From f954997fc369f72f055d95ca4eb9319a4a369989 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 6 Nov 2017 14:32:01 +0100 Subject: [PATCH] Move field arithmetic to include/private/, and make everything static to get some inlining. --- src/libsodium/Makefile.am | 6 ++- .../curve25519/ref10/curve25519_ref10.c | 12 ++--- .../include/sodium/private/curve25519_ref10.h | 19 ++------ .../private/curve25519_ref10_fe_25_5.h} | 47 ++++++++----------- .../sodium/private/curve25519_ref10_fe_51.h} | 46 +++++++----------- 5 files changed, 50 insertions(+), 80 deletions(-) rename src/libsodium/{crypto_core/curve25519/ref10/fe_25_5/fe.h => include/sodium/private/curve25519_ref10_fe_25_5.h} (98%) rename src/libsodium/{crypto_core/curve25519/ref10/fe_51/fe.h => include/sodium/private/curve25519_ref10_fe_51.h} (95%) diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index d8e137c0..36a38bce 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -112,12 +112,14 @@ if HAVE_TI_MODE libsodium_la_SOURCES += \ crypto_core/curve25519/ref10/fe_51/base.h \ crypto_core/curve25519/ref10/fe_51/base2.h \ - crypto_core/curve25519/ref10/fe_51/fe.h + crypto_core/curve25519/ref10/fe_51/constants.h \ + include/sodium/private/curve25519_ref10_fe_51.h else libsodium_la_SOURCES += \ crypto_core/curve25519/ref10/fe_25_5/base.h \ crypto_core/curve25519/ref10/fe_25_5/base2.h \ - crypto_core/curve25519/ref10/fe_25_5/fe.h + crypto_core/curve25519/ref10/fe_25_5/constants.h \ + include/sodium/private/curve25519_ref10_fe_25_5.h endif if HAVE_AMD64_ASM diff --git a/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c b/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c index b9c4e68a..28455eaf 100644 --- a/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c +++ b/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c @@ -7,6 +7,12 @@ #include "private/curve25519_ref10.h" #include "utils.h" +#ifdef HAVE_TI_MODE +# include "fe_51/constants.h" +#else +# include "fe_25_5/constants.h" +#endif + static inline uint64_t load_3(const unsigned char *in) { @@ -32,12 +38,6 @@ load_4(const unsigned char *in) return result; } -#ifdef HAVE_TI_MODE -# include "fe_51/fe.h" -#else -# include "fe_25_5/fe.h" -#endif - void fe_invert(fe out, const fe z) { diff --git a/src/libsodium/include/sodium/private/curve25519_ref10.h b/src/libsodium/include/sodium/private/curve25519_ref10.h index 7584f025..aa749052 100644 --- a/src/libsodium/include/sodium/private/curve25519_ref10.h +++ b/src/libsodium/include/sodium/private/curve25519_ref10.h @@ -12,25 +12,12 @@ #define fe fe25519 #ifdef HAVE_TI_MODE -typedef uint64_t fe[5]; +# include "curve25519_ref10_fe_51.h" #else -typedef int32_t fe[10]; +# include "curve25519_ref10_fe_25_5.h" #endif -void fe_frombytes(fe,const unsigned char *); -void fe_tobytes(unsigned char *,const fe); - -void fe_copy(fe,const fe); -int fe_iszero(const fe); -void fe_0(fe); -void fe_1(fe); -void fe_add(fe,const fe,const fe); -void fe_sub(fe,const fe,const fe); -void fe_mul(fe,const fe,const fe); -void fe_sq(fe,const fe); -void fe_invert(fe,const fe); -void fe_cswap(fe f, fe g, unsigned int b); -void fe_scalar_product(fe h, const fe f, uint32_t n); +void fe_invert(fe out, const fe z); /* ge means group element. diff --git a/src/libsodium/crypto_core/curve25519/ref10/fe_25_5/fe.h