grpc 1.15.0 → 1.30.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8591 -13387
- data/etc/roots.pem +455 -130
- data/include/grpc/grpc.h +39 -9
- data/include/grpc/grpc_posix.h +0 -8
- data/include/grpc/grpc_security.h +409 -14
- data/include/grpc/grpc_security_constants.h +55 -22
- data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
- data/include/grpc/impl/codegen/atm_windows.h +2 -0
- data/include/grpc/impl/codegen/byte_buffer.h +13 -0
- data/include/grpc/impl/codegen/compression_types.h +2 -1
- data/include/grpc/impl/codegen/gpr_types.h +1 -1
- data/include/grpc/impl/codegen/grpc_types.h +111 -16
- data/include/grpc/impl/codegen/port_platform.h +171 -9
- data/include/grpc/impl/codegen/slice.h +2 -22
- data/include/grpc/impl/codegen/status.h +2 -1
- data/include/grpc/impl/codegen/sync.h +5 -3
- data/include/grpc/impl/codegen/sync_abseil.h +36 -0
- data/include/grpc/impl/codegen/sync_generic.h +1 -1
- data/include/grpc/impl/codegen/sync_posix.h +18 -0
- data/include/grpc/module.modulemap +25 -37
- data/include/grpc/slice.h +3 -3
- data/include/grpc/support/alloc.h +0 -16
- data/include/grpc/support/sync_abseil.h +26 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +81 -0
- data/src/core/ext/filters/client_channel/backend_metric.h +36 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +26 -19
- data/src/core/ext/filters/client_channel/backup_poller.h +8 -2
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +21 -5
- data/src/core/ext/filters/client_channel/client_channel.cc +2888 -2206
- data/src/core/ext/filters/client_channel/client_channel.h +26 -6
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +54 -72
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +33 -26
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +22 -34
- data/src/core/ext/filters/client_channel/client_channel_factory.h +12 -39
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +13 -14
- data/src/core/ext/filters/client_channel/connector.h +43 -37
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +179 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +68 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +606 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.h +175 -0
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +177 -158
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +1 -1
- data/src/core/ext/filters/client_channel/http_proxy.cc +125 -121
- data/src/core/ext/filters/client_channel/http_proxy.h +5 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +105 -26
- data/src/core/ext/filters/client_channel/lb_policy.h +352 -152
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +64 -47
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1010 -1155
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +7 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +12 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +53 -40
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +10 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +19 -16
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +157 -271
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +43 -59
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +235 -384
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +174 -409
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +157 -285
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +417 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +32 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +7 -91
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +93 -8
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +13 -2
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +96 -0
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +57 -0
- data/src/core/ext/filters/client_channel/parse_address.cc +76 -30
- data/src/core/ext/filters/client_channel/parse_address.h +4 -1
- data/src/core/ext/filters/client_channel/proxy_mapper.h +14 -34
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +46 -79
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +23 -17
- data/src/core/ext/filters/client_channel/resolver.cc +55 -5
- data/src/core/ext/filters/client_channel/resolver.h +61 -61
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +251 -226
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +200 -36
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +18 -20
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +177 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +491 -131
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +434 -233
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +20 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +15 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +38 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +7 -2
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +28 -0
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +29 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +92 -131
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +220 -134
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +27 -17
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +73 -99
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +184 -0
- data/src/core/ext/filters/client_channel/resolver_factory.h +13 -11
- data/src/core/ext/filters/client_channel/resolver_registry.cc +33 -14
- data/src/core/ext/filters/client_channel/resolver_registry.h +19 -13
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +443 -0
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +127 -0
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +348 -0
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +123 -0
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
- data/src/core/ext/filters/client_channel/retry_throttle.h +2 -6
- data/src/core/ext/filters/client_channel/server_address.cc +48 -0
- data/src/core/ext/filters/client_channel/server_address.h +90 -0
- data/src/core/ext/filters/client_channel/service_config.cc +221 -0
- data/src/core/ext/filters/client_channel/service_config.h +123 -0
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +903 -634
- data/src/core/ext/filters/client_channel/subchannel.h +364 -131
- data/src/core/ext/filters/client_channel/subchannel_interface.h +94 -0
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +97 -0
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +91 -0
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1906 -0
- data/src/core/ext/filters/client_channel/xds/xds_api.h +280 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +342 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +88 -0
- data/src/core/ext/filters/client_channel/xds/xds_channel.h +46 -0
- data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +106 -0
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +2367 -0
- data/src/core/ext/filters/client_channel/xds/xds_client.h +309 -0
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +115 -0
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +211 -0
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +440 -0
- data/src/core/ext/filters/deadline/deadline_filter.cc +49 -52
- data/src/core/ext/filters/deadline/deadline_filter.h +11 -14
- data/src/core/ext/filters/http/client/http_client_filter.cc +122 -85
- data/src/core/ext/filters/http/client/http_client_filter.h +1 -1
- data/src/core/ext/filters/http/client_authority_filter.cc +26 -24
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +342 -295
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/http/server/http_server_filter.cc +156 -54
- data/src/core/ext/filters/max_age/max_age_filter.cc +76 -63
- data/src/core/ext/filters/message_size/message_size_filter.cc +218 -119
- data/src/core/ext/filters/message_size/message_size_filter.h +33 -0
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +19 -17
- data/src/core/ext/transport/chttp2/alpn/alpn.h +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +141 -164
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +31 -1
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +36 -34
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +133 -138
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +128 -30
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +8 -11
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +11 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +4 -3
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +9 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +911 -716
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +8 -1
- data/src/core/ext/transport/chttp2/transport/context_list.cc +69 -0
- data/src/core/ext/transport/chttp2/transport/context_list.h +53 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/flow_control.h +22 -30
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +47 -54
- data/src/core/ext/transport/chttp2/transport/frame_data.h +11 -13
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +9 -8
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +5 -5
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -5
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +3 -4
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +17 -7
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +11 -4
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +11 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -4
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +3 -4
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +548 -351
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +26 -15
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +201 -120
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +14 -6
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +47 -169
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +70 -17
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +10 -17
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +19 -10
- data/src/core/ext/transport/chttp2/transport/internal.h +226 -161
- data/src/core/ext/transport/chttp2/transport/parsing.cc +166 -110
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/stream_map.cc +28 -18
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +95 -35
- data/src/core/ext/transport/inproc/inproc_transport.cc +406 -388
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +21 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +403 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1447 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +74 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +218 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +69 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +55 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +305 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +112 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +328 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +313 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +897 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +96 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +322 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +642 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +172 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +673 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +80 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +152 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +518 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +129 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +392 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +31 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +92 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +266 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +112 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +324 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +31 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +109 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +399 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +145 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +43 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +30 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +815 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +3032 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +59 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +228 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +316 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1132 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +33 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +24 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +50 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +54 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +134 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +144 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +39 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +87 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +50 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +112 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +89 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +17 -0
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +30 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.c +18 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +30 -0
- data/src/core/ext/upb-generated/google/api/http.upb.c +66 -0
- data/src/core/ext/upb-generated/google/api/http.upb.h +190 -0
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +27 -0
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +58 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +486 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +1696 -0
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +27 -0
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +58 -0
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +22 -0
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +50 -0
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +79 -0
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +215 -0
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +27 -0
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +58 -0
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +106 -0
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +238 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +33 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +74 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +49 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +126 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +212 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +693 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +42 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +109 -0
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +36 -0
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +84 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +141 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +393 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +58 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +144 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +448 -0
- data/src/core/ext/upb-generated/validate/validate.upb.h +2073 -0
- data/src/core/lib/avl/avl.cc +1 -1
- data/src/core/lib/channel/channel_args.cc +54 -115
- data/src/core/lib/channel/channel_args.h +44 -40
- data/src/core/lib/channel/channel_stack.cc +6 -5
- data/src/core/lib/channel/channel_stack.h +52 -28
- data/src/core/lib/channel/channel_stack_builder.cc +14 -2
- data/src/core/lib/channel/channel_stack_builder.h +8 -0
- data/src/core/lib/channel/channel_trace.cc +75 -85
- data/src/core/lib/channel/channel_trace.h +37 -32
- data/src/core/lib/channel/channelz.cc +496 -106
- data/src/core/lib/channel/channelz.h +262 -61
- data/src/core/lib/channel/channelz_registry.cc +191 -69
- data/src/core/lib/channel/channelz_registry.h +30 -53
- data/src/core/lib/channel/connected_channel.cc +30 -27
- data/src/core/lib/channel/context.h +6 -6
- data/src/core/lib/channel/handshaker.cc +150 -218
- data/src/core/lib/channel/handshaker.h +111 -102
- data/src/core/lib/channel/handshaker_factory.h +9 -17
- data/src/core/lib/channel/handshaker_registry.cc +57 -49
- data/src/core/lib/channel/handshaker_registry.h +21 -15
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/algorithm_metadata.h +3 -3
- data/src/core/lib/compression/compression.cc +17 -12
- data/src/core/lib/compression/compression_args.cc +134 -0
- data/src/core/lib/compression/compression_args.h +56 -0
- data/src/core/lib/compression/compression_internal.cc +17 -13
- data/src/core/lib/compression/compression_internal.h +9 -1
- data/src/core/lib/compression/message_compress.cc +8 -3
- data/src/core/lib/compression/stream_compression.cc +3 -2
- data/src/core/lib/compression/stream_compression.h +2 -2
- data/src/core/lib/compression/stream_compression_gzip.cc +9 -9
- data/src/core/lib/compression/stream_compression_identity.cc +5 -7
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/debug/trace.cc +16 -7
- data/src/core/lib/debug/trace.h +20 -4
- data/src/core/lib/gpr/alloc.cc +4 -29
- data/src/core/lib/gpr/arena.h +13 -7
- data/src/core/lib/gpr/cpu_linux.cc +1 -1
- data/src/core/lib/gpr/cpu_posix.cc +5 -3
- data/src/core/lib/gpr/env.h +3 -6
- data/src/core/lib/gpr/env_linux.cc +15 -21
- data/src/core/lib/gpr/env_posix.cc +5 -5
- data/src/core/lib/gpr/env_windows.cc +7 -5
- data/src/core/lib/gpr/log.cc +9 -13
- data/src/core/lib/gpr/log_linux.cc +2 -2
- data/src/core/lib/gpr/log_posix.cc +4 -3
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +29 -35
- data/src/core/lib/gpr/string.h +11 -19
- data/src/core/lib/gpr/sync_abseil.cc +116 -0
- data/src/core/lib/gpr/sync_posix.cc +78 -9
- data/src/core/lib/gpr/sync_windows.cc +4 -2
- data/src/core/lib/gpr/time.cc +12 -0
- data/src/core/lib/gpr/time_posix.cc +22 -3
- data/src/core/lib/gpr/time_precise.cc +123 -36
- data/src/core/lib/gpr/time_precise.h +37 -0
- data/src/core/lib/gprpp/arena.cc +103 -0
- data/src/core/lib/gprpp/arena.h +120 -0
- data/src/core/lib/gprpp/atomic.h +79 -5
- data/src/core/lib/gprpp/debug_location.h +3 -2
- data/src/core/lib/gprpp/fork.cc +30 -56
- data/src/core/lib/gprpp/fork.h +18 -3
- data/src/core/lib/gprpp/global_config.h +96 -0
- data/src/core/lib/gprpp/global_config_custom.h +29 -0
- data/src/core/lib/gprpp/global_config_env.cc +135 -0
- data/src/core/lib/gprpp/global_config_env.h +131 -0
- data/src/core/lib/gprpp/global_config_generic.h +44 -0
- data/src/core/lib/gprpp/host_port.cc +112 -0
- data/src/core/lib/gprpp/host_port.h +56 -0
- data/src/core/lib/gprpp/map.h +53 -0
- data/src/core/lib/gprpp/memory.h +11 -83
- data/src/core/lib/gprpp/mpscq.cc +108 -0
- data/src/core/lib/gprpp/mpscq.h +98 -0
- data/src/core/lib/gprpp/orphanable.h +27 -95
- data/src/core/lib/gprpp/ref_counted.h +228 -83
- data/src/core/lib/gprpp/ref_counted_ptr.h +39 -16
- data/src/core/lib/gprpp/sync.h +135 -0
- data/src/core/lib/gprpp/thd.h +54 -12
- data/src/core/lib/gprpp/thd_posix.cc +57 -13
- data/src/core/lib/gprpp/thd_windows.cc +54 -33
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +11 -11
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +121 -107
- data/src/core/lib/http/parser.cc +4 -3
- data/src/core/lib/http/parser.h +9 -9
- data/src/core/lib/iomgr/buffer_list.cc +308 -0
- data/src/core/lib/iomgr/buffer_list.h +165 -0
- data/src/core/lib/iomgr/call_combiner.cc +113 -69
- data/src/core/lib/iomgr/call_combiner.h +96 -74
- data/src/core/lib/iomgr/cfstream_handle.cc +209 -0
- data/src/core/lib/iomgr/cfstream_handle.h +90 -0
- data/src/core/lib/iomgr/closure.h +44 -141
- data/src/core/lib/iomgr/combiner.cc +50 -86
- data/src/core/lib/iomgr/combiner.h +31 -9
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/dynamic_annotations.h +67 -0
- data/src/core/lib/iomgr/endpoint.cc +8 -4
- data/src/core/lib/iomgr/endpoint.h +12 -4
- data/src/core/lib/iomgr/endpoint_cfstream.cc +376 -0
- data/src/core/lib/iomgr/endpoint_cfstream.h +49 -0
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +1 -1
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +2 -2
- data/src/core/lib/iomgr/error.cc +71 -64
- data/src/core/lib/iomgr/error.h +74 -10
- data/src/core/lib/iomgr/error_cfstream.cc +52 -0
- data/src/core/lib/iomgr/error_cfstream.h +31 -0
- data/src/core/lib/iomgr/error_internal.h +1 -3
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +99 -69
- data/src/core/lib/iomgr/ev_epollex_linux.cc +238 -259
- data/src/core/lib/iomgr/ev_poll_posix.cc +52 -504
- data/src/core/lib/iomgr/ev_posix.cc +54 -31
- data/src/core/lib/iomgr/ev_posix.h +29 -3
- data/src/core/lib/iomgr/ev_windows.cc +2 -2
- data/src/core/lib/iomgr/exec_ctx.cc +79 -8
- data/src/core/lib/iomgr/exec_ctx.h +163 -21
- data/src/core/lib/iomgr/executor.cc +137 -101
- data/src/core/lib/iomgr/executor.h +54 -48
- data/src/core/lib/iomgr/executor/mpmcqueue.cc +183 -0
- data/src/core/lib/iomgr/executor/mpmcqueue.h +175 -0
- data/src/core/lib/iomgr/executor/threadpool.cc +137 -0
- data/src/core/lib/iomgr/executor/threadpool.h +149 -0
- data/src/core/lib/iomgr/fork_posix.cc +15 -8
- data/src/core/lib/iomgr/grpc_if_nametoindex.h +30 -0
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +42 -0
- data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +38 -0
- data/src/core/lib/iomgr/internal_errqueue.cc +67 -0
- data/src/core/lib/iomgr/internal_errqueue.h +191 -0
- data/src/core/lib/iomgr/iocp_windows.cc +2 -2
- data/src/core/lib/iomgr/iomgr.cc +27 -13
- data/src/core/lib/iomgr/iomgr.h +19 -0
- data/src/core/lib/iomgr/iomgr_custom.cc +18 -2
- data/src/core/lib/iomgr/iomgr_custom.h +2 -0
- data/src/core/lib/iomgr/iomgr_internal.cc +14 -0
- data/src/core/lib/iomgr/iomgr_internal.h +16 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +23 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +171 -0
- data/src/core/lib/iomgr/iomgr_uv.cc +3 -0
- data/src/core/lib/iomgr/iomgr_windows.cc +20 -1
- data/src/core/lib/iomgr/load_file.cc +1 -0
- data/src/core/lib/iomgr/lockfree_event.cc +16 -15
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +87 -0
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +88 -0
- data/src/core/lib/iomgr/polling_entity.h +4 -4
- data/src/core/lib/iomgr/pollset_custom.cc +5 -5
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/iomgr/pollset_uv.h +32 -0
- data/src/core/lib/iomgr/pollset_windows.cc +16 -2
- data/src/core/lib/iomgr/port.h +49 -2
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +5 -7
- data/src/core/lib/iomgr/resolve_address_custom.cc +36 -50
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +22 -25
- data/src/core/lib/iomgr/resolve_address_windows.cc +14 -26
- data/src/core/lib/iomgr/resource_quota.cc +175 -110
- data/src/core/lib/iomgr/resource_quota.h +30 -11
- data/src/core/lib/iomgr/sockaddr_utils.cc +26 -31
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +145 -27
- data/src/core/lib/iomgr/socket_utils_posix.h +26 -0
- data/src/core/lib/iomgr/socket_windows.cc +21 -2
- data/src/core/lib/iomgr/socket_windows.h +9 -1
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +215 -0
- data/src/core/lib/iomgr/tcp_client_custom.cc +19 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +40 -38
- data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
- data/src/core/lib/iomgr/tcp_client_windows.cc +11 -10
- data/src/core/lib/iomgr/tcp_custom.cc +37 -32
- data/src/core/lib/iomgr/tcp_custom.h +3 -0
- data/src/core/lib/iomgr/tcp_posix.cc +1196 -168
- data/src/core/lib/iomgr/tcp_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_server.cc +5 -0
- data/src/core/lib/iomgr/tcp_server.h +21 -0
- data/src/core/lib/iomgr/tcp_server_custom.cc +43 -30
- data/src/core/lib/iomgr/tcp_server_posix.cc +97 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +19 -16
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_server_windows.cc +19 -15
- data/src/core/lib/iomgr/tcp_uv.cc +8 -9
- data/src/core/lib/iomgr/tcp_windows.cc +110 -48
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer.h +2 -1
- data/src/core/lib/iomgr/timer_custom.cc +7 -5
- data/src/core/lib/iomgr/timer_generic.cc +42 -40
- data/src/core/lib/iomgr/timer_generic.h +39 -0
- data/src/core/lib/iomgr/timer_heap.cc +2 -2
- data/src/core/lib/iomgr/timer_heap.h +5 -6
- data/src/core/lib/iomgr/timer_manager.cc +34 -16
- data/src/core/lib/iomgr/timer_manager.h +4 -2
- data/src/core/lib/iomgr/udp_server.cc +31 -30
- data/src/core/lib/iomgr/udp_server.h +6 -12
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -4
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +1 -19
- data/src/core/lib/iomgr/work_serializer.cc +155 -0
- data/src/core/lib/iomgr/work_serializer.h +65 -0
- data/src/core/lib/json/json.h +209 -68
- data/src/core/lib/json/json_reader.cc +511 -319
- data/src/core/lib/json/json_writer.cc +202 -110
- data/src/core/lib/profiling/basic_timers.cc +12 -6
- data/src/core/lib/security/context/security_context.cc +92 -119
- data/src/core/lib/security/context/security_context.h +79 -48
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +39 -48
- data/src/core/lib/security/credentials/alts/alts_credentials.h +37 -10
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +45 -57
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +2 -1
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +3 -2
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +119 -159
- data/src/core/lib/security/credentials/composite/composite_credentials.h +71 -24
- data/src/core/lib/security/credentials/credentials.cc +18 -142
- data/src/core/lib/security/credentials/credentials.h +141 -105
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +48 -72
- data/src/core/lib/security/credentials/fake/fake_credentials.h +28 -5
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +186 -99
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +32 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +33 -39
- data/src/core/lib/security/credentials/iam/iam_credentials.h +22 -4
- data/src/core/lib/security/credentials/jwt/json_token.cc +32 -58
- data/src/core/lib/security/credentials/jwt/json_token.h +5 -7
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +70 -88
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +41 -10
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +159 -170
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -5
- data/src/core/lib/security/credentials/local/local_credentials.cc +21 -34
- data/src/core/lib/security/credentials/local/local_credentials.h +32 -11
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +438 -203
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +98 -33
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +89 -91
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +43 -17
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +84 -83
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +60 -15
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +245 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +313 -0
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +128 -0
- data/src/core/lib/security/credentials/tls/tls_credentials.h +62 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +301 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.h +76 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +324 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.h +45 -0
- data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +2 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +15 -9
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +281 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.h +59 -0
- data/src/core/lib/security/security_connector/security_connector.cc +40 -1158
- data/src/core/lib/security/security_connector/security_connector.h +100 -209
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +439 -0
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +77 -0
- data/src/core/lib/security/security_connector/ssl_utils.cc +563 -0
- data/src/core/lib/security/security_connector/ssl_utils.h +184 -0
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +32 -0
- data/src/core/lib/security/security_connector/ssl_utils_config.h +30 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +603 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +183 -0
- data/src/core/lib/security/transport/auth_filters.h +5 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +164 -116
- data/src/core/lib/security/transport/secure_endpoint.cc +70 -53
- data/src/core/lib/security/transport/security_handshaker.cc +340 -297
- data/src/core/lib/security/transport/security_handshaker.h +14 -3
- data/src/core/lib/security/transport/server_auth_filter.cc +115 -55
- data/src/core/lib/security/transport/target_authority_table.h +1 -1
- data/src/core/lib/security/util/json_util.cc +34 -13
- data/src/core/lib/security/util/json_util.h +5 -3
- data/src/core/lib/slice/b64.cc +3 -4
- data/src/core/lib/slice/b64.h +3 -4
- data/src/core/lib/slice/percent_encoding.cc +3 -3
- data/src/core/lib/slice/percent_encoding.h +3 -3
- data/src/core/lib/slice/slice.cc +219 -153
- data/src/core/lib/slice/slice_buffer.cc +60 -26
- data/src/core/lib/slice/slice_hash_table.h +9 -15
- data/src/core/lib/slice/slice_intern.cc +186 -143
- data/src/core/lib/slice/slice_internal.h +318 -3
- data/src/core/lib/slice/slice_string_helpers.cc +10 -1
- data/src/core/lib/slice/slice_string_helpers.h +3 -1
- data/src/core/lib/slice/slice_utils.h +200 -0
- data/src/core/lib/slice/slice_weak_hash_table.h +10 -17
- data/src/core/lib/surface/api_trace.h +1 -1
- data/src/core/lib/surface/byte_buffer_reader.cc +15 -43
- data/src/core/lib/surface/call.cc +419 -438
- data/src/core/lib/surface/call.h +14 -5
- data/src/core/lib/surface/call_details.cc +0 -1
- data/src/core/lib/surface/call_log_batch.cc +51 -60
- data/src/core/lib/surface/channel.cc +205 -144
- data/src/core/lib/surface/channel.h +85 -14
- data/src/core/lib/surface/channel_init.h +5 -0
- data/src/core/lib/surface/channel_ping.cc +3 -4
- data/src/core/lib/surface/completion_queue.cc +322 -281
- data/src/core/lib/surface/completion_queue.h +7 -21
- data/src/core/lib/surface/completion_queue_factory.cc +4 -4
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init.cc +86 -31
- data/src/core/lib/surface/init.h +1 -0
- data/src/core/lib/surface/init_secure.cc +4 -4
- data/src/core/lib/surface/lame_client.cc +46 -35
- data/src/core/lib/surface/server.cc +815 -476
- data/src/core/lib/surface/server.h +50 -9
- data/src/core/lib/surface/validate_metadata.cc +18 -8
- data/src/core/lib/surface/validate_metadata.h +13 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +3 -3
- data/src/core/lib/transport/bdp_estimator.h +2 -2
- data/src/core/lib/transport/byte_stream.cc +5 -7
- data/src/core/lib/transport/byte_stream.h +13 -12
- data/src/core/lib/transport/connectivity_state.cc +114 -129
- data/src/core/lib/transport/connectivity_state.h +102 -58
- data/src/core/lib/transport/error_utils.cc +25 -2
- data/src/core/lib/transport/metadata.cc +428 -288
- data/src/core/lib/transport/metadata.h +307 -26
- data/src/core/lib/transport/metadata_batch.cc +81 -18
- data/src/core/lib/transport/metadata_batch.h +47 -6
- data/src/core/lib/transport/static_metadata.cc +1150 -521
- data/src/core/lib/transport/static_metadata.h +311 -317
- data/src/core/lib/transport/status_conversion.cc +7 -15
- data/src/core/lib/transport/status_metadata.cc +11 -4
- data/src/core/lib/transport/status_metadata.h +18 -0
- data/src/core/lib/transport/timeout_encoding.cc +8 -1
- data/src/core/lib/transport/timeout_encoding.h +4 -3
- data/src/core/lib/transport/transport.cc +49 -80
- data/src/core/lib/transport/transport.h +132 -54
- data/src/core/lib/transport/transport_impl.h +1 -1
- data/src/core/lib/transport/transport_op_string.cc +67 -105
- data/src/core/lib/uri/uri_parser.cc +314 -0
- data/src/core/lib/uri/uri_parser.h +49 -0
- data/src/core/plugin_registry/grpc_plugin_registry.cc +32 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +715 -144
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +49 -35
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +83 -0
- data/src/core/tsi/alts/handshaker/alts_shared_resource.h +73 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +373 -217
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +45 -24
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +43 -10
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +13 -7
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +4 -3
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +75 -48
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +35 -27
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +13 -3
- data/src/core/tsi/fake_transport_security.cc +26 -25
- data/src/core/tsi/fake_transport_security.h +2 -0
- data/src/core/tsi/local_transport_security.cc +8 -6
- data/src/core/tsi/ssl/session_cache/ssl_session.h +2 -6
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +2 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +14 -11
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -13
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -3
- data/src/core/tsi/ssl_transport_security.cc +289 -125
- data/src/core/tsi/ssl_transport_security.h +52 -13
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.cc +31 -1
- data/src/core/tsi/transport_security.h +8 -10
- data/src/core/tsi/transport_security_grpc.cc +7 -0
- data/src/core/tsi/transport_security_grpc.h +8 -3
- data/src/core/tsi/transport_security_interface.h +15 -3
- data/src/ruby/bin/math_pb.rb +23 -21
- data/src/ruby/ext/grpc/ext-export.clang +1 -0
- data/src/ruby/ext/grpc/ext-export.gcc +6 -0
- data/src/ruby/ext/grpc/extconf.rb +18 -4
- data/src/ruby/ext/grpc/rb_call.c +11 -2
- data/src/ruby/ext/grpc/rb_call_credentials.c +12 -6
- data/src/ruby/ext/grpc/rb_channel.c +18 -11
- data/src/ruby/ext/grpc/rb_channel_credentials.c +8 -4
- data/src/ruby/ext/grpc/rb_compression_options.c +9 -7
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +22 -0
- data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc.c +48 -60
- data/src/ruby/ext/grpc/rb_grpc.h +5 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +42 -6
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +67 -13
- data/src/ruby/ext/grpc/rb_server.c +10 -4
- data/src/ruby/lib/grpc.rb +2 -0
- data/src/ruby/lib/grpc/core/status_codes.rb +135 -0
- data/src/ruby/lib/grpc/errors.rb +122 -46
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/bidi_call.rb +2 -2
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_desc.rb +3 -3
- data/src/ruby/lib/grpc/generic/rpc_server.rb +64 -4
- data/src/ruby/lib/grpc/generic/service.rb +6 -5
- data/src/ruby/lib/grpc/google_rpc_status_utils.rb +9 -4
- data/src/ruby/lib/grpc/grpc.rb +1 -1
- data/src/ruby/lib/grpc/structs.rb +15 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/README.md +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/grpc/health/checker.rb +2 -3
- data/src/ruby/pb/grpc/health/v1/health_pb.rb +16 -13
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +18 -0
- data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +4 -2
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +92 -69
- data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/channel_spec.rb +44 -0
- data/src/ruby/spec/client_auth_spec.rb +5 -5
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/errors_spec.rb +142 -0
- data/src/ruby/spec/generic/client_stub_spec.rb +13 -9
- data/src/ruby/spec/generic/rpc_server_spec.rb +25 -3
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options.proto +28 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import.proto +22 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +39 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +78 -0
- data/src/ruby/spec/support/services.rb +29 -22
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/algorithm/algorithm.h +159 -0
- data/third_party/abseil-cpp/absl/base/attributes.h +621 -0
- data/third_party/abseil-cpp/absl/base/call_once.h +226 -0
- data/third_party/abseil-cpp/absl/base/casts.h +184 -0
- data/third_party/abseil-cpp/absl/base/config.h +671 -0
- data/third_party/abseil-cpp/absl/base/const_init.h +76 -0
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +129 -0
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +389 -0
- data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +200 -0
- data/third_party/abseil-cpp/absl/base/internal/bits.h +218 -0
- data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +107 -0
- data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +94 -0
- data/third_party/abseil-cpp/absl/base/internal/endian.h +266 -0
- data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
- data/third_party/abseil-cpp/absl/base/internal/hide_ptr.h +51 -0
- data/third_party/abseil-cpp/absl/base/internal/identity.h +37 -0
- data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +107 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +187 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +107 -0
- data/third_party/abseil-cpp/absl/base/internal/per_thread_tls.h +52 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +240 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +183 -0
- data/third_party/abseil-cpp/absl/base/internal/scheduling_mode.h +58 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +233 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +243 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +35 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +66 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +46 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc +81 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +93 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +37 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +416 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +66 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +271 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +152 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +259 -0
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +108 -0
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.h +75 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +66 -0
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +158 -0
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +140 -0
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +124 -0
- data/third_party/abseil-cpp/absl/base/log_severity.cc +27 -0
- data/third_party/abseil-cpp/absl/base/log_severity.h +121 -0
- data/third_party/abseil-cpp/absl/base/macros.h +220 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +181 -0
- data/third_party/abseil-cpp/absl/base/options.h +211 -0
- data/third_party/abseil-cpp/absl/base/policy_checks.h +111 -0
- data/third_party/abseil-cpp/absl/base/port.h +26 -0
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +280 -0
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +848 -0
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +265 -0
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +892 -0
- data/third_party/abseil-cpp/absl/memory/memory.h +695 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +759 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +404 -0
- data/third_party/abseil-cpp/absl/numeric/int128.h +1091 -0
- data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +302 -0
- data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +308 -0
- data/third_party/abseil-cpp/absl/strings/ascii.cc +200 -0
- data/third_party/abseil-cpp/absl/strings/ascii.h +242 -0
- data/third_party/abseil-cpp/absl/strings/charconv.cc +984 -0
- data/third_party/abseil-cpp/absl/strings/charconv.h +119 -0
- data/third_party/abseil-cpp/absl/strings/escaping.cc +949 -0
- data/third_party/abseil-cpp/absl/strings/escaping.h +164 -0
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +156 -0
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +359 -0
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +423 -0
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +504 -0
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.h +99 -0
- data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +180 -0
- data/third_party/abseil-cpp/absl/strings/internal/escaping.h +58 -0
- data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +112 -0
- data/third_party/abseil-cpp/absl/strings/internal/memutil.h +148 -0
- data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +36 -0
- data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +89 -0
- data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +73 -0
- data/third_party/abseil-cpp/absl/strings/internal/stl_type_traits.h +248 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +314 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +455 -0
- data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +53 -0
- data/third_party/abseil-cpp/absl/strings/internal/utf8.h +50 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +40 -0
- data/third_party/abseil-cpp/absl/strings/match.h +90 -0
- data/third_party/abseil-cpp/absl/strings/numbers.cc +965 -0
- data/third_party/abseil-cpp/absl/strings/numbers.h +266 -0
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +246 -0
- data/third_party/abseil-cpp/absl/strings/str_cat.h +408 -0
- data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
- data/third_party/abseil-cpp/absl/strings/str_join.h +293 -0
- data/third_party/abseil-cpp/absl/strings/str_replace.cc +82 -0
- data/third_party/abseil-cpp/absl/strings/str_replace.h +219 -0
- data/third_party/abseil-cpp/absl/strings/str_split.cc +139 -0
- data/third_party/abseil-cpp/absl/strings/str_split.h +513 -0
- data/third_party/abseil-cpp/absl/strings/string_view.cc +235 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +622 -0
- data/third_party/abseil-cpp/absl/strings/strip.h +91 -0
- data/third_party/abseil-cpp/absl/strings/substitute.cc +171 -0
- data/third_party/abseil-cpp/absl/strings/substitute.h +693 -0
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +48 -0
- data/third_party/abseil-cpp/absl/types/bad_optional_access.h +78 -0
- data/third_party/abseil-cpp/absl/types/internal/optional.h +396 -0
- data/third_party/abseil-cpp/absl/types/internal/span.h +128 -0
- data/third_party/abseil-cpp/absl/types/optional.h +776 -0
- data/third_party/abseil-cpp/absl/types/span.h +713 -0
- data/third_party/abseil-cpp/absl/utility/utility.h +350 -0
- data/third_party/boringssl-with-bazel/err_data.c +1439 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +123 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +93 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +195 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +88 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +420 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +305 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +286 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +313 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +212 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +446 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +664 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +466 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +700 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +545 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +279 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +317 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +488 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +206 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +118 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +470 -0
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +172 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +265 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +719 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +688 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +96 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +155 -0
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +184 -0
