├── .gitignore ├── .travis.yml ├── LICENSE ├── README.md ├── binding.gyp ├── index.js ├── index.test.js ├── lib ├── cryptonight.cc └── vendor │ ├── CMakeLists.txt │ ├── CryptonightR_JIT.c │ ├── CryptonightR_JIT.h │ ├── CryptonightR_template.S │ ├── CryptonightR_template.h │ ├── aesb.c │ ├── blake256.c │ ├── blake256.h │ ├── chacha.c │ ├── chacha.h │ ├── common │ ├── CMakeLists.txt │ ├── apply_permutation.h │ ├── base58.cpp │ ├── base58.h │ ├── boost_serialization_helper.h │ ├── command_line.cpp │ ├── command_line.h │ ├── common_fwd.h │ ├── dns_utils.cpp │ ├── dns_utils.h │ ├── download.cpp │ ├── download.h │ ├── http_connection.h │ ├── i18n.cpp │ ├── i18n.h │ ├── int-util.h │ ├── json_util.h │ ├── memwipe.c │ ├── memwipe.h │ ├── password.cpp │ ├── password.h │ ├── perf_timer.cpp │ ├── perf_timer.h │ ├── pod-class.h │ ├── rpc_client.h │ ├── scoped_message_writer.h │ ├── sfinae_helpers.h │ ├── stack_trace.cpp │ ├── stack_trace.h │ ├── threadpool.cpp │ ├── threadpool.h │ ├── unordered_containers_boost_serialization.h │ ├── updates.cpp │ ├── updates.h │ ├── util.cpp │ ├── util.h │ └── varint.h │ ├── crypto-ops-data.c │ ├── crypto-ops.c │ ├── crypto-ops.h │ ├── crypto.cpp │ ├── crypto.h │ ├── crypto_ops_builder │ ├── Makefile │ ├── README.md │ ├── api.h │ ├── crypto-ops-data.c │ ├── crypto-ops-old.c │ ├── crypto-ops.h │ ├── crypto_int32.h │ ├── crypto_sign.h │ ├── crypto_uint32.h │ ├── crypto_verify_32.h │ ├── ietf.txt │ ├── include │ │ ├── Makefile.am │ │ ├── libsodium_LICENSE │ │ ├── sodium.h │ │ └── sodium │ │ │ ├── crypto_int32.h │ │ │ ├── crypto_int64.h │ │ │ ├── crypto_uint16.h │ │ │ ├── crypto_uint32.h │ │ │ ├── crypto_uint64.h │ │ │ ├── crypto_uint8.h │ │ │ ├── crypto_verify_32.h │ │ │ └── randombytes.h │ ├── randombytes.c │ ├── ref10 │ │ ├── Makefile │ │ ├── api.h │ │ ├── base.h │ │ ├── base.py │ │ ├── base2.h │ │ ├── base2.py │ │ ├── d.h │ │ ├── d.py │ │ ├── d2.h │ │ ├── d2.py │ │ ├── description │ │ ├── designers │ │ ├── fe.h │ │ ├── fe_0.c │ │ ├── fe_1.c │ │ ├── fe_add.c │ │ ├── fe_cmov.c │ │ ├── fe_copy.c │ │ ├── fe_frombytes.c │ │ ├── fe_invert.c │ │ ├── fe_isnegative.c │ │ ├── fe_isnonzero.c │ │ ├── fe_mul.c │ │ ├── fe_neg.c │ │ ├── fe_pow22523.c │ │ ├── fe_sq.c │ │ ├── fe_sq2.c │ │ ├── fe_sub.c │ │ ├── fe_tobytes.c │ │ ├── ge.h │ │ ├── ge_add.c │ │ ├── ge_add.h │ │ ├── ge_add.q │ │ ├── ge_double_scalarmult.c │ │ ├── ge_frombytes.c │ │ ├── ge_madd.c │ │ ├── ge_madd.h │ │ ├── ge_madd.q │ │ ├── ge_msub.c │ │ ├── ge_msub.h │ │ ├── ge_msub.q │ │ ├── ge_p1p1_to_p2.c │ │ ├── ge_p1p1_to_p3.c │ │ ├── ge_p2_0.c │ │ ├── ge_p2_dbl.c │ │ ├── ge_p2_dbl.h │ │ ├── ge_p2_dbl.q │ │ ├── ge_p3_0.c │ │ ├── ge_p3_dbl.c │ │ ├── ge_p3_to_cached.c │ │ ├── ge_p3_to_p2.c │ │ ├── ge_p3_tobytes.c │ │ ├── ge_precomp_0.c │ │ ├── ge_scalarmult_base.c │ │ ├── ge_sub.c │ │ ├── ge_sub.h │ │ ├── ge_sub.q │ │ ├── ge_tobytes.c │ │ ├── keypair.c │ │ ├── open.c │ │ ├── pow22523.h │ │ ├── pow22523.q │ │ ├── pow225521.h │ │ ├── pow225521.q │ │ ├── q2h.sh │ │ ├── sc.h │ │ ├── sc_muladd.c │ │ ├── sc_reduce.c │ │ ├── sign.c │ │ ├── sqrtm1.h │ │ └── sqrtm1.py │ ├── ref10CommentedCombined │ │ ├── MakeCryptoOps.py │ │ ├── api.h │ │ ├── base.h │ │ ├── base.py │ │ ├── base2.h │ │ ├── base2.py │ │ ├── crypto-ops.h │ │ ├── d.h │ │ ├── d.py │ │ ├── d2.h │ │ ├── d2.py │ │ ├── description │ │ ├── designers │ │ ├── fe.h │ │ ├── fe_0.c │ │ ├── fe_1.c │ │ ├── fe_add.c │ │ ├── fe_cmov.c │ │ ├── fe_copy.c │ │ ├── fe_frombytes.c │ │ ├── fe_invert.c │ │ ├── fe_isnegative.c │ │ ├── fe_isnonzero.c │ │ ├── fe_mul.c │ │ ├── fe_neg.c │ │ ├── fe_pow22523.c │ │ ├── fe_sq.c │ │ ├── fe_sq2.c │ │ ├── fe_sub.c │ │ ├── fe_tobytes.c │ │ ├── ge.h │ │ ├── ge_add.c │ │ ├── ge_add.h │ │ ├── ge_add.q │ │ ├── ge_double_scalarmult.c │ │ ├── ge_frombytes.c │ │ ├── ge_madd.c │ │ ├── ge_madd.h │ │ ├── ge_madd.q │ │ ├── ge_msub.c │ │ ├── ge_msub.h │ │ ├── ge_msub.q │ │ ├── ge_p1p1_to_p2.c │ │ ├── ge_p1p1_to_p3.c │ │ ├── ge_p2_0.c │ │ ├── ge_p2_dbl.c │ │ ├── ge_p2_dbl.h │ │ ├── ge_p2_dbl.q │ │ ├── ge_p3_0.c │ │ ├── ge_p3_dbl.c │ │ ├── ge_p3_to_cached.c │ │ ├── ge_p3_to_p2.c │ │ ├── ge_p3_tobytes.c │ │ ├── ge_precomp_0.c │ │ ├── ge_scalarmult_base.c │ │ ├── ge_sub.c │ │ ├── ge_sub.h │ │ ├── ge_sub.q │ │ ├── ge_tobytes.c │ │ ├── keypair.c │ │ ├── open.c │ │ ├── pow22523.h │ │ ├── pow22523.q │ │ ├── pow225521.h │ │ ├── pow225521.q │ │ ├── q2h.sh │ │ ├── sc.h │ │ ├── sc_muladd.c │ │ ├── sc_reduce.c │ │ ├── sc_sub.xmr.c │ │ ├── scrap.txt │ │ ├── sign.c │ │ ├── sqrtm1.h │ │ ├── sqrtm1.py │ │ ├── test.py │ │ └── xmrSpecificOld.c │ ├── sha512-blocks.c │ ├── sha512-hash.c │ ├── sha512.h │ └── verify.c │ ├── generic-ops.h │ ├── groestl.c │ ├── groestl.h │ ├── groestl_tables.h │ ├── hash-extra-blake.c │ ├── hash-extra-groestl.c │ ├── hash-extra-jh.c │ ├── hash-extra-skein.c │ ├── hash-ops.h │ ├── hash.c │ ├── hash.h │ ├── hex.cpp │ ├── hex.h │ ├── hmac-keccak.c │ ├── hmac-keccak.h │ ├── initializer.h │ ├── jh.c │ ├── jh.h │ ├── keccak.c │ ├── keccak.h │ ├── oaes_config.h │ ├── oaes_lib.c │ ├── oaes_lib.h │ ├── random.c │ ├── random.h │ ├── skein.c │ ├── skein.h │ ├── skein_port.h │ ├── slow-hash.c │ ├── span.h │ ├── tree-hash.c │ ├── variant2_int_sqrt.h │ ├── variant4_random_math.h │ └── warnings.h ├── package-lock.json └── package.json /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Created by https://www.gitignore.io/api/node 3 | 4 | ### Node ### 5 | # Logs 6 | logs 7 | *.log 8 | npm-debug.log* 9 | yarn-debug.log* 10 | yarn-error.log* 11 | 12 | # Runtime data 13 | pids 14 | *.pid 15 | *.seed 16 | *.pid.lock 17 | 18 | # Directory for instrumented libs generated by jscoverage/JSCover 19 | lib-cov 20 | 21 | # Coverage directory used by tools like istanbul 22 | coverage 23 | 24 | # nyc test coverage 25 | .nyc_output 26 | 27 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 28 | .grunt 29 | 30 | # Bower dependency directory (https://bower.io/) 31 | bower_components 32 | 33 | # node-waf configuration 34 | .lock-wscript 35 | 36 | # Compiled binary addons (http://nodejs.org/api/addons.html) 37 | build/ 38 | 39 | # Dependency directories 40 | node_modules/ 41 | jspm_packages/ 42 | 43 | # Typescript v1 declaration files 44 | typings/ 45 | 46 | # Optional npm cache directory 47 | .npm 48 | 49 | # Optional eslint cache 50 | .eslintcache 51 | 52 | # Optional REPL history 53 | .node_repl_history 54 | 55 | # Output of 'npm pack' 56 | *.tgz 57 | 58 | # Yarn Integrity file 59 | .yarn-integrity 60 | 61 | # dotenv environment variables file 62 | .env 63 | 64 | 65 | # End of https://www.gitignore.io/api/node 66 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: node_js 3 | node_js: 4 | - "12" 5 | env: 6 | - CC=gcc-7 CXX=g++-7 7 | addons: 8 | apt: 9 | sources: 10 | - ubuntu-toolchain-r-test 11 | packages: 12 | - gcc-7 13 | - g++-7 14 | - libboost-all-dev 15 | - libsodium-dev 16 | script: "npm run test" 17 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2017 Excitable Aardvark 2 | Copyright 2014-2017 The Monero Project 3 | 4 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 5 | 6 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 7 | 8 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 9 | 10 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 11 | 12 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 13 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # node-cryptonight 2 | > node bindings for cryptonight hashing 3 | 4 | ### Requirements 5 | 6 | node-cryptonight requires [Boost](http://www.boost.org) and [Sodium](http://libsodium.org) 7 | 8 | ##### Ubuntu 9 | 10 | sudo apt-get install libboost-all-dev libsodium-dev 11 | 12 | ##### Mac 13 | 14 | brew install boost 15 | brew install libsodium 16 | 17 | ### Installation 18 | 19 | npm install --save node-cryptonight 20 | 21 | ### Testing 22 | 23 | Code is linted with [standard](https://github.com/standard/standard) and tested with [Jest](https://github.com/facebook/jest). Run `npm test` to lint and run tests. 24 | 25 | ### Usage Examples 26 | 27 | ##### Synchronous Hashing 28 | 29 | ```js 30 | const cryptonight = require('node-cryptonight').hash 31 | const hash = cryptonight(Buffer.from('This is a test')) 32 | console.log(hash) // 33 | ``` 34 | 35 | ##### Synchronous Hashing with variant 1 36 | 37 | ```js 38 | const cryptonight = require('node-cryptonight').hash 39 | const hash = cryptonight(Buffer.from('This is a test'), 1) 40 | console.log(hash) // 41 | ``` 42 | 43 | ##### Synchronous Hashing with variant 4 and height 123 44 | 45 | ```js 46 | const cryptonight = require('node-cryptonight').hash 47 | const hash = cryptonight(Buffer.from('This is a test'), 1, 123) 48 | console.log(hash) // 49 | ``` 50 | 51 | ##### Asynchronous Hashing 52 | 53 | ```js 54 | const cryptonight = require('node-cryptonight').asyncHash 55 | cryptonight(Buffer.from('This is a test'), hash => { 56 | console.log(hash) // 57 | }) 58 | ``` 59 | ##### Asynchronous Hashing with variant 1 60 | 61 | ```js 62 | const cryptonight = require('node-cryptonight').asyncHash 63 | cryptonight(Buffer.from('This is a test'), 1, hash => { 64 | console.log(hash) // 65 | }) 66 | ``` 67 | ##### Asynchronous Hashing with variant 4 and height 123 68 | 69 | ```js 70 | const cryptonight = require('node-cryptonight').asyncHash 71 | cryptonight(Buffer.from('This is a test'), 4, 123, hash => { 72 | console.log(hash) // 73 | }) 74 | ``` 75 | 76 | ##### Promise Wrapper Example 77 | 78 | ```js 79 | function cryptonight(data) { 80 | return new Promise((resolve, reject) => { 81 | require('node-cryptonight').asyncHash(data, hash => { 82 | resolve(hash) 83 | }) 84 | }) 85 | } 86 | 87 | cryptonight(Buffer.from('This is a test')) 88 | .then(console.log) // 89 | ``` 90 | 91 | ### See Also 92 | 93 | * [node-cryptonight-lite](https://github.com/ExcitableAardvark/node-cryptonight-lite) 94 | 95 | ### License 96 | 97 | Released under the 3-Clause BSD License. Contains code from the Monero project. See `LICENSE` for more information. 98 | -------------------------------------------------------------------------------- /binding.gyp: -------------------------------------------------------------------------------- 1 | { 2 | "targets": [ 3 | { 4 | "target_name": "cryptonight", 5 | "include_dirs": [ 6 | " 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | const cryptonight = require('bindings')('cryptonight') 30 | 31 | module.exports = cryptonight 32 | -------------------------------------------------------------------------------- /lib/vendor/CryptonightR_JIT.h: -------------------------------------------------------------------------------- 1 | #ifndef CRYPTONIGHTR_JIT_H 2 | #define CRYPTONIGHTR_JIT_H 3 | 4 | // Minimalistic JIT code generator for random math sequence in CryptonightR 5 | // 6 | // Usage: 7 | // - Allocate writable and executable memory 8 | // - Call v4_generate_JIT_code with "buf" pointed to memory allocated on previous step 9 | // - Call the generated code instead of "v4_random_math(code, r)", omit the "code" parameter 10 | 11 | typedef void (*v4_random_math_JIT_func)(uint32_t* r) 12 | #if defined __i386 || defined __x86_64__ 13 | __attribute__((sysv_abi)) 14 | #endif 15 | ; 16 | 17 | // Given the random math sequence, generates machine code (x86-64) for it 18 | // Returns 0 if code was generated successfully 19 | // Returns -1 if provided buffer was too small 20 | int v4_generate_JIT_code(const struct V4_Instruction* code, v4_random_math_JIT_func buf, const size_t buf_size); 21 | 22 | #endif // CRYPTONIGHTR_JIT_H 23 | -------------------------------------------------------------------------------- /lib/vendor/blake256.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2019, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #ifndef _BLAKE256_H_ 32 | #define _BLAKE256_H_ 33 | 34 | #include 35 | 36 | typedef struct { 37 | uint32_t h[8], s[4], t[2]; 38 | int buflen, nullt; 39 | uint8_t buf[64]; 40 | } state; 41 | 42 | typedef struct { 43 | state inner; 44 | state outer; 45 | } hmac_state; 46 | 47 | void blake256_init(state *); 48 | void blake224_init(state *); 49 | 50 | void blake256_update(state *, const uint8_t *, uint64_t); 51 | void blake224_update(state *, const uint8_t *, uint64_t); 52 | 53 | void blake256_final(state *, uint8_t *); 54 | void blake224_final(state *, uint8_t *); 55 | 56 | void blake256_hash(uint8_t *, const uint8_t *, uint64_t); 57 | void blake224_hash(uint8_t *, const uint8_t *, uint64_t); 58 | 59 | /* HMAC functions: */ 60 | 61 | void hmac_blake256_init(hmac_state *, const uint8_t *, uint64_t); 62 | void hmac_blake224_init(hmac_state *, const uint8_t *, uint64_t); 63 | 64 | void hmac_blake256_update(hmac_state *, const uint8_t *, uint64_t); 65 | void hmac_blake224_update(hmac_state *, const uint8_t *, uint64_t); 66 | 67 | void hmac_blake256_final(hmac_state *, uint8_t *); 68 | void hmac_blake224_final(hmac_state *, uint8_t *); 69 | 70 | void hmac_blake256_hash(uint8_t *, const uint8_t *, uint64_t, const uint8_t *, uint64_t); 71 | void hmac_blake224_hash(uint8_t *, const uint8_t *, uint64_t, const uint8_t *, uint64_t); 72 | 73 | #endif /* _BLAKE256_H_ */ 74 | -------------------------------------------------------------------------------- /lib/vendor/common/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014-2018, The Monero Project 2 | # 3 | # All rights reserved. 4 | # 5 | # Redistribution and use in source and binary forms, with or without modification, are 6 | # permitted provided that the following conditions are met: 7 | # 8 | # 1. Redistributions of source code must retain the above copyright notice, this list of 9 | # conditions and the following disclaimer. 10 | # 11 | # 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | # of conditions and the following disclaimer in the documentation and/or other 13 | # materials provided with the distribution. 14 | # 15 | # 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | # used to endorse or promote products derived from this software without specific 17 | # prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | # THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | include_directories(SYSTEM ${OPENSSL_INCLUDE_DIR}) 30 | 31 | set(common_sources 32 | base58.cpp 33 | command_line.cpp 34 | dns_utils.cpp 35 | download.cpp 36 | util.cpp 37 | i18n.cpp 38 | password.cpp 39 | perf_timer.cpp 40 | threadpool.cpp 41 | updates.cpp) 42 | 43 | if (STACK_TRACE) 44 | list(APPEND common_sources stack_trace.cpp) 45 | endif() 46 | 47 | set(common_headers) 48 | 49 | set(common_private_headers 50 | apply_permutation.h 51 | base58.h 52 | boost_serialization_helper.h 53 | command_line.h 54 | common_fwd.h 55 | dns_utils.h 56 | download.h 57 | http_connection.h 58 | int-util.h 59 | pod-class.h 60 | rpc_client.h 61 | scoped_message_writer.h 62 | unordered_containers_boost_serialization.h 63 | util.h 64 | varint.h 65 | i18n.h 66 | password.h 67 | perf_timer.h 68 | stack_trace.h 69 | threadpool.h 70 | updates.h) 71 | 72 | monero_private_headers(common 73 | ${common_private_headers}) 74 | monero_add_library(common 75 | ${common_sources} 76 | ${common_headers} 77 | ${common_private_headers} 78 | DEPENDS generate_translations_header) 79 | target_link_libraries(common 80 | PUBLIC 81 | epee 82 | cncrypto 83 | ${UNBOUND_LIBRARY} 84 | ${LIBUNWIND_LIBRARIES} 85 | ${Boost_DATE_TIME_LIBRARY} 86 | ${Boost_FILESYSTEM_LIBRARY} 87 | ${Boost_SYSTEM_LIBRARY} 88 | ${Boost_THREAD_LIBRARY} 89 | ${Boost_REGEX_LIBRARY} 90 | PRIVATE 91 | ${OPENSSL_LIBRARIES} 92 | ${EXTRA_LIBRARIES}) 93 | 94 | #monero_install_headers(common 95 | # ${common_headers}) 96 | -------------------------------------------------------------------------------- /lib/vendor/common/apply_permutation.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2017-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Most of this file is originally copyright (c) 2017 Raymond Chen, Microsoft 30 | // This algorithm is adapted from Raymond Chen's code: 31 | // https://blogs.msdn.microsoft.com/oldnewthing/20170109-00/?p=95145 32 | 33 | #pragma once 34 | 35 | #include 36 | #include 37 | #include "misc_log_ex.h" 38 | 39 | namespace tools 40 | { 41 | 42 | template 43 | void apply_permutation(std::vector permutation, const F &swap) 44 | { 45 | //sanity check 46 | for (size_t n = 0; n < permutation.size(); ++n) 47 | CHECK_AND_ASSERT_THROW_MES(std::find(permutation.begin(), permutation.end(), n) != permutation.end(), "Bad permutation"); 48 | 49 | for (size_t i = 0; i < permutation.size(); ++i) 50 | { 51 | size_t current = i; 52 | while (i != permutation[current]) 53 | { 54 | size_t next = permutation[current]; 55 | swap(current, next); 56 | permutation[current] = current; 57 | current = next; 58 | } 59 | permutation[current] = current; 60 | } 61 | } 62 | 63 | template 64 | void apply_permutation(const std::vector &permutation, std::vector &v) 65 | { 66 | CHECK_AND_ASSERT_THROW_MES(permutation.size() == v.size(), "Mismatched vector sizes"); 67 | apply_permutation(permutation, [&v](size_t i0, size_t i1){ std::swap(v[i0], v[i1]); }); 68 | } 69 | 70 | } 71 | -------------------------------------------------------------------------------- /lib/vendor/common/base58.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #pragma once 32 | 33 | #include 34 | #include 35 | 36 | namespace tools 37 | { 38 | namespace base58 39 | { 40 | std::string encode(const std::string& data); 41 | bool decode(const std::string& enc, std::string& data); 42 | 43 | std::string encode_addr(uint64_t tag, const std::string& data); 44 | bool decode_addr(std::string addr, uint64_t& tag, std::string& data); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /lib/vendor/common/command_line.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #include "command_line.h" 32 | #include 33 | #include 34 | #include 35 | #include "common/i18n.h" 36 | #include "cryptonote_config.h" 37 | #include "string_tools.h" 38 | 39 | namespace command_line 40 | { 41 | namespace 42 | { 43 | const char* tr(const char* str) 44 | { 45 | return i18n_translate(str, "command_line"); 46 | } 47 | } 48 | 49 | bool is_yes(const std::string& str) 50 | { 51 | if (str == "y" || str == "Y") 52 | return true; 53 | 54 | boost::algorithm::is_iequal ignore_case{}; 55 | if (boost::algorithm::equals("yes", str, ignore_case)) 56 | return true; 57 | if (boost::algorithm::equals(command_line::tr("yes"), str, ignore_case)) 58 | return true; 59 | 60 | return false; 61 | } 62 | 63 | bool is_no(const std::string& str) 64 | { 65 | if (str == "n" || str == "N") 66 | return true; 67 | 68 | boost::algorithm::is_iequal ignore_case{}; 69 | if (boost::algorithm::equals("no", str, ignore_case)) 70 | return true; 71 | if (boost::algorithm::equals(command_line::tr("no"), str, ignore_case)) 72 | return true; 73 | 74 | return false; 75 | } 76 | 77 | const arg_descriptor arg_help = {"help", "Produce help message"}; 78 | const arg_descriptor arg_version = {"version", "Output version information"}; 79 | } 80 | -------------------------------------------------------------------------------- /lib/vendor/common/common_fwd.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #pragma once 32 | 33 | namespace tools 34 | { 35 | class DNSResolver; 36 | struct login; 37 | class password_container; 38 | class t_http_connection; 39 | class threadpool; 40 | } 41 | -------------------------------------------------------------------------------- /lib/vendor/common/download.