value(writer) + } +} + +impl<'a, T> Tagged for EncodeValueRef<'a, T> +where + T: Tagged, +{ + fn tag(&self) -> Tag { + self.0.tag() + } +} + +impl<'a, T> ValueOrd for EncodeValueRef<'a, T> +where + T: ValueOrd, +{ + fn value_cmp(&self, other: &Self) -> Result { + self.0.value_cmp(other.0) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/error.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/error.rs new file mode 100644 index 000000000000..902863d4986b --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/error.rs @@ -0,0 +1,369 @@ +//! Error types. + +pub use core::str::Utf8Error; + +use crate::{Length, Tag}; +use core::{convert::Infallible, fmt, num::TryFromIntError}; + +#[cfg(feature = "oid")] +use crate::asn1::ObjectIdentifier; + +#[cfg(feature = "pem")] +use crate::pem; + +/// Result type. +pub type Result = core::result::Result; + +/// Error type. +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct Error { + /// Kind of error. + kind: ErrorKind, + + /// Position inside of message where error occurred. + position: Option, +} + +impl Error { + /// Create a new [`Error`]. + pub fn new(kind: ErrorKind, position: Length) -> Error { + Error { + kind, + position: Some(position), + } + } + + /// Create a new [`ErrorKind::Incomplete`] for the given length. + /// + /// Computes the expected len as being one greater than `actual_len`. + pub fn incomplete(actual_len: Length) -> Self { + match actual_len + Length::ONE { + Ok(expected_len) => ErrorKind::Incomplete { + expected_len, + actual_len, + } + .at(actual_len), + Err(err) => err.kind().at(actual_len), + } + } + + /// Get the [`ErrorKind`] which occurred. + pub fn kind(self) -> ErrorKind { + self.kind + } + + /// Get the position inside of the message where the error occurred. + pub fn position(self) -> Option { + self.position + } + + /// For errors occurring inside of a nested message, extend the position + /// count by the location where the nested message occurs. + pub(crate) fn nested(self, nested_position: Length) -> Self { + // TODO(tarcieri): better handle length overflows occurring in this calculation? + let position = (nested_position + self.position.unwrap_or_default()).ok(); + + Self { + kind: self.kind, + position, + } + } +} + +#[cfg(feature = "std")] +impl std::error::Error for Error {} + +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "{}", self.kind)?; + + if let Some(pos) = self.position { + write!(f, " at DER byte {}", pos)?; + } + + Ok(()) + } +} + +impl From for Error { + fn from(kind: ErrorKind) -> Error { + Error { + kind, + position: None, + } + } +} + +impl From for Error { + fn from(_: Infallible) -> Error { + unreachable!() + } +} + +impl From for Error { + fn from(_: TryFromIntError) -> Error { + Error { + kind: ErrorKind::Overflow, + position: None, + } + } +} + +impl From for Error { + fn from(err: Utf8Error) -> Error { + Error { + kind: ErrorKind::Utf8(err), + position: None, + } + } +} + +#[cfg(feature = "alloc")] +impl From for Error { + fn from(err: alloc::string::FromUtf8Error) -> Error { + ErrorKind::Utf8(err.utf8_error()).into() + } +} + +#[cfg(feature = "oid")] +impl From for Error { + fn from(_: const_oid::Error) -> Error { + ErrorKind::OidMalformed.into() + } +} + +#[cfg(feature = "pem")] +impl From for Error { + fn from(err: pem::Error) -> Error { + ErrorKind::Pem(err).into() + } +} + +#[cfg(feature = "std")] +impl From for Error { + fn from(err: std::io::Error) -> Error { + match err.kind() { + std::io::ErrorKind::NotFound => ErrorKind::FileNotFound, + std::io::ErrorKind::PermissionDenied => ErrorKind::PermissionDenied, + other => ErrorKind::Io(other), + } + .into() + } +} + +#[cfg(feature = "time")] +impl From for Error { + fn from(_: time::error::ComponentRange) -> Error { + ErrorKind::DateTime.into() + } +} + +/// Error type. +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +#[non_exhaustive] +pub enum ErrorKind { + /// Date-and-time related errors. + DateTime, + + /// This error indicates a previous DER parsing operation resulted in + /// an error and tainted the state of a `Decoder` or `Encoder`. + /// + /// Once this occurs, the overall operation has failed and cannot be + /// subsequently resumed. + Failed, + + /// File not found error. + #[cfg(feature = "std")] + FileNotFound, + + /// Message is incomplete and does not contain all of the expected data. + Incomplete { + /// Expected message length. + /// + /// Note that this length represents a *minimum* lower bound on how + /// much additional data is needed to continue parsing the message. + /// + /// It's possible upon subsequent message parsing that the parser will + /// discover even more data is needed. + expected_len: Length, + + /// Actual length of the message buffer currently being processed. + actual_len: Length, + }, + + /// I/O errors. + #[cfg(feature = "std")] + Io(std::io::ErrorKind), + + /// Indefinite length disallowed. + IndefiniteLength, + + /// Incorrect length for a given field. + Length { + /// Tag of the value being decoded. + tag: Tag, + }, + + /// Message is not canonically encoded. + Noncanonical { + /// Tag of the value which is not canonically encoded. + tag: Tag, + }, + + /// OID is improperly encoded. + OidMalformed, + + /// Unknown OID. + /// + /// This error is intended to be used by libraries which parse DER-based + /// formats which encounter unknown or unsupported OID libraries. + /// + /// It enables passing back the OID value to the caller, which allows them + /// to determine which OID(s) are causing the error (and then potentially + /// contribute upstream support for algorithms they care about). + #[cfg(feature = "oid")] + OidUnknown { + /// OID value that was unrecognized by a parser for a DER-based format. + oid: ObjectIdentifier, + }, + + /// `SET` cannot contain duplicates. + SetDuplicate, + + /// `SET` ordering error: items not in canonical order. + SetOrdering, + + /// Integer overflow occurred (library bug!). + Overflow, + + /// Message is longer than this library's internal limits support. + Overlength, + + /// PEM encoding errors. + #[cfg(feature = "pem")] + Pem(pem::Error), + + /// Permission denied reading file. + #[cfg(feature = "std")] + PermissionDenied, + + /// Reader does not support the requested operation. + Reader, + + /// Unknown tag mode. + TagModeUnknown, + + /// Invalid tag number. + /// + /// The "tag number" is the lower 5-bits of a tag's octet. + /// This error occurs in the case that all 5-bits are set to `1`, + /// which indicates a multi-byte tag which is unsupported by this library. + TagNumberInvalid, + + /// Unexpected tag. + TagUnexpected { + /// Tag the decoder was expecting (if there is a single such tag). + /// + /// `None` if multiple tags are expected/allowed, but the `actual` tag + /// does not match any of them. + expected: Option, + + /// Actual tag encountered in the message. + actual: Tag, + }, + + /// Unknown/unsupported tag. + TagUnknown { + /// Raw byte value of the tag. + byte: u8, + }, + + /// Undecoded trailing data at end of message. + TrailingData { + /// Length of the decoded data. + decoded: Length, + + /// Total length of the remaining data left in the buffer. + remaining: Length, + }, + + /// UTF-8 errors. + Utf8(Utf8Error), + + /// Unexpected value. + Value { + /// Tag of the unexpected value. + tag: Tag, + }, +} + +impl ErrorKind { + /// Annotate an [`ErrorKind`] with context about where it occurred, + /// returning an error. + pub fn at(self, position: Length) -> Error { + Error::new(self, position) + } +} + +impl fmt::Display for ErrorKind { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + ErrorKind::DateTime => write!(f, "date/time error"), + ErrorKind::Failed => write!(f, "operation failed"), + #[cfg(feature = "std")] + ErrorKind::FileNotFound => write!(f, "file not found"), + ErrorKind::Incomplete { + expected_len, + actual_len, + } => write!( + f, + "ASN.1 DER message is incomplete: expected {}, actual {}", + expected_len, actual_len + ), + #[cfg(feature = "std")] + ErrorKind::Io(err) => write!(f, "I/O error: {:?}", err), + ErrorKind::IndefiniteLength => write!(f, "indefinite length disallowed"), + ErrorKind::Length { tag } => write!(f, "incorrect length for {}", tag), + ErrorKind::Noncanonical { tag } => { + write!(f, "ASN.1 {} not canonically encoded as DER", tag) + } + ErrorKind::OidMalformed => write!(f, "malformed OID"), + #[cfg(feature = "oid")] + ErrorKind::OidUnknown { oid } => { + write!(f, "unknown/unsupported OID: {}", oid) + } + ErrorKind::SetDuplicate => write!(f, "SET OF contains duplicate"), + ErrorKind::SetOrdering => write!(f, "SET OF ordering error"), + ErrorKind::Overflow => write!(f, "integer overflow"), + ErrorKind::Overlength => write!(f, "ASN.1 DER message is too long"), + #[cfg(feature = "pem")] + ErrorKind::Pem(e) => write!(f, "PEM error: {}", e), + #[cfg(feature = "std")] + ErrorKind::PermissionDenied => write!(f, "permission denied"), + ErrorKind::Reader => write!(f, "reader does not support the requested operation"), + ErrorKind::TagModeUnknown => write!(f, "unknown tag mode"), + ErrorKind::TagNumberInvalid => write!(f, "invalid tag number"), + ErrorKind::TagUnexpected { expected, actual } => { + write!(f, "unexpected ASN.1 DER tag: ")?; + + if let Some(tag) = expected { + write!(f, "expected {}, ", tag)?; + } + + write!(f, "got {}", actual) + } + ErrorKind::TagUnknown { byte } => { + write!(f, "unknown/unsupported ASN.1 DER tag: 0x{:02x}", byte) + } + ErrorKind::TrailingData { decoded, remaining } => { + write!( + f, + "trailing data at end of DER message: decoded {} bytes, {} bytes remaining", + decoded, remaining + ) + } + ErrorKind::Utf8(e) => write!(f, "{}", e), + ErrorKind::Value { tag } => write!(f, "malformed ASN.1 DER value for {}", tag), + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/header.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/header.rs new file mode 100644 index 000000000000..ad303810c02a --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/header.rs @@ -0,0 +1,60 @@ +//! ASN.1 DER headers. + +use crate::{Decode, DerOrd, Encode, ErrorKind, Length, Reader, Result, Tag, Writer}; +use core::cmp::Ordering; + +/// ASN.1 DER headers: tag + length component of TLV-encoded values +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +pub struct Header { + /// Tag representing the type of the encoded value + pub tag: Tag, + + /// Length of the encoded value + pub length: Length, +} + +impl Header { + /// Create a new [`Header`] from a [`Tag`] and a specified length. + /// + /// Returns an error if the length exceeds the limits of [`Length`]. + pub fn new(tag: Tag, length: impl TryInto) -> Result { + let length = length.try_into().map_err(|_| ErrorKind::Overflow)?; + Ok(Self { tag, length }) + } +} + +impl<'a> Decode<'a> for Header { + fn decode>(reader: &mut R) -> Result
{ + let tag = Tag::decode(reader)?; + + let length = Length::decode(reader).map_err(|e| { + if e.kind() == ErrorKind::Overlength { + ErrorKind::Length { tag }.into() + } else { + e + } + })?; + + Ok(Self { tag, length }) + } +} + +impl Encode for Header { + fn encoded_len(&self) -> Result { + self.tag.encoded_len()? + self.length.encoded_len()? + } + + fn encode(&self, writer: &mut impl Writer) -> Result<()> { + self.tag.encode(writer)?; + self.length.encode(writer) + } +} + +impl DerOrd for Header { + fn der_cmp(&self, other: &Self) -> Result { + match self.tag.der_cmp(&other.tag)? { + Ordering::Equal => self.length.der_cmp(&other.length), + ordering => Ok(ordering), + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/length.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/length.rs new file mode 100644 index 000000000000..d183a69feab7 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/length.rs @@ -0,0 +1,514 @@ +//! Length calculations for encoded ASN.1 DER values + +use crate::{Decode, DerOrd, Encode, Error, ErrorKind, Reader, Result, SliceWriter, Writer}; +use core::{ + cmp::Ordering, + fmt, + ops::{Add, Sub}, +}; + +/// Maximum number of octets in a DER encoding of a [`Length`] using the +/// rules implemented by this crate. +const MAX_DER_OCTETS: usize = 5; + +/// Maximum length as a `u32` (256 MiB). +const MAX_U32: u32 = 0xfff_ffff; + +/// Octet identifying an indefinite length as described in X.690 Section +/// 8.1.3.6.1: +/// +/// > The single octet shall have bit 8 set to one, and bits 7 to +/// > 1 set to zero. +const INDEFINITE_LENGTH_OCTET: u8 = 0b10000000; // 0x80 + +/// ASN.1-encoded length. +/// +/// Maximum length is defined by the [`Length::MAX`] constant (256 MiB). +#[derive(Copy, Clone, Debug, Default, Eq, PartialEq, PartialOrd, Ord)] +pub struct Length(u32); + +impl Length { + /// Length of `0` + pub const ZERO: Self = Self(0); + + /// Length of `1` + pub const ONE: Self = Self(1); + + /// Maximum length currently supported: 256 MiB + pub const MAX: Self = Self(MAX_U32); + + /// Create a new [`Length`] for any value which fits inside of a [`u16`]. + /// + /// This function is const-safe and therefore useful for [`Length`] constants. + pub const fn new(value: u16) -> Self { + Self(value as u32) + } + + /// Is this length equal to zero? + pub fn is_zero(self) -> bool { + self == Self::ZERO + } + + /// Get the length of DER Tag-Length-Value (TLV) encoded data if `self` + /// is the length of the inner "value" portion of the message. + pub fn for_tlv(self) -> Result { + Self::ONE + self.encoded_len()? + self + } + + /// Perform saturating addition of two lengths. + pub fn saturating_add(self, rhs: Self) -> Self { + Self(self.0.saturating_add(rhs.0)) + } + + /// Perform saturating subtraction of two lengths. + pub fn saturating_sub(self, rhs: Self) -> Self { + Self(self.0.saturating_sub(rhs.0)) + } + + /// Get initial octet of the encoded length (if one is required). + /// + /// From X.690 Section 8.1.3.5: + /// > In the long form, the length octets shall consist of an initial octet + /// > and one or more subsequent octets. The initial octet shall be encoded + /// > as follows: + /// > + /// > a) bit 8 shall be one; + /// > b) bits 7 to 1 shall encode the number of subsequent octets in the + /// > length octets, as an unsigned binary integer with bit 7 as the + /// > most significant bit; + /// > c) the value 11111111₂ shall not be used. + fn initial_octet(self) -> Option { + match self.0 { + 0x80..=0xFF => Some(0x81), + 0x100..=0xFFFF => Some(0x82), + 0x10000..=0xFFFFFF => Some(0x83), + 0x1000000..=MAX_U32 => Some(0x84), + _ => None, + } + } +} + +impl Add for Length { + type Output = Result; + + fn add(self, other: Self) -> Result { + self.0 + .checked_add(other.0) + .ok_or_else(|| ErrorKind::Overflow.into()) + .and_then(TryInto::try_into) + } +} + +impl Add for Length { + type Output = Result; + + fn add(self, other: u8) -> Result { + self + Length::from(other) + } +} + +impl Add for Length { + type Output = Result; + + fn add(self, other: u16) -> Result { + self + Length::from(other) + } +} + +impl Add for Length { + type Output = Result; + + fn add(self, other: u32) -> Result { + self + Length::try_from(other)? + } +} + +impl Add for Length { + type Output = Result; + + fn add(self, other: usize) -> Result { + self + Length::try_from(other)? + } +} + +impl Add for Result { + type Output = Self; + + fn add(self, other: Length) -> Self { + self? + other + } +} + +impl Sub for Length { + type Output = Result; + + fn sub(self, other: Length) -> Result { + self.0 + .checked_sub(other.0) + .ok_or_else(|| ErrorKind::Overflow.into()) + .and_then(TryInto::try_into) + } +} + +impl Sub for Result { + type Output = Self; + + fn sub(self, other: Length) -> Self { + self? - other + } +} + +impl From for Length { + fn from(len: u8) -> Length { + Length(len.into()) + } +} + +impl From for Length { + fn from(len: u16) -> Length { + Length(len.into()) + } +} + +impl From for u32 { + fn from(length: Length) -> u32 { + length.0 + } +} + +impl TryFrom for Length { + type Error = Error; + + fn try_from(len: u32) -> Result { + if len <= Self::MAX.0 { + Ok(Length(len)) + } else { + Err(ErrorKind::Overflow.into()) + } + } +} + +impl TryFrom for Length { + type Error = Error; + + fn try_from(len: usize) -> Result { + u32::try_from(len) + .map_err(|_| ErrorKind::Overflow)? + .try_into() + } +} + +impl TryFrom for usize { + type Error = Error; + + fn try_from(len: Length) -> Result { + len.0.try_into().map_err(|_| ErrorKind::Overflow.into()) + } +} + +impl<'a> Decode<'a> for Length { + fn decode>(reader: &mut R) -> Result { + match reader.read_byte()? { + // Note: per X.690 Section 8.1.3.6.1 the byte 0x80 encodes indefinite + // lengths, which are not allowed in DER, so disallow that byte. + len if len < INDEFINITE_LENGTH_OCTET => Ok(len.into()), + INDEFINITE_LENGTH_OCTET => Err(ErrorKind::IndefiniteLength.into()), + // 1-4 byte variable-sized length prefix + tag @ 0x81..=0x84 => { + let nbytes = tag.checked_sub(0x80).ok_or(ErrorKind::Overlength)? as usize; + debug_assert!(nbytes <= 4); + + let mut decoded_len = 0u32; + for _ in 0..nbytes { + decoded_len = decoded_len.checked_shl(8).ok_or(ErrorKind::Overflow)? + | u32::from(reader.read_byte()?); + } + + let length = Length::try_from(decoded_len)?; + + // X.690 Section 10.1: DER lengths must be encoded with a minimum + // number of octets + if length.initial_octet() == Some(tag) { + Ok(length) + } else { + Err(ErrorKind::Overlength.into()) + } + } + _ => { + // We specialize to a maximum 4-byte length (including initial octet) + Err(ErrorKind::Overlength.into()) + } + } + } +} + +impl Encode for Length { + fn encoded_len(&self) -> Result { + match self.0 { + 0..=0x7F => Ok(Length(1)), + 0x80..=0xFF => Ok(Length(2)), + 0x100..=0xFFFF => Ok(Length(3)), + 0x10000..=0xFFFFFF => Ok(Length(4)), + 0x1000000..=MAX_U32 => Ok(Length(5)), + _ => Err(ErrorKind::Overflow.into()), + } + } + + fn encode(&self, writer: &mut impl Writer) -> Result<()> { + match self.initial_octet() { + Some(tag_byte) => { + writer.write_byte(tag_byte)?; + + // Strip leading zeroes + match self.0.to_be_bytes() { + [0, 0, 0, byte] => writer.write_byte(byte), + [0, 0, bytes @ ..] => writer.write(&bytes), + [0, bytes @ ..] => writer.write(&bytes), + bytes => writer.write(&bytes), + } + } + #[allow(clippy::cast_possible_truncation)] + None => writer.write_byte(self.0 as u8), + } + } +} + +impl DerOrd for Length { + fn der_cmp(&self, other: &Self) -> Result { + let mut buf1 = [0u8; MAX_DER_OCTETS]; + let mut buf2 = [0u8; MAX_DER_OCTETS]; + + let mut encoder1 = SliceWriter::new(&mut buf1); + encoder1.encode(self)?; + + let mut encoder2 = SliceWriter::new(&mut buf2); + encoder2.encode(other)?; + + Ok(encoder1.finish()?.cmp(encoder2.finish()?)) + } +} + +impl fmt::Display for Length { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + self.0.fmt(f) + } +} + +// Implement by hand because the derive would create invalid values. +// Generate a u32 with a valid range. +#[cfg(feature = "arbitrary")] +impl<'a> arbitrary::Arbitrary<'a> for Length { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + Ok(Self(u.int_in_range(0..=MAX_U32)?)) + } + + fn size_hint(depth: usize) -> (usize, Option) { + u32::size_hint(depth) + } +} + +/// Length type with support for indefinite lengths as used by ASN.1 BER, +/// as described in X.690 Section 8.1.3.6: +/// +/// > 8.1.3.6 For the indefinite form, the length octets indicate that the +/// > contents octets are terminated by end-of-contents +/// > octets (see 8.1.5), and shall consist of a single octet. +/// > +/// > 8.1.3.6.1 The single octet shall have bit 8 set to one, and bits 7 to +/// > 1 set to zero. +/// > +/// > 8.1.3.6.2 If this form of length is used, then end-of-contents octets +/// > (see 8.1.5) shall be present in the encoding following the contents +/// > octets. +/// +/// Indefinite lengths are non-canonical and therefore invalid DER, however +/// there are interoperability corner cases where we have little choice but to +/// tolerate some BER productions where this is helpful. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct IndefiniteLength(Option); + +impl IndefiniteLength { + /// Length of `0`. + pub const ZERO: Self = Self(Some(Length::ZERO)); + + /// Length of `1`. + pub const ONE: Self = Self(Some(Length::ONE)); + + /// Indefinite length. + pub const INDEFINITE: Self = Self(None); +} + +impl IndefiniteLength { + /// Create a definite length from a type which can be converted into a + /// `Length`. + pub fn new(length: impl Into) -> Self { + Self(Some(length.into())) + } + + /// Is this length definite? + pub fn is_definite(self) -> bool { + self.0.is_some() + } + /// Is this length indefinite? + pub fn is_indefinite(self) -> bool { + self.0.is_none() + } +} + +impl<'a> Decode<'a> for IndefiniteLength { + fn decode>(reader: &mut R) -> Result { + if reader.peek_byte() == Some(INDEFINITE_LENGTH_OCTET) { + // Consume the byte we already peeked at. + let byte = reader.read_byte()?; + debug_assert_eq!(byte, INDEFINITE_LENGTH_OCTET); + + Ok(Self::INDEFINITE) + } else { + Length::decode(reader).map(Into::into) + } + } +} + +impl Encode for IndefiniteLength { + fn encoded_len(&self) -> Result { + match self.0 { + Some(length) => length.encoded_len(), + None => Ok(Length::ONE), + } + } + + fn encode(&self, writer: &mut impl Writer) -> Result<()> { + match self.0 { + Some(length) => length.encode(writer), + None => writer.write_byte(INDEFINITE_LENGTH_OCTET), + } + } +} + +impl From for IndefiniteLength { + fn from(length: Length) -> IndefiniteLength { + Self(Some(length)) + } +} + +impl From> for IndefiniteLength { + fn from(length: Option) -> IndefiniteLength { + IndefiniteLength(length) + } +} + +impl From for Option { + fn from(length: IndefiniteLength) -> Option { + length.0 + } +} + +impl TryFrom for Length { + type Error = Error; + + fn try_from(length: IndefiniteLength) -> Result { + length.0.ok_or_else(|| ErrorKind::IndefiniteLength.into()) + } +} + +#[cfg(test)] +mod tests { + use super::{IndefiniteLength, Length}; + use crate::{Decode, DerOrd, Encode, ErrorKind}; + use core::cmp::Ordering; + + #[test] + fn decode() { + assert_eq!(Length::ZERO, Length::from_der(&[0x00]).unwrap()); + + assert_eq!(Length::from(0x7Fu8), Length::from_der(&[0x7F]).unwrap()); + + assert_eq!( + Length::from(0x80u8), + Length::from_der(&[0x81, 0x80]).unwrap() + ); + + assert_eq!( + Length::from(0xFFu8), + Length::from_der(&[0x81, 0xFF]).unwrap() + ); + + assert_eq!( + Length::from(0x100u16), + Length::from_der(&[0x82, 0x01, 0x00]).unwrap() + ); + + assert_eq!( + Length::try_from(0x10000u32).unwrap(), + Length::from_der(&[0x83, 0x01, 0x00, 0x00]).unwrap() + ); + } + + #[test] + fn encode() { + let mut buffer = [0u8; 4]; + + assert_eq!(&[0x00], Length::ZERO.encode_to_slice(&mut buffer).unwrap()); + + assert_eq!( + &[0x7F], + Length::from(0x7Fu8).encode_to_slice(&mut buffer).unwrap() + ); + + assert_eq!( + &[0x81, 0x80], + Length::from(0x80u8).encode_to_slice(&mut buffer).unwrap() + ); + + assert_eq!( + &[0x81, 0xFF], + Length::from(0xFFu8).encode_to_slice(&mut buffer).unwrap() + ); + + assert_eq!( + &[0x82, 0x01, 0x00], + Length::from(0x100u16).encode_to_slice(&mut buffer).unwrap() + ); + + assert_eq!( + &[0x83, 0x01, 0x00, 0x00], + Length::try_from(0x10000u32) + .unwrap() + .encode_to_slice(&mut buffer) + .unwrap() + ); + } + + #[test] + fn indefinite_lengths() { + // DER disallows indefinite lengths + assert!(Length::from_der(&[0x80]).is_err()); + + // The `IndefiniteLength` type supports them + let indefinite_length = IndefiniteLength::from_der(&[0x80]).unwrap(); + assert!(indefinite_length.is_indefinite()); + assert_eq!(indefinite_length, IndefiniteLength::INDEFINITE); + + // It also supports definite lengths. + let length = IndefiniteLength::from_der(&[0x83, 0x01, 0x00, 0x00]).unwrap(); + assert!(length.is_definite()); + assert_eq!( + Length::try_from(0x10000u32).unwrap(), + length.try_into().unwrap() + ); + } + + #[test] + fn add_overflows_when_max_length_exceeded() { + let result = Length::MAX + Length::ONE; + assert_eq!( + result.err().map(|err| err.kind()), + Some(ErrorKind::Overflow) + ); + } + + #[test] + fn der_ord() { + assert_eq!(Length::ONE.der_cmp(&Length::MAX).unwrap(), Ordering::Less); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/lib.rs new file mode 100644 index 000000000000..dcd5097d4b52 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/lib.rs @@ -0,0 +1,402 @@ +#![no_std] +#![cfg_attr(docsrs, feature(doc_auto_cfg))] +#![doc = include_str!("../README.md")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![forbid(unsafe_code)] +#![warn( + clippy::cast_lossless, + clippy::cast_possible_truncation, + clippy::cast_possible_wrap, + clippy::cast_precision_loss, + clippy::cast_sign_loss, + clippy::checked_conversions, + clippy::implicit_saturating_sub, + clippy::integer_arithmetic, + clippy::mod_module_files, + clippy::panic, + clippy::panic_in_result_fn, + clippy::unwrap_used, + missing_docs, + rust_2018_idioms, + unused_lifetimes, + unused_qualifications +)] + +//! # Usage +//! ## [`Decode`] and [`Encode`] traits +//! The [`Decode`] and [`Encode`] traits provide the decoding/encoding API +//! respectively, and are designed to work in conjunction with concrete ASN.1 +//! types, including all types which impl the [`Sequence`] trait. +//! +//! The traits are impl'd for the following Rust core types: +//! - `()`: ASN.1 `NULL`. See also [`Null`]. +//! - [`bool`]: ASN.1 `BOOLEAN`. +//! - [`i8`], [`i16`], [`i32`], [`i64`], [`i128`]: ASN.1 `INTEGER`. +//! - [`u8`], [`u16`], [`u32`], [`u64`], [`u128`]: ASN.1 `INTEGER`. +//! - [`f64`]: ASN.1 `REAL` (gated on `real` crate feature) +//! - [`str`], [`String`][`alloc::string::String`]: ASN.1 `UTF8String`. +//! `String` requires `alloc` feature. See also [`Utf8StringRef`]. +//! - [`Option`]: ASN.1 `OPTIONAL`. +//! - [`SystemTime`][`std::time::SystemTime`]: ASN.1 `GeneralizedTime`. Requires `std` feature. +//! - [`Vec`][`alloc::vec::Vec`]: ASN.1 `SEQUENCE OF`. Requires `alloc` feature. +//! - `[T; N]`: ASN.1 `SEQUENCE OF`. See also [`SequenceOf`]. +//! +//! The following ASN.1 types provided by this crate also impl these traits: +//! - [`Any`], [`AnyRef`]: ASN.1 `ANY`. +//! - [`BitString`], [`BitStringRef`]: ASN.1 `BIT STRING` +//! - [`GeneralizedTime`]: ASN.1 `GeneralizedTime`. +//! - [`Ia5StringRef`]: ASN.1 `IA5String`. +//! - [`Null`]: ASN.1 `NULL`. +//! - [`ObjectIdentifier`]: ASN.1 `OBJECT IDENTIFIER`. +//! - [`OctetString`], [`OctetStringRef`]: ASN.1 `OCTET STRING`. +//! - [`PrintableStringRef`]: ASN.1 `PrintableString` (ASCII subset). +//! - [`TeletexStringRef`]: ASN.1 `TeletexString`. +//! - [`VideotexStringRef`]: ASN.1 `VideotexString`. +//! - [`SequenceOf`]: ASN.1 `SEQUENCE OF`. +//! - [`SetOf`], [`SetOfVec`]: ASN.1 `SET OF`. +//! - [`UintRef`]: ASN.1 unsigned `INTEGER` with raw access to encoded bytes. +//! - [`UtcTime`]: ASN.1 `UTCTime`. +//! - [`Utf8StringRef`]: ASN.1 `UTF8String`. +//! +//! Context specific fields can be modeled using these generic types: +//! - [`ContextSpecific`]: decoder/encoder for owned context-specific fields +//! - [`ContextSpecificRef`]: encode-only type for references to context-specific fields +//! +//! ## Example +//! The following example implements X.509's `AlgorithmIdentifier` message type +//! as defined in [RFC 5280 Section 4.1.1.2]. +//! +//! The ASN.1 schema for this message type is as follows: +//! +//! ```text +//! AlgorithmIdentifier ::= SEQUENCE { +//! algorithm OBJECT IDENTIFIER, +//! parameters ANY DEFINED BY algorithm OPTIONAL } +//! ``` +//! +//! Structured ASN.1 messages are typically encoded as a `SEQUENCE`, which +//! this crate maps to a Rust struct using the [`Sequence`] trait. This +//! trait is bounded on the [`Decode`] trait and provides a blanket impl +//! of the [`Encode`] trait, so any type which impls [`Sequence`] can be +//! used for both decoding and encoding. +//! +//! The following code example shows how to define a struct which maps to the +//! above schema, as well as impl the [`Sequence`] trait for that struct: +//! +//! ``` +//! # #[cfg(all(feature = "alloc", feature = "oid"))] +//! # { +//! // Note: the following example does not require the `std` feature at all. +//! // It does leverage the `alloc` feature, but also provides instructions for +//! // "heapless" usage when the `alloc` feature is disabled. +//! use der::{ +//! asn1::{AnyRef, ObjectIdentifier}, +//! DecodeValue, Decode, SliceReader, Encode, Header, Reader, Sequence +//! }; +//! +//! /// X.509 `AlgorithmIdentifier`. +//! #[derive(Copy, Clone, Debug, Eq, PartialEq)] +//! pub struct AlgorithmIdentifier<'a> { +//! /// This field contains an ASN.1 `OBJECT IDENTIFIER`, a.k.a. OID. +//! pub algorithm: ObjectIdentifier, +//! +//! /// This field is `OPTIONAL` and contains the ASN.1 `ANY` type, which +//! /// in this example allows arbitrary algorithm-defined parameters. +//! pub parameters: Option> +//! } +//! +//! impl<'a> DecodeValue<'a> for AlgorithmIdentifier<'a> { +//! fn decode_value>(reader: &mut R, _header: Header) -> der::Result { +//! // The `der::Decoder::Decode` method can be used to decode any +//! // type which impls the `Decode` trait, which is impl'd for +//! // all of the ASN.1 built-in types in the `der` crate. +//! // +//! // Note that if your struct's fields don't contain an ASN.1 +//! // built-in type specifically, there are also helper methods +//! // for all of the built-in types supported by this library +//! // which can be used to select a specific type. +//! // +//! // For example, another way of decoding this particular field, +//! // which contains an ASN.1 `OBJECT IDENTIFIER`, is by calling +//! // `decoder.oid()`. Similar methods are defined for other +//! // ASN.1 built-in types. +//! let algorithm = reader.decode()?; +//! +//! // This field contains an ASN.1 `OPTIONAL` type. The `der` crate +//! // maps this directly to Rust's `Option` type and provides +//! // impls of the `Decode` and `Encode` traits for `Option`. +//! // To explicitly request an `OPTIONAL` type be decoded, use the +//! // `decoder.optional()` method. +//! let parameters = reader.decode()?; +//! +//! // The value returned from the provided `FnOnce` will be +//! // returned from the `any.sequence(...)` call above. +//! // Note that the entire sequence body *MUST* be consumed +//! // or an error will be returned. +//! Ok(Self { algorithm, parameters }) +//! } +//! } +//! +//! impl<'a> ::der::EncodeValue for AlgorithmIdentifier<'a> { +//! fn value_len(&self) -> ::der::Result<::der::Length> { +//! self.algorithm.encoded_len()? + self.parameters.encoded_len()? +//! } +//! +//! fn encode_value(&self, writer: &mut impl ::der::Writer) -> ::der::Result<()> { +//! self.algorithm.encode(writer)?; +//! self.parameters.encode(writer)?; +//! Ok(()) +//! } +//! } +//! +//! impl<'a> Sequence<'a> for AlgorithmIdentifier<'a> {} +//! +//! // Example parameters value: OID for the NIST P-256 elliptic curve. +//! let parameters = "1.2.840.10045.3.1.7".parse::().unwrap(); +//! +//! // We need to convert `parameters` into an `Any<'a>` type, which wraps a +//! // `&'a [u8]` byte slice. +//! // +//! // To do that, we need owned DER-encoded data so that we can have +//! // `AnyRef` borrow a reference to it, so we have to serialize the OID. +//! // +//! // When the `alloc` feature of this crate is enabled, any type that impls +//! // the `Encode` trait including all ASN.1 built-in types and any type +//! // which impls `Sequence` can be serialized by calling `Encode::to_der()`. +//! // +//! // If you would prefer to avoid allocations, you can create a byte array +//! // as backing storage instead, pass that to `der::Encoder::new`, and then +//! // encode the `parameters` value using `encoder.encode(parameters)`. +//! let der_encoded_parameters = parameters.to_der().unwrap(); +//! +//! let algorithm_identifier = AlgorithmIdentifier { +//! // OID for `id-ecPublicKey`, if you're curious +//! algorithm: "1.2.840.10045.2.1".parse().unwrap(), +//! +//! // `Any<'a>` impls `TryFrom<&'a [u8]>`, which parses the provided +//! // slice as an ASN.1 DER-encoded message. +//! parameters: Some(der_encoded_parameters.as_slice().try_into().unwrap()) +//! }; +//! +//! // Serialize the `AlgorithmIdentifier` created above as ASN.1 DER, +//! // allocating a `Vec` for storage. +//! // +//! // As mentioned earlier, if you don't have the `alloc` feature enabled you +//! // can create a fix-sized array instead, then call `Encoder::new` with a +//! // reference to it, then encode the message using +//! // `encoder.encode(algorithm_identifier)`, then finally `encoder.finish()` +//! // to obtain a byte slice containing the encoded message. +//! let der_encoded_algorithm_identifier = algorithm_identifier.to_der().unwrap(); +//! +//! // Deserialize the `AlgorithmIdentifier` we just serialized from ASN.1 DER +//! // using `der::Decode::from_bytes`. +//! let decoded_algorithm_identifier = AlgorithmIdentifier::from_der( +//! &der_encoded_algorithm_identifier +//! ).unwrap(); +//! +//! // Ensure the original `AlgorithmIdentifier` is the same as the one we just +//! // decoded from ASN.1 DER. +//! assert_eq!(algorithm_identifier, decoded_algorithm_identifier); +//! # } +//! ``` +//! +//! ## Custom derive support +//! When the `derive` feature of this crate is enabled, the following custom +//! derive macros are available: +//! +//! - [`Choice`]: derive for `CHOICE` enum (see [`der_derive::Choice`]) +//! - [`Enumerated`]: derive for `ENUMERATED` enum (see [`der_derive::Enumerated`]) +//! - [`Sequence`]: derive for `SEQUENCE` struct (see [`der_derive::Sequence`]) +//! +//! ### Derive [`Sequence`] for struct +//! The following is a code example of how to use the [`Sequence`] custom derive: +//! +//! ``` +//! # #[cfg(all(feature = "alloc", feature = "derive", feature = "oid"))] +//! # { +//! use der::{asn1::{AnyRef, ObjectIdentifier}, Encode, Decode, Sequence}; +//! +//! /// X.509 `AlgorithmIdentifier` (same as above) +//! #[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence)] // NOTE: added `Sequence` +//! pub struct AlgorithmIdentifier<'a> { +//! /// This field contains an ASN.1 `OBJECT IDENTIFIER`, a.k.a. OID. +//! pub algorithm: ObjectIdentifier, +//! +//! /// This field is `OPTIONAL` and contains the ASN.1 `ANY` type, which +//! /// in this example allows arbitrary algorithm-defined parameters. +//! pub parameters: Option> +//! } +//! +//! // Example parameters value: OID for the NIST P-256 elliptic curve. +//! let parameters_oid = "1.2.840.10045.3.1.7".parse::().unwrap(); +//! +//! let algorithm_identifier = AlgorithmIdentifier { +//! // OID for `id-ecPublicKey`, if you're curious +//! algorithm: "1.2.840.10045.2.1".parse().unwrap(), +//! +//! // `Any<'a>` impls `From<&'a ObjectIdentifier>`, allowing OID constants to +//! // be directly converted to an `AnyRef` type for this use case. +//! parameters: Some(AnyRef::from(¶meters_oid)) +//! }; +//! +//! // Encode +//! let der_encoded_algorithm_identifier = algorithm_identifier.to_der().unwrap(); +//! +//! // Decode +//! let decoded_algorithm_identifier = AlgorithmIdentifier::from_der( +//! &der_encoded_algorithm_identifier +//! ).unwrap(); +//! +//! assert_eq!(algorithm_identifier, decoded_algorithm_identifier); +//! # } +//! ``` +//! +//! For fields which don't directly impl [`Decode`] and [`Encode`], +//! you can add annotations to convert to an intermediate ASN.1 type +//! first, so long as that type impls `TryFrom` and `Into` for the +//! ASN.1 type. +//! +//! For example, structs containing `&'a [u8]` fields may want them encoded +//! as either a `BIT STRING` or `OCTET STRING`. By using the +//! `#[asn1(type = "BIT STRING")]` annotation it's possible to select which +//! ASN.1 type should be used. +//! +//! Building off the above example: +//! +//! ```rust +//! # #[cfg(all(feature = "alloc", feature = "derive", feature = "oid"))] +//! # { +//! # use der::{asn1::{AnyRef, BitStringRef, ObjectIdentifier}, Sequence}; +//! # +//! # #[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence)] +//! # pub struct AlgorithmIdentifier<'a> { +//! # pub algorithm: ObjectIdentifier, +//! # pub parameters: Option> +//! # } +//! /// X.509 `SubjectPublicKeyInfo` (SPKI) +//! #[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence)] +//! pub struct SubjectPublicKeyInfo<'a> { +//! /// X.509 `AlgorithmIdentifier` +//! pub algorithm: AlgorithmIdentifier<'a>, +//! +//! /// Public key data +//! pub subject_public_key: BitStringRef<'a>, +//! } +//! # } +//! ``` +//! +//! # See also +//! For more information about ASN.1 DER we recommend the following guides: +//! +//! - [A Layman's Guide to a Subset of ASN.1, BER, and DER] (RSA Laboratories) +//! - [A Warm Welcome to ASN.1 and DER] (Let's Encrypt) +//! +//! [RFC 5280 Section 4.1.1.2]: https://tools.ietf.org/html/rfc5280#section-4.1.1.2 +//! [A Layman's Guide to a Subset of ASN.1, BER, and DER]: https://luca.ntop.org/Teaching/Appunti/asn1.html +//! [A Warm Welcome to ASN.1 and DER]: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/ +//! +//! [`Any`]: asn1::Any +//! [`AnyRef`]: asn1::AnyRef +//! [`ContextSpecific`]: asn1::ContextSpecific +//! [`ContextSpecificRef`]: asn1::ContextSpecificRef +//! [`BitString`]: asn1::BitString +//! [`BitStringRef`]: asn1::BitStringRef +//! [`GeneralizedTime`]: asn1::GeneralizedTime +//! [`Ia5StringRef`]: asn1::Ia5StringRef +//! [`Null`]: asn1::Null +//! [`ObjectIdentifier`]: asn1::ObjectIdentifier +//! [`OctetString`]: asn1::OctetString +//! [`OctetStringRef`]: asn1::OctetStringRef +//! [`PrintableStringRef`]: asn1::PrintableStringRef +//! [`TeletexStringRef`]: asn1::TeletexStringRef +//! [`VideotexStringRef`]: asn1::VideotexStringRef +//! [`SequenceOf`]: asn1::SequenceOf +//! [`SetOf`]: asn1::SetOf +//! [`SetOfVec`]: asn1::SetOfVec +//! [`UintRef`]: asn1::UintRef +//! [`UtcTime`]: asn1::UtcTime +//! [`Utf8StringRef`]: asn1::Utf8StringRef + +#[cfg(feature = "alloc")] +#[allow(unused_imports)] +#[macro_use] +extern crate alloc; +#[cfg(feature = "std")] +extern crate std; + +pub mod asn1; +pub mod referenced; + +pub(crate) mod arrayvec; +mod bytes_ref; +mod datetime; +mod decode; +mod encode; +mod encode_ref; +mod error; +mod header; +mod length; +mod ord; +mod reader; +mod str_ref; +mod tag; +mod writer; + +#[cfg(feature = "alloc")] +mod bytes_owned; +#[cfg(feature = "alloc")] +mod document; +#[cfg(feature = "alloc")] +mod str_owned; + +pub use crate::{ + asn1::{AnyRef, Choice, Sequence}, + datetime::DateTime, + decode::{Decode, DecodeOwned, DecodeValue}, + encode::{Encode, EncodeValue}, + encode_ref::{EncodeRef, EncodeValueRef}, + error::{Error, ErrorKind, Result}, + header::Header, + length::{IndefiniteLength, Length}, + ord::{DerOrd, ValueOrd}, + reader::{nested::NestedReader, slice::SliceReader, Reader}, + tag::{Class, FixedTag, Tag, TagMode, TagNumber, Tagged}, + writer::{slice::SliceWriter, Writer}, +}; + +#[cfg(feature = "alloc")] +pub use crate::{asn1::Any, document::Document}; + +#[cfg(feature = "bigint")] +pub use crypto_bigint as bigint; + +#[cfg(feature = "derive")] +pub use der_derive::{Choice, Enumerated, Sequence, ValueOrd}; + +#[cfg(feature = "flagset")] +pub use flagset; + +#[cfg(feature = "oid")] +pub use const_oid as oid; + +#[cfg(feature = "pem")] +pub use { + crate::{decode::DecodePem, encode::EncodePem, reader::pem::PemReader, writer::pem::PemWriter}, + pem_rfc7468 as pem, +}; + +#[cfg(feature = "time")] +pub use time; + +#[cfg(feature = "zeroize")] +pub use zeroize; + +#[cfg(all(feature = "alloc", feature = "zeroize"))] +pub use crate::document::SecretDocument; + +pub(crate) use crate::{arrayvec::ArrayVec, bytes_ref::BytesRef, str_ref::StrRef}; +#[cfg(feature = "alloc")] +pub(crate) use crate::{bytes_owned::BytesOwned, str_owned::StrOwned}; diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/ord.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/ord.rs new file mode 100644 index 000000000000..42d462340b42 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/ord.rs @@ -0,0 +1,85 @@ +//! Ordering trait. + +use crate::{EncodeValue, Result, Tagged}; +use core::{cmp::Ordering, marker::PhantomData}; + +/// DER ordering trait. +/// +/// Compares the ordering of two values based on their ASN.1 DER +/// serializations. +/// +/// This is used by the DER encoding for `SET OF` in order to establish an +/// ordering for the elements of sets. +pub trait DerOrd { + /// Return an [`Ordering`] between `self` and `other` when serialized as + /// ASN.1 DER. + fn der_cmp(&self, other: &Self) -> Result; +} + +/// DER value ordering trait. +/// +/// Compares the ordering of the value portion of TLV-encoded DER productions. +pub trait ValueOrd { + /// Return an [`Ordering`] between value portion of TLV-encoded `self` and + /// `other` when serialized as ASN.1 DER. + fn value_cmp(&self, other: &Self) -> Result; +} + +impl DerOrd for T +where + T: EncodeValue + ValueOrd + Tagged, +{ + fn der_cmp(&self, other: &Self) -> Result { + match self.header()?.der_cmp(&other.header()?)? { + Ordering::Equal => self.value_cmp(other), + ordering => Ok(ordering), + } + } +} + +/// Marker trait for types whose `Ord` impl can be used as `ValueOrd`. +/// +/// This means the `Ord` impl will sort values in the same order as their DER +/// encodings. +pub trait OrdIsValueOrd: Ord {} + +impl ValueOrd for T +where + T: OrdIsValueOrd, +{ + fn value_cmp(&self, other: &Self) -> Result { + Ok(self.cmp(other)) + } +} + +/// Compare the order of two iterators using [`DerCmp`] on the values. +pub(crate) fn iter_cmp<'a, I, T: 'a>(a: I, b: I) -> Result +where + I: Iterator + ExactSizeIterator, + T: DerOrd, +{ + let length_ord = a.len().cmp(&b.len()); + + for (value1, value2) in a.zip(b) { + match value1.der_cmp(value2)? { + Ordering::Equal => (), + other => return Ok(other), + } + } + + Ok(length_ord) +} + +/// Provide a no-op implementation for PhantomData +impl ValueOrd for PhantomData { + fn value_cmp(&self, _other: &Self) -> Result { + Ok(Ordering::Equal) + } +} + +/// Provide a no-op implementation for PhantomData +impl DerOrd for PhantomData { + fn der_cmp(&self, _other: &Self) -> Result { + Ok(Ordering::Equal) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader.rs new file mode 100644 index 000000000000..ea52f7bded92 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader.rs @@ -0,0 +1,167 @@ +//! Reader trait. + +pub(crate) mod nested; +#[cfg(feature = "pem")] +pub(crate) mod pem; +pub(crate) mod slice; + +pub(crate) use nested::NestedReader; + +use crate::{ + asn1::ContextSpecific, Decode, DecodeValue, Encode, Error, ErrorKind, FixedTag, Header, Length, + Result, Tag, TagMode, TagNumber, +}; + +#[cfg(feature = "alloc")] +use alloc::vec::Vec; + +/// Reader trait which reads DER-encoded input. +pub trait Reader<'r>: Sized { + /// Get the length of the input. + fn input_len(&self) -> Length; + + /// Peek at the next byte of input without modifying the cursor. + fn peek_byte(&self) -> Option; + + /// Peek forward in the input data, attempting to decode a [`Header`] from + /// the data at the current position in the decoder. + /// + /// Does not modify the decoder's state. + fn peek_header(&self) -> Result
; + + /// Get the position within the buffer. + fn position(&self) -> Length; + + /// Attempt to read data borrowed directly from the input as a slice, + /// updating the internal cursor position. + /// + /// # Returns + /// - `Ok(slice)` on success + /// - `Err(ErrorKind::Incomplete)` if there is not enough data + /// - `Err(ErrorKind::Reader)` if the reader can't borrow from the input + fn read_slice(&mut self, len: Length) -> Result<&'r [u8]>; + + /// Attempt to decode an ASN.1 `CONTEXT-SPECIFIC` field with the + /// provided [`TagNumber`]. + fn context_specific(&mut self, tag_number: TagNumber, tag_mode: TagMode) -> Result> + where + T: DecodeValue<'r> + FixedTag, + { + Ok(match tag_mode { + TagMode::Explicit => ContextSpecific::::decode_explicit(self, tag_number)?, + TagMode::Implicit => ContextSpecific::::decode_implicit(self, tag_number)?, + } + .map(|field| field.value)) + } + + /// Decode a value which impls the [`Decode`] trait. + fn decode>(&mut self) -> Result { + T::decode(self).map_err(|e| e.nested(self.position())) + } + + /// Return an error with the given [`ErrorKind`], annotating it with + /// context about where the error occurred. + fn error(&mut self, kind: ErrorKind) -> Error { + kind.at(self.position()) + } + + /// Finish decoding, returning the given value if there is no + /// remaining data, or an error otherwise + fn finish(self, value: T) -> Result { + if !self.is_finished() { + Err(ErrorKind::TrailingData { + decoded: self.position(), + remaining: self.remaining_len(), + } + .at(self.position())) + } else { + Ok(value) + } + } + + /// Have we read all of the input data? + fn is_finished(&self) -> bool { + self.remaining_len().is_zero() + } + + /// Offset within the original input stream. + /// + /// This is used for error reporting, and doesn't need to be overridden + /// by any reader implementations (except for the built-in `NestedReader`, + /// which consumes nested input messages) + fn offset(&self) -> Length { + self.position() + } + + /// Peek at the next byte in the decoder and attempt to decode it as a + /// [`Tag`] value. + /// + /// Does not modify the decoder's state. + fn peek_tag(&self) -> Result { + match self.peek_byte() { + Some(byte) => byte.try_into(), + None => Err(Error::incomplete(self.input_len())), + } + } + + /// Read a single byte. + fn read_byte(&mut self) -> Result { + let mut buf = [0]; + self.read_into(&mut buf)?; + Ok(buf[0]) + } + + /// Attempt to read input data, writing it into the provided buffer, and + /// returning a slice on success. + /// + /// # Returns + /// - `Ok(slice)` if there is sufficient data + /// - `Err(ErrorKind::Incomplete)` if there is not enough data + fn read_into<'o>(&mut self, buf: &'o mut [u8]) -> Result<&'o [u8]> { + let input = self.read_slice(buf.len().try_into()?)?; + buf.copy_from_slice(input); + Ok(buf) + } + + /// Read nested data of the given length. + fn read_nested<'n, T, F>(&'n mut self, len: Length, f: F) -> Result + where + F: FnOnce(&mut NestedReader<'n, Self>) -> Result, + { + let mut reader = NestedReader::new(self, len)?; + let ret = f(&mut reader)?; + reader.finish(ret) + } + + /// Read a byte vector of the given length. + #[cfg(feature = "alloc")] + fn read_vec(&mut self, len: Length) -> Result> { + let mut bytes = vec![0u8; usize::try_from(len)?]; + self.read_into(&mut bytes)?; + Ok(bytes) + } + + /// Get the number of bytes still remaining in the buffer. + fn remaining_len(&self) -> Length { + debug_assert!(self.position() <= self.input_len()); + self.input_len().saturating_sub(self.position()) + } + + /// Read an ASN.1 `SEQUENCE`, creating a nested [`Reader`] for the body and + /// calling the provided closure with it. + fn sequence<'n, F, T>(&'n mut self, f: F) -> Result + where + F: FnOnce(&mut NestedReader<'n, Self>) -> Result, + { + let header = Header::decode(self)?; + header.tag.assert_eq(Tag::Sequence)?; + self.read_nested(header.length, f) + } + + /// Obtain a slice of bytes contain a complete TLV production suitable for parsing later. + fn tlv_bytes(&mut self) -> Result<&'r [u8]> { + let header = self.peek_header()?; + let header_len = header.encoded_len()?; + self.read_slice((header_len + header.length)?) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/nested.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/nested.rs new file mode 100644 index 000000000000..40ede69ac757 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/nested.rs @@ -0,0 +1,96 @@ +//! Reader type for consuming nested TLV records within a DER document. + +use crate::{reader::Reader, Error, ErrorKind, Header, Length, Result}; + +/// Reader type used by [`Reader::read_nested`]. +pub struct NestedReader<'i, R> { + /// Inner reader type. + inner: &'i mut R, + + /// Nested input length. + input_len: Length, + + /// Position within the nested input. + position: Length, +} + +impl<'i, 'r, R: Reader<'r>> NestedReader<'i, R> { + /// Create a new nested reader which can read the given [`Length`]. + pub(crate) fn new(inner: &'i mut R, len: Length) -> Result { + if len <= inner.remaining_len() { + Ok(Self { + inner, + input_len: len, + position: Length::ZERO, + }) + } else { + Err(ErrorKind::Incomplete { + expected_len: (inner.offset() + len)?, + actual_len: (inner.offset() + inner.remaining_len())?, + } + .at(inner.offset())) + } + } + + /// Move the position cursor the given length, returning an error if there + /// isn't enough remaining data in the nested input. + fn advance_position(&mut self, len: Length) -> Result<()> { + let new_position = (self.position + len)?; + + if new_position <= self.input_len { + self.position = new_position; + Ok(()) + } else { + Err(ErrorKind::Incomplete { + expected_len: (self.inner.offset() + len)?, + actual_len: (self.inner.offset() + self.remaining_len())?, + } + .at(self.inner.offset())) + } + } +} + +impl<'i, 'r, R: Reader<'r>> Reader<'r> for NestedReader<'i, R> { + fn input_len(&self) -> Length { + self.input_len + } + + fn peek_byte(&self) -> Option { + if self.is_finished() { + None + } else { + self.inner.peek_byte() + } + } + + fn peek_header(&self) -> Result
{ + if self.is_finished() { + Err(Error::incomplete(self.offset())) + } else { + // TODO(tarcieri): handle peeking past nested length + self.inner.peek_header() + } + } + + fn position(&self) -> Length { + self.position + } + + fn read_slice(&mut self, len: Length) -> Result<&'r [u8]> { + self.advance_position(len)?; + self.inner.read_slice(len) + } + + fn error(&mut self, kind: ErrorKind) -> Error { + self.inner.error(kind) + } + + fn offset(&self) -> Length { + self.inner.offset() + } + + fn read_into<'o>(&mut self, out: &'o mut [u8]) -> Result<&'o [u8]> { + self.advance_position(Length::try_from(out.len())?)?; + self.inner.read_into(out) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/pem.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/pem.rs new file mode 100644 index 000000000000..f11341aa6f35 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/pem.rs @@ -0,0 +1,206 @@ +//! Streaming PEM reader. + +use super::Reader; +use crate::{Decode, Error, ErrorKind, Header, Length, Result}; +use core::cell::RefCell; + +#[allow(clippy::integer_arithmetic)] +mod utils { + use crate::{Error, Length, Result}; + use pem_rfc7468::Decoder; + + #[derive(Clone)] + pub(super) struct BufReader<'i> { + /// Inner PEM decoder. + decoder: Decoder<'i>, + + /// Remaining after base64 decoding + remaining: usize, + + /// Read buffer + buf: [u8; BufReader::CAPACITY], + + /// Position of the head in the buffer, + pos: usize, + + /// Position of the tail in the buffer, + cap: usize, + } + + impl<'i> BufReader<'i> { + const CAPACITY: usize = 256; + + pub fn new(pem: &'i [u8]) -> Result { + let decoder = Decoder::new(pem)?; + let remaining = decoder.remaining_len(); + + Ok(Self { + decoder, + remaining, + buf: [0u8; 256], + pos: 0, + cap: 0, + }) + } + + pub fn remaining_len(&self) -> usize { + self.decoder.remaining_len() + self.cap - self.pos + } + + fn fill_buffer(&mut self) -> Result<()> { + debug_assert!(self.pos <= self.cap); + + if self.is_empty() { + self.pos = 0; + self.cap = 0; + } + + let end = (self.cap + self.remaining).min(Self::CAPACITY); + let writable_slice = &mut self.buf[self.cap..end]; + if writable_slice.is_empty() { + return Ok(()); + } + + let wrote = self.decoder.decode(writable_slice)?.len(); + if wrote == 0 { + return Err(Error::incomplete(Length::try_from(self.pos)?)); + } + + self.cap += wrote; + self.remaining -= wrote; + debug_assert!(self.cap <= Self::CAPACITY); + + Ok(()) + } + + /// Get the PEM label which will be used in the encapsulation boundaries + /// for this document. + pub fn type_label(&self) -> &'i str { + self.decoder.type_label() + } + + fn is_empty(&self) -> bool { + self.pos == self.cap + } + + fn as_slice(&self) -> &[u8] { + &self.buf[self.pos..self.cap] + } + } + + impl<'i> BufReader<'i> { + pub fn peek_byte(&self) -> Option { + let s = self.as_slice(); + s.first().copied() + } + + pub fn copy_to_slice<'o>(&mut self, buf: &'o mut [u8]) -> Result<&'o [u8]> { + let mut output_pos = 0; + + while output_pos < buf.len() { + if self.is_empty() { + self.fill_buffer()?; + } + + let available = &self.buf[self.pos..self.cap]; + let window_len = (buf.len() - output_pos).min(available.len()); + let window = &mut buf[output_pos..output_pos + window_len]; + + window.copy_from_slice(&available[..window_len]); + self.pos += window_len; + output_pos += window_len; + } + + // Don't leave the read buffer empty for peek_byte() + if self.is_empty() && self.decoder.remaining_len() != 0 { + self.fill_buffer()? + } + + debug_assert_eq!(output_pos, buf.len()); + + Ok(buf) + } + } +} + +/// `Reader` type which decodes PEM on-the-fly. +#[cfg(feature = "pem")] +#[derive(Clone)] +pub struct PemReader<'i> { + /// Inner PEM decoder wrapped in a BufReader. + reader: RefCell>, + + /// Input length (in bytes after Base64 decoding). + input_len: Length, + + /// Position in the input buffer (in bytes after Base64 decoding). + position: Length, +} + +#[cfg(feature = "pem")] +impl<'i> PemReader<'i> { + /// Create a new PEM reader which decodes data on-the-fly. + /// + /// Uses the default 64-character line wrapping. + pub fn new(pem: &'i [u8]) -> Result { + let reader = utils::BufReader::new(pem)?; + let input_len = Length::try_from(reader.remaining_len())?; + + Ok(Self { + reader: RefCell::new(reader), + input_len, + position: Length::ZERO, + }) + } + + /// Get the PEM label which will be used in the encapsulation boundaries + /// for this document. + pub fn type_label(&self) -> &'i str { + self.reader.borrow().type_label() + } +} + +#[cfg(feature = "pem")] +impl<'i> Reader<'i> for PemReader<'i> { + fn input_len(&self) -> Length { + self.input_len + } + + fn peek_byte(&self) -> Option { + if self.is_finished() { + None + } else { + self.reader.borrow().peek_byte() + } + } + + fn peek_header(&self) -> Result
{ + if self.is_finished() { + Err(Error::incomplete(self.offset())) + } else { + Header::decode(&mut self.clone()) + } + } + + fn position(&self) -> Length { + self.position + } + + fn read_slice(&mut self, _len: Length) -> Result<&'i [u8]> { + // Can't borrow from PEM because it requires decoding + Err(ErrorKind::Reader.into()) + } + + fn read_into<'o>(&mut self, buf: &'o mut [u8]) -> Result<&'o [u8]> { + let bytes = self.reader.borrow_mut().copy_to_slice(buf)?; + + self.position = (self.position + bytes.len())?; + + debug_assert_eq!( + self.position, + (self.input_len - Length::try_from(self.reader.borrow().remaining_len())?)? + ); + + Ok(bytes) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/slice.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/slice.rs new file mode 100644 index 000000000000..e78468fed542 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/slice.rs @@ -0,0 +1,214 @@ +//! Slice reader. + +use crate::{BytesRef, Decode, Error, ErrorKind, Header, Length, Reader, Result, Tag}; + +/// [`Reader`] which consumes an input byte slice. +#[derive(Clone, Debug)] +pub struct SliceReader<'a> { + /// Byte slice being decoded. + bytes: BytesRef<'a>, + + /// Did the decoding operation fail? + failed: bool, + + /// Position within the decoded slice. + position: Length, +} + +impl<'a> SliceReader<'a> { + /// Create a new slice reader for the given byte slice. + pub fn new(bytes: &'a [u8]) -> Result { + Ok(Self { + bytes: BytesRef::new(bytes)?, + failed: false, + position: Length::ZERO, + }) + } + + /// Return an error with the given [`ErrorKind`], annotating it with + /// context about where the error occurred. + pub fn error(&mut self, kind: ErrorKind) -> Error { + self.failed = true; + kind.at(self.position) + } + + /// Return an error for an invalid value with the given tag. + pub fn value_error(&mut self, tag: Tag) -> Error { + self.error(tag.value_error().kind()) + } + + /// Did the decoding operation fail due to an error? + pub fn is_failed(&self) -> bool { + self.failed + } + + /// Obtain the remaining bytes in this slice reader from the current cursor + /// position. + fn remaining(&self) -> Result<&'a [u8]> { + if self.is_failed() { + Err(ErrorKind::Failed.at(self.position)) + } else { + self.bytes + .as_slice() + .get(self.position.try_into()?..) + .ok_or_else(|| Error::incomplete(self.input_len())) + } + } +} + +impl<'a> Reader<'a> for SliceReader<'a> { + fn input_len(&self) -> Length { + self.bytes.len() + } + + fn peek_byte(&self) -> Option { + self.remaining() + .ok() + .and_then(|bytes| bytes.first().cloned()) + } + + fn peek_header(&self) -> Result
{ + Header::decode(&mut self.clone()) + } + + fn position(&self) -> Length { + self.position + } + + fn read_slice(&mut self, len: Length) -> Result<&'a [u8]> { + if self.is_failed() { + return Err(self.error(ErrorKind::Failed)); + } + + match self.remaining()?.get(..len.try_into()?) { + Some(result) => { + self.position = (self.position + len)?; + Ok(result) + } + None => Err(self.error(ErrorKind::Incomplete { + expected_len: (self.position + len)?, + actual_len: self.input_len(), + })), + } + } + + fn decode>(&mut self) -> Result { + if self.is_failed() { + return Err(self.error(ErrorKind::Failed)); + } + + T::decode(self).map_err(|e| { + self.failed = true; + e.nested(self.position) + }) + } + + fn error(&mut self, kind: ErrorKind) -> Error { + self.failed = true; + kind.at(self.position) + } + + fn finish(self, value: T) -> Result { + if self.is_failed() { + Err(ErrorKind::Failed.at(self.position)) + } else if !self.is_finished() { + Err(ErrorKind::TrailingData { + decoded: self.position, + remaining: self.remaining_len(), + } + .at(self.position)) + } else { + Ok(value) + } + } + + fn remaining_len(&self) -> Length { + debug_assert!(self.position <= self.input_len()); + self.input_len().saturating_sub(self.position) + } +} + +#[cfg(test)] +mod tests { + use super::SliceReader; + use crate::{Decode, ErrorKind, Length, Reader, Tag}; + use hex_literal::hex; + + // INTEGER: 42 + const EXAMPLE_MSG: &[u8] = &hex!("02012A00"); + + #[test] + fn empty_message() { + let mut reader = SliceReader::new(&[]).unwrap(); + let err = bool::decode(&mut reader).err().unwrap(); + assert_eq!(Some(Length::ZERO), err.position()); + + match err.kind() { + ErrorKind::Incomplete { + expected_len, + actual_len, + } => { + assert_eq!(actual_len, 0u8.into()); + assert_eq!(expected_len, 1u8.into()); + } + other => panic!("unexpected error kind: {:?}", other), + } + } + + #[test] + fn invalid_field_length() { + const MSG_LEN: usize = 2; + + let mut reader = SliceReader::new(&EXAMPLE_MSG[..MSG_LEN]).unwrap(); + let err = i8::decode(&mut reader).err().unwrap(); + assert_eq!(Some(Length::from(2u8)), err.position()); + + match err.kind() { + ErrorKind::Incomplete { + expected_len, + actual_len, + } => { + assert_eq!(actual_len, MSG_LEN.try_into().unwrap()); + assert_eq!(expected_len, (MSG_LEN + 1).try_into().unwrap()); + } + other => panic!("unexpected error kind: {:?}", other), + } + } + + #[test] + fn trailing_data() { + let mut reader = SliceReader::new(EXAMPLE_MSG).unwrap(); + let x = i8::decode(&mut reader).unwrap(); + assert_eq!(42i8, x); + + let err = reader.finish(x).err().unwrap(); + assert_eq!(Some(Length::from(3u8)), err.position()); + + assert_eq!( + ErrorKind::TrailingData { + decoded: 3u8.into(), + remaining: 1u8.into() + }, + err.kind() + ); + } + + #[test] + fn peek_tag() { + let reader = SliceReader::new(EXAMPLE_MSG).unwrap(); + assert_eq!(reader.position(), Length::ZERO); + assert_eq!(reader.peek_tag().unwrap(), Tag::Integer); + assert_eq!(reader.position(), Length::ZERO); // Position unchanged + } + + #[test] + fn peek_header() { + let reader = SliceReader::new(EXAMPLE_MSG).unwrap(); + assert_eq!(reader.position(), Length::ZERO); + + let header = reader.peek_header().unwrap(); + assert_eq!(header.tag, Tag::Integer); + assert_eq!(header.length, Length::ONE); + assert_eq!(reader.position(), Length::ZERO); // Position unchanged + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/referenced.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/referenced.rs new file mode 100644 index 000000000000..b0c8f0325882 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/referenced.rs @@ -0,0 +1,69 @@ +//! A module for working with referenced data. + +/// A trait for borrowing data from an owned struct +pub trait OwnedToRef { + /// The resulting type referencing back to Self + type Borrowed<'a> + where + Self: 'a; + + /// Creates a new object referencing back to the self for storage + fn owned_to_ref(&self) -> Self::Borrowed<'_>; +} + +/// A trait for cloning a referenced structure and getting owned objects +/// +/// This is the pendant to [`OwnedToRef`] +pub trait RefToOwned<'a> { + /// The resulting type after obtaining ownership. + type Owned: OwnedToRef = Self> + where + Self: 'a; + + /// Creates a new object taking ownership of the data + fn ref_to_owned(&self) -> Self::Owned; +} + +impl OwnedToRef for Option +where + T: OwnedToRef, +{ + type Borrowed<'a> = Option> where T: 'a; + + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + self.as_ref().map(|o| o.owned_to_ref()) + } +} + +impl<'a, T> RefToOwned<'a> for Option +where + T: RefToOwned<'a> + 'a, + T::Owned: OwnedToRef, +{ + type Owned = Option; + fn ref_to_owned(&self) -> Self::Owned { + self.as_ref().map(|o| o.ref_to_owned()) + } +} + +#[cfg(feature = "alloc")] +mod allocating { + use super::{OwnedToRef, RefToOwned}; + use alloc::boxed::Box; + + impl<'a> RefToOwned<'a> for &'a [u8] { + type Owned = Box<[u8]>; + + fn ref_to_owned(&self) -> Self::Owned { + Box::from(*self) + } + } + + impl OwnedToRef for Box<[u8]> { + type Borrowed<'a> = &'a [u8]; + + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + self.as_ref() + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/str_owned.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/str_owned.rs new file mode 100644 index 000000000000..20bfea5bd7a1 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/str_owned.rs @@ -0,0 +1,104 @@ +//! Common handling for types backed by `String` with enforcement of a +//! library-level length limitation i.e. `Length::max()`. + +use crate::{ + referenced::OwnedToRef, BytesRef, DecodeValue, EncodeValue, Header, Length, Reader, Result, + StrRef, Writer, +}; +use alloc::string::String; +use core::str; + +/// String newtype which respects the [`Length::max`] limit. +#[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct StrOwned { + /// Inner value + pub(crate) inner: String, + + /// Precomputed `Length` (avoids possible panicking conversions) + pub(crate) length: Length, +} + +impl StrOwned { + /// Create a new [`StrOwned`], ensuring that the byte representation of + /// the provided `str` value is shorter than `Length::max()`. + pub fn new(s: String) -> Result { + let length = Length::try_from(s.as_bytes().len())?; + + Ok(Self { inner: s, length }) + } + + /// Parse a [`String`] from UTF-8 encoded bytes. + pub fn from_bytes(bytes: &[u8]) -> Result { + Ok(Self { + inner: String::from_utf8(bytes.to_vec())?, + length: Length::try_from(bytes.len())?, + }) + } + + /// Borrow the inner `str` + pub fn as_str(&self) -> &str { + &self.inner + } + + /// Borrow the inner byte slice + pub fn as_bytes(&self) -> &[u8] { + self.inner.as_bytes() + } + + /// Get the [`Length`] of this [`StrOwned`] + pub fn len(&self) -> Length { + self.length + } + + /// Is this [`StrOwned`] empty? + pub fn is_empty(&self) -> bool { + self.len() == Length::ZERO + } +} + +impl AsRef for StrOwned { + fn as_ref(&self) -> &str { + self.as_str() + } +} + +impl AsRef<[u8]> for StrOwned { + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } +} + +impl<'a> DecodeValue<'a> for StrOwned { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Self::from_bytes(BytesRef::decode_value(reader, header)?.as_slice()) + } +} + +impl EncodeValue for StrOwned { + fn value_len(&self) -> Result { + Ok(self.length) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_ref()) + } +} + +impl From> for StrOwned { + fn from(s: StrRef<'_>) -> StrOwned { + Self { + inner: String::from(s.inner), + length: s.length, + } + } +} + +impl OwnedToRef for StrOwned { + type Borrowed<'a> = StrRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + StrRef { + length: self.length, + inner: self.inner.as_ref(), + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/str_ref.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/str_ref.rs new file mode 100644 index 000000000000..899c7506b5f9 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/str_ref.rs @@ -0,0 +1,92 @@ +//! Common handling for types backed by `str` slices with enforcement of a +//! library-level length limitation i.e. `Length::max()`. + +use crate::{BytesRef, DecodeValue, EncodeValue, Header, Length, Reader, Result, Writer}; +use core::str; + +/// String slice newtype which respects the [`Length::max`] limit. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct StrRef<'a> { + /// Inner value + pub(crate) inner: &'a str, + + /// Precomputed `Length` (avoids possible panicking conversions) + pub(crate) length: Length, +} + +impl<'a> StrRef<'a> { + /// Create a new [`StrRef`], ensuring that the byte representation of + /// the provided `str` value is shorter than `Length::max()`. + pub fn new(s: &'a str) -> Result { + Ok(Self { + inner: s, + length: Length::try_from(s.as_bytes().len())?, + }) + } + + /// Parse a [`StrRef`] from UTF-8 encoded bytes. + pub fn from_bytes(bytes: &'a [u8]) -> Result { + Self::new(str::from_utf8(bytes)?) + } + + /// Borrow the inner `str` + pub fn as_str(&self) -> &'a str { + self.inner + } + + /// Borrow the inner byte slice + pub fn as_bytes(&self) -> &'a [u8] { + self.inner.as_bytes() + } + + /// Get the [`Length`] of this [`StrRef`] + pub fn len(self) -> Length { + self.length + } + + /// Is this [`StrRef`] empty? + pub fn is_empty(self) -> bool { + self.len() == Length::ZERO + } +} + +impl AsRef for StrRef<'_> { + fn as_ref(&self) -> &str { + self.as_str() + } +} + +impl AsRef<[u8]> for StrRef<'_> { + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } +} + +impl<'a> DecodeValue<'a> for StrRef<'a> { + fn decode_value>(reader: &mut R, header: Header) -> Result { + Self::from_bytes(BytesRef::decode_value(reader, header)?.as_slice()) + } +} + +impl<'a> EncodeValue for StrRef<'a> { + fn value_len(&self) -> Result { + Ok(self.length) + } + + fn encode_value(&self, writer: &mut impl Writer) -> Result<()> { + writer.write(self.as_ref()) + } +} + +#[cfg(feature = "alloc")] +mod allocating { + use super::StrRef; + use crate::{referenced::RefToOwned, StrOwned}; + + impl<'a> RefToOwned<'a> for StrRef<'a> { + type Owned = StrOwned; + fn ref_to_owned(&self) -> Self::Owned { + StrOwned::from(*self) + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag.rs new file mode 100644 index 000000000000..7a1fed1b77ad --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag.rs @@ -0,0 +1,460 @@ +//! ASN.1 tags. +#![cfg_attr(feature = "arbitrary", allow(clippy::integer_arithmetic))] + +mod class; +mod mode; +mod number; + +pub use self::{class::Class, mode::TagMode, number::TagNumber}; + +use crate::{Decode, DerOrd, Encode, Error, ErrorKind, Length, Reader, Result, Writer}; +use core::{cmp::Ordering, fmt}; + +/// Indicator bit for constructed form encoding (i.e. vs primitive form) +const CONSTRUCTED_FLAG: u8 = 0b100000; + +/// Types which have a constant ASN.1 [`Tag`]. +pub trait FixedTag { + /// ASN.1 tag + const TAG: Tag; +} + +/// Types which have an ASN.1 [`Tag`]. +pub trait Tagged { + /// Get the ASN.1 tag that this type is encoded with. + fn tag(&self) -> Tag; +} + +/// Types which are [`FixedTag`] always have a known [`Tag`] type. +impl Tagged for T { + fn tag(&self) -> Tag { + T::TAG + } +} + +/// ASN.1 tags. +/// +/// Tags are the leading identifier octet of the Tag-Length-Value encoding +/// used by ASN.1 DER and identify the type of the subsequent value. +/// +/// They are described in X.690 Section 8.1.2: Identifier octets, and +/// structured as follows: +/// +/// ```text +/// | Class | P/C | Tag Number | +/// ``` +/// +/// - Bits 8/7: [`Class`] +/// - Bit 6: primitive (0) or constructed (1) +/// - Bits 5-1: tag number +#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))] +#[derive(Copy, Clone, Eq, PartialEq, PartialOrd, Ord)] +#[non_exhaustive] +pub enum Tag { + /// `BOOLEAN` tag: `1`. + Boolean, + + /// `INTEGER` tag: `2`. + Integer, + + /// `BIT STRING` tag: `3`. + BitString, + + /// `OCTET STRING` tag: `4`. + OctetString, + + /// `NULL` tag: `5`. + Null, + + /// `OBJECT IDENTIFIER` tag: `6`. + ObjectIdentifier, + + /// `REAL` tag: `9`. + Real, + + /// `ENUMERATED` tag: `10`. + Enumerated, + + /// `UTF8String` tag: `12`. + Utf8String, + + /// `SEQUENCE` tag: `16`. + Sequence, + + /// `SET` and `SET OF` tag: `17`. + Set, + + /// `NumericString` tag: `18`. + NumericString, + + /// `PrintableString` tag: `19`. + PrintableString, + + /// `TeletexString` tag: `20`. + TeletexString, + + /// `VideotexString` tag: `21`. + VideotexString, + + /// `IA5String` tag: `22`. + Ia5String, + + /// `UTCTime` tag: `23`. + UtcTime, + + /// `GeneralizedTime` tag: `24`. + GeneralizedTime, + + /// `VisibleString` tag: `26`. + VisibleString, + + /// `BMPString` tag: `30`. + BmpString, + + /// Application tag. + Application { + /// Is this tag constructed? (vs primitive). + constructed: bool, + + /// Tag number. + number: TagNumber, + }, + + /// Context-specific tag. + ContextSpecific { + /// Is this tag constructed? (vs primitive). + constructed: bool, + + /// Tag number. + number: TagNumber, + }, + + /// Private tag number. + Private { + /// Is this tag constructed? (vs primitive). + constructed: bool, + + /// Tag number. + number: TagNumber, + }, +} + +impl Tag { + /// Assert that this [`Tag`] matches the provided expected tag. + /// + /// On mismatch, returns an [`Error`] with [`ErrorKind::TagUnexpected`]. + pub fn assert_eq(self, expected: Tag) -> Result { + if self == expected { + Ok(self) + } else { + Err(self.unexpected_error(Some(expected))) + } + } + + /// Get the [`Class`] that corresponds to this [`Tag`]. + pub fn class(self) -> Class { + match self { + Tag::Application { .. } => Class::Application, + Tag::ContextSpecific { .. } => Class::ContextSpecific, + Tag::Private { .. } => Class::Private, + _ => Class::Universal, + } + } + + /// Get the [`TagNumber`] (lower 6-bits) for this tag. + pub fn number(self) -> TagNumber { + TagNumber(self.octet() & TagNumber::MASK) + } + + /// Does this tag represent a constructed (as opposed to primitive) field? + pub fn is_constructed(self) -> bool { + self.octet() & CONSTRUCTED_FLAG != 0 + } + + /// Is this an application tag? + pub fn is_application(self) -> bool { + self.class() == Class::Application + } + + /// Is this a context-specific tag? + pub fn is_context_specific(self) -> bool { + self.class() == Class::ContextSpecific + } + + /// Is this a private tag? + pub fn is_private(self) -> bool { + self.class() == Class::Private + } + + /// Is this a universal tag? + pub fn is_universal(self) -> bool { + self.class() == Class::Universal + } + + /// Get the octet encoding for this [`Tag`]. + pub fn octet(self) -> u8 { + match self { + Tag::Boolean => 0x01, + Tag::Integer => 0x02, + Tag::BitString => 0x03, + Tag::OctetString => 0x04, + Tag::Null => 0x05, + Tag::ObjectIdentifier => 0x06, + Tag::Real => 0x09, + Tag::Enumerated => 0x0A, + Tag::Utf8String => 0x0C, + Tag::Sequence => 0x10 | CONSTRUCTED_FLAG, + Tag::Set => 0x11 | CONSTRUCTED_FLAG, + Tag::NumericString => 0x12, + Tag::PrintableString => 0x13, + Tag::TeletexString => 0x14, + Tag::VideotexString => 0x15, + Tag::Ia5String => 0x16, + Tag::UtcTime => 0x17, + Tag::GeneralizedTime => 0x18, + Tag::VisibleString => 0x1A, + Tag::BmpString => 0x1E, + Tag::Application { + constructed, + number, + } + | Tag::ContextSpecific { + constructed, + number, + } + | Tag::Private { + constructed, + number, + } => self.class().octet(constructed, number), + } + } + + /// Create an [`Error`] for an invalid [`Length`]. + pub fn length_error(self) -> Error { + ErrorKind::Length { tag: self }.into() + } + + /// Create an [`Error`] for an non-canonical value with the ASN.1 type + /// identified by this tag. + pub fn non_canonical_error(self) -> Error { + ErrorKind::Noncanonical { tag: self }.into() + } + + /// Create an [`Error`] because the current tag was unexpected, with an + /// optional expected tag. + pub fn unexpected_error(self, expected: Option) -> Error { + ErrorKind::TagUnexpected { + expected, + actual: self, + } + .into() + } + + /// Create an [`Error`] for an invalid value with the ASN.1 type identified + /// by this tag. + pub fn value_error(self) -> Error { + ErrorKind::Value { tag: self }.into() + } +} + +impl TryFrom for Tag { + type Error = Error; + + fn try_from(byte: u8) -> Result { + let constructed = byte & CONSTRUCTED_FLAG != 0; + let number = TagNumber::try_from(byte & TagNumber::MASK)?; + + match byte { + 0x01 => Ok(Tag::Boolean), + 0x02 => Ok(Tag::Integer), + 0x03 => Ok(Tag::BitString), + 0x04 => Ok(Tag::OctetString), + 0x05 => Ok(Tag::Null), + 0x06 => Ok(Tag::ObjectIdentifier), + 0x09 => Ok(Tag::Real), + 0x0A => Ok(Tag::Enumerated), + 0x0C => Ok(Tag::Utf8String), + 0x12 => Ok(Tag::NumericString), + 0x13 => Ok(Tag::PrintableString), + 0x14 => Ok(Tag::TeletexString), + 0x15 => Ok(Tag::VideotexString), + 0x16 => Ok(Tag::Ia5String), + 0x17 => Ok(Tag::UtcTime), + 0x18 => Ok(Tag::GeneralizedTime), + 0x1A => Ok(Tag::VisibleString), + 0x1E => Ok(Tag::BmpString), + 0x30 => Ok(Tag::Sequence), // constructed + 0x31 => Ok(Tag::Set), // constructed + 0x40..=0x7E => Ok(Tag::Application { + constructed, + number, + }), + 0x80..=0xBE => Ok(Tag::ContextSpecific { + constructed, + number, + }), + 0xC0..=0xFE => Ok(Tag::Private { + constructed, + number, + }), + _ => Err(ErrorKind::TagUnknown { byte }.into()), + } + } +} + +impl From for u8 { + fn from(tag: Tag) -> u8 { + tag.octet() + } +} + +impl From<&Tag> for u8 { + fn from(tag: &Tag) -> u8 { + u8::from(*tag) + } +} + +impl<'a> Decode<'a> for Tag { + fn decode>(reader: &mut R) -> Result { + reader.read_byte().and_then(Self::try_from) + } +} + +impl Encode for Tag { + fn encoded_len(&self) -> Result { + Ok(Length::ONE) + } + + fn encode(&self, writer: &mut impl Writer) -> Result<()> { + writer.write_byte(self.into()) + } +} + +impl DerOrd for Tag { + fn der_cmp(&self, other: &Self) -> Result { + Ok(self.octet().cmp(&other.octet())) + } +} + +impl fmt::Display for Tag { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + const FIELD_TYPE: [&str; 2] = ["primitive", "constructed"]; + + match *self { + Tag::Boolean => f.write_str("BOOLEAN"), + Tag::Integer => f.write_str("INTEGER"), + Tag::BitString => f.write_str("BIT STRING"), + Tag::OctetString => f.write_str("OCTET STRING"), + Tag::Null => f.write_str("NULL"), + Tag::ObjectIdentifier => f.write_str("OBJECT IDENTIFIER"), + Tag::Real => f.write_str("REAL"), + Tag::Enumerated => f.write_str("ENUMERATED"), + Tag::Utf8String => f.write_str("UTF8String"), + Tag::Set => f.write_str("SET"), + Tag::NumericString => f.write_str("NumericString"), + Tag::PrintableString => f.write_str("PrintableString"), + Tag::TeletexString => f.write_str("TeletexString"), + Tag::VideotexString => f.write_str("VideotexString"), + Tag::Ia5String => f.write_str("IA5String"), + Tag::UtcTime => f.write_str("UTCTime"), + Tag::GeneralizedTime => f.write_str("GeneralizedTime"), + Tag::VisibleString => f.write_str("VisibleString"), + Tag::BmpString => f.write_str("BMPString"), + Tag::Sequence => f.write_str("SEQUENCE"), + Tag::Application { + constructed, + number, + } => write!( + f, + "APPLICATION [{}] ({})", + number, + FIELD_TYPE[usize::from(constructed)] + ), + Tag::ContextSpecific { + constructed, + number, + } => write!( + f, + "CONTEXT-SPECIFIC [{}] ({})", + number, + FIELD_TYPE[usize::from(constructed)] + ), + Tag::Private { + constructed, + number, + } => write!( + f, + "PRIVATE [{}] ({})", + number, + FIELD_TYPE[usize::from(constructed)] + ), + } + } +} + +impl fmt::Debug for Tag { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "Tag(0x{:02x}: {})", u8::from(*self), self) + } +} + +#[cfg(test)] +mod tests { + use super::TagNumber; + use super::{Class, Tag}; + + #[test] + fn tag_class() { + assert_eq!(Tag::Boolean.class(), Class::Universal); + assert_eq!(Tag::Integer.class(), Class::Universal); + assert_eq!(Tag::BitString.class(), Class::Universal); + assert_eq!(Tag::OctetString.class(), Class::Universal); + assert_eq!(Tag::Null.class(), Class::Universal); + assert_eq!(Tag::ObjectIdentifier.class(), Class::Universal); + assert_eq!(Tag::Real.class(), Class::Universal); + assert_eq!(Tag::Enumerated.class(), Class::Universal); + assert_eq!(Tag::Utf8String.class(), Class::Universal); + assert_eq!(Tag::Set.class(), Class::Universal); + assert_eq!(Tag::NumericString.class(), Class::Universal); + assert_eq!(Tag::PrintableString.class(), Class::Universal); + assert_eq!(Tag::TeletexString.class(), Class::Universal); + assert_eq!(Tag::VideotexString.class(), Class::Universal); + assert_eq!(Tag::Ia5String.class(), Class::Universal); + assert_eq!(Tag::UtcTime.class(), Class::Universal); + assert_eq!(Tag::GeneralizedTime.class(), Class::Universal); + assert_eq!(Tag::Sequence.class(), Class::Universal); + + for num in 0..=30 { + for &constructed in &[false, true] { + let number = TagNumber::new(num); + + assert_eq!( + Tag::Application { + constructed, + number + } + .class(), + Class::Application + ); + + assert_eq!( + Tag::ContextSpecific { + constructed, + number + } + .class(), + Class::ContextSpecific + ); + + assert_eq!( + Tag::Private { + constructed, + number + } + .class(), + Class::Private + ); + } + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/class.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/class.rs new file mode 100644 index 000000000000..8a3e2ed10195 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/class.rs @@ -0,0 +1,50 @@ +//! Class of an ASN.1 tag. + +use super::{TagNumber, CONSTRUCTED_FLAG}; +use core::fmt; + +/// Class of an ASN.1 tag. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +#[repr(u8)] +pub enum Class { + /// `UNIVERSAL`: built-in types whose meaning is the same in all + /// applications. + Universal = 0b00000000, + + /// `APPLICATION`: types whose meaning is specific to an application, + /// + /// Types in two different applications may have the same + /// application-specific tag and different meanings. + Application = 0b01000000, + + /// `CONTEXT-SPECIFIC`: types whose meaning is specific to a given + /// structured type. + /// + /// Context-specific tags are used to distinguish between component types + /// with the same underlying tag within the context of a given structured + /// type, and component types in two different structured types may have + /// the same tag and different meanings. + ContextSpecific = 0b10000000, + + /// `PRIVATE`: types whose meaning is specific to a given enterprise. + Private = 0b11000000, +} + +impl Class { + /// Compute the identifier octet for a tag number of this class. + #[allow(clippy::integer_arithmetic)] + pub(super) fn octet(self, constructed: bool, number: TagNumber) -> u8 { + self as u8 | number.value() | (u8::from(constructed) * CONSTRUCTED_FLAG) + } +} + +impl fmt::Display for Class { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str(match self { + Class::Universal => "UNIVERSAL", + Class::Application => "APPLICATION", + Class::ContextSpecific => "CONTEXT-SPECIFIC", + Class::Private => "PRIVATE", + }) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/mode.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/mode.rs new file mode 100644 index 000000000000..ecdaf023a125 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/mode.rs @@ -0,0 +1,40 @@ +//! Tag modes. + +use crate::{Error, ErrorKind, Result}; +use core::{fmt, str::FromStr}; + +/// Tagging modes: `EXPLICIT` versus `IMPLICIT`. +#[derive(Copy, Clone, Debug, Default, Eq, PartialEq, PartialOrd, Ord)] +pub enum TagMode { + /// `EXPLICIT` tagging. + /// + /// Tag is added in addition to the inner tag of the type. + #[default] + Explicit, + + /// `IMPLICIT` tagging. + /// + /// Tag replaces the existing tag of the inner type. + Implicit, +} + +impl FromStr for TagMode { + type Err = Error; + + fn from_str(s: &str) -> Result { + match s { + "EXPLICIT" | "explicit" => Ok(TagMode::Explicit), + "IMPLICIT" | "implicit" => Ok(TagMode::Implicit), + _ => Err(ErrorKind::TagModeUnknown.into()), + } + } +} + +impl fmt::Display for TagMode { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + TagMode::Explicit => f.write_str("EXPLICIT"), + TagMode::Implicit => f.write_str("IMPLICIT"), + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/number.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/number.rs new file mode 100644 index 000000000000..6a7eaae22cab --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/number.rs @@ -0,0 +1,201 @@ +//! ASN.1 tag numbers + +use super::Tag; +use crate::{Error, ErrorKind, Result}; +use core::fmt; + +/// ASN.1 tag numbers (i.e. lower 5 bits of a [`Tag`]). +/// +/// From X.690 Section 8.1.2.2: +/// +/// > bits 5 to 1 shall encode the number of the tag as a binary integer with +/// > bit 5 as the most significant bit. +/// +/// This library supports tag numbers ranging from zero to 30 (inclusive), +/// which can be represented as a single identifier octet. +/// +/// Section 8.1.2.4 describes how to support multi-byte tag numbers, which are +/// encoded by using a leading tag number of 31 (`0b11111`). This library +/// deliberately does not support this: tag numbers greater than 30 are +/// disallowed. +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct TagNumber(pub(super) u8); + +impl TagNumber { + /// Tag number `0` + pub const N0: Self = Self(0); + + /// Tag number `1` + pub const N1: Self = Self(1); + + /// Tag number `2` + pub const N2: Self = Self(2); + + /// Tag number `3` + pub const N3: Self = Self(3); + + /// Tag number `4` + pub const N4: Self = Self(4); + + /// Tag number `5` + pub const N5: Self = Self(5); + + /// Tag number `6` + pub const N6: Self = Self(6); + + /// Tag number `7` + pub const N7: Self = Self(7); + + /// Tag number `8` + pub const N8: Self = Self(8); + + /// Tag number `9` + pub const N9: Self = Self(9); + + /// Tag number `10` + pub const N10: Self = Self(10); + + /// Tag number `11` + pub const N11: Self = Self(11); + + /// Tag number `12` + pub const N12: Self = Self(12); + + /// Tag number `13` + pub const N13: Self = Self(13); + + /// Tag number `14` + pub const N14: Self = Self(14); + + /// Tag number `15` + pub const N15: Self = Self(15); + + /// Tag number `16` + pub const N16: Self = Self(16); + + /// Tag number `17` + pub const N17: Self = Self(17); + + /// Tag number `18` + pub const N18: Self = Self(18); + + /// Tag number `19` + pub const N19: Self = Self(19); + + /// Tag number `20` + pub const N20: Self = Self(20); + + /// Tag number `21` + pub const N21: Self = Self(21); + + /// Tag number `22` + pub const N22: Self = Self(22); + + /// Tag number `23` + pub const N23: Self = Self(23); + + /// Tag number `24` + pub const N24: Self = Self(24); + + /// Tag number `25` + pub const N25: Self = Self(25); + + /// Tag number `26` + pub const N26: Self = Self(26); + + /// Tag number `27` + pub const N27: Self = Self(27); + + /// Tag number `28` + pub const N28: Self = Self(28); + + /// Tag number `29` + pub const N29: Self = Self(29); + + /// Tag number `30` + pub const N30: Self = Self(30); + + /// Mask value used to obtain the tag number from a tag octet. + pub(super) const MASK: u8 = 0b11111; + + /// Maximum tag number supported (inclusive). + const MAX: u8 = 30; + + /// Create a new tag number (const-friendly). + /// + /// Panics if the tag number is greater than `30`. + /// For a fallible conversion, use [`TryFrom`] instead. + pub const fn new(byte: u8) -> Self { + #[allow(clippy::panic)] + if byte > Self::MAX { + panic!("tag number out of range"); + } + + Self(byte) + } + + /// Create an `APPLICATION` tag with this tag number. + pub fn application(self, constructed: bool) -> Tag { + Tag::Application { + constructed, + number: self, + } + } + + /// Create a `CONTEXT-SPECIFIC` tag with this tag number. + pub fn context_specific(self, constructed: bool) -> Tag { + Tag::ContextSpecific { + constructed, + number: self, + } + } + + /// Create a `PRIVATE` tag with this tag number. + pub fn private(self, constructed: bool) -> Tag { + Tag::Private { + constructed, + number: self, + } + } + + /// Get the inner value. + pub fn value(self) -> u8 { + self.0 + } +} + +impl TryFrom for TagNumber { + type Error = Error; + + fn try_from(byte: u8) -> Result { + match byte { + 0..=Self::MAX => Ok(Self(byte)), + _ => Err(ErrorKind::TagNumberInvalid.into()), + } + } +} + +impl From for u8 { + fn from(tag_number: TagNumber) -> u8 { + tag_number.0 + } +} + +impl fmt::Display for TagNumber { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "{}", self.0) + } +} + +// Implement by hand because the derive would create invalid values. +// Use the constructor to create a valid value. +#[cfg(feature = "arbitrary")] +impl<'a> arbitrary::Arbitrary<'a> for TagNumber { + fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result { + Ok(Self::new(u.int_in_range(0..=Self::MAX)?)) + } + + fn size_hint(depth: usize) -> (usize, Option) { + u8::size_hint(depth) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer.rs new file mode 100644 index 000000000000..164b215f75f4 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer.rs @@ -0,0 +1,29 @@ +//! Writer trait. + +#[cfg(feature = "pem")] +pub(crate) mod pem; +pub(crate) mod slice; + +use crate::Result; + +#[cfg(feature = "std")] +use std::io; + +/// Writer trait which outputs encoded DER. +pub trait Writer { + /// Write the given DER-encoded bytes as output. + fn write(&mut self, slice: &[u8]) -> Result<()>; + + /// Write a single byte. + fn write_byte(&mut self, byte: u8) -> Result<()> { + self.write(&[byte]) + } +} + +#[cfg(feature = "std")] +impl Writer for W { + fn write(&mut self, slice: &[u8]) -> Result<()> { + ::write(self, slice)?; + Ok(()) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer/pem.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer/pem.rs new file mode 100644 index 000000000000..87a6f8fd8e2e --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer/pem.rs @@ -0,0 +1,41 @@ +//! Streaming PEM writer. + +use super::Writer; +use crate::Result; +use pem_rfc7468::{Encoder, LineEnding}; + +/// `Writer` type which outputs PEM-encoded data. +pub struct PemWriter<'w>(Encoder<'static, 'w>); + +impl<'w> PemWriter<'w> { + /// Create a new PEM writer which outputs into the provided buffer. + /// + /// Uses the default 64-character line wrapping. + pub fn new( + type_label: &'static str, + line_ending: LineEnding, + out: &'w mut [u8], + ) -> Result { + Ok(Self(Encoder::new(type_label, line_ending, out)?)) + } + + /// Get the PEM label which will be used in the encapsulation boundaries + /// for this document. + pub fn type_label(&self) -> &'static str { + self.0.type_label() + } + + /// Finish encoding PEM, writing the post-encapsulation boundary. + /// + /// On success, returns the total number of bytes written to the output buffer. + pub fn finish(self) -> Result { + Ok(self.0.finish()?) + } +} + +impl Writer for PemWriter<'_> { + fn write(&mut self, slice: &[u8]) -> Result<()> { + self.0.encode(slice)?; + Ok(()) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer/slice.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer/slice.rs new file mode 100644 index 000000000000..87083ad12dd5 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer/slice.rs @@ -0,0 +1,149 @@ +//! Slice writer. + +use crate::{ + asn1::*, Encode, EncodeValue, ErrorKind, Header, Length, Result, Tag, TagMode, TagNumber, + Tagged, Writer, +}; + +/// [`Writer`] which encodes DER into a mutable output byte slice. +#[derive(Debug)] +pub struct SliceWriter<'a> { + /// Buffer into which DER-encoded message is written + bytes: &'a mut [u8], + + /// Has the encoding operation failed? + failed: bool, + + /// Total number of bytes written to buffer so far + position: Length, +} + +impl<'a> SliceWriter<'a> { + /// Create a new encoder with the given byte slice as a backing buffer. + pub fn new(bytes: &'a mut [u8]) -> Self { + Self { + bytes, + failed: false, + position: Length::ZERO, + } + } + + /// Encode a value which impls the [`Encode`] trait. + pub fn encode(&mut self, encodable: &T) -> Result<()> { + if self.is_failed() { + self.error(ErrorKind::Failed)? + } + + encodable.encode(self).map_err(|e| { + self.failed = true; + e.nested(self.position) + }) + } + + /// Return an error with the given [`ErrorKind`], annotating it with + /// context about where the error occurred. + pub fn error(&mut self, kind: ErrorKind) -> Result { + self.failed = true; + Err(kind.at(self.position)) + } + + /// Did the decoding operation fail due to an error? + pub fn is_failed(&self) -> bool { + self.failed + } + + /// Finish encoding to the buffer, returning a slice containing the data + /// written to the buffer. + pub fn finish(self) -> Result<&'a [u8]> { + let position = self.position; + + if self.is_failed() { + return Err(ErrorKind::Failed.at(position)); + } + + self.bytes + .get(..usize::try_from(position)?) + .ok_or_else(|| ErrorKind::Overlength.at(position)) + } + + /// Encode a `CONTEXT-SPECIFIC` field with the provided tag number and mode. + pub fn context_specific( + &mut self, + tag_number: TagNumber, + tag_mode: TagMode, + value: &T, + ) -> Result<()> + where + T: EncodeValue + Tagged, + { + ContextSpecificRef { + tag_number, + tag_mode, + value, + } + .encode(self) + } + + /// Encode an ASN.1 `SEQUENCE` of the given length. + /// + /// Spawns a nested slice writer which is expected to be exactly the + /// specified length upon completion. + pub fn sequence(&mut self, length: Length, f: F) -> Result<()> + where + F: FnOnce(&mut SliceWriter<'_>) -> Result<()>, + { + Header::new(Tag::Sequence, length).and_then(|header| header.encode(self))?; + + let mut nested_encoder = SliceWriter::new(self.reserve(length)?); + f(&mut nested_encoder)?; + + if nested_encoder.finish()?.len() == usize::try_from(length)? { + Ok(()) + } else { + self.error(ErrorKind::Length { tag: Tag::Sequence }) + } + } + + /// Reserve a portion of the internal buffer, updating the internal cursor + /// position and returning a mutable slice. + fn reserve(&mut self, len: impl TryInto) -> Result<&mut [u8]> { + if self.is_failed() { + return Err(ErrorKind::Failed.at(self.position)); + } + + let len = len + .try_into() + .or_else(|_| self.error(ErrorKind::Overflow))?; + + let end = (self.position + len).or_else(|e| self.error(e.kind()))?; + let slice = self + .bytes + .get_mut(self.position.try_into()?..end.try_into()?) + .ok_or_else(|| ErrorKind::Overlength.at(end))?; + + self.position = end; + Ok(slice) + } +} + +impl<'a> Writer for SliceWriter<'a> { + fn write(&mut self, slice: &[u8]) -> Result<()> { + self.reserve(slice.len())?.copy_from_slice(slice); + Ok(()) + } +} + +#[cfg(test)] +mod tests { + use super::SliceWriter; + use crate::{Encode, ErrorKind, Length}; + + #[test] + fn overlength_message() { + let mut buffer = []; + let mut writer = SliceWriter::new(&mut buffer); + let err = false.encode(&mut writer).err().unwrap(); + assert_eq!(err.kind(), ErrorKind::Overlength); + assert_eq!(err.position(), Some(Length::ONE)); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/datetime.proptest-regressions b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/datetime.proptest-regressions new file mode 100644 index 000000000000..f280ac46a541 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/datetime.proptest-regressions @@ -0,0 +1,8 @@ +# Seeds for failure cases proptest has generated in the past. It is +# automatically read and these particular cases re-run before any +# novel cases are generated. +# +# It is recommended to check this file in to source control so that +# everyone who runs the test benefits from these saved cases. +cc 00dbea7e90761c16aa20e2fbf7ffad420da0c84d4ed4e6df123de03c9b4567e5 # shrinks to year = 1970, month = 1, day = 1, hour = 0, min = 60, sec = 0 +cc 3b0bd01ef4cad6bea0a287f9cdcd56bad186125ec388d204f6afcd193ca12c39 # shrinks to year = 1970, month = 1, day = 1, hour = 0, min = 0, sec = 60 diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/datetime.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/datetime.rs new file mode 100644 index 000000000000..454c1f0e480a --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/datetime.rs @@ -0,0 +1,64 @@ +//! Tests for the [`DateTime`] type. + +use der::{asn1::UtcTime, DateTime, Decode, Encode}; +use proptest::prelude::*; + +proptest! { + #[test] + fn roundtrip_datetime( + year in 1970u16..=9999, + month in 1u8..=12, + day in 1u8..=31, + hour in 0u8..=23, + min in 0u8..=59, + sec in 0u8..=59, + ) { + let datetime1 = make_datetime(year, month, day, hour, min, sec); + let datetime2 = DateTime::from_unix_duration(datetime1.unix_duration()).unwrap(); + prop_assert_eq!(datetime1, datetime2); + } + + #[test] + fn roundtrip_utctime( + year in 1970u16..=2049, + month in 1u8..=12, + day in 1u8..=31, + hour in 0u8..=23, + min in 0u8..=59, + sec in 0u8..=59, + ) { + let datetime = make_datetime(year, month, day, hour, min, sec); + let utc_time1 = UtcTime::try_from(datetime).unwrap(); + + let mut buf = [0u8; 128]; + let mut encoder = der::SliceWriter::new(&mut buf); + utc_time1.encode(&mut encoder).unwrap(); + let der_bytes = encoder.finish().unwrap(); + + let utc_time2 = UtcTime::from_der(der_bytes).unwrap(); + prop_assert_eq!(utc_time1, utc_time2); + } +} + +fn make_datetime(year: u16, month: u8, day: u8, hour: u8, min: u8, sec: u8) -> DateTime { + let max_day = if month == 2 { + let is_leap_year = year % 4 == 0 && (year % 100 != 0 || year % 400 == 0); + + if is_leap_year { + 29 + } else { + 28 + } + } else { + 30 + }; + + let day = if day > max_day { max_day } else { day }; + + DateTime::new(year, month, day, hour, min, sec).unwrap_or_else(|e| { + panic!( + "invalid DateTime: {:02}-{:02}-{:02}T{:02}:{:02}:{:02}: {}", + year, month, day, hour, min, sec, e + ); + }) +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/derive.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/derive.rs new file mode 100644 index 000000000000..a8c77febc296 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/derive.rs @@ -0,0 +1,461 @@ +//! Tests for custom derive support. +//! +//! # Debugging with `cargo expand` +//! +//! To expand the Rust code generated by the proc macro when debugging +//! issues related to these tests, run: +//! +//! $ cargo expand --test derive --all-features + +#![cfg(all(feature = "derive", feature = "alloc"))] + +/// Custom derive test cases for the `Choice` macro. +mod choice { + /// `Choice` with `EXPLICIT` tagging. + mod explicit { + use der::{ + asn1::{GeneralizedTime, UtcTime}, + Choice, Decode, Encode, SliceWriter, + }; + use hex_literal::hex; + use std::time::Duration; + + /// Custom derive test case for the `Choice` macro. + /// + /// Based on `Time` as defined in RFC 5280: + /// + /// + /// ```text + /// Time ::= CHOICE { + /// utcTime UTCTime, + /// generalTime GeneralizedTime } + /// ``` + #[derive(Choice)] + pub enum Time { + #[asn1(type = "UTCTime")] + UtcTime(UtcTime), + + #[asn1(type = "GeneralizedTime")] + GeneralTime(GeneralizedTime), + } + + impl Time { + fn to_unix_duration(self) -> Duration { + match self { + Time::UtcTime(t) => t.to_unix_duration(), + Time::GeneralTime(t) => t.to_unix_duration(), + } + } + } + + const UTC_TIMESTAMP_DER: &[u8] = &hex!("17 0d 39 31 30 35 30 36 32 33 34 35 34 30 5a"); + const GENERAL_TIMESTAMP_DER: &[u8] = + &hex!("18 0f 31 39 39 31 30 35 30 36 32 33 34 35 34 30 5a"); + + #[test] + fn decode() { + let utc_time = Time::from_der(UTC_TIMESTAMP_DER).unwrap(); + assert_eq!(utc_time.to_unix_duration().as_secs(), 673573540); + + let general_time = Time::from_der(GENERAL_TIMESTAMP_DER).unwrap(); + assert_eq!(general_time.to_unix_duration().as_secs(), 673573540); + } + + #[test] + fn encode() { + let mut buf = [0u8; 128]; + + let utc_time = Time::from_der(UTC_TIMESTAMP_DER).unwrap(); + let mut encoder = SliceWriter::new(&mut buf); + utc_time.encode(&mut encoder).unwrap(); + assert_eq!(UTC_TIMESTAMP_DER, encoder.finish().unwrap()); + + let general_time = Time::from_der(GENERAL_TIMESTAMP_DER).unwrap(); + let mut encoder = SliceWriter::new(&mut buf); + general_time.encode(&mut encoder).unwrap(); + assert_eq!(GENERAL_TIMESTAMP_DER, encoder.finish().unwrap()); + } + } + + /// `Choice` with `IMPLICIT` tagging. + mod implicit { + use der::{ + asn1::{BitStringRef, GeneralizedTime}, + Choice, Decode, Encode, SliceWriter, + }; + use hex_literal::hex; + + /// `Choice` macro test case for `IMPLICIT` tagging. + #[derive(Choice, Debug, Eq, PartialEq)] + #[asn1(tag_mode = "IMPLICIT")] + pub enum ImplicitChoice<'a> { + #[asn1(context_specific = "0", type = "BIT STRING")] + BitString(BitStringRef<'a>), + + #[asn1(context_specific = "1", type = "GeneralizedTime")] + Time(GeneralizedTime), + + #[asn1(context_specific = "2", type = "UTF8String")] + Utf8String(String), + } + + impl<'a> ImplicitChoice<'a> { + pub fn bit_string(&self) -> Option> { + match self { + Self::BitString(bs) => Some(*bs), + _ => None, + } + } + + pub fn time(&self) -> Option { + match self { + Self::Time(time) => Some(*time), + _ => None, + } + } + } + + const BITSTRING_DER: &[u8] = &hex!("80 04 00 01 02 03"); + const TIME_DER: &[u8] = &hex!("81 0f 31 39 39 31 30 35 30 36 32 33 34 35 34 30 5a"); + + #[test] + fn decode() { + let cs_bit_string = ImplicitChoice::from_der(BITSTRING_DER).unwrap(); + assert_eq!( + cs_bit_string.bit_string().unwrap().as_bytes().unwrap(), + &[1, 2, 3] + ); + + let cs_time = ImplicitChoice::from_der(TIME_DER).unwrap(); + assert_eq!