diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..b17a273 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,15 @@ +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +[*.{c,h}] +indent_style = tab + +[{GNUmakefile.in,configure.ac}] +indent_style = tab + +[ed25519/{ref10,amd64-51-30k,amd64-64-24k}/*.{c,h,py}] +indent_style = space +indent_size = 2 diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..6193e82 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,85 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@v3 + + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v2 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@v4 + with: + file: ./contrib/docker/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }} diff --git a/.gitignore b/.gitignore index b6e311f..4d8142e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ # output files mkp224o +calcest +test_* *.o # generated onions @@ -7,8 +9,9 @@ mkp224o # garbage configure -Makefile -Makefile.in.bak +configure~ +GNUmakefile +GNUmakefile.in.bak config.status config.log *.cache diff --git a/Makefile.in b/GNUmakefile.in similarity index 50% rename from Makefile.in rename to GNUmakefile.in index f8496e3..7516a1c 100644 --- a/Makefile.in +++ b/GNUmakefile.in @@ -1,23 +1,23 @@ CC= @CC@ CSTD= @CSTD@ -CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @MYDEFS@ -ASFLAGS= -LDFLAGS= @NOPIE@ @LDFLAGS@ +CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @PIE@ @MYDEFS@ -DVERSION='"@VERSION@"' +ASFLAGS= @PIE@ +LDFLAGS= @LDFLAGS@ MV= mv ED25519_DEFS= -DED25519_ref10 -DED25519_amd64_51_30k -DED25519_amd64_64_24k -DED25519_donna ED25519_ref10= $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/ref10/*.c)) ED25519_amd64_51_30k= \ $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.c)) \ - $(patsubst @SRCDIR@/%.s,%.s.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.s)) + $(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.S)) ED25519_amd64_64_24k= \ $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.c)) \ - $(patsubst @SRCDIR@/%.s,%.s.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.s)) + $(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.S)) ED25519_donna= -ED25519OBJ= $(ED25519_@ED25519IMPL@) +ED25519_OBJ= $(ED25519_@ED25519IMPL@) -MAINOBJ= \ +MAIN_OBJ= \ main.c.o \ worker.c.o \ yaml.c.o \ @@ -28,88 +28,122 @@ MAINOBJ= \ base64_to.c.o \ base64_from.c.o \ ioutil.c.o \ - $(ED25519OBJ) \ + $(ED25519_OBJ) \ keccak.c.o -TEST_BASE64OBJ= \ +UTIL_CALCEST_OBJ= \ + calcest.c.o + +TEST_BASE64_OBJ= \ test_base64.c.o \ base64_to.c.o \ base64_from.c.o -TEST_BASE32OBJ= \ +TEST_BASE32_OBJ= \ test_base32.c.o \ base32_to.c.o \ base32_from.c.o -TEST_BASE16OBJ= \ +TEST_BASE16_OBJ= \ test_base16.c.o \ base16_to.c.o \ base16_from.c.o -TEST_ED25519OBJ= \ +TEST_ED25519_OBJ= \ test_ed25519.c.o \ base16_to.c.o \ base16_from.c.o \ - $(ED25519OBJ) + $(ED25519_OBJ) -ALLO= $(sort \ - $(MAINOBJ) \ - $(TEST_BASE64OBJ) \ - $(TEST_BASE32OBJ) \ - $(TEST_BASE16OBJ) \ - $(TEST_ED25519OBJ) \ +ALL_O= $(sort \ + $(MAIN_OBJ) \ + $(UTIL_CALCEST_OBJ) \ + $(TEST_BASE64_OBJ) \ + $(TEST_BASE32_OBJ) \ + $(TEST_BASE16_OBJ) \ + $(TEST_ED25519_OBJ) \ $(ED25519_ref10) \ $(ED25519_amd64_51_30k) \ $(ED25519_amd64_64_24k)) -ALLC= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALLO))) -CLEANO= $(filter %.o,$(ALLO)) +ALL_C= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALL_O))) +CLEAN_O= $(filter %.o,$(ALL_O)) -MAINLIB= -lpthread -lsodium @MAINLIB@ -TEST_ED25519LIB= -lsodium +MAIN_LIB= -lpthread -lsodium @MAINLIB@ +UTIL_CALCEST_LIB= -lm +TEST_ED25519_LIB= -lsodium -ALLTGTS= mkp224o test_base64 test_base32 test_base16 test_ed25519 -ALLEXE= $(patsubst %,%@EXEEXT@,$(ALLTGTS)) +MAIN_TGT= mkp224o +UTIL_TGT= calcest +TEST_TGT= test_base64 test_base32 test_base16 test_ed25519 -.PHONY: default all clean distclean depend +MAIN_EXE= $(patsubst %,%@EXEEXT@,$(MAIN_TGT)) +UTIL_EXE= $(patsubst %,%@EXEEXT@,$(UTIL_TGT)) +TEST_EXE= $(patsubst %,%@EXEEXT@,$(TEST_TGT)) -default: mkp224o@EXEEXT@ +ALL_EXE= $(MAIN_EXE) $(UTIL_EXE) $(TEST_EXE) -all: $(ALLEXE) +.PHONY: default all main util test clean distclean depend -mkp224o@EXEEXT@: $(MAINOBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAINLIB) && $(MV) $@.tmp $@ +default: $(MAIN_EXE) -test_base64@EXEEXT@: $(TEST_BASE64OBJ) +all: $(ALL_EXE) + +main: $(MAIN_EXE) + +util: $(UTIL_EXE) + +test: $(TEST_EXE) + +mkp224o@EXEEXT@: $(MAIN_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAIN_LIB) && $(MV) $@.tmp $@ + +calcest@EXEEXT@: $(UTIL_CALCEST_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(UTIL_CALCEST_LIB) && $(MV) $@.tmp $@ + +test_base64@EXEEXT@: $(TEST_BASE64_OBJ) $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ -test_base32@EXEEXT@: $(TEST_BASE32OBJ) +test_base32@EXEEXT@: $(TEST_BASE32_OBJ) $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ -test_base16@EXEEXT@: $(TEST_BASE16OBJ) +test_base16@EXEEXT@: $(TEST_BASE16_OBJ) $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ -test_ed25519@EXEEXT@: $(TEST_ED25519OBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519LIB) && $(MV) $@.tmp $@ +test_ed25519@EXEEXT@: $(TEST_ED25519_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519_LIB) && $(MV) $@.tmp $@ clean: - $(RM) $(CLEANO) - $(RM) $(ALLEXE) + $(RM) $(CLEAN_O) + $(RM) $(ALL_EXE) distclean: clean $(RM) -r autom4te.cache $(RM) configure config.status config.log - $(RM) Makefile + $(RM) GNUmakefile depend: - cd "@SRCDIR@" && makedepend -Y -fMakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALLC) + # makedepend from imake + cd "@SRCDIR@" && makedepend -Y -fGNUmakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALL_C) VPATH=@SRCDIR@ +%.c.o: CFLAGS += \ + -D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@' \ + -D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@' \ + -D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + -D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + +%.S.o: ASFLAGS += \ + -D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@' \ + -D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@' \ + -D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + -D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + %.c.o: %.c $(CC) $(CFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@ -%.s.o: %.s +%.S.o: %.S $(CC) $(ASFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@ # DO NOT DELETE THIS LINE @@ -121,63 +155,77 @@ base32_to.c.o: types.h base32.h base64_from.c.o: types.h base64.h base64_to.c.o: types.h base64.h cpucount.c.o: cpucount.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/hram.h ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519_base_niels_smalltables.data ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/hram.h ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h @@ -185,6 +233,7 @@ ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ed25519.h @@ -192,107 +241,142 @@ ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/hram.h -ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519_base_slide_multiples.data +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/index_heap.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519.h ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519_base_niels.data -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/hram.h -ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/hram.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/index_heap.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_sign.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ed25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/randombytes.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_sign.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ed25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_verify_32.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_sign.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ed25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/sc25519.h ed25519/ref10/fe_0.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h ed25519/ref10/fe_1.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h ed25519/ref10/fe_add.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h @@ -310,7 +394,7 @@ ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/fe.h ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/fe.h ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_isnonzero.c.o: ed25519/amd64-51-30k/crypto_verify_32.h +ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_verify_32.h ed25519/ref10/fe_mul.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h ed25519/ref10/fe_mul.c.o: ed25519/ref10/crypto_int64.h ed25519/ref10/fe_neg.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h @@ -369,72 +453,96 @@ ed25519/ref10/ge_sub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h ed25519/ref10/ge_sub.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_sub.h ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h +ed25519/ref10/keypair.c.o: ed25519/ref10/randombytes.h +ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_sign.h +ed25519/ref10/keypair.c.o: ed25519/ref10/ed25519.h +ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_hash_sha512.h ed25519/ref10/keypair.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/ref10/open.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/open.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h +ed25519/ref10/open.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h +ed25519/ref10/open.c.o: ed25519/ref10/crypto_hash_sha512.h +ed25519/ref10/open.c.o: ed25519/ref10/crypto_verify_32.h ed25519/ref10/ge.h +ed25519/ref10/open.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/open.c.o: ed25519/ref10/sc.h ed25519/ref10/sc_muladd.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint32.h ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint64.h ed25519/ref10/sc_reduce.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint32.h ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint64.h -ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/ref10/sign.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/sign.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h -ioutil.c.o: types.h ioutil.h +ed25519/ref10/sign.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h +ed25519/ref10/sign.c.o: ed25519/ref10/crypto_hash_sha512.h ed25519/ref10/ge.h +ed25519/ref10/sign.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/sign.c.o: ed25519/ref10/sc.h +ioutil.c.o: types.h ioutil.h vec.h keccak.c.o: types.h keccak.h main.c.o: types.h vec.h base32.h cpucount.h keccak.h ioutil.h common.h yaml.h -main.c.o: filters.h worker.h filters_main.inc.h filters_common.inc.h +main.c.o: filters.h worker.h likely.h filters_inc.inc.h filters_main.inc.h +main.c.o: filters_common.inc.h ifilter_bitsum.h test_base16.c.o: types.h base16.h test_base32.c.o: types.h base32.h test_base64.c.o: types.h base64.h -test_ed25519.c.o: types.h base16.h ed25519/ed25519.h ed25519/ref10/ed25519.h -test_ed25519.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -test_ed25519.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/ed25519.h +test_ed25519.c.o: types.h base16.h ed25519/ed25519.h +test_ed25519.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h +test_ed25519.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h +test_ed25519.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +test_ed25519.c.o: ed25519/amd64-51-30k/crypto_sign.h +test_ed25519.c.o: ed25519/amd64-51-30k/ed25519.h test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h +test_ed25519.c.o: ed25519/amd64-51-30k/compat.h test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h +test_ed25519.c.o: ed25519/amd64-64-24k/crypto_sign.h test_ed25519.c.o: ed25519/amd64-64-24k/ed25519.h test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h +test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h +test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-64bit.h +test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-32bit.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h -test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h testutil.h +test_ed25519.c.o: ed25519/ed25519_impl_post.h vec.c.o: vec.h -worker.c.o: types.h likely.h vec.h base32.h keccak.h ed25519/ed25519.h +worker.c.o: types.h likely.h vec.h base32.h keccak.h ioutil.h common.h yaml.h +worker.c.o: worker.h filters.h filters_inc.inc.h filters_worker.inc.h +worker.c.o: filters_common.inc.h ed25519/ed25519.h worker_impl.inc.h +worker.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h worker.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h ed25519/ref10/fe.h -worker.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/ed25519.h -worker.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/fe25519.h -worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ed25519.h -worker.c.o: ed25519/amd64-64-24k/ge25519.h +worker.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/crypto_sign.h +worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/ge25519.h +worker.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/compat.h +worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/crypto_sign.h +worker.c.o: ed25519/amd64-64-24k/ed25519.h ed25519/amd64-64-24k/ge25519.h worker.c.o: ed25519/ed25519-donna/ed25519-donna.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h +worker.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h worker.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h +worker.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h worker.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h worker.c.o: ed25519/ed25519-donna/modm-donna-64bit.h +worker.c.o: ed25519/ed25519-donna/modm-donna-32bit.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h -worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h ioutil.h common.h -worker.c.o: yaml.h worker.h filters.h filters_worker.inc.h -worker.c.o: filters_common.inc.h worker_slow.inc.h worker_fast.inc.h -worker.c.o: worker_fast_pass.inc.h worker_batch.inc.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h +worker.c.o: worker_batch.inc.h worker_batch_pass.inc.h +worker.c.o: ed25519/ed25519_impl_post.h yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h diff --git a/OPTIMISATION.txt b/OPTIMISATION.txt index c10e77d..e76e63b 100644 --- a/OPTIMISATION.txt +++ b/OPTIMISATION.txt @@ -1,26 +1,25 @@ This document describes configuration options which may help one to generate onions faster. -First of all, default configuration options are tuned for portability, not performance. +First of all, default configuration options are tuned for portability, and may be a bit suboptimal. User is expected to pick optimal settings depending on hardware mkp224o will run on and ammount of filters. ED25519 implementations: mkp224o includes multiple implementations of ed25519 code, tuned for different processors. -Default is ref10 implementation from SUPERCOP, which is suboptimal in many cases. Implementation is selected at configuration time, when running `./configure` script. If one already configured/compiled code and wants to change options, just re-run `./configure` and also run `make clean` to clear compiled files, if any. +Note that options and CFLAGS/LDFLAGS settings won't carry over from previous configure run, +so you have to include options you've previously configured, if you want them to remain. At the time of writing, these implementations are present: -+----------------+-----------------------+-------------------------------------------------+ -| implementation | enable flag | notes | -|----------------+-----------------------+-------------------------------------------------+ -| ref10 | --enable-ref10 | SUPERCOP' ref10, pure C, very portable, default | -| amd64-51-30k | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, amd64 assembler, | -| | | only works in x86_64 architecture | -| amd64-64-24k | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, amd64 assembler, | -| | | only works in x86_64 architecture | -| ed25519-donna | --enable-donna | portable, based on amd64-51-30k, but C, not asm | -| ed25519-donna | --enable-donna-sse2 | uses SSE2, needs x86 architecture | -+----------------+-----------------------+-------------------------------------------------+ ++----------------+-----------------------+----------------------------------------------------------+ +| implementation | enable flag | notes | +|----------------+-----------------------+----------------------------------------------------------+ +| ref10 | --enable-ref10 | SUPERCOP' ref10, pure C, very portable, previous default | +| amd64-51-30k | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, only works on x86_64 | +| amd64-64-24k | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, only works on x86_64 | +| ed25519-donna | --enable-donna | based on amd64-51-30k, C, portable, current default | +| ed25519-donna | --enable-donna-sse2 | uses SSE2, needs x86 architecture | ++----------------+-----------------------+----------------------------------------------------------+ When to use what: - on 32-bit x86 architecture "--enable-donna" will probably be fastest, but one should try using "--enable-donna-sse2" too @@ -91,6 +90,14 @@ Current options, at the time of writing: and have some random filters which may have different length. +Batch mode: +mkp224o now includes experimental key generation mode which performs certain operations in batches, +and is around 15 times faster than current default. +It is currently experimental, and is activated by -B run-time flag. +Batched element count is configured by --enable-batchnum=number option at configure time, +increasing or decreasing it may make batch mode faster or slower, depending on hardware. + + Benchmarking: It's always good idea to see if your settings give you desired effect. There currently isn't any automated way to benchmark different configuration options, but it's pretty simple to do by hand. diff --git a/README.md b/README.md new file mode 100644 index 0000000..396fe2c --- /dev/null +++ b/README.md @@ -0,0 +1,143 @@ +## mkp224o - vanity address generator for ed25519 onion services + +This tool generates vanity ed25519 (hidden service version 3[^1][^2], +formely known as proposal 224) onion addresses. + +### Requirements for building + +* C99 compatible compiler (gcc and clang should work) +* libsodium (including headers) +* GNU make +* GNU autoconf (to generate configure script, needed only if not using release tarball) +* UNIX-like platform (currently tested in Linux and OpenBSD, but should + also build under cygwin and msys2). + +For debian-like linux distros, this should be enough to prepare for building: + +```bash +apt install gcc libc6-dev libsodium-dev make autoconf +``` + +### Building + +Run `./autogen.sh` to generate a configure script, if there isn't one already. + +Run `./configure` to generate a makefile. +On \*BSD platforms you may need to specify extra include/library paths: +`./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`. + +On AMD64 platforms, you probably also want to pass something like +`--enable-amd64-51-30k` to the configure script invocation for faster key generation; +run `./configure --help` to see all available options. + +Finally, `make` to start building (`gmake` in \*BSD platforms). + +### Usage + +mkp224o needs one or more filters to work. +You may specify them as command line arguments, +eg `./mkp224o test`, or load them from file with `-f` switch. + +It makes directories with secret/public keys and hostnames +for each discovered service. By default, the working directory is the current +directory, but that can be overridden with `-d` switch. + +Use `-s` switch to enable printing of statistics, which may be useful +when benchmarking different ed25519 implementations on your machine. + +Use `-h` switch to obtain all available options. + +I highly recommend reading [OPTIMISATION.txt][OPTIMISATION] for +performance-related tips. + +### FAQ and other useful info + +* How do I generate address? + + Once compiled, run it like `./mkp224o neko`, and it will try creating + keys for onions starting with "neko" in this example; use `./mkp224o + -d nekokeys neko` to not litter current directory and put all + discovered keys in directory named "nekokeys". + +* How do I make tor use generated keys? + + Copy key folder (though technically only `hs_ed25519_secret_key` is required) + to where you want your service keys to reside: + + ```bash + sudo cp -r neko54as6d54....onion /var/lib/tor/nekosvc + ``` + + You may need to adjust ownership and permissions: + + ```bash + sudo chown -R tor: /var/lib/tor/nekosvc + sudo chmod -R u+rwX,og-rwx /var/lib/tor/nekosvc + ``` + + Then edit `torrc` and add new service with that folder.\ + After reload/restart tor should pick it up. + +* How to generate addresses with `0-1` and `8-9` digits? + + Onion addresses use base32 encoding which does not include `0,1,8,9` + numbers.\ + So no, that's not possible to generate these, and mkp224o tries to + detect invalid filters containing them early on. + +* How long is it going to take? + + Because of probablistic nature of brute force key generation, and + varience of hardware it's going to run on, it's hard to make promisses + about how long it's going to take, especially when the most of users + want just a few keys.