RubyGems - rbnacl-libsodium - Versions diffs - 1.0.15.1 → 1.0.16 - Mend

rbnacl-libsodium 1.0.15.1 → 1.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

data/vendor/libsodium/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h ADDED

@@ -0,0 +1,518 @@
+#include <string.h>
+#include "private/common.h"
+#include "utils.h"
+/*
+ h = 0
+ */
+static inline void
+fe25519_0(fe25519 h)
+{
+    memset(&h[0], 0, 5 * sizeof h[0]);
+}
+/*
+ h = 1
+ */
+static inline void
+fe25519_1(fe25519 h)
+{
+    h[0] = 1;
+    memset(&h[1], 0, 4 * sizeof h[0]);
+}
+/*
+ h = f + g
+ Can overlap h with f or g.
+ */
+static inline void
+fe25519_add(fe25519 h, const fe25519 f, const fe25519 g)
+{
+    uint64_t h0 = f[0] + g[0];
+    uint64_t h1 = f[1] + g[1];
+    uint64_t h2 = f[2] + g[2];
+    uint64_t h3 = f[3] + g[3];
+    uint64_t h4 = f[4] + g[4];
+    h[0] = h0;
+    h[1] = h1;
+    h[2] = h2;
+    h[3] = h3;
+    h[4] = h4;
+}
+/*
+ h = f - g
+ */
+static void
+fe25519_sub(fe25519 h, const fe25519 f, const fe25519 g)
+{
+    const uint64_t mask = 0x7ffffffffffffULL;
+    uint64_t h0, h1, h2, h3, h4;
+    h0 = g[0];
+    h1 = g[1];
+    h2 = g[2];
+    h3 = g[3];
+    h4 = g[4];
+    h1 += h0 >> 51;
+    h0 &= mask;
+    h2 += h1 >> 51;
+    h1 &= mask;
+    h3 += h2 >> 51;
+    h2 &= mask;
+    h4 += h3 >> 51;
+    h3 &= mask;
+    h0 += 19ULL * (h4 >> 51);
+    h4 &= mask;
+    h0 = (f[0] + 0xfffffffffffdaULL) - h0;
+    h1 = (f[1] + 0xffffffffffffeULL) - h1;
+    h2 = (f[2] + 0xffffffffffffeULL) - h2;
+    h3 = (f[3] + 0xffffffffffffeULL) - h3;
+    h4 = (f[4] + 0xffffffffffffeULL) - h4;
+    h[0] = h0;
+    h[1] = h1;
+    h[2] = h2;
+    h[3] = h3;
+    h[4] = h4;
+}
+/*
+ h = -f
+ */
+static inline void
+fe25519_neg(fe25519 h, const fe25519 f)
+{
+    fe25519 zero;
+    fe25519_0(zero);
+    fe25519_sub(h, zero, f);
+}
+/*
+ Replace (f,g) with (g,g) if b == 1;
+ replace (f,g) with (f,g) if b == 0.
+ *
+ Preconditions: b in {0,1}.
+ */
+static void
+fe25519_cmov(fe25519 f, const fe25519 g, unsigned int b)
+{
+    const uint64_t mask = (uint64_t) (-(int64_t) b);
+    uint64_t f0 = f[0];
+    uint64_t f1 = f[1];
+    uint64_t f2 = f[2];
+    uint64_t f3 = f[3];
+    uint64_t f4 = f[4];
+    uint64_t x0 = f0 ^ g[0];
+    uint64_t x1 = f1 ^ g[1];
+    uint64_t x2 = f2 ^ g[2];
+    uint64_t x3 = f3 ^ g[3];
+    uint64_t x4 = f4 ^ g[4];
+    x0 &= mask;
+    x1 &= mask;
+    x2 &= mask;
+    x3 &= mask;
+    x4 &= mask;
+    f[0] = f0 ^ x0;
+    f[1] = f1 ^ x1;
+    f[2] = f2 ^ x2;
+    f[3] = f3 ^ x3;
+    f[4] = f4 ^ x4;
+}
+/*
+Replace (f,g) with (g,f) if b == 1;
+replace (f,g) with (f,g) if b == 0.
+Preconditions: b in {0,1}.
