RubyGems - rbnacl-libsodium - Versions diffs - 1.0.6 → 1.0.7 - Mend

rbnacl-libsodium 1.0.6 → 1.0.7

Files changed (243) hide show

data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/cp/api.h DELETED

@@ -1,9 +0,0 @@
-#include "crypto_auth_hmacsha512256.h"
-#define crypto_auth crypto_auth_hmacsha512256
-#define crypto_auth_verify crypto_auth_hmacsha512256_verify
-#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
-#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
-#define crypto_auth_IMPLEMENTATION crypto_auth_hmacsha512256_IMPLEMENTATION
-#define crypto_auth_VERSION crypto_auth_hmacsha512256_VERSION

data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/api.h DELETED

@@ -1,20 +0,0 @@
-#include "crypto_box_curve25519xsalsa20poly1305.h"
-#define crypto_box crypto_box_curve25519xsalsa20poly1305
-#define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open
-#define crypto_box_seed_keypair crypto_box_curve25519xsalsa20poly1305_seed_keypair
-#define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair
-#define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm
-#define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm
-#define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm
-#define crypto_box_SEEDBYTES crypto_box_curve25519xsalsa20poly1305_SEEDBYTES
-#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
-#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
-#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
-#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
-#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
-#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
-#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
-#define crypto_box_IMPLEMENTATION crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION
-#define crypto_box_VERSION crypto_box_curve25519xsalsa20poly1305_VERSION

data/vendor/libsodium/src/libsodium/crypto_core/hsalsa20/ref2/api.h DELETED

@@ -1,10 +0,0 @@
-#include "crypto_core_hsalsa20.h"
-#define crypto_core crypto_core_hsalsa20
-#define crypto_core_OUTPUTBYTES crypto_core_hsalsa20_OUTPUTBYTES
-#define crypto_core_INPUTBYTES crypto_core_hsalsa20_INPUTBYTES
-#define crypto_core_KEYBYTES crypto_core_hsalsa20_KEYBYTES
-#define crypto_core_CONSTBYTES crypto_core_hsalsa20_CONSTBYTES
-#define crypto_core_IMPLEMENTATION crypto_core_hsalsa20_IMPLEMENTATION
-#define crypto_core_VERSION crypto_core_hsalsa20_VERSION

data/vendor/libsodium/src/libsodium/crypto_core/salsa20/ref/api.h DELETED

@@ -1,10 +0,0 @@
-#include "crypto_core_salsa20.h"
-#define crypto_core crypto_core_salsa20
-#define crypto_core_OUTPUTBYTES crypto_core_salsa20_OUTPUTBYTES
-#define crypto_core_INPUTBYTES crypto_core_salsa20_INPUTBYTES
-#define crypto_core_KEYBYTES crypto_core_salsa20_KEYBYTES
-#define crypto_core_CONSTBYTES crypto_core_salsa20_CONSTBYTES
-#define crypto_core_IMPLEMENTATION crypto_core_salsa20_IMPLEMENTATION
-#define crypto_core_VERSION crypto_core_salsa20_VERSION

data/vendor/libsodium/src/libsodium/crypto_core/salsa2012/ref/api.h DELETED

@@ -1,10 +0,0 @@
-#include "crypto_core_salsa2012.h"
-#define crypto_core crypto_core_salsa2012
-#define crypto_core_OUTPUTBYTES crypto_core_salsa2012_OUTPUTBYTES
-#define crypto_core_INPUTBYTES crypto_core_salsa2012_INPUTBYTES
-#define crypto_core_KEYBYTES crypto_core_salsa2012_KEYBYTES
-#define crypto_core_CONSTBYTES crypto_core_salsa2012_CONSTBYTES
-#define crypto_core_IMPLEMENTATION crypto_core_salsa2012_IMPLEMENTATION
-#define crypto_core_VERSION crypto_core_salsa2012_VERSION

data/vendor/libsodium/src/libsodium/crypto_core/salsa208/ref/api.h DELETED

@@ -1,10 +0,0 @@
-#include "crypto_core_salsa208.h"
-#define crypto_core crypto_core_salsa208
-#define crypto_core_OUTPUTBYTES crypto_core_salsa208_OUTPUTBYTES
-#define crypto_core_INPUTBYTES crypto_core_salsa208_INPUTBYTES
-#define crypto_core_KEYBYTES crypto_core_salsa208_KEYBYTES
-#define crypto_core_CONSTBYTES crypto_core_salsa208_CONSTBYTES
-#define crypto_core_IMPLEMENTATION crypto_core_salsa208_IMPLEMENTATION
-#define crypto_core_VERSION crypto_core_salsa208_VERSION

