Move field arithmetic to include/private/, and make everything static

to get some inlining.
2017-11-06 14:32:01 +01:00 · 2017-11-06 14:32:01 +01:00 · f954997fc3
commit f954997fc3
parent 2e7b8e1de9
5 changed files with 50 additions and 80 deletions
--- a/src/libsodium/Makefile.am
+++ b/src/libsodium/Makefile.am
@ -112,12 +112,14 @@ if HAVE_TI_MODE
 libsodium_la_SOURCES += \
 	crypto_core/curve25519/ref10/fe_51/base.h \
 	crypto_core/curve25519/ref10/fe_51/base2.h \
-	crypto_core/curve25519/ref10/fe_51/fe.h
+	crypto_core/curve25519/ref10/fe_51/constants.h \
+	include/sodium/private/curve25519_ref10_fe_51.h
 else
 libsodium_la_SOURCES += \
 	crypto_core/curve25519/ref10/fe_25_5/base.h \
 	crypto_core/curve25519/ref10/fe_25_5/base2.h \
-	crypto_core/curve25519/ref10/fe_25_5/fe.h
+	crypto_core/curve25519/ref10/fe_25_5/constants.h \
+	include/sodium/private/curve25519_ref10_fe_25_5.h
 endif

 if HAVE_AMD64_ASM
--- a/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c
+++ b/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c
@ -7,6 +7,12 @@
 #include "private/curve25519_ref10.h"
 #include "utils.h"

+#ifdef HAVE_TI_MODE
+# include "fe_51/constants.h"
+#else
+# include "fe_25_5/constants.h"
+#endif
+
 static inline uint64_t
 load_3(const unsigned char *in)
 {
@ -32,12 +38,6 @@ load_4(const unsigned char *in)
    return result;
 }

-#ifdef HAVE_TI_MODE
-# include "fe_51/fe.h"
-#else
-# include "fe_25_5/fe.h"
-#endif
-
 void
 fe_invert(fe out, const fe z)
 {
--- a/src/libsodium/include/sodium/private/curve25519_ref10.h
+++ b/src/libsodium/include/sodium/private/curve25519_ref10.h
@ -12,25 +12,12 @@
 #define fe fe25519

 #ifdef HAVE_TI_MODE
-typedef uint64_t fe[5];
+# include "curve25519_ref10_fe_51.h"
 #else
-typedef int32_t fe[10];
+# include "curve25519_ref10_fe_25_5.h"
 #endif

-void fe_frombytes(fe,const unsigned char *);
-void fe_tobytes(unsigned char *,const fe);
-
-void fe_copy(fe,const fe);
-int  fe_iszero(const fe);
-void fe_0(fe);
-void fe_1(fe);
-void fe_add(fe,const fe,const fe);
-void fe_sub(fe,const fe,const fe);
-void fe_mul(fe,const fe,const fe);
-void fe_sq(fe,const fe);
-void fe_invert(fe,const fe);
-void fe_cswap(fe f, fe g, unsigned int b);
-void fe_scalar_product(fe h, const fe f, uint32_t n);
+void fe_invert(fe out, const fe z);

 /*
 ge means group element.
--- a/src/libsodium/include/sodium/private/curve25519_ref10_fe_25_5.h
+++ b/src/libsodium/include/sodium/private/curve25519_ref10_fe_25_5.h
@ -1,24 +1,15 @@
-/* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */
-static const fe d = {
-    -10913610, 13857413, -15372611, 6949391,   114729, -8787816,  -6275908, -3247719,  -18696448, -12055116
-};
+#include <string.h>

-/* 2 * d =
- * 16295367250680780974490674513165176452449235426866156013048779062215315747161
- */
-static const fe d2 = {
-    -21827239, -5839606,  -30745221, 13898782, 229458, 15978800,  -12551817, -6495438,  29715968, 9444199 };
+#include "private/common.h"
+#include "utils.h"

-/* sqrt(-1) */
-static const fe sqrtm1 = {
-    -32595792, -7943725,  9377950,  3500415, 12389472, -272473,   -25146209, -2005654, 326686,  11406482
-};
+typedef int32_t fe[10];

 /*
 h = 0
 */

-void
+static inline void
 fe_0(fe h)
 {
    memset(&h[0], 0, 10 * sizeof h[0]);
@ -28,7 +19,7 @@ fe_0(fe h)
 h = 1
 */

-void
+static inline void
 fe_1(fe h)
 {
    h[0] = 1;
@ -48,7 +39,7 @@ fe_1(fe h)
 |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 */

-void
+static inline void
 fe_add(fe h, const fe f, const fe g)
 {
    int32_t h0 = f[0] + g[0];
@ -86,7 +77,7 @@ fe_add(fe h, const fe f, const fe g)
 |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 */

-void
+static void
 fe_sub(fe h, const fe f, const fe g)
 {
    int32_t h0 = f[0] - g[0];
@ -122,7 +113,7 @@ fe_sub(fe h, const fe f, const fe g)
 |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 */

-static void
+static inline void
 fe_neg(fe h, const fe f)
 {
    int32_t h0 = -f[0];
@ -205,7 +196,7 @@ fe_cmov(fe f, const fe g, unsigned int b)
    f[9] = f9 ^ x9;
 }

-void
+static void
 fe_cswap(fe f, fe g, unsigned int b)
 {
    const uint32_t mask = (uint32_t) (-(int64_t) b);
@ -281,7 +272,7 @@ fe_cswap(fe f, fe g, unsigned int b)
 h = f
 */

-void
+static inline void
 fe_copy(fe h, const fe f)
 {
    int32_t f0 = f[0];
@ -311,7 +302,7 @@ fe_copy(fe h, const fe f)
 Ignores top bit of h.
 */

