diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..b17a273 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,15 @@ +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +[*.{c,h}] +indent_style = tab + +[{GNUmakefile.in,configure.ac}] +indent_style = tab + +[ed25519/{ref10,amd64-51-30k,amd64-64-24k}/*.{c,h,py}] +indent_style = space +indent_size = 2 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..f0b4f05 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.c linguist-language=C +*.h linguist-language=C diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..6193e82 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,85 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@v3 + + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v2 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@v4 + with: + file: ./contrib/docker/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }} diff --git a/.gitignore b/.gitignore index b6e311f..4d8142e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ # output files mkp224o +calcest +test_* *.o # generated onions @@ -7,8 +9,9 @@ mkp224o # garbage configure -Makefile -Makefile.in.bak +configure~ +GNUmakefile +GNUmakefile.in.bak config.status config.log *.cache diff --git a/GNUmakefile.in b/GNUmakefile.in new file mode 100644 index 0000000..7516a1c --- /dev/null +++ b/GNUmakefile.in @@ -0,0 +1,548 @@ + +CC= @CC@ +CSTD= @CSTD@ +CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @PIE@ @MYDEFS@ -DVERSION='"@VERSION@"' +ASFLAGS= @PIE@ +LDFLAGS= @LDFLAGS@ +MV= mv + +ED25519_DEFS= -DED25519_ref10 -DED25519_amd64_51_30k -DED25519_amd64_64_24k -DED25519_donna +ED25519_ref10= $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/ref10/*.c)) +ED25519_amd64_51_30k= \ + $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.c)) \ + $(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.S)) +ED25519_amd64_64_24k= \ + $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.c)) \ + $(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.S)) +ED25519_donna= +ED25519_OBJ= $(ED25519_@ED25519IMPL@) + +MAIN_OBJ= \ + main.c.o \ + worker.c.o \ + yaml.c.o \ + vec.c.o \ + cpucount.c.o \ + base32_to.c.o \ + base32_from.c.o \ + base64_to.c.o \ + base64_from.c.o \ + ioutil.c.o \ + $(ED25519_OBJ) \ + keccak.c.o + +UTIL_CALCEST_OBJ= \ + calcest.c.o + +TEST_BASE64_OBJ= \ + test_base64.c.o \ + base64_to.c.o \ + base64_from.c.o + +TEST_BASE32_OBJ= \ + test_base32.c.o \ + base32_to.c.o \ + base32_from.c.o + +TEST_BASE16_OBJ= \ + test_base16.c.o \ + base16_to.c.o \ + base16_from.c.o + +TEST_ED25519_OBJ= \ + test_ed25519.c.o \ + base16_to.c.o \ + base16_from.c.o \ + $(ED25519_OBJ) + +ALL_O= $(sort \ + $(MAIN_OBJ) \ + $(UTIL_CALCEST_OBJ) \ + $(TEST_BASE64_OBJ) \ + $(TEST_BASE32_OBJ) \ + $(TEST_BASE16_OBJ) \ + $(TEST_ED25519_OBJ) \ + $(ED25519_ref10) \ + $(ED25519_amd64_51_30k) \ + $(ED25519_amd64_64_24k)) + +ALL_C= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALL_O))) +CLEAN_O= $(filter %.o,$(ALL_O)) + +MAIN_LIB= -lpthread -lsodium @MAINLIB@ +UTIL_CALCEST_LIB= -lm +TEST_ED25519_LIB= -lsodium + +MAIN_TGT= mkp224o +UTIL_TGT= calcest +TEST_TGT= test_base64 test_base32 test_base16 test_ed25519 + +MAIN_EXE= $(patsubst %,%@EXEEXT@,$(MAIN_TGT)) +UTIL_EXE= $(patsubst %,%@EXEEXT@,$(UTIL_TGT)) +TEST_EXE= $(patsubst %,%@EXEEXT@,$(TEST_TGT)) + +ALL_EXE= $(MAIN_EXE) $(UTIL_EXE) $(TEST_EXE) + +.PHONY: default all main util test clean distclean depend + +default: $(MAIN_EXE) + +all: $(ALL_EXE) + +main: $(MAIN_EXE) + +util: $(UTIL_EXE) + +test: $(TEST_EXE) + +mkp224o@EXEEXT@: $(MAIN_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAIN_LIB) && $(MV) $@.tmp $@ + +calcest@EXEEXT@: $(UTIL_CALCEST_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(UTIL_CALCEST_LIB) && $(MV) $@.tmp $@ + +test_base64@EXEEXT@: $(TEST_BASE64_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ + +test_base32@EXEEXT@: $(TEST_BASE32_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ + +test_base16@EXEEXT@: $(TEST_BASE16_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ + +test_ed25519@EXEEXT@: $(TEST_ED25519_OBJ) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519_LIB) && $(MV) $@.tmp $@ + +clean: + $(RM) $(CLEAN_O) + $(RM) $(ALL_EXE) + +distclean: clean + $(RM) -r autom4te.cache + $(RM) configure config.status config.log + $(RM) GNUmakefile + +depend: + # makedepend from imake + cd "@SRCDIR@" && makedepend -Y -fGNUmakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALL_C) + +VPATH=@SRCDIR@ + +%.c.o: CFLAGS += \ + -D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@' \ + -D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@' \ + -D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + -D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + +%.S.o: ASFLAGS += \ + -D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@' \ + -D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@' \ + -D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + -D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \ + +%.c.o: %.c + $(CC) $(CFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@ + +%.S.o: %.S + $(CC) $(ASFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@ + +# DO NOT DELETE THIS LINE + +base16_from.c.o: types.h base16.h +base16_to.c.o: types.h base16.h +base32_from.c.o: types.h base32.h +base32_to.c.o: types.h base32.h +base64_from.c.o: types.h base64.h +base64_to.c.o: types.h base64.h +cpucount.c.o: cpucount.h +ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data +ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h +ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519_base_niels_smalltables.data +ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h +ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/hram.h +ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ed25519.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h +ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ed25519.h +ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h +ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h +ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h +ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/compat.h +ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h +ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519_base_slide_multiples.data +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/index_heap.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519_base_niels.data +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/hram.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/index_heap.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_sign.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ed25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/randombytes.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_sign.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ed25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_verify_32.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_sign.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ed25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ge25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/fe25519.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/compat.h +ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/sc25519.h +ed25519/ref10/fe_0.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_1.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_add.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_batchinvert.c.o: ed25519/ref10/fe.h +ed25519/ref10/fe_batchinvert.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_cmov.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_copy.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/fe.h +ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_int64.h +ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_uint64.h +ed25519/ref10/fe_invert.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_invert.c.o: ed25519/ref10/pow225521.h +ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/fe.h +ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/fe.h +ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_verify_32.h +ed25519/ref10/fe_mul.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_mul.c.o: ed25519/ref10/crypto_int64.h +ed25519/ref10/fe_neg.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/fe.h +ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/pow22523.h +ed25519/ref10/fe_sq.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_sq.c.o: ed25519/ref10/crypto_int64.h +ed25519/ref10/fe_sq2.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_sq2.c.o: ed25519/ref10/crypto_int64.h +ed25519/ref10/fe_sub.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/fe_tobytes.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_add.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_add.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_add.h +ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/base2.h +ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/d.h ed25519/ref10/sqrtm1.h +ed25519/ref10/ge_madd.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_madd.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_madd.c.o: ed25519/ref10/ge_madd.h +ed25519/ref10/ge_msub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_msub.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_msub.c.o: ed25519/ref10/ge_msub.h +ed25519/ref10/ge_p1p1_to_p2.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p1p1_to_p2.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_p1p1_to_p3.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p1p1_to_p3.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_p2_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p2_0.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/ge_p2_dbl.h +ed25519/ref10/ge_p3_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p3_0.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_p3_batchtobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p3_batchtobytes.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_p3_dbl.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p3_dbl.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/d2.h +ed25519/ref10/ge_p3_to_p2.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p3_to_p2.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_p3_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_p3_tobytes.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_precomp_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_precomp_0.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/crypto_uint32.h +ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/base.h +ed25519/ref10/ge_sub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_sub.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_sub.h +ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/keypair.c.o: ed25519/ref10/randombytes.h +ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_sign.h +ed25519/ref10/keypair.c.o: ed25519/ref10/ed25519.h +ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_hash_sha512.h +ed25519/ref10/keypair.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h +ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_int32.h +ed25519/ref10/open.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h +ed25519/ref10/open.c.o: ed25519/ref10/crypto_hash_sha512.h +ed25519/ref10/open.c.o: ed25519/ref10/crypto_verify_32.h ed25519/ref10/ge.h +ed25519/ref10/open.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/open.c.o: ed25519/ref10/sc.h +ed25519/ref10/sc_muladd.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h +ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint32.h +ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint64.h +ed25519/ref10/sc_reduce.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h +ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint32.h +ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint64.h +ed25519/ref10/sign.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h +ed25519/ref10/sign.c.o: ed25519/ref10/crypto_hash_sha512.h ed25519/ref10/ge.h +ed25519/ref10/sign.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +ed25519/ref10/sign.c.o: ed25519/ref10/sc.h +ioutil.c.o: types.h ioutil.h vec.h +keccak.c.o: types.h keccak.h +main.c.o: types.h vec.h base32.h cpucount.h keccak.h ioutil.h common.h yaml.h +main.c.o: filters.h worker.h likely.h filters_inc.inc.h filters_main.inc.h +main.c.o: filters_common.inc.h ifilter_bitsum.h +test_base16.c.o: types.h base16.h +test_base32.c.o: types.h base32.h +test_base64.c.o: types.h base64.h +test_ed25519.c.o: types.h base16.h ed25519/ed25519.h +test_ed25519.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h +test_ed25519.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h +test_ed25519.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h +test_ed25519.c.o: ed25519/amd64-51-30k/crypto_sign.h +test_ed25519.c.o: ed25519/amd64-51-30k/ed25519.h +test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h +test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h +test_ed25519.c.o: ed25519/amd64-51-30k/compat.h +test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h +test_ed25519.c.o: ed25519/amd64-64-24k/crypto_sign.h +test_ed25519.c.o: ed25519/amd64-64-24k/ed25519.h +test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h +test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h +test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h +test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h +test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h +test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-64bit.h +test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-32bit.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h +test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h testutil.h +test_ed25519.c.o: ed25519/ed25519_impl_post.h +vec.c.o: vec.h +worker.c.o: types.h likely.h vec.h base32.h keccak.h ioutil.h common.h yaml.h +worker.c.o: worker.h filters.h filters_inc.inc.h filters_worker.inc.h +worker.c.o: filters_common.inc.h ed25519/ed25519.h worker_impl.inc.h +worker.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h +worker.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h ed25519/ref10/fe.h +worker.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/crypto_sign.h +worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/ge25519.h +worker.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/compat.h +worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/crypto_sign.h +worker.c.o: ed25519/amd64-64-24k/ed25519.h ed25519/amd64-64-24k/ge25519.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h +worker.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h +worker.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h +worker.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h +worker.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h +worker.c.o: ed25519/ed25519-donna/modm-donna-64bit.h +worker.c.o: ed25519/ed25519-donna/modm-donna-32bit.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h +worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h +worker.c.o: worker_batch.inc.h worker_batch_pass.inc.h +worker.c.o: ed25519/ed25519_impl_post.h +yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h diff --git a/Makefile.in b/Makefile.in deleted file mode 100644 index 7c8b5db..0000000 --- a/Makefile.in +++ /dev/null @@ -1,422 +0,0 @@ - -CC= @CC@ -CSTD= @CSTD@ -ifeq ($(OS),Windows_NT) - CSTD+= -Wno-pedantic-ms-format -endif -CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @MYDEFS@ -ASFLAGS= -LDFLAGS= @NOPIE@ @LDFLAGS@ -MV= mv - -ED25519_DEFS= -DED25519_ref10 -DED25519_amd64_51_30k -DED25519_amd64_64_24k -DED25519_donna -ED25519_ref10= $(patsubst %.c,%.c.o,$(wildcard ed25519/ref10/*.c)) -ED25519_amd64_51_30k= \ - $(patsubst %.c,%.c.o,$(wildcard ed25519/amd64-51-30k/*.c)) \ - $(patsubst %.s,%.s.o,$(wildcard ed25519/amd64-51-30k/*.s)) -ED25519_amd64_64_24k= \ - $(patsubst %.c,%.c.o,$(wildcard ed25519/amd64-64-24k/*.c)) \ - $(patsubst %.s,%.s.o,$(wildcard ed25519/amd64-64-24k/*.s)) -ED25519_donna= -ED25519OBJ= $(ED25519_@ED25519IMPL@) - -MAINOBJ= \ - main.c.o \ - yaml.c.o \ - vec.c.o \ - cpucount.c.o \ - base32_to.c.o \ - base32_from.c.o \ - base64_to.c.o \ - base64_from.c.o \ - ioutil.c.o \ - $(ED25519OBJ) \ - keccak.c.o - -TEST_BASE64OBJ= \ - test_base64.c.o \ - base64_to.c.o \ - base64_from.c.o - -TEST_BASE32OBJ= \ - test_base32.c.o \ - base32_to.c.o \ - base32_from.c.o - -TEST_BASE16OBJ= \ - test_base16.c.o \ - base16_to.c.o \ - base16_from.c.o - -TEST_ED25519OBJ= \ - test_ed25519.c.o \ - base16_to.c.o \ - base16_from.c.o \ - $(ED25519OBJ) - -ALLO= $(sort \ - $(MAINOBJ) \ - $(TEST_BASE64OBJ) \ - $(TEST_BASE32OBJ) \ - $(TEST_BASE16OBJ) \ - $(TEST_ED25519OBJ) \ - $(ED25519_ref10) \ - $(ED25519_amd64_51_30k) \ - $(ED25519_amd64_64_24k)) -ALLC= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALLO))) -CLEANO= $(filter %.o,$(ALLO)) - -MAINLIB= -lpthread -lsodium @MAINLIB@ -TEST_ED25519LIB= -lsodium - -EXE= mkp224o test_base64 test_base32 test_base16 test_ed25519 - -default: mkp224o - -all: $(EXE) - -mkp224o: $(MAINOBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAINLIB) && $(MV) $@.tmp $@ - -test_base64: $(TEST_BASE64OBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ - -test_base32: $(TEST_BASE32OBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ - -test_base16: $(TEST_BASE16OBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@ - -test_ed25519: $(TEST_ED25519OBJ) - $(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519LIB) && $(MV) $@.tmp $@ - -%.c.o: %.c - $(CC) $(CFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@ - -%.s.o: %.s - $(CC) $(ASFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@ - -clean: - $(RM) $(CLEANO) - $(RM) $(EXE) - -distclean: - $(RM) $(CLEANO) - $(RM) $(EXE) - $(RM) -r autom4te.cache - $(RM) configure config.status config.log - $(RM) Makefile - -depend: - makedepend -Y -fMakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALLC) - -# DO NOT DELETE THIS LINE - -base16_from.c.o: types.h base16.h -base16_to.c.o: types.h base16.h -base32_from.c.o: types.h base32.h -base32_to.c.o: types.h base32.h -base64_from.c.o: types.h base64.h -base64_to.c.o: types.h base64.h -cpucount.c.o: cpucount.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/hram.h -ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data -ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h -ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519_base_niels_smalltables.data -ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/hram.h -ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h -ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/hram.h -ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519_base_niels.data -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/hram.h -ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ge25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/fe25519.h -ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/sc25519.h -ed25519/ref10/fe_0.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_1.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_add.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_cmov.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_copy.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/fe.h -ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_int64.h -ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_uint64.h -ed25519/ref10/fe_invert.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_invert.c.o: ed25519/ref10/pow225521.h -ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/fe.h -ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/fe.h -ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_isnonzero.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/ref10/fe_mul.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_mul.c.o: ed25519/ref10/crypto_int64.h -ed25519/ref10/fe_neg.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/fe.h -ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/pow22523.h -ed25519/ref10/fe_sq.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_sq.c.o: ed25519/ref10/crypto_int64.h -ed25519/ref10/fe_sq2.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_sq2.c.o: ed25519/ref10/crypto_int64.h -ed25519/ref10/fe_sub.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/fe_tobytes.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_add.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_add.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_add.h -ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/base2.h -ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/d.h ed25519/ref10/sqrtm1.h -ed25519/ref10/ge_madd.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_madd.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_madd.c.o: ed25519/ref10/ge_madd.h -ed25519/ref10/ge_msub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_msub.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_msub.c.o: ed25519/ref10/ge_msub.h -ed25519/ref10/ge_p1p1_to_p2.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_p1p1_to_p2.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_p1p1_to_p3.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_p1p1_to_p3.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_p2_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_p2_0.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/ge_p2_dbl.h -ed25519/ref10/ge_p3_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_p3_0.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_p3_dbl.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_p3_dbl.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/d2.h -ed25519/ref10/ge_p3_to_p2.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_p3_to_p2.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_p3_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_p3_tobytes.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_precomp_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_precomp_0.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/crypto_uint32.h -ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/base.h -ed25519/ref10/ge_sub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_sub.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_sub.h -ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/randombytes.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/ref10/keypair.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_int32.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h -ed25519/ref10/open.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/open.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h -ed25519/ref10/sc_muladd.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h -ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint32.h -ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint64.h -ed25519/ref10/sc_reduce.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h -ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint32.h -ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint64.h -ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h -ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/ed25519.h -ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h -ed25519/ref10/sign.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -ed25519/ref10/sign.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h -ioutil.c.o: types.h ioutil.h -keccak.c.o: types.h keccak.h -main.c.o: types.h likely.h vec.h base32.h cpucount.h keccak.h -main.c.o: ed25519/ed25519.h ed25519/ref10/ed25519.h ed25519/ref10/ge.h -main.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h -main.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/ge25519.h -main.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/sc25519.h -main.c.o: ed25519/amd64-64-24k/ed25519.h ed25519/amd64-64-24k/ge25519.h -main.c.o: ed25519/ed25519-donna/ed25519-donna.h -main.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h -main.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h -main.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h -main.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h -main.c.o: ed25519/ed25519-donna/modm-donna-64bit.h -main.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h -main.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h -main.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h -main.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h ioutil.h common.h -main.c.o: yaml.h filters.h -test_base16.c.o: types.h base16.h -test_base32.c.o: types.h base32.h -test_base64.c.o: types.h base64.h -test_ed25519.c.o: types.h base16.h ed25519/ed25519.h ed25519/ref10/ed25519.h -test_ed25519.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h -test_ed25519.