rbnacl-libsodium 0.4.5a

Sign up to get free protection for your applications and to get access to all the features.
Files changed (409) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +35 -0
  3. data/.gitmodules +3 -0
  4. data/CHANGES.md +3 -0
  5. data/Gemfile +6 -0
  6. data/LICENSE +21 -0
  7. data/README.md +23 -0
  8. data/Rakefile +1 -0
  9. data/ext/rbnacl/extconf.rb +30 -0
  10. data/lib/rbnacl/libsodium.rb +11 -0
  11. data/lib/rbnacl/libsodium/version.rb +5 -0
  12. data/rbnacl-libsodium.gemspec +25 -0
  13. data/vendor/libsodium/AUTHORS +101 -0
  14. data/vendor/libsodium/ChangeLog +68 -0
  15. data/vendor/libsodium/LICENSE +16 -0
  16. data/vendor/libsodium/Makefile.am +20 -0
  17. data/vendor/libsodium/README +1 -0
  18. data/vendor/libsodium/README.markdown +246 -0
  19. data/vendor/libsodium/THANKS +17 -0
  20. data/vendor/libsodium/autogen.sh +16 -0
  21. data/vendor/libsodium/configure.ac +405 -0
  22. data/vendor/libsodium/dist-build/android.sh +48 -0
  23. data/vendor/libsodium/dist-build/iphone.sh +16 -0
  24. data/vendor/libsodium/dist-build/msys.sh +9 -0
  25. data/vendor/libsodium/libsodium.pc.in +11 -0
  26. data/vendor/libsodium/libsodium.sln +38 -0
  27. data/vendor/libsodium/libsodium.vcxproj +508 -0
  28. data/vendor/libsodium/libsodium.vcxproj.filters +569 -0
  29. data/vendor/libsodium/logo.png +0 -0
  30. data/vendor/libsodium/m4/ax_check_compile_flag.m4 +73 -0
  31. data/vendor/libsodium/m4/ax_check_gnu_make.m4 +78 -0
  32. data/vendor/libsodium/m4/ax_check_link_flag.m4 +72 -0
  33. data/vendor/libsodium/m4/ld-output-def.m4 +29 -0
  34. data/vendor/libsodium/m4/pkg.m4 +214 -0
  35. data/vendor/libsodium/msvc-scripts/Makefile.am +4 -0
  36. data/vendor/libsodium/msvc-scripts/process.bat +8 -0
  37. data/vendor/libsodium/msvc-scripts/rep.vbs +12 -0
  38. data/vendor/libsodium/msvc-scripts/sodium.props +25 -0
  39. data/vendor/libsodium/src/Makefile.am +3 -0
  40. data/vendor/libsodium/src/libsodium/Makefile.am +232 -0
  41. data/vendor/libsodium/src/libsodium/crypto_auth/crypto_auth.c +34 -0
  42. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256_api.c +16 -0
  43. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha256/checksum +1 -0
  44. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha256/ref/api.h +10 -0
  45. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha256/ref/hmac_hmacsha256.c +83 -0
  46. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha256/ref/verify_hmacsha256.c +9 -0
  47. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256_api.c +16 -0
  48. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/checksum +1 -0
  49. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/ref/api.h +10 -0
  50. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/ref/hmac_hmacsha512256.c +86 -0
  51. data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/ref/verify_hmacsha512256.c +9 -0
  52. data/vendor/libsodium/src/libsodium/crypto_auth/try.c +119 -0
  53. data/vendor/libsodium/src/libsodium/crypto_box/crypto_box.c +95 -0
  54. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305_api.c +41 -0
  55. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/checksum +1 -0
  56. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/after_curve25519xsalsa20poly1305.c +22 -0
  57. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/api.h +19 -0
  58. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/before_curve25519xsalsa20poly1305.c +19 -0
  59. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/box_curve25519xsalsa20poly1305.c +27 -0
  60. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c +12 -0
  61. data/vendor/libsodium/src/libsodium/crypto_box/try.c +195 -0
  62. data/vendor/libsodium/src/libsodium/crypto_core/hsalsa20/checksum +1 -0
  63. data/vendor/libsodium/src/libsodium/crypto_core/hsalsa20/core_hsalsa20_api.c +26 -0
  64. data/vendor/libsodium/src/libsodium/crypto_core/hsalsa20/ref2/api.h +11 -0
  65. data/vendor/libsodium/src/libsodium/crypto_core/hsalsa20/ref2/core_hsalsa20.c +108 -0
  66. data/vendor/libsodium/src/libsodium/crypto_core/salsa20/checksum +1 -0
  67. data/vendor/libsodium/src/libsodium/crypto_core/salsa20/core_salsa20_api.c +26 -0
  68. data/vendor/libsodium/src/libsodium/crypto_core/salsa20/ref/api.h +11 -0
  69. data/vendor/libsodium/src/libsodium/crypto_core/salsa20/ref/core_salsa20.c +134 -0
  70. data/vendor/libsodium/src/libsodium/crypto_core/salsa2012/checksum +1 -0
  71. data/vendor/libsodium/src/libsodium/crypto_core/salsa2012/core_salsa2012_api.c +26 -0
  72. data/vendor/libsodium/src/libsodium/crypto_core/salsa2012/ref/api.h +11 -0
  73. data/vendor/libsodium/src/libsodium/crypto_core/salsa2012/ref/core_salsa2012.c +134 -0
  74. data/vendor/libsodium/src/libsodium/crypto_core/salsa208/checksum +1 -0
  75. data/vendor/libsodium/src/libsodium/crypto_core/salsa208/core_salsa208_api.c +26 -0
  76. data/vendor/libsodium/src/libsodium/crypto_core/salsa208/ref/api.h +11 -0
  77. data/vendor/libsodium/src/libsodium/crypto_core/salsa208/ref/core_salsa208.c +134 -0
  78. data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/generichash_blake2_api.c +31 -0
  79. data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/api.h +4 -0
  80. data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h +132 -0
  81. data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2.h +169 -0
  82. data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c +364 -0
  83. data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2s-ref.c +355 -0
  84. data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/generichash_blake2b.c +61 -0
  85. data/vendor/libsodium/src/libsodium/crypto_generichash/crypto_generichash.c +84 -0
  86. data/vendor/libsodium/src/libsodium/crypto_hash/crypto_hash.c +9 -0
  87. data/vendor/libsodium/src/libsodium/crypto_hash/sha256/checksum +1 -0
  88. data/vendor/libsodium/src/libsodium/crypto_hash/sha256/hash_sha256_api.c +11 -0
  89. data/vendor/libsodium/src/libsodium/crypto_hash/sha256/ref/api.h +8 -0
  90. data/vendor/libsodium/src/libsodium/crypto_hash/sha256/ref/hash_sha256.c +69 -0
  91. data/vendor/libsodium/src/libsodium/crypto_hash/sha512/checksum +1 -0
  92. data/vendor/libsodium/src/libsodium/crypto_hash/sha512/hash_sha512_api.c +11 -0
  93. data/vendor/libsodium/src/libsodium/crypto_hash/sha512/ref/api.h +8 -0
  94. data/vendor/libsodium/src/libsodium/crypto_hash/sha512/ref/hash_sha512.c +71 -0
  95. data/vendor/libsodium/src/libsodium/crypto_hash/try.c +76 -0
  96. data/vendor/libsodium/src/libsodium/crypto_hashblocks/sha256/checksum +1 -0
  97. data/vendor/libsodium/src/libsodium/crypto_hashblocks/sha256/hashblocks_sha256_api.c +16 -0
  98. data/vendor/libsodium/src/libsodium/crypto_hashblocks/sha256/ref/api.h +9 -0
  99. data/vendor/libsodium/src/libsodium/crypto_hashblocks/sha256/ref/blocks_sha256.c +212 -0
  100. data/vendor/libsodium/src/libsodium/crypto_hashblocks/sha512/checksum +1 -0
  101. data/vendor/libsodium/src/libsodium/crypto_hashblocks/sha512/hashblocks_sha512_api.c +16 -0
  102. data/vendor/libsodium/src/libsodium/crypto_hashblocks/sha512/ref/api.h +9 -0
  103. data/vendor/libsodium/src/libsodium/crypto_hashblocks/sha512/ref/blocks_sha512.c +239 -0
  104. data/vendor/libsodium/src/libsodium/crypto_hashblocks/try.c +78 -0
  105. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/crypto_onetimeauth.c +34 -0
  106. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/53/api.h +8 -0
  107. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/53/auth_poly1305_53.c +1661 -0
  108. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/53/verify_poly1305_53.c +10 -0
  109. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/api.h +8 -0
