├── .update-modules ├── .dockerignore ├── extern └── blst │ ├── bindings │ ├── rust │ │ ├── rustfmt.toml │ │ ├── Cargo.toml │ │ ├── README.md │ │ └── build.rs │ ├── go │ │ ├── hash_to_curve │ │ │ ├── README │ │ │ └── BLS12381G1_XMD_SHA-256_SSWU_RO_.json │ │ ├── server.c │ │ ├── README.md │ │ ├── assembly.S │ │ ├── blst_htoc_test.go │ │ ├── generate.py │ │ ├── blst_misc.tgo │ │ ├── blst_px.tgo │ │ └── blst.tgo │ └── blst_aux.h │ ├── go.mod │ ├── .gitattributes │ ├── blst_logo_small.png │ ├── .lgtm.yml │ ├── src │ ├── errors.h │ ├── client_min_pk.c │ ├── client_min_sig.c │ ├── server.c │ ├── consts.h │ ├── consts.c │ ├── point.h │ ├── fields.h │ ├── vect.c │ ├── sha256.h │ ├── exp.c │ ├── hash_to_field.c │ ├── keygen.c │ └── asm │ │ ├── add_mod_256-armv8.pl │ │ ├── inverse_mod_256-armv8.pl │ │ └── add_mod_384x384-x86_64.pl │ ├── build.bat │ ├── build │ ├── bindings_trim.pl │ ├── win64 │ │ ├── dll.c │ │ ├── blst.def │ │ ├── inverse_mod_256-armv8.asm │ │ ├── add_mod_256-armv8.asm │ │ └── inverse_mod_384-armv8.asm │ ├── refresh.sh │ ├── assembly.S │ ├── mach-o │ │ ├── inverse_mod_256-armv8.S │ │ ├── add_mod_256-armv8.S │ │ ├── add_mod_384x384-x86_64.s │ │ ├── inverse_mod_384-armv8.S │ │ └── inverse_mod_256-x86_64.s │ ├── coff │ │ ├── inverse_mod_256-armv8.S │ │ ├── add_mod_256-armv8.S │ │ ├── inverse_mod_384-armv8.S │ │ └── inverse_mod_256-x86_64.s │ └── elf │ │ ├── inverse_mod_256-armv8.S │ │ ├── add_mod_256-armv8.S │ │ ├── inverse_mod_384-armv8.S │ │ ├── add_mod_384x384-x86_64.s │ │ └── inverse_mod_256-x86_64.s │ ├── .gitignore │ ├── .travis.yml │ ├── build.sh │ └── .github │ └── workflows │ └── ci.yml ├── .gitmodules ├── .gitignore ├── .github └── workflows │ ├── ci.yaml │ └── docker.yaml ├── Dockerfile ├── Makefile ├── go.mod ├── main.go ├── README.md └── ldevnet └── ldevnet_test.go /.update-modules: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | Dockerfile 2 | extern 3 | !extern/blst 4 | -------------------------------------------------------------------------------- /extern/blst/bindings/rust/rustfmt.toml: -------------------------------------------------------------------------------- 1 | max_width = 80 2 | -------------------------------------------------------------------------------- /extern/blst/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/supranational/blst 2 | 3 | go 1.11 4 | -------------------------------------------------------------------------------- /extern/blst/.gitattributes: -------------------------------------------------------------------------------- 1 | *.pl linguist-language=assembly 2 | *.h linguist-language=c 3 | *.tgo linguist-language=go 4 | -------------------------------------------------------------------------------- /extern/blst/blst_logo_small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/textileio/lotus-devnet/HEAD/extern/blst/blst_logo_small.png -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "extern/filecoin-ffi"] 2 | path = extern/filecoin-ffi 3 | url = https://github.com/filecoin-project/filecoin-ffi 4 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/hash_to_curve/README: -------------------------------------------------------------------------------- 1 | These files are downloaded from https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/tree/master/poc/vectors, commit 323ce69. 2 | 3 | Note the file names cannot have ":" in them as this is incompatible with Windows. -------------------------------------------------------------------------------- /extern/blst/.lgtm.yml: -------------------------------------------------------------------------------- 1 | queries: 2 | - include: "*" 3 | - exclude: cpp/unused-static-function 4 | - exclude: cpp/include-non-header 5 | 6 | extraction: 7 | cpp: 8 | index: 9 | build_command: 10 | - ./build.sh 11 | go: 12 | index: 13 | build_command: 14 | - (cd bindings/go; go build) 15 | 16 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | 8 | # Test binary, built with `go test -c` 9 | *.test 10 | 11 | # Output of the go coverage tool, specifically when used with LiteIDE 12 | *.out 13 | 14 | # Dependency directories (remove the comment below to include it) 15 | # vendor/ 16 | -------------------------------------------------------------------------------- /extern/blst/src/errors.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | typedef enum { 7 | BLST_SUCCESS = 0, 8 | BLST_BAD_ENCODING, 9 | BLST_POINT_NOT_ON_CURVE, 10 | BLST_POINT_NOT_IN_GROUP, 11 | BLST_AGGR_TYPE_MISMATCH, 12 | BLST_VERIFY_FAIL, 13 | BLST_PK_IS_INFINITY, 14 | } BLST_ERROR; 15 | -------------------------------------------------------------------------------- /extern/blst/src/client_min_pk.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "keygen.c" 8 | #include "e2.c" 9 | #include "exp2.c" 10 | #include "hash_to_field.c" 11 | #include "map_to_g2.c" 12 | #include "e1.c" 13 | #include "exp.c" 14 | #include "consts.c" 15 | #include "vect.c" 16 | #include "exports.c" 17 | -------------------------------------------------------------------------------- /extern/blst/src/client_min_sig.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "keygen.c" 8 | #include "e1.c" 9 | #include "exp.c" 10 | #include "hash_to_field.c" 11 | #include "map_to_g1.c" 12 | #include "e2.c" 13 | #include "exp2.c" 14 | #include "consts.c" 15 | #include "vect.c" 16 | #include "exports.c" 17 | -------------------------------------------------------------------------------- /extern/blst/src/server.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "keygen.c" 8 | #include "hash_to_field.c" 9 | #include "e1.c" 10 | #include "exp.c" 11 | #include "map_to_g1.c" 12 | #include "e2.c" 13 | #include "exp2.c" 14 | #include "map_to_g2.c" 15 | #include "fp12_tower.c" 16 | #include "pairing.c" 17 | #include "aggregate.c" 18 | #include "consts.c" 19 | #include "vect.c" 20 | #include "exports.c" 21 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/server.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "keygen.c" 8 | #include "hash_to_field.c" 9 | #include "e1.c" 10 | #include "exp.c" 11 | #include "map_to_g1.c" 12 | #include "e2.c" 13 | #include "exp2.c" 14 | #include "map_to_g2.c" 15 | #include "fp12_tower.c" 16 | #include "pairing.c" 17 | #include "aggregate.c" 18 | #include "consts.c" 19 | #include "vect.c" 20 | #include "exports.c" 21 | -------------------------------------------------------------------------------- /.github/workflows/ci.yaml: -------------------------------------------------------------------------------- 1 | name: CI 2 | on: 3 | push: 4 | branches: 5 | - master 6 | pull_request: 7 | branches: 8 | - master 9 | jobs: 10 | test: 11 | name: Test 12 | runs-on: self-hosted 13 | steps: 14 | - name: Set up Rust 15 | uses: actions-rs/toolchain@v1 16 | with: 17 | profile: minimal 18 | toolchain: nightly 19 | - name: Install OpenCL 20 | run: sudo apt-get update && sudo apt-get install -y mesa-opencl-icd ocl-icd-opencl-dev jq make hwloc libhwloc-dev 21 | - name: Check out code 22 | uses: actions/checkout@v1 23 | - name: Test 24 | run: make test 25 | -------------------------------------------------------------------------------- /.github/workflows/docker.yaml: -------------------------------------------------------------------------------- 1 | name: Docker Image 2 | on: 3 | create: 4 | push: 5 | branches: 6 | - master 7 | jobs: 8 | docker: 9 | name: Docker publishing 10 | runs-on: self-hosted 11 | steps: 12 | - name: Check out code 13 | uses: actions/checkout@v1 14 | - name: Clean filecoin-ffi 15 | run: make clean build 16 | - name: Publish 17 | uses: docker/build-push-action@v1 18 | with: 19 | username: ${{ secrets.DOCKER_USERNAME }} 20 | password: ${{ secrets.DOCKER_PASSWORD }} 21 | repository: textile/lotus-devnet 22 | tag_with_ref: true 23 | tag_with_sha: true 24 | -------------------------------------------------------------------------------- /extern/blst/build.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | set TOP=%~dp0 3 | cl /nologo /c /O2 /Zi /Fdblst.pdb /MT /Zl %TOP%src\server.c || EXIT /B 4 | FOR %%F IN (%TOP%build\win64\*-x86_64.asm) DO ( 5 | ml64 /nologo /c /Cp /Cx /Zi %%F || EXIT /B 6 | ) 7 | rem FOR %%F IN (%TOP%src\asm\*-x86_64.pl) DO ( 8 | rem IF NOT EXIST %%~nF.asm (perl %%F masm %%~nF.asm) 9 | rem ) 10 | rem FOR %%F IN (*.asm) DO (ml64 /nologo /c /Cp /Cx /Zi %%F || EXIT /B) 11 | FOR %%O IN (%*) DO ( IF "%%O" == "-shared" ( 12 | cl /nologo /c /O2 /Oi- /MD %TOP%build\win64\dll.c || EXIT /B 13 | link /nologo /debug /dll /entry:DllMain /incremental:no /implib:blst.lib /pdb:blst.pdb /def:%TOP%build\win64\blst.def *.obj kernel32.lib && del *.obj 14 | EXIT /B 15 | ) 16 | ) 17 | lib /nologo /OUT:blst.lib *.obj && del *.obj 18 | -------------------------------------------------------------------------------- /extern/blst/build/bindings_trim.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | 3 | # read whole file 4 | while(<>) { push @file, $_; } 5 | 6 | # traverse and remove auto-generated PartialEq for chosen types 7 | for (my $i = 0; $i <= $#file; $i++) { 8 | if (@file[$i] =~ m/struct\s+blst_p[12]/) { 9 | @file[$i-1] =~ s/,\s*PartialEq//; 10 | } elsif (@file[$i] =~ m/struct\s+blst_fp12/) { 11 | @file[$i-1] =~ s/,\s*Default//; 12 | @file[$i-1] =~ s/,\s*PartialEq//; 13 | } elsif (@file[$i] =~ m/struct\s+blst_pairing/) { 14 | @file[$i-1] =~ s/,\s*Copy//; 15 | @file[$i-1] =~ s/,\s*Clone//; 16 | @file[$i-1] =~ s/,\s*Eq//; 17 | @file[$i-1] =~ s/,\s*PartialEq//; 18 | } 19 | } 20 | 21 | # print the file 22 | print @file; 23 | 24 | close STDOUT; 25 | -------------------------------------------------------------------------------- /extern/blst/build/win64/dll.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #if defined(_MSC_VER) 4 | /* 5 | * Even though we don't have memcpy/memset anywhere, MSVC compiler 6 | * generates calls to them as it recognizes corresponding patterns. 7 | */ 8 | void *memcpy(unsigned char *dst, const unsigned char *src, size_t n) 9 | { 10 | void *ret = dst; 11 | 12 | while(n--) 13 | *dst++ = *src++; 14 | 15 | return ret; 16 | } 17 | 18 | void *memset(unsigned char *dst, int c, size_t n) 19 | { 20 | void *ret = dst; 21 | 22 | while(n--) 23 | *dst++ = (unsigned char)c; 24 | 25 | return ret; 26 | } 27 | #elif defined(__GNUC__) 28 | # pragma GCC diagnostic ignored "-Wunused-parameter" 29 | #endif 30 | 31 | BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) 32 | { return TRUE; } 33 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.14 as builder 2 | RUN apt-get update && apt-get install -y mesa-opencl-icd clang ocl-icd-opencl-dev jq hwloc libhwloc-dev 3 | 4 | WORKDIR /tmp 5 | RUN curl https://sh.rustup.rs -sSf > rustup.sh 6 | RUN chmod 755 rustup.sh 7 | RUN ./rustup.sh -y 8 | RUN rm /tmp/rustup.sh 9 | ENV PATH="/root/.cargo/bin:${PATH}" 10 | 11 | RUN mkdir /app 12 | WORKDIR /app 13 | 14 | COPY . . 15 | RUN mkdir -p extern/filecoin-ffi 16 | RUN make clean build 17 | RUN GOOS=linux go build -o local-devnet main.go && \ 18 | go run github.com/GeertJohan/go.rice/rice append --exec local-devnet -i ./build 19 | 20 | FROM golang:1.14 21 | RUN apt-get update && apt-get install -y mesa-opencl-icd ocl-icd-opencl-dev clang hwloc libhwloc-dev 22 | COPY --from=builder /app/local-devnet /app/local-devnet 23 | WORKDIR /app 24 | EXPOSE 7777 25 | ENTRYPOINT ["./local-devnet"] 26 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | FFI_PATH:=extern/filecoin-ffi/ 2 | FFI_DEPS:=.install-filcrypto 3 | FFI_DEPS:=$(addprefix $(FFI_PATH),$(FFI_DEPS)) 4 | 5 | $(FFI_DEPS): build/.filecoin-install ; 6 | 7 | build/.filecoin-install: $(FFI_PATH) 8 | $(MAKE) -C $(FFI_PATH) $(FFI_DEPS:$(FFI_PATH)%=%) 9 | @touch $@ 10 | 11 | MODULES+=$(FFI_PATH) 12 | BUILD_DEPS+=build/.filecoin-install 13 | CLEAN+=build/.filecoin-install 14 | 15 | $(MODULES): build/.update-modules ; 16 | 17 | # dummy file that marks the last time modules were updated 18 | build/.update-modules: 19 | git submodule update --init --recursive 20 | touch $@ 21 | 22 | # end git modules 23 | 24 | build: $(BUILD_DEPS) 25 | .PHONY: build 26 | 27 | clean: 28 | rm -f build/.filecoin-install 29 | rm -f build/.update-modules 30 | git submodule deinit --all -f 31 | 32 | test: clean build 33 | go test -count 1 ./... 34 | .PHONY: test -------------------------------------------------------------------------------- /extern/blst/.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Object files 5 | *.o 6 | *.ko 7 | *.obj 8 | *.elf 9 | 10 | # Linker output 11 | *.ilk 12 | *.map 13 | *.exp 14 | 15 | # Precompiled Headers 16 | *.gch 17 | *.pch 18 | 19 | # Libraries 20 | *.lib 21 | *.a 22 | *.la 23 | *.lo 24 | 25 | # Shared objects (inc. Windows DLLs) 26 | *.dll 27 | *.so 28 | *.so.* 29 | *.dylib 30 | 31 | # Executables 32 | *.exe 33 | *.out 34 | *.app 35 | *.i*86 36 | *.x86_64 37 | *.hex 38 | 39 | # Debug files 40 | *.dSYM/ 41 | *.su 42 | *.idb 43 | *.pdb 44 | 45 | # Kernel Module Compile Results 46 | *.cmd 47 | .tmp_versions/ 48 | modules.order 49 | Module.symvers 50 | Mkfile.old 51 | dkms.conf 52 | 53 | # Open swap files 54 | *.swp 55 | 56 | # Emacs backup files 57 | *~ 58 | 59 | # Rust build 60 | Cargo.lock 61 | bindings/rust/target 62 | bindings/rust/blst 63 | 64 | # These are customarily filled with swig artefacts 65 | bindings/python 66 | bindings/java 67 | bindings/node.js 68 | -------------------------------------------------------------------------------- /extern/blst/src/consts.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | #ifndef __BLS12_381_ASM_CONST_H__ 7 | #define __BLS12_381_ASM_CONST_H__ 8 | #include "vect.h" 9 | 10 | extern const vec384 BLS12_381_P; 11 | extern const limb_t BLS12_381_p0; 12 | static const limb_t p0 = (limb_t)0x89f3fffcfffcfffd; /* -1/P */ 13 | typedef union { vec384x p2; vec384 p; vec384 p12[12]; } radix384; 14 | extern const radix384 BLS12_381_Rx; /* (1<<384)%P, "radix", one-in-Montgomery */ 15 | extern const vec384 BLS12_381_RR; /* (1<<768)%P, "radix"^2, to-Montgomery */ 16 | 17 | #define ONE_MONT_P TO_LIMB_T(0x760900000002fffd), \ 18 | TO_LIMB_T(0xebf4000bc40c0002), \ 19 | TO_LIMB_T(0x5f48985753c758ba), \ 20 | TO_LIMB_T(0x77ce585370525745), \ 21 | TO_LIMB_T(0x5c071a97a256ec6d), \ 22 | TO_LIMB_T(0x15f65ec3fa80e493) 23 | 24 | #define ZERO_384 (BLS12_381_Rx.p2[1]) 25 | 26 | extern const vec256 BLS12_381_r; /* order */ 27 | static const limb_t r0 = (limb_t)0xfffffffeffffffff; /* -1/r */ 28 | extern const vec256 BLS12_381_rRR; /* (1<<512)%r, "radix"^2, to-Montgomery */ 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/textileio/lotus-devnet 2 | 3 | go 1.14 4 | 5 | require ( 6 | github.com/GeertJohan/go.rice v1.0.0 7 | github.com/filecoin-project/go-address v0.0.5-0.20201103152444-f2023ef3f5bb 8 | github.com/filecoin-project/go-fil-markets v1.0.4 9 | github.com/filecoin-project/go-jsonrpc v0.1.2-0.20201008195726-68c6a2704e49 10 | github.com/filecoin-project/go-state-types v0.0.0-20201013222834-41ea465f274f 11 | github.com/filecoin-project/go-storedcounter v0.0.0-20200421200003-1c99c62e8a5b 12 | github.com/filecoin-project/lotus v1.1.3 13 | github.com/filecoin-project/specs-actors v0.9.12 14 | github.com/filecoin-project/specs-actors/v2 v2.2.0 15 | github.com/ipfs/go-datastore v0.4.5 16 | github.com/ipfs/go-log/v2 v2.1.2-0.20200626104915-0016c0b4b3e4 17 | github.com/libp2p/go-libp2p v0.12.0 18 | github.com/libp2p/go-libp2p-core v0.7.0 19 | github.com/spf13/pflag v1.0.3 20 | github.com/spf13/viper v1.3.2 21 | github.com/stretchr/testify v1.6.1 22 | golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect 23 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 24 | honnef.co/go/tools v0.0.1-2020.1.3 // indirect 25 | 26 | ) 27 | 28 | replace github.com/filecoin-project/filecoin-ffi => ./extern/filecoin-ffi 29 | 30 | replace github.com/supranational/blst => ./extern/blst 31 | 32 | replace github.com/filecoin-project/lotus => github.com/jsign/lotus v0.4.1-0.20201113110440-4640b443453c 33 | -------------------------------------------------------------------------------- /extern/blst/bindings/rust/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "blst" 3 | version = "0.2.0" 4 | authors = ["sean-sn "] 5 | edition = "2018" 6 | license = "Apache-2.0" 7 | description = "Bindings for blst BLS12-381 library" 8 | repository = "https://github.com/supranational/blst" 9 | readme = "README.md" 10 | include = [ 11 | "**/*.rs", 12 | "Cargo.toml", 13 | "README.md", 14 | "rustfmt.toml", 15 | "blst/src/*.c", 16 | "blst/src/*.h", 17 | "blst/build/**", 18 | "blst/src/asm/*.pl", 19 | "blst/bindings/blst.h", 20 | "blst/bindings/blst_aux.h", 21 | ] 22 | 23 | [features] 24 | # By default, compile with ADX extension if the host supports it. 25 | # Binary can be executed on systems similar to the host. 26 | default = [] 27 | # Compile in portable mode, without ISA extensions. 28 | # Binary can be executed on all systems. 29 | portable = [] 30 | # Enable ADX even if the host CPU doesn't support it. 31 | # Binary can be executed on Broadwell+ and Ryzen+ systems. 32 | force-adx = [] 33 | 34 | [build-dependencies] 35 | cc = "1.0" 36 | glob = "0.3" 37 | 38 | [dependencies] 39 | threadpool = "^1.8.1" 40 | 41 | [dev-dependencies] 42 | rand = "0.7" 43 | rand_chacha = "0.2" 44 | criterion = "0.3" 45 | 46 | [[bench]] 47 | name = "blst_benches" 48 | harness = false 49 | 50 | [profile.release] 51 | #opt-level = 3 52 | 53 | [badges] 54 | maintenance = { status = "actively-developed" } 55 | -------------------------------------------------------------------------------- /extern/blst/build/refresh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | HERE=`dirname $0` 4 | cd "${HERE}" 5 | 6 | PERL=${PERL:-perl} 7 | 8 | for pl in ../src/asm/*-x86_64.pl; do 9 | s=`basename $pl .pl`.asm 10 | expr $s : '.*portable' > /dev/null || (set -x; ${PERL} $pl masm > win64/$s) 11 | s=`basename $pl .pl`.s 12 | (set -x; ${PERL} $pl elf > elf/$s) 13 | (set -x; ${PERL} $pl mingw64 > coff/$s) 14 | (set -x; ${PERL} $pl macosx > mach-o/$s) 15 | done 16 | 17 | for pl in ../src/asm/*-armv8.pl; do 18 | s=`basename $pl .pl`.asm 19 | (set -x; ${PERL} $pl win64 > win64/$s) 20 | s=`basename $pl .pl`.S 21 | (set -x; ${PERL} $pl linux64 > elf/$s) 22 | (set -x; ${PERL} $pl coff64 > coff/$s) 23 | (set -x; ${PERL} $pl ios64 > mach-o/$s) 24 | done 25 | 26 | ( cd ../bindings; 27 | echo "LIBRARY blst\n\nEXPORTS" 28 | cc -E blst.h | \ 29 | ${PERL} -ne '{ (/(blst_[\w]+)\s*\(/ || /(BLS12_[\w]+);/) && print "\t$1\n" }' 30 | echo 31 | ) > win64/blst.def 32 | 33 | if which bindgen > /dev/null 2>&1; then 34 | ( cd ../bindings; set -x; 35 | bindgen --opaque-type blst_pairing \ 36 | --with-derive-default \ 37 | --with-derive-eq \ 38 | --size_t-is-usize \ 39 | --rustified-enum BLST.\* \ 40 | blst.h | ${PERL} ../build/bindings_trim.pl > rust/src/bindings.rs 41 | ) 42 | else 43 | echo "Install Rust bindgen with 'cargo install bindgen'" 1>&2 44 | exit 1 45 | fi 46 | -------------------------------------------------------------------------------- /extern/blst/src/consts.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "consts.h" 8 | 9 | /* z = -0xd201000000010000 */ 10 | const vec384 BLS12_381_P = { /* (z-1)^2 * (z^4 - z^2 + 1)/3 + z */ 11 | TO_LIMB_T(0xb9feffffffffaaab), TO_LIMB_T(0x1eabfffeb153ffff), 12 | TO_LIMB_T(0x6730d2a0f6b0f624), TO_LIMB_T(0x64774b84f38512bf), 13 | TO_LIMB_T(0x4b1ba7b6434bacd7), TO_LIMB_T(0x1a0111ea397fe69a) 14 | }; 15 | const limb_t BLS12_381_p0 = (limb_t)0x89f3fffcfffcfffd; /* -1/P */ 16 | 17 | const radix384 BLS12_381_Rx = { /* (1<<384)%P, "radix", one-in-Montgomery */ 18 | { { ONE_MONT_P }, 19 | { 0 } } 20 | }; 21 | 22 | const vec384 BLS12_381_RR = { /* (1<<768)%P, "radix"^2, to-Montgomery */ 23 | TO_LIMB_T(0xf4df1f341c341746), TO_LIMB_T(0x0a76e6a609d104f1), 24 | TO_LIMB_T(0x8de5476c4c95b6d5), TO_LIMB_T(0x67eb88a9939d83c0), 25 | TO_LIMB_T(0x9a793e85b519952d), TO_LIMB_T(0x11988fe592cae3aa) 26 | }; 27 | 28 | const vec256 BLS12_381_r = { /* z^4 - z^2 + 1, group order */ 29 | TO_LIMB_T(0xffffffff00000001), TO_LIMB_T(0x53bda402fffe5bfe), 30 | TO_LIMB_T(0x3339d80809a1d805), TO_LIMB_T(0x73eda753299d7d48) 31 | }; 32 | 33 | const vec256 BLS12_381_rRR = { /* (1<<512)%r, "radix"^2, to-Montgomery */ 34 | TO_LIMB_T(0xc999e990f3f29c6d), TO_LIMB_T(0x2b6cedcb87925c23), 35 | TO_LIMB_T(0x05d314967254398f), TO_LIMB_T(0x0748d9d99f59ff11) 36 | }; 37 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "os/signal" 6 | "syscall" 7 | "time" 8 | 9 | logging "github.com/ipfs/go-log/v2" 10 | "github.com/spf13/pflag" 11 | "github.com/spf13/viper" 12 | "github.com/textileio/lotus-devnet/ldevnet" 13 | ) 14 | 15 | var ( 16 | log = logging.Logger("devnet-main") 17 | config = viper.New() 18 | ) 19 | 20 | func main() { 21 | 22 | err := logging.SetLogLevel("devnet-main", "INFO") 23 | if err != nil { 24 | panic(err) 25 | } 26 | 27 | pflag.Int("numminers", 1, "Number of miners in devnet") 28 | pflag.Int("speed", ldevnet.DefaultDurationMs, "Chain speed block creation in ms") 29 | pflag.Bool("bigsectors", true, "Use big sectors") 30 | pflag.String("ipfsaddr", "", "IPFS multiaddr to make Lotus use an IPFS node") 31 | pflag.Bool("onlinemode", false, "Use IPFS node in online mode") 32 | pflag.Parse() 33 | 34 | config.SetEnvPrefix("TEXLOTUSDEVNET") 35 | config.AutomaticEnv() 36 | config.BindPFlags(pflag.CommandLine) 37 | 38 | speed := config.GetInt("speed") 39 | numMiners := config.GetInt("numminers") 40 | bigSectors := config.GetBool("bigsectors") 41 | ipfsAddr := config.GetString("ipfsaddr") 42 | onlineMode := config.GetBool("onlinemode") 43 | 44 | log.Infof("Starting devnet with speed = %v, numminers = %v, bigsectors = %v, ipfsaddr = %v", speed, numMiners, bigSectors, ipfsAddr) 45 | 46 | _, err = ldevnet.New(numMiners, time.Millisecond*time.Duration(speed), bigSectors, ipfsAddr, onlineMode) 47 | if err != nil { 48 | panic(err) 49 | } 50 | 51 | ch := make(chan os.Signal, 1) 52 | signal.Notify(ch, os.Interrupt, syscall.SIGTERM) 53 | <-ch 54 | log.Info("Closing...") 55 | } 56 | -------------------------------------------------------------------------------- /extern/blst/bindings/blst_aux.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | #ifndef __BLST_AUX_H__ 7 | #define __BLST_AUX_H__ 8 | /* 9 | * This file lists interfaces that might be promoted to blst.h or removed, 10 | * depending on their proven/unproven worthiness. 11 | */ 12 | 13 | void blst_fr_to(blst_fr *ret, const blst_fr *a); 14 | void blst_fr_from(blst_fr *ret, const blst_fr *a); 15 | 16 | void blst_fp_to(blst_fp *ret, const blst_fp *a); 17 | void blst_fp_from(blst_fp *ret, const blst_fp *a); 18 | 19 | void blst_p1_from_jacobian(blst_p1 *out, const blst_p1 *in); 20 | void blst_p2_from_jacobian(blst_p2 *out, const blst_p2 *in); 21 | 22 | /* 23 | * Below functions produce both point and deserialized outcome of 24 | * SkToPk and Sign. However, deserialized outputs are pre-decorated 25 | * with sign and infinity bits. This means that you have to bring the 26 | * output into compliance prior returning to application. If you want 27 | * compressed point value, then do [equivalent of] 28 | * 29 | * byte temp[96]; 30 | * blst_sk_to_pk2_in_g1(temp, out_pk, SK); 31 | * temp[0] |= 0x80; 32 | * memcpy(out, temp, 48); 33 | * 34 | * Otherwise do 35 | * 36 | * blst_sk_to_pk2_in_g1(out, out_pk, SK); 37 | * out[0] &= ~0x20; 38 | * 39 | * Either |out| or |out_| can be NULL. 40 | */ 41 | void blst_sk_to_pk2_in_g1(byte out[96], blst_p1_affine *out_pk, 42 | const blst_scalar *SK); 43 | void blst_sign_pk2_in_g1(byte out[192], blst_p2_affine *out_sig, 44 | const blst_p2 *hash, const blst_scalar *SK); 45 | void blst_sk_to_pk2_in_g2(byte out[192], blst_p2_affine *out_pk, 46 | const blst_scalar *SK); 47 | void blst_sign_pk2_in_g2(byte out[96], blst_p1_affine *out_sig, 48 | const blst_p1 *hash, const blst_scalar *SK); 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /extern/blst/.travis.yml: -------------------------------------------------------------------------------- 1 | branches: 2 | only: 3 | - /.*/ 4 | 5 | language: rust 6 | 7 | git: 8 | quiet: true 9 | 10 | os: 11 | - linux 12 | - osx 13 | 14 | arch: 15 | - amd64 16 | - arm64 17 | 18 | before_script: 19 | - env 20 | 21 | script: 22 | - if [ "$TRAVIS_LANGUAGE" = "rust" ]; then 23 | if [ "$TRAVIS_OS_NAME" = "windows" ]; then 24 | rustup set default-host x86_64-pc-windows-msvc; 25 | export ML=-nologo; 26 | fi; 27 | ( cd bindings/rust; 28 | if [ -f target/Cargo.lock ]; then 29 | mv -f target/Cargo.lock .; 30 | fi; 31 | if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then 32 | cargo update; 33 | fi; 34 | cargo test --release ) 35 | fi 36 | - if which go > /dev/null 2>&1; then 37 | go version; 38 | if ! (grep -q -e '^flags.*\badx\b' /proc/cpuinfo) 2>/dev/null; then 39 | export CGO_CFLAGS="-O -D__BLST_PORTABLE__"; 40 | fi; 41 | (cd bindings/go; go test -test.v) 42 | fi 43 | 44 | matrix: 45 | include: 46 | - os: windows 47 | language: rust 48 | rust: stable-msvc 49 | - os: windows 50 | language: go 51 | - os: linux 52 | arch: arm64 53 | language: go 54 | 55 | notifications: 56 | email: false 57 | 58 | before_cache: 59 | - if [ "$TRAVIS_LANGUAGE" = "rust" ]; then 60 | (cd bindings/rust; 61 | cargo clean -p blst; cargo clean -p blst --release; 62 | rm -rf target/.rustc_info.json; 63 | rm -rf target/{debug,release}/*/blst-*; 64 | rm -rf target/{debug,release}/incremental; 65 | rm -rf target/{debug,release}/build/src; 66 | rm -rf target/{debug,release}/build/build; 67 | mv -f Cargo.lock target) 68 | fi 69 | - (cd "$TRAVIS_HOME"; rm -rf .cargo/registry/src) 70 | - (cd "$TRAVIS_HOME"; rm -rf .cargo/registry/index/*/.cache) 71 | 72 | cache: 73 | cargo: true 74 | directories: 75 | - bindings/rust/target 76 | 77 | -------------------------------------------------------------------------------- /extern/blst/bindings/rust/README.md: -------------------------------------------------------------------------------- 1 | # blst [![Crates.io](https://img.shields.io/crates/v/blst.svg)](https://crates.io/crates/blst) 2 | 3 | The `blst` crate provides a rust interface to the blst BLS12-381 signature library. 