From 9eae27b3349b323dd87c73ebd48040f376ad2682 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 5 May 2019 22:41:53 +0000 Subject: [PATCH 001/107] make donna default --- configure.ac | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 9893bd4..8ae89ba 100644 --- a/configure.ac +++ b/configure.ac @@ -58,7 +58,7 @@ MAINLIB="" ed25519impl="" AC_ARG_ENABLE([ref10], [AS_HELP_STRING([--enable-ref10], - [use SUPERCOP ref10 ed25519 implementation @<:@default=yes@:>@])], + [use SUPERCOP ref10 ed25519 implementation @<:@default=no@:>@])], [ AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "ref10"], [AC_ERROR([only one ed25519 implementation can be defined])]) @@ -91,7 +91,7 @@ AC_ARG_ENABLE([amd64-64-24k], AC_ARG_ENABLE([donna], [AS_HELP_STRING([--enable-donna], - [use ed25519-donna implementation @<:@default=no@:>@])], + [use ed25519-donna implementation @<:@default=yes@:>@])], [ AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna"], [AC_ERROR([only one ed25519 implementation can be defined])]) @@ -111,7 +111,8 @@ AC_ARG_ENABLE([donna-sse2], [] ) -AS_IF([test "x$ed25519impl" == "x"],[ed25519impl=ref10]) +# default +AS_IF([test "x$ed25519impl" == "x"],[ed25519impl="donna"]) if test "$ed25519impl" = "donna-sse2" then From 645459520645d5ff57b4e2807048739fbfcde34e Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 5 May 2019 22:43:26 +0000 Subject: [PATCH 002/107] less strict nopie check apparently including -Werror broke detection in clang --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 8ae89ba..62aeeca 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ fi nopie="" oldcflags="$CFLAGS" -CFLAGS="-nopie -Werror" +CFLAGS="-nopie" AC_MSG_CHECKING([whether CC supports -nopie]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], [AC_MSG_RESULT([yes])] @@ -42,7 +42,7 @@ CFLAGS="$oldcflags" if test "x$nopie" = "x" then oldcflags="$CFLAGS" - CFLAGS="-no-pie -Werror" + CFLAGS="-no-pie" AC_MSG_CHECKING([whether CC supports -no-pie]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], [AC_MSG_RESULT([yes])] From 565c2a968f85f0d5a231046d2ec1b0c5a7f3cb89 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 5 May 2019 22:50:10 +0000 Subject: [PATCH 003/107] more strict and this time correct nopie check --- configure.ac | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 62aeeca..f2ecb22 100644 --- a/configure.ac +++ b/configure.ac @@ -30,9 +30,9 @@ fi nopie="" oldcflags="$CFLAGS" -CFLAGS="-nopie" +CFLAGS="-nopie -Werror" AC_MSG_CHECKING([whether CC supports -nopie]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], +AC_LINK_IFELSE([AC_LANG_PROGRAM([])], [AC_MSG_RESULT([yes])] [nopie="-nopie"], [AC_MSG_RESULT([no])] @@ -42,9 +42,9 @@ CFLAGS="$oldcflags" if test "x$nopie" = "x" then oldcflags="$CFLAGS" - CFLAGS="-no-pie" + CFLAGS="-no-pie -Werror" AC_MSG_CHECKING([whether CC supports -no-pie]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + AC_LINK_IFELSE([AC_LANG_PROGRAM([])], [AC_MSG_RESULT([yes])] [nopie="-no-pie"], [AC_MSG_RESULT([no])] From 541b043a256436d7b8117e8943780f071df93ead Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 6 May 2019 16:44:25 +0000 Subject: [PATCH 004/107] autodetect argon2id13 support and autoenable passphrase-based generation --- configure.ac | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/configure.ac b/configure.ac index f2ecb22..6477ec1 100644 --- a/configure.ac +++ b/configure.ac @@ -121,6 +121,8 @@ then CFLAGS="$CFLAGS -msse2" fi + + AC_ARG_ENABLE([intfilter], [AS_HELP_STRING([--enable-intfilter@<:@=(32|64|128|native)@:>@], [use integers of specific size @<:@default=64@:>@ for filtering. faster but limits filter length to: 6 for 32-bit, 12 for 64-bit, 24 for 128-bit @<:@default=no@:>@])], @@ -310,6 +312,19 @@ yes|pcre2) ;; esac + +AC_MSG_CHECKING([whether ARGON2ID13 is supported by libsodium]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[int alg = crypto_pwhash_ALG_ARGON2ID13;(void) alg;]] + )], + [AC_MSG_RESULT([yes])] + [MYDEFS="$MYDEFS -DPASSPHRASE"], + [AC_MSG_RESULT([no])] +) + + # recreate dir tree, because otherwise gcc will fuck up (cd "$srcdir" && find ed25519 -type d) | xargs mkdir -p From d03798beceac6b54bc97bb82f8529f626b86342f Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 6 May 2019 16:47:47 +0000 Subject: [PATCH 005/107] reduce pwhash opslimit even further, probably for the last time --- main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.c b/main.c index 804ceba..8f3cdd7 100644 --- a/main.c +++ b/main.c @@ -34,7 +34,8 @@ #endif // Argon2 hashed passphrase stretching settings -#define PWHASH_OPSLIMIT 64 +// NOTE: changing these will break compatibility +#define PWHASH_OPSLIMIT 48 #define PWHASH_MEMLIMIT 64 * 1024 * 1024 #define PWHASH_ALG crypto_pwhash_ALG_ARGON2ID13 From 92b36121b6cdc9746dcec862b68a1429ddc3a973 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 14 May 2019 20:29:27 +0300 Subject: [PATCH 006/107] explicit void params declarations, add warnings to keep it correct thx http://nickdesaulniers.github.io/blog/2019/05/12/f-vs-f-void-in-c-vs-c-plus-plus/ --- configure.ac | 17 +++++++++++++++++ ed25519/ed25519.h | 8 ++++---- filters.h | 1 + main.c | 4 ++-- yaml.c | 4 ++-- yaml.h | 4 ++-- 6 files changed, 28 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac index 6477ec1..9766467 100644 --- a/configure.ac +++ b/configure.ac @@ -233,6 +233,23 @@ then ) fi +CFLAGS="$cstd -Wmissing-prototypes -Werror" +AC_MSG_CHECKING([whether CC supports -Wmissing-prototypes]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wmissing-prototypes"], + [AC_MSG_RESULT([no])] +) + +# XXX AC_LANG_PROGRAM produces unsuitable prototype so this check must be last one +CFLAGS="$cstd -Wstrict-prototypes -Werror" +AC_MSG_CHECKING([whether CC supports -Wstrict-prototypes]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wstrict-prototypes"], + [AC_MSG_RESULT([no])] +) + CFLAGS="$oldcflags" AC_ARG_ENABLE([binfilterlen], diff --git a/ed25519/ed25519.h b/ed25519/ed25519.h index d0c4491..f59760f 100644 --- a/ed25519/ed25519.h +++ b/ed25519/ed25519.h @@ -36,7 +36,7 @@ static const ge_cached ge_eightpoint = { 11267669, -24569594, 14624995 } }; -inline static void ge_initeightpoint() {} +inline static void ge_initeightpoint(void) {} #endif @@ -105,7 +105,7 @@ static const ge25519_pniels ge_eightpoint = { // t2d {{ 1700965895112270, 372560131616985, 329575203620664, 756160485635107, 981466775886086 }}, }; -inline static void ge_initeightpoint() {} +inline static void ge_initeightpoint(void) {} #endif @@ -129,7 +129,7 @@ static const ge25519_pniels ge_eightpoint = { // t2d {{ 9713713562319586894U, 4328467261753610859U, 8262494979546083277U, 4020087914029409631U }}, }; -inline static void ge_initeightpoint() {} +inline static void ge_initeightpoint(void) {} #endif @@ -232,7 +232,7 @@ static u8 fe_t2d[32] = { }; // initialize from packed representation -static void ge_initeightpoint() +static void ge_initeightpoint(void) { memset(&ge_eightpoint,0,sizeof(ge_eightpoint)); curve25519_expand(ge_eightpoint.ysubx,fe_ysubx); diff --git a/filters.h b/filters.h index ffd4c75..71f0118 100644 --- a/filters.h +++ b/filters.h @@ -92,4 +92,5 @@ extern struct pfiltervec filters; extern int flattened; extern void filters_init(void); +extern void filters_add(const char *filter); extern size_t filters_count(void); diff --git a/main.c b/main.c index 8f3cdd7..355f935 100644 --- a/main.c +++ b/main.c @@ -114,14 +114,14 @@ static void printhelp(FILE *out,const char *progname) fflush(out); } -static void e_additional() +static void e_additional(void) { fprintf(stderr,"additional argument required\n"); exit(1); } #ifndef STATISTICS -static void e_nostatistics() +static void e_nostatistics(void) { fprintf(stderr,"statistics support not compiled in\n"); exit(1); diff --git a/yaml.c b/yaml.c index 1f9e983..ebe03ab 100644 --- a/yaml.c +++ b/yaml.c @@ -49,12 +49,12 @@ static const char keys_field_time[] = "time: "; static pthread_mutex_t tminfo_mutex; -void yamlout_init() +void yamlout_init(void) { pthread_mutex_init(&tminfo_mutex,0); } -void yamlout_clean() +void yamlout_clean(void) { pthread_mutex_destroy(&tminfo_mutex); } diff --git a/yaml.h b/yaml.h index 0dc75d5..ca356c5 100644 --- a/yaml.h +++ b/yaml.h @@ -1,4 +1,4 @@ -extern void yamlout_init(); -extern void yamlout_clean(); +extern void yamlout_init(void); +extern void yamlout_clean(void); extern void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 *formated_secret); extern int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname); From c0ef36f200ca1242094674aae11a7579574801b0 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sat, 14 Sep 2019 20:50:50 +0300 Subject: [PATCH 007/107] make requirements section of readme more retard-proof --- README.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.txt b/README.txt index 63e202b..cd3eef2 100644 --- a/README.txt +++ b/README.txt @@ -4,7 +4,12 @@ This tool generates vanity ed25519 (hidden service version 3, formely known as p For context, see . REQUIREMENTS: -C99 compatible compiler, libsodium, GNU make, GNU autoconf, UNIX-like platform (currently tested in Linux and OpenBSD). +C99 compatible compiler (gcc and clang should work), +libsodium (including headers), GNU make, +GNU autoconf (to generate configure script, needed only if not using release tarball), +UNIX-like platform (currently tested in Linux and OpenBSD, but should also build under cygwin and msys2). +For debian-like linux distros, this should be enough to prepare for building: +`apt install gcc libsodium-dev make autoconf`. BUILDING: `./autogen.sh` to generate configure script, if it's not there already. From 6f7e220b60086349ef9e999668bdc8ee0605bc4e Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 15 Nov 2019 02:48:19 +0000 Subject: [PATCH 008/107] fix ed25519-donna makedepends --- Makefile.in | 16 ++++++++ .../ed25519-donna/curve25519-donna-32bit.h | 4 ++ .../ed25519-donna/curve25519-donna-64bit.h | 3 ++ ed25519/ed25519-donna/curve25519-donna-sse2.h | 3 ++ .../ed25519-donna-32bit-tables.h | 4 ++ .../ed25519-donna-64bit-tables.h | 4 ++ .../ed25519-donna/ed25519-donna-impl-base.h | 3 ++ .../ed25519-donna/ed25519-donna-impl-sse2.h | 4 ++ ed25519/ed25519-donna/ed25519-donna.h | 41 +++++++------------ ed25519/ed25519-donna/modm-donna-32bit.h | 4 ++ ed25519/ed25519-donna/modm-donna-64bit.h | 4 ++ worker_batch.inc.h | 5 ++- 12 files changed, 67 insertions(+), 28 deletions(-) diff --git a/Makefile.in b/Makefile.in index f8496e3..ec29317 100644 --- a/Makefile.in +++ b/Makefile.in @@ -410,12 +410,20 @@ test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h +test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h +test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-64bit.h +test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-32bit.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h vec.c.o: vec.h worker.c.o: types.h likely.h vec.h base32.h keccak.h ed25519/ed25519.h @@ -427,12 +435,20 @@ worker.c.o: ed25519/amd64-64-24k/ge25519.h worker.c.o: ed25519/ed25519-donna/ed25519-donna.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h +worker.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h worker.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h +worker.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h worker.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h worker.c.o: ed25519/ed25519-donna/modm-donna-64bit.h +worker.c.o: ed25519/ed25519-donna/modm-donna-32bit.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h ioutil.h common.h worker.c.o: yaml.h worker.h filters.h filters_worker.inc.h worker.c.o: filters_common.inc.h worker_slow.inc.h worker_fast.inc.h diff --git a/ed25519/ed25519-donna/curve25519-donna-32bit.h b/ed25519/ed25519-donna/curve25519-donna-32bit.h index b0861ac..9075472 100644 --- a/ed25519/ed25519-donna/curve25519-donna-32bit.h +++ b/ed25519/ed25519-donna/curve25519-donna-32bit.h @@ -5,6 +5,8 @@ 32 bit integer curve25519 implementation */ +#if !defined(ED25519_SSE2) && !defined(ED25519_64BIT) + typedef uint32_t bignum25519[10]; typedef uint32_t bignum25519align16[12]; @@ -577,3 +579,5 @@ curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint32_t iswap) { x8 = swap & (a[8] ^ b[8]); a[8] ^= x8; b[8] ^= x8; x9 = swap & (a[9] ^ b[9]); a[9] ^= x9; b[9] ^= x9; } + +#endif /* !defined(ED25519_SSE2) && !defined(ED25519_64BIT) */ diff --git a/ed25519/ed25519-donna/curve25519-donna-64bit.h b/ed25519/ed25519-donna/curve25519-donna-64bit.h index 2941d1b..6de623d 100644 --- a/ed25519/ed25519-donna/curve25519-donna-64bit.h +++ b/ed25519/ed25519-donna/curve25519-donna-64bit.h @@ -6,6 +6,8 @@ 64bit integer curve25519 implementation */ +#if !defined(ED25519_SSE2) && defined(ED25519_64BIT) + typedef uint64_t bignum25519[5]; static const uint64_t reduce_mask_40 = ((uint64_t)1 << 40) - 1; @@ -411,3 +413,4 @@ curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint64_t iswap) { #define ED25519_64BIT_TABLES +#endif /* !defined(ED25519_SSE2) && defined(ED25519_64BIT) */ diff --git a/ed25519/ed25519-donna/curve25519-donna-sse2.h b/ed25519/ed25519-donna/curve25519-donna-sse2.h index 1dbfd44..cb8233a 100644 --- a/ed25519/ed25519-donna/curve25519-donna-sse2.h +++ b/ed25519/ed25519-donna/curve25519-donna-sse2.h @@ -5,6 +5,8 @@ SSE2 curve25519 implementation */ +#if defined(ED25519_SSE2) + #include typedef __m128i xmmi; @@ -1110,3 +1112,4 @@ curve25519_move_conditional_bytes(uint8_t out[96], const uint8_t in[96], uint32_ _mm_store_si128((xmmi*)out + 5, a5); } +#endif /* defined(ED25519_SSE2) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h b/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h index c977c26..f8f70d7 100644 --- a/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h +++ b/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h @@ -1,3 +1,5 @@ +#if !defined(ED25519_64BIT) + static const ge25519 ALIGN(16) ge25519_basepoint = { {0x0325d51a,0x018b5823,0x00f6592a,0x0104a92d,0x01a4b31d,0x01d6dc5c,0x027118fe,0x007fd814,0x013cd6e5,0x0085a4db}, {0x02666658,0x01999999,0x00cccccc,0x01333333,0x01999999,0x00666666,0x03333333,0x00cccccc,0x02666666,0x01999999}, @@ -59,3 +61,5 @@ static const ge25519_niels ALIGN(16) ge25519_niels_sliding_multiples[32] = { {{0x01085cf2,0x01fd47af,0x03e3f5e1,0x004b3e99,0x01e3d46a,0x0060033c,0x015ff0a8,0x0150cdd8,0x029e8e21,0x008cf1bc},{0x00156cb1,0x003d623f,0x01a4f069,0x00d8d053,0x01b68aea,0x01ca5ab6,0x0316ae43,0x0134dc44,0x001c8d58,0x0084b343},{0x0318c781,0x0135441f,0x03a51a5e,0x019293f4,0x0048bb37,0x013d3341,0x0143151e,0x019c74e1,0x00911914,0x0076ddde}}, {{0x006bc26f,0x00d48e5f,0x00227bbe,0x00629ea8,0x01ea5f8b,0x0179a330,0x027a1d5f,0x01bf8f8e,0x02d26e2a,0x00c6b65e},{0x01701ab6,0x0051da77,0x01b4b667,0x00a0ce7c,0x038ae37b,0x012ac852,0x03a0b0fe,0x0097c2bb,0x00a017d2,0x01eb8b2a},{0x0120b962,0x0005fb42,0x0353b6fd,0x0061f8ce,0x007a1463,0x01560a64,0x00e0a792,0x01907c92,0x013a6622,0x007b47f1}} }; + +#endif /* !defined(ED25519_64BIT) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h b/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h index 4a6ff9e..f0df467 100644 --- a/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h +++ b/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h @@ -1,3 +1,5 @@ +#if defined(ED25519_64BIT) + static const ge25519 ge25519_basepoint = { {0x00062d608f25d51a,0x000412a4b4f6592a,0x00075b7171a4b31d,0x0001ff60527118fe,0x000216936d3cd6e5}, {0x0006666666666658,0x0004cccccccccccc,0x0001999999999999,0x0003333333333333,0x0006666666666666}, @@ -51,3 +53,5 @@ static const ge25519_niels ge25519_niels_sliding_multiples[32] = { {{0x0007f51ebd085cf2,0x00012cfa67e3f5e1,0x0001800cf1e3d46a,0x00054337615ff0a8,0x000233c6f29e8e21},{0x0000f588fc156cb1,0x000363414da4f069,0x0007296ad9b68aea,0x0004d3711316ae43,0x000212cd0c1c8d58},{0x0004d5107f18c781,0x00064a4fd3a51a5e,0x0004f4cd0448bb37,0x000671d38543151e,0x0001db7778911914}}, {{0x000352397c6bc26f,0x00018a7aa0227bbe,0x0005e68cc1ea5f8b,0x0006fe3e3a7a1d5f,0x00031ad97ad26e2a},{0x00014769dd701ab6,0x00028339f1b4b667,0x0004ab214b8ae37b,0x00025f0aefa0b0fe,0x0007ae2ca8a017d2},{0x000017ed0920b962,0x000187e33b53b6fd,0x00055829907a1463,0x000641f248e0a792,0x0001ed1fc53a6622}} }; + +#endif /* defined(ED25519_64BIT) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-impl-base.h b/ed25519/ed25519-donna/ed25519-donna-impl-base.h index 18736cf..503ba8c 100644 --- a/ed25519/ed25519-donna/ed25519-donna-impl-base.h +++ b/ed25519/ed25519-donna/ed25519-donna-impl-base.h @@ -1,3 +1,5 @@ +#if !defined(ED25519_SSE2) + /* conversions */ @@ -387,3 +389,4 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96] } } +#endif /* !defined(ED25519_SSE2) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h b/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h index 2401099..b474511 100644 --- a/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h +++ b/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h @@ -1,3 +1,5 @@ +#if defined(ED25519_SSE2) + /* conversions */ @@ -412,3 +414,5 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bi ge25519_nielsadd2(r, &t); } } + +#endif /* defined(ED25519_SSE2) */ diff --git a/ed25519/ed25519-donna/ed25519-donna.h b/ed25519/ed25519-donna/ed25519-donna.h index 1e1dc34..f878a1b 100644 --- a/ed25519/ed25519-donna/ed25519-donna.h +++ b/ed25519/ed25519-donna/ed25519-donna.h @@ -41,22 +41,14 @@ #endif #endif -#if defined(ED25519_SSE2) - #include "curve25519-donna-sse2.h" -#elif defined(ED25519_64BIT) - #include "curve25519-donna-64bit.h" -#else - #include "curve25519-donna-32bit.h" -#endif +#include "curve25519-donna-sse2.h" +#include "curve25519-donna-64bit.h" +#include "curve25519-donna-32bit.h" #include "curve25519-donna-helpers.h" -/* separate uint128 check for 64 bit sse2 */ -#if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) - #include "modm-donna-64bit.h" -#else - #include "modm-donna-32bit.h" -#endif +#include "modm-donna-64bit.h" +#include "modm-donna-32bit.h" typedef unsigned char hash_512bits[64]; @@ -98,20 +90,15 @@ typedef unsigned char bytes32[32]; #include "ed25519-donna-basepoint-table.h" -#if defined(ED25519_64BIT) - #include "ed25519-donna-64bit-tables.h" - #include "ed25519-donna-64bit-x86.h" -#else - #include "ed25519-donna-32bit-tables.h" - #include "ed25519-donna-64bit-x86-32bit.h" -#endif +#include "ed25519-donna-64bit-tables.h" +#include "ed25519-donna-64bit-x86.h" + +#include "ed25519-donna-32bit-tables.h" +#include "ed25519-donna-64bit-x86-32bit.h" -#if defined(ED25519_SSE2) - #include "ed25519-donna-32bit-sse2.h" - #include "ed25519-donna-64bit-sse2.h" - #include "ed25519-donna-impl-sse2.h" -#else - #include "ed25519-donna-impl-base.h" -#endif +#include "ed25519-donna-32bit-sse2.h" +#include "ed25519-donna-64bit-sse2.h" +#include "ed25519-donna-impl-sse2.h" +#include "ed25519-donna-impl-base.h" diff --git a/ed25519/ed25519-donna/modm-donna-32bit.h b/ed25519/ed25519-donna/modm-donna-32bit.h index dfd76be..c9636e3 100644 --- a/ed25519/ed25519-donna/modm-donna-32bit.h +++ b/ed25519/ed25519-donna/modm-donna-32bit.h @@ -2,6 +2,8 @@ Public domain by Andrew M. */ +/* separate uint128 check for 64 bit sse2 */ +#if !defined(HAVE_UINT128) || defined(ED25519_FORCE_32BIT) /* Arithmetic modulo the group order n = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 @@ -467,3 +469,5 @@ isatmost128bits256_modm_batch(const bignum256modm a) { return (mask == 0); } + +#endif /* !defined(HAVE_UINT128) || defined(ED25519_FORCE_32BIT) */ diff --git a/ed25519/ed25519-donna/modm-donna-64bit.h b/ed25519/ed25519-donna/modm-donna-64bit.h index a47a38a..936e7b0 100644 --- a/ed25519/ed25519-donna/modm-donna-64bit.h +++ b/ed25519/ed25519-donna/modm-donna-64bit.h @@ -2,6 +2,8 @@ Public domain by Andrew M. */ +/* separate uint128 check for 64 bit sse2 */ +#if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) /* Arithmetic modulo the group order n = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 @@ -359,3 +361,5 @@ isatmost128bits256_modm_batch(const bignum256modm a) { return (mask == 0); } + +#endif /* defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) */ diff --git a/worker_batch.inc.h b/worker_batch.inc.h index c838e28..69559d7 100644 --- a/worker_batch.inc.h +++ b/worker_batch.inc.h @@ -11,6 +11,7 @@ void *worker_batch(void *task) ge_p3 ge_public; char *sname; + // state to keep batch data ge_p3 ge_batch[BATCHNUM]; fe *(batchgez)[BATCHNUM]; fe tmp_batch[BATCHNUM]; @@ -23,6 +24,7 @@ void *worker_batch(void *task) struct statstruct *st = (struct statstruct *)task; #endif + // set up right pointers for (size_t b = 0;b < BATCHNUM;++b) batchgez[b] = &GEZ(ge_batch[b]); @@ -53,12 +55,13 @@ initseed: if (unlikely(endwork)) goto end; + for (size_t b = 0;b < BATCHNUM;++b) { ge_batch[b] = ge_public; ge_add(&sum,&ge_public,&ge_eightpoint); ge_p1p1_to_p3(&ge_public,&sum); } - // NOTE: leaves unfinished + // NOTE: leaves unfinished one bit at the very end ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,batchgez,tmp_batch,BATCHNUM); #ifdef STATISTICS From 9bc52c5fb7dc6e9bf920f08b5faa865ec72c8c86 Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 15 Nov 2019 04:58:21 +0000 Subject: [PATCH 009/107] implement worker_batch_pass --- Makefile.in | 2 +- main.c | 3 +- worker.c | 13 +++- worker.h | 1 + worker_batch.inc.h | 2 + worker_batch_pass.inc.h | 133 ++++++++++++++++++++++++++++++++++++++++ worker_fast.inc.h | 2 + worker_fast_pass.inc.h | 9 +-- 8 files changed, 157 insertions(+), 8 deletions(-) create mode 100644 worker_batch_pass.inc.h diff --git a/Makefile.in b/Makefile.in index ec29317..afeb22a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -452,5 +452,5 @@ worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h ioutil.h common.h worker.c.o: yaml.h worker.h filters.h filters_worker.inc.h worker.c.o: filters_common.inc.h worker_slow.inc.h worker_fast.inc.h -worker.c.o: worker_fast_pass.inc.h worker_batch.inc.h +worker.c.o: worker_fast_pass.inc.h worker_batch.inc.h worker_batch_pass.inc.h yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h diff --git a/main.c b/main.c index 355f935..fc38b2c 100644 --- a/main.c +++ b/main.c @@ -516,7 +516,8 @@ int main(int argc,char **argv) #endif tret = pthread_create(&VEC_BUF(threads,i),0, #ifdef PASSPHRASE - deterministic ? worker_fast_pass : + deterministic ? ( + batchkeygen ? worker_batch_pass : worker_fast_pass) : #endif batchkeygen ? worker_batch : (fastkeygen ? worker_fast : worker_slow),tp); diff --git a/worker.c b/worker.c index fa1b361..83466f3 100644 --- a/worker.c +++ b/worker.c @@ -210,8 +210,17 @@ static void reseedright(u8 sk[SECRET_LEN]) #include "worker_fast_pass.inc.h" -#ifndef BATCHNUM -#define BATCHNUM 2048 +#if !defined(BATCHNUM) + #define BATCHNUM 2048 +#else + #if BATCHNUM & (BATCHNUM - 1) + #error "BATCHNUM must be power of 2" + #endif + #if (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT + #error "BATCHNUM is too large" + #endif #endif #include "worker_batch.inc.h" + +#include "worker_batch_pass.inc.h" diff --git a/worker.h b/worker.h index 289c27e..a06edd4 100644 --- a/worker.h +++ b/worker.h @@ -43,4 +43,5 @@ extern void *worker_fast(void *task); extern void *worker_batch(void *task); #ifdef PASSPHRASE extern void *worker_fast_pass(void *task); +extern void *worker_batch_pass(void *task); #endif diff --git a/worker_batch.inc.h b/worker_batch.inc.h index 69559d7..e544d00 100644 --- a/worker_batch.inc.h +++ b/worker_batch.inc.h @@ -44,7 +44,9 @@ initseed: #ifdef STATISTICS ++st->numrestart.v; #endif + randombytes(seed,sizeof(seed)); + ed25519_seckey_expand(sk,seed); ge_scalarmult_base(&ge_public,sk); diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h new file mode 100644 index 0000000..3f669f2 --- /dev/null +++ b/worker_batch_pass.inc.h @@ -0,0 +1,133 @@ + +#ifdef PASSPHRASE +void *worker_batch_pass(void *task) +{ + union pubonionunion pubonion; + u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; + u8 secret[SKPREFIX_SIZE + SECRET_LEN]; + u8 * const sk = &secret[SKPREFIX_SIZE]; + u8 seed[SEED_LEN]; + u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; + u8 wpk[PUBLIC_LEN + 1]; + ge_p3 ge_public; + char *sname; + + // state to keep batch data + ge_p3 ge_batch[BATCHNUM]; + fe *(batchgez)[BATCHNUM]; + fe tmp_batch[BATCHNUM]; + bytes32 pk_batch[BATCHNUM]; + + size_t counter,oldcounter; + size_t i; + +#ifdef STATISTICS + struct statstruct *st = (struct statstruct *)task; +#endif + + // set up right pointers + for (size_t b = 0;b < BATCHNUM;++b) + batchgez[b] = &GEZ(ge_batch[b]); + + PREFILTER + + memcpy(secret,skprefix,SKPREFIX_SIZE); + wpk[PUBLIC_LEN] = 0; + memset(&pubonion,0,sizeof(pubonion)); + memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); + // write version later as it will be overwritten by hash + memcpy(hashsrc,checksumstr,checksumstrlen); + hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version + + sname = makesname(); + +initseed: +#ifdef STATISTICS + ++st->numrestart.v; +#endif + + pthread_mutex_lock(&determseed_mutex); + for (int i = 0; i < SEED_LEN; i++) + if (++determseed[i]) + break; + memcpy(seed, determseed, SEED_LEN); + pthread_mutex_unlock(&determseed_mutex); + + ed25519_seckey_expand(sk,seed); + + ge_scalarmult_base(&ge_public,sk); + + for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT;counter += 8*BATCHNUM) { + ge_p1p1 sum; + + if (unlikely(endwork)) + goto end; + + + for (size_t b = 0;b < BATCHNUM;++b) { + ge_batch[b] = ge_public; + ge_add(&sum,&ge_public,&ge_eightpoint); + ge_p1p1_to_p3(&ge_public,&sum); + } + // NOTE: leaves unfinished one bit at the very end + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,batchgez,tmp_batch,BATCHNUM); + +#ifdef STATISTICS + st->numcalc.v += BATCHNUM; +#endif + + for (size_t b = 0;b < BATCHNUM;++b) { + DOFILTER(i,pk_batch[b],{ + if (numwords > 1) { + shiftpk(wpk,pk_batch[b],filter_len(i)); + size_t j; + for (int w = 1;;) { + DOFILTER(j,wpk,goto secondfind); + goto next; + secondfind: + if (++w >= numwords) + break; + shiftpk(wpk,wpk,filter_len(j)); + } + } + // found! + // finish it up + ge_p3_batchtobytes_destructive_finish(pk_batch[b],&ge_batch[b]); + // copy public key + memcpy(pk,pk_batch[b],PUBLIC_LEN); + // update secret key with counter + addsztoscalar32(sk,counter + (b * 8) - oldcounter); + oldcounter = counter + (b * 8); + // sanity check + if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) + goto initseed; + + // reseed right half of key to avoid reuse, it won't change public key anyway + reseedright(sk); + + ADDNUMSUCCESS; + + // calc checksum + memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); + FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); + // version byte + pk[PUBLIC_LEN + 2] = 0x03; + // full name + strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); + onionready(sname,secret,pubonion.raw); + pk[PUBLIC_LEN] = 0; // what is this for? + }); + next: + ; + } + } + goto initseed; + +end: + free(sname); + POSTFILTER + sodium_memzero(secret,sizeof(secret)); + sodium_memzero(seed,sizeof(seed)); + return 0; +} +#endif // PASSPHRASE diff --git a/worker_fast.inc.h b/worker_fast.inc.h index 3172656..db57b0b 100644 --- a/worker_fast.inc.h +++ b/worker_fast.inc.h @@ -36,7 +36,9 @@ initseed: #ifdef STATISTICS ++st->numrestart.v; #endif + randombytes(seed,sizeof(seed)); + ed25519_seckey_expand(sk,seed); ge_scalarmult_base(&ge_public,sk); diff --git a/worker_fast_pass.inc.h b/worker_fast_pass.inc.h index 0983816..8b698ef 100644 --- a/worker_fast_pass.inc.h +++ b/worker_fast_pass.inc.h @@ -34,17 +34,18 @@ void *worker_fast_pass(void *task) sname = makesname(); initseed: +#ifdef STATISTICS + ++st->numrestart.v; +#endif + pthread_mutex_lock(&determseed_mutex); for (int i = 0; i < SEED_LEN; i++) if (++determseed[i]) break; memcpy(seed, determseed, SEED_LEN); pthread_mutex_unlock(&determseed_mutex); - ed25519_seckey_expand(sk,seed); -#ifdef STATISTICS - ++st->numrestart.v; -#endif + ed25519_seckey_expand(sk,seed); ge_scalarmult_base(&ge_public,sk); ge_p3_tobytes(pk,&ge_public); From 5c7e0144d971d7d6252d7ce069bf7aaaa6618ecd Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 20 Nov 2019 16:17:21 +0000 Subject: [PATCH 010/107] remove BATCHNUM limitations --- worker.c | 9 +----- worker_batch_pass.inc.h | 71 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 71 insertions(+), 9 deletions(-) diff --git a/worker.c b/worker.c index 83466f3..ea8acd1 100644 --- a/worker.c +++ b/worker.c @@ -58,7 +58,7 @@ void worker_init(void) #ifdef PASSPHRASE // How many times we loop before a reseed -#define DETERMINISTIC_LOOP_COUNT 1<<24 +#define DETERMINISTIC_LOOP_COUNT (1<<24) pthread_mutex_t determseed_mutex; u8 determseed[SEED_LEN]; @@ -212,13 +212,6 @@ static void reseedright(u8 sk[SECRET_LEN]) #if !defined(BATCHNUM) #define BATCHNUM 2048 -#else - #if BATCHNUM & (BATCHNUM - 1) - #error "BATCHNUM must be power of 2" - #endif - #if (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT - #error "BATCHNUM is too large" - #endif #endif #include "worker_batch.inc.h" diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index 3f669f2..93f4eb0 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -57,7 +57,7 @@ initseed: ge_scalarmult_base(&ge_public,sk); - for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT;counter += 8*BATCHNUM) { + for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT - (BATCHNUM - 1) * 8;counter += BATCHNUM * 8) { ge_p1p1 sum; if (unlikely(endwork)) @@ -121,6 +121,75 @@ initseed: ; } } + // continue if have leftovers, DETERMINISTIC_LOOP_COUNT - counter < BATCHNUM * 8 + // can't have leftovers in theory if BATCHNUM was power of 2 and smaller than DETERMINISTIC_LOOP_COUNT bound + if (((BATCHNUM & (BATCHNUM - 1)) || (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT) && + counter < DETERMINISTIC_LOOP_COUNT) + { + ge_p1p1 sum; + + if (unlikely(endwork)) + goto end; + + const size_t remaining = (DETERMINISTIC_LOOP_COUNT - counter) / 8; + + for (size_t b = 0;b < remaining;++b) { + ge_batch[b] = ge_public; + ge_add(&sum,&ge_public,&ge_eightpoint); + ge_p1p1_to_p3(&ge_public,&sum); + } + // NOTE: leaves unfinished one bit at the very end + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,batchgez,tmp_batch,remaining); + +#ifdef STATISTICS + st->numcalc.v += remaining; +#endif + + for (size_t b = 0;b < remaining;++b) { + DOFILTER(i,pk_batch[b],{ + if (numwords > 1) { + shiftpk(wpk,pk_batch[b],filter_len(i)); + size_t j; + for (int w = 1;;) { + DOFILTER(j,wpk,goto secondfind2); + goto next2; + secondfind2: + if (++w >= numwords) + break; + shiftpk(wpk,wpk,filter_len(j)); + } + } + // found! + // finish it up + ge_p3_batchtobytes_destructive_finish(pk_batch[b],&ge_batch[b]); + // copy public key + memcpy(pk,pk_batch[b],PUBLIC_LEN); + // update secret key with counter + addsztoscalar32(sk,counter + (b * 8) - oldcounter); + oldcounter = counter + (b * 8); + // sanity check + if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) + goto initseed; + + // reseed right half of key to avoid reuse, it won't change public key anyway + reseedright(sk); + + ADDNUMSUCCESS; + + // calc checksum + memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); + FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); + // version byte + pk[PUBLIC_LEN + 2] = 0x03; + // full name + strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); + onionready(sname,secret,pubonion.raw); + pk[PUBLIC_LEN] = 0; // what is this for? + }); + next2: + ; + } + } goto initseed; end: From 451c9610aaaeec7e2f7acebd2dfead82ecf6ebe5 Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 20 Nov 2019 16:22:43 +0000 Subject: [PATCH 011/107] don't offload dead code elimination to compiler as we can do that in preprocessor --- worker_batch_pass.inc.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index 93f4eb0..31f48d7 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -123,9 +123,8 @@ initseed: } // continue if have leftovers, DETERMINISTIC_LOOP_COUNT - counter < BATCHNUM * 8 // can't have leftovers in theory if BATCHNUM was power of 2 and smaller than DETERMINISTIC_LOOP_COUNT bound - if (((BATCHNUM & (BATCHNUM - 1)) || (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT) && - counter < DETERMINISTIC_LOOP_COUNT) - { +#if (BATCHNUM & (BATCHNUM - 1)) || (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT + if (counter < DETERMINISTIC_LOOP_COUNT) { ge_p1p1 sum; if (unlikely(endwork)) @@ -190,6 +189,7 @@ initseed: ; } } +#endif // (BATCHNUM & (BATCHNUM - 1)) || (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT goto initseed; end: From 9032811fc572ce590e90c9b20eed57fb180b5bbc Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 22 Dec 2019 22:01:26 +0200 Subject: [PATCH 012/107] small cleanup, makefile preparation for calcdiff --- Makefile.in | 79 +++++++++++++++++++++++++++++--------------------- test_ed25519.c | 6 +--- testutil.h | 5 ++++ 3 files changed, 52 insertions(+), 38 deletions(-) create mode 100644 testutil.h diff --git a/Makefile.in b/Makefile.in index afeb22a..bf71cfb 100644 --- a/Makefile.in +++ b/Makefile.in @@ -15,9 +15,9 @@ ED25519_amd64_64_24k= \ $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.c)) \ $(patsubst @SRCDIR@/%.s,%.s.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.s)) ED25519_donna= -ED25519OBJ= $(ED25519_@ED25519IMPL@) +ED25519_OBJ= $(ED25519_@ED25519IMPL@) -MAINOBJ= \ +MAIN_OBJ= \ main.c.o \ worker.c.o \ yaml.c.o \ @@ -28,73 +28,86 @@ MAINOBJ= \ base64_to.c.o \ base64_from.c.o \ ioutil.c.o \ - $(ED25519OBJ) \ + $(ED25519_OBJ) \ keccak.c.o -TEST_BASE64OBJ= \ +UTIL_CALCDIFF_OBJ= \ + calcdiff.c.o + +TEST_BASE64_OBJ= \ test_base64.c.o \ base64_to.c.o \ base64_from.c.o -TEST_BASE32OBJ= \ +TEST_BASE32_OBJ= \ test_base32.c.o \ base32_to.c.o \ base32_from.c.o -TEST_BASE16OBJ= \ +TEST_BASE16_OBJ= \ test_base16.c.o \ base16_to.c.o \ base16_from.c.o -TEST_ED25519OBJ= \ +TEST_ED25519_OBJ= \ test_ed25519.c.o \ base16_to.c.o \ base16_from.c.o \ - $(ED25519OBJ) + $(ED25519_OBJ) -ALLO= $(sort \ - $(MAINOBJ) \ - $(TEST_BASE64OBJ) \ - $(TEST_BASE32OBJ) \ - $(TEST_BASE16OBJ) \ - $(TEST_ED25519OBJ) \ +ALL_O= $(sort \ + $(MAIN_OBJ) \ + $(TEST_BASE64_OBJ) \ + $(TEST_BASE32_OBJ) \ + $(TEST_BASE16_OBJ) \ + $(TEST_ED25519_OBJ) \ $(ED25519_ref10) \ $(ED25519_amd64_51_30k) \ $(ED25519_amd64_64_24k)) -ALLC= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALLO))) -CLEANO= $(filter %.o,$(ALLO)) +ALL_C= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALL_O))) +CLEAN_O= $(filter %.o,$(ALL_O)) -MAINLIB= -lpthread -lsodium @MAINLIB@ -TEST_ED25519LIB= -lsodium +MAIN_LIB= -lpthread -lsodium @MAINLIB@ +TEST_ED25519_LIB= -lsodium -ALLTGTS= mkp224o test_base64 test_base32 test_base16 test_ed25519 -ALLEXE= $(patsubst %,%@EXEEXT@,$(ALLTGTS)) +MAIN_TGT= mkp224o +UTIL_TGT= calcdiff +TEST_TGT= test_base64 test_base32 test_base16 test_ed25519 + +MAIN_EXE= $(patsubst %,%@EXEEXT@,$(MAIN_TGT)) +UTIL_EXE= $(patsubst %,%@EXEEXT@,$(UTIL_TGT)) +TEST_EXE= $(patsubst %,%@EXEEXT@,$(TEST_TGT)) + +ALL_EXE= $(MAIN_EXE) $(UTIL_EXE) $(TEST_EXE) .PHONY: default all clean distclean depend -default: mkp224o@EXEEXT@ +default: $(MAIN_EXE) -all: $(ALLEXE) +all: $(ALL_EXE) -mkp224o@EXEEXT@: $(MAINOBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAINLIB) && $(MV) $@.tmp $@ +mkp224o@EXEEXT@: $(MAIN_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAIN_LIB) && $(MV) $@.tmp $@ -test_base64@EXEEXT@: $(TEST_BASE64OBJ) +calcdiff@EXEEXT@: $(UTIL_CALCDIFF_OBJ) $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ -test_base32@EXEEXT@: $(TEST_BASE32OBJ) +test_base64@EXEEXT@: $(TEST_BASE64_OBJ) $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ -test_base16@EXEEXT@: $(TEST_BASE16OBJ) +test_base32@EXEEXT@: $(TEST_BASE32_OBJ) $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ -test_ed25519@EXEEXT@: $(TEST_ED25519OBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519LIB) && $(MV) $@.tmp $@ +test_base16@EXEEXT@: $(TEST_BASE16_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ + +test_ed25519@EXEEXT@: $(TEST_ED25519_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519_LIB) && $(MV) $@.tmp $@ clean: - $(RM) $(CLEANO) - $(RM) $(ALLEXE) + $(RM) $(CLEAN_O) + $(RM) $(ALL_EXE) distclean: clean $(RM) -r autom4te.cache @@ -102,7 +115,7 @@ distclean: clean $(RM) Makefile depend: - cd "@SRCDIR@" && makedepend -Y -fMakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALLC) + cd "@SRCDIR@" && makedepend -Y -fMakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALL_C) VPATH=@SRCDIR@ @@ -424,7 +437,7 @@ test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h -test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h testutil.h vec.c.o: vec.h worker.c.o: types.h likely.h vec.h base32.h keccak.h ed25519/ed25519.h worker.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h ed25519/ref10/fe.h diff --git a/test_ed25519.c b/test_ed25519.c index 968d660..b87135c 100644 --- a/test_ed25519.c +++ b/test_ed25519.c @@ -6,6 +6,7 @@ #include "types.h" #include "base16.h" #include "ed25519/ed25519.h" +#include "testutil.h" struct pktest { const char *seed; @@ -26,11 +27,6 @@ struct pktest { }, }; -#define WARN(test) if (!(test)) \ - fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test) - -#define WARNF(test) if (!(test) && (fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test), 1)) - #define SEEDBYTES 32 #define SECRETKEYBYTES 64 #define PUBLICKEYBYTES 32 diff --git a/testutil.h b/testutil.h new file mode 100644 index 0000000..3f446bf --- /dev/null +++ b/testutil.h @@ -0,0 +1,5 @@ + +#define WARN(test) if (!(test)) \ + fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test) + +#define WARNF(test) if (!(test) && ((void) fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test), 1)) From d3640b7322d91cad372843257d82cbaecb795954 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 22 Dec 2019 22:28:12 +0200 Subject: [PATCH 013/107] use GNUmakefile, since we depend on GNU stuff --- Makefile.in => GNUmakefile.in | 4 ++-- configure.ac | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) rename Makefile.in => GNUmakefile.in (99%) diff --git a/Makefile.in b/GNUmakefile.in similarity index 99% rename from Makefile.in rename to GNUmakefile.in index bf71cfb..7e3b25e 100644 --- a/Makefile.in +++ b/GNUmakefile.in @@ -112,10 +112,10 @@ clean: distclean: clean $(RM) -r autom4te.cache $(RM) configure config.status config.log - $(RM) Makefile + $(RM) GNUmakefile depend: - cd "@SRCDIR@" && makedepend -Y -fMakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALL_C) + cd "@SRCDIR@" && makedepend -Y -fGNUmakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALL_C) VPATH=@SRCDIR@ diff --git a/configure.ac b/configure.ac index 9766467..f4804fa 100644 --- a/configure.ac +++ b/configure.ac @@ -351,4 +351,4 @@ AC_SUBST(MYDEFS,["$MYDEFS"]) AC_SUBST(MAINLIB,["$MAINLIB"]) AC_SUBST(NOPIE,["$nopie"]) AC_SUBST(SRCDIR,["$srcdir"]) -AC_OUTPUT(Makefile) +AC_OUTPUT(GNUmakefile) From e6d0f59f1d6647b0e55aa4e003272bdc6d44f47b Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 14 Jan 2020 17:15:44 +0000 Subject: [PATCH 014/107] estimate calc utility (WIP) --- GNUmakefile.in | 11 ++++++----- calcest.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 calcest.c diff --git a/GNUmakefile.in b/GNUmakefile.in index 7e3b25e..0a90819 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -31,8 +31,8 @@ MAIN_OBJ= \ $(ED25519_OBJ) \ keccak.c.o -UTIL_CALCDIFF_OBJ= \ - calcdiff.c.o +UTIL_CALCEST_OBJ= \ + calcest.c.o TEST_BASE64_OBJ= \ test_base64.c.o \ @@ -69,10 +69,11 @@ ALL_C= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALL_O))) CLEAN_O= $(filter %.o,$(ALL_O)) MAIN_LIB= -lpthread -lsodium @MAINLIB@ +UTIL_CALCEST_LIB= -lm TEST_ED25519_LIB= -lsodium MAIN_TGT= mkp224o -UTIL_TGT= calcdiff +UTIL_TGT= calcest TEST_TGT= test_base64 test_base32 test_base16 test_ed25519 MAIN_EXE= $(patsubst %,%@EXEEXT@,$(MAIN_TGT)) @@ -90,8 +91,8 @@ all: $(ALL_EXE) mkp224o@EXEEXT@: $(MAIN_OBJ) $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAIN_LIB) && $(MV) $@.tmp $@ -calcdiff@EXEEXT@: $(UTIL_CALCDIFF_OBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ +calcest@EXEEXT@: $(UTIL_CALCEST_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(UTIL_CALCEST_LIB) && $(MV) $@.tmp $@ test_base64@EXEEXT@: $(TEST_BASE64_OBJ) $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ diff --git a/calcest.c b/calcest.c new file mode 100644 index 0000000..23e88de --- /dev/null +++ b/calcest.c @@ -0,0 +1,43 @@ +#include +#include + +/* + * as per scribblemaniac's explanation: + * t - number of trials + * n - character count + * p - probability + * condition: >=1 matches + * formula: t = log(1-p)/log(1-1/32^n) + * comes from: + * distribution X~Binomial(t, 1/32^n) + * P(X>=1)=p + */ + +const double probs[] = { 0.5, 0.8, 0.9, 0.95, 0.99 }; +const int charcounts[] = { 2, 3, 4, 5, 6, 7 }; + +int main(void) +{ + printf(" |"); + for (int i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { + printf(" %11d%% |",(int)((probs[i]*100)+0.5)); + } + printf("\n"); + + printf("---+"); + for (int i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { + printf("--------------+"); + } + printf("\n"); + + for (int i = 0; i < sizeof(charcounts)/sizeof(charcounts[0]); ++i) { + printf("%2d |",charcounts[i]); + for (int j = 0; j < sizeof(probs)/sizeof(probs[0]); ++j) { + double t = log2(1 - probs[j]) / log2(1 - (1 / pow(32,charcounts[i]))); + printf(" %12.0f |",t); + } + printf("\n"); + } + + return 0; +} From 30c05eb26666237d6e042063fb3b78933353281d Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 14 Jan 2020 17:51:56 +0000 Subject: [PATCH 015/107] remove some unused stuff, small fixups, use -Wextra --- GNUmakefile.in | 18 ---- configure.ac | 8 ++ ed25519/amd64-51-30k/batch.c | 94 ------------------- ed25519/amd64-51-30k/crypto_sign.h | 2 +- ed25519/amd64-64-24k/batch.c | 94 ------------------- .../ed25519-donna/curve25519-donna-helpers.h | 2 +- 6 files changed, 10 insertions(+), 208 deletions(-) delete mode 100644 ed25519/amd64-51-30k/batch.c delete mode 100644 ed25519/amd64-64-24k/batch.c diff --git a/GNUmakefile.in b/GNUmakefile.in index 0a90819..67c9028 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -135,15 +135,6 @@ base32_to.c.o: types.h base32.h base64_from.c.o: types.h base64.h base64_to.c.o: types.h base64.h cpucount.c.o: cpucount.