  110. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c +151 -0
  111. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/portable-jane.h +772 -0
  112. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/verify_poly1305_donna.c +10 -0
  113. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c +36 -0
  114. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305_api.c +16 -0
  115. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305_try.c +152 -0
  116. data/vendor/libsodium/src/libsodium/crypto_scalarmult/crypto_scalarmult.c +34 -0
  117. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/checksum +1 -0
  118. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/api.h +9 -0
  119. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/base_curve25519_donna_c64.c +13 -0
  120. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c +426 -0
  121. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref/api.h +8 -0
  122. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref/base_curve25519_ref.c +20 -0
  123. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref/smult_curve25519_ref.c +268 -0
  124. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519_api.c +14 -0
  125. data/vendor/libsodium/src/libsodium/crypto_scalarmult/try.c +125 -0
  126. data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox.c +48 -0
  127. data/vendor/libsodium/src/libsodium/crypto_secretbox/try.c +129 -0
  128. data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/checksum +1 -0
  129. data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/api.h +12 -0
  130. data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/box_xsalsa20poly1305.c +35 -0
  131. data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305_api.c +26 -0
  132. data/vendor/libsodium/src/libsodium/crypto_shorthash/crypto_shorthash.c +27 -0
  133. data/vendor/libsodium/src/libsodium/crypto_shorthash/siphash24/ref/api.h +8 -0
  134. data/vendor/libsodium/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24.c +91 -0
  135. data/vendor/libsodium/src/libsodium/crypto_shorthash/siphash24/shorthash_siphash24_api.c +11 -0
  136. data/vendor/libsodium/src/libsodium/crypto_sign/crypto_sign.c +61 -0
  137. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/description +1 -0
  138. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/api.h +14 -0
  139. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/base.h +1344 -0
  140. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/base2.h +40 -0
  141. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/d.h +1 -0
  142. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/d2.h +1 -0
  143. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe.h +56 -0
  144. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_0.c +19 -0
  145. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_1.c +19 -0
  146. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_add.c +57 -0
  147. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_cmov.c +63 -0
  148. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_copy.c +29 -0
  149. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_frombytes.c +73 -0
  150. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_invert.c +14 -0
  151. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_isnegative.c +16 -0
  152. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_isnonzero.c +19 -0
  153. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_mul.c +253 -0
  154. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_neg.c +45 -0
  155. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_pow22523.c +13 -0
  156. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_sq.c +149 -0
  157. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_sq2.c +160 -0
  158. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_sub.c +57 -0
  159. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_tobytes.c +119 -0
  160. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge.h +95 -0
  161. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_add.c +11 -0
  162. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_add.h +97 -0
  163. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_double_scalarmult.c +96 -0
  164. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_frombytes.c +50 -0
  165. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_madd.c +11 -0
  166. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_madd.h +88 -0
  167. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_msub.c +11 -0
  168. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_msub.h +88 -0
  169. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p1p1_to_p2.c +12 -0
  170. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p1p1_to_p3.c +13 -0
  171. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p2_0.c +8 -0
  172. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p2_dbl.c +11 -0
  173. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p2_dbl.h +73 -0
  174. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_0.c +9 -0
  175. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_dbl.c +12 -0
  176. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_to_cached.c +17 -0
  177. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_to_p2.c +12 -0
  178. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_tobytes.c +14 -0
  179. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_precomp_0.c +8 -0
  180. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_scalarmult_base.c +105 -0
  181. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_sub.c +11 -0
  182. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_sub.h +97 -0
  183. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_tobytes.c +14 -0
  184. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/keypair.c +31 -0
  185. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/open.c +40 -0
  186. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/pow22523.h +160 -0
  187. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/pow225521.h +160 -0
  188. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sc.h +15 -0
  189. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sc_muladd.c +368 -0
  190. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sc_reduce.c +275 -0
  191. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sign.c +38 -0
  192. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sqrtm1.h +1 -0
  193. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c +26 -0
  194. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/api.h +13 -0
  195. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519.h +54 -0
  196. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519_edwards25519sha512batch.c +348 -0
  197. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519.h +34 -0
  198. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519_edwards25519sha512batch.c +230 -0
  199. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519.h +51 -0
  200. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519_edwards25519sha512batch.c +146 -0
  201. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c +102 -0
  202. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/sign_edwards25519sha512batch_api.c +21 -0
  203. data/vendor/libsodium/src/libsodium/crypto_sign/try.c +87 -0
  204. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/checksum +1 -0
  205. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/afternm_aes128ctr.c +159 -0
  206. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/api.h +14 -0
  207. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/beforenm_aes128ctr.c +59 -0