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +45 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +152 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesccm.c +447 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +283 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +891 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +418 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +688 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +491 -0
- data/third_party/boringssl-with-bazel/src/crypto/cmac/cmac.c +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +810 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +220 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.h +201 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +291 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +226 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +2159 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +7872 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +146 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +539 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh/check.c +217 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +533 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +980 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +574 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +95 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +124 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +267 -0
- data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +99 -0
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +850 -0
- data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +58 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +443 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +388 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +484 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +269 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +273 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +286 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +255 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +104 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +221 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +648 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +194 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +110 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +248 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +213 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +238 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +236 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +106 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +263 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +445 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +200 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +236 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +886 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +1288 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +378 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +325 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +694 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +502 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +186 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +749 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1068 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +341 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +226 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +104 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +364 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +620 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +1302 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_des.c +237 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +128 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +89 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +271 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +296 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +268 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1252 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +465 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +524 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +100 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +775 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +328 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +1178 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +632 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.h +153 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +357 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +255 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +270 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +122 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +328 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/fips_shared_support.c +32 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +29 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +256 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/internal.h +37 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +301 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +167 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +202 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +200 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +729 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +441 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +96 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +202 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +163 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +378 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +391 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +243 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +127 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +695 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +898 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +1358 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +654 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +53 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +371 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +343 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +544 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +2100 -0
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +834 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +348 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +359 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +549 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +11585 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +261 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +360 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +777 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +257 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +218 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +159 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +385 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +131 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/p5_pbev2.c +316 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +530 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +1305 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +318 -0
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +305 -0
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +856 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +45 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +220 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +52 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +30 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +69 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +53 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_print.c +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +82 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +431 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_none.c +59 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +210 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +260 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +653 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +114 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +842 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +458 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +275 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +125 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +244 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +544 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +476 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +103 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +834 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +198 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +116 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +341 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +185 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +326 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +204 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +2487 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +671 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +210 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +389 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +399 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +334 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +141 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +286 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +189 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +842 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +207 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +629 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +463 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +503 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +100 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +246 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +218 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +371 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +68 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +288 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +843 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +155 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1395 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +459 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +195 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +911 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +575 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +190 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +933 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blowfish.h +93 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +1057 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +137 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +561 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cast.h +96 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +638 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +180 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +212 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +149 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +201 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +319 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +331 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +457 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +18 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +424 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +372 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdh.h +118 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +205 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +109 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +465 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1050 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +186 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +100 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +282 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/md4.h +108 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/md5.h +109 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +175 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +4259 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +236 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +435 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +215 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +269 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +49 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +102 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +111 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ripemd.h +108 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +818 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +294 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +37 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +199 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +5198 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +333 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +542 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +191 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +632 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +90 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1207 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +681 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +831 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +837 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +268 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +273 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +232 -0
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +200 -0
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +353 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +675 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +703 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +1890 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1805 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +3572 -0
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +724 -0
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +221 -0
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +458 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +432 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +856 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +306 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +1019 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +1718 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +585 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +397 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +3015 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +835 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +1333 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +230 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +277 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +394 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +1358 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +365 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +3870 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +689 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1017 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +513 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +1096 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +317 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +703 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +981 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +619 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1226 -0
- data/third_party/cares/cares/ares.h +12 -0
- data/third_party/cares/cares/ares_create_query.c +5 -1
- data/third_party/cares/cares/ares_data.c +74 -73
- data/third_party/cares/cares/ares_destroy.c +6 -1
- data/third_party/cares/cares/ares_gethostbyaddr.c +5 -5
- data/third_party/cares/cares/ares_gethostbyname.c +15 -4
- data/third_party/cares/cares/ares_getnameinfo.c +11 -0
- data/third_party/cares/cares/ares_init.c +274 -173
- data/third_party/cares/cares/ares_library_init.c +21 -3
- data/third_party/cares/cares/ares_options.c +6 -2
- data/third_party/cares/cares/ares_parse_naptr_reply.c +7 -6
- data/third_party/cares/cares/ares_parse_ptr_reply.c +4 -2
- data/third_party/cares/cares/ares_platform.c +7 -0
- data/third_party/cares/cares/ares_private.h +19 -11
- data/third_party/cares/cares/ares_process.c +27 -2
- data/third_party/cares/cares/ares_rules.h +1 -1
- data/third_party/cares/cares/ares_search.c +7 -0
- data/third_party/cares/cares/ares_send.c +6 -0
- data/third_party/cares/cares/ares_strsplit.c +174 -0
- data/third_party/cares/cares/ares_strsplit.h +43 -0
- data/third_party/cares/cares/ares_version.h +4 -4
- data/third_party/cares/cares/config-win32.h +1 -1
- data/third_party/cares/cares/inet_ntop.c +2 -3
- data/third_party/cares/config_darwin/ares_config.h +3 -0
- data/third_party/cares/config_freebsd/ares_config.h +3 -0
- data/third_party/cares/config_linux/ares_config.h +3 -0
- data/third_party/cares/config_openbsd/ares_config.h +3 -0
- data/third_party/upb/upb/decode.c +609 -0
- data/third_party/upb/upb/decode.h +21 -0
- data/third_party/upb/upb/encode.c +378 -0
- data/third_party/upb/upb/encode.h +21 -0
- data/third_party/upb/upb/generated_util.h +105 -0
- data/third_party/upb/upb/msg.c +111 -0
- data/third_party/upb/upb/msg.h +69 -0
- data/third_party/upb/upb/port.c +26 -0
- data/third_party/upb/upb/port_def.inc +150 -0
- data/third_party/upb/upb/port_undef.inc +21 -0
- data/third_party/upb/upb/table.c +913 -0
- data/third_party/upb/upb/table.int.h +507 -0
- data/third_party/upb/upb/upb.c +261 -0
- data/third_party/upb/upb/upb.h +364 -0
- metadata +968 -542
- data/src/boringssl/err_data.c +0 -1362
- data/src/core/ext/filters/client_channel/connector.cc +0 -41
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/duration.pb.c +0 -19
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/duration.pb.h +0 -54
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/timestamp.pb.c +0 -19
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/timestamp.pb.h +0 -54
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +0 -89
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +0 -164
- data/src/core/ext/filters/client_channel/lb_policy_factory.cc +0 -163
- data/src/core/ext/filters/client_channel/method_params.cc +0 -178
- data/src/core/ext/filters/client_channel/method_params.h +0 -78
- data/src/core/ext/filters/client_channel/proxy_mapper.cc +0 -48
- data/src/core/ext/filters/client_channel/subchannel_index.cc +0 -254
- data/src/core/ext/filters/client_channel/subchannel_index.h +0 -79
- data/src/core/ext/filters/client_channel/uri_parser.cc +0 -314
- data/src/core/ext/filters/client_channel/uri_parser.h +0 -50
- data/src/core/lib/channel/handshaker_factory.cc +0 -41
- data/src/core/lib/gpr/arena.cc +0 -145
- data/src/core/lib/gpr/host_port.cc +0 -98
- data/src/core/lib/gpr/host_port.h +0 -43
- data/src/core/lib/gpr/mpscq.cc +0 -117
- data/src/core/lib/gpr/mpscq.h +0 -86
- data/src/core/lib/gprpp/abstract.h +0 -37
- data/src/core/lib/gprpp/atomic_with_atm.h +0 -57
- data/src/core/lib/gprpp/atomic_with_std.h +0 -35
- data/src/core/lib/gprpp/inlined_vector.h +0 -186
- data/src/core/lib/gprpp/mutex_lock.h +0 -42
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +0 -1743
- data/src/core/lib/iomgr/ev_epollsig_linux.h +0 -35
- data/src/core/lib/iomgr/network_status_tracker.cc +0 -36
- data/src/core/lib/iomgr/network_status_tracker.h +0 -32
- data/src/core/lib/iomgr/wakeup_fd_cv.cc +0 -107
- data/src/core/lib/iomgr/wakeup_fd_cv.h +0 -69
- data/src/core/lib/json/json.cc +0 -97
- data/src/core/lib/json/json_common.h +0 -34
- data/src/core/lib/json/json_reader.h +0 -146
- data/src/core/lib/json/json_string.cc +0 -367
- data/src/core/lib/json/json_writer.h +0 -84
- data/src/core/lib/security/security_connector/alts_security_connector.cc +0 -288
- data/src/core/lib/security/security_connector/alts_security_connector.h +0 -69
- data/src/core/lib/security/security_connector/local_security_connector.cc +0 -245
- data/src/core/lib/security/security_connector/local_security_connector.h +0 -58
- data/src/core/lib/transport/service_config.cc +0 -106
- data/src/core/lib/transport/service_config.h +0 -249
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +0 -520
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +0 -323
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +0 -143
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +0 -149
- data/src/core/tsi/alts/handshaker/alts_tsi_event.cc +0 -73
- data/src/core/tsi/alts/handshaker/alts_tsi_event.h +0 -93
- data/src/core/tsi/alts/handshaker/altscontext.pb.c +0 -47
- data/src/core/tsi/alts/handshaker/altscontext.pb.h +0 -63
- data/src/core/tsi/alts/handshaker/handshaker.pb.c +0 -122
- data/src/core/tsi/alts/handshaker/handshaker.pb.h +0 -254
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +0 -49
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +0 -78
- data/src/core/tsi/alts_transport_security.cc +0 -63
- data/src/core/tsi/alts_transport_security.h +0 -47
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3006
- data/third_party/boringssl/crypto/asn1/a_bool.c +0 -110
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +0 -297
- data/third_party/boringssl/crypto/asn1/a_dup.c +0 -111
- data/third_party/boringssl/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +0 -150
- data/third_party/boringssl/crypto/asn1/a_int.c +0 -479
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +0 -411
- data/third_party/boringssl/crypto/asn1/a_object.c +0 -275
- data/third_party/boringssl/crypto/asn1/a_strnid.c +0 -312
- data/third_party/boringssl/crypto/asn1/a_time.c +0 -213
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +0 -442
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +0 -662
- data/third_party/boringssl/crypto/base64/base64.c +0 -466
- data/third_party/boringssl/crypto/bio/bio.c +0 -636
- data/third_party/boringssl/crypto/bio/connect.c +0 -542
- data/third_party/boringssl/crypto/bio/fd.c +0 -276
- data/third_party/boringssl/crypto/bio/file.c +0 -315
- data/third_party/boringssl/crypto/bio/pair.c +0 -489
- data/third_party/boringssl/crypto/bio/socket.c +0 -202
- data/third_party/boringssl/crypto/bio/socket_helper.c +0 -114
- data/third_party/boringssl/crypto/bn_extra/convert.c +0 -466
- data/third_party/boringssl/crypto/buf/buf.c +0 -231
- data/third_party/boringssl/crypto/bytestring/ber.c +0 -261
- data/third_party/boringssl/crypto/bytestring/cbb.c +0 -668
- data/third_party/boringssl/crypto/bytestring/cbs.c +0 -618
- data/third_party/boringssl/crypto/bytestring/internal.h +0 -75
- data/third_party/boringssl/crypto/chacha/chacha.c +0 -167
- data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +0 -114
- data/third_party/boringssl/crypto/cipher_extra/derive_key.c +0 -152
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +0 -203
- data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +0 -281
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +0 -867
- data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +0 -326
- data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +0 -680
- data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +0 -482
- data/third_party/boringssl/crypto/cmac/cmac.c +0 -241
- data/third_party/boringssl/crypto/conf/conf.c +0 -803
- data/third_party/boringssl/crypto/cpu-arm-linux.c +0 -363
- data/third_party/boringssl/crypto/cpu-intel.c +0 -288
- data/third_party/boringssl/crypto/crypto.c +0 -198
- data/third_party/boringssl/crypto/curve25519/spake25519.c +0 -539
- data/third_party/boringssl/crypto/dh/check.c +0 -217
- data/third_party/boringssl/crypto/dh/dh.c +0 -519
- data/third_party/boringssl/crypto/dsa/dsa.c +0 -946
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +0 -562
- data/third_party/boringssl/crypto/ecdh/ecdh.c +0 -162
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +0 -275
- data/third_party/boringssl/crypto/engine/engine.c +0 -98
- data/third_party/boringssl/crypto/err/err.c +0 -847
- data/third_party/boringssl/crypto/err/internal.h +0 -58
- data/third_party/boringssl/crypto/evp/evp.c +0 -362
- data/third_party/boringssl/crypto/evp/evp_asn1.c +0 -337
- data/third_party/boringssl/crypto/evp/evp_ctx.c +0 -446
- data/third_party/boringssl/crypto/evp/internal.h +0 -252
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +0 -268
- data/third_party/boringssl/crypto/evp/p_ec.c +0 -239
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +0 -256
- data/third_party/boringssl/crypto/evp/p_ed25519.c +0 -71
- data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +0 -190
- data/third_party/boringssl/crypto/evp/p_rsa.c +0 -634
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +0 -189
- data/third_party/boringssl/crypto/evp/scrypt.c +0 -209
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -1100
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +0 -100
- data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +0 -138
- data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +0 -112
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +0 -148
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +0 -428
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +0 -200
- data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +0 -303
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +0 -895
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +0 -1356
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -683
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +0 -573
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +0 -526
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +0 -185
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +0 -876
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +0 -1154
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +0 -351
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +0 -231
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +0 -33
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +0 -364
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +0 -615
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +0 -1437
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +0 -233
- data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +0 -129
- data/third_party/boringssl/crypto/fipsmodule/delocate.h +0 -88
- data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +0 -256
- data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +0 -280
- data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +0 -268
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +0 -974
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +0 -453
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +0 -270
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +0 -337
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +0 -373
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +0 -1104
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9503
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +0 -447
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +0 -117
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +0 -1046
- data/third_party/boringssl/crypto/fipsmodule/ec/util.c +0 -104
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +0 -354
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +0 -458
- data/third_party/boringssl/crypto/fipsmodule/is_fips.c +0 -27
- data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +0 -254
- data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +0 -298
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +0 -211
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +0 -234
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +0 -220
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +0 -1063
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +0 -388
- data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +0 -95
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +0 -202
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +0 -92
- data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +0 -358
- data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +0 -302
- data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +0 -239
- data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +0 -126
- data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +0 -692
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +0 -875
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +0 -1218
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +0 -581
- data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +0 -375
- data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +0 -337
- data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +0 -608
- data/third_party/boringssl/crypto/internal.h +0 -739
- data/third_party/boringssl/crypto/lhash/lhash.c +0 -336
- data/third_party/boringssl/crypto/mem.c +0 -235
- data/third_party/boringssl/crypto/obj/obj.c +0 -554
- data/third_party/boringssl/crypto/obj/obj_dat.h +0 -6244
- data/third_party/boringssl/crypto/pem/pem_all.c +0 -262
- data/third_party/boringssl/crypto/pem/pem_info.c +0 -379
- data/third_party/boringssl/crypto/pem/pem_lib.c +0 -776
- data/third_party/boringssl/crypto/pem/pem_oth.c +0 -88
- data/third_party/boringssl/crypto/pem/pem_pk8.c +0 -258
- data/third_party/boringssl/crypto/pem/pem_pkey.c +0 -227
- data/third_party/boringssl/crypto/pkcs7/pkcs7.c +0 -166
- data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +0 -233
- data/third_party/boringssl/crypto/pkcs8/internal.h +0 -120
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +0 -307
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +0 -513
- data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +0 -789
- data/third_party/boringssl/crypto/poly1305/poly1305.c +0 -318
- data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +0 -304
- data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +0 -839
- data/third_party/boringssl/crypto/pool/internal.h +0 -45
- data/third_party/boringssl/crypto/pool/pool.c +0 -200
- data/third_party/boringssl/crypto/rand_extra/deterministic.c +0 -48
- data/third_party/boringssl/crypto/rand_extra/fuchsia.c +0 -43
- data/third_party/boringssl/crypto/rand_extra/windows.c +0 -53
- data/third_party/boringssl/crypto/refcount_lock.c +0 -53
- data/third_party/boringssl/crypto/stack/stack.c +0 -380
- data/third_party/boringssl/crypto/thread_none.c +0 -59
- data/third_party/boringssl/crypto/thread_pthread.c +0 -206
- data/third_party/boringssl/crypto/thread_win.c +0 -237
- data/third_party/boringssl/crypto/x509/a_strex.c +0 -633
- data/third_party/boringssl/crypto/x509/a_verify.c +0 -115
- data/third_party/boringssl/crypto/x509/asn1_gen.c +0 -841
- data/third_party/boringssl/crypto/x509/by_dir.c +0 -451
- data/third_party/boringssl/crypto/x509/by_file.c +0 -274
- data/third_party/boringssl/crypto/x509/t_crl.c +0 -128
- data/third_party/boringssl/crypto/x509/t_req.c +0 -246
- data/third_party/boringssl/crypto/x509/t_x509.c +0 -547
- data/third_party/boringssl/crypto/x509/x509_cmp.c +0 -477
- data/third_party/boringssl/crypto/x509/x509_def.c +0 -103
- data/third_party/boringssl/crypto/x509/x509_lu.c +0 -725
- data/third_party/boringssl/crypto/x509/x509_obj.c +0 -198
- data/third_party/boringssl/crypto/x509/x509_r2x.c +0 -117
- data/third_party/boringssl/crypto/x509/x509_req.c +0 -322
- data/third_party/boringssl/crypto/x509/x509_set.c +0 -164
- data/third_party/boringssl/crypto/x509/x509_trs.c +0 -326
- data/third_party/boringssl/crypto/x509/x509_txt.c +0 -205
- data/third_party/boringssl/crypto/x509/x509_vfy.c +0 -2476
- data/third_party/boringssl/crypto/x509/x509_vpm.c +0 -670
- data/third_party/boringssl/crypto/x509/x509cset.c +0 -170
- data/third_party/boringssl/crypto/x509/x509name.c +0 -389
- data/third_party/boringssl/crypto/x509/x_all.c +0 -501
- data/third_party/boringssl/crypto/x509/x_x509.c +0 -328
- data/third_party/boringssl/crypto/x509v3/ext_dat.h +0 -143
- data/third_party/boringssl/crypto/x509v3/pcy_cache.c +0 -284
- data/third_party/boringssl/crypto/x509v3/pcy_node.c +0 -188
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +0 -840
- data/third_party/boringssl/crypto/x509v3/v3_akey.c +0 -204
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +0 -623
- data/third_party/boringssl/crypto/x509v3/v3_conf.c +0 -462
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +0 -502
- data/third_party/boringssl/crypto/x509v3/v3_enum.c +0 -100
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +0 -251
- data/third_party/boringssl/crypto/x509v3/v3_info.c +0 -219
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +0 -370
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +0 -287
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +0 -866
- data/third_party/boringssl/crypto/x509v3/v3_skey.c +0 -152
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +0 -1352
- data/third_party/boringssl/include/openssl/aead.h +0 -433
- data/third_party/boringssl/include/openssl/aes.h +0 -170
- data/third_party/boringssl/include/openssl/asn1.h +0 -981
- data/third_party/boringssl/include/openssl/base.h +0 -457
- data/third_party/boringssl/include/openssl/base64.h +0 -187
- data/third_party/boringssl/include/openssl/bio.h +0 -902
- data/third_party/boringssl/include/openssl/blowfish.h +0 -93
- data/third_party/boringssl/include/openssl/bn.h +0 -1019
- data/third_party/boringssl/include/openssl/buf.h +0 -137
- data/third_party/boringssl/include/openssl/bytestring.h +0 -505
- data/third_party/boringssl/include/openssl/cast.h +0 -96
- data/third_party/boringssl/include/openssl/cipher.h +0 -608
- data/third_party/boringssl/include/openssl/cmac.h +0 -87
- data/third_party/boringssl/include/openssl/conf.h +0 -183
- data/third_party/boringssl/include/openssl/cpu.h +0 -196
- data/third_party/boringssl/include/openssl/crypto.h +0 -122
- data/third_party/boringssl/include/openssl/curve25519.h +0 -201
- data/third_party/boringssl/include/openssl/dh.h +0 -298
- data/third_party/boringssl/include/openssl/digest.h +0 -316
- data/third_party/boringssl/include/openssl/dsa.h +0 -435
- data/third_party/boringssl/include/openssl/ec.h +0 -413
- data/third_party/boringssl/include/openssl/ec_key.h +0 -342
- data/third_party/boringssl/include/openssl/ecdh.h +0 -101
- data/third_party/boringssl/include/openssl/ecdsa.h +0 -199
- data/third_party/boringssl/include/openssl/engine.h +0 -109
- data/third_party/boringssl/include/openssl/err.h +0 -458
- data/third_party/boringssl/include/openssl/evp.h +0 -873
- data/third_party/boringssl/include/openssl/hmac.h +0 -186
- data/third_party/boringssl/include/openssl/lhash.h +0 -174
- data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
- data/third_party/boringssl/include/openssl/md4.h +0 -106
- data/third_party/boringssl/include/openssl/md5.h +0 -107
- data/third_party/boringssl/include/openssl/mem.h +0 -156
- data/third_party/boringssl/include/openssl/nid.h +0 -4242
- data/third_party/boringssl/include/openssl/obj.h +0 -233
- data/third_party/boringssl/include/openssl/pem.h +0 -397
- data/third_party/boringssl/include/openssl/pkcs7.h +0 -82
- data/third_party/boringssl/include/openssl/pkcs8.h +0 -230
- data/third_party/boringssl/include/openssl/poly1305.h +0 -51
- data/third_party/boringssl/include/openssl/pool.h +0 -91
- data/third_party/boringssl/include/openssl/rand.h +0 -125
- data/third_party/boringssl/include/openssl/ripemd.h +0 -107
- data/third_party/boringssl/include/openssl/rsa.h +0 -756
- data/third_party/boringssl/include/openssl/sha.h +0 -256
- data/third_party/boringssl/include/openssl/span.h +0 -191
- data/third_party/boringssl/include/openssl/ssl.h +0 -4740
- data/third_party/boringssl/include/openssl/ssl3.h +0 -332
- data/third_party/boringssl/include/openssl/stack.h +0 -485
- data/third_party/boringssl/include/openssl/thread.h +0 -191
- data/third_party/boringssl/include/openssl/tls1.h +0 -618
- data/third_party/boringssl/include/openssl/type_check.h +0 -91
- data/third_party/boringssl/include/openssl/x509.h +0 -1180
- data/third_party/boringssl/include/openssl/x509_vfy.h +0 -614
- data/third_party/boringssl/include/openssl/x509v3.h +0 -827
- data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
- data/third_party/boringssl/ssl/d1_both.cc +0 -851
- data/third_party/boringssl/ssl/d1_lib.cc +0 -267
- data/third_party/boringssl/ssl/d1_pkt.cc +0 -274
- data/third_party/boringssl/ssl/d1_srtp.cc +0 -232
- data/third_party/boringssl/ssl/dtls_method.cc +0 -193
- data/third_party/boringssl/ssl/dtls_record.cc +0 -353
- data/third_party/boringssl/ssl/handoff.cc +0 -285
- data/third_party/boringssl/ssl/handshake.cc +0 -630
- data/third_party/boringssl/ssl/handshake_client.cc +0 -1842
- data/third_party/boringssl/ssl/handshake_server.cc +0 -1674
- data/third_party/boringssl/ssl/internal.h +0 -3064
- data/third_party/boringssl/ssl/s3_both.cc +0 -585
- data/third_party/boringssl/ssl/s3_lib.cc +0 -226
- data/third_party/boringssl/ssl/s3_pkt.cc +0 -425
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +0 -412
- data/third_party/boringssl/ssl/ssl_asn1.cc +0 -844
- data/third_party/boringssl/ssl/ssl_buffer.cc +0 -286
- data/third_party/boringssl/ssl/ssl_cert.cc +0 -913
- data/third_party/boringssl/ssl/ssl_cipher.cc +0 -1781
- data/third_party/boringssl/ssl/ssl_file.cc +0 -583
- data/third_party/boringssl/ssl/ssl_key_share.cc +0 -252
- data/third_party/boringssl/ssl/ssl_lib.cc +0 -2719
- data/third_party/boringssl/ssl/ssl_privkey.cc +0 -494
- data/third_party/boringssl/ssl/ssl_session.cc +0 -1221
- data/third_party/boringssl/ssl/ssl_stat.cc +0 -224
- data/third_party/boringssl/ssl/ssl_transcript.cc +0 -398
- data/third_party/boringssl/ssl/ssl_versions.cc +0 -399
- data/third_party/boringssl/ssl/ssl_x509.cc +0 -1297
- data/third_party/boringssl/ssl/t1_enc.cc +0 -452
- data/third_party/boringssl/ssl/t1_lib.cc +0 -3783
- data/third_party/boringssl/ssl/tls13_both.cc +0 -559
- data/third_party/boringssl/ssl/tls13_client.cc +0 -891
- data/third_party/boringssl/ssl/tls13_enc.cc +0 -493
- data/third_party/boringssl/ssl/tls13_server.cc +0 -1022
- data/third_party/boringssl/ssl/tls_method.cc +0 -274
- data/third_party/boringssl/ssl/tls_record.cc +0 -703
- data/third_party/boringssl/third_party/fiat/curve25519.c +0 -3230
- data/third_party/boringssl/third_party/fiat/curve25519_tables.h +0 -7880
- data/third_party/boringssl/third_party/fiat/internal.h +0 -154
- data/third_party/boringssl/third_party/fiat/p256.c +0 -1824
- data/third_party/nanopb/pb.h +0 -579
- data/third_party/nanopb/pb_common.c +0 -97
- data/third_party/nanopb/pb_common.h +0 -42
- data/third_party/nanopb/pb_decode.c +0 -1347
- data/third_party/nanopb/pb_decode.h +0 -149
- data/third_party/nanopb/pb_encode.c +0 -696
- data/third_party/nanopb/pb_encode.h +0 -154
@@ -1,3230 +0,0 @@
|
|
1
|
-
// The MIT License (MIT)
|
2
|
-
//
|
3
|
-
// Copyright (c) 2015-2016 the fiat-crypto authors (see the AUTHORS file).
|
4
|
-
//
|
5
|
-
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
-
// of this software and associated documentation files (the "Software"), to deal
|
7
|
-
// in the Software without restriction, including without limitation the rights
|
8
|
-
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
-
// copies of the Software, and to permit persons to whom the Software is
|
10
|
-
// furnished to do so, subject to the following conditions:
|
11
|
-
//
|
12
|
-
// The above copyright notice and this permission notice shall be included in all
|
13
|
-
// copies or substantial portions of the Software.
|
14
|
-
//
|
15
|
-
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
-
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
-
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
-
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
-
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
-
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
-
// SOFTWARE.
|
22
|
-
|
23
|
-
// Some of this code is taken from the ref10 version of Ed25519 in SUPERCOP
|
24
|
-
// 20141124 (http://bench.cr.yp.to/supercop.html). That code is released as
|
25
|
-
// public domain but parts have been replaced with code generated by Fiat
|
26
|
-
// (https://github.com/mit-plv/fiat-crypto), which is MIT licensed.
|
27
|
-
//
|
28
|
-
// The field functions are shared by Ed25519 and X25519 where possible.
|
29
|
-
|
30
|
-
#include <openssl/curve25519.h>
|
31
|
-
|
32
|
-
#include <assert.h>
|
33
|
-
#include <string.h>
|
34
|
-
|
35
|
-
#include <openssl/cpu.h>
|
36
|
-
#include <openssl/mem.h>
|
37
|
-
#include <openssl/rand.h>
|
38
|
-
#include <openssl/sha.h>
|
39
|
-
#include <openssl/type_check.h>
|
40
|
-
|
41
|
-
#include "internal.h"
|
42
|
-
#include "../../crypto/internal.h"
|
43
|
-
|
44
|
-
|
45
|
-
// Various pre-computed constants.
|
46
|
-
#include "./curve25519_tables.h"
|
47
|
-
|
48
|
-
|
49
|
-
// Low-level intrinsic operations (hand-written).
|
50
|
-
|
51
|
-
static uint64_t load_3(const uint8_t *in) {
|
52
|
-
uint64_t result;
|
53
|
-
result = (uint64_t)in[0];
|
54
|
-
result |= ((uint64_t)in[1]) << 8;
|
55
|
-
result |= ((uint64_t)in[2]) << 16;
|
56
|
-
return result;
|
57
|
-
}
|
58
|
-
|
59
|
-
static uint64_t load_4(const uint8_t *in) {
|
60
|
-
uint64_t result;
|
61
|
-
result = (uint64_t)in[0];
|
62
|
-
result |= ((uint64_t)in[1]) << 8;
|
63
|
-
result |= ((uint64_t)in[2]) << 16;
|
64
|
-
result |= ((uint64_t)in[3]) << 24;
|
65
|
-
return result;
|
66
|
-
}
|
67
|
-
|
68
|
-
#if defined(BORINGSSL_CURVE25519_64BIT)
|
69
|
-
static uint64_t load_8(const uint8_t *in) {
|
70
|
-
uint64_t result;
|
71
|
-
result = (uint64_t)in[0];
|
72
|
-
result |= ((uint64_t)in[1]) << 8;
|
73
|
-
result |= ((uint64_t)in[2]) << 16;
|
74
|
-
result |= ((uint64_t)in[3]) << 24;
|
75
|
-
result |= ((uint64_t)in[4]) << 32;
|
76
|
-
result |= ((uint64_t)in[5]) << 40;
|
77
|
-
result |= ((uint64_t)in[6]) << 48;
|
78
|
-
result |= ((uint64_t)in[7]) << 56;
|
79
|
-
return result;
|
80
|
-
}
|
81
|
-
|
82
|
-
static uint8_t /*bool*/ addcarryx_u51(uint8_t /*bool*/ c, uint64_t a,
|
83
|
-
uint64_t b, uint64_t *low) {
|
84
|
-
// This function extracts 51 bits of result and 1 bit of carry (52 total), so
|
85
|
-
// a 64-bit intermediate is sufficient.
|
86
|
-
uint64_t x = a + b + c;
|
87
|
-
*low = x & ((UINT64_C(1) << 51) - 1);
|
88
|
-
return (x >> 51) & 1;
|
89
|
-
}
|
90
|
-
|
91
|
-
static uint8_t /*bool*/ subborrow_u51(uint8_t /*bool*/ c, uint64_t a,
|
92
|
-
uint64_t b, uint64_t *low) {
|
93
|
-
// This function extracts 51 bits of result and 1 bit of borrow (52 total), so
|
94
|
-
// a 64-bit intermediate is sufficient.
|
95
|
-
uint64_t x = a - b - c;
|
96
|
-
*low = x & ((UINT64_C(1) << 51) - 1);
|
97
|
-
return x >> 63;
|
98
|
-
}
|
99
|
-
|
100
|
-
static uint64_t cmovznz64(uint64_t t, uint64_t z, uint64_t nz) {
|
101
|
-
t = -!!t; // all set if nonzero, 0 if 0
|
102
|
-
return (t&nz) | ((~t)&z);
|
103
|
-
}
|
104
|
-
|
105
|
-
#else
|
106
|
-
|
107
|
-
static uint8_t /*bool*/ addcarryx_u25(uint8_t /*bool*/ c, uint32_t a,
|
108
|
-
uint32_t b, uint32_t *low) {
|
109
|
-
// This function extracts 25 bits of result and 1 bit of carry (26 total), so
|
110
|
-
// a 32-bit intermediate is sufficient.
|
111
|
-
uint32_t x = a + b + c;
|
112
|
-
*low = x & ((1 << 25) - 1);
|
113
|
-
return (x >> 25) & 1;
|
114
|
-
}
|
115
|
-
|
116
|
-
static uint8_t /*bool*/ addcarryx_u26(uint8_t /*bool*/ c, uint32_t a,
|
117
|
-
uint32_t b, uint32_t *low) {
|
118
|
-
// This function extracts 26 bits of result and 1 bit of carry (27 total), so
|
119
|
-
// a 32-bit intermediate is sufficient.