\ + See [this issue][#27] for very valuable discussion about this.\ + If your machine is powerful enough, 6 character prefix shouldn't take + more than few tens of minutes, if using batch mode (read + [OPTIMISATION.txt][OPTIMISATION]) 7 characters can take hours + to days.\ + No promisses though, it depends on pure luck. + +* Will this work with onionbalance? + + It appears that onionbalance supports loading usual + `hs_ed25519_secret_key` key so it should work. + +* Is there a docker image? + + Yes, if you do not wish to compile mkp224o yourself, you can use + the `ghcr.io/cathugger/mkp224o` image like so: + + ```bash + docker run --rm -it -v $PWD:/keys ghcr.io/cathugger/mkp224o:master -d /keys neko + ``` + +### Acknowledgements & Legal + +To the extent possible under law, the author(s) have dedicated all +copyright and related and neighboring rights to this software to the +public domain worldwide. This software is distributed without any +warranty. +You should have received a copy of the CC0 Public Domain Dedication +along with this software. If not, see [CC0][]. + +* `keccak.c` is based on [Keccak-more-compact.c][keccak.c] +* `ed25519/{ref10,amd64-51-30k,amd64-64-24k}` are adopted from + [SUPERCOP][] +* `ed25519/ed25519-donna` adopted from [ed25519-donna][] +* Idea used in `worker_fast()` is stolen from [horse25519][] +* base64 routines and initial YAML processing work contributed by + Alexander Khristoforov (heios at protonmail dot com) +* Passphrase-based generation code and idea used in `worker_batch()` + contributed by [foobar2019][] + +[OPTIMISATION]: ./OPTIMISATION.txt +[#27]: https://github.com/cathugger/mkp224o/issues/27 +[keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c +[CC0]: https://creativecommons.org/publicdomain/zero/1.0/ +[SUPERCOP]: https://bench.cr.yp.to/supercop.html +[ed25519-donna]: https://github.com/floodyberry/ed25519-donna +[horse25519]: https://github.com/Yawning/horse25519 +[foobar2019]: https://github.com/foobar2019 +[^1]: https://spec.torproject.org/rend-spec/index.html +[^2]: https://gitlab.torproject.org/tpo/core/torspec/-/raw/main/attic/text_formats/rend-spec-v3.txt diff --git a/README.txt b/README.txt deleted file mode 100644 index 63e202b..0000000 --- a/README.txt +++ /dev/null @@ -1,41 +0,0 @@ -mkp224o - vanity address generator for ed25519 onion services - -This tool generates vanity ed25519 (hidden service version 3, formely known as proposal 224) onion addresses. -For context, see . - -REQUIREMENTS: -C99 compatible compiler, libsodium, GNU make, GNU autoconf, UNIX-like platform (currently tested in Linux and OpenBSD). - -BUILDING: -`./autogen.sh` to generate configure script, if it's not there already. -`./configure` to generate makefile; in *BSD platforms you probably want to use -`./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`. -You probably also want to pass something like "--enable-amd64-51-30k" -or "--enable-donna" to configure script for faster key generation; -run `./configure --help` to see all available options. -Finally, `make` to start building (`gmake` in *BSD platforms). - -USAGE: -Generator needs one or more filters to work. -It makes directory with secret/public keys and hostname -for each discovered service. By default root is current -directory, but that can be overridden with -d switch. -Use -s switch to enable printing of statistics, which may be useful -when benchmarking different ed25519 implementations on your machine. -Use -h switch to obtain all available options. -I highly recommend reading OPTIMISATION.txt for performance-related tips. - -CONTACT: -For bug reports/questions/whatever else, email cathugger at cock dot li. -PGP key, if needed, can be found at . - -ACKNOWLEDGEMENTS & LEGAL: -To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. -You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see . - -keccak.c is based on . -ed25519/{ref10,amd64-51-30k,amd64-64-24k} are adopted from SUPERCOP . -ed25519/ed25519-donna adopted from . -Idea used in worker_fast() is stolen from . -base64 routines and initial YAML processing work contributed by Alexander Khristoforov . -Passphrase-based generation code and idea used in worker_batch() contributed by . diff --git a/calcest.c b/calcest.c new file mode 100644 index 0000000..4670598 --- /dev/null +++ b/calcest.c @@ -0,0 +1,48 @@ +#include +#include +#include + +/* + * as per scribblemaniac's explanation: + * t - number of trials + * n - character count + * p - probability + * condition: >=1 matches + * formula: t = log(1-p)/log(1-1/32^n) + * comes from: + * distribution X~Binomial(t, 1/32^n) + * P(X>=1)=p + */ + +const double probs[] = { 0.5, 0.8, 0.9, 0.95, 0.99 }; +const int charcounts[] = { 2, 3, 4, 5, 6, 7, 8, 9, 10 }; + +int main(int argc,char **argv) +{ + // TODO + (void) argc; + (void) argv; + + printf(" |"); + for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { + printf(" %15d%% |",(int)((probs[i]*100)+0.5)); + } + printf("\n"); + + printf("---+"); + for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { + printf("------------------+"); + } + printf("\n"); + + for (size_t i = 0; i < sizeof(charcounts)/sizeof(charcounts[0]); ++i) { + printf("%2d |",charcounts[i]); + for (size_t j = 0; j < sizeof(probs)/sizeof(probs[0]); ++j) { + double t = log2(1 - probs[j]) / log2(1 - (1 / pow(32,charcounts[i]))); + printf(" %16.0f |",t); + } + printf("\n"); + } + + return 0; +} diff --git a/common.h b/common.h index 918e453..8910715 100644 --- a/common.h +++ b/common.h @@ -7,6 +7,9 @@ #define PKPREFIX_SIZE (29 + 3) #define SKPREFIX_SIZE (29 + 3) +extern const char * const pkprefix; +extern const char * const skprefix; + #define FORMATTED_PUBLIC_LEN (PKPREFIX_SIZE + PUBLIC_LEN) #define FORMATTED_SECRET_LEN (SKPREFIX_SIZE + SECRET_LEN) diff --git a/configure.ac b/configure.ac index 9893bd4..a2053c8 100644 --- a/configure.ac +++ b/configure.ac @@ -5,9 +5,45 @@ AC_CONFIG_SRCDIR([main.c]) oldcflags="$CFLAGS" AC_PROG_CC +# determine version +ver="" +if test -r "$srcdir/version.txt" +then + ver=`cat "$srcdir/version.txt"` +elif test -d "$srcdir/.git" +then + if git --version >/dev/null 2>&1 + then + # try matching exact tag + ver=`git -C "$srcdir" describe --tags --exact-match 2>/dev/null` + if test -z "$ver" + then + # otherwise obtain full commit ID + ver=`git -C "$srcdir" rev-parse HEAD 2>/dev/null` + if test -n "$ver" + then + ver=git-$ver + fi + fi + if test -n "$ver" + then + if ! git -C "$srcdir" diff --exit-code >/dev/null 2>&1 + then + # add at the end to mark modified version + ver="$ver"'*' + fi + fi + fi +fi + +if test -z "$ver" +then + ver=unknown +fi + # NOTE: this script intentionally doesn't check for small details like posix functions and hard dependencies (libsodium) so you may get errors at compilation -if test "x$oldcflags" != "x$CFLAGS" +if test x"$oldcflags" != x"$CFLAGS" then oldcflags="-O3" CFLAGS="-march=native" @@ -27,41 +63,28 @@ then CFLAGS="$oldcflags" fi -nopie="" +pie="" oldcflags="$CFLAGS" -CFLAGS="-nopie -Werror" -AC_MSG_CHECKING([whether CC supports -nopie]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [nopie="-nopie"], - [AC_MSG_RESULT([no])] +CFLAGS="-fPIE -Werror" +AC_MSG_CHECKING([whether CC supports -fPIE]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [pie="-fPIE"], + [AC_MSG_RESULT([no])] ) CFLAGS="$oldcflags" -if test "x$nopie" = "x" -then - oldcflags="$CFLAGS" - CFLAGS="-no-pie -Werror" - AC_MSG_CHECKING([whether CC supports -no-pie]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [nopie="-no-pie"], - [AC_MSG_RESULT([no])] - ) - CFLAGS="$oldcflags" -fi - MYDEFS="" MAINLIB="" ed25519impl="" AC_ARG_ENABLE([ref10], [AS_HELP_STRING([--enable-ref10], - [use SUPERCOP ref10 ed25519 implementation @<:@default=yes@:>@])], + [use SUPERCOP ref10 ed25519 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "ref10"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "ref10"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="ref10" ], [] @@ -71,8 +94,8 @@ AC_ARG_ENABLE([amd64-51-30k], [AS_HELP_STRING([--enable-amd64-51-30k], [use SUPERCOP amd64-51-30k ed25519 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_51_30k"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_51_30k"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="amd64_51_30k" ], [] @@ -82,8 +105,8 @@ AC_ARG_ENABLE([amd64-64-24k], [AS_HELP_STRING([--enable-amd64-64-24k], [use SUPERCOP amd64-64-24k ed25519 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_64_24k"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_64_24k"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="amd64_64_24k" ], [] @@ -91,10 +114,10 @@ AC_ARG_ENABLE([amd64-64-24k], AC_ARG_ENABLE([donna], [AS_HELP_STRING([--enable-donna], - [use ed25519-donna implementation @<:@default=no@:>@])], + [use ed25519-donna implementation @<:@default=yes@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="donna" ], [] @@ -104,14 +127,15 @@ AC_ARG_ENABLE([donna-sse2], [AS_HELP_STRING([--enable-donna-sse2], [use ed25519-donna SSE2 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna-sse2"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna-sse2"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="donna-sse2" ], [] ) -AS_IF([test "x$ed25519impl" == "x"],[ed25519impl=ref10]) +# default +AS_IF([test x"$ed25519impl" = x""],[ed25519impl="donna"]) if test "$ed25519impl" = "donna-sse2" then @@ -120,6 +144,8 @@ then CFLAGS="$CFLAGS -msse2" fi + + AC_ARG_ENABLE([intfilter], [AS_HELP_STRING([--enable-intfilter@<:@=(32|64|128|native)@:>@], [use integers of specific size @<:@default=64@:>@ for filtering. faster but limits filter length to: 6 for 32-bit, 12 for 64-bit, 24 for 128-bit @<:@default=no@:>@])], @@ -175,30 +201,38 @@ oldcflags="$CFLAGS" CFLAGS="-std=c99" AC_MSG_CHECKING([whether CC supports -std=c99]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [c99="yes"] - [cstd="-std=c99"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [c99="yes"] + [cstd="-std=c99"], + [AC_MSG_RESULT([no])] ) CFLAGS="$cstd -Wall" AC_MSG_CHECKING([whether CC supports -Wall]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [cstd="$cstd -Wall"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wall"], + [AC_MSG_RESULT([no])] +) + +CFLAGS="$cstd -Wextra" +AC_MSG_CHECKING([whether CC supports -Wextra]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wextra"], + [AC_MSG_RESULT([no])] ) # (negative) detection on clang fails without -Werror CFLAGS="$cstd -Wno-maybe-uninitialized -Werror" AC_MSG_CHECKING([whether CC supports -Wno-maybe-uninitialized]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [cstd="$cstd -Wno-maybe-uninitialized"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wno-maybe-uninitialized"], + [AC_MSG_RESULT([no])] ) -if test "x$c99" = "xyes" -a "x$ed25519impl" != "xdonna" -a "x$enable_intfilter" != "x128" +if test x"$c99" = x"yes" -a x"$ed25519impl" != x"donna" -a x"$enable_intfilter" != x"128" then CFLAGS="$cstd -pedantic" AC_MSG_CHECKING([whether CC supports -pedantic]) @@ -219,7 +253,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#ifndef _WIN32 [AC_MSG_RESULT([no])] ) -if test "x$ed25519impl" = "xdonna" +if test x"$ed25519impl" = x"donna" then CFLAGS="$cstd -Wno-unused-function -Werror" AC_MSG_CHECKING([whether CC supports -Wno-unused-function]) @@ -230,6 +264,34 @@ then ) fi +if test x"$ed25519impl" = x"amd64_64_24k" +then + CFLAGS="$cstd -Wno-unused-const-variable -Werror" + AC_MSG_CHECKING([whether CC supports -Wno-unused-const-variable]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wno-unused-const-variable"], + [AC_MSG_RESULT([no])] + ) +fi + +CFLAGS="$cstd -Wmissing-prototypes -Werror" +AC_MSG_CHECKING([whether CC supports -Wmissing-prototypes]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wmissing-prototypes"], + [AC_MSG_RESULT([no])] +) + +# XXX AC_LANG_PROGRAM produces unsuitable prototype so this check must be last one +CFLAGS="$cstd -Wstrict-prototypes -Werror" +AC_MSG_CHECKING([whether CC supports -Wstrict-prototypes]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wstrict-prototypes"], + [AC_MSG_RESULT([no])] +) + CFLAGS="$oldcflags" AC_ARG_ENABLE([binfilterlen], @@ -237,7 +299,7 @@ AC_ARG_ENABLE([binfilterlen], [set binary string filter length (if you don't use intfilter) @<:@default=32@:>@])], [], [enable_binfilterlen=no] ) -if test "x$enable_binfilterlen" != "xyes" -a "x$enable_binfilterlen" != "xno" +if test x"$enable_binfilterlen" != x"yes" -a x"$enable_binfilterlen" != x"no" then MYDEFS="$MYDEFS -DBINFILTERLEN=$enable_binfilterlen" fi @@ -247,7 +309,7 @@ AC_ARG_ENABLE([binsearch], [enable binary search algoritm; MUCH faster if there are a lot of filters @<:@default=no@:>@])], [], [enable_binsearch=no] ) -if test "x$enable_binsearch" = "xyes" +if test x"$enable_binsearch" = x"yes" then MYDEFS="$MYDEFS -DBINSEARCH" fi @@ -257,7 +319,7 @@ AC_ARG_ENABLE([besort], [force intfilter binsearch case to use big endian sorting and not omit masks from filters; useful if your filters aren't of same length @<:@default=no@:>@])], [], [enable_besort=no] ) -if test "x$enable_besort" = "xyes" +if test x"$enable_besort" = x"yes" then MYDEFS="$MYDEFS -DBESORT" fi @@ -267,14 +329,14 @@ AC_ARG_ENABLE([statistics], [collect statistics @<:@default=yes@:>@])], [], [enable_statistics=yes] ) -if test "x$enable_statistics" = "xyes" +if test x"$enable_statistics" = x"yes" then MYDEFS="$MYDEFS -DSTATISTICS" fi -AC_ARG_WITH([pcre2],[AC_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"]) +AC_ARG_WITH([pcre2],[AS_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"]) -AC_ARG_ENABLE([regex],[AC_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no]) +AC_ARG_ENABLE([regex],[AS_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no]) case "$enable_regex" in no|"") ;; @@ -301,7 +363,7 @@ yes|pcre2) fi else AC_MSG_RESULT([not found]) - AC_ERROR([pcre2-config cannot be executed]) + AC_MSG_ERROR(pcre2-config cannot be executed) fi ;; *) @@ -309,6 +371,19 @@ yes|pcre2) ;; esac + +AC_MSG_CHECKING([whether ARGON2ID13 is supported by libsodium]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[int alg = crypto_pwhash_ALG_ARGON2ID13;(void) alg;]] + )], + [AC_MSG_RESULT([yes])] + [MYDEFS="$MYDEFS -DPASSPHRASE"], + [AC_MSG_RESULT([no])] +) + + # recreate dir tree, because otherwise gcc will fuck up (cd "$srcdir" && find ed25519 -type d) | xargs mkdir -p @@ -316,6 +391,8 @@ AC_SUBST(CSTD,["$cstd"]) AC_SUBST(ED25519IMPL,["$ed25519impl"]) AC_SUBST(MYDEFS,["$MYDEFS"]) AC_SUBST(MAINLIB,["$MAINLIB"]) -AC_SUBST(NOPIE,["$nopie"]) +AC_SUBST(PIE,["$pie"]) AC_SUBST(SRCDIR,["$srcdir"]) -AC_OUTPUT(Makefile) +AC_SUBST(VERSION,["$ver"]) +AC_CONFIG_FILES([GNUmakefile]) +AC_OUTPUT diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile new file mode 100644 index 0000000..afbcc41 --- /dev/null +++ b/contrib/docker/Dockerfile @@ -0,0 +1,14 @@ +FROM alpine:latest AS builder +RUN apk add --no-cache gcc libc-dev libsodium-dev libsodium-static make autoconf git +WORKDIR /app +COPY . . +RUN ./autogen.sh +RUN ./configure --enable-amd64-51-30k CFLAGS="-O3 -march=x86-64 -mtune=generic -fomit-frame-pointer" LDFLAGS="-static" +RUN make +RUN strip mkp224o + +FROM scratch +WORKDIR /app +COPY --from=builder /app/mkp224o . + +ENTRYPOINT ["./mkp224o"] diff --git a/contrib/docker/README.md b/contrib/docker/README.md new file mode 100644 index 0000000..1154fe9 --- /dev/null +++ b/contrib/docker/README.md @@ -0,0 +1,7 @@ +# Usage + +## Building Image Locally +`docker build -f contrib/docker/Dockerfile -t mkp224o .` + +## Running Image Locally +`docker run -it -v $(pwd):/root/data mkp224o neko` diff --git a/contrib/release-scripts/.gitignore b/contrib/release-scripts/.gitignore new file mode 100644 index 0000000..1603eac --- /dev/null +++ b/contrib/release-scripts/.gitignore @@ -0,0 +1,2 @@ +/build +/out diff --git a/contrib/release-scripts/README.md b/contrib/release-scripts/README.md new file mode 100644 index 0000000..6ec2370 --- /dev/null +++ b/contrib/release-scripts/README.md @@ -0,0 +1,2 @@ +packages that work on archlinux: +wine-wow64 mingw-w64-toolchain mingw-w64-ldd mingw-w64-pcre2 mingw-w64-libsodium zip zopfli diff --git a/contrib/release-scripts/release.sh b/contrib/release-scripts/release.sh new file mode 100755 index 0000000..caf57f4 --- /dev/null +++ b/contrib/release-scripts/release.sh @@ -0,0 +1,80 @@ +#!/bin/sh +set -eux + +V=$1 + +D=$(realpath "$0") +D=$(dirname "$D") +cd "$D" + +export TZ=UTC + +mkdir -p build + +export WINEARCH=win64 +export WINEPREFIX=$(realpath ./build/winepfx) +OPATH=$PATH + +rm -rf out +mkdir -p out + +# prepare source +SV=mkp224o-$V +SO=$(realpath ./out/$SV) +git clone ../../ "$SO" +git -C ../../ diff | git -C "$SO" apply --allow-empty +cd "$SO" +rm -rf .git +./autogen.sh +rm -rf *.cache +echo v$V > version.txt +cd ../.. + +# build windows bins +B=$(realpath ./build) +for w in x86_64 i686 +do + cd "$B" + rm -rf $w + mkdir $w + cd $w + p=$w-w64-mingw32 + + case $w in + i686) + CFLAGS="-march=i686 -mtune=generic" + W=32 + ;; + x86_64) + CFLAGS="-march=x86-64 -mtune=generic" + W=64 + ;; + esac + CFLAGS="-O3 $CFLAGS -fomit-frame-pointer" + + export PATH=/usr/$p/bin:$OPATH + ../../out/$SV/configure --enable-regex --enable-donna --with-pcre2="/usr/$p/bin/pcre2-config" CC="${p}-gcc" CFLAGS="$CFLAGS" + make main util + $p-strip mkp224o.exe + $p-strip calcest.exe + cd .. + + BO="$SO-w$W" + mkdir -p "$BO" + cp $w/mkp224o.exe "$BO/" + cp $w/calcest.exe "$BO/" + cd "$BO" + $p-ldd mkp224o.exe | grep -v 'not found' | awk '{print $3}' | xargs -r cp -v -t ./ +done +export PATH=$OPATH + +# compress stuff +cd "$D/out" + +tar --portability --no-acls --no-selinux --no-xattrs --owner root:0 --group=root:0 --sort=name -c -f $SV-src.tar $SV +zopfli -i100 -c $SV-src.tar > $SV-src.tar.gz +zstd -19 -f $SV-src.tar -o $SV-src.tar.zst +rm $SV-src.tar + +zip -9 -X -r $SV-w32.zip $SV-w32 +zip -9 -X -r $SV-w64.zip $SV-w64 diff --git a/contrib/release-scripts/sign.sh b/contrib/release-scripts/sign.sh new file mode 100755 index 0000000..2253276 --- /dev/null +++ b/contrib/release-scripts/sign.