  208. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/common.h +788 -0
  209. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/common_aes128ctr.c +64 -0
  210. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/consts.h +28 -0
  211. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/consts_aes128ctr.c +14 -0
  212. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/int128.h +47 -0
  213. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/int128_aes128ctr.c +131 -0
  214. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/stream_aes128ctr.c +28 -0
  215. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/types.h +10 -0
  216. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/xor_afternm_aes128ctr.c +181 -0
  217. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/stream_aes128ctr_api.c +21 -0
  218. data/vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-be.h +274 -0
  219. data/vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-le.h +274 -0
  220. data/vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table.h +56 -0
  221. data/vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes256-ctr.c +238 -0
  222. data/vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes256.h +171 -0
  223. data/vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/api.h +14 -0
  224. data/vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h +27 -0
  225. data/vendor/libsodium/src/libsodium/crypto_stream/aes256estream/stream_aes256estream_api.c +21 -0
  226. data/vendor/libsodium/src/libsodium/crypto_stream/crypto_stream.c +36 -0
  227. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/amd64_xmm6/api.h +1 -0
  228. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/amd64_xmm6/stream_salsa20_amd64_xmm6.S +950 -0
  229. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/checksum +1 -0
  230. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/api.h +8 -0
  231. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/stream_salsa20_ref.c +55 -0
  232. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/xor_salsa20_ref.c +58 -0
  233. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/stream_salsa20_api.c +16 -0
  234. data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/checksum +1 -0
  235. data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/ref/api.h +11 -0
  236. data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012.c +51 -0
  237. data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/ref/xor_salsa2012.c +54 -0
  238. data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/stream_salsa2012_api.c +16 -0
  239. data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/checksum +1 -0
  240. data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/api.h +10 -0
  241. data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208.c +51 -0
  242. data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/xor_salsa208.c +54 -0
  243. data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/stream_salsa208_api.c +16 -0
  244. data/vendor/libsodium/src/libsodium/crypto_stream/try.c +122 -0
  245. data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/checksum +1 -0
  246. data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/api.h +11 -0
  247. data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/stream_xsalsa20.c +24 -0
  248. data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/xor_xsalsa20.c +25 -0
  249. data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20_api.c +16 -0
  250. data/vendor/libsodium/src/libsodium/crypto_verify/16/checksum +1 -0
  251. data/vendor/libsodium/src/libsodium/crypto_verify/16/ref/api.h +2 -0
  252. data/vendor/libsodium/src/libsodium/crypto_verify/16/ref/verify_16.c +24 -0
  253. data/vendor/libsodium/src/libsodium/crypto_verify/16/verify_16_api.c +6 -0
  254. data/vendor/libsodium/src/libsodium/crypto_verify/32/checksum +1 -0
  255. data/vendor/libsodium/src/libsodium/crypto_verify/32/ref/api.h +2 -0
  256. data/vendor/libsodium/src/libsodium/crypto_verify/32/ref/verify_32.c +40 -0
  257. data/vendor/libsodium/src/libsodium/crypto_verify/32/verify_32_api.c +6 -0
  258. data/vendor/libsodium/src/libsodium/crypto_verify/try.c +76 -0
  259. data/vendor/libsodium/src/libsodium/include/Makefile.am +63 -0
  260. data/vendor/libsodium/src/libsodium/include/sodium.h +48 -0
  261. data/vendor/libsodium/src/libsodium/include/sodium/core.h +18 -0
  262. data/vendor/libsodium/src/libsodium/include/sodium/crypto_auth.h +36 -0
  263. data/vendor/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha256.h +36 -0
  264. data/vendor/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h +36 -0
  265. data/vendor/libsodium/src/libsodium/include/sodium/crypto_box.h +83 -0
  266. data/vendor/libsodium/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h +72 -0
  267. data/vendor/libsodium/src/libsodium/include/sodium/crypto_core_hsalsa20.h +40 -0
  268. data/vendor/libsodium/src/libsodium/include/sodium/crypto_core_salsa20.h +40 -0
  269. data/vendor/libsodium/src/libsodium/include/sodium/crypto_core_salsa2012.h +40 -0
  270. data/vendor/libsodium/src/libsodium/include/sodium/crypto_core_salsa208.h +40 -0
  271. data/vendor/libsodium/src/libsodium/include/sodium/crypto_generichash.h +70 -0
  272. data/vendor/libsodium/src/libsodium/include/sodium/crypto_generichash_blake2b.h +87 -0
  273. data/vendor/libsodium/src/libsodium/include/sodium/crypto_hash.h +23 -0
  274. data/vendor/libsodium/src/libsodium/include/sodium/crypto_hash_sha256.h +29 -0
  275. data/vendor/libsodium/src/libsodium/include/sodium/crypto_hash_sha512.h +29 -0
  276. data/vendor/libsodium/src/libsodium/include/sodium/crypto_hashblocks_sha256.h +32 -0
  277. data/vendor/libsodium/src/libsodium/include/sodium/crypto_hashblocks_sha512.h +32 -0
  278. data/vendor/libsodium/src/libsodium/include/sodium/crypto_int32.h +8 -0
  279. data/vendor/libsodium/src/libsodium/include/sodium/crypto_int64.h +8 -0
  280. data/vendor/libsodium/src/libsodium/include/sodium/crypto_onetimeauth.h +37 -0
  281. data/vendor/libsodium/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h +65 -0
  282. data/vendor/libsodium/src/libsodium/include/sodium/crypto_onetimeauth_poly1305_53.h +34 -0
  283. data/vendor/libsodium/src/libsodium/include/sodium/crypto_onetimeauth_poly1305_donna.h +34 -0
  284. data/vendor/libsodium/src/libsodium/include/sodium/crypto_scalarmult.h +36 -0
  285. data/vendor/libsodium/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h.in +44 -0
  286. data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox.h +47 -0
  287. data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h +44 -0
  288. data/vendor/libsodium/src/libsodium/include/sodium/crypto_shorthash.h +33 -0
  289. data/vendor/libsodium/src/libsodium/include/sodium/crypto_shorthash_siphash24.h +29 -0
  290. data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign.h +61 -0
  291. data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_ed25519.h +52 -0
  292. data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h +44 -0
  293. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream.h +46 -0
  294. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_aes128ctr.h +60 -0
  295. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_aes256estream.h +61 -0
  296. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa20.h.in +54 -0
  297. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa2012.h +43 -0
  298. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa208.h +43 -0
  299. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_xsalsa20.h +44 -0
  300. data/vendor/libsodium/src/libsodium/include/sodium/crypto_uint16.h +8 -0
