all: expose edwards25519, base, and scalar packages

base/alias_test.go

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package radix51
+package base
 
 import (
 	"testing"

base/bench_test.go

@@ -2,18 +2,18 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package radix51_test
+package base_test
 
 import (
 	"testing"
 
-	"github.com/gtank/ristretto255/internal/radix51"
+	"filippo.io/edwards25519/base"
 )
 
 func BenchmarkAdd(b *testing.B) {
-	var x, y radix51.FieldElement
+	var x, y base.FieldElement
 	x.One()
-	y.Add(radix51.One, radix51.One)
+	y.Add(base.One, base.One)
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		x.Add(&x, &y)
@@ -21,9 +21,9 @@ func BenchmarkAdd(b *testing.B) {
 }
 
 func BenchmarkMul(b *testing.B) {
-	var x, y radix51.FieldElement
+	var x, y base.FieldElement
 	x.One()
-	y.Add(radix51.One, radix51.One)
+	y.Add(base.One, base.One)
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		x.Mul(&x, &y)
@@ -31,7 +31,7 @@ func BenchmarkMul(b *testing.B) {
 }
 
 func BenchmarkMul32(b *testing.B) {
-	var x radix51.FieldElement
+	var x base.FieldElement
 	x.One()
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {

base/fe.go

@@ -3,13 +3,13 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package radix51 implements GF(2^255-19) field arithmetic in radix 2^51
+// Package base implements GF(2^255-19) field arithmetic in radix 2^51
 // representation. This code is a port of the public domain amd64-51-30k version
 // of ed25519 from SUPERCOP.
 //
 // The interface works similarly to math/big.Int, and all arguments and
 // receivers are allowed to alias.
-package radix51
+package base
 
 import (
 	"crypto/subtle"

base/fe_amd64.go

@@ -4,7 +4,7 @@
 
 // +build amd64,!purego
 
-package radix51
+package base
 
 //go:noescape
 func feMul(out, a, b *FieldElement)

base/fe_generic.go

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package radix51
+package base
 
 func feMulGeneric(v, x, y *FieldElement) {
 	x0 := x[0]

base/fe_noasm.go

@@ -4,7 +4,7 @@
 
 // +build !amd64 purego
 
-package radix51
+package base
 
 func feMul(v, x, y *FieldElement) { feMulGeneric(v, x, y) }
 

base/fe_test.go

@@ -3,7 +3,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package radix51
+package base
 
 import (
 	"bytes"

base/mul_bits.go

@@ -5,7 +5,7 @@
 
 // +build go1.13
 
-package radix51
+package base
 
 import "math/bits"
 

base/mul_compat.go

@@ -5,7 +5,7 @@
 
 // +build !go1.13
 
-package radix51
+package base
 
 import "unsafe"
 

edwards25519.go

@@ -11,14 +11,12 @@
 // the curve used by the Ed25519 signature scheme.
 package edwards25519
 
-import (
-	"github.com/gtank/ristretto255/internal/radix51"
-)
+import "filippo.io/edwards25519/base"
 
 // D is a constant in the curve equation.
-var D = &radix51.FieldElement{929955233495203, 466365720129213,
+var D = &base.FieldElement{929955233495203, 466365720129213,
 	1662059464998953, 2033849074728123, 1442794654840575}
-var d2 = new(radix51.FieldElement).Add(D, D)
+var d2 = new(base.FieldElement).Add(D, D)
 
 // Point types.
 
@@ -27,31 +25,31 @@ var d2 = new(radix51.FieldElement).Add(D, D)
 // https://doc-internal.dalek.rs/curve25519_dalek/backend/serial/curve_models/index.html
 
 type ProjP1xP1 struct {
-	X, Y, Z, T radix51.FieldElement
+	X, Y, Z, T base.FieldElement
 }
 
 type ProjP2 struct {
-	X, Y, Z radix51.FieldElement
+	X, Y, Z base.FieldElement
 }
 
 type ProjP3 struct {
-	X, Y, Z, T radix51.FieldElement
+	X, Y, Z, T base.FieldElement
 }
 
 type ProjCached struct {
-	YplusX, YminusX, Z, T2d radix51.FieldElement
+	YplusX, YminusX, Z, T2d base.FieldElement
 }
 
 type AffineCached struct {
-	YplusX, YminusX, T2d radix51.FieldElement
+	YplusX, YminusX, T2d base.FieldElement
 }
 