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2017-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | #pragma once 30 | 31 | #include 32 | 33 | namespace tools 34 | { 35 | struct download_thread_control; 36 | typedef std::shared_ptr download_async_handle; 37 | 38 | bool download(const std::string &path, const std::string &url, std::function progress = NULL); 39 | download_async_handle download_async(const std::string &path, const std::string &url, std::function result, std::function progress = NULL); 40 | bool download_error(const download_async_handle &h); 41 | bool download_finished(const download_async_handle &h); 42 | bool download_wait(const download_async_handle &h); 43 | bool download_cancel(const download_async_handle &h); 44 | } 45 | -------------------------------------------------------------------------------- /lib/vendor/common/http_connection.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | #pragma once 30 | 31 | #include 32 | #include "string_tools.h" 33 | #include "net/http_client.h" 34 | 35 | namespace tools { 36 | 37 | class t_http_connection { 38 | private: 39 | epee::net_utils::http::http_simple_client * mp_http_client; 40 | bool m_ok; 41 | public: 42 | static constexpr std::chrono::seconds TIMEOUT() 43 | { 44 | return std::chrono::minutes(3) + std::chrono::seconds(30); 45 | } 46 | 47 | t_http_connection(epee::net_utils::http::http_simple_client* p_http_client) 48 | : mp_http_client(p_http_client) 49 | , m_ok(false) 50 | { 51 | m_ok = mp_http_client->connect(TIMEOUT()); 52 | } 53 | 54 | ~t_http_connection() 55 | { 56 | if (m_ok) 57 | { 58 | mp_http_client->disconnect(); 59 | } 60 | } 61 | 62 | bool is_open() const 63 | { 64 | return m_ok; 65 | } 66 | }; // class t_http_connection 67 | 68 | } // namespace tools 69 | -------------------------------------------------------------------------------- /lib/vendor/common/i18n.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | #pragma once 30 | 31 | #define QT_TRANSLATE_NOOP(context,str) i18n_translate(str,context) 32 | 33 | std::string i18n_get_language(); 34 | int i18n_set_language(const char *directory, const char *base, std::string language = std::string()); 35 | const char *i18n_translate(const char *str, const std::string &context); 36 | static inline std::string get_default_i18n_context() { return std::string(); } 37 | static inline const char *tr(const char *str) { return i18n_translate(str,get_default_i18n_context()); } 38 | -------------------------------------------------------------------------------- /lib/vendor/common/json_util.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | #pragma once 30 | 31 | #define GET_FIELD_FROM_JSON_RETURN_ON_ERROR(json, name, type, jtype, mandatory, def) \ 32 | type field_##name = def; \ 33 | bool field_##name##_found = false; \ 34 | (void)field_##name##_found; \ 35 | do if (json.HasMember(#name)) \ 36 | { \ 37 | if (json[#name].Is##jtype()) \ 38 | { \ 39 | field_##name = json[#name].Get##jtype(); \ 40 | field_##name##_found = true; \ 41 | } \ 42 | else \ 43 | { \ 44 | LOG_ERROR("Field " << #name << " found in JSON, but not " << #jtype); \ 45 | return false; \ 46 | } \ 47 | } \ 48 | else if (mandatory) \ 49 | { \ 50 | LOG_ERROR("Field " << #name << " not found in JSON"); \ 51 | return false; \ 52 | } while(0) 53 | 54 | -------------------------------------------------------------------------------- /lib/vendor/common/pod-class.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #pragma once 32 | 33 | // FIXME: Why is this ifdef needed? Hopefully making it struct won't break things. 34 | 35 | /* 36 | #if defined(_MSC_VER) 37 | #define POD_CLASS struct 38 | #else 39 | #define POD_CLASS class 40 | #endif 41 | */ 42 | 43 | #define POD_CLASS struct 44 | -------------------------------------------------------------------------------- /lib/vendor/common/stack_trace.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | #ifndef MONERO_EXCEPTION_H 30 | #define MONERO_EXCEPTION_H 31 | 32 | #include 33 | 34 | namespace tools 35 | { 36 | 37 | void set_stack_trace_log(const std::string &log); 38 | void log_stack_trace(const char *msg); 39 | 40 | } // namespace tools 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /lib/vendor/common/threadpool.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2017-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | #pragma once 29 | 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | 39 | namespace tools 40 | { 41 | //! A global thread pool 42 | class threadpool 43 | { 44 | public: 45 | static threadpool& getInstance() { 46 | static threadpool instance; 47 | return instance; 48 | } 49 | 50 | // The waiter lets the caller know when all of its 51 | // tasks are completed. 52 | class waiter { 53 | boost::mutex mt; 54 | boost::condition_variable cv; 55 | int num; 56 | public: 57 | void inc(); 58 | void dec(); 59 | void wait(); //! Wait for a set of tasks to finish. 60 | waiter() : num(0){} 61 | ~waiter(); 62 | }; 63 | 64 | // Submit a task to the pool. The waiter pointer may be 65 | // NULL if the caller doesn't care to wait for the 66 | // task to finish. 67 | void submit(waiter *waiter, std::function f); 68 | 69 | int get_max_concurrency(); 70 | 71 | private: 72 | threadpool(); 73 | ~threadpool(); 74 | typedef struct entry { 75 | waiter *wo; 76 | std::function f; 77 | } entry; 78 | std::deque queue; 79 | boost::condition_variable has_work; 80 | boost::mutex mutex; 81 | std::vector threads; 82 | int active; 83 | int max; 84 | bool running; 85 | void run(); 86 | }; 87 | 88 | } 89 | -------------------------------------------------------------------------------- /lib/vendor/common/updates.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2017-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | #pragma once 30 | 31 | #include 32 | 33 | namespace tools 34 | { 35 | bool check_updates(const std::string &software, const std::string &buildtag, std::string &version, std::string &hash); 36 | std::string get_update_url(const std::string &software, const std::string &subdir, const std::string &buildtag, const std::string &version, bool user); 37 | } 38 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/Makefile: -------------------------------------------------------------------------------- 1 | 2 | CC=gcc 3 | CFLAGS=-O2 -Wall 4 | 5 | OBJS= fe25519.o ge25519.o sc25519.o sha512-blocks.o sha512-hash.o ed25519.o randombytes.o verify.o 6 | test: test.o $(OBJS) 7 | gcc -o $@ $^ 8 | 9 | clean: 10 | rm -f *.o test 11 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/README.md: -------------------------------------------------------------------------------- 1 | # Monero 2 | 3 | Copyright (c) 2014-2018, The Monero Project 4 | 5 | ## Crypto Ops Builder 6 | 7 | In order to ensure the safest implementation of the cryptography in use by Monero we have opted to use the SUPERCOP ref10 implementations wherever possible. The main reason is that SUPERCOP ref10 is old, well tested, and primarily the work of Daniel J. Bernstein and Tanja Lange (among others, see ```designers``` in the ref10 folder). This is particularly relevant, as the team that designed Curve25519 and EdDSA, both of which are at Monero's core, is the same team that created the SUPERCOP implementation. 8 | 9 | SUPERCOP ref10 is a fairly secure implementation that focuses on things like constant-time algorithms, to reduce side-channel attacks, sometimes at the cost of performance. However, we consider this a fair trade-off, especially considering that Monero is not that performance sensitive at this stage. In future we may consider faster implementations that still have a measure of safety against side-channel attacks. 10 | 11 | ## Additional Cryptography 12 | 13 | Unfortunately SUPERCOP ref10 does not contain every function Monero's ```crypto-ops``` class needs. Thus there are several new files in the ```ref10CommentedCombined``` folder which allow for the class to be built during compilation. The original ref10 is included in the source tree in order to allow for a comparison to be made between the two, and also to allow for a quick comparison to be made between our in-source copy of SUPERCOP ref10 and an independently downloaded copy. 14 | 15 | ## Usage 16 | 17 | The operation to produce the ```crypto-ops.c``` is automatic and part of the build process. If, however, you want to manually run the build process to verify the output, you can use ```MakeCryptoOps.py```. 18 | 19 | ## Attribution 20 | 21 | The majority of the work we are using is from SUPERCOP, and copyrights and attribution fall to those developers and cryptographers. Beyond that we also include some of the original CryptoNote reference code. The entire build process, and all of the work analysing the functions and figuring out what comes from where, has been done by the Monero Research Lab. Shen Noether, in particular, deserves the bulk of the attribution for that. 22 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/crypto_int32.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_int32_h 2 | #define crypto_int32_h 3 | 4 | typedef int crypto_int32; 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/crypto_sign.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_sign_edwards25519sha512batch_H 2 | #define crypto_sign_edwards25519sha512batch_H 3 | 4 | #define SECRETKEYBYTES 64 5 | #define PUBLICKEYBYTES 32 6 | #define SIGNATUREBYTES 64 7 | 8 | extern int crypto_sign(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); 9 | extern int crypto_sign_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); 10 | extern int crypto_sign_keypair(unsigned char *,unsigned char *); 11 | extern int crypto_sign_publickey(unsigned char *pk, unsigned char *sk, unsigned char *seed); 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/crypto_uint32.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_uint32_h 2 | #define crypto_uint32_h 3 | 4 | typedef unsigned int crypto_uint32; 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/crypto_verify_32.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_verify_32_H 2 | #define crypto_verify_32_H 3 | 4 | #define crypto_verify_32_ref_BYTES 32 5 | extern int crypto_verify_32(const unsigned char *,const unsigned char *); 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | SODIUM_EXPORT = \ 3 | sodium.h \ 4 | sodium/core.h \ 5 | sodium/crypto_aead_chacha20poly1305.h \ 6 | sodium/crypto_auth.h \ 7 | sodium/crypto_auth_hmacsha256.h \ 8 | sodium/crypto_auth_hmacsha512.h \ 9 | sodium/crypto_auth_hmacsha512256.h \ 10 | sodium/crypto_box.h \ 11 | sodium/crypto_box_curve25519xsalsa20poly1305.h \ 12 | sodium/crypto_core_hsalsa20.h \ 13 | sodium/crypto_core_salsa20.h \ 14 | sodium/crypto_core_salsa2012.h \ 15 | sodium/crypto_core_salsa208.h \ 16 | sodium/crypto_generichash.h \ 17 | sodium/crypto_generichash_blake2b.h \ 18 | sodium/crypto_hash.h \ 19 | sodium/crypto_hash_sha256.h \ 20 | sodium/crypto_hash_sha512.h \ 21 | sodium/crypto_onetimeauth.h \ 22 | sodium/crypto_onetimeauth_poly1305.h \ 23 | sodium/crypto_pwhash_scryptsalsa208sha256.h \ 24 | sodium/crypto_scalarmult.h \ 25 | sodium/crypto_scalarmult_curve25519.h \ 26 | sodium/crypto_secretbox.h \ 27 | sodium/crypto_secretbox_xsalsa20poly1305.h \ 28 | sodium/crypto_shorthash.h \ 29 | sodium/crypto_shorthash_siphash24.h \ 30 | sodium/crypto_sign.h \ 31 | sodium/crypto_sign_ed25519.h \ 32 | sodium/crypto_sign_edwards25519sha512batch.h \ 33 | sodium/crypto_stream.h \ 34 | sodium/crypto_stream_aes128ctr.h \ 35 | sodium/crypto_stream_chacha20.h \ 36 | sodium/crypto_stream_salsa20.h \ 37 | sodium/crypto_stream_salsa2012.h \ 38 | sodium/crypto_stream_salsa208.h \ 39 | sodium/crypto_stream_xsalsa20.h \ 40 | sodium/crypto_int32.h \ 41 | sodium/crypto_int64.h \ 42 | sodium/crypto_uint16.h \ 43 | sodium/crypto_uint32.h \ 44 | sodium/crypto_uint64.h \ 45 | sodium/crypto_uint8.h \ 46 | sodium/crypto_verify_16.h \ 47 | sodium/crypto_verify_32.h \ 48 | sodium/crypto_verify_64.h \ 49 | sodium/export.h \ 50 | sodium/randombytes.h \ 51 | sodium/randombytes_salsa20_random.h \ 52 | sodium/randombytes_sysrandom.h \ 53 | sodium/runtime.h \ 54 | sodium/utils.h 55 | 56 | EXTRA_SRC = $(SODIUM_EXPORT) \ 57 | sodium/version.h.in 58 | 59 | nobase_include_HEADERS = $(SODIUM_EXPORT) 60 | 61 | nobase_nodist_include_HEADERS = \ 62 | sodium/version.h 63 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/libsodium_LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2013-2015 3 | * Frank Denis 4 | * 5 | * Permission to use, copy, modify, and/or distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/sodium.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef sodium_H 3 | #define sodium_H 4 | 5 | #include "sodium/core.h" 6 | #include "sodium/crypto_aead_chacha20poly1305.h" 7 | #include "sodium/crypto_auth.h" 8 | #include "sodium/crypto_auth_hmacsha256.h" 9 | #include "sodium/crypto_auth_hmacsha512.h" 10 | #include "sodium/crypto_auth_hmacsha512256.h" 11 | #include "sodium/crypto_box.h" 12 | #include "sodium/crypto_box_curve25519xsalsa20poly1305.h" 13 | #include "sodium/crypto_core_hsalsa20.h" 14 | #include "sodium/crypto_core_salsa20.h" 15 | #include "sodium/crypto_core_salsa2012.h" 16 | #include "sodium/crypto_core_salsa208.h" 17 | #include "sodium/crypto_generichash.h" 18 | #include "sodium/crypto_generichash_blake2b.h" 19 | #include "sodium/crypto_hash.h" 20 | #include "sodium/crypto_hash_sha256.h" 21 | #include "sodium/crypto_hash_sha512.h" 22 | #include "sodium/crypto_onetimeauth.h" 23 | #include "sodium/crypto_onetimeauth_poly1305.h" 24 | #include "sodium/crypto_pwhash_scryptsalsa208sha256.h" 25 | #include "sodium/crypto_scalarmult.h" 26 | #include "sodium/crypto_scalarmult_curve25519.h" 27 | #include "sodium/crypto_secretbox.h" 28 | #include "sodium/crypto_secretbox_xsalsa20poly1305.h" 29 | #include "sodium/crypto_shorthash.h" 30 | #include "sodium/crypto_shorthash_siphash24.h" 31 | #include "sodium/crypto_sign.h" 32 | #include "sodium/crypto_sign_ed25519.h" 33 | #include "sodium/crypto_stream.h" 34 | #include "sodium/crypto_stream_aes128ctr.h" 35 | #include "sodium/crypto_stream_chacha20.h" 36 | #include "sodium/crypto_stream_salsa20.h" 37 | #include "sodium/crypto_stream_salsa2012.h" 38 | #include "sodium/crypto_stream_salsa208.h" 39 | #include "sodium/crypto_stream_xsalsa20.h" 40 | #include "sodium/crypto_verify_16.h" 41 | #include "sodium/crypto_verify_32.h" 42 | #include "sodium/crypto_verify_64.h" 43 | #include "sodium/randombytes.h" 44 | #include "sodium/randombytes_salsa20_random.h" 45 | #include "sodium/randombytes_sysrandom.h" 46 | #include "sodium/runtime.h" 47 | #include "sodium/utils.h" 48 | #include "sodium/version.h" 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/sodium/crypto_int32.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_int32_H 2 | #define crypto_int32_H 3 | 4 | #include 5 | 6 | typedef int32_t crypto_int32; 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/sodium/crypto_int64.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_int64_H 2 | #define crypto_int64_H 3 | 4 | #include 5 | 6 | typedef int64_t crypto_int64; 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/sodium/crypto_uint16.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_uint16_H 2 | #define crypto_uint16_H 3 | 4 | #include 5 | 6 | typedef uint16_t crypto_uint16; 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/sodium/crypto_uint32.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_uint32_H 2 | #define crypto_uint32_H 3 | 4 | #include 5 | 6 | typedef uint32_t crypto_uint32; 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/sodium/crypto_uint64.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_uint64_H 2 | #define crypto_uint64_H 3 | 4 | #include 5 | 6 | typedef uint64_t crypto_uint64; 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/sodium/crypto_uint8.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_uint8_H 2 | #define crypto_uint8_H 3 | 4 | #include 5 | 6 | typedef uint8_t crypto_uint8; 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/sodium/crypto_verify_32.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_verify_32_H 2 | #define crypto_verify_32_H 3 | 4 | #include 5 | #include "export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define crypto_verify_32_BYTES 32U 12 | SODIUM_EXPORT 13 | size_t crypto_verify_32_bytes(void); 14 | 15 | SODIUM_EXPORT 16 | int crypto_verify_32(const unsigned char *x, const unsigned char *y); 17 | 18 | #ifdef __cplusplus 19 | } 20 | #endif 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/include/sodium/randombytes.