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/hram.h ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h @@ -222,15 +213,6 @@ ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/hram.h ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h diff --git a/configure.ac b/configure.ac index f4804fa..9c2ddac 100644 --- a/configure.ac +++ b/configure.ac @@ -192,6 +192,14 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], [AC_MSG_RESULT([no])] ) +CFLAGS="$cstd -Wextra" +AC_MSG_CHECKING([whether CC supports -Wextra]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wextra"], + [AC_MSG_RESULT([no])] +) + # (negative) detection on clang fails without -Werror CFLAGS="$cstd -Wno-maybe-uninitialized -Werror" AC_MSG_CHECKING([whether CC supports -Wno-maybe-uninitialized]) diff --git a/ed25519/amd64-51-30k/batch.c b/ed25519/amd64-51-30k/batch.c deleted file mode 100644 index 955392e..0000000 --- a/ed25519/amd64-51-30k/batch.c +++ /dev/null @@ -1,94 +0,0 @@ -#include "crypto_sign.h" - -#include "crypto_verify_32.h" -#include "crypto_hash_sha512.h" -#include "randombytes.h" - -#include "ge25519.h" -#include "hram.h" - -#define MAXBATCH 64 - -int crypto_sign_open_batch( - unsigned char* const m[],unsigned long long mlen[], - unsigned char* const sm[],const unsigned long long smlen[], - unsigned char* const pk[], - unsigned long long num - ) -{ - int ret = 0; - unsigned long long i, j; - shortsc25519 r[MAXBATCH]; - sc25519 scalars[2*MAXBATCH+1]; - ge25519 points[2*MAXBATCH+1]; - unsigned char hram[crypto_hash_sha512_BYTES]; - unsigned long long batchsize; - - for (i = 0;i < num;++i) mlen[i] = -1; - - while (num >= 3) { - batchsize = num; - if (batchsize > MAXBATCH) batchsize = MAXBATCH; - - for (i = 0;i < batchsize;++i) - if (smlen[i] < 64) goto fallback; - - randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize); - - /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */ - for(i=0;i= 3) { - batchsize = num; - if (batchsize > MAXBATCH) batchsize = MAXBATCH; - - for (i = 0;i < batchsize;++i) - if (smlen[i] < 64) goto fallback; - - randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize); - - /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */ - for(i=0;i Date: Fri, 17 Jan 2020 14:15:56 +0000 Subject: [PATCH 016/107] rawyaml mode --- common.h | 3 +++ main.c | 25 +++++++++++++----- worker.c | 10 +++++--- worker.h | 1 + yaml.c | 77 ++++++++++++++++++++++++++++++++++++++++---------------- yaml.h | 6 +++-- 6 files changed, 89 insertions(+), 33 deletions(-) diff --git a/common.h b/common.h index 918e453..8910715 100644 --- a/common.h +++ b/common.h @@ -7,6 +7,9 @@ #define PKPREFIX_SIZE (29 + 3) #define SKPREFIX_SIZE (29 + 3) +extern const char * const pkprefix; +extern const char * const skprefix; + #define FORMATTED_PUBLIC_LEN (PKPREFIX_SIZE + PUBLIC_LEN) #define FORMATTED_SECRET_LEN (SKPREFIX_SIZE + SECRET_LEN) diff --git a/main.c b/main.c index fc38b2c..4672984 100644 --- a/main.c +++ b/main.c @@ -106,6 +106,7 @@ static void printhelp(FILE *out,const char *progname) "\t-T - do not reset statistics counters when printing\n" "\t-y - output generated keys in YAML format instead of dumping them to filesystem\n" "\t-Y [filename [host.onion]] - parse YAML encoded input and extract key(s) to filesystem\n" + "\t--rawyaml - raw (unprefixed) public/secret keys for -y/-Y (may be useful for tor controller API)\n" #ifdef PASSPHRASE "\t-p passphrase - use passphrase to initialize the random seed with\n" "\t-P - same as -p, but takes passphrase from PASSPHRASE environment variable\n" @@ -180,7 +181,7 @@ int main(int argc,char **argv) { const char *outfile = 0; const char *infile = 0; - const char *hostname = 0; + const char *onehostname = 0; const char *arg; int ignoreargs = 0; int dirnameflag = 0; @@ -237,6 +238,8 @@ int main(int argc,char **argv) printhelp(stdout,progname); exit(0); } + else if (!strcmp(arg,"rawyaml")) + yamlraw = 1; else { fprintf(stderr,"unrecognised argument: --%s\n",arg); exit(1); @@ -352,10 +355,10 @@ int main(int argc,char **argv) infile = 0; if (argc) { --argc; - hostname = *argv++; - if (!*hostname) - hostname = 0; - if (hostname && strlen(hostname) != ONION_LEN) { + onehostname = *argv++; + if (!*onehostname) + onehostname = 0; + if (onehostname && strlen(onehostname) != ONION_LEN) { fprintf(stderr,"bad onion argument length\n"); exit(1); } @@ -392,6 +395,16 @@ int main(int argc,char **argv) filters_add(arg); } + if (yamlinput && yamloutput) { + fprintf(stderr,"both -y and -Y does not make sense\n"); + exit(1); + } + + if (yamlraw && !yamlinput && !yamloutput) { + fprintf(stderr,"--rawyaml requires either -y or -Y to do anything\n"); + exit(1); + } + if (outfile) { fout = fopen(outfile,!outfileoverwrite ? "a" : "w"); if (!fout) { @@ -429,7 +442,7 @@ int main(int argc,char **argv) return 1; } } - tret = yamlin_parseandcreate(fin,sname,hostname); + tret = yamlin_parseandcreate(fin,sname,onehostname,yamlraw); if (infile) { fclose(fin); fin = 0; diff --git a/worker.c b/worker.c index ea8acd1..4962c8b 100644 --- a/worker.c +++ b/worker.c @@ -33,8 +33,8 @@ #endif // additional 0 terminator is added by C -static const char * const pkprefix = "== ed25519v1-public: type0 ==\0\0"; -static const char * const skprefix = "== ed25519v1-secret: type0 ==\0\0"; +const char * const pkprefix = "== ed25519v1-public: type0 ==\0\0"; +const char * const skprefix = "== ed25519v1-secret: type0 ==\0\0"; static const char checksumstr[] = ".onion checksum"; #define checksumstrlen (sizeof(checksumstr) - 1) // 15 @@ -44,6 +44,7 @@ volatile size_t keysgenerated = 0; volatile int endwork = 0; int yamloutput = 0; +int yamlraw = 0; int numwords = 1; size_t numneedgenerate = 0; @@ -127,8 +128,9 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) fflush(fout); pthread_mutex_unlock(&fout_mutex); } - } else - yamlout_writekeys(&sname[direndpos],pubonion,secret); + } + else + yamlout_writekeys(&sname[direndpos],pubonion,secret,yamlraw); } #include "filters_worker.inc.h" diff --git a/worker.h b/worker.h index a06edd4..209d7e5 100644 --- a/worker.h +++ b/worker.h @@ -4,6 +4,7 @@ extern volatile size_t keysgenerated; extern volatile int endwork; extern int yamloutput; +extern int yamlraw; extern int numwords; extern size_t numneedgenerate; diff --git a/yaml.c b/yaml.c index ebe03ab..c8778a6 100644 --- a/yaml.c +++ b/yaml.c @@ -21,7 +21,6 @@ #define LINEFEED_LEN (sizeof(char)) #define NULLTERM_LEN (sizeof(char)) -#define PATH_SEPARATOR_LEN (sizeof(char)) static const char keys_field_generated[] = "---"; static const char keys_field_hostname[] = "hostname: "; @@ -37,15 +36,20 @@ static const char keys_field_time[] = "time: "; #define B64_PUBKEY_LEN (BASE64_TO_LEN(FORMATTED_PUBLIC_LEN)) #define B64_SECKEY_LEN (BASE64_TO_LEN(FORMATTED_SECRET_LEN)) -#define TIME_LEN (21 * sizeof(char)) // strlen("2018-07-04 21:31:20 Z") +#define B64_RAW_PUBKEY_LEN (BASE64_TO_LEN(PUBLIC_LEN)) +#define B64_RAW_SECKEY_LEN (BASE64_TO_LEN(SECRET_LEN)) +#define TIME_LEN 21 // strlen("2018-07-04 21:31:20 Z") #define KEYS_LEN ( \ - KEYS_FIELD_GENERATED_LEN + LINEFEED_LEN + \ - KEYS_FIELD_HOSTNAME_LEN + ONION_LEN + LINEFEED_LEN + \ + KEYS_FIELD_GENERATED_LEN + LINEFEED_LEN + \ + KEYS_FIELD_HOSTNAME_LEN + ONION_LEN + LINEFEED_LEN + \ KEYS_FIELD_PUBLICKEY_LEN + B64_PUBKEY_LEN + LINEFEED_LEN + \ KEYS_FIELD_SECRETKEY_LEN + B64_SECKEY_LEN + LINEFEED_LEN + \ - KEYS_FIELD_TIME_LEN + TIME_LEN + LINEFEED_LEN \ + KEYS_FIELD_TIME_LEN + TIME_LEN + LINEFEED_LEN \ ) +#define RAW_KEYS_LEN (KEYS_LEN \ + - B64_PUBKEY_LEN + B64_RAW_PUBKEY_LEN \ + - B64_SECKEY_LEN + B64_RAW_SECKEY_LEN) static pthread_mutex_t tminfo_mutex; @@ -67,7 +71,8 @@ do { \ #define BUF_APPEND_CSTR(buf,offset,src) BUF_APPEND(buf,offset,src,strlen(src)) #define BUF_APPEND_CHAR(buf,offset,c) buf[offset++] = (c) -void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 *formated_secret) +void yamlout_writekeys( + const char *hostname,const u8 *publickey,const u8 *secretkey,int rawkeys) { char keysbuf[KEYS_LEN]; char pubkeybuf[B64_PUBKEY_LEN + NULLTERM_LEN]; @@ -75,23 +80,38 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * char timebuf[TIME_LEN + NULLTERM_LEN]; size_t offset = 0; + BUF_APPEND(keysbuf,offset,keys_field_generated,KEYS_FIELD_GENERATED_LEN); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_hostname,KEYS_FIELD_HOSTNAME_LEN); BUF_APPEND(keysbuf,offset,hostname,ONION_LEN); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_publickey,KEYS_FIELD_PUBLICKEY_LEN); - base64_to(pubkeybuf,formated_public,FORMATTED_PUBLIC_LEN); - BUF_APPEND(keysbuf,offset,pubkeybuf,B64_PUBKEY_LEN); + + if (!rawkeys) + base64_to(pubkeybuf,publickey,FORMATTED_PUBLIC_LEN); + else + base64_to(pubkeybuf,&publickey[PKPREFIX_SIZE],PUBLIC_LEN); + + BUF_APPEND_CSTR(keysbuf,offset,pubkeybuf); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_secretkey,KEYS_FIELD_SECRETKEY_LEN); - base64_to(seckeybuf,formated_secret,FORMATTED_SECRET_LEN); - BUF_APPEND(keysbuf,offset,seckeybuf,B64_SECKEY_LEN); + + if (!rawkeys) + base64_to(seckeybuf,secretkey,FORMATTED_SECRET_LEN); + else + base64_to(seckeybuf,&secretkey[SKPREFIX_SIZE],SECRET_LEN); + + BUF_APPEND_CSTR(keysbuf,offset,seckeybuf); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_time,KEYS_FIELD_TIME_LEN); time_t currtime; @@ -106,10 +126,12 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * BUF_APPEND(keysbuf,offset,timebuf,TIME_LEN); BUF_APPEND_CHAR(keysbuf,offset,'\n'); - assert(offset == KEYS_LEN); + + assert(offset == (!rawkeys ? KEYS_LEN : RAW_KEYS_LEN)); + pthread_mutex_lock(&fout_mutex); - fwrite(keysbuf,sizeof(keysbuf),1,fout); + fwrite(keysbuf,offset,1,fout); fflush(fout); pthread_mutex_unlock(&fout_mutex); } @@ -119,7 +141,8 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * #undef BUF_APPEND // pseudo YAML parser -int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) +int yamlin_parseandcreate( + FILE *fin,char *sname,const char *onehostname,int rawkeys) { char line[256]; size_t len,cnt; @@ -128,6 +151,11 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) int hashost = 0,haspub = 0,hassec = 0,skipthis = 0; enum keytype { HOST, PUB, SEC } keyt; + if (rawkeys) { + memcpy(pubbuf,pkprefix,PKPREFIX_SIZE); + memcpy(secbuf,skprefix,SKPREFIX_SIZE); + } + while (!feof(fin) && !ferror(fin)) { if (!fgets(line,sizeof(line),fin)) break; @@ -143,7 +171,7 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) continue; if (len >= 3 && line[0] == '-' && line[1] == '-' && line[2] == '-') { - // end of document indicator + // end of document / start of new document indicator if (!skipthis && (hashost || haspub || hassec)) { fprintf(stderr,"ERROR: incomplete record\n"); return 1; @@ -206,15 +234,18 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) fprintf(stderr,"ERROR: invalid hostname syntax\n"); return 1; } - if (!hostname || !strcmp(hostname,p)) { + if (!onehostname || !strcmp(onehostname,p)) { memcpy(&sname[direndpos],p,len + 1); hashost = 1; } else skipthis = 1; break; case PUB: - if (len != B64_PUBKEY_LEN || !base64_valid(p,0) || - base64_from(pubbuf,p,len) != FORMATTED_PUBLIC_LEN) + if (!rawkeys + ? (len != B64_PUBKEY_LEN || !base64_valid(p,0) || + base64_from(pubbuf,p,len) != FORMATTED_PUBLIC_LEN) + : (len != B64_RAW_PUBKEY_LEN || !base64_valid(p,0) || + base64_from(&pubbuf[PKPREFIX_SIZE],p,len) != PUBLIC_LEN)) { fprintf(stderr,"ERROR: invalid pubkey syntax\n"); return 1; @@ -222,8 +253,11 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) haspub = 1; break; case SEC: - if (len != B64_SECKEY_LEN || !base64_valid(p,0) || - base64_from(secbuf,p,len) != FORMATTED_SECRET_LEN) + if (!rawkeys + ? (len != B64_SECKEY_LEN || !base64_valid(p,0) || + base64_from(secbuf,p,len) != FORMATTED_SECRET_LEN) + : (len != B64_RAW_SECKEY_LEN || !base64_valid(p,0) || + base64_from(&secbuf[SKPREFIX_SIZE],p,len) != SECRET_LEN)) { fprintf(stderr,"ERROR: invalid seckey syntax\n"); return 1; @@ -264,8 +298,9 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) #ifndef _WIN32 sigprocmask(SIG_SETMASK,&oset,0); #endif - if (hostname) + if (onehostname) return 0; // finished + // skip rest of lines until we hit start of new doc indicator skipthis = 1; } } @@ -275,7 +310,7 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) return 1; } - if (hostname) { + if (onehostname) { fprintf(stderr,"hostname wasn't found in input\n"); return 1; } diff --git a/yaml.h b/yaml.h index ca356c5..85faf95 100644 --- a/yaml.h +++ b/yaml.h @@ -1,4 +1,6 @@ extern void yamlout_init(void); extern void yamlout_clean(void); -extern void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 *formated_secret); -extern int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname); +extern void yamlout_writekeys( + const char *hostname,const u8 *publickey,const u8 *secretkey,int rawkeys); +extern int yamlin_parseandcreate( + FILE *fin,char *sname,const char *hostname,int rawkeys); From 897dcbd3507d3b89f856fb7fe1702e47cf0b3d5b Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 17 Jan 2020 19:22:47 +0000 Subject: [PATCH 017/107] adjust gitignore --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index b6e311f..bd3474c 100644 --- a/.gitignore +++ b/.gitignore @@ -7,8 +7,8 @@ mkp224o # garbage configure -Makefile -Makefile.in.bak +GNUMakefile +GNUMakefile.in.bak config.status config.log *.cache From e933a9b806adddac26ac6c167a8c54e9a668efa9 Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 22 May 2020 17:55:37 +0000 Subject: [PATCH 018/107] correctly handle filter file loading error, small tweak --- filters_main.inc.h | 5 ++++- ioutil.c | 1 + main.c | 10 ++++++++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/filters_main.inc.h b/filters_main.inc.h index c4a6399..5196328 100644 --- a/filters_main.inc.h +++ b/filters_main.inc.h @@ -496,10 +496,12 @@ static void filters_prepare(void) #endif } -static void loadfilterfile(const char *fname) +static bool loadfilterfile(const char *fname) { char buf[128]; FILE *f = fopen(fname,"r"); + if (!f) + return false; while (fgets(buf,sizeof(buf),f)) { for (char *p = buf;*p;++p) { if (*p == '\n') { @@ -510,4 +512,5 @@ static void loadfilterfile(const char *fname) if (*buf && *buf != '#' && memcmp(buf,"//",2) != 0) filters_add(buf); } + return true; } diff --git a/ioutil.c b/ioutil.c index f3b4c1f..4e6aa55 100644 --- a/ioutil.c +++ b/ioutil.c @@ -95,6 +95,7 @@ int closefile(FH fd) int createdir(const char *path,int secret) { // XXX don't know how to handle secret argument + (void) secret; return CreateDirectoryA(path,0) ? 0 : -1; } diff --git a/main.c b/main.c index 4672984..387eea8 100644 --- a/main.c +++ b/main.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include #include @@ -256,8 +257,13 @@ int main(int argc,char **argv) exit(0); } else if (*arg == 'f') { - if (argc--) - loadfilterfile(*argv++); + if (argc--) { + const char *filename = *argv++; + if (!loadfilterfile(filename)) { + fprintf(stderr,"failed to load filter file %s\n",filename); + exit(1); + } + } else e_additional(); } From a3e141e79b209f22926f65bc9831da193b5984f8 Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 22 May 2020 22:30:14 +0000 Subject: [PATCH 019/107] close filter files, more error handling --- filters_main.inc.h | 10 +++++++++- main.c | 6 ++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/filters_main.inc.h b/filters_main.inc.h index 5196328..f1bd7ed 100644 --- a/filters_main.inc.h +++ b/filters_main.inc.h @@ -500,8 +500,10 @@ static bool loadfilterfile(const char *fname) { char buf[128]; FILE *f = fopen(fname,"r"); - if (!f) + if (!f) { + fprintf(stderr,"failed to load filter file \"%s\": %s\n",fname,strerror(errno)); return false; + } while (fgets(buf,sizeof(buf),f)) { for (char *p = buf;*p;++p) { if (*p == '\n') { @@ -512,5 +514,11 @@ static bool loadfilterfile(const char *fname) if (*buf && *buf != '#' && memcmp(buf,"//",2) != 0) filters_add(buf); } + int fe = ferror(f); + fclose(f); + if (fe != 0) { + fprintf(stderr,"failure while reading filter file \"%s\": %s\n",fname,strerror(fe)); + return false; + } return true; } diff --git a/main.c b/main.c index 387eea8..54169fb 100644 --- a/main.c +++ b/main.c @@ -2,6 +2,7 @@ #include #include +#include #include #include #include @@ -258,11 +259,8 @@ int main(int argc,char **argv) } else if (*arg == 'f') { if (argc--) { - const char *filename = *argv++; - if (!loadfilterfile(filename)) { - fprintf(stderr,"failed to load filter file %s\n",filename); + if (!loadfilterfile(*argv++)) exit(1); - } } else e_additional(); From d5b90d43a9d0783c4b4c1ff2c3f0c7b359fd663f Mon Sep 17 00:00:00 2001 From: cathugger Date: Sat, 23 May 2020 16:41:51 +0000 Subject: [PATCH 020/107] some tweaks --- GNUmakefile.in | 8 +++++++- calcest.c | 9 +++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/GNUmakefile.in b/GNUmakefile.in index 67c9028..d7cff38 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -82,12 +82,18 @@ TEST_EXE= $(patsubst %,%@EXEEXT@,$(TEST_TGT)) ALL_EXE= $(MAIN_EXE) $(UTIL_EXE) $(TEST_EXE) -.PHONY: default all clean distclean depend +.PHONY: default all main util test clean distclean depend default: $(MAIN_EXE) all: $(ALL_EXE) +main: $(MAIN_EXE) + +util: $(UTIL_EXE) + +test: $(TEST_EXE) + mkp224o@EXEEXT@: $(MAIN_OBJ) $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAIN_LIB) && $(MV) $@.tmp $@ diff --git a/calcest.c b/calcest.c index 23e88de..28d9c98 100644 --- a/calcest.c +++ b/calcest.c @@ -1,4 +1,5 @@ #include +#include #include /* @@ -19,20 +20,20 @@ const int charcounts[] = { 2, 3, 4, 5, 6, 7 }; int main(void) { printf(" |"); - for (int i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { + for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { printf(" %11d%% |",(int)((probs[i]*100)+0.5)); } printf("\n"); printf("---+"); - for (int i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { + for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { printf("--------------+"); } printf("\n"); - for (int i = 0; i < sizeof(charcounts)/sizeof(charcounts[0]); ++i) { + for (size_t i = 0; i < sizeof(charcounts)/sizeof(charcounts[0]); ++i) { printf("%2d |",charcounts[i]); - for (int j = 0; j < sizeof(probs)/sizeof(probs[0]); ++j) { + for (size_t j = 0; j < sizeof(probs)/sizeof(probs[0]); ++j) { double t = log2(1 - probs[j]) / log2(1 - (1 / pow(32,charcounts[i]))); printf(" %12.0f |",t); } From e854cae46e7782982f3d9b6ad990fb0ce0c27a1f Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 16 Jul 2020 20:33:20 +0000 Subject: [PATCH 021/107] add faq to readme --- README.txt | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/README.txt b/README.txt index cd3eef2..02caa4f 100644 --- a/README.txt +++ b/README.txt @@ -3,7 +3,9 @@ mkp224o - vanity address generator for ed25519 onion services This tool generates vanity ed25519 (hidden service version 3, formely known as proposal 224) onion addresses. For context, see . + REQUIREMENTS: + C99 compatible compiler (gcc and clang should work), libsodium (including headers), GNU make, GNU autoconf (to generate configure script, needed only if not using release tarball), @@ -11,7 +13,9 @@ UNIX-like platform (currently tested in Linux and OpenBSD, but should also build For debian-like linux distros, this should be enough to prepare for building: `apt install gcc libsodium-dev make autoconf`. + BUILDING: + `./autogen.sh` to generate configure script, if it's not there already. `./configure` to generate makefile; in *BSD platforms you probably want to use `./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`. @@ -20,7 +24,9 @@ or "--enable-donna" to configure script for faster key generation; run `./configure --help` to see all available options. Finally, `make` to start building (`gmake` in *BSD platforms). + USAGE: + Generator needs one or more filters to work. It makes directory with secret/public keys and hostname for each discovered service. By default root is current @@ -30,11 +36,47 @@ when benchmarking different ed25519 implementations on your machine. Use -h switch to obtain all available options. I highly recommend reading OPTIMISATION.txt for performance-related tips. +FAQ AND OTHER USEFUL INFO: + + * How do I generate address? + - Once compiled, run it like `./mkp224o neko`, and it will try creating keys + for onions starting with "neko" in this example; use `./mkp224o -d nekokeys neko` to + not litter current directory and put all discovered keys in directory named "nekokeys". + + * How do I make tor use generated keys? + - Copy key folder (though technically only hs_ed25519_secret_key is required) + to where you want your service keys to reside: + `sudo cp -r neko54as6d54....onion /var/lib/tor/nekosvc`. + You may need to adjust owner and permissions: + `sudo chown -R tor: /var/lib/tor/nekosvc`, + `sudo chmod -R u+rwX,og-rwx /var/lib/tor/nekosvc`. + Then edit torrc and add new service with that folder. + After reload/restart tor should pick it up. + + * Generate addresses with 1-2 and 7-9 digits? + - onion addresses use base32 encoding which does not include 1,2,7,8,9 numbers. + so no, that's not possible to generate these, and mkp224o tries to detect invalid filters containing them early on. + + * How long is it going to take? + - Because of probablistic nature of brute force key generation, and varience of hardware it's going to run on, + it's hard to make promisses about how long it's going to take, especially when the most of users want just a few keys. + See for very valuable discussion about this. + If your machine is powerful enough, 6 character prefix shouldn't take more than few tens of minutes, + if using batch mode (read OPTIMISATION.txt). 7 characters can take hours to days. + No promisses though, it depends on pure luck. + + * Will this work with onionbalance? + - It appears that onionbalance supports loading usual hs_ed25519_secret_key key so it should work. + + CONTACT: + For bug reports/questions/whatever else, email cathugger at cock dot li. PGP key, if needed, can be found at . + ACKNOWLEDGEMENTS & LEGAL: + To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see . From e0bc8f1d4e020a1ca2b77bbeaeb8c50c98335ef4 Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 16 Jul 2020 20:34:43 +0000 Subject: [PATCH 022/107] fmt --- README.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/README.txt b/README.txt index 02caa4f..196dbdc 100644 --- a/README.txt +++ b/README.txt @@ -36,6 +36,7 @@ when benchmarking different ed25519 implementations on your machine. Use -h switch to obtain all available options. I highly recommend reading OPTIMISATION.txt for performance-related tips. + FAQ AND OTHER USEFUL INFO: * How do I generate address? From 158964b25107852406bd8dda6a2b8e3a6befc5d7 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sat, 18 Jul 2020 16:18:24 +0300 Subject: [PATCH 023/107] adjust OPTIMISATION.txt for current stuff --- OPTIMISATION.txt | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/OPTIMISATION.txt b/OPTIMISATION.txt index c10e77d..e76e63b 100644 --- a/OPTIMISATION.txt +++ b/OPTIMISATION.txt @@ -1,26 +1,25 @@ This document describes configuration options which may help one to generate onions faster. -First of all, default configuration options are tuned for portability, not performance. +First of all, default configuration options are tuned for portability, and may be a bit suboptimal. User is expected to pick optimal settings depending on hardware mkp224o will run on and ammount of filters. ED25519 implementations: mkp224o includes multiple implementations of ed25519 code, tuned for different processors. -Default is ref10 implementation from SUPERCOP, which is suboptimal in many cases. Implementation is selected at configuration time, when running `./configure` script. If one already configured/compiled code and wants to change options, just re-run `./configure` and also run `make clean` to clear compiled files, if any. +Note that options and CFLAGS/LDFLAGS settings won't carry over from previous configure run, +so you have to include options you've previously configured, if you want them to remain. At the time of writing, these implementations are present: -+----------------+-----------------------+-------------------------------------------------+ -| implementation | enable flag | notes | -|----------------+-----------------------+-------------------------------------------------+ -| ref10 | --enable-ref10 | SUPERCOP' ref10, pure C, very portable, default | -| amd64-51-30k | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, amd64 assembler, | -| | | only works in x86_64 architecture | -| amd64-64-24k | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, amd64 assembler, | -| | | only works in x86_64 architecture | -| ed25519-donna | --enable-donna | portable, based on amd64-51-30k, but C, not asm | -| ed25519-donna | --enable-donna-sse2 | uses SSE2, needs x86 architecture | -+----------------+-----------------------+-------------------------------------------------+ ++----------------+-----------------------+----------------------------------------------------------+ +| implementation | enable flag | notes | +|----------------+-----------------------+----------------------------------------------------------+ +| ref10 | --enable-ref10 | SUPERCOP' ref10, pure C, very portable, previous default | +| amd64-51-30k | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, only works on x86_64 | +| amd64-64-24k | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, only works on x86_64 | +| ed25519-donna | --enable-donna | based on amd64-51-30k, C, portable, current default | +| ed25519-donna | --enable-donna-sse2 | uses SSE2, needs x86 architecture | ++----------------+-----------------------+----------------------------------------------------------+ When to use what: - on 32-bit x86 architecture "--enable-donna" will probably be fastest, but one should try using "--enable-donna-sse2" too @@ -91,6 +90,14 @@ Current options, at the time of writing: and have some random filters which may have different length. +Batch mode: +mkp224o now includes experimental key generation mode which performs certain operations in batches, +and is around 15 times faster than current default. +It is currently experimental, and is activated by -B run-time flag. +Batched element count is configured by --enable-batchnum=number option at configure time, +increasing or decreasing it may make batch mode faster or slower, depending on hardware. + + Benchmarking: It's always good idea to see if your settings give you desired effect. There currently isn't any automated way to benchmark different configuration options, but it's pretty simple to do by hand. From 95a7e0580a7af0ce468b75c03c11888f1b7f13b5 Mon Sep 17 00:00:00 2001 From: Stef Date: Thu, 6 Aug 2020 00:28:57 -0500 Subject: [PATCH 025/107] added docker support --- contrib/docker/.dockerignore | 4 ++++ contrib/docker/Dockerfile | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 contrib/docker/.dockerignore create mode 100644 contrib/docker/Dockerfile diff --git a/contrib/docker/.dockerignore b/contrib/docker/.dockerignore new file mode 100644 index 0000000..6b3d6ee --- /dev/null +++ b/contrib/docker/.dockerignore @@ -0,0 +1,4 @@ +Dockerfile +.dockerignore +README.txt +.git diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile new file mode 100644 index 0000000..e4a3427 --- /dev/null +++ b/contrib/docker/Dockerfile @@ -0,0 +1,16 @@ +FROM alpine:3.12.0 + +#Installing all the dependencies +RUN apk add --no-cache gcc libsodium-dev make autoconf build-base + +WORKDIR /mkp224o + +COPY . /mkp224o/ + +RUN ./autogen.sh \ + && ./configure \ + && make \ + && cp /mkp224o/mkp224o /usr/local/bin/ + +WORKDIR /root +ENTRYPOINT ["mkp224o"] From d392ec642c68cf9d63cc7c7038b081dc79c27e0f Mon Sep 17 00:00:00 2001 From: Stefin Date: Sun, 9 Aug 2020 09:25:37 -0500 Subject: [PATCH 026/107] Update contrib/docker/Dockerfile Co-authored-by: Sandro --- contrib/docker/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile index e4a3427..0b3222d 100644 --- a/contrib/docker/Dockerfile +++ b/contrib/docker/Dockerfile @@ -13,4 +13,5 @@ RUN ./autogen.sh \ && cp /mkp224o/mkp224o /usr/local/bin/ WORKDIR /root -ENTRYPOINT ["mkp224o"] +VOLUME /root/data +ENTRYPOINT ["mkp224o", "-d", "/root/data"] From 5c996018652d0341b9a81ed1fa363f1adcae1410 Mon Sep 17 00:00:00 2001 From: Stefin Date: Tue, 18 Aug 2020 14:40:12 -0500 Subject: [PATCH 027/107] Update Dockerfile --- contrib/docker/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile index 0b3222d..60ab50b 100644 --- a/contrib/docker/Dockerfile +++ b/contrib/docker/Dockerfile @@ -12,6 +12,8 @@ RUN ./autogen.sh \ && make \ && cp /mkp224o/mkp224o /usr/local/bin/ -WORKDIR /root VOLUME /root/data -ENTRYPOINT ["mkp224o", "-d", "/root/data"] + +WORKDIR /root/data + +ENTRYPOINT ["mkp224o"] From 1b6cb117b4edd6e0aac8841761d18c9b6dae131d Mon Sep 17 00:00:00 2001 From: Stefin Date: Tue, 18 Aug 2020 14:41:11 -0500 Subject: [PATCH 028/107] Update .dockerignore --- contrib/docker/.dockerignore | 3 --- 1 file changed, 3 deletions(-) diff --git a/contrib/docker/.dockerignore b/contrib/docker/.dockerignore index 6b3d6ee..6b8710a 100644 --- a/contrib/docker/.dockerignore +++ b/contrib/docker/.dockerignore @@ -1,4 +1 @@ -Dockerfile -.dockerignore -README.txt .git From bb9e793540b541671a44dfc78242bfb9fd31ad08 Mon Sep 17 00:00:00 2001 From: Yannic Haupenthal Date: Wed, 19 Aug 2020 18:37:46 +0200 Subject: [PATCH 029/107] rename file --- README.txt => README.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename README.txt => README.md (100%) diff --git a/README.txt b/README.md similarity index 100% rename from README.txt rename to README.md From 1de7b078afd16c28fd09bea3de6f64aaf95072ed Mon Sep 17 00:00:00 2001 From: Yannic Haupenthal Date: Fri, 28 Aug 2020 18:59:29 +0200 Subject: [PATCH 030/107] use markdown instead of text --- README.md | 153 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 97 insertions(+), 56 deletions(-) diff --git a/README.md b/README.md index 196dbdc..2bb7152 100644 --- a/README.md +++ b/README.md @@ -1,89 +1,130 @@ -mkp224o - vanity address generator for ed25519 onion services +# mkp224o - vanity address generator for ed25519 onion services -This tool generates vanity ed25519 (hidden service version 3, formely known as proposal 224) onion addresses. -For context, see . +This tool generates vanity ed25519 ([hidden service version 3][v3], +formely known as proposal 224) onion addresses. +## Requirements -REQUIREMENTS: +* C99 compatible compiler (gcc and clang should work) +* libsodium (including headers) +* GNU make +* GNU autoconf (to generate configure script, needed only if not using release tarball) +* UNIX-like platform (currently tested in Linux and OpenBSD, but should + also build under cygwin and msys2). -C99 compatible compiler (gcc and clang should work), -libsodium (including headers), GNU make, -GNU autoconf (to generate configure script, needed only if not using release tarball), -UNIX-like platform (currently tested in Linux and OpenBSD, but should also build under cygwin and msys2). For debian-like linux distros, this should be enough to prepare for building: -`apt install gcc libsodium-dev make autoconf`. +```bash +apt install gcc libsodium-dev make autoconf +``` -BUILDING: +## Building `./autogen.sh` to generate configure script, if it's not there already. -`./configure` to generate makefile; in *BSD platforms you probably want to use + +`./configure` to generate makefile; in \*BSD platforms you probably want to use `./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`. -You probably also want to pass something like "--enable-amd64-51-30k" -or "--enable-donna" to configure script for faster key generation; + +You probably also want to pass something like `--enable-amd64-51-30k` +or `--enable-donna` to configure script for faster key generation; run `./configure --help` to see all available options. -Finally, `make` to start building (`gmake` in *BSD platforms). +Finally, `make` to start building (`gmake` in \*BSD platforms). -USAGE: +## Usage Generator needs one or more filters to work. + It makes directory with secret/public keys and hostname for each discovered service. By default root is current -directory, but that can be overridden with -d switch. -Use -s switch to enable printing of statistics, which may be useful +directory, but that can be overridden with `-d` switch. + +Use `-s` switch to enable printing of statistics, which may be useful when benchmarking different ed25519 implementations on your machine. -Use -h switch to obtain all available options. -I highly recommend reading OPTIMISATION.txt for performance-related tips. +Use `-h` switch to obtain all available options. -FAQ AND OTHER USEFUL INFO: +I highly recommend reading [OPTIMISATION.txt][OPTIMISATION] for +performance-related tips. - * How do I generate address? - - Once compiled, run it like `./mkp224o neko`, and it will try creating keys - for onions starting with "neko" in this example; use `./mkp224o -d nekokeys neko` to - not litter current directory and put all discovered keys in directory named "nekokeys". +## FAQ and other useful info - * How do I make tor use generated keys? - - Copy key folder (though technically only hs_ed25519_secret_key is required) - to where you want your service keys to reside: - `sudo cp -r neko54as6d54....onion /var/lib/tor/nekosvc`. - You may need to adjust owner and permissions: - `sudo chown -R tor: /var/lib/tor/nekosvc`, - `sudo chmod -R u+rwX,og-rwx /var/lib/tor/nekosvc`. - Then edit torrc and add new service with that folder. - After reload/restart tor should pick it up. +* How do I generate address? + Once compiled, run it like `./mkp224o neko`, and it will try creating + keys for onions starting with "neko" in this example; use `./mkp224o + -d nekokeys neko` to not litter current directory and put all + discovered keys in directory named "nekokeys". - * Generate addresses with 1-2 and 7-9 digits? - - onion addresses use base32 encoding which does not include 1,2,7,8,9 numbers. - so no, that's not possible to generate these, and mkp224o tries to detect invalid filters containing them early on. +* How do I make tor use generated keys? + Copy key folder (though technically only `hs_ed25519_secret_key` is required) + to where you want your service keys to reside: - * How long is it going to take? - - Because of probablistic nature of brute force key generation, and varience of hardware it's going to run on, - it's hard to make promisses about how long it's going to take, especially when the most of users want just a few keys. - See for very valuable discussion about this. - If your machine is powerful enough, 6 character prefix shouldn't take more than few tens of minutes, - if using batch mode (read OPTIMISATION.txt). 7 characters can take hours to days. - No promisses though, it depends on pure luck. + ```bash + sudo cp -r neko54as6d54....onion /var/lib/tor/nekosvc + ``` - * Will this work with onionbalance? - - It appears that onionbalance supports loading usual hs_ed25519_secret_key key so it should work. + You may need to adjust owner and permissions: + ```bash + sudo chown -R tor: /var/lib/tor/nekosvc + sudo chmod -R u+rwX,og-rwx /var/lib/tor/nekosvc + ``` -CONTACT: + Then edit `torrc` and add new service with that folder. + After reload/restart tor should pick it up. -For bug reports/questions/whatever else, email cathugger at cock dot li. +* Generate addresses with 1-2 and 7-9 digits? + onion addresses use base32 encoding which does not include 1,2,7,8,9 + numbers. + so no, that's not possible to generate these, and mkp224o tries to + detect invalid filters containing them early on. + +* How long is it going to take? + Because of probablistic nature of brute force key generation, and + varience of hardware it's going to run on, it's hard to make promisses + about how long it's going to take, especially when the most of users + want just a few keys. + See [this issue][#27] for very valuable discussion about this. + If your machine is powerful enough, 6 character prefix shouldn't take + more than few tens of minutes, if using batch mode (read + [OPTIMISATION.txt][OPTIMISATION]) 7 characters can take hours + to days. + No promisses though, it depends on pure luck. + +* Will this work with onionbalance? + It appears that onionbalance supports loading usual + `hs_ed25519_secret_key` key so it should work. + +## Contact + +For bug reports/questions/whatever else, email cathugger at cock dot li. PGP key, if needed, can be found at . +## Acknowledgements & Legal -ACKNOWLEDGEMENTS & LEGAL: +To the extent possible under law, the author(s) have dedicated all +copyright and related and neighboring rights to this software to the +public domain worldwide. This software is distributed without any +warranty. +You should have received a copy of the CC0 Public Domain Dedication +along with this software. If not, see [CC0][]. -To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. -You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see . +* `keccak.c` is based on [Keccak-more-compact.c][keccak.c] +* `ed25519/{ref10,amd64-51-30k,amd64-64-24k}` are adopted from + [SUPERCOP][] +* `ed25519/ed25519-donna` adopted from [ed25519-donna][] +* Idea used in `worker_fast()` is stolen from [horse25519][] +* base64 routines and initial YAML processing work contributed by + Alexander Khristoforov (heios@protonmail.com) +* Passphrase-based generation code and idea used in `worker_batch()` + contributed by [foobar2019][] -keccak.c is based on . -ed25519/{ref10,amd64-51-30k,amd64-64-24k} are adopted from SUPERCOP . -ed25519/ed25519-donna adopted from . -Idea used in worker_fast() is stolen from . -base64 routines and initial YAML processing work contributed by Alexander Khristoforov . -Passphrase-based generation code and idea used in worker_batch() contributed by . +[v3]: https://gitweb.torproject.org/torspec.git/plain/rend-spec-v3.txt +[OPTIMISATION]: ./OPTIMISATION.txt +[#27]: https://github.com/cathugger/mkp224o/issues/27 +[keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c +[CC0]: http://creativecommons.org/publicdomain/zero/1.0/ +[SUPERCOP]: https://bench.cr.yp.to/supercop.html +[ed25519-donna]: https://github.com/floodyberry/ed25519-donna +[horse25519]: https://github.com/Yawning/horse25519 +[foobar2019]: https://github.com/foobar2019 From e28c8183aad7930357f44f5bc489793e97db9eb4 Mon Sep 17 00:00:00 2001 From: Yannic Haupenthal Date: Fri, 28 Aug 2020 21:30:22 +0200 Subject: [PATCH 031/107] use different mail format --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bb7152..9db1f78 100644 --- a/README.md +++ b/README.md @@ -115,7 +115,7 @@ along with this software. If not, see [CC0][]. * `ed25519/ed25519-donna` adopted from [ed25519-donna][] * Idea used in `worker_fast()` is stolen from [horse25519][] * base64 routines and initial YAML processing work contributed by - Alexander Khristoforov (heios@protonmail.com) + Alexander Khristoforov (heios at protonmail dot com) * Passphrase-based generation code and idea used in `worker_batch()` contributed by [foobar2019][] From 9d3dd714119e3399900efd7bc3891ac982c7daeb Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 28 Aug 2020 23:25:24 +0000 Subject: [PATCH 032/107] https for CC0 link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9db1f78..9f67702 100644 --- a/README.md +++ b/README.md @@ -123,7 +123,7 @@ along with this software. If not, see [CC0][]. [OPTIMISATION]: ./OPTIMISATION.txt [#27]: https://github.com/cathugger/mkp224o/issues/27 [keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c -[CC0]: http://creativecommons.org/publicdomain/zero/1.0/ +[CC0]: https://creativecommons.org/publicdomain/zero/1.0/ [SUPERCOP]: https://bench.cr.yp.to/supercop.html [ed25519-donna]: https://github.com/floodyberry/ed25519-donna [horse25519]: https://github.com/Yawning/horse25519 From 3025c59eabd384acc64e785b8afe1b688745b9ae Mon Sep 17 00:00:00 2001 From: Stefin Date: Wed, 2 Sep 2020 05:33:04 -0500 Subject: [PATCH 033/107] Added README.md for contrib/docker --- contrib/docker/README.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 contrib/docker/README.md diff --git a/contrib/docker/README.md b/contrib/docker/README.md new file mode 100644 index 0000000..1154fe9 --- /dev/null +++ b/contrib/docker/README.md @@ -0,0 +1,7 @@ +# Usage + +## Building Image Locally +`docker build -f contrib/docker/Dockerfile -t mkp224o .` + +## Running Image Locally +`docker run -it -v $(pwd):/root/data mkp224o neko` From b94137e72d5d820672fb0b1625c864bd00deb4ce Mon Sep 17 00:00:00 2001 From: Stefin Date: Wed, 2 Sep 2020 05:34:47 -0500 Subject: [PATCH 034/107] Added maintainer for Dockerfile --- contrib/docker/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile index 60ab50b..97aaac3 100644 --- a/contrib/docker/Dockerfile +++ b/contrib/docker/Dockerfile @@ -1,5 +1,7 @@ FROM alpine:3.12.0 +LABEL maintainer="sstefin@bk.ru" + #Installing all the dependencies RUN apk add --no-cache gcc libsodium-dev make autoconf build-base From 30491bd9f85142ee1a16f48f40ad37f72b19cd50 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sat, 21 Nov 2020 11:34:25 +0000 Subject: [PATCH 035/107] various things disable paranoid check which was never triggered as far as I'm aware add editorconfig some whitespace changes in configure.ac which to batch mode by default start working on putting all filtering options in one bin some other tweaks --- .editorconfig | 15 +++++++++++++++ GNUmakefile.in | 6 ++++-- configure.ac | 44 ++++++++++++++++++++++---------------------- filters_common.inc.h | 6 ++++-- filters_inc.inc.h | 1 + main.c | 42 +++++++++++++++++++++++++++++------------- worker.c | 4 ++++ 7 files changed, 79 insertions(+), 39 deletions(-) create mode 100644 .editorconfig create mode 100644 filters_inc.inc.h diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..b17a273 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,15 @@ +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +[*.{c,h}] +indent_style = tab + +[{GNUmakefile.in,configure.ac}] +indent_style = tab + +[ed25519/{ref10,amd64-51-30k,amd64-64-24k}/*.{c,h,py}] +indent_style = space +indent_size = 2 diff --git a/GNUmakefile.in b/GNUmakefile.in index d7cff38..c457061 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -122,6 +122,7 @@ distclean: clean $(RM) GNUmakefile depend: + # makedepend from imake cd "@SRCDIR@" && makedepend -Y -fGNUmakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALL_C) VPATH=@SRCDIR@ @@ -397,7 +398,8 @@ ed25519/ref10/sign.