-void
+static void
 fe_frombytes(fe h, const unsigned char *s)
 {
    int64_t h0 = load_4(s);
@ -487,7 +478,7 @@ fe_reduce(fe h, const fe f)
 Goal: Output h0+...+2^230 h9.
 */

-void
+static void
 fe_tobytes(unsigned char *s, const fe h)
 {
    fe t;
@ -530,12 +521,12 @@ fe_tobytes(unsigned char *s, const fe h)
 /*
 return 1 if f is in {1,3,5,...,q-2}
 return 0 if f is in {0,2,4,...,q-1}
- *
+
 Preconditions:
 |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 */

-static int
+static inline int
 fe_isnegative(const fe f)
 {
    unsigned char s[32];
@ -553,7 +544,7 @@ fe_isnegative(const fe f)
 |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 */

-int
+static inline int
 fe_iszero(const fe f)
 {
    unsigned char s[32];
@ -595,7 +586,7 @@ fe_iszero(const fe f)
 With tighter constraints on inputs can squeeze carries into int32.
 */

-void
+static void
 fe_mul(fe h, const fe f, const fe g)
 {
    int32_t f0 = f[0];
@ -865,7 +856,7 @@ fe_mul(fe h, const fe f, const fe g)
 |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
 */

-void
+static void
 fe_sq(fe h, const fe f)
 {
    int32_t f0 = f[0];
@ -1209,7 +1200,7 @@ fe_sq2(fe h, const fe f)
    h[9] = (int32_t) h9;
 }

-void
+static void
 fe_scalar_product(fe h, const fe f, uint32_t n)
 {
    int64_t sn = (int64_t) n;
--- a/src/libsodium/include/sodium/private/curve25519_ref10_fe_51.h
+++ b/src/libsodium/include/sodium/private/curve25519_ref10_fe_51.h
@ -1,25 +1,15 @@
-/* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */
-static const fe d = {
-    929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575
-};
+#include <string.h>

-/* 2 * d =
- * 16295367250680780974490674513165176452449235426866156013048779062215315747161
- */
-static const fe d2 = {
-    1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903
-};
+#include "private/common.h"
+#include "utils.h"

-/* sqrt(-1) */
-static const fe sqrtm1 = {
-    1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133
-};
+typedef uint64_t fe[5];

 /*
 h = 0
 */

-void
+static inline void
 fe_0(fe h)
 {
    memset(&h[0], 0, 5 * sizeof h[0]);
@ -29,7 +19,7 @@ fe_0(fe h)
 h = 1
 */

-void
+static inline void
 fe_1(fe h)
 {
    h[0] = 1;
@ -41,7 +31,7 @@ fe_1(fe h)
 Can overlap h with f or g.
 */

-void
+static inline void
 fe_add(fe h, const fe f, const fe g)
 {
    uint64_t h0 = f[0] + g[0];
@ -61,7 +51,7 @@ fe_add(fe h, const fe f, const fe g)
 h = f - g
 */

-void
+static void
 fe_sub(fe h, const fe f, const fe g)
 {
    const uint64_t mask = 0x7ffffffffffffULL;
@ -101,7 +91,7 @@ fe_sub(fe h, const fe f, const fe g)
 h = -f
 */

-static void
+static inline void
 fe_neg(fe h, const fe f)
 {
    fe zero;
@ -154,7 +144,7 @@ replace (f,g) with (f,g) if b == 0.
 Preconditions: b in {0,1}.
 */

-void
+static void
 fe_cswap(fe f, fe g, unsigned int b)
 {
    const uint64_t mask = (uint64_t) (-(int64_t) b);
@ -200,7 +190,7 @@ fe_cswap(fe f, fe g, unsigned int b)
 h = f
 */

-void
+static inline void
 fe_copy(fe h, const fe f)
 {
    uint64_t f0 = f[0];
@ -220,7 +210,7 @@ fe_copy(fe h, const fe f)
 Ignores top bit of h.
 */

-void
+static void
 fe_frombytes(fe h, const unsigned char *s)
 {
    const uint64_t mask = 0x7ffffffffffffULL;
@ -316,7 +306,7 @@ fe_reduce(fe h, const fe f)
    h[4] = t[4];
 }

-void
+static void
 fe_tobytes(unsigned char *s, const fe h)
 {
    fe       t;
@ -338,7 +328,7 @@ fe_tobytes(unsigned char *s, const fe h)
 return 0 if f is in {0,2,4,...,q-1}
 */

-static int
+static inline int
 fe_isnegative(const fe f)
 {
    unsigned char s[32];
@ -353,7 +343,7 @@ fe_isnegative(const fe f)
 return 0 if f != 0
 */

-int
+static inline int
 fe_iszero(const fe f)
 {
    unsigned char s[32];
@ -368,7 +358,7 @@ fe_iszero(const fe f)
 Can overlap h with f or g.
 */

-void
+static void
 fe_mul(fe h, const fe f, const fe g)
 {
    const uint64_t mask = 0x7ffffffffffffULL;
@ -459,7 +449,7 @@ fe_mul(fe h, const fe f, const fe g)
 Can overlap h with f.
 */

-void
+static void
 fe_sq(fe h, const fe f)
 {
    const uint64_t mask = 0x7ffffffffffffULL;
@ -618,7 +608,7 @@ fe_sq2(fe h, const fe f)
    h[4] = r04;
 }

-void
+static void
 fe_scalar_product(fe h, const fe f, uint32_t n)
 {
    const uint64_t mask = 0x7ffffffffffffULL;