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef randombytes_H 3 | #define randombytes_H 4 | 5 | #include 6 | 7 | #include 8 | #include 9 | 10 | #include "export.h" 11 | 12 | #ifdef __cplusplus 13 | # if __GNUC__ 14 | # pragma GCC diagnostic ignored "-Wlong-long" 15 | # endif 16 | extern "C" { 17 | #endif 18 | 19 | typedef struct randombytes_implementation { 20 | const char *(*implementation_name)(void); /* required */ 21 | uint32_t (*random)(void); /* required */ 22 | void (*stir)(void); /* optional */ 23 | uint32_t (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */ 24 | void (*buf)(void * const buf, const size_t size); /* required */ 25 | int (*close)(void); /* optional */ 26 | } randombytes_implementation; 27 | 28 | SODIUM_EXPORT 29 | void randombytes_buf(void * const buf, const size_t size); 30 | 31 | SODIUM_EXPORT 32 | uint32_t randombytes_random(void); 33 | 34 | SODIUM_EXPORT 35 | uint32_t randombytes_uniform(const uint32_t upper_bound); 36 | 37 | SODIUM_EXPORT 38 | void randombytes_stir(void); 39 | 40 | SODIUM_EXPORT 41 | int randombytes_close(void); 42 | 43 | SODIUM_EXPORT 44 | int randombytes_set_implementation(randombytes_implementation *impl); 45 | 46 | SODIUM_EXPORT 47 | const char *randombytes_implementation_name(void); 48 | 49 | /* -- NaCl compatibility interface -- */ 50 | 51 | SODIUM_EXPORT 52 | void randombytes(unsigned char * const buf, const unsigned long long buf_len); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/randombytes.c: -------------------------------------------------------------------------------- 1 | #ifndef _WIN32 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | /* it's really stupid that there isn't a syscall for this */ 8 | 9 | static int ed25519_random_fd = -1; 10 | 11 | static inline void ed25519_randombytes(unsigned char *x,unsigned long long xlen) 12 | { 13 | int i; 14 | 15 | if (ed25519_random_fd == -1) { 16 | for (;;) { 17 | ed25519_random_fd = open("/dev/urandom",O_RDONLY); 18 | if (ed25519_random_fd != -1) break; 19 | sleep(1); 20 | } 21 | } 22 | 23 | while (xlen > 0) { 24 | if (xlen < 1048576) i = xlen; else i = 1048576; 25 | 26 | i = read(ed25519_random_fd,x,i); 27 | if (i < 1) { 28 | sleep(1); 29 | continue; 30 | } 31 | 32 | x += i; 33 | xlen -= i; 34 | } 35 | } 36 | 37 | #else 38 | #include 39 | #include 40 | 41 | static inline void ed25519_randombytes(unsigned char *x,unsigned long long xlen) 42 | { 43 | HCRYPTPROV prov = 0; 44 | 45 | CryptAcquireContextW(&prov, NULL, NULL, 46 | PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT); 47 | 48 | CryptGenRandom(prov, xlen, x); 49 | CryptReleaseContext(prov, 0); 50 | } 51 | 52 | #endif /* _WIN32 */ 53 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/Makefile: -------------------------------------------------------------------------------- 1 | all: d.h d2.h sqrtm1.h base.h base2.h \ 2 | ge_add.h ge_sub.h \ 3 | ge_madd.h ge_msub.h \ 4 | ge_p2_dbl.h \ 5 | pow225521.h pow22523.h 6 | 7 | d.h: d.py 8 | python d.py > d.h 9 | 10 | d2.h: d2.py 11 | python d2.py > d2.h 12 | 13 | sqrtm1.h: sqrtm1.py 14 | python sqrtm1.py > sqrtm1.h 15 | 16 | base.h: base.py 17 | python base.py > base.h 18 | 19 | base2.h: base2.py 20 | python base2.py > base2.h 21 | 22 | ge_add.h: ge_add.q q2h.sh 23 | ./q2h.sh < ge_add.q > ge_add.h 24 | 25 | ge_sub.h: ge_sub.q q2h.sh 26 | ./q2h.sh < ge_sub.q > ge_sub.h 27 | 28 | ge_madd.h: ge_madd.q q2h.sh 29 | ./q2h.sh < ge_madd.q > ge_madd.h 30 | 31 | ge_msub.h: ge_msub.q q2h.sh 32 | ./q2h.sh < ge_msub.q > ge_msub.h 33 | 34 | ge_p2_dbl.h: ge_p2_dbl.q q2h.sh 35 | ./q2h.sh < ge_p2_dbl.q > ge_p2_dbl.h 36 | 37 | pow22523.h: pow22523.q q2h.sh 38 | ./q2h.sh < pow22523.q > pow22523.h 39 | 40 | pow225521.h: pow225521.q q2h.sh 41 | ./q2h.sh < pow225521.q > pow225521.h 42 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_SECRETKEYBYTES 64 2 | #define CRYPTO_PUBLICKEYBYTES 32 3 | #define CRYPTO_BYTES 64 4 | #define CRYPTO_DETERMINISTIC 1 5 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/base.py: -------------------------------------------------------------------------------- 1 | b = 256 2 | q = 2**255 - 19 3 | l = 2**252 + 27742317777372353535851937790883648493 4 | 5 | def expmod(b,e,m): 6 | if e == 0: return 1 7 | t = expmod(b,e/2,m)**2 % m 8 | if e & 1: t = (t*b) % m 9 | return t 10 | 11 | def inv(x): 12 | return expmod(x,q-2,q) 13 | 14 | d = -121665 * inv(121666) 15 | I = expmod(2,(q-1)/4,q) 16 | 17 | def xrecover(y): 18 | xx = (y*y-1) * inv(d*y*y+1) 19 | x = expmod(xx,(q+3)/8,q) 20 | if (x*x - xx) % q != 0: x = (x*I) % q 21 | if x % 2 != 0: x = q-x 22 | return x 23 | 24 | By = 4 * inv(5) 25 | Bx = xrecover(By) 26 | B = [Bx % q,By % q] 27 | 28 | def edwards(P,Q): 29 | x1 = P[0] 30 | y1 = P[1] 31 | x2 = Q[0] 32 | y2 = Q[1] 33 | x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2) 34 | y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2) 35 | return [x3 % q,y3 % q] 36 | 37 | def radix255(x): 38 | x = x % q 39 | if x + x > q: x -= q 40 | x = [x,0,0,0,0,0,0,0,0,0] 41 | bits = [26,25,26,25,26,25,26,25,26,25] 42 | for i in range(9): 43 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 44 | x[i] -= carry * 2**bits[i] 45 | x[i + 1] += carry 46 | result = "" 47 | for i in range(9): 48 | result = result+str(x[i])+"," 49 | result = result+str(x[9]) 50 | return result 51 | 52 | Bi = B 53 | for i in range(32): 54 | print "{" 55 | Bij = Bi 56 | for j in range(8): 57 | print " {" 58 | print " {",radix255(Bij[1]+Bij[0]),"}," 59 | print " {",radix255(Bij[1]-Bij[0]),"}," 60 | print " {",radix255(2*d*Bij[0]*Bij[1]),"}," 61 | Bij = edwards(Bij,Bi) 62 | print " }," 63 | print "}," 64 | for k in range(8): 65 | Bi = edwards(Bi,Bi) 66 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/base2.h: -------------------------------------------------------------------------------- 1 | { 2 | { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 }, 3 | { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 }, 4 | { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 }, 5 | }, 6 | { 7 | { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 }, 8 | { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 }, 9 | { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 }, 10 | }, 11 | { 12 | { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 }, 13 | { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 }, 14 | { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 }, 15 | }, 16 | { 17 | { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 }, 18 | { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 }, 19 | { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 }, 20 | }, 21 | { 22 | { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 }, 23 | { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 }, 24 | { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 }, 25 | }, 26 | { 27 | { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 }, 28 | { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 }, 29 | { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 }, 30 | }, 31 | { 32 | { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 }, 33 | { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 }, 34 | { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 }, 35 | }, 36 | { 37 | { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 }, 38 | { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 }, 39 | { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 }, 40 | }, 41 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/base2.py: -------------------------------------------------------------------------------- 1 | b = 256 2 | q = 2**255 - 19 3 | l = 2**252 + 27742317777372353535851937790883648493 4 | 5 | def expmod(b,e,m): 6 | if e == 0: return 1 7 | t = expmod(b,e/2,m)**2 % m 8 | if e & 1: t = (t*b) % m 9 | return t 10 | 11 | def inv(x): 12 | return expmod(x,q-2,q) 13 | 14 | d = -121665 * inv(121666) 15 | I = expmod(2,(q-1)/4,q) 16 | 17 | def xrecover(y): 18 | xx = (y*y-1) * inv(d*y*y+1) 19 | x = expmod(xx,(q+3)/8,q) 20 | if (x*x - xx) % q != 0: x = (x*I) % q 21 | if x % 2 != 0: x = q-x 22 | return x 23 | 24 | By = 4 * inv(5) 25 | Bx = xrecover(By) 26 | B = [Bx % q,By % q] 27 | 28 | def edwards(P,Q): 29 | x1 = P[0] 30 | y1 = P[1] 31 | x2 = Q[0] 32 | y2 = Q[1] 33 | x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2) 34 | y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2) 35 | return [x3 % q,y3 % q] 36 | 37 | def radix255(x): 38 | x = x % q 39 | if x + x > q: x -= q 40 | x = [x,0,0,0,0,0,0,0,0,0] 41 | bits = [26,25,26,25,26,25,26,25,26,25] 42 | for i in range(9): 43 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 44 | x[i] -= carry * 2**bits[i] 45 | x[i + 1] += carry 46 | result = "" 47 | for i in range(9): 48 | result = result+str(x[i])+"," 49 | result = result+str(x[9]) 50 | return result 51 | 52 | Bi = B 53 | 54 | for i in range(8): 55 | print " {" 56 | print " {",radix255(Bi[1]+Bi[0]),"}," 57 | print " {",radix255(Bi[1]-Bi[0]),"}," 58 | print " {",radix255(2*d*Bi[0]*Bi[1]),"}," 59 | print " }," 60 | Bi = edwards(B,edwards(B,Bi)) 61 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/d.h: -------------------------------------------------------------------------------- 1 | -10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116 2 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/d.py: -------------------------------------------------------------------------------- 1 | q = 2**255 - 19 2 | 3 | def expmod(b,e,m): 4 | if e == 0: return 1 5 | t = expmod(b,e/2,m)**2 % m 6 | if e & 1: t = (t*b) % m 7 | return t 8 | 9 | def inv(x): 10 | return expmod(x,q-2,q) 11 | 12 | def radix255(x): 13 | x = x % q 14 | if x + x > q: x -= q 15 | x = [x,0,0,0,0,0,0,0,0,0] 16 | bits = [26,25,26,25,26,25,26,25,26,25] 17 | for i in range(9): 18 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 19 | x[i] -= carry * 2**bits[i] 20 | x[i + 1] += carry 21 | result = "" 22 | for i in range(9): 23 | result = result+str(x[i])+"," 24 | result = result+str(x[9]) 25 | return result 26 | 27 | d = -121665 * inv(121666) 28 | print radix255(d) 29 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/d2.h: -------------------------------------------------------------------------------- 1 | -21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199 2 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/d2.py: -------------------------------------------------------------------------------- 1 | q = 2**255 - 19 2 | 3 | def expmod(b,e,m): 4 | if e == 0: return 1 5 | t = expmod(b,e/2,m)**2 % m 6 | if e & 1: t = (t*b) % m 7 | return t 8 | 9 | def inv(x): 10 | return expmod(x,q-2,q) 11 | 12 | def radix255(x): 13 | x = x % q 14 | if x + x > q: x -= q 15 | x = [x,0,0,0,0,0,0,0,0,0] 16 | bits = [26,25,26,25,26,25,26,25,26,25] 17 | for i in range(9): 18 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 19 | x[i] -= carry * 2**bits[i] 20 | x[i + 1] += carry 21 | result = "" 22 | for i in range(9): 23 | result = result+str(x[i])+"," 24 | result = result+str(x[9]) 25 | return result 26 | 27 | d = -121665 * inv(121666) 28 | print radix255(d*2) 29 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/description: -------------------------------------------------------------------------------- 1 | EdDSA signatures using Curve25519 2 | from http://hyperelliptic.org/ebats/supercop-20141124.tar.bz2 3 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/designers: -------------------------------------------------------------------------------- 1 | Daniel J. Bernstein 2 | Niels Duif 3 | Tanja Lange 4 | Peter Schwabe 5 | Bo-Yin Yang 6 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe.h: -------------------------------------------------------------------------------- 1 | #ifndef FE_H 2 | #define FE_H 3 | 4 | #include "crypto_int32.h" 5 | 6 | typedef crypto_int32 fe[10]; 7 | 8 | /* 9 | fe means field element. 10 | Here the field is \Z/(2^255-19). 11 | An element t, entries t[0]...t[9], represents the integer 12 | t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. 13 | Bounds on each t[i] vary depending on context. 14 | */ 15 | 16 | #define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes 17 | #define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes 18 | #define fe_copy crypto_sign_ed25519_ref10_fe_copy 19 | #define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero 20 | #define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative 21 | #define fe_0 crypto_sign_ed25519_ref10_fe_0 22 | #define fe_1 crypto_sign_ed25519_ref10_fe_1 23 | #define fe_cswap crypto_sign_ed25519_ref10_fe_cswap 24 | #define fe_cmov crypto_sign_ed25519_ref10_fe_cmov 25 | #define fe_add crypto_sign_ed25519_ref10_fe_add 26 | #define fe_sub crypto_sign_ed25519_ref10_fe_sub 27 | #define fe_neg crypto_sign_ed25519_ref10_fe_neg 28 | #define fe_mul crypto_sign_ed25519_ref10_fe_mul 29 | #define fe_sq crypto_sign_ed25519_ref10_fe_sq 30 | #define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2 31 | #define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666 32 | #define fe_invert crypto_sign_ed25519_ref10_fe_invert 33 | #define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523 34 | 35 | extern void fe_frombytes(fe,const unsigned char *); 36 | extern void fe_tobytes(unsigned char *,const fe); 37 | 38 | extern void fe_copy(fe,const fe); 39 | extern int fe_isnonzero(const fe); 40 | extern int fe_isnegative(const fe); 41 | extern void fe_0(fe); 42 | extern void fe_1(fe); 43 | extern void fe_cswap(fe,fe,unsigned int); 44 | extern void fe_cmov(fe,const fe,unsigned int); 45 | 46 | extern void fe_add(fe,const fe,const fe); 47 | extern void fe_sub(fe,const fe,const fe); 48 | extern void fe_neg(fe,const fe); 49 | extern void fe_mul(fe,const fe,const fe); 50 | extern void fe_sq(fe,const fe); 51 | extern void fe_sq2(fe,const fe); 52 | extern void fe_mul121666(fe,const fe); 53 | extern void fe_invert(fe,const fe); 54 | extern void fe_pow22523(fe,const fe); 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_0.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = 0 5 | */ 6 | 7 | void fe_0(fe h) 8 | { 9 | h[0] = 0; 10 | h[1] = 0; 11 | h[2] = 0; 12 | h[3] = 0; 13 | h[4] = 0; 14 | h[5] = 0; 15 | h[6] = 0; 16 | h[7] = 0; 17 | h[8] = 0; 18 | h[9] = 0; 19 | } 20 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_1.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = 1 5 | */ 6 | 7 | void fe_1(fe h) 8 | { 9 | h[0] = 1; 10 | h[1] = 0; 11 | h[2] = 0; 12 | h[3] = 0; 13 | h[4] = 0; 14 | h[5] = 0; 15 | h[6] = 0; 16 | h[7] = 0; 17 | h[8] = 0; 18 | h[9] = 0; 19 | } 20 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_add.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = f + g 5 | Can overlap h with f or g. 6 | 7 | Preconditions: 8 | |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 9 | |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 10 | 11 | Postconditions: 12 | |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. 13 | */ 14 | 15 | void fe_add(fe h,const fe f,const fe g) 16 | { 17 | crypto_int32 f0 = f[0]; 18 | crypto_int32 f1 = f[1]; 19 | crypto_int32 f2 = f[2]; 20 | crypto_int32 f3 = f[3]; 21 | crypto_int32 f4 = f[4]; 22 | crypto_int32 f5 = f[5]; 23 | crypto_int32 f6 = f[6]; 24 | crypto_int32 f7 = f[7]; 25 | crypto_int32 f8 = f[8]; 26 | crypto_int32 f9 = f[9]; 27 | crypto_int32 g0 = g[0]; 28 | crypto_int32 g1 = g[1]; 29 | crypto_int32 g2 = g[2]; 30 | crypto_int32 g3 = g[3]; 31 | crypto_int32 g4 = g[4]; 32 | crypto_int32 g5 = g[5]; 33 | crypto_int32 g6 = g[6]; 34 | crypto_int32 g7 = g[7]; 35 | crypto_int32 g8 = g[8]; 36 | crypto_int32 g9 = g[9]; 37 | crypto_int32 h0 = f0 + g0; 38 | crypto_int32 h1 = f1 + g1; 39 | crypto_int32 h2 = f2 + g2; 40 | crypto_int32 h3 = f3 + g3; 41 | crypto_int32 h4 = f4 + g4; 42 | crypto_int32 h5 = f5 + g5; 43 | crypto_int32 h6 = f6 + g6; 44 | crypto_int32 h7 = f7 + g7; 45 | crypto_int32 h8 = f8 + g8; 46 | crypto_int32 h9 = f9 + g9; 47 | h[0] = h0; 48 | h[1] = h1; 49 | h[2] = h2; 50 | h[3] = h3; 51 | h[4] = h4; 52 | h[5] = h5; 53 | h[6] = h6; 54 | h[7] = h7; 55 | h[8] = h8; 56 | h[9] = h9; 57 | } 58 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_cmov.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | Replace (f,g) with (g,g) if b == 1; 5 | replace (f,g) with (f,g) if b == 0. 6 | 7 | Preconditions: b in {0,1}. 8 | */ 9 | 10 | void fe_cmov(fe f,const fe g,unsigned int b) 11 | { 12 | crypto_int32 f0 = f[0]; 13 | crypto_int32 f1 = f[1]; 14 | crypto_int32 f2 = f[2]; 15 | crypto_int32 f3 = f[3]; 16 | crypto_int32 f4 = f[4]; 17 | crypto_int32 f5 = f[5]; 18 | crypto_int32 f6 = f[6]; 19 | crypto_int32 f7 = f[7]; 20 | crypto_int32 f8 = f[8]; 21 | crypto_int32 f9 = f[9]; 22 | crypto_int32 g0 = g[0]; 23 | crypto_int32 g1 = g[1]; 24 | crypto_int32 g2 = g[2]; 25 | crypto_int32 g3 = g[3]; 26 | crypto_int32 g4 = g[4]; 27 | crypto_int32 g5 = g[5]; 28 | crypto_int32 g6 = g[6]; 29 | crypto_int32 g7 = g[7]; 30 | crypto_int32 g8 = g[8]; 31 | crypto_int32 g9 = g[9]; 32 | crypto_int32 x0 = f0 ^ g0; 33 | crypto_int32 x1 = f1 ^ g1; 34 | crypto_int32 x2 = f2 ^ g2; 35 | crypto_int32 x3 = f3 ^ g3; 36 | crypto_int32 x4 = f4 ^ g4; 37 | crypto_int32 x5 = f5 ^ g5; 38 | crypto_int32 x6 = f6 ^ g6; 39 | crypto_int32 x7 = f7 ^ g7; 40 | crypto_int32 x8 = f8 ^ g8; 41 | crypto_int32 x9 = f9 ^ g9; 42 | b = -b; 43 | x0 &= b; 44 | x1 &= b; 45 | x2 &= b; 46 | x3 &= b; 47 | x4 &= b; 48 | x5 &= b; 49 | x6 &= b; 50 | x7 &= b; 51 | x8 &= b; 52 | x9 &= b; 53 | f[0] = f0 ^ x0; 54 | f[1] = f1 ^ x1; 55 | f[2] = f2 ^ x2; 56 | f[3] = f3 ^ x3; 57 | f[4] = f4 ^ x4; 58 | f[5] = f5 ^ x5; 59 | f[6] = f6 ^ x6; 60 | f[7] = f7 ^ x7; 61 | f[8] = f8 ^ x8; 62 | f[9] = f9 ^ x9; 63 | } 64 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_copy.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = f 5 | */ 6 | 7 | void fe_copy(fe h,const fe f) 8 | { 9 | crypto_int32 f0 = f[0]; 10 | crypto_int32 f1 = f[1]; 11 | crypto_int32 f2 = f[2]; 12 | crypto_int32 f3 = f[3]; 13 | crypto_int32 f4 = f[4]; 14 | crypto_int32 f5 = f[5]; 15 | crypto_int32 f6 = f[6]; 16 | crypto_int32 f7 = f[7]; 17 | crypto_int32 f8 = f[8]; 18 | crypto_int32 f9 = f[9]; 19 | h[0] = f0; 20 | h[1] = f1; 21 | h[2] = f2; 22 | h[3] = f3; 23 | h[4] = f4; 24 | h[5] = f5; 25 | h[6] = f6; 26 | h[7] = f7; 27 | h[8] = f8; 28 | h[9] = f9; 29 | } 30 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_frombytes.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | #include "crypto_int64.h" 3 | #include "crypto_uint64.h" 4 | 5 | static crypto_uint64 load_3(const unsigned char *in) 6 | { 7 | crypto_uint64 result; 8 | result = (crypto_uint64) in[0]; 9 | result |= ((crypto_uint64) in[1]) << 8; 10 | result |= ((crypto_uint64) in[2]) << 16; 11 | return result; 12 | } 13 | 14 | static crypto_uint64 load_4(const unsigned char *in) 15 | { 16 | crypto_uint64 result; 17 | result = (crypto_uint64) in[0]; 18 | result |= ((crypto_uint64) in[1]) << 8; 19 | result |= ((crypto_uint64) in[2]) << 16; 20 | result |= ((crypto_uint64) in[3]) << 24; 21 | return result; 22 | } 23 | 24 | /* 25 | Ignores top bit of h. 26 | */ 27 | 28 | void fe_frombytes(fe h,const unsigned char *s) 29 | { 30 | crypto_int64 h0 = load_4(s); 31 | crypto_int64 h1 = load_3(s + 4) << 6; 32 | crypto_int64 h2 = load_3(s + 7) << 5; 33 | crypto_int64 h3 = load_3(s + 10) << 3; 34 | crypto_int64 h4 = load_3(s + 13) << 2; 35 | crypto_int64 h5 = load_4(s + 16); 36 | crypto_int64 h6 = load_3(s + 20) << 7; 37 | crypto_int64 h7 = load_3(s + 23) << 5; 38 | crypto_int64 h8 = load_3(s + 26) << 4; 39 | crypto_int64 h9 = (load_3(s + 29) & 8388607) << 2; 40 | crypto_int64 carry0; 41 | crypto_int64 carry1; 42 | crypto_int64 carry2; 43 | crypto_int64 carry3; 44 | crypto_int64 carry4; 45 | crypto_int64 carry5; 46 | crypto_int64 carry6; 47 | crypto_int64 carry7; 48 | crypto_int64 carry8; 49 | crypto_int64 carry9; 50 | 51 | carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; 52 | carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; 53 | carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; 54 | carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; 55 | carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; 56 | 57 | carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; 58 | carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; 59 | carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; 60 | carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; 61 | carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; 62 | 63 | h[0] = h0; 64 | h[1] = h1; 65 | h[2] = h2; 66 | h[3] = h3; 67 | h[4] = h4; 68 | h[5] = h5; 69 | h[6] = h6; 70 | h[7] = h7; 71 | h[8] = h8; 72 | h[9] = h9; 73 | } 74 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_invert.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | void fe_invert(fe out,const fe z) 4 | { 5 | fe t0; 6 | fe t1; 7 | fe t2; 8 | fe t3; 9 | int i; 10 | 11 | #include "pow225521.h" 12 | 13 | return; 14 | } 15 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_isnegative.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | return 1 if f is in {1,3,5,...,q-2} 5 | return 0 if f is in {0,2,4,...,q-1} 6 | 7 | Preconditions: 8 | |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. 9 | */ 10 | 11 | int fe_isnegative(const fe f) 12 | { 13 | unsigned char s[32]; 14 | fe_tobytes(s,f); 15 | return s[0] & 1; 16 | } 17 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_isnonzero.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | #include "crypto_verify_32.h" 3 | 4 | /* 5 | return 1 if f == 0 6 | return 0 if f != 0 7 | 8 | Preconditions: 9 | |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. 10 | */ 11 | 12 | static const unsigned char zero[32]; 13 | 14 | int fe_isnonzero(const fe f) 15 | { 16 | unsigned char s[32]; 17 | fe_tobytes(s,f); 18 | return crypto_verify_32(s,zero); 19 | } 20 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_neg.