RubyGems - rbnacl-libsodium - Versions diffs - 1.0.6 → 1.0.7 - Mend

rbnacl-libsodium 1.0.6 → 1.0.7

Files changed (243) hide show

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.h ADDED

@@ -0,0 +1,9 @@
+#ifndef curve25519_sandy2x_H
+#define curve25519_sandy2x_H
+#include "crypto_scalarmult_curve25519.h"
+extern struct crypto_scalarmult_curve25519_implementation
+    crypto_scalarmult_curve25519_sandy2x_implementation;
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h ADDED

@@ -0,0 +1,25 @@
+/*
+   This file is adapted from ref10/fe.h:
+   All the redundant functions are removed.
+*/
+#ifndef fe_H
+#define fe_H
+#include "crypto_uint64.h"
+typedef crypto_uint64 fe[10];
+/*
+fe means field element.
+Here the field is \Z/(2^255-19).
+An element t, entries t[0]...t[9], represents the integer
+t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
+Bounds on each t[i] vary depending on context.
+*/
+#define fe_frombytes crypto_scalarmult_curve25519_sandy2x_fe_frombytes
+extern void fe_frombytes(fe, const unsigned char *);
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h ADDED

@@ -0,0 +1,33 @@
+/*
+   This file is adapted from amd64-51/fe25519.h:
+   'fe25519' is renamed as 'fe51';
+   All the redundant functions are removed;
+   New function fe51_nsquare is introduced.
+*/
+#ifndef fe51_H
+#define fe51_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+#include "crypto_uint64.h"
+#include "fe51_namespace.h"
+typedef struct
+{
+  crypto_uint64 v[5];
+}
+fe51;
+extern void fe51_pack(unsigned char *, const fe51 *);
+extern void fe51_mul(fe51 *, const fe51 *, const fe51 *);
+extern void fe51_nsquare(fe51 *, const fe51 *, int);
+extern void fe51_invert(fe51 *, const fe51 *);
+#ifdef __cplusplus
+}
+#endif
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c ADDED

@@ -0,0 +1,57 @@
+/*
+   This file is adapted from amd64-51/fe25519_invert.c:
+   Loops of squares are replaced by nsquares for better performance.
+*/
+#include "fe51.h"
+#ifdef HAVE_AVX_ASM
+#define fe51_square(x, y) fe51_nsquare(x, y, 1)
+void fe51_invert(fe51 *r, const fe51 *x)
+{
+	fe51 z2;
+	fe51 z9;
+	fe51 z11;
+	fe51 z2_5_0;
+	fe51 z2_10_0;
+	fe51 z2_20_0;
+	fe51 z2_50_0;
+	fe51 z2_100_0;
+	fe51 t;
+	/* 2 */ fe51_square(&z2,x);
+	/* 4 */ fe51_square(&t,&z2);
+	/* 8 */ fe51_square(&t,&t);
+	/* 9 */ fe51_mul(&z9,&t,x);
+	/* 11 */ fe51_mul(&z11,&z9,&z2);
+	/* 22 */ fe51_square(&t,&z11);
+	/* 2^5 - 2^0 = 31 */ fe51_mul(&z2_5_0,&t,&z9);
+	/* 2^10 - 2^5 */ fe51_nsquare(&t,&z2_5_0, 5);
+	/* 2^10 - 2^0 */ fe51_mul(&z2_10_0,&t,&z2_5_0);
+	/* 2^20 - 2^10 */ fe51_nsquare(&t,&z2_10_0, 10);
+	/* 2^20 - 2^0 */ fe51_mul(&z2_20_0,&t,&z2_10_0);
+	/* 2^40 - 2^20 */ fe51_nsquare(&t,&z2_20_0, 20);
+	/* 2^40 - 2^0 */ fe51_mul(&t,&t,&z2_20_0);
+	/* 2^50 - 2^10 */ fe51_nsquare(&t,&t,10);
+	/* 2^50 - 2^0 */ fe51_mul(&z2_50_0,&t,&z2_10_0);
+	/* 2^100 - 2^50 */ fe51_nsquare(&t,&z2_50_0, 50);
+	/* 2^100 - 2^0 */ fe51_mul(&z2_100_0,&t,&z2_50_0);
+	/* 2^200 - 2^100 */ fe51_nsquare(&t,&z2_100_0, 100);
+	/* 2^200 - 2^0 */ fe51_mul(&t,&t,&z2_100_0);
+	/* 2^250 - 2^50 */ fe51_nsquare(&t,&t, 50);
+	/* 2^250 - 2^0 */ fe51_mul(&t,&t,&z2_50_0);
+	/* 2^255 - 2^5 */ fe51_nsquare(&t,&t,5);
+	/* 2^255 - 21 */ fe51_mul(r,&t,&z11);
+}
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S ADDED