b/src/libsodium/include/sodium/private/curve25519_ref10_fe_25_5.h similarity index 98% rename from src/libsodium/crypto_core/curve25519/ref10/fe_25_5/fe.h rename to src/libsodium/include/sodium/private/curve25519_ref10_fe_25_5.h index 258f2715..14ec0710 100644 --- a/src/libsodium/crypto_core/curve25519/ref10/fe_25_5/fe.h +++ b/src/libsodium/include/sodium/private/curve25519_ref10_fe_25_5.h @@ -1,24 +1,15 @@ -/* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */ -static const fe d = { - -10913610, 13857413, -15372611, 6949391, 114729, -8787816, -6275908, -3247719, -18696448, -12055116 -}; +#include -/* 2 * d = - * 16295367250680780974490674513165176452449235426866156013048779062215315747161 - */ -static const fe d2 = { - -21827239, -5839606, -30745221, 13898782, 229458, 15978800, -12551817, -6495438, 29715968, 9444199 }; +#include "private/common.h" +#include "utils.h" -/* sqrt(-1) */ -static const fe sqrtm1 = { - -32595792, -7943725, 9377950, 3500415, 12389472, -272473, -25146209, -2005654, 326686, 11406482 -}; +typedef int32_t fe[10]; /* h = 0 */ -void +static inline void fe_0(fe h) { memset(&h[0], 0, 10 * sizeof h[0]); @@ -28,7 +19,7 @@ fe_0(fe h) h = 1 */ -void +static inline void fe_1(fe h) { h[0] = 1; @@ -48,7 +39,7 @@ fe_1(fe h) |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -void +static inline void fe_add(fe h, const fe f, const fe g) { int32_t h0 = f[0] + g[0]; @@ -86,7 +77,7 @@ fe_add(fe h, const fe f, const fe g) |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -void +static void fe_sub(fe h, const fe f, const fe g) { int32_t h0 = f[0] - g[0]; @@ -122,7 +113,7 @@ fe_sub(fe h, const fe f, const fe g) |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */ -static void +static inline void fe_neg(fe h, const fe f) { int32_t h0 = -f[0]; @@ -205,7 +196,7 @@ fe_cmov(fe f, const fe g, unsigned int b) f[9] = f9 ^ x9; } -void +static void fe_cswap(fe f, fe g, unsigned int b) { const uint32_t mask = (uint32_t) (-(int64_t) b); @@ -281,7 +272,7 @@ fe_cswap(fe f, fe g, unsigned int b) h = f */ -void +static inline void fe_copy(fe h, const fe f) { int32_t f0 = f[0]; @@ -311,7 +302,7 @@ fe_copy(fe h, const fe f) Ignores top bit of h. */ -void +static void fe_frombytes(fe h, const unsigned char *s) { int64_t h0 = load_4(s); @@ -487,7 +478,7 @@ fe_reduce(fe h, const fe f) Goal: Output h0+...+2^230 h9. */ -void +static void fe_tobytes(unsigned char *s, const fe h) { fe t; @@ -530,12 +521,12 @@ fe_tobytes(unsigned char *s, const fe h) /* return 1 if f is in {1,3,5,...,q-2} return 0 if f is in {0,2,4,...,q-1} - * + Preconditions: |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static int +static inline int fe_isnegative(const fe f) { unsigned char s[32]; @@ -553,7 +544,7 @@ fe_isnegative(const fe f) |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -int +static inline int fe_iszero(const fe f) { unsigned char s[32]; @@ -595,7 +586,7 @@ fe_iszero(const fe f) With tighter constraints on inputs can squeeze carries into int32. */ -void +static void fe_mul(fe h, const fe f, const fe g) { int32_t f0 = f[0]; @@ -865,7 +856,7 @@ fe_mul(fe h, const fe f, const fe g) |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. */ -void +static void fe_sq(fe h, const fe f) { int32_t