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/api.h DELETED

	@@ -1,2 +0,0 @@
1	-
2	- #include "crypto_generichash_blake2b.h"

data/vendor/libsodium/src/libsodium/crypto_hash/sha256/cp/api.h DELETED

@@ -1,10 +0,0 @@
-#include "crypto_hash_sha256.h"
-#define crypto_hash crypto_hash_sha256
-#define crypto_hash_init crypto_hash_sha256_init
-#define crypto_hash_update crypto_hash_sha256_update
-#define crypto_hash_final crypto_hash_sha256_final
-#define crypto_hash_BYTES crypto_hash_sha256_BYTES
-#define crypto_hash_IMPLEMENTATION crypto_hash_sha256_IMPLEMENTATION
-#define crypto_hash_VERSION crypto_hash_sha256_VERSION

data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/api.h DELETED

@@ -1,10 +0,0 @@
-#include "crypto_hash_sha512.h"
-#define crypto_hash crypto_hash_sha512
-#define crypto_hash_init crypto_hash_sha512_init
-#define crypto_hash_update crypto_hash_sha512_update
-#define crypto_hash_final crypto_hash_sha512_final
-#define crypto_hash_BYTES crypto_hash_sha512_BYTES
-#define crypto_hash_IMPLEMENTATION crypto_hash_sha512_IMPLEMENTATION
-#define crypto_hash_VERSION crypto_hash_sha512_VERSION

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/api.h DELETED

@@ -1,6 +0,0 @@
-#include "crypto_scalarmult_curve25519.h"
-#define crypto_scalarmult crypto_scalarmult_curve25519
-#define crypto_scalarmult_base crypto_scalarmult_curve25519_base

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/base_curve25519_donna_c64.c DELETED

@@ -1,13 +0,0 @@
-#include "api.h"
-#ifdef HAVE_TI_MODE
-static const unsigned char basepoint[32] = {9};
-int crypto_scalarmult_base(unsigned char *q,const unsigned char *n)
-{
-  return crypto_scalarmult(q, n, basepoint);
-}
-#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/api.h DELETED

@@ -1,5 +0,0 @@
-#include "crypto_scalarmult_curve25519.h"
-#define crypto_scalarmult crypto_scalarmult_curve25519
-#define crypto_scalarmult_base crypto_scalarmult_curve25519_base

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/base_curve25519_ref10.c DELETED

@@ -1,14 +0,0 @@
-#include "api.h"
-#include "crypto_scalarmult.h"
-#ifndef HAVE_TI_MODE
-static const unsigned char basepoint[32] = {9};
-int crypto_scalarmult_base(unsigned char *q,const unsigned char *n)
-{
-  return crypto_scalarmult(q,n,basepoint);
-}
-#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/scalarmult_curve25519_ref10.c DELETED

@@ -1,54 +0,0 @@
-#include "api.h"
-#include "crypto_scalarmult.h"
-#include "fe.h"
-#ifndef HAVE_TI_MODE
-int crypto_scalarmult(unsigned char *q,
-  const unsigned char *n,
-  const unsigned char *p)
-{
-  unsigned char e[32];
-  unsigned int i;
-  fe x1;
-  fe x2;
-  fe z2;
-  fe x3;
-  fe z3;
-  fe tmp0;
-  fe tmp1;
-  int pos;
-  unsigned int swap;
-  unsigned int b;
-  for (i = 0;i < 32;++i) e[i] = n[i];
-  e[0] &= 248;
-  e[31] &= 127;
-  e[31] |= 64;
-  fe_frombytes(x1,p);
-  fe_1(x2);
-  fe_0(z2);
-  fe_copy(x3,x1);
-  fe_1(z3);
-  swap = 0;
-  for (pos = 254;pos >= 0;--pos) {
-    b = e[pos / 8] >> (pos & 7);
-    b &= 1;
-    swap ^= b;
-    fe_cswap(x2,x3,swap);
-    fe_cswap(z2,z3,swap);
-    swap = b;
-#include "montgomery.h"
-  }
-  fe_cswap(x2,x3,swap);
-  fe_cswap(z2,z3,swap);
-  fe_invert(z2,z2);
-  fe_mul(x2,x2,z2);
-  fe_tobytes(q,x2);
-  return 0;
-}
-#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519_api.c DELETED