  301. data/vendor/libsodium/src/libsodium/include/sodium/crypto_uint32.h +8 -0
  302. data/vendor/libsodium/src/libsodium/include/sodium/crypto_uint64.h +8 -0
  303. data/vendor/libsodium/src/libsodium/include/sodium/crypto_uint8.h +8 -0
  304. data/vendor/libsodium/src/libsodium/include/sodium/crypto_verify_16.h +25 -0
  305. data/vendor/libsodium/src/libsodium/include/sodium/crypto_verify_32.h +25 -0
  306. data/vendor/libsodium/src/libsodium/include/sodium/export.h +32 -0
  307. data/vendor/libsodium/src/libsodium/include/sodium/randombytes.h +53 -0
  308. data/vendor/libsodium/src/libsodium/include/sodium/randombytes_salsa20_random.h +45 -0
  309. data/vendor/libsodium/src/libsodium/include/sodium/randombytes_sysrandom.h +45 -0
  310. data/vendor/libsodium/src/libsodium/include/sodium/utils.h +36 -0
  311. data/vendor/libsodium/src/libsodium/include/sodium/version.h.in +29 -0
  312. data/vendor/libsodium/src/libsodium/randombytes/randombytes.c +63 -0
  313. data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +317 -0
  314. data/vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +212 -0
  315. data/vendor/libsodium/src/libsodium/sodium/compat.c +248 -0
  316. data/vendor/libsodium/src/libsodium/sodium/core.c +21 -0
  317. data/vendor/libsodium/src/libsodium/sodium/utils.c +94 -0
  318. data/vendor/libsodium/src/libsodium/sodium/version.c +20 -0
  319. data/vendor/libsodium/test/Makefile.am +5 -0
  320. data/vendor/libsodium/test/default/Makefile.am +277 -0
  321. data/vendor/libsodium/test/default/auth.c +21 -0
  322. data/vendor/libsodium/test/default/auth.exp +4 -0
  323. data/vendor/libsodium/test/default/auth2.c +36 -0
  324. data/vendor/libsodium/test/default/auth2.exp +4 -0
  325. data/vendor/libsodium/test/default/auth3.c +36 -0
  326. data/vendor/libsodium/test/default/auth3.exp +1 -0
  327. data/vendor/libsodium/test/default/auth5.c +37 -0
  328. data/vendor/libsodium/test/default/auth5.exp +0 -0
  329. data/vendor/libsodium/test/default/box.c +65 -0
  330. data/vendor/libsodium/test/default/box.exp +19 -0
  331. data/vendor/libsodium/test/default/box2.c +66 -0
  332. data/vendor/libsodium/test/default/box2.exp +17 -0
  333. data/vendor/libsodium/test/default/box7.c +37 -0
  334. data/vendor/libsodium/test/default/box7.exp +0 -0
  335. data/vendor/libsodium/test/default/box8.c +44 -0
  336. data/vendor/libsodium/test/default/box8.exp +0 -0
  337. data/vendor/libsodium/test/default/cmptest.h +51 -0
  338. data/vendor/libsodium/test/default/core1.c +32 -0
  339. data/vendor/libsodium/test/default/core1.exp +4 -0
  340. data/vendor/libsodium/test/default/core2.c +35 -0
  341. data/vendor/libsodium/test/default/core2.exp +4 -0
  342. data/vendor/libsodium/test/default/core3.c +42 -0
  343. data/vendor/libsodium/test/default/core3.exp +1 -0
  344. data/vendor/libsodium/test/default/core4.c +35 -0
  345. data/vendor/libsodium/test/default/core4.exp +8 -0
  346. data/vendor/libsodium/test/default/core5.c +34 -0
  347. data/vendor/libsodium/test/default/core5.exp +4 -0
  348. data/vendor/libsodium/test/default/core6.c +49 -0
  349. data/vendor/libsodium/test/default/core6.exp +4 -0
  350. data/vendor/libsodium/test/default/generichash.c +27 -0
  351. data/vendor/libsodium/test/default/generichash.exp +64 -0
  352. data/vendor/libsodium/test/default/generichash2.c +31 -0
  353. data/vendor/libsodium/test/default/generichash2.exp +64 -0
  354. data/vendor/libsodium/test/default/hash.c +16 -0
  355. data/vendor/libsodium/test/default/hash.exp +1 -0
  356. data/vendor/libsodium/test/default/hash2.exp +1 -0
  357. data/vendor/libsodium/test/default/hash3.c +16 -0
  358. data/vendor/libsodium/test/default/hash3.exp +1 -0
  359. data/vendor/libsodium/test/default/onetimeauth.c +44 -0
  360. data/vendor/libsodium/test/default/onetimeauth.exp +2 -0
  361. data/vendor/libsodium/test/default/onetimeauth2.c +42 -0
  362. data/vendor/libsodium/test/default/onetimeauth2.exp +1 -0
  363. data/vendor/libsodium/test/default/onetimeauth7.c +37 -0
  364. data/vendor/libsodium/test/default/onetimeauth7.exp +0 -0
  365. data/vendor/libsodium/test/default/pre.js +33 -0
  366. data/vendor/libsodium/test/default/randombytes.c +16 -0
  367. data/vendor/libsodium/test/default/scalarmult.c +25 -0
  368. data/vendor/libsodium/test/default/scalarmult.exp +4 -0
  369. data/vendor/libsodium/test/default/scalarmult2.c +25 -0
  370. data/vendor/libsodium/test/default/scalarmult2.exp +4 -0
  371. data/vendor/libsodium/test/default/scalarmult5.c +32 -0
  372. data/vendor/libsodium/test/default/scalarmult5.exp +4 -0
  373. data/vendor/libsodium/test/default/scalarmult6.c +32 -0
  374. data/vendor/libsodium/test/default/scalarmult6.exp +4 -0
  375. data/vendor/libsodium/test/default/scalarmult7.c +34 -0
  376. data/vendor/libsodium/test/default/scalarmult7.exp +1 -0
  377. data/vendor/libsodium/test/default/scalarmult8.c +34 -0
  378. data/vendor/libsodium/test/default/scalarmult8.exp +1 -0
  379. data/vendor/libsodium/test/default/secretbox.c +58 -0
  380. data/vendor/libsodium/test/default/secretbox.exp +19 -0
  381. data/vendor/libsodium/test/default/secretbox2.c +59 -0
  382. data/vendor/libsodium/test/default/secretbox2.exp +17 -0
  383. data/vendor/libsodium/test/default/secretbox7.c +33 -0
  384. data/vendor/libsodium/test/default/secretbox7.exp +0 -0
  385. data/vendor/libsodium/test/default/secretbox8.c +40 -0
  386. data/vendor/libsodium/test/default/secretbox8.exp +0 -0
  387. data/vendor/libsodium/test/default/shorthash.c +23 -0
  388. data/vendor/libsodium/test/default/shorthash.exp +64 -0
  389. data/vendor/libsodium/test/default/sodium_core.c +11 -0
  390. data/vendor/libsodium/test/default/sodium_core.exp +1 -0
  391. data/vendor/libsodium/test/default/sodium_utils.c +27 -0
  392. data/vendor/libsodium/test/default/sodium_utils.exp +6 -0
  393. data/vendor/libsodium/test/default/sodium_version.c +13 -0
  394. data/vendor/libsodium/test/default/sodium_version.exp +3 -0
  395. data/vendor/libsodium/test/default/stream.c +30 -0
  396. data/vendor/libsodium/test/default/stream.exp +1 -0
  397. data/vendor/libsodium/test/default/stream2.c +28 -0
  398. data/vendor/libsodium/test/default/stream2.exp +1 -0
  399. data/vendor/libsodium/test/default/stream3.c +30 -0
  400. data/vendor/libsodium/test/default/stream3.exp +4 -0
  401. data/vendor/libsodium/test/default/stream4.c +55 -0
  402. data/vendor/libsodium/test/default/stream4.exp +17 -0
  403. data/vendor/libsodium/test/default/stream5.c +29 -0
  404. data/vendor/libsodium/test/default/stream5.exp +1 -0
  405. data/vendor/libsodium/test/default/stream6.c +54 -0
  406. data/vendor/libsodium/test/default/stream6.exp +17 -0
  407. data/vendor/libsodium/test/default/wintest.bat +56 -0
  408. data/vendor/libsodium/test/quirks/windows/windows-quirks.h +18 -0
  409. metadata +500 -0
@@ -0,0 +1,275 @@
1
+ #include "sc.h"
2
+ #include "crypto_int64.h"
3
+ #include "crypto_uint32.h"
4
+ #include "crypto_uint64.h"
5
+
6
+ static crypto_uint64 load_3(const unsigned char *in)
7
+ {
8
+ crypto_uint64 result;
9
+ result = (crypto_uint64) in[0];
10
+ result |= ((crypto_uint64) in[1]) << 8;
11
+ result |= ((crypto_uint64) in[2]) << 16;
12
+ return result;
13
+ }
14
+
15
+ static crypto_uint64 load_4(const unsigned char *in)
16
+ {
17
+ crypto_uint64 result;
18
+ result = (crypto_uint64) in[0];
19
+ result |= ((crypto_uint64) in[1]) << 8;
20
+ result |= ((crypto_uint64) in[2]) << 16;
21
+ result |= ((crypto_uint64) in[3]) << 24;
22
+ return result;
23
+ }
24
+
25
+ /*
26
+ Input:
27
+ s[0]+256*s[1]+...+256^63*s[63] = s
28
+
29
+ Output:
30
+ s[0]+256*s[1]+...+256^31*s[31] = s mod l
31
+ where l = 2^252 + 27742317777372353535851937790883648493.