+*/
+static void
+fe25519_cswap(fe25519 f, fe25519 g, unsigned int b)
+{
+    const uint64_t mask = (uint64_t) (-(int64_t) b);
+    uint64_t f0 = f[0];
+    uint64_t f1 = f[1];
+    uint64_t f2 = f[2];
+    uint64_t f3 = f[3];
+    uint64_t f4 = f[4];
+    uint64_t g0 = g[0];
+    uint64_t g1 = g[1];
+    uint64_t g2 = g[2];
+    uint64_t g3 = g[3];
+    uint64_t g4 = g[4];
+    uint64_t x0 = f0 ^ g0;
+    uint64_t x1 = f1 ^ g1;
+    uint64_t x2 = f2 ^ g2;
+    uint64_t x3 = f3 ^ g3;
+    uint64_t x4 = f4 ^ g4;
+    x0 &= mask;
+    x1 &= mask;
+    x2 &= mask;
+    x3 &= mask;
+    x4 &= mask;
+    f[0] = f0 ^ x0;
+    f[1] = f1 ^ x1;
+    f[2] = f2 ^ x2;
+    f[3] = f3 ^ x3;
+    f[4] = f4 ^ x4;
+    g[0] = g0 ^ x0;
+    g[1] = g1 ^ x1;
+    g[2] = g2 ^ x2;
+    g[3] = g3 ^ x3;
+    g[4] = g4 ^ x4;
+}
+/*
+ h = f
+ */
+static inline void
+fe25519_copy(fe25519 h, const fe25519 f)
+{
+    uint64_t f0 = f[0];
+    uint64_t f1 = f[1];
+    uint64_t f2 = f[2];
+    uint64_t f3 = f[3];
+    uint64_t f4 = f[4];
+    h[0] = f0;
+    h[1] = f1;
+    h[2] = f2;
+    h[3] = f3;
+    h[4] = f4;
+}
+/*
+ return 1 if f is in {1,3,5,...,q-2}
+ return 0 if f is in {0,2,4,...,q-1}
+ */
+static inline int
+fe25519_isnegative(const fe25519 f)
+{
+    unsigned char s[32];
+    fe25519_tobytes(s, f);
+    return s[0] & 1;
+}
+/*
+ return 1 if f == 0
+ return 0 if f != 0
+ */
+static inline int
+fe25519_iszero(const fe25519 f)
+{
+    unsigned char s[32];
+    fe25519_tobytes(s, f);
+    return sodium_is_zero(s, 32);
+}
+/*
+ h = f * g
+ Can overlap h with f or g.
+ */
+static void
+fe25519_mul(fe25519 h, const fe25519 f, const fe25519 g)
+{
+    const uint64_t mask = 0x7ffffffffffffULL;
+    uint128_t r0, r1, r2, r3, r4, carry;
+    uint64_t  f0, f1, f2, f3, f4;
+    uint64_t  f1_19, f2_19, f3_19, f4_19;
+    uint64_t  g0, g1, g2, g3, g4;
+    uint64_t  r00, r01, r02, r03, r04;
+    f0 = f[0];
+    f1 = f[1];
+    f2 = f[2];
+    f3 = f[3];
+    f4 = f[4];
+    g0 = g[0];
+    g1 = g[1];
+    g2 = g[2];
+    g3 = g[3];
+    g4 = g[4];
+    f1_19 = 19ULL * f1;
+    f2_19 = 19ULL * f2;
+    f3_19 = 19ULL * f3;
+    f4_19 = 19ULL * f4;
+    r0  = ((uint128_t) f0   ) * ((uint128_t) g0);
+    r0 += ((uint128_t) f1_19) * ((uint128_t) g4);
+    r0 += ((uint128_t) f2_19) * ((uint128_t) g3);
+    r0 += ((uint128_t) f3_19) * ((uint128_t) g2);
+    r0 += ((uint128_t) f4_19) * ((uint128_t) g1);
+    r1  = ((uint128_t) f0   ) * ((uint128_t) g1);
+    r1 += ((uint128_t) f1   ) * ((uint128_t) g0);
+    r1 += ((uint128_t) f2_19) * ((uint128_t) g4);
+    r1 += ((uint128_t) f3_19) * ((uint128_t) g3);
+    r1 += ((uint128_t) f4_19) * ((uint128_t) g2);
+    r2  = ((uint128_t) f0   ) * ((uint128_t) g2);
+    r2 += ((uint128_t) f1   ) * ((uint128_t) g1);
+    r2 += ((uint128_t) f2   ) * ((uint128_t) g0);
+    r2 += ((uint128_t) f3_19) * ((uint128_t) g4);
+    r2 += ((uint128_t) f4_19) * ((uint128_t) g3);
+    r3  = ((uint128_t) f0   ) * ((uint128_t) g3);
+    r3 += ((uint128_t) f1   ) * ((uint128_t) g2);
+    r3 += ((uint128_t) f2   ) * ((uint128_t) g1);