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +if [ x"$1" = x ] +then + echo "Usage: $0 key-id" >&2 + exit 1 +fi + +D=$(realpath "$0") +D=$(dirname "$D") +cd "$D" + +export TZ=UTC + +cd out + +gpg --detach-sign -u "$1" mkp224o-*-src.tar.gz +gpg --detach-sign -u "$1" mkp224o-*-src.tar.zst +gpg --detach-sign -u "$1" mkp224o-*-w32.zip +gpg --detach-sign -u "$1" mkp224o-*-w64.zip diff --git a/contrib/vagrant/Vagrantfile b/contrib/vagrant/Vagrantfile new file mode 100644 index 0000000..cdda8cb --- /dev/null +++ b/contrib/vagrant/Vagrantfile @@ -0,0 +1,46 @@ + +# set this to choose the starting prefix of the onion name +filter = "prefix" + +Vagrant.configure("2") do |config| + config.vm.box = "debian/bullseye64" + config.vm.provider :libvirt do |libvirt| + libvirt.cpus = 2 + end + config.vm.synced_folder '.', '/vagrant', disabled: true + config.vm.provision :shell, inline: <<-SHELL + set -ex + + sed -i s,http:,https:, /etc/apt/sources.list + apt-get update + apt-get -qy dist-upgrade + apt-get -qy install --no-install-recommends git gcc libc-dev libsodium-dev make autoconf htop screen +SHELL + + config.vm.provision :shell, privileged: false, inline: <<-SHELL + git clone https://github.com/cathugger/mkp224o.git /home/vagrant/mkp224o +SHELL + + # disable internet access + config.vm.provision "shell", + run: "always", + inline: "ip route del default || true" + + # disable root + config.vm.provision "shell", inline: "passwd --lock root" + config.vm.provision "shell", inline: "SUDO_FORCE_REMOVE=yes dpkg --purge sudo" + + config.vm.provision :shell, privileged: false, inline: <<-SHELL + set -ex + + cd mkp224o + ./autogen.sh + ./configure + make + ./mkp224o -h + + mkdir ~/#{filter} + cd ~/#{filter} + screen -d -m -L -Logfile #{filter}.log -S run-#{filter} nice ~/mkp224o/mkp224o -S 300 #{filter} +SHELL +end diff --git a/ed25519/amd64-51-30k/batch.c b/ed25519/amd64-51-30k/batch.c deleted file mode 100644 index 955392e..0000000 --- a/ed25519/amd64-51-30k/batch.c +++ /dev/null @@ -1,94 +0,0 @@ -#include "crypto_sign.h" - -#include "crypto_verify_32.h" -#include "crypto_hash_sha512.h" -#include "randombytes.h" - -#include "ge25519.h" -#include "hram.h" - -#define MAXBATCH 64 - -int crypto_sign_open_batch( - unsigned char* const m[],unsigned long long mlen[], - unsigned char* const sm[],const unsigned long long smlen[], - unsigned char* const pk[], - unsigned long long num - ) -{ - int ret = 0; - unsigned long long i, j; - shortsc25519 r[MAXBATCH]; - sc25519 scalars[2*MAXBATCH+1]; - ge25519 points[2*MAXBATCH+1]; - unsigned char hram[crypto_hash_sha512_BYTES]; - unsigned long long batchsize; - - for (i = 0;i < num;++i) mlen[i] = -1; - - while (num >= 3) { - batchsize = num; - if (batchsize > MAXBATCH) batchsize = MAXBATCH; - - for (i = 0;i < batchsize;++i) - if (smlen[i] < 64) goto fallback; - - randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize); - - /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */ - for(i=0;itt0=int64#1 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>tt0=%rdi -movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdi +# qhasm: tt0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=int64#1 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=%rdi +movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdi -# qhasm: tt1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=int64#4 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=%rcx -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx +# qhasm: tt1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=int64#4 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=%rcx +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx -# qhasm: tt2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=int64#5 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=%r8 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8 +# qhasm: tt2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=int64#5 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=%r8 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8 -# qhasm: tt3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=int64#10 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=%r12 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12 +# qhasm: tt3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=int64#10 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=%r12 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12 -# qhasm: tt4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=int64#11 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=%r13 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r13 +# qhasm: tt4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=int64#11 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=%r13 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r13 # qhasm: tt0 -= tt2d0 # asm 1: sub +#include "compat.h" -#define fe25519 crypto_sign_ed25519_amd64_51_30k_batch_fe25519 -#define fe25519_freeze crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze -#define fe25519_unpack crypto_sign_ed25519_amd64_51_30k_batch_fe25519_unpack -#define fe25519_pack crypto_sign_ed25519_amd64_51_30k_batch_fe25519_pack -#define fe25519_iszero_vartime crypto_sign_ed25519_amd64_51_30k_batch_fe25519_iszero_vartime -#define fe25519_iseq_vartime crypto_sign_ed25519_amd64_51_30k_batch_fe25519_iseq_vartime -#define fe25519_cmov crypto_sign_ed25519_amd64_51_30k_batch_fe25519_cmov -#define fe25519_setint crypto_sign_ed25519_amd64_51_30k_batch_fe25519_setint -#define fe25519_neg crypto_sign_ed25519_amd64_51_30k_batch_fe25519_neg -#define fe25519_getparity crypto_sign_ed25519_amd64_51_30k_batch_fe25519_getparity -#define fe25519_add crypto_sign_ed25519_amd64_51_30k_batch_fe25519_add -#define fe25519_sub crypto_sign_ed25519_amd64_51_30k_batch_fe25519_sub -#define fe25519_mul crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul -#define fe25519_mul121666 crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul121666 -#define fe25519_square crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square -#define fe25519_nsquare crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare -#define fe25519_invert crypto_sign_ed25519_amd64_51_30k_batch_fe25519_invert -#define fe25519_pow2523 crypto_sign_ed25519_amd64_51_30k_batch_fe25519_pow2523 +#define fe25519 CRYPTO_NAMESPACE(batch_fe25519) +#define fe25519_freeze CRYPTO_NAMESPACE(batch_fe25519_freeze) +#define fe25519_unpack CRYPTO_NAMESPACE(batch_fe25519_unpack) +#define fe25519_pack CRYPTO_NAMESPACE(batch_fe25519_pack) +#define fe25519_iszero_vartime CRYPTO_NAMESPACE(batch_fe25519_iszero_vartime) +#define fe25519_iseq_vartime CRYPTO_NAMESPACE(batch_fe25519_iseq_vartime) +#define fe25519_cmov CRYPTO_NAMESPACE(batch_fe25519_cmov) +#define fe25519_setint CRYPTO_NAMESPACE(batch_fe25519_setint) +#define fe25519_neg CRYPTO_NAMESPACE(batch_fe25519_neg) +#define fe25519_getparity CRYPTO_NAMESPACE(batch_fe25519_getparity) +#define fe25519_add CRYPTO_NAMESPACE(batch_fe25519_add) +#define fe25519_sub CRYPTO_NAMESPACE(batch_fe25519_sub) +#define fe25519_mul CRYPTO_NAMESPACE(batch_fe25519_mul) +#define fe25519_square CRYPTO_NAMESPACE(batch_fe25519_square) +#define fe25519_nsquare CRYPTO_NAMESPACE(batch_fe25519_nsquare) +#define fe25519_invert CRYPTO_NAMESPACE(batch_fe25519_invert) +#define fe25519_batchinvert CRYPTO_NAMESPACE(batch_fe25519_batchinvert) +#define fe25519_pow2523 CRYPTO_NAMESPACE(batch_fe25519_pow2523) -typedef struct +typedef struct { - unsigned long long v[5]; + unsigned long long v[5]; } fe25519; -void fe25519_freeze(fe25519 *r); +void fe25519_freeze(fe25519 *r) SYSVABI; void fe25519_unpack(fe25519 *r, const unsigned char x[32]); @@ -52,17 +53,15 @@ void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_mul121666(fe25519 *r, const fe25519 *x); +void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI; -void fe25519_square(fe25519 *r, const fe25519 *x); - -void fe25519_nsquare(fe25519 *r, unsigned long long n); +void fe25519_nsquare(fe25519 *r, unsigned long long n) SYSVABI; void fe25519_invert(fe25519 *r, const fe25519 *x); -void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num); +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset); void fe25519_pow2523(fe25519 *r, const fe25519 *x); diff --git a/ed25519/amd64-51-30k/fe25519_batchinvert.c b/ed25519/amd64-51-30k/fe25519_batchinvert.c index b29387a..d6a66d1 100644 --- a/ed25519/amd64-51-30k/fe25519_batchinvert.c +++ b/ed25519/amd64-51-30k/fe25519_batchinvert.c @@ -1,26 +1,34 @@ #include "fe25519.h" -// tmp MUST != out +// tmp MUST != out or in // in MAY == out -void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num) +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset) { fe25519 acc; fe25519 tmpacc; size_t i; + const fe25519 *inp; + fe25519 *outp; fe25519_setint(&acc,1); + inp = in; for (i = 0;i < num;++i) { tmp[i] = acc; - fe25519_mul(&acc,&acc,in[i]); + fe25519_mul(&acc,&acc,inp); + inp = (const fe25519 *)((const char *)inp + offset); } fe25519_invert(&acc,&acc); i = num; + inp = (const fe25519 *)((const char *)in + offset * num); + outp = (fe25519 *)((char *)out + offset * num); while (i--) { - fe25519_mul(&tmpacc,&acc,in[i]); - fe25519_mul(out[i],&acc,&tmp[i]); + inp = (const fe25519 *)((const char *)inp - offset); + outp = (fe25519 *)((char *)outp - offset); + fe25519_mul(&tmpacc,&acc,inp); + fe25519_mul(outp,&acc,&tmp[i]); acc = tmpacc; } } diff --git a/ed25519/amd64-51-30k/fe25519_freeze.s b/ed25519/amd64-51-30k/fe25519_freeze.S similarity index 94% rename from ed25519/amd64-51-30k/fe25519_freeze.s rename to ed25519/amd64-51-30k/fe25519_freeze.S index 5cd0b1d..0435525 100644 --- a/ed25519/amd64-51-30k/fe25519_freeze.s +++ b/ed25519/amd64-51-30k/fe25519_freeze.S @@ -63,13 +63,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze +# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_freeze) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze -.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze -_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze: -crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze: +.globl _CRYPTO_NAMESPACE(batch_fe25519_freeze) +.globl CRYPTO_NAMESPACE(batch_fe25519_freeze) +_CRYPTO_NAMESPACE(batch_fe25519_freeze): +CRYPTO_NAMESPACE(batch_fe25519_freeze): mov %rsp,%r11 and $31,%r11 add $64,%r11 @@ -135,10 +135,10 @@ movq 24(%rdi),%r8 # asm 2: movq 32(r4=%r9 movq 32(%rdi),%r9 -# qhasm: two51minus1 = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=%rax -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rax +# qhasm: two51minus1 = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=%rax +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rax # qhasm: two51minus19 = two51minus1 # asm 1: mov two51minus19=int64#8 diff --git a/ed25519/amd64-51-30k/fe25519_mul.s b/ed25519/amd64-51-30k/fe25519_mul.S similarity index 97% rename from ed25519/amd64-51-30k/fe25519_mul.s rename to ed25519/amd64-51-30k/fe25519_mul.S index 9d6c537..cbcdbe9 100644 --- a/ed25519/amd64-51-30k/fe25519_mul.s +++ b/ed25519/amd64-51-30k/fe25519_mul.S @@ -97,13 +97,13 @@ # qhasm: stack64 mulx419_stack -# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul +# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_mul) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul -.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul -_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul: -crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul: +.globl _CRYPTO_NAMESPACE(batch_fe25519_mul) +.globl CRYPTO_NAMESPACE(batch_fe25519_mul) +_CRYPTO_NAMESPACE(batch_fe25519_mul): +CRYPTO_NAMESPACE(batch_fe25519_mul): mov %rsp,%r11 and $31,%r11 add $96,%r11 @@ -689,10 +689,10 @@ add %rax,%r14 # asm 2: adc mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.r0) << 13 # asm 1: shld $13,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.r0) << 13 # asm 1: shld $13,squareredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: squarer01 = (squarer01.r0) << 13 # asm 1: shld $13,b0=%r11 mov %rdx,%r11 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,x0=int64#10 @@ -354,10 +354,10 @@ sub %r12,%rdx # asm 2: mov b1=%r12 mov %r8,%r12 -# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x1=int64#11 @@ -379,10 +379,10 @@ sub %r13,%r8 # asm 2: mov b2=%r13 mov %r9,%r13 -# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x2=int64#12 @@ -404,10 +404,10 @@ sub %r14,%r9 # asm 2: mov b3=%r14 mov %rax,%r14 -# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x3=int64#13 @@ -429,10 +429,10 @@ sub %r15,%rax # asm 2: mov b4=%r15 mov %r10,%r15 -# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x4=int64#14 @@ -529,10 +529,10 @@ movq 72(%rcx),%r10 # asm 2: mov t20=%r11 mov %rdx,%r11 -# qhasm: t10 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,rx0=int64#10 @@ -554,10 +554,10 @@ sub %r12,%rdx # asm 2: mov t21=%r12 mov %r8,%r12 -# qhasm: t11 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx1=int64#11 @@ -579,10 +579,10 @@ sub %r13,%r8 # asm 2: mov t22=%r13 mov %r9,%r13 -# qhasm: t12 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx2=int64#12 @@ -604,10 +604,10 @@ sub %r14,%r9 # asm 2: mov t23=%r14 mov %rax,%r14 -# qhasm: t13 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx3=int64#13 @@ -629,10 +629,10 @@ sub %r15,%rax # asm 2: mov t24=%r15 mov %r10,%r15 -# qhasm: t14 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx4=int64#14 @@ -1234,10 +1234,10 @@ add %rax,%r14 # asm 2: adc mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,ry4=%r15 mov %r12,%r15 -# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,mulx319_stack=96(%rsp) movq %rax,96(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: c0 = mulrax # asm 1: mov c0=int64#5 @@ -3117,8 +3117,8 @@ imulq $19,%rdx,%rax # asm 2: movq mulx419_stack=104(%rsp) movq %rax,104(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: c1 = mulrax # asm 1: mov c1=int64#8 @@ -3171,8 +3171,8 @@ mov %rdx,%r11 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: c2 = mulrax # asm 1: mov c2=int64#10 @@ -3189,8 +3189,8 @@ mov %rdx,%r13 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: c3 = mulrax # asm 1: mov c3=int64#12 @@ -3207,8 +3207,8 @@ mov %rdx,%r15 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: c4 = mulrax # asm 1: mov c4=int64#14 @@ -3225,8 +3225,8 @@ mov %rdx,%rbp # asm 2: movq mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 88(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,rz4=%r13 mov %r10,%r13 -# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,z, &in->z, tmp, num, sizeof(ge25519_p3)); for (size_t i = 0; i < num; ++i) { fe25519_mul(&ty, &in[i].y, &in[i].z); diff --git a/ed25519/amd64-51-30k/ge25519_dbl_p1p1.s b/ed25519/amd64-51-30k/ge25519_dbl_p1p1.S similarity index 93% rename from ed25519/amd64-51-30k/ge25519_dbl_p1p1.s rename to ed25519/amd64-51-30k/ge25519_dbl_p1p1.S index 07c7d6e..609203e 100644 --- a/ed25519/amd64-51-30k/ge25519_dbl_p1p1.s +++ b/ed25519/amd64-51-30k/ge25519_dbl_p1p1.S @@ -241,13 +241,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1 +# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1 -.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1 -_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1: -crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1: +.globl _CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1) +.globl CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1) +_CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1): +CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1): mov %rsp,%r11 and $31,%r11 add $224,%r11 @@ -648,10 +648,10 @@ add %rax,%r13 # asm 2: adc squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.a0) << 13 # asm 1: shld $13,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.b0) << 13 # asm 1: shld $13,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.c0) << 13 # asm 1: shld $13,c4_stack=168(%rsp) movq %r11,168(%rsp) -# qhasm: d0 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx +# qhasm: d0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>d0=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>d0=%rdx +movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx -# qhasm: d1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=int64#4 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=%rcx -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx +# qhasm: d1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=int64#4 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=%rcx +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx -# qhasm: d2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=int64#5 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=%r8 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8 +# qhasm: d2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=int64#5 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=%r8 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8 -# qhasm: d3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=int64#6 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=%r9 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9 +# qhasm: d3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=int64#6 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=%r9 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9 -# qhasm: d4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=%rax -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax +# qhasm: d4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=%rax +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax # qhasm: e0 = d0 # asm 1: mov e0=int64#8 @@ -2263,30 +2263,30 @@ movq %r13,64(%rdi) # asm 2: movq squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.rx0) << 13 # asm 1: shld $13,b4=%r14 mov %rax,%r14 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.e0) << 13 # asm 1: shld $13,h4=%r14 mov %r11,%r14 -# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,g4=%rbp mov %r12,%rbp -# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.ry0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,b4=%r15 mov %r10,%r15 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.e0) << 13 # asm 1: shld $13,h4=%r15 mov %r12,%r15 -# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,g4=%rbp mov %rsi,%rbp -# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.ry0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.ry0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.x0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.y0) << 13 # asm 1: shld $13,ysubx4=%r14 mov %r11,%r14 -# qhasm: ysubx0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,x0=int64#13 @@ -2403,10 +2403,10 @@ add %rax,%r13 # asm 2: adc mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.t0) << 13 # asm 1: shld $13,mulx319_stack=96(%rsp) movq %rax,96(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: t2d0 = mulrax # asm 1: mov t2d0=int64#2 @@ -3411,8 +3411,8 @@ imulq $19,%rdx,%rax # asm 2: movq mulx419_stack=104(%rsp) movq %rax,104(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: t2d1 = mulrax # asm 1: mov t2d1=int64#5 @@ -3465,8 +3465,8 @@ mov %rdx,%r9 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: t2d2 = mulrax # asm 1: mov t2d2=int64#8 @@ -3483,8 +3483,8 @@ mov %rdx,%r11 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: t2d3 = mulrax # asm 1: mov t2d3=int64#10 @@ -3501,8 +3501,8 @@ mov %rdx,%r13 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: t2d4 = mulrax # asm 1: mov t2d4=int64#12 @@ -3519,8 +3519,8 @@ mov %rdx,%r15 # asm 2: movq mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 88(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.t2d0) << 13 # asm 1: shld $13,b4=%r15 mov %r10,%r15 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,ry4=%r15 mov %r12,%r15 -# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,rz4=%r13 mov %r10,%r13 -# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,t3=%r14 mov %rsi,%r14 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: q23 = rax # asm 1: mov q23=int64#10 @@ -202,8 +202,8 @@ mov %rdx,%r13 # asm 2: movq 24(rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: q24 = rax # asm 1: mov q24=int64#12 @@ -225,8 +225,8 @@ adc %rdx,%r8 # asm 2: movq 32(rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1 -mulq crypto_sign_ed25519_amd64_64_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1) +mulq CRYPTO_NAMESPACE(batch_MU1)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0 -mulq crypto_sign_ed25519_amd64_64_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0) +mulq CRYPTO_NAMESPACE(batch_MU0)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1 -mulq crypto_sign_ed25519_amd64_64_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1) +mulq CRYPTO_NAMESPACE(batch_MU1)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0 -mulq crypto_sign_ed25519_amd64_64_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0) +mulq CRYPTO_NAMESPACE(batch_MU0)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1 -mulq crypto_sign_ed25519_amd64_64_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1) +mulq CRYPTO_NAMESPACE(batch_MU1)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q33 += rax # asm 1: add rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: r20 = rax # asm 1: mov r20=int64#5 @@ -761,8 +761,8 @@ mov %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 -mulq crypto_sign_ed25519_amd64_64_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) +mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip) # qhasm: r21 = rax # asm 1: mov r21=int64#8 @@ -789,8 +789,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 -mulq crypto_sign_ed25519_amd64_64_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) +mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip) # qhasm: r22 = rax # asm 1: mov r22=int64#9 @@ -817,8 +817,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3 -mulq crypto_sign_ed25519_amd64_64_ORDER3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3) +mulq CRYPTO_NAMESPACE(batch_ORDER3)(%rip) # qhasm: free rdx @@ -837,8 +837,8 @@ add %r9,%r12 # asm 2: movq rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: carry? r21 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 -mulq crypto_sign_ed25519_amd64_64_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) +mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 -mulq crypto_sign_ed25519_amd64_64_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) +mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip) # qhasm: free rdx @@ -913,8 +913,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 -mulq crypto_sign_ed25519_amd64_64_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) +mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip) # qhasm: free rdx @@ -956,8 +956,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: free rdx @@ -1026,25 +1026,25 @@ sbb %r12,%rsi # asm 2: mov t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,= 3) { - batchsize = num; - if (batchsize > MAXBATCH) batchsize = MAXBATCH; - - for (i = 0;i < batchsize;++i) - if (smlen[i] < 64) goto fallback; - - randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize); - - /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */ - for(i=0;i +#include "compat.h" -#define fe25519 crypto_sign_ed25519_amd64_64_fe25519 -#define fe25519_freeze crypto_sign_ed25519_amd64_64_fe25519_freeze -#define fe25519_unpack crypto_sign_ed25519_amd64_64_fe25519_unpack -#define fe25519_pack crypto_sign_ed25519_amd64_64_fe25519_pack -#define fe25519_iszero_vartime crypto_sign_ed25519_amd64_64_fe25519_iszero_vartime -#define fe25519_iseq_vartime crypto_sign_ed25519_amd64_64_fe25519_iseq_vartime -#define fe25519_cmov crypto_sign_ed25519_amd64_64_fe25519_cmov -#define fe25519_setint crypto_sign_ed25519_amd64_64_fe25519_setint -#define fe25519_neg crypto_sign_ed25519_amd64_64_fe25519_neg -#define fe25519_getparity crypto_sign_ed25519_amd64_64_fe25519_getparity -#define fe25519_add crypto_sign_ed25519_amd64_64_fe25519_add -#define fe25519_sub crypto_sign_ed25519_amd64_64_fe25519_sub -#define fe25519_mul crypto_sign_ed25519_amd64_64_fe25519_mul -#define fe25519_mul121666 crypto_sign_ed25519_amd64_64_fe25519_mul121666 -#define fe25519_square crypto_sign_ed25519_amd64_64_fe25519_square -#define fe25519_invert