32
+ Overwrites s in place.
33
+ */
34
+
35
+ void sc_reduce(unsigned char *s)
36
+ {
37
+ crypto_int64 s0 = 2097151 & load_3(s);
38
+ crypto_int64 s1 = 2097151 & (load_4(s + 2) >> 5);
39
+ crypto_int64 s2 = 2097151 & (load_3(s + 5) >> 2);
40
+ crypto_int64 s3 = 2097151 & (load_4(s + 7) >> 7);
41
+ crypto_int64 s4 = 2097151 & (load_4(s + 10) >> 4);
42
+ crypto_int64 s5 = 2097151 & (load_3(s + 13) >> 1);
43
+ crypto_int64 s6 = 2097151 & (load_4(s + 15) >> 6);
44
+ crypto_int64 s7 = 2097151 & (load_3(s + 18) >> 3);
45
+ crypto_int64 s8 = 2097151 & load_3(s + 21);
46
+ crypto_int64 s9 = 2097151 & (load_4(s + 23) >> 5);
47
+ crypto_int64 s10 = 2097151 & (load_3(s + 26) >> 2);
48
+ crypto_int64 s11 = 2097151 & (load_4(s + 28) >> 7);
49
+ crypto_int64 s12 = 2097151 & (load_4(s + 31) >> 4);
50
+ crypto_int64 s13 = 2097151 & (load_3(s + 34) >> 1);
51
+ crypto_int64 s14 = 2097151 & (load_4(s + 36) >> 6);
52
+ crypto_int64 s15 = 2097151 & (load_3(s + 39) >> 3);
53
+ crypto_int64 s16 = 2097151 & load_3(s + 42);
54
+ crypto_int64 s17 = 2097151 & (load_4(s + 44) >> 5);
55
+ crypto_int64 s18 = 2097151 & (load_3(s + 47) >> 2);
56
+ crypto_int64 s19 = 2097151 & (load_4(s + 49) >> 7);
57
+ crypto_int64 s20 = 2097151 & (load_4(s + 52) >> 4);
58
+ crypto_int64 s21 = 2097151 & (load_3(s + 55) >> 1);
59
+ crypto_int64 s22 = 2097151 & (load_4(s + 57) >> 6);
60
+ crypto_int64 s23 = (load_4(s + 60) >> 3);
61
+ crypto_int64 carry0;
62
+ crypto_int64 carry1;
63
+ crypto_int64 carry2;
64
+ crypto_int64 carry3;
65
+ crypto_int64 carry4;
66
+ crypto_int64 carry5;
67
+ crypto_int64 carry6;
68
+ crypto_int64 carry7;
69
+ crypto_int64 carry8;
70
+ crypto_int64 carry9;
71
+ crypto_int64 carry10;
72
+ crypto_int64 carry11;
73
+ crypto_int64 carry12;
74
+ crypto_int64 carry13;
75
+ crypto_int64 carry14;
76
+ crypto_int64 carry15;
77
+ crypto_int64 carry16;
78
+
79
+ s11 += s23 * 666643;
80
+ s12 += s23 * 470296;
81
+ s13 += s23 * 654183;
82
+ s14 -= s23 * 997805;
83
+ s15 += s23 * 136657;
84
+ s16 -= s23 * 683901;
85
+
86
+
87
+ s10 += s22 * 666643;
88
+ s11 += s22 * 470296;
89
+ s12 += s22 * 654183;
90
+ s13 -= s22 * 997805;
91
+ s14 += s22 * 136657;
92
+ s15 -= s22 * 683901;
93
+
94
+
95
+ s9 += s21 * 666643;
96
+ s10 += s21 * 470296;
97
+ s11 += s21 * 654183;
98
+ s12 -= s21 * 997805;
99
+ s13 += s21 * 136657;
100
+ s14 -= s21 * 683901;
101
+
102
+
103
+ s8 += s20 * 666643;
104
+ s9 += s20 * 470296;
105
+ s10 += s20 * 654183;
106
+ s11 -= s20 * 997805;
107
+ s12 += s20 * 136657;
108
+ s13 -= s20 * 683901;
109
+
110
+
111
+ s7 += s19 * 666643;
112
+ s8 += s19 * 470296;
113
+ s9 += s19 * 654183;
114
+ s10 -= s19 * 997805;
115
+ s11 += s19 * 136657;
116
+ s12 -= s19 * 683901;
117
+
118
+
119
+ s6 += s18 * 666643;
120
+ s7 += s18 * 470296;
121
+ s8 += s18 * 654183;
122
+ s9 -= s18 * 997805;
123
+ s10 += s18 * 136657;
124
+ s11 -= s18 * 683901;
125
+
126
+
127
+ carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
128
+ carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
129
+ carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
130
+ carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
131
+ carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
132
+ carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
133
+
134
+ carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
135
+ carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
136
+ carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
137
+ carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
138
+ carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
139
+
140
+ s5 += s17 * 666643;
141
+ s6 += s17 * 470296;
142
+ s7 += s17 * 654183;
143
+ s8 -= s17 * 997805;
144
+ s9 += s17 * 136657;
145
+ s10 -= s17 * 683901;
146
+
147
+
148
+ s4 += s16 * 666643;
149
+ s5 += s16 * 470296;
150
+ s6 += s16 * 654183;
151
+ s7 -= s16 * 997805;
152
+ s8 += s16 * 136657;
153
+ s9 -= s16 * 683901;
154
+
155
+
156
+ s3 += s15 * 666643;
157
+ s4 += s15 * 470296;
158
+ s5 += s15 * 654183;
159
+ s6 -= s15 * 997805;
160
+ s7 += s15 * 136657;
161
+ s8 -= s15 * 683901;
162
+
163
+
164
+ s2 += s14 * 666643;
165
+ s3 += s14 * 470296;
166
+ s4 += s14 * 654183;
167
+ s5 -= s14 * 997805;
168
+ s6 += s14 * 136657;
169
+ s7 -= s14 * 683901;
170
+
171
+
172
+ s1 += s13 * 666643;
173
+ s2 += s13 * 470296;
174
+ s3 += s13 * 654183;
175
+ s4 -= s13 * 997805;
176
+ s5 += s13 * 136657;
177
+ s6 -= s13 * 683901;
178
+
179
+
180
+ s0 += s12 * 666643;
181
+ s1 += s12 * 470296;
182
+ s2 += s12 * 654183;
183
+ s3 -= s12 * 997805;
184
+ s4 += s12 * 136657;
185
+ s5 -= s12 * 683901;
186
+ s12 = 0;
187
+
188
+ carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
189
+ carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
190
+ carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
191
+ carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
192
+ carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
193
+ carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
194
+
195
+ carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
196
+ carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
197
+ carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
198
+ carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
199
+ carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
200
+ carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
201
+
202
+ s0 += s12 * 666643;
203
+ s1 += s12 * 470296;
204
+ s2 += s12 * 654183;
205
+ s3 -= s12 * 997805;
206