4 | 5 | ## Build 6 | [bindgen](https://github.com/rust-lang/rust-bindgen) is used to generate FFI bindings to blst.h. Then [build.rs](https://github.com/supranational/blst/blob/master/bindings/rust/build.rs) invokes C compiler to compile everything into libblst.a within the rust target build area. On Linux it's possible to choose compiler by setting `CC` environment variable. 7 | 8 | Everything can be built and run with the typical cargo commands: 9 | 10 | ``` 11 | cargo test 12 | cargo bench 13 | ``` 14 | 15 | If the test or target application crashes with an "illegal instruction" exception [after copying to an older system], set `CFLAGS` environment variable to `‑D__BLST_PORTABLE__` prior clean build. Alternatively, if you compile on an older Intel system, but will execute the binary on a newer one, consider instead `‑D__ADX__` for better performance. 16 | 17 | ## Usage 18 | There are two primary modes of operation that can be chosen based on declaration path: 19 | 20 | For minimal-pubkey-size operations: 21 | ``` 22 | use blst::min_pk::* 23 | ``` 24 | 25 | For minimal-signature-size operations: 26 | ``` 27 | use blst::min_sig::* 28 | ``` 29 | 30 | There are five structs with inherent implementations that provide the BLS12-381 signature functionality. 31 | ``` 32 | SecretKey 33 | PublicKey 34 | AggregatePublicKey 35 | Signature 36 | AggregateSignature 37 | ``` 38 | 39 | A simple example for generating a key, signing a message, and verifying the message: 40 | ``` 41 | let mut ikm = [0u8; 32]; 42 | rng.fill_bytes(&mut ikm); 43 | 44 | let sk = SecretKey::key_gen(&ikm, &[]).unwrap(); 45 | let pk = sk.sk_to_pk(); 46 | 47 | let dst = b"BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_"; 48 | let msg = b"blst is such a blast"; 49 | let sig = sk.sign(msg, dst, &[]); 50 | 51 | let err = sig.verify(msg, dst, &[], &pk); 52 | assert_eq!(err, BLST_ERROR::BLST_SUCCESS); 53 | ``` 54 | 55 | See the tests in src/lib.rs and benchmarks in benches/blst_benches.rs for further examples of usage. 56 | -------------------------------------------------------------------------------- /extern/blst/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | # 3 | # The script allows to override 'CC', 'CFLAGS' and 'flavour' at command 4 | # line, as well as specify additional compiler flags. For example to 5 | # compile for x32: 6 | # 7 | # /some/where/build.sh flavour=elf32 -mx32 8 | # 9 | # To cross-compile for mingw/Windows: 10 | # 11 | # /some/where/build.sh flavour=mingw64 CC=x86_64-w64-mingw32-gcc 12 | # 13 | # In addition script recognizes -shared flag and creates shared library 14 | # alongside libblst.lib. 15 | 16 | TOP=`dirname $0` 17 | 18 | CC=${CC:-cc} 19 | # if -Werror stands in the way, bypass with -Wno-error on command line 20 | CFLAGS=${CFLAGS:--O -fPIC -Wall -Wextra -Werror} 21 | PERL=${PERL:-perl} 22 | unset cflags shared 23 | 24 | case `uname -s` in 25 | Darwin) flavour=macosx 26 | if (sysctl machdep.cpu.features) 2>/dev/null | grep -q ADX; then 27 | cflags="-D__ADX__" 28 | fi 29 | ;; 30 | CYGWIN*) flavour=mingw64;; 31 | MINGW*) flavour=mingw64;; 32 | *) flavour=elf;; 33 | esac 34 | 35 | while [ "x$1" != "x" ]; do 36 | case $1 in 37 | -shared) shared=1;; 38 | -*) cflags="$cflags $1";; 39 | *=*) eval "$1";; 40 | esac 41 | shift 42 | done 43 | 44 | if (${CC} ${CFLAGS} -dM -E -x c /dev/null) 2>/dev/null | grep -q x86_64; then 45 | cflags="$cflags -mno-avx" # avoid costly transitions 46 | if (grep -q -e '^flags.*\badx\b' /proc/cpuinfo) 2>/dev/null; then 47 | cflags="-D__ADX__ $cflags" 48 | fi 49 | fi 50 | 51 | CFLAGS="$CFLAGS $cflags" 52 | 53 | rm -f libblst.a 54 | trap '[ $? -ne 0 ] && rm -f libblst.a; rm -f *.o' 0 55 | 56 | (set -x; ${CC} ${CFLAGS} -c ${TOP}/src/server.c) 57 | (set -x; ${CC} ${CFLAGS} -c ${TOP}/build/assembly.S) 58 | (set -x; ${AR:-ar} rc libblst.a *.o) 59 | 60 | if [ $shared ]; then 61 | case $flavour in 62 | macosx) (set -x; ${CC} -dynamiclib -o libblst.dylib \ 63 | -all_load libblst.a ${CFLAGS}); exit 0;; 64 | mingw*) sharedlib=blst.dll 65 | CFLAGS="${CFLAGS} --entry=DllMain ${TOP}/build/win64/dll.c" 66 | CFLAGS="${CFLAGS} -nostdlib -lgcc";; 67 | *) sharedlib=libblst.so;; 68 | esac 69 | echo "{ global: blst_*; BLS12_381_*; local: *; };" |\ 70 | (set -x; ${CC} -shared -o $sharedlib libblst.a ${CFLAGS} \ 71 | -Wl,-Bsymbolic,--require-defined=blst_keygen \ 72 | -Wl,--version-script=/dev/fd/0) 73 | fi 74 | -------------------------------------------------------------------------------- /extern/blst/src/point.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | #ifndef __BLS12_381_ASM_POINT_H__ 7 | #define __BLS12_381_ASM_POINT_H__ 8 | 9 | #include "vect.h" 10 | 11 | #define DECLARE_POINT(ptype, bits) \ 12 | typedef struct { vec##bits X,Y,Z; } ptype; \ 13 | typedef struct { vec##bits X,Y; } ptype##_affine; \ 14 | \ 15 | static void ptype##_dadd(ptype *out, const ptype *p1, const ptype *p2, \ 16 | const vec##bits a4); \ 17 | static void ptype##_dadd_affine(ptype *out, const ptype *p1, \ 18 | const ptype##_affine *p2); \ 19 | static void ptype##_add(ptype *out, const ptype *p1, const ptype *p2); \ 20 | static void ptype##_add_affine(ptype *out, const ptype *p1, \ 21 | const ptype##_affine *p2); \ 22 | static void ptype##_double(ptype *out, const ptype *p1); \ 23 | static void ptype##_mult_w5(ptype *out, const ptype *point, \ 24 | const byte *scalar, size_t nbits); \ 25 | static void ptype##_cneg(ptype *p, limb_t cbit); \ 26 | static void ptype##_to_affine(ptype##_affine *out, const ptype *in); \ 27 | static void ptype##_from_Jacobian(ptype *out, const ptype *in); \ 28 | \ 29 | static inline void ptype##_cswap(ptype *restrict a, \ 30 | ptype *restrict b, limb_t cbit) { \ 31 | vec_cswap(a, b, sizeof(ptype), cbit); \ 32 | } \ 33 | static inline void ptype##_ccopy(ptype *restrict a, \ 34 | const ptype *restrict b, limb_t cbit) {\ 35 | vec_select(a, b, a, sizeof(ptype), cbit); \ 36 | } 37 | 38 | #define DECLARE_PRIVATE_POINTXZ(ptype, bits) \ 39 | typedef struct { vec##bits X,Z; } ptype##xz; \ 40 | \ 41 | static void ptype##xz_ladder_pre(ptype##xz *out, const ptype *in); \ 42 | static void ptype##xz_ladder_step(ptype##xz *r, ptype##xz *s, \ 43 | const ptype##xz *p); \ 44 | static void ptype##xz_ladder_post(ptype *ret, \ 45 | const ptype##xz *r, const ptype##xz *s, \ 46 | const ptype##xz *p, const vec##bits Y1);\ 47 | \ 48 | static inline void ptype##xz_cswap(ptype##xz *restrict a, \ 49 | ptype##xz *restrict b, limb_t cbit) {\ 50 | vec_cswap(a, b, sizeof(ptype##xz), cbit); \ 51 | } 52 | 53 | DECLARE_POINT(POINTonE1, 384) 54 | 55 | DECLARE_POINT(POINTonE2, 384x) 56 | 57 | #ifdef __GNUC__ 58 | # pragma GCC diagnostic ignored "-Wunused-function" 59 | #endif 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Lotus Devnet 2 | Runs a Lotus Devnet using a mocked _sectorbuilder_ which can be accesed as a real Lotus node through the API. 3 | The devnet code is always tried to be update with Lotus latest `master` tag. 4 | 5 | ## Compile & Run 6 | ```bash 7 | make clean 8 | CGO_CFLAGS="-D__BLST_PORTABLE__" make 9 | go build -o lotus-devnet main.go 10 | ./lotus-devnet 11 | ``` 12 | 13 | The devnet supports the following configuration: 14 | - `-speed`: Time in milliseconds that blocks are mined. Default is 100ms. 15 | - `-numminers`: Number of miners. Default is 1. (Note: higher values is an experimental feature) 16 | - `-bigsectors`: Miners will use 512Gib sector sizes. Default is _true_, if set to _false_ miners will use 2Kib sectors 17 | - `-ipfsaddr`: IPFS multiaddr to allow the client be connected to an IPFS node as a blockstorage. 18 | 19 | All flags can be specified by environment variables using the `TEXLOTUSDEVNET_` prefix. e.g: `TEXLOTUSDEVNET_SPEED=1000` 20 | 21 | *Important:* The API will be listening on port 7777 (not in 1234 which is the usual default). 22 | 23 | ## Docker 24 | The Lotus Devnet was originally thought for integration tests in CI pipelines. 25 | 26 | ### Build locally 27 | You can build the Docker image by running `docker build .`. 28 | 29 | ## Public images 30 | A public Docker image is hosted in DockerHub on every `master` commit. 31 | Refer to [textile/lotus-devnet](https://hub.docker.com/repository/docker/textile/lotus-devnet/tags?page=1). 32 | 33 | For example, running a Lotus Devnet with 1.5s block generation speed: 34 | ```bash 35 | docker run -e TEXLOTUSDEVNET_SPEED=1500 textile/lotus-devnet 36 | ``` 37 | 38 | ## Contributing 39 | 40 | This project is a work in progress. As such, there's a few things you can do right now to help out: 41 | 42 | - **Ask questions**! We'll try to help. Be sure to drop a note (on the above issue) if there is anything you'd like to work on and we'll update the issue to let others know. Also [get in touch](https://slack.textile.io) on Slack. 43 | - **Open issues**, [file issues](https://github.com/textileio/go-threads/issues), submit pull requests! 44 | - **Perform code reviews**. More eyes will help a) speed the project along b) ensure quality and c) reduce possible future bugs. 45 | - **Take a look at the code**. Contributions here that would be most helpful are **top-level comments** about how it should look based on your understanding. Again, the more eyes the better. 46 | - **Add tests**. There can never be enough tests. 47 | 48 | Before you get started, be sure to read our [contributors guide](./CONTRIBUTING.md) and our [contributor covenant code of conduct](./CODE_OF_CONDUCT.md). 49 | 50 | ## Changelog 51 | 52 | [Changelog is published to Releases.](https://github.com/textileio/go-threads/releases) 53 | 54 | ## License 55 | 56 | [MIT](LICENSE) 57 | -------------------------------------------------------------------------------- /extern/blst/.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: ubuntu-latest 2 | 3 | on: 4 | push: 5 | branches: 6 | - '**' 7 | workflow_dispatch: 8 | branches: 9 | - '**' 10 | pull_request: 11 | branches: 12 | - master 13 | 14 | jobs: 15 | # This workflow contains a single job called "build" 16 | build: 17 | runs-on: ubuntu-latest 18 | 19 | steps: 20 | - uses: actions/checkout@v2 21 | 22 | - uses: actions/cache@v2 23 | with: 24 | path: | 25 | ~/.cargo/registry 26 | **/Cargo.lock 27 | **/bindings/rust/target 28 | key: ${{ runner.os }}-cargo-4 29 | restore-keys: ${{ runner.os }}-cargo-3 30 | 31 | - uses: actions/cache@v2 32 | with: 33 | path: ~/swig 34 | key: ${{ runner.os }}-swig-pr1746 35 | 36 | - uses: actions/setup-java@v1 37 | with: 38 | java-version: 11 39 | 40 | - uses: actions/setup-node@v1 41 | with: 42 | node-version: '12.x' 43 | 44 | - name: Environment 45 | run: | 46 | lscpu 47 | echo --- 48 | env | sort 49 | 50 | - name: Rust 51 | run: | 52 | rustc --version 53 | cd bindings/rust 54 | if [ "$GITHUB_EVENT_NAME" != "pull_request" ]; then 55 | cargo update 56 | fi 57 | cargo test --release 58 | cargo clean -p blst 59 | cargo clean -p blst --release 60 | rm -rf target/.rustc_info.json 61 | rm -rf target/{debug,release}/*/blst-* 62 | rm -rf target/{debug,release}/incremental 63 | rm -rf target/{debug,release}/build/src 64 | rm -rf target/{debug,release}/build/build 65 | rm -rf ~/.cargo/registry/src 66 | rm -rf ~/.cargo/registry/index/*/.cache 67 | 68 | - name: Go 69 | run: | 70 | go version 71 | if ! (grep -q -e '^flags.*\badx\b' /proc/cpuinfo) 2>/dev/null; then 72 | export CGO_CFLAGS="-O -D__BLST_PORTABLE__" 73 | fi 74 | cd bindings/go 75 | go test -test.v 76 | 77 | - name: Python 78 | run: if [ -x bindings/python/run.me ]; then bindings/python/run.me; fi 79 | 80 | - name: Java 81 | run: if [ -x bindings/java/run.me ]; then bindings/java/run.me; fi 82 | 83 | - name: Node.js 84 | run: | 85 | if [ -x bindings/node.js/run.me ]; then 86 | if [ ! -x ~/swig/bin/swig ]; then 87 | ( git clone -b pr/new-node-fixes https://github.com/yegorich/swig; 88 | cd swig; 89 | ./autogen.sh; 90 | ./configure --prefix=$HOME/swig; 91 | make; 92 | make install; 93 | ) 94 | fi 95 | env PATH=~/swig/bin:$PATH SWIG_LIB=~/swig/share/swig/4.0.2 \ 96 | bindings/node.js/run.me 97 | fi 98 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/README.md: -------------------------------------------------------------------------------- 1 | # blst 2 | 3 | The `blst` package provides a Go interface to the blst BLS12-381 signature library. 4 | 5 | ## Build 6 | The build process consists of two steps, code generation followed by compilation. 7 | 8 | ``` 9 | ./generate.py # Optional - only required if making code changes 10 | go build 11 | go test 12 | ``` 13 | 14 | The generate.py script is used to generate both min-pk and min-sig variants of the binding from a common code base. It consumes the `*.tgo` files along with `blst_minpk_test.go` and produces `blst.go` and `blst_minsig_test.go`. The .tgo files can treated as if they were .go files, including the use of gofmt and goimports. The generate script will filter out extra imports while processing and automatically run goimports on the final blst.go file. 15 | 16 | After running generate.py, `go build` and `go test` can be run as usual. Cgo will compile `server.c`, which includes the required C implementation files, and `assembly.S`, which includes approprate pre-generated assembly code for the platform. To compile on Windows one has to have MinGW gcc on the %PATH%. 17 | 18 | If the test or target application crashes with an "illegal instruction" exception [after copying to an older system], rebuild with `CGO_CFLAGS` environment variable set to `‑O ‑D__BLST_PORTABLE__`. Don't forget `‑O`! 19 | 20 | ## Usage 21 | There are two primary modes of operation that can be chosen based on type definitions in the application. 22 | 23 | For minimal-pubkey-size operations: 24 | ``` 25 | type PublicKey = blst.P1Affine 26 | type Signature = blst.P2Affine 27 | type AggregateSignature = blst.P2Aggregate 28 | type AggregatePublicKey = blst.P1Aggregate 29 | ``` 30 | 31 | For minimal-signature-size operations: 32 | ``` 33 | type PublicKey = blst.P2Affine 34 | type Signature = blst.P1Affine 35 | type AggregateSignature = blst.P1Aggregate 36 | type AggregatePublicKey = blst.P2Aggregate 37 | ``` 38 | 39 | TODO - structures and possibly methods 40 | 41 | A complete example for generating a key, signing a message, and verifying the message: 42 | ``` 43 | package main 44 | 45 | import ( 46 | "crypto/rand" 47 | "fmt" 48 | 49 | blst "github.com/supranational/blst/bindings/go" 50 | ) 51 | 52 | type PublicKey = blst.P1Affine 53 | type Signature = blst.P2Affine 54 | type AggregateSignature = blst.P2Aggregate 55 | type AggregatePublicKey = blst.P1Aggregate 56 | 57 | func main() { 58 | var ikm [32]byte 59 | _, _ = rand.Read(ikm[:]) 60 | sk := blst.KeyGen(ikm[:]) 61 | pk := new(PublicKey).From(sk) 62 | 63 | var dst = []byte("BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_") 64 | msg := []byte("hello foo") 65 | sig := new(Signature).Sign(sk, msg, dst) 66 | 67 | if !sig.Verify(pk, msg, dst) { 68 | fmt.Println("ERROR: Invalid!") 69 | } else { 70 | fmt.Println("Valid!") 71 | } 72 | } 73 | ``` 74 | 75 | See the tests for further examples of usage. 76 | -------------------------------------------------------------------------------- /extern/blst/src/fields.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | #ifndef __BLS12_381_ASM_FIELDS_H__ 7 | #define __BLS12_381_ASM_FIELDS_H__ 8 | 9 | #include "vect.h" 10 | #include "consts.h" 11 | 12 | /* 13 | * BLS12-381-specifc Fp shortcuts to assembly. 14 | */ 15 | static inline void add_fp(vec384 ret, const vec384 a, const vec384 b) 16 | { add_mod_384(ret, a, b, BLS12_381_P); } 17 | 18 | static inline void sub_fp(vec384 ret, const vec384 a, const vec384 b) 19 | { sub_mod_384(ret, a, b, BLS12_381_P); } 20 | 21 | static inline void mul_by_3_fp(vec384 ret, const vec384 a) 22 | { mul_by_3_mod_384(ret, a, BLS12_381_P); } 23 | 24 | static inline void mul_by_8_fp(vec384 ret, const vec384 a) 25 | { mul_by_8_mod_384(ret, a, BLS12_381_P); } 26 | 27 | static inline void lshift_fp(vec384 ret, const vec384 a, size_t count) 28 | { lshift_mod_384(ret, a, count, BLS12_381_P); } 29 | 30 | static inline void mul_fp(vec384 ret, const vec384 a, const vec384 b) 31 | { mul_mont_384(ret, a, b, BLS12_381_P, p0); } 32 | 33 | static inline void sqr_fp(vec384 ret, const vec384 a) 34 | { sqr_mont_384(ret, a, BLS12_381_P, p0); } 35 | 36 | static inline void cneg_fp(vec384 ret, const vec384 a, limb_t flag) 37 | { cneg_mod_384(ret, a, flag, BLS12_381_P); } 38 | 39 | #define neg_fp(r,a) cneg_fp((r),(a),1) 40 | 41 | static inline void eucl_inverse_fp(vec384 ret, const vec384 a) 42 | { eucl_inverse_mod_384(ret, a, BLS12_381_P, BLS12_381_RR); } 43 | 44 | static inline void from_fp(vec384 ret, const vec384 a) 45 | { from_mont_384(ret, a, BLS12_381_P, p0); } 46 | 47 | /* 48 | * BLS12-381-specifc Fp2 shortcuts to assembly. 49 | */ 50 | static inline void add_fp2(vec384x ret, const vec384x a, const vec384x b) 51 | { add_mod_384x(ret, a, b, BLS12_381_P); } 52 | 53 | static inline void sub_fp2(vec384x ret, const vec384x a, const vec384x b) 54 | { sub_mod_384x(ret, a, b, BLS12_381_P); } 55 | 56 | static inline void mul_by_3_fp2(vec384x ret, const vec384x a) 57 | { mul_by_3_mod_384x(ret, a, BLS12_381_P); } 58 | 59 | static inline void mul_by_8_fp2(vec384x ret, const vec384x a) 60 | { mul_by_8_mod_384x(ret, a, BLS12_381_P); } 61 | 62 | static inline void lshift_fp2(vec384x ret, const vec384x a, size_t count) 63 | { 64 | lshift_mod_384(ret[0], a[0], count, BLS12_381_P); 65 | lshift_mod_384(ret[1], a[1], count, BLS12_381_P); 66 | } 67 | 68 | static inline void mul_fp2(vec384x ret, const vec384x a, const vec384x b) 69 | { mul_mont_384x(ret, a, b, BLS12_381_P, p0); } 70 | 71 | static inline void sqr_fp2(vec384x ret, const vec384x a) 72 | { sqr_mont_384x(ret, a, BLS12_381_P, p0); } 73 | 74 | static inline void cneg_fp2(vec384x ret, const vec384x a, limb_t flag) 75 | { 76 | cneg_mod_384(ret[0], a[0], flag, BLS12_381_P); 77 | cneg_mod_384(ret[1], a[1], flag, BLS12_381_P); 78 | } 79 | 80 | #define neg_fp2(r,a) cneg_fp2((r),(a),1) 81 | 82 | typedef vec384x vec384fp2; 83 | typedef vec384fp2 vec384fp6[3]; 84 | typedef vec384fp6 vec384fp12[2]; 85 | 86 | static void sqr_fp12(vec384fp12 ret, const vec384fp12 a); 87 | static void cyclotomic_sqr_fp12(vec384fp12 ret, const vec384fp12 a); 88 | static void mul_fp12(vec384fp12 ret, const vec384fp12 a, const vec384fp12 b); 89 | static void mul_by_xy00z0_fp12(vec384fp12 ret, const vec384fp12 a, 90 | const vec384fp6 xy00z0); 91 | static void conjugate_fp12(vec384fp12 a); 92 | static void inverse_fp12(vec384fp12 ret, const vec384fp12 a); 93 | /* caveat lector! |n| has to be non-zero and not more than 3! */ 94 | static void frobenius_map_fp12(vec384fp12 ret, const vec384fp12 a, size_t n); 95 | 96 | #endif /* __BLS12_381_ASM_FIELDS_H__ */ 97 | -------------------------------------------------------------------------------- /extern/blst/build/assembly.S: -------------------------------------------------------------------------------- 1 | #if defined(__x86_64) || defined(__x86_64__) 2 | # if defined(__ELF__) 3 | # if defined(__BLST_PORTABLE__) 4 | # include "elf/sha256-portable-x86_64.s" 5 | # else 6 | # include "elf/sha256-x86_64.s" 7 | # endif 8 | # include "elf/inverse_mod_384-x86_64.s" 9 | # include "elf/add_mod_384-x86_64.s" 10 | # include "elf/add_mod_384x384-x86_64.s" 11 | # define __add_mod_384 __add_mont_384 12 | # define __sub_mod_384 __sub_mont_384 13 | # define __sub_mod_384x384 __sub_mont_384x384 14 | # if defined(__ADX__) && !defined(__BLST_PORTABLE__) 15 | # include "elf/mulx_mont_384-x86_64.s" 16 | # include "elf/mulx_mont_256-x86_64.s" 17 | # else 18 | # include "elf/mulq_mont_384-x86_64.s" 19 | # include "elf/mulq_mont_256-x86_64.s" 20 | # endif 21 | # include "elf/add_mod_256-x86_64.s" 22 | # include "elf/inverse_mod_256-x86_64.s" 23 | # elif defined(_WIN64) || defined(__CYGWIN__) 24 | # if defined(__BLST_PORTABLE__) 25 | # include "coff/sha256-portable-x86_64.s" 26 | # else 27 | # include "coff/sha256-x86_64.s" 28 | # endif 29 | # include "coff/inverse_mod_384-x86_64.s" 30 | # include "coff/add_mod_384-x86_64.s" 31 | # include "coff/add_mod_384x384-x86_64.s" 32 | # define __add_mod_384 __add_mont_384 33 | # define __sub_mod_384 __sub_mont_384 34 | # define __sub_mod_384x384 __sub_mont_384x384 35 | # if defined(__ADX__) && !defined(__BLST_PORTABLE__) 36 | # include "coff/mulx_mont_384-x86_64.s" 37 | # include "coff/mulx_mont_256-x86_64.s" 38 | # else 39 | # include "coff/mulq_mont_384-x86_64.s" 40 | # include "coff/mulq_mont_256-x86_64.s" 41 | # endif 42 | # include "coff/add_mod_256-x86_64.s" 43 | # include "coff/inverse_mod_256-x86_64.s" 44 | # elif defined(__APPLE__) 45 | # include "mach-o/sha256-x86_64.s" 46 | # include "mach-o/inverse_mod_384-x86_64.s" 47 | # include "mach-o/add_mod_384-x86_64.s" 48 | # include "mach-o/add_mod_384x384-x86_64.s" 49 | # define __add_mod_384 __add_mont_384 50 | # define __sub_mod_384 __sub_mont_384 51 | # define __sub_mod_384x384 __sub_mont_384x384 52 | # if defined(__ADX__) && !defined(__BLST_PORTABLE__) 53 | # include "mach-o/mulx_mont_384-x86_64.s" 54 | # include "mach-o/mulx_mont_256-x86_64.s" 55 | # else 56 | # include "mach-o/mulq_mont_384-x86_64.s" 57 | # include "mach-o/mulq_mont_256-x86_64.s" 58 | # endif 59 | # include "mach-o/add_mod_256-x86_64.s" 60 | # include "mach-o/inverse_mod_256-x86_64.s" 61 | # endif 62 | #elif defined(__aarch64__) 63 | # if defined(__ELF__) 64 | # include "elf/sha256-armv8.S" 65 | # include "elf/inverse_mod_384-armv8.S" 66 | # include "elf/add_mod_384-armv8.S" 67 | # define __add_mod_384 __add_mont_384 68 | # define __sub_mod_384 __sub_mont_384 69 | # include "elf/mul_mont_384-armv8.S" 70 | # include "elf/mul_mont_256-armv8.S" 71 | # include "elf/add_mod_256-armv8.S" 72 | # include "elf/inverse_mod_256-armv8.S" 73 | # elif defined(_WIN64) 74 | # include "coff/sha256-armv8.S" 75 | # include "coff/inverse_mod_384-armv8.S" 76 | # include "coff/add_mod_384-armv8.S" 77 | # define __add_mod_384 __add_mont_384 78 | # define __sub_mod_384 __sub_mont_384 79 | # include "coff/mul_mont_384-armv8.S" 80 | # include "coff/mul_mont_256-armv8.S" 81 | # include "coff/add_mod_256-armv8.S" 82 | # include "coff/inverse_mod_256-armv8.S" 83 | # elif defined(__APPLE__) 84 | # include "mach-o/sha256-armv8.S" 85 | # include "mach-o/inverse_mod_384-armv8.S" 86 | # include "mach-o/add_mod_384-armv8.S" 87 | # define __add_mod_384 __add_mont_384 88 | # define __sub_mod_384 __sub_mont_384 89 | # include "mach-o/mul_mont_384-armv8.S" 90 | # include "mach-o/mul_mont_256-armv8.S" 91 | # include "mach-o/add_mod_256-armv8.S" 92 | # include "mach-o/inverse_mod_256-armv8.S" 93 | # endif 94 | #else 95 | # error "unsupported platform" 96 | #endif 97 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/assembly.S: -------------------------------------------------------------------------------- 1 | #if defined(__x86_64) || defined(__x86_64__) 2 | # if defined(__ELF__) 3 | # if defined(__BLST_PORTABLE__) 4 | # include "elf/sha256-portable-x86_64.s" 5 | # else 6 | # include "elf/sha256-x86_64.s" 7 | # endif 8 | # include "elf/inverse_mod_384-x86_64.s" 9 | # include "elf/add_mod_384-x86_64.s" 10 | # include "elf/add_mod_384x384-x86_64.s" 11 | # define __add_mod_384 __add_mont_384 12 | # define __sub_mod_384 __sub_mont_384 13 | # define __sub_mod_384x384 __sub_mont_384x384 14 | # if defined(__ADX__) && !defined(__BLST_PORTABLE__) 15 | # include "elf/mulx_mont_384-x86_64.s" 16 | # include "elf/mulx_mont_256-x86_64.s" 17 | # else 18 | # include "elf/mulq_mont_384-x86_64.s" 19 | # include "elf/mulq_mont_256-x86_64.s" 20 | # endif 21 | # include "elf/add_mod_256-x86_64.s" 22 | # include "elf/inverse_mod_256-x86_64.s" 23 | # elif defined(_WIN64) || defined(__CYGWIN__) 24 | # if defined(__BLST_PORTABLE__) 25 | # include "coff/sha256-portable-x86_64.s" 26 | # else 27 | # include "coff/sha256-x86_64.s" 28 | # endif 29 | # include "coff/inverse_mod_384-x86_64.s" 30 | # include "coff/add_mod_384-x86_64.s" 31 | # include "coff/add_mod_384x384-x86_64.s" 32 | # define __add_mod_384 __add_mont_384 33 | # define __sub_mod_384 __sub_mont_384 34 | # define __sub_mod_384x384 __sub_mont_384x384 35 | # if defined(__ADX__) && !defined(__BLST_PORTABLE__) 36 | # include "coff/mulx_mont_384-x86_64.s" 37 | # include "coff/mulx_mont_256-x86_64.s" 38 | # else 39 | # include "coff/mulq_mont_384-x86_64.s" 40 | # include "coff/mulq_mont_256-x86_64.s" 41 | # endif 42 | # include "coff/add_mod_256-x86_64.s" 43 | # include "coff/inverse_mod_256-x86_64.s" 44 | # elif defined(__APPLE__) 45 | # include "mach-o/sha256-x86_64.s" 46 | # include "mach-o/inverse_mod_384-x86_64.s" 47 | # include "mach-o/add_mod_384-x86_64.s" 48 | # include "mach-o/add_mod_384x384-x86_64.s" 49 | # define __add_mod_384 __add_mont_384 50 | # define __sub_mod_384 __sub_mont_384 51 | # define __sub_mod_384x384 __sub_mont_384x384 52 | # if defined(__ADX__) && !defined(__BLST_PORTABLE__) 53 | # include "mach-o/mulx_mont_384-x86_64.s" 54 | # include "mach-o/mulx_mont_256-x86_64.s" 55 | # else 56 | # include "mach-o/mulq_mont_384-x86_64.s" 57 | # include "mach-o/mulq_mont_256-x86_64.s" 58 | # endif 59 | # include "mach-o/add_mod_256-x86_64.s" 60 | # include "mach-o/inverse_mod_256-x86_64.s" 61 | # endif 62 | #elif defined(__aarch64__) 63 | # if defined(__ELF__) 64 | # include "elf/sha256-armv8.S" 65 | # include "elf/inverse_mod_384-armv8.S" 66 | # include "elf/add_mod_384-armv8.S" 67 | # define __add_mod_384 __add_mont_384 68 | # define __sub_mod_384 __sub_mont_384 69 | # include "elf/mul_mont_384-armv8.S" 70 | # include "elf/mul_mont_256-armv8.S" 71 | # include "elf/add_mod_256-armv8.S" 72 | # include "elf/inverse_mod_256-armv8.S" 73 | # elif defined(_WIN64) 74 | # include "coff/sha256-armv8.S" 75 | # include "coff/inverse_mod_384-armv8.S" 76 | # include "coff/add_mod_384-armv8.S" 77 | # define __add_mod_384 __add_mont_384 78 | # define __sub_mod_384 __sub_mont_384 79 | # include "coff/mul_mont_384-armv8.S" 80 | # include "coff/mul_mont_256-armv8.S" 81 | # include "coff/add_mod_256-armv8.S" 82 | # include "coff/inverse_mod_256-armv8.S" 83 | # elif defined(__APPLE__) 84 | # include "mach-o/sha256-armv8.S" 85 | # include "mach-o/inverse_mod_384-armv8.S" 86 | # include "mach-o/add_mod_384-armv8.S" 87 | # define __add_mod_384 __add_mont_384 88 | # define __sub_mod_384 __sub_mont_384 89 | # include "mach-o/mul_mont_384-armv8.S" 90 | # include "mach-o/mul_mont_256-armv8.S" 91 | # include "mach-o/add_mod_256-armv8.S" 92 | # include "mach-o/inverse_mod_256-armv8.S" 93 | # endif 94 | #else 95 | # error "unsupported platform" 96 | #endif 97 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/blst_htoc_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | package blst 8 | 9 | import ( 10 | "encoding/hex" 11 | "encoding/json" 12 | "fmt" 13 | "io/ioutil" 14 | "os" 15 | "strings" 16 | "testing" 17 | ) 18 | 19 | func decodeP1(m map[string]interface{}) *P1Affine { 20 | x, err := hex.DecodeString(m["x"].