Update dependencies (#2180)

* Update dependencies * Fix whatsmeow API changes
2024-08-27 19:04:05 +02:00
parent d16645c952
commit c4157a4d5b
589 changed files with 681707 additions and 198856 deletions
@@ -9,6 +9,6 @@ Read the docs at [pkg.go.dev/filippo.io/edwards25519](https://pkg.go.dev/filippo

 The code is originally derived from Adam Langley's internal implementation in the Go standard library, and includes George Tankersley's [performance improvements](https://golang.org/cl/71950). It was then further developed by Henry de Valence for use in ristretto255, and was finally [merged back into the Go standard library](https://golang.org/cl/276272) as of Go 1.17. It now tracks the upstream codebase and extends it with additional functionality.

-Most users don't need this package, and should instead use `crypto/ed25519` for signatures, `golang.org/x/crypto/curve25519` for Diffie-Hellman, or `github.com/gtank/ristretto255` for prime order group logic. However, for anyone currently using a fork of `crypto/ed25519/internal/edwards25519` or `github.com/agl/edwards25519`, this package should be a safer, faster, and more powerful alternative.
+Most users don't need this package, and should instead use `crypto/ed25519` for signatures, `golang.org/x/crypto/curve25519` for Diffie-Hellman, or `github.com/gtank/ristretto255` for prime order group logic. However, for anyone currently using a fork of `crypto/internal/edwards25519`/`crypto/ed25519/internal/edwards25519` or `github.com/agl/edwards25519`, this package should be a safer, faster, and more powerful alternative.

 Since this package is meant to curb proliferation of edwards25519 implementations in the Go ecosystem, it welcomes requests for new APIs or reviewable performance improvements.
@@ -4,7 +4,7 @@

 // Package edwards25519 implements group logic for the twisted Edwards curve
 //
-//     -x^2 + y^2 = 1 + -(121665/121666)*x^2*y^2
+//	-x^2 + y^2 = 1 + -(121665/121666)*x^2*y^2
 //
 // This is better known as the Edwards curve equivalent to Curve25519, and is
 // the curve used by the Ed25519 signature scheme.
@@ -15,6 +15,6 @@
 //
 // However, developers who do need to interact with low-level edwards25519
 // operations can use this package, which is an extended version of
-// crypto/ed25519/internal/edwards25519 from the standard library repackaged as
+// crypto/internal/edwards25519 from the standard library repackaged as
 // an importable module.
 package edwards25519
@@ -27,13 +27,13 @@ type projP2 struct {
 //
 // The zero value is NOT valid, and it may be used only as a receiver.
 type Point struct {
-	// The point is internally represented in extended coordinates (X, Y, Z, T)
-	// where x = X/Z, y = Y/Z, and xy = T/Z per https://eprint.iacr.org/2008/522.
-	x, y, z, t field.Element
-
 	// Make the type not comparable (i.e. used with == or as a map key), as
 	// equivalent points can be represented by different Go values.
 	_ incomparable
+
+	// The point is internally represented in extended coordinates (X, Y, Z, T)
+	// where x = X/Z, y = Y/Z, and xy = T/Z per https://eprint.iacr.org/2008/522.
+	x, y, z, t field.Element
 }

 type incomparable [0]func()
@@ -148,9 +148,8 @@ func (v *Point) SetBytes(x []byte) (*Point, error) {
 	//      (*field.Element).SetBytes docs) and
 	//   2) the ones where the x-coordinate is zero and the sign bit is set.
 	//
-	// This is consistent with crypto/ed25519/internal/edwards25519. Read more
-	// at https://hdevalence.ca/blog/2020-10-04-its-25519am, specifically the
-	// "Canonical A, R" section.
+	// Read more at https://hdevalence.ca/blog/2020-10-04-its-25519am,
+	// specifically the "Canonical A, R" section.

 	y, err := new(field.Element).SetBytes(x)
 	if err != nil {
@@ -5,7 +5,7 @@
 package edwards25519

 // This file contains additional functionality that is not included in the
-// upstream crypto/ed25519/internal/edwards25519 package.
+// upstream crypto/internal/edwards25519 package.