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h ioutil.c.o: types.h ioutil.h keccak.c.o: types.h keccak.h main.c.o: types.h vec.h base32.h cpucount.h keccak.h ioutil.h common.h yaml.h -main.c.o: filters.h worker.h filters_main.inc.h filters_common.inc.h +main.c.o: filters.h worker.h filters_inc.inc.h filters_main.inc.h +main.c.o: filters_common.inc.h test_base16.c.o: types.h base16.h test_base32.c.o: types.h base32.h test_base64.c.o: types.h base64.h @@ -452,7 +454,7 @@ worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h ioutil.h common.h -worker.c.o: yaml.h worker.h filters.h filters_worker.inc.h +worker.c.o: yaml.h worker.h filters.h filters_inc.inc.h filters_worker.inc.h worker.c.o: filters_common.inc.h worker_slow.inc.h worker_fast.inc.h worker.c.o: worker_fast_pass.inc.h worker_batch.inc.h worker_batch_pass.inc.h yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h diff --git a/configure.ac b/configure.ac index 9c2ddac..3ff867d 100644 --- a/configure.ac +++ b/configure.ac @@ -33,9 +33,9 @@ oldcflags="$CFLAGS" CFLAGS="-nopie -Werror" AC_MSG_CHECKING([whether CC supports -nopie]) AC_LINK_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [nopie="-nopie"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [nopie="-nopie"], + [AC_MSG_RESULT([no])] ) CFLAGS="$oldcflags" @@ -178,35 +178,35 @@ oldcflags="$CFLAGS" CFLAGS="-std=c99" AC_MSG_CHECKING([whether CC supports -std=c99]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [c99="yes"] - [cstd="-std=c99"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [c99="yes"] + [cstd="-std=c99"], + [AC_MSG_RESULT([no])] ) CFLAGS="$cstd -Wall" AC_MSG_CHECKING([whether CC supports -Wall]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [cstd="$cstd -Wall"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wall"], + [AC_MSG_RESULT([no])] ) CFLAGS="$cstd -Wextra" AC_MSG_CHECKING([whether CC supports -Wextra]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [cstd="$cstd -Wextra"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wextra"], + [AC_MSG_RESULT([no])] ) # (negative) detection on clang fails without -Werror CFLAGS="$cstd -Wno-maybe-uninitialized -Werror" AC_MSG_CHECKING([whether CC supports -Wno-maybe-uninitialized]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [cstd="$cstd -Wno-maybe-uninitialized"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wno-maybe-uninitialized"], + [AC_MSG_RESULT([no])] ) if test "x$c99" = "xyes" -a "x$ed25519impl" != "xdonna" -a "x$enable_intfilter" != "x128" @@ -244,18 +244,18 @@ fi CFLAGS="$cstd -Wmissing-prototypes -Werror" AC_MSG_CHECKING([whether CC supports -Wmissing-prototypes]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [cstd="$cstd -Wmissing-prototypes"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wmissing-prototypes"], + [AC_MSG_RESULT([no])] ) # XXX AC_LANG_PROGRAM produces unsuitable prototype so this check must be last one CFLAGS="$cstd -Wstrict-prototypes -Werror" AC_MSG_CHECKING([whether CC supports -Wstrict-prototypes]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], - [AC_MSG_RESULT([yes])] - [cstd="$cstd -Wstrict-prototypes"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wstrict-prototypes"], + [AC_MSG_RESULT([no])] ) CFLAGS="$oldcflags" diff --git a/filters_common.inc.h b/filters_common.inc.h index 613e694..dbe2fd8 100644 --- a/filters_common.inc.h +++ b/filters_common.inc.h @@ -1,6 +1,6 @@ #ifdef INTFILTER -static inline size_t filter_len(size_t i) +static inline size_t S(filter_len)(size_t i) { # ifndef OMITMASK const u8 *m = (const u8 *)&VEC_BUF(filters,i).m; @@ -23,12 +23,13 @@ static inline size_t filter_len(size_t i) } return c; } +#define filter_len S(filter_len) #endif // INTFILTER #ifdef BINFILTER -static inline size_t filter_len(size_t i) +static inline size_t S(filter_len)(size_t i) { size_t c = VEC_BUF(filters,i).len * 8; u8 v = VEC_BUF(filters,i).mask; @@ -41,6 +42,7 @@ static inline size_t filter_len(size_t i) v <<= 1; } } +#define filter_len S(filter_len) #endif // BINFILTER diff --git a/filters_inc.inc.h b/filters_inc.inc.h new file mode 100644 index 0000000..5eb7f72 --- /dev/null +++ b/filters_inc.inc.h @@ -0,0 +1 @@ +#define S(x) x diff --git a/main.c b/main.c index 54169fb..b26b139 100644 --- a/main.c +++ b/main.c @@ -100,9 +100,9 @@ static void printhelp(FILE *out,const char *progname) "\t-j numthreads - same as -t\n" "\t-n numkeys - specify number of keys (default - 0 - unlimited)\n" "\t-N numwords - specify number of words per key (default - 1)\n" - "\t-z - use faster key generation method; this is now default\n" - "\t-Z - use slower key generation method\n" - "\t-B - use batching key generation method (>10x faster than -z, experimental)\n" + "\t-Z - use \"slower\" key generation method (initial default)\n" + "\t-z - use \"faster\" key generation method (later default)\n" + "\t-B - use batching key generation method (>10x faster than -z, current default)\n" "\t-s - print statistics each 10 seconds\n" "\t-S t - print statistics every specified ammount of seconds\n" "\t-T - do not reset statistics counters when printing\n" @@ -177,8 +177,15 @@ static void setpassphrase(const char *pass) VEC_STRUCT(threadvec, pthread_t); +#include "filters_inc.inc.h" #include "filters_main.inc.h" +enum worker_type { + WT_SLOW, + WT_FAST, + WT_BATCH, +}; + int main(int argc,char **argv) { const char *outfile = 0; @@ -188,8 +195,7 @@ int main(int argc,char **argv) int ignoreargs = 0; int dirnameflag = 0; int numthreads = 0; - int fastkeygen = 1; - int batchkeygen = 0; + enum worker_type wt = WT_BATCH; int yamlinput = 0; #ifdef PASSPHRASE int deterministic = 0; @@ -319,11 +325,11 @@ int main(int argc,char **argv) e_additional(); } else if (*arg == 'Z') - fastkeygen = 0; + wt = WT_SLOW; else if (*arg == 'z') - fastkeygen = 1; + wt = WT_FAST; else if (*arg == 'B') - batchkeygen = 1; + wt = WT_BATCH; else if (*arg == 's') { #ifdef STATISTICS reportdelay = 10000000; @@ -531,13 +537,23 @@ int main(int argc,char **argv) #ifdef STATISTICS tp = &VEC_BUF(stats,i); #endif - tret = pthread_create(&VEC_BUF(threads,i),0, + tret = pthread_create( + &VEC_BUF(threads,i),0, #ifdef PASSPHRASE - deterministic ? ( - batchkeygen ? worker_batch_pass : worker_fast_pass) : + deterministic + ? (wt == WT_BATCH + ? worker_batch_pass + : worker_fast_pass) + : #endif - batchkeygen ? worker_batch : - (fastkeygen ? worker_fast : worker_slow),tp); + wt == WT_BATCH + ? worker_batch + : + wt == WT_FAST + ? worker_fast + : worker_slow, + tp + ); if (tret) { fprintf(stderr,"error while making " FSZ "th thread: %s\n",i,strerror(tret)); exit(1); diff --git a/worker.c b/worker.c index 4962c8b..d4f48de 100644 --- a/worker.c +++ b/worker.c @@ -93,6 +93,8 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) pthread_mutex_unlock(&keysgenerated_mutex); } + // disabled as this was never ever triggered as far as I'm aware +#if 0 // Sanity check that the public key matches the private one. ge_p3 point; u8 testpk[PUBLIC_LEN]; @@ -100,6 +102,7 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) ge_p3_tobytes(testpk, &point); if (!memcmp(testpk, pubonion, PUBLIC_LEN)) abort(); +#endif if (!yamloutput) { if (createdir(sname,1) != 0) { @@ -133,6 +136,7 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) yamlout_writekeys(&sname[direndpos],pubonion,secret,yamlraw); } +#include "filters_inc.inc.h" #include "filters_worker.inc.h" #ifdef STATISTICS From 5b5f414b7959e94cae0ca84869236a7740270769 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 22 Nov 2020 05:13:24 +0000 Subject: [PATCH 036/107] fix gitignore --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index bd3474c..76500c6 100644 --- a/.gitignore +++ b/.gitignore @@ -7,8 +7,8 @@ mkp224o # garbage configure -GNUMakefile -GNUMakefile.in.bak +GNUmakefile +GNUmakefile.in.bak config.status config.log *.cache From 51d87c385799fbf127dd864b81a079a8f33e6ee4 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 22 Nov 2020 10:21:06 +0000 Subject: [PATCH 037/107] dont do indirection in for batch stuff --- ed25519/amd64-51-30k/fe25519.h | 6 +++--- ed25519/amd64-51-30k/fe25519_batchinvert.c | 18 +++++++++++++----- ed25519/amd64-51-30k/ge25519.h | 2 +- ed25519/amd64-51-30k/ge25519_batchpack.c | 5 ++--- ed25519/amd64-64-24k/fe25519.h | 6 +++--- ed25519/amd64-64-24k/fe25519_batchinvert.c | 18 +++++++++++++----- ed25519/amd64-64-24k/ge25519.h | 2 +- ed25519/amd64-64-24k/ge25519_batchpack.c | 5 ++--- .../ed25519-donna/curve25519-donna-helpers.h | 18 +++++++++++++----- .../ed25519-donna/ed25519-donna-impl-base.h | 15 +++++++-------- .../ed25519-donna/ed25519-donna-impl-sse2.h | 8 ++++---- ed25519/ed25519.h | 6 ------ ed25519/ref10/fe.h | 2 +- ed25519/ref10/fe_batchinvert.c | 18 +++++++++++++----- ed25519/ref10/ge.h | 2 +- ed25519/ref10/ge_p3_batchtobytes.c | 4 ++-- main.c | 8 +++++--- worker_batch.inc.h | 7 +------ worker_batch_pass.inc.h | 7 +------ 19 files changed, 86 insertions(+), 71 deletions(-) diff --git a/ed25519/amd64-51-30k/fe25519.h b/ed25519/amd64-51-30k/fe25519.h index 8a16cd8..c4c9ed3 100644 --- a/ed25519/amd64-51-30k/fe25519.h +++ b/ed25519/amd64-51-30k/fe25519.h @@ -22,9 +22,9 @@ #define fe25519_invert crypto_sign_ed25519_amd64_51_30k_batch_fe25519_invert #define fe25519_pow2523 crypto_sign_ed25519_amd64_51_30k_batch_fe25519_pow2523 -typedef struct +typedef struct { - unsigned long long v[5]; + unsigned long long v[5]; } fe25519; @@ -62,7 +62,7 @@ void fe25519_nsquare(fe25519 *r, unsigned long long n); void fe25519_invert(fe25519 *r, const fe25519 *x); -void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num); +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset); void fe25519_pow2523(fe25519 *r, const fe25519 *x); diff --git a/ed25519/amd64-51-30k/fe25519_batchinvert.c b/ed25519/amd64-51-30k/fe25519_batchinvert.c index b29387a..d6a66d1 100644 --- a/ed25519/amd64-51-30k/fe25519_batchinvert.c +++ b/ed25519/amd64-51-30k/fe25519_batchinvert.c @@ -1,26 +1,34 @@ #include "fe25519.h" -// tmp MUST != out +// tmp MUST != out or in // in MAY == out -void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num) +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset) { fe25519 acc; fe25519 tmpacc; size_t i; + const fe25519 *inp; + fe25519 *outp; fe25519_setint(&acc,1); + inp = in; for (i = 0;i < num;++i) { tmp[i] = acc; - fe25519_mul(&acc,&acc,in[i]); + fe25519_mul(&acc,&acc,inp); + inp = (const fe25519 *)((const char *)inp + offset); } fe25519_invert(&acc,&acc); i = num; + inp = (const fe25519 *)((const char *)in + offset * num); + outp = (fe25519 *)((char *)out + offset * num); while (i--) { - fe25519_mul(&tmpacc,&acc,in[i]); - fe25519_mul(out[i],&acc,&tmp[i]); + inp = (const fe25519 *)((const char *)inp - offset); + outp = (fe25519 *)((char *)outp - offset); + fe25519_mul(&tmpacc,&acc,inp); + fe25519_mul(outp,&acc,&tmp[i]); acc = tmpacc; } } diff --git a/ed25519/amd64-51-30k/ge25519.h b/ed25519/amd64-51-30k/ge25519.h index 5628090..d53bacd 100644 --- a/ed25519/amd64-51-30k/ge25519.h +++ b/ed25519/amd64-51-30k/ge25519.h @@ -92,7 +92,7 @@ extern int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); extern void ge25519_pack(unsigned char r[32], const ge25519 *p); -extern void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num); +extern void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num); extern void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf); extern int ge25519_isneutral_vartime(const ge25519 *p); diff --git a/ed25519/amd64-51-30k/ge25519_batchpack.c b/ed25519/amd64-51-30k/ge25519_batchpack.c index d0d8f95..417aeab 100644 --- a/ed25519/amd64-51-30k/ge25519_batchpack.c +++ b/ed25519/amd64-51-30k/ge25519_batchpack.c @@ -1,13 +1,12 @@ #include "fe25519.h" #include "ge25519.h" -// assumes inz[] points to things in in[] // NOTE: leaves in unfinished state -void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num) +void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num) { fe25519 ty; - fe25519_batchinvert(inz, tmp, inz, num); + fe25519_batchinvert(&in->z, &in->z, tmp, num, sizeof(ge25519_p3)); for (size_t i = 0; i < num; ++i) { fe25519_mul(&ty, &in[i].y, &in[i].z); diff --git a/ed25519/amd64-64-24k/fe25519.h b/ed25519/amd64-64-24k/fe25519.h index 2ebe4e3..780d96d 100644 --- a/ed25519/amd64-64-24k/fe25519.h +++ b/ed25519/amd64-64-24k/fe25519.h @@ -22,9 +22,9 @@ #define fe25519_batchinvert crypto_sign_ed25519_amd64_64_fe25519_batchinvert #define fe25519_pow2523 crypto_sign_ed25519_amd64_64_fe25519_pow2523 -typedef struct +typedef struct { - unsigned long long v[4]; + unsigned long long v[4]; } fe25519; @@ -62,7 +62,7 @@ void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e); void fe25519_invert(fe25519 *r, const fe25519 *x); -void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num); +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset); void fe25519_pow2523(fe25519 *r, const fe25519 *x); diff --git a/ed25519/amd64-64-24k/fe25519_batchinvert.c b/ed25519/amd64-64-24k/fe25519_batchinvert.c index b29387a..d6a66d1 100644 --- a/ed25519/amd64-64-24k/fe25519_batchinvert.c +++ b/ed25519/amd64-64-24k/fe25519_batchinvert.c @@ -1,26 +1,34 @@ #include "fe25519.h" -// tmp MUST != out +// tmp MUST != out or in // in MAY == out -void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num) +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset) { fe25519 acc; fe25519 tmpacc; size_t i; + const fe25519 *inp; + fe25519 *outp; fe25519_setint(&acc,1); + inp = in; for (i = 0;i < num;++i) { tmp[i] = acc; - fe25519_mul(&acc,&acc,in[i]); + fe25519_mul(&acc,&acc,inp); + inp = (const fe25519 *)((const char *)inp + offset); } fe25519_invert(&acc,&acc); i = num; + inp = (const fe25519 *)((const char *)in + offset * num); + outp = (fe25519 *)((char *)out + offset * num); while (i--) { - fe25519_mul(&tmpacc,&acc,in[i]); - fe25519_mul(out[i],&acc,&tmp[i]); + inp = (const fe25519 *)((const char *)inp - offset); + outp = (fe25519 *)((char *)outp - offset); + fe25519_mul(&tmpacc,&acc,inp); + fe25519_mul(outp,&acc,&tmp[i]); acc = tmpacc; } } diff --git a/ed25519/amd64-64-24k/ge25519.h b/ed25519/amd64-64-24k/ge25519.h index 69af5d7..46c0d7d 100644 --- a/ed25519/amd64-64-24k/ge25519.h +++ b/ed25519/amd64-64-24k/ge25519.h @@ -81,7 +81,7 @@ extern int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); extern void ge25519_pack(unsigned char r[32], const ge25519 *p); -extern void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num); +extern void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num); extern void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf); extern int ge25519_isneutral_vartime(const ge25519 *p); diff --git a/ed25519/amd64-64-24k/ge25519_batchpack.c b/ed25519/amd64-64-24k/ge25519_batchpack.c index d0d8f95..417aeab 100644 --- a/ed25519/amd64-64-24k/ge25519_batchpack.c +++ b/ed25519/amd64-64-24k/ge25519_batchpack.c @@ -1,13 +1,12 @@ #include "fe25519.h" #include "ge25519.h" -// assumes inz[] points to things in in[] // NOTE: leaves in unfinished state -void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num) +void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num) { fe25519 ty; - fe25519_batchinvert(inz, tmp, inz, num); + fe25519_batchinvert(&in->z, &in->z, tmp, num, sizeof(ge25519_p3)); for (size_t i = 0; i < num; ++i) { fe25519_mul(&ty, &in[i].y, &in[i].z); diff --git a/ed25519/ed25519-donna/curve25519-donna-helpers.h b/ed25519/ed25519-donna/curve25519-donna-helpers.h index 1f76aef..c8f71ed 100644 --- a/ed25519/ed25519-donna/curve25519-donna-helpers.h +++ b/ed25519/ed25519-donna/curve25519-donna-helpers.h @@ -67,23 +67,31 @@ curve25519_setone(bignum25519 out) { * if that's the case then we're doing batch invert there */ static void -curve25519_batchrecip(bignum25519 *out[], bignum25519 tmp[], bignum25519 * const in[], size_t num) { - bignum25519 ALIGN(16) acc, tmpacc; +curve25519_batchrecip(bignum25519 *out, const bignum25519 *in, bignum25519 *tmp, size_t num, size_t offset) { + bignum25519 ALIGN(16) acc,tmpacc; size_t i; + const bignum25519 *inp; + bignum25519 *outp; curve25519_setone(acc); + inp = in; for (i = 0; i < num; ++i) { curve25519_copy(tmp[i], acc); - curve25519_mul(acc, acc, *in[i]); + curve25519_mul(acc, acc, *inp); + inp = (const bignum25519 *)((const char *)inp + offset); } curve25519_recip(acc, acc); i = num; + inp = (const bignum25519 *)((const char *)in + offset * num); + outp = (bignum25519 *)((char *)out + offset * num); while (i--) { - curve25519_mul(tmpacc, acc, *in[i]); - curve25519_mul(*out[i], acc, tmp[i]); + inp = (const bignum25519 *)((const char *)inp - offset); + outp = (bignum25519 *)((char *)outp - offset); + curve25519_mul(tmpacc, acc, *inp); + curve25519_mul(*outp, acc, tmp[i]); curve25519_copy(acc, tmpacc); } } diff --git a/ed25519/ed25519-donna/ed25519-donna-impl-base.h b/ed25519/ed25519-donna/ed25519-donna-impl-base.h index 503ba8c..2b8157a 100644 --- a/ed25519/ed25519-donna/ed25519-donna-impl-base.h +++ b/ed25519/ed25519-donna/ed25519-donna-impl-base.h @@ -8,15 +8,15 @@ DONNA_INLINE static void ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) { curve25519_mul(r->x, p->x, p->t); curve25519_mul(r->y, p->y, p->z); - curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->z, p->z, p->t); } DONNA_INLINE static void ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) { curve25519_mul(r->x, p->x, p->t); curve25519_mul(r->y, p->y, p->z); - curve25519_mul(r->z, p->z, p->t); - curve25519_mul(r->t, p->x, p->y); + curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->t, p->x, p->y); } static void @@ -190,13 +190,12 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) { r[31] ^= ((parity[0] & 1) << 7); } -// assumes inz[] points to things in in[] // NOTE: leaves in unfinished state static void -ge25519_batchpack_destructive_1(bytes32 out[], ge25519 in[], bignum25519 *inz[], bignum25519 tmp[], size_t num) { +ge25519_batchpack_destructive_1(bytes32 *out, ge25519 *in, bignum25519 *tmp, size_t num) { bignum25519 ty; - curve25519_batchrecip(inz, tmp, inz, num); + curve25519_batchrecip(&in->z, &in->z, tmp, num, sizeof(ge25519)); for (size_t i = 0; i < num; ++i) { curve25519_mul(ty, in[i].y, in[i].z); @@ -276,7 +275,7 @@ ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) { #define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2)) /* computes [s1]p1 + [s2]basepoint */ -static void +static void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) { signed char slide1[256], slide2[256]; ge25519_pniels pre1[S1_TABLE_SIZE]; @@ -371,7 +370,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96] curve25519_add_reduce(r->y, t.xaddy, t.ysubx); memset(r->z, 0, sizeof(bignum25519)); curve25519_copy(r->t, t.t2d); - r->z[0] = 2; + r->z[0] = 2; for (i = 3; i < 64; i += 2) { ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]); ge25519_nielsadd2(r, &t); diff --git a/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h b/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h index b474511..a94d8d2 100644 --- a/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h +++ b/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h @@ -14,7 +14,7 @@ ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) { curve25519_untangle64(r->x, r->z, xzout); } -static void +static void ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) { packed64bignum25519 ALIGN(16) zy, xt, xx, zz, ty; curve25519_tangle64(ty, p->t, p->y); @@ -222,10 +222,10 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) { // assumes inz[] points to things in in[] // NOTE: leaves in unfinished state static void -ge25519_batchpack_destructive_1(bytes32 out[], ge25519 in[], bignum25519 *inz[], bignum25519 tmp[], size_t num) { +ge25519_batchpack_destructive_1(bytes32 *out, ge25519 *in, bignum25519 *tmp, size_t num) { bignum25519 ALIGN(16) ty; - curve25519_batchrecip(inz, tmp, inz, num); + curve25519_batchrecip(&in->z, &in->z, tmp, num, sizeof(ge25519)); for (size_t i = 0; i < num; ++i) { curve25519_mul(ty, in[i].y, in[i].z); @@ -395,7 +395,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bi ge25519_scalarmult_base_choose_niels(&t, table, 0, b[1]); curve25519_sub_reduce(r->x, t.xaddy, t.ysubx); curve25519_add_reduce(r->y, t.xaddy, t.ysubx); - memset(r->z, 0, sizeof(bignum25519)); + memset(r->z, 0, sizeof(bignum25519)); r->z[0] = 2; curve25519_copy(r->t, t.t2d); for (i = 3; i < 64; i += 2) { diff --git a/ed25519/ed25519.h b/ed25519/ed25519.h index f59760f..43007c6 100644 --- a/ed25519/ed25519.h +++ b/ed25519/ed25519.h @@ -11,8 +11,6 @@ #define ed25519_keygen ed25519_ref10_keygen #include "ref10/ge.h" -#define GEZ(x) ((x).Z) - /* The basepoint multiplied by 8. */ static const ge_cached ge_eightpoint = { /* YplusX */ @@ -80,8 +78,6 @@ inline static void ge_initeightpoint(void) {} #define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 #define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish - -#define GEZ(x) ((x).z) #endif @@ -190,8 +186,6 @@ static int ed25519_keypair(unsigned char *pk,unsigned char *sk) #define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 #define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish -#define GEZ(x) ((x).z) - DONNA_INLINE static void ge_add(ge25519_p1p1 *r,const ge25519 *p,const ge25519_pniels *q) { ge25519_pnielsadd_p1p1(r,p,q,0); diff --git a/ed25519/ref10/fe.h b/ed25519/ref10/fe.h index 97ffb78..11aeebb 100644 --- a/ed25519/ref10/fe.h +++ b/ed25519/ref10/fe.h @@ -53,7 +53,7 @@ extern void fe_sq(fe,const fe); extern void fe_sq2(fe,const fe); extern void fe_mul121666(fe,const fe); extern void fe_invert(fe,const fe); -extern void fe_batchinvert(fe *out[],fe tmp[],fe * const in[], size_t num); +extern void fe_batchinvert(fe *out,fe *in,fe *tmp,size_t num,size_t shift); extern void fe_pow22523(fe,const fe); #endif diff --git a/ed25519/ref10/fe_batchinvert.c b/ed25519/ref10/fe_batchinvert.c index 91d40d1..10e2e0e 100644 --- a/ed25519/ref10/fe_batchinvert.c +++ b/ed25519/ref10/fe_batchinvert.c @@ -1,26 +1,34 @@ #include "fe.h" -// tmp MUST != out +// tmp MUST != out or in // in MAY == out -void fe_batchinvert(fe *out[],fe tmp[],fe * const in[], size_t num) +void fe_batchinvert(fe *out,fe *in,fe *tmp,size_t num,size_t shift) { fe acc; fe tmpacc; size_t i; + fe *inp; + fe *outp; fe_1(acc); + inp = in; for (i = 0;i < num;++i) { fe_copy(tmp[i],acc); - fe_mul(acc,acc,*in[i]); + fe_mul(acc,acc,*inp); + inp = (fe *)((char *)inp + shift); } fe_invert(acc,acc); i = num; + inp = (fe *)((char *)in + shift * num); + outp = (fe *)((char *)out + shift * num); while (i--) { - fe_mul(tmpacc,acc,*in[i]); - fe_mul(*out[i],acc,tmp[i]); + inp = (fe *)((char *)inp - shift); + outp = (fe *)((char *)outp - shift); + fe_mul(tmpacc,acc,*inp); + fe_mul(*outp,acc,tmp[i]); fe_copy(acc,tmpacc); } } diff --git a/ed25519/ref10/ge.h b/ed25519/ref10/ge.h index 1f01f3d..3ae05b6 100644 --- a/ed25519/ref10/ge.h +++ b/ed25519/ref10/ge.h @@ -77,7 +77,7 @@ typedef unsigned char bytes32[32]; extern void ge_tobytes(unsigned char *,const ge_p2 *); extern void ge_p3_tobytes(unsigned char *,const ge_p3 *); -extern void ge_p3_batchtobytes_destructive_1(bytes32 out[],ge_p3 in[],fe *inz[],fe tmp[],size_t num); +extern void ge_p3_batchtobytes_destructive_1(bytes32 *out,ge_p3 *in,fe *tmp,size_t num); extern void ge_p3_batchtobytes_destructive_finish(bytes32 out,ge_p3 *unf); extern int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *); diff --git a/ed25519/ref10/ge_p3_batchtobytes.c b/ed25519/ref10/ge_p3_batchtobytes.c index 6b886c8..46605a9 100644 --- a/ed25519/ref10/ge_p3_batchtobytes.c +++ b/ed25519/ref10/ge_p3_batchtobytes.c @@ -2,11 +2,11 @@ // inz is ge_p3.Z pointer array. contents to .Zs will be overwritten // NOTE: leaves in unfinished state -void ge_p3_batchtobytes_destructive_1(bytes32 out[],ge_p3 in[],fe *inz[],fe tmp[],size_t num) +void ge_p3_batchtobytes_destructive_1(bytes32 *out,ge_p3 *in,fe *tmp,size_t num) { fe y; - fe_batchinvert(inz,tmp,inz,num); + fe_batchinvert(&in->Z,&in->Z,tmp,num,sizeof(ge_p3)); for (size_t i = 0;i < num;++i) { fe_mul(y,in[i].Y,in[i].Z); diff --git a/main.c b/main.c index b26b139..f48c1a2 100644 --- a/main.c +++ b/main.c @@ -186,6 +186,8 @@ enum worker_type { WT_BATCH, }; +#define TATTR 0 + int main(int argc,char **argv) { const char *outfile = 0; @@ -518,7 +520,7 @@ int main(int argc,char **argv) VEC_ZERO(tstats); #endif -#if 0 +#if TATTR pthread_attr_t tattr,*tattrp = &tattr; tret = pthread_attr_init(tattrp); if (tret) { @@ -526,7 +528,7 @@ int main(int argc,char **argv) tattrp = 0; } else { - tret = pthread_attr_setstacksize(tattrp,80<<10); + tret = pthread_attr_setstacksize(tattrp,2<<20); if (tret) perror("pthread_attr_setstacksize"); } @@ -560,7 +562,7 @@ int main(int argc,char **argv) } } -#if 0 +#if TATTR if (tattrp) { tret = pthread_attr_destroy(tattrp); if (tret) diff --git a/worker_batch.inc.h b/worker_batch.inc.h index e544d00..1636c0b 100644 --- a/worker_batch.inc.h +++ b/worker_batch.inc.h @@ -13,7 +13,6 @@ void *worker_batch(void *task) // state to keep batch data ge_p3 ge_batch[BATCHNUM]; - fe *(batchgez)[BATCHNUM]; fe tmp_batch[BATCHNUM]; bytes32 pk_batch[BATCHNUM]; @@ -24,10 +23,6 @@ void *worker_batch(void *task) struct statstruct *st = (struct statstruct *)task; #endif - // set up right pointers - for (size_t b = 0;b < BATCHNUM;++b) - batchgez[b] = &GEZ(ge_batch[b]); - PREFILTER memcpy(secret,skprefix,SKPREFIX_SIZE); @@ -64,7 +59,7 @@ initseed: ge_p1p1_to_p3(&ge_public,&sum); } // NOTE: leaves unfinished one bit at the very end - ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,batchgez,tmp_batch,BATCHNUM); + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,tmp_batch,BATCHNUM); #ifdef STATISTICS st->numcalc.v += BATCHNUM; diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index 31f48d7..eaf914b 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -14,7 +14,6 @@ void *worker_batch_pass(void *task) // state to keep batch data ge_p3 ge_batch[BATCHNUM]; - fe *(batchgez)[BATCHNUM]; fe tmp_batch[BATCHNUM]; bytes32 pk_batch[BATCHNUM]; @@ -25,10 +24,6 @@ void *worker_batch_pass(void *task) struct statstruct *st = (struct statstruct *)task; #endif - // set up right pointers - for (size_t b = 0;b < BATCHNUM;++b) - batchgez[b] = &GEZ(ge_batch[b]); - PREFILTER memcpy(secret,skprefix,SKPREFIX_SIZE); @@ -70,7 +65,7 @@ initseed: ge_p1p1_to_p3(&ge_public,&sum); } // NOTE: leaves unfinished one bit at the very end - ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,batchgez,tmp_batch,BATCHNUM); + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,tmp_batch,BATCHNUM); #ifdef STATISTICS st->numcalc.v += BATCHNUM; From af5a7cfe122ba62e819b92c8b5a662151a284c69 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 22 Nov 2020 13:13:50 +0000 Subject: [PATCH 038/107] set thread size --- ed25519/ed25519.h | 43 +++++++++++++++++++++++++++-------------- main.c | 15 +++++++------- worker.c | 9 +++++++-- worker.h | 1 + worker_batch.inc.h | 10 +++++----- worker_batch_pass.inc.h | 12 ++++++------ worker_fast.inc.h | 4 ++-- worker_fast_pass.inc.h | 4 ++-- 8 files changed, 59 insertions(+), 39 deletions(-) diff --git a/ed25519/ed25519.h b/ed25519/ed25519.h index 43007c6..6f4c37a 100644 --- a/ed25519/ed25519.h +++ b/ed25519/ed25519.h @@ -3,7 +3,22 @@ #define ED25519_PUBLICKEYBYTES 32 +#ifndef ED25519_donna +# if defined(_MSC_VER) +# define ALIGN(x) __declspec(align(x)) +# elif defined(__GNUC__) +# undef ALIGN +# define ALIGN(x) __attribute__((aligned(x))) +# else +# ifndef ALIGN +# define ALIGN(x) +# endif +# endif +#endif + + #ifdef ED25519_ref10 + #include "ref10/ed25519.h" #define ed25519_seckey ed25519_ref10_seckey #define ed25519_seckey_expand ed25519_ref10_seckey_expand @@ -35,49 +50,47 @@ static const ge_cached ge_eightpoint = { } }; inline static void ge_initeightpoint(void) {} + #endif #ifdef ED25519_amd64_51_30k -#define ED25519_amd64_common -#else -#ifdef ED25519_amd64_64_24k -#define ED25519_amd64_common -#endif -#endif - -#ifdef ED25519_amd64_51_30k #include "amd64-51-30k/ed25519.h" #include "amd64-51-30k/ge25519.h" #define ed25519_seckey ed25519_amd64_51_30k_seckey #define ed25519_seckey_expand ed25519_amd64_51_30k_seckey_expand #define ed25519_pubkey ed25519_amd64_51_30k_pubkey #define ed25519_keygen ed25519_amd64_51_30k_keygen + #endif + #ifdef ED25519_amd64_64_24k + #include "amd64-64-24k/ed25519.h" #include "amd64-64-24k/ge25519.h" #define ed25519_seckey ed25519_amd64_64_seckey #define ed25519_seckey_expand ed25519_amd64_64_seckey_expand #define ed25519_pubkey ed25519_amd64_64_pubkey #define ed25519_keygen ed25519_amd64_64_keygen + #endif // common -#ifdef ED25519_amd64_common +#if defined(ED25519_amd64_51_30k) || defined(ED25519_amd64_64_24k) + #define fe fe25519 #define ge_p1p1 ge25519_p1p1 #define ge_p3 ge25519_p3 -#define ge_cached ge25519_pniels #define ge_p1p1_to_p3 ge25519_p1p1_to_p3 #define ge_p3_tobytes ge25519_pack #define ge_add ge25519_pnielsadd_p1p1 #define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 #define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish + #endif @@ -130,6 +143,7 @@ inline static void ge_initeightpoint(void) {} #ifdef ED25519_donna + #define ED25519_CUSTOMRANDOM #define ED25519_CUSTOMHASH #include @@ -174,11 +188,10 @@ static int ed25519_keypair(unsigned char *pk,unsigned char *sk) return 0; } -// hacky, but works for current stuff in main.c -#define fe bignum25519 ALIGN(16) -#define ge_p1p1 ge25519_p1p1 ALIGN(16) -#define ge_p3 ge25519 ALIGN(16) -#define ge_cached ge25519_pniels ALIGN(16) + +#define fe bignum25519 +#define ge_p1p1 ge25519_p1p1 +#define ge_p3 ge25519 #define ge_p1p1_to_p3 ge25519_p1p1_to_full #define ge_p3_tobytes ge25519_pack diff --git a/main.c b/main.c index f48c1a2..22f9cfe 100644 --- a/main.c +++ b/main.c @@ -186,8 +186,6 @@ enum worker_type { WT_BATCH, }; -#define TATTR 0 - int main(int argc,char **argv) { const char *outfile = 0; @@ -520,7 +518,6 @@ int main(int argc,char **argv) VEC_ZERO(tstats); #endif -#if TATTR pthread_attr_t tattr,*tattrp = &tattr; tret = pthread_attr_init(tattrp); if (tret) { @@ -528,11 +525,17 @@ int main(int argc,char **argv) tattrp = 0; } else { - tret = pthread_attr_setstacksize(tattrp,2<<20); + // 256KiB plus whatever batch stuff uses if in batch mode + size_t ss = 256 << 10; + if (wt == WT_BATCH) + ss += worker_batch_memuse(); + // align to 64KiB + ss = (ss + (64 << 10) - 1) & ~((64 << 10) - 1); + //printf("stack size: " FSZ "\n",ss); + tret = pthread_attr_setstacksize(tattrp,ss); if (tret) perror("pthread_attr_setstacksize"); } -#endif for (size_t i = 0;i < VEC_LENGTH(threads);++i) { void *tp = 0; @@ -562,13 +565,11 @@ int main(int argc,char **argv) } } -#if TATTR if (tattrp) { tret = pthread_attr_destroy(tattrp); if (tret) perror("pthread_attr_destroy"); } -#endif #ifdef STATISTICS struct timespec nowtime; diff --git a/worker.c b/worker.c index d4f48de..41d540b 100644 --- a/worker.c +++ b/worker.c @@ -94,9 +94,9 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) } // disabled as this was never ever triggered as far as I'm aware -#if 0 +#if 1 // Sanity check that the public key matches the private one. - ge_p3 point; + ge_p3 ALIGN(16) point; u8 testpk[PUBLIC_LEN]; ge_scalarmult_base(&point, secret); ge_p3_tobytes(testpk, &point); @@ -220,6 +220,11 @@ static void reseedright(u8 sk[SECRET_LEN]) #define BATCHNUM 2048 #endif +size_t worker_batch_memuse(void) +{ + return (sizeof(ge_p3) + sizeof(fe) + sizeof(bytes32)) * BATCHNUM; +} + #include "worker_batch.inc.h" #include "worker_batch_pass.inc.h" diff --git a/worker.h b/worker.h index 209d7e5..7f50f6f 100644 --- a/worker.h +++ b/worker.h @@ -38,6 +38,7 @@ extern u8 determseed[SEED_LEN]; extern void worker_init(void); extern char *makesname(void); +extern size_t worker_batch_memuse(void); extern void *worker_slow(void *task); extern void *worker_fast(void *task); diff --git a/worker_batch.inc.h b/worker_batch.inc.h index 1636c0b..8de5330 100644 --- a/worker_batch.inc.h +++ b/worker_batch.inc.h @@ -8,13 +8,13 @@ void *worker_batch(void *task) u8 seed[SEED_LEN]; u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ge_public; + ge_p3 ALIGN(16) ge_public; char *sname; // state to keep batch data - ge_p3 ge_batch[BATCHNUM]; - fe tmp_batch[BATCHNUM]; - bytes32 pk_batch[BATCHNUM]; + ge_p3 ALIGN(16) ge_batch [BATCHNUM]; + fe ALIGN(16) tmp_batch[BATCHNUM]; + bytes32 ALIGN(16) pk_batch [BATCHNUM]; size_t counter; size_t i; @@ -47,7 +47,7 @@ initseed: ge_scalarmult_base(&ge_public,sk); for (counter = 0;counter < SIZE_MAX-(8*BATCHNUM);counter += 8*BATCHNUM) { - ge_p1p1 sum; + ge_p1p1 ALIGN(16) sum; if (unlikely(endwork)) goto end; diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index eaf914b..3676eec 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -9,13 +9,13 @@ void *worker_batch_pass(void *task) u8 seed[SEED_LEN]; u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ge_public; + ge_p3 ALIGN(16) ge_public; char *sname; // state to keep batch data - ge_p3 ge_batch[BATCHNUM]; - fe tmp_batch[BATCHNUM]; - bytes32 pk_batch[BATCHNUM]; + ge_p3 ALIGN(16) ge_batch [BATCHNUM]; + fe ALIGN(16) tmp_batch[BATCHNUM]; + bytes32 ALIGN(16) pk_batch [BATCHNUM]; size_t counter,oldcounter; size_t i; @@ -53,7 +53,7 @@ initseed: ge_scalarmult_base(&ge_public,sk); for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT - (BATCHNUM - 1) * 8;counter += BATCHNUM * 8) { - ge_p1p1 sum; + ge_p1p1 ALIGN(16) sum; if (unlikely(endwork)) goto end; @@ -120,7 +120,7 @@ initseed: // can't have leftovers in theory if BATCHNUM was power of 2 and smaller than DETERMINISTIC_LOOP_COUNT bound #if (BATCHNUM & (BATCHNUM - 1)) || (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT if (counter < DETERMINISTIC_LOOP_COUNT) { - ge_p1p1 sum; + ge_p1p1 ALIGN(16) sum; if (unlikely(endwork)) goto end; diff --git a/worker_fast.inc.h b/worker_fast.inc.h index db57b0b..141a34b 100644 --- a/worker_fast.inc.h +++ b/worker_fast.inc.h @@ -8,7 +8,7 @@ void *worker_fast(void *task) u8 seed[SEED_LEN]; u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ge_public; + ge_p3 ALIGN(16) ge_public; char *sname; size_t counter; @@ -45,7 +45,7 @@ initseed: ge_p3_tobytes(pk,&ge_public); for (counter = 0;counter < SIZE_MAX-8;counter += 8) { - ge_p1p1 sum; + ge_p1p1 ALIGN(16) sum; if (unlikely(endwork)) goto end; diff --git a/worker_fast_pass.inc.h b/worker_fast_pass.inc.h index 8b698ef..2d482b3 100644 --- a/worker_fast_pass.inc.h +++ b/worker_fast_pass.inc.h @@ -9,7 +9,7 @@ void *worker_fast_pass(void *task) u8 seed[SEED_LEN]; u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ge_public; + ge_p3 ALIGN(16) ge_public; char *sname; size_t counter,oldcounter; @@ -51,7 +51,7 @@ initseed: ge_p3_tobytes(pk,&ge_public); for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT;counter += 8) { - ge_p1p1 sum; + ge_p1p1 ALIGN(16) sum; if (unlikely(endwork)) goto end; From 57c306d512ec0c782eed7790acee073f5b7054bb Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 22 Nov 2020 13:16:43 +0000 Subject: [PATCH 039/107] disable this again --- worker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/worker.c b/worker.c index 41d540b..f0aaf62 100644 --- a/worker.c +++ b/worker.c @@ -94,7 +94,7 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) } // disabled as this was never ever triggered as far as I'm aware -#if 1 +#if 0 // Sanity check that the public key matches the private one. ge_p3 ALIGN(16) point; u8 testpk[PUBLIC_LEN]; From 02c35e5f6980341d19909c0c6b4750f718a7ed24 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 23 Nov 2020 03:38:56 +0000 Subject: [PATCH 040/107] actually set stack size for new threads forgot to actually pass argument --- main.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/main.c b/main.c index 22f9cfe..cec31bb 100644 --- a/main.c +++ b/main.c @@ -543,20 +543,21 @@ int main(int argc,char **argv) tp = &VEC_BUF(stats,i); #endif tret = pthread_create( - &VEC_BUF(threads,i),0, + &VEC_BUF(threads,i), + tattrp, #ifdef PASSPHRASE - deterministic - ? (wt == WT_BATCH - ? worker_batch_pass - : worker_fast_pass) - : + deterministic + ? (wt == WT_BATCH + ? worker_batch_pass + : worker_fast_pass) + : #endif - wt == WT_BATCH - ? worker_batch - : - wt == WT_FAST - ? worker_fast - : worker_slow, + wt == WT_BATCH + ? worker_batch + : + wt == WT_FAST + ? worker_fast + : worker_slow, tp ); if (tret) { From 2822508f8d08108026d02781471fad4b82c2a550 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 24 Nov 2020 16:23:21 +0000 Subject: [PATCH 041/107] tweak readme heading sizes --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 9f67702..afeb331 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ -# mkp224o - vanity address generator for ed25519 onion services +## mkp224o - vanity address generator for ed25519 onion services This tool generates vanity ed25519 ([hidden service version 3][v3], formely known as proposal 224) onion addresses. -## Requirements +### Requirements * C99 compatible compiler (gcc and clang should work) * libsodium (including headers) @@ -18,7 +18,7 @@ For debian-like linux distros, this should be enough to prepare for building: apt install gcc libsodium-dev make autoconf ``` -## Building +### Building `./autogen.sh` to generate configure script, if it's not there already. @@ -31,7 +31,7 @@ run `./configure --help` to see all available options. Finally, `make` to start building (`gmake` in \*BSD platforms). -## Usage +### Usage Generator needs one or more filters to work. @@ -47,7 +47,7 @@ Use `-h` switch to obtain all available options. I highly recommend reading [OPTIMISATION.txt][OPTIMISATION] for performance-related tips. -## FAQ and other useful info +### FAQ and other useful info * How do I generate address? Once compiled, run it like `./mkp224o neko`, and it will try creating @@ -95,12 +95,12 @@ performance-related tips. It appears that onionbalance supports loading usual `hs_ed25519_secret_key` key so it should work. -## Contact +### Contact For bug reports/questions/whatever else, email cathugger at cock dot li. PGP key, if needed, can be found at . -## Acknowledgements & Legal +### Acknowledgements & Legal To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the From 3ffe5ee8a99dc1f17d8496097fe08b3332ce8724 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 24 Nov 2020 16:35:55 +0000 Subject: [PATCH 042/107] more readme tweaks --- README.md | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index afeb331..1c2731f 100644 --- a/README.md +++ b/README.md @@ -49,13 +49,15 @@ performance-related tips. ### FAQ and other useful info -* How do I generate address? +* How do I generate address? + Once compiled, run it like `./mkp224o neko`, and it will try creating keys for onions starting with "neko" in this example; use `./mkp224o -d nekokeys neko` to not litter current directory and put all discovered keys in directory named "nekokeys". -* How do I make tor use generated keys? +* How do I make tor use generated keys? + Copy key folder (though technically only `hs_ed25519_secret_key` is required) to where you want your service keys to reside: @@ -63,41 +65,50 @@ performance-related tips. sudo cp -r neko54as6d54....onion /var/lib/tor/nekosvc ``` - You may need to adjust owner and permissions: + You may need to adjust ownership and permissions: ```bash sudo chown -R tor: /var/lib/tor/nekosvc sudo chmod -R u+rwX,og-rwx /var/lib/tor/nekosvc ``` - Then edit `torrc` and add new service with that folder. + Then edit `torrc` and add new service with that folder. + After reload/restart tor should pick it up. -* Generate addresses with 1-2 and 7-9 digits? - onion addresses use base32 encoding which does not include 1,2,7,8,9 - numbers. - so no, that's not possible to generate these, and mkp224o tries to +* Generate addresses with 1-2 and 7-9 digits? + + Onion addresses use base32 encoding which does not include 1,2,7,8,9 + numbers. + + So no, that's not possible to generate these, and mkp224o tries to detect invalid filters containing them early on. -* How long is it going to take? +* How long is it going to take? + Because of probablistic nature of brute force key generation, and varience of hardware it's going to run on, it's hard to make promisses about how long it's going to take, especially when the most of users - want just a few keys. - See [this issue][#27] for very valuable discussion about this. + want just a few keys. + + See [this issue][#27] for very valuable discussion about this. + If your machine is powerful enough, 6 character prefix shouldn't take more than few tens of minutes, if using batch mode (read [OPTIMISATION.txt][OPTIMISATION]) 7 characters can take hours - to days. + to days. + No promisses though, it depends on pure luck. -* Will this work with onionbalance? +* Will this work with onionbalance? + It appears that onionbalance supports loading usual `hs_ed25519_secret_key` key so it should work. ### Contact -For bug reports/questions/whatever else, email cathugger at cock dot li. +For bug reports/questions/whatever else, email cathugger at cock dot li. + PGP key, if needed, can be found at . ### Acknowledgements & Legal From fdb715fee023dc915ae662eb2703a3437af4283d Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 24 Nov 2020 16:39:21 +0000 Subject: [PATCH 043/107] more readme --- README.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.md b/README.md index 1c2731f..bd095ea 100644 --- a/README.md +++ b/README.md @@ -73,14 +73,12 @@ performance-related tips. ``` Then edit `torrc` and add new service with that folder. - After reload/restart tor should pick it up. * Generate addresses with 1-2 and 7-9 digits? Onion addresses use base32 encoding which does not include 1,2,7,8,9 numbers. - So no, that's not possible to generate these, and mkp224o tries to detect invalid filters containing them early on. @@ -90,14 +88,11 @@ performance-related tips. varience of hardware it's going to run on, it's hard to make promisses about how long it's going to take, especially when the most of users want just a few keys. - See [this issue][#27] for very valuable discussion about this. - If your machine is powerful enough, 6 character prefix shouldn't take more than few tens of minutes, if using batch mode (read [OPTIMISATION.txt][OPTIMISATION]) 7 characters can take hours to days. - No promisses though, it depends on pure luck. * Will this work with onionbalance? @@ -108,7 +103,6 @@ performance-related tips. ### Contact For bug reports/questions/whatever else, email cathugger at cock dot li. - PGP key, if needed, can be found at . ### Acknowledgements & Legal From 6f1264177ed7b2f4cdfe872ef24bb27115b80b6d Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 24 Nov 2020 17:06:19 +0000 Subject: [PATCH 044/107] using trailing spaces for hard breaks is fucking stupid --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bd095ea..dbb7293 100644 --- a/README.md +++ b/README.md @@ -72,13 +72,13 @@ performance-related tips. sudo chmod -R u+rwX,og-rwx /var/lib/tor/nekosvc ``` - Then edit `torrc` and add new service with that folder. + Then edit `torrc` and add new service with that folder.\ After reload/restart tor should pick it up. * Generate addresses with 1-2 and 7-9 digits? Onion addresses use base32 encoding which does not include 1,2,7,8,9 - numbers. + numbers.\ So no, that's not possible to generate these, and mkp224o tries to detect invalid filters containing them early on. @@ -87,12 +87,12 @@ performance-related tips. Because of probablistic nature of brute force key generation, and varience of hardware it's going to run on, it's hard to make promisses about how long it's going to take, especially when the most of users - want just a few keys. - See [this issue][#27] for very valuable discussion about this. + want just a few keys.\ + See [this issue][#27] for very valuable discussion about this.\ If your machine is powerful enough, 6 character prefix shouldn't take more than few tens of minutes, if using batch mode (read [OPTIMISATION.txt][OPTIMISATION]) 7 characters can take hours - to days. + to days.\ No promisses though, it depends on pure luck. * Will this work with onionbalance? @@ -102,7 +102,7 @@ performance-related tips. ### Contact -For bug reports/questions/whatever else, email cathugger at cock dot li. +For bug reports/questions/whatever else, email cathugger at cock dot li.\ PGP key, if needed, can be found at . ### Acknowledgements & Legal From f6bda1035c80097adc5b3152eaef4d6ba9890d1e Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 22 Dec 2020 10:50:09 +0000 Subject: [PATCH 045/107] an attempt to clarify filter validation err --- filters_main.inc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filters_main.inc.h b/filters_main.inc.h index f1bd7ed..f381a03 100644 --- a/filters_main.inc.h +++ b/filters_main.inc.h @@ -395,7 +395,7 @@ void filters_add(const char *filter) memset(&bf,0,sizeof(bf)); if (!base32_valid(filter,&ret)) { - fprintf(stderr,"filter \"%s\" is invalid\n",filter); + fprintf(stderr,"filter \"%s\" is not valid base32 string\n",filter); fprintf(stderr," "); while (ret--) fputc(' ',stderr); From 5938904f46ee102743027d9a9da709a7583ea5dd Mon Sep 17 00:00:00 2001 From: einsz Date: Tue, 12 Jan 2021 23:29:40 +0100 Subject: [PATCH 046/107] Fix possible numbers in base32 The readme stated is is possible to gerenate a 0 and also stated 2 and 7 are not included in the base32 character set... fixed that. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dbb7293..b40959b 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ performance-related tips. * Generate addresses with 1-2 and 7-9 digits? - Onion addresses use base32 encoding which does not include 1,2,7,8,9 + Onion addresses use base32 encoding which does not include 0,1,8,9 numbers.