|
120
|
-
uint32_t x = a + b + c;
|
121
|
-
*low = x & ((1 << 26) - 1);
|
122
|
-
return (x >> 26) & 1;
|
123
|
-
}
|
124
|
-
|
125
|
-
static uint8_t /*bool*/ subborrow_u25(uint8_t /*bool*/ c, uint32_t a,
|
126
|
-
uint32_t b, uint32_t *low) {
|
127
|
-
// This function extracts 25 bits of result and 1 bit of borrow (26 total), so
|
128
|
-
// a 32-bit intermediate is sufficient.
|
129
|
-
uint32_t x = a - b - c;
|
130
|
-
*low = x & ((1 << 25) - 1);
|
131
|
-
return x >> 31;
|
132
|
-
}
|
133
|
-
|
134
|
-
static uint8_t /*bool*/ subborrow_u26(uint8_t /*bool*/ c, uint32_t a,
|
135
|
-
uint32_t b, uint32_t *low) {
|
136
|
-
// This function extracts 26 bits of result and 1 bit of borrow (27 total), so
|
137
|
-
// a 32-bit intermediate is sufficient.
|
138
|
-
uint32_t x = a - b - c;
|
139
|
-
*low = x & ((1 << 26) - 1);
|
140
|
-
return x >> 31;
|
141
|
-
}
|
142
|
-
|
143
|
-
static uint32_t cmovznz32(uint32_t t, uint32_t z, uint32_t nz) {
|
144
|
-
t = -!!t; // all set if nonzero, 0 if 0
|
145
|
-
return (t&nz) | ((~t)&z);
|
146
|
-
}
|
147
|
-
|
148
|
-
#endif
|
149
|
-
|
150
|
-
|
151
|
-
// Field operations.
|
152
|
-
|
153
|
-
#if defined(BORINGSSL_CURVE25519_64BIT)
|
154
|
-
|
155
|
-
#define assert_fe(f) do { \
|
156
|
-
for (unsigned _assert_fe_i = 0; _assert_fe_i< 5; _assert_fe_i++) { \
|
157
|
-
assert(f[_assert_fe_i] < 1.125*(UINT64_C(1)<<51)); \
|
158
|
-
} \
|
159
|
-
} while (0)
|
160
|
-
|
161
|
-
#define assert_fe_loose(f) do { \
|
162
|
-
for (unsigned _assert_fe_i = 0; _assert_fe_i< 5; _assert_fe_i++) { \
|
163
|
-
assert(f[_assert_fe_i] < 3.375*(UINT64_C(1)<<51)); \
|
164
|
-
} \
|
165
|
-
} while (0)
|
166
|
-
|
167
|
-
#define assert_fe_frozen(f) do { \
|
168
|
-
for (unsigned _assert_fe_i = 0; _assert_fe_i< 5; _assert_fe_i++) { \
|
169
|
-
assert(f[_assert_fe_i] < (UINT64_C(1)<<51)); \
|
170
|
-
} \
|
171
|
-
} while (0)
|
172
|
-
|
173
|
-
static void fe_frombytes_impl(uint64_t h[5], const uint8_t *s) {
|
174
|
-
// Ignores top bit of s.
|
175
|
-
uint64_t a0 = load_8(s);
|
176
|
-
uint64_t a1 = load_8(s+8);
|
177
|
-
uint64_t a2 = load_8(s+16);
|
178
|
-
uint64_t a3 = load_8(s+24);
|
179
|
-
// Use 51 bits, 64-51 = 13 left.
|
180
|
-
h[0] = a0 & ((UINT64_C(1) << 51) - 1);
|
181
|
-
// (64-51) + 38 = 13 + 38 = 51
|
182
|
-
h[1] = (a0 >> 51) | ((a1 & ((UINT64_C(1) << 38) - 1)) << 13);
|
183
|
-
// (64-38) + 25 = 26 + 25 = 51
|
184
|
-
h[2] = (a1 >> 38) | ((a2 & ((UINT64_C(1) << 25) - 1)) << 26);
|
185
|
-
// (64-25) + 12 = 39 + 12 = 51
|
186
|
-
h[3] = (a2 >> 25) | ((a3 & ((UINT64_C(1) << 12) - 1)) << 39);
|
187
|
-
// (64-12) = 52, ignore top bit
|
188
|
-
h[4] = (a3 >> 12) & ((UINT64_C(1) << 51) - 1);
|
189
|
-
assert_fe(h);
|
190
|
-
}
|
191
|
-
|
192
|
-
static void fe_frombytes(fe *h, const uint8_t *s) {
|
193
|
-
fe_frombytes_impl(h->v, s);
|
194
|
-
}
|
195
|
-
|
196
|
-
static void fe_freeze(uint64_t out[5], const uint64_t in1[5]) {
|
197
|
-
{ const uint64_t x7 = in1[4];
|
198
|
-
{ const uint64_t x8 = in1[3];
|
199
|
-
{ const uint64_t x6 = in1[2];
|
200
|
-
{ const uint64_t x4 = in1[1];
|
201
|
-
{ const uint64_t x2 = in1[0];
|
202
|
-
{ uint64_t x10; uint8_t/*bool*/ x11 = subborrow_u51(0x0, x2, 0x7ffffffffffed, &x10);
|
203
|
-
{ uint64_t x13; uint8_t/*bool*/ x14 = subborrow_u51(x11, x4, 0x7ffffffffffff, &x13);
|
204
|
-
{ uint64_t x16; uint8_t/*bool*/ x17 = subborrow_u51(x14, x6, 0x7ffffffffffff, &x16);
|
205
|
-
{ uint64_t x19; uint8_t/*bool*/ x20 = subborrow_u51(x17, x8, 0x7ffffffffffff, &x19);
|
206
|
-
{ uint64_t x22; uint8_t/*bool*/ x23 = subborrow_u51(x20, x7, 0x7ffffffffffff, &x22);
|
207
|
-
{ uint64_t x24 = cmovznz64(x23, 0x0, 0xffffffffffffffffL);
|
208
|
-
{ uint64_t x25 = (x24 & 0x7ffffffffffed);
|
209
|
-
{ uint64_t x27; uint8_t/*bool*/ x28 = addcarryx_u51(0x0, x10, x25, &x27);
|
210
|
-
{ uint64_t x29 = (x24 & 0x7ffffffffffff);
|
211
|
-
{ uint64_t x31; uint8_t/*bool*/ x32 = addcarryx_u51(x28, x13, x29, &x31);
|
212
|
-
{ uint64_t x33 = (x24 & 0x7ffffffffffff);
|
213
|
-
{ uint64_t x35; uint8_t/*bool*/ x36 = addcarryx_u51(x32, x16, x33, &x35);
|
214
|
-
{ uint64_t x37 = (x24 & 0x7ffffffffffff);
|
215
|
-
{ uint64_t x39; uint8_t/*bool*/ x40 = addcarryx_u51(x36, x19, x37, &x39);
|
216
|
-
{ uint64_t x41 = (x24 & 0x7ffffffffffff);
|
217
|
-
{ uint64_t x43; addcarryx_u51(x40, x22, x41, &x43);
|
218
|
-
out[0] = x27;
|
219
|
-
out[1] = x31;
|
220
|
-
out[2] = x35;
|
221
|
-
out[3] = x39;
|
222
|
-
out[4] = x43;
|
223
|
-
}}}}}}}}}}}}}}}}}}}}}
|
224
|
-
}
|
225
|
-
|
226
|
-
static void fe_tobytes(uint8_t s[32], const fe *f) {
|
227
|
-
assert_fe(f->v);
|
228
|
-
uint64_t h[5];
|
229
|
-
fe_freeze(h, f->v);
|
230
|
-
assert_fe_frozen(h);
|
231
|
-
|
232
|
-
s[0] = h[0] >> 0;
|
233
|
-
s[1] = h[0] >> 8;
|
234
|
-
s[2] = h[0] >> 16;
|
235
|
-
s[3] = h[0] >> 24;
|
236
|
-
s[4] = h[0] >> 32;
|
237
|
-
s[5] = h[0] >> 40;
|
238
|
-
s[6] = (h[0] >> 48) | (h[1] << 3);
|
239
|
-
s[7] = h[1] >> 5;
|
240
|
-
s[8] = h[1] >> 13;
|
241
|
-
s[9] = h[1] >> 21;
|
242
|
-
s[10] = h[1] >> 29;
|
243
|
-
s[11] = h[1] >> 37;
|
244
|
-
s[12] = (h[1] >> 45) | (h[2] << 6);
|
245
|
-
s[13] = h[2] >> 2;
|
246
|
-
s[14] = h[2] >> 10;
|
247
|
-
s[15] = h[2] >> 18;
|
248
|
-
s[16] = h[2] >> 26;
|
249
|
-
s[17] = h[2] >> 34;
|
250
|
-
s[18] = h[2] >> 42;
|
251
|
-
s[19] = (h[2] >> 50) | (h[3] << 1);
|
252
|
-
s[20] = h[3] >> 7;
|
253
|
-
s[21] = h[3] >> 15;
|
254
|
-
s[22] = h[3] >> 23;
|
255
|
-
s[23] = h[3] >> 31;
|
256
|
-
s[24] = h[3] >> 39;
|
257
|
-
s[25] = (h[3] >> 47) | (h[4] << 4);
|
258
|
-
s[26] = h[4] >> 4;
|
259
|
-
s[27] = h[4] >> 12;
|
260
|
-
s[28] = h[4] >> 20;
|
261
|
-
s[29] = h[4] >> 28;
|
262
|
-
s[30] = h[4] >> 36;
|
263
|
-
s[31] = h[4] >> 44;
|
264
|
-
}
|
265
|
-
|
266
|
-
// h = 0
|
267
|
-
static void fe_0(fe *h) {
|
268
|
-
OPENSSL_memset(h, 0, sizeof(fe));
|
269
|
-
}
|
270
|
-
|
271
|
-
static void fe_loose_0(fe_loose *h) {
|
272
|
-
OPENSSL_memset(h, 0, sizeof(fe_loose));
|
273
|
-
}
|
274
|
-
|
275
|
-
// h = 1
|
276
|
-
static void fe_1(fe *h) {
|
277
|
-
OPENSSL_memset(h, 0, sizeof(fe));
|
278
|
-
h->v[0] = 1;
|
279
|
-
}
|
280
|
-
|
281
|
-
static void fe_loose_1(fe_loose *h) {
|
282
|
-
OPENSSL_memset(h, 0, sizeof(fe_loose));
|
283
|
-
h->v[0] = 1;
|
284
|
-
}
|
285
|
-
|
286
|
-
static void fe_add_impl(uint64_t out[5], const uint64_t in1[5], const uint64_t in2[5]) {
|
287
|
-
{ const uint64_t x10 = in1[4];
|
288
|
-
{ const uint64_t x11 = in1[3];
|
289
|
-
{ const uint64_t x9 = in1[2];
|
290
|
-
{ const uint64_t x7 = in1[1];
|
291
|
-
{ const uint64_t x5 = in1[0];
|
292
|
-
{ const uint64_t x18 = in2[4];
|
293
|
-
{ const uint64_t x19 = in2[3];
|
294
|
-
{ const uint64_t x17 = in2[2];
|
295
|
-
{ const uint64_t x15 = in2[1];
|
296
|
-
{ const uint64_t x13 = in2[0];
|
297
|
-
out[0] = (x5 + x13);
|
298
|
-
out[1] = (x7 + x15);
|
299
|
-
out[2] = (x9 + x17);
|
300
|
-
out[3] = (x11 + x19);
|
301
|
-
out[4] = (x10 + x18);
|
302
|
-
}}}}}}}}}}
|
303
|
-
}
|
304
|
-
|
305
|
-
// h = f + g
|
306
|
-
// Can overlap h with f or g.
|
307
|
-
static void fe_add(fe_loose *h, const fe *f, const fe *g) {
|
308
|
-
assert_fe(f->v);
|
309
|
-
assert_fe(g->v);
|
310
|
-
fe_add_impl(h->v, f->v, g->v);
|
311
|
-
assert_fe_loose(h->v);
|
312
|
-
}
|
313
|
-
|
314
|
-
static void fe_sub_impl(uint64_t out[5], const uint64_t in1[5], const uint64_t in2[5]) {
|
315
|
-
{ const uint64_t x10 = in1[4];
|
316
|
-
{ const uint64_t x11 = in1[3];
|
317
|
-
{ const uint64_t x9 = in1[2];
|
318
|
-
{ const uint64_t x7 = in1[1];
|
319
|
-
{ const uint64_t x5 = in1[0];
|
320
|
-
{ const uint64_t x18 = in2[4];
|
321
|
-
{ const uint64_t x19 = in2[3];
|
322
|
-
{ const uint64_t x17 = in2[2];
|
323
|
-
{ const uint64_t x15 = in2[1];
|
324
|
-
{ const uint64_t x13 = in2[0];
|
325
|
-
out[0] = ((0xfffffffffffda + x5) - x13);
|
326
|
-
out[1] = ((0xffffffffffffe + x7) - x15);
|
327
|
-
out[2] = ((0xffffffffffffe + x9) - x17);
|
328
|
-
out[3] = ((0xffffffffffffe + x11) - x19);
|
329
|
-
out[4] = ((0xffffffffffffe + x10) - x18);
|
330
|
-
}}}}}}}}}}
|
331
|
-
}
|
332
|
-
|
333
|
-
// h = f - g
|
334
|
-
// Can overlap h with f or g.
|
335
|
-
static void fe_sub(fe_loose *h, const fe *f, const fe *g) {
|
336
|
-
assert_fe(f->v);
|
337
|
-
assert_fe(g->v);
|
338
|
-
fe_sub_impl(h->v, f->v, g->v);
|
339
|
-
assert_fe_loose(h->v);
|
340
|
-
}
|
341
|
-
|
342
|
-
static void fe_carry_impl(uint64_t out[5], const uint64_t in1[5]) {
|
343
|
-
{ const uint64_t x7 = in1[4];
|
344
|
-
{ const uint64_t x8 = in1[3];
|
345
|
-
{ const uint64_t x6 = in1[2];
|
346
|
-
{ const uint64_t x4 = in1[1];
|
347
|
-
{ const uint64_t x2 = in1[0];
|
348
|
-
{ uint64_t x9 = (x2 >> 0x33);
|
349
|
-
{ uint64_t x10 = (x2 & 0x7ffffffffffff);
|
350
|
-
{ uint64_t x11 = (x9 + x4);
|
351
|
-
{ uint64_t x12 = (x11 >> 0x33);
|
352
|
-
{ uint64_t x13 = (x11 & 0x7ffffffffffff);
|
353
|
-
{ uint64_t x14 = (x12 + x6);
|
354
|
-
{ uint64_t x15 = (x14 >> 0x33);
|
355
|
-
{ uint64_t x16 = (x14 & 0x7ffffffffffff);
|
356
|
-
{ uint64_t x17 = (x15 + x8);
|
357
|
-
{ uint64_t x18 = (x17 >> 0x33);
|
358
|
-
{ uint64_t x19 = (x17 & 0x7ffffffffffff);
|
359
|
-
{ uint64_t x20 = (x18 + x7);
|
360
|
-
{ uint64_t x21 = (x20 >> 0x33);
|
361
|
-
{ uint64_t x22 = (x20 & 0x7ffffffffffff);
|
362
|
-
{ uint64_t x23 = (x10 + (0x13 * x21));
|
363
|
-
{ uint64_t x24 = (x23 >> 0x33);
|
364
|
-
{ uint64_t x25 = (x23 & 0x7ffffffffffff);
|
365
|
-
{ uint64_t x26 = (x24 + x13);
|
366
|
-
{ uint64_t x27 = (x26 >> 0x33);
|
367
|
-
{ uint64_t x28 = (x26 & 0x7ffffffffffff);
|
368
|
-
out[0] = x25;
|
369
|
-
out[1] = x28;
|
370
|
-
out[2] = (x27 + x16);
|
371
|
-
out[3] = x19;
|
372
|
-
out[4] = x22;
|
373
|
-
}}}}}}}}}}}}}}}}}}}}}}}}}
|
374
|
-
}
|
375
|
-
|
376
|
-
static void fe_carry(fe *h, const fe_loose* f) {
|
377
|
-
assert_fe_loose(f->v);
|
378
|
-
fe_carry_impl(h->v, f->v);
|
379
|
-
assert_fe(h->v);
|
380
|
-
}
|
381
|
-
|
382
|
-
static void fe_mul_impl(uint64_t out[5], const uint64_t in1[5], const uint64_t in2[5]) {
|
383
|
-
assert_fe_loose(in1);
|
384
|
-
assert_fe_loose(in2);
|
385
|
-
{ const uint64_t x10 = in1[4];
|
386
|
-
{ const uint64_t x11 = in1[3];
|
387
|
-
{ const uint64_t x9 = in1[2];
|
388
|
-
{ const uint64_t x7 = in1[1];
|
389
|
-
{ const uint64_t x5 = in1[0];
|
390
|
-
{ const uint64_t x18 = in2[4];
|
391
|
-
{ const uint64_t x19 = in2[3];
|
392
|
-
{ const uint64_t x17 = in2[2];
|
393
|
-
{ const uint64_t x15 = in2[1];
|
394
|
-
{ const uint64_t x13 = in2[0];
|
395
|
-
{ uint128_t x20 = ((uint128_t)x5 * x13);
|
396
|
-
{ uint128_t x21 = (((uint128_t)x5 * x15) + ((uint128_t)x7 * x13));
|
397
|
-
{ uint128_t x22 = ((((uint128_t)x5 * x17) + ((uint128_t)x9 * x13)) + ((uint128_t)x7 * x15));
|
398
|
-
{ uint128_t x23 = (((((uint128_t)x5 * x19) + ((uint128_t)x11 * x13)) + ((uint128_t)x7 * x17)) + ((uint128_t)x9 * x15));
|
399
|
-
{ uint128_t x24 = ((((((uint128_t)x5 * x18) + ((uint128_t)x10 * x13)) + ((uint128_t)x11 * x15)) + ((uint128_t)x7 * x19)) + ((uint128_t)x9 * x17));
|
400
|
-
{ uint64_t x25 = (x10 * 0x13);
|
401
|
-
{ uint64_t x26 = (x7 * 0x13);
|
402
|
-
{ uint64_t x27 = (x9 * 0x13);
|
403
|
-
{ uint64_t x28 = (x11 * 0x13);
|
404
|
-
{ uint128_t x29 = ((((x20 + ((uint128_t)x25 * x15)) + ((uint128_t)x26 * x18)) + ((uint128_t)x27 * x19)) + ((uint128_t)x28 * x17));
|
405
|
-
{ uint128_t x30 = (((x21 + ((uint128_t)x25 * x17)) + ((uint128_t)x27 * x18)) + ((uint128_t)x28 * x19));
|
406
|
-
{ uint128_t x31 = ((x22 + ((uint128_t)x25 * x19)) + ((uint128_t)x28 * x18));
|
407
|
-
{ uint128_t x32 = (x23 + ((uint128_t)x25 * x18));
|
408
|
-
{ uint64_t x33 = (uint64_t) (x29 >> 0x33);
|
409
|
-
{ uint64_t x34 = ((uint64_t)x29 & 0x7ffffffffffff);
|
410
|
-
{ uint128_t x35 = (x33 + x30);
|
411
|
-
{ uint64_t x36 = (uint64_t) (x35 >> 0x33);
|
412
|
-
{ uint64_t x37 = ((uint64_t)x35 & 0x7ffffffffffff);
|
413
|
-
{ uint128_t x38 = (x36 + x31);
|
414
|
-
{ uint64_t x39 = (uint64_t) (x38 >> 0x33);
|
415
|
-
{ uint64_t x40 = ((uint64_t)x38 & 0x7ffffffffffff);
|
416
|
-
{ uint128_t x41 = (x39 + x32);
|
417
|
-
{ uint64_t x42 = (uint64_t) (x41 >> 0x33);
|
418
|
-
{ uint64_t x43 = ((uint64_t)x41 & 0x7ffffffffffff);
|
419
|
-
{ uint128_t x44 = (x42 + x24);
|
420
|
-
{ uint64_t x45 = (uint64_t) (x44 >> 0x33);
|
421
|
-
{ uint64_t x46 = ((uint64_t)x44 & 0x7ffffffffffff);
|
422
|
-
{ uint64_t x47 = (x34 + (0x13 * x45));
|
423
|
-
{ uint64_t x48 = (x47 >> 0x33);
|
424
|
-
{ uint64_t x49 = (x47 & 0x7ffffffffffff);
|
425
|
-
{ uint64_t x50 = (x48 + x37);
|
426
|
-
{ uint64_t x51 = (x50 >> 0x33);
|
427
|
-
{ uint64_t x52 = (x50 & 0x7ffffffffffff);
|
428
|
-
out[0] = x49;
|
429
|
-
out[1] = x52;
|
430
|
-
out[2] = (x51 + x40);
|
431
|
-
out[3] = x43;
|
432
|
-
out[4] = x46;
|
433
|
-
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
|
434
|
-
assert_fe(out);
|
435
|
-
}
|
436
|
-
|
437
|
-
static void fe_mul_ltt(fe_loose *h, const fe *f, const fe *g) {
|
438
|
-
fe_mul_impl(h->v, f->v, g->v);
|
439
|
-
}
|
440
|
-
|
441
|
-
static void fe_mul_llt(fe_loose *h, const fe_loose *f, const fe *g) {
|
442
|
-
fe_mul_impl(h->v, f->v, g->v);
|
443
|
-
}
|
444
|
-
|
445
|
-
static void fe_mul_ttt(fe *h, const fe *f, const fe *g) {
|
446
|
-
fe_mul_impl(h->v, f->v, g->v);
|
447
|
-
}
|
448
|
-
|
449
|
-
static void fe_mul_tlt(fe *h, const fe_loose *f, const fe *g) {
|
450
|
-
fe_mul_impl(h->v, f->v, g->v);
|
451
|
-
}
|
452
|
-
|
453
|
-
static void fe_mul_ttl(fe *h, const fe *f, const fe_loose *g) {
|
454
|
-
fe_mul_impl(h->v, f->v, g->v);
|
455
|
-
}
|
456
|
-
|
457
|
-
static void fe_mul_tll(fe *h, const fe_loose *f, const fe_loose *g) {
|
458
|
-
fe_mul_impl(h->v, f->v, g->v);
|
459
|
-
}
|
460
|
-
|
461
|
-
static void fe_sqr_impl(uint64_t out[5], const uint64_t in1[5]) {
|
462
|
-
assert_fe_loose(in1);
|
463
|
-
{ const uint64_t x7 = in1[4];
|
464
|
-
{ const uint64_t x8 = in1[3];
|
465
|
-
{ const uint64_t x6 = in1[2];
|
466
|
-
{ const uint64_t x4 = in1[1];
|
467
|
-
{ const uint64_t x2 = in1[0];
|
468
|
-
{ uint64_t x9 = (x2 * 0x2);
|
469
|
-
{ uint64_t x10 = (x4 * 0x2);
|
470
|
-
{ uint64_t x11 = ((x6 * 0x2) * 0x13);
|
471
|
-
{ uint64_t x12 = (x7 * 0x13);
|
472
|
-
{ uint64_t x13 = (x12 * 0x2);
|
473
|
-
{ uint128_t x14 = ((((uint128_t)x2 * x2) + ((uint128_t)x13 * x4)) + ((uint128_t)x11 * x8));
|
474
|
-
{ uint128_t x15 = ((((uint128_t)x9 * x4) + ((uint128_t)x13 * x6)) + ((uint128_t)x8 * (x8 * 0x13)));
|
475
|
-
{ uint128_t x16 = ((((uint128_t)x9 * x6) + ((uint128_t)x4 * x4)) + ((uint128_t)x13 * x8));
|
476
|
-
{ uint128_t x17 = ((((uint128_t)x9 * x8) + ((uint128_t)x10 * x6)) + ((uint128_t)x7 * x12));
|
477
|
-
{ uint128_t x18 = ((((uint128_t)x9 * x7) + ((uint128_t)x10 * x8)) + ((uint128_t)x6 * x6));
|
478
|
-
{ uint64_t x19 = (uint64_t) (x14 >> 0x33);
|
479
|
-
{ uint64_t x20 = ((uint64_t)x14 & 0x7ffffffffffff);
|
480
|
-
{ uint128_t x21 = (x19 + x15);
|
481
|
-
{ uint64_t x22 = (uint64_t) (x21 >> 0x33);
|
482
|
-
{ uint64_t x23 = ((uint64_t)x21 & 0x7ffffffffffff);
|
483
|
-
{ uint128_t x24 = (x22 + x16);
|
484
|
-
{ uint64_t x25 = (uint64_t) (x24 >> 0x33);
|
485
|
-
{ uint64_t x26 = ((uint64_t)x24 & 0x7ffffffffffff);
|
486
|
-
{ uint128_t x27 = (x25 + x17);
|
487
|
-
{ uint64_t x28 = (uint64_t) (x27 >> 0x33);
|
488
|
-
{ uint64_t x29 = ((uint64_t)x27 & 0x7ffffffffffff);
|
489
|
-
{ uint128_t x30 = (x28 + x18);
|
490
|
-
{ uint64_t x31 = (uint64_t) (x30 >> 0x33);
|
491
|
-
{ uint64_t x32 = ((uint64_t)x30 & 0x7ffffffffffff);
|
492
|
-
{ uint64_t x33 = (x20 + (0x13 * x31));
|
493
|
-
{ uint64_t x34 = (x33 >> 0x33);
|
494
|
-
{ uint64_t x35 = (x33 & 0x7ffffffffffff);
|
495
|
-
{ uint64_t x36 = (x34 + x23);
|
496
|
-
{ uint64_t x37 = (x36 >> 0x33);
|
497
|
-
{ uint64_t x38 = (x36 & 0x7ffffffffffff);
|
498
|
-
out[0] = x35;
|
499
|
-
out[1] = x38;
|
500
|
-
out[2] = (x37 + x26);
|
501
|
-
out[3] = x29;
|
502
|
-
out[4] = x32;
|
503
|
-
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
|
504
|
-
assert_fe(out);
|
505
|
-
}
|
506
|
-
|
507
|
-
static void fe_sq_tl(fe *h, const fe_loose *f) {
|
508
|
-
fe_sqr_impl(h->v, f->v);
|
509
|
-
}
|
510
|
-
|
511
|
-
static void fe_sq_tt(fe *h, const fe *f) {
|
512
|
-
fe_sqr_impl(h->v, f->v);
|
513
|
-
}
|
514
|
-
|
515
|
-
// Replace (f,g) with (g,f) if b == 1;
|
516
|
-
// replace (f,g) with (f,g) if b == 0.
|
517
|
-
//
|
518
|
-
// Preconditions: b in {0,1}.
|
519
|
-
static void fe_cswap(fe *f, fe *g, uint64_t b) {
|
520
|
-
b = 0-b;
|
521
|
-
for (unsigned i = 0; i < 5; i++) {
|
522
|
-
uint64_t x = f->v[i] ^ g->v[i];
|
523
|
-
x &= b;
|
524
|
-
f->v[i] ^= x;
|
525
|
-
g->v[i] ^= x;
|
526
|
-
}
|
527
|
-
}
|
528
|
-
|
529
|
-
// NOTE: based on fiat-crypto fe_mul, edited for in2=121666, 0, 0..
|
530
|
-
static void fe_mul_121666_impl(uint64_t out[5], const uint64_t in1[5]) {
|
531
|
-
{ const uint64_t x10 = in1[4];
|
532
|
-
{ const uint64_t x11 = in1[3];
|
533
|
-
{ const uint64_t x9 = in1[2];
|
534
|
-
{ const uint64_t x7 = in1[1];
|
535
|
-
{ const uint64_t x5 = in1[0];
|
536
|
-
{ const uint64_t x18 = 0;
|
537
|
-
{ const uint64_t x19 = 0;
|
538
|
-
{ const uint64_t x17 = 0;
|
539
|
-
{ const uint64_t x15 = 0;
|
540
|
-
{ const uint64_t x13 = 121666;
|
541
|
-
{ uint128_t x20 = ((uint128_t)x5 * x13);
|
542
|
-
{ uint128_t x21 = (((uint128_t)x5 * x15) + ((uint128_t)x7 * x13));
|
543
|
-
{ uint128_t x22 = ((((uint128_t)x5 * x17) + ((uint128_t)x9 * x13)) + ((uint128_t)x7 * x15));
|
544
|
-
{ uint128_t x23 = (((((uint128_t)x5 * x19) + ((uint128_t)x11 * x13)) + ((uint128_t)x7 * x17)) + ((uint128_t)x9 * x15));
|
545
|
-
{ uint128_t x24 = ((((((uint128_t)x5 * x18) + ((uint128_t)x10 * x13)) + ((uint128_t)x11 * x15)) + ((uint128_t)x7 * x19)) + ((uint128_t)x9 * x17));
|
546
|
-
{ uint64_t x25 = (x10 * 0x13);
|
547
|
-
{ uint64_t x26 = (x7 * 0x13);
|
548
|
-
{ uint64_t x27 = (x9 * 0x13);
|
549
|
-
{ uint64_t x28 = (x11 * 0x13);
|
550
|
-
{ uint128_t x29 = ((((x20 + ((uint128_t)x25 * x15)) + ((uint128_t)x26 * x18)) + ((uint128_t)x27 * x19)) + ((uint128_t)x28 * x17));
|
551
|
-
{ uint128_t x30 = (((x21 + ((uint128_t)x25 * x17)) + ((uint128_t)x27 * x18)) + ((uint128_t)x28 * x19));
|
552
|
-
{ uint128_t x31 = ((x22 + ((uint128_t)x25 * x19)) + ((uint128_t)x28 * x18));
|
553
|
-
{ uint128_t x32 = (x23 + ((uint128_t)x25 * x18));
|
554
|
-
{ uint64_t x33 = (uint64_t) (x29 >> 0x33);
|
555
|
-
{ uint64_t x34 = ((uint64_t)x29 & 0x7ffffffffffff);
|
556
|
-
{ uint128_t x35 = (x33 + x30);
|
557
|
-
{ uint64_t x36 = (uint64_t) (x35 >> 0x33);
|
558
|
-
{ uint64_t x37 = ((uint64_t)x35 & 0x7ffffffffffff);
|
559
|
-
{ uint128_t x38 = (x36 + x31);
|
560
|
-
{ uint64_t x39 = (uint64_t) (x38 >> 0x33);
|
561
|
-
{ uint64_t x40 = ((uint64_t)x38 & 0x7ffffffffffff);
|
562
|
-
{ uint128_t x41 = (x39 + x32);
|
563
|
-
{ uint64_t x42 = (uint64_t) (x41 >> 0x33);
|
564
|
-
{ uint64_t x43 = ((uint64_t)x41 & 0x7ffffffffffff);
|
565
|
-
{ uint128_t x44 = (x42 + x24);
|
566
|
-
{ uint64_t x45 = (uint64_t) (x44 >> 0x33);
|
567
|
-
{ uint64_t x46 = ((uint64_t)x44 & 0x7ffffffffffff);
|
568
|
-
{ uint64_t x47 = (x34 + (0x13 * x45));
|
569
|
-
{ uint64_t x48 = (x47 >> 0x33);
|
570
|
-
{ uint64_t x49 = (x47 & 0x7ffffffffffff);
|
571
|
-
{ uint64_t x50 = (x48 + x37);
|
572
|
-
{ uint64_t x51 = (x50 >> 0x33);
|
573
|
-
{ uint64_t x52 = (x50 & 0x7ffffffffffff);
|
574
|
-
out[0] = x49;
|
575
|
-
out[1] = x52;
|
576
|
-
out[2] = (x51 + x40);
|
577
|
-
out[3] = x43;
|
578
|
-
out[4] = x46;
|
579
|
-
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
|
580
|
-
}
|
581
|
-
|
582
|
-
static void fe_mul121666(fe *h, const fe_loose *f) {
|
583
|
-
assert_fe_loose(f->v);
|
584
|
-
fe_mul_121666_impl(h->v, f->v);
|
585
|
-
assert_fe(h->v);
|
586
|
-
}
|
587
|
-
|
588
|
-
// Adapted from Fiat-synthesized |fe_sub_impl| with |out| = 0.