+    r3 += ((uint128_t) f3   ) * ((uint128_t) g0);
+    r3 += ((uint128_t) f4_19) * ((uint128_t) g4);
+    r4  = ((uint128_t) f0   ) * ((uint128_t) g4);
+    r4 += ((uint128_t) f1   ) * ((uint128_t) g3);
+    r4 += ((uint128_t) f2   ) * ((uint128_t) g2);
+    r4 += ((uint128_t) f3   ) * ((uint128_t) g1);
+    r4 += ((uint128_t) f4   ) * ((uint128_t) g0);
+    r00    = ((uint64_t) r0) & mask;
+    carry  = r0 >> 51;
+    r1    += carry;
+    r01    = ((uint64_t) r1) & mask;
+    carry  = r1 >> 51;
+    r2    += carry;
+    r02    = ((uint64_t) r2) & mask;
+    carry  = r2 >> 51;
+    r3    += carry;
+    r03    = ((uint64_t) r3) & mask;
+    carry  = r3 >> 51;
+    r4    += carry;
+    r04    = ((uint64_t) r4) & mask;
+    carry  = r4 >> 51;
+    r00   += 19ULL * (uint64_t) carry;
+    carry  = r00 >> 51;
+    r00   &= mask;
+    r01   += (uint64_t) carry;
+    carry  = r01 >> 51;
+    r01   &= mask;
+    r02   += (uint64_t) carry;
+    h[0] = r00;
+    h[1] = r01;
+    h[2] = r02;
+    h[3] = r03;
+    h[4] = r04;
+}
+/*
+ h = f * f
+ Can overlap h with f.
+ */
+static void
+fe25519_sq(fe25519 h, const fe25519 f)
+{
+    const uint64_t mask = 0x7ffffffffffffULL;
+    uint128_t r0, r1, r2, r3, r4, carry;
+    uint64_t  f0, f1, f2, f3, f4;
+    uint64_t  f0_2, f1_2, f1_38, f2_38, f3_38, f3_19, f4_19;
+    uint64_t  r00, r01, r02, r03, r04;
+    f0 = f[0];
+    f1 = f[1];
+    f2 = f[2];
+    f3 = f[3];
+    f4 = f[4];
+    f0_2 = f0 << 1;
+    f1_2 = f1 << 1;
+    f1_38 = 38ULL * f1;
+    f2_38 = 38ULL * f2;
+    f3_38 = 38ULL * f3;
+    f3_19 = 19ULL * f3;
+    f4_19 = 19ULL * f4;
+    r0  = ((uint128_t) f0   ) * ((uint128_t) f0);
+    r0 += ((uint128_t) f1_38) * ((uint128_t) f4);
+    r0 += ((uint128_t) f2_38) * ((uint128_t) f3);
+    r1  = ((uint128_t) f0_2 ) * ((uint128_t) f1);
+    r1 += ((uint128_t) f2_38) * ((uint128_t) f4);
+    r1 += ((uint128_t) f3_19) * ((uint128_t) f3);
+    r2  = ((uint128_t) f0_2 ) * ((uint128_t) f2);
+    r2 += ((uint128_t) f1   ) * ((uint128_t) f1);
+    r2 += ((uint128_t) f3_38) * ((uint128_t) f4);
+    r3  = ((uint128_t) f0_2 ) * ((uint128_t) f3);
+    r3 += ((uint128_t) f1_2 ) * ((uint128_t) f2);
+    r3 += ((uint128_t) f4_19) * ((uint128_t) f4);
+    r4  = ((uint128_t) f0_2 ) * ((uint128_t) f4);
+    r4 += ((uint128_t) f1_2 ) * ((uint128_t) f3);
+    r4 += ((uint128_t) f2   ) * ((uint128_t) f2);
+    r00    = ((uint64_t) r0) & mask;
+    carry  = r0 >> 51;
+    r1    += carry;
+    r01    = ((uint64_t) r1) & mask;
+    carry  = r1 >> 51;
+    r2    += carry;
+    r02    = ((uint64_t) r2) & mask;
+    carry  = r2 >> 51;
+    r3    += carry;
+    r03    = ((uint64_t) r3) & mask;
+    carry  = r3 >> 51;
+    r4    += carry;
+    r04    = ((uint64_t) r4) & mask;
+    carry  = r4 >> 51;
+    r00   += 19ULL * (uint64_t) carry;
+    carry  = r00 >> 51;
+    r00   &= mask;
+    r01   += (uint64_t) carry;
+    carry  = r01 >> 51;
+    r01   &= mask;
+    r02   += (uint64_t) carry;
+    h[0] = r00;
+    h[1] = r01;
+    h[2] = r02;
+    h[3] = r03;
+    h[4] = r04;
+}
+/*
+ h = 2 * f * f
+ Can overlap h with f.