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/ed25519.h -test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h -test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h -test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h -test_ed25519.c.o: ed25519/amd64-64-24k/ed25519.h -test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h -test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h -test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h -test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h -test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h -test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h -test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-64bit.h -test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h -test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h -test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h -test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h -vec.c.o: vec.h -yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h diff --git a/OPTIMISATION.txt b/OPTIMISATION.txt index c10e77d..e76e63b 100644 --- a/OPTIMISATION.txt +++ b/OPTIMISATION.txt @@ -1,26 +1,25 @@ This document describes configuration options which may help one to generate onions faster. -First of all, default configuration options are tuned for portability, not performance. +First of all, default configuration options are tuned for portability, and may be a bit suboptimal. User is expected to pick optimal settings depending on hardware mkp224o will run on and ammount of filters. ED25519 implementations: mkp224o includes multiple implementations of ed25519 code, tuned for different processors. -Default is ref10 implementation from SUPERCOP, which is suboptimal in many cases. Implementation is selected at configuration time, when running `./configure` script. If one already configured/compiled code and wants to change options, just re-run `./configure` and also run `make clean` to clear compiled files, if any. +Note that options and CFLAGS/LDFLAGS settings won't carry over from previous configure run, +so you have to include options you've previously configured, if you want them to remain. At the time of writing, these implementations are present: -+----------------+-----------------------+-------------------------------------------------+ -| implementation | enable flag | notes | -|----------------+-----------------------+-------------------------------------------------+ -| ref10 | --enable-ref10 | SUPERCOP' ref10, pure C, very portable, default | -| amd64-51-30k | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, amd64 assembler, | -| | | only works in x86_64 architecture | -| amd64-64-24k | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, amd64 assembler, | -| | | only works in x86_64 architecture | -| ed25519-donna | --enable-donna | portable, based on amd64-51-30k, but C, not asm | -| ed25519-donna | --enable-donna-sse2 | uses SSE2, needs x86 architecture | -+----------------+-----------------------+-------------------------------------------------+ ++----------------+-----------------------+----------------------------------------------------------+ +| implementation | enable flag | notes | +|----------------+-----------------------+----------------------------------------------------------+ +| ref10 | --enable-ref10 | SUPERCOP' ref10, pure C, very portable, previous default | +| amd64-51-30k | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, only works on x86_64 | +| amd64-64-24k | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, only works on x86_64 | +| ed25519-donna | --enable-donna | based on amd64-51-30k, C, portable, current default | +| ed25519-donna | --enable-donna-sse2 | uses SSE2, needs x86 architecture | ++----------------+-----------------------+----------------------------------------------------------+ When to use what: - on 32-bit x86 architecture "--enable-donna" will probably be fastest, but one should try using "--enable-donna-sse2" too @@ -91,6 +90,14 @@ Current options, at the time of writing: and have some random filters which may have different length. +Batch mode: +mkp224o now includes experimental key generation mode which performs certain operations in batches, +and is around 15 times faster than current default. +It is currently experimental, and is activated by -B run-time flag. +Batched element count is configured by --enable-batchnum=number option at configure time, +increasing or decreasing it may make batch mode faster or slower, depending on hardware. + + Benchmarking: It's always good idea to see if your settings give you desired effect. There currently isn't any automated way to benchmark different configuration options, but it's pretty simple to do by hand. diff --git a/README.md b/README.md new file mode 100644 index 0000000..396fe2c --- /dev/null +++ b/README.md @@ -0,0 +1,143 @@ +## mkp224o - vanity address generator for ed25519 onion services + +This tool generates vanity ed25519 (hidden service version 3[^1][^2], +formely known as proposal 224) onion addresses. + +### Requirements for building + +* C99 compatible compiler (gcc and clang should work) +* libsodium (including headers) +* GNU make +* GNU autoconf (to generate configure script, needed only if not using release tarball) +* UNIX-like platform (currently tested in Linux and OpenBSD, but should + also build under cygwin and msys2). + +For debian-like linux distros, this should be enough to prepare for building: + +```bash +apt install gcc libc6-dev libsodium-dev make autoconf +``` + +### Building + +Run `./autogen.sh` to generate a configure script, if there isn't one already. + +Run `./configure` to generate a makefile. +On \*BSD platforms you may need to specify extra include/library paths: +`./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`. + +On AMD64 platforms, you probably also want to pass something like +`--enable-amd64-51-30k` to the configure script invocation for faster key generation; +run `./configure --help` to see all available options. + +Finally, `make` to start building (`gmake` in \*BSD platforms). + +### Usage + +mkp224o needs one or more filters to work. +You may specify them as command line arguments, +eg `./mkp224o test`, or load them from file with `-f` switch. + +It makes directories with secret/public keys and hostnames +for each discovered service. By default, the working directory is the current +directory, but that can be overridden with `-d` switch. + +Use `-s` switch to enable printing of statistics, which may be useful +when benchmarking different ed25519 implementations on your machine. + +Use `-h` switch to obtain all available options. + +I highly recommend reading [OPTIMISATION.txt][OPTIMISATION] for +performance-related tips. + +### FAQ and other useful info + +* How do I generate address? + + Once compiled, run it like `./mkp224o neko`, and it will try creating + keys for onions starting with "neko" in this example; use `./mkp224o + -d nekokeys neko` to not litter current directory and put all + discovered keys in directory named "nekokeys". + +* How do I make tor use generated keys? + + Copy key folder (though technically only `hs_ed25519_secret_key` is required) + to where you want your service keys to reside: + + ```bash + sudo cp -r neko54as6d54....onion /var/lib/tor/nekosvc + ``` + + You may need to adjust ownership and permissions: + + ```bash + sudo chown -R tor: /var/lib/tor/nekosvc + sudo chmod -R u+rwX,og-rwx /var/lib/tor/nekosvc + ``` + + Then edit `torrc` and add new service with that folder.\ + After reload/restart tor should pick it up. + +* How to generate addresses with `0-1` and `8-9` digits? + + Onion addresses use base32 encoding which does not include `0,1,8,9` + numbers.\ + So no, that's not possible to generate these, and mkp224o tries to + detect invalid filters containing them early on. + +* How long is it going to take? + + Because of probablistic nature of brute force key generation, and + varience of hardware it's going to run on, it's hard to make promisses + about how long it's going to take, especially when the most of users + want just a few keys.\ + See [this issue][#27] for very valuable discussion about this.\ + If your machine is powerful enough, 6 character prefix shouldn't take + more than few tens of minutes, if using batch mode (read + [OPTIMISATION.txt][OPTIMISATION]) 7 characters can take hours + to days.\ + No promisses though, it depends on pure luck. + +* Will this work with onionbalance? + + It appears that onionbalance supports loading usual + `hs_ed25519_secret_key` key so it should work. + +* Is there a docker image? + + Yes, if you do not wish to compile mkp224o yourself, you can use + the `ghcr.io/cathugger/mkp224o` image like so: + + ```bash + docker run --rm -it -v $PWD:/keys ghcr.io/cathugger/mkp224o:master -d /keys neko + ``` + +### Acknowledgements & Legal + +To the extent possible under law, the author(s) have dedicated all +copyright and related and neighboring rights to this software to the +public domain worldwide. This software is distributed without any +warranty. +You should have received a copy of the CC0 Public Domain Dedication +along with this software. If not, see [CC0][]. + +* `keccak.c` is based on [Keccak-more-compact.c][keccak.c] +* `ed25519/{ref10,amd64-51-30k,amd64-64-24k}` are adopted from + [SUPERCOP][] +* `ed25519/ed25519-donna` adopted from [ed25519-donna][] +* Idea used in `worker_fast()` is stolen from [horse25519][] +* base64 routines and initial YAML processing work contributed by + Alexander Khristoforov (heios at protonmail dot com) +* Passphrase-based generation code and idea used in `worker_batch()` + contributed by [foobar2019][] + +[OPTIMISATION]: ./OPTIMISATION.txt +[#27]: https://github.com/cathugger/mkp224o/issues/27 +[keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c +[CC0]: https://creativecommons.org/publicdomain/zero/1.0/ +[SUPERCOP]: https://bench.cr.yp.to/supercop.html +[ed25519-donna]: https://github.com/floodyberry/ed25519-donna +[horse25519]: https://github.com/Yawning/horse25519 +[foobar2019]: https://github.com/foobar2019 +[^1]: https://spec.torproject.org/rend-spec/index.html +[^2]: https://gitlab.torproject.org/tpo/core/torspec/-/raw/main/attic/text_formats/rend-spec-v3.txt diff --git a/README.txt b/README.txt deleted file mode 100644 index d2a38ea..0000000 --- a/README.txt +++ /dev/null @@ -1,40 +0,0 @@ -mkp224o - vanity address generator for ed25519 onion services - -This tool generates vanity ed25519 (hidden service version 3, formely known as proposal 224) onion addresses. -For context, see . - -REQUIREMENTS: -C99 compatible compiler, libsodium, GNU make, GNU autoconf, UNIX-like platform (currently tested in Linux and OpenBSD). - -BUILDING: -`./autogen.sh` to generate configure script, if it's not there already. -`./configure` to generate makefile; in *BSD platforms you probably want to use -`./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`. -You probably also want to pass something like "--enable-amd64-51-30k" -or "--enable-donna" to configure script for faster key generation; -run `./configure --help` to see all available options. -Finally, `make` to start building (`gmake` in *BSD platforms). - -USAGE: -Generator needs one of more filters to work. -It makes directory with secret/public keys and hostname -for each discovered service. By default root is current -directory, but that can be overridden with -d switch. -Use -s switch to enable printing of statistics, which may be useful -when benchmarking different ed25519 implementations on your machine. -Use -h switch to obtain all available options. -I highly recommend reading OPTIMISATION.txt for performance-related tips. - -CONTACT: -For bug reports/questions/whatever else, email cathugger at cock dot li. -PGP key, if needed, can be found at . - -ACKNOWLEDGEMENTS & LEGAL: -To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. -You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see . - -keccak.c is based on . -ed25519/{ref10,amd64-51-30k,amd64-64-24k} are adopted from SUPERCOP . -ed25519/ed25519-donna adopted from . -Idea used in main.c' dofastwork() is stolen from . -base64 routines and initial YAML processing work contributed by Alexander Khristoforov . diff --git a/base64.h b/base64.h index 38ae42e..e2d72d8 100644 --- a/base64.h +++ b/base64.h @@ -1,12 +1,12 @@ // converts src[0:slen] to base64 string char *base64_to(char *dst,const u8 *src,size_t slen); // calculates length needed to store data converted to base64 -#define BASE64_TO_LEN(l) (((l + 3 - 1) / 3) * 4) +#define BASE64_TO_LEN(l) ((((l) + 2) / 3) * 4) // converts src string from base64 size_t base64_from(u8 *dst,const char *src,size_t slen); // calculates length needed to store data converted from base64 #define BASE64_FROM_LEN(l) ((l) / 4 * 3) -// validates base32 string and optionally stores length of valid data +// validates base64 string and optionally stores length of valid data // returns 1 if whole string is good, 0 if string contains invalid data int base64_valid(const char *src,size_t *count); // aligns data length to something base64 can represent without padding diff --git a/calcest.c b/calcest.c new file mode 100644 index 0000000..4670598 --- /dev/null +++ b/calcest.c @@ -0,0 +1,48 @@ +#include +#include +#include + +/* + * as per scribblemaniac's explanation: + * t - number of trials + * n - character count + * p - probability + * condition: >=1 matches + * formula: t = log(1-p)/log(1-1/32^n) + * comes from: + * distribution X~Binomial(t, 1/32^n) + * P(X>=1)=p + */ + +const double probs[] = { 0.5, 0.8, 0.9, 0.95, 0.99 }; +const int charcounts[] = { 2, 3, 4, 5, 6, 7, 8, 9, 10 }; + +int main(int argc,char **argv) +{ + // TODO + (void) argc; + (void) argv; + + printf(" |"); + for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { + printf(" %15d%% |",(int)((probs[i]*100)+0.5)); + } + printf("\n"); + + printf("---+"); + for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) { + printf("------------------+"); + } + printf("\n"); + + for (size_t i = 0; i < sizeof(charcounts)/sizeof(charcounts[0]); ++i) { + printf("%2d |",charcounts[i]); + for (size_t j = 0; j < sizeof(probs)/sizeof(probs[0]); ++j) { + double t = log2(1 - probs[j]) / log2(1 - (1 / pow(32,charcounts[i]))); + printf(" %16.0f |",t); + } + printf("\n"); + } + + return 0; +} diff --git a/common.h b/common.h index 23ea257..8910715 100644 --- a/common.h +++ b/common.h @@ -7,10 +7,13 @@ #define PKPREFIX_SIZE (29 + 3) #define SKPREFIX_SIZE (29 + 3) +extern const char * const pkprefix; +extern const char * const skprefix; + #define FORMATTED_PUBLIC_LEN (PKPREFIX_SIZE + PUBLIC_LEN) #define FORMATTED_SECRET_LEN (SKPREFIX_SIZE + SECRET_LEN) -// full onion address, WITHOUT newline +// full onion address, WITHOUT newline or terminating nil char #define ONION_LEN 62 extern pthread_mutex_t fout_mutex; diff --git a/configure.ac b/configure.ac index 21509fe..a2053c8 100644 --- a/configure.ac +++ b/configure.ac @@ -5,9 +5,45 @@ AC_CONFIG_SRCDIR([main.c]) oldcflags="$CFLAGS" AC_PROG_CC +# determine version +ver="" +if test -r "$srcdir/version.txt" +then + ver=`cat "$srcdir/version.txt"` +elif test -d "$srcdir/.git" +then + if git --version >/dev/null 2>&1 + then + # try matching exact tag + ver=`git -C "$srcdir" describe --tags --exact-match 2>/dev/null` + if test -z "$ver" + then + # otherwise obtain full commit ID + ver=`git -C "$srcdir" rev-parse HEAD 2>/dev/null` + if test -n "$ver" + then + ver=git-$ver + fi + fi + if test -n "$ver" + then + if ! git -C "$srcdir" diff --exit-code >/dev/null 2>&1 + then + # add at the end to mark modified version + ver="$ver"'*' + fi + fi + fi +fi + +if test -z "$ver" +then + ver=unknown +fi + # NOTE: this script intentionally doesn't check for small details like posix functions and hard dependencies (libsodium) so you may get errors at compilation -if test "x$oldcflags" != "x$CFLAGS" +if test x"$oldcflags" != x"$CFLAGS" then oldcflags="-O3" CFLAGS="-march=native" @@ -27,41 +63,28 @@ then CFLAGS="$oldcflags" fi -nopie="" +pie="" oldcflags="$CFLAGS" -CFLAGS="-nopie" -AC_MSG_CHECKING([whether CC supports -nopie]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [nopie="-nopie"], - [AC_MSG_RESULT([no])] +CFLAGS="-fPIE -Werror" +AC_MSG_CHECKING([whether CC supports -fPIE]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [pie="-fPIE"], + [AC_MSG_RESULT([no])] ) CFLAGS="$oldcflags" -if test "x$nopie" = "x" -then - oldcflags="$CFLAGS" - CFLAGS="-no-pie" - AC_MSG_CHECKING([whether CC supports -no-pie]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [nopie="-no-pie"], - [AC_MSG_RESULT([no])] - ) - CFLAGS="$oldcflags" -fi - MYDEFS="" MAINLIB="" ed25519impl="" AC_ARG_ENABLE([ref10], [AS_HELP_STRING([--enable-ref10], - [use SUPERCOP ref10 ed25519 implementation @<:@default=yes@:>@])], + [use SUPERCOP ref10 ed25519 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "ref10"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "ref10"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="ref10" ], [] @@ -71,8 +94,8 @@ AC_ARG_ENABLE([amd64-51-30k], [AS_HELP_STRING([--enable-amd64-51-30k], [use SUPERCOP amd64-51-30k ed25519 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_51_30k"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_51_30k"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="amd64_51_30k" ], [] @@ -82,8 +105,8 @@ AC_ARG_ENABLE([amd64-64-24k], [AS_HELP_STRING([--enable-amd64-64-24k], [use SUPERCOP amd64-64-24k ed25519 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_64_24k"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_64_24k"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="amd64_64_24k" ], [] @@ -91,10 +114,10 @@ AC_ARG_ENABLE([amd64-64-24k], AC_ARG_ENABLE([donna], [AS_HELP_STRING([--enable-donna], - [use ed25519-donna implementation @<:@default=no@:>@])], + [use ed25519-donna implementation @<:@default=yes@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="donna" ], [] @@ -104,14 +127,15 @@ AC_ARG_ENABLE([donna-sse2], [AS_HELP_STRING([--enable-donna-sse2], [use ed25519-donna SSE2 implementation @<:@default=no@:>@])], [ - AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna-sse2"], - [AC_ERROR([only one ed25519 implementation can be defined])]) + AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna-sse2"], + [AC_MSG_ERROR(only one ed25519 implementation can be defined)]) ed25519impl="donna-sse2" ], [] ) -AS_IF([test "x$ed25519impl" == "x"],[ed25519impl=ref10]) +# default +AS_IF([test x"$ed25519impl" = x""],[ed25519impl="donna"]) if test "$ed25519impl" = "donna-sse2" then @@ -120,6 +144,8 @@ then CFLAGS="$CFLAGS -msse2" fi + + AC_ARG_ENABLE([intfilter], [AS_HELP_STRING([--enable-intfilter@<:@=(32|64|128|native)@:>@], [use integers of specific size @<:@default=64@:>@ for filtering. faster but limits filter length to: 6 for 32-bit, 12 for 64-bit, 24 for 128-bit @<:@default=no@:>@])], @@ -158,25 +184,55 @@ then MYDEFS="$MYDEFS -DINTFILTER -DIFT='$intfiltertype'" fi +AC_ARG_ENABLE([batchnum], + [AS_HELP_STRING([--enable-batchnum=number], + [number of elements to batch when using -B @<:@default=2048@:>@])], + [], [] +) +if test -n "$enable_batchnum" -a x"$enable_batchnum" != x"no" +then + MYDEFS="$MYDEFS -DBATCHNUM=$enable_batchnum" +fi + cstd="" c99="" oldcflags="$CFLAGS" + CFLAGS="-std=c99" AC_MSG_CHECKING([whether CC supports -std=c99]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [c99="yes"] - [cstd="-std=c99"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [c99="yes"] + [cstd="-std=c99"], + [AC_MSG_RESULT([no])] ) + CFLAGS="$cstd -Wall" AC_MSG_CHECKING([whether CC supports -Wall]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_RESULT([yes])] - [cstd="$cstd -Wall"], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wall"], + [AC_MSG_RESULT([no])] ) -if test "x$c99" = "xyes" -a "x$ed25519impl" != "xdonna" -a "x$enable_intfilter" != "x128" + +CFLAGS="$cstd -Wextra" +AC_MSG_CHECKING([whether CC supports -Wextra]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wextra"], + [AC_MSG_RESULT([no])] +) + +# (negative) detection on clang fails without -Werror +CFLAGS="$cstd -Wno-maybe-uninitialized -Werror" +AC_MSG_CHECKING([whether CC supports -Wno-maybe-uninitialized]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wno-maybe-uninitialized"], + [AC_MSG_RESULT([no])] +) + +if test x"$c99" = x"yes" -a x"$ed25519impl" != x"donna" -a x"$enable_intfilter" != x"128" then CFLAGS="$cstd -pedantic" AC_MSG_CHECKING([whether CC supports -pedantic]) @@ -186,9 +242,20 @@ then [AC_MSG_RESULT([no])] ) fi -if test "x$ed25519impl" = "xdonna" + +CFLAGS="$cstd -Wno-format -Wno-pedantic-ms-format -Werror" +AC_MSG_CHECKING([whether CC supports and needs -Wno-format -Wno-pedantic-ms-format]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#ifndef _WIN32 +#error wants windows +#endif]], [])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wno-format -Wno-pedantic-ms-format"], + [AC_MSG_RESULT([no])] +) + +if test x"$ed25519impl" = x"donna" then - CFLAGS="$cstd -Wno-unused-function" + CFLAGS="$cstd -Wno-unused-function -Werror" AC_MSG_CHECKING([whether CC supports -Wno-unused-function]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], [AC_MSG_RESULT([yes])] @@ -196,6 +263,35 @@ then [AC_MSG_RESULT([no])] ) fi + +if test x"$ed25519impl" = x"amd64_64_24k" +then + CFLAGS="$cstd -Wno-unused-const-variable -Werror" + AC_MSG_CHECKING([whether CC supports -Wno-unused-const-variable]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wno-unused-const-variable"], + [AC_MSG_RESULT([no])] + ) +fi + +CFLAGS="$cstd -Wmissing-prototypes -Werror" +AC_MSG_CHECKING([whether CC supports -Wmissing-prototypes]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wmissing-prototypes"], + [AC_MSG_RESULT([no])] +) + +# XXX AC_LANG_PROGRAM produces unsuitable prototype so this check must be last one +CFLAGS="$cstd -Wstrict-prototypes -Werror" +AC_MSG_CHECKING([whether CC supports -Wstrict-prototypes]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], + [AC_MSG_RESULT([yes])] + [cstd="$cstd -Wstrict-prototypes"], + [AC_MSG_RESULT([no])] +) + CFLAGS="$oldcflags" AC_ARG_ENABLE([binfilterlen], @@ -203,7 +299,7 @@ AC_ARG_ENABLE([binfilterlen], [set binary string filter length (if you don't use intfilter) @<:@default=32@:>@])], [], [enable_binfilterlen=no] ) -if test "x$enable_binfilterlen" != "xyes" -a "x$enable_binfilterlen" != "xno" +if test x"$enable_binfilterlen" != x"yes" -a x"$enable_binfilterlen" != x"no" then MYDEFS="$MYDEFS -DBINFILTERLEN=$enable_binfilterlen" fi @@ -213,7 +309,7 @@ AC_ARG_ENABLE([binsearch], [enable binary search algoritm; MUCH faster if there are a lot of filters @<:@default=no@:>@])], [], [enable_binsearch=no] ) -if test "x$enable_binsearch" = "xyes" +if test x"$enable_binsearch" = x"yes" then MYDEFS="$MYDEFS -DBINSEARCH" fi @@ -223,7 +319,7 @@ AC_ARG_ENABLE([besort], [force intfilter binsearch case to use big endian sorting and not omit masks from filters; useful if your filters aren't of same length @<:@default=no@:>@])], [], [enable_besort=no] ) -if test "x$enable_besort" = "xyes" +if test x"$enable_besort" = x"yes" then MYDEFS="$MYDEFS -DBESORT" fi @@ -233,14 +329,14 @@ AC_ARG_ENABLE([statistics], [collect statistics @<:@default=yes@:>@])], [], [enable_statistics=yes] ) -if test "x$enable_statistics" = "xyes" +if test x"$enable_statistics" = x"yes" then MYDEFS="$MYDEFS -DSTATISTICS" fi -AC_ARG_WITH([pcre2],[AC_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"]) +AC_ARG_WITH([pcre2],[AS_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"]) -AC_ARG_ENABLE([regex],[AC_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no]) +AC_ARG_ENABLE([regex],[AS_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no]) case "$enable_regex" in no|"") ;; @@ -267,7 +363,7 @@ yes|pcre2) fi else AC_MSG_RESULT([not found]) - AC_ERROR([pcre2-config cannot be executed]) + AC_MSG_ERROR(pcre2-config cannot be executed) fi ;; *) @@ -275,9 +371,28 @@ yes|pcre2) ;; esac + +AC_MSG_CHECKING([whether ARGON2ID13 is supported by libsodium]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[int alg = crypto_pwhash_ALG_ARGON2ID13;(void) alg;]] + )], + [AC_MSG_RESULT([yes])] + [MYDEFS="$MYDEFS -DPASSPHRASE"], + [AC_MSG_RESULT([no])] +) + + +# recreate dir tree, because otherwise gcc will fuck up +(cd "$srcdir" && find ed25519 -type d) | xargs mkdir -p + AC_SUBST(CSTD,["$cstd"]) AC_SUBST(ED25519IMPL,["$ed25519impl"]) AC_SUBST(MYDEFS,["$MYDEFS"]) AC_SUBST(MAINLIB,["$MAINLIB"]) -AC_SUBST(NOPIE,["$nopie"]) -AC_OUTPUT(Makefile) +AC_SUBST(PIE,["$pie"]) +AC_SUBST(SRCDIR,["$srcdir"]) +AC_SUBST(VERSION,["$ver"]) +AC_CONFIG_FILES([GNUmakefile]) +AC_OUTPUT diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile new file mode 100644 index 0000000..afbcc41 --- /dev/null +++ b/contrib/docker/Dockerfile @@ -0,0 +1,14 @@ +FROM alpine:latest AS builder +RUN apk add --no-cache gcc libc-dev libsodium-dev libsodium-static make autoconf git +WORKDIR /app +COPY . . +RUN ./autogen.sh +RUN ./configure --enable-amd64-51-30k CFLAGS="-O3 -march=x86-64 -mtune=generic -fomit-frame-pointer" LDFLAGS="-static" +RUN make +RUN strip mkp224o + +FROM scratch +WORKDIR /app +COPY --from=builder /app/mkp224o . + +ENTRYPOINT ["./mkp224o"] diff --git a/contrib/docker/README.md b/contrib/docker/README.md new file mode 100644 index 0000000..1154fe9 --- /dev/null +++ b/contrib/docker/README.md @@ -0,0 +1,7 @@ +# Usage + +## Building Image Locally +`docker build -f contrib/docker/Dockerfile -t mkp224o .` + +## Running Image Locally +`docker run -it -v $(pwd):/root/data mkp224o neko` diff --git a/contrib/release-scripts/.gitignore b/contrib/release-scripts/.gitignore new file mode 100644 index 0000000..1603eac --- /dev/null +++ b/contrib/release-scripts/.gitignore @@ -0,0 +1,2 @@ +/build +/out diff --git a/contrib/release-scripts/README.md b/contrib/release-scripts/README.md new file mode 100644 index 0000000..6ec2370 --- /dev/null +++ b/contrib/release-scripts/README.md @@ -0,0 +1,2 @@ +packages that work on archlinux: +wine-wow64 mingw-w64-toolchain mingw-w64-ldd mingw-w64-pcre2 mingw-w64-libsodium zip zopfli diff --git a/contrib/release-scripts/release.sh b/contrib/release-scripts/release.sh new file mode 100755 index 0000000..caf57f4 --- /dev/null +++ b/contrib/release-scripts/release.sh @@ -0,0 +1,80 @@ +#!/bin/sh +set -eux + +V=$1 + +D=$(realpath "$0") +D=$(dirname "$D") +cd "$D" + +export TZ=UTC + +mkdir -p build + +export WINEARCH=win64 +export WINEPREFIX=$(realpath ./build/winepfx) +OPATH=$PATH + +rm -rf out +mkdir -p out + +# prepare source +SV=mkp224o-$V +SO=$(realpath ./out/$SV) +git clone ../../ "$SO" +git -C ../../ diff | git -C "$SO" apply --allow-empty +cd "$SO" +rm -rf .git +./autogen.sh +rm -rf *.cache +echo v$V > version.txt +cd ../.. + +# build windows bins +B=$(realpath ./build) +for w in x86_64 i686 +do + cd "$B" + rm -rf $w + mkdir $w + cd $w + p=$w-w64-mingw32 + + case $w in + i686) + CFLAGS="-march=i686 -mtune=generic" + W=32 + ;; + x86_64) + CFLAGS="-march=x86-64 -mtune=generic" + W=64 + ;; + esac + CFLAGS="-O3 $CFLAGS -fomit-frame-pointer" + + export PATH=/usr/$p/bin:$OPATH + ../../out/$SV/configure --enable-regex --enable-donna --with-pcre2="/usr/$p/bin/pcre2-config" CC="${p}-gcc" CFLAGS="$CFLAGS" + make main util + $p-strip mkp224o.exe + $p-strip calcest.exe + cd .. + + BO="$SO-w$W" + mkdir -p "$BO" + cp $w/mkp224o.exe "$BO/" + cp $w/calcest.exe "$BO/" + cd "$BO" + $p-ldd mkp224o.exe | grep -v 'not found' | awk '{print $3}' | xargs -r cp -v -t ./ +done +export PATH=$OPATH + +# compress stuff +cd "$D/out" + +tar --portability --no-acls --no-selinux --no-xattrs --owner root:0 --group=root:0 --sort=name -c -f $SV-src.tar $SV +zopfli -i100 -c $SV-src.tar > $SV-src.tar.gz +zstd -19 -f $SV-src.tar -o $SV-src.tar.zst +rm $SV-src.tar + +zip -9 -X -r $SV-w32.zip $SV-w32 +zip -9 -X -r $SV-w64.zip $SV-w64 diff --git a/contrib/release-scripts/sign.sh b/contrib/release-scripts/sign.sh new file mode 100755 index 0000000..2253276 --- /dev/null +++ b/contrib/release-scripts/sign.