|
589
|
-
static void fe_neg_impl(uint64_t out[5], const uint64_t in2[5]) {
|
590
|
-
{ const uint64_t x10 = 0;
|
591
|
-
{ const uint64_t x11 = 0;
|
592
|
-
{ const uint64_t x9 = 0;
|
593
|
-
{ const uint64_t x7 = 0;
|
594
|
-
{ const uint64_t x5 = 0;
|
595
|
-
{ const uint64_t x18 = in2[4];
|
596
|
-
{ const uint64_t x19 = in2[3];
|
597
|
-
{ const uint64_t x17 = in2[2];
|
598
|
-
{ const uint64_t x15 = in2[1];
|
599
|
-
{ const uint64_t x13 = in2[0];
|
600
|
-
out[0] = ((0xfffffffffffda + x5) - x13);
|
601
|
-
out[1] = ((0xffffffffffffe + x7) - x15);
|
602
|
-
out[2] = ((0xffffffffffffe + x9) - x17);
|
603
|
-
out[3] = ((0xffffffffffffe + x11) - x19);
|
604
|
-
out[4] = ((0xffffffffffffe + x10) - x18);
|
605
|
-
}}}}}}}}}}
|
606
|
-
}
|
607
|
-
|
608
|
-
// h = -f
|
609
|
-
static void fe_neg(fe_loose *h, const fe *f) {
|
610
|
-
assert_fe(f->v);
|
611
|
-
fe_neg_impl(h->v, f->v);
|
612
|
-
assert_fe_loose(h->v);
|
613
|
-
}
|
614
|
-
|
615
|
-
// Replace (f,g) with (g,g) if b == 1;
|
616
|
-
// replace (f,g) with (f,g) if b == 0.
|
617
|
-
//
|
618
|
-
// Preconditions: b in {0,1}.
|
619
|
-
static void fe_cmov(fe_loose *f, const fe_loose *g, uint64_t b) {
|
620
|
-
b = 0-b;
|
621
|
-
for (unsigned i = 0; i < 5; i++) {
|
622
|
-
uint64_t x = f->v[i] ^ g->v[i];
|
623
|
-
x &= b;
|
624
|
-
f->v[i] ^= x;
|
625
|
-
}
|
626
|
-
}
|
627
|
-
|
628
|
-
#else
|
629
|
-
|
630
|
-
#define assert_fe(f) do { \
|
631
|
-
for (unsigned _assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \
|
632
|
-
assert(f[_assert_fe_i] < 1.125*(1<<(26-(_assert_fe_i&1)))); \
|
633
|
-
} \
|
634
|
-
} while (0)
|
635
|
-
|
636
|
-
#define assert_fe_loose(f) do { \
|
637
|
-
for (unsigned _assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \
|
638
|
-
assert(f[_assert_fe_i] < 3.375*(1<<(26-(_assert_fe_i&1)))); \
|
639
|
-
} \
|
640
|
-
} while (0)
|
641
|
-
|
642
|
-
#define assert_fe_frozen(f) do { \
|
643
|
-
for (unsigned _assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \
|
644
|
-
assert(f[_assert_fe_i] < (1u<<(26-(_assert_fe_i&1)))); \
|
645
|
-
} \
|
646
|
-
} while (0)
|
647
|
-
|
648
|
-
static void fe_frombytes_impl(uint32_t h[10], const uint8_t *s) {
|
649
|
-
// Ignores top bit of s.
|
650
|
-
uint32_t a0 = load_4(s);
|
651
|
-
uint32_t a1 = load_4(s+4);
|
652
|
-
uint32_t a2 = load_4(s+8);
|
653
|
-
uint32_t a3 = load_4(s+12);
|
654
|
-
uint32_t a4 = load_4(s+16);
|
655
|
-
uint32_t a5 = load_4(s+20);
|
656
|
-
uint32_t a6 = load_4(s+24);
|
657
|
-
uint32_t a7 = load_4(s+28);
|
658
|
-
h[0] = a0&((1<<26)-1); // 26 used, 32-26 left. 26
|
659
|
-
h[1] = (a0>>26) | ((a1&((1<<19)-1))<< 6); // (32-26) + 19 = 6+19 = 25
|
660
|
-
h[2] = (a1>>19) | ((a2&((1<<13)-1))<<13); // (32-19) + 13 = 13+13 = 26
|
661
|
-
h[3] = (a2>>13) | ((a3&((1<< 6)-1))<<19); // (32-13) + 6 = 19+ 6 = 25
|
662
|
-
h[4] = (a3>> 6); // (32- 6) = 26
|
663
|
-
h[5] = a4&((1<<25)-1); // 25
|
664
|
-
h[6] = (a4>>25) | ((a5&((1<<19)-1))<< 7); // (32-25) + 19 = 7+19 = 26
|
665
|
-
h[7] = (a5>>19) | ((a6&((1<<12)-1))<<13); // (32-19) + 12 = 13+12 = 25
|
666
|
-
h[8] = (a6>>12) | ((a7&((1<< 6)-1))<<20); // (32-12) + 6 = 20+ 6 = 26
|
667
|
-
h[9] = (a7>> 6)&((1<<25)-1); // 25
|
668
|
-
assert_fe(h);
|
669
|
-
}
|
670
|
-
|
671
|
-
static void fe_frombytes(fe *h, const uint8_t *s) {
|
672
|
-
fe_frombytes_impl(h->v, s);
|
673
|
-
}
|
674
|
-
|
675
|
-
static void fe_freeze(uint32_t out[10], const uint32_t in1[10]) {
|
676
|
-
{ const uint32_t x17 = in1[9];
|
677
|
-
{ const uint32_t x18 = in1[8];
|
678
|
-
{ const uint32_t x16 = in1[7];
|
679
|
-
{ const uint32_t x14 = in1[6];
|
680
|
-
{ const uint32_t x12 = in1[5];
|
681
|
-
{ const uint32_t x10 = in1[4];
|
682
|
-
{ const uint32_t x8 = in1[3];
|
683
|
-
{ const uint32_t x6 = in1[2];
|
684
|
-
{ const uint32_t x4 = in1[1];
|
685
|
-
{ const uint32_t x2 = in1[0];
|
686
|
-
{ uint32_t x20; uint8_t/*bool*/ x21 = subborrow_u26(0x0, x2, 0x3ffffed, &x20);
|
687
|
-
{ uint32_t x23; uint8_t/*bool*/ x24 = subborrow_u25(x21, x4, 0x1ffffff, &x23);
|
688
|
-
{ uint32_t x26; uint8_t/*bool*/ x27 = subborrow_u26(x24, x6, 0x3ffffff, &x26);
|
689
|
-
{ uint32_t x29; uint8_t/*bool*/ x30 = subborrow_u25(x27, x8, 0x1ffffff, &x29);
|
690
|
-
{ uint32_t x32; uint8_t/*bool*/ x33 = subborrow_u26(x30, x10, 0x3ffffff, &x32);
|
691
|
-
{ uint32_t x35; uint8_t/*bool*/ x36 = subborrow_u25(x33, x12, 0x1ffffff, &x35);
|
692
|
-
{ uint32_t x38; uint8_t/*bool*/ x39 = subborrow_u26(x36, x14, 0x3ffffff, &x38);
|
693
|
-
{ uint32_t x41; uint8_t/*bool*/ x42 = subborrow_u25(x39, x16, 0x1ffffff, &x41);
|
694
|
-
{ uint32_t x44; uint8_t/*bool*/ x45 = subborrow_u26(x42, x18, 0x3ffffff, &x44);
|
695
|
-
{ uint32_t x47; uint8_t/*bool*/ x48 = subborrow_u25(x45, x17, 0x1ffffff, &x47);
|
696
|
-
{ uint32_t x49 = cmovznz32(x48, 0x0, 0xffffffff);
|
697
|
-
{ uint32_t x50 = (x49 & 0x3ffffed);
|
698
|
-
{ uint32_t x52; uint8_t/*bool*/ x53 = addcarryx_u26(0x0, x20, x50, &x52);
|
699
|
-
{ uint32_t x54 = (x49 & 0x1ffffff);
|
700
|
-
{ uint32_t x56; uint8_t/*bool*/ x57 = addcarryx_u25(x53, x23, x54, &x56);
|
701
|
-
{ uint32_t x58 = (x49 & 0x3ffffff);
|
702
|
-
{ uint32_t x60; uint8_t/*bool*/ x61 = addcarryx_u26(x57, x26, x58, &x60);
|
703
|
-
{ uint32_t x62 = (x49 & 0x1ffffff);
|
704
|
-
{ uint32_t x64; uint8_t/*bool*/ x65 = addcarryx_u25(x61, x29, x62, &x64);
|
705
|
-
{ uint32_t x66 = (x49 & 0x3ffffff);
|
706
|
-
{ uint32_t x68; uint8_t/*bool*/ x69 = addcarryx_u26(x65, x32, x66, &x68);
|
707
|
-
{ uint32_t x70 = (x49 & 0x1ffffff);
|
708
|
-
{ uint32_t x72; uint8_t/*bool*/ x73 = addcarryx_u25(x69, x35, x70, &x72);
|
709
|
-
{ uint32_t x74 = (x49 & 0x3ffffff);
|
710
|
-
{ uint32_t x76; uint8_t/*bool*/ x77 = addcarryx_u26(x73, x38, x74, &x76);
|
711
|
-
{ uint32_t x78 = (x49 & 0x1ffffff);
|
712
|
-
{ uint32_t x80; uint8_t/*bool*/ x81 = addcarryx_u25(x77, x41, x78, &x80);
|
713
|
-
{ uint32_t x82 = (x49 & 0x3ffffff);
|
714
|
-
{ uint32_t x84; uint8_t/*bool*/ x85 = addcarryx_u26(x81, x44, x82, &x84);
|
715
|
-
{ uint32_t x86 = (x49 & 0x1ffffff);
|
716
|
-
{ uint32_t x88; addcarryx_u25(x85, x47, x86, &x88);
|
717
|
-
out[0] = x52;
|
718
|
-
out[1] = x56;
|
719
|
-
out[2] = x60;
|
720
|
-
out[3] = x64;
|
721
|
-
out[4] = x68;
|
722
|
-
out[5] = x72;
|
723
|
-
out[6] = x76;
|
724
|
-
out[7] = x80;
|
725
|
-
out[8] = x84;
|
726
|
-
out[9] = x88;
|
727
|
-
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
|
728
|
-
}
|
729
|
-
|
730
|
-
static void fe_tobytes(uint8_t s[32], const fe *f) {
|
731
|
-
assert_fe(f->v);
|
732
|
-
uint32_t h[10];
|
733
|
-
fe_freeze(h, f->v);
|
734
|
-
assert_fe_frozen(h);
|
735
|
-
|
736
|
-
s[0] = h[0] >> 0;
|
737
|
-
s[1] = h[0] >> 8;
|
738
|
-
s[2] = h[0] >> 16;
|
739
|
-
s[3] = (h[0] >> 24) | (h[1] << 2);
|
740
|
-
s[4] = h[1] >> 6;
|
741
|
-
s[5] = h[1] >> 14;
|
742
|
-
s[6] = (h[1] >> 22) | (h[2] << 3);
|
743
|
-
s[7] = h[2] >> 5;
|
744
|
-
s[8] = h[2] >> 13;
|
745
|
-
s[9] = (h[2] >> 21) | (h[3] << 5);
|
746
|
-
s[10] = h[3] >> 3;
|
747
|
-
s[11] = h[3] >> 11;
|
748
|
-
s[12] = (h[3] >> 19) | (h[4] << 6);
|
749
|
-
s[13] = h[4] >> 2;
|
750
|
-
s[14] = h[4] >> 10;
|
751
|
-
s[15] = h[4] >> 18;
|
752
|
-
s[16] = h[5] >> 0;
|
753
|
-
s[17] = h[5] >> 8;
|
754
|
-
s[18] = h[5] >> 16;
|
755
|
-
s[19] = (h[5] >> 24) | (h[6] << 1);
|
756
|
-
s[20] = h[6] >> 7;
|
757
|
-
s[21] = h[6] >> 15;
|
758
|
-
s[22] = (h[6] >> 23) | (h[7] << 3);
|
759
|
-
s[23] = h[7] >> 5;
|
760
|
-
s[24] = h[7] >> 13;
|
761
|
-
s[25] = (h[7] >> 21) | (h[8] << 4);
|
762
|
-
s[26] = h[8] >> 4;
|
763
|
-
s[27] = h[8] >> 12;
|
764
|
-
s[28] = (h[8] >> 20) | (h[9] << 6);
|
765
|
-
s[29] = h[9] >> 2;
|
766
|
-
s[30] = h[9] >> 10;
|
767
|
-
s[31] = h[9] >> 18;
|
768
|
-
}
|
769
|
-
|
770
|
-
// h = 0
|
771
|
-
static void fe_0(fe *h) {
|
772
|
-
OPENSSL_memset(h, 0, sizeof(fe));
|
773
|
-
}
|
774
|
-
|
775
|
-
static void fe_loose_0(fe_loose *h) {
|
776
|
-
OPENSSL_memset(h, 0, sizeof(fe_loose));
|
777
|
-
}
|
778
|
-
|
779
|
-
// h = 1
|
780
|
-
static void fe_1(fe *h) {
|
781
|
-
OPENSSL_memset(h, 0, sizeof(fe));
|
782
|
-
h->v[0] = 1;
|
783
|
-
}
|
784
|
-
|
785
|
-
static void fe_loose_1(fe_loose *h) {
|
786
|
-
OPENSSL_memset(h, 0, sizeof(fe_loose));
|
787
|
-
h->v[0] = 1;
|
788
|
-
}
|
789
|
-
|
790
|
-
static void fe_add_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) {
|
791
|
-
{ const uint32_t x20 = in1[9];
|
792
|
-
{ const uint32_t x21 = in1[8];
|
793
|
-
{ const uint32_t x19 = in1[7];
|
794
|
-
{ const uint32_t x17 = in1[6];
|
795
|
-
{ const uint32_t x15 = in1[5];
|
796
|
-
{ const uint32_t x13 = in1[4];
|
797
|
-
{ const uint32_t x11 = in1[3];
|
798
|
-
{ const uint32_t x9 = in1[2];
|
799
|
-
{ const uint32_t x7 = in1[1];
|
800
|
-
{ const uint32_t x5 = in1[0];
|
801
|
-
{ const uint32_t x38 = in2[9];
|
802
|
-
{ const uint32_t x39 = in2[8];
|
803
|
-
{ const uint32_t x37 = in2[7];
|
804
|
-
{ const uint32_t x35 = in2[6];
|
805
|
-
{ const uint32_t x33 = in2[5];
|
806
|
-
{ const uint32_t x31 = in2[4];
|
807
|
-
{ const uint32_t x29 = in2[3];
|
808
|
-
{ const uint32_t x27 = in2[2];
|
809
|
-
{ const uint32_t x25 = in2[1];
|
810
|
-
{ const uint32_t x23 = in2[0];
|
811
|
-
out[0] = (x5 + x23);
|
812
|
-
out[1] = (x7 + x25);
|
813
|
-
out[2] = (x9 + x27);
|
814
|
-
out[3] = (x11 + x29);
|
815
|
-
out[4] = (x13 + x31);
|
816
|
-
out[5] = (x15 + x33);
|
817
|
-
out[6] = (x17 + x35);
|
818
|
-
out[7] = (x19 + x37);
|
819
|
-
out[8] = (x21 + x39);
|
820
|
-
out[9] = (x20 + x38);
|
821
|
-
}}}}}}}}}}}}}}}}}}}}
|
822
|
-
}
|
823
|
-
|
824
|
-
// h = f + g
|
825
|
-
// Can overlap h with f or g.
|
826
|
-
static void fe_add(fe_loose *h, const fe *f, const fe *g) {
|
827
|
-
assert_fe(f->v);
|
828
|
-
assert_fe(g->v);
|
829
|
-
fe_add_impl(h->v, f->v, g->v);
|
830
|
-
assert_fe_loose(h->v);
|
831
|
-
}
|
832
|
-
|
833
|
-
static void fe_sub_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) {
|
834
|
-
{ const uint32_t x20 = in1[9];
|
835
|
-
{ const uint32_t x21 = in1[8];
|
836
|
-
{ const uint32_t x19 = in1[7];
|
837
|
-
{ const uint32_t x17 = in1[6];
|
838
|
-
{ const uint32_t x15 = in1[5];
|
839
|
-
{ const uint32_t x13 = in1[4];
|
840
|
-
{ const uint32_t x11 = in1[3];
|
841
|
-
{ const uint32_t x9 = in1[2];
|
842
|
-
{ const uint32_t x7 = in1[1];
|
843
|
-
{ const uint32_t x5 = in1[0];
|
844
|
-
{ const uint32_t x38 = in2[9];
|
845
|
-
{ const uint32_t x39 = in2[8];
|
846
|
-
{ const uint32_t x37 = in2[7];
|
847
|
-
{ const uint32_t x35 = in2[6];
|
848
|
-
{ const uint32_t x33 = in2[5];
|
849
|
-
{ const uint32_t x31 = in2[4];
|
850
|
-
{ const uint32_t x29 = in2[3];
|
851
|
-
{ const uint32_t x27 = in2[2];
|
852
|
-
{ const uint32_t x25 = in2[1];
|
853
|
-
{ const uint32_t x23 = in2[0];
|
854
|
-
out[0] = ((0x7ffffda + x5) - x23);
|
855
|
-
out[1] = ((0x3fffffe + x7) - x25);
|
856
|
-
out[2] = ((0x7fffffe + x9) - x27);
|
857
|
-
out[3] = ((0x3fffffe + x11) - x29);
|
858
|
-
out[4] = ((0x7fffffe + x13) - x31);
|
859
|
-
out[5] = ((0x3fffffe + x15) - x33);
|
860
|
-
out[6] = ((0x7fffffe + x17) - x35);
|
861
|
-
out[7] = ((0x3fffffe + x19) - x37);
|
862
|
-
out[8] = ((0x7fffffe + x21) - x39);
|
863
|
-
out[9] = ((0x3fffffe + x20) - x38);
|
864
|
-
}}}}}}}}}}}}}}}}}}}}
|
865
|
-
}
|
866
|
-
|
867
|
-
// h = f - g
|
868
|
-
// Can overlap h with f or g.
|
869
|
-
static void fe_sub(fe_loose *h, const fe *f, const fe *g) {
|
870
|
-
assert_fe(f->v);
|
871
|
-
assert_fe(g->v);
|
872
|
-
fe_sub_impl(h->v, f->v, g->v);
|
873
|
-
assert_fe_loose(h->v);
|
874
|
-
}
|
875
|
-
|
876
|
-
static void fe_carry_impl(uint32_t out[10], const uint32_t in1[10]) {
|
877
|
-
{ const uint32_t x17 = in1[9];
|
878
|
-
{ const uint32_t x18 = in1[8];
|
879
|
-
{ const uint32_t x16 = in1[7];
|
880
|
-
{ const uint32_t x14 = in1[6];
|
881
|
-
{ const uint32_t x12 = in1[5];
|
882
|
-
{ const uint32_t x10 = in1[4];
|
883
|
-
{ const uint32_t x8 = in1[3];
|
884
|
-
{ const uint32_t x6 = in1[2];
|
885
|
-
{ const uint32_t x4 = in1[1];
|
886
|
-
{ const uint32_t x2 = in1[0];
|
887
|
-
{ uint32_t x19 = (x2 >> 0x1a);
|
888
|
-
{ uint32_t x20 = (x2 & 0x3ffffff);
|
889
|
-
{ uint32_t x21 = (x19 + x4);
|
890
|
-
{ uint32_t x22 = (x21 >> 0x19);
|
891
|
-
{ uint32_t x23 = (x21 & 0x1ffffff);
|
892
|
-
{ uint32_t x24 = (x22 + x6);
|
893
|
-
{ uint32_t x25 = (x24 >> 0x1a);
|
894
|
-
{ uint32_t x26 = (x24 & 0x3ffffff);
|
895
|
-
{ uint32_t x27 = (x25 + x8);
|
896
|
-
{ uint32_t x28 = (x27 >> 0x19);
|
897
|
-
{ uint32_t x29 = (x27 & 0x1ffffff);
|
898
|
-
{ uint32_t x30 = (x28 + x10);
|
899
|
-
{ uint32_t x31 = (x30 >> 0x1a);
|
900
|
-
{ uint32_t x32 = (x30 & 0x3ffffff);
|
901
|
-
{ uint32_t x33 = (x31 + x12);
|
902
|
-
{ uint32_t x34 = (x33 >> 0x19);
|
903
|
-
{ uint32_t x35 = (x33 & 0x1ffffff);
|
904
|
-
{ uint32_t x36 = (x34 + x14);
|
905
|
-
{ uint32_t x37 = (x36 >> 0x1a);
|
906
|
-
{ uint32_t x38 = (x36 & 0x3ffffff);
|
907
|
-
{ uint32_t x39 = (x37 + x16);
|
908
|
-
{ uint32_t x40 = (x39 >> 0x19);
|
909
|
-
{ uint32_t x41 = (x39 & 0x1ffffff);
|
910
|
-
{ uint32_t x42 = (x40 + x18);
|
911
|
-
{ uint32_t x43 = (x42 >> 0x1a);
|
912
|
-
{ uint32_t x44 = (x42 & 0x3ffffff);
|
913
|
-
{ uint32_t x45 = (x43 + x17);
|
914
|
-
{ uint32_t x46 = (x45 >> 0x19);
|
915
|
-
{ uint32_t x47 = (x45 & 0x1ffffff);
|
916
|
-
{ uint32_t x48 = (x20 + (0x13 * x46));
|
917
|
-
{ uint32_t x49 = (x48 >> 0x1a);
|
918
|
-
{ uint32_t x50 = (x48 & 0x3ffffff);
|
919
|
-
{ uint32_t x51 = (x49 + x23);
|
920
|
-
{ uint32_t x52 = (x51 >> 0x19);
|
921
|
-
{ uint32_t x53 = (x51 & 0x1ffffff);
|
922
|
-
out[0] = x50;
|
923
|
-
out[1] = x53;
|
924
|
-
out[2] = (x52 + x26);
|
925
|
-
out[3] = x29;
|
926
|
-
out[4] = x32;
|
927
|
-
out[5] = x35;
|
928
|
-
out[6] = x38;
|
929
|
-
out[7] = x41;
|
930
|
-
out[8] = x44;
|
931
|
-
out[9] = x47;
|
932
|
-
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
|
933
|
-
}
|
934
|
-
|
935
|
-
static void fe_carry(fe *h, const fe_loose* f) {
|
936
|
-
assert_fe_loose(f->v);
|
937
|
-
fe_carry_impl(h->v, f->v);
|
938
|
-
assert_fe(h->v);
|
939
|
-
}
|
940
|
-
|
941
|
-
static void fe_mul_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) {
|
942
|
-
assert_fe_loose(in1);
|
943
|
-
assert_fe_loose(in2);
|
944
|
-
{ const uint32_t x20 = in1[9];
|
945
|
-
{ const uint32_t x21 = in1[8];
|
946
|
-
{ const uint32_t x19 = in1[7];
|
947
|
-
{ const uint32_t x17 = in1[6];
|
948
|
-
{ const uint32_t x15 = in1[5];
|
949
|
-
{ const uint32_t x13 = in1[4];
|
950
|
-
{ const uint32_t x11 = in1[3];
|
951
|
-
{ const uint32_t x9 = in1[2];
|
952
|
-
{ const uint32_t x7 = in1[1];
|
953
|
-
{ const uint32_t x5 = in1[0];
|
954
|
-
{ const uint32_t x38 = in2[9];
|
955
|
-
{ const uint32_t x39 = in2[8];
|
956
|
-
{ const uint32_t x37 = in2[7];
|
957
|
-
{ const uint32_t x35 = in2[6];
|
958
|
-
{ const uint32_t x33 = in2[5];
|
959
|
-
{ const uint32_t x31 = in2[4];
|
960
|
-
{ const uint32_t x29 = in2[3];
|
961
|
-
{ const uint32_t x27 = in2[2];
|
962
|
-
{ const uint32_t x25 = in2[1];
|
963
|
-
{ const uint32_t x23 = in2[0];
|
964
|
-
{ uint64_t x40 = ((uint64_t)x23 * x5);
|
965
|
-
{ uint64_t x41 = (((uint64_t)x23 * x7) + ((uint64_t)x25 * x5));
|
966
|
-
{ uint64_t x42 = ((((uint64_t)(0x2 * x25) * x7) + ((uint64_t)x23 * x9)) + ((uint64_t)x27 * x5));
|
967
|
-
{ uint64_t x43 = (((((uint64_t)x25 * x9) + ((uint64_t)x27 * x7)) + ((uint64_t)x23 * x11)) + ((uint64_t)x29 * x5));
|
968
|
-
{ uint64_t x44 = (((((uint64_t)x27 * x9) + (0x2 * (((uint64_t)x25 * x11) + ((uint64_t)x29 * x7)))) + ((uint64_t)x23 * x13)) + ((uint64_t)x31 * x5));
|
969
|
-
{ uint64_t x45 = (((((((uint64_t)x27 * x11) + ((uint64_t)x29 * x9)) + ((uint64_t)x25 * x13)) + ((uint64_t)x31 * x7)) + ((uint64_t)x23 * x15)) + ((uint64_t)x33 * x5));
|
970
|
-
{ uint64_t x46 = (((((0x2 * ((((uint64_t)x29 * x11) + ((uint64_t)x25 * x15)) + ((uint64_t)x33 * x7))) + ((uint64_t)x27 * x13)) + ((uint64_t)x31 * x9)) + ((uint64_t)x23 * x17)) + ((uint64_t)x35 * x5));
|
971
|
-
{ uint64_t x47 = (((((((((uint64_t)x29 * x13) + ((uint64_t)x31 * x11)) + ((uint64_t)x27 * x15)) + ((uint64_t)x33 * x9)) + ((uint64_t)x25 * x17)) + ((uint64_t)x35 * x7)) + ((uint64_t)x23 * x19)) + ((uint64_t)x37 * x5));
|
972
|
-
{ uint64_t x48 = (((((((uint64_t)x31 * x13) + (0x2 * (((((uint64_t)x29 * x15) + ((uint64_t)x33 * x11)) + ((uint64_t)x25 * x19)) + ((uint64_t)x37 * x7)))) + ((uint64_t)x27 * x17)) + ((uint64_t)x35 * x9)) + ((uint64_t)x23 * x21)) + ((uint64_t)x39 * x5));
|
973
|
-
{ uint64_t x49 = (((((((((((uint64_t)x31 * x15) + ((uint64_t)x33 * x13)) + ((uint64_t)x29 * x17)) + ((uint64_t)x35 * x11)) + ((uint64_t)x27 * x19)) + ((uint64_t)x37 * x9)) + ((uint64_t)x25 * x21)) + ((uint64_t)x39 * x7)) + ((uint64_t)x23 * x20)) + ((uint64_t)x38 * x5));
|
974
|
-
{ uint64_t x50 = (((((0x2 * ((((((uint64_t)x33 * x15) + ((uint64_t)x29 * x19)) + ((uint64_t)x37 * x11)) + ((uint64_t)x25 * x20)) + ((uint64_t)x38 * x7))) + ((uint64_t)x31 * x17)) + ((uint64_t)x35 * x13)) + ((uint64_t)x27 * x21)) + ((uint64_t)x39 * x9));
|
975
|
-
{ uint64_t x51 = (((((((((uint64_t)x33 * x17) + ((uint64_t)x35 * x15)) + ((uint64_t)x31 * x19)) + ((uint64_t)x37 * x13)) + ((uint64_t)x29 * x21)) + ((uint64_t)x39 * x11)) + ((uint64_t)x27 * x20)) + ((uint64_t)x38 * x9));
|
976
|
-
{ uint64_t x52 = (((((uint64_t)x35 * x17) + (0x2 * (((((uint64_t)x33 * x19) + ((uint64_t)x37 * x15)) + ((uint64_t)x29 * x20)) + ((uint64_t)x38 * x11)))) + ((uint64_t)x31 * x21)) + ((uint64_t)x39 * x13));
|
977
|
-
{ uint64_t x53 = (((((((uint64_t)x35 * x19) + ((uint64_t)x37 * x17)) + ((uint64_t)x33 * x21)) + ((uint64_t)x39 * x15)) + ((uint64_t)x31 * x20)) + ((uint64_t)x38 * x13));
|
978
|
-
{ uint64_t x54 = (((0x2 * ((((uint64_t)x37 * x19) + ((uint64_t)x33 * x20)) + ((uint64_t)x38 * x15))) + ((uint64_t)x35 * x21)) + ((uint64_t)x39 * x17));
|
979
|
-
{ uint64_t x55 = (((((uint64_t)x37 * x21) + ((uint64_t)x39 * x19)) + ((uint64_t)x35 * x20)) + ((uint64_t)x38 * x17));
|
980
|
-
{ uint64_t x56 = (((uint64_t)x39 * x21) + (0x2 * (((uint64_t)x37 * x20) + ((uint64_t)x38 * x19))));
|
981
|
-
{ uint64_t x57 = (((uint64_t)x39 * x20) + ((uint64_t)x38 * x21));
|
982
|
-
{ uint64_t x58 = ((uint64_t)(0x2 * x38) * x20);
|
983
|
-
{ uint64_t x59 = (x48 + (x58 << 0x4));
|
984
|
-
{ uint64_t x60 = (x59 + (x58 << 0x1));
|
985
|
-
{ uint64_t x61 = (x60 + x58);
|
986
|
-
{ uint64_t x62 = (x47 + (x57 << 0x4));
|
987
|
-
{ uint64_t x63 = (x62 + (x57 << 0x1));
|
988
|
-
{ uint64_t x64 = (x63 + x57);
|
989
|
-
{ uint64_t x65 = (x46 + (x56 << 0x4));
|
990
|
-
{ uint64_t x66 = (x65 + (x56 << 0x1));
|
991
|
-
{ uint64_t x67 = (x66 + x56);
|
992
|
-
{ uint64_t x68 = (x45 + (x55 << 0x4));
|
993
|
-
{ uint64_t x69 = (x68 + (x55 << 0x1));
|
994
|
-
{ uint64_t x70 = (x69 + x55);
|
995
|
-
{ uint64_t x71 = (x44 + (x54 << 0x4));
|
996
|
-
{ uint64_t x72 = (x71 + (x54 << 0x1));
|
997
|
-
{ uint64_t x73 = (x72 + x54);
|
998
|
-
{ uint64_t x74 = (x43 + (x53 << 0x4));
|
999
|
-
{ uint64_t x75 = (x74 + (x53 << 0x1));
|
1000
|
-
{ uint64_t x76 = (x75 + x53);
|
1001
|
-
{ uint64_t x77 = (x42 + (x52 << 0x4));
|
1002
|
-
{ uint64_t x78 = (x77 + (x52 << 0x1));
|
1003
|
-
{ uint64_t x79 = (x78 + x52);
|
1004
|
-
{ uint64_t x80 = (x41 + (x51 << 0x4));
|
1005
|
-
{ uint64_t x81 = (x80 + (x51 << 0x1));
|