\ So no, that's not possible to generate these, and mkp224o tries to detect invalid filters containing them early on. From 68a06c4cedc3e1c6430984a4c422475d088ed6c9 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 9 Mar 2021 08:58:46 +0000 Subject: [PATCH 047/107] tweak wording a bit --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b40959b..02717a9 100644 --- a/README.md +++ b/README.md @@ -25,8 +25,8 @@ apt install gcc libsodium-dev make autoconf `./configure` to generate makefile; in \*BSD platforms you probably want to use `./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`. -You probably also want to pass something like `--enable-amd64-51-30k` -or `--enable-donna` to configure script for faster key generation; +On AMD64 platforms, you probably also want to pass something like +`--enable-amd64-51-30k` to configure script for faster key generation; run `./configure --help` to see all available options. Finally, `make` to start building (`gmake` in \*BSD platforms). From f43c3b021e4ace3c79dcad7a4d290fe06b0126c3 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 21 Mar 2021 16:52:15 +0000 Subject: [PATCH 048/107] fix intfilter expansion logic also makes it simpler and probably faster. someone should contrib non-gnuc popcount if they care, i ran out of patience with this (yes i know it's simple) (it probably doesn't even need to be exactly popcount). --- filters_common.inc.h | 1 + filters_main.inc.h | 149 ++++++++++++++++--------------------------- 2 files changed, 57 insertions(+), 93 deletions(-) diff --git a/filters_common.inc.h b/filters_common.inc.h index dbe2fd8..abeb0fe 100644 --- a/filters_common.inc.h +++ b/filters_common.inc.h @@ -5,6 +5,7 @@ static inline size_t S(filter_len)(size_t i) # ifndef OMITMASK const u8 *m = (const u8 *)&VEC_BUF(filters,i).m; # else // OMITMASK + (void) i; const u8 *m = (const u8 *)&ifiltermask; # endif // OMITMASK size_t c = 0; diff --git a/filters_main.inc.h b/filters_main.inc.h index f381a03..65028a6 100644 --- a/filters_main.inc.h +++ b/filters_main.inc.h @@ -17,112 +17,81 @@ static inline int filter_compare(const void *p1,const void *p2) # ifdef EXPANDMASK /* - * for mask expansion, we need to figure out how much bits - * we need to fill in with different values. - * while in big endian machines this is quite easy, - * representation we use for little endian ones may - * leave gap of bits we don't want to touch. - * - * initial idea draft: - * - * raw representation -- FF.FF.F0.00 - * big endian -- 0xFFFFF000 - * little endian -- 0x00F0FFFF - * b: 0xFFffF000 ^ 0xFFff0000 -> 0x0000F000 - * 0x0000F000 + 1 -> 0x0000F001 - * 0x0000F000 & 0x0000F001 -> 0x0000F000 <- shifted mask - * 0x0000F000 ^ 0x0000F000 -> 0x00000000 <- direct mask - * 0x0000F000 ^ 0x00000000 -> 0x0000F000 <- shifted mask - * l: 0x00f0FFff ^ 0x0000FFff -> 0x00f00000 - * 0x00f00000 + 1 -> 0x00f00001 - * 0x00f00000 & 0x00f00001 -> 0x00f00000 <- shifted mask - * 0x00f00000 ^ 0x00f00000 -> 0x00000000 <- direct mask - * 0x00f00000 ^ 0x00000000 -> 0x00f00000 <- shifted mask - * - * b: 0xFFffFFff ^ 0xF0000000 -> 0x0FffFFff - * 0x0FffFFff + 1 -> 0x10000000 - * 0x0FffFFff & 0x10000000 -> 0x00000000 <- shifted mask - * 0x0FffFFff ^ 0x00000000 -> 0x0FffFFff <- direct mask - * 0x0FffFFff ^ 0x0FffFFff -> 0x00000000 <- shifted mask - * l: 0xFFffFFff ^ 0x000000f0 -> 0xFFffFF0f - * 0xFFffFF0f + 1 -> 0xFFffFF10 - * 0xFFffFF0f & 0xFFffFF10 -> 0xFFffFF00 <- shifted mask - * 0xFFffFF0f ^ 0xFFffFF00 -> 0x0000000f <- direct mask - * 0xFFffFF0f ^ 0x0000000f -> 0xFFffFF00 <- shifted mask - * - * essentially, we have to make direct mask + shifted mask bits worth of information - * and then split it into 2 parts - * we do not need absolute shifted mask shifting value, just relative to direct mask - * 0x0sss00dd - shifted & direct mask combo - * 0x000sssdd - combined mask - * 8 - relshiftval - * generate values from 0x00000000 to 0x000sssdd - * for each value, realmask <- (val & 0x000000dd) | ((val & 0x000sss00) << relshiftval) - * or.. - * realmask <- (val & 0x000000dd) | ((val << relshiftval) & 0x0sss0000) - * ... - * - * above method doesn't work in some cases. better way: - * - * l: 0x80ffFFff ^ 0x00f0FFff -> 0x800f0000 - * 0x800f0000 >> 16 -> 0x0000800f - * 0x0000800f + 1 -> 0x00008010 - * 0x0000800f & 0x00008010 -> 0x00008000 <- smask - * 0x0000800f ^ 0x00008000 -> 0x0000000f <- dmask - * - * cross <- difference between mask we desire and mask we currently have - * shift cross to left variable ammount of times to eliminate zeros - * save shift ammount as ishift (initial shift) - * then, we eliminate first area of ones; if there was no gap, result is already all zeros - * save this thing as smask. it's only higher bits. - * XOR smask and cross; result is only lower bits. - * shift smask to left variable ammount of times until gap is eliminated. - * save resulting mask as cmask; - * save resulting shift value as rshift. + * so we have 2 masks with basically random bits + * we first gonna find where these masks are common + * then we gonna find where new mask has more bits than old + * common areas must be unchanged + * gaps in both must be unchanged + * but new bits must be filled + * therefore, lets just fill old gaps and common areas with 1s + * before add, OR with these 1s + * then perform add. these 1s have property to push positive bits to 0s + * we already know how much new gaps we need to fill, so this wont overflow + * after this addition, AND result with NEG of combined mask, and OR with old value + * this will produce new proper value + * we need to re-fill 1s before every add to keep structure working */ int flattened = 0; -#define EXPVAL(init,j,dmask,smask,ishift,rshift) \ - ((init) | ((((j) & (dmask)) | (((j) << (rshift)) & (smask))) << (ishift))) // add expanded set of values // allocates space on its own static void ifilter_addexpanded( struct intfilter *ifltr, - IFT dmask,IFT smask,IFT cmask, - int ishift,int rshift) + register IFT newbits, + register IFT notnewbits, + register IFT newbitsum) { flattened = 1; size_t i = VEC_LENGTH(filters); - VEC_ADDN(filters,cmask + 1); + VEC_ADDN(filters,newbitsum + 1); + register IFT x = ifltr->f; + register IFT y = 0; for (size_t j = 0;;++j) { - VEC_BUF(filters,i + j).f = - EXPVAL(ifltr->f,j,dmask,smask,ishift,rshift); - if (j == cmask) + VEC_BUF(filters,i + j).f = x | y; + if (j == newbitsum) break; + y = ((y | notnewbits) + 1) & newbits; } } // expand existing stuff // allocates needed stuff on its own -static void ifilter_expand(IFT dmask,IFT smask,IFT cmask,int ishift,int rshift) +static void ifilter_expand( + register IFT newbits, + register IFT notnewbits, + register IFT newbitsum) { flattened = 1; size_t len = VEC_LENGTH(filters); - VEC_ADDN(filters,cmask * len); - size_t esz = cmask + 1; // size of expanded elements + VEC_ADDN(filters,newbitsum * len); + size_t esz = newbitsum + 1; // size of expanded elements for (size_t i = len - 1;;--i) { + register IFT x = VEC_BUF(filters,i).f; + register IFT y = 0; for (IFT j = 0;;++j) { - VEC_BUF(filters,i * esz + j).f = - EXPVAL(VEC_BUF(filters,i).f,j,dmask,smask,ishift,rshift); - if (j == cmask) + VEC_BUF(filters,i * esz + j).f = x | y; + if (j == newbitsum) break; + y = ((y | notnewbits) + 1) & newbits; } if (i == 0) break; } } +static IFT ifilter_bitsum(IFT x) +{ + if (sizeof(IFT) == 16) + return (((IFT) 1) << + (__builtin_popcountll((unsigned long long) (x >> (sizeof(IFT) * 8 / 2))) + + __builtin_popcountll((unsigned long long) x))) - 1; + if (sizeof(IFT) == 8) + return (((IFT) 1) << __builtin_popcountll((unsigned long long) x)) - 1; + + return (((IFT) 1) << __builtin_popcount((unsigned int) x)) - 1; +} + static inline void ifilter_addflatten(struct intfilter *ifltr,IFT mask) { if (VEC_LENGTH(filters) == 0) { @@ -136,27 +105,21 @@ static inline void ifilter_addflatten(struct intfilter *ifltr,IFT mask) VEC_ADD(filters,*ifltr); return; } - IFT cross = ifiltermask ^ mask; - int ishift = 0; - while ((cross & 1) == 0) { - ++ishift; - cross >>= 1; - } - IFT smask = cross & (cross + 1); // shift mask - IFT dmask = cross ^ smask; // direct mask - IFT cmask; // combined mask - int rshift = 0; // relative shift - while (cmask = (smask >> rshift) | dmask,(cmask & (cmask + 1)) != 0) - ++rshift; - // preparations done + + IFT newbits = ifiltermask ^ mask; + IFT notnewbits = ~newbits; + IFT newbitsum = ifilter_bitsum(newbits); + if (ifiltermask > mask) { - // already existing stuff has more precise mask than we - // so we need to expand our stuff - ifilter_addexpanded(ifltr,dmask,smask,cmask,ishift,rshift); + // current mask covers more bits + // expand new filter + ifilter_addexpanded(ifltr,newbits,notnewbits,newbitsum); } else { + // new filter mask covers more bits + // adjust current mask and expand current filters ifiltermask = mask; - ifilter_expand(dmask,smask,cmask,ishift,rshift); + ifilter_expand(newbits,notnewbits,newbitsum); VEC_ADD(filters,*ifltr); } } From c9d018a253f382e40d1c5ed5c17671f9c8f26051 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 21 Mar 2021 17:16:23 +0000 Subject: [PATCH 049/107] whatever i implemented it anyway --- GNUmakefile.in | 2 +- filters_main.inc.h | 13 +------------ ifilter_bitsum.h | 27 +++++++++++++++++++++++++++ 3 files changed, 29 insertions(+), 13 deletions(-) create mode 100644 ifilter_bitsum.h diff --git a/GNUmakefile.in b/GNUmakefile.in index c457061..71beef6 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -399,7 +399,7 @@ ioutil.c.o: types.h ioutil.h keccak.c.o: types.h keccak.h main.c.o: types.h vec.h base32.h cpucount.h keccak.h ioutil.h common.h yaml.h main.c.o: filters.h worker.h filters_inc.inc.h filters_main.inc.h -main.c.o: filters_common.inc.h +main.c.o: filters_common.inc.h ifilter_bitsum.h test_base16.c.o: types.h base16.h test_base32.c.o: types.h base32.h test_base64.c.o: types.h base64.h diff --git a/filters_main.inc.h b/filters_main.inc.h index 65028a6..e986f9d 100644 --- a/filters_main.inc.h +++ b/filters_main.inc.h @@ -1,5 +1,6 @@ #include "filters_common.inc.h" +#include "ifilter_bitsum.h" #ifdef INTFILTER @@ -80,18 +81,6 @@ static void ifilter_expand( } } -static IFT ifilter_bitsum(IFT x) -{ - if (sizeof(IFT) == 16) - return (((IFT) 1) << - (__builtin_popcountll((unsigned long long) (x >> (sizeof(IFT) * 8 / 2))) + - __builtin_popcountll((unsigned long long) x))) - 1; - if (sizeof(IFT) == 8) - return (((IFT) 1) << __builtin_popcountll((unsigned long long) x)) - 1; - - return (((IFT) 1) << __builtin_popcount((unsigned int) x)) - 1; -} - static inline void ifilter_addflatten(struct intfilter *ifltr,IFT mask) { if (VEC_LENGTH(filters) == 0) { diff --git a/ifilter_bitsum.h b/ifilter_bitsum.h new file mode 100644 index 0000000..fdbe45e --- /dev/null +++ b/ifilter_bitsum.h @@ -0,0 +1,27 @@ +#ifdef __GNUC__ + +static IFT ifilter_bitsum(IFT x) +{ + if (sizeof(IFT) == 16) + return (((IFT) 1) << + (__builtin_popcountll((unsigned long long) (x >> (sizeof(IFT) * 8 / 2))) + + __builtin_popcountll((unsigned long long) x))) - 1; + if (sizeof(IFT) == 8) + return (((IFT) 1) << __builtin_popcountll((unsigned long long) x)) - 1; + + return (((IFT) 1) << __builtin_popcount((unsigned int) x)) - 1; +} + +#else + +static IFT ifilter_bitsum(IFT x) +{ + int v = 0; + while (x != 0) { + x &= x - 1; + v++; + } + return (((IFT) 1) << v) - 1; +} + +#endif From fc6285523f615e31f9d313a667e6ca8a9d781872 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 23 Mar 2021 10:36:42 +0000 Subject: [PATCH 050/107] fix compilation err in non-intfilter cases --- ifilter_bitsum.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ifilter_bitsum.h b/ifilter_bitsum.h index fdbe45e..2c0a5db 100644 --- a/ifilter_bitsum.h +++ b/ifilter_bitsum.h @@ -1,3 +1,6 @@ + +#ifdef EXPANDMASK + #ifdef __GNUC__ static IFT ifilter_bitsum(IFT x) @@ -12,7 +15,7 @@ static IFT ifilter_bitsum(IFT x) return (((IFT) 1) << __builtin_popcount((unsigned int) x)) - 1; } -#else +#else // __GNUC__ static IFT ifilter_bitsum(IFT x) { @@ -24,4 +27,6 @@ static IFT ifilter_bitsum(IFT x) return (((IFT) 1) << v) - 1; } -#endif +#endif // __GNUC__ + +#endif // EXPANDMASK From ff3873965ffed7fb82014f3d1809c5bf9f9f8c82 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 23 Aug 2021 12:04:34 +0000 Subject: [PATCH 051/107] please new autoconf --- configure.ac | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index 3ff867d..aad12af 100644 --- a/configure.ac +++ b/configure.ac @@ -61,7 +61,7 @@ AC_ARG_ENABLE([ref10], [use SUPERCOP ref10 ed25519 implementation @<:@default=no@:>@])], [ AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "ref10"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="ref10" ], [] @@ -72,7 +72,7 @@ AC_ARG_ENABLE([amd64-51-30k], [use SUPERCOP amd64-51-30k ed25519 implementation @<:@default=no@:>@])], [ AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_51_30k"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="amd64_51_30k" ], [] @@ -83,7 +83,7 @@ AC_ARG_ENABLE([amd64-64-24k], [use SUPERCOP amd64-64-24k ed25519 implementation @<:@default=no@:>@])], [ AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_64_24k"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="amd64_64_24k" ], [] @@ -94,7 +94,7 @@ AC_ARG_ENABLE([donna], [use ed25519-donna implementation @<:@default=yes@:>@])], [ AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="donna" ], [] @@ -105,7 +105,7 @@ AC_ARG_ENABLE([donna-sse2], [use ed25519-donna SSE2 implementation @<:@default=no@:>@])], [ AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna-sse2"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="donna-sse2" ], [] @@ -300,9 +300,9 @@ then MYDEFS="$MYDEFS -DSTATISTICS" fi -AC_ARG_WITH([pcre2],[AC_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"]) +AC_ARG_WITH([pcre2],[AS_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"]) -AC_ARG_ENABLE([regex],[AC_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no]) +AC_ARG_ENABLE([regex],[AS_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no]) case "$enable_regex" in no|"") ;; @@ -329,7 +329,7 @@ yes|pcre2) fi else AC_MSG_RESULT([not found]) - AC_ERROR([pcre2-config cannot be executed]) + AC_MSG_ERROR(pcre2-config cannot be executed) fi ;; *) @@ -359,4 +359,5 @@ AC_SUBST(MYDEFS,["$MYDEFS"]) AC_SUBST(MAINLIB,["$MAINLIB"]) AC_SUBST(NOPIE,["$nopie"]) AC_SUBST(SRCDIR,["$srcdir"]) -AC_OUTPUT(GNUmakefile) +AC_CONFIG_FILES([GNUmakefile]) +AC_OUTPUT From 2a4afad91a72defee1f97f189bba0920bd63fd9e Mon Sep 17 00:00:00 2001 From: scribblemaniac Date: Fri, 15 Oct 2021 22:53:53 -0600 Subject: [PATCH 052/107] Add checkpointing support for passphrases --- main.c | 19 +++++++++++++++++++ worker.c | 2 ++ worker.h | 2 ++ worker_batch_pass.inc.h | 23 ++++++++++++++++++++++- worker_fast_pass.inc.h | 23 ++++++++++++++++++++++- 5 files changed, 67 insertions(+), 2 deletions(-) diff --git a/main.c b/main.c index cec31bb..05bfcb7 100644 --- a/main.c +++ b/main.c @@ -112,6 +112,7 @@ static void printhelp(FILE *out,const char *progname) #ifdef PASSPHRASE "\t-p passphrase - use passphrase to initialize the random seed with\n" "\t-P - same as -p, but takes passphrase from PASSPHRASE environment variable\n" + "\t-c filename - load/save checkpoint of progress to specified file (requires passphrase)\n" #endif ,progname,progname); fflush(out); @@ -393,6 +394,12 @@ int main(int argc,char **argv) setpassphrase(pass); deterministic = 1; } + else if (*arg == 'c') { + if (argc--) + checkpointfile = *argv++; + else + e_additional(); + } #endif // PASSPHRASE else { fprintf(stderr,"unrecognised argument: -%c\n",*arg); @@ -465,6 +472,18 @@ int main(int argc,char **argv) goto done; } + if (checkpointfile) { + // Read current checkpoint position if file exists + FILE *checkout = fopen(checkpointfile, "r"); + if (checkout) { + if(fread(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { + fprintf(stderr,"failed to read checkpoint file\n"); + exit(1); + } + fclose(checkout); + } + } + filters_prepare(); filters_print(); diff --git a/worker.c b/worker.c index f0aaf62..475d2a3 100644 --- a/worker.c +++ b/worker.c @@ -63,6 +63,8 @@ void worker_init(void) pthread_mutex_t determseed_mutex; u8 determseed[SEED_LEN]; +u8 checkpoint[SEED_LEN]; +const char *checkpointfile = 0; #endif diff --git a/worker.h b/worker.h index 7f50f6f..d20d037 100644 --- a/worker.h +++ b/worker.h @@ -33,6 +33,8 @@ VEC_STRUCT(statsvec,struct statstruct); #ifdef PASSPHRASE extern pthread_mutex_t determseed_mutex; extern u8 determseed[SEED_LEN]; +extern u8 checkpoint[SEED_LEN]; +extern const char *checkpointfile; #endif extern void worker_init(void); diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index 3676eec..ecdcb45 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -36,18 +36,39 @@ void *worker_batch_pass(void *task) sname = makesname(); + // load checkpoint + pthread_mutex_lock(&determseed_mutex); + for (int i = 0; i < SEED_LEN; i++) + determseed[i] += checkpoint[i]; + pthread_mutex_unlock(&determseed_mutex); + initseed: #ifdef STATISTICS ++st->numrestart.v; #endif pthread_mutex_lock(&determseed_mutex); - for (int i = 0; i < SEED_LEN; i++) + for (int i = 0; i < SEED_LEN; i++) { + ++checkpoint[i]; if (++determseed[i]) break; + } memcpy(seed, determseed, SEED_LEN); pthread_mutex_unlock(&determseed_mutex); + if (checkpointfile) { + FILE *checkout = fopen(checkpointfile, "w"); + if (!checkout) { + fprintf(stderr,"cannot open checkpoint file for writing\n"); + exit(1); + } + if(fwrite(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { + fprintf(stderr,"cannot write to checkpoint file\n"); + exit(1); + } + fclose(checkout); + } + ed25519_seckey_expand(sk,seed); ge_scalarmult_base(&ge_public,sk); diff --git a/worker_fast_pass.inc.h b/worker_fast_pass.inc.h index 2d482b3..3f281b5 100644 --- a/worker_fast_pass.inc.h +++ b/worker_fast_pass.inc.h @@ -33,18 +33,39 @@ void *worker_fast_pass(void *task) sname = makesname(); + // load checkpoint + pthread_mutex_lock(&determseed_mutex); + for (int i = 0; i < SEED_LEN; i++) + determseed[i] += checkpoint[i]; + pthread_mutex_unlock(&determseed_mutex); + initseed: #ifdef STATISTICS ++st->numrestart.v; #endif pthread_mutex_lock(&determseed_mutex); - for (int i = 0; i < SEED_LEN; i++) + for (int i = 0; i < SEED_LEN; i++) { + ++checkpoint[i]; if (++determseed[i]) break; + } memcpy(seed, determseed, SEED_LEN); pthread_mutex_unlock(&determseed_mutex); + if (checkpointfile) { + FILE *checkout = fopen(checkpointfile, "w"); + if (!checkout) { + fprintf(stderr,"cannot open checkpoint file for writing\n"); + exit(1); + } + if(fwrite(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { + fprintf(stderr,"cannot write to checkpoint file\n"); + exit(1); + } + fclose(checkout); + } + ed25519_seckey_expand(sk,seed); ge_scalarmult_base(&ge_public,sk); From 7dea621e419119786122879725add5b9b908ba06 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 2 Nov 2021 15:07:37 +0000 Subject: [PATCH 053/107] some tweaks --- .gitignore | 1 + worker_batch.inc.h | 2 ++ worker_batch_pass.inc.h | 2 ++ worker_slow.inc.h | 1 + 4 files changed, 6 insertions(+) diff --git a/.gitignore b/.gitignore index 76500c6..01a1447 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ mkp224o # garbage configure +configure~ GNUmakefile GNUmakefile.in.bak config.status diff --git a/worker_batch.inc.h b/worker_batch.inc.h index 8de5330..508f7ab 100644 --- a/worker_batch.inc.h +++ b/worker_batch.inc.h @@ -21,6 +21,8 @@ void *worker_batch(void *task) #ifdef STATISTICS struct statstruct *st = (struct statstruct *)task; +#else + (void) task; #endif PREFILTER diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index 3676eec..74320a4 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -22,6 +22,8 @@ void *worker_batch_pass(void *task) #ifdef STATISTICS struct statstruct *st = (struct statstruct *)task; +#else + (void) task; #endif PREFILTER diff --git a/worker_slow.inc.h b/worker_slow.inc.h index 799e4aa..2df8930 100644 --- a/worker_slow.inc.h +++ b/worker_slow.inc.h @@ -17,6 +17,7 @@ void *worker_slow(void *task) #else (void) task; #endif + PREFILTER memcpy(secret,skprefix,SKPREFIX_SIZE); From f1c56e74805fd0f6268c5d1a899f96b32b912c83 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 2 Nov 2021 17:32:10 +0200 Subject: [PATCH 054/107] idk --- worker.c | 6 +++--- worker_batch.inc.h | 4 ++++ worker_batch_pass.inc.h | 4 ++++ worker_fast.inc.h | 4 ++++ worker_fast_pass.inc.h | 4 ++++ worker_slow.inc.h | 4 ++++ 6 files changed, 23 insertions(+), 3 deletions(-) diff --git a/worker.c b/worker.c index f0aaf62..818413c 100644 --- a/worker.c +++ b/worker.c @@ -98,9 +98,9 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) // Sanity check that the public key matches the private one. ge_p3 ALIGN(16) point; u8 testpk[PUBLIC_LEN]; - ge_scalarmult_base(&point, secret); - ge_p3_tobytes(testpk, &point); - if (!memcmp(testpk, pubonion, PUBLIC_LEN)) + ge_scalarmult_base(&point,secret); + ge_p3_tobytes(testpk,&point); + if (!memcmp(testpk,pubonion,PUBLIC_LEN)) abort(); #endif diff --git a/worker_batch.inc.h b/worker_batch.inc.h index 508f7ab..2e0788f 100644 --- a/worker_batch.inc.h +++ b/worker_batch.inc.h @@ -38,6 +38,7 @@ void *worker_batch(void *task) sname = makesname(); initseed: + #ifdef STATISTICS ++st->numrestart.v; #endif @@ -114,8 +115,11 @@ initseed: end: free(sname); + POSTFILTER + sodium_memzero(secret,sizeof(secret)); sodium_memzero(seed,sizeof(seed)); + return 0; } diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index 74320a4..5f07c70 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -39,6 +39,7 @@ void *worker_batch_pass(void *task) sname = makesname(); initseed: + #ifdef STATISTICS ++st->numrestart.v; #endif @@ -191,9 +192,12 @@ initseed: end: free(sname); + POSTFILTER + sodium_memzero(secret,sizeof(secret)); sodium_memzero(seed,sizeof(seed)); + return 0; } #endif // PASSPHRASE diff --git a/worker_fast.inc.h b/worker_fast.inc.h index 141a34b..1d7443f 100644 --- a/worker_fast.inc.h +++ b/worker_fast.inc.h @@ -33,6 +33,7 @@ void *worker_fast(void *task) sname = makesname(); initseed: + #ifdef STATISTICS ++st->numrestart.v; #endif @@ -96,8 +97,11 @@ initseed: end: free(sname); + POSTFILTER + sodium_memzero(secret,sizeof(secret)); sodium_memzero(seed,sizeof(seed)); + return 0; } diff --git a/worker_fast_pass.inc.h b/worker_fast_pass.inc.h index 2d482b3..132aed6 100644 --- a/worker_fast_pass.inc.h +++ b/worker_fast_pass.inc.h @@ -34,6 +34,7 @@ void *worker_fast_pass(void *task) sname = makesname(); initseed: + #ifdef STATISTICS ++st->numrestart.v; #endif @@ -104,9 +105,12 @@ initseed: end: free(sname); + POSTFILTER + sodium_memzero(secret,sizeof(secret)); sodium_memzero(seed,sizeof(seed)); + return 0; } #endif // PASSPHRASE diff --git a/worker_slow.inc.h b/worker_slow.inc.h index 2df8930..278b58b 100644 --- a/worker_slow.inc.h +++ b/worker_slow.inc.h @@ -33,6 +33,7 @@ void *worker_slow(void *task) initseed: randombytes(seed,sizeof(seed)); ed25519_seckey_expand(sk,seed); + #ifdef STATISTICS ++st->numrestart.v; #endif @@ -83,8 +84,11 @@ next: end: free(sname); + POSTFILTER + sodium_memzero(secret,sizeof(secret)); sodium_memzero(seed,sizeof(seed)); + return 0; } From e12a3eb7c974c623ebfaf0e2b0c0a9c93d2c1e74 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 2 Nov 2021 17:07:30 +0000 Subject: [PATCH 055/107] apparently this check was always wrong lmao --- worker.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/worker.c b/worker.c index 818413c..7f8cb03 100644 --- a/worker.c +++ b/worker.c @@ -98,9 +98,9 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) // Sanity check that the public key matches the private one. ge_p3 ALIGN(16) point; u8 testpk[PUBLIC_LEN]; - ge_scalarmult_base(&point,secret); + ge_scalarmult_base(&point,&secret[SKPREFIX_SIZE]); ge_p3_tobytes(testpk,&point); - if (!memcmp(testpk,pubonion,PUBLIC_LEN)) + if (memcmp(testpk,&pubonion[PKPREFIX_SIZE],PUBLIC_LEN) != 0) abort(); #endif From eea863e3ac543167df639b8888849330466ff995 Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 3 Nov 2021 00:20:43 +0000 Subject: [PATCH 056/107] a bit of calcest and some other stuff --- .gitignore | 2 ++ GNUmakefile.in | 1 + calcest.c | 11 ++++++----- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 01a1447..4d8142e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ # output files mkp224o +calcest +test_* *.o # generated onions diff --git a/GNUmakefile.in b/GNUmakefile.in index 71beef6..d566837 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -57,6 +57,7 @@ TEST_ED25519_OBJ= \ ALL_O= $(sort \ $(MAIN_OBJ) \ + $(UTIL_CALCEST_OBJ) \ $(TEST_BASE64_OBJ) \ $(TEST_BASE32_OBJ) \ $(TEST_BASE16_OBJ) \ diff --git a/calcest.c b/calcest.c index 28d9c98..0315a3a 100644 --- a/calcest.c +++ b/calcest.c @@ -15,19 +15,20 @@ */ const double probs[] = { 0.5, 0.8, 0.9, 0.95, 0.99 }; -const int charcounts[] = { 2, 3, 4, 5, 6, 7 }; +const int charcounts[] = { 2, 3, 4, 5, 6, 7, 8, 9, 10 }; -int main(void) +int main(int argc,char **argv) { + printf(" |"); for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { - printf(" %11d%% |",(int)((probs[i]*100)+0.5)); + printf(" %15d%% |",(int)((probs[i]*100)+0.5)); } printf("\n"); printf("---+"); for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { - printf("--------------+"); + printf("------------------+"); } printf("\n"); @@ -35,7 +36,7 @@ int main(void) printf("%2d |",charcounts[i]); for (size_t j = 0; j < sizeof(probs)/sizeof(probs[0]); ++j) { double t = log2(1 - probs[j]) / log2(1 - (1 / pow(32,charcounts[i]))); - printf(" %12.0f |",t); + printf(" %16.0f |",t); } printf("\n"); } From d6e2aecf520ed2ed637da536aeb728dd53f03655 Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 3 Nov 2021 19:57:41 +0200 Subject: [PATCH 057/107] small fixup --- worker_batch_pass.inc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index 5f07c70..44006ff 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -136,7 +136,7 @@ initseed: ge_p1p1_to_p3(&ge_public,&sum); } // NOTE: leaves unfinished one bit at the very end - ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,batchgez,tmp_batch,remaining); + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,tmp_batch,remaining); #ifdef STATISTICS st->numcalc.v += remaining; From c9396de8b2bd65084c82e3bde52b041f18e6ff15 Mon Sep 17 00:00:00 2001 From: scribblemaniac Date: Fri, 5 Nov 2021 17:27:14 -0600 Subject: [PATCH 058/107] Use long argument for checkpoint --- main.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/main.c b/main.c index 05bfcb7..92031d1 100644 --- a/main.c +++ b/main.c @@ -112,7 +112,7 @@ static void printhelp(FILE *out,const char *progname) #ifdef PASSPHRASE "\t-p passphrase - use passphrase to initialize the random seed with\n" "\t-P - same as -p, but takes passphrase from PASSPHRASE environment variable\n" - "\t-c filename - load/save checkpoint of progress to specified file (requires passphrase)\n" + "\t--checkpoint filename - load/save checkpoint of progress to specified file (requires passphrase)\n" #endif ,progname,progname); fflush(out); @@ -249,6 +249,14 @@ int main(int argc,char **argv) } else if (!strcmp(arg,"rawyaml")) yamlraw = 1; +#ifdef PASSPHRASE + else if (!strcmp(arg,"checkpoint")) { + if (argc--) + checkpointfile = *argv++; + else + e_additional(); + } +#endif // PASSPHRASE else { fprintf(stderr,"unrecognised argument: --%s\n",arg); exit(1); @@ -394,12 +402,6 @@ int main(int argc,char **argv) setpassphrase(pass); deterministic = 1; } - else if (*arg == 'c') { - if (argc--) - checkpointfile = *argv++; - else - e_additional(); - } #endif // PASSPHRASE else { fprintf(stderr,"unrecognised argument: -%c\n",*arg); From 3706518f76ea35478e304df094693ade65544734 Mon Sep 17 00:00:00 2001 From: scribblemaniac Date: Fri, 5 Nov 2021 19:26:21 -0600 Subject: [PATCH 059/107] Move checkpoint saving to main thread Checkpoints will now be saved every 5 minutes and when the program ends. --- main.c | 79 +++++++++++++++++++++++++++++++++-------- worker.c | 2 -- worker.h | 2 -- worker_batch_pass.inc.h | 23 +----------- worker_fast_pass.inc.h | 23 +----------- 5 files changed, 67 insertions(+), 62 deletions(-) diff --git a/main.c b/main.c index 92031d1..85e637c 100644 --- a/main.c +++ b/main.c @@ -58,6 +58,11 @@ size_t printlen; // precalculated, related to printstartpos pthread_mutex_t fout_mutex; FILE *fout; +#ifdef PASSPHRASE +u8 orig_determseed[SEED_LEN]; +const char *checkpointfile = 0; +#endif + static void termhandler(int sig) { switch (sig) { @@ -174,6 +179,35 @@ static void setpassphrase(const char *pass) } fprintf(stderr," done.\n"); } + +static void savecheckpoint(void) +{ + if (checkpointfile) { + // Open checkpoint file + FILE *checkout = fopen(checkpointfile, "w"); + if (!checkout) { + fprintf(stderr,"cannot open checkpoint file for writing\n"); + exit(1); + } + + // Calculate checkpoint as the difference between original seed and the current seed + u8 checkpoint[SEED_LEN]; + bool carry = 0; + pthread_mutex_lock(&determseed_mutex); + for (int i = 0; i < SEED_LEN; i++) { + checkpoint[i] = determseed[i] - orig_determseed[i] - carry; + carry = checkpoint[i] > determseed[i]; + } + pthread_mutex_unlock(&determseed_mutex); + + // Write checkpoint file + if(fwrite(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { + fprintf(stderr,"cannot write to checkpoint file\n"); + exit(1); + } + fclose(checkout); + } +} #endif VEC_STRUCT(threadvec, pthread_t); @@ -474,18 +508,6 @@ int main(int argc,char **argv) goto done; } - if (checkpointfile) { - // Read current checkpoint position if file exists - FILE *checkout = fopen(checkpointfile, "r"); - if (checkout) { - if(fread(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { - fprintf(stderr,"failed to read checkpoint file\n"); - exit(1); - } - fclose(checkout); - } - } - filters_prepare(); filters_print(); @@ -521,8 +543,27 @@ int main(int argc,char **argv) numthreads,numthreads == 1 ? "thread" : "threads"); #ifdef PASSPHRASE - if (!quietflag && deterministic && numneedgenerate != 1) - fprintf(stderr,"CAUTION: avoid using keys generated with same password for unrelated services, as single leaked key may help attacker to regenerate related keys.\n"); + memcpy(orig_determseed, determseed, sizeof(determseed)); + if (deterministic) { + if (!quietflag && numneedgenerate != 1) + fprintf(stderr,"CAUTION: avoid using keys generated with same password for unrelated services, as single leaked key may help attacker to regenerate related keys.\n"); + if (checkpointfile) { + // Read current checkpoint position if file exists + FILE *checkout = fopen(checkpointfile, "r"); + if (checkout) { + u8 checkpoint[SEED_LEN]; + if(fread(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { + fprintf(stderr,"failed to read checkpoint file\n"); + exit(1); + } + fclose(checkout); + + // Apply checkpoint to determseed + for (int i = 0; i < SEED_LEN; i++) + determseed[i] += checkpoint[i]; + } + } + } #endif signal(SIGTERM,termhandler); @@ -605,11 +646,17 @@ int main(int argc,char **argv) struct timespec ts; memset(&ts,0,sizeof(ts)); ts.tv_nsec = 100000000; + u16 loopcounter = 0; while (!endwork) { if (numneedgenerate && keysgenerated >= numneedgenerate) { endwork = 1; break; } + loopcounter++; + if (loopcounter >= 3000) { // Save checkpoint every 5 minutes + savecheckpoint(); + loopcounter = 0; + } nanosleep(&ts,0); #ifdef STATISTICS @@ -675,6 +722,10 @@ int main(int argc,char **argv) #endif } +#ifdef PASSPHRASE + savecheckpoint(); +#endif + if (!quietflag) fprintf(stderr,"waiting for threads to finish..."); for (size_t i = 0;i < VEC_LENGTH(threads);++i) diff --git a/worker.c b/worker.c index 475d2a3..f0aaf62 100644 --- a/worker.c +++ b/worker.c @@ -63,8 +63,6 @@ void worker_init(void) pthread_mutex_t determseed_mutex; u8 determseed[SEED_LEN]; -u8 checkpoint[SEED_LEN]; -const char *checkpointfile = 0; #endif diff --git a/worker.h b/worker.h index d20d037..7f50f6f 100644 --- a/worker.h +++ b/worker.h @@ -33,8 +33,6 @@ VEC_STRUCT(statsvec,struct statstruct); #ifdef PASSPHRASE extern pthread_mutex_t determseed_mutex; extern u8 determseed[SEED_LEN]; -extern u8 checkpoint[SEED_LEN]; -extern const char *checkpointfile; #endif extern void worker_init(void); diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index ecdcb45..3676eec 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -36,39 +36,18 @@ void *worker_batch_pass(void *task) sname = makesname(); - // load checkpoint - pthread_mutex_lock(&determseed_mutex); - for (int i = 0; i < SEED_LEN; i++) - determseed[i] += checkpoint[i]; - pthread_mutex_unlock(&determseed_mutex); - initseed: #ifdef STATISTICS ++st->numrestart.v; #endif pthread_mutex_lock(&determseed_mutex); - for (int i = 0; i < SEED_LEN; i++) { - ++checkpoint[i]; + for (int i = 0; i < SEED_LEN; i++) if (++determseed[i]) break; - } memcpy(seed, determseed, SEED_LEN); pthread_mutex_unlock(&determseed_mutex); - if (checkpointfile) { - FILE *checkout = fopen(checkpointfile, "w"); - if (!checkout) { - fprintf(stderr,"cannot open checkpoint file for writing\n"); - exit(1); - } - if(fwrite(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { - fprintf(stderr,"cannot write to checkpoint file\n"); - exit(1); - } - fclose(checkout); - } - ed25519_seckey_expand(sk,seed); ge_scalarmult_base(&ge_public,sk); diff --git a/worker_fast_pass.inc.h b/worker_fast_pass.inc.h index 3f281b5..2d482b3 100644 --- a/worker_fast_pass.inc.h +++ b/worker_fast_pass.inc.h @@ -33,39 +33,18 @@ void *worker_fast_pass(void *task) sname = makesname(); - // load checkpoint - pthread_mutex_lock(&determseed_mutex); - for (int i = 0; i < SEED_LEN; i++) - determseed[i] += checkpoint[i]; - pthread_mutex_unlock(&determseed_mutex); - initseed: #ifdef STATISTICS ++st->numrestart.v; #endif pthread_mutex_lock(&determseed_mutex); - for (int i = 0; i < SEED_LEN; i++) { - ++checkpoint[i]; + for (int i = 0; i < SEED_LEN; i++) if (++determseed[i]) break; - } memcpy(seed, determseed, SEED_LEN); pthread_mutex_unlock(&determseed_mutex); - if (checkpointfile) { - FILE *checkout = fopen(checkpointfile, "w"); - if (!checkout) { - fprintf(stderr,"cannot open checkpoint file for writing\n"); - exit(1); - } - if(fwrite(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { - fprintf(stderr,"cannot write to checkpoint file\n"); - exit(1); - } - fclose(checkout); - } - ed25519_seckey_expand(sk,seed); ge_scalarmult_base(&ge_public,sk); From 73d2791286a4afb470a5976ade707fc79f7bf1b0 Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 8 Dec 2021 16:25:58 +0000 Subject: [PATCH 060/107] fix default ed25519 impl check in configure.ac --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index aad12af..35a488e 100644 --- a/configure.ac +++ b/configure.ac @@ -112,7 +112,7 @@ AC_ARG_ENABLE([donna-sse2], ) # default -AS_IF([test "x$ed25519impl" == "x"],[ed25519impl="donna"]) +AS_IF([test "x$ed25519impl" = "x"],[ed25519impl="donna"]) if test "$ed25519impl" = "donna-sse2" then From 5b4074a47eaa3e7d22bcabb1c6dfd2f61af551c2 Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 8 Dec 2021 20:14:20 +0000 Subject: [PATCH 061/107] make checkpoint stuff actually proper --- ioutil.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- ioutil.h | 1 + main.c | 114 ++++++++++++++++++++++++++++-------------- 3 files changed, 225 insertions(+), 40 deletions(-) diff --git a/ioutil.c b/ioutil.c index 4e6aa55..301db77 100644 --- a/ioutil.c +++ b/ioutil.c @@ -2,6 +2,8 @@ #include #include "types.h" #include "ioutil.h" +#include "vec.h" +#include #ifndef _WIN32 @@ -31,7 +33,7 @@ FH createfile(const char *path,int secret) int fd; do { fd = open(path,O_WRONLY | O_CREAT | O_TRUNC,secret ? 0600 : 0666); - if (fd == -1) { + if (fd < 0) { if (errno == EINTR) continue; return -1; @@ -45,7 +47,7 @@ int closefile(FH fd) int cret; do { cret = close(fd); - if (cret == -1) { + if (cret < 0) { if (errno == EINTR) continue; return -1; @@ -59,6 +61,107 @@ int createdir(const char *path,int secret) return mkdir(path,secret ? 0700 : 0777); } +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen) +{ + //fprintf(stderr,"filename = %s\n",filename); + + VEC_STRUCT(,char) tmpname; + size_t fnlen = strlen(filename); + VEC_INIT(tmpname); + VEC_ADDN(tmpname,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); + memcpy(&VEC_BUF(tmpname,0),filename,fnlen); + strcpy(&VEC_BUF(tmpname,fnlen),".tmp"); + const char *tmpnamestr = &VEC_BUF(tmpname,0); + + //fprintf(stderr,"tmpnamestr = %s\n",tmpnamestr); + + FH f = createfile(tmpnamestr,secret); + if (f == FH_invalid) + return -1; + + if (writeall(f,data,datalen) < 0) { + closefile(f); + remove(tmpnamestr); + return -1; + } + + int sret; + do { + sret = fsync(f); + if (sret < 0) { + if (errno == EINTR) + continue; + + closefile(f); + remove(tmpnamestr); + return -1; + } + } while (0); + + if (closefile(f) < 0) { + remove(tmpnamestr); + return -1; + } + + if (rename(tmpnamestr,filename) < 0) { + remove(tmpnamestr); + return -1; + } + + VEC_STRUCT(,char) dirname; + const char *dirnamestr; + + for (ssize_t x = ((ssize_t)fnlen) - 1;x >= 0;--x) { + if (filename[x] == '/') { + if (x) + --x; + ++x; + VEC_INIT(dirname); + VEC_ADDN(dirname,x + 1); + memcpy(&VEC_BUF(dirname,0),filename,x); + VEC_BUF(dirname,x) = '\0'; + dirnamestr = &VEC_BUF(dirname,0); + goto foundslash; + } + } + /* not found slash, fall back to "." */ + dirnamestr = "."; + +foundslash: + //fprintf(stderr,"dirnamestr = %s\n",dirnamestr); + ; + + int dirf; + do { + dirf = open(dirnamestr,O_RDONLY); + if (dirf < 0) { + if (errno == EINTR) + continue; + + // failed for non-eintr reasons + goto skipdsync; // don't really care enough + } + } while (0); + + do { + sret = fsync(dirf); + if (sret < 0) { + if (errno == EINTR) + continue; + + // failed for non-eintr reasons + break; // don't care + } + } while (0); + + (void) closefile(dirf); // don't care + +skipdsync: + + return 0; +} + + #else int writeall(FH fd,const u8 *data,size_t len) @@ -99,6 +202,49 @@ int createdir(const char *path,int secret) return CreateDirectoryA(path,0) ? 0 : -1; } + + +int syncwrite(const char *filename,int secret,const char *data,size_t datalen) +{ + VEC_STRUCT(,char) tmpname; + size_t fnlen = strlen(filename); + VEC_INIT(tmpname); + VEC_ADDN(tmpname,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); + memcpy(&VEC_BUF(tmpname,0),filename,fnlen); + strcpy(&VEC_BUF(tmpname,fnlen),".tmp"); + const char *tmpnamestr = &VEC_BUF(tmpname,0); + + FH f = createfile(tmpnamestr,secret) + if (f == FH_invalid) + return -1; + + if (writeall(f,data,datalen) < 0) { + closefile(f); + remove(tmpnamestr); + return -1; + } + + if (FlushFileBuffers(f) == 0) { + closefile(f); + remove(tmpnamestr); + return -1; + } + + if (closefile(f) < 0) { + remove(tmpnamestr); + return -1; + } + + if (MoveFileA(tmpnamestr,filename) == 0) { + remove(tmpnamestr); + return -1; + } + + // can't fsync parent dir on windows so just end here + + return 0; +} + #endif int writetofile(const char *path,const u8 *data,size_t len,int secret) diff --git a/ioutil.h b/ioutil.h index c7a1dab..5244508 100644 --- a/ioutil.h +++ b/ioutil.h @@ -18,3 +18,4 @@ int closefile(FH fd); int writeall(FH,const u8 *data,size_t len); int writetofile(const char *path,const u8 *data,size_t len,int secret); int createdir(const char *path,int secret); +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen); diff --git a/main.c b/main.c index 85e637c..30c630e 100644 --- a/main.c +++ b/main.c @@ -29,6 +29,8 @@ #include "worker.h" +#include "likely.h" + #ifndef _WIN32 #define FSZ "%zu" #else @@ -182,35 +184,55 @@ static void setpassphrase(const char *pass) static void savecheckpoint(void) { - if (checkpointfile) { - // Open checkpoint file - FILE *checkout = fopen(checkpointfile, "w"); - if (!checkout) { - fprintf(stderr,"cannot open checkpoint file for writing\n"); - exit(1); - } - - // Calculate checkpoint as the difference between original seed and the current seed - u8 checkpoint[SEED_LEN]; - bool carry = 0; - pthread_mutex_lock(&determseed_mutex); - for (int i = 0; i < SEED_LEN; i++) { - checkpoint[i] = determseed[i] - orig_determseed[i] - carry; - carry = checkpoint[i] > determseed[i]; - } - pthread_mutex_unlock(&determseed_mutex); - - // Write checkpoint file - if(fwrite(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { - fprintf(stderr,"cannot write to checkpoint file\n"); - exit(1); - } - fclose(checkout); + u8 checkpoint[SEED_LEN]; + bool carry = 0; + pthread_mutex_lock(&determseed_mutex); + for (int i = 0; i < SEED_LEN; i++) { + checkpoint[i] = determseed[i] - orig_determseed[i] - carry; + carry = checkpoint[i] > determseed[i]; } + pthread_mutex_unlock(&determseed_mutex); + + if (syncwrite(checkpointfile,1,checkpoint,SEED_LEN) < 0) { + pthread_mutex_lock(&fout_mutex); + fprintf(stderr,"ERROR: could not save checkpoint\n"); + pthread_mutex_unlock(&fout_mutex); + } +} + +static volatile int checkpointer_endwork = 0; + +static void *checkpointworker(void *arg) +{ + (void) arg; + + struct timespec ts; + memset(&ts,0,sizeof(ts)); + ts.tv_nsec = 100000000; + + struct timespec nowtime; + u64 ilasttime,inowtime; + clock_gettime(CLOCK_MONOTONIC,&nowtime); + ilasttime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); + + while (!unlikely(checkpointer_endwork)) { + + clock_gettime(CLOCK_MONOTONIC,&nowtime); + inowtime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); + + if (inowtime - ilasttime >= 300 * 1000000 /* 5 minutes */) { + savecheckpoint(); + ilasttime = inowtime; + } + } + + savecheckpoint(); + + return 0; } #endif -VEC_STRUCT(threadvec, pthread_t); +VEC_STRUCT(threadvec,pthread_t); #include "filters_inc.inc.h" #include "filters_main.inc.h" @@ -458,6 +480,11 @@ int main(int argc,char **argv) exit(1); } + if (checkpointfile && !deterministic) { + fprintf(stderr,"--checkpoint requires passphrase\n"); + exit(1); + } + if (outfile) { fout = fopen(outfile,!outfileoverwrite ? "a" : "w"); if (!fout) { @@ -543,16 +570,16 @@ int main(int argc,char **argv) numthreads,numthreads == 1 ? "thread" : "threads"); #ifdef PASSPHRASE - memcpy(orig_determseed, determseed, sizeof(determseed)); if (deterministic) { + memcpy(orig_determseed,determseed,sizeof(determseed)); if (!quietflag && numneedgenerate != 1) fprintf(stderr,"CAUTION: avoid using keys generated with same password for unrelated services, as single leaked key may help attacker to regenerate related keys.\n"); if (checkpointfile) { // Read current checkpoint position if file exists - FILE *checkout = fopen(checkpointfile, "r"); + FILE *checkout = fopen(checkpointfile,"r"); if (checkout) { u8 checkpoint[SEED_LEN]; - if(fread(checkpoint, 1, SEED_LEN, checkout) != SEED_LEN) { + if(fread(checkpoint,1,SEED_LEN,checkout) != SEED_LEN) { fprintf(stderr,"failed to read checkpoint file\n"); exit(1); } @@ -634,6 +661,18 @@ int main(int argc,char **argv) perror("pthread_attr_destroy"); } +#if PASSPHRASE + pthread_t checkpoint_thread; + + if (checkpointfile) { + tret = pthread_create(&checkpoint_thread,NULL,checkpointworker,NULL); + if (tret) { + fprintf(stderr,"error while making checkpoint thread: %s\n",strerror(tret)); + exit(1); + } + } +#endif + #ifdef STATISTICS struct timespec nowtime; u64 istarttime,inowtime,ireporttime = 0,elapsedoffset = 0; @@ -643,20 +682,15 @@ int main(int argc,char **argv) } istarttime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); #endif + struct timespec ts; memset(&ts,0,sizeof(ts)); ts.tv_nsec = 100000000; - u16 loopcounter = 0; while (!endwork) { if (numneedgenerate && keysgenerated >= numneedgenerate) { endwork = 1; break; } - loopcounter++; - if (loopcounter >= 3000) { // Save checkpoint every 5 minutes - savecheckpoint(); - loopcounter = 0; - } nanosleep(&ts,0); #ifdef STATISTICS @@ -722,14 +756,18 @@ int main(int argc,char **argv) #endif } -#ifdef PASSPHRASE - savecheckpoint(); -#endif - if (!quietflag) fprintf(stderr,"waiting for threads to finish..."); + for (size_t i = 0;i < VEC_LENGTH(threads);++i) pthread_join(VEC_BUF(threads,i),0); +#ifdef PASSPHRASE + if (checkpointfile) { + checkpointer_endwork = 1; + pthread_join(checkpoint_thread,0); + } +#endif + if (!quietflag) fprintf(stderr," done.