piros/tor: Code added to Tor to support PIR-based onion service descriptor lookups @ 2bcd264a28e2d6bec1e806e779bf82435c9c7505

Nick Mathewson f5cc8da7e0 Use DIGEST512_LEN macro in crypto_hash_sha512.h in ref10		7 rokov pred
..
Makefile	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
README.tor	f0eb7ae79f More documentation for ed25519 stuff.	9 rokov pred
api.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
base.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
base.py	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
base2.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
base2.py	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
blinding.c	8c6b528b00 Disambiguate: Avoid defining two static functions both called gettweak()	8 rokov pred
crypto_hash_sha512.h	f5cc8da7e0 Use DIGEST512_LEN macro in crypto_hash_sha512.h in ref10	7 rokov pred
crypto_int32.h	6b155dc1a6 Stop signed left shifts overflowing in ed25519: Macros	9 rokov pred
crypto_int64.h	6b155dc1a6 Stop signed left shifts overflowing in ed25519: Macros	9 rokov pred
crypto_sign.h	006e6d3b6f Another ed25519 tweak: store secret keys in expanded format	9 rokov pred
crypto_uint32.h	8b36bb9299 Add headers as needed to make ed25519_ref10 compile.	9 rokov pred
crypto_uint64.h	8b36bb9299 Add headers as needed to make ed25519_ref10 compile.	9 rokov pred
crypto_verify_32.h	8b36bb9299 Add headers as needed to make ed25519_ref10 compile.	9 rokov pred
d.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
d.py	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
d2.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
d2.py	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ed25519_ref10.h	9190468246 Fix warnings on 32-bit builds.	9 rokov pred
fe.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_0.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_1.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_add.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_cmov.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_copy.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_frombytes.c	6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values	9 rokov pred
fe_invert.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_isnegative.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_isnonzero.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_mul.c	6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values	9 rokov pred
fe_neg.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_pow22523.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_sq.c	6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values	9 rokov pred
fe_sq2.c	6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values	9 rokov pred
fe_sub.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
fe_tobytes.c	6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values	9 rokov pred
ge.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_add.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_add.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_add.q	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_double_scalarmult.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_frombytes.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_madd.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_madd.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_madd.q	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_msub.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_msub.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_msub.q	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p1p1_to_p2.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p1p1_to_p3.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p2_0.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p2_dbl.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p2_dbl.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p2_dbl.q	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p3_0.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p3_dbl.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p3_to_cached.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p3_to_p2.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_p3_tobytes.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_precomp_0.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_scalarmult_base.c	b7eab94a90 Stop ed25519 8-bit signed left shift overflowing	9 rokov pred
ge_sub.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_sub.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_sub.q	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
ge_tobytes.c	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
keyconv.c	4caa6fad4c Add curve25519->ed25519 key conversion per proposal 228	9 rokov pred
keypair.c	94bff894f9 Fix a large pile of solaris warnings for bug 19767.	7 rokov pred
open.c	94bff894f9 Fix a large pile of solaris warnings for bug 19767.	7 rokov pred
pow22523.h	27bd1ef100 Comment-out dead code in ed25519/ref10	9 rokov pred
pow22523.q	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
pow225521.h	27bd1ef100 Comment-out dead code in ed25519/ref10	9 rokov pred
pow225521.q	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
q2h.sh	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
randombytes.h	2259de0de7 Always hash crypto_strongest_rand() along with some prng	8 rokov pred
sc.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
sc_muladd.c	6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values	9 rokov pred
sc_reduce.c	6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values	9 rokov pred
sign.c	9190468246 Fix warnings on 32-bit builds.	9 rokov pred
sqrtm1.h	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred
sqrtm1.py	b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622	9 rokov pred

		
				README.tor
			
We've made the following changes to the stock ed25519_ref10 from
supercop-20140622:

   * We added the necessary glue to provide integers of fixed bit
     sizes, SHA512, and to compile without warnings everywhere we need
     to build.

   * Secret keys are stored in expanded format.  There are functions
     to expand them from the 32-byte seed.

   * Signatures are made and processed detached from the messages that
     they sign.  (In other words, we support "make signature" and
     "check signature", not "create signed message" and "check and
     unpack signed message".)

   * There's an implementation of 'convert a curve25519 key to an
     ed25519 key' so we can do cross-certification with curve25519 keys.
     (keyconv.c)

   * There's an implementation of multiplicative key blinding so we
     can use it for next-gen hidden srevice descriptors. (blinding.c)