@@ -0,0 +1,189 @@
+#ifdef IN_SANDY2X
+/*
+   This file is basically amd64-51/fe25519_mul.s.
+*/
+#include "fe51_namespace.h"
+#include "consts_namespace.h"
+.text
+.p2align 5
+.globl _fe51_mul
+.globl fe51_mul
+_fe51_mul:
+fe51_mul:
+mov %rsp,%r11
+and $31,%r11
+add $96,%r11
+sub %r11,%rsp
+movq %r11,0(%rsp)
+movq %r12,8(%rsp)
+movq %r13,16(%rsp)
+movq %r14,24(%rsp)
+movq %r15,32(%rsp)
+movq %rbx,40(%rsp)
+movq %rbp,48(%rsp)
+movq %rdi,56(%rsp)
+mov  %rdx,%rcx
+movq   24(%rsi),%rdx
+imulq  $19,%rdx,%rax
+movq %rax,64(%rsp)
+mulq  16(%rcx)
+mov  %rax,%r8
+mov  %rdx,%r9
+movq   32(%rsi),%rdx
+imulq  $19,%rdx,%rax
+movq %rax,72(%rsp)
+mulq  8(%rcx)
+add  %rax,%r8
+adc %rdx,%r9
+movq   0(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%r8
+adc %rdx,%r9
+movq   0(%rsi),%rax
+mulq  8(%rcx)
+mov  %rax,%r10
+mov  %rdx,%r11
+movq   0(%rsi),%rax
+mulq  16(%rcx)
+mov  %rax,%r12
+mov  %rdx,%r13
+movq   0(%rsi),%rax
+mulq  24(%rcx)
+mov  %rax,%r14
+mov  %rdx,%r15
+movq   0(%rsi),%rax
+mulq  32(%rcx)
+mov  %rax,%rbx
+mov  %rdx,%rbp
+movq   8(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%r10
+adc %rdx,%r11
+movq   8(%rsi),%rax
+mulq  8(%rcx)
+add  %rax,%r12
+adc %rdx,%r13
+movq   8(%rsi),%rax
+mulq  16(%rcx)
+add  %rax,%r14
+adc %rdx,%r15
+movq   8(%rsi),%rax
+mulq  24(%rcx)
+add  %rax,%rbx
+adc %rdx,%rbp
+movq   8(%rsi),%rdx
+imulq  $19,%rdx,%rax
+mulq  32(%rcx)
+add  %rax,%r8
+adc %rdx,%r9
+movq   16(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%r12
+adc %rdx,%r13
+movq   16(%rsi),%rax
+mulq  8(%rcx)
+add  %rax,%r14
+adc %rdx,%r15
+movq   16(%rsi),%rax
+mulq  16(%rcx)
+add  %rax,%rbx
+adc %rdx,%rbp
+movq   16(%rsi),%rdx
+imulq  $19,%rdx,%rax
+mulq  24(%rcx)
+add  %rax,%r8
+adc %rdx,%r9
+movq   16(%rsi),%rdx
+imulq  $19,%rdx,%rax
+mulq  32(%rcx)
+add  %rax,%r10
+adc %rdx,%r11
+movq   24(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%r14
+adc %rdx,%r15
+movq   24(%rsi),%rax
+mulq  8(%rcx)
+add  %rax,%rbx
+adc %rdx,%rbp
+movq 64(%rsp),%rax
+mulq  24(%rcx)
+add  %rax,%r10
+adc %rdx,%r11
+movq 64(%rsp),%rax
+mulq  32(%rcx)
+add  %rax,%r12
+adc %rdx,%r13
+movq   32(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%rbx
+adc %rdx,%rbp
+movq 72(%rsp),%rax
+mulq  16(%rcx)
+add  %rax,%r10
+adc %rdx,%r11
+movq 72(%rsp),%rax
+mulq  24(%rcx)
+add  %rax,%r12
+adc %rdx,%r13
+movq 72(%rsp),%rax
+mulq  32(%rcx)
+add  %rax,%r14
+adc %rdx,%r15
+movq REDMASK51(%rip),%rsi
+shld $13,%r8,%r9
+and  %rsi,%r8
+shld $13,%r10,%r11
+and  %rsi,%r10
+add  %r9,%r10
+shld $13,%r12,%r13
+and  %rsi,%r12
+add  %r11,%r12
+shld $13,%r14,%r15
+and  %rsi,%r14
+add  %r13,%r14
+shld $13,%rbx,%rbp
+and  %rsi,%rbx
+add  %r15,%rbx
+imulq  $19,%rbp,%rdx
+add  %rdx,%r8
+mov  %r8,%rdx
+shr  $51,%rdx
+add  %r10,%rdx
+mov  %rdx,%rcx
+shr  $51,%rdx
+and  %rsi,%r8
+add  %r12,%rdx
+mov  %rdx,%r9
+shr  $51,%rdx
+and  %rsi,%rcx
+add  %r14,%rdx
+mov  %rdx,%rax
+shr  $51,%rdx
+and  %rsi,%r9
+add  %rbx,%rdx
+mov  %rdx,%r10
+shr  $51,%rdx
+and  %rsi,%rax
+imulq  $19,%rdx,%rdx
+add  %rdx,%r8
+and  %rsi,%r10
+movq   %r8,0(%rdi)
+movq   %rcx,8(%rdi)
+movq   %r9,16(%rdi)
+movq   %rax,24(%rdi)
+movq   %r10,32(%rdi)
+movq 0(%rsp),%r11
+movq 8(%rsp),%r12
+movq 16(%rsp),%r13
+movq 24(%rsp),%r14
+movq 32(%rsp),%r15
+movq 40(%rsp),%rbx
+movq 48(%rsp),%rbp
+add %r11,%rsp
+mov %rdi,%rax
+mov %rsi,%rdx
+ret
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h ADDED