+ s4 += s12 * 136657;
207
+ s5 -= s12 * 683901;
208
+ s12 = 0;
209
+
210
+ carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
211
+ carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
212
+ carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
213
+ carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
214
+ carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
215
+ carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
216
+ carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
217
+ carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
218
+ carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
219
+ carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
220
+ carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
221
+ carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
222
+
223
+ s0 += s12 * 666643;
224
+ s1 += s12 * 470296;
225
+ s2 += s12 * 654183;
226
+ s3 -= s12 * 997805;
227
+ s4 += s12 * 136657;
228
+ s5 -= s12 * 683901;
229
+
230
+
231
+ carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
232
+ carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
233
+ carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
234
+ carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
235
+ carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
236
+ carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
237
+ carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
238
+ carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
239
+ carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
240
+ carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
241
+ carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
242
+
243
+ s[0] = s0 >> 0;
244
+ s[1] = s0 >> 8;
245
+ s[2] = (s0 >> 16) | (s1 << 5);
246
+ s[3] = s1 >> 3;
247
+ s[4] = s1 >> 11;
248
+ s[5] = (s1 >> 19) | (s2 << 2);
249
+ s[6] = s2 >> 6;
250
+ s[7] = (s2 >> 14) | (s3 << 7);
251
+ s[8] = s3 >> 1;
252
+ s[9] = s3 >> 9;
253
+ s[10] = (s3 >> 17) | (s4 << 4);
254
+ s[11] = s4 >> 4;
255
+ s[12] = s4 >> 12;
256
+ s[13] = (s4 >> 20) | (s5 << 1);
257
+ s[14] = s5 >> 7;
258
+ s[15] = (s5 >> 15) | (s6 << 6);
259
+ s[16] = s6 >> 2;
260
+ s[17] = s6 >> 10;
261
+ s[18] = (s6 >> 18) | (s7 << 3);
262
+ s[19] = s7 >> 5;
263
+ s[20] = s7 >> 13;
264
+ s[21] = s8 >> 0;
265
+ s[22] = s8 >> 8;
266
+ s[23] = (s8 >> 16) | (s9 << 5);
267
+ s[24] = s9 >> 3;
268
+ s[25] = s9 >> 11;
269
+ s[26] = (s9 >> 19) | (s10 << 2);
270
+ s[27] = s10 >> 6;
271
+ s[28] = (s10 >> 14) | (s11 << 7);
272
+ s[29] = s11 >> 1;
273
+ s[30] = s11 >> 9;
274
+ s[31] = s11 >> 17;
275
+ }
@@ -0,0 +1,38 @@
1
+ #include "api.h"
2
+ #include "crypto_hash_sha512.h"
3
+ #include "ge.h"
4
+ #include "sc.h"
5
+
6
+ int crypto_sign(
7
+ unsigned char *sm,unsigned long long *smlen,
8
+ const unsigned char *m,unsigned long long mlen,
9
+ const unsigned char *sk
10
+ )
11
+ {
12
+ unsigned char az[64];
13
+ unsigned char r[64];
14
+ unsigned char hram[64];
15
+ ge_p3 R;
16
+ unsigned long long i;
17
+
18
+ crypto_hash_sha512(az,sk,32);
19
+ az[0] &= 248;
20
+ az[31] &= 63;
21
+ az[31] |= 64;
22
+
23
+ *smlen = mlen + 64;
24
+ for (i = 0;i < mlen;++i) sm[64 + i] = m[i];
25
+ for (i = 0;i < 32;++i) sm[32 + i] = az[32 + i];
26
+ crypto_hash_sha512(r,sm + 32,mlen + 32);
27
+ for (i = 0;i < 32;++i) sm[32 + i] = sk[32 + i];
28
+
29
+ sc_reduce(r);
30
+ ge_scalarmult_base(&R,r);
31
+ ge_p3_tobytes(sm,&R);
32
+
33
+ crypto_hash_sha512(hram,sm,mlen + 64);
34
+ sc_reduce(hram);
35
+ sc_muladd(sm + 32,hram,az,r);
36
+
37
+ return 0;
38
+ }
@@ -0,0 +1 @@
1
+ -32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482
@@ -0,0 +1,26 @@
1
+ #include "crypto_sign_ed25519.h"
2
+
3
+ size_t
4
+ crypto_sign_ed25519_bytes(void) {
5
+ return crypto_sign_ed25519_BYTES;
6
+ }
7
+
8
+ size_t
9
+ crypto_sign_ed25519_seedbytes(void) {
10
+ return crypto_sign_ed25519_SEEDBYTES;
11
+ }
12
+
13
+ size_t
14
+ crypto_sign_ed25519_publickeybytes(void) {
15
+ return crypto_sign_ed25519_PUBLICKEYBYTES;
16
+ }
17
+
18
+ size_t
19
+ crypto_sign_ed25519_secretkeybytes(void) {
20
+ return crypto_sign_ed25519_SECRETKEYBYTES;
21
+ }
22
+
23
+ const char *
24
+ crypto_sign_ed25519_primitive(void) {
25
+ return "ed25519";
26
+ }
@@ -0,0 +1,13 @@
1
+
2
+ #include "crypto_sign_edwards25519sha512batch.h"
3
+
4
+ #define crypto_sign crypto_sign_edwards25519sha512batch
5
+ #define crypto_sign_open crypto_sign_edwards25519sha512batch_open
6
+ #define crypto_sign_keypair crypto_sign_edwards25519sha512batch_keypair
7
+ #define crypto_sign_BYTES crypto_sign_edwards25519sha512batch_BYTES
8
+ #define crypto_sign_PUBLICKEYBYTES crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES
9
+ #define crypto_sign_SECRETKEYBYTES crypto_sign_edwards25519sha512batch_SECRETKEYBYTES
10
+ #define crypto_sign_PRIMITIVE "edwards25519sha512batch"
11
+ #define crypto_sign_IMPLEMENTATION crypto_sign_edwards25519sha512batch_IMPLEMENTATION
12
+ #define crypto_sign_VERSION crypto_sign_edwards25519sha512batch_VERSION
13
+
@@ -0,0 +1,54 @@
1
+ #ifndef FE25519_H
2
+ #define FE25519_H
3
+
4
+ #define fe25519 crypto_sign_edwards25519sha512batch_fe25519
5
+ #define fe25519_unpack crypto_sign_edwards25519sha512batch_fe25519_unpack
6
+ #define fe25519_pack crypto_sign_edwards25519sha512batch_fe25519_pack
7
+ #define fe25519_cmov crypto_sign_edwards25519sha512batch_fe25519_cmov
8
+ #define fe25519_setone crypto_sign_edwards25519sha512batch_fe25519_setone
9
+ #define fe25519_setzero crypto_sign_edwards25519sha512batch_fe25519_setzero