( + cs_time.time().unwrap().to_unix_duration().as_secs(), + 673573540 + ); + } + + #[test] + fn encode() { + let mut buf = [0u8; 128]; + + let cs_bit_string = ImplicitChoice::from_der(BITSTRING_DER).unwrap(); + let mut encoder = SliceWriter::new(&mut buf); + cs_bit_string.encode(&mut encoder).unwrap(); + assert_eq!(BITSTRING_DER, encoder.finish().unwrap()); + + let cs_time = ImplicitChoice::from_der(TIME_DER).unwrap(); + let mut encoder = SliceWriter::new(&mut buf); + cs_time.encode(&mut encoder).unwrap(); + assert_eq!(TIME_DER, encoder.finish().unwrap()); + } + } +} + +/// Custom derive test cases for the `Enumerated` macro. +mod enumerated { + use der::{Decode, Encode, Enumerated, SliceWriter}; + use hex_literal::hex; + + /// X.509 `CRLReason`. + #[derive(Enumerated, Copy, Clone, Debug, Eq, PartialEq)] + #[repr(u32)] + pub enum CrlReason { + Unspecified = 0, + KeyCompromise = 1, + CaCompromise = 2, + AffiliationChanged = 3, + Superseded = 4, + CessationOfOperation = 5, + CertificateHold = 6, + RemoveFromCrl = 8, + PrivilegeWithdrawn = 9, + AaCompromised = 10, + } + + const UNSPECIFIED_DER: &[u8] = &hex!("0a 01 00"); + const KEY_COMPROMISE_DER: &[u8] = &hex!("0a 01 01"); + + #[test] + fn decode() { + let unspecified = CrlReason::from_der(UNSPECIFIED_DER).unwrap(); + assert_eq!(CrlReason::Unspecified, unspecified); + + let key_compromise = CrlReason::from_der(KEY_COMPROMISE_DER).unwrap(); + assert_eq!(CrlReason::KeyCompromise, key_compromise); + } + + #[test] + fn encode() { + let mut buf = [0u8; 128]; + + let mut encoder = SliceWriter::new(&mut buf); + CrlReason::Unspecified.encode(&mut encoder).unwrap(); + assert_eq!(UNSPECIFIED_DER, encoder.finish().unwrap()); + + let mut encoder = SliceWriter::new(&mut buf); + CrlReason::KeyCompromise.encode(&mut encoder).unwrap(); + assert_eq!(KEY_COMPROMISE_DER, encoder.finish().unwrap()); + } +} + +/// Custom derive test cases for the `Sequence` macro. +#[cfg(feature = "oid")] +mod sequence { + use core::marker::PhantomData; + use der::{ + asn1::{AnyRef, ObjectIdentifier, SetOf}, + Decode, Encode, Sequence, ValueOrd, + }; + use hex_literal::hex; + + pub fn default_false_example() -> bool { + false + } + + // Issuing distribution point extension as defined in [RFC 5280 Section 5.2.5] and as identified by the [`PKIX_PE_SUBJECTINFOACCESS`](constant.PKIX_PE_SUBJECTINFOACCESS.html) OID. + // + // ```text + // IssuingDistributionPoint ::= SEQUENCE { + // distributionPoint [0] DistributionPointName OPTIONAL, + // onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + // onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + // onlySomeReasons [3] ReasonFlags OPTIONAL, + // indirectCRL [4] BOOLEAN DEFAULT FALSE, + // onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } + // -- at most one of onlyContainsUserCerts, onlyContainsCACerts, + // -- and onlyContainsAttributeCerts may be set to TRUE. + // ``` + // + // [RFC 5280 Section 5.2.5]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.2.5 + #[derive(Sequence)] + pub struct IssuingDistributionPointExample { + // Omit distributionPoint and only_some_reasons because corresponding structs are not + // available here and are not germane to the example + // distributionPoint [0] DistributionPointName OPTIONAL, + //#[asn1(context_specific="0", optional="true", tag_mode="IMPLICIT")] + //pub distribution_point: Option>, + /// onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + #[asn1( + context_specific = "1", + default = "default_false_example", + tag_mode = "IMPLICIT" + )] + pub only_contains_user_certs: bool, + + /// onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + #[asn1( + context_specific = "2", + default = "default_false_example", + tag_mode = "IMPLICIT" + )] + pub only_contains_cacerts: bool, + + // onlySomeReasons [3] ReasonFlags OPTIONAL, + //#[asn1(context_specific="3", optional="true", tag_mode="IMPLICIT")] + //pub only_some_reasons: Option>, + /// indirectCRL [4] BOOLEAN DEFAULT FALSE, + #[asn1( + context_specific = "4", + default = "default_false_example", + tag_mode = "IMPLICIT" + )] + pub indirect_crl: bool, + + /// onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE + #[asn1( + context_specific = "5", + default = "default_false_example", + tag_mode = "IMPLICIT" + )] + pub only_contains_attribute_certs: bool, + + /// Test handling of PhantomData. + pub phantom: PhantomData<()>, + } + + // Extension as defined in [RFC 5280 Section 4.1.2.9]. + // + // The ASN.1 definition for Extension objects is below. The extnValue type may be further parsed using a decoder corresponding to the extnID value. + // + // ```text + // Extension ::= SEQUENCE { + // extnID OBJECT IDENTIFIER, + // critical BOOLEAN DEFAULT FALSE, + // extnValue OCTET STRING + // -- contains the DER encoding of an ASN.1 value + // -- corresponding to the extension type identified + // -- by extnID + // } + // ``` + // + // [RFC 5280 Section 4.1.2.9]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.9 + #[derive(Clone, Debug, Eq, PartialEq, Sequence)] + pub struct ExtensionExample<'a> { + /// extnID OBJECT IDENTIFIER, + pub extn_id: ObjectIdentifier, + + /// critical BOOLEAN DEFAULT FALSE, + #[asn1(default = "default_false_example")] + pub critical: bool, + + /// extnValue OCTET STRING + #[asn1(type = "OCTET STRING")] + pub extn_value: &'a [u8], + } + + /// X.509 `AlgorithmIdentifier` + #[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] + pub struct AlgorithmIdentifier<'a> { + pub algorithm: ObjectIdentifier, + pub parameters: Option>, + } + + /// X.509 `SubjectPublicKeyInfo` (SPKI) + #[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] + pub struct SubjectPublicKeyInfo<'a> { + pub algorithm: AlgorithmIdentifier<'a>, + #[asn1(type = "BIT STRING")] + pub subject_public_key: &'a [u8], + } + + /// PKCS#8v2 `OneAsymmetricKey` + #[derive(Sequence)] + pub struct OneAsymmetricKey<'a> { + pub version: u8, + pub private_key_algorithm: AlgorithmIdentifier<'a>, + #[asn1(type = "OCTET STRING")] + pub private_key: &'a [u8], + #[asn1(context_specific = "0", extensible = "true", optional = "true")] + pub attributes: Option, 1>>, + #[asn1( + context_specific = "1", + extensible = "true", + optional = "true", + type = "BIT STRING" + )] + pub public_key: Option<&'a [u8]>, + } + + /// X.509 extension + // TODO(tarcieri): tests for code derived with the `default` attribute + #[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] + pub struct Extension<'a> { + extn_id: ObjectIdentifier, + #[asn1(default = "critical_default")] + critical: bool, + #[asn1(type = "OCTET STRING")] + extn_value: &'a [u8], + } + + /// Default value of the `critical` bit + fn critical_default() -> bool { + false + } + + const ID_EC_PUBLIC_KEY_OID: ObjectIdentifier = + ObjectIdentifier::new_unwrap("1.2.840.10045.2.1"); + + const PRIME256V1_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.10045.3.1.7"); + + const ALGORITHM_IDENTIFIER_DER: &[u8] = + &hex!("30 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07"); + + #[derive(Sequence)] + #[asn1(tag_mode = "IMPLICIT")] + pub struct TypeCheckExpandedSequenceFieldAttributeCombinations<'a> { + pub simple: bool, + #[asn1(type = "BIT STRING")] + pub typed: &'a [u8], + #[asn1(context_specific = "0")] + pub context_specific: bool, + #[asn1(optional = "true")] + pub optional: Option, + #[asn1(default = "default_false_example")] + pub default: bool, + #[asn1(type = "BIT STRING", context_specific = "1")] + pub typed_context_specific: &'a [u8], + #[asn1(context_specific = "2", optional = "true")] + pub context_specific_optional: Option, + #[asn1(context_specific = "3", default = "default_false_example")] + pub context_specific_default: bool, + #[asn1(type = "BIT STRING", context_specific = "4", optional = "true")] + pub typed_context_specific_optional: Option<&'a [u8]>, + } + + #[test] + fn idp_test() { + let idp = IssuingDistributionPointExample::from_der(&hex!("30038101FF")).unwrap(); + assert_eq!(idp.only_contains_user_certs, true); + assert_eq!(idp.only_contains_cacerts, false); + assert_eq!(idp.indirect_crl, false); + assert_eq!(idp.only_contains_attribute_certs, false); + + let idp = IssuingDistributionPointExample::from_der(&hex!("30038201FF")).unwrap(); + assert_eq!(idp.only_contains_user_certs, false); + assert_eq!(idp.only_contains_cacerts, true); + assert_eq!(idp.indirect_crl, false); + assert_eq!(idp.only_contains_attribute_certs, false); + + let idp = IssuingDistributionPointExample::from_der(&hex!("30038401FF")).unwrap(); + assert_eq!(idp.only_contains_user_certs, false); + assert_eq!(idp.only_contains_cacerts, false); + assert_eq!(idp.indirect_crl, true); + assert_eq!(idp.only_contains_attribute_certs, false); + + let idp = IssuingDistributionPointExample::from_der(&hex!("30038501FF")).unwrap(); + assert_eq!(idp.only_contains_user_certs, false); + assert_eq!(idp.only_contains_cacerts, false); + assert_eq!(idp.indirect_crl, false); + assert_eq!(idp.only_contains_attribute_certs, true); + } + + // demonstrates default field that is not context specific + #[test] + fn extension_test() { + let ext1 = ExtensionExample::from_der(&hex!( + "300F" // 0 15: SEQUENCE { + "0603551D13" // 2 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) + "0101FF" // 7 1: BOOLEAN TRUE + "0405" // 10 5: OCTET STRING, encapsulates { + "3003" // 12 3: SEQUENCE { + "0101FF" // 14 1: BOOLEAN TRUE + )) + .unwrap(); + assert_eq!(ext1.critical, true); + + let ext2 = ExtensionExample::from_der(&hex!( + "301F" // 0 31: SEQUENCE { + "0603551D23" // 2 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) + "0418" // 7 24: OCTET STRING, encapsulates { + "3016" // 9 22: SEQUENCE { + "8014E47D5FD15C9586082C05AEBE75B665A7D95DA866" // 11 20: [0] E4 7D 5F D1 5C 95 86 08 2C 05 AE BE 75 B6 65 A7 D9 5D A8 66 + )) + .unwrap(); + assert_eq!(ext2.critical, false); + } + + #[test] + fn decode() { + let algorithm_identifier = AlgorithmIdentifier::from_der(ALGORITHM_IDENTIFIER_DER).unwrap(); + + assert_eq!(ID_EC_PUBLIC_KEY_OID, algorithm_identifier.algorithm); + assert_eq!( + PRIME256V1_OID, + ObjectIdentifier::try_from(algorithm_identifier.parameters.unwrap()).unwrap() + ); + } + + #[test] + fn encode() { + let parameters_oid = PRIME256V1_OID; + + let algorithm_identifier = AlgorithmIdentifier { + algorithm: ID_EC_PUBLIC_KEY_OID, + parameters: Some(AnyRef::from(¶meters_oid)), + }; + + assert_eq!( + ALGORITHM_IDENTIFIER_DER, + algorithm_identifier.to_der().unwrap() + ); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/examples/spki.der b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/examples/spki.der new file mode 100644 index 000000000000..1b602ee1f275 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/examples/spki.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/examples/spki.pem b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/examples/spki.pem new file mode 100644 index 000000000000..6891701f7888 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/examples/spki.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEATSkWfz8ZEqb3rfopOgUaFcBexnuPFyZ7HFVQ3OhTvQ0= +-----END PUBLIC KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/pem.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/pem.rs new file mode 100644 index 000000000000..d2c8654638ef --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/pem.rs @@ -0,0 +1,67 @@ +//! PEM decoding and encoding tests. + +#![cfg(all(feature = "derive", feature = "oid", feature = "pem"))] + +use der::{ + asn1::{BitString, ObjectIdentifier}, + pem::{LineEnding, PemLabel}, + Decode, DecodePem, EncodePem, Sequence, +}; + +/// Example SPKI document encoded as DER. +const SPKI_DER: &[u8] = include_bytes!("examples/spki.der"); + +/// Example SPKI document encoded as PEM. +const SPKI_PEM: &str = include_str!("examples/spki.pem"); + +/// X.509 `AlgorithmIdentifier` +#[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence)] +pub struct AlgorithmIdentifier { + pub algorithm: ObjectIdentifier, + // pub parameters: ... (not used in spki.pem) +} + +/// X.509 `SubjectPublicKeyInfo` (SPKI) in borrowed form +#[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence)] +pub struct SpkiBorrowed<'a> { + pub algorithm: AlgorithmIdentifier, + #[asn1(type = "BIT STRING")] + pub subject_public_key: &'a [u8], +} + +impl PemLabel for SpkiBorrowed<'_> { + const PEM_LABEL: &'static str = "PUBLIC KEY"; +} + +/// X.509 `SubjectPublicKeyInfo` (SPKI) in owned form +#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +pub struct SpkiOwned { + pub algorithm: AlgorithmIdentifier, + pub subject_public_key: BitString, +} + +impl PemLabel for SpkiOwned { + const PEM_LABEL: &'static str = "PUBLIC KEY"; +} + +#[test] +fn from_pem() { + // Decode PEM to owned form. + let pem_spki = SpkiOwned::from_pem(SPKI_PEM).unwrap(); + + // Decode DER to borrowed form. + let der_spki = SpkiBorrowed::from_der(SPKI_DER).unwrap(); + + assert_eq!(pem_spki.algorithm, der_spki.algorithm); + assert_eq!( + pem_spki.subject_public_key.raw_bytes(), + der_spki.subject_public_key + ); +} + +#[test] +fn to_pem() { + let spki = SpkiBorrowed::from_der(SPKI_DER).unwrap(); + let pem = spki.to_pem(LineEnding::LF).unwrap(); + assert_eq!(&pem, SPKI_PEM); +} diff --git a/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/set_of.rs b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/set_of.rs new file mode 100644 index 000000000000..d5839919886f --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/der-0.7.9/tests/set_of.rs @@ -0,0 +1,65 @@ +//! `SetOf` tests. + +#![cfg(feature = "alloc")] + +use der::{asn1::SetOfVec, DerOrd}; +use proptest::{prelude::*, string::*}; +use std::collections::BTreeSet; + +proptest! { + #[test] + fn sort_equiv(bytes in bytes_regex(".{0,64}").unwrap()) { + let mut uniq = BTreeSet::new(); + + // Ensure there are no duplicates + if bytes.iter().copied().all(move |x| uniq.insert(x)) { + let mut expected = bytes.clone(); + expected.sort_by(|a, b| a.der_cmp(b).unwrap()); + + let set = SetOfVec::try_from(bytes).unwrap(); + prop_assert_eq!(expected.as_slice(), set.as_slice()); + } + } +} + +/// Set ordering tests. +#[cfg(all(feature = "derive", feature = "oid"))] +mod ordering { + use der::{ + asn1::{AnyRef, ObjectIdentifier, SetOf, SetOfVec}, + Decode, Sequence, ValueOrd, + }; + use hex_literal::hex; + + /// X.501 `AttributeTypeAndValue` + #[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] + pub struct AttributeTypeAndValue<'a> { + pub oid: ObjectIdentifier, + pub value: AnyRef<'a>, + } + + const OUT_OF_ORDER_RDN_EXAMPLE: &[u8] = + &hex!("311F301106035504030C0A4A4F484E20534D495448300A060355040A0C03313233"); + + /// For compatibility reasons, we allow non-canonical DER with out-of-order + /// sets in order to match the behavior of other implementations. + #[test] + fn allow_out_of_order_setof() { + assert!(SetOf::, 2>::from_der(OUT_OF_ORDER_RDN_EXAMPLE).is_ok()); + } + + /// Same as above, with `SetOfVec` instead of `SetOf`. + #[test] + fn allow_out_of_order_setofvec() { + assert!(SetOfVec::>::from_der(OUT_OF_ORDER_RDN_EXAMPLE).is_ok()); + } + + /// Test to ensure ordering is handled correctly. + #[test] + fn ordering_regression() { + let der_bytes = hex!("3139301906035504030C12546573742055736572393031353734333830301C060A0992268993F22C640101130E3437303031303030303134373333"); + let set = SetOf::, 3>::from_der(&der_bytes).unwrap(); + let attr1 = set.get(0).unwrap(); + assert_eq!(ObjectIdentifier::new("2.5.4.3").unwrap(), attr1.oid); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/.cargo_vcs_info.json deleted file mode 100644 index 44835d6cbdce..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/.cargo_vcs_info.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "git": { - "sha1": "35ee637ade5672c7c521cc56c839ca5264244c2c" - }, - "path_in_vcs": "ed25519" -} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/.cargo_vcs_info.json new file mode 100644 index 000000000000..6d167d077d47 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "07b095c32a3527ee47da5c4878bf203557b36e5e" + }, + "path_in_vcs": "ed25519" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/CHANGELOG.md similarity index 65% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/CHANGELOG.md rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/CHANGELOG.md index f2206105de9a..90d35b96bfa0 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/CHANGELOG.md +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/CHANGELOG.md @@ -4,31 +4,101 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 2.2.3 (2023-10-15) +### Changed +- Bump `ring-compat` from 0.7 to 0.8 ([#744]) +- Enable `pkcs8/std` feature when `std` feature is enabled ([#746]) +- Hex-format `Signature` components in `Debug` impl ([#747]) + +[#744]: https://github.com/RustCrypto/signatures/pull/744 +[#746]: https://github.com/RustCrypto/signatures/pull/746 +[#747]: https://github.com/RustCrypto/signatures/pull/747 + +## 2.2.2 (2023-08-13) +### Changed +- Bump `ed25519-dalek` to v2 ([#738]) + +[#738]: https://github.com/RustCrypto/signatures/pull/738 + +## 2.2.1 (2023-04-03) +### Changed +- Bump `ring-compat` dev-dependency to v0.7 ([#692]) +- Bump `ed25519-dalek` to v2.0.0-rc.2 ([#693]) + +[#692]: https://github.com/RustCrypto/signatures/pull/692 +[#693]: https://github.com/RustCrypto/signatures/pull/693 + +## 2.2.0 (2023-03-01) +### Changed +- Bump `pkcs8` dependency to v0.10 ([#665]) + +[#665]: https://github.com/RustCrypto/signatures/pull/665 + +## 2.1.0 (2023-01-21) +### Changed +- Use namespaced features for `serde_bytes`; MSRV 1.60 ([#628]) + +[#628]: https://github.com/RustCrypto/signatures/pull/628 + +## 2.0.1 (2023-01-21) +### Changed +- Make `Signature` parsing infallible ([#623]) + +[#623]: https://github.com/RustCrypto/signatures/pull/623 + +## 2.0.0 (2023-01-15) [YANKED] +### Added +- `pkcs8` re-exports ([#589], [#590], [#591], [#592]) +- `Signature::from_components` method ([#600]) +- Impl `TryFrom` for `Signature` ([#601]) + +### Changed +- Use `PublicKeyBytes` as `KeypairBytes::public_key` ([#570]) +- `Signature::from_bytes` takes `SignatureBytes` as an argument ([#593]) +- Store `R` and `s` components separately ([#595]) +- Bump `signature` crate dependency to v2.0 ([#614]) + +### Removed +- Deprecated `From<[u8; 64]>` conversion for signature ([#564]) +- `AsRef<[u8]>` impl on `signature` ([#595]) + +[#564]: https://github.com/RustCrypto/signatures/pull/564 +[#570]: https://github.com/RustCrypto/signatures/pull/570 +[#589]: https://github.com/RustCrypto/signatures/pull/589 +[#590]: https://github.com/RustCrypto/signatures/pull/590 +[#591]: https://github.com/RustCrypto/signatures/pull/591 +[#592]: https://github.com/RustCrypto/signatures/pull/592 +[#593]: https://github.com/RustCrypto/signatures/pull/593 +[#595]: https://github.com/RustCrypto/signatures/pull/595 +[#600]: https://github.com/RustCrypto/signatures/pull/600 +[#601]: https://github.com/RustCrypto/signatures/pull/601 +[#614]: https://github.com/RustCrypto/signatures/pull/614 + ## 1.5.3 (2023-01-15) ### Changed - Fix `signature` version requirement which accidentally matched v2 or above ([#616]) [#616]: https://github.com/RustCrypto/signatures/pull/616 -## 1.5.2 (2022-05-16) +## 1.5.2 (2022-05-16) [YANKED] ### Fixed - Overflow handling in `serde` deserializers ([#482]) [#482]: https://github.com/RustCrypto/signatures/pull/482 -## 1.5.1 (2022-05-15) +## 1.5.1 (2022-05-15) [YANKED] ### Fixed - Use `TryInto` in `serde` deserializers ([#479]) [#479]: https://github.com/RustCrypto/signatures/pull/479 -## 1.5.0 (2022-05-09) +## 1.5.0 (2022-05-09) [YANKED] ### Changed - Bump `pkcs8` dependency to v0.9 ([#473]) [#473]: https://github.com/RustCrypto/signatures/pull/473 -## 1.4.1 (2022-03-18) +## 1.4.1 (2022-03-18) [YANKED] ### Added - License files ([#447]) - `pkcs8::PublicKeyBytes` type ([#455]) @@ -63,7 +133,7 @@ be accompanied by a minor version bump. [#412]: https://github.com/RustCrypto/signatures/pull/412 [#428]: https://github.com/RustCrypto/signatures/pull/428 -## 1.3.0 (2021-11-18) +## 1.3.0 (2021-11-18) [YANKED] ### Added - `Signature::BYTE_SIZE` constant ([#380]) - PKCS#8 support via `KeypairBytes` type ([#381]) diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/Cargo.toml similarity index 80% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/Cargo.toml rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/Cargo.toml index 921360b89f56..04dc4434aded 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/Cargo.toml +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/Cargo.toml @@ -11,9 +11,9 @@ [package] edition = "2021" -rust-version = "1.56" +rust-version = "1.60" name = "ed25519" -version = "1.5.3" +version = "2.2.3" authors = ["RustCrypto Developers"] description = """ Edwards Digital Signature Algorithm (EdDSA) over Curve25519 (as specified in RFC 8032) @@ -44,7 +44,7 @@ rustdoc-args = [ ] [dependencies.pkcs8] -version = "0.9" +version = "0.10" optional = true [dependencies.serde] @@ -52,13 +52,12 @@ version = "1" optional = true default-features = false -[dependencies.serde_bytes_crate] +[dependencies.serde_bytes] version = "0.11" optional = true -package = "serde_bytes" [dependencies.signature] -version = "1.3.1" +version = "2" default-features = false [dependencies.zeroize] @@ -70,22 +69,33 @@ default-features = false version = "1" [dev-dependencies.ed25519-dalek] -version = "1" +version = "2" +features = ["rand_core"] [dev-dependencies.hex-literal] -version = "0.3" +version = "0.4" [dev-dependencies.rand_core] -version = "0.5" +version = "0.6" features = ["std"] +[dev-dependencies.ring-compat] +version = "0.8" +features = ["signature"] +default-features = false + [features] -alloc = ["pkcs8/alloc"] +alloc = ["pkcs8?/alloc"] default = ["std"] -pem = ["pkcs8/pem"] +pem = [ + "alloc", + "pkcs8/pem", +] serde_bytes = [ "serde", - "serde_bytes_crate", - "std", + "dep:serde_bytes", +] +std = [ + "pkcs8?/std", + "signature/std", ] -std = ["signature/std"] diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/Cargo.toml.orig similarity index 62% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/Cargo.toml.orig rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/Cargo.toml.orig index 0009c885e88c..5595649025ff 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/Cargo.toml.orig +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/Cargo.toml.orig @@ -1,6 +1,6 @@ [package] name = "ed25519" -version = "1.5.3" +version = "2.2.3" authors = ["RustCrypto Developers"] license = "Apache-2.0 OR MIT" description = """ @@ -14,30 +14,30 @@ readme = "README.md" categories = ["cryptography", "no-std"] keywords = ["crypto", "curve25519", "ecc", "signature", "signing"] edition = "2021" -rust-version = "1.56" +rust-version = "1.60" [dependencies] -signature = { version = "1.3.1", default-features = false } +signature = { version = "2", default-features = false } # optional dependencies -pkcs8 = { version = "0.9", optional = true } +pkcs8 = { version = "0.10", optional = true } serde = { version = "1", optional = true, default-features = false } -serde_bytes_crate = { package = "serde_bytes", version = "0.11", optional = true } +serde_bytes = { version = "0.11", optional = true } zeroize = { version = "1", optional = true, default-features = false } [dev-dependencies] bincode = "1" -ed25519-dalek = "1" -hex-literal = "0.3" -#ring-compat = "0.4" # TODO(tarcieri): re-enable after bumping deps in `ring-compat` -rand_core = { version = "0.5", features = ["std"] } +ed25519-dalek = { version = "2", features = ["rand_core"] } +hex-literal = "0.4" +ring-compat = { version = "0.8", default-features = false, features = ["signature"] } +rand_core = { version = "0.6", features = ["std"] } [features] default = ["std"] -alloc = ["pkcs8/alloc"] -pem = ["pkcs8/pem"] -serde_bytes = ["serde", "serde_bytes_crate", "std"] -std = ["signature/std"] +alloc = ["pkcs8?/alloc"] +pem = ["alloc", "pkcs8/pem"] +serde_bytes = ["serde", "dep:serde_bytes"] +std = ["pkcs8?/std", "signature/std"] [package.metadata.docs.rs] all-features = true diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/LICENSE-APACHE b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/LICENSE-APACHE similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/LICENSE-APACHE rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/LICENSE-APACHE diff --git a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/LICENSE-MIT b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/LICENSE-MIT similarity index 95% rename from third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/LICENSE-MIT rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/LICENSE-MIT index 8dcb85b30273..d8d87fe2997c 100644 --- a/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/LICENSE-MIT +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/LICENSE-MIT @@ -1,4 +1,4 @@ -Copyright (c) 2017 Artyom Pavlov +Copyright (c) 2018-2023 RustCrypto Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/README.md b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/README.md similarity index 80% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/README.md rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/README.md index 5606c7778b2c..de24ae2367f9 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/README.md +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/README.md @@ -26,26 +26,18 @@ Ed25519 implementations, including HSMs or Cloud KMS services. ## Minimum Supported Rust Version -This crate requires **Rust 1.57** at a minimum. +This crate requires **Rust 1.60** at a minimum. -Previous 1.x releases of this crate supported an MSRV of 1.47. If you would -like to use this crate with earlier releases of Rust, add the following version -constraint in your project's Cargo.toml to constrain it to the supported -version range: - -```toml -[dependencies] -ed25519 = ">=1, <1.4" # ed25519 1.4 requires MSRV 1.57 -``` - -Note that is our policy that we may change the MSRV in the future, but it will -be accompanied by a minor version bump. +Our policy is to allow MSRV to be raised in future released without that +qualifing as a SemVer-breaking change, but it will be accompanied by a minor +version bump, ensuring if you lock to a minor version MSRV will be preserved +for the default feature set. ## SemVer Policy - All on-by-default features of this library are covered by SemVer - MSRV is considered exempt from SemVer as noted above -- The `pkcs8` module is exempted as it uses a pre-1.0 dependency, however, +- The `pkcs8` module is exempted as it uses a pre-1.0 dependency, however, breaking changes to this module will be accompanied by a minor version bump. ## License @@ -72,7 +64,7 @@ dual licensed as above, without any additional terms or conditions. [build-image]: https://github.com/RustCrypto/signatures/actions/workflows/ed25519.yml/badge.svg [build-link]: https://github.com/RustCrypto/signatures/actions/workflows/ed25519.yml [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.57+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260048-signatures @@ -82,7 +74,7 @@ dual licensed as above, without any additional terms or conditions. [//]: # (footnotes) -[1]: https://en.wikipedia.org/wiki/EdDSA +[1]: https://en.wikipedia.org/wiki/EdDSA#Ed25519 [2]: https://tools.ietf.org/html/rfc8032 [3]: https://docs.rs/ed25519/latest/ed25519/struct.Signature.html [4]: https://docs.rs/signature/latest/signature/trait.Signer.html diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/hex.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/hex.rs new file mode 100644 index 000000000000..4052286c098d --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/hex.rs @@ -0,0 +1,87 @@ +//! Hexadecimal encoding support +// TODO(tarcieri): use `base16ct`? + +use crate::{ComponentBytes, Error, Signature}; +use core::{fmt, str}; + +/// Format a signature component as hex. +pub(crate) struct ComponentFormatter<'a>(pub(crate) &'a ComponentBytes); + +impl fmt::Debug for ComponentFormatter<'_> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "0x")?; + + for byte in self.0 { + write!(f, "{:02x}", byte)?; + } + + Ok(()) + } +} + +impl fmt::LowerHex for Signature { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + for component in [&self.R, &self.s] { + for byte in component { + write!(f, "{:02x}", byte)?; + } + } + Ok(()) + } +} + +impl fmt::UpperHex for Signature { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + for component in [&self.R, &self.s] { + for byte in component { + write!(f, "{:02X}", byte)?; + } + } + Ok(()) + } +} + +/// Decode a signature from hexadecimal. +/// +/// Upper and lower case hexadecimal are both accepted, however mixed case is +/// rejected. +// TODO(tarcieri): use `base16ct`? +impl str::FromStr for Signature { + type Err = Error; + + fn from_str(hex: &str) -> signature::Result { + if hex.as_bytes().len() != Signature::BYTE_SIZE * 2 { + return Err(Error::new()); + } + + let mut upper_case = None; + + // Ensure all characters are valid and case is not mixed + for &byte in hex.as_bytes() { + match byte { + b'0'..=b'9' => (), + b'a'..=b'z' => match upper_case { + Some(true) => return Err(Error::new()), + Some(false) => (), + None => upper_case = Some(false), + }, + b'A'..=b'Z' => match upper_case { + Some(true) => (), + Some(false) => return Err(Error::new()), + None => upper_case = Some(true), + }, + _ => return Err(Error::new()), + } + } + + let mut result = [0u8; Self::BYTE_SIZE]; + for (digit, byte) in hex.as_bytes().chunks_exact(2).zip(result.iter_mut()) { + *byte = str::from_utf8(digit) + .ok() + .and_then(|s| u8::from_str_radix(s, 16).ok()) + .ok_or_else(Error::new)?; + } + + Self::try_from(&result[..]) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/lib.rs similarity index 62% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/lib.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/lib.rs index 865ad063fc9d..2e8cb45b408e 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/lib.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/lib.rs @@ -1,7 +1,8 @@ #![no_std] -#![cfg_attr(docsrs, feature(doc_cfg))] +#![cfg_attr(docsrs, feature(doc_auto_cfg))] #![doc = include_str!("../README.md")] #![doc(html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo_small.png")] +#![allow(non_snake_case)] #![forbid(unsafe_code)] #![warn( clippy::unwrap_used, @@ -47,7 +48,7 @@ //! } //! //! pub struct HelloVerifier { -//! pub verify_key: V +//! pub verifying_key: V //! } //! //! impl HelloVerifier @@ -59,7 +60,7 @@ //! person: &str, //! signature: &ed25519::Signature //! ) -> Result<(), ed25519::Error> { -//! self.verify_key.verify(format_message(person).as_bytes(), signature) +//! self.verifying_key.verify(format_message(person).as_bytes(), signature) //! } //! } //! @@ -78,6 +79,9 @@ //! instantiate and use the previously defined `HelloSigner` and `HelloVerifier` //! types with [`ed25519-dalek`] as the signing/verification provider: //! +//! *NOTE: requires [`ed25519-dalek`] v2 or newer for compatibility with +//! `ed25519` v2.2+*. +//! //! ``` //! use ed25519_dalek::{Signer, Verifier, Signature}; //! # @@ -101,7 +105,7 @@ //! # } //! # //! # pub struct HelloVerifier { -//! # pub verify_key: V +//! # pub verifying_key: V //! # } //! # //! # impl HelloVerifier @@ -113,7 +117,7 @@ //! # person: &str, //! # signature: &Signature //! # ) -> Result<(), ed25519::Error> { -//! # self.verify_key.verify(format_message(person).as_bytes(), signature) +//! # self.verifying_key.verify(format_message(person).as_bytes(), signature) //! # } //! # } //! # @@ -124,19 +128,19 @@ //! //! /// `HelloSigner` defined above instantiated with `ed25519-dalek` as //! /// the signing provider. -//! pub type DalekHelloSigner = HelloSigner; +//! pub type DalekHelloSigner = HelloSigner; //! -//! let signing_key = ed25519_dalek::Keypair::generate(&mut OsRng); +//! let signing_key = ed25519_dalek::SigningKey::generate(&mut OsRng); //! let signer = DalekHelloSigner { signing_key }; //! let person = "Joe"; // Message to sign //! let signature = signer.sign(person); //! //! /// `HelloVerifier` defined above instantiated with `ed25519-dalek` //! /// as the signature verification provider. -//! pub type DalekHelloVerifier = HelloVerifier; +//! pub type DalekHelloVerifier = HelloVerifier; //! -//! let verify_key: ed25519_dalek::PublicKey = signer.signing_key.public; -//! let verifier = DalekHelloVerifier { verify_key }; +//! let verifying_key: ed25519_dalek::VerifyingKey = signer.signing_key.verifying_key(); +//! let verifier = DalekHelloVerifier { verifying_key }; //! assert!(verifier.verify(person, &signature).is_ok()); //! ``` //! @@ -150,7 +154,7 @@ //! instantiate and use the previously defined `HelloSigner` and `HelloVerifier` //! types with [`ring-compat`] as the signing/verification provider: //! -//! ```ignore +//! ``` //! use ring_compat::signature::{ //! ed25519::{Signature, SigningKey, VerifyingKey}, //! Signer, Verifier @@ -176,7 +180,7 @@ //! # } //! # //! # pub struct HelloVerifier { -//! # pub verify_key: V +//! # pub verifying_key: V //! # } //! # //! # impl HelloVerifier @@ -188,7 +192,7 @@ //! # person: &str, //! # signature: &Signature //! # ) -> Result<(), ed25519::Error> { -//! # self.verify_key.verify(format_message(person).as_bytes(), signature) +//! # self.verifying_key.verify(format_message(person).as_bytes(), signature) //! # } //! # } //! # @@ -204,8 +208,8 @@ //! let mut ed25519_seed = [0u8; 32]; //! OsRng.fill_bytes(&mut ed25519_seed); //! -//! let signing_key = SigningKey::from_seed(&ed25519_seed).unwrap(); -//! let verify_key = signing_key.verify_key(); +//! let signing_key = SigningKey::from_bytes(&ed25519_seed); +//! let verifying_key = signing_key.verifying_key(); //! //! let signer = RingHelloSigner { signing_key }; //! let person = "Joe"; // Message to sign @@ -215,7 +219,7 @@ //! /// as the signature verification provider. //! pub type RingHelloVerifier = HelloVerifier; //! -//! let verifier = RingHelloVerifier { verify_key }; +//! let verifier = RingHelloVerifier { verifying_key }; //! assert!(verifier.verify(person, &signature).is_ok()); //! ``` //! @@ -258,114 +262,136 @@ #[cfg(feature = "alloc")] extern crate alloc; +mod hex; + #[cfg(feature = "pkcs8")] -#[cfg_attr(docsrs, doc(cfg(feature = "pkcs8")))] pub mod pkcs8; #[cfg(feature = "serde")] mod serde; -pub use signature::{self, Error}; +pub use signature::{self, Error, SignatureEncoding}; #[cfg(feature = "pkcs8")] -pub use crate::pkcs8::KeypairBytes; +pub use crate::pkcs8::{KeypairBytes, PublicKeyBytes}; -use core::{fmt, str}; +use core::fmt; #[cfg(feature = "alloc")] use alloc::vec::Vec; -/// Length of an Ed25519 signature in bytes. -#[deprecated(since = "1.3.0", note = "use ed25519::Signature::BYTE_SIZE instead")] -pub const SIGNATURE_LENGTH: usize = Signature::BYTE_SIZE; +/// Size of a single component of an Ed25519 signature. +const COMPONENT_SIZE: usize = 32; + +/// Size of an `R` or `s` component of an Ed25519 signature when serialized +/// as bytes. +pub type ComponentBytes = [u8; COMPONENT_SIZE]; + +/// Ed25519 signature serialized as a byte array. +pub type SignatureBytes = [u8; Signature::BYTE_SIZE]; /// Ed25519 signature. +/// +/// This type represents a container for the byte serialization of an Ed25519 +/// signature, and does not necessarily represent well-formed field or curve +/// elements. +/// +/// Signature verification libraries are expected to reject invalid field +/// elements at the time a signature is verified. #[derive(Copy, Clone, Eq, PartialEq)] -pub struct Signature([u8; Signature::BYTE_SIZE]); +#[repr(C)] +pub struct Signature { + R: ComponentBytes, + s: ComponentBytes, +} impl Signature { /// Size of an encoded Ed25519 signature in bytes. - pub const BYTE_SIZE: usize = 64; + pub const BYTE_SIZE: usize = COMPONENT_SIZE * 2; + + /// Parse an Ed25519 signature from a byte slice. + pub fn from_bytes(bytes: &SignatureBytes) -> Self { + let mut R = ComponentBytes::default(); + let mut s = ComponentBytes::default(); + + let components = bytes.split_at(COMPONENT_SIZE); + R.copy_from_slice(components.0); + s.copy_from_slice(components.1); + + Self { R, s } + } + + /// Parse an Ed25519 signature from its `R` and `s` components. + pub fn from_components(R: ComponentBytes, s: ComponentBytes) -> Self { + Self { R, s } + } /// Parse an Ed25519 signature from a byte slice. - pub fn from_bytes(bytes: &[u8]) -> signature::Result { - let result = bytes.try_into().map(Self).map_err(|_| Error::new())?; - - // Perform a partial reduction check on the signature's `s` scalar. - // When properly reduced, at least the three highest bits of the scalar - // will be unset so as to fit within the order of ~2^(252.5). - // - // This doesn't ensure that `s` is fully reduced (which would require a - // full reduction check in the event that the 4th most significant bit - // is set), however it will catch a number of invalid signatures - // relatively inexpensively. - if result.0[Signature::BYTE_SIZE - 1] & 0b1110_0000 != 0 { - return Err(Error::new()); - } - - Ok(result) + /// + /// # Returns + /// - `Ok` on success + /// - `Err` if the input byte slice is not 64-bytes + pub fn from_slice(bytes: &[u8]) -> signature::Result { + SignatureBytes::try_from(bytes) + .map(Into::into) + .map_err(|_| Error::new()) + } + + /// Bytes for the `R` component of a signature. + pub fn r_bytes(&self) -> &ComponentBytes { + &self.R + } + + /// Bytes for the `s` component of a signature. + pub fn s_bytes(&self) -> &ComponentBytes { + &self.s } /// Return the inner byte array. - pub fn to_bytes(self) -> [u8; Self::BYTE_SIZE] { - self.0 + pub fn to_bytes(&self) -> SignatureBytes { + let mut ret = [0u8; Self::BYTE_SIZE]; + let (R, s) = ret.split_at_mut(COMPONENT_SIZE); + R.copy_from_slice(&self.R); + s.copy_from_slice(&self.s); + ret } /// Convert this signature into a byte vector. #[cfg(feature = "alloc")] - #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] pub fn to_vec(&self) -> Vec { - self.0.to_vec() - } - - /// DEPRECATED: Create a new signature from a byte array. - /// - /// # Panics - /// - /// This method will panic if an invalid signature is encountered. - /// - /// Use [`Signature::from_bytes`] or [`Signature::try_from`] instead for - /// a fallible conversion. - #[deprecated(since = "1.3.0", note = "use ed25519::Signature::from_bytes instead")] - pub fn new(bytes: [u8; Self::BYTE_SIZE]) -> Self { - Self::from_bytes(&bytes[..]).expect("invalid signature") + self.to_bytes().to_vec() } } -impl signature::Signature for Signature { - fn from_bytes(bytes: &[u8]) -> signature::Result { - Self::from_bytes(bytes) +impl SignatureEncoding for Signature { + type Repr = SignatureBytes; + + fn to_bytes(&self) -> SignatureBytes { + self.to_bytes() } } -impl AsRef<[u8]> for Signature { - fn as_ref(&self) -> &[u8] { - self.0.as_ref() +impl From for SignatureBytes { + fn from(sig: Signature) -> SignatureBytes { + sig.to_bytes() } } -impl From for [u8; Signature::BYTE_SIZE] { - fn from(sig: Signature) -> [u8; Signature::BYTE_SIZE] { - sig.0 +impl From<&Signature> for SignatureBytes { + fn from(sig: &Signature) -> SignatureBytes { + sig.to_bytes() } } -impl From<&Signature> for [u8; Signature::BYTE_SIZE] { - fn from(sig: &Signature) -> [u8; Signature::BYTE_SIZE] { - sig.0 +impl From for Signature { + fn from(bytes: SignatureBytes) -> Self { + Signature::from_bytes(&bytes) } } -/// DEPRECATED: use `TryFrom<&[u8]>` instead. -/// -/// # Warning -/// -/// This conversion will panic if a signature is invalid. -// TODO(tarcieri): remove this in the next breaking release -impl From<[u8; Signature::BYTE_SIZE]> for Signature { - fn from(bytes: [u8; Signature::BYTE_SIZE]) -> Signature { - #[allow(deprecated)] - Signature::new(bytes) +impl From<&SignatureBytes> for Signature { + fn from(bytes: &SignatureBytes) -> Self { + Signature::from_bytes(bytes) } } @@ -373,13 +399,16 @@ impl TryFrom<&[u8]> for Signature { type Error = Error; fn try_from(bytes: &[u8]) -> signature::Result { - Self::from_bytes(bytes) + Self::from_slice(bytes) } } impl fmt::Debug for Signature { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - write!(f, "ed25519::Signature({})", self) + f.debug_struct("ed25519::Signature") + .field("R", &hex::ComponentFormatter(self.r_bytes())) + .field("s", &hex::ComponentFormatter(self.s_bytes())) + .finish() } } @@ -388,66 +417,3 @@ impl fmt::Display for Signature { write!(f, "{:X}", self) } } - -impl fmt::LowerHex for Signature { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - for byte in &self.0 { - write!(f, "{:02x}", byte)?; - } - Ok(()) - } -} - -impl fmt::UpperHex for Signature { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - for byte in &self.0 { - write!(f, "{:02X}", byte)?; - } - Ok(()) - } -} - -/// Decode a signature from hexadecimal. -/// -/// Upper and lower case hexadecimal are both accepted, however mixed case is -/// rejected. -// TODO(tarcieri): use `base16ct`? -impl str::FromStr for Signature { - type Err = Error; - - fn from_str(hex: &str) -> signature::Result { - if hex.as_bytes().len() != Signature::BYTE_SIZE * 2 { - return Err(Error::new()); - } - - let mut upper_case = None; - - // Ensure all characters are valid and case is not mixed - for &byte in hex.as_bytes() { - match byte { - b'0'..=b'9' => (), - b'a'..=b'z' => match upper_case { - Some(true) => return Err(Error::new()), - Some(false) => (), - None => upper_case = Some(false), - }, - b'A'..=b'Z' => match upper_case { - Some(true) => (), - Some(false) => return Err(Error::new()), - None => upper_case = Some(true), - }, - _ => return Err(Error::new()), - } - } - - let mut result = [0u8; Self::BYTE_SIZE]; - for (digit, byte) in hex.as_bytes().chunks_exact(2).zip(result.iter_mut()) { - *byte = str::from_utf8(digit) - .ok() - .and_then(|s| u8::from_str_radix(s, 16).ok()) - .ok_or_else(Error::new)?; - } - - Self::try_from(&result[..]) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/pkcs8.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/pkcs8.rs similarity index 75% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/pkcs8.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/pkcs8.rs index ebe9b42d43ec..92039aec97bb 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/pkcs8.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/pkcs8.rs @@ -14,16 +14,17 @@ //! Please lock to a specific minor version of the `ed25519` crate to avoid //! breaking changes when using this module. -pub use pkcs8::{DecodePrivateKey, DecodePublicKey}; +pub use pkcs8::{ + spki, DecodePrivateKey, DecodePublicKey, Error, ObjectIdentifier, PrivateKeyInfo, Result, +}; #[cfg(feature = "alloc")] pub use pkcs8::{spki::EncodePublicKey, EncodePrivateKey}; -use core::fmt; -use pkcs8::ObjectIdentifier; - #[cfg(feature = "alloc")] -use pkcs8::der::{Document, SecretDocument}; +pub use pkcs8::der::{asn1::BitStringRef, Document, SecretDocument}; + +use core::fmt; #[cfg(feature = "pem")] use { @@ -41,7 +42,7 @@ use zeroize::Zeroize; pub const ALGORITHM_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.101.112"); /// Ed25519 Algorithm Identifier. -pub const ALGORITHM_ID: pkcs8::AlgorithmIdentifier<'static> = pkcs8::AlgorithmIdentifier { +pub const ALGORITHM_ID: pkcs8::AlgorithmIdentifierRef<'static> = pkcs8::AlgorithmIdentifierRef { oid: ALGORITHM_OID, parameters: None, }; @@ -73,7 +74,7 @@ pub struct KeypairBytes { /// Ed25519 public key (if available). /// /// Compressed Edwards-y encoded curve point. - pub public_key: Option<[u8; Self::BYTE_SIZE / 2]>, + pub public_key: Option, } impl KeypairBytes { @@ -83,9 +84,12 @@ impl KeypairBytes { /// Parse raw keypair from a 64-byte input. pub fn from_bytes(bytes: &[u8; Self::BYTE_SIZE]) -> Self { let (sk, pk) = bytes.split_at(Self::BYTE_SIZE / 2); + Self { secret_key: sk.try_into().expect("secret key size error"), - public_key: Some(pk.try_into().expect("public key size error")), + public_key: Some(PublicKeyBytes( + pk.try_into().expect("public key size error"), + )), } } @@ -100,7 +104,7 @@ impl KeypairBytes { let mut result = [0u8; Self::BYTE_SIZE]; let (sk, pk) = result.split_at_mut(Self::BYTE_SIZE / 2); sk.copy_from_slice(&self.secret_key); - pk.copy_from_slice(public_key); + pk.copy_from_slice(public_key.as_ref()); Some(result) } else { None @@ -108,8 +112,6 @@ impl KeypairBytes { } } -impl DecodePrivateKey for KeypairBytes {} - impl Drop for KeypairBytes { fn drop(&mut self) { #[cfg(feature = "zeroize")] @@ -118,19 +120,18 @@ impl Drop for KeypairBytes { } #[cfg(feature = "alloc")] -#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] impl EncodePrivateKey for KeypairBytes { - fn to_pkcs8_der(&self) -> pkcs8::Result { + fn to_pkcs8_der(&self) -> Result { // Serialize private key as nested OCTET STRING let mut private_key = [0u8; 2 + (Self::BYTE_SIZE / 2)]; private_key[0] = 0x04; private_key[1] = 0x20; private_key[2..].copy_from_slice(&self.secret_key); - let private_key_info = pkcs8::PrivateKeyInfo { + let private_key_info = PrivateKeyInfo { algorithm: ALGORITHM_ID, private_key: &private_key, - public_key: self.public_key.as_ref().map(AsRef::as_ref), + public_key: self.public_key.as_ref().map(|pk| pk.0.as_slice()), }; let result = SecretDocument::encode_msg(&private_key_info)?; @@ -142,14 +143,14 @@ impl EncodePrivateKey for KeypairBytes { } } -impl TryFrom> for KeypairBytes { - type Error = pkcs8::Error; +impl TryFrom> for KeypairBytes { + type Error = Error; - fn try_from(private_key: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { + fn try_from(private_key: PrivateKeyInfo<'_>) -> Result { private_key.algorithm.assert_algorithm_oid(ALGORITHM_OID)?; if private_key.algorithm.parameters.is_some() { - return Err(pkcs8::Error::ParametersMalformed); + return Err(Error::ParametersMalformed); } // Ed25519 PKCS#8 keys are represented as a nested OCTET STRING @@ -161,15 +162,15 @@ impl TryFrom> for KeypairBytes { // - 0x04: OCTET STRING tag // - 0x20: 32-byte length let secret_key = match private_key.private_key { - [0x04, 0x20, rest @ ..] => rest.try_into().map_err(|_| pkcs8::Error::KeyMalformed), - _ => Err(pkcs8::Error::KeyMalformed), + [0x04, 0x20, rest @ ..] => rest.try_into().map_err(|_| Error::KeyMalformed), + _ => Err(Error::KeyMalformed), }?; - // TODO(tarcieri): parse public key let public_key = private_key .public_key - .map(|bytes| bytes.try_into().map_err(|_| pkcs8::Error::KeyMalformed)) - .transpose()?; + .map(|bytes| bytes.try_into().map_err(|_| Error::KeyMalformed)) + .transpose()? + .map(PublicKeyBytes); Ok(Self { secret_key, @@ -179,9 +180,9 @@ impl TryFrom> for KeypairBytes { } impl TryFrom<&[u8]> for KeypairBytes { - type Error = pkcs8::Error; + type Error = Error; - fn try_from(der_bytes: &[u8]) -> pkcs8::Result { + fn try_from(der_bytes: &[u8]) -> Result { Self::from_pkcs8_der(der_bytes) } } @@ -195,11 +196,10 @@ impl fmt::Debug for KeypairBytes { } #[cfg(feature = "pem")] -#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] impl str::FromStr for KeypairBytes { - type Err = pkcs8::Error; + type Err = Error; - fn from_str(pem: &str) -> pkcs8::Result { + fn from_str(pem: &str) -> Result { Self::from_pkcs8_pem(pem) } } @@ -220,6 +220,7 @@ impl str::FromStr for KeypairBytes { /// /// Note that this type operates on raw bytes and performs no validation that /// public keys represent valid compressed Ed25519 y-coordinates. +#[derive(Clone, Copy, Eq, PartialEq)] pub struct PublicKeyBytes(pub [u8; Self::BYTE_SIZE]); impl PublicKeyBytes { @@ -238,61 +239,57 @@ impl AsRef<[u8; Self::BYTE_SIZE]> for PublicKeyBytes { } } -impl DecodePublicKey for PublicKeyBytes {} - #[cfg(feature = "alloc")] -#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] impl EncodePublicKey for PublicKeyBytes { - fn to_public_key_der(&self) -> pkcs8::spki::Result { - pkcs8::SubjectPublicKeyInfo { + fn to_public_key_der(&self) -> spki::Result { + pkcs8::SubjectPublicKeyInfoRef { algorithm: ALGORITHM_ID, - subject_public_key: &self.0, + subject_public_key: BitStringRef::new(0, &self.0)?, } .try_into() } } -impl TryFrom> for PublicKeyBytes { - type Error = pkcs8::spki::Error; +impl TryFrom> for PublicKeyBytes { + type Error = spki::Error; - fn try_from(spki: pkcs8::spki::SubjectPublicKeyInfo<'_>) -> pkcs8::spki::Result { + fn try_from(spki: spki::SubjectPublicKeyInfoRef<'_>) -> spki::Result { spki.algorithm.assert_algorithm_oid(ALGORITHM_OID)?; if spki.algorithm.parameters.is_some() { - return Err(pkcs8::spki::Error::KeyMalformed); + return Err(spki::Error::KeyMalformed); } spki.subject_public_key + .as_bytes() + .ok_or(spki::Error::KeyMalformed)? .try_into() .map(Self) - .map_err(|_| pkcs8::spki::Error::KeyMalformed) + .map_err(|_| spki::Error::KeyMalformed) } } impl TryFrom<&[u8]> for PublicKeyBytes { - type Error = pkcs8::spki::Error; + type Error = spki::Error; - fn try_from(der_bytes: &[u8]) -> pkcs8::spki::Result { + fn try_from(der_bytes: &[u8]) -> spki::Result { Self::from_public_key_der(der_bytes) } } impl TryFrom for PublicKeyBytes { - type Error = pkcs8::spki::Error; + type Error = spki::Error; - fn try_from(keypair: KeypairBytes) -> pkcs8::spki::Result { + fn try_from(keypair: KeypairBytes) -> spki::Result { PublicKeyBytes::try_from(&keypair) } } impl TryFrom<&KeypairBytes> for PublicKeyBytes { - type Error = pkcs8::spki::Error; + type Error = spki::Error; - fn try_from(keypair: &KeypairBytes) -> pkcs8::spki::Result { - keypair - .public_key - .map(PublicKeyBytes) - .ok_or(pkcs8::spki::Error::KeyMalformed) + fn try_from(keypair: &KeypairBytes) -> spki::Result { + keypair.public_key.ok_or(spki::Error::KeyMalformed) } } @@ -309,17 +306,15 @@ impl fmt::Debug for PublicKeyBytes { } #[cfg(feature = "pem")] -#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] impl str::FromStr for PublicKeyBytes { - type Err = pkcs8::spki::Error; + type Err = spki::Error; - fn from_str(pem: &str) -> pkcs8::spki::Result { + fn from_str(pem: &str) -> spki::Result { Self::from_public_key_pem(pem) } } #[cfg(feature = "pem")] -#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] impl ToString for PublicKeyBytes { fn to_string(&self) -> String { self.to_public_key_pem(Default::default()) @@ -328,10 +323,9 @@ impl ToString for PublicKeyBytes { } #[cfg(feature = "pem")] -#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] #[cfg(test)] mod tests { - use super::KeypairBytes; + use super::{KeypairBytes, PublicKeyBytes}; use hex_literal::hex; const SECRET_KEY_BYTES: [u8; 32] = @@ -344,7 +338,7 @@ mod tests { fn to_bytes() { let valid_keypair = KeypairBytes { secret_key: SECRET_KEY_BYTES, - public_key: Some(PUBLIC_KEY_BYTES), + public_key: Some(PublicKeyBytes(PUBLIC_KEY_BYTES)), }; assert_eq!( diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/serde.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/serde.rs similarity index 71% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/serde.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/serde.rs index 6e7eaebaa1b0..d7a7022ce602 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/serde.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/serde.rs @@ -1,21 +1,17 @@ //! `serde` support. -use crate::Signature; +use crate::{Signature, SignatureBytes}; use ::serde::{de, ser, Deserialize, Serialize}; use core::fmt; -#[cfg(feature = "serde_bytes")] -use serde_bytes_crate as serde_bytes; - -#[cfg_attr(docsrs, doc(cfg(feature = "serde")))] impl Serialize for Signature { fn serialize(&self, serializer: S) -> Result { use ser::SerializeTuple; let mut seq = serializer.serialize_tuple(Signature::BYTE_SIZE)?; - for byte in &self.0[..] { - seq.serialize_element(byte)?; + for byte in self.to_bytes() { + seq.serialize_element(&byte)?; } seq.end() @@ -24,7 +20,6 @@ impl Serialize for Signature { // serde lacks support for deserializing arrays larger than 32-bytes // see: -#[cfg_attr(docsrs, doc(cfg(feature = "serde")))] impl<'de> Deserialize<'de> for Signature { fn deserialize>(deserializer: D) -> Result { struct ByteArrayVisitor; @@ -53,24 +48,23 @@ impl<'de> Deserialize<'de> for Signature { } } - let bytes = deserializer.deserialize_tuple(Signature::BYTE_SIZE, ByteArrayVisitor)?; - Self::from_bytes(&bytes).map_err(de::Error::custom) + deserializer + .deserialize_tuple(Signature::BYTE_SIZE, ByteArrayVisitor) + .map(Into::into) } } #[cfg(feature = "serde_bytes")] -#[cfg_attr(docsrs, doc(cfg(feature = "serde_bytes")))] impl serde_bytes::Serialize for Signature { fn serialize(&self, serializer: S) -> Result where S: serde::Serializer, { - serializer.serialize_bytes(&self.0) + serializer.serialize_bytes(&self.to_bytes()) } } #[cfg(feature = "serde_bytes")] -#[cfg_attr(docsrs, doc(cfg(feature = "serde_bytes")))] impl<'de> serde_bytes::Deserialize<'de> for Signature { fn deserialize(deserializer: D) -> Result where @@ -79,7 +73,7 @@ impl<'de> serde_bytes::Deserialize<'de> for Signature { struct ByteArrayVisitor; impl<'de> de::Visitor<'de> for ByteArrayVisitor { - type Value = [u8; Signature::BYTE_SIZE]; + type Value = SignatureBytes; fn expecting(&self, formatter: &mut fmt::Formatter<'_>) -> fmt::Result { formatter.write_str("bytestring of length 64") @@ -97,17 +91,18 @@ impl<'de> serde_bytes::Deserialize<'de> for Signature { } } - let bytes = deserializer.deserialize_bytes(ByteArrayVisitor)?; - Self::from_bytes(&bytes).map_err(de::Error::custom) + deserializer + .deserialize_bytes(ByteArrayVisitor) + .map(Into::into) } } #[cfg(test)] mod tests { - use crate::Signature; + use crate::{Signature, SignatureBytes}; use hex_literal::hex; - const SIGNATURE_BYTES: [u8; Signature::BYTE_SIZE] = hex!( + const SIGNATURE_BYTES: SignatureBytes = hex!( " e5564300c360ac729086e2cc806e828a 84877f1eb8e5d974d873e06522490155 @@ -118,15 +113,9 @@ mod tests { #[test] fn round_trip() { - let signature = Signature::from_bytes(&SIGNATURE_BYTES).unwrap(); + let signature = Signature::from_bytes(&SIGNATURE_BYTES); let serialized = bincode::serialize(&signature).unwrap(); let deserialized = bincode::deserialize(&serialized).unwrap(); assert_eq!(signature, deserialized); } - - #[test] - fn overflow() { - let bytes = hex!("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); - assert!(bincode::deserialize::(&bytes).is_err()); - } } diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pkcs8-v1.der b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pkcs8-v1.der similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pkcs8-v1.der rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pkcs8-v1.der diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pkcs8-v1.pem b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pkcs8-v1.pem similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pkcs8-v1.pem rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pkcs8-v1.pem diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pkcs8-v2.der b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pkcs8-v2.der similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pkcs8-v2.der rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pkcs8-v2.der diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pkcs8-v2.pem b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pkcs8-v2.pem similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pkcs8-v2.pem rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pkcs8-v2.pem diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pubkey.der b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pubkey.der similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pubkey.der rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pubkey.der diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pubkey.pem b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pubkey.pem similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/examples/pubkey.pem rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/examples/pubkey.pem diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/hex.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/hex.rs similarity index 75% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/hex.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/hex.rs index 6043e2308095..99214343d3a2 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/hex.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/hex.rs @@ -15,32 +15,32 @@ const TEST_1_SIGNATURE: [u8; Signature::BYTE_SIZE] = hex!( #[test] fn display() { - let sig = Signature::from_bytes(&TEST_1_SIGNATURE).unwrap(); + let sig = Signature::from_bytes(&TEST_1_SIGNATURE); assert_eq!(sig.to_string(), "E5564300C360AC729086E2CC806E828A84877F1EB8E5D974D873E065224901555FB8821590A33BACC61E39701CF9B46BD25BF5F0595BBE24655141438E7A100B") } #[test] fn lower_hex() { - let sig = Signature::from_bytes(&TEST_1_SIGNATURE).unwrap(); + let sig = Signature::from_bytes(&TEST_1_SIGNATURE); assert_eq!(format!("{:x}", sig), "e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b") } #[test] fn upper_hex() { - let sig = Signature::from_bytes(&TEST_1_SIGNATURE).unwrap(); + let sig = Signature::from_bytes(&TEST_1_SIGNATURE); assert_eq!(format!("{:X}", sig), "E5564300C360AC729086E2CC806E828A84877F1EB8E5D974D873E065224901555FB8821590A33BACC61E39701CF9B46BD25BF5F0595BBE24655141438E7A100B") } #[test] fn from_str_lower() { let sig = Signature::from_str("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b").unwrap(); - assert_eq!(sig.as_ref(), TEST_1_SIGNATURE); + assert_eq!(sig.to_bytes(), TEST_1_SIGNATURE); } #[test] fn from_str_upper() { let sig = Signature::from_str("E5564300C360AC729086E2CC806E828A84877F1EB8E5D974D873E065224901555FB8821590A33BACC61E39701CF9B46BD25BF5F0595BBE24655141438E7A100B").unwrap(); - assert_eq!(sig.as_ref(), TEST_1_SIGNATURE); + assert_eq!(sig.to_bytes(), TEST_1_SIGNATURE); } #[test] @@ -48,9 +48,3 @@ fn from_str_rejects_mixed_case() { let result = Signature::from_str("E5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"); assert!(result.is_err()); } - -#[test] -fn from_str_rejects_invalid_signature() { - let result = Signature::from_str("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); - assert!(result.is_err()); -} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/pkcs8.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/pkcs8.rs similarity index 90% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/pkcs8.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/pkcs8.rs index 21a679f93c72..729131180129 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/pkcs8.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/pkcs8.rs @@ -22,7 +22,7 @@ fn decode_pkcs8_v1() { let keypair = KeypairBytes::from_pkcs8_der(PKCS8_V1_DER).unwrap(); // Extracted with: - // $ openssl asn1parse -inform der -in tests/examples/p256-priv.der + // $ openssl asn1parse -inform der -in tests/examples/pkcs8-v1.der assert_eq!( keypair.secret_key, &hex!("D4EE72DBF913584AD5B6D8F1F769F8AD3AFE7C28CBF1D4FBE097A88F44755842")[..] @@ -36,14 +36,14 @@ fn decode_pkcs8_v2() { let keypair = KeypairBytes::from_pkcs8_der(PKCS8_V2_DER).unwrap(); // Extracted with: - // $ openssl asn1parse -inform der -in tests/examples/p256-priv.der + // $ openssl asn1parse -inform der -in tests/examples/pkcs8-v2.der assert_eq!( keypair.secret_key, &hex!("D4EE72DBF913584AD5B6D8F1F769F8AD3AFE7C28CBF1D4FBE097A88F44755842")[..] ); assert_eq!( - keypair.public_key.unwrap(), + keypair.public_key.unwrap().0, hex!("19BF44096984CDFE8541BAC167DC3B96C85086AA30B6B6CB0C5C38AD703166E1") ); } @@ -53,7 +53,7 @@ fn decode_public_key() { let public_key = PublicKeyBytes::from_public_key_der(PUBLIC_KEY_DER).unwrap(); // Extracted with: - // $ openssl pkey -inform der -in pkcs8-v1.der -pubout -text + // $ openssl pkey -inform der -in tests/examples/pkcs8-v1.der -pubout -text assert_eq!( public_key.as_ref(), &hex!("19BF44096984CDFE8541BAC167DC3B96C85086AA30B6B6CB0C5C38AD703166E1") diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/serde.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/serde.rs similarity index 75% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/serde.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/serde.rs index c5b5baad04a0..93f0ebcea6ff 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/tests/serde.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/tests/serde.rs @@ -2,20 +2,18 @@ #![cfg(feature = "serde")] -use ed25519::Signature; +use ed25519::{Signature, SignatureBytes}; +use hex_literal::hex; -#[cfg(feature = "serde_bytes")] -use serde_bytes_crate as serde_bytes; - -const EXAMPLE_SIGNATURE: [u8; Signature::BYTE_SIZE] = [ - 63, 62, 61, 60, 59, 58, 57, 56, 55, 54, 53, 52, 51, 50, 49, 48, 47, 46, 45, 44, 43, 42, 41, 40, - 39, 38, 37, 36, 35, 34, 33, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, - 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, -]; +const EXAMPLE_SIGNATURE: SignatureBytes = hex!( + "3f3e3d3c3b3a393837363534333231302f2e2d2c2b2a29282726252423222120" + "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100" +); #[test] fn test_serialize() { let signature = Signature::try_from(&EXAMPLE_SIGNATURE[..]).unwrap(); + dbg!(&signature); let encoded_signature: Vec = bincode::serialize(&signature).unwrap(); assert_eq!(&EXAMPLE_SIGNATURE[..], &encoded_signature[..]); } @@ -23,7 +21,7 @@ fn test_serialize() { #[test] fn test_deserialize() { let signature = bincode::deserialize::(&EXAMPLE_SIGNATURE).unwrap(); - assert_eq!(&EXAMPLE_SIGNATURE[..], signature.as_ref()); + assert_eq!(EXAMPLE_SIGNATURE, signature.to_bytes()); } #[cfg(feature = "serde_bytes")] @@ -60,5 +58,5 @@ fn test_deserialize_bytes() { let signature: Signature = serde_bytes::deserialize(&mut deserializer).unwrap(); - assert_eq!(&EXAMPLE_SIGNATURE[..], signature.as_ref()); + assert_eq!(EXAMPLE_SIGNATURE, signature.to_bytes()); } diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/.cargo_vcs_info.json deleted file mode 100644 index d378ea6181ac..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/.cargo_vcs_info.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "git": { - "sha1": "1042cb60a07cdaacb59ca209716b69f444460f8f" - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/Cargo.toml deleted file mode 100644 index 80e039f052bd..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/Cargo.toml +++ /dev/null @@ -1,112 +0,0 @@ -# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO -# -# When uploading crates to the registry Cargo will automatically -# "normalize" Cargo.toml files for maximal compatibility -# with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies -# -# If you believe there's an error in this file please file an -# issue against the rust-lang/cargo repository. If you're -# editing this file be aware that the upstream Cargo.toml -# will likely look very different (and much more reasonable) - -[package] -edition = "2018" -name = "ed25519-dalek" -version = "1.0.1" -authors = ["isis lovecruft "] -exclude = [".gitignore", "TESTVECTORS", "res/*"] -description = "Fast and efficient ed25519 EdDSA key generations, signing, and verification in pure Rust." -homepage = "https://dalek.rs" -documentation = "https://docs.rs/ed25519-dalek" -readme = "README.md" -keywords = ["cryptography", "ed25519", "curve25519", "signature", "ECC"] -categories = ["cryptography", "no-std"] -license = "BSD-3-Clause" -repository = "https://github.com/dalek-cryptography/ed25519-dalek" -[package.metadata.docs.rs] -features = ["nightly", "batch"] - -[[bench]] -name = "ed25519_benchmarks" -harness = false -[dependencies.curve25519-dalek] -version = "3" -default-features = false - -[dependencies.ed25519] -version = "1" -default-features = false - -[dependencies.merlin] -version = "2" -optional = true -default-features = false - -[dependencies.rand] -version = "0.7" -optional = true -default-features = false - -[dependencies.rand_core] -version = "0.5" -optional = true -default-features = false - -[dependencies.serde_bytes] -version = "0.11" -optional = true - -[dependencies.serde_crate] -version = "1.0" -optional = true -default-features = false -package = "serde" - -[dependencies.sha2] -version = "0.9" -default-features = false - -[dependencies.zeroize] -version = "1" -features = ["zeroize_derive"] -default-features = false -[dev-dependencies.bincode] -version = "1.0" - -[dev-dependencies.criterion] -version = "0.3" - -[dev-dependencies.hex] -version = "^0.4" - -[dev-dependencies.rand] -version = "0.7" - -[dev-dependencies.serde_crate] -version = "1.0" -features = ["derive"] -package = "serde" - -[dev-dependencies.serde_json] -version = "1.0" - -[dev-dependencies.toml] -version = "0.5" - -[features] -alloc = ["curve25519-dalek/alloc", "rand/alloc", "zeroize/alloc"] -asm = ["sha2/asm"] -batch = ["merlin", "rand"] -batch_deterministic = ["merlin", "rand", "rand_core"] -default = ["std", "rand", "u64_backend"] -legacy_compatibility = [] -nightly = ["curve25519-dalek/nightly"] -serde = ["serde_crate", "serde_bytes", "ed25519/serde"] -simd_backend = ["curve25519-dalek/simd_backend"] -std = ["curve25519-dalek/std", "ed25519/std", "serde_crate/std", "sha2/std", "rand/std"] -u32_backend = ["curve25519-dalek/u32_backend"] -u64_backend = ["curve25519-dalek/u64_backend"] -[badges.travis-ci] -branch = "master" -repository = "dalek-cryptography/ed25519-dalek" diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/Cargo.toml.orig deleted file mode 100644 index 94d9f962c161..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/Cargo.toml.orig +++ /dev/null @@ -1,65 +0,0 @@ -[package] -name = "ed25519-dalek" -version = "1.0.1" -edition = "2018" -authors = ["isis lovecruft "] -readme = "README.md" -license = "BSD-3-Clause" -repository = "https://github.com/dalek-cryptography/ed25519-dalek" -homepage = "https://dalek.rs" -documentation = "https://docs.rs/ed25519-dalek" -keywords = ["cryptography", "ed25519", "curve25519", "signature", "ECC"] -categories = ["cryptography", "no-std"] -description = "Fast and efficient ed25519 EdDSA key generations, signing, and verification in pure Rust." -exclude = [ ".gitignore", "TESTVECTORS", "res/*" ] - -[badges] -travis-ci = { repository = "dalek-cryptography/ed25519-dalek", branch = "master"} - -[package.metadata.docs.rs] -# Disabled for now since this is borked; tracking https://github.com/rust-lang/docs.rs/issues/302 -# rustdoc-args = ["--html-in-header", ".cargo/registry/src/github.com-1ecc6299db9ec823/curve25519-dalek-0.13.2/rustdoc-include-katex-header.html"] -features = ["nightly", "batch"] - -[dependencies] -curve25519-dalek = { version = "3", default-features = false } -ed25519 = { version = "1", default-features = false } -merlin = { version = "2", default-features = false, optional = true } -rand = { version = "0.7", default-features = false, optional = true } -rand_core = { version = "0.5", default-features = false, optional = true } -serde_crate = { package = "serde", version = "1.0", default-features = false, optional = true } -serde_bytes = { version = "0.11", optional = true } -sha2 = { version = "0.9", default-features = false } -zeroize = { version = "1", default-features = false, features = ["zeroize_derive"] } - -[dev-dependencies] -hex = "^0.4" -bincode = "1.0" -serde_json = "1.0" -criterion = "0.3" -rand = "0.7" -serde_crate = { package = "serde", version = "1.0", features = ["derive"] } -toml = { version = "0.5" } - -[[bench]] -name = "ed25519_benchmarks" -harness = false -# This doesn't seem to work with criterion, cf. https://github.com/bheisler/criterion.rs/issues/344 -# For now, we have to bench by doing `cargo bench --features="batch"`. -# required-features = ["batch"] - -[features] -default = ["std", "rand", "u64_backend"] -std = ["curve25519-dalek/std", "ed25519/std", "serde_crate/std", "sha2/std", "rand/std"] -alloc = ["curve25519-dalek/alloc", "rand/alloc", "zeroize/alloc"] -nightly = ["curve25519-dalek/nightly"] -serde = ["serde_crate", "serde_bytes", "ed25519/serde"] -batch = ["merlin", "rand"] -# This feature enables deterministic batch verification. -batch_deterministic = ["merlin", "rand", "rand_core"] -asm = ["sha2/asm"] -# This features turns off stricter checking for scalar malleability in signatures -legacy_compatibility = [] -u64_backend = ["curve25519-dalek/u64_backend"] -u32_backend = ["curve25519-dalek/u32_backend"] -simd_backend = ["curve25519-dalek/simd_backend"] diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/README.md b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/README.md deleted file mode 100644 index 49766fb0e6e1..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/README.md +++ /dev/null @@ -1,260 +0,0 @@ -# ed25519-dalek [![](https://img.shields.io/crates/v/ed25519-dalek.svg)](https://crates.io/crates/ed25519-dalek) [![](https://docs.rs/ed25519-dalek/badge.svg)](https://docs.rs/ed25519-dalek) [![](https://travis-ci.org/dalek-cryptography/ed25519-dalek.svg?branch=master)](https://travis-ci.org/dalek-cryptography/ed25519-dalek?branch=master) - -Fast and efficient Rust implementation of ed25519 key generation, signing, and -verification in Rust. - -# Documentation - -Documentation is available [here](https://docs.rs/ed25519-dalek). - -# Installation - -To install, add the following to your project's `Cargo.toml`: - -```toml -[dependencies.ed25519-dalek] -version = "1" -``` - -# Benchmarks - -On an Intel Skylake i9-7900X running at 3.30 GHz, without TurboBoost, this code achieves -the following performance benchmarks: - - ∃!isisⒶmistakenot:(master *=)~/code/rust/ed25519-dalek ∴ cargo bench - Compiling ed25519-dalek v0.7.0 (file:///home/isis/code/rust/ed25519-dalek) - Finished release [optimized] target(s) in 3.11s - Running target/release/deps/ed25519_benchmarks-721332beed423bce - - Ed25519 signing time: [15.617 us 15.630 us 15.647 us] - Ed25519 signature verification time: [45.930 us 45.968 us 46.011 us] - Ed25519 keypair generation time: [15.440 us 15.465 us 15.492 us] - -By enabling the avx2 backend (on machines with compatible microarchitectures), -the performance for signature verification is greatly improved: - - ∃!isisⒶmistakenot:(master *=)~/code/rust/ed25519-dalek ∴ export RUSTFLAGS=-Ctarget_cpu=native - ∃!isisⒶmistakenot:(master *=)~/code/rust/ed25519-dalek ∴ cargo bench --features=avx2_backend - Compiling ed25519-dalek v0.7.0 (file:///home/isis/code/rust/ed25519-dalek) - Finished release [optimized] target(s) in 4.28s - Running target/release/deps/ed25519_benchmarks-e4866664de39c84d - Ed25519 signing time: [15.923 us 15.945 us 15.967 us] - Ed25519 signature verification time: [33.382 us 33.411 us 33.445 us] - Ed25519 keypair generation time: [15.246 us 15.260 us 15.275 us] - -In comparison, the equivalent package in Golang performs as follows: - - ∃!isisⒶmistakenot:(master *=)~/code/go/src/github.com/agl/ed25519 ∴ go test -bench . - BenchmarkKeyGeneration 30000 47007 ns/op - BenchmarkSigning 30000 48820 ns/op - BenchmarkVerification 10000 119701 ns/op - ok github.com/agl/ed25519 5.775s - -Making key generation and signing a rough average of 2x faster, and -verification 2.5-3x faster depending on the availability of avx2. Of course, this -is just my machine, and these results—nowhere near rigorous—should be taken -with a handful of salt. - -Translating to a rough cycle count: we multiply by a factor of 3.3 to convert -nanoseconds to cycles per second on a 3300 Mhz CPU, that's 110256 cycles for -verification and 52618 for signing, which is competitive with hand-optimised -assembly implementations. - -Additionally, if you're using a CSPRNG from the `rand` crate, the `nightly` -feature will enable `u128`/`i128` features there, resulting in potentially -faster performance. - -If your protocol or application is able to batch signatures for verification, -the `verify_batch()` function has greatly improved performance. On the -aforementioned Intel Skylake i9-7900X, verifying a batch of 96 signatures takes -1.7673ms. That's 18.4094us, or roughly 60750 cycles, per signature verification, -more than double the speed of batch verification given in the original paper -(this is likely not a fair comparison as that was a Nehalem machine). -The numbers after the `/` in the test name refer to the size of the batch: - - ∃!isisⒶmistakenot:(master *=)~/code/rust/ed25519-dalek ∴ export RUSTFLAGS=-Ctarget_cpu=native - ∃!isisⒶmistakenot:(master *=)~/code/rust/ed25519-dalek ∴ cargo bench --features=avx2_backend batch - Compiling ed25519-dalek v0.8.0 (file:///home/isis/code/rust/ed25519-dalek) - Finished release [optimized] target(s) in 34.16s - Running target/release/deps/ed25519_benchmarks-cf0daf7d68fc71b6 - Ed25519 batch signature verification/4 time: [105.20 us 106.04 us 106.99 us] - Ed25519 batch signature verification/8 time: [178.66 us 179.01 us 179.39 us] - Ed25519 batch signature verification/16 time: [325.65 us 326.67 us 327.90 us] - Ed25519 batch signature verification/32 time: [617.96 us 620.74 us 624.12 us] - Ed25519 batch signature verification/64 time: [1.1862 ms 1.1900 ms 1.1943 ms] - Ed25519 batch signature verification/96 time: [1.7611 ms 1.7673 ms 1.7742 ms] - Ed25519 batch signature verification/128 time: [2.3320 ms 2.3376 ms 2.3446 ms] - Ed25519 batch signature verification/256 time: [5.0124 ms 5.0290 ms 5.0491 ms] - -As you can see, there's an optimal batch size for each machine, so you'll likely -want to test the benchmarks on your target CPU to discover the best size. For -this machine, around 100 signatures per batch is the optimum: - -![](https://github.com/dalek-cryptography/ed25519-dalek/blob/master/res/batch-violin-benchmark.svg) - -Additionally, thanks to Rust, this implementation has both type and memory -safety. It's also easily readable by a much larger set of people than those who -can read qhasm, making it more readily and more easily auditable. We're of -the opinion that, ultimately, these features—combined with speed—are more -valuable than simply cycle counts alone. - -# A Note on Signature Malleability - -The signatures produced by this library are malleable, as discussed in -[the original paper](https://ed25519.cr.yp.to/ed25519-20110926.pdf): - -![](https://github.com/dalek-cryptography/ed25519-dalek/blob/master/res/ed25519-malleability.png) - -While the scalar component of our `Signature` struct is strictly *not* -malleable, because reduction checks are put in place upon `Signature` -deserialisation from bytes, for all types of signatures in this crate, -there is still the question of potential malleability due to the group -element components. - -We could eliminate the latter malleability property by multiplying by the curve -cofactor, however, this would cause our implementation to *not* match the -behaviour of every other implementation in existence. As of this writing, -[RFC 8032](https://tools.ietf.org/html/rfc8032), "Edwards-Curve Digital -Signature Algorithm (EdDSA)," advises that the stronger check should be done. -While we agree that the stronger check should be done, it is our opinion that -one shouldn't get to change the definition of "ed25519 verification" a decade -after the fact, breaking compatibility with every other implementation. - -However, if you require this, please see the documentation for the -`verify_strict()` function, which does the full checks for the group elements. -This functionality is available by default. - -If for some reason—although we strongely advise you not to—you need to conform -to the original specification of ed25519 signatures as in the excerpt from the -paper above, you can disable scalar malleability checking via -`--features='legacy_compatibility'`. **WE STRONGLY ADVISE AGAINST THIS.** - -## The `legacy_compatibility` Feature - -By default, this library performs a stricter check for malleability in the -scalar component of a signature, upon signature deserialisation. This stricter -check, that `s < \ell` where `\ell` is the order of the basepoint, is -[mandated by RFC8032](https://tools.ietf.org/html/rfc8032#section-5.1.7). -However, that RFC was standardised a decade after the original paper, which, as -described above, (usually, falsely) stated that malleability was inconsequential. - -Because of this, most ed25519 implementations only perform a limited, hackier -check that the most significant three bits of the scalar are unset. If you need -compatibility with legacy implementations, including: - -* ed25519-donna -* Golang's /x/crypto ed25519 -* libsodium (only when built with `-DED25519_COMPAT`) -* NaCl's "ref" implementation -* probably a bunch of others - -then enable `ed25519-dalek`'s `legacy_compatibility` feature. Please note and -be forewarned that doing so allows for signature malleability, meaning that -there may be two different and "valid" signatures with the same key for the same -message, which is obviously incredibly dangerous in a number of contexts, -including—but not limited to—identification protocols and cryptocurrency -transactions. - -## The `verify_strict()` Function - -The scalar component of a signature is not the only source of signature -malleability, however. Both the public key used for signature verification and -the group element component of the signature are malleable, as they may contain -a small torsion component as a consquence of the curve25519 group not being of -prime order, but having a small cofactor of 8. - -If you wish to also eliminate this source of signature malleability, please -review the -[documentation for the `verify_strict()` function](https://doc.dalek.rs/ed25519_dalek/struct.PublicKey.html#method.verify_strict). - -# A Note on Randomness Generation - -The original paper's specification and the standarisation of RFC8032 do not -specify precisely how randomness is to be generated, other than using a CSPRNG -(Cryptographically Secure Random Number Generator). Particularly in the case of -signature verification, where the security proof _relies_ on the uniqueness of -the blinding factors/nonces, it is paramount that these samples of randomness be -unguessable to an adversary. Because of this, a current growing belief among -cryptographers is that it is safer to prefer _synthetic randomness_. - -To explain synthetic randomness, we should first explain how `ed25519-dalek` -handles generation of _deterministic randomness_. This mode is disabled by -default due to a tiny-but-not-nonexistent chance that this mode will open users -up to fault attacks, wherein an adversary who controls all of the inputs to -batch verification (i.e. the public keys, signatures, and messages) can craft -them in a specialised manner such as to induce a fault (e.g. causing a -mistakenly flipped bit in RAM, overheating a processor, etc.). In the -deterministic mode, we seed the PRNG which generates our blinding factors/nonces -by creating -[a PRNG based on the Fiat-Shamir transform of the public inputs](https://merlin.cool/transcript/rng.html). -This mode is potentially useful to protocols which require strong auditability -guarantees, as well as those which do not have access to secure system-/chip- -provided randomness. This feature can be enabled via -`--features='batch_deterministic'`. Note that we _do not_ support deterministic -signing, due to the numerous pitfalls therein, including a re-used nonce -accidentally revealing the secret key. - -In the default mode, we do as above in the fully deterministic mode, but we -ratchet the underlying keccak-f1600 function (used for the provided -transcript-based PRNG) forward additionally based on some system-/chip- provided -randomness. This provides _synthetic randomness_, that is, randomness based on -both deterministic and undeterinistic data. The reason for doing this is to -prevent badly seeded system RNGs from ruining the security of the signature -verification scheme. - -# Features - -## #![no_std] - -This library aims to be `#![no_std]` compliant. If batch verification is -required (`--features='batch'`), please enable either of the `std` or `alloc` -features. - -## Nightly Compilers - -To cause your application to build `ed25519-dalek` with the nightly feature -enabled by default, instead do: - -```toml -[dependencies.ed25519-dalek] -version = "1" -features = ["nightly"] -``` - -To cause your application to instead build with the nightly feature enabled -when someone builds with `cargo build --features="nightly"` add the following -to the `Cargo.toml`: - -```toml -[features] -nightly = ["ed25519-dalek/nightly"] -``` - -## Serde - -To enable [serde](https://serde.rs) support, build `ed25519-dalek` with the -`serde` feature. - -## (Micro)Architecture Specific Backends - -By default, `ed25519-dalek` builds against `curve25519-dalek`'s `u64_backend` -feature, which uses Rust's `i128` feature to achieve roughly double the speed as -the `u32_backend` feature. When targetting 32-bit systems, however, you'll -likely want to compile with `cargo build --no-default-features ---features="u32_backend"`. If you're building for a machine with avx2 -instructions, there's also the experimental `simd_backend`s, currently -comprising either avx2 or avx512 backends. To use them, compile with -`RUSTFLAGS="-C target_cpu=native" cargo build --no-default-features ---features="simd_backend"` - -## Batch Signature Verification - -The standard variants of batch signature verification (i.e. many signatures made -with potentially many different public keys over potentially many different -message) is available via the `batch` feature. It uses synthetic randomness, as -noted above. - -### Deterministic Batch Signature Verification - -The same notion of batch signature verification as above, but with purely -deterministic randomness can be enabled via the `batch_deterministic` feature. diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/batch.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/batch.rs deleted file mode 100644 index 3a4b8e9dc7cb..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/batch.rs +++ /dev/null @@ -1,305 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of ed25519-dalek. -// Copyright (c) 2017-2019 isis lovecruft -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft - -//! Batch signature verification. - -#[cfg(feature = "alloc")] -extern crate alloc; -#[cfg(feature = "alloc")] -use alloc::vec::Vec; -#[cfg(all(not(feature = "alloc"), feature = "std"))] -use std::vec::Vec; - -use core::convert::TryFrom; -use core::iter::once; - -use curve25519_dalek::constants; -use curve25519_dalek::edwards::EdwardsPoint; -use curve25519_dalek::scalar::Scalar; -use curve25519_dalek::traits::IsIdentity; -use curve25519_dalek::traits::VartimeMultiscalarMul; - -pub use curve25519_dalek::digest::Digest; - -use merlin::Transcript; - -use rand::Rng; -#[cfg(all(feature = "batch", not(feature = "batch_deterministic")))] -use rand::thread_rng; -#[cfg(all(not(feature = "batch"), feature = "batch_deterministic"))] -use rand_core; - -use sha2::Sha512; - -use crate::errors::InternalError; -use crate::errors::SignatureError; -use crate::public::PublicKey; -use crate::signature::InternalSignature; - -trait BatchTranscript { - fn append_scalars(&mut self, scalars: &Vec); - fn append_message_lengths(&mut self, message_lengths: &Vec); -} - -impl BatchTranscript for Transcript { - /// Append some `scalars` to this batch verification sigma protocol transcript. - /// - /// For ed25519 batch verification, we include the following as scalars: - /// - /// * All of the computed `H(R||A||M)`s to the protocol transcript, and - /// * All of the `s` components of each signature. - /// - /// Each is also prefixed with their index in the vector. - fn append_scalars(&mut self, scalars: &Vec) { - for (i, scalar) in scalars.iter().enumerate() { - self.append_u64(b"", i as u64); - self.append_message(b"hram", scalar.as_bytes()); - } - } - - /// Append the lengths of the messages into the transcript. - /// - /// This is done out of an (potential over-)abundance of caution, to guard - /// against the unlikely event of collisions. However, a nicer way to do - /// this would be to append the message length before the message, but this - /// is messy w.r.t. the calculations of the `H(R||A||M)`s above. - fn append_message_lengths(&mut self, message_lengths: &Vec) { - for (i, len) in message_lengths.iter().enumerate() { - self.append_u64(b"", i as u64); - self.append_u64(b"mlen", *len as u64); - } - } -} - -/// An implementation of `rand_core::RngCore` which does nothing, to provide -/// purely deterministic transcript-based nonces, rather than synthetically -/// random nonces. -#[cfg(all(not(feature = "batch"), feature = "batch_deterministic"))] -struct ZeroRng {} - -#[cfg(all(not(feature = "batch"), feature = "batch_deterministic"))] -impl rand_core::RngCore for ZeroRng { - fn next_u32(&mut self) -> u32 { - rand_core::impls::next_u32_via_fill(self) - } - - fn next_u64(&mut self) -> u64 { - rand_core::impls::next_u64_via_fill(self) - } - - /// A no-op function which leaves the destination bytes for randomness unchanged. - /// - /// In this case, the internal merlin code is initialising the destination - /// by doing `[0u8; …]`, which means that when we call - /// `merlin::TranscriptRngBuilder.finalize()`, rather than rekeying the - /// STROBE state based on external randomness, we're doing an - /// `ENC_{state}(00000000000000000000000000000000)` operation, which is - /// identical to the STROBE `MAC` operation. - fn fill_bytes(&mut self, _dest: &mut [u8]) { } - - fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand_core::Error> { - self.fill_bytes(dest); - Ok(()) - } -} - -#[cfg(all(not(feature = "batch"), feature = "batch_deterministic"))] -impl rand_core::CryptoRng for ZeroRng {} - -#[cfg(all(not(feature = "batch"), feature = "batch_deterministic"))] -fn zero_rng() -> ZeroRng { - ZeroRng {} -} - -/// Verify a batch of `signatures` on `messages` with their respective `public_keys`. -/// -/// # Inputs -/// -/// * `messages` is a slice of byte slices, one per signed message. -/// * `signatures` is a slice of `Signature`s. -/// * `public_keys` is a slice of `PublicKey`s. -/// -/// # Returns -/// -/// * A `Result` whose `Ok` value is an emtpy tuple and whose `Err` value is a -/// `SignatureError` containing a description of the internal error which -/// occured. -/// -/// # Notes on Nonce Generation & Malleability -/// -/// ## On Synthetic Nonces -/// -/// This library defaults to using what is called "synthetic" nonces, which -/// means that a mixture of deterministic (per any unique set of inputs to this -/// function) data and system randomness is used to seed the CSPRNG for nonce -/// generation. For more of the background theory on why many cryptographers -/// currently believe this to be superior to either purely deterministic -/// generation or purely relying on the system's randomness, see [this section -/// of the Merlin design](https://merlin.cool/transcript/rng.html) by Henry de -/// Valence, isis lovecruft, and Oleg Andreev, as well as Trevor Perrin's -/// [designs for generalised -/// EdDSA](https://moderncrypto.org/mail-archive/curves/2017/000925.html). -/// -/// ## On Deterministic Nonces -/// -/// In order to be ammenable to protocols which require stricter third-party -/// auditability trails, such as in some financial cryptographic settings, this -/// library also supports a `--features=batch_deterministic` setting, where the -/// nonces for batch signature verification are derived purely from the inputs -/// to this function themselves. -/// -/// **This is not recommended for use unless you have several cryptographers on -/// staff who can advise you in its usage and all the horrible, terrible, -/// awful ways it can go horribly, terribly, awfully wrong.** -/// -/// In any sigma protocol it is wise to include as much context pertaining -/// to the public state in the protocol as possible, to avoid malleability -/// attacks where an adversary alters publics in an algebraic manner that -/// manages to satisfy the equations for the protocol in question. -/// -/// For ed25519 batch verification (both with synthetic and deterministic nonce -/// generation), we include the following as scalars in the protocol transcript: -/// -/// * All of the computed `H(R||A||M)`s to the protocol transcript, and -/// * All of the `s` components of each signature. -/// -/// Each is also prefixed with their index in the vector. -/// -/// The former, while not quite as elegant as adding the `R`s, `A`s, and -/// `M`s separately, saves us a bit of context hashing since the -/// `H(R||A||M)`s need to be computed for the verification equation anyway. -/// -/// The latter prevents a malleability attack only found in deterministic batch -/// signature verification (i.e. only when compiling `ed25519-dalek` with -/// `--features batch_deterministic`) wherein an adversary, without access -/// to the signing key(s), can take any valid signature, `(s,R)`, and swap -/// `s` with `s' = -z1`. This doesn't contitute a signature forgery, merely -/// a vulnerability, as the resulting signature will not pass single -/// signature verification. (Thanks to Github users @real_or_random and -/// @jonasnick for pointing out this malleability issue.) -/// -/// For an additional way in which signatures can be made to probablistically -/// falsely "pass" the synthethic batch verification equation *for the same -/// inputs*, but *only some crafted inputs* will pass the deterministic batch -/// single, and neither of these will ever pass single signature verification, -/// see the documentation for [`PublicKey.validate()`]. -/// -/// # Examples -/// -/// ``` -/// extern crate ed25519_dalek; -/// extern crate rand; -/// -/// use ed25519_dalek::verify_batch; -/// use ed25519_dalek::Keypair; -/// use ed25519_dalek::PublicKey; -/// use ed25519_dalek::Signer; -/// use ed25519_dalek::Signature; -/// use rand::rngs::OsRng; -/// -/// # fn main() { -/// let mut csprng = OsRng{}; -/// let keypairs: Vec = (0..64).map(|_| Keypair::generate(&mut csprng)).collect(); -/// let msg: &[u8] = b"They're good dogs Brant"; -/// let messages: Vec<&[u8]> = (0..64).map(|_| msg).collect(); -/// let signatures: Vec = keypairs.iter().map(|key| key.sign(&msg)).collect(); -/// let public_keys: Vec = keypairs.iter().map(|key| key.public).collect(); -/// -/// let result = verify_batch(&messages[..], &signatures[..], &public_keys[..]); -/// assert!(result.is_ok()); -/// # } -/// ``` -#[cfg(all(any(feature = "batch", feature = "batch_deterministic"), - any(feature = "alloc", feature = "std")))] -#[allow(non_snake_case)] -pub fn verify_batch( - messages: &[&[u8]], - signatures: &[ed25519::Signature], - public_keys: &[PublicKey], -) -> Result<(), SignatureError> -{ - // Return an Error if any of the vectors were not the same size as the others. - if signatures.len() != messages.len() || - signatures.len() != public_keys.len() || - public_keys.len() != messages.len() { - return Err(InternalError::ArrayLengthError{ - name_a: "signatures", length_a: signatures.len(), - name_b: "messages", length_b: messages.len(), - name_c: "public_keys", length_c: public_keys.len(), - }.into()); - } - - // Convert all signatures to `InternalSignature` - let signatures = signatures - .iter() - .map(InternalSignature::try_from) - .collect::, _>>()?; - - // Compute H(R || A || M) for each (signature, public_key, message) triplet - let hrams: Vec = (0..signatures.len()).map(|i| { - let mut h: Sha512 = Sha512::default(); - h.update(signatures[i].R.as_bytes()); - h.update(public_keys[i].as_bytes()); - h.update(&messages[i]); - Scalar::from_hash(h) - }).collect(); - - // Collect the message lengths and the scalar portions of the signatures, - // and add them into the transcript. - let message_lengths: Vec = messages.iter().map(|i| i.len()).collect(); - let scalars: Vec = signatures.iter().map(|i| i.s).collect(); - - // Build a PRNG based on a transcript of the H(R || A || M)s seen thus far. - // This provides synthethic randomness in the default configuration, and - // purely deterministic in the case of compiling with the - // "batch_deterministic" feature. - let mut transcript: Transcript = Transcript::new(b"ed25519 batch verification"); - - transcript.append_scalars(&hrams); - transcript.append_message_lengths(&message_lengths); - transcript.append_scalars(&scalars); - - #[cfg(all(feature = "batch", not(feature = "batch_deterministic")))] - let mut prng = transcript.build_rng().finalize(&mut thread_rng()); - #[cfg(all(not(feature = "batch"), feature = "batch_deterministic"))] - let mut prng = transcript.build_rng().finalize(&mut zero_rng()); - - // Select a random 128-bit scalar for each signature. - let zs: Vec = signatures - .iter() - .map(|_| Scalar::from(prng.gen::())) - .collect(); - - // Compute the basepoint coefficient, ∑ s[i]z[i] (mod l) - let B_coefficient: Scalar = signatures - .iter() - .map(|sig| sig.s) - .zip(zs.iter()) - .map(|(s, z)| z * s) - .sum(); - - // Multiply each H(R || A || M) by the random value - let zhrams = hrams.iter().zip(zs.iter()).map(|(hram, z)| hram * z); - - let Rs = signatures.iter().map(|sig| sig.R.decompress()); - let As = public_keys.iter().map(|pk| Some(pk.1)); - let B = once(Some(constants::ED25519_BASEPOINT_POINT)); - - // Compute (-∑ z[i]s[i] (mod l)) B + ∑ z[i]R[i] + ∑ (z[i]H(R||A||M)[i] (mod l)) A[i] = 0 - let id = EdwardsPoint::optional_multiscalar_mul( - once(-B_coefficient).chain(zs.iter().cloned()).chain(zhrams), - B.chain(Rs).chain(As), - ).ok_or(InternalError::VerifyError)?; - - if id.is_identity() { - Ok(()) - } else { - Err(InternalError::VerifyError.into()) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/keypair.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/keypair.rs deleted file mode 100644 index 55af2df5b5e3..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/keypair.rs +++ /dev/null @@ -1,443 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of ed25519-dalek. -// Copyright (c) 2017-2019 isis lovecruft -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft - -//! ed25519 keypairs. - -#[cfg(feature = "rand")] -use rand::{CryptoRng, RngCore}; - -#[cfg(feature = "serde")] -use serde::de::Error as SerdeError; -#[cfg(feature = "serde")] -use serde::{Deserialize, Deserializer, Serialize, Serializer}; -#[cfg(feature = "serde")] -use serde_bytes::{Bytes as SerdeBytes, ByteBuf as SerdeByteBuf}; - -pub use sha2::Sha512; - -use curve25519_dalek::digest::generic_array::typenum::U64; -pub use curve25519_dalek::digest::Digest; - -use ed25519::signature::{Signer, Verifier}; - -use crate::constants::*; -use crate::errors::*; -use crate::public::*; -use crate::secret::*; - -/// An ed25519 keypair. -#[derive(Debug)] -pub struct Keypair { - /// The secret half of this keypair. - pub secret: SecretKey, - /// The public half of this keypair. - pub public: PublicKey, -} - -impl Keypair { - /// Convert this keypair to bytes. - /// - /// # Returns - /// - /// An array of bytes, `[u8; KEYPAIR_LENGTH]`. The first - /// `SECRET_KEY_LENGTH` of bytes is the `SecretKey`, and the next - /// `PUBLIC_KEY_LENGTH` bytes is the `PublicKey` (the same as other - /// libraries, such as [Adam Langley's ed25519 Golang - /// implementation](https://github.com/agl/ed25519/)). - pub fn to_bytes(&self) -> [u8; KEYPAIR_LENGTH] { - let mut bytes: [u8; KEYPAIR_LENGTH] = [0u8; KEYPAIR_LENGTH]; - - bytes[..SECRET_KEY_LENGTH].copy_from_slice(self.secret.as_bytes()); - bytes[SECRET_KEY_LENGTH..].copy_from_slice(self.public.as_bytes()); - bytes - } - - /// Construct a `Keypair` from the bytes of a `PublicKey` and `SecretKey`. - /// - /// # Inputs - /// - /// * `bytes`: an `&[u8]` representing the scalar for the secret key, and a - /// compressed Edwards-Y coordinate of a point on curve25519, both as bytes. - /// (As obtained from `Keypair::to_bytes()`.) - /// - /// # Warning - /// - /// Absolutely no validation is done on the key. If you give this function - /// bytes which do not represent a valid point, or which do not represent - /// corresponding parts of the key, then your `Keypair` will be broken and - /// it will be your fault. - /// - /// # Returns - /// - /// A `Result` whose okay value is an EdDSA `Keypair` or whose error value - /// is an `SignatureError` describing the error that occurred. - pub fn from_bytes<'a>(bytes: &'a [u8]) -> Result { - if bytes.len() != KEYPAIR_LENGTH { - return Err(InternalError::BytesLengthError { - name: "Keypair", - length: KEYPAIR_LENGTH, - }.into()); - } - let secret = SecretKey::from_bytes(&bytes[..SECRET_KEY_LENGTH])?; - let public = PublicKey::from_bytes(&bytes[SECRET_KEY_LENGTH..])