@@ -0,0 +1,16 @@
+#ifndef fe51_namespace_H
+#define fe51_namespace_H
+#define  fe51              crypto_scalarmult_curve25519_sandy2x_fe51
+#define _fe51             _crypto_scalarmult_curve25519_sandy2x_fe51
+#define  fe51_pack         crypto_scalarmult_curve25519_sandy2x_fe51_pack
+#define _fe51_pack        _crypto_scalarmult_curve25519_sandy2x_fe51_pack
+#define  fe51_mul          crypto_scalarmult_curve25519_sandy2x_fe51_mul
+#define _fe51_mul         _crypto_scalarmult_curve25519_sandy2x_fe51_mul
+#define  fe51_nsquare      crypto_scalarmult_curve25519_sandy2x_fe51_nsquare
+#define _fe51_nsquare     _crypto_scalarmult_curve25519_sandy2x_fe51_nsquare
+#define  fe51_invert       crypto_scalarmult_curve25519_sandy2x_fe51_invert
+#endif //ifndef fe51_namespace_H

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S ADDED

@@ -0,0 +1,165 @@
+#ifdef IN_SANDY2X
+/*
+   This file is adapted from amd64-51/fe25519_square.s:
+   Adding loop to perform n squares.
+*/
+#include "fe51_namespace.h"
+#include "consts_namespace.h"
+.p2align 5
+.globl fe51_nsquare
+.globl _fe51_nsquare
+#ifdef __ELF__
+.type  fe51_nsquare, @function
+.type _fe51_nsquare, @function
+#endif
+fe51_nsquare:
+_fe51_nsquare:
+mov %rsp,%r11
+and $31,%r11
+add $64,%r11
+sub %r11,%rsp
+movq %r11,0(%rsp)
+movq %r12,8(%rsp)
+movq %r13,16(%rsp)
+movq %r14,24(%rsp)
+movq %r15,32(%rsp)
+movq %rbx,40(%rsp)
+movq %rbp,48(%rsp)
+movq   0(%rsi),%rcx
+movq   8(%rsi),%r8
+movq   16(%rsi),%r9
+movq   24(%rsi),%rax
+movq   32(%rsi),%rsi
+movq   %r9,16(%rdi)
+movq   %rax,24(%rdi)
+movq   %rsi,32(%rdi)
+mov  %rdx,%rsi
+._loop:
+sub  $1,%rsi
+mov  %rcx,%rax
+mul  %rcx
+add  %rcx,%rcx
+mov  %rax,%r9
+mov  %rdx,%r10
+mov  %rcx,%rax
+mul  %r8
+mov  %rax,%r11
+mov  %rdx,%r12
+mov  %rcx,%rax
+mulq  16(%rdi)
+mov  %rax,%r13
+mov  %rdx,%r14
+mov  %rcx,%rax
+mulq  24(%rdi)