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = -f 5 | 6 | Preconditions: 7 | |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 8 | 9 | Postconditions: 10 | |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 11 | */ 12 | 13 | void fe_neg(fe h,const fe f) 14 | { 15 | crypto_int32 f0 = f[0]; 16 | crypto_int32 f1 = f[1]; 17 | crypto_int32 f2 = f[2]; 18 | crypto_int32 f3 = f[3]; 19 | crypto_int32 f4 = f[4]; 20 | crypto_int32 f5 = f[5]; 21 | crypto_int32 f6 = f[6]; 22 | crypto_int32 f7 = f[7]; 23 | crypto_int32 f8 = f[8]; 24 | crypto_int32 f9 = f[9]; 25 | crypto_int32 h0 = -f0; 26 | crypto_int32 h1 = -f1; 27 | crypto_int32 h2 = -f2; 28 | crypto_int32 h3 = -f3; 29 | crypto_int32 h4 = -f4; 30 | crypto_int32 h5 = -f5; 31 | crypto_int32 h6 = -f6; 32 | crypto_int32 h7 = -f7; 33 | crypto_int32 h8 = -f8; 34 | crypto_int32 h9 = -f9; 35 | h[0] = h0; 36 | h[1] = h1; 37 | h[2] = h2; 38 | h[3] = h3; 39 | h[4] = h4; 40 | h[5] = h5; 41 | h[6] = h6; 42 | h[7] = h7; 43 | h[8] = h8; 44 | h[9] = h9; 45 | } 46 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_pow22523.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | void fe_pow22523(fe out,const fe z) 4 | { 5 | fe t0; 6 | fe t1; 7 | fe t2; 8 | int i; 9 | 10 | #include "pow22523.h" 11 | 12 | return; 13 | } 14 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/fe_sub.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = f - g 5 | Can overlap h with f or g. 6 | 7 | Preconditions: 8 | |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 9 | |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 10 | 11 | Postconditions: 12 | |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. 13 | */ 14 | 15 | void fe_sub(fe h,const fe f,const fe g) 16 | { 17 | crypto_int32 f0 = f[0]; 18 | crypto_int32 f1 = f[1]; 19 | crypto_int32 f2 = f[2]; 20 | crypto_int32 f3 = f[3]; 21 | crypto_int32 f4 = f[4]; 22 | crypto_int32 f5 = f[5]; 23 | crypto_int32 f6 = f[6]; 24 | crypto_int32 f7 = f[7]; 25 | crypto_int32 f8 = f[8]; 26 | crypto_int32 f9 = f[9]; 27 | crypto_int32 g0 = g[0]; 28 | crypto_int32 g1 = g[1]; 29 | crypto_int32 g2 = g[2]; 30 | crypto_int32 g3 = g[3]; 31 | crypto_int32 g4 = g[4]; 32 | crypto_int32 g5 = g[5]; 33 | crypto_int32 g6 = g[6]; 34 | crypto_int32 g7 = g[7]; 35 | crypto_int32 g8 = g[8]; 36 | crypto_int32 g9 = g[9]; 37 | crypto_int32 h0 = f0 - g0; 38 | crypto_int32 h1 = f1 - g1; 39 | crypto_int32 h2 = f2 - g2; 40 | crypto_int32 h3 = f3 - g3; 41 | crypto_int32 h4 = f4 - g4; 42 | crypto_int32 h5 = f5 - g5; 43 | crypto_int32 h6 = f6 - g6; 44 | crypto_int32 h7 = f7 - g7; 45 | crypto_int32 h8 = f8 - g8; 46 | crypto_int32 h9 = f9 - g9; 47 | h[0] = h0; 48 | h[1] = h1; 49 | h[2] = h2; 50 | h[3] = h3; 51 | h[4] = h4; 52 | h[5] = h5; 53 | h[6] = h6; 54 | h[7] = h7; 55 | h[8] = h8; 56 | h[9] = h9; 57 | } 58 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_add.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p + q 5 | */ 6 | 7 | void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q) 8 | { 9 | fe t0; 10 | #include "ge_add.h" 11 | } 12 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_add.h: -------------------------------------------------------------------------------- 1 | 2 | /* qhasm: enter ge_add */ 3 | 4 | /* qhasm: fe X1 */ 5 | 6 | /* qhasm: fe Y1 */ 7 | 8 | /* qhasm: fe Z1 */ 9 | 10 | /* qhasm: fe Z2 */ 11 | 12 | /* qhasm: fe T1 */ 13 | 14 | /* qhasm: fe ZZ */ 15 | 16 | /* qhasm: fe YpX2 */ 17 | 18 | /* qhasm: fe YmX2 */ 19 | 20 | /* qhasm: fe T2d2 */ 21 | 22 | /* qhasm: fe X3 */ 23 | 24 | /* qhasm: fe Y3 */ 25 | 26 | /* qhasm: fe Z3 */ 27 | 28 | /* qhasm: fe T3 */ 29 | 30 | /* qhasm: fe YpX1 */ 31 | 32 | /* qhasm: fe YmX1 */ 33 | 34 | /* qhasm: fe A */ 35 | 36 | /* qhasm: fe B */ 37 | 38 | /* qhasm: fe C */ 39 | 40 | /* qhasm: fe D */ 41 | 42 | /* qhasm: YpX1 = Y1+X1 */ 43 | /* asm 1: fe_add(>YpX1=fe#1,YpX1=r->X,Y,X); */ 45 | fe_add(r->X,p->Y,p->X); 46 | 47 | /* qhasm: YmX1 = Y1-X1 */ 48 | /* asm 1: fe_sub(>YmX1=fe#2,YmX1=r->Y,Y,X); */ 50 | fe_sub(r->Y,p->Y,p->X); 51 | 52 | /* qhasm: A = YpX1*YpX2 */ 53 | /* asm 1: fe_mul(>A=fe#3,A=r->Z,X,YplusX); */ 55 | fe_mul(r->Z,r->X,q->YplusX); 56 | 57 | /* qhasm: B = YmX1*YmX2 */ 58 | /* asm 1: fe_mul(>B=fe#2,B=r->Y,Y,YminusX); */ 60 | fe_mul(r->Y,r->Y,q->YminusX); 61 | 62 | /* qhasm: C = T2d2*T1 */ 63 | /* asm 1: fe_mul(>C=fe#4,C=r->T,T2d,T); */ 65 | fe_mul(r->T,q->T2d,p->T); 66 | 67 | /* qhasm: ZZ = Z1*Z2 */ 68 | /* asm 1: fe_mul(>ZZ=fe#1,ZZ=r->X,Z,Z); */ 70 | fe_mul(r->X,p->Z,q->Z); 71 | 72 | /* qhasm: D = 2*ZZ */ 73 | /* asm 1: fe_add(>D=fe#5,D=t0,X,X); */ 75 | fe_add(t0,r->X,r->X); 76 | 77 | /* qhasm: X3 = A-B */ 78 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Z,Y); */ 80 | fe_sub(r->X,r->Z,r->Y); 81 | 82 | /* qhasm: Y3 = A+B */ 83 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,Y); */ 85 | fe_add(r->Y,r->Z,r->Y); 86 | 87 | /* qhasm: Z3 = D+C */ 88 | /* asm 1: fe_add(>Z3=fe#3,Z3=r->Z,T); */ 90 | fe_add(r->Z,t0,r->T); 91 | 92 | /* qhasm: T3 = D-C */ 93 | /* asm 1: fe_sub(>T3=fe#4,T3=r->T,T); */ 95 | fe_sub(r->T,t0,r->T); 96 | 97 | /* qhasm: return */ 98 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_add.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_add(>h,> 3] >> (i & 7)); 11 | 12 | for (i = 0;i < 256;++i) 13 | if (r[i]) { 14 | for (b = 1;b <= 6 && i + b < 256;++b) { 15 | if (r[i + b]) { 16 | if (r[i] + (r[i + b] << b) <= 15) { 17 | r[i] += r[i + b] << b; r[i + b] = 0; 18 | } else if (r[i] - (r[i + b] << b) >= -15) { 19 | r[i] -= r[i + b] << b; 20 | for (k = i + b;k < 256;++k) { 21 | if (!r[k]) { 22 | r[k] = 1; 23 | break; 24 | } 25 | r[k] = 0; 26 | } 27 | } else 28 | break; 29 | } 30 | } 31 | } 32 | 33 | } 34 | 35 | static ge_precomp Bi[8] = { 36 | #include "base2.h" 37 | } ; 38 | 39 | /* 40 | r = a * A + b * B 41 | where a = a[0]+256*a[1]+...+256^31 a[31]. 42 | and b = b[0]+256*b[1]+...+256^31 b[31]. 43 | B is the Ed25519 base point (x,4/5) with x positive. 44 | */ 45 | 46 | void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b) 47 | { 48 | signed char aslide[256]; 49 | signed char bslide[256]; 50 | ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ 51 | ge_p1p1 t; 52 | ge_p3 u; 53 | ge_p3 A2; 54 | int i; 55 | 56 | slide(aslide,a); 57 | slide(bslide,b); 58 | 59 | ge_p3_to_cached(&Ai[0],A); 60 | ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t); 61 | ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u); 62 | ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u); 63 | ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u); 64 | ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u); 65 | ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u); 66 | ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u); 67 | ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u); 68 | 69 | ge_p2_0(r); 70 | 71 | for (i = 255;i >= 0;--i) { 72 | if (aslide[i] || bslide[i]) break; 73 | } 74 | 75 | for (;i >= 0;--i) { 76 | ge_p2_dbl(&t,r); 77 | 78 | if (aslide[i] > 0) { 79 | ge_p1p1_to_p3(&u,&t); 80 | ge_add(&t,&u,&Ai[aslide[i]/2]); 81 | } else if (aslide[i] < 0) { 82 | ge_p1p1_to_p3(&u,&t); 83 | ge_sub(&t,&u,&Ai[(-aslide[i])/2]); 84 | } 85 | 86 | if (bslide[i] > 0) { 87 | ge_p1p1_to_p3(&u,&t); 88 | ge_madd(&t,&u,&Bi[bslide[i]/2]); 89 | } else if (bslide[i] < 0) { 90 | ge_p1p1_to_p3(&u,&t); 91 | ge_msub(&t,&u,&Bi[(-bslide[i])/2]); 92 | } 93 | 94 | ge_p1p1_to_p2(r,&t); 95 | } 96 | } 97 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_frombytes.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | static const fe d = { 4 | #include "d.h" 5 | } ; 6 | 7 | static const fe sqrtm1 = { 8 | #include "sqrtm1.h" 9 | } ; 10 | 11 | int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s) 12 | { 13 | fe u; 14 | fe v; 15 | fe v3; 16 | fe vxx; 17 | fe check; 18 | 19 | fe_frombytes(h->Y,s); 20 | fe_1(h->Z); 21 | fe_sq(u,h->Y); 22 | fe_mul(v,u,d); 23 | fe_sub(u,u,h->Z); /* u = y^2-1 */ 24 | fe_add(v,v,h->Z); /* v = dy^2+1 */ 25 | 26 | fe_sq(v3,v); 27 | fe_mul(v3,v3,v); /* v3 = v^3 */ 28 | fe_sq(h->X,v3); 29 | fe_mul(h->X,h->X,v); 30 | fe_mul(h->X,h->X,u); /* x = uv^7 */ 31 | 32 | fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */ 33 | fe_mul(h->X,h->X,v3); 34 | fe_mul(h->X,h->X,u); /* x = uv^3(uv^7)^((q-5)/8) */ 35 | 36 | fe_sq(vxx,h->X); 37 | fe_mul(vxx,vxx,v); 38 | fe_sub(check,vxx,u); /* vx^2-u */ 39 | if (fe_isnonzero(check)) { 40 | fe_add(check,vxx,u); /* vx^2+u */ 41 | if (fe_isnonzero(check)) return -1; 42 | fe_mul(h->X,h->X,sqrtm1); 43 | } 44 | 45 | if (fe_isnegative(h->X) == (s[31] >> 7)) 46 | fe_neg(h->X,h->X); 47 | 48 | fe_mul(h->T,h->X,h->Y); 49 | return 0; 50 | } 51 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_madd.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p + q 5 | */ 6 | 7 | void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q) 8 | { 9 | fe t0; 10 | #include "ge_madd.h" 11 | } 12 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_madd.h: -------------------------------------------------------------------------------- 1 | 2 | /* qhasm: enter ge_madd */ 3 | 4 | /* qhasm: fe X1 */ 5 | 6 | /* qhasm: fe Y1 */ 7 | 8 | /* qhasm: fe Z1 */ 9 | 10 | /* qhasm: fe T1 */ 11 | 12 | /* qhasm: fe ypx2 */ 13 | 14 | /* qhasm: fe ymx2 */ 15 | 16 | /* qhasm: fe xy2d2 */ 17 | 18 | /* qhasm: fe X3 */ 19 | 20 | /* qhasm: fe Y3 */ 21 | 22 | /* qhasm: fe Z3 */ 23 | 24 | /* qhasm: fe T3 */ 25 | 26 | /* qhasm: fe YpX1 */ 27 | 28 | /* qhasm: fe YmX1 */ 29 | 30 | /* qhasm: fe A */ 31 | 32 | /* qhasm: fe B */ 33 | 34 | /* qhasm: fe C */ 35 | 36 | /* qhasm: fe D */ 37 | 38 | /* qhasm: YpX1 = Y1+X1 */ 39 | /* asm 1: fe_add(>YpX1=fe#1,YpX1=r->X,Y,X); */ 41 | fe_add(r->X,p->Y,p->X); 42 | 43 | /* qhasm: YmX1 = Y1-X1 */ 44 | /* asm 1: fe_sub(>YmX1=fe#2,YmX1=r->Y,Y,X); */ 46 | fe_sub(r->Y,p->Y,p->X); 47 | 48 | /* qhasm: A = YpX1*ypx2 */ 49 | /* asm 1: fe_mul(>A=fe#3,A=r->Z,X,yplusx); */ 51 | fe_mul(r->Z,r->X,q->yplusx); 52 | 53 | /* qhasm: B = YmX1*ymx2 */ 54 | /* asm 1: fe_mul(>B=fe#2,B=r->Y,Y,yminusx); */ 56 | fe_mul(r->Y,r->Y,q->yminusx); 57 | 58 | /* qhasm: C = xy2d2*T1 */ 59 | /* asm 1: fe_mul(>C=fe#4,C=r->T,xy2d,T); */ 61 | fe_mul(r->T,q->xy2d,p->T); 62 | 63 | /* qhasm: D = 2*Z1 */ 64 | /* asm 1: fe_add(>D=fe#5,D=t0,Z,Z); */ 66 | fe_add(t0,p->Z,p->Z); 67 | 68 | /* qhasm: X3 = A-B */ 69 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Z,Y); */ 71 | fe_sub(r->X,r->Z,r->Y); 72 | 73 | /* qhasm: Y3 = A+B */ 74 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,Y); */ 76 | fe_add(r->Y,r->Z,r->Y); 77 | 78 | /* qhasm: Z3 = D+C */ 79 | /* asm 1: fe_add(>Z3=fe#3,Z3=r->Z,T); */ 81 | fe_add(r->Z,t0,r->T); 82 | 83 | /* qhasm: T3 = D-C */ 84 | /* asm 1: fe_sub(>T3=fe#4,T3=r->T,T); */ 86 | fe_sub(r->T,t0,r->T); 87 | 88 | /* qhasm: return */ 89 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_madd.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_add(>h,YpX1=fe#1,YpX1=r->X,Y,X); */ 41 | fe_add(r->X,p->Y,p->X); 42 | 43 | /* qhasm: YmX1 = Y1-X1 */ 44 | /* asm 1: fe_sub(>YmX1=fe#2,YmX1=r->Y,Y,X); */ 46 | fe_sub(r->Y,p->Y,p->X); 47 | 48 | /* qhasm: A = YpX1*ymx2 */ 49 | /* asm 1: fe_mul(>A=fe#3,A=r->Z,X,yminusx); */ 51 | fe_mul(r->Z,r->X,q->yminusx); 52 | 53 | /* qhasm: B = YmX1*ypx2 */ 54 | /* asm 1: fe_mul(>B=fe#2,B=r->Y,Y,yplusx); */ 56 | fe_mul(r->Y,r->Y,q->yplusx); 57 | 58 | /* qhasm: C = xy2d2*T1 */ 59 | /* asm 1: fe_mul(>C=fe#4,C=r->T,xy2d,T); */ 61 | fe_mul(r->T,q->xy2d,p->T); 62 | 63 | /* qhasm: D = 2*Z1 */ 64 | /* asm 1: fe_add(>D=fe#5,D=t0,Z,Z); */ 66 | fe_add(t0,p->Z,p->Z); 67 | 68 | /* qhasm: X3 = A-B */ 69 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Z,Y); */ 71 | fe_sub(r->X,r->Z,r->Y); 72 | 73 | /* qhasm: Y3 = A+B */ 74 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,Y); */ 76 | fe_add(r->Y,r->Z,r->Y); 77 | 78 | /* qhasm: Z3 = D-C */ 79 | /* asm 1: fe_sub(>Z3=fe#3,Z3=r->Z,T); */ 81 | fe_sub(r->Z,t0,r->T); 82 | 83 | /* qhasm: T3 = D+C */ 84 | /* asm 1: fe_add(>T3=fe#4,T3=r->T,T); */ 86 | fe_add(r->T,t0,r->T); 87 | 88 | /* qhasm: return */ 89 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_msub.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_add(>h,X,p->X,p->T); 10 | fe_mul(r->Y,p->Y,p->Z); 11 | fe_mul(r->Z,p->Z,p->T); 12 | } 13 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_p1p1_to_p3.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p 5 | */ 6 | 7 | extern void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p) 8 | { 9 | fe_mul(r->X,p->X,p->T); 10 | fe_mul(r->Y,p->Y,p->Z); 11 | fe_mul(r->Z,p->Z,p->T); 12 | fe_mul(r->T,p->X,p->Y); 13 | } 14 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_p2_0.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | void ge_p2_0(ge_p2 *h) 4 | { 5 | fe_0(h->X); 6 | fe_1(h->Y); 7 | fe_1(h->Z); 8 | } 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_p2_dbl.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = 2 * p 5 | */ 6 | 7 | void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p) 8 | { 9 | fe t0; 10 | #include "ge_p2_dbl.h" 11 | } 12 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_p2_dbl.h: -------------------------------------------------------------------------------- 1 | 2 | /* qhasm: enter ge_p2_dbl */ 3 | 4 | /* qhasm: fe X1 */ 5 | 6 | /* qhasm: fe Y1 */ 7 | 8 | /* qhasm: fe Z1 */ 9 | 10 | /* qhasm: fe A */ 11 | 12 | /* qhasm: fe AA */ 13 | 14 | /* qhasm: fe XX */ 15 | 16 | /* qhasm: fe YY */ 17 | 18 | /* qhasm: fe B */ 19 | 20 | /* qhasm: fe X3 */ 21 | 22 | /* qhasm: fe Y3 */ 23 | 24 | /* qhasm: fe Z3 */ 25 | 26 | /* qhasm: fe T3 */ 27 | 28 | /* qhasm: XX=X1^2 */ 29 | /* asm 1: fe_sq(>XX=fe#1,XX=r->X,X); */ 31 | fe_sq(r->X,p->X); 32 | 33 | /* qhasm: YY=Y1^2 */ 34 | /* asm 1: fe_sq(>YY=fe#3,YY=r->Z,Y); */ 36 | fe_sq(r->Z,p->Y); 37 | 38 | /* qhasm: B=2*Z1^2 */ 39 | /* asm 1: fe_sq2(>B=fe#4,B=r->T,Z); */ 41 | fe_sq2(r->T,p->Z); 42 | 43 | /* qhasm: A=X1+Y1 */ 44 | /* asm 1: fe_add(>A=fe#2,A=r->Y,X,Y); */ 46 | fe_add(r->Y,p->X,p->Y); 47 | 48 | /* qhasm: AA=A^2 */ 49 | /* asm 1: fe_sq(>AA=fe#5,AA=t0,Y); */ 51 | fe_sq(t0,r->Y); 52 | 53 | /* qhasm: Y3=YY+XX */ 54 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,X); */ 56 | fe_add(r->Y,r->Z,r->X); 57 | 58 | /* qhasm: Z3=YY-XX */ 59 | /* asm 1: fe_sub(>Z3=fe#3,Z3=r->Z,Z,X); */ 61 | fe_sub(r->Z,r->Z,r->X); 62 | 63 | /* qhasm: X3=AA-Y3 */ 64 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Y); */ 66 | fe_sub(r->X,t0,r->Y); 67 | 68 | /* qhasm: T3=B-Z3 */ 69 | /* asm 1: fe_sub(>T3=fe#4,T3=r->T,T,Z); */ 71 | fe_sub(r->T,r->T,r->Z); 72 | 73 | /* qhasm: return */ 74 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_p2_dbl.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_sq2(>h,h=fe:asm/fe_add(>h,X); 6 | fe_1(h->Y); 7 | fe_1(h->Z); 8 | fe_0(h->T); 9 | } 10 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_p3_dbl.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = 2 * p 5 | */ 6 | 7 | void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p) 8 | { 9 | ge_p2 q; 10 | ge_p3_to_p2(&q,p); 11 | ge_p2_dbl(r,&q); 12 | } 13 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_p3_to_cached.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p 5 | */ 6 | 7 | static const fe d2 = { 8 | #include "d2.h" 9 | } ; 10 | 11 | extern void ge_p3_to_cached(ge_cached *r,const ge_p3 *p) 12 | { 13 | fe_add(r->YplusX,p->Y,p->X); 14 | fe_sub(r->YminusX,p->Y,p->X); 15 | fe_copy(r->Z,p->Z); 16 | fe_mul(r->T2d,p->T,d2); 17 | } 18 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_p3_to_p2.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p 5 | */ 6 | 7 | extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p) 8 | { 9 | fe_copy(r->X,p->X); 10 | fe_copy(r->Y,p->Y); 11 | fe_copy(r->Z,p->Z); 12 | } 13 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_p3_tobytes.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | void ge_p3_tobytes(unsigned char *s,const ge_p3 *h) 4 | { 5 | fe recip; 6 | fe x; 7 | fe y; 8 | 9 | fe_invert(recip,h->Z); 10 | fe_mul(x,h->X,recip); 11 | fe_mul(y,h->Y,recip); 12 | fe_tobytes(s,y); 13 | s[31] ^= fe_isnegative(x) << 7; 14 | } 15 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_precomp_0.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | void ge_precomp_0(ge_precomp *h) 4 | { 5 | fe_1(h->yplusx); 6 | fe_1(h->yminusx); 7 | fe_0(h->xy2d); 8 | } 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_scalarmult_base.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | #include "crypto_uint32.h" 3 | 4 | static unsigned char equal(signed char b,signed char c) 5 | { 6 | unsigned char ub = b; 7 | unsigned char uc = c; 8 | unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ 9 | crypto_uint32 y = x; /* 0: yes; 1..255: no */ 10 | y -= 1; /* 4294967295: yes; 0..254: no */ 11 | y >>= 31; /* 1: yes; 0: no */ 12 | return y; 13 | } 14 | 15 | static unsigned char negative(signed char b) 16 | { 17 | unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ 18 | x >>= 63; /* 1: yes; 0: no */ 19 | return x; 20 | } 21 | 22 | static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b) 23 | { 24 | fe_cmov(t->yplusx,u->yplusx,b); 25 | fe_cmov(t->yminusx,u->yminusx,b); 26 | fe_cmov(t->xy2d,u->xy2d,b); 27 | } 28 | 29 | /* base[i][j] = (j+1)*256^i*B */ 30 | static ge_precomp base[32][8] = { 31 | #include "base.h" 32 | } ; 33 | 34 | static void select(ge_precomp *t,int pos,signed char b) 35 | { 36 | ge_precomp minust; 37 | unsigned char bnegative = negative(b); 38 | unsigned char babs = b - (((-bnegative) & b) << 1); 39 | 40 | ge_precomp_0(t); 41 | cmov(t,&base[pos][0],equal(babs,1)); 42 | cmov(t,&base[pos][1],equal(babs,2)); 43 | cmov(t,&base[pos][2],equal(babs,3)); 44 | cmov(t,&base[pos][3],equal(babs,4)); 45 | cmov(t,&base[pos][4],equal(babs,5)); 46 | cmov(t,&base[pos][5],equal(babs,6)); 47 | cmov(t,&base[pos][6],equal(babs,7)); 48 | cmov(t,&base[pos][7],equal(babs,8)); 49 | fe_copy(minust.yplusx,t->yminusx); 50 | fe_copy(minust.yminusx,t->yplusx); 51 | fe_neg(minust.xy2d,t->xy2d); 52 | cmov(t,&minust,bnegative); 53 | } 54 | 55 | /* 56 | h = a * B 57 | where a = a[0]+256*a[1]+...+256^31 a[31] 58 | B is the Ed25519 base point (x,4/5) with x positive. 59 | 60 | Preconditions: 61 | a[31] <= 127 62 | */ 63 | 64 | void ge_scalarmult_base(ge_p3 *h,const unsigned char *a) 65 | { 66 | signed char e[64]; 67 | signed char carry; 68 | ge_p1p1 r; 69 | ge_p2 s; 70 | ge_precomp t; 71 | int i; 72 | 73 | for (i = 0;i < 32;++i) { 74 | e[2 * i + 0] = (a[i] >> 0) & 15; 75 | e[2 * i + 1] = (a[i] >> 4) & 15; 76 | } 77 | /* each e[i] is between 0 and 15 */ 78 | /* e[63] is between 0 and 7 */ 79 | 80 | carry = 0; 81 | for (i = 0;i < 63;++i) { 82 | e[i] += carry; 83 | carry = e[i] + 8; 84 | carry >>= 4; 85 | e[i] -= carry << 4; 86 | } 87 | e[63] += carry; 88 | /* each e[i] is between -8 and 8 */ 89 | 90 | ge_p3_0(h); 91 | for (i = 1;i < 64;i += 2) { 92 | select(&t,i / 2,e[i]); 93 | ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r); 94 | } 95 | 96 | ge_p3_dbl(&r,h); ge_p1p1_to_p2(&s,&r); 97 | ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r); 98 | ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r); 99 | ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r); 100 | 101 | for (i = 0;i < 64;i += 2) { 102 | select(&t,i / 2,e[i]); 103 | ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r); 104 | } 105 | } 106 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_sub.