(string)[2:]) 21 | if err != nil { 22 | fmt.Println(err) 23 | return nil 24 | } 25 | y, err := hex.DecodeString(m["y"].(string)[2:]) 26 | if err != nil { 27 | fmt.Println(err) 28 | return nil 29 | } 30 | var p1 P1Affine 31 | p1.x.FromBEndian(x) 32 | p1.y.FromBEndian(y) 33 | return &p1 34 | } 35 | 36 | func TestG1HashToCurve(t *testing.T) { 37 | vfile, err := os.Open("hash_to_curve/BLS12381G1_XMD_SHA-256_SSWU_RO_.json") 38 | if err != nil { 39 | t.Errorf(err.Error()) 40 | } 41 | defer vfile.Close() 42 | buf, err := ioutil.ReadAll(vfile) 43 | if err != nil { 44 | t.Errorf(err.Error()) 45 | } 46 | 47 | var vectors map[string]interface{} 48 | err = json.Unmarshal(buf, &vectors) 49 | if err != nil { 50 | t.Errorf(err.Error()) 51 | } 52 | 53 | dst := []byte(vectors["dst"].(string)) 54 | 55 | vectorsArr, ok := vectors["vectors"].([]interface{}) 56 | if !ok { 57 | t.Errorf("Could not cast vectors to an array") 58 | } 59 | 60 | for _, v := range vectorsArr { 61 | testMap, ok := v.(map[string]interface{}) 62 | if !ok { 63 | t.Errorf("Could not cast vector to map") 64 | } 65 | 66 | msg := []byte(testMap["msg"].(string)) 67 | p1Expected := decodeP1(testMap["P"].(map[string]interface{})) 68 | p1Hashed := HashToG1(msg, dst).ToAffine() 69 | 70 | if !p1Hashed.Equals(p1Expected) { 71 | t.Errorf("hashed != expected") 72 | } 73 | } 74 | } 75 | 76 | func decodeP2(m map[string]interface{}) *P2Affine { 77 | xArr := strings.Split(m["x"].(string), ",") 78 | x0, err := hex.DecodeString(xArr[0][2:]) 79 | if err != nil { 80 | fmt.Println(err) 81 | return nil 82 | } 83 | x1, err := hex.DecodeString(xArr[1][2:]) 84 | if err != nil { 85 | fmt.Println(err) 86 | return nil 87 | } 88 | yArr := strings.Split(m["y"].(string), ",") 89 | y0, err := hex.DecodeString(yArr[0][2:]) 90 | if err != nil { 91 | fmt.Println(err) 92 | return nil 93 | } 94 | y1, err := hex.DecodeString(yArr[1][2:]) 95 | if err != nil { 96 | fmt.Println(err) 97 | return nil 98 | } 99 | var p2 P2Affine 100 | p2.x.fp[0].FromBEndian(x0) 101 | p2.x.fp[1].FromBEndian(x1) 102 | p2.y.fp[0].FromBEndian(y0) 103 | p2.y.fp[1].FromBEndian(y1) 104 | return &p2 105 | } 106 | 107 | func TestG2HashToCurve(t *testing.T) { 108 | vfile, err := os.Open("hash_to_curve/BLS12381G2_XMD_SHA-256_SSWU_RO_.json") 109 | if err != nil { 110 | t.Errorf(err.Error()) 111 | } 112 | defer vfile.Close() 113 | buf, err := ioutil.ReadAll(vfile) 114 | if err != nil { 115 | t.Errorf(err.Error()) 116 | } 117 | 118 | var vectors map[string]interface{} 119 | err = json.Unmarshal(buf, &vectors) 120 | if err != nil { 121 | t.Errorf(err.Error()) 122 | } 123 | 124 | dst := []byte(vectors["dst"].(string)) 125 | 126 | vectorsArr, ok := vectors["vectors"].([]interface{}) 127 | if !ok { 128 | t.Errorf("Could not cast vectors to an array") 129 | } 130 | 131 | for _, v := range vectorsArr { 132 | testMap, ok := v.(map[string]interface{}) 133 | if !ok { 134 | t.Errorf("Could not cast vector to map") 135 | } 136 | 137 | msg := []byte(testMap["msg"].(string)) 138 | p2Expected := decodeP2(testMap["P"].(map[string]interface{})) 139 | p2Hashed := HashToG2(msg, dst).ToAffine() 140 | 141 | if !p2Hashed.Equals(p2Expected) { 142 | t.Errorf("hashed != expected") 143 | } 144 | } 145 | } 146 | -------------------------------------------------------------------------------- /extern/blst/src/vect.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "vect.h" 8 | 9 | /* 10 | * Following are some reference C implementations to assist new 11 | * assembly modules development, as starting-point stand-ins and for 12 | * cross-checking. In order to "polyfil" specific subroutine redefine 13 | * it on compiler command line, e.g. -Dmul_mont_384x=_mul_mont_384x. 14 | */ 15 | 16 | #ifdef lshift_mod_384 17 | void lshift_mod_384(vec384x ret, const vec384x a, size_t n, const vec384 p) 18 | { 19 | while(n--) 20 | add_mod_384(ret, a, a, mod), a = ret; 21 | } 22 | #endif 23 | 24 | #ifdef mul_by_8_mod_384 25 | void mul_by_8_mod_384(vec384 ret, const vec384 a, const vec384 mod) 26 | { lshift_mod_384(ret, a, 3, mod); } 27 | #endif 28 | 29 | #ifdef mul_by_3_mod_384 30 | void mul_by_3_mod_384(vec384 ret, const vec384 a, const vec384 mod) 31 | { 32 | vec384 t; 33 | 34 | add_mod_384(t, a, a, mod); 35 | add_mod_384(ret, t, a, mod); 36 | } 37 | #endif 38 | 39 | #ifdef mul_by_3_mod_384x 40 | void mul_by_3_mod_384x(vec384x ret, const vec384x a, const vec384 mod) 41 | { 42 | mul_by_3_mod_384(ret[0], a[0], mod); 43 | mul_by_3_mod_384(ret[1], a[1], mod); 44 | } 45 | #endif 46 | 47 | #ifdef mul_by_8_mod_384x 48 | void mul_by_8_mod_384x(vec384 ret, const vec384 a, const vec384 mod) 49 | { 50 | mul_by_8_mod_384(ret[0], a[0], mod); 51 | mul_by_8_mod_384(ret[1], a[1], mod); 52 | } 53 | #endif 54 | 55 | #ifdef mul_by_1_plus_i_mod_384x 56 | void mul_by_1_plus_i_mod_384x(vec384x ret, const vec384x a, const vec384 mod) 57 | { 58 | vec384 t; 59 | 60 | add_mod_384(t, a[0], a[1], mod); 61 | sub_mod_384(ret[0], a[0], a[1], mod); 62 | vec_copy(ret[1], t, sizeof(t)); 63 | } 64 | #endif 65 | 66 | #ifdef add_mod_384x 67 | void add_mod_384x(vec384x ret, const vec384x a, const vec384x b, 68 | const vec384 mod) 69 | { 70 | add_mod_384(ret[0], a[0], b[0], mod); 71 | add_mod_384(ret[1], a[1], b[1], mod); 72 | } 73 | #endif 74 | 75 | #ifdef sub_mod_384x 76 | void sub_mod_384x(vec384x ret, const vec384x a, const vec384x b, 77 | const vec384 mod) 78 | { 79 | sub_mod_384(ret[0], a[0], b[0], mod); 80 | sub_mod_384(ret[1], a[1], b[1], mod); 81 | } 82 | #endif 83 | 84 | #ifdef lshift_mod_384x 85 | void lshift_mod_384x(vec384x ret, const vec384x a, size_t n, const vec384 p) 86 | { 87 | lshift_mod_384(ret[0], a[0], n, p); 88 | lshift_mod_384(ret[1], a[1], n, p); 89 | } 90 | #endif 91 | 92 | #if defined(mul_mont_384x) && !(defined(__ADX__) && !defined(__BLST_PORTABLE__)) 93 | void mul_mont_384x(vec384x ret, const vec384x a, const vec384x b, 94 | const vec384 mod, limb_t n0) 95 | { 96 | vec768 t0, t1, t2; 97 | vec384 aa, bb; 98 | 99 | mul_384(t0, a[0], b[0]); 100 | mul_384(t1, a[1], b[1]); 101 | 102 | add_mod_384(aa, a[0], a[1], mod); 103 | add_mod_384(bb, b[0], b[1], mod); 104 | mul_384(t2, aa, bb); 105 | sub_mod_384x384(t2, t2, t0, mod); 106 | sub_mod_384x384(t2, t2, t1, mod); 107 | 108 | sub_mod_384x384(t0, t0, t1, mod); 109 | 110 | redc_mont_384(ret[0], t0, mod, n0); 111 | redc_mont_384(ret[1], t2, mod, n0); 112 | } 113 | #endif 114 | 115 | #if defined(sqr_mont_384x) && !(defined(__ADX__) && !defined(__BLST_PORTABLE__)) 116 | void sqr_mont_384x(vec384x ret, const vec384x a, const vec384 mod, limb_t n0) 117 | { 118 | vec384 t0, t1; 119 | 120 | add_mod_384(t0, a[0], a[1], mod); 121 | sub_mod_384(t1, a[0], a[1], mod); 122 | 123 | mul_mont_384(ret[1], a[0], a[1], mod, n0); 124 | add_mod_384(ret[1], ret[1], ret[1], mod); 125 | 126 | mul_mont_384(ret[0], t0, t1, mod, n0); 127 | } 128 | #endif 129 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/generate.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import os 4 | import sys 5 | import re 6 | 7 | here = re.split(r'/(?=[^/]*$)', sys.argv[0]) 8 | if len(here) > 1: 9 | os.chdir(here[0]) 10 | 11 | for dir in re.split(r':', os.getenv("GOPATH")): 12 | goimports = dir + "/bin/goimports" 13 | if os.path.isfile(goimports) and os.access(goimports, os.X_OK): 14 | break 15 | goimports = None 16 | 17 | if goimports is None: 18 | print("goimports is not found on $GOPATH", file=sys.stderr) 19 | print("install with 'go get golang.org/x/tools/cmd/goimports'", file=sys.stderr) 20 | sys.exit(1) 21 | 22 | outFile = 'blst.go' 23 | 24 | 25 | def concatFile(fout, fin, removeImports): 26 | for line in fin: 27 | if removeImports and 'import' in line: 28 | while ')' not in line: 29 | line = fin.readline() 30 | continue 31 | print(line, file=fout, end='') 32 | 33 | 34 | def remap(fout, fin, mapping, dont_touch, removeImports): 35 | for line in fin: 36 | if removeImports and 'import' in line: 37 | while ')' not in line: 38 | line = fin.readline() 39 | continue 40 | for (a, b) in dont_touch: 41 | line = line.replace(a, b) 42 | 43 | for (a, b) in mapping: 44 | line = line.replace(a, a+"_tmp") 45 | line = line.replace(b, b+"_tmp") 46 | line = line.replace(a+"_tmp", b) 47 | line = line.replace(b+"_tmp", a) 48 | 49 | for (a, b) in dont_touch: 50 | line = line.replace(b, a) 51 | print(line, file=fout, end='') 52 | 53 | fout = open(outFile, "w") 54 | 55 | print("//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", file=fout) 56 | print("// DO NOT EDIT THIS FILE!!", file=fout) 57 | print("// The file is generated from *.tgo by " + here[-1], file=fout) 58 | print("//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", file=fout) 59 | 60 | fin = open('blst.tgo', "r") 61 | concatFile(fout, fin, False) 62 | fin.close() 63 | 64 | # min-pk 65 | print("//", file=fout) 66 | print("// MIN-PK", file=fout) 67 | print("//", file=fout) 68 | 69 | fin = open('blst_minpk.tgo', "r") 70 | concatFile(fout, fin, True) 71 | fin.close() 72 | 73 | # These are strings that overlap with the mapping names but we don't 74 | # actually want to change. The second value should be a unique string. 75 | dont_touch = (('Fp12', 'foo1234'),) 76 | 77 | # We're going to swap these names to get from min-pk to min-sig 78 | mapping = [('P1', 'P2'), 79 | ('p1', 'p2'), 80 | ('G1', 'G2'), 81 | ('g1', 'g2') 82 | ] 83 | 84 | # min-sig 85 | print("//", file=fout) 86 | print("// MIN-SIG", file=fout) 87 | print("//", file=fout) 88 | 89 | with open('blst_minpk.tgo', "r") as fin: 90 | remap(fout, fin, mapping, dont_touch, True) 91 | 92 | # serdes and other functions 93 | fin = open('blst_px.tgo', "r") 94 | concatFile(fout, fin, True) 95 | fin.close() 96 | 97 | with open('blst_px.tgo', "r") as fin: 98 | remap(fout, fin, mapping, dont_touch, True) 99 | 100 | # final code 101 | fin = open('blst_misc.tgo', "r") 102 | concatFile(fout, fin, True) 103 | fin.close() 104 | 105 | fout.close() 106 | 107 | # Use goimports to generate the import list 108 | os.system(goimports + " -w blst.go") 109 | 110 | # Generate min-sig tests 111 | fout = open('blst_minsig_test.go', "w") 112 | print("//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", file=fout) 113 | print("// DO NOT EDIT THIS FILE!!", file=fout) 114 | print("// The file is generated from blst_minpk_test.go by " + here[-1], file=fout) 115 | print("//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", file=fout) 116 | 117 | mapping.append(('MinPk', 'MinSig')) 118 | 119 | with open('blst_minpk_test.go', "r") as fin: 120 | remap(fout, fin, mapping, dont_touch, False) 121 | fout.close() 122 | -------------------------------------------------------------------------------- /extern/blst/build/win64/blst.def: -------------------------------------------------------------------------------- 1 | LIBRARY blst 2 | 3 | EXPORTS 4 | blst_scalar_from_uint32 5 | blst_uint32_from_scalar 6 | blst_scalar_from_uint64 7 | blst_uint64_from_scalar 8 | blst_scalar_from_bendian 9 | blst_bendian_from_scalar 10 | blst_scalar_from_lendian 11 | blst_lendian_from_scalar 12 | blst_scalar_fr_check 13 | blst_fr_add 14 | blst_fr_sub 15 | blst_fr_mul_by_3 16 | blst_fr_lshift 17 | blst_fr_rshift 18 | blst_fr_mul 19 | blst_fr_sqr 20 | blst_fr_cneg 21 | blst_fr_eucl_inverse 22 | blst_fr_from_uint64 23 | blst_uint64_from_fr 24 | blst_fr_from_scalar 25 | blst_scalar_from_fr 26 | blst_fp_add 27 | blst_fp_sub 28 | blst_fp_mul_by_3 29 | blst_fp_mul_by_8 30 | blst_fp_lshift 31 | blst_fp_mul 32 | blst_fp_sqr 33 | blst_fp_cneg 34 | blst_fp_eucl_inverse 35 | blst_fp_inverse 36 | blst_fp_sqrt 37 | blst_fp_from_uint32 38 | blst_uint32_from_fp 39 | blst_fp_from_uint64 40 | blst_uint64_from_fp 41 | blst_fp_from_bendian 42 | blst_bendian_from_fp 43 | blst_fp_from_lendian 44 | blst_lendian_from_fp 45 | blst_fp2_add 46 | blst_fp2_sub 47 | blst_fp2_mul_by_3 48 | blst_fp2_mul_by_8 49 | blst_fp2_lshift 50 | blst_fp2_mul 51 | blst_fp2_sqr 52 | blst_fp2_cneg 53 | blst_fp2_eucl_inverse 54 | blst_fp2_inverse 55 | blst_fp2_sqrt 56 | blst_fp12_sqr 57 | blst_fp12_cyclotomic_sqr 58 | blst_fp12_mul 59 | blst_fp12_mul_by_xy00z0 60 | blst_fp12_conjugate 61 | blst_fp12_inverse 62 | blst_fp12_frobenius_map 63 | blst_fp12_is_equal 64 | blst_fp12_is_one 65 | blst_fp12_one 66 | blst_p1_add 67 | blst_p1_add_or_double 68 | blst_p1_add_affine 69 | blst_p1_add_or_double_affine 70 | blst_p1_double 71 | blst_p1_mult 72 | blst_p1_cneg 73 | blst_p1_to_affine 74 | blst_p1_from_affine 75 | blst_p1_on_curve 76 | blst_p1_is_equal 77 | blst_p1_is_inf 78 | blst_p1_generator 79 | blst_p1_affine_on_curve 80 | blst_p1_affine_in_g1 81 | blst_p1_affine_is_equal 82 | blst_p1_affine_is_inf 83 | blst_p1_affine_generator 84 | blst_p2_add 85 | blst_p2_add_or_double 86 | blst_p2_add_affine 87 | blst_p2_add_or_double_affine 88 | blst_p2_double 89 | blst_p2_mult 90 | blst_p2_cneg 91 | blst_p2_to_affine 92 | blst_p2_from_affine 93 | blst_p2_on_curve 94 | blst_p2_is_equal 95 | blst_p2_is_inf 96 | blst_p2_generator 97 | blst_p2_affine_on_curve 98 | blst_p2_affine_in_g2 99 | blst_p2_affine_is_equal 100 | blst_p2_affine_is_inf 101 | blst_p2_affine_generator 102 | blst_map_to_g1 103 | blst_map_to_g2 104 | blst_encode_to_g1 105 | blst_hash_to_g1 106 | blst_encode_to_g2 107 | blst_hash_to_g2 108 | blst_p1_serialize 109 | blst_p1_compress 110 | blst_p1_affine_serialize 111 | blst_p1_affine_compress 112 | blst_p1_uncompress 113 | blst_p1_deserialize 114 | blst_p2_serialize 115 | blst_p2_compress 116 | blst_p2_affine_serialize 117 | blst_p2_affine_compress 118 | blst_p2_uncompress 119 | blst_p2_deserialize 120 | blst_keygen 121 | blst_sk_to_pk_in_g1 122 | blst_sign_pk_in_g1 123 | blst_sk_to_pk_in_g2 124 | blst_sign_pk_in_g2 125 | blst_miller_loop 126 | blst_final_exp 127 | blst_precompute_lines 128 | blst_miller_loop_lines 129 | blst_pairing_sizeof 130 | blst_pairing_init 131 | blst_pairing_get_dst 132 | blst_pairing_commit 133 | blst_pairing_aggregate_pk_in_g2 134 | blst_pairing_mul_n_aggregate_pk_in_g2 135 | blst_pairing_aggregate_pk_in_g1 136 | blst_pairing_mul_n_aggregate_pk_in_g1 137 | blst_pairing_merge 138 | blst_pairing_finalverify 139 | blst_aggregate_in_g1 140 | blst_aggregate_in_g2 141 | blst_aggregated_in_g1 142 | blst_aggregated_in_g2 143 | blst_core_verify_pk_in_g1 144 | blst_core_verify_pk_in_g2 145 | BLS12_381_G1 146 | BLS12_381_NEG_G1 147 | BLS12_381_G2 148 | BLS12_381_NEG_G2 149 | blst_fr_to 150 | blst_fr_from 151 | blst_fp_to 152 | blst_fp_from 153 | blst_p1_from_jacobian 154 | blst_p2_from_jacobian 155 | blst_sk_to_pk2_in_g1 156 | blst_sign_pk2_in_g1 157 | blst_sk_to_pk2_in_g2 158 | blst_sign_pk2_in_g2 159 | 160 | -------------------------------------------------------------------------------- /extern/blst/build/mach-o/inverse_mod_256-armv8.S: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .align 5 4 | Lone_256: 5 | .quad 1,0,0,0 6 | 7 | .globl _eucl_inverse_mod_256 8 | .private_extern _eucl_inverse_mod_256 9 | 10 | .align 5 11 | _eucl_inverse_mod_256: 12 | .long 3573752639 13 | stp x29,x30,[sp,#-16]! 14 | add x29,sp,#0 15 | sub sp,sp,#128 16 | 17 | adr x4,Lone_256 18 | cmp x3,#0 19 | csel x3,x3,x4,ne // default x3 to 1 20 | 21 | ldp x4,x5,[x1] 22 | ldp x6,x7,[x1,#16] 23 | 24 | orr x8,x4,x5 25 | orr x9,x6,x7 26 | orr x10,x8,x9 27 | cbz x10,Labort_256 // abort if |inp|==0 28 | 29 | ldp x8,x9,[x3] 30 | ldp x10,x11,[x3,#16] 31 | 32 | ldp x12,x13,[x2] 33 | ldp x14,x15,[x2,#16] 34 | 35 | stp x4,x5,[sp,#0] // copy |inp| to U 36 | stp x6,x7,[sp,#0+16] 37 | 38 | stp x8,x9,[sp,#0+32] // copy |one| to X 39 | stp x10,x11,[sp,#0+48] 40 | 41 | stp x12,x13,[sp,#64] // copy |mod| to V 42 | stp x14,x15,[sp,#64+16] 43 | 44 | stp xzr,xzr,[sp,#64+32] // clear Y 45 | stp xzr,xzr,[sp,#64+48] 46 | b Loop_inv_256 47 | 48 | .align 4 49 | Loop_inv_256: 50 | add x1,sp,#64 51 | bl __remove_powers_of_2_256 52 | 53 | add x1,sp,#0 54 | bl __remove_powers_of_2_256 55 | 56 | ldp x8,x9,[sp,#64] 57 | add x2,sp,#64 58 | ldp x10,x11,[sp,#64+16] 59 | subs x4,x4,x8 // U-V 60 | sbcs x5,x5,x9 61 | sbcs x6,x6,x10 62 | sbcs x7,x7,x11 63 | b.hs Lu_greater_than_v_256 64 | 65 | eor x2,x2,x1 // xchg x2,x1 66 | mvn x4,x4 // U-V => V-U 67 | eor x1,x1,x2 68 | mvn x5,x5 69 | eor x2,x2,x1 70 | adds x4,x4,#1 71 | mvn x6,x6 72 | adcs x5,x5,xzr 73 | mvn x7,x7 74 | adcs x6,x6,xzr 75 | adc x7,x7,xzr 76 | 77 | Lu_greater_than_v_256: 78 | stp x4,x5,[x1] 79 | ldp x4,x5,[x2,#32] 80 | ldp x8,x9,[x1,#32] 81 | stp x6,x7,[x1,#16] 82 | ldp x6,x7,[x2,#48] 83 | subs x8,x8,x4 // X-Y # [alt. Y-X] 84 | ldp x10,x11,[x1,#48] 85 | sbcs x9,x9,x5 86 | sbcs x10,x10,x6 87 | sbcs x11,x11,x7 88 | sbc x7,xzr,xzr // borrow -> mask 89 | 90 | and x4,x12,x7 91 | and x5,x13,x7 92 | adds x8,x8,x4 // reduce if X>= cnt 142 | lslv x8,x5,x11 143 | orr x4,x4,x8 144 | lsrv x5,x5,x3 145 | lslv x9,x6,x11 146 | orr x5,x5,x9 147 | ldp x8,x9,[x1,#32] 148 | lsrv x6,x6,x3 149 | lslv x10,x7,x11 150 | orr x6,x6,x10 151 | ldp x10,x11,[x1,#48] 152 | lsrv x7,x7,x3 153 | 154 | stp x4, x5,[x1] 155 | stp x6, x7,[x1,#16] 156 | b Loop_div_by_2_256 157 | 158 | .align 4 159 | Loop_div_by_2_256: 160 | sbfx x7,x8,#0,#1 161 | sub x3,x3,#1 162 | 163 | and x4,x12,x7 164 | and x5,x13,x7 165 | adds x8,x8,x4 166 | and x6,x14,x7 167 | adcs x9,x9,x5 168 | and x7,x15,x7 169 | adcs x10,x10,x6 170 | extr x8,x9,x8,#1 // acc[4:7] >>= 1 171 | adcs x11,x11,x7 172 | extr x9,x10,x9,#1 173 | adc x7,xzr,xzr // redundant if modulus is <256 bits... 174 | extr x10,x11,x10,#1 175 | extr x11,x7,x11,#1 176 | 177 | cbnz x3,Loop_div_by_2_256 178 | 179 | ldp x4,x5,[x1] // reload X [mostly for 2nd caller] 180 | ldp x6,x7,[x1,#16] 181 | 182 | stp x8,x9,[x1,#32] 183 | stp x10,x11,[x1,#48] 184 | 185 | tbz x4,#0,Loop_of_2_256// unlikely in real life 186 | 187 | Loop_of_2_done_256: 188 | ret 189 | 190 | -------------------------------------------------------------------------------- /extern/blst/build/win64/inverse_mod_256-armv8.asm: -------------------------------------------------------------------------------- 1 | AREA |.text|,CODE,ALIGN=8,ARM64 2 | 3 | ALIGN 32 4 | |$Lone_256| 5 | DCQU 1,0,0,0 6 | 7 | 8 | 9 | EXPORT |eucl_inverse_mod_256|[FUNC] 10 | ALIGN 32 11 | |eucl_inverse_mod_256| PROC 12 | DCDU 3573752639 13 | stp x29,x30,[sp,#-16]! 14 | add x29,sp,#0 15 | sub sp,sp,#128 16 | 17 | adr x4,|$Lone_256| 18 | cmp x3,#0 19 | cselne x3,x3,x4 20 | 21 | ldp x4,x5,[x1] 22 | ldp x6,x7,[x1,#16] 23 | 24 | orr x8,x4,x5 25 | orr x9,x6,x7 26 | orr x10,x8,x9 27 | cbz x10,|$Labort_256| // abort if |inp|==0 28 | 29 | ldp x8,x9,[x3] 30 | ldp x10,x11,[x3,#16] 31 | 32 | ldp x12,x13,[x2] 33 | ldp x14,x15,[x2,#16] 34 | 35 | stp x4,x5,[sp,#0] // copy |inp| to U 36 | stp x6,x7,[sp,#0+16] 37 | 38 | stp x8,x9,[sp,#0+32] // copy |one| to X 39 | stp x10,x11,[sp,#0+48] 40 | 41 | stp x12,x13,[sp,#64] // copy |mod| to V 42 | stp x14,x15,[sp,#64+16] 43 | 44 | stp xzr,xzr,[sp,#64+32] // clear Y 45 | stp xzr,xzr,[sp,#64+48] 46 | b |$Loop_inv_256| 47 | 48 | ALIGN 16 49 | |$Loop_inv_256| 50 | add x1,sp,#64 51 | bl __remove_powers_of_2_256 52 | 53 | add x1,sp,#0 54 | bl __remove_powers_of_2_256 55 | 56 | ldp x8,x9,[sp,#64] 57 | add x2,sp,#64 58 | ldp x10,x11,[sp,#64+16] 59 | subs x4,x4,x8 // U-V 60 | sbcs x5,x5,x9 61 | sbcs x6,x6,x10 62 | sbcs x7,x7,x11 63 | bhs |$Lu_greater_than_v_256| 64 | 65 | eor x2,x2,x1 // xchg x2,x1 66 | mvn x4,x4 // U-V => V-U 67 | eor x1,x1,x2 68 | mvn x5,x5 69 | eor x2,x2,x1 70 | adds x4,x4,#1 71 | mvn x6,x6 72 | adcs x5,x5,xzr 73 | mvn x7,x7 74 | adcs x6,x6,xzr 75 | adc x7,x7,xzr 76 | 77 | |$Lu_greater_than_v_256| 78 | stp x4,x5,[x1] 79 | ldp x4,x5,[x2,#32] 80 | ldp x8,x9,[x1,#32] 81 | stp x6,x7,[x1,#16] 82 | ldp x6,x7,[x2,#48] 83 | subs x8,x8,x4 // X-Y # [alt. Y-X] 84 | ldp x10,x11,[x1,#48] 85 | sbcs x9,x9,x5 86 | sbcs x10,x10,x6 87 | sbcs x11,x11,x7 88 | sbc x7,xzr,xzr // borrow -> mask 89 | 90 | and x4,x12,x7 91 | and x5,x13,x7 92 | adds x8,x8,x4 // reduce if X>= cnt 142 | lslv x8,x5,x11 143 | orr x4,x4,x8 144 | lsrv x5,x5,x3 145 | lslv x9,x6,x11 146 | orr x5,x5,x9 147 | ldp x8,x9,[x1,#32] 148 | lsrv x6,x6,x3 149 | lslv x10,x7,x11 150 | orr x6,x6,x10 151 | ldp x10,x11,[x1,#48] 152 | lsrv x7,x7,x3 153 | 154 | stp x4, x5,[x1] 155 | stp x6, x7,[x1,#16] 156 | b |$Loop_div_by_2_256| 157 | 158 | ALIGN 16 159 | |$Loop_div_by_2_256| 160 | sbfx x7,x8,#0,#1 161 | sub x3,x3,#1 162 | 163 | and x4,x12,x7 164 | and x5,x13,x7 165 | adds x8,x8,x4 166 | and x6,x14,x7 167 | adcs x9,x9,x5 168 | and x7,x15,x7 169 | adcs x10,x10,x6 170 | extr x8,x9,x8,#1 // acc[4:7] >>= 1 171 | adcs x11,x11,x7 172 | extr x9,x10,x9,#1 173 | adc x7,xzr,xzr // redundant if modulus is <256 bits... 174 | extr x10,x11,x10,#1 175 | extr x11,x7,x11,#1 176 | 177 | cbnz x3,|$Loop_div_by_2_256| 178 | 179 | ldp x4,x5,[x1] // reload X [mostly for 2nd caller] 180 | ldp x6,x7,[x1,#16] 181 | 182 | stp x8,x9,[x1,#32] 183 | stp x10,x11,[x1,#48] 184 | 185 | tbz x4,#0,|$Loop_of_2_256|// unlikely in real life 186 | 187 | |$Loop_of_2_done_256| 188 | ret 189 | ENDP 190 | END 191 | -------------------------------------------------------------------------------- /extern/blst/build/coff/inverse_mod_256-armv8.S: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .p2align 5 4 | .Lone_256: 5 | .quad 1,0,0,0 6 | 7 | .globl eucl_inverse_mod_256 8 | 9 | .def eucl_inverse_mod_256; 10 | .type 32; 11 | .endef 12 | .p2align 5 13 | eucl_inverse_mod_256: 14 | .long 3573752639 15 | stp x29,x30,[sp,#-16]! 16 | add x29,sp,#0 17 | sub sp,sp,#128 18 | 19 | adr x4,.Lone_256 20 | cmp x3,#0 21 | csel x3,x3,x4,ne // default x3 to 1 22 | 23 | ldp x4,x5,[x1] 24 | ldp x6,x7,[x1,#16] 25 | 26 | orr x8,x4,x5 27 | orr x9,x6,x7 28 | orr x10,x8,x9 29 | cbz x10,.Labort_256 // abort if |inp|==0 30 | 31 | ldp x8,x9,[x3] 32 | ldp x10,x11,[x3,#16] 33 | 34 | ldp x12,x13,[x2] 35 | ldp x14,x15,[x2,#16] 36 | 37 | stp x4,x5,[sp,#0] // copy |inp| to U 38 | stp x6,x7,[sp,#0+16] 39 | 40 | stp x8,x9,[sp,#0+32] // copy |one| to X 41 | stp x10,x11,[sp,#0+48] 42 | 43 | stp x12,x13,[sp,#64] // copy |mod| to V 44 | stp x14,x15,[sp,#64+16] 45 | 46 | stp xzr,xzr,[sp,#64+32] // clear Y 47 | stp xzr,xzr,[sp,#64+48] 48 | b .Loop_inv_256 49 | 50 | .p2align 4 51 | .Loop_inv_256: 52 | add x1,sp,#64 53 | bl __remove_powers_of_2_256 54 | 55 | add x1,sp,#0 56 | bl __remove_powers_of_2_256 57 | 58 | ldp x8,x9,[sp,#64] 59 | add x2,sp,#64 60 | ldp x10,x11,[sp,#64+16] 61 | subs x4,x4,x8 // U-V 62 | sbcs x5,x5,x9 63 | sbcs x6,x6,x10 64 | sbcs x7,x7,x11 65 | b.hs .Lu_greater_than_v_256 66 | 67 | eor x2,x2,x1 // xchg x2,x1 68 | mvn x4,x4 // U-V => V-U 69 | eor x1,x1,x2 70 | mvn x5,x5 71 | eor x2,x2,x1 72 | adds x4,x4,#1 73 | mvn x6,x6 74 | adcs x5,x5,xzr 75 | mvn x7,x7 76 | adcs x6,x6,xzr 77 | adc x7,x7,xzr 78 | 79 | .Lu_greater_than_v_256: 80 | stp x4,x5,[x1] 81 | ldp x4,x5,[x2,#32] 82 | ldp x8,x9,[x1,#32] 83 | stp x6,x7,[x1,#16] 84 | ldp x6,x7,[x2,#48] 85 | subs x8,x8,x4 // X-Y # [alt. Y-X] 86 | ldp x10,x11,[x1,#48] 87 | sbcs x9,x9,x5 88 | sbcs x10,x10,x6 89 | sbcs x11,x11,x7 90 | sbc x7,xzr,xzr // borrow -> mask 91 | 92 | and x4,x12,x7 93 | and x5,x13,x7 94 | adds x8,x8,x4 // reduce if X>= cnt 146 | lslv x8,x5,x11 147 | orr x4,x4,x8 148 | lsrv x5,x5,x3 149 | lslv x9,x6,x11 150 | orr x5,x5,x9 151 | ldp x8,x9,[x1,#32] 152 | lsrv x6,x6,x3 153 | lslv x10,x7,x11 154 | orr x6,x6,x10 155 | ldp x10,x11,[x1,#48] 156 | lsrv x7,x7,x3 157 | 158 | stp x4, x5,[x1] 159 | stp x6, x7,[x1,#16] 160 | b .Loop_div_by_2_256 161 | 162 | .p2align 4 163 | .Loop_div_by_2_256: 164 | sbfx x7,x8,#0,#1 165 | sub x3,x3,#1 166 | 167 | and x4,x12,x7 168 | and x5,x13,x7 169 | adds x8,x8,x4 170 | and x6,x14,x7 171 | adcs x9,x9,x5 172 | and x7,x15,x7 173 | adcs x10,x10,x6 174 | extr x8,x9,x8,#1 // acc[4:7] >>= 1 175 | adcs x11,x11,x7 176 | extr x9,x10,x9,#1 177 | adc x7,xzr,xzr // redundant if modulus is <256 bits... 178 | extr x10,x11,x10,#1 179 | extr x11,x7,x11,#1 180 | 181 | cbnz x3,.Loop_div_by_2_256 182 | 183 | ldp x4,x5,[x1] // reload X [mostly for 2nd caller] 184 | ldp x6,x7,[x1,#16] 185 | 186 | stp x8,x9,[x1,#32] 187 | stp x10,x11,[x1,#48] 188 | 189 | tbz x4,#0,.Loop_of_2_256// unlikely in real life 190 | 191 | .Loop_of_2_done_256: 192 | ret 193 | 194 | -------------------------------------------------------------------------------- /extern/blst/build/elf/inverse_mod_256-armv8.S: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .align 5 4 | .Lone_256: 5 | .quad 1,0,0,0 6 | 7 | .globl eucl_inverse_mod_256 8 | .hidden eucl_inverse_mod_256 9 | .type eucl_inverse_mod_256,%function 10 | .align 5 11 | eucl_inverse_mod_256: 12 | .inst 0xd503233f 13 | stp x29,x30,[sp,#-16]! 