?; - - Ok(Keypair{ secret: secret, public: public }) - } - - /// Generate an ed25519 keypair. - /// - /// # Example - /// - /// ``` - /// extern crate rand; - /// extern crate ed25519_dalek; - /// - /// # #[cfg(feature = "std")] - /// # fn main() { - /// - /// use rand::rngs::OsRng; - /// use ed25519_dalek::Keypair; - /// use ed25519_dalek::Signature; - /// - /// let mut csprng = OsRng{}; - /// let keypair: Keypair = Keypair::generate(&mut csprng); - /// - /// # } - /// # - /// # #[cfg(not(feature = "std"))] - /// # fn main() { } - /// ``` - /// - /// # Input - /// - /// A CSPRNG with a `fill_bytes()` method, e.g. `rand_os::OsRng`. - /// - /// The caller must also supply a hash function which implements the - /// `Digest` and `Default` traits, and which returns 512 bits of output. - /// The standard hash function used for most ed25519 libraries is SHA-512, - /// which is available with `use sha2::Sha512` as in the example above. - /// Other suitable hash functions include Keccak-512 and Blake2b-512. - #[cfg(feature = "rand")] - pub fn generate(csprng: &mut R) -> Keypair - where - R: CryptoRng + RngCore, - { - let sk: SecretKey = SecretKey::generate(csprng); - let pk: PublicKey = (&sk).into(); - - Keypair{ public: pk, secret: sk } - } - - /// Sign a `prehashed_message` with this `Keypair` using the - /// Ed25519ph algorithm defined in [RFC8032 §5.1][rfc8032]. - /// - /// # Inputs - /// - /// * `prehashed_message` is an instantiated hash digest with 512-bits of - /// output which has had the message to be signed previously fed into its - /// state. - /// * `context` is an optional context string, up to 255 bytes inclusive, - /// which may be used to provide additional domain separation. If not - /// set, this will default to an empty string. - /// - /// # Returns - /// - /// An Ed25519ph [`Signature`] on the `prehashed_message`. - /// - /// # Examples - /// - /// ``` - /// extern crate ed25519_dalek; - /// extern crate rand; - /// - /// use ed25519_dalek::Digest; - /// use ed25519_dalek::Keypair; - /// use ed25519_dalek::Sha512; - /// use ed25519_dalek::Signature; - /// use rand::rngs::OsRng; - /// - /// # #[cfg(feature = "std")] - /// # fn main() { - /// let mut csprng = OsRng{}; - /// let keypair: Keypair = Keypair::generate(&mut csprng); - /// let message: &[u8] = b"All I want is to pet all of the dogs."; - /// - /// // Create a hash digest object which we'll feed the message into: - /// let mut prehashed: Sha512 = Sha512::new(); - /// - /// prehashed.update(message); - /// # } - /// # - /// # #[cfg(not(feature = "std"))] - /// # fn main() { } - /// ``` - /// - /// If you want, you can optionally pass a "context". It is generally a - /// good idea to choose a context and try to make it unique to your project - /// and this specific usage of signatures. - /// - /// For example, without this, if you were to [convert your OpenPGP key - /// to a Bitcoin key][terrible_idea] (just as an example, and also Don't - /// Ever Do That) and someone tricked you into signing an "email" which was - /// actually a Bitcoin transaction moving all your magic internet money to - /// their address, it'd be a valid transaction. - /// - /// By adding a context, this trick becomes impossible, because the context - /// is concatenated into the hash, which is then signed. So, going with the - /// previous example, if your bitcoin wallet used a context of - /// "BitcoinWalletAppTxnSigning" and OpenPGP used a context (this is likely - /// the least of their safety problems) of "GPGsCryptoIsntConstantTimeLol", - /// then the signatures produced by both could never match the other, even - /// if they signed the exact same message with the same key. - /// - /// Let's add a context for good measure (remember, you'll want to choose - /// your own!): - /// - /// ``` - /// # extern crate ed25519_dalek; - /// # extern crate rand; - /// # - /// # use ed25519_dalek::Digest; - /// # use ed25519_dalek::Keypair; - /// # use ed25519_dalek::Signature; - /// # use ed25519_dalek::SignatureError; - /// # use ed25519_dalek::Sha512; - /// # use rand::rngs::OsRng; - /// # - /// # fn do_test() -> Result { - /// # let mut csprng = OsRng{}; - /// # let keypair: Keypair = Keypair::generate(&mut csprng); - /// # let message: &[u8] = b"All I want is to pet all of the dogs."; - /// # let mut prehashed: Sha512 = Sha512::new(); - /// # prehashed.update(message); - /// # - /// let context: &[u8] = b"Ed25519DalekSignPrehashedDoctest"; - /// - /// let sig: Signature = keypair.sign_prehashed(prehashed, Some(context))?; - /// # - /// # Ok(sig) - /// # } - /// # #[cfg(feature = "std")] - /// # fn main() { - /// # do_test(); - /// # } - /// # - /// # #[cfg(not(feature = "std"))] - /// # fn main() { } - /// ``` - /// - /// [rfc8032]: https://tools.ietf.org/html/rfc8032#section-5.1 - /// [terrible_idea]: https://github.com/isislovecruft/scripts/blob/master/gpgkey2bc.py - pub fn sign_prehashed( - &self, - prehashed_message: D, - context: Option<&[u8]>, - ) -> Result - where - D: Digest, - { - let expanded: ExpandedSecretKey = (&self.secret).into(); // xxx thanks i hate this - - expanded.sign_prehashed(prehashed_message, &self.public, context).into() - } - - /// Verify a signature on a message with this keypair's public key. - pub fn verify( - &self, - message: &[u8], - signature: &ed25519::Signature - ) -> Result<(), SignatureError> - { - self.public.verify(message, signature) - } - - /// Verify a `signature` on a `prehashed_message` using the Ed25519ph algorithm. - /// - /// # Inputs - /// - /// * `prehashed_message` is an instantiated hash digest with 512-bits of - /// output which has had the message to be signed previously fed into its - /// state. - /// * `context` is an optional context string, up to 255 bytes inclusive, - /// which may be used to provide additional domain separation. If not - /// set, this will default to an empty string. - /// * `signature` is a purported Ed25519ph [`Signature`] on the `prehashed_message`. - /// - /// # Returns - /// - /// Returns `true` if the `signature` was a valid signature created by this - /// `Keypair` on the `prehashed_message`. - /// - /// # Examples - /// - /// ``` - /// extern crate ed25519_dalek; - /// extern crate rand; - /// - /// use ed25519_dalek::Digest; - /// use ed25519_dalek::Keypair; - /// use ed25519_dalek::Signature; - /// use ed25519_dalek::SignatureError; - /// use ed25519_dalek::Sha512; - /// use rand::rngs::OsRng; - /// - /// # fn do_test() -> Result<(), SignatureError> { - /// let mut csprng = OsRng{}; - /// let keypair: Keypair = Keypair::generate(&mut csprng); - /// let message: &[u8] = b"All I want is to pet all of the dogs."; - /// - /// let mut prehashed: Sha512 = Sha512::new(); - /// prehashed.update(message); - /// - /// let context: &[u8] = b"Ed25519DalekSignPrehashedDoctest"; - /// - /// let sig: Signature = keypair.sign_prehashed(prehashed, Some(context))?; - /// - /// // The sha2::Sha512 struct doesn't implement Copy, so we'll have to create a new one: - /// let mut prehashed_again: Sha512 = Sha512::default(); - /// prehashed_again.update(message); - /// - /// let verified = keypair.public.verify_prehashed(prehashed_again, Some(context), &sig); - /// - /// assert!(verified.is_ok()); - /// - /// # verified - /// # } - /// # - /// # #[cfg(feature = "std")] - /// # fn main() { - /// # do_test(); - /// # } - /// # - /// # #[cfg(not(feature = "std"))] - /// # fn main() { } - /// ``` - /// - /// [rfc8032]: https://tools.ietf.org/html/rfc8032#section-5.1 - pub fn verify_prehashed( - &self, - prehashed_message: D, - context: Option<&[u8]>, - signature: &ed25519::Signature, - ) -> Result<(), SignatureError> - where - D: Digest, - { - self.public.verify_prehashed(prehashed_message, context, signature) - } - - /// Strictly verify a signature on a message with this keypair's public key. - /// - /// # On The (Multiple) Sources of Malleability in Ed25519 Signatures - /// - /// This version of verification is technically non-RFC8032 compliant. The - /// following explains why. - /// - /// 1. Scalar Malleability - /// - /// The authors of the RFC explicitly stated that verification of an ed25519 - /// signature must fail if the scalar `s` is not properly reduced mod \ell: - /// - /// > To verify a signature on a message M using public key A, with F - /// > being 0 for Ed25519ctx, 1 for Ed25519ph, and if Ed25519ctx or - /// > Ed25519ph is being used, C being the context, first split the - /// > signature into two 32-octet halves. Decode the first half as a - /// > point R, and the second half as an integer S, in the range - /// > 0 <= s < L. Decode the public key A as point A'. If any of the - /// > decodings fail (including S being out of range), the signature is - /// > invalid.) - /// - /// All `verify_*()` functions within ed25519-dalek perform this check. - /// - /// 2. Point malleability - /// - /// The authors of the RFC added in a malleability check to step #3 in - /// §5.1.7, for small torsion components in the `R` value of the signature, - /// *which is not strictly required*, as they state: - /// - /// > Check the group equation \[8\]\[S\]B = \[8\]R + \[8\]\[k\]A'. It's - /// > sufficient, but not required, to instead check \[S\]B = R + \[k\]A'. - /// - /// # History of Malleability Checks - /// - /// As originally defined (cf. the "Malleability" section in the README of - /// this repo), ed25519 signatures didn't consider *any* form of - /// malleability to be an issue. Later the scalar malleability was - /// considered important. Still later, particularly with interests in - /// cryptocurrency design and in unique identities (e.g. for Signal users, - /// Tor onion services, etc.), the group element malleability became a - /// concern. - /// - /// However, libraries had already been created to conform to the original - /// definition. One well-used library in particular even implemented the - /// group element malleability check, *but only for batch verification*! - /// Which meant that even using the same library, a single signature could - /// verify fine individually, but suddenly, when verifying it with a bunch - /// of other signatures, the whole batch would fail! - /// - /// # "Strict" Verification - /// - /// This method performs *both* of the above signature malleability checks. - /// - /// It must be done as a separate method because one doesn't simply get to - /// change the definition of a cryptographic primitive ten years - /// after-the-fact with zero consideration for backwards compatibility in - /// hardware and protocols which have it already have the older definition - /// baked in. - /// - /// # Return - /// - /// Returns `Ok(())` if the signature is valid, and `Err` otherwise. - #[allow(non_snake_case)] - pub fn verify_strict( - &self, - message: &[u8], - signature: &ed25519::Signature, - ) -> Result<(), SignatureError> - { - self.public.verify_strict(message, signature) - } -} - -impl Signer for Keypair { - /// Sign a message with this keypair's secret key. - fn try_sign(&self, message: &[u8]) -> Result { - let expanded: ExpandedSecretKey = (&self.secret).into(); - Ok(expanded.sign(&message, &self.public).into()) - } -} - -impl Verifier for Keypair { - /// Verify a signature on a message with this keypair's public key. - fn verify(&self, message: &[u8], signature: &ed25519::Signature) -> Result<(), SignatureError> { - self.public.verify(message, signature) - } -} - -#[cfg(feature = "serde")] -impl Serialize for Keypair { - fn serialize(&self, serializer: S) -> Result - where - S: Serializer, - { - let bytes = &self.to_bytes()[..]; - SerdeBytes::new(bytes).serialize(serializer) - } -} - -#[cfg(feature = "serde")] -impl<'d> Deserialize<'d> for Keypair { - fn deserialize(deserializer: D) -> Result - where - D: Deserializer<'d>, - { - let bytes = ::deserialize(deserializer)?; - Keypair::from_bytes(bytes.as_ref()).map_err(SerdeError::custom) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/lib.rs deleted file mode 100644 index 88dfc9318556..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/lib.rs +++ /dev/null @@ -1,280 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of ed25519-dalek. -// Copyright (c) 2017-2019 isis lovecruft -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft - -//! A Rust implementation of ed25519 key generation, signing, and verification. -//! -//! # Example -//! -//! Creating an ed25519 signature on a message is simple. -//! -//! First, we need to generate a `Keypair`, which includes both public and -//! secret halves of an asymmetric key. To do so, we need a cryptographically -//! secure pseudorandom number generator (CSPRNG). For this example, we'll use -//! the operating system's builtin PRNG: -//! -//! ``` -//! extern crate rand; -//! extern crate ed25519_dalek; -//! -//! # #[cfg(feature = "std")] -//! # fn main() { -//! use rand::rngs::OsRng; -//! use ed25519_dalek::Keypair; -//! use ed25519_dalek::Signature; -//! -//! let mut csprng = OsRng{}; -//! let keypair: Keypair = Keypair::generate(&mut csprng); -//! # } -//! # -//! # #[cfg(not(feature = "std"))] -//! # fn main() { } -//! ``` -//! -//! We can now use this `keypair` to sign a message: -//! -//! ``` -//! # extern crate rand; -//! # extern crate ed25519_dalek; -//! # fn main() { -//! # use rand::rngs::OsRng; -//! # use ed25519_dalek::Keypair; -//! # let mut csprng = OsRng{}; -//! # let keypair: Keypair = Keypair::generate(&mut csprng); -//! use ed25519_dalek::{Signature, Signer}; -//! let message: &[u8] = b"This is a test of the tsunami alert system."; -//! let signature: Signature = keypair.sign(message); -//! # } -//! ``` -//! -//! As well as to verify that this is, indeed, a valid signature on -//! that `message`: -//! -//! ``` -//! # extern crate rand; -//! # extern crate ed25519_dalek; -//! # fn main() { -//! # use rand::rngs::OsRng; -//! # use ed25519_dalek::{Keypair, Signature, Signer}; -//! # let mut csprng = OsRng{}; -//! # let keypair: Keypair = Keypair::generate(&mut csprng); -//! # let message: &[u8] = b"This is a test of the tsunami alert system."; -//! # let signature: Signature = keypair.sign(message); -//! use ed25519_dalek::Verifier; -//! assert!(keypair.verify(message, &signature).is_ok()); -//! # } -//! ``` -//! -//! Anyone else, given the `public` half of the `keypair` can also easily -//! verify this signature: -//! -//! ``` -//! # extern crate rand; -//! # extern crate ed25519_dalek; -//! # fn main() { -//! # use rand::rngs::OsRng; -//! # use ed25519_dalek::Keypair; -//! # use ed25519_dalek::Signature; -//! # use ed25519_dalek::Signer; -//! use ed25519_dalek::{PublicKey, Verifier}; -//! # let mut csprng = OsRng{}; -//! # let keypair: Keypair = Keypair::generate(&mut csprng); -//! # let message: &[u8] = b"This is a test of the tsunami alert system."; -//! # let signature: Signature = keypair.sign(message); -//! -//! let public_key: PublicKey = keypair.public; -//! assert!(public_key.verify(message, &signature).is_ok()); -//! # } -//! ``` -//! -//! ## Serialisation -//! -//! `PublicKey`s, `SecretKey`s, `Keypair`s, and `Signature`s can be serialised -//! into byte-arrays by calling `.to_bytes()`. It's perfectly acceptible and -//! safe to transfer and/or store those bytes. (Of course, never transfer your -//! secret key to anyone else, since they will only need the public key to -//! verify your signatures!) -//! -//! ``` -//! # extern crate rand; -//! # extern crate ed25519_dalek; -//! # fn main() { -//! # use rand::rngs::OsRng; -//! # use ed25519_dalek::{Keypair, Signature, Signer, PublicKey}; -//! use ed25519_dalek::{PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, KEYPAIR_LENGTH, SIGNATURE_LENGTH}; -//! # let mut csprng = OsRng{}; -//! # let keypair: Keypair = Keypair::generate(&mut csprng); -//! # let message: &[u8] = b"This is a test of the tsunami alert system."; -//! # let signature: Signature = keypair.sign(message); -//! # let public_key: PublicKey = keypair.public; -//! -//! let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = public_key.to_bytes(); -//! let secret_key_bytes: [u8; SECRET_KEY_LENGTH] = keypair.secret.to_bytes(); -//! let keypair_bytes: [u8; KEYPAIR_LENGTH] = keypair.to_bytes(); -//! let signature_bytes: [u8; SIGNATURE_LENGTH] = signature.to_bytes(); -//! # } -//! ``` -//! -//! And similarly, decoded from bytes with `::from_bytes()`: -//! -//! ``` -//! # extern crate rand; -//! # extern crate ed25519_dalek; -//! # use std::convert::TryFrom; -//! # use rand::rngs::OsRng; -//! # use ed25519_dalek::{Keypair, Signature, Signer, PublicKey, SecretKey, SignatureError}; -//! # use ed25519_dalek::{PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, KEYPAIR_LENGTH, SIGNATURE_LENGTH}; -//! # fn do_test() -> Result<(SecretKey, PublicKey, Keypair, Signature), SignatureError> { -//! # let mut csprng = OsRng{}; -//! # let keypair_orig: Keypair = Keypair::generate(&mut csprng); -//! # let message: &[u8] = b"This is a test of the tsunami alert system."; -//! # let signature_orig: Signature = keypair_orig.sign(message); -//! # let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = keypair_orig.public.to_bytes(); -//! # let secret_key_bytes: [u8; SECRET_KEY_LENGTH] = keypair_orig.secret.to_bytes(); -//! # let keypair_bytes: [u8; KEYPAIR_LENGTH] = keypair_orig.to_bytes(); -//! # let signature_bytes: [u8; SIGNATURE_LENGTH] = signature_orig.to_bytes(); -//! # -//! let public_key: PublicKey = PublicKey::from_bytes(&public_key_bytes)?; -//! let secret_key: SecretKey = SecretKey::from_bytes(&secret_key_bytes)?; -//! let keypair: Keypair = Keypair::from_bytes(&keypair_bytes)?; -//! let signature: Signature = Signature::try_from(&signature_bytes[..])?; -//! # -//! # Ok((secret_key, public_key, keypair, signature)) -//! # } -//! # fn main() { -//! # do_test(); -//! # } -//! ``` -//! -//! ### Using Serde -//! -//! If you prefer the bytes to be wrapped in another serialisation format, all -//! types additionally come with built-in [serde](https://serde.rs) support by -//! building `ed25519-dalek` via: -//! -//! ```bash -//! $ cargo build --features="serde" -//! ``` -//! -//! They can be then serialised into any of the wire formats which serde supports. -//! For example, using [bincode](https://github.com/TyOverby/bincode): -//! -//! ``` -//! # extern crate rand; -//! # extern crate ed25519_dalek; -//! # #[cfg(feature = "serde")] -//! # extern crate serde_crate as serde; -//! # #[cfg(feature = "serde")] -//! # extern crate bincode; -//! -//! # #[cfg(feature = "serde")] -//! # fn main() { -//! # use rand::rngs::OsRng; -//! # use ed25519_dalek::{Keypair, Signature, Signer, Verifier, PublicKey}; -//! use bincode::serialize; -//! # let mut csprng = OsRng{}; -//! # let keypair: Keypair = Keypair::generate(&mut csprng); -//! # let message: &[u8] = b"This is a test of the tsunami alert system."; -//! # let signature: Signature = keypair.sign(message); -//! # let public_key: PublicKey = keypair.public; -//! # let verified: bool = public_key.verify(message, &signature).is_ok(); -//! -//! let encoded_public_key: Vec = serialize(&public_key).unwrap(); -//! let encoded_signature: Vec = serialize(&signature).unwrap(); -//! # } -//! # #[cfg(not(feature = "serde"))] -//! # fn main() {} -//! ``` -//! -//! After sending the `encoded_public_key` and `encoded_signature`, the -//! recipient may deserialise them and verify: -//! -//! ``` -//! # extern crate rand; -//! # extern crate ed25519_dalek; -//! # #[cfg(feature = "serde")] -//! # extern crate serde_crate as serde; -//! # #[cfg(feature = "serde")] -//! # extern crate bincode; -//! # -//! # #[cfg(feature = "serde")] -//! # fn main() { -//! # use rand::rngs::OsRng; -//! # use ed25519_dalek::{Keypair, Signature, Signer, Verifier, PublicKey}; -//! # use bincode::serialize; -//! use bincode::deserialize; -//! -//! # let mut csprng = OsRng{}; -//! # let keypair: Keypair = Keypair::generate(&mut csprng); -//! let message: &[u8] = b"This is a test of the tsunami alert system."; -//! # let signature: Signature = keypair.sign(message); -//! # let public_key: PublicKey = keypair.public; -//! # let verified: bool = public_key.verify(message, &signature).is_ok(); -//! # let encoded_public_key: Vec = serialize(&public_key).unwrap(); -//! # let encoded_signature: Vec = serialize(&signature).unwrap(); -//! let decoded_public_key: PublicKey = deserialize(&encoded_public_key).unwrap(); -//! let decoded_signature: Signature = deserialize(&encoded_signature).unwrap(); -//! -//! # assert_eq!(public_key, decoded_public_key); -//! # assert_eq!(signature, decoded_signature); -//! # -//! let verified: bool = decoded_public_key.verify(&message, &decoded_signature).is_ok(); -//! -//! assert!(verified); -//! # } -//! # #[cfg(not(feature = "serde"))] -//! # fn main() {} -//! ``` - -#![no_std] -#![warn(future_incompatible)] -#![deny(missing_docs)] // refuse to compile if documentation is missing - -#![cfg(not(test))] -#![forbid(unsafe_code)] - -#[cfg(any(feature = "std", test))] -#[macro_use] -extern crate std; - -pub extern crate ed25519; - -#[cfg(all(feature = "alloc", not(feature = "std")))] -extern crate alloc; -extern crate curve25519_dalek; -#[cfg(all(any(feature = "batch", feature = "batch_deterministic"), any(feature = "std", feature = "alloc")))] -extern crate merlin; -#[cfg(any(feature = "batch", feature = "std", feature = "alloc", test))] -extern crate rand; -#[cfg(feature = "serde")] -extern crate serde_crate as serde; -extern crate sha2; -extern crate zeroize; - -#[cfg(all(any(feature = "batch", feature = "batch_deterministic"), any(feature = "std", feature = "alloc")))] -mod batch; -mod constants; -mod keypair; -mod errors; -mod public; -mod secret; -mod signature; - -pub use curve25519_dalek::digest::Digest; - -#[cfg(all(any(feature = "batch", feature = "batch_deterministic"), any(feature = "std", feature = "alloc")))] -pub use crate::batch::*; -pub use crate::constants::*; -pub use crate::errors::*; -pub use crate::keypair::*; -pub use crate::public::*; -pub use crate::secret::*; - -// Re-export the `Signer` and `Verifier` traits from the `signature` crate -pub use ed25519::signature::{Signer, Verifier}; -pub use ed25519::Signature; diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/public.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/public.rs deleted file mode 100644 index 342adf6c6d4c..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/public.rs +++ /dev/null @@ -1,376 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of ed25519-dalek. -// Copyright (c) 2017-2019 isis lovecruft -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft - -//! ed25519 public keys. - -use core::convert::TryFrom; -use core::fmt::Debug; - -use curve25519_dalek::constants; -use curve25519_dalek::digest::generic_array::typenum::U64; -use curve25519_dalek::digest::Digest; -use curve25519_dalek::edwards::CompressedEdwardsY; -use curve25519_dalek::edwards::EdwardsPoint; -use curve25519_dalek::scalar::Scalar; - -use ed25519::signature::Verifier; - -pub use sha2::Sha512; - -#[cfg(feature = "serde")] -use serde::de::Error as SerdeError; -#[cfg(feature = "serde")] -use serde::{Deserialize, Deserializer, Serialize, Serializer}; -#[cfg(feature = "serde")] -use serde_bytes::{Bytes as SerdeBytes, ByteBuf as SerdeByteBuf}; - -use crate::constants::*; -use crate::errors::*; -use crate::secret::*; -use crate::signature::*; - -/// An ed25519 public key. -#[derive(Copy, Clone, Default, Eq, PartialEq)] -pub struct PublicKey(pub(crate) CompressedEdwardsY, pub(crate) EdwardsPoint); - -impl Debug for PublicKey { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { - write!(f, "PublicKey({:?}), {:?})", self.0, self.1) - } -} - -impl AsRef<[u8]> for PublicKey { - fn as_ref(&self) -> &[u8] { - self.as_bytes() - } -} - -impl<'a> From<&'a SecretKey> for PublicKey { - /// Derive this public key from its corresponding `SecretKey`. - fn from(secret_key: &SecretKey) -> PublicKey { - let mut h: Sha512 = Sha512::new(); - let mut hash: [u8; 64] = [0u8; 64]; - let mut digest: [u8; 32] = [0u8; 32]; - - h.update(secret_key.as_bytes()); - hash.copy_from_slice(h.finalize().as_slice()); - - digest.copy_from_slice(&hash[..32]); - - PublicKey::mangle_scalar_bits_and_multiply_by_basepoint_to_produce_public_key(&mut digest) - } -} - -impl<'a> From<&'a ExpandedSecretKey> for PublicKey { - /// Derive this public key from its corresponding `ExpandedSecretKey`. - fn from(expanded_secret_key: &ExpandedSecretKey) -> PublicKey { - let mut bits: [u8; 32] = expanded_secret_key.key.to_bytes(); - - PublicKey::mangle_scalar_bits_and_multiply_by_basepoint_to_produce_public_key(&mut bits) - } -} - -impl PublicKey { - /// Convert this public key to a byte array. - #[inline] - pub fn to_bytes(&self) -> [u8; PUBLIC_KEY_LENGTH] { - self.0.to_bytes() - } - - /// View this public key as a byte array. - #[inline] - pub fn as_bytes<'a>(&'a self) -> &'a [u8; PUBLIC_KEY_LENGTH] { - &(self.0).0 - } - - /// Construct a `PublicKey` from a slice of bytes. - /// - /// # Warning - /// - /// The caller is responsible for ensuring that the bytes passed into this - /// method actually represent a `curve25519_dalek::curve::CompressedEdwardsY` - /// and that said compressed point is actually a point on the curve. - /// - /// # Example - /// - /// ``` - /// # extern crate ed25519_dalek; - /// # - /// use ed25519_dalek::PublicKey; - /// use ed25519_dalek::PUBLIC_KEY_LENGTH; - /// use ed25519_dalek::SignatureError; - /// - /// # fn doctest() -> Result { - /// let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = [ - /// 215, 90, 152, 1, 130, 177, 10, 183, 213, 75, 254, 211, 201, 100, 7, 58, - /// 14, 225, 114, 243, 218, 166, 35, 37, 175, 2, 26, 104, 247, 7, 81, 26]; - /// - /// let public_key = PublicKey::from_bytes(&public_key_bytes)?; - /// # - /// # Ok(public_key) - /// # } - /// # - /// # fn main() { - /// # doctest(); - /// # } - /// ``` - /// - /// # Returns - /// - /// A `Result` whose okay value is an EdDSA `PublicKey` or whose error value - /// is an `SignatureError` describing the error that occurred. - #[inline] - pub fn from_bytes(bytes: &[u8]) -> Result { - if bytes.len() != PUBLIC_KEY_LENGTH { - return Err(InternalError::BytesLengthError { - name: "PublicKey", - length: PUBLIC_KEY_LENGTH, - }.into()); - } - let mut bits: [u8; 32] = [0u8; 32]; - bits.copy_from_slice(&bytes[..32]); - - let compressed = CompressedEdwardsY(bits); - let point = compressed - .decompress() - .ok_or(InternalError::PointDecompressionError)?; - - Ok(PublicKey(compressed, point)) - } - - /// Internal utility function for mangling the bits of a (formerly - /// mathematically well-defined) "scalar" and multiplying it to produce a - /// public key. - fn mangle_scalar_bits_and_multiply_by_basepoint_to_produce_public_key( - bits: &mut [u8; 32], - ) -> PublicKey { - bits[0] &= 248; - bits[31] &= 127; - bits[31] |= 64; - - let point = &Scalar::from_bits(*bits) * &constants::ED25519_BASEPOINT_TABLE; - let compressed = point.compress(); - - PublicKey(compressed, point) - } - - /// Verify a `signature` on a `prehashed_message` using the Ed25519ph algorithm. - /// - /// # Inputs - /// - /// * `prehashed_message` is an instantiated hash digest with 512-bits of - /// output which has had the message to be signed previously fed into its - /// state. - /// * `context` is an optional context string, up to 255 bytes inclusive, - /// which may be used to provide additional domain separation. If not - /// set, this will default to an empty string. - /// * `signature` is a purported Ed25519ph [`Signature`] on the `prehashed_message`. - /// - /// # Returns - /// - /// Returns `true` if the `signature` was a valid signature created by this - /// `Keypair` on the `prehashed_message`. - /// - /// [rfc8032]: https://tools.ietf.org/html/rfc8032#section-5.1 - #[allow(non_snake_case)] - pub fn verify_prehashed( - &self, - prehashed_message: D, - context: Option<&[u8]>, - signature: &ed25519::Signature, - ) -> Result<(), SignatureError> - where - D: Digest, - { - let signature = InternalSignature::try_from(signature)?; - - let mut h: Sha512 = Sha512::default(); - let R: EdwardsPoint; - let k: Scalar; - - let ctx: &[u8] = context.unwrap_or(b""); - debug_assert!(ctx.len() <= 255, "The context must not be longer than 255 octets."); - - let minus_A: EdwardsPoint = -self.1; - - h.update(b"SigEd25519 no Ed25519 collisions"); - h.update(&[1]); // Ed25519ph - h.update(&[ctx.len() as u8]); - h.update(ctx); - h.update(signature.R.as_bytes()); - h.update(self.as_bytes()); - h.update(prehashed_message.finalize().as_slice()); - - k = Scalar::from_hash(h); - R = EdwardsPoint::vartime_double_scalar_mul_basepoint(&k, &(minus_A), &signature.s); - - if R.compress() == signature.R { - Ok(()) - } else { - Err(InternalError::VerifyError.into()) - } - } - - /// Strictly verify a signature on a message with this keypair's public key. - /// - /// # On The (Multiple) Sources of Malleability in Ed25519 Signatures - /// - /// This version of verification is technically non-RFC8032 compliant. The - /// following explains why. - /// - /// 1. Scalar Malleability - /// - /// The authors of the RFC explicitly stated that verification of an ed25519 - /// signature must fail if the scalar `s` is not properly reduced mod \ell: - /// - /// > To verify a signature on a message M using public key A, with F - /// > being 0 for Ed25519ctx, 1 for Ed25519ph, and if Ed25519ctx or - /// > Ed25519ph is being used, C being the context, first split the - /// > signature into two 32-octet halves. Decode the first half as a - /// > point R, and the second half as an integer S, in the range - /// > 0 <= s < L. Decode the public key A as point A'. If any of the - /// > decodings fail (including S being out of range), the signature is - /// > invalid.) - /// - /// All `verify_*()` functions within ed25519-dalek perform this check. - /// - /// 2. Point malleability - /// - /// The authors of the RFC added in a malleability check to step #3 in - /// §5.1.7, for small torsion components in the `R` value of the signature, - /// *which is not strictly required*, as they state: - /// - /// > Check the group equation \[8\]\[S\]B = \[8\]R + \[8\]\[k\]A'. It's - /// > sufficient, but not required, to instead check \[S\]B = R + \[k\]A'. - /// - /// # History of Malleability Checks - /// - /// As originally defined (cf. the "Malleability" section in the README of - /// this repo), ed25519 signatures didn't consider *any* form of - /// malleability to be an issue. Later the scalar malleability was - /// considered important. Still later, particularly with interests in - /// cryptocurrency design and in unique identities (e.g. for Signal users, - /// Tor onion services, etc.), the group element malleability became a - /// concern. - /// - /// However, libraries had already been created to conform to the original - /// definition. One well-used library in particular even implemented the - /// group element malleability check, *but only for batch verification*! - /// Which meant that even using the same library, a single signature could - /// verify fine individually, but suddenly, when verifying it with a bunch - /// of other signatures, the whole batch would fail! - /// - /// # "Strict" Verification - /// - /// This method performs *both* of the above signature malleability checks. - /// - /// It must be done as a separate method because one doesn't simply get to - /// change the definition of a cryptographic primitive ten years - /// after-the-fact with zero consideration for backwards compatibility in - /// hardware and protocols which have it already have the older definition - /// baked in. - /// - /// # Return - /// - /// Returns `Ok(())` if the signature is valid, and `Err` otherwise. - #[allow(non_snake_case)] - pub fn verify_strict( - &self, - message: &[u8], - signature: &ed25519::Signature, - ) -> Result<(), SignatureError> - { - let signature = InternalSignature::try_from(signature)?; - - let mut h: Sha512 = Sha512::new(); - let R: EdwardsPoint; - let k: Scalar; - let minus_A: EdwardsPoint = -self.1; - let signature_R: EdwardsPoint; - - match signature.R.decompress() { - None => return Err(InternalError::VerifyError.into()), - Some(x) => signature_R = x, - } - - // Logical OR is fine here as we're not trying to be constant time. - if signature_R.is_small_order() || self.1.is_small_order() { - return Err(InternalError::VerifyError.into()); - } - - h.update(signature.R.as_bytes()); - h.update(self.as_bytes()); - h.update(&message); - - k = Scalar::from_hash(h); - R = EdwardsPoint::vartime_double_scalar_mul_basepoint(&k, &(minus_A), &signature.s); - - if R == signature_R { - Ok(()) - } else { - Err(InternalError::VerifyError.into()) - } - } -} - -impl Verifier for PublicKey { - /// Verify a signature on a message with this keypair's public key. - /// - /// # Return - /// - /// Returns `Ok(())` if the signature is valid, and `Err` otherwise. - #[allow(non_snake_case)] - fn verify( - &self, - message: &[u8], - signature: &ed25519::Signature - ) -> Result<(), SignatureError> - { - let signature = InternalSignature::try_from(signature)?; - - let mut h: Sha512 = Sha512::new(); - let R: EdwardsPoint; - let k: Scalar; - let minus_A: EdwardsPoint = -self.1; - - h.update(signature.R.as_bytes()); - h.update(self.as_bytes()); - h.update(&message); - - k = Scalar::from_hash(h); - R = EdwardsPoint::vartime_double_scalar_mul_basepoint(&k, &(minus_A), &signature.s); - - if R.compress() == signature.R { - Ok(()) - } else { - Err(InternalError::VerifyError.into()) - } - } -} - -#[cfg(feature = "serde")] -impl Serialize for PublicKey { - fn serialize(&self, serializer: S) -> Result - where - S: Serializer, - { - SerdeBytes::new(self.as_bytes()).serialize(serializer) - } -} - -#[cfg(feature = "serde")] -impl<'d> Deserialize<'d> for PublicKey { - fn deserialize(deserializer: D) -> Result - where - D: Deserializer<'d>, - { - let bytes = ::deserialize(deserializer)?; - PublicKey::from_bytes(bytes.as_ref()).map_err(SerdeError::custom) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/secret.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/secret.rs deleted file mode 100644 index 2ca3a129cc6c..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/secret.rs +++ /dev/null @@ -1,541 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of ed25519-dalek. -// Copyright (c) 2017-2019 isis lovecruft -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft - -//! ed25519 secret key types. - -use core::fmt::Debug; - -use curve25519_dalek::constants; -use curve25519_dalek::digest::generic_array::typenum::U64; -use curve25519_dalek::digest::Digest; -use curve25519_dalek::edwards::CompressedEdwardsY; -use curve25519_dalek::scalar::Scalar; - -#[cfg(feature = "rand")] -use rand::{CryptoRng, RngCore}; - -use sha2::Sha512; - -#[cfg(feature = "serde")] -use serde::de::Error as SerdeError; -#[cfg(feature = "serde")] -use serde::{Deserialize, Deserializer, Serialize, Serializer}; -#[cfg(feature = "serde")] -use serde_bytes::{Bytes as SerdeBytes, ByteBuf as SerdeByteBuf}; - -use zeroize::Zeroize; - -use crate::constants::*; -use crate::errors::*; -use crate::public::*; -use crate::signature::*; - -/// An EdDSA secret key. -/// -/// Instances of this secret are automatically overwritten with zeroes when they -/// fall out of scope. -#[derive(Zeroize)] -#[zeroize(drop)] // Overwrite secret key material with null bytes when it goes out of scope. -pub struct SecretKey(pub(crate) [u8; SECRET_KEY_LENGTH]); - -impl Debug for SecretKey { - fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { - write!(f, "SecretKey: {:?}", &self.0[..]) - } -} - -impl AsRef<[u8]> for SecretKey { - fn as_ref(&self) -> &[u8] { - self.as_bytes() - } -} - -impl SecretKey { - /// Convert this secret key to a byte array. - #[inline] - pub fn to_bytes(&self) -> [u8; SECRET_KEY_LENGTH] { - self.0 - } - - /// View this secret key as a byte array. - #[inline] - pub fn as_bytes<'a>(&'a self) -> &'a [u8; SECRET_KEY_LENGTH] { - &self.0 - } - - /// Construct a `SecretKey` from a slice of bytes. - /// - /// # Example - /// - /// ``` - /// # extern crate ed25519_dalek; - /// # - /// use ed25519_dalek::SecretKey; - /// use ed25519_dalek::SECRET_KEY_LENGTH; - /// use ed25519_dalek::SignatureError; - /// - /// # fn doctest() -> Result { - /// let secret_key_bytes: [u8; SECRET_KEY_LENGTH] = [ - /// 157, 097, 177, 157, 239, 253, 090, 096, - /// 186, 132, 074, 244, 146, 236, 044, 196, - /// 068, 073, 197, 105, 123, 050, 105, 025, - /// 112, 059, 172, 003, 028, 174, 127, 096, ]; - /// - /// let secret_key: SecretKey = SecretKey::from_bytes(&secret_key_bytes)?; - /// # - /// # Ok(secret_key) - /// # } - /// # - /// # fn main() { - /// # let result = doctest(); - /// # assert!(result.is_ok()); - /// # } - /// ``` - /// - /// # Returns - /// - /// A `Result` whose okay value is an EdDSA `SecretKey` or whose error value - /// is an `SignatureError` wrapping the internal error that occurred. - #[inline] - pub fn from_bytes(bytes: &[u8]) -> Result { - if bytes.len() != SECRET_KEY_LENGTH { - return Err(InternalError::BytesLengthError { - name: "SecretKey", - length: SECRET_KEY_LENGTH, - }.into()); - } - let mut bits: [u8; 32] = [0u8; 32]; - bits.copy_from_slice(&bytes[..32]); - - Ok(SecretKey(bits)) - } - - /// Generate a `SecretKey` from a `csprng`. - /// - /// # Example - /// - /// ``` - /// extern crate rand; - /// extern crate ed25519_dalek; - /// - /// # #[cfg(feature = "std")] - /// # fn main() { - /// # - /// use rand::rngs::OsRng; - /// use ed25519_dalek::PublicKey; - /// use ed25519_dalek::SecretKey; - /// use ed25519_dalek::Signature; - /// - /// let mut csprng = OsRng{}; - /// let secret_key: SecretKey = SecretKey::generate(&mut csprng); - /// # } - /// # - /// # #[cfg(not(feature = "std"))] - /// # fn main() { } - /// ``` - /// - /// Afterwards, you can generate the corresponding public: - /// - /// ``` - /// # extern crate rand; - /// # extern crate ed25519_dalek; - /// # - /// # fn main() { - /// # - /// # use rand::rngs::OsRng; - /// # use ed25519_dalek::PublicKey; - /// # use ed25519_dalek::SecretKey; - /// # use ed25519_dalek::Signature; - /// # - /// # let mut csprng = OsRng{}; - /// # let secret_key: SecretKey = SecretKey::generate(&mut csprng); - /// - /// let public_key: PublicKey = (&secret_key).into(); - /// # } - /// ``` - /// - /// # Input - /// - /// A CSPRNG with a `fill_bytes()` method, e.g. `rand::OsRng` - #[cfg(feature = "rand")] - pub fn generate(csprng: &mut T) -> SecretKey - where - T: CryptoRng + RngCore, - { - let mut sk: SecretKey = SecretKey([0u8; 32]); - - csprng.fill_bytes(&mut sk.0); - - sk - } -} - -#[cfg(feature = "serde")] -impl Serialize for SecretKey { - fn serialize(&self, serializer: S) -> Result - where - S: Serializer, - { - SerdeBytes::new(self.as_bytes()).serialize(serializer) - } -} - -#[cfg(feature = "serde")] -impl<'d> Deserialize<'d> for SecretKey { - fn deserialize(deserializer: D) -> Result - where - D: Deserializer<'d>, - { - let bytes = ::deserialize(deserializer)?; - SecretKey::from_bytes(bytes.as_ref()).map_err(SerdeError::custom) - } -} - -/// An "expanded" secret key. -/// -/// This is produced by using an hash function with 512-bits output to digest a -/// `SecretKey`. The output digest is then split in half, the lower half being -/// the actual `key` used to sign messages, after twiddling with some bits.¹ The -/// upper half is used a sort of half-baked, ill-designed² pseudo-domain-separation -/// "nonce"-like thing, which is used during signature production by -/// concatenating it with the message to be signed before the message is hashed. -/// -/// Instances of this secret are automatically overwritten with zeroes when they -/// fall out of scope. -// -// ¹ This results in a slight bias towards non-uniformity at one spectrum of -// the range of valid keys. Oh well: not my idea; not my problem. -// -// ² It is the author's view (specifically, isis agora lovecruft, in the event -// you'd like to complain about me, again) that this is "ill-designed" because -// this doesn't actually provide true hash domain separation, in that in many -// real-world applications a user wishes to have one key which is used in -// several contexts (such as within tor, which does domain separation -// manually by pre-concatenating static strings to messages to achieve more -// robust domain separation). In other real-world applications, such as -// bitcoind, a user might wish to have one master keypair from which others are -// derived (à la BIP32) and different domain separators between keys derived at -// different levels (and similarly for tree-based key derivation constructions, -// such as hash-based signatures). Leaving the domain separation to -// application designers, who thus far have produced incompatible, -// slightly-differing, ad hoc domain separation (at least those application -// designers who knew enough cryptographic theory to do so!), is therefore a -// bad design choice on the part of the cryptographer designing primitives -// which should be simple and as foolproof as possible to use for -// non-cryptographers. Further, later in the ed25519 signature scheme, as -// specified in RFC8032, the public key is added into *another* hash digest -// (along with the message, again); it is unclear to this author why there's -// not only one but two poorly-thought-out attempts at domain separation in the -// same signature scheme, and which both fail in exactly the same way. For a -// better-designed, Schnorr-based signature scheme, see Trevor Perrin's work on -// "generalised EdDSA" and "VXEdDSA". -#[derive(Zeroize)] -#[zeroize(drop)] // Overwrite secret key material with null bytes when it goes out of scope. -pub struct ExpandedSecretKey { - pub(crate) key: Scalar, - pub(crate) nonce: [u8; 32], -} - -impl<'a> From<&'a SecretKey> for ExpandedSecretKey { - /// Construct an `ExpandedSecretKey` from a `SecretKey`. - /// - /// # Examples - /// - /// ``` - /// # extern crate rand; - /// # extern crate sha2; - /// # extern crate ed25519_dalek; - /// # - /// # fn main() { - /// # - /// use rand::rngs::OsRng; - /// use ed25519_dalek::{SecretKey, ExpandedSecretKey}; - /// - /// let mut csprng = OsRng{}; - /// let secret_key: SecretKey = SecretKey::generate(&mut csprng); - /// let expanded_secret_key: ExpandedSecretKey = ExpandedSecretKey::from(&secret_key); - /// # } - /// ``` - fn from(secret_key: &'a SecretKey) -> ExpandedSecretKey { - let mut h: Sha512 = Sha512::default(); - let mut hash: [u8; 64] = [0u8; 64]; - let mut lower: [u8; 32] = [0u8; 32]; - let mut upper: [u8; 32] = [0u8; 32]; - - h.update(secret_key.as_bytes()); - hash.copy_from_slice(h.finalize().as_slice()); - - lower.copy_from_slice(&hash[00..32]); - upper.copy_from_slice(&hash[32..64]); - - lower[0] &= 248; - lower[31] &= 63; - lower[31] |= 64; - - ExpandedSecretKey{ key: Scalar::from_bits(lower), nonce: upper, } - } -} - -impl ExpandedSecretKey { - /// Convert this `ExpandedSecretKey` into an array of 64 bytes. - /// - /// # Returns - /// - /// An array of 64 bytes. The first 32 bytes represent the "expanded" - /// secret key, and the last 32 bytes represent the "domain-separation" - /// "nonce". - /// - /// # Examples - /// - /// ``` - /// # extern crate rand; - /// # extern crate sha2; - /// # extern crate ed25519_dalek; - /// # - /// # #[cfg(feature = "std")] - /// # fn main() { - /// # - /// use rand::rngs::OsRng; - /// use ed25519_dalek::{SecretKey, ExpandedSecretKey}; - /// - /// let mut csprng = OsRng{}; - /// let secret_key: SecretKey = SecretKey::generate(&mut csprng); - /// let expanded_secret_key: ExpandedSecretKey = ExpandedSecretKey::from(&secret_key); - /// let expanded_secret_key_bytes: [u8; 64] = expanded_secret_key.to_bytes(); - /// - /// assert!(&expanded_secret_key_bytes[..] != &[0u8; 64][..]); - /// # } - /// # - /// # #[cfg(not(feature = "std"))] - /// # fn main() { } - /// ``` - #[inline] - pub fn to_bytes(&self) -> [u8; EXPANDED_SECRET_KEY_LENGTH] { - let mut bytes: [u8; 64] = [0u8; 64]; - - bytes[..32].copy_from_slice(self.key.as_bytes()); - bytes[32..].copy_from_slice(&self.nonce[..]); - bytes - } - - /// Construct an `ExpandedSecretKey` from a slice of bytes. - /// - /// # Returns - /// - /// A `Result` whose okay value is an EdDSA `ExpandedSecretKey` or whose - /// error value is an `SignatureError` describing the error that occurred. - /// - /// # Examples - /// - /// ``` - /// # extern crate rand; - /// # extern crate sha2; - /// # extern crate ed25519_dalek; - /// # - /// # use ed25519_dalek::{ExpandedSecretKey, SignatureError}; - /// # - /// # #[cfg(feature = "std")] - /// # fn do_test() -> Result { - /// # - /// use rand::rngs::OsRng; - /// use ed25519_dalek::{SecretKey, ExpandedSecretKey}; - /// use ed25519_dalek::SignatureError; - /// - /// let mut csprng = OsRng{}; - /// let secret_key: SecretKey = SecretKey::generate(&mut csprng); - /// let expanded_secret_key: ExpandedSecretKey = ExpandedSecretKey::from(&secret_key); - /// let bytes: [u8; 64] = expanded_secret_key.to_bytes(); - /// let expanded_secret_key_again = ExpandedSecretKey::from_bytes(&bytes)?; - /// # - /// # Ok(expanded_secret_key_again) - /// # } - /// # - /// # #[cfg(feature = "std")] - /// # fn main() { - /// # let result = do_test(); - /// # assert!(result.is_ok()); - /// # } - /// # - /// # #[cfg(not(feature = "std"))] - /// # fn main() { } - /// ``` - #[inline] - pub fn from_bytes(bytes: &[u8]) -> Result { - if bytes.len() != EXPANDED_SECRET_KEY_LENGTH { - return Err(InternalError::BytesLengthError { - name: "ExpandedSecretKey", - length: EXPANDED_SECRET_KEY_LENGTH, - }.into()); - } - let mut lower: [u8; 32] = [0u8; 32]; - let mut upper: [u8; 32] = [0u8; 32]; - - lower.copy_from_slice(&bytes[00..32]); - upper.copy_from_slice(&bytes[32..64]); - - Ok(ExpandedSecretKey { - key: Scalar::from_bits(lower), - nonce: upper, - }) - } - - /// Sign a message with this `ExpandedSecretKey`. - #[allow(non_snake_case)] - pub fn sign(&self, message: &[u8], public_key: &PublicKey) -> ed25519::Signature { - let mut h: Sha512 = Sha512::new(); - let R: CompressedEdwardsY; - let r: Scalar; - let s: Scalar; - let k: Scalar; - - h.update(&self.nonce); - h.update(&message); - - r = Scalar::from_hash(h); - R = (&r * &constants::ED25519_BASEPOINT_TABLE).compress(); - - h = Sha512::new(); - h.update(R.as_bytes()); - h.update(public_key.as_bytes()); - h.update(&message); - - k = Scalar::from_hash(h); - s = &(&k * &self.key) + &r; - - InternalSignature { R, s }.into() - } - - /// Sign a `prehashed_message` with this `ExpandedSecretKey` using the - /// Ed25519ph algorithm defined in [RFC8032 §5.1][rfc8032]. - /// - /// # Inputs - /// - /// * `prehashed_message` is an instantiated hash digest with 512-bits of - /// output which has had the message to be signed previously fed into its - /// state. - /// * `public_key` is a [`PublicKey`] which corresponds to this secret key. - /// * `context` is an optional context string, up to 255 bytes inclusive, - /// which may be used to provide additional domain separation. If not - /// set, this will default to an empty string. - /// - /// # Returns - /// - /// A `Result` whose `Ok` value is an Ed25519ph [`Signature`] on the - /// `prehashed_message` if the context was 255 bytes or less, otherwise - /// a `SignatureError`. - /// - /// [rfc8032]: https://tools.ietf.org/html/rfc8032#section-5.1 - #[allow(non_snake_case)] - pub fn sign_prehashed<'a, D>( - &self, - prehashed_message: D, - public_key: &PublicKey, - context: Option<&'a [u8]>, - ) -> Result - where - D: Digest, - { - let mut h: Sha512; - let mut prehash: [u8; 64] = [0u8; 64]; - let R: CompressedEdwardsY; - let r: Scalar; - let s: Scalar; - let k: Scalar; - - let ctx: &[u8] = context.unwrap_or(b""); // By default, the context is an empty string. - - if ctx.len() > 255 { - return Err(SignatureError::from(InternalError::PrehashedContextLengthError)); - } - - let ctx_len: u8 = ctx.len() as u8; - - // Get the result of the pre-hashed message. - prehash.copy_from_slice(prehashed_message.finalize().as_slice()); - - // This is the dumbest, ten-years-late, non-admission of fucking up the - // domain separation I have ever seen. Why am I still required to put - // the upper half "prefix" of the hashed "secret key" in here? Why - // can't the user just supply their own nonce and decide for themselves - // whether or not they want a deterministic signature scheme? Why does - // the message go into what's ostensibly the signature domain separation - // hash? Why wasn't there always a way to provide a context string? - // - // ... - // - // This is a really fucking stupid bandaid, and the damned scheme is - // still bleeding from malleability, for fuck's sake. - h = Sha512::new() - .chain(b"SigEd25519 no Ed25519 collisions") - .chain(&[1]) // Ed25519ph - .chain(&[ctx_len]) - .chain(ctx) - .chain(&self.nonce) - .chain(&prehash[..]); - - r = Scalar::from_hash(h); - R = (&r * &constants::ED25519_BASEPOINT_TABLE).compress(); - - h = Sha512::new() - .chain(b"SigEd25519 no Ed25519 collisions") - .chain(&[1]) // Ed25519ph - .chain(&[ctx_len]) - .chain(ctx) - .chain(R.as_bytes()) - .chain(public_key.as_bytes()) - .chain(&prehash[..]); - - k = Scalar::from_hash(h); - s = &(&k * &self.key) + &r; - - Ok(InternalSignature { R, s }.into()) - } -} - -#[cfg(feature = "serde")] -impl Serialize for ExpandedSecretKey { - fn serialize(&self, serializer: S) -> Result - where - S: Serializer, - { - let bytes = &self.to_bytes()[..]; - SerdeBytes::new(bytes).serialize(serializer) - } -} - -#[cfg(feature = "serde")] -impl<'d> Deserialize<'d> for ExpandedSecretKey { - fn deserialize(deserializer: D) -> Result - where - D: Deserializer<'d>, - { - let bytes = ::deserialize(deserializer)?; - ExpandedSecretKey::from_bytes(bytes.as_ref()).map_err(SerdeError::custom) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn secret_key_zeroize_on_drop() { - let secret_ptr: *const u8; - - { // scope for the secret to ensure it's been dropped - let secret = SecretKey::from_bytes(&[0x15u8; 32][..]).unwrap(); - - secret_ptr = secret.0.as_ptr(); - } - - let memory: &[u8] = unsafe { ::std::slice::from_raw_parts(secret_ptr, 32) }; - - assert!(!memory.contains(&0x15)); - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/tests/ed25519.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/tests/ed25519.rs deleted file mode 100644 index 696e2876b022..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/tests/ed25519.rs +++ /dev/null @@ -1,414 +0,0 @@ -// -*- mode: rust; -*- -// -// This file is part of ed25519-dalek. -// Copyright (c) 2017-2019 isis lovecruft -// See LICENSE for licensing information. -// -// Authors: -// - isis agora lovecruft - -//! Integration tests for ed25519-dalek. - -#[cfg(all(test, feature = "serde"))] -extern crate bincode; -extern crate ed25519_dalek; -extern crate hex; -extern crate sha2; -extern crate rand; -#[cfg(all(test, feature = "serde"))] -extern crate serde_crate; -#[cfg(all(test, feature = "serde"))] -extern crate toml; - -use ed25519_dalek::*; - -use hex::FromHex; - -use sha2::Sha512; - -#[cfg(test)] -mod vectors { - use ed25519::signature::Signature as _; - - use std::io::BufReader; - use std::io::BufRead; - use std::fs::File; - - use super::*; - - // TESTVECTORS is taken from sign.input.gz in agl's ed25519 Golang - // package. It is a selection of test cases from - // http://ed25519.cr.yp.to/python/sign.input - #[test] - fn against_reference_implementation() { // TestGolden - let mut line: String; - let mut lineno: usize = 0; - - let f = File::open("TESTVECTORS"); - if f.is_err() { - println!("This test is only available when the code has been cloned \ - from the git repository, since the TESTVECTORS file is large \ - and is therefore not included within the distributed crate."); - panic!(); - } - let file = BufReader::new(f.unwrap()); - - for l in file.lines() { - lineno += 1; - line = l.unwrap(); - - let parts: Vec<&str> = line.split(':').collect(); - assert_eq!(parts.len(), 5, "wrong number of fields in line {}", lineno); - - let sec_bytes: Vec = FromHex::from_hex(&parts[0]).unwrap(); - let pub_bytes: Vec = FromHex::from_hex(&parts[1]).unwrap(); - let msg_bytes: Vec = FromHex::from_hex(&parts[2]).unwrap(); - let sig_bytes: Vec = FromHex::from_hex(&parts[3]).unwrap(); - - let secret: SecretKey = SecretKey::from_bytes(&sec_bytes[..SECRET_KEY_LENGTH]).unwrap(); - let public: PublicKey = PublicKey::from_bytes(&pub_bytes[..PUBLIC_KEY_LENGTH]).unwrap(); - let keypair: Keypair = Keypair{ secret: secret, public: public }; - - // The signatures in the test vectors also include the message - // at the end, but we just want R and S. - let sig1: Signature = Signature::from_bytes(&sig_bytes[..64]).unwrap(); - let sig2: Signature = keypair.sign(&msg_bytes); - - assert!(sig1 == sig2, "Signature bytes not equal on line {}", lineno); - assert!(keypair.verify(&msg_bytes, &sig2).is_ok(), - "Signature verification failed on line {}", lineno); - } - } - - // From https://tools.ietf.org/html/rfc8032#section-7.3 - #[test] - fn ed25519ph_rf8032_test_vector() { - let secret_key: &[u8] = b"833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42"; - let public_key: &[u8] = b"ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf"; - let message: &[u8] = b"616263"; - let signature: &[u8] = b"98a70222f0b8121aa9d30f813d683f809e462b469c7ff87639499bb94e6dae4131f85042463c2a355a2003d062adf5aaa10b8c61e636062aaad11c2a26083406"; - - let sec_bytes: Vec = FromHex::from_hex(secret_key).unwrap(); - let pub_bytes: Vec = FromHex::from_hex(public_key).unwrap(); - let msg_bytes: Vec = FromHex::from_hex(message).unwrap(); - let sig_bytes: Vec = FromHex::from_hex(signature).unwrap(); - - let secret: SecretKey = SecretKey::from_bytes(&sec_bytes[..SECRET_KEY_LENGTH]).unwrap(); - let public: PublicKey = PublicKey::from_bytes(&pub_bytes[..PUBLIC_KEY_LENGTH]).unwrap(); - let keypair: Keypair = Keypair{ secret: secret, public: public }; - let sig1: Signature = Signature::from_bytes(&sig_bytes[..]).unwrap(); - - let mut prehash_for_signing: Sha512 = Sha512::default(); - let mut prehash_for_verifying: Sha512 = Sha512::default(); - - prehash_for_signing.update(&msg_bytes[..]); - prehash_for_verifying.update(&msg_bytes[..]); - - let sig2: Signature = keypair.sign_prehashed(prehash_for_signing, None).unwrap(); - - assert!(sig1 == sig2, - "Original signature from test vectors doesn't equal signature produced:\ - \noriginal:\n{:?}\nproduced:\n{:?}", sig1, sig2); - assert!(keypair.verify_prehashed(prehash_for_verifying, None, &sig2).is_ok(), - "Could not verify ed25519ph signature!"); - } -} - -#[cfg(test)] -mod integrations { - use super::*; - use rand::rngs::OsRng; - - #[test] - fn sign_verify() { // TestSignVerify - let keypair: Keypair; - let good_sig: Signature; - let bad_sig: Signature; - - let good: &[u8] = "test message".as_bytes(); - let bad: &[u8] = "wrong message".as_bytes(); - - let mut csprng = OsRng{}; - - keypair = Keypair::generate(&mut csprng); - good_sig = keypair.sign(&good); - bad_sig = keypair.sign(&bad); - - assert!(keypair.verify(&good, &good_sig).is_ok(), - "Verification of a valid signature failed!"); - assert!(keypair.verify(&good, &bad_sig).is_err(), - "Verification of a signature on a different message passed!"); - assert!(keypair.verify(&bad, &good_sig).is_err(), - "Verification of a signature on a different message passed!"); - } - - #[test] - fn ed25519ph_sign_verify() { - let keypair: Keypair; - let good_sig: Signature; - let bad_sig: Signature; - - let good: &[u8] = b"test message"; - let bad: &[u8] = b"wrong message"; - - let mut csprng = OsRng{}; - - // ugh… there's no `impl Copy for Sha512`… i hope we can all agree these are the same hashes - let mut prehashed_good1: Sha512 = Sha512::default(); - prehashed_good1.update(good); - let mut prehashed_good2: Sha512 = Sha512::default(); - prehashed_good2.update(good); - let mut prehashed_good3: Sha512 = Sha512::default(); - prehashed_good3.update(good); - - let mut prehashed_bad1: Sha512 = Sha512::default(); - prehashed_bad1.update(bad); - let mut prehashed_bad2: Sha512 = Sha512::default(); - prehashed_bad2.update(bad); - - let context: &[u8] = b"testing testing 1 2 3"; - - keypair = Keypair::generate(&mut csprng); - good_sig = keypair.sign_prehashed(prehashed_good1, Some(context)).unwrap(); - bad_sig = keypair.sign_prehashed(prehashed_bad1, Some(context)).unwrap(); - - assert!(keypair.verify_prehashed(prehashed_good2, Some(context), &good_sig).is_ok(), - "Verification of a valid signature failed!"); - assert!(keypair.verify_prehashed(prehashed_good3, Some(context), &bad_sig).is_err(), - "Verification of a signature on a different message passed!"); - assert!(keypair.verify_prehashed(prehashed_bad2, Some(context), &good_sig).is_err(), - "Verification of a signature on a different message passed!"); - } - - #[cfg(feature = "batch")] - #[test] - fn verify_batch_seven_signatures() { - let messages: [&[u8]; 7] = [ - b"Watch closely everyone, I'm going to show you how to kill a god.", - b"I'm not a cryptographer I just encrypt a lot.", - b"Still not a cryptographer.", - b"This is a test of the tsunami alert system. This is only a test.", - b"Fuck dumbin' it down, spit ice, skip jewellery: Molotov cocktails on me like accessories.", - b"Hey, I never cared about your bucks, so if I run up with a mask on, probably got a gas can too.", - b"And I'm not here to fill 'er up. Nope, we came to riot, here to incite, we don't want any of your stuff.", ]; - let mut csprng = OsRng{}; - let mut keypairs: Vec = Vec::new(); - let mut signatures: Vec = Vec::new(); - - for i in 0..messages.len() { - let keypair: Keypair = Keypair::generate(&mut csprng); - signatures.push(keypair.sign(&messages[i])); - keypairs.push(keypair); - } - let public_keys: Vec = keypairs.iter().map(|key| key.public).collect(); - - let result = verify_batch(&messages, &signatures[..], &public_keys[..]); - - assert!(result.is_ok()); - } - - #[test] - fn pubkey_from_secret_and_expanded_secret() { - let mut csprng = OsRng{}; - let secret: SecretKey = SecretKey::generate(&mut csprng); - let expanded_secret: ExpandedSecretKey = (&secret).into(); - let public_from_secret: PublicKey = (&secret).into(); // XXX eww - let public_from_expanded_secret: PublicKey = (&expanded_secret).into(); // XXX eww - - assert!(public_from_secret == public_from_expanded_secret); - } -} - -#[serde(crate = "serde_crate")] -#[cfg(all(test, feature = "serde"))] -#[derive(Debug, serde_crate::Serialize, serde_crate::Deserialize)] -struct Demo { - keypair: Keypair -} - -#[cfg(all(test, feature = "serde"))] -mod serialisation { - use super::*; - - use ed25519::signature::Signature as _; - - // The size for bincode to serialize the length of a byte array. - static BINCODE_INT_LENGTH: usize = 8; - - static PUBLIC_KEY_BYTES: [u8; PUBLIC_KEY_LENGTH] = [ - 130, 039, 155, 015, 062, 076, 188, 063, - 124, 122, 026, 251, 233, 253, 225, 220, - 014, 041, 166, 120, 108, 035, 254, 077, - 160, 083, 172, 058, 219, 042, 086, 120, ]; - - static SECRET_KEY_BYTES: [u8; SECRET_KEY_LENGTH] = [ - 062, 070, 027, 163, 092, 182, 011, 003, - 077, 234, 098, 004, 011, 127, 079, 228, - 243, 187, 150, 073, 201, 137, 076, 022, - 085, 251, 152, 002, 241, 042, 072, 054, ]; - - /// Signature with the above keypair of a blank message. - static SIGNATURE_BYTES: [u8; SIGNATURE_LENGTH] = [ - 010, 126, 151, 143, 157, 064, 047, 001, - 196, 140, 179, 058, 226, 152, 018, 102, - 160, 123, 080, 016, 210, 086, 196, 028, - 053, 231, 012, 157, 169, 019, 158, 063, - 045, 154, 238, 007, 053, 185, 227, 229, - 079, 108, 213, 080, 124, 252, 084, 167, - 216, 085, 134, 144, 129, 149, 041, 081, - 063, 120, 126, 100, 092, 059, 050, 011, ]; - - static KEYPAIR_BYTES: [u8; KEYPAIR_LENGTH] = [ - 239, 085, 017, 235, 167, 103, 034, 062, - 007, 010, 032, 146, 113, 039, 096, 174, - 003, 219, 232, 166, 240, 121, 167, 013, - 098, 238, 122, 116, 193, 114, 215, 213, - 175, 181, 075, 166, 224, 164, 140, 146, - 053, 120, 010, 037, 104, 094, 136, 225, - 249, 102, 171, 160, 097, 132, 015, 071, - 035, 056, 000, 074, 130, 168, 225, 071, ]; - - #[test] - fn serialize_deserialize_signature_bincode() { - let signature: Signature = Signature::from_bytes(&SIGNATURE_BYTES).unwrap(); - let encoded_signature: Vec = bincode::serialize(&signature).unwrap(); - let decoded_signature: Signature = bincode::deserialize(&encoded_signature).unwrap(); - - assert_eq!(signature, decoded_signature); - } - - #[test] - fn serialize_deserialize_signature_json() { - let signature: Signature = Signature::from_bytes(&SIGNATURE_BYTES).unwrap(); - let encoded_signature = serde_json::to_string(&signature).unwrap(); - let decoded_signature: Signature = serde_json::from_str(&encoded_signature).unwrap(); - - assert_eq!(signature, decoded_signature); - } - - #[test] - fn serialize_deserialize_public_key_bincode() { - let public_key: PublicKey = PublicKey::from_bytes(&PUBLIC_KEY_BYTES).unwrap(); - let encoded_public_key: Vec = bincode::serialize(&public_key).unwrap(); - let decoded_public_key: PublicKey = bincode::deserialize(&encoded_public_key).unwrap(); - - assert_eq!(&PUBLIC_KEY_BYTES[..], &encoded_public_key[encoded_public_key.len() - PUBLIC_KEY_LENGTH..]); - assert_eq!(public_key, decoded_public_key); - } - - #[test] - fn serialize_deserialize_public_key_json() { - let public_key: PublicKey = PublicKey::from_bytes(&PUBLIC_KEY_BYTES).unwrap(); - let encoded_public_key = serde_json::to_string(&public_key).unwrap(); - let decoded_public_key: PublicKey = serde_json::from_str(&encoded_public_key).unwrap(); - - assert_eq!(public_key, decoded_public_key); - } - - #[test] - fn serialize_deserialize_secret_key_bincode() { - let secret_key: SecretKey = SecretKey::from_bytes(&SECRET_KEY_BYTES).unwrap(); - let encoded_secret_key: Vec = bincode::serialize(&secret_key).unwrap(); - let decoded_secret_key: SecretKey = bincode::deserialize(&encoded_secret_key).unwrap(); - - for i in 0..SECRET_KEY_LENGTH { - assert_eq!(SECRET_KEY_BYTES[i], decoded_secret_key.as_bytes()[i]); - } - } - - #[test] - fn serialize_deserialize_secret_key_json() { - let secret_key: SecretKey = SecretKey::from_bytes(&SECRET_KEY_BYTES).unwrap(); - let encoded_secret_key = serde_json::to_string(&secret_key).unwrap(); - let decoded_secret_key: SecretKey = serde_json::from_str(&encoded_secret_key).unwrap(); - - for i in 0..SECRET_KEY_LENGTH { - assert_eq!(SECRET_KEY_BYTES[i], decoded_secret_key.as_bytes()[i]); - } - } - - #[test] - fn serialize_deserialize_expanded_secret_key_bincode() { - let expanded_secret_key = ExpandedSecretKey::from(&SecretKey::from_bytes(&SECRET_KEY_BYTES).unwrap()); - let encoded_expanded_secret_key: Vec = bincode::serialize(&expanded_secret_key).unwrap(); - let decoded_expanded_secret_key: ExpandedSecretKey = bincode::deserialize(&encoded_expanded_secret_key).unwrap(); - - for i in 0..EXPANDED_SECRET_KEY_LENGTH { - assert_eq!(expanded_secret_key.to_bytes()[i], decoded_expanded_secret_key.to_bytes()[i]); - } - } - - #[test] - fn serialize_deserialize_expanded_secret_key_json() { - let expanded_secret_key = ExpandedSecretKey::from(&SecretKey::from_bytes(&SECRET_KEY_BYTES).unwrap()); - let encoded_expanded_secret_key = serde_json::to_string(&expanded_secret_key).unwrap(); - let decoded_expanded_secret_key: ExpandedSecretKey = serde_json::from_str(&encoded_expanded_secret_key).unwrap(); - - for i in 0..EXPANDED_SECRET_KEY_LENGTH { - assert_eq!(expanded_secret_key.to_bytes()[i], decoded_expanded_secret_key.to_bytes()[i]); - } - } - - #[test] - fn serialize_deserialize_keypair_bincode() { - let keypair = Keypair::from_bytes(&KEYPAIR_BYTES).unwrap(); - let encoded_keypair: Vec = bincode::serialize(&keypair).unwrap(); - let decoded_keypair: Keypair = bincode::deserialize(&encoded_keypair).unwrap(); - - for i in 0..KEYPAIR_LENGTH { - assert_eq!(KEYPAIR_BYTES[i], decoded_keypair.to_bytes()[i]); - } - } - - #[test] - fn serialize_deserialize_keypair_json() { - let keypair = Keypair::from_bytes(&KEYPAIR_BYTES).unwrap(); - let encoded_keypair = serde_json::to_string(&keypair).unwrap(); - let decoded_keypair: Keypair = serde_json::from_str(&encoded_keypair).unwrap(); - - for i in 0..KEYPAIR_LENGTH { - assert_eq!(KEYPAIR_BYTES[i], decoded_keypair.to_bytes()[i]); - } - } - - #[test] - fn serialize_deserialize_keypair_toml() { - let demo = Demo { keypair: Keypair::from_bytes(&KEYPAIR_BYTES).unwrap() }; - - println!("\n\nWrite to toml"); - let demo_toml = toml::to_string(&demo).unwrap(); - println!("{}", demo_toml); - let demo_toml_rebuild: Result = toml::from_str(&demo_toml); - println!("{:?}", demo_toml_rebuild); - } - - #[test] - fn serialize_public_key_size() { - let public_key: PublicKey = PublicKey::from_bytes(&PUBLIC_KEY_BYTES).unwrap(); - assert_eq!(bincode::serialized_size(&public_key).unwrap() as usize, BINCODE_INT_LENGTH + PUBLIC_KEY_LENGTH); - } - - #[test] - fn serialize_signature_size() { - let signature: Signature = Signature::from_bytes(&SIGNATURE_BYTES).unwrap(); - assert_eq!(bincode::serialized_size(&signature).unwrap() as usize, SIGNATURE_LENGTH); - } - - #[test] - fn serialize_secret_key_size() { - let secret_key: SecretKey = SecretKey::from_bytes(&SECRET_KEY_BYTES).unwrap(); - assert_eq!(bincode::serialized_size(&secret_key).unwrap() as usize, BINCODE_INT_LENGTH + SECRET_KEY_LENGTH); - } - - #[test] - fn serialize_expanded_secret_key_size() { - let expanded_secret_key = ExpandedSecretKey::from(&SecretKey::from_bytes(&SECRET_KEY_BYTES).unwrap()); - assert_eq!(bincode::serialized_size(&expanded_secret_key).unwrap() as usize, BINCODE_INT_LENGTH + EXPANDED_SECRET_KEY_LENGTH); - } - - #[test] - fn serialize_keypair_size() { - let keypair = Keypair::from_bytes(&KEYPAIR_BYTES).unwrap(); - assert_eq!(bincode::serialized_size(&keypair).unwrap() as usize, BINCODE_INT_LENGTH + KEYPAIR_LENGTH); - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/.cargo_vcs_info.json new file mode 100644 index 000000000000..a5fefac65b05 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "4ac84dd0668b1d2e51654fcdffe4ae6a687bef00" + }, + "path_in_vcs": "ed25519-dalek" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/.travis.yml b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/.travis.yml similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/.travis.yml rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/.travis.yml diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/CHANGELOG.md new file mode 100644 index 000000000000..9d1b65e6b94d --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/CHANGELOG.md @@ -0,0 +1,52 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +Entries are listed in reverse chronological order per undeprecated major series. + +# Unreleased + +# 2.x series + +## 2.1.1 + +* Fix nightly SIMD build + +## 2.1.0 + +* Add `SigningKey::to_scalar_bytes` for getting the unclamped scalar from a signing key +* Loosened `signature` dependency to allow version 2.2 + +## 2.0.0 + +### Breaking changes + +* Bump MSRV from 1.41 to 1.60.0 +* Bump Rust edition +* Bump `signature` dependency to 2.0 +* Make `digest` an optional dependency +* Make `zeroize` an optional dependency +* Make `rand_core` an optional dependency +* [curve25519 backends] are now automatically selected +* [curve25519 backends] are now overridable via cfg instead of using additive features +* Make all batch verification deterministic remove `batch_deterministic` (PR [#256](https://github.com/dalek-cryptography/ed25519-dalek/pull/256)) +* Rename `Keypair` → `SigningKey` and `PublicKey` → `VerifyingKey` +* Remove default-public `ExpandedSecretKey` API (PR [#205](https://github.com/dalek-cryptography/ed25519-dalek/pull/205)) +* Make `hazmat` feature to expose `ExpandedSecretKey`, `raw_sign()`, `raw_sign_prehashed()`, `raw_verify()`, and `raw_verify_prehashed()` + +[curve25519 backends]: https://github.com/dalek-cryptography/curve25519-dalek/#backends + +### Other changes + +* Add `Context` type for prehashed signing +* Add `VerifyingKey::{verify_prehash_strict, is_weak}` +* Add `pkcs` feature to support PKCS #8 (de)serialization of `SigningKey` and `VerifyingKey` +* Add `fast` feature to include basepoint tables +* Add tests for validation criteria +* Impl `DigestSigner`/`DigestVerifier` for `SigningKey`/`VerifyingKey`, respectively +* Impl `Hash` for `VerifyingKey` +* Impl `Clone`, `Drop`, and `ZeroizeOnDrop` for `SigningKey` +* Remove `rand` dependency +* Improve key deserialization diagnostics diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/Cargo.toml new file mode 100644 index 000000000000..8381deb7ed75 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/Cargo.toml @@ -0,0 +1,199 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +edition = "2021" +rust-version = "1.60" +name = "ed25519-dalek" +version = "2.1.1" +authors = [ + "isis lovecruft ", + "Tony Arcieri ", + "Michael Rosenberg ", +] +exclude = [ + ".gitignore", + "TESTVECTORS", + "VALIDATIONVECTORS", + "res/*", +] +description = "Fast and efficient ed25519 EdDSA key generations, signing, and verification in pure Rust." +homepage = "https://github.com/dalek-cryptography/curve25519-dalek" +documentation = "https://docs.rs/ed25519-dalek" +readme = "README.md" +keywords = [ + "cryptography", + "ed25519", + "curve25519", + "signature", + "ECC", +] +categories = [ + "cryptography", + "no-std", +] +license = "BSD-3-Clause" +repository = "https://github.com/dalek-cryptography/curve25519-dalek/tree/main/ed25519-dalek" + +[package.metadata.docs.rs] +features = [ + "batch", + "digest", + "hazmat", + "pem", + "serde", +] +rustdoc-args = [ + "--html-in-header", + "docs/assets/rustdoc-include-katex-header.html", + "--cfg", + "docsrs", +] + +[[bench]] +name = "ed25519_benchmarks" +harness = false +required-features = ["rand_core"] + +[dependencies.curve25519-dalek] +version = "4" +features = ["digest"] +default-features = false + +[dependencies.ed25519] +version = ">=2.2, <2.3" +default-features = false + +[dependencies.merlin] +version = "3" +optional = true +default-features = false + +[dependencies.rand_core] +version = "0.6.4" +optional = true +default-features = false + +[dependencies.serde] +version = "1.0" +optional = true +default-features = false + +[dependencies.sha2] +version = "0.10" +default-features = false + +[dependencies.signature] +version = ">=2.0, <2.3" +optional = true +default-features = false + +[dependencies.subtle] +version = "2.3.0" +default-features = false + +[dependencies.zeroize] +version = "1.5" +optional = true +default-features = false + +[dev-dependencies.bincode] +version = "1.0" + +[dev-dependencies.blake2] +version = "0.10" + +[dev-dependencies.criterion] +version = "0.5" +features = ["html_reports"] + +[dev-dependencies.curve25519-dalek] +version = "4" +features = [ + "digest", + "rand_core", +] +default-features = false + +[dev-dependencies.hex] +version = "0.4" + +[dev-dependencies.hex-literal] +version = "0.4" + +[dev-dependencies.rand] +version = "0.8" + +[dev-dependencies.rand_core] +version = "0.6.4" +default-features = false + +[dev-dependencies.serde] +version = "1.0" +features = ["derive"] + +[dev-dependencies.serde_json] +version = "1.0" + +[dev-dependencies.sha3] +version = "0.10" + +[dev-dependencies.toml] +version = "0.7" + +[dev-dependencies.x25519-dalek] +version = "2" +features = ["static_secrets"] +default-features = false + +[features] +alloc = [ + "curve25519-dalek/alloc", + "ed25519/alloc", + "serde?/alloc", + "zeroize/alloc", +] +asm = ["sha2/asm"] +batch = [ + "alloc", + "merlin", + "rand_core", +] +default = [ + "fast", + "std", + "zeroize", +] +digest = ["signature/digest"] +fast = ["curve25519-dalek/precomputed-tables"] +hazmat = [] +legacy_compatibility = ["curve25519-dalek/legacy_compatibility"] +pem = [ + "alloc", + "ed25519/pem", + "pkcs8", +] +pkcs8 = ["ed25519/pkcs8"] +rand_core = ["dep:rand_core"] +serde = [ + "dep:serde", + "ed25519/serde", +] +std = [ + "alloc", + "ed25519/std", + "serde?/std", + "sha2/std", +] +zeroize = [ + "dep:zeroize", + "curve25519-dalek/zeroize", +] diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/Cargo.toml.orig new file mode 100644 index 000000000000..626b8da92acf --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/Cargo.toml.orig @@ -0,0 +1,78 @@ +[package] +name = "ed25519-dalek" +version = "2.1.1" +edition = "2021" +authors = [ + "isis lovecruft ", + "Tony Arcieri ", + "Michael Rosenberg " +] +readme = "README.md" +license = "BSD-3-Clause" +repository = "https://github.com/dalek-cryptography/curve25519-dalek/tree/main/ed25519-dalek" +homepage = "https://github.com/dalek-cryptography/curve25519-dalek" +documentation = "https://docs.rs/ed25519-dalek" +keywords = ["cryptography", "ed25519", "curve25519", "signature", "ECC"] +categories = ["cryptography", "no-std"] +description = "Fast and efficient ed25519 EdDSA key generations, signing, and verification in pure Rust." +exclude = [ ".gitignore", "TESTVECTORS", "VALIDATIONVECTORS", "res/*" ] +rust-version = "1.60" + +[package.metadata.docs.rs] +rustdoc-args = [ + "--html-in-header", "docs/assets/rustdoc-include-katex-header.html", + "--cfg", "docsrs", +] +features = ["batch", "digest", "hazmat", "pem", "serde"] + +[dependencies] +curve25519-dalek = { version = "4", path = "../curve25519-dalek", default-features = false, features = ["digest"] } +ed25519 = { version = ">=2.2, <2.3", default-features = false } +signature = { version = ">=2.0, <2.3", optional = true, default-features = false } +sha2 = { version = "0.10", default-features = false } +subtle = { version = "2.3.0", default-features = false } + +# optional features +merlin = { version = "3", default-features = false, optional = true } +rand_core = { version = "0.6.4", default-features = false, optional = true } +serde = { version = "1.0", default-features = false, optional = true } +zeroize = { version = "1.5", default-features = false, optional = true } + +[dev-dependencies] +curve25519-dalek = { version = "4", path = "../curve25519-dalek", default-features = false, features = ["digest", "rand_core"] } +x25519-dalek = { version = "2", path = "../x25519-dalek", default-features = false, features = ["static_secrets"] } +blake2 = "0.10" +sha3 = "0.10" +hex = "0.4" +bincode = "1.0" +serde_json = "1.0" +criterion = { version = "0.5", features = ["html_reports"] } +hex-literal = "0.4" +rand = "0.8" +rand_core = { version = "0.6.4", default-features = false } +serde = { version = "1.0", features = ["derive"] } +toml = { version = "0.7" } + +[[bench]] +name = "ed25519_benchmarks" +harness = false +required-features = ["rand_core"] + +[features] +default = ["fast", "std", "zeroize"] +alloc = ["curve25519-dalek/alloc", "ed25519/alloc", "serde?/alloc", "zeroize/alloc"] +std = ["alloc", "ed25519/std", "serde?/std", "sha2/std"] + +asm = ["sha2/asm"] +batch = ["alloc", "merlin", "rand_core"] +fast = ["curve25519-dalek/precomputed-tables"] +digest = ["signature/digest"] +# Exposes the hazmat module +hazmat = [] +# Turns off stricter checking for scalar malleability in signatures +legacy_compatibility = ["curve25519-dalek/legacy_compatibility"] +pkcs8 = ["ed25519/pkcs8"] +pem = ["alloc", "ed25519/pem", "pkcs8"] +rand_core = ["dep:rand_core"] +serde = ["dep:serde", "ed25519/serde"] +zeroize = ["dep:zeroize", "curve25519-dalek/zeroize"] diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/LICENSE b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/LICENSE similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/LICENSE rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/LICENSE diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/README.md b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/README.md new file mode 100644 index 000000000000..fbb30e9de4c2 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/README.md @@ -0,0 +1,178 @@ +# ed25519-dalek [![](https://img.shields.io/crates/v/ed25519-dalek.svg)](https://crates.io/crates/ed25519-dalek) [![](https://docs.rs/ed25519-dalek/badge.svg)](https://docs.rs/ed25519-dalek) [![CI](https://github.com/dalek-cryptography/curve25519-dalek/actions/workflows/ed25519-dalek.yml/badge.svg?branch=main)](https://github.com/dalek-cryptography/curve25519-dalek/actions/workflows/ed25519-dalek.yml) + +Fast and efficient Rust implementation of ed25519 key generation, signing, and +verification. + +# Use + +To import `ed25519-dalek`, add the following to the dependencies section of +your project's `Cargo.toml`: +```toml +ed25519-dalek = "2" +``` + +# Feature Flags + +This crate is `#[no_std]` compatible with `default-features = false`. + +| Feature | Default? | Description | +| :--- | :--- | :--- | +| `alloc` | ✓ | When `pkcs8` is enabled, implements `EncodePrivateKey`/`EncodePublicKey` for `SigningKey`/`VerifyingKey`, respectively. | +| `std` | ✓ | Implements `std::error::Error` for `SignatureError`. Also enables `alloc`. | +| `zeroize` | ✓ | Implements `Zeroize` and `ZeroizeOnDrop` for `SigningKey` | +| `rand_core` | | Enables `SigningKey::generate` | +| `batch` | | Enables `verify_batch` for verifying many signatures quickly. Also enables `rand_core`. | +| `digest` | | Enables `Context`, `SigningKey::{with_context, sign_prehashed}` and `VerifyingKey::{with_context, verify_prehashed, verify_prehashed_strict}` for Ed25519ph prehashed signatures | +| `asm` | | Enables assembly optimizations in the SHA-512 compression functions | +| `pkcs8` | | Enables [PKCS#8](https://en.wikipedia.org/wiki/PKCS_8) serialization/deserialization for `SigningKey` and `VerifyingKey` | +| `pem` | | Enables PEM serialization support for PKCS#8 private keys and SPKI public keys. Also enables `alloc`. | +| `legacy_compatibility` | | **Unsafe:** Disables certain signature checks. See [below](#malleability-and-the-legacy_compatibility-feature) | +| `hazmat` | | **Unsafe:** Exposes the `hazmat` module for raw signing/verifying. Misuse of these functions will expose the private key, as in the [signing oracle attack](https://github.com/MystenLabs/ed25519-unsafe-libs). | + +# Major Changes + +See [CHANGELOG.md](CHANGELOG.md) for a list of changes made in past version of this crate. + +## Breaking Changes in 2.0.0 + +* Bump MSRV from 1.41 to 1.60.0 +* Bump Rust edition +* Bump `signature` dependency to 2.0 +* Make `digest` an optional dependency +* Make `zeroize` an optional dependency +* Make `rand_core` an optional dependency +* Adopt [curve25519-backend selection](https://github.com/dalek-cryptography/curve25519-dalek/#backends) over features +* Make all batch verification deterministic remove `batch_deterministic` ([#256](https://github.com/dalek-cryptography/ed25519-dalek/pull/256)) +* Remove `ExpandedSecretKey` API ([#205](https://github.com/dalek-cryptography/ed25519-dalek/pull/205)) +* Rename `Keypair` → `SigningKey` and `PublicKey` → `VerifyingKey` +* Make `hazmat` feature to expose, `ExpandedSecretKey`, `raw_sign()`, `raw_sign_prehashed()`, `raw_verify()`, and `raw_verify_prehashed()` + +# Documentation + +Documentation is available [here](https://docs.rs/ed25519-dalek). + +# Compatibility Policies + +All on-by-default features of this library are covered by [semantic versioning](https://semver.org/spec/v2.0.0.html) (SemVer). +SemVer exemptions are outlined below for MSRV and public API. + +## Minimum Supported Rust Version + +| Releases | MSRV | +| :--- | :--- | +| 2.x | 1.60 | +| 1.x | 1.41 | + +From 2.x and on, MSRV changes will be accompanied by a minor version bump. + +## Public API SemVer Exemptions + +Breaking changes to SemVer-exempted components affecting the public API will be accompanied by some version bump. + +Below are the specific policies: + +| Releases | Public API Component(s) | Policy | +| :--- | :--- | :--- | +| 2.x | Dependencies `digest`, `pkcs8` and `rand_core` | Minor SemVer bump | + +# Safety + +`ed25519-dalek` is designed to prevent misuse. Signing is constant-time, all signing keys are zeroed when they go out of scope (unless `zeroize` is disabled), detached public keys [cannot](https://github.com/MystenLabs/ed25519-unsafe-libs/blob/main/README.md) be used for signing, and extra functions like [`VerifyingKey::verify_strict`](#weak-key-forgery-and-verify_strict) are made available to avoid known gotchas. + +Further, this crate has no—and in fact forbids—unsafe code. You can opt in to using some highly optimized unsafe code that resides in `curve25519-dalek`, though. See [below](#microarchitecture-specific-backends) for more information on backend selection. + +# Performance + +Performance is a secondary goal behind correctness, safety, and clarity, but we +aim to be competitive with other implementations. + +## Benchmarks + +Benchmarks are run using [criterion.rs](https://github.com/japaric/criterion.rs): + +```sh +cargo bench --features "batch" +# Uses avx2 or ifma only if compiled for an appropriate target. +export RUSTFLAGS='-C target_cpu=native' +cargo +nightly bench --features "batch" +``` + +On an Intel 10700K running at stock comparing between the `curve25519-dalek` backends. + +| Benchmark | u64 | simd +avx2 | fiat | +| :--- | :---- | :--- | :--- | +| signing | 15.017 µs | 13.906 µs -7.3967% | 15.877 μs +5.7268% | +| signature verification | 40.144 µs | 25.963 µs -35.603% | 42.118 μs +4.9173% | +| strict signature verification | 41.334 µs | 27.874 µs -32.660% | 43.985 μs +6.4136% | +| batch signature verification/4 | 109.44 µs | 81.778 µs -25.079% | 117.80 μs +7.6389% | +| batch signature verification/8 | 182.75 µs | 138.40 µs -23.871% | 195.86 μs +7.1737% | +| batch signature verification/16 | 328.67 µs | 251.39 µs -23.744% | 351.55 μs +6.9614% | +| batch signature verification/32 | 619.49 µs | 477.36 µs -23.053% | 669.41 μs +8.0582% | +| batch signature verification/64 | 1.2136 ms | 936.85 µs -22.543% | 1.3028 ms +7.3500% | +| batch signature verification/96 | 1.8677 ms | 1.2357 ms -33.936% | 2.0552 ms +10.039% | +| batch signature verification/128| 2.3281 ms | 1.5795 ms -31.996% | 2.5596 ms +9.9437% | +| batch signature verification/256| 4.1868 ms | 2.8864 ms -31.061% | 4.6494 μs +11.049% | +| keypair generation | 13.973 µs | 13.108 µs -6.5062% | 15.099 μs +8.0584% | + +## Batch Performance + +If your protocol or application is able to batch signatures for verification, +the [`verify_batch`][func_verify_batch] function has greatly improved performance. + +As you can see, there's an optimal batch size for each machine, so you'll likely +want to test the benchmarks on your target CPU to discover the best size. + +## (Micro)Architecture Specific Backends + +A _backend_ refers to an implementation of elliptic curve and scalar arithmetic. Different backends have different use cases. For example, if you demand formally verified code, you want to use the `fiat` backend (as it was generated from [Fiat Crypto][fiat]). + +Backend selection details and instructions can be found in the [curve25519-dalek docs](https://github.com/dalek-cryptography/curve25519-dalek#backends). + +# Contributing + +See [CONTRIBUTING.md](../CONTRIBUTING.md) + +# Batch Signature Verification + +The standard variants of batch signature verification (i.e. many signatures made with potentially many different public keys over potentially many different messages) is available via the `batch` feature. It uses deterministic randomness, i.e., it hashes the inputs (using [`merlin`](https://merlin.cool/), which handles transcript item separation) and uses the result to generate random coefficients. Batch verification requires allocation, so this won't function in heapless settings. + +# Validation Criteria + +The _validation criteria_ of a signature scheme are the criteria that signatures and public keys must satisfy in order to be accepted. Unfortunately, Ed25519 has some underspecified parts, leading to different validation criteria across implementations. For a very good overview of this, see [Henry's post][validation]. + +In this section, we mention some specific details about our validation criteria, and how to navigate them. + +## Malleability and the `legacy_compatibility` Feature + +A signature scheme is considered to produce _malleable signatures_ if a passive attacker with knowledge of a public key _A_, message _m_, and valid signature _σ'_ can produce a distinct _σ'_ such that _σ'_ is a valid signature of _m_ with respect to _A_. A scheme is only malleable if the attacker can do this _without_ knowledge of the private key corresponding to _A_. + +`ed25519-dalek` is not a malleable signature scheme. + +Some other Ed25519 implementations are malleable, though, such as [libsodium with `ED25519_COMPAT` enabled](https://github.com/jedisct1/libsodium/blob/24211d370a9335373f0715664271dfe203c7c2cd/src/libsodium/crypto_sign/ed25519/ref10/open.c#L30), [ed25519-donna](https://github.com/floodyberry/ed25519-donna/blob/8757bd4cd209cb032853ece0ce413f122eef212c/ed25519.c#L100), [NaCl's ref10 impl](https://github.com/floodyberry/ed25519-donna/blob/8757bd4cd209cb032853ece0ce413f122eef212c/fuzz/ed25519-ref10.c#L4627), and probably a lot more. +If you need to interoperate with such implementations and accept otherwise invalid signatures, you can enable the `legacy_compatibility` flag. **Do not enable `legacy_compatibility`** if you don't have to, because it will make your signatures malleable. + +Note: [CIRCL](https://github.com/cloudflare/circl/blob/fa6e0cca79a443d7be18ed241e779adf9ed2a301/sign/ed25519/ed25519.go#L358) has no scalar range check at all. We do not have a feature flag for interoperating with the larger set of RFC-disallowed signatures that CIRCL accepts. + +## Weak key Forgery and `verify_strict()` + +A _signature forgery_ is what it sounds like: it's when an attacker, given a public key _A_, creates a signature _σ_ and message _m_ such that _σ_ is a valid signature of _m_ with respect to _A_. Since this is the core security definition of any signature scheme, Ed25519 signatures cannot be forged. + +However, there's a much looser kind of forgery that Ed25519 permits, which we call _weak key forgery_. An attacker can produce a special public key _A_ (which we call a _weak_ public key) and a signature _σ_ such that _σ_ is a valid signature of _any_ message _m_, with respect to _A_, with high probability. This attack is acknowledged in the [Ed25519 paper](https://ed25519.cr.yp.to/ed25519-20110926.pdf), and caused an exploitable bug in the Scuttlebutt protocol ([paper](https://eprint.iacr.org/2019/526.pdf), section 7.1). The [`VerifyingKey::verify()`][method_verify] function permits weak keys. + +We provide [`VerifyingKey::verify_strict`][method_verify_strict] (and [`verify_strict_prehashed`][method_verify_strict_ph]) to help users avoid these scenarios. These functions perform an extra check on _A_, ensuring it's not a weak public key. In addition, we provide the [`VerifyingKey::is_weak`][method_is_weak] to allow users to perform this check before attempting signature verification. + +## Batch verification + +As mentioned above, weak public keys can be used to produce signatures for unknown messages with high probability. This means that sometimes a weak forgery attempt will fail. In fact, it can fail up to 7/8 of the time. If you call `verify()` twice on the same failed forgery, it will return an error both times, as expected. However, if you call `verify_batch()` twice on two distinct otherwise-valid batches, both of which contain the failed forgery, there's a 21% chance that one fails and the other succeeds. + +Why is this? It's because `verify_batch()` does not do the weak key testing of `verify_strict()`, and it multiplies each verification equation by some random coefficient. If the failed forgery gets multiplied by 8, then the weak key (which is a low-order point) becomes 0, and the verification equation on the attempted forgery will succeed. + +Since `verify_batch()` is intended to be high-throughput, we think it's best not to put weak key checks in it. If you want to prevent weird behavior due to weak public keys in your batches, you should call [`VerifyingKey::is_weak`][method_is_weak] on the inputs in advance. + +[fiat]: https://github.com/mit-plv/fiat-crypto +[validation]: https://hdevalence.ca/blog/2020-10-04-its-25519am +[func_verify_batch]: https://docs.rs/ed25519-dalek/latest/ed25519_dalek/fn.verify_batch.html +[method_verify]: https://docs.rs/ed25519-dalek/latest/ed25519_dalek/struct.VerifyingKey.html#method.verify +[method_verify_strict]: https://docs.rs/ed25519-dalek/latest/ed25519_dalek/struct.VerifyingKey.html#method.verify_strict +[method_verify_strict_ph]: https://docs.rs/ed25519-dalek/latest/ed25519_dalek/struct.VerifyingKey.html#method.verify_strict_prehashed +[method_is_weak]: https://docs.rs/ed25519-dalek/latest/ed25519_dalek/struct.VerifyingKey.html#method.is_weak diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/benches/ed25519_benchmarks.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/benches/ed25519_benchmarks.rs similarity index 50% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/benches/ed25519_benchmarks.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/benches/ed25519_benchmarks.rs index 45dce3570976..efa419ceba81 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/benches/ed25519_benchmarks.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/benches/ed25519_benchmarks.rs @@ -7,100 +7,89 @@ // Authors: // - isis agora lovecruft -#[macro_use] -extern crate criterion; -extern crate ed25519_dalek; -extern crate rand; - -use criterion::Criterion; +use criterion::{criterion_group, Criterion}; mod ed25519_benches { use super::*; - use ed25519_dalek::ExpandedSecretKey; - use ed25519_dalek::Keypair; - use ed25519_dalek::PublicKey; use ed25519_dalek::Signature; use ed25519_dalek::Signer; - use ed25519_dalek::verify_batch; - use rand::thread_rng; + use ed25519_dalek::SigningKey; use rand::prelude::ThreadRng; + use rand::thread_rng; fn sign(c: &mut Criterion) { let mut csprng: ThreadRng = thread_rng(); - let keypair: Keypair = Keypair::generate(&mut csprng); + let keypair: SigningKey = SigningKey::generate(&mut csprng); let msg: &[u8] = b""; - c.bench_function("Ed25519 signing", move |b| { - b.iter(| | keypair.sign(msg)) - }); - } - - fn sign_expanded_key(c: &mut Criterion) { - let mut csprng: ThreadRng = thread_rng(); - let keypair: Keypair = Keypair::generate(&mut csprng); - let expanded: ExpandedSecretKey = (&keypair.secret).into(); - let msg: &[u8] = b""; - - c.bench_function("Ed25519 signing with an expanded secret key", move |b| { - b.iter(| | expanded.sign(msg, &keypair.public)) - }); + c.bench_function("Ed25519 signing", move |b| b.iter(|| keypair.sign(msg))); } fn verify(c: &mut Criterion) { let mut csprng: ThreadRng = thread_rng(); - let keypair: Keypair = Keypair::generate(&mut csprng); + let keypair: SigningKey = SigningKey::generate(&mut csprng); let msg: &[u8] = b""; let sig: Signature = keypair.sign(msg); - + c.bench_function("Ed25519 signature verification", move |b| { - b.iter(| | keypair.verify(msg, &sig)) + b.iter(|| keypair.verify(msg, &sig)) }); } fn verify_strict(c: &mut Criterion) { let mut csprng: ThreadRng = thread_rng(); - let keypair: Keypair = Keypair::generate(&mut csprng); + let keypair: SigningKey = SigningKey::generate(&mut csprng); let msg: &[u8] = b""; let sig: Signature = keypair.sign(msg); c.bench_function("Ed25519 strict signature verification", move |b| { - b.iter(| | keypair.verify_strict(msg, &sig)) + b.iter(|| keypair.verify_strict(msg, &sig)) }); } + #[cfg(feature = "batch")] fn verify_batch_signatures(c: &mut Criterion) { + use ed25519_dalek::verify_batch; + static BATCH_SIZES: [usize; 8] = [4, 8, 16, 32, 64, 96, 128, 256]; - c.bench_function_over_inputs( - "Ed25519 batch signature verification", - |b, &&size| { + // Benchmark batch verification for all the above batch sizes + let mut group = c.benchmark_group("Ed25519 batch signature verification"); + for size in BATCH_SIZES { + let name = format!("size={size}"); + group.bench_function(name, |b| { let mut csprng: ThreadRng = thread_rng(); - let keypairs: Vec = (0..size).map(|_| Keypair::generate(&mut csprng)).collect(); + let keypairs: Vec = (0..size) + .map(|_| SigningKey::generate(&mut csprng)) + .collect(); let msg: &[u8] = b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; let messages: Vec<&[u8]> = (0..size).map(|_| msg).collect(); - let signatures: Vec = keypairs.iter().map(|key| key.sign(&msg)).collect(); - let public_keys: Vec = keypairs.iter().map(|key| key.public).collect(); + let signatures: Vec = keypairs.iter().map(|key| key.sign(msg)).collect(); + let verifying_keys: Vec<_> = + keypairs.iter().map(|key| key.verifying_key()).collect(); - b.iter(|| verify_batch(&messages[..], &signatures[..], &public_keys[..])); - }, - &BATCH_SIZES, - ); + b.iter(|| verify_batch(&messages[..], &signatures[..], &verifying_keys[..])); + }); + } } + // If the above function isn't defined, make a placeholder function + #[cfg(not(feature = "batch"))] + fn verify_batch_signatures(_: &mut Criterion) {} + fn key_generation(c: &mut Criterion) { let mut csprng: ThreadRng = thread_rng(); c.bench_function("Ed25519 keypair generation", move |b| { - b.iter(| | Keypair::generate(&mut csprng)) + b.iter(|| SigningKey::generate(&mut csprng)) }); } - criterion_group!{ + criterion_group! { name = ed25519_benches; config = Criterion::default(); targets = sign, - sign_expanded_key, verify, verify_strict, verify_batch_signatures, @@ -108,6 +97,4 @@ mod ed25519_benches { } } -criterion_main!( - ed25519_benches::ed25519_benches, -); +criterion::criterion_main!(ed25519_benches::ed25519_benches); diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/docs/assets/ed25519-malleability.png b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/docs/assets/ed25519-malleability.png new file mode 100644 index 000000000000..fe5896e99e3f Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/docs/assets/ed25519-malleability.png differ diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/docs/assets/rustdoc-include-katex-header.html b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/docs/assets/rustdoc-include-katex-header.html new file mode 100644 index 000000000000..d240432aa173 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/docs/assets/rustdoc-include-katex-header.html @@ -0,0 +1,12 @@ + + + + + + + + + diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/batch.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/batch.rs new file mode 100644 index 000000000000..ed2618d6cb7a --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/batch.rs @@ -0,0 +1,242 @@ +// -*- mode: rust; -*- +// +// This file is part of ed25519-dalek. +// Copyright (c) 2017-2019 isis lovecruft +// See LICENSE for licensing information. +// +// Authors: +// - isis agora lovecruft + +//! Batch signature verification. + +use alloc::vec::Vec; + +use core::convert::TryFrom; +use core::iter::once; + +use curve25519_dalek::constants; +use curve25519_dalek::edwards::EdwardsPoint; +use curve25519_dalek::scalar::Scalar; +use curve25519_dalek::traits::IsIdentity; +use curve25519_dalek::traits::VartimeMultiscalarMul; + +pub use curve25519_dalek::digest::Digest; + +use merlin::Transcript; + +use rand_core::RngCore; + +use sha2::Sha512; + +use crate::errors::InternalError; +use crate::errors::SignatureError; +use crate::signature::InternalSignature; +use crate::VerifyingKey; + +/// An implementation of `rand_core::RngCore` which does nothing. This is necessary because merlin +/// demands an `Rng` as input to `TranscriptRngBuilder::finalize()`. Using this with `finalize()` +/// yields a PRG whose input is the hashed transcript. +struct ZeroRng; + +impl rand_core::RngCore for ZeroRng { + fn next_u32(&mut self) -> u32 { + rand_core::impls::next_u32_via_fill(self) + } + + fn next_u64(&mut self) -> u64 { + rand_core::impls::next_u64_via_fill(self) + } + + /// A no-op function which leaves the destination bytes for randomness unchanged. + /// + /// In this case, the internal merlin code is initialising the destination + /// by doing `[0u8; …]`, which means that when we call + /// `merlin::TranscriptRngBuilder.finalize()`, rather than rekeying the + /// STROBE state based on external randomness, we're doing an + /// `ENC_{state}(00000000000000000000000000000000)` operation, which is + /// identical to the STROBE `MAC` operation. + fn fill_bytes(&mut self, _dest: &mut [u8]) {} + + fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand_core::Error> { + self.fill_bytes(dest); + Ok(()) + } +} + +// `TranscriptRngBuilder::finalize()` requires a `CryptoRng` +impl rand_core::CryptoRng for ZeroRng {} + +// We write our own gen() function so we don't need to pull in the rand crate +fn gen_u128(rng: &mut R) -> u128 { + let mut buf = [0u8; 16]; + rng.fill_bytes(&mut buf); + u128::from_le_bytes(buf) +} + +/// Verify a batch of `signatures` on `messages` with their respective `verifying_keys`. +/// +/// # Inputs +/// +/// * `messages` is a slice of byte slices, one per signed message. +/// * `signatures` is a slice of `Signature`s. +/// * `verifying_keys` is a slice of `VerifyingKey`s. +/// +/// # Returns +/// +/// * A `Result` whose `Ok` value is an empty tuple and whose `Err` value is a +/// `SignatureError` containing a description of the internal error which +/// occurred. +/// +/// ## On Deterministic Nonces +/// +/// The nonces for batch signature verification are derived purely from the inputs to this function +/// themselves. +/// +/// In any sigma protocol it is wise to include as much context pertaining +/// to the public state in the protocol as possible, to avoid malleability +/// attacks where an adversary alters publics in an algebraic manner that +/// manages to satisfy the equations for the protocol in question. +/// +/// For ed25519 batch verification we include the following as scalars in the protocol transcript: +/// +/// * All of the computed `H(R||A||M)`s to the protocol transcript, and +/// * All of the `s` components of each signature. +/// +/// The former, while not quite as elegant as adding the `R`s, `A`s, and +/// `M`s separately, saves us a bit of context hashing since the +/// `H(R||A||M)`s need to be computed for the verification equation anyway. +/// +/// The latter prevents a malleability attack wherein an adversary, without access +/// to the signing key(s), can take any valid signature, `(s,R)`, and swap +/// `s` with `s' = -z1`. This doesn't constitute a signature forgery, merely +/// a vulnerability, as the resulting signature will not pass single +/// signature verification. (Thanks to Github users @real_or_random and +/// @jonasnick for pointing out this malleability issue.) +/// +/// # Examples +/// +/// ``` +/// use ed25519_dalek::{ +/// verify_batch, SigningKey, VerifyingKey, Signer, Signature, +/// }; +/// use rand::rngs::OsRng; +/// +/// # fn main() { +/// let mut csprng = OsRng; +/// let signing_keys: Vec<_> = (0..64).map(|_| SigningKey::generate(&mut csprng)).collect(); +/// let msg: &[u8] = b"They're good dogs Brant"; +/// let messages: Vec<_> = (0..64).map(|_| msg).collect(); +/// let signatures: Vec<_> = signing_keys.iter().map(|key| key.sign(&msg)).collect(); +/// let verifying_keys: Vec<_> = signing_keys.iter().map(|key| key.verifying_key()).collect(); +/// +/// let result = verify_batch(&messages, &signatures, &verifying_keys); +/// assert!