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p - q 5 | */ 6 | 7 | void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q) 8 | { 9 | fe t0; 10 | #include "ge_sub.h" 11 | } 12 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_sub.h: -------------------------------------------------------------------------------- 1 | 2 | /* qhasm: enter ge_sub */ 3 | 4 | /* qhasm: fe X1 */ 5 | 6 | /* qhasm: fe Y1 */ 7 | 8 | /* qhasm: fe Z1 */ 9 | 10 | /* qhasm: fe Z2 */ 11 | 12 | /* qhasm: fe T1 */ 13 | 14 | /* qhasm: fe ZZ */ 15 | 16 | /* qhasm: fe YpX2 */ 17 | 18 | /* qhasm: fe YmX2 */ 19 | 20 | /* qhasm: fe T2d2 */ 21 | 22 | /* qhasm: fe X3 */ 23 | 24 | /* qhasm: fe Y3 */ 25 | 26 | /* qhasm: fe Z3 */ 27 | 28 | /* qhasm: fe T3 */ 29 | 30 | /* qhasm: fe YpX1 */ 31 | 32 | /* qhasm: fe YmX1 */ 33 | 34 | /* qhasm: fe A */ 35 | 36 | /* qhasm: fe B */ 37 | 38 | /* qhasm: fe C */ 39 | 40 | /* qhasm: fe D */ 41 | 42 | /* qhasm: YpX1 = Y1+X1 */ 43 | /* asm 1: fe_add(>YpX1=fe#1,YpX1=r->X,Y,X); */ 45 | fe_add(r->X,p->Y,p->X); 46 | 47 | /* qhasm: YmX1 = Y1-X1 */ 48 | /* asm 1: fe_sub(>YmX1=fe#2,YmX1=r->Y,Y,X); */ 50 | fe_sub(r->Y,p->Y,p->X); 51 | 52 | /* qhasm: A = YpX1*YmX2 */ 53 | /* asm 1: fe_mul(>A=fe#3,A=r->Z,X,YminusX); */ 55 | fe_mul(r->Z,r->X,q->YminusX); 56 | 57 | /* qhasm: B = YmX1*YpX2 */ 58 | /* asm 1: fe_mul(>B=fe#2,B=r->Y,Y,YplusX); */ 60 | fe_mul(r->Y,r->Y,q->YplusX); 61 | 62 | /* qhasm: C = T2d2*T1 */ 63 | /* asm 1: fe_mul(>C=fe#4,C=r->T,T2d,T); */ 65 | fe_mul(r->T,q->T2d,p->T); 66 | 67 | /* qhasm: ZZ = Z1*Z2 */ 68 | /* asm 1: fe_mul(>ZZ=fe#1,ZZ=r->X,Z,Z); */ 70 | fe_mul(r->X,p->Z,q->Z); 71 | 72 | /* qhasm: D = 2*ZZ */ 73 | /* asm 1: fe_add(>D=fe#5,D=t0,X,X); */ 75 | fe_add(t0,r->X,r->X); 76 | 77 | /* qhasm: X3 = A-B */ 78 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Z,Y); */ 80 | fe_sub(r->X,r->Z,r->Y); 81 | 82 | /* qhasm: Y3 = A+B */ 83 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,Y); */ 85 | fe_add(r->Y,r->Z,r->Y); 86 | 87 | /* qhasm: Z3 = D-C */ 88 | /* asm 1: fe_sub(>Z3=fe#3,Z3=r->Z,T); */ 90 | fe_sub(r->Z,t0,r->T); 91 | 92 | /* qhasm: T3 = D+C */ 93 | /* asm 1: fe_add(>T3=fe#4,T3=r->T,T); */ 95 | fe_add(r->T,t0,r->T); 96 | 97 | /* qhasm: return */ 98 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/ge_sub.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_add(>h,Z); 10 | fe_mul(x,h->X,recip); 11 | fe_mul(y,h->Y,recip); 12 | fe_tobytes(s,y); 13 | s[31] ^= fe_isnegative(x) << 7; 14 | } 15 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/keypair.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "randombytes.h" 3 | #include "crypto_sign.h" 4 | #include "crypto_hash_sha512.h" 5 | #include "ge.h" 6 | 7 | int crypto_sign_keypair(unsigned char *pk,unsigned char *sk) 8 | { 9 | unsigned char az[64]; 10 | ge_p3 A; 11 | 12 | randombytes(sk,32); 13 | crypto_hash_sha512(az,sk,32); 14 | az[0] &= 248; 15 | az[31] &= 63; 16 | az[31] |= 64; 17 | 18 | ge_scalarmult_base(&A,az); 19 | ge_p3_tobytes(pk,&A); 20 | 21 | memmove(sk + 32,pk,32); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/open.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "crypto_sign.h" 3 | #include "crypto_hash_sha512.h" 4 | #include "crypto_verify_32.h" 5 | #include "ge.h" 6 | #include "sc.h" 7 | 8 | int crypto_sign_open( 9 | unsigned char *m,unsigned long long *mlen, 10 | const unsigned char *sm,unsigned long long smlen, 11 | const unsigned char *pk 12 | ) 13 | { 14 | unsigned char pkcopy[32]; 15 | unsigned char rcopy[32]; 16 | unsigned char scopy[32]; 17 | unsigned char h[64]; 18 | unsigned char rcheck[32]; 19 | ge_p3 A; 20 | ge_p2 R; 21 | 22 | if (smlen < 64) goto badsig; 23 | if (sm[63] & 224) goto badsig; 24 | if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig; 25 | 26 | memmove(pkcopy,pk,32); 27 | memmove(rcopy,sm,32); 28 | memmove(scopy,sm + 32,32); 29 | 30 | memmove(m,sm,smlen); 31 | memmove(m + 32,pkcopy,32); 32 | crypto_hash_sha512(h,m,smlen); 33 | sc_reduce(h); 34 | 35 | ge_double_scalarmult_vartime(&R,h,&A,scopy); 36 | ge_tobytes(rcheck,&R); 37 | if (crypto_verify_32(rcheck,rcopy) == 0) { 38 | memmove(m,m + 64,smlen - 64); 39 | memset(m + smlen - 64,0,64); 40 | *mlen = smlen - 64; 41 | return 0; 42 | } 43 | 44 | badsig: 45 | *mlen = -1; 46 | memset(m,0,smlen); 47 | return -1; 48 | } 49 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/pow22523.q: -------------------------------------------------------------------------------- 1 | :name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>z1=fe#11: 5 | return:nofallthrough:h=fe:asm/fe_mul(>h,h=fe:#k:asm/fe_sq(>h,h,>h);: 9 | 10 | : 11 | 12 | fe z1 13 | fe z2 14 | fe z8 15 | fe z9 16 | fe z11 17 | fe z22 18 | fe z_5_0 19 | fe z_10_5 20 | fe z_10_0 21 | fe z_20_10 22 | fe z_20_0 23 | fe z_40_20 24 | fe z_40_0 25 | fe z_50_10 26 | fe z_50_0 27 | fe z_100_50 28 | fe z_100_0 29 | fe z_200_100 30 | fe z_200_0 31 | fe z_250_50 32 | fe z_250_0 33 | fe z_252_2 34 | fe z_252_3 35 | 36 | enter pow22523 37 | 38 | z2 = z1^2^1 39 | z8 = z2^2^2 40 | z9 = z1*z8 41 | z11 = z2*z9 42 | z22 = z11^2^1 43 | z_5_0 = z9*z22 44 | z_10_5 = z_5_0^2^5 45 | z_10_0 = z_10_5*z_5_0 46 | z_20_10 = z_10_0^2^10 47 | z_20_0 = z_20_10*z_10_0 48 | z_40_20 = z_20_0^2^20 49 | z_40_0 = z_40_20*z_20_0 50 | z_50_10 = z_40_0^2^10 51 | z_50_0 = z_50_10*z_10_0 52 | z_100_50 = z_50_0^2^50 53 | z_100_0 = z_100_50*z_50_0 54 | z_200_100 = z_100_0^2^100 55 | z_200_0 = z_200_100*z_100_0 56 | z_250_50 = z_200_0^2^50 57 | z_250_0 = z_250_50*z_50_0 58 | z_252_2 = z_250_0^2^2 59 | z_252_3 = z_252_2*z1 60 | 61 | return 62 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/pow225521.q: -------------------------------------------------------------------------------- 1 | :name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>z1=fe#11: 5 | return:nofallthrough:h=fe:asm/fe_mul(>h,h=fe:#k:asm/fe_sq(>h,h,>h);: 9 | 10 | : 11 | 12 | fe z1 13 | fe z2 14 | fe z8 15 | fe z9 16 | fe z11 17 | fe z22 18 | fe z_5_0 19 | fe z_10_5 20 | fe z_10_0 21 | fe z_20_10 22 | fe z_20_0 23 | fe z_40_20 24 | fe z_40_0 25 | fe z_50_10 26 | fe z_50_0 27 | fe z_100_50 28 | fe z_100_0 29 | fe z_200_100 30 | fe z_200_0 31 | fe z_250_50 32 | fe z_250_0 33 | fe z_255_5 34 | fe z_255_21 35 | 36 | enter pow225521 37 | 38 | z2 = z1^2^1 39 | z8 = z2^2^2 40 | z9 = z1*z8 41 | z11 = z2*z9 42 | z22 = z11^2^1 43 | z_5_0 = z9*z22 44 | z_10_5 = z_5_0^2^5 45 | z_10_0 = z_10_5*z_5_0 46 | z_20_10 = z_10_0^2^10 47 | z_20_0 = z_20_10*z_10_0 48 | z_40_20 = z_20_0^2^20 49 | z_40_0 = z_40_20*z_20_0 50 | z_50_10 = z_40_0^2^10 51 | z_50_0 = z_50_10*z_10_0 52 | z_100_50 = z_50_0^2^50 53 | z_100_0 = z_100_50*z_50_0 54 | z_200_100 = z_100_0^2^100 55 | z_200_0 = z_200_100*z_100_0 56 | z_250_50 = z_200_0^2^50 57 | z_250_0 = z_250_50*z_50_0 58 | z_255_5 = z_250_0^2^5 59 | z_255_21 = z_255_5*z11 60 | 61 | return 62 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/q2h.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sed 's/^#.*//' \ 3 | | qhasm-generic \ 4 | | sed 's_//\(.*\)$_/*\1 */_' 5 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/sc.h: -------------------------------------------------------------------------------- 1 | #ifndef SC_H 2 | #define SC_H 3 | 4 | /* 5 | The set of scalars is \Z/l 6 | where l = 2^252 + 27742317777372353535851937790883648493. 7 | */ 8 | 9 | #define sc_reduce crypto_sign_ed25519_ref10_sc_reduce 10 | #define sc_muladd crypto_sign_ed25519_ref10_sc_muladd 11 | 12 | extern void sc_reduce(unsigned char *); 13 | extern void sc_muladd(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/sign.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "crypto_sign.h" 3 | #include "crypto_hash_sha512.h" 4 | #include "ge.h" 5 | #include "sc.h" 6 | 7 | int crypto_sign( 8 | unsigned char *sm,unsigned long long *smlen, 9 | const unsigned char *m,unsigned long long mlen, 10 | const unsigned char *sk 11 | ) 12 | { 13 | unsigned char pk[32]; 14 | unsigned char az[64]; 15 | unsigned char nonce[64]; 16 | unsigned char hram[64]; 17 | ge_p3 R; 18 | 19 | memmove(pk,sk + 32,32); 20 | 21 | crypto_hash_sha512(az,sk,32); 22 | az[0] &= 248; 23 | az[31] &= 63; 24 | az[31] |= 64; 25 | 26 | *smlen = mlen + 64; 27 | memmove(sm + 64,m,mlen); 28 | memmove(sm + 32,az + 32,32); 29 | crypto_hash_sha512(nonce,sm + 32,mlen + 32); 30 | memmove(sm + 32,pk,32); 31 | 32 | sc_reduce(nonce); 33 | ge_scalarmult_base(&R,nonce); 34 | ge_p3_tobytes(sm,&R); 35 | 36 | crypto_hash_sha512(hram,sm,mlen + 64); 37 | sc_reduce(hram); 38 | sc_muladd(sm + 32,hram,az,nonce); 39 | 40 | return 0; 41 | } 42 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/sqrtm1.h: -------------------------------------------------------------------------------- 1 | -32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482 2 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10/sqrtm1.py: -------------------------------------------------------------------------------- 1 | q = 2**255 - 19 2 | 3 | def expmod(b,e,m): 4 | if e == 0: return 1 5 | t = expmod(b,e/2,m)**2 % m 6 | if e & 1: t = (t*b) % m 7 | return t 8 | 9 | def inv(x): 10 | return expmod(x,q-2,q) 11 | 12 | def radix255(x): 13 | x = x % q 14 | if x + x > q: x -= q 15 | x = [x,0,0,0,0,0,0,0,0,0] 16 | bits = [26,25,26,25,26,25,26,25,26,25] 17 | for i in range(9): 18 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 19 | x[i] -= carry * 2**bits[i] 20 | x[i + 1] += carry 21 | result = "" 22 | for i in range(9): 23 | result = result+str(x[i])+"," 24 | result = result+str(x[9]) 25 | return result 26 | 27 | I = expmod(2,(q-1)/4,q) 28 | print radix255(I) 29 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_SECRETKEYBYTES 64 2 | #define CRYPTO_PUBLICKEYBYTES 32 3 | #define CRYPTO_BYTES 64 4 | #define CRYPTO_DETERMINISTIC 1 5 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/base.py: -------------------------------------------------------------------------------- 1 | b = 256 2 | q = 2**255 - 19 3 | l = 2**252 + 27742317777372353535851937790883648493 4 | 5 | def expmod(b,e,m): 6 | if e == 0: return 1 7 | t = expmod(b,e/2,m)**2 % m 8 | if e & 1: t = (t*b) % m 9 | return t 10 | 11 | def inv(x): 12 | return expmod(x,q-2,q) 13 | 14 | d = -121665 * inv(121666) 15 | I = expmod(2,(q-1)/4,q) 16 | 17 | def xrecover(y): 18 | xx = (y*y-1) * inv(d*y*y+1) 19 | x = expmod(xx,(q+3)/8,q) 20 | if (x*x - xx) % q != 0: x = (x*I) % q 21 | if x % 2 != 0: x = q-x 22 | return x 23 | 24 | By = 4 * inv(5) 25 | Bx = xrecover(By) 26 | B = [Bx % q,By % q] 27 | 28 | def edwards(P,Q): 29 | x1 = P[0] 30 | y1 = P[1] 31 | x2 = Q[0] 32 | y2 = Q[1] 33 | x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2) 34 | y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2) 35 | return [x3 % q,y3 % q] 36 | 37 | def radix255(x): 38 | x = x % q 39 | if x + x > q: x -= q 40 | x = [x,0,0,0,0,0,0,0,0,0] 41 | bits = [26,25,26,25,26,25,26,25,26,25] 42 | for i in range(9): 43 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 44 | x[i] -= carry * 2**bits[i] 45 | x[i + 1] += carry 46 | result = "" 47 | for i in range(9): 48 | result = result+str(x[i])+"," 49 | result = result+str(x[9]) 50 | return result 51 | 52 | Bi = B 53 | for i in range(32): 54 | print "{" 55 | Bij = Bi 56 | for j in range(8): 57 | print " {" 58 | print " {",radix255(Bij[1]+Bij[0]),"}," 59 | print " {",radix255(Bij[1]-Bij[0]),"}," 60 | print " {",radix255(2*d*Bij[0]*Bij[1]),"}," 61 | Bij = edwards(Bij,Bi) 62 | print " }," 63 | print "}," 64 | for k in range(8): 65 | Bi = edwards(Bi,Bi) 66 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/base2.h: -------------------------------------------------------------------------------- 1 | { 2 | { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 }, 3 | { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 }, 4 | { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 }, 5 | }, 6 | { 7 | { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 }, 8 | { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 }, 9 | { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 }, 10 | }, 11 | { 12 | { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 }, 13 | { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 }, 14 | { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 }, 15 | }, 16 | { 17 | { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 }, 18 | { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 }, 19 | { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 }, 20 | }, 21 | { 22 | { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 }, 23 | { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 }, 24 | { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 }, 25 | }, 26 | { 27 | { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 }, 28 | { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 }, 29 | { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 }, 30 | }, 31 | { 32 | { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 }, 33 | { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 }, 34 | { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 }, 35 | }, 36 | { 37 | { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 }, 38 | { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 }, 39 | { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 }, 40 | }, 41 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/base2.py: -------------------------------------------------------------------------------- 1 | b = 256 2 | q = 2**255 - 19 3 | l = 2**252 + 27742317777372353535851937790883648493 4 | 5 | def expmod(b,e,m): 6 | if e == 0: return 1 7 | t = expmod(b,e/2,m)**2 % m 8 | if e & 1: t = (t*b) % m 9 | return t 10 | 11 | def inv(x): 12 | return expmod(x,q-2,q) 13 | 14 | d = -121665 * inv(121666) 15 | I = expmod(2,(q-1)/4,q) 16 | 17 | def xrecover(y): 18 | xx = (y*y-1) * inv(d*y*y+1) 19 | x = expmod(xx,(q+3)/8,q) 20 | if (x*x - xx) % q != 0: x = (x*I) % q 21 | if x % 2 != 0: x = q-x 22 | return x 23 | 24 | By = 4 * inv(5) 25 | Bx = xrecover(By) 26 | B = [Bx % q,By % q] 27 | 28 | def edwards(P,Q): 29 | x1 = P[0] 30 | y1 = P[1] 31 | x2 = Q[0] 32 | y2 = Q[1] 33 | x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2) 34 | y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2) 35 | return [x3 % q,y3 % q] 36 | 37 | def radix255(x): 38 | x = x % q 39 | if x + x > q: x -= q 40 | x = [x,0,0,0,0,0,0,0,0,0] 41 | bits = [26,25,26,25,26,25,26,25,26,25] 42 | for i in range(9): 43 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 44 | x[i] -= carry * 2**bits[i] 45 | x[i + 1] += carry 46 | result = "" 47 | for i in range(9): 48 | result = result+str(x[i])+"," 49 | result = result+str(x[9]) 50 | return result 51 | 52 | Bi = B 53 | 54 | for i in range(8): 55 | print " {" 56 | print " {",radix255(Bi[1]+Bi[0]),"}," 57 | print " {",radix255(Bi[1]-Bi[0]),"}," 58 | print " {",radix255(2*d*Bi[0]*Bi[1]),"}," 59 | print " }," 60 | Bi = edwards(B,edwards(B,Bi)) 61 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/d.h: -------------------------------------------------------------------------------- 1 | -10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116 2 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/d.py: -------------------------------------------------------------------------------- 1 | q = 2**255 - 19 2 | 3 | def expmod(b,e,m): 4 | if e == 0: return 1 5 | t = expmod(b,e/2,m)**2 % m 6 | if e & 1: t = (t*b) % m 7 | return t 8 | 9 | def inv(x): 10 | return expmod(x,q-2,q) 11 | 12 | def radix255(x): 13 | x = x % q 14 | if x + x > q: x -= q 15 | x = [x,0,0,0,0,0,0,0,0,0] 16 | bits = [26,25,26,25,26,25,26,25,26,25] 17 | for i in range(9): 18 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 19 | x[i] -= carry * 2**bits[i] 20 | x[i + 1] += carry 21 | result = "" 22 | for i in range(9): 23 | result = result+str(x[i])+"," 24 | result = result+str(x[9]) 25 | return result 26 | 27 | d = -121665 * inv(121666) 28 | print radix255(d) 29 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/d2.h: -------------------------------------------------------------------------------- 1 | -21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199 2 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/d2.py: -------------------------------------------------------------------------------- 1 | q = 2**255 - 19 2 | 3 | def expmod(b,e,m): 4 | if e == 0: return 1 5 | t = expmod(b,e/2,m)**2 % m 6 | if e & 1: t = (t*b) % m 7 | return t 8 | 9 | def inv(x): 10 | return expmod(x,q-2,q) 11 | 12 | def radix255(x): 13 | x = x % q 14 | if x + x > q: x -= q 15 | x = [x,0,0,0,0,0,0,0,0,0] 16 | bits = [26,25,26,25,26,25,26,25,26,25] 17 | for i in range(9): 18 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 19 | x[i] -= carry * 2**bits[i] 20 | x[i + 1] += carry 21 | result = "" 22 | for i in range(9): 23 | result = result+str(x[i])+"," 24 | result = result+str(x[9]) 25 | return result 26 | 27 | d = -121665 * inv(121666) 28 | print radix255(d*2) 29 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/description: -------------------------------------------------------------------------------- 1 | shen_ed25519_ref10 2 | MakeCryptoOps.py makes crypto-ops.c in the Monero source from the ref10 implementation 3 | 4 | EdDSA signatures using Curve25519 5 | from http://hyperelliptic.org/ebats/supercop-20141124.tar.bz2 6 | 7 | Commented / combined by Shen Noether, Monero Research Lab 8 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/designers: -------------------------------------------------------------------------------- 1 | ref10: 2 | Daniel J. Bernstein 3 | Niels Duif 4 | Tanja Lange 5 | Peter Schwabe 6 | Bo-Yin Yang 7 | 8 | MakeCryptoOps.py: 9 | Shen Noether, Monero Research Labs 10 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe.h: -------------------------------------------------------------------------------- 1 | #ifndef FE_H 2 | #define FE_H 3 | 4 | #include "crypto_int32.h" 5 | 6 | typedef crypto_int32 fe[10]; 7 | 8 | /* 9 | fe means field element. 10 | Here the field is \Z/(2^255-19). 11 | An element t, entries t[0]...t[9], represents the integer 12 | t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. 13 | Bounds on each t[i] vary depending on context. 14 | */ 15 | 16 | #define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes 17 | #define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes 18 | #define fe_copy crypto_sign_ed25519_ref10_fe_copy 19 | #define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero 20 | #define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative 21 | #define fe_0 crypto_sign_ed25519_ref10_fe_0 22 | #define fe_1 crypto_sign_ed25519_ref10_fe_1 23 | #define fe_cswap crypto_sign_ed25519_ref10_fe_cswap 24 | #define fe_cmov crypto_sign_ed25519_ref10_fe_cmov 25 | #define fe_add crypto_sign_ed25519_ref10_fe_add 26 | #define fe_sub crypto_sign_ed25519_ref10_fe_sub 27 | #define fe_neg crypto_sign_ed25519_ref10_fe_neg 28 | #define fe_mul crypto_sign_ed25519_ref10_fe_mul 29 | #define fe_sq crypto_sign_ed25519_ref10_fe_sq 30 | #define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2 31 | #define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666 32 | #define fe_invert crypto_sign_ed25519_ref10_fe_invert 33 | #define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523 34 | 35 | extern void fe_frombytes(fe,const unsigned char *); 36 | extern void fe_tobytes(unsigned char *,const fe); 37 | 38 | extern void fe_copy(fe,const fe); 39 | extern int fe_isnonzero(const fe); 40 | extern int fe_isnegative(const fe); 41 | extern void fe_0(fe); 42 | extern void fe_1(fe); 43 | extern void fe_cswap(fe,fe,unsigned int); 44 | extern void fe_cmov(fe,const fe,unsigned int); 45 | 46 | extern void fe_add(fe,const fe,const fe); 47 | extern void fe_sub(fe,const fe,const fe); 48 | extern void fe_neg(fe,const fe); 49 | extern void fe_mul(fe,const fe,const fe); 50 | extern void fe_sq(fe,const fe); 51 | extern void fe_sq2(fe,const fe); 52 | extern void fe_mul121666(fe,const fe); 53 | extern void fe_invert(fe,const fe); 54 | extern void fe_pow22523(fe,const fe); 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_0.