 import (
 	"errors"
@@ -79,6 +79,12 @@ func isOnCurve(X, Y, Z, T *field.Element) bool {
 // Note that BytesMontgomery only encodes the u-coordinate, so v and -v encode
 // to the same value. If v is the identity point, BytesMontgomery returns 32
 // zero bytes, analogously to the X25519 function.
+//
+// The lack of an inverse operation (such as SetMontgomeryBytes) is deliberate:
+// while every valid edwards25519 point has a unique u-coordinate Montgomery
+// encoding, X25519 accepts inputs on the quadratic twist, which don't correspond
+// to any edwards25519 point, and every other X25519 input corresponds to two
+// edwards25519 points.
 func (v *Point) BytesMontgomery() []byte {
 	// This function is outlined to make the allocations inline in the caller
 	// rather than happen on the heap.
@@ -137,7 +143,7 @@ func (s *Scalar) Invert(t *Scalar) *Scalar {
 	for i := 0; i < 7; i++ {
 		table[i+1].Multiply(&table[i], &tt)
 	}
-	// Now table = [t**1, t**3, t**7, t**11, t**13, t**15]
+	// Now table = [t**1, t**3, t**5, t**7, t**9, t**11, t**13, t**15]
 	// so t**k = t[k/2] for odd k

 	// To compute the sliding window digits, use the following Sage script:
@@ -1,13 +1,16 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.

+//go:build amd64 && gc && !purego
 // +build amd64,gc,!purego

 package field

 // feMul sets out = a * b. It works like feMulGeneric.
+//
 //go:noescape
 func feMul(out *Element, a *Element, b *Element)

 // feSquare sets out = a * a. It works like feSquareGeneric.
+//
 //go:noescape
 func feSquare(out *Element, a *Element)
@@ -1,5 +1,6 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.

+//go:build amd64 && gc && !purego
 // +build amd64,gc,!purego

 #include "textflag.h"
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

-// +build arm64,gc,!purego
+//go:build arm64 && gc && !purego

 #include "textflag.h"

@@ -7,7 +7,7 @@ package field
 import "errors"

 // This file contains additional functionality that is not included in the
-// upstream crypto/ed25519/internal/edwards25519/field package.
+// upstream crypto/ed25519/edwards25519/field package.

 // SetWideBytes sets v to x, where x is a 64-byte little-endian encoding, which
 // is reduced modulo the field order. If x is not of the right length,
@@ -156,7 +156,7 @@ func feMulGeneric(v, a, b *Element) {
 	rr4 := r4.lo&maskLow51Bits + c3

 	// Now all coefficients fit into 64-bit registers but are still too large to
-	// be passed around as a Element. We therefore do one last carry chain,
+	// be passed around as an Element. We therefore do one last carry chain,
 	// where the carries will be small enough to fit in the wiggle room above 2⁵¹.
 	*v = Element{rr0, rr1, rr2, rr3, rr4}
 	v.carryPropagate()
@@ -245,7 +245,7 @@ func feSquareGeneric(v, a *Element) {
 	v.carryPropagate()
 }

-// carryPropagate brings the limbs below 52 bits by applying the reduction
+// carryPropagateGeneric brings the limbs below 52 bits by applying the reduction
 // identity (a * 2²⁵⁵ + b = a * 19 + b) to the l4 carry.
 func (v *Element) carryPropagateGeneric() *Element {
 	c0 := v.l0 >> 51
@@ -38,9 +38,9 @@ func (v *projLookupTable) FromP3(q *Point) {
 	tmpP3 := Point{}
 	tmpP1xP1 := projP1xP1{}
 	for i := 0; i < 7; i++ {
-		// Compute (i+1)*Q as Q + i*Q and convert to a ProjCached
+		// Compute (i+1)*Q as Q + i*Q and convert to a projCached
 		// This is needlessly complicated because the API has explicit
-		// recievers instead of creating stack objects and relying on RVO
+		// receivers instead of creating stack objects and relying on RVO
 		v.points[i+1].FromP3(tmpP3.fromP1xP1(tmpP1xP1.Add(q, &v.points[i])))
 	}
 }
@@ -53,7 +53,7 @@ func (v *affineLookupTable) FromP3(q *Point) {
 	tmpP3 := Point{}
 	tmpP1xP1 := projP1xP1{}
 	for i := 0; i < 7; i++ {
-		// Compute (i+1)*Q as Q + i*Q and convert to AffineCached
+		// Compute (i+1)*Q as Q + i*Q and convert to affineCached
 		v.points[i+1].FromP3(tmpP3.fromP1xP1(tmpP1xP1.AddAffine(q, &v.points[i])))
 	}
 }