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +if [ x"$1" = x ] +then + echo "Usage: $0 key-id" >&2 + exit 1 +fi + +D=$(realpath "$0") +D=$(dirname "$D") +cd "$D" + +export TZ=UTC + +cd out + +gpg --detach-sign -u "$1" mkp224o-*-src.tar.gz +gpg --detach-sign -u "$1" mkp224o-*-src.tar.zst +gpg --detach-sign -u "$1" mkp224o-*-w32.zip +gpg --detach-sign -u "$1" mkp224o-*-w64.zip diff --git a/contrib/vagrant/Vagrantfile b/contrib/vagrant/Vagrantfile new file mode 100644 index 0000000..cdda8cb --- /dev/null +++ b/contrib/vagrant/Vagrantfile @@ -0,0 +1,46 @@ + +# set this to choose the starting prefix of the onion name +filter = "prefix" + +Vagrant.configure("2") do |config| + config.vm.box = "debian/bullseye64" + config.vm.provider :libvirt do |libvirt| + libvirt.cpus = 2 + end + config.vm.synced_folder '.', '/vagrant', disabled: true + config.vm.provision :shell, inline: <<-SHELL + set -ex + + sed -i s,http:,https:, /etc/apt/sources.list + apt-get update + apt-get -qy dist-upgrade + apt-get -qy install --no-install-recommends git gcc libc-dev libsodium-dev make autoconf htop screen +SHELL + + config.vm.provision :shell, privileged: false, inline: <<-SHELL + git clone https://github.com/cathugger/mkp224o.git /home/vagrant/mkp224o +SHELL + + # disable internet access + config.vm.provision "shell", + run: "always", + inline: "ip route del default || true" + + # disable root + config.vm.provision "shell", inline: "passwd --lock root" + config.vm.provision "shell", inline: "SUDO_FORCE_REMOVE=yes dpkg --purge sudo" + + config.vm.provision :shell, privileged: false, inline: <<-SHELL + set -ex + + cd mkp224o + ./autogen.sh + ./configure + make + ./mkp224o -h + + mkdir ~/#{filter} + cd ~/#{filter} + screen -d -m -L -Logfile #{filter}.log -S run-#{filter} nice ~/mkp224o/mkp224o -S 300 #{filter} +SHELL +end diff --git a/cpucount.c b/cpucount.c index 32f32ff..74ed782 100644 --- a/cpucount.c +++ b/cpucount.c @@ -124,6 +124,7 @@ int cpucount(void) #endif #ifdef __linux__ // try parsing /proc/cpuinfo + // NOTE seems cygwin can provide this too, idk if need tho ncpu = parsecpuinfo(); if (ncpu > 0) return ncpu; diff --git a/ed25519/amd64-51-30k/batch.c b/ed25519/amd64-51-30k/batch.c deleted file mode 100644 index 955392e..0000000 --- a/ed25519/amd64-51-30k/batch.c +++ /dev/null @@ -1,94 +0,0 @@ -#include "crypto_sign.h" - -#include "crypto_verify_32.h" -#include "crypto_hash_sha512.h" -#include "randombytes.h" - -#include "ge25519.h" -#include "hram.h" - -#define MAXBATCH 64 - -int crypto_sign_open_batch( - unsigned char* const m[],unsigned long long mlen[], - unsigned char* const sm[],const unsigned long long smlen[], - unsigned char* const pk[], - unsigned long long num - ) -{ - int ret = 0; - unsigned long long i, j; - shortsc25519 r[MAXBATCH]; - sc25519 scalars[2*MAXBATCH+1]; - ge25519 points[2*MAXBATCH+1]; - unsigned char hram[crypto_hash_sha512_BYTES]; - unsigned long long batchsize; - - for (i = 0;i < num;++i) mlen[i] = -1; - - while (num >= 3) { - batchsize = num; - if (batchsize > MAXBATCH) batchsize = MAXBATCH; - - for (i = 0;i < batchsize;++i) - if (smlen[i] < 64) goto fallback; - - randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize); - - /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */ - for(i=0;itt0=int64#1 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>tt0=%rdi -movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdi +# qhasm: tt0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=int64#1 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=%rdi +movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdi -# qhasm: tt1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=int64#4 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=%rcx -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx +# qhasm: tt1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=int64#4 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=%rcx +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx -# qhasm: tt2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=int64#5 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=%r8 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8 +# qhasm: tt2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=int64#5 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=%r8 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8 -# qhasm: tt3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=int64#10 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=%r12 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12 +# qhasm: tt3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=int64#10 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=%r12 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12 -# qhasm: tt4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=int64#11 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=%r13 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r13 +# qhasm: tt4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=int64#11 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=%r13 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r13 # qhasm: tt0 -= tt2d0 # asm 1: sub +#include "compat.h" -typedef struct +#define fe25519 CRYPTO_NAMESPACE(batch_fe25519) +#define fe25519_freeze CRYPTO_NAMESPACE(batch_fe25519_freeze) +#define fe25519_unpack CRYPTO_NAMESPACE(batch_fe25519_unpack) +#define fe25519_pack CRYPTO_NAMESPACE(batch_fe25519_pack) +#define fe25519_iszero_vartime CRYPTO_NAMESPACE(batch_fe25519_iszero_vartime) +#define fe25519_iseq_vartime CRYPTO_NAMESPACE(batch_fe25519_iseq_vartime) +#define fe25519_cmov CRYPTO_NAMESPACE(batch_fe25519_cmov) +#define fe25519_setint CRYPTO_NAMESPACE(batch_fe25519_setint) +#define fe25519_neg CRYPTO_NAMESPACE(batch_fe25519_neg) +#define fe25519_getparity CRYPTO_NAMESPACE(batch_fe25519_getparity) +#define fe25519_add CRYPTO_NAMESPACE(batch_fe25519_add) +#define fe25519_sub CRYPTO_NAMESPACE(batch_fe25519_sub) +#define fe25519_mul CRYPTO_NAMESPACE(batch_fe25519_mul) +#define fe25519_square CRYPTO_NAMESPACE(batch_fe25519_square) +#define fe25519_nsquare CRYPTO_NAMESPACE(batch_fe25519_nsquare) +#define fe25519_invert CRYPTO_NAMESPACE(batch_fe25519_invert) +#define fe25519_batchinvert CRYPTO_NAMESPACE(batch_fe25519_batchinvert) +#define fe25519_pow2523 CRYPTO_NAMESPACE(batch_fe25519_pow2523) + +typedef struct { - unsigned long long v[5]; + unsigned long long v[5]; } fe25519; -void fe25519_freeze(fe25519 *r); +void fe25519_freeze(fe25519 *r) SYSVABI; void fe25519_unpack(fe25519 *r, const unsigned char x[32]); @@ -50,16 +53,16 @@ void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_mul121666(fe25519 *r, const fe25519 *x); +void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI; -void fe25519_square(fe25519 *r, const fe25519 *x); - -void fe25519_nsquare(fe25519 *r, unsigned long long n); +void fe25519_nsquare(fe25519 *r, unsigned long long n) SYSVABI; void fe25519_invert(fe25519 *r, const fe25519 *x); +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset); + void fe25519_pow2523(fe25519 *r, const fe25519 *x); #endif diff --git a/ed25519/amd64-51-30k/fe25519_batchinvert.c b/ed25519/amd64-51-30k/fe25519_batchinvert.c new file mode 100644 index 0000000..d6a66d1 --- /dev/null +++ b/ed25519/amd64-51-30k/fe25519_batchinvert.c @@ -0,0 +1,34 @@ +#include "fe25519.h" + +// tmp MUST != out or in +// in MAY == out +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset) +{ + fe25519 acc; + fe25519 tmpacc; + size_t i; + const fe25519 *inp; + fe25519 *outp; + + fe25519_setint(&acc,1); + + inp = in; + for (i = 0;i < num;++i) { + tmp[i] = acc; + fe25519_mul(&acc,&acc,inp); + inp = (const fe25519 *)((const char *)inp + offset); + } + + fe25519_invert(&acc,&acc); + + i = num; + inp = (const fe25519 *)((const char *)in + offset * num); + outp = (fe25519 *)((char *)out + offset * num); + while (i--) { + inp = (const fe25519 *)((const char *)inp - offset); + outp = (fe25519 *)((char *)outp - offset); + fe25519_mul(&tmpacc,&acc,inp); + fe25519_mul(outp,&acc,&tmp[i]); + acc = tmpacc; + } +} diff --git a/ed25519/amd64-51-30k/fe25519_freeze.s b/ed25519/amd64-51-30k/fe25519_freeze.S similarity index 94% rename from ed25519/amd64-51-30k/fe25519_freeze.s rename to ed25519/amd64-51-30k/fe25519_freeze.S index 5cd0b1d..0435525 100644 --- a/ed25519/amd64-51-30k/fe25519_freeze.s +++ b/ed25519/amd64-51-30k/fe25519_freeze.S @@ -63,13 +63,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze +# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_freeze) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze -.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze -_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze: -crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze: +.globl _CRYPTO_NAMESPACE(batch_fe25519_freeze) +.globl CRYPTO_NAMESPACE(batch_fe25519_freeze) +_CRYPTO_NAMESPACE(batch_fe25519_freeze): +CRYPTO_NAMESPACE(batch_fe25519_freeze): mov %rsp,%r11 and $31,%r11 add $64,%r11 @@ -135,10 +135,10 @@ movq 24(%rdi),%r8 # asm 2: movq 32(r4=%r9 movq 32(%rdi),%r9 -# qhasm: two51minus1 = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=%rax -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rax +# qhasm: two51minus1 = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=%rax +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rax # qhasm: two51minus19 = two51minus1 # asm 1: mov two51minus19=int64#8 diff --git a/ed25519/amd64-51-30k/fe25519_mul.s b/ed25519/amd64-51-30k/fe25519_mul.S similarity index 97% rename from ed25519/amd64-51-30k/fe25519_mul.s rename to ed25519/amd64-51-30k/fe25519_mul.S index 9d6c537..cbcdbe9 100644 --- a/ed25519/amd64-51-30k/fe25519_mul.s +++ b/ed25519/amd64-51-30k/fe25519_mul.S @@ -97,13 +97,13 @@ # qhasm: stack64 mulx419_stack -# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul +# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_mul) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul -.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul -_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul: -crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul: +.globl _CRYPTO_NAMESPACE(batch_fe25519_mul) +.globl CRYPTO_NAMESPACE(batch_fe25519_mul) +_CRYPTO_NAMESPACE(batch_fe25519_mul): +CRYPTO_NAMESPACE(batch_fe25519_mul): mov %rsp,%r11 and $31,%r11 add $96,%r11 @@ -689,10 +689,10 @@ add %rax,%r14 # asm 2: adc mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.r0) << 13 # asm 1: shld $13,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.r0) << 13 # asm 1: shld $13,squareredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: squarer01 = (squarer01.r0) << 13 # asm 1: shld $13,b0=%r11 mov %rdx,%r11 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,x0=int64#10 @@ -354,10 +354,10 @@ sub %r12,%rdx # asm 2: mov b1=%r12 mov %r8,%r12 -# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x1=int64#11 @@ -379,10 +379,10 @@ sub %r13,%r8 # asm 2: mov b2=%r13 mov %r9,%r13 -# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x2=int64#12 @@ -404,10 +404,10 @@ sub %r14,%r9 # asm 2: mov b3=%r14 mov %rax,%r14 -# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x3=int64#13 @@ -429,10 +429,10 @@ sub %r15,%rax # asm 2: mov b4=%r15 mov %r10,%r15 -# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,x4=int64#14 @@ -529,10 +529,10 @@ movq 72(%rcx),%r10 # asm 2: mov t20=%r11 mov %rdx,%r11 -# qhasm: t10 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,rx0=int64#10 @@ -554,10 +554,10 @@ sub %r12,%rdx # asm 2: mov t21=%r12 mov %r8,%r12 -# qhasm: t11 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx1=int64#11 @@ -579,10 +579,10 @@ sub %r13,%r8 # asm 2: mov t22=%r13 mov %r9,%r13 -# qhasm: t12 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx2=int64#12 @@ -604,10 +604,10 @@ sub %r14,%r9 # asm 2: mov t23=%r14 mov %rax,%r14 -# qhasm: t13 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx3=int64#13 @@ -629,10 +629,10 @@ sub %r15,%rax # asm 2: mov t24=%r15 mov %r10,%r15 -# qhasm: t14 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,rx4=int64#14 @@ -1234,10 +1234,10 @@ add %rax,%r14 # asm 2: adc mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,ry4=%r15 mov %r12,%r15 -# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,mulx319_stack=96(%rsp) movq %rax,96(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: c0 = mulrax # asm 1: mov c0=int64#5 @@ -3117,8 +3117,8 @@ imulq $19,%rdx,%rax # asm 2: movq mulx419_stack=104(%rsp) movq %rax,104(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: c1 = mulrax # asm 1: mov c1=int64#8 @@ -3171,8 +3171,8 @@ mov %rdx,%r11 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: c2 = mulrax # asm 1: mov c2=int64#10 @@ -3189,8 +3189,8 @@ mov %rdx,%r13 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: c3 = mulrax # asm 1: mov c3=int64#12 @@ -3207,8 +3207,8 @@ mov %rdx,%r15 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: c4 = mulrax # asm 1: mov c4=int64#14 @@ -3225,8 +3225,8 @@ mov %rdx,%rbp # asm 2: movq mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c0 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 88(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? c4 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? c1 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? c2 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? c3 += mulrax # asm 1: add mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,rz4=%r13 mov %r10,%r13 -# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,z, &in->z, tmp, num, sizeof(ge25519_p3)); + + for (size_t i = 0; i < num; ++i) { + fe25519_mul(&ty, &in[i].y, &in[i].z); + fe25519_pack(out[i], &ty); + } +} + +void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf) +{ + fe25519 tx; + // z of unfinished is inverted + fe25519_mul(&tx, &unf->x, &unf->z); + out[31] ^= fe25519_getparity(&tx) << 7; +} diff --git a/ed25519/amd64-51-30k/ge25519_dbl_p1p1.s b/ed25519/amd64-51-30k/ge25519_dbl_p1p1.S similarity index 93% rename from ed25519/amd64-51-30k/ge25519_dbl_p1p1.s rename to ed25519/amd64-51-30k/ge25519_dbl_p1p1.S index 07c7d6e..609203e 100644 --- a/ed25519/amd64-51-30k/ge25519_dbl_p1p1.s +++ b/ed25519/amd64-51-30k/ge25519_dbl_p1p1.S @@ -241,13 +241,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1 +# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1 -.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1 -_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1: -crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1: +.globl _CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1) +.globl CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1) +_CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1): +CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1): mov %rsp,%r11 and $31,%r11 add $224,%r11 @@ -648,10 +648,10 @@ add %rax,%r13 # asm 2: adc squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.a0) << 13 # asm 1: shld $13,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.b0) << 13 # asm 1: shld $13,squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.c0) << 13 # asm 1: shld $13,c4_stack=168(%rsp) movq %r11,168(%rsp) -# qhasm: d0 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx +# qhasm: d0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>d0=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>d0=%rdx +movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx -# qhasm: d1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=int64#4 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=%rcx -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx +# qhasm: d1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=int64#4 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=%rcx +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx -# qhasm: d2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=int64#5 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=%r8 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8 +# qhasm: d2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=int64#5 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=%r8 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8 -# qhasm: d3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=int64#6 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=%r9 -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9 +# qhasm: d3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=int64#6 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=%r9 +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9 -# qhasm: d4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234 -# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=%rax -movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax +# qhasm: d4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234) +# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=%rax +movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax # qhasm: e0 = d0 # asm 1: mov e0=int64#8 @@ -2263,30 +2263,30 @@ movq %r13,64(%rdi) # asm 2: movq squareredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: squarer01 = (squarer01.rx0) << 13 # asm 1: shld $13,b4=%r14 mov %rax,%r14 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.e0) << 13 # asm 1: shld $13,h4=%r14 mov %r11,%r14 -# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,g4=%rbp mov %r12,%rbp -# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.ry0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,b4=%r15 mov %r10,%r15 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.e0) << 13 # asm 1: shld $13,h4=%r15 mov %r12,%r15 -# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,g4=%rbp mov %rsi,%rbp -# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.ry0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.ry0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.x0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.y0) << 13 # asm 1: shld $13,ysubx4=%r14 mov %r11,%r14 -# qhasm: ysubx0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,x0=int64#13 @@ -2403,10 +2403,10 @@ add %rax,%r13 # asm 2: adc mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rz0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.t0) << 13 # asm 1: shld $13,mulx319_stack=96(%rsp) movq %rax,96(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: t2d0 = mulrax # asm 1: mov t2d0=int64#2 @@ -3411,8 +3411,8 @@ imulq $19,%rdx,%rax # asm 2: movq mulx419_stack=104(%rsp) movq %rax,104(%rsp) -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: t2d1 = mulrax # asm 1: mov t2d1=int64#5 @@ -3465,8 +3465,8 @@ mov %rdx,%r9 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: t2d2 = mulrax # asm 1: mov t2d2=int64#8 @@ -3483,8 +3483,8 @@ mov %rdx,%r11 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: t2d3 = mulrax # asm 1: mov t2d3=int64#10 @@ -3501,8 +3501,8 @@ mov %rdx,%r13 # asm 2: movq mulrax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: t2d4 = mulrax # asm 1: mov t2d4=int64#12 @@ -3519,8 +3519,8 @@ mov %rdx,%r15 # asm 2: movq mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulrax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulrax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d0 += mulrax # asm 1: add mulrax=%rax imulq $19,%rdx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulrax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1) +mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 96(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 88(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0) +mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip) # qhasm: carry? t2d4 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2) +mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip) # qhasm: carry? t2d1 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3) +mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip) # qhasm: carry? t2d2 += mulrax # asm 1: add mulrax=%rax movq 104(%rsp),%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4) +mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip) # qhasm: carry? t2d3 += mulrax # asm 1: add mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.t2d0) << 13 # asm 1: shld $13,b4=%r15 mov %r10,%r15 -# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.a0) << 13 # asm 1: shld $13,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.rx0) << 13 # asm 1: shld $13,ry4=%r15 mov %r12,%r15 -# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,mulredmask=int64#3 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx # qhasm: mulr01 = (mulr01.c0) << 13 # asm 1: shld $13,mulredmask=int64#2 -# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi -movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi +# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51) +# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2 +# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi +movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi # qhasm: mulr01 = (mulr01.rt0) << 13 # asm 1: shld $13,rz4=%r13 mov %r10,%r13 -# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0 -# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,t3=%r14 mov %rsi,%r14 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: q23 = rax # asm 1: mov q23=int64#10 @@ -202,8 +202,8 @@ mov %rdx,%r13 # asm 2: movq 24(rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: q24 = rax # asm 1: mov q24=int64#12 @@ -225,8 +225,8 @@ adc %rdx,%r8 # asm 2: movq 32(rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1 -mulq crypto_sign_ed25519_amd64_64_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1) +mulq CRYPTO_NAMESPACE(batch_MU1)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0 -mulq crypto_sign_ed25519_amd64_64_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0) +mulq CRYPTO_NAMESPACE(batch_MU0)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1 -mulq crypto_sign_ed25519_amd64_64_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1) +mulq CRYPTO_NAMESPACE(batch_MU1)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0 -mulq crypto_sign_ed25519_amd64_64_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0) +mulq CRYPTO_NAMESPACE(batch_MU0)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1 -mulq crypto_sign_ed25519_amd64_64_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1) +mulq CRYPTO_NAMESPACE(batch_MU1)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2 -mulq crypto_sign_ed25519_amd64_64_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2) +mulq CRYPTO_NAMESPACE(batch_MU2)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3 -mulq crypto_sign_ed25519_amd64_64_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3) +mulq CRYPTO_NAMESPACE(batch_MU3)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4 -mulq crypto_sign_ed25519_amd64_64_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4) +mulq CRYPTO_NAMESPACE(batch_MU4)(%rip) # qhasm: carry? q33 += rax # asm 1: add rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: r20 = rax # asm 1: mov r20=int64#5 @@ -761,8 +761,8 @@ mov %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 -mulq crypto_sign_ed25519_amd64_64_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) +mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip) # qhasm: r21 = rax # asm 1: mov r21=int64#8 @@ -789,8 +789,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 -mulq crypto_sign_ed25519_amd64_64_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) +mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip) # qhasm: r22 = rax # asm 1: mov r22=int64#9 @@ -817,8 +817,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3 -mulq crypto_sign_ed25519_amd64_64_ORDER3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3) +mulq CRYPTO_NAMESPACE(batch_ORDER3)(%rip) # qhasm: free rdx @@ -837,8 +837,8 @@ add %r9,%r12 # asm 2: movq rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: carry? r21 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 -mulq crypto_sign_ed25519_amd64_64_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) +mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 -mulq crypto_sign_ed25519_amd64_64_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) +mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip) # qhasm: free rdx @@ -913,8 +913,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 -mulq crypto_sign_ed25519_amd64_64_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) +mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip) # qhasm: free rdx @@ -956,8 +956,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -mulq crypto_sign_ed25519_amd64_64_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0) +mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip) # qhasm: free rdx @@ -1026,25 +1026,25 @@ sbb %r12,%rsi # asm 2: mov t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,= 3) { - batchsize = num; - if (batchsize > MAXBATCH) batchsize = MAXBATCH; - - for (i = 0;i < batchsize;++i) - if (smlen[i] < 64) goto fallback; - - randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize); - - /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */ - for(i=0;i +#include "compat.h" -typedef struct +#define fe25519 CRYPTO_NAMESPACE(fe25519) +#define fe25519_freeze CRYPTO_NAMESPACE(fe25519_freeze) +#define fe25519_unpack CRYPTO_NAMESPACE(fe25519_unpack) +#define fe25519_pack CRYPTO_NAMESPACE(fe25519_pack) +#define fe25519_iszero_vartime CRYPTO_NAMESPACE(fe25519_iszero_vartime) +#define fe25519_iseq_vartime CRYPTO_NAMESPACE(fe25519_iseq_vartime) +#define fe25519_cmov CRYPTO_NAMESPACE(fe25519_cmov) +#define fe25519_setint CRYPTO_NAMESPACE(fe25519_setint) +#define fe25519_neg CRYPTO_NAMESPACE(fe25519_neg) +#define fe25519_getparity CRYPTO_NAMESPACE(fe25519_getparity) +#define fe25519_add CRYPTO_NAMESPACE(fe25519_add) +#define fe25519_sub CRYPTO_NAMESPACE(fe25519_sub) +#define fe25519_mul CRYPTO_NAMESPACE(fe25519_mul) +#define fe25519_square CRYPTO_NAMESPACE(fe25519_square) +#define fe25519_invert CRYPTO_NAMESPACE(fe25519_invert) +#define fe25519_batchinvert CRYPTO_NAMESPACE(fe25519_batchinvert) +#define fe25519_pow2523 CRYPTO_NAMESPACE(fe25519_pow2523) + +typedef struct { - unsigned long long v[4]; + unsigned long long v[4]; } fe25519; -void fe25519_freeze(fe25519 *r); +void fe25519_freeze(fe25519 *r) SYSVABI; void fe25519_unpack(fe25519 *r, const unsigned char x[32]); @@ -45,20 +48,20 @@ int fe25519_iszero_vartime(const fe25519 *x); int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI; -void fe25519_mul121666(fe25519 *r, const fe25519 *x); - -void fe25519_square(fe25519 *r, const fe25519 *x); +void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI; void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e); void fe25519_invert(fe25519 *r, const fe25519 *x); +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset); + void fe25519_pow2523(fe25519 *r, const fe25519 *x); #endif diff --git a/ed25519/amd64-64-24k/fe25519_add.s b/ed25519/amd64-64-24k/fe25519_add.S similarity index 94% rename from ed25519/amd64-64-24k/fe25519_add.s rename to ed25519/amd64-64-24k/fe25519_add.S index b2e5625..de57080 100644 --- a/ed25519/amd64-64-24k/fe25519_add.s +++ b/ed25519/amd64-64-24k/fe25519_add.S @@ -65,13 +65,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_add +# qhasm: enter CRYPTO_NAMESPACE(fe25519_add) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_fe25519_add -.globl crypto_sign_ed25519_amd64_64_fe25519_add -_crypto_sign_ed25519_amd64_64_fe25519_add: -crypto_sign_ed25519_amd64_64_fe25519_add: +.globl _CRYPTO_NAMESPACE(fe25519_add) +.globl CRYPTO_NAMESPACE(fe25519_add) +_CRYPTO_NAMESPACE(fe25519_add): +CRYPTO_NAMESPACE(fe25519_add): mov %rsp,%r11 and $31,%r11 add $0,%r11 diff --git a/ed25519/amd64-64-24k/fe25519_batchinvert.c b/ed25519/amd64-64-24k/fe25519_batchinvert.c new file mode 100644 index 0000000..d6a66d1 --- /dev/null +++ b/ed25519/amd64-64-24k/fe25519_batchinvert.c @@ -0,0 +1,34 @@ +#include "fe25519.h" + +// tmp MUST != out or in +// in MAY == out +void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset) +{ + fe25519 acc; + fe25519 tmpacc; + size_t i; + const fe25519 *inp; + fe25519 *outp; + + fe25519_setint(&acc,1); + + inp = in; + for (i = 0;i < num;++i) { + tmp[i] = acc; + fe25519_mul(&acc,&acc,inp); + inp = (const fe25519 *)((const char *)inp + offset); + } + + fe25519_invert(&acc,&acc); + + i = num; + inp = (const fe25519 *)((const char *)in + offset * num); + outp = (fe25519 *)((char *)out + offset * num); + while (i--) { + inp = (const fe25519 *)((const char *)inp - offset); + outp = (fe25519 *)((char *)outp - offset); + fe25519_mul(&tmpacc,&acc,inp); + fe25519_mul(outp,&acc,&tmp[i]); + acc = tmpacc; + } +} diff --git a/ed25519/amd64-64-24k/fe25519_freeze.s b/ed25519/amd64-64-24k/fe25519_freeze.S similarity index 96% rename from ed25519/amd64-64-24k/fe25519_freeze.s rename to ed25519/amd64-64-24k/fe25519_freeze.S index dea2902..f0f15be 100644 --- a/ed25519/amd64-64-24k/fe25519_freeze.s +++ b/ed25519/amd64-64-24k/fe25519_freeze.S @@ -63,13 +63,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_freeze +# qhasm: enter CRYPTO_NAMESPACE(fe25519_freeze) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_fe25519_freeze -.globl crypto_sign_ed25519_amd64_64_fe25519_freeze -_crypto_sign_ed25519_amd64_64_fe25519_freeze: -crypto_sign_ed25519_amd64_64_fe25519_freeze: +.globl _CRYPTO_NAMESPACE(fe25519_freeze) +.globl CRYPTO_NAMESPACE(fe25519_freeze) +_CRYPTO_NAMESPACE(fe25519_freeze): +CRYPTO_NAMESPACE(fe25519_freeze): mov %rsp,%r11 and $31,%r11 add $64,%r11 diff --git a/ed25519/amd64-64-24k/fe25519_mul.s b/ed25519/amd64-64-24k/fe25519_mul.S similarity index 96% rename from ed25519/amd64-64-24k/fe25519_mul.s rename to ed25519/amd64-64-24k/fe25519_mul.S index 7e24518..5c67c9f 100644 --- a/ed25519/amd64-64-24k/fe25519_mul.s +++ b/ed25519/amd64-64-24k/fe25519_mul.S @@ -89,13 +89,13 @@ # qhasm: int64 muli38 -# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_mul +# qhasm: enter CRYPTO_NAMESPACE(fe25519_mul) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_fe25519_mul -.globl crypto_sign_ed25519_amd64_64_fe25519_mul -_crypto_sign_ed25519_amd64_64_fe25519_mul: -crypto_sign_ed25519_amd64_64_fe25519_mul: +.globl _CRYPTO_NAMESPACE(fe25519_mul) +.globl CRYPTO_NAMESPACE(fe25519_mul) +_CRYPTO_NAMESPACE(fe25519_mul): +CRYPTO_NAMESPACE(fe25519_mul): mov %rsp,%r11 and $31,%r11 add $64,%r11 @@ -651,8 +651,8 @@ adc %rdx,%r11 # asm 2: mov mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -669,8 +669,8 @@ mov %r9,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#2 @@ -443,8 +443,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r11 mov %rdx,%r11 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1225,8 +1225,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1907,8 +1907,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -2759,8 +2759,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulx0=%r12 movq 56(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul c1=%r14 mov %rdx,%r14 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx0 # asm 1: mul mulx1=%r12 movq 64(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx1 # asm 1: mul mulx2=%r12 movq 72(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx2 # asm 1: mul mulx3=%r12 movq 80(%rsp),%r12 -# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0 -# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D0,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0) +# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D1,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1) +# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D2,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2) +# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=int64#7 -# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax -movq crypto_sign_ed25519_amd64_64_EC2D3,%rax +# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3) +# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7 +# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax +movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax # qhasm: (uint128) mulrdx mulrax = mulrax * mulx3 # asm 1: mul mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -3441,8 +3441,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -4123,8 +4123,8 @@ mov %r9,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add z, &in->z, tmp, num, sizeof(ge25519_p3)); + + for (size_t i = 0; i < num; ++i) { + fe25519_mul(&ty, &in[i].y, &in[i].z); + fe25519_pack(out[i], &ty); + } +} + +void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf) +{ + fe25519 tx; + // z of unfinished is inverted + fe25519_mul(&tx, &unf->x, &unf->z); + out[31] ^= fe25519_getparity(&tx) << 7; +} diff --git a/ed25519/amd64-64-24k/ge25519_dbl_p1p1.s b/ed25519/amd64-64-24k/ge25519_dbl_p1p1.S similarity index 98% rename from ed25519/amd64-64-24k/ge25519_dbl_p1p1.s rename to ed25519/amd64-64-24k/ge25519_dbl_p1p1.S index 7909a98..f6b7d22 100644 --- a/ed25519/amd64-64-24k/ge25519_dbl_p1p1.s +++ b/ed25519/amd64-64-24k/ge25519_dbl_p1p1.S @@ -233,13 +233,13 @@ # qhasm: stack64 caller7_stack -# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1 +# qhasm: enter CRYPTO_NAMESPACE(ge25519_dbl_p1p1) .text .p2align 5 -.globl _crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1 -.globl crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1 -_crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1: -crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1: +.globl _CRYPTO_NAMESPACE(ge25519_dbl_p1p1) +.globl CRYPTO_NAMESPACE(ge25519_dbl_p1p1) +_CRYPTO_NAMESPACE(ge25519_dbl_p1p1): +CRYPTO_NAMESPACE(ge25519_dbl_p1p1): mov %rsp,%r11 and $31,%r11 add $192,%r11 @@ -575,8 +575,8 @@ adc %rdx,%rcx # asm 2: mov squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#9 @@ -593,8 +593,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r12 mov %rdx,%r12 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#9 @@ -1060,8 +1060,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r12 mov %rdx,%r12 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add squarerax=%rax mov %r11,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#9 @@ -1527,8 +1527,8 @@ mov %r12,%rax # asm 2: mov squarer5=%r12 mov %rdx,%r12 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add squarerax=%rax mov %r10,%rax -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: squarer4 = squarerax # asm 1: mov squarer4=int64#8 @@ -2649,8 +2649,8 @@ mov %r11,%rax # asm 2: mov squarer5=%r11 mov %rdx,%r11 -# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? squarer5 += squarerax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1078,8 +1078,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1760,8 +1760,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -2612,8 +2612,8 @@ mov %r8,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -3549,8 +3549,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -4231,8 +4231,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -4913,8 +4913,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rsi,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -5595,8 +5595,8 @@ mov %rcx,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1087,8 +1087,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1769,8 +1769,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -2621,8 +2621,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -676,8 +676,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1358,8 +1358,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -2040,8 +2040,8 @@ mov %r8,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -684,8 +684,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -1366,8 +1366,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#4 @@ -2048,8 +2048,8 @@ mov %r8,%rax # asm 2: mov mulr5=%r8 mov %rdx,%r8 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %rcx,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -2730,8 +2730,8 @@ mov %r8,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1015,8 +1015,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -1697,8 +1697,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#5 @@ -2549,8 +2549,8 @@ mov %r9,%rax # asm 2: mov mulr5=%r9 mov %rdx,%r9 -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add mulrax=%rax mov %r8,%rax -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: mulr4 = mulrax # asm 1: mov mulr4=int64#2 @@ -3231,8 +3231,8 @@ mov %r9,%rax # asm 2: mov mulr5=%rcx mov %rdx,%rcx -# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38 -mulq crypto_sign_ed25519_amd64_64_38 +# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38) +mulq CRYPTO_NAMESPACE(38)(%rip) # qhasm: carry? mulr5 += mulrax # asm 1: add t3=%r14 mov %rsi,%r14 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: q23 = rax # asm 1: mov q23=int64#10 @@ -202,8 +202,8 @@ mov %rdx,%r13 # asm 2: movq 24(rax=%rax movq 24(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: q24 = rax # asm 1: mov q24=int64#12 @@ -225,8 +225,8 @@ adc %rdx,%r8 # asm 2: movq 32(rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 32(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1) +mulq CRYPTO_NAMESPACE(MU1)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 40(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0) +mulq CRYPTO_NAMESPACE(MU0)(%rip) # qhasm: carry? q23 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1) +mulq CRYPTO_NAMESPACE(MU1)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 48(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0) +mulq CRYPTO_NAMESPACE(MU0)(%rip) # qhasm: carry? q24 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1) +mulq CRYPTO_NAMESPACE(MU1)(%rip) # qhasm: carry? q30 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2) +mulq CRYPTO_NAMESPACE(MU2)(%rip) # qhasm: carry? q31 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3) +mulq CRYPTO_NAMESPACE(MU3)(%rip) # qhasm: carry? q32 += rax # asm 1: add rax=%rax movq 56(%rsi),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4 -mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4) +mulq CRYPTO_NAMESPACE(MU4)(%rip) # qhasm: carry? q33 += rax # asm 1: add rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: r20 = rax # asm 1: mov r20=int64#5 @@ -761,8 +761,8 @@ mov %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) +mulq CRYPTO_NAMESPACE(ORDER1)(%rip) # qhasm: r21 = rax # asm 1: mov r21=int64#8 @@ -789,8 +789,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) +mulq CRYPTO_NAMESPACE(ORDER2)(%rip) # qhasm: r22 = rax # asm 1: mov r22=int64#9 @@ -817,8 +817,8 @@ adc %rdx,%r9 # asm 2: movq rax=%rax movq 56(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER3) +mulq CRYPTO_NAMESPACE(ORDER3)(%rip) # qhasm: free rdx @@ -837,8 +837,8 @@ add %r9,%r12 # asm 2: movq rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: carry? r21 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) +mulq CRYPTO_NAMESPACE(ORDER1)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 64(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) +mulq CRYPTO_NAMESPACE(ORDER2)(%rip) # qhasm: free rdx @@ -913,8 +913,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: carry? r22 += rax # asm 1: add rax=%rax movq 72(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) +mulq CRYPTO_NAMESPACE(ORDER1)(%rip) # qhasm: free rdx @@ -956,8 +956,8 @@ add %rcx,%r12 # asm 2: movq rax=%rax movq 80(%rsp),%rax -# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 +# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0) +mulq CRYPTO_NAMESPACE(ORDER0)(%rip) # qhasm: free rdx @@ -1026,25 +1026,25 @@ sbb %r12,%rsi # asm 2: mov t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,t3=%r11 mov %rsi,%r11 -# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0 -# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0, typedef __m128i xmmi; @@ -1110,3 +1112,4 @@ curve25519_move_conditional_bytes(uint8_t out[96], const uint8_t in[96], uint32_ _mm_store_si128((xmmi*)out + 5, a5); } +#endif /* defined(ED25519_SSE2) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h b/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h index c977c26..f8f70d7 100644 --- a/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h +++ b/ed25519/ed25519-donna/ed25519-donna-32bit-tables.h @@ -1,3 +1,5 @@ +#if !defined(ED25519_64BIT) + static const ge25519 ALIGN(16) ge25519_basepoint = { {0x0325d51a,0x018b5823,0x00f6592a,0x0104a92d,0x01a4b31d,0x01d6dc5c,0x027118fe,0x007fd814,0x013cd6e5,0x0085a4db}, {0x02666658,0x01999999,0x00cccccc,0x01333333,0x01999999,0x00666666,0x03333333,0x00cccccc,0x02666666,0x01999999}, @@ -59,3 +61,5 @@ static const ge25519_niels ALIGN(16) ge25519_niels_sliding_multiples[32] = { {{0x01085cf2,0x01fd47af,0x03e3f5e1,0x004b3e99,0x01e3d46a,0x0060033c,0x015ff0a8,0x0150cdd8,0x029e8e21,0x008cf1bc},{0x00156cb1,0x003d623f,0x01a4f069,0x00d8d053,0x01b68aea,0x01ca5ab6,0x0316ae43,0x0134dc44,0x001c8d58,0x0084b343},{0x0318c781,0x0135441f,0x03a51a5e,0x019293f4,0x0048bb37,0x013d3341,0x0143151e,0x019c74e1,0x00911914,0x0076ddde}}, {{0x006bc26f,0x00d48e5f,0x00227bbe,0x00629ea8,0x01ea5f8b,0x0179a330,0x027a1d5f,0x01bf8f8e,0x02d26e2a,0x00c6b65e},{0x01701ab6,0x0051da77,0x01b4b667,0x00a0ce7c,0x038ae37b,0x012ac852,0x03a0b0fe,0x0097c2bb,0x00a017d2,0x01eb8b2a},{0x0120b962,0x0005fb42,0x0353b6fd,0x0061f8ce,0x007a1463,0x01560a64,0x00e0a792,0x01907c92,0x013a6622,0x007b47f1}} }; + +#endif /* !defined(ED25519_64BIT) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h b/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h index 4a6ff9e..f0df467 100644 --- a/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h +++ b/ed25519/ed25519-donna/ed25519-donna-64bit-tables.h @@ -1,3 +1,5 @@ +#if defined(ED25519_64BIT) + static const ge25519 ge25519_basepoint = { {0x00062d608f25d51a,0x000412a4b4f6592a,0x00075b7171a4b31d,0x0001ff60527118fe,0x000216936d3cd6e5}, {0x0006666666666658,0x0004cccccccccccc,0x0001999999999999,0x0003333333333333,0x0006666666666666}, @@ -51,3 +53,5 @@ static const ge25519_niels ge25519_niels_sliding_multiples[32] = { {{0x0007f51ebd085cf2,0x00012cfa67e3f5e1,0x0001800cf1e3d46a,0x00054337615ff0a8,0x000233c6f29e8e21},{0x0000f588fc156cb1,0x000363414da4f069,0x0007296ad9b68aea,0x0004d3711316ae43,0x000212cd0c1c8d58},{0x0004d5107f18c781,0x00064a4fd3a51a5e,0x0004f4cd0448bb37,0x000671d38543151e,0x0001db7778911914}}, {{0x000352397c6bc26f,0x00018a7aa0227bbe,0x0005e68cc1ea5f8b,0x0006fe3e3a7a1d5f,0x00031ad97ad26e2a},{0x00014769dd701ab6,0x00028339f1b4b667,0x0004ab214b8ae37b,0x00025f0aefa0b0fe,0x0007ae2ca8a017d2},{0x000017ed0920b962,0x000187e33b53b6fd,0x00055829907a1463,0x000641f248e0a792,0x0001ed1fc53a6622}} }; + +#endif /* defined(ED25519_64BIT) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-impl-base.h b/ed25519/ed25519-donna/ed25519-donna-impl-base.h index 48913ed..2b8157a 100644 --- a/ed25519/ed25519-donna/ed25519-donna-impl-base.h +++ b/ed25519/ed25519-donna/ed25519-donna-impl-base.h @@ -1,3 +1,5 @@ +#if !defined(ED25519_SSE2) + /* conversions */ @@ -6,15 +8,15 @@ DONNA_INLINE static void ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) { curve25519_mul(r->x, p->x, p->t); curve25519_mul(r->y, p->y, p->z); - curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->z, p->z, p->t); } DONNA_INLINE static void ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) { curve25519_mul(r->x, p->x, p->t); curve25519_mul(r->y, p->y, p->z); - curve25519_mul(r->z, p->z, p->t); - curve25519_mul(r->t, p->x, p->y); + curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->t, p->x, p->y); } static void @@ -188,6 +190,30 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) { r[31] ^= ((parity[0] & 1) << 7); } +// NOTE: leaves in unfinished state +static void +ge25519_batchpack_destructive_1(bytes32 *out, ge25519 *in, bignum25519 *tmp, size_t num) { + bignum25519 ty; + + curve25519_batchrecip(&in->z, &in->z, tmp, num, sizeof(ge25519)); + + for (size_t i = 0; i < num; ++i) { + curve25519_mul(ty, in[i].y, in[i].z); + curve25519_contract(out[i], ty); + } +} + +static void +ge25519_batchpack_destructive_finish(bytes32 out, ge25519 *unf) { + bignum25519 tx; + unsigned char parity[32]; + // z of unfinished is inverted + curve25519_mul(tx, unf->x, unf->z); + curve25519_contract(parity, tx); + out[31] ^= ((parity[0] & 1) << 7); +} + + static int ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) { static const unsigned char zero[32] = {0}; @@ -249,7 +275,7 @@ ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) { #define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2)) /* computes [s1]p1 + [s2]basepoint */ -static void +static void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) { signed char slide1[256], slide2[256]; ge25519_pniels pre1[S1_TABLE_SIZE]; @@ -344,7 +370,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96] curve25519_add_reduce(r->y, t.xaddy, t.ysubx); memset(r->z, 0, sizeof(bignum25519)); curve25519_copy(r->t, t.t2d); - r->z[0] = 2; + r->z[0] = 2; for (i = 3; i < 64; i += 2) { ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]); ge25519_nielsadd2(r, &t); @@ -362,3 +388,4 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96] } } +#endif /* !defined(ED25519_SSE2) */ diff --git a/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h b/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h index 5fe3416..a94d8d2 100644 --- a/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h +++ b/ed25519/ed25519-donna/ed25519-donna-impl-sse2.h @@ -1,3 +1,5 @@ +#if defined(ED25519_SSE2) + /* conversions */ @@ -12,7 +14,7 @@ ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) { curve25519_untangle64(r->x, r->z, xzout); } -static void +static void ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) { packed64bignum25519 ALIGN(16) zy, xt, xx, zz, ty; curve25519_tangle64(ty, p->t, p->y); @@ -217,6 +219,30 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) { r[31] ^= ((parity[0] & 1) << 7); } +// assumes inz[] points to things in in[] +// NOTE: leaves in unfinished state +static void +ge25519_batchpack_destructive_1(bytes32 *out, ge25519 *in, bignum25519 *tmp, size_t num) { + bignum25519 ALIGN(16) ty; + + curve25519_batchrecip(&in->z, &in->z, tmp, num, sizeof(ge25519)); + + for (size_t i = 0; i < num; ++i) { + curve25519_mul(ty, in[i].y, in[i].z); + curve25519_contract(out[i], ty); + } +} + +static void +ge25519_batchpack_destructive_finish(bytes32 out, ge25519 *unf) { + bignum25519 ALIGN(16) tx; + unsigned char parity[32]; + // z of unfinished is inverted + curve25519_mul(tx, unf->x, unf->z); + curve25519_contract(parity, tx); + out[31] ^= ((parity[0] & 1) << 7); +} + static int ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) { @@ -369,7 +395,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bi ge25519_scalarmult_base_choose_niels(&t, table, 0, b[1]); curve25519_sub_reduce(r->x, t.xaddy, t.ysubx); curve25519_add_reduce(r->y, t.xaddy, t.ysubx); - memset(r->z, 0, sizeof(bignum25519)); + memset(r->z, 0, sizeof(bignum25519)); r->z[0] = 2; curve25519_copy(r->t, t.t2d); for (i = 3; i < 64; i += 2) { @@ -388,3 +414,5 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bi ge25519_nielsadd2(r, &t); } } + +#endif /* defined(ED25519_SSE2) */ diff --git a/ed25519/ed25519-donna/ed25519-donna.h b/ed25519/ed25519-donna/ed25519-donna.h index de1120f..f878a1b 100644 --- a/ed25519/ed25519-donna/ed25519-donna.h +++ b/ed25519/ed25519-donna/ed25519-donna.h @@ -41,22 +41,14 @@ #endif #endif -#if defined(ED25519_SSE2) - #include "curve25519-donna-sse2.h" -#elif defined(ED25519_64BIT) - #include "curve25519-donna-64bit.h" -#else - #include "curve25519-donna-32bit.h" -#endif +#include "curve25519-donna-sse2.h" +#include "curve25519-donna-64bit.h" +#include "curve25519-donna-32bit.h" #include "curve25519-donna-helpers.h" -/* separate uint128 check for 64 bit sse2 */ -#if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) - #include "modm-donna-64bit.h" -#else - #include "modm-donna-32bit.h" -#endif +#include "modm-donna-64bit.h" +#include "modm-donna-32bit.h" typedef unsigned char hash_512bits[64]; @@ -94,22 +86,19 @@ typedef struct ge25519_pniels_t { bignum25519 ysubx, xaddy, z, t2d; } ge25519_pniels; +typedef unsigned char bytes32[32]; + #include "ed25519-donna-basepoint-table.h" -#if defined(ED25519_64BIT) - #include "ed25519-donna-64bit-tables.h" - #include "ed25519-donna-64bit-x86.h" -#else - #include "ed25519-donna-32bit-tables.h" - #include "ed25519-donna-64bit-x86-32bit.h" -#endif +#include "ed25519-donna-64bit-tables.h" +#include "ed25519-donna-64bit-x86.h" + +#include "ed25519-donna-32bit-tables.h" +#include "ed25519-donna-64bit-x86-32bit.h" -#if defined(ED25519_SSE2) - #include "ed25519-donna-32bit-sse2.h" - #include "ed25519-donna-64bit-sse2.h" - #include "ed25519-donna-impl-sse2.h" -#else - #include "ed25519-donna-impl-base.h" -#endif +#include "ed25519-donna-32bit-sse2.h" +#include "ed25519-donna-64bit-sse2.h" +#include "ed25519-donna-impl-sse2.h" +#include "ed25519-donna-impl-base.h" diff --git a/ed25519/ed25519-donna/modm-donna-32bit.h b/ed25519/ed25519-donna/modm-donna-32bit.h index dfd76be..c9636e3 100644 --- a/ed25519/ed25519-donna/modm-donna-32bit.h +++ b/ed25519/ed25519-donna/modm-donna-32bit.h @@ -2,6 +2,8 @@ Public domain by Andrew M. */ +/* separate uint128 check for 64 bit sse2 */ +#if !defined(HAVE_UINT128) || defined(ED25519_FORCE_32BIT) /* Arithmetic modulo the group order n = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 @@ -467,3 +469,5 @@ isatmost128bits256_modm_batch(const bignum256modm a) { return (mask == 0); } + +#endif /* !defined(HAVE_UINT128) || defined(ED25519_FORCE_32BIT) */ diff --git a/ed25519/ed25519-donna/modm-donna-64bit.h b/ed25519/ed25519-donna/modm-donna-64bit.h index a47a38a..936e7b0 100644 --- a/ed25519/ed25519-donna/modm-donna-64bit.h +++ b/ed25519/ed25519-donna/modm-donna-64bit.h @@ -2,6 +2,8 @@ Public domain by Andrew M. */ +/* separate uint128 check for 64 bit sse2 */ +#if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) /* Arithmetic modulo the group order n = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 @@ -359,3 +361,5 @@ isatmost128bits256_modm_batch(const bignum256modm a) { return (mask == 0); } + +#endif /* defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) */ diff --git a/ed25519/ed25519.h b/ed25519/ed25519.h index a3388f8..d24a4be 100644 --- a/ed25519/ed25519.h +++ b/ed25519/ed25519.h @@ -1,213 +1,3 @@ #define ED25519_SEEDBYTES 32 #define ED25519_SECRETKEYBYTES 64 #define ED25519_PUBLICKEYBYTES 32 - -#ifdef ED25519_ref10 -#include "ref10/ed25519.h" -#define ed25519_seckey ed25519_ref10_seckey -#define ed25519_seckey_expand ed25519_ref10_seckey_expand -#define ed25519_pubkey ed25519_ref10_pubkey -#define ed25519_keygen ed25519_ref10_keygen -#include "ref10/ge.h" - -/* The basepoint multiplied by 8. */ -static const ge_cached ge_eightpoint = { - /* YplusX */ - { - 48496028, -16430416, 15164263, 11885335, 60784617, -4866353, 46481863, - -2771805, 9708580, 2387263 - }, - /* YmunusX */ - { - -10173472, -5540046, 21277639, 4080693, 1932823, -14916249, -9515873, - -21787995, -36575460, 29827857 - }, - /* Z */ - { - 25143927, -10256223, -3515585, 5715072, 19432778, -14905909, 22462083, - -8862871, 13226552, 743677 - }, - /* T2d */ - { - -784818, -8208065, -28479270, 5551579, 15746872, 4911053, 19117091, - 11267669, -24569594, 14624995 - } -}; -inline static void ge_initeightpoint() {} -#endif - -#ifdef ED25519_amd64_51_30k -#include "amd64-51-30k/ed25519.h" -#define ed25519_seckey ed25519_amd64_51_30k_seckey -#define ed25519_seckey_expand ed25519_amd64_51_30k_seckey_expand -#define ed25519_pubkey ed25519_amd64_51_30k_pubkey -#define ed25519_keygen ed25519_amd64_51_30k_keygen -#include "amd64-51-30k/ge25519.h" -#define ge_p1p1 ge25519_p1p1 -#define ge_p3 ge25519_p3 -#define ge_cached ge25519_pniels -#define ge_p1p1_to_p3 ge25519_p1p1_to_p3 -#define ge_p3_tobytes ge25519_pack -#define ge_add ge25519_pnielsadd_p1p1 - -static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) -{ - sc25519 scsk; - - sc25519_from32bytes(&scsk,sk); - ge25519_scalarmult_base(gepk,&scsk); -} - -/* The basepoint multiplied by 8. */ -static const ge25519_pniels ge_eightpoint = { - // ysubx - {{ 1880013609944032, 273850692840390, 1250787290086935, 789632210881694, 2001713562248987 }}, - // xaddy - {{ 1149173309373852, 797611345273702, 1925224452816873, 2065787175387590, 160206517707811 }}, - // z - {{ 1563516364368503, 383531986082622, 1251481213240650, 1657022631558786, 49907331879479 }}, - // t2d - {{ 1700965895112270, 372560131616985, 329575203620664, 756160485635107, 981466775886086 }}, -}; -inline static void ge_initeightpoint() {} -#endif - -#ifdef ED25519_amd64_64_24k -#include "amd64-64-24k/ed25519.h" -#define ed25519_seckey ed25519_amd64_64_seckey -#define ed25519_seckey_expand ed25519_amd64_64_seckey_expand -#define ed25519_pubkey ed25519_amd64_64_pubkey -#define ed25519_keygen ed25519_amd64_64_keygen -#include "amd64-64-24k/ge25519.h" -#define ge_p1p1 ge25519_p1p1 -#define ge_p3 ge25519_p3 -#define ge_cached ge25519_pniels -#define ge_p1p1_to_p3 ge25519_p1p1_to_p3 -#define ge_p3_tobytes ge25519_pack -#define ge_add ge25519_pnielsadd_p1p1 - -static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) -{ - sc25519 scsk; - - sc25519_from32bytes(&scsk,sk); - ge25519_scalarmult_base(gepk,&scsk); -} - -/* The basepoint multiplied by 8. */ -static const ge25519_pniels ge_eightpoint = { - // ysubx - {{ 6788804652057281504U, 531290374162262565U, 6135835192563885415U, 8199018750971852188U }}, - // xaddy - {{ 1960215011215539612U, 16708348392717346619U, 11897818088205565647U, 656205896531197613U }}, - // z - {{ 15705615417005288055U, 5341641389565279826U, 1966574939768917451U, 204420431378348998U }}, - // t2d - {{ 9713713562319586894U, 4328467261753610859U, 8262494979546083277U, 4020087914029409631U }}, -}; -inline static void ge_initeightpoint() {} -#endif - -#ifdef ED25519_donna -#define ED25519_CUSTOMRANDOM -#define ED25519_CUSTOMHASH -#include -#include -#include "ed25519-donna/ed25519-donna.h" - -static int ed25519_seckey_expand(unsigned char *sk,const unsigned char *seed) -{ - crypto_hash_sha512(sk,seed,32); - sk[0] &= 248; - sk[31] &= 127; - sk[31] |= 64; - - return 0; -} - -static int ed25519_seckey(unsigned char *sk) -{ - unsigned char seed[32]; - - randombytes(seed,32); - return ed25519_seckey_expand(sk,seed); -} - -static int ed25519_pubkey(unsigned char *pk,const unsigned char *sk) -{ - bignum256modm a; - ge25519 ALIGN(16) A; - - expand256_modm(a,sk,32); - ge25519_scalarmult_base_niels(&A,ge25519_niels_base_multiples,a); - ge25519_pack(pk,&A); - - return 0; -} - - -static int ed25519_keypair(unsigned char *pk,unsigned char *sk) -{ - ed25519_seckey(sk); - ed25519_pubkey(pk,sk); - - return 0; -} -// hacky, but works for current stuff in main.c -#define ge_p1p1 ge25519_p1p1 ALIGN(16) -#define ge_p3 ge25519 ALIGN(16) -#define ge_cached ge25519_pniels ALIGN(16) - -#define ge_p1p1_to_p3 ge25519_p1p1_to_full -#define ge_p3_tobytes ge25519_pack - -DONNA_INLINE static void ge_add(ge25519_p1p1 *r,const ge25519 *p,const ge25519_pniels *q) -{ - ge25519_pnielsadd_p1p1(r,p,q,0); -} - -DONNA_INLINE static void ge_scalarmult_base(ge25519 *A,const unsigned char *sk) -{ - bignum256modm ALIGN(16) a; - expand256_modm(a,sk,32); - ge25519_scalarmult_base_niels(A,ge25519_niels_base_multiples,a); -} - -static ge25519_pniels ALIGN(16) ge_eightpoint; -// portable representation of (basepoint * 8) -static u8 