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = 0 5 | */ 6 | 7 | void fe_0(fe h) 8 | { 9 | h[0] = 0; 10 | h[1] = 0; 11 | h[2] = 0; 12 | h[3] = 0; 13 | h[4] = 0; 14 | h[5] = 0; 15 | h[6] = 0; 16 | h[7] = 0; 17 | h[8] = 0; 18 | h[9] = 0; 19 | } 20 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_1.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = 1 5 | */ 6 | 7 | void fe_1(fe h) 8 | { 9 | h[0] = 1; 10 | h[1] = 0; 11 | h[2] = 0; 12 | h[3] = 0; 13 | h[4] = 0; 14 | h[5] = 0; 15 | h[6] = 0; 16 | h[7] = 0; 17 | h[8] = 0; 18 | h[9] = 0; 19 | } 20 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_add.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = f + g 5 | Can overlap h with f or g. 6 | 7 | Preconditions: 8 | |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 9 | |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 10 | 11 | Postconditions: 12 | |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. 13 | */ 14 | 15 | void fe_add(fe h,const fe f,const fe g) 16 | { 17 | crypto_int32 f0 = f[0]; 18 | crypto_int32 f1 = f[1]; 19 | crypto_int32 f2 = f[2]; 20 | crypto_int32 f3 = f[3]; 21 | crypto_int32 f4 = f[4]; 22 | crypto_int32 f5 = f[5]; 23 | crypto_int32 f6 = f[6]; 24 | crypto_int32 f7 = f[7]; 25 | crypto_int32 f8 = f[8]; 26 | crypto_int32 f9 = f[9]; 27 | crypto_int32 g0 = g[0]; 28 | crypto_int32 g1 = g[1]; 29 | crypto_int32 g2 = g[2]; 30 | crypto_int32 g3 = g[3]; 31 | crypto_int32 g4 = g[4]; 32 | crypto_int32 g5 = g[5]; 33 | crypto_int32 g6 = g[6]; 34 | crypto_int32 g7 = g[7]; 35 | crypto_int32 g8 = g[8]; 36 | crypto_int32 g9 = g[9]; 37 | crypto_int32 h0 = f0 + g0; 38 | crypto_int32 h1 = f1 + g1; 39 | crypto_int32 h2 = f2 + g2; 40 | crypto_int32 h3 = f3 + g3; 41 | crypto_int32 h4 = f4 + g4; 42 | crypto_int32 h5 = f5 + g5; 43 | crypto_int32 h6 = f6 + g6; 44 | crypto_int32 h7 = f7 + g7; 45 | crypto_int32 h8 = f8 + g8; 46 | crypto_int32 h9 = f9 + g9; 47 | h[0] = h0; 48 | h[1] = h1; 49 | h[2] = h2; 50 | h[3] = h3; 51 | h[4] = h4; 52 | h[5] = h5; 53 | h[6] = h6; 54 | h[7] = h7; 55 | h[8] = h8; 56 | h[9] = h9; 57 | } 58 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_cmov.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | Replace (f,g) with (g,g) if b == 1; 5 | replace (f,g) with (f,g) if b == 0. 6 | 7 | Preconditions: b in {0,1}. 8 | */ 9 | 10 | void fe_cmov(fe f,const fe g,unsigned int b) 11 | { 12 | crypto_int32 f0 = f[0]; 13 | crypto_int32 f1 = f[1]; 14 | crypto_int32 f2 = f[2]; 15 | crypto_int32 f3 = f[3]; 16 | crypto_int32 f4 = f[4]; 17 | crypto_int32 f5 = f[5]; 18 | crypto_int32 f6 = f[6]; 19 | crypto_int32 f7 = f[7]; 20 | crypto_int32 f8 = f[8]; 21 | crypto_int32 f9 = f[9]; 22 | crypto_int32 g0 = g[0]; 23 | crypto_int32 g1 = g[1]; 24 | crypto_int32 g2 = g[2]; 25 | crypto_int32 g3 = g[3]; 26 | crypto_int32 g4 = g[4]; 27 | crypto_int32 g5 = g[5]; 28 | crypto_int32 g6 = g[6]; 29 | crypto_int32 g7 = g[7]; 30 | crypto_int32 g8 = g[8]; 31 | crypto_int32 g9 = g[9]; 32 | crypto_int32 x0 = f0 ^ g0; 33 | crypto_int32 x1 = f1 ^ g1; 34 | crypto_int32 x2 = f2 ^ g2; 35 | crypto_int32 x3 = f3 ^ g3; 36 | crypto_int32 x4 = f4 ^ g4; 37 | crypto_int32 x5 = f5 ^ g5; 38 | crypto_int32 x6 = f6 ^ g6; 39 | crypto_int32 x7 = f7 ^ g7; 40 | crypto_int32 x8 = f8 ^ g8; 41 | crypto_int32 x9 = f9 ^ g9; 42 | b = -b; 43 | x0 &= b; 44 | x1 &= b; 45 | x2 &= b; 46 | x3 &= b; 47 | x4 &= b; 48 | x5 &= b; 49 | x6 &= b; 50 | x7 &= b; 51 | x8 &= b; 52 | x9 &= b; 53 | f[0] = f0 ^ x0; 54 | f[1] = f1 ^ x1; 55 | f[2] = f2 ^ x2; 56 | f[3] = f3 ^ x3; 57 | f[4] = f4 ^ x4; 58 | f[5] = f5 ^ x5; 59 | f[6] = f6 ^ x6; 60 | f[7] = f7 ^ x7; 61 | f[8] = f8 ^ x8; 62 | f[9] = f9 ^ x9; 63 | } 64 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_copy.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = f 5 | */ 6 | 7 | void fe_copy(fe h,const fe f) 8 | { 9 | crypto_int32 f0 = f[0]; 10 | crypto_int32 f1 = f[1]; 11 | crypto_int32 f2 = f[2]; 12 | crypto_int32 f3 = f[3]; 13 | crypto_int32 f4 = f[4]; 14 | crypto_int32 f5 = f[5]; 15 | crypto_int32 f6 = f[6]; 16 | crypto_int32 f7 = f[7]; 17 | crypto_int32 f8 = f[8]; 18 | crypto_int32 f9 = f[9]; 19 | h[0] = f0; 20 | h[1] = f1; 21 | h[2] = f2; 22 | h[3] = f3; 23 | h[4] = f4; 24 | h[5] = f5; 25 | h[6] = f6; 26 | h[7] = f7; 27 | h[8] = f8; 28 | h[9] = f9; 29 | } 30 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_frombytes.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | #include "crypto_int64.h" 3 | #include "crypto_uint64.h" 4 | 5 | static crypto_uint64 load_3(const unsigned char *in) 6 | { 7 | crypto_uint64 result; 8 | result = (crypto_uint64) in[0]; 9 | result |= ((crypto_uint64) in[1]) << 8; 10 | result |= ((crypto_uint64) in[2]) << 16; 11 | return result; 12 | } 13 | 14 | static crypto_uint64 load_4(const unsigned char *in) 15 | { 16 | crypto_uint64 result; 17 | result = (crypto_uint64) in[0]; 18 | result |= ((crypto_uint64) in[1]) << 8; 19 | result |= ((crypto_uint64) in[2]) << 16; 20 | result |= ((crypto_uint64) in[3]) << 24; 21 | return result; 22 | } 23 | 24 | /* 25 | Ignores top bit of h. 26 | */ 27 | 28 | void fe_frombytes(fe h,const unsigned char *s) 29 | { 30 | crypto_int64 h0 = load_4(s); 31 | crypto_int64 h1 = load_3(s + 4) << 6; 32 | crypto_int64 h2 = load_3(s + 7) << 5; 33 | crypto_int64 h3 = load_3(s + 10) << 3; 34 | crypto_int64 h4 = load_3(s + 13) << 2; 35 | crypto_int64 h5 = load_4(s + 16); 36 | crypto_int64 h6 = load_3(s + 20) << 7; 37 | crypto_int64 h7 = load_3(s + 23) << 5; 38 | crypto_int64 h8 = load_3(s + 26) << 4; 39 | crypto_int64 h9 = (load_3(s + 29) & 8388607) << 2; 40 | crypto_int64 carry0; 41 | crypto_int64 carry1; 42 | crypto_int64 carry2; 43 | crypto_int64 carry3; 44 | crypto_int64 carry4; 45 | crypto_int64 carry5; 46 | crypto_int64 carry6; 47 | crypto_int64 carry7; 48 | crypto_int64 carry8; 49 | crypto_int64 carry9; 50 | 51 | carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; 52 | carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; 53 | carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; 54 | carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; 55 | carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; 56 | 57 | carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; 58 | carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; 59 | carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; 60 | carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; 61 | carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; 62 | 63 | h[0] = h0; 64 | h[1] = h1; 65 | h[2] = h2; 66 | h[3] = h3; 67 | h[4] = h4; 68 | h[5] = h5; 69 | h[6] = h6; 70 | h[7] = h7; 71 | h[8] = h8; 72 | h[9] = h9; 73 | } 74 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_invert.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | void fe_invert(fe out,const fe z) 4 | { 5 | fe t0; 6 | fe t1; 7 | fe t2; 8 | fe t3; 9 | int i; 10 | 11 | #include "pow225521.h" 12 | 13 | return; 14 | } 15 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_isnegative.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | return 1 if f is in {1,3,5,...,q-2} 5 | return 0 if f is in {0,2,4,...,q-1} 6 | 7 | Preconditions: 8 | |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. 9 | */ 10 | 11 | int fe_isnegative(const fe f) 12 | { 13 | unsigned char s[32]; 14 | fe_tobytes(s,f); 15 | return s[0] & 1; 16 | } 17 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_isnonzero.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | #include "crypto_verify_32.h" 3 | 4 | /* 5 | return 1 if f == 0 6 | return 0 if f != 0 7 | 8 | Preconditions: 9 | |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. 10 | */ 11 | 12 | static const unsigned char zero[32]; 13 | 14 | int fe_isnonzero(const fe f) 15 | { 16 | unsigned char s[32]; 17 | fe_tobytes(s,f); 18 | return crypto_verify_32(s,zero); 19 | } 20 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_neg.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = -f 5 | 6 | Preconditions: 7 | |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 8 | 9 | Postconditions: 10 | |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 11 | */ 12 | 13 | void fe_neg(fe h,const fe f) 14 | { 15 | crypto_int32 f0 = f[0]; 16 | crypto_int32 f1 = f[1]; 17 | crypto_int32 f2 = f[2]; 18 | crypto_int32 f3 = f[3]; 19 | crypto_int32 f4 = f[4]; 20 | crypto_int32 f5 = f[5]; 21 | crypto_int32 f6 = f[6]; 22 | crypto_int32 f7 = f[7]; 23 | crypto_int32 f8 = f[8]; 24 | crypto_int32 f9 = f[9]; 25 | crypto_int32 h0 = -f0; 26 | crypto_int32 h1 = -f1; 27 | crypto_int32 h2 = -f2; 28 | crypto_int32 h3 = -f3; 29 | crypto_int32 h4 = -f4; 30 | crypto_int32 h5 = -f5; 31 | crypto_int32 h6 = -f6; 32 | crypto_int32 h7 = -f7; 33 | crypto_int32 h8 = -f8; 34 | crypto_int32 h9 = -f9; 35 | h[0] = h0; 36 | h[1] = h1; 37 | h[2] = h2; 38 | h[3] = h3; 39 | h[4] = h4; 40 | h[5] = h5; 41 | h[6] = h6; 42 | h[7] = h7; 43 | h[8] = h8; 44 | h[9] = h9; 45 | } 46 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_pow22523.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | void fe_pow22523(fe out,const fe z) 4 | { 5 | fe t0; 6 | fe t1; 7 | fe t2; 8 | int i; 9 | 10 | #include "pow22523.h" 11 | 12 | return; 13 | } 14 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/fe_sub.c: -------------------------------------------------------------------------------- 1 | #include "fe.h" 2 | 3 | /* 4 | h = f - g 5 | Can overlap h with f or g. 6 | 7 | Preconditions: 8 | |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 9 | |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. 10 | 11 | Postconditions: 12 | |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. 13 | */ 14 | 15 | void fe_sub(fe h,const fe f,const fe g) 16 | { 17 | crypto_int32 f0 = f[0]; 18 | crypto_int32 f1 = f[1]; 19 | crypto_int32 f2 = f[2]; 20 | crypto_int32 f3 = f[3]; 21 | crypto_int32 f4 = f[4]; 22 | crypto_int32 f5 = f[5]; 23 | crypto_int32 f6 = f[6]; 24 | crypto_int32 f7 = f[7]; 25 | crypto_int32 f8 = f[8]; 26 | crypto_int32 f9 = f[9]; 27 | crypto_int32 g0 = g[0]; 28 | crypto_int32 g1 = g[1]; 29 | crypto_int32 g2 = g[2]; 30 | crypto_int32 g3 = g[3]; 31 | crypto_int32 g4 = g[4]; 32 | crypto_int32 g5 = g[5]; 33 | crypto_int32 g6 = g[6]; 34 | crypto_int32 g7 = g[7]; 35 | crypto_int32 g8 = g[8]; 36 | crypto_int32 g9 = g[9]; 37 | crypto_int32 h0 = f0 - g0; 38 | crypto_int32 h1 = f1 - g1; 39 | crypto_int32 h2 = f2 - g2; 40 | crypto_int32 h3 = f3 - g3; 41 | crypto_int32 h4 = f4 - g4; 42 | crypto_int32 h5 = f5 - g5; 43 | crypto_int32 h6 = f6 - g6; 44 | crypto_int32 h7 = f7 - g7; 45 | crypto_int32 h8 = f8 - g8; 46 | crypto_int32 h9 = f9 - g9; 47 | h[0] = h0; 48 | h[1] = h1; 49 | h[2] = h2; 50 | h[3] = h3; 51 | h[4] = h4; 52 | h[5] = h5; 53 | h[6] = h6; 54 | h[7] = h7; 55 | h[8] = h8; 56 | h[9] = h9; 57 | } 58 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_add.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p + q 5 | */ 6 | 7 | void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q) 8 | { 9 | fe t0; 10 | #include "ge_add.h" 11 | } 12 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_add.h: -------------------------------------------------------------------------------- 1 | 2 | /* qhasm: enter ge_add */ 3 | 4 | /* qhasm: fe X1 */ 5 | 6 | /* qhasm: fe Y1 */ 7 | 8 | /* qhasm: fe Z1 */ 9 | 10 | /* qhasm: fe Z2 */ 11 | 12 | /* qhasm: fe T1 */ 13 | 14 | /* qhasm: fe ZZ */ 15 | 16 | /* qhasm: fe YpX2 */ 17 | 18 | /* qhasm: fe YmX2 */ 19 | 20 | /* qhasm: fe T2d2 */ 21 | 22 | /* qhasm: fe X3 */ 23 | 24 | /* qhasm: fe Y3 */ 25 | 26 | /* qhasm: fe Z3 */ 27 | 28 | /* qhasm: fe T3 */ 29 | 30 | /* qhasm: fe YpX1 */ 31 | 32 | /* qhasm: fe YmX1 */ 33 | 34 | /* qhasm: fe A */ 35 | 36 | /* qhasm: fe B */ 37 | 38 | /* qhasm: fe C */ 39 | 40 | /* qhasm: fe D */ 41 | 42 | /* qhasm: YpX1 = Y1+X1 */ 43 | /* asm 1: fe_add(>YpX1=fe#1,YpX1=r->X,Y,X); */ 45 | fe_add(r->X,p->Y,p->X); 46 | 47 | /* qhasm: YmX1 = Y1-X1 */ 48 | /* asm 1: fe_sub(>YmX1=fe#2,YmX1=r->Y,Y,X); */ 50 | fe_sub(r->Y,p->Y,p->X); 51 | 52 | /* qhasm: A = YpX1*YpX2 */ 53 | /* asm 1: fe_mul(>A=fe#3,A=r->Z,X,YplusX); */ 55 | fe_mul(r->Z,r->X,q->YplusX); 56 | 57 | /* qhasm: B = YmX1*YmX2 */ 58 | /* asm 1: fe_mul(>B=fe#2,B=r->Y,Y,YminusX); */ 60 | fe_mul(r->Y,r->Y,q->YminusX); 61 | 62 | /* qhasm: C = T2d2*T1 */ 63 | /* asm 1: fe_mul(>C=fe#4,C=r->T,T2d,T); */ 65 | fe_mul(r->T,q->T2d,p->T); 66 | 67 | /* qhasm: ZZ = Z1*Z2 */ 68 | /* asm 1: fe_mul(>ZZ=fe#1,ZZ=r->X,Z,Z); */ 70 | fe_mul(r->X,p->Z,q->Z); 71 | 72 | /* qhasm: D = 2*ZZ */ 73 | /* asm 1: fe_add(>D=fe#5,D=t0,X,X); */ 75 | fe_add(t0,r->X,r->X); 76 | 77 | /* qhasm: X3 = A-B */ 78 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Z,Y); */ 80 | fe_sub(r->X,r->Z,r->Y); 81 | 82 | /* qhasm: Y3 = A+B */ 83 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,Y); */ 85 | fe_add(r->Y,r->Z,r->Y); 86 | 87 | /* qhasm: Z3 = D+C */ 88 | /* asm 1: fe_add(>Z3=fe#3,Z3=r->Z,T); */ 90 | fe_add(r->Z,t0,r->T); 91 | 92 | /* qhasm: T3 = D-C */ 93 | /* asm 1: fe_sub(>T3=fe#4,T3=r->T,T); */ 95 | fe_sub(r->T,t0,r->T); 96 | 97 | /* qhasm: return */ 98 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_add.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_add(>h,> 3] >> (i & 7)); 11 | 12 | for (i = 0;i < 256;++i) 13 | if (r[i]) { 14 | for (b = 1;b <= 6 && i + b < 256;++b) { 15 | if (r[i + b]) { 16 | if (r[i] + (r[i + b] << b) <= 15) { 17 | r[i] += r[i + b] << b; r[i + b] = 0; 18 | } else if (r[i] - (r[i + b] << b) >= -15) { 19 | r[i] -= r[i + b] << b; 20 | for (k = i + b;k < 256;++k) { 21 | if (!r[k]) { 22 | r[k] = 1; 23 | break; 24 | } 25 | r[k] = 0; 26 | } 27 | } else 28 | break; 29 | } 30 | } 31 | } 32 | 33 | } 34 | 35 | static ge_precomp Bi[8] = { 36 | #include "base2.h" 37 | } ; 38 | 39 | /* 40 | r = a * A + b * B 41 | where a = a[0]+256*a[1]+...+256^31 a[31]. 42 | and b = b[0]+256*b[1]+...+256^31 b[31]. 43 | B is the Ed25519 base point (x,4/5) with x positive. 44 | */ 45 | 46 | void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b) 47 | { 48 | signed char aslide[256]; 49 | signed char bslide[256]; 50 | ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ 51 | ge_p1p1 t; 52 | ge_p3 u; 53 | ge_p3 A2; 54 | int i; 55 | 56 | slide(aslide,a); 57 | slide(bslide,b); 58 | 59 | ge_p3_to_cached(&Ai[0],A); 60 | ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t); 61 | ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u); 62 | ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u); 63 | ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u); 64 | ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u); 65 | ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u); 66 | ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u); 67 | ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u); 68 | 69 | ge_p2_0(r); 70 | 71 | for (i = 255;i >= 0;--i) { 72 | if (aslide[i] || bslide[i]) break; 73 | } 74 | 75 | for (;i >= 0;--i) { 76 | ge_p2_dbl(&t,r); 77 | 78 | if (aslide[i] > 0) { 79 | ge_p1p1_to_p3(&u,&t); 80 | ge_add(&t,&u,&Ai[aslide[i]/2]); 81 | } else if (aslide[i] < 0) { 82 | ge_p1p1_to_p3(&u,&t); 83 | ge_sub(&t,&u,&Ai[(-aslide[i])/2]); 84 | } 85 | 86 | if (bslide[i] > 0) { 87 | ge_p1p1_to_p3(&u,&t); 88 | ge_madd(&t,&u,&Bi[bslide[i]/2]); 89 | } else if (bslide[i] < 0) { 90 | ge_p1p1_to_p3(&u,&t); 91 | ge_msub(&t,&u,&Bi[(-bslide[i])/2]); 92 | } 93 | 94 | ge_p1p1_to_p2(r,&t); 95 | } 96 | } 97 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_frombytes.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | static const fe d = { 4 | #include "d.h" 5 | } ; 6 | 7 | static const fe sqrtm1 = { 8 | #include "sqrtm1.h" 9 | } ; 10 | 11 | int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s) 12 | { 13 | fe u; 14 | fe v; 15 | fe v3; 16 | fe vxx; 17 | fe check; 18 | 19 | fe_frombytes(h->Y,s); 20 | fe_1(h->Z); 21 | fe_sq(u,h->Y); 22 | fe_mul(v,u,d); 23 | fe_sub(u,u,h->Z); /* u = y^2-1 */ 24 | fe_add(v,v,h->Z); /* v = dy^2+1 */ 25 | 26 | fe_sq(v3,v); 27 | fe_mul(v3,v3,v); /* v3 = v^3 */ 28 | fe_sq(h->X,v3); 29 | fe_mul(h->X,h->X,v); 30 | fe_mul(h->X,h->X,u); /* x = uv^7 */ 31 | 32 | fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */ 33 | fe_mul(h->X,h->X,v3); 34 | fe_mul(h->X,h->X,u); /* x = uv^3(uv^7)^((q-5)/8) */ 35 | 36 | fe_sq(vxx,h->X); 37 | fe_mul(vxx,vxx,v); 38 | fe_sub(check,vxx,u); /* vx^2-u */ 39 | if (fe_isnonzero(check)) { 40 | fe_add(check,vxx,u); /* vx^2+u */ 41 | if (fe_isnonzero(check)) return -1; 42 | fe_mul(h->X,h->X,sqrtm1); 43 | } 44 | 45 | if (fe_isnegative(h->X) == (s[31] >> 7)) 46 | fe_neg(h->X,h->X); 47 | 48 | fe_mul(h->T,h->X,h->Y); 49 | return 0; 50 | } 51 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_madd.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p + q 5 | */ 6 | 7 | void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q) 8 | { 9 | fe t0; 10 | #include "ge_madd.h" 11 | } 12 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_madd.h: -------------------------------------------------------------------------------- 1 | 2 | /* qhasm: enter ge_madd */ 3 | 4 | /* qhasm: fe X1 */ 5 | 6 | /* qhasm: fe Y1 */ 7 | 8 | /* qhasm: fe Z1 */ 9 | 10 | /* qhasm: fe T1 */ 11 | 12 | /* qhasm: fe ypx2 */ 13 | 14 | /* qhasm: fe ymx2 */ 15 | 16 | /* qhasm: fe xy2d2 */ 17 | 18 | /* qhasm: fe X3 */ 19 | 20 | /* qhasm: fe Y3 */ 21 | 22 | /* qhasm: fe Z3 */ 23 | 24 | /* qhasm: fe T3 */ 25 | 26 | /* qhasm: fe YpX1 */ 27 | 28 | /* qhasm: fe YmX1 */ 29 | 30 | /* qhasm: fe A */ 31 | 32 | /* qhasm: fe B */ 33 | 34 | /* qhasm: fe C */ 35 | 36 | /* qhasm: fe D */ 37 | 38 | /* qhasm: YpX1 = Y1+X1 */ 39 | /* asm 1: fe_add(>YpX1=fe#1,YpX1=r->X,Y,X); */ 41 | fe_add(r->X,p->Y,p->X); 42 | 43 | /* qhasm: YmX1 = Y1-X1 */ 44 | /* asm 1: fe_sub(>YmX1=fe#2,YmX1=r->Y,Y,X); */ 46 | fe_sub(r->Y,p->Y,p->X); 47 | 48 | /* qhasm: A = YpX1*ypx2 */ 49 | /* asm 1: fe_mul(>A=fe#3,A=r->Z,X,yplusx); */ 51 | fe_mul(r->Z,r->X,q->yplusx); 52 | 53 | /* qhasm: B = YmX1*ymx2 */ 54 | /* asm 1: fe_mul(>B=fe#2,B=r->Y,Y,yminusx); */ 56 | fe_mul(r->Y,r->Y,q->yminusx); 57 | 58 | /* qhasm: C = xy2d2*T1 */ 59 | /* asm 1: fe_mul(>C=fe#4,C=r->T,xy2d,T); */ 61 | fe_mul(r->T,q->xy2d,p->T); 62 | 63 | /* qhasm: D = 2*Z1 */ 64 | /* asm 1: fe_add(>D=fe#5,D=t0,Z,Z); */ 66 | fe_add(t0,p->Z,p->Z); 67 | 68 | /* qhasm: X3 = A-B */ 69 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Z,Y); */ 71 | fe_sub(r->X,r->Z,r->Y); 72 | 73 | /* qhasm: Y3 = A+B */ 74 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,Y); */ 76 | fe_add(r->Y,r->Z,r->Y); 77 | 78 | /* qhasm: Z3 = D+C */ 79 | /* asm 1: fe_add(>Z3=fe#3,Z3=r->Z,T); */ 81 | fe_add(r->Z,t0,r->T); 82 | 83 | /* qhasm: T3 = D-C */ 84 | /* asm 1: fe_sub(>T3=fe#4,T3=r->T,T); */ 86 | fe_sub(r->T,t0,r->T); 87 | 88 | /* qhasm: return */ 89 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_madd.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_add(>h,YpX1=fe#1,YpX1=r->X,Y,X); */ 41 | fe_add(r->X,p->Y,p->X); 42 | 43 | /* qhasm: YmX1 = Y1-X1 */ 44 | /* asm 1: fe_sub(>YmX1=fe#2,YmX1=r->Y,Y,X); */ 46 | fe_sub(r->Y,p->Y,p->X); 47 | 48 | /* qhasm: A = YpX1*ymx2 */ 49 | /* asm 1: fe_mul(>A=fe#3,A=r->Z,X,yminusx); */ 51 | fe_mul(r->Z,r->X,q->yminusx); 52 | 53 | /* qhasm: B = YmX1*ypx2 */ 54 | /* asm 1: fe_mul(>B=fe#2,B=r->Y,Y,yplusx); */ 56 | fe_mul(r->Y,r->Y,q->yplusx); 57 | 58 | /* qhasm: C = xy2d2*T1 */ 59 | /* asm 1: fe_mul(>C=fe#4,C=r->T,xy2d,T); */ 61 | fe_mul(r->T,q->xy2d,p->T); 62 | 63 | /* qhasm: D = 2*Z1 */ 64 | /* asm 1: fe_add(>D=fe#5,D=t0,Z,Z); */ 66 | fe_add(t0,p->Z,p->Z); 67 | 68 | /* qhasm: X3 = A-B */ 69 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Z,Y); */ 71 | fe_sub(r->X,r->Z,r->Y); 72 | 73 | /* qhasm: Y3 = A+B */ 74 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,Y); */ 76 | fe_add(r->Y,r->Z,r->Y); 77 | 78 | /* qhasm: Z3 = D-C */ 79 | /* asm 1: fe_sub(>Z3=fe#3,Z3=r->Z,T); */ 81 | fe_sub(r->Z,t0,r->T); 82 | 83 | /* qhasm: T3 = D+C */ 84 | /* asm 1: fe_add(>T3=fe#4,T3=r->T,T); */ 86 | fe_add(r->T,t0,r->T); 87 | 88 | /* qhasm: return */ 89 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_msub.