(result.is_ok()); +/// # } +/// ``` +#[allow(non_snake_case)] +pub fn verify_batch( + messages: &[&[u8]], + signatures: &[ed25519::Signature], + verifying_keys: &[VerifyingKey], +) -> Result<(), SignatureError> { + // Return an Error if any of the vectors were not the same size as the others. + if signatures.len() != messages.len() + || signatures.len() != verifying_keys.len() + || verifying_keys.len() != messages.len() + { + return Err(InternalError::ArrayLength { + name_a: "signatures", + length_a: signatures.len(), + name_b: "messages", + length_b: messages.len(), + name_c: "verifying_keys", + length_c: verifying_keys.len(), + } + .into()); + } + + // Make a transcript which logs all inputs to this function + let mut transcript: Transcript = Transcript::new(b"ed25519 batch verification"); + + // We make one optimization in the transcript: since we will end up computing H(R || A || M) + // for each (R, A, M) triplet, we will feed _that_ into our transcript rather than each R, A, M + // individually. Since R and A are fixed-length, this modification is secure so long as SHA-512 + // is collision-resistant. + // It suffices to take `verifying_keys[i].as_bytes()` even though a `VerifyingKey` has two + // fields, and `as_bytes()` only returns the bytes of the first. This is because of an + // invariant guaranteed by `VerifyingKey`: the second field is always the (unique) + // decompression of the first. Thus, the serialized first field is a unique representation of + // the entire `VerifyingKey`. + let hrams: Vec<[u8; 64]> = (0..signatures.len()) + .map(|i| { + // Compute H(R || A || M), where + // R = sig.R + // A = verifying key + // M = msg + let mut h: Sha512 = Sha512::default(); + h.update(signatures[i].r_bytes()); + h.update(verifying_keys[i].as_bytes()); + h.update(messages[i]); + *h.finalize().as_ref() + }) + .collect(); + + // Update transcript with the hashes above. This covers verifying_keys, messages, and the R + // half of signatures + for hram in hrams.iter() { + transcript.append_message(b"hram", hram); + } + // Update transcript with the rest of the data. This covers the s half of the signatures + for sig in signatures { + transcript.append_message(b"sig.s", sig.s_bytes()); + } + + // All function inputs have now been hashed into the transcript. Finalize it and use it as + // randomness for the batch verification. + let mut rng = transcript.build_rng().finalize(&mut ZeroRng); + + // Convert all signatures to `InternalSignature` + let signatures = signatures + .iter() + .map(InternalSignature::try_from) + .collect::, _>>()?; + // Convert the H(R || A || M) values into scalars + let hrams: Vec = hrams + .iter() + .map(Scalar::from_bytes_mod_order_wide) + .collect(); + + // Select a random 128-bit scalar for each signature. + let zs: Vec = signatures + .iter() + .map(|_| Scalar::from(gen_u128(&mut rng))) + .collect(); + + // Compute the basepoint coefficient, ∑ s[i]z[i] (mod l) + let B_coefficient: Scalar = signatures + .iter() + .map(|sig| sig.s) + .zip(zs.iter()) + .map(|(s, z)| z * s) + .sum(); + + // Multiply each H(R || A || M) by the random value + let zhrams = hrams.iter().zip(zs.iter()).map(|(hram, z)| hram * z); + + let Rs = signatures.iter().map(|sig| sig.R.decompress()); + let As = verifying_keys.iter().map(|pk| Some(pk.point)); + let B = once(Some(constants::ED25519_BASEPOINT_POINT)); + + // Compute (-∑ z[i]s[i] (mod l)) B + ∑ z[i]R[i] + ∑ (z[i]H(R||A||M)[i] (mod l)) A[i] = 0 + let id = EdwardsPoint::optional_multiscalar_mul( + once(-B_coefficient).chain(zs.iter().cloned()).chain(zhrams), + B.chain(Rs).chain(As), + ) + .ok_or(InternalError::Verify)?; + + if id.is_identity() { + Ok(()) + } else { + Err(InternalError::Verify.into()) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/constants.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/constants.rs similarity index 89% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/constants.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/constants.rs index f8ccb840b4ec..4dc48a04bfc3 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/constants.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/constants.rs @@ -28,4 +28,5 @@ const EXPANDED_SECRET_KEY_KEY_LENGTH: usize = 32; const EXPANDED_SECRET_KEY_NONCE_LENGTH: usize = 32; /// The length of an "expanded" ed25519 key, `ExpandedSecretKey`, in bytes. -pub const EXPANDED_SECRET_KEY_LENGTH: usize = EXPANDED_SECRET_KEY_KEY_LENGTH + EXPANDED_SECRET_KEY_NONCE_LENGTH; +pub const EXPANDED_SECRET_KEY_LENGTH: usize = + EXPANDED_SECRET_KEY_KEY_LENGTH + EXPANDED_SECRET_KEY_NONCE_LENGTH; diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/context.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/context.rs new file mode 100644 index 000000000000..2a27edd9d69e --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/context.rs @@ -0,0 +1,112 @@ +use crate::{InternalError, SignatureError}; + +/// Ed25519 contexts as used by Ed25519ph. +/// +/// Contexts are domain separator strings that can be used to isolate uses of +/// the algorithm between different protocols (which is very hard to reliably do +/// otherwise) and between different uses within the same protocol. +/// +/// To create a context, call either of the following: +/// +/// - [`SigningKey::with_context`](crate::SigningKey::with_context) +/// - [`VerifyingKey::with_context`](crate::VerifyingKey::with_context) +/// +/// For more information, see [RFC8032 § 8.3](https://www.rfc-editor.org/rfc/rfc8032#section-8.3). +/// +/// # Example +/// +#[cfg_attr(all(feature = "digest", feature = "rand_core"), doc = "```")] +#[cfg_attr( + any(not(feature = "digest"), not(feature = "rand_core")), + doc = "```ignore" +)] +/// # fn main() { +/// use ed25519_dalek::{Signature, SigningKey, VerifyingKey, Sha512}; +/// # use curve25519_dalek::digest::Digest; +/// # use rand::rngs::OsRng; +/// use ed25519_dalek::{DigestSigner, DigestVerifier}; +/// +/// # let mut csprng = OsRng; +/// # let signing_key = SigningKey::generate(&mut csprng); +/// # let verifying_key = signing_key.verifying_key(); +/// let context_str = b"Local Channel 3"; +/// let prehashed_message = Sha512::default().chain_update(b"Stay tuned for more news at 7"); +/// +/// // Signer +/// let signing_context = signing_key.with_context(context_str).unwrap(); +/// let signature = signing_context.sign_digest(prehashed_message.clone()); +/// +/// // Verifier +/// let verifying_context = verifying_key.with_context(context_str).unwrap(); +/// let verified: bool = verifying_context +/// .verify_digest(prehashed_message, &signature) +/// .is_ok(); +/// +/// # assert!(verified); +/// # } +/// ``` +#[derive(Clone, Debug)] +pub struct Context<'k, 'v, K> { + /// Key this context is being used with. + key: &'k K, + + /// Context value: a bytestring no longer than 255 octets. + value: &'v [u8], +} + +impl<'k, 'v, K> Context<'k, 'v, K> { + /// Maximum length of the context value in octets. + pub const MAX_LENGTH: usize = 255; + + /// Create a new Ed25519ph context. + pub(crate) fn new(key: &'k K, value: &'v [u8]) -> Result { + if value.len() <= Self::MAX_LENGTH { + Ok(Self { key, value }) + } else { + Err(SignatureError::from(InternalError::PrehashedContextLength)) + } + } + + /// Borrow the key. + pub fn key(&self) -> &'k K { + self.key + } + + /// Borrow the context string value. + pub fn value(&self) -> &'v [u8] { + self.value + } +} + +#[cfg(all(test, feature = "digest"))] +mod test { + #![allow(clippy::unwrap_used)] + + use crate::{Signature, SigningKey, VerifyingKey}; + use curve25519_dalek::digest::Digest; + use ed25519::signature::{DigestSigner, DigestVerifier}; + use rand::rngs::OsRng; + use sha2::Sha512; + + #[test] + fn context_correctness() { + let mut csprng = OsRng; + let signing_key: SigningKey = SigningKey::generate(&mut csprng); + let verifying_key: VerifyingKey = signing_key.verifying_key(); + + let context_str = b"Local Channel 3"; + let prehashed_message = Sha512::default().chain_update(b"Stay tuned for more news at 7"); + + // Signer + let signing_context = signing_key.with_context(context_str).unwrap(); + let signature: Signature = signing_context.sign_digest(prehashed_message.clone()); + + // Verifier + let verifying_context = verifying_key.with_context(context_str).unwrap(); + let verified: bool = verifying_context + .verify_digest(prehashed_message, &signature) + .is_ok(); + + assert!(verified); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/errors.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/errors.rs similarity index 60% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/errors.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/errors.rs index b66fae0fc10d..7cba06db5c9b 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/errors.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/errors.rs @@ -23,52 +23,72 @@ use std::error::Error; /// need to pay any attention to these. #[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)] pub(crate) enum InternalError { - PointDecompressionError, - ScalarFormatError, + PointDecompression, + ScalarFormat, /// An error in the length of bytes handed to a constructor. /// /// To use this, pass a string specifying the `name` of the type which is /// returning the error, and the `length` in bytes which its constructor /// expects. - BytesLengthError { + BytesLength { name: &'static str, length: usize, }, /// The verification equation wasn't satisfied - VerifyError, + Verify, /// Two arrays did not match in size, making the called signature /// verification method impossible. - ArrayLengthError{ name_a: &'static str, length_a: usize, - name_b: &'static str, length_b: usize, - name_c: &'static str, length_c: usize, }, + #[cfg(feature = "batch")] + ArrayLength { + name_a: &'static str, + length_a: usize, + name_b: &'static str, + length_b: usize, + name_c: &'static str, + length_c: usize, + }, /// An ed25519ph signature can only take up to 255 octets of context. - PrehashedContextLengthError, + #[cfg(feature = "digest")] + PrehashedContextLength, + /// A mismatched (public, secret) key pair. + MismatchedKeypair, } impl Display for InternalError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match *self { - InternalError::PointDecompressionError - => write!(f, "Cannot decompress Edwards point"), - InternalError::ScalarFormatError - => write!(f, "Cannot use scalar with high-bit set"), - InternalError::BytesLengthError{ name: n, length: l} - => write!(f, "{} must be {} bytes in length", n, l), - InternalError::VerifyError - => write!(f, "Verification equation was not satisfied"), - InternalError::ArrayLengthError{ name_a: na, length_a: la, - name_b: nb, length_b: lb, - name_c: nc, length_c: lc, } - => write!(f, "Arrays must be the same length: {} has length {}, - {} has length {}, {} has length {}.", na, la, nb, lb, nc, lc), - InternalError::PrehashedContextLengthError - => write!(f, "An ed25519ph signature can only take up to 255 octets of context"), + InternalError::PointDecompression => write!(f, "Cannot decompress Edwards point"), + InternalError::ScalarFormat => write!(f, "Cannot use scalar with high-bit set"), + InternalError::BytesLength { name: n, length: l } => { + write!(f, "{} must be {} bytes in length", n, l) + } + InternalError::Verify => write!(f, "Verification equation was not satisfied"), + #[cfg(feature = "batch")] + InternalError::ArrayLength { + name_a: na, + length_a: la, + name_b: nb, + length_b: lb, + name_c: nc, + length_c: lc, + } => write!( + f, + "Arrays must be the same length: {} has length {}, + {} has length {}, {} has length {}.", + na, la, nb, lb, nc, lc + ), + #[cfg(feature = "digest")] + InternalError::PrehashedContextLength => write!( + f, + "An ed25519ph signature can only take up to 255 octets of context" + ), + InternalError::MismatchedKeypair => write!(f, "Mismatched Keypair detected"), } } } #[cfg(feature = "std")] -impl Error for InternalError { } +impl Error for InternalError {} /// Errors which may occur while processing signatures and keypairs. /// diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/hazmat.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/hazmat.rs new file mode 100644 index 000000000000..784961304251 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/hazmat.rs @@ -0,0 +1,266 @@ +//! Low-level interfaces to ed25519 functions +//! +//! # ⚠️ Warning: Hazmat +//! +//! These primitives are easy-to-misuse low-level interfaces. +//! +//! If you are an end user / non-expert in cryptography, **do not use any of these functions**. +//! Failure to use them correctly can lead to catastrophic failures including **full private key +//! recovery.** + +// Permit dead code because 1) this module is only public when the `hazmat` feature is set, and 2) +// even without `hazmat` we still need this module because this is where `ExpandedSecretKey` is +// defined. +#![allow(dead_code)] + +use crate::{InternalError, SignatureError}; + +use curve25519_dalek::scalar::{clamp_integer, Scalar}; + +#[cfg(feature = "zeroize")] +use zeroize::{Zeroize, ZeroizeOnDrop}; + +// These are used in the functions that are made public when the hazmat feature is set +use crate::{Signature, VerifyingKey}; +use curve25519_dalek::digest::{generic_array::typenum::U64, Digest}; + +/// Contains the secret scalar and domain separator used for generating signatures. +/// +/// This is used internally for signing. +/// +/// In the usual Ed25519 signing algorithm, `scalar` and `hash_prefix` are defined such that +/// `scalar || hash_prefix = H(sk)` where `sk` is the signing key and `H` is SHA-512. +/// **WARNING:** Deriving the values for these fields in any other way can lead to full key +/// recovery, as documented in [`raw_sign`] and [`raw_sign_prehashed`]. +/// +/// Instances of this secret are automatically overwritten with zeroes when they fall out of scope. +pub struct ExpandedSecretKey { + /// The secret scalar used for signing + pub scalar: Scalar, + /// The domain separator used when hashing the message to generate the pseudorandom `r` value + pub hash_prefix: [u8; 32], +} + +#[cfg(feature = "zeroize")] +impl Drop for ExpandedSecretKey { + fn drop(&mut self) { + self.scalar.zeroize(); + self.hash_prefix.zeroize() + } +} + +#[cfg(feature = "zeroize")] +impl ZeroizeOnDrop for ExpandedSecretKey {} + +// Some conversion methods for `ExpandedSecretKey`. The signing methods are defined in +// `signing.rs`, since we need them even when `not(feature = "hazmat")` +impl ExpandedSecretKey { + /// Construct an `ExpandedSecretKey` from an array of 64 bytes. In the spec, the bytes are the + /// output of a SHA-512 hash. This clamps the first 32 bytes and uses it as a scalar, and uses + /// the second 32 bytes as a domain separator for hashing. + pub fn from_bytes(bytes: &[u8; 64]) -> Self { + // TODO: Use bytes.split_array_ref once it’s in MSRV. + let mut scalar_bytes: [u8; 32] = [0u8; 32]; + let mut hash_prefix: [u8; 32] = [0u8; 32]; + scalar_bytes.copy_from_slice(&bytes[00..32]); + hash_prefix.copy_from_slice(&bytes[32..64]); + + // For signing, we'll need the integer, clamped, and converted to a Scalar. See + // PureEdDSA.keygen in RFC 8032 Appendix A. + let scalar = Scalar::from_bytes_mod_order(clamp_integer(scalar_bytes)); + + ExpandedSecretKey { + scalar, + hash_prefix, + } + } + + /// Construct an `ExpandedSecretKey` from a slice of 64 bytes. + /// + /// # Returns + /// + /// A `Result` whose okay value is an EdDSA `ExpandedSecretKey` or whose error value is an + /// `SignatureError` describing the error that occurred, namely that the given slice's length + /// is not 64. + pub fn from_slice(bytes: &[u8]) -> Result { + // Try to coerce bytes to a [u8; 64] + bytes.try_into().map(Self::from_bytes).map_err(|_| { + InternalError::BytesLength { + name: "ExpandedSecretKey", + length: 64, + } + .into() + }) + } +} + +impl TryFrom<&[u8]> for ExpandedSecretKey { + type Error = SignatureError; + + fn try_from(bytes: &[u8]) -> Result { + Self::from_slice(bytes) + } +} + +/// Compute an ordinary Ed25519 signature over the given message. `CtxDigest` is the digest used to +/// calculate the pseudorandomness needed for signing. According to the Ed25519 spec, `CtxDigest = +/// Sha512`. +/// +/// # ⚠️ Unsafe +/// +/// Do NOT use this function unless you absolutely must. Using the wrong values in +/// `ExpandedSecretKey` can leak your signing key. See +/// [here](https://github.com/MystenLabs/ed25519-unsafe-libs) for more details on this attack. +pub fn raw_sign( + esk: &ExpandedSecretKey, + message: &[u8], + verifying_key: &VerifyingKey, +) -> Signature +where + CtxDigest: Digest, +{ + esk.raw_sign::(message, verifying_key) +} + +/// Compute a signature over the given prehashed message, the Ed25519ph algorithm defined in +/// [RFC8032 §5.1][rfc8032]. `MsgDigest` is the digest function used to hash the signed message. +/// `CtxDigest` is the digest function used to calculate the pseudorandomness needed for signing. +/// According to the Ed25519 spec, `MsgDigest = CtxDigest = Sha512`. +/// +/// # ⚠️ Unsafe +// +/// Do NOT use this function unless you absolutely must. Using the wrong values in +/// `ExpandedSecretKey` can leak your signing key. See +/// [here](https://github.com/MystenLabs/ed25519-unsafe-libs) for more details on this attack. +/// +/// # Inputs +/// +/// * `esk` is the [`ExpandedSecretKey`] being used for signing +/// * `prehashed_message` is an instantiated hash digest with 512-bits of +/// output which has had the message to be signed previously fed into its +/// state. +/// * `verifying_key` is a [`VerifyingKey`] which corresponds to this secret key. +/// * `context` is an optional context string, up to 255 bytes inclusive, +/// which may be used to provide additional domain separation. If not +/// set, this will default to an empty string. +/// +/// `scalar` and `hash_prefix` are usually selected such that `scalar || hash_prefix = H(sk)` where +/// `sk` is the signing key +/// +/// # Returns +/// +/// A `Result` whose `Ok` value is an Ed25519ph [`Signature`] on the +/// `prehashed_message` if the context was 255 bytes or less, otherwise +/// a `SignatureError`. +/// +/// [rfc8032]: https://tools.ietf.org/html/rfc8032#section-5.1 +#[cfg(feature = "digest")] +#[allow(non_snake_case)] +pub fn raw_sign_prehashed( + esk: &ExpandedSecretKey, + prehashed_message: MsgDigest, + verifying_key: &VerifyingKey, + context: Option<&[u8]>, +) -> Result +where + MsgDigest: Digest, + CtxDigest: Digest, +{ + esk.raw_sign_prehashed::(prehashed_message, verifying_key, context) +} + +/// The ordinary non-batched Ed25519 verification check, rejecting non-canonical R +/// values.`CtxDigest` is the digest used to calculate the pseudorandomness needed for signing. +/// According to the Ed25519 spec, `CtxDigest = Sha512`. +pub fn raw_verify( + vk: &VerifyingKey, + message: &[u8], + signature: &ed25519::Signature, +) -> Result<(), SignatureError> +where + CtxDigest: Digest, +{ + vk.raw_verify::(message, signature) +} + +/// The batched Ed25519 verification check, rejecting non-canonical R values. `MsgDigest` is the +/// digest used to hash the signed message. `CtxDigest` is the digest used to calculate the +/// pseudorandomness needed for signing. According to the Ed25519 spec, `MsgDigest = CtxDigest = +/// Sha512`. +#[cfg(feature = "digest")] +#[allow(non_snake_case)] +pub fn raw_verify_prehashed( + vk: &VerifyingKey, + prehashed_message: MsgDigest, + context: Option<&[u8]>, + signature: &ed25519::Signature, +) -> Result<(), SignatureError> +where + MsgDigest: Digest, + CtxDigest: Digest, +{ + vk.raw_verify_prehashed::(prehashed_message, context, signature) +} + +#[cfg(test)] +mod test { + #![allow(clippy::unwrap_used)] + + use super::*; + + use rand::{rngs::OsRng, CryptoRng, RngCore}; + + // Pick distinct, non-spec 512-bit hash functions for message and sig-context hashing + type CtxDigest = blake2::Blake2b512; + type MsgDigest = sha3::Sha3_512; + + impl ExpandedSecretKey { + // Make a random expanded secret key for testing purposes. This is NOT how you generate + // expanded secret keys IRL. They're the hash of a seed. + fn random(mut rng: R) -> Self { + let mut bytes = [0u8; 64]; + rng.fill_bytes(&mut bytes); + ExpandedSecretKey::from_bytes(&bytes) + } + } + + // Check that raw_sign and raw_verify work when a non-spec CtxDigest is used + #[test] + fn sign_verify_nonspec() { + // Generate the keypair + let rng = OsRng; + let esk = ExpandedSecretKey::random(rng); + let vk = VerifyingKey::from(&esk); + + let msg = b"Then one day, a piano fell on my head"; + + // Sign and verify + let sig = raw_sign::(&esk, msg, &vk); + raw_verify::(&vk, msg, &sig).unwrap(); + } + + // Check that raw_sign_prehashed and raw_verify_prehashed work when distinct, non-spec + // MsgDigest and CtxDigest are used + #[cfg(feature = "digest")] + #[test] + fn sign_verify_prehashed_nonspec() { + use curve25519_dalek::digest::Digest; + + // Generate the keypair + let rng = OsRng; + let esk = ExpandedSecretKey::random(rng); + let vk = VerifyingKey::from(&esk); + + // Hash the message + let msg = b"And then I got trampled by a herd of buffalo"; + let mut h = MsgDigest::new(); + h.update(msg); + + let ctx_str = &b"consequences"[..]; + + // Sign and verify prehashed + let sig = raw_sign_prehashed::(&esk, h.clone(), &vk, Some(ctx_str)) + .unwrap(); + raw_verify_prehashed::(&vk, h, Some(ctx_str), &sig).unwrap(); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/lib.rs new file mode 100644 index 000000000000..a7cfac4885ab --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/lib.rs @@ -0,0 +1,293 @@ +// -*- mode: rust; -*- +// +// This file is part of ed25519-dalek. +// Copyright (c) 2017-2019 isis lovecruft +// See LICENSE for licensing information. +// +// Authors: +// - isis agora lovecruft + +//! A Rust implementation of ed25519 key generation, signing, and verification. +//! +//! # Example +//! +//! Creating an ed25519 signature on a message is simple. +//! +//! First, we need to generate a `SigningKey`, which includes both public and +//! secret halves of an asymmetric key. To do so, we need a cryptographically +//! secure pseudorandom number generator (CSPRNG). For this example, we'll use +//! the operating system's builtin PRNG: +//! +#![cfg_attr(feature = "rand_core", doc = "```")] +#![cfg_attr(not(feature = "rand_core"), doc = "```ignore")] +//! # fn main() { +//! use rand::rngs::OsRng; +//! use ed25519_dalek::SigningKey; +//! use ed25519_dalek::Signature; +//! +//! let mut csprng = OsRng; +//! let signing_key: SigningKey = SigningKey::generate(&mut csprng); +//! # } +//! ``` +//! +//! We can now use this `signing_key` to sign a message: +//! +#![cfg_attr(feature = "rand_core", doc = "```")] +#![cfg_attr(not(feature = "rand_core"), doc = "```ignore")] +//! # fn main() { +//! # use rand::rngs::OsRng; +//! # use ed25519_dalek::SigningKey; +//! # let mut csprng = OsRng; +//! # let signing_key: SigningKey = SigningKey::generate(&mut csprng); +//! use ed25519_dalek::{Signature, Signer}; +//! let message: &[u8] = b"This is a test of the tsunami alert system."; +//! let signature: Signature = signing_key.sign(message); +//! # } +//! ``` +//! +//! As well as to verify that this is, indeed, a valid signature on +//! that `message`: +//! +#![cfg_attr(feature = "rand_core", doc = "```")] +#![cfg_attr(not(feature = "rand_core"), doc = "```ignore")] +//! # fn main() { +//! # use rand::rngs::OsRng; +//! # use ed25519_dalek::{SigningKey, Signature, Signer}; +//! # let mut csprng = OsRng; +//! # let signing_key: SigningKey = SigningKey::generate(&mut csprng); +//! # let message: &[u8] = b"This is a test of the tsunami alert system."; +//! # let signature: Signature = signing_key.sign(message); +//! use ed25519_dalek::Verifier; +//! assert!(signing_key.verify(message, &signature).is_ok()); +//! # } +//! ``` +//! +//! Anyone else, given the `public` half of the `signing_key` can also easily +//! verify this signature: +//! +#![cfg_attr(feature = "rand_core", doc = "```")] +#![cfg_attr(not(feature = "rand_core"), doc = "```ignore")] +//! # fn main() { +//! # use rand::rngs::OsRng; +//! # use ed25519_dalek::SigningKey; +//! # use ed25519_dalek::Signature; +//! # use ed25519_dalek::Signer; +//! use ed25519_dalek::{VerifyingKey, Verifier}; +//! # let mut csprng = OsRng; +//! # let signing_key: SigningKey = SigningKey::generate(&mut csprng); +//! # let message: &[u8] = b"This is a test of the tsunami alert system."; +//! # let signature: Signature = signing_key.sign(message); +//! +//! let verifying_key: VerifyingKey = signing_key.verifying_key(); +//! assert!(verifying_key.verify(message, &signature).is_ok()); +//! # } +//! ``` +//! +//! ## Serialisation +//! +//! `VerifyingKey`s, `SecretKey`s, `SigningKey`s, and `Signature`s can be serialised +//! into byte-arrays by calling `.to_bytes()`. It's perfectly acceptable and +//! safe to transfer and/or store those bytes. (Of course, never transfer your +//! secret key to anyone else, since they will only need the public key to +//! verify your signatures!) +//! +#![cfg_attr(feature = "rand_core", doc = "```")] +#![cfg_attr(not(feature = "rand_core"), doc = "```ignore")] +//! # fn main() { +//! # use rand::rngs::OsRng; +//! # use ed25519_dalek::{SigningKey, Signature, Signer, VerifyingKey}; +//! use ed25519_dalek::{PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, KEYPAIR_LENGTH, SIGNATURE_LENGTH}; +//! # let mut csprng = OsRng; +//! # let signing_key: SigningKey = SigningKey::generate(&mut csprng); +//! # let message: &[u8] = b"This is a test of the tsunami alert system."; +//! # let signature: Signature = signing_key.sign(message); +//! +//! let verifying_key_bytes: [u8; PUBLIC_KEY_LENGTH] = signing_key.verifying_key().to_bytes(); +//! let secret_key_bytes: [u8; SECRET_KEY_LENGTH] = signing_key.to_bytes(); +//! let signing_key_bytes: [u8; KEYPAIR_LENGTH] = signing_key.to_keypair_bytes(); +//! let signature_bytes: [u8; SIGNATURE_LENGTH] = signature.to_bytes(); +//! # } +//! ``` +//! +//! And similarly, decoded from bytes with `::from_bytes()`: +//! +#![cfg_attr(feature = "rand_core", doc = "```")] +#![cfg_attr(not(feature = "rand_core"), doc = "```ignore")] +//! # use core::convert::{TryFrom, TryInto}; +//! # use rand::rngs::OsRng; +//! # use ed25519_dalek::{SigningKey, Signature, Signer, VerifyingKey, SecretKey, SignatureError}; +//! # use ed25519_dalek::{PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, KEYPAIR_LENGTH, SIGNATURE_LENGTH}; +//! # fn do_test() -> Result<(SigningKey, VerifyingKey, Signature), SignatureError> { +//! # let mut csprng = OsRng; +//! # let signing_key_orig: SigningKey = SigningKey::generate(&mut csprng); +//! # let message: &[u8] = b"This is a test of the tsunami alert system."; +//! # let signature_orig: Signature = signing_key_orig.sign(message); +//! # let verifying_key_bytes: [u8; PUBLIC_KEY_LENGTH] = signing_key_orig.verifying_key().to_bytes(); +//! # let signing_key_bytes: [u8; SECRET_KEY_LENGTH] = signing_key_orig.to_bytes(); +//! # let signature_bytes: [u8; SIGNATURE_LENGTH] = signature_orig.to_bytes(); +//! # +//! let verifying_key: VerifyingKey = VerifyingKey::from_bytes(&verifying_key_bytes)?; +//! let signing_key: SigningKey = SigningKey::from_bytes(&signing_key_bytes); +//! let signature: Signature = Signature::try_from(&signature_bytes[..])?; +//! # +//! # Ok((signing_key, verifying_key, signature)) +//! # } +//! # fn main() { +//! # do_test(); +//! # } +//! ``` +//! +//! ### PKCS#8 Key Encoding +//! +//! PKCS#8 is a private key format with support for multiple algorithms. +//! It can be encoded as binary (DER) or text (PEM). +//! +//! You can recognize PEM-encoded PKCS#8 keys by the following: +//! +//! ```text +//! -----BEGIN PRIVATE KEY----- +//! ``` +//! +//! To use PKCS#8, you need to enable the `pkcs8` crate feature. +//! +//! The following traits can be used to decode/encode [`SigningKey`] and +//! [`VerifyingKey`] as PKCS#8. Note that [`pkcs8`] is re-exported from the +//! toplevel of the crate: +//! +//! - [`pkcs8::DecodePrivateKey`]: decode private keys from PKCS#8 +//! - [`pkcs8::EncodePrivateKey`]: encode private keys to PKCS#8 +//! - [`pkcs8::DecodePublicKey`]: decode public keys from PKCS#8 +//! - [`pkcs8::EncodePublicKey`]: encode public keys to PKCS#8 +//! +//! #### Example +//! +//! NOTE: this requires the `pem` crate feature. +//! +#![cfg_attr(feature = "pem", doc = "```")] +#![cfg_attr(not(feature = "pem"), doc = "```ignore")] +//! use ed25519_dalek::{VerifyingKey, pkcs8::DecodePublicKey}; +//! +//! let pem = "-----BEGIN PUBLIC KEY----- +//! MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= +//! -----END PUBLIC KEY-----"; +//! +//! let verifying_key = VerifyingKey::from_public_key_pem(pem) +//! .expect("invalid public key PEM"); +//! ``` +//! +//! ### Using Serde +//! +//! If you prefer the bytes to be wrapped in another serialisation format, all +//! types additionally come with built-in [serde](https://serde.rs) support by +//! building `ed25519-dalek` via: +//! +//! ```bash +//! $ cargo build --features="serde" +//! ``` +//! +//! They can be then serialised into any of the wire formats which serde supports. +//! For example, using [bincode](https://github.com/TyOverby/bincode): +//! +#![cfg_attr(all(feature = "rand_core", feature = "serde"), doc = "```")] +#![cfg_attr(not(all(feature = "rand_core", feature = "serde")), doc = "```ignore")] +//! # fn main() { +//! # use rand::rngs::OsRng; +//! # use ed25519_dalek::{SigningKey, Signature, Signer, Verifier, VerifyingKey}; +//! use bincode::serialize; +//! # let mut csprng = OsRng; +//! # let signing_key: SigningKey = SigningKey::generate(&mut csprng); +//! # let message: &[u8] = b"This is a test of the tsunami alert system."; +//! # let signature: Signature = signing_key.sign(message); +//! # let verifying_key: VerifyingKey = signing_key.verifying_key(); +//! # let verified: bool = verifying_key.verify(message, &signature).is_ok(); +//! +//! let encoded_verifying_key: Vec = serialize(&verifying_key).unwrap(); +//! let encoded_signature: Vec = serialize(&signature).unwrap(); +//! # } +//! ``` +//! +//! After sending the `encoded_verifying_key` and `encoded_signature`, the +//! recipient may deserialise them and verify: +//! +#![cfg_attr(all(feature = "rand_core", feature = "serde"), doc = "```")] +#![cfg_attr(not(all(feature = "rand_core", feature = "serde")), doc = "```ignore")] +//! # fn main() { +//! # use rand::rngs::OsRng; +//! # use ed25519_dalek::{SigningKey, Signature, Signer, Verifier, VerifyingKey}; +//! # use bincode::serialize; +//! use bincode::deserialize; +//! +//! # let mut csprng = OsRng; +//! # let signing_key: SigningKey = SigningKey::generate(&mut csprng); +//! let message: &[u8] = b"This is a test of the tsunami alert system."; +//! # let signature: Signature = signing_key.sign(message); +//! # let verifying_key: VerifyingKey = signing_key.verifying_key(); +//! # let verified: bool = verifying_key.verify(message, &signature).is_ok(); +//! # let encoded_verifying_key: Vec = serialize(&verifying_key).unwrap(); +//! # let encoded_signature: Vec = serialize(&signature).unwrap(); +//! let decoded_verifying_key: VerifyingKey = deserialize(&encoded_verifying_key).unwrap(); +//! let decoded_signature: Signature = deserialize(&encoded_signature).unwrap(); +//! +//! # assert_eq!(verifying_key, decoded_verifying_key); +//! # assert_eq!(signature, decoded_signature); +//! # +//! let verified: bool = decoded_verifying_key.verify(&message, &decoded_signature).is_ok(); +//! +//! assert!(verified); +//! # } +//! ``` + +#![no_std] +#![warn(future_incompatible, rust_2018_idioms)] +#![deny(missing_docs)] // refuse to compile if documentation is missing +#![deny(clippy::unwrap_used)] // don't allow unwrap +#![cfg_attr(not(test), forbid(unsafe_code))] +#![cfg_attr(docsrs, feature(doc_auto_cfg, doc_cfg, doc_cfg_hide))] +#![cfg_attr(docsrs, doc(cfg_hide(docsrs)))] + +#[cfg(feature = "batch")] +extern crate alloc; + +#[cfg(any(feature = "std", test))] +#[macro_use] +extern crate std; + +pub use ed25519; + +#[cfg(feature = "batch")] +mod batch; +mod constants; +#[cfg(feature = "digest")] +mod context; +mod errors; +mod signature; +mod signing; +mod verifying; + +#[cfg(feature = "hazmat")] +pub mod hazmat; +#[cfg(not(feature = "hazmat"))] +mod hazmat; + +#[cfg(feature = "digest")] +pub use curve25519_dalek::digest::Digest; +#[cfg(feature = "digest")] +pub use sha2::Sha512; + +#[cfg(feature = "batch")] +pub use crate::batch::*; +pub use crate::constants::*; +#[cfg(feature = "digest")] +pub use crate::context::Context; +pub use crate::errors::*; +pub use crate::signing::*; +pub use crate::verifying::*; + +// Re-export the `Signer` and `Verifier` traits from the `signature` crate +#[cfg(feature = "digest")] +pub use ed25519::signature::{DigestSigner, DigestVerifier}; +pub use ed25519::signature::{Signer, Verifier}; +pub use ed25519::Signature; + +#[cfg(feature = "pkcs8")] +pub use ed25519::pkcs8; diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/signature.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/signature.rs similarity index 70% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/signature.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/signature.rs index 880a78b4cc4c..36174c8d67d8 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/signature.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/signature.rs @@ -14,7 +14,6 @@ use core::fmt::Debug; use curve25519_dalek::edwards::CompressedEdwardsY; use curve25519_dalek::scalar::Scalar; -use ed25519::signature::Signature as _; use crate::constants::*; use crate::errors::*; @@ -64,6 +63,9 @@ impl Debug for InternalSignature { } } +/// Ensures that the scalar `s` of a signature is within the bounds [0, 2^253). +/// +/// **Unsafe**: This version of `check_scalar` permits signature malleability. See README. #[cfg(feature = "legacy_compatibility")] #[inline(always)] fn check_scalar(bytes: [u8; 32]) -> Result { @@ -74,44 +76,27 @@ fn check_scalar(bytes: [u8; 32]) -> Result { // This is compatible with ed25519-donna and libsodium when // -DED25519_COMPAT is NOT specified. if bytes[31] & 224 != 0 { - return Err(InternalError::ScalarFormatError.into()); + return Err(InternalError::ScalarFormat.into()); } + // You cannot do arithmetic with scalars construct with Scalar::from_bits. We only use this + // scalar for EdwardsPoint::vartime_double_scalar_mul_basepoint, which is an accepted usecase. + // The `from_bits` method is deprecated because it's unsafe. We know this. + #[allow(deprecated)] Ok(Scalar::from_bits(bytes)) } +/// Ensures that the scalar `s` of a signature is within the bounds [0, ℓ) #[cfg(not(feature = "legacy_compatibility"))] #[inline(always)] fn check_scalar(bytes: [u8; 32]) -> Result { - // Since this is only used in signature deserialisation (i.e. upon - // verification), we can do a "succeed fast" trick by checking that the most - // significant 4 bits are unset. If they are unset, we can succeed fast - // because we are guaranteed that the scalar is fully reduced. However, if - // the 4th most significant bit is set, we must do the full reduction check, - // as the order of the basepoint is roughly a 2^(252.5) bit number. - // - // This succeed-fast trick should succeed for roughly half of all scalars. - if bytes[31] & 240 == 0 { - return Ok(Scalar::from_bits(bytes)) + match Scalar::from_canonical_bytes(bytes).into() { + None => Err(InternalError::ScalarFormat.into()), + Some(x) => Ok(x), } - - match Scalar::from_canonical_bytes(bytes) { - None => return Err(InternalError::ScalarFormatError.into()), - Some(x) => return Ok(x), - }; } impl InternalSignature { - /// Convert this `Signature` to a byte array. - #[inline] - pub fn to_bytes(&self) -> [u8; SIGNATURE_LENGTH] { - let mut signature_bytes: [u8; SIGNATURE_LENGTH] = [0u8; SIGNATURE_LENGTH]; - - signature_bytes[..32].copy_from_slice(&self.R.as_bytes()[..]); - signature_bytes[32..].copy_from_slice(&self.s.as_bytes()[..]); - signature_bytes - } - /// Construct a `Signature` from a slice of bytes. /// /// # Scalar Malleability Checking @@ -161,31 +146,19 @@ impl InternalSignature { /// /// However, by the time this was standardised, most libraries in use were /// only checking the most significant three bits. (See also the - /// documentation for `PublicKey.verify_strict`.) + /// documentation for [`crate::VerifyingKey::verify_strict`].) #[inline] - pub fn from_bytes(bytes: &[u8]) -> Result { - if bytes.len() != SIGNATURE_LENGTH { - return Err(InternalError::BytesLengthError { - name: "Signature", - length: SIGNATURE_LENGTH, - }.into()); - } - let mut lower: [u8; 32] = [0u8; 32]; - let mut upper: [u8; 32] = [0u8; 32]; - - lower.copy_from_slice(&bytes[..32]); - upper.copy_from_slice(&bytes[32..]); - - let s: Scalar; - - match check_scalar(upper) { - Ok(x) => s = x, - Err(x) => return Err(x), - } + #[allow(non_snake_case)] + pub fn from_bytes(bytes: &[u8; SIGNATURE_LENGTH]) -> Result { + // TODO: Use bytes.split_array_ref once it’s in MSRV. + let mut R_bytes: [u8; 32] = [0u8; 32]; + let mut s_bytes: [u8; 32] = [0u8; 32]; + R_bytes.copy_from_slice(&bytes[00..32]); + s_bytes.copy_from_slice(&bytes[32..64]); Ok(InternalSignature { - R: CompressedEdwardsY(lower), - s: s, + R: CompressedEdwardsY(R_bytes), + s: check_scalar(s_bytes)?, }) } } @@ -194,12 +167,12 @@ impl TryFrom<&ed25519::Signature> for InternalSignature { type Error = SignatureError; fn try_from(sig: &ed25519::Signature) -> Result { - InternalSignature::from_bytes(sig.as_bytes()) + InternalSignature::from_bytes(&sig.to_bytes()) } } impl From for ed25519::Signature { fn from(sig: InternalSignature) -> ed25519::Signature { - ed25519::Signature::from_bytes(&sig.to_bytes()).unwrap() + ed25519::Signature::from_components(*sig.R.as_bytes(), *sig.s.as_bytes()) } } diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/signing.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/signing.rs new file mode 100644 index 000000000000..e2818fea7b92 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/signing.rs @@ -0,0 +1,908 @@ +// -*- mode: rust; -*- +// +// This file is part of ed25519-dalek. +// Copyright (c) 2017-2019 isis lovecruft +// See LICENSE for licensing information. +// +// Authors: +// - isis agora lovecruft + +//! ed25519 signing keys. + +use core::fmt::Debug; + +#[cfg(feature = "pkcs8")] +use ed25519::pkcs8; + +#[cfg(any(test, feature = "rand_core"))] +use rand_core::CryptoRngCore; + +#[cfg(feature = "serde")] +use serde::{Deserialize, Deserializer, Serialize, Serializer}; + +use sha2::Sha512; +use subtle::{Choice, ConstantTimeEq}; + +use curve25519_dalek::{ + digest::{generic_array::typenum::U64, Digest}, + edwards::{CompressedEdwardsY, EdwardsPoint}, + scalar::Scalar, +}; + +use ed25519::signature::{KeypairRef, Signer, Verifier}; + +#[cfg(feature = "digest")] +use crate::context::Context; +#[cfg(feature = "digest")] +use signature::DigestSigner; + +#[cfg(feature = "zeroize")] +use zeroize::{Zeroize, ZeroizeOnDrop}; + +use crate::{ + constants::{KEYPAIR_LENGTH, SECRET_KEY_LENGTH}, + errors::{InternalError, SignatureError}, + hazmat::ExpandedSecretKey, + signature::InternalSignature, + verifying::VerifyingKey, + Signature, +}; + +/// ed25519 secret key as defined in [RFC8032 § 5.1.5]: +/// +/// > The private key is 32 octets (256 bits, corresponding to b) of +/// > cryptographically secure random data. +/// +/// [RFC8032 § 5.1.5]: https://www.rfc-editor.org/rfc/rfc8032#section-5.1.5 +pub type SecretKey = [u8; SECRET_KEY_LENGTH]; + +/// ed25519 signing key which can be used to produce signatures. +// Invariant: `verifying_key` is always the public key of +// `secret_key`. This prevents the signing function oracle attack +// described in https://github.com/MystenLabs/ed25519-unsafe-libs +#[derive(Clone)] +pub struct SigningKey { + /// The secret half of this signing key. + pub(crate) secret_key: SecretKey, + /// The public half of this signing key. + pub(crate) verifying_key: VerifyingKey, +} + +/// # Example +/// +/// ``` +/// # extern crate ed25519_dalek; +/// # +/// use ed25519_dalek::SigningKey; +/// use ed25519_dalek::SECRET_KEY_LENGTH; +/// use ed25519_dalek::SignatureError; +/// +/// # fn doctest() -> Result { +/// let secret_key_bytes: [u8; SECRET_KEY_LENGTH] = [ +/// 157, 097, 177, 157, 239, 253, 090, 096, +/// 186, 132, 074, 244, 146, 236, 044, 196, +/// 068, 073, 197, 105, 123, 050, 105, 025, +/// 112, 059, 172, 003, 028, 174, 127, 096, ]; +/// +/// let signing_key: SigningKey = SigningKey::from_bytes(&secret_key_bytes); +/// assert_eq!(signing_key.to_bytes(), secret_key_bytes); +/// +/// # Ok(signing_key) +/// # } +/// # +/// # fn main() { +/// # let result = doctest(); +/// # assert!(result.is_ok()); +/// # } +/// ``` +impl SigningKey { + /// Construct a [`SigningKey`] from a [`SecretKey`] + /// + #[inline] + pub fn from_bytes(secret_key: &SecretKey) -> Self { + let verifying_key = VerifyingKey::from(&ExpandedSecretKey::from(secret_key)); + Self { + secret_key: *secret_key, + verifying_key, + } + } + + /// Convert this [`SigningKey`] into a [`SecretKey`] + #[inline] + pub fn to_bytes(&self) -> SecretKey { + self.secret_key + } + + /// Convert this [`SigningKey`] into a [`SecretKey`] reference + #[inline] + pub fn as_bytes(&self) -> &SecretKey { + &self.secret_key + } + + /// Construct a [`SigningKey`] from the bytes of a `VerifyingKey` and `SecretKey`. + /// + /// # Inputs + /// + /// * `bytes`: an `&[u8]` of length [`KEYPAIR_LENGTH`], representing the + /// scalar for the secret key, and a compressed Edwards-Y coordinate of a + /// point on curve25519, both as bytes. (As obtained from + /// [`SigningKey::to_bytes`].) + /// + /// # Returns + /// + /// A `Result` whose okay value is an EdDSA [`SigningKey`] or whose error value + /// is an `SignatureError` describing the error that occurred. + #[inline] + pub fn from_keypair_bytes(bytes: &[u8; 64]) -> Result { + let (secret_key, verifying_key) = bytes.split_at(SECRET_KEY_LENGTH); + let signing_key = SigningKey::try_from(secret_key)?; + let verifying_key = VerifyingKey::try_from(verifying_key)?; + + if signing_key.verifying_key() != verifying_key { + return Err(InternalError::MismatchedKeypair.into()); + } + + Ok(signing_key) + } + + /// Convert this signing key to a 64-byte keypair. + /// + /// # Returns + /// + /// An array of bytes, `[u8; KEYPAIR_LENGTH]`. The first + /// `SECRET_KEY_LENGTH` of bytes is the `SecretKey`, and the next + /// `PUBLIC_KEY_LENGTH` bytes is the `VerifyingKey` (the same as other + /// libraries, such as [Adam Langley's ed25519 Golang + /// implementation](https://github.com/agl/ed25519/)). It is guaranteed that + /// the encoded public key is the one derived from the encoded secret key. + pub fn to_keypair_bytes(&self) -> [u8; KEYPAIR_LENGTH] { + let mut bytes: [u8; KEYPAIR_LENGTH] = [0u8; KEYPAIR_LENGTH]; + + bytes[..SECRET_KEY_LENGTH].copy_from_slice(&self.secret_key); + bytes[SECRET_KEY_LENGTH..].copy_from_slice(self.verifying_key.as_bytes()); + bytes + } + + /// Get the [`VerifyingKey`] for this [`SigningKey`]. + pub fn verifying_key(&self) -> VerifyingKey { + self.verifying_key + } + + /// Create a signing context that can be used for Ed25519ph with + /// [`DigestSigner`]. + #[cfg(feature = "digest")] + pub fn with_context<'k, 'v>( + &'k self, + context_value: &'v [u8], + ) -> Result, SignatureError> { + Context::new(self, context_value) + } + + /// Generate an ed25519 signing key. + /// + /// # Example + /// + #[cfg_attr(feature = "rand_core", doc = "```")] + #[cfg_attr(not(feature = "rand_core"), doc = "```ignore")] + /// # fn main() { + /// use rand::rngs::OsRng; + /// use ed25519_dalek::{Signature, SigningKey}; + /// + /// let mut csprng = OsRng; + /// let signing_key: SigningKey = SigningKey::generate(&mut csprng); + /// # } + /// ``` + /// + /// # Input + /// + /// A CSPRNG with a `fill_bytes()` method, e.g. `rand_os::OsRng`. + /// + /// The caller must also supply a hash function which implements the + /// `Digest` and `Default` traits, and which returns 512 bits of output. + /// The standard hash function used for most ed25519 libraries is SHA-512, + /// which is available with `use sha2::Sha512` as in the example above. + /// Other suitable hash functions include Keccak-512 and Blake2b-512. + #[cfg(any(test, feature = "rand_core"))] + pub fn generate(csprng: &mut R) -> SigningKey { + let mut secret = SecretKey::default(); + csprng.fill_bytes(&mut secret); + Self::from_bytes(&secret) + } + + /// Sign a `prehashed_message` with this [`SigningKey`] using the + /// Ed25519ph algorithm defined in [RFC8032 §5.1][rfc8032]. + /// + /// # Inputs + /// + /// * `prehashed_message` is an instantiated hash digest with 512-bits of + /// output which has had the message to be signed previously fed into its + /// state. + /// * `context` is an optional context string, up to 255 bytes inclusive, + /// which may be used to provide additional domain separation. If not + /// set, this will default to an empty string. + /// + /// # Returns + /// + /// An Ed25519ph [`Signature`] on the `prehashed_message`. + /// + /// # Note + /// + /// The RFC only permits SHA-512 to be used for prehashing, i.e., `MsgDigest = Sha512`. This + /// function technically works, and is probably safe to use, with any secure hash function with + /// 512-bit digests, but anything outside of SHA-512 is NOT specification-compliant. We expose + /// [`crate::Sha512`] for user convenience. + /// + /// # Examples + /// + #[cfg_attr(all(feature = "rand_core", feature = "digest"), doc = "```")] + #[cfg_attr( + any(not(feature = "rand_core"), not(feature = "digest")), + doc = "```ignore" + )] + /// use ed25519_dalek::Digest; + /// use ed25519_dalek::SigningKey; + /// use ed25519_dalek::Signature; + /// use sha2::Sha512; + /// use rand::rngs::OsRng; + /// + /// # fn main() { + /// let mut csprng = OsRng; + /// let signing_key: SigningKey = SigningKey::generate(&mut csprng); + /// let message: &[u8] = b"All I want is to pet all of the dogs."; + /// + /// // Create a hash digest object which we'll feed the message into: + /// let mut prehashed: Sha512 = Sha512::new(); + /// + /// prehashed.update(message); + /// # } + /// ``` + /// + /// If you want, you can optionally pass a "context". It is generally a + /// good idea to choose a context and try to make it unique to your project + /// and this specific usage of signatures. + /// + /// For example, without this, if you were to [convert your OpenPGP key + /// to a Bitcoin key][terrible_idea] (just as an example, and also Don't + /// Ever Do That) and someone tricked you into signing an "email" which was + /// actually a Bitcoin transaction moving all your magic internet money to + /// their address, it'd be a valid transaction. + /// + /// By adding a context, this trick becomes impossible, because the context + /// is concatenated into the hash, which is then signed. So, going with the + /// previous example, if your bitcoin wallet used a context of + /// "BitcoinWalletAppTxnSigning" and OpenPGP used a context (this is likely + /// the least of their safety problems) of "GPGsCryptoIsntConstantTimeLol", + /// then the signatures produced by both could never match the other, even + /// if they signed the exact same message with the same key. + /// + /// Let's add a context for good measure (remember, you'll want to choose + /// your own!): + /// + #[cfg_attr(all(feature = "rand_core", feature = "digest"), doc = "```")] + #[cfg_attr( + any(not(feature = "rand_core"), not(feature = "digest")), + doc = "```ignore" + )] + /// # use ed25519_dalek::Digest; + /// # use ed25519_dalek::SigningKey; + /// # use ed25519_dalek::Signature; + /// # use ed25519_dalek::SignatureError; + /// # use sha2::Sha512; + /// # use rand::rngs::OsRng; + /// # + /// # fn do_test() -> Result { + /// # let mut csprng = OsRng; + /// # let signing_key: SigningKey = SigningKey::generate(&mut csprng); + /// # let message: &[u8] = b"All I want is to pet all of the dogs."; + /// # let mut prehashed: Sha512 = Sha512::new(); + /// # prehashed.update(message); + /// # + /// let context: &[u8] = b"Ed25519DalekSignPrehashedDoctest"; + /// + /// let sig: Signature = signing_key.sign_prehashed(prehashed, Some(context))?; + /// # + /// # Ok(sig) + /// # } + /// # fn main() { + /// # do_test(); + /// # } + /// ``` + /// + /// [rfc8032]: https://tools.ietf.org/html/rfc8032#section-5.1 + /// [terrible_idea]: https://github.com/isislovecruft/scripts/blob/master/gpgkey2bc.py + #[cfg(feature = "digest")] + pub fn sign_prehashed( + &self, + prehashed_message: MsgDigest, + context: Option<&[u8]>, + ) -> Result + where + MsgDigest: Digest, + { + ExpandedSecretKey::from(&self.secret_key).raw_sign_prehashed::( + prehashed_message, + &self.verifying_key, + context, + ) + } + + /// Verify a signature on a message with this signing key's public key. + pub fn verify(&self, message: &[u8], signature: &Signature) -> Result<(), SignatureError> { + self.verifying_key.verify(message, signature) + } + + /// Verify a `signature` on a `prehashed_message` using the Ed25519ph algorithm. + /// + /// # Inputs + /// + /// * `prehashed_message` is an instantiated hash digest with 512-bits of + /// output which has had the message to be signed previously fed into its + /// state. + /// * `context` is an optional context string, up to 255 bytes inclusive, + /// which may be used to provide additional domain separation. If not + /// set, this will default to an empty string. + /// * `signature` is a purported Ed25519ph [`Signature`] on the `prehashed_message`. + /// + /// # Returns + /// + /// Returns `true` if the `signature` was a valid signature created by this + /// [`SigningKey`] on the `prehashed_message`. + /// + /// # Note + /// + /// The RFC only permits SHA-512 to be used for prehashing, i.e., `MsgDigest = Sha512`. This + /// function technically works, and is probably safe to use, with any secure hash function with + /// 512-bit digests, but anything outside of SHA-512 is NOT specification-compliant. We expose + /// [`crate::Sha512`] for user convenience. + /// + /// # Examples + /// + #[cfg_attr(all(feature = "rand_core", feature = "digest"), doc = "```")] + #[cfg_attr( + any(not(feature = "rand_core"), not(feature = "digest")), + doc = "```ignore" + )] + /// use ed25519_dalek::Digest; + /// use ed25519_dalek::SigningKey; + /// use ed25519_dalek::Signature; + /// use ed25519_dalek::SignatureError; + /// use sha2::Sha512; + /// use rand::rngs::OsRng; + /// + /// # fn do_test() -> Result<(), SignatureError> { + /// let mut csprng = OsRng; + /// let signing_key: SigningKey = SigningKey::generate(&mut csprng); + /// let message: &[u8] = b"All I want is to pet all of the dogs."; + /// + /// let mut prehashed: Sha512 = Sha512::new(); + /// prehashed.update(message); + /// + /// let context: &[u8] = b"Ed25519DalekSignPrehashedDoctest"; + /// + /// let sig: Signature = signing_key.sign_prehashed(prehashed, Some(context))?; + /// + /// // The sha2::Sha512 struct doesn't implement Copy, so we'll have to create a new one: + /// let mut prehashed_again: Sha512 = Sha512::default(); + /// prehashed_again.update(message); + /// + /// let verified = signing_key.verifying_key().verify_prehashed(prehashed_again, Some(context), &sig); + /// + /// assert!(verified.is_ok()); + /// + /// # verified + /// # } + /// # + /// # fn main() { + /// # do_test(); + /// # } + /// ``` + /// + /// [rfc8032]: https://tools.ietf.org/html/rfc8032#section-5.1 + #[cfg(feature = "digest")] + pub fn verify_prehashed( + &self, + prehashed_message: MsgDigest, + context: Option<&[u8]>, + signature: &Signature, + ) -> Result<(), SignatureError> + where + MsgDigest: Digest, + { + self.verifying_key + .verify_prehashed(prehashed_message, context, signature) + } + + /// Strictly verify a signature on a message with this signing key's public key. + /// + /// # On The (Multiple) Sources of Malleability in Ed25519 Signatures + /// + /// This version of verification is technically non-RFC8032 compliant. The + /// following explains why. + /// + /// 1. Scalar Malleability + /// + /// The authors of the RFC explicitly stated that verification of an ed25519 + /// signature must fail if the scalar `s` is not properly reduced mod \ell: + /// + /// > To verify a signature on a message M using public key A, with F + /// > being 0 for Ed25519ctx, 1 for Ed25519ph, and if Ed25519ctx or + /// > Ed25519ph is being used, C being the context, first split the + /// > signature into two 32-octet halves. Decode the first half as a + /// > point R, and the second half as an integer S, in the range + /// > 0 <= s < L. Decode the public key A as point A'. If any of the + /// > decodings fail (including S being out of range), the signature is + /// > invalid.) + /// + /// All `verify_*()` functions within ed25519-dalek perform this check. + /// + /// 2. Point malleability + /// + /// The authors of the RFC added in a malleability check to step #3 in + /// §5.1.7, for small torsion components in the `R` value of the signature, + /// *which is not strictly required*, as they state: + /// + /// > Check the group equation \[8\]\[S\]B = \[8\]R + \[8\]\[k\]A'. It's + /// > sufficient, but not required, to instead check \[S\]B = R + \[k\]A'. + /// + /// # History of Malleability Checks + /// + /// As originally defined (cf. the "Malleability" section in the README of + /// this repo), ed25519 signatures didn't consider *any* form of + /// malleability to be an issue. Later the scalar malleability was + /// considered important. Still later, particularly with interests in + /// cryptocurrency design and in unique identities (e.g. for Signal users, + /// Tor onion services, etc.), the group element malleability became a + /// concern. + /// + /// However, libraries had already been created to conform to the original + /// definition. One well-used library in particular even implemented the + /// group element malleability check, *but only for batch verification*! + /// Which meant that even using the same library, a single signature could + /// verify fine individually, but suddenly, when verifying it with a bunch + /// of other signatures, the whole batch would fail! + /// + /// # "Strict" Verification + /// + /// This method performs *both* of the above signature malleability checks. + /// + /// It must be done as a separate method because one doesn't simply get to + /// change the definition of a cryptographic primitive ten years + /// after-the-fact with zero consideration for backwards compatibility in + /// hardware and protocols which have it already have the older definition + /// baked in. + /// + /// # Return + /// + /// Returns `Ok(())` if the signature is valid, and `Err` otherwise. + #[allow(non_snake_case)] + pub fn verify_strict( + &self, + message: &[u8], + signature: &Signature, + ) -> Result<(), SignatureError> { + self.verifying_key.verify_strict(message, signature) + } + + /// Convert this signing key into a byte representation of an unreduced, unclamped Curve25519 + /// scalar. This is NOT the same thing as `self.to_scalar().to_bytes()`, since `to_scalar()` + /// performs a clamping step, which changes the value of the resulting scalar. + /// + /// This can be used for performing X25519 Diffie-Hellman using Ed25519 keys. The bytes output + /// by this function are a valid corresponding [`StaticSecret`](https://docs.rs/x25519-dalek/2.0.0/x25519_dalek/struct.StaticSecret.html#impl-From%3C%5Bu8;+32%5D%3E-for-StaticSecret) + /// for the X25519 public key given by `self.verifying_key().to_montgomery()`. + /// + /// # Note + /// + /// We do NOT recommend using a signing/verifying key for encryption. Signing keys are usually + /// long-term keys, while keys used for key exchange should rather be ephemeral. If you can + /// help it, use a separate key for encryption. + /// + /// For more information on the security of systems which use the same keys for both signing + /// and Diffie-Hellman, see the paper + /// [On using the same key pair for Ed25519 and an X25519 based KEM](https://eprint.iacr.org/2021/509). + pub fn to_scalar_bytes(&self) -> [u8; 32] { + // Per the spec, the ed25519 secret key sk is expanded to + // (scalar_bytes, hash_prefix) = SHA-512(sk) + // where the two outputs are both 32 bytes. scalar_bytes is what we return. Its clamped and + // reduced form is what we use for signing (see impl ExpandedSecretKey) + let mut buf = [0u8; 32]; + let scalar_and_hash_prefix = Sha512::default().chain_update(self.secret_key).finalize(); + buf.copy_from_slice(&scalar_and_hash_prefix[..32]); + buf + } + + /// Convert this signing key into a Curve25519 scalar. This is computed by clamping and + /// reducing the output of [`Self::to_scalar_bytes`]. + /// + /// This can be used anywhere where a Curve25519 scalar is used as a private key, e.g., in + /// [`crypto_box`](https://docs.rs/crypto_box/0.9.1/crypto_box/struct.SecretKey.html#impl-From%3CScalar%3E-for-SecretKey). + /// + /// # Note + /// + /// We do NOT recommend using a signing/verifying key for encryption. Signing keys are usually + /// long-term keys, while keys used for key exchange should rather be ephemeral. If you can + /// help it, use a separate key for encryption. + /// + /// For more information on the security of systems which use the same keys for both signing + /// and Diffie-Hellman, see the paper + /// [On using the same key pair for Ed25519 and an X25519 based KEM](https://eprint.iacr.org/2021/509). + pub fn to_scalar(&self) -> Scalar { + // Per the spec, the ed25519 secret key sk is expanded to + // (scalar_bytes, hash_prefix) = SHA-512(sk) + // where the two outputs are both 32 bytes. To use for signing, scalar_bytes must be + // clamped and reduced (see ExpandedSecretKey::from_bytes). We return the clamped and + // reduced form. + ExpandedSecretKey::from(&self.secret_key).scalar + } +} + +impl AsRef for SigningKey { + fn as_ref(&self) -> &VerifyingKey { + &self.verifying_key + } +} + +impl Debug for SigningKey { + fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + f.debug_struct("SigningKey") + .field("verifying_key", &self.verifying_key) + .finish_non_exhaustive() // avoids printing `secret_key` + } +} + +impl KeypairRef for SigningKey { + type VerifyingKey = VerifyingKey; +} + +impl Signer for SigningKey { + /// Sign a message with this signing key's secret key. + fn try_sign(&self, message: &[u8]) -> Result { + let expanded: ExpandedSecretKey = (&self.secret_key).into(); + Ok(expanded.raw_sign::(message, &self.verifying_key)) + } +} + +/// Equivalent to [`SigningKey::sign_prehashed`] with `context` set to [`None`]. +/// +/// # Note +/// +/// The RFC only permits SHA-512 to be used for prehashing. This function technically works, and is +/// probably safe to use, with any secure hash function with 512-bit digests, but anything outside +/// of SHA-512 is NOT specification-compliant. We expose [`crate::Sha512`] for user convenience. +#[cfg(feature = "digest")] +impl DigestSigner for SigningKey +where + D: Digest, +{ + fn try_sign_digest(&self, msg_digest: D) -> Result { + self.sign_prehashed(msg_digest, None) + } +} + +/// Equivalent to [`SigningKey::sign_prehashed`] with `context` set to [`Some`] +/// containing `self.value()`. +/// +/// # Note +/// +/// The RFC only permits SHA-512 to be used for prehashing. This function technically works, and is +/// probably safe to use, with any secure hash function with 512-bit digests, but anything outside +/// of SHA-512 is NOT specification-compliant. We expose [`crate::Sha512`] for user convenience. +#[cfg(feature = "digest")] +impl DigestSigner for Context<'_, '_, SigningKey> +where + D: Digest, +{ + fn try_sign_digest(&self, msg_digest: D) -> Result { + self.key().sign_prehashed(msg_digest, Some(self.value())) + } +} + +impl Verifier for SigningKey { + /// Verify a signature on a message with this signing key's public key. + fn verify(&self, message: &[u8], signature: &Signature) -> Result<(), SignatureError> { + self.verifying_key.verify(message, signature) + } +} + +impl From for SigningKey { + #[inline] + fn from(secret: SecretKey) -> Self { + Self::from_bytes(&secret) + } +} + +impl From<&SecretKey> for SigningKey { + #[inline] + fn from(secret: &SecretKey) -> Self { + Self::from_bytes(secret) + } +} + +impl TryFrom<&[u8]> for SigningKey { + type Error = SignatureError; + + fn try_from(bytes: &[u8]) -> Result { + SecretKey::try_from(bytes) + .map(|bytes| Self::from_bytes(&bytes)) + .map_err(|_| { + InternalError::BytesLength { + name: "SecretKey", + length: SECRET_KEY_LENGTH, + } + .into() + }) + } +} + +impl ConstantTimeEq for SigningKey { + fn ct_eq(&self, other: &Self) -> Choice { + self.secret_key.ct_eq(&other.secret_key) + } +} + +impl PartialEq for SigningKey { + fn eq(&self, other: &Self) -> bool { + self.ct_eq(other).into() + } +} + +impl Eq for SigningKey {} + +#[cfg(feature = "zeroize")] +impl Drop for SigningKey { + fn drop(&mut self) { + self.secret_key.zeroize(); + } +} + +#[cfg(feature = "zeroize")] +impl ZeroizeOnDrop for SigningKey {} + +#[cfg(all(feature = "alloc", feature = "pkcs8"))] +impl pkcs8::EncodePrivateKey for SigningKey { + fn to_pkcs8_der(&self) -> pkcs8::Result { + pkcs8::KeypairBytes::from(self).to_pkcs8_der() + } +} + +#[cfg(feature = "pkcs8")] +impl TryFrom for SigningKey { + type Error = pkcs8::Error; + + fn try_from(pkcs8_key: pkcs8::KeypairBytes) -> pkcs8::Result { + SigningKey::try_from(&pkcs8_key) + } +} + +#[cfg(feature = "pkcs8")] +impl TryFrom<&pkcs8::KeypairBytes> for SigningKey { + type Error = pkcs8::Error; + + fn try_from(pkcs8_key: &pkcs8::KeypairBytes) -> pkcs8::Result { + let signing_key = SigningKey::from_bytes(&pkcs8_key.secret_key); + + // Validate the public key in the PKCS#8 document if present + if let Some(public_bytes) = &pkcs8_key.public_key { + let expected_verifying_key = VerifyingKey::from_bytes(public_bytes.as_ref()) + .map_err(|_| pkcs8::Error::KeyMalformed)?; + + if signing_key.verifying_key() != expected_verifying_key { + return Err(pkcs8::Error::KeyMalformed); + } + } + + Ok(signing_key) + } +} + +#[cfg(feature = "pkcs8")] +impl From for pkcs8::KeypairBytes { + fn from(signing_key: SigningKey) -> pkcs8::KeypairBytes { + pkcs8::KeypairBytes::from(&signing_key) + } +} + +#[cfg(feature = "pkcs8")] +impl From<&SigningKey> for pkcs8::KeypairBytes { + fn from(signing_key: &SigningKey) -> pkcs8::KeypairBytes { + pkcs8::KeypairBytes { + secret_key: signing_key.to_bytes(), + public_key: Some(pkcs8::PublicKeyBytes(signing_key.verifying_key.to_bytes())), + } + } +} + +#[cfg(feature = "pkcs8")] +impl TryFrom> for SigningKey { + type Error = pkcs8::Error; + + fn try_from(private_key: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { + pkcs8::KeypairBytes::try_from(private_key)?.try_into() + } +} + +#[cfg(feature = "serde")] +impl Serialize for SigningKey { + fn serialize(&self, serializer: S) -> Result + where + S: Serializer, + { + serializer.serialize_bytes(&self.secret_key) + } +} + +#[cfg(feature = "serde")] +impl<'d> Deserialize<'d> for SigningKey { + fn deserialize(deserializer: D) -> Result + where + D: Deserializer<'d>, + { + struct SigningKeyVisitor; + + impl<'de> serde::de::Visitor<'de> for SigningKeyVisitor { + type Value = SigningKey; + + fn expecting(&self, formatter: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + write!(formatter, concat!("An ed25519 signing (private) key")) + } + + fn visit_bytes(self, bytes: &[u8]) -> Result { + SigningKey::try_from(bytes).map_err(E::custom) + } + + fn visit_seq(self, mut seq: A) -> Result + where + A: serde::de::SeqAccess<'de>, + { + let mut bytes = [0u8; 32]; + #[allow(clippy::needless_range_loop)] + for i in 0..32 { + bytes[i] = seq + .next_element()? + .ok_or_else(|| serde::de::Error::invalid_length(i, &"expected 32 bytes"))?; + } + + let remaining = (0..) + .map(|_| seq.next_element::()) + .take_while(|el| matches!(el, Ok(Some(_)))) + .count(); + + if remaining > 0 { + return Err(serde::de::Error::invalid_length( + 32 + remaining, + &"expected 32 bytes", + )); + } + + SigningKey::try_from(bytes).map_err(serde::de::Error::custom) + } + } + + deserializer.deserialize_bytes(SigningKeyVisitor) + } +} + +/// The spec-compliant way to define an expanded secret key. This computes `SHA512(sk)`, clamps the +/// first 32 bytes and uses it as a scalar, and uses the second 32 bytes as a domain separator for +/// hashing. +impl From<&SecretKey> for ExpandedSecretKey { + #[allow(clippy::unwrap_used)] + fn from(secret_key: &SecretKey) -> ExpandedSecretKey { + let hash = Sha512::default().chain_update(secret_key).finalize(); + ExpandedSecretKey::from_bytes(hash.as_ref()) + } +} + +// +// Signing functions. These are pub(crate) so that the `hazmat` module can use them +// + +impl ExpandedSecretKey { + /// The plain, non-prehashed, signing function for Ed25519. `CtxDigest` is the digest used to + /// calculate the pseudorandomness needed for signing. According to the spec, `CtxDigest = + /// Sha512`, and `self` is derived via the method defined in `impl From<&SigningKey> for + /// ExpandedSecretKey`. + /// + /// This definition is loose in its parameters so that end-users of the `hazmat` module can + /// change how the `ExpandedSecretKey` is calculated and which hash function to use. + #[allow(non_snake_case)] + #[inline(always)] + pub(crate) fn raw_sign( + &self, + message: &[u8], + verifying_key: &VerifyingKey, + ) -> Signature + where + CtxDigest: Digest, + { + let mut h = CtxDigest::new(); + + h.update(self.hash_prefix); + h.update(message); + + let r = Scalar::from_hash(h); + let R: CompressedEdwardsY = EdwardsPoint::mul_base(&r).compress(); + + h = CtxDigest::new(); + h.update(R.as_bytes()); + h.update(verifying_key.as_bytes()); + h.update(message); + + let k = Scalar::from_hash(h); + let s: Scalar = (k * self.scalar) + r; + + InternalSignature { R, s }.into() + } + + /// The prehashed signing function for Ed25519 (i.e., Ed25519ph). `CtxDigest` is the digest + /// function used to calculate the pseudorandomness needed for signing. `MsgDigest` is the + /// digest function used to hash the signed message. According to the spec, `MsgDigest = + /// CtxDigest = Sha512`, and `self` is derived via the method defined in `impl + /// From<&SigningKey> for ExpandedSecretKey`. + /// + /// This definition is loose in its parameters so that end-users of the `hazmat` module can + /// change how the `ExpandedSecretKey` is calculated and which `CtxDigest` function to use. + #[cfg(feature = "digest")] + #[allow(non_snake_case)] + #[inline(always)] + pub(crate) fn raw_sign_prehashed( + &self, + prehashed_message: MsgDigest, + verifying_key: &VerifyingKey, + context: Option<&[u8]>, + ) -> Result + where + CtxDigest: Digest, + MsgDigest: Digest, + { + let mut prehash: [u8; 64] = [0u8; 64]; + + let ctx: &[u8] = context.unwrap_or(b""); // By default, the context is an empty string. + + if ctx.len() > 255 { + return Err(SignatureError::from(InternalError::PrehashedContextLength)); + } + + let ctx_len: u8 = ctx.len() as u8; + + // Get the result of the pre-hashed message. + prehash.copy_from_slice(prehashed_message.finalize().as_slice()); + + // This is the dumbest, ten-years-late, non-admission of fucking up the + // domain separation I have ever seen. Why am I still required to put + // the upper half "prefix" of the hashed "secret key" in here? Why + // can't the user just supply their own nonce and decide for themselves + // whether or not they want a deterministic signature scheme? Why does + // the message go into what's ostensibly the signature domain separation + // hash? Why wasn't there always a way to provide a context string? + // + // ... + // + // This is a really fucking stupid bandaid, and the damned scheme is + // still bleeding from malleability, for fuck's sake. + let mut h = CtxDigest::new() + .chain_update(b"SigEd25519 no Ed25519 collisions") + .chain_update([1]) // Ed25519ph + .chain_update([ctx_len]) + .chain_update(ctx) + .chain_update(self.hash_prefix) + .chain_update(&prehash[..]); + + let r = Scalar::from_hash(h); + let R: CompressedEdwardsY = EdwardsPoint::mul_base(&r).compress(); + + h = CtxDigest::new() + .chain_update(b"SigEd25519 no Ed25519 collisions") + .chain_update([1]) // Ed25519ph + .chain_update([ctx_len]) + .chain_update(ctx) + .chain_update(R.as_bytes()) + .chain_update(verifying_key.as_bytes()) + .chain_update(&prehash[..]); + + let k = Scalar::from_hash(h); + let s: Scalar = (k * self.scalar) + r; + + Ok(InternalSignature { R, s }.into()) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/verifying.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/verifying.rs new file mode 100644 index 000000000000..b7e12978801d --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/verifying.rs @@ -0,0 +1,674 @@ +// -*- mode: rust; -*- +// +// This file is part of ed25519-dalek. +// Copyright (c) 2017-2019 isis lovecruft +// See LICENSE for licensing information. +// +// Authors: +// - isis agora lovecruft + +//! ed25519 public keys. + +use core::convert::TryFrom; +use core::fmt::Debug; +use core::hash::{Hash, Hasher}; + +use curve25519_dalek::{ + digest::{generic_array::typenum::U64, Digest}, + edwards::{CompressedEdwardsY, EdwardsPoint}, + montgomery::MontgomeryPoint, + scalar::Scalar, +}; + +use ed25519::signature::Verifier; + +use sha2::Sha512; + +#[cfg(feature = "pkcs8")] +use ed25519::pkcs8; + +#[cfg(feature = "serde")] +use serde::{Deserialize, Deserializer, Serialize, Serializer}; + +#[cfg(feature = "digest")] +use crate::context::Context; +#[cfg(feature = "digest")] +use signature::DigestVerifier; + +use crate::{ + constants::PUBLIC_KEY_LENGTH, + errors::{InternalError, SignatureError}, + hazmat::ExpandedSecretKey, + signature::InternalSignature, + signing::SigningKey, +}; + +/// An ed25519 public key. +/// +/// # Note +/// +/// The `Eq` and `Hash` impls here use the compressed Edwards y encoding, _not_ the algebraic +/// representation. This means if this `VerifyingKey` is non-canonically encoded, it will be +/// considered unequal to the other equivalent encoding, despite the two representing the same +/// point. More encoding details can be found +/// [here](https://hdevalence.ca/blog/2020-10-04-its-25519am). +/// If you want to make sure that signatures produced with respect to those sorts of public keys +/// are rejected, use [`VerifyingKey::verify_strict`]. +// Invariant: VerifyingKey.1 is always the decompression of VerifyingKey.0 +#[derive(Copy, Clone, Default, Eq)] +pub struct VerifyingKey { + /// Serialized compressed Edwards-y point. + pub(crate) compressed: CompressedEdwardsY, + + /// Decompressed Edwards point used for curve arithmetic operations. + pub(crate) point: EdwardsPoint, +} + +impl Debug for VerifyingKey { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + write!(f, "VerifyingKey({:?}), {:?})", self.compressed, self.point) + } +} + +impl AsRef<[u8]> for VerifyingKey { + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } +} + +impl Hash for VerifyingKey { + fn hash(&self, state: &mut H) { + self.as_bytes().hash(state); + } +} + +impl PartialEq for VerifyingKey { + fn eq(&self, other: &VerifyingKey) -> bool { + self.as_bytes() == other.as_bytes() + } +} + +impl From<&ExpandedSecretKey> for VerifyingKey { + /// Derive this public key from its corresponding `ExpandedSecretKey`. + fn from(expanded_secret_key: &ExpandedSecretKey) -> VerifyingKey { + VerifyingKey::from(EdwardsPoint::mul_base(&expanded_secret_key.scalar)) + } +} + +impl From<&SigningKey> for VerifyingKey { + fn from(signing_key: &SigningKey) -> VerifyingKey { + signing_key.verifying_key() + } +} + +impl From for VerifyingKey { + fn from(point: EdwardsPoint) -> VerifyingKey { + VerifyingKey { + point, + compressed: point.compress(), + } + } +} + +impl VerifyingKey { + /// Convert this public key to a byte array. + #[inline] + pub fn to_bytes(&self) -> [u8; PUBLIC_KEY_LENGTH] { + self.compressed.to_bytes() + } + + /// View this public key as a byte array. + #[inline] + pub fn as_bytes(&self) -> &[u8; PUBLIC_KEY_LENGTH] { + &(self.compressed).0 + } + + /// Construct a `VerifyingKey` from a slice of bytes. + /// + /// # Warning + /// + /// The caller is responsible for ensuring that the bytes passed into this + /// method actually represent a `curve25519_dalek::curve::CompressedEdwardsY` + /// and that said compressed point is actually a point on the curve. + /// + /// # Example + /// + /// ``` + /// use ed25519_dalek::VerifyingKey; + /// use ed25519_dalek::PUBLIC_KEY_LENGTH; + /// use ed25519_dalek::SignatureError; + /// + /// # fn doctest() -> Result { + /// let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = [ + /// 215, 90, 152, 1, 130, 177, 10, 183, 213, 75, 254, 211, 201, 100, 7, 58, + /// 14, 225, 114, 243, 218, 166, 35, 37, 175, 2, 26, 104, 247, 7, 81, 26]; + /// + /// let public_key = VerifyingKey::from_bytes(&public_key_bytes)?; + /// # + /// # Ok(public_key) + /// # } + /// # + /// # fn main() { + /// # doctest(); + /// # } + /// ``` + /// + /// # Returns + /// + /// A `Result` whose okay value is an EdDSA `VerifyingKey` or whose error value + /// is a `SignatureError` describing the error that occurred. + #[inline] + pub fn from_bytes(bytes: &[u8; PUBLIC_KEY_LENGTH]) -> Result { + let compressed = CompressedEdwardsY(*bytes); + let point = compressed + .decompress() + .ok_or(InternalError::PointDecompression)?; + + // Invariant: VerifyingKey.1 is always the decompression of VerifyingKey.0 + Ok(VerifyingKey { compressed, point }) + } + + /// Create a verifying context that can be used for Ed25519ph with + /// [`DigestVerifier`]. + #[cfg(feature = "digest")] + pub fn with_context<'k, 'v>( + &'k self, + context_value: &'v [u8], + ) -> Result, SignatureError> { + Context::new(self, context_value) + } + + /// Returns whether this is a _weak_ public key, i.e., if this public key has low order. + /// + /// A weak public key can be used to generate a signature that's valid for almost every + /// message. [`Self::verify_strict`] denies weak keys, but if you want to check for this + /// property before verification, then use this method. + pub fn is_weak(&self) -> bool { + self.point.is_small_order() + } + + // A helper function that computes `H(R || A || M)` where `H` is the 512-bit hash function + // given by `CtxDigest` (this is SHA-512 in spec-compliant Ed25519). If `context.is_some()`, + // this does the prehashed variant of the computation using its contents. + #[allow(non_snake_case)] + fn compute_challenge( + context: Option<&[u8]>, + R: &CompressedEdwardsY, + A: &CompressedEdwardsY, + M: &[u8], + ) -> Scalar + where + CtxDigest: Digest, + { + let mut h = CtxDigest::new(); + if let Some(c) = context { + h.update(b"SigEd25519 no Ed25519 collisions"); + h.update([1]); // Ed25519ph + h.update([c.len() as u8]); + h.update(c); + } + h.update(R.as_bytes()); + h.update(A.as_bytes()); + h.update(M); + + Scalar::from_hash(h) + } + + // Helper function for verification. Computes the _expected_ R component of the signature. The + // caller compares this to the real R component. If `context.is_some()`, this does the + // prehashed variant of the computation using its contents. + // Note that this returns the compressed form of R and the caller does a byte comparison. This + // means that all our verification functions do not accept non-canonically encoded R values. + // See the validation criteria blog post for more details: + // https://hdevalence.ca/blog/2020-10-04-its-25519am + #[allow(non_snake_case)] + fn recompute_R( + &self, + context: Option<&[u8]>, + signature: &InternalSignature, + M: &[u8], + ) -> CompressedEdwardsY + where + CtxDigest: Digest, + { + let k = Self::compute_challenge::(context, &signature.R, &self.compressed, M); + let minus_A: EdwardsPoint = -self.point; + // Recall the (non-batched) verification equation: -[k]A + [s]B = R + EdwardsPoint::vartime_double_scalar_mul_basepoint(&k, &(minus_A), &signature.s).compress() + } + + /// The ordinary non-batched Ed25519 verification check, rejecting non-canonical R values. (see + /// [`Self::recompute_R`]). `CtxDigest` is the digest used to calculate the pseudorandomness + /// needed for signing. According to the spec, `CtxDigest = Sha512`. + /// + /// This definition is loose in its parameters so that end-users of the `hazmat` module can + /// change how the `ExpandedSecretKey` is calculated and which hash function to use. + #[allow(non_snake_case)] + pub(crate) fn raw_verify( + &self, + message: &[u8], + signature: &ed25519::Signature, + ) -> Result<(), SignatureError> + where + CtxDigest: Digest, + { + let signature = InternalSignature::try_from(signature)?; + + let expected_R = self.recompute_R::(None, &signature, message); + if expected_R == signature.R { + Ok(()) + } else { + Err(InternalError::Verify.into()) + } + } + + /// The prehashed non-batched Ed25519 verification check, rejecting non-canonical R values. + /// (see [`Self::recompute_R`]). `CtxDigest` is the digest used to calculate the + /// pseudorandomness needed for signing. `MsgDigest` is the digest used to hash the signed + /// message. According to the spec, `MsgDigest = CtxDigest = Sha512`. + /// + /// This definition is loose in its parameters so that end-users of the `hazmat` module can + /// change how the `ExpandedSecretKey` is calculated and which hash function to use. + #[cfg(feature = "digest")] + #[allow(non_snake_case)] + pub(crate) fn raw_verify_prehashed( + &self, + prehashed_message: MsgDigest, + context: Option<&[u8]>, + signature: &ed25519::Signature, + ) -> Result<(), SignatureError> + where + CtxDigest: Digest, + MsgDigest: Digest, + { + let signature = InternalSignature::try_from(signature)?; + + let ctx: &[u8] = context.unwrap_or(b""); + debug_assert!( + ctx.len() <= 255, + "The context must not be longer than 255 octets." + ); + + let message = prehashed_message.finalize(); + let expected_R = self.recompute_R::(Some(ctx), &signature, &message); + + if expected_R == signature.R { + Ok(()) + } else { + Err(InternalError::Verify.into()) + } + } + + /// Verify a `signature` on a `prehashed_message` using the Ed25519ph algorithm. + /// + /// # Inputs + /// + /// * `prehashed_message` is an instantiated hash digest with 512-bits of + /// output which has had the message to be signed previously fed into its + /// state. + /// * `context` is an optional context string, up to 255 bytes inclusive, + /// which may be used to provide additional domain separation. If not + /// set, this will default to an empty string. + /// * `signature` is a purported Ed25519ph signature on the `prehashed_message`. + /// + /// # Returns + /// + /// Returns `true` if the `signature` was a valid signature created by this + /// [`SigningKey`] on the `prehashed_message`. + /// + /// # Note + /// + /// The RFC only permits SHA-512 to be used for prehashing, i.e., `MsgDigest = Sha512`. This + /// function technically works, and is probably safe to use, with any secure hash function with + /// 512-bit digests, but anything outside of SHA-512 is NOT specification-compliant. We expose + /// [`crate::Sha512`] for user convenience. + #[cfg(feature = "digest")] + #[allow(non_snake_case)] + pub fn verify_prehashed( + &self, + prehashed_message: MsgDigest, + context: Option<&[u8]>, + signature: &ed25519::Signature, + ) -> Result<(), SignatureError> + where + MsgDigest: Digest, + { + self.raw_verify_prehashed::(prehashed_message, context, signature) + } + + /// Strictly verify a signature on a message with this keypair's public key. + /// + /// # On The (Multiple) Sources of Malleability in Ed25519 Signatures + /// + /// This version of verification is technically non-RFC8032 compliant. The + /// following explains why. + /// + /// 1. Scalar Malleability + /// + /// The authors of the RFC explicitly stated that verification of an ed25519 + /// signature must fail if the scalar `s` is not properly reduced mod $\ell$: + /// + /// > To verify a signature on a message M using public key A, with F + /// > being 0 for Ed25519ctx, 1 for Ed25519ph, and if Ed25519ctx or + /// > Ed25519ph is being used, C being the context, first split the + /// > signature into two 32-octet halves. Decode the first half as a + /// > point R, and the second half as an integer S, in the range + /// > 0 <= s < L. Decode the public key A as point A'. If any of the + /// > decodings fail (including S being out of range), the signature is + /// > invalid.) + /// + /// All `verify_*()` functions within ed25519-dalek perform this check. + /// + /// 2. Point malleability + /// + /// The authors of the RFC added in a malleability check to step #3 in + /// §5.1.7, for small torsion components in the `R` value of the signature, + /// *which is not strictly required*, as they state: + /// + /// > Check the group equation \[8\]\[S\]B = \[8\]R + \[8\]\[k\]A'. It's + /// > sufficient, but not required, to instead check \[S\]B = R + \[k\]A'. + /// + /// # History of Malleability Checks + /// + /// As originally defined (cf. the "Malleability" section in the README of + /// this repo), ed25519 signatures didn't consider *any* form of + /// malleability to be an issue. Later the scalar malleability was + /// considered important. Still later, particularly with interests in + /// cryptocurrency design and in unique identities (e.g. for Signal users, + /// Tor onion services, etc.), the group element malleability became a + /// concern. + /// + /// However, libraries had already been created to conform to the original + /// definition. One well-used library in particular even implemented the + /// group element malleability check, *but only for batch verification*! + /// Which meant that even using the same library, a single signature could + /// verify fine individually, but suddenly, when verifying it with a bunch + /// of other signatures, the whole batch would fail! + /// + /// # "Strict" Verification + /// + /// This method performs *both* of the above signature malleability checks. + /// + /// It must be done as a separate method because one doesn't simply get to + /// change the definition of a cryptographic primitive ten years + /// after-the-fact with zero consideration for backwards compatibility in + /// hardware and protocols which have it already have the older definition + /// baked in. + /// + /// # Return + /// + /// Returns `Ok(())` if the signature is valid, and `Err` otherwise. + #[allow(non_snake_case)] + pub fn verify_strict( + &self, + message: &[u8], + signature: &ed25519::Signature, + ) -> Result<(), SignatureError> { + let signature = InternalSignature::try_from(signature)?; + + let signature_R = signature + .R + .decompress() + .ok_or_else(|| SignatureError::from(InternalError::Verify))?; + + // Logical OR is fine here as we're not trying to be constant time. + if signature_R.is_small_order() || self.point.is_small_order() { + return Err(InternalError::Verify.into()); + } + + let expected_R = self.recompute_R::(None, &signature, message); + if expected_R == signature.R { + Ok(()) + } else { + Err(InternalError::Verify.into()) + } + } + + /// Verify a `signature` on a `prehashed_message` using the Ed25519ph algorithm, + /// using strict signture checking as defined by [`Self::verify_strict`]. + /// + /// # Inputs + /// + /// * `prehashed_message` is an instantiated hash digest with 512-bits of + /// output which has had the message to be signed previously fed into its + /// state. + /// * `context` is an optional context string, up to 255 bytes inclusive, + /// which may be used to provide additional domain separation. If not + /// set, this will default to an empty string. + /// * `signature` is a purported Ed25519ph signature on the `prehashed_message`. + /// + /// # Returns + /// + /// Returns `true` if the `signature` was a valid signature created by this + /// [`SigningKey`] on the `prehashed_message`. + /// + /// # Note + /// + /// The RFC only permits SHA-512 to be used for prehashing, i.e., `MsgDigest = Sha512`. This + /// function technically works, and is probably safe to use, with any secure hash function with + /// 512-bit digests, but anything outside of SHA-512 is NOT specification-compliant. We expose + /// [`crate::Sha512`] for user convenience. + #[cfg(feature = "digest")] + #[allow(non_snake_case)] + pub fn verify_prehashed_strict( + &self, + prehashed_message: MsgDigest, + context: Option<&[u8]>, + signature: &ed25519::Signature, + ) -> Result<(), SignatureError> + where + MsgDigest: Digest, + { + let signature = InternalSignature::try_from(signature)?; + + let ctx: &[u8] = context.unwrap_or(b""); + debug_assert!( + ctx.len() <= 255, + "The context must not be longer than 255 octets." + ); + + let signature_R = signature + .R + .decompress() + .ok_or_else(|| SignatureError::from(InternalError::Verify))?; + + // Logical OR is fine here as we're not trying to be constant time. + if signature_R.is_small_order() || self.point.is_small_order() { + return Err(InternalError::Verify.into()); + } + + let message = prehashed_message.finalize(); + let expected_R = self.recompute_R::(Some(ctx), &signature, &message); + + if expected_R == signature.R { + Ok(()) + } else { + Err(InternalError::Verify.into()) + } + } + + /// Convert this verifying key into Montgomery form. + /// + /// This can be used for performing X25519 Diffie-Hellman using Ed25519 keys. The output of + /// this function is a valid X25519 public key whose secret key is `sk.to_scalar_bytes()`, + /// where `sk` is a valid signing key for this `VerifyingKey`. + /// + /// # Note + /// + /// We do NOT recommend this usage of a signing/verifying key. Signing keys are usually + /// long-term keys, while keys used for key exchange should rather be ephemeral. If you can + /// help it, use a separate key for encryption. + /// + /// For more information on the security of systems which use the same keys for both signing + /// and Diffie-Hellman, see the paper + /// [On using the same key pair for Ed25519 and an X25519 based KEM](https://eprint.iacr.org/2021/509). + pub fn to_montgomery(&self) -> MontgomeryPoint { + self.point.to_montgomery() + } +} + +impl Verifier for VerifyingKey { + /// Verify a signature on a message with this keypair's public key. + /// + /// # Return + /// + /// Returns `Ok(())` if the signature is valid, and `Err` otherwise. + fn verify(&self, message: &[u8], signature: &ed25519::Signature) -> Result<(), SignatureError> { + self.raw_verify::(message, signature) + } +} + +/// Equivalent to [`VerifyingKey::verify_prehashed`] with `context` set to [`None`]. +#[cfg(feature = "digest")] +impl DigestVerifier for VerifyingKey +where + MsgDigest: Digest, +{ + fn verify_digest( + &self, + msg_digest: MsgDigest, + signature: &ed25519::Signature, + ) -> Result<(), SignatureError> { + self.verify_prehashed(msg_digest, None, signature) + } +} + +/// Equivalent to [`VerifyingKey::verify_prehashed`] with `context` set to [`Some`] +/// containing `self.value()`. +#[cfg(feature = "digest")] +impl DigestVerifier for Context<'_, '_, VerifyingKey> +where + MsgDigest: Digest, +{ + fn verify_digest( + &self, + msg_digest: MsgDigest, + signature: &ed25519::Signature, + ) -> Result<(), SignatureError> { + self.key() + .verify_prehashed(msg_digest, Some(self.value()), signature) + } +} + +impl TryFrom<&[u8]> for VerifyingKey { + type Error = SignatureError; + + #[inline] + fn try_from(bytes: &[u8]) -> Result { + let bytes = bytes.try_into().map_err(|_| InternalError::BytesLength { + name: "VerifyingKey", + length: PUBLIC_KEY_LENGTH, + })?; + Self::from_bytes(bytes) + } +} + +#[cfg(all(feature = "alloc", feature = "pkcs8"))] +impl pkcs8::EncodePublicKey for VerifyingKey { + fn to_public_key_der(&self) -> pkcs8::spki::Result { + pkcs8::PublicKeyBytes::from(self).to_public_key_der() + } +} + +#[cfg(feature = "pkcs8")] +impl TryFrom for VerifyingKey { + type Error = pkcs8::spki::Error; + + fn try_from(pkcs8_key: pkcs8::PublicKeyBytes) -> pkcs8::spki::Result { + VerifyingKey::try_from(&pkcs8_key) + } +} + +#[cfg(feature = "pkcs8")] +impl TryFrom<&pkcs8::PublicKeyBytes> for VerifyingKey { + type Error = pkcs8::spki::Error; + + fn try_from(pkcs8_key: &pkcs8::PublicKeyBytes) -> pkcs8::spki::Result { + VerifyingKey::from_bytes(pkcs8_key.as_ref()).map_err(|_| pkcs8::spki::Error::KeyMalformed) + } +} + +#[cfg(feature = "pkcs8")] +impl From for pkcs8::PublicKeyBytes { + fn from(verifying_key: VerifyingKey) -> pkcs8::PublicKeyBytes { + pkcs8::PublicKeyBytes::from(&verifying_key) + } +} + +#[cfg(feature = "pkcs8")] +impl From<&VerifyingKey> for pkcs8::PublicKeyBytes { + fn from(verifying_key: &VerifyingKey) -> pkcs8::PublicKeyBytes { + pkcs8::PublicKeyBytes(verifying_key.to_bytes()) + } +} + +#[cfg(feature = "pkcs8")] +impl TryFrom> for VerifyingKey { + type Error = pkcs8::spki::Error; + + fn try_from(public_key: pkcs8::spki::SubjectPublicKeyInfoRef<'_>) -> pkcs8::spki::Result { + pkcs8::PublicKeyBytes::try_from(public_key)?.try_into() + } +} + +#[cfg(feature = "serde")] +impl Serialize for VerifyingKey { + fn serialize(&self, serializer: S) -> Result + where + S: Serializer, + { + serializer.serialize_bytes(&self.as_bytes()[..]) + } +} + +#[cfg(feature = "serde")] +impl<'d> Deserialize<'d> for VerifyingKey { + fn deserialize(deserializer: D) -> Result + where + D: Deserializer<'d>, + { + struct VerifyingKeyVisitor; + + impl<'de> serde::de::Visitor<'de> for VerifyingKeyVisitor { + type Value = VerifyingKey; + + fn expecting(&self, formatter: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result { + write!(formatter, concat!("An ed25519 verifying (public) key")) + } + + fn visit_bytes(self, bytes: &[u8]) -> Result { + VerifyingKey::try_from(bytes).map_err(E::custom) + } + + fn visit_seq(self, mut seq: A) -> Result + where + A: serde::de::SeqAccess<'de>, + { + let mut bytes = [0u8; 32]; + + #[allow(clippy::needless_range_loop)] + for i in 0..32 { + bytes[i] = seq + .next_element()? + .ok_or_else(|| serde::de::Error::invalid_length(i, &"expected 32 bytes"))?; + } + + let remaining = (0..) + .map(|_| seq.next_element::()) + .take_while(|el| matches!(el, Ok(Some(_)))) + .count(); + + if remaining > 0 { + return Err(serde::de::Error::invalid_length( + 32 + remaining, + &"expected 32 bytes", + )); + } + + VerifyingKey::try_from(&bytes[..]).map_err(serde::de::Error::custom) + } + } + + deserializer.deserialize_bytes(VerifyingKeyVisitor) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/ed25519.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/ed25519.rs new file mode 100644 index 000000000000..c05efa3c3306 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/ed25519.rs @@ -0,0 +1,657 @@ +// -*- mode: rust; -*- +// +// This file is part of ed25519-dalek. +// Copyright (c) 2017-2019 isis lovecruft +// See LICENSE for licensing information. +// +// Authors: +// - isis agora lovecruft + +//! Integration tests for ed25519-dalek. + +#![allow(clippy::items_after_test_module)] + +use ed25519_dalek::*; + +use hex::FromHex; +#[cfg(feature = "digest")] +use hex_literal::hex; + +#[cfg(test)] +mod vectors { + use super::*; + + use curve25519_dalek::{ + constants::ED25519_BASEPOINT_POINT, + edwards::{CompressedEdwardsY, EdwardsPoint}, + scalar::Scalar, + traits::IsIdentity, + }; + use sha2::{digest::Digest, Sha512}; + + use std::{ + convert::TryFrom, + fs::File, + io::{BufRead, BufReader}, + ops::Neg, + }; + + // TESTVECTORS is taken from sign.input.gz in agl's ed25519 Golang + // package. It is a selection of test cases from + // http://ed25519.cr.yp.to/python/sign.input + #[test] + fn against_reference_implementation() { + // TestGolden + let mut line: String; + let mut lineno: usize = 0; + + let f = File::open("TESTVECTORS"); + if f.is_err() { + println!( + "This test is only available when the code has been cloned \ + from the git repository, since the TESTVECTORS file is large \ + and is therefore not included within the distributed crate." + ); + panic!(); + } + let file = BufReader::new(f.unwrap()); + + for l in file.lines() { + lineno += 1; + line = l.unwrap(); + + let parts: Vec<&str> = line.split(':').collect(); + assert_eq!(parts.len(), 5, "wrong number of fields in line {}", lineno); + + let sec_bytes: Vec = FromHex::from_hex(parts[0]).unwrap(); + let pub_bytes: Vec = FromHex::from_hex(parts[1]).unwrap(); + let msg_bytes: Vec = FromHex::from_hex(parts[2]).unwrap(); + let sig_bytes: Vec = FromHex::from_hex(parts[3]).unwrap(); + + let sec_bytes = &sec_bytes[..SECRET_KEY_LENGTH].try_into().unwrap(); + let pub_bytes = &pub_bytes[..PUBLIC_KEY_LENGTH].try_into().unwrap(); + + let signing_key = SigningKey::from_bytes(sec_bytes); + let expected_verifying_key = VerifyingKey::from_bytes(pub_bytes).unwrap(); + assert_eq!(expected_verifying_key, signing_key.verifying_key()); + + // The signatures in the test vectors also include the message + // at the end, but we just want R and S. + let sig1: Signature = Signature::try_from(&sig_bytes[..64]).unwrap(); + let sig2: Signature = signing_key.sign(&msg_bytes); + + assert!(sig1 == sig2, "Signature bytes not equal on line {}", lineno); + assert!( + signing_key.verify(&msg_bytes, &sig2).is_ok(), + "Signature verification failed on line {}", + lineno + ); + assert!( + expected_verifying_key + .verify_strict(&msg_bytes, &sig2) + .is_ok(), + "Signature strict verification failed on line {}", + lineno + ); + } + } + + // From https://tools.ietf.org/html/rfc8032#section-7.3 + #[cfg(feature = "digest")] + #[test] + fn ed25519ph_rf8032_test_vector_prehash() { + let sec_bytes = hex!("833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42"); + let pub_bytes = hex!("ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf"); + let msg_bytes = hex!("616263"); + let sig_bytes = hex!("98a70222f0b8121aa9d30f813d683f809e462b469c7ff87639499bb94e6dae4131f85042463c2a355a2003d062adf5aaa10b8c61e636062aaad11c2a26083406"); + + let signing_key = SigningKey::from_bytes(&sec_bytes); + let expected_verifying_key = VerifyingKey::from_bytes(&pub_bytes).unwrap(); + assert_eq!(expected_verifying_key, signing_key.verifying_key()); + let sig1 = Signature::try_from(&sig_bytes[..]).unwrap(); + + let mut prehash_for_signing = Sha512::default(); + let mut prehash_for_verifying = Sha512::default(); + + prehash_for_signing.update(&msg_bytes[..]); + prehash_for_verifying.update(&msg_bytes[..]); + + let sig2: Signature = signing_key + .sign_prehashed(prehash_for_signing, None) + .unwrap(); + + assert!( + sig1 == sig2, + "Original signature from test vectors doesn't equal signature produced:\ + \noriginal:\n{:?}\nproduced:\n{:?}", + sig1, + sig2 + ); + assert!( + signing_key + .verify_prehashed(prehash_for_verifying.clone(), None, &sig2) + .is_ok(), + "Could not verify ed25519ph signature!" + ); + assert!( + expected_verifying_key + .verify_prehashed_strict(prehash_for_verifying, None, &sig2) + .is_ok(), + "Could not strict-verify ed25519ph signature!" + ); + } + + // + // The remaining items in this mod are for the repudiation tests + // + + // Taken from curve25519_dalek::constants::EIGHT_TORSION[4] + const EIGHT_TORSION_4: [u8; 32] = [ + 236, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127, + ]; + + // Computes the prehashed or non-prehashed challenge, depending on whether context is given + fn compute_challenge( + message: &[u8], + pub_key: &EdwardsPoint, + signature_r: &EdwardsPoint, + context: Option<&[u8]>, + ) -> Scalar { + let mut h = Sha512::default(); + if let Some(c) = context { + h.update(b"SigEd25519 no Ed25519 collisions"); + h.update([1]); + h.update([c.len() as u8]); + h.update(c); + } + h.update(signature_r.compress().as_bytes()); + h.update(&pub_key.compress().as_bytes()[..]); + h.update(message); + Scalar::from_hash(h) + } + + fn serialize_signature(r: &EdwardsPoint, s: &Scalar) -> Vec { + [&r.compress().as_bytes()[..], &s.as_bytes()[..]].concat() + } + + const WEAK_PUBKEY: CompressedEdwardsY = CompressedEdwardsY(EIGHT_TORSION_4); + + // Pick a random Scalar + fn non_null_scalar() -> Scalar { + let mut rng = rand::rngs::OsRng; + let mut s_candidate = Scalar::random(&mut rng); + while s_candidate == Scalar::ZERO { + s_candidate = Scalar::random(&mut rng); + } + s_candidate + } + + fn pick_r(s: Scalar) -> EdwardsPoint { + let r0 = s * ED25519_BASEPOINT_POINT; + // Pick a torsion point of order 2 + r0 + WEAK_PUBKEY.decompress().unwrap().neg() + } + + // Tests that verify_strict() rejects small-order pubkeys. We test this by explicitly + // constructing a pubkey-signature pair that verifies with respect to two distinct messages. + // This should be accepted by verify(), but rejected by verify_strict(). + #[test] + fn repudiation() { + let message1 = b"Send 100 USD to Alice"; + let message2 = b"Send 100000 USD to Alice"; + + let mut s: Scalar = non_null_scalar(); + let pubkey = WEAK_PUBKEY.decompress().unwrap(); + let mut r = pick_r(s); + + // Find an R such that + // H(R || A || M₁) · A == A == H(R || A || M₂) · A + // This happens with high probability when A is low order. + while !(pubkey.neg() + compute_challenge(message1, &pubkey, &r, None) * pubkey) + .is_identity() + || !(pubkey.neg() + compute_challenge(message2, &pubkey, &r, None) * pubkey) + .is_identity() + { + // We pick an s and let R = sB - A where B is the basepoint + s = non_null_scalar(); + r = pick_r(s); + } + + // At this point, both verification equations hold: + // sB = R + H(R || A || M₁) · A + // = R + H(R || A || M₂) · A + // Check that this is true + let signature = serialize_signature(&r, &s); + let vk = VerifyingKey::from_bytes(pubkey.compress().as_bytes()).unwrap(); + let sig = Signature::try_from(&signature[..]).unwrap(); + assert!(vk.verify(message1, &sig).is_ok()); + assert!(vk.verify(message2, &sig).is_ok()); + + // Check that this public key appears as weak + assert!(vk.is_weak()); + + // Now check that the sigs fail under verify_strict. This is because verify_strict rejects + // small order pubkeys. + assert!(vk.verify_strict(message1, &sig).is_err()); + assert!(vk.verify_strict(message2, &sig).is_err()); + } + + // Identical to repudiation() above, but testing verify_prehashed against + // verify_prehashed_strict. See comments above for a description of what's happening. + #[cfg(feature = "digest")] + #[test] + fn repudiation_prehash() { + let message1 = Sha512::new().chain_update(b"Send 100 USD to Alice"); + let message2 = Sha512::new().chain_update(b"Send 100000 USD to Alice"); + let message1_bytes = message1.clone().finalize(); + let message2_bytes = message2.clone().finalize(); + + let mut s: Scalar = non_null_scalar(); + let pubkey = WEAK_PUBKEY.decompress().unwrap(); + let mut r = pick_r(s); + let context_str = Some(&b"edtest"[..]); + + while !