crypto_sign_ed25519_amd64_64_fe25519_invert -#define fe25519_batchinvert crypto_sign_ed25519_amd64_64_fe25519_batchinvert -#define fe25519_pow2523 crypto_sign_ed25519_amd64_64_fe25519_pow2523 +#define fe25519 CRYPTO_NAMESPACE(fe25519) +#define fe25519_freeze CRYPTO_NAMESPACE(fe25519_freeze) +#define fe25519_unpack CRYPTO_NAMESPACE(fe25519_unpack) +#define fe25519_pack CRYPTO_NAMESPACE(fe25519_pack) +#define fe25519_iszero_vartime CRYPTO_NAMESPACE(fe25519_iszero_vartime) +#define fe25519_iseq_vartime CRYPTO_NAMESPACE(fe25519_iseq_vartime) +#define fe25519_cmov CRYPTO_NAMESPACE(fe25519_cmov) +#define fe25519_setint CRYPTO_NAMESPACE(fe25519_setint) +#define fe25519_neg CRYPTO_NAMESPACE(fe25519_neg) +#define fe25519_getparity CRYPTO_NAMESPACE(fe25519_getparity) +#define fe25519_add CRYPTO_NAMESPACE(fe25519_add) +#define fe25519_sub CRYPTO_NAMESPACE(fe25519_sub) +#define fe25519_mul CRYPTO_NAMESPACE(fe25519_mul) +#define fe25519_square CRYPTO_NAMESPACE(fe25519_square) +#define fe25519_invert CRYPTO_NAMESPACE(fe25519_invert) +#define fe25519_batchinvert CRYPTO_NAMESPACE(fe25519_batchinvert) +#define fe25519_pow2523 CRYPTO_NAMESPACE(fe25519_pow2523) -typedef struct +typedef struct { - unsigned long long v[4]; + unsigned long long v[4]; } fe25519; -void fe25519_freeze(fe25519 *r); +void fe25519_freeze(fe25519 *r) SYSVABI; void fe25519_unpack(fe25519 *r, const unsigned char x[32]); @@ -48,21 +48,19 @@ int fe25519_iszero_vartime(const fe25519 *x); int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_mul121666(fe25519 *r, const fe25519 *x); - -void fe25519_square(fe25519 *r, const fe25519 *x); +void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI; void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e); void fe25519_invert(fe25519 *r, const fe25519 *x); -void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num); +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset); void fe25519_pow2523(fe25519 *r, const fe25519 *x); diff --git a/ed25519/amd64-64-24k/fe25519_add.s b/ed25519/amd64-64-24k/fe25519_add.S similarity index 94% rename from ed25519/amd64-64-24k/fe25519_add.s rename to ed25519/amd64-64-24k/fe25519_add.S index b2e5625..de57080 100644 --- a/ed25519/amd64-64-24k/fe25519_add.s +++ b/ed25519/amd64-64-24k/fe25519_add.S @@ -65,13 +65,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_add +# qhasm: enter CRYPTO_NAMESPACE(fe25519_add) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_fe25519_add -.globl crypto_sign_ed25519_amd64_64_fe25519_add -_crypto_sign_ed25519_amd64_64_fe25519_add: -crypto_sign_ed25519_amd64_64_fe25519_add: +.globl _CRYPTO_NAMESPACE(fe25519_add) +.globl CRYPTO_NAMESPACE(fe25519_add) +_CRYPTO_NAMESPACE(fe25519_add): +CRYPTO_NAMESPACE(fe25519_add): mov %rsp,%r11 and $31,%r11 add $0,%r11 diff --git a/ed25519/amd64-64-24k/fe25519_batchinvert.c b/ed25519/amd64-64-24k/fe25519_batchinvert.c index b29387a..d6a66d1 100644 --- a/ed25519/amd64-64-24k/fe25519_batchinvert.c +++ b/ed25519/amd64-64-24k/fe25519_batchinvert.c @@ -1,26 +1,34 @@ #include "fe25519.h" -// tmp MUST != out +// tmp MUST != out or in // in MAY == out -void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num) +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset) { fe25519 acc; fe25519 tmpacc; size_t i; + const fe25519 *inp; + fe25519 *outp; fe25519_setint(&acc,1); + inp = in; for (i = 0;i < num;++i) { tmp[i] = acc; - fe25519_mul(&acc,&acc,in[i]); + fe25519_mul(&acc,&acc,inp); + inp = (const fe25519 *)((const char *)inp + offset); } fe25519_invert(&acc,&acc); i = num; + inp = (const fe25519 *)((const char *)in + offset * num); + outp = (fe25519 *)((char *)out + offset * num); while (i--) { - fe25519_mul(&tmpacc,&acc,in[i]); - fe25519_mul(out[i],&acc,&tmp[i]); + inp = (const fe25519 *)((const char *)inp - offset); + outp = (fe25519 *)((char *)outp - offset); + fe25519_mul(&tmpacc,&acc,inp); + fe25519_mul(outp,&acc,&tmp[i]); acc = tmpacc; } } diff --git a/ed25519/amd64-64-24k/fe25519_freeze.s b/ed25519/amd64-64-24k/fe25519_freeze.S similarity index 96% rename from ed25519/amd64-64-24k/fe25519_freeze.s rename to ed25519/amd64-64-24k/fe25519_freeze.S index dea2902..f0f15be 100644 --- a/ed25519/amd64-64-24k/fe25519_freeze.s +++ b/ed25519/amd64-64-24k/fe25519_freeze.S @@ -63,13 +63,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_freeze +# qhasm: enter CRYPTO_NAMESPACE(fe25519_freeze) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_fe25519_freeze -.globl crypto_sign_ed25519_amd64_64_fe25519_freeze -_crypto_sign_ed25519_amd64_64_fe25519_freeze: -crypto_sign_ed25519_amd64_64_fe25519_freeze: +.globl _CRYPTO_NAMESPACE(fe25519_freeze) +.globl CRYPTO_NAMESPACE(fe25519_freeze) +_CRYPTO_NAMESPACE(fe25519_freeze): +CRYPTO_NAMESPACE(fe25519_freeze): mov %rsp,%r11 and $31,%r11 add $64,%r11 diff --git a/ed25519/amd64-64-24k/fe25519_mul.s b/ed25519/amd64-64-24k/fe25519_mul.S similarity index 96% rename from ed25519/amd64-64-24k/fe25519_mul.s rename to ed25519/amd64-64-24k/fe25519_mul.S index 7e24518..5c67c9f 100644 --- a/ed25519/amd64-64-24k/fe25519_mul.s +++ b/ed25519/amd64-64-24k/fe25519_mul.S @@ -89,13 +89,13 @@ # qhasm: int64 muli38 -# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_mul +# qhasm: enter CRYPTO_NAMESPACE(fe25519_mul) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_fe25519_mul -.globl crypto_sign_ed25519_amd64_64_fe25519_mul -_crypto_sign_ed25519_amd64_64_fe25519_mul: -crypto_sign_ed25519_amd64_64_fe25519_mul: +.globl _CRYPTO_NAMESPACE(fe25519_mul) +.globl CRYPTO_NAMESPACE(fe25519_mul) +_CRYPTO_NAMESPACE(fe25519_mul): +CRYPTO_NAMESPACE(fe25519_mul): mov %rsp,%r11 and $31,%r11 add $64,%r11 @@ -651,8 +651,8 @@ adc %rdx,%r11 # asm 2: mov mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -669,8 +669,8 @@ mov %r9,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#2 @@ -443,8 +443,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r11 mov %rdx,%r11 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1225,8 +1225,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1907,8 +1907,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -2759,8 +2759,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulx0=%r12 movq 56(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul c1=%r14 mov %rdx,%r14 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul mulx1=%r12 movq 64(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulx2=%r12 movq 72(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulx3=%r12 movq 80(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -3441,8 +3441,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -4123,8 +4123,8 @@ mov %r9,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add z, &in->z, tmp, num, sizeof(ge25519_p3)); for (size_t i = 0; i < num; ++i) { fe25519_mul(&ty, &in[i].y, &in[i].z); diff --git a/ed25519/amd64-64-24k/ge25519_dbl_p1p1.s b/ed25519/amd64-64-24k/ge25519_dbl_p1p1.S similarity index 98% rename from ed25519/amd64-64-24k/ge25519_dbl_p1p1.s rename to ed25519/amd64-64-24k/ge25519_dbl_p1p1.S index 7909a98..f6b7d22 100644 --- a/ed25519/amd64-64-24k/ge25519_dbl_p1p1.s +++ b/ed25519/amd64-64-24k/ge25519_dbl_p1p1.S @@ -233,13 +233,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1 +# qhasm: enter CRYPTO_NAMESPACE(ge25519_dbl_p1p1) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1 -.globl crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1 -_crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1: -crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1: +.globl _CRYPTO_NAMESPACE(ge25519_dbl_p1p1) +.globl CRYPTO_NAMESPACE(ge25519_dbl_p1p1) +_CRYPTO_NAMESPACE(ge25519_dbl_p1p1): +CRYPTO_NAMESPACE(ge25519_dbl_p1p1): mov %rsp,%r11 and $31,%r11 add $192,%r11 @@ -575,8 +575,8 @@ adc %rdx,%rcx # asm 2: mov squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#9 @@ -593,8 +593,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r12 mov %rdx,%r12 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#9 @@ -1060,8 +1060,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r12 mov %rdx,%r12 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#9 @@ -1527,8 +1527,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r12 mov %rdx,%r12 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add squarerax=%rax mov %r10,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#8 @@ -2649,8 +2649,8 @@ mov %r11,%rax # asm 2: mov squarer5=%r11 mov %rdx,%r11 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1078,8 +1078,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1760,8 +1760,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -2612,8 +2612,8 @@ mov %r8,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -3549,8 +3549,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -4231,8 +4231,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -4913,8 +4913,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -5595,8 +5595,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1087,8 +1087,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1769,8 +1769,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -2621,8 +2621,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -676,8 +676,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1358,8 +1358,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -2040,8 +2040,8 @@ mov %r8,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -684,8 +684,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1366,8 +1366,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -2048,8 +2048,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -2730,8 +2730,8 @@ mov %r8,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1015,8 +1015,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1697,8 +1697,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -2549,8 +2549,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -3231,8 +3231,8 @@ mov %r9,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add t3=%r14 mov %rsi,%r14 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: q23 = rax # asm 1: mov q23=int64#10 @@ -202,8 +202,8 @@ mov %rdx,%r13 # asm 2: movq 24(rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: q24 = rax # asm 1: mov q24=int64#12 @@ -225,8 +225,8 @@ adc %rdx,%r8 # asm 2: movq 32(rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1) +mulq CRYPTO_NAMESPACE(MU1)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0) +mulq CRYPTO_NAMESPACE(MU0)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1) +mulq CRYPTO_NAMESPACE(MU1)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0) +mulq CRYPTO_NAMESPACE(MU0)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1) +mulq CRYPTO_NAMESPACE(MU1)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q33 += rax # asm 1: add rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: r20 = rax # asm 1: mov r20=int64#5 @@ -761,8 +761,8 @@ mov %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) +mulq CRYPTO_NAMESPACE(ORDER1)(%rip) # qhasm: r21 = rax # asm 1: mov r21=int64#8 @@ -789,8 +789,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) +mulq CRYPTO_NAMESPACE(ORDER2)(%rip) # qhasm: r22 = rax # asm 1: mov r22=int64#9 @@ -817,8 +817,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER3) +mulq CRYPTO_NAMESPACE(ORDER3)(%rip) # qhasm: free rdx @@ -837,8 +837,8 @@ add %r9,%r12 # asm 2: movq rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: carry? r21 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) +mulq CRYPTO_NAMESPACE(ORDER1)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) +mulq CRYPTO_NAMESPACE(ORDER2)(%rip) # qhasm: free rdx @@ -913,8 +913,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) +mulq CRYPTO_NAMESPACE(ORDER1)(%rip) # qhasm: free rdx @@ -956,8 +956,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: free rdx @@ -1026,25 +1026,25 @@ sbb %r12,%rsi # asm 2: mov t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0, typedef __m128i xmmi; @@ -1110,3 +1112,4 @@ curve25519_move_conditional_bytes(uint8_t out[96], const uint8_t in[96], uint32_ _mm_store_si128((xmmi*)out + 5, a5); } +#endif /* defined(ED25519_SSE2) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h b/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h index c977c26..f8f70d7 100644 --- a/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h +++ b/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h @@ -1,3 +1,5 @@ +#if !defined(ED25519_64BIT) + static const ge25519 ALIGN(16) ge25519_basepoint = { {0x0325d51a,0x018b5823,0x00f6592a,0x0104a92d,0x01a4b31d,0x01d6dc5c,0x027118fe,0x007fd814,0x013cd6e5,0x0085a4db}, {0x02666658,0x01999999,0x00cccccc,0x01333333,0x01999999,0x00666666,0x03333333,0x00cccccc,0x02666666,0x01999999}, @@ -59,3 +61,5 @@ static const ge25519_niels ALIGN(16) ge25519_niels_sliding_multiples[32] = { {{0x01085cf2,0x01fd47af,0x03e3f5e1,0x004b3e99,0x01e3d46a,0x0060033c,0x015ff0a8,0x0150cdd8,0x029e8e21,0x008cf1bc},{0x00156cb1,0x003d623f,0x01a4f069,0x00d8d053,0x01b68aea,0x01ca5ab6,0x0316ae43,0x0134dc44,0x001c8d58,0x0084b343},{0x0318c781,0x0135441f,0x03a51a5e,0x019293f4,0x0048bb37,0x013d3341,0x0143151e,0x019c74e1,0x00911914,0x0076ddde}}, {{0x006bc26f,0x00d48e5f,0x00227bbe,0x00629ea8,0x01ea5f8b,0x0179a330,0x027a1d5f,0x01bf8f8e,0x02d26e2a,0x00c6b65e},{0x01701ab6,0x0051da77,0x01b4b667,0x00a0ce7c,0x038ae37b,0x012ac852,0x03a0b0fe,0x0097c2bb,0x00a017d2,0x01eb8b2a},{0x0120b962,0x0005fb42,0x0353b6fd,0x0061f8ce,0x007a1463,0x01560a64,0x00e0a792,0x01907c92,0x013a6622,0x007b47f1}} }; + +#endif /* !defined(ED25519_64BIT) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h b/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h index 4a6ff9e..f0df467 100644 --- a/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h +++ b/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h @@ -1,3 +1,5 @@ +#if defined(ED25519_64BIT) + static const ge25519 ge25519_basepoint = { {0x00062d608f25d51a,0x000412a4b4f6592a,0x00075b7171a4b31d,0x0001ff60527118fe,0x000216936d3cd6e5}, {0x0006666666666658,0x0004cccccccccccc,0x0001999999999999,0x0003333333333333,0x0006666666666666}, @@ -51,3 +53,5 @@ static const ge25519_niels ge25519_niels_sliding_multiples[32] = { {{0x0007f51ebd085cf2,0x00012cfa67e3f5e1,0x0001800cf1e3d46a,0x00054337615ff0a8,0x000233c6f29e8e21},{0x0000f588fc156cb1,0x000363414da4f069,0x0007296ad9b68aea,0x0004d3711316ae43,0x000212cd0c1c8d58},{0x0004d5107f18c781,0x00064a4fd3a51a5e,0x0004f4cd0448bb37,0x000671d38543151e,0x0001db7778911914}}, {{0x000352397c6bc26f,0x00018a7aa0227bbe,0x0005e68cc1ea5f8b,0x0006fe3e3a7a1d5f,0x00031ad97ad26e2a},{0x00014769dd701ab6,0x00028339f1b4b667,0x0004ab214b8ae37b,0x00025f0aefa0b0fe,0x0007ae2ca8a017d2},{0x000017ed0920b962,0x000187e33b53b6fd,0x00055829907a1463,0x000641f248e0a792,0x0001ed1fc53a6622}} }; + +#endif /* defined(ED25519_64BIT) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-impl-base.h b/ed25519/ed25519-donna/ed25519-donna-impl-base.h index 18736cf..2b8157a 100644 --- a/ed25519/ed25519-donna/ed25519-donna-impl-base.h +++ b/ed25519/ed25519-donna/ed25519-donna-impl-base.h @@ -1,3 +1,5 @@ +#if !defined(ED25519_SSE2) + /* conversions */ @@ -6,15 +8,15 @@ DONNA_INLINE static void ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) { curve25519_mul(r->x, p->x, p->t); curve25519_mul(r->y, p->y, p->z); - curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->z, p->z, p->t); } DONNA_INLINE static void ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) { curve25519_mul(r->x, p->x, p->t); curve25519_mul(r->y, p->y, p->z); - curve25519_mul(r->z, p->z, p->t); - curve25519_mul(r->t, p->x, p->y); + curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->t, p->x, p->y); } static void @@ -188,13 +190,12 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) { r[31] ^= ((parity[0] & 1) << 7); } -// assumes inz[] points to things in in[] // NOTE: leaves in unfinished state static void -ge25519_batchpack_destructive_1(bytes32 out[], ge25519 in[], bignum25519 *inz[], bignum25519 tmp[], size_t num) { +ge25519_batchpack_destructive_1(bytes32 *out, ge25519 *in, bignum25519 *tmp, size_t num) { bignum25519 ty; - curve25519_batchrecip(inz, tmp, inz, num); + curve25519_batchrecip(&in->z, &in->z, tmp, num, sizeof(ge25519)); for (size_t i = 0; i < num; ++i) { curve25519_mul(ty, in[i].y, in[i].z); @@ -274,7 +275,7 @@ ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) { #define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2)) /* computes [s1]p1 + [s2]basepoint */ -static void +static void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) { signed char slide1[256], slide2[256]; ge25519_pniels pre1[S1_TABLE_SIZE]; @@ -369,7 +370,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96] curve25519_add_reduce(r->y, t.xaddy, t.ysubx); memset(r->z, 0, sizeof(bignum25519)); curve25519_copy(r->t, t.t2d); - r->z[0] = 2; + r->z[0] = 2; for (i = 3; i < 64; i += 2) { ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]); ge25519_nielsadd2(r, &t); @@ -387,3 +388,4 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96] } } +#endif /* !defined(ED25519_SSE2) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h b/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h index 2401099..a94d8d2 100644 --- a/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h +++ b/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h @@ -1,3 +1,5 @@ +#if defined(ED25519_SSE2) + /* conversions */ @@ -12,7 +14,7 @@ ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) { curve25519_untangle64(r->x, r->z, xzout); } -static void +static void ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) { packed64bignum25519 ALIGN(16) zy, xt, xx, zz, ty; curve25519_tangle64(ty, p->t, p->y); @@ -220,10 +222,10 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) { // assumes inz[] points to things in in[] // NOTE: leaves in unfinished state static void -ge25519_batchpack_destructive_1(bytes32 out[], ge25519 in[], bignum25519 *inz[], bignum25519 tmp[], size_t num) { +ge25519_batchpack_destructive_1(bytes32 *out, ge25519 *in, bignum25519 *tmp, size_t num) { bignum25519 ALIGN(16) ty; - curve25519_batchrecip(inz, tmp, inz, num); + curve25519_batchrecip(&in->z, &in->z, tmp, num, sizeof(ge25519)); for (size_t i = 0; i < num; ++i) { curve25519_mul(ty, in[i].y, in[i].z); @@ -393,7 +395,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bi ge25519_scalarmult_base_choose_niels(&t, table, 0, b[1]); curve25519_sub_reduce(r->x, t.xaddy, t.ysubx); curve25519_add_reduce(r->y, t.xaddy, t.ysubx); - memset(r->z, 0, sizeof(bignum25519)); + memset(r->z, 0, sizeof(bignum25519)); r->z[0] = 2; curve25519_copy(r->t, t.t2d); for (i = 3; i < 64; i += 2) { @@ -412,3 +414,5 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bi ge25519_nielsadd2(r, &t); } } + +#endif /* defined(ED25519_SSE2) */ diff --git a/ed25519/ed25519-donna/ed25519-donna.h b/ed25519/ed25519-donna/ed25519-donna.h index 1e1dc34..f878a1b 100644 --- a/ed25519/ed25519-donna/ed25519-donna.h +++ b/ed25519/ed25519-donna/ed25519-donna.h @@ -41,22 +41,14 @@ #endif #endif -#if defined(ED25519_SSE2) - #include "curve25519-donna-sse2.h" -#elif defined(ED25519_64BIT) - #include "curve25519-donna-64bit.h" -#else - #include "curve25519-donna-32bit.h" -#endif +#include "curve25519-donna-sse2.h" +#include "curve25519-donna-64bit.h" +#include "curve25519-donna-32bit.h" #include "curve25519-donna-helpers.h" -/* separate uint128 check for 64 bit sse2 */ -#if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) - #include "modm-donna-64bit.h" -#else - #include "modm-donna-32bit.h" -#endif +#include "modm-donna-64bit.h" +#include "modm-donna-32bit.h" typedef unsigned char hash_512bits[64]; @@ -98,20 +90,15 @@ typedef unsigned char bytes32[32]; #include "ed25519-donna-basepoint-table.h" -#if defined(ED25519_64BIT) - #include "ed25519-donna-64bit-tables.h" - #include "ed25519-donna-64bit-x86.h" -#else - #include "ed25519-donna-32bit-tables.h" - #include "ed25519-donna-64bit-x86-32bit.h" -#endif +#include "ed25519-donna-64bit-tables.h" +#include "ed25519-donna-64bit-x86.h" + +#include "ed25519-donna-32bit-tables.h" +#include "ed25519-donna-64bit-x86-32bit.h" -#if defined(ED25519_SSE2) - #include "ed25519-donna-32bit-sse2.h" - #include "ed25519-donna-64bit-sse2.h" - #include "ed25519-donna-impl-sse2.h" -#else - #include "ed25519-donna-impl-base.h" -#endif +#include "ed25519-donna-32bit-sse2.h" +#include "ed25519-donna-64bit-sse2.h" +#include "ed25519-donna-impl-sse2.h" +#include "ed25519-donna-impl-base.h" diff --git a/ed25519/ed25519-donna/modm-donna-32bit.h b/ed25519/ed25519-donna/modm-donna-32bit.h index dfd76be..c9636e3 100644 --- a/ed25519/ed25519-donna/modm-donna-32bit.h +++ b/ed25519/ed25519-donna/modm-donna-32bit.h @@ -2,6 +2,8 @@ Public domain by Andrew M. */ +/* separate uint128 check for 64 bit sse2 */ +#if !defined(HAVE_UINT128) || defined(ED25519_FORCE_32BIT) /* Arithmetic modulo the group order n = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 @@ -467,3 +469,5 @@ isatmost128bits256_modm_batch(const bignum256modm a) { return (mask == 0); } + +#endif /* !defined(HAVE_UINT128) || defined(ED25519_FORCE_32BIT) */ diff --git a/ed25519/ed25519-donna/modm-donna-64bit.h b/ed25519/ed25519-donna/modm-donna-64bit.h index a47a38a..936e7b0 100644 --- a/ed25519/ed25519-donna/modm-donna-64bit.h +++ b/ed25519/ed25519-donna/modm-donna-64bit.h @@ -2,6 +2,8 @@ Public domain by Andrew M. */ +/* separate uint128 check for 64 bit sse2 */ +#if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) /* Arithmetic modulo the group order n = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 @@ -359,3 +361,5 @@ isatmost128bits256_modm_batch(const bignum256modm a) { return (mask == 0); } + +#endif /* defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) */ diff --git a/ed25519/ed25519.h b/ed25519/ed25519.h index d0c4491..d24a4be 100644 --- a/ed25519/ed25519.h +++ b/ed25519/ed25519.h @@ -1,244 +1,3 @@ #define ED25519_SEEDBYTES 32 #define ED25519_SECRETKEYBYTES 64 #define ED25519_PUBLICKEYBYTES 32 - - -#ifdef ED25519_ref10 -#include "ref10/ed25519.h" -#define ed25519_seckey ed25519_ref10_seckey -#define ed25519_seckey_expand ed25519_ref10_seckey_expand -#define ed25519_pubkey ed25519_ref10_pubkey -#define ed25519_keygen ed25519_ref10_keygen -#include "ref10/ge.h" - -#define GEZ(x) ((x).Z) - -/* The basepoint multiplied by 8. */ -static const ge_cached ge_eightpoint = { - /* YplusX */ - { - 48496028, -16430416, 15164263, 11885335, 60784617, -4866353, 46481863, - -2771805, 9708580, 2387263 - }, - /* YmunusX */ - { - -10173472, -5540046, 21277639, 4080693, 1932823, -14916249, -9515873, - -21787995, -36575460, 29827857 - }, - /* Z */ - { - 25143927, -10256223, -3515585, 5715072, 19432778, -14905909, 22462083, - -8862871, 13226552, 743677 - }, - /* T2d */ - { - -784818, -8208065, -28479270, 5551579, 15746872, 4911053, 19117091, - 11267669, -24569594, 14624995 - } -}; -inline static void ge_initeightpoint() {} -#endif - - -#ifdef ED25519_amd64_51_30k -#define ED25519_amd64_common -#else -#ifdef ED25519_amd64_64_24k -#define ED25519_amd64_common -#endif -#endif - - -#ifdef ED25519_amd64_51_30k -#include "amd64-51-30k/ed25519.h" -#include "amd64-51-30k/ge25519.h" -#define ed25519_seckey ed25519_amd64_51_30k_seckey -#define ed25519_seckey_expand ed25519_amd64_51_30k_seckey_expand -#define ed25519_pubkey ed25519_amd64_51_30k_pubkey -#define ed25519_keygen ed25519_amd64_51_30k_keygen -#endif - -#ifdef ED25519_amd64_64_24k -#include "amd64-64-24k/ed25519.h" -#include "amd64-64-24k/ge25519.h" -#define ed25519_seckey ed25519_amd64_64_seckey -#define ed25519_seckey_expand ed25519_amd64_64_seckey_expand -#define ed25519_pubkey ed25519_amd64_64_pubkey -#define ed25519_keygen ed25519_amd64_64_keygen -#endif - - -// common -#ifdef ED25519_amd64_common -#define fe fe25519 -#define ge_p1p1 ge25519_p1p1 -#define ge_p3 ge25519_p3 -#define ge_cached ge25519_pniels -#define ge_p1p1_to_p3 ge25519_p1p1_to_p3 -#define ge_p3_tobytes ge25519_pack -#define ge_add ge25519_pnielsadd_p1p1 - -#define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 -#define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish - -#define GEZ(x) ((x).z) -#endif - - -#ifdef ED25519_amd64_51_30k -static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) -{ - sc25519 scsk; - - sc25519_from32bytes(&scsk,sk); - ge25519_scalarmult_base(gepk,&scsk); -} - -/* The basepoint multiplied by 8. */ -static const ge25519_pniels ge_eightpoint = { - // ysubx - {{ 1880013609944032, 273850692840390, 1250787290086935, 789632210881694, 2001713562248987 }}, - // xaddy - {{ 1149173309373852, 797611345273702, 1925224452816873, 2065787175387590, 160206517707811 }}, - // z - {{ 1563516364368503, 383531986082622, 1251481213240650, 1657022631558786, 49907331879479 }}, - // t2d - {{ 1700965895112270, 372560131616985, 329575203620664, 756160485635107, 981466775886086 }}, -}; -inline static void ge_initeightpoint() {} -#endif - - -#ifdef ED25519_amd64_64_24k -static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) -{ - sc25519 scsk; - - sc25519_from32bytes(&scsk,sk); - ge25519_scalarmult_base(gepk,&scsk); -} - -/* The basepoint multiplied by 8. */ -static const ge25519_pniels ge_eightpoint = { - // ysubx - {{ 6788804652057281504U, 531290374162262565U, 6135835192563885415U, 8199018750971852188U }}, - // xaddy - {{ 1960215011215539612U, 16708348392717346619U, 11897818088205565647U, 656205896531197613U }}, - // z - {{ 15705615417005288055U, 5341641389565279826U, 1966574939768917451U, 204420431378348998U }}, - // t2d - {{ 9713713562319586894U, 4328467261753610859U, 8262494979546083277U, 4020087914029409631U }}, -}; -inline static void ge_initeightpoint() {} -#endif - - -#ifdef ED25519_donna -#define ED25519_CUSTOMRANDOM -#define ED25519_CUSTOMHASH -#include -#include -#include "ed25519-donna/ed25519-donna.h" - -static int ed25519_seckey_expand(unsigned char *sk,const unsigned char *seed) -{ - crypto_hash_sha512(sk,seed,32); - sk[0] &= 248; - sk[31] &= 127; - sk[31] |= 64; - - return 0; -} - -static int ed25519_seckey(unsigned char *sk) -{ - unsigned char seed[32]; - - randombytes(seed,32); - return ed25519_seckey_expand(sk,seed); -} - -static int ed25519_pubkey(unsigned char *pk,const unsigned char *sk) -{ - bignum256modm a; - ge25519 ALIGN(16) A; - - expand256_modm(a,sk,32); - ge25519_scalarmult_base_niels(&A,ge25519_niels_base_multiples,a); - ge25519_pack(pk,&A); - - return 0; -} - - -static int ed25519_keypair(unsigned char *pk,unsigned char *sk) -{ - ed25519_seckey(sk); - ed25519_pubkey(pk,sk); - - return 0; -} -// hacky, but works for current stuff in main.c -#define fe bignum25519 ALIGN(16) -#define ge_p1p1 ge25519_p1p1 ALIGN(16) -#define ge_p3 ge25519 ALIGN(16) -#define ge_cached ge25519_pniels ALIGN(16) - -#define ge_p1p1_to_p3 ge25519_p1p1_to_full -#define ge_p3_tobytes ge25519_pack - -#define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 -#define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish - -#define GEZ(x) ((x).z) - -DONNA_INLINE static void ge_add(ge25519_p1p1 *r,const ge25519 *p,const ge25519_pniels *q) -{ - ge25519_pnielsadd_p1p1(r,p,q,0); -} - -DONNA_INLINE static void ge_scalarmult_base(ge25519 *A,const unsigned char *sk) -{ - bignum256modm ALIGN(16) a; - expand256_modm(a,sk,32); - ge25519_scalarmult_base_niels(A,ge25519_niels_base_multiples,a); -} - -static ge25519_pniels ALIGN(16) ge_eightpoint; -// portable representation of (basepoint * 8) -static u8 fe_ysubx[32] = { - 0xE0,0xC3,0x64,0xC7,0xDC,0xAD,0x36,0x5E, - 0x25,0xAA,0x86,0xC8,0xC7,0x85,0x5F,0x07, - 0x67,0x65,0x1C,0x3D,0x99,0xDD,0x26,0x55, - 0x9C,0xB5,0x71,0x1E,0x1D,0xC4,0xC8,0x71, -}; -static u8 fe_xaddy[32] = { - 0x9C,0xFD,0xE3,0xC2,0x2A,0x15,0x34,0x1B, - 0x3B,0xE7,0x62,0xAB,0x56,0xFA,0xDF,0xE7, - 0xCF,0xBE,0xB5,0x8D,0x83,0x8A,0x1D,0xA5, - 0xAD,0x3E,0x42,0x42,0xC9,0x4F,0x1B,0x09, -}; -static u8 fe_z[32] = { - 0x77,0xAA,0x7F,0x85,0x02,0x8E,0xF5,0xD9, - 0x52,0xFE,0x8F,0xE6,0x8A,0x52,0x21,0x4A, - 0xCB,0x8D,0x1C,0x05,0x7D,0xAD,0x4A,0x1B, - 0xC6,0x7B,0x23,0x9D,0x4C,0x3F,0xD6,0x02, -}; -static u8 fe_t2d[32] = { - 0x4E,0x06,0xF4,0xFB,0x04,0x0B,0xCE,0x86, - 0x6B,0x52,0xBB,0x96,0x0A,0xCE,0x11,0x3C, - 0xCD,0xEF,0x4A,0x46,0x68,0x47,0xAA,0x72, - 0x5F,0x65,0x90,0x91,0xA8,0x38,0xCA,0x37, -}; - -// initialize from packed representation -static void ge_initeightpoint() -{ - memset(&ge_eightpoint,0,sizeof(ge_eightpoint)); - curve25519_expand(ge_eightpoint.ysubx,fe_ysubx); - curve25519_expand(ge_eightpoint.xaddy,fe_xaddy); - curve25519_expand(ge_eightpoint.z,fe_z); - curve25519_expand(ge_eightpoint.t2d,fe_t2d); -} - -#endif diff --git a/ed25519/ed25519_impl_post.h b/ed25519/ed25519_impl_post.h new file mode 100644 index 0000000..470ad77 --- /dev/null +++ b/ed25519/ed25519_impl_post.h @@ -0,0 +1,84 @@ + +#undef ed25519_seckey +#undef ed25519_seckey_expand +#undef ed25519_pubkey +#undef ed25519_keygen + +#undef ge_eightpoint +#undef ge_initeightpoint + +#undef ge_add +#undef ge_p3_batchtobytes_destructive_1 +#undef ge_p3_batchtobytes_destructive_finish +#undef ge_scalarmult_base + + +#ifdef ED25519_ref10 + +#undef ge_frombytes_negate_vartime +#undef ge_tobytes +#undef ge_p3_tobytes +#undef ge_p2_0 +#undef ge_p3_0 +#undef ge_precomp_0 +#undef ge_p3_to_p2 +#undef ge_p3_to_cached +#undef ge_p1p1_to_p2 +#undef ge_p1p1_to_p3 +#undef ge_p2_dbl +#undef ge_p3_dbl +#undef ge_madd +#undef ge_msub +#undef ge_sub +#undef ge_scalarmult_base +#undef ge_double_scalarmult_vartime + +#endif + + +#if defined(ED25519_amd64_51_30k) || defined(ED25519_amd64_64_24k) + +#undef ge25519 +#undef ge25519_base +#undef ge25519_unpackneg_vartime +#undef ge25519_pack +#undef ge25519_isneutral_vartime +#undef ge25519_add +#undef ge25519_double +#undef ge25519_double_scalarmult_vartime +#undef ge25519_multi_scalarmult_vartime +#undef ge25519_scalarmult_base +#undef ge25519_p1p1_to_p2 +#undef ge25519_p1p1_to_p3 +#undef ge25519_p1p1_to_pniels +#undef ge25519_add_p1p1 +#undef ge25519_dbl_p1p1 +#undef choose_t +#undef ge25519_nielsadd2 +#undef ge25519_nielsadd_p1p1 +#undef ge25519_pnielsadd_p1p1 +#undef ge25519_p3 + +#undef fe +#undef ge_p1p1 +#undef ge_p3 +#undef ge_p1p1_to_p3 +#undef ge_p3_tobytes + +#endif + + +#ifdef ED25519_donna + +#undef fe_ysubx +#undef fe_xaddy +#undef fe_z +#undef fe_t2d + +#undef fe +#undef ge_p1p1 +#undef ge_p3 +#undef ge_p1p1_to_p3 +#undef ge_p3_tobytes + +#endif diff --git a/ed25519/ed25519_impl_pre.h b/ed25519/ed25519_impl_pre.h new file mode 100644 index 0000000..bc84ad9 --- /dev/null +++ b/ed25519/ed25519_impl_pre.h @@ -0,0 +1,256 @@ + +#ifndef ED25519_donna +# if defined(_MSC_VER) +# define ALIGN(x) __declspec(align(x)) +# elif defined(__GNUC__) +# undef ALIGN +# define ALIGN(x) __attribute__((aligned(x))) +# else +# ifndef ALIGN +# define ALIGN(x) +# endif +# endif +#endif + + +#define ed25519_seckey CRYPTO_NAMESPACE(seckey) +#define ed25519_seckey_expand CRYPTO_NAMESPACE(seckey_expand) +#define ed25519_pubkey CRYPTO_NAMESPACE(pubkey) +#define ed25519_keygen CRYPTO_NAMESPACE(keygen) + +#define ge_eightpoint CRYPTO_NAMESPACE(ge_eightpoint) +#define ge_initeightpoint CRYPTO_NAMESPACE(ge_initeightpoint) + + +#ifdef ED25519_ref10 + +#include "ref10/crypto_sign.h" +#include "ref10/ge.h" + +/* The basepoint multiplied by 8. */ +static const ge_cached ge_eightpoint = { + /* YplusX */ + { + 48496028, -16430416, 15164263, 11885335, 60784617, -4866353, 46481863, + -2771805, 9708580, 2387263 + }, + /* YmunusX */ + { + -10173472, -5540046, 21277639, 4080693, 1932823, -14916249, -9515873, + -21787995, -36575460, 29827857 + }, + /* Z */ + { + 25143927, -10256223, -3515585, 5715072, 19432778, -14905909, 22462083, + -8862871, 13226552, 743677 + }, + /* T2d */ + { + -784818, -8208065, -28479270, 5551579, 15746872, 4911053, 19117091, + 11267669, -24569594, 14624995 + } +}; +inline static void ge_initeightpoint(void) {} + +#endif + + +#ifdef ED25519_amd64_51_30k + +#include "amd64-51-30k/crypto_sign.h" +#include "amd64-51-30k/ge25519.h" + +#endif + + +#ifdef ED25519_amd64_64_24k + +#include "amd64-64-24k/crypto_sign.h" +#include "amd64-64-24k/ge25519.h" + +#endif + + +// common +#if defined(ED25519_amd64_51_30k) || defined(ED25519_amd64_64_24k) + +#define fe fe25519 +#define ge_p1p1 ge25519_p1p1 +#define ge_p3 ge25519_p3 +#define ge_p1p1_to_p3 ge25519_p1p1_to_p3 +#define ge_p3_tobytes ge25519_pack +#define ge_add ge25519_pnielsadd_p1p1 + +#define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 +#define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish + +#define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) + +#endif + + +#ifdef ED25519_amd64_51_30k +static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) +{ + sc25519 scsk; + + sc25519_from32bytes(&scsk,sk); + ge25519_scalarmult_base(gepk,&scsk); +} + +/* The basepoint multiplied by 8. */ +static const ge25519_pniels ge_eightpoint = { + // ysubx + {{ 1880013609944032, 273850692840390, 1250787290086935, 789632210881694, 2001713562248987 }}, + // xaddy + {{ 1149173309373852, 797611345273702, 1925224452816873, 2065787175387590, 160206517707811 }}, + // z + {{ 1563516364368503, 383531986082622, 1251481213240650, 1657022631558786, 49907331879479 }}, + // t2d + {{ 1700965895112270, 372560131616985, 329575203620664, 756160485635107, 981466775886086 }}, +}; +inline static void ge_initeightpoint(void) {} +#endif + + +#ifdef ED25519_amd64_64_24k +static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) +{ + sc25519 scsk; + + sc25519_from32bytes(&scsk,sk); + ge25519_scalarmult_base(gepk,&scsk); +} + +/* The basepoint multiplied by 8. */ +static const ge25519_pniels ge_eightpoint = { + // ysubx + {{ 6788804652057281504U, 531290374162262565U, 6135835192563885415U, 8199018750971852188U }}, + // xaddy + {{ 1960215011215539612U, 16708348392717346619U, 11897818088205565647U, 656205896531197613U }}, + // z + {{ 15705615417005288055U, 5341641389565279826U, 1966574939768917451U, 204420431378348998U }}, + // t2d + {{ 9713713562319586894U, 4328467261753610859U, 8262494979546083277U, 4020087914029409631U }}, +}; +inline static void ge_initeightpoint(void) {} +#endif + + +#ifdef ED25519_donna + +#define ED25519_CUSTOMRANDOM +#define ED25519_CUSTOMHASH +#include +#include +#include "ed25519-donna/ed25519-donna.h" + +static int ed25519_seckey_expand(unsigned char *sk,const unsigned char *seed) +{ + crypto_hash_sha512(sk,seed,32); + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; + + return 0; +} + +static int ed25519_seckey(unsigned char *sk) +{ + unsigned char seed[32]; + + randombytes(seed,32); + return ed25519_seckey_expand(sk,seed); +} + +static int ed25519_pubkey(unsigned char *pk,const unsigned char *sk) +{ + bignum256modm a; + ge25519 ALIGN(16) A; + + expand256_modm(a,sk,32); + ge25519_scalarmult_base_niels(&A,ge25519_niels_base_multiples,a); + ge25519_pack(pk,&A); + + return 0; +} + + +static int ed25519_keypair(unsigned char *pk,unsigned char *sk) +{ + ed25519_seckey(sk); + ed25519_pubkey(pk,sk); + + return 0; +} + +#define fe bignum25519 +#define ge_p1p1 ge25519_p1p1 +#define ge_p3 ge25519 + +#define ge_p1p1_to_p3 ge25519_p1p1_to_full +#define ge_p3_tobytes ge25519_pack + +#define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 +#define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish + + +#define ge_add CRYPTO_NAMESPACE(ge_add) +#define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) + + +DONNA_INLINE static void ge_add(ge25519_p1p1 *r,const ge25519 *p,const ge25519_pniels *q) +{ + ge25519_pnielsadd_p1p1(r,p,q,0); +} + +DONNA_INLINE static void ge_scalarmult_base(ge25519 *A,const unsigned char *sk) +{ + bignum256modm ALIGN(16) a; + expand256_modm(a,sk,32); + ge25519_scalarmult_base_niels(A,ge25519_niels_base_multiples,a); +} + +#define fe_ysubx CRYPTO_NAMESPACE(fe_ysubx) +#define fe_xaddy CRYPTO_NAMESPACE(fe_xaddy) +#define fe_z CRYPTO_NAMESPACE(fe_z) +#define fe_t2d CRYPTO_NAMESPACE(fe_t2d) + +static ge25519_pniels ALIGN(16) ge_eightpoint; +// portable representation of (basepoint * 8) +static u8 fe_ysubx[32] = { + 0xE0,0xC3,0x64,0xC7,0xDC,0xAD,0x36,0x5E, + 0x25,0xAA,0x86,0xC8,0xC7,0x85,0x5F,0x07, + 0x67,0x65,0x1C,0x3D,0x99,0xDD,0x26,0x55, + 0x9C,0xB5,0x71,0x1E,0x1D,0xC4,0xC8,0x71, +}; +static u8 fe_xaddy[32] = { + 0x9C,0xFD,0xE3,0xC2,0x2A,0x15,0x34,0x1B, + 0x3B,0xE7,0x62,0xAB,0x56,0xFA,0xDF,0xE7, + 0xCF,0xBE,0xB5,0x8D,0x83,0x8A,0x1D,0xA5, + 0xAD,0x3E,0x42,0x42,0xC9,0x4F,0x1B,0x09, +}; +static u8 fe_z[32] = { + 0x77,0xAA,0x7F,0x85,0x02,0x8E,0xF5,0xD9, + 0x52,0xFE,0x8F,0xE6,0x8A,0x52,0x21,0x4A, + 0xCB,0x8D,0x1C,0x05,0x7D,0xAD,0x4A,0x1B, + 0xC6,0x7B,0x23,0x9D,0x4C,0x3F,0xD6,0x02, +}; +static u8 fe_t2d[32] = { + 0x4E,0x06,0xF4,0xFB,0x04,0x0B,0xCE,0x86, + 0x6B,0x52,0xBB,0x96,0x0A,0xCE,0x11,0x3C, + 0xCD,0xEF,0x4A,0x46,0x68,0x47,0xAA,0x72, + 0x5F,0x65,0x90,0x91,0xA8,0x38,0xCA,0x37, +}; + +// initialize from packed representation +static void ge_initeightpoint(void) +{ + memset(&ge_eightpoint,0,sizeof(ge_eightpoint)); + curve25519_expand(ge_eightpoint.ysubx,fe_ysubx); + curve25519_expand(ge_eightpoint.xaddy,fe_xaddy); + curve25519_expand(ge_eightpoint.z,fe_z); + curve25519_expand(ge_eightpoint.t2d,fe_t2d); +} + +#endif diff --git a/ed25519/ref10/crypto_sign.h b/ed25519/ref10/crypto_sign.h index 71b2543..35b0a74 100644 --- a/ed25519/ref10/crypto_sign.h +++ b/ed25519/ref10/crypto_sign.h @@ -1,8 +1,9 @@ -#define crypto_sign ed25519_ref10_sign -#define crypto_sign_keypair ed25519_ref10_keygen -#define crypto_sign_seckey ed25519_ref10_seckey -#define crypto_sign_seckey_expand ed25519_ref10_seckey_expand -#define crypto_sign_pubkey ed25519_ref10_pubkey -#define crypto_sign_open ed25519_ref10_open +#define crypto_sign CRYPTO_NAMESPACE(sign) +#define crypto_sign_keypair CRYPTO_NAMESPACE(keygen) +#define crypto_sign_seckey CRYPTO_NAMESPACE(seckey) +#define crypto_sign_seckey_expand CRYPTO_NAMESPACE(seckey_expand) +#define crypto_sign_pubkey CRYPTO_NAMESPACE(pubkey) +#define crypto_sign_open CRYPTO_NAMESPACE(open) +#define crypto_sign_open_batch CRYPTO_NAMESPACE(open_batch) #include "ed25519.h" diff --git a/ed25519/ref10/ed25519.h b/ed25519/ref10/ed25519.h index 406aafc..2122ad5 100644 --- a/ed25519/ref10/ed25519.h +++ b/ed25519/ref10/ed25519.h @@ -1,13 +1,13 @@ -int ed25519_ref10_seckey(unsigned char *sk); -int ed25519_ref10_seckey_expand(unsigned char *sk,const unsigned char *seed); -int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk); -int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk); -int ed25519_ref10_sign( +int crypto_sign_seckey(unsigned char *sk); +int crypto_sign_seckey_expand(unsigned char *sk,const unsigned char *seed); +int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk); +int crypto_sign_keypair(unsigned char *pk,unsigned char *sk); +int crypto_sign( unsigned char *sm,unsigned long long *smlen, const unsigned char *m,unsigned long long mlen, const unsigned char *sk ); -int ed25519_ref10_open( +int crypto_sign_open( unsigned char *m,unsigned long long *mlen, const unsigned char *sm,unsigned long long smlen, const unsigned char *pk diff --git a/ed25519/ref10/fe.h b/ed25519/ref10/fe.h index 97ffb78..4613170 100644 --- a/ed25519/ref10/fe.h +++ b/ed25519/ref10/fe.h @@ -14,25 +14,24 @@ t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on context. */ -#define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes -#define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes -#define fe_copy crypto_sign_ed25519_ref10_fe_copy -#define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero -#define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative -#define fe_0 crypto_sign_ed25519_ref10_fe_0 -#define fe_1 crypto_sign_ed25519_ref10_fe_1 -#define fe_cswap crypto_sign_ed25519_ref10_fe_cswap -#define fe_cmov crypto_sign_ed25519_ref10_fe_cmov -#define fe_add crypto_sign_ed25519_ref10_fe_add -#define fe_sub crypto_sign_ed25519_ref10_fe_sub -#define fe_neg crypto_sign_ed25519_ref10_fe_neg -#define fe_mul crypto_sign_ed25519_ref10_fe_mul -#define fe_sq crypto_sign_ed25519_ref10_fe_sq -#define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2 -#define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666 -#define fe_invert crypto_sign_ed25519_ref10_fe_invert -#define fe_batchinvert crypto_sign_ed25519_ref10_fe_batchinvert -#define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523 +#define fe_frombytes CRYPTO_NAMESPACE(fe_frombytes) +#define fe_tobytes CRYPTO_NAMESPACE(fe_tobytes) +#define fe_copy CRYPTO_NAMESPACE(fe_copy) +#define fe_isnonzero CRYPTO_NAMESPACE(fe_isnonzero) +#define fe_isnegative CRYPTO_NAMESPACE(fe_isnegative) +#define fe_0 CRYPTO_NAMESPACE(fe_0) +#define fe_1 CRYPTO_NAMESPACE(fe_1) +#define fe_cswap CRYPTO_NAMESPACE(fe_cswap) +#define fe_cmov CRYPTO_NAMESPACE(fe_cmov) +#define fe_add CRYPTO_NAMESPACE(fe_add) +#define fe_sub CRYPTO_NAMESPACE(fe_sub) +#define fe_neg CRYPTO_NAMESPACE(fe_neg) +#define fe_mul CRYPTO_NAMESPACE(fe_mul) +#define fe_sq CRYPTO_NAMESPACE(fe_sq) +#define fe_sq2 CRYPTO_NAMESPACE(fe_sq2) +#define fe_invert CRYPTO_NAMESPACE(fe_invert) +#define fe_batchinvert CRYPTO_NAMESPACE(fe_batchinvert) +#define fe_pow22523 CRYPTO_NAMESPACE(fe_pow22523) extern void fe_frombytes(fe,const unsigned char *); extern void fe_tobytes(unsigned char *,const fe); @@ -51,9 +50,8 @@ extern void fe_neg(fe,const fe); extern void fe_mul(fe,const fe,const fe); extern void fe_sq(fe,const fe); extern void fe_sq2(fe,const fe); -extern void fe_mul121666(fe,const fe); extern void fe_invert(fe,const fe); -extern void fe_batchinvert(fe *out[],fe tmp[],fe * const in[], size_t num); +extern void fe_batchinvert(fe *out,fe *in,fe *tmp,size_t num,size_t shift); extern void fe_pow22523(fe,const fe); #endif diff --git a/ed25519/ref10/fe_batchinvert.c b/ed25519/ref10/fe_batchinvert.c index 91d40d1..10e2e0e 100644 --- a/ed25519/ref10/fe_batchinvert.c +++ b/ed25519/ref10/fe_batchinvert.c @@ -1,26 +1,34 @@ #include "fe.h" -// tmp MUST != out +// tmp MUST != out or in // in MAY == out -void fe_batchinvert(fe *out[],fe tmp[],fe * const in[], size_t num) +void fe_batchinvert(fe *out,fe *in,fe *tmp,size_t num,size_t shift) { fe acc; fe tmpacc; size_t i; + fe *inp; + fe *outp; fe_1(acc); + inp = in; for (i = 0;i < num;++i) { fe_copy(tmp[i],acc); - fe_mul(acc,acc,*in[i]); + fe_mul(acc,acc,*inp); + inp = (fe *)((char *)inp + shift); } fe_invert(acc,acc); i = num; + inp = (fe *)((char *)in + shift * num); + outp = (fe *)((char *)out + shift * num); while (i--) { - fe_mul(tmpacc,acc,*in[i]); - fe_mul(*out[i],acc,tmp[i]); + inp = (fe *)((char *)inp - shift); + outp = (fe *)((char *)outp - shift); + fe_mul(tmpacc,acc,*inp); + fe_mul(*outp,acc,tmp[i]); fe_copy(acc,tmpacc); } } diff --git a/ed25519/ref10/fe_isnonzero.c b/ed25519/ref10/fe_isnonzero.c index 0261e92..4756800 100644 --- a/ed25519/ref10/fe_isnonzero.c +++ b/ed25519/ref10/fe_isnonzero.c @@ -9,7 +9,7 @@ Preconditions: |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static const unsigned char zero[32] = {0}; +static const unsigned char zero[32]; int fe_isnonzero(const fe f) { diff --git a/ed25519/ref10/ge.h b/ed25519/ref10/ge.h index 1f01f3d..c69a5b3 100644 --- a/ed25519/ref10/ge.h +++ b/ed25519/ref10/ge.h @@ -52,32 +52,32 @@ typedef struct { typedef unsigned char bytes32[32]; -#define ge_frombytes_negate_vartime crypto_sign_ed25519_ref10_ge_frombytes_negate_vartime -#define ge_tobytes crypto_sign_ed25519_ref10_ge_tobytes -#define ge_p3_tobytes crypto_sign_ed25519_ref10_ge_p3_tobytes -#define ge_p3_batchtobytes_destructive_1 crypto_sign_ed25519_ref10_ge_p3_batchtobytes_destructive_1 -#define ge_p3_batchtobytes_destructive_finish crypto_sign_ed25519_ref10_ge_p3_batchtobytes_destructive_finish +#define ge_frombytes_negate_vartime CRYPTO_NAMESPACE(ge_frombytes_negate_vartime) +#define ge_tobytes CRYPTO_NAMESPACE(ge_tobytes) +#define ge_p3_tobytes CRYPTO_NAMESPACE(ge_p3_tobytes) +#define ge_p3_batchtobytes_destructive_1 CRYPTO_NAMESPACE(ge_p3_batchtobytes_destructive_1) +#define ge_p3_batchtobytes_destructive_finish CRYPTO_NAMESPACE(ge_p3_batchtobytes_destructive_finish) -#define ge_p2_0 crypto_sign_ed25519_ref10_ge_p2_0 -#define ge_p3_0 crypto_sign_ed25519_ref10_ge_p3_0 -#define ge_precomp_0 crypto_sign_ed25519_ref10_ge_precomp_0 -#define ge_p3_to_p2 crypto_sign_ed25519_ref10_ge_p3_to_p2 -#define ge_p3_to_cached crypto_sign_ed25519_ref10_ge_p3_to_cached -#define ge_p1p1_to_p2 crypto_sign_ed25519_ref10_ge_p1p1_to_p2 -#define ge_p1p1_to_p3 crypto_sign_ed25519_ref10_ge_p1p1_to_p3 -#define ge_p2_dbl crypto_sign_ed25519_ref10_ge_p2_dbl -#define ge_p3_dbl crypto_sign_ed25519_ref10_ge_p3_dbl +#define ge_p2_0 CRYPTO_NAMESPACE(ge_p2_0) +#define ge_p3_0 CRYPTO_NAMESPACE(ge_p3_0) +#define ge_precomp_0 CRYPTO_NAMESPACE(ge_precomp_0) +#define ge_p3_to_p2 CRYPTO_NAMESPACE(ge_p3_to_p2) +#define ge_p3_to_cached CRYPTO_NAMESPACE(ge_p3_to_cached) +#define ge_p1p1_to_p2 CRYPTO_NAMESPACE(ge_p1p1_to_p2) +#define ge_p1p1_to_p3 CRYPTO_NAMESPACE(ge_p1p1_to_p3) +#define ge_p2_dbl CRYPTO_NAMESPACE(ge_p2_dbl) +#define ge_p3_dbl CRYPTO_NAMESPACE(ge_p3_dbl) -#define ge_madd crypto_sign_ed25519_ref10_ge_madd -#define ge_msub crypto_sign_ed25519_ref10_ge_msub -#define ge_add crypto_sign_ed25519_ref10_ge_add -#define ge_sub crypto_sign_ed25519_ref10_ge_sub -#define ge_scalarmult_base crypto_sign_ed25519_ref10_ge_scalarmult_base -#define ge_double_scalarmult_vartime crypto_sign_ed25519_ref10_ge_double_scalarmult_vartime +#define ge_madd CRYPTO_NAMESPACE(ge_madd) +#define ge_msub CRYPTO_NAMESPACE(ge_msub) +#define ge_add CRYPTO_NAMESPACE(ge_add) +#define ge_sub CRYPTO_NAMESPACE(ge_sub) +#define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) +#define ge_double_scalarmult_vartime CRYPTO_NAMESPACE(ge_double_scalarmult_vartime) extern void ge_tobytes(unsigned char *,const ge_p2 *); extern void ge_p3_tobytes(unsigned char *,const ge_p3 *); -extern void ge_p3_batchtobytes_destructive_1(bytes32 out[],ge_p3 in[],fe *inz[],fe tmp[],size_t num); +extern void ge_p3_batchtobytes_destructive_1(bytes32 *out,ge_p3 *in,fe *tmp,size_t num); extern void ge_p3_batchtobytes_destructive_finish(bytes32 out,ge_p3 *unf); extern int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *); diff --git a/ed25519/ref10/ge_double_scalarmult.c b/ed25519/ref10/ge_double_scalarmult.c index f8bf4bf..a2df6e9 100644 --- a/ed25519/ref10/ge_double_scalarmult.c +++ b/ed25519/ref10/ge_double_scalarmult.c @@ -32,7 +32,7 @@ static void slide(signed char *r,const unsigned char *a) } -static ge_precomp Bi[8] = { +static const ge_precomp Bi[8] = { #include "base2.h" } ; diff --git a/ed25519/ref10/ge_p3_batchtobytes.c b/ed25519/ref10/ge_p3_batchtobytes.c index 6b886c8..46605a9 100644 --- a/ed25519/ref10/ge_p3_batchtobytes.c +++ b/ed25519/ref10/ge_p3_batchtobytes.c @@ -2,11 +2,11 @@ // inz is ge_p3.Z pointer array. contents to .Zs will be overwritten // NOTE: leaves in unfinished state -void ge_p3_batchtobytes_destructive_1(bytes32 out[],ge_p3 in[],fe *inz[],fe tmp[],size_t num) +void ge_p3_batchtobytes_destructive_1(bytes32 *out,ge_p3 *in,fe *tmp,size_t num) { fe y; - fe_batchinvert(inz,tmp,inz,num); + fe_batchinvert(&in->Z,&in->Z,tmp,num,sizeof(ge_p3)); for (size_t i = 0;i < num;++i) { fe_mul(y,in[i].Y,in[i].Z); diff --git a/ed25519/ref10/ge_p3_tobytes.c b/ed25519/ref10/ge_p3_tobytes.c index b251f60..21cb2fc 100644 --- a/ed25519/ref10/ge_p3_tobytes.c +++ b/ed25519/ref10/ge_p3_tobytes.c @@ -1,6 +1,6 @@ #include "ge.h" -void ge_p3_tobytes(bytes32 s,const ge_p3 *h) +void ge_p3_tobytes(unsigned char *s,const ge_p3 *h) { fe recip; fe x; diff --git a/ed25519/ref10/ge_scalarmult_base.c b/ed25519/ref10/ge_scalarmult_base.c index 421e4fa..6707547 100644 --- a/ed25519/ref10/ge_scalarmult_base.c +++ b/ed25519/ref10/ge_scalarmult_base.c @@ -19,7 +19,7 @@ static unsigned char negative(signed char b) return x; } -static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b) +static void cmov(ge_precomp *t,const ge_precomp *u,unsigned char b) { fe_cmov(t->yplusx,u->yplusx,b); fe_cmov(t->yminusx,u->yminusx,b); @@ -27,7 +27,7 @@ static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b) } /* base[i][j] = (j+1)*256^i*B */ -static ge_precomp base[32][8] = { +static const ge_precomp base[32][8] = { #include "base.h" } ; diff --git a/ed25519/ref10/sc.h b/ed25519/ref10/sc.h index d32ed2e..81c8594 100644 --- a/ed25519/ref10/sc.h +++ b/ed25519/ref10/sc.h @@ -6,8 +6,8 @@ The set of scalars is \Z/l where l = 2^252 + 27742317777372353535851937790883648493. */ -#define sc_reduce crypto_sign_ed25519_ref10_sc_reduce -#define sc_muladd crypto_sign_ed25519_ref10_sc_muladd +#define sc_reduce CRYPTO_NAMESPACE(sc_reduce) +#define sc_muladd CRYPTO_NAMESPACE(sc_muladd) extern void sc_reduce(unsigned char *); extern void sc_muladd(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); diff --git a/filters.h b/filters.h index ffd4c75..71f0118 100644 --- a/filters.h +++ b/filters.h @@ -92,4 +92,5 @@ extern struct pfiltervec filters; extern int flattened; extern void filters_init(void); +extern void filters_add(const char *filter); extern size_t filters_count(void); diff --git a/filters_common.inc.h b/filters_common.inc.h index 613e694..abeb0fe 100644 --- a/filters_common.inc.h +++ b/filters_common.inc.h @@ -1,10 +1,11 @@ #ifdef INTFILTER -static inline size_t filter_len(size_t i) +static inline size_t S(filter_len)(size_t i) { # ifndef OMITMASK const u8 *m = (const u8 *)&VEC_BUF(filters,i).m; # else // OMITMASK + (void) i; const u8 *m = (const u8 *)&ifiltermask; # endif // OMITMASK size_t c = 0; @@ -23,12 +24,13 @@ static inline size_t filter_len(size_t i) } return c; } +#define filter_len S(filter_len) #endif // INTFILTER #ifdef BINFILTER -static inline size_t filter_len(size_t i) +static inline size_t S(filter_len)(size_t i) { size_t c = VEC_BUF(filters,i).len * 8; u8 v = VEC_BUF(filters,i).mask; @@ -41,6 +43,7 @@ static inline size_t filter_len(size_t i) v <<= 1; } } +#define filter_len S(filter_len) #endif // BINFILTER diff --git a/filters_inc.inc.h b/filters_inc.inc.h new file mode 100644 index 0000000..5eb7f72 --- /dev/null +++ b/filters_inc.inc.h @@ -0,0 +1 @@ +#define S(x) x diff --git a/filters_main.inc.h b/filters_main.inc.h index c4a6399..e986f9d 100644 --- a/filters_main.inc.h +++ b/filters_main.inc.h @@ -1,5 +1,6 @@ #include "filters_common.inc.h" +#include "ifilter_bitsum.h" #ifdef INTFILTER @@ -17,106 +18,63 @@ static inline int filter_compare(const void *p1,const void *p2) # ifdef EXPANDMASK /* - * for mask expansion, we need to figure out how much bits - * we need to fill in with different values. - * while in big endian machines this is quite easy, - * representation we use for little endian ones may - * leave gap of bits we don't want to touch. - * - * initial idea draft: - * - * raw representation -- FF.FF.F0.00 - * big endian -- 0xFFFFF000 - * little endian -- 0x00F0FFFF - * b: 0xFFffF000 ^ 0xFFff0000 -> 0x0000F000 - * 0x0000F000 + 1 -> 0x0000F001 - * 0x0000F000 & 0x0000F001 -> 0x0000F000 <- shifted mask - * 0x0000F000 ^ 0x0000F000 -> 0x00000000 <- direct mask - * 0x0000F000 ^ 0x00000000 -> 0x0000F000 <- shifted mask - * l: 0x00f0FFff ^ 0x0000FFff -> 0x00f00000 - * 0x00f00000 + 1 -> 0x00f00001 - * 0x00f00000 & 0x00f00001 -> 0x00f00000 <- shifted mask - * 0x00f00000 ^ 0x00f00000 -> 0x00000000 <- direct mask - * 0x00f00000 ^ 0x00000000 -> 0x00f00000 <- shifted mask - * - * b: 0xFFffFFff ^ 0xF0000000 -> 0x0FffFFff - * 0x0FffFFff + 1 -> 0x10000000 - * 0x0FffFFff & 0x10000000 -> 0x00000000 <- shifted mask - * 0x0FffFFff ^ 0x00000000 -> 0x0FffFFff <- direct mask - * 0x0FffFFff ^ 0x0FffFFff -> 0x00000000 <- shifted mask - * l: 0xFFffFFff ^ 0x000000f0 -> 0xFFffFF0f - * 0xFFffFF0f + 1 -> 0xFFffFF10 - * 0xFFffFF0f & 0xFFffFF10 -> 0xFFffFF00 <- shifted mask - * 0xFFffFF0f ^ 0xFFffFF00 -> 0x0000000f <- direct mask - * 0xFFffFF0f ^ 0x0000000f -> 0xFFffFF00 <- shifted mask - * - * essentially, we have to make direct mask + shifted mask bits worth of information - * and then split it into 2 parts - * we do not need absolute shifted mask shifting value, just relative to direct mask - * 0x0sss00dd - shifted & direct mask combo - * 0x000sssdd - combined mask - * 8 - relshiftval - * generate values from 0x00000000 to 0x000sssdd - * for each value, realmask <- (val & 0x000000dd) | ((val & 0x000sss00) << relshiftval) - * or.. - * realmask <- (val & 0x000000dd) | ((val << relshiftval) & 0x0sss0000) - * ... - * - * above method doesn't work in some cases. better way: - * - * l: 0x80ffFFff ^ 0x00f0FFff -> 0x800f0000 - * 0x800f0000 >> 16 -> 0x0000800f - * 0x0000800f + 1 -> 0x00008010 - * 0x0000800f & 0x00008010 -> 0x00008000 <- smask - * 0x0000800f ^ 0x00008000 -> 0x0000000f <- dmask - * - * cross <- difference between mask we desire and mask we currently have - * shift cross to left variable ammount of times to eliminate zeros - * save shift ammount as ishift (initial shift) - * then, we eliminate first area of ones; if there was no gap, result is already all zeros - * save this thing as smask. it's only higher bits. - * XOR smask and cross; result is only lower bits. - * shift smask to left variable ammount of times until gap is eliminated. - * save resulting mask as cmask; - * save resulting shift value as rshift. + * so we have 2 masks with basically random bits + * we first gonna find where these masks are common + * then we gonna find where new mask has more bits than old + * common areas must be unchanged + * gaps in both must be unchanged + * but new bits must be filled + * therefore, lets just fill old gaps and common areas with 1s + * before add, OR with these 1s + * then perform add. these 1s have property to push positive bits to 0s + * we already know how much new gaps we need to fill, so this wont overflow + * after this addition, AND result with NEG of combined mask, and OR with old value + * this will produce new proper value + * we need to re-fill 1s before every add to keep structure working */ int flattened = 0; -#define EXPVAL(init,j,dmask,smask,ishift,rshift) \ - ((init) | ((((j) & (dmask)) | (((j) << (rshift)) & (smask))) << (ishift))) // add expanded set of values // allocates space on its own static void ifilter_addexpanded( struct intfilter *ifltr, - IFT dmask,IFT smask,IFT cmask, - int ishift,int rshift) + register IFT newbits, + register IFT notnewbits, + register IFT newbitsum) { flattened = 1; size_t i = VEC_LENGTH(filters); - VEC_ADDN(filters,cmask + 1); + VEC_ADDN(filters,newbitsum + 1); + register IFT x = ifltr->f; + register IFT y = 0; for (size_t j = 0;;++j) { - VEC_BUF(filters,i + j).f = - EXPVAL(ifltr->f,j,dmask,smask,ishift,rshift); - if (j == cmask) + VEC_BUF(filters,i + j).f = x | y; + if (j == newbitsum) break; + y = ((y | notnewbits) + 1) & newbits; } } // expand existing stuff // allocates needed stuff on its own -static void ifilter_expand(IFT dmask,IFT smask,IFT cmask,int ishift,int rshift) +static void ifilter_expand( + register IFT newbits, + register IFT notnewbits, + register IFT newbitsum) { flattened = 1; size_t len = VEC_LENGTH(filters); - VEC_ADDN(filters,cmask * len); - size_t esz = cmask + 1; // size of expanded elements + VEC_ADDN(filters,newbitsum * len); + size_t esz = newbitsum + 1; // size of expanded elements for (size_t i = len - 1;;--i) { + register IFT x = VEC_BUF(filters,i).f; + register IFT y = 0; for (IFT j = 0;;++j) { - VEC_BUF(filters,i * esz + j).f = - EXPVAL(VEC_BUF(filters,i).f,j,dmask,smask,ishift,rshift); - if (j == cmask) + VEC_BUF(filters,i * esz + j).f = x | y; + if (j == newbitsum) break; + y = ((y | notnewbits) + 1) & newbits; } if (i == 0) break; @@ -136,27 +94,21 @@ static inline void ifilter_addflatten(struct intfilter *ifltr,IFT mask) VEC_ADD(filters,*ifltr); return; } - IFT cross = ifiltermask ^ mask; - int ishift = 0; - while ((cross & 1) == 0) { - ++ishift; - cross >>= 1; - } - IFT smask = cross & (cross + 1); // shift mask - IFT dmask = cross ^ smask; // direct mask - IFT cmask; // combined mask - int rshift = 0; // relative shift - while (cmask = (smask >> rshift) | dmask,(cmask & (cmask + 1)) != 0) - ++rshift; - // preparations done + + IFT newbits = ifiltermask ^ mask; + IFT notnewbits = ~newbits; + IFT newbitsum = ifilter_bitsum(newbits); + if (ifiltermask > mask) { - // already existing stuff has more precise mask than we - // so we need to expand our stuff - ifilter_addexpanded(ifltr,dmask,smask,cmask,ishift,rshift); + // current mask covers more bits + // expand new filter + ifilter_addexpanded(ifltr,newbits,notnewbits,newbitsum); } else { + // new filter mask covers more bits + // adjust current mask and expand current filters ifiltermask = mask; - ifilter_expand(dmask,smask,cmask,ishift,rshift); + ifilter_expand(newbits,notnewbits,newbitsum); VEC_ADD(filters,*ifltr); } } @@ -395,7 +347,7 @@ void filters_add(const char *filter) memset(&bf,0,sizeof(bf)); if (!base32_valid(filter,&ret)) { - fprintf(stderr,"filter \"%s\" is invalid\n",filter); + fprintf(stderr,"filter \"%s\" is not valid base32 string\n",filter); fprintf(stderr," "); while (ret--) fputc(' ',stderr); @@ -496,10 +448,14 @@ static void filters_prepare(void) #endif } -static void loadfilterfile(const char *fname) +static bool loadfilterfile(const char *fname) { char buf[128]; FILE *f = fopen(fname,"r"); + if (!f) { + fprintf(stderr,"failed to load filter file \"%s\": %s\n",fname,strerror(errno)); + return false; + } while (fgets(buf,sizeof(buf),f)) { for (char *p = buf;*p;++p) { if (*p == '\n') { @@ -510,4 +466,11 @@ static void loadfilterfile(const char *fname) if (*buf && *buf != '#' && memcmp(buf,"//",2) != 0) filters_add(buf); } + int fe = ferror(f); + fclose(f); + if (fe != 0) { + fprintf(stderr,"failure while reading filter file \"%s\": %s\n",fname,strerror(fe)); + return false; + } + return true; } diff --git a/ifilter_bitsum.h b/ifilter_bitsum.h new file mode 100644 index 0000000..2c0a5db --- /dev/null +++ b/ifilter_bitsum.h @@ -0,0 +1,32 @@ + +#ifdef EXPANDMASK + +#ifdef __GNUC__ + +static IFT ifilter_bitsum(IFT x) +{ + if (sizeof(IFT) == 16) + return (((IFT) 1) << + (__builtin_popcountll((unsigned long long) (x >> (sizeof(IFT) * 8 / 2))) + + __builtin_popcountll((unsigned long long) x))) - 1; + if (sizeof(IFT) == 8) + return (((IFT) 1) << __builtin_popcountll((unsigned long long) x)) - 1; + + return (((IFT) 1) << __builtin_popcount((unsigned int) x)) - 1; +} + +#else // __GNUC__ + +static IFT ifilter_bitsum(IFT x) +{ + int v = 0; + while (x != 0) { + x &= x - 1; + v++; + } + return (((IFT) 1) << v) - 1; +} + +#endif // __GNUC__ + +#endif // EXPANDMASK diff --git a/ioutil.c b/ioutil.c index f3b4c1f..5d1edca 100644 --- a/ioutil.c +++ b/ioutil.c @@ -1,7 +1,10 @@ #include #include +#include #include "types.h" #include "ioutil.h" +#include "vec.h" +#include #ifndef _WIN32 @@ -31,7 +34,7 @@ FH createfile(const char *path,int secret) int fd; do { fd = open(path,O_WRONLY | O_CREAT | O_TRUNC,secret ? 0600 : 0666); - if (fd == -1) { + if (fd < 0) { if (errno == EINTR) continue; return -1; @@ -45,7 +48,7 @@ int closefile(FH fd) int cret; do { cret = close(fd); - if (cret == -1) { + if (cret < 0) { if (errno == EINTR) continue; return -1; @@ -59,6 +62,122 @@ int createdir(const char *path,int secret) return mkdir(path,secret ? 0700 : 0777); } +static int syncwritefile(const char *filename,const char *tmpname,int secret,const u8 *data,size_t datalen) +{ + FH f = createfile(tmpname,secret); + if (f == FH_invalid) + return -1; + + if (writeall(f,data,datalen) < 0) { + goto failclose; + } + + int sret; + do { + sret = fsync(f); + if (sret < 0) { + if (errno == EINTR) + continue; + + goto failclose; + } + } while (0); + + if (closefile(f) < 0) { + goto failrm; + } + + if (rename(tmpname,filename) < 0) { + goto failrm; + } + + return 0; + +failclose: + (void) closefile(f); +failrm: + remove(tmpname); + + return -1; +} + +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen) +{ + //fprintf(stderr,"filename = %s\n",filename); + + size_t fnlen = strlen(filename); + + VEC_STRUCT(,char) tmpnamebuf; + VEC_INIT(tmpnamebuf); + VEC_ADDN(tmpnamebuf,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); + memcpy(&VEC_BUF(tmpnamebuf,0),filename,fnlen); + strcpy(&VEC_BUF(tmpnamebuf,fnlen),".tmp"); + const char *tmpname = &VEC_BUF(tmpnamebuf,0); + + //fprintf(stderr,"tmpname = %s\n",tmpname); + + int r = syncwritefile(filename,tmpname,secret,data,datalen); + + VEC_FREE(tmpnamebuf); + + if (r < 0) + return r; + + VEC_STRUCT(,char) dirnamebuf; + VEC_INIT(dirnamebuf); + const char *dirname; + + for (ssize_t x = ((ssize_t)fnlen) - 1;x >= 0;--x) { + if (filename[x] == '/') { + if (x) + --x; + ++x; + VEC_ADDN(dirnamebuf,x + 1); + memcpy(&VEC_BUF(dirnamebuf,0),filename,x); + VEC_BUF(dirnamebuf,x) = '\0'; + dirname = &VEC_BUF(dirnamebuf,0); + goto foundslash; + } + } + /* not found slash, fall back to "." */ + dirname = "."; + +foundslash: + //fprintf(stderr,"dirname = %s\n",dirname); + ; + + int dirf; + do { + dirf = open(dirname,O_RDONLY); + if (dirf < 0) { + if (errno == EINTR) + continue; + + // failed for non-eintr reasons + goto skipdsync; // don't really care enough + } + } while (0); + + int sret; + do { + sret = fsync(dirf); + if (sret < 0) { + if (errno == EINTR) + continue; + + // failed for non-eintr reasons + break; // don't care + } + } while (0); + + (void) closefile(dirf); // don't care + +skipdsync: + VEC_FREE(dirnamebuf); + + return 0; +} + #else int writeall(FH fd,const u8 *data,size_t len) @@ -95,9 +214,72 @@ int closefile(FH fd) int createdir(const char *path,int secret) { // XXX don't know how to handle secret argument + (void) secret; return CreateDirectoryA(path,0) ? 0 : -1; } +static int syncwritefile(const char *filename,const char *tmpname,int secret,const u8 *data,size_t datalen) +{ + FH f = createfile(tmpname,secret); + if (f == FH_invalid) { + //fprintf(stderr,"!failed to create\n"); + return -1; + } + + + if (writeall(f,data,datalen) < 0) { + //fprintf(stderr,"!failed to write\n"); + goto failclose; + } + + if (FlushFileBuffers(f) == 0) { + //fprintf(stderr,"!failed to flush\n"); + goto failclose; + } + + if (closefile(f) < 0) { + //fprintf(stderr,"!failed to close\n"); + goto failrm; + } + + if (MoveFileExA(tmpname,filename,MOVEFILE_REPLACE_EXISTING) == 0) { + //fprintf(stderr,"!failed to move\n"); + goto failrm; + } + + return 0; + +failclose: + (void) closefile(f); +failrm: + remove(tmpname); + + return -1; +} + +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen) +{ + size_t fnlen = strlen(filename); + + VEC_STRUCT(,char) tmpnamebuf; + VEC_INIT(tmpnamebuf); + VEC_ADDN(tmpnamebuf,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); + memcpy(&VEC_BUF(tmpnamebuf,0),filename,fnlen); + strcpy(&VEC_BUF(tmpnamebuf,fnlen),".tmp"); + const char *tmpname = &VEC_BUF(tmpnamebuf,0); + + int r = syncwritefile(filename,tmpname,secret,data,datalen); + + VEC_FREE(tmpnamebuf); + + if (r < 0) + return r; + + // can't fsync parent dir on windows so just end here + + return 0; +} + #endif int writetofile(const char *path,const u8 *data,size_t len,int secret) diff --git a/ioutil.h b/ioutil.h index c7a1dab..5244508 100644 --- a/ioutil.h +++ b/ioutil.h @@ -18,3 +18,4 @@ int closefile(FH fd); int writeall(FH,const u8 *data,size_t len); int writetofile(const char *path,const u8 *data,size_t len,int secret); int createdir(const char *path,int secret); +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen); diff --git a/main.c b/main.c index 804ceba..213698a 100644 --- a/main.c +++ b/main.c @@ -2,7 +2,9 @@ #include #include +#include #include +#include #include #include #include @@ -27,6 +29,8 @@ #include "worker.h" +#include "likely.h" + #ifndef _WIN32 #define FSZ "%zu" #else @@ -34,7 +38,8 @@ #endif // Argon2 hashed passphrase stretching settings -#define PWHASH_OPSLIMIT 64 +// NOTE: changing these will break compatibility +#define PWHASH_OPSLIMIT 48 #define PWHASH_MEMLIMIT 64 * 1024 * 1024 #define PWHASH_ALG crypto_pwhash_ALG_ARGON2ID13 @@ -55,6 +60,11 @@ size_t printlen; // precalculated, related to printstartpos pthread_mutex_t fout_mutex; FILE *fout; +#ifdef PASSPHRASE +u8 orig_determseed[SEED_LEN]; +const char *checkpointfile = 0; +#endif + static void termhandler(int sig) { switch (sig) { @@ -80,47 +90,73 @@ VEC_STRUCT(tstatsvec,struct tstatstruct); static void printhelp(FILE *out,const char *progname) { fprintf(out, - "Usage: %s filter [filter...] [options]\n" - " %s -f filterfile [options]\n" + // 1 2 3 4 5 6 7 + //1234567890123456789012345678901234567890123456789012345678901234567890123456789 + "Usage: %s FILTER [FILTER...] [OPTION]\n" + " %s -f FILTERFILE [OPTION]\n" "Options:\n" - "\t-h - print help to stdout and quit\n" - "\t-f - specify filter file which contains filters separated by newlines\n" - "\t-D - deduplicate filters\n" - "\t-q - do not print diagnostic output to stderr\n" - "\t-x - do not print onion names\n" - "\t-v - print more diagnostic data\n" - "\t-o filename - output onion names to specified file (append)\n" - "\t-O filename - output onion names to specified file (overwrite)\n" - "\t-F - include directory names in onion names output\n" - "\t-d dirname - output directory\n" - "\t-t numthreads - specify number of threads to utilise (default - CPU core count or 1)\n" - "\t-j numthreads - same as -t\n" - "\t-n numkeys - specify number of keys (default - 0 - unlimited)\n" - "\t-N numwords - specify number of words per key (default - 1)\n" - "\t-z - use faster key generation method; this is now default\n" - "\t-Z - use slower key generation method\n" - "\t-B - use batching key generation method (>10x faster than -z, experimental)\n" - "\t-s - print statistics each 10 seconds\n" - "\t-S t - print statistics every specified ammount of seconds\n" - "\t-T - do not reset statistics counters when printing\n" - "\t-y - output generated keys in YAML format instead of dumping them to filesystem\n" - "\t-Y [filename [host.onion]] - parse YAML encoded input and extract key(s) to filesystem\n" + " -f FILTERFILE specify filter file which contains filters separated\n" + " by newlines.