1006
|
-
{ uint64_t x82 = (x81 + x51);
|
1007
|
-
{ uint64_t x83 = (x40 + (x50 << 0x4));
|
1008
|
-
{ uint64_t x84 = (x83 + (x50 << 0x1));
|
1009
|
-
{ uint64_t x85 = (x84 + x50);
|
1010
|
-
{ uint64_t x86 = (x85 >> 0x1a);
|
1011
|
-
{ uint32_t x87 = ((uint32_t)x85 & 0x3ffffff);
|
1012
|
-
{ uint64_t x88 = (x86 + x82);
|
1013
|
-
{ uint64_t x89 = (x88 >> 0x19);
|
1014
|
-
{ uint32_t x90 = ((uint32_t)x88 & 0x1ffffff);
|
1015
|
-
{ uint64_t x91 = (x89 + x79);
|
1016
|
-
{ uint64_t x92 = (x91 >> 0x1a);
|
1017
|
-
{ uint32_t x93 = ((uint32_t)x91 & 0x3ffffff);
|
1018
|
-
{ uint64_t x94 = (x92 + x76);
|
1019
|
-
{ uint64_t x95 = (x94 >> 0x19);
|
1020
|
-
{ uint32_t x96 = ((uint32_t)x94 & 0x1ffffff);
|
1021
|
-
{ uint64_t x97 = (x95 + x73);
|
1022
|
-
{ uint64_t x98 = (x97 >> 0x1a);
|
1023
|
-
{ uint32_t x99 = ((uint32_t)x97 & 0x3ffffff);
|
1024
|
-
{ uint64_t x100 = (x98 + x70);
|
1025
|
-
{ uint64_t x101 = (x100 >> 0x19);
|
1026
|
-
{ uint32_t x102 = ((uint32_t)x100 & 0x1ffffff);
|
1027
|
-
{ uint64_t x103 = (x101 + x67);
|
1028
|
-
{ uint64_t x104 = (x103 >> 0x1a);
|
1029
|
-
{ uint32_t x105 = ((uint32_t)x103 & 0x3ffffff);
|
1030
|
-
{ uint64_t x106 = (x104 + x64);
|
1031
|
-
{ uint64_t x107 = (x106 >> 0x19);
|
1032
|
-
{ uint32_t x108 = ((uint32_t)x106 & 0x1ffffff);
|
1033
|
-
{ uint64_t x109 = (x107 + x61);
|
1034
|
-
{ uint64_t x110 = (x109 >> 0x1a);
|
1035
|
-
{ uint32_t x111 = ((uint32_t)x109 & 0x3ffffff);
|
1036
|
-
{ uint64_t x112 = (x110 + x49);
|
1037
|
-
{ uint64_t x113 = (x112 >> 0x19);
|
1038
|
-
{ uint32_t x114 = ((uint32_t)x112 & 0x1ffffff);
|
1039
|
-
{ uint64_t x115 = (x87 + (0x13 * x113));
|
1040
|
-
{ uint32_t x116 = (uint32_t) (x115 >> 0x1a);
|
1041
|
-
{ uint32_t x117 = ((uint32_t)x115 & 0x3ffffff);
|
1042
|
-
{ uint32_t x118 = (x116 + x90);
|
1043
|
-
{ uint32_t x119 = (x118 >> 0x19);
|
1044
|
-
{ uint32_t x120 = (x118 & 0x1ffffff);
|
1045
|
-
out[0] = x117;
|
1046
|
-
out[1] = x120;
|
1047
|
-
out[2] = (x119 + x93);
|
1048
|
-
out[3] = x96;
|
1049
|
-
out[4] = x99;
|
1050
|
-
out[5] = x102;
|
1051
|
-
out[6] = x105;
|
1052
|
-
out[7] = x108;
|
1053
|
-
out[8] = x111;
|
1054
|
-
out[9] = x114;
|
1055
|
-
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
|
1056
|
-
assert_fe(out);
|
1057
|
-
}
|
1058
|
-
|
1059
|
-
static void fe_mul_ltt(fe_loose *h, const fe *f, const fe *g) {
|
1060
|
-
fe_mul_impl(h->v, f->v, g->v);
|
1061
|
-
}
|
1062
|
-
|
1063
|
-
static void fe_mul_llt(fe_loose *h, const fe_loose *f, const fe *g) {
|
1064
|
-
fe_mul_impl(h->v, f->v, g->v);
|
1065
|
-
}
|
1066
|
-
|
1067
|
-
static void fe_mul_ttt(fe *h, const fe *f, const fe *g) {
|
1068
|
-
fe_mul_impl(h->v, f->v, g->v);
|
1069
|
-
}
|
1070
|
-
|
1071
|
-
static void fe_mul_tlt(fe *h, const fe_loose *f, const fe *g) {
|
1072
|
-
fe_mul_impl(h->v, f->v, g->v);
|
1073
|
-
}
|
1074
|
-
|
1075
|
-
static void fe_mul_ttl(fe *h, const fe *f, const fe_loose *g) {
|
1076
|
-
fe_mul_impl(h->v, f->v, g->v);
|
1077
|
-
}
|
1078
|
-
|
1079
|
-
static void fe_mul_tll(fe *h, const fe_loose *f, const fe_loose *g) {
|
1080
|
-
fe_mul_impl(h->v, f->v, g->v);
|
1081
|
-
}
|
1082
|
-
|
1083
|
-
static void fe_sqr_impl(uint32_t out[10], const uint32_t in1[10]) {
|
1084
|
-
assert_fe_loose(in1);
|
1085
|
-
{ const uint32_t x17 = in1[9];
|
1086
|
-
{ const uint32_t x18 = in1[8];
|
1087
|
-
{ const uint32_t x16 = in1[7];
|
1088
|
-
{ const uint32_t x14 = in1[6];
|
1089
|
-
{ const uint32_t x12 = in1[5];
|
1090
|
-
{ const uint32_t x10 = in1[4];
|
1091
|
-
{ const uint32_t x8 = in1[3];
|
1092
|
-
{ const uint32_t x6 = in1[2];
|
1093
|
-
{ const uint32_t x4 = in1[1];
|
1094
|
-
{ const uint32_t x2 = in1[0];
|
1095
|
-
{ uint64_t x19 = ((uint64_t)x2 * x2);
|
1096
|
-
{ uint64_t x20 = ((uint64_t)(0x2 * x2) * x4);
|
1097
|
-
{ uint64_t x21 = (0x2 * (((uint64_t)x4 * x4) + ((uint64_t)x2 * x6)));
|
1098
|
-
{ uint64_t x22 = (0x2 * (((uint64_t)x4 * x6) + ((uint64_t)x2 * x8)));
|
1099
|
-
{ uint64_t x23 = ((((uint64_t)x6 * x6) + ((uint64_t)(0x4 * x4) * x8)) + ((uint64_t)(0x2 * x2) * x10));
|
1100
|
-
{ uint64_t x24 = (0x2 * ((((uint64_t)x6 * x8) + ((uint64_t)x4 * x10)) + ((uint64_t)x2 * x12)));
|
1101
|
-
{ uint64_t x25 = (0x2 * (((((uint64_t)x8 * x8) + ((uint64_t)x6 * x10)) + ((uint64_t)x2 * x14)) + ((uint64_t)(0x2 * x4) * x12)));
|
1102
|
-
{ uint64_t x26 = (0x2 * (((((uint64_t)x8 * x10) + ((uint64_t)x6 * x12)) + ((uint64_t)x4 * x14)) + ((uint64_t)x2 * x16)));
|
1103
|
-
{ uint64_t x27 = (((uint64_t)x10 * x10) + (0x2 * ((((uint64_t)x6 * x14) + ((uint64_t)x2 * x18)) + (0x2 * (((uint64_t)x4 * x16) + ((uint64_t)x8 * x12))))));
|
1104
|
-
{ uint64_t x28 = (0x2 * ((((((uint64_t)x10 * x12) + ((uint64_t)x8 * x14)) + ((uint64_t)x6 * x16)) + ((uint64_t)x4 * x18)) + ((uint64_t)x2 * x17)));
|
1105
|
-
{ uint64_t x29 = (0x2 * (((((uint64_t)x12 * x12) + ((uint64_t)x10 * x14)) + ((uint64_t)x6 * x18)) + (0x2 * (((uint64_t)x8 * x16) + ((uint64_t)x4 * x17)))));
|
1106
|
-
{ uint64_t x30 = (0x2 * (((((uint64_t)x12 * x14) + ((uint64_t)x10 * x16)) + ((uint64_t)x8 * x18)) + ((uint64_t)x6 * x17)));
|
1107
|
-
{ uint64_t x31 = (((uint64_t)x14 * x14) + (0x2 * (((uint64_t)x10 * x18) + (0x2 * (((uint64_t)x12 * x16) + ((uint64_t)x8 * x17))))));
|
1108
|
-
{ uint64_t x32 = (0x2 * ((((uint64_t)x14 * x16) + ((uint64_t)x12 * x18)) + ((uint64_t)x10 * x17)));
|
1109
|
-
{ uint64_t x33 = (0x2 * ((((uint64_t)x16 * x16) + ((uint64_t)x14 * x18)) + ((uint64_t)(0x2 * x12) * x17)));
|
1110
|
-
{ uint64_t x34 = (0x2 * (((uint64_t)x16 * x18) + ((uint64_t)x14 * x17)));
|
1111
|
-
{ uint64_t x35 = (((uint64_t)x18 * x18) + ((uint64_t)(0x4 * x16) * x17));
|
1112
|
-
{ uint64_t x36 = ((uint64_t)(0x2 * x18) * x17);
|
1113
|
-
{ uint64_t x37 = ((uint64_t)(0x2 * x17) * x17);
|
1114
|
-
{ uint64_t x38 = (x27 + (x37 << 0x4));
|
1115
|
-
{ uint64_t x39 = (x38 + (x37 << 0x1));
|
1116
|
-
{ uint64_t x40 = (x39 + x37);
|
1117
|
-
{ uint64_t x41 = (x26 + (x36 << 0x4));
|
1118
|
-
{ uint64_t x42 = (x41 + (x36 << 0x1));
|
1119
|
-
{ uint64_t x43 = (x42 + x36);
|
1120
|
-
{ uint64_t x44 = (x25 + (x35 << 0x4));
|
1121
|
-
{ uint64_t x45 = (x44 + (x35 << 0x1));
|
1122
|
-
{ uint64_t x46 = (x45 + x35);
|
1123
|
-
{ uint64_t x47 = (x24 + (x34 << 0x4));
|
1124
|
-
{ uint64_t x48 = (x47 + (x34 << 0x1));
|
1125
|
-
{ uint64_t x49 = (x48 + x34);
|
1126
|
-
{ uint64_t x50 = (x23 + (x33 << 0x4));
|
1127
|
-
{ uint64_t x51 = (x50 + (x33 << 0x1));
|
1128
|
-
{ uint64_t x52 = (x51 + x33);
|
1129
|
-
{ uint64_t x53 = (x22 + (x32 << 0x4));
|
1130
|
-
{ uint64_t x54 = (x53 + (x32 << 0x1));
|
1131
|
-
{ uint64_t x55 = (x54 + x32);
|
1132
|
-
{ uint64_t x56 = (x21 + (x31 << 0x4));
|
1133
|
-
{ uint64_t x57 = (x56 + (x31 << 0x1));
|
1134
|
-
{ uint64_t x58 = (x57 + x31);
|
1135
|
-
{ uint64_t x59 = (x20 + (x30 << 0x4));
|
1136
|
-
{ uint64_t x60 = (x59 + (x30 << 0x1));
|
1137
|
-
{ uint64_t x61 = (x60 + x30);
|
1138
|
-
{ uint64_t x62 = (x19 + (x29 << 0x4));
|
1139
|
-
{ uint64_t x63 = (x62 + (x29 << 0x1));
|
1140
|
-
{ uint64_t x64 = (x63 + x29);
|
1141
|
-
{ uint64_t x65 = (x64 >> 0x1a);
|
1142
|
-
{ uint32_t x66 = ((uint32_t)x64 & 0x3ffffff);
|
1143
|
-
{ uint64_t x67 = (x65 + x61);
|
1144
|
-
{ uint64_t x68 = (x67 >> 0x19);
|
1145
|
-
{ uint32_t x69 = ((uint32_t)x67 & 0x1ffffff);
|
1146
|
-
{ uint64_t x70 = (x68 + x58);
|
1147
|
-
{ uint64_t x71 = (x70 >> 0x1a);
|
1148
|
-
{ uint32_t x72 = ((uint32_t)x70 & 0x3ffffff);
|
1149
|
-
{ uint64_t x73 = (x71 + x55);
|
1150
|
-
{ uint64_t x74 = (x73 >> 0x19);
|
1151
|
-
{ uint32_t x75 = ((uint32_t)x73 & 0x1ffffff);
|
1152
|
-
{ uint64_t x76 = (x74 + x52);
|
1153
|
-
{ uint64_t x77 = (x76 >> 0x1a);
|
1154
|
-
{ uint32_t x78 = ((uint32_t)x76 & 0x3ffffff);
|
1155
|
-
{ uint64_t x79 = (x77 + x49);
|
1156
|
-
{ uint64_t x80 = (x79 >> 0x19);
|
1157
|
-
{ uint32_t x81 = ((uint32_t)x79 & 0x1ffffff);
|
1158
|
-
{ uint64_t x82 = (x80 + x46);
|
1159
|
-
{ uint64_t x83 = (x82 >> 0x1a);
|
1160
|
-
{ uint32_t x84 = ((uint32_t)x82 & 0x3ffffff);
|
1161
|
-
{ uint64_t x85 = (x83 + x43);
|
1162
|
-
{ uint64_t x86 = (x85 >> 0x19);
|
1163
|
-
{ uint32_t x87 = ((uint32_t)x85 & 0x1ffffff);
|
1164
|
-
{ uint64_t x88 = (x86 + x40);
|
1165
|
-
{ uint64_t x89 = (x88 >> 0x1a);
|
1166
|
-
{ uint32_t x90 = ((uint32_t)x88 & 0x3ffffff);
|
1167
|
-
{ uint64_t x91 = (x89 + x28);
|
1168
|
-
{ uint64_t x92 = (x91 >> 0x19);
|
1169
|
-
{ uint32_t x93 = ((uint32_t)x91 & 0x1ffffff);
|
1170
|
-
{ uint64_t x94 = (x66 + (0x13 * x92));
|
1171
|
-
{ uint32_t x95 = (uint32_t) (x94 >> 0x1a);
|
1172
|
-
{ uint32_t x96 = ((uint32_t)x94 & 0x3ffffff);
|
1173
|
-
{ uint32_t x97 = (x95 + x69);
|
1174
|
-
{ uint32_t x98 = (x97 >> 0x19);
|
1175
|
-
{ uint32_t x99 = (x97 & 0x1ffffff);
|
1176
|
-
out[0] = x96;
|
1177
|
-
out[1] = x99;
|
1178
|
-
out[2] = (x98 + x72);
|
1179
|
-
out[3] = x75;
|
1180
|
-
out[4] = x78;
|
1181
|
-
out[5] = x81;
|
1182
|
-
out[6] = x84;
|
1183
|
-
out[7] = x87;
|
1184
|
-
out[8] = x90;
|
1185
|
-
out[9] = x93;
|
1186
|
-
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
|
1187
|
-
assert_fe(out);
|
1188
|
-
}
|
1189
|
-
|
1190
|
-
static void fe_sq_tl(fe *h, const fe_loose *f) {
|
1191
|
-
fe_sqr_impl(h->v, f->v);
|
1192
|
-
}
|
1193
|
-
|
1194
|
-
static void fe_sq_tt(fe *h, const fe *f) {
|
1195
|
-
fe_sqr_impl(h->v, f->v);
|
1196
|
-
}
|
1197
|
-
|
1198
|
-
// Replace (f,g) with (g,f) if b == 1;
|
1199
|
-
// replace (f,g) with (f,g) if b == 0.
|
1200
|
-
//
|
1201
|
-
// Preconditions: b in {0,1}.
|
1202
|
-
static void fe_cswap(fe *f, fe *g, unsigned int b) {
|
1203
|
-
b = 0-b;
|
1204
|
-
unsigned i;
|
1205
|
-
for (i = 0; i < 10; i++) {
|
1206
|
-
uint32_t x = f->v[i] ^ g->v[i];
|
1207
|
-
x &= b;
|
1208
|
-
f->v[i] ^= x;
|
1209
|
-
g->v[i] ^= x;
|
1210
|
-
}
|
1211
|
-
}
|
1212
|
-
|
1213
|
-
// NOTE: based on fiat-crypto fe_mul, edited for in2=121666, 0, 0..
|
1214
|
-
static void fe_mul_121666_impl(uint32_t out[10], const uint32_t in1[10]) {
|
1215
|
-
{ const uint32_t x20 = in1[9];
|
1216
|
-
{ const uint32_t x21 = in1[8];
|
1217
|
-
{ const uint32_t x19 = in1[7];
|
1218
|
-
{ const uint32_t x17 = in1[6];
|
1219
|
-
{ const uint32_t x15 = in1[5];
|
1220
|
-
{ const uint32_t x13 = in1[4];
|
1221
|
-
{ const uint32_t x11 = in1[3];
|
1222
|
-
{ const uint32_t x9 = in1[2];
|
1223
|
-
{ const uint32_t x7 = in1[1];
|
1224
|
-
{ const uint32_t x5 = in1[0];
|
1225
|
-
{ const uint32_t x38 = 0;
|
1226
|
-
{ const uint32_t x39 = 0;
|
1227
|
-
{ const uint32_t x37 = 0;
|
1228
|
-
{ const uint32_t x35 = 0;
|
1229
|
-
{ const uint32_t x33 = 0;
|
1230
|
-
{ const uint32_t x31 = 0;
|
1231
|
-
{ const uint32_t x29 = 0;
|
1232
|
-
{ const uint32_t x27 = 0;
|
1233
|
-
{ const uint32_t x25 = 0;
|
1234
|
-
{ const uint32_t x23 = 121666;
|
1235
|
-
{ uint64_t x40 = ((uint64_t)x23 * x5);
|
1236
|
-
{ uint64_t x41 = (((uint64_t)x23 * x7) + ((uint64_t)x25 * x5));
|
1237
|
-
{ uint64_t x42 = ((((uint64_t)(0x2 * x25) * x7) + ((uint64_t)x23 * x9)) + ((uint64_t)x27 * x5));
|
1238
|
-
{ uint64_t x43 = (((((uint64_t)x25 * x9) + ((uint64_t)x27 * x7)) + ((uint64_t)x23 * x11)) + ((uint64_t)x29 * x5));
|
1239
|
-
{ uint64_t x44 = (((((uint64_t)x27 * x9) + (0x2 * (((uint64_t)x25 * x11) + ((uint64_t)x29 * x7)))) + ((uint64_t)x23 * x13)) + ((uint64_t)x31 * x5));
|
1240
|
-
{ uint64_t x45 = (((((((uint64_t)x27 * x11) + ((uint64_t)x29 * x9)) + ((uint64_t)x25 * x13)) + ((uint64_t)x31 * x7)) + ((uint64_t)x23 * x15)) + ((uint64_t)x33 * x5));
|
1241
|
-
{ uint64_t x46 = (((((0x2 * ((((uint64_t)x29 * x11) + ((uint64_t)x25 * x15)) + ((uint64_t)x33 * x7))) + ((uint64_t)x27 * x13)) + ((uint64_t)x31 * x9)) + ((uint64_t)x23 * x17)) + ((uint64_t)x35 * x5));
|
1242
|
-
{ uint64_t x47 = (((((((((uint64_t)x29 * x13) + ((uint64_t)x31 * x11)) + ((uint64_t)x27 * x15)) + ((uint64_t)x33 * x9)) + ((uint64_t)x25 * x17)) + ((uint64_t)x35 * x7)) + ((uint64_t)x23 * x19)) + ((uint64_t)x37 * x5));
|
1243
|
-
{ uint64_t x48 = (((((((uint64_t)x31 * x13) + (0x2 * (((((uint64_t)x29 * x15) + ((uint64_t)x33 * x11)) + ((uint64_t)x25 * x19)) + ((uint64_t)x37 * x7)))) + ((uint64_t)x27 * x17)) + ((uint64_t)x35 * x9)) + ((uint64_t)x23 * x21)) + ((uint64_t)x39 * x5));
|
1244
|
-
{ uint64_t x49 = (((((((((((uint64_t)x31 * x15) + ((uint64_t)x33 * x13)) + ((uint64_t)x29 * x17)) + ((uint64_t)x35 * x11)) + ((uint64_t)x27 * x19)) + ((uint64_t)x37 * x9)) + ((uint64_t)x25 * x21)) + ((uint64_t)x39 * x7)) + ((uint64_t)x23 * x20)) + ((uint64_t)x38 * x5));
|
1245
|
-
{ uint64_t x50 = (((((0x2 * ((((((uint64_t)x33 * x15) + ((uint64_t)x29 * x19)) + ((uint64_t)x37 * x11)) + ((uint64_t)x25 * x20)) + ((uint64_t)x38 * x7))) + ((uint64_t)x31 * x17)) + ((uint64_t)x35 * x13)) + ((uint64_t)x27 * x21)) + ((uint64_t)x39 * x9));
|
1246
|
-
{ uint64_t x51 = (((((((((uint64_t)x33 * x17) + ((uint64_t)x35 * x15)) + ((uint64_t)x31 * x19)) + ((uint64_t)x37 * x13)) + ((uint64_t)x29 * x21)) + ((uint64_t)x39 * x11)) + ((uint64_t)x27 * x20)) + ((uint64_t)x38 * x9));
|
1247
|
-
{ uint64_t x52 = (((((uint64_t)x35 * x17) + (0x2 * (((((uint64_t)x33 * x19) + ((uint64_t)x37 * x15)) + ((uint64_t)x29 * x20)) + ((uint64_t)x38 * x11)))) + ((uint64_t)x31 * x21)) + ((uint64_t)x39 * x13));
|
1248
|
-
{ uint64_t x53 = (((((((uint64_t)x35 * x19) + ((uint64_t)x37 * x17)) + ((uint64_t)x33 * x21)) + ((uint64_t)x39 * x15)) + ((uint64_t)x31 * x20)) + ((uint64_t)x38 * x13));
|
1249
|
-
{ uint64_t x54 = (((0x2 * ((((uint64_t)x37 * x19) + ((uint64_t)x33 * x20)) + ((uint64_t)x38 * x15))) + ((uint64_t)x35 * x21)) + ((uint64_t)x39 * x17));
|
1250
|
-
{ uint64_t x55 = (((((uint64_t)x37 * x21) + ((uint64_t)x39 * x19)) + ((uint64_t)x35 * x20)) + ((uint64_t)x38 * x17));
|
1251
|
-
{ uint64_t x56 = (((uint64_t)x39 * x21) + (0x2 * (((uint64_t)x37 * x20) + ((uint64_t)x38 * x19))));
|
1252
|
-
{ uint64_t x57 = (((uint64_t)x39 * x20) + ((uint64_t)x38 * x21));
|
1253
|
-
{ uint64_t x58 = ((uint64_t)(0x2 * x38) * x20);
|
1254
|
-
{ uint64_t x59 = (x48 + (x58 << 0x4));
|
1255
|
-
{ uint64_t x60 = (x59 + (x58 << 0x1));
|
1256
|
-
{ uint64_t x61 = (x60 + x58);
|
1257
|
-
{ uint64_t x62 = (x47 + (x57 << 0x4));
|
1258
|
-
{ uint64_t x63 = (x62 + (x57 << 0x1));
|
1259
|
-
{ uint64_t x64 = (x63 + x57);
|
1260
|
-
{ uint64_t x65 = (x46 + (x56 << 0x4));
|
1261
|
-
{ uint64_t x66 = (x65 + (x56 << 0x1));
|
1262
|
-
{ uint64_t x67 = (x66 + x56);
|
1263
|
-
{ uint64_t x68 = (x45 + (x55 << 0x4));
|
1264
|
-
{ uint64_t x69 = (x68 + (x55 << 0x1));
|
1265
|
-
{ uint64_t x70 = (x69 + x55);
|
1266
|
-
{ uint64_t x71 = (x44 + (x54 << 0x4));
|
1267
|
-
{ uint64_t x72 = (x71 + (x54 << 0x1));
|
1268
|
-
{ uint64_t x73 = (x72 + x54);
|
1269
|
-
{ uint64_t x74 = (x43 + (x53 << 0x4));
|
1270
|
-
{ uint64_t x75 = (x74 + (x53 << 0x1));
|
1271
|
-
{ uint64_t x76 = (x75 + x53);
|
1272
|
-
{ uint64_t x77 = (x42 + (x52 << 0x4));
|
1273
|
-
{ uint64_t x78 = (x77 + (x52 << 0x1));
|
1274
|
-
{ uint64_t x79 = (x78 + x52);
|
1275
|
-
{ uint64_t x80 = (x41 + (x51 << 0x4));
|
1276
|
-
{ uint64_t x81 = (x80 + (x51 << 0x1));
|
1277
|
-
{ uint64_t x82 = (x81 + x51);
|
1278
|
-
{ uint64_t x83 = (x40 + (x50 << 0x4));
|
1279
|
-
{ uint64_t x84 = (x83 + (x50 << 0x1));
|
1280
|
-
{ uint64_t x85 = (x84 + x50);
|
1281
|
-
{ uint64_t x86 = (x85 >> 0x1a);
|
1282
|
-
{ uint32_t x87 = ((uint32_t)x85 & 0x3ffffff);
|
1283
|
-
{ uint64_t x88 = (x86 + x82);
|
1284
|
-
{ uint64_t x89 = (x88 >> 0x19);
|
1285
|
-
{ uint32_t x90 = ((uint32_t)x88 & 0x1ffffff);
|
1286
|
-
{ uint64_t x91 = (x89 + x79);
|
1287
|
-
{ uint64_t x92 = (x91 >> 0x1a);
|
1288
|
-
{ uint32_t x93 = ((uint32_t)x91 & 0x3ffffff);
|
1289
|
-
{ uint64_t x94 = (x92 + x76);
|
1290
|
-
{ uint64_t x95 = (x94 >> 0x19);
|
1291
|
-
{ uint32_t x96 = ((uint32_t)x94 & 0x1ffffff);
|
1292
|
-
{ uint64_t x97 = (x95 + x73);
|
1293
|
-
{ uint64_t x98 = (x97 >> 0x1a);
|
1294
|
-
{ uint32_t x99 = ((uint32_t)x97 & 0x3ffffff);
|
1295
|
-
{ uint64_t x100 = (x98 + x70);
|
1296
|
-
{ uint64_t x101 = (x100 >> 0x19);
|
1297
|
-
{ uint32_t x102 = ((uint32_t)x100 & 0x1ffffff);
|
1298
|
-
{ uint64_t x103 = (x101 + x67);
|
1299
|
-
{ uint64_t x104 = (x103 >> 0x1a);
|
1300
|
-
{ uint32_t x105 = ((uint32_t)x103 & 0x3ffffff);
|
1301
|
-
{ uint64_t x106 = (x104 + x64);
|
1302
|
-
{ uint64_t x107 = (x106 >> 0x19);
|
1303
|
-
{ uint32_t x108 = ((uint32_t)x106 & 0x1ffffff);
|
1304
|
-
{ uint64_t x109 = (x107 + x61);
|
1305
|
-
{ uint64_t x110 = (x109 >> 0x1a);
|
1306
|
-
{ uint32_t x111 = ((uint32_t)x109 & 0x3ffffff);
|
1307
|
-
{ uint64_t x112 = (x110 + x49);
|
1308
|
-
{ uint64_t x113 = (x112 >> 0x19);
|
1309
|
-
{ uint32_t x114 = ((uint32_t)x112 & 0x1ffffff);
|
1310
|
-
{ uint64_t x115 = (x87 + (0x13 * x113));
|
1311
|
-
{ uint32_t x116 = (uint32_t) (x115 >> 0x1a);
|
1312
|
-
{ uint32_t x117 = ((uint32_t)x115 & 0x3ffffff);
|
1313
|
-
{ uint32_t x118 = (x116 + x90);
|
1314
|
-
{ uint32_t x119 = (x118 >> 0x19);
|
1315
|
-
{ uint32_t x120 = (x118 & 0x1ffffff);
|
1316
|
-
out[0] = x117;
|
1317
|
-
out[1] = x120;
|
1318
|
-
out[2] = (x119 + x93);
|
1319
|
-
out[3] = x96;
|
1320
|
-
out[4] = x99;
|
1321
|
-
out[5] = x102;
|
1322
|
-
out[6] = x105;
|
1323
|
-
out[7] = x108;
|
1324
|
-
out[8] = x111;
|
1325
|
-
out[9] = x114;
|
1326
|
-
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
|
1327
|
-
}
|
1328
|
-
|
1329
|
-
static void fe_mul121666(fe *h, const fe_loose *f) {
|
1330
|
-
assert_fe_loose(f->v);
|
1331
|
-
fe_mul_121666_impl(h->v, f->v);
|
1332
|
-
assert_fe(h->v);
|
1333
|
-
}
|
1334
|
-
|
1335
|
-
// Adapted from Fiat-synthesized |fe_sub_impl| with |out| = 0.
|
1336
|
-
static void fe_neg_impl(uint32_t out[10], const uint32_t in2[10]) {
|
1337
|
-
{ const uint32_t x20 = 0;
|
1338
|
-
{ const uint32_t x21 = 0;
|
1339
|
-
{ const uint32_t x19 = 0;
|
1340
|
-
{ const uint32_t x17 = 0;
|
1341
|
-
{ const uint32_t x15 = 0;
|
1342
|
-
{ const uint32_t x13 = 0;
|
1343
|
-
{ const uint32_t x11 = 0;
|
1344
|
-
{ const uint32_t x9 = 0;
|
1345
|
-
{ const uint32_t x7 = 0;
|
1346
|
-
{ const uint32_t x5 = 0;
|
1347
|
-
{ const uint32_t x38 = in2[9];
|
1348
|
-
{ const uint32_t x39 = in2[8];
|
1349
|
-
{ const uint32_t x37 = in2[7];
|
1350
|
-
{ const uint32_t x35 = in2[6];
|
1351
|
-
{ const uint32_t x33 = in2[5];
|
1352
|
-
{ const uint32_t x31 = in2[4];
|
1353
|
-
{ const uint32_t x29 = in2[3];
|
1354
|
-
{ const uint32_t x27 = in2[2];
|
1355
|
-
{ const uint32_t x25 = in2[1];
|
1356
|
-
{ const uint32_t x23 = in2[0];
|
1357
|
-
out[0] = ((0x7ffffda + x5) - x23);
|
1358
|
-
out[1] = ((0x3fffffe + x7) - x25);
|
1359
|
-
out[2] = ((0x7fffffe + x9) - x27);
|
1360
|
-
out[3] = ((0x3fffffe + x11) - x29);
|
1361
|
-
out[4] = ((0x7fffffe + x13) - x31);
|
1362
|
-
out[5] = ((0x3fffffe + x15) - x33);
|
1363
|
-
out[6] = ((0x7fffffe + x17) - x35);
|
1364
|
-
out[7] = ((0x3fffffe + x19) - x37);
|
1365
|
-
out[8] = ((0x7fffffe + x21) - x39);
|
1366
|
-
out[9] = ((0x3fffffe + x20) - x38);
|
1367
|
-
}}}}}}}}}}}}}}}}}}}}
|
1368
|
-
}
|
1369
|
-
|
1370
|
-
// h = -f
|
1371
|
-
static void fe_neg(fe_loose *h, const fe *f) {
|
1372
|
-
assert_fe(f->v);
|
1373
|
-
fe_neg_impl(h->v, f->v);
|
1374
|
-
assert_fe_loose(h->v);
|
1375
|
-
}
|
1376
|
-
|
1377
|
-
// Replace (f,g) with (g,g) if b == 1;
|
1378
|
-
// replace (f,g) with (f,g) if b == 0.
|
1379
|
-
//
|
1380
|
-
// Preconditions: b in {0,1}.