 // B is the Ed25519 basepoint.
 var B = ProjP3{
-	X: radix51.FieldElement([5]uint64{1738742601995546, 1146398526822698, 2070867633025821, 562264141797630, 587772402128613}),
-	Y: radix51.FieldElement([5]uint64{1801439850948184, 1351079888211148, 450359962737049, 900719925474099, 1801439850948198}),
-	Z: radix51.FieldElement([5]uint64{1, 0, 0, 0, 0}),
-	T: radix51.FieldElement([5]uint64{1841354044333475, 16398895984059, 755974180946558, 900171276175154, 1821297809914039}),
+	X: base.FieldElement([5]uint64{1738742601995546, 1146398526822698, 2070867633025821, 562264141797630, 587772402128613}),
+	Y: base.FieldElement([5]uint64{1801439850948184, 1351079888211148, 450359962737049, 900719925474099, 1801439850948198}),
+	Z: base.FieldElement([5]uint64{1, 0, 0, 0, 0}),
+	T: base.FieldElement([5]uint64{1841354044333475, 16398895984059, 755974180946558, 900171276175154, 1821297809914039}),
 }
 
 // Constructors.
@@ -146,7 +144,7 @@ func (v *AffineCached) FromP3(p *ProjP3) *AffineCached {
 	v.YminusX.Sub(&p.Y, &p.X)
 	v.T2d.Mul(&p.T, d2)
 
-	var invZ radix51.FieldElement
+	var invZ base.FieldElement
 	invZ.Invert(&p.Z)
 	v.YplusX.Mul(&v.YplusX, &invZ)
 	v.YminusX.Mul(&v.YminusX, &invZ)
@@ -175,7 +173,7 @@ func (v *ProjP3) Sub(p, q *ProjP3) *ProjP3 {
 }
 
 func (v *ProjP1xP1) Add(p *ProjP3, q *ProjCached) *ProjP1xP1 {
-	var YplusX, YminusX, PP, MM, TT2d, ZZ2 radix51.FieldElement
+	var YplusX, YminusX, PP, MM, TT2d, ZZ2 base.FieldElement
 
 	YplusX.Add(&p.Y, &p.X)
 	YminusX.Sub(&p.Y, &p.X)
@@ -195,7 +193,7 @@ func (v *ProjP1xP1) Add(p *ProjP3, q *ProjCached) *ProjP1xP1 {
 }
 
 func (v *ProjP1xP1) Sub(p *ProjP3, q *ProjCached) *ProjP1xP1 {
-	var YplusX, YminusX, PP, MM, TT2d, ZZ2 radix51.FieldElement
+	var YplusX, YminusX, PP, MM, TT2d, ZZ2 base.FieldElement
 
 	YplusX.Add(&p.Y, &p.X)
 	YminusX.Sub(&p.Y, &p.X)
@@ -215,7 +213,7 @@ func (v *ProjP1xP1) Sub(p *ProjP3, q *ProjCached) *ProjP1xP1 {
 }
 
 func (v *ProjP1xP1) AddAffine(p *ProjP3, q *AffineCached) *ProjP1xP1 {
-	var YplusX, YminusX, PP, MM, TT2d, Z2 radix51.FieldElement
+	var YplusX, YminusX, PP, MM, TT2d, Z2 base.FieldElement
 
 	YplusX.Add(&p.Y, &p.X)
 	YminusX.Sub(&p.Y, &p.X)
@@ -234,7 +232,7 @@ func (v *ProjP1xP1) AddAffine(p *ProjP3, q *AffineCached) *ProjP1xP1 {
 }
 
 func (v *ProjP1xP1) SubAffine(p *ProjP3, q *AffineCached) *ProjP1xP1 {
-	var YplusX, YminusX, PP, MM, TT2d, Z2 radix51.FieldElement
+	var YplusX, YminusX, PP, MM, TT2d, Z2 base.FieldElement
 
 	YplusX.Add(&p.Y, &p.X)
 	YminusX.Sub(&p.Y, &p.X)
@@ -255,7 +253,7 @@ func (v *ProjP1xP1) SubAffine(p *ProjP3, q *AffineCached) *ProjP1xP1 {
 // Doubling.
 
