Curve25519-donna changes.

crypto/third_party/curve25519-donna/README

+See http://code.google.com/p/curve25519-donna/ for details.

[Ryan Sleevi, 2013/03/06 21:18:32]

I do not believe you should be adding this to crypto/third_party

You should be adding this via DEPS. You also need to have security-team review,
as per discussion on Chromium-dev and described at
http://www.chromium.org/developers/adding-3rd-party-libraries

(Namely, all third_party additions go through Chrome Eng Review AND
open-source-third-party-reviews@google.com )

[agl, 2013/03/06 21:47:50]

Alternatively, you can grab rev 234205ff from the git repo and check it in to
crypto/ directly. That version has pure Google copyright and works fine. If you
do, please let me know and I'll do another pass of the code as a follow up.

[wtc, 2013/03/07 03:28:39]

I agree this is a good interim solution because Google
owns the copyright and the license
(http://opensource.org/licenses/BSD-3-Clause) is the same
license that Chromium itself uses (src/LICENSE).

We should still start the third-party review process for
the current version of the curve25519-donna code.

[wtc, 2013/03/07 03:28:39]

I suggested crypto/third_party because I wanted to make
crypto code easy to discover in the source tree. This
was more important before because originally the consumer
of this code, which lives in net/quic, called the
curve25519-donna function directly.  Now that we have the
curve25519.{h,cc} wrapper in src/crypto, it is less
important exactly where the curve25519-donna code is.

If you think we should not make an exception for this code,
we'll move it to deps/third_party and pull it via src/DEPS.

+
+BUILDING:
+
+If you run `make`, two .a archives will be built, similar to djb's curve25519
+code. Alternatively, read on:
+
+The C implementation is contained within curve25519-donna.c. It has no external
+dependancies and is BSD licenced. You can copy/include/link it directly in with
+your program. Recommended C flags: -O2
+
+The x86-64 bit implementation is contained within curve25519-donna-x86-64.c and
+curve25519-donna-x86-64.s. Build like this:
+
+% cpp curve25519-donna-x86-64.s > curve25519-donna-x86-64.s.pp
+% as -o curve25519-donna-x86-64.s.o curve25519-donna-x86-64.s.pp
+% gcc -O2 -c curve25519-donna-x86-64.c
+
+Then the two .o files can be linked in
+
+USAGE:
+
+The usage is exactly the same as djb's code (as described at
+http://cr.yp.to/ecdh.html) expect that the function is called curve25519_donna.
+
+In short,
+
+To generate a private key, generate 32 random bytes and:
+
+  mysecret[0] &= 248;
+  mysecret[31] &= 127;
+  mysecret[31] |= 64;
+
+To generate the public key, just do
+
+  static const uint8_t basepoint[32] = {9};
+  curve25519_donna(mypublic, mysecret, basepoint);
+
+To generate an agreed key do:
+  uint8_t shared_key[32];
+  curve25519_donna(shared_key, mysecret, theirpublic);
+
+And hash the shared_key with a cryptographic hash function before using.