|
1381
|
-
static void fe_cmov(fe_loose *f, const fe_loose *g, unsigned b) {
|
1382
|
-
b = 0-b;
|
1383
|
-
unsigned i;
|
1384
|
-
for (i = 0; i < 10; i++) {
|
1385
|
-
uint32_t x = f->v[i] ^ g->v[i];
|
1386
|
-
x &= b;
|
1387
|
-
f->v[i] ^= x;
|
1388
|
-
}
|
1389
|
-
}
|
1390
|
-
|
1391
|
-
#endif // BORINGSSL_CURVE25519_64BIT
|
1392
|
-
|
1393
|
-
// h = f
|
1394
|
-
static void fe_copy(fe *h, const fe *f) {
|
1395
|
-
OPENSSL_memmove(h, f, sizeof(fe));
|
1396
|
-
}
|
1397
|
-
|
1398
|
-
static void fe_copy_lt(fe_loose *h, const fe *f) {
|
1399
|
-
OPENSSL_COMPILE_ASSERT(sizeof(fe_loose) == sizeof(fe),
|
1400
|
-
fe_and_fe_loose_mismatch);
|
1401
|
-
OPENSSL_memmove(h, f, sizeof(fe));
|
1402
|
-
}
|
1403
|
-
#if !defined(OPENSSL_SMALL)
|
1404
|
-
static void fe_copy_ll(fe_loose *h, const fe_loose *f) {
|
1405
|
-
OPENSSL_memmove(h, f, sizeof(fe_loose));
|
1406
|
-
}
|
1407
|
-
#endif // !defined(OPENSSL_SMALL)
|
1408
|
-
|
1409
|
-
static void fe_loose_invert(fe *out, const fe_loose *z) {
|
1410
|
-
fe t0;
|
1411
|
-
fe t1;
|
1412
|
-
fe t2;
|
1413
|
-
fe t3;
|
1414
|
-
int i;
|
1415
|
-
|
1416
|
-
fe_sq_tl(&t0, z);
|
1417
|
-
fe_sq_tt(&t1, &t0);
|
1418
|
-
for (i = 1; i < 2; ++i) {
|
1419
|
-
fe_sq_tt(&t1, &t1);
|
1420
|
-
}
|
1421
|
-
fe_mul_tlt(&t1, z, &t1);
|
1422
|
-
fe_mul_ttt(&t0, &t0, &t1);
|
1423
|
-
fe_sq_tt(&t2, &t0);
|
1424
|
-
fe_mul_ttt(&t1, &t1, &t2);
|
1425
|
-
fe_sq_tt(&t2, &t1);
|
1426
|
-
for (i = 1; i < 5; ++i) {
|
1427
|
-
fe_sq_tt(&t2, &t2);
|
1428
|
-
}
|
1429
|
-
fe_mul_ttt(&t1, &t2, &t1);
|
1430
|
-
fe_sq_tt(&t2, &t1);
|
1431
|
-
for (i = 1; i < 10; ++i) {
|
1432
|
-
fe_sq_tt(&t2, &t2);
|
1433
|
-
}
|
1434
|
-
fe_mul_ttt(&t2, &t2, &t1);
|
1435
|
-
fe_sq_tt(&t3, &t2);
|
1436
|
-
for (i = 1; i < 20; ++i) {
|
1437
|
-
fe_sq_tt(&t3, &t3);
|
1438
|
-
}
|
1439
|
-
fe_mul_ttt(&t2, &t3, &t2);
|
1440
|
-
fe_sq_tt(&t2, &t2);
|
1441
|
-
for (i = 1; i < 10; ++i) {
|
1442
|
-
fe_sq_tt(&t2, &t2);
|
1443
|
-
}
|
1444
|
-
fe_mul_ttt(&t1, &t2, &t1);
|
1445
|
-
fe_sq_tt(&t2, &t1);
|
1446
|
-
for (i = 1; i < 50; ++i) {
|
1447
|
-
fe_sq_tt(&t2, &t2);
|
1448
|
-
}
|
1449
|
-
fe_mul_ttt(&t2, &t2, &t1);
|
1450
|
-
fe_sq_tt(&t3, &t2);
|
1451
|
-
for (i = 1; i < 100; ++i) {
|
1452
|
-
fe_sq_tt(&t3, &t3);
|
1453
|
-
}
|
1454
|
-
fe_mul_ttt(&t2, &t3, &t2);
|
1455
|
-
fe_sq_tt(&t2, &t2);
|
1456
|
-
for (i = 1; i < 50; ++i) {
|
1457
|
-
fe_sq_tt(&t2, &t2);
|
1458
|
-
}
|
1459
|
-
fe_mul_ttt(&t1, &t2, &t1);
|
1460
|
-
fe_sq_tt(&t1, &t1);
|
1461
|
-
for (i = 1; i < 5; ++i) {
|
1462
|
-
fe_sq_tt(&t1, &t1);
|
1463
|
-
}
|
1464
|
-
fe_mul_ttt(out, &t1, &t0);
|
1465
|
-
}
|
1466
|
-
|
1467
|
-
static void fe_invert(fe *out, const fe *z) {
|
1468
|
-
fe_loose l;
|
1469
|
-
fe_copy_lt(&l, z);
|
1470
|
-
fe_loose_invert(out, &l);
|
1471
|
-
}
|
1472
|
-
|
1473
|
-
// return 0 if f == 0
|
1474
|
-
// return 1 if f != 0
|
1475
|
-
static int fe_isnonzero(const fe_loose *f) {
|
1476
|
-
fe tight;
|
1477
|
-
fe_carry(&tight, f);
|
1478
|
-
uint8_t s[32];
|
1479
|
-
fe_tobytes(s, &tight);
|
1480
|
-
|
1481
|
-
static const uint8_t zero[32] = {0};
|
1482
|
-
return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0;
|
1483
|
-
}
|
1484
|
-
|
1485
|
-
// return 1 if f is in {1,3,5,...,q-2}
|
1486
|
-
// return 0 if f is in {0,2,4,...,q-1}
|
1487
|
-
static int fe_isnegative(const fe *f) {
|
1488
|
-
uint8_t s[32];
|
1489
|
-
fe_tobytes(s, f);
|
1490
|
-
return s[0] & 1;
|
1491
|
-
}
|
1492
|
-
|
1493
|
-
static void fe_sq2_tt(fe *h, const fe *f) {
|
1494
|
-
// h = f^2
|
1495
|
-
fe_sq_tt(h, f);
|
1496
|
-
|
1497
|
-
// h = h + h
|
1498
|
-
fe_loose tmp;
|
1499
|
-
fe_add(&tmp, h, h);
|
1500
|
-
fe_carry(h, &tmp);
|
1501
|
-
}
|
1502
|
-
|
1503
|
-
static void fe_pow22523(fe *out, const fe *z) {
|
1504
|
-
fe t0;
|
1505
|
-
fe t1;
|
1506
|
-
fe t2;
|
1507
|
-
int i;
|
1508
|
-
|
1509
|
-
fe_sq_tt(&t0, z);
|
1510
|
-
fe_sq_tt(&t1, &t0);
|
1511
|
-
for (i = 1; i < 2; ++i) {
|
1512
|
-
fe_sq_tt(&t1, &t1);
|
1513
|
-
}
|
1514
|
-
fe_mul_ttt(&t1, z, &t1);
|
1515
|
-
fe_mul_ttt(&t0, &t0, &t1);
|
1516
|
-
fe_sq_tt(&t0, &t0);
|
1517
|
-
fe_mul_ttt(&t0, &t1, &t0);
|
1518
|
-
fe_sq_tt(&t1, &t0);
|
1519
|
-
for (i = 1; i < 5; ++i) {
|
1520
|
-
fe_sq_tt(&t1, &t1);
|
1521
|
-
}
|
1522
|
-
fe_mul_ttt(&t0, &t1, &t0);
|
1523
|
-
fe_sq_tt(&t1, &t0);
|
1524
|
-
for (i = 1; i < 10; ++i) {
|
1525
|
-
fe_sq_tt(&t1, &t1);
|
1526
|
-
}
|
1527
|
-
fe_mul_ttt(&t1, &t1, &t0);
|
1528
|
-
fe_sq_tt(&t2, &t1);
|
1529
|
-
for (i = 1; i < 20; ++i) {
|
1530
|
-
fe_sq_tt(&t2, &t2);
|
1531
|
-
}
|
1532
|
-
fe_mul_ttt(&t1, &t2, &t1);
|
1533
|
-
fe_sq_tt(&t1, &t1);
|
1534
|
-
for (i = 1; i < 10; ++i) {
|
1535
|
-
fe_sq_tt(&t1, &t1);
|
1536
|
-
}
|
1537
|
-
fe_mul_ttt(&t0, &t1, &t0);
|
1538
|
-
fe_sq_tt(&t1, &t0);
|
1539
|
-
for (i = 1; i < 50; ++i) {
|
1540
|
-
fe_sq_tt(&t1, &t1);
|
1541
|
-
}
|
1542
|
-
fe_mul_ttt(&t1, &t1, &t0);
|
1543
|
-
fe_sq_tt(&t2, &t1);
|
1544
|
-
for (i = 1; i < 100; ++i) {
|
1545
|
-
fe_sq_tt(&t2, &t2);
|
1546
|
-
}
|
1547
|
-
fe_mul_ttt(&t1, &t2, &t1);
|
1548
|
-
fe_sq_tt(&t1, &t1);
|
1549
|
-
for (i = 1; i < 50; ++i) {
|
1550
|
-
fe_sq_tt(&t1, &t1);
|
1551
|
-
}
|
1552
|
-
fe_mul_ttt(&t0, &t1, &t0);
|
1553
|
-
fe_sq_tt(&t0, &t0);
|
1554
|
-
for (i = 1; i < 2; ++i) {
|
1555
|
-
fe_sq_tt(&t0, &t0);
|
1556
|
-
}
|
1557
|
-
fe_mul_ttt(out, &t0, z);
|
1558
|
-
}
|
1559
|
-
|
1560
|
-
|
1561
|
-
// Group operations.
|
1562
|
-
|
1563
|
-
void x25519_ge_tobytes(uint8_t s[32], const ge_p2 *h) {
|
1564
|
-
fe recip;
|
1565
|
-
fe x;
|
1566
|
-
fe y;
|
1567
|
-
|
1568
|
-
fe_invert(&recip, &h->Z);
|
1569
|
-
fe_mul_ttt(&x, &h->X, &recip);
|
1570
|
-
fe_mul_ttt(&y, &h->Y, &recip);
|
1571
|
-
fe_tobytes(s, &y);
|
1572
|
-
s[31] ^= fe_isnegative(&x) << 7;
|
1573
|
-
}
|
1574
|
-
|
1575
|
-
static void ge_p3_tobytes(uint8_t s[32], const ge_p3 *h) {
|
1576
|
-
fe recip;
|
1577
|
-
fe x;
|
1578
|
-
fe y;
|
1579
|
-
|
1580
|
-
fe_invert(&recip, &h->Z);
|
1581
|
-
fe_mul_ttt(&x, &h->X, &recip);
|
1582
|
-
fe_mul_ttt(&y, &h->Y, &recip);
|
1583
|
-
fe_tobytes(s, &y);
|
1584
|
-
s[31] ^= fe_isnegative(&x) << 7;
|
1585
|
-
}
|
1586
|
-
|
1587
|
-
int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) {
|
1588
|
-
fe u;
|
1589
|
-
fe_loose v;
|
1590
|
-
fe v3;
|
1591
|
-
fe vxx;
|
1592
|
-
fe_loose check;
|
1593
|
-
|
1594
|
-
fe_frombytes(&h->Y, s);
|
1595
|
-
fe_1(&h->Z);
|
1596
|
-
fe_sq_tt(&v3, &h->Y);
|
1597
|
-
fe_mul_ttt(&vxx, &v3, &d);
|
1598
|
-
fe_sub(&v, &v3, &h->Z); // u = y^2-1
|
1599
|
-
fe_carry(&u, &v);
|
1600
|
-
fe_add(&v, &vxx, &h->Z); // v = dy^2+1
|
1601
|
-
|
1602
|
-
fe_sq_tl(&v3, &v);
|
1603
|
-
fe_mul_ttl(&v3, &v3, &v); // v3 = v^3
|
1604
|
-
fe_sq_tt(&h->X, &v3);
|
1605
|
-
fe_mul_ttl(&h->X, &h->X, &v);
|
1606
|
-
fe_mul_ttt(&h->X, &h->X, &u); // x = uv^7
|
1607
|
-
|
1608
|
-
fe_pow22523(&h->X, &h->X); // x = (uv^7)^((q-5)/8)
|
1609
|
-
fe_mul_ttt(&h->X, &h->X, &v3);
|
1610
|
-
fe_mul_ttt(&h->X, &h->X, &u); // x = uv^3(uv^7)^((q-5)/8)
|
1611
|
-
|
1612
|
-
fe_sq_tt(&vxx, &h->X);
|
1613
|
-
fe_mul_ttl(&vxx, &vxx, &v);
|
1614
|
-
fe_sub(&check, &vxx, &u);
|
1615
|
-
if (fe_isnonzero(&check)) {
|
1616
|
-
fe_add(&check, &vxx, &u);
|
1617
|
-
if (fe_isnonzero(&check)) {
|
1618
|
-
return -1;
|
1619
|
-
}
|
1620
|
-
fe_mul_ttt(&h->X, &h->X, &sqrtm1);
|
1621
|
-
}
|
1622
|
-
|
1623
|
-
if (fe_isnegative(&h->X) != (s[31] >> 7)) {
|
1624
|
-
fe_loose t;
|
1625
|
-
fe_neg(&t, &h->X);
|
1626
|
-
fe_carry(&h->X, &t);
|
1627
|
-
}
|
1628
|
-
|
1629
|
-
fe_mul_ttt(&h->T, &h->X, &h->Y);
|
1630
|
-
return 0;
|
1631
|
-
}
|
1632
|
-
|
1633
|
-
static void ge_p2_0(ge_p2 *h) {
|
1634
|
-
fe_0(&h->X);
|
1635
|
-
fe_1(&h->Y);
|
1636
|
-
fe_1(&h->Z);
|
1637
|
-
}
|
1638
|
-
|
1639
|
-
static void ge_p3_0(ge_p3 *h) {
|
1640
|
-
fe_0(&h->X);
|
1641
|
-
fe_1(&h->Y);
|
1642
|
-
fe_1(&h->Z);
|
1643
|
-
fe_0(&h->T);
|
1644
|
-
}
|
1645
|
-
|
1646
|
-
static void ge_cached_0(ge_cached *h) {
|
1647
|
-
fe_loose_1(&h->YplusX);
|
1648
|
-
fe_loose_1(&h->YminusX);
|
1649
|
-
fe_loose_1(&h->Z);
|
1650
|
-
fe_loose_0(&h->T2d);
|
1651
|
-
}
|
1652
|
-
|
1653
|
-
static void ge_precomp_0(ge_precomp *h) {
|
1654
|
-
fe_loose_1(&h->yplusx);
|
1655
|
-
fe_loose_1(&h->yminusx);
|
1656
|
-
fe_loose_0(&h->xy2d);
|
1657
|
-
}
|
1658
|
-
|
1659
|
-
// r = p
|
1660
|
-
static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) {
|
1661
|
-
fe_copy(&r->X, &p->X);
|
1662
|
-
fe_copy(&r->Y, &p->Y);
|
1663
|
-
fe_copy(&r->Z, &p->Z);
|
1664
|
-
}
|
1665
|
-
|
1666
|
-
// r = p
|
1667
|
-
void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p) {
|
1668
|
-
fe_add(&r->YplusX, &p->Y, &p->X);
|
1669
|
-
fe_sub(&r->YminusX, &p->Y, &p->X);
|
1670
|
-
fe_copy_lt(&r->Z, &p->Z);
|
1671
|
-
fe_mul_ltt(&r->T2d, &p->T, &d2);
|
1672
|
-
}
|
1673
|
-
|
1674
|
-
// r = p
|
1675
|
-
void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) {
|
1676
|
-
fe_mul_tll(&r->X, &p->X, &p->T);
|
1677
|
-
fe_mul_tll(&r->Y, &p->Y, &p->Z);
|
1678
|
-
fe_mul_tll(&r->Z, &p->Z, &p->T);
|
1679
|
-
}
|
1680
|
-
|
1681
|
-
// r = p
|
1682
|
-
void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) {
|
1683
|
-
fe_mul_tll(&r->X, &p->X, &p->T);
|
1684
|
-
fe_mul_tll(&r->Y, &p->Y, &p->Z);
|
1685
|
-
fe_mul_tll(&r->Z, &p->Z, &p->T);
|
1686
|
-
fe_mul_tll(&r->T, &p->X, &p->Y);
|
1687
|
-
}
|
1688
|
-
|
1689
|
-
// r = p
|
1690
|
-
static void ge_p1p1_to_cached(ge_cached *r, const ge_p1p1 *p) {
|
1691
|
-
ge_p3 t;
|
1692
|
-
x25519_ge_p1p1_to_p3(&t, p);
|
1693
|
-
x25519_ge_p3_to_cached(r, &t);
|
1694
|
-
}
|
1695
|
-
|
1696
|
-
// r = 2 * p
|
1697
|
-
static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) {
|
1698
|
-
fe trX, trZ, trT;
|
1699
|
-
fe t0;
|
1700
|
-
|
1701
|
-
fe_sq_tt(&trX, &p->X);
|
1702
|
-
fe_sq_tt(&trZ, &p->Y);
|
1703
|
-
fe_sq2_tt(&trT, &p->Z);
|
1704
|
-
fe_add(&r->Y, &p->X, &p->Y);
|
1705
|
-
fe_sq_tl(&t0, &r->Y);
|
1706
|
-
|
1707
|
-
fe_add(&r->Y, &trZ, &trX);
|
1708
|
-
fe_sub(&r->Z, &trZ, &trX);
|
1709
|
-
fe_carry(&trZ, &r->Y);
|
1710
|
-
fe_sub(&r->X, &t0, &trZ);
|
1711
|
-
fe_carry(&trZ, &r->Z);
|
1712
|
-
fe_sub(&r->T, &trT, &trZ);
|
1713
|
-
}
|
1714
|
-
|
1715
|
-
// r = 2 * p
|
1716
|
-
static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) {
|
1717
|
-
ge_p2 q;
|
1718
|
-
ge_p3_to_p2(&q, p);
|
1719
|
-
ge_p2_dbl(r, &q);
|
1720
|
-
}
|
1721
|
-
|
1722
|
-
// r = p + q
|
1723
|
-
static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
|
1724
|
-
fe trY, trZ, trT;
|
1725
|
-
|
1726
|
-
fe_add(&r->X, &p->Y, &p->X);
|
1727
|
-
fe_sub(&r->Y, &p->Y, &p->X);
|
1728
|
-
fe_mul_tll(&trZ, &r->X, &q->yplusx);
|
1729
|
-
fe_mul_tll(&trY, &r->Y, &q->yminusx);
|
1730
|
-
fe_mul_tlt(&trT, &q->xy2d, &p->T);
|
1731
|
-
fe_add(&r->T, &p->Z, &p->Z);
|
1732
|
-
fe_sub(&r->X, &trZ, &trY);
|
1733
|
-
fe_add(&r->Y, &trZ, &trY);
|
1734
|
-
fe_carry(&trZ, &r->T);
|
1735
|
-
fe_add(&r->Z, &trZ, &trT);
|
1736
|
-
fe_sub(&r->T, &trZ, &trT);
|
1737
|
-
}
|
1738
|
-
|
1739
|
-
// r = p - q
|
1740
|
-
static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
|
1741
|
-
fe trY, trZ, trT;
|
1742
|
-
|
1743
|
-
fe_add(&r->X, &p->Y, &p->X);
|
1744
|
-
fe_sub(&r->Y, &p->Y, &p->X);
|
1745
|
-
fe_mul_tll(&trZ, &r->X, &q->yminusx);
|
1746
|
-
fe_mul_tll(&trY, &r->Y, &q->yplusx);
|
1747
|
-
fe_mul_tlt(&trT, &q->xy2d, &p->T);
|
1748
|
-
fe_add(&r->T, &p->Z, &p->Z);
|
1749
|
-
fe_sub(&r->X, &trZ, &trY);
|
1750
|
-
fe_add(&r->Y, &trZ, &trY);
|
1751
|
-
fe_carry(&trZ, &r->T);
|
1752
|
-
fe_sub(&r->Z, &trZ, &trT);
|
1753
|
-
fe_add(&r->T, &trZ, &trT);
|
1754
|
-
}
|
1755
|
-
|
1756
|
-
// r = p + q
|
1757
|
-
void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
|
1758
|
-
fe trX, trY, trZ, trT;
|
1759
|
-
|
1760
|
-
fe_add(&r->X, &p->Y, &p->X);
|
1761
|
-
fe_sub(&r->Y, &p->Y, &p->X);
|
1762
|
-
fe_mul_tll(&trZ, &r->X, &q->YplusX);
|
1763
|
-
fe_mul_tll(&trY, &r->Y, &q->YminusX);
|
1764
|
-
fe_mul_tlt(&trT, &q->T2d, &p->T);
|
1765
|
-
fe_mul_ttl(&trX, &p->Z, &q->Z);
|
1766
|
-
fe_add(&r->T, &trX, &trX);
|
1767
|
-
fe_sub(&r->X, &trZ, &trY);
|
1768
|
-
fe_add(&r->Y, &trZ, &trY);
|
1769
|
-
fe_carry(&trZ, &r->T);
|
1770
|
-
fe_add(&r->Z, &trZ, &trT);
|
1771
|
-
fe_sub(&r->T, &trZ, &trT);
|
1772
|
-
}
|
1773
|
-
|
1774
|
-
// r = p - q
|
1775
|
-
void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
|
1776
|
-
fe trX, trY, trZ, trT;
|
1777
|
-
|
1778
|
-
fe_add(&r->X, &p->Y, &p->X);
|
1779
|
-
fe_sub(&r->Y, &p->Y, &p->X);
|
1780
|
-
fe_mul_tll(&trZ, &r->X, &q->YminusX);
|
1781
|
-
fe_mul_tll(&trY, &r->Y, &q->YplusX);
|
1782
|
-
fe_mul_tlt(&trT, &q->T2d, &p->T);
|
1783
|
-
fe_mul_ttl(&trX, &p->Z, &q->Z);
|
1784
|
-
fe_add(&r->T, &trX, &trX);
|
1785
|
-
fe_sub(&r->X, &trZ, &trY);
|
1786
|
-
fe_add(&r->Y, &trZ, &trY);
|
1787
|
-
fe_carry(&trZ, &r->T);
|
1788
|
-
fe_sub(&r->Z, &trZ, &trT);
|
1789
|
-
fe_add(&r->T, &trZ, &trT);
|
1790
|
-
}
|
1791
|
-
|
1792
|
-
static uint8_t equal(signed char b, signed char c) {
|
1793
|
-
uint8_t ub = b;
|
1794
|
-
uint8_t uc = c;
|
1795
|
-
uint8_t x = ub ^ uc; // 0: yes; 1..255: no
|
1796
|
-
uint32_t y = x; // 0: yes; 1..255: no
|
1797
|
-
y -= 1; // 4294967295: yes; 0..254: no
|
1798
|
-
y >>= 31; // 1: yes; 0: no
|
1799
|
-
return y;
|
1800
|
-
}
|
1801
|
-
|
1802
|
-
static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) {
|
1803
|
-
fe_cmov(&t->yplusx, &u->yplusx, b);
|
1804
|
-
fe_cmov(&t->yminusx, &u->yminusx, b);
|
1805
|
-
fe_cmov(&t->xy2d, &u->xy2d, b);
|
1806
|
-
}
|
1807
|
-
|
1808
|
-
void x25519_ge_scalarmult_small_precomp(
|
1809
|
-
ge_p3 *h, const uint8_t a[32], const uint8_t precomp_table[15 * 2 * 32]) {
|
1810
|
-
// precomp_table is first expanded into matching |ge_precomp|
|
1811
|
-
// elements.
|
1812
|
-
ge_precomp multiples[15];
|
1813
|
-
|
1814
|
-
unsigned i;
|
1815
|
-
for (i = 0; i < 15; i++) {
|
1816
|
-
const uint8_t *bytes = &precomp_table[i*(2 * 32)];
|
1817
|
-
fe x, y;
|
1818
|
-
fe_frombytes(&x, bytes);
|
1819
|
-
fe_frombytes(&y, bytes + 32);
|
1820
|
-
|
1821
|
-
ge_precomp *out = &multiples[i];
|
1822
|
-
fe_add(&out->yplusx, &y, &x);
|
1823
|
-
fe_sub(&out->yminusx, &y, &x);
|
1824
|
-
fe_mul_ltt(&out->xy2d, &x, &y);
|
1825
|
-
fe_mul_llt(&out->xy2d, &out->xy2d, &d2);
|
1826
|
-
}
|
1827
|
-
|
1828
|
-
// See the comment above |k25519SmallPrecomp| about the structure of the
|
1829
|
-
// precomputed elements. This loop does 64 additions and 64 doublings to
|
1830
|
-
// calculate the result.
|
1831
|
-
ge_p3_0(h);
|
1832
|
-
|
1833
|
-
for (i = 63; i < 64; i--) {
|
1834
|
-
unsigned j;
|
1835
|
-
signed char index = 0;
|
1836
|
-
|
1837
|
-
for (j = 0; j < 4; j++) {
|
1838
|
-
const uint8_t bit = 1 & (a[(8 * j) + (i / 8)] >> (i & 7));
|
1839
|
-
index |= (bit << j);
|
1840
|
-
}
|
1841
|
-
|
1842
|
-
ge_precomp e;
|
1843
|
-
ge_precomp_0(&e);
|
1844
|
-
|
1845
|
-
for (j = 1; j < 16; j++) {
|
1846
|
-
cmov(&e, &multiples[j-1], equal(index, j));
|
1847
|
-
}
|
1848
|
-
|
1849
|
-
ge_cached cached;
|
1850
|
-
ge_p1p1 r;
|
1851
|
-
x25519_ge_p3_to_cached(&cached, h);
|
1852
|
-
x25519_ge_add(&r, h, &cached);
|
1853
|
-
x25519_ge_p1p1_to_p3(h, &r);
|
1854
|
-
|
1855
|
-
ge_madd(&r, h, &e);
|
1856
|
-
x25519_ge_p1p1_to_p3(h, &r);
|
1857
|
-
}
|
1858
|
-
}
|
1859
|
-
|
1860
|
-
#if defined(OPENSSL_SMALL)
|
1861
|
-
|
1862
|
-
void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) {
|
1863
|
-
x25519_ge_scalarmult_small_precomp(h, a, k25519SmallPrecomp);
|
1864
|
-
}
|
1865
|
-
|
1866
|
-
#else
|
1867
|
-
|
1868
|
-
static uint8_t negative(signed char b) {
|
1869
|
-
uint32_t x = b;
|
1870
|
-
x >>= 31; // 1: yes; 0: no
|
1871
|
-
return x;
|
1872
|
-
}
|
1873
|
-
|
1874
|
-
static void table_select(ge_precomp *t, int pos, signed char b) {
|
1875
|
-
ge_precomp minust;
|
1876
|
-
uint8_t bnegative = negative(b);
|
1877
|
-
uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);
|
1878
|
-
|
1879
|
-
ge_precomp_0(t);
|
1880
|
-
cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
|
1881
|
-
cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
|
1882
|
-
cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
|
1883
|
-
cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
|
1884
|
-
cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
|
1885
|
-
cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
|
1886
|
-
cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
|
1887
|
-
cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
|
1888
|
-
fe_copy_ll(&minust.yplusx, &t->yminusx);
|
1889
|
-
fe_copy_ll(&minust.yminusx, &t->yplusx);
|
1890
|
-
|
1891
|
-
// NOTE: the input table is canonical, but types don't encode it
|
1892
|
-
fe tmp;
|
1893
|
-
fe_carry(&tmp, &t->xy2d);
|
1894
|
-
fe_neg(&minust.xy2d, &tmp);
|
1895
|
-
|
1896
|
-
cmov(t, &minust, bnegative);
|
1897
|
-
}
|
1898
|
-
|
1899
|
-
// h = a * B
|
1900
|
-
// where a = a[0]+256*a[1]+...+256^31 a[31]
|
1901
|
-
// B is the Ed25519 base point (x,4/5) with x positive.
|
1902
|
-
//
|
1903
|
-
// Preconditions:
|
1904
|
-
// a[31] <= 127
|
1905
|
-
void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
|
1906
|
-
signed char e[64];
|
1907
|
-
signed char carry;
|
1908
|
-
ge_p1p1 r;
|
1909
|
-
ge_p2 s;
|
1910
|
-
ge_precomp t;
|
1911
|
-
int i;
|
1912
|
-
|
1913
|
-
for (i = 0; i < 32; ++i) {
|
1914
|
-
e[2 * i + 0] = (a[i] >> 0) & 15;
|
1915
|
-
e[2 * i + 1] = (a[i] >> 4) & 15;
|
1916
|
-
}
|
1917
|
-
// each e[i] is between 0 and 15
|
1918
|
-
// e[63] is between 0 and 7
|
1919
|
-
|
1920
|
-
carry = 0;
|
1921
|
-
for (i = 0; i < 63; ++i) {
|
1922
|
-
e[i] += carry;
|
1923
|
-
carry = e[i] + 8;
|
1924
|
-
carry >>= 4;
|
1925
|
-
e[i] -= carry << 4;
|
1926
|
-
}
|
1927
|
-
e[63] += carry;
|
1928
|
-
// each e[i] is between -8 and 8
|
1929
|
-
|
1930
|
-
ge_p3_0(h);
|
1931
|
-
for (i = 1; i < 64; i += 2) {
|
1932
|
-
table_select(&t, i / 2, e[i]);
|
1933
|
-
ge_madd(&r, h, &t);
|
1934
|
-
x25519_ge_p1p1_to_p3(h, &r);
|
1935
|
-
}
|
1936
|
-
|
1937
|
-
ge_p3_dbl(&r, h);
|
1938
|
-
x25519_ge_p1p1_to_p2(&s, &r);
|
1939
|
-
ge_p2_dbl(&r, &s);
|
1940
|
-
x25519_ge_p1p1_to_p2(&s, &r);
|
1941
|
-
ge_p2_dbl(&r, &s);
|
1942
|
-
x25519_ge_p1p1_to_p2(&s, &r);
|
1943
|
-
ge_p2_dbl(&r, &s);
|
1944
|
-
x25519_ge_p1p1_to_p3(h, &r);
|
1945
|
-
|
1946
|
-
for (i = 0; i < 64; i += 2) {
|
1947
|
-
table_select(&t, i / 2, e[i]);
|
1948
|
-
ge_madd(&r, h, &t);
|
1949
|
-
x25519_ge_p1p1_to_p3(h, &r);
|
1950
|
-
}
|
1951
|
-
}
|
1952
|
-
|
1953
|
-
#endif
|
1954
|
-
|
1955
|
-
static void cmov_cached(ge_cached *t, ge_cached *u, uint8_t b) {
|
1956
|
-
fe_cmov(&t->YplusX, &u->YplusX, b);
|
1957
|
-
fe_cmov(&t->YminusX, &u->YminusX, b);
|
1958
|
-
fe_cmov(&t->Z, &u->Z, b);
|
1959
|
-
fe_cmov(&t->T2d, &u->T2d, b);
|
1960
|
-
}
|
1961
|
-
|
1962
|
-
// r = scalar * A.
|
1963
|
-
// where a = a[0]+256*a[1]+...+256^31 a[31].
|
1964
|
-
void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A) {
|
1965
|
-
ge_p2 Ai_p2[8];
|
1966
|
-
ge_cached Ai[16];
|
1967
|
-
ge_p1p1 t;
|
1968
|
-
|
1969
|
-
ge_cached_0(&Ai[0]);
|
1970
|
-
x25519_ge_p3_to_cached(&Ai[1], A);
|
1971
|
-
ge_p3_to_p2(&Ai_p2[1], A);
|
1972
|
-
|
1973
|
-
unsigned i;
|
1974
|
-
for (i = 2; i < 16; i += 2) {
|
1975
|
-
ge_p2_dbl(&t, &Ai_p2[i / 2]);
|
1976
|
-
ge_p1p1_to_cached(&Ai[i], &t);
|
1977
|
-
if (i < 8) {
|
1978
|
-
x25519_ge_p1p1_to_p2(&Ai_p2[i], &t);
|
1979
|
-
}
|
1980
|
-
x25519_ge_add(&t, A, &Ai[i]);
|
1981
|
-
ge_p1p1_to_cached(&Ai[i + 1], &t);
|
1982
|
-
if (i < 7) {
|
1983
|
-
x25519_ge_p1p1_to_p2(&Ai_p2[i + 1], &t);
|
1984
|
-
}
|
1985
|
-
}
|
1986
|
-
|
1987
|
-
ge_p2_0(r);
|
1988
|
-
ge_p3 u;
|
1989
|
-
|
1990
|
-
for (i = 0; i < 256; i += 4) {
|
1991
|
-
ge_p2_dbl(&t, r);
|
1992
|
-
x25519_ge_p1p1_to_p2(r, &t);
|
1993
|
-
ge_p2_dbl(&t, r);
|
1994
|
-
x25519_ge_p1p1_to_p2(r, &t);
|
1995
|
-
ge_p2_dbl(&t, r);
|
1996
|
-
x25519_ge_p1p1_to_p2(r, &t);
|
1997
|
-
ge_p2_dbl(&t, r);
|
1998
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
1999
|
-
|
2000
|
-
uint8_t index = scalar[31 - i/8];
|
2001
|
-
index >>= 4 - (i & 4);
|
2002
|
-
index &= 0xf;
|
2003
|
-
|
2004
|
-
unsigned j;
|
2005
|
-
ge_cached selected;
|
2006
|
-
ge_cached_0(&selected);
|
2007
|
-
for (j = 0; j < 16; j++) {
|
2008
|
-
cmov_cached(&selected, &Ai[j], equal(j, index));
|
2009
|
-
}
|
2010
|
-
|
2011
|
-
x25519_ge_add(&t, &u, &selected);
|
2012
|
-
x25519_ge_p1p1_to_p2(r, &t);
|
2013
|
-
}
|
2014
|
-
}
|
2015
|
-
|
2016
|
-
static void slide(signed char *r, const uint8_t *a) {
|
2017
|
-
int i;
|
2018
|
-
int b;
|
2019
|
-
int k;
|
2020
|
-
|
2021
|
-
for (i = 0; i < 256; ++i) {
|
2022
|
-
r[i] = 1 & (a[i >> 3] >> (i & 7));
|
2023
|
-
}
|
2024
|
-
|
2025
|
-
for (i = 0; i < 256; ++i) {
|
2026
|
-
if (r[i]) {
|
2027
|
-
for (b = 1; b <= 6 && i + b < 256; ++b) {
|
2028
|
-
if (r[i + b]) {
|
2029
|
-
if (r[i] + (r[i + b] << b) <= 15) {
|
2030
|
-
r[i] += r[i + b] << b;
|
2031
|
-
r[i + b] = 0;
|
2032
|
-
} else if (r[i] - (r[i + b] << b) >= -15) {
|
2033
|
-
r[i] -= r[i + b] << b;
|
2034
|
-
for (k = i + b; k < 256; ++k) {
|
2035
|
-
if (!r[k]) {
|
2036
|
-
r[k] = 1;
|
2037
|
-
break;
|
2038
|
-
}
|
2039
|
-
r[k] = 0;
|
2040
|
-
}
|
2041
|
-
} else {
|
2042
|
-
break;
|
2043
|
-
}
|
2044
|
-
}
|
2045
|
-
}
|
2046
|
-
}
|
2047
|
-
}
|
2048
|
-
}
|
2049
|
-
|
2050
|
-
// r = a * A + b * B
|
2051
|
-
// where a = a[0]+256*a[1]+...+256^31 a[31].