10
+ #define fe25519_neg crypto_sign_edwards25519sha512batch_fe25519_neg
11
+ #define fe25519_getparity crypto_sign_edwards25519sha512batch_fe25519_getparity
12
+ #define fe25519_add crypto_sign_edwards25519sha512batch_fe25519_add
13
+ #define fe25519_sub crypto_sign_edwards25519sha512batch_fe25519_sub
14
+ #define fe25519_mul crypto_sign_edwards25519sha512batch_fe25519_mul
15
+ #define fe25519_square crypto_sign_edwards25519sha512batch_fe25519_square
16
+ #define fe25519_pow crypto_sign_edwards25519sha512batch_fe25519_pow
17
+ #define fe25519_sqrt_vartime crypto_sign_edwards25519sha512batch_fe25519_sqrt_vartime
18
+ #define fe25519_invert crypto_sign_edwards25519sha512batch_fe25519_invert
19
+
20
+ #include "crypto_uint32.h"
21
+
22
+ typedef struct {
23
+ crypto_uint32 v[32];
24
+ } fe25519;
25
+
26
+ void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
27
+
28
+ void fe25519_pack(unsigned char r[32], const fe25519 *x);
29
+
30
+ void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b);
31
+
32
+ void fe25519_setone(fe25519 *r);
33
+
34
+ void fe25519_setzero(fe25519 *r);
35
+
36
+ void fe25519_neg(fe25519 *r, const fe25519 *x);
37
+
38
+ unsigned char fe25519_getparity(const fe25519 *x);
39
+
40
+ void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
41
+
42
+ void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
43
+
44
+ void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
45
+
46
+ void fe25519_square(fe25519 *r, const fe25519 *x);
47
+
48
+ void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e);
49
+
50
+ int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity);
51
+
52
+ void fe25519_invert(fe25519 *r, const fe25519 *x);
53
+
54
+ #endif
@@ -0,0 +1,348 @@
1
+ #include "fe25519.h"
2
+
3
+ #define WINDOWSIZE 4 /* Should be 1,2, or 4 */
4
+ #define WINDOWMASK ((1<<WINDOWSIZE)-1)
5
+
6
+ static void reduce_add_sub(fe25519 *r)
7
+ {
8
+ crypto_uint32 t;
9
+ int i,rep;
10
+
11
+ for(rep=0;rep<4;rep++)
12
+ {
13
+ t = r->v[31] >> 7;
14
+ r->v[31] &= 127;
15
+ t *= 19;
16
+ r->v[0] += t;
17
+ for(i=0;i<31;i++)
18
+ {
19
+ t = r->v[i] >> 8;
20
+ r->v[i+1] += t;
21
+ r->v[i] &= 255;
22
+ }
23
+ }
24
+ }
25
+
26
+ static void reduce_mul(fe25519 *r)
27
+ {
28
+ crypto_uint32 t;
29
+ int i,rep;
30
+
31
+ for(rep=0;rep<2;rep++)
32
+ {
33
+ t = r->v[31] >> 7;
34
+ r->v[31] &= 127;
35
+ t *= 19;
36
+ r->v[0] += t;
37
+ for(i=0;i<31;i++)
38
+ {
39
+ t = r->v[i] >> 8;
40
+ r->v[i+1] += t;
41
+ r->v[i] &= 255;
42
+ }
43
+ }
44
+ }
45
+
46
+ /* reduction modulo 2^255-19 */
47
+ static void freeze(fe25519 *r)
48
+ {
49
+ int i;
50
+ unsigned int m = (r->v[31] == 127);
51
+ for(i=30;i>1;i--)
52
+ m *= (r->v[i] == 255);
53
+ m *= (r->v[0] >= 237);
54
+
55
+ r->v[31] -= m*127;
56
+ for(i=30;i>0;i--)
57
+ r->v[i] -= m*255;
58
+ r->v[0] -= m*237;
59
+ }
60
+
61
+ /*freeze input before calling isone*/
62
+ static int isone(const fe25519 *x)
63
+ {
64
+ int i;
65
+ int r = (x->v[0] == 1);
66
+ for(i=1;i<32;i++)
67
+ r *= (x->v[i] == 0);
68
+ return r;
69
+ }
70
+
71
+ /*freeze input before calling iszero*/
72
+ static int iszero(const fe25519 *x)
73
+ {
74
+ int i;
75
+ int r = (x->v[0] == 0);
76
+ for(i=1;i<32;i++)
77
+ r *= (x->v[i] == 0);
78
+ return r;
79
+ }
80
+
81
+
82
+ static int issquare(const fe25519 *x)
83
+ {
84
+ unsigned char e[32] = {0xf6,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3f}; /* (p-1)/2 */
85
+ fe25519 t;
86
+
87
+ fe25519_pow(&t,x,e);
88
+ freeze(&t);
89
+ return isone(&t) || iszero(&t);
90
+ }
91
+
92
+ void fe25519_unpack(fe25519 *r, const unsigned char x[32])
93
+ {
94
+ int i;
95
+ for(i=0;i<32;i++) r->v[i] = x[i];
96
+ r->v[31] &= 127;
97
+ }
98
+
99
+ /* Assumes input x being reduced mod 2^255 */
100
+ void fe25519_pack(unsigned char r[32], const fe25519 *x)
101
+ {
102
+ int i;
103
+ unsigned int m;
104
+ for(i=0;i<32;i++)
105
+ r[i] = x->v[i];
106
+
107
+ /* freeze byte array */
108
+ m = (r[31] == 127); /* XXX: some compilers might use branches; fix */
109
+ for(i=30;i>1;i--)
110
+ m *= (r[i] == 255);
111
+ m *= (r[0] >= 237);
112
+ r[31] -= m*127;
113
+ for(i=30;i>0;i--)
114
+ r[i] -= m*255;
115
+ r[0] -= m*237;
116
+ }
117
+
118
+ void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b)
119
+ {
120
+ unsigned char nb = 1-b;
121
+ int i;
122
+ for(i=0;i<32;i++) r->v[i] = nb * r->v[i] + b * x->v[i];
123
+ }
124
+
125
+ unsigned char fe25519_getparity(const fe25519 *x)
126
+ {
127
+ fe25519 t;
128
+ int i;
129
+ for(i=0;i<32;i++) t.v[i] = x->v[i];
130
+ freeze(&t);
131
+ return t.v[0] & 1;
132
+ }
133
+
134
+ void fe25519_setone(fe25519 *r)
135
+ {
136
+ int i;
137
+ r->v[0] = 1;
138
+ for(i=1;i<32;i++) r->v[i]=0;
139
+ }
140
+
141
+ void fe25519_setzero(fe25519 *r)
142
+ {
143
+ int i;
144
+ for(i=0;i<32;i++) r->v[i]=0;
145
+ }
146
+
147
+ void fe25519_neg(fe25519 *r, const fe25519 *x)
148
+ {
149
+ fe25519 t;
150
+ int i;
151
+ for(i=0;i<32;i++) t.v[i]=x->v[i];
152
+ fe25519_setzero(r);
153
+ fe25519_sub(r, r, &t);
154
+ }
155
+
156
+ void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y)
157
+ {
158
+ int i;
159
+ for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
160
+ reduce_add_sub(r);
161
+ }
162
+
163
+ void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
164
+ {
165
+ int i;
166
+ crypto_uint32 t[32];
167
+ t[0] = x->v[0] + 0x1da;
168
+ t[31] = x->v[31] + 0xfe;
169
+ for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe;
170
