The initial cut-in was missing preamble present in Moon's curve25519_donna function. It originally tested good because we only perform a pairwise consistency check in release builds. Comprehensive testing with debug builds revealed the problem. Debug builds cross-validate against Bernstein's TweetNaCl library.
Add is_clamped for secret key validation.
Cleanup paramter names in Donna::curve25519 to follow function.
Overload Donna::curve25519 to implicitly use base point if not provided.
Add additional asserts to let the code debug itself.
Update documentation.
The strategy of "cleanup under-aligned buffers" is not scaling well. Corner cases are still turing up. The library has some corner-case breaks, like old 32-bit Intels. And it still has not solved the AltiVec and Power8 alignment problems.
For now we are backing out the changes and investigating other strategies
GCC117 is a Aarch64/ARM64 server with AMD's ARM chip and GCC 7.10. It looks like GCC is performing some std::string optimizations that generates a finding. We did not witness the finding on other platforms, like other Aarch64 devices and x86_64.
We will need to check if taking the address of element-0 is still approved way to get the non-const pointer to the elements
GCC117 is a Aarch64/ARM64 server powered by AMD's ARM chip. It runs GCC 7.10. It looks like GCC is performing some std::string optimizations that generates a finding. We have not witnessed the finding on other platforms
This reverts commit eb3b27a6a5. The change broke GCC 4.8 and unknown version of Clang on OS X. UB reported the OS X break, and JW found duplicated the break on a ARM CubieTruck with GCC 4.8.
They seemed to produce a hang when running self tests in AppVeyor.
Also use IsDebuggerPresent() to determine when we should call DebugBreak(). The OS killed our debug build when fuzzing caused an assert to fail
Jeffrey Walton
orangefour