@@ -1,14 +0,0 @@
-#include "crypto_scalarmult_curve25519.h"
-size_t
-crypto_scalarmult_curve25519_bytes(void)
-{
-    return crypto_scalarmult_curve25519_BYTES;
-}
-size_t
-crypto_scalarmult_curve25519_scalarbytes(void)
-{
-    return crypto_scalarmult_curve25519_SCALARBYTES;
-}

data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/api.h DELETED

@@ -1,11 +0,0 @@
-#include "crypto_secretbox_xsalsa20poly1305.h"
-#define crypto_secretbox crypto_secretbox_xsalsa20poly1305
-#define crypto_secretbox_open crypto_secretbox_xsalsa20poly1305_open
-#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
-#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
-#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
-#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
-#define crypto_secretbox_IMPLEMENTATION crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION
-#define crypto_secretbox_VERSION crypto_secretbox_xsalsa20poly1305_VERSION

data/vendor/libsodium/src/libsodium/crypto_shorthash/siphash24/ref/api.h DELETED

@@ -1,7 +0,0 @@
-#include "crypto_shorthash_siphash24.h"
-#define crypto_shorthash crypto_shorthash_siphash24
-#define crypto_shorthash_BYTES crypto_shorthash_siphash24_BYTES
-#define crypto_shorthash_IMPLEMENTATION crypto_shorthash_siphash24_IMPLEMENTATION
-#define crypto_shorthash_VERSION crypto_shorthash_siphash24_VERSION

data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/api.h DELETED

@@ -1,15 +0,0 @@
-#include "crypto_sign_ed25519.h"
-#define crypto_sign crypto_sign_ed25519
-#define crypto_sign_detached crypto_sign_ed25519_detached
-#define crypto_sign_open crypto_sign_ed25519_open
-#define crypto_sign_verify_detached crypto_sign_ed25519_verify_detached
-#define crypto_sign_keypair crypto_sign_ed25519_keypair
-#define crypto_sign_seed_keypair crypto_sign_ed25519_seed_keypair
-#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
-#define crypto_sign_SEEDBYTES crypto_sign_ed25519_SEEDBYTES
-#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
-#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
-#define crypto_sign_IMPLEMENTATION crypto_sign_ed25519_IMPLEMENTATION
-#define crypto_sign_VERSION crypto_sign_ed25519_VERSION

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/api.h DELETED

@@ -1,12 +0,0 @@
-#include "crypto_sign_edwards25519sha512batch.h"
-#define crypto_sign crypto_sign_edwards25519sha512batch
-#define crypto_sign_open crypto_sign_edwards25519sha512batch_open
-#define crypto_sign_keypair crypto_sign_edwards25519sha512batch_keypair
-#define crypto_sign_BYTES crypto_sign_edwards25519sha512batch_BYTES
-#define crypto_sign_PUBLICKEYBYTES crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES
-#define crypto_sign_SECRETKEYBYTES crypto_sign_edwards25519sha512batch_SECRETKEYBYTES
-#define crypto_sign_IMPLEMENTATION crypto_sign_edwards25519sha512batch_IMPLEMENTATION
-#define crypto_sign_VERSION crypto_sign_edwards25519sha512batch_VERSION