14 | add x29,sp,#0 15 | sub sp,sp,#128 16 | 17 | adr x4,.Lone_256 18 | cmp x3,#0 19 | csel x3,x3,x4,ne // default x3 to 1 20 | 21 | ldp x4,x5,[x1] 22 | ldp x6,x7,[x1,#16] 23 | 24 | orr x8,x4,x5 25 | orr x9,x6,x7 26 | orr x10,x8,x9 27 | cbz x10,.Labort_256 // abort if |inp|==0 28 | 29 | ldp x8,x9,[x3] 30 | ldp x10,x11,[x3,#16] 31 | 32 | ldp x12,x13,[x2] 33 | ldp x14,x15,[x2,#16] 34 | 35 | stp x4,x5,[sp,#0] // copy |inp| to U 36 | stp x6,x7,[sp,#0+16] 37 | 38 | stp x8,x9,[sp,#0+32] // copy |one| to X 39 | stp x10,x11,[sp,#0+48] 40 | 41 | stp x12,x13,[sp,#64] // copy |mod| to V 42 | stp x14,x15,[sp,#64+16] 43 | 44 | stp xzr,xzr,[sp,#64+32] // clear Y 45 | stp xzr,xzr,[sp,#64+48] 46 | b .Loop_inv_256 47 | 48 | .align 4 49 | .Loop_inv_256: 50 | add x1,sp,#64 51 | bl __remove_powers_of_2_256 52 | 53 | add x1,sp,#0 54 | bl __remove_powers_of_2_256 55 | 56 | ldp x8,x9,[sp,#64] 57 | add x2,sp,#64 58 | ldp x10,x11,[sp,#64+16] 59 | subs x4,x4,x8 // U-V 60 | sbcs x5,x5,x9 61 | sbcs x6,x6,x10 62 | sbcs x7,x7,x11 63 | b.hs .Lu_greater_than_v_256 64 | 65 | eor x2,x2,x1 // xchg x2,x1 66 | mvn x4,x4 // U-V => V-U 67 | eor x1,x1,x2 68 | mvn x5,x5 69 | eor x2,x2,x1 70 | adds x4,x4,#1 71 | mvn x6,x6 72 | adcs x5,x5,xzr 73 | mvn x7,x7 74 | adcs x6,x6,xzr 75 | adc x7,x7,xzr 76 | 77 | .Lu_greater_than_v_256: 78 | stp x4,x5,[x1] 79 | ldp x4,x5,[x2,#32] 80 | ldp x8,x9,[x1,#32] 81 | stp x6,x7,[x1,#16] 82 | ldp x6,x7,[x2,#48] 83 | subs x8,x8,x4 // X-Y # [alt. Y-X] 84 | ldp x10,x11,[x1,#48] 85 | sbcs x9,x9,x5 86 | sbcs x10,x10,x6 87 | sbcs x11,x11,x7 88 | sbc x7,xzr,xzr // borrow -> mask 89 | 90 | and x4,x12,x7 91 | and x5,x13,x7 92 | adds x8,x8,x4 // reduce if X>= cnt 142 | lslv x8,x5,x11 143 | orr x4,x4,x8 144 | lsrv x5,x5,x3 145 | lslv x9,x6,x11 146 | orr x5,x5,x9 147 | ldp x8,x9,[x1,#32] 148 | lsrv x6,x6,x3 149 | lslv x10,x7,x11 150 | orr x6,x6,x10 151 | ldp x10,x11,[x1,#48] 152 | lsrv x7,x7,x3 153 | 154 | stp x4, x5,[x1] 155 | stp x6, x7,[x1,#16] 156 | b .Loop_div_by_2_256 157 | 158 | .align 4 159 | .Loop_div_by_2_256: 160 | sbfx x7,x8,#0,#1 161 | sub x3,x3,#1 162 | 163 | and x4,x12,x7 164 | and x5,x13,x7 165 | adds x8,x8,x4 166 | and x6,x14,x7 167 | adcs x9,x9,x5 168 | and x7,x15,x7 169 | adcs x10,x10,x6 170 | extr x8,x9,x8,#1 // acc[4:7] >>= 1 171 | adcs x11,x11,x7 172 | extr x9,x10,x9,#1 173 | adc x7,xzr,xzr // redundant if modulus is <256 bits... 174 | extr x10,x11,x10,#1 175 | extr x11,x7,x11,#1 176 | 177 | cbnz x3,.Loop_div_by_2_256 178 | 179 | ldp x4,x5,[x1] // reload X [mostly for 2nd caller] 180 | ldp x6,x7,[x1,#16] 181 | 182 | stp x8,x9,[x1,#32] 183 | stp x10,x11,[x1,#48] 184 | 185 | tbz x4,#0,.Loop_of_2_256// unlikely in real life 186 | 187 | .Loop_of_2_done_256: 188 | ret 189 | .size __remove_powers_of_2_256,.-__remove_powers_of_2_256 190 | -------------------------------------------------------------------------------- /extern/blst/build/win64/add_mod_256-armv8.asm: -------------------------------------------------------------------------------- 1 | AREA |.text|,CODE,ALIGN=8,ARM64 2 | 3 | 4 | 5 | EXPORT |add_mod_256|[FUNC] 6 | ALIGN 32 7 | |add_mod_256| PROC 8 | ldp x8,x9,[x1] 9 | ldp x12,x13,[x2] 10 | 11 | ldp x10,x11,[x1,#16] 12 | adds x8,x8,x12 13 | ldp x14,x15,[x2,#16] 14 | adcs x9,x9,x13 15 | ldp x4,x5,[x3] 16 | adcs x10,x10,x14 17 | ldp x6,x7,[x3,#16] 18 | adcs x11,x11,x15 19 | adc x3,xzr,xzr 20 | 21 | subs x16,x8,x4 22 | sbcs x17,x9,x5 23 | sbcs x1,x10,x6 24 | sbcs x2,x11,x7 25 | sbcs xzr,x3,xzr 26 | 27 | csello x8,x8,x16 28 | csello x9,x9,x17 29 | csello x10,x10,x1 30 | stp x8,x9,[x0] 31 | csello x11,x11,x2 32 | stp x10,x11,[x0,#16] 33 | 34 | ret 35 | ENDP 36 | 37 | 38 | 39 | EXPORT |mul_by_3_mod_256|[FUNC] 40 | ALIGN 32 41 | |mul_by_3_mod_256| PROC 42 | ldp x12,x13,[x1] 43 | ldp x14,x15,[x1,#16] 44 | 45 | adds x8,x12,x12 46 | ldp x4,x5,[x2] 47 | adcs x9,x13,x13 48 | ldp x6,x7,[x2,#16] 49 | adcs x10,x14,x14 50 | adcs x11,x15,x15 51 | adc x3,xzr,xzr 52 | 53 | subs x16,x8,x4 54 | sbcs x17,x9,x5 55 | sbcs x1,x10,x6 56 | sbcs x2,x11,x7 57 | sbcs xzr,x3,xzr 58 | 59 | csello x8,x8,x16 60 | csello x9,x9,x17 61 | csello x10,x10,x1 62 | csello x11,x11,x2 63 | 64 | adds x8,x8,x12 65 | adcs x9,x9,x13 66 | adcs x10,x10,x14 67 | adcs x11,x11,x15 68 | adc x3,xzr,xzr 69 | 70 | subs x16,x8,x4 71 | sbcs x17,x9,x5 72 | sbcs x1,x10,x6 73 | sbcs x2,x11,x7 74 | sbcs xzr,x3,xzr 75 | 76 | csello x8,x8,x16 77 | csello x9,x9,x17 78 | csello x10,x10,x1 79 | stp x8,x9,[x0] 80 | csello x11,x11,x2 81 | stp x10,x11,[x0,#16] 82 | 83 | ret 84 | ENDP 85 | 86 | 87 | 88 | EXPORT |lshift_mod_256|[FUNC] 89 | ALIGN 32 90 | |lshift_mod_256| PROC 91 | ldp x8,x9,[x1] 92 | ldp x10,x11,[x1,#16] 93 | 94 | ldp x4,x5,[x3] 95 | ldp x6,x7,[x3,#16] 96 | 97 | |$Loop_lshift_mod_256| 98 | adds x8,x8,x8 99 | sub x2,x2,#1 100 | adcs x9,x9,x9 101 | adcs x10,x10,x10 102 | adcs x11,x11,x11 103 | adc x3,xzr,xzr 104 | 105 | subs x12,x8,x4 106 | sbcs x13,x9,x5 107 | sbcs x14,x10,x6 108 | sbcs x15,x11,x7 109 | sbcs xzr,x3,xzr 110 | 111 | csello x8,x8,x12 112 | csello x9,x9,x13 113 | csello x10,x10,x14 114 | csello x11,x11,x15 115 | 116 | cbnz x2,|$Loop_lshift_mod_256| 117 | 118 | stp x8,x9,[x0] 119 | stp x10,x11,[x0,#16] 120 | 121 | ret 122 | ENDP 123 | 124 | 125 | 126 | EXPORT |rshift_mod_256|[FUNC] 127 | ALIGN 32 128 | |rshift_mod_256| PROC 129 | ldp x8,x9,[x1] 130 | ldp x10,x11,[x1,#16] 131 | 132 | ldp x4,x5,[x3] 133 | ldp x6,x7,[x3,#16] 134 | 135 | |$Loop_rshift| 136 | adds x12,x8,x4 137 | sub x2,x2,#1 138 | adcs x13,x9,x5 139 | adcs x14,x10,x6 140 | adcs x15,x11,x7 141 | adc x3,xzr,xzr 142 | tst x8,#1 143 | 144 | cselne x12,x12,x8 145 | cselne x13,x13,x9 146 | cselne x14,x14,x10 147 | cselne x15,x15,x11 148 | cselne x3,x3,xzr 149 | 150 | extr x8,x13,x12,#1 151 | extr x9,x14,x13,#1 152 | extr x10,x15,x14,#1 153 | extr x11,x3,x15,#1 154 | 155 | cbnz x2,|$Loop_rshift| 156 | 157 | stp x8,x9,[x0] 158 | stp x10,x11,[x0,#16] 159 | 160 | ret 161 | ENDP 162 | 163 | 164 | 165 | EXPORT |cneg_mod_256|[FUNC] 166 | ALIGN 32 167 | |cneg_mod_256| PROC 168 | ldp x8,x9,[x1] 169 | ldp x4,x5,[x3] 170 | 171 | ldp x10,x11,[x1,#16] 172 | subs x12,x4,x8 173 | ldp x6,x7,[x3,#16] 174 | orr x4,x8,x9 175 | sbcs x13,x5,x9 176 | orr x5,x10,x11 177 | sbcs x14,x6,x10 178 | orr x3,x4,x5 179 | sbc x15,x7,x11 180 | 181 | cmp x3,#0 182 | csetmne x3 183 | ands x2,x2,x3 184 | 185 | cseleq x8,x8,x12 186 | cseleq x9,x9,x13 187 | cseleq x10,x10,x14 188 | stp x8,x9,[x0] 189 | cseleq x11,x11,x15 190 | stp x10,x11,[x0,#16] 191 | 192 | ret 193 | ENDP 194 | 195 | 196 | 197 | EXPORT |sub_mod_256|[FUNC] 198 | ALIGN 32 199 | |sub_mod_256| PROC 200 | ldp x8,x9,[x1] 201 | ldp x12,x13,[x2] 202 | 203 | ldp x10,x11,[x1,#16] 204 | subs x8,x8,x12 205 | ldp x14,x15,[x2,#16] 206 | sbcs x9,x9,x13 207 | ldp x4,x5,[x3] 208 | sbcs x10,x10,x14 209 | ldp x6,x7,[x3,#16] 210 | sbcs x11,x11,x15 211 | sbc x3,xzr,xzr 212 | 213 | and x4,x4,x3 214 | and x5,x5,x3 215 | adds x8,x8,x4 216 | and x6,x6,x3 217 | adcs x9,x9,x5 218 | and x7,x7,x3 219 | adcs x10,x10,x6 220 | stp x8,x9,[x0] 221 | adc x11,x11,x7 222 | stp x10,x11,[x0,#16] 223 | 224 | ret 225 | ENDP 226 | END 227 | -------------------------------------------------------------------------------- /extern/blst/build/mach-o/add_mod_256-armv8.S: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .globl _add_mod_256 4 | .private_extern _add_mod_256 5 | 6 | .align 5 7 | _add_mod_256: 8 | ldp x8,x9,[x1] 9 | ldp x12,x13,[x2] 10 | 11 | ldp x10,x11,[x1,#16] 12 | adds x8,x8,x12 13 | ldp x14,x15,[x2,#16] 14 | adcs x9,x9,x13 15 | ldp x4,x5,[x3] 16 | adcs x10,x10,x14 17 | ldp x6,x7,[x3,#16] 18 | adcs x11,x11,x15 19 | adc x3,xzr,xzr 20 | 21 | subs x16,x8,x4 22 | sbcs x17,x9,x5 23 | sbcs x1,x10,x6 24 | sbcs x2,x11,x7 25 | sbcs xzr,x3,xzr 26 | 27 | csel x8,x8,x16,lo 28 | csel x9,x9,x17,lo 29 | csel x10,x10,x1,lo 30 | stp x8,x9,[x0] 31 | csel x11,x11,x2,lo 32 | stp x10,x11,[x0,#16] 33 | 34 | ret 35 | 36 | 37 | .globl _mul_by_3_mod_256 38 | .private_extern _mul_by_3_mod_256 39 | 40 | .align 5 41 | _mul_by_3_mod_256: 42 | ldp x12,x13,[x1] 43 | ldp x14,x15,[x1,#16] 44 | 45 | adds x8,x12,x12 46 | ldp x4,x5,[x2] 47 | adcs x9,x13,x13 48 | ldp x6,x7,[x2,#16] 49 | adcs x10,x14,x14 50 | adcs x11,x15,x15 51 | adc x3,xzr,xzr 52 | 53 | subs x16,x8,x4 54 | sbcs x17,x9,x5 55 | sbcs x1,x10,x6 56 | sbcs x2,x11,x7 57 | sbcs xzr,x3,xzr 58 | 59 | csel x8,x8,x16,lo 60 | csel x9,x9,x17,lo 61 | csel x10,x10,x1,lo 62 | csel x11,x11,x2,lo 63 | 64 | adds x8,x8,x12 65 | adcs x9,x9,x13 66 | adcs x10,x10,x14 67 | adcs x11,x11,x15 68 | adc x3,xzr,xzr 69 | 70 | subs x16,x8,x4 71 | sbcs x17,x9,x5 72 | sbcs x1,x10,x6 73 | sbcs x2,x11,x7 74 | sbcs xzr,x3,xzr 75 | 76 | csel x8,x8,x16,lo 77 | csel x9,x9,x17,lo 78 | csel x10,x10,x1,lo 79 | stp x8,x9,[x0] 80 | csel x11,x11,x2,lo 81 | stp x10,x11,[x0,#16] 82 | 83 | ret 84 | 85 | 86 | .globl _lshift_mod_256 87 | .private_extern _lshift_mod_256 88 | 89 | .align 5 90 | _lshift_mod_256: 91 | ldp x8,x9,[x1] 92 | ldp x10,x11,[x1,#16] 93 | 94 | ldp x4,x5,[x3] 95 | ldp x6,x7,[x3,#16] 96 | 97 | Loop_lshift_mod_256: 98 | adds x8,x8,x8 99 | sub x2,x2,#1 100 | adcs x9,x9,x9 101 | adcs x10,x10,x10 102 | adcs x11,x11,x11 103 | adc x3,xzr,xzr 104 | 105 | subs x12,x8,x4 106 | sbcs x13,x9,x5 107 | sbcs x14,x10,x6 108 | sbcs x15,x11,x7 109 | sbcs xzr,x3,xzr 110 | 111 | csel x8,x8,x12,lo 112 | csel x9,x9,x13,lo 113 | csel x10,x10,x14,lo 114 | csel x11,x11,x15,lo 115 | 116 | cbnz x2,Loop_lshift_mod_256 117 | 118 | stp x8,x9,[x0] 119 | stp x10,x11,[x0,#16] 120 | 121 | ret 122 | 123 | 124 | .globl _rshift_mod_256 125 | .private_extern _rshift_mod_256 126 | 127 | .align 5 128 | _rshift_mod_256: 129 | ldp x8,x9,[x1] 130 | ldp x10,x11,[x1,#16] 131 | 132 | ldp x4,x5,[x3] 133 | ldp x6,x7,[x3,#16] 134 | 135 | Loop_rshift: 136 | adds x12,x8,x4 137 | sub x2,x2,#1 138 | adcs x13,x9,x5 139 | adcs x14,x10,x6 140 | adcs x15,x11,x7 141 | adc x3,xzr,xzr 142 | tst x8,#1 143 | 144 | csel x12,x12,x8,ne 145 | csel x13,x13,x9,ne 146 | csel x14,x14,x10,ne 147 | csel x15,x15,x11,ne 148 | csel x3,x3,xzr,ne 149 | 150 | extr x8,x13,x12,#1 151 | extr x9,x14,x13,#1 152 | extr x10,x15,x14,#1 153 | extr x11,x3,x15,#1 154 | 155 | cbnz x2,Loop_rshift 156 | 157 | stp x8,x9,[x0] 158 | stp x10,x11,[x0,#16] 159 | 160 | ret 161 | 162 | 163 | .globl _cneg_mod_256 164 | .private_extern _cneg_mod_256 165 | 166 | .align 5 167 | _cneg_mod_256: 168 | ldp x8,x9,[x1] 169 | ldp x4,x5,[x3] 170 | 171 | ldp x10,x11,[x1,#16] 172 | subs x12,x4,x8 173 | ldp x6,x7,[x3,#16] 174 | orr x4,x8,x9 175 | sbcs x13,x5,x9 176 | orr x5,x10,x11 177 | sbcs x14,x6,x10 178 | orr x3,x4,x5 179 | sbc x15,x7,x11 180 | 181 | cmp x3,#0 182 | csetm x3,ne 183 | ands x2,x2,x3 184 | 185 | csel x8,x8,x12,eq 186 | csel x9,x9,x13,eq 187 | csel x10,x10,x14,eq 188 | stp x8,x9,[x0] 189 | csel x11,x11,x15,eq 190 | stp x10,x11,[x0,#16] 191 | 192 | ret 193 | 194 | 195 | .globl _sub_mod_256 196 | .private_extern _sub_mod_256 197 | 198 | .align 5 199 | _sub_mod_256: 200 | ldp x8,x9,[x1] 201 | ldp x12,x13,[x2] 202 | 203 | ldp x10,x11,[x1,#16] 204 | subs x8,x8,x12 205 | ldp x14,x15,[x2,#16] 206 | sbcs x9,x9,x13 207 | ldp x4,x5,[x3] 208 | sbcs x10,x10,x14 209 | ldp x6,x7,[x3,#16] 210 | sbcs x11,x11,x15 211 | sbc x3,xzr,xzr 212 | 213 | and x4,x4,x3 214 | and x5,x5,x3 215 | adds x8,x8,x4 216 | and x6,x6,x3 217 | adcs x9,x9,x5 218 | and x7,x7,x3 219 | adcs x10,x10,x6 220 | stp x8,x9,[x0] 221 | adc x11,x11,x7 222 | stp x10,x11,[x0,#16] 223 | 224 | ret 225 | 226 | -------------------------------------------------------------------------------- /extern/blst/build/coff/add_mod_256-armv8.S: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .globl add_mod_256 4 | 5 | .def add_mod_256; 6 | .type 32; 7 | .endef 8 | .p2align 5 9 | add_mod_256: 10 | ldp x8,x9,[x1] 11 | ldp x12,x13,[x2] 12 | 13 | ldp x10,x11,[x1,#16] 14 | adds x8,x8,x12 15 | ldp x14,x15,[x2,#16] 16 | adcs x9,x9,x13 17 | ldp x4,x5,[x3] 18 | adcs x10,x10,x14 19 | ldp x6,x7,[x3,#16] 20 | adcs x11,x11,x15 21 | adc x3,xzr,xzr 22 | 23 | subs x16,x8,x4 24 | sbcs x17,x9,x5 25 | sbcs x1,x10,x6 26 | sbcs x2,x11,x7 27 | sbcs xzr,x3,xzr 28 | 29 | csel x8,x8,x16,lo 30 | csel x9,x9,x17,lo 31 | csel x10,x10,x1,lo 32 | stp x8,x9,[x0] 33 | csel x11,x11,x2,lo 34 | stp x10,x11,[x0,#16] 35 | 36 | ret 37 | 38 | 39 | .globl mul_by_3_mod_256 40 | 41 | .def mul_by_3_mod_256; 42 | .type 32; 43 | .endef 44 | .p2align 5 45 | mul_by_3_mod_256: 46 | ldp x12,x13,[x1] 47 | ldp x14,x15,[x1,#16] 48 | 49 | adds x8,x12,x12 50 | ldp x4,x5,[x2] 51 | adcs x9,x13,x13 52 | ldp x6,x7,[x2,#16] 53 | adcs x10,x14,x14 54 | adcs x11,x15,x15 55 | adc x3,xzr,xzr 56 | 57 | subs x16,x8,x4 58 | sbcs x17,x9,x5 59 | sbcs x1,x10,x6 60 | sbcs x2,x11,x7 61 | sbcs xzr,x3,xzr 62 | 63 | csel x8,x8,x16,lo 64 | csel x9,x9,x17,lo 65 | csel x10,x10,x1,lo 66 | csel x11,x11,x2,lo 67 | 68 | adds x8,x8,x12 69 | adcs x9,x9,x13 70 | adcs x10,x10,x14 71 | adcs x11,x11,x15 72 | adc x3,xzr,xzr 73 | 74 | subs x16,x8,x4 75 | sbcs x17,x9,x5 76 | sbcs x1,x10,x6 77 | sbcs x2,x11,x7 78 | sbcs xzr,x3,xzr 79 | 80 | csel x8,x8,x16,lo 81 | csel x9,x9,x17,lo 82 | csel x10,x10,x1,lo 83 | stp x8,x9,[x0] 84 | csel x11,x11,x2,lo 85 | stp x10,x11,[x0,#16] 86 | 87 | ret 88 | 89 | 90 | .globl lshift_mod_256 91 | 92 | .def lshift_mod_256; 93 | .type 32; 94 | .endef 95 | .p2align 5 96 | lshift_mod_256: 97 | ldp x8,x9,[x1] 98 | ldp x10,x11,[x1,#16] 99 | 100 | ldp x4,x5,[x3] 101 | ldp x6,x7,[x3,#16] 102 | 103 | .Loop_lshift_mod_256: 104 | adds x8,x8,x8 105 | sub x2,x2,#1 106 | adcs x9,x9,x9 107 | adcs x10,x10,x10 108 | adcs x11,x11,x11 109 | adc x3,xzr,xzr 110 | 111 | subs x12,x8,x4 112 | sbcs x13,x9,x5 113 | sbcs x14,x10,x6 114 | sbcs x15,x11,x7 115 | sbcs xzr,x3,xzr 116 | 117 | csel x8,x8,x12,lo 118 | csel x9,x9,x13,lo 119 | csel x10,x10,x14,lo 120 | csel x11,x11,x15,lo 121 | 122 | cbnz x2,.Loop_lshift_mod_256 123 | 124 | stp x8,x9,[x0] 125 | stp x10,x11,[x0,#16] 126 | 127 | ret 128 | 129 | 130 | .globl rshift_mod_256 131 | 132 | .def rshift_mod_256; 133 | .type 32; 134 | .endef 135 | .p2align 5 136 | rshift_mod_256: 137 | ldp x8,x9,[x1] 138 | ldp x10,x11,[x1,#16] 139 | 140 | ldp x4,x5,[x3] 141 | ldp x6,x7,[x3,#16] 142 | 143 | .Loop_rshift: 144 | adds x12,x8,x4 145 | sub x2,x2,#1 146 | adcs x13,x9,x5 147 | adcs x14,x10,x6 148 | adcs x15,x11,x7 149 | adc x3,xzr,xzr 150 | tst x8,#1 151 | 152 | csel x12,x12,x8,ne 153 | csel x13,x13,x9,ne 154 | csel x14,x14,x10,ne 155 | csel x15,x15,x11,ne 156 | csel x3,x3,xzr,ne 157 | 158 | extr x8,x13,x12,#1 159 | extr x9,x14,x13,#1 160 | extr x10,x15,x14,#1 161 | extr x11,x3,x15,#1 162 | 163 | cbnz x2,.Loop_rshift 164 | 165 | stp x8,x9,[x0] 166 | stp x10,x11,[x0,#16] 167 | 168 | ret 169 | 170 | 171 | .globl cneg_mod_256 172 | 173 | .def cneg_mod_256; 174 | .type 32; 175 | .endef 176 | .p2align 5 177 | cneg_mod_256: 178 | ldp x8,x9,[x1] 179 | ldp x4,x5,[x3] 180 | 181 | ldp x10,x11,[x1,#16] 182 | subs x12,x4,x8 183 | ldp x6,x7,[x3,#16] 184 | orr x4,x8,x9 185 | sbcs x13,x5,x9 186 | orr x5,x10,x11 187 | sbcs x14,x6,x10 188 | orr x3,x4,x5 189 | sbc x15,x7,x11 190 | 191 | cmp x3,#0 192 | csetm x3,ne 193 | ands x2,x2,x3 194 | 195 | csel x8,x8,x12,eq 196 | csel x9,x9,x13,eq 197 | csel x10,x10,x14,eq 198 | stp x8,x9,[x0] 199 | csel x11,x11,x15,eq 200 | stp x10,x11,[x0,#16] 201 | 202 | ret 203 | 204 | 205 | .globl sub_mod_256 206 | 207 | .def sub_mod_256; 208 | .type 32; 209 | .endef 210 | .p2align 5 211 | sub_mod_256: 212 | ldp x8,x9,[x1] 213 | ldp x12,x13,[x2] 214 | 215 | ldp x10,x11,[x1,#16] 216 | subs x8,x8,x12 217 | ldp x14,x15,[x2,#16] 218 | sbcs x9,x9,x13 219 | ldp x4,x5,[x3] 220 | sbcs x10,x10,x14 221 | ldp x6,x7,[x3,#16] 222 | sbcs x11,x11,x15 223 | sbc x3,xzr,xzr 224 | 225 | and x4,x4,x3 226 | and x5,x5,x3 227 | adds x8,x8,x4 228 | and x6,x6,x3 229 | adcs x9,x9,x5 230 | and x7,x7,x3 231 | adcs x10,x10,x6 232 | stp x8,x9,[x0] 233 | adc x11,x11,x7 234 | stp x10,x11,[x0,#16] 235 | 236 | ret 237 | 238 | -------------------------------------------------------------------------------- /ldevnet/ldevnet_test.go: -------------------------------------------------------------------------------- 1 | package ldevnet 2 | 3 | import ( 4 | "bytes" 5 | "context" 6 | "fmt" 7 | "io/ioutil" 8 | "math/rand" 9 | "os" 10 | "path/filepath" 11 | "testing" 12 | "time" 13 | 14 | "github.com/filecoin-project/go-fil-markets/storagemarket" 15 | "github.com/filecoin-project/go-jsonrpc" 16 | "github.com/filecoin-project/lotus/api" 17 | "github.com/filecoin-project/lotus/api/apistruct" 18 | "github.com/filecoin-project/lotus/build" 19 | "github.com/filecoin-project/lotus/chain/types" 20 | logging "github.com/ipfs/go-log/v2" 21 | "github.com/stretchr/testify/require" 22 | ) 23 | 24 | func TestMain(m *testing.M) { 25 | //logging.SetAllLoggers(logging.LevelDebug) 26 | //logging.SetLogLevel("miner", "ERROR") 27 | //logging.SetLogLevel("chainstore", "ERROR") 28 | //logging.SetLogLevel("chain", "ERROR") 29 | //logging.SetLogLevel("sub", "ERROR") 30 | //logging.SetLogLevel("storageminer", "ERROR") 31 | _ = logging.ErrNoSuchLogger 32 | os.Exit(m.Run()) 33 | } 34 | 35 | func TestStore(t *testing.T) { 36 | numMiners := []int{1} 37 | 38 | for _, nm := range numMiners { 39 | for i := 0; i < 1; i++ { 40 | t.Run(fmt.Sprintf("%d miners, deal with miner %d", nm, i), dealSpecificMiner(t, nm, 0)) 41 | } 42 | } 43 | } 44 | 45 | func dealSpecificMiner(t *testing.T, numMiners int, concreteMiner int) func(*testing.T) { 46 | return func(t *testing.T) { 47 | _, err := New(numMiners, time.Millisecond*100, true, "", false) 48 | require.Nil(t, err) 49 | 50 | var client apistruct.FullNodeStruct 51 | cc, err := jsonrpc.NewMergeClient(context.Background(), "ws://127.0.0.1:7777/rpc/v0", "Filecoin", 52 | []interface{}{ 53 | &client.Internal, 54 | &client.CommonStruct.Internal, 55 | }, nil) 56 | if err != nil { 57 | panic(err) 58 | } 59 | defer cc() 60 | time.Sleep(time.Second) 61 | ctx := context.Background() 62 | 63 | ts, err := client.ChainHead(ctx) 64 | require.Nil(t, err) 65 | require.Greater(t, int64(ts.Height()), int64(2)) 66 | 67 | miners, err := client.StateListMiners(ctx, types.EmptyTSK) 68 | require.Nil(t, err) 69 | require.Greater(t, len(miners), 0) 70 | 71 | waddr, err := client.WalletDefaultAddress(ctx) 72 | require.Nil(t, err) 73 | require.NotEmpty(t, waddr) 74 | 75 | tmpf, err := ioutil.TempFile("", "") 76 | require.Nil(t, err) 77 | 78 | r := rand.New(rand.NewSource(22)) 79 | for i := 0; i < 1; i++ { 80 | data := make([]byte, 100*1024*1024) 81 | r.Read(data) 82 | err = ioutil.WriteFile(tmpf.Name(), data, 0644) 83 | require.Nil(t, err) 84 | fcid, err := client.ClientImport(ctx, api.FileRef{Path: tmpf.Name()}) 85 | require.Nil(t, err) 86 | require.True(t, fcid.Root.Defined()) 87 | 88 | sdp := &api.StartDealParams{ 89 | Data: &storagemarket.DataRef{ 90 | TransferType: storagemarket.TTGraphsync, 91 | Root: fcid.Root, 92 | }, 93 | Wallet: waddr, 94 | EpochPrice: types.NewInt(100000000), 95 | MinBlocksDuration: uint64(build.MinDealDuration), 96 | Miner: miners[concreteMiner], 97 | } 98 | deal, err := client.ClientStartDeal(ctx, sdp) 99 | require.Nil(t, err) 100 | 101 | time.Sleep(time.Second / 2) 102 | 103 | loop: 104 | for { 105 | di, err := client.ClientGetDealInfo(ctx, *deal) 106 | require.Nil(t, err) 107 | 108 | switch di.State { 109 | case storagemarket.StorageDealProposalRejected: 110 | t.Fatal("deal rejected") 111 | case storagemarket.StorageDealFailing: 112 | t.Fatal("deal failed") 113 | case storagemarket.StorageDealError: 114 | t.Fatal("deal errored") 115 | case storagemarket.StorageDealActive: 116 | fmt.Println("COMPLETE", di) 117 | break loop 118 | } 119 | fmt.Println(storagemarket.DealStates[di.State]) 120 | time.Sleep(time.Second) 121 | } 122 | offers, err := client.ClientFindData(ctx, fcid.Root, nil) 123 | require.Nil(t, err) 124 | require.Greater(t, len(offers), 0) 125 | 126 | rpath, err := ioutil.TempDir("", "") 127 | require.Nil(t, err) 128 | defer os.RemoveAll(rpath) 129 | 130 | // Retrieve to file. 131 | ref := &api.FileRef{ 132 | Path: filepath.Join(rpath, "ret"), 133 | IsCAR: false, 134 | } 135 | err = client.ClientRetrieve(ctx, offers[0].Order(waddr), ref) 136 | require.Nil(t, err) 137 | 138 | rdata, err := ioutil.ReadFile(filepath.Join(rpath, "ret")) 139 | require.Nil(t, err) 140 | require.True(t, bytes.Equal(data, rdata)) 141 | } 142 | } 143 | } 144 | -------------------------------------------------------------------------------- /extern/blst/src/sha256.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | #ifndef __BLS12_381_ASM_SHA256_H__ 7 | #define __BLS12_381_ASM_SHA256_H__ 8 | 9 | #include 10 | 11 | #if (defined(__x86_64__) || defined(__x86_64) || defined(_M_X64)) && \ 12 | defined(__SHA__) /* -msha */ && !defined(__BLST_PORTABLE__) 13 | # define sha256_block_data_order blst_sha256_block_data_order_shaext 14 | #elif defined(__aarch64__) && \ 15 | defined(__ARM_FEATURE_CRYPTO) && !defined(__BLST_PORTABLE__) 16 | # define sha256_block_data_order blst_sha256_block_armv8 17 | #else 18 | # define sha256_block_data_order blst_sha256_block_data_order 19 | #endif 20 | #define sha256_hcopy blst_sha256_hcopy 21 | #define sha256_bcopy blst_sha256_bcopy 22 | #define sha256_emit blst_sha256_emit 23 | 24 | void sha256_block_data_order(unsigned int *h, const void *inp, size_t blocks); 25 | void sha256_hcopy(unsigned int dst[8], const unsigned int src[8]); 26 | void sha256_bcopy(void *dst, const void *src, size_t len); 27 | 28 | /* 29 | * If SHA256_CTX conflicts with something, just redefine it to alternative 30 | * custom name prior including this header. 31 | */ 32 | typedef struct { 33 | unsigned int h[8]; 34 | unsigned long long N; 35 | unsigned char buf[64]; 36 | size_t off; 37 | } SHA256_CTX; 38 | 39 | 40 | static void sha256_init_h(unsigned int h[8]) 41 | { 42 | h[0] = 0x6a09e667U; 43 | h[1] = 0xbb67ae85U; 44 | h[2] = 0x3c6ef372U; 45 | h[3] = 0xa54ff53aU; 46 | h[4] = 0x510e527fU; 47 | h[5] = 0x9b05688cU; 48 | h[6] = 0x1f83d9abU; 49 | h[7] = 0x5be0cd19U; 50 | } 51 | 52 | static void sha256_init(SHA256_CTX *ctx) 53 | { 54 | sha256_init_h(ctx->h); 55 | ctx->N = 0; 56 | vec_zero(ctx->buf, sizeof(ctx->buf)); 57 | ctx->off = 0; 58 | } 59 | 60 | static void sha256_update(SHA256_CTX *ctx, const void *_inp, size_t len) 61 | { 62 | size_t n; 63 | const unsigned char *inp = _inp; 64 | 65 | ctx->N += len; 66 | 67 | if ((n = ctx->off) != 0) { 68 | size_t rem = sizeof(ctx->buf) - n; 69 | 70 | if (rem > len) { 71 | sha256_bcopy(ctx->buf + n, inp, len); 72 | ctx->off += len; 73 | return; 74 | } else { 75 | sha256_bcopy(ctx->buf + n, inp, rem); 76 | inp += rem; 77 | len -= rem; 78 | sha256_block_data_order(ctx->h, ctx->buf, 1); 79 | vec_zero(ctx->buf, sizeof(ctx->buf)); 80 | ctx->off = 0; 81 | } 82 | } 83 | 84 | n = len / sizeof(ctx->buf); 85 | if (n > 0) { 86 | sha256_block_data_order(ctx->h, inp, n); 87 | n *= sizeof(ctx->buf); 88 | inp += n; 89 | len -= n; 90 | } 91 | 92 | if (len) 93 | sha256_bcopy(ctx->buf, inp, ctx->off = len); 94 | } 95 | 96 | #define __TOBE32(ptr, val) ((ptr)[0] = (unsigned char)((val)>>24), \ 97 | (ptr)[1] = (unsigned char)((val)>>16), \ 98 | (ptr)[2] = (unsigned char)((val)>>8), \ 99 | (ptr)[3] = (unsigned char)(val)) 100 | 101 | #if 1 102 | void sha256_emit(unsigned char md[32], const unsigned int h[8]); 103 | #else 104 | static void sha256_emit(unsigned char md[32], const unsigned int h[8]) 105 | { 106 | unsigned int h_i; 107 | 108 | h_i = h[0]; __TOBE32(md + 0, h_i); 109 | h_i = h[1]; __TOBE32(md + 4, h_i); 110 | h_i = h[2]; __TOBE32(md + 8, h_i); 111 | h_i = h[3]; __TOBE32(md + 12, h_i); 112 | h_i = h[4]; __TOBE32(md + 16, h_i); 113 | h_i = h[5]; __TOBE32(md + 20, h_i); 114 | h_i = h[6]; __TOBE32(md + 24, h_i); 115 | h_i = h[7]; __TOBE32(md + 28, h_i); 116 | } 117 | #endif 118 | 119 | static void sha256_final(unsigned char md[32], SHA256_CTX *ctx) 120 | { 121 | unsigned long long bits = ctx->N * 8; 122 | size_t n = ctx->off; 123 | unsigned char *tail; 124 | 125 | ctx->buf[n++] = 0x80; 126 | 127 | if (n > (sizeof(ctx->buf) - 8)) { 128 | sha256_block_data_order(ctx->h, ctx->buf, 1); 129 | vec_zero(ctx->buf, sizeof(ctx->buf)); 130 | } 131 | 132 | tail = ctx->buf + sizeof(ctx->buf) - 8; 133 | __TOBE32(tail, (unsigned int)(bits >> 32)); 134 | __TOBE32(tail + 4, (unsigned int)bits); 135 | sha256_block_data_order(ctx->h, ctx->buf, 1); 136 | sha256_emit(md, ctx->h); 137 | } 138 | 139 | #undef __TOBE32 140 | #endif 141 | -------------------------------------------------------------------------------- /extern/blst/bindings/rust/build.rs: -------------------------------------------------------------------------------- 1 | extern crate cc; 2 | 3 | use std::env; 4 | use std::path::Path; 5 | use std::path::PathBuf; 6 | 7 | #[cfg(all(target_env = "msvc", target_arch = "x86_64"))] 8 | fn assembly(file_vec: &mut Vec, base_dir: &str) { 9 | let files = glob::glob(&(base_dir.to_owned() + "win64/*-x86_64.asm")) 10 | .expect("disaster"); 11 | for file in files { 12 | file_vec.push(file.unwrap()); 13 | } 14 | } 15 | 16 | #[cfg(all(target_env = "msvc", target_arch = "aarch64"))] 17 | fn assembly(file_vec: &mut Vec, base_dir: &str) { 18 | let files = glob::glob(&(base_dir.to_owned() + "win64/*-armv8.asm")) 19 | .expect("disaster"); 20 | for file in files { 21 | file_vec.push(file.unwrap()); 22 | } 23 | } 24 | 25 | #[cfg(all(target_pointer_width = "64", not(target_env = "msvc")))] 26 | fn assembly(file_vec: &mut Vec, base_dir: &str) { 27 | file_vec.push(Path::new(base_dir).join("assembly.S")) 28 | } 29 | 30 | fn main() { 31 | /* 32 | * Use pre-built libblst.a if there is one. This is primarily 33 | * for trouble-shooting purposes. Idea is that libblst.a can be 34 | * compiled with flags independent from cargo defaults, e.g. 35 | * '../../build.sh -O1 ...'. 36 | */ 37 | if Path::new("libblst.a").exists() { 38 | println!("cargo:rustc-link-search=."); 39 | println!("cargo:rustc-link-lib=blst"); 40 | return; 41 | } 42 | 43 | let mut file_vec = Vec::new(); 44 | 45 | let _out_dir = env::var_os("OUT_DIR").unwrap(); 46 | 47 | let blst_base_dir = match env::var("BLST_SRC_DIR") { 48 | Ok(val) => val, 49 | Err(_) => { 50 | if Path::new("blst").exists() { 51 | "blst".to_string() 52 | } else { 53 | "../..".to_string() 54 | } 55 | } 56 | }; 57 | println!