|
2052
|
-
// and b = b[0]+256*b[1]+...+256^31 b[31].
|
2053
|
-
// B is the Ed25519 base point (x,4/5) with x positive.
|
2054
|
-
static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a,
|
2055
|
-
const ge_p3 *A, const uint8_t *b) {
|
2056
|
-
signed char aslide[256];
|
2057
|
-
signed char bslide[256];
|
2058
|
-
ge_cached Ai[8]; // A,3A,5A,7A,9A,11A,13A,15A
|
2059
|
-
ge_p1p1 t;
|
2060
|
-
ge_p3 u;
|
2061
|
-
ge_p3 A2;
|
2062
|
-
int i;
|
2063
|
-
|
2064
|
-
slide(aslide, a);
|
2065
|
-
slide(bslide, b);
|
2066
|
-
|
2067
|
-
x25519_ge_p3_to_cached(&Ai[0], A);
|
2068
|
-
ge_p3_dbl(&t, A);
|
2069
|
-
x25519_ge_p1p1_to_p3(&A2, &t);
|
2070
|
-
x25519_ge_add(&t, &A2, &Ai[0]);
|
2071
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2072
|
-
x25519_ge_p3_to_cached(&Ai[1], &u);
|
2073
|
-
x25519_ge_add(&t, &A2, &Ai[1]);
|
2074
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2075
|
-
x25519_ge_p3_to_cached(&Ai[2], &u);
|
2076
|
-
x25519_ge_add(&t, &A2, &Ai[2]);
|
2077
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2078
|
-
x25519_ge_p3_to_cached(&Ai[3], &u);
|
2079
|
-
x25519_ge_add(&t, &A2, &Ai[3]);
|
2080
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2081
|
-
x25519_ge_p3_to_cached(&Ai[4], &u);
|
2082
|
-
x25519_ge_add(&t, &A2, &Ai[4]);
|
2083
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2084
|
-
x25519_ge_p3_to_cached(&Ai[5], &u);
|
2085
|
-
x25519_ge_add(&t, &A2, &Ai[5]);
|
2086
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2087
|
-
x25519_ge_p3_to_cached(&Ai[6], &u);
|
2088
|
-
x25519_ge_add(&t, &A2, &Ai[6]);
|
2089
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2090
|
-
x25519_ge_p3_to_cached(&Ai[7], &u);
|
2091
|
-
|
2092
|
-
ge_p2_0(r);
|
2093
|
-
|
2094
|
-
for (i = 255; i >= 0; --i) {
|
2095
|
-
if (aslide[i] || bslide[i]) {
|
2096
|
-
break;
|
2097
|
-
}
|
2098
|
-
}
|
2099
|
-
|
2100
|
-
for (; i >= 0; --i) {
|
2101
|
-
ge_p2_dbl(&t, r);
|
2102
|
-
|
2103
|
-
if (aslide[i] > 0) {
|
2104
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2105
|
-
x25519_ge_add(&t, &u, &Ai[aslide[i] / 2]);
|
2106
|
-
} else if (aslide[i] < 0) {
|
2107
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2108
|
-
x25519_ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
|
2109
|
-
}
|
2110
|
-
|
2111
|
-
if (bslide[i] > 0) {
|
2112
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2113
|
-
ge_madd(&t, &u, &Bi[bslide[i] / 2]);
|
2114
|
-
} else if (bslide[i] < 0) {
|
2115
|
-
x25519_ge_p1p1_to_p3(&u, &t);
|
2116
|
-
ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]);
|
2117
|
-
}
|
2118
|
-
|
2119
|
-
x25519_ge_p1p1_to_p2(r, &t);
|
2120
|
-
}
|
2121
|
-
}
|
2122
|
-
|
2123
|
-
// The set of scalars is \Z/l
|
2124
|
-
// where l = 2^252 + 27742317777372353535851937790883648493.
|
2125
|
-
|
2126
|
-
// Input:
|
2127
|
-
// s[0]+256*s[1]+...+256^63*s[63] = s
|
2128
|
-
//
|
2129
|
-
// Output:
|
2130
|
-
// s[0]+256*s[1]+...+256^31*s[31] = s mod l
|
2131
|
-
// where l = 2^252 + 27742317777372353535851937790883648493.
|
2132
|
-
// Overwrites s in place.
|
2133
|
-
void x25519_sc_reduce(uint8_t s[64]) {
|
2134
|
-
int64_t s0 = 2097151 & load_3(s);
|
2135
|
-
int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
|
2136
|
-
int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
|
2137
|
-
int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
|
2138
|
-
int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
|
2139
|
-
int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
|
2140
|
-
int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
|
2141
|
-
int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
|
2142
|
-
int64_t s8 = 2097151 & load_3(s + 21);
|
2143
|
-
int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
|
2144
|
-
int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
|
2145
|
-
int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
|
2146
|
-
int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
|
2147
|
-
int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
|
2148
|
-
int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
|
2149
|
-
int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
|
2150
|
-
int64_t s16 = 2097151 & load_3(s + 42);
|
2151
|
-
int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
|
2152
|
-
int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
|
2153
|
-
int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
|
2154
|
-
int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
|
2155
|
-
int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
|
2156
|
-
int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
|
2157
|
-
int64_t s23 = (load_4(s + 60) >> 3);
|
2158
|
-
int64_t carry0;
|
2159
|
-
int64_t carry1;
|
2160
|
-
int64_t carry2;
|
2161
|
-
int64_t carry3;
|
2162
|
-
int64_t carry4;
|
2163
|
-
int64_t carry5;
|
2164
|
-
int64_t carry6;
|
2165
|
-
int64_t carry7;
|
2166
|
-
int64_t carry8;
|
2167
|
-
int64_t carry9;
|
2168
|
-
int64_t carry10;
|
2169
|
-
int64_t carry11;
|
2170
|
-
int64_t carry12;
|
2171
|
-
int64_t carry13;
|
2172
|
-
int64_t carry14;
|
2173
|
-
int64_t carry15;
|
2174
|
-
int64_t carry16;
|
2175
|
-
|
2176
|
-
s11 += s23 * 666643;
|
2177
|
-
s12 += s23 * 470296;
|
2178
|
-
s13 += s23 * 654183;
|
2179
|
-
s14 -= s23 * 997805;
|
2180
|
-
s15 += s23 * 136657;
|
2181
|
-
s16 -= s23 * 683901;
|
2182
|
-
s23 = 0;
|
2183
|
-
|
2184
|
-
s10 += s22 * 666643;
|
2185
|
-
s11 += s22 * 470296;
|
2186
|
-
s12 += s22 * 654183;
|
2187
|
-
s13 -= s22 * 997805;
|
2188
|
-
s14 += s22 * 136657;
|
2189
|
-
s15 -= s22 * 683901;
|
2190
|
-
s22 = 0;
|
2191
|
-
|
2192
|
-
s9 += s21 * 666643;
|
2193
|
-
s10 += s21 * 470296;
|
2194
|
-
s11 += s21 * 654183;
|
2195
|
-
s12 -= s21 * 997805;
|
2196
|
-
s13 += s21 * 136657;
|
2197
|
-
s14 -= s21 * 683901;
|
2198
|
-
s21 = 0;
|
2199
|
-
|
2200
|
-
s8 += s20 * 666643;
|
2201
|
-
s9 += s20 * 470296;
|
2202
|
-
s10 += s20 * 654183;
|
2203
|
-
s11 -= s20 * 997805;
|
2204
|
-
s12 += s20 * 136657;
|
2205
|
-
s13 -= s20 * 683901;
|
2206
|
-
s20 = 0;
|
2207
|
-
|
2208
|
-
s7 += s19 * 666643;
|
2209
|
-
s8 += s19 * 470296;
|
2210
|
-
s9 += s19 * 654183;
|
2211
|
-
s10 -= s19 * 997805;
|
2212
|
-
s11 += s19 * 136657;
|
2213
|
-
s12 -= s19 * 683901;
|
2214
|
-
s19 = 0;
|
2215
|
-
|
2216
|
-
s6 += s18 * 666643;
|
2217
|
-
s7 += s18 * 470296;
|
2218
|
-
s8 += s18 * 654183;
|
2219
|
-
s9 -= s18 * 997805;
|
2220
|
-
s10 += s18 * 136657;
|
2221
|
-
s11 -= s18 * 683901;
|
2222
|
-
s18 = 0;
|
2223
|
-
|
2224
|
-
carry6 = (s6 + (1 << 20)) >> 21;
|
2225
|
-
s7 += carry6;
|
2226
|
-
s6 -= carry6 << 21;
|
2227
|
-
carry8 = (s8 + (1 << 20)) >> 21;
|
2228
|
-
s9 += carry8;
|
2229
|
-
s8 -= carry8 << 21;
|
2230
|
-
carry10 = (s10 + (1 << 20)) >> 21;
|
2231
|
-
s11 += carry10;
|
2232
|
-
s10 -= carry10 << 21;
|
2233
|
-
carry12 = (s12 + (1 << 20)) >> 21;
|
2234
|
-
s13 += carry12;
|
2235
|
-
s12 -= carry12 << 21;
|
2236
|
-
carry14 = (s14 + (1 << 20)) >> 21;
|
2237
|
-
s15 += carry14;
|
2238
|
-
s14 -= carry14 << 21;
|
2239
|
-
carry16 = (s16 + (1 << 20)) >> 21;
|
2240
|
-
s17 += carry16;
|
2241
|
-
s16 -= carry16 << 21;
|
2242
|
-
|
2243
|
-
carry7 = (s7 + (1 << 20)) >> 21;
|
2244
|
-
s8 += carry7;
|
2245
|
-
s7 -= carry7 << 21;
|
2246
|
-
carry9 = (s9 + (1 << 20)) >> 21;
|
2247
|
-
s10 += carry9;
|
2248
|
-
s9 -= carry9 << 21;
|
2249
|
-
carry11 = (s11 + (1 << 20)) >> 21;
|
2250
|
-
s12 += carry11;
|
2251
|
-
s11 -= carry11 << 21;
|
2252
|
-
carry13 = (s13 + (1 << 20)) >> 21;
|
2253
|
-
s14 += carry13;
|
2254
|
-
s13 -= carry13 << 21;
|
2255
|
-
carry15 = (s15 + (1 << 20)) >> 21;
|
2256
|
-
s16 += carry15;
|
2257
|
-
s15 -= carry15 << 21;
|
2258
|
-
|
2259
|
-
s5 += s17 * 666643;
|
2260
|
-
s6 += s17 * 470296;
|
2261
|
-
s7 += s17 * 654183;
|
2262
|
-
s8 -= s17 * 997805;
|
2263
|
-
s9 += s17 * 136657;
|
2264
|
-
s10 -= s17 * 683901;
|
2265
|
-
s17 = 0;
|
2266
|
-
|
2267
|
-
s4 += s16 * 666643;
|
2268
|
-
s5 += s16 * 470296;
|
2269
|
-
s6 += s16 * 654183;
|
2270
|
-
s7 -= s16 * 997805;
|
2271
|
-
s8 += s16 * 136657;
|
2272
|
-
s9 -= s16 * 683901;
|
2273
|
-
s16 = 0;
|
2274
|
-
|
2275
|
-
s3 += s15 * 666643;
|
2276
|
-
s4 += s15 * 470296;
|
2277
|
-
s5 += s15 * 654183;
|
2278
|
-
s6 -= s15 * 997805;
|
2279
|
-
s7 += s15 * 136657;
|
2280
|
-
s8 -= s15 * 683901;
|
2281
|
-
s15 = 0;
|
2282
|
-
|
2283
|
-
s2 += s14 * 666643;
|
2284
|
-
s3 += s14 * 470296;
|
2285
|
-
s4 += s14 * 654183;
|
2286
|
-
s5 -= s14 * 997805;
|
2287
|
-
s6 += s14 * 136657;
|
2288
|
-
s7 -= s14 * 683901;
|
2289
|
-
s14 = 0;
|
2290
|
-
|
2291
|
-
s1 += s13 * 666643;
|
2292
|
-
s2 += s13 * 470296;
|
2293
|
-
s3 += s13 * 654183;
|
2294
|
-
s4 -= s13 * 997805;
|
2295
|
-
s5 += s13 * 136657;
|
2296
|
-
s6 -= s13 * 683901;
|
2297
|
-
s13 = 0;
|
2298
|
-
|
2299
|
-
s0 += s12 * 666643;
|
2300
|
-
s1 += s12 * 470296;
|
2301
|
-
s2 += s12 * 654183;
|
2302
|
-
s3 -= s12 * 997805;
|
2303
|
-
s4 += s12 * 136657;
|
2304
|
-
s5 -= s12 * 683901;
|
2305
|
-
s12 = 0;
|
2306
|
-
|
2307
|
-
carry0 = (s0 + (1 << 20)) >> 21;
|
2308
|
-
s1 += carry0;
|
2309
|
-
s0 -= carry0 << 21;
|
2310
|
-
carry2 = (s2 + (1 << 20)) >> 21;
|
2311
|
-
s3 += carry2;
|
2312
|
-
s2 -= carry2 << 21;
|
2313
|
-
carry4 = (s4 + (1 << 20)) >> 21;
|
2314
|
-
s5 += carry4;
|
2315
|
-
s4 -= carry4 << 21;
|
2316
|
-
carry6 = (s6 + (1 << 20)) >> 21;
|
2317
|
-
s7 += carry6;
|
2318
|
-
s6 -= carry6 << 21;
|
2319
|
-
carry8 = (s8 + (1 << 20)) >> 21;
|
2320
|
-
s9 += carry8;
|
2321
|
-
s8 -= carry8 << 21;
|
2322
|
-
carry10 = (s10 + (1 << 20)) >> 21;
|
2323
|
-
s11 += carry10;
|
2324
|
-
s10 -= carry10 << 21;
|
2325
|
-
|
2326
|
-
carry1 = (s1 + (1 << 20)) >> 21;
|
2327
|
-
s2 += carry1;
|
2328
|
-
s1 -= carry1 << 21;
|
2329
|
-
carry3 = (s3 + (1 << 20)) >> 21;
|
2330
|
-
s4 += carry3;
|
2331
|
-
s3 -= carry3 << 21;
|
2332
|
-
carry5 = (s5 + (1 << 20)) >> 21;
|
2333
|
-
s6 += carry5;
|
2334
|
-
s5 -= carry5 << 21;
|
2335
|
-
carry7 = (s7 + (1 << 20)) >> 21;
|
2336
|
-
s8 += carry7;
|
2337
|
-
s7 -= carry7 << 21;
|
2338
|
-
carry9 = (s9 + (1 << 20)) >> 21;
|
2339
|
-
s10 += carry9;
|
2340
|
-
s9 -= carry9 << 21;
|
2341
|
-
carry11 = (s11 + (1 << 20)) >> 21;
|
2342
|
-
s12 += carry11;
|
2343
|
-
s11 -= carry11 << 21;
|
2344
|
-
|
2345
|
-
s0 += s12 * 666643;
|
2346
|
-
s1 += s12 * 470296;
|
2347
|
-
s2 += s12 * 654183;
|
2348
|
-
s3 -= s12 * 997805;
|
2349
|
-
s4 += s12 * 136657;
|
2350
|
-
s5 -= s12 * 683901;
|
2351
|
-
s12 = 0;
|
2352
|
-
|
2353
|
-
carry0 = s0 >> 21;
|
2354
|
-
s1 += carry0;
|
2355
|
-
s0 -= carry0 << 21;
|
2356
|
-
carry1 = s1 >> 21;
|
2357
|
-
s2 += carry1;
|
2358
|
-
s1 -= carry1 << 21;
|
2359
|
-
carry2 = s2 >> 21;
|
2360
|
-
s3 += carry2;
|
2361
|
-
s2 -= carry2 << 21;
|
2362
|
-
carry3 = s3 >> 21;
|
2363
|
-
s4 += carry3;
|
2364
|
-
s3 -= carry3 << 21;
|
2365
|
-
carry4 = s4 >> 21;
|
2366
|
-
s5 += carry4;
|
2367
|
-
s4 -= carry4 << 21;
|
2368
|
-
carry5 = s5 >> 21;
|
2369
|
-
s6 += carry5;
|
2370
|
-
s5 -= carry5 << 21;
|
2371
|
-
carry6 = s6 >> 21;
|
2372
|
-
s7 += carry6;
|
2373
|
-
s6 -= carry6 << 21;
|
2374
|
-
carry7 = s7 >> 21;
|
2375
|
-
s8 += carry7;
|
2376
|
-
s7 -= carry7 << 21;
|
2377
|
-
carry8 = s8 >> 21;
|
2378
|
-
s9 += carry8;
|
2379
|
-
s8 -= carry8 << 21;
|
2380
|
-
carry9 = s9 >> 21;
|
2381
|
-
s10 += carry9;
|
2382
|
-
s9 -= carry9 << 21;
|
2383
|
-
carry10 = s10 >> 21;
|
2384
|
-
s11 += carry10;
|
2385
|
-
s10 -= carry10 << 21;
|
2386
|
-
carry11 = s11 >> 21;
|
2387
|
-
s12 += carry11;
|
2388
|
-
s11 -= carry11 << 21;
|
2389
|
-
|
2390
|
-
s0 += s12 * 666643;
|
2391
|
-
s1 += s12 * 470296;
|
2392
|
-
s2 += s12 * 654183;
|
2393
|
-
s3 -= s12 * 997805;
|
2394
|
-
s4 += s12 * 136657;
|
2395
|
-
s5 -= s12 * 683901;
|
2396
|
-
s12 = 0;
|
2397
|
-
|
2398
|
-
carry0 = s0 >> 21;
|
2399
|
-
s1 += carry0;
|
2400
|
-
s0 -= carry0 << 21;
|
2401
|
-
carry1 = s1 >> 21;
|
2402
|
-
s2 += carry1;
|
2403
|
-
s1 -= carry1 << 21;
|
2404
|
-
carry2 = s2 >> 21;
|
2405
|
-
s3 += carry2;
|
2406
|
-
s2 -= carry2 << 21;
|
2407
|
-
carry3 = s3 >> 21;
|
2408
|
-
s4 += carry3;
|
2409
|
-
s3 -= carry3 << 21;
|
2410
|
-
carry4 = s4 >> 21;
|
2411
|
-
s5 += carry4;
|
2412
|
-
s4 -= carry4 << 21;
|
2413
|
-
carry5 = s5 >> 21;
|
2414
|
-
s6 += carry5;
|
2415
|
-
s5 -= carry5 << 21;
|
2416
|
-
carry6 = s6 >> 21;
|
2417
|
-
s7 += carry6;
|
2418
|
-
s6 -= carry6 << 21;
|
2419
|
-
carry7 = s7 >> 21;
|
2420
|
-
s8 += carry7;
|
2421
|
-
s7 -= carry7 << 21;
|
2422
|
-
carry8 = s8 >> 21;
|
2423
|
-
s9 += carry8;
|
2424
|
-
s8 -= carry8 << 21;
|
2425
|
-
carry9 = s9 >> 21;
|
2426
|
-
s10 += carry9;
|
2427
|
-
s9 -= carry9 << 21;
|
2428
|
-
carry10 = s10 >> 21;
|
2429
|
-
s11 += carry10;
|
2430
|
-
s10 -= carry10 << 21;
|
2431
|
-
|
2432
|
-
s[0] = s0 >> 0;
|
2433
|
-
s[1] = s0 >> 8;
|
2434
|
-
s[2] = (s0 >> 16) | (s1 << 5);
|
2435
|
-
s[3] = s1 >> 3;
|
2436
|
-
s[4] = s1 >> 11;
|
2437
|
-
s[5] = (s1 >> 19) | (s2 << 2);
|
2438
|
-
s[6] = s2 >> 6;
|
2439
|
-
s[7] = (s2 >> 14) | (s3 << 7);
|
2440
|
-
s[8] = s3 >> 1;
|
2441
|
-
s[9] = s3 >> 9;
|
2442
|
-
s[10] = (s3 >> 17) | (s4 << 4);
|
2443
|
-
s[11] = s4 >> 4;
|
2444
|
-
s[12] = s4 >> 12;
|
2445
|
-
s[13] = (s4 >> 20) | (s5 << 1);
|
2446
|
-
s[14] = s5 >> 7;
|
2447
|
-
s[15] = (s5 >> 15) | (s6 << 6);
|
2448
|
-
s[16] = s6 >> 2;
|
2449
|
-
s[17] = s6 >> 10;
|
2450
|
-
s[18] = (s6 >> 18) | (s7 << 3);
|
2451
|
-
s[19] = s7 >> 5;
|
2452
|
-
s[20] = s7 >> 13;
|
2453
|
-
s[21] = s8 >> 0;
|
2454
|
-
s[22] = s8 >> 8;
|
2455
|
-
s[23] = (s8 >> 16) | (s9 << 5);
|
2456
|
-
s[24] = s9 >> 3;
|
2457
|
-
s[25] = s9 >> 11;
|
2458
|
-
s[26] = (s9 >> 19) | (s10 << 2);
|
2459
|
-
s[27] = s10 >> 6;
|
2460
|
-
s[28] = (s10 >> 14) | (s11 << 7);
|
2461
|
-
s[29] = s11 >> 1;
|
2462
|
-
s[30] = s11 >> 9;
|
2463
|
-
s[31] = s11 >> 17;
|
2464
|
-
}
|
2465
|
-
|
2466
|
-
// Input:
|
2467
|
-
// a[0]+256*a[1]+...+256^31*a[31] = a
|
2468
|
-
// b[0]+256*b[1]+...+256^31*b[31] = b
|
2469
|
-
// c[0]+256*c[1]+...+256^31*c[31] = c
|
2470
|
-
//
|
2471
|
-
// Output:
|
2472
|
-
// s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
|
2473
|
-
// where l = 2^252 + 27742317777372353535851937790883648493.