+*/
+static void
+fe25519_sq2(fe25519 h, const fe25519 f)
+{
+    const uint64_t mask = 0x7ffffffffffffULL;
+    uint128_t r0, r1, r2, r3, r4, carry;
+    uint64_t  f0, f1, f2, f3, f4;
+    uint64_t  f0_2, f1_2, f1_38, f2_38, f3_38, f3_19, f4_19;
+    uint64_t  r00, r01, r02, r03, r04;
+    f0 = f[0];
+    f1 = f[1];
+    f2 = f[2];
+    f3 = f[3];
+    f4 = f[4];
+    f0_2 = f0 << 1;
+    f1_2 = f1 << 1;
+    f1_38 = 38ULL * f1;
+    f2_38 = 38ULL * f2;
+    f3_38 = 38ULL * f3;
+    f3_19 = 19ULL * f3;
+    f4_19 = 19ULL * f4;
+    r0  = ((uint128_t) f0   ) * ((uint128_t) f0);
+    r0 += ((uint128_t) f1_38) * ((uint128_t) f4);
+    r0 += ((uint128_t) f2_38) * ((uint128_t) f3);
+    r1  = ((uint128_t) f0_2 ) * ((uint128_t) f1);
+    r1 += ((uint128_t) f2_38) * ((uint128_t) f4);
+    r1 += ((uint128_t) f3_19) * ((uint128_t) f3);
+    r2  = ((uint128_t) f0_2 ) * ((uint128_t) f2);
+    r2 += ((uint128_t) f1   ) * ((uint128_t) f1);
+    r2 += ((uint128_t) f3_38) * ((uint128_t) f4);
+    r3  = ((uint128_t) f0_2 ) * ((uint128_t) f3);
+    r3 += ((uint128_t) f1_2 ) * ((uint128_t) f2);
+    r3 += ((uint128_t) f4_19) * ((uint128_t) f4);
+    r4  = ((uint128_t) f0_2 ) * ((uint128_t) f4);
+    r4 += ((uint128_t) f1_2 ) * ((uint128_t) f3);
+    r4 += ((uint128_t) f2   ) * ((uint128_t) f2);
+    r0 <<= 1;
+    r1 <<= 1;
+    r2 <<= 1;
+    r3 <<= 1;
+    r4 <<= 1;
+    r00    = ((uint64_t) r0) & mask;
+    carry  = r0 >> 51;
+    r1    += carry;
+    r01    = ((uint64_t) r1) & mask;
+    carry  = r1 >> 51;
+    r2    += carry;
+    r02    = ((uint64_t) r2) & mask;
+    carry  = r2 >> 51;
+    r3    += carry;
+    r03    = ((uint64_t) r3) & mask;
+    carry  = r3 >> 51;
+    r4    += carry;
+    r04    = ((uint64_t) r4) & mask;
+    carry  = r4 >> 51;
+    r00   += 19ULL * (uint64_t) carry;
+    carry  = r00 >> 51;
+    r00   &= mask;
+    r01   += (uint64_t) carry;
+    carry  = r01 >> 51;
+    r01   &= mask;
+    r02   += (uint64_t) carry;
+    h[0] = r00;
+    h[1] = r01;
+    h[2] = r02;
+    h[3] = r03;
+    h[4] = r04;
+}
+static void
+fe25519_scalar_product(fe25519 h, const fe25519 f, uint32_t n)
+{
+    const uint64_t mask = 0x7ffffffffffffULL;
+    uint128_t a;
+    uint128_t sn = (uint128_t) n;
+    uint64_t  h0, h1, h2, h3, h4;
+    a  = f[0] * sn;
+    h0 = ((uint64_t) a) & mask;
+    a  = f[1] * sn + ((uint64_t) (a >> 51));
+    h1 = ((uint64_t) a) & mask;
+    a  = f[2] * sn + ((uint64_t) (a >> 51));
+    h2 = ((uint64_t) a) & mask;
+    a  = f[3] * sn + ((uint64_t) (a >> 51));
+    h3 = ((uint64_t) a) & mask;
+    a  = f[4] * sn + ((uint64_t) (a >> 51));
+    h4 = ((uint64_t) a) & mask;
+    h0 += (a >> 51) * 19ULL;
+    h[0] = h0;
+    h[1] = h1;
+    h[2] = h2;
+    h[3] = h3;
+    h[4] = h4;
+}