("Using blst source directory {:?}", blst_base_dir); 58 | 59 | let c_src_dir = blst_base_dir.clone() + "/src/"; 60 | let build_dir = blst_base_dir + "/build/"; 61 | 62 | file_vec.push(Path::new(&c_src_dir).join("server.c")); 63 | assembly(&mut file_vec, &build_dir); 64 | 65 | // Set CC environment variable to choose alternative C compiler. 66 | // Optimization level depends on whether or not --release is passed 67 | // or implied. 68 | let mut cc = cc::Build::new(); 69 | 70 | // account for cross-compilation 71 | let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); 72 | match (cfg!(feature = "portable"), cfg!(feature = "force-adx")) { 73 | (true, false) => { 74 | println!("Compiling in portable mode without ISA extensions"); 75 | cc.define("__BLST_PORTABLE__", None); 76 | } 77 | (false, true) => { 78 | if target_arch.eq("x86_64") { 79 | println!("Enabling ADX support via `force-adx` feature"); 80 | cc.define("__ADX__", None); 81 | } else { 82 | println!("`force-adx` is ignored for non-x86_64 targets"); 83 | } 84 | } 85 | (false, false) => { 86 | #[cfg(target_arch = "x86_64")] 87 | if target_arch.eq("x86_64") && std::is_x86_feature_detected!("adx") 88 | { 89 | println!("Enabling ADX because it was detected on the host"); 90 | cc.define("__ADX__", None); 91 | } 92 | } 93 | (true, true) => panic!( 94 | "Cannot compile with both `portable` and `force-adx` features" 95 | ), 96 | } 97 | cc.flag_if_supported("-mno-avx") // avoid costly transitions 98 | .flag_if_supported("-Wno-unused-command-line-argument"); 99 | if !cfg!(debug_assertions) { 100 | cc.opt_level(2); 101 | } 102 | cc.files(&file_vec).compile("libblst.a"); 103 | 104 | /* 105 | let binding_src_dir = blst_base_dir + "/bindings/"; 106 | let bindings = bindgen::Builder::default() 107 | .header(binding_src_dir + "blst.h") 108 | .opaque_type("blst_pairing") 109 | .size_t_is_usize(true) 110 | .rustified_enum("BLST_ERROR") 111 | .generate() 112 | .expect("Unable to generate bindings"); 113 | 114 | // Write the bindings to the $OUT_DIR/bindings.rs file. 115 | let out_path = PathBuf::from(env::var("OUT_DIR").unwrap()); 116 | bindings 117 | .write_to_file(out_path.join("bindings.rs")) 118 | .expect("Couldn't write bindings!"); 119 | */ 120 | } 121 | -------------------------------------------------------------------------------- /extern/blst/build/elf/add_mod_256-armv8.S: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .globl add_mod_256 4 | .hidden add_mod_256 5 | .type add_mod_256,%function 6 | .align 5 7 | add_mod_256: 8 | ldp x8,x9,[x1] 9 | ldp x12,x13,[x2] 10 | 11 | ldp x10,x11,[x1,#16] 12 | adds x8,x8,x12 13 | ldp x14,x15,[x2,#16] 14 | adcs x9,x9,x13 15 | ldp x4,x5,[x3] 16 | adcs x10,x10,x14 17 | ldp x6,x7,[x3,#16] 18 | adcs x11,x11,x15 19 | adc x3,xzr,xzr 20 | 21 | subs x16,x8,x4 22 | sbcs x17,x9,x5 23 | sbcs x1,x10,x6 24 | sbcs x2,x11,x7 25 | sbcs xzr,x3,xzr 26 | 27 | csel x8,x8,x16,lo 28 | csel x9,x9,x17,lo 29 | csel x10,x10,x1,lo 30 | stp x8,x9,[x0] 31 | csel x11,x11,x2,lo 32 | stp x10,x11,[x0,#16] 33 | 34 | ret 35 | .size add_mod_256,.-add_mod_256 36 | 37 | .globl mul_by_3_mod_256 38 | .hidden mul_by_3_mod_256 39 | .type mul_by_3_mod_256,%function 40 | .align 5 41 | mul_by_3_mod_256: 42 | ldp x12,x13,[x1] 43 | ldp x14,x15,[x1,#16] 44 | 45 | adds x8,x12,x12 46 | ldp x4,x5,[x2] 47 | adcs x9,x13,x13 48 | ldp x6,x7,[x2,#16] 49 | adcs x10,x14,x14 50 | adcs x11,x15,x15 51 | adc x3,xzr,xzr 52 | 53 | subs x16,x8,x4 54 | sbcs x17,x9,x5 55 | sbcs x1,x10,x6 56 | sbcs x2,x11,x7 57 | sbcs xzr,x3,xzr 58 | 59 | csel x8,x8,x16,lo 60 | csel x9,x9,x17,lo 61 | csel x10,x10,x1,lo 62 | csel x11,x11,x2,lo 63 | 64 | adds x8,x8,x12 65 | adcs x9,x9,x13 66 | adcs x10,x10,x14 67 | adcs x11,x11,x15 68 | adc x3,xzr,xzr 69 | 70 | subs x16,x8,x4 71 | sbcs x17,x9,x5 72 | sbcs x1,x10,x6 73 | sbcs x2,x11,x7 74 | sbcs xzr,x3,xzr 75 | 76 | csel x8,x8,x16,lo 77 | csel x9,x9,x17,lo 78 | csel x10,x10,x1,lo 79 | stp x8,x9,[x0] 80 | csel x11,x11,x2,lo 81 | stp x10,x11,[x0,#16] 82 | 83 | ret 84 | .size mul_by_3_mod_256,.-mul_by_3_mod_256 85 | 86 | .globl lshift_mod_256 87 | .hidden lshift_mod_256 88 | .type lshift_mod_256,%function 89 | .align 5 90 | lshift_mod_256: 91 | ldp x8,x9,[x1] 92 | ldp x10,x11,[x1,#16] 93 | 94 | ldp x4,x5,[x3] 95 | ldp x6,x7,[x3,#16] 96 | 97 | .Loop_lshift_mod_256: 98 | adds x8,x8,x8 99 | sub x2,x2,#1 100 | adcs x9,x9,x9 101 | adcs x10,x10,x10 102 | adcs x11,x11,x11 103 | adc x3,xzr,xzr 104 | 105 | subs x12,x8,x4 106 | sbcs x13,x9,x5 107 | sbcs x14,x10,x6 108 | sbcs x15,x11,x7 109 | sbcs xzr,x3,xzr 110 | 111 | csel x8,x8,x12,lo 112 | csel x9,x9,x13,lo 113 | csel x10,x10,x14,lo 114 | csel x11,x11,x15,lo 115 | 116 | cbnz x2,.Loop_lshift_mod_256 117 | 118 | stp x8,x9,[x0] 119 | stp x10,x11,[x0,#16] 120 | 121 | ret 122 | .size lshift_mod_256,.-lshift_mod_256 123 | 124 | .globl rshift_mod_256 125 | .hidden rshift_mod_256 126 | .type rshift_mod_256,%function 127 | .align 5 128 | rshift_mod_256: 129 | ldp x8,x9,[x1] 130 | ldp x10,x11,[x1,#16] 131 | 132 | ldp x4,x5,[x3] 133 | ldp x6,x7,[x3,#16] 134 | 135 | .Loop_rshift: 136 | adds x12,x8,x4 137 | sub x2,x2,#1 138 | adcs x13,x9,x5 139 | adcs x14,x10,x6 140 | adcs x15,x11,x7 141 | adc x3,xzr,xzr 142 | tst x8,#1 143 | 144 | csel x12,x12,x8,ne 145 | csel x13,x13,x9,ne 146 | csel x14,x14,x10,ne 147 | csel x15,x15,x11,ne 148 | csel x3,x3,xzr,ne 149 | 150 | extr x8,x13,x12,#1 151 | extr x9,x14,x13,#1 152 | extr x10,x15,x14,#1 153 | extr x11,x3,x15,#1 154 | 155 | cbnz x2,.Loop_rshift 156 | 157 | stp x8,x9,[x0] 158 | stp x10,x11,[x0,#16] 159 | 160 | ret 161 | .size rshift_mod_256,.-rshift_mod_256 162 | 163 | .globl cneg_mod_256 164 | .hidden cneg_mod_256 165 | .type cneg_mod_256,%function 166 | .align 5 167 | cneg_mod_256: 168 | ldp x8,x9,[x1] 169 | ldp x4,x5,[x3] 170 | 171 | ldp x10,x11,[x1,#16] 172 | subs x12,x4,x8 173 | ldp x6,x7,[x3,#16] 174 | orr x4,x8,x9 175 | sbcs x13,x5,x9 176 | orr x5,x10,x11 177 | sbcs x14,x6,x10 178 | orr x3,x4,x5 179 | sbc x15,x7,x11 180 | 181 | cmp x3,#0 182 | csetm x3,ne 183 | ands x2,x2,x3 184 | 185 | csel x8,x8,x12,eq 186 | csel x9,x9,x13,eq 187 | csel x10,x10,x14,eq 188 | stp x8,x9,[x0] 189 | csel x11,x11,x15,eq 190 | stp x10,x11,[x0,#16] 191 | 192 | ret 193 | .size cneg_mod_256,.-cneg_mod_256 194 | 195 | .globl sub_mod_256 196 | .hidden sub_mod_256 197 | .type sub_mod_256,%function 198 | .align 5 199 | sub_mod_256: 200 | ldp x8,x9,[x1] 201 | ldp x12,x13,[x2] 202 | 203 | ldp x10,x11,[x1,#16] 204 | subs x8,x8,x12 205 | ldp x14,x15,[x2,#16] 206 | sbcs x9,x9,x13 207 | ldp x4,x5,[x3] 208 | sbcs x10,x10,x14 209 | ldp x6,x7,[x3,#16] 210 | sbcs x11,x11,x15 211 | sbc x3,xzr,xzr 212 | 213 | and x4,x4,x3 214 | and x5,x5,x3 215 | adds x8,x8,x4 216 | and x6,x6,x3 217 | adcs x9,x9,x5 218 | and x7,x7,x3 219 | adcs x10,x10,x6 220 | stp x8,x9,[x0] 221 | adc x11,x11,x7 222 | stp x10,x11,[x0,#16] 223 | 224 | ret 225 | .size sub_mod_256,.-sub_mod_256 226 | -------------------------------------------------------------------------------- /extern/blst/src/exp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "vect.h" 8 | #include "fields.h" 9 | 10 | /* 11 | * |out| = |inp|^|pow|, small footprint, public exponent 12 | */ 13 | static void exp_mont_384(vec384 out, const vec384 inp, const byte *pow, 14 | size_t pow_bits, const vec384 p, limb_t n0) 15 | { 16 | #if 1 17 | vec384 ret; 18 | 19 | vec_copy(ret, inp, sizeof(ret)); /* ret = inp^1 */ 20 | --pow_bits; /* most significant bit is set, skip over */ 21 | while (pow_bits--) { 22 | sqr_mont_384(ret, ret, p, n0); 23 | if (is_bit_set(pow, pow_bits)) 24 | mul_mont_384(ret, ret, inp, p, n0); 25 | } 26 | vec_copy(out, ret, sizeof(ret)); /* out = ret */ 27 | #else 28 | unsigned int i; 29 | vec384 sqr; 30 | 31 | vec_copy(sqr, inp, sizeof(sqr)); 32 | for (i = 0; !is_bit_set(pow, i++);) 33 | sqr_mont_384(sqr, sqr, sqr, p, n0); 34 | vec_copy(out, sqr, sizeof(sqr)); 35 | for (; i < pow_bits; i++) { 36 | sqr_mont_384(sqr, sqr, sqr, p, n0); 37 | if (is_bit_set(pow, i)) 38 | mul_mont_384(out, out, sqr, p, n0); 39 | } 40 | #endif 41 | } 42 | 43 | #ifdef __OPTIMIZE_SIZE__ 44 | /* 45 | * 608 multiplications for scalar inversion modulo BLS12-381 prime, 32% 46 | * more than corresponding optimal addition-chain, plus mispredicted 47 | * branch penalties on top of that... The addition chain below was 48 | * measured to be >50% faster. 49 | */ 50 | static void reciprocal_fp(vec384 out, const vec384 inp) 51 | { 52 | static const byte BLS12_381_P_minus_2[] = { 53 | TO_BYTES(0xb9feffffffffaaa9), TO_BYTES(0x1eabfffeb153ffff), 54 | TO_BYTES(0x6730d2a0f6b0f624), TO_BYTES(0x64774b84f38512bf), 55 | TO_BYTES(0x4b1ba7b6434bacd7), TO_BYTES(0x1a0111ea397fe69a) 56 | }; 57 | 58 | exp_mont_384(out, inp, BLS12_381_P_minus_2, 381, BLS12_381_P, p0); 59 | } 60 | 61 | static void recip_sqrt_fp_3mod4(vec384 out, const vec384 inp) 62 | { 63 | static const byte BLS_12_381_P_minus_3_div_4[] = { 64 | TO_BYTES(0xee7fbfffffffeaaa), TO_BYTES(0x07aaffffac54ffff), 65 | TO_BYTES(0xd9cc34a83dac3d89), TO_BYTES(0xd91dd2e13ce144af), 66 | TO_BYTES(0x92c6e9ed90d2eb35), TO_BYTES(0x0680447a8e5ff9a6) 67 | }; 68 | 69 | exp_mont_384(out, inp, BLS_12_381_P_minus_3_div_4, 379, BLS12_381_P, p0); 70 | } 71 | #else 72 | # if 1 73 | /* 74 | * "383"-bit variant omits full reductions at the ends of squarings, 75 | * which results in up to ~15% improvement. [One can improve further 76 | * by omitting full reductions even after multiplications and 77 | * performing final reduction at the very end of the chain.] 78 | */ 79 | static inline void sqr_n_mul_fp(vec384 out, const vec384 a, size_t count, 80 | const vec384 b) 81 | { sqr_n_mul_mont_383(out, a, count, BLS12_381_P, p0, b); } 82 | # else 83 | static void sqr_n_mul_fp(vec384 out, const vec384 a, size_t count, 84 | const vec384 b) 85 | { 86 | while(count--) { 87 | sqr_fp(out, a); 88 | a = out; 89 | } 90 | mul_fp(out, out, b); 91 | } 92 | # endif 93 | 94 | # define sqr(ret,a) sqr_fp(ret,a) 95 | # define mul(ret,a,b) mul_fp(ret,a,b) 96 | # define sqr_n_mul(ret,a,n,b) sqr_n_mul_fp(ret,a,n,b) 97 | 98 | # include "recip-addchain.h" 99 | static void reciprocal_fp(vec384 out, const vec384 inp) 100 | { 101 | RECIPROCAL_MOD_BLS12_381_P(out, inp, vec384); 102 | } 103 | # undef RECIPROCAL_MOD_BLS12_381_P 104 | 105 | # include "sqrt-addchain.h" 106 | static void recip_sqrt_fp_3mod4(vec384 out, const vec384 inp) 107 | { 108 | RECIP_SQRT_MOD_BLS12_381_P(out, inp, vec384); 109 | } 110 | # undef RECIP_SQRT_MOD_BLS12_381_P 111 | 112 | # undef sqr_n_mul 113 | # undef sqr 114 | # undef mul 115 | #endif 116 | 117 | static limb_t recip_sqrt_fp(vec384 out, const vec384 inp) 118 | { 119 | vec384 t0, t1; 120 | limb_t ret; 121 | 122 | recip_sqrt_fp_3mod4(t0, inp); 123 | 124 | mul_fp(t1, t0, inp); 125 | sqr_fp(t1, t1); 126 | ret = vec_is_equal(t1, inp, sizeof(t1)); 127 | vec_copy(out, t0, sizeof(t0)); 128 | 129 | return ret; 130 | } 131 | 132 | static limb_t sqrt_fp(vec384 out, const vec384 inp) 133 | { 134 | vec384 t0, t1; 135 | limb_t ret; 136 | 137 | recip_sqrt_fp_3mod4(t0, inp); 138 | 139 | mul_fp(t0, t0, inp); 140 | sqr_fp(t1, t0); 141 | ret = vec_is_equal(t1, inp, sizeof(t1)); 142 | vec_copy(out, t0, sizeof(t0)); 143 | 144 | return ret; 145 | } 146 | 147 | limb_t blst_fp_sqrt(vec384 out, const vec384 inp) 148 | { return sqrt_fp(out, inp); } 149 | 150 | void blst_fp_inverse(vec384 out, const vec384 inp) 151 | { reciprocal_fp(out, inp); } 152 | -------------------------------------------------------------------------------- /extern/blst/src/hash_to_field.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "consts.h" 8 | #include "sha256.h" 9 | 10 | static const vec384 BLS12_381_RRRR = { /* RR^2 */ 11 | TO_LIMB_T(0xed48ac6bd94ca1e0), TO_LIMB_T(0x315f831e03a7adf8), 12 | TO_LIMB_T(0x9a53352a615e29dd), TO_LIMB_T(0x34c04e5e921e1761), 13 | TO_LIMB_T(0x2512d43565724728), TO_LIMB_T(0x0aa6346091755d4d) 14 | }; 15 | 16 | static void sha256_init_Zpad(SHA256_CTX *ctx) 17 | { 18 | ctx->h[0] = 0xda5698beU; 19 | ctx->h[1] = 0x17b9b469U; 20 | ctx->h[2] = 0x62335799U; 21 | ctx->h[3] = 0x779fbecaU; 22 | ctx->h[4] = 0x8ce5d491U; 23 | ctx->h[5] = 0xc0d26243U; 24 | ctx->h[6] = 0xbafef9eaU; 25 | ctx->h[7] = 0x1837a9d8U; 26 | ctx->N = 64; 27 | vec_zero(ctx->buf, sizeof(ctx->buf)); 28 | ctx->off = 0; 29 | } 30 | 31 | static void vec_xor(void *restrict ret, const void *restrict a, 32 | const void *restrict b, size_t num) 33 | { 34 | limb_t *rp = (limb_t *)ret; 35 | const limb_t *ap = (const limb_t *)a; 36 | const limb_t *bp = (const limb_t *)b; 37 | size_t i; 38 | 39 | num /= sizeof(limb_t); 40 | 41 | for (i = 0; i < num; i++) 42 | rp[i] = ap[i] ^ bp[i]; 43 | } 44 | 45 | static void expand_message_xmd(unsigned char *bytes, size_t len_in_bytes, 46 | const unsigned char *aug, size_t aug_len, 47 | const unsigned char *msg, size_t msg_len, 48 | const unsigned char *DST, size_t DST_len) 49 | { 50 | union { limb_t align; unsigned char c[32]; } b_0; 51 | union { limb_t align; unsigned char c[33+256+31]; } b_i; 52 | unsigned char *p; 53 | size_t i, b_i_bits, b_i_blocks; 54 | SHA256_CTX ctx; 55 | 56 | /* 57 | * compose template for 'strxor(b_0, b_(i-1)) || I2OSP(i, 1) || DST_prime' 58 | */ 59 | DST_len &= 0xff; /* just in case */ 60 | b_i_blocks = ((33 + DST_len + 1 + 9) + 63) & -64; 61 | vec_zero(b_i.c + b_i_blocks - 64, 64); 62 | 63 | p = b_i.c + 33; 64 | for (i = 0; i < DST_len; i++) 65 | p[i] = DST[i]; 66 | p[i++] = (unsigned char)DST_len; 67 | p[i++] = 0x80; 68 | b_i_bits = (33 + DST_len + 1) * 8; 69 | p = b_i.c + b_i_blocks; 70 | p[-2] = (unsigned char)(b_i_bits >> 8); 71 | p[-1] = (unsigned char)(b_i_bits); 72 | 73 | sha256_init_Zpad(&ctx); /* Z_pad | */ 74 | sha256_update(&ctx, aug, aug_len); /* | aug | */ 75 | sha256_update(&ctx, msg, msg_len); /* | msg | */ 76 | /* | I2OSP(len_in_bytes, 2) || I2OSP(0, 1) || DST_prime */ 77 | b_i.c[30] = (unsigned char)(len_in_bytes >> 8); 78 | b_i.c[31] = (unsigned char)(len_in_bytes); 79 | b_i.c[32] = 0; 80 | sha256_update(&ctx, b_i.c + 30, 3 + DST_len + 1); 81 | sha256_final(b_0.c, &ctx); 82 | 83 | sha256_init_h(ctx.h); 84 | vec_copy(b_i.c, b_0.c, 32); 85 | ++b_i.c[32]; 86 | sha256_block_data_order(ctx.h, b_i.c, b_i_blocks / 64); 87 | sha256_emit(bytes, ctx.h); 88 | 89 | len_in_bytes /= 32; /* divisible by 64, remember? hence 32 works too */ 90 | while (--len_in_bytes) { 91 | sha256_init_h(ctx.h); 92 | vec_xor(b_i.c, b_0.c, bytes, 32); 93 | bytes += 32; 94 | ++b_i.c[32]; 95 | sha256_block_data_order(ctx.h, b_i.c, b_i_blocks / 64); 96 | sha256_emit(bytes, ctx.h); 97 | } 98 | } 99 | 100 | /* 101 | * |nelems| is 'count * m' from spec 102 | */ 103 | static void hash_to_field(vec384 elems[], size_t nelems, 104 | const unsigned char *aug, size_t aug_len, 105 | const unsigned char *msg, size_t msg_len, 106 | const unsigned char *DST, size_t DST_len) 107 | { 108 | size_t L = sizeof(vec384) + 128/8; /* ceil((ceil(log2(p)) + k) / 8) */ 109 | size_t len_in_bytes = L * nelems; /* divisible by 64, hurray! */ 110 | #if !defined(__STDC_VERSION__) || __STDC_VERSION__<199901 111 | limb_t *pseudo_random = alloca(len_in_bytes); 112 | #else 113 | limb_t pseudo_random[len_in_bytes/sizeof(limb_t)]; 114 | #endif 115 | unsigned char *bytes; 116 | vec768 elem; 117 | 118 | aug_len = aug!=NULL ? aug_len : 0; 119 | DST_len = DST!=NULL ? DST_len : 0; 120 | 121 | expand_message_xmd((unsigned char *)pseudo_random, len_in_bytes, 122 | aug, aug_len, msg, msg_len, DST, DST_len); 123 | 124 | vec_zero(elem, sizeof(elem)); 125 | bytes = (unsigned char *)pseudo_random; 126 | while (nelems--) { 127 | limbs_from_be_bytes(elem, bytes, L); 128 | bytes += L; 129 | /* 130 | * L-bytes block % P, output is in Montgomery domain... 131 | */ 132 | redc_mont_384(elems[0], elem, BLS12_381_P, p0); 133 | mul_mont_384(elems[0], elems[0], BLS12_381_RRRR, BLS12_381_P, p0); 134 | elems++; 135 | } 136 | } 137 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/blst_misc.tgo: -------------------------------------------------------------------------------- 1 | 2 | import "fmt" 3 | 4 | // Parse out optional arguments for sign and verify. 5 | // aug []byte - augmentation bytes (default: nil) 6 | func parseOpts(optional ...interface{}) ([]byte, [][]byte, bool, bool) { 7 | var aug [][]byte // For aggregate verify 8 | var augSingle []byte // For signing 9 | useHash := true // hash (true), encode (false) 10 | 11 | for _, arg := range optional { 12 | switch v := arg.(type) { 13 | case []byte: 14 | augSingle = v 15 | case [][]byte: 16 | aug = v 17 | case bool: 18 | useHash = v 19 | default: 20 | return nil, nil, useHash, false 21 | } 22 | } 23 | return augSingle, aug, useHash, true 24 | } 25 | 26 | func bytesAllZero(s []byte) bool { 27 | for _, v := range s { 28 | if v != 0 { 29 | return false 30 | } 31 | } 32 | return true 33 | } 34 | 35 | // 36 | // Serialization/Deserialization. 37 | // 38 | 39 | // Scalar serdes 40 | func (s *Scalar) Serialize() []byte { 41 | var out [BLST_SCALAR_BYTES]byte 42 | C.blst_bendian_from_scalar((*C.byte)(&out[0]), s) 43 | return out[:] 44 | } 45 | 46 | func (s *Scalar) Deserialize(in []byte) *Scalar { 47 | if len(in) != BLST_SCALAR_BYTES { 48 | return nil 49 | } 50 | C.blst_scalar_from_bendian(s, (*C.byte)(&in[0])) 51 | if !C.blst_scalar_fr_check(s) { 52 | return nil 53 | } 54 | return s 55 | } 56 | 57 | func (s *Scalar) Valid() bool { 58 | return bool(C.blst_scalar_fr_check(s)) 59 | } 60 | 61 | // 62 | // LEndian 63 | // 64 | 65 | func (fr *Scalar) ToLEndian() []byte { 66 | var arr [BLST_SCALAR_BYTES]byte 67 | C.blst_lendian_from_scalar((*C.byte)(&arr[0]), fr) 68 | return arr[:] 69 | } 70 | 71 | func (fp *Fp) ToLEndian() []byte { 72 | var arr [BLST_FP_BYTES]byte 73 | C.blst_lendian_from_fp((*C.byte)(&arr[0]), fp) 74 | return arr[:] 75 | } 76 | 77 | func (fr *Scalar) FromLEndian(arr []byte) *Scalar { 78 | if len(arr) != BLST_SCALAR_BYTES { 79 | return nil 80 | } 81 | C.blst_scalar_from_lendian(fr, (*C.byte)(&arr[0])) 82 | return fr 83 | } 84 | 85 | func (fp *Fp) FromLEndian(arr []byte) *Fp { 86 | if len(arr) != BLST_FP_BYTES { 87 | return nil 88 | } 89 | C.blst_fp_from_lendian(fp, (*C.byte)(&arr[0])) 90 | return fp 91 | } 92 | 93 | // 94 | // BEndian 95 | // 96 | 97 | func (fr *Scalar) ToBEndian() []byte { 98 | var arr [BLST_SCALAR_BYTES]byte 99 | C.blst_bendian_from_scalar((*C.byte)(&arr[0]), fr) 100 | return arr[:] 101 | } 102 | 103 | func (fp *Fp) ToBEndian() []byte { 104 | var arr [BLST_FP_BYTES]byte 105 | C.blst_bendian_from_fp((*C.byte)(&arr[0]), fp) 106 | return arr[:] 107 | } 108 | 109 | func (fr *Scalar) FromBEndian(arr []byte) *Scalar { 110 | if len(arr) != BLST_SCALAR_BYTES { 111 | return nil 112 | } 113 | C.blst_scalar_from_bendian(fr, (*C.byte)(&arr[0])) 114 | return fr 115 | } 116 | 117 | func (fp *Fp) FromBEndian(arr []byte) *Fp { 118 | if len(arr) != BLST_FP_BYTES { 119 | return nil 120 | } 121 | C.blst_fp_from_bendian(fp, (*C.byte)(&arr[0])) 122 | return fp 123 | } 124 | 125 | // 126 | // Printing 127 | // 128 | 129 | func PrintBytes(val []byte, name string) { 130 | fmt.Printf("%s = %02x\n", name, val) 131 | } 132 | 133 | func (s *Scalar) Print(name string) { 134 | arr := s.ToBEndian() 135 | PrintBytes(arr[:], name) 136 | } 137 | 138 | func (p *P1Affine) Print(name string) { 139 | fmt.Printf("%s:\n", name) 140 | arr := p.x.ToBEndian() 141 | PrintBytes(arr, " x") 142 | arr = p.y.ToBEndian() 143 | PrintBytes(arr, " y") 144 | } 145 | 146 | func (p *P1) Print(name string) { 147 | fmt.Printf("%s:\n", name) 148 | aff := p.ToAffine() 149 | aff.Print(name) 150 | } 151 | 152 | func (f *Fp2) Print(name string) { 153 | fmt.Printf("%s:\n", name) 154 | arr := f.fp[0].ToBEndian() 155 | PrintBytes(arr, " 0") 156 | arr = f.fp[1].ToBEndian() 157 | PrintBytes(arr, " 1") 158 | } 159 | 160 | func (p *P2Affine) Print(name string) { 161 | fmt.Printf("%s:\n", name) 162 | p.x.Print(" x") 163 | p.y.Print(" y") 164 | } 165 | 166 | func (p *P2) Print(name string) { 167 | fmt.Printf("%s:\n", name) 168 | aff := p.ToAffine() 169 | aff.Print(name) 170 | } 171 | 172 | // 173 | // Equality 174 | // 175 | 176 | func (s1 *Scalar) Equals(s2 *Scalar) bool { 177 | return *s1 == *s2; 178 | } 179 | 180 | func (e1 *Fp) Equals(e2 *Fp) bool { 181 | return *e1 == *e2; 182 | } 183 | 184 | func (e1 *Fp2) Equals(e2 *Fp2) bool { 185 | return *e1 == *e2; 186 | } 187 | 188 | func (e1 *P1Affine) Equals(e2 *P1Affine) bool { 189 | return bool(C.blst_p1_affine_is_equal(e1, e2)) 190 | } 191 | 192 | func (e1 *P1) Equals(e2 *P1) bool { 193 | return bool(C.blst_p1_is_equal(e1, e2)) 194 | } 195 | 196 | func (e1 *P2Affine) Equals(e2 *P2Affine) bool { 197 | return bool(C.blst_p2_affine_is_equal(e1, e2)) 198 | } 199 | 200 | func (e1 *P2) Equals(e2 *P2) bool { 201 | return bool(C.blst_p2_is_equal(e1, e2)) 202 | } 203 | -------------------------------------------------------------------------------- /extern/blst/build/mach-o/add_mod_384x384-x86_64.s: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | 4 | .p2align 5 5 | __add_mod_384x384: 6 | .cfi_startproc 7 | .byte 0xf3,0x0f,0x1e,0xfa 8 | 9 | movq 0(%rsi),%r8 10 | movq 8(%rsi),%r9 11 | movq 16(%rsi),%r10 12 | movq 24(%rsi),%r11 13 | movq 32(%rsi),%r12 14 | movq 40(%rsi),%r13 15 | movq 48(%rsi),%r14 16 | 17 | addq 0(%rdx),%r8 18 | movq 56(%rsi),%r15 19 | adcq 8(%rdx),%r9 20 | movq 64(%rsi),%rax 21 | adcq 16(%rdx),%r10 22 | movq 72(%rsi),%rbx 23 | adcq 24(%rdx),%r11 24 | movq 80(%rsi),%rbp 25 | adcq 32(%rdx),%r12 26 | movq 88(%rsi),%rsi 27 | adcq 40(%rdx),%r13 28 | movq %r8,0(%rdi) 29 | adcq 48(%rdx),%r14 30 | movq %r9,8(%rdi) 31 | adcq 56(%rdx),%r15 32 | movq %r10,16(%rdi) 33 | adcq 64(%rdx),%rax 34 | movq %r12,32(%rdi) 35 | movq %r14,%r8 36 | adcq 72(%rdx),%rbx 37 | movq %r11,24(%rdi) 38 | movq %r15,%r9 39 | adcq 80(%rdx),%rbp 40 | movq %r13,40(%rdi) 41 | movq %rax,%r10 42 | adcq 88(%rdx),%rsi 43 | movq %rbx,%r11 44 | sbbq %rdx,%rdx 45 | 46 | subq 0(%rcx),%r14 47 | sbbq 8(%rcx),%r15 48 | movq %rbp,%r12 49 | sbbq 16(%rcx),%rax 50 | sbbq 24(%rcx),%rbx 51 | sbbq 32(%rcx),%rbp 52 | movq %rsi,%r13 53 | sbbq 40(%rcx),%rsi 54 | sbbq $0,%rdx 55 | 56 | cmovcq %r8,%r14 57 | cmovcq %r9,%r15 58 | cmovcq %r10,%rax 59 | movq %r14,48(%rdi) 60 | cmovcq %r11,%rbx 61 | movq %r15,56(%rdi) 62 | cmovcq %r12,%rbp 63 | movq %rax,64(%rdi) 64 | cmovcq %r13,%rsi 65 | movq %rbx,72(%rdi) 66 | movq %rbp,80(%rdi) 67 | movq %rsi,88(%rdi) 68 | 69 | .byte 0xf3,0xc3 70 | .cfi_endproc 71 | 72 | 73 | 74 | .p2align 5 75 | __sub_mod_384x384: 76 | .cfi_startproc 77 | .byte 0xf3,0x0f,0x1e,0xfa 78 | 79 | movq 0(%rsi),%r8 80 | movq 8(%rsi),%r9 81 | movq 16(%rsi),%r10 82 | movq 24(%rsi),%r11 83 | movq 32(%rsi),%r12 84 | movq 40(%rsi),%r13 85 | movq 48(%rsi),%r14 86 | 87 | subq 0(%rdx),%r8 88 | movq 56(%rsi),%r15 89 | sbbq 8(%rdx),%r9 90 | movq 64(%rsi),%rax 91 | sbbq 16(%rdx),%r10 92 | movq 72(%rsi),%rbx 93 | sbbq 24(%rdx),%r11 94 | movq 80(%rsi),%rbp 95 | sbbq 32(%rdx),%r12 96 | movq 88(%rsi),%rsi 97 | sbbq 40(%rdx),%r13 98 | movq %r8,0(%rdi) 99 | sbbq 48(%rdx),%r14 100 | movq 0(%rcx),%r8 101 | movq %r9,8(%rdi) 102 | sbbq 56(%rdx),%r15 103 | movq 8(%rcx),%r9 104 | movq %r10,16(%rdi) 105 | sbbq 64(%rdx),%rax 106 | movq 16(%rcx),%r10 107 | movq %r11,24(%rdi) 108 | sbbq 72(%rdx),%rbx 109 | movq 24(%rcx),%r11 110 | movq %r12,32(%rdi) 111 | sbbq 80(%rdx),%rbp 112 | movq 32(%rcx),%r12 113 | movq %r13,40(%rdi) 114 | sbbq 88(%rdx),%rsi 115 | movq 40(%rcx),%r13 116 | sbbq %rdx,%rdx 117 | 118 | andq %rdx,%r8 119 | andq %rdx,%r9 120 | andq %rdx,%r10 121 | andq %rdx,%r11 122 | andq %rdx,%r12 123 | andq %rdx,%r13 124 | 125 | addq %r8,%r14 126 | adcq %r9,%r15 127 | movq %r14,48(%rdi) 128 | adcq %r10,%rax 129 | movq %r15,56(%rdi) 130 | adcq %r11,%rbx 131 | movq %rax,64(%rdi) 132 | adcq %r12,%rbp 133 | movq %rbx,72(%rdi) 134 | adcq %r13,%rsi 135 | movq %rbp,80(%rdi) 136 | movq %rsi,88(%rdi) 137 | 138 | .byte 0xf3,0xc3 139 | .cfi_endproc 140 | 141 | 142 | .globl _add_mod_384x384 143 | .private_extern _add_mod_384x384 144 | 145 | .p2align 5 146 | _add_mod_384x384: 147 | .cfi_startproc 148 | .byte 0xf3,0x0f,0x1e,0xfa 149 | 150 | 151 | pushq %rbp 152 | .cfi_adjust_cfa_offset 8 153 | .cfi_offset %rbp,-16 154 | pushq %rbx 155 | .cfi_adjust_cfa_offset 8 156 | .cfi_offset %rbx,-24 157 | pushq %r12 158 | .cfi_adjust_cfa_offset 8 159 | .cfi_offset %r12,-32 160 | pushq %r13 161 | .cfi_adjust_cfa_offset 8 162 | .cfi_offset %r13,-40 163 | pushq %r14 164 | .cfi_adjust_cfa_offset 8 165 | .cfi_offset %r14,-48 166 | pushq %r15 167 | .cfi_adjust_cfa_offset 8 168 | .cfi_offset %r15,-56 169 | subq $8,%rsp 170 | .cfi_adjust_cfa_offset 8 171 | 172 | 173 | call __add_mod_384x384 174 | 175 | movq 8(%rsp),%r15 176 | .cfi_restore %r15 177 | movq 16(%rsp),%r14 178 | .cfi_restore %r14 179 | movq 24(%rsp),%r13 180 | .cfi_restore %r13 181 | movq 32(%rsp),%r12 182 | .cfi_restore %r12 183 | movq 40(%rsp),%rbx 184 | .cfi_restore %rbx 185 | movq 48(%rsp),%rbp 186 | .cfi_restore %rbp 187 | leaq 56(%rsp),%rsp 188 | .cfi_adjust_cfa_offset -56 189 | 190 | .byte 0xf3,0xc3 191 | .cfi_endproc 192 | 193 | 194 | .globl _sub_mod_384x384 195 | .private_extern _sub_mod_384x384 196 | 197 | .p2align 5 198 | _sub_mod_384x384: 199 | .cfi_startproc 200 | .byte 0xf3,0x0f,0x1e,0xfa 201 | 202 | 203 | pushq %rbp 204 | .cfi_adjust_cfa_offset 8 205 | .cfi_offset %rbp,-16 206 | pushq %rbx 207 | .cfi_adjust_cfa_offset 8 208 | .cfi_offset %rbx,-24 209 | pushq %r12 210 | .cfi_adjust_cfa_offset 8 211 | .cfi_offset %r12,-32 212 | pushq %r13 213 | .cfi_adjust_cfa_offset 8 214 | .cfi_offset %r13,-40 215 | pushq %r14 216 | .cfi_adjust_cfa_offset 8 217 | .cfi_offset %r14,-48 218 | pushq %r15 219 | .cfi_adjust_cfa_offset 8 220 | .cfi_offset %r15,-56 221 | subq $8,%rsp 222 | .cfi_adjust_cfa_offset 8 223 | 224 | 225 | call __sub_mod_384x384 226 | 227 | movq 8(%rsp),%r15 228 | .cfi_restore %r15 229 | movq 16(%rsp),%r14 230 | .cfi_restore %r14 231 | movq 24(%rsp),%r13 232 | .cfi_restore %r13 233 | movq 32(%rsp),%r12 234 | .cfi_restore %r12 235 | movq 40(%rsp),%rbx 236 | .cfi_restore %rbx 237 | movq 48(%rsp),%rbp 238 | .cfi_restore %rbp 239 | leaq 56(%rsp),%rsp 240 | .cfi_adjust_cfa_offset -56 241 | 242 | .byte 0xf3,0xc3 243 | .cfi_endproc 244 | 245 | -------------------------------------------------------------------------------- /extern/blst/build/mach-o/inverse_mod_384-armv8.S: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .align 5 4 | Lone: 5 | .quad 1,0,0,0,0,0,0,0 6 | 7 | .globl _eucl_inverse_mod_384 8 | .private_extern _eucl_inverse_mod_384 9 | 10 | .align 5 11 | _eucl_inverse_mod_384: 12 | .long 3573752639 13 | stp x29,x30,[sp,#-48]! 