(pubkey.neg() + + compute_challenge(&message1_bytes, &pubkey, &r, context_str) * pubkey) + .is_identity() + || !(pubkey.neg() + + compute_challenge(&message2_bytes, &pubkey, &r, context_str) * pubkey) + .is_identity() + { + s = non_null_scalar(); + r = pick_r(s); + } + + // Check that verify_prehashed succeeds on both sigs + let signature = serialize_signature(&r, &s); + let vk = VerifyingKey::from_bytes(pubkey.compress().as_bytes()).unwrap(); + let sig = Signature::try_from(&signature[..]).unwrap(); + assert!(vk + .verify_prehashed(message1.clone(), context_str, &sig) + .is_ok()); + assert!(vk + .verify_prehashed(message2.clone(), context_str, &sig) + .is_ok()); + + // Check that verify_prehashed_strict fails on both sigs + assert!(vk + .verify_prehashed_strict(message1.clone(), context_str, &sig) + .is_err()); + assert!(vk + .verify_prehashed_strict(message2.clone(), context_str, &sig) + .is_err()); + } +} + +#[cfg(feature = "rand_core")] +mod integrations { + use super::*; + use rand::rngs::OsRng; + #[cfg(feature = "digest")] + use sha2::Sha512; + use std::collections::HashMap; + + #[test] + fn sign_verify() { + // TestSignVerify + + let good: &[u8] = "test message".as_bytes(); + let bad: &[u8] = "wrong message".as_bytes(); + + let mut csprng = OsRng; + + let signing_key: SigningKey = SigningKey::generate(&mut csprng); + let verifying_key = signing_key.verifying_key(); + let good_sig: Signature = signing_key.sign(good); + let bad_sig: Signature = signing_key.sign(bad); + + // Check that an honestly generated public key is not weak + assert!(!verifying_key.is_weak()); + + assert!( + signing_key.verify(good, &good_sig).is_ok(), + "Verification of a valid signature failed!" + ); + assert!( + verifying_key.verify_strict(good, &good_sig).is_ok(), + "Strict verification of a valid signature failed!" + ); + assert!( + signing_key.verify(good, &bad_sig).is_err(), + "Verification of a signature on a different message passed!" + ); + assert!( + verifying_key.verify_strict(good, &bad_sig).is_err(), + "Strict verification of a signature on a different message passed!" + ); + assert!( + signing_key.verify(bad, &good_sig).is_err(), + "Verification of a signature on a different message passed!" + ); + assert!( + verifying_key.verify_strict(bad, &good_sig).is_err(), + "Strict verification of a signature on a different message passed!" + ); + } + + #[cfg(feature = "digest")] + #[test] + fn ed25519ph_sign_verify() { + let good: &[u8] = b"test message"; + let bad: &[u8] = b"wrong message"; + + let mut csprng = OsRng; + + // ugh… there's no `impl Copy for Sha512`… i hope we can all agree these are the same hashes + let mut prehashed_good1: Sha512 = Sha512::default(); + prehashed_good1.update(good); + let mut prehashed_good2: Sha512 = Sha512::default(); + prehashed_good2.update(good); + let mut prehashed_good3: Sha512 = Sha512::default(); + prehashed_good3.update(good); + + let mut prehashed_bad1: Sha512 = Sha512::default(); + prehashed_bad1.update(bad); + let mut prehashed_bad2: Sha512 = Sha512::default(); + prehashed_bad2.update(bad); + + let context: &[u8] = b"testing testing 1 2 3"; + + let signing_key: SigningKey = SigningKey::generate(&mut csprng); + let verifying_key = signing_key.verifying_key(); + let good_sig: Signature = signing_key + .sign_prehashed(prehashed_good1, Some(context)) + .unwrap(); + let bad_sig: Signature = signing_key + .sign_prehashed(prehashed_bad1, Some(context)) + .unwrap(); + + assert!( + signing_key + .verify_prehashed(prehashed_good2.clone(), Some(context), &good_sig) + .is_ok(), + "Verification of a valid signature failed!" + ); + assert!( + verifying_key + .verify_prehashed_strict(prehashed_good2, Some(context), &good_sig) + .is_ok(), + "Strict verification of a valid signature failed!" + ); + assert!( + signing_key + .verify_prehashed(prehashed_good3.clone(), Some(context), &bad_sig) + .is_err(), + "Verification of a signature on a different message passed!" + ); + assert!( + verifying_key + .verify_prehashed_strict(prehashed_good3, Some(context), &bad_sig) + .is_err(), + "Strict verification of a signature on a different message passed!" + ); + assert!( + signing_key + .verify_prehashed(prehashed_bad2.clone(), Some(context), &good_sig) + .is_err(), + "Verification of a signature on a different message passed!" + ); + assert!( + verifying_key + .verify_prehashed_strict(prehashed_bad2, Some(context), &good_sig) + .is_err(), + "Strict verification of a signature on a different message passed!" + ); + } + + #[cfg(feature = "batch")] + #[test] + fn verify_batch_seven_signatures() { + let messages: [&[u8]; 7] = [ + b"Watch closely everyone, I'm going to show you how to kill a god.", + b"I'm not a cryptographer I just encrypt a lot.", + b"Still not a cryptographer.", + b"This is a test of the tsunami alert system. This is only a test.", + b"Fuck dumbin' it down, spit ice, skip jewellery: Molotov cocktails on me like accessories.", + b"Hey, I never cared about your bucks, so if I run up with a mask on, probably got a gas can too.", + b"And I'm not here to fill 'er up. Nope, we came to riot, here to incite, we don't want any of your stuff.", ]; + let mut csprng = OsRng; + let mut signing_keys: Vec = Vec::new(); + let mut signatures: Vec = Vec::new(); + + for msg in messages { + let signing_key: SigningKey = SigningKey::generate(&mut csprng); + signatures.push(signing_key.sign(msg)); + signing_keys.push(signing_key); + } + let verifying_keys: Vec = + signing_keys.iter().map(|key| key.verifying_key()).collect(); + + let result = verify_batch(&messages, &signatures, &verifying_keys); + + assert!(result.is_ok()); + } + + #[test] + fn public_key_hash_trait_check() { + let mut csprng = OsRng {}; + let secret: SigningKey = SigningKey::generate(&mut csprng); + let public_from_secret: VerifyingKey = (&secret).into(); + + let mut m = HashMap::new(); + m.insert(public_from_secret, "Example_Public_Key"); + + m.insert(public_from_secret, "Updated Value"); + + let (k, &v) = m.get_key_value(&public_from_secret).unwrap(); + assert_eq!(k, &public_from_secret); + assert_eq!(v, "Updated Value"); + assert_eq!(m.len(), 1usize); + + let second_secret: SigningKey = SigningKey::generate(&mut csprng); + let public_from_second_secret: VerifyingKey = (&second_secret).into(); + assert_ne!(public_from_secret, public_from_second_secret); + m.insert(public_from_second_secret, "Second public key"); + + let (k, &v) = m.get_key_value(&public_from_second_secret).unwrap(); + assert_eq!(k, &public_from_second_secret); + assert_eq!(v, "Second public key"); + assert_eq!(m.len(), 2usize); + } +} + +#[cfg(all(test, feature = "serde"))] +#[derive(Debug, serde::Serialize, serde::Deserialize)] +#[serde(crate = "serde")] +struct Demo { + signing_key: SigningKey, +} + +#[cfg(all(test, feature = "serde"))] +mod serialisation { + #![allow(clippy::zero_prefixed_literal)] + + use super::*; + + // The size for bincode to serialize the length of a byte array. + static BINCODE_INT_LENGTH: usize = 8; + + static PUBLIC_KEY_BYTES: [u8; PUBLIC_KEY_LENGTH] = [ + 130, 039, 155, 015, 062, 076, 188, 063, 124, 122, 026, 251, 233, 253, 225, 220, 014, 041, + 166, 120, 108, 035, 254, 077, 160, 083, 172, 058, 219, 042, 086, 120, + ]; + + static SECRET_KEY_BYTES: [u8; SECRET_KEY_LENGTH] = [ + 062, 070, 027, 163, 092, 182, 011, 003, 077, 234, 098, 004, 011, 127, 079, 228, 243, 187, + 150, 073, 201, 137, 076, 022, 085, 251, 152, 002, 241, 042, 072, 054, + ]; + + /// Signature with the above signing_key of a blank message. + static SIGNATURE_BYTES: [u8; SIGNATURE_LENGTH] = [ + 010, 126, 151, 143, 157, 064, 047, 001, 196, 140, 179, 058, 226, 152, 018, 102, 160, 123, + 080, 016, 210, 086, 196, 028, 053, 231, 012, 157, 169, 019, 158, 063, 045, 154, 238, 007, + 053, 185, 227, 229, 079, 108, 213, 080, 124, 252, 084, 167, 216, 085, 134, 144, 129, 149, + 041, 081, 063, 120, 126, 100, 092, 059, 050, 011, + ]; + + #[test] + fn serialize_deserialize_signature_bincode() { + let signature: Signature = Signature::from_bytes(&SIGNATURE_BYTES); + let encoded_signature: Vec = bincode::serialize(&signature).unwrap(); + let decoded_signature: Signature = bincode::deserialize(&encoded_signature).unwrap(); + + assert_eq!(signature, decoded_signature); + } + + #[test] + fn serialize_deserialize_signature_json() { + let signature: Signature = Signature::from_bytes(&SIGNATURE_BYTES); + let encoded_signature = serde_json::to_string(&signature).unwrap(); + let decoded_signature: Signature = serde_json::from_str(&encoded_signature).unwrap(); + + assert_eq!(signature, decoded_signature); + } + + #[test] + fn serialize_deserialize_verifying_key_bincode() { + let verifying_key: VerifyingKey = VerifyingKey::from_bytes(&PUBLIC_KEY_BYTES).unwrap(); + let encoded_verifying_key: Vec = bincode::serialize(&verifying_key).unwrap(); + let decoded_verifying_key: VerifyingKey = + bincode::deserialize(&encoded_verifying_key).unwrap(); + + assert_eq!( + &PUBLIC_KEY_BYTES[..], + &encoded_verifying_key[encoded_verifying_key.len() - PUBLIC_KEY_LENGTH..] + ); + assert_eq!(verifying_key, decoded_verifying_key); + } + + #[test] + fn serialize_deserialize_verifying_key_json() { + let verifying_key: VerifyingKey = VerifyingKey::from_bytes(&PUBLIC_KEY_BYTES).unwrap(); + let encoded_verifying_key = serde_json::to_string(&verifying_key).unwrap(); + let decoded_verifying_key: VerifyingKey = + serde_json::from_str(&encoded_verifying_key).unwrap(); + + assert_eq!(verifying_key, decoded_verifying_key); + } + + #[test] + fn serialize_deserialize_verifying_key_json_too_long() { + // derived from `serialize_deserialize_verifying_key_json` test + // trailing zero elements makes key too long (34 bytes) + let encoded_verifying_key_too_long = "[130,39,155,15,62,76,188,63,124,122,26,251,233,253,225,220,14,41,166,120,108,35,254,77,160,83,172,58,219,42,86,120,0,0]"; + let de_err = serde_json::from_str::(encoded_verifying_key_too_long) + .unwrap_err() + .to_string(); + assert!( + de_err.contains("invalid length 34"), + "expected invalid length error, got: {de_err}", + ); + } + + #[test] + fn serialize_deserialize_verifying_key_json_too_short() { + // derived from `serialize_deserialize_verifying_key_json` test + let encoded_verifying_key_too_long = "[130,39,155,15]"; + let de_err = serde_json::from_str::(encoded_verifying_key_too_long) + .unwrap_err() + .to_string(); + assert!( + de_err.contains("invalid length 4"), + "expected invalid length error, got: {de_err}" + ); + } + + #[test] + fn serialize_deserialize_signing_key_bincode() { + let signing_key = SigningKey::from_bytes(&SECRET_KEY_BYTES); + let encoded_signing_key: Vec = bincode::serialize(&signing_key).unwrap(); + let decoded_signing_key: SigningKey = bincode::deserialize(&encoded_signing_key).unwrap(); + + #[allow(clippy::needless_range_loop)] + for i in 0..SECRET_KEY_LENGTH { + assert_eq!(SECRET_KEY_BYTES[i], decoded_signing_key.to_bytes()[i]); + } + } + + #[test] + fn serialize_deserialize_signing_key_json() { + let signing_key = SigningKey::from_bytes(&SECRET_KEY_BYTES); + let encoded_signing_key = serde_json::to_string(&signing_key).unwrap(); + let decoded_signing_key: SigningKey = serde_json::from_str(&encoded_signing_key).unwrap(); + + #[allow(clippy::needless_range_loop)] + for i in 0..SECRET_KEY_LENGTH { + assert_eq!(SECRET_KEY_BYTES[i], decoded_signing_key.to_bytes()[i]); + } + } + + #[test] + fn serialize_deserialize_signing_key_json_too_long() { + // derived from `serialize_deserialize_signing_key_json` test + // trailing zero elements makes key too long (34 bytes) + let encoded_signing_key_too_long = "[62,70,27,163,92,182,11,3,77,234,98,4,11,127,79,228,243,187,150,73,201,137,76,22,85,251,152,2,241,42,72,54,0,0]"; + let de_err = serde_json::from_str::(encoded_signing_key_too_long) + .unwrap_err() + .to_string(); + assert!( + de_err.contains("invalid length 34"), + "expected invalid length error, got: {de_err}", + ); + } + + #[test] + fn serialize_deserialize_signing_key_json_too_short() { + // derived from `serialize_deserialize_signing_key_json` test + let encoded_signing_key_too_long = "[62,70,27,163]"; + let de_err = serde_json::from_str::(encoded_signing_key_too_long) + .unwrap_err() + .to_string(); + assert!( + de_err.contains("invalid length 4"), + "expected invalid length error, got: {de_err}" + ); + } + + #[test] + fn serialize_deserialize_signing_key_toml() { + let demo = Demo { + signing_key: SigningKey::from_bytes(&SECRET_KEY_BYTES), + }; + + println!("\n\nWrite to toml"); + let demo_toml = toml::to_string(&demo).unwrap(); + println!("{}", demo_toml); + let demo_toml_rebuild: Result = toml::from_str(&demo_toml); + println!("{:?}", demo_toml_rebuild); + } + + #[test] + fn serialize_verifying_key_size() { + let verifying_key: VerifyingKey = VerifyingKey::from_bytes(&PUBLIC_KEY_BYTES).unwrap(); + assert_eq!( + bincode::serialized_size(&verifying_key).unwrap() as usize, + BINCODE_INT_LENGTH + PUBLIC_KEY_LENGTH + ); + } + + #[test] + fn serialize_signature_size() { + let signature: Signature = Signature::from_bytes(&SIGNATURE_BYTES); + assert_eq!( + bincode::serialized_size(&signature).unwrap() as usize, + SIGNATURE_LENGTH + ); + } + + #[test] + fn serialize_signing_key_size() { + let signing_key = SigningKey::from_bytes(&SECRET_KEY_BYTES); + assert_eq!( + bincode::serialized_size(&signing_key).unwrap() as usize, + BINCODE_INT_LENGTH + SECRET_KEY_LENGTH + ); + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/examples/pkcs8-v1.der b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/examples/pkcs8-v1.der new file mode 100644 index 000000000000..cb780b362c9d Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/examples/pkcs8-v1.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/examples/pkcs8-v2.der b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/examples/pkcs8-v2.der new file mode 100644 index 000000000000..3358e8a730ac Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/examples/pkcs8-v2.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/examples/pubkey.der b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/examples/pubkey.der new file mode 100644 index 000000000000..d1002c4a4e62 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/examples/pubkey.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/pkcs8.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/pkcs8.rs new file mode 100644 index 000000000000..fecdba94ec2e --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/pkcs8.rs @@ -0,0 +1,71 @@ +//! PKCS#8 private key and SPKI public key tests. +//! +//! These are standard formats for storing public and private keys, defined in +//! RFC5958 (PKCS#8) and RFC5280 (SPKI). + +#![cfg(feature = "pkcs8")] + +use ed25519_dalek::pkcs8::{DecodePrivateKey, DecodePublicKey}; +use ed25519_dalek::{SigningKey, VerifyingKey}; +use hex_literal::hex; + +#[cfg(feature = "alloc")] +use ed25519_dalek::pkcs8::{EncodePrivateKey, EncodePublicKey}; + +/// Ed25519 PKCS#8 v1 private key encoded as ASN.1 DER. +const PKCS8_V1_DER: &[u8] = include_bytes!("examples/pkcs8-v1.der"); + +/// Ed25519 PKCS#8 v2 private key + public key encoded as ASN.1 DER. +const PKCS8_V2_DER: &[u8] = include_bytes!("examples/pkcs8-v2.der"); + +/// Ed25519 SubjectVerifyingKeyInfo encoded as ASN.1 DER. +const PUBLIC_KEY_DER: &[u8] = include_bytes!("examples/pubkey.der"); + +/// Secret key bytes. +/// +/// Extracted with: +/// $ openssl asn1parse -inform der -in tests/examples/pkcs8-v1.der +const SK_BYTES: [u8; 32] = hex!("D4EE72DBF913584AD5B6D8F1F769F8AD3AFE7C28CBF1D4FBE097A88F44755842"); + +/// Public key bytes. +const PK_BYTES: [u8; 32] = hex!("19BF44096984CDFE8541BAC167DC3B96C85086AA30B6B6CB0C5C38AD703166E1"); + +#[test] +fn decode_pkcs8_v1() { + let keypair = SigningKey::from_pkcs8_der(PKCS8_V1_DER).unwrap(); + assert_eq!(SK_BYTES, keypair.to_bytes()); + assert_eq!(PK_BYTES, keypair.verifying_key().to_bytes()); +} + +#[test] +fn decode_pkcs8_v2() { + let keypair = SigningKey::from_pkcs8_der(PKCS8_V2_DER).unwrap(); + assert_eq!(SK_BYTES, keypair.to_bytes()); + assert_eq!(PK_BYTES, keypair.verifying_key().to_bytes()); +} + +#[test] +fn decode_verifying_key() { + let verifying_key = VerifyingKey::from_public_key_der(PUBLIC_KEY_DER).unwrap(); + assert_eq!(PK_BYTES, verifying_key.to_bytes()); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_pkcs8() { + let keypair = SigningKey::from_bytes(&SK_BYTES); + let pkcs8_key = keypair.to_pkcs8_der().unwrap(); + + let keypair2 = SigningKey::from_pkcs8_der(pkcs8_key.as_bytes()).unwrap(); + assert_eq!(keypair.to_bytes(), keypair2.to_bytes()); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_verifying_key() { + let verifying_key = VerifyingKey::from_bytes(&PK_BYTES).unwrap(); + let verifying_key_der = verifying_key.to_public_key_der().unwrap(); + + let verifying_key2 = VerifyingKey::from_public_key_der(verifying_key_der.as_bytes()).unwrap(); + assert_eq!(verifying_key, verifying_key2); +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/validation_criteria.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/validation_criteria.rs new file mode 100644 index 000000000000..7c45a960bcb7 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/validation_criteria.rs @@ -0,0 +1,231 @@ +use ed25519::signature::Verifier; +use ed25519_dalek::{Signature, VerifyingKey}; + +use serde::{de::Error as SError, Deserialize, Deserializer}; +use std::{collections::BTreeSet as Set, fs::File}; + +/// The set of edge cases that [`VerifyingKey::verify()`] permits. +const VERIFY_ALLOWED_EDGECASES: &[Flag] = &[ + Flag::LowOrderA, + Flag::LowOrderR, + Flag::NonCanonicalA, + Flag::LowOrderComponentA, + Flag::LowOrderComponentR, + // `ReencodedK` is not actually permitted by `verify()`, but it looks that way in the tests + // because it sometimes occurs with a low-order A. 1/8 of the time, the resulting signature + // will be identical the one made with a normal k. find_validation_criteria shows that indeed + // this occurs 10/58 of the time + Flag::ReencodedK, +]; + +/// The set of edge cases that [`VerifyingKey::verify_strict()`] permits +const VERIFY_STRICT_ALLOWED_EDGECASES: &[Flag] = + &[Flag::LowOrderComponentA, Flag::LowOrderComponentR]; + +/// Each variant describes a specific edge case that can occur in an Ed25519 signature. Refer to +/// the test vector [README][] for more info. +/// +/// [README]: https://github.com/C2SP/CCTV/blob/5ea85644bd035c555900a2f707f7e4c31ea65ced/ed25519vectors/README.md +#[derive(Deserialize, Debug, Copy, Clone, PartialOrd, Ord, Eq, PartialEq)] +enum Flag { + #[serde(rename = "low_order")] + LowOrder, + #[serde(rename = "low_order_A")] + LowOrderA, + #[serde(rename = "low_order_R")] + LowOrderR, + #[serde(rename = "non_canonical_A")] + NonCanonicalA, + #[serde(rename = "non_canonical_R")] + NonCanonicalR, + #[serde(rename = "low_order_component_A")] + LowOrderComponentA, + #[serde(rename = "low_order_component_R")] + LowOrderComponentR, + #[serde(rename = "low_order_residue")] + LowOrderResidue, + #[serde(rename = "reencoded_k")] + ReencodedK, +} + +/// This is an intermediate representation between JSON and TestVector +#[derive(Deserialize)] +struct IntermediateTestVector { + number: usize, + #[serde(deserialize_with = "bytes_from_hex", rename = "key")] + pubkey: Vec, + #[serde(deserialize_with = "bytes_from_hex")] + sig: Vec, + msg: String, + flags: Option>, +} + +/// The test vector struct from [CCTV][]. `sig` may or may not be a valid signature of `msg` with +/// respect to `pubkey`, depending on the verification function's validation criteria. `flags` +/// describes all the edge cases which this test vector falls into. +/// +/// [CCTV]: https://github.com/C2SP/CCTV/tree/5ea85644bd035c555900a2f707f7e4c31ea65ced/ed25519vectors +struct TestVector { + number: usize, + pubkey: VerifyingKey, + sig: Signature, + msg: Vec, + flags: Set, +} + +impl From for TestVector { + fn from(tv: IntermediateTestVector) -> Self { + let number = tv.number; + let pubkey = { + let mut buf = [0u8; 32]; + buf.copy_from_slice(&tv.pubkey); + VerifyingKey::from_bytes(&buf).unwrap() + }; + let sig = { + let mut buf = [0u8; 64]; + buf.copy_from_slice(&tv.sig); + Signature::from_bytes(&buf) + }; + let msg = tv.msg.as_bytes().to_vec(); + + // Unwrap the Option> + let flags = tv.flags.unwrap_or_default(); + + Self { + number, + pubkey, + sig, + msg, + flags, + } + } +} + +// Tells serde how to deserialize bytes from hex +fn bytes_from_hex<'de, D>(deserializer: D) -> Result, D::Error> +where + D: Deserializer<'de>, +{ + let mut hex_str = String::deserialize(deserializer)?; + // Prepend a 0 if it's not even length + if hex_str.len() % 2 == 1 { + hex_str.insert(0, '0'); + } + hex::decode(hex_str).map_err(|e| SError::custom(format!("{:?}", e))) +} + +fn get_test_vectors() -> impl Iterator { + let f = File::open("VALIDATIONVECTORS").expect( + "This test is only available when the code has been cloned from the git repository, since + the VALIDATIONVECTORS file is large and is therefore not included within the distributed \ + crate.", + ); + + serde_json::from_reader::<_, Vec>(f) + .unwrap() + .into_iter() + .map(TestVector::from) +} + +/// Tests that the verify() and verify_strict() functions succeed only on test cases whose flags +/// (i.e., edge cases it falls into) are a subset of VERIFY_ALLOWED_EDGECASES and +/// VERIFY_STRICT_ALLOWED_EDGECASES, respectively +#[test] +fn check_validation_criteria() { + let verify_allowed_edgecases = Set::from_iter(VERIFY_ALLOWED_EDGECASES.to_vec()); + let verify_strict_allowed_edgecases = Set::from_iter(VERIFY_STRICT_ALLOWED_EDGECASES.to_vec()); + + for TestVector { + number, + pubkey, + msg, + sig, + flags, + } in get_test_vectors() + { + // If all the verify-permitted flags here are ones we permit, then verify() should succeed. + // Otherwise, it should not. + let success = pubkey.verify(&msg, &sig).is_ok(); + if flags.is_subset(&verify_allowed_edgecases) { + assert!(success, "verify() expected success in testcase #{number}",); + } else { + assert!(!success, "verify() expected failure in testcase #{number}",); + } + + // If all the verify_strict-permitted flags here are ones we permit, then verify_strict() + // should succeed. Otherwise, it should not. + let success = pubkey.verify_strict(&msg, &sig).is_ok(); + if flags.is_subset(&verify_strict_allowed_edgecases) { + assert!( + success, + "verify_strict() expected success in testcase #{number}", + ); + } else { + assert!( + !success, + "verify_strict() expected failure in testcase #{number}", + ); + } + } +} + +/// Prints the flags that are consistently permitted by verify() and verify_strict() +#[test] +fn find_validation_criteria() { + let mut verify_allowed_edgecases = Set::new(); + let mut verify_strict_allowed_edgecases = Set::new(); + + // Counts the number of times a signature with a re-encoded k and a low-order A verified. This + // happens with 1/8 probability, assuming the usual verification equation(s). + let mut num_lucky_reencoded_k = 0; + let mut num_reencoded_k = 0; + + for TestVector { + number: _, + pubkey, + msg, + sig, + flags, + } in get_test_vectors() + { + // If verify() was a success, add all the associated flags to verify-permitted set + let success = pubkey.verify(&msg, &sig).is_ok(); + + // If this is ReencodedK && LowOrderA, log some statistics + if flags.contains(&Flag::ReencodedK) && flags.contains(&Flag::LowOrderA) { + num_reencoded_k += 1; + num_lucky_reencoded_k += success as u8; + } + + if success { + for flag in &flags { + // Don't count re-encoded k when A is low-order. This is because the + // re-encoded k might be a multiple of 8 by accident + if *flag == Flag::ReencodedK && flags.contains(&Flag::LowOrderA) { + continue; + } else { + verify_allowed_edgecases.insert(*flag); + } + } + } + + // If verify_strict() was a success, add all the associated flags to + // verify_strict-permitted set + let success = pubkey.verify_strict(&msg, &sig).is_ok(); + if success { + for flag in &flags { + verify_strict_allowed_edgecases.insert(*flag); + } + } + } + + println!("VERIFY_ALLOWED_EDGECASES: {:?}", verify_allowed_edgecases); + println!( + "VERIFY_STRICT_ALLOWED_EDGECASES: {:?}", + verify_strict_allowed_edgecases + ); + println!( + "re-encoded k && low-order A yielded a valid signature {}/{} of the time", + num_lucky_reencoded_k, num_reencoded_k + ); +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/x25519.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/x25519.rs new file mode 100644 index 000000000000..11e72a80485f --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/tests/x25519.rs @@ -0,0 +1,80 @@ +//! Tests for converting Ed25519 keys into X25519 (Montgomery form) keys. + +use curve25519_dalek::scalar::{clamp_integer, Scalar}; +use ed25519_dalek::SigningKey; +use hex_literal::hex; +use sha2::{Digest, Sha512}; +use x25519_dalek::{PublicKey as XPublicKey, StaticSecret as XStaticSecret}; + +/// Tests that X25519 Diffie-Hellman works when using keys converted from Ed25519. +// TODO: generate test vectors using another implementation of Ed25519->X25519 +#[test] +fn ed25519_to_x25519_dh() { + // Keys from RFC8032 test vectors (from section 7.1) + let ed_secret_key_a = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"); + let ed_secret_key_b = hex!("4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb"); + + let ed_signing_key_a = SigningKey::from_bytes(&ed_secret_key_a); + let ed_signing_key_b = SigningKey::from_bytes(&ed_secret_key_b); + + // Create an x25519 static secret from the ed25519 signing key + let scalar_bytes_a = ed_signing_key_a.to_scalar_bytes(); + let scalar_bytes_b = ed_signing_key_b.to_scalar_bytes(); + let x_static_secret_a = XStaticSecret::from(scalar_bytes_a); + let x_static_secret_b = XStaticSecret::from(scalar_bytes_b); + + // Compute the secret scalars too + let scalar_a = ed_signing_key_a.to_scalar(); + let scalar_b = ed_signing_key_b.to_scalar(); + + // Compare the scalar bytes to the first 32 bytes of SHA-512(secret_key). We have to clamp and + // reduce the SHA-512 output because that's what the spec does before using the scalars for + // anything. + assert_eq!(scalar_bytes_a, &Sha512::digest(ed_secret_key_a)[..32]); + assert_eq!(scalar_bytes_b, &Sha512::digest(ed_secret_key_b)[..32]); + + // Compare the scalar with the clamped and reduced scalar bytes + assert_eq!( + scalar_a, + Scalar::from_bytes_mod_order(clamp_integer(scalar_bytes_a)) + ); + assert_eq!( + scalar_b, + Scalar::from_bytes_mod_order(clamp_integer(scalar_bytes_b)) + ); + + let x_public_key_a = XPublicKey::from(&x_static_secret_a); + let x_public_key_b = XPublicKey::from(&x_static_secret_b); + assert_eq!( + x_public_key_a.to_bytes(), + hex!("d85e07ec22b0ad881537c2f44d662d1a143cf830c57aca4305d85c7a90f6b62e") + ); + assert_eq!( + x_public_key_b.to_bytes(), + hex!("25c704c594b88afc00a76b69d1ed2b984d7e22550f3ed0802d04fbcd07d38d47") + ); + + // Test the claim made in the comments of SigningKey::to_scalar_bytes, i.e., that the resulting + // scalar is a valid private key for the x25519 pubkey represented by + // `sk.verifying_key().to_montgomery()` + assert_eq!( + ed_signing_key_a.verifying_key().to_montgomery().as_bytes(), + x_public_key_a.as_bytes() + ); + assert_eq!( + ed_signing_key_b.verifying_key().to_montgomery().as_bytes(), + x_public_key_b.as_bytes() + ); + + // Check that Diffie-Hellman works + let expected_shared_secret = + hex!("5166f24a6918368e2af831a4affadd97af0ac326bdf143596c045967cc00230e"); + assert_eq!( + x_static_secret_a.diffie_hellman(&x_public_key_b).to_bytes(), + expected_shared_secret, + ); + assert_eq!( + x_static_secret_b.diffie_hellman(&x_public_key_a).to_bytes(), + expected_shared_secret, + ); +} diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.cargo_vcs_info.json deleted file mode 100644 index c33907289cda..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.cargo_vcs_info.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "git": { - "sha1": "1f005ab4e8d22077187bad8dd13d843f48b94d62" - }, - "path_in_vcs": "" -} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.cargo_vcs_info.json new file mode 100644 index 000000000000..19f6bb7e5257 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "cfa4df6c621d99429d4357b6823fb48f8e4fe8ad" + }, + "path_in_vcs": "" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.github/workflows/audit.yml b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.github/workflows/audit.yml similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.github/workflows/audit.yml rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.github/workflows/audit.yml diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.github/workflows/ci.yml b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.github/workflows/ci.yml similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.github/workflows/ci.yml rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.github/workflows/ci.yml diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.gitignore b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.gitignore similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/.gitignore rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/.gitignore diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/Cargo.toml similarity index 93% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/Cargo.toml rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/Cargo.toml index d399a95af77c..c1f100da538b 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/Cargo.toml +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/Cargo.toml @@ -10,9 +10,9 @@ # See Cargo.toml.orig for the original contents. [package] -edition = "2018" +edition = "2021" name = "ed25519-dalek-bip32" -version = "0.2.0" +version = "0.3.0" authors = ["Julian Popescu "] description = "Simplified ed25519 BIP32 derivations" homepage = "https://github.com/jpopesculian/ed25519-dalek-bip32" @@ -37,11 +37,8 @@ version = "0.2.0" default-features = false [dependencies.ed25519-dalek] -version = "1.0.1" -features = [ - "u64_backend", - "rand", -] +version = "2.0.0" +features = ["rand_core"] default-features = false [dependencies.hmac] diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/Cargo.toml.orig similarity index 85% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/Cargo.toml.orig rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/Cargo.toml.orig index c559c8bcc7e7..2ed39e33db71 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/Cargo.toml.orig +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/Cargo.toml.orig @@ -1,8 +1,8 @@ [package] name = "ed25519-dalek-bip32" -version = "0.2.0" +version = "0.3.0" authors = ["Julian Popescu "] -edition = "2018" +edition = "2021" license = "MIT OR Apache-2.0" readme = "README.md" homepage = "https://github.com/jpopesculian/ed25519-dalek-bip32" @@ -20,7 +20,7 @@ std = ["derivation-path/std", "sha2/std", "ed25519-dalek/std"] derivation-path = { version = "0.2.0", default-features = false } sha2 = { version = "0.10.1", default-features = false } hmac = { version = "0.12.0", default-features = false } -ed25519-dalek = { version = "1.0.1", default-features = false, features = ["u64_backend", "rand"] } +ed25519-dalek = { version = "2.0.0", default-features = false, features = ["rand_core"] } [dev-dependencies] hex = "0.4.2" diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/README.md b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/README.md similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/README.md rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/README.md diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/src/lib.rs similarity index 72% rename from third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/src/lib.rs rename to third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/src/lib.rs index b08c257b2897..f7bb005140db 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/src/lib.rs +++ b/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/src/lib.rs @@ -10,7 +10,7 @@ pub extern crate derivation_path; pub extern crate ed25519_dalek; pub use derivation_path::{ChildIndex, DerivationPath}; -pub use ed25519_dalek::{PublicKey, SecretKey}; +pub use ed25519_dalek::{SigningKey, VerifyingKey}; use core::fmt; use hmac::{Hmac, Mac}; @@ -41,13 +41,13 @@ impl std::error::Error for Error {} /// An expanded secret key with chain code and meta data #[derive(Debug)] -pub struct ExtendedSecretKey { +pub struct ExtendedSigningKey { /// How many derivations this key is from the root (0 for root) pub depth: u8, /// Child index of the key used to derive from parent (`Normal(0)` for root) pub child_index: ChildIndex, - /// Secret Key - pub secret_key: SecretKey, + /// Signing Key + pub signing_key: SigningKey, /// Chain code pub chain_code: [u8; 32], } @@ -57,21 +57,23 @@ type HmacSha512 = Hmac; /// A convenience wrapper for a [`core::result::Result`] with an [`Error`] pub type Result = core::result::Result; -impl ExtendedSecretKey { +impl ExtendedSigningKey { /// Create a new extended secret key from a seed pub fn from_seed(seed: &[u8]) -> Result { let mut mac = HmacSha512::new_from_slice(ED25519_BIP32_NAME.as_ref()).unwrap(); mac.update(seed); let bytes = mac.finalize().into_bytes(); - let secret_key = SecretKey::from_bytes(&bytes[..32])?; + let secret_key_bytes: [u8; 32] = bytes[0..32].try_into().unwrap(); + let signing_key = SigningKey::from_bytes(&secret_key_bytes); + let mut chain_code = [0; 32]; chain_code.copy_from_slice(&bytes[32..]); Ok(Self { depth: 0, child_index: ChildIndex::Normal(0), - secret_key, + signing_key, chain_code, }) } @@ -97,26 +99,28 @@ impl ExtendedSecretKey { let mut mac = HmacSha512::new_from_slice(&self.chain_code).unwrap(); mac.update(&[0u8]); - mac.update(self.secret_key.to_bytes().as_ref()); + mac.update(self.signing_key.to_bytes().as_ref()); mac.update(index.to_bits().to_be_bytes().as_ref()); let bytes = mac.finalize().into_bytes(); - let secret_key = SecretKey::from_bytes(&bytes[..32])?; + let secret_key_bytes: [u8; 32] = bytes[0..32].try_into().unwrap(); + let signing_key = SigningKey::from_bytes(&secret_key_bytes); + let mut chain_code = [0; 32]; chain_code.copy_from_slice(&bytes[32..]); Ok(Self { depth: self.depth + 1, child_index: index, - secret_key, + signing_key, chain_code, }) } - /// Get the associated public key + /// Get the associated verifying key #[inline] - pub fn public_key(&self) -> PublicKey { - PublicKey::from(&self.secret_key) + pub fn verifying_key(&self) -> VerifyingKey { + self.signing_key.verifying_key() } #[inline] @@ -124,7 +128,7 @@ impl ExtendedSecretKey { Self { depth: self.depth, child_index: self.child_index, - secret_key: SecretKey::from_bytes(&self.secret_key.to_bytes()).unwrap(), + signing_key: SigningKey::from_bytes(&self.signing_key.to_bytes()), chain_code: self.chain_code, } } @@ -142,13 +146,18 @@ mod tests { extern crate alloc; use alloc::vec::Vec; + use hex::FromHex; fn hex_str(string: &str) -> Vec { hex::decode(string).unwrap() } - fn root(seed: &str) -> ExtendedSecretKey { - ExtendedSecretKey::from_seed(&hex_str(seed)).unwrap() + fn key_hex_str(input_str: &str) -> [u8; 32] { + <[u8; 32]>::from_hex(input_str).expect("Failed to convert Hex Str into Key") + } + + fn root(seed: &str) -> ExtendedSigningKey { + ExtendedSigningKey::from_seed(&hex_str(seed)).unwrap() } #[test] @@ -165,16 +174,16 @@ mod tests { node.chain_code.as_ref(), hex_str("68789923a0cac2cd5a29172a475fe9e0fb14cd6adb5ad98a3fa70333e7afa230") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "8f94d394a8e8fd6b1bc2f3f49f5c47e385281d5c17e65324b0f62483e37e8793", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "3c24da049451555d51a7014a37337aa4e12d41e485abccfa46b47dfb2af54b7a", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); let node = root("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542").derive(&vector2_path).unwrap(); assert_eq!(node.depth, 5); @@ -183,16 +192,16 @@ mod tests { node.chain_code.as_ref(), hex_str("5d70af781f3a37b829f0d060924d5e960bdc02e85423494afc0b1a41bbe196d4") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "551d333177df541ad876a60ea71f00447931c0a9da16f227c11ea080d7391b8d", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "47150c75db263559a70d5778bf36abbab30fb061ad69f69ece61a72b0cfa4fc0", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); } #[test] @@ -229,16 +238,15 @@ mod tests { node.chain_code.as_ref(), hex_str("90046a93de5380a72b5e45010748567d5ea02bbf6522f979e05c0d8d8ca9fffb") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "2b4be7f19ee27bbf30c667b642d5f4aa69fd169872f8fc3059c08ebae2eb19e7", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "a4b2856bfec510abab89753fac1ac0e1112364e7d250545963f135f2a33188ed", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0' let node = node.derive_child(ChildIndex::Hardened(0)).unwrap(); @@ -248,16 +256,15 @@ mod tests { node.chain_code.as_ref(), hex_str("8b59aa11380b624e81507a27fedda59fea6d0b779a778918a2fd3590e16e9c69") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "68e0fe46dfb67e368c75379acec591dad19df3cde26e63b93a8e704f1dade7a3", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "8c8a13df77a28f3445213a0f432fde644acaa215fc72dcdf300d5efaa85d350c", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0'/1' let node = node.derive_child(ChildIndex::Hardened(1)).unwrap(); @@ -267,16 +274,15 @@ mod tests { node.chain_code.as_ref(), hex_str("a320425f77d1b5c2505a6b1b27382b37368ee640e3557c315416801243552f14") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "b1d0bad404bf35da785a64ca1ac54b2617211d2777696fbffaf208f746ae84f2", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "1932a5270f335bed617d5b935c80aedb1a35bd9fc1e31acafd5372c30f5c1187", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0'/1'/2' let node = node.derive_child(ChildIndex::Hardened(2)).unwrap(); @@ -286,16 +292,15 @@ mod tests { node.chain_code.as_ref(), hex_str("2e69929e00b5ab250f49c3fb1c12f252de4fed2c1db88387094a0f8c4c9ccd6c") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "92a5b23c0b8a99e37d07df3fb9966917f5d06e02ddbd909c7e184371463e9fc9", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "ae98736566d30ed0e9d2f4486a64bc95740d89c7db33f52121f8ea8f76ff0fc1", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0'/1'/2'/2' let node = node.derive_child(ChildIndex::Hardened(2)).unwrap(); @@ -305,16 +310,15 @@ mod tests { node.chain_code.as_ref(), hex_str("8f6d87f93d750e0efccda017d662a1b31a266e4a6f5993b15f5c1f07f74dd5cc") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "30d1dc7e5fc04c31219ab25a27ae00b50f6fd66622f6e9c913253d6511d1e662", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "8abae2d66361c879b900d204ad2cc4984fa2aa344dd7ddc46007329ac76c429c", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0'/1'/2'/2'/1000000000' let node = node.derive_child(ChildIndex::Hardened(1000000000)).unwrap(); @@ -324,16 +328,15 @@ mod tests { node.chain_code.as_ref(), hex_str("68789923a0cac2cd5a29172a475fe9e0fb14cd6adb5ad98a3fa70333e7afa230") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "8f94d394a8e8fd6b1bc2f3f49f5c47e385281d5c17e65324b0f62483e37e8793", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "3c24da049451555d51a7014a37337aa4e12d41e485abccfa46b47dfb2af54b7a", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); } #[test] @@ -346,16 +349,15 @@ mod tests { node.chain_code.as_ref(), hex_str("ef70a74db9c3a5af931b5fe73ed8e1a53464133654fd55e7a66f8570b8e33c3b") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "171cb88b1b3c1db25add599712e36245d75bc65a1a5c9e18d76f9f2b1eab4012", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "8fe9693f8fa62a4305a140b9764c5ee01e455963744fe18204b4fb948249308a", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0' let node = node.derive_child(ChildIndex::Hardened(0)).unwrap(); @@ -365,16 +367,15 @@ mod tests { node.chain_code.as_ref(), hex_str("0b78a3226f915c082bf118f83618a618ab6dec793752624cbeb622acb562862d") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "1559eb2bbec5790b0c65d8693e4d0875b1747f4970ae8b650486ed7470845635", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "86fab68dcb57aa196c77c5f264f215a112c22a912c10d123b0d03c3c28ef1037", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0'/2147483647' let node = node.derive_child(ChildIndex::Hardened(2147483647)).unwrap(); @@ -384,16 +385,15 @@ mod tests { node.chain_code.as_ref(), hex_str("138f0b2551bcafeca6ff2aa88ba8ed0ed8de070841f0c4ef0165df8181eaad7f") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "ea4f5bfe8694d8bb74b7b59404632fd5968b774ed545e810de9c32a4fb4192f4", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "5ba3b9ac6e90e83effcd25ac4e58a1365a9e35a3d3ae5eb07b9e4d90bcf7506d", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0'/2147483647'/1' let node = node.derive_child(ChildIndex::Hardened(1)).unwrap(); @@ -403,16 +403,15 @@ mod tests { node.chain_code.as_ref(), hex_str("73bd9fff1cfbde33a1b846c27085f711c0fe2d66fd32e139d3ebc28e5a4a6b90") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "3757c7577170179c7868353ada796c839135b3d30554bbb74a4b1e4a5a58505c", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "2e66aa57069c86cc18249aecf5cb5a9cebbfd6fadeab056254763874a9352b45", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0'/2147483647'/1'/2147483646' let node = node.derive_child(ChildIndex::Hardened(2147483646)).unwrap(); @@ -422,16 +421,15 @@ mod tests { node.chain_code.as_ref(), hex_str("0902fe8a29f9140480a00ef244bd183e8a13288e4412d8389d140aac1794825a") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "5837736c89570de861ebc173b1086da4f505d4adb387c6a1b1342d5e4ac9ec72", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "e33c0f7d81d843c572275f287498e8d408654fdf0d1e065b84e2e6f157aab09b", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); // Chain m/0'/2147483647'/1'/2147483646'/2' let node = node.derive_child(ChildIndex::Hardened(2)).unwrap(); @@ -441,15 +439,14 @@ mod tests { node.chain_code.as_ref(), hex_str("5d70af781f3a37b829f0d060924d5e960bdc02e85423494afc0b1a41bbe196d4") ); - let secret = SecretKey::from_bytes(&hex_str( + let secret = SigningKey::from_bytes(&key_hex_str( "551d333177df541ad876a60ea71f00447931c0a9da16f227c11ea080d7391b8d", - )) - .unwrap(); - assert_eq!(node.secret_key.to_bytes(), secret.to_bytes()); - let public = PublicKey::from_bytes(&hex_str( + )); + assert_eq!(node.signing_key.to_bytes(), secret.to_bytes()); + let public = VerifyingKey::from_bytes(&key_hex_str( "47150c75db263559a70d5778bf36abbab30fb061ad69f69ece61a72b0cfa4fc0", )) .unwrap(); - assert_eq!(node.public_key().to_bytes(), public.to_bytes()); + assert_eq!(node.verifying_key().to_bytes(), public.to_bytes()); } } diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/.cargo_vcs_info.json deleted file mode 100644 index ffbfeb68f0ad..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/.cargo_vcs_info.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "git": { - "sha1": "b03defa3b338b7a45538bca6c492f75dcb4f0216" - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/CHANGELOG.md deleted file mode 100644 index f8467234cd44..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/CHANGELOG.md +++ /dev/null @@ -1,75 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -## 0.10.1 (2020-10-16) -### Added -- Zulip badge ([#64]) - -[#64]: https://github.com/RustCrypto/MACs/pull/64 - -## 0.10.0 (2020-10-16) -### Changed -- Bump `crypto-mac` dependency to v0.10 ([#62]) - -[#62]: https://github.com/RustCrypto/MACs/pull/62 - -## 0.9.0 (2020-08-12) -### Changed -- Bump `crypto-mac` dependency to v0.9 ([#57]) - -### Added -- Implement `io::Write` ([#55]) - -[#55]: https://github.com/RustCrypto/MACs/pull/55 -[#57]: https://github.com/RustCrypto/MACs/pull/57 - -## 0.8.1 (2020-06-24) -### Fixed -- Replace outdated `code` with `into_bytes` in documentation ([#50]) - -[#50]: https://github.com/RustCrypto/MACs/pull/50 - -## 0.8.0 (2020-06-09) -### Changed -- Upgrade to `digest` v0.9 crate release; MSRV 1.41 ([#45]) -- Upgrade `crypto-mac` to v0.8 ([#33]) -- Rename `*result*` to `finalize` ([#38]) -- Upgrade to Rust 2018 edition ([#33]) - -[#45]: https://github.com/RustCrypto/MACs/pull/45 -[#38]: https://github.com/RustCrypto/MACs/pull/38 -[#33]: https://github.com/RustCrypto/MACs/pull/33 - -## 0.7.1 (2019-07-11) - -## 0.7.0 (2018-10-03) - -## 0.6.3 (2018-08-15) - -## 0.6.2 (2018-04-15) - -## 0.6.1 (2018-04-05) - -## 0.6.0 (2018-03-30) - -## 0.5.0 (2017-11-15) - -## 0.4.2 (2017-07-24) - -## 0.4.1 (2017-07-24) - -## 0.4.0 (2017-07-24) - -## 0.3.1 (2017-06-12) - -## 0.1.2 (2017-07-24) - -## 0.1.1 (2017-05-14) - -## 0.1.0 (2017-05-14) - -## 0.0.1 (2016-10-21) diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/Cargo.toml deleted file mode 100644 index 7ef0b11ccc18..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/Cargo.toml +++ /dev/null @@ -1,43 +0,0 @@ -# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO -# -# When uploading crates to the registry Cargo will automatically -# "normalize" Cargo.toml files for maximal compatibility -# with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies -# -# If you believe there's an error in this file please file an -# issue against the rust-lang/cargo repository. If you're -# editing this file be aware that the upstream Cargo.toml -# will likely look very different (and much more reasonable) - -[package] -edition = "2018" -name = "hmac" -version = "0.10.1" -authors = ["RustCrypto Developers"] -description = "Generic implementation of Hash-based Message Authentication Code (HMAC)" -documentation = "https://docs.rs/hmac" -readme = "README.md" -keywords = ["crypto", "mac", "hmac", "digest"] -categories = ["cryptography", "no-std"] -license = "MIT OR Apache-2.0" -repository = "https://github.com/RustCrypto/MACs" -[dependencies.crypto-mac] -version = "0.10" - -[dependencies.digest] -version = "0.9" -[dev-dependencies.crypto-mac] -version = "0.10" -features = ["dev"] - -[dev-dependencies.md-5] -version = "0.9" -default-features = false - -[dev-dependencies.sha2] -version = "0.9" -default-features = false - -[features] -std = ["crypto-mac/std"] diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/Cargo.toml.orig deleted file mode 100644 index 31b67c8ad9a0..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/Cargo.toml.orig +++ /dev/null @@ -1,24 +0,0 @@ -[package] -name = "hmac" -version = "0.10.1" -description = "Generic implementation of Hash-based Message Authentication Code (HMAC)" -authors = ["RustCrypto Developers"] -license = "MIT OR Apache-2.0" -documentation = "https://docs.rs/hmac" -repository = "https://github.com/RustCrypto/MACs" -keywords = ["crypto", "mac", "hmac", "digest"] -categories = ["cryptography", "no-std"] -readme = "README.md" -edition = "2018" - -[dependencies] -crypto-mac = "0.10" -digest = "0.9" - -[dev-dependencies] -crypto-mac = { version = "0.10", features = ["dev"] } -md-5 = { version = "0.9", default-features = false } -sha2 = { version = "0.9", default-features = false } - -[features] -std = ["crypto-mac/std"] diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/README.md b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/README.md deleted file mode 100644 index ab50b2c7dacb..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# RustCrypto: HMAC - -[![crate][crate-image]][crate-link] -[![Docs][docs-image]][docs-link] -![Apache2/MIT licensed][license-image] -![Rust Version][rustc-image] -[![Project Chat][chat-image]][chat-link] -[![Build Status][build-image]][build-link] - -Pure Rust implementation of the [Hash-based Message Authentication Code (HMAC)][1]. - -[Documentation][docs-link] - -## Minimum Supported Rust Version - -Rust **1.41** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above - -## License - -Licensed under either of: - - * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) - * [MIT license](http://opensource.org/licenses/MIT) - -at your option. - -### Contribution - -Unless you explicitly state otherwise, any contribution intentionally submitted -for inclusion in the work by you, as defined in the Apache-2.0 license, shall be -dual licensed as above, without any additional terms or conditions. - -[//]: # (badges) - -[crate-image]: https://img.shields.io/crates/v/hmac.svg -[crate-link]: https://crates.io/crates/hmac -[docs-image]: https://docs.rs/hmac/badge.svg -[docs-link]: https://docs.rs/hmac/ -[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.41+-blue.svg -[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg -[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260044-MACs -[build-image]: https://github.com/RustCrypto/MACs/workflows/hmac/badge.svg?branch=master&event=push -[build-link]: https://github.com/RustCrypto/MACs/actions?query=workflow%3Ahmac - -[//]: # (general links) - -[1]: https://en.wikipedia.org/wiki/HMAC diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/src/lib.rs deleted file mode 100644 index 6628336bad9d..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/src/lib.rs +++ /dev/null @@ -1,213 +0,0 @@ -//! Generic implementation of Hash-based Message Authentication Code (HMAC). -//! -//! To use it you'll need a cryptographic hash function implementation from -//! RustCrypto project. You can either import specific crate (e.g. `sha2`), or -//! meta-crate `crypto-hashes` which reexport all related crates. -//! -//! # Usage -//! Let us demonstrate how to use HMAC using SHA256 as an example. -//! -//! To get the authentication code: -//! -//! ```rust -//! use sha2::Sha256; -//! use hmac::{Hmac, Mac, NewMac}; -//! -//! // Create alias for HMAC-SHA256 -//! type HmacSha256 = Hmac; -//! -//! // Create HMAC-SHA256 instance which implements `Mac` trait -//! let mut mac = HmacSha256::new_varkey(b"my secret and secure key") -//! .expect("HMAC can take key of any size"); -//! mac.update(b"input message"); -//! -//! // `result` has type `Output` which is a thin wrapper around array of -//! // bytes for providing constant time equality check -//! let result = mac.finalize(); -//! // To get underlying array use `into_bytes` method, but be careful, since -//! // incorrect use of the code value may permit timing attacks which defeat -//! // the security provided by the `Output` -//! let code_bytes = result.into_bytes(); -//! ``` -//! -//! To verify the message: -//! -//! ```rust -//! # use sha2::Sha256; -//! # use hmac::{Hmac, Mac, NewMac}; -//! # type HmacSha256 = Hmac; -//! let mut mac = HmacSha256::new_varkey(b"my secret and secure key") -//! .expect("HMAC can take key of any size"); -//! -//! mac.update(b"input message"); -//! -//! # let code_bytes = mac.clone().finalize().into_bytes(); -//! // `verify` will return `Ok(())` if code is correct, `Err(MacError)` otherwise -//! mac.verify(&code_bytes).unwrap(); -//! ``` -//! -//! # Block and input sizes -//! Usually it is assumed that block size is larger than output size, due to the -//! generic nature of the implementation this edge case must be handled as well -//! to remove potential panic scenario. This is done by truncating hash output -//! to the hash block size if needed. - -#![no_std] -#![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg" -)] -#![forbid(unsafe_code)] -#![warn(missing_docs, rust_2018_idioms)] - -#[cfg(feature = "std")] -extern crate std; - -pub use crypto_mac::{self, Mac, NewMac}; -pub use digest; - -use core::{cmp::min, fmt}; -use crypto_mac::{ - generic_array::{sequence::GenericSequence, ArrayLength, GenericArray}, - InvalidKeyLength, Output, -}; -use digest::{BlockInput, FixedOutput, Reset, Update}; - -const IPAD: u8 = 0x36; -const OPAD: u8 = 0x5C; - -/// The `Hmac` struct represents an HMAC using a given hash function `D`. -pub struct Hmac -where - D: Update + BlockInput + FixedOutput + Reset + Default + Clone, - D::BlockSize: ArrayLength, -{ - digest: D, - i_key_pad: GenericArray, - opad_digest: D, -} - -impl Clone for Hmac -where - D: Update + BlockInput + FixedOutput + Reset + Default + Clone, - D::BlockSize: ArrayLength, -{ - fn clone(&self) -> Hmac { - Hmac { - digest: self.digest.clone(), - i_key_pad: self.i_key_pad.clone(), - opad_digest: self.opad_digest.clone(), - } - } -} - -impl fmt::Debug for Hmac -where - D: Update + BlockInput + FixedOutput + Reset + Default + Clone + fmt::Debug, - D::BlockSize: ArrayLength, -{ - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("Hmac") - .field("digest", &self.digest) - .field("i_key_pad", &self.i_key_pad) - .field("opad_digest", &self.opad_digest) - .finish() - } -} - -impl NewMac for Hmac -where - D: Update + BlockInput + FixedOutput + Reset + Default + Clone, - D::BlockSize: ArrayLength, - D::OutputSize: ArrayLength, -{ - type KeySize = D::BlockSize; - - fn new(key: &GenericArray) -> Self { - Self::new_varkey(key.as_slice()).unwrap() - } - - #[inline] - fn new_varkey(key: &[u8]) -> Result { - let mut hmac = Self { - digest: Default::default(), - i_key_pad: GenericArray::generate(|_| IPAD), - opad_digest: Default::default(), - }; - - let mut opad = GenericArray::::generate(|_| OPAD); - debug_assert!(hmac.i_key_pad.len() == opad.len()); - - // The key that Hmac processes must be the same as the block size of the - // underlying Digest. If the provided key is smaller than that, we just - // pad it with zeros. If its larger, we hash it and then pad it with - // zeros. - if key.len() <= hmac.i_key_pad.len() { - for (k_idx, k_itm) in key.iter().enumerate() { - hmac.i_key_pad[k_idx] ^= *k_itm; - opad[k_idx] ^= *k_itm; - } - } else { - let mut digest = D::default(); - digest.update(key); - let output = digest.finalize_fixed(); - // `n` is calculated at compile time and will equal - // D::OutputSize. This is used to ensure panic-free code - let n = min(output.len(), hmac.i_key_pad.len()); - for idx in 0..n { - hmac.i_key_pad[idx] ^= output[idx]; - opad[idx] ^= output[idx]; - } - } - - hmac.digest.update(&hmac.i_key_pad); - hmac.opad_digest.update(&opad); - - Ok(hmac) - } -} - -impl Mac for Hmac -where - D: Update + BlockInput + FixedOutput + Reset + Default + Clone, - D::BlockSize: ArrayLength, - D::OutputSize: ArrayLength, -{ - type OutputSize = D::OutputSize; - - #[inline] - fn update(&mut self, data: &[u8]) { - self.digest.update(data); - } - - #[inline] - fn finalize(self) -> Output { - let mut opad_digest = self.opad_digest.clone(); - let hash = self.digest.finalize_fixed(); - opad_digest.update(&hash); - Output::new(opad_digest.finalize_fixed()) - } - - #[inline] - fn reset(&mut self) { - self.digest.reset(); - self.digest.update(&self.i_key_pad); - } -} - -#[cfg(feature = "std")] -impl std::io::Write for Hmac -where - D: Update + BlockInput + FixedOutput + Reset + Default + Clone, - D::BlockSize: ArrayLength, - D::OutputSize: ArrayLength, -{ - fn write(&mut self, buf: &[u8]) -> std::io::Result { - Mac::update(self, buf); - Ok(buf.len()) - } - - fn flush(&mut self) -> std::io::Result<()> { - Ok(()) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/md5.blb b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/md5.blb deleted file mode 100644 index 731a0ae4dd97..000000000000 Binary files a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/md5.blb and /dev/null differ diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha224.blb b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha224.blb deleted file mode 100644 index dabb20b3d4a7..000000000000 Binary files a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha224.blb and /dev/null differ diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha256.blb b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha256.blb deleted file mode 100644 index 6b5b288e1b31..000000000000 Binary files a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha256.blb and /dev/null differ diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha384.blb b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha384.blb deleted file mode 100644 index d5cddb3124a3..000000000000 Binary files a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha384.blb and /dev/null differ diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha512.blb b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha512.blb deleted file mode 100644 index b79ae49feec0..000000000000 Binary files a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/data/sha512.blb and /dev/null differ diff --git a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/lib.rs b/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/lib.rs deleted file mode 100644 index 95c4e01e7ffd..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/tests/lib.rs +++ /dev/null @@ -1,14 +0,0 @@ -//! Test vectors from: -//! - md5: RFC 2104, plus wiki test -//! - sha2: RFC 4231 - -#![no_std] - -use crypto_mac::new_test; -use hmac::Hmac; - -new_test!(hmac_md5, "md5", Hmac); -new_test!(hmac_sha224, "sha224", Hmac); -new_test!(hmac_sha256, "sha256", Hmac); -new_test!(hmac_sha384, "sha384", Hmac); -new_test!(hmac_sha512, "sha512", Hmac); diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/.cargo_vcs_info.json new file mode 100644 index 000000000000..d4454240fe4b --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "7736dd21389b8820dfeb396e8c4c932de93d3ddf" + }, + "path_in_vcs": "pkcs8" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/CHANGELOG.md new file mode 100644 index 000000000000..1f754d527beb --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/CHANGELOG.md @@ -0,0 +1,234 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## 0.10.2 (2023-04-04) +### Changed +- Bump `spki` to v0.7.1 ([#981]) + +[#981]: https://github.com/RustCrypto/formats/pull/981 + +## 0.10.1 (2023-03-05) +### Added +- `sha1-insecure` feature ([#913]) + +[#913]: https://github.com/RustCrypto/formats/pull/913 + +## 0.10.0 (2023-02-26) [YANKED] +### Changed +- Use blanket impls for `Decode*` traits ([#785]) +- Bump `der` dependency to v0.7 ([#899]) +- Bump `spki` dependency to v0.7 ([#900]) +- Bump `pkcs5` dependency to v0.7 ([#901]) + +[#785]: https://github.com/RustCrypto/formats/pull/785 +[#899]: https://github.com/RustCrypto/formats/pull/899 +[#900]: https://github.com/RustCrypto/formats/pull/900 +[#901]: https://github.com/RustCrypto/formats/pull/901 + +## 0.9.0 (2022-05-08) +### Added +- Error conversion support to `pkcs8::spki::Error` ([#335]) +- Re-export `AssociatedOid` ([#645]) + +### Changed +- Use `finish_non_exhaustive` in `Debug` impls ([#245]) +- Replace `PrivateKeyDocument` with `der::SecretDocument` ([#571]) +- Bump `der` to v0.6 ([#653]) +- Bump `spki` to v0.6 ([#654]) +- Bump `pkcs5` to v0.5 ([#655]) + +### Removed +- `PrivateKeyDocument` ([#571]) + +[#245]: https://github.com/RustCrypto/formats/pull/245 +[#335]: https://github.com/RustCrypto/formats/pull/335 +[#571]: https://github.com/RustCrypto/formats/pull/571 +[#645]: https://github.com/RustCrypto/formats/pull/645 +[#653]: https://github.com/RustCrypto/formats/pull/653 +[#654]: https://github.com/RustCrypto/formats/pull/654 +[#655]: https://github.com/RustCrypto/formats/pull/655 + +## 0.8.0 (2021-11-16) +### Added +- Re-export `spki` crate ([#210]) + +### Changed +- Replace usages of `expect` with fallible methods ([#108]) +- Impl `From*Key`/`To*Key` traits on `Document` types ([#110]) +- Rename `From/ToPrivateKey` => `DecodePrivateKey`/`EncodePrivateKey` ([#121]) +- Rust 2021 edition upgrade; MSRV 1.56 ([#136]) +- Use `der::Document` to impl `*PrivateKeyDocument` ([#140]) +- Rename `Error::Crypto` => `Error::EncryptedPrivateKey` ([#213], [#214]) +- Bump `der` dependency to v0.5 ([#222]) +- Bump `spki` dependency to v0.5 ([#223]) +- Bump `pkcs5` dependency to v0.4 ([#224]) +- Replace `from_pkcs8_private_key_info` with `TryFrom` ([#230]) + +### Removed +- `*_with_le` PEM encoding methods ([#109]) +- PKCS#1 support; moved to `pkcs1` crate ([#124]) +- I/O related errors from key format crates ([#158]) +- `der::pem` export ([#211]) + +[#108]: https://github.com/RustCrypto/formats/pull/108 +[#109]: https://github.com/RustCrypto/formats/pull/109 +[#110]: https://github.com/RustCrypto/formats/pull/110 +[#121]: https://github.com/RustCrypto/formats/pull/121 +[#124]: https://github.com/RustCrypto/formats/pull/124 +[#136]: https://github.com/RustCrypto/formats/pull/136 +[#140]: https://github.com/RustCrypto/formats/pull/140 +[#158]: https://github.com/RustCrypto/formats/pull/158 +[#210]: https://github.com/RustCrypto/formats/pull/210 +[#211]: https://github.com/RustCrypto/formats/pull/211 +[#213]: https://github.com/RustCrypto/formats/pull/213 +[#214]: https://github.com/RustCrypto/formats/pull/214 +[#222]: https://github.com/RustCrypto/formats/pull/222 +[#223]: https://github.com/RustCrypto/formats/pull/223 +[#224]: https://github.com/RustCrypto/formats/pull/224 +[#230]: https://github.com/RustCrypto/formats/pull/230 + +## 0.7.6 (2021-09-14) +### Added +- `3des` and `des-insecure` features +- `sha1` feature +- Support for AES-192-CBC + +### Changed +- Moved to `formats` repo ([#2]) + +[#2]: https://github.com/RustCrypto/formats/pull/2 + +## 0.7.5 (2021-07-26) +### Added +- Support for customizing PEM `LineEnding` + +### Changed +- Bump `pem-rfc7468` dependency to v0.2 + +## 0.7.4 (2021-07-25) +### Added +- PKCS#1 support + +## 0.7.3 (2021-07-24) +### Changed +- Use `pem-rfc7468` crate + +## 0.7.2 (2021-07-20) +### Added +- `Error::ParametersMalformed` variant + +## 0.7.1 (2021-07-20) +### Added +- `Error::KeyMalformed` variant + +## 0.7.0 (2021-06-07) +### Added +- ASN.1 error improvements + +### Changed +- Merge `OneAsymmetricKey` into `PrivateKeyInfo` +- Use scrypt as the default PBES2 KDF +- Return `Result`(s) when encoding +- Bump `der` to v0.4 +- Bump `spki` to v0.4 +- Bump `pkcs5` to v0.3 + +## 0.6.1 (2021-05-24) +### Added +- Support for RFC5958's `OneAsymmetricKey` + +### Changed +- Bump `der` to v0.3.5 + +## 0.6.0 (2021-03-22) +### Changed +- Bump `der` dependency to v0.3 +- Bump `spki` dependency to v0.3 +- Bump `pkcs5` dependency to v0.2 + +## 0.5.5 (2021-03-17) +### Changed +- Bump `base64ct` dependency to v1.0 + +## 0.5.4 (2021-02-24) +### Added +- Encryption helper methods for `FromPrivateKey`/`ToPrivateKey` + +## 0.5.3 (2021-02-23) +### Added +- Support for decrypting/encrypting `EncryptedPrivateKeyInfo` +- PEM support for `EncryptedPrivateKeyInfo` +- `Error::Crypto` variant + +## 0.5.2 (2021-02-20) +### Changed +- Use `pkcs5` crate + +## 0.5.1 (2021-02-18) [YANKED] +### Added +- `pkcs5` feature + +### Changed +- Bump `spki` dependency to v0.2.0 + +## 0.5.0 (2021-02-16) [YANKED] +### Added +- Initial `EncryptedPrivateKeyInfo` support + +### Changed +- Extract SPKI-related types into the `spki` crate + +## 0.4.1 (2021-02-01) +### Changed +- Bump `basec4ct` dependency to v0.2 + +## 0.4.0 (2021-01-26) +### Changed +- Bump `der` crate dependency to v0.2 +- Use `base64ct` v0.1 for PEM encoding + +## 0.3.3 (2020-12-21) +### Changed +- Use `der` crate for decoding/encoding ASN.1 DER + +## 0.3.2 (2020-12-16) +### Added +- `AlgorithmIdentifier::parameters_oid` method + +## 0.3.1 (2020-12-16) +### Changed +- Bump `const-oid` dependency to v0.4 + +## 0.3.0 (2020-12-16) [YANKED] +### Added +- `AlgorithmParameters` enum + +## 0.2.2 (2020-12-14) +### Fixed +- Decoding/encoding support for Ed25519 keys + +## 0.2.1 (2020-12-14) +### Added +- rustdoc improvements + +## 0.2.0 (2020-12-14) +### Added +- File writing methods for public/private keys +- Methods for loading `*Document` types from files +- DER encoding support +- PEM encoding support +- `ToPrivateKey`/`ToPublicKey` traits + +### Changed +- `Error` enum +- Rename `load_*_file` methods to `read_*_file` + +## 0.1.1 (2020-12-06) +### Added +- Helper methods to load keys from the local filesystem + +## 0.1.0 (2020-12-05) +- Initial release diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/Cargo.toml new file mode 100644 index 000000000000..d8365512d546 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/Cargo.toml @@ -0,0 +1,108 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +edition = "2021" +rust-version = "1.65" +name = "pkcs8" +version = "0.10.2" +authors = ["RustCrypto Developers"] +description = """ +Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: +Private-Key Information Syntax Specification (RFC 5208), with additional +support for PKCS#8v2 asymmetric key packages (RFC 5958) +""" +readme = "README.md" +keywords = [ + "crypto", + "key", + "pkcs", + "private", +] +categories = [ + "cryptography", + "data-structures", + "encoding", + "no-std", + "parser-implementations", +] +license = "Apache-2.0 OR MIT" +repository = "https://github.com/RustCrypto/formats/tree/master/pkcs8" + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = [ + "--cfg", + "docsrs", +] + +[dependencies.der] +version = "0.7" +features = ["oid"] + +[dependencies.pkcs5] +version = "0.7" +optional = true + +[dependencies.rand_core] +version = "0.6" +optional = true +default-features = false + +[dependencies.spki] +version = "0.7.1" + +[dependencies.subtle] +version = "2" +optional = true +default-features = false + +[dev-dependencies.hex-literal] +version = "0.3" + +[dev-dependencies.tempfile] +version = "3" + +[features] +3des = [ + "encryption", + "pkcs5/3des", +] +alloc = [ + "der/alloc", + "der/zeroize", + "spki/alloc", +] +des-insecure = [ + "encryption", + "pkcs5/des-insecure", +] +encryption = [ + "alloc", + "pkcs5/alloc", + "pkcs5/pbes2", + "rand_core", +] +getrandom = ["rand_core/getrandom"] +pem = [ + "alloc", + "der/pem", + "spki/pem", +] +sha1-insecure = [ + "encryption", + "pkcs5/sha1-insecure", +] +std = [ + "alloc", + "der/std", + "spki/std", +] diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/Cargo.toml.orig new file mode 100644 index 000000000000..9ffae2b45a46 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/Cargo.toml.orig @@ -0,0 +1,44 @@ +[package] +name = "pkcs8" +version = "0.10.2" +description = """ +Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: +Private-Key Information Syntax Specification (RFC 5208), with additional +support for PKCS#8v2 asymmetric key packages (RFC 5958) +""" +authors = ["RustCrypto Developers"] +license = "Apache-2.0 OR MIT" +repository = "https://github.com/RustCrypto/formats/tree/master/pkcs8" +categories = ["cryptography", "data-structures", "encoding", "no-std", "parser-implementations"] +keywords = ["crypto", "key", "pkcs", "private"] +readme = "README.md" +edition = "2021" +rust-version = "1.65" + +[dependencies] +der = { version = "0.7", features = ["oid"], path = "../der" } +spki = { version = "0.7.1", path = "../spki" } + +# optional dependencies +rand_core = { version = "0.6", optional = true, default-features = false } +pkcs5 = { version = "0.7", optional = true, path = "../pkcs5" } +subtle = { version = "2", optional = true, default-features = false } + +[dev-dependencies] +hex-literal = "0.3" +tempfile = "3" + +[features] +alloc = ["der/alloc", "der/zeroize", "spki/alloc"] +std = ["alloc", "der/std", "spki/std"] + +3des = ["encryption", "pkcs5/3des"] +des-insecure = ["encryption", "pkcs5/des-insecure"] +encryption = ["alloc", "pkcs5/alloc", "pkcs5/pbes2", "rand_core"] +getrandom = ["rand_core/getrandom"] +pem = ["alloc", "der/pem", "spki/pem"] +sha1-insecure = ["encryption", "pkcs5/sha1-insecure"] + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = ["--cfg", "docsrs"] diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/LICENSE-APACHE b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/LICENSE-APACHE similarity index 99% rename from third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/LICENSE-APACHE rename to third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/LICENSE-APACHE index 16fe87b06e80..78173fa2e753 100644 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/LICENSE-APACHE +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/LICENSE-APACHE @@ -192,7 +192,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/LICENSE-MIT b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/LICENSE-MIT new file mode 100644 index 000000000000..e0d082780149 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/LICENSE-MIT @@ -0,0 +1,25 @@ +Copyright (c) 2020-2023 The RustCrypto Project Developers + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/README.md b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/README.md new file mode 100644 index 000000000000..c1585439a440 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/README.md @@ -0,0 +1,94 @@ +# [RustCrypto]: PKCS#8 (Private Keys) + +[![crate][crate-image]][crate-link] +[![Docs][docs-image]][docs-link] +[![Build Status][build-image]][build-link] +![Apache2/MIT licensed][license-image] +![Rust Version][rustc-image] +[![Project Chat][chat-image]][chat-link] + +Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: +Private-Key Information Syntax Specification ([RFC 5208]). + +[Documentation][docs-link] + +## About PKCS#8 + +PKCS#8 is a format for cryptographic private keys, often containing pairs +of private and public keys. + +You can identify a PKCS#8 private key encoded as PEM (i.e. text) by the +following: + +```text +-----BEGIN PRIVATE KEY----- +``` + +PKCS#8 private keys can optionally be encrypted under a password using +key derivation algorithms like PBKDF2 and [scrypt], and encrypted with +ciphers like AES-CBC. When a PKCS#8 private key has been encrypted, +it starts with the following: + +```text +-----BEGIN ENCRYPTED PRIVATE KEY----- +``` + +PKCS#8 private keys can also be serialized in an ASN.1-based binary format. +The PEM text encoding is a Base64 representation of this format. + +## Supported Algorithms + +This crate is implemented in an algorithm-agnostic manner with the goal of +enabling PKCS#8 support for any algorithm. + +That said, it has been tested for interoperability against keys generated by +OpenSSL for the following algorithms: + +- ECC (`id-ecPublicKey`) +- Ed25519 (`id-Ed25519`) +- RSA (`id-rsaEncryption`) +- X25519 (`id-X25519`) + +Please open an issue if you encounter trouble using it with a particular +algorithm, including the ones listed above or other algorithms. + +## Minimum Supported Rust Version + +This crate requires **Rust 1.65** at a minimum. + +We may change the MSRV in the future, but it will be accompanied by a minor +version bump. + +## License + +Licensed under either of: + + * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) + * [MIT license](http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you, as defined in the Apache-2.0 license, shall be +dual licensed as above, without any additional terms or conditions. + +[//]: # (badges) + +[crate-image]: https://buildstats.info/crate/pkcs8 +[crate-link]: https://crates.io/crates/pkcs8 +[docs-image]: https://docs.rs/pkcs8/badge.svg +[docs-link]: https://docs.rs/pkcs8/ +[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg +[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg +[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/300570-formats +[build-image]: https://github.com/RustCrypto/formats/workflows/pkcs8/badge.svg?branch=master&event=push +[build-link]: https://github.com/RustCrypto/formats/actions + +[//]: # (links) + +[RustCrypto]: https://github.com/rustcrypto +[RFC 5208]: https://tools.ietf.org/html/rfc5208 +[scrypt]: https://en.wikipedia.org/wiki/Scrypt diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/encrypted_private_key_info.rs b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/encrypted_private_key_info.rs new file mode 100644 index 000000000000..d55949cad6c0 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/encrypted_private_key_info.rs @@ -0,0 +1,165 @@ +//! PKCS#8 `EncryptedPrivateKeyInfo` + +use crate::{Error, Result}; +use core::fmt; +use der::{ + asn1::OctetStringRef, Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader, + Sequence, Writer, +}; +use pkcs5::EncryptionScheme; + +#[cfg(feature = "alloc")] +use der::SecretDocument; + +#[cfg(feature = "encryption")] +use { + pkcs5::pbes2, + rand_core::{CryptoRng, RngCore}, +}; + +#[cfg(feature = "pem")] +use der::pem::PemLabel; + +/// PKCS#8 `EncryptedPrivateKeyInfo`. +/// +/// ASN.1 structure containing a PKCS#5 [`EncryptionScheme`] identifier for a +/// password-based symmetric encryption scheme and encrypted private key data. +/// +/// ## Schema +/// Structure described in [RFC 5208 Section 6]: +/// +/// ```text +/// EncryptedPrivateKeyInfo ::= SEQUENCE { +/// encryptionAlgorithm EncryptionAlgorithmIdentifier, +/// encryptedData EncryptedData } +/// +/// EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier +/// +/// EncryptedData ::= OCTET STRING +/// ``` +/// +/// [RFC 5208 Section 6]: https://tools.ietf.org/html/rfc5208#section-6 +#[derive(Clone, Eq, PartialEq)] +pub struct EncryptedPrivateKeyInfo<'a> { + /// Algorithm identifier describing a password-based symmetric encryption + /// scheme used to encrypt the `encrypted_data` field. + pub encryption_algorithm: EncryptionScheme<'a>, + + /// Private key data + pub encrypted_data: &'a [u8], +} + +impl<'a> EncryptedPrivateKeyInfo<'a> { + /// Attempt to decrypt this encrypted private key using the provided + /// password to derive an encryption key. + #[cfg(feature = "encryption")] + pub fn decrypt(&self, password: impl AsRef<[u8]>) -> Result { + Ok(self + .encryption_algorithm + .decrypt(password, self.encrypted_data)? + .try_into()?) + } + + /// Encrypt the given ASN.1 DER document using a symmetric encryption key + /// derived from the provided password. + #[cfg(feature = "encryption")] + pub(crate) fn encrypt( + mut rng: impl CryptoRng + RngCore, + password: impl AsRef<[u8]>, + doc: &[u8], + ) -> Result { + let mut salt = [0u8; 16]; + rng.fill_bytes(&mut salt); + + let mut iv = [0u8; 16]; + rng.fill_bytes(&mut iv); + + let pbes2_params = pbes2::Parameters::scrypt_aes256cbc(Default::default(), &salt, &iv)?; + EncryptedPrivateKeyInfo::encrypt_with(pbes2_params, password, doc) + } + + /// Encrypt this private key using a symmetric encryption key derived + /// from the provided password and [`pbes2::Parameters`]. + #[cfg(feature = "encryption")] + pub(crate) fn encrypt_with( + pbes2_params: pbes2::Parameters<'a>, + password: impl AsRef<[u8]>, + doc: &[u8], + ) -> Result { + let encrypted_data = pbes2_params.encrypt(password, doc)?; + + EncryptedPrivateKeyInfo { + encryption_algorithm: pbes2_params.into(), + encrypted_data: &encrypted_data, + } + .try_into() + } +} + +impl<'a> DecodeValue<'a> for EncryptedPrivateKeyInfo<'a> { + fn decode_value>( + reader: &mut R, + header: Header, + ) -> der::Result> { + reader.read_nested(header.length, |reader| { + Ok(Self { + encryption_algorithm: reader.decode()?, + encrypted_data: OctetStringRef::decode(reader)?.as_bytes(), + }) + }) + } +} + +impl EncodeValue for EncryptedPrivateKeyInfo<'_> { + fn value_len(&self) -> der::Result { + self.encryption_algorithm.encoded_len()? + + OctetStringRef::new(self.encrypted_data)?.encoded_len()? + } + + fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> { + self.encryption_algorithm.encode(writer)?; + OctetStringRef::new(self.encrypted_data)?.encode(writer)?; + Ok(()) + } +} + +impl<'a> Sequence<'a> for EncryptedPrivateKeyInfo<'a> {} + +impl<'a> TryFrom<&'a [u8]> for EncryptedPrivateKeyInfo<'a> { + type Error = Error; + + fn try_from(bytes: &'a [u8]) -> Result { + Ok(Self::from_der(bytes)?) + } +} + +impl<'a> fmt::Debug for EncryptedPrivateKeyInfo<'a> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("EncryptedPrivateKeyInfo") + .field("encryption_algorithm", &self.encryption_algorithm) + .finish_non_exhaustive() + } +} + +#[cfg(feature = "alloc")] +impl TryFrom> for SecretDocument { + type Error = Error; + + fn try_from(encrypted_private_key: EncryptedPrivateKeyInfo<'_>) -> Result { + SecretDocument::try_from(&encrypted_private_key) + } +} + +#[cfg(feature = "alloc")] +impl TryFrom<&EncryptedPrivateKeyInfo<'_>> for SecretDocument { + type Error = Error; + + fn try_from(encrypted_private_key: &EncryptedPrivateKeyInfo<'_>) -> Result { + Ok(Self::encode_msg(encrypted_private_key)?) + } +} + +#[cfg(feature = "pem")] +impl PemLabel for EncryptedPrivateKeyInfo<'_> { + const PEM_LABEL: &'static str = "ENCRYPTED PRIVATE KEY"; +} diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/error.rs b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/error.rs new file mode 100644 index 000000000000..70c60aedb407 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/error.rs @@ -0,0 +1,93 @@ +//! Error types + +use core::fmt; + +#[cfg(feature = "pem")] +use der::pem; + +/// Result type +pub type Result = core::result::Result; + +/// Error type +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +#[non_exhaustive] +pub enum Error { + /// ASN.1 DER-related errors. + Asn1(der::Error), + + /// Errors relating to PKCS#5-encrypted keys. + #[cfg(feature = "pkcs5")] + EncryptedPrivateKey(pkcs5::Error), + + /// Malformed cryptographic key contained in a PKCS#8 document. + /// + /// This is intended for relaying errors related to the raw data contained + /// within [`PrivateKeyInfo::private_key`][`crate::PrivateKeyInfo::private_key`] + /// or [`SubjectPublicKeyInfo::subject_public_key`][`crate::SubjectPublicKeyInfo::subject_public_key`]. + KeyMalformed, + + /// [`AlgorithmIdentifier::parameters`][`crate::AlgorithmIdentifierRef::parameters`] + /// is malformed or otherwise encoded in an unexpected manner. + ParametersMalformed, + + /// Public key errors propagated from the [`spki::Error`] type. + PublicKey(spki::Error), +} + +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + Error::Asn1(err) => write!(f, "PKCS#8 ASN.1 error: {}", err), + #[cfg(feature = "pkcs5")] + Error::EncryptedPrivateKey(err) => write!(f, "{}", err), + Error::KeyMalformed => f.write_str("PKCS#8 cryptographic key data malformed"), + Error::ParametersMalformed => f.write_str("PKCS#8 algorithm parameters malformed"), + Error::PublicKey(err) => write!(f, "public key error: {}", err), + } + } +} + +#[cfg(feature = "std")] +impl std::error::Error for Error {} + +impl From for Error { + fn from(err: der::Error) -> Error { + Error::Asn1(err) + } +} + +impl From for Error { + fn from(err: der::ErrorKind) -> Error { + Error::Asn1(err.into()) + } +} + +#[cfg(feature = "pem")] +impl From for Error { + fn from(err: pem::Error) -> Error { + der::Error::from(err).into() + } +} + +#[cfg(feature = "pkcs5")] +impl From for Error { + fn from(err: pkcs5::Error) -> Error { + Error::EncryptedPrivateKey(err) + } +} + +impl From for Error { + fn from(err: spki::Error) -> Error { + Error::PublicKey(err) + } +} + +impl From for spki::Error { + fn from(err: Error) -> spki::Error { + match err { + Error::Asn1(e) => spki::Error::Asn1(e), + Error::PublicKey(e) => e, + _ => spki::Error::KeyMalformed, + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/lib.rs new file mode 100644 index 000000000000..33ceef8e26c5 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/lib.rs @@ -0,0 +1,111 @@ +#![no_std] +#![cfg_attr(docsrs, feature(doc_auto_cfg))] +#![doc = include_str!("../README.md")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![forbid(unsafe_code)] +#![warn( + clippy::mod_module_files, + clippy::unwrap_used, + missing_docs, + rust_2018_idioms, + unused_lifetimes, + unused_qualifications +)] + +//! ## About this crate +//! This library provides generalized PKCS#8 support designed to work with a +//! number of different algorithms. It supports `no_std` platforms including +//! ones without a heap (albeit with reduced functionality). +//! +//! It supports decoding/encoding the following types: +//! +//! - [`EncryptedPrivateKeyInfo`]: (with `pkcs5` feature) encrypted key. +//! - [`PrivateKeyInfo`]: algorithm identifier and data representing a private key. +//! Optionally also includes public key data for asymmetric keys. +//! - [`SubjectPublicKeyInfo`]: algorithm identifier and data representing a public key +//! (re-exported from the [`spki`] crate) +//! +//! When the `pem` feature is enabled, it also supports decoding/encoding +//! documents from "PEM encoding" format as defined in RFC 7468. +//! +//! ## Encrypted Private Key Support +//! [`EncryptedPrivateKeyInfo`] supports decoding/encoding encrypted PKCS#8 +//! private keys and is gated under the `pkcs5` feature. +//! +//! When the `encryption` feature of this crate is enabled, it provides +//! [`EncryptedPrivateKeyInfo::decrypt`] and [`PrivateKeyInfo::encrypt`] +//! functions which are able to decrypt/encrypt keys using the following +//! algorithms: +//! +//! - [PKCS#5v2 Password Based Encryption Scheme 2 (RFC 8018)] +//! - Key derivation functions: +//! - [scrypt] ([RFC 7914]) +//! - PBKDF2 ([RFC 8018](https://datatracker.ietf.org/doc/html/rfc8018#section-5.2)) +//! - SHA-2 based PRF with HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512 +//! - SHA-1 based PRF with HMAC-SHA1, when the `sha1` feature of this crate is enabled. +//! - Symmetric encryption: AES-128-CBC, AES-192-CBC, or AES-256-CBC +//! (best available options for PKCS#5v2) +//! +//! ## Legacy DES-CBC and DES-EDE3-CBC (3DES) support (optional) +//! When the `des-insecure` and/or `3des` features are enabled this crate provides support for +//! private keys encrypted with with DES-CBC and DES-EDE3-CBC (3DES or Triple DES) symmetric +//! encryption, respectively. +//! +//! ⚠️ WARNING ⚠️ +//! +//! DES support (gated behind the `des-insecure` feature) is implemented to +//! allow for decryption of legacy PKCS#8 files only. +//! +//! Such PKCS#8 documents should be considered *INSECURE* due to the short +//! 56-bit key size of DES. +//! +//! New keys should use AES instead. +//! +//! [RFC 5208]: https://tools.ietf.org/html/rfc5208 +//! [RFC 5958]: https://tools.ietf.org/html/rfc5958 +//! [RFC 7914]: https://datatracker.ietf.org/doc/html/rfc7914 +//! [PKCS#5v2 Password Based Encryption Scheme 2 (RFC 8018)]: https://tools.ietf.org/html/rfc8018#section-6.2 +//! [scrypt]: https://en.wikipedia.org/wiki/Scrypt + +#[cfg(feature = "pem")] +extern crate alloc; +#[cfg(feature = "std")] +extern crate std; + +mod error; +mod private_key_info; +mod traits; +mod version; + +#[cfg(feature = "pkcs5")] +pub(crate) mod encrypted_private_key_info; + +pub use crate::{ + error::{Error, Result}, + private_key_info::PrivateKeyInfo, + traits::DecodePrivateKey, + version::Version, +}; +pub use der::{self, asn1::ObjectIdentifier, oid::AssociatedOid}; +pub use spki::{ + self, AlgorithmIdentifierRef, DecodePublicKey, SubjectPublicKeyInfo, SubjectPublicKeyInfoRef, +}; + +#[cfg(feature = "alloc")] +pub use { + crate::traits::EncodePrivateKey, + der::{Document, SecretDocument}, + spki::EncodePublicKey, +}; + +#[cfg(feature = "pem")] +pub use der::pem::LineEnding; + +#[cfg(feature = "pkcs5")] +pub use {encrypted_private_key_info::EncryptedPrivateKeyInfo, pkcs5}; + +#[cfg(feature = "rand_core")] +pub use rand_core; diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/private_key_info.rs b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/private_key_info.rs new file mode 100644 index 000000000000..ecae624df5b6 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/private_key_info.rs @@ -0,0 +1,295 @@ +//! PKCS#8 `PrivateKeyInfo`. + +use crate::{AlgorithmIdentifierRef, Error, Result, Version}; +use core::fmt; +use der::{ + asn1::{AnyRef, BitStringRef, ContextSpecific, OctetStringRef}, + Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader, Sequence, TagMode, TagNumber, + Writer, +}; + +#[cfg(feature = "alloc")] +use der::SecretDocument; + +#[cfg(feature = "encryption")] +use { + crate::EncryptedPrivateKeyInfo, + der::zeroize::Zeroizing, + pkcs5::pbes2, + rand_core::{CryptoRng, RngCore}, +}; + +#[cfg(feature = "pem")] +use der::pem::PemLabel; + +#[cfg(feature = "subtle")] +use subtle::{Choice, ConstantTimeEq}; + +/// Context-specific tag number for the public key. +const PUBLIC_KEY_TAG: TagNumber = TagNumber::N1; + +/// PKCS#8 `PrivateKeyInfo`. +/// +/// ASN.1 structure containing an `AlgorithmIdentifier`, private key +/// data in an algorithm specific format, and optional attributes +/// (ignored by this implementation). +/// +/// Supports PKCS#8 v1 as described in [RFC 5208] and PKCS#8 v2 as described +/// in [RFC 5958]. PKCS#8 v2 keys include an additional public key field. +/// +/// # PKCS#8 v1 `PrivateKeyInfo` +/// +/// Described in [RFC 5208 Section 5]: +/// +/// ```text +/// PrivateKeyInfo ::= SEQUENCE { +/// version Version, +/// privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, +/// privateKey PrivateKey, +/// attributes [0] IMPLICIT Attributes OPTIONAL } +/// +/// Version ::= INTEGER +/// +/// PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier +/// +/// PrivateKey ::= OCTET STRING +/// +/// Attributes ::= SET OF Attribute +/// ``` +/// +/// # PKCS#8 v2 `OneAsymmetricKey` +/// +/// PKCS#8 `OneAsymmetricKey` as described in [RFC 5958 Section 2]: +/// +/// ```text +/// PrivateKeyInfo ::= OneAsymmetricKey +/// +/// OneAsymmetricKey ::= SEQUENCE { +/// version Version, +/// privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, +/// privateKey PrivateKey, +/// attributes [0] Attributes OPTIONAL, +/// ..., +/// [[2: publicKey [1] PublicKey OPTIONAL ]], +/// ... +/// } +/// +/// Version ::= INTEGER { v1(0), v2(1) } (v1, ..., v2) +/// +/// PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier +/// +/// PrivateKey ::= OCTET STRING +/// +/// Attributes ::= SET OF Attribute +/// +/// PublicKey ::= BIT STRING +/// ``` +/// +/// [RFC 5208]: https://tools.ietf.org/html/rfc5208 +/// [RFC 5958]: https://datatracker.ietf.org/doc/html/rfc5958 +/// [RFC 5208 Section 5]: https://tools.ietf.org/html/rfc5208#section-5 +/// [RFC 5958 Section 2]: https://datatracker.ietf.org/doc/html/rfc5958#section-2 +#[derive(Clone)] +pub struct PrivateKeyInfo<'a> { + /// X.509 `AlgorithmIdentifier` for the private key type. + pub algorithm: AlgorithmIdentifierRef<'a>, + + /// Private key data. + pub private_key: &'a [u8], + + /// Public key data, optionally available if version is V2. + pub public_key: Option<&'a [u8]>, +} + +impl<'a> PrivateKeyInfo<'a> { + /// Create a new PKCS#8 [`PrivateKeyInfo`] message. + /// + /// This is a helper method which initializes `attributes` and `public_key` + /// to `None`, helpful if you aren't using those. + pub fn new(algorithm: AlgorithmIdentifierRef<'a>, private_key: &'a [u8]) -> Self { + Self { + algorithm, + private_key, + public_key: None, + } + } + + /// Get the PKCS#8 [`Version`] for this structure. + /// + /// [`Version::V1`] if `public_key` is `None`, [`Version::V2`] if `Some`. + pub fn version(&self) -> Version { + if self.public_key.is_some() { + Version::V2 + } else { + Version::V1 + } + } + + /// Encrypt this private key using a symmetric encryption key derived + /// from the provided password. + /// + /// Uses the following algorithms for encryption: + /// - PBKDF: scrypt with default parameters: + /// - log₂(N): 15 + /// - r: 8 + /// - p: 1 + /// - Cipher: AES-256-CBC (best available option for PKCS#5 encryption) + #[cfg(feature = "encryption")] + pub fn encrypt( + &self, + rng: impl CryptoRng + RngCore, + password: impl AsRef<[u8]>, + ) -> Result { + let der = Zeroizing::new(self.to_der()?); + EncryptedPrivateKeyInfo::encrypt(rng, password, der.as_ref()) + } + + /// Encrypt this private key using a symmetric encryption key derived + /// from the provided password and [`pbes2::Parameters`]. + #[cfg(feature = "encryption")] + pub fn encrypt_with_params( + &self, + pbes2_params: pbes2::Parameters<'_>, + password: impl AsRef<[u8]>, + ) -> Result { + let der = Zeroizing::new(self.to_der()?); + EncryptedPrivateKeyInfo::encrypt_with(pbes2_params, password, der.as_ref()) + } + + /// Get a `BIT STRING` representation of the public key, if present. + fn public_key_bit_string(&self) -> der::Result>>> { + self.public_key + .map(|pk| { + BitStringRef::from_bytes(pk).map(|value| ContextSpecific { + tag_number: PUBLIC_KEY_TAG, + tag_mode: TagMode::Implicit, + value, + }) + }) + .transpose() + } +} + +impl<'a> DecodeValue<'a> for PrivateKeyInfo<'a> { + fn decode_value>( + reader: &mut R, + header: Header, + ) -> der::Result> { + reader.read_nested(header.length, |reader| { + // Parse and validate `version` INTEGER. + let version = Version::decode(reader)?; + let algorithm = reader.decode()?; + let private_key = OctetStringRef::decode(reader)?.into(); + let public_key = reader + .context_specific::>(PUBLIC_KEY_TAG, TagMode::Implicit)? + .map(|bs| { + bs.as_bytes() + .ok_or_else(|| der::Tag::BitString.value_error()) + }) + .transpose()?; + + if version.has_public_key() != public_key.is_some() { + return Err(reader.error( + der::Tag::ContextSpecific { + constructed: true, + number: PUBLIC_KEY_TAG, + } + .value_error() + .kind(), + )); + } + + // Ignore any remaining extension fields + while !reader.is_finished() { + reader.decode::>>()?; + } + + Ok(Self { + algorithm, + private_key, + public_key, + }) + }) + } +} + +impl EncodeValue for PrivateKeyInfo<'_> { + fn value_len(&self) -> der::Result { + self.version().encoded_len()? + + self.algorithm.encoded_len()? + + OctetStringRef::new(self.private_key)?.encoded_len()? + + self.public_key_bit_string()?.encoded_len()? + } + + fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> { + self.version().encode(writer)?; + self.algorithm.encode(writer)?; + OctetStringRef::new(self.private_key)?.encode(writer)?; + self.public_key_bit_string()?.encode(writer)?; + Ok(()) + } +} + +impl<'a> Sequence<'a> for PrivateKeyInfo<'a> {} + +impl<'a> TryFrom<&'a [u8]> for PrivateKeyInfo<'a> { + type Error = Error; + + fn try_from(bytes: &'a [u8]) -> Result { + Ok(Self::from_der(bytes)?) + } +} + +impl<'a> fmt::Debug for PrivateKeyInfo<'a> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("PrivateKeyInfo") + .field("version", &self.version()) + .field("algorithm", &self.algorithm) + .field("public_key", &self.public_key) + .finish_non_exhaustive() + } +} + +#[cfg(feature = "alloc")] +impl TryFrom> for SecretDocument { + type Error = Error; + + fn try_from(private_key: PrivateKeyInfo<'_>) -> Result { + SecretDocument::try_from(&private_key) + } +} + +#[cfg(feature = "alloc")] +impl TryFrom<&PrivateKeyInfo<'_>> for SecretDocument { + type Error = Error; + + fn try_from(private_key: &PrivateKeyInfo<'_>) -> Result { + Ok(Self::encode_msg(private_key)?) + } +} + +#[cfg(feature = "pem")] +impl PemLabel for PrivateKeyInfo<'_> { + const PEM_LABEL: &'static str = "PRIVATE KEY"; +} + +#[cfg(feature = "subtle")] +impl<'a> ConstantTimeEq for PrivateKeyInfo<'a> { + fn ct_eq(&self, other: &Self) -> Choice { + // NOTE: public fields are not compared in constant time + let public_fields_eq = + self.algorithm == other.algorithm && self.public_key == other.public_key; + + self.private_key.ct_eq(other.private_key) & Choice::from(public_fields_eq as u8) + } +} + +#[cfg(feature = "subtle")] +impl<'a> Eq for PrivateKeyInfo<'a> {} + +#[cfg(feature = "subtle")] +impl<'a> PartialEq for PrivateKeyInfo<'a> { + fn eq(&self, other: &Self) -> bool { + self.ct_eq(other).into() + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/traits.rs b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/traits.rs new file mode 100644 index 000000000000..b4f80b2e76ea --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/traits.rs @@ -0,0 +1,140 @@ +//! Traits for parsing objects from PKCS#8 encoded documents + +use crate::{Error, PrivateKeyInfo, Result}; + +#[cfg(feature = "alloc")] +use der::SecretDocument; + +#[cfg(feature = "encryption")] +use { + crate::EncryptedPrivateKeyInfo, + rand_core::{CryptoRng, RngCore}, +}; + +#[cfg(feature = "pem")] +use {crate::LineEnding, alloc::string::String, der::zeroize::Zeroizing}; + +#[cfg(feature = "pem")] +use der::pem::PemLabel; + +#[cfg(feature = "std")] +use std::path::Path; + +/// Parse a private key object from a PKCS#8 encoded document. +pub trait DecodePrivateKey: Sized { + /// Deserialize PKCS#8 private key from ASN.1 DER-encoded data + /// (binary format). + fn from_pkcs8_der(bytes: &[u8]) -> Result; + + /// Deserialize encrypted PKCS#8 private key from ASN.1 DER-encoded data + /// (binary format) and attempt to decrypt it using the provided password. + #[cfg(feature = "encryption")] + fn from_pkcs8_encrypted_der(bytes: &[u8], password: impl AsRef<[u8]>) -> Result { + let doc = EncryptedPrivateKeyInfo::try_from(bytes)?.decrypt(password)?; + Self::from_pkcs8_der(doc.as_bytes()) + } + + /// Deserialize PKCS#8-encoded private key from PEM. + /// + /// Keys in this format begin with the following delimiter: + /// + /// ```text + /// -----BEGIN PRIVATE KEY----- + /// ``` + #[cfg(feature = "pem")] + fn from_pkcs8_pem(s: &str) -> Result { + let (label, doc) = SecretDocument::from_pem(s)?; + PrivateKeyInfo::validate_pem_label(label)?; + Self::from_pkcs8_der(doc.as_bytes()) + } + + /// Deserialize encrypted PKCS#8-encoded private key from PEM and attempt + /// to decrypt it using the provided password. + /// + /// Keys in this format begin with the following delimiter: + /// + /// ```text + /// -----BEGIN ENCRYPTED PRIVATE KEY----- + /// ``` + #[cfg(all(feature = "encryption", feature = "pem"))] + fn from_pkcs8_encrypted_pem(s: &str, password: impl AsRef<[u8]>) -> Result { + let (label, doc) = SecretDocument::from_pem(s)?; + EncryptedPrivateKeyInfo::validate_pem_label(label)?; + Self::from_pkcs8_encrypted_der(doc.as_bytes(), password) + } + + /// Load PKCS#8 private key from an ASN.1 DER-encoded file on the local + /// filesystem (binary format). + #[cfg(feature = "std")] + fn read_pkcs8_der_file(path: impl AsRef) -> Result { + Self::from_pkcs8_der(SecretDocument::read_der_file(path)?.as_bytes()) + } + + /// Load PKCS#8 private key from a PEM-encoded file on the local filesystem. + #[cfg(all(feature = "pem", feature = "std"))] + fn read_pkcs8_pem_file(path: impl AsRef) -> Result { + let (label, doc) = SecretDocument::read_pem_file(path)?; + PrivateKeyInfo::validate_pem_label(&label)?; + Self::from_pkcs8_der(doc.as_bytes()) + } +} + +impl DecodePrivateKey for T +where + T: for<'a> TryFrom, Error = Error>, +{ + fn from_pkcs8_der(bytes: &[u8]) -> Result { + Self::try_from(PrivateKeyInfo::try_from(bytes)?) + } +} + +/// Serialize a private key object to a PKCS#8 encoded document. +#[cfg(feature = "alloc")] +pub trait EncodePrivateKey { + /// Serialize a [`SecretDocument`] containing a PKCS#8-encoded private key. + fn to_pkcs8_der(&self) -> Result; + + /// Create an [`SecretDocument`] containing the ciphertext of + /// a PKCS#8 encoded private key encrypted under the given `password`. + #[cfg(feature = "encryption")] + fn to_pkcs8_encrypted_der( + &self, + rng: impl CryptoRng + RngCore, + password: impl AsRef<[u8]>, + ) -> Result { + EncryptedPrivateKeyInfo::encrypt(rng, password, self.to_pkcs8_der()?.as_bytes()) + } + + /// Serialize this private key as PEM-encoded PKCS#8 with the given [`LineEnding`]. + #[cfg(feature = "pem")] + fn to_pkcs8_pem(&self, line_ending: LineEnding) -> Result> { + let doc = self.to_pkcs8_der()?; + Ok(doc.to_pem(PrivateKeyInfo::PEM_LABEL, line_ending)?) + } + + /// Serialize this private key as an encrypted PEM-encoded PKCS#8 private + /// key using the `provided` to derive an encryption key. + #[cfg(all(feature = "encryption", feature = "pem"))] + fn to_pkcs8_encrypted_pem( + &self, + rng: impl CryptoRng + RngCore, + password: impl AsRef<[u8]>, + line_ending: LineEnding, + ) -> Result> { + let doc = self.to_pkcs8_encrypted_der(rng, password)?; + Ok(doc.to_pem(EncryptedPrivateKeyInfo::PEM_LABEL, line_ending)?) + } + + /// Write ASN.1 DER-encoded PKCS#8 private key to the given path + #[cfg(feature = "std")] + fn write_pkcs8_der_file(&self, path: impl AsRef) -> Result<()> { + Ok(self.to_pkcs8_der()?.write_der_file(path)?) + } + + /// Write ASN.1 DER-encoded PKCS#8 private key to the given path + #[cfg(all(feature = "pem", feature = "std"))] + fn write_pkcs8_pem_file(&self, path: impl AsRef, line_ending: LineEnding) -> Result<()> { + let doc = self.to_pkcs8_der()?; + Ok(doc.write_pem_file(path, PrivateKeyInfo::PEM_LABEL, line_ending)?) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/version.rs b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/version.rs new file mode 100644 index 000000000000..0ca80bc482bd --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/version.rs @@ -0,0 +1,63 @@ +//! PKCS#8 version identifier. + +use crate::Error; +use der::{Decode, Encode, FixedTag, Reader, Tag, Writer}; + +/// Version identifier for PKCS#8 documents. +/// +/// (RFC 5958 designates `0` and `1` as the only valid versions for PKCS#8 documents) +#[derive(Clone, Debug, Copy, PartialEq, Eq)] +pub enum Version { + /// Denotes PKCS#8 v1: no public key field. + V1 = 0, + + /// Denotes PKCS#8 v2: `OneAsymmetricKey` with public key field. + V2 = 1, +} + +impl Version { + /// Is this version expected to have a public key? + pub fn has_public_key(self) -> bool { + match self { + Version::V1 => false, + Version::V2 => true, + } + } +} + +impl<'a> Decode<'a> for Version { + fn decode>(decoder: &mut R) -> der::Result { + Version::try_from(u8::decode(decoder)?).map_err(|_| Self::TAG.value_error()) + } +} + +impl Encode for Version { + fn encoded_len(&self) -> der::Result { + der::Length::from(1u8).for_tlv() + } + + fn encode(&self, writer: &mut impl Writer) -> der::Result<()> { + u8::from(*self).encode(writer) + } +} + +impl From for u8 { + fn from(version: Version) -> Self { + version as u8 + } +} + +impl TryFrom for Version { + type Error = Error; + fn try_from(byte: u8) -> Result { + match byte { + 0 => Ok(Version::V1), + 1 => Ok(Version::V2), + _ => Err(Self::TAG.value_error().into()), + } + } +} + +impl FixedTag for Version { + const TAG: Tag = Tag::Integer; +} diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/encrypted_private_key.rs b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/encrypted_private_key.rs new file mode 100644 index 000000000000..dbe0a18e7f41 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/encrypted_private_key.rs @@ -0,0 +1,234 @@ +//! Encrypted PKCS#8 private key tests. + +#![cfg(feature = "pkcs5")] + +use hex_literal::hex; +use pkcs8::{pkcs5::pbes2, EncryptedPrivateKeyInfo, PrivateKeyInfo}; + +#[cfg(feature = "alloc")] +use der::Encode; + +#[cfg(feature = "pem")] +use der::EncodePem; + +/// Ed25519 PKCS#8 private key plaintext encoded as ASN.1 DER +#[cfg(feature = "encryption")] +const ED25519_DER_PLAINTEXT_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-priv-pkcs8v1.der"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + AES-128-CBC + PBKDF2-SHA1) encoded as ASN.1 DER. +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 aes256-cbc -v2prf hmacWithSHA1 -topk8 -inform der -in ed25519-priv.der -outform der -out ed25519-encpriv-aes128-pbkdf2-sha1.der +/// ``` +const ED25519_DER_AES128_PBKDF2_SHA1_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-aes128-pbkdf2-sha1.der"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + AES-256-CBC + PBKDF2-SHA256) encoded as ASN.1 DER. +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 aes256-cbc -v2prf hmacWithSHA256 -topk8 -inform der -in ed25519-priv.der -outform der -out ed25519-encpriv-aes256-pbkdf2-sha256.der +/// ``` +const ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-aes256-pbkdf2-sha256.der"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + AES-256-CBC + scrypt) encoded as ASN.1 DER. +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 aes256-cbc -scrypt -topk8 -inform der -in ed25519-priv.der -outform der -out ed25519-encpriv-aes256-scrypt.der +/// ``` +#[cfg(feature = "encryption")] +const ED25519_DER_AES256_SCRYPT_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-aes256-scrypt.der"); + +/// Ed25519 PKCS#8 encrypted private key encoded as PEM +#[cfg(feature = "pem")] +const ED25519_PEM_AES256_PBKDF2_SHA256_EXAMPLE: &str = + include_str!