54b821c091
X25519c can be attacked by replying several times with invalid data. This is hard to defend against in the API level without denying service and using some hard-to-understand semantics. Masked primitives are gone for now, some countermeasures have been moved into their respective "regular" impls. I don't think that it's worth it to care that much about side channels in CC. I haven't seen or managed to mount any practical attacks myself. The further move away from Cobalt will probably make them even harder to mount. |
||
|---|---|---|
| .. | ||
| fp.lua | ||
| fq.lua | ||
| sha512.lua | ||
| util.lua | ||