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519.h DELETED

@@ -1,54 +0,0 @@
-#ifndef FE25519_H
-#define FE25519_H
-#define fe25519 crypto_sign_edwards25519sha512batch_fe25519
-#define fe25519_unpack crypto_sign_edwards25519sha512batch_fe25519_unpack
-#define fe25519_pack crypto_sign_edwards25519sha512batch_fe25519_pack
-#define fe25519_cmov crypto_sign_edwards25519sha512batch_fe25519_cmov
-#define fe25519_setone crypto_sign_edwards25519sha512batch_fe25519_setone
-#define fe25519_setzero crypto_sign_edwards25519sha512batch_fe25519_setzero
-#define fe25519_neg crypto_sign_edwards25519sha512batch_fe25519_neg
-#define fe25519_getparity crypto_sign_edwards25519sha512batch_fe25519_getparity
-#define fe25519_add crypto_sign_edwards25519sha512batch_fe25519_add
-#define fe25519_sub crypto_sign_edwards25519sha512batch_fe25519_sub
-#define fe25519_mul crypto_sign_edwards25519sha512batch_fe25519_mul
-#define fe25519_square crypto_sign_edwards25519sha512batch_fe25519_square
-#define fe25519_pow crypto_sign_edwards25519sha512batch_fe25519_pow
-#define fe25519_sqrt_vartime crypto_sign_edwards25519sha512batch_fe25519_sqrt_vartime
-#define fe25519_invert crypto_sign_edwards25519sha512batch_fe25519_invert
-#include "crypto_uint32.h"
-typedef struct {
-  crypto_uint32 v[32];
-} fe25519;
-void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
-void fe25519_pack(unsigned char r[32], const fe25519 *x);
-void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b);
-void fe25519_setone(fe25519 *r);
-void fe25519_setzero(fe25519 *r);
-void fe25519_neg(fe25519 *r, const fe25519 *x);
-unsigned char fe25519_getparity(const fe25519 *x);
-void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
-void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
-void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
-void fe25519_square(fe25519 *r, const fe25519 *x);
-void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e);
-int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity);
-void fe25519_invert(fe25519 *r, const fe25519 *x);
-#endif

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519_edwards25519sha512batch.c DELETED