\n"); From 90fe9f35d1d74dd794452e0372cdfc6742fe4dd3 Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 8 Dec 2021 20:22:24 +0000 Subject: [PATCH 062/107] some tweaks --- ioutil.c | 3 --- main.c | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/ioutil.c b/ioutil.c index 301db77..89fd1c3 100644 --- a/ioutil.c +++ b/ioutil.c @@ -161,7 +161,6 @@ skipdsync: return 0; } - #else int writeall(FH fd,const u8 *data,size_t len) @@ -202,8 +201,6 @@ int createdir(const char *path,int secret) return CreateDirectoryA(path,0) ? 0 : -1; } - - int syncwrite(const char *filename,int secret,const char *data,size_t datalen) { VEC_STRUCT(,char) tmpname; diff --git a/main.c b/main.c index 30c630e..eac7cd6 100644 --- a/main.c +++ b/main.c @@ -220,7 +220,7 @@ static void *checkpointworker(void *arg) clock_gettime(CLOCK_MONOTONIC,&nowtime); inowtime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); - if (inowtime - ilasttime >= 300 * 1000000 /* 5 minutes */) { + if ((i64)(inowtime - ilasttime) >= 300 * 1000000 /* 5 minutes */) { savecheckpoint(); ilasttime = inowtime; } @@ -718,7 +718,7 @@ int main(int argc,char **argv) VEC_BUF(tstats,i).numrestart += (u64)tdiff; sumrestart += VEC_BUF(tstats,i).numrestart; } - if (reportdelay && (!ireporttime || inowtime - ireporttime >= reportdelay)) { + if (reportdelay && (!ireporttime || (i64)(inowtime - ireporttime) >= (i64)reportdelay)) { if (ireporttime) ireporttime += reportdelay; else From 1679e51e1b94daf35b8f71f8ea96a5ddaf41627e Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 8 Dec 2021 20:24:55 +0000 Subject: [PATCH 063/107] move this there --- main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.c b/main.c index eac7cd6..12bd1f3 100644 --- a/main.c +++ b/main.c @@ -571,10 +571,10 @@ int main(int argc,char **argv) #ifdef PASSPHRASE if (deterministic) { - memcpy(orig_determseed,determseed,sizeof(determseed)); if (!quietflag && numneedgenerate != 1) fprintf(stderr,"CAUTION: avoid using keys generated with same password for unrelated services, as single leaked key may help attacker to regenerate related keys.\n"); if (checkpointfile) { + memcpy(orig_determseed,determseed,sizeof(determseed)); // Read current checkpoint position if file exists FILE *checkout = fopen(checkpointfile,"r"); if (checkout) { From 67868f41264e0bb43d7572e581e29626ebaf696a Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 10 Dec 2021 13:27:01 +0200 Subject: [PATCH 064/107] cleanup, free memory --- ioutil.c | 139 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 85 insertions(+), 54 deletions(-) diff --git a/ioutil.c b/ioutil.c index 89fd1c3..cc430df 100644 --- a/ioutil.c +++ b/ioutil.c @@ -1,5 +1,6 @@ #include #include +#include #include "types.h" #include "ioutil.h" #include "vec.h" @@ -61,28 +62,14 @@ int createdir(const char *path,int secret) return mkdir(path,secret ? 0700 : 0777); } -int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen) +static int syncwritefile(const char *filename,const char *tmpname,int secret,const u8 *data,size_t datalen) { - //fprintf(stderr,"filename = %s\n",filename); - - VEC_STRUCT(,char) tmpname; - size_t fnlen = strlen(filename); - VEC_INIT(tmpname); - VEC_ADDN(tmpname,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); - memcpy(&VEC_BUF(tmpname,0),filename,fnlen); - strcpy(&VEC_BUF(tmpname,fnlen),".tmp"); - const char *tmpnamestr = &VEC_BUF(tmpname,0); - - //fprintf(stderr,"tmpnamestr = %s\n",tmpnamestr); - - FH f = createfile(tmpnamestr,secret); + FH f = createfile(tmpname,secret); if (f == FH_invalid) return -1; if (writeall(f,data,datalen) < 0) { - closefile(f); - remove(tmpnamestr); - return -1; + goto failclose; } int sret; @@ -92,48 +79,76 @@ int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen) if (errno == EINTR) continue; - closefile(f); - remove(tmpnamestr); - return -1; + goto failclose; } } while (0); if (closefile(f) < 0) { - remove(tmpnamestr); - return -1; + goto failrm; } - if (rename(tmpnamestr,filename) < 0) { - remove(tmpnamestr); - return -1; + if (rename(tmpname,filename) < 0) { + goto failrm; } - VEC_STRUCT(,char) dirname; - const char *dirnamestr; + return 0; + +failclose: + (void) closefile(f); +failrm: + remove(tmpname); + + return -1; +} + +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen) +{ + //fprintf(stderr,"filename = %s\n",filename); + + size_t fnlen = strlen(filename); + + VEC_STRUCT(,char) tmpnamebuf; + VEC_INIT(tmpnamebuf); + VEC_ADDN(tmpnamebuf,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); + memcpy(&VEC_BUF(tmpnamebuf,0),filename,fnlen); + strcpy(&VEC_BUF(tmpnamebuf,fnlen),".tmp"); + const char *tmpname = &VEC_BUF(tmpnamebuf,0); + + //fprintf(stderr,"tmpname = %s\n",tmpname); + + int r = syncwritefile(filename,tmpname,secret,data,datalen); + + VEC_FREE(tmpnamebuf); + + if (r < 0) + return r; + + VEC_STRUCT(,char) dirnamebuf; + VEC_INIT(dirnamebuf); + const char *dirname; for (ssize_t x = ((ssize_t)fnlen) - 1;x >= 0;--x) { if (filename[x] == '/') { if (x) --x; ++x; - VEC_INIT(dirname); - VEC_ADDN(dirname,x + 1); - memcpy(&VEC_BUF(dirname,0),filename,x); - VEC_BUF(dirname,x) = '\0'; - dirnamestr = &VEC_BUF(dirname,0); + VEC_ADDN(dirnamebuf,x + 1); + memcpy(&VEC_BUF(dirnamebuf,0),filename,x); + VEC_BUF(dirnamebuf,x) = '\0'; + dirname = &VEC_BUF(dirnamebuf,0); goto foundslash; } } /* not found slash, fall back to "." */ - dirnamestr = "."; + dirname = "."; foundslash: - //fprintf(stderr,"dirnamestr = %s\n",dirnamestr); + //fprintf(stderr,"dirname = %s\n",dirname); ; int dirf; do { - dirf = open(dirnamestr,O_RDONLY); + dirf = open(dirname,O_RDONLY); if (dirf < 0) { if (errno == EINTR) continue; @@ -143,6 +158,7 @@ foundslash: } } while (0); + int sret; do { sret = fsync(dirf); if (sret < 0) { @@ -157,6 +173,7 @@ foundslash: (void) closefile(dirf); // don't care skipdsync: + VEC_FREE(dirnamebuf); return 0; } @@ -201,42 +218,56 @@ int createdir(const char *path,int secret) return CreateDirectoryA(path,0) ? 0 : -1; } -int syncwrite(const char *filename,int secret,const char *data,size_t datalen) +static int syncwritefile(const char *filename,const char *tmpname,int secret,const char *data,size_t datalen) { - VEC_STRUCT(,char) tmpname; - size_t fnlen = strlen(filename); - VEC_INIT(tmpname); - VEC_ADDN(tmpname,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); - memcpy(&VEC_BUF(tmpname,0),filename,fnlen); - strcpy(&VEC_BUF(tmpname,fnlen),".tmp"); - const char *tmpnamestr = &VEC_BUF(tmpname,0); - FH f = createfile(tmpnamestr,secret) if (f == FH_invalid) return -1; if (writeall(f,data,datalen) < 0) { - closefile(f); - remove(tmpnamestr); - return -1; + goto failclose; } if (FlushFileBuffers(f) == 0) { - closefile(f); - remove(tmpnamestr); - return -1; + goto failclose; } if (closefile(f) < 0) { - remove(tmpnamestr); - return -1; + goto failrm; } if (MoveFileA(tmpnamestr,filename) == 0) { - remove(tmpnamestr); - return -1; + goto failrm; } + return 0; + +failclose: + (void) closefile(f); +failrm: + remove(tmpnamestr); + + return -1; +} + +int syncwrite(const char *filename,int secret,const char *data,size_t datalen) +{ + size_t fnlen = strlen(filename); + + VEC_STRUCT(,char) tmpnamebuf; + VEC_INIT(tmpnamebuf); + VEC_ADDN(tmpnamebuf,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); + memcpy(&VEC_BUF(tmpnamebuf,0),filename,fnlen); + strcpy(&VEC_BUF(tmpnamebuf,fnlen),".tmp"); + const char *tmpname = &VEC_BUF(tmpnamebuf,0); + + int r = syncwritefile(filename,tmpname,secret,data,datalen); + + VEC_FREE(tmpnamebuf); + + if (r < 0) + return r; + // can't fsync parent dir on windows so just end here return 0; From 1e18c10a117b335f77dd845ac8e7284def291c48 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 14 Dec 2021 13:55:33 +0000 Subject: [PATCH 065/107] make depend --- GNUmakefile.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/GNUmakefile.in b/GNUmakefile.in index d566837..80ebed7 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -396,10 +396,10 @@ ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/ref10/sign.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h ed25519/ref10/sign.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h -ioutil.c.o: types.h ioutil.h +ioutil.c.o: types.h ioutil.h vec.h keccak.c.o: types.h keccak.h main.c.o: types.h vec.h base32.h cpucount.h keccak.h ioutil.h common.h yaml.h -main.c.o: filters.h worker.h filters_inc.inc.h filters_main.inc.h +main.c.o: filters.h worker.h likely.h filters_inc.inc.h filters_main.inc.h main.c.o: filters_common.inc.h ifilter_bitsum.h test_base16.c.o: types.h base16.h test_base32.c.o: types.h base32.h From 51d76913f1a058958ce8776994a00272c18062e8 Mon Sep 17 00:00:00 2001 From: scribblemaniac Date: Mon, 14 Mar 2022 19:39:18 -0600 Subject: [PATCH 066/107] Fix missing #ifdefs --- main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/main.c b/main.c index 12bd1f3..f90cae2 100644 --- a/main.c +++ b/main.c @@ -480,10 +480,12 @@ int main(int argc,char **argv) exit(1); } +#ifdef PASSPHRASE if (checkpointfile && !deterministic) { fprintf(stderr,"--checkpoint requires passphrase\n"); exit(1); } +#endif if (outfile) { fout = fopen(outfile,!outfileoverwrite ? "a" : "w"); @@ -661,7 +663,7 @@ int main(int argc,char **argv) perror("pthread_attr_destroy"); } -#if PASSPHRASE +#ifdef PASSPHRASE pthread_t checkpoint_thread; if (checkpointfile) { From f374555fd4d2d8b28bff3e7e98c362073f173038 Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 5 May 2022 13:22:34 +0000 Subject: [PATCH 067/107] rebase on newer SUPERCOP, use PIE, some other stuff --- GNUmakefile.in | 47 ++- configure.ac | 23 +- .../amd64-51-30k/{choose_t.s => choose_t.S} | 50 +-- ed25519/amd64-51-30k/consts.S | 47 +++ ed25519/amd64-51-30k/consts.s | 47 --- ed25519/amd64-51-30k/crypto_sign.h | 14 +- ed25519/amd64-51-30k/ed25519.h | 16 +- ed25519/amd64-51-30k/fe25519.h | 37 ++- .../{fe25519_freeze.s => fe25519_freeze.S} | 18 +- .../{fe25519_mul.s => fe25519_mul.S} | 18 +- .../{fe25519_nsquare.s => fe25519_nsquare.S} | 18 +- .../{fe25519_square.s => fe25519_square.S} | 18 +- ed25519/amd64-51-30k/ge25519.h | 40 +-- ...{ge25519_add_p1p1.s => ge25519_add_p1p1.S} | 310 +++++++++--------- ...{ge25519_dbl_p1p1.s => ge25519_dbl_p1p1.S} | 162 ++++----- .../amd64-51-30k/ge25519_double_scalarmult.c | 2 +- ...e25519_nielsadd2.s => ge25519_nielsadd2.S} | 186 +++++------ ...ielsadd_p1p1.s => ge25519_nielsadd_p1p1.S} | 154 ++++----- ...5519_p1p1_to_p2.s => ge25519_p1p1_to_p2.S} | 34 +- ...5519_p1p1_to_p3.s => ge25519_p1p1_to_p3.S} | 42 +-- ...1_to_pniels.s => ge25519_p1p1_to_pniels.S} | 190 +++++------ ...elsadd_p1p1.s => ge25519_pnielsadd_p1p1.S} | 162 ++++----- .../heap_rootreplaced.S} | 10 +- .../heap_rootreplaced_1limb.S} | 10 +- .../heap_rootreplaced_2limbs.S} | 10 +- .../heap_rootreplaced_3limbs.S} | 10 +- ed25519/amd64-51-30k/hram.h | 2 +- ed25519/amd64-51-30k/index_heap.h | 18 +- ed25519/amd64-51-30k/sc25519.h | 38 +-- .../sc25519_add.S} | 42 +-- .../sc25519_barrett.S} | 190 +++++------ .../sc25519_lt.S} | 10 +- ed25519/amd64-51-30k/sc25519_mul.c | 2 +- .../sc25519_sub_nored.S} | 10 +- .../ull4_mul.s => amd64-51-30k/ull4_mul.S} | 10 +- .../amd64-64-24k/{choose_t.s => choose_t.S} | 10 +- ed25519/amd64-64-24k/consts.S | 39 +++ ed25519/amd64-64-24k/consts.s | 39 --- ed25519/amd64-64-24k/crypto_sign.h | 14 +- ed25519/amd64-64-24k/fe25519.h | 36 +- .../{fe25519_add.s => fe25519_add.S} | 10 +- .../{fe25519_freeze.s => fe25519_freeze.S} | 10 +- .../{fe25519_mul.s => fe25519_mul.S} | 26 +- .../{fe25519_square.s => fe25519_square.S} | 26 +- .../{fe25519_sub.s => fe25519_sub.S} | 10 +- ed25519/amd64-64-24k/ge25519.h | 36 +- ...{ge25519_add_p1p1.s => ge25519_add_p1p1.S} | 218 ++++++------ ...{ge25519_dbl_p1p1.s => ge25519_dbl_p1p1.S} | 74 ++--- .../amd64-64-24k/ge25519_double_scalarmult.c | 2 +- ...e25519_nielsadd2.s => ge25519_nielsadd2.S} | 122 +++---- ...ielsadd_p1p1.s => ge25519_nielsadd_p1p1.S} | 58 ++-- ...5519_p1p1_to_p2.s => ge25519_p1p1_to_p2.S} | 58 ++-- ...5519_p1p1_to_p3.s => ge25519_p1p1_to_p3.S} | 74 ++--- ...elsadd_p1p1.s => ge25519_pnielsadd_p1p1.S} | 74 ++--- .../amd64-64-24k/ge25519_scalarmult_base.c | 2 - .../heap_rootreplaced.S} | 10 +- .../heap_rootreplaced_1limb.S} | 10 +- .../heap_rootreplaced_2limbs.S} | 10 +- .../heap_rootreplaced_3limbs.S} | 10 +- ed25519/amd64-64-24k/hram.h | 2 +- ed25519/amd64-64-24k/index_heap.h | 18 +- ed25519/amd64-64-24k/sc25519.h | 36 +- .../sc25519_add.S} | 42 +-- .../sc25519_barrett.S} | 190 +++++------ .../sc25519_lt.S} | 10 +- ed25519/amd64-64-24k/sc25519_mul.c | 2 +- .../sc25519_sub_nored.S} | 10 +- .../ull4_mul.s => amd64-64-24k/ull4_mul.S} | 10 +- ed25519/ed25519.h | 248 -------------- ed25519/ed25519_impl_post.h | 85 +++++ ed25519/ed25519_impl_pre.h | 255 ++++++++++++++ ed25519/ref10/crypto_sign.h | 13 +- ed25519/ref10/ed25519.h | 12 +- ed25519/ref10/fe.h | 38 +-- ed25519/ref10/fe_isnonzero.c | 2 +- ed25519/ref10/ge.h | 40 +-- ed25519/ref10/ge_double_scalarmult.c | 2 +- ed25519/ref10/ge_p3_tobytes.c | 2 +- ed25519/ref10/ge_scalarmult_base.c | 4 +- ed25519/ref10/sc.h | 4 +- test_ed25519.c | 3 + worker.c | 13 +- worker_impl.inc.h | 1 + 83 files changed, 2062 insertions(+), 1955 deletions(-) rename ed25519/amd64-51-30k/{choose_t.s => choose_t.S} (96%) create mode 100644 ed25519/amd64-51-30k/consts.S delete mode 100644 ed25519/amd64-51-30k/consts.s rename ed25519/amd64-51-30k/{fe25519_freeze.s => fe25519_freeze.S} (94%) rename ed25519/amd64-51-30k/{fe25519_mul.s => fe25519_mul.S} (97%) rename ed25519/amd64-51-30k/{fe25519_nsquare.s => fe25519_nsquare.S} (96%) rename ed25519/amd64-51-30k/{fe25519_square.s => fe25519_square.S} (96%) rename ed25519/amd64-51-30k/{ge25519_add_p1p1.s => ge25519_add_p1p1.S} (91%) rename ed25519/amd64-51-30k/{ge25519_dbl_p1p1.s => ge25519_dbl_p1p1.S} (93%) rename ed25519/amd64-51-30k/{ge25519_nielsadd2.s => ge25519_nielsadd2.S} (96%) rename ed25519/amd64-51-30k/{ge25519_nielsadd_p1p1.s => ge25519_nielsadd_p1p1.S} (93%) rename ed25519/amd64-51-30k/{ge25519_p1p1_to_p2.s => ge25519_p1p1_to_p2.S} (98%) rename ed25519/amd64-51-30k/{ge25519_p1p1_to_p3.s => ge25519_p1p1_to_p3.S} (98%) rename ed25519/amd64-51-30k/{ge25519_p1p1_to_pniels.s => ge25519_p1p1_to_pniels.S} (93%) rename ed25519/amd64-51-30k/{ge25519_pnielsadd_p1p1.s => ge25519_pnielsadd_p1p1.S} (94%) rename ed25519/{amd64-64-24k/heap_rootreplaced.s => amd64-51-30k/heap_rootreplaced.S} (97%) rename ed25519/{amd64-64-24k/heap_rootreplaced_1limb.s => amd64-51-30k/heap_rootreplaced_1limb.S} (96%) rename ed25519/{amd64-64-24k/heap_rootreplaced_2limbs.s => amd64-51-30k/heap_rootreplaced_2limbs.S} (96%) rename ed25519/{amd64-64-24k/heap_rootreplaced_3limbs.s => amd64-51-30k/heap_rootreplaced_3limbs.S} (97%) rename ed25519/{amd64-64-24k/sc25519_add.s => amd64-51-30k/sc25519_add.S} (78%) rename ed25519/{amd64-64-24k/sc25519_barrett.s => amd64-51-30k/sc25519_barrett.S} (80%) rename ed25519/{amd64-64-24k/sc25519_lt.s => amd64-51-30k/sc25519_lt.S} (90%) rename ed25519/{amd64-64-24k/sc25519_sub_nored.s => amd64-51-30k/sc25519_sub_nored.S} (90%) rename ed25519/{amd64-64-24k/ull4_mul.s => amd64-51-30k/ull4_mul.S} (98%) rename ed25519/amd64-64-24k/{choose_t.s => choose_t.S} (99%) create mode 100644 ed25519/amd64-64-24k/consts.S delete mode 100644 ed25519/amd64-64-24k/consts.s rename ed25519/amd64-64-24k/{fe25519_add.s => fe25519_add.S} (94%) rename ed25519/amd64-64-24k/{fe25519_freeze.s => fe25519_freeze.S} (96%) rename ed25519/amd64-64-24k/{fe25519_mul.s => fe25519_mul.S} (96%) rename ed25519/amd64-64-24k/{fe25519_square.s => fe25519_square.S} (96%) rename ed25519/amd64-64-24k/{fe25519_sub.s => fe25519_sub.S} (94%) rename ed25519/amd64-64-24k/{ge25519_add_p1p1.s => ge25519_add_p1p1.S} (94%) rename ed25519/amd64-64-24k/{ge25519_dbl_p1p1.s => ge25519_dbl_p1p1.S} (98%) rename ed25519/amd64-64-24k/{ge25519_nielsadd2.s => ge25519_nielsadd2.S} (97%) rename ed25519/amd64-64-24k/{ge25519_nielsadd_p1p1.s => ge25519_nielsadd_p1p1.S} (97%) rename ed25519/amd64-64-24k/{ge25519_p1p1_to_p2.s => ge25519_p1p1_to_p2.S} (96%) rename ed25519/amd64-64-24k/{ge25519_p1p1_to_p3.s => ge25519_p1p1_to_p3.S} (96%) rename ed25519/amd64-64-24k/{ge25519_pnielsadd_p1p1.s => ge25519_pnielsadd_p1p1.S} (97%) rename ed25519/{amd64-51-30k/heap_rootreplaced.s => amd64-64-24k/heap_rootreplaced.S} (97%) rename ed25519/{amd64-51-30k/heap_rootreplaced_1limb.s => amd64-64-24k/heap_rootreplaced_1limb.S} (96%) rename ed25519/{amd64-51-30k/heap_rootreplaced_2limbs.s => amd64-64-24k/heap_rootreplaced_2limbs.S} (96%) rename ed25519/{amd64-51-30k/heap_rootreplaced_3limbs.s => amd64-64-24k/heap_rootreplaced_3limbs.S} (96%) rename ed25519/{amd64-51-30k/sc25519_add.s => amd64-64-24k/sc25519_add.S} (75%) rename ed25519/{amd64-51-30k/sc25519_barrett.s => amd64-64-24k/sc25519_barrett.S} (77%) rename ed25519/{amd64-51-30k/sc25519_lt.s => amd64-64-24k/sc25519_lt.S} (88%) rename ed25519/{amd64-51-30k/sc25519_sub_nored.s => amd64-64-24k/sc25519_sub_nored.S} (88%) rename ed25519/{amd64-51-30k/ull4_mul.s => amd64-64-24k/ull4_mul.S} (98%) create mode 100644 ed25519/ed25519_impl_post.h create mode 100644 ed25519/ed25519_impl_pre.h create mode 100644 worker_impl.inc.h diff --git a/GNUmakefile.in b/GNUmakefile.in index 80ebed7..acd8694 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -1,19 +1,19 @@ CC= @CC@ CSTD= @CSTD@ -CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @MYDEFS@ -ASFLAGS= -LDFLAGS= @NOPIE@ @LDFLAGS@ +CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @PIE@ @MYDEFS@ +ASFLAGS= @PIE@ +LDFLAGS= @LDFLAGS@ MV= mv ED25519_DEFS= -DED25519_ref10 -DED25519_amd64_51_30k -DED25519_amd64_64_24k -DED25519_donna ED25519_ref10= $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/ref10/*.c)) ED25519_amd64_51_30k= \ $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.c)) \ - $(patsubst @SRCDIR@/%.s,%.s.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.s)) + $(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.S)) ED25519_amd64_64_24k= \ $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.c)) \ - $(patsubst @SRCDIR@/%.s,%.s.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.s)) + $(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.S)) ED25519_donna= ED25519_OBJ= $(ED25519_@ED25519IMPL@) @@ -128,10 +128,22 @@ depend: VPATH=@SRCDIR@ +%.c.o: CFLAGS += \ + -D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@' \ + -D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@' \ + -D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + -D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + +%.S.o: ASFLAGS += \ + -D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@' \ + -D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@' \ + -D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + -D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + %.c.o: %.c $(CC) $(CFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@ -%.s.o: %.s +%.S.o: %.S $(CC) $(ASFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@ # DO NOT DELETE THIS LINE @@ -404,13 +416,15 @@ main.c.o: filters_common.inc.h ifilter_bitsum.h test_base16.c.o: types.h base16.h test_base32.c.o: types.h base32.h test_base64.c.o: types.h base64.h -test_ed25519.c.o: types.h base16.h ed25519/ed25519.h ed25519/ref10/ed25519.h -test_ed25519.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -test_ed25519.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/ed25519.h +test_ed25519.c.o: types.h base16.h ed25519/ed25519.h +test_ed25519.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h +test_ed25519.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/ref10/ge.h +test_ed25519.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +test_ed25519.c.o: ed25519/amd64-51-30k/crypto_sign.h test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h -test_ed25519.c.o: ed25519/amd64-64-24k/ed25519.h +test_ed25519.c.o: ed25519/amd64-64-24k/crypto_sign.h test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h @@ -430,13 +444,15 @@ test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h testutil.h +test_ed25519.c.o: ed25519/ed25519_impl_post.h vec.c.o: vec.h worker.c.o: types.h likely.h vec.h base32.h keccak.h ed25519/ed25519.h -worker.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h ed25519/ref10/fe.h -worker.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/ed25519.h -worker.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/fe25519.h -worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ed25519.h -worker.c.o: ed25519/amd64-64-24k/ge25519.h +worker.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h +worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/ref10/ge.h +worker.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +worker.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/ge25519.h +worker.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/sc25519.h +worker.c.o: ed25519/amd64-64-24k/crypto_sign.h ed25519/amd64-64-24k/ge25519.h worker.c.o: ed25519/ed25519-donna/ed25519-donna.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h @@ -458,4 +474,5 @@ worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h ioutil.h common.h worker.c.o: yaml.h worker.h filters.h filters_inc.inc.h filters_worker.inc.h worker.c.o: filters_common.inc.h worker_slow.inc.h worker_fast.inc.h worker.c.o: worker_fast_pass.inc.h worker_batch.inc.h worker_batch_pass.inc.h +worker.c.o: ed25519/ed25519_impl_post.h yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h diff --git a/configure.ac b/configure.ac index 35a488e..68152c7 100644 --- a/configure.ac +++ b/configure.ac @@ -27,31 +27,18 @@ then CFLAGS="$oldcflags" fi -nopie="" +pie="" oldcflags="$CFLAGS" -CFLAGS="-nopie -Werror" -AC_MSG_CHECKING([whether CC supports -nopie]) +CFLAGS="-fPIE -Werror" +AC_MSG_CHECKING([whether CC supports -fPIE]) AC_LINK_IFELSE([AC_LANG_PROGRAM([])], [AC_MSG_RESULT([yes])] - [nopie="-nopie"], + [pie="-fPIE"], [AC_MSG_RESULT([no])] ) CFLAGS="$oldcflags" -if test "x$nopie" = "x" -then - oldcflags="$CFLAGS" - CFLAGS="-no-pie -Werror" - AC_MSG_CHECKING([whether CC supports -no-pie]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [nopie="-no-pie"], - [AC_MSG_RESULT([no])] - ) - CFLAGS="$oldcflags" -fi - MYDEFS="" MAINLIB="" @@ -357,7 +344,7 @@ AC_SUBST(CSTD,["$cstd"]) AC_SUBST(ED25519IMPL,["$ed25519impl"]) AC_SUBST(MYDEFS,["$MYDEFS"]) AC_SUBST(MAINLIB,["$MAINLIB"]) -AC_SUBST(NOPIE,["$nopie"]) +AC_SUBST(PIE,["$pie"]) AC_SUBST(SRCDIR,["$srcdir"]) AC_CONFIG_FILES([GNUmakefile]) AC_OUTPUT diff --git a/ed25519/amd64-51-30k/choose_t.s b/ed25519/amd64-51-30k/choose_t.S similarity index 96% rename from ed25519/amd64-51-30k/choose_t.s rename to ed25519/amd64-51-30k/choose_t.S index 6a64c08..ef6eb43 100644 --- a/ed25519/amd64-51-30k/choose_t.s +++ b/ed25519/amd64-51-30k/choose_t.S @@ -105,13 +105,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_choose_t +# qhasm: enter CRYPTO_NAMESPACE(batch_choose_t) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_51_30k_batch_choose_t -.globl crypto_sign_ed25519_amd64_51_30k_batch_choose_t -_crypto_sign_ed25519_amd64_51_30k_batch_choose_t: -crypto_sign_ed25519_amd64_51_30k_batch_choose_t: +.globl _CRYPTO_NAMESPACE(batch_choose_t) +.globl CRYPTO_NAMESPACE(batch_choose_t) +_CRYPTO_NAMESPACE(batch_choose_t): +CRYPTO_NAMESPACE(batch_choose_t): mov %rsp,%r11 and $31,%r11 add $64,%r11 @@ -1677,30 +1677,30 @@ movq 952(%rcx,%rdi),%rdi # asm 2: cmove tt0=int64#1 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>tt0=%rdi -movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdi +# qhasm: tt0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=int64#1 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=%rdi +movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdi -# qhasm: tt1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=int64#4 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=%rcx -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx +# qhasm: tt1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=int64#4 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=%rcx +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx -# qhasm: tt2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=int64#5 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=%r8 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8 +# qhasm: tt2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=int64#5 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=%r8 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8 -# qhasm: tt3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=int64#10 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=%r12 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12 +# qhasm: tt3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=int64#10 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=%r12 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12 -# qhasm: tt4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=int64#11 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=%r13 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r13 +# qhasm: tt4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=int64#11 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=%r13 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r13 # qhasm: tt0 -= tt2d0 # asm 1: sub -#define fe25519 crypto_sign_ed25519_amd64_51_30k_batch_fe25519 -#define fe25519_freeze crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze -#define fe25519_unpack crypto_sign_ed25519_amd64_51_30k_batch_fe25519_unpack -#define fe25519_pack crypto_sign_ed25519_amd64_51_30k_batch_fe25519_pack -#define fe25519_iszero_vartime crypto_sign_ed25519_amd64_51_30k_batch_fe25519_iszero_vartime -#define fe25519_iseq_vartime crypto_sign_ed25519_amd64_51_30k_batch_fe25519_iseq_vartime -#define fe25519_cmov crypto_sign_ed25519_amd64_51_30k_batch_fe25519_cmov -#define fe25519_setint crypto_sign_ed25519_amd64_51_30k_batch_fe25519_setint -#define fe25519_neg crypto_sign_ed25519_amd64_51_30k_batch_fe25519_neg -#define fe25519_getparity crypto_sign_ed25519_amd64_51_30k_batch_fe25519_getparity -#define fe25519_add crypto_sign_ed25519_amd64_51_30k_batch_fe25519_add -#define fe25519_sub crypto_sign_ed25519_amd64_51_30k_batch_fe25519_sub -#define fe25519_mul crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul -#define fe25519_mul121666 crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul121666 -#define fe25519_square crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square -#define fe25519_nsquare crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare -#define fe25519_invert crypto_sign_ed25519_amd64_51_30k_batch_fe25519_invert -#define fe25519_pow2523 crypto_sign_ed25519_amd64_51_30k_batch_fe25519_pow2523 +#define fe25519 CRYPTO_NAMESPACE(batch_fe25519) +#define fe25519_freeze CRYPTO_NAMESPACE(batch_fe25519_freeze) +#define fe25519_unpack CRYPTO_NAMESPACE(batch_fe25519_unpack) +#define fe25519_pack CRYPTO_NAMESPACE(batch_fe25519_pack) +#define fe25519_iszero_vartime CRYPTO_NAMESPACE(batch_fe25519_iszero_vartime) +#define fe25519_iseq_vartime CRYPTO_NAMESPACE(batch_fe25519_iseq_vartime) +#define fe25519_cmov CRYPTO_NAMESPACE(batch_fe25519_cmov) +#define fe25519_setint CRYPTO_NAMESPACE(batch_fe25519_setint) +#define fe25519_neg CRYPTO_NAMESPACE(batch_fe25519_neg) +#define fe25519_getparity CRYPTO_NAMESPACE(batch_fe25519_getparity) +#define fe25519_add CRYPTO_NAMESPACE(batch_fe25519_add) +#define fe25519_sub CRYPTO_NAMESPACE(batch_fe25519_sub) +#define fe25519_mul CRYPTO_NAMESPACE(batch_fe25519_mul) +#define fe25519_mul121666 CRYPTO_NAMESPACE(batch_fe25519_mul121666) +#define fe25519_square CRYPTO_NAMESPACE(batch_fe25519_square) +#define fe25519_nsquare CRYPTO_NAMESPACE(batch_fe25519_nsquare) +#define fe25519_invert CRYPTO_NAMESPACE(batch_fe25519_invert) +#define fe25519_batchinvert CRYPTO_NAMESPACE(batch_fe25519_batchinvert) +#define fe25519_pow2523 CRYPTO_NAMESPACE(batch_fe25519_pow2523) typedef struct { diff --git a/ed25519/amd64-51-30k/fe25519_freeze.s b/ed25519/amd64-51-30k/fe25519_freeze.S similarity index 94% rename from ed25519/amd64-51-30k/fe25519_freeze.s rename to ed25519/amd64-51-30k/fe25519_freeze.S index 5cd0b1d..0435525 100644 --- a/ed25519/amd64-51-30k/fe25519_freeze.s +++ b/ed25519/amd64-51-30k/fe25519_freeze.S @@ -63,13 +63,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze +# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_freeze) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze -.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze -_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze: -crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze: +.globl _CRYPTO_NAMESPACE(batch_fe25519_freeze) +.globl CRYPTO_NAMESPACE(batch_fe25519_freeze) +_CRYPTO_NAMESPACE(batch_fe25519_freeze): +CRYPTO_NAMESPACE(batch_fe25519_freeze): mov %rsp,%r11 and $31,%r11 add $64,%r11 @@ -135,10 +135,10 @@ movq 24(%rdi),%r8 # asm 2: movq 32(r4=%r9 movq 32(%rdi),%r9 -# qhasm: two51minus1 = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=%rax -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rax +# qhasm: two51minus1 = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=%rax +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rax # qhasm: two51minus19 = two51minus1 # asm 1: mov two51minus19=int64#8 diff --git a/ed25519/amd64-51-30k/fe25519_mul.s b/ed25519/amd64-51-30k/fe25519_mul.S similarity index 97% rename from ed25519/amd64-51-30k/fe25519_mul.s rename to ed25519/amd64-51-30k/fe25519_mul.S index 9d6c537..cbcdbe9 100644 --- a/ed25519/amd64-51-30k/fe25519_mul.s +++ b/ed25519/amd64-51-30k/fe25519_mul.S @@ -97,13 +97,13 @@ # qhasm: stack64 mulx419_stack -# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul +# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_mul) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul -.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul -_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul: -crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul: +.globl _CRYPTO_NAMESPACE(batch_fe25519_mul) +.globl CRYPTO_NAMESPACE(batch_fe25519_mul) +_CRYPTO_NAMESPACE(batch_fe25519_mul): +CRYPTO_NAMESPACE(batch_fe25519_mul): mov %rsp,%r11 and $31,%r11 add $96,%r11 @@ -689,10 +689,10 @@ add %rax,%r14 # asm 2: adc mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.r0) << 13 # asm 1: shld $13,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.r0) << 13 # asm 1: shld $13,squareredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: squarer01 = (squarer01.r0) << 13 # asm 1: shld $13,b0=%r11 mov %rdx,%r11 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,x0=int64#10 @@ -354,10 +354,10 @@ sub %r12,%rdx # asm 2: mov b1=%r12 mov %r8,%r12 -# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x1=int64#11 @@ -379,10 +379,10 @@ sub %r13,%r8 # asm 2: mov b2=%r13 mov %r9,%r13 -# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x2=int64#12 @@ -404,10 +404,10 @@ sub %r14,%r9 # asm 2: mov b3=%r14 mov %rax,%r14 -# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x3=int64#13 @@ -429,10 +429,10 @@ sub %r15,%rax # asm 2: mov b4=%r15 mov %r10,%r15 -# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x4=int64#14 @@ -529,10 +529,10 @@ movq 72(%rcx),%r10 # asm 2: mov t20=%r11 mov %rdx,%r11 -# qhasm: t10 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,rx0=int64#10 @@ -554,10 +554,10 @@ sub %r12,%rdx # asm 2: mov t21=%r12 mov %r8,%r12 -# qhasm: t11 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx1=int64#11 @@ -579,10 +579,10 @@ sub %r13,%r8 # asm 2: mov t22=%r13 mov %r9,%r13 -# qhasm: t12 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx2=int64#12 @@ -604,10 +604,10 @@ sub %r14,%r9 # asm 2: mov t23=%r14 mov %rax,%r14 -# qhasm: t13 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx3=int64#13 @@ -629,10 +629,10 @@ sub %r15,%rax # asm 2: mov t24=%r15 mov %r10,%r15 -# qhasm: t14 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx4=int64#14 @@ -1234,10 +1234,10 @@ add %rax,%r14 # asm 2: adc mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,ry4=%r15 mov %r12,%r15 -# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,mulx319_stack=96(%rsp) movq %rax,96(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: c0 = mulrax # asm 1: mov c0=int64#5 @@ -3117,8 +3117,8 @@ imulq $19,%rdx,%rax # asm 2: movq mulx419_stack=104(%rsp) movq %rax,104(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: c1 = mulrax # asm 1: mov c1=int64#8 @@ -3171,8 +3171,8 @@ mov %rdx,%r11 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: c2 = mulrax # asm 1: mov c2=int64#10 @@ -3189,8 +3189,8 @@ mov %rdx,%r13 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: c3 = mulrax # asm 1: mov c3=int64#12 @@ -3207,8 +3207,8 @@ mov %rdx,%r15 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: c4 = mulrax # asm 1: mov c4=int64#14 @@ -3225,8 +3225,8 @@ mov %rdx,%rbp # asm 2: movq mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 88(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,rz4=%r13 mov %r10,%r13 -# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.a0) << 13 # asm 1: shld $13,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.b0) << 13 # asm 1: shld $13,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.c0) << 13 # asm 1: shld $13,c4_stack=168(%rsp) movq %r11,168(%rsp) -# qhasm: d0 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx +# qhasm: d0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>d0=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>d0=%rdx +movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx -# qhasm: d1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=int64#4 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=%rcx -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx +# qhasm: d1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=int64#4 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=%rcx +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx -# qhasm: d2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=int64#5 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=%r8 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8 +# qhasm: d2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=int64#5 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=%r8 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8 -# qhasm: d3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=int64#6 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=%r9 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9 +# qhasm: d3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=int64#6 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=%r9 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9 -# qhasm: d4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=%rax -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax +# qhasm: d4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=%rax +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax # qhasm: e0 = d0 # asm 1: mov e0=int64#8 @@ -2263,30 +2263,30 @@ movq %r13,64(%rdi) # asm 2: movq squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.rx0) << 13 # asm 1: shld $13,b4=%r14 mov %rax,%r14 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.e0) << 13 # asm 1: shld $13,h4=%r14 mov %r11,%r14 -# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,g4=%rbp mov %r12,%rbp -# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.ry0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,b4=%r15 mov %r10,%r15 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.e0) << 13 # asm 1: shld $13,h4=%r15 mov %r12,%r15 -# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,g4=%rbp mov %rsi,%rbp -# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.ry0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.ry0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.x0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.y0) << 13 # asm 1: shld $13,ysubx4=%r14 mov %r11,%r14 -# qhasm: ysubx0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,x0=int64#13 @@ -2403,10 +2403,10 @@ add %rax,%r13 # asm 2: adc mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.t0) << 13 # asm 1: shld $13,mulx319_stack=96(%rsp) movq %rax,96(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: t2d0 = mulrax # asm 1: mov t2d0=int64#2 @@ -3411,8 +3411,8 @@ imulq $19,%rdx,%rax # asm 2: movq mulx419_stack=104(%rsp) movq %rax,104(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: t2d1 = mulrax # asm 1: mov t2d1=int64#5 @@ -3465,8 +3465,8 @@ mov %rdx,%r9 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: t2d2 = mulrax # asm 1: mov t2d2=int64#8 @@ -3483,8 +3483,8 @@ mov %rdx,%r11 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: t2d3 = mulrax # asm 1: mov t2d3=int64#10 @@ -3501,8 +3501,8 @@ mov %rdx,%r13 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: t2d4 = mulrax # asm 1: mov t2d4=int64#12 @@ -3519,8 +3519,8 @@ mov %rdx,%r15 # asm 2: movq mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 88(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.t2d0) << 13 # asm 1: shld $13,b4=%r15 mov %r10,%r15 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,ry4=%r15 mov %r12,%r15 -# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,rz4=%r13 mov %r10,%r13 -# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,t3=%r14 mov %rsi,%r14 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: q23 = rax # asm 1: mov q23=int64#10 @@ -202,8 +202,8 @@ mov %rdx,%r13 # asm 2: movq 24(rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: q24 = rax # asm 1: mov q24=int64#12 @@ -225,8 +225,8 @@ adc %rdx,%r8 # asm 2: movq 32(rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1 -mulq crypto_sign_ed25519_amd64_64_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1) +mulq CRYPTO_NAMESPACE(batch_MU1)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0 -mulq crypto_sign_ed25519_amd64_64_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0) +mulq CRYPTO_NAMESPACE(batch_MU0)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1 -mulq crypto_sign_ed25519_amd64_64_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1) +mulq CRYPTO_NAMESPACE(batch_MU1)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0 -mulq crypto_sign_ed25519_amd64_64_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0) +mulq CRYPTO_NAMESPACE(batch_MU0)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1 -mulq crypto_sign_ed25519_amd64_64_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1) +mulq CRYPTO_NAMESPACE(batch_MU1)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q33 += rax # asm 1: add rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: r20 = rax # asm 1: mov r20=int64#5 @@ -761,8 +761,8 @@ mov %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 -mulq crypto_sign_ed25519_amd64_64_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) +mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip) # qhasm: r21 = rax # asm 1: mov r21=int64#8 @@ -789,8 +789,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 -mulq crypto_sign_ed25519_amd64_64_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) +mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip) # qhasm: r22 = rax # asm 1: mov r22=int64#9 @@ -817,8 +817,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3 -mulq crypto_sign_ed25519_amd64_64_ORDER3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3) +mulq CRYPTO_NAMESPACE(batch_ORDER3)(%rip) # qhasm: free rdx @@ -837,8 +837,8 @@ add %r9,%r12 # asm 2: movq rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: carry? r21 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 -mulq crypto_sign_ed25519_amd64_64_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) +mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 -mulq crypto_sign_ed25519_amd64_64_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) +mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip) # qhasm: free rdx @@ -913,8 +913,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 -mulq crypto_sign_ed25519_amd64_64_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) +mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip) # qhasm: free rdx @@ -956,8 +956,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: free rdx @@ -1026,25 +1026,25 @@ sbb %r12,%rsi # asm 2: mov t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0, -#define fe25519 crypto_sign_ed25519_amd64_64_fe25519 -#define fe25519_freeze crypto_sign_ed25519_amd64_64_fe25519_freeze -#define fe25519_unpack crypto_sign_ed25519_amd64_64_fe25519_unpack -#define fe25519_pack crypto_sign_ed25519_amd64_64_fe25519_pack -#define fe25519_iszero_vartime crypto_sign_ed25519_amd64_64_fe25519_iszero_vartime -#define fe25519_iseq_vartime crypto_sign_ed25519_amd64_64_fe25519_iseq_vartime -#define fe25519_cmov crypto_sign_ed25519_amd64_64_fe25519_cmov -#define fe25519_setint crypto_sign_ed25519_amd64_64_fe25519_setint -#define fe25519_neg crypto_sign_ed25519_amd64_64_fe25519_neg -#define fe25519_getparity crypto_sign_ed25519_amd64_64_fe25519_getparity -#define fe25519_add crypto_sign_ed25519_amd64_64_fe25519_add -#define fe25519_sub crypto_sign_ed25519_amd64_64_fe25519_sub -#define fe25519_mul crypto_sign_ed25519_amd64_64_fe25519_mul -#define fe25519_mul121666 crypto_sign_ed25519_amd64_64_fe25519_mul121666 -#define fe25519_square crypto_sign_ed25519_amd64_64_fe25519_square -#define fe25519_invert crypto_sign_ed25519_amd64_64_fe25519_invert -#define fe25519_batchinvert crypto_sign_ed25519_amd64_64_fe25519_batchinvert -#define fe25519_pow2523 crypto_sign_ed25519_amd64_64_fe25519_pow2523 +#define fe25519 CRYPTO_NAMESPACE(fe25519) +#define fe25519_freeze CRYPTO_NAMESPACE(fe25519_freeze) +#define fe25519_unpack CRYPTO_NAMESPACE(fe25519_unpack) +#define fe25519_pack CRYPTO_NAMESPACE(fe25519_pack) +#define fe25519_iszero_vartime CRYPTO_NAMESPACE(fe25519_iszero_vartime) +#define fe25519_iseq_vartime CRYPTO_NAMESPACE(fe25519_iseq_vartime) +#define fe25519_cmov CRYPTO_NAMESPACE(fe25519_cmov) +#define fe25519_setint CRYPTO_NAMESPACE(fe25519_setint) +#define fe25519_neg CRYPTO_NAMESPACE(fe25519_neg) +#define fe25519_getparity CRYPTO_NAMESPACE(fe25519_getparity) +#define fe25519_add CRYPTO_NAMESPACE(fe25519_add) +#define fe25519_sub CRYPTO_NAMESPACE(fe25519_sub) +#define fe25519_mul CRYPTO_NAMESPACE(fe25519_mul) +#define fe25519_mul121666 CRYPTO_NAMESPACE(fe25519_mul121666) +#define fe25519_square CRYPTO_NAMESPACE(fe25519_square) +#define fe25519_invert CRYPTO_NAMESPACE(fe25519_invert) +#define fe25519_batchinvert CRYPTO_NAMESPACE(fe25519_batchinvert) +#define fe25519_pow2523 CRYPTO_NAMESPACE(fe25519_pow2523) typedef struct { diff --git a/ed25519/amd64-64-24k/fe25519_add.s b/ed25519/amd64-64-24k/fe25519_add.S similarity index 94% rename from ed25519/amd64-64-24k/fe25519_add.s rename to ed25519/amd64-64-24k/fe25519_add.S index b2e5625..de57080 100644 --- a/ed25519/amd64-64-24k/fe25519_add.s +++ b/ed25519/amd64-64-24k/fe25519_add.S @@ -65,13 +65,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_add +# qhasm: enter CRYPTO_NAMESPACE(fe25519_add) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_fe25519_add -.globl crypto_sign_ed25519_amd64_64_fe25519_add -_crypto_sign_ed25519_amd64_64_fe25519_add: -crypto_sign_ed25519_amd64_64_fe25519_add: +.globl _CRYPTO_NAMESPACE(fe25519_add) +.globl CRYPTO_NAMESPACE(fe25519_add) +_CRYPTO_NAMESPACE(fe25519_add): +CRYPTO_NAMESPACE(fe25519_add): mov %rsp,%r11 and $31,%r11 add $0,%r11 diff --git a/ed25519/amd64-64-24k/fe25519_freeze.s b/ed25519/amd64-64-24k/fe25519_freeze.S similarity index 96% rename from ed25519/amd64-64-24k/fe25519_freeze.s