14 | add x29,sp,#0 15 | stp x19,x20,[sp,#16] 16 | stp x21,x22,[sp,#32] 17 | sub sp,sp,#192 18 | 19 | adr x4,Lone 20 | cmp x3,#0 21 | csel x3,x3,x4,ne // default x3 to 1 22 | 23 | ldp x4,x5,[x1] 24 | ldp x6,x7,[x1,#16] 25 | ldp x8,x9,[x1,#32] 26 | 27 | orr x10,x4,x5 28 | orr x11,x6,x7 29 | orr x12,x8,x9 30 | orr x10,x10,x11 31 | orr x10,x10,x12 32 | cbz x10,Labort // abort if |inp|==0 33 | 34 | ldp x10,x11,[x3] 35 | ldp x12,x13,[x3,#16] 36 | ldp x14,x15,[x3,#32] 37 | 38 | ldp x16,x17,[x2] 39 | ldp x19,x20,[x2,#16] 40 | ldp x21,x22,[x2,#32] 41 | 42 | stp x4,x5,[sp,#0] // copy |inp| to U 43 | stp x6,x7,[sp,#0+16] 44 | stp x8,x9,[sp,#0+32] 45 | 46 | stp x10,x11,[sp,#0+48] // copy |one| to X 47 | stp x12,x13,[sp,#0+64] 48 | stp x14,x15,[sp,#0+80] 49 | 50 | stp x16,x17,[sp,#96] // copy |mod| to V 51 | stp x19,x20,[sp,#96+16] 52 | stp x21,x22,[sp,#96+32] 53 | 54 | stp xzr,xzr,[sp,#96+48] // clear Y 55 | stp xzr,xzr,[sp,#96+64] 56 | stp xzr,xzr,[sp,#96+80] 57 | b Loop_inv 58 | 59 | .align 5 60 | Loop_inv: 61 | add x1,sp,#96 62 | bl __remove_powers_of_2 63 | 64 | add x1,sp,#0 65 | bl __remove_powers_of_2 66 | 67 | ldp x10,x11,[sp,#96] 68 | add x2,sp,#96 69 | ldp x12,x13,[sp,#96+16] 70 | subs x4,x4,x10 // U-V 71 | ldp x14,x15,[sp,#96+32] 72 | sbcs x5,x5,x11 73 | sbcs x6,x6,x12 74 | sbcs x7,x7,x13 75 | sbcs x8,x8,x14 76 | sbcs x9,x9,x15 77 | b.hs Lu_greater_than_v 78 | 79 | eor x2,x2,x1 // xchg x2,x1 80 | mvn x4,x4 // U-V => V-U 81 | eor x1,x1,x2 82 | mvn x5,x5 83 | eor x2,x2,x1 84 | adds x4,x4,#1 85 | mvn x6,x6 86 | adcs x5,x5,xzr 87 | mvn x7,x7 88 | adcs x6,x6,xzr 89 | mvn x8,x8 90 | adcs x7,x7,xzr 91 | mvn x9,x9 92 | adcs x8,x8,xzr 93 | adc x9,x9,xzr 94 | 95 | Lu_greater_than_v: 96 | stp x4,x5,[x1] 97 | ldp x4,x5,[x2,#48] 98 | ldp x10,x11,[x1,#48] 99 | stp x6,x7,[x1,#16] 100 | ldp x6,x7,[x2,#64] 101 | subs x10,x10,x4 // X-Y # [alt. Y-X] 102 | ldp x12,x13,[x1,#64] 103 | sbcs x11,x11,x5 104 | stp x8,x9,[x1,#32] 105 | ldp x8,x9,[x2,#80] 106 | sbcs x12,x12,x6 107 | ldp x14,x15,[x1,#80] 108 | sbcs x13,x13,x7 109 | sbcs x14,x14,x8 110 | sbcs x15,x15,x9 111 | sbc x9,xzr,xzr // borrow -> mask 112 | 113 | and x4,x16,x9 114 | and x5,x17,x9 115 | adds x10,x10,x4 // reduce if X>= cnt 179 | lslv x10,x5,x15 180 | orr x4,x4,x10 181 | lsrv x5,x5,x3 182 | lslv x11,x6,x15 183 | orr x5,x5,x11 184 | ldp x10,x11,[x1,#48] 185 | lsrv x6,x6,x3 186 | lslv x12,x7,x15 187 | orr x6,x6,x12 188 | lsrv x7,x7,x3 189 | lslv x13,x8,x15 190 | orr x7,x7,x13 191 | ldp x12,x13,[x1,#64] 192 | lsrv x8,x8,x3 193 | lslv x14,x9,x15 194 | orr x8,x8,x14 195 | ldp x14,x15,[x1,#80] 196 | lsrv x9,x9,x3 197 | 198 | stp x4, x5,[x1] 199 | stp x6, x7,[x1,#16] 200 | stp x8, x9,[x1,#32] 201 | b Loop_div_by_2 202 | 203 | .align 4 204 | Loop_div_by_2: 205 | sbfx x9,x10,#0,#1 206 | sub x3,x3,#1 207 | 208 | and x4,x16,x9 209 | and x5,x17,x9 210 | adds x10,x10,x4 211 | and x6,x19,x9 212 | adcs x11,x11,x5 213 | and x7,x20,x9 214 | adcs x12,x12,x6 215 | and x8,x21,x9 216 | adcs x13,x13,x7 217 | and x9,x22,x9 218 | adcs x14,x14,x8 219 | extr x10,x11,x10,#1 // acc[6:11] >>= 1 220 | adcs x15,x15,x9 221 | extr x11,x12,x11,#1 222 | adc x9,xzr,xzr // redundant if modulus is <384 bits... 223 | extr x12,x13,x12,#1 224 | extr x13,x14,x13,#1 225 | extr x14,x15,x14,#1 226 | extr x15,x9,x15,#1 227 | 228 | cbnz x3,Loop_div_by_2 229 | 230 | ldp x4,x5,[x1] // reload X [mostly for 2nd caller] 231 | ldp x6,x7,[x1,#16] 232 | ldp x8,x9,[x1,#32] 233 | 234 | stp x10,x11,[x1,#48] 235 | stp x12,x13,[x1,#64] 236 | stp x14,x15,[x1,#80] 237 | 238 | tbz x4,#0,Loop_of_2 // unlikely in real life 239 | 240 | Loop_of_2_done: 241 | ret 242 | 243 | -------------------------------------------------------------------------------- /extern/blst/build/win64/inverse_mod_384-armv8.asm: -------------------------------------------------------------------------------- 1 | AREA |.text|,CODE,ALIGN=8,ARM64 2 | 3 | ALIGN 32 4 | |$Lone| 5 | DCQU 1,0,0,0,0,0,0,0 6 | 7 | 8 | 9 | EXPORT |eucl_inverse_mod_384|[FUNC] 10 | ALIGN 32 11 | |eucl_inverse_mod_384| PROC 12 | DCDU 3573752639 13 | stp x29,x30,[sp,#-48]! 14 | add x29,sp,#0 15 | stp x19,x20,[sp,#16] 16 | stp x21,x22,[sp,#32] 17 | sub sp,sp,#192 18 | 19 | adr x4,|$Lone| 20 | cmp x3,#0 21 | cselne x3,x3,x4 22 | 23 | ldp x4,x5,[x1] 24 | ldp x6,x7,[x1,#16] 25 | ldp x8,x9,[x1,#32] 26 | 27 | orr x10,x4,x5 28 | orr x11,x6,x7 29 | orr x12,x8,x9 30 | orr x10,x10,x11 31 | orr x10,x10,x12 32 | cbz x10,|$Labort| // abort if |inp|==0 33 | 34 | ldp x10,x11,[x3] 35 | ldp x12,x13,[x3,#16] 36 | ldp x14,x15,[x3,#32] 37 | 38 | ldp x16,x17,[x2] 39 | ldp x19,x20,[x2,#16] 40 | ldp x21,x22,[x2,#32] 41 | 42 | stp x4,x5,[sp,#0] // copy |inp| to U 43 | stp x6,x7,[sp,#0+16] 44 | stp x8,x9,[sp,#0+32] 45 | 46 | stp x10,x11,[sp,#0+48] // copy |one| to X 47 | stp x12,x13,[sp,#0+64] 48 | stp x14,x15,[sp,#0+80] 49 | 50 | stp x16,x17,[sp,#96] // copy |mod| to V 51 | stp x19,x20,[sp,#96+16] 52 | stp x21,x22,[sp,#96+32] 53 | 54 | stp xzr,xzr,[sp,#96+48] // clear Y 55 | stp xzr,xzr,[sp,#96+64] 56 | stp xzr,xzr,[sp,#96+80] 57 | b |$Loop_inv| 58 | 59 | ALIGN 32 60 | |$Loop_inv| 61 | add x1,sp,#96 62 | bl __remove_powers_of_2 63 | 64 | add x1,sp,#0 65 | bl __remove_powers_of_2 66 | 67 | ldp x10,x11,[sp,#96] 68 | add x2,sp,#96 69 | ldp x12,x13,[sp,#96+16] 70 | subs x4,x4,x10 // U-V 71 | ldp x14,x15,[sp,#96+32] 72 | sbcs x5,x5,x11 73 | sbcs x6,x6,x12 74 | sbcs x7,x7,x13 75 | sbcs x8,x8,x14 76 | sbcs x9,x9,x15 77 | bhs |$Lu_greater_than_v| 78 | 79 | eor x2,x2,x1 // xchg x2,x1 80 | mvn x4,x4 // U-V => V-U 81 | eor x1,x1,x2 82 | mvn x5,x5 83 | eor x2,x2,x1 84 | adds x4,x4,#1 85 | mvn x6,x6 86 | adcs x5,x5,xzr 87 | mvn x7,x7 88 | adcs x6,x6,xzr 89 | mvn x8,x8 90 | adcs x7,x7,xzr 91 | mvn x9,x9 92 | adcs x8,x8,xzr 93 | adc x9,x9,xzr 94 | 95 | |$Lu_greater_than_v| 96 | stp x4,x5,[x1] 97 | ldp x4,x5,[x2,#48] 98 | ldp x10,x11,[x1,#48] 99 | stp x6,x7,[x1,#16] 100 | ldp x6,x7,[x2,#64] 101 | subs x10,x10,x4 // X-Y # [alt. Y-X] 102 | ldp x12,x13,[x1,#64] 103 | sbcs x11,x11,x5 104 | stp x8,x9,[x1,#32] 105 | ldp x8,x9,[x2,#80] 106 | sbcs x12,x12,x6 107 | ldp x14,x15,[x1,#80] 108 | sbcs x13,x13,x7 109 | sbcs x14,x14,x8 110 | sbcs x15,x15,x9 111 | sbc x9,xzr,xzr // borrow -> mask 112 | 113 | and x4,x16,x9 114 | and x5,x17,x9 115 | adds x10,x10,x4 // reduce if X>= cnt 179 | lslv x10,x5,x15 180 | orr x4,x4,x10 181 | lsrv x5,x5,x3 182 | lslv x11,x6,x15 183 | orr x5,x5,x11 184 | ldp x10,x11,[x1,#48] 185 | lsrv x6,x6,x3 186 | lslv x12,x7,x15 187 | orr x6,x6,x12 188 | lsrv x7,x7,x3 189 | lslv x13,x8,x15 190 | orr x7,x7,x13 191 | ldp x12,x13,[x1,#64] 192 | lsrv x8,x8,x3 193 | lslv x14,x9,x15 194 | orr x8,x8,x14 195 | ldp x14,x15,[x1,#80] 196 | lsrv x9,x9,x3 197 | 198 | stp x4, x5,[x1] 199 | stp x6, x7,[x1,#16] 200 | stp x8, x9,[x1,#32] 201 | b |$Loop_div_by_2| 202 | 203 | ALIGN 16 204 | |$Loop_div_by_2| 205 | sbfx x9,x10,#0,#1 206 | sub x3,x3,#1 207 | 208 | and x4,x16,x9 209 | and x5,x17,x9 210 | adds x10,x10,x4 211 | and x6,x19,x9 212 | adcs x11,x11,x5 213 | and x7,x20,x9 214 | adcs x12,x12,x6 215 | and x8,x21,x9 216 | adcs x13,x13,x7 217 | and x9,x22,x9 218 | adcs x14,x14,x8 219 | extr x10,x11,x10,#1 // acc[6:11] >>= 1 220 | adcs x15,x15,x9 221 | extr x11,x12,x11,#1 222 | adc x9,xzr,xzr // redundant if modulus is <384 bits... 223 | extr x12,x13,x12,#1 224 | extr x13,x14,x13,#1 225 | extr x14,x15,x14,#1 226 | extr x15,x9,x15,#1 227 | 228 | cbnz x3,|$Loop_div_by_2| 229 | 230 | ldp x4,x5,[x1] // reload X [mostly for 2nd caller] 231 | ldp x6,x7,[x1,#16] 232 | ldp x8,x9,[x1,#32] 233 | 234 | stp x10,x11,[x1,#48] 235 | stp x12,x13,[x1,#64] 236 | stp x14,x15,[x1,#80] 237 | 238 | tbz x4,#0,|$Loop_of_2| // unlikely in real life 239 | 240 | |$Loop_of_2_done| 241 | ret 242 | ENDP 243 | END 244 | -------------------------------------------------------------------------------- /extern/blst/build/coff/inverse_mod_384-armv8.S: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .p2align 5 4 | .Lone: 5 | .quad 1,0,0,0,0,0,0,0 6 | 7 | .globl eucl_inverse_mod_384 8 | 9 | .def eucl_inverse_mod_384; 10 | .type 32; 11 | .endef 12 | .p2align 5 13 | eucl_inverse_mod_384: 14 | .long 3573752639 15 | stp x29,x30,[sp,#-48]! 16 | add x29,sp,#0 17 | stp x19,x20,[sp,#16] 18 | stp x21,x22,[sp,#32] 19 | sub sp,sp,#192 20 | 21 | adr x4,.Lone 22 | cmp x3,#0 23 | csel x3,x3,x4,ne // default x3 to 1 24 | 25 | ldp x4,x5,[x1] 26 | ldp x6,x7,[x1,#16] 27 | ldp x8,x9,[x1,#32] 28 | 29 | orr x10,x4,x5 30 | orr x11,x6,x7 31 | orr x12,x8,x9 32 | orr x10,x10,x11 33 | orr x10,x10,x12 34 | cbz x10,.Labort // abort if |inp|==0 35 | 36 | ldp x10,x11,[x3] 37 | ldp x12,x13,[x3,#16] 38 | ldp x14,x15,[x3,#32] 39 | 40 | ldp x16,x17,[x2] 41 | ldp x19,x20,[x2,#16] 42 | ldp x21,x22,[x2,#32] 43 | 44 | stp x4,x5,[sp,#0] // copy |inp| to U 45 | stp x6,x7,[sp,#0+16] 46 | stp x8,x9,[sp,#0+32] 47 | 48 | stp x10,x11,[sp,#0+48] // copy |one| to X 49 | stp x12,x13,[sp,#0+64] 50 | stp x14,x15,[sp,#0+80] 51 | 52 | stp x16,x17,[sp,#96] // copy |mod| to V 53 | stp x19,x20,[sp,#96+16] 54 | stp x21,x22,[sp,#96+32] 55 | 56 | stp xzr,xzr,[sp,#96+48] // clear Y 57 | stp xzr,xzr,[sp,#96+64] 58 | stp xzr,xzr,[sp,#96+80] 59 | b .Loop_inv 60 | 61 | .p2align 5 62 | .Loop_inv: 63 | add x1,sp,#96 64 | bl __remove_powers_of_2 65 | 66 | add x1,sp,#0 67 | bl __remove_powers_of_2 68 | 69 | ldp x10,x11,[sp,#96] 70 | add x2,sp,#96 71 | ldp x12,x13,[sp,#96+16] 72 | subs x4,x4,x10 // U-V 73 | ldp x14,x15,[sp,#96+32] 74 | sbcs x5,x5,x11 75 | sbcs x6,x6,x12 76 | sbcs x7,x7,x13 77 | sbcs x8,x8,x14 78 | sbcs x9,x9,x15 79 | b.hs .Lu_greater_than_v 80 | 81 | eor x2,x2,x1 // xchg x2,x1 82 | mvn x4,x4 // U-V => V-U 83 | eor x1,x1,x2 84 | mvn x5,x5 85 | eor x2,x2,x1 86 | adds x4,x4,#1 87 | mvn x6,x6 88 | adcs x5,x5,xzr 89 | mvn x7,x7 90 | adcs x6,x6,xzr 91 | mvn x8,x8 92 | adcs x7,x7,xzr 93 | mvn x9,x9 94 | adcs x8,x8,xzr 95 | adc x9,x9,xzr 96 | 97 | .Lu_greater_than_v: 98 | stp x4,x5,[x1] 99 | ldp x4,x5,[x2,#48] 100 | ldp x10,x11,[x1,#48] 101 | stp x6,x7,[x1,#16] 102 | ldp x6,x7,[x2,#64] 103 | subs x10,x10,x4 // X-Y # [alt. Y-X] 104 | ldp x12,x13,[x1,#64] 105 | sbcs x11,x11,x5 106 | stp x8,x9,[x1,#32] 107 | ldp x8,x9,[x2,#80] 108 | sbcs x12,x12,x6 109 | ldp x14,x15,[x1,#80] 110 | sbcs x13,x13,x7 111 | sbcs x14,x14,x8 112 | sbcs x15,x15,x9 113 | sbc x9,xzr,xzr // borrow -> mask 114 | 115 | and x4,x16,x9 116 | and x5,x17,x9 117 | adds x10,x10,x4 // reduce if X>= cnt 183 | lslv x10,x5,x15 184 | orr x4,x4,x10 185 | lsrv x5,x5,x3 186 | lslv x11,x6,x15 187 | orr x5,x5,x11 188 | ldp x10,x11,[x1,#48] 189 | lsrv x6,x6,x3 190 | lslv x12,x7,x15 191 | orr x6,x6,x12 192 | lsrv x7,x7,x3 193 | lslv x13,x8,x15 194 | orr x7,x7,x13 195 | ldp x12,x13,[x1,#64] 196 | lsrv x8,x8,x3 197 | lslv x14,x9,x15 198 | orr x8,x8,x14 199 | ldp x14,x15,[x1,#80] 200 | lsrv x9,x9,x3 201 | 202 | stp x4, x5,[x1] 203 | stp x6, x7,[x1,#16] 204 | stp x8, x9,[x1,#32] 205 | b .Loop_div_by_2 206 | 207 | .p2align 4 208 | .Loop_div_by_2: 209 | sbfx x9,x10,#0,#1 210 | sub x3,x3,#1 211 | 212 | and x4,x16,x9 213 | and x5,x17,x9 214 | adds x10,x10,x4 215 | and x6,x19,x9 216 | adcs x11,x11,x5 217 | and x7,x20,x9 218 | adcs x12,x12,x6 219 | and x8,x21,x9 220 | adcs x13,x13,x7 221 | and x9,x22,x9 222 | adcs x14,x14,x8 223 | extr x10,x11,x10,#1 // acc[6:11] >>= 1 224 | adcs x15,x15,x9 225 | extr x11,x12,x11,#1 226 | adc x9,xzr,xzr // redundant if modulus is <384 bits... 227 | extr x12,x13,x12,#1 228 | extr x13,x14,x13,#1 229 | extr x14,x15,x14,#1 230 | extr x15,x9,x15,#1 231 | 232 | cbnz x3,.Loop_div_by_2 233 | 234 | ldp x4,x5,[x1] // reload X [mostly for 2nd caller] 235 | ldp x6,x7,[x1,#16] 236 | ldp x8,x9,[x1,#32] 237 | 238 | stp x10,x11,[x1,#48] 239 | stp x12,x13,[x1,#64] 240 | stp x14,x15,[x1,#80] 241 | 242 | tbz x4,#0,.Loop_of_2 // unlikely in real life 243 | 244 | .Loop_of_2_done: 245 | ret 246 | 247 | -------------------------------------------------------------------------------- /extern/blst/build/elf/inverse_mod_384-armv8.S: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .align 5 4 | .Lone: 5 | .quad 1,0,0,0,0,0,0,0 6 | 7 | .globl eucl_inverse_mod_384 8 | .hidden eucl_inverse_mod_384 9 | .type eucl_inverse_mod_384,%function 10 | .align 5 11 | eucl_inverse_mod_384: 12 | .inst 0xd503233f 13 | stp x29,x30,[sp,#-48]! 14 | add x29,sp,#0 15 | stp x19,x20,[sp,#16] 16 | stp x21,x22,[sp,#32] 17 | sub sp,sp,#192 18 | 19 | adr x4,.Lone 20 | cmp x3,#0 21 | csel x3,x3,x4,ne // default x3 to 1 22 | 23 | ldp x4,x5,[x1] 24 | ldp x6,x7,[x1,#16] 25 | ldp x8,x9,[x1,#32] 26 | 27 | orr x10,x4,x5 28 | orr x11,x6,x7 29 | orr x12,x8,x9 30 | orr x10,x10,x11 31 | orr x10,x10,x12 32 | cbz x10,.Labort // abort if |inp|==0 33 | 34 | ldp x10,x11,[x3] 35 | ldp x12,x13,[x3,#16] 36 | ldp x14,x15,[x3,#32] 37 | 38 | ldp x16,x17,[x2] 39 | ldp x19,x20,[x2,#16] 40 | ldp x21,x22,[x2,#32] 41 | 42 | stp x4,x5,[sp,#0] // copy |inp| to U 43 | stp x6,x7,[sp,#0+16] 44 | stp x8,x9,[sp,#0+32] 45 | 46 | stp x10,x11,[sp,#0+48] // copy |one| to X 47 | stp x12,x13,[sp,#0+64] 48 | stp x14,x15,[sp,#0+80] 49 | 50 | stp x16,x17,[sp,#96] // copy |mod| to V 51 | stp x19,x20,[sp,#96+16] 52 | stp x21,x22,[sp,#96+32] 53 | 54 | stp xzr,xzr,[sp,#96+48] // clear Y 55 | stp xzr,xzr,[sp,#96+64] 56 | stp xzr,xzr,[sp,#96+80] 57 | b .Loop_inv 58 | 59 | .align 5 60 | .Loop_inv: 61 | add x1,sp,#96 62 | bl __remove_powers_of_2 63 | 64 | add x1,sp,#0 65 | bl __remove_powers_of_2 66 | 67 | ldp x10,x11,[sp,#96] 68 | add x2,sp,#96 69 | ldp x12,x13,[sp,#96+16] 70 | subs x4,x4,x10 // U-V 71 | ldp x14,x15,[sp,#96+32] 72 | sbcs x5,x5,x11 73 | sbcs x6,x6,x12 74 | sbcs x7,x7,x13 75 | sbcs x8,x8,x14 76 | sbcs x9,x9,x15 77 | b.hs .Lu_greater_than_v 78 | 79 | eor x2,x2,x1 // xchg x2,x1 80 | mvn x4,x4 // U-V => V-U 81 | eor x1,x1,x2 82 | mvn x5,x5 83 | eor x2,x2,x1 84 | adds x4,x4,#1 85 | mvn x6,x6 86 | adcs x5,x5,xzr 87 | mvn x7,x7 88 | adcs x6,x6,xzr 89 | mvn x8,x8 90 | adcs x7,x7,xzr 91 | mvn x9,x9 92 | adcs x8,x8,xzr 93 | adc x9,x9,xzr 94 | 95 | .Lu_greater_than_v: 96 | stp x4,x5,[x1] 97 | ldp x4,x5,[x2,#48] 98 | ldp x10,x11,[x1,#48] 99 | stp x6,x7,[x1,#16] 100 | ldp x6,x7,[x2,#64] 101 | subs x10,x10,x4 // X-Y # [alt. Y-X] 102 | ldp x12,x13,[x1,#64] 103 | sbcs x11,x11,x5 104 | stp x8,x9,[x1,#32] 105 | ldp x8,x9,[x2,#80] 106 | sbcs x12,x12,x6 107 | ldp x14,x15,[x1,#80] 108 | sbcs x13,x13,x7 109 | sbcs x14,x14,x8 110 | sbcs x15,x15,x9 111 | sbc x9,xzr,xzr // borrow -> mask 112 | 113 | and x4,x16,x9 114 | and x5,x17,x9 115 | adds x10,x10,x4 // reduce if X>= cnt 179 | lslv x10,x5,x15 180 | orr x4,x4,x10 181 | lsrv x5,x5,x3 182 | lslv x11,x6,x15 183 | orr x5,x5,x11 184 | ldp x10,x11,[x1,#48] 185 | lsrv x6,x6,x3 186 | lslv x12,x7,x15 187 | orr x6,x6,x12 188 | lsrv x7,x7,x3 189 | lslv x13,x8,x15 190 | orr x7,x7,x13 191 | ldp x12,x13,[x1,#64] 192 | lsrv x8,x8,x3 193 | lslv x14,x9,x15 194 | orr x8,x8,x14 195 | ldp x14,x15,[x1,#80] 196 | lsrv x9,x9,x3 197 | 198 | stp x4, x5,[x1] 199 | stp x6, x7,[x1,#16] 200 | stp x8, x9,[x1,#32] 201 | b .Loop_div_by_2 202 | 203 | .align 4 204 | .Loop_div_by_2: 205 | sbfx x9,x10,#0,#1 206 | sub x3,x3,#1 207 | 208 | and x4,x16,x9 209 | and x5,x17,x9 210 | adds x10,x10,x4 211 | and x6,x19,x9 212 | adcs x11,x11,x5 213 | and x7,x20,x9 214 | adcs x12,x12,x6 215 | and x8,x21,x9 216 | adcs x13,x13,x7 217 | and x9,x22,x9 218 | adcs x14,x14,x8 219 | extr x10,x11,x10,#1 // acc[6:11] >>= 1 220 | adcs x15,x15,x9 221 | extr x11,x12,x11,#1 222 | adc x9,xzr,xzr // redundant if modulus is <384 bits... 223 | extr x12,x13,x12,#1 224 | extr x13,x14,x13,#1 225 | extr x14,x15,x14,#1 226 | extr x15,x9,x15,#1 227 | 228 | cbnz x3,.Loop_div_by_2 229 | 230 | ldp x4,x5,[x1] // reload X [mostly for 2nd caller] 231 | ldp x6,x7,[x1,#16] 232 | ldp x8,x9,[x1,#32] 233 | 234 | stp x10,x11,[x1,#48] 235 | stp x12,x13,[x1,#64] 236 | stp x14,x15,[x1,#80] 237 | 238 | tbz x4,#0,.Loop_of_2 // unlikely in real life 239 | 240 | .Loop_of_2_done: 241 | ret 242 | .size __remove_powers_of_2,.-__remove_powers_of_2 243 | -------------------------------------------------------------------------------- /extern/blst/build/mach-o/inverse_mod_256-x86_64.s: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .p2align 5 4 | L$one_256: 5 | .quad 1,0,0,0 6 | 7 | .globl _eucl_inverse_mod_256 8 | .private_extern _eucl_inverse_mod_256 9 | 10 | .p2align 5 11 | _eucl_inverse_mod_256: 12 | .cfi_startproc 13 | .byte 0xf3,0x0f,0x1e,0xfa 14 | 15 | 16 | pushq %rbp 17 | .cfi_adjust_cfa_offset 8 18 | .cfi_offset %rbp,-16 19 | pushq %rbx 20 | .cfi_adjust_cfa_offset 8 21 | .cfi_offset %rbx,-24 22 | subq $152,%rsp 23 | .cfi_adjust_cfa_offset 152 24 | 25 | 26 | movq %rdi,0(%rsp) 27 | leaq L$one_256(%rip),%rbp 28 | cmpq $0,%rcx 29 | cmoveq %rbp,%rcx 30 | 31 | movq 0(%rsi),%rax 32 | movq 8(%rsi),%r9 33 | movq 16(%rsi),%r10 34 | movq 24(%rsi),%r11 35 | 36 | movq %rax,%r8 37 | orq %r9,%rax 38 | orq %r10,%rax 39 | orq %r11,%rax 40 | jz L$abort_256 41 | 42 | leaq 16(%rsp),%rsi 43 | movq 0(%rcx),%rax 44 | movq 8(%rcx),%rbx 45 | movq 16(%rcx),%rbp 46 | movq 24(%rcx),%rdi 47 | 48 | movq %r8,0(%rsi) 49 | movq %r9,8(%rsi) 50 | movq %r10,16(%rsi) 51 | movq %r11,24(%rsi) 52 | 53 | leaq 80(%rsp),%rcx 54 | movq 0(%rdx),%r8 55 | movq 8(%rdx),%r9 56 | movq 16(%rdx),%r10 57 | movq 24(%rdx),%r11 58 | 59 | movq %rax,32(%rsi) 60 | movq %rbx,40(%rsi) 61 | movq %rbp,48(%rsi) 62 | movq %rdi,56(%rsi) 63 | 64 | movq %r8,0(%rcx) 65 | movq %r9,8(%rcx) 66 | movq %r10,16(%rcx) 67 | movq %r11,24(%rcx) 68 | 69 | xorl %eax,%eax 70 | movq %rax,32(%rcx) 71 | movq %rax,40(%rcx) 72 | movq %rax,48(%rcx) 73 | movq %rax,56(%rcx) 74 | jmp L$oop_inv_256 75 | 76 | .p2align 5 77 | L$oop_inv_256: 78 | leaq 80(%rsp),%rsi 79 | call __remove_powers_of_2_256 80 | 81 | leaq 16(%rsp),%rsi 82 | call __remove_powers_of_2_256 83 | 84 | leaq 80(%rsp),%rcx 85 | subq 80+0(%rsp),%r8 86 | sbbq 8(%rcx),%r9 87 | sbbq 16(%rcx),%r10 88 | sbbq 24(%rcx),%r11 89 | jae L$u_greater_than_v_256 90 | 91 | 92 | xchgq %rcx,%rsi 93 | 94 | notq %r8 95 | notq %r9 96 | notq %r10 97 | notq %r11 98 | 99 | addq $1,%r8 100 | adcq $0,%r9 101 | adcq $0,%r10 102 | adcq $0,%r11 103 | 104 | L$u_greater_than_v_256: 105 | movq 32(%rsi),%rax 106 | movq 40(%rsi),%rbx 107 | movq 48(%rsi),%rbp 108 | movq 56(%rsi),%rdi 109 | 110 | subq 32(%rcx),%rax 111 | sbbq 40(%rcx),%rbx 112 | sbbq 48(%rcx),%rbp 113 | sbbq 56(%rcx),%rdi 114 | 115 | movq %r8,0(%rsi) 116 | sbbq %r8,%r8 117 | movq %r9,8(%rsi) 118 | movq %r8,%r9 119 | movq %r10,16(%rsi) 120 | movq %r8,%r10 121 | movq %r11,24(%rsi) 122 | movq %r8,%r11 123 | 124 | andq 0(%rdx),%r8 125 | andq 8(%rdx),%r9 126 | andq 16(%rdx),%r10 127 | andq 24(%rdx),%r11 128 | 129 | addq %r8,%rax 130 | adcq %r9,%rbx 131 | adcq %r10,%rbp 132 | adcq %r11,%rdi 133 | 134 | movq %rax,32(%rsi) 135 | movq %rbx,40(%rsi) 136 | movq %rbp,48(%rsi) 137 | movq %rdi,56(%rsi) 138 | 139 | movq 16+0(%rsp),%r8 140 | movq 16+8(%rsp),%r9 141 | movq 16+16(%rsp),%r10 142 | movq 16+24(%rsp),%r11 143 | orq %r9,%r8 144 | orq %r10,%r8 145 | orq %r11,%r8 146 | jnz L$oop_inv_256 147 | 148 | leaq 80(%rsp),%rsi 149 | movq 0(%rsp),%rdi 150 | movl $1,%eax 151 | 152 | movq 32(%rsi),%r8 153 | movq 40(%rsi),%r9 154 | movq 48(%rsi),%r10 155 | movq 56(%rsi),%r11 156 | 157 | L$abort_256: 158 | movq %r8,0(%rdi) 159 | movq %r9,8(%rdi) 160 | movq %r10,16(%rdi) 161 | movq %r11,24(%rdi) 162 | 163 | leaq 152(%rsp),%r8 164 | movq 0(%r8),%rbx 165 | .cfi_restore %rbx 166 | movq 8(%r8),%rbp 167 | .cfi_restore %rbp 168 | leaq 16(%r8),%rsp 169 | .cfi_adjust_cfa_offset -152-8*2 170 | 171 | .byte 0xf3,0xc3 172 | .cfi_endproc 173 | 174 | 175 | 176 | .p2align 5 177 | __remove_powers_of_2_256: 178 | .cfi_startproc 179 | .byte 0xf3,0x0f,0x1e,0xfa 180 | 181 | movq 0(%rsi),%r8 182 | movq 8(%rsi),%r9 183 | movq 16(%rsi),%r10 184 | movq 24(%rsi),%r11 185 | 186 | L$oop_of_2_256: 187 | bsfq %r8,%rcx 188 | movl $63,%eax 189 | cmovzl %eax,%ecx 190 | 191 | cmpl $0,%ecx 192 | je L$oop_of_2_done_256 193 | 194 | shrq %cl,%r8 195 | movq %r9,%rax 196 | shrq %cl,%r9 197 | movq %r10,%rbx 198 | shrq %cl,%r10 199 | movq %r11,%rbp 200 | shrq %cl,%r11 201 | negb %cl 202 | shlq %cl,%rax 203 | shlq %cl,%rbx 204 | orq %rax,%r8 205 | movq 32(%rsi),%rax 206 | shlq %cl,%rbp 207 | orq %rbx,%r9 208 | movq 40(%rsi),%rbx 209 | orq %rbp,%r10 210 | movq 48(%rsi),%rbp 211 | negb %cl 212 | movq 56(%rsi),%rdi 213 | 214 | movq %r8,0(%rsi) 215 | movq %r9,8(%rsi) 216 | movq %r10,16(%rsi) 217 | movq %r11,24(%rsi) 218 | jmp L$oop_div_by_2_256 219 | 220 | .p2align 5 221 | L$oop_div_by_2_256: 222 | movq $1,%r11 223 | movq 0(%rdx),%r8 224 | andq %rax,%r11 225 | movq 8(%rdx),%r9 226 | negq %r11 227 | movq 16(%rdx),%r10 228 | andq %r11,%r8 229 | andq %r11,%r9 230 | andq %r11,%r10 231 | andq 24(%rdx),%r11 232 | 233 | addq %r8,%rax 234 | adcq %r9,%rbx 235 | adcq %r10,%rbp 236 | adcq %r11,%rdi 237 | sbbq %r11,%r11 238 | 239 | shrq $1,%rax 240 | movq %rbx,%r8 241 | shrq $1,%rbx 242 | movq %rbp,%r9 243 | shrq $1,%rbp 244 | movq %rdi,%r10 245 | shrq $1,%rdi 246 | shlq $63,%r8 247 | shlq $63,%r9 248 | orq %r8,%rax 249 | shlq $63,%r10 250 | orq %r9,%rbx 251 | shlq $63,%r11 252 | orq %r10,%rbp 253 | orq %r11,%rdi 254 | 255 | decl %ecx 256 | jnz L$oop_div_by_2_256 257 | 258 | movq 0(%rsi),%r8 259 | movq 8(%rsi),%r9 260 | movq 16(%rsi),%r10 261 | movq 24(%rsi),%r11 262 | 263 | movq %rax,32(%rsi) 264 | movq %rbx,40(%rsi) 265 | movq %rbp,48(%rsi) 266 | movq %rdi,56(%rsi) 267 | 268 | testq $1,%r8 269 | .byte 0x2e 270 | jz L$oop_of_2_256 271 | 272 | L$oop_of_2_done_256: 273 | .byte 0xf3,0xc3 274 | .cfi_endproc 275 | 276 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/blst_px.tgo: -------------------------------------------------------------------------------- 1 | 2 | // 3 | // Serialization/Deserialization. 4 | // 5 | 6 | // P1 Serdes 7 | func (p1 *P1Affine) Serialize() []byte { 8 | var out [BLST_P1_SERIALIZE_BYTES]byte 9 | C.blst_p1_affine_serialize((*C.byte)(&out[0]), p1) 10 | return out[:] 11 | } 12 | 13 | func (p1 *P1Affine) Deserialize(in []byte) *P1Affine { 14 | if len(in) != BLST_P1_SERIALIZE_BYTES { 15 | return nil 16 | } 17 | if C.blst_p1_deserialize(p1, 18 | (*C.byte)(&in[0])) != C.BLST_SUCCESS { 19 | return nil 20 | } 21 | 22 | if !bool(C.blst_p1_affine_in_g1(p1)) { 23 | return nil 24 | } 25 | return p1 26 | } 27 | func (p1 *P1Affine) Compress() []byte { 28 | var out [BLST_P1_COMPRESS_BYTES]byte 29 | C.blst_p1_affine_compress((*C.byte)(&out[0]), p1) 30 | return out[:] 31 | } 32 | 33 | func (p1 *P1Affine) Uncompress(in []byte) *P1Affine { 34 | if len(in) != BLST_P1_COMPRESS_BYTES { 35 | return nil 36 | } 37 | if C.blst_p1_uncompress(p1, 38 | (*C.byte)(&in[0])) != C.BLST_SUCCESS { 39 | return nil 40 | } 41 | 42 | if !bool(C.blst_p1_affine_in_g1(p1)) { 43 | return nil 44 | } 45 | return p1 46 | } 47 | 48 | func (p1 *P1Affine) InG1() bool { 49 | return bool(C.blst_p1_affine_in_g1(p1)) 50 | } 51 | 52 | func (dummy *P1Affine) BatchUncompress(in [][]byte) []*P1Affine { 53 | // Allocate space for all of the resulting points. Later we'll save pointers 54 | // and return those so that the result could be used in other functions, 55 | // such as MultipleAggregateVerify. 56 | n := len(in) 57 | points := make([]P1Affine, n) 58 | pointsPtrs := make([]*P1Affine, n) 59 | 60 | numCores := runtime.GOMAXPROCS(0) 61 | numThreads := maxProcs 62 | if numThreads > numCores { 63 | numThreads = numCores 64 | } 65 | if numThreads > n { 66 | numThreads = n 67 | } 68 | // Each thread will determine next message to process by atomically 69 | // incrementing curItem, process corresponding point, and 70 | // repeat until n is exceeded. Each thread will send a result (true for 71 | // success, false for failure) into the channel when complete. 72 | resCh := make(chan bool, numThreads) 73 | valid := int32(1) 74 | curItem := uint32(0) 75 | for tid := 0; tid < numThreads; tid++ { 76 | go func() { 77 | for atomic.LoadInt32(&valid) > 0 { 78 | // Get a work item 79 | work := atomic.AddUint32(&curItem, 1) - 1 80 | if work >= uint32(n) { 81 | break 82 | } 83 | if points[work].Uncompress(in[work]) == nil { 84 | atomic.StoreInt32(&valid, 0) 85 | break 86 | } 87 | pointsPtrs[work] = &points[work] 88 | } 89 | if atomic.LoadInt32(&valid) > 0 { 90 | resCh <- true 91 | } else { 92 | resCh <- false 93 | } 94 | }() 95 | } 96 | 97 | // Collect the threads 98 | result := true 99 | for i := 0; i < numThreads; i++ { 100 | if ! <-resCh { 101 | result = false 102 | } 103 | } 104 | if atomic.LoadInt32(&valid) == 0 || result == false { 105 | return nil 106 | } 107 | return pointsPtrs 108 | } 109 | 110 | func (p1 *P1) Serialize() []byte { 111 | var out [BLST_P1_SERIALIZE_BYTES]byte 112 | C.blst_p1_serialize((*C.byte)(&out[0]), p1) 113 | return out[:] 114 | } 115 | func (p1 *P1) Compress() []byte { 116 | var out [BLST_P1_COMPRESS_BYTES]byte 117 | C.blst_p1_compress((*C.byte)(&out[0]), p1) 118 | return out[:] 119 | } 120 | 121 | // 122 | // Affine 123 | // 124 | 125 | func (p *P1) ToAffine() *P1Affine { 126 | var pa P1Affine 127 | C.blst_p1_to_affine(&pa, p) 128 | return &pa 129 | } 130 | 131 | // 132 | // Hash 133 | // 134 | func HashToG1(msg []byte, dst []byte, 135 | optional ...[]byte) *P1 { // aug 136 | var q P1 137 | 138 | // Handle zero length message 139 | var msgC *C.byte 140 | if len(msg) > 0 { 141 | msgC = (*C.byte)(&msg[0]) 142 | } 143 | 144 | var dstC *C.byte 145 | if len(dst) > 0 { 146 | dstC = (*C.byte)(&dst[0]) 147 | } 148 | 149 | var aug []byte 150 | var uaug *C.byte 151 | if len(optional) > 0 { 152 | aug = optional[0] 153 | if len(aug) > 0 { 154 | uaug = (*C.byte)(&aug[0]) 155 | } 156 | } 157 | 158 | C.blst_hash_to_g1(&q, msgC, C.size_t(len(msg)), 159 | dstC, C.size_t(len(dst)), 160 | uaug, C.size_t(len(aug))) 161 | return &q 162 | } 163 | 164 | func EncodeToG1(msg []byte, dst []byte, 165 | optional ...