@@ -1,348 +0,0 @@
-#include "fe25519.h"
-#define WINDOWSIZE 4 /* Should be 1,2, or 4 */
-#define WINDOWMASK ((1<<WINDOWSIZE)-1)
-static void reduce_add_sub(fe25519 *r)
-{
-  crypto_uint32 t;
-  int i,rep;
-  for(rep=0;rep<4;rep++)
-  {
-    t = r->v[31] >> 7;
-    r->v[31] &= 127;
-    t *= 19;
-    r->v[0] += t;
-    for(i=0;i<31;i++)
-    {
-      t = r->v[i] >> 8;
-      r->v[i+1] += t;
-      r->v[i] &= 255;
-    }
-  }
-}
-static void reduce_mul(fe25519 *r)
-{
-  crypto_uint32 t;
-  int i,rep;
-  for(rep=0;rep<2;rep++)
-  {
-    t = r->v[31] >> 7;
-    r->v[31] &= 127;
-    t *= 19;
-    r->v[0] += t;
-    for(i=0;i<31;i++)
-    {
-      t = r->v[i] >> 8;
-      r->v[i+1] += t;
-      r->v[i] &= 255;
-    }
-  }
-}
-/* reduction modulo 2^255-19 */
-static void freeze(fe25519 *r)
-{
-  int i;
-  unsigned int m = (r->v[31] == 127);
-  for(i=30;i>1;i--)
-    m *= (r->v[i] == 255);
-  m *= (r->v[0] >= 237);
-  r->v[31] -= m*127;
-  for(i=30;i>0;i--)
-    r->v[i] -= m*255;
-  r->v[0] -= m*237;
-}
-/*freeze input before calling isone*/
-static int isone(const fe25519 *x)
-{
-  int i;
-  int r = (x->v[0] == 1);
-  for(i=1;i<32;i++)
-    r *= (x->v[i] == 0);
-  return r;
-}
-/*freeze input before calling iszero*/
-static int iszero(const fe25519 *x)
-{
-  int i;
-  int r = (x->v[0] == 0);
-  for(i=1;i<32;i++)
-    r *= (x->v[i] == 0);
-  return r;
-}
-static int issquare(const fe25519 *x)
-{
-  unsigned char e[32] = {0xf6,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3f}; /* (p-1)/2 */
-  fe25519 t;
-  fe25519_pow(&t,x,e);
-  freeze(&t);
-  return isone(&t) || iszero(&t);
-}
-void fe25519_unpack(fe25519 *r, const unsigned char x[32])
-{
-  int i;
-  for(i=0;i<32;i++) r->v[i] = x[i];
-  r->v[31] &= 127;
-}
-/* Assumes input x being reduced mod 2^255 */
-void fe25519_pack(unsigned char r[32], const fe25519 *x)
-{
-  int i;
-  unsigned int m;
-  for(i=0;i<32;i++)
-    r[i] = x->v[i];
-  /* freeze byte array */
-  m = (r[31] == 127); /* XXX: some compilers might use branches; fix */
-  for(i=30;i>1;i--)
-    m *= (r[i] == 255);
-  m *= (r[0] >= 237);
-  r[31] -= m*127;
-  for(i=30;i>0;i--)
-    r[i] -= m*255;
-  r[0] -= m*237;
-}
-void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b)
-{
-  unsigned char nb = 1-b;
-  int i;
-  for(i=0;i<32;i++) r->v[i] = nb * r->v[i] + b * x->v[i];
-}
-unsigned char fe25519_getparity(const fe25519 *x)
-{
-  fe25519 t;
-  int i;
-  for(i=0;i<32;i++) t.v[i] = x->v[i];
-  freeze(&t);
-  return t.v[0] & 1;
-}
-void fe25519_setone(fe25519 *r)
-{
-  int i;
-  r->v[0] = 1;
-  for(i=1;i<32;i++) r->v[i]=0;
-}
-void fe25519_setzero(fe25519 *r)
-{
-  int i;
-  for(i=0;i<32;i++) r->v[i]=0;
-}
-void fe25519_neg(fe25519 *r, const fe25519 *x)
-{
-  fe25519 t;
-  int i;
-  for(i=0;i<32;i++) t.v[i]=x->v[i];
-  fe25519_setzero(r);
-  fe25519_sub(r, r, &t);
-}
-void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y)
-{
-  int i;
-  for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
-  reduce_add_sub(r);
-}
-void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
-{
-  int i;
-  crypto_uint32 t[32];
-  t[0] = x->v[0] + 0x1da;
-  t[31] = x->v[31] + 0xfe;
-  for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe;
-  for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i];
-  reduce_add_sub(r);
-}
-void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y)
-{
-  int i,j;
-  crypto_uint32 t[63];
-  for(i=0;i<63;i++)t[i] = 0;
-  for(i=0;i<32;i++)
-    for(j=0;j<32;j++)
-      t[i+j] += x->v[i] * y->v[j];
-  for(i=32;i<63;i++)
-    r->v[i-32] = t[i-32] + 38*t[i];
-  r->v[31] = t[31]; /* result now in r[0]...r[31] */
-  reduce_mul(r);
-}
-void fe25519_square(fe25519 *r, const fe25519 *x)
-{
-  fe25519_mul(r, x, x);
-}
-/*XXX: Make constant time! */
-void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e)
-{
-  /*
-  fe25519 g;
-  fe25519_setone(&g);
-  int i;
-  unsigned char j;
-  for(i=32;i>0;i--)
-  {
-    for(j=128;j>0;j>>=1)
-    {
-      fe25519_square(&g,&g);
-      if(e[i-1] & j)
-        fe25519_mul(&g,&g,x);
-    }
-  }
-  for(i=0;i<32;i++) r->v[i] = g.v[i];
-  */
-  fe25519 g;
-  int i,j,k;
-  fe25519 t;
-  unsigned char w;
-  fe25519 pre[(1 << WINDOWSIZE)];
-  fe25519_setone(&g);
-  // Precomputation
-  fe25519_setone(pre);