rename to ed25519/amd64-64-24k/fe25519_freeze.S index dea2902..f0f15be 100644 --- a/ed25519/amd64-64-24k/fe25519_freeze.s +++ b/ed25519/amd64-64-24k/fe25519_freeze.S @@ -63,13 +63,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_freeze +# qhasm: enter CRYPTO_NAMESPACE(fe25519_freeze) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_fe25519_freeze -.globl crypto_sign_ed25519_amd64_64_fe25519_freeze -_crypto_sign_ed25519_amd64_64_fe25519_freeze: -crypto_sign_ed25519_amd64_64_fe25519_freeze: +.globl _CRYPTO_NAMESPACE(fe25519_freeze) +.globl CRYPTO_NAMESPACE(fe25519_freeze) +_CRYPTO_NAMESPACE(fe25519_freeze): +CRYPTO_NAMESPACE(fe25519_freeze): mov %rsp,%r11 and $31,%r11 add $64,%r11 diff --git a/ed25519/amd64-64-24k/fe25519_mul.s b/ed25519/amd64-64-24k/fe25519_mul.S similarity index 96% rename from ed25519/amd64-64-24k/fe25519_mul.s rename to ed25519/amd64-64-24k/fe25519_mul.S index 7e24518..5c67c9f 100644 --- a/ed25519/amd64-64-24k/fe25519_mul.s +++ b/ed25519/amd64-64-24k/fe25519_mul.S @@ -89,13 +89,13 @@ # qhasm: int64 muli38 -# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_mul +# qhasm: enter CRYPTO_NAMESPACE(fe25519_mul) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_fe25519_mul -.globl crypto_sign_ed25519_amd64_64_fe25519_mul -_crypto_sign_ed25519_amd64_64_fe25519_mul: -crypto_sign_ed25519_amd64_64_fe25519_mul: +.globl _CRYPTO_NAMESPACE(fe25519_mul) +.globl CRYPTO_NAMESPACE(fe25519_mul) +_CRYPTO_NAMESPACE(fe25519_mul): +CRYPTO_NAMESPACE(fe25519_mul): mov %rsp,%r11 and $31,%r11 add $64,%r11 @@ -651,8 +651,8 @@ adc %rdx,%r11 # asm 2: mov mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -669,8 +669,8 @@ mov %r9,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#2 @@ -443,8 +443,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r11 mov %rdx,%r11 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1225,8 +1225,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1907,8 +1907,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -2759,8 +2759,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulx0=%r12 movq 56(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul c1=%r14 mov %rdx,%r14 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul mulx1=%r12 movq 64(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulx2=%r12 movq 72(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulx3=%r12 movq 80(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -3441,8 +3441,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -4123,8 +4123,8 @@ mov %r9,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#9 @@ -593,8 +593,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r12 mov %rdx,%r12 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#9 @@ -1060,8 +1060,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r12 mov %rdx,%r12 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#9 @@ -1527,8 +1527,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r12 mov %rdx,%r12 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add squarerax=%rax mov %r10,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#8 @@ -2649,8 +2649,8 @@ mov %r11,%rax # asm 2: mov squarer5=%r11 mov %rdx,%r11 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1078,8 +1078,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1760,8 +1760,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -2612,8 +2612,8 @@ mov %r8,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -3549,8 +3549,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -4231,8 +4231,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -4913,8 +4913,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -5595,8 +5595,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1087,8 +1087,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1769,8 +1769,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -2621,8 +2621,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -676,8 +676,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1358,8 +1358,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -2040,8 +2040,8 @@ mov %r8,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -684,8 +684,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1366,8 +1366,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -2048,8 +2048,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -2730,8 +2730,8 @@ mov %r8,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1015,8 +1015,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1697,8 +1697,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -2549,8 +2549,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -3231,8 +3231,8 @@ mov %r9,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add t3=%r14 mov %rsi,%r14 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: q23 = rax # asm 1: mov q23=int64#10 @@ -202,8 +202,8 @@ mov %rdx,%r13 # asm 2: movq 24(rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: q24 = rax # asm 1: mov q24=int64#12 @@ -225,8 +225,8 @@ adc %rdx,%r8 # asm 2: movq 32(rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1) +mulq CRYPTO_NAMESPACE(MU1)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0) +mulq CRYPTO_NAMESPACE(MU0)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1) +mulq CRYPTO_NAMESPACE(MU1)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0) +mulq CRYPTO_NAMESPACE(MU0)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1) +mulq CRYPTO_NAMESPACE(MU1)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q33 += rax # asm 1: add rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: r20 = rax # asm 1: mov r20=int64#5 @@ -761,8 +761,8 @@ mov %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) +mulq CRYPTO_NAMESPACE(ORDER1)(%rip) # qhasm: r21 = rax # asm 1: mov r21=int64#8 @@ -789,8 +789,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) +mulq CRYPTO_NAMESPACE(ORDER2)(%rip) # qhasm: r22 = rax # asm 1: mov r22=int64#9 @@ -817,8 +817,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER3) +mulq CRYPTO_NAMESPACE(ORDER3)(%rip) # qhasm: free rdx @@ -837,8 +837,8 @@ add %r9,%r12 # asm 2: movq rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: carry? r21 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) +mulq CRYPTO_NAMESPACE(ORDER1)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) +mulq CRYPTO_NAMESPACE(ORDER2)(%rip) # qhasm: free rdx @@ -913,8 +913,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) +mulq CRYPTO_NAMESPACE(ORDER1)(%rip) # qhasm: free rdx @@ -956,8 +956,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: free rdx @@ -1026,25 +1026,25 @@ sbb %r12,%rsi # asm 2: mov t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0, -#include -#include "ed25519-donna/ed25519-donna.h" - -static int ed25519_seckey_expand(unsigned char *sk,const unsigned char *seed) -{ - crypto_hash_sha512(sk,seed,32); - sk[0] &= 248; - sk[31] &= 127; - sk[31] |= 64; - - return 0; -} - -static int ed25519_seckey(unsigned char *sk) -{ - unsigned char seed[32]; - - randombytes(seed,32); - return ed25519_seckey_expand(sk,seed); -} - -static int ed25519_pubkey(unsigned char *pk,const unsigned char *sk) -{ - bignum256modm a; - ge25519 ALIGN(16) A; - - expand256_modm(a,sk,32); - ge25519_scalarmult_base_niels(&A,ge25519_niels_base_multiples,a); - ge25519_pack(pk,&A); - - return 0; -} - - -static int ed25519_keypair(unsigned char *pk,unsigned char *sk) -{ - ed25519_seckey(sk); - ed25519_pubkey(pk,sk); - - return 0; -} - -#define fe bignum25519 -#define ge_p1p1 ge25519_p1p1 -#define ge_p3 ge25519 - -#define ge_p1p1_to_p3 ge25519_p1p1_to_full -#define ge_p3_tobytes ge25519_pack - -#define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 -#define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish - -DONNA_INLINE static void ge_add(ge25519_p1p1 *r,const ge25519 *p,const ge25519_pniels *q) -{ - ge25519_pnielsadd_p1p1(r,p,q,0); -} - -DONNA_INLINE static void ge_scalarmult_base(ge25519 *A,const unsigned char *sk) -{ - bignum256modm ALIGN(16) a; - expand256_modm(a,sk,32); - ge25519_scalarmult_base_niels(A,ge25519_niels_base_multiples,a); -} - -static ge25519_pniels ALIGN(16) ge_eightpoint; -// portable representation of (basepoint * 8) -static u8 fe_ysubx[32] = { - 0xE0,0xC3,0x64,0xC7,0xDC,0xAD,0x36,0x5E, - 0x25,0xAA,0x86,0xC8,0xC7,0x85,0x5F,0x07, - 0x67,0x65,0x1C,0x3D,0x99,0xDD,0x26,0x55, - 0x9C,0xB5,0x71,0x1E,0x1D,0xC4,0xC8,0x71, -}; -static u8 fe_xaddy[32] = { - 0x9C,0xFD,0xE3,0xC2,0x2A,0x15,0x34,0x1B, - 0x3B,0xE7,0x62,0xAB,0x56,0xFA,0xDF,0xE7, - 0xCF,0xBE,0xB5,0x8D,0x83,0x8A,0x1D,0xA5, - 0xAD,0x3E,0x42,0x42,0xC9,0x4F,0x1B,0x09, -}; -static u8 fe_z[32] = { - 0x77,0xAA,0x7F,0x85,0x02,0x8E,0xF5,0xD9, - 0x52,0xFE,0x8F,0xE6,0x8A,0x52,0x21,0x4A, - 0xCB,0x8D,0x1C,0x05,0x7D,0xAD,0x4A,0x1B, - 0xC6,0x7B,0x23,0x9D,0x4C,0x3F,0xD6,0x02, -}; -static u8 fe_t2d[32] = { - 0x4E,0x06,0xF4,0xFB,0x04,0x0B,0xCE,0x86, - 0x6B,0x52,0xBB,0x96,0x0A,0xCE,0x11,0x3C, - 0xCD,0xEF,0x4A,0x46,0x68,0x47,0xAA,0x72, - 0x5F,0x65,0x90,0x91,0xA8,0x38,0xCA,0x37, -}; - -// initialize from packed representation -static void ge_initeightpoint(void) -{ - memset(&ge_eightpoint,0,sizeof(ge_eightpoint)); - curve25519_expand(ge_eightpoint.ysubx,fe_ysubx); - curve25519_expand(ge_eightpoint.xaddy,fe_xaddy); - curve25519_expand(ge_eightpoint.z,fe_z); - curve25519_expand(ge_eightpoint.t2d,fe_t2d); -} - -#endif diff --git a/ed25519/ed25519_impl_post.h b/ed25519/ed25519_impl_post.h new file mode 100644 index 0000000..0f5a3e8 --- /dev/null +++ b/ed25519/ed25519_impl_post.h @@ -0,0 +1,85 @@ + +#undef ed25519_seckey +#undef ed25519_seckey_expand +#undef ed25519_pubkey +#undef ed25519_keygen + +#undef ge_eightpoint +#undef ge_initeightpoint + +#undef ge_add +#undef ge_p3_batchtobytes_destructive_1 +#undef ge_p3_batchtobytes_destructive_finish +#undef ge_scalarmult_base + + +#ifdef ED25519_ref10 + +#undef ge_frombytes_negate_vartime +#undef ge_tobytes +#undef ge_p3_tobytes +#undef ge_p2_0 +#undef ge_p3_0 +#undef ge_precomp_0 +#undef ge_p3_to_p2 +#undef ge_p3_to_cached +#undef ge_p1p1_to_p2 +#undef ge_p1p1_to_p3 +#undef ge_p2_dbl +#undef ge_p3_dbl +#undef ge_madd +#undef ge_msub +#undef ge_sub +#undef ge_scalarmult_base +#undef ge_double_scalarmult_vartime + +#endif + + +#if defined(ED25519_amd64_51_30k) || defined(ED25519_amd64_64_24k) + +#undef ge25519 +#undef ge25519_base +#undef ge25519_unpackneg_vartime +#undef ge25519_pack +#undef ge25519_isneutral_vartime +#undef ge25519_add +#undef ge25519_double +#undef ge25519_double_scalarmult_vartime +#undef ge25519_multi_scalarmult_vartime +#undef ge25519_scalarmult_base +#undef ge25519_p1p1_to_p2 +#undef ge25519_p1p1_to_p3 +#undef ge25519_p1p1_to_pniels +#undef ge25519_add_p1p1 +#undef ge25519_dbl_p1p1 +#undef choose_t +#undef choose_t_smultq +#undef ge25519_nielsadd2 +#undef ge25519_nielsadd_p1p1 +#undef ge25519_pnielsadd_p1p1 +#undef ge25519_p3 + +#undef fe +#undef ge_p1p1 +#undef ge_p3 +#undef ge_p1p1_to_p3 +#undef ge_p3_tobytes + +#endif + + +#ifdef ED25519_donna + +#undef fe_ysubx +#undef fe_xaddy +#undef fe_z +#undef fe_t2d + +#undef fe +#undef ge_p1p1 +#undef ge_p3 +#undef ge_p1p1_to_p3 +#undef ge_p3_tobytes + +#endif diff --git a/ed25519/ed25519_impl_pre.h b/ed25519/ed25519_impl_pre.h new file mode 100644 index 0000000..375c9b0 --- /dev/null +++ b/ed25519/ed25519_impl_pre.h @@ -0,0 +1,255 @@ +#ifndef ED25519_donna +# if defined(_MSC_VER) +# define ALIGN(x) __declspec(align(x)) +# elif defined(__GNUC__) +# undef ALIGN +# define ALIGN(x) __attribute__((aligned(x))) +# else +# ifndef ALIGN +# define ALIGN(x) +# endif +# endif +#endif + + +#define ed25519_seckey CRYPTO_NAMESPACE(seckey) +#define ed25519_seckey_expand CRYPTO_NAMESPACE(seckey_expand) +#define ed25519_pubkey CRYPTO_NAMESPACE(pubkey) +#define ed25519_keygen CRYPTO_NAMESPACE(keygen) + +#define ge_eightpoint CRYPTO_NAMESPACE(ge_eightpoint) +#define ge_initeightpoint CRYPTO_NAMESPACE(ge_initeightpoint) + + +#ifdef ED25519_ref10 + +#include "ref10/crypto_sign.h" +#include "ref10/ge.h" + +/* The basepoint multiplied by 8. */ +static const ge_cached ge_eightpoint = { + /* YplusX */ + { + 48496028, -16430416, 15164263, 11885335, 60784617, -4866353, 46481863, + -2771805, 9708580, 2387263 + }, + /* YmunusX */ + { + -10173472, -5540046, 21277639, 4080693, 1932823, -14916249, -9515873, + -21787995, -36575460, 29827857 + }, + /* Z */ + { + 25143927, -10256223, -3515585, 5715072, 19432778, -14905909, 22462083, + -8862871, 13226552, 743677 + }, + /* T2d */ + { + -784818, -8208065, -28479270, 5551579, 15746872, 4911053, 19117091, + 11267669, -24569594, 14624995 + } +}; +inline static void ge_initeightpoint(void) {} + +#endif + + +#ifdef ED25519_amd64_51_30k + +#include "amd64-51-30k/crypto_sign.h" +#include "amd64-51-30k/ge25519.h" + +#endif + + +#ifdef ED25519_amd64_64_24k + +#include "amd64-64-24k/crypto_sign.h" +#include "amd64-64-24k/ge25519.h" + +#endif + + +// common +#if defined(ED25519_amd64_51_30k) || defined(ED25519_amd64_64_24k) + +#define fe fe25519 +#define ge_p1p1 ge25519_p1p1 +#define ge_p3 ge25519_p3 +#define ge_p1p1_to_p3 ge25519_p1p1_to_p3 +#define ge_p3_tobytes ge25519_pack +#define ge_add ge25519_pnielsadd_p1p1 + +#define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 +#define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish + +#define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) + +#endif + + +#ifdef ED25519_amd64_51_30k +static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) +{ + sc25519 scsk; + + sc25519_from32bytes(&scsk,sk); + ge25519_scalarmult_base(gepk,&scsk); +} + +/* The basepoint multiplied by 8. */ +static const ge25519_pniels ge_eightpoint = { + // ysubx + {{ 1880013609944032, 273850692840390, 1250787290086935, 789632210881694, 2001713562248987 }}, + // xaddy + {{ 1149173309373852, 797611345273702, 1925224452816873, 2065787175387590, 160206517707811 }}, + // z + {{ 1563516364368503, 383531986082622, 1251481213240650, 1657022631558786, 49907331879479 }}, + // t2d + {{ 1700965895112270, 372560131616985, 329575203620664, 756160485635107, 981466775886086 }}, +}; +inline static void ge_initeightpoint(void) {} +#endif + + +#ifdef ED25519_amd64_64_24k +static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) +{ + sc25519 scsk; + + sc25519_from32bytes(&scsk,sk); + ge25519_scalarmult_base(gepk,&scsk); +} + +/* The basepoint multiplied by 8. */ +static const ge25519_pniels ge_eightpoint = { + // ysubx + {{ 6788804652057281504U, 531290374162262565U, 6135835192563885415U, 8199018750971852188U }}, + // xaddy + {{ 1960215011215539612U, 16708348392717346619U, 11897818088205565647U, 656205896531197613U }}, + // z + {{ 15705615417005288055U, 5341641389565279826U, 1966574939768917451U, 204420431378348998U }}, + // t2d + {{ 9713713562319586894U, 4328467261753610859U, 8262494979546083277U, 4020087914029409631U }}, +}; +inline static void ge_initeightpoint(void) {} +#endif + + +#ifdef ED25519_donna + +#define ED25519_CUSTOMRANDOM +#define ED25519_CUSTOMHASH +#include +#include +#include "ed25519-donna/ed25519-donna.h" + +static int ed25519_seckey_expand(unsigned char *sk,const unsigned char *seed) +{ + crypto_hash_sha512(sk,seed,32); + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; + + return 0; +} + +static int ed25519_seckey(unsigned char *sk) +{ + unsigned char seed[32]; + + randombytes(seed,32); + return ed25519_seckey_expand(sk,seed); +} + +static int ed25519_pubkey(unsigned char *pk,const unsigned char *sk) +{ + bignum256modm a; + ge25519 ALIGN(16) A; + + expand256_modm(a,sk,32); + ge25519_scalarmult_base_niels(&A,ge25519_niels_base_multiples,a); + ge25519_pack(pk,&A); + + return 0; +} + + +static int ed25519_keypair(unsigned char *pk,unsigned char *sk) +{ + ed25519_seckey(sk); + ed25519_pubkey(pk,sk); + + return 0; +} + +#define fe bignum25519 +#define ge_p1p1 ge25519_p1p1 +#define ge_p3 ge25519 + +#define ge_p1p1_to_p3 ge25519_p1p1_to_full +#define ge_p3_tobytes ge25519_pack + +#define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 +#define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish + + +#define ge_add CRYPTO_NAMESPACE(ge_add) +#define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) + + +DONNA_INLINE static void ge_add(ge25519_p1p1 *r,const ge25519 *p,const ge25519_pniels *q) +{ + ge25519_pnielsadd_p1p1(r,p,q,0); +} + +DONNA_INLINE static void ge_scalarmult_base(ge25519 *A,const unsigned char *sk) +{ + bignum256modm ALIGN(16) a; + expand256_modm(a,sk,32); + ge25519_scalarmult_base_niels(A,ge25519_niels_base_multiples,a); +} + +#define fe_ysubx CRYPTO_NAMESPACE(fe_ysubx) +#define fe_xaddy CRYPTO_NAMESPACE(fe_xaddy) +#define fe_z CRYPTO_NAMESPACE(fe_z) +#define fe_t2d CRYPTO_NAMESPACE(fe_t2d) + +static ge25519_pniels ALIGN(16) ge_eightpoint; +// portable representation of (basepoint * 8) +static u8 fe_ysubx[32] = { + 0xE0,0xC3,0x64,0xC7,0xDC,0xAD,0x36,0x5E, + 0x25,0xAA,0x86,0xC8,0xC7,0x85,0x5F,0x07, + 0x67,0x65,0x1C,0x3D,0x99,0xDD,0x26,0x55, + 0x9C,0xB5,0x71,0x1E,0x1D,0xC4,0xC8,0x71, +}; +static u8 fe_xaddy[32] = { + 0x9C,0xFD,0xE3,0xC2,0x2A,0x15,0x34,0x1B, + 0x3B,0xE7,0x62,0xAB,0x56,0xFA,0xDF,0xE7, + 0xCF,0xBE,0xB5,0x8D,0x83,0x8A,0x1D,0xA5, + 0xAD,0x3E,0x42,0x42,0xC9,0x4F,0x1B,0x09, +}; +static u8 fe_z[32] = { + 0x77,0xAA,0x7F,0x85,0x02,0x8E,0xF5,0xD9, + 0x52,0xFE,0x8F,0xE6,0x8A,0x52,0x21,0x4A, + 0xCB,0x8D,0x1C,0x05,0x7D,0xAD,0x4A,0x1B, + 0xC6,0x7B,0x23,0x9D,0x4C,0x3F,0xD6,0x02, +}; +static u8 fe_t2d[32] = { + 0x4E,0x06,0xF4,0xFB,0x04,0x0B,0xCE,0x86, + 0x6B,0x52,0xBB,0x96,0x0A,0xCE,0x11,0x3C, + 0xCD,0xEF,0x4A,0x46,0x68,0x47,0xAA,0x72, + 0x5F,0x65,0x90,0x91,0xA8,0x38,0xCA,0x37, +}; + +// initialize from packed representation +static void ge_initeightpoint(void) +{ + memset(&ge_eightpoint,0,sizeof(ge_eightpoint)); + curve25519_expand(ge_eightpoint.ysubx,fe_ysubx); + curve25519_expand(ge_eightpoint.xaddy,fe_xaddy); + curve25519_expand(ge_eightpoint.z,fe_z); + curve25519_expand(ge_eightpoint.t2d,fe_t2d); +} + +#endif diff --git a/ed25519/ref10/crypto_sign.h b/ed25519/ref10/crypto_sign.h index 71b2543..35b0a74 100644 --- a/ed25519/ref10/crypto_sign.h +++ b/ed25519/ref10/crypto_sign.h @@ -1,8 +1,9 @@ -#define crypto_sign ed25519_ref10_sign -#define crypto_sign_keypair ed25519_ref10_keygen -#define crypto_sign_seckey ed25519_ref10_seckey -#define crypto_sign_seckey_expand ed25519_ref10_seckey_expand -#define crypto_sign_pubkey ed25519_ref10_pubkey -#define crypto_sign_open ed25519_ref10_open +#define crypto_sign CRYPTO_NAMESPACE(sign) +#define crypto_sign_keypair CRYPTO_NAMESPACE(keygen) +#define crypto_sign_seckey CRYPTO_NAMESPACE(seckey) +#define crypto_sign_seckey_expand CRYPTO_NAMESPACE(seckey_expand) +#define crypto_sign_pubkey CRYPTO_NAMESPACE(pubkey) +#define crypto_sign_open CRYPTO_NAMESPACE(open) +#define crypto_sign_open_batch CRYPTO_NAMESPACE(open_batch) #include "ed25519.h" diff --git a/ed25519/ref10/ed25519.h b/ed25519/ref10/ed25519.h index 406aafc..2122ad5 100644 --- a/ed25519/ref10/ed25519.h +++ b/ed25519/ref10/ed25519.h @@ -1,13 +1,13 @@ -int ed25519_ref10_seckey(unsigned char *sk); -int ed25519_ref10_seckey_expand(unsigned char *sk,const unsigned char *seed); -int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk); -int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk); -int ed25519_ref10_sign( +int crypto_sign_seckey(unsigned char *sk); +int crypto_sign_seckey_expand(unsigned char *sk,const unsigned char *seed); +int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk); +int crypto_sign_keypair(unsigned char *pk,unsigned char *sk); +int crypto_sign( unsigned char *sm,unsigned long long *smlen, const unsigned char *m,unsigned long long mlen, const unsigned char *sk ); -int ed25519_ref10_open( +int crypto_sign_open( unsigned char *m,unsigned long long *mlen, const unsigned char *sm,unsigned long long smlen, const unsigned char *pk diff --git a/ed25519/ref10/fe.h b/ed25519/ref10/fe.h index 11aeebb..f4ec2bf 100644 --- a/ed25519/ref10/fe.h +++ b/ed25519/ref10/fe.h @@ -14,25 +14,25 @@ t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on context. */ -#define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes -#define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes -#define fe_copy crypto_sign_ed25519_ref10_fe_copy -#define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero -#define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative -#define fe_0 crypto_sign_ed25519_ref10_fe_0 -#define fe_1 crypto_sign_ed25519_ref10_fe_1 -#define fe_cswap crypto_sign_ed25519_ref10_fe_cswap -#define fe_cmov crypto_sign_ed25519_ref10_fe_cmov -#define fe_add crypto_sign_ed25519_ref10_fe_add -#define fe_sub crypto_sign_ed25519_ref10_fe_sub -#define fe_neg crypto_sign_ed25519_ref10_fe_neg -#define fe_mul crypto_sign_ed25519_ref10_fe_mul -#define fe_sq crypto_sign_ed25519_ref10_fe_sq -#define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2 -#define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666 -#define fe_invert crypto_sign_ed25519_ref10_fe_invert -#define fe_batchinvert crypto_sign_ed25519_ref10_fe_batchinvert -#define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523 +#define fe_frombytes CRYPTO_NAMESPACE(fe_frombytes) +#define fe_tobytes CRYPTO_NAMESPACE(fe_tobytes) +#define fe_copy CRYPTO_NAMESPACE(fe_copy) +#define fe_isnonzero CRYPTO_NAMESPACE(fe_isnonzero) +#define fe_isnegative CRYPTO_NAMESPACE(fe_isnegative) +#define fe_0 CRYPTO_NAMESPACE(fe_0) +#define fe_1 CRYPTO_NAMESPACE(fe_1) +#define fe_cswap CRYPTO_NAMESPACE(fe_cswap) +#define fe_cmov CRYPTO_NAMESPACE(fe_cmov) +#define fe_add CRYPTO_NAMESPACE(fe_add) +#define fe_sub CRYPTO_NAMESPACE(fe_sub) +#define fe_neg CRYPTO_NAMESPACE(fe_neg) +#define fe_mul CRYPTO_NAMESPACE(fe_mul) +#define fe_sq CRYPTO_NAMESPACE(fe_sq) +#define fe_sq2 CRYPTO_NAMESPACE(fe_sq2) +#define fe_mul121666 CRYPTO_NAMESPACE(fe_mul121666) +#define fe_invert CRYPTO_NAMESPACE(fe_invert) +#define fe_batchinvert CRYPTO_NAMESPACE(fe_batchinvert) +#define fe_pow22523 CRYPTO_NAMESPACE(fe_pow22523) extern void fe_frombytes(fe,const unsigned char *); extern void fe_tobytes(unsigned char *,const fe); diff --git a/ed25519/ref10/fe_isnonzero.c b/ed25519/ref10/fe_isnonzero.c index 0261e92..4756800 100644 --- a/ed25519/ref10/fe_isnonzero.c +++ b/ed25519/ref10/fe_isnonzero.c @@ -9,7 +9,7 @@ Preconditions: |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static const unsigned char zero[32] = {0}; +static const unsigned char zero[32]; int fe_isnonzero(const fe f) { diff --git a/ed25519/ref10/ge.h b/ed25519/ref10/ge.h index 3ae05b6..c69a5b3 100644 --- a/ed25519/ref10/ge.h +++ b/ed25519/ref10/ge.h @@ -52,28 +52,28 @@ typedef struct { typedef unsigned char bytes32[32]; -#define ge_frombytes_negate_vartime crypto_sign_ed25519_ref10_ge_frombytes_negate_vartime -#define ge_tobytes crypto_sign_ed25519_ref10_ge_tobytes -#define ge_p3_tobytes crypto_sign_ed25519_ref10_ge_p3_tobytes -#define ge_p3_batchtobytes_destructive_1 crypto_sign_ed25519_ref10_ge_p3_batchtobytes_destructive_1 -#define ge_p3_batchtobytes_destructive_finish crypto_sign_ed25519_ref10_ge_p3_batchtobytes_destructive_finish +#define ge_frombytes_negate_vartime CRYPTO_NAMESPACE(ge_frombytes_negate_vartime) +#define ge_tobytes CRYPTO_NAMESPACE(ge_tobytes) +#define ge_p3_tobytes CRYPTO_NAMESPACE(ge_p3_tobytes) +#define ge_p3_batchtobytes_destructive_1 CRYPTO_NAMESPACE(ge_p3_batchtobytes_destructive_1) +#define ge_p3_batchtobytes_destructive_finish CRYPTO_NAMESPACE(ge_p3_batchtobytes_destructive_finish) -#define ge_p2_0 crypto_sign_ed25519_ref10_ge_p2_0 -#define ge_p3_0 crypto_sign_ed25519_ref10_ge_p3_0 -#define ge_precomp_0 crypto_sign_ed25519_ref10_ge_precomp_0 -#define ge_p3_to_p2 crypto_sign_ed25519_ref10_ge_p3_to_p2 -#define ge_p3_to_cached crypto_sign_ed25519_ref10_ge_p3_to_cached -#define ge_p1p1_to_p2 crypto_sign_ed25519_ref10_ge_p1p1_to_p2 -#define ge_p1p1_to_p3 crypto_sign_ed25519_ref10_ge_p1p1_to_p3 -#define ge_p2_dbl crypto_sign_ed25519_ref10_ge_p2_dbl -#define ge_p3_dbl crypto_sign_ed25519_ref10_ge_p3_dbl +#define ge_p2_0 CRYPTO_NAMESPACE(ge_p2_0) +#define ge_p3_0 CRYPTO_NAMESPACE(ge_p3_0) +#define ge_precomp_0 CRYPTO_NAMESPACE(ge_precomp_0) +#define ge_p3_to_p2 CRYPTO_NAMESPACE(ge_p3_to_p2) +#define ge_p3_to_cached CRYPTO_NAMESPACE(ge_p3_to_cached) +#define ge_p1p1_to_p2 CRYPTO_NAMESPACE(ge_p1p1_to_p2) +#define ge_p1p1_to_p3 CRYPTO_NAMESPACE(ge_p1p1_to_p3) +#define ge_p2_dbl CRYPTO_NAMESPACE(ge_p2_dbl) +#define ge_p3_dbl CRYPTO_NAMESPACE(ge_p3_dbl) -#define ge_madd crypto_sign_ed25519_ref10_ge_madd -#define ge_msub crypto_sign_ed25519_ref10_ge_msub -#define ge_add crypto_sign_ed25519_ref10_ge_add -#define ge_sub crypto_sign_ed25519_ref10_ge_sub -#define ge_scalarmult_base crypto_sign_ed25519_ref10_ge_scalarmult_base -#define ge_double_scalarmult_vartime crypto_sign_ed25519_ref10_ge_double_scalarmult_vartime +#define ge_madd CRYPTO_NAMESPACE(ge_madd) +#define ge_msub CRYPTO_NAMESPACE(ge_msub) +#define ge_add CRYPTO_NAMESPACE(ge_add) +#define ge_sub CRYPTO_NAMESPACE(ge_sub) +#define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) +#define ge_double_scalarmult_vartime CRYPTO_NAMESPACE(ge_double_scalarmult_vartime) extern void ge_tobytes(unsigned char *,const ge_p2 *); extern void ge_p3_tobytes(unsigned char *,const ge_p3 *); diff --git a/ed25519/ref10/ge_double_scalarmult.c b/ed25519/ref10/ge_double_scalarmult.c index f8bf4bf..a2df6e9 100644 --- a/ed25519/ref10/ge_double_scalarmult.c +++ b/ed25519/ref10/ge_double_scalarmult.c @@ -32,7 +32,7 @@ static void slide(signed char *r,const unsigned char *a) } -static ge_precomp Bi[8] = { +static const ge_precomp Bi[8] = { #include "base2.h" } ; diff --git a/ed25519/ref10/ge_p3_tobytes.c b/ed25519/ref10/ge_p3_tobytes.c index b251f60..21cb2fc 100644 --- a/ed25519/ref10/ge_p3_tobytes.c +++ b/ed25519/ref10/ge_p3_tobytes.c @@ -1,6 +1,6 @@ #include "ge.h" -void ge_p3_tobytes(bytes32 s,const ge_p3 *h) +void ge_p3_tobytes(unsigned char *s,const ge_p3 *h) { fe recip; fe x; diff --git a/ed25519/ref10/ge_scalarmult_base.c b/ed25519/ref10/ge_scalarmult_base.c index 421e4fa..6707547 100644 --- a/ed25519/ref10/ge_scalarmult_base.c +++ b/ed25519/ref10/ge_scalarmult_base.c @@ -19,7 +19,7 @@ static unsigned char negative(signed char b) return x; } -static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b) +static void cmov(ge_precomp *t,const ge_precomp *u,unsigned char b) { fe_cmov(t->yplusx,u->yplusx,b); fe_cmov(t->yminusx,u->yminusx,b); @@ -27,7 +27,7 @@ static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b) } /* base[i][j] = (j+1)*256^i*B */ -static ge_precomp base[32][8] = { +static const ge_precomp base[32][8] = { #include "base.h" } ; diff --git a/ed25519/ref10/sc.h b/ed25519/ref10/sc.h index d32ed2e..81c8594 100644 --- a/ed25519/ref10/sc.h +++ b/ed25519/ref10/sc.h @@ -6,8 +6,8 @@ The set of scalars is \Z/l where l = 2^252 + 27742317777372353535851937790883648493. */ -#define sc_reduce crypto_sign_ed25519_ref10_sc_reduce -#define sc_muladd crypto_sign_ed25519_ref10_sc_muladd +#define sc_reduce CRYPTO_NAMESPACE(sc_reduce) +#define sc_muladd CRYPTO_NAMESPACE(sc_muladd) extern void sc_reduce(unsigned char *); extern void sc_muladd(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); diff --git a/test_ed25519.c b/test_ed25519.c index b87135c..7fe26c6 100644 --- a/test_ed25519.c +++ b/test_ed25519.c @@ -6,6 +6,7 @@ #include "types.h" #include "base16.h" #include "ed25519/ed25519.h" +#include "ed25519/ed25519_impl_pre.h" #include "testutil.h" struct pktest { @@ -60,3 +61,5 @@ int main(void) return 0; } + +#include "ed25519/ed25519_impl_post.h" diff --git a/worker.c b/worker.c index 7f8cb03..2a3d2e9 100644 --- a/worker.c +++ b/worker.c @@ -18,6 +18,7 @@ #include "base32.h" #include "keccak.h" #include "ed25519/ed25519.h" +#include "ed25519/ed25519_impl_pre.h" #include "ioutil.h" #include "common.h" #include "yaml.h" @@ -180,7 +181,6 @@ static inline void shiftpk(u8 *dst,const u8 *src,size_t sbits) dst[i] = 0; } -#include "worker_slow.inc.h" // in little-endian order, 32 bytes aka 256 bits @@ -195,7 +195,6 @@ static void addsztoscalar32(u8 *dst,size_t v) } } -#include "worker_fast.inc.h" #ifdef PASSPHRASE @@ -213,7 +212,6 @@ static void reseedright(u8 sk[SECRET_LEN]) } #endif // PASSPHRASE -#include "worker_fast_pass.inc.h" #if !defined(BATCHNUM) @@ -225,6 +223,15 @@ size_t worker_batch_memuse(void) return (sizeof(ge_p3) + sizeof(fe) + sizeof(bytes32)) * BATCHNUM; } +#include "worker_slow.inc.h" + +#include "worker_fast.inc.h" + +#include "worker_fast_pass.inc.h" + #include "worker_batch.inc.h" #include "worker_batch_pass.inc.h" + +// XXX this is useless here, but will end up somewhere like that when i'll modularize stuff +#include "ed25519/ed25519_impl_post.h" diff --git a/worker_impl.inc.h b/worker_impl.inc.h new file mode 100644 index 0000000..70b786d --- /dev/null +++ b/worker_impl.inc.h @@ -0,0 +1 @@ +// TODO From 0eee09364dcc3a0fe7838198647ba13894acff49 Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 5 May 2022 15:36:36 +0000 Subject: [PATCH 068/107] change usage formatting, print version --- GNUmakefile.in | 2 +- configure.ac | 33 ++++++++++++++++++++ main.c | 83 +++++++++++++++++++++++++++++++++----------------- 3 files changed, 89 insertions(+), 29 deletions(-) diff --git a/GNUmakefile.in b/GNUmakefile.in index acd8694..386bc03 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -1,7 +1,7 @@ CC= @CC@ CSTD= @CSTD@ -CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @PIE@ @MYDEFS@ +CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @PIE@ @MYDEFS@ -DVERSION='"@VERSION@"' ASFLAGS= @PIE@ LDFLAGS= @LDFLAGS@ MV= mv diff --git a/configure.ac b/configure.ac index 68152c7..dad2aae 100644 --- a/configure.ac +++ b/configure.ac @@ -5,6 +5,38 @@ AC_CONFIG_SRCDIR([main.c]) oldcflags="$CFLAGS" AC_PROG_CC +# determine version +ver="" +if test -r "$srcdir/version.txt" +then + ver=`cat "$srcdir/version.txt"` +elif test -d "$srcdir/.git" +then + if git --version >/dev/null 2>&1 + then + # try matching exact tag + ver=`git -C "$srcdir" describe --tags --exact-match 2>/dev/null` + if test -z "$ver" + then + # otherwise obtain full commit ID + ver=git-`git -C "$srcdir" rev-parse HEAD 2>/dev/null` + fi + if test -n "$ver" + then + if ! git -C "$srcdir" diff --exit-code >/dev/null 2>&1 + then + # add at the end to mark modified version + ver="$ver"'*' + fi + fi + fi +fi + +if test -z "$ver" +then + ver=unknown +fi + # NOTE: this script intentionally doesn't check for small details like posix functions and hard dependencies (libsodium) so you may get errors at compilation if test "x$oldcflags" != "x$CFLAGS" @@ -346,5 +378,6 @@ AC_SUBST(MYDEFS,["$MYDEFS"]) AC_SUBST(MAINLIB,["$MAINLIB"]) AC_SUBST(PIE,["$pie"]) AC_SUBST(SRCDIR,["$srcdir"]) +AC_SUBST(VERSION,["$ver"]) AC_CONFIG_FILES([GNUmakefile]) AC_OUTPUT diff --git a/main.c b/main.c index f90cae2..b8aaabb 100644 --- a/main.c +++ b/main.c @@ -89,42 +89,61 @@ VEC_STRUCT(tstatsvec,struct tstatstruct); static void printhelp(FILE *out,const char *progname) { + // 0 1 2 3 4 5 6 7 + // 01234567890123456789012345678901234567890123456789012345678901234567890123456789 fprintf(out, - "Usage: %s filter [filter...] [options]\n" - " %s -f filterfile [options]\n" + "Usage: %s FILTER [FILTER...] [OPTION]\n" + " %s -f FILTERFILE [OPTION]\n" "Options:\n" - "\t-h - print help to stdout and quit\n" - "\t-f - specify filter file which contains filters separated by newlines\n" - "\t-D - deduplicate filters\n" - "\t-q - do not print diagnostic output to stderr\n" - "\t-x - do not print onion names\n" - "\t-v - print more diagnostic data\n" - "\t-o filename - output onion names to specified file (append)\n" - "\t-O filename - output onion names to specified file (overwrite)\n" - "\t-F - include directory names in onion names output\n" - "\t-d dirname - output directory\n" - "\t-t numthreads - specify number of threads to utilise (default - CPU core count or 1)\n" - "\t-j numthreads - same as -t\n" - "\t-n numkeys - specify number of keys (default - 0 - unlimited)\n" - "\t-N numwords - specify number of words per key (default - 1)\n" - "\t-Z - use \"slower\" key generation method (initial default)\n" - "\t-z - use \"faster\" key generation method (later default)\n" - "\t-B - use batching key generation method (>10x faster than -z, current default)\n" - "\t-s - print statistics each 10 seconds\n" - "\t-S t - print statistics every specified ammount of seconds\n" - "\t-T - do not reset statistics counters when printing\n" - "\t-y - output generated keys in YAML format instead of dumping them to filesystem\n" - "\t-Y [filename [host.onion]] - parse YAML encoded input and extract key(s) to filesystem\n" - "\t--rawyaml - raw (unprefixed) public/secret keys for -y/-Y (may be useful for tor controller API)\n" + " -f FILTERFILE specify filter file which contains filters separated\n" + " by newlines\n" + " -D deduplicate filters\n" + " -q do not print diagnostic output to stderr\n" + " -x do not print onion names\n" + " -v print more diagnostic data\n" + " -o FILENAME output onion names to specified file (append)\n" + " -O FILENAME output onion names to specified file (overwrite)\n" + " -F include directory names in onion names output\n" + " -d DIRNAME output directory\n" + " -t NUMTHREADS specify number of threads to utilise\n" + " (default - try detecting CPU core count)\n" + " -j NUMTHREADS same as -t\n" + " -n NUMKEYS specify number of keys (default - 0 - unlimited)\n" + " -N NUMWORDS specify number of words per key (default - 1)\n" + " -Z use \"slower\" key generation method (initial default)\n" + " -z use \"faster\" key generation method (later default)\n" + " -B use batching key generation method\n" + " (>10x faster than -z, current default)\n" + " -s print statistics each 10 seconds\n" + " -S SECONDS print statistics every specified amount of seconds\n" + " -T do not reset statistics counters when printing\n" + " -y output generated keys in YAML format instead of\n" + " dumping them to filesystem\n" + " -Y [FILENAME [host.onion]]\n" + " parse YAML encoded input and extract key(s) to\n" + " filesystem\n" #ifdef PASSPHRASE - "\t-p passphrase - use passphrase to initialize the random seed with\n" - "\t-P - same as -p, but takes passphrase from PASSPHRASE environment variable\n" - "\t--checkpoint filename - load/save checkpoint of progress to specified file (requires passphrase)\n" + " -p PASSPHRASE use passphrase to initialize the random seed with\n" + " -P same as -p, but takes passphrase from PASSPHRASE\n" + " environment variable\n" + " --checkpoint filename\n" + " load/save checkpoint of progress to specified file\n" + " (requires passphrase)\n" #endif + " --rawyaml raw (unprefixed) public/secret keys for -y/-Y\n" + " (may be useful for tor controller API)\n" + " -h, --help, --usage print help to stdout and quit\n" + " -V, --version print version information to stdout and exit\n" ,progname,progname); fflush(out); } +static void printversion(void) +{ + fprintf(stdout,"mkp224o " VERSION "\n"); + fflush(stdout); +} + static void e_additional(void) { fprintf(stderr,"additional argument required\n"); @@ -303,6 +322,10 @@ int main(int argc,char **argv) printhelp(stdout,progname); exit(0); } + else if (!strcmp(arg,"version")) { + printversion(); + exit(0); + } else if (!strcmp(arg,"rawyaml")) yamlraw = 1; #ifdef PASSPHRASE @@ -328,6 +351,10 @@ int main(int argc,char **argv) printhelp(stdout,progname); exit(0); } + else if (*arg == 'V') { + printversion(); + exit(0); + } else if (*arg == 'f') { if (argc--) { if (!loadfilterfile(*argv++)) From 01062d70d1b6f56c9bf584b5e7da050a89383e05 Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 5 May 2022 19:45:42 +0000 Subject: [PATCH 069/107] mmm right --- configure.ac | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index dad2aae..c2c89ef 100644 --- a/configure.ac +++ b/configure.ac @@ -19,7 +19,11 @@ then if test -z "$ver" then # otherwise obtain full commit ID - ver=git-`git -C "$srcdir" rev-parse HEAD 2>/dev/null` + ver=`git -C "$srcdir" rev-parse HEAD 2>/dev/null` + if test -n "$ver" + then + ver=git-$ver + fi fi if test -n "$ver" then From 6438396a33c7b8feabf2d9c02d55742c854b36e1 Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 5 May 2022 23:18:41 +0300 Subject: [PATCH 070/107] more :> --- ed25519/ed25519_impl_pre.h | 1 + main.c | 10 +++--- worker.c | 63 ++++++++++++++++++++++++++++---------- worker.h | 10 +++--- worker_batch.inc.h | 2 +- worker_batch_pass.inc.h | 2 +- worker_fast.inc.h | 2 +- worker_fast_pass.inc.h | 2 +- worker_impl.inc.h | 16 +++++++++- worker_slow.inc.h | 2 +- 10 files changed, 78 insertions(+), 32 deletions(-) diff --git a/ed25519/ed25519_impl_pre.h b/ed25519/ed25519_impl_pre.h index 375c9b0..bc84ad9 100644 --- a/ed25519/ed25519_impl_pre.h +++ b/ed25519/ed25519_impl_pre.h @@ -1,3 +1,4 @@ + #ifndef ED25519_donna # if defined(_MSC_VER) # define ALIGN(x) __declspec(align(x)) diff --git a/main.c b/main.c index b8aaabb..1943817 100644 --- a/main.c +++ b/main.c @@ -666,16 +666,16 @@ int main(int argc,char **argv) #ifdef PASSPHRASE deterministic ? (wt == WT_BATCH - ? worker_batch_pass - : worker_fast_pass) + ? CRYPTO_NAMESPACE(worker_batch_pass) + : CRYPTO_NAMESPACE(worker_fast_pass)) : #endif wt == WT_BATCH - ? worker_batch + ? CRYPTO_NAMESPACE(worker_batch) : wt == WT_FAST - ? worker_fast - : worker_slow, + ? CRYPTO_NAMESPACE(worker_fast) + : CRYPTO_NAMESPACE(worker_slow), tp ); if (tret) { diff --git a/worker.c b/worker.c index 2a3d2e9..b9a6476 100644 --- a/worker.c +++ b/worker.c @@ -17,8 +17,6 @@ #include "vec.h" #include "base32.h" #include "keccak.h" -#include "ed25519/ed25519.h" -#include "ed25519/ed25519_impl_pre.h" #include "ioutil.h" #include "common.h" #include "yaml.h" @@ -53,10 +51,6 @@ size_t numneedgenerate = 0; char *workdir = 0; size_t workdirlen = 0; -void worker_init(void) -{ - ge_initeightpoint(); -} #ifdef PASSPHRASE // How many times we loop before a reseed @@ -218,20 +212,57 @@ static void reseedright(u8 sk[SECRET_LEN]) #define BATCHNUM 2048 #endif + +#include "ed25519/ed25519.h" + +#include "worker_impl.inc.h" + size_t worker_batch_memuse(void) { - return (sizeof(ge_p3) + sizeof(fe) + sizeof(bytes32)) * BATCHNUM; + size_t s = 0,x; + +#ifdef ED25519_ref10 + x = crypto_sign_ed25519_ref10_worker_batch_memuse(); + if (x > s) + s = x; +#endif + +#ifdef ED25519_amd64_51_30k + x = crypto_sign_ed25519_amd64_51_30k_worker_batch_memuse(); + if (x > s) + s = x; +#endif + +#ifdef ED25519_amd64_64_24k + x = crypto_sign_ed25519_amd64_64_24k_worker_batch_memuse(); + if (x > s) + s = x; +#endif + +#ifdef ED25519_donna + x = crypto_sign_ed25519_donna_worker_batch_memuse(); + if (x > s) + s = x; +#endif + + return s; } -#include "worker_slow.inc.h" +void worker_init(void) +{ +#ifdef ED25519_ref10 + crypto_sign_ed25519_ref10_ge_initeightpoint(); +#endif -#include "worker_fast.inc.h" +#ifdef ED25519_amd64_51_30k + crypto_sign_ed25519_amd64_51_30k_ge_initeightpoint(); +#endif -#include "worker_fast_pass.inc.h" +#ifdef ED25519_amd64_64_24k + crypto_sign_ed25519_amd64_64_24k_ge_initeightpoint(); +#endif -#include "worker_batch.inc.h" - -#include "worker_batch_pass.inc.h" - -// XXX this is useless here, but will end up somewhere like that when i'll modularize stuff -#include "ed25519/ed25519_impl_post.h" +#ifdef ED25519_donna + crypto_sign_ed25519_donna_ge_initeightpoint(); +#endif +} diff --git a/worker.h b/worker.h index 7f50f6f..36912a0 100644 --- a/worker.h +++ b/worker.h @@ -40,10 +40,10 @@ extern void worker_init(void); extern char *makesname(void); extern size_t worker_batch_memuse(void); -extern void *worker_slow(void *task); -extern void *worker_fast(void *task); -extern void *worker_batch(void *task); +extern void *CRYPTO_NAMESPACE(worker_slow)(void *task); +extern void *CRYPTO_NAMESPACE(worker_fast)(void *task); +extern void *CRYPTO_NAMESPACE(worker_batch)(void *task); #ifdef PASSPHRASE -extern void *worker_fast_pass(void *task); -extern void *worker_batch_pass(void *task); +extern void *CRYPTO_NAMESPACE(worker_fast_pass)(void *task); +extern void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task); #endif diff --git a/worker_batch.inc.h b/worker_batch.inc.h index 2e0788f..7eb5cd6 100644 --- a/worker_batch.inc.h +++ b/worker_batch.inc.h @@ -1,5 +1,5 @@ -void *worker_batch(void *task) +void *CRYPTO_NAMESPACE(worker_batch)(void *task) { union pubonionunion pubonion; u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index 44006ff..0fa49ff 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -1,6 +1,6 @@ #ifdef PASSPHRASE -void *worker_batch_pass(void *task) +void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task) { union pubonionunion pubonion; u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; diff --git a/worker_fast.inc.h b/worker_fast.inc.h index 1d7443f..b9ec7a0 100644 --- a/worker_fast.inc.h +++ b/worker_fast.inc.h @@ -1,5 +1,5 @@ -void *worker_fast(void *task) +void *CRYPTO_NAMESPACE(worker_fast)(void *task) { union pubonionunion pubonion; u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; diff --git a/worker_fast_pass.inc.h b/worker_fast_pass.inc.h index 132aed6..793d600 100644 --- a/worker_fast_pass.inc.h +++ b/worker_fast_pass.inc.h @@ -1,6 +1,6 @@ #ifdef PASSPHRASE -void *worker_fast_pass(void *task) +void *CRYPTO_NAMESPACE(worker_fast_pass)(void *task) { union pubonionunion pubonion; u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; diff --git a/worker_impl.inc.h b/worker_impl.inc.h index 70b786d..fbd7b0f 100644 --- a/worker_impl.inc.h +++ b/worker_impl.inc.h @@ -1 +1,15 @@ -// TODO + +#include "ed25519/ed25519_impl_pre.h" + +static size_t CRYPTO_NAMESPACE(worker_batch_memuse)(void) +{ + return (sizeof(ge_p3) + sizeof(fe) + sizeof(bytes32)) * BATCHNUM; +} + +#include "worker_slow.inc.h" +#include "worker_fast.inc.h" +#include "worker_fast_pass.inc.h" +#include "worker_batch.inc.h" +#include "worker_batch_pass.inc.h" + +#include "ed25519/ed25519_impl_post.h" diff --git a/worker_slow.inc.h b/worker_slow.inc.h index 278b58b..ab75ef2 100644 --- a/worker_slow.inc.h +++ b/worker_slow.inc.h @@ -1,5 +1,5 @@ -void *worker_slow(void *task) +void *CRYPTO_NAMESPACE(worker_slow)(void *task) { union pubonionunion pubonion; u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; From ac633abd2bea54803ea57eb735bfbd76ef2f7463 Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 12 May 2022 14:45:22 +0000 Subject: [PATCH 071/107] don't email me i dont read stuff anyway also PGP key link is dead --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index 02717a9..0633e86 100644 --- a/README.md +++ b/README.md @@ -100,11 +100,6 @@ performance-related tips. It appears that onionbalance supports loading usual `hs_ed25519_secret_key` key so it should work. -### Contact - -For bug reports/questions/whatever else, email cathugger at cock dot li.\ -PGP key, if needed, can be found at . - ### Acknowledgements & Legal To the extent possible under law, the author(s) have dedicated all From 8b2d09d1c00cf070e9770d5b219b1a3480bd0edb Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 12 May 2022 15:02:09 +0000 Subject: [PATCH 072/107] edit readme a bit more --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0633e86..c3dbad0 100644 --- a/README.md +++ b/README.md @@ -75,9 +75,9 @@ performance-related tips. Then edit `torrc` and add new service with that folder.\ After reload/restart tor should pick it up. -* Generate addresses with 1-2 and 7-9 digits? +* Generate addresses with `1-2` and `7-9` digits? - Onion addresses use base32 encoding which does not include 0,1,8,9 + Onion addresses use base32 encoding which does not include `0,1,8,9` numbers.