f0 = f[0]; @@ -1209,7 +1200,7 @@ fe_sq2(fe h, const fe f) h[9] = (int32_t) h9; } -void +static void fe_scalar_product(fe h, const fe f, uint32_t n) { int64_t sn = (int64_t) n; diff --git a/src/libsodium/crypto_core/curve25519/ref10/fe_51/fe.h b/src/libsodium/include/sodium/private/curve25519_ref10_fe_51.h similarity index 95% rename from src/libsodium/crypto_core/curve25519/ref10/fe_51/fe.h rename to src/libsodium/include/sodium/private/curve25519_ref10_fe_51.h index 3455cbe8..4ebabd7e 100644 --- a/src/libsodium/crypto_core/curve25519/ref10/fe_51/fe.h +++ b/src/libsodium/include/sodium/private/curve25519_ref10_fe_51.h @@ -1,25 +1,15 @@ -/* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */ -static const fe d = { - 929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575 -}; +#include -/* 2 * d = - * 16295367250680780974490674513165176452449235426866156013048779062215315747161 - */ -static const fe d2 = { - 1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903 -}; +#include "private/common.h" +#include "utils.h" -/* sqrt(-1) */ -static const fe sqrtm1 = { - 1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133 -}; +typedef uint64_t fe[5]; /* h = 0 */ -void +static inline void fe_0(fe h) { memset(&h[0], 0, 5 * sizeof h[0]); @@ -29,7 +19,7 @@ fe_0(fe h) h = 1 */ -void +static inline void fe_1(fe h) { h[0] = 1; @@ -41,7 +31,7 @@ fe_1(fe h) Can overlap h with f or g. */ -void +static inline void fe_add(fe h, const fe f, const fe g) { uint64_t h0 = f[0] + g[0]; @@ -61,7 +51,7 @@ fe_add(fe h, const fe f, const fe g) h = f - g */ -void +static void fe_sub(fe h, const fe f, const fe g) { const uint64_t mask = 0x7ffffffffffffULL; @@ -101,7 +91,7 @@ fe_sub(fe h, const fe f, const fe g) h = -f */ -static void +static inline void fe_neg(fe h, const fe f) { fe zero; @@ -154,7 +144,7 @@ replace (f,g) with (f,g) if b == 0. Preconditions: b in {0,1}. */ -void +static void fe_cswap(fe f, fe g, unsigned int b) { const uint64_t mask = (uint64_t) (-(int64_t) b); @@ -200,7 +190,7 @@ fe_cswap(fe f, fe g, unsigned int b) h = f */ -void +static inline void fe_copy(fe h, const fe f) { uint64_t f0 = f[0]; @@ -220,7 +210,7 @@ fe_copy(fe h, const fe f) Ignores top bit of h. */ -void +static void fe_frombytes(fe h, const unsigned char *s) { const uint64_t mask = 0x7ffffffffffffULL; @@ -316,7 +306,7 @@ fe_reduce(fe h, const fe f) h[4] = t[4]; } -void +static void fe_tobytes(unsigned char *s, const fe h) { fe t; @@ -338,7 +328,7 @@ fe_tobytes(unsigned char *s, const fe h) return 0 if f is in {0,2,4,...,q-1} */ -static int +static inline int fe_isnegative(const fe f) { unsigned char s[32]; @@ -353,7 +343,7 @@ fe_isnegative(const fe f) return 0 if f != 0 */ -int +static inline int fe_iszero(const fe f) { unsigned char s[32]; @@ -368,7 +358,7 @@ fe_iszero(const fe f) Can overlap h with f or g. */ -void +static void fe_mul(fe h, const fe f, const fe g) { const uint64_t mask = 0x7ffffffffffffULL; @@ -459,7 +449,7 @@ fe_mul(fe h, const fe f, const fe g) Can overlap h with f. */ -void +static void fe_sq(fe h, const fe f) { const uint64_t mask = 0x7ffffffffffffULL; @@ -618,7 +608,7 @@ fe_sq2(fe h, const fe f) h[4] = r04; } -void +static void fe_scalar_product(fe h, const fe f, uint32_t n) { const uint64_t mask = 0x7ffffffffffffULL;