("examples/ed25519-encpriv-aes256-pbkdf2-sha256.pem"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + 3DES + PBKDF2-SHA256) encoded as ASN.1 DER +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 des3 -topk8 -inform der -in ed25519-priv-pkcs8v1.der -outform der -out ed25519-encpriv-des3-pbkdf2-sha256.der +/// ``` +#[cfg(feature = "3des")] +const ED25519_DER_DES3_PBKDF2_SHA256_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-des3-pbkdf2-sha256.der"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + DES + PBKDF2-SHA256) encoded as ASN.1 DER +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 des -topk8 -inform der -in ed25519-priv-pkcs8v1.der -outform der -out ed25519-encpriv-des3-pbkdf2-sha256.der +/// ``` +#[cfg(feature = "des-insecure")] +const ED25519_DER_DES_PBKDF2_SHA256_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-des-pbkdf2-sha256.der"); + +/// Password used to encrypt the keys. +#[cfg(feature = "encryption")] +const PASSWORD: &[u8] = b"hunter42"; // Bad password; don't actually use outside tests! + +#[test] +fn decode_ed25519_encpriv_aes128_pbkdf2_sha1_der() { + let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES128_PBKDF2_SHA1_EXAMPLE).unwrap(); + + assert_eq!( + pk.encryption_algorithm.oid(), + "1.2.840.113549.1.5.13".parse().unwrap() + ); // PBES2 + + let pbes2_params = pk.encryption_algorithm.pbes2().unwrap(); + let pbkdf2_params = pbes2_params.kdf.pbkdf2().unwrap(); + + assert_eq!(pbkdf2_params.salt, hex!("e8765e01e43b6bad")); + assert_eq!(pbkdf2_params.iteration_count, 2048); + assert_eq!(pbkdf2_params.key_length, None); + assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha1); + + match pbes2_params.encryption { + pbes2::EncryptionScheme::Aes128Cbc { iv } => { + assert_eq!(iv, &hex!("223080a71bcd2b9a256d876c924979d2")); + } + other => panic!("unexpected encryption scheme: {:?}", other), + } + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/ed25519-encpriv-aes128-sha1.der + assert_eq!( + pk.encrypted_data, + &hex!("4B4D091548EAC381EE7663B21234CD4FF3C9DF664D713394CACCEA7C9B982BD8F29910FABCA4BF7BE0431FAC5C4D657BE997C1F5BF40E2DA465AC1FCC2E30470") + ); +} + +#[test] +fn decode_ed25519_encpriv_aes256_pbkdf2_sha256_der() { + let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap(); + + assert_eq!( + pk.encryption_algorithm.oid(), + "1.2.840.113549.1.5.13".parse().unwrap() + ); // PBES2 + + let pbes2_params = pk.encryption_algorithm.pbes2().unwrap(); + let pbkdf2_params = pbes2_params.kdf.pbkdf2().unwrap(); + + assert_eq!(pbkdf2_params.salt, hex!("79d982e70df91a88")); + assert_eq!(pbkdf2_params.iteration_count, 2048); + assert_eq!(pbkdf2_params.key_length, None); + assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha256); + + match pbes2_params.encryption { + pbes2::EncryptionScheme::Aes256Cbc { iv } => { + assert_eq!(iv, &hex!("b2d02d78b2efd9dff694cf8e0af40925")); + } + other => panic!("unexpected encryption scheme: {:?}", other), + } + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/ed25519-encpriv-aes256-sha256.der + assert_eq!( + pk.encrypted_data, + &hex!("D0CD6C770F4BB87176422305C17401809E226674CE74185D221BFDAA95069890C8882FCE02B05D41BCBF54B035595BCD4154B32593708469B86AACF8815A7B2B") + ); +} + +#[cfg(feature = "encryption")] +#[test] +fn decrypt_ed25519_der_encpriv_aes256_pbkdf2_sha256() { + let enc_pk = + EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap(); + let pk = enc_pk.decrypt(PASSWORD).unwrap(); + assert_eq!(pk.as_bytes(), ED25519_DER_PLAINTEXT_EXAMPLE); +} + +#[cfg(feature = "encryption")] +#[test] +fn decrypt_ed25519_der_encpriv_aes256_scrypt() { + let enc_pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_SCRYPT_EXAMPLE).unwrap(); + let pk = enc_pk.decrypt(PASSWORD).unwrap(); + assert_eq!(pk.as_bytes(), ED25519_DER_PLAINTEXT_EXAMPLE); +} + +#[cfg(feature = "encryption")] +#[test] +fn encrypt_ed25519_der_encpriv_aes256_pbkdf2_sha256() { + let pbes2_params = pkcs5::pbes2::Parameters::pbkdf2_sha256_aes256cbc( + 2048, + &hex!("79d982e70df91a88"), + &hex!("b2d02d78b2efd9dff694cf8e0af40925"), + ) + .unwrap(); + + let pk_plaintext = PrivateKeyInfo::try_from(ED25519_DER_PLAINTEXT_EXAMPLE).unwrap(); + let pk_encrypted = pk_plaintext + .encrypt_with_params(pbes2_params, PASSWORD) + .unwrap(); + + assert_eq!( + pk_encrypted.as_bytes(), + ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE + ); +} + +#[cfg(feature = "encryption")] +#[test] +fn encrypt_ed25519_der_encpriv_aes256_scrypt() { + let scrypt_params = pkcs5::pbes2::Parameters::scrypt_aes256cbc( + pkcs5::scrypt::Params::new(15, 8, 1, 32).unwrap(), + &hex!("E6211E2348AD69E0"), + &hex!("9BD0A6251F2254F9FD5963887C27CF01"), + ) + .unwrap(); + + let pk_plaintext = PrivateKeyInfo::try_from(ED25519_DER_PLAINTEXT_EXAMPLE).unwrap(); + let pk_encrypted = pk_plaintext + .encrypt_with_params(scrypt_params, PASSWORD) + .unwrap(); + + assert_eq!(pk_encrypted.as_bytes(), ED25519_DER_AES256_SCRYPT_EXAMPLE); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_ed25519_encpriv_aes256_pbkdf2_sha256_der() { + let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap(); + assert_eq!( + ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE, + &pk.to_der().unwrap() + ); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_ed25519_encpriv_aes256_pbkdf2_sha256_pem() { + let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap(); + assert_eq!( + ED25519_PEM_AES256_PBKDF2_SHA256_EXAMPLE, + pk.to_pem(Default::default()).unwrap() + ); +} + +#[test] +#[cfg(feature = "3des")] +fn decrypt_ed25519_der_encpriv_des3_pbkdf2_sha256() { + let enc_pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_DES3_PBKDF2_SHA256_EXAMPLE).unwrap(); + let pk = enc_pk.decrypt(PASSWORD).unwrap(); + assert_eq!(pk.as_bytes(), ED25519_DER_PLAINTEXT_EXAMPLE); +} + +#[test] +#[cfg(feature = "des-insecure")] +fn decrypt_ed25519_der_encpriv_des_pbkdf2_sha256() { + let enc_pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_DES_PBKDF2_SHA256_EXAMPLE).unwrap(); + let pk = enc_pk.decrypt(PASSWORD).unwrap(); + assert_eq!(pk.as_bytes(), ED25519_DER_PLAINTEXT_EXAMPLE); +} diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes128-pbkdf2-sha1.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes128-pbkdf2-sha1.der new file mode 100644 index 000000000000..c8d6edf7ce07 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes128-pbkdf2-sha1.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der new file mode 100644 index 000000000000..5170c06e4bfe Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.pem new file mode 100644 index 000000000000..e5d3207a6b4c --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAh52YLnDfkaiAICCAAw +DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEELLQLXiy79nf9pTPjgr0CSUEQNDN +bHcPS7hxdkIjBcF0AYCeImZ0znQYXSIb/aqVBpiQyIgvzgKwXUG8v1SwNVlbzUFU +syWTcIRpuGqs+IFaeys= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-scrypt.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-scrypt.der new file mode 100644 index 000000000000..a045982f76a5 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-scrypt.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-scrypt.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-scrypt.pem new file mode 100644 index 000000000000..1f0562d80e3d --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-aes256-scrypt.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGTME8GCSqGSIb3DQEFDTBCMCEGCSsGAQQB2kcECzAUBAjmIR4jSK1p4AICQAAC +AQgCAQEwHQYJYIZIAWUDBAEqBBCb0KYlHyJU+f1ZY4h8J88BBEDMYrp3PA9JX6s2 +aOT8782wjnig7hXgoVAT9iq+CNqnQgZe6zZtbmyYzDsOfmm9yGHIiv648D26Hixt +mdBtFzYM +-----END ENCRYPTED PRIVATE KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-des-pbkdf2-sha256.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-des-pbkdf2-sha256.der new file mode 100644 index 000000000000..85d3b83b27d5 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-des-pbkdf2-sha256.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-des3-pbkdf2-sha256.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-des3-pbkdf2-sha256.der new file mode 100644 index 000000000000..aed05ab63857 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-encpriv-des3-pbkdf2-sha256.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v1.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v1.der new file mode 100644 index 000000000000..0cfccc3990f4 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v1.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v1.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v1.pem new file mode 100644 index 000000000000..0c0ee10b4b5e --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v1.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIBftnHPp22SewYmmEoMcX8VwI4IHwaqd+9LFPj/15eqF +-----END PRIVATE KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v2.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v2.der new file mode 100644 index 000000000000..3358e8a730ac Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v2.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v2.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v2.pem new file mode 100644 index 000000000000..84961082a4a9 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-priv-pkcs8v2.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MHICAQEwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +oB8wHQYKKoZIhvcNAQkJFDEPDA1DdXJkbGUgQ2hhaXJzgSEAGb9ECWmEzf6FQbrB +Z9w7lshQhqowtrbLDFw4rXAxZuE= +-----END PRIVATE KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-pub.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-pub.der new file mode 100644 index 000000000000..1b602ee1f275 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-pub.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-pub.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-pub.pem new file mode 100644 index 000000000000..6891701f7888 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/ed25519-pub.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEATSkWfz8ZEqb3rfopOgUaFcBexnuPFyZ7HFVQ3OhTvQ0= +-----END PUBLIC KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-priv.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-priv.der new file mode 100644 index 000000000000..c0de45ef22f5 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-priv.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-priv.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-priv.pem new file mode 100644 index 000000000000..09b9343c0c08 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-priv.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgaWJBcVYaYzQN4OfY +afKgVJJVjhoEhotqn4VKhmeIGI2hRANCAAQcrP+1Xy8s79idies3SyaBFSRSgC3u +oJkWBoE32DnPf8SBpESSME1+9mrBF77+g6jQjxVfK1L59hjdRHApBI4P +-----END PRIVATE KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-pub.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-pub.der new file mode 100644 index 000000000000..67c719c7641d Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-pub.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-pub.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-pub.pem new file mode 100644 index 000000000000..ee7e5b612f35 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/p256-pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHKz/tV8vLO/YnYnrN0smgRUkUoAt +7qCZFgaBN9g5z3/EgaREkjBNfvZqwRe+/oOo0I8VXytS+fYY3URwKQSODw== +-----END PUBLIC KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-priv.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-priv.der new file mode 100644 index 000000000000..f4590bbeebd5 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-priv.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-priv.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-priv.pem new file mode 100644 index 000000000000..e2a218c86a3d --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-priv.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2xCxRXxCmqvKC +xj7b4kJDoXDz+iYzvUgzY39Hyk9vNuA6XSnvwxkayA85DYdLOeMPQU/Owfyg7YHl +R+3CzTgsdvYckBiXPbn6U3lyp8cB9rd+CYLfwV/AGSfuXnzZS09Zn/BwE6fIKBvf +Ity8mtfKu3xDEcmC9Y7bchOtRVizMiZtdDrtgZLRiEytuLFHOaja2mbclwgG2ces +RQyxPQ18V1+xmFNPxhvEG8DwV04OATDHu7+9/cn2puLj4q/xy+rIm6V4hFKNVc+w +gyeh6MifTgA88oiOkzJB2daVvLus3JC0Tj4JX6NwWOolsT9eKVy+rG3oOKuMUK9h +4piXW4cvAgMBAAECggEAfsyDYsDtsHQRZCFeIvdKudkboGkAcAz2NpDlEU2O5r3P +uy4/lhRpKmd6CD8Wil5S5ZaOZAe52XxuDkBk+C2gt1ihTxe5t9QfX0jijWVRcE9W +5p56qfpjD8dkKMBtJeRV3PxVt6wrT3ZkP97T/hX/eKuyfmWsxKrQvfbbJ+9gppEM +XEoIXtQydasZwdmXoyxu/8598tGTX25gHu3hYaErXMJ8oh+B0smcPR6gjpDjBTqw +m++nJN7w0MOjwel0DA2fdhJqFJ7Aqn2AeCBUhCVNlR2wfEz5H7ZFTAlliP1ZJNur +6zWcogJSaNAE+dZus9b3rcETm61A8W3eY54RZHN2wQKBgQDcwGEkLU6Sr67nKsUT +ymW593A2+b1+Dm5hRhp+92VCJewVPH5cMaYVem5aE/9uF46HWMHLM9nWu+MXnvGJ +mOQi7Ny+149Oz9vl9PzYrsLJ0NyGRzypvRbZ0jjSH7Xd776xQ8ph0L1qqNkfM6CX +eQ6WQNvJEIXcXyY0O6MTj2stZwKBgQDT8xR1fkDpVINvkr4kI2ry8NoEo0ZTwYCv +Z+lgCG2T/eZcsj79nQk3R2L1mB42GEmvaM3XU5T/ak4G62myCeQijbLfpw5A9/l1 +ClKBdmR7eI0OV3eiy4si480mf/cLTzsC06r7DhjFkKVksDGIsKpfxIFWsHYiIUJD +vRIn76fy+QKBgQDOaLesGw0QDWNuVUiHU8XAmEP9s5DicF33aJRXyb2Nl2XjCXhh +fi78gEj0wyQgbbhgh7ZU6Xuz1GTn7j+M2D/hBDb33xjpqWPE5kkR1n7eNAQvLibj +06GtNGra1rm39ncIywlOYt7p/01dZmmvmIryJV0c6O0xfGp9hpHaNU0S2wKBgCX2 +5ZRCIChrTfu/QjXA7lhD0hmAkYlRINbKeyALgm0+znOOLgBJj6wKKmypacfww8oa +sLxAKXEyvnU4177fTLDvxrmO99ulT1aqmaq85TTEnCeUfUZ4xRxjx4x84WhyMbTI +61h65u8EgMuvT8AXPP1Yen5nr1FfubnedREYOXIpAoGAMZlUBtQGIHyt6uo1s40E +DF+Kmhrggn6e0GsVPYO2ghk1tLNqgr6dVseRtYwnJxpXk9U6HWV8CJl5YLFDPlFx +mH9FLxRKfHIwbWPh0//Atxt1qwjy5FpILpiEUcvkeOEusijQdFbJJLZvbO0EjYU/ +Uz4xpoYU8cPObY7JmDznKvc= +-----END PRIVATE KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-pub.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-pub.der new file mode 100644 index 000000000000..4148aaaaaffc Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-pub.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-pub.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-pub.pem new file mode 100644 index 000000000000..5ecd892394ee --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/rsa2048-pub.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsQsUV8QpqrygsY+2+JC +Q6Fw8/omM71IM2N/R8pPbzbgOl0p78MZGsgPOQ2HSznjD0FPzsH8oO2B5Uftws04 +LHb2HJAYlz25+lN5cqfHAfa3fgmC38FfwBkn7l582UtPWZ/wcBOnyCgb3yLcvJrX +yrt8QxHJgvWO23ITrUVYszImbXQ67YGS0YhMrbixRzmo2tpm3JcIBtnHrEUMsT0N +fFdfsZhTT8YbxBvA8FdODgEwx7u/vf3J9qbi4+Kv8cvqyJuleIRSjVXPsIMnoejI +n04APPKIjpMyQdnWlby7rNyQtE4+CV+jcFjqJbE/Xilcvqxt6DirjFCvYeKYl1uH +LwIDAQAB +-----END PUBLIC KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/x25519-priv.der b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/x25519-priv.der new file mode 100644 index 000000000000..79355d27c7f0 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/x25519-priv.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/x25519-priv.pem b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/x25519-priv.pem new file mode 100644 index 000000000000..501f95da6720 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/examples/x25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VuBCIEIHBgJSkzrG56SpsOsmMsWgQKhyV624aaPszD0WtyTyZH +-----END PRIVATE KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/private_key.rs b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/private_key.rs new file mode 100644 index 000000000000..1ef0f7361755 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/private_key.rs @@ -0,0 +1,187 @@ +//! PKCS#8 private key tests + +use der::asn1::ObjectIdentifier; +use hex_literal::hex; +use pkcs8::{PrivateKeyInfo, Version}; + +#[cfg(feature = "alloc")] +use der::Encode; + +#[cfg(feature = "pem")] +use der::{pem::LineEnding, EncodePem}; + +/// Elliptic Curve (P-256) PKCS#8 private key encoded as ASN.1 DER +const EC_P256_DER_EXAMPLE: &[u8] = include_bytes!("examples/p256-priv.der"); + +/// Ed25519 PKCS#8 v1 private key encoded as ASN.1 DER +const ED25519_DER_V1_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-priv-pkcs8v1.der"); + +/// Ed25519 PKCS#8 v2 private key + public key encoded as ASN.1 DER +const ED25519_DER_V2_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-priv-pkcs8v2.der"); + +/// RSA-2048 PKCS#8 private key encoded as ASN.1 DER +const RSA_2048_DER_EXAMPLE: &[u8] = include_bytes!("examples/rsa2048-priv.der"); + +/// X25519 PKCS#8 private key encoded as ASN.1 DER +const X25519_DER_EXAMPLE: &[u8] = include_bytes!("examples/x25519-priv.der"); + +/// Elliptic Curve (P-256) PKCS#8 private key encoded as PEM +#[cfg(feature = "pem")] +const EC_P256_PEM_EXAMPLE: &str = include_str!("examples/p256-priv.pem"); + +/// Ed25519 PKCS#8 private key encoded as PEM +#[cfg(feature = "pem")] +const ED25519_PEM_V1_EXAMPLE: &str = include_str!("examples/ed25519-priv-pkcs8v1.pem"); + +/// RSA-2048 PKCS#8 private key encoded as PEM +#[cfg(feature = "pem")] +const RSA_2048_PEM_EXAMPLE: &str = include_str!("examples/rsa2048-priv.pem"); + +/// X25519 PKCS#8 private key encoded as PEM +#[cfg(feature = "pem")] +const X25519_PEM_EXAMPLE: &str = include_str!("examples/x25519-priv.pem"); + +#[test] +fn decode_ec_p256_der() { + let pk = PrivateKeyInfo::try_from(EC_P256_DER_EXAMPLE).unwrap(); + + assert_eq!(pk.version(), Version::V1); + assert_eq!(pk.algorithm.oid, "1.2.840.10045.2.1".parse().unwrap()); + + assert_eq!( + pk.algorithm + .parameters + .unwrap() + .decode_as::() + .unwrap(), + "1.2.840.10045.3.1.7".parse().unwrap() + ); + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/p256-priv.der + assert_eq!(pk.private_key, &hex!("306B020101042069624171561A63340DE0E7D869F2A05492558E1A04868B6A9F854A866788188DA144034200041CACFFB55F2F2CEFD89D89EB374B2681152452802DEEA09916068137D839CF7FC481A44492304D7EF66AC117BEFE83A8D08F155F2B52F9F618DD447029048E0F")[..]); +} + +// Test vector from RFC8410 Section 10.3: +// https://datatracker.ietf.org/doc/html/rfc8410#section-10.3 +#[test] +fn decode_ed25519_der_v1() { + let pk = PrivateKeyInfo::try_from(ED25519_DER_V1_EXAMPLE).unwrap(); + assert_eq!(pk.version(), Version::V1); + assert_eq!(pk.algorithm.oid, "1.3.101.112".parse().unwrap()); + assert_eq!(pk.algorithm.parameters, None); + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/ed25519-priv.der + assert_eq!( + pk.private_key, + &hex!("042017ED9C73E9DB649EC189A612831C5FC570238207C1AA9DFBD2C53E3FF5E5EA85")[..] + ); +} + +// Test vector from RFC8410 Section 10.3: +// https://datatracker.ietf.org/doc/html/rfc8410#section-10.3 +#[test] +fn decode_ed25519_der_v2() { + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/ed25519-priv-pkcs8v2.der + const PRIV_KEY: [u8; 34] = + hex!("0420D4EE72DBF913584AD5B6D8F1F769F8AD3AFE7C28CBF1D4FBE097A88F44755842"); + const PUB_KEY: [u8; 32] = + hex!("19BF44096984CDFE8541BAC167DC3B96C85086AA30B6B6CB0C5C38AD703166E1"); + + let pk = PrivateKeyInfo::try_from(ED25519_DER_V2_EXAMPLE).unwrap(); + assert_eq!(pk.version(), Version::V2); + assert_eq!(pk.algorithm.oid, "1.3.101.112".parse().unwrap()); + assert_eq!(pk.algorithm.parameters, None); + assert_eq!(pk.private_key, PRIV_KEY); + assert_eq!(pk.public_key, Some(&PUB_KEY[..])); +} + +#[test] +fn decode_rsa_2048_der() { + let pk = PrivateKeyInfo::try_from(RSA_2048_DER_EXAMPLE).unwrap(); + assert_eq!(pk.version(), Version::V1); + assert_eq!(pk.algorithm.oid, "1.2.840.113549.1.1.1".parse().unwrap()); + assert!(pk.algorithm.parameters.unwrap().is_null()); + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/rsa2048-priv.der + assert_eq!(pk.private_key, &hex!("308204A30201000282010100B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F0203010001028201007ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BDCFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B758A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A6910C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5CC27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DBABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C102818100DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBEB143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D6702818100D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FDE65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E4228DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F902818100CE68B7AC1B0D100D636E55488753C5C09843FDB390E2705DF7689457C9BD8D9765E30978617E2EFC8048F4C324206DB86087B654E97BB3D464E7EE3F8CD83FE10436F7DF18E9A963C4E64911D67EDE34042F2E26E3D3A1AD346ADAD6B9B7F67708CB094E62DEE9FF4D5D6669AF988AF2255D1CE8ED317C6A7D8691DA354D12DB02818025F6E5944220286B4DFBBF4235C0EE5843D2198091895120D6CA7B200B826D3ECE738E2E00498FAC0A2A6CA969C7F0C3CA1AB0BC40297132BE7538D7BEDF4CB0EFC6B98EF7DBA54F56AA99AABCE534C49C27947D4678C51C63C78C7CE1687231B4C8EB587AE6EF0480CBAF4FC0173CFD587A7E67AF515FB9B9DE75111839722902818031995406D406207CADEAEA35B38D040C5F8A9A1AE0827E9ED06B153D83B6821935B4B36A82BE9D56C791B58C27271A5793D53A1D657C08997960B1433E5171987F452F144A7C72306D63E1D3FFC0B71B75AB08F2E45A482E988451CBE478E12EB228D07456C924B66F6CED048D853F533E31A68614F1C3CE6D8EC9983CE72AF7")[..]); +} + +#[test] +fn decode_x25519_der() { + let pk = PrivateKeyInfo::try_from(X25519_DER_EXAMPLE).unwrap(); + assert_eq!(pk.version(), Version::V1); + assert_eq!(pk.algorithm.oid, "1.3.101.110".parse().unwrap()); + assert_eq!(pk.algorithm.parameters, None); + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/x25519-priv.der + assert_eq!( + pk.private_key, + &hex!("04207060252933AC6E7A4A9B0EB2632C5A040A87257ADB869A3ECCC3D16B724F2647")[..] + ); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_ec_p256_der() { + let pk = PrivateKeyInfo::try_from(EC_P256_DER_EXAMPLE).unwrap(); + let pk_encoded = pk.to_der().unwrap(); + assert_eq!(EC_P256_DER_EXAMPLE, pk_encoded); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_ed25519_der_v1() { + let pk = PrivateKeyInfo::try_from(ED25519_DER_V1_EXAMPLE).unwrap(); + assert_eq!(ED25519_DER_V1_EXAMPLE, pk.to_der().unwrap()); +} + +#[test] +#[cfg(all(feature = "alloc", feature = "subtle"))] +fn encode_ed25519_der_v2() { + let private_key = PrivateKeyInfo::try_from(ED25519_DER_V2_EXAMPLE).unwrap(); + let private_der = private_key.to_der().unwrap(); + assert_eq!( + private_key, + PrivateKeyInfo::try_from(private_der.as_ref()).unwrap() + ); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_rsa_2048_der() { + let pk = PrivateKeyInfo::try_from(RSA_2048_DER_EXAMPLE).unwrap(); + assert_eq!(RSA_2048_DER_EXAMPLE, &pk.to_der().unwrap()); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_ec_p256_pem() { + let pk = PrivateKeyInfo::try_from(EC_P256_DER_EXAMPLE).unwrap(); + assert_eq!(EC_P256_PEM_EXAMPLE, pk.to_pem(LineEnding::LF).unwrap()); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_ed25519_pem() { + let pk = PrivateKeyInfo::try_from(ED25519_DER_V1_EXAMPLE).unwrap(); + assert_eq!(ED25519_PEM_V1_EXAMPLE, pk.to_pem(LineEnding::LF).unwrap()); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_rsa_2048_pem() { + let pk = PrivateKeyInfo::try_from(RSA_2048_DER_EXAMPLE).unwrap(); + assert_eq!(RSA_2048_PEM_EXAMPLE, pk.to_pem(LineEnding::LF).unwrap()); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_x25519_pem() { + let pk = PrivateKeyInfo::try_from(X25519_DER_EXAMPLE).unwrap(); + assert_eq!(X25519_PEM_EXAMPLE, pk.to_pem(LineEnding::LF).unwrap()); +} diff --git a/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/traits.rs b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/traits.rs new file mode 100644 index 000000000000..4a603bb94e33 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/tests/traits.rs @@ -0,0 +1,102 @@ +//! Tests for PKCS#8 encoding/decoding traits. + +#![cfg(any(feature = "pem", feature = "std"))] + +use der::Encode; +use pkcs8::{DecodePrivateKey, EncodePrivateKey, Error, PrivateKeyInfo, Result, SecretDocument}; + +#[cfg(feature = "pem")] +use pkcs8::der::pem::LineEnding; + +#[cfg(feature = "std")] +use tempfile::tempdir; + +#[cfg(all(feature = "pem", feature = "std"))] +use std::fs; + +/// Ed25519 `PrivateKeyInfo` encoded as ASN.1 DER +const ED25519_DER_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-priv-pkcs8v1.der"); + +/// Ed25519 private key encoded as PEM +#[cfg(feature = "pem")] +const ED25519_PEM_EXAMPLE: &str = include_str!("examples/ed25519-priv-pkcs8v1.pem"); + +/// Mock key type for testing trait impls against. +pub struct MockKey(Vec); + +impl AsRef<[u8]> for MockKey { + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } +} + +impl EncodePrivateKey for MockKey { + fn to_pkcs8_der(&self) -> Result { + Ok(SecretDocument::try_from(self.as_ref())?) + } +} + +impl TryFrom> for MockKey { + type Error = Error; + + fn try_from(pkcs8: PrivateKeyInfo<'_>) -> Result { + Ok(MockKey(pkcs8.to_der()?)) + } +} + +#[cfg(feature = "pem")] +#[test] +fn from_pkcs8_pem() { + let key = MockKey::from_pkcs8_pem(ED25519_PEM_EXAMPLE).unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(feature = "std")] +#[test] +fn read_pkcs8_der_file() { + let key = MockKey::read_pkcs8_der_file("tests/examples/ed25519-priv-pkcs8v1.der").unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(all(feature = "pem", feature = "std"))] +#[test] +fn read_pkcs8_pem_file() { + let key = MockKey::read_pkcs8_pem_file("tests/examples/ed25519-priv-pkcs8v1.pem").unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(feature = "pem")] +#[test] +fn to_pkcs8_pem() { + let pem = MockKey(ED25519_DER_EXAMPLE.to_vec()) + .to_pkcs8_pem(LineEnding::LF) + .unwrap(); + + assert_eq!(&*pem, ED25519_PEM_EXAMPLE); +} + +#[cfg(feature = "std")] +#[test] +fn write_pkcs8_der_file() { + let dir = tempdir().unwrap(); + let path = dir.path().join("example.der"); + MockKey(ED25519_DER_EXAMPLE.to_vec()) + .write_pkcs8_der_file(&path) + .unwrap(); + + let key = MockKey::read_pkcs8_der_file(&path).unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(all(feature = "pem", feature = "std"))] +#[test] +fn write_pkcs8_pem_file() { + let dir = tempdir().unwrap(); + let path = dir.path().join("example.pem"); + MockKey(ED25519_DER_EXAMPLE.to_vec()) + .write_pkcs8_pem_file(&path, LineEnding::LF) + .unwrap(); + + let pem = fs::read_to_string(path).unwrap(); + assert_eq!(&pem, ED25519_PEM_EXAMPLE); +} diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/.cargo_vcs_info.json deleted file mode 100644 index 5910a47a847b..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/.cargo_vcs_info.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "git": { - "sha1": "b6baecc0ea4e2d115e4e10b10c2196b33d42c1da" - }, - "path_in_vcs": "platforms" -} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/.gitignore b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/.gitignore deleted file mode 100644 index a33071aca1d8..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -# ignore the .md file automatically downloaded by the regeneration script -platform-support.md diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/CHANGELOG.md deleted file mode 100644 index a73334eaad90..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/CHANGELOG.md +++ /dev/null @@ -1,104 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -## 3.0.1 (2022-07-20) -### Added -- New tier 3 targets ([#614]) - -## 3.0.0 (2022-04-23) -### Added -- `target_endian` and `target_pointer_width` fields on `Platform` ([#516]) - -### Changed -- Auto-generate platforms registry from rustc ([#516]) -- Make `Platform` struct `#[non_exhaustive]` to allow new fields ([#516]) -- Make `Platform::env` field non-optional ([#516]) - -### Fixed -- `serde` deserializers ([#527]) - -[#516]: https://github.com/rustsec/rustsec/pull/516 -[#527]: https://github.com/rustsec/rustsec/pull/527 - -## 2.0.0 (2021-11-15) -### Added -- New tier 3 targets ([#357]) - -### Changed -- Sync with Rust platform support documentation ([#353]) -- Follow `upper_case_acronyms` conventions ([#473]) -- Make tier modules non-`pub` ([#483]) -- Make `Platform::ALL` an inherent constant ([#484]) - -[#353]: https://github.com/rustsec/rustsec/pull/353 -[#357]: https://github.com/rustsec/rustsec/pull/357 -[#473]: https://github.com/rustsec/rustsec/pull/473 -[#483]: https://github.com/rustsec/rustsec/pull/483 -[#484]: https://github.com/rustsec/rustsec/pull/484 - -## 1.1.0 (2020-12-28) -### Added -- `aarch64-apple-darwin` platform definition - -## 1.0.3 (2020-10-29) -### Changed -- Source `Platform::guess_current` from `$TARGET` environment variable when - available - -## 1.0.2 (2020-09-14) -### Removed -- `const fn` on `Platforms::all` - -## 1.0.1 (2020-09-14) [YANKED] -### Changed -- Make `Platform::all()` a `const fn` -- Refactor `Platform::find` and `::guess_current` -- Rename `ALL_PLATFORMS` to `Platform::all()` - -## 1.0.0 (2020-09-13) [YANKED] -### Added -- Ensure all types have `FromStr`, `Display`, and `serde` impls -- `aarch64-pc-windows-msvc` platform - -### Changed -- Make extensible enums `non_exhaustive`; MSRV 1.40+ - -## 0.2.1 (2019-09-24) - -- Initial GitHub Actions config -- Properly set up `target::os::TARGET_OS` const for unknown OS - -## 0.2.0 (2019-01-13) - -- Update platforms to match RustForge -- Update to Rust 2018 edition - -## 0.1.4 (2018-07-29) - -- `x86_64-apple-darwin`: fix typo in target triple name -- Have markdown-table-gen output links to Platform structs on docs.rs - -## 0.1.3 (2018-07-28) - -- Fix Travis CI badge in Cargo.toml - -## 0.1.2 (2018-07-27) - -- Add table of supported platforms to README.md using Markdown generator - -## 0.1.1 (2018-07-27) - -- Impl `Display` and `std::error::Error` traits for `packages::Error` - -## 0.1.0 (2018-07-26) - -- Add `guess_current()` -- Optional serde support - -## 0.0.1 (2018-07-26) - -- Initial release diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/Cargo.toml deleted file mode 100644 index ee4f66d68465..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/Cargo.toml +++ /dev/null @@ -1,53 +0,0 @@ -# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO -# -# When uploading crates to the registry Cargo will automatically -# "normalize" Cargo.toml files for maximal compatibility -# with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies. -# -# If you are reading this file be aware that the original Cargo.toml -# will likely look very different (and much more reasonable). -# See Cargo.toml.orig for the original contents. - -[package] -edition = "2018" -name = "platforms" -version = "3.2.0" -authors = [ - "Tony Arcieri ", - "Sergey \"Shnatsel\" Davidoff ", -] -exclude = [ - "platforms-data-gen/", - "markdown-table-gen/", - "README.header.md", - "platform-support.md", - "regenerate-platforms-crate.sh", -] -description = """ -Rust platform registry with information about valid Rust platforms (target -triple, target_arch, target_os) sourced from the Rust compiler. -""" -homepage = "https://rustsec.org" -readme = "README.md" -keywords = [ - "architectures", - "cpu", - "os", - "targets", - "triples", -] -categories = [ - "development-tools", - "no-std", -] -license = "Apache-2.0 OR MIT" -repository = "https://github.com/rustsec/rustsec/tree/main/platforms" - -[dependencies.serde] -version = "1" -optional = true - -[features] -default = ["std"] -std = [] diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/Cargo.toml.orig deleted file mode 100644 index 54ff39f03a86..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/Cargo.toml.orig +++ /dev/null @@ -1,23 +0,0 @@ -[package] -name = "platforms" -description = """ -Rust platform registry with information about valid Rust platforms (target -triple, target_arch, target_os) sourced from the Rust compiler. -""" -version = "3.2.0" -authors = ["Tony Arcieri ", "Sergey \"Shnatsel\" Davidoff "] -license = "Apache-2.0 OR MIT" -homepage = "https://rustsec.org" -repository = "https://github.com/rustsec/rustsec/tree/main/platforms" -readme = "README.md" -categories = ["development-tools", "no-std"] -keywords = ["architectures", "cpu", "os", "targets", "triples"] -edition = "2018" -exclude = ["platforms-data-gen/", "markdown-table-gen/", "README.header.md", "platform-support.md", "regenerate-platforms-crate.sh"] - -[dependencies] -serde = { version = "1", optional = true } - -[features] -default = ["std"] -std = [] diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/README.md b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/README.md deleted file mode 100644 index ca06855fc63b..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/README.md +++ /dev/null @@ -1,523 +0,0 @@ -# RustSec: `platforms` crate - -[![Latest Version][crate-image]][crate-link] -[![Docs][docs-image]][docs-link] -[![Build Status][build-image]][build-link] -![Apache 2/MIT licensed][license-image] -![MSRV][rustc-image] -[![Project Chat][zulip-image]][zulip-link] - -Rust platform registry: provides programmatic access to information -about valid Rust platforms, sourced from the Rust compiler. - -[Documentation][docs-link] - -## About - -This crate provides programmatic access to information about valid Rust -platforms. This is useful for systems which document/inventory information -relevant to Rust platforms. - -It was created for the [RustSec Advisory Database] and is maintained by the -[Rust Secure Code Working Group][wg-secure-code]. - -It is not intended to be a tool for gating builds based on the current platform -or as a replacement for Rust's existing conditional compilation features: -please use those for build purposes. - -## Minimum Supported Rust Version - -Rust **1.40** or higher. - -Minimum supported Rust version may be changed in the future, but it will be -accompanied by a minor version bump. - -## SemVer Policy - -We reserve the right to add and remove platforms from the registry without -bumping major versions. This doesn't change the API, but can break crates that -expect platforms to be there if they are removed. - -If we remove platforms, we will bump the minor version of this crate. - -[//]: # (badges) - -[crate-image]: https://buildstats.info/crate/platforms -[crate-link]: https://crates.io/crates/platforms -[docs-image]: https://docs.rs/platforms/badge.svg -[docs-link]: https://docs.rs/platforms/ -[build-image]: https://github.com/RustSec/rustsec/actions/workflows/platforms.yml/badge.svg -[build-link]: https://github.com/RustSec/rustsec/actions/workflows/platforms.yml -[license-image]: https://img.shields.io/badge/license-Apache2%2FMIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.40+-blue.svg -[zulip-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg -[zulip-link]: https://rust-lang.zulipchat.com/#narrow/stream/146229-wg-secure-code/ - -[//]: # (general links) - -[RustSec Advisory Database]: https://github.com/RustSec -[wg-secure-code]: https://www.rust-lang.org/governance/wgs/wg-secure-code - -## Registered Platforms - -### Tier 1 - -| target triple | target_arch | target_os | target_env | -|----------------------------------------|-------------|------------|------------| -| [aarch64-unknown-linux-gnu] | aarch64 | linux | gnu | -| [i686-pc-windows-gnu] | x86 | windows | gnu | -| [i686-pc-windows-msvc] | x86 | windows | msvc | -| [i686-unknown-linux-gnu] | x86 | linux | gnu | -| [x86_64-apple-darwin] | x86_64 | macos | | -| [x86_64-pc-windows-gnu] | x86_64 | windows | gnu | -| [x86_64-pc-windows-msvc] | x86_64 | windows | msvc | -| [x86_64-unknown-linux-gnu] | x86_64 | linux | gnu | - -### Tier 2 - -| target triple | target_arch | target_os | target_env | -|----------------------------------------|-------------|------------|------------| -| [aarch64-apple-darwin] | aarch64 | macos | | -| [aarch64-apple-ios] | aarch64 | ios | | -| [aarch64-apple-ios-sim] | aarch64 | ios | | -| [aarch64-fuchsia] | aarch64 | fuchsia | | -| [aarch64-linux-android] | aarch64 | android | | -| [aarch64-pc-windows-msvc] | aarch64 | windows | msvc | -| [aarch64-unknown-fuchsia] | aarch64 | fuchsia | | -| [aarch64-unknown-linux-musl] | aarch64 | linux | musl | -| [aarch64-unknown-none] | aarch64 | none | | -| [aarch64-unknown-none-softfloat] | aarch64 | none | | -| [aarch64-unknown-uefi] | aarch64 | uefi | | -| [arm-linux-androideabi] | arm | android | | -| [arm-unknown-linux-gnueabi] | arm | linux | gnu | -| [arm-unknown-linux-gnueabihf] | arm | linux | gnu | -| [arm-unknown-linux-musleabi] | arm | linux | musl | -| [arm-unknown-linux-musleabihf] | arm | linux | musl | -| [armebv7r-none-eabi] | arm | none | | -| [armebv7r-none-eabihf] | arm | none | | -| [armv5te-unknown-linux-gnueabi] | arm | linux | gnu | -| [armv5te-unknown-linux-musleabi] | arm | linux | musl | -| [armv7-linux-androideabi] | arm | android | | -| [armv7-unknown-linux-gnueabi] | arm | linux | gnu | -| [armv7-unknown-linux-gnueabihf] | arm | linux | gnu | -| [armv7-unknown-linux-musleabi] | arm | linux | musl | -| [armv7-unknown-linux-musleabihf] | arm | linux | musl | -| [armv7a-none-eabi] | arm | none | | -| [armv7r-none-eabi] | arm | none | | -| [armv7r-none-eabihf] | arm | none | | -| [asmjs-unknown-emscripten] | wasm32 | emscripten | | -| [i586-pc-windows-msvc] | x86 | windows | msvc | -| [i586-unknown-linux-gnu] | x86 | linux | gnu | -| [i586-unknown-linux-musl] | x86 | linux | musl | -| [i586-unknown-netbsd] | x86 | netbsd | | -| [i686-linux-android] | x86 | android | | -| [i686-unknown-freebsd] | x86 | freebsd | | -| [i686-unknown-linux-musl] | x86 | linux | musl | -| [i686-unknown-uefi] | x86 | uefi | | -| [loongarch64-unknown-linux-gnu] | loongarch64 | linux | gnu | -| [loongarch64-unknown-none] | loongarch64 | none | | -| [loongarch64-unknown-none-softfloat] | loongarch64 | none | | -| [nvptx64-nvidia-cuda] | nvptx64 | cuda | | -| [powerpc-unknown-linux-gnu] | powerpc | linux | gnu | -| [powerpc64-unknown-linux-gnu] | powerpc64 | linux | gnu | -| [powerpc64le-unknown-linux-gnu] | powerpc64 | linux | gnu | -| [riscv32i-unknown-none-elf] | riscv32 | none | | -| [riscv32imac-unknown-none-elf] | riscv32 | none | | -| [riscv32imc-unknown-none-elf] | riscv32 | none | | -| [riscv64gc-unknown-linux-gnu] | riscv64 | linux | gnu | -| [riscv64gc-unknown-none-elf] | riscv64 | none | | -| [riscv64imac-unknown-none-elf] | riscv64 | none | | -| [s390x-unknown-linux-gnu] | s390x | linux | gnu | -| [sparc64-unknown-linux-gnu] | sparc64 | linux | gnu | -| [sparcv9-sun-solaris] | sparc64 | solaris | | -| [thumbv6m-none-eabi] | arm | none | | -| [thumbv7em-none-eabi] | arm | none | | -| [thumbv7em-none-eabihf] | arm | none | | -| [thumbv7m-none-eabi] | arm | none | | -| [thumbv7neon-linux-androideabi] | arm | android | | -| [thumbv7neon-unknown-linux-gnueabihf] | arm | linux | gnu | -| [thumbv8m.base-none-eabi] | arm | none | | -| [thumbv8m.main-none-eabi] | arm | none | | -| [thumbv8m.main-none-eabihf] | arm | none | | -| [wasm32-unknown-emscripten] | wasm32 | emscripten | | -| [wasm32-unknown-unknown] | wasm32 | unknown | | -| [wasm32-wasi] | wasm32 | wasi | | -| [wasm32-wasi-preview1-threads] | wasm32 | wasi | | -| [x86_64-apple-ios] | x86_64 | ios | | -| [x86_64-fortanix-unknown-sgx] | x86_64 | unknown | sgx | -| [x86_64-fuchsia] | x86_64 | fuchsia | | -| [x86_64-linux-android] | x86_64 | android | | -| [x86_64-pc-solaris] | x86_64 | solaris | | -| [x86_64-unknown-freebsd] | x86_64 | freebsd | | -| [x86_64-unknown-fuchsia] | x86_64 | fuchsia | | -| [x86_64-unknown-illumos] | x86_64 | illumos | | -| [x86_64-unknown-linux-gnux32] | x86_64 | linux | gnu | -| [x86_64-unknown-linux-musl] | x86_64 | linux | musl | -| [x86_64-unknown-netbsd] | x86_64 | netbsd | | -| [x86_64-unknown-none] | x86_64 | none | | -| [x86_64-unknown-redox] | x86_64 | redox | relibc | -| [x86_64-unknown-uefi] | x86_64 | uefi | | - -### Tier 3 - -| target triple | target_arch | target_os | target_env | -|----------------------------------------|-------------|------------|------------| -| [aarch64-apple-ios-macabi] | aarch64 | ios | | -| [aarch64-apple-tvos] | aarch64 | tvos | | -| [aarch64-apple-tvos-sim] | aarch64 | tvos | | -| [aarch64-apple-watchos-sim] | aarch64 | watchos | | -| [aarch64-kmc-solid_asp3] | aarch64 | solid_asp3 | | -| [aarch64-nintendo-switch-freestanding] | aarch64 | horizon | | -| [aarch64-pc-windows-gnullvm] | aarch64 | windows | gnu | -| [aarch64-unknown-freebsd] | aarch64 | freebsd | | -| [aarch64-unknown-hermit] | aarch64 | hermit | | -| [aarch64-unknown-linux-gnu_ilp32] | aarch64 | linux | gnu | -| [aarch64-unknown-linux-ohos] | aarch64 | linux | ohos | -| [aarch64-unknown-netbsd] | aarch64 | netbsd | | -| [aarch64-unknown-nto-qnx710] | aarch64 | nto | nto71 | -| [aarch64-unknown-openbsd] | aarch64 | openbsd | | -| [aarch64-unknown-redox] | aarch64 | redox | relibc | -| [aarch64-unknown-teeos] | aarch64 | teeos | | -| [aarch64-uwp-windows-msvc] | aarch64 | windows | msvc | -| [aarch64-wrs-vxworks] | aarch64 | vxworks | gnu | -| [aarch64_be-unknown-linux-gnu] | aarch64 | linux | gnu | -| [aarch64_be-unknown-linux-gnu_ilp32] | aarch64 | linux | gnu | -| [aarch64_be-unknown-netbsd] | aarch64 | netbsd | | -| [arm64_32-apple-watchos] | aarch64 | watchos | | -| [armeb-unknown-linux-gnueabi] | arm | linux | gnu | -| [armv4t-none-eabi] | arm | none | | -| [armv4t-unknown-linux-gnueabi] | arm | linux | gnu | -| [armv5te-none-eabi] | arm | none | | -| [armv5te-unknown-linux-uclibceabi] | arm | linux | uclibc | -| [armv6-unknown-freebsd] | arm | freebsd | gnueabihf | -| [armv6-unknown-netbsd-eabihf] | arm | netbsd | eabihf | -| [armv6k-nintendo-3ds] | arm | horizon | newlib | -| [armv7-sony-vita-newlibeabihf] | arm | vita | newlib | -| [armv7-unknown-freebsd] | arm | freebsd | gnueabihf | -| [armv7-unknown-linux-ohos] | arm | linux | ohos | -| [armv7-unknown-linux-uclibceabi] | arm | linux | uclibc | -| [armv7-unknown-linux-uclibceabihf] | arm | linux | uclibc | -| [armv7-unknown-netbsd-eabihf] | arm | netbsd | eabihf | -| [armv7-wrs-vxworks-eabihf] | arm | vxworks | gnu | -| [armv7a-kmc-solid_asp3-eabi] | arm | solid_asp3 | | -| [armv7a-kmc-solid_asp3-eabihf] | arm | solid_asp3 | | -| [armv7a-none-eabihf] | arm | none | | -| [armv7k-apple-watchos] | arm | watchos | | -| [armv7s-apple-ios] | arm | ios | | -| [avr-unknown-gnu-atmega328] | avr | none | | -| [bpfeb-unknown-none] | bpf | none | | -| [bpfel-unknown-none] | bpf | none | | -| [csky-unknown-linux-gnuabiv2] | csky | linux | gnu | -| [csky-unknown-linux-gnuabiv2hf] | csky | linux | gnu | -| [hexagon-unknown-linux-musl] | hexagon | linux | musl | -| [i386-apple-ios] | x86 | ios | | -| [i586-pc-nto-qnx700] | x86 | nto | nto70 | -| [i686-apple-darwin] | x86 | macos | | -| [i686-pc-windows-gnullvm] | x86 | windows | gnu | -| [i686-unknown-haiku] | x86 | haiku | | -| [i686-unknown-hurd-gnu] | x86 | hurd | gnu | -| [i686-unknown-netbsd] | x86 | netbsd | | -| [i686-unknown-openbsd] | x86 | openbsd | | -| [i686-uwp-windows-gnu] | x86 | windows | gnu | -| [i686-uwp-windows-msvc] | x86 | windows | msvc | -| [i686-wrs-vxworks] | x86 | vxworks | gnu | -| [m68k-unknown-linux-gnu] | m68k | linux | gnu | -| [mips-unknown-linux-gnu] | mips | linux | gnu | -| [mips-unknown-linux-musl] | mips | linux | musl | -| [mips-unknown-linux-uclibc] | mips | linux | uclibc | -| [mips64-openwrt-linux-musl] | mips64 | linux | musl | -| [mips64-unknown-linux-gnuabi64] | mips64 | linux | gnu | -| [mips64-unknown-linux-muslabi64] | mips64 | linux | musl | -| [mips64el-unknown-linux-gnuabi64] | mips64 | linux | gnu | -| [mips64el-unknown-linux-muslabi64] | mips64 | linux | musl | -| [mipsel-sony-psp] | mips | psp | | -| [mipsel-sony-psx] | mips | none | psx | -| [mipsel-unknown-linux-gnu] | mips | linux | gnu | -| [mipsel-unknown-linux-musl] | mips | linux | musl | -| [mipsel-unknown-linux-uclibc] | mips | linux | uclibc | -| [mipsel-unknown-netbsd] | mips | netbsd | | -| [mipsel-unknown-none] | mips | none | | -| [mipsisa32r6-unknown-linux-gnu] | mips32r6 | linux | gnu | -| [mipsisa32r6el-unknown-linux-gnu] | mips32r6 | linux | gnu | -| [mipsisa64r6-unknown-linux-gnuabi64] | mips64r6 | linux | gnu | -| [mipsisa64r6el-unknown-linux-gnuabi64] | mips64r6 | linux | gnu | -| [msp430-none-elf] | msp430 | none | | -| [powerpc-unknown-freebsd] | powerpc | freebsd | | -| [powerpc-unknown-linux-gnuspe] | powerpc | linux | gnu | -| [powerpc-unknown-linux-musl] | powerpc | linux | musl | -| [powerpc-unknown-netbsd] | powerpc | netbsd | | -| [powerpc-unknown-openbsd] | powerpc | openbsd | | -| [powerpc-wrs-vxworks] | powerpc | vxworks | gnu | -| [powerpc-wrs-vxworks-spe] | powerpc | vxworks | gnu | -| [powerpc64-ibm-aix] | powerpc64 | aix | | -| [powerpc64-unknown-freebsd] | powerpc64 | freebsd | | -| [powerpc64-unknown-linux-musl] | powerpc64 | linux | musl | -| [powerpc64-unknown-openbsd] | powerpc64 | openbsd | | -| [powerpc64-wrs-vxworks] | powerpc64 | vxworks | gnu | -| [powerpc64le-unknown-freebsd] | powerpc64 | freebsd | | -| [powerpc64le-unknown-linux-musl] | powerpc64 | linux | musl | -| [riscv32gc-unknown-linux-gnu] | riscv32 | linux | gnu | -| [riscv32gc-unknown-linux-musl] | riscv32 | linux | musl | -| [riscv32im-unknown-none-elf] | riscv32 | none | | -| [riscv32imac-esp-espidf] | riscv32 | espidf | newlib | -| [riscv32imac-unknown-xous-elf] | riscv32 | xous | | -| [riscv32imc-esp-espidf] | riscv32 | espidf | newlib | -| [riscv64-linux-android] | riscv64 | android | | -| [riscv64gc-unknown-freebsd] | riscv64 | freebsd | | -| [riscv64gc-unknown-fuchsia] | riscv64 | fuchsia | | -| [riscv64gc-unknown-hermit] | riscv64 | hermit | | -| [riscv64gc-unknown-linux-musl] | riscv64 | linux | musl | -| [riscv64gc-unknown-netbsd] | riscv64 | netbsd | | -| [riscv64gc-unknown-openbsd] | riscv64 | openbsd | | -| [s390x-unknown-linux-musl] | s390x | linux | musl | -| [sparc-unknown-linux-gnu] | sparc | linux | gnu | -| [sparc-unknown-none-elf] | sparc | none | | -| [sparc64-unknown-netbsd] | sparc64 | netbsd | | -| [sparc64-unknown-openbsd] | sparc64 | openbsd | | -| [thumbv4t-none-eabi] | arm | none | | -| [thumbv5te-none-eabi] | arm | none | | -| [thumbv7a-pc-windows-msvc] | arm | windows | msvc | -| [thumbv7a-uwp-windows-msvc] | arm | windows | msvc | -| [thumbv7neon-unknown-linux-musleabihf] | arm | linux | musl | -| [wasm64-unknown-unknown] | wasm64 | unknown | | -| [x86_64-apple-ios-macabi] | x86_64 | ios | | -| [x86_64-apple-tvos] | x86_64 | tvos | | -| [x86_64-apple-watchos-sim] | x86_64 | watchos | | -| [x86_64-pc-nto-qnx710] | x86_64 | nto | nto71 | -| [x86_64-pc-windows-gnullvm] | x86_64 | windows | gnu | -| [x86_64-sun-solaris] | x86_64 | solaris | | -| [x86_64-unikraft-linux-musl] | x86_64 | linux | musl | -| [x86_64-unknown-dragonfly] | x86_64 | dragonfly | | -| [x86_64-unknown-haiku] | x86_64 | haiku | | -| [x86_64-unknown-hermit] | x86_64 | hermit | | -| [x86_64-unknown-l4re-uclibc] | x86_64 | l4re | uclibc | -| [x86_64-unknown-linux-ohos] | x86_64 | linux | ohos | -| [x86_64-unknown-openbsd] | x86_64 | openbsd | | -| [x86_64-uwp-windows-gnu] | x86_64 | windows | gnu | -| [x86_64-uwp-windows-msvc] | x86_64 | windows | msvc | -| [x86_64-wrs-vxworks] | x86_64 | vxworks | gnu | -| [x86_64h-apple-darwin] | x86_64 | macos | | - -[aarch64-apple-darwin]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_APPLE_DARWIN.html -[aarch64-apple-ios]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_APPLE_IOS.html -[aarch64-apple-ios-macabi]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_APPLE_IOS_MACABI.html -[aarch64-apple-ios-sim]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_APPLE_IOS_SIM.html -[aarch64-apple-tvos]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_APPLE_TVOS.html -[aarch64-apple-tvos-sim]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_APPLE_TVOS_SIM.html -[aarch64-apple-watchos-sim]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_APPLE_WATCHOS_SIM.html -[aarch64-fuchsia]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_FUCHSIA.html -[aarch64-kmc-solid_asp3]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_KMC_SOLID_ASP3.html -[aarch64-linux-android]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_LINUX_ANDROID.html -[aarch64-nintendo-switch-freestanding]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_NINTENDO_SWITCH_FREESTANDING.html -[aarch64-pc-windows-gnullvm]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_PC_WINDOWS_GNULLVM.html -[aarch64-pc-windows-msvc]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_PC_WINDOWS_MSVC.html -[aarch64-unknown-freebsd]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_FREEBSD.html -[aarch64-unknown-fuchsia]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_FUCHSIA.html -[aarch64-unknown-hermit]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_HERMIT.html -[aarch64-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_LINUX_GNU.html -[aarch64-unknown-linux-gnu_ilp32]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_LINUX_GNU_ILP32.html -[aarch64-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_LINUX_MUSL.html -[aarch64-unknown-linux-ohos]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_LINUX_OHOS.html -[aarch64-unknown-netbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_NETBSD.html -[aarch64-unknown-none]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_NONE.html -[aarch64-unknown-none-softfloat]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_NONE_SOFTFLOAT.html -[aarch64-unknown-nto-qnx710]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_NTO_QNX710.html -[aarch64-unknown-openbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_OPENBSD.html -[aarch64-unknown-redox]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_REDOX.html -[aarch64-unknown-teeos]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_TEEOS.html -[aarch64-unknown-uefi]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UNKNOWN_UEFI.html -[aarch64-uwp-windows-msvc]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_UWP_WINDOWS_MSVC.html -[aarch64-wrs-vxworks]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_WRS_VXWORKS.html -[aarch64_be-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_BE_UNKNOWN_LINUX_GNU.html -[aarch64_be-unknown-linux-gnu_ilp32]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_BE_UNKNOWN_LINUX_GNU_ILP32.html -[aarch64_be-unknown-netbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.AARCH64_BE_UNKNOWN_NETBSD.html -[arm-linux-androideabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARM_LINUX_ANDROIDEABI.html -[arm-unknown-linux-gnueabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARM_UNKNOWN_LINUX_GNUEABI.html -[arm-unknown-linux-gnueabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARM_UNKNOWN_LINUX_GNUEABIHF.html -[arm-unknown-linux-musleabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARM_UNKNOWN_LINUX_MUSLEABI.html -[arm-unknown-linux-musleabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARM_UNKNOWN_LINUX_MUSLEABIHF.html -[arm64_32-apple-watchos]: https://docs.rs/platforms/latest/platforms/platform/constant.ARM64_32_APPLE_WATCHOS.html -[armeb-unknown-linux-gnueabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMEB_UNKNOWN_LINUX_GNUEABI.html -[armebv7r-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMEBV7R_NONE_EABI.html -[armebv7r-none-eabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMEBV7R_NONE_EABIHF.html -[armv4t-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV4T_NONE_EABI.html -[armv4t-unknown-linux-gnueabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV4T_UNKNOWN_LINUX_GNUEABI.html -[armv5te-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV5TE_NONE_EABI.html -[armv5te-unknown-linux-gnueabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV5TE_UNKNOWN_LINUX_GNUEABI.html -[armv5te-unknown-linux-musleabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV5TE_UNKNOWN_LINUX_MUSLEABI.html -[armv5te-unknown-linux-uclibceabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV5TE_UNKNOWN_LINUX_UCLIBCEABI.html -[armv6-unknown-freebsd]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV6_UNKNOWN_FREEBSD.html -[armv6-unknown-netbsd-eabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV6_UNKNOWN_NETBSD_EABIHF.html -[armv6k-nintendo-3ds]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV6K_NINTENDO_3DS.html -[armv7-linux-androideabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_LINUX_ANDROIDEABI.html -[armv7-sony-vita-newlibeabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_SONY_VITA_NEWLIBEABIHF.html -[armv7-unknown-freebsd]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_UNKNOWN_FREEBSD.html -[armv7-unknown-linux-gnueabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_UNKNOWN_LINUX_GNUEABI.html -[armv7-unknown-linux-gnueabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_UNKNOWN_LINUX_GNUEABIHF.html -[armv7-unknown-linux-musleabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_UNKNOWN_LINUX_MUSLEABI.html -[armv7-unknown-linux-musleabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_UNKNOWN_LINUX_MUSLEABIHF.html -[armv7-unknown-linux-ohos]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_UNKNOWN_LINUX_OHOS.html -[armv7-unknown-linux-uclibceabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_UNKNOWN_LINUX_UCLIBCEABI.html -[armv7-unknown-linux-uclibceabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_UNKNOWN_LINUX_UCLIBCEABIHF.html -[armv7-unknown-netbsd-eabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_UNKNOWN_NETBSD_EABIHF.html -[armv7-wrs-vxworks-eabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7_WRS_VXWORKS_EABIHF.html -[armv7a-kmc-solid_asp3-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7A_KMC_SOLID_ASP3_EABI.html -[armv7a-kmc-solid_asp3-eabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7A_KMC_SOLID_ASP3_EABIHF.html -[armv7a-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7A_NONE_EABI.html -[armv7a-none-eabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7A_NONE_EABIHF.html -[armv7k-apple-watchos]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7K_APPLE_WATCHOS.html -[armv7r-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7R_NONE_EABI.html -[armv7r-none-eabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7R_NONE_EABIHF.html -[armv7s-apple-ios]: https://docs.rs/platforms/latest/platforms/platform/constant.ARMV7S_APPLE_IOS.html -[asmjs-unknown-emscripten]: https://docs.rs/platforms/latest/platforms/platform/constant.ASMJS_UNKNOWN_EMSCRIPTEN.html -[avr-unknown-gnu-atmega328]: https://docs.rs/platforms/latest/platforms/platform/constant.AVR_UNKNOWN_GNU_ATMEGA328.html -[bpfeb-unknown-none]: https://docs.rs/platforms/latest/platforms/platform/constant.BPFEB_UNKNOWN_NONE.html -[bpfel-unknown-none]: https://docs.rs/platforms/latest/platforms/platform/constant.BPFEL_UNKNOWN_NONE.html -[csky-unknown-linux-gnuabiv2]: https://docs.rs/platforms/latest/platforms/platform/constant.CSKY_UNKNOWN_LINUX_GNUABIV2.html -[csky-unknown-linux-gnuabiv2hf]: https://docs.rs/platforms/latest/platforms/platform/constant.CSKY_UNKNOWN_LINUX_GNUABIV2HF.html -[hexagon-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.HEXAGON_UNKNOWN_LINUX_MUSL.html -[i386-apple-ios]: https://docs.rs/platforms/latest/platforms/platform/constant.I386_APPLE_IOS.html -[i586-pc-nto-qnx700]: https://docs.rs/platforms/latest/platforms/platform/constant.I586_PC_NTO_QNX700.html -[i586-pc-windows-msvc]: https://docs.rs/platforms/latest/platforms/platform/constant.I586_PC_WINDOWS_MSVC.html -[i586-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.I586_UNKNOWN_LINUX_GNU.html -[i586-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.I586_UNKNOWN_LINUX_MUSL.html -[i586-unknown-netbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.I586_UNKNOWN_NETBSD.html -[i686-apple-darwin]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_APPLE_DARWIN.html -[i686-linux-android]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_LINUX_ANDROID.html -[i686-pc-windows-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_PC_WINDOWS_GNU.html -[i686-pc-windows-gnullvm]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_PC_WINDOWS_GNULLVM.html -[i686-pc-windows-msvc]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_PC_WINDOWS_MSVC.html -[i686-unknown-freebsd]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UNKNOWN_FREEBSD.html -[i686-unknown-haiku]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UNKNOWN_HAIKU.html -[i686-unknown-hurd-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UNKNOWN_HURD_GNU.html -[i686-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UNKNOWN_LINUX_GNU.html -[i686-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UNKNOWN_LINUX_MUSL.html -[i686-unknown-netbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UNKNOWN_NETBSD.html -[i686-unknown-openbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UNKNOWN_OPENBSD.html -[i686-unknown-uefi]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UNKNOWN_UEFI.html -[i686-uwp-windows-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UWP_WINDOWS_GNU.html -[i686-uwp-windows-msvc]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_UWP_WINDOWS_MSVC.html -[i686-wrs-vxworks]: https://docs.rs/platforms/latest/platforms/platform/constant.I686_WRS_VXWORKS.html -[loongarch64-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.LOONGARCH64_UNKNOWN_LINUX_GNU.html -[loongarch64-unknown-none]: https://docs.rs/platforms/latest/platforms/platform/constant.LOONGARCH64_UNKNOWN_NONE.html -[loongarch64-unknown-none-softfloat]: https://docs.rs/platforms/latest/platforms/platform/constant.LOONGARCH64_UNKNOWN_NONE_SOFTFLOAT.html -[m68k-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.M68K_UNKNOWN_LINUX_GNU.html -[mips-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPS_UNKNOWN_LINUX_GNU.html -[mips-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPS_UNKNOWN_LINUX_MUSL.html -[mips-unknown-linux-uclibc]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPS_UNKNOWN_LINUX_UCLIBC.html -[mips64-openwrt-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPS64_OPENWRT_LINUX_MUSL.html -[mips64-unknown-linux-gnuabi64]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPS64_UNKNOWN_LINUX_GNUABI64.html -[mips64-unknown-linux-muslabi64]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPS64_UNKNOWN_LINUX_MUSLABI64.html -[mips64el-unknown-linux-gnuabi64]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPS64EL_UNKNOWN_LINUX_GNUABI64.html -[mips64el-unknown-linux-muslabi64]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPS64EL_UNKNOWN_LINUX_MUSLABI64.html -[mipsel-sony-psp]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSEL_SONY_PSP.html -[mipsel-sony-psx]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSEL_SONY_PSX.html -[mipsel-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSEL_UNKNOWN_LINUX_GNU.html -[mipsel-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSEL_UNKNOWN_LINUX_MUSL.html -[mipsel-unknown-linux-uclibc]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSEL_UNKNOWN_LINUX_UCLIBC.html -[mipsel-unknown-netbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSEL_UNKNOWN_NETBSD.html -[mipsel-unknown-none]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSEL_UNKNOWN_NONE.html -[mipsisa32r6-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSISA32R6_UNKNOWN_LINUX_GNU.html -[mipsisa32r6el-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSISA32R6EL_UNKNOWN_LINUX_GNU.html -[mipsisa64r6-unknown-linux-gnuabi64]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSISA64R6_UNKNOWN_LINUX_GNUABI64.html -[mipsisa64r6el-unknown-linux-gnuabi64]: https://docs.rs/platforms/latest/platforms/platform/constant.MIPSISA64R6EL_UNKNOWN_LINUX_GNUABI64.html -[msp430-none-elf]: https://docs.rs/platforms/latest/platforms/platform/constant.MSP430_NONE_ELF.html -[nvptx64-nvidia-cuda]: https://docs.rs/platforms/latest/platforms/platform/constant.NVPTX64_NVIDIA_CUDA.html -[powerpc-unknown-freebsd]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC_UNKNOWN_FREEBSD.html -[powerpc-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC_UNKNOWN_LINUX_GNU.html -[powerpc-unknown-linux-gnuspe]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC_UNKNOWN_LINUX_GNUSPE.html -[powerpc-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC_UNKNOWN_LINUX_MUSL.html -[powerpc-unknown-netbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC_UNKNOWN_NETBSD.html -[powerpc-unknown-openbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC_UNKNOWN_OPENBSD.html -[powerpc-wrs-vxworks]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC_WRS_VXWORKS.html -[powerpc-wrs-vxworks-spe]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC_WRS_VXWORKS_SPE.html -[powerpc64-ibm-aix]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC64_IBM_AIX.html -[powerpc64-unknown-freebsd]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC64_UNKNOWN_FREEBSD.html -[powerpc64-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC64_UNKNOWN_LINUX_GNU.html -[powerpc64-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC64_UNKNOWN_LINUX_MUSL.html -[powerpc64-unknown-openbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC64_UNKNOWN_OPENBSD.html -[powerpc64-wrs-vxworks]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC64_WRS_VXWORKS.html -[powerpc64le-unknown-freebsd]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC64LE_UNKNOWN_FREEBSD.html -[powerpc64le-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC64LE_UNKNOWN_LINUX_GNU.html -[powerpc64le-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.POWERPC64LE_UNKNOWN_LINUX_MUSL.html -[riscv32gc-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV32GC_UNKNOWN_LINUX_GNU.html -[riscv32gc-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV32GC_UNKNOWN_LINUX_MUSL.html -[riscv32i-unknown-none-elf]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV32I_UNKNOWN_NONE_ELF.html -[riscv32im-unknown-none-elf]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV32IM_UNKNOWN_NONE_ELF.html -[riscv32imac-esp-espidf]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV32IMAC_ESP_ESPIDF.html -[riscv32imac-unknown-none-elf]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV32IMAC_UNKNOWN_NONE_ELF.html -[riscv32imac-unknown-xous-elf]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV32IMAC_UNKNOWN_XOUS_ELF.html -[riscv32imc-esp-espidf]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV32IMC_ESP_ESPIDF.html -[riscv32imc-unknown-none-elf]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV32IMC_UNKNOWN_NONE_ELF.html -[riscv64-linux-android]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64_LINUX_ANDROID.html -[riscv64gc-unknown-freebsd]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64GC_UNKNOWN_FREEBSD.html -[riscv64gc-unknown-fuchsia]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64GC_UNKNOWN_FUCHSIA.html -[riscv64gc-unknown-hermit]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64GC_UNKNOWN_HERMIT.html -[riscv64gc-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64GC_UNKNOWN_LINUX_GNU.html -[riscv64gc-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64GC_UNKNOWN_LINUX_MUSL.html -[riscv64gc-unknown-netbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64GC_UNKNOWN_NETBSD.html -[riscv64gc-unknown-none-elf]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64GC_UNKNOWN_NONE_ELF.html -[riscv64gc-unknown-openbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64GC_UNKNOWN_OPENBSD.html -[riscv64imac-unknown-none-elf]: https://docs.rs/platforms/latest/platforms/platform/constant.RISCV64IMAC_UNKNOWN_NONE_ELF.html -[s390x-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.S390X_UNKNOWN_LINUX_GNU.html -[s390x-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.S390X_UNKNOWN_LINUX_MUSL.html -[sparc-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.SPARC_UNKNOWN_LINUX_GNU.html -[sparc-unknown-none-elf]: https://docs.rs/platforms/latest/platforms/platform/constant.SPARC_UNKNOWN_NONE_ELF.html -[sparc64-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.SPARC64_UNKNOWN_LINUX_GNU.html -[sparc64-unknown-netbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.SPARC64_UNKNOWN_NETBSD.html -[sparc64-unknown-openbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.SPARC64_UNKNOWN_OPENBSD.html -[sparcv9-sun-solaris]: https://docs.rs/platforms/latest/platforms/platform/constant.SPARCV9_SUN_SOLARIS.html -[thumbv4t-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV4T_NONE_EABI.html -[thumbv5te-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV5TE_NONE_EABI.html -[thumbv6m-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV6M_NONE_EABI.html -[thumbv7a-pc-windows-msvc]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV7A_PC_WINDOWS_MSVC.html -[thumbv7a-uwp-windows-msvc]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV7A_UWP_WINDOWS_MSVC.html -[thumbv7em-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV7EM_NONE_EABI.html -[thumbv7em-none-eabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV7EM_NONE_EABIHF.html -[thumbv7m-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV7M_NONE_EABI.html -[thumbv7neon-linux-androideabi]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV7NEON_LINUX_ANDROIDEABI.html -[thumbv7neon-unknown-linux-gnueabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV7NEON_UNKNOWN_LINUX_GNUEABIHF.html -[thumbv7neon-unknown-linux-musleabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV7NEON_UNKNOWN_LINUX_MUSLEABIHF.html -[thumbv8m.base-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV8M.BASE_NONE_EABI.html -[thumbv8m.main-none-eabi]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV8M.MAIN_NONE_EABI.html -[thumbv8m.main-none-eabihf]: https://docs.rs/platforms/latest/platforms/platform/constant.THUMBV8M.MAIN_NONE_EABIHF.html -[wasm32-unknown-emscripten]: https://docs.rs/platforms/latest/platforms/platform/constant.WASM32_UNKNOWN_EMSCRIPTEN.html -[wasm32-unknown-unknown]: https://docs.rs/platforms/latest/platforms/platform/constant.WASM32_UNKNOWN_UNKNOWN.html -[wasm32-wasi]: https://docs.rs/platforms/latest/platforms/platform/constant.WASM32_WASI.html -[wasm32-wasi-preview1-threads]: https://docs.rs/platforms/latest/platforms/platform/constant.WASM32_WASI_PREVIEW1_THREADS.html -[wasm64-unknown-unknown]: https://docs.rs/platforms/latest/platforms/platform/constant.WASM64_UNKNOWN_UNKNOWN.html -[x86_64-apple-darwin]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_APPLE_DARWIN.html -[x86_64-apple-ios]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_APPLE_IOS.html -[x86_64-apple-ios-macabi]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_APPLE_IOS_MACABI.html -[x86_64-apple-tvos]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_APPLE_TVOS.html -[x86_64-apple-watchos-sim]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_APPLE_WATCHOS_SIM.html -[x86_64-fortanix-unknown-sgx]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_FORTANIX_UNKNOWN_SGX.html -[x86_64-fuchsia]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_FUCHSIA.html -[x86_64-linux-android]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_LINUX_ANDROID.html -[x86_64-pc-nto-qnx710]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_PC_NTO_QNX710.html -[x86_64-pc-solaris]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_PC_SOLARIS.html -[x86_64-pc-windows-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_PC_WINDOWS_GNU.html -[x86_64-pc-windows-gnullvm]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_PC_WINDOWS_GNULLVM.html -[x86_64-pc-windows-msvc]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_PC_WINDOWS_MSVC.html -[x86_64-sun-solaris]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_SUN_SOLARIS.html -[x86_64-unikraft-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNIKRAFT_LINUX_MUSL.html -[x86_64-unknown-dragonfly]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_DRAGONFLY.html -[x86_64-unknown-freebsd]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_FREEBSD.html -[x86_64-unknown-fuchsia]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_FUCHSIA.html -[x86_64-unknown-haiku]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_HAIKU.html -[x86_64-unknown-hermit]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_HERMIT.html -[x86_64-unknown-illumos]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_ILLUMOS.html -[x86_64-unknown-l4re-uclibc]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_L4RE_UCLIBC.html -[x86_64-unknown-linux-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_LINUX_GNU.html -[x86_64-unknown-linux-gnux32]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_LINUX_GNUX32.html -[x86_64-unknown-linux-musl]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_LINUX_MUSL.html -[x86_64-unknown-linux-ohos]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_LINUX_OHOS.html -[x86_64-unknown-netbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_NETBSD.html -[x86_64-unknown-none]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_NONE.html -[x86_64-unknown-openbsd]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_OPENBSD.html -[x86_64-unknown-redox]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_REDOX.html -[x86_64-unknown-uefi]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UNKNOWN_UEFI.html -[x86_64-uwp-windows-gnu]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UWP_WINDOWS_GNU.html -[x86_64-uwp-windows-msvc]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_UWP_WINDOWS_MSVC.html -[x86_64-wrs-vxworks]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64_WRS_VXWORKS.html -[x86_64h-apple-darwin]: https://docs.rs/platforms/latest/platforms/platform/constant.X86_64H_APPLE_DARWIN.html diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/error.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/error.rs deleted file mode 100644 index 7f53d1b47d87..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/error.rs +++ /dev/null @@ -1,16 +0,0 @@ -//! Error type - -use core::fmt::{self, Display}; - -/// Error type -#[derive(Clone, Debug, PartialEq, Eq)] -pub struct Error; - -impl Display for Error { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str("platforms error") - } -} - -#[cfg(feature = "std")] -impl std::error::Error for Error {} diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/lib.rs deleted file mode 100644 index 3dba8b5cb010..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/lib.rs +++ /dev/null @@ -1,34 +0,0 @@ -//! Rust platform registry: provides programmatic access to information about valid Rust platforms -//! -//! This crate provides an interface to the platform data canonically sourced -//! from the Rust compiler: -//! -//! -//! -//! ## Minimum Supported Rust Version -//! -//! Rust **1.40** or higher. -//! -//! Minimum supported Rust version can be changed in the future, but it will be -//! done with a minor version bump. - -#![no_std] -#![doc(html_logo_url = "https://raw.githubusercontent.com/RustSec/logos/main/rustsec-logo-lg.png")] -#![forbid(unsafe_code)] -#![warn(missing_docs, unused_qualifications, rust_2018_idioms)] - -#[cfg(feature = "std")] -extern crate std; - -pub(crate) mod error; -pub mod platform; -pub mod target; - -pub use crate::{ - error::Error, - platform::{Platform, Tier}, - target::{Arch, Endian, Env, PointerWidth, OS}, -}; - -#[cfg(feature = "std")] -pub use crate::platform::PlatformReq; diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform.rs deleted file mode 100644 index 4631609ac33f..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform.rs +++ /dev/null @@ -1,131 +0,0 @@ -//! Rust platforms - -mod platforms; - -#[cfg(feature = "std")] -mod req; -mod tier; - -pub use self::tier::Tier; - -#[cfg(feature = "std")] -pub use self::req::PlatformReq; - -use self::platforms::ALL; -use crate::target::*; -use core::fmt; - -/// Rust platforms supported by mainline rustc -/// -/// Sourced from -/// as well as the latest nightly version of `rustc` -#[derive(Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)] -#[non_exhaustive] -pub struct Platform { - /// "Target triple" string uniquely identifying the platform. See: - /// - /// - /// These are defined in the `rustc_target` crate of the Rust compiler: - /// - pub target_triple: &'static str, - - /// Target architecture `cfg` attribute (i.e. `cfg(target_arch)`) - pub target_arch: Arch, - - /// Target OS `cfg` attribute (i.e. `cfg(target_os)`). - pub target_os: OS, - - /// Target environment `cfg` attribute (i.e. `cfg(target_env)`). - /// Only used when needed for disambiguation, e.g. on many GNU platforms - /// this value will be `None`. - pub target_env: Env, - - /// Target pointer width `cfg` attribute, in bits (i.e. `cfg(target_pointer_width)`). - /// Typically 64 on modern platforms, 32 on older platforms, 16 on some microcontrollers. - pub target_pointer_width: PointerWidth, - - /// Target [endianness](https://en.wikipedia.org/wiki/Endianness) `cfg` attribute (i.e. `cfg(target_endian)`). - /// Set to "little" on the vast majority of modern platforms. - pub target_endian: Endian, - - /// Tier of this platform: - /// - /// - `Tier::One`: guaranteed to work - /// - `Tier::Two`: guaranteed to build - /// - `Tier::Three`: unofficially supported with no guarantees - pub tier: Tier, -} - -impl Platform { - /// All valid Rust platforms usable from the mainline compiler. - /// - /// Note that this list will evolve over time, and platforms will be both added and removed. - pub const ALL: &'static [Platform] = ALL; - - /// Find a Rust platform by its "target triple", e.g. `i686-apple-darwin` - pub fn find(target_triple: &str) -> Option<&'static Platform> { - Self::ALL - .iter() - .find(|platform| platform.target_triple == target_triple) - } -} - -impl fmt::Display for Platform { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str(self.target_triple) - } -} - -#[cfg(all(test, feature = "std"))] -mod tests { - use super::Platform; - use std::collections::HashSet; - - /// Ensure there are no duplicate target triples in the platforms list - #[test] - fn no_dupes_test() { - let mut target_triples = HashSet::new(); - - for platform in Platform::ALL { - assert!( - target_triples.insert(platform.target_triple), - "duplicate target triple: {}", - platform.target_triple - ); - } - } - - use std::collections::HashMap; - - use super::*; - - /// `platforms` v2.0 used to provide various constants passed as `cfg` values, - /// and attempted to detect the target triple based on that. - /// This test is meant to check whether such detection can be accurate. - /// - /// Turns out that as of v3.0 this is infeasible, - /// even though the list of supported cfg values was expanded. - /// - /// I have also verified that no possible expansion of the supported cfg fields - /// will lets uniquely identify the platform based on cfg values using a shell script: - /// `rustc --print=target-list | parallel 'rustc --print=cfg --target={} > ./{}'; fdupes` - #[test] - #[ignore] - fn test_detection_feasibility() { - let mut all_platforms = HashMap::new(); - for p in ALL { - if let Some(other_p) = all_platforms.insert( - ( - p.target_arch, - p.target_os, - p.target_env, - p.target_endian, - p.target_pointer_width, - ), - p.target_triple, - ) { - panic!("{} and {} have identical properties, and cannot be distinguished based on properties alone", p.target_triple, other_p); - } - } - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/platforms.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/platforms.rs deleted file mode 100644 index 9c60611d7ce0..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/platforms.rs +++ /dev/null @@ -1,2670 +0,0 @@ -//! The list of targets. - -// Note: this file is auto-generated. Do not edit it manually! -// If you need to referesh it, re-run the generator included in the source tree. - -// Comments on targets are sourced from -// https://doc.rust-lang.org/nightly/rustc/platform-support.html -// and some of the more obscure targets do not have a comment on them -#![allow(missing_docs)] - -use crate::{ - platform::{Platform, Tier}, - target::{Arch, Endian, Env, PointerWidth, OS}, -}; - -/// The list of all targets recognized by the Rust compiler -pub(crate) const ALL: &[Platform] = &[ - AARCH64_APPLE_DARWIN, - AARCH64_APPLE_IOS, - AARCH64_APPLE_IOS_MACABI, - AARCH64_APPLE_IOS_SIM, - AARCH64_APPLE_TVOS, - AARCH64_APPLE_TVOS_SIM, - AARCH64_APPLE_WATCHOS_SIM, - AARCH64_FUCHSIA, - AARCH64_KMC_SOLID_ASP3, - AARCH64_LINUX_ANDROID, - AARCH64_NINTENDO_SWITCH_FREESTANDING, - AARCH64_PC_WINDOWS_GNULLVM, - AARCH64_PC_WINDOWS_MSVC, - AARCH64_UNKNOWN_FREEBSD, - AARCH64_UNKNOWN_FUCHSIA, - AARCH64_UNKNOWN_HERMIT, - AARCH64_UNKNOWN_LINUX_GNU, - AARCH64_UNKNOWN_LINUX_GNU_ILP32, - AARCH64_UNKNOWN_LINUX_MUSL, - AARCH64_UNKNOWN_LINUX_OHOS, - AARCH64_UNKNOWN_NETBSD, - AARCH64_UNKNOWN_NONE, - AARCH64_UNKNOWN_NONE_SOFTFLOAT, - AARCH64_UNKNOWN_NTO_QNX710, - AARCH64_UNKNOWN_OPENBSD, - AARCH64_UNKNOWN_REDOX, - AARCH64_UNKNOWN_TEEOS, - AARCH64_UNKNOWN_UEFI, - AARCH64_UWP_WINDOWS_MSVC, - AARCH64_WRS_VXWORKS, - AARCH64_BE_UNKNOWN_LINUX_GNU, - AARCH64_BE_UNKNOWN_LINUX_GNU_ILP32, - AARCH64_BE_UNKNOWN_NETBSD, - ARM_LINUX_ANDROIDEABI, - ARM_UNKNOWN_LINUX_GNUEABI, - ARM_UNKNOWN_LINUX_GNUEABIHF, - ARM_UNKNOWN_LINUX_MUSLEABI, - ARM_UNKNOWN_LINUX_MUSLEABIHF, - ARM64_32_APPLE_WATCHOS, - ARMEB_UNKNOWN_LINUX_GNUEABI, - ARMEBV7R_NONE_EABI, - ARMEBV7R_NONE_EABIHF, - ARMV4T_NONE_EABI, - ARMV4T_UNKNOWN_LINUX_GNUEABI, - ARMV5TE_NONE_EABI, - ARMV5TE_UNKNOWN_LINUX_GNUEABI, - ARMV5TE_UNKNOWN_LINUX_MUSLEABI, - ARMV5TE_UNKNOWN_LINUX_UCLIBCEABI, - ARMV6_UNKNOWN_FREEBSD, - ARMV6_UNKNOWN_NETBSD_EABIHF, - ARMV6K_NINTENDO_3DS, - ARMV7_LINUX_ANDROIDEABI, - ARMV7_SONY_VITA_NEWLIBEABIHF, - ARMV7_UNKNOWN_FREEBSD, - ARMV7_UNKNOWN_LINUX_GNUEABI, - ARMV7_UNKNOWN_LINUX_GNUEABIHF, - ARMV7_UNKNOWN_LINUX_MUSLEABI, - ARMV7_UNKNOWN_LINUX_MUSLEABIHF, - ARMV7_UNKNOWN_LINUX_OHOS, - ARMV7_UNKNOWN_LINUX_UCLIBCEABI, - ARMV7_UNKNOWN_LINUX_UCLIBCEABIHF, - ARMV7_UNKNOWN_NETBSD_EABIHF, - ARMV7_WRS_VXWORKS_EABIHF, - ARMV7A_KMC_SOLID_ASP3_EABI, - ARMV7A_KMC_SOLID_ASP3_EABIHF, - ARMV7A_NONE_EABI, - ARMV7A_NONE_EABIHF, - ARMV7K_APPLE_WATCHOS, - ARMV7R_NONE_EABI, - ARMV7R_NONE_EABIHF, - ARMV7S_APPLE_IOS, - ASMJS_UNKNOWN_EMSCRIPTEN, - AVR_UNKNOWN_GNU_ATMEGA328, - BPFEB_UNKNOWN_NONE, - BPFEL_UNKNOWN_NONE, - CSKY_UNKNOWN_LINUX_GNUABIV2, - CSKY_UNKNOWN_LINUX_GNUABIV2HF, - HEXAGON_UNKNOWN_LINUX_MUSL, - I386_APPLE_IOS, - I586_PC_NTO_QNX700, - I586_PC_WINDOWS_MSVC, - I586_UNKNOWN_LINUX_GNU, - I586_UNKNOWN_LINUX_MUSL, - I586_UNKNOWN_NETBSD, - I686_APPLE_DARWIN, - I686_LINUX_ANDROID, - I686_PC_WINDOWS_GNU, - I686_PC_WINDOWS_GNULLVM, - I686_PC_WINDOWS_MSVC, - I686_UNKNOWN_FREEBSD, - I686_UNKNOWN_HAIKU, - I686_UNKNOWN_HURD_GNU, - I686_UNKNOWN_LINUX_GNU, - I686_UNKNOWN_LINUX_MUSL, - I686_UNKNOWN_NETBSD, - I686_UNKNOWN_OPENBSD, - I686_UNKNOWN_UEFI, - I686_UWP_WINDOWS_GNU, - I686_UWP_WINDOWS_MSVC, - I686_WRS_VXWORKS, - LOONGARCH64_UNKNOWN_LINUX_GNU, - LOONGARCH64_UNKNOWN_NONE, - LOONGARCH64_UNKNOWN_NONE_SOFTFLOAT, - M68K_UNKNOWN_LINUX_GNU, - MIPS_UNKNOWN_LINUX_GNU, - MIPS_UNKNOWN_LINUX_MUSL, - MIPS_UNKNOWN_LINUX_UCLIBC, - MIPS64_OPENWRT_LINUX_MUSL, - MIPS64_UNKNOWN_LINUX_GNUABI64, - MIPS64_UNKNOWN_LINUX_MUSLABI64, - MIPS64EL_UNKNOWN_LINUX_GNUABI64, - MIPS64EL_UNKNOWN_LINUX_MUSLABI64, - MIPSEL_SONY_PSP, - MIPSEL_SONY_PSX, - MIPSEL_UNKNOWN_LINUX_GNU, - MIPSEL_UNKNOWN_LINUX_MUSL, - MIPSEL_UNKNOWN_LINUX_UCLIBC, - MIPSEL_UNKNOWN_NETBSD, - MIPSEL_UNKNOWN_NONE, - MIPSISA32R6_UNKNOWN_LINUX_GNU, - MIPSISA32R6EL_UNKNOWN_LINUX_GNU, - MIPSISA64R6_UNKNOWN_LINUX_GNUABI64, - MIPSISA64R6EL_UNKNOWN_LINUX_GNUABI64, - MSP430_NONE_ELF, - NVPTX64_NVIDIA_CUDA, - POWERPC_UNKNOWN_FREEBSD, - POWERPC_UNKNOWN_LINUX_GNU, - POWERPC_UNKNOWN_LINUX_GNUSPE, - POWERPC_UNKNOWN_LINUX_MUSL, - POWERPC_UNKNOWN_NETBSD, - POWERPC_UNKNOWN_OPENBSD, - POWERPC_WRS_VXWORKS, - POWERPC_WRS_VXWORKS_SPE, - POWERPC64_IBM_AIX, - POWERPC64_UNKNOWN_FREEBSD, - POWERPC64_UNKNOWN_LINUX_GNU, - POWERPC64_UNKNOWN_LINUX_MUSL, - POWERPC64_UNKNOWN_OPENBSD, - POWERPC64_WRS_VXWORKS, - POWERPC64LE_UNKNOWN_FREEBSD, - POWERPC64LE_UNKNOWN_LINUX_GNU, - POWERPC64LE_UNKNOWN_LINUX_MUSL, - RISCV32GC_UNKNOWN_LINUX_GNU, - RISCV32GC_UNKNOWN_LINUX_MUSL, - RISCV32I_UNKNOWN_NONE_ELF, - RISCV32IM_UNKNOWN_NONE_ELF, - RISCV32IMAC_ESP_ESPIDF, - RISCV32IMAC_UNKNOWN_NONE_ELF, - RISCV32IMAC_UNKNOWN_XOUS_ELF, - RISCV32IMC_ESP_ESPIDF, - RISCV32IMC_UNKNOWN_NONE_ELF, - RISCV64_LINUX_ANDROID, - RISCV64GC_UNKNOWN_FREEBSD, - RISCV64GC_UNKNOWN_FUCHSIA, - RISCV64GC_UNKNOWN_HERMIT, - RISCV64GC_UNKNOWN_LINUX_GNU, - RISCV64GC_UNKNOWN_LINUX_MUSL, - RISCV64GC_UNKNOWN_NETBSD, - RISCV64GC_UNKNOWN_NONE_ELF, - RISCV64GC_UNKNOWN_OPENBSD, - RISCV64IMAC_UNKNOWN_NONE_ELF, - S390X_UNKNOWN_LINUX_GNU, - S390X_UNKNOWN_LINUX_MUSL, - SPARC_UNKNOWN_LINUX_GNU, - SPARC_UNKNOWN_NONE_ELF, - SPARC64_UNKNOWN_LINUX_GNU, - SPARC64_UNKNOWN_NETBSD, - SPARC64_UNKNOWN_OPENBSD, - SPARCV9_SUN_SOLARIS, - THUMBV4T_NONE_EABI, - THUMBV5TE_NONE_EABI, - THUMBV6M_NONE_EABI, - THUMBV7A_PC_WINDOWS_MSVC, - THUMBV7A_UWP_WINDOWS_MSVC, - THUMBV7EM_NONE_EABI, - THUMBV7EM_NONE_EABIHF, - THUMBV7M_NONE_EABI, - THUMBV7NEON_LINUX_ANDROIDEABI, - THUMBV7NEON_UNKNOWN_LINUX_GNUEABIHF, - THUMBV7NEON_UNKNOWN_LINUX_MUSLEABIHF, - THUMBV8M_BASE_NONE_EABI, - THUMBV8M_MAIN_NONE_EABI, - THUMBV8M_MAIN_NONE_EABIHF, - WASM32_UNKNOWN_EMSCRIPTEN, - WASM32_UNKNOWN_UNKNOWN, - WASM32_WASI, - WASM32_WASI_PREVIEW1_THREADS, - WASM64_UNKNOWN_UNKNOWN, - X86_64_APPLE_DARWIN, - X86_64_APPLE_IOS, - X86_64_APPLE_IOS_MACABI, - X86_64_APPLE_TVOS, - X86_64_APPLE_WATCHOS_SIM, - X86_64_FORTANIX_UNKNOWN_SGX, - X86_64_FUCHSIA, - X86_64_LINUX_ANDROID, - X86_64_PC_NTO_QNX710, - X86_64_PC_SOLARIS, - X86_64_PC_WINDOWS_GNU, - X86_64_PC_WINDOWS_GNULLVM, - X86_64_PC_WINDOWS_MSVC, - X86_64_SUN_SOLARIS, - X86_64_UNIKRAFT_LINUX_MUSL, - X86_64_UNKNOWN_DRAGONFLY, - X86_64_UNKNOWN_FREEBSD, - X86_64_UNKNOWN_FUCHSIA, - X86_64_UNKNOWN_HAIKU, - X86_64_UNKNOWN_HERMIT, - X86_64_UNKNOWN_ILLUMOS, - X86_64_UNKNOWN_L4RE_UCLIBC, - X86_64_UNKNOWN_LINUX_GNU, - X86_64_UNKNOWN_LINUX_GNUX32, - X86_64_UNKNOWN_LINUX_MUSL, - X86_64_UNKNOWN_LINUX_OHOS, - X86_64_UNKNOWN_NETBSD, - X86_64_UNKNOWN_NONE, - X86_64_UNKNOWN_OPENBSD, - X86_64_UNKNOWN_REDOX, - X86_64_UNKNOWN_UEFI, - X86_64_UWP_WINDOWS_GNU, - X86_64_UWP_WINDOWS_MSVC, - X86_64_WRS_VXWORKS, - X86_64H_APPLE_DARWIN, -]; - -/// ARM64 macOS (11.0+, Big Sur+) -pub(crate) const AARCH64_APPLE_DARWIN: Platform = Platform { - target_triple: "aarch64-apple-darwin", - target_arch: Arch::AArch64, - target_os: OS::MacOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// ARM64 iOS -pub(crate) const AARCH64_APPLE_IOS: Platform = Platform { - target_triple: "aarch64-apple-ios", - target_arch: Arch::AArch64, - target_os: OS::iOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// Apple Catalyst on ARM64 -pub(crate) const AARCH64_APPLE_IOS_MACABI: Platform = Platform { - target_triple: "aarch64-apple-ios-macabi", - target_arch: Arch::AArch64, - target_os: OS::iOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// Apple iOS Simulator on ARM64 -pub(crate) const AARCH64_APPLE_IOS_SIM: Platform = Platform { - target_triple: "aarch64-apple-ios-sim", - target_arch: Arch::AArch64, - target_os: OS::iOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// ARM64 tvOS -pub(crate) const AARCH64_APPLE_TVOS: Platform = Platform { - target_triple: "aarch64-apple-tvos", - target_arch: Arch::AArch64, - target_os: OS::TvOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 tvOS Simulator -pub(crate) const AARCH64_APPLE_TVOS_SIM: Platform = Platform { - target_triple: "aarch64-apple-tvos-sim", - target_arch: Arch::AArch64, - target_os: OS::TvOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 Apple WatchOS Simulator -pub(crate) const AARCH64_APPLE_WATCHOS_SIM: Platform = Platform { - target_triple: "aarch64-apple-watchos-sim", - target_arch: Arch::AArch64, - target_os: OS::WatchOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// Alias for `aarch64-unknown-fuchsia` -pub(crate) const AARCH64_FUCHSIA: Platform = Platform { - target_triple: "aarch64-fuchsia", - target_arch: Arch::AArch64, - target_os: OS::Fuchsia, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// ARM64 SOLID with TOPPERS/ASP3 -pub(crate) const AARCH64_KMC_SOLID_ASP3: Platform = Platform { - target_triple: "aarch64-kmc-solid_asp3", - target_arch: Arch::AArch64, - target_os: OS::SolidAsp3, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 Android -pub(crate) const AARCH64_LINUX_ANDROID: Platform = Platform { - target_triple: "aarch64-linux-android", - target_arch: Arch::AArch64, - target_os: OS::Android, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// ARM64 Nintendo Switch, Horizon -pub(crate) const AARCH64_NINTENDO_SWITCH_FREESTANDING: Platform = Platform { - target_triple: "aarch64-nintendo-switch-freestanding", - target_arch: Arch::AArch64, - target_os: OS::Horizon, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -pub(crate) const AARCH64_PC_WINDOWS_GNULLVM: Platform = Platform { - target_triple: "aarch64-pc-windows-gnullvm", - target_arch: Arch::AArch64, - target_os: OS::Windows, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 Windows MSVC -pub(crate) const AARCH64_PC_WINDOWS_MSVC: Platform = Platform { - target_triple: "aarch64-pc-windows-msvc", - target_arch: Arch::AArch64, - target_os: OS::Windows, - target_env: Env::Msvc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// ARM64 FreeBSD -pub(crate) const AARCH64_UNKNOWN_FREEBSD: Platform = Platform { - target_triple: "aarch64-unknown-freebsd", - target_arch: Arch::AArch64, - target_os: OS::FreeBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 Fuchsia -pub(crate) const AARCH64_UNKNOWN_FUCHSIA: Platform = Platform { - target_triple: "aarch64-unknown-fuchsia", - target_arch: Arch::AArch64, - target_os: OS::Fuchsia, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// ARM64 Hermit -pub(crate) const AARCH64_UNKNOWN_HERMIT: Platform = Platform { - target_triple: "aarch64-unknown-hermit", - target_arch: Arch::AArch64, - target_os: OS::Hermit, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 Linux (kernel 4.1, glibc 2.17+) [^missing-stack-probes] -pub(crate) const AARCH64_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "aarch64-unknown-linux-gnu", - target_arch: Arch::AArch64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::One, -}; - -/// ARM64 Linux (ILP32 ABI) -pub(crate) const AARCH64_UNKNOWN_LINUX_GNU_ILP32: Platform = Platform { - target_triple: "aarch64-unknown-linux-gnu_ilp32", - target_arch: Arch::AArch64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARM64 Linux with MUSL -pub(crate) const AARCH64_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "aarch64-unknown-linux-musl", - target_arch: Arch::AArch64, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -pub(crate) const AARCH64_UNKNOWN_LINUX_OHOS: Platform = Platform { - target_triple: "aarch64-unknown-linux-ohos", - target_arch: Arch::AArch64, - target_os: OS::Linux, - target_env: Env::OhOS, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 NetBSD -pub(crate) const AARCH64_UNKNOWN_NETBSD: Platform = Platform { - target_triple: "aarch64-unknown-netbsd", - target_arch: Arch::AArch64, - target_os: OS::NetBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// Bare ARM64, hardfloat -pub(crate) const AARCH64_UNKNOWN_NONE: Platform = Platform { - target_triple: "aarch64-unknown-none", - target_arch: Arch::AArch64, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// Bare ARM64, softfloat -pub(crate) const AARCH64_UNKNOWN_NONE_SOFTFLOAT: Platform = Platform { - target_triple: "aarch64-unknown-none-softfloat", - target_arch: Arch::AArch64, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -pub(crate) const AARCH64_UNKNOWN_NTO_QNX710: Platform = Platform { - target_triple: "aarch64-unknown-nto-qnx710", - target_arch: Arch::AArch64, - target_os: OS::Nto, - target_env: Env::Nto71, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 OpenBSD -pub(crate) const AARCH64_UNKNOWN_OPENBSD: Platform = Platform { - target_triple: "aarch64-unknown-openbsd", - target_arch: Arch::AArch64, - target_os: OS::OpenBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 Redox OS -pub(crate) const AARCH64_UNKNOWN_REDOX: Platform = Platform { - target_triple: "aarch64-unknown-redox", - target_arch: Arch::AArch64, - target_os: OS::Redox, - target_env: Env::Relibc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -pub(crate) const AARCH64_UNKNOWN_TEEOS: Platform = Platform { - target_triple: "aarch64-unknown-teeos", - target_arch: Arch::AArch64, - target_os: OS::TeeOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 UEFI -pub(crate) const AARCH64_UNKNOWN_UEFI: Platform = Platform { - target_triple: "aarch64-unknown-uefi", - target_arch: Arch::AArch64, - target_os: OS::Uefi, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -pub(crate) const AARCH64_UWP_WINDOWS_MSVC: Platform = Platform { - target_triple: "aarch64-uwp-windows-msvc", - target_arch: Arch::AArch64, - target_os: OS::Windows, - target_env: Env::Msvc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -pub(crate) const AARCH64_WRS_VXWORKS: Platform = Platform { - target_triple: "aarch64-wrs-vxworks", - target_arch: Arch::AArch64, - target_os: OS::VxWorks, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 Linux (big-endian) -pub(crate) const AARCH64_BE_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "aarch64_be-unknown-linux-gnu", - target_arch: Arch::AArch64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARM64 Linux (big-endian, ILP32 ABI) -pub(crate) const AARCH64_BE_UNKNOWN_LINUX_GNU_ILP32: Platform = Platform { - target_triple: "aarch64_be-unknown-linux-gnu_ilp32", - target_arch: Arch::AArch64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARM64 NetBSD (big-endian) -pub(crate) const AARCH64_BE_UNKNOWN_NETBSD: Platform = Platform { - target_triple: "aarch64_be-unknown-netbsd", - target_arch: Arch::AArch64, - target_os: OS::NetBSD, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// ARMv6 Android -pub(crate) const ARM_LINUX_ANDROIDEABI: Platform = Platform { - target_triple: "arm-linux-androideabi", - target_arch: Arch::Arm, - target_os: OS::Android, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv6 Linux (kernel 3.2, glibc 2.17) -pub(crate) const ARM_UNKNOWN_LINUX_GNUEABI: Platform = Platform { - target_triple: "arm-unknown-linux-gnueabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv6 Linux, hardfloat (kernel 3.2, glibc 2.17) -pub(crate) const ARM_UNKNOWN_LINUX_GNUEABIHF: Platform = Platform { - target_triple: "arm-unknown-linux-gnueabihf", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv6 Linux with MUSL -pub(crate) const ARM_UNKNOWN_LINUX_MUSLEABI: Platform = Platform { - target_triple: "arm-unknown-linux-musleabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv6 Linux with MUSL, hardfloat -pub(crate) const ARM_UNKNOWN_LINUX_MUSLEABIHF: Platform = Platform { - target_triple: "arm-unknown-linux-musleabihf", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARM Apple WatchOS 64-bit with 32-bit pointers -pub(crate) const ARM64_32_APPLE_WATCHOS: Platform = Platform { - target_triple: "arm64_32-apple-watchos", - target_arch: Arch::AArch64, - target_os: OS::WatchOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARM BE8 the default ARM big-endian architecture since [ARMv6](https://developer.arm.com/documentation/101754/0616/armlink-Reference/armlink-Command-line-Options/--be8?lang=en). -pub(crate) const ARMEB_UNKNOWN_LINUX_GNUEABI: Platform = Platform { - target_triple: "armeb-unknown-linux-gnueabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare ARMv7-R, Big Endian -pub(crate) const ARMEBV7R_NONE_EABI: Platform = Platform { - target_triple: "armebv7r-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Bare ARMv7-R, Big Endian, hardfloat -pub(crate) const ARMEBV7R_NONE_EABIHF: Platform = Platform { - target_triple: "armebv7r-none-eabihf", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Bare ARMv4T -pub(crate) const ARMV4T_NONE_EABI: Platform = Platform { - target_triple: "armv4t-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv4T Linux -pub(crate) const ARMV4T_UNKNOWN_LINUX_GNUEABI: Platform = Platform { - target_triple: "armv4t-unknown-linux-gnueabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare ARMv5TE -pub(crate) const ARMV5TE_NONE_EABI: Platform = Platform { - target_triple: "armv5te-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv5TE Linux (kernel 4.4, glibc 2.23) -pub(crate) const ARMV5TE_UNKNOWN_LINUX_GNUEABI: Platform = Platform { - target_triple: "armv5te-unknown-linux-gnueabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv5TE Linux with MUSL -pub(crate) const ARMV5TE_UNKNOWN_LINUX_MUSLEABI: Platform = Platform { - target_triple: "armv5te-unknown-linux-musleabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv5TE Linux with uClibc -pub(crate) const ARMV5TE_UNKNOWN_LINUX_UCLIBCEABI: Platform = Platform { - target_triple: "armv5te-unknown-linux-uclibceabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::UClibc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv6 FreeBSD -pub(crate) const ARMV6_UNKNOWN_FREEBSD: Platform = Platform { - target_triple: "armv6-unknown-freebsd", - target_arch: Arch::Arm, - target_os: OS::FreeBSD, - target_env: Env::Gnueabihf, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv6 NetBSD w/hard-float -pub(crate) const ARMV6_UNKNOWN_NETBSD_EABIHF: Platform = Platform { - target_triple: "armv6-unknown-netbsd-eabihf", - target_arch: Arch::Arm, - target_os: OS::NetBSD, - target_env: Env::Eabihf, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv6K Nintendo 3DS, Horizon (Requires devkitARM toolchain) -pub(crate) const ARMV6K_NINTENDO_3DS: Platform = Platform { - target_triple: "armv6k-nintendo-3ds", - target_arch: Arch::Arm, - target_os: OS::Horizon, - target_env: Env::Newlib, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv7-A Android -pub(crate) const ARMV7_LINUX_ANDROIDEABI: Platform = Platform { - target_triple: "armv7-linux-androideabi", - target_arch: Arch::Arm, - target_os: OS::Android, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv7-A Cortex-A9 Sony PlayStation Vita (requires VITASDK toolchain) -pub(crate) const ARMV7_SONY_VITA_NEWLIBEABIHF: Platform = Platform { - target_triple: "armv7-sony-vita-newlibeabihf", - target_arch: Arch::Arm, - target_os: OS::Vita, - target_env: Env::Newlib, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv7-A FreeBSD -pub(crate) const ARMV7_UNKNOWN_FREEBSD: Platform = Platform { - target_triple: "armv7-unknown-freebsd", - target_arch: Arch::Arm, - target_os: OS::FreeBSD, - target_env: Env::Gnueabihf, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv7-A Linux (kernel 4.15, glibc 2.27) -pub(crate) const ARMV7_UNKNOWN_LINUX_GNUEABI: Platform = Platform { - target_triple: "armv7-unknown-linux-gnueabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv7-A Linux, hardfloat (kernel 3.2, glibc 2.17) -pub(crate) const ARMV7_UNKNOWN_LINUX_GNUEABIHF: Platform = Platform { - target_triple: "armv7-unknown-linux-gnueabihf", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv7-A Linux with MUSL -pub(crate) const ARMV7_UNKNOWN_LINUX_MUSLEABI: Platform = Platform { - target_triple: "armv7-unknown-linux-musleabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv7-A Linux with MUSL, hardfloat -pub(crate) const ARMV7_UNKNOWN_LINUX_MUSLEABIHF: Platform = Platform { - target_triple: "armv7-unknown-linux-musleabihf", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -pub(crate) const ARMV7_UNKNOWN_LINUX_OHOS: Platform = Platform { - target_triple: "armv7-unknown-linux-ohos", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::OhOS, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv7-A Linux with uClibc, softfloat -pub(crate) const ARMV7_UNKNOWN_LINUX_UCLIBCEABI: Platform = Platform { - target_triple: "armv7-unknown-linux-uclibceabi", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::UClibc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv7-A Linux with uClibc, hardfloat -pub(crate) const ARMV7_UNKNOWN_LINUX_UCLIBCEABIHF: Platform = Platform { - target_triple: "armv7-unknown-linux-uclibceabihf", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::UClibc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv7-A NetBSD w/hard-float -pub(crate) const ARMV7_UNKNOWN_NETBSD_EABIHF: Platform = Platform { - target_triple: "armv7-unknown-netbsd-eabihf", - target_arch: Arch::Arm, - target_os: OS::NetBSD, - target_env: Env::Eabihf, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv7-A for VxWorks -pub(crate) const ARMV7_WRS_VXWORKS_EABIHF: Platform = Platform { - target_triple: "armv7-wrs-vxworks-eabihf", - target_arch: Arch::Arm, - target_os: OS::VxWorks, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARM SOLID with TOPPERS/ASP3 -pub(crate) const ARMV7A_KMC_SOLID_ASP3_EABI: Platform = Platform { - target_triple: "armv7a-kmc-solid_asp3-eabi", - target_arch: Arch::Arm, - target_os: OS::SolidAsp3, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARM SOLID with TOPPERS/ASP3, hardfloat -pub(crate) const ARMV7A_KMC_SOLID_ASP3_EABIHF: Platform = Platform { - target_triple: "armv7a-kmc-solid_asp3-eabihf", - target_arch: Arch::Arm, - target_os: OS::SolidAsp3, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare ARMv7-A -pub(crate) const ARMV7A_NONE_EABI: Platform = Platform { - target_triple: "armv7a-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Bare ARMv7-A, hardfloat -pub(crate) const ARMV7A_NONE_EABIHF: Platform = Platform { - target_triple: "armv7a-none-eabihf", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// ARMv7-A Apple WatchOS -pub(crate) const ARMV7K_APPLE_WATCHOS: Platform = Platform { - target_triple: "armv7k-apple-watchos", - target_arch: Arch::Arm, - target_os: OS::WatchOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare ARMv7-R -pub(crate) const ARMV7R_NONE_EABI: Platform = Platform { - target_triple: "armv7r-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Bare ARMv7-R, hardfloat -pub(crate) const ARMV7R_NONE_EABIHF: Platform = Platform { - target_triple: "armv7r-none-eabihf", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// ARMv7-A Apple-A6 Apple iOS -pub(crate) const ARMV7S_APPLE_IOS: Platform = Platform { - target_triple: "armv7s-apple-ios", - target_arch: Arch::Arm, - target_os: OS::iOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// asm.js via Emscripten -pub(crate) const ASMJS_UNKNOWN_EMSCRIPTEN: Platform = Platform { - target_triple: "asmjs-unknown-emscripten", - target_arch: Arch::Wasm32, - target_os: OS::Emscripten, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// AVR. Requires `-Z build-std=core` -pub(crate) const AVR_UNKNOWN_GNU_ATMEGA328: Platform = Platform { - target_triple: "avr-unknown-gnu-atmega328", - target_arch: Arch::Avr, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U16, - tier: Tier::Three, -}; - -/// BPF (big endian) -pub(crate) const BPFEB_UNKNOWN_NONE: Platform = Platform { - target_triple: "bpfeb-unknown-none", - target_arch: Arch::Bpf, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// BPF (little endian) -pub(crate) const BPFEL_UNKNOWN_NONE: Platform = Platform { - target_triple: "bpfel-unknown-none", - target_arch: Arch::Bpf, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// C-SKY abiv2 Linux (little endian) -pub(crate) const CSKY_UNKNOWN_LINUX_GNUABIV2: Platform = Platform { - target_triple: "csky-unknown-linux-gnuabiv2", - target_arch: Arch::Csky, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// C-SKY abiv2 Linux, hardfloat (little endian) -pub(crate) const CSKY_UNKNOWN_LINUX_GNUABIV2HF: Platform = Platform { - target_triple: "csky-unknown-linux-gnuabiv2hf", - target_arch: Arch::Csky, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -pub(crate) const HEXAGON_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "hexagon-unknown-linux-musl", - target_arch: Arch::Hexagon, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit x86 iOS [^x86_32-floats-return-ABI] -pub(crate) const I386_APPLE_IOS: Platform = Platform { - target_triple: "i386-apple-ios", - target_arch: Arch::X86, - target_os: OS::iOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit x86 QNX Neutrino 7.0 RTOS [^x86_32-floats-return-ABI] -pub(crate) const I586_PC_NTO_QNX700: Platform = Platform { - target_triple: "i586-pc-nto-qnx700", - target_arch: Arch::X86, - target_os: OS::Nto, - target_env: Env::Nto70, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit Windows w/o SSE [^x86_32-floats-x87] -pub(crate) const I586_PC_WINDOWS_MSVC: Platform = Platform { - target_triple: "i586-pc-windows-msvc", - target_arch: Arch::X86, - target_os: OS::Windows, - target_env: Env::Msvc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// 32-bit Linux w/o SSE (kernel 3.2, glibc 2.17) [^x86_32-floats-x87] -pub(crate) const I586_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "i586-unknown-linux-gnu", - target_arch: Arch::X86, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// 32-bit Linux w/o SSE, MUSL [^x86_32-floats-x87] -pub(crate) const I586_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "i586-unknown-linux-musl", - target_arch: Arch::X86, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// 32-bit x86, restricted to Pentium -pub(crate) const I586_UNKNOWN_NETBSD: Platform = Platform { - target_triple: "i586-unknown-netbsd", - target_arch: Arch::X86, - target_os: OS::NetBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// 32-bit macOS (10.12+, Sierra+) [^x86_32-floats-return-ABI] -pub(crate) const I686_APPLE_DARWIN: Platform = Platform { - target_triple: "i686-apple-darwin", - target_arch: Arch::X86, - target_os: OS::MacOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit x86 Android [^x86_32-floats-return-ABI] -pub(crate) const I686_LINUX_ANDROID: Platform = Platform { - target_triple: "i686-linux-android", - target_arch: Arch::X86, - target_os: OS::Android, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// 32-bit MinGW (Windows 7+) [^windows-support] [^x86_32-floats-return-ABI] -pub(crate) const I686_PC_WINDOWS_GNU: Platform = Platform { - target_triple: "i686-pc-windows-gnu", - target_arch: Arch::X86, - target_os: OS::Windows, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::One, -}; - -/// [^x86_32-floats-return-ABI] -pub(crate) const I686_PC_WINDOWS_GNULLVM: Platform = Platform { - target_triple: "i686-pc-windows-gnullvm", - target_arch: Arch::X86, - target_os: OS::Windows, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit MSVC (Windows 7+) [^windows-support] [^x86_32-floats-return-ABI] -pub(crate) const I686_PC_WINDOWS_MSVC: Platform = Platform { - target_triple: "i686-pc-windows-msvc", - target_arch: Arch::X86, - target_os: OS::Windows, - target_env: Env::Msvc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::One, -}; - -/// 32-bit FreeBSD [^x86_32-floats-return-ABI] -pub(crate) const I686_UNKNOWN_FREEBSD: Platform = Platform { - target_triple: "i686-unknown-freebsd", - target_arch: Arch::X86, - target_os: OS::FreeBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// 32-bit Haiku [^x86_32-floats-return-ABI] -pub(crate) const I686_UNKNOWN_HAIKU: Platform = Platform { - target_triple: "i686-unknown-haiku", - target_arch: Arch::X86, - target_os: OS::Haiku, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit GNU/Hurd [^x86_32-floats-return-ABI] -pub(crate) const I686_UNKNOWN_HURD_GNU: Platform = Platform { - target_triple: "i686-unknown-hurd-gnu", - target_arch: Arch::X86, - target_os: OS::Hurd, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit Linux (kernel 3.2+, glibc 2.17+) [^x86_32-floats-return-ABI] -pub(crate) const I686_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "i686-unknown-linux-gnu", - target_arch: Arch::X86, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::One, -}; - -/// 32-bit Linux with MUSL [^x86_32-floats-return-ABI] -pub(crate) const I686_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "i686-unknown-linux-musl", - target_arch: Arch::X86, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// NetBSD/i386 with SSE2 [^x86_32-floats-return-ABI] -pub(crate) const I686_UNKNOWN_NETBSD: Platform = Platform { - target_triple: "i686-unknown-netbsd", - target_arch: Arch::X86, - target_os: OS::NetBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit OpenBSD [^x86_32-floats-return-ABI] -pub(crate) const I686_UNKNOWN_OPENBSD: Platform = Platform { - target_triple: "i686-unknown-openbsd", - target_arch: Arch::X86, - target_os: OS::OpenBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit UEFI -pub(crate) const I686_UNKNOWN_UEFI: Platform = Platform { - target_triple: "i686-unknown-uefi", - target_arch: Arch::X86, - target_os: OS::Uefi, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// [^x86_32-floats-return-ABI] -pub(crate) const I686_UWP_WINDOWS_GNU: Platform = Platform { - target_triple: "i686-uwp-windows-gnu", - target_arch: Arch::X86, - target_os: OS::Windows, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// [^x86_32-floats-return-ABI] -pub(crate) const I686_UWP_WINDOWS_MSVC: Platform = Platform { - target_triple: "i686-uwp-windows-msvc", - target_arch: Arch::X86, - target_os: OS::Windows, - target_env: Env::Msvc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// [^x86_32-floats-return-ABI] -pub(crate) const I686_WRS_VXWORKS: Platform = Platform { - target_triple: "i686-wrs-vxworks", - target_arch: Arch::X86, - target_os: OS::VxWorks, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// LoongArch64 Linux, LP64D ABI (kernel 5.19, glibc 2.36) -pub(crate) const LOONGARCH64_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "loongarch64-unknown-linux-gnu", - target_arch: Arch::Loongarch64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// LoongArch64 Bare-metal (LP64D ABI) -pub(crate) const LOONGARCH64_UNKNOWN_NONE: Platform = Platform { - target_triple: "loongarch64-unknown-none", - target_arch: Arch::Loongarch64, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// LoongArch64 Bare-metal (LP64S ABI) -pub(crate) const LOONGARCH64_UNKNOWN_NONE_SOFTFLOAT: Platform = Platform { - target_triple: "loongarch64-unknown-none-softfloat", - target_arch: Arch::Loongarch64, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// Motorola 680x0 Linux -pub(crate) const M68K_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "m68k-unknown-linux-gnu", - target_arch: Arch::M68k, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// MIPS Linux (kernel 4.4, glibc 2.23) -pub(crate) const MIPS_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "mips-unknown-linux-gnu", - target_arch: Arch::Mips, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// MIPS Linux with musl libc -pub(crate) const MIPS_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "mips-unknown-linux-musl", - target_arch: Arch::Mips, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// MIPS Linux with uClibc -pub(crate) const MIPS_UNKNOWN_LINUX_UCLIBC: Platform = Platform { - target_triple: "mips-unknown-linux-uclibc", - target_arch: Arch::Mips, - target_os: OS::Linux, - target_env: Env::UClibc, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// MIPS64 for OpenWrt Linux MUSL -pub(crate) const MIPS64_OPENWRT_LINUX_MUSL: Platform = Platform { - target_triple: "mips64-openwrt-linux-musl", - target_arch: Arch::Mips64, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// MIPS64 Linux, N64 ABI (kernel 4.4, glibc 2.23) -pub(crate) const MIPS64_UNKNOWN_LINUX_GNUABI64: Platform = Platform { - target_triple: "mips64-unknown-linux-gnuabi64", - target_arch: Arch::Mips64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// MIPS64 Linux, N64 ABI, musl libc -pub(crate) const MIPS64_UNKNOWN_LINUX_MUSLABI64: Platform = Platform { - target_triple: "mips64-unknown-linux-muslabi64", - target_arch: Arch::Mips64, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// MIPS64 (little endian) Linux, N64 ABI (kernel 4.4, glibc 2.23) -pub(crate) const MIPS64EL_UNKNOWN_LINUX_GNUABI64: Platform = Platform { - target_triple: "mips64el-unknown-linux-gnuabi64", - target_arch: Arch::Mips64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// MIPS64 (little endian) Linux, N64 ABI, musl libc -pub(crate) const MIPS64EL_UNKNOWN_LINUX_MUSLABI64: Platform = Platform { - target_triple: "mips64el-unknown-linux-muslabi64", - target_arch: Arch::Mips64, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// MIPS (LE) Sony PlayStation Portable (PSP) -pub(crate) const MIPSEL_SONY_PSP: Platform = Platform { - target_triple: "mipsel-sony-psp", - target_arch: Arch::Mips, - target_os: OS::Psp, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// MIPS (LE) Sony PlayStation 1 (PSX) -pub(crate) const MIPSEL_SONY_PSX: Platform = Platform { - target_triple: "mipsel-sony-psx", - target_arch: Arch::Mips, - target_os: OS::None, - target_env: Env::Psx, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// MIPS (little endian) Linux (kernel 4.4, glibc 2.23) -pub(crate) const MIPSEL_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "mipsel-unknown-linux-gnu", - target_arch: Arch::Mips, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// MIPS (little endian) Linux with musl libc -pub(crate) const MIPSEL_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "mipsel-unknown-linux-musl", - target_arch: Arch::Mips, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// MIPS (LE) Linux with uClibc -pub(crate) const MIPSEL_UNKNOWN_LINUX_UCLIBC: Platform = Platform { - target_triple: "mipsel-unknown-linux-uclibc", - target_arch: Arch::Mips, - target_os: OS::Linux, - target_env: Env::UClibc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit MIPS (LE), requires mips32 cpu support -pub(crate) const MIPSEL_UNKNOWN_NETBSD: Platform = Platform { - target_triple: "mipsel-unknown-netbsd", - target_arch: Arch::Mips, - target_os: OS::NetBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare MIPS (LE) softfloat -pub(crate) const MIPSEL_UNKNOWN_NONE: Platform = Platform { - target_triple: "mipsel-unknown-none", - target_arch: Arch::Mips, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit MIPS Release 6 Big Endian -pub(crate) const MIPSISA32R6_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "mipsisa32r6-unknown-linux-gnu", - target_arch: Arch::Mips32r6, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 32-bit MIPS Release 6 Little Endian -pub(crate) const MIPSISA32R6EL_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "mipsisa32r6el-unknown-linux-gnu", - target_arch: Arch::Mips32r6, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 64-bit MIPS Release 6 Big Endian -pub(crate) const MIPSISA64R6_UNKNOWN_LINUX_GNUABI64: Platform = Platform { - target_triple: "mipsisa64r6-unknown-linux-gnuabi64", - target_arch: Arch::Mips64r6, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 64-bit MIPS Release 6 Little Endian -pub(crate) const MIPSISA64R6EL_UNKNOWN_LINUX_GNUABI64: Platform = Platform { - target_triple: "mipsisa64r6el-unknown-linux-gnuabi64", - target_arch: Arch::Mips64r6, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 16-bit MSP430 microcontrollers -pub(crate) const MSP430_NONE_ELF: Platform = Platform { - target_triple: "msp430-none-elf", - target_arch: Arch::Msp430, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U16, - tier: Tier::Three, -}; - -/// --emit=asm generates PTX code that [runs on NVIDIA GPUs] -pub(crate) const NVPTX64_NVIDIA_CUDA: Platform = Platform { - target_triple: "nvptx64-nvidia-cuda", - target_arch: Arch::Nvptx64, - target_os: OS::Cuda, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// PowerPC FreeBSD -pub(crate) const POWERPC_UNKNOWN_FREEBSD: Platform = Platform { - target_triple: "powerpc-unknown-freebsd", - target_arch: Arch::PowerPc, - target_os: OS::FreeBSD, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// PowerPC Linux (kernel 3.2, glibc 2.17) -pub(crate) const POWERPC_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "powerpc-unknown-linux-gnu", - target_arch: Arch::PowerPc, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// PowerPC SPE Linux -pub(crate) const POWERPC_UNKNOWN_LINUX_GNUSPE: Platform = Platform { - target_triple: "powerpc-unknown-linux-gnuspe", - target_arch: Arch::PowerPc, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -pub(crate) const POWERPC_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "powerpc-unknown-linux-musl", - target_arch: Arch::PowerPc, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// NetBSD 32-bit powerpc systems -pub(crate) const POWERPC_UNKNOWN_NETBSD: Platform = Platform { - target_triple: "powerpc-unknown-netbsd", - target_arch: Arch::PowerPc, - target_os: OS::NetBSD, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -pub(crate) const POWERPC_UNKNOWN_OPENBSD: Platform = Platform { - target_triple: "powerpc-unknown-openbsd", - target_arch: Arch::PowerPc, - target_os: OS::OpenBSD, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -pub(crate) const POWERPC_WRS_VXWORKS: Platform = Platform { - target_triple: "powerpc-wrs-vxworks", - target_arch: Arch::PowerPc, - target_os: OS::VxWorks, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -pub(crate) const POWERPC_WRS_VXWORKS_SPE: Platform = Platform { - target_triple: "powerpc-wrs-vxworks-spe", - target_arch: Arch::PowerPc, - target_os: OS::VxWorks, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// 64-bit AIX (7.2 and newer) -pub(crate) const POWERPC64_IBM_AIX: Platform = Platform { - target_triple: "powerpc64-ibm-aix", - target_arch: Arch::PowerPc64, - target_os: OS::Aix, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// PPC64 FreeBSD (ELFv1 and ELFv2) -pub(crate) const POWERPC64_UNKNOWN_FREEBSD: Platform = Platform { - target_triple: "powerpc64-unknown-freebsd", - target_arch: Arch::PowerPc64, - target_os: OS::FreeBSD, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// PPC64 Linux (kernel 3.2, glibc 2.17) -pub(crate) const POWERPC64_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "powerpc64-unknown-linux-gnu", - target_arch: Arch::PowerPc64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -pub(crate) const POWERPC64_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "powerpc64-unknown-linux-musl", - target_arch: Arch::PowerPc64, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// OpenBSD/powerpc64 -pub(crate) const POWERPC64_UNKNOWN_OPENBSD: Platform = Platform { - target_triple: "powerpc64-unknown-openbsd", - target_arch: Arch::PowerPc64, - target_os: OS::OpenBSD, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -pub(crate) const POWERPC64_WRS_VXWORKS: Platform = Platform { - target_triple: "powerpc64-wrs-vxworks", - target_arch: Arch::PowerPc64, - target_os: OS::VxWorks, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// PPC64LE FreeBSD -pub(crate) const POWERPC64LE_UNKNOWN_FREEBSD: Platform = Platform { - target_triple: "powerpc64le-unknown-freebsd", - target_arch: Arch::PowerPc64, - target_os: OS::FreeBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// PPC64LE Linux (kernel 3.10, glibc 2.17) -pub(crate) const POWERPC64LE_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "powerpc64le-unknown-linux-gnu", - target_arch: Arch::PowerPc64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -pub(crate) const POWERPC64LE_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "powerpc64le-unknown-linux-musl", - target_arch: Arch::PowerPc64, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// RISC-V Linux (kernel 5.4, glibc 2.33) -pub(crate) const RISCV32GC_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "riscv32gc-unknown-linux-gnu", - target_arch: Arch::Riscv32, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// RISC-V Linux (kernel 5.4, musl + RISCV32 support patches) -pub(crate) const RISCV32GC_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "riscv32gc-unknown-linux-musl", - target_arch: Arch::Riscv32, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare RISC-V (RV32I ISA) -pub(crate) const RISCV32I_UNKNOWN_NONE_ELF: Platform = Platform { - target_triple: "riscv32i-unknown-none-elf", - target_arch: Arch::Riscv32, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Bare RISC-V (RV32IM ISA) -pub(crate) const RISCV32IM_UNKNOWN_NONE_ELF: Platform = Platform { - target_triple: "riscv32im-unknown-none-elf", - target_arch: Arch::Riscv32, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// RISC-V ESP-IDF -pub(crate) const RISCV32IMAC_ESP_ESPIDF: Platform = Platform { - target_triple: "riscv32imac-esp-espidf", - target_arch: Arch::Riscv32, - target_os: OS::Espidf, - target_env: Env::Newlib, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare RISC-V (RV32IMAC ISA) -pub(crate) const RISCV32IMAC_UNKNOWN_NONE_ELF: Platform = Platform { - target_triple: "riscv32imac-unknown-none-elf", - target_arch: Arch::Riscv32, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// RISC-V Xous (RV32IMAC ISA) -pub(crate) const RISCV32IMAC_UNKNOWN_XOUS_ELF: Platform = Platform { - target_triple: "riscv32imac-unknown-xous-elf", - target_arch: Arch::Riscv32, - target_os: OS::Xous, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// RISC-V ESP-IDF -pub(crate) const RISCV32IMC_ESP_ESPIDF: Platform = Platform { - target_triple: "riscv32imc-esp-espidf", - target_arch: Arch::Riscv32, - target_os: OS::Espidf, - target_env: Env::Newlib, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare RISC-V (RV32IMC ISA) -pub(crate) const RISCV32IMC_UNKNOWN_NONE_ELF: Platform = Platform { - target_triple: "riscv32imc-unknown-none-elf", - target_arch: Arch::Riscv32, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// RISC-V 64-bit Android -pub(crate) const RISCV64_LINUX_ANDROID: Platform = Platform { - target_triple: "riscv64-linux-android", - target_arch: Arch::Riscv64, - target_os: OS::Android, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// RISC-V FreeBSD -pub(crate) const RISCV64GC_UNKNOWN_FREEBSD: Platform = Platform { - target_triple: "riscv64gc-unknown-freebsd", - target_arch: Arch::Riscv64, - target_os: OS::FreeBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// RISC-V Fuchsia -pub(crate) const RISCV64GC_UNKNOWN_FUCHSIA: Platform = Platform { - target_triple: "riscv64gc-unknown-fuchsia", - target_arch: Arch::Riscv64, - target_os: OS::Fuchsia, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// RISC-V Hermit -pub(crate) const RISCV64GC_UNKNOWN_HERMIT: Platform = Platform { - target_triple: "riscv64gc-unknown-hermit", - target_arch: Arch::Riscv64, - target_os: OS::Hermit, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// RISC-V Linux (kernel 4.20, glibc 2.29) -pub(crate) const RISCV64GC_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "riscv64gc-unknown-linux-gnu", - target_arch: Arch::Riscv64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// RISC-V Linux (kernel 4.20, musl 1.2.0) -pub(crate) const RISCV64GC_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "riscv64gc-unknown-linux-musl", - target_arch: Arch::Riscv64, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// RISC-V NetBSD -pub(crate) const RISCV64GC_UNKNOWN_NETBSD: Platform = Platform { - target_triple: "riscv64gc-unknown-netbsd", - target_arch: Arch::Riscv64, - target_os: OS::NetBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// Bare RISC-V (RV64IMAFDC ISA) -pub(crate) const RISCV64GC_UNKNOWN_NONE_ELF: Platform = Platform { - target_triple: "riscv64gc-unknown-none-elf", - target_arch: Arch::Riscv64, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// OpenBSD/riscv64 -pub(crate) const RISCV64GC_UNKNOWN_OPENBSD: Platform = Platform { - target_triple: "riscv64gc-unknown-openbsd", - target_arch: Arch::Riscv64, - target_os: OS::OpenBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// Bare RISC-V (RV64IMAC ISA) -pub(crate) const RISCV64IMAC_UNKNOWN_NONE_ELF: Platform = Platform { - target_triple: "riscv64imac-unknown-none-elf", - target_arch: Arch::Riscv64, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// S390x Linux (kernel 3.2, glibc 2.17) -pub(crate) const S390X_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "s390x-unknown-linux-gnu", - target_arch: Arch::S390X, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// S390x Linux (kernel 3.2, MUSL) -pub(crate) const S390X_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "s390x-unknown-linux-musl", - target_arch: Arch::S390X, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 32-bit SPARC Linux -pub(crate) const SPARC_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "sparc-unknown-linux-gnu", - target_arch: Arch::Sparc, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare 32-bit SPARC V7+ -pub(crate) const SPARC_UNKNOWN_NONE_ELF: Platform = Platform { - target_triple: "sparc-unknown-none-elf", - target_arch: Arch::Sparc, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// SPARC Linux (kernel 4.4, glibc 2.23) -pub(crate) const SPARC64_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "sparc64-unknown-linux-gnu", - target_arch: Arch::Sparc64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// NetBSD/sparc64 -pub(crate) const SPARC64_UNKNOWN_NETBSD: Platform = Platform { - target_triple: "sparc64-unknown-netbsd", - target_arch: Arch::Sparc64, - target_os: OS::NetBSD, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// OpenBSD/sparc64 -pub(crate) const SPARC64_UNKNOWN_OPENBSD: Platform = Platform { - target_triple: "sparc64-unknown-openbsd", - target_arch: Arch::Sparc64, - target_os: OS::OpenBSD, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// SPARC Solaris 10/11, illumos -pub(crate) const SPARCV9_SUN_SOLARIS: Platform = Platform { - target_triple: "sparcv9-sun-solaris", - target_arch: Arch::Sparc64, - target_os: OS::Solaris, - target_env: Env::None, - target_endian: Endian::Big, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// Thumb-mode Bare ARMv4T -pub(crate) const THUMBV4T_NONE_EABI: Platform = Platform { - target_triple: "thumbv4t-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Thumb-mode Bare ARMv5TE -pub(crate) const THUMBV5TE_NONE_EABI: Platform = Platform { - target_triple: "thumbv5te-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare ARMv6-M -pub(crate) const THUMBV6M_NONE_EABI: Platform = Platform { - target_triple: "thumbv6m-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -pub(crate) const THUMBV7A_PC_WINDOWS_MSVC: Platform = Platform { - target_triple: "thumbv7a-pc-windows-msvc", - target_arch: Arch::Arm, - target_os: OS::Windows, - target_env: Env::Msvc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -pub(crate) const THUMBV7A_UWP_WINDOWS_MSVC: Platform = Platform { - target_triple: "thumbv7a-uwp-windows-msvc", - target_arch: Arch::Arm, - target_os: OS::Windows, - target_env: Env::Msvc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare ARMv7E-M -pub(crate) const THUMBV7EM_NONE_EABI: Platform = Platform { - target_triple: "thumbv7em-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Bare ARMV7E-M, hardfloat -pub(crate) const THUMBV7EM_NONE_EABIHF: Platform = Platform { - target_triple: "thumbv7em-none-eabihf", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Bare ARMv7-M -pub(crate) const THUMBV7M_NONE_EABI: Platform = Platform { - target_triple: "thumbv7m-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Thumb2-mode ARMv7-A Android with NEON -pub(crate) const THUMBV7NEON_LINUX_ANDROIDEABI: Platform = Platform { - target_triple: "thumbv7neon-linux-androideabi", - target_arch: Arch::Arm, - target_os: OS::Android, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Thumb2-mode ARMv7-A Linux with NEON (kernel 4.4, glibc 2.23) -pub(crate) const THUMBV7NEON_UNKNOWN_LINUX_GNUEABIHF: Platform = Platform { - target_triple: "thumbv7neon-unknown-linux-gnueabihf", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Thumb2-mode ARMv7-A Linux with NEON, MUSL -pub(crate) const THUMBV7NEON_UNKNOWN_LINUX_MUSLEABIHF: Platform = Platform { - target_triple: "thumbv7neon-unknown-linux-musleabihf", - target_arch: Arch::Arm, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Three, -}; - -/// Bare ARMv8-M Baseline -pub(crate) const THUMBV8M_BASE_NONE_EABI: Platform = Platform { - target_triple: "thumbv8m.base-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Bare ARMv8-M Mainline -pub(crate) const THUMBV8M_MAIN_NONE_EABI: Platform = Platform { - target_triple: "thumbv8m.main-none-eabi", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// Bare ARMv8-M Mainline, hardfloat -pub(crate) const THUMBV8M_MAIN_NONE_EABIHF: Platform = Platform { - target_triple: "thumbv8m.main-none-eabihf", - target_arch: Arch::Arm, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// WebAssembly via Emscripten -pub(crate) const WASM32_UNKNOWN_EMSCRIPTEN: Platform = Platform { - target_triple: "wasm32-unknown-emscripten", - target_arch: Arch::Wasm32, - target_os: OS::Emscripten, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// WebAssembly -pub(crate) const WASM32_UNKNOWN_UNKNOWN: Platform = Platform { - target_triple: "wasm32-unknown-unknown", - target_arch: Arch::Wasm32, - target_os: OS::Unknown, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// WebAssembly with WASI -pub(crate) const WASM32_WASI: Platform = Platform { - target_triple: "wasm32-wasi", - target_arch: Arch::Wasm32, - target_os: OS::Wasi, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// WebAssembly with WASI Preview 1 and threads -pub(crate) const WASM32_WASI_PREVIEW1_THREADS: Platform = Platform { - target_triple: "wasm32-wasi-preview1-threads", - target_arch: Arch::Wasm32, - target_os: OS::Wasi, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// WebAssembly -pub(crate) const WASM64_UNKNOWN_UNKNOWN: Platform = Platform { - target_triple: "wasm64-unknown-unknown", - target_arch: Arch::Wasm64, - target_os: OS::Unknown, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 64-bit macOS (10.12+, Sierra+) -pub(crate) const X86_64_APPLE_DARWIN: Platform = Platform { - target_triple: "x86_64-apple-darwin", - target_arch: Arch::X86_64, - target_os: OS::MacOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::One, -}; - -/// 64-bit x86 iOS -pub(crate) const X86_64_APPLE_IOS: Platform = Platform { - target_triple: "x86_64-apple-ios", - target_arch: Arch::X86_64, - target_os: OS::iOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// Apple Catalyst on x86_64 -pub(crate) const X86_64_APPLE_IOS_MACABI: Platform = Platform { - target_triple: "x86_64-apple-ios-macabi", - target_arch: Arch::X86_64, - target_os: OS::iOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// x86 64-bit tvOS -pub(crate) const X86_64_APPLE_TVOS: Platform = Platform { - target_triple: "x86_64-apple-tvos", - target_arch: Arch::X86_64, - target_os: OS::TvOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// x86 64-bit Apple WatchOS simulator -pub(crate) const X86_64_APPLE_WATCHOS_SIM: Platform = Platform { - target_triple: "x86_64-apple-watchos-sim", - target_arch: Arch::X86_64, - target_os: OS::WatchOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// [Fortanix ABI] for 64-bit Intel SGX -pub(crate) const X86_64_FORTANIX_UNKNOWN_SGX: Platform = Platform { - target_triple: "x86_64-fortanix-unknown-sgx", - target_arch: Arch::X86_64, - target_os: OS::Unknown, - target_env: Env::Sgx, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// Alias for `x86_64-unknown-fuchsia` -pub(crate) const X86_64_FUCHSIA: Platform = Platform { - target_triple: "x86_64-fuchsia", - target_arch: Arch::X86_64, - target_os: OS::Fuchsia, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// 64-bit x86 Android -pub(crate) const X86_64_LINUX_ANDROID: Platform = Platform { - target_triple: "x86_64-linux-android", - target_arch: Arch::X86_64, - target_os: OS::Android, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -pub(crate) const X86_64_PC_NTO_QNX710: Platform = Platform { - target_triple: "x86_64-pc-nto-qnx710", - target_arch: Arch::X86_64, - target_os: OS::Nto, - target_env: Env::Nto71, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 64-bit Solaris 10/11, illumos -pub(crate) const X86_64_PC_SOLARIS: Platform = Platform { - target_triple: "x86_64-pc-solaris", - target_arch: Arch::X86_64, - target_os: OS::Solaris, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// 64-bit MinGW (Windows 7+) [^windows-support] -pub(crate) const X86_64_PC_WINDOWS_GNU: Platform = Platform { - target_triple: "x86_64-pc-windows-gnu", - target_arch: Arch::X86_64, - target_os: OS::Windows, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::One, -}; - -pub(crate) const X86_64_PC_WINDOWS_GNULLVM: Platform = Platform { - target_triple: "x86_64-pc-windows-gnullvm", - target_arch: Arch::X86_64, - target_os: OS::Windows, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 64-bit MSVC (Windows 7+) [^windows-support] -pub(crate) const X86_64_PC_WINDOWS_MSVC: Platform = Platform { - target_triple: "x86_64-pc-windows-msvc", - target_arch: Arch::X86_64, - target_os: OS::Windows, - target_env: Env::Msvc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::One, -}; - -/// Deprecated target for 64-bit Solaris 10/11, illumos -pub(crate) const X86_64_SUN_SOLARIS: Platform = Platform { - target_triple: "x86_64-sun-solaris", - target_arch: Arch::X86_64, - target_os: OS::Solaris, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 64-bit Unikraft with musl -pub(crate) const X86_64_UNIKRAFT_LINUX_MUSL: Platform = Platform { - target_triple: "x86_64-unikraft-linux-musl", - target_arch: Arch::X86_64, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 64-bit DragonFlyBSD -pub(crate) const X86_64_UNKNOWN_DRAGONFLY: Platform = Platform { - target_triple: "x86_64-unknown-dragonfly", - target_arch: Arch::X86_64, - target_os: OS::Dragonfly, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 64-bit FreeBSD -pub(crate) const X86_64_UNKNOWN_FREEBSD: Platform = Platform { - target_triple: "x86_64-unknown-freebsd", - target_arch: Arch::X86_64, - target_os: OS::FreeBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// 64-bit x86 Fuchsia -pub(crate) const X86_64_UNKNOWN_FUCHSIA: Platform = Platform { - target_triple: "x86_64-unknown-fuchsia", - target_arch: Arch::X86_64, - target_os: OS::Fuchsia, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// 64-bit Haiku -pub(crate) const X86_64_UNKNOWN_HAIKU: Platform = Platform { - target_triple: "x86_64-unknown-haiku", - target_arch: Arch::X86_64, - target_os: OS::Haiku, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// x86_64 Hermit -pub(crate) const X86_64_UNKNOWN_HERMIT: Platform = Platform { - target_triple: "x86_64-unknown-hermit", - target_arch: Arch::X86_64, - target_os: OS::Hermit, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// illumos -pub(crate) const X86_64_UNKNOWN_ILLUMOS: Platform = Platform { - target_triple: "x86_64-unknown-illumos", - target_arch: Arch::X86_64, - target_os: OS::IllumOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -pub(crate) const X86_64_UNKNOWN_L4RE_UCLIBC: Platform = Platform { - target_triple: "x86_64-unknown-l4re-uclibc", - target_arch: Arch::X86_64, - target_os: OS::L4re, - target_env: Env::UClibc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// 64-bit Linux (kernel 3.2+, glibc 2.17+) -pub(crate) const X86_64_UNKNOWN_LINUX_GNU: Platform = Platform { - target_triple: "x86_64-unknown-linux-gnu", - target_arch: Arch::X86_64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::One, -}; - -/// 64-bit Linux (x32 ABI) (kernel 4.15, glibc 2.27) -pub(crate) const X86_64_UNKNOWN_LINUX_GNUX32: Platform = Platform { - target_triple: "x86_64-unknown-linux-gnux32", - target_arch: Arch::X86_64, - target_os: OS::Linux, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U32, - tier: Tier::Two, -}; - -/// 64-bit Linux with MUSL -pub(crate) const X86_64_UNKNOWN_LINUX_MUSL: Platform = Platform { - target_triple: "x86_64-unknown-linux-musl", - target_arch: Arch::X86_64, - target_os: OS::Linux, - target_env: Env::Musl, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -pub(crate) const X86_64_UNKNOWN_LINUX_OHOS: Platform = Platform { - target_triple: "x86_64-unknown-linux-ohos", - target_arch: Arch::X86_64, - target_os: OS::Linux, - target_env: Env::OhOS, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// NetBSD/amd64 -pub(crate) const X86_64_UNKNOWN_NETBSD: Platform = Platform { - target_triple: "x86_64-unknown-netbsd", - target_arch: Arch::X86_64, - target_os: OS::NetBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// Freestanding/bare-metal x86_64, softfloat -pub(crate) const X86_64_UNKNOWN_NONE: Platform = Platform { - target_triple: "x86_64-unknown-none", - target_arch: Arch::X86_64, - target_os: OS::None, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// 64-bit OpenBSD -pub(crate) const X86_64_UNKNOWN_OPENBSD: Platform = Platform { - target_triple: "x86_64-unknown-openbsd", - target_arch: Arch::X86_64, - target_os: OS::OpenBSD, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// Redox OS -pub(crate) const X86_64_UNKNOWN_REDOX: Platform = Platform { - target_triple: "x86_64-unknown-redox", - target_arch: Arch::X86_64, - target_os: OS::Redox, - target_env: Env::Relibc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -/// 64-bit UEFI -pub(crate) const X86_64_UNKNOWN_UEFI: Platform = Platform { - target_triple: "x86_64-unknown-uefi", - target_arch: Arch::X86_64, - target_os: OS::Uefi, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Two, -}; - -pub(crate) const X86_64_UWP_WINDOWS_GNU: Platform = Platform { - target_triple: "x86_64-uwp-windows-gnu", - target_arch: Arch::X86_64, - target_os: OS::Windows, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -pub(crate) const X86_64_UWP_WINDOWS_MSVC: Platform = Platform { - target_triple: "x86_64-uwp-windows-msvc", - target_arch: Arch::X86_64, - target_os: OS::Windows, - target_env: Env::Msvc, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -pub(crate) const X86_64_WRS_VXWORKS: Platform = Platform { - target_triple: "x86_64-wrs-vxworks", - target_arch: Arch::X86_64, - target_os: OS::VxWorks, - target_env: Env::Gnu, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; - -/// macOS with late-gen Intel (at least Haswell) -pub(crate) const X86_64H_APPLE_DARWIN: Platform = Platform { - target_triple: "x86_64h-apple-darwin", - target_arch: Arch::X86_64, - target_os: OS::MacOS, - target_env: Env::None, - target_endian: Endian::Little, - target_pointer_width: PointerWidth::U64, - tier: Tier::Three, -}; diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/req.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/req.rs deleted file mode 100644 index 3f13fb1df5ca..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/req.rs +++ /dev/null @@ -1,246 +0,0 @@ -//! Platform requirements - -use crate::error::Error; -use crate::platform::Platform; -use std::{fmt, str::FromStr, string::String}; - -#[cfg(feature = "serde")] -use serde::{de, ser, Deserialize, Serialize}; - -/// Platform requirements: glob-like expressions for matching Rust platforms -/// as identified by a "target triple", e.g. `i686-apple-darwin`. -/// -/// For a list of all valid platforms, "target triples", see: -/// -/// -/// -/// Platforms can be grouped with simple globbing rules: -/// -/// - Start with wildcard: `*-gnu` -/// - End with wildcard: `x86_64-*` -/// - Start and end with wildcard: `*windows*` -#[derive(Clone, Debug, Eq, PartialEq)] -pub struct PlatformReq(String); - -/// Wildcard character used for globbing -pub const WILDCARD: char = '*'; - -impl PlatformReq { - /// Borrow this platform requirement as a string slice - pub fn as_str(&self) -> &str { - self.0.as_ref() - } - - /// Does this platform requirement match the given platform string? - /// - /// This matcher accepts a platform "target triple" string ala - /// `x86_64-unknown-linux-gnu` and matches it against this - /// `Platform`, using simple glob like rules. - pub fn matches(&self, platform: &Platform) -> bool { - let self_len = self.as_str().len(); - - // Universal matcher - if self.0.len() == 1 && self.0.chars().next().unwrap() == WILDCARD { - return true; - } - - let mut chars = self.as_str().chars(); - let starts_with_wildcard = chars.next().unwrap() == WILDCARD; - let ends_with_wildcard = chars.last() == Some(WILDCARD); - - if starts_with_wildcard { - if ends_with_wildcard { - // Contains expression: `*windows*` - platform - .target_triple - .contains(&self.0[1..self_len.checked_sub(1).unwrap()]) - } else { - // Suffix expression: `*-gnu` - platform.target_triple.ends_with(&self.0[1..]) - } - } else if ends_with_wildcard { - // Prefix expression: `x86_64-*` - platform - .target_triple - .starts_with(&self.0[..self_len.checked_sub(1).unwrap()]) - } else { - // No wildcards: direct comparison - self.as_str() == platform.target_triple - } - } - - /// Expand glob expressions into a list of all known matching platforms - pub fn matching_platforms(&self) -> impl Iterator { - matching_platforms(self, Platform::ALL) - } -} - -// Split into its own function for unit testing -#[inline] -fn matching_platforms<'a>( - req: &'a PlatformReq, - platforms: &'a [Platform], -) -> impl Iterator { - platforms - .iter() - .filter(move |&platform| req.matches(platform)) -} - -impl FromStr for PlatformReq { - type Err = Error; - - /// Create a new platform requirement. Platforms support glob-like - /// wildcards on the beginning and end, e.g. `*windows*`. - /// - /// Must match at least one known Rust platform "target triple" - /// (e.g. `x86_64-unknown-linux-gnu`) to be considered valid. - fn from_str(req_str: &str) -> Result { - let platform_req = PlatformReq(req_str.into()); - - if platform_req.0.is_empty() || platform_req.matching_platforms().next().is_none() { - Err(Error) - } else { - Ok(platform_req) - } - } -} - -impl fmt::Display for PlatformReq { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str(self.as_str()) - } -} - -#[cfg(feature = "serde")] -impl Serialize for PlatformReq { - fn serialize(&self, serializer: S) -> Result { - serializer.serialize_str(self.as_str()) - } -} - -#[cfg(feature = "serde")] -impl<'de> Deserialize<'de> for PlatformReq { - fn deserialize>(deserializer: D) -> Result { - use de::Error; - String::deserialize(deserializer)? - .parse() - .map_err(D::Error::custom) - } -} - -#[cfg(test)] -mod tests { - use super::*; - use std::{str::FromStr, vec::Vec}; - - use crate::platform::platforms::*; - const TEST_PLATFORM_LIST: &[Platform] = &[ - AARCH64_PC_WINDOWS_MSVC, - AARCH64_UNKNOWN_LINUX_MUSL, - ARMV7_UNKNOWN_LINUX_MUSLEABI, - ARMV7_UNKNOWN_LINUX_MUSLEABIHF, - SPARC_UNKNOWN_LINUX_GNU, - SPARC64_UNKNOWN_LINUX_GNU, - SPARC64_UNKNOWN_NETBSD, - SPARC64_UNKNOWN_OPENBSD, - SPARCV9_SUN_SOLARIS, - AARCH64_UWP_WINDOWS_MSVC, - I586_PC_WINDOWS_MSVC, - I686_PC_WINDOWS_GNU, - I686_PC_WINDOWS_MSVC, - I686_UWP_WINDOWS_GNU, - I686_UWP_WINDOWS_MSVC, - MIPS64_UNKNOWN_LINUX_GNUABI64, - MIPS64_UNKNOWN_LINUX_MUSLABI64, - THUMBV7A_PC_WINDOWS_MSVC, - THUMBV7A_UWP_WINDOWS_MSVC, - RISCV64GC_UNKNOWN_LINUX_MUSL, - X86_64_PC_WINDOWS_GNU, - ]; - - #[test] - fn prefix_glob_test() { - let req = PlatformReq::from_str("sparc*").unwrap(); - - assert_eq!( - matching_platforms(&req, TEST_PLATFORM_LIST) - .map(|p| p.target_triple) - .collect::>(), - [ - "sparc-unknown-linux-gnu", - "sparc64-unknown-linux-gnu", - "sparc64-unknown-netbsd", - "sparc64-unknown-openbsd", - "sparcv9-sun-solaris" - ] - ); - } - - #[test] - fn suffix_glob_test() { - let req = PlatformReq::from_str("*-musl").unwrap(); - - assert_eq!( - matching_platforms(&req, TEST_PLATFORM_LIST) - .map(|p| p.target_triple) - .collect::>(), - ["aarch64-unknown-linux-musl", "riscv64gc-unknown-linux-musl"] - ); - } - - #[test] - fn contains_glob_test() { - let req = PlatformReq::from_str("*windows*").unwrap(); - - assert_eq!( - matching_platforms(&req, TEST_PLATFORM_LIST) - .map(|p| p.target_triple) - .collect::>(), - [ - "aarch64-pc-windows-msvc", - "aarch64-uwp-windows-msvc", - "i586-pc-windows-msvc", - "i686-pc-windows-gnu", - "i686-pc-windows-msvc", - "i686-uwp-windows-gnu", - "i686-uwp-windows-msvc", - "thumbv7a-pc-windows-msvc", - "thumbv7a-uwp-windows-msvc", - "x86_64-pc-windows-gnu", - ] - ); - } - - #[test] - fn direct_match_test() { - let req = PlatformReq::from_str("x86_64-unknown-dragonfly").unwrap(); - - assert_eq!( - req.matching_platforms() - .map(|p| p.target_triple) - .collect::>(), - ["x86_64-unknown-dragonfly"] - ); - } - - #[test] - fn wildcard_test() { - let req = PlatformReq::from_str("*").unwrap(); - assert_eq!(req.matching_platforms().count(), Platform::ALL.len()) - } - - // How to handle this is debatable... - #[test] - fn double_wildcard_test() { - let req = PlatformReq::from_str("**").unwrap(); - assert_eq!(req.matching_platforms().count(), Platform::ALL.len()) - } - - #[test] - fn invalid_req_tests() { - assert!(PlatformReq::from_str("").is_err()); - assert!(PlatformReq::from_str(" ").is_err()); - assert!(PlatformReq::from_str("derp").is_err()); - assert!(PlatformReq::from_str("***").is_err()); - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/tier.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/tier.rs deleted file mode 100644 index c650be4a5e78..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/tier.rs +++ /dev/null @@ -1,116 +0,0 @@ -//! Rust platform tiers - -use crate::error::Error; -use core::{convert::TryFrom, fmt, str::FromStr}; - -#[cfg(feature = "serde")] -use serde::{de, ser, Deserialize, Serialize}; - -/// Rust platform tiers: support levels are organized into three tiers, each -/// with a different set of guarantees. -#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)] -pub enum Tier { - /// Tier 1 platforms can be thought of as “guaranteed to work”. - /// Specifically they will each satisfy the following requirements: - /// - /// * Official binary releases are provided for the platform. - /// * Automated testing is set up to run tests for the platform. - /// * Landing changes to the rust-lang/rust repository’s master branch - /// is gated on tests passing. - /// * Documentation for how to use and how to build the platform is available. - One, - - /// Tier 2 platforms can be thought of as “guaranteed to build”. Automated - /// tests are not run so it’s not guaranteed to produce a working build, - /// but platforms often work to quite a good degree and patches are always - /// welcome! - /// - /// Specifically, these platforms are required to have each of the following: - /// - /// * Official binary releases are provided for the platform. - /// * Automated building is set up, but may not be running tests. - /// * Landing changes to the rust-lang/rust repository’s master branch is - /// gated on platforms building. For some platforms only the standard - /// library is compiled, but for others rustc and cargo are too. - Two, - - /// Tier 3 platforms are those which the Rust codebase has support for, but - /// which are not built or tested automatically, and may not work. - /// Official builds are not available. - Three, -} - -impl Tier { - /// Get a number identifying this tier - pub fn to_usize(self) -> usize { - match self { - Tier::One => 1, - Tier::Two => 2, - Tier::Three => 3, - } - } - - /// Get a string identifying this tier - pub fn as_str(self) -> &'static str { - match self { - Tier::One => "tier1", - Tier::Two => "tier2", - Tier::Three => "tier3", - } - } -} - -impl From for usize { - fn from(tier: Tier) -> usize { - tier.to_usize() - } -} - -impl TryFrom for Tier { - type Error = Error; - - fn try_from(num: usize) -> Result { - match num { - 1 => Ok(Tier::One), - 2 => Ok(Tier::Two), - 3 => Ok(Tier::Three), - _ => Err(Error), - } - } -} - -impl FromStr for Tier { - type Err = Error; - - fn from_str(s: &str) -> Result { - match s { - "tier1" => Ok(Tier::One), - "tier2" => Ok(Tier::Two), - "tier3" => Ok(Tier::Three), - _ => Err(Error), - } - } -} - -impl fmt::Display for Tier { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str(self.as_str()) - } -} - -#[cfg(feature = "serde")] -impl Serialize for Tier { - fn serialize(&self, serializer: S) -> Result { - serializer.serialize_str(self.as_str()) - } -} - -#[cfg(all(feature = "serde", feature = "std"))] -impl<'de> Deserialize<'de> for Tier { - fn deserialize>(deserializer: D) -> Result { - use de::Error; - std::string::String::deserialize(deserializer)? - .parse() - .map_err(D::Error::custom) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target.rs deleted file mode 100644 index bd52cb1a009c..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target.rs +++ /dev/null @@ -1,12 +0,0 @@ -//! Target `cfg` attributes. Documented in the "Conditional compilation" section -//! of the Rust reference: -//! -//! - -mod arch; -mod endian; -mod env; -mod os; -mod pointerwidth; - -pub use self::{arch::Arch, endian::Endian, env::Env, os::OS, pointerwidth::PointerWidth}; diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/arch.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/arch.rs deleted file mode 100644 index ea9b9998a9fb..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/arch.rs +++ /dev/null @@ -1,184 +0,0 @@ -//! Rust architectures - -use crate::error::Error; -use core::{fmt, str::FromStr}; - -#[cfg(feature = "serde")] -use serde::{de, de::Error as DeError, ser, Deserialize, Serialize}; - -/// `target_arch`: Target CPU architecture -#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)] -#[non_exhaustive] -pub enum Arch { - /// `aarch64`: ARMv8 64-bit architecture - AArch64, - - /// `arm`: 32-bit ARM architecture - Arm, - - /// `avr` - Avr, - - /// `bpf` - Bpf, - - /// `csky` - Csky, - - /// `hexagon` - Hexagon, - - /// `loongarch64` - Loongarch64, - - /// `m68k` - M68k, - - /// `mips`: 32-bit MIPS CPU architecture - Mips, - - /// `mips32r6` - Mips32r6, - - /// `mips64`: 64-bit MIPS CPU architecture - Mips64, - - /// `mips64r6` - Mips64r6, - - /// `msp430`: 16-bit MSP430 microcontrollers - Msp430, - - /// `nvptx64`: 64-bit NVIDIA PTX - Nvptx64, - - /// `powerpc`: 32-bit POWERPC platform - PowerPc, - - /// `powerpc64`: 64-bit POWERPC platform - PowerPc64, - - /// `riscv32` - Riscv32, - - /// `riscv64` - Riscv64, - - /// `s390x`: 64-bit IBM z/Architecture - S390X, - - /// `sparc`: 32-bit SPARC CPU architecture - Sparc, - - /// `sparc64`: 64-bit SPARC CPU architecture - Sparc64, - - /// `wasm32`: Web Assembly (32-bit) - Wasm32, - - /// `wasm64` - Wasm64, - - /// `x86`: Generic x86 CPU architecture - X86, - - /// `x86_64`: 'AMD64' CPU architecture - X86_64, -} - -impl Arch { - /// String representing this `Arch` which matches `#[cfg(target_arch)]` - pub fn as_str(self) -> &'static str { - match self { - Arch::AArch64 => "aarch64", - Arch::Arm => "arm", - Arch::Avr => "avr", - Arch::Bpf => "bpf", - Arch::Csky => "csky", - Arch::Hexagon => "hexagon", - Arch::Loongarch64 => "loongarch64", - Arch::M68k => "m68k", - Arch::Mips => "mips", - Arch::Mips32r6 => "mips32r6", - Arch::Mips64 => "mips64", - Arch::Mips64r6 => "mips64r6", - Arch::Msp430 => "msp430", - Arch::Nvptx64 => "nvptx64", - Arch::PowerPc => "powerpc", - Arch::PowerPc64 => "powerpc64", - Arch::Riscv32 => "riscv32", - Arch::Riscv64 => "riscv64", - Arch::S390X => "s390x", - Arch::Sparc => "sparc", - Arch::Sparc64 => "sparc64", - Arch::Wasm32 => "wasm32", - Arch::Wasm64 => "wasm64", - Arch::X86 => "x86", - Arch::X86_64 => "x86_64", - } - } -} - -impl FromStr for Arch { - type Err = Error; - - /// Create a new `Arch` from the given string - fn from_str(name: &str) -> Result { - let result = match name { - "aarch64" => Arch::AArch64, - "arm" => Arch::Arm, - "avr" => Arch::Avr, - "bpf" => Arch::Bpf, - "csky" => Arch::Csky, - "hexagon" => Arch::Hexagon, - "loongarch64" => Arch::Loongarch64, - "m68k" => Arch::M68k, - "mips" => Arch::Mips, - "mips32r6" => Arch::Mips32r6, - "mips64" => Arch::Mips64, - "mips64r6" => Arch::Mips64r6, - "msp430" => Arch::Msp430, - "nvptx64" => Arch::Nvptx64, - "powerpc" => Arch::PowerPc, - "powerpc64" => Arch::PowerPc64, - "riscv32" => Arch::Riscv32, - "riscv64" => Arch::Riscv64, - "s390x" => Arch::S390X, - "sparc" => Arch::Sparc, - "sparc64" => Arch::Sparc64, - "wasm32" => Arch::Wasm32, - "wasm64" => Arch::Wasm64, - "x86" => Arch::X86, - "x86_64" => Arch::X86_64, - _ => return Err(Error), - }; - - Ok(result) - } -} - -impl fmt::Display for Arch { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str(self.as_str()) - } -} - -#[cfg(feature = "serde")] -impl Serialize for Arch { - fn serialize(&self, serializer: S) -> Result { - serializer.serialize_str(self.as_str()) - } -} - -#[cfg(all(feature = "serde", feature = "std"))] -impl<'de> Deserialize<'de> for Arch { - fn deserialize>(deserializer: D) -> Result { - let string = std::string::String::deserialize(deserializer)?; - string.parse().map_err(|_| { - D::Error::custom(std::format!( - "Unrecognized value '{}' for target_arch", - string - )) - }) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/endian.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/endian.rs deleted file mode 100644 index f0f81406125b..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/endian.rs +++ /dev/null @@ -1,69 +0,0 @@ -//! Endianness - -use crate::error::Error; -use core::{fmt, str::FromStr}; - -#[cfg(feature = "serde")] -use serde::{de, de::Error as DeError, ser, Deserialize, Serialize}; - -/// `target_endian`: [Endianness](https://en.wikipedia.org/wiki/Endianness) of the target. -#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)] -#[non_exhaustive] -pub enum Endian { - /// `big` - Big, - - /// `little` - Little, -} - -impl Endian { - /// String representing this `Endian` which matches `#[cfg(target_endian)]` - pub fn as_str(self) -> &'static str { - match self { - Endian::Big => "big", - Endian::Little => "little", - } - } -} - -impl FromStr for Endian { - type Err = Error; - - /// Create a new `Endian` from the given string - fn from_str(name: &str) -> Result { - let result = match name { - "big" => Endian::Big, - "little" => Endian::Little, - _ => return Err(Error), - }; - - Ok(result) - } -} - -impl fmt::Display for Endian { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str(self.as_str()) - } -} - -#[cfg(feature = "serde")] -impl Serialize for Endian { - fn serialize(&self, serializer: S) -> Result { - serializer.serialize_str(self.as_str()) - } -} - -#[cfg(all(feature = "serde", feature = "std"))] -impl<'de> Deserialize<'de> for Endian { - fn deserialize>(deserializer: D) -> Result { - let string = std::string::String::deserialize(deserializer)?; - string.parse().map_err(|_| { - D::Error::custom(std::format!( - "Unrecognized value '{}' for target_endian", - string - )) - }) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/env.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/env.rs deleted file mode 100644 index 6aea2f151a06..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/env.rs +++ /dev/null @@ -1,133 +0,0 @@ -//! Rust target environments - -use crate::error::Error; -use core::{fmt, str::FromStr}; - -#[cfg(feature = "serde")] -use serde::{de, de::Error as DeError, ser, Deserialize, Serialize}; - -/// `target_env`: target environment that disambiguates the target platform by ABI / libc. -/// -/// This value is closely related to the fourth element of the platform target triple, -/// though it is not identical. For example, embedded ABIs such as `gnueabihf` will simply -/// define `target_env` as `"gnu"` (i.e. `target::Env::GNU`) -#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)] -#[non_exhaustive] -pub enum Env { - /// ``: None - None, - - /// `eabihf` - Eabihf, - - /// `gnu`: The GNU C Library (glibc) - Gnu, - - /// `gnueabihf` - Gnueabihf, - - /// `msvc`: Microsoft Visual C(++) - Msvc, - - /// `musl`: Clean, efficient, standards-conformant libc implementation. - Musl, - - /// `newlib` - Newlib, - - /// `nto70` - Nto70, - - /// `nto71` - Nto71, - - /// `ohos` - OhOS, - - /// `psx` - Psx, - - /// `relibc` - Relibc, - - /// `sgx`: Intel Software Guard Extensions (SGX) Enclave - Sgx, - - /// `uclibc`: C library for developing embedded Linux systems - UClibc, -} - -impl Env { - /// String representing this `Env` which matches `#[cfg(target_env)]` - pub fn as_str(self) -> &'static str { - match self { - Env::None => "", - Env::Eabihf => "eabihf", - Env::Gnu => "gnu", - Env::Gnueabihf => "gnueabihf", - Env::Msvc => "msvc", - Env::Musl => "musl", - Env::Newlib => "newlib", - Env::Nto70 => "nto70", - Env::Nto71 => "nto71", - Env::OhOS => "ohos", - Env::Psx => "psx", - Env::Relibc => "relibc", - Env::Sgx => "sgx", - Env::UClibc => "uclibc", - } - } -} - -impl FromStr for Env { - type Err = Error; - - /// Create a new `Env` from the given string - fn from_str(name: &str) -> Result { - let result = match name { - "" => Env::None, - "eabihf" => Env::Eabihf, - "gnu" => Env::Gnu, - "gnueabihf" => Env::Gnueabihf, - "msvc" => Env::Msvc, - "musl" => Env::Musl, - "newlib" => Env::Newlib, - "nto70" => Env::Nto70, - "nto71" => Env::Nto71, - "ohos" => Env::OhOS, - "psx" => Env::Psx, - "relibc" => Env::Relibc, - "sgx" => Env::Sgx, - "uclibc" => Env::UClibc, - _ => return Err(Error), - }; - - Ok(result) - } -} - -impl fmt::Display for Env { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str(self.as_str()) - } -} - -#[cfg(feature = "serde")] -impl Serialize for Env { - fn serialize(&self, serializer: S) -> Result { - serializer.serialize_str(self.as_str()) - } -} - -#[cfg(all(feature = "serde", feature = "std"))] -impl<'de> Deserialize<'de> for Env { - fn deserialize>(deserializer: D) -> Result { - let string = std::string::String::deserialize(deserializer)?; - string.parse().map_err(|_| { - D::Error::custom(std::format!( - "Unrecognized value '{}' for target_env", - string - )) - }) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/os.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/os.rs deleted file mode 100644 index 84d95fe8336a..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/os.rs +++ /dev/null @@ -1,238 +0,0 @@ -//! Operating systems - -use crate::error::Error; -use core::{fmt, str::FromStr}; - -#[cfg(feature = "serde")] -use serde::{de, de::Error as DeError, ser, Deserialize, Serialize}; - -/// `target_os`: Operating system of the target. -/// -/// This value is closely related to the second and third element -/// of the platform target triple, though it is not identical. -#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)] -#[non_exhaustive] -pub enum OS { - /// `aix` - Aix, - - /// `android`: Google's Android mobile operating system - Android, - - /// `cuda`: CUDA parallel computing platform - Cuda, - - /// `dragonfly`: DragonflyBSD - Dragonfly, - - /// `emscripten`: The emscripten JavaScript transpiler - Emscripten, - - /// `espidf` - Espidf, - - /// `freebsd`: The FreeBSD operating system - FreeBSD, - - /// `fuchsia`: Google's next-gen Rust OS - Fuchsia, - - /// `haiku`: Haiku, an open source BeOS clone - Haiku, - - /// `hermit`: HermitCore is a novel unikernel operating system targeting a scalable and predictable runtime behavior for HPC and cloud environments - Hermit, - - /// `horizon` - Horizon, - - /// `hurd` - Hurd, - - /// `illumos`: illumos is a partly free and open-source Unix operating system based on OpenSolaris - IllumOS, - - /// `ios`: Apple's iOS mobile operating system - #[allow(non_camel_case_types)] - iOS, - - /// `l4re` - L4re, - - /// `linux`: Linux - Linux, - - /// `macos`: Apple's Mac OS X - MacOS, - - /// `netbsd`: The NetBSD operating system - NetBSD, - - /// `none` - None, - - /// `nto` - Nto, - - /// `openbsd`: The OpenBSD operating system - OpenBSD, - - /// `psp` - Psp, - - /// `redox`: Redox, a Unix-like OS written in Rust - Redox, - - /// `solaris`: Oracle's (formerly Sun) Solaris operating system - Solaris, - - /// `solid_asp3` - SolidAsp3, - - /// `teeos` - TeeOS, - - /// `tvos` - TvOS, - - /// `uefi` - Uefi, - - /// `unknown` - Unknown, - - /// `vita` - Vita, - - /// `vxworks`: VxWorks is a deterministic, priority-based preemptive RTOS with low latency and minimal jitter - VxWorks, - - /// `wasi`: The WebAssembly System Interface - Wasi, - - /// `watchos` - WatchOS, - - /// `windows`: Microsoft's Windows operating system - Windows, - - /// `xous` - Xous, -} - -impl OS { - /// String representing this `OS` which matches `#[cfg(target_os)]` - pub fn as_str(self) -> &'static str { - match self { - OS::Aix => "aix", - OS::Android => "android", - OS::Cuda => "cuda", - OS::Dragonfly => "dragonfly", - OS::Emscripten => "emscripten", - OS::Espidf => "espidf", - OS::FreeBSD => "freebsd", - OS::Fuchsia => "fuchsia", - OS::Haiku => "haiku", - OS::Hermit => "hermit", - OS::Horizon => "horizon", - OS::Hurd => "hurd", - OS::IllumOS => "illumos", - OS::iOS => "ios", - OS::L4re => "l4re", - OS::Linux => "linux", - OS::MacOS => "macos", - OS::NetBSD => "netbsd", - OS::None => "none", - OS::Nto => "nto", - OS::OpenBSD => "openbsd", - OS::Psp => "psp", - OS::Redox => "redox", - OS::Solaris => "solaris", - OS::SolidAsp3 => "solid_asp3", - OS::TeeOS => "teeos", - OS::TvOS => "tvos", - OS::Uefi => "uefi", - OS::Unknown => "unknown", - OS::Vita => "vita", - OS::VxWorks => "vxworks", - OS::Wasi => "wasi", - OS::WatchOS => "watchos", - OS::Windows => "windows", - OS::Xous => "xous", - } - } -} - -impl FromStr for OS { - type Err = Error; - - /// Create a new `OS` from the given string - fn from_str(name: &str) -> Result { - let result = match name { - "aix" => OS::Aix, - "android" => OS::Android, - "cuda" => OS::Cuda, - "dragonfly" => OS::Dragonfly, - "emscripten" => OS::Emscripten, - "espidf" => OS::Espidf, - "freebsd" => OS::FreeBSD, - "fuchsia" => OS::Fuchsia, - "haiku" => OS::Haiku, - "hermit" => OS::Hermit, - "horizon" => OS::Horizon, - "hurd" => OS::Hurd, - "illumos" => OS::IllumOS, - "ios" => OS::iOS, - "l4re" => OS::L4re, - "linux" => OS::Linux, - "macos" => OS::MacOS, - "netbsd" => OS::NetBSD, - "none" => OS::None, - "nto" => OS::Nto, - "openbsd" => OS::OpenBSD, - "psp" => OS::Psp, - "redox" => OS::Redox, - "solaris" => OS::Solaris, - "solid_asp3" => OS::SolidAsp3, - "teeos" => OS::TeeOS, - "tvos" => OS::TvOS, - "uefi" => OS::Uefi, - "unknown" => OS::Unknown, - "vita" => OS::Vita, - "vxworks" => OS::VxWorks, - "wasi" => OS::Wasi, - "watchos" => OS::WatchOS, - "windows" => OS::Windows, - "xous" => OS::Xous, - _ => return Err(Error), - }; - - Ok(result) - } -} - -impl fmt::Display for OS { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str(self.as_str()) - } -} - -#[cfg(feature = "serde")] -impl Serialize for OS { - fn serialize(&self, serializer: S) -> Result { - serializer.serialize_str(self.as_str()) - } -} - -#[cfg(all(feature = "serde", feature = "std"))] -impl<'de> Deserialize<'de> for OS { - fn deserialize>(deserializer: D) -> Result { - let string = std::string::String::deserialize(deserializer)?; - string.parse().map_err(|_| { - D::Error::custom(std::format!( - "Unrecognized value '{}' for target_os", - string - )) - }) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/pointerwidth.rs b/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/pointerwidth.rs deleted file mode 100644 index 450489e11fe1..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/pointerwidth.rs +++ /dev/null @@ -1,101 +0,0 @@ -//! Pointer width of the target architecture - -use crate::error::Error; -use core::{fmt, str::FromStr}; - -#[cfg(feature = "serde")] -use serde::{de, de::Error as DeError, ser, Deserialize, Serialize}; - -/// `target_pointer_width`: Size of native pointer types (`usize`, `isize`) in bits -/// -/// 64 bits for modern desktops and phones, 32-bits for older devices, 16 bits for certain microcontrollers -#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)] -#[non_exhaustive] -pub enum PointerWidth { - /// `16` - U16, - - /// `32` - U32, - - /// `64` - U64, -} - -impl PointerWidth { - /// String representing this `PointerWidth` which matches `#[cfg(target_pointer_width)]` - pub fn as_str(self) -> &'static str { - match self { - PointerWidth::U16 => "16", - PointerWidth::U32 => "32", - PointerWidth::U64 => "64", - } - } -} - -impl FromStr for PointerWidth { - type Err = Error; - - /// Create a new `PointerWidth` from the given string - fn from_str(name: &str) -> Result { - let result = match name { - "16" => PointerWidth::U16, - "32" => PointerWidth::U32, - "64" => PointerWidth::U64, - _ => return Err(Error), - }; - - Ok(result) - } -} - -use core::convert::TryFrom; - -impl TryFrom for PointerWidth { - type Error = &'static str; - - fn try_from(value: u8) -> Result { - match value { - 64 => Ok(PointerWidth::U64), - 32 => Ok(PointerWidth::U32), - 16 => Ok(PointerWidth::U16), - _ => Err("Invalid pointer width!"), - } - } -} - -impl From for u8 { - fn from(value: PointerWidth) -> Self { - match value { - PointerWidth::U64 => 64, - PointerWidth::U32 => 32, - PointerWidth::U16 => 16, - } - } -} - -impl fmt::Display for PointerWidth { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str(self.as_str()) - } -} - -#[cfg(feature = "serde")] -impl Serialize for PointerWidth { - fn serialize(&self, serializer: S) -> Result { - serializer.serialize_str(self.as_str()) - } -} - -#[cfg(all(feature = "serde", feature = "std"))] -impl<'de> Deserialize<'de> for PointerWidth { - fn deserialize>(deserializer: D) -> Result { - let string = std::string::String::deserialize(deserializer)?; - string.parse().map_err(|_| { - D::Error::custom(std::format!( - "Unrecognized value '{}' for target_pointer_width", - string - )) - }) - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/.cargo_vcs_info.json deleted file mode 100644 index a5216ea08866..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/.cargo_vcs_info.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "git": { - "sha1": "0af331bf4424716a1cd33d188f7a614dad04a3a7" - }, - "path_in_vcs": "signature" -} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/keypair.rs b/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/keypair.rs deleted file mode 100644 index 6d9f947c6443..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/keypair.rs +++ /dev/null @@ -1,17 +0,0 @@ -//! Signing keypairs. - -use crate::Signature; - -/// Signing keypair with an associated verifying key. -/// -/// This represents a type which holds both a signing key and a verifying key. -pub trait Keypair: AsRef { - /// Verifying key type for this keypair. - type VerifyingKey; - - /// Get the verifying key which can verify signatures produced by the - /// signing key portion of this keypair. - fn verifying_key(&self) -> &Self::VerifyingKey { - self.as_ref() - } -} diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/signature.rs b/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/signature.rs deleted file mode 100644 index 29aa0b845623..000000000000 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/signature.rs +++ /dev/null @@ -1,68 +0,0 @@ -//! Signature traits - -use crate::error::Error; -use core::fmt::Debug; - -/// For intra-doc link resolution -#[cfg(feature = "digest-preview")] -#[allow(unused_imports)] -use crate::{ - signer::{DigestSigner, Signer}, - verifier::{DigestVerifier, Verifier}, -}; - -/// Trait impl'd by concrete types that represent digital signatures. -/// -/// Signature types *must* (as mandated by the `AsRef<[u8]>` bound) be a thin -/// wrapper around the "bag-of-bytes" serialized form of a signature which can -/// be directly parsed from or written to the "wire". -/// -/// Inspiration for this approach comes from the Ed25519 signature system, -/// which adopted it based on the observation that past signature systems -/// were not prescriptive about how signatures should be represented -/// on-the-wire, and that lead to a proliferation of different wire formats and -/// confusion about which ones should be used. -/// -/// The [`Signature`] trait aims to provide similar simplicity by minimizing -/// the number of steps involved to obtain a serializable signature and -/// ideally ensuring there is one signature type for any given signature system -/// shared by all "provider" crates. -/// -/// For signature systems which require a more advanced internal representation -/// (e.g. involving decoded scalars or decompressed elliptic curve points) it's -/// recommended that "provider" libraries maintain their own internal signature -/// type and use `From` bounds to provide automatic conversions. -pub trait Signature: AsRef<[u8]> + Debug + Sized { - /// Parse a signature from its byte representation - fn from_bytes(bytes: &[u8]) -> Result; - - /// Borrow a byte slice representing the serialized form of this signature - fn as_bytes(&self) -> &[u8] { - self.as_ref() - } -} - -/// Marker trait for `Signature` types computable as `𝐒(𝐇(𝒎))` -/// i.e. ones which prehash a message to be signed as `𝐇(𝒎)` -/// -/// Where: -/// -/// - `𝐒`: signature algorithm -/// - `𝐇`: hash (a.k.a. digest) function -/// - `𝒎`: message -/// -/// This approach is relatively common in signature schemes based on the -/// [Fiat-Shamir heuristic]. -/// -/// For signature types that implement this trait, when the `derive-preview` -/// Cargo feature is enabled a custom derive for [`Signer`] is available for any -/// types that impl [`DigestSigner`], and likewise for deriving [`Verifier`] for -/// types which impl [`DigestVerifier`]. -/// -/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic -#[cfg(feature = "digest-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))] -pub trait PrehashSignature: Signature { - /// Preferred `Digest` algorithm to use when computing this signature type. - type Digest: digest::Digest; -} diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/.cargo-checksum.json similarity index 100% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/.cargo-checksum.json rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/.cargo-checksum.json diff --git a/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/.cargo_vcs_info.json new file mode 100644 index 000000000000..2230f6e7beeb --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "5adcd4819b380b4aaec2b57c6bf3f2239a109060" + }, + "path_in_vcs": "signature" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/CHANGELOG.md similarity index 80% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/CHANGELOG.md rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/CHANGELOG.md index 86198d54c1bf..3f9d8cd08440 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/CHANGELOG.md +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/CHANGELOG.md @@ -4,6 +4,46 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 2.2.0 (2023-11-12) +### Changed +- MSRV 1.60 ([#1387]) + +### Fixed +- No longer vendoring async/derive crates unintentionally ([#1391]) + +[#1387]: https://github.com/RustCrypto/traits/pull/1387 +[#1391]: https://github.com/RustCrypto/traits/pull/1391 + +## 2.1.0 (2023-04-01) +### Added +- `SignatureEncoding::encoded_len` ([#1283]) + +[#1283]: https://github.com/RustCrypto/traits/pull/1283 + +## 2.0.0 (2023-01-15) +### Added +- `SignatureEncoding` trait as a replacement for `Signature` trait and the + now removed `AsRef<[u8]>` bound on signatures ([#1141]) +- New `Keypair` trait which returns owned keys instead of borrowed ([#1141]) + +### Changed +- `derive-preview` has been renamed to `derive` and stabilized ([#1141]) +- `digest-preview` renamed to `digest`, still unstable ([#1210]) +- `hazmat-preview` feature stabilized and removed, always on ([#1141]) +- `rand-preview` renamed to `rand_core`, still unstable ([#1210]) +- `std` feature is no longer enabled by default ([#1141]) +- Old `Keypair` trait renamed to `KeypairRef` ([#1141]) +- Signature generic parameter removed from `Keypair`/`KeypairRef` ([#1141]) +- Use `&mut impl CryptoRngCore` RNG arguments ([#1147]) + +### Removed +- `Signature` trait - replaced by `SignatureEncoding` ([#1141]) +- `hazmat-preview` feature, now always on ([#1141]) + +[#1141]: https://github.com/RustCrypto/traits/pull/1141 +[#1147]: https://github.com/RustCrypto/traits/pull/1147 +[#1210]: https://github.com/RustCrypto/traits/pull/1141 + ## 1.6.4 (2022-10-06) ### Added - `RandomizedPrehashSigner` trait in `hazmat` module ([#1130]) diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/Cargo.toml similarity index 80% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/Cargo.toml rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/Cargo.toml index fa83ff6a191b..871099e1cf86 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/Cargo.toml +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/Cargo.toml @@ -11,9 +11,9 @@ [package] edition = "2021" -rust-version = "1.56" +rust-version = "1.60" name = "signature" -version = "1.6.4" +version = "2.2.0" authors = ["RustCrypto Developers"] description = "Traits for cryptographic signature algorithms (e.g. ECDSA, Ed25519)" documentation = "https://docs.rs/signature" @@ -39,34 +39,31 @@ rustdoc-args = [ "docsrs", ] +[dependencies.derive] +version = "2" +optional = true +package = "signature_derive" + [dependencies.digest] -version = "0.10.3" +version = "0.10.6" optional = true default-features = false [dependencies.rand_core] -version = "0.6" +version = "0.6.4" optional = true default-features = false -[dependencies.signature_derive] -version = "=1.0.0-pre.7" -optional = true - [dev-dependencies.hex-literal] -version = "0.3" +version = "0.4" [dev-dependencies.sha2] version = "0.10" default-features = false [features] -default = ["std"] -derive-preview = [ - "digest-preview", - "signature_derive", +alloc = [] +std = [ + "alloc", + "rand_core?/std", ] -digest-preview = ["digest"] -hazmat-preview = [] -rand-preview = ["rand_core"] -std = [] diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/Cargo.toml.orig similarity index 53% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/Cargo.toml.orig rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/Cargo.toml.orig index 9235fac31dd5..29353f6c4d37 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/Cargo.toml.orig +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/Cargo.toml.orig @@ -1,36 +1,29 @@ [package] name = "signature" description = "Traits for cryptographic signature algorithms (e.g. ECDSA, Ed25519)" -version = "1.6.4" +version = "2.2.0" authors = ["RustCrypto Developers"] license = "Apache-2.0 OR MIT" documentation = "https://docs.rs/signature" repository = "https://github.com/RustCrypto/traits/tree/master/signature" readme = "README.md" -edition = "2021" -rust-version = "1.56" keywords = ["crypto", "ecdsa", "ed25519", "signature", "signing"] categories = ["cryptography", "no-std"] +edition = "2021" +rust-version = "1.60" [dependencies] -digest = { version = "0.10.3", optional = true, default-features = false } -rand_core = { version = "0.6", optional = true, default-features = false } -signature_derive = { version = "=1.0.0-pre.7", optional = true, path = "derive" } +derive = { package = "signature_derive", version = "2", optional = true, path = "../signature_derive" } +digest = { version = "0.10.6", optional = true, default-features = false } +rand_core = { version = "0.6.4", optional = true, default-features = false } [dev-dependencies] -hex-literal = "0.3" +hex-literal = "0.4" sha2 = { version = "0.10", default-features = false } [features] -default = ["std"] -std = [] - -# Preview features are unstable and exempt from semver. -# See https://docs.rs/signature/latest/signature/#unstable-features for more information. -derive-preview = ["digest-preview", "signature_derive"] -digest-preview = ["digest"] -hazmat-preview = [] -rand-preview = ["rand_core"] +alloc = [] +std = ["alloc", "rand_core?/std"] [package.metadata.docs.rs] all-features = true diff --git a/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/LICENSE-APACHE b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/LICENSE-APACHE new file mode 100644 index 000000000000..78173fa2e753 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/LICENSE-MIT b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/LICENSE-MIT similarity index 95% rename from third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/LICENSE-MIT rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/LICENSE-MIT index 81a3d57ac3de..d8d87fe2997c 100644 --- a/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/LICENSE-MIT +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/LICENSE-MIT @@ -1,4 +1,4 @@ -Copyright (c) 2018-2022 RustCrypto Developers +Copyright (c) 2018-2023 RustCrypto Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/README.md b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/README.md similarity index 59% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/README.md rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/README.md index a1a6fa4aee3f..5e1100301de8 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/README.md +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/README.md @@ -1,4 +1,4 @@ -# RustCrypto: Digital Signature Algorithms +# [RustCrypto]: Digital Signature Algorithms [![crate][crate-image]][crate-link] [![Docs][docs-image]][docs-link] @@ -8,20 +8,16 @@ [![Project Chat][chat-image]][chat-link] This crate contains traits which provide generic, object-safe APIs for -generating and verifying [digital signatures][1]. +generating and verifying [digital signatures]. -Used by the [`ecdsa`][2] and [`ed25519`][3] crates, with forthcoming support -in the [`rsa`][4] crate. - -See also the [Signatory][5] crate for trait wrappers for using these traits -with many popular Rust cryptography crates, including `ed25519-dalek`, *ring*, -`secp256k1-rs`, and `sodiumoxide`. +Used by the [`dsa`], [`ecdsa`], [`ed25519`], and [`rsa`] crates maintained by +the [RustCrypto] organization, as well as [`ed25519-dalek`]. [Documentation][docs-link] ## Minimum Supported Rust Version -Rust **1.56** or higher. +Rust **1.60** or higher. Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump. @@ -30,10 +26,11 @@ done with a minor version bump. - All on-by-default features of this library are covered by SemVer - MSRV is considered exempt from SemVer as noted above -- The off-by-default features `derive-preview` and `digest-preview` are - unstable "preview" features which are also considered exempt from SemVer. - Breaking changes to these features will, like MSRV, be done with a minor - version bump. +- The `derive` feature is stable and covered by SemVer +- The off-by-default features `digest` and `rand_core` are unstable features + which are also considered exempt from SemVer as they correspond to pre-1.0 + crates which are still subject to changes. Breaking changes to these features + will, like MSRV, be done with a minor version bump. ## License @@ -59,14 +56,16 @@ dual licensed as above, without any additional terms or conditions. [build-image]: https://github.com/RustCrypto/traits/actions/workflows/signature.yml/badge.svg [build-link]: https://github.com/RustCrypto/traits/actions/workflows/signature.yml [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260048-signatures -[//]: # (general links) +[//]: # (links) -[1]: https://en.wikipedia.org/wiki/Digital_signature -[2]: https://github.com/RustCrypto/signatures/tree/master/ecdsa -[3]: https://github.com/RustCrypto/signatures/tree/master/ed25519 -[4]: https://github.com/RustCrypto/RSA -[5]: https://docs.rs/signatory +[RustCrypto]: https://github.com/RustCrypto/ +[digital signatures]: https://en.wikipedia.org/wiki/Digital_signature +[`dsa`]: https://github.com/RustCrypto/signatures/tree/master/dsa +[`ecdsa`]: https://github.com/RustCrypto/signatures/tree/master/ecdsa +[`ed25519`]: https://github.com/RustCrypto/signatures/tree/master/ed25519 +[`ed25519-dalek`]: https://github.com/dalek-cryptography/ed25519-dalek +[`rsa`]: https://github.com/RustCrypto/RSA diff --git a/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/encoding.rs b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/encoding.rs new file mode 100644 index 000000000000..8bc475b01886 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/encoding.rs @@ -0,0 +1,31 @@ +//! Encoding support. + +#[cfg(feature = "alloc")] +use alloc::vec::Vec; + +/// Support for decoding/encoding signatures as bytes. +pub trait SignatureEncoding: + Clone + Sized + for<'a> TryFrom<&'a [u8]> + TryInto +{ + /// Byte representation of a signature. + type Repr: 'static + AsRef<[u8]> + Clone + Send + Sync; + + /// Encode signature as its byte representation. + fn to_bytes(&self) -> Self::Repr { + self.clone() + .try_into() + .ok() + .expect("signature encoding error") + } + + /// Encode signature as a byte vector. + #[cfg(feature = "alloc")] + fn to_vec(&self) -> Vec { + self.to_bytes().as_ref().to_vec() + } + + /// Get the length of this signature when encoded. + fn encoded_len(&self) -> usize { + self.to_bytes().as_ref().len() + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/error.rs b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/error.rs similarity index 90% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/error.rs rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/error.rs index 06e22d527d2e..6518f17b85a5 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/error.rs +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/error.rs @@ -22,11 +22,8 @@ pub type Result = core::result::Result; /// /// [BB'06]: https://en.wikipedia.org/wiki/Daniel_Bleichenbacher #[derive(Default)] +#[non_exhaustive] pub struct Error { - /// Prevent from being instantiated as `Error {}` when the `std` feature - /// is disabled - _private: (), - /// Source of the error (if applicable). #[cfg(feature = "std")] source: Option>, @@ -45,12 +42,10 @@ impl Error { /// cases are for propagating errors related to external signers, e.g. /// communication/authentication errors with HSMs, KMS, etc. #[cfg(feature = "std")] - #[cfg_attr(docsrs, doc(cfg(feature = "std")))] pub fn from_source( source: impl Into>, ) -> Self { Self { - _private: (), source: Some(source.into()), } } @@ -98,6 +93,19 @@ impl From> for Error { } } +#[cfg(feature = "rand_core")] +impl From for Error { + #[cfg(not(feature = "std"))] + fn from(_source: rand_core::Error) -> Error { + Error::new() + } + + #[cfg(feature = "std")] + fn from(source: rand_core::Error) -> Error { + Error::from_source(source) + } +} + #[cfg(feature = "std")] impl std::error::Error for Error { fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/hazmat.rs b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/hazmat.rs similarity index 80% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/hazmat.rs rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/hazmat.rs index 8119225c63fe..d2f3e9523554 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/hazmat.rs +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/hazmat.rs @@ -5,18 +5,14 @@ //! //! Using them incorrectly can introduce security vulnerabilities. Please //! carefully read the documentation before attempting to use them. -//! -//! To use them, enable the `hazmat-preview` crate feature. Note that this -//! feature is semi-unstable and not subject to regular 1.x SemVer guarantees. -//! However, any breaking changes will be accompanied with a minor version bump. -use crate::{Error, Signature}; +use crate::Error; -#[cfg(feature = "rand-preview")] -use crate::rand_core::{CryptoRng, RngCore}; +#[cfg(feature = "rand_core")] +use crate::rand_core::CryptoRngCore; /// Sign the provided message prehash, returning a digital signature. -pub trait PrehashSigner { +pub trait PrehashSigner { /// Attempt to sign the given message digest, returning a digital signature /// on success, or an error if something went wrong. /// @@ -33,9 +29,8 @@ pub trait PrehashSigner { } /// Sign the provided message prehash using the provided external randomness source, returning a digital signature. -#[cfg(feature = "rand-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))] -pub trait RandomizedPrehashSigner { +#[cfg(feature = "rand_core")] +pub trait RandomizedPrehashSigner { /// Attempt to sign the given message digest, returning a digital signature /// on success, or an error if something went wrong. /// @@ -50,13 +45,13 @@ pub trait RandomizedPrehashSigner { /// implementation to decide. fn sign_prehash_with_rng( &self, - rng: impl CryptoRng + RngCore, + rng: &mut impl CryptoRngCore, prehash: &[u8], ) -> Result; } /// Verify the provided message prehash using `Self` (e.g. a public key) -pub trait PrehashVerifier { +pub trait PrehashVerifier { /// Use `Self` to verify that the provided signature for a given message /// `prehash` is authentic. /// diff --git a/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/keypair.rs b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/keypair.rs new file mode 100644 index 000000000000..d4795f2f9b3c --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/keypair.rs @@ -0,0 +1,29 @@ +//! Signing keypairs. + +/// Signing keypair with an associated verifying key. +/// +/// This represents a type which holds both a signing key and a verifying key. +pub trait Keypair { + /// Verifying key type for this keypair. + type VerifyingKey: Clone; + + /// Get the verifying key which can verify signatures produced by the + /// signing key portion of this keypair. + fn verifying_key(&self) -> Self::VerifyingKey; +} + +/// Signing keypair with an associated verifying key. +/// +/// This represents a type which holds both a signing key and a verifying key. +pub trait KeypairRef: AsRef { + /// Verifying key type for this keypair. + type VerifyingKey: Clone; +} + +impl Keypair for K { + type VerifyingKey = ::VerifyingKey; + + fn verifying_key(&self) -> Self::VerifyingKey { + self.as_ref().clone() + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/lib.rs similarity index 57% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/lib.rs rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/lib.rs index ab504c2ac642..c90f5cc8a684 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/lib.rs +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/lib.rs @@ -4,9 +4,16 @@ html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg" )] -#![cfg_attr(docsrs, feature(doc_cfg))] +#![cfg_attr(docsrs, feature(doc_auto_cfg))] #![forbid(unsafe_code)] -#![warn(missing_docs, rust_2018_idioms, unused_qualifications)] +#![warn( + clippy::mod_module_files, + clippy::unwrap_used, + missing_docs, + rust_2018_idioms, + unused_lifetimes, + unused_qualifications +)] //! # Design //! @@ -43,24 +50,14 @@ //! ## Implementation //! //! To accomplish the above goals, the [`Signer`] and [`Verifier`] traits -//! provided by this are generic over a [`Signature`] return value, and use -//! generic parameters rather than associated types. Notably, they use such -//! a parameter for the return value, allowing it to be inferred by the type -//! checker based on the desired signature type. -//! -//! The [`Signature`] trait is bounded on `AsRef<[u8]>`, enforcing that -//! signature types are thin wrappers around a "bag-of-bytes" -//! serialization. Inspiration for this approach comes from the Ed25519 -//! signature system, which was based on the observation that past -//! systems were not prescriptive about how signatures should be represented -//! on-the-wire, and that lead to a proliferation of different wire formats -//! and confusion about which ones should be used. This crate aims to provide -//! similar simplicity by minimizing the number of steps involved to obtain -//! a serializable signature. +//! provided by this are generic over a signature value, and use generic +//! parameters rather than associated types. Notably, they use such a parameter +//! for the return value, allowing it to be inferred by the type checker based +//! on the desired signature type. //! //! ## Alternatives considered //! -//! This crate is based on over two years of exploration of how to encapsulate +//! This crate is based on many years of exploration of how to encapsulate //! digital signature systems in the most flexible, developer-friendly way. //! During that time many design alternatives were explored, tradeoffs //! compared, and ultimately the provided API was selected. @@ -73,10 +70,7 @@ //! - "Bag-of-bytes" serialization precludes signature providers from using //! their own internal representation of a signature, which can be helpful //! for many reasons (e.g. advanced signature system features like batch -//! verification). Alternatively each provider could define its own signature -//! type, using a marker trait to identify the particular signature algorithm, -//! have `From` impls for converting to/from `[u8; N]`, and a marker trait -//! for identifying a specific signature algorithm. +//! verification). //! - Associated types, rather than generic parameters of traits, could allow //! more customization of the types used by a particular signature system, //! e.g. using custom error types. @@ -98,18 +92,17 @@ //! and compiler errors, and in our experience makes them unsuitable for this //! sort of API. We believe such an API is the natural one for signature //! systems, reflecting the natural way they are written absent a trait. -//! - Associated types preclude multiple (or generic) implementations of the -//! same trait. These parameters are common in signature systems, notably -//! ones which support different digest algorithms. +//! - Associated types preclude multiple implementations of the same trait. +//! These parameters are common in signature systems, notably ones which +//! support different serializations of a signature (e.g. raw vs ASN.1). //! - Digital signatures are almost always larger than the present 32-entry -//! trait impl limitation on array types, which complicates trait signatures +//! trait impl limitation on array types, which complicates bounds //! for these types (particularly things like `From` or `Borrow` bounds). -//! This may be more interesting to explore after const generics. //! //! ## Unstable features //! -//! Despite being post-1.0, this crate includes a number of off-by-default -//! unstable features named `*-preview`, each of which depends on a pre-1.0 +//! Despite being post-1.0, this crate includes off-by-default unstable +//! optional features, each of which depends on a pre-1.0 //! crate. //! //! These features are considered exempt from SemVer. See the @@ -117,21 +110,12 @@ //! //! The following unstable features are presently supported: //! -//! - `derive-preview`: for implementers of signature systems using -//! [`DigestSigner`] and [`DigestVerifier`], the `derive-preview` feature -//! can be used to derive [`Signer`] and [`Verifier`] traits which prehash -//! the input message using the [`PrehashSignature::Digest`] algorithm for -//! a given [`Signature`] type. When the `derive-preview` feature is enabled -//! import the proc macros with `use signature::{Signer, Verifier}` and then -//! add a `derive(Signer)` or `derive(Verifier)` attribute to the given -//! digest signer/verifier type. Enabling this feature also enables `digest` -//! support (see immediately below). -//! - `digest-preview`: enables the [`DigestSigner`] and [`DigestVerifier`] +//! - `digest`: enables the [`DigestSigner`] and [`DigestVerifier`] //! traits which are based on the [`Digest`] trait from the [`digest`] crate. //! These traits are used for representing signature systems based on the //! [Fiat-Shamir heuristic] which compute a random challenge value to sign //! by computing a cryptographically secure digest of the input message. -//! - `rand-preview`: enables the [`RandomizedSigner`] trait for signature +//! - `rand_core`: enables the [`RandomizedSigner`] trait for signature //! systems which rely on a cryptographically secure random number generator //! for security. //! @@ -143,53 +127,32 @@ //! [`Digest`]: https://docs.rs/digest/latest/digest/trait.Digest.html //! [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic +#[cfg(feature = "alloc")] +extern crate alloc; #[cfg(feature = "std")] extern crate std; -#[cfg(all(feature = "signature_derive", not(feature = "derive-preview")))] -compile_error!( - "The `signature_derive` feature should not be enabled directly. \ - Use the `derive-preview` feature instead." -); - -#[cfg(all(feature = "digest", not(feature = "digest-preview")))] -compile_error!( - "The `digest` feature should not be enabled directly. \ - Use the `digest-preview` feature instead." -); - -#[cfg(all(feature = "rand_core", not(feature = "rand-preview")))] -compile_error!( - "The `rand_core` feature should not be enabled directly. \ - Use the `rand-preview` feature instead." -); - -#[cfg(feature = "hazmat-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "hazmat-preview")))] pub mod hazmat; +mod encoding; mod error; mod keypair; -mod signature; mod signer; mod verifier; -#[cfg(feature = "derive-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "derive-preview")))] -pub use signature_derive::{Signer, Verifier}; +#[cfg(feature = "digest")] +mod prehash_signature; -#[cfg(all(feature = "derive-preview", feature = "digest-preview"))] -#[cfg_attr( - docsrs, - doc(cfg(all(feature = "derive-preview", feature = "digest-preview"))) -)] -pub use signature_derive::{DigestSigner, DigestVerifier}; +pub use crate::{encoding::*, error::*, keypair::*, signer::*, verifier::*}; -#[cfg(feature = "digest-preview")] -pub use digest; +#[cfg(feature = "derive")] +pub use derive::{Signer, Verifier}; -#[cfg(feature = "rand-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))] -pub use rand_core; +#[cfg(all(feature = "derive", feature = "digest"))] +pub use derive::{DigestSigner, DigestVerifier}; -pub use crate::{error::*, keypair::*, signature::*, signer::*, verifier::*}; +#[cfg(feature = "digest")] +pub use {crate::prehash_signature::*, digest}; + +#[cfg(feature = "rand_core")] +pub use rand_core; diff --git a/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/prehash_signature.rs b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/prehash_signature.rs new file mode 100644 index 000000000000..d9a86456def3 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/prehash_signature.rs @@ -0,0 +1,31 @@ +//! `PrehashSignature` trait. + +/// For intra-doc link resolution. +#[allow(unused_imports)] +use crate::{ + signer::{DigestSigner, Signer}, + verifier::{DigestVerifier, Verifier}, +}; + +/// Marker trait for `Signature` types computable as `𝐒(𝐇(𝒎))` +/// i.e. ones which prehash a message to be signed as `𝐇(𝒎)` +/// +/// Where: +/// +/// - `𝐒`: signature algorithm +/// - `𝐇`: hash (a.k.a. digest) function +/// - `𝒎`: message +/// +/// This approach is relatively common in signature schemes based on the +/// [Fiat-Shamir heuristic]. +/// +/// For signature types that implement this trait, when the `derive` crate +/// feature is enabled a custom derive for [`Signer`] is available for any +/// types that impl [`DigestSigner`], and likewise for deriving [`Verifier`] for +/// types which impl [`DigestVerifier`]. +/// +/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic +pub trait PrehashSignature { + /// Preferred `Digest` algorithm to use when computing this signature type. + type Digest: digest::Digest; +} diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/signer.rs b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/signer.rs similarity index 74% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/signer.rs rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/signer.rs index c025711fe5c9..b339ddf595cc 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/signer.rs +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/signer.rs @@ -1,16 +1,16 @@ //! Traits for generating digital signatures -use crate::{error::Error, Signature}; +use crate::error::Error; -#[cfg(feature = "digest-preview")] +#[cfg(feature = "digest")] use crate::digest::Digest; -#[cfg(feature = "rand-preview")] -use crate::rand_core::{CryptoRng, RngCore}; +#[cfg(feature = "rand_core")] +use crate::rand_core::CryptoRngCore; /// Sign the provided message bytestring using `Self` (e.g. a cryptographic key /// or connection to an HSM), returning a digital signature. -pub trait Signer { +pub trait Signer { /// Sign the given message and return a digital signature fn sign(&self, msg: &[u8]) -> S { self.try_sign(msg).expect("signature operation failed") @@ -24,10 +24,11 @@ pub trait Signer { fn try_sign(&self, msg: &[u8]) -> Result; } -/// Sign the provided message bytestring using `&mut Self` (e.g., an evolving -/// cryptographic key), returning a digital signature. -pub trait SignerMut { - /// Sign the given message, update the state, and return a digital signature +/// Sign the provided message bytestring using `&mut Self` (e.g. an evolving +/// cryptographic key such as a stateful hash-based signature), returning a +/// digital signature. +pub trait SignerMut { + /// Sign the given message, update the state, and return a digital signature. fn sign(&mut self, msg: &[u8]) -> S { self.try_sign(msg).expect("signature operation failed") } @@ -40,12 +41,8 @@ pub trait SignerMut { fn try_sign(&mut self, msg: &[u8]) -> Result; } -// Blanket impl of SignerMut for all Signer types -impl SignerMut for T -where - T: Signer, - S: Signature, -{ +/// Blanket impl of [`SignerMut`] for all [`Signer`] types. +impl> SignerMut for T { fn try_sign(&mut self, msg: &[u8]) -> Result { T::try_sign(self, msg) } @@ -70,13 +67,8 @@ where /// API accepts a [`Digest`] instance, rather than a raw digest value. /// /// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic -#[cfg(feature = "digest-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))] -pub trait DigestSigner -where - D: Digest, - S: Signature, -{ +#[cfg(feature = "digest")] +pub trait DigestSigner { /// Sign the given prehashed message [`Digest`], returning a signature. /// /// Panics in the event of a signing error. @@ -91,11 +83,10 @@ where } /// Sign the given message using the provided external randomness source. -#[cfg(feature = "rand-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))] -pub trait RandomizedSigner { +#[cfg(feature = "rand_core")] +pub trait RandomizedSigner { /// Sign the given message and return a digital signature - fn sign_with_rng(&self, rng: impl CryptoRng + RngCore, msg: &[u8]) -> S { + fn sign_with_rng(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> S { self.try_sign_with_rng(rng, msg) .expect("signature operation failed") } @@ -105,32 +96,23 @@ pub trait RandomizedSigner { /// /// The main intended use case for signing errors is when communicating /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens. - fn try_sign_with_rng(&self, rng: impl CryptoRng + RngCore, msg: &[u8]) -> Result; + fn try_sign_with_rng(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> Result; } /// Combination of [`DigestSigner`] and [`RandomizedSigner`] with support for /// computing a signature over a digest which requires entropy from an RNG. -#[cfg(all(feature = "digest-preview", feature = "rand-preview"))] -#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))] -#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))] -pub trait RandomizedDigestSigner -where - D: Digest, - S: Signature, -{ +#[cfg(all(feature = "digest", feature = "rand_core"))] +pub trait RandomizedDigestSigner { /// Sign the given prehashed message `Digest`, returning a signature. /// /// Panics in the event of a signing error. - fn sign_digest_with_rng(&self, rng: impl CryptoRng + RngCore, digest: D) -> S { + fn sign_digest_with_rng(&self, rng: &mut impl CryptoRngCore, digest: D) -> S { self.try_sign_digest_with_rng(rng, digest) .expect("signature operation failed") } /// Attempt to sign the given prehashed message `Digest`, returning a /// digital signature on success, or an error if something went wrong. - fn try_sign_digest_with_rng( - &self, - rng: impl CryptoRng + RngCore, - digest: D, - ) -> Result; + fn try_sign_digest_with_rng(&self, rng: &mut impl CryptoRngCore, digest: D) + -> Result; } diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/verifier.rs b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/verifier.rs similarity index 84% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/verifier.rs rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/verifier.rs index 4d6efbc2bdae..65409a9296e1 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/verifier.rs +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/verifier.rs @@ -1,12 +1,12 @@ //! Trait for verifying digital signatures -use crate::{error::Error, Signature}; +use crate::error::Error; -#[cfg(feature = "digest-preview")] +#[cfg(feature = "digest")] use crate::digest::Digest; /// Verify the provided message bytestring using `Self` (e.g. a public key) -pub trait Verifier { +pub trait Verifier { /// Use `Self` to verify that the provided signature for a given message /// bytestring is authentic. /// @@ -34,13 +34,8 @@ pub trait Verifier { /// API accepts a [`Digest`] instance, rather than a raw digest value. /// /// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic -#[cfg(feature = "digest-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))] -pub trait DigestVerifier -where - D: Digest, - S: Signature, -{ +#[cfg(feature = "digest")] +pub trait DigestVerifier { /// Verify the signature against the given [`Digest`] output. fn verify_digest(&self, digest: D, signature: &S) -> Result<(), Error>; } diff --git a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/tests/derive.rs b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/tests/derive.rs similarity index 69% rename from third_party/rust/chromium_crates_io/vendor/signature-1.6.4/tests/derive.rs rename to third_party/rust/chromium_crates_io/vendor/signature-2.2.0/tests/derive.rs index 5048dc68298b..b54eec8231f1 100644 --- a/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/tests/derive.rs +++ b/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/tests/derive.rs @@ -1,13 +1,13 @@ //! Tests for code generated by `signature_derive` -#![cfg(all(feature = "derive-preview", feature = "hazmat-preview"))] +#![cfg(all(feature = "derive", feature = "digest"))] use digest::{generic_array::GenericArray, Digest, OutputSizeUser}; use hex_literal::hex; use sha2::Sha256; use signature::{ hazmat::{PrehashSigner, PrehashVerifier}, - DigestSigner, DigestVerifier, Error, PrehashSignature, Signature, Signer, Verifier, + DigestSigner, DigestVerifier, Error, PrehashSignature, SignatureEncoding, Signer, Verifier, }; /// Test vector to compute SHA-256 digest of @@ -17,26 +17,32 @@ const INPUT_STRING: &[u8] = b"abc"; const INPUT_STRING_DIGEST: [u8; 32] = hex!("ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad"); +type Repr = GenericArray::OutputSize>; + /// Dummy signature which just contains a digest output -#[derive(Debug)] -struct DummySignature(GenericArray::OutputSize>); - -impl Signature for DummySignature { - fn from_bytes(bytes: &[u8]) -> Result { - Ok(DummySignature(GenericArray::clone_from_slice( - bytes.as_ref(), - ))) - } +#[derive(Clone, Debug)] +struct DummySignature(Repr); + +impl PrehashSignature for DummySignature { + type Digest = Sha256; } -impl AsRef<[u8]> for DummySignature { - fn as_ref(&self) -> &[u8] { - self.0.as_ref() +impl SignatureEncoding for DummySignature { + type Repr = Repr; +} + +impl TryFrom<&[u8]> for DummySignature { + type Error = Error; + + fn try_from(bytes: &[u8]) -> Result { + Ok(DummySignature(GenericArray::clone_from_slice(bytes))) } } -impl PrehashSignature for DummySignature { - type Digest = Sha256; +impl From for Repr { + fn from(sig: DummySignature) -> Repr { + sig.0 + } } /// Dummy signer which just returns the message digest as a `DummySignature` @@ -45,7 +51,7 @@ struct DummySigner {} impl PrehashSigner for DummySigner { fn sign_prehash(&self, prehash: &[u8]) -> signature::Result { - DummySignature::from_bytes(prehash) + DummySignature::try_from(prehash) } } @@ -58,7 +64,7 @@ struct DummyVerifier {} impl PrehashVerifier for DummyVerifier { fn verify_prehash(&self, prehash: &[u8], signature: &DummySignature) -> signature::Result<()> { - assert_eq!(signature.as_ref(), prehash); + assert_eq!(signature.to_bytes().as_slice(), prehash); Ok(()) } } @@ -66,7 +72,7 @@ impl PrehashVerifier for DummyVerifier { #[test] fn derived_signer_impl() { let sig: DummySignature = DummySigner::default().sign(INPUT_STRING); - assert_eq!(sig.as_ref(), INPUT_STRING_DIGEST.as_ref()) + assert_eq!(sig.to_bytes().as_slice(), INPUT_STRING_DIGEST.as_ref()) } #[test] diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/.cargo-checksum.json b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/.cargo-checksum.json new file mode 100644 index 000000000000..697c9ce2fbb4 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/.cargo-checksum.json @@ -0,0 +1 @@ +{"files":{}} diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/.cargo_vcs_info.json b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/.cargo_vcs_info.json new file mode 100644 index 000000000000..a390d723b2cc --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/.cargo_vcs_info.json @@ -0,0 +1,6 @@ +{ + "git": { + "sha1": "15ea461dc3484d48710deed932e4d3d9052c1f9b" + }, + "path_in_vcs": "spki" +} \ No newline at end of file diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/CHANGELOG.md b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/CHANGELOG.md new file mode 100644 index 000000000000..cf3722ddee06 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/CHANGELOG.md @@ -0,0 +1,152 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## 0.7.3 (2023-11-28) +### Added +- public key to `SubjectPublicKeyInfoOwned` helper ([#1269]) + +[#1269]: https://github.com/RustCrypto/formats/pull/1269 + +## 0.7.2 (2023-05-04) + +### Added +- `AlgorithmIdentifierWithOid` trait ([#986]) +- `SignatureBitStringEncoding` trait ([#1047]) + +### Changed +- Bump `hex-literal` to v0.4.1 ([#999]) + +[#986]: https://github.com/RustCrypto/formats/pull/986 +[#999]: https://github.com/RustCrypto/formats/pull/999 +[#1047]: https://github.com/RustCrypto/formats/pull/1047 + + +## 0.7.1 (2023-04-04) +### Added +- `AssociatedAlgorithmIdentifier` trait ([#962], [#966]) +- `DynAssociatedAlgorithmIdentifier` trait ([#962]) +- `SignatureAlgorithmIdentifier` trait ([#967]) +- `DynSignatureAlgorithmIdentifier` trait ([#967]) + +### Changed +- Bump `der` dependency to v0.7.2 ([#979]) + +[#962]: https://github.com/RustCrypto/formats/pull/962 +[#966]: https://github.com/RustCrypto/formats/pull/966 +[#967]: https://github.com/RustCrypto/formats/pull/967 +[#979]: https://github.com/RustCrypto/formats/pull/979 + +## 0.7.0 (2023-02-26) +### Changed +- Make `AlgorithmIdentifier` generic around `Params` ([#769]) +- Use blanket impls for `Decode*` traits ([#785]) +- Make `SubjectPublicKeyInfo` own the public key ([#790]) +- Rename `to_owned` method ([#835]) +- Bump `der` dependency to v0.7 ([#899]) + +[#769]: https://github.com/RustCrypto/formats/pull/769 +[#785]: https://github.com/RustCrypto/formats/pull/785 +[#790]: https://github.com/RustCrypto/formats/pull/790 +[#835]: https://github.com/RustCrypto/formats/pull/835 +[#899]: https://github.com/RustCrypto/formats/pull/899 + +## 0.6.0 (2022-05-08) +### Added +- `AlgorithmIdentifier::oids()` helper function ([#443]) +- Impl `PartialOrd` for `AlgorithmIdentifier` ([#476]) +- Impl `DecodeValue` for `AlgorithmIdentifier` ([#449]) +- Impl `ValueOrd` for `SubjectPublicKeyInfo` ([#522]) + +### Changed +- Replace `PublicKeyDocument` with `der` crate's `Document` type ([#571]) +- Streaming fingerprint builder ([#616]) +- Bump `der` crate dependency to v0.6 ([#653]) + +### Removed +- `PublicKeyDocument` ([#571]) + +[#443]: https://github.com/RustCrypto/formats/pull/443 +[#449]: https://github.com/RustCrypto/formats/pull/449 +[#476]: https://github.com/RustCrypto/formats/pull/476 +[#522]: https://github.com/RustCrypto/formats/pull/522 +[#571]: https://github.com/RustCrypto/formats/pull/571 +[#616]: https://github.com/RustCrypto/formats/pull/616 +[#653]: https://github.com/RustCrypto/formats/pull/653 + +## 0.5.4 (2022-01-05) +### Added +- `Error::KeyMalformed` variant ([#318]) + +[#318]: https://github.com/RustCrypto/formats/pull/318 + +## 0.5.3 (2021-12-19) +### Added +- Impl `ValueOrd` for `AlgorithmIdentifier` ([#289]) + +[#289]: https://github.com/RustCrypto/formats/pull/289 + +## 0.5.2 (2021-11-17) +### Changed +- Relax `base64ct` version requirement to `^1` ([#239]) + +[#239]: https://github.com/RustCrypto/formats/pull/239 + +## 0.5.1 (2021-11-17) +### Changed +- Replace `from_spki` with `TryFrom` ([#231]) + +[#231]: https://github.com/RustCrypto/formats/pull/231 + +## 0.5.0 (2021-11-15) [YANKED] +### Added +- SPKI fingerprint support ([#36]) +- `PublicKeyDocument` type originally from `pkcs8` crate ([#118]) +- `Error` type ([#143]) + +### Changed +- Rename `From/ToPublicKey` => `DecodePublicKey`/`EncodePublicKey` ([#119]) +- Use `der::Document` to impl `PublicKeyDocument` ([#134]) +- Rust 2021 edition upgrade; MSRV 1.56 ([#136]) +- Bump `der` dependency to v0.5 ([#222]) + +[#36]: https://github.com/RustCrypto/formats/pull/36 +[#118]: https://github.com/RustCrypto/formats/pull/118 +[#119]: https://github.com/RustCrypto/formats/pull/119 +[#134]: https://github.com/RustCrypto/formats/pull/134 +[#136]: https://github.com/RustCrypto/formats/pull/136 +[#143]: https://github.com/RustCrypto/formats/pull/143 +[#222]: https://github.com/RustCrypto/formats/pull/222 + +## 0.4.1 (2021-09-14) +### Changed +- Moved to `formats` repo ([#2]) + +[#2]: https://github.com/RustCrypto/formats/pull/2 + +## 0.4.0 (2021-06-07) +### Added +- `AlgorithmIdentifier::assert_oids` + +### Changed +- Bump `der` to v0.4 + +## 0.3.0 (2021-03-22) +### Changed +- Bump `der` to v0.3 + +### Removed +- `AlgorithmParameters` enum + +## 0.2.1 (2021-02-22) +### Added +- Impl `Choice` for `AlgorithmParameters` + +## 0.2.0 (2021-02-18) +### Changed +- Return `Result` from `AlgorithmIdentifier::params_*` + +## 0.1.0 (2021-02-16) +- Initial release diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/Cargo.toml b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/Cargo.toml new file mode 100644 index 000000000000..1c7f3054445e --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/Cargo.toml @@ -0,0 +1,87 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +edition = "2021" +rust-version = "1.65" +name = "spki" +version = "0.7.3" +authors = ["RustCrypto Developers"] +description = """ +X.509 Subject Public Key Info (RFC5280) describing public keys as well as their +associated AlgorithmIdentifiers (i.e. OIDs) +""" +readme = "README.md" +keywords = [ + "crypto", + "x509", +] +categories = [ + "cryptography", + "data-structures", + "encoding", + "no-std", +] +license = "Apache-2.0 OR MIT" +repository = "https://github.com/RustCrypto/formats/tree/master/spki" + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = [ + "--cfg", + "docsrs", +] + +[dependencies.arbitrary] +version = "1.2" +features = ["derive"] +optional = true + +[dependencies.base64ct] +version = "1" +optional = true +default-features = false + +[dependencies.der] +version = "0.7.2" +features = ["oid"] + +[dependencies.sha2] +version = "0.10" +optional = true +default-features = false + +[dev-dependencies.hex-literal] +version = "0.4" + +[dev-dependencies.tempfile] +version = "3" + +[features] +alloc = [ + "base64ct?/alloc", + "der/alloc", +] +arbitrary = [ + "std", + "dep:arbitrary", + "der/arbitrary", +] +base64 = ["dep:base64ct"] +fingerprint = ["sha2"] +pem = [ + "alloc", + "der/pem", +] +std = [ + "der/std", + "alloc", +] diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/Cargo.toml.orig b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/Cargo.toml.orig new file mode 100644 index 000000000000..e9e268731237 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/Cargo.toml.orig @@ -0,0 +1,40 @@ +[package] +name = "spki" +version = "0.7.3" +description = """ +X.509 Subject Public Key Info (RFC5280) describing public keys as well as their +associated AlgorithmIdentifiers (i.e. OIDs) +""" +authors = ["RustCrypto Developers"] +license = "Apache-2.0 OR MIT" +repository = "https://github.com/RustCrypto/formats/tree/master/spki" +categories = ["cryptography", "data-structures", "encoding", "no-std"] +keywords = ["crypto", "x509"] +readme = "README.md" +edition = "2021" +rust-version = "1.65" + +[dependencies] +der = { version = "0.7.2", features = ["oid"] } + +# Optional dependencies +arbitrary = { version = "1.2", features = ["derive"], optional = true } +base64ct = { version = "1", optional = true, default-features = false } +sha2 = { version = "0.10", optional = true, default-features = false } + +[dev-dependencies] +hex-literal = "0.4" +tempfile = "3" + +[features] +alloc = ["base64ct?/alloc", "der/alloc"] +std = ["der/std", "alloc"] + +arbitrary = ["std", "dep:arbitrary", "der/arbitrary"] +base64 = ["dep:base64ct"] +fingerprint = ["sha2"] +pem = ["alloc", "der/pem"] + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = ["--cfg", "docsrs"] diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/LICENSE-APACHE b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/LICENSE-APACHE new file mode 100644 index 000000000000..78173fa2e753 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/LICENSE-MIT b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/LICENSE-MIT new file mode 100644 index 000000000000..3294d74345ef --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/LICENSE-MIT @@ -0,0 +1,25 @@ +Copyright (c) 2021-2023 The RustCrypto Project Developers + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/README.md b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/README.md new file mode 100644 index 000000000000..4ac8554bfb8c --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/README.md @@ -0,0 +1,56 @@ +# [RustCrypto]: X.509 Subject Public Key Info (SPKI) + +[![crate][crate-image]][crate-link] +[![Docs][docs-image]][docs-link] +[![Build Status][build-image]][build-link] +![Apache2/MIT licensed][license-image] +![Rust Version][rustc-image] +[![Project Chat][chat-image]][chat-link] + +[X.509] Subject Public Key Info types describing public keys as well as their +associated AlgorithmIdentifiers (i.e. OIDs). + +Specified in [RFC 5280 § 4.1]. + +[Documentation][docs-link] + +## Minimum Supported Rust Version + +This crate requires **Rust 1.65** at a minimum. + +We may change the MSRV in the future, but it will be accompanied by a minor +version bump. + +## License + +Licensed under either of: + + * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) + * [MIT license](http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you, as defined in the Apache-2.0 license, shall be +dual licensed as above, without any additional terms or conditions. + +[//]: # (badges) + +[crate-image]: https://buildstats.info/crate/spki +[crate-link]: https://crates.io/crates/spki +[docs-image]: https://docs.rs/spki/badge.svg +[docs-link]: https://docs.rs/spki/ +[build-image]: https://github.com/RustCrypto/formats/actions/workflows/spki.yml/badge.svg +[build-link]: https://github.com/RustCrypto/formats/actions/workflows/spki.yml +[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg +[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg +[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/300570-formats + +[//]: # (links) + +[RustCrypto]: https://github.com/rustcrypto +[X.509]: https://en.wikipedia.org/wiki/X.509 +[RFC 5280 § 4.1]: https://tools.ietf.org/html/rfc5280#section-4.1 diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/algorithm.rs b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/algorithm.rs new file mode 100644 index 000000000000..5f4b5e8c2411 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/algorithm.rs @@ -0,0 +1,194 @@ +//! X.509 `AlgorithmIdentifier` + +use crate::{Error, Result}; +use core::cmp::Ordering; +use der::{ + asn1::{AnyRef, Choice, ObjectIdentifier}, + Decode, DecodeValue, DerOrd, Encode, EncodeValue, Header, Length, Reader, Sequence, ValueOrd, + Writer, +}; + +#[cfg(feature = "alloc")] +use der::asn1::Any; + +/// X.509 `AlgorithmIdentifier` as defined in [RFC 5280 Section 4.1.1.2]. +/// +/// ```text +/// AlgorithmIdentifier ::= SEQUENCE { +/// algorithm OBJECT IDENTIFIER, +/// parameters ANY DEFINED BY algorithm OPTIONAL } +/// ``` +/// +/// [RFC 5280 Section 4.1.1.2]: https://tools.ietf.org/html/rfc5280#section-4.1.1.2 +#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))] +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +pub struct AlgorithmIdentifier { + /// Algorithm OID, i.e. the `algorithm` field in the `AlgorithmIdentifier` + /// ASN.1 schema. + pub oid: ObjectIdentifier, + + /// Algorithm `parameters`. + pub parameters: Option, +} + +impl<'a, Params> DecodeValue<'a> for AlgorithmIdentifier +where + Params: Choice<'a>, +{ + fn decode_value>(reader: &mut R, header: Header) -> der::Result { + reader.read_nested(header.length, |reader| { + Ok(Self { + oid: reader.decode()?, + parameters: reader.decode()?, + }) + }) + } +} + +impl EncodeValue for AlgorithmIdentifier +where + Params: Encode, +{ + fn value_len(&self) -> der::Result { + self.oid.encoded_len()? + self.parameters.encoded_len()? + } + + fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> { + self.oid.encode(writer)?; + self.parameters.encode(writer)?; + Ok(()) + } +} + +impl<'a, Params> Sequence<'a> for AlgorithmIdentifier where Params: Choice<'a> + Encode {} + +impl<'a, Params> TryFrom<&'a [u8]> for AlgorithmIdentifier +where + Params: Choice<'a> + Encode, +{ + type Error = Error; + + fn try_from(bytes: &'a [u8]) -> Result { + Ok(Self::from_der(bytes)?) + } +} + +impl ValueOrd for AlgorithmIdentifier +where + Params: DerOrd, +{ + fn value_cmp(&self, other: &Self) -> der::Result { + match self.oid.der_cmp(&other.oid)? { + Ordering::Equal => self.parameters.der_cmp(&other.parameters), + other => Ok(other), + } + } +} + +/// `AlgorithmIdentifier` reference which has `AnyRef` parameters. +pub type AlgorithmIdentifierRef<'a> = AlgorithmIdentifier>; + +/// `AlgorithmIdentifier` with `ObjectIdentifier` parameters. +pub type AlgorithmIdentifierWithOid = AlgorithmIdentifier; + +/// `AlgorithmIdentifier` reference which has `Any` parameters. +#[cfg(feature = "alloc")] +pub type AlgorithmIdentifierOwned = AlgorithmIdentifier; + +impl AlgorithmIdentifier { + /// Assert the `algorithm` OID is an expected value. + pub fn assert_algorithm_oid(&self, expected_oid: ObjectIdentifier) -> Result { + if self.oid == expected_oid { + Ok(expected_oid) + } else { + Err(Error::OidUnknown { oid: expected_oid }) + } + } +} + +impl<'a> AlgorithmIdentifierRef<'a> { + /// Assert `parameters` is an OID and has the expected value. + pub fn assert_parameters_oid( + &self, + expected_oid: ObjectIdentifier, + ) -> Result { + let actual_oid = self.parameters_oid()?; + + if actual_oid == expected_oid { + Ok(actual_oid) + } else { + Err(Error::OidUnknown { oid: expected_oid }) + } + } + + /// Assert the values of the `algorithm` and `parameters` OIDs. + pub fn assert_oids( + &self, + algorithm: ObjectIdentifier, + parameters: ObjectIdentifier, + ) -> Result<()> { + self.assert_algorithm_oid(algorithm)?; + self.assert_parameters_oid(parameters)?; + Ok(()) + } + + /// Get the `parameters` field as an [`AnyRef`]. + /// + /// Returns an error if `parameters` are `None`. + pub fn parameters_any(&self) -> Result> { + self.parameters.ok_or(Error::AlgorithmParametersMissing) + } + + /// Get the `parameters` field as an [`ObjectIdentifier`]. + /// + /// Returns an error if it is absent or not an OID. + pub fn parameters_oid(&self) -> Result { + Ok(ObjectIdentifier::try_from(self.parameters_any()?)?) + } + + /// Convert to a pair of [`ObjectIdentifier`]s. + /// + /// This method is helpful for decomposing in match statements. Note in + /// particular that `NULL` parameters are treated the same as missing + /// parameters. + /// + /// Returns an error if parameters are present but not an OID. + pub fn oids(&self) -> der::Result<(ObjectIdentifier, Option)> { + Ok(( + self.oid, + match self.parameters { + None => None, + Some(p) => match p { + AnyRef::NULL => None, + _ => Some(p.decode_as::()?), + }, + }, + )) + } +} + +#[cfg(feature = "alloc")] +mod allocating { + use super::*; + use der::referenced::*; + + impl<'a> RefToOwned<'a> for AlgorithmIdentifierRef<'a> { + type Owned = AlgorithmIdentifierOwned; + fn ref_to_owned(&self) -> Self::Owned { + AlgorithmIdentifier { + oid: self.oid, + parameters: self.parameters.ref_to_owned(), + } + } + } + + impl OwnedToRef for AlgorithmIdentifierOwned { + type Borrowed<'a> = AlgorithmIdentifierRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + AlgorithmIdentifier { + oid: self.oid, + parameters: self.parameters.owned_to_ref(), + } + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/error.rs b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/error.rs new file mode 100644 index 000000000000..9d05990f3bb9 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/error.rs @@ -0,0 +1,68 @@ +//! Error types + +use core::fmt; +use der::asn1::ObjectIdentifier; + +/// Result type with `spki` crate's [`Error`] type. +pub type Result = core::result::Result; + +#[cfg(feature = "pem")] +use der::pem; + +/// Error type +#[derive(Copy, Clone, Debug, Eq, PartialEq)] +#[non_exhaustive] +pub enum Error { + /// Algorithm parameters are missing. + AlgorithmParametersMissing, + + /// ASN.1 DER-related errors. + Asn1(der::Error), + + /// Malformed cryptographic key contained in a SPKI document. + /// + /// This is intended for relaying errors related to the raw data contained + /// in [`SubjectPublicKeyInfo::subject_public_key`][`crate::SubjectPublicKeyInfo::subject_public_key`]. + KeyMalformed, + + /// Unknown algorithm OID. + OidUnknown { + /// Unrecognized OID value found in e.g. a SPKI `AlgorithmIdentifier`. + oid: ObjectIdentifier, + }, +} + +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + Error::AlgorithmParametersMissing => { + f.write_str("AlgorithmIdentifier parameters missing") + } + Error::Asn1(err) => write!(f, "ASN.1 error: {}", err), + Error::KeyMalformed => f.write_str("SPKI cryptographic key data malformed"), + Error::OidUnknown { oid } => { + write!(f, "unknown/unsupported algorithm OID: {}", oid) + } + } + } +} + +impl From for Error { + fn from(err: der::Error) -> Error { + if let der::ErrorKind::OidUnknown { oid } = err.kind() { + Error::OidUnknown { oid } + } else { + Error::Asn1(err) + } + } +} + +#[cfg(feature = "pem")] +impl From for Error { + fn from(err: pem::Error) -> Error { + der::Error::from(err).into() + } +} + +#[cfg(feature = "std")] +impl std::error::Error for Error {} diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/fingerprint.rs b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/fingerprint.rs new file mode 100644 index 000000000000..ba06e62e819b --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/fingerprint.rs @@ -0,0 +1,42 @@ +//! SPKI fingerprint support. + +use der::Writer; +use sha2::{Digest, Sha256}; + +/// Size of a SHA-256 SPKI fingerprint in bytes. +pub(crate) const SIZE: usize = 32; + +/// Raw bytes of a SPKI fingerprint i.e. SHA-256 digest of +/// `SubjectPublicKeyInfo`'s DER encoding. +/// +/// See [RFC7469 § 2.1.1] for more information. +/// +/// [RFC7469 § 2.1.1]: https://datatracker.ietf.org/doc/html/rfc7469#section-2.1.1 +pub type FingerprintBytes = [u8; SIZE]; + +/// Writer newtype which accepts DER being serialized on-the-fly and computes a +/// hash of the contents. +#[derive(Clone, Default)] +pub(crate) struct Builder { + /// In-progress digest being computed from streaming DER. + digest: Sha256, +} + +impl Builder { + /// Create a new fingerprint builder. + pub fn new() -> Self { + Self::default() + } + + /// Finish computing a fingerprint, returning the computed digest. + pub fn finish(self) -> FingerprintBytes { + self.digest.finalize().into() + } +} + +impl Writer for Builder { + fn write(&mut self, der_bytes: &[u8]) -> der::Result<()> { + self.digest.update(der_bytes); + Ok(()) + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/lib.rs b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/lib.rs new file mode 100644 index 000000000000..6c0caa72a9ba --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/lib.rs @@ -0,0 +1,71 @@ +#![no_std] +#![cfg_attr(docsrs, feature(doc_auto_cfg))] +#![doc = include_str!("../README.md")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![forbid(unsafe_code)] +#![warn( + clippy::mod_module_files, + clippy::unwrap_used, + missing_docs, + rust_2018_idioms, + unused_lifetimes, + unused_qualifications +)] +//! # Usage +//! The following example demonstrates how to use an OID as the `parameters` +//! of an [`AlgorithmIdentifier`]. +//! +//! Borrow the [`ObjectIdentifier`] first then use [`der::AnyRef::from`] or `.into()`: +//! +//! ``` +//! use spki::{AlgorithmIdentifier, ObjectIdentifier}; +//! +//! let alg_oid = "1.2.840.10045.2.1".parse::().unwrap(); +//! let params_oid = "1.2.840.10045.3.1.7".parse::().unwrap(); +//! +//! let alg_id = AlgorithmIdentifier { +//! oid: alg_oid, +//! parameters: Some(params_oid) +//! }; +//! ``` + +#[cfg(feature = "alloc")] +#[allow(unused_extern_crates)] +extern crate alloc; +#[cfg(feature = "std")] +extern crate std; + +mod algorithm; +mod error; +mod spki; +mod traits; + +#[cfg(feature = "fingerprint")] +mod fingerprint; + +pub use crate::{ + algorithm::{AlgorithmIdentifier, AlgorithmIdentifierRef, AlgorithmIdentifierWithOid}, + error::{Error, Result}, + spki::{SubjectPublicKeyInfo, SubjectPublicKeyInfoRef}, + traits::{AssociatedAlgorithmIdentifier, DecodePublicKey, SignatureAlgorithmIdentifier}, +}; +pub use der::{self, asn1::ObjectIdentifier}; + +#[cfg(feature = "alloc")] +pub use { + crate::{ + algorithm::AlgorithmIdentifierOwned, + spki::SubjectPublicKeyInfoOwned, + traits::{ + DynAssociatedAlgorithmIdentifier, DynSignatureAlgorithmIdentifier, EncodePublicKey, + SignatureBitStringEncoding, + }, + }, + der::Document, +}; + +#[cfg(feature = "fingerprint")] +pub use crate::fingerprint::FingerprintBytes; diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/spki.rs b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/spki.rs new file mode 100644 index 000000000000..b7e4c928002c --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/spki.rs @@ -0,0 +1,217 @@ +//! X.509 `SubjectPublicKeyInfo` + +use crate::{AlgorithmIdentifier, Error, Result}; +use core::cmp::Ordering; +use der::{ + asn1::{AnyRef, BitStringRef}, + Choice, Decode, DecodeValue, DerOrd, Encode, EncodeValue, FixedTag, Header, Length, Reader, + Sequence, ValueOrd, Writer, +}; + +#[cfg(feature = "alloc")] +use der::{ + asn1::{Any, BitString}, + Document, +}; + +#[cfg(feature = "fingerprint")] +use crate::{fingerprint, FingerprintBytes}; + +#[cfg(feature = "pem")] +use der::pem::PemLabel; + +/// [`SubjectPublicKeyInfo`] with [`AnyRef`] algorithm parameters, and [`BitStringRef`] params. +pub type SubjectPublicKeyInfoRef<'a> = SubjectPublicKeyInfo, BitStringRef<'a>>; + +/// [`SubjectPublicKeyInfo`] with [`Any`] algorithm parameters, and [`BitString`] params. +#[cfg(feature = "alloc")] +pub type SubjectPublicKeyInfoOwned = SubjectPublicKeyInfo; + +/// X.509 `SubjectPublicKeyInfo` (SPKI) as defined in [RFC 5280 § 4.1.2.7]. +/// +/// ASN.1 structure containing an [`AlgorithmIdentifier`] and public key +/// data in an algorithm specific format. +/// +/// ```text +/// SubjectPublicKeyInfo ::= SEQUENCE { +/// algorithm AlgorithmIdentifier, +/// subjectPublicKey BIT STRING } +/// ``` +/// +/// [RFC 5280 § 4.1.2.7]: https://tools.ietf.org/html/rfc5280#section-4.1.2.7 +#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))] +#[derive(Clone, Debug, Eq, PartialEq)] +pub struct SubjectPublicKeyInfo { + /// X.509 [`AlgorithmIdentifier`] for the public key type + pub algorithm: AlgorithmIdentifier, + + /// Public key data + pub subject_public_key: Key, +} + +impl<'a, Params, Key> SubjectPublicKeyInfo +where + Params: Choice<'a> + Encode, + // TODO: replace FixedTag with FixedTag once + // https://github.com/rust-lang/rust/issues/92827 is fixed + Key: Decode<'a> + Encode + FixedTag, +{ + /// Calculate the SHA-256 fingerprint of this [`SubjectPublicKeyInfo`] and + /// encode it as a Base64 string. + /// + /// See [RFC7469 § 2.1.1] for more information. + /// + /// [RFC7469 § 2.1.1]: https://datatracker.ietf.org/doc/html/rfc7469#section-2.1.1 + #[cfg(all(feature = "fingerprint", feature = "alloc", feature = "base64"))] + pub fn fingerprint_base64(&self) -> Result { + use base64ct::{Base64, Encoding}; + Ok(Base64::encode_string(&self.fingerprint_bytes()?)) + } + + /// Calculate the SHA-256 fingerprint of this [`SubjectPublicKeyInfo`] as + /// a raw byte array. + /// + /// See [RFC7469 § 2.1.1] for more information. + /// + /// [RFC7469 § 2.1.1]: https://datatracker.ietf.org/doc/html/rfc7469#section-2.1.1 + #[cfg(feature = "fingerprint")] + pub fn fingerprint_bytes(&self) -> Result { + let mut builder = fingerprint::Builder::new(); + self.encode(&mut builder)?; + Ok(builder.finish()) + } +} + +impl<'a: 'k, 'k, Params, Key: 'k> DecodeValue<'a> for SubjectPublicKeyInfo +where + Params: Choice<'a> + Encode, + Key: Decode<'a>, +{ + fn decode_value>(reader: &mut R, header: Header) -> der::Result { + reader.read_nested(header.length, |reader| { + Ok(Self { + algorithm: reader.decode()?, + subject_public_key: Key::decode(reader)?, + }) + }) + } +} + +impl<'a, Params, Key> EncodeValue for SubjectPublicKeyInfo +where + Params: Choice<'a> + Encode, + Key: Encode, +{ + fn value_len(&self) -> der::Result { + self.algorithm.encoded_len()? + self.subject_public_key.encoded_len()? + } + + fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> { + self.algorithm.encode(writer)?; + self.subject_public_key.encode(writer)?; + Ok(()) + } +} + +impl<'a, Params, Key> Sequence<'a> for SubjectPublicKeyInfo +where + Params: Choice<'a> + Encode, + Key: Decode<'a> + Encode + FixedTag, +{ +} + +impl<'a, Params, Key> TryFrom<&'a [u8]> for SubjectPublicKeyInfo +where + Params: Choice<'a> + Encode, + Key: Decode<'a> + Encode + FixedTag, +{ + type Error = Error; + + fn try_from(bytes: &'a [u8]) -> Result { + Ok(Self::from_der(bytes)?) + } +} + +impl<'a, Params, Key> ValueOrd for SubjectPublicKeyInfo +where + Params: Choice<'a> + DerOrd + Encode, + Key: ValueOrd, +{ + fn value_cmp(&self, other: &Self) -> der::Result { + match self.algorithm.der_cmp(&other.algorithm)? { + Ordering::Equal => self.subject_public_key.value_cmp(&other.subject_public_key), + other => Ok(other), + } + } +} + +#[cfg(feature = "alloc")] +impl<'a: 'k, 'k, Params, Key: 'k> TryFrom> for Document +where + Params: Choice<'a> + Encode, + Key: Decode<'a> + Encode + FixedTag, + BitStringRef<'a>: From<&'k Key>, +{ + type Error = Error; + + fn try_from(spki: SubjectPublicKeyInfo) -> Result { + Self::try_from(&spki) + } +} + +#[cfg(feature = "alloc")] +impl<'a: 'k, 'k, Params, Key: 'k> TryFrom<&SubjectPublicKeyInfo> for Document +where + Params: Choice<'a> + Encode, + Key: Decode<'a> + Encode + FixedTag, + BitStringRef<'a>: From<&'k Key>, +{ + type Error = Error; + + fn try_from(spki: &SubjectPublicKeyInfo) -> Result { + Ok(Self::encode_msg(spki)?) + } +} + +#[cfg(feature = "pem")] +impl PemLabel for SubjectPublicKeyInfo { + const PEM_LABEL: &'static str = "PUBLIC KEY"; +} + +#[cfg(feature = "alloc")] +mod allocating { + use super::*; + use crate::EncodePublicKey; + use der::referenced::*; + + impl<'a> RefToOwned<'a> for SubjectPublicKeyInfoRef<'a> { + type Owned = SubjectPublicKeyInfoOwned; + fn ref_to_owned(&self) -> Self::Owned { + SubjectPublicKeyInfo { + algorithm: self.algorithm.ref_to_owned(), + subject_public_key: self.subject_public_key.ref_to_owned(), + } + } + } + + impl OwnedToRef for SubjectPublicKeyInfoOwned { + type Borrowed<'a> = SubjectPublicKeyInfoRef<'a>; + fn owned_to_ref(&self) -> Self::Borrowed<'_> { + SubjectPublicKeyInfo { + algorithm: self.algorithm.owned_to_ref(), + subject_public_key: self.subject_public_key.owned_to_ref(), + } + } + } + + impl SubjectPublicKeyInfoOwned { + /// Create a [`SubjectPublicKeyInfoOwned`] from any object that implements + /// [`EncodePublicKey`]. + pub fn from_key(source: T) -> Result + where + T: EncodePublicKey, + { + Ok(source.to_public_key_der()?.decode_msg::()?) + } + } +} diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/traits.rs b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/traits.rs new file mode 100644 index 000000000000..764b02a4a5fa --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/traits.rs @@ -0,0 +1,184 @@ +//! Traits for encoding/decoding SPKI public keys. + +use crate::{AlgorithmIdentifier, Error, Result, SubjectPublicKeyInfoRef}; +use der::{EncodeValue, Tagged}; + +#[cfg(feature = "alloc")] +use { + crate::AlgorithmIdentifierOwned, + der::{asn1::BitString, Any, Document}, +}; + +#[cfg(feature = "pem")] +use { + alloc::string::String, + der::pem::{LineEnding, PemLabel}, +}; + +#[cfg(feature = "std")] +use std::path::Path; + +#[cfg(doc)] +use crate::SubjectPublicKeyInfo; + +/// Parse a public key object from an encoded SPKI document. +pub trait DecodePublicKey: Sized { + /// Deserialize object from ASN.1 DER-encoded [`SubjectPublicKeyInfo`] + /// (binary format). + fn from_public_key_der(bytes: &[u8]) -> Result; + + /// Deserialize PEM-encoded [`SubjectPublicKeyInfo`]. + /// + /// Keys in this format begin with the following delimiter: + /// + /// ```text + /// -----BEGIN PUBLIC KEY----- + /// ``` + #[cfg(feature = "pem")] + fn from_public_key_pem(s: &str) -> Result { + let (label, doc) = Document::from_pem(s)?; + SubjectPublicKeyInfoRef::validate_pem_label(label)?; + Self::from_public_key_der(doc.as_bytes()) + } + + /// Load public key object from an ASN.1 DER-encoded file on the local + /// filesystem (binary format). + #[cfg(feature = "std")] + fn read_public_key_der_file(path: impl AsRef) -> Result { + let doc = Document::read_der_file(path)?; + Self::from_public_key_der(doc.as_bytes()) + } + + /// Load public key object from a PEM-encoded file on the local filesystem. + #[cfg(all(feature = "pem", feature = "std"))] + fn read_public_key_pem_file(path: impl AsRef) -> Result { + let (label, doc) = Document::read_pem_file(path)?; + SubjectPublicKeyInfoRef::validate_pem_label(&label)?; + Self::from_public_key_der(doc.as_bytes()) + } +} + +impl DecodePublicKey for T +where + T: for<'a> TryFrom, Error = Error>, +{ + fn from_public_key_der(bytes: &[u8]) -> Result { + Self::try_from(SubjectPublicKeyInfoRef::try_from(bytes)?) + } +} + +/// Serialize a public key object to a SPKI-encoded document. +#[cfg(feature = "alloc")] +pub trait EncodePublicKey { + /// Serialize a [`Document`] containing a SPKI-encoded public key. + fn to_public_key_der(&self) -> Result; + + /// Serialize this public key as PEM-encoded SPKI with the given [`LineEnding`]. + #[cfg(feature = "pem")] + fn to_public_key_pem(&self, line_ending: LineEnding) -> Result { + let doc = self.to_public_key_der()?; + Ok(doc.to_pem(SubjectPublicKeyInfoRef::PEM_LABEL, line_ending)?) + } + + /// Write ASN.1 DER-encoded public key to the given path + #[cfg(feature = "std")] + fn write_public_key_der_file(&self, path: impl AsRef) -> Result<()> { + Ok(self.to_public_key_der()?.write_der_file(path)?) + } + + /// Write ASN.1 DER-encoded public key to the given path + #[cfg(all(feature = "pem", feature = "std"))] + fn write_public_key_pem_file( + &self, + path: impl AsRef, + line_ending: LineEnding, + ) -> Result<()> { + let doc = self.to_public_key_der()?; + Ok(doc.write_pem_file(path, SubjectPublicKeyInfoRef::PEM_LABEL, line_ending)?) + } +} + +/// Returns `AlgorithmIdentifier` associated with the structure. +/// +/// This is useful for e.g. keys for digital signature algorithms. +pub trait AssociatedAlgorithmIdentifier { + /// Algorithm parameters. + type Params: Tagged + EncodeValue; + + /// `AlgorithmIdentifier` for this structure. + const ALGORITHM_IDENTIFIER: AlgorithmIdentifier; +} + +/// Returns `AlgorithmIdentifier` associated with the structure. +/// +/// This is useful for e.g. keys for digital signature algorithms. +#[cfg(feature = "alloc")] +pub trait DynAssociatedAlgorithmIdentifier { + /// `AlgorithmIdentifier` for this structure. + fn algorithm_identifier(&self) -> Result; +} + +#[cfg(feature = "alloc")] +impl DynAssociatedAlgorithmIdentifier for T +where + T: AssociatedAlgorithmIdentifier, +{ + fn algorithm_identifier(&self) -> Result { + Ok(AlgorithmIdentifierOwned { + oid: T::ALGORITHM_IDENTIFIER.oid, + parameters: T::ALGORITHM_IDENTIFIER + .parameters + .as_ref() + .map(Any::encode_from) + .transpose()?, + }) + } +} + +/// Returns `AlgorithmIdentifier` associated with the signature system. +/// +/// Unlike AssociatedAlgorithmIdentifier this is intended to be implemented for public and/or +/// private keys. +pub trait SignatureAlgorithmIdentifier { + /// Algorithm parameters. + type Params: Tagged + EncodeValue; + + /// `AlgorithmIdentifier` for the corresponding singature system. + const SIGNATURE_ALGORITHM_IDENTIFIER: AlgorithmIdentifier; +} + +/// Returns `AlgorithmIdentifier` associated with the signature system. +/// +/// Unlike AssociatedAlgorithmIdentifier this is intended to be implemented for public and/or +/// private keys. +#[cfg(feature = "alloc")] +pub trait DynSignatureAlgorithmIdentifier { + /// `AlgorithmIdentifier` for the corresponding singature system. + fn signature_algorithm_identifier(&self) -> Result; +} + +#[cfg(feature = "alloc")] +impl DynSignatureAlgorithmIdentifier for T +where + T: SignatureAlgorithmIdentifier, +{ + fn signature_algorithm_identifier(&self) -> Result { + Ok(AlgorithmIdentifierOwned { + oid: T::SIGNATURE_ALGORITHM_IDENTIFIER.oid, + parameters: T::SIGNATURE_ALGORITHM_IDENTIFIER + .parameters + .as_ref() + .map(Any::encode_from) + .transpose()?, + }) + } +} + +/// Returns the `BitString` encoding of the signature. +/// +/// X.509 and CSR structures require signatures to be BitString encoded. +#[cfg(feature = "alloc")] +pub trait SignatureBitStringEncoding { + /// `BitString` encoding for this signature. + fn to_bitstring(&self) -> der::Result; +} diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/ed25519-pub.der b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/ed25519-pub.der new file mode 100644 index 000000000000..1b602ee1f275 Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/ed25519-pub.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/ed25519-pub.pem b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/ed25519-pub.pem new file mode 100644 index 000000000000..6891701f7888 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/ed25519-pub.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEATSkWfz8ZEqb3rfopOgUaFcBexnuPFyZ7HFVQ3OhTvQ0= +-----END PUBLIC KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/p256-pub.der b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/p256-pub.der new file mode 100644 index 000000000000..67c719c7641d Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/p256-pub.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/p256-pub.pem b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/p256-pub.pem new file mode 100644 index 000000000000..ee7e5b612f35 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/p256-pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHKz/tV8vLO/YnYnrN0smgRUkUoAt +7qCZFgaBN9g5z3/EgaREkjBNfvZqwRe+/oOo0I8VXytS+fYY3URwKQSODw== +-----END PUBLIC KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/rsa2048-pub.der b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/rsa2048-pub.der new file mode 100644 index 000000000000..4148aaaaaffc Binary files /dev/null and b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/rsa2048-pub.der differ diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/rsa2048-pub.pem b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/rsa2048-pub.pem new file mode 100644 index 000000000000..5ecd892394ee --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/examples/rsa2048-pub.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsQsUV8QpqrygsY+2+JC +Q6Fw8/omM71IM2N/R8pPbzbgOl0p78MZGsgPOQ2HSznjD0FPzsH8oO2B5Uftws04 +LHb2HJAYlz25+lN5cqfHAfa3fgmC38FfwBkn7l582UtPWZ/wcBOnyCgb3yLcvJrX +yrt8QxHJgvWO23ITrUVYszImbXQ67YGS0YhMrbixRzmo2tpm3JcIBtnHrEUMsT0N +fFdfsZhTT8YbxBvA8FdODgEwx7u/vf3J9qbi4+Kv8cvqyJuleIRSjVXPsIMnoejI +n04APPKIjpMyQdnWlby7rNyQtE4+CV+jcFjqJbE/Xilcvqxt6DirjFCvYeKYl1uH +LwIDAQAB +-----END PUBLIC KEY----- diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/spki.rs b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/spki.rs new file mode 100644 index 000000000000..f912d4875dfc --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/spki.rs @@ -0,0 +1,161 @@ +//! `SubjectPublicKeyInfo` tests. + +use der::asn1::ObjectIdentifier; +use hex_literal::hex; +use spki::SubjectPublicKeyInfoRef; + +#[cfg(feature = "alloc")] +use der::Encode; + +#[cfg(feature = "pem")] +use der::{pem::LineEnding, EncodePem}; + +/// Elliptic Curve (P-256) `SubjectPublicKeyInfo` encoded as ASN.1 DER +const EC_P256_DER_EXAMPLE: &[u8] = include_bytes!("examples/p256-pub.der"); + +/// Ed25519 `SubjectPublicKeyInfo` encoded as ASN.1 DER +#[cfg(any(feature = "alloc", feature = "fingerprint"))] +const ED25519_DER_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-pub.der"); + +/// RSA-2048 `SubjectPublicKeyInfo` encoded as ASN.1 DER +const RSA_2048_DER_EXAMPLE: &[u8] = include_bytes!("examples/rsa2048-pub.der"); + +/// Elliptic Curve (P-256) public key encoded as PEM +#[cfg(feature = "pem")] +const EC_P256_PEM_EXAMPLE: &str = include_str!("examples/p256-pub.pem"); + +/// Ed25519 public key encoded as PEM +#[cfg(feature = "pem")] +const ED25519_PEM_EXAMPLE: &str = include_str!("examples/ed25519-pub.pem"); + +/// RSA-2048 PKCS#8 public key encoded as PEM +#[cfg(feature = "pem")] +const RSA_2048_PEM_EXAMPLE: &str = include_str!("examples/rsa2048-pub.pem"); + +/// The SPKI fingerprint for `ED25519_SPKI_FINGERPRINT` as a Base64 string +/// +/// Generated using `cat ed25519-pub.der | openssl dgst -binary -sha256 | base64` +#[cfg(all(feature = "alloc", feature = "base64", feature = "fingerprint"))] +const ED25519_SPKI_FINGERPRINT_BASE64: &str = "Vd1MdLDkhTTi9OFzzs61DfjyenrCqomRzHrpFOAwvO0="; + +/// The SPKI fingerprint for `ED25519_SPKI_FINGERPRINT` as straight hash bytes +/// +/// Generated using `cat ed25519-pub.der | openssl dgst -sha256` +#[cfg(feature = "fingerprint")] +const ED25519_SPKI_FINGERPRINT: &[u8] = + &hex!("55dd4c74b0e48534e2f4e173ceceb50df8f27a7ac2aa8991cc7ae914e030bced"); + +#[test] +fn decode_ec_p256_der() { + let spki = SubjectPublicKeyInfoRef::try_from(EC_P256_DER_EXAMPLE).unwrap(); + + assert_eq!(spki.algorithm.oid, "1.2.840.10045.2.1".parse().unwrap()); + + assert_eq!( + spki.algorithm + .parameters + .unwrap() + .decode_as::() + .unwrap(), + "1.2.840.10045.3.1.7".parse().unwrap() + ); + + assert_eq!(spki.subject_public_key.raw_bytes(), &hex!("041CACFFB55F2F2CEFD89D89EB374B2681152452802DEEA09916068137D839CF7FC481A44492304D7EF66AC117BEFE83A8D08F155F2B52F9F618DD447029048E0F")[..]); +} + +#[test] +#[cfg(feature = "fingerprint")] +fn decode_ed25519_and_fingerprint_spki() { + // Repeat the decode test from the pkcs8 crate + let spki = SubjectPublicKeyInfoRef::try_from(ED25519_DER_EXAMPLE).unwrap(); + + assert_eq!(spki.algorithm.oid, "1.3.101.112".parse().unwrap()); + assert_eq!(spki.algorithm.parameters, None); + assert_eq!( + spki.subject_public_key.raw_bytes(), + &hex!("4D29167F3F1912A6F7ADFA293A051A15C05EC67B8F17267B1C5550DCE853BD0D")[..] + ); + + // Check the fingerprint + assert_eq!( + spki.fingerprint_bytes().unwrap().as_slice(), + ED25519_SPKI_FINGERPRINT + ); +} + +#[test] +#[cfg(all(feature = "alloc", feature = "base64", feature = "fingerprint"))] +fn decode_ed25519_and_fingerprint_base64() { + // Repeat the decode test from the pkcs8 crate + let spki = SubjectPublicKeyInfoRef::try_from(ED25519_DER_EXAMPLE).unwrap(); + + assert_eq!(spki.algorithm.oid, "1.3.101.112".parse().unwrap()); + assert_eq!(spki.algorithm.parameters, None); + assert_eq!( + spki.subject_public_key.raw_bytes(), + &hex!("4D29167F3F1912A6F7ADFA293A051A15C05EC67B8F17267B1C5550DCE853BD0D")[..] + ); + + // Check the fingerprint + assert_eq!( + spki.fingerprint_base64().unwrap(), + ED25519_SPKI_FINGERPRINT_BASE64 + ); +} + +#[test] +fn decode_rsa_2048_der() { + let spki = SubjectPublicKeyInfoRef::try_from(RSA_2048_DER_EXAMPLE).unwrap(); + + assert_eq!(spki.algorithm.oid, "1.2.840.113549.1.1.1".parse().unwrap()); + assert!(spki.algorithm.parameters.unwrap().is_null()); + assert_eq!(spki.subject_public_key.raw_bytes(), &hex!("3082010A0282010100B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F0203010001")[..]); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_ec_p256_der() { + let pk = SubjectPublicKeyInfoRef::try_from(EC_P256_DER_EXAMPLE).unwrap(); + let pk_encoded = pk.to_der().unwrap(); + assert_eq!(EC_P256_DER_EXAMPLE, pk_encoded.as_slice()); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_ed25519_der() { + let pk = SubjectPublicKeyInfoRef::try_from(ED25519_DER_EXAMPLE).unwrap(); + let pk_encoded = pk.to_der().unwrap(); + assert_eq!(ED25519_DER_EXAMPLE, pk_encoded.as_slice()); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_rsa_2048_der() { + let pk = SubjectPublicKeyInfoRef::try_from(RSA_2048_DER_EXAMPLE).unwrap(); + let pk_encoded = pk.to_der().unwrap(); + assert_eq!(RSA_2048_DER_EXAMPLE, pk_encoded.as_slice()); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_ec_p256_pem() { + let pk = SubjectPublicKeyInfoRef::try_from(EC_P256_DER_EXAMPLE).unwrap(); + let pk_encoded = pk.to_pem(LineEnding::LF).unwrap(); + assert_eq!(EC_P256_PEM_EXAMPLE, pk_encoded); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_ed25519_pem() { + let pk = SubjectPublicKeyInfoRef::try_from(ED25519_DER_EXAMPLE).unwrap(); + let pk_encoded = pk.to_pem(LineEnding::LF).unwrap(); + assert_eq!(ED25519_PEM_EXAMPLE, pk_encoded); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_rsa_2048_pem() { + let pk = SubjectPublicKeyInfoRef::try_from(RSA_2048_DER_EXAMPLE).unwrap(); + let pk_encoded = pk.to_pem(LineEnding::LF).unwrap(); + assert_eq!(RSA_2048_PEM_EXAMPLE, pk_encoded); +} diff --git a/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/traits.rs b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/traits.rs new file mode 100644 index 000000000000..111433343aa0 --- /dev/null +++ b/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/tests/traits.rs @@ -0,0 +1,102 @@ +//! Tests for SPKI encoding/decoding traits. + +#![cfg(any(feature = "pem", feature = "std"))] + +use der::{Decode, Encode}; +use spki::{DecodePublicKey, Document, EncodePublicKey, Error, Result, SubjectPublicKeyInfoRef}; + +#[cfg(feature = "pem")] +use spki::der::pem::LineEnding; + +#[cfg(feature = "std")] +use tempfile::tempdir; + +#[cfg(all(feature = "pem", feature = "std"))] +use std::fs; + +/// Ed25519 `SubjectPublicKeyInfo` encoded as ASN.1 DER +const ED25519_DER_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-pub.der"); + +/// Ed25519 public key encoded as PEM +#[cfg(feature = "pem")] +const ED25519_PEM_EXAMPLE: &str = include_str!("examples/ed25519-pub.pem"); + +/// Mock key type for testing trait impls against. +pub struct MockKey(Vec); + +impl AsRef<[u8]> for MockKey { + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } +} + +impl EncodePublicKey for MockKey { + fn to_public_key_der(&self) -> Result { + Ok(Document::from_der(self.as_ref())?) + } +} + +impl TryFrom> for MockKey { + type Error = Error; + + fn try_from(spki: SubjectPublicKeyInfoRef<'_>) -> Result { + Ok(MockKey(spki.to_der()?)) + } +} + +#[cfg(feature = "pem")] +#[test] +fn from_public_key_pem() { + let key = MockKey::from_public_key_pem(ED25519_PEM_EXAMPLE).unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(feature = "std")] +#[test] +fn read_public_key_der_file() { + let key = MockKey::read_public_key_der_file("tests/examples/ed25519-pub.der").unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(all(feature = "pem", feature = "std"))] +#[test] +fn read_public_key_pem_file() { + let key = MockKey::read_public_key_pem_file("tests/examples/ed25519-pub.pem").unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(feature = "pem")] +#[test] +fn to_public_key_pem() { + let pem = MockKey(ED25519_DER_EXAMPLE.to_vec()) + .to_public_key_pem(LineEnding::LF) + .unwrap(); + + assert_eq!(pem, ED25519_PEM_EXAMPLE); +} + +#[cfg(feature = "std")] +#[test] +fn write_public_key_der_file() { + let dir = tempdir().unwrap(); + let path = dir.path().join("example.der"); + MockKey(ED25519_DER_EXAMPLE.to_vec()) + .write_public_key_der_file(&path) + .unwrap(); + + let key = MockKey::read_public_key_der_file(&path).unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(all(feature = "pem", feature = "std"))] +#[test] +fn write_public_key_pem_file() { + let dir = tempdir().unwrap(); + let path = dir.path().join("example.pem"); + MockKey(ED25519_DER_EXAMPLE.to_vec()) + .write_public_key_pem_file(&path, LineEnding::LF) + .unwrap(); + + let pem = fs::read_to_string(path).unwrap(); + assert_eq!(&pem, ED25519_PEM_EXAMPLE); +} diff --git a/third_party/rust/const_oid/v0_9/BUILD.gn b/third_party/rust/const_oid/v0_9/BUILD.gn new file mode 100644 index 000000000000..1e1a948b0458 --- /dev/null +++ b/third_party/rust/const_oid/v0_9/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2024 The Brave Authors. All rights reserved. +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at https://mozilla.org/MPL/2.0/. + +# @generated from third_party/rust/chromium_crates_io/BUILD.gn.hbs by +# tools/crates/gnrt. +# Do not edit! + +import("//build/rust/cargo_crate.gni") + +cargo_crate("lib") { + crate_name = "const_oid" + epoch = "0.9" + crate_type = "rlib" + crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/lib.rs" + sources = [ + "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/arcs.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/checked.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/db.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/db/gen.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/encoder.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/error.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/parser.rs", + ] + inputs = [ "//brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/src/../README.md" ] + + build_native_rust_unit_tests = false + edition = "2021" + cargo_pkg_version = "0.9.6" + cargo_pkg_authors = "RustCrypto Developers" + cargo_pkg_name = "const-oid" + cargo_pkg_description = "Const-friendly implementation of the ISO/IEC Object Identifier (OID) standard as defined in ITU X.660, with support for BER/DER encoding/decoding as well as heapless no_std (i.e. embedded) support" + library_configs -= [ "//build/config/compiler:chromium_code" ] + library_configs += [ "//build/config/compiler:no_chromium_code" ] + executable_configs -= [ "//build/config/compiler:chromium_code" ] + executable_configs += [ "//build/config/compiler:no_chromium_code" ] + proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] + proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] +} diff --git a/third_party/rust/const_oid/v0_9/README.chromium b/third_party/rust/const_oid/v0_9/README.chromium new file mode 100644 index 000000000000..1d7a0ceb3b2e --- /dev/null +++ b/third_party/rust/const_oid/v0_9/README.chromium @@ -0,0 +1,12 @@ +Name: const-oid +URL: https://crates.io/crates/const-oid +Description: Const-friendly implementation of the ISO/IEC Object Identifier (OID) standard +as defined in ITU X.660, with support for BER/DER encoding/decoding as well as +heapless no_std (i.e. embedded) support + +Version: 0.9.6 +Security Critical: yes +Shipped: yes +License: Apache 2.0 +License File: //brave/third_party/rust/chromium_crates_io/vendor/const-oid-0.9.6/LICENSE-APACHE +Revision: 4432bcc0b2b721865740517e609e166e01726ccc diff --git a/third_party/rust/crypto_mac/v0_10/BUILD.gn b/third_party/rust/crypto_mac/v0_10/BUILD.gn deleted file mode 100644 index 42102d18fa00..000000000000 --- a/third_party/rust/crypto_mac/v0_10/BUILD.gn +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2024 The Brave Authors. All rights reserved. -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this file, -# You can obtain one at https://mozilla.org/MPL/2.0/. - -# @generated from third_party/rust/chromium_crates_io/BUILD.gn.hbs by -# tools/crates/gnrt. -# Do not edit! - -import("//build/rust/cargo_crate.gni") - -cargo_crate("lib") { - crate_name = "crypto_mac" - epoch = "0.10" - crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/lib.rs" - sources = [ - "//brave/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/dev.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/errors.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/src/lib.rs", - ] - inputs = [] - - build_native_rust_unit_tests = false - edition = "2018" - cargo_pkg_version = "0.10.1" - cargo_pkg_authors = "RustCrypto Developers" - cargo_pkg_name = "crypto-mac" - cargo_pkg_description = - "Trait for Message Authentication Code (MAC) algorithms" - library_configs -= [ "//build/config/compiler:chromium_code" ] - library_configs += [ "//build/config/compiler:no_chromium_code" ] - executable_configs -= [ "//build/config/compiler:chromium_code" ] - executable_configs += [ "//build/config/compiler:no_chromium_code" ] - proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] - proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] - deps = [ - "//brave/third_party/rust/generic_array/v0_14:lib", - "//brave/third_party/rust/subtle/v2:lib", - ] -} diff --git a/third_party/rust/crypto_mac/v0_10/README.chromium b/third_party/rust/crypto_mac/v0_10/README.chromium deleted file mode 100644 index 94fc91e51a80..000000000000 --- a/third_party/rust/crypto_mac/v0_10/README.chromium +++ /dev/null @@ -1,9 +0,0 @@ -Name: crypto-mac -URL: https://crates.io/crates/crypto-mac -Description: Trait for Message Authentication Code (MAC) algorithms -Version: 0.10.1 -Security Critical: yes -Shipped: yes -License: Apache 2.0 -License File: //brave/third_party/rust/chromium_crates_io/vendor/crypto-mac-0.10.1/LICENSE-APACHE -Revision: 6580afb3b14453944d014b11078d3c18643ebba2 diff --git a/third_party/rust/curve25519_dalek/v3/BUILD.gn b/third_party/rust/curve25519_dalek/v3/BUILD.gn deleted file mode 100644 index 4a36cedf7ab8..000000000000 --- a/third_party/rust/curve25519_dalek/v3/BUILD.gn +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright (c) 2024 The Brave Authors. All rights reserved. -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this file, -# You can obtain one at https://mozilla.org/MPL/2.0/. - -# @generated from third_party/rust/chromium_crates_io/BUILD.gn.hbs by -# tools/crates/gnrt. -# Do not edit! - -import("//build/rust/cargo_crate.gni") - -cargo_crate("lib") { - crate_name = "curve25519_dalek" - epoch = "3" - crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/lib.rs" - sources = [ - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/curve_models/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u32/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u32/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u64/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/fiat_u64/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/pippenger.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/precomputed_straus.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/straus.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/variable_base.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/scalar_mul/vartime_double_base.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u32/scalar.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/serial/u64/scalar.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/edwards.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/avx2/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/edwards.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/ifma/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/pippenger.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/precomputed_straus.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/straus.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/variable_base.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/backend/vector/scalar_mul/vartime_double_base.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/edwards.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/lib.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/macros.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/montgomery.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/prelude.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/ristretto.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/scalar.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/traits.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/window.rs", - ] - inputs = [ - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/../README.md", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/../docs/avx2-notes.md", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/../docs/ifma-notes.md", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/src/../docs/parallel-formulas.md", - ] - - build_native_rust_unit_tests = false - edition = "2015" - cargo_pkg_version = "3.2.0" - cargo_pkg_authors = "Isis Lovecruft , Henry de Valence " - cargo_pkg_name = "curve25519-dalek" - cargo_pkg_description = "A pure-Rust implementation of group operations on ristretto255 and Curve25519" - library_configs -= [ "//build/config/compiler:chromium_code" ] - library_configs += [ "//build/config/compiler:no_chromium_code" ] - executable_configs -= [ "//build/config/compiler:chromium_code" ] - executable_configs += [ "//build/config/compiler:no_chromium_code" ] - proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] - proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] - deps = [ - "//brave/third_party/rust/byteorder/v1:lib", - "//brave/third_party/rust/digest/v0_9:lib", - "//brave/third_party/rust/rand_core/v0_5:lib", - "//brave/third_party/rust/subtle/v2:lib", - "//brave/third_party/rust/zeroize/v1:lib", - ] - features = [ - "alloc", - "std", - "u64_backend", - ] - if (target_cpu == "x64") { - deps += [ - "//brave/third_party/rust/cpufeatures/v0_2:lib", - "//brave/third_party/rust/curve25519_dalek_derive/v0_1:lib", - ] - } -} diff --git a/third_party/rust/curve25519_dalek/v3/README.chromium b/third_party/rust/curve25519_dalek/v3/README.chromium deleted file mode 100644 index f62a723db8c4..000000000000 --- a/third_party/rust/curve25519_dalek/v3/README.chromium +++ /dev/null @@ -1,9 +0,0 @@ -Name: curve25519-dalek -URL: https://crates.io/crates/curve25519-dalek -Description: A pure-Rust implementation of group operations on ristretto255 and Curve25519 -Version: 3.2.0 -Security Critical: yes -Shipped: yes -License: BSD 3-Clause -License File: //brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-3.2.0/LICENSE -Revision: 09a726cc8c995a7565d80148536df21f1f287659 diff --git a/third_party/rust/curve25519_dalek/v4/BUILD.gn b/third_party/rust/curve25519_dalek/v4/BUILD.gn index 344e34c1e863..4efed11cef40 100644 --- a/third_party/rust/curve25519_dalek/v4/BUILD.gn +++ b/third_party/rust/curve25519_dalek/v4/BUILD.gn @@ -13,67 +13,67 @@ cargo_crate("lib") { crate_name = "curve25519_dalek" epoch = "4" crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/lib.rs" + crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/lib.rs" sources = [ - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/curve_models/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u32/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u32/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u64/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/fiat_u64/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/pippenger.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/precomputed_straus.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/straus.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/variable_base.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/scalar_mul/vartime_double_base.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u32/scalar.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/serial/u64/scalar.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/edwards.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/avx2/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/edwards.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/ifma/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/packed_simd.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/mod.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/pippenger.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/precomputed_straus.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/straus.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/variable_base.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/backend/vector/scalar_mul/vartime_double_base.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/diagnostics.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/edwards.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/field.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/lib.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/macros.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/montgomery.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/ristretto.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/scalar.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/traits.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/window.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/curve_models/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u32/field.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u32/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u64/field.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/fiat_u64/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/pippenger.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/precomputed_straus.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/straus.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/variable_base.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/scalar_mul/vartime_double_base.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/constants.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/field.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u32/scalar.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/constants.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/field.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/serial/u64/scalar.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/constants.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/edwards.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/field.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/avx2/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/constants.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/edwards.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/field.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/ifma/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/packed_simd.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/mod.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/pippenger.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/precomputed_straus.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/straus.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/variable_base.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/backend/vector/scalar_mul/vartime_double_base.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/constants.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/diagnostics.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/edwards.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/field.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/macros.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/montgomery.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/ristretto.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/scalar.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/traits.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/window.rs", ] inputs = [ - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/../README.md", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/../docs/avx2-notes.md", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/../docs/ifma-notes.md", - "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/src/../docs/parallel-formulas.md", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/../README.md", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/../docs/avx2-notes.md", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/../docs/ifma-notes.md", + "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/src/../docs/parallel-formulas.md", ] build_native_rust_unit_tests = false edition = "2021" - cargo_pkg_version = "4.1.1" + cargo_pkg_version = "4.1.3" cargo_pkg_authors = "Isis Lovecruft , Henry de Valence " cargo_pkg_name = "curve25519-dalek" cargo_pkg_description = "A pure-Rust implementation of group operations on ristretto255 and Curve25519" @@ -85,6 +85,7 @@ cargo_crate("lib") { proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] deps = [ "//brave/third_party/rust/cfg_if/v1:lib", + "//brave/third_party/rust/digest/v0_10:lib", "//brave/third_party/rust/rand_core/v0_6:lib", "//brave/third_party/rust/serde/v1:lib", "//brave/third_party/rust/subtle/v2:lib", @@ -96,19 +97,17 @@ cargo_crate("lib") { "//brave/third_party/rust/curve25519_dalek_derive/v0_1:lib", ] } - build_deps = [ - "//brave/third_party/rust/platforms/v3:buildrs_support", - "//brave/third_party/rust/rustc_version/v0_4:buildrs_support", - ] + build_deps = [ "//brave/third_party/rust/rustc_version/v0_4:buildrs_support" ] features = [ "alloc", + "digest", "precomputed-tables", "rand_core", "serde", "zeroize", ] - build_root = "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/build.rs" - build_sources = [ "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/build.rs" ] + build_root = "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/build.rs" + build_sources = [ "//brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/build.rs" ] if (target_cpu == "x64") { deps += [ "//brave/third_party/rust/cpufeatures/v0_2:lib", diff --git a/third_party/rust/curve25519_dalek/v4/README.chromium b/third_party/rust/curve25519_dalek/v4/README.chromium index c868c8d5eaac..4e9540180881 100644 --- a/third_party/rust/curve25519_dalek/v4/README.chromium +++ b/third_party/rust/curve25519_dalek/v4/README.chromium @@ -1,9 +1,9 @@ Name: curve25519-dalek URL: https://crates.io/crates/curve25519-dalek Description: A pure-Rust implementation of group operations on ristretto255 and Curve25519 -Version: 4.1.1 +Version: 4.1.3 Security Critical: yes Shipped: yes License: BSD 3-Clause -License File: //brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.1/LICENSE -Revision: 0cd099a9fb8ff9f6fedc8723d44dbb1c743e9d35 +License File: //brave/third_party/rust/chromium_crates_io/vendor/curve25519-dalek-4.1.3/LICENSE +Revision: 5312a0311ec40df95be953eacfa8a11b9a34bc54 diff --git a/third_party/rust/der/v0_7/BUILD.gn b/third_party/rust/der/v0_7/BUILD.gn new file mode 100644 index 000000000000..605b52f50e39 --- /dev/null +++ b/third_party/rust/der/v0_7/BUILD.gn @@ -0,0 +1,97 @@ +# Copyright (c) 2024 The Brave Authors. All rights reserved. +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at https://mozilla.org/MPL/2.0/. + +# @generated from third_party/rust/chromium_crates_io/BUILD.gn.hbs by +# tools/crates/gnrt. +# Do not edit! + +import("//build/rust/cargo_crate.gni") + +cargo_crate("lib") { + crate_name = "der" + epoch = "0.7" + crate_type = "rlib" + crate_root = + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/lib.rs" + sources = [ + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/arrayvec.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/any.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/bit_string.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/bmp_string.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/boolean.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/choice.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/context_specific.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/generalized_time.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/ia5_string.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer/int.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/integer/uint.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/internal_macros.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/null.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/octet_string.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/oid.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/optional.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/printable_string.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/real.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/sequence.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/sequence_of.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/set_of.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/teletex_string.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/utc_time.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/utf8_string.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/asn1/videotex_string.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/bytes_owned.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/bytes_ref.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/datetime.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/decode.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/document.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/encode.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/encode_ref.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/error.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/header.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/length.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/ord.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/nested.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/pem.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/reader/slice.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/referenced.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/str_owned.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/str_ref.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/class.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/mode.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/tag/number.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer/pem.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/writer/slice.rs", + ] + inputs = [ "//brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/src/../README.md" ] + + build_native_rust_unit_tests = false + edition = "2021" + cargo_pkg_version = "0.7.9" + cargo_pkg_authors = "RustCrypto Developers" + cargo_pkg_name = "der" + cargo_pkg_description = "Pure Rust embedded-friendly implementation of the Distinguished Encoding Rules (DER) for Abstract Syntax Notation One (ASN.1) as described in ITU X.690 with full support for heapless no_std targets" + library_configs -= [ "//build/config/compiler:chromium_code" ] + library_configs += [ "//build/config/compiler:no_chromium_code" ] + executable_configs -= [ "//build/config/compiler:chromium_code" ] + executable_configs += [ "//build/config/compiler:no_chromium_code" ] + proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] + proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] + deps = [ + "//brave/third_party/rust/const_oid/v0_9:lib", + "//brave/third_party/rust/zeroize/v1:lib", + ] + features = [ + "alloc", + "oid", + "std", + "zeroize", + ] +} diff --git a/third_party/rust/der/v0_7/README.chromium b/third_party/rust/der/v0_7/README.chromium new file mode 100644 index 000000000000..df9a79b1fb12 --- /dev/null +++ b/third_party/rust/der/v0_7/README.chromium @@ -0,0 +1,12 @@ +Name: der +URL: https://crates.io/crates/der +Description: Pure Rust embedded-friendly implementation of the Distinguished Encoding Rules +(DER) for Abstract Syntax Notation One (ASN.1) as described in ITU X.690 with +full support for heapless no_std targets + +Version: 0.7.9 +Security Critical: yes +Shipped: yes +License: Apache 2.0 +License File: //brave/third_party/rust/chromium_crates_io/vendor/der-0.7.9/LICENSE-APACHE +Revision: 9bf880934c350a5af67df17ba12bf8636486f7f9 diff --git a/third_party/rust/ed25519/v1/BUILD.gn b/third_party/rust/ed25519/v2/BUILD.gn similarity index 79% rename from third_party/rust/ed25519/v1/BUILD.gn rename to third_party/rust/ed25519/v2/BUILD.gn index ef5745dae300..7955575de316 100644 --- a/third_party/rust/ed25519/v1/BUILD.gn +++ b/third_party/rust/ed25519/v2/BUILD.gn @@ -11,19 +11,20 @@ import("//build/rust/cargo_crate.gni") cargo_crate("lib") { crate_name = "ed25519" - epoch = "1" + epoch = "2" crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/lib.rs" + crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/lib.rs" sources = [ - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/lib.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/pkcs8.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/serde.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/hex.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/pkcs8.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/serde.rs", ] - inputs = [ "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/src/../README.md" ] + inputs = [ "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/src/../README.md" ] build_native_rust_unit_tests = false edition = "2021" - cargo_pkg_version = "1.5.3" + cargo_pkg_version = "2.2.3" cargo_pkg_authors = "RustCrypto Developers" cargo_pkg_name = "ed25519" cargo_pkg_description = "Edwards Digital Signature Algorithm (EdDSA) over Curve25519 (as specified in RFC 8032) support library providing signature type definitions and PKCS#8 private key decoding/encoding support" @@ -33,6 +34,12 @@ cargo_crate("lib") { executable_configs += [ "//build/config/compiler:no_chromium_code" ] proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] - deps = [ "//brave/third_party/rust/signature/v1:lib" ] - features = [ "std" ] + deps = [ + "//brave/third_party/rust/pkcs8/v0_10:lib", + "//brave/third_party/rust/signature/v2:lib", + ] + features = [ + "alloc", + "std", + ] } diff --git a/third_party/rust/ed25519/v1/README.chromium b/third_party/rust/ed25519/v2/README.chromium similarity index 79% rename from third_party/rust/ed25519/v1/README.chromium rename to third_party/rust/ed25519/v2/README.chromium index 2a4dffa6ac84..67ee70335766 100644 --- a/third_party/rust/ed25519/v1/README.chromium +++ b/third_party/rust/ed25519/v2/README.chromium @@ -4,9 +4,9 @@ Description: Edwards Digital Signature Algorithm (EdDSA) over Curve25519 (as spe support library providing signature type definitions and PKCS#8 private key decoding/encoding support -Version: 1.5.3 +Version: 2.2.3 Security Critical: yes Shipped: yes License: Apache 2.0 -License File: //brave/third_party/rust/chromium_crates_io/vendor/ed25519-1.5.3/LICENSE-APACHE -Revision: 35ee637ade5672c7c521cc56c839ca5264244c2c +License File: //brave/third_party/rust/chromium_crates_io/vendor/ed25519-2.2.3/LICENSE-APACHE +Revision: 07b095c32a3527ee47da5c4878bf203557b36e5e diff --git a/third_party/rust/ed25519_dalek/v1/BUILD.gn b/third_party/rust/ed25519_dalek/v2/BUILD.gn similarity index 70% rename from third_party/rust/ed25519_dalek/v1/BUILD.gn rename to third_party/rust/ed25519_dalek/v2/BUILD.gn index 26496f9c8e6e..5c300cd8e7b1 100644 --- a/third_party/rust/ed25519_dalek/v1/BUILD.gn +++ b/third_party/rust/ed25519_dalek/v2/BUILD.gn @@ -11,25 +11,26 @@ import("//build/rust/cargo_crate.gni") cargo_crate("lib") { crate_name = "ed25519_dalek" - epoch = "1" + epoch = "2" crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/lib.rs" + crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/lib.rs" sources = [ - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/batch.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/constants.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/errors.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/keypair.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/lib.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/public.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/secret.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/src/signature.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/batch.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/constants.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/context.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/errors.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/hazmat.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/signature.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/signing.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/src/verifying.rs", ] inputs = [] build_native_rust_unit_tests = false - edition = "2018" - cargo_pkg_version = "1.0.1" - cargo_pkg_authors = "isis lovecruft " + edition = "2021" + cargo_pkg_version = "2.1.1" + cargo_pkg_authors = "isis lovecruft , Tony Arcieri , Michael Rosenberg " cargo_pkg_name = "ed25519-dalek" cargo_pkg_description = "Fast and efficient ed25519 EdDSA key generations, signing, and verification in pure Rust." library_configs -= [ "//build/config/compiler:chromium_code" ] @@ -39,20 +40,18 @@ cargo_crate("lib") { proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] deps = [ - "//brave/third_party/rust/curve25519_dalek/v3:lib", - "//brave/third_party/rust/ed25519/v1:lib", - "//brave/third_party/rust/rand/v0_7:lib", + "//brave/third_party/rust/curve25519_dalek/v4:lib", + "//brave/third_party/rust/ed25519/v2:lib", + "//brave/third_party/rust/rand_core/v0_6:lib", "//brave/third_party/rust/serde/v1:lib", - "//brave/third_party/rust/sha2/v0_9:lib", + "//brave/third_party/rust/sha2/v0_10:lib", + "//brave/third_party/rust/subtle/v2:lib", "//brave/third_party/rust/zeroize/v1:lib", ] - aliased_deps = { - serde_crate = "//brave/third_party/rust/serde/v1:lib" - } features = [ - "rand", - "serde_crate", + "alloc", + "rand_core", "std", - "u64_backend", + "zeroize", ] } diff --git a/third_party/rust/ed25519_dalek/v1/README.chromium b/third_party/rust/ed25519_dalek/v2/README.chromium similarity index 75% rename from third_party/rust/ed25519_dalek/v1/README.chromium rename to third_party/rust/ed25519_dalek/v2/README.chromium index 73e8818c3ade..d285a496a6f4 100644 --- a/third_party/rust/ed25519_dalek/v1/README.chromium +++ b/third_party/rust/ed25519_dalek/v2/README.chromium @@ -1,9 +1,9 @@ Name: ed25519-dalek URL: https://crates.io/crates/ed25519-dalek Description: Fast and efficient ed25519 EdDSA key generations, signing, and verification in pure Rust. -Version: 1.0.1 +Version: 2.1.1 Security Critical: yes Shipped: yes License: BSD 3-Clause -License File: //brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-1.0.1/LICENSE -Revision: 1042cb60a07cdaacb59ca209716b69f444460f8f +License File: //brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-2.1.1/LICENSE +Revision: 4ac84dd0668b1d2e51654fcdffe4ae6a687bef00 diff --git a/third_party/rust/ed25519_dalek_bip32/v0_2/BUILD.gn b/third_party/rust/ed25519_dalek_bip32/v0_3/BUILD.gn similarity index 87% rename from third_party/rust/ed25519_dalek_bip32/v0_2/BUILD.gn rename to third_party/rust/ed25519_dalek_bip32/v0_3/BUILD.gn index 7a91e1e7d666..5543a3f7ef2b 100644 --- a/third_party/rust/ed25519_dalek_bip32/v0_2/BUILD.gn +++ b/third_party/rust/ed25519_dalek_bip32/v0_3/BUILD.gn @@ -11,15 +11,15 @@ import("//build/rust/cargo_crate.gni") cargo_crate("lib") { crate_name = "ed25519_dalek_bip32" - epoch = "0.2" + epoch = "0.3" crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/src/lib.rs" - sources = [ "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/src/lib.rs" ] + crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/src/lib.rs" + sources = [ "//brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/src/lib.rs" ] inputs = [] build_native_rust_unit_tests = false - edition = "2018" - cargo_pkg_version = "0.2.0" + edition = "2021" + cargo_pkg_version = "0.3.0" cargo_pkg_authors = "Julian Popescu " cargo_pkg_name = "ed25519-dalek-bip32" cargo_pkg_description = "Simplified ed25519 BIP32 derivations" @@ -31,7 +31,7 @@ cargo_crate("lib") { proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] deps = [ "//brave/third_party/rust/derivation_path/v0_2:lib", - "//brave/third_party/rust/ed25519_dalek/v1:lib", + "//brave/third_party/rust/ed25519_dalek/v2:lib", "//brave/third_party/rust/hmac/v0_12:lib", "//brave/third_party/rust/sha2/v0_10:lib", ] diff --git a/third_party/rust/ed25519_dalek_bip32/v0_2/README.chromium b/third_party/rust/ed25519_dalek_bip32/v0_3/README.chromium similarity index 65% rename from third_party/rust/ed25519_dalek_bip32/v0_2/README.chromium rename to third_party/rust/ed25519_dalek_bip32/v0_3/README.chromium index 750f3569c389..303074e1653d 100644 --- a/third_party/rust/ed25519_dalek_bip32/v0_2/README.chromium +++ b/third_party/rust/ed25519_dalek_bip32/v0_3/README.chromium @@ -1,9 +1,9 @@ Name: ed25519-dalek-bip32 URL: https://crates.io/crates/ed25519-dalek-bip32 Description: Simplified ed25519 BIP32 derivations -Version: 0.2.0 +Version: 0.3.0 Security Critical: yes Shipped: yes License: Apache 2.0 -License File: //brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.2.0/../../../../../common/licenses/Apache-2.0 -Revision: 1f005ab4e8d22077187bad8dd13d843f48b94d62 +License File: //brave/third_party/rust/chromium_crates_io/vendor/ed25519-dalek-bip32-0.3.0/../../../../../common/licenses/Apache-2.0 +Revision: cfa4df6c621d99429d4357b6823fb48f8e4fe8ad diff --git a/third_party/rust/hmac/v0_10/BUILD.gn b/third_party/rust/hmac/v0_10/BUILD.gn deleted file mode 100644 index 35b063f2a6d4..000000000000 --- a/third_party/rust/hmac/v0_10/BUILD.gn +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright (c) 2024 The Brave Authors. All rights reserved. -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this file, -# You can obtain one at https://mozilla.org/MPL/2.0/. - -# @generated from third_party/rust/chromium_crates_io/BUILD.gn.hbs by -# tools/crates/gnrt. -# Do not edit! - -import("//build/rust/cargo_crate.gni") - -cargo_crate("lib") { - crate_name = "hmac" - epoch = "0.10" - crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/src/lib.rs" - sources = [ - "//brave/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/src/lib.rs", - ] - inputs = [] - - build_native_rust_unit_tests = false - edition = "2018" - cargo_pkg_version = "0.10.1" - cargo_pkg_authors = "RustCrypto Developers" - cargo_pkg_name = "hmac" - cargo_pkg_description = - "Generic implementation of Hash-based Message Authentication Code (HMAC)" - library_configs -= [ "//build/config/compiler:chromium_code" ] - library_configs += [ "//build/config/compiler:no_chromium_code" ] - executable_configs -= [ "//build/config/compiler:chromium_code" ] - executable_configs += [ "//build/config/compiler:no_chromium_code" ] - proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] - proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] - deps = [ - "//brave/third_party/rust/crypto_mac/v0_10:lib", - "//brave/third_party/rust/digest/v0_9:lib", - ] -} diff --git a/third_party/rust/hmac/v0_10/README.chromium b/third_party/rust/hmac/v0_10/README.chromium deleted file mode 100644 index 86cc513d4649..000000000000 --- a/third_party/rust/hmac/v0_10/README.chromium +++ /dev/null @@ -1,9 +0,0 @@ -Name: hmac -URL: https://crates.io/crates/hmac -Description: Generic implementation of Hash-based Message Authentication Code (HMAC) -Version: 0.10.1 -Security Critical: yes -Shipped: yes -License: Apache 2.0 -License File: //brave/third_party/rust/chromium_crates_io/vendor/hmac-0.10.1/LICENSE-APACHE -Revision: b03defa3b338b7a45538bca6c492f75dcb4f0216 diff --git a/third_party/rust/pkcs8/v0_10/BUILD.gn b/third_party/rust/pkcs8/v0_10/BUILD.gn new file mode 100644 index 000000000000..cb3ad657b16a --- /dev/null +++ b/third_party/rust/pkcs8/v0_10/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2024 The Brave Authors. All rights reserved. +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at https://mozilla.org/MPL/2.0/. + +# @generated from third_party/rust/chromium_crates_io/BUILD.gn.hbs by +# tools/crates/gnrt. +# Do not edit! + +import("//build/rust/cargo_crate.gni") + +cargo_crate("lib") { + crate_name = "pkcs8" + epoch = "0.10" + crate_type = "rlib" + crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/lib.rs" + sources = [ + "//brave/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/encrypted_private_key_info.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/error.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/private_key_info.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/traits.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/version.rs", + ] + inputs = [ "//brave/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/src/../README.md" ] + + build_native_rust_unit_tests = false + edition = "2021" + cargo_pkg_version = "0.10.2" + cargo_pkg_authors = "RustCrypto Developers" + cargo_pkg_name = "pkcs8" + cargo_pkg_description = "Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification (RFC 5208), with additional support for PKCS#8v2 asymmetric key packages (RFC 5958)" + library_configs -= [ "//build/config/compiler:chromium_code" ] + library_configs += [ "//build/config/compiler:no_chromium_code" ] + executable_configs -= [ "//build/config/compiler:chromium_code" ] + executable_configs += [ "//build/config/compiler:no_chromium_code" ] + proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] + proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] + deps = [ + "//brave/third_party/rust/der/v0_7:lib", + "//brave/third_party/rust/spki/v0_7:lib", + ] + features = [ + "alloc", + "std", + ] +} diff --git a/third_party/rust/pkcs8/v0_10/README.chromium b/third_party/rust/pkcs8/v0_10/README.chromium new file mode 100644 index 000000000000..57dcd379d1f9 --- /dev/null +++ b/third_party/rust/pkcs8/v0_10/README.chromium @@ -0,0 +1,12 @@ +Name: pkcs8 +URL: https://crates.io/crates/pkcs8 +Description: Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: +Private-Key Information Syntax Specification (RFC 5208), with additional +support for PKCS#8v2 asymmetric key packages (RFC 5958) + +Version: 0.10.2 +Security Critical: yes +Shipped: yes +License: Apache 2.0 +License File: //brave/third_party/rust/chromium_crates_io/vendor/pkcs8-0.10.2/LICENSE-APACHE +Revision: 7736dd21389b8820dfeb396e8c4c932de93d3ddf diff --git a/third_party/rust/platforms/v3/BUILD.gn b/third_party/rust/platforms/v3/BUILD.gn deleted file mode 100644 index 42353dd87e80..000000000000 --- a/third_party/rust/platforms/v3/BUILD.gn +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright (c) 2024 The Brave Authors. All rights reserved. -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this file, -# You can obtain one at https://mozilla.org/MPL/2.0/. - -# @generated from third_party/rust/chromium_crates_io/BUILD.gn.hbs by -# tools/crates/gnrt. -# Do not edit! - -import("//build/rust/cargo_crate.gni") - -cargo_crate("buildrs_support") { - crate_name = "platforms" - epoch = "3" - crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/lib.rs" - sources = [ - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/error.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/lib.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/platforms.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/req.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/platform/tier.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target.rs", - ] - inputs = [ - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/arch.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/endian.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/env.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/os.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/src/target/pointerwidth.rs", - ] - - build_native_rust_unit_tests = false - edition = "2018" - cargo_pkg_version = "3.2.0" - cargo_pkg_authors = "Tony Arcieri , Sergey \"Shnatsel\" Davidoff " - cargo_pkg_name = "platforms" - cargo_pkg_description = "Rust platform registry with information about valid Rust platforms (target triple, target_arch, target_os) sourced from the Rust compiler." - library_configs -= [ "//build/config/compiler:chromium_code" ] - library_configs += [ "//build/config/compiler:no_chromium_code" ] - executable_configs -= [ "//build/config/compiler:chromium_code" ] - executable_configs += [ "//build/config/compiler:no_chromium_code" ] - proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] - proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] - features = [ "std" ] -} diff --git a/third_party/rust/platforms/v3/README.chromium b/third_party/rust/platforms/v3/README.chromium deleted file mode 100644 index 911351520584..000000000000 --- a/third_party/rust/platforms/v3/README.chromium +++ /dev/null @@ -1,11 +0,0 @@ -Name: platforms -URL: https://crates.io/crates/platforms -Description: Rust platform registry with information about valid Rust platforms (target -triple, target_arch, target_os) sourced from the Rust compiler. - -Version: 3.2.0 -Security Critical: yes -Shipped: yes -License: Apache 2.0 -License File: //brave/third_party/rust/chromium_crates_io/vendor/platforms-3.2.0/LICENSE-APACHE -Revision: b6baecc0ea4e2d115e4e10b10c2196b33d42c1da diff --git a/third_party/rust/rand_chacha/v0_2/BUILD.gn b/third_party/rust/rand_chacha/v0_2/BUILD.gn index b158f6895006..d59bbbaccf19 100644 --- a/third_party/rust/rand_chacha/v0_2/BUILD.gn +++ b/third_party/rust/rand_chacha/v0_2/BUILD.gn @@ -37,8 +37,5 @@ cargo_crate("lib") { "//brave/third_party/rust/ppv_lite86/v0_2:lib", "//brave/third_party/rust/rand_core/v0_5:lib", ] - features = [ - "simd", - "std", - ] + features = [ "std" ] } diff --git a/third_party/rust/rand_chacha/v0_3/BUILD.gn b/third_party/rust/rand_chacha/v0_3/BUILD.gn new file mode 100644 index 000000000000..49763c1a9705 --- /dev/null +++ b/third_party/rust/rand_chacha/v0_3/BUILD.gn @@ -0,0 +1,3 @@ +group("lib") { + public_deps = [ "//third_party/rust/rand_chacha/v0_3:lib" ] +} diff --git a/third_party/rust/rand_chacha/v0_3/README.chromium b/third_party/rust/rand_chacha/v0_3/README.chromium index a4cad56ad542..c251f8737cde 100644 --- a/third_party/rust/rand_chacha/v0_3/README.chromium +++ b/third_party/rust/rand_chacha/v0_3/README.chromium @@ -3,7 +3,8 @@ URL: https://crates.io/crates/rand_chacha Description: ChaCha random number generator Version: 0.3.1 -Security Critical: yes -Shipped: yes +Security Critical: no +Shipped: no License: Apache 2.0 -License File: //brave/third_party/rust/chromium_crates_io/vendor/rand_chacha-0.3.1/../../../../../common/licenses/Apache-2.0 +License File: //third_party/rust/chromium_crates_io/vendor/rand_chacha-0.3.1/LICENSE-APACHE +Revision: 98a0339f99ecfe0467b2829c329bd8b7525a1c21 diff --git a/third_party/rust/signature/v1/BUILD.gn b/third_party/rust/signature/v2/BUILD.gn similarity index 78% rename from third_party/rust/signature/v1/BUILD.gn rename to third_party/rust/signature/v2/BUILD.gn index 360b6d8016a4..d9f23819a7b3 100644 --- a/third_party/rust/signature/v1/BUILD.gn +++ b/third_party/rust/signature/v2/BUILD.gn @@ -11,23 +11,24 @@ import("//build/rust/cargo_crate.gni") cargo_crate("lib") { crate_name = "signature" - epoch = "1" + epoch = "2" crate_type = "rlib" - crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/lib.rs" + crate_root = "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/lib.rs" sources = [ - "//brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/error.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/hazmat.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/keypair.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/lib.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/signature.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/signer.rs", - "//brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/verifier.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/encoding.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/error.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/hazmat.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/keypair.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/prehash_signature.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/signer.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/verifier.rs", ] - inputs = [ "//brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/src/../README.md" ] + inputs = [ "//brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/src/../README.md" ] build_native_rust_unit_tests = false edition = "2021" - cargo_pkg_version = "1.6.4" + cargo_pkg_version = "2.2.0" cargo_pkg_authors = "RustCrypto Developers" cargo_pkg_name = "signature" cargo_pkg_description = @@ -38,5 +39,9 @@ cargo_crate("lib") { executable_configs += [ "//build/config/compiler:no_chromium_code" ] proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] - features = [ "std" ] + deps = [ "//brave/third_party/rust/rand_core/v0_6:lib" ] + features = [ + "alloc", + "std", + ] } diff --git a/third_party/rust/signature/v1/README.chromium b/third_party/rust/signature/v2/README.chromium similarity index 72% rename from third_party/rust/signature/v1/README.chromium rename to third_party/rust/signature/v2/README.chromium index 256cdad3924e..7cf2894de601 100644 --- a/third_party/rust/signature/v1/README.chromium +++ b/third_party/rust/signature/v2/README.chromium @@ -1,9 +1,9 @@ Name: signature URL: https://crates.io/crates/signature Description: Traits for cryptographic signature algorithms (e.g. ECDSA, Ed25519) -Version: 1.6.4 +Version: 2.2.0 Security Critical: yes Shipped: yes License: Apache 2.0 -License File: //brave/third_party/rust/chromium_crates_io/vendor/signature-1.6.4/LICENSE-APACHE -Revision: 0af331bf4424716a1cd33d188f7a614dad04a3a7 +License File: //brave/third_party/rust/chromium_crates_io/vendor/signature-2.2.0/LICENSE-APACHE +Revision: 5adcd4819b380b4aaec2b57c6bf3f2239a109060 diff --git a/third_party/rust/spki/v0_7/BUILD.gn b/third_party/rust/spki/v0_7/BUILD.gn new file mode 100644 index 000000000000..d07080cdd9c3 --- /dev/null +++ b/third_party/rust/spki/v0_7/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (c) 2024 The Brave Authors. All rights reserved. +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at https://mozilla.org/MPL/2.0/. + +# @generated from third_party/rust/chromium_crates_io/BUILD.gn.hbs by +# tools/crates/gnrt. +# Do not edit! + +import("//build/rust/cargo_crate.gni") + +cargo_crate("lib") { + crate_name = "spki" + epoch = "0.7" + crate_type = "rlib" + crate_root = + "//brave/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/lib.rs" + sources = [ + "//brave/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/algorithm.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/error.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/fingerprint.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/lib.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/spki.rs", + "//brave/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/traits.rs", + ] + inputs = [ "//brave/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/src/../README.md" ] + + build_native_rust_unit_tests = false + edition = "2021" + cargo_pkg_version = "0.7.3" + cargo_pkg_authors = "RustCrypto Developers" + cargo_pkg_name = "spki" + cargo_pkg_description = "X.509 Subject Public Key Info (RFC5280) describing public keys as well as their associated AlgorithmIdentifiers (i.e. OIDs)" + library_configs -= [ "//build/config/compiler:chromium_code" ] + library_configs += [ "//build/config/compiler:no_chromium_code" ] + executable_configs -= [ "//build/config/compiler:chromium_code" ] + executable_configs += [ "//build/config/compiler:no_chromium_code" ] + proc_macro_configs -= [ "//build/config/compiler:chromium_code" ] + proc_macro_configs += [ "//build/config/compiler:no_chromium_code" ] + deps = [ + "//brave/third_party/rust/base64ct/v1:lib", + "//brave/third_party/rust/der/v0_7:lib", + ] + features = [ + "alloc", + "std", + ] +} diff --git a/third_party/rust/spki/v0_7/README.chromium b/third_party/rust/spki/v0_7/README.chromium new file mode 100644 index 000000000000..b94842271724 --- /dev/null +++ b/third_party/rust/spki/v0_7/README.chromium @@ -0,0 +1,11 @@ +Name: spki +URL: https://crates.io/crates/spki +Description: X.509 Subject Public Key Info (RFC5280) describing public keys as well as their +associated AlgorithmIdentifiers (i.e. OIDs) + +Version: 0.7.3 +Security Critical: yes +Shipped: yes +License: Apache 2.0 +License File: //brave/third_party/rust/chromium_crates_io/vendor/spki-0.7.3/LICENSE-APACHE +Revision: 15ea461dc3484d48710deed932e4d3d9052c1f9b