fe_ysubx[32] = { - 0xE0,0xC3,0x64,0xC7,0xDC,0xAD,0x36,0x5E, - 0x25,0xAA,0x86,0xC8,0xC7,0x85,0x5F,0x07, - 0x67,0x65,0x1C,0x3D,0x99,0xDD,0x26,0x55, - 0x9C,0xB5,0x71,0x1E,0x1D,0xC4,0xC8,0x71, -}; -static u8 fe_xaddy[32] = { - 0x9C,0xFD,0xE3,0xC2,0x2A,0x15,0x34,0x1B, - 0x3B,0xE7,0x62,0xAB,0x56,0xFA,0xDF,0xE7, - 0xCF,0xBE,0xB5,0x8D,0x83,0x8A,0x1D,0xA5, - 0xAD,0x3E,0x42,0x42,0xC9,0x4F,0x1B,0x09, -}; -static u8 fe_z[32] = { - 0x77,0xAA,0x7F,0x85,0x02,0x8E,0xF5,0xD9, - 0x52,0xFE,0x8F,0xE6,0x8A,0x52,0x21,0x4A, - 0xCB,0x8D,0x1C,0x05,0x7D,0xAD,0x4A,0x1B, - 0xC6,0x7B,0x23,0x9D,0x4C,0x3F,0xD6,0x02, -}; -static u8 fe_t2d[32] = { - 0x4E,0x06,0xF4,0xFB,0x04,0x0B,0xCE,0x86, - 0x6B,0x52,0xBB,0x96,0x0A,0xCE,0x11,0x3C, - 0xCD,0xEF,0x4A,0x46,0x68,0x47,0xAA,0x72, - 0x5F,0x65,0x90,0x91,0xA8,0x38,0xCA,0x37, -}; - -// initialize from packed representation -static void ge_initeightpoint() -{ - memset(&ge_eightpoint,0,sizeof(ge_eightpoint)); - curve25519_expand(ge_eightpoint.ysubx,fe_ysubx); - curve25519_expand(ge_eightpoint.xaddy,fe_xaddy); - curve25519_expand(ge_eightpoint.z,fe_z); - curve25519_expand(ge_eightpoint.t2d,fe_t2d); -} - -#endif diff --git a/ed25519/ed25519_impl_post.h b/ed25519/ed25519_impl_post.h new file mode 100644 index 0000000..470ad77 --- /dev/null +++ b/ed25519/ed25519_impl_post.h @@ -0,0 +1,84 @@ + +#undef ed25519_seckey +#undef ed25519_seckey_expand +#undef ed25519_pubkey +#undef ed25519_keygen + +#undef ge_eightpoint +#undef ge_initeightpoint + +#undef ge_add +#undef ge_p3_batchtobytes_destructive_1 +#undef ge_p3_batchtobytes_destructive_finish +#undef ge_scalarmult_base + + +#ifdef ED25519_ref10 + +#undef ge_frombytes_negate_vartime +#undef ge_tobytes +#undef ge_p3_tobytes +#undef ge_p2_0 +#undef ge_p3_0 +#undef ge_precomp_0 +#undef ge_p3_to_p2 +#undef ge_p3_to_cached +#undef ge_p1p1_to_p2 +#undef ge_p1p1_to_p3 +#undef ge_p2_dbl +#undef ge_p3_dbl +#undef ge_madd +#undef ge_msub +#undef ge_sub +#undef ge_scalarmult_base +#undef ge_double_scalarmult_vartime + +#endif + + +#if defined(ED25519_amd64_51_30k) || defined(ED25519_amd64_64_24k) + +#undef ge25519 +#undef ge25519_base +#undef ge25519_unpackneg_vartime +#undef ge25519_pack +#undef ge25519_isneutral_vartime +#undef ge25519_add +#undef ge25519_double +#undef ge25519_double_scalarmult_vartime +#undef ge25519_multi_scalarmult_vartime +#undef ge25519_scalarmult_base +#undef ge25519_p1p1_to_p2 +#undef ge25519_p1p1_to_p3 +#undef ge25519_p1p1_to_pniels +#undef ge25519_add_p1p1 +#undef ge25519_dbl_p1p1 +#undef choose_t +#undef ge25519_nielsadd2 +#undef ge25519_nielsadd_p1p1 +#undef ge25519_pnielsadd_p1p1 +#undef ge25519_p3 + +#undef fe +#undef ge_p1p1 +#undef ge_p3 +#undef ge_p1p1_to_p3 +#undef ge_p3_tobytes + +#endif + + +#ifdef ED25519_donna + +#undef fe_ysubx +#undef fe_xaddy +#undef fe_z +#undef fe_t2d + +#undef fe +#undef ge_p1p1 +#undef ge_p3 +#undef ge_p1p1_to_p3 +#undef ge_p3_tobytes + +#endif diff --git a/ed25519/ed25519_impl_pre.h b/ed25519/ed25519_impl_pre.h new file mode 100644 index 0000000..bc84ad9 --- /dev/null +++ b/ed25519/ed25519_impl_pre.h @@ -0,0 +1,256 @@ + +#ifndef ED25519_donna +# if defined(_MSC_VER) +# define ALIGN(x) __declspec(align(x)) +# elif defined(__GNUC__) +# undef ALIGN +# define ALIGN(x) __attribute__((aligned(x))) +# else +# ifndef ALIGN +# define ALIGN(x) +# endif +# endif +#endif + + +#define ed25519_seckey CRYPTO_NAMESPACE(seckey) +#define ed25519_seckey_expand CRYPTO_NAMESPACE(seckey_expand) +#define ed25519_pubkey CRYPTO_NAMESPACE(pubkey) +#define ed25519_keygen CRYPTO_NAMESPACE(keygen) + +#define ge_eightpoint CRYPTO_NAMESPACE(ge_eightpoint) +#define ge_initeightpoint CRYPTO_NAMESPACE(ge_initeightpoint) + + +#ifdef ED25519_ref10 + +#include "ref10/crypto_sign.h" +#include "ref10/ge.h" + +/* The basepoint multiplied by 8. */ +static const ge_cached ge_eightpoint = { + /* YplusX */ + { + 48496028, -16430416, 15164263, 11885335, 60784617, -4866353, 46481863, + -2771805, 9708580, 2387263 + }, + /* YmunusX */ + { + -10173472, -5540046, 21277639, 4080693, 1932823, -14916249, -9515873, + -21787995, -36575460, 29827857 + }, + /* Z */ + { + 25143927, -10256223, -3515585, 5715072, 19432778, -14905909, 22462083, + -8862871, 13226552, 743677 + }, + /* T2d */ + { + -784818, -8208065, -28479270, 5551579, 15746872, 4911053, 19117091, + 11267669, -24569594, 14624995 + } +}; +inline static void ge_initeightpoint(void) {} + +#endif + + +#ifdef ED25519_amd64_51_30k + +#include "amd64-51-30k/crypto_sign.h" +#include "amd64-51-30k/ge25519.h" + +#endif + + +#ifdef ED25519_amd64_64_24k + +#include "amd64-64-24k/crypto_sign.h" +#include "amd64-64-24k/ge25519.h" + +#endif + + +// common +#if defined(ED25519_amd64_51_30k) || defined(ED25519_amd64_64_24k) + +#define fe fe25519 +#define ge_p1p1 ge25519_p1p1 +#define ge_p3 ge25519_p3 +#define ge_p1p1_to_p3 ge25519_p1p1_to_p3 +#define ge_p3_tobytes ge25519_pack +#define ge_add ge25519_pnielsadd_p1p1 + +#define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 +#define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish + +#define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) + +#endif + + +#ifdef ED25519_amd64_51_30k +static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) +{ + sc25519 scsk; + + sc25519_from32bytes(&scsk,sk); + ge25519_scalarmult_base(gepk,&scsk); +} + +/* The basepoint multiplied by 8. */ +static const ge25519_pniels ge_eightpoint = { + // ysubx + {{ 1880013609944032, 273850692840390, 1250787290086935, 789632210881694, 2001713562248987 }}, + // xaddy + {{ 1149173309373852, 797611345273702, 1925224452816873, 2065787175387590, 160206517707811 }}, + // z + {{ 1563516364368503, 383531986082622, 1251481213240650, 1657022631558786, 49907331879479 }}, + // t2d + {{ 1700965895112270, 372560131616985, 329575203620664, 756160485635107, 981466775886086 }}, +}; +inline static void ge_initeightpoint(void) {} +#endif + + +#ifdef ED25519_amd64_64_24k +static inline void ge_scalarmult_base(ge_p3 *gepk,const unsigned char *sk) +{ + sc25519 scsk; + + sc25519_from32bytes(&scsk,sk); + ge25519_scalarmult_base(gepk,&scsk); +} + +/* The basepoint multiplied by 8. */ +static const ge25519_pniels ge_eightpoint = { + // ysubx + {{ 6788804652057281504U, 531290374162262565U, 6135835192563885415U, 8199018750971852188U }}, + // xaddy + {{ 1960215011215539612U, 16708348392717346619U, 11897818088205565647U, 656205896531197613U }}, + // z + {{ 15705615417005288055U, 5341641389565279826U, 1966574939768917451U, 204420431378348998U }}, + // t2d + {{ 9713713562319586894U, 4328467261753610859U, 8262494979546083277U, 4020087914029409631U }}, +}; +inline static void ge_initeightpoint(void) {} +#endif + + +#ifdef ED25519_donna + +#define ED25519_CUSTOMRANDOM +#define ED25519_CUSTOMHASH +#include +#include +#include "ed25519-donna/ed25519-donna.h" + +static int ed25519_seckey_expand(unsigned char *sk,const unsigned char *seed) +{ + crypto_hash_sha512(sk,seed,32); + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; + + return 0; +} + +static int ed25519_seckey(unsigned char *sk) +{ + unsigned char seed[32]; + + randombytes(seed,32); + return ed25519_seckey_expand(sk,seed); +} + +static int ed25519_pubkey(unsigned char *pk,const unsigned char *sk) +{ + bignum256modm a; + ge25519 ALIGN(16) A; + + expand256_modm(a,sk,32); + ge25519_scalarmult_base_niels(&A,ge25519_niels_base_multiples,a); + ge25519_pack(pk,&A); + + return 0; +} + + +static int ed25519_keypair(unsigned char *pk,unsigned char *sk) +{ + ed25519_seckey(sk); + ed25519_pubkey(pk,sk); + + return 0; +} + +#define fe bignum25519 +#define ge_p1p1 ge25519_p1p1 +#define ge_p3 ge25519 + +#define ge_p1p1_to_p3 ge25519_p1p1_to_full +#define ge_p3_tobytes ge25519_pack + +#define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 +#define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish + + +#define ge_add CRYPTO_NAMESPACE(ge_add) +#define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) + + +DONNA_INLINE static void ge_add(ge25519_p1p1 *r,const ge25519 *p,const ge25519_pniels *q) +{ + ge25519_pnielsadd_p1p1(r,p,q,0); +} + +DONNA_INLINE static void ge_scalarmult_base(ge25519 *A,const unsigned char *sk) +{ + bignum256modm ALIGN(16) a; + expand256_modm(a,sk,32); + ge25519_scalarmult_base_niels(A,ge25519_niels_base_multiples,a); +} + +#define fe_ysubx CRYPTO_NAMESPACE(fe_ysubx) +#define fe_xaddy CRYPTO_NAMESPACE(fe_xaddy) +#define fe_z CRYPTO_NAMESPACE(fe_z) +#define fe_t2d CRYPTO_NAMESPACE(fe_t2d) + +static ge25519_pniels ALIGN(16) ge_eightpoint; +// portable representation of (basepoint * 8) +static u8 fe_ysubx[32] = { + 0xE0,0xC3,0x64,0xC7,0xDC,0xAD,0x36,0x5E, + 0x25,0xAA,0x86,0xC8,0xC7,0x85,0x5F,0x07, + 0x67,0x65,0x1C,0x3D,0x99,0xDD,0x26,0x55, + 0x9C,0xB5,0x71,0x1E,0x1D,0xC4,0xC8,0x71, +}; +static u8 fe_xaddy[32] = { + 0x9C,0xFD,0xE3,0xC2,0x2A,0x15,0x34,0x1B, + 0x3B,0xE7,0x62,0xAB,0x56,0xFA,0xDF,0xE7, + 0xCF,0xBE,0xB5,0x8D,0x83,0x8A,0x1D,0xA5, + 0xAD,0x3E,0x42,0x42,0xC9,0x4F,0x1B,0x09, +}; +static u8 fe_z[32] = { + 0x77,0xAA,0x7F,0x85,0x02,0x8E,0xF5,0xD9, + 0x52,0xFE,0x8F,0xE6,0x8A,0x52,0x21,0x4A, + 0xCB,0x8D,0x1C,0x05,0x7D,0xAD,0x4A,0x1B, + 0xC6,0x7B,0x23,0x9D,0x4C,0x3F,0xD6,0x02, +}; +static u8 fe_t2d[32] = { + 0x4E,0x06,0xF4,0xFB,0x04,0x0B,0xCE,0x86, + 0x6B,0x52,0xBB,0x96,0x0A,0xCE,0x11,0x3C, + 0xCD,0xEF,0x4A,0x46,0x68,0x47,0xAA,0x72, + 0x5F,0x65,0x90,0x91,0xA8,0x38,0xCA,0x37, +}; + +// initialize from packed representation +static void ge_initeightpoint(void) +{ + memset(&ge_eightpoint,0,sizeof(ge_eightpoint)); + curve25519_expand(ge_eightpoint.ysubx,fe_ysubx); + curve25519_expand(ge_eightpoint.xaddy,fe_xaddy); + curve25519_expand(ge_eightpoint.z,fe_z); + curve25519_expand(ge_eightpoint.t2d,fe_t2d); +} + +#endif diff --git a/ed25519/ref10/crypto_sign.h b/ed25519/ref10/crypto_sign.h index 71b2543..35b0a74 100644 --- a/ed25519/ref10/crypto_sign.h +++ b/ed25519/ref10/crypto_sign.h @@ -1,8 +1,9 @@ -#define crypto_sign ed25519_ref10_sign -#define crypto_sign_keypair ed25519_ref10_keygen -#define crypto_sign_seckey ed25519_ref10_seckey -#define crypto_sign_seckey_expand ed25519_ref10_seckey_expand -#define crypto_sign_pubkey ed25519_ref10_pubkey -#define crypto_sign_open ed25519_ref10_open +#define crypto_sign CRYPTO_NAMESPACE(sign) +#define crypto_sign_keypair CRYPTO_NAMESPACE(keygen) +#define crypto_sign_seckey CRYPTO_NAMESPACE(seckey) +#define crypto_sign_seckey_expand CRYPTO_NAMESPACE(seckey_expand) +#define crypto_sign_pubkey CRYPTO_NAMESPACE(pubkey) +#define crypto_sign_open CRYPTO_NAMESPACE(open) +#define crypto_sign_open_batch CRYPTO_NAMESPACE(open_batch) #include "ed25519.h" diff --git a/ed25519/ref10/ed25519.h b/ed25519/ref10/ed25519.h index 406aafc..2122ad5 100644 --- a/ed25519/ref10/ed25519.h +++ b/ed25519/ref10/ed25519.h @@ -1,13 +1,13 @@ -int ed25519_ref10_seckey(unsigned char *sk); -int ed25519_ref10_seckey_expand(unsigned char *sk,const unsigned char *seed); -int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk); -int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk); -int ed25519_ref10_sign( +int crypto_sign_seckey(unsigned char *sk); +int crypto_sign_seckey_expand(unsigned char *sk,const unsigned char *seed); +int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk); +int crypto_sign_keypair(unsigned char *pk,unsigned char *sk); +int crypto_sign( unsigned char *sm,unsigned long long *smlen, const unsigned char *m,unsigned long long mlen, const unsigned char *sk ); -int ed25519_ref10_open( +int crypto_sign_open( unsigned char *m,unsigned long long *mlen, const unsigned char *sm,unsigned long long smlen, const unsigned char *pk diff --git a/ed25519/ref10/fe.h b/ed25519/ref10/fe.h index 60c308b..4613170 100644 --- a/ed25519/ref10/fe.h +++ b/ed25519/ref10/fe.h @@ -2,6 +2,7 @@ #define FE_H #include "crypto_int32.h" +#include typedef crypto_int32 fe[10]; @@ -13,24 +14,24 @@ t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on context. */ -#define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes -#define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes -#define fe_copy crypto_sign_ed25519_ref10_fe_copy -#define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero -#define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative -#define fe_0 crypto_sign_ed25519_ref10_fe_0 -#define fe_1 crypto_sign_ed25519_ref10_fe_1 -#define fe_cswap crypto_sign_ed25519_ref10_fe_cswap -#define fe_cmov crypto_sign_ed25519_ref10_fe_cmov -#define fe_add crypto_sign_ed25519_ref10_fe_add -#define fe_sub crypto_sign_ed25519_ref10_fe_sub -#define fe_neg crypto_sign_ed25519_ref10_fe_neg -#define fe_mul crypto_sign_ed25519_ref10_fe_mul -#define fe_sq crypto_sign_ed25519_ref10_fe_sq -#define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2 -#define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666 -#define fe_invert crypto_sign_ed25519_ref10_fe_invert -#define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523 +#define fe_frombytes CRYPTO_NAMESPACE(fe_frombytes) +#define fe_tobytes CRYPTO_NAMESPACE(fe_tobytes) +#define fe_copy CRYPTO_NAMESPACE(fe_copy) +#define fe_isnonzero CRYPTO_NAMESPACE(fe_isnonzero) +#define fe_isnegative CRYPTO_NAMESPACE(fe_isnegative) +#define fe_0 CRYPTO_NAMESPACE(fe_0) +#define fe_1 CRYPTO_NAMESPACE(fe_1) +#define fe_cswap CRYPTO_NAMESPACE(fe_cswap) +#define fe_cmov CRYPTO_NAMESPACE(fe_cmov) +#define fe_add CRYPTO_NAMESPACE(fe_add) +#define fe_sub CRYPTO_NAMESPACE(fe_sub) +#define fe_neg CRYPTO_NAMESPACE(fe_neg) +#define fe_mul CRYPTO_NAMESPACE(fe_mul) +#define fe_sq CRYPTO_NAMESPACE(fe_sq) +#define fe_sq2 CRYPTO_NAMESPACE(fe_sq2) +#define fe_invert CRYPTO_NAMESPACE(fe_invert) +#define fe_batchinvert CRYPTO_NAMESPACE(fe_batchinvert) +#define fe_pow22523 CRYPTO_NAMESPACE(fe_pow22523) extern void fe_frombytes(fe,const unsigned char *); extern void fe_tobytes(unsigned char *,const fe); @@ -49,8 +50,8 @@ extern void fe_neg(fe,const fe); extern void fe_mul(fe,const fe,const fe); extern void fe_sq(fe,const fe); extern void fe_sq2(fe,const fe); -extern void fe_mul121666(fe,const fe); extern void fe_invert(fe,const fe); +extern void fe_batchinvert(fe *out,fe *in,fe *tmp,size_t num,size_t shift); extern void fe_pow22523(fe,const fe); #endif diff --git a/ed25519/ref10/fe_batchinvert.c b/ed25519/ref10/fe_batchinvert.c new file mode 100644 index 0000000..10e2e0e --- /dev/null +++ b/ed25519/ref10/fe_batchinvert.c @@ -0,0 +1,34 @@ +#include "fe.h" + +// tmp MUST != out or in +// in MAY == out +void fe_batchinvert(fe *out,fe *in,fe *tmp,size_t num,size_t shift) +{ + fe acc; + fe tmpacc; + size_t i; + fe *inp; + fe *outp; + + fe_1(acc); + + inp = in; + for (i = 0;i < num;++i) { + fe_copy(tmp[i],acc); + fe_mul(acc,acc,*inp); + inp = (fe *)((char *)inp + shift); + } + + fe_invert(acc,acc); + + i = num; + inp = (fe *)((char *)in + shift * num); + outp = (fe *)((char *)out + shift * num); + while (i--) { + inp = (fe *)((char *)inp - shift); + outp = (fe *)((char *)outp - shift); + fe_mul(tmpacc,acc,*inp); + fe_mul(*outp,acc,tmp[i]); + fe_copy(acc,tmpacc); + } +} diff --git a/ed25519/ref10/fe_isnonzero.c b/ed25519/ref10/fe_isnonzero.c index 0261e92..4756800 100644 --- a/ed25519/ref10/fe_isnonzero.c +++ b/ed25519/ref10/fe_isnonzero.c @@ -9,7 +9,7 @@ Preconditions: |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static const unsigned char zero[32] = {0}; +static const unsigned char zero[32]; int fe_isnonzero(const fe f) { diff --git a/ed25519/ref10/ge.h b/ed25519/ref10/ge.h index 55e95f9..c69a5b3 100644 --- a/ed25519/ref10/ge.h +++ b/ed25519/ref10/ge.h @@ -50,29 +50,35 @@ typedef struct { fe T2d; } ge_cached; -#define ge_frombytes_negate_vartime crypto_sign_ed25519_ref10_ge_frombytes_negate_vartime -#define ge_tobytes crypto_sign_ed25519_ref10_ge_tobytes -#define ge_p3_tobytes crypto_sign_ed25519_ref10_ge_p3_tobytes +typedef unsigned char bytes32[32]; -#define ge_p2_0 crypto_sign_ed25519_ref10_ge_p2_0 -#define ge_p3_0 crypto_sign_ed25519_ref10_ge_p3_0 -#define ge_precomp_0 crypto_sign_ed25519_ref10_ge_precomp_0 -#define ge_p3_to_p2 crypto_sign_ed25519_ref10_ge_p3_to_p2 -#define ge_p3_to_cached crypto_sign_ed25519_ref10_ge_p3_to_cached -#define ge_p1p1_to_p2 crypto_sign_ed25519_ref10_ge_p1p1_to_p2 -#define ge_p1p1_to_p3 crypto_sign_ed25519_ref10_ge_p1p1_to_p3 -#define ge_p2_dbl crypto_sign_ed25519_ref10_ge_p2_dbl -#define ge_p3_dbl crypto_sign_ed25519_ref10_ge_p3_dbl +#define ge_frombytes_negate_vartime CRYPTO_NAMESPACE(ge_frombytes_negate_vartime) +#define ge_tobytes CRYPTO_NAMESPACE(ge_tobytes) +#define ge_p3_tobytes CRYPTO_NAMESPACE(ge_p3_tobytes) +#define ge_p3_batchtobytes_destructive_1 CRYPTO_NAMESPACE(ge_p3_batchtobytes_destructive_1) +#define ge_p3_batchtobytes_destructive_finish CRYPTO_NAMESPACE(ge_p3_batchtobytes_destructive_finish) -#define ge_madd crypto_sign_ed25519_ref10_ge_madd -#define ge_msub crypto_sign_ed25519_ref10_ge_msub -#define ge_add crypto_sign_ed25519_ref10_ge_add -#define ge_sub crypto_sign_ed25519_ref10_ge_sub -#define ge_scalarmult_base crypto_sign_ed25519_ref10_ge_scalarmult_base -#define ge_double_scalarmult_vartime crypto_sign_ed25519_ref10_ge_double_scalarmult_vartime +#define ge_p2_0 CRYPTO_NAMESPACE(ge_p2_0) +#define ge_p3_0 CRYPTO_NAMESPACE(ge_p3_0) +#define ge_precomp_0 CRYPTO_NAMESPACE(ge_precomp_0) +#define ge_p3_to_p2 CRYPTO_NAMESPACE(ge_p3_to_p2) +#define ge_p3_to_cached CRYPTO_NAMESPACE(ge_p3_to_cached) +#define ge_p1p1_to_p2 CRYPTO_NAMESPACE(ge_p1p1_to_p2) +#define ge_p1p1_to_p3 CRYPTO_NAMESPACE(ge_p1p1_to_p3) +#define ge_p2_dbl CRYPTO_NAMESPACE(ge_p2_dbl) +#define ge_p3_dbl CRYPTO_NAMESPACE(ge_p3_dbl) + +#define ge_madd CRYPTO_NAMESPACE(ge_madd) +#define ge_msub CRYPTO_NAMESPACE(ge_msub) +#define ge_add CRYPTO_NAMESPACE(ge_add) +#define ge_sub CRYPTO_NAMESPACE(ge_sub) +#define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) +#define ge_double_scalarmult_vartime CRYPTO_NAMESPACE(ge_double_scalarmult_vartime) extern void ge_tobytes(unsigned char *,const ge_p2 *); extern void ge_p3_tobytes(unsigned char *,const ge_p3 *); +extern void ge_p3_batchtobytes_destructive_1(bytes32 *out,ge_p3 *in,fe *tmp,size_t num); +extern void ge_p3_batchtobytes_destructive_finish(bytes32 out,ge_p3 *unf); extern int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *); extern void ge_p2_0(ge_p2 *); diff --git a/ed25519/ref10/ge_double_scalarmult.c b/ed25519/ref10/ge_double_scalarmult.c index f8bf4bf..a2df6e9 100644 --- a/ed25519/ref10/ge_double_scalarmult.c +++ b/ed25519/ref10/ge_double_scalarmult.c @@ -32,7 +32,7 @@ static void slide(signed char *r,const unsigned char *a) } -static ge_precomp Bi[8] = { +static const ge_precomp Bi[8] = { #include "base2.h" } ; diff --git a/ed25519/ref10/ge_p3_batchtobytes.c b/ed25519/ref10/ge_p3_batchtobytes.c new file mode 100644 index 0000000..46605a9 --- /dev/null +++ b/ed25519/ref10/ge_p3_batchtobytes.c @@ -0,0 +1,23 @@ +#include "ge.h" + +// inz is ge_p3.Z pointer array. contents to .Zs will be overwritten +// NOTE: leaves in unfinished state +void ge_p3_batchtobytes_destructive_1(bytes32 *out,ge_p3 *in,fe *tmp,size_t num) +{ + fe y; + + fe_batchinvert(&in->Z,&in->Z,tmp,num,sizeof(ge_p3)); + + for (size_t i = 0;i < num;++i) { + fe_mul(y,in[i].Y,in[i].Z); + fe_tobytes(out[i],y); + } +} + +void ge_p3_batchtobytes_destructive_finish(bytes32 out,ge_p3 *unf) +{ + fe x; + // z of unfinished is inverted + fe_mul(x,unf->X,unf->Z); + out[31] ^= fe_isnegative(x) << 7; +} diff --git a/ed25519/ref10/ge_scalarmult_base.c b/ed25519/ref10/ge_scalarmult_base.c index 421e4fa..6707547 100644 --- a/ed25519/ref10/ge_scalarmult_base.c +++ b/ed25519/ref10/ge_scalarmult_base.c @@ -19,7 +19,7 @@ static unsigned char negative(signed char b) return x; } -static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b) +static void cmov(ge_precomp *t,const ge_precomp *u,unsigned char b) { fe_cmov(t->yplusx,u->yplusx,b); fe_cmov(t->yminusx,u->yminusx,b); @@ -27,7 +27,7 @@ static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b) } /* base[i][j] = (j+1)*256^i*B */ -static ge_precomp base[32][8] = { +static const ge_precomp base[32][8] = { #include "base.h" } ; diff --git a/ed25519/ref10/sc.h b/ed25519/ref10/sc.h index d32ed2e..81c8594 100644 --- a/ed25519/ref10/sc.h +++ b/ed25519/ref10/sc.h @@ -6,8 +6,8 @@ The set of scalars is \Z/l where l = 2^252 + 27742317777372353535851937790883648493. */ -#define sc_reduce crypto_sign_ed25519_ref10_sc_reduce -#define sc_muladd crypto_sign_ed25519_ref10_sc_muladd +#define sc_reduce CRYPTO_NAMESPACE(sc_reduce) +#define sc_muladd CRYPTO_NAMESPACE(sc_muladd) extern void sc_reduce(unsigned char *); extern void sc_muladd(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); diff --git a/filters.h b/filters.h index 7c55807..71f0118 100644 --- a/filters.h +++ b/filters.h @@ -1,4 +1,3 @@ -// filters stuff #ifndef INTFILTER # define BINFILTER @@ -31,34 +30,48 @@ #ifdef NEEDBINFILTER + # ifndef BINFILTERLEN # define BINFILTERLEN PUBLIC_LEN # endif + struct binfilter { u8 f[BINFILTERLEN]; size_t len; // real len minus one u8 mask; } ; + +VEC_STRUCT(bfiltervec,struct binfilter); + +#ifdef BINFILTER +extern struct bfiltervec filters; +#endif + #endif // NEEDBINFILTER -#ifdef BINFILTER -static VEC_STRUCT(bfiltervec,struct binfilter) filters; -#endif // BINFILTER #ifdef INTFILTER + struct intfilter { IFT f; # ifndef OMITMASK IFT m; # endif } ; -static VEC_STRUCT(ifiltervec,struct intfilter) filters; + +VEC_STRUCT(ifiltervec,struct intfilter); + +extern struct ifiltervec filters; + # ifdef OMITMASK -IFT ifiltermask; +extern IFT ifiltermask; # endif + #endif // INTFILTER + + #ifdef PCRE2FILTER #define PCRE2_CODE_UNIT_WIDTH 8 @@ -68,621 +81,16 @@ struct pcre2filter { char *str; pcre2_code *re; } ; -static VEC_STRUCT(pfiltervec,struct pcre2filter) filters; -#endif // PCRE2FILTER +VEC_STRUCT(pfiltervec,struct pcre2filter); -static void filters_init() -{ - VEC_INIT(filters); -} - -#ifdef INTFILTER - -static inline size_t filter_len(size_t i) -{ -# ifndef OMITMASK - const u8 *m = (const u8 *)&VEC_BUF(filters,i).m; -# else // OMITMASK - const u8 *m = (const u8 *)&ifiltermask; -# endif // OMITMASK - size_t c = 0; - for (size_t j = 0;;) { - u8 v = m[j]; - for (size_t k = 0;;) { - if (!v) - return c; - ++c; - if (++k >= 8) - break; - v <<= 1; - } - if (++j >= sizeof(IFT)) - break; - } - return c; -} - -# ifdef OMITMASK - -static inline int filter_compare(const void *p1,const void *p2) -{ - if (((const struct intfilter *)p1)->f < ((const struct intfilter *)p2)->f) - return -1; - if (((const struct intfilter *)p1)->f > ((const struct intfilter *)p2)->f) - return 1; - return 0; -} - -# ifdef EXPANDMASK - -/* - * raw representation -- FF.FF.F0.00 - * big endian -- 0xFFFFF000 - * little endian -- 0x00F0FFFF - * b: 0xFFffF000 ^ 0xFFff0000 -> 0x0000F000 - * 0x0000F000 + 1 -> 0x0000F001 - * 0x0000F000 & 0x0000F001 -> 0x0000F000 <- shifted mask - * 0x0000F000 ^ 0x0000F000 -> 0x00000000 <- direct mask - * 0x0000F000 ^ 0x00000000 -> 0x0000F000 <- shifted mask - * l: 0x00f0FFff ^ 0x0000FFff -> 0x00f00000 - * 0x00f00000 + 1 -> 0x00f00001 - * 0x00f00000 & 0x00f00001 -> 0x00f00000 <- shifted mask - * 0x00f00000 ^ 0x00f00000 -> 0x00000000 <- direct mask - * 0x00f00000 ^ 0x00000000 -> 0x00f00000 <- shifted mask - * - * b: 0xFFffFFff ^ 0xF0000000 -> 0x0FffFFff - * 0x0FffFFff + 1 -> 0x10000000 - * 0x0FffFFff & 0x10000000 -> 0x00000000 <- shifted mask - * 0x0FffFFff ^ 0x00000000 -> 0x0FffFFff <- direct mask - * 0x0FffFFff ^ 0x0FffFFff -> 0x00000000 <- shifted mask - * l: 0xFFffFFff ^ 0x000000f0 -> 0xFFffFF0f - * 0xFFffFF0f + 1 -> 0xFFffFF10 - * 0xFFffFF0f & 0xFFffFF10 -> 0xFFffFF00 <- shifted mask - * 0xFFffFF0f ^ 0xFFffFF00 -> 0x0000000f <- direct mask - * 0xFFffFF0f ^ 0x0000000f -> 0xFFffFF00 <- shifted mask - * - * essentially, we have to make direct mask + shifted mask bits worth of information - * and then split it into 2 parts - * we do not need absolute shifted mask shifting value, just relative to direct mask - * 0x0sss00dd - shifted & direct mask combo - * 0x000sssdd - combined mask - * 8 - relshiftval - * generate values from 0x00000000 to 0x000sssdd - * for each value, realmask <- (val & 0x000000dd) | ((val & 0x000sss00) << relshiftval) - * or.. - * realmask <- (val & 0x000000dd) | ((val << relshiftval) & 0x0sss0000) - * ... - * above method doesn't work in some cases. better way: - * l: 0x80ffFFff ^ 0x00f0FFff -> 0x800f0000 - * 0x800f0000 >> 16 -> 0x0000800f - * 0x0000800f + 1 -> 0x00008010 - * 0x0000800f & 0x00008010 -> 0x00008000 <- smask - * 0x0000800f ^ 0x00008000 -> 0x0000000f <- dmask - */ - -static int flattened = 0; - -#define EXPVAL(init,j,dmask,smask,ishift,rshift) \ - ((init) | ((((j) & (dmask)) | (((j) << (rshift)) & (smask))) << (ishift))) -// add expanded set of values -// allocates space on its own -static void ifilter_addexpanded( - struct intfilter *ifltr, - IFT dmask,IFT smask,IFT cmask, - int ishift,int rshift) -{ - flattened = 1; - size_t i = VEC_LENGTH(filters); - VEC_ADDN(filters,cmask + 1); - for (size_t j = 0;;++j) { - VEC_BUF(filters,i + j).f = - EXPVAL(ifltr->f,j,dmask,smask,ishift,rshift); - if (j == cmask) - break; - } -} - -// expand existing stuff -// allocates needed stuff on its own -static void ifilter_expand(IFT dmask,IFT smask,IFT cmask,int ishift,int rshift) -{ - flattened = 1; - size_t len = VEC_LENGTH(filters); - VEC_ADDN(filters,cmask * len); - size_t esz = cmask + 1; // size of expanded elements - for (size_t i = len - 1;;--i) { - for (IFT j = 0;;++j) { - VEC_BUF(filters,i * esz + j).f = - EXPVAL(VEC_BUF(filters,i).f,j,dmask,smask,ishift,rshift); - if (j == cmask) - break; - } - if (i == 0) - break; - } -} - -static inline void ifilter_addflatten(struct intfilter *ifltr,IFT mask) -{ - if (VEC_LENGTH(filters) == 0) { - // simple - VEC_ADD(filters,*ifltr); - ifiltermask = mask; - return; - } - if (ifiltermask == mask) { - // lucky - VEC_ADD(filters,*ifltr); - return; - } - IFT cross = ifiltermask ^ mask; - int ishift = 0; - while ((cross & 1) == 0) { - ++ishift; - cross >>= 1; - } - IFT smask = cross & (cross + 1); // shift mask - IFT dmask = cross ^ smask; // direct mask - IFT cmask; // combined mask - int rshift = 0; // relative shift - while (cmask = (smask >> rshift) | dmask,(cmask & (cmask + 1)) != 0) - ++rshift; - // preparations done - if (ifiltermask > mask) { - // already existing stuff has more precise mask than we - // so we need to expand our stuff - ifilter_addexpanded(ifltr,dmask,smask,cmask,ishift,rshift); - } - else { - ifiltermask = mask; - ifilter_expand(dmask,smask,cmask,ishift,rshift); - VEC_ADD(filters,*ifltr); - } -} - -# endif // EXPANDMASK - -# else // OMITMASK - -/* - * struct intfilter layout: filter,mask - * stuff is compared in big-endian way, so memcmp - * filter needs to be compared first - * if its equal, mask needs to be compared - * memcmp is aplicable there too - * due to struct intfilter layout, it all can be stuffed into one memcmp call - */ -static inline int filter_compare(const void *p1,const void *p2) -{ - return memcmp(p1,p2,sizeof(struct intfilter)); -} - -# endif // OMITMASK - -static void filter_sort(void) -{ - size_t len = VEC_LENGTH(filters); - if (len > 0) - qsort(&VEC_BUF(filters,0),len,sizeof(struct intfilter),&filter_compare); -} - -#endif // INTFILTER - -#ifdef BINFILTER - -static inline size_t filter_len(size_t i) -{ - size_t c = VEC_BUF(filters,i).len * 8; - u8 v = VEC_BUF(filters,i).mask; - for (size_t k = 0;;) { - if (!v) - return c; - ++c; - if (++k >= 8) - return c; - v <<= 1; - } -} - -static inline int filter_compare(const void *p1,const void *p2) -{ - const struct binfilter *b1 = (const struct binfilter *)p1; - const struct binfilter *b2 = (const struct binfilter *)p2; - size_t l = b1->len <= b2->len ? b1->len : b2->len; - int cmp = memcmp(b1->f,b2->f,l); - if (cmp) - return cmp; - if (b1->len < b2->len) - return -1; - if (b1->len > b2->len) - return 1; - if (b1->mask < b2->mask) - return -1; - if (b1->mask > b2->mask) - return 1; - return 0; -} - -static void filter_sort(void) -{ - size_t len = VEC_LENGTH(filters); - if (len > 0) - qsort(&VEC_BUF(filters,0),len,sizeof(struct binfilter),&filter_compare); -} - -#endif // BINFILTER - -#ifdef PCRE2FILTER - -#define filter_len(i) ((pcre2ovector[1] - pcre2ovector[0]) * 5) - -#endif // PCRE2FILTER - -static void filters_add(const char *filter) -{ -#ifdef NEEDBINFILTER - struct binfilter bf; - size_t ret; -# ifdef INTFILTER - union intconv { - IFT i; - u8 b[sizeof(IFT)]; - } fc,mc; -# endif - - // skip regex start symbol. we do not support regex tho - if (*filter == '^') - ++filter; - - memset(&bf,0,sizeof(bf)); - - if (!base32_valid(filter,&ret)) { - fprintf(stderr,"filter \"%s\" is invalid\n",filter); - fprintf(stderr," "); - while (ret--) - fputc(' ',stderr); - fprintf(stderr,"^\n"); - return; - } - ret = BASE32_FROM_LEN(ret); - if (!ret) - return; -# ifdef INTFILTER - size_t maxsz = sizeof(IFT); -# else - size_t maxsz = sizeof(bf.f); -# endif - if (ret > maxsz) { - fprintf(stderr,"filter \"%s\" is too long\n",filter); - fprintf(stderr," "); - maxsz = (maxsz * 8) / 5; - while (maxsz--) - fputc(' ',stderr); - fprintf(stderr,"^\n"); - return; - } - base32_from(bf.f,&bf.mask,filter); - bf.len = ret - 1; - -# ifdef INTFILTER - mc.i = 0; - for (size_t i = 0;i < bf.len;++i) - mc.b[i] = 0xFF; - mc.b[bf.len] = bf.mask; - memcpy(fc.b,bf.f,sizeof(fc.b)); - fc.i &= mc.i; - struct intfilter ifltr = { - .f = fc.i, -# ifndef OMITMASK - .m = mc.i, -# endif - }; -# ifdef OMITMASK - ifilter_addflatten(&ifltr,mc.i); -# else // OMITMASK - VEC_ADD(filters,ifltr); -# endif // OMITMASK -# endif // INTFILTER - -# ifdef BINFILTER - VEC_ADD(filters,bf); -# endif // BINFILTER -#endif // NEEDBINFILTER - -#ifdef PCRE2FILTER - int errornum; - PCRE2_SIZE erroroffset; - pcre2_code *re; - re = pcre2_compile((PCRE2_SPTR8)filter,PCRE2_ZERO_TERMINATED, - PCRE2_NO_UTF_CHECK | PCRE2_ANCHORED,&errornum,&erroroffset,0); - if (!re) { - PCRE2_UCHAR buffer[1024]; - pcre2_get_error_message(errornum,buffer,sizeof(buffer)); - fprintf(stderr,"PCRE2 compilation failed at offset " FSZ ": %s\n", - (size_t)erroroffset,buffer); - return; - } - // attempt to JIT. ignore error - (void) pcre2_jit_compile(re,PCRE2_JIT_COMPLETE); - struct pcre2filter f; - memset(&f,0,sizeof(f)); - f.re = re; - size_t fl = strlen(filter) + 1; - f.str = (char *) malloc(fl); - if (!f.str) - abort(); - memcpy(f.str,filter,fl); - VEC_ADD(filters,f); -#endif // PCRE2FILTER -} - -#ifdef NEEDBINFILTER -static void filters_dedup(void) -{ - //TODO -} -#endif // NEEDBINFILTER - -static void filters_prepare(void) -{ -#ifndef PCRE2FILTER - if (!quietflag) - fprintf(stderr,"sorting filters..."); - filter_sort(); - if (wantdedup) { - if (!quietflag) - fprintf(stderr," removing duplicates..."); - filters_dedup(); - } - if (!quietflag) - fprintf(stderr," done.