-  pre[1] = *x;
-  for(i=2;i<(1<<WINDOWSIZE);i+=2)
-  {
-    fe25519_square(pre+i, pre+i/2);
-    fe25519_mul(pre+i+1, pre+i, pre+1);
-  }
-  // Fixed-window scalar multiplication
-  for(i=32;i>0;i--)
-  {
-    for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE)
-    {
-      for(k=0;k<WINDOWSIZE;k++)
-        fe25519_square(&g, &g);
-      // Cache-timing resistant loading of precomputed value:
-      w = (e[i-1]>>j) & WINDOWMASK;
-      t = pre[0];
-      for(k=1;k<(1<<WINDOWSIZE);k++)
-        fe25519_cmov(&t, &pre[k], k==w);
-      fe25519_mul(&g, &g, &t);
-    }
-  }
-  *r = g;
-}
-/* Return 0 on success, 1 otherwise */
-int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity)
-{
-  unsigned char e[32] = {0xfb,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x1f}; /* (p-1)/4 */
-  unsigned char e2[32] = {0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0f}; /* (p+3)/8 */
-  unsigned char e3[32] = {0xfd,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0f}; /* (p-5)/8 */
-  fe25519 p = {{0}};
-  fe25519 d;
-  int i;
-  /* See HAC, Alg. 3.37 */
-  if (!issquare(x)) return -1;
-  fe25519_pow(&d,x,e);
-  freeze(&d);
-  if(isone(&d))
-    fe25519_pow(r,x,e2);
-  else
-  {
-    for(i=0;i<32;i++)
-      d.v[i] = 4*x->v[i];
-    fe25519_pow(&d,&d,e3);
-    for(i=0;i<32;i++)
-      r->v[i] = 2*x->v[i];
-    fe25519_mul(r,r,&d);
-  }
-  freeze(r);
-  if((r->v[0] & 1) != (parity & 1))
-  {
-    fe25519_sub(r,&p,r);
-  }
-  return 0;
-}
-void fe25519_invert(fe25519 *r, const fe25519 *x)
-{
-        fe25519 z2;
-        fe25519 z9;
-        fe25519 z11;
-        fe25519 z2_5_0;
-        fe25519 z2_10_0;
-        fe25519 z2_20_0;
-        fe25519 z2_50_0;
-        fe25519 z2_100_0;
-        fe25519 t0;
-        fe25519 t1;
-        int i;
-        /* 2 */ fe25519_square(&z2,x);
-        /* 4 */ fe25519_square(&t1,&z2);
-        /* 8 */ fe25519_square(&t0,&t1);
-        /* 9 */ fe25519_mul(&z9,&t0,x);
-        /* 11 */ fe25519_mul(&z11,&z9,&z2);
-        /* 22 */ fe25519_square(&t0,&z11);
-        /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9);
-        /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0);
-        /* 2^7 - 2^2 */ fe25519_square(&t1,&t0);
-        /* 2^8 - 2^3 */ fe25519_square(&t0,&t1);
-        /* 2^9 - 2^4 */ fe25519_square(&t1,&t0);
-        /* 2^10 - 2^5 */ fe25519_square(&t0,&t1);
-        /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0);
-        /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0);
-        /* 2^12 - 2^2 */ fe25519_square(&t1,&t0);
-        /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
-        /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0);
-        /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0);
-        /* 2^22 - 2^2 */ fe25519_square(&t1,&t0);
-        /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
-        /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0);
-        /* 2^41 - 2^1 */ fe25519_square(&t1,&t0);
-        /* 2^42 - 2^2 */ fe25519_square(&t0,&t1);
-        /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
-        /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0);
-        /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0);
-        /* 2^52 - 2^2 */ fe25519_square(&t1,&t0);
-        /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
-        /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0);
-        /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0);
-        /* 2^102 - 2^2 */ fe25519_square(&t0,&t1);
-        /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
-        /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0);
-        /* 2^201 - 2^1 */ fe25519_square(&t0,&t1);
-        /* 2^202 - 2^2 */ fe25519_square(&t1,&t0);
-        /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
-        /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0);
-        /* 2^251 - 2^1 */ fe25519_square(&t1,&t0);
-        /* 2^252 - 2^2 */ fe25519_square(&t0,&t1);
-        /* 2^253 - 2^3 */ fe25519_square(&t1,&t0);
-        /* 2^254 - 2^4 */ fe25519_square(&t0,&t1);
-        /* 2^255 - 2^5 */ fe25519_square(&t1,&t0);
-        /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11);
-}