+ for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i];
171
+ reduce_add_sub(r);
172
+ }
173
+
174
+ void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y)
175
+ {
176
+ int i,j;
177
+ crypto_uint32 t[63];
178
+ for(i=0;i<63;i++)t[i] = 0;
179
+
180
+ for(i=0;i<32;i++)
181
+ for(j=0;j<32;j++)
182
+ t[i+j] += x->v[i] * y->v[j];
183
+
184
+ for(i=32;i<63;i++)
185
+ r->v[i-32] = t[i-32] + 38*t[i];
186
+ r->v[31] = t[31]; /* result now in r[0]...r[31] */
187
+
188
+ reduce_mul(r);
189
+ }
190
+
191
+ void fe25519_square(fe25519 *r, const fe25519 *x)
192
+ {
193
+ fe25519_mul(r, x, x);
194
+ }
195
+
196
+ /*XXX: Make constant time! */
197
+ void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e)
198
+ {
199
+ /*
200
+ fe25519 g;
201
+ fe25519_setone(&g);
202
+ int i;
203
+ unsigned char j;
204
+ for(i=32;i>0;i--)
205
+ {
206
+ for(j=128;j>0;j>>=1)
207
+ {
208
+ fe25519_square(&g,&g);
209
+ if(e[i-1] & j)
210
+ fe25519_mul(&g,&g,x);
211
+ }
212
+ }
213
+ for(i=0;i<32;i++) r->v[i] = g.v[i];
214
+ */
215
+ fe25519 g;
216
+ int i,j,k;
217
+ fe25519 t;
218
+ unsigned char w;
219
+ fe25519 pre[(1 << WINDOWSIZE)];
220
+
221
+ fe25519_setone(&g);
222
+
223
+ // Precomputation
224
+ fe25519_setone(pre);
225
+ pre[1] = *x;
226
+ for(i=2;i<(1<<WINDOWSIZE);i+=2)
227
+ {
228
+ fe25519_square(pre+i, pre+i/2);
229
+ fe25519_mul(pre+i+1, pre+i, pre+1);
230
+ }
231
+
232
+ // Fixed-window scalar multiplication
233
+ for(i=32;i>0;i--)
234
+ {
235
+ for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE)
236
+ {
237
+ for(k=0;k<WINDOWSIZE;k++)
238
+ fe25519_square(&g, &g);
239
+ // Cache-timing resistant loading of precomputed value:
240
+ w = (e[i-1]>>j) & WINDOWMASK;
241
+ t = pre[0];
242
+ for(k=1;k<(1<<WINDOWSIZE);k++)
243
+ fe25519_cmov(&t, &pre[k], k==w);
244
+ fe25519_mul(&g, &g, &t);
245
+ }
246
+ }
247
+ *r = g;
248
+ }
249
+
250
+ /* Return 0 on success, 1 otherwise */
251
+ int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity)
252
+ {
253
+ unsigned char e[32] = {0xfb,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x1f}; /* (p-1)/4 */
254
+ unsigned char e2[32] = {0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0f}; /* (p+3)/8 */
255
+ unsigned char e3[32] = {0xfd,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0f}; /* (p-5)/8 */
256
+ fe25519 p = {{0}};
257
+ fe25519 d;
258
+ int i;
259
+
260
+ /* See HAC, Alg. 3.37 */
261
+ if (!issquare(x)) return -1;
262
+ fe25519_pow(&d,x,e);
263
+ freeze(&d);
264
+ if(isone(&d))
265
+ fe25519_pow(r,x,e2);
266
+ else
267
+ {
268
+ for(i=0;i<32;i++)
269
+ d.v[i] = 4*x->v[i];
270
+ fe25519_pow(&d,&d,e3);
271
+ for(i=0;i<32;i++)
272
+ r->v[i] = 2*x->v[i];
273
+ fe25519_mul(r,r,&d);
274
+ }
275
+ freeze(r);
276
+ if((r->v[0] & 1) != (parity & 1))
277
+ {
278
+ fe25519_sub(r,&p,r);
279
+ }
280
+ return 0;
281
+ }
282
+
283
+ void fe25519_invert(fe25519 *r, const fe25519 *x)
284
+ {
285
+ fe25519 z2;
286
+ fe25519 z9;
287
+ fe25519 z11;
288
+ fe25519 z2_5_0;
289
+ fe25519 z2_10_0;
290
+ fe25519 z2_20_0;
291
+ fe25519 z2_50_0;
292
+ fe25519 z2_100_0;
293
+ fe25519 t0;
294
+ fe25519 t1;
295
+ int i;
296
+
297
+ /* 2 */ fe25519_square(&z2,x);
298
+ /* 4 */ fe25519_square(&t1,&z2);
299
+ /* 8 */ fe25519_square(&t0,&t1);
300
+ /* 9 */ fe25519_mul(&z9,&t0,x);
301
+ /* 11 */ fe25519_mul(&z11,&z9,&z2);
302
+ /* 22 */ fe25519_square(&t0,&z11);
303
+ /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9);
304
+
305
+ /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0);
306
+ /* 2^7 - 2^2 */ fe25519_square(&t1,&t0);
307
+ /* 2^8 - 2^3 */ fe25519_square(&t0,&t1);
308
+ /* 2^9 - 2^4 */ fe25519_square(&t1,&t0);
309
+ /* 2^10 - 2^5 */ fe25519_square(&t0,&t1);
310
+ /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0);
311
+
312
+ /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0);
313
+ /* 2^12 - 2^2 */ fe25519_square(&t1,&t0);
314
+ /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
315
+ /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0);
316
+
317
+ /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0);
318
+ /* 2^22 - 2^2 */ fe25519_square(&t1,&t0);
319
+ /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
320
+ /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0);
321
+
322
+ /* 2^41 - 2^1 */ fe25519_square(&t1,&t0);
323
+ /* 2^42 - 2^2 */ fe25519_square(&t0,&t1);
324
+ /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
325
+ /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0);
326
+
327
+ /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0);
328
+ /* 2^52 - 2^2 */ fe25519_square(&t1,&t0);
329
+ /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
330
+ /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0);
331
+
332
+ /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0);
333
+ /* 2^102 - 2^2 */ fe25519_square(&t0,&t1);
334
+ /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
335
+ /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0);
336
+
337
+ /* 2^201 - 2^1 */ fe25519_square(&t0,&t1);
338
+ /* 2^202 - 2^2 */ fe25519_square(&t1,&t0);
339
+ /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
340
+ /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0);
341
+
342
+ /* 2^251 - 2^1 */ fe25519_square(&t1,&t0);
343
+ /* 2^252 - 2^2 */ fe25519_square(&t0,&t1);
344
+ /* 2^253 - 2^3 */ fe25519_square(&t1,&t0);
345
+ /* 2^254 - 2^4 */ fe25519_square(&t0,&t1);
346
+ /* 2^255 - 2^5 */ fe25519_square(&t1,&t0);
347
+ /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11);
348
+ }