\n"); -#endif -} - -static void filters_clean(void) -{ -#ifdef PCRE2FILTER - for (size_t i = 0;i < VEC_LENGTH(filters);++i) { - pcre2_code_free(VEC_BUF(filters,i).re); - free(VEC_BUF(filters,i).str); - } -#endif - VEC_FREE(filters); -} - -static size_t filters_count(void) -{ - return VEC_LENGTH(filters); -} - -#ifdef INTFILTER - -# ifndef BINSEARCH - -#define MATCHFILTER(it,pk) \ - ((*(IFT *)(pk) & VEC_BUF(filters,it).m) == VEC_BUF(filters,it).f) - -#define DOFILTER(it,pk,code) \ -do { \ - for (it = 0;it < VEC_LENGTH(filters);++it) { \ - if (unlikely(MATCHFILTER(it,pk))) { \ - code; \ - break; \ - } \ - } \ -} while (0) - -# else // BINSEARCH - -# ifdef OMITMASK - -#define DOFILTER(it,pk,code) \ -do { \ - register IFT maskedpk = *(IFT *)(pk) & ifiltermask; \ - for (size_t down = 0,up = VEC_LENGTH(filters);down < up;) { \ - it = (up + down) / 2; \ - if (maskedpk < VEC_BUF(filters,it).f) \ - up = it; \ - else if (maskedpk > VEC_BUF(filters,it).f) \ - down = it + 1; \ - else { \ - code; \ - break; \ - } \ - } \ -} while (0) - -# else // OMITMASK - -#define DOFILTER(it,pk,code) \ -do { \ - for (size_t down = 0,up = VEC_LENGTH(filters);down < up;) { \ - it = (up + down) / 2; \ - IFT maskedpk = *(IFT *)(pk) & VEC_BUF(filters,it).m; \ - register int cmp = memcmp(&maskedpk,&VEC_BUF(filters,it).f,sizeof(IFT)); \ - if (cmp < 0) \ - up = it; \ - else if (cmp > 0) \ - down = it + 1; \ - else { \ - code; \ - break; \ - } \ - } \ -} while (0) - -# endif // OMITMASK - -# endif // BINSEARCH - -#define PREFILTER -#define POSTFILTER - -#endif // INTFILTER - - -#ifdef BINFILTER - -# ifndef BINSEARCH - -#define MATCHFILTER(it,pk) ( \ - memcmp(pk,VEC_BUF(filters,it).f,VEC_BUF(filters,it).len) == 0 && \ - (pk[VEC_BUF(filters,it).len] & VEC_BUF(filters,it).mask) == VEC_BUF(filters,it).f[VEC_BUF(filters,it).len]) - -#define DOFILTER(it,pk,code) \ -do { \ - for (it = 0;it < VEC_LENGTH(filters);++it) { \ - if (unlikely(MATCHFILTER(it,pk))) { \ - code; \ - break; \ - } \ - } \ -} while (0) - -# else // BINSEARCH - -#define DOFILTER(it,pk,code) \ -do { \ - for (size_t down = 0,up = VEC_LENGTH(filters);down < up;) { \ - it = (up + down) / 2; \ - { \ - register int filterdiff = memcmp(pk,VEC_BUF(filters,it).f,VEC_BUF(filters,it).len); \ - if (filterdiff < 0) { \ - up = it; \ - continue; \ - } \ - if (filterdiff > 0) { \ - down = it + 1; \ - continue; \ - } \ - } \ - if ((pk[VEC_BUF(filters,it).len] & VEC_BUF(filters,it).mask) < \ - VEC_BUF(filters,it).f[VEC_BUF(filters,it).len]) \ - { \ - up = it; \ - continue; \ - } \ - if ((pk[VEC_BUF(filters,it).len] & VEC_BUF(filters,it).mask) > \ - VEC_BUF(filters,it).f[VEC_BUF(filters,it).len]) \ - { \ - down = it + 1; \ - continue; \ - } \ - { \ - code; \ - break; \ - } \ - } \ -} while (0) - -# endif // BINSEARCH - -#define PREFILTER -#define POSTFILTER - -#endif // BINFILTER - - -#ifdef PCRE2FILTER - -#define PREFILTER \ - char pkconvbuf[BASE32_TO_LEN(PUBLIC_LEN) + 1]; \ - pcre2_match_data *pcre2md = pcre2_match_data_create(128,0); \ - PCRE2_SIZE *pcre2ovector = 0; - -#define POSTFILTER \ - pcre2_match_data_free(pcre2md); - -#define DOFILTER(it,pk,code) \ -do { \ - base32_to(pkconvbuf,pk,PUBLIC_LEN); \ - size_t __l = VEC_LENGTH(filters); \ - for (it = 0;it < __l;++it) { \ - int rc = pcre2_match(VEC_BUF(filters,it).re,(PCRE2_SPTR8)pkconvbuf,BASE32_TO_LEN(PUBLIC_LEN),0, \ - PCRE2_NO_UTF_CHECK,pcre2md,0); \ - if (unlikely(rc >= 0)) { \ - pcre2ovector = pcre2_get_ovector_pointer(pcre2md); \ - code; \ - break; \ - } \ - } \ -} while (0) +extern struct pfiltervec filters; #endif // PCRE2FILTER -static void loadfilterfile(const char *fname) -{ - char buf[128]; - FILE *f = fopen(fname,"r"); - while (fgets(buf,sizeof(buf),f)) { - for (char *p = buf;*p;++p) { - if (*p == '\n') { - *p = 0; - break; - } - } - if (*buf && *buf != '#' && memcmp(buf,"//",2) != 0) - filters_add(buf); - } -} +extern int flattened; -static void filters_print(void) -{ - if (quietflag) - return; - size_t i,l; - l = VEC_LENGTH(filters); - if (l) - fprintf(stderr,"filters:\n"); - - for (i = 0;i < l;++i) { -#ifdef NEEDBINFILTER - char buf0[256],buf1[256]; - u8 bufx[128]; -#endif - - if (i >= 20) { - size_t notshown = l - i; - fprintf(stderr,"[another " FSZ " %s not shown]\n", - notshown,notshown == 1 ? "filter" : "filters"); - break; - } - -#ifdef INTFILTER - size_t len = 0; - u8 *imraw; - -# ifndef OMITMASK - imraw = (u8 *)&VEC_BUF(filters,i).m; -# else - imraw = (u8 *)&ifiltermask; -# endif - while (len < sizeof(IFT) && imraw[len] != 0x00) ++len; - u8 mask = imraw[len-1]; - u8 *ifraw = (u8 *)&VEC_BUF(filters,i).f; -#endif // INTFILTER - -#ifdef BINFILTER - size_t len = VEC_BUF(filters,i).len + 1; - u8 mask = VEC_BUF(filters,i).mask; - u8 *ifraw = VEC_BUF(filters,i).f; -#endif // BINFILTER -#ifdef NEEDBINFILTER - base32_to(buf0,ifraw,len); - memcpy(bufx,ifraw,len); - bufx[len - 1] |= ~mask; - base32_to(buf1,bufx,len); - char *a = buf0,*b = buf1; - while (*a && *a == *b) - ++a, ++b; - *a = 0; - fprintf(stderr,"\t%s\n",buf0); -#endif // NEEDBINFILTER -#ifdef PCRE2FILTER - fprintf(stderr,"\t%s\n",VEC_BUF(filters,i).str); -#endif // PCRE2FILTER - } - fprintf(stderr,"in total, " FSZ " %s\n",l,l == 1 ? "filter" : "filters"); -} +extern void filters_init(void); +extern void filters_add(const char *filter); +extern size_t filters_count(void); diff --git a/filters_common.inc.h b/filters_common.inc.h new file mode 100644 index 0000000..abeb0fe --- /dev/null +++ b/filters_common.inc.h @@ -0,0 +1,54 @@ +#ifdef INTFILTER + +static inline size_t S(filter_len)(size_t i) +{ +# ifndef OMITMASK + const u8 *m = (const u8 *)&VEC_BUF(filters,i).m; +# else // OMITMASK + (void) i; + const u8 *m = (const u8 *)&ifiltermask; +# endif // OMITMASK + size_t c = 0; + for (size_t j = 0;;) { + u8 v = m[j]; + for (size_t k = 0;;) { + if (!v) + return c; + ++c; + if (++k >= 8) + break; + v <<= 1; + } + if (++j >= sizeof(IFT)) + break; + } + return c; +} +#define filter_len S(filter_len) + +#endif // INTFILTER + +#ifdef BINFILTER + +static inline size_t S(filter_len)(size_t i) +{ + size_t c = VEC_BUF(filters,i).len * 8; + u8 v = VEC_BUF(filters,i).mask; + for (size_t k = 0;;) { + if (!v) + return c; + ++c; + if (++k >= 8) + return c; + v <<= 1; + } +} +#define filter_len S(filter_len) + +#endif // BINFILTER + +#ifdef PCRE2FILTER + +#define filter_len(i) ((pcre2ovector[1] - pcre2ovector[0]) * 5) + +#endif // PCRE2FILTER diff --git a/filters_inc.inc.h b/filters_inc.inc.h new file mode 100644 index 0000000..5eb7f72 --- /dev/null +++ b/filters_inc.inc.h @@ -0,0 +1 @@ +#define S(x) x diff --git a/filters_main.inc.h b/filters_main.inc.h new file mode 100644 index 0000000..e986f9d --- /dev/null +++ b/filters_main.inc.h @@ -0,0 +1,476 @@ + +#include "filters_common.inc.h" +#include "ifilter_bitsum.h" + +#ifdef INTFILTER + +# ifdef OMITMASK + +static inline int filter_compare(const void *p1,const void *p2) +{ + if (((const struct intfilter *)p1)->f < ((const struct intfilter *)p2)->f) + return -1; + if (((const struct intfilter *)p1)->f > ((const struct intfilter *)p2)->f) + return 1; + return 0; +} + +# ifdef EXPANDMASK + +/* + * so we have 2 masks with basically random bits + * we first gonna find where these masks are common + * then we gonna find where new mask has more bits than old + * common areas must be unchanged + * gaps in both must be unchanged + * but new bits must be filled + * therefore, lets just fill old gaps and common areas with 1s + * before add, OR with these 1s + * then perform add. these 1s have property to push positive bits to 0s + * we already know how much new gaps we need to fill, so this wont overflow + * after this addition, AND result with NEG of combined mask, and OR with old value + * this will produce new proper value + * we need to re-fill 1s before every add to keep structure working + */ + +int flattened = 0; + +// add expanded set of values +// allocates space on its own +static void ifilter_addexpanded( + struct intfilter *ifltr, + register IFT newbits, + register IFT notnewbits, + register IFT newbitsum) +{ + flattened = 1; + size_t i = VEC_LENGTH(filters); + VEC_ADDN(filters,newbitsum + 1); + register IFT x = ifltr->f; + register IFT y = 0; + for (size_t j = 0;;++j) { + VEC_BUF(filters,i + j).f = x | y; + if (j == newbitsum) + break; + y = ((y | notnewbits) + 1) & newbits; + } +} + +// expand existing stuff +// allocates needed stuff on its own +static void ifilter_expand( + register IFT newbits, + register IFT notnewbits, + register IFT newbitsum) +{ + flattened = 1; + size_t len = VEC_LENGTH(filters); + VEC_ADDN(filters,newbitsum * len); + size_t esz = newbitsum + 1; // size of expanded elements + for (size_t i = len - 1;;--i) { + register IFT x = VEC_BUF(filters,i).f; + register IFT y = 0; + for (IFT j = 0;;++j) { + VEC_BUF(filters,i * esz + j).f = x | y; + if (j == newbitsum) + break; + y = ((y | notnewbits) + 1) & newbits; + } + if (i == 0) + break; + } +} + +static inline void ifilter_addflatten(struct intfilter *ifltr,IFT mask) +{ + if (VEC_LENGTH(filters) == 0) { + // simple + VEC_ADD(filters,*ifltr); + ifiltermask = mask; + return; + } + if (ifiltermask == mask) { + // lucky + VEC_ADD(filters,*ifltr); + return; + } + + IFT newbits = ifiltermask ^ mask; + IFT notnewbits = ~newbits; + IFT newbitsum = ifilter_bitsum(newbits); + + if (ifiltermask > mask) { + // current mask covers more bits + // expand new filter + ifilter_addexpanded(ifltr,newbits,notnewbits,newbitsum); + } + else { + // new filter mask covers more bits + // adjust current mask and expand current filters + ifiltermask = mask; + ifilter_expand(newbits,notnewbits,newbitsum); + VEC_ADD(filters,*ifltr); + } +} + +# endif // EXPANDMASK + +# else // OMITMASK + +/* + * struct intfilter layout: filter,mask + * stuff is compared in big-endian way, so memcmp + * filter needs to be compared first + * if its equal, mask needs to be compared + * memcmp is aplicable there too + * due to struct intfilter layout, it all can be stuffed into one memcmp call + */ +static inline int filter_compare(const void *p1,const void *p2) +{ + return memcmp(p1,p2,sizeof(struct intfilter)); +} + +# endif // OMITMASK + +static void filter_sort(void) +{ + size_t len = VEC_LENGTH(filters); + if (len > 0) + qsort(&VEC_BUF(filters,0),len,sizeof(struct intfilter),&filter_compare); +} + +#endif // INTFILTER + +#ifdef BINFILTER + +static inline int filter_compare(const void *p1,const void *p2) +{ + const struct binfilter *b1 = (const struct binfilter *)p1; + const struct binfilter *b2 = (const struct binfilter *)p2; + + size_t l = b1->len <= b2->len ? b1->len : b2->len; + + int cmp = memcmp(b1->f,b2->f,l); + if (cmp != 0) + return cmp; + + if (b1->len < b2->len) + return -1; + if (b1->len > b2->len) + return +1; + + u8 cmask = b1->mask & b2->mask; + if ((b1->f[l] & cmask) < (b2->f[l] & cmask)) + return -1; + if ((b1->f[l] & cmask) > (b2->f[l] & cmask)) + return +1; + + if (b1->mask < b2->mask) + return -1; + if (b1->mask > b2->mask) + return +1; + + return 0; +} + +static void filter_sort(void) +{ + size_t len = VEC_LENGTH(filters); + if (len > 0) + qsort(&VEC_BUF(filters,0),len,sizeof(struct binfilter),&filter_compare); +} + +#endif // BINFILTER + + + +#ifndef PCRE2FILTER +static inline int filters_a_includes_b(size_t a,size_t b) +{ +# ifdef INTFILTER +# ifdef OMITMASK + return VEC_BUF(filters,a).f == VEC_BUF(filters,b).f; +# else // OMITMASK + return VEC_BUF(filters,a).f == (VEC_BUF(filters,b).f & VEC_BUF(filters,a).m); +# endif // OMITMASK +# else // INTFILTER + const struct binfilter *fa = &VEC_BUF(filters,a); + const struct binfilter *fb = &VEC_BUF(filters,b); + + if (fa->len > fb->len) + return 0; + size_t l = fa->len; + + int cmp = memcmp(fa->f,fb->f,l); + if (cmp != 0) + return 0; + + if (fa->len < fb->len) + return 1; + + if (fa->mask > fb->mask) + return 0; + + return fa->f[l] == (fb->f[l] & fa->mask); +# endif // INTFILTER +} + +static void filters_dedup(void) +{ + size_t last = ~(size_t)0; // index after last matching element + size_t chk; // element to compare against + size_t st; // start of area to destroy + + size_t len = VEC_LENGTH(filters); + for (size_t i = 1;i < len;++i) { + if (last != i) { + if (filters_a_includes_b(i - 1,i)) { + if (last != ~(size_t)0) { + memmove(&VEC_BUF(filters,st), + &VEC_BUF(filters,last), + (i - last) * VEC_ELSIZE(filters)); + st += i - last; + } + else + st = i; + chk = i - 1; + last = i + 1; + } + } + else { + if (filters_a_includes_b(chk,i)) + last = i + 1; + } + } + if (last != ~(size_t)0) { + memmove(&VEC_BUF(filters,st), + &VEC_BUF(filters,last), + (len - last) * VEC_ELSIZE(filters)); + st += len - last; + VEC_SETLENGTH(filters,st); + } +} +#endif // !PCRE2FILTER + +static void filters_clean(void) +{ +#ifdef PCRE2FILTER + for (size_t i = 0;i < VEC_LENGTH(filters);++i) { + pcre2_code_free(VEC_BUF(filters,i).re); + free(VEC_BUF(filters,i).str); + } +#endif + VEC_FREE(filters); +} + +size_t filters_count(void) +{ + return VEC_LENGTH(filters); +} + + +static void filters_print(void) +{ + if (quietflag) + return; + size_t i,l; + l = VEC_LENGTH(filters); + if (l) + fprintf(stderr,"filters:\n"); + + for (i = 0;i < l;++i) { +#ifdef NEEDBINFILTER + char buf0[256],buf1[256]; + u8 bufx[128]; +#endif + + if (!verboseflag && i >= 20) { + size_t notshown = l - i; + fprintf(stderr,"[another " FSZ " %s not shown]\n", + notshown,notshown == 1 ? "filter" : "filters"); + break; + } + +#ifdef INTFILTER + size_t len = 0; + u8 *imraw; + +# ifndef OMITMASK + imraw = (u8 *)&VEC_BUF(filters,i).m; +# else + imraw = (u8 *)&ifiltermask; +# endif + while (len < sizeof(IFT) && imraw[len] != 0x00) ++len; + u8 mask = imraw[len-1]; + u8 *ifraw = (u8 *)&VEC_BUF(filters,i).f; +#endif // INTFILTER + +#ifdef BINFILTER + size_t len = VEC_BUF(filters,i).len + 1; + u8 mask = VEC_BUF(filters,i).mask; + u8 *ifraw = VEC_BUF(filters,i).f; +#endif // BINFILTER +#ifdef NEEDBINFILTER + base32_to(buf0,ifraw,len); + memcpy(bufx,ifraw,len); + bufx[len - 1] |= ~mask; + base32_to(buf1,bufx,len); + char *a = buf0,*b = buf1; + while (*a && *a == *b) + ++a, ++b; + *a = 0; + fprintf(stderr,"\t%s\n",buf0); +#endif // NEEDBINFILTER +#ifdef PCRE2FILTER + fprintf(stderr,"\t%s\n",VEC_BUF(filters,i).str); +#endif // PCRE2FILTER + } + fprintf(stderr,"in total, " FSZ " %s\n",l,l == 1 ? "filter" : "filters"); +} + +void filters_add(const char *filter) +{ +#ifdef NEEDBINFILTER + struct binfilter bf; + size_t ret; +# ifdef INTFILTER + union intconv { + IFT i; + u8 b[sizeof(IFT)]; + } fc,mc; +# endif + + // skip regex start symbol. we do not support regex tho + if (*filter == '^') + ++filter; + + memset(&bf,0,sizeof(bf)); + + if (!base32_valid(filter,&ret)) { + fprintf(stderr,"filter \"%s\" is not valid base32 string\n",filter); + fprintf(stderr," "); + while (ret--) + fputc(' ',stderr); + fprintf(stderr,"^\n"); + return; + } + + ret = BASE32_FROM_LEN(ret); + if (!ret) + return; +# ifdef INTFILTER + size_t maxsz = sizeof(IFT); +# else + size_t maxsz = sizeof(bf.f); +# endif + if (ret > maxsz) { + fprintf(stderr,"filter \"%s\" is too long\n",filter); + fprintf(stderr," "); + maxsz = (maxsz * 8) / 5; + while (maxsz--) + fputc(' ',stderr); + fprintf(stderr,"^\n"); + return; + } + base32_from(bf.f,&bf.mask,filter); + bf.len = ret - 1; + +# ifdef INTFILTER + mc.i = 0; + for (size_t i = 0;i < bf.len;++i) + mc.b[i] = 0xFF; + mc.b[bf.len] = bf.mask; + memcpy(fc.b,bf.f,sizeof(fc.b)); + fc.i &= mc.i; + + struct intfilter ifltr = { + .f = fc.i, +# ifndef OMITMASK + .m = mc.i, +# endif + }; + +# ifdef OMITMASK + ifilter_addflatten(&ifltr,mc.i); +# else // OMITMASK + VEC_ADD(filters,ifltr); +# endif // OMITMASK +# endif // INTFILTER + +# ifdef BINFILTER + VEC_ADD(filters,bf); +# endif // BINFILTER +#endif // NEEDBINFILTER + +#ifdef PCRE2FILTER + int errornum; + PCRE2_SIZE erroroffset; + pcre2_code *re; + + re = pcre2_compile((PCRE2_SPTR8)filter,PCRE2_ZERO_TERMINATED, + PCRE2_NO_UTF_CHECK | PCRE2_ANCHORED,&errornum,&erroroffset,0); + if (!re) { + PCRE2_UCHAR buffer[1024]; + pcre2_get_error_message(errornum,buffer,sizeof(buffer)); + fprintf(stderr,"PCRE2 compilation failed at offset " FSZ ": %s\n", + (size_t)erroroffset,buffer); + return; + } + + // attempt to JIT. ignore error + (void) pcre2_jit_compile(re,PCRE2_JIT_COMPLETE); + + struct pcre2filter f; + memset(&f,0,sizeof(f)); + f.re = re; + size_t fl = strlen(filter) + 1; + f.str = (char *) malloc(fl); + if (!f.str) + abort(); + memcpy(f.str,filter,fl); + VEC_ADD(filters,f); +#endif // PCRE2FILTER +} + +static void filters_prepare(void) +{ +#ifndef PCRE2FILTER + if (!quietflag) + fprintf(stderr,"sorting filters..."); + filter_sort(); + if (wantdedup) { + if (!quietflag) + fprintf(stderr," removing duplicates..."); + filters_dedup(); + } + if (!quietflag) + fprintf(stderr," done.\n"); +#endif +} + +static bool loadfilterfile(const char *fname) +{ + char buf[128]; + FILE *f = fopen(fname,"r"); + if (!f) { + fprintf(stderr,"failed to load filter file \"%s\": %s\n",fname,strerror(errno)); + return false; + } + while (fgets(buf,sizeof(buf),f)) { + for (char *p = buf;*p;++p) { + if (*p == '\n') { + *p = 0; + break; + } + } + if (*buf && *buf != '#' && memcmp(buf,"//",2) != 0) + filters_add(buf); + } + int fe = ferror(f); + fclose(f); + if (fe != 0) { + fprintf(stderr,"failure while reading filter file \"%s\": %s\n",fname,strerror(fe)); + return false; + } + return true; +} diff --git a/filters_worker.inc.h b/filters_worker.inc.h new file mode 100644 index 0000000..3f48746 --- /dev/null +++ b/filters_worker.inc.h @@ -0,0 +1,194 @@ + +#ifdef BINFILTER + +struct bfiltervec filters; + +#endif // BINFILTER + + + +#ifdef INTFILTER + +struct ifiltervec filters; + +# ifdef OMITMASK +IFT ifiltermask; +# endif + +#endif // INTFILTER + + + +#ifdef PCRE2FILTER + +struct pfiltervec filters; + +#endif // PCRE2FILTER + + + +void filters_init(void) +{ + VEC_INIT(filters); +} + + + +#include "filters_common.inc.h" + + + +#ifdef INTFILTER + +# ifndef BINSEARCH + +#define MATCHFILTER(it,pk) \ + ((*(IFT *)(pk) & VEC_BUF(filters,it).m) == VEC_BUF(filters,it).f) + +#define DOFILTER(it,pk,code) \ +do { \ + for (it = 0;it < VEC_LENGTH(filters);++it) { \ + if (unlikely(MATCHFILTER(it,pk))) { \ + code; \ + break; \ + } \ + } \ +} while (0) + +# else // BINSEARCH + +# ifdef OMITMASK + +#define DOFILTER(it,pk,code) \ +do { \ + register IFT maskedpk = *(IFT *)(pk) & ifiltermask; \ + for (size_t down = 0,up = VEC_LENGTH(filters);down < up;) { \ + it = (up + down) / 2; \ + if (maskedpk < VEC_BUF(filters,it).f) \ + up = it; \ + else if (maskedpk > VEC_BUF(filters,it).f) \ + down = it + 1; \ + else { \ + code; \ + break; \ + } \ + } \ +} while (0) + +# else // OMITMASK + +#define DOFILTER(it,pk,code) \ +do { \ + for (size_t down = 0,up = VEC_LENGTH(filters);down < up;) { \ + it = (up + down) / 2; \ + IFT maskedpk = *(IFT *)(pk) & VEC_BUF(filters,it).m; \ + register int cmp = memcmp(&maskedpk,&VEC_BUF(filters,it).f,sizeof(IFT)); \ + if (cmp < 0) \ + up = it; \ + else if (cmp > 0) \ + down = it + 1; \ + else { \ + code; \ + break; \ + } \ + } \ +} while (0) + +# endif // OMITMASK + +# endif // BINSEARCH + +#define PREFILTER +#define POSTFILTER + +#endif // INTFILTER + + +#ifdef BINFILTER + +# ifndef BINSEARCH + +#define MATCHFILTER(it,pk) ( \ + memcmp(pk,VEC_BUF(filters,it).f,VEC_BUF(filters,it).len) == 0 && \ + (pk[VEC_BUF(filters,it).len] & VEC_BUF(filters,it).mask) == VEC_BUF(filters,it).f[VEC_BUF(filters,it).len]) + +#define DOFILTER(it,pk,code) \ +do { \ + for (it = 0;it < VEC_LENGTH(filters);++it) { \ + if (unlikely(MATCHFILTER(it,pk))) { \ + code; \ + break; \ + } \ + } \ +} while (0) + +# else // BINSEARCH + +#define DOFILTER(it,pk,code) \ +do { \ + for (size_t down = 0,up = VEC_LENGTH(filters);down < up;) { \ + it = (up + down) / 2; \ + { \ + register int filterdiff = memcmp(pk,VEC_BUF(filters,it).f,VEC_BUF(filters,it).len); \ + if (filterdiff < 0) { \ + up = it; \ + continue; \ + } \ + if (filterdiff > 0) { \ + down = it + 1; \ + continue; \ + } \ + } \ + if ((pk[VEC_BUF(filters,it).len] & VEC_BUF(filters,it).mask) < \ + VEC_BUF(filters,it).f[VEC_BUF(filters,it).len]) \ + { \ + up = it; \ + continue; \ + } \ + if ((pk[VEC_BUF(filters,it).len] & VEC_BUF(filters,it).mask) > \ + VEC_BUF(filters,it).f[VEC_BUF(filters,it).len]) \ + { \ + down = it + 1; \ + continue; \ + } \ + { \ + code; \ + break; \ + } \ + } \ +} while (0) + +# endif // BINSEARCH + +#define PREFILTER +#define POSTFILTER + +#endif // BINFILTER + + +#ifdef PCRE2FILTER + +#define PREFILTER \ + char pkconvbuf[BASE32_TO_LEN(PUBLIC_LEN) + 1]; \ + pcre2_match_data *pcre2md = pcre2_match_data_create(128,0); \ + PCRE2_SIZE *pcre2ovector = 0; + +#define POSTFILTER \ + pcre2_match_data_free(pcre2md); + +#define DOFILTER(it,pk,code) \ +do { \ + base32_to(pkconvbuf,pk,PUBLIC_LEN); \ + size_t __l = VEC_LENGTH(filters); \ + for (it = 0;it < __l;++it) { \ + int rc = pcre2_match(VEC_BUF(filters,it).re,(PCRE2_SPTR8)pkconvbuf,BASE32_TO_LEN(PUBLIC_LEN),0, \ + PCRE2_NO_UTF_CHECK,pcre2md,0); \ + if (unlikely(rc >= 0)) { \ + pcre2ovector = pcre2_get_ovector_pointer(pcre2md); \ + code; \ + break; \ + } \ + } \ +} while (0) + +#endif // PCRE2FILTER diff --git a/ifilter_bitsum.h b/ifilter_bitsum.h new file mode 100644 index 0000000..2c0a5db --- /dev/null +++ b/ifilter_bitsum.h @@ -0,0 +1,32 @@ + +#ifdef EXPANDMASK + +#ifdef __GNUC__ + +static IFT ifilter_bitsum(IFT x) +{ + if (sizeof(IFT) == 16) + return (((IFT) 1) << + (__builtin_popcountll((unsigned long long) (x >> (sizeof(IFT) * 8 / 2))) + + __builtin_popcountll((unsigned long long) x))) - 1; + if (sizeof(IFT) == 8) + return (((IFT) 1) << __builtin_popcountll((unsigned long long) x)) - 1; + + return (((IFT) 1) << __builtin_popcount((unsigned int) x)) - 1; +} + +#else // __GNUC__ + +static IFT ifilter_bitsum(IFT x) +{ + int v = 0; + while (x != 0) { + x &= x - 1; + v++; + } + return (((IFT) 1) << v) - 1; +} + +#endif // __GNUC__ + +#endif // EXPANDMASK diff --git a/ioutil.c b/ioutil.c index f3b4c1f..5d1edca 100644 --- a/ioutil.c +++ b/ioutil.c @@ -1,7 +1,10 @@ #include #include +#include #include "types.h" #include "ioutil.h" +#include "vec.h" +#include #ifndef _WIN32 @@ -31,7 +34,7 @@ FH createfile(const char *path,int secret) int fd; do { fd = open(path,O_WRONLY | O_CREAT | O_TRUNC,secret ? 0600 : 0666); - if (fd == -1) { + if (fd < 0) { if (errno == EINTR) continue; return -1; @@ -45,7 +48,7 @@ int closefile(FH fd) int cret; do { cret = close(fd); - if (cret == -1) { + if (cret < 0) { if (errno == EINTR) continue; return -1; @@ -59,6 +62,122 @@ int createdir(const char *path,int secret) return mkdir(path,secret ? 