 func (v *ProjP1xP1) Double(p *ProjP2) *ProjP1xP1 {
-	var XX, YY, ZZ2, XplusYsq radix51.FieldElement
+	var XX, YY, ZZ2, XplusYsq base.FieldElement
 
 	XX.Square(&p.X)
 	YY.Square(&p.Y)
@@ -285,7 +283,7 @@ func (v *ProjP3) Neg(p *ProjP3) *ProjP3 {
 // by @ebfull
 // https://github.com/dalek-cryptography/curve25519-dalek/pull/226/files
 func (v *ProjP3) Equal(u *ProjP3) int {
-	var t1, t2, t3, t4 radix51.FieldElement
+	var t1, t2, t3, t4 base.FieldElement
 	t1.Mul(&v.X, &u.Z)
 	t2.Mul(&u.X, &v.Z)
 	t3.Mul(&v.Y, &u.Z)
@@ -315,14 +313,14 @@ func (v *AffineCached) Select(a, b *AffineCached, cond int) *AffineCached {
 
 // CondNeg negates v if cond == 1 and leaves it unchanged if cond == 0.
 func (v *ProjCached) CondNeg(cond int) *ProjCached {
-	radix51.CondSwap(&v.YplusX, &v.YminusX, cond)
+	base.CondSwap(&v.YplusX, &v.YminusX, cond)
 	v.T2d.CondNeg(&v.T2d, cond)
 	return v
 }
 
 // CondNeg negates v if cond == 1 and leaves it unchanged if cond == 0.
 func (v *AffineCached) CondNeg(cond int) *AffineCached {
-	radix51.CondSwap(&v.YplusX, &v.YminusX, cond)
+	base.CondSwap(&v.YplusX, &v.YminusX, cond)
 	v.T2d.CondNeg(&v.T2d, cond)
 	return v
 }

go.mod

@@ -0,0 +1,3 @@
+module filippo.io/edwards25519
+
+go 1.14

scalarmult.go

@@ -4,9 +4,7 @@
 
 package edwards25519
 
-import (
-	"github.com/gtank/ristretto255/internal/scalar"
-)
+import "filippo.io/edwards25519/scalar"
 
 // Set v to x*B, where B is the Ed25519 basepoint, and return v.
 //

scalarmult_test.go

@@ -8,8 +8,8 @@ import (
 	"testing"
 	"testing/quick"
 
-	"github.com/gtank/ristretto255/internal/radix51"
-	"github.com/gtank/ristretto255/internal/scalar"
+	"filippo.io/edwards25519/base"
+	"filippo.io/edwards25519/scalar"
 )
 
 // quickCheckConfig will make each quickcheck test run (2^6 * -quickchecks)
@@ -21,10 +21,10 @@ var (
 	dalekScalar = scalar.Scalar([32]byte{219, 106, 114, 9, 174, 249, 155, 89, 69, 203, 201, 93, 92, 116, 234, 187, 78, 115, 103, 172, 182, 98, 62, 103, 187, 136, 13, 100, 248, 110, 12, 4})
 	// the above, times the Ed25519 basepoint.
 	dalekScalarBasepoint = ProjP3{
-		X: radix51.FieldElement([5]uint64{778774234987948, 1589187156384239, 1213330452914652, 186161118421127, 2186284806803213}),
-		Y: radix51.FieldElement([5]uint64{1241255309069369, 1115278942994853, 1016511918109334, 1303231926552315, 1801448517689873}),
-		Z: radix51.FieldElement([5]uint64{353337085654440, 1327844406437681, 2207296012811921, 707394926933424, 917408459573183}),
-		T: radix51.FieldElement([5]uint64{585487439439725, 1792815221887900, 946062846079052, 1954901232609667, 1418300670001780}),
+		X: base.FieldElement([5]uint64{778774234987948, 1589187156384239, 1213330452914652, 186161118421127, 2186284806803213}),
+		Y: base.FieldElement([5]uint64{1241255309069369, 1115278942994853, 1016511918109334, 1303231926552315, 1801448517689873}),
+		Z: base.FieldElement([5]uint64{353337085654440, 1327844406437681, 2207296012811921, 707394926933424, 917408459573183}),
+		T: base.FieldElement([5]uint64{585487439439725, 1792815221887900, 946062846079052, 1954901232609667, 1418300670001780}),
 	}
 )