+mov  %rax,%r15
+mov  %rdx,%rbx
+mov  %rcx,%rax
+mulq  32(%rdi)
+mov  %rax,%rcx
+mov  %rdx,%rbp
+mov  %r8,%rax
+mul  %r8
+add  %r8,%r8
+add  %rax,%r13
+adc %rdx,%r14
+mov  %r8,%rax
+mulq  16(%rdi)
+add  %rax,%r15
+adc %rdx,%rbx
+mov  %r8,%rax
+imulq  $19, %r8,%r8
+mulq  24(%rdi)
+add  %rax,%rcx
+adc %rdx,%rbp
+mov  %r8,%rax
+mulq  32(%rdi)
+add  %rax,%r9
+adc %rdx,%r10
+movq   16(%rdi),%rax
+mulq  16(%rdi)
+add  %rax,%rcx
+adc %rdx,%rbp
+shld $13,%rcx,%rbp
+movq   16(%rdi),%rax
+imulq  $38, %rax,%rax
+mulq  24(%rdi)
+add  %rax,%r9
+adc %rdx,%r10
+shld $13,%r9,%r10
+movq   16(%rdi),%rax
+imulq  $38, %rax,%rax
+mulq  32(%rdi)
+add  %rax,%r11
+adc %rdx,%r12
+movq   24(%rdi),%rax
+imulq  $19, %rax,%rax
+mulq  24(%rdi)
+add  %rax,%r11
+adc %rdx,%r12
+shld $13,%r11,%r12
+movq   24(%rdi),%rax
+imulq  $38, %rax,%rax
+mulq  32(%rdi)
+add  %rax,%r13
+adc %rdx,%r14
+shld $13,%r13,%r14
+movq   32(%rdi),%rax
+imulq  $19, %rax,%rax
+mulq  32(%rdi)
+add  %rax,%r15
+adc %rdx,%rbx
+shld $13,%r15,%rbx
+movq REDMASK51(%rip),%rdx
+and  %rdx,%rcx
+add  %rbx,%rcx
+and  %rdx,%r9
+and  %rdx,%r11
+add  %r10,%r11
+and  %rdx,%r13
+add  %r12,%r13
+and  %rdx,%r15
+add  %r14,%r15
+imulq  $19, %rbp,%rbp
+lea  (%r9,%rbp),%r9
+mov  %r9,%rax
+shr  $51,%r9
+add  %r11,%r9
+and  %rdx,%rax
+mov  %r9,%r8
+shr  $51,%r9
+add  %r13,%r9
+and  %rdx,%r8
+mov  %r9,%r10
+shr  $51,%r9
+add  %r15,%r9
+and  %rdx,%r10
+movq   %r10,16(%rdi)
+mov  %r9,%r10
+shr  $51,%r9
+add  %rcx,%r9
+and  %rdx,%r10
+movq   %r10,24(%rdi)
+mov  %r9,%r10
+shr  $51,%r9
+imulq  $19, %r9,%r9
+lea  (%rax,%r9),%rcx
+and  %rdx,%r10
+movq   %r10,32(%rdi)
+cmp  $0,%rsi
+jne ._loop
+movq   %rcx,0(%rdi)
+movq   %r8,8(%rdi)
+movq 0(%rsp),%r11
+movq 8(%rsp),%r12
+movq 16(%rsp),%r13
+movq 24(%rsp),%r14
+movq 32(%rsp),%r15
+movq 40(%rsp),%rbx
+movq 48(%rsp),%rbp
+add %r11,%rsp
+ret
+#endif