[]byte) *P1 { // aug 166 | var q P1 167 | 168 | // Handle zero length message 169 | var msgC *C.byte 170 | if len(msg) > 0 { 171 | msgC = (*C.byte)(&msg[0]) 172 | } 173 | 174 | var dstC *C.byte 175 | if len(dst) > 0 { 176 | dstC = (*C.byte)(&dst[0]) 177 | } 178 | 179 | var aug []byte 180 | var uaug *C.byte 181 | if len(optional) > 0 { 182 | aug = optional[0] 183 | if len(aug) > 0 { 184 | uaug = (*C.byte)(&aug[0]) 185 | } 186 | } 187 | 188 | C.blst_encode_to_g1(&q, msgC, C.size_t(len(msg)), 189 | dstC, C.size_t(len(dst)), 190 | uaug, C.size_t(len(aug))) 191 | return &q 192 | } 193 | 194 | -------------------------------------------------------------------------------- /extern/blst/build/elf/add_mod_384x384-x86_64.s: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .type __add_mod_384x384,@function 4 | .align 32 5 | __add_mod_384x384: 6 | .cfi_startproc 7 | .byte 0xf3,0x0f,0x1e,0xfa 8 | 9 | movq 0(%rsi),%r8 10 | movq 8(%rsi),%r9 11 | movq 16(%rsi),%r10 12 | movq 24(%rsi),%r11 13 | movq 32(%rsi),%r12 14 | movq 40(%rsi),%r13 15 | movq 48(%rsi),%r14 16 | 17 | addq 0(%rdx),%r8 18 | movq 56(%rsi),%r15 19 | adcq 8(%rdx),%r9 20 | movq 64(%rsi),%rax 21 | adcq 16(%rdx),%r10 22 | movq 72(%rsi),%rbx 23 | adcq 24(%rdx),%r11 24 | movq 80(%rsi),%rbp 25 | adcq 32(%rdx),%r12 26 | movq 88(%rsi),%rsi 27 | adcq 40(%rdx),%r13 28 | movq %r8,0(%rdi) 29 | adcq 48(%rdx),%r14 30 | movq %r9,8(%rdi) 31 | adcq 56(%rdx),%r15 32 | movq %r10,16(%rdi) 33 | adcq 64(%rdx),%rax 34 | movq %r12,32(%rdi) 35 | movq %r14,%r8 36 | adcq 72(%rdx),%rbx 37 | movq %r11,24(%rdi) 38 | movq %r15,%r9 39 | adcq 80(%rdx),%rbp 40 | movq %r13,40(%rdi) 41 | movq %rax,%r10 42 | adcq 88(%rdx),%rsi 43 | movq %rbx,%r11 44 | sbbq %rdx,%rdx 45 | 46 | subq 0(%rcx),%r14 47 | sbbq 8(%rcx),%r15 48 | movq %rbp,%r12 49 | sbbq 16(%rcx),%rax 50 | sbbq 24(%rcx),%rbx 51 | sbbq 32(%rcx),%rbp 52 | movq %rsi,%r13 53 | sbbq 40(%rcx),%rsi 54 | sbbq $0,%rdx 55 | 56 | cmovcq %r8,%r14 57 | cmovcq %r9,%r15 58 | cmovcq %r10,%rax 59 | movq %r14,48(%rdi) 60 | cmovcq %r11,%rbx 61 | movq %r15,56(%rdi) 62 | cmovcq %r12,%rbp 63 | movq %rax,64(%rdi) 64 | cmovcq %r13,%rsi 65 | movq %rbx,72(%rdi) 66 | movq %rbp,80(%rdi) 67 | movq %rsi,88(%rdi) 68 | 69 | .byte 0xf3,0xc3 70 | .cfi_endproc 71 | .size __add_mod_384x384,.-__add_mod_384x384 72 | 73 | .type __sub_mod_384x384,@function 74 | .align 32 75 | __sub_mod_384x384: 76 | .cfi_startproc 77 | .byte 0xf3,0x0f,0x1e,0xfa 78 | 79 | movq 0(%rsi),%r8 80 | movq 8(%rsi),%r9 81 | movq 16(%rsi),%r10 82 | movq 24(%rsi),%r11 83 | movq 32(%rsi),%r12 84 | movq 40(%rsi),%r13 85 | movq 48(%rsi),%r14 86 | 87 | subq 0(%rdx),%r8 88 | movq 56(%rsi),%r15 89 | sbbq 8(%rdx),%r9 90 | movq 64(%rsi),%rax 91 | sbbq 16(%rdx),%r10 92 | movq 72(%rsi),%rbx 93 | sbbq 24(%rdx),%r11 94 | movq 80(%rsi),%rbp 95 | sbbq 32(%rdx),%r12 96 | movq 88(%rsi),%rsi 97 | sbbq 40(%rdx),%r13 98 | movq %r8,0(%rdi) 99 | sbbq 48(%rdx),%r14 100 | movq 0(%rcx),%r8 101 | movq %r9,8(%rdi) 102 | sbbq 56(%rdx),%r15 103 | movq 8(%rcx),%r9 104 | movq %r10,16(%rdi) 105 | sbbq 64(%rdx),%rax 106 | movq 16(%rcx),%r10 107 | movq %r11,24(%rdi) 108 | sbbq 72(%rdx),%rbx 109 | movq 24(%rcx),%r11 110 | movq %r12,32(%rdi) 111 | sbbq 80(%rdx),%rbp 112 | movq 32(%rcx),%r12 113 | movq %r13,40(%rdi) 114 | sbbq 88(%rdx),%rsi 115 | movq 40(%rcx),%r13 116 | sbbq %rdx,%rdx 117 | 118 | andq %rdx,%r8 119 | andq %rdx,%r9 120 | andq %rdx,%r10 121 | andq %rdx,%r11 122 | andq %rdx,%r12 123 | andq %rdx,%r13 124 | 125 | addq %r8,%r14 126 | adcq %r9,%r15 127 | movq %r14,48(%rdi) 128 | adcq %r10,%rax 129 | movq %r15,56(%rdi) 130 | adcq %r11,%rbx 131 | movq %rax,64(%rdi) 132 | adcq %r12,%rbp 133 | movq %rbx,72(%rdi) 134 | adcq %r13,%rsi 135 | movq %rbp,80(%rdi) 136 | movq %rsi,88(%rdi) 137 | 138 | .byte 0xf3,0xc3 139 | .cfi_endproc 140 | .size __sub_mod_384x384,.-__sub_mod_384x384 141 | 142 | .globl add_mod_384x384 143 | .hidden add_mod_384x384 144 | .type add_mod_384x384,@function 145 | .align 32 146 | add_mod_384x384: 147 | .cfi_startproc 148 | .byte 0xf3,0x0f,0x1e,0xfa 149 | 150 | 151 | pushq %rbp 152 | .cfi_adjust_cfa_offset 8 153 | .cfi_offset %rbp,-16 154 | pushq %rbx 155 | .cfi_adjust_cfa_offset 8 156 | .cfi_offset %rbx,-24 157 | pushq %r12 158 | .cfi_adjust_cfa_offset 8 159 | .cfi_offset %r12,-32 160 | pushq %r13 161 | .cfi_adjust_cfa_offset 8 162 | .cfi_offset %r13,-40 163 | pushq %r14 164 | .cfi_adjust_cfa_offset 8 165 | .cfi_offset %r14,-48 166 | pushq %r15 167 | .cfi_adjust_cfa_offset 8 168 | .cfi_offset %r15,-56 169 | subq $8,%rsp 170 | .cfi_adjust_cfa_offset 8 171 | 172 | 173 | call __add_mod_384x384 174 | 175 | movq 8(%rsp),%r15 176 | .cfi_restore %r15 177 | movq 16(%rsp),%r14 178 | .cfi_restore %r14 179 | movq 24(%rsp),%r13 180 | .cfi_restore %r13 181 | movq 32(%rsp),%r12 182 | .cfi_restore %r12 183 | movq 40(%rsp),%rbx 184 | .cfi_restore %rbx 185 | movq 48(%rsp),%rbp 186 | .cfi_restore %rbp 187 | leaq 56(%rsp),%rsp 188 | .cfi_adjust_cfa_offset -56 189 | 190 | .byte 0xf3,0xc3 191 | .cfi_endproc 192 | .size add_mod_384x384,.-add_mod_384x384 193 | 194 | .globl sub_mod_384x384 195 | .hidden sub_mod_384x384 196 | .type sub_mod_384x384,@function 197 | .align 32 198 | sub_mod_384x384: 199 | .cfi_startproc 200 | .byte 0xf3,0x0f,0x1e,0xfa 201 | 202 | 203 | pushq %rbp 204 | .cfi_adjust_cfa_offset 8 205 | .cfi_offset %rbp,-16 206 | pushq %rbx 207 | .cfi_adjust_cfa_offset 8 208 | .cfi_offset %rbx,-24 209 | pushq %r12 210 | .cfi_adjust_cfa_offset 8 211 | .cfi_offset %r12,-32 212 | pushq %r13 213 | .cfi_adjust_cfa_offset 8 214 | .cfi_offset %r13,-40 215 | pushq %r14 216 | .cfi_adjust_cfa_offset 8 217 | .cfi_offset %r14,-48 218 | pushq %r15 219 | .cfi_adjust_cfa_offset 8 220 | .cfi_offset %r15,-56 221 | subq $8,%rsp 222 | .cfi_adjust_cfa_offset 8 223 | 224 | 225 | call __sub_mod_384x384 226 | 227 | movq 8(%rsp),%r15 228 | .cfi_restore %r15 229 | movq 16(%rsp),%r14 230 | .cfi_restore %r14 231 | movq 24(%rsp),%r13 232 | .cfi_restore %r13 233 | movq 32(%rsp),%r12 234 | .cfi_restore %r12 235 | movq 40(%rsp),%rbx 236 | .cfi_restore %rbx 237 | movq 48(%rsp),%rbp 238 | .cfi_restore %rbp 239 | leaq 56(%rsp),%rsp 240 | .cfi_adjust_cfa_offset -56 241 | 242 | .byte 0xf3,0xc3 243 | .cfi_endproc 244 | .size sub_mod_384x384,.-sub_mod_384x384 245 | 246 | .section .note.GNU-stack,"",@progbits 247 | .section .note.gnu.property,"a",@note 248 | .long 4,2f-1f,5 249 | .byte 0x47,0x4E,0x55,0 250 | 1: .long 0xc0000002,4,3 251 | .align 8 252 | 2: 253 | -------------------------------------------------------------------------------- /extern/blst/build/elf/inverse_mod_256-x86_64.s: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .align 32 4 | .Lone_256: 5 | .quad 1,0,0,0 6 | 7 | .globl eucl_inverse_mod_256 8 | .hidden eucl_inverse_mod_256 9 | .type eucl_inverse_mod_256,@function 10 | .align 32 11 | eucl_inverse_mod_256: 12 | .cfi_startproc 13 | .byte 0xf3,0x0f,0x1e,0xfa 14 | 15 | 16 | pushq %rbp 17 | .cfi_adjust_cfa_offset 8 18 | .cfi_offset %rbp,-16 19 | pushq %rbx 20 | .cfi_adjust_cfa_offset 8 21 | .cfi_offset %rbx,-24 22 | subq $152,%rsp 23 | .cfi_adjust_cfa_offset 152 24 | 25 | 26 | movq %rdi,0(%rsp) 27 | leaq .Lone_256(%rip),%rbp 28 | cmpq $0,%rcx 29 | cmoveq %rbp,%rcx 30 | 31 | movq 0(%rsi),%rax 32 | movq 8(%rsi),%r9 33 | movq 16(%rsi),%r10 34 | movq 24(%rsi),%r11 35 | 36 | movq %rax,%r8 37 | orq %r9,%rax 38 | orq %r10,%rax 39 | orq %r11,%rax 40 | jz .Labort_256 41 | 42 | leaq 16(%rsp),%rsi 43 | movq 0(%rcx),%rax 44 | movq 8(%rcx),%rbx 45 | movq 16(%rcx),%rbp 46 | movq 24(%rcx),%rdi 47 | 48 | movq %r8,0(%rsi) 49 | movq %r9,8(%rsi) 50 | movq %r10,16(%rsi) 51 | movq %r11,24(%rsi) 52 | 53 | leaq 80(%rsp),%rcx 54 | movq 0(%rdx),%r8 55 | movq 8(%rdx),%r9 56 | movq 16(%rdx),%r10 57 | movq 24(%rdx),%r11 58 | 59 | movq %rax,32(%rsi) 60 | movq %rbx,40(%rsi) 61 | movq %rbp,48(%rsi) 62 | movq %rdi,56(%rsi) 63 | 64 | movq %r8,0(%rcx) 65 | movq %r9,8(%rcx) 66 | movq %r10,16(%rcx) 67 | movq %r11,24(%rcx) 68 | 69 | xorl %eax,%eax 70 | movq %rax,32(%rcx) 71 | movq %rax,40(%rcx) 72 | movq %rax,48(%rcx) 73 | movq %rax,56(%rcx) 74 | jmp .Loop_inv_256 75 | 76 | .align 32 77 | .Loop_inv_256: 78 | leaq 80(%rsp),%rsi 79 | call __remove_powers_of_2_256 80 | 81 | leaq 16(%rsp),%rsi 82 | call __remove_powers_of_2_256 83 | 84 | leaq 80(%rsp),%rcx 85 | subq 80+0(%rsp),%r8 86 | sbbq 8(%rcx),%r9 87 | sbbq 16(%rcx),%r10 88 | sbbq 24(%rcx),%r11 89 | jae .Lu_greater_than_v_256 90 | 91 | 92 | xchgq %rcx,%rsi 93 | 94 | notq %r8 95 | notq %r9 96 | notq %r10 97 | notq %r11 98 | 99 | addq $1,%r8 100 | adcq $0,%r9 101 | adcq $0,%r10 102 | adcq $0,%r11 103 | 104 | .Lu_greater_than_v_256: 105 | movq 32(%rsi),%rax 106 | movq 40(%rsi),%rbx 107 | movq 48(%rsi),%rbp 108 | movq 56(%rsi),%rdi 109 | 110 | subq 32(%rcx),%rax 111 | sbbq 40(%rcx),%rbx 112 | sbbq 48(%rcx),%rbp 113 | sbbq 56(%rcx),%rdi 114 | 115 | movq %r8,0(%rsi) 116 | sbbq %r8,%r8 117 | movq %r9,8(%rsi) 118 | movq %r8,%r9 119 | movq %r10,16(%rsi) 120 | movq %r8,%r10 121 | movq %r11,24(%rsi) 122 | movq %r8,%r11 123 | 124 | andq 0(%rdx),%r8 125 | andq 8(%rdx),%r9 126 | andq 16(%rdx),%r10 127 | andq 24(%rdx),%r11 128 | 129 | addq %r8,%rax 130 | adcq %r9,%rbx 131 | adcq %r10,%rbp 132 | adcq %r11,%rdi 133 | 134 | movq %rax,32(%rsi) 135 | movq %rbx,40(%rsi) 136 | movq %rbp,48(%rsi) 137 | movq %rdi,56(%rsi) 138 | 139 | movq 16+0(%rsp),%r8 140 | movq 16+8(%rsp),%r9 141 | movq 16+16(%rsp),%r10 142 | movq 16+24(%rsp),%r11 143 | orq %r9,%r8 144 | orq %r10,%r8 145 | orq %r11,%r8 146 | jnz .Loop_inv_256 147 | 148 | leaq 80(%rsp),%rsi 149 | movq 0(%rsp),%rdi 150 | movl $1,%eax 151 | 152 | movq 32(%rsi),%r8 153 | movq 40(%rsi),%r9 154 | movq 48(%rsi),%r10 155 | movq 56(%rsi),%r11 156 | 157 | .Labort_256: 158 | movq %r8,0(%rdi) 159 | movq %r9,8(%rdi) 160 | movq %r10,16(%rdi) 161 | movq %r11,24(%rdi) 162 | 163 | leaq 152(%rsp),%r8 164 | movq 0(%r8),%rbx 165 | .cfi_restore %rbx 166 | movq 8(%r8),%rbp 167 | .cfi_restore %rbp 168 | leaq 16(%r8),%rsp 169 | .cfi_adjust_cfa_offset -152-8*2 170 | 171 | .byte 0xf3,0xc3 172 | .cfi_endproc 173 | .size eucl_inverse_mod_256,.-eucl_inverse_mod_256 174 | 175 | .type __remove_powers_of_2_256,@function 176 | .align 32 177 | __remove_powers_of_2_256: 178 | .cfi_startproc 179 | .byte 0xf3,0x0f,0x1e,0xfa 180 | 181 | movq 0(%rsi),%r8 182 | movq 8(%rsi),%r9 183 | movq 16(%rsi),%r10 184 | movq 24(%rsi),%r11 185 | 186 | .Loop_of_2_256: 187 | bsfq %r8,%rcx 188 | movl $63,%eax 189 | cmovzl %eax,%ecx 190 | 191 | cmpl $0,%ecx 192 | je .Loop_of_2_done_256 193 | 194 | shrq %cl,%r8 195 | movq %r9,%rax 196 | shrq %cl,%r9 197 | movq %r10,%rbx 198 | shrq %cl,%r10 199 | movq %r11,%rbp 200 | shrq %cl,%r11 201 | negb %cl 202 | shlq %cl,%rax 203 | shlq %cl,%rbx 204 | orq %rax,%r8 205 | movq 32(%rsi),%rax 206 | shlq %cl,%rbp 207 | orq %rbx,%r9 208 | movq 40(%rsi),%rbx 209 | orq %rbp,%r10 210 | movq 48(%rsi),%rbp 211 | negb %cl 212 | movq 56(%rsi),%rdi 213 | 214 | movq %r8,0(%rsi) 215 | movq %r9,8(%rsi) 216 | movq %r10,16(%rsi) 217 | movq %r11,24(%rsi) 218 | jmp .Loop_div_by_2_256 219 | 220 | .align 32 221 | .Loop_div_by_2_256: 222 | movq $1,%r11 223 | movq 0(%rdx),%r8 224 | andq %rax,%r11 225 | movq 8(%rdx),%r9 226 | negq %r11 227 | movq 16(%rdx),%r10 228 | andq %r11,%r8 229 | andq %r11,%r9 230 | andq %r11,%r10 231 | andq 24(%rdx),%r11 232 | 233 | addq %r8,%rax 234 | adcq %r9,%rbx 235 | adcq %r10,%rbp 236 | adcq %r11,%rdi 237 | sbbq %r11,%r11 238 | 239 | shrq $1,%rax 240 | movq %rbx,%r8 241 | shrq $1,%rbx 242 | movq %rbp,%r9 243 | shrq $1,%rbp 244 | movq %rdi,%r10 245 | shrq $1,%rdi 246 | shlq $63,%r8 247 | shlq $63,%r9 248 | orq %r8,%rax 249 | shlq $63,%r10 250 | orq %r9,%rbx 251 | shlq $63,%r11 252 | orq %r10,%rbp 253 | orq %r11,%rdi 254 | 255 | decl %ecx 256 | jnz .Loop_div_by_2_256 257 | 258 | movq 0(%rsi),%r8 259 | movq 8(%rsi),%r9 260 | movq 16(%rsi),%r10 261 | movq 24(%rsi),%r11 262 | 263 | movq %rax,32(%rsi) 264 | movq %rbx,40(%rsi) 265 | movq %rbp,48(%rsi) 266 | movq %rdi,56(%rsi) 267 | 268 | testq $1,%r8 269 | .byte 0x2e 270 | jz .Loop_of_2_256 271 | 272 | .Loop_of_2_done_256: 273 | .byte 0xf3,0xc3 274 | .cfi_endproc 275 | .size __remove_powers_of_2_256,.-__remove_powers_of_2_256 276 | 277 | .section .note.GNU-stack,"",@progbits 278 | .section .note.gnu.property,"a",@note 279 | .long 4,2f-1f,5 280 | .byte 0x47,0x4E,0x55,0 281 | 1: .long 0xc0000002,4,3 282 | .align 8 283 | 2: 284 | -------------------------------------------------------------------------------- /extern/blst/src/keygen.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "consts.h" 8 | #include "sha256.h" 9 | 10 | typedef struct { 11 | SHA256_CTX ctx; 12 | unsigned int h_ipad[8]; 13 | unsigned int h_opad[8]; 14 | union { limb_t l[64/sizeof(limb_t)]; unsigned char c[64]; } tail; 15 | } HMAC_SHA256_CTX; 16 | 17 | static void HMAC_init(HMAC_SHA256_CTX *ctx, const void *K, size_t K_len) 18 | { 19 | size_t i; 20 | 21 | if (K == NULL) { /* reuse h_ipad and h_opad */ 22 | sha256_hcopy(ctx->ctx.h, ctx->h_ipad); 23 | ctx->ctx.N = 64; 24 | vec_zero(ctx->ctx.buf, sizeof(ctx->ctx.buf)); 25 | ctx->ctx.off = 0; 26 | 27 | return; 28 | } 29 | 30 | vec_zero(ctx->tail.c, sizeof(ctx->tail)); 31 | if (K_len > 64) { 32 | sha256_init(&ctx->ctx); 33 | sha256_update(&ctx->ctx, K, K_len); 34 | sha256_final(ctx->tail.c, &ctx->ctx); 35 | } else { 36 | sha256_bcopy(ctx->tail.c, K, K_len); 37 | } 38 | 39 | for (i = 0; i < 64/sizeof(limb_t); i++) 40 | ctx->tail.l[i] ^= (limb_t)0x3636363636363636; 41 | 42 | sha256_init(&ctx->ctx); 43 | sha256_update(&ctx->ctx, ctx->tail.c, 64); 44 | sha256_hcopy(ctx->h_ipad, ctx->ctx.h); 45 | 46 | for (i = 0; i < 64/sizeof(limb_t); i++) 47 | ctx->tail.l[i] ^= (limb_t)(0x3636363636363636 ^ 0x5c5c5c5c5c5c5c5c); 48 | 49 | sha256_init_h(ctx->h_opad); 50 | sha256_block_data_order(ctx->h_opad, ctx->tail.c, 1); 51 | 52 | vec_zero(ctx->tail.c, sizeof(ctx->tail)); 53 | ctx->tail.c[32] = 0x80; 54 | ctx->tail.c[62] = 3; /* (64+32)*8 in big endian */ 55 | ctx->tail.c[63] = 0; 56 | } 57 | 58 | static void HMAC_update(HMAC_SHA256_CTX *ctx, const unsigned char *inp, 59 | size_t len) 60 | { sha256_update(&ctx->ctx, inp, len); } 61 | 62 | static void HMAC_final(unsigned char md[32], HMAC_SHA256_CTX *ctx) 63 | { 64 | sha256_final(ctx->tail.c, &ctx->ctx); 65 | sha256_hcopy(ctx->ctx.h, ctx->h_opad); 66 | sha256_block_data_order(ctx->ctx.h, ctx->tail.c, 1); 67 | sha256_emit(md, ctx->ctx.h); 68 | } 69 | 70 | static void HKDF_Extract(unsigned char PRK[32], 71 | const void *salt, size_t salt_len, 72 | const void *IKM, size_t IKM_len, 73 | HMAC_SHA256_CTX *ctx) 74 | { 75 | unsigned char zero[1] = { 0 }; 76 | 77 | HMAC_init(ctx, salt != NULL ? salt : zero, salt_len); 78 | HMAC_update(ctx, IKM, IKM_len); 79 | #ifndef __BLST_HKDF_TESTMODE__ 80 | /* Section 2.3 KeyGen in BLS-signature draft */ 81 | HMAC_update(ctx, zero, 1); 82 | #endif 83 | HMAC_final(PRK, ctx); 84 | } 85 | 86 | static void HKDF_Expand(unsigned char *OKM, size_t L, 87 | const unsigned char PRK[32], 88 | const void *info, size_t info_len, 89 | HMAC_SHA256_CTX *ctx) 90 | { 91 | #if !defined(__STDC_VERSION__) || __STDC_VERSION__<199901 92 | unsigned char *info_prime = alloca(info_len + 2 + 1); 93 | #else 94 | unsigned char info_prime[info_len + 2 + 1]; 95 | #endif 96 | 97 | HMAC_init(ctx, PRK, 32); 98 | 99 | if (info_len != 0) 100 | sha256_bcopy(info_prime, info, info_len); 101 | #ifndef __BLST_HKDF_TESTMODE__ 102 | /* Section 2.3 KeyGen in BLS-signature draft */ 103 | info_prime[info_len + 0] = (unsigned char)(L >> 8); 104 | info_prime[info_len + 1] = (unsigned char)(L); 105 | info_len += 2; 106 | #endif 107 | info_prime[info_len] = 1; /* counter */ 108 | HMAC_update(ctx, info_prime, info_len + 1); 109 | HMAC_final(ctx->tail.c, ctx); 110 | while (L > 32) { 111 | sha256_hcopy((unsigned int *)OKM, (const unsigned int *)ctx->tail.c); 112 | OKM += 32; L -= 32; 113 | ++info_prime[info_len]; /* counter */ 114 | HMAC_init(ctx, NULL, 0); 115 | HMAC_update(ctx, ctx->tail.c, 32); 116 | HMAC_update(ctx, info_prime, info_len + 1); 117 | HMAC_final(ctx->tail.c, ctx); 118 | } 119 | sha256_bcopy(OKM, ctx->tail.c, L); 120 | } 121 | 122 | #ifndef __BLST_HKDF_TESTMODE__ 123 | void blst_keygen(pow256 SK, const void *IKM, size_t IKM_len, 124 | const void *info, size_t info_len) 125 | { 126 | struct { 127 | HMAC_SHA256_CTX ctx; 128 | unsigned char PRK[32], OKM[48]; 129 | vec512 key; 130 | } scratch; 131 | unsigned char salt[32] = "BLS-SIG-KEYGEN-SALT-"; 132 | size_t salt_len = 20; 133 | 134 | /* 135 | * Vet |info| since some callers were caught to be sloppy, e.g. 136 | * SWIG-4.0-generated Python wrapper... 137 | */ 138 | info_len = info==NULL ? 0 : info_len; 139 | 140 | do { 141 | /* salt = H(salt) */ 142 | sha256_init(&scratch.ctx.ctx); 143 | sha256_update(&scratch.ctx.ctx, salt, salt_len); 144 | sha256_final(salt, &scratch.ctx.ctx); 145 | salt_len = sizeof(salt); 146 | 147 | /* PRK = HKDF-Extract(salt, IKM || I2OSP(0, 1)) */ 148 | HKDF_Extract(scratch.PRK, salt, salt_len, 149 | IKM, IKM_len, &scratch.ctx); 150 | 151 | /* OKM = HKDF-Expand(PRK, key_info || I2OSP(L, 2), L) */ 152 | HKDF_Expand(scratch.OKM, sizeof(scratch.OKM), scratch.PRK, 153 | info, info_len, &scratch.ctx); 154 | 155 | /* SK = OS2IP(OKM) mod r */ 156 | vec_zero(scratch.key, sizeof(scratch.key)); 157 | limbs_from_be_bytes(scratch.key, scratch.OKM, sizeof(scratch.OKM)); 158 | redc_mont_256(scratch.key, scratch.key, BLS12_381_r, r0); 159 | mul_mont_sparse_256(scratch.key, scratch.key, BLS12_381_rRR, 160 | BLS12_381_r, r0); 161 | } while (vec_is_zero(scratch.key, sizeof(vec256))); 162 | 163 | le_bytes_from_limbs(SK, scratch.key, sizeof(pow256)); 164 | 165 | /* 166 | * scrub the stack just in case next callee inadvertently flashes 167 | * a fragment across application boundary... 168 | */ 169 | vec_zero(&scratch, sizeof(scratch)); 170 | } 171 | #endif 172 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/blst.tgo: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright Supranational LLC 3 | * Licensed under the Apache License, Version 2.0, see LICENSE for details. 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | package blst 8 | 9 | // #cgo CFLAGS: -I${SRCDIR}/.. -I${SRCDIR}/../../build -I${SRCDIR}/../../src -D__BLST_CGO__ 10 | // #cgo amd64 CFLAGS: -D__ADX__ -mno-avx 11 | // #include "blst.h" 12 | import "C" 13 | import "runtime" 14 | 15 | const BLST_SCALAR_BYTES = 256 / 8 16 | const BLST_FP_BYTES = 384 / 8 17 | const BLST_P1_COMPRESS_BYTES = BLST_FP_BYTES 18 | const BLST_P1_SERIALIZE_BYTES = BLST_FP_BYTES * 2 19 | const BLST_P2_COMPRESS_BYTES = BLST_FP_BYTES * 2 20 | const BLST_P2_SERIALIZE_BYTES = BLST_FP_BYTES * 4 21 | 22 | type Scalar = C.blst_scalar 23 | type Fp = C.blst_fp 24 | type Fp2 = C.blst_fp2 25 | type Fp6 = C.blst_fp6 26 | type Fp12 = C.blst_fp12 27 | type P1 = C.blst_p1 28 | type P2 = C.blst_p2 29 | type P1Affine = C.blst_p1_affine 30 | type P2Affine = C.blst_p2_affine 31 | type Message = []byte 32 | type Pairing = []uint64 33 | type SecretKey = Scalar 34 | 35 | // 36 | // Configuration 37 | // 38 | 39 | var maxProcs = initMaxProcs() 40 | 41 | func initMaxProcs() int { 42 | maxProcs := runtime.GOMAXPROCS(0) - 1 43 | if maxProcs <= 0 { 44 | maxProcs = 1 45 | } 46 | return maxProcs 47 | } 48 | 49 | func SetMaxProcs(max int) { 50 | if max <= 0 { 51 | max = 1 52 | } 53 | maxProcs = max 54 | } 55 | 56 | // 57 | // Secret key 58 | // 59 | func KeyGen(ikm []byte, optional ...[]byte) *SecretKey { 60 | var sk SecretKey 61 | var info []byte 62 | var infoP *C.byte 63 | if len(optional) > 0 { 64 | info = optional[0] 65 | infoP = (*C.byte)(&info[0]) 66 | } 67 | if len(ikm) < 32 { 68 | return nil 69 | } 70 | C.blst_keygen(&sk, (*C.byte)(&ikm[0]), C.size_t(len(ikm)), 71 | infoP, C.size_t(len(info))) 72 | return &sk 73 | } 74 | 75 | // 76 | // Pairing 77 | // 78 | func PairingCtx(hash_or_encode bool, DST []byte) Pairing { 79 | ctx := make([]uint64, C.blst_pairing_sizeof()/8) 80 | var uDST *C.byte 81 | if DST != nil { 82 | uDST = (*C.byte)(&DST[0]) 83 | } 84 | C.blst_pairing_init((*C.blst_pairing)(&ctx[0]), C.bool(hash_or_encode), 85 | uDST, C.size_t(len(DST))) 86 | return ctx 87 | } 88 | 89 | func PairingAggregatePkInG1(ctx Pairing, PK *P1Affine, sig *P2Affine, 90 | msg []byte, 91 | optional ...[]byte) int { // aug 92 | var aug []byte 93 | var uaug *C.byte 94 | if len(optional) > 0 { 95 | aug = optional[0] 96 | if aug != nil { 97 | uaug = (*C.byte)(&aug[0]) 98 | } 99 | } 100 | var umsg *C.byte 101 | if msg != nil { 102 | umsg = (*C.byte)(&msg[0]) 103 | } 104 | 105 | r := C.blst_pairing_aggregate_pk_in_g1((*C.blst_pairing)(&ctx[0]), PK, sig, 106 | umsg, C.size_t(len(msg)), 107 | uaug, C.size_t(len(aug))) 108 | 109 | return int(r) 110 | } 111 | 112 | func PairingAggregatePkInG2(ctx Pairing, PK *P2Affine, sig *P1Affine, 113 | msg []byte, 114 | optional ...[]byte) int { // aug 115 | var aug []byte 116 | var uaug *C.byte 117 | if len(optional) > 0 { 118 | aug = optional[0] 119 | if aug != nil { 120 | uaug = (*C.byte)(&aug[0]) 121 | } 122 | } 123 | var umsg *C.byte 124 | if msg != nil { 125 | umsg = (*C.byte)(&msg[0]) 126 | } 127 | 128 | r := C.blst_pairing_aggregate_pk_in_g2((*C.blst_pairing)(&ctx[0]), PK, sig, 129 | umsg, C.size_t(len(msg)), 130 | uaug, C.size_t(len(aug))) 131 | 132 | return int(r) 133 | } 134 | 135 | func PairingMulNAggregatePkInG1(ctx Pairing, PK *P1Affine, sig *P2Affine, 136 | rand *Scalar, randBits int, msg []byte, 137 | optional ...[]byte) int { // aug 138 | var aug []byte 139 | var uaug *C.byte 140 | if len(optional) > 0 { 141 | aug = optional[0] 142 | if aug != nil { 143 | uaug = (*C.byte)(&aug[0]) 144 | } 145 | } 146 | var umsg *C.byte 147 | if msg != nil { 148 | umsg = (*C.byte)(&msg[0]) 149 | } 150 | 151 | r := C.blst_pairing_mul_n_aggregate_pk_in_g1((*C.blst_pairing)(&ctx[0]), 152 | PK, sig, 153 | &rand.b[0], C.size_t(randBits), 154 | umsg, C.size_t(len(msg)), 155 | uaug, C.size_t(len(aug))) 156 | 157 | return int(r) 158 | } 159 | 160 | func PairingMulNAggregatePkInG2(ctx Pairing, PK *P2Affine, sig *P1Affine, 161 | rand *Scalar, randBits int, msg []byte, 162 | optional ...[]byte) int { // aug 163 | var aug []byte 164 | var uaug *C.byte 165 | if len(optional) > 0 { 166 | aug = optional[0] 167 | if aug != nil { 168 | uaug = (*C.byte)(&aug[0]) 169 | } 170 | } 171 | var umsg *C.byte 172 | if msg != nil { 173 | umsg = (*C.byte)(&msg[0]) 174 | } 175 | 176 | r := C.blst_pairing_mul_n_aggregate_pk_in_g2((*C.blst_pairing)(&ctx[0]), 177 | PK, sig, 178 | &rand.b[0], C.size_t(randBits), 179 | umsg, C.size_t(len(msg)), 180 | uaug, C.size_t(len(aug))) 181 | 182 | return int(r) 183 | } 184 | 185 | func PairingCommit(ctx Pairing) { 186 | C.blst_pairing_commit((*C.blst_pairing)(&ctx[0])) 187 | } 188 | 189 | func PairingMerge(ctx Pairing, ctx1 Pairing) int { 190 | r := C.blst_pairing_merge((*C.blst_pairing)(&ctx[0]), 191 | (*C.blst_pairing)(&ctx1[0])) 192 | return int(r) 193 | } 194 | 195 | func PairingFinalVerify(ctx Pairing, optional ...*Fp12) bool { 196 | var gtsig *Fp12 = nil 197 | if len(optional) > 0 { 198 | gtsig = optional[0] 199 | } 200 | return bool(C.blst_pairing_finalverify((*C.blst_pairing)(&ctx[0]), gtsig)) 201 | } 202 | 203 | func Fp12One() Fp12 { 204 | return *C.blst_fp12_one() 205 | } 206 | -------------------------------------------------------------------------------- /extern/blst/src/asm/add_mod_256-armv8.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | # 3 | # Copyright Supranational LLC 4 | # Licensed under the Apache License, Version 2.0, see LICENSE for details. 5 | # SPDX-License-Identifier: Apache-2.0 6 | 7 | $flavour = shift; 8 | $output = shift; 9 | 10 | if ($flavour && $flavour ne "void") { 11 | $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; 12 | ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or 13 | ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or 14 | die "can't locate arm-xlate.pl"; 15 | 16 | open STDOUT,"| \"$^X\" $xlate $flavour $output"; 17 | } else { 18 | open STDOUT,">$output"; 19 | } 20 | 21 | ($r_ptr,$a_ptr,$b_ptr,$n_ptr) = map("x$_", 0..3); 22 | 23 | @mod=map("x$_",(4..7)); 24 | @a=map("x$_",(8..11)); 25 | @b=map("x$_",(12..15)); 26 | @t=map("x$_",(16,17,1..3)); 27 | 28 | $code.=<<___; 29 | .text 30 | 31 | .globl add_mod_256 32 | .hidden add_mod_256 33 | .type add_mod_256,%function 34 | .align 5 35 | add_mod_256: 36 | ldp @a[0],@a[1],[$a_ptr] 37 | ldp @b[0],@b[1],[$b_ptr] 38 | 39 | ldp @a[2],@a[3],[$a_ptr,#16] 40 | adds @a[0],@a[0],@b[0] 41 | ldp @b[2],@b[3],[$b_ptr,#16] 42 | adcs @a[1],@a[1],@b[1] 43 | ldp @mod[0],@mod[1],[$n_ptr] 44 | adcs @a[2],@a[2],@b[2] 45 | ldp @mod[2],@mod[3],[$n_ptr,#16] 46 | adcs @a[3],@a[3],@b[3] 47 | adc @t[4],xzr,xzr 48 | 49 | subs @t[0],@a[0],@mod[0] 50 | sbcs @t[1],@a[1],@mod[1] 51 | sbcs @t[2],@a[2],@mod[2] 52 | sbcs @t[3],@a[3],@mod[3] 53 | sbcs xzr,@t[4],xzr 54 | 55 | csel @a[0],@a[0],@t[0],lo 56 | csel @a[1],@a[1],@t[1],lo 57 | csel @a[2],@a[2],@t[2],lo 58 | stp @a[0],@a[1],[$r_ptr] 59 | csel @a[3],@a[3],@t[3],lo 60 | stp @a[2],@a[3],[$r_ptr,#16] 61 | 62 | ret 63 | .size add_mod_256,.