Use curve25519_donna_c64 instead of curve25519_ref if supported.

.gitignore

@@ -43,6 +43,7 @@ src/curvecp/curvecpmakekey
 src/curvecp/curvecpmessage
 src/curvecp/curvecpprintkey
 src/curvecp/curvecpserver
+src/libsodium/include/sodium/crypto_scalarmult_curve25519.h
 src/libsodium/include/sodium/version.h
 stamp-*
 test/default/*.res
@@ -81,3 +82,4 @@ test/default/stream2
 test/default/stream3
 test/default/stream4
 testing
+

configure.ac

@@ -165,6 +165,7 @@ return sizeof(x) / CHAR_BIT != 16U
 [AC_MSG_RESULT(yes)
  AC_DEFINE([HAVE_TI_MODE], [1], [gcc TI mode is available])],
 [AC_MSG_RESULT(no)])
+AC_SUBST(HAVE_TI_MODE)
 
 dnl Checks for functions and headers
 
@@ -246,6 +247,7 @@ AC_CONFIG_FILES([Makefile
                  src/libsodium/Makefile
                  src/libsodium/include/Makefile
                  src/libsodium/include/sodium/version.h
+                 src/libsodium/include/sodium/crypto_scalarmult_curve25519.h
                  test/default/Makefile
                  test/Makefile
                  ])

src/libsodium/Makefile.am

@@ -17,6 +17,9 @@ libsodium_la_SOURCES = \
 	crypto_generichash/blake2/ref/blake2b-ref.c \
 	crypto_generichash/blake2/ref/blake2s-ref.c \
 	crypto_generichash/blake2/ref/generichash_blake2b.c \
+	crypto_scalarmult/curve25519/donna_c64/api.h \
+	crypto_scalarmult/curve25519/donna_c64/base_curve25519_donna_c64.c \
+	crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c \
 	crypto_scalarmult/curve25519/ref/api.h \
 	crypto_scalarmult/curve25519/ref/base_curve25519_ref.c \
 	crypto_scalarmult/curve25519/ref/smult_curve25519_ref.c \

src/libsodium/crypto_scalarmult/curve25519/ref/base_curve25519_ref.c

@@ -7,6 +7,8 @@ Derived from public domain code by D. J. Bernstein.
 
 #include "api.h"
 
+#ifndef HAVE_TI_MODE
+
 const unsigned char base[32] = {9};
 
 int crypto_scalarmult_base(unsigned char *q,
@@ -14,3 +16,5 @@ int crypto_scalarmult_base(unsigned char *q,
 {
   return crypto_scalarmult(q,n,base);
 }
+
+#endif

src/libsodium/crypto_scalarmult/curve25519/ref/smult_curve25519_ref.c

@@ -7,6 +7,8 @@ Derived from public domain code by D. J. Bernstein.
 
 #include "api.h"
 
+#ifndef HAVE_TI_MODE
+
 static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
 {
   unsigned int j;
@@ -263,3 +265,5 @@ int crypto_scalarmult(unsigned char *q,
   for (i = 0;i < 32;++i) q[i] = work[64 + i];
   return 0;
 }
+
+#endif

src/libsodium/include/sodium/crypto_scalarmult_curve25519.h.in

@@ -1,18 +1,36 @@
 #ifndef crypto_scalarmult_curve25519_H
 #define crypto_scalarmult_curve25519_H
 
+#if @HAVE_TI_MODE@-1 == 0
+# define SODIUM_HAVE_TI_MODE
+#endif
+
 #define crypto_scalarmult_curve25519_BYTES 32
 #define crypto_scalarmult_curve25519_SCALARBYTES 32
+
 #ifdef __cplusplus
 extern "C" {
 #endif
+
+#ifndef SODIUM_HAVE_TI_MODE
+
+extern int crypto_scalarmult_curve25519_donna_c64(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_scalarmult_curve25519_donna_c64_base(unsigned char *,const unsigned char *);
+#define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_donna_c64
+#define crypto_scalarmult_curve25519_base crypto_scalarmult_curve25519_donna_c64_base
+
+#else
+
 extern int crypto_scalarmult_curve25519_ref(unsigned char *,const unsigned char *,const unsigned char *);
 extern int crypto_scalarmult_curve25519_ref_base(unsigned char *,const unsigned char *);
-#ifdef __cplusplus
-}
-#endif
-
 #define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_ref
 #define crypto_scalarmult_curve25519_base crypto_scalarmult_curve25519_ref_base
 
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+
 #endif