\ So no, that's not possible to generate these, and mkp224o tries to detect invalid filters containing them early on. From 5f946123f21a60059a70e684bdbbdc861b053484 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 20 Apr 2022 10:16:37 +0200 Subject: [PATCH 073/107] Vagrantfile for fully automated, secure runs Just running `vagrant up` will start a VM, build mkp224o, remove root and internet access, then run mkp224o. This provides an easy to use, disposible way to generate onion services. --- contrib/vagrant/Vagrantfile | 46 +++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 contrib/vagrant/Vagrantfile diff --git a/contrib/vagrant/Vagrantfile b/contrib/vagrant/Vagrantfile new file mode 100644 index 0000000..cdda8cb --- /dev/null +++ b/contrib/vagrant/Vagrantfile @@ -0,0 +1,46 @@ + +# set this to choose the starting prefix of the onion name +filter = "prefix" + +Vagrant.configure("2") do |config| + config.vm.box = "debian/bullseye64" + config.vm.provider :libvirt do |libvirt| + libvirt.cpus = 2 + end + config.vm.synced_folder '.', '/vagrant', disabled: true + config.vm.provision :shell, inline: <<-SHELL + set -ex + + sed -i s,http:,https:, /etc/apt/sources.list + apt-get update + apt-get -qy dist-upgrade + apt-get -qy install --no-install-recommends git gcc libc-dev libsodium-dev make autoconf htop screen +SHELL + + config.vm.provision :shell, privileged: false, inline: <<-SHELL + git clone https://github.com/cathugger/mkp224o.git /home/vagrant/mkp224o +SHELL + + # disable internet access + config.vm.provision "shell", + run: "always", + inline: "ip route del default || true" + + # disable root + config.vm.provision "shell", inline: "passwd --lock root" + config.vm.provision "shell", inline: "SUDO_FORCE_REMOVE=yes dpkg --purge sudo" + + config.vm.provision :shell, privileged: false, inline: <<-SHELL + set -ex + + cd mkp224o + ./autogen.sh + ./configure + make + ./mkp224o -h + + mkdir ~/#{filter} + cd ~/#{filter} + screen -d -m -L -Logfile #{filter}.log -S run-#{filter} nice ~/mkp224o/mkp224o -S 300 #{filter} +SHELL +end From 481a6b701f471ea4c0f5d0f3d247bfebd9fabc80 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 16 May 2022 21:17:50 +0000 Subject: [PATCH 074/107] fix win side, add incomplete build script --- contrib/winbuild/.gitignore | 3 +++ contrib/winbuild/buildwin.sh | 33 +++++++++++++++++++++++++++++++++ ioutil.c | 10 +++++----- 3 files changed, 41 insertions(+), 5 deletions(-) create mode 100644 contrib/winbuild/.gitignore create mode 100755 contrib/winbuild/buildwin.sh diff --git a/contrib/winbuild/.gitignore b/contrib/winbuild/.gitignore new file mode 100644 index 0000000..6b0e2e7 --- /dev/null +++ b/contrib/winbuild/.gitignore @@ -0,0 +1,3 @@ +/winepfx +/x86_64 +/i686 diff --git a/contrib/winbuild/buildwin.sh b/contrib/winbuild/buildwin.sh new file mode 100755 index 0000000..a321dd8 --- /dev/null +++ b/contrib/winbuild/buildwin.sh @@ -0,0 +1,33 @@ +#!/bin/sh +set -e + +D=$(realpath "$0") +D=$(dirname "$D") +cd "$D" + +export WINEARCH=win64 +export WINEPREFIX=$(realpath ./winepfx) +OPATH=$PATH + +for w in x86_64 i686 +do + rm -rf "$w" + mkdir "$w" + cd "$w" + p=$w-w64-mingw32 + + case $w in + i686) + CFLAGS="-march=i686 -mtune=generic" + ;; + x86_64) + CFLAGS="-march=x86-64 -mtune=generic" + ;; + esac + CFLAGS="-O3 $CFLAGS -fomit-frame-pointer" + + export PATH=/usr/$p/bin:$PATH + ../../../configure --enable-regex --enable-donna CC="$p-gcc" CFLAGS="$CFLAGS" + make + cd .. +done diff --git a/ioutil.c b/ioutil.c index cc430df..6ec260a 100644 --- a/ioutil.c +++ b/ioutil.c @@ -218,9 +218,9 @@ int createdir(const char *path,int secret) return CreateDirectoryA(path,0) ? 0 : -1; } -static int syncwritefile(const char *filename,const char *tmpname,int secret,const char *data,size_t datalen) +static int syncwritefile(const char *filename,const char *tmpname,int secret,const u8 *data,size_t datalen) { - FH f = createfile(tmpnamestr,secret) + FH f = createfile(tmpname,secret); if (f == FH_invalid) return -1; @@ -236,7 +236,7 @@ static int syncwritefile(const char *filename,const char *tmpname,int secret,con goto failrm; } - if (MoveFileA(tmpnamestr,filename) == 0) { + if (MoveFileA(tmpname,filename) == 0) { goto failrm; } @@ -245,12 +245,12 @@ static int syncwritefile(const char *filename,const char *tmpname,int secret,con failclose: (void) closefile(f); failrm: - remove(tmpnamestr); + remove(tmpname); return -1; } -int syncwrite(const char *filename,int secret,const char *data,size_t datalen) +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen) { size_t fnlen = strlen(filename); From 1884eaf5a2c20d4f34c56d9ad8122438f549fbd7 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 16 May 2022 21:21:01 +0000 Subject: [PATCH 075/107] some fixups --- contrib/winbuild/buildwin.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/winbuild/buildwin.sh b/contrib/winbuild/buildwin.sh index a321dd8..d059c5d 100755 --- a/contrib/winbuild/buildwin.sh +++ b/contrib/winbuild/buildwin.sh @@ -26,8 +26,8 @@ do esac CFLAGS="-O3 $CFLAGS -fomit-frame-pointer" - export PATH=/usr/$p/bin:$PATH - ../../../configure --enable-regex --enable-donna CC="$p-gcc" CFLAGS="$CFLAGS" + export PATH=/usr/$p/bin:$OPATH + ../../../configure --enable-regex --enable-donna --with-pcre2="/usr/$p/bin/pcre2-config" CC="$p-gcc" CFLAGS="$CFLAGS" make cd .. done From b428196b5ef415ef65a4a3e5e873ff3958f8ee7b Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 17 May 2022 16:01:52 +0000 Subject: [PATCH 076/107] more stuff --- calcest.c | 3 ++ contrib/winbuild/.gitignore | 5 ++- contrib/winbuild/buildwin.sh | 59 +++++++++++++++++++++++++++++++----- 3 files changed, 57 insertions(+), 10 deletions(-) diff --git a/calcest.c b/calcest.c index 0315a3a..4670598 100644 --- a/calcest.c +++ b/calcest.c @@ -19,6 +19,9 @@ const int charcounts[] = { 2, 3, 4, 5, 6, 7, 8, 9, 10 }; int main(int argc,char **argv) { + // TODO + (void) argc; + (void) argv; printf(" |"); for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { diff --git a/contrib/winbuild/.gitignore b/contrib/winbuild/.gitignore index 6b0e2e7..1603eac 100644 --- a/contrib/winbuild/.gitignore +++ b/contrib/winbuild/.gitignore @@ -1,3 +1,2 @@ -/winepfx -/x86_64 -/i686 +/build +/out diff --git a/contrib/winbuild/buildwin.sh b/contrib/winbuild/buildwin.sh index d059c5d..9c29299 100755 --- a/contrib/winbuild/buildwin.sh +++ b/contrib/winbuild/buildwin.sh @@ -1,33 +1,78 @@ #!/bin/sh -set -e +set -eux + +V=$1 D=$(realpath "$0") D=$(dirname "$D") cd "$D" +mkdir -p build + export WINEARCH=win64 -export WINEPREFIX=$(realpath ./winepfx) +export WINEPREFIX=$(realpath ./build/winepfx) OPATH=$PATH +rm -rf out +mkdir -p out + +# prepare source +SV=mkp224o-$V +SO=$(realpath ./out/$SV) +git clone ../../ "$SO" +cd "$SO" +rm -rf .git +./autogen.sh +echo v$V > version.txt +cd ../.. + +# build windows bins +B=$(realpath ./build) for w in x86_64 i686 do - rm -rf "$w" - mkdir "$w" - cd "$w" + cd "$B" + rm -rf $w + mkdir $w + cd $w p=$w-w64-mingw32 case $w in i686) CFLAGS="-march=i686 -mtune=generic" + W=32 ;; x86_64) CFLAGS="-march=x86-64 -mtune=generic" + W=64 ;; esac CFLAGS="-O3 $CFLAGS -fomit-frame-pointer" export PATH=/usr/$p/bin:$OPATH - ../../../configure --enable-regex --enable-donna --with-pcre2="/usr/$p/bin/pcre2-config" CC="$p-gcc" CFLAGS="$CFLAGS" - make + ../../out/$SV/configure --enable-regex --enable-donna --with-pcre2="/usr/$p/bin/pcre2-config" CC="${p}-gcc" CFLAGS="$CFLAGS" + make main util + $p-strip mkp224o.exe + $p-strip calcest.exe cd .. + + BO="$SO-w$W" + mkdir -p "$BO" + cp $w/mkp224o.exe "$BO/" + cp $w/calcest.exe "$BO/" + cd "$BO" + $p-ldd mkp224o.exe | grep -v 'not found' | awk '{print $3}' | xargs -r cp -v -t ./ done +export PATH=$OPATH + +# compress stuff +cd "$D/out" +export TZ=UTC + +tar --portability --no-acls --no-selinux --no-xattrs --owner root:0 --group=root:0 --sort=name -c -f $SV.tar $SV +zopfli -c $SV.tar > $SV.tar.gz +zstd -19 -f $SV.tar -o $SV.tar.zst +rm $SV.tar + +zip -9 -X -r $SV-w32.zip $SV-w32 +zip -9 -X -r $SV-w64.zip $SV-w64 + From 7f714ee4f7cbdada158314a92ebda1f0433f048e Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 17 May 2022 16:03:08 +0000 Subject: [PATCH 077/107] this makes more sense --- contrib/{winbuild => release-scripts}/.gitignore | 0 contrib/{winbuild/buildwin.sh => release-scripts/release.sh} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename contrib/{winbuild => release-scripts}/.gitignore (100%) rename contrib/{winbuild/buildwin.sh => release-scripts/release.sh} (100%) diff --git a/contrib/winbuild/.gitignore b/contrib/release-scripts/.gitignore similarity index 100% rename from contrib/winbuild/.gitignore rename to contrib/release-scripts/.gitignore diff --git a/contrib/winbuild/buildwin.sh b/contrib/release-scripts/release.sh similarity index 100% rename from contrib/winbuild/buildwin.sh rename to contrib/release-scripts/release.sh From 4e98a931f4e66eaf687ffb0d10a320e8a8b92106 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 30 May 2022 20:34:31 +0000 Subject: [PATCH 078/107] tweak release script, add signing one --- contrib/release-scripts/release.sh | 12 ++++++------ contrib/release-scripts/sign.sh | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 6 deletions(-) create mode 100755 contrib/release-scripts/sign.sh diff --git a/contrib/release-scripts/release.sh b/contrib/release-scripts/release.sh index 9c29299..c4b6879 100755 --- a/contrib/release-scripts/release.sh +++ b/contrib/release-scripts/release.sh @@ -7,6 +7,8 @@ D=$(realpath "$0") D=$(dirname "$D") cd "$D" +export TZ=UTC + mkdir -p build export WINEARCH=win64 @@ -66,13 +68,11 @@ export PATH=$OPATH # compress stuff cd "$D/out" -export TZ=UTC -tar --portability --no-acls --no-selinux --no-xattrs --owner root:0 --group=root:0 --sort=name -c -f $SV.tar $SV -zopfli -c $SV.tar > $SV.tar.gz -zstd -19 -f $SV.tar -o $SV.tar.zst -rm $SV.tar +tar --portability --no-acls --no-selinux --no-xattrs --owner root:0 --group=root:0 --sort=name -c -f $SV-src.tar $SV +zopfli -c $SV-src.tar > $SV-src.tar.gz +zstd -19 -f $SV-src.tar -o $SV-src.tar.zst +rm $SV-src.tar zip -9 -X -r $SV-w32.zip $SV-w32 zip -9 -X -r $SV-w64.zip $SV-w64 - diff --git a/contrib/release-scripts/sign.sh b/contrib/release-scripts/sign.sh new file mode 100755 index 0000000..597e89c --- /dev/null +++ b/contrib/release-scripts/sign.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +if [ x"$1" = x ] +then + echo "Usage: $0 key-id" >&2 + exit 1 +fi + +D=$(realpath "$0") +D=$(dirname "$D") +cd "$D" + +cd out + +gpg --detach-sign -u "$1" mkp224o-*-src.tar.gz +gpg --detach-sign -u "$1" mkp224o-*-src.tar.zst +gpg --detach-sign -u "$1" mkp224o-*-w32.zip +gpg --detach-sign -u "$1" mkp224o-*-w64.zip From a437e34a26e3d80cfcf2f46c74726ce1b59cc5e6 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 30 May 2022 20:44:35 +0000 Subject: [PATCH 079/107] one more adjust --- contrib/release-scripts/release.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/release-scripts/release.sh b/contrib/release-scripts/release.sh index c4b6879..8352f6f 100755 --- a/contrib/release-scripts/release.sh +++ b/contrib/release-scripts/release.sh @@ -25,6 +25,7 @@ git clone ../../ "$SO" cd "$SO" rm -rf .git ./autogen.sh +rm -rf *.cache echo v$V > version.txt cd ../.. From fca1c18defb2173b7a256a04e0d4e0f448640dd9 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 30 May 2022 20:47:53 +0000 Subject: [PATCH 080/107] uhhh make depend --- GNUmakefile.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/GNUmakefile.in b/GNUmakefile.in index 386bc03..910b1ae 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -446,7 +446,9 @@ test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h testutil.h test_ed25519.c.o: ed25519/ed25519_impl_post.h vec.c.o: vec.h -worker.c.o: types.h likely.h vec.h base32.h keccak.h ed25519/ed25519.h +worker.c.o: types.h likely.h vec.h base32.h keccak.h ioutil.h common.h yaml.h +worker.c.o: worker.h filters.h filters_inc.inc.h filters_worker.inc.h +worker.c.o: filters_common.inc.h ed25519/ed25519.h worker_impl.inc.h worker.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/ref10/ge.h worker.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h @@ -470,9 +472,7 @@ worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h -worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h ioutil.h common.h -worker.c.o: yaml.h worker.h filters.h filters_inc.inc.h filters_worker.inc.h -worker.c.o: filters_common.inc.h worker_slow.inc.h worker_fast.inc.h -worker.c.o: worker_fast_pass.inc.h worker_batch.inc.h worker_batch_pass.inc.h -worker.c.o: ed25519/ed25519_impl_post.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h worker_slow.inc.h +worker.c.o: worker_fast.inc.h worker_fast_pass.inc.h worker_batch.inc.h +worker.c.o: worker_batch_pass.inc.h ed25519/ed25519_impl_post.h yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h From 4e20f086e3d0f8aa881afaa891eb8759b87fb174 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 31 May 2022 01:41:03 +0300 Subject: [PATCH 081/107] fix amd64 asm stuff calling on windows --- ed25519/amd64-51-30k/compat.h | 10 ++++++++++ ed25519/amd64-51-30k/fe25519.h | 9 +++++---- ed25519/amd64-51-30k/ge25519.h | 21 ++++++++++----------- ed25519/amd64-51-30k/index_heap.h | 9 +++++---- ed25519/amd64-51-30k/sc25519.h | 18 ++++++++++-------- ed25519/amd64-51-30k/sc25519_mul.c | 3 ++- ed25519/amd64-64-24k/compat.h | 10 ++++++++++ ed25519/amd64-64-24k/fe25519.h | 14 ++++++-------- ed25519/amd64-64-24k/ge25519.h | 17 +++++++++-------- ed25519/amd64-64-24k/index_heap.h | 9 +++++---- ed25519/amd64-64-24k/sc25519.h | 18 ++++++++++-------- ed25519/amd64-64-24k/sc25519_mul.c | 3 ++- 12 files changed, 84 insertions(+), 57 deletions(-) create mode 100644 ed25519/amd64-51-30k/compat.h create mode 100644 ed25519/amd64-64-24k/compat.h diff --git a/ed25519/amd64-51-30k/compat.h b/ed25519/amd64-51-30k/compat.h new file mode 100644 index 0000000..6f721a7 --- /dev/null +++ b/ed25519/amd64-51-30k/compat.h @@ -0,0 +1,10 @@ +#ifndef COMPAT_H +#define COMPAT_H + +#if defined(_WIN32) && defined(__GNUC__) +#define SYSVABI __attribute__((sysv_abi)) +#else +#define SYSVABI +#endif + +#endif diff --git a/ed25519/amd64-51-30k/fe25519.h b/ed25519/amd64-51-30k/fe25519.h index 32dd823..f037e72 100644 --- a/ed25519/amd64-51-30k/fe25519.h +++ b/ed25519/amd64-51-30k/fe25519.h @@ -2,6 +2,7 @@ #define FE25519_H #include +#include "compat.h" #define fe25519 CRYPTO_NAMESPACE(batch_fe25519) #define fe25519_freeze CRYPTO_NAMESPACE(batch_fe25519_freeze) @@ -29,7 +30,7 @@ typedef struct } fe25519; -void fe25519_freeze(fe25519 *r); +void fe25519_freeze(fe25519 *r) SYSVABI; void fe25519_unpack(fe25519 *r, const unsigned char x[32]); @@ -53,13 +54,13 @@ void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; void fe25519_mul121666(fe25519 *r, const fe25519 *x); -void fe25519_square(fe25519 *r, const fe25519 *x); +void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI; -void fe25519_nsquare(fe25519 *r, unsigned long long n); +void fe25519_nsquare(fe25519 *r, unsigned long long n) SYSVABI; void fe25519_invert(fe25519 *r, const fe25519 *x); diff --git a/ed25519/amd64-51-30k/ge25519.h b/ed25519/amd64-51-30k/ge25519.h index f18c338..655a7e4 100644 --- a/ed25519/amd64-51-30k/ge25519.h +++ b/ed25519/amd64-51-30k/ge25519.h @@ -11,6 +11,7 @@ #include "fe25519.h" #include "sc25519.h" +#include "compat.h" #define ge25519 CRYPTO_NAMESPACE(batch_ge25519) #define ge25519_base CRYPTO_NAMESPACE(batch_ge25519_base) @@ -28,7 +29,6 @@ #define ge25519_add_p1p1 CRYPTO_NAMESPACE(batch_ge25519_add_p1p1) #define ge25519_dbl_p1p1 CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1) #define choose_t CRYPTO_NAMESPACE(batch_choose_t) -#define choose_t_smultq CRYPTO_NAMESPACE(batch_choose_t_smultq) #define ge25519_nielsadd2 CRYPTO_NAMESPACE(batch_ge25519_nielsadd2) #define ge25519_nielsadd_p1p1 CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1) #define ge25519_pnielsadd_p1p1 CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1) @@ -75,16 +75,15 @@ typedef struct typedef unsigned char bytes32[32]; -extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p); -extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p); -extern void ge25519_p1p1_to_pniels(ge25519_pniels *r, const ge25519_p1p1 *p); -extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q); -extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p); -extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples); -extern void choose_t_smultq(ge25519_pniels *t, signed long long b, const ge25519_pniels *pre); -extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q); -extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q); -extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q); +extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) SYSVABI; +extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) SYSVABI; +extern void ge25519_p1p1_to_pniels(ge25519_pniels *r, const ge25519_p1p1 *p) SYSVABI; +extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) SYSVABI; +extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) SYSVABI; +extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples) SYSVABI; +extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q) SYSVABI; +extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q) SYSVABI; +extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q) SYSVABI; extern const ge25519 ge25519_base; diff --git a/ed25519/amd64-51-30k/index_heap.h b/ed25519/amd64-51-30k/index_heap.h index 24c5baf..f85af6b 100644 --- a/ed25519/amd64-51-30k/index_heap.h +++ b/ed25519/amd64-51-30k/index_heap.h @@ -2,6 +2,7 @@ #define INDEX_HEAP_H #include "sc25519.h" +#include "compat.h" #define heap_init CRYPTO_NAMESPACE(batch_heap_init) #define heap_extend CRYPTO_NAMESPACE(batch_heap_extend) @@ -23,9 +24,9 @@ void heap_push(unsigned long long *h, unsigned long long *hlen, unsigned long lo void heap_get2max(unsigned long long *h, unsigned long long *max1, unsigned long long *max2, sc25519 *scalars); -void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars); -void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars); -void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars); -void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars); +void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI; +void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI; +void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI; +void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI; #endif diff --git a/ed25519/amd64-51-30k/sc25519.h b/ed25519/amd64-51-30k/sc25519.h index 600b240..bf524e5 100644 --- a/ed25519/amd64-51-30k/sc25519.h +++ b/ed25519/amd64-51-30k/sc25519.h @@ -1,6 +1,8 @@ #ifndef SC25519_H #define SC25519_H +#include "compat.h" + #define sc25519 CRYPTO_NAMESPACE(batch_sc25519) #define shortsc25519 CRYPTO_NAMESPACE(batch_shortsc25519) #define sc25519_from32bytes CRYPTO_NAMESPACE(batch_sc25519_from32bytes) @@ -21,15 +23,15 @@ #define sc25519_2interleave2 CRYPTO_NAMESPACE(batch_sc25519_2interleave2) #define sc25519_barrett CRYPTO_NAMESPACE(batch_sc25519_barrett) -typedef struct +typedef struct { - unsigned long long v[4]; + unsigned long long v[4]; } sc25519; -typedef struct +typedef struct { - unsigned long long v[2]; + unsigned long long v[2]; } shortsc25519; @@ -43,11 +45,11 @@ void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); int sc25519_iszero_vartime(const sc25519 *x); -int sc25519_lt(const sc25519 *x, const sc25519 *y); +int sc25519_lt(const sc25519 *x, const sc25519 *y) SYSVABI; -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI; -void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI; void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); @@ -64,6 +66,6 @@ void sc25519_slide(signed char r[256], const sc25519 *s, int swindowsize); void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); -void sc25519_barrett(sc25519 *r, unsigned long long x[8]); +void sc25519_barrett(sc25519 *r, unsigned long long x[8]) SYSVABI; #endif diff --git a/ed25519/amd64-51-30k/sc25519_mul.c b/ed25519/amd64-51-30k/sc25519_mul.c index 94f74bf..f5ba04e 100644 --- a/ed25519/amd64-51-30k/sc25519_mul.c +++ b/ed25519/amd64-51-30k/sc25519_mul.c @@ -1,8 +1,9 @@ #include "sc25519.h" +#include "compat.h" #define ull4_mul CRYPTO_NAMESPACE(batch_ull4_mul) -extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]); +extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]) SYSVABI; void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) { diff --git a/ed25519/amd64-64-24k/compat.h b/ed25519/amd64-64-24k/compat.h new file mode 100644 index 0000000..6f721a7 --- /dev/null +++ b/ed25519/amd64-64-24k/compat.h @@ -0,0 +1,10 @@ +#ifndef COMPAT_H +#define COMPAT_H + +#if defined(_WIN32) && defined(__GNUC__) +#define SYSVABI __attribute__((sysv_abi)) +#else +#define SYSVABI +#endif + +#endif diff --git a/ed25519/amd64-64-24k/fe25519.h b/ed25519/amd64-64-24k/fe25519.h index afade2d..8e68d98 100644 --- a/ed25519/amd64-64-24k/fe25519.h +++ b/ed25519/amd64-64-24k/fe25519.h @@ -2,6 +2,7 @@ #define FE25519_H #include +#include "compat.h" #define fe25519 CRYPTO_NAMESPACE(fe25519) #define fe25519_freeze CRYPTO_NAMESPACE(fe25519_freeze) @@ -16,7 +17,6 @@ #define fe25519_add CRYPTO_NAMESPACE(fe25519_add) #define fe25519_sub CRYPTO_NAMESPACE(fe25519_sub) #define fe25519_mul CRYPTO_NAMESPACE(fe25519_mul) -#define fe25519_mul121666 CRYPTO_NAMESPACE(fe25519_mul121666) #define fe25519_square CRYPTO_NAMESPACE(fe25519_square) #define fe25519_invert CRYPTO_NAMESPACE(fe25519_invert) #define fe25519_batchinvert CRYPTO_NAMESPACE(fe25519_batchinvert) @@ -28,7 +28,7 @@ typedef struct } fe25519; -void fe25519_freeze(fe25519 *r); +void fe25519_freeze(fe25519 *r) SYSVABI; void fe25519_unpack(fe25519 *r, const unsigned char x[32]); @@ -48,15 +48,13 @@ int fe25519_iszero_vartime(const fe25519 *x); int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_mul121666(fe25519 *r, const fe25519 *x); - -void fe25519_square(fe25519 *r, const fe25519 *x); +void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI; void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e); diff --git a/ed25519/amd64-64-24k/ge25519.h b/ed25519/amd64-64-24k/ge25519.h index ab0c6ed..42673b4 100644 --- a/ed25519/amd64-64-24k/ge25519.h +++ b/ed25519/amd64-64-24k/ge25519.h @@ -3,6 +3,7 @@ #include "fe25519.h" #include "sc25519.h" +#include "compat.h" #define ge25519 CRYPTO_NAMESPACE(ge25519) #define ge25519_base CRYPTO_NAMESPACE(ge25519_base) @@ -66,14 +67,14 @@ typedef struct typedef unsigned char bytes32[32]; -extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p); -extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p); -extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q); -extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p); -extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples); -extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q); -extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q); -extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q); +extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) SYSVABI; +extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) SYSVABI; +extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) SYSVABI; +extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) SYSVABI; +extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples) SYSVABI; +extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q) SYSVABI; +extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q) SYSVABI; +extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q) SYSVABI; extern const ge25519 ge25519_base; diff --git a/ed25519/amd64-64-24k/index_heap.h b/ed25519/amd64-64-24k/index_heap.h index 6a658ee..54ad1a3 100644 --- a/ed25519/amd64-64-24k/index_heap.h +++ b/ed25519/amd64-64-24k/index_heap.h @@ -2,6 +2,7 @@ #define INDEX_HEAP_H #include "sc25519.h" +#include "compat.h" #define heap_init CRYPTO_NAMESPACE(heap_init) #define heap_extend CRYPTO_NAMESPACE(heap_extend) @@ -23,9 +24,9 @@ void heap_push(unsigned long long *h, unsigned long long *hlen, unsigned long lo void heap_get2max(unsigned long long *h, unsigned long long *max1, unsigned long long *max2, sc25519 *scalars); -void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars); -void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars); -void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars); -void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars); +void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI; +void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI; +void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI; +void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI; #endif diff --git a/ed25519/amd64-64-24k/sc25519.h b/ed25519/amd64-64-24k/sc25519.h index 25d0a11..315cc53 100644 --- a/ed25519/amd64-64-24k/sc25519.h +++ b/ed25519/amd64-64-24k/sc25519.h @@ -1,6 +1,8 @@ #ifndef SC25519_H #define SC25519_H +#include "compat.h" + #define sc25519 CRYPTO_NAMESPACE(sc25519) #define shortsc25519 CRYPTO_NAMESPACE(shortsc25519) #define sc25519_from32bytes CRYPTO_NAMESPACE(sc25519_from32bytes) @@ -20,15 +22,15 @@ #define sc25519_2interleave2 CRYPTO_NAMESPACE(sc25519_2interleave2) #define sc25519_barrett CRYPTO_NAMESPACE(sc25519_barrett) -typedef struct +typedef struct { - unsigned long long v[4]; + unsigned long long v[4]; } sc25519; -typedef struct +typedef struct { - unsigned long long v[2]; + unsigned long long v[2]; } shortsc25519; @@ -42,11 +44,11 @@ void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); int sc25519_iszero_vartime(const sc25519 *x); -int sc25519_lt(const sc25519 *x, const sc25519 *y); +int sc25519_lt(const sc25519 *x, const sc25519 *y) SYSVABI; -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI; -void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI; void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); @@ -61,6 +63,6 @@ void sc25519_slide(signed char r[256], const sc25519 *s, int swindowsize); void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); -void sc25519_barrett(sc25519 *r, unsigned long long x[8]); +void sc25519_barrett(sc25519 *r, unsigned long long x[8]) SYSVABI; #endif diff --git a/ed25519/amd64-64-24k/sc25519_mul.c b/ed25519/amd64-64-24k/sc25519_mul.c index 1ba4a55..29f1fb8 100644 --- a/ed25519/amd64-64-24k/sc25519_mul.c +++ b/ed25519/amd64-64-24k/sc25519_mul.c @@ -1,8 +1,9 @@ #include "sc25519.h" +#include "compat.h" #define ull4_mul CRYPTO_NAMESPACE(ull4_mul) -extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]); +extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]) SYSVABI; void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) { From 5ac2c8fa60f6fb73788e402b32415f95c6889a94 Mon Sep 17 00:00:00 2001 From: cathugger Date: Tue, 31 May 2022 02:11:40 +0300 Subject: [PATCH 082/107] some cleanups & make depend --- GNUmakefile.in | 74 +++++++++++++++++++++++++++++++++- configure.ac | 37 +++++++++++------ ed25519/amd64-64-24k/ed25519.h | 16 ++++---- ed25519/amd64-64-24k/sc25519.h | 2 +- 4 files changed, 105 insertions(+), 24 deletions(-) diff --git a/GNUmakefile.in b/GNUmakefile.in index 910b1ae..ec4725b 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -156,53 +156,76 @@ base64_from.c.o: types.h base64.h base64_to.c.o: types.h base64.h cpucount.c.o: cpucount.h ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519_base_niels_smalltables.data ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/hram.h ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h @@ -210,6 +233,7 @@ ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ed25519.h @@ -217,68 +241,100 @@ ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519_base_niels.data ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/hram.h ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h @@ -286,6 +342,7 @@ ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ed25519.h @@ -293,21 +350,32 @@ ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/ref10/fe_0.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h ed25519/ref10/fe_1.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h @@ -423,6 +491,7 @@ test_ed25519.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h test_ed25519.c.o: ed25519/amd64-51-30k/crypto_sign.h test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h +test_ed25519.c.o: ed25519/amd64-51-30k/compat.h test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h test_ed25519.c.o: ed25519/amd64-64-24k/crypto_sign.h test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h @@ -453,8 +522,9 @@ worker.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/ref10/ge.h worker.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h worker.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/ge25519.h -worker.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/sc25519.h -worker.c.o: ed25519/amd64-64-24k/crypto_sign.h ed25519/amd64-64-24k/ge25519.h +worker.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/compat.h +worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/crypto_sign.h +worker.c.o: ed25519/amd64-64-24k/ge25519.h worker.c.o: ed25519/ed25519-donna/ed25519-donna.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h diff --git a/configure.ac b/configure.ac index c2c89ef..a2053c8 100644 --- a/configure.ac +++ b/configure.ac @@ -43,7 +43,7 @@ fi # NOTE: this script intentionally doesn't check for small details like posix functions and hard dependencies (libsodium) so you may get errors at compilation -if test "x$oldcflags" != "x$CFLAGS" +if test x"$oldcflags" != x"$CFLAGS" then oldcflags="-O3" CFLAGS="-march=native" @@ -83,7 +83,7 @@ AC_ARG_ENABLE([ref10], [AS_HELP_STRING([--enable-ref10], [use SUPERCOP ref10 ed25519 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "ref10"], + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "ref10"], [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="ref10" ], @@ -94,7 +94,7 @@ AC_ARG_ENABLE([amd64-51-30k], [AS_HELP_STRING([--enable-amd64-51-30k], [use SUPERCOP amd64-51-30k ed25519 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_51_30k"], + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_51_30k"], [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="amd64_51_30k" ], @@ -105,7 +105,7 @@ AC_ARG_ENABLE([amd64-64-24k], [AS_HELP_STRING([--enable-amd64-64-24k], [use SUPERCOP amd64-64-24k ed25519 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_64_24k"], + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_64_24k"], [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="amd64_64_24k" ], @@ -116,7 +116,7 @@ AC_ARG_ENABLE([donna], [AS_HELP_STRING([--enable-donna], [use ed25519-donna implementation @<:@default=yes@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna"], + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna"], [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="donna" ], @@ -127,7 +127,7 @@ AC_ARG_ENABLE([donna-sse2], [AS_HELP_STRING([--enable-donna-sse2], [use ed25519-donna SSE2 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna-sse2"], + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna-sse2"], [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="donna-sse2" ], @@ -135,7 +135,7 @@ AC_ARG_ENABLE([donna-sse2], ) # default -AS_IF([test "x$ed25519impl" = "x"],[ed25519impl="donna"]) +AS_IF([test x"$ed25519impl" = x""],[ed25519impl="donna"]) if test "$ed25519impl" = "donna-sse2" then @@ -232,7 +232,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], [AC_MSG_RESULT([no])] ) -if test "x$c99" = "xyes" -a "x$ed25519impl" != "xdonna" -a "x$enable_intfilter" != "x128" +if test x"$c99" = x"yes" -a x"$ed25519impl" != x"donna" -a x"$enable_intfilter" != x"128" then CFLAGS="$cstd -pedantic" AC_MSG_CHECKING([whether CC supports -pedantic]) @@ -253,7 +253,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#ifndef _WIN32 [AC_MSG_RESULT([no])] ) -if test "x$ed25519impl" = "xdonna" +if test x"$ed25519impl" = x"donna" then CFLAGS="$cstd -Wno-unused-function -Werror" AC_MSG_CHECKING([whether CC supports -Wno-unused-function]) @@ -264,6 +264,17 @@ then ) fi +if test x"$ed25519impl" = x"amd64_64_24k" +then + CFLAGS="$cstd -Wno-unused-const-variable -Werror" + AC_MSG_CHECKING([whether CC supports -Wno-unused-const-variable]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wno-unused-const-variable"], + [AC_MSG_RESULT([no])] + ) +fi + CFLAGS="$cstd -Wmissing-prototypes -Werror" AC_MSG_CHECKING([whether CC supports -Wmissing-prototypes]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], @@ -288,7 +299,7 @@ AC_ARG_ENABLE([binfilterlen], [set binary string filter length (if you don't use intfilter) @<:@default=32@:>@])], [], [enable_binfilterlen=no] ) -if test "x$enable_binfilterlen" != "xyes" -a "x$enable_binfilterlen" != "xno" +if test x"$enable_binfilterlen" != x"yes" -a x"$enable_binfilterlen" != x"no" then MYDEFS="$MYDEFS -DBINFILTERLEN=$enable_binfilterlen" fi @@ -298,7 +309,7 @@ AC_ARG_ENABLE([binsearch], [enable binary search algoritm; MUCH faster if there are a lot of filters @<:@default=no@:>@])], [], [enable_binsearch=no] ) -if test "x$enable_binsearch" = "xyes" +if test x"$enable_binsearch" = x"yes" then MYDEFS="$MYDEFS -DBINSEARCH" fi @@ -308,7 +319,7 @@ AC_ARG_ENABLE([besort], [force intfilter binsearch case to use big endian sorting and not omit masks from filters; useful if your filters aren't of same length @<:@default=no@:>@])], [], [enable_besort=no] ) -if test "x$enable_besort" = "xyes" +if test x"$enable_besort" = x"yes" then MYDEFS="$MYDEFS -DBESORT" fi @@ -318,7 +329,7 @@ AC_ARG_ENABLE([statistics], [collect statistics @<:@default=yes@:>@])], [], [enable_statistics=yes] ) -if test "x$enable_statistics" = "xyes" +if test x"$enable_statistics" = x"yes" then MYDEFS="$MYDEFS -DSTATISTICS" fi diff --git a/ed25519/amd64-64-24k/ed25519.h b/ed25519/amd64-64-24k/ed25519.h index 8916c9b..50c610d 100644 --- a/ed25519/amd64-64-24k/ed25519.h +++ b/ed25519/amd64-64-24k/ed25519.h @@ -1,20 +1,20 @@ -int ed25519_amd64_64_seckey(unsigned char *sk); -int ed25519_amd64_64_seckey_expand(unsigned char *sk,const unsigned char *seed); -int ed25519_amd64_64_pubkey(unsigned char *pk,const unsigned char *sk); -int ed25519_amd64_64_keygen(unsigned char *pk,unsigned char *sk); -int ed25519_amd64_64_sign( +int crypto_sign_seckey(unsigned char *sk); +int crypto_sign_seckey_expand(unsigned char *sk,const unsigned char *seed); +int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk); +int crypto_sign_keypair(unsigned char *pk,unsigned char *sk); +int crypto_sign( unsigned char *sm,unsigned long long *smlen, const unsigned char *m,unsigned long long mlen, const unsigned char *sk ); -int ed25519_amd64_64_open( +int crypto_sign_open( unsigned char *m,unsigned long long *mlen, const unsigned char *sm,unsigned long long smlen, const unsigned char *pk ); -int ed25519_amd64_64_open_batch( +int crypto_sign_open_batch( unsigned char* const m[],unsigned long long mlen[], unsigned char* const sm[],const unsigned long long smlen[], - unsigned char* const pk[], + unsigned char* const pk[], unsigned long long num ); diff --git a/ed25519/amd64-64-24k/sc25519.h b/ed25519/amd64-64-24k/sc25519.h index 315cc53..020984f 100644 --- a/ed25519/amd64-64-24k/sc25519.h +++ b/ed25519/amd64-64-24k/sc25519.h @@ -57,7 +57,7 @@ void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y); /* Convert s into a representation of the form \sum_{i=0}^{63}r[i]2^(4*i) * with r[i] in {-8,...,7} */ -void sc25519_window4(signed char r[85], const sc25519 *s); +void sc25519_window4(signed char r[64], const sc25519 *s); void sc25519_slide(signed char r[256], const sc25519 *s, int swindowsize); From bd1b6d927e22505aa467d850814ff3be7fd1312b Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 1 Jun 2022 18:41:40 +0000 Subject: [PATCH 083/107] cleanup some remaining dead refs --- ed25519/amd64-51-30k/fe25519.h | 3 --- ed25519/ed25519_impl_post.h | 1 - ed25519/ref10/fe.h | 2 -- 3 files changed, 6 deletions(-) diff --git a/ed25519/amd64-51-30k/fe25519.h b/ed25519/amd64-51-30k/fe25519.h index f037e72..64f9c99 100644 --- a/ed25519/amd64-51-30k/fe25519.h +++ b/ed25519/amd64-51-30k/fe25519.h @@ -17,7 +17,6 @@ #define fe25519_add CRYPTO_NAMESPACE(batch_fe25519_add) #define fe25519_sub CRYPTO_NAMESPACE(batch_fe25519_sub) #define fe25519_mul CRYPTO_NAMESPACE(batch_fe25519_mul) -#define fe25519_mul121666 CRYPTO_NAMESPACE(batch_fe25519_mul121666) #define fe25519_square CRYPTO_NAMESPACE(batch_fe25519_square) #define fe25519_nsquare CRYPTO_NAMESPACE(batch_fe25519_nsquare) #define fe25519_invert CRYPTO_NAMESPACE(batch_fe25519_invert) @@ -56,8 +55,6 @@ void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_mul121666(fe25519 *r, const fe25519 *x); - void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI; void fe25519_nsquare(fe25519 *r, unsigned long long n) SYSVABI; diff --git a/ed25519/ed25519_impl_post.h b/ed25519/ed25519_impl_post.h index 0f5a3e8..470ad77 100644 --- a/ed25519/ed25519_impl_post.h +++ b/ed25519/ed25519_impl_post.h @@ -54,7 +54,6 @@ #undef ge25519_add_p1p1 #undef ge25519_dbl_p1p1 #undef choose_t -#undef choose_t_smultq #undef ge25519_nielsadd2 #undef ge25519_nielsadd_p1p1 #undef ge25519_pnielsadd_p1p1 diff --git a/ed25519/ref10/fe.h b/ed25519/ref10/fe.h index f4ec2bf..4613170 100644 --- a/ed25519/ref10/fe.h +++ b/ed25519/ref10/fe.h @@ -29,7 +29,6 @@ Bounds on each t[i] vary depending on context. #define fe_mul CRYPTO_NAMESPACE(fe_mul) #define fe_sq CRYPTO_NAMESPACE(fe_sq) #define fe_sq2 CRYPTO_NAMESPACE(fe_sq2) -#define fe_mul121666 CRYPTO_NAMESPACE(fe_mul121666) #define fe_invert CRYPTO_NAMESPACE(fe_invert) #define fe_batchinvert CRYPTO_NAMESPACE(fe_batchinvert) #define fe_pow22523 CRYPTO_NAMESPACE(fe_pow22523) @@ -51,7 +50,6 @@ extern void fe_neg(fe,const fe); extern void fe_mul(fe,const fe,const fe); extern void fe_sq(fe,const fe); extern void fe_sq2(fe,const fe); -extern void fe_mul121666(fe,const fe); extern void fe_invert(fe,const fe); extern void fe_batchinvert(fe *out,fe *in,fe *tmp,size_t num,size_t shift); extern void fe_pow22523(fe,const fe); From f667a8a25661f926efae69f3e4a2920fe3aae98d Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 24 Jun 2022 18:08:51 +0000 Subject: [PATCH 084/107] fix syncwritefile on windows --- contrib/release-scripts/release.sh | 1 + ioutil.c | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/contrib/release-scripts/release.sh b/contrib/release-scripts/release.sh index 8352f6f..4ceff53 100755 --- a/contrib/release-scripts/release.sh +++ b/contrib/release-scripts/release.sh @@ -22,6 +22,7 @@ mkdir -p out SV=mkp224o-$V SO=$(realpath ./out/$SV) git clone ../../ "$SO" +git -C ../../ diff | git -C "$SO" apply cd "$SO" rm -rf .git ./autogen.sh diff --git a/ioutil.c b/ioutil.c index 6ec260a..5d1edca 100644 --- a/ioutil.c +++ b/ioutil.c @@ -221,22 +221,29 @@ int createdir(const char *path,int secret) static int syncwritefile(const char *filename,const char *tmpname,int secret,const u8 *data,size_t datalen) { FH f = createfile(tmpname,secret); - if (f == FH_invalid) + if (f == FH_invalid) { + //fprintf(stderr,"!failed to create\n"); return -1; + } + if (writeall(f,data,datalen) < 0) { + //fprintf(stderr,"!failed to write\n"); goto failclose; } if (FlushFileBuffers(f) == 0) { + //fprintf(stderr,"!failed to flush\n"); goto failclose; } if (closefile(f) < 0) { + //fprintf(stderr,"!failed to close\n"); goto failrm; } - if (MoveFileA(tmpname,filename) == 0) { + if (MoveFileExA(tmpname,filename,MOVEFILE_REPLACE_EXISTING) == 0) { + //fprintf(stderr,"!failed to move\n"); goto failrm; } From a6e53b09979b61634063f3ba82982fa8f29d458c Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 30 Jun 2022 22:19:56 +0000 Subject: [PATCH 085/107] fixup release script --- contrib/release-scripts/release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/release-scripts/release.sh b/contrib/release-scripts/release.sh index 4ceff53..55fb703 100755 --- a/contrib/release-scripts/release.sh +++ b/contrib/release-scripts/release.sh @@ -22,7 +22,7 @@ mkdir -p out SV=mkp224o-$V SO=$(realpath ./out/$SV) git clone ../../ "$SO" -git -C ../../ diff | git -C "$SO" apply +git -C ../../ diff | git -C "$SO" apply --allow-empty cd "$SO" rm -rf .git ./autogen.sh From d202229a437d98b874f0ecc4affcf58f65596802 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 19 Sep 2022 06:15:42 +0000 Subject: [PATCH 086/107] add libc6-dev to debian deps thanks @EsmailELBoBDev2 for report --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c3dbad0..7ba4f09 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ formely known as proposal 224) onion addresses. For debian-like linux distros, this should be enough to prepare for building: ```bash -apt install gcc libsodium-dev make autoconf +apt install gcc libc6-dev libsodium-dev make autoconf ``` ### Building From 309b86fd5937fda3c74dfccde884b5b49746ef51 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 19 Dec 2022 18:30:24 +0200 Subject: [PATCH 087/107] more helpful error messages --- main.c | 2 +- worker.c | 2 +- yaml.