\n" + " -D deduplicate filters.\n" + " -q do not print diagnostic output to stderr.\n" + " -x do not print onion names.\n" + " -v print more diagnostic data.\n" + " -o FILENAME output onion names to specified file (append).\n" + " -O FILENAME output onion names to specified file (overwrite).\n" + " -F include directory names in onion names output.\n" + " -d DIRNAME output directory.\n" + " -t NUMTHREADS specify number of threads to utilise\n" + " (default - try detecting CPU core count).\n" + " -j NUMTHREADS same as -t.\n" + " -n NUMKEYS specify number of keys (default - 0 - unlimited).\n" + " -N NUMWORDS specify number of words per key (default - 1).\n" + " -Z deprecated, does nothing.\n" + " -z deprecated, does nothing.\n" + " -B use batching key generation method (current default).\n" + " -s print statistics each 10 seconds.\n" + " -S SECONDS print statistics every specified amount of seconds.\n" + " -T do not reset statistics counters when printing.\n" + " -y output generated keys in YAML format instead of\n" + " dumping them to filesystem.\n" + " -Y [FILENAME [host.onion]]\n" + " parse YAML encoded input and extract key(s) to\n" + " filesystem.\n" #ifdef PASSPHRASE - "\t-p passphrase - use passphrase to initialize the random seed with\n" - "\t-P - same as -p, but takes passphrase from PASSPHRASE environment variable\n" + " -p PASSPHRASE use passphrase to initialize the random seed with.\n" + " -P same as -p, but takes passphrase from PASSPHRASE\n" + " environment variable.\n" + " --checkpoint filename\n" + " load/save checkpoint of progress to specified file\n" + " (requires passphrase).\n" + " --skipnear skip near passphrase keys; you probably want this\n" + " because of improved safety unless you're trying to\n" + " regenerate an old key; possible future default.\n" + " --warnnear print warning about passphrase key being near another\n" + " (safety hazard); prefer --skipnear to this unless\n" + " you're regenerating an old key.\n" #endif + " --rawyaml raw (unprefixed) public/secret keys for -y/-Y\n" + " (may be useful for tor controller API).\n" + " -h, --help, --usage print help to stdout and quit.\n" + " -V, --version print version information to stdout and exit.\n" ,progname,progname); fflush(out); } -static void e_additional() +static void printversion(void) +{ + fprintf(stdout,"mkp224o " VERSION "\n"); + fflush(stdout); +} + +static void e_additional(void) { fprintf(stderr,"additional argument required\n"); exit(1); } #ifndef STATISTICS -static void e_nostatistics() +static void e_nostatistics(void) { fprintf(stderr,"statistics support not compiled in\n"); exit(1); @@ -169,23 +205,76 @@ static void setpassphrase(const char *pass) } fprintf(stderr," done.\n"); } + +static void savecheckpoint(void) +{ + u8 checkpoint[SEED_LEN]; + bool carry = 0; + pthread_mutex_lock(&determseed_mutex); + for (int i = 0; i < SEED_LEN; i++) { + checkpoint[i] = determseed[i] - orig_determseed[i] - carry; + carry = checkpoint[i] > determseed[i]; + } + pthread_mutex_unlock(&determseed_mutex); + + if (syncwrite(checkpointfile,1,checkpoint,SEED_LEN) < 0) { + pthread_mutex_lock(&fout_mutex); + fprintf(stderr,"ERROR: could not save checkpoint to \"%s\"\n",checkpointfile); + pthread_mutex_unlock(&fout_mutex); + } +} + +static volatile int checkpointer_endwork = 0; + +static void *checkpointworker(void *arg) +{ + (void) arg; + + struct timespec ts; + memset(&ts,0,sizeof(ts)); + ts.tv_nsec = 100000000; + + struct timespec nowtime; + u64 ilasttime,inowtime; + clock_gettime(CLOCK_MONOTONIC,&nowtime); + ilasttime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); + + while (!unlikely(checkpointer_endwork)) { + + clock_gettime(CLOCK_MONOTONIC,&nowtime); + inowtime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); + + if ((i64)(inowtime - ilasttime) >= 300 * 1000000 /* 5 minutes */) { + savecheckpoint(); + ilasttime = inowtime; + } + } + + savecheckpoint(); + + return 0; +} #endif -VEC_STRUCT(threadvec, pthread_t); +VEC_STRUCT(threadvec,pthread_t); +#include "filters_inc.inc.h" #include "filters_main.inc.h" +enum worker_type { + WT_BATCH, +}; + int main(int argc,char **argv) { const char *outfile = 0; const char *infile = 0; - const char *hostname = 0; + const char *onehostname = 0; const char *arg; int ignoreargs = 0; int dirnameflag = 0; int numthreads = 0; - int fastkeygen = 1; - int batchkeygen = 0; + enum worker_type wt = WT_BATCH; int yamlinput = 0; #ifdef PASSPHRASE int deterministic = 0; @@ -236,6 +325,28 @@ int main(int argc,char **argv) printhelp(stdout,progname); exit(0); } + else if (!strcmp(arg,"version")) { + printversion(); + exit(0); + } + else if (!strcmp(arg,"rawyaml")) + yamlraw = 1; +#ifdef PASSPHRASE + else if (!strcmp(arg,"checkpoint")) { + if (argc--) + checkpointfile = *argv++; + else + e_additional(); + } + else if (!strcmp(arg,"skipnear")) { + pw_skipnear = 1; + pw_warnnear = 0; + } + else if (!strcmp(arg,"warnnear")) { + pw_warnnear = 1; + pw_skipnear = 0; + } +#endif // PASSPHRASE else { fprintf(stderr,"unrecognised argument: --%s\n",arg); exit(1); @@ -251,9 +362,15 @@ int main(int argc,char **argv) printhelp(stdout,progname); exit(0); } + else if (*arg == 'V') { + printversion(); + exit(0); + } else if (*arg == 'f') { - if (argc--) - loadfilterfile(*argv++); + if (argc--) { + if (!loadfilterfile(*argv++)) + exit(1); + } else e_additional(); } @@ -311,11 +428,11 @@ int main(int argc,char **argv) e_additional(); } else if (*arg == 'Z') - fastkeygen = 0; + /* ignored */ ; else if (*arg == 'z') - fastkeygen = 1; + /* ignored */ ; else if (*arg == 'B') - batchkeygen = 1; + wt = WT_BATCH; else if (*arg == 's') { #ifdef STATISTICS reportdelay = 10000000; @@ -351,10 +468,10 @@ int main(int argc,char **argv) infile = 0; if (argc) { --argc; - hostname = *argv++; - if (!*hostname) - hostname = 0; - if (hostname && strlen(hostname) != ONION_LEN) { + onehostname = *argv++; + if (!*onehostname) + onehostname = 0; + if (onehostname && strlen(onehostname) != ONION_LEN) { fprintf(stderr,"bad onion argument length\n"); exit(1); } @@ -391,6 +508,23 @@ int main(int argc,char **argv) filters_add(arg); } + if (yamlinput && yamloutput) { + fprintf(stderr,"both -y and -Y does not make sense\n"); + exit(1); + } + + if (yamlraw && !yamlinput && !yamloutput) { + fprintf(stderr,"--rawyaml requires either -y or -Y to do anything\n"); + exit(1); + } + +#ifdef PASSPHRASE + if (checkpointfile && !deterministic) { + fprintf(stderr,"--checkpoint requires passphrase\n"); + exit(1); + } +#endif + if (outfile) { fout = fopen(outfile,!outfileoverwrite ? "a" : "w"); if (!fout) { @@ -428,7 +562,7 @@ int main(int argc,char **argv) return 1; } } - tret = yamlin_parseandcreate(fin,sname,hostname); + tret = yamlin_parseandcreate(fin,sname,onehostname,yamlraw); if (infile) { fclose(fin); fin = 0; @@ -476,8 +610,35 @@ int main(int argc,char **argv) numthreads,numthreads == 1 ? "thread" : "threads"); #ifdef PASSPHRASE - if (!quietflag && deterministic && numneedgenerate != 1) - fprintf(stderr,"CAUTION: avoid using keys generated with same password for unrelated services, as single leaked key may help attacker to regenerate related keys.\n"); + if (deterministic) { + if (!quietflag && numneedgenerate != 1 && !pw_skipnear && !pw_warnnear) + fprintf(stderr, + // 1 2 3 4 5 6 7 + //1234567890123456789012345678901234567890123456789012345678901234567890123456789 + "CAUTION: avoid using keys generated with the same password for unrelated\n" + " services, as single leaked key may help an attacker to regenerate\n" + " related keys; to silence this warning, pass --skipnear or --warnnear.\n"); + if (checkpointfile) { + memcpy(orig_determseed,determseed,sizeof(determseed)); + // Read current checkpoint position if file exists + FILE *checkout = fopen(checkpointfile,"r"); + if (checkout) { + u8 checkpoint[SEED_LEN]; + if(fread(checkpoint,1,SEED_LEN,checkout) != SEED_LEN) { + fprintf(stderr,"failed to read checkpoint file\n"); + exit(1); + } + fclose(checkout); + + // Apply checkpoint to determseed + bool carry = 0; + for (int i = 0; i < SEED_LEN; i++) { + determseed[i] += checkpoint[i] + carry; + carry = determseed[i] < checkpoint[i]; + } + } + } + } #endif signal(SIGTERM,termhandler); @@ -494,7 +655,6 @@ int main(int argc,char **argv) VEC_ZERO(tstats); #endif -#if 0 pthread_attr_t tattr,*tattrp = &tattr; tret = pthread_attr_init(tattrp); if (tret) { @@ -502,35 +662,56 @@ int main(int argc,char **argv) tattrp = 0; } else { - tret = pthread_attr_setstacksize(tattrp,80<<10); + // 256KiB plus whatever batch stuff uses if in batch mode + size_t ss = 256 << 10; + if (wt == WT_BATCH) + ss += worker_batch_memuse(); + // align to 64KiB + ss = (ss + (64 << 10) - 1) & ~((64 << 10) - 1); + //printf("stack size: " FSZ "\n",ss); + tret = pthread_attr_setstacksize(tattrp,ss); if (tret) perror("pthread_attr_setstacksize"); } -#endif for (size_t i = 0;i < VEC_LENGTH(threads);++i) { void *tp = 0; #ifdef STATISTICS tp = &VEC_BUF(stats,i); #endif - tret = pthread_create(&VEC_BUF(threads,i),0, + tret = pthread_create( + &VEC_BUF(threads,i), + tattrp, #ifdef PASSPHRASE - deterministic ? worker_fast_pass : + deterministic + ? CRYPTO_NAMESPACE(worker_batch_pass) + : #endif - batchkeygen ? worker_batch : - (fastkeygen ? worker_fast : worker_slow),tp); + CRYPTO_NAMESPACE(worker_batch), + tp + ); if (tret) { fprintf(stderr,"error while making " FSZ "th thread: %s\n",i,strerror(tret)); exit(1); } } -#if 0 if (tattrp) { tret = pthread_attr_destroy(tattrp); if (tret) perror("pthread_attr_destroy"); } + +#ifdef PASSPHRASE + pthread_t checkpoint_thread; + + if (checkpointfile) { + tret = pthread_create(&checkpoint_thread,NULL,checkpointworker,NULL); + if (tret) { + fprintf(stderr,"error while making checkpoint thread: %s\n",strerror(tret)); + exit(1); + } + } #endif #ifdef STATISTICS @@ -542,6 +723,7 @@ int main(int argc,char **argv) } istarttime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); #endif + struct timespec ts; memset(&ts,0,sizeof(ts)); ts.tv_nsec = 100000000; @@ -577,7 +759,7 @@ int main(int argc,char **argv) VEC_BUF(tstats,i).numrestart += (u64)tdiff; sumrestart += VEC_BUF(tstats,i).numrestart; } - if (reportdelay && (!ireporttime || inowtime - ireporttime >= reportdelay)) { + if (reportdelay && (!ireporttime || (i64)(inowtime - ireporttime) >= (i64)reportdelay)) { if (ireporttime) ireporttime += reportdelay; else @@ -617,8 +799,16 @@ int main(int argc,char **argv) if (!quietflag) fprintf(stderr,"waiting for threads to finish..."); + for (size_t i = 0;i < VEC_LENGTH(threads);++i) pthread_join(VEC_BUF(threads,i),0); +#ifdef PASSPHRASE + if (checkpointfile) { + checkpointer_endwork = 1; + pthread_join(checkpoint_thread,0); + } +#endif + if (!quietflag) fprintf(stderr," done.\n"); diff --git a/test_ed25519.c b/test_ed25519.c index 968d660..7fe26c6 100644 --- a/test_ed25519.c +++ b/test_ed25519.c @@ -6,6 +6,8 @@ #include "types.h" #include "base16.h" #include "ed25519/ed25519.h" +#include "ed25519/ed25519_impl_pre.h" +#include "testutil.h" struct pktest { const char *seed; @@ -26,11 +28,6 @@ struct pktest { }, }; -#define WARN(test) if (!(test)) \ - fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test) - -#define WARNF(test) if (!(test) && (fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test), 1)) - #define SEEDBYTES 32 #define SECRETKEYBYTES 64 #define PUBLICKEYBYTES 32 @@ -64,3 +61,5 @@ int main(void) return 0; } + +#include "ed25519/ed25519_impl_post.h" diff --git a/testutil.h b/testutil.h new file mode 100644 index 0000000..3f446bf --- /dev/null +++ b/testutil.h @@ -0,0 +1,5 @@ + +#define WARN(test) if (!(test)) \ + fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test) + +#define WARNF(test) if (!(test) && ((void) fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test), 1)) diff --git a/worker.c b/worker.c index fa1b361..6c071db 100644 --- a/worker.c +++ b/worker.c @@ -17,7 +17,6 @@ #include "vec.h" #include "base32.h" #include "keccak.h" -#include "ed25519/ed25519.h" #include "ioutil.h" #include "common.h" #include "yaml.h" @@ -33,8 +32,8 @@ #endif // additional 0 terminator is added by C -static const char * const pkprefix = "== ed25519v1-public: type0 ==\0\0"; -static const char * const skprefix = "== ed25519v1-secret: type0 ==\0\0"; +const char * const pkprefix = "== ed25519v1-public: type0 ==\0\0"; +const char * const skprefix = "== ed25519v1-secret: type0 ==\0\0"; static const char checksumstr[] = ".onion checksum"; #define checksumstrlen (sizeof(checksumstr) - 1) // 15 @@ -44,6 +43,7 @@ volatile size_t keysgenerated = 0; volatile int endwork = 0; int yamloutput = 0; +int yamlraw = 0; int numwords = 1; size_t numneedgenerate = 0; @@ -51,17 +51,15 @@ size_t numneedgenerate = 0; char *workdir = 0; size_t workdirlen = 0; -void worker_init(void) -{ - ge_initeightpoint(); -} #ifdef PASSPHRASE // How many times we loop before a reseed -#define DETERMINISTIC_LOOP_COUNT 1<<24 +#define DETERMINISTIC_LOOP_COUNT (1<<24) pthread_mutex_t determseed_mutex; u8 determseed[SEED_LEN]; +int pw_skipnear = 0; +int pw_warnnear = 0; #endif @@ -75,7 +73,7 @@ char *makesname(void) return sname; } -static void onionready(char *sname,const u8 *secret,const u8 *pubonion) +static void onionready(char *sname,const u8 *secret,const u8 *pubonion,int warnnear) { if (endwork) return; @@ -92,18 +90,21 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) pthread_mutex_unlock(&keysgenerated_mutex); } + // disabled as this was never ever triggered as far as I'm aware +#if 0 // Sanity check that the public key matches the private one. - ge_p3 point; + ge_p3 ALIGN(16) point; u8 testpk[PUBLIC_LEN]; - ge_scalarmult_base(&point, secret); - ge_p3_tobytes(testpk, &point); - if (!memcmp(testpk, pubonion, PUBLIC_LEN)) + ge_scalarmult_base(&point,&secret[SKPREFIX_SIZE]); + ge_p3_tobytes(testpk,&point); + if (memcmp(testpk,&pubonion[PKPREFIX_SIZE],PUBLIC_LEN) != 0) abort(); +#endif if (!yamloutput) { if (createdir(sname,1) != 0) { pthread_mutex_lock(&fout_mutex); - fprintf(stderr,"ERROR: could not create directory for key output\n"); + fprintf(stderr,"ERROR: could not create directory \"%s\" for key output\n",sname); pthread_mutex_unlock(&fout_mutex); return; } @@ -123,14 +124,25 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) } if (fout) { pthread_mutex_lock(&fout_mutex); +#ifdef PASSPHRASE + const char * const pwarn = " warn:near\n"; + if (warnnear) + strcpy(&sname[onionendpos],pwarn); + const size_t oprintlen = printlen; + const size_t printlen = oprintlen + (warnnear ? strlen(pwarn)-1 : 0); +#else + (void) warnnear; +#endif fwrite(&sname[printstartpos],printlen,1,fout); fflush(fout); pthread_mutex_unlock(&fout_mutex); } - } else - yamlout_writekeys(&sname[direndpos],pubonion,secret); + } + else + yamlout_writekeys(&sname[direndpos],pubonion,secret,yamlraw); } +#include "filters_inc.inc.h" #include "filters_worker.inc.h" #ifdef STATISTICS @@ -149,6 +161,7 @@ union pubonionunion { } i; } ; +/* // little endian inc static void addsk32(u8 *sk) { @@ -159,6 +172,7 @@ static void addsk32(u8 *sk) if (!c) break; } } +*/ // 0123 4567 xxxx --3--> 3456 7xxx // 0123 4567 xxxx --1--> 1234 567x @@ -174,7 +188,6 @@ static inline void shiftpk(u8 *dst,const u8 *src,size_t sbits) dst[i] = 0; } -#include "worker_slow.inc.h" // in little-endian order, 32 bytes aka 256 bits @@ -189,7 +202,6 @@ static void addsztoscalar32(u8 *dst,size_t v) } } -#include "worker_fast.inc.h" #ifdef PASSPHRASE @@ -207,11 +219,63 @@ static void reseedright(u8 sk[SECRET_LEN]) } #endif // PASSPHRASE -#include "worker_fast_pass.inc.h" -#ifndef BATCHNUM -#define BATCHNUM 2048 +#if !defined(BATCHNUM) + #define BATCHNUM 2048 #endif -#include "worker_batch.inc.h" + +#include "ed25519/ed25519.h" + +#include "worker_impl.inc.h" + +size_t worker_batch_memuse(void) +{ + size_t s = 0,x; + +#ifdef ED25519_ref10 + x = crypto_sign_ed25519_ref10_worker_batch_memuse(); + if (x > s) + s = x; +#endif + +#ifdef ED25519_amd64_51_30k + x = crypto_sign_ed25519_amd64_51_30k_worker_batch_memuse(); + if (x > s) + s = x; +#endif + +#ifdef ED25519_amd64_64_24k + x = crypto_sign_ed25519_amd64_64_24k_worker_batch_memuse(); + if (x > s) + s = x; +#endif + +#ifdef ED25519_donna + x = crypto_sign_ed25519_donna_worker_batch_memuse(); + if (x > s) + s = x; +#endif + + return s; +} + +void worker_init(void) +{ +#ifdef ED25519_ref10 + crypto_sign_ed25519_ref10_ge_initeightpoint(); +#endif + +#ifdef ED25519_amd64_51_30k + crypto_sign_ed25519_amd64_51_30k_ge_initeightpoint(); +#endif + +#ifdef ED25519_amd64_64_24k + crypto_sign_ed25519_amd64_64_24k_ge_initeightpoint(); +#endif + +#ifdef ED25519_donna + crypto_sign_ed25519_donna_ge_initeightpoint(); +#endif +} diff --git a/worker.h b/worker.h index 289c27e..547b72a 100644 --- a/worker.h +++ b/worker.h @@ -4,6 +4,7 @@ extern volatile size_t keysgenerated; extern volatile int endwork; extern int yamloutput; +extern int yamlraw; extern int numwords; extern size_t numneedgenerate; @@ -32,15 +33,16 @@ VEC_STRUCT(statsvec,struct statstruct); #ifdef PASSPHRASE extern pthread_mutex_t determseed_mutex; extern u8 determseed[SEED_LEN]; +extern int pw_skipnear; +extern int pw_warnnear; #endif extern void worker_init(void); extern char *makesname(void); +extern size_t worker_batch_memuse(void); -extern void *worker_slow(void *task); -extern void *worker_fast(void *task); -extern void *worker_batch(void *task); +extern void *CRYPTO_NAMESPACE(worker_batch)(void *task); #ifdef PASSPHRASE -extern void *worker_fast_pass(void *task); +extern void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task); #endif diff --git a/worker_batch.inc.h b/worker_batch.inc.h index c838e28..7bf778d 100644 --- a/worker_batch.inc.h +++ b/worker_batch.inc.h @@ -1,5 +1,5 @@ -void *worker_batch(void *task) +void *CRYPTO_NAMESPACE(worker_batch)(void *task) { union pubonionunion pubonion; u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; @@ -8,24 +8,23 @@ void *worker_batch(void *task) u8 seed[SEED_LEN]; u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ge_public; + ge_p3 ALIGN(16) ge_public; char *sname; - ge_p3 ge_batch[BATCHNUM]; - fe *(batchgez)[BATCHNUM]; - fe tmp_batch[BATCHNUM]; - bytes32 pk_batch[BATCHNUM]; + // state to keep batch data + ge_p3 ALIGN(16) ge_batch [BATCHNUM]; + fe ALIGN(16) tmp_batch[BATCHNUM]; + bytes32 ALIGN(16) pk_batch [BATCHNUM]; size_t counter; size_t i; #ifdef STATISTICS struct statstruct *st = (struct statstruct *)task; +#else + (void) task; #endif - for (size_t b = 0;b < BATCHNUM;++b) - batchgez[b] = &GEZ(ge_batch[b]); - PREFILTER memcpy(secret,skprefix,SKPREFIX_SIZE); @@ -39,27 +38,31 @@ void *worker_batch(void *task) sname = makesname(); initseed: + #ifdef STATISTICS ++st->numrestart.v; #endif + randombytes(seed,sizeof(seed)); + ed25519_seckey_expand(sk,seed); ge_scalarmult_base(&ge_public,sk); for (counter = 0;counter < SIZE_MAX-(8*BATCHNUM);counter += 8*BATCHNUM) { - ge_p1p1 sum; + ge_p1p1 ALIGN(16) sum; if (unlikely(endwork)) goto end; + for (size_t b = 0;b < BATCHNUM;++b) { ge_batch[b] = ge_public; ge_add(&sum,&ge_public,&ge_eightpoint); ge_p1p1_to_p3(&ge_public,&sum); } - // NOTE: leaves unfinished - ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,batchgez,tmp_batch,BATCHNUM); + // NOTE: leaves unfinished one bit at the very end + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,tmp_batch,BATCHNUM); #ifdef STATISTICS st->numcalc.v += BATCHNUM; @@ -99,7 +102,7 @@ initseed: pk[PUBLIC_LEN + 2] = 0x03; // full name strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); + onionready(sname,secret,pubonion.raw,0); pk[PUBLIC_LEN] = 0; // what is this for? // don't reuse same seed goto initseed; @@ -112,8 +115,11 @@ initseed: end: free(sname); + POSTFILTER + sodium_memzero(secret,sizeof(secret)); sodium_memzero(seed,sizeof(seed)); + return 0; } diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h new file mode 100644 index 0000000..3d31174 --- /dev/null +++ b/worker_batch_pass.inc.h @@ -0,0 +1,215 @@ + +#ifdef PASSPHRASE +void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task) +{ + union pubonionunion pubonion; + u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; + u8 secret[SKPREFIX_SIZE + SECRET_LEN]; + u8 * const sk = &secret[SKPREFIX_SIZE]; + u8 seed[SEED_LEN]; + u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; + u8 wpk[PUBLIC_LEN + 1]; + ge_p3 ALIGN(16) ge_public; + char *sname; + + // state to keep batch data + ge_p3 ALIGN(16) ge_batch [BATCHNUM]; + fe ALIGN(16) tmp_batch[BATCHNUM]; + bytes32 ALIGN(16) pk_batch [BATCHNUM]; + + size_t counter,oldcounter; + size_t i; + +#ifdef STATISTICS + struct statstruct *st = (struct statstruct *)task; +#else + (void) task; +#endif + + PREFILTER + + memcpy(secret,skprefix,SKPREFIX_SIZE); + wpk[PUBLIC_LEN] = 0; + memset(&pubonion,0,sizeof(pubonion)); + memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); + // write version later as it will be overwritten by hash + memcpy(hashsrc,checksumstr,checksumstrlen); + hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version + + sname = makesname(); + + int seednear; + +initseed: + +#ifdef STATISTICS + ++st->numrestart.v; +#endif + + seednear = 0; + + pthread_mutex_lock(&determseed_mutex); + for (int i = 0; i < SEED_LEN; i++) + if (++determseed[i]) + break; + memcpy(seed,determseed,SEED_LEN); + pthread_mutex_unlock(&determseed_mutex); + + ed25519_seckey_expand(sk,seed); + + ge_scalarmult_base(&ge_public,sk); + + for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT - (BATCHNUM - 1) * 8;counter += BATCHNUM * 8) { + ge_p1p1 ALIGN(16) sum; + + if (unlikely(endwork)) + goto end; + + + for (size_t b = 0;b < BATCHNUM;++b) { + ge_batch[b] = ge_public; + ge_add(&sum,&ge_public,&ge_eightpoint); + ge_p1p1_to_p3(&ge_public,&sum); + } + // NOTE: leaves unfinished one bit at the very end + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,tmp_batch,BATCHNUM); + +#ifdef STATISTICS + st->numcalc.v += BATCHNUM; +#endif + + for (size_t b = 0;b < BATCHNUM;++b) { + DOFILTER(i,pk_batch[b],{ + if (numwords > 1) { + shiftpk(wpk,pk_batch[b],filter_len(i)); + size_t j; + for (int w = 1;;) { + DOFILTER(j,wpk,goto secondfind); + goto next; + secondfind: + if (++w >= numwords) + break; + shiftpk(wpk,wpk,filter_len(j)); + } + } + // found! + // finish it up + ge_p3_batchtobytes_destructive_finish(pk_batch[b],&ge_batch[b]); + // copy public key + memcpy(pk,pk_batch[b],PUBLIC_LEN); + // update secret key with counter + addsztoscalar32(sk,counter + (b * 8) - oldcounter); + oldcounter = counter + (b * 8); + // sanity check + if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) + goto initseed; + + // reseed right half of key to avoid reuse, it won't change public key anyway + reseedright(sk); + + ADDNUMSUCCESS; + + // calc checksum + memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); + FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); + // version byte + pk[PUBLIC_LEN + 2] = 0x03; + // full name + strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); + onionready(sname,secret,pubonion.raw,seednear && pw_warnnear); + pk[PUBLIC_LEN] = 0; // what is this for? + + if (pw_skipnear) + goto initseed; + seednear = 1; + }); + next: + ; + } + } + // continue if have leftovers, DETERMINISTIC_LOOP_COUNT - counter < BATCHNUM * 8 + // can't have leftovers in theory if BATCHNUM was power of 2 and smaller than DETERMINISTIC_LOOP_COUNT bound +#if (BATCHNUM & (BATCHNUM - 1)) || (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT + if (counter < DETERMINISTIC_LOOP_COUNT) { + ge_p1p1 ALIGN(16) sum; + + if (unlikely(endwork)) + goto end; + + const size_t remaining = (DETERMINISTIC_LOOP_COUNT - counter) / 8; + + for (size_t b = 0;b < remaining;++b) { + ge_batch[b] = ge_public; + ge_add(&sum,&ge_public,&ge_eightpoint); + ge_p1p1_to_p3(&ge_public,&sum); + } + // NOTE: leaves unfinished one bit at the very end + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,tmp_batch,remaining); + +#ifdef STATISTICS + st->numcalc.v += remaining; +#endif + + for (size_t b = 0;b < remaining;++b) { + DOFILTER(i,pk_batch[b],{ + if (numwords > 1) { + shiftpk(wpk,pk_batch[b],filter_len(i)); + size_t j; + for (int w = 1;;) { + DOFILTER(j,wpk,goto secondfind2); + goto next2; + secondfind2: + if (++w >= numwords) + break; + shiftpk(wpk,wpk,filter_len(j)); + } + } + // found! + // finish it up + ge_p3_batchtobytes_destructive_finish(pk_batch[b],&ge_batch[b]); + // copy public key + memcpy(pk,pk_batch[b],PUBLIC_LEN); + // update secret key with counter + addsztoscalar32(sk,counter + (b * 8) - oldcounter); + oldcounter = counter + (b * 8); + // sanity check + if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) + goto initseed; + + // reseed right half of key to avoid reuse, it won't change public key anyway + reseedright(sk); + + ADDNUMSUCCESS; + + // calc checksum + memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); + FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); + // version byte + pk[PUBLIC_LEN + 2] = 0x03; + // full name + strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); + onionready(sname,secret,pubonion.raw,seednear && pw_warnnear); + pk[PUBLIC_LEN] = 0; // what is this for? + + if (pw_skipnear) + goto initseed; + seednear = 1; + }); + next2: + ; + } + } +#endif // (BATCHNUM & (BATCHNUM - 1)) || (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT + goto initseed; + +end: + free(sname); + + POSTFILTER + + sodium_memzero(secret,sizeof(secret)); + sodium_memzero(seed,sizeof(seed)); + + return 0; +} +#endif // PASSPHRASE diff --git a/worker_fast.inc.h b/worker_fast.inc.h deleted file mode 100644 index 3172656..0000000 --- a/worker_fast.inc.h +++ /dev/null @@ -1,101 +0,0 @@ - -void *worker_fast(void *task) -{ - union pubonionunion pubonion; - u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; - u8 secret[SKPREFIX_SIZE + SECRET_LEN]; - u8 * const sk = &secret[SKPREFIX_SIZE]; - u8 seed[SEED_LEN]; - u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; - u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ge_public; - char *sname; - - size_t counter; - size_t i; - -#ifdef STATISTICS - struct statstruct *st = (struct statstruct *)task; -#else - (void) task; -#endif - - PREFILTER - - memcpy(secret,skprefix,SKPREFIX_SIZE); - wpk[PUBLIC_LEN] = 0; - memset(&pubonion,0,sizeof(pubonion)); - memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); - // write version later as it will be overwritten by hash - memcpy(hashsrc,checksumstr,checksumstrlen); - hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version - - sname = makesname(); - -initseed: -#ifdef STATISTICS - ++st->numrestart.v; -#endif - randombytes(seed,sizeof(seed)); - ed25519_seckey_expand(sk,seed); - - ge_scalarmult_base(&ge_public,sk); - ge_p3_tobytes(pk,&ge_public); - - for (counter = 0;counter < SIZE_MAX-8;counter += 8) { - ge_p1p1 sum; - - if (unlikely(endwork)) - goto end; - - DOFILTER(i,pk,{ - if (numwords > 1) { - shiftpk(wpk,pk,filter_len(i)); - size_t j; - for (int w = 1;;) { - DOFILTER(j,wpk,goto secondfind); - goto next; - secondfind: - if (++w >= numwords) - break; - shiftpk(wpk,wpk,filter_len(j)); - } - } - // found! - // update secret key with counter - addsztoscalar32(sk,counter); - // sanity check - if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) - goto initseed; - - ADDNUMSUCCESS; - - // calc checksum - memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); - FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); - // version byte - pk[PUBLIC_LEN + 2] = 0x03; - // full name - strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); - pk[PUBLIC_LEN] = 0; // what is this for? - // don't reuse same seed - goto initseed; - }); - next: - ge_add(&sum,&ge_public,&ge_eightpoint); - ge_p1p1_to_p3(&ge_public,&sum); - ge_p3_tobytes(pk,&ge_public); -#ifdef STATISTICS - ++st->numcalc.v; -#endif - } - goto initseed; - -end: - free(sname); - POSTFILTER - sodium_memzero(secret,sizeof(secret)); - sodium_memzero(seed,sizeof(seed)); - return 0; -} diff --git a/worker_fast_pass.inc.h b/worker_fast_pass.inc.h deleted file mode 100644 index 0983816..0000000 --- a/worker_fast_pass.inc.h +++ /dev/null @@ -1,111 +0,0 @@ - -#ifdef PASSPHRASE -void *worker_fast_pass(void *task) -{ - union pubonionunion pubonion; - u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; - u8 secret[SKPREFIX_SIZE + SECRET_LEN]; - u8 * const sk = &secret[SKPREFIX_SIZE]; - u8 seed[SEED_LEN]; - u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; - u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ge_public; - char *sname; - - size_t counter,oldcounter; - size_t i; - -#ifdef STATISTICS - struct statstruct *st = (struct statstruct *)task; -#else - (void) task; -#endif - - PREFILTER - - memcpy(secret,skprefix,SKPREFIX_SIZE); - wpk[PUBLIC_LEN] = 0; - memset(&pubonion,0,sizeof(pubonion)); - memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); - // write version later as it will be overwritten by hash - memcpy(hashsrc,checksumstr,checksumstrlen); - hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version - - sname = makesname(); - -initseed: - pthread_mutex_lock(&determseed_mutex); - for (int i = 0; i < SEED_LEN; i++) - if (++determseed[i]) - break; - memcpy(seed, determseed, SEED_LEN); - pthread_mutex_unlock(&determseed_mutex); - ed25519_seckey_expand(sk,seed); - -#ifdef STATISTICS - ++st->numrestart.v; -#endif - - ge_scalarmult_base(&ge_public,sk); - ge_p3_tobytes(pk,&ge_public); - - for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT;counter += 8) { - ge_p1p1 sum; - - if (unlikely(endwork)) - goto end; - - DOFILTER(i,pk,{ - if (numwords > 1) { - shiftpk(wpk,pk,filter_len(i)); - size_t j; - for (int w = 1;;) { - DOFILTER(j,wpk,goto secondfind); - goto next; - secondfind: - if (++w >= numwords) - break; - shiftpk(wpk,wpk,filter_len(j)); - } - } - // found! - // update secret key with delta since last hit (if any) - addsztoscalar32(sk,counter-oldcounter); - oldcounter = counter; - // sanity check - if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) - goto initseed; - - // reseed right half of key to avoid reuse, it won't change public key anyway - reseedright(sk); - - ADDNUMSUCCESS; - - // calc checksum - memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); - FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); - // version byte - pk[PUBLIC_LEN + 2] = 0x03; - // full name - strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); - pk[PUBLIC_LEN] = 0; // what is this for? - }); - next: - ge_add(&sum, &ge_public,&ge_eightpoint); - ge_p1p1_to_p3(&ge_public,&sum); - ge_p3_tobytes(pk,&ge_public); -#ifdef STATISTICS - ++st->numcalc.v; -#endif - } - goto initseed; - -end: - free(sname); - POSTFILTER - sodium_memzero(secret,sizeof(secret)); - sodium_memzero(seed,sizeof(seed)); - return 0; -} -#endif // PASSPHRASE diff --git a/worker_impl.inc.h b/worker_impl.inc.h new file mode 100644 index 0000000..cf922b9 --- /dev/null +++ b/worker_impl.inc.h @@ -0,0 +1,12 @@ + +#include "ed25519/ed25519_impl_pre.h" + +static size_t CRYPTO_NAMESPACE(worker_batch_memuse)(void) +{ + return (sizeof(ge_p3) + sizeof(fe) + sizeof(bytes32)) * BATCHNUM; +} + +#include "worker_batch.inc.h" +#include "worker_batch_pass.inc.h" + +#include "ed25519/ed25519_impl_post.h" diff --git a/worker_slow.inc.h b/worker_slow.inc.h deleted file mode 100644 index 799e4aa..0000000 --- a/worker_slow.inc.h +++ /dev/null @@ -1,89 +0,0 @@ - -void *worker_slow(void *task) -{ - union pubonionunion pubonion; - u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; - u8 secret[SKPREFIX_SIZE + SECRET_LEN]; - u8 * const sk = &secret[SKPREFIX_SIZE]; - u8 seed[SEED_LEN]; - u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; - u8 wpk[PUBLIC_LEN + 1]; - char *sname; - - size_t i; - -#ifdef STATISTICS - struct statstruct *st = (struct statstruct *)task; -#else - (void) task; -#endif - PREFILTER - - memcpy(secret,skprefix,SKPREFIX_SIZE); - wpk[PUBLIC_LEN] = 0; - memset(&pubonion,0,sizeof(pubonion)); - memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); - // write version later as it will be overwritten by hash - memcpy(hashsrc,checksumstr,checksumstrlen); - hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version - - sname = makesname(); - -initseed: - randombytes(seed,sizeof(seed)); - ed25519_seckey_expand(sk,seed); -#ifdef STATISTICS - ++st->numrestart.v; -#endif - -again: - if (unlikely(endwork)) - goto end; - - ed25519_pubkey(pk,sk); - -#ifdef STATISTICS - ++st->numcalc.v; -#endif - - DOFILTER(i,pk,{ - if (numwords > 1) { - shiftpk(wpk,pk,filter_len(i)); - size_t j; - for (int w = 1;;) { - DOFILTER(j,wpk,goto secondfind); - goto next; - secondfind: - if (++w >= numwords) - break; - shiftpk(wpk,wpk,filter_len(j)); - } - } - // sanity check - if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) - goto initseed; - - ADDNUMSUCCESS; - - // calc checksum - memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); - FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); - // version byte - pk[PUBLIC_LEN + 2] = 0x03; - // base32 - strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); - pk[PUBLIC_LEN] = 0; // what is this for? - goto initseed; - }); -next: - addsk32(sk); - goto again; - -end: - free(sname); - POSTFILTER - sodium_memzero(secret,sizeof(secret)); - sodium_memzero(seed,sizeof(seed)); - return 0; -} diff --git a/yaml.c b/yaml.c index 1f9e983..56bd10e 100644 --- a/yaml.c +++ b/yaml.c @@ -21,7 +21,6 @@ #define LINEFEED_LEN (sizeof(char)) #define NULLTERM_LEN (sizeof(char)) -#define PATH_SEPARATOR_LEN (sizeof(char)) static const char keys_field_generated[] = "---"; static const char keys_field_hostname[] = "hostname: "; @@ -37,24 +36,29 @@ static const char keys_field_time[] = "time: "; #define B64_PUBKEY_LEN (BASE64_TO_LEN(FORMATTED_PUBLIC_LEN)) #define B64_SECKEY_LEN (BASE64_TO_LEN(FORMATTED_SECRET_LEN)) -#define TIME_LEN (21 * sizeof(char)) // strlen("2018-07-04 21:31:20 Z") +#define B64_RAW_PUBKEY_LEN (BASE64_TO_LEN(PUBLIC_LEN)) +#define B64_RAW_SECKEY_LEN (BASE64_TO_LEN(SECRET_LEN)) +#define TIME_LEN 21 // strlen("2018-07-04 21:31:20 Z") #define KEYS_LEN ( \ - KEYS_FIELD_GENERATED_LEN + LINEFEED_LEN + \ - KEYS_FIELD_HOSTNAME_LEN + ONION_LEN + LINEFEED_LEN + \ + KEYS_FIELD_GENERATED_LEN + LINEFEED_LEN + \ + KEYS_FIELD_HOSTNAME_LEN + ONION_LEN + LINEFEED_LEN + \ KEYS_FIELD_PUBLICKEY_LEN + B64_PUBKEY_LEN + LINEFEED_LEN + \ KEYS_FIELD_SECRETKEY_LEN + B64_SECKEY_LEN + LINEFEED_LEN + \ - KEYS_FIELD_TIME_LEN + TIME_LEN + LINEFEED_LEN \ + KEYS_FIELD_TIME_LEN + TIME_LEN + LINEFEED_LEN \ ) +#define RAW_KEYS_LEN (KEYS_LEN \ + - B64_PUBKEY_LEN + B64_RAW_PUBKEY_LEN \ + - B64_SECKEY_LEN + B64_RAW_SECKEY_LEN) static pthread_mutex_t tminfo_mutex; -void yamlout_init() +void yamlout_init(void) { pthread_mutex_init(&tminfo_mutex,0); } -void yamlout_clean() +void yamlout_clean(void) { pthread_mutex_destroy(&tminfo_mutex); } @@ -67,7 +71,8 @@ do { \ #define BUF_APPEND_CSTR(buf,offset,src) BUF_APPEND(buf,offset,src,strlen(src)) #define BUF_APPEND_CHAR(buf,offset,c) buf[offset++] = (c) -void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 *formated_secret) +void yamlout_writekeys( + const char *hostname,const u8 *publickey,const u8 *secretkey,int rawkeys) { char keysbuf[KEYS_LEN]; char pubkeybuf[B64_PUBKEY_LEN + NULLTERM_LEN]; @@ -75,23 +80,38 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * char timebuf[TIME_LEN + NULLTERM_LEN]; size_t offset = 0; + BUF_APPEND(keysbuf,offset,keys_field_generated,KEYS_FIELD_GENERATED_LEN); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_hostname,KEYS_FIELD_HOSTNAME_LEN); BUF_APPEND(keysbuf,offset,hostname,ONION_LEN); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_publickey,KEYS_FIELD_PUBLICKEY_LEN); - base64_to(pubkeybuf,formated_public,FORMATTED_PUBLIC_LEN); - BUF_APPEND(keysbuf,offset,pubkeybuf,B64_PUBKEY_LEN); + + if (!rawkeys) + base64_to(pubkeybuf,publickey,FORMATTED_PUBLIC_LEN); + else + base64_to(pubkeybuf,&publickey[PKPREFIX_SIZE],PUBLIC_LEN); + + BUF_APPEND_CSTR(keysbuf,offset,pubkeybuf); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_secretkey,KEYS_FIELD_SECRETKEY_LEN); - base64_to(seckeybuf,formated_secret,FORMATTED_SECRET_LEN); - BUF_APPEND(keysbuf,offset,seckeybuf,B64_SECKEY_LEN); + + if (!rawkeys) + base64_to(seckeybuf,secretkey,FORMATTED_SECRET_LEN); + else + base64_to(seckeybuf,&secretkey[SKPREFIX_SIZE],SECRET_LEN); + + BUF_APPEND_CSTR(keysbuf,offset,seckeybuf); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_time,KEYS_FIELD_TIME_LEN); time_t currtime; @@ -106,10 +126,12 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * BUF_APPEND(keysbuf,offset,timebuf,TIME_LEN); BUF_APPEND_CHAR(keysbuf,offset,'\n'); - assert(offset == KEYS_LEN); + + assert(offset == (!rawkeys ? KEYS_LEN : RAW_KEYS_LEN)); + pthread_mutex_lock(&fout_mutex); - fwrite(keysbuf,sizeof(keysbuf),1,fout); + fwrite(keysbuf,offset,1,fout); fflush(fout); pthread_mutex_unlock(&fout_mutex); } @@ -119,7 +141,8 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * #undef BUF_APPEND // pseudo YAML parser -int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) +int yamlin_parseandcreate( + FILE *fin,char *sname,const char *onehostname,int rawkeys) { char line[256]; size_t len,cnt; @@ -128,6 +151,11 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) int hashost = 0,haspub = 0,hassec = 0,skipthis = 0; enum keytype { HOST, PUB, SEC } keyt; + if (rawkeys) { + memcpy(pubbuf,pkprefix,PKPREFIX_SIZE); + memcpy(secbuf,skprefix,SKPREFIX_SIZE); + } + while (!feof(fin) && !ferror(fin)) { if (!fgets(line,sizeof(line),fin)) break; @@ -143,7 +171,7 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) continue; if (len >= 3 && line[0] == '-' && line[1] == '-' && line[2] == '-') { - // end of document indicator + // end of document / start of new document indicator if (!skipthis && (hashost || haspub || hassec)) { fprintf(stderr,"ERROR: incomplete record\n"); return 1; @@ -206,15 +234,18 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) fprintf(stderr,"ERROR: invalid hostname syntax\n"); return 1; } - if (!hostname || !strcmp(hostname,p)) { + if (!onehostname || !strcmp(onehostname,p)) { memcpy(&sname[direndpos],p,len + 1); hashost = 1; } else skipthis = 1; break; case PUB: - if (len != B64_PUBKEY_LEN || !base64_valid(p,0) || - base64_from(pubbuf,p,len) != FORMATTED_PUBLIC_LEN) + if (!rawkeys + ? (len != B64_PUBKEY_LEN || !base64_valid(p,0) || + base64_from(pubbuf,p,len) != FORMATTED_PUBLIC_LEN) + : (len != B64_RAW_PUBKEY_LEN || !base64_valid(p,0) || + base64_from(&pubbuf[PKPREFIX_SIZE],p,len) != PUBLIC_LEN)) { fprintf(stderr,"ERROR: invalid pubkey syntax\n"); return 1; @@ -222,8 +253,11 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) haspub = 1; break; case SEC: - if (len != B64_SECKEY_LEN || !base64_valid(p,0) || - base64_from(secbuf,p,len) != FORMATTED_SECRET_LEN) + if (!rawkeys + ? (len != B64_SECKEY_LEN || !base64_valid(p,0) || + base64_from(secbuf,p,len) != FORMATTED_SECRET_LEN) + : (len != B64_RAW_SECKEY_LEN || !base64_valid(p,0) || + base64_from(&secbuf[SKPREFIX_SIZE],p,len) != SECRET_LEN)) { fprintf(stderr,"ERROR: invalid seckey syntax\n"); return 1; @@ -240,7 +274,7 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) sigprocmask(SIG_BLOCK,&nset,&oset); #endif if (createdir(sname,1) != 0) { - fprintf(stderr,"ERROR: could not create directory for key output\n"); + fprintf(stderr,"ERROR: could not create directory \"%s\" for key output\n",sname); return 1; } @@ -264,8 +298,9 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) #ifndef _WIN32 sigprocmask(SIG_SETMASK,&oset,0); #endif - if (hostname) + if (onehostname) return 0; // finished + // skip rest of lines until we hit start of new doc indicator skipthis = 1; } } @@ -275,7 +310,7 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) return 1; } - if (hostname) { + if (onehostname) { fprintf(stderr,"hostname wasn't found in input\n"); return 1; } diff --git a/yaml.h b/yaml.h index 0dc75d5..85faf95 100644 --- a/yaml.h +++ b/yaml.h @@ -1,4 +1,6 @@ -extern void yamlout_init(); -extern void yamlout_clean(); -extern void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 *formated_secret); -extern int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname); +extern void yamlout_init(void); +extern void yamlout_clean(void); +extern void yamlout_writekeys( + const char *hostname,const u8 *publickey,const u8 *secretkey,int rawkeys); +extern int yamlin_parseandcreate( + FILE *fin,char *sname,const char *hostname,int rawkeys);