|
2474
|
-
static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b,
|
2475
|
-
const uint8_t *c) {
|
2476
|
-
int64_t a0 = 2097151 & load_3(a);
|
2477
|
-
int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
|
2478
|
-
int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
|
2479
|
-
int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
|
2480
|
-
int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
|
2481
|
-
int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
|
2482
|
-
int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
|
2483
|
-
int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
|
2484
|
-
int64_t a8 = 2097151 & load_3(a + 21);
|
2485
|
-
int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
|
2486
|
-
int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
|
2487
|
-
int64_t a11 = (load_4(a + 28) >> 7);
|
2488
|
-
int64_t b0 = 2097151 & load_3(b);
|
2489
|
-
int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
|
2490
|
-
int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
|
2491
|
-
int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
|
2492
|
-
int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
|
2493
|
-
int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
|
2494
|
-
int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
|
2495
|
-
int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
|
2496
|
-
int64_t b8 = 2097151 & load_3(b + 21);
|
2497
|
-
int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
|
2498
|
-
int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
|
2499
|
-
int64_t b11 = (load_4(b + 28) >> 7);
|
2500
|
-
int64_t c0 = 2097151 & load_3(c);
|
2501
|
-
int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
|
2502
|
-
int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
|
2503
|
-
int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
|
2504
|
-
int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
|
2505
|
-
int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
|
2506
|
-
int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
|
2507
|
-
int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
|
2508
|
-
int64_t c8 = 2097151 & load_3(c + 21);
|
2509
|
-
int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
|
2510
|
-
int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
|
2511
|
-
int64_t c11 = (load_4(c + 28) >> 7);
|
2512
|
-
int64_t s0;
|
2513
|
-
int64_t s1;
|
2514
|
-
int64_t s2;
|
2515
|
-
int64_t s3;
|
2516
|
-
int64_t s4;
|
2517
|
-
int64_t s5;
|
2518
|
-
int64_t s6;
|
2519
|
-
int64_t s7;
|
2520
|
-
int64_t s8;
|
2521
|
-
int64_t s9;
|
2522
|
-
int64_t s10;
|
2523
|
-
int64_t s11;
|
2524
|
-
int64_t s12;
|
2525
|
-
int64_t s13;
|
2526
|
-
int64_t s14;
|
2527
|
-
int64_t s15;
|
2528
|
-
int64_t s16;
|
2529
|
-
int64_t s17;
|
2530
|
-
int64_t s18;
|
2531
|
-
int64_t s19;
|
2532
|
-
int64_t s20;
|
2533
|
-
int64_t s21;
|
2534
|
-
int64_t s22;
|
2535
|
-
int64_t s23;
|
2536
|
-
int64_t carry0;
|
2537
|
-
int64_t carry1;
|
2538
|
-
int64_t carry2;
|
2539
|
-
int64_t carry3;
|
2540
|
-
int64_t carry4;
|
2541
|
-
int64_t carry5;
|
2542
|
-
int64_t carry6;
|
2543
|
-
int64_t carry7;
|
2544
|
-
int64_t carry8;
|
2545
|
-
int64_t carry9;
|
2546
|
-
int64_t carry10;
|
2547
|
-
int64_t carry11;
|
2548
|
-
int64_t carry12;
|
2549
|
-
int64_t carry13;
|
2550
|
-
int64_t carry14;
|
2551
|
-
int64_t carry15;
|
2552
|
-
int64_t carry16;
|
2553
|
-
int64_t carry17;
|
2554
|
-
int64_t carry18;
|
2555
|
-
int64_t carry19;
|
2556
|
-
int64_t carry20;
|
2557
|
-
int64_t carry21;
|
2558
|
-
int64_t carry22;
|
2559
|
-
|
2560
|
-
s0 = c0 + a0 * b0;
|
2561
|
-
s1 = c1 + a0 * b1 + a1 * b0;
|
2562
|
-
s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0;
|
2563
|
-
s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
|
2564
|
-
s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
|
2565
|
-
s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
|
2566
|
-
s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
|
2567
|
-
s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 +
|
2568
|
-
a6 * b1 + a7 * b0;
|
2569
|
-
s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 +
|
2570
|
-
a6 * b2 + a7 * b1 + a8 * b0;
|
2571
|
-
s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 +
|
2572
|
-
a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0;
|
2573
|
-
s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 +
|
2574
|
-
a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0;
|
2575
|
-
s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 +
|
2576
|
-
a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
|
2577
|
-
s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 +
|
2578
|
-
a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1;
|
2579
|
-
s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 +
|
2580
|
-
a9 * b4 + a10 * b3 + a11 * b2;
|
2581
|
-
s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 +
|
2582
|
-
a10 * b4 + a11 * b3;
|
2583
|
-
s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 +
|
2584
|
-
a11 * b4;
|
2585
|
-
s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
|
2586
|
-
s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
|
2587
|
-
s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
|
2588
|
-
s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
|
2589
|
-
s20 = a9 * b11 + a10 * b10 + a11 * b9;
|
2590
|
-
s21 = a10 * b11 + a11 * b10;
|
2591
|
-
s22 = a11 * b11;
|
2592
|
-
s23 = 0;
|
2593
|
-
|
2594
|
-
carry0 = (s0 + (1 << 20)) >> 21;
|
2595
|
-
s1 += carry0;
|
2596
|
-
s0 -= carry0 << 21;
|
2597
|
-
carry2 = (s2 + (1 << 20)) >> 21;
|
2598
|
-
s3 += carry2;
|
2599
|
-
s2 -= carry2 << 21;
|
2600
|
-
carry4 = (s4 + (1 << 20)) >> 21;
|
2601
|
-
s5 += carry4;
|
2602
|
-
s4 -= carry4 << 21;
|
2603
|
-
carry6 = (s6 + (1 << 20)) >> 21;
|
2604
|
-
s7 += carry6;
|
2605
|
-
s6 -= carry6 << 21;
|
2606
|
-
carry8 = (s8 + (1 << 20)) >> 21;
|
2607
|
-
s9 += carry8;
|
2608
|
-
s8 -= carry8 << 21;
|
2609
|
-
carry10 = (s10 + (1 << 20)) >> 21;
|
2610
|
-
s11 += carry10;
|
2611
|
-
s10 -= carry10 << 21;
|
2612
|
-
carry12 = (s12 + (1 << 20)) >> 21;
|
2613
|
-
s13 += carry12;
|
2614
|
-
s12 -= carry12 << 21;
|
2615
|
-
carry14 = (s14 + (1 << 20)) >> 21;
|
2616
|
-
s15 += carry14;
|
2617
|
-
s14 -= carry14 << 21;
|
2618
|
-
carry16 = (s16 + (1 << 20)) >> 21;
|
2619
|
-
s17 += carry16;
|
2620
|
-
s16 -= carry16 << 21;
|
2621
|
-
carry18 = (s18 + (1 << 20)) >> 21;
|
2622
|
-
s19 += carry18;
|
2623
|
-
s18 -= carry18 << 21;
|
2624
|
-
carry20 = (s20 + (1 << 20)) >> 21;
|
2625
|
-
s21 += carry20;
|
2626
|
-
s20 -= carry20 << 21;
|
2627
|
-
carry22 = (s22 + (1 << 20)) >> 21;
|
2628
|
-
s23 += carry22;
|
2629
|
-
s22 -= carry22 << 21;
|
2630
|
-
|
2631
|
-
carry1 = (s1 + (1 << 20)) >> 21;
|
2632
|
-
s2 += carry1;
|
2633
|
-
s1 -= carry1 << 21;
|
2634
|
-
carry3 = (s3 + (1 << 20)) >> 21;
|
2635
|
-
s4 += carry3;
|
2636
|
-
s3 -= carry3 << 21;
|
2637
|
-
carry5 = (s5 + (1 << 20)) >> 21;
|
2638
|
-
s6 += carry5;
|
2639
|
-
s5 -= carry5 << 21;
|
2640
|
-
carry7 = (s7 + (1 << 20)) >> 21;
|
2641
|
-
s8 += carry7;
|
2642
|
-
s7 -= carry7 << 21;
|
2643
|
-
carry9 = (s9 + (1 << 20)) >> 21;
|
2644
|
-
s10 += carry9;
|
2645
|
-
s9 -= carry9 << 21;
|
2646
|
-
carry11 = (s11 + (1 << 20)) >> 21;
|
2647
|
-
s12 += carry11;
|
2648
|
-
s11 -= carry11 << 21;
|
2649
|
-
carry13 = (s13 + (1 << 20)) >> 21;
|
2650
|
-
s14 += carry13;
|
2651
|
-
s13 -= carry13 << 21;
|
2652
|
-
carry15 = (s15 + (1 << 20)) >> 21;
|
2653
|
-
s16 += carry15;
|
2654
|
-
s15 -= carry15 << 21;
|
2655
|
-
carry17 = (s17 + (1 << 20)) >> 21;
|
2656
|
-
s18 += carry17;
|
2657
|
-
s17 -= carry17 << 21;
|
2658
|
-
carry19 = (s19 + (1 << 20)) >> 21;
|
2659
|
-
s20 += carry19;
|
2660
|
-
s19 -= carry19 << 21;
|
2661
|
-
carry21 = (s21 + (1 << 20)) >> 21;
|
2662
|
-
s22 += carry21;
|
2663
|
-
s21 -= carry21 << 21;
|
2664
|
-
|
2665
|
-
s11 += s23 * 666643;
|
2666
|
-
s12 += s23 * 470296;
|
2667
|
-
s13 += s23 * 654183;
|
2668
|
-
s14 -= s23 * 997805;
|
2669
|
-
s15 += s23 * 136657;
|
2670
|
-
s16 -= s23 * 683901;
|
2671
|
-
s23 = 0;
|
2672
|
-
|
2673
|
-
s10 += s22 * 666643;
|
2674
|
-
s11 += s22 * 470296;
|
2675
|
-
s12 += s22 * 654183;
|
2676
|
-
s13 -= s22 * 997805;
|
2677
|
-
s14 += s22 * 136657;
|
2678
|
-
s15 -= s22 * 683901;
|
2679
|
-
s22 = 0;
|
2680
|
-
|
2681
|
-
s9 += s21 * 666643;
|
2682
|
-
s10 += s21 * 470296;
|
2683
|
-
s11 += s21 * 654183;
|
2684
|
-
s12 -= s21 * 997805;
|
2685
|
-
s13 += s21 * 136657;
|
2686
|
-
s14 -= s21 * 683901;
|
2687
|
-
s21 = 0;
|
2688
|
-
|
2689
|
-
s8 += s20 * 666643;
|
2690
|
-
s9 += s20 * 470296;
|
2691
|
-
s10 += s20 * 654183;
|
2692
|
-
s11 -= s20 * 997805;
|
2693
|
-
s12 += s20 * 136657;
|
2694
|
-
s13 -= s20 * 683901;
|
2695
|
-
s20 = 0;
|
2696
|
-
|
2697
|
-
s7 += s19 * 666643;
|
2698
|
-
s8 += s19 * 470296;
|
2699
|
-
s9 += s19 * 654183;
|
2700
|
-
s10 -= s19 * 997805;
|
2701
|
-
s11 += s19 * 136657;
|
2702
|
-
s12 -= s19 * 683901;
|
2703
|
-
s19 = 0;
|
2704
|
-
|
2705
|
-
s6 += s18 * 666643;
|
2706
|
-
s7 += s18 * 470296;
|
2707
|
-
s8 += s18 * 654183;
|
2708
|
-
s9 -= s18 * 997805;
|
2709
|
-
s10 += s18 * 136657;
|
2710
|
-
s11 -= s18 * 683901;
|
2711
|
-
s18 = 0;
|
2712
|
-
|
2713
|
-
carry6 = (s6 + (1 << 20)) >> 21;
|
2714
|
-
s7 += carry6;
|
2715
|
-
s6 -= carry6 << 21;
|
2716
|
-
carry8 = (s8 + (1 << 20)) >> 21;
|
2717
|
-
s9 += carry8;
|
2718
|
-
s8 -= carry8 << 21;
|
2719
|
-
carry10 = (s10 + (1 << 20)) >> 21;
|
2720
|
-
s11 += carry10;
|
2721
|
-
s10 -= carry10 << 21;
|
2722
|
-
carry12 = (s12 + (1 << 20)) >> 21;
|
2723
|
-
s13 += carry12;
|
2724
|
-
s12 -= carry12 << 21;
|
2725
|
-
carry14 = (s14 + (1 << 20)) >> 21;
|
2726
|
-
s15 += carry14;
|
2727
|
-
s14 -= carry14 << 21;
|
2728
|
-
carry16 = (s16 + (1 << 20)) >> 21;
|
2729
|
-
s17 += carry16;
|
2730
|
-
s16 -= carry16 << 21;
|
2731
|
-
|
2732
|
-
carry7 = (s7 + (1 << 20)) >> 21;
|
2733
|
-
s8 += carry7;
|
2734
|
-
s7 -= carry7 << 21;
|
2735
|
-
carry9 = (s9 + (1 << 20)) >> 21;
|
2736
|
-
s10 += carry9;
|
2737
|
-
s9 -= carry9 << 21;
|
2738
|
-
carry11 = (s11 + (1 << 20)) >> 21;
|
2739
|
-
s12 += carry11;
|
2740
|
-
s11 -= carry11 << 21;
|
2741
|
-
carry13 = (s13 + (1 << 20)) >> 21;
|
2742
|
-
s14 += carry13;
|
2743
|
-
s13 -= carry13 << 21;
|
2744
|
-
carry15 = (s15 + (1 << 20)) >> 21;
|
2745
|
-
s16 += carry15;
|
2746
|
-
s15 -= carry15 << 21;
|
2747
|
-
|
2748
|
-
s5 += s17 * 666643;
|
2749
|
-
s6 += s17 * 470296;
|
2750
|
-
s7 += s17 * 654183;
|
2751
|
-
s8 -= s17 * 997805;
|
2752
|
-
s9 += s17 * 136657;
|
2753
|
-
s10 -= s17 * 683901;
|
2754
|
-
s17 = 0;
|
2755
|
-
|
2756
|
-
s4 += s16 * 666643;
|
2757
|
-
s5 += s16 * 470296;
|
2758
|
-
s6 += s16 * 654183;
|
2759
|
-
s7 -= s16 * 997805;
|
2760
|
-
s8 += s16 * 136657;
|
2761
|
-
s9 -= s16 * 683901;
|
2762
|
-
s16 = 0;
|
2763
|
-
|
2764
|
-
s3 += s15 * 666643;
|
2765
|
-
s4 += s15 * 470296;
|
2766
|
-
s5 += s15 * 654183;
|
2767
|
-
s6 -= s15 * 997805;
|
2768
|
-
s7 += s15 * 136657;
|
2769
|
-
s8 -= s15 * 683901;
|
2770
|
-
s15 = 0;
|
2771
|
-
|
2772
|
-
s2 += s14 * 666643;
|
2773
|
-
s3 += s14 * 470296;
|
2774
|
-
s4 += s14 * 654183;
|
2775
|
-
s5 -= s14 * 997805;
|
2776
|
-
s6 += s14 * 136657;
|
2777
|
-
s7 -= s14 * 683901;
|
2778
|
-
s14 = 0;
|
2779
|
-
|
2780
|
-
s1 += s13 * 666643;
|
2781
|
-
s2 += s13 * 470296;
|
2782
|
-
s3 += s13 * 654183;
|
2783
|
-
s4 -= s13 * 997805;
|
2784
|
-
s5 += s13 * 136657;
|
2785
|
-
s6 -= s13 * 683901;
|
2786
|
-
s13 = 0;
|
2787
|
-
|
2788
|
-
s0 += s12 * 666643;
|
2789
|
-
s1 += s12 * 470296;
|
2790
|
-
s2 += s12 * 654183;
|
2791
|
-
s3 -= s12 * 997805;
|
2792
|
-
s4 += s12 * 136657;
|
2793
|
-
s5 -= s12 * 683901;
|
2794
|
-
s12 = 0;
|
2795
|
-
|
2796
|
-
carry0 = (s0 + (1 << 20)) >> 21;
|
2797
|
-
s1 += carry0;
|
2798
|
-
s0 -= carry0 << 21;
|
2799
|
-
carry2 = (s2 + (1 << 20)) >> 21;
|
2800
|
-
s3 += carry2;
|
2801
|
-
s2 -= carry2 << 21;
|
2802
|
-
carry4 = (s4 + (1 << 20)) >> 21;
|
2803
|
-
s5 += carry4;
|
2804
|
-
s4 -= carry4 << 21;
|
2805
|
-
carry6 = (s6 + (1 << 20)) >> 21;
|
2806
|
-
s7 += carry6;
|
2807
|
-
s6 -= carry6 << 21;
|
2808
|
-
carry8 = (s8 + (1 << 20)) >> 21;
|
2809
|
-
s9 += carry8;
|
2810
|
-
s8 -= carry8 << 21;
|
2811
|
-
carry10 = (s10 + (1 << 20)) >> 21;
|
2812
|
-
s11 += carry10;
|
2813
|
-
s10 -= carry10 << 21;
|
2814
|
-
|
2815
|
-
carry1 = (s1 + (1 << 20)) >> 21;
|
2816
|
-
s2 += carry1;
|
2817
|
-
s1 -= carry1 << 21;
|
2818
|
-
carry3 = (s3 + (1 << 20)) >> 21;
|
2819
|
-
s4 += carry3;
|
2820
|
-
s3 -= carry3 << 21;
|
2821
|
-
carry5 = (s5 + (1 << 20)) >> 21;
|
2822
|
-
s6 += carry5;
|
2823
|
-
s5 -= carry5 << 21;
|
2824
|
-
carry7 = (s7 + (1 << 20)) >> 21;
|
2825
|
-
s8 += carry7;
|
2826
|
-
s7 -= carry7 << 21;
|
2827
|
-
carry9 = (s9 + (1 << 20)) >> 21;
|
2828
|
-
s10 += carry9;
|
2829
|
-
s9 -= carry9 << 21;
|
2830
|
-
carry11 = (s11 + (1 << 20)) >> 21;
|
2831
|
-
s12 += carry11;
|
2832
|
-
s11 -= carry11 << 21;
|
2833
|
-
|
2834
|
-
s0 += s12 * 666643;
|
2835
|
-
s1 += s12 * 470296;
|
2836
|
-
s2 += s12 * 654183;
|
2837
|
-
s3 -= s12 * 997805;
|
2838
|
-
s4 += s12 * 136657;
|
2839
|
-
s5 -= s12 * 683901;
|
2840
|
-
s12 = 0;
|
2841
|
-
|
2842
|
-
carry0 = s0 >> 21;
|
2843
|
-
s1 += carry0;
|
2844
|
-
s0 -= carry0 << 21;
|
2845
|
-
carry1 = s1 >> 21;
|
2846
|
-
s2 += carry1;
|
2847
|
-
s1 -= carry1 << 21;
|
2848
|
-
carry2 = s2 >> 21;
|
2849
|
-
s3 += carry2;
|
2850
|
-
s2 -= carry2 << 21;
|
2851
|
-
carry3 = s3 >> 21;
|
2852
|
-
s4 += carry3;
|
2853
|
-
s3 -= carry3 << 21;
|
2854
|
-
carry4 = s4 >> 21;
|
2855
|
-
s5 += carry4;
|
2856
|
-
s4 -= carry4 << 21;
|
2857
|
-
carry5 = s5 >> 21;
|
2858
|
-
s6 += carry5;
|
2859
|
-
s5 -= carry5 << 21;
|
2860
|
-
carry6 = s6 >> 21;
|
2861
|
-
s7 += carry6;
|
2862
|
-
s6 -= carry6 << 21;
|
2863
|
-
carry7 = s7 >> 21;
|
2864
|
-
s8 += carry7;
|
2865
|
-
s7 -= carry7 << 21;
|
2866
|
-
carry8 = s8 >> 21;
|
2867
|
-
s9 += carry8;
|
2868
|
-
s8 -= carry8 << 21;
|
2869
|
-
carry9 = s9 >> 21;
|
2870
|
-
s10 += carry9;
|
2871
|
-
s9 -= carry9 << 21;
|
2872
|
-
carry10 = s10 >> 21;
|
2873
|
-
s11 += carry10;
|
2874
|
-
s10 -= carry10 << 21;
|
2875
|
-
carry11 = s11 >> 21;
|
2876
|
-
s12 += carry11;
|
2877
|
-
s11 -= carry11 << 21;
|
2878
|
-
|
2879
|
-
s0 += s12 * 666643;
|
2880
|
-
s1 += s12 * 470296;
|
2881
|
-
s2 += s12 * 654183;
|
2882
|
-
s3 -= s12 * 997805;
|
2883
|
-
s4 += s12 * 136657;
|
2884
|
-
s5 -= s12 * 683901;
|
2885
|
-
s12 = 0;
|
2886
|
-
|
2887
|
-
carry0 = s0 >> 21;
|
2888
|
-
s1 += carry0;
|
2889
|
-
s0 -= carry0 << 21;
|
2890
|
-
carry1 = s1 >> 21;
|
2891
|
-
s2 += carry1;
|
2892
|
-
s1 -= carry1 << 21;
|
2893
|
-
carry2 = s2 >> 21;
|
2894
|
-
s3 += carry2;
|
2895
|
-
s2 -= carry2 << 21;
|
2896
|
-
carry3 = s3 >> 21;
|
2897
|
-
s4 += carry3;
|
2898
|
-
s3 -= carry3 << 21;
|
2899
|
-
carry4 = s4 >> 21;
|
2900
|
-
s5 += carry4;
|
2901
|
-
s4 -= carry4 << 21;
|
2902
|
-
carry5 = s5 >> 21;
|
2903
|
-
s6 += carry5;
|
2904
|
-
s5 -= carry5 << 21;
|
2905
|
-
carry6 = s6 >> 21;
|
2906
|
-
s7 += carry6;
|
2907
|
-
s6 -= carry6 << 21;
|
2908
|
-
carry7 = s7 >> 21;
|
2909
|
-
s8 += carry7;
|
2910
|
-
s7 -= carry7 << 21;
|
2911
|
-
carry8 = s8 >> 21;
|
2912
|
-
s9 += carry8;
|
2913
|
-
s8 -= carry8 << 21;
|
2914
|
-
carry9 = s9 >> 21;
|
2915
|
-
s10 += carry9;
|
2916
|
-
s9 -= carry9 << 21;
|
2917
|
-
carry10 = s10 >> 21;
|
2918
|
-
s11 += carry10;
|
2919
|
-
s10 -= carry10 << 21;
|
2920
|
-
|
2921
|
-
s[0] = s0 >> 0;
|
2922
|
-
s[1] = s0 >> 8;
|
2923
|
-
s[2] = (s0 >> 16) | (s1 << 5);
|
2924
|
-
s[3] = s1 >> 3;
|
2925
|
-
s[4] = s1 >> 11;
|
2926
|
-
s[5] = (s1 >> 19) | (s2 << 2);
|
2927
|
-
s[6] = s2 >> 6;
|
2928
|
-
s[7] = (s2 >> 14) | (s3 << 7);
|
2929
|
-
s[8] = s3 >> 1;
|
2930
|
-
s[9] = s3 >> 9;
|
2931
|
-
s[10] = (s3 >> 17) | (s4 << 4);
|
2932
|
-
s[11] = s4 >> 4;
|
2933
|
-
s[12] = s4 >> 12;
|
2934
|
-
s[13] = (s4 >> 20) | (s5 << 1);
|
2935
|
-
s[14] = s5 >> 7;
|
2936
|
-
s[15] = (s5 >> 15) | (s6 << 6);
|
2937
|
-
s[16] = s6 >> 2;
|
2938
|
-
s[17] = s6 >> 10;
|
2939
|
-
s[18] = (s6 >> 18) | (s7 << 3);
|
2940
|
-
s[19] = s7 >> 5;
|
2941
|
-
s[20] = s7 >> 13;
|
2942
|
-
s[21] = s8 >> 0;
|
2943
|
-
s[22] = s8 >> 8;
|
2944
|
-
s[23] = (s8 >> 16) | (s9 << 5);
|
2945
|
-
s[24] = s9 >> 3;
|
2946
|
-
s[25] = s9 >> 11;
|
2947
|
-
s[26] = (s9 >> 19) | (s10 << 2);
|
2948
|
-
s[27] = s10 >> 6;
|
2949
|
-
s[28] = (s10 >> 14) | (s11 << 7);
|
2950
|
-
s[29] = s11 >> 1;
|
2951
|
-
s[30] = s11 >> 9;
|
2952
|
-
s[31] = s11 >> 17;
|
2953
|
-
}
|
2954
|
-
|
2955
|
-
void ED25519_keypair(uint8_t out_public_key[32], uint8_t out_private_key[64]) {
|
2956
|
-
uint8_t seed[32];
|
2957
|
-
RAND_bytes(seed, 32);
|
2958
|
-
ED25519_keypair_from_seed(out_public_key, out_private_key, seed);
|
2959
|
-
}
|
2960
|
-
|
2961
|
-
int ED25519_sign(uint8_t out_sig[64], const uint8_t *message,
|
2962
|
-
size_t message_len, const uint8_t private_key[64]) {
|
2963
|
-
uint8_t az[SHA512_DIGEST_LENGTH];
|
2964
|
-
SHA512(private_key, 32, az);
|
2965
|
-
|
2966
|
-
az[0] &= 248;
|
2967
|
-
az[31] &= 63;
|
2968
|
-
az[31] |= 64;
|
2969
|
-
|
2970
|
-
SHA512_CTX hash_ctx;
|
2971
|
-
SHA512_Init(&hash_ctx);
|
2972
|
-
SHA512_Update(&hash_ctx, az + 32, 32);
|
2973
|
-
SHA512_Update(&hash_ctx, message, message_len);
|
2974
|
-
uint8_t nonce[SHA512_DIGEST_LENGTH];
|
2975
|
-
SHA512_Final(nonce, &hash_ctx);
|
2976
|
-
|
2977
|
-
x25519_sc_reduce(nonce);
|
2978
|
-
ge_p3 R;
|
2979
|
-
x25519_ge_scalarmult_base(&R, nonce);
|
2980
|
-
ge_p3_tobytes(out_sig, &R);
|
2981
|
-
|
2982
|
-
SHA512_Init(&hash_ctx);
|
2983
|
-
SHA512_Update(&hash_ctx, out_sig, 32);
|
2984
|
-
SHA512_Update(&hash_ctx, private_key + 32, 32);
|
2985
|
-
SHA512_Update(&hash_ctx, message, message_len);
|
2986
|
-
uint8_t hram[SHA512_DIGEST_LENGTH];
|
2987
|
-
SHA512_Final(hram, &hash_ctx);
|
2988
|
-
|
2989
|
-
x25519_sc_reduce(hram);
|
2990
|
-
sc_muladd(out_sig + 32, hram, az, nonce);
|
2991
|
-
|
2992
|
-
return 1;
|
2993
|
-
}
|
2994
|
-
|
2995
|
-
int ED25519_verify(const uint8_t *message, size_t message_len,
|
2996
|
-
const uint8_t signature[64], const uint8_t public_key[32]) {
|
2997
|
-
ge_p3 A;
|
2998
|
-
if ((signature[63] & 224) != 0 ||
|
2999
|
-
x25519_ge_frombytes_vartime(&A, public_key) != 0) {
|
3000
|
-
return 0;
|
3001
|
-
}
|
3002
|
-
|
3003
|
-
fe_loose t;
|
3004
|
-
fe_neg(&t, &A.X);
|
3005
|
-
fe_carry(&A.X, &t);
|
3006
|
-
fe_neg(&t, &A.T);
|
3007
|
-
fe_carry(&A.T, &t);
|
3008
|
-
|
3009
|
-
uint8_t pkcopy[32];
|
3010
|
-
OPENSSL_memcpy(pkcopy, public_key, 32);
|
3011
|
-
uint8_t rcopy[32];
|
3012
|
-
OPENSSL_memcpy(rcopy, signature, 32);
|
3013
|
-
union {
|
3014
|
-
uint64_t u64[4];
|
3015
|
-
uint8_t u8[32];
|
3016
|
-
} scopy;
|
3017
|
-
OPENSSL_memcpy(&scopy.u8[0], signature + 32, 32);
|
3018
|
-
|
3019
|
-
// https://tools.ietf.org/html/rfc8032#section-5.1.7 requires that s be in
|
3020
|
-
// the range [0, order) in order to prevent signature malleability.
|
3021
|
-
|
3022
|
-
// kOrder is the order of Curve25519 in little-endian form.
|
3023
|
-
static const uint64_t kOrder[4] = {
|
3024
|
-
UINT64_C(0x5812631a5cf5d3ed),
|
3025
|
-
UINT64_C(0x14def9dea2f79cd6),
|
3026
|
-
0,
|
3027
|
-
UINT64_C(0x1000000000000000),
|
3028
|
-
};
|
3029
|
-
for (size_t i = 3;; i--) {
|
3030
|
-
if (scopy.u64[i] > kOrder[i]) {
|
3031
|
-
return 0;
|
3032
|
-
} else if (scopy.u64[i] < kOrder[i]) {
|
3033
|
-
break;
|
3034
|
-
} else if (i == 0) {
|
3035
|
-
return 0;
|
3036
|
-
}
|
3037
|
-
}
|
3038
|
-
|
3039
|
-
SHA512_CTX hash_ctx;
|
3040
|
-
SHA512_Init(&hash_ctx);
|
3041
|
-
SHA512_Update(&hash_ctx, signature, 32);
|
3042
|
-
SHA512_Update(&hash_ctx, public_key, 32);
|
3043
|
-
SHA512_Update(&hash_ctx, message, message_len);
|
3044
|
-
uint8_t h[SHA512_DIGEST_LENGTH];
|
3045
|
-
SHA512_Final(h, &hash_ctx);
|
3046
|
-
|
3047
|
-
x25519_sc_reduce(h);
|
3048
|
-
|
3049
|
-
ge_p2 R;
|
3050
|
-
ge_double_scalarmult_vartime(&R, h, &A, scopy.u8);
|
3051
|
-
|
3052
|
-
uint8_t rcheck[32];
|
3053
|
-
x25519_ge_tobytes(rcheck, &R);
|
3054
|
-
|
3055
|
-
return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0;
|
3056
|
-
}
|
3057
|
-
|
3058
|
-
void ED25519_keypair_from_seed(uint8_t out_public_key[32],
|
3059
|
-
uint8_t out_private_key[64],
|
3060
|
-
const uint8_t seed[32]) {
|
3061
|
-
uint8_t az[SHA512_DIGEST_LENGTH];
|
3062
|
-
SHA512(seed, 32, az);
|
3063
|
-
|
3064
|
-
az[0] &= 248;
|
3065
|
-
az[31] &= 63;
|
3066
|
-
az[31] |= 64;
|
3067
|
-
|
3068
|
-
ge_p3 A;
|
3069
|
-
x25519_ge_scalarmult_base(&A, az);
|
3070
|
-
ge_p3_tobytes(out_public_key, &A);
|
3071
|
-
|
3072
|
-
OPENSSL_memcpy(out_private_key, seed, 32);
|
3073
|
-
OPENSSL_memcpy(out_private_key + 32, out_public_key, 32);
|
3074
|
-
}
|
3075
|
-
|
3076
|
-
|
3077
|
-
static void x25519_scalar_mult_generic(uint8_t out[32],
|
3078
|
-
const uint8_t scalar[32],
|
3079
|
-
const uint8_t point[32]) {
|
3080
|
-
fe x1, x2, z2, x3, z3, tmp0, tmp1;
|
3081
|
-
fe_loose x2l, z2l, x3l, tmp0l, tmp1l;
|
3082
|
-
|
3083
|
-
uint8_t e[32];
|
3084
|
-
OPENSSL_memcpy(e, scalar, 32);
|
3085
|
-
e[0] &= 248;
|
3086
|
-
e[31] &= 127;
|
3087
|
-
e[31] |= 64;
|
3088
|
-
|
3089
|
-
// The following implementation was transcribed to Coq and proven to
|
3090
|
-
// correspond to unary scalar multiplication in affine coordinates given that
|
3091
|
-
// x1 != 0 is the x coordinate of some point on the curve. It was also checked
|
3092
|
-
// in Coq that doing a ladderstep with x1 = x3 = 0 gives z2' = z3' = 0, and z2
|
3093
|
-
// = z3 = 0 gives z2' = z3' = 0. The statement was quantified over the
|
3094
|
-
// underlying field, so it applies to Curve25519 itself and the quadratic
|
3095
|
-
// twist of Curve25519. It was not proven in Coq that prime-field arithmetic
|
3096
|
-
// correctly simulates extension-field arithmetic on prime-field values.
|
3097
|
-
// The decoding of the byte array representation of e was not considered.
|
3098
|
-
// Specification of Montgomery curves in affine coordinates:
|
3099
|
-
// <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Spec/MontgomeryCurve.v#L27>
|
3100
|
-
// Proof that these form a group that is isomorphic to a Weierstrass curve:
|
3101
|
-
// <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/AffineProofs.v#L35>
|
3102
|
-
// Coq transcription and correctness proof of the loop (where scalarbits=255):
|
3103
|
-
// <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZ.v#L118>
|
3104
|
-
// <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L278>
|
3105
|
-
// preconditions: 0 <= e < 2^255 (not necessarily e < order), fe_invert(0) = 0
|
3106
|
-
fe_frombytes(&x1, point);
|
3107
|
-
fe_1(&x2);
|
3108
|
-
fe_0(&z2);
|
3109
|
-
fe_copy(&x3, &x1);
|
3110
|
-
fe_1(&z3);
|
3111
|
-
|
3112
|
-
unsigned swap = 0;
|
3113
|
-
int pos;
|
3114
|
-
for (pos = 254; pos >= 0; --pos) {
|
3115
|
-
// loop invariant as of right before the test, for the case where x1 != 0:
|
3116
|
-
// pos >= -1; if z2 = 0 then x2 is nonzero; if z3 = 0 then x3 is nonzero
|
3117
|
-
// let r := e >> (pos+1) in the following equalities of projective points:
|
3118
|
-
// to_xz (r*P) === if swap then (x3, z3) else (x2, z2)
|
3119
|
-
// to_xz ((r+1)*P) === if swap then (x2, z2) else (x3, z3)
|
3120
|
-
// x1 is the nonzero x coordinate of the nonzero point (r*P-(r+1)*P)
|
3121
|
-
unsigned b = 1 & (e[pos / 8] >> (pos & 7));
|
3122
|
-
swap ^= b;
|
3123
|
-
fe_cswap(&x2, &x3, swap);
|
3124
|
-
fe_cswap(&z2, &z3, swap);
|
3125
|
-
swap = b;
|
3126
|
-
// Coq transcription of ladderstep formula (called from transcribed loop):
|
3127
|
-
// <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZ.v#L89>
|
3128
|
-
// <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L131>
|
3129
|
-
// x1 != 0 <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L217>
|
3130
|
-
// x1 = 0 <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L147>
|
3131
|
-
fe_sub(&tmp0l, &x3, &z3);
|
3132
|
-
fe_sub(&tmp1l, &x2, &z2);
|
3133
|
-
fe_add(&x2l, &x2, &z2);
|
3134
|
-
fe_add(&z2l, &x3, &z3);
|
3135
|
-
fe_mul_tll(&z3, &tmp0l, &x2l);
|
3136
|
-
fe_mul_tll(&z2, &z2l, &tmp1l);
|
3137
|
-
fe_sq_tl(&tmp0, &tmp1l);
|
3138
|
-
fe_sq_tl(&tmp1, &x2l);
|
3139
|
-
fe_add(&x3l, &z3, &z2);
|
3140
|
-
fe_sub(&z2l, &z3, &z2);
|
3141
|
-
fe_mul_ttt(&x2, &tmp1, &tmp0);
|
3142
|
-
fe_sub(&tmp1l, &tmp1, &tmp0);
|
3143
|
-
fe_sq_tl(&z2, &z2l);
|
3144
|
-
fe_mul121666(&z3, &tmp1l);
|
3145
|
-
fe_sq_tl(&x3, &x3l);
|
3146
|
-
fe_add(&tmp0l, &tmp0, &z3);
|
3147
|
-
fe_mul_ttt(&z3, &x1, &z2);
|
3148
|
-
fe_mul_tll(&z2, &tmp1l, &tmp0l);
|
3149
|
-
}
|
3150
|
-
// here pos=-1, so r=e, so to_xz (e*P) === if swap then (x3, z3) else (x2, z2)
|
3151
|
-
fe_cswap(&x2, &x3, swap);
|
3152
|
-
fe_cswap(&z2, &z3, swap);
|
3153
|
-
|
3154
|
-
fe_invert(&z2, &z2);
|
3155
|
-
fe_mul_ttt(&x2, &x2, &z2);
|
3156
|
-
fe_tobytes(out, &x2);
|
3157
|
-
}
|
3158
|
-
|
3159
|
-
static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
|
3160
|
-
const uint8_t point[32]) {
|
3161
|
-
#if defined(BORINGSSL_X25519_NEON)
|
3162
|
-
if (CRYPTO_is_NEON_capable()) {
|
3163
|
-
x25519_NEON(out, scalar, point);
|
3164
|
-
return;
|
3165
|
-
}
|
3166
|
-
#endif
|
3167
|
-
|
3168
|
-
x25519_scalar_mult_generic(out, scalar, point);
|
3169
|
-
}
|
3170
|
-
|
3171
|
-
void X25519_keypair(uint8_t out_public_value[32], uint8_t out_private_key[32]) {
|
3172
|
-
RAND_bytes(out_private_key, 32);
|
3173
|
-
|
3174
|
-
// All X25519 implementations should decode scalars correctly (see
|
3175
|
-
// https://tools.ietf.org/html/rfc7748#section-5). However, if an
|
3176
|
-
// implementation doesn't then it might interoperate with random keys a
|
3177
|
-
// fraction of the time because they'll, randomly, happen to be correctly
|
3178
|
-
// formed.
|
3179
|
-
//
|
3180
|
-
// Thus we do the opposite of the masking here to make sure that our private
|
3181
|
-
// keys are never correctly masked and so, hopefully, any incorrect
|
3182
|
-
// implementations are deterministically broken.
|
3183
|
-
//
|
3184
|
-
// This does not affect security because, although we're throwing away
|
3185
|
-
// entropy, a valid implementation of scalarmult should throw away the exact
|
3186
|
-
// same bits anyway.
|
3187
|
-
out_private_key[0] |= 7;
|
3188
|
-
out_private_key[31] &= 63;
|
3189
|
-
out_private_key[31] |= 128;
|
3190
|
-
|
3191
|
-
X25519_public_from_private(out_public_value, out_private_key);
|
3192
|
-
}
|
3193
|
-
|
3194
|
-
int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
|
3195
|
-
const uint8_t peer_public_value[32]) {
|
3196
|
-
static const uint8_t kZeros[32] = {0};
|
3197
|
-
x25519_scalar_mult(out_shared_key, private_key, peer_public_value);
|
3198
|
-
// The all-zero output results when the input is a point of small order.
|
3199
|
-
return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
|
3200
|
-
}
|
3201
|
-
|
3202
|
-
void X25519_public_from_private(uint8_t out_public_value[32],
|
3203
|
-
const uint8_t private_key[32]) {
|
3204
|
-
#if defined(BORINGSSL_X25519_NEON)
|
3205
|
-
if (CRYPTO_is_NEON_capable()) {
|
3206
|
-
static const uint8_t kMongomeryBasePoint[32] = {9};
|
3207
|
-
x25519_NEON(out_public_value, private_key, kMongomeryBasePoint);
|
3208
|
-
return;
|
3209
|
-
}
|
3210
|
-
#endif
|
3211
|
-
|
3212
|
-
uint8_t e[32];
|
3213
|
-
OPENSSL_memcpy(e, private_key, 32);
|
3214
|
-
e[0] &= 248;
|
3215
|
-
e[31] &= 127;
|
3216
|
-
e[31] |= 64;
|
3217
|
-
|
3218
|
-
ge_p3 A;
|
3219
|
-
x25519_ge_scalarmult_base(&A, e);
|
3220
|
-
|
3221
|
-
// We only need the u-coordinate of the curve25519 point. The map is
|
3222
|
-
// u=(y+1)/(1-y). Since y=Y/Z, this gives u=(Z+Y)/(Z-Y).
|
3223
|
-
fe_loose zplusy, zminusy;
|
3224
|
-
fe zminusy_inv;
|
3225
|
-
fe_add(&zplusy, &A.Z, &A.Y);
|
3226
|
-
fe_sub(&zminusy, &A.Z, &A.Y);
|
3227
|
-
fe_loose_invert(&zminusy_inv, &zminusy);
|
3228
|
-
fe_mul_tlt(&zminusy_inv, &zplusy, &zminusy_inv);
|
3229
|
-
fe_tobytes(out_public_value, &zminusy_inv);
|
3230
|
-
}
|