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/main.c b/main.c index 1943817..5a1fbde 100644 --- a/main.c +++ b/main.c @@ -214,7 +214,7 @@ static void savecheckpoint(void) if (syncwrite(checkpointfile,1,checkpoint,SEED_LEN) < 0) { pthread_mutex_lock(&fout_mutex); - fprintf(stderr,"ERROR: could not save checkpoint\n"); + fprintf(stderr,"ERROR: could not save checkpoint to \"%s\"\n",checkpointfile); pthread_mutex_unlock(&fout_mutex); } } diff --git a/worker.c b/worker.c index b9a6476..78376ce 100644 --- a/worker.c +++ b/worker.c @@ -102,7 +102,7 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) if (!yamloutput) { if (createdir(sname,1) != 0) { pthread_mutex_lock(&fout_mutex); - fprintf(stderr,"ERROR: could not create directory for key output\n"); + fprintf(stderr,"ERROR: could not create directory \"%s\" for key output\n",sname); pthread_mutex_unlock(&fout_mutex); return; } diff --git a/yaml.c b/yaml.c index c8778a6..56bd10e 100644 --- a/yaml.c +++ b/yaml.c @@ -274,7 +274,7 @@ int yamlin_parseandcreate( sigprocmask(SIG_BLOCK,&nset,&oset); #endif if (createdir(sname,1) != 0) { - fprintf(stderr,"ERROR: could not create directory for key output\n"); + fprintf(stderr,"ERROR: could not create directory \"%s\" for key output\n",sname); return 1; } From 68928c49849170e06f3c1f6c01ef0a12cd2385c2 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sat, 14 Jan 2023 14:37:41 +0000 Subject: [PATCH 088/107] fix assembler compilation on MacOS --- ed25519/amd64-51-30k/consts.S | 4 ++++ ed25519/amd64-64-24k/consts.S | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/ed25519/amd64-51-30k/consts.S b/ed25519/amd64-51-30k/consts.S index b2ca1ab..5713447 100644 --- a/ed25519/amd64-51-30k/consts.S +++ b/ed25519/amd64-51-30k/consts.S @@ -1,4 +1,8 @@ +#ifndef __APPLE__ .section .rodata +#else +.const +#endif .globl CRYPTO_NAMESPACE(batch_REDMASK51) .globl CRYPTO_NAMESPACE(batch_121666_213) diff --git a/ed25519/amd64-64-24k/consts.S b/ed25519/amd64-64-24k/consts.S index ca9896f..db6bad5 100644 --- a/ed25519/amd64-64-24k/consts.S +++ b/ed25519/amd64-64-24k/consts.S @@ -1,4 +1,8 @@ +#ifndef __APPLE__ .section .rodata +#else +.const +#endif .globl CRYPTO_NAMESPACE(121666) .globl CRYPTO_NAMESPACE(MU0) From d612b74842af053c1970ee44c547e0c7332e2a53 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 26 Mar 2023 23:43:49 +0000 Subject: [PATCH 089/107] improve readme a bit --- README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 7ba4f09..0d3430d 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ This tool generates vanity ed25519 ([hidden service version 3][v3], formely known as proposal 224) onion addresses. -### Requirements +### Requirements for building * C99 compatible compiler (gcc and clang should work) * libsodium (including headers) @@ -20,23 +20,26 @@ apt install gcc libc6-dev libsodium-dev make autoconf ### Building -`./autogen.sh` to generate configure script, if it's not there already. +Run `./autogen.sh` to generate a configure script, if there isn't one already. -`./configure` to generate makefile; in \*BSD platforms you probably want to use +Run `./configure` to generate a makefile. +On \*BSD platforms you may need to specify extra include/library paths: `./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`. On AMD64 platforms, you probably also want to pass something like -`--enable-amd64-51-30k` to configure script for faster key generation; +`--enable-amd64-51-30k` to the configure script invocation for faster key generation; run `./configure --help` to see all available options. Finally, `make` to start building (`gmake` in \*BSD platforms). ### Usage -Generator needs one or more filters to work. +mkp224o needs one or more filters to work. +You may specify them as command line arguments, +eg `./mkp224o test`, or load them from file with `-f` switch. -It makes directory with secret/public keys and hostname -for each discovered service. By default root is current +It makes directories with secret/public keys and hostnames +for each discovered service. By default, the working directory is the current directory, but that can be overridden with `-d` switch. Use `-s` switch to enable printing of statistics, which may be useful From 2b417046b682ef6adcee25158d99619d9cfd16d1 Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 9 Jun 2023 17:16:46 +0300 Subject: [PATCH 090/107] remove slow/fast workers --- GNUmakefile.in | 6 +-- main.c | 24 +++------ worker.h | 3 -- worker_fast.inc.h | 107 ------------------------------------- worker_fast_pass.inc.h | 116 ----------------------------------------- worker_impl.inc.h | 3 -- worker_slow.inc.h | 94 --------------------------------- 7 files changed, 10 insertions(+), 343 deletions(-) delete mode 100644 worker_fast.inc.h delete mode 100644 worker_fast_pass.inc.h delete mode 100644 worker_slow.inc.h diff --git a/GNUmakefile.in b/GNUmakefile.in index ec4725b..f80b506 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -542,7 +542,7 @@ worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h -worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h worker_slow.inc.h -worker.c.o: worker_fast.inc.h worker_fast_pass.inc.h worker_batch.inc.h -worker.c.o: worker_batch_pass.inc.h ed25519/ed25519_impl_post.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h +worker.c.o: worker_batch.inc.h worker_batch_pass.inc.h +worker.c.o: ed25519/ed25519_impl_post.h yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h diff --git a/main.c b/main.c index 5a1fbde..c5d2844 100644 --- a/main.c +++ b/main.c @@ -110,10 +110,9 @@ static void printhelp(FILE *out,const char *progname) " -j NUMTHREADS same as -t\n" " -n NUMKEYS specify number of keys (default - 0 - unlimited)\n" " -N NUMWORDS specify number of words per key (default - 1)\n" - " -Z use \"slower\" key generation method (initial default)\n" - " -z use \"faster\" key generation method (later default)\n" - " -B use batching key generation method\n" - " (>10x faster than -z, current default)\n" + " -Z deprecated, does nothing\n" + " -z deprecated, does nothing\n" + " -B use batching key generation method (current default)\n" " -s print statistics each 10 seconds\n" " -S SECONDS print statistics every specified amount of seconds\n" " -T do not reset statistics counters when printing\n" @@ -257,8 +256,6 @@ VEC_STRUCT(threadvec,pthread_t); #include "filters_main.inc.h" enum worker_type { - WT_SLOW, - WT_FAST, WT_BATCH, }; @@ -417,9 +414,9 @@ int main(int argc,char **argv) e_additional(); } else if (*arg == 'Z') - wt = WT_SLOW; + /* ignored */ ; else if (*arg == 'z') - wt = WT_FAST; + /* ignored */ ; else if (*arg == 'B') wt = WT_BATCH; else if (*arg == 's') { @@ -665,17 +662,10 @@ int main(int argc,char **argv) tattrp, #ifdef PASSPHRASE deterministic - ? (wt == WT_BATCH - ? CRYPTO_NAMESPACE(worker_batch_pass) - : CRYPTO_NAMESPACE(worker_fast_pass)) + ? CRYPTO_NAMESPACE(worker_batch_pass) : #endif - wt == WT_BATCH - ? CRYPTO_NAMESPACE(worker_batch) - : - wt == WT_FAST - ? CRYPTO_NAMESPACE(worker_fast) - : CRYPTO_NAMESPACE(worker_slow), + CRYPTO_NAMESPACE(worker_batch), tp ); if (tret) { diff --git a/worker.h b/worker.h index 36912a0..2c30831 100644 --- a/worker.h +++ b/worker.h @@ -40,10 +40,7 @@ extern void worker_init(void); extern char *makesname(void); extern size_t worker_batch_memuse(void); -extern void *CRYPTO_NAMESPACE(worker_slow)(void *task); -extern void *CRYPTO_NAMESPACE(worker_fast)(void *task); extern void *CRYPTO_NAMESPACE(worker_batch)(void *task); #ifdef PASSPHRASE -extern void *CRYPTO_NAMESPACE(worker_fast_pass)(void *task); extern void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task); #endif diff --git a/worker_fast.inc.h b/worker_fast.inc.h deleted file mode 100644 index b9ec7a0..0000000 --- a/worker_fast.inc.h +++ /dev/null @@ -1,107 +0,0 @@ - -void *CRYPTO_NAMESPACE(worker_fast)(void *task) -{ - union pubonionunion pubonion; - u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; - u8 secret[SKPREFIX_SIZE + SECRET_LEN]; - u8 * const sk = &secret[SKPREFIX_SIZE]; - u8 seed[SEED_LEN]; - u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; - u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ALIGN(16) ge_public; - char *sname; - - size_t counter; - size_t i; - -#ifdef STATISTICS - struct statstruct *st = (struct statstruct *)task; -#else - (void) task; -#endif - - PREFILTER - - memcpy(secret,skprefix,SKPREFIX_SIZE); - wpk[PUBLIC_LEN] = 0; - memset(&pubonion,0,sizeof(pubonion)); - memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); - // write version later as it will be overwritten by hash - memcpy(hashsrc,checksumstr,checksumstrlen); - hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version - - sname = makesname(); - -initseed: - -#ifdef STATISTICS - ++st->numrestart.v; -#endif - - randombytes(seed,sizeof(seed)); - - ed25519_seckey_expand(sk,seed); - - ge_scalarmult_base(&ge_public,sk); - ge_p3_tobytes(pk,&ge_public); - - for (counter = 0;counter < SIZE_MAX-8;counter += 8) { - ge_p1p1 ALIGN(16) sum; - - if (unlikely(endwork)) - goto end; - - DOFILTER(i,pk,{ - if (numwords > 1) { - shiftpk(wpk,pk,filter_len(i)); - size_t j; - for (int w = 1;;) { - DOFILTER(j,wpk,goto secondfind); - goto next; - secondfind: - if (++w >= numwords) - break; - shiftpk(wpk,wpk,filter_len(j)); - } - } - // found! - // update secret key with counter - addsztoscalar32(sk,counter); - // sanity check - if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) - goto initseed; - - ADDNUMSUCCESS; - - // calc checksum - memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); - FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); - // version byte - pk[PUBLIC_LEN + 2] = 0x03; - // full name - strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); - pk[PUBLIC_LEN] = 0; // what is this for? - // don't reuse same seed - goto initseed; - }); - next: - ge_add(&sum,&ge_public,&ge_eightpoint); - ge_p1p1_to_p3(&ge_public,&sum); - ge_p3_tobytes(pk,&ge_public); -#ifdef STATISTICS - ++st->numcalc.v; -#endif - } - goto initseed; - -end: - free(sname); - - POSTFILTER - - sodium_memzero(secret,sizeof(secret)); - sodium_memzero(seed,sizeof(seed)); - - return 0; -} diff --git a/worker_fast_pass.inc.h b/worker_fast_pass.inc.h deleted file mode 100644 index 793d600..0000000 --- a/worker_fast_pass.inc.h +++ /dev/null @@ -1,116 +0,0 @@ - -#ifdef PASSPHRASE -void *CRYPTO_NAMESPACE(worker_fast_pass)(void *task) -{ - union pubonionunion pubonion; - u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; - u8 secret[SKPREFIX_SIZE + SECRET_LEN]; - u8 * const sk = &secret[SKPREFIX_SIZE]; - u8 seed[SEED_LEN]; - u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; - u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ALIGN(16) ge_public; - char *sname; - - size_t counter,oldcounter; - size_t i; - -#ifdef STATISTICS - struct statstruct *st = (struct statstruct *)task; -#else - (void) task; -#endif - - PREFILTER - - memcpy(secret,skprefix,SKPREFIX_SIZE); - wpk[PUBLIC_LEN] = 0; - memset(&pubonion,0,sizeof(pubonion)); - memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); - // write version later as it will be overwritten by hash - memcpy(hashsrc,checksumstr,checksumstrlen); - hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version - - sname = makesname(); - -initseed: - -#ifdef STATISTICS - ++st->numrestart.v; -#endif - - pthread_mutex_lock(&determseed_mutex); - for (int i = 0; i < SEED_LEN; i++) - if (++determseed[i]) - break; - memcpy(seed, determseed, SEED_LEN); - pthread_mutex_unlock(&determseed_mutex); - - ed25519_seckey_expand(sk,seed); - - ge_scalarmult_base(&ge_public,sk); - ge_p3_tobytes(pk,&ge_public); - - for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT;counter += 8) { - ge_p1p1 ALIGN(16) sum; - - if (unlikely(endwork)) - goto end; - - DOFILTER(i,pk,{ - if (numwords > 1) { - shiftpk(wpk,pk,filter_len(i)); - size_t j; - for (int w = 1;;) { - DOFILTER(j,wpk,goto secondfind); - goto next; - secondfind: - if (++w >= numwords) - break; - shiftpk(wpk,wpk,filter_len(j)); - } - } - // found! - // update secret key with delta since last hit (if any) - addsztoscalar32(sk,counter-oldcounter); - oldcounter = counter; - // sanity check - if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) - goto initseed; - - // reseed right half of key to avoid reuse, it won't change public key anyway - reseedright(sk); - - ADDNUMSUCCESS; - - // calc checksum - memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); - FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); - // version byte - pk[PUBLIC_LEN + 2] = 0x03; - // full name - strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); - pk[PUBLIC_LEN] = 0; // what is this for? - }); - next: - ge_add(&sum, &ge_public,&ge_eightpoint); - ge_p1p1_to_p3(&ge_public,&sum); - ge_p3_tobytes(pk,&ge_public); -#ifdef STATISTICS - ++st->numcalc.v; -#endif - } - goto initseed; - -end: - free(sname); - - POSTFILTER - - sodium_memzero(secret,sizeof(secret)); - sodium_memzero(seed,sizeof(seed)); - - return 0; -} -#endif // PASSPHRASE diff --git a/worker_impl.inc.h b/worker_impl.inc.h index fbd7b0f..cf922b9 100644 --- a/worker_impl.inc.h +++ b/worker_impl.inc.h @@ -6,9 +6,6 @@ static size_t CRYPTO_NAMESPACE(worker_batch_memuse)(void) return (sizeof(ge_p3) + sizeof(fe) + sizeof(bytes32)) * BATCHNUM; } -#include "worker_slow.inc.h" -#include "worker_fast.inc.h" -#include "worker_fast_pass.inc.h" #include "worker_batch.inc.h" #include "worker_batch_pass.inc.h" diff --git a/worker_slow.inc.h b/worker_slow.inc.h deleted file mode 100644 index ab75ef2..0000000 --- a/worker_slow.inc.h +++ /dev/null @@ -1,94 +0,0 @@ - -void *CRYPTO_NAMESPACE(worker_slow)(void *task) -{ - union pubonionunion pubonion; - u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; - u8 secret[SKPREFIX_SIZE + SECRET_LEN]; - u8 * const sk = &secret[SKPREFIX_SIZE]; - u8 seed[SEED_LEN]; - u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; - u8 wpk[PUBLIC_LEN + 1]; - char *sname; - - size_t i; - -#ifdef STATISTICS - struct statstruct *st = (struct statstruct *)task; -#else - (void) task; -#endif - - PREFILTER - - memcpy(secret,skprefix,SKPREFIX_SIZE); - wpk[PUBLIC_LEN] = 0; - memset(&pubonion,0,sizeof(pubonion)); - memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); - // write version later as it will be overwritten by hash - memcpy(hashsrc,checksumstr,checksumstrlen); - hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version - - sname = makesname(); - -initseed: - randombytes(seed,sizeof(seed)); - ed25519_seckey_expand(sk,seed); - -#ifdef STATISTICS - ++st->numrestart.v; -#endif - -again: - if (unlikely(endwork)) - goto end; - - ed25519_pubkey(pk,sk); - -#ifdef STATISTICS - ++st->numcalc.v; -#endif - - DOFILTER(i,pk,{ - if (numwords > 1) { - shiftpk(wpk,pk,filter_len(i)); - size_t j; - for (int w = 1;;) { - DOFILTER(j,wpk,goto secondfind); - goto next; - secondfind: - if (++w >= numwords) - break; - shiftpk(wpk,wpk,filter_len(j)); - } - } - // sanity check - if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) - goto initseed; - - ADDNUMSUCCESS; - - // calc checksum - memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); - FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); - // version byte - pk[PUBLIC_LEN + 2] = 0x03; - // base32 - strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); - pk[PUBLIC_LEN] = 0; // what is this for? - goto initseed; - }); -next: - addsk32(sk); - goto again; - -end: - free(sname); - - POSTFILTER - - sodium_memzero(secret,sizeof(secret)); - sodium_memzero(seed,sizeof(seed)); - - return 0; -} From e9f6027a7cd36a1bb1e36ae016123c0f348c1ad2 Mon Sep 17 00:00:00 2001 From: dunsany <118174187+dunsany@users.noreply.github.com> Date: Wed, 26 Jul 2023 10:27:45 +0200 Subject: [PATCH 091/107] Fix digit typos in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0d3430d..9dc4d5f 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ performance-related tips. Then edit `torrc` and add new service with that folder.\ After reload/restart tor should pick it up. -* Generate addresses with `1-2` and `7-9` digits? +* How to generate addresses with `0-1` and `8-9` digits? Onion addresses use base32 encoding which does not include `0,1,8,9` numbers.\ From 6a2b5e60bf9ce970efb679b1670812e8ddaaad87 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 6 Aug 2023 05:13:37 +0300 Subject: [PATCH 092/107] fix checkpoint loading (use carry for add) --- main.c | 7 +++++-- worker.c | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/main.c b/main.c index c5d2844..164307c 100644 --- a/main.c +++ b/main.c @@ -612,8 +612,11 @@ int main(int argc,char **argv) fclose(checkout); // Apply checkpoint to determseed - for (int i = 0; i < SEED_LEN; i++) - determseed[i] += checkpoint[i]; + bool carry = 0; + for (int i = 0; i < SEED_LEN; i++) { + determseed[i] += checkpoint[i] + carry; + carry = determseed[i] < checkpoint[i]; + } } } } diff --git a/worker.c b/worker.c index 78376ce..0a08d27 100644 --- a/worker.c +++ b/worker.c @@ -150,6 +150,7 @@ union pubonionunion { } i; } ; +/* // little endian inc static void addsk32(u8 *sk) { @@ -160,6 +161,7 @@ static void addsk32(u8 *sk) if (!c) break; } } +*/ // 0123 4567 xxxx --3--> 3456 7xxx // 0123 4567 xxxx --1--> 1234 567x From ec788fec85a00b9c90214cc81148a87201fa31fd Mon Sep 17 00:00:00 2001 From: cathugger Date: Sun, 6 Aug 2023 19:07:51 +0300 Subject: [PATCH 093/107] revamp docker support don't use volume, use latest alpine so i won't need to bump it use multistage static build for minimal size with stripping correctly save git version details --- contrib/docker/.dockerignore | 1 - contrib/docker/Dockerfile | 31 ++++++++++++------------------- 2 files changed, 12 insertions(+), 20 deletions(-) delete mode 100644 contrib/docker/.dockerignore diff --git a/contrib/docker/.dockerignore b/contrib/docker/.dockerignore deleted file mode 100644 index 6b8710a..0000000 --- a/contrib/docker/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -.git diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile index 97aaac3..afbcc41 100644 --- a/contrib/docker/Dockerfile +++ b/contrib/docker/Dockerfile @@ -1,21 +1,14 @@ -FROM alpine:3.12.0 +FROM alpine:latest AS builder +RUN apk add --no-cache gcc libc-dev libsodium-dev libsodium-static make autoconf git +WORKDIR /app +COPY . . +RUN ./autogen.sh +RUN ./configure --enable-amd64-51-30k CFLAGS="-O3 -march=x86-64 -mtune=generic -fomit-frame-pointer" LDFLAGS="-static" +RUN make +RUN strip mkp224o -LABEL maintainer="sstefin@bk.ru" +FROM scratch +WORKDIR /app +COPY --from=builder /app/mkp224o . -#Installing all the dependencies -RUN apk add --no-cache gcc libsodium-dev make autoconf build-base - -WORKDIR /mkp224o - -COPY . /mkp224o/ - -RUN ./autogen.sh \ - && ./configure \ - && make \ - && cp /mkp224o/mkp224o /usr/local/bin/ - -VOLUME /root/data - -WORKDIR /root/data - -ENTRYPOINT ["mkp224o"] +ENTRYPOINT ["./mkp224o"] From 42e4d3a5fcea3a7d5072e9b354265e2ced18367b Mon Sep 17 00:00:00 2001 From: Marni Date: Sun, 6 Aug 2023 20:22:54 +0200 Subject: [PATCH 094/107] Docker support (#99) * add Dockerfile * add basic documentation for docker image * change cmd to entrypoint in Dockerfile This is so that you can add args without docker assuming you're trying to override the command * Create docker-publish.yml github CI action This is taken from the marketplace, I didn't write this * correct docker image tag * fix checkpoint loading (use carry for add) * Fix digit typos in README * revamp docker support don't use volume, use latest alpine so i won't need to bump it use multistage static build for minimal size with stripping correctly save git version details * tweak workflows * try making cosign work * Revert "try making cosign work" This reverts commit a70723db665821147b7b2996c510679f3f5dddc1. * fix * remove root dockerfile --------- Co-authored-by: cathugger Co-authored-by: dunsany <118174187+dunsany@users.noreply.github.com> --- .github/workflows/docker-publish.yml | 85 ++++++++++++++++++++++++++++ README.md | 9 +++ 2 files changed, 94 insertions(+) create mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..6193e82 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,85 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@v3 + + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v2 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@v4 + with: + file: ./contrib/docker/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }} diff --git a/README.md b/README.md index 9dc4d5f..8185082 100644 --- a/README.md +++ b/README.md @@ -103,6 +103,15 @@ performance-related tips. It appears that onionbalance supports loading usual `hs_ed25519_secret_key` key so it should work. +* Is there a docker image? + + Yes, if you do not wish to compile mkp224o yourself, you can use + the `ghcr.io/cathugger/mkp224o` image like so: + + ```bash + docker run --rm -it -v $PWD:/keys ghcr.io/cathugger/mkp224o:master -d /keys neko + ``` + ### Acknowledgements & Legal To the extent possible under law, the author(s) have dedicated all From 80e1bd0b471c66f93c36a8731230c139ff1e2d9b Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 6 Sep 2023 01:00:04 +0300 Subject: [PATCH 095/107] near passkeys skip/warn modes & help tweak --- main.c | 73 +++++++++++++++++++++++++---------------- worker.c | 11 ++++++- worker.h | 2 ++ worker_batch.inc.h | 2 +- worker_batch_pass.inc.h | 18 ++++++++-- 5 files changed, 72 insertions(+), 34 deletions(-) diff --git a/main.c b/main.c index 164307c..3043de2 100644 --- a/main.c +++ b/main.c @@ -96,43 +96,49 @@ static void printhelp(FILE *out,const char *progname) " %s -f FILTERFILE [OPTION]\n" "Options:\n" " -f FILTERFILE specify filter file which contains filters separated\n" - " by newlines\n" - " -D deduplicate filters\n" - " -q do not print diagnostic output to stderr\n" - " -x do not print onion names\n" - " -v print more diagnostic data\n" - " -o FILENAME output onion names to specified file (append)\n" - " -O FILENAME output onion names to specified file (overwrite)\n" - " -F include directory names in onion names output\n" - " -d DIRNAME output directory\n" + " by newlines.\n" + " -D deduplicate filters.\n" + " -q do not print diagnostic output to stderr.\n" + " -x do not print onion names.\n" + " -v print more diagnostic data.\n" + " -o FILENAME output onion names to specified file (append).\n" + " -O FILENAME output onion names to specified file (overwrite).\n" + " -F include directory names in onion names output.\n" + " -d DIRNAME output directory.\n" " -t NUMTHREADS specify number of threads to utilise\n" - " (default - try detecting CPU core count)\n" - " -j NUMTHREADS same as -t\n" - " -n NUMKEYS specify number of keys (default - 0 - unlimited)\n" - " -N NUMWORDS specify number of words per key (default - 1)\n" - " -Z deprecated, does nothing\n" - " -z deprecated, does nothing\n" - " -B use batching key generation method (current default)\n" - " -s print statistics each 10 seconds\n" - " -S SECONDS print statistics every specified amount of seconds\n" - " -T do not reset statistics counters when printing\n" + " (default - try detecting CPU core count).\n" + " -j NUMTHREADS same as -t.\n" + " -n NUMKEYS specify number of keys (default - 0 - unlimited).\n" + " -N NUMWORDS specify number of words per key (default - 1).\n" + " -Z deprecated, does nothing.\n" + " -z deprecated, does nothing.\n" + " -B use batching key generation method (current default).\n" + " -s print statistics each 10 seconds.\n" + " -S SECONDS print statistics every specified amount of seconds.\n" + " -T do not reset statistics counters when printing.\n" " -y output generated keys in YAML format instead of\n" - " dumping them to filesystem\n" + " dumping them to filesystem.\n" " -Y [FILENAME [host.onion]]\n" " parse YAML encoded input and extract key(s) to\n" - " filesystem\n" + " filesystem.\n" #ifdef PASSPHRASE - " -p PASSPHRASE use passphrase to initialize the random seed with\n" + " -p PASSPHRASE use passphrase to initialize the random seed with.\n" " -P same as -p, but takes passphrase from PASSPHRASE\n" - " environment variable\n" + " environment variable.\n" " --checkpoint filename\n" " load/save checkpoint of progress to specified file\n" - " (requires passphrase)\n" + " (requires passphrase).\n" + " --skipnear skip near passphrase keys; you probably want this\n" + " because of improved safety unless you're trying to\n" + " regenerate an old key; possible future default.\n" + " --warnnear print warning about passphrase key being near another\n" + " (safety hazard); prefer --skipnear to this unless\n" + " you're regenerating an old key.\n" #endif " --rawyaml raw (unprefixed) public/secret keys for -y/-Y\n" - " (may be useful for tor controller API)\n" - " -h, --help, --usage print help to stdout and quit\n" - " -V, --version print version information to stdout and exit\n" + " (may be useful for tor controller API).\n" + " -h, --help, --usage print help to stdout and quit.\n" + " -V, --version print version information to stdout and exit.\n" ,progname,progname); fflush(out); } @@ -332,6 +338,10 @@ int main(int argc,char **argv) else e_additional(); } + else if (!strcmp(arg,"skipnear")) + pw_skipnear = 1; + else if (!strcmp(arg,"warnnear")) + pw_warnnear = 1; #endif // PASSPHRASE else { fprintf(stderr,"unrecognised argument: --%s\n",arg); @@ -597,8 +607,13 @@ int main(int argc,char **argv) #ifdef PASSPHRASE if (deterministic) { - if (!quietflag && numneedgenerate != 1) - fprintf(stderr,"CAUTION: avoid using keys generated with same password for unrelated services, as single leaked key may help attacker to regenerate related keys.\n"); + if (!quietflag && numneedgenerate != 1 && !pw_skipnear && !pw_warnnear) + fprintf(stderr, + // 0 1 2 3 4 5 6 7 + // 01234567890123456789012345678901234567890123456789012345678901234567890123456789 + "CAUTION: avoid using keys generated with the same password for unrelated\n" + " services, as single leaked key may help an attacker to regenerate\n" + " related keys; to silence this warning, pass --skipnear or --warnnear.\n"); if (checkpointfile) { memcpy(orig_determseed,determseed,sizeof(determseed)); // Read current checkpoint position if file exists diff --git a/worker.c b/worker.c index 0a08d27..1c954de 100644 --- a/worker.c +++ b/worker.c @@ -58,6 +58,8 @@ size_t workdirlen = 0; pthread_mutex_t determseed_mutex; u8 determseed[SEED_LEN]; +int pw_skipnear = 0; +int pw_warnnear = 0; #endif @@ -71,7 +73,7 @@ char *makesname(void) return sname; } -static void onionready(char *sname,const u8 *secret,const u8 *pubonion) +static void onionready(char *sname,const u8 *secret,const u8 *pubonion,int warnnear) { if (endwork) return; @@ -122,6 +124,13 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion) } if (fout) { pthread_mutex_lock(&fout_mutex); +#ifdef PASSPHRASE + const char * const pwarn = " warn:near\n"; + if (warnnear) + strcpy(&sname[onionendpos],pwarn); + const size_t oprintlen = printlen; + const size_t printlen = oprintlen + (warnnear ? strlen(pwarn)-1 : 0); +#endif fwrite(&sname[printstartpos],printlen,1,fout); fflush(fout); pthread_mutex_unlock(&fout_mutex); diff --git a/worker.h b/worker.h index 2c30831..547b72a 100644 --- a/worker.h +++ b/worker.h @@ -33,6 +33,8 @@ VEC_STRUCT(statsvec,struct statstruct); #ifdef PASSPHRASE extern pthread_mutex_t determseed_mutex; extern u8 determseed[SEED_LEN]; +extern int pw_skipnear; +extern int pw_warnnear; #endif extern void worker_init(void); diff --git a/worker_batch.inc.h b/worker_batch.inc.h index 7eb5cd6..7bf778d 100644 --- a/worker_batch.inc.h +++ b/worker_batch.inc.h @@ -102,7 +102,7 @@ initseed: pk[PUBLIC_LEN + 2] = 0x03; // full name strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); + onionready(sname,secret,pubonion.raw,0); pk[PUBLIC_LEN] = 0; // what is this for? // don't reuse same seed goto initseed; diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h index 0fa49ff..3d31174 100644 --- a/worker_batch_pass.inc.h +++ b/worker_batch_pass.inc.h @@ -38,17 +38,21 @@ void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task) sname = makesname(); + int seednear; + initseed: #ifdef STATISTICS ++st->numrestart.v; #endif + seednear = 0; + pthread_mutex_lock(&determseed_mutex); for (int i = 0; i < SEED_LEN; i++) if (++determseed[i]) break; - memcpy(seed, determseed, SEED_LEN); + memcpy(seed,determseed,SEED_LEN); pthread_mutex_unlock(&determseed_mutex); ed25519_seckey_expand(sk,seed); @@ -112,8 +116,12 @@ initseed: pk[PUBLIC_LEN + 2] = 0x03; // full name strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); + onionready(sname,secret,pubonion.raw,seednear && pw_warnnear); pk[PUBLIC_LEN] = 0; // what is this for? + + if (pw_skipnear) + goto initseed; + seednear = 1; }); next: ; @@ -180,8 +188,12 @@ initseed: pk[PUBLIC_LEN + 2] = 0x03; // full name strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); + onionready(sname,secret,pubonion.raw,seednear && pw_warnnear); pk[PUBLIC_LEN] = 0; // what is this for? + + if (pw_skipnear) + goto initseed; + seednear = 1; }); next2: ; From c7a8d7522917fbf2ec5bd5fe4794e00ab20eca48 Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 6 Sep 2023 01:24:58 +0300 Subject: [PATCH 096/107] don't skipnear if warnnear is set --- main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/main.c b/main.c index 3043de2..7f82c82 100644 --- a/main.c +++ b/main.c @@ -89,9 +89,9 @@ VEC_STRUCT(tstatsvec,struct tstatstruct); static void printhelp(FILE *out,const char *progname) { + fprintf(out, // 0 1 2 3 4 5 6 7 // 01234567890123456789012345678901234567890123456789012345678901234567890123456789 - fprintf(out, "Usage: %s FILTER [FILTER...] [OPTION]\n" " %s -f FILTERFILE [OPTION]\n" "Options:\n" @@ -614,6 +614,8 @@ int main(int argc,char **argv) "CAUTION: avoid using keys generated with the same password for unrelated\n" " services, as single leaked key may help an attacker to regenerate\n" " related keys; to silence this warning, pass --skipnear or --warnnear.\n"); + if (pw_warnnear) + pw_skipnear = 0; if (checkpointfile) { memcpy(orig_determseed,determseed,sizeof(determseed)); // Read current checkpoint position if file exists From 6c704d20c45e56da0e44917f31c2214502c2e86e Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 6 Sep 2023 01:43:44 +0300 Subject: [PATCH 097/107] use "latest wins" logic for skipnear/warnnear args --- main.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/main.c b/main.c index 7f82c82..7dbffee 100644 --- a/main.c +++ b/main.c @@ -338,10 +338,14 @@ int main(int argc,char **argv) else e_additional(); } - else if (!strcmp(arg,"skipnear")) + else if (!strcmp(arg,"skipnear")) { pw_skipnear = 1; - else if (!strcmp(arg,"warnnear")) + pw_warnnear = 0; + } + else if (!strcmp(arg,"warnnear")) { pw_warnnear = 1; + pw_skipnear = 0; + } #endif // PASSPHRASE else { fprintf(stderr,"unrecognised argument: --%s\n",arg); @@ -614,8 +618,6 @@ int main(int argc,char **argv) "CAUTION: avoid using keys generated with the same password for unrelated\n" " services, as single leaked key may help an attacker to regenerate\n" " related keys; to silence this warning, pass --skipnear or --warnnear.\n"); - if (pw_warnnear) - pw_skipnear = 0; if (checkpointfile) { memcpy(orig_determseed,determseed,sizeof(determseed)); // Read current checkpoint position if file exists From 4cc50f41ce3f4fdad161df5469f15730eeb7986a Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 6 Sep 2023 02:15:13 +0300 Subject: [PATCH 098/107] onionready: always refer warnnear --- worker.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/worker.c b/worker.c index 1c954de..6c071db 100644 --- a/worker.c +++ b/worker.c @@ -130,6 +130,8 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion,int warnn strcpy(&sname[onionendpos],pwarn); const size_t oprintlen = printlen; const size_t printlen = oprintlen + (warnnear ? strlen(pwarn)-1 : 0); +#else + (void) warnnear; #endif fwrite(&sname[printstartpos],printlen,1,fout); fflush(fout); From 1b00917e5296880a596cde82b0d7f564f40f11e0 Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 6 Sep 2023 02:19:20 +0300 Subject: [PATCH 099/107] spaces/tabs fix --- main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.c b/main.c index 7dbffee..10a51f6 100644 --- a/main.c +++ b/main.c @@ -90,8 +90,8 @@ VEC_STRUCT(tstatsvec,struct tstatstruct); static void printhelp(FILE *out,const char *progname) { fprintf(out, - // 0 1 2 3 4 5 6 7 - // 01234567890123456789012345678901234567890123456789012345678901234567890123456789 + // 0 1 2 3 4 5 6 7 + // 01234567890123456789012345678901234567890123456789012345678901234567890123456789 "Usage: %s FILTER [FILTER...] [OPTION]\n" " %s -f FILTERFILE [OPTION]\n" "Options:\n" @@ -613,8 +613,8 @@ int main(int argc,char **argv) if (deterministic) { if (!quietflag && numneedgenerate != 1 && !pw_skipnear && !pw_warnnear) fprintf(stderr, - // 0 1 2 3 4 5 6 7 - // 01234567890123456789012345678901234567890123456789012345678901234567890123456789 + // 0 1 2 3 4 5 6 7 + // 01234567890123456789012345678901234567890123456789012345678901234567890123456789 "CAUTION: avoid using keys generated with the same password for unrelated\n" " services, as single leaked key may help an attacker to regenerate\n" " related keys; to silence this warning, pass --skipnear or --warnnear.\n"); From 870c089a3c437005818a78b132f755f4796d6781 Mon Sep 17 00:00:00 2001 From: cathugger Date: Wed, 6 Sep 2023 02:24:14 +0300 Subject: [PATCH 100/107] better ruler fix --- main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.c b/main.c index 10a51f6..213698a 100644 --- a/main.c +++ b/main.c @@ -90,8 +90,8 @@ VEC_STRUCT(tstatsvec,struct tstatstruct); static void printhelp(FILE *out,const char *progname) { fprintf(out, - // 0 1 2 3 4 5 6 7 - // 01234567890123456789012345678901234567890123456789012345678901234567890123456789 + // 1 2 3 4 5 6 7 + //1234567890123456789012345678901234567890123456789012345678901234567890123456789 "Usage: %s FILTER [FILTER...] [OPTION]\n" " %s -f FILTERFILE [OPTION]\n" "Options:\n" @@ -613,8 +613,8 @@ int main(int argc,char **argv) if (deterministic) { if (!quietflag && numneedgenerate != 1 && !pw_skipnear && !pw_warnnear) fprintf(stderr, - // 0 1 2 3 4 5 6 7 - // 01234567890123456789012345678901234567890123456789012345678901234567890123456789 + // 1 2 3 4 5 6 7 + //1234567890123456789012345678901234567890123456789012345678901234567890123456789 "CAUTION: avoid using keys generated with the same password for unrelated\n" " services, as single leaked key may help an attacker to regenerate\n" " related keys; to silence this warning, pass --skipnear or --warnnear.\n"); From 6d4034abf15f85e8df6f26e2accb208d71057e40 Mon Sep 17 00:00:00 2001 From: Yeonjun Kim Date: Mon, 23 Oct 2023 19:46:20 +0900 Subject: [PATCH 101/107] Update outdated URL in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8185082..645c789 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ along with this software. If not, see [CC0][]. * Passphrase-based generation code and idea used in `worker_batch()` contributed by [foobar2019][] -[v3]: https://gitweb.torproject.org/torspec.git/plain/rend-spec-v3.txt +[v3]: https://spec.torproject.org/rend-spec/index.html [OPTIMISATION]: ./OPTIMISATION.txt [#27]: https://github.com/cathugger/mkp224o/issues/27 [keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c From c72ddad656f19d695eb66f6122a52625d67c3a4c Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 8 Dec 2023 17:32:51 +0000 Subject: [PATCH 102/107] README.md: attempt to use footnotes --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 645c789..bfa2f46 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ## mkp224o - vanity address generator for ed25519 onion services -This tool generates vanity ed25519 ([hidden service version 3][v3], +This tool generates vanity ed25519 (hidden service version 3[^1][^2], formely known as proposal 224) onion addresses. ### Requirements for building @@ -131,7 +131,8 @@ along with this software. If not, see [CC0][]. * Passphrase-based generation code and idea used in `worker_batch()` contributed by [foobar2019][] -[v3]: https://spec.torproject.org/rend-spec/index.html +[^1]: https://spec.torproject.org/rend-spec/index.html +[^2]: https://gitlab.torproject.org/tpo/core/torspec/-/raw/main/attic/text_formats/rend-spec-v3.txt [OPTIMISATION]: ./OPTIMISATION.txt [#27]: https://github.com/cathugger/mkp224o/issues/27 [keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c From b0f394c17ac384b9367694a766e4fb1257f9b342 Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 8 Dec 2023 17:34:42 +0000 Subject: [PATCH 103/107] README.md: attempt to fix --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bfa2f46..396fe2c 100644 --- a/README.md +++ b/README.md @@ -131,8 +131,6 @@ along with this software. If not, see [CC0][]. * Passphrase-based generation code and idea used in `worker_batch()` contributed by [foobar2019][] -[^1]: https://spec.torproject.org/rend-spec/index.html -[^2]: https://gitlab.torproject.org/tpo/core/torspec/-/raw/main/attic/text_formats/rend-spec-v3.txt [OPTIMISATION]: ./OPTIMISATION.txt [#27]: https://github.com/cathugger/mkp224o/issues/27 [keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c @@ -141,3 +139,5 @@ along with this software. If not, see [CC0][]. [ed25519-donna]: https://github.com/floodyberry/ed25519-donna [horse25519]: https://github.com/Yawning/horse25519 [foobar2019]: https://github.com/foobar2019 +[^1]: https://spec.torproject.org/rend-spec/index.html +[^2]: https://gitlab.torproject.org/tpo/core/torspec/-/raw/main/attic/text_formats/rend-spec-v3.txt From a3add1b889ef09ba2bae8928c748c6c2c850b1a9 Mon Sep 17 00:00:00 2001 From: cathugger Date: Sat, 20 Jan 2024 10:54:04 +0000 Subject: [PATCH 104/107] add packages needed to build release --- contrib/release-scripts/README.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 contrib/release-scripts/README.md diff --git a/contrib/release-scripts/README.md b/contrib/release-scripts/README.md new file mode 100644 index 0000000..9e9a0df --- /dev/null +++ b/contrib/release-scripts/README.md @@ -0,0 +1,2 @@ +packages that work on archlinux: +wine-wow64 mingw-w64-toolchain mingw-w64-ldd mingw-w64-pcre2 mingw-w64-libsodium zopfli From 3e7aaf8a3a9cbbed56872afeef88c7a9d538d51a Mon Sep 17 00:00:00 2001 From: cathugger Date: Sat, 20 Jan 2024 12:47:34 +0000 Subject: [PATCH 105/107] add dep --- contrib/release-scripts/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/release-scripts/README.md b/contrib/release-scripts/README.md index 9e9a0df..6ec2370 100644 --- a/contrib/release-scripts/README.md +++ b/contrib/release-scripts/README.md @@ -1,2 +1,2 @@ packages that work on archlinux: -wine-wow64 mingw-w64-toolchain mingw-w64-ldd mingw-w64-pcre2 mingw-w64-libsodium zopfli +wine-wow64 mingw-w64-toolchain mingw-w64-ldd mingw-w64-pcre2 mingw-w64-libsodium zip zopfli From fb5320a5374674a01ab904c1d018a77f3599ced8 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 22 Jan 2024 05:08:12 +0000 Subject: [PATCH 106/107] gpg TZ --- contrib/release-scripts/release.sh | 4 ++-- contrib/release-scripts/sign.sh | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/release-scripts/release.sh b/contrib/release-scripts/release.sh index 55fb703..caf57f4 100755 --- a/contrib/release-scripts/release.sh +++ b/contrib/release-scripts/release.sh @@ -72,8 +72,8 @@ export PATH=$OPATH cd "$D/out" tar --portability --no-acls --no-selinux --no-xattrs --owner root:0 --group=root:0 --sort=name -c -f $SV-src.tar $SV -zopfli -c $SV-src.tar > $SV-src.tar.gz -zstd -19 -f $SV-src.tar -o $SV-src.tar.zst +zopfli -i100 -c $SV-src.tar > $SV-src.tar.gz +zstd -19 -f $SV-src.tar -o $SV-src.tar.zst rm $SV-src.tar zip -9 -X -r $SV-w32.zip $SV-w32 diff --git a/contrib/release-scripts/sign.sh b/contrib/release-scripts/sign.sh index 597e89c..2253276 100755 --- a/contrib/release-scripts/sign.sh +++ b/contrib/release-scripts/sign.sh @@ -10,6 +10,8 @@ D=$(realpath "$0") D=$(dirname "$D") cd "$D" +export TZ=UTC + cd out gpg --detach-sign -u "$1" mkp224o-*-src.tar.gz From 5172c0fd71740ca0b11da8149a2575dcf331d7ab Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 15 Feb 2024 21:48:15 +0000 Subject: [PATCH 107/107] make depends --- GNUmakefile.in | 258 ++++++++++++++++++++++++------------------------- 1 file changed, 129 insertions(+), 129 deletions(-) diff --git a/GNUmakefile.in b/GNUmakefile.in index f80b506..7516a1c 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -268,115 +268,115 @@ ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/compat.h ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519_base_slide_multiples.data +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/index_heap.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519.h ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519_base_niels.data -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/hram.h -ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/compat.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/hram.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/index_heap.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_sign.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ed25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/randombytes.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_sign.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ed25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_verify_32.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_sign.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ed25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/sc25519.h ed25519/ref10/fe_0.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h ed25519/ref10/fe_1.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h ed25519/ref10/fe_add.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h @@ -394,7 +394,7 @@ ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/fe.h ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/fe.h ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_isnonzero.c.o: ed25519/amd64-51-30k/crypto_verify_32.h +ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_verify_32.h ed25519/ref10/fe_mul.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h ed25519/ref10/fe_mul.c.o: ed25519/ref10/crypto_int64.h ed25519/ref10/fe_neg.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h @@ -453,29 +453,27 @@ ed25519/ref10/ge_sub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h ed25519/ref10/ge_sub.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_sub.h ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h +ed25519/ref10/keypair.c.o: ed25519/ref10/randombytes.h +ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_sign.h +ed25519/ref10/keypair.c.o: ed25519/ref10/ed25519.h +ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_hash_sha512.h ed25519/ref10/keypair.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/ref10/open.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/open.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h +ed25519/ref10/open.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h +ed25519/ref10/open.c.o: ed25519/ref10/crypto_hash_sha512.h +ed25519/ref10/open.c.o: ed25519/ref10/crypto_verify_32.h ed25519/ref10/ge.h +ed25519/ref10/open.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/open.c.o: ed25519/ref10/sc.h ed25519/ref10/sc_muladd.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint32.h ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint64.h ed25519/ref10/sc_reduce.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint32.h ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint64.h -ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/ref10/sign.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/sign.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h +ed25519/ref10/sign.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h +ed25519/ref10/sign.c.o: ed25519/ref10/crypto_hash_sha512.h ed25519/ref10/ge.h +ed25519/ref10/sign.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/sign.c.o: ed25519/ref10/sc.h ioutil.c.o: types.h ioutil.h vec.h keccak.c.o: types.h keccak.h main.c.o: types.h vec.h base32.h cpucount.h keccak.h ioutil.h common.h yaml.h @@ -486,14 +484,16 @@ test_base32.c.o: types.h base32.h test_base64.c.o: types.h base64.h test_ed25519.c.o: types.h base16.h ed25519/ed25519.h test_ed25519.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h -test_ed25519.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/ref10/ge.h +test_ed25519.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h test_ed25519.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h test_ed25519.c.o: ed25519/amd64-51-30k/crypto_sign.h +test_ed25519.c.o: ed25519/amd64-51-30k/ed25519.h test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h test_ed25519.c.o: ed25519/amd64-51-30k/compat.h test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h test_ed25519.c.o: ed25519/amd64-64-24k/crypto_sign.h +test_ed25519.c.o: ed25519/amd64-64-24k/ed25519.h test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h @@ -519,12 +519,12 @@ worker.c.o: types.h likely.h vec.h base32.h keccak.h ioutil.h common.h yaml.h worker.c.o: worker.h filters.h filters_inc.inc.h filters_worker.inc.h worker.c.o: filters_common.inc.h ed25519/ed25519.h worker_impl.inc.h worker.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h -worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/ref10/ge.h -worker.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -worker.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/ge25519.h +worker.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h ed25519/ref10/fe.h +worker.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/crypto_sign.h +worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/ge25519.h worker.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/compat.h worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/crypto_sign.h -worker.c.o: ed25519/amd64-64-24k/ge25519.h +worker.c.o: ed25519/amd64-64-24k/ed25519.h ed25519/amd64-64-24k/ge25519.h worker.c.o: ed25519/ed25519-donna/ed25519-donna.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h