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_add(>h,X,p->X,p->T); 10 | fe_mul(r->Y,p->Y,p->Z); 11 | fe_mul(r->Z,p->Z,p->T); 12 | } 13 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_p1p1_to_p3.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p 5 | */ 6 | 7 | extern void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p) 8 | { 9 | fe_mul(r->X,p->X,p->T); 10 | fe_mul(r->Y,p->Y,p->Z); 11 | fe_mul(r->Z,p->Z,p->T); 12 | fe_mul(r->T,p->X,p->Y); 13 | } 14 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_p2_0.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | void ge_p2_0(ge_p2 *h) 4 | { 5 | fe_0(h->X); 6 | fe_1(h->Y); 7 | fe_1(h->Z); 8 | } 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_p2_dbl.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = 2 * p 5 | */ 6 | 7 | void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p) 8 | { 9 | fe t0; 10 | #include "ge_p2_dbl.h" 11 | } 12 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_p2_dbl.h: -------------------------------------------------------------------------------- 1 | 2 | /* qhasm: enter ge_p2_dbl */ 3 | 4 | /* qhasm: fe X1 */ 5 | 6 | /* qhasm: fe Y1 */ 7 | 8 | /* qhasm: fe Z1 */ 9 | 10 | /* qhasm: fe A */ 11 | 12 | /* qhasm: fe AA */ 13 | 14 | /* qhasm: fe XX */ 15 | 16 | /* qhasm: fe YY */ 17 | 18 | /* qhasm: fe B */ 19 | 20 | /* qhasm: fe X3 */ 21 | 22 | /* qhasm: fe Y3 */ 23 | 24 | /* qhasm: fe Z3 */ 25 | 26 | /* qhasm: fe T3 */ 27 | 28 | /* qhasm: XX=X1^2 */ 29 | /* asm 1: fe_sq(>XX=fe#1,XX=r->X,X); */ 31 | fe_sq(r->X,p->X); 32 | 33 | /* qhasm: YY=Y1^2 */ 34 | /* asm 1: fe_sq(>YY=fe#3,YY=r->Z,Y); */ 36 | fe_sq(r->Z,p->Y); 37 | 38 | /* qhasm: B=2*Z1^2 */ 39 | /* asm 1: fe_sq2(>B=fe#4,B=r->T,Z); */ 41 | fe_sq2(r->T,p->Z); 42 | 43 | /* qhasm: A=X1+Y1 */ 44 | /* asm 1: fe_add(>A=fe#2,A=r->Y,X,Y); */ 46 | fe_add(r->Y,p->X,p->Y); 47 | 48 | /* qhasm: AA=A^2 */ 49 | /* asm 1: fe_sq(>AA=fe#5,AA=t0,Y); */ 51 | fe_sq(t0,r->Y); 52 | 53 | /* qhasm: Y3=YY+XX */ 54 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,X); */ 56 | fe_add(r->Y,r->Z,r->X); 57 | 58 | /* qhasm: Z3=YY-XX */ 59 | /* asm 1: fe_sub(>Z3=fe#3,Z3=r->Z,Z,X); */ 61 | fe_sub(r->Z,r->Z,r->X); 62 | 63 | /* qhasm: X3=AA-Y3 */ 64 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Y); */ 66 | fe_sub(r->X,t0,r->Y); 67 | 68 | /* qhasm: T3=B-Z3 */ 69 | /* asm 1: fe_sub(>T3=fe#4,T3=r->T,T,Z); */ 71 | fe_sub(r->T,r->T,r->Z); 72 | 73 | /* qhasm: return */ 74 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_p2_dbl.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_sq2(>h,h=fe:asm/fe_add(>h,X); 6 | fe_1(h->Y); 7 | fe_1(h->Z); 8 | fe_0(h->T); 9 | } 10 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_p3_dbl.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = 2 * p 5 | */ 6 | 7 | void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p) 8 | { 9 | ge_p2 q; 10 | ge_p3_to_p2(&q,p); 11 | ge_p2_dbl(r,&q); 12 | } 13 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_p3_to_cached.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p 5 | */ 6 | 7 | static const fe d2 = { 8 | #include "d2.h" 9 | } ; 10 | 11 | extern void ge_p3_to_cached(ge_cached *r,const ge_p3 *p) 12 | { 13 | fe_add(r->YplusX,p->Y,p->X); 14 | fe_sub(r->YminusX,p->Y,p->X); 15 | fe_copy(r->Z,p->Z); 16 | fe_mul(r->T2d,p->T,d2); 17 | } 18 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_p3_to_p2.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p 5 | */ 6 | 7 | extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p) 8 | { 9 | fe_copy(r->X,p->X); 10 | fe_copy(r->Y,p->Y); 11 | fe_copy(r->Z,p->Z); 12 | } 13 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_p3_tobytes.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | void ge_p3_tobytes(unsigned char *s,const ge_p3 *h) 4 | { 5 | fe recip; 6 | fe x; 7 | fe y; 8 | 9 | fe_invert(recip,h->Z); 10 | fe_mul(x,h->X,recip); 11 | fe_mul(y,h->Y,recip); 12 | fe_tobytes(s,y); 13 | s[31] ^= fe_isnegative(x) << 7; 14 | } 15 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_precomp_0.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | void ge_precomp_0(ge_precomp *h) 4 | { 5 | fe_1(h->yplusx); 6 | fe_1(h->yminusx); 7 | fe_0(h->xy2d); 8 | } 9 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_scalarmult_base.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | #include "crypto_uint32.h" 3 | 4 | static unsigned char equal(signed char b,signed char c) 5 | { 6 | unsigned char ub = b; 7 | unsigned char uc = c; 8 | unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ 9 | crypto_uint32 y = x; /* 0: yes; 1..255: no */ 10 | y -= 1; /* 4294967295: yes; 0..254: no */ 11 | y >>= 31; /* 1: yes; 0: no */ 12 | return y; 13 | } 14 | 15 | static unsigned char negative(signed char b) 16 | { 17 | unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ 18 | x >>= 63; /* 1: yes; 0: no */ 19 | return x; 20 | } 21 | 22 | static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b) 23 | { 24 | fe_cmov(t->yplusx,u->yplusx,b); 25 | fe_cmov(t->yminusx,u->yminusx,b); 26 | fe_cmov(t->xy2d,u->xy2d,b); 27 | } 28 | 29 | /* base[i][j] = (j+1)*256^i*B */ 30 | static ge_precomp base[32][8] = { 31 | #include "base.h" 32 | } ; 33 | 34 | static void select(ge_precomp *t,int pos,signed char b) 35 | { 36 | ge_precomp minust; 37 | unsigned char bnegative = negative(b); 38 | unsigned char babs = b - (((-bnegative) & b) << 1); 39 | 40 | ge_precomp_0(t); 41 | cmov(t,&base[pos][0],equal(babs,1)); 42 | cmov(t,&base[pos][1],equal(babs,2)); 43 | cmov(t,&base[pos][2],equal(babs,3)); 44 | cmov(t,&base[pos][3],equal(babs,4)); 45 | cmov(t,&base[pos][4],equal(babs,5)); 46 | cmov(t,&base[pos][5],equal(babs,6)); 47 | cmov(t,&base[pos][6],equal(babs,7)); 48 | cmov(t,&base[pos][7],equal(babs,8)); 49 | fe_copy(minust.yplusx,t->yminusx); 50 | fe_copy(minust.yminusx,t->yplusx); 51 | fe_neg(minust.xy2d,t->xy2d); 52 | cmov(t,&minust,bnegative); 53 | } 54 | 55 | /* 56 | h = a * B 57 | where a = a[0]+256*a[1]+...+256^31 a[31] 58 | B is the Ed25519 base point (x,4/5) with x positive. 59 | 60 | Preconditions: 61 | a[31] <= 127 62 | */ 63 | 64 | void ge_scalarmult_base(ge_p3 *h,const unsigned char *a) 65 | { 66 | signed char e[64]; 67 | signed char carry; 68 | ge_p1p1 r; 69 | ge_p2 s; 70 | ge_precomp t; 71 | int i; 72 | 73 | for (i = 0;i < 32;++i) { 74 | e[2 * i + 0] = (a[i] >> 0) & 15; 75 | e[2 * i + 1] = (a[i] >> 4) & 15; 76 | } 77 | /* each e[i] is between 0 and 15 */ 78 | /* e[63] is between 0 and 7 */ 79 | 80 | carry = 0; 81 | for (i = 0;i < 63;++i) { 82 | e[i] += carry; 83 | carry = e[i] + 8; 84 | carry >>= 4; 85 | e[i] -= carry << 4; 86 | } 87 | e[63] += carry; 88 | /* each e[i] is between -8 and 8 */ 89 | 90 | ge_p3_0(h); 91 | for (i = 1;i < 64;i += 2) { 92 | select(&t,i / 2,e[i]); 93 | ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r); 94 | } 95 | 96 | ge_p3_dbl(&r,h); ge_p1p1_to_p2(&s,&r); 97 | ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r); 98 | ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r); 99 | ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r); 100 | 101 | for (i = 0;i < 64;i += 2) { 102 | select(&t,i / 2,e[i]); 103 | ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r); 104 | } 105 | } 106 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_sub.c: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p - q 5 | */ 6 | 7 | void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q) 8 | { 9 | fe t0; 10 | #include "ge_sub.h" 11 | } 12 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_sub.h: -------------------------------------------------------------------------------- 1 | 2 | /* qhasm: enter ge_sub */ 3 | 4 | /* qhasm: fe X1 */ 5 | 6 | /* qhasm: fe Y1 */ 7 | 8 | /* qhasm: fe Z1 */ 9 | 10 | /* qhasm: fe Z2 */ 11 | 12 | /* qhasm: fe T1 */ 13 | 14 | /* qhasm: fe ZZ */ 15 | 16 | /* qhasm: fe YpX2 */ 17 | 18 | /* qhasm: fe YmX2 */ 19 | 20 | /* qhasm: fe T2d2 */ 21 | 22 | /* qhasm: fe X3 */ 23 | 24 | /* qhasm: fe Y3 */ 25 | 26 | /* qhasm: fe Z3 */ 27 | 28 | /* qhasm: fe T3 */ 29 | 30 | /* qhasm: fe YpX1 */ 31 | 32 | /* qhasm: fe YmX1 */ 33 | 34 | /* qhasm: fe A */ 35 | 36 | /* qhasm: fe B */ 37 | 38 | /* qhasm: fe C */ 39 | 40 | /* qhasm: fe D */ 41 | 42 | /* qhasm: YpX1 = Y1+X1 */ 43 | /* asm 1: fe_add(>YpX1=fe#1,YpX1=r->X,Y,X); */ 45 | fe_add(r->X,p->Y,p->X); 46 | 47 | /* qhasm: YmX1 = Y1-X1 */ 48 | /* asm 1: fe_sub(>YmX1=fe#2,YmX1=r->Y,Y,X); */ 50 | fe_sub(r->Y,p->Y,p->X); 51 | 52 | /* qhasm: A = YpX1*YmX2 */ 53 | /* asm 1: fe_mul(>A=fe#3,A=r->Z,X,YminusX); */ 55 | fe_mul(r->Z,r->X,q->YminusX); 56 | 57 | /* qhasm: B = YmX1*YpX2 */ 58 | /* asm 1: fe_mul(>B=fe#2,B=r->Y,Y,YplusX); */ 60 | fe_mul(r->Y,r->Y,q->YplusX); 61 | 62 | /* qhasm: C = T2d2*T1 */ 63 | /* asm 1: fe_mul(>C=fe#4,C=r->T,T2d,T); */ 65 | fe_mul(r->T,q->T2d,p->T); 66 | 67 | /* qhasm: ZZ = Z1*Z2 */ 68 | /* asm 1: fe_mul(>ZZ=fe#1,ZZ=r->X,Z,Z); */ 70 | fe_mul(r->X,p->Z,q->Z); 71 | 72 | /* qhasm: D = 2*ZZ */ 73 | /* asm 1: fe_add(>D=fe#5,D=t0,X,X); */ 75 | fe_add(t0,r->X,r->X); 76 | 77 | /* qhasm: X3 = A-B */ 78 | /* asm 1: fe_sub(>X3=fe#1,X3=r->X,Z,Y); */ 80 | fe_sub(r->X,r->Z,r->Y); 81 | 82 | /* qhasm: Y3 = A+B */ 83 | /* asm 1: fe_add(>Y3=fe#2,Y3=r->Y,Z,Y); */ 85 | fe_add(r->Y,r->Z,r->Y); 86 | 87 | /* qhasm: Z3 = D-C */ 88 | /* asm 1: fe_sub(>Z3=fe#3,Z3=r->Z,T); */ 90 | fe_sub(r->Z,t0,r->T); 91 | 92 | /* qhasm: T3 = D+C */ 93 | /* asm 1: fe_add(>T3=fe#4,T3=r->T,T); */ 95 | fe_add(r->T,t0,r->T); 96 | 97 | /* qhasm: return */ 98 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/ge_sub.q: -------------------------------------------------------------------------------- 1 | :name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18: 5 | return:nofallthrough:h=fe:asm/fe_add(>h,h=fe:asm/fe_sub(>h,h=fe:asm/fe_mul(>h,h=fe:asm/fe_sq(>h,h=fe:asm/fe_add(>h,Z); 10 | fe_mul(x,h->X,recip); 11 | fe_mul(y,h->Y,recip); 12 | fe_tobytes(s,y); 13 | s[31] ^= fe_isnegative(x) << 7; 14 | } 15 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/keypair.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "randombytes.h" 3 | #include "crypto_sign.h" 4 | #include "crypto_hash_sha512.h" 5 | #include "ge.h" 6 | 7 | int crypto_sign_keypair(unsigned char *pk,unsigned char *sk) 8 | { 9 | unsigned char az[64]; 10 | ge_p3 A; 11 | 12 | randombytes(sk,32); 13 | crypto_hash_sha512(az,sk,32); 14 | az[0] &= 248; 15 | az[31] &= 63; 16 | az[31] |= 64; 17 | 18 | ge_scalarmult_base(&A,az); 19 | ge_p3_tobytes(pk,&A); 20 | 21 | memmove(sk + 32,pk,32); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/open.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "crypto_sign.h" 3 | #include "crypto_hash_sha512.h" 4 | #include "crypto_verify_32.h" 5 | #include "ge.h" 6 | #include "sc.h" 7 | 8 | int crypto_sign_open( 9 | unsigned char *m,unsigned long long *mlen, 10 | const unsigned char *sm,unsigned long long smlen, 11 | const unsigned char *pk 12 | ) 13 | { 14 | unsigned char pkcopy[32]; 15 | unsigned char rcopy[32]; 16 | unsigned char scopy[32]; 17 | unsigned char h[64]; 18 | unsigned char rcheck[32]; 19 | ge_p3 A; 20 | ge_p2 R; 21 | 22 | if (smlen < 64) goto badsig; 23 | if (sm[63] & 224) goto badsig; 24 | if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig; 25 | 26 | memmove(pkcopy,pk,32); 27 | memmove(rcopy,sm,32); 28 | memmove(scopy,sm + 32,32); 29 | 30 | memmove(m,sm,smlen); 31 | memmove(m + 32,pkcopy,32); 32 | crypto_hash_sha512(h,m,smlen); 33 | sc_reduce(h); 34 | 35 | ge_double_scalarmult_vartime(&R,h,&A,scopy); 36 | ge_tobytes(rcheck,&R); 37 | if (crypto_verify_32(rcheck,rcopy) == 0) { 38 | memmove(m,m + 64,smlen - 64); 39 | memset(m + smlen - 64,0,64); 40 | *mlen = smlen - 64; 41 | return 0; 42 | } 43 | 44 | badsig: 45 | *mlen = -1; 46 | memset(m,0,smlen); 47 | return -1; 48 | } 49 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/pow22523.q: -------------------------------------------------------------------------------- 1 | :name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>z1=fe#11: 5 | return:nofallthrough:h=fe:asm/fe_mul(>h,h=fe:#k:asm/fe_sq(>h,h,>h);: 9 | 10 | : 11 | 12 | fe z1 13 | fe z2 14 | fe z8 15 | fe z9 16 | fe z11 17 | fe z22 18 | fe z_5_0 19 | fe z_10_5 20 | fe z_10_0 21 | fe z_20_10 22 | fe z_20_0 23 | fe z_40_20 24 | fe z_40_0 25 | fe z_50_10 26 | fe z_50_0 27 | fe z_100_50 28 | fe z_100_0 29 | fe z_200_100 30 | fe z_200_0 31 | fe z_250_50 32 | fe z_250_0 33 | fe z_252_2 34 | fe z_252_3 35 | 36 | enter pow22523 37 | 38 | z2 = z1^2^1 39 | z8 = z2^2^2 40 | z9 = z1*z8 41 | z11 = z2*z9 42 | z22 = z11^2^1 43 | z_5_0 = z9*z22 44 | z_10_5 = z_5_0^2^5 45 | z_10_0 = z_10_5*z_5_0 46 | z_20_10 = z_10_0^2^10 47 | z_20_0 = z_20_10*z_10_0 48 | z_40_20 = z_20_0^2^20 49 | z_40_0 = z_40_20*z_20_0 50 | z_50_10 = z_40_0^2^10 51 | z_50_0 = z_50_10*z_10_0 52 | z_100_50 = z_50_0^2^50 53 | z_100_0 = z_100_50*z_50_0 54 | z_200_100 = z_100_0^2^100 55 | z_200_0 = z_200_100*z_100_0 56 | z_250_50 = z_200_0^2^50 57 | z_250_0 = z_250_50*z_50_0 58 | z_252_2 = z_250_0^2^2 59 | z_252_3 = z_252_2*z1 60 | 61 | return 62 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/pow225521.q: -------------------------------------------------------------------------------- 1 | :name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out: 2 | fe r:var/r=fe: 3 | 4 | enter f:enter/f:>z1=fe#11: 5 | return:nofallthrough:h=fe:asm/fe_mul(>h,h=fe:#k:asm/fe_sq(>h,h,>h);: 9 | 10 | : 11 | 12 | fe z1 13 | fe z2 14 | fe z8 15 | fe z9 16 | fe z11 17 | fe z22 18 | fe z_5_0 19 | fe z_10_5 20 | fe z_10_0 21 | fe z_20_10 22 | fe z_20_0 23 | fe z_40_20 24 | fe z_40_0 25 | fe z_50_10 26 | fe z_50_0 27 | fe z_100_50 28 | fe z_100_0 29 | fe z_200_100 30 | fe z_200_0 31 | fe z_250_50 32 | fe z_250_0 33 | fe z_255_5 34 | fe z_255_21 35 | 36 | enter pow225521 37 | 38 | z2 = z1^2^1 39 | z8 = z2^2^2 40 | z9 = z1*z8 41 | z11 = z2*z9 42 | z22 = z11^2^1 43 | z_5_0 = z9*z22 44 | z_10_5 = z_5_0^2^5 45 | z_10_0 = z_10_5*z_5_0 46 | z_20_10 = z_10_0^2^10 47 | z_20_0 = z_20_10*z_10_0 48 | z_40_20 = z_20_0^2^20 49 | z_40_0 = z_40_20*z_20_0 50 | z_50_10 = z_40_0^2^10 51 | z_50_0 = z_50_10*z_10_0 52 | z_100_50 = z_50_0^2^50 53 | z_100_0 = z_100_50*z_50_0 54 | z_200_100 = z_100_0^2^100 55 | z_200_0 = z_200_100*z_100_0 56 | z_250_50 = z_200_0^2^50 57 | z_250_0 = z_250_50*z_50_0 58 | z_255_5 = z_250_0^2^5 59 | z_255_21 = z_255_5*z11 60 | 61 | return 62 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/q2h.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sed 's/^#.*//' \ 3 | | qhasm-generic \ 4 | | sed 's_//\(.*\)$_/*\1 */_' 5 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/sc.h: -------------------------------------------------------------------------------- 1 | #ifndef SC_H 2 | #define SC_H 3 | 4 | /* 5 | The set of scalars is \Z/l 6 | where l = 2^252 + 27742317777372353535851937790883648493. 7 | */ 8 | 9 | #define sc_reduce crypto_sign_ed25519_ref10_sc_reduce 10 | #define sc_muladd crypto_sign_ed25519_ref10_sc_muladd 11 | 12 | extern void sc_reduce(unsigned char *); 13 | extern void sc_muladd(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/scrap.txt: -------------------------------------------------------------------------------- 1 | #include "ge.h" 2 | 3 | /* 4 | r = p + q 5 | */ 6 | 7 | void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q) 8 | { 9 | fe t0; 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | fe_add(r->X,p->Y,p->X); 32 | 33 | fe_sub(r->Y,p->Y,p->X); 34 | 35 | fe_mul(r->Z,r->X,q->YplusX); 36 | 37 | fe_mul(r->Y,r->Y,q->YminusX); 38 | 39 | fe_mul(r->T,q->T2d,p->T); 40 | 41 | fe_mul(r->X,p->Z,q->Z); 42 | 43 | fe_add(t0,r->X,r->X); 44 | 45 | fe_sub(r->X,r->Z,r->Y); 46 | 47 | fe_add(r->Y,r->Z,r->Y); 48 | 49 | fe_add(r->Z,t0,r->T); 50 | 51 | fe_sub(r->T,t0,r->T); 52 | 53 | } 54 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/sign.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "crypto_sign.h" 3 | #include "crypto_hash_sha512.h" 4 | #include "ge.h" 5 | #include "sc.h" 6 | 7 | int crypto_sign( 8 | unsigned char *sm,unsigned long long *smlen, 9 | const unsigned char *m,unsigned long long mlen, 10 | const unsigned char *sk 11 | ) 12 | { 13 | unsigned char pk[32]; 14 | unsigned char az[64]; 15 | unsigned char nonce[64]; 16 | unsigned char hram[64]; 17 | ge_p3 R; 18 | 19 | memmove(pk,sk + 32,32); 20 | 21 | crypto_hash_sha512(az,sk,32); 22 | az[0] &= 248; 23 | az[31] &= 63; 24 | az[31] |= 64; 25 | 26 | *smlen = mlen + 64; 27 | memmove(sm + 64,m,mlen); 28 | memmove(sm + 32,az + 32,32); 29 | crypto_hash_sha512(nonce,sm + 32,mlen + 32); 30 | memmove(sm + 32,pk,32); 31 | 32 | sc_reduce(nonce); 33 | ge_scalarmult_base(&R,nonce); 34 | ge_p3_tobytes(sm,&R); 35 | 36 | crypto_hash_sha512(hram,sm,mlen + 64); 37 | sc_reduce(hram); 38 | sc_muladd(sm + 32,hram,az,nonce); 39 | 40 | return 0; 41 | } 42 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/sqrtm1.h: -------------------------------------------------------------------------------- 1 | -32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482 2 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/sqrtm1.py: -------------------------------------------------------------------------------- 1 | q = 2**255 - 19 2 | 3 | def expmod(b,e,m): 4 | if e == 0: return 1 5 | t = expmod(b,e/2,m)**2 % m 6 | if e & 1: t = (t*b) % m 7 | return t 8 | 9 | def inv(x): 10 | return expmod(x,q-2,q) 11 | 12 | def radix255(x): 13 | x = x % q 14 | if x + x > q: x -= q 15 | x = [x,0,0,0,0,0,0,0,0,0] 16 | bits = [26,25,26,25,26,25,26,25,26,25] 17 | for i in range(9): 18 | carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i] 19 | x[i] -= carry * 2**bits[i] 20 | x[i + 1] += carry 21 | result = "" 22 | for i in range(9): 23 | result = result+str(x[i])+"," 24 | result = result+str(x[9]) 25 | return result 26 | 27 | I = expmod(2,(q-1)/4,q) 28 | print radix255(I) 29 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/ref10CommentedCombined/test.py: -------------------------------------------------------------------------------- 1 | import os 2 | l = "(((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] | s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] | s[18] | s[19] | s[20] | s[21] | s[22] | s[23] | s[24] | s[25] | s[26] | s[27] | s[28] | s[29] | s[30] | s[31]) - 1) >> 8) + 1;" 3 | 4 | os.system("sed -i 's/crypto_verify_32(s, zero)/"+l+"/' crypto-ops.c") 5 | 6 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/sha512-hash.c: -------------------------------------------------------------------------------- 1 | /* 2 | 20080913 3 | D. J. Bernstein 4 | Public domain. 