0700 : 0777); } +static int syncwritefile(const char *filename,const char *tmpname,int secret,const u8 *data,size_t datalen) +{ + FH f = createfile(tmpname,secret); + if (f == FH_invalid) + return -1; + + if (writeall(f,data,datalen) < 0) { + goto failclose; + } + + int sret; + do { + sret = fsync(f); + if (sret < 0) { + if (errno == EINTR) + continue; + + goto failclose; + } + } while (0); + + if (closefile(f) < 0) { + goto failrm; + } + + if (rename(tmpname,filename) < 0) { + goto failrm; + } + + return 0; + +failclose: + (void) closefile(f); +failrm: + remove(tmpname); + + return -1; +} + +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen) +{ + //fprintf(stderr,"filename = %s\n",filename); + + size_t fnlen = strlen(filename); + + VEC_STRUCT(,char) tmpnamebuf; + VEC_INIT(tmpnamebuf); + VEC_ADDN(tmpnamebuf,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); + memcpy(&VEC_BUF(tmpnamebuf,0),filename,fnlen); + strcpy(&VEC_BUF(tmpnamebuf,fnlen),".tmp"); + const char *tmpname = &VEC_BUF(tmpnamebuf,0); + + //fprintf(stderr,"tmpname = %s\n",tmpname); + + int r = syncwritefile(filename,tmpname,secret,data,datalen); + + VEC_FREE(tmpnamebuf); + + if (r < 0) + return r; + + VEC_STRUCT(,char) dirnamebuf; + VEC_INIT(dirnamebuf); + const char *dirname; + + for (ssize_t x = ((ssize_t)fnlen) - 1;x >= 0;--x) { + if (filename[x] == '/') { + if (x) + --x; + ++x; + VEC_ADDN(dirnamebuf,x + 1); + memcpy(&VEC_BUF(dirnamebuf,0),filename,x); + VEC_BUF(dirnamebuf,x) = '\0'; + dirname = &VEC_BUF(dirnamebuf,0); + goto foundslash; + } + } + /* not found slash, fall back to "." */ + dirname = "."; + +foundslash: + //fprintf(stderr,"dirname = %s\n",dirname); + ; + + int dirf; + do { + dirf = open(dirname,O_RDONLY); + if (dirf < 0) { + if (errno == EINTR) + continue; + + // failed for non-eintr reasons + goto skipdsync; // don't really care enough + } + } while (0); + + int sret; + do { + sret = fsync(dirf); + if (sret < 0) { + if (errno == EINTR) + continue; + + // failed for non-eintr reasons + break; // don't care + } + } while (0); + + (void) closefile(dirf); // don't care + +skipdsync: + VEC_FREE(dirnamebuf); + + return 0; +} + #else int writeall(FH fd,const u8 *data,size_t len) @@ -95,9 +214,72 @@ int closefile(FH fd) int createdir(const char *path,int secret) { // XXX don't know how to handle secret argument + (void) secret; return CreateDirectoryA(path,0) ? 0 : -1; } +static int syncwritefile(const char *filename,const char *tmpname,int secret,const u8 *data,size_t datalen) +{ + FH f = createfile(tmpname,secret); + if (f == FH_invalid) { + //fprintf(stderr,"!failed to create\n"); + return -1; + } + + + if (writeall(f,data,datalen) < 0) { + //fprintf(stderr,"!failed to write\n"); + goto failclose; + } + + if (FlushFileBuffers(f) == 0) { + //fprintf(stderr,"!failed to flush\n"); + goto failclose; + } + + if (closefile(f) < 0) { + //fprintf(stderr,"!failed to close\n"); + goto failrm; + } + + if (MoveFileExA(tmpname,filename,MOVEFILE_REPLACE_EXISTING) == 0) { + //fprintf(stderr,"!failed to move\n"); + goto failrm; + } + + return 0; + +failclose: + (void) closefile(f); +failrm: + remove(tmpname); + + return -1; +} + +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen) +{ + size_t fnlen = strlen(filename); + + VEC_STRUCT(,char) tmpnamebuf; + VEC_INIT(tmpnamebuf); + VEC_ADDN(tmpnamebuf,fnlen + 4 /* ".tmp" */ + 1 /* "\0" */); + memcpy(&VEC_BUF(tmpnamebuf,0),filename,fnlen); + strcpy(&VEC_BUF(tmpnamebuf,fnlen),".tmp"); + const char *tmpname = &VEC_BUF(tmpnamebuf,0); + + int r = syncwritefile(filename,tmpname,secret,data,datalen); + + VEC_FREE(tmpnamebuf); + + if (r < 0) + return r; + + // can't fsync parent dir on windows so just end here + + return 0; +} + #endif int writetofile(const char *path,const u8 *data,size_t len,int secret) diff --git a/ioutil.h b/ioutil.h index c7a1dab..5244508 100644 --- a/ioutil.h +++ b/ioutil.h @@ -18,3 +18,4 @@ int closefile(FH fd); int writeall(FH,const u8 *data,size_t len); int writetofile(const char *path,const u8 *data,size_t len,int secret); int createdir(const char *path,int secret); +int syncwrite(const char *filename,int secret,const u8 *data,size_t datalen); diff --git a/main.c b/main.c index ecd0802..213698a 100644 --- a/main.c +++ b/main.c @@ -1,49 +1,53 @@ -#ifdef __linux__ #define _POSIX_C_SOURCE 200112L -#endif #include #include +#include #include +#include #include #include #include #include #include #include +#ifdef PASSPHRASE +#include +#endif #include #include "types.h" -#include "likely.h" #include "vec.h" #include "base32.h" #include "cpucount.h" #include "keccak.h" -#include "ed25519/ed25519.h" #include "ioutil.h" #include "common.h" #include "yaml.h" +#include "filters.h" + +#include "worker.h" + +#include "likely.h" + #ifndef _WIN32 #define FSZ "%zu" #else #define FSZ "%Iu" #endif -// additional 0 terminator is added by C -static const char * const pkprefix = "== ed25519v1-public: type0 ==\0\0"; -static const char * const skprefix = "== ed25519v1-secret: type0 ==\0\0"; - -static const char checksumstr[] = ".onion checksum"; -#define checksumstrlen (sizeof(checksumstr) - 1) // 15 - -// output directory -static char *workdir = 0; -static size_t workdirlen = 0; +// Argon2 hashed passphrase stretching settings +// NOTE: changing these will break compatibility +#define PWHASH_OPSLIMIT 48 +#define PWHASH_MEMLIMIT 64 * 1024 * 1024 +#define PWHASH_ALG crypto_pwhash_ALG_ARGON2ID13 static int quietflag = 0; -//static int wantdedup = 0; -#define wantdedup 0 +static int verboseflag = 0; +#ifndef PCRE2FILTER +static int wantdedup = 0; +#endif // 0, direndpos, onionendpos // printstartpos = either 0 or direndpos @@ -53,17 +57,14 @@ size_t direndpos; // end of dir before .onion within string size_t printstartpos; // where to start printing from size_t printlen; // precalculated, related to printstartpos -static int yamloutput = 0; -static int numwords = 1; -static size_t numneedgenerate = 0; - -static pthread_mutex_t keysgenerated_mutex; -static volatile size_t keysgenerated = 0; -static volatile int endwork = 0; - pthread_mutex_t fout_mutex; FILE *fout; +#ifdef PASSPHRASE +u8 orig_determseed[SEED_LEN]; +const char *checkpointfile = 0; +#endif + static void termhandler(int sig) { switch (sig) { @@ -74,32 +75,7 @@ static void termhandler(int sig) } } -#include "filters.h" - #ifdef STATISTICS -#define ADDNUMSUCCESS ++st->numsuccess.v -#else -#define ADDNUMSUCCESS do ; while (0) -#endif - -// statistics, if enabled -#ifdef STATISTICS -struct statstruct { - union { - u32 v; - size_t align; - } numcalc; - union { - u32 v; - size_t align; - } numsuccess; - union { - u32 v; - size_t align; - } numrestart; -} ; -VEC_STRUCT(statsvec,struct statstruct); - struct tstatstruct { u64 numcalc; u64 numsuccess; @@ -111,327 +87,76 @@ struct tstatstruct { VEC_STRUCT(tstatsvec,struct tstatstruct); #endif -static void onionready(char *sname,const u8 *secret,const u8 *pubonion) -{ - if (endwork) - return; - - if (numneedgenerate) { - pthread_mutex_lock(&keysgenerated_mutex); - if (keysgenerated >= numneedgenerate) { - pthread_mutex_unlock(&keysgenerated_mutex); - return; - } - ++keysgenerated; - if (keysgenerated == numneedgenerate) - endwork = 1; - pthread_mutex_unlock(&keysgenerated_mutex); - } - - if (!yamloutput) { - if (createdir(sname,1) != 0) { - pthread_mutex_lock(&fout_mutex); - fprintf(stderr,"ERROR: could not create directory for key output\n"); - pthread_mutex_unlock(&fout_mutex); - return; - } - - strcpy(&sname[onionendpos],"/hs_ed25519_secret_key"); - writetofile(sname,secret,FORMATTED_SECRET_LEN,1); - - strcpy(&sname[onionendpos],"/hs_ed25519_public_key"); - writetofile(sname,pubonion,FORMATTED_PUBLIC_LEN,0); - - strcpy(&sname[onionendpos],"/hostname"); - FILE *hfile = fopen(sname,"w"); - sname[onionendpos] = '\n'; - if (hfile) { - fwrite(&sname[direndpos],ONION_LEN + 1,1,hfile); - fclose(hfile); - } - if (fout) { - pthread_mutex_lock(&fout_mutex); - fwrite(&sname[printstartpos],printlen,1,fout); - fflush(fout); - pthread_mutex_unlock(&fout_mutex); - } - } else - yamlout_writekeys(&sname[direndpos],pubonion,secret); -} - -union pubonionunion { - u8 raw[PKPREFIX_SIZE + PUBLIC_LEN + 32]; - struct { - u64 prefix[4]; - u64 key[4]; - u64 hash[4]; - } i; -} ; - -static char *makesname() -{ - char *sname = (char *) malloc(workdirlen + ONION_LEN + 63 + 1); - if (!sname) - abort(); - if (workdir) - memcpy(sname,workdir,workdirlen); - return sname; -} - -// little endian inc -static void addsk32(u8 *sk) -{ - register unsigned int c = 8; - for (size_t i = 0;i < 32;++i) { - c = (unsigned int)sk[i] + c; sk[i] = c & 0xFF; c >>= 8; - // unsure if needed - if (!c) break; - } -} - -// 0123 4567 xxxx --3--> 3456 7xxx -// 0123 4567 xxxx --1--> 1234 567x -static inline void shiftpk(u8 *dst,const u8 *src,size_t sbits) -{ - size_t i,sbytes = sbits / 8; - sbits %= 8; - for (i = 0;i + sbytes < PUBLIC_LEN;++i) { - dst[i] = (u8) ((src[i+sbytes] << sbits) | - (src[i+sbytes+1] >> (8 - sbits))); - } - for(;i < PUBLIC_LEN;++i) - dst[i] = 0; -} - -static void *dowork(void *task) -{ - union pubonionunion pubonion; - u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; - u8 secret[SKPREFIX_SIZE + SECRET_LEN]; - u8 * const sk = &secret[SKPREFIX_SIZE]; - u8 seed[SEED_LEN]; - u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; - u8 wpk[PUBLIC_LEN + 1]; - size_t i; - char *sname; -#ifdef STATISTICS - struct statstruct *st = (struct statstruct *)task; -#endif - PREFILTER - - memcpy(secret,skprefix,SKPREFIX_SIZE); - wpk[PUBLIC_LEN] = 0; - memset(&pubonion,0,sizeof(pubonion)); - memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); - // write version later as it will be overwritten by hash - memcpy(hashsrc,checksumstr,checksumstrlen); - hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version - - sname = makesname(); - -initseed: - randombytes(seed,sizeof(seed)); - ed25519_seckey_expand(sk,seed); -#ifdef STATISTICS - ++st->numrestart.v; -#endif - -again: - if (unlikely(endwork)) - goto end; - - ed25519_pubkey(pk,sk); - -#ifdef STATISTICS - ++st->numcalc.v; -#endif - - DOFILTER(i,pk,{ - if (numwords > 1) { - shiftpk(wpk,pk,filter_len(i)); - size_t j; - for (int w = 1;;) { - DOFILTER(j,wpk,goto secondfind); - goto next; - secondfind: - if (++w >= numwords) - break; - shiftpk(wpk,wpk,filter_len(j)); - } - } - // sanity check - if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) - goto initseed; - - ADDNUMSUCCESS; - - // calc checksum - memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); - FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); - // version byte - pk[PUBLIC_LEN + 2] = 0x03; - // base32 - strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); - pk[PUBLIC_LEN] = 0; - goto initseed; - }); -next: - addsk32(sk); - goto again; - -end: - free(sname); - POSTFILTER - sodium_memzero(secret,sizeof(secret)); - sodium_memzero(seed,sizeof(seed)); - return 0; -} - -static void addsztoscalar32(u8 *dst,size_t v) -{ - int i; - u32 c = 0; - for (i = 0;i < 32;++i) { - c += *dst + (v & 0xFF); *dst = c & 0xFF; c >>= 8; - v >>= 8; - ++dst; - } -} - -static void *dofastwork(void *task) -{ - union pubonionunion pubonion; - u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; - u8 secret[SKPREFIX_SIZE + SECRET_LEN]; - u8 * const sk = &secret[SKPREFIX_SIZE]; - u8 seed[SEED_LEN]; - u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; - u8 wpk[PUBLIC_LEN + 1]; - ge_p3 ge_public; - size_t counter; - size_t i; - char *sname; -#ifdef STATISTICS - struct statstruct *st = (struct statstruct *)task; -#endif - PREFILTER - - memcpy(secret,skprefix,SKPREFIX_SIZE); - wpk[PUBLIC_LEN] = 0; - memset(&pubonion,0,sizeof(pubonion)); - memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); - // write version later as it will be overwritten by hash - memcpy(hashsrc,checksumstr,checksumstrlen); - hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version - - sname = makesname(); - -initseed: -#ifdef STATISTICS - ++st->numrestart.v; -#endif - randombytes(seed,sizeof(seed)); - ed25519_seckey_expand(sk,seed); - - ge_scalarmult_base(&ge_public,sk); - ge_p3_tobytes(pk,&ge_public); - - for (counter = 0;counter < SIZE_MAX-8;counter += 8) { - ge_p1p1 sum; - - if (unlikely(endwork)) - goto end; - - DOFILTER(i,pk,{ - if (numwords > 1) { - shiftpk(wpk,pk,filter_len(i)); - size_t j; - for (int w = 1;;) { - DOFILTER(j,wpk,goto secondfind); - goto next; - secondfind: - if (++w >= numwords) - break; - shiftpk(wpk,wpk,filter_len(j)); - } - } - // found! - // update secret key with counter - addsztoscalar32(sk,counter); - // sanity check - if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) - goto initseed; - - ADDNUMSUCCESS; - - // calc checksum - memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); - FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); - // version byte - pk[PUBLIC_LEN + 2] = 0x03; - // full name - strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); - onionready(sname,secret,pubonion.raw); - pk[PUBLIC_LEN] = 0; - // don't reuse same seed - goto initseed; - }); - next: - ge_add(&sum, &ge_public,&ge_eightpoint); - ge_p1p1_to_p3(&ge_public,&sum); - ge_p3_tobytes(pk,&ge_public); -#ifdef STATISTICS - ++st->numcalc.v; -#endif - } - goto initseed; - -end: - free(sname); - POSTFILTER - sodium_memzero(secret,sizeof(secret)); - sodium_memzero(seed,sizeof(seed)); - return 0; -} - static void printhelp(FILE *out,const char *progname) { fprintf(out, - "Usage: %s filter [filter...] [options]\n" - " %s -f filterfile [options]\n" + // 1 2 3 4 5 6 7 + //1234567890123456789012345678901234567890123456789012345678901234567890123456789 + "Usage: %s FILTER [FILTER...] [OPTION]\n" + " %s -f FILTERFILE [OPTION]\n" "Options:\n" - "\t-h - print help to stdout and quit\n" - "\t-f - instead of specifying filter(s) via commandline, specify filter file which contains filters separated by newlines\n" - "\t-q - do not print diagnostic output to stderr\n" - "\t-x - do not print onion names\n" - "\t-o filename - output onion names to specified file (append)\n" - "\t-O filename - output onion names to specified file (overwrite)\n" - "\t-F - include directory names in onion names output\n" - "\t-d dirname - output directory\n" - "\t-t numthreads - specify number of threads (default - auto)\n" - "\t-j numthreads - same as -t\n" - "\t-n numkeys - specify number of keys (default - 0 - unlimited)\n" - "\t-N numwords - specify number of words per key (default - 1)\n" - "\t-z - use faster key generation method. this is now default\n" - "\t-Z - use slower key generation method\n" - "\t-s - print statistics each 10 seconds\n" - "\t-S t - print statistics every specified ammount of seconds\n" - "\t-T - do not reset statistics counters when printing\n" - "\t-y - output generated keys in YAML format instead of dumping them to filesystem\n" - "\t-Y [filename [host.onion]] - parse YAML encoded input and extract key(s) to filesystem\n" + " -f FILTERFILE specify filter file which contains filters separated\n" + " by newlines.\n" + " -D deduplicate filters.\n" + " -q do not print diagnostic output to stderr.\n" + " -x do not print onion names.\n" + " -v print more diagnostic data.\n" + " -o FILENAME output onion names to specified file (append).\n" + " -O FILENAME output onion names to specified file (overwrite).\n" + " -F include directory names in onion names output.\n" + " -d DIRNAME output directory.\n" + " -t NUMTHREADS specify number of threads to utilise\n" + " (default - try detecting CPU core count).\n" + " -j NUMTHREADS same as -t.\n" + " -n NUMKEYS specify number of keys (default - 0 - unlimited).\n" + " -N NUMWORDS specify number of words per key (default - 1).\n" + " -Z deprecated, does nothing.\n" + " -z deprecated, does nothing.\n" + " -B use batching key generation method (current default).\n" + " -s print statistics each 10 seconds.\n" + " -S SECONDS print statistics every specified amount of seconds.\n" + " -T do not reset statistics counters when printing.\n" + " -y output generated keys in YAML format instead of\n" + " dumping them to filesystem.\n" + " -Y [FILENAME [host.onion]]\n" + " parse YAML encoded input and extract key(s) to\n" + " filesystem.\n" +#ifdef PASSPHRASE + " -p PASSPHRASE use passphrase to initialize the random seed with.\n" + " -P same as -p, but takes passphrase from PASSPHRASE\n" + " environment variable.\n" + " --checkpoint filename\n" + " load/save checkpoint of progress to specified file\n" + " (requires passphrase).\n" + " --skipnear skip near passphrase keys; you probably want this\n" + " because of improved safety unless you're trying to\n" + " regenerate an old key; possible future default.\n" + " --warnnear print warning about passphrase key being near another\n" + " (safety hazard); prefer --skipnear to this unless\n" + " you're regenerating an old key.\n" +#endif + " --rawyaml raw (unprefixed) public/secret keys for -y/-Y\n" + " (may be useful for tor controller API).\n" + " -h, --help, --usage print help to stdout and quit.\n" + " -V, --version print version information to stdout and exit.\n" ,progname,progname); fflush(out); } -static void e_additional() +static void printversion(void) +{ + fprintf(stdout,"mkp224o " VERSION "\n"); + fflush(stdout); +} + +static void e_additional(void) { fprintf(stderr,"additional argument required\n"); exit(1); } #ifndef STATISTICS -static void e_nostatistics() +static void e_nostatistics(void) { fprintf(stderr,"statistics support not compiled in\n"); exit(1); @@ -466,19 +191,94 @@ static void setworkdir(const char *wd) fprintf(stderr,"set workdir: %s\n",workdir); } -VEC_STRUCT(threadvec, pthread_t); +#ifdef PASSPHRASE +static void setpassphrase(const char *pass) +{ + static u8 salt[crypto_pwhash_SALTBYTES] = {0}; + fprintf(stderr,"expanding passphrase (may take a while)..."); + if (crypto_pwhash(determseed,sizeof(determseed), + pass,strlen(pass),salt, + PWHASH_OPSLIMIT,PWHASH_MEMLIMIT,PWHASH_ALG) != 0) + { + fprintf(stderr," out of memory!\n"); + exit(1); + } + fprintf(stderr," done.\n"); +} + +static void savecheckpoint(void) +{ + u8 checkpoint[SEED_LEN]; + bool carry = 0; + pthread_mutex_lock(&determseed_mutex); + for (int i = 0; i < SEED_LEN; i++) { + checkpoint[i] = determseed[i] - orig_determseed[i] - carry; + carry = checkpoint[i] > determseed[i]; + } + pthread_mutex_unlock(&determseed_mutex); + + if (syncwrite(checkpointfile,1,checkpoint,SEED_LEN) < 0) { + pthread_mutex_lock(&fout_mutex); + fprintf(stderr,"ERROR: could not save checkpoint to \"%s\"\n",checkpointfile); + pthread_mutex_unlock(&fout_mutex); + } +} + +static volatile int checkpointer_endwork = 0; + +static void *checkpointworker(void *arg) +{ + (void) arg; + + struct timespec ts; + memset(&ts,0,sizeof(ts)); + ts.tv_nsec = 100000000; + + struct timespec nowtime; + u64 ilasttime,inowtime; + clock_gettime(CLOCK_MONOTONIC,&nowtime); + ilasttime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); + + while (!unlikely(checkpointer_endwork)) { + + clock_gettime(CLOCK_MONOTONIC,&nowtime); + inowtime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); + + if ((i64)(inowtime - ilasttime) >= 300 * 1000000 /* 5 minutes */) { + savecheckpoint(); + ilasttime = inowtime; + } + } + + savecheckpoint(); + + return 0; +} +#endif + +VEC_STRUCT(threadvec,pthread_t); + +#include "filters_inc.inc.h" +#include "filters_main.inc.h" + +enum worker_type { + WT_BATCH, +}; int main(int argc,char **argv) { const char *outfile = 0; const char *infile = 0; - const char *hostname = 0; + const char *onehostname = 0; const char *arg; int ignoreargs = 0; int dirnameflag = 0; int numthreads = 0; - int fastkeygen = 1; + enum worker_type wt = WT_BATCH; int yamlinput = 0; +#ifdef PASSPHRASE + int deterministic = 0; +#endif int outfileoverwrite = 0; struct threadvec threads; #ifdef STATISTICS @@ -493,7 +293,7 @@ int main(int argc,char **argv) fprintf(stderr,"sodium_init() failed\n"); return 1; } - ge_initeightpoint(); + worker_init(); filters_init(); setvbuf(stderr,0,_IONBF,0); @@ -525,6 +325,28 @@ int main(int argc,char **argv) printhelp(stdout,progname); exit(0); } + else if (!strcmp(arg,"version")) { + printversion(); + exit(0); + } + else if (!strcmp(arg,"rawyaml")) + yamlraw = 1; +#ifdef PASSPHRASE + else if (!strcmp(arg,"checkpoint")) { + if (argc--) + checkpointfile = *argv++; + else + e_additional(); + } + else if (!strcmp(arg,"skipnear")) { + pw_skipnear = 1; + pw_warnnear = 0; + } + else if (!strcmp(arg,"warnnear")) { + pw_warnnear = 1; + pw_skipnear = 0; + } +#endif // PASSPHRASE else { fprintf(stderr,"unrecognised argument: --%s\n",arg); exit(1); @@ -540,16 +362,31 @@ int main(int argc,char **argv) printhelp(stdout,progname); exit(0); } + else if (*arg == 'V') { + printversion(); + exit(0); + } else if (*arg == 'f') { - if (argc--) - loadfilterfile(*argv++); + if (argc--) { + if (!loadfilterfile(*argv++)) + exit(1); + } else e_additional(); } + else if (*arg == 'D') { +#ifndef PCRE2FILTER + wantdedup = 1; +#else + fprintf(stderr,"WARNING: deduplication isn't supported with regex filters\n"); +#endif + } else if (*arg == 'q') ++quietflag; else if (*arg == 'x') fout = 0; + else if (*arg == 'v') + verboseflag = 1; else if (*arg == 'o') { outfileoverwrite = 0; if (argc--) @@ -591,9 +428,11 @@ int main(int argc,char **argv) e_additional(); } else if (*arg == 'Z') - fastkeygen = 0; + /* ignored */ ; else if (*arg == 'z') - fastkeygen = 1; + /* ignored */ ; + else if (*arg == 'B') + wt = WT_BATCH; else if (*arg == 's') { #ifdef STATISTICS reportdelay = 10000000; @@ -629,16 +468,35 @@ int main(int argc,char **argv) infile = 0; if (argc) { --argc; - hostname = *argv++; - if (!*hostname) - hostname = 0; - if (hostname && strlen(hostname) != ONION_LEN) { + onehostname = *argv++; + if (!*onehostname) + onehostname = 0; + if (onehostname && strlen(onehostname) != ONION_LEN) { fprintf(stderr,"bad onion argument length\n"); exit(1); } } } } +#ifdef PASSPHRASE + else if (*arg == 'p') { + if (argc--) { + setpassphrase(*argv++); + deterministic = 1; + } + else + e_additional(); + } + else if (*arg == 'P') { + const char *pass = getenv("PASSPHRASE"); + if (!pass) { + fprintf(stderr,"store passphrase in PASSPHRASE environment variable\n"); + exit(1); + } + setpassphrase(pass); + deterministic = 1; + } +#endif // PASSPHRASE else { fprintf(stderr,"unrecognised argument: -%c\n",*arg); exit(1); @@ -650,6 +508,23 @@ int main(int argc,char **argv) filters_add(arg); } + if (yamlinput && yamloutput) { + fprintf(stderr,"both -y and -Y does not make sense\n"); + exit(1); + } + + if (yamlraw && !yamlinput && !yamloutput) { + fprintf(stderr,"--rawyaml requires either -y or -Y to do anything\n"); + exit(1); + } + +#ifdef PASSPHRASE + if (checkpointfile && !deterministic) { + fprintf(stderr,"--checkpoint requires passphrase\n"); + exit(1); + } +#endif + if (outfile) { fout = fopen(outfile,!outfileoverwrite ? "a" : "w"); if (!fout) { @@ -687,7 +562,7 @@ int main(int argc,char **argv) return 1; } } - tret = yamlin_parseandcreate(fin,sname,hostname); + tret = yamlin_parseandcreate(fin,sname,onehostname,yamlraw); if (infile) { fclose(fin); fin = 0; @@ -721,6 +596,9 @@ int main(int argc,char **argv) pthread_mutex_init(&keysgenerated_mutex,0); pthread_mutex_init(&fout_mutex,0); +#ifdef PASSPHRASE + pthread_mutex_init(&determseed_mutex,0); +#endif if (numthreads <= 0) { numthreads = cpucount(); @@ -731,6 +609,38 @@ int main(int argc,char **argv) fprintf(stderr,"using %d %s\n", numthreads,numthreads == 1 ? "thread" : "threads"); +#ifdef PASSPHRASE + if (deterministic) { + if (!quietflag && numneedgenerate != 1 && !pw_skipnear && !pw_warnnear) + fprintf(stderr, + // 1 2 3 4 5 6 7 + //1234567890123456789012345678901234567890123456789012345678901234567890123456789 + "CAUTION: avoid using keys generated with the same password for unrelated\n" + " services, as single leaked key may help an attacker to regenerate\n" + " related keys; to silence this warning, pass --skipnear or --warnnear.\n"); + if (checkpointfile) { + memcpy(orig_determseed,determseed,sizeof(determseed)); + // Read current checkpoint position if file exists + FILE *checkout = fopen(checkpointfile,"r"); + if (checkout) { + u8 checkpoint[SEED_LEN]; + if(fread(checkpoint,1,SEED_LEN,checkout) != SEED_LEN) { + fprintf(stderr,"failed to read checkpoint file\n"); + exit(1); + } + fclose(checkout); + + // Apply checkpoint to determseed + bool carry = 0; + for (int i = 0; i < SEED_LEN; i++) { + determseed[i] += checkpoint[i] + carry; + carry = determseed[i] < checkpoint[i]; + } + } + } + } +#endif + signal(SIGTERM,termhandler); signal(SIGINT,termhandler); @@ -752,7 +662,14 @@ int main(int argc,char **argv) tattrp = 0; } else { - tret = pthread_attr_setstacksize(tattrp,80<<10); + // 256KiB plus whatever batch stuff uses if in batch mode + size_t ss = 256 << 10; + if (wt == WT_BATCH) + ss += worker_batch_memuse(); + // align to 64KiB + ss = (ss + (64 << 10) - 1) & ~((64 << 10) - 1); + //printf("stack size: " FSZ "\n",ss); + tret = pthread_attr_setstacksize(tattrp,ss); if (tret) perror("pthread_attr_setstacksize"); } @@ -762,7 +679,17 @@ int main(int argc,char **argv) #ifdef STATISTICS tp = &VEC_BUF(stats,i); #endif - tret = pthread_create(&VEC_BUF(threads,i),tattrp,fastkeygen ? dofastwork : dowork,tp); + tret = pthread_create( + &VEC_BUF(threads,i), + tattrp, +#ifdef PASSPHRASE + deterministic + ? CRYPTO_NAMESPACE(worker_batch_pass) + : +#endif + CRYPTO_NAMESPACE(worker_batch), + tp + ); if (tret) { fprintf(stderr,"error while making " FSZ "th thread: %s\n",i,strerror(tret)); exit(1); @@ -775,6 +702,18 @@ int main(int argc,char **argv) perror("pthread_attr_destroy"); } +#ifdef PASSPHRASE + pthread_t checkpoint_thread; + + if (checkpointfile) { + tret = pthread_create(&checkpoint_thread,NULL,checkpointworker,NULL); + if (tret) { + fprintf(stderr,"error while making checkpoint thread: %s\n",strerror(tret)); + exit(1); + } + } +#endif + #ifdef STATISTICS struct timespec nowtime; u64 istarttime,inowtime,ireporttime = 0,elapsedoffset = 0; @@ -784,6 +723,7 @@ int main(int argc,char **argv) } istarttime = (1000000 * (u64)nowtime.tv_sec) + ((u64)nowtime.tv_nsec / 1000); #endif + struct timespec ts; memset(&ts,0,sizeof(ts)); ts.tv_nsec = 100000000; @@ -819,7 +759,7 @@ int main(int argc,char **argv) VEC_BUF(tstats,i).numrestart += (u64)tdiff; sumrestart += VEC_BUF(tstats,i).numrestart; } - if (reportdelay && (!ireporttime || inowtime - ireporttime >= reportdelay)) { + if (reportdelay && (!ireporttime || (i64)(inowtime - ireporttime) >= (i64)reportdelay)) { if (ireporttime) ireporttime += reportdelay; else @@ -859,16 +799,27 @@ int main(int argc,char **argv) if (!quietflag) fprintf(stderr,"waiting for threads to finish..."); + for (size_t i = 0;i < VEC_LENGTH(threads);++i) pthread_join(VEC_BUF(threads,i),0); +#ifdef PASSPHRASE + if (checkpointfile) { + checkpointer_endwork = 1; + pthread_join(checkpoint_thread,0); + } +#endif + if (!quietflag) fprintf(stderr," done.\n"); if (yamloutput) yamlout_clean(); - pthread_mutex_destroy(&keysgenerated_mutex); +#ifdef PASSPHRASE + pthread_mutex_destroy(&determseed_mutex); +#endif pthread_mutex_destroy(&fout_mutex); + pthread_mutex_destroy(&keysgenerated_mutex); done: filters_clean(); diff --git a/test_base64.c b/test_base64.c index bd7fbf6..95e4320 100644 --- a/test_base64.c +++ b/test_base64.c @@ -10,15 +10,21 @@ struct texttestcase { const char *in; const char *out; - const char *rev; } tests0[] = { - {"", "", ""}, - {"f", "Zg==", "f"}, - {"fo", "Zm8=", "fo"}, - {"foo", "Zm9v", "foo"}, - {"foob", "Zm9vYg==", "foob"}, - {"fooba", "Zm9vYmE=", "fooba"}, - {"foobar", "Zm9vYmFy", "foobar"}, + { "" ,"" }, + { "f" ,"Zg==" }, + { "fo" ,"Zm8=" }, + { "foo" ,"Zm9v" }, + { "foob" ,"Zm9vYg==" }, + { "fooba" ,"Zm9vYmE=" }, + { "foobar","Zm9vYmFy" }, + + { "foobarf" ,"Zm9vYmFyZg==" }, + { "foobarfo" ,"Zm9vYmFyZm8=" }, + { "foobarfoo" ,"Zm9vYmFyZm9v" }, + { "foobarfoob" ,"Zm9vYmFyZm9vYg==" }, + { "foobarfooba" ,"Zm9vYmFyZm9vYmE=" }, + { "foobarfoobar","Zm9vYmFyZm9vYmFy" }, }; int main(void) @@ -29,19 +35,24 @@ int main(void) base64_to(buf, (const u8 *)tests0[i].in, strlen(tests0[i].in)); if (strcmp(buf, tests0[i].out) != 0) { printf("invalid encoding result: \"%s\" -> encoded as \"%s\", but expected \"%s\".