5 | */ 6 | 7 | #include "sha512.h" 8 | 9 | extern int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen); 10 | 11 | #define blocks crypto_hashblocks 12 | 13 | static const unsigned char iv[64] = { 14 | 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, 15 | 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, 16 | 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, 17 | 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, 18 | 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, 19 | 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, 20 | 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, 21 | 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 22 | } ; 23 | 24 | typedef unsigned long long uint64; 25 | 26 | int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen) 27 | { 28 | unsigned char h[64]; 29 | unsigned char padded[256]; 30 | int i; 31 | unsigned long long bytes = inlen; 32 | 33 | for (i = 0;i < 64;++i) h[i] = iv[i]; 34 | 35 | blocks(h,in,inlen); 36 | in += inlen; 37 | inlen &= 127; 38 | in -= inlen; 39 | 40 | for (i = 0;i < inlen;++i) padded[i] = in[i]; 41 | padded[inlen] = 0x80; 42 | 43 | if (inlen < 112) { 44 | for (i = inlen + 1;i < 119;++i) padded[i] = 0; 45 | padded[119] = bytes >> 61; 46 | padded[120] = bytes >> 53; 47 | padded[121] = bytes >> 45; 48 | padded[122] = bytes >> 37; 49 | padded[123] = bytes >> 29; 50 | padded[124] = bytes >> 21; 51 | padded[125] = bytes >> 13; 52 | padded[126] = bytes >> 5; 53 | padded[127] = bytes << 3; 54 | blocks(h,padded,128); 55 | } else { 56 | for (i = inlen + 1;i < 247;++i) padded[i] = 0; 57 | padded[247] = bytes >> 61; 58 | padded[248] = bytes >> 53; 59 | padded[249] = bytes >> 45; 60 | padded[250] = bytes >> 37; 61 | padded[251] = bytes >> 29; 62 | padded[252] = bytes >> 21; 63 | padded[253] = bytes >> 13; 64 | padded[254] = bytes >> 5; 65 | padded[255] = bytes << 3; 66 | blocks(h,padded,256); 67 | } 68 | 69 | for (i = 0;i < 64;++i) out[i] = h[i]; 70 | 71 | return 0; 72 | } 73 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/sha512.h: -------------------------------------------------------------------------------- 1 | extern int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen); 2 | extern int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen); 3 | 4 | #define crypto_hash_sha512_BYTES 64 5 | -------------------------------------------------------------------------------- /lib/vendor/crypto_ops_builder/verify.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_32.h" 2 | 3 | int crypto_verify_32(const unsigned char *x,const unsigned char *y) 4 | { 5 | unsigned int differentbits = 0; 6 | #define F(i) differentbits |= x[i] ^ y[i]; 7 | F(0) 8 | F(1) 9 | F(2) 10 | F(3) 11 | F(4) 12 | F(5) 13 | F(6) 14 | F(7) 15 | F(8) 16 | F(9) 17 | F(10) 18 | F(11) 19 | F(12) 20 | F(13) 21 | F(14) 22 | F(15) 23 | F(16) 24 | F(17) 25 | F(18) 26 | F(19) 27 | F(20) 28 | F(21) 29 | F(22) 30 | F(23) 31 | F(24) 32 | F(25) 33 | F(26) 34 | F(27) 35 | F(28) 36 | F(29) 37 | F(30) 38 | F(31) 39 | return (1 & ((differentbits - 1) >> 8)) - 1; 40 | } 41 | -------------------------------------------------------------------------------- /lib/vendor/hash-extra-blake.c: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2019, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #include 32 | #include 33 | 34 | #include "blake256.h" 35 | 36 | void hash_extra_blake(const void *data, size_t length, char *hash) { 37 | blake256_hash((uint8_t*)hash, data, length); 38 | } 39 | -------------------------------------------------------------------------------- /lib/vendor/hash-extra-groestl.c: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2019, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #include 32 | #include 33 | 34 | #include "groestl.h" 35 | 36 | void hash_extra_groestl(const void *data, size_t length, char *hash) { 37 | groestl(data, length * 8, (uint8_t*)hash); 38 | } 39 | -------------------------------------------------------------------------------- /lib/vendor/hash-extra-jh.c: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2019, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #include "jh.h" 37 | #include "hash-ops.h" 38 | 39 | void hash_extra_jh(const void *data, size_t length, char *hash) { 40 | int r = jh_hash(HASH_SIZE * 8, data, 8 * length, (uint8_t*)hash); 41 | assert(SUCCESS == r); 42 | } 43 | -------------------------------------------------------------------------------- /lib/vendor/hash-extra-skein.c: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2019, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #include 32 | #include 33 | 34 | #include "hash-ops.h" 35 | #include "skein.h" 36 | 37 | void hash_extra_skein(const void *data, size_t length, char *hash) { 38 | int r = skein_hash(8 * HASH_SIZE, data, 8 * length, (uint8_t*)hash); 39 | assert(SKEIN_SUCCESS == r); 40 | } 41 | -------------------------------------------------------------------------------- /lib/vendor/hash.c: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2019, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #include 32 | #include 33 | #include 34 | 35 | #include "hash-ops.h" 36 | #include "keccak.h" 37 | 38 | void hash_permutation(union hash_state *state) { 39 | #if BYTE_ORDER == LITTLE_ENDIAN 40 | keccakf((uint64_t*)state, 24); 41 | #else 42 | uint64_t le_state[25]; 43 | memcpy_swap64le(le_state, state, 25); 44 | keccakf(le_state, 24); 45 | memcpy_swap64le(state, le_state, 25); 46 | #endif 47 | } 48 | 49 | void hash_process(union hash_state *state, const uint8_t *buf, size_t count) { 50 | keccak1600(buf, count, (uint8_t*)state); 51 | } 52 | 53 | void cn_fast_hash(const void *data, size_t length, char *hash) { 54 | union hash_state state; 55 | hash_process(&state, data, length); 56 | memcpy(hash, &state, HASH_SIZE); 57 | } 58 | -------------------------------------------------------------------------------- /lib/vendor/hex.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2017, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | #include "hex.h" 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | namespace epee 37 | { 38 | namespace 39 | { 40 | template 41 | void write_hex(T&& out, const span src) 42 | { 43 | static constexpr const char hex[] = u8"0123456789abcdef"; 44 | static_assert(sizeof(hex) == 17, "bad string size"); 45 | for (const std::uint8_t byte : src) 46 | { 47 | *out = hex[byte >> 4]; 48 | ++out; 49 | *out = hex[byte & 0x0F]; 50 | ++out; 51 | } 52 | } 53 | } 54 | 55 | std::string to_hex::string(const span src) 56 | { 57 | std::string out{}; 58 | out.resize(src.size() * 2); 59 | buffer_unchecked(std::addressof(out[0]), src); 60 | return out; 61 | } 62 | 63 | void to_hex::buffer(std::ostream& out, const span src) 64 | { 65 | write_hex(std::ostreambuf_iterator{out}, src); 66 | } 67 | 68 | void to_hex::formatted(std::ostream& out, const span src) 69 | { 70 | out.put('<'); 71 | buffer(out, src); 72 | out.put('>'); 73 | } 74 | 75 | void to_hex::buffer_unchecked(char* out, const span src) noexcept 76 | { 77 | return write_hex(out, src); 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /lib/vendor/hex.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2017, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | #pragma once 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #include "span.h" 37 | 38 | namespace epee 39 | { 40 | struct to_hex 41 | { 42 | //! \return A std::string containing hex of `src`. 43 | static std::string string(const span src); 44 | 45 | //! \return An array containing hex of `src`. 46 | template 47 | static std::array array(const std::array& src) noexcept 48 | { 49 | std::array out{{}}; 50 | static_assert(N <= 128, "keep the stack size down"); 51 | buffer_unchecked(out.data(), {src.data(), src.size()}); 52 | return out; 53 | } 54 | 55 | //! Append `src` as hex to `out`. 56 | static void buffer(std::ostream& out, const span src); 57 | 58 | //! Append `< + src + >` as hex to `out`. 59 | static void formatted(std::ostream& out, const span src); 60 | 61 | private: 62 | //! Write `src` bytes as hex to `out`. `out` must be twice the length 63 | static void buffer_unchecked(char* out, const span src) noexcept; 64 | }; 65 | } 66 | -------------------------------------------------------------------------------- /lib/vendor/hmac-keccak.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2018, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | #ifndef HMAC_KECCAK_H 30 | #define HMAC_KECCAK_H 31 | 32 | #include "keccak.h" 33 | 34 | // HMAC RFC 2104 with Keccak-256 base hash function 35 | // 36 | // B = KECCAK_BLOCKLEN = 136 B 37 | // L = HASH_SIZE = 32 B 38 | // 39 | // Note this is not HMAC-SHA3 as SHA3 and Keccak differs in 40 | // the padding constant. 41 | 42 | #ifdef __cplusplus 43 | extern "C" { 44 | #endif 45 | 46 | typedef struct { 47 | KECCAK_CTX inner; 48 | KECCAK_CTX outer; 49 | } hmac_keccak_state; 50 | 51 | void hmac_keccak_init(hmac_keccak_state *S, const uint8_t *_key, size_t keylen); 52 | void hmac_keccak_update(hmac_keccak_state *S, const uint8_t *data, size_t datalen); 53 | void hmac_keccak_finish(hmac_keccak_state *S, uint8_t *digest); 54 | void hmac_keccak_hash(uint8_t *out, const uint8_t *key, size_t keylen, const uint8_t *in, size_t inlen); 55 | 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | #endif //HMAC_KECCAK_H 60 | -------------------------------------------------------------------------------- /lib/vendor/initializer.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2019, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #pragma once 32 | 33 | #if defined(__GNUC__) 34 | #if defined(__sun) && defined(__SVR4) 35 | #define INITIALIZER(name) __attribute__((constructor)) static void name(void) 36 | #define FINALIZER(name) __attribute__((destructor)) static void name(void) 37 | #else 38 | #define INITIALIZER(name) __attribute__((constructor(101))) static void name(void) 39 | #define FINALIZER(name) __attribute__((destructor(101))) static void name(void) 40 | #endif 41 | #define REGISTER_FINALIZER(name) ((void) 0) 42 | 43 | #elif defined(_MSC_VER) 44 | #include 45 | #include 46 | // https://stackoverflow.com/questions/1113409/attribute-constructor-equivalent-in-vc 47 | // https://msdn.microsoft.com/en-us/library/bb918180.aspx 48 | #pragma section(".CRT$XCT", read) 49 | #define INITIALIZER(name) \ 50 | static void __cdecl name(void); \ 51 | __declspec(allocate(".CRT$XCT")) void (__cdecl *const _##name)(void) = &name; \ 52 | static void __cdecl name(void) 53 | #define FINALIZER(name) \ 54 | static void __cdecl name(void) 55 | #define REGISTER_FINALIZER(name) \ 56 | do { \ 57 | int _res = atexit(name); \ 58 | assert(_res == 0); \ 59 | } while (0); 60 | 61 | #else 62 | #error Unsupported compiler 63 | #endif 64 | -------------------------------------------------------------------------------- /lib/vendor/jh.h: -------------------------------------------------------------------------------- 1 | /*This program gives the 64-bit optimized bitslice implementation of JH using ANSI C 2 | 3 | -------------------------------- 4 | Performance 5 | 6 | Microprocessor: Intel CORE 2 processor (Core 2 Duo Mobile T6600 2.2GHz) 7 | Operating System: 64-bit Ubuntu 10.04 (Linux kernel 2.6.32-22-generic) 8 | Speed for long message: 9 | 1) 45.8 cycles/byte compiler: Intel C++ Compiler 11.1 compilation option: icc -O2 10 | 2) 56.8 cycles/byte compiler: gcc 4.4.3 compilation option: gcc -O3 11 | 12 | -------------------------------- 13 | Last Modified: January 16, 2011 14 | */ 15 | #pragma once 16 | 17 | typedef unsigned char BitSequence; 18 | typedef unsigned long long DataLength; 19 | typedef enum {SUCCESS = 0, FAIL = 1, BAD_HASHLEN = 2} HashReturn; 20 | 21 | HashReturn jh_hash(int hashbitlen, const BitSequence *data, DataLength databitlen, BitSequence *hashval); 22 | -------------------------------------------------------------------------------- /lib/vendor/keccak.h: -------------------------------------------------------------------------------- 1 | // keccak.h 2 | // 19-Nov-11 Markku-Juhani O. Saarinen 3 | 4 | #ifndef KECCAK_H 5 | #define KECCAK_H 6 | 7 | #include 8 | #include 9 | 10 | #ifndef KECCAK_ROUNDS 11 | #define KECCAK_ROUNDS 24 12 | #endif 13 | 14 | #ifndef ROTL64 15 | #define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y)))) 16 | #endif 17 | 18 | // SHA3 Algorithm context. 19 | typedef struct KECCAK_CTX 20 | { 21 | // 1600 bits algorithm hashing state 22 | uint64_t hash[25]; 23 | // 1088-bit buffer for leftovers, block size = 136 B for 256-bit keccak 24 | uint64_t message[17]; 25 | // count of bytes in the message[] buffer 26 | size_t rest; 27 | } KECCAK_CTX; 28 | 29 | // compute a keccak hash (md) of given byte length from "in" 30 | void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen); 31 | 32 | // update the state 33 | void keccakf(uint64_t st[25], int norounds); 34 | 35 | void keccak1600(const uint8_t *in, size_t inlen, uint8_t *md); 36 | 37 | void keccak_init(KECCAK_CTX * ctx); 38 | void keccak_update(KECCAK_CTX * ctx, const uint8_t *in, size_t inlen); 39 | void keccak_finish(KECCAK_CTX * ctx, uint8_t *md); 40 | #endif 41 | -------------------------------------------------------------------------------- /lib/vendor/oaes_config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * --------------------------------------------------------------------------- 3 | * OpenAES License 4 | * --------------------------------------------------------------------------- 5 | * Copyright (c) 2012, Nabil S. Al Ramli, www.nalramli.com 6 | * All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, with or without 9 | * modification, are permitted provided that the following conditions are met: 10 | * 11 | * - Redistributions of source code must retain the above copyright notice, 12 | * this list of conditions and the following disclaimer. 13 | * - Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 17 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 | * POSSIBILITY OF SUCH DAMAGE. 28 | * --------------------------------------------------------------------------- 29 | */ 30 | 31 | #ifndef _OAES_CONFIG_H 32 | #define _OAES_CONFIG_H 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | //#ifndef OAES_HAVE_ISAAC 39 | //#define OAES_HAVE_ISAAC 1 40 | //#endif // OAES_HAVE_ISAAC 41 | 42 | //#ifndef OAES_DEBUG 43 | //#define OAES_DEBUG 0 44 | //#endif // OAES_DEBUG 45 | 46 | #ifdef __cplusplus 47 | } 48 | #endif 49 | 50 | #endif // _OAES_CONFIG_H 51 | -------------------------------------------------------------------------------- /lib/vendor/random.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014-2019, The Monero Project 2 | // 3 | // All rights reserved. 4 | // 5 | // Redistribution and use in source and binary forms, with or without modification, are 6 | // permitted provided that the following conditions are met: 7 | // 8 | // 1. Redistributions of source code must retain the above copyright notice, this list of 9 | // conditions and the following disclaimer. 10 | // 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, this list 12 | // of conditions and the following disclaimer in the documentation and/or other 13 | // materials provided with the distribution. 14 | // 15 | // 3. Neither the name of the copyright holder nor the names of its contributors may be 16 | // used to endorse or promote products derived from this software without specific 17 | // prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 20 | // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 27 | // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | // 29 | // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers 30 | 31 | #pragma once 32 | 33 | #include 34 | 35 | void generate_random_bytes_not_thread_safe(size_t n, void *result); 36 | -------------------------------------------------------------------------------- /lib/vendor/skein.h: -------------------------------------------------------------------------------- 1 | #ifndef _SKEIN_H_ 2 | #define _SKEIN_H_ 1 3 | /************************************************************************** 4 | ** 5 | ** Interface declarations and internal definitions for Skein hashing. 6 | ** 7 | ** Source code author: Doug Whiting, 2008. 8 | ** 9 | ** This algorithm and source code is released to the public domain. 10 | ** 11 | *************************************************************************** 12 | ** 13 | ** The following compile-time switches may be defined to control some 14 | ** tradeoffs between speed, code size, error checking, and security. 15 | ** 16 | ** The "default" note explains what happens when the switch is not defined. 17 | ** 18 | ** SKEIN_DEBUG -- make callouts from inside Skein code 19 | ** to examine/display intermediate values. 20 | ** [default: no callouts (no overhead)] 21 | ** 22 | ** SKEIN_ERR_CHECK -- how error checking is handled inside Skein 23 | ** code. If not defined, most error checking 24 | ** is disabled (for performance). Otherwise, 25 | ** the switch value is interpreted as: 26 | ** 0: use assert() to flag errors 27 | ** 1: return SKEIN_FAIL to flag errors 28 | ** 29 | ***************************************************************************/ 30 | #include "skein_port.h" /* get platform-specific definitions */ 31 | 32 | typedef enum 33 | { 34 | SKEIN_SUCCESS = 0, /* return codes from Skein calls */ 35 | SKEIN_FAIL = 1, 36 | SKEIN_BAD_HASHLEN = 2 37 | } 38 | HashReturn; 39 | 40 | typedef size_t DataLength; /* bit count type */ 41 | typedef u08b_t BitSequence; /* bit stream type */ 42 | 43 | /* "all-in-one" call */ 44 | HashReturn skein_hash(int hashbitlen, const BitSequence *data, 45 | DataLength databitlen, BitSequence *hashval); 46 | 47 | #endif /* ifndef _SKEIN_H_ */ 48 | -------------------------------------------------------------------------------- /lib/vendor/warnings.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #if defined(_MSC_VER) 4 | 5 | #define PUSH_WARNINGS __pragma(warning(push)) 6 | #define POP_WARNINGS __pragma(warning(pop)) 7 | #define DISABLE_VS_WARNINGS(w) __pragma(warning(disable: w)) 8 | #define DISABLE_GCC_WARNING(w) 9 | #define DISABLE_CLANG_WARNING(w) 10 | #define DISABLE_GCC_AND_CLANG_WARNING(w) 11 | 12 | #else 13 | 14 | #include 15 | 16 | #define PUSH_WARNINGS _Pragma("GCC diagnostic push") 17 | #define POP_WARNINGS _Pragma("GCC diagnostic pop") 18 | #define DISABLE_VS_WARNINGS(w) 19 | 20 | #if defined(__clang__) 21 | #define DISABLE_GCC_WARNING(w) 22 | #define DISABLE_CLANG_WARNING DISABLE_GCC_AND_CLANG_WARNING 23 | #else 24 | #define DISABLE_GCC_WARNING DISABLE_GCC_AND_CLANG_WARNING 25 | #define DISABLE_CLANG_WARNING(w) 26 | #endif 27 | 28 | #define DISABLE_GCC_AND_CLANG_WARNING(w) _Pragma(BOOST_PP_STRINGIZE(GCC diagnostic ignored BOOST_PP_STRINGIZE(-W##w))) 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "node-cryptonight", 3 | "version": "1.3.0", 4 | "description": "node bindings for cryptonight hashing", 5 | "main": "index.js", 6 | "gypfile": true, 7 | "scripts": { 8 | "lint": "standard", 9 | "rebuild": "node-gyp rebuild", 10 | "test": "standard && jest" 11 | }, 12 | "keywords": [ 13 | "cryptonight", 14 | "hash", 15 | "monero", 16 | "native" 17 | ], 18 | "author": "Excitable Aardvark ", 19 | "license": "BSDv3", 20 | "repository": { 21 | "type": "git", 22 | "url": "git+ssh://git@github.com/ExcitableAardvark/node-cryptonight.git" 23 | }, 24 | "bugs": { 25 | "url": "https://github.com/ExcitableAardvark/node-cryptonight/issues" 26 | }, 27 | "homepage": "https://github.com/ExcitableAardvark/node-cryptonight#readme", 28 | "dependencies": { 29 | "bindings": "^1.5.0", 30 | "nan": "^2.14.0", 31 | "node-gyp": "^4.0.0" 32 | }, 33 | "devDependencies": { 34 | "jest": "^24.7.1", 35 | "standard": "^12.0.1" 36 | } 37 | } 38 | --------------------------------------------------------------------------------