\n", - tests0[i].in, buf, tests0[i].out); + tests0[i].in, buf, tests0[i].out); + return 1; + } + if (strlen(buf) != BASE64_TO_LEN(strlen(tests0[i].in))) { + printf("encoded length mismatch: got %d expected %d\n", + (int) strlen(buf), (int) BASE64_TO_LEN(strlen(tests0[i].in))); return 1; } if (!base64_valid(buf,0)) { printf("encoded data is considered invalid\n"); - return 3; + return 1; } r = base64_from((u8 *)buf2, buf, strlen(buf)); - buf2[r] = '\0'; - if (strcmp(buf2, tests0[i].rev) != 0) { + buf2[r] = '\000'; + if (strcmp(buf2, tests0[i].in) != 0) { printf("invalid decoding result: encoded \"%s\", decoded as \"%s\", but expected \"%s\".\n", - tests0[i].out, buf2, tests0[i].rev); - return 2; + tests0[i].out, buf2, tests0[i].in); + return 1; } } return 0; diff --git a/test_ed25519.c b/test_ed25519.c index 968d660..7fe26c6 100644 --- a/test_ed25519.c +++ b/test_ed25519.c @@ -6,6 +6,8 @@ #include "types.h" #include "base16.h" #include "ed25519/ed25519.h" +#include "ed25519/ed25519_impl_pre.h" +#include "testutil.h" struct pktest { const char *seed; @@ -26,11 +28,6 @@ struct pktest { }, }; -#define WARN(test) if (!(test)) \ - fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test) - -#define WARNF(test) if (!(test) && (fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test), 1)) - #define SEEDBYTES 32 #define SECRETKEYBYTES 64 #define PUBLICKEYBYTES 32 @@ -64,3 +61,5 @@ int main(void) return 0; } + +#include "ed25519/ed25519_impl_post.h" diff --git a/testutil.h b/testutil.h new file mode 100644 index 0000000..3f446bf --- /dev/null +++ b/testutil.h @@ -0,0 +1,5 @@ + +#define WARN(test) if (!(test)) \ + fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test) + +#define WARNF(test) if (!(test) && ((void) fprintf(stderr, "check failed @ %d: %s\n", (int)__LINE__, #test), 1)) diff --git a/vec.h b/vec.h index 01c0638..cf49207 100644 --- a/vec.h +++ b/vec.h @@ -22,6 +22,11 @@ void vec_addn(struct vec_basestruct *ctl,size_t sz,size_t n); #define VEC_ADDN(ctl,n) \ vec_addn((struct vec_basestruct *)&(ctl),VEC_ELSIZE(ctl),(size_t)(n)) +#define VEC_SETLENGTH(ctl,n) \ +do { \ + (ctl).len = n; \ +} while (0) + #define VEC_REMOVEN(ctl,n,m) \ do { \ (ctl).len -= m; \ diff --git a/worker.c b/worker.c new file mode 100644 index 0000000..6c071db --- /dev/null +++ b/worker.c @@ -0,0 +1,281 @@ +#define _POSIX_C_SOURCE 200112L + +#include +#include +#include +#include +#include +#include +#include +#ifdef PASSPHRASE +#include +#endif +#include + +#include "types.h" +#include "likely.h" +#include "vec.h" +#include "base32.h" +#include "keccak.h" +#include "ioutil.h" +#include "common.h" +#include "yaml.h" + +#include "worker.h" + +#include "filters.h" + +#ifndef _WIN32 +#define FSZ "%zu" +#else +#define FSZ "%Iu" +#endif + +// additional 0 terminator is added by C +const char * const pkprefix = "== ed25519v1-public: type0 ==\0\0"; +const char * const skprefix = "== ed25519v1-secret: type0 ==\0\0"; + +static const char checksumstr[] = ".onion checksum"; +#define checksumstrlen (sizeof(checksumstr) - 1) // 15 + +pthread_mutex_t keysgenerated_mutex; +volatile size_t keysgenerated = 0; +volatile int endwork = 0; + +int yamloutput = 0; +int yamlraw = 0; +int numwords = 1; +size_t numneedgenerate = 0; + +// output directory +char *workdir = 0; +size_t workdirlen = 0; + + +#ifdef PASSPHRASE +// How many times we loop before a reseed +#define DETERMINISTIC_LOOP_COUNT (1<<24) + +pthread_mutex_t determseed_mutex; +u8 determseed[SEED_LEN]; +int pw_skipnear = 0; +int pw_warnnear = 0; +#endif + + +char *makesname(void) +{ + char *sname = (char *) malloc(workdirlen + ONION_LEN + 63 + 1); + if (!sname) + abort(); + if (workdir) + memcpy(sname,workdir,workdirlen); + return sname; +} + +static void onionready(char *sname,const u8 *secret,const u8 *pubonion,int warnnear) +{ + if (endwork) + return; + + if (numneedgenerate) { + pthread_mutex_lock(&keysgenerated_mutex); + if (keysgenerated >= numneedgenerate) { + pthread_mutex_unlock(&keysgenerated_mutex); + return; + } + ++keysgenerated; + if (keysgenerated == numneedgenerate) + endwork = 1; + pthread_mutex_unlock(&keysgenerated_mutex); + } + + // disabled as this was never ever triggered as far as I'm aware +#if 0 + // Sanity check that the public key matches the private one. + ge_p3 ALIGN(16) point; + u8 testpk[PUBLIC_LEN]; + ge_scalarmult_base(&point,&secret[SKPREFIX_SIZE]); + ge_p3_tobytes(testpk,&point); + if (memcmp(testpk,&pubonion[PKPREFIX_SIZE],PUBLIC_LEN) != 0) + abort(); +#endif + + if (!yamloutput) { + if (createdir(sname,1) != 0) { + pthread_mutex_lock(&fout_mutex); + fprintf(stderr,"ERROR: could not create directory \"%s\" for key output\n",sname); + pthread_mutex_unlock(&fout_mutex); + return; + } + + strcpy(&sname[onionendpos],"/hs_ed25519_secret_key"); + writetofile(sname,secret,FORMATTED_SECRET_LEN,1); + + strcpy(&sname[onionendpos],"/hs_ed25519_public_key"); + writetofile(sname,pubonion,FORMATTED_PUBLIC_LEN,0); + + strcpy(&sname[onionendpos],"/hostname"); + FILE *hfile = fopen(sname,"w"); + sname[onionendpos] = '\n'; + if (hfile) { + fwrite(&sname[direndpos],ONION_LEN + 1,1,hfile); + fclose(hfile); + } + if (fout) { + pthread_mutex_lock(&fout_mutex); +#ifdef PASSPHRASE + const char * const pwarn = " warn:near\n"; + if (warnnear) + strcpy(&sname[onionendpos],pwarn); + const size_t oprintlen = printlen; + const size_t printlen = oprintlen + (warnnear ? strlen(pwarn)-1 : 0); +#else + (void) warnnear; +#endif + fwrite(&sname[printstartpos],printlen,1,fout); + fflush(fout); + pthread_mutex_unlock(&fout_mutex); + } + } + else + yamlout_writekeys(&sname[direndpos],pubonion,secret,yamlraw); +} + +#include "filters_inc.inc.h" +#include "filters_worker.inc.h" + +#ifdef STATISTICS +#define ADDNUMSUCCESS ++st->numsuccess.v +#else +#define ADDNUMSUCCESS do ; while (0) +#endif + + +union pubonionunion { + u8 raw[PKPREFIX_SIZE + PUBLIC_LEN + 32]; + struct { + u64 prefix[4]; + u64 key[4]; + u64 hash[4]; + } i; +} ; + +/* +// little endian inc +static void addsk32(u8 *sk) +{ + register unsigned int c = 8; + for (size_t i = 0;i < 32;++i) { + c = (unsigned int)sk[i] + c; sk[i] = c & 0xFF; c >>= 8; + // unsure if needed + if (!c) break; + } +} +*/ + +// 0123 4567 xxxx --3--> 3456 7xxx +// 0123 4567 xxxx --1--> 1234 567x +static inline void shiftpk(u8 *dst,const u8 *src,size_t sbits) +{ + size_t i,sbytes = sbits / 8; + sbits %= 8; + for (i = 0;i + sbytes < PUBLIC_LEN;++i) { + dst[i] = (u8) ((src[i+sbytes] << sbits) | + (src[i+sbytes+1] >> (8 - sbits))); + } + for(;i < PUBLIC_LEN;++i) + dst[i] = 0; +} + + + +// in little-endian order, 32 bytes aka 256 bits +static void addsztoscalar32(u8 *dst,size_t v) +{ + int i; + u32 c = 0; + for (i = 0;i < 32;++i) { + c += *dst + (v & 0xFF); *dst = c & 0xFF; c >>= 8; + v >>= 8; + ++dst; + } +} + + + +#ifdef PASSPHRASE +static void reseedright(u8 sk[SECRET_LEN]) +{ + crypto_hash_sha256_state state; + crypto_hash_sha256_init(&state); + // old right side + crypto_hash_sha256_update(&state,&sk[32],32); + // new random data + randombytes(&sk[32],32); + crypto_hash_sha256_update(&state,&sk[32],32); + // put result in right side + crypto_hash_sha256_final(&state,&sk[32]); +} +#endif // PASSPHRASE + + + +#if !defined(BATCHNUM) + #define BATCHNUM 2048 +#endif + + +#include "ed25519/ed25519.h" + +#include "worker_impl.inc.h" + +size_t worker_batch_memuse(void) +{ + size_t s = 0,x; + +#ifdef ED25519_ref10 + x = crypto_sign_ed25519_ref10_worker_batch_memuse(); + if (x > s) + s = x; +#endif + +#ifdef ED25519_amd64_51_30k + x = crypto_sign_ed25519_amd64_51_30k_worker_batch_memuse(); + if (x > s) + s = x; +#endif + +#ifdef ED25519_amd64_64_24k + x = crypto_sign_ed25519_amd64_64_24k_worker_batch_memuse(); + if (x > s) + s = x; +#endif + +#ifdef ED25519_donna + x = crypto_sign_ed25519_donna_worker_batch_memuse(); + if (x > s) + s = x; +#endif + + return s; +} + +void worker_init(void) +{ +#ifdef ED25519_ref10 + crypto_sign_ed25519_ref10_ge_initeightpoint(); +#endif + +#ifdef ED25519_amd64_51_30k + crypto_sign_ed25519_amd64_51_30k_ge_initeightpoint(); +#endif + +#ifdef ED25519_amd64_64_24k + crypto_sign_ed25519_amd64_64_24k_ge_initeightpoint(); +#endif + +#ifdef ED25519_donna + crypto_sign_ed25519_donna_ge_initeightpoint(); +#endif +} diff --git a/worker.h b/worker.h new file mode 100644 index 0000000..547b72a --- /dev/null +++ b/worker.h @@ -0,0 +1,48 @@ + +extern pthread_mutex_t keysgenerated_mutex; +extern volatile size_t keysgenerated; +extern volatile int endwork; + +extern int yamloutput; +extern int yamlraw; +extern int numwords; +extern size_t numneedgenerate; + +extern char *workdir; +extern size_t workdirlen; + +// statistics, if enabled +#ifdef STATISTICS +struct statstruct { + union { + u32 v; + size_t align; + } numcalc; + union { + u32 v; + size_t align; + } numsuccess; + union { + u32 v; + size_t align; + } numrestart; +} ; +VEC_STRUCT(statsvec,struct statstruct); +#endif + +#ifdef PASSPHRASE +extern pthread_mutex_t determseed_mutex; +extern u8 determseed[SEED_LEN]; +extern int pw_skipnear; +extern int pw_warnnear; +#endif + +extern void worker_init(void); + +extern char *makesname(void); +extern size_t worker_batch_memuse(void); + +extern void *CRYPTO_NAMESPACE(worker_batch)(void *task); +#ifdef PASSPHRASE +extern void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task); +#endif diff --git a/worker_batch.inc.h b/worker_batch.inc.h new file mode 100644 index 0000000..7bf778d --- /dev/null +++ b/worker_batch.inc.h @@ -0,0 +1,125 @@ + +void *CRYPTO_NAMESPACE(worker_batch)(void *task) +{ + union pubonionunion pubonion; + u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; + u8 secret[SKPREFIX_SIZE + SECRET_LEN]; + u8 * const sk = &secret[SKPREFIX_SIZE]; + u8 seed[SEED_LEN]; + u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; + u8 wpk[PUBLIC_LEN + 1]; + ge_p3 ALIGN(16) ge_public; + char *sname; + + // state to keep batch data + ge_p3 ALIGN(16) ge_batch [BATCHNUM]; + fe ALIGN(16) tmp_batch[BATCHNUM]; + bytes32 ALIGN(16) pk_batch [BATCHNUM]; + + size_t counter; + size_t i; + +#ifdef STATISTICS + struct statstruct *st = (struct statstruct *)task; +#else + (void) task; +#endif + + PREFILTER + + memcpy(secret,skprefix,SKPREFIX_SIZE); + wpk[PUBLIC_LEN] = 0; + memset(&pubonion,0,sizeof(pubonion)); + memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); + // write version later as it will be overwritten by hash + memcpy(hashsrc,checksumstr,checksumstrlen); + hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version + + sname = makesname(); + +initseed: + +#ifdef STATISTICS + ++st->numrestart.v; +#endif + + randombytes(seed,sizeof(seed)); + + ed25519_seckey_expand(sk,seed); + + ge_scalarmult_base(&ge_public,sk); + + for (counter = 0;counter < SIZE_MAX-(8*BATCHNUM);counter += 8*BATCHNUM) { + ge_p1p1 ALIGN(16) sum; + + if (unlikely(endwork)) + goto end; + + + for (size_t b = 0;b < BATCHNUM;++b) { + ge_batch[b] = ge_public; + ge_add(&sum,&ge_public,&ge_eightpoint); + ge_p1p1_to_p3(&ge_public,&sum); + } + // NOTE: leaves unfinished one bit at the very end + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,tmp_batch,BATCHNUM); + +#ifdef STATISTICS + st->numcalc.v += BATCHNUM; +#endif + + for (size_t b = 0;b < BATCHNUM;++b) { + DOFILTER(i,pk_batch[b],{ + if (numwords > 1) { + shiftpk(wpk,pk_batch[b],filter_len(i)); + size_t j; + for (int w = 1;;) { + DOFILTER(j,wpk,goto secondfind); + goto next; + secondfind: + if (++w >= numwords) + break; + shiftpk(wpk,wpk,filter_len(j)); + } + } + // found! + // finish it up + ge_p3_batchtobytes_destructive_finish(pk_batch[b],&ge_batch[b]); + // copy public key + memcpy(pk,pk_batch[b],PUBLIC_LEN); + // update secret key with counter + addsztoscalar32(sk,counter + (b * 8)); + // sanity check + if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) + goto initseed; + + ADDNUMSUCCESS; + + // calc checksum + memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); + FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); + // version byte + pk[PUBLIC_LEN + 2] = 0x03; + // full name + strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); + onionready(sname,secret,pubonion.raw,0); + pk[PUBLIC_LEN] = 0; // what is this for? + // don't reuse same seed + goto initseed; + }); + next: + ; + } + } + goto initseed; + +end: + free(sname); + + POSTFILTER + + sodium_memzero(secret,sizeof(secret)); + sodium_memzero(seed,sizeof(seed)); + + return 0; +} diff --git a/worker_batch_pass.inc.h b/worker_batch_pass.inc.h new file mode 100644 index 0000000..3d31174 --- /dev/null +++ b/worker_batch_pass.inc.h @@ -0,0 +1,215 @@ + +#ifdef PASSPHRASE +void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task) +{ + union pubonionunion pubonion; + u8 * const pk = &pubonion.raw[PKPREFIX_SIZE]; + u8 secret[SKPREFIX_SIZE + SECRET_LEN]; + u8 * const sk = &secret[SKPREFIX_SIZE]; + u8 seed[SEED_LEN]; + u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1]; + u8 wpk[PUBLIC_LEN + 1]; + ge_p3 ALIGN(16) ge_public; + char *sname; + + // state to keep batch data + ge_p3 ALIGN(16) ge_batch [BATCHNUM]; + fe ALIGN(16) tmp_batch[BATCHNUM]; + bytes32 ALIGN(16) pk_batch [BATCHNUM]; + + size_t counter,oldcounter; + size_t i; + +#ifdef STATISTICS + struct statstruct *st = (struct statstruct *)task; +#else + (void) task; +#endif + + PREFILTER + + memcpy(secret,skprefix,SKPREFIX_SIZE); + wpk[PUBLIC_LEN] = 0; + memset(&pubonion,0,sizeof(pubonion)); + memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE); + // write version later as it will be overwritten by hash + memcpy(hashsrc,checksumstr,checksumstrlen); + hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version + + sname = makesname(); + + int seednear; + +initseed: + +#ifdef STATISTICS + ++st->numrestart.v; +#endif + + seednear = 0; + + pthread_mutex_lock(&determseed_mutex); + for (int i = 0; i < SEED_LEN; i++) + if (++determseed[i]) + break; + memcpy(seed,determseed,SEED_LEN); + pthread_mutex_unlock(&determseed_mutex); + + ed25519_seckey_expand(sk,seed); + + ge_scalarmult_base(&ge_public,sk); + + for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT - (BATCHNUM - 1) * 8;counter += BATCHNUM * 8) { + ge_p1p1 ALIGN(16) sum; + + if (unlikely(endwork)) + goto end; + + + for (size_t b = 0;b < BATCHNUM;++b) { + ge_batch[b] = ge_public; + ge_add(&sum,&ge_public,&ge_eightpoint); + ge_p1p1_to_p3(&ge_public,&sum); + } + // NOTE: leaves unfinished one bit at the very end + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,tmp_batch,BATCHNUM); + +#ifdef STATISTICS + st->numcalc.v += BATCHNUM; +#endif + + for (size_t b = 0;b < BATCHNUM;++b) { + DOFILTER(i,pk_batch[b],{ + if (numwords > 1) { + shiftpk(wpk,pk_batch[b],filter_len(i)); + size_t j; + for (int w = 1;;) { + DOFILTER(j,wpk,goto secondfind); + goto next; + secondfind: + if (++w >= numwords) + break; + shiftpk(wpk,wpk,filter_len(j)); + } + } + // found! + // finish it up + ge_p3_batchtobytes_destructive_finish(pk_batch[b],&ge_batch[b]); + // copy public key + memcpy(pk,pk_batch[b],PUBLIC_LEN); + // update secret key with counter + addsztoscalar32(sk,counter + (b * 8) - oldcounter); + oldcounter = counter + (b * 8); + // sanity check + if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) + goto initseed; + + // reseed right half of key to avoid reuse, it won't change public key anyway + reseedright(sk); + + ADDNUMSUCCESS; + + // calc checksum + memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); + FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); + // version byte + pk[PUBLIC_LEN + 2] = 0x03; + // full name + strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); + onionready(sname,secret,pubonion.raw,seednear && pw_warnnear); + pk[PUBLIC_LEN] = 0; // what is this for? + + if (pw_skipnear) + goto initseed; + seednear = 1; + }); + next: + ; + } + } + // continue if have leftovers, DETERMINISTIC_LOOP_COUNT - counter < BATCHNUM * 8 + // can't have leftovers in theory if BATCHNUM was power of 2 and smaller than DETERMINISTIC_LOOP_COUNT bound +#if (BATCHNUM & (BATCHNUM - 1)) || (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT + if (counter < DETERMINISTIC_LOOP_COUNT) { + ge_p1p1 ALIGN(16) sum; + + if (unlikely(endwork)) + goto end; + + const size_t remaining = (DETERMINISTIC_LOOP_COUNT - counter) / 8; + + for (size_t b = 0;b < remaining;++b) { + ge_batch[b] = ge_public; + ge_add(&sum,&ge_public,&ge_eightpoint); + ge_p1p1_to_p3(&ge_public,&sum); + } + // NOTE: leaves unfinished one bit at the very end + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,tmp_batch,remaining); + +#ifdef STATISTICS + st->numcalc.v += remaining; +#endif + + for (size_t b = 0;b < remaining;++b) { + DOFILTER(i,pk_batch[b],{ + if (numwords > 1) { + shiftpk(wpk,pk_batch[b],filter_len(i)); + size_t j; + for (int w = 1;;) { + DOFILTER(j,wpk,goto secondfind2); + goto next2; + secondfind2: + if (++w >= numwords) + break; + shiftpk(wpk,wpk,filter_len(j)); + } + } + // found! + // finish it up + ge_p3_batchtobytes_destructive_finish(pk_batch[b],&ge_batch[b]); + // copy public key + memcpy(pk,pk_batch[b],PUBLIC_LEN); + // update secret key with counter + addsztoscalar32(sk,counter + (b * 8) - oldcounter); + oldcounter = counter + (b * 8); + // sanity check + if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31]) + goto initseed; + + // reseed right half of key to avoid reuse, it won't change public key anyway + reseedright(sk); + + ADDNUMSUCCESS; + + // calc checksum + memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN); + FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]); + // version byte + pk[PUBLIC_LEN + 2] = 0x03; + // full name + strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); + onionready(sname,secret,pubonion.raw,seednear && pw_warnnear); + pk[PUBLIC_LEN] = 0; // what is this for? + + if (pw_skipnear) + goto initseed; + seednear = 1; + }); + next2: + ; + } + } +#endif // (BATCHNUM & (BATCHNUM - 1)) || (BATCHNUM * 8) > DETERMINISTIC_LOOP_COUNT + goto initseed; + +end: + free(sname); + + POSTFILTER + + sodium_memzero(secret,sizeof(secret)); + sodium_memzero(seed,sizeof(seed)); + + return 0; +} +#endif // PASSPHRASE diff --git a/worker_impl.inc.h b/worker_impl.inc.h new file mode 100644 index 0000000..cf922b9 --- /dev/null +++ b/worker_impl.inc.h @@ -0,0 +1,12 @@ + +#include "ed25519/ed25519_impl_pre.h" + +static size_t CRYPTO_NAMESPACE(worker_batch_memuse)(void) +{ + return (sizeof(ge_p3) + sizeof(fe) + sizeof(bytes32)) * BATCHNUM; +} + +#include "worker_batch.inc.h" +#include "worker_batch_pass.inc.h" + +#include "ed25519/ed25519_impl_post.h" diff --git a/yaml.c b/yaml.c index 58a6155..56bd10e 100644 --- a/yaml.c +++ b/yaml.c @@ -1,6 +1,4 @@ -#ifdef __linux__ #define _POSIX_C_SOURCE 200112L -#endif #include #include @@ -23,7 +21,6 @@ #define LINEFEED_LEN (sizeof(char)) #define NULLTERM_LEN (sizeof(char)) -#define PATH_SEPARATOR_LEN (sizeof(char)) static const char keys_field_generated[] = "---"; static const char keys_field_hostname[] = "hostname: "; @@ -37,32 +34,31 @@ static const char keys_field_time[] = "time: "; #define KEYS_FIELD_SECRETKEY_LEN (sizeof(keys_field_secretkey) - NULLTERM_LEN) #define KEYS_FIELD_TIME_LEN (sizeof(keys_field_time) - NULLTERM_LEN) -static const char hostname_example[] = "xxxxxvsjzke274nisktdqcl3eqm5ve3m6iur6vwme7m5p6kxivrvjnyd.onion"; -static const char pubkey_example[] = "PT0gZWQyNTUxOXYxLXB1YmxpYzogdHlwZTAgPT0AAAC973vWScqJr/GokqY4CXskGdqTbPIpH1bMJ9nX+VdFYw=="; -static const char seckey_example[] = "PT0gZWQyNTUxOXYxLXNlY3JldDogdHlwZTAgPT0AAACwCPMr6rvBRtkW7ZzZ8P7Ne4acRZrhPrN/EF6AETRraFGvdrkW5es4WXB2UxrbuUf8zPoIKkXK5cpdakYdUeM3"; -static const char time_example[] = "2018-07-04 21:31:20 Z"; - -#define HOSTNAME_LEN (sizeof(hostname_example) - NULLTERM_LEN) -#define B64_PUBKEY_LEN (sizeof(pubkey_example) - NULLTERM_LEN) -#define B64_SECKEY_LEN (sizeof(seckey_example) - NULLTERM_LEN) -#define TIME_LEN (sizeof(time_example) - NULLTERM_LEN) +#define B64_PUBKEY_LEN (BASE64_TO_LEN(FORMATTED_PUBLIC_LEN)) +#define B64_SECKEY_LEN (BASE64_TO_LEN(FORMATTED_SECRET_LEN)) +#define B64_RAW_PUBKEY_LEN (BASE64_TO_LEN(PUBLIC_LEN)) +#define B64_RAW_SECKEY_LEN (BASE64_TO_LEN(SECRET_LEN)) +#define TIME_LEN 21 // strlen("2018-07-04 21:31:20 Z") #define KEYS_LEN ( \ - KEYS_FIELD_GENERATED_LEN + LINEFEED_LEN + \ - KEYS_FIELD_HOSTNAME_LEN + HOSTNAME_LEN + LINEFEED_LEN + \ + KEYS_FIELD_GENERATED_LEN + LINEFEED_LEN + \ + KEYS_FIELD_HOSTNAME_LEN + ONION_LEN + LINEFEED_LEN + \ KEYS_FIELD_PUBLICKEY_LEN + B64_PUBKEY_LEN + LINEFEED_LEN + \ KEYS_FIELD_SECRETKEY_LEN + B64_SECKEY_LEN + LINEFEED_LEN + \ - KEYS_FIELD_TIME_LEN + TIME_LEN + LINEFEED_LEN \ + KEYS_FIELD_TIME_LEN + TIME_LEN + LINEFEED_LEN \ ) +#define RAW_KEYS_LEN (KEYS_LEN \ + - B64_PUBKEY_LEN + B64_RAW_PUBKEY_LEN \ + - B64_SECKEY_LEN + B64_RAW_SECKEY_LEN) static pthread_mutex_t tminfo_mutex; -void yamlout_init() +void yamlout_init(void) { pthread_mutex_init(&tminfo_mutex,0); } -void yamlout_clean() +void yamlout_clean(void) { pthread_mutex_destroy(&tminfo_mutex); } @@ -75,7 +71,8 @@ do { \ #define BUF_APPEND_CSTR(buf,offset,src) BUF_APPEND(buf,offset,src,strlen(src)) #define BUF_APPEND_CHAR(buf,offset,c) buf[offset++] = (c) -void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 *formated_secret) +void yamlout_writekeys( + const char *hostname,const u8 *publickey,const u8 *secretkey,int rawkeys) { char keysbuf[KEYS_LEN]; char pubkeybuf[B64_PUBKEY_LEN + NULLTERM_LEN]; @@ -83,23 +80,38 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * char timebuf[TIME_LEN + NULLTERM_LEN]; size_t offset = 0; + BUF_APPEND(keysbuf,offset,keys_field_generated,KEYS_FIELD_GENERATED_LEN); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_hostname,KEYS_FIELD_HOSTNAME_LEN); BUF_APPEND(keysbuf,offset,hostname,ONION_LEN); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_publickey,KEYS_FIELD_PUBLICKEY_LEN); - base64_to(pubkeybuf,formated_public,FORMATTED_PUBLIC_LEN); - BUF_APPEND(keysbuf,offset,pubkeybuf,B64_PUBKEY_LEN); + + if (!rawkeys) + base64_to(pubkeybuf,publickey,FORMATTED_PUBLIC_LEN); + else + base64_to(pubkeybuf,&publickey[PKPREFIX_SIZE],PUBLIC_LEN); + + BUF_APPEND_CSTR(keysbuf,offset,pubkeybuf); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_secretkey,KEYS_FIELD_SECRETKEY_LEN); - base64_to(seckeybuf,formated_secret,FORMATTED_SECRET_LEN); - BUF_APPEND(keysbuf,offset,seckeybuf,B64_SECKEY_LEN); + + if (!rawkeys) + base64_to(seckeybuf,secretkey,FORMATTED_SECRET_LEN); + else + base64_to(seckeybuf,&secretkey[SKPREFIX_SIZE],SECRET_LEN); + + BUF_APPEND_CSTR(keysbuf,offset,seckeybuf); BUF_APPEND_CHAR(keysbuf,offset,'\n'); + BUF_APPEND(keysbuf,offset,keys_field_time,KEYS_FIELD_TIME_LEN); time_t currtime; @@ -114,10 +126,12 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * BUF_APPEND(keysbuf,offset,timebuf,TIME_LEN); BUF_APPEND_CHAR(keysbuf,offset,'\n'); - assert(offset == KEYS_LEN); + + assert(offset == (!rawkeys ? KEYS_LEN : RAW_KEYS_LEN)); + pthread_mutex_lock(&fout_mutex); - fwrite(keysbuf,sizeof(keysbuf),1,fout); + fwrite(keysbuf,offset,1,fout); fflush(fout); pthread_mutex_unlock(&fout_mutex); } @@ -127,7 +141,8 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * #undef BUF_APPEND // pseudo YAML parser -int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) +int yamlin_parseandcreate( + FILE *fin,char *sname,const char *onehostname,int rawkeys) { char line[256]; size_t len,cnt; @@ -136,6 +151,11 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) int hashost = 0,haspub = 0,hassec = 0,skipthis = 0; enum keytype { HOST, PUB, SEC } keyt; + if (rawkeys) { + memcpy(pubbuf,pkprefix,PKPREFIX_SIZE); + memcpy(secbuf,skprefix,SKPREFIX_SIZE); + } + while (!feof(fin) && !ferror(fin)) { if (!fgets(line,sizeof(line),fin)) break; @@ -151,7 +171,7 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) continue; if (len >= 3 && line[0] == '-' && line[1] == '-' && line[2] == '-') { - // end of document indicator + // end of document / start of new document indicator if (!skipthis && (hashost || haspub || hassec)) { fprintf(stderr,"ERROR: incomplete record\n"); return 1; @@ -206,21 +226,26 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) len = strlen(p); switch (keyt) { case HOST: - if (len != ONION_LEN || base32_valid(p,&cnt) || cnt != BASE32_TO_LEN(PUBONION_LEN) || - strcmp(&p[cnt],&hostname_example[cnt]) != 0) + if (len != ONION_LEN || + base32_valid(p,&cnt) || + cnt != BASE32_TO_LEN(PUBONION_LEN) || + strcmp(&p[cnt],".onion") != 0) { fprintf(stderr,"ERROR: invalid hostname syntax\n"); return 1; } - if (!hostname || !strcmp(hostname,p)) { + if (!onehostname || !strcmp(onehostname,p)) { memcpy(&sname[direndpos],p,len + 1); hashost = 1; } else skipthis = 1; break; case PUB: - if (len != B64_PUBKEY_LEN || !base64_valid(p,0) || - base64_from(pubbuf,p,len) != FORMATTED_PUBLIC_LEN) + if (!rawkeys + ? (len != B64_PUBKEY_LEN || !base64_valid(p,0) || + base64_from(pubbuf,p,len) != FORMATTED_PUBLIC_LEN) + : (len != B64_RAW_PUBKEY_LEN || !base64_valid(p,0) || + base64_from(&pubbuf[PKPREFIX_SIZE],p,len) != PUBLIC_LEN)) { fprintf(stderr,"ERROR: invalid pubkey syntax\n"); return 1; @@ -228,8 +253,11 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) haspub = 1; break; case SEC: - if (len != B64_SECKEY_LEN || !base64_valid(p,0) || - base64_from(secbuf,p,len) != FORMATTED_SECRET_LEN) + if (!rawkeys + ? (len != B64_SECKEY_LEN || !base64_valid(p,0) || + base64_from(secbuf,p,len) != FORMATTED_SECRET_LEN) + : (len != B64_RAW_SECKEY_LEN || !base64_valid(p,0) || + base64_from(&secbuf[SKPREFIX_SIZE],p,len) != SECRET_LEN)) { fprintf(stderr,"ERROR: invalid seckey syntax\n"); return 1; @@ -246,7 +274,7 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) sigprocmask(SIG_BLOCK,&nset,&oset); #endif if (createdir(sname,1) != 0) { - fprintf(stderr,"ERROR: could not create directory for key output\n"); + fprintf(stderr,"ERROR: could not create directory \"%s\" for key output\n",sname); return 1; } @@ -270,8 +298,9 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) #ifndef _WIN32 sigprocmask(SIG_SETMASK,&oset,0); #endif - if (hostname) + if (onehostname) return 0; // finished + // skip rest of lines until we hit start of new doc indicator skipthis = 1; } } @@ -281,7 +310,7 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) return 1; } - if (hostname) { + if (onehostname) { fprintf(stderr,"hostname wasn't found in input\n"); return 1; } diff --git a/yaml.h b/yaml.h index 0dc75d5..85faf95 100644 --- a/yaml.h +++ b/yaml.h @@ -1,4 +1,6 @@ -extern void yamlout_init(); -extern void yamlout_clean(); -extern void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 *formated_secret); -extern int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname); +extern void yamlout_init(void); +extern void yamlout_clean(void); +extern void yamlout_writekeys( + const char *hostname,const u8 *publickey,const u8 *secretkey,int rawkeys); +extern int yamlin_parseandcreate( + FILE *fin,char *sname,const char *hostname,int rawkeys);