-add_mod_256 64 | 65 | .globl mul_by_3_mod_256 66 | .hidden mul_by_3_mod_256 67 | .type mul_by_3_mod_256,%function 68 | .align 5 69 | mul_by_3_mod_256: 70 | ldp @b[0],@b[1],[$a_ptr] 71 | ldp @b[2],@b[3],[$a_ptr,#16] 72 | 73 | adds @a[0],@b[0],@b[0] 74 | ldp @mod[0],@mod[1],[$b_ptr] 75 | adcs @a[1],@b[1],@b[1] 76 | ldp @mod[2],@mod[3],[$b_ptr,#16] 77 | adcs @a[2],@b[2],@b[2] 78 | adcs @a[3],@b[3],@b[3] 79 | adc @t[4],xzr,xzr 80 | 81 | subs @t[0],@a[0],@mod[0] 82 | sbcs @t[1],@a[1],@mod[1] 83 | sbcs @t[2],@a[2],@mod[2] 84 | sbcs @t[3],@a[3],@mod[3] 85 | sbcs xzr,@t[4],xzr 86 | 87 | csel @a[0],@a[0],@t[0],lo 88 | csel @a[1],@a[1],@t[1],lo 89 | csel @a[2],@a[2],@t[2],lo 90 | csel @a[3],@a[3],@t[3],lo 91 | 92 | adds @a[0],@a[0],@b[0] 93 | adcs @a[1],@a[1],@b[1] 94 | adcs @a[2],@a[2],@b[2] 95 | adcs @a[3],@a[3],@b[3] 96 | adc @t[4],xzr,xzr 97 | 98 | subs @t[0],@a[0],@mod[0] 99 | sbcs @t[1],@a[1],@mod[1] 100 | sbcs @t[2],@a[2],@mod[2] 101 | sbcs @t[3],@a[3],@mod[3] 102 | sbcs xzr,@t[4],xzr 103 | 104 | csel @a[0],@a[0],@t[0],lo 105 | csel @a[1],@a[1],@t[1],lo 106 | csel @a[2],@a[2],@t[2],lo 107 | stp @a[0],@a[1],[$r_ptr] 108 | csel @a[3],@a[3],@t[3],lo 109 | stp @a[2],@a[3],[$r_ptr,#16] 110 | 111 | ret 112 | .size mul_by_3_mod_256,.-mul_by_3_mod_256 113 | 114 | .globl lshift_mod_256 115 | .hidden lshift_mod_256 116 | .type lshift_mod_256,%function 117 | .align 5 118 | lshift_mod_256: 119 | ldp @a[0],@a[1],[$a_ptr] 120 | ldp @a[2],@a[3],[$a_ptr,#16] 121 | 122 | ldp @mod[0],@mod[1],[$n_ptr] 123 | ldp @mod[2],@mod[3],[$n_ptr,#16] 124 | 125 | .Loop_lshift_mod_256: 126 | adds @a[0],@a[0],@a[0] 127 | sub $b_ptr,$b_ptr,#1 128 | adcs @a[1],@a[1],@a[1] 129 | adcs @a[2],@a[2],@a[2] 130 | adcs @a[3],@a[3],@a[3] 131 | adc @t[4],xzr,xzr 132 | 133 | subs @b[0],@a[0],@mod[0] 134 | sbcs @b[1],@a[1],@mod[1] 135 | sbcs @b[2],@a[2],@mod[2] 136 | sbcs @b[3],@a[3],@mod[3] 137 | sbcs xzr,@t[4],xzr 138 | 139 | csel @a[0],@a[0],@b[0],lo 140 | csel @a[1],@a[1],@b[1],lo 141 | csel @a[2],@a[2],@b[2],lo 142 | csel @a[3],@a[3],@b[3],lo 143 | 144 | cbnz $b_ptr,.Loop_lshift_mod_256 145 | 146 | stp @a[0],@a[1],[$r_ptr] 147 | stp @a[2],@a[3],[$r_ptr,#16] 148 | 149 | ret 150 | .size lshift_mod_256,.-lshift_mod_256 151 | 152 | .globl rshift_mod_256 153 | .hidden rshift_mod_256 154 | .type rshift_mod_256,%function 155 | .align 5 156 | rshift_mod_256: 157 | ldp @a[0],@a[1],[$a_ptr] 158 | ldp @a[2],@a[3],[$a_ptr,#16] 159 | 160 | ldp @mod[0],@mod[1],[$n_ptr] 161 | ldp @mod[2],@mod[3],[$n_ptr,#16] 162 | 163 | .Loop_rshift: 164 | adds @b[0],@a[0],@mod[0] 165 | sub $b_ptr,$b_ptr,#1 166 | adcs @b[1],@a[1],@mod[1] 167 | adcs @b[2],@a[2],@mod[2] 168 | adcs @b[3],@a[3],@mod[3] 169 | adc @t[4],xzr,xzr 170 | tst @a[0],#1 171 | 172 | csel @b[0],@b[0],@a[0],ne 173 | csel @b[1],@b[1],@a[1],ne 174 | csel @b[2],@b[2],@a[2],ne 175 | csel @b[3],@b[3],@a[3],ne 176 | csel @t[4],@t[4],xzr,ne 177 | 178 | extr @a[0],@b[1],@b[0],#1 179 | extr @a[1],@b[2],@b[1],#1 180 | extr @a[2],@b[3],@b[2],#1 181 | extr @a[3],@t[4],@b[3],#1 182 | 183 | cbnz $b_ptr,.Loop_rshift 184 | 185 | stp @a[0],@a[1],[$r_ptr] 186 | stp @a[2],@a[3],[$r_ptr,#16] 187 | 188 | ret 189 | .size rshift_mod_256,.-rshift_mod_256 190 | 191 | .globl cneg_mod_256 192 | .hidden cneg_mod_256 193 | .type cneg_mod_256,%function 194 | .align 5 195 | cneg_mod_256: 196 | ldp @a[0],@a[1],[$a_ptr] 197 | ldp @mod[0],@mod[1],[$n_ptr] 198 | 199 | ldp @a[2],@a[3],[$a_ptr,#16] 200 | subs @b[0],@mod[0],@a[0] 201 | ldp @mod[2],@mod[3],[$n_ptr,#16] 202 | orr @mod[0],@a[0],@a[1] 203 | sbcs @b[1],@mod[1],@a[1] 204 | orr @mod[1],@a[2],@a[3] 205 | sbcs @b[2],@mod[2],@a[2] 206 | orr @t[4],@mod[0],@mod[1] 207 | sbc @b[3],@mod[3],@a[3] 208 | 209 | cmp @t[4],#0 210 | csetm @t[4],ne 211 | ands $b_ptr,$b_ptr,@t[4] 212 | 213 | csel @a[0],@a[0],@b[0],eq 214 | csel @a[1],@a[1],@b[1],eq 215 | csel @a[2],@a[2],@b[2],eq 216 | stp @a[0],@a[1],[$r_ptr] 217 | csel @a[3],@a[3],@b[3],eq 218 | stp @a[2],@a[3],[$r_ptr,#16] 219 | 220 | ret 221 | .size cneg_mod_256,.-cneg_mod_256 222 | 223 | .globl sub_mod_256 224 | .hidden sub_mod_256 225 | .type sub_mod_256,%function 226 | .align 5 227 | sub_mod_256: 228 | ldp @a[0],@a[1],[$a_ptr] 229 | ldp @b[0],@b[1],[$b_ptr] 230 | 231 | ldp @a[2],@a[3],[$a_ptr,#16] 232 | subs @a[0],@a[0],@b[0] 233 | ldp @b[2],@b[3],[$b_ptr,#16] 234 | sbcs @a[1],@a[1],@b[1] 235 | ldp @mod[0],@mod[1],[$n_ptr] 236 | sbcs @a[2],@a[2],@b[2] 237 | ldp @mod[2],@mod[3],[$n_ptr,#16] 238 | sbcs @a[3],@a[3],@b[3] 239 | sbc @t[4],xzr,xzr 240 | 241 | and @mod[0],@mod[0],@t[4] 242 | and @mod[1],@mod[1],@t[4] 243 | adds @a[0],@a[0],@mod[0] 244 | and @mod[2],@mod[2],@t[4] 245 | adcs @a[1],@a[1],@mod[1] 246 | and @mod[3],@mod[3],@t[4] 247 | adcs @a[2],@a[2],@mod[2] 248 | stp @a[0],@a[1],[$r_ptr] 249 | adc @a[3],@a[3],@mod[3] 250 | stp @a[2],@a[3],[$r_ptr,#16] 251 | 252 | ret 253 | .size sub_mod_256,.-sub_mod_256 254 | ___ 255 | 256 | print $code; 257 | 258 | close STDOUT; 259 | -------------------------------------------------------------------------------- /extern/blst/build/coff/inverse_mod_256-x86_64.s: -------------------------------------------------------------------------------- 1 | .text 2 | 3 | .p2align 5 4 | .Lone_256: 5 | .quad 1,0,0,0 6 | 7 | .globl eucl_inverse_mod_256 8 | 9 | .def eucl_inverse_mod_256; .scl 2; .type 32; .endef 10 | .p2align 5 11 | eucl_inverse_mod_256: 12 | .byte 0xf3,0x0f,0x1e,0xfa 13 | movq %rdi,8(%rsp) 14 | movq %rsi,16(%rsp) 15 | movq %rsp,%r11 16 | .LSEH_begin_eucl_inverse_mod_256: 17 | movq %rcx,%rdi 18 | movq %rdx,%rsi 19 | movq %r8,%rdx 20 | movq %r9,%rcx 21 | 22 | 23 | pushq %rbp 24 | 25 | pushq %rbx 26 | 27 | subq $152,%rsp 28 | 29 | .LSEH_body_eucl_inverse_mod_256: 30 | 31 | 32 | movq %rdi,0(%rsp) 33 | leaq .Lone_256(%rip),%rbp 34 | cmpq $0,%rcx 35 | cmoveq %rbp,%rcx 36 | 37 | movq 0(%rsi),%rax 38 | movq 8(%rsi),%r9 39 | movq 16(%rsi),%r10 40 | movq 24(%rsi),%r11 41 | 42 | movq %rax,%r8 43 | orq %r9,%rax 44 | orq %r10,%rax 45 | orq %r11,%rax 46 | jz .Labort_256 47 | 48 | leaq 16(%rsp),%rsi 49 | movq 0(%rcx),%rax 50 | movq 8(%rcx),%rbx 51 | movq 16(%rcx),%rbp 52 | movq 24(%rcx),%rdi 53 | 54 | movq %r8,0(%rsi) 55 | movq %r9,8(%rsi) 56 | movq %r10,16(%rsi) 57 | movq %r11,24(%rsi) 58 | 59 | leaq 80(%rsp),%rcx 60 | movq 0(%rdx),%r8 61 | movq 8(%rdx),%r9 62 | movq 16(%rdx),%r10 63 | movq 24(%rdx),%r11 64 | 65 | movq %rax,32(%rsi) 66 | movq %rbx,40(%rsi) 67 | movq %rbp,48(%rsi) 68 | movq %rdi,56(%rsi) 69 | 70 | movq %r8,0(%rcx) 71 | movq %r9,8(%rcx) 72 | movq %r10,16(%rcx) 73 | movq %r11,24(%rcx) 74 | 75 | xorl %eax,%eax 76 | movq %rax,32(%rcx) 77 | movq %rax,40(%rcx) 78 | movq %rax,48(%rcx) 79 | movq %rax,56(%rcx) 80 | jmp .Loop_inv_256 81 | 82 | .p2align 5 83 | .Loop_inv_256: 84 | leaq 80(%rsp),%rsi 85 | call __remove_powers_of_2_256 86 | 87 | leaq 16(%rsp),%rsi 88 | call __remove_powers_of_2_256 89 | 90 | leaq 80(%rsp),%rcx 91 | subq 80+0(%rsp),%r8 92 | sbbq 8(%rcx),%r9 93 | sbbq 16(%rcx),%r10 94 | sbbq 24(%rcx),%r11 95 | jae .Lu_greater_than_v_256 96 | 97 | 98 | xchgq %rcx,%rsi 99 | 100 | notq %r8 101 | notq %r9 102 | notq %r10 103 | notq %r11 104 | 105 | addq $1,%r8 106 | adcq $0,%r9 107 | adcq $0,%r10 108 | adcq $0,%r11 109 | 110 | .Lu_greater_than_v_256: 111 | movq 32(%rsi),%rax 112 | movq 40(%rsi),%rbx 113 | movq 48(%rsi),%rbp 114 | movq 56(%rsi),%rdi 115 | 116 | subq 32(%rcx),%rax 117 | sbbq 40(%rcx),%rbx 118 | sbbq 48(%rcx),%rbp 119 | sbbq 56(%rcx),%rdi 120 | 121 | movq %r8,0(%rsi) 122 | sbbq %r8,%r8 123 | movq %r9,8(%rsi) 124 | movq %r8,%r9 125 | movq %r10,16(%rsi) 126 | movq %r8,%r10 127 | movq %r11,24(%rsi) 128 | movq %r8,%r11 129 | 130 | andq 0(%rdx),%r8 131 | andq 8(%rdx),%r9 132 | andq 16(%rdx),%r10 133 | andq 24(%rdx),%r11 134 | 135 | addq %r8,%rax 136 | adcq %r9,%rbx 137 | adcq %r10,%rbp 138 | adcq %r11,%rdi 139 | 140 | movq %rax,32(%rsi) 141 | movq %rbx,40(%rsi) 142 | movq %rbp,48(%rsi) 143 | movq %rdi,56(%rsi) 144 | 145 | movq 16+0(%rsp),%r8 146 | movq 16+8(%rsp),%r9 147 | movq 16+16(%rsp),%r10 148 | movq 16+24(%rsp),%r11 149 | orq %r9,%r8 150 | orq %r10,%r8 151 | orq %r11,%r8 152 | jnz .Loop_inv_256 153 | 154 | leaq 80(%rsp),%rsi 155 | movq 0(%rsp),%rdi 156 | movl $1,%eax 157 | 158 | movq 32(%rsi),%r8 159 | movq 40(%rsi),%r9 160 | movq 48(%rsi),%r10 161 | movq 56(%rsi),%r11 162 | 163 | .Labort_256: 164 | movq %r8,0(%rdi) 165 | movq %r9,8(%rdi) 166 | movq %r10,16(%rdi) 167 | movq %r11,24(%rdi) 168 | 169 | leaq 152(%rsp),%r8 170 | movq 0(%r8),%rbx 171 | 172 | movq 8(%r8),%rbp 173 | 174 | leaq 16(%r8),%rsp 175 | 176 | .LSEH_epilogue_eucl_inverse_mod_256: 177 | mov 8(%rsp),%rdi 178 | mov 16(%rsp),%rsi 179 | 180 | .byte 0xf3,0xc3 181 | 182 | .LSEH_end_eucl_inverse_mod_256: 183 | 184 | .def __remove_powers_of_2_256; .scl 3; .type 32; .endef 185 | .p2align 5 186 | __remove_powers_of_2_256: 187 | .byte 0xf3,0x0f,0x1e,0xfa 188 | 189 | movq 0(%rsi),%r8 190 | movq 8(%rsi),%r9 191 | movq 16(%rsi),%r10 192 | movq 24(%rsi),%r11 193 | 194 | .Loop_of_2_256: 195 | bsfq %r8,%rcx 196 | movl $63,%eax 197 | cmovzl %eax,%ecx 198 | 199 | cmpl $0,%ecx 200 | je .Loop_of_2_done_256 201 | 202 | shrq %cl,%r8 203 | movq %r9,%rax 204 | shrq %cl,%r9 205 | movq %r10,%rbx 206 | shrq %cl,%r10 207 | movq %r11,%rbp 208 | shrq %cl,%r11 209 | negb %cl 210 | shlq %cl,%rax 211 | shlq %cl,%rbx 212 | orq %rax,%r8 213 | movq 32(%rsi),%rax 214 | shlq %cl,%rbp 215 | orq %rbx,%r9 216 | movq 40(%rsi),%rbx 217 | orq %rbp,%r10 218 | movq 48(%rsi),%rbp 219 | negb %cl 220 | movq 56(%rsi),%rdi 221 | 222 | movq %r8,0(%rsi) 223 | movq %r9,8(%rsi) 224 | movq %r10,16(%rsi) 225 | movq %r11,24(%rsi) 226 | jmp .Loop_div_by_2_256 227 | 228 | .p2align 5 229 | .Loop_div_by_2_256: 230 | movq $1,%r11 231 | movq 0(%rdx),%r8 232 | andq %rax,%r11 233 | movq 8(%rdx),%r9 234 | negq %r11 235 | movq 16(%rdx),%r10 236 | andq %r11,%r8 237 | andq %r11,%r9 238 | andq %r11,%r10 239 | andq 24(%rdx),%r11 240 | 241 | addq %r8,%rax 242 | adcq %r9,%rbx 243 | adcq %r10,%rbp 244 | adcq %r11,%rdi 245 | sbbq %r11,%r11 246 | 247 | shrq $1,%rax 248 | movq %rbx,%r8 249 | shrq $1,%rbx 250 | movq %rbp,%r9 251 | shrq $1,%rbp 252 | movq %rdi,%r10 253 | shrq $1,%rdi 254 | shlq $63,%r8 255 | shlq $63,%r9 256 | orq %r8,%rax 257 | shlq $63,%r10 258 | orq %r9,%rbx 259 | shlq $63,%r11 260 | orq %r10,%rbp 261 | orq %r11,%rdi 262 | 263 | decl %ecx 264 | jnz .Loop_div_by_2_256 265 | 266 | movq 0(%rsi),%r8 267 | movq 8(%rsi),%r9 268 | movq 16(%rsi),%r10 269 | movq 24(%rsi),%r11 270 | 271 | movq %rax,32(%rsi) 272 | movq %rbx,40(%rsi) 273 | movq %rbp,48(%rsi) 274 | movq %rdi,56(%rsi) 275 | 276 | testq $1,%r8 277 | .byte 0x2e 278 | jz .Loop_of_2_256 279 | 280 | .Loop_of_2_done_256: 281 | .byte 0xf3,0xc3 282 | 283 | .section .pdata 284 | .p2align 2 285 | .rva .LSEH_begin_eucl_inverse_mod_256 286 | .rva .LSEH_body_eucl_inverse_mod_256 287 | .rva .LSEH_info_eucl_inverse_mod_256_prologue 288 | 289 | .rva .LSEH_body_eucl_inverse_mod_256 290 | .rva .LSEH_epilogue_eucl_inverse_mod_256 291 | .rva .LSEH_info_eucl_inverse_mod_256_body 292 | 293 | .rva .LSEH_epilogue_eucl_inverse_mod_256 294 | .rva .LSEH_end_eucl_inverse_mod_256 295 | .rva .LSEH_info_eucl_inverse_mod_256_epilogue 296 | 297 | .section .xdata 298 | .p2align 3 299 | .LSEH_info_eucl_inverse_mod_256_prologue: 300 | .byte 1,0,5,0x0b 301 | .byte 0,0x74,1,0 302 | .byte 0,0x64,2,0 303 | .byte 0,0x03 304 | .byte 0,0 305 | .LSEH_info_eucl_inverse_mod_256_body: 306 | .byte 1,0,10,0 307 | .byte 0x00,0x34,0x13,0x00 308 | .byte 0x00,0x54,0x14,0x00 309 | .byte 0x00,0x74,0x16,0x00 310 | .byte 0x00,0x64,0x17,0x00 311 | .byte 0x00,0x01,0x15,0x00 312 | .LSEH_info_eucl_inverse_mod_256_epilogue: 313 | .byte 1,0,4,0 314 | .byte 0x00,0x74,0x01,0x00 315 | .byte 0x00,0x64,0x02,0x00 316 | .byte 0x00,0x00,0x00,0x00 317 | 318 | -------------------------------------------------------------------------------- /extern/blst/bindings/go/hash_to_curve/BLS12381G1_XMD_SHA-256_SSWU_RO_.json: -------------------------------------------------------------------------------- 1 | { 2 | "L": "0x40", 3 | "Z": "0xb", 4 | "ciphersuite": "BLS12381G1_XMD:SHA-256_SSWU_RO_", 5 | "curve": "BLS12-381 G1", 6 | "dst": "QUUX-V01-CS02-with-BLS12381G1_XMD:SHA-256_SSWU_RO_", 7 | "expand": "XMD", 8 | "field": { 9 | "m": "0x1", 10 | "p": "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab" 11 | }, 12 | "hash": "sha256", 13 | "k": "0x80", 14 | "map": { 15 | "name": "SSWU" 16 | }, 17 | "randomOracle": true, 18 | "vectors": [ 19 | { 20 | "P": { 21 | "x": "0x052926add2207b76ca4fa57a8734416c8dc95e24501772c814278700eed6d1e4e8cf62d9c09db0fac349612b759e79a1", 22 | "y": "0x08ba738453bfed09cb546dbb0783dbb3a5f1f566ed67bb6be0e8c67e2e81a4cc68ee29813bb7994998f3eae0c9c6a265" 23 | }, 24 | "Q0": { 25 | "x": "0x11a3cce7e1d90975990066b2f2643b9540fa40d6137780df4e753a8054d07580db3b7f1f03396333d4a359d1fe3766fe", 26 | "y": "0x0eeaf6d794e479e270da10fdaf768db4c96b650a74518fc67b04b03927754bac66f3ac720404f339ecdcc028afa091b7" 27 | }, 28 | "Q1": { 29 | "x": "0x160003aaf1632b13396dbad518effa00fff532f604de1a7fc2082ff4cb0afa2d63b2c32da1bef2bf6c5ca62dc6b72f9c", 30 | "y": "0x0d8bb2d14e20cf9f6036152ed386d79189415b6d015a20133acb4e019139b94e9c146aaad5817f866c95d609a361735e" 31 | }, 32 | "msg": "", 33 | "u": [ 34 | "0x0ba14bd907ad64a016293ee7c2d276b8eae71f25a4b941eece7b0d89f17f75cb3ae5438a614fb61d6835ad59f29c564f", 35 | "0x019b9bd7979f12657976de2884c7cce192b82c177c80e0ec604436a7f538d231552f0d96d9f7babe5fa3b19b3ff25ac9" 36 | ] 37 | }, 38 | { 39 | "P": { 40 | "x": "0x03567bc5ef9c690c2ab2ecdf6a96ef1c139cc0b2f284dca0a9a7943388a49a3aee664ba5379a7655d3c68900be2f6903", 41 | "y": "0x0b9c15f3fe6e5cf4211f346271d7b01c8f3b28be689c8429c85b67af215533311f0b8dfaaa154fa6b88176c229f2885d" 42 | }, 43 | "Q0": { 44 | "x": "0x125435adce8e1cbd1c803e7123f45392dc6e326d292499c2c45c5865985fd74fe8f042ecdeeec5ecac80680d04317d80", 45 | "y": "0x0e8828948c989126595ee30e4f7c931cbd6f4570735624fd25aef2fa41d3f79cfb4b4ee7b7e55a8ce013af2a5ba20bf2" 46 | }, 47 | "Q1": { 48 | "x": "0x11def93719829ecda3b46aa8c31fc3ac9c34b428982b898369608e4f042babee6c77ab9218aad5c87ba785481eff8ae4", 49 | "y": "0x0007c9cef122ccf2efd233d6eb9bfc680aa276652b0661f4f820a653cec1db7ff69899f8e52b8e92b025a12c822a6ce6" 50 | }, 51 | "msg": "abc", 52 | "u": [ 53 | "0x0d921c33f2bad966478a03ca35d05719bdf92d347557ea166e5bba579eea9b83e9afa5c088573c2281410369fbd32951", 54 | "0x003574a00b109ada2f26a37a91f9d1e740dffd8d69ec0c35e1e9f4652c7dba61123e9dd2e76c655d956e2b3462611139" 55 | ] 56 | }, 57 | { 58 | "P": { 59 | "x": "0x11e0b079dea29a68f0383ee94fed1b940995272407e3bb916bbf268c263ddd57a6a27200a784cbc248e84f357ce82d98", 60 | "y": "0x03a87ae2caf14e8ee52e51fa2ed8eefe80f02457004ba4d486d6aa1f517c0889501dc7413753f9599b099ebcbbd2d709" 61 | }, 62 | "Q0": { 63 | "x": "0x08834484878c217682f6d09a4b51444802fdba3d7f2df9903a0ddadb92130ebbfa807fffa0eabf257d7b48272410afff", 64 | "y": "0x0b318f7ecf77f45a0f038e62d7098221d2dbbca2a394164e2e3fe953dc714ac2cde412d8f2d7f0c03b259e6795a2508e" 65 | }, 66 | "Q1": { 67 | "x": "0x158418ed6b27e2549f05531a8281b5822b31c3bf3144277fbb977f8d6e2694fedceb7011b3c2b192f23e2a44b2bd106e", 68 | "y": "0x1879074f344471fac5f839e2b4920789643c075792bec5af4282c73f7941cda5aa77b00085eb10e206171b9787c4169f" 69 | }, 70 | "msg": "abcdef0123456789", 71 | "u": [ 72 | "0x062d1865eb80ebfa73dcfc45db1ad4266b9f3a93219976a3790ab8d52d3e5f1e62f3b01795e36834b17b70e7b76246d4", 73 | "0x0cdc3e2f271f29c4ff75020857ce6c5d36008c9b48385ea2f2bf6f96f428a3deb798aa033cd482d1cdc8b30178b08e3a" 74 | ] 75 | }, 76 | { 77 | "P": { 78 | "x": "0x15f68eaa693b95ccb85215dc65fa81038d69629f70aeee0d0f677cf22285e7bf58d7cb86eefe8f2e9bc3f8cb84fac488", 79 | "y": "0x1807a1d50c29f430b8cafc4f8638dfeeadf51211e1602a5f184443076715f91bb90a48ba1e370edce6ae1062f5e6dd38" 80 | }, 81 | "Q0": { 82 | "x": "0x0cbd7f84ad2c99643fea7a7ac8f52d63d66cefa06d9a56148e58b984b3dd25e1f41ff47154543343949c64f88d48a710", 83 | "y": "0x052c00e4ed52d000d94881a5638ae9274d3efc8bc77bc0e5c650de04a000b2c334a9e80b85282a00f3148dfdface0865" 84 | }, 85 | "Q1": { 86 | "x": "0x06493fb68f0d513af08be0372f849436a787e7b701ae31cb964d968021d6ba6bd7d26a38aaa5a68e8c21a6b17dc8b579", 87 | "y": "0x02e98f2ccf5802b05ffaac7c20018bc0c0b2fd580216c4aa2275d2909dc0c92d0d0bdc979226adeb57a29933536b6bb4" 88 | }, 89 | "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", 90 | "u": [ 91 | "0x010476f6a060453c0b1ad0b628f3e57c23039ee16eea5e71bb87c3b5419b1255dc0e5883322e563b84a29543823c0e86", 92 | "0x0b1a912064fb0554b180e07af7e787f1f883a0470759c03c1b6509eb8ce980d1670305ae7b928226bb58fdc0a419f46e" 93 | ] 94 | }, 95 | { 96 | "P": { 97 | "x": "0x082aabae8b7dedb0e78aeb619ad3bfd9277a2f77ba7fad20ef6aabdc6c31d19ba5a6d12283553294c1825c4b3ca2dcfe", 98 | "y": "0x05b84ae5a942248eea39e1d91030458c40153f3b654ab7872d779ad1e942856a20c438e8d99bc8abfbf74729ce1f7ac8" 99 | }, 100 | "Q0": { 101 | "x": "0x0cf97e6dbd0947857f3e578231d07b309c622ade08f2c08b32ff372bd90db19467b2563cc997d4407968d4ac80e154f8", 102 | "y": "0x127f0cddf2613058101a5701f4cb9d0861fd6c2a1b8e0afe194fccf586a3201a53874a2761a9ab6d7220c68661a35ab3" 103 | }, 104 | "Q1": { 105 | "x": "0x092f1acfa62b05f95884c6791fba989bbe58044ee6355d100973bf9553ade52b47929264e6ae770fb264582d8dce512a", 106 | "y": "0x028e6d0169a72cfedb737be45db6c401d3adfb12c58c619c82b93a5dfcccef12290de530b0480575ddc8397cda0bbebf" 107 | }, 108 | "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 109 | "u": [ 110 | "0x0a8ffa7447f6be1c5a2ea4b959c9454b431e29ccc0802bc052413a9c5b4f9aac67a93431bd480d15be1e057c8a08e8c6", 111 | "0x05d487032f602c90fa7625dbafe0f4a49ef4a6b0b33d7bb349ff4cf5410d297fd6241876e3e77b651cfc8191e40a68b7" 112 | ] 113 | } 114 | ] 115 | } 116 | -------------------------------------------------------------------------------- /extern/blst/src/asm/inverse_mod_256-armv8.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | # 3 | # Copyright Supranational LLC 4 | # Licensed under the Apache License, Version 2.0, see LICENSE for details. 5 | # SPDX-License-Identifier: Apache-2.0 6 | # 7 | # int eucl_inverse_mod_256(vec256 ret, const vec256 inp, const vec256 mod, 8 | # const vec256 one = NULL); 9 | # 10 | # If |one| is 1, then it works as plain inverse procedure. 11 | # If |one| is (1<<512)%|mod|, then it's inverse in Montgomery 12 | # representation domain. 13 | 14 | $flavour = shift; 15 | $output = shift; 16 | if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } 17 | 18 | if ($flavour && $flavour ne "void") { 19 | $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; 20 | ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or 21 | ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or 22 | die "can't locate arm-xlate.pl"; 23 | 24 | open STDOUT,"| \"$^X\" $xlate $flavour $output"; 25 | } else { 26 | open STDOUT,">$output"; 27 | } 28 | 29 | ($r_ptr, $a_ptr, $n_ptr, $one) = map("x$_",(0..3)); 30 | ($ux_ptr, $vy_ptr, $cnt) = ($a_ptr, $n_ptr, $one); 31 | @acc=map("x$_",(4..11)); 32 | @mod=map("x$_",(12..15)); 33 | 34 | $frame=4*256/8; 35 | $U=0; 36 | $X=$U+256/8; 37 | $V=$X+256/8; 38 | $Y=$V+256/8; 39 | 40 | $code.=<<___; 41 | .text 42 | 43 | .align 5 44 | .Lone_256: 45 | .quad 1,0,0,0 46 | 47 | .globl eucl_inverse_mod_256 48 | .hidden eucl_inverse_mod_256 49 | .type eucl_inverse_mod_256,%function 50 | .align 5 51 | eucl_inverse_mod_256: 52 | paciasp 53 | stp x29,x30,[sp,#-16]! 54 | add x29,sp,#0 55 | sub sp,sp,#$frame 56 | 57 | adr @acc[0],.Lone_256 58 | cmp $one,#0 59 | csel $one,$one,@acc[0],ne // default $one to 1 60 | 61 | ldp @acc[0],@acc[1],[$a_ptr] 62 | ldp @acc[2],@acc[3],[$a_ptr,#16] 63 | 64 | orr @acc[4],@acc[0],@acc[1] 65 | orr @acc[5],@acc[2],@acc[3] 66 | orr @acc[6],@acc[4],@acc[5] 67 | cbz @acc[6],.Labort_256 // abort if |inp|==0 68 | 69 | ldp @acc[4],@acc[5],[$one] 70 | ldp @acc[6],@acc[7],[$one,#16] 71 | 72 | ldp @mod[0],@mod[1],[$n_ptr] 73 | ldp @mod[2],@mod[3],[$n_ptr,#16] 74 | 75 | stp @acc[0],@acc[1],[sp,#$U] // copy |inp| to U 76 | stp @acc[2],@acc[3],[sp,#$U+16] 77 | 78 | stp @acc[4],@acc[5],[sp,#$U+32] // copy |one| to X 79 | stp @acc[6],@acc[7],[sp,#$U+48] 80 | 81 | stp @mod[0],@mod[1],[sp,#$V] // copy |mod| to V 82 | stp @mod[2],@mod[3],[sp,#$V+16] 83 | 84 | stp xzr,xzr,[sp,#$V+32] // clear Y 85 | stp xzr,xzr,[sp,#$V+48] 86 | b .Loop_inv_256 87 | 88 | .align 4 89 | .Loop_inv_256: 90 | add $ux_ptr,sp,#$V 91 | bl __remove_powers_of_2_256 92 | 93 | add $ux_ptr,sp,#$U 94 | bl __remove_powers_of_2_256 95 | 96 | ldp @acc[4],@acc[5],[sp,#$V] 97 | add $vy_ptr,sp,#$V 98 | ldp @acc[6],@acc[7],[sp,#$V+16] 99 | subs @acc[0],@acc[0],@acc[4] // U-V 100 | sbcs @acc[1],@acc[1],@acc[5] 101 | sbcs @acc[2],@acc[2],@acc[6] 102 | sbcs @acc[3],@acc[3],@acc[7] 103 | b.hs .Lu_greater_than_v_256 104 | 105 | eor $vy_ptr,$vy_ptr,$ux_ptr // xchg $vy_ptr,$ux_ptr 106 | mvn @acc[0],@acc[0] // U-V => V-U 107 | eor $ux_ptr,$ux_ptr,$vy_ptr 108 | mvn @acc[1],@acc[1] 109 | eor $vy_ptr,$vy_ptr,$ux_ptr 110 | adds @acc[0],@acc[0],#1 111 | mvn @acc[2],@acc[2] 112 | adcs @acc[1],@acc[1],xzr 113 | mvn @acc[3],@acc[3] 114 | adcs @acc[2],@acc[2],xzr 115 | adc @acc[3],@acc[3],xzr 116 | 117 | .Lu_greater_than_v_256: 118 | stp @acc[0],@acc[1],[$ux_ptr] 119 | ldp @acc[0],@acc[1],[$vy_ptr,#32] 120 | ldp @acc[4],@acc[5],[$ux_ptr,#32] 121 | stp @acc[2],@acc[3],[$ux_ptr,#16] 122 | ldp @acc[2],@acc[3],[$vy_ptr,#48] 123 | subs @acc[4],@acc[4],@acc[0] // X-Y # [alt. Y-X] 124 | ldp @acc[6],@acc[7],[$ux_ptr,#48] 125 | sbcs @acc[5],@acc[5],@acc[1] 126 | sbcs @acc[6],@acc[6],@acc[2] 127 | sbcs @acc[7],@acc[7],@acc[3] 128 | sbc @acc[3],xzr,xzr // borrow -> mask 129 | 130 | and @acc[0],@mod[0],@acc[3] 131 | and @acc[1],@mod[1],@acc[3] 132 | adds @acc[4],@acc[4],@acc[0] // reduce if X>= cnt 182 | lslv @acc[4],@acc[1],@acc[7] 183 | orr @acc[0],@acc[0],@acc[4] 184 | lsrv @acc[1],@acc[1],$cnt 185 | lslv @acc[5],@acc[2],@acc[7] 186 | orr @acc[1],@acc[1],@acc[5] 187 | ldp @acc[4],@acc[5],[$ux_ptr,#32] 188 | lsrv @acc[2],@acc[2],$cnt 189 | lslv @acc[6],@acc[3],@acc[7] 190 | orr @acc[2],@acc[2],@acc[6] 191 | ldp @acc[6],@acc[7],[$ux_ptr,#48] 192 | lsrv @acc[3],@acc[3],$cnt 193 | 194 | stp @acc[0], @acc[1],[$ux_ptr] 195 | stp @acc[2], @acc[3],[$ux_ptr,#16] 196 | b .Loop_div_by_2_256 197 | 198 | .align 4 199 | .Loop_div_by_2_256: 200 | sbfx @acc[3],@acc[4],#0,#1 201 | sub $cnt,$cnt,#1 202 | 203 | and @acc[0],@mod[0],@acc[3] 204 | and @acc[1],@mod[1],@acc[3] 205 | adds @acc[4],@acc[4],@acc[0] 206 | and @acc[2],@mod[2],@acc[3] 207 | adcs @acc[5],@acc[5],@acc[1] 208 | and @acc[3],@mod[3],@acc[3] 209 | adcs @acc[6],@acc[6],@acc[2] 210 | extr @acc[4],@acc[5],@acc[4],#1 // acc[4:7] >>= 1 211 | adcs @acc[7],@acc[7],@acc[3] 212 | extr @acc[5],@acc[6],@acc[5],#1 213 | adc @acc[3],xzr,xzr // redundant if modulus is <256 bits... 214 | extr @acc[6],@acc[7],@acc[6],#1 215 | extr @acc[7],@acc[3],@acc[7],#1 216 | 217 | cbnz $cnt,.Loop_div_by_2_256 218 | 219 | ldp @acc[0],@acc[1],[$ux_ptr] // reload X [mostly for 2nd caller] 220 | ldp @acc[2],@acc[3],[$ux_ptr,#16] 221 | 222 | stp @acc[4],@acc[5],[$ux_ptr,#32] 223 | stp @acc[6],@acc[7],[$ux_ptr,#48] 224 | 225 | tbz @acc[0],#0,.Loop_of_2_256// unlikely in real life 226 | 227 | .Loop_of_2_done_256: 228 | ret 229 | .size __remove_powers_of_2_256,.-__remove_powers_of_2_256 230 | ___ 231 | 232 | print $code; 233 | close STDOUT; 234 | -------------------------------------------------------------------------------- /extern/blst/src/asm/add_mod_384x384-x86_64.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | # 3 | # Copyright Supranational LLC 4 | # Licensed under the Apache License, Version 2.0, see LICENSE for details. 5 | # SPDX-License-Identifier: Apache-2.0 6 | 7 | $flavour = shift; 8 | $output = shift; 9 | if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } 10 | 11 | $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); 12 | 13 | $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; 14 | ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or 15 | ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 16 | die "can't locate x86_64-xlate.pl"; 17 | 18 | open STDOUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" 19 | or die "can't call $xlate: $!"; 20 | 21 | # common argument layout 22 | ($r_ptr,$a_ptr,$b_org,$n_ptr,$n0) = ("%rdi","%rsi","%rdx","%rcx","%r8"); 23 | $b_ptr = "%rbx"; 24 | 25 | # common accumulator layout 26 | @acc=map("%r$_",(8..15)); 27 | 28 | ############################################################ 384x384 add/sub 29 | # Double-width addition/subtraction modulo n<<384, as opposite to 30 | # naively expected modulo n*n. It works because n<<384 is the actual 31 | # input boundary condition for Montgomery reduction, not n*n. 32 | # Just in case, this is duplicated, but only one module is 33 | # supposed to be linked... 34 | { 35 | my @acc=(@acc,"%rax","%rbx","%rbp",$a_ptr); # all registers are affected 36 | # except for $n_ptr and $r_ptr 37 | $code.=<<___; 38 | .text 39 | 40 | .type __add_mod_384x384,\@abi-omnipotent 41 | .align 32 42 | __add_mod_384x384: 43 | mov 8*0($a_ptr), @acc[0] 44 | mov 8*1($a_ptr), @acc[1] 45 | mov 8*2($a_ptr), @acc[2] 46 | mov 8*3($a_ptr), @acc[3] 47 | mov 8*4($a_ptr), @acc[4] 48 | mov 8*5($a_ptr), @acc[5] 49 | mov 8*6($a_ptr), @acc[6] 50 | 51 | add 8*0($b_org), @acc[0] 52 | mov 8*7($a_ptr), @acc[7] 53 | adc 8*1($b_org), @acc[1] 54 | mov 8*8($a_ptr), @acc[8] 55 | adc 8*2($b_org), @acc[2] 56 | mov 8*9($a_ptr), @acc[9] 57 | adc 8*3($b_org), @acc[3] 58 | mov 8*10($a_ptr), @acc[10] 59 | adc 8*4($b_org), @acc[4] 60 | mov 8*11($a_ptr), @acc[11] 61 | adc 8*5($b_org), @acc[5] 62 | mov @acc[0], 8*0($r_ptr) 63 | adc 8*6($b_org), @acc[6] 64 | mov @acc[1], 8*1($r_ptr) 65 | adc 8*7($b_org), @acc[7] 66 | mov @acc[2], 8*2($r_ptr) 67 | adc 8*8($b_org), @acc[8] 68 | mov @acc[4], 8*4($r_ptr) 69 | mov @acc[6], @acc[0] 70 | adc 8*9($b_org), @acc[9] 71 | mov @acc[3], 8*3($r_ptr) 72 | mov @acc[7], @acc[1] 73 | adc 8*10($b_org), @acc[10] 74 | mov @acc[5], 8*5($r_ptr) 75 | mov @acc[8], @acc[2] 76 | adc 8*11($b_org), @acc[11] 77 | mov @acc[9], @acc[3] 78 | sbb $b_org, $b_org 79 | 80 | sub 8*0($n_ptr), @acc[6] 81 | sbb 8*1($n_ptr), @acc[7] 82 | mov @acc[10], @acc[4] 83 | sbb 8*2($n_ptr), @acc[8] 84 | sbb 8*3($n_ptr), @acc[9] 85 | sbb 8*4($n_ptr), @acc[10] 86 | mov @acc[11], @acc[5] 87 | sbb 8*5($n_ptr), @acc[11] 88 | sbb \$0, $b_org 89 | 90 | cmovc @acc[0], @acc[6] 91 | cmovc @acc[1], @acc[7] 92 | cmovc @acc[2], @acc[8] 93 | mov @acc[6], 8*6($r_ptr) 94 | cmovc @acc[3], @acc[9] 95 | mov @acc[7], 8*7($r_ptr) 96 | cmovc @acc[4], @acc[10] 97 | mov @acc[8], 8*8($r_ptr) 98 | cmovc @acc[5], @acc[11] 99 | mov @acc[9], 8*9($r_ptr) 100 | mov @acc[10], 8*10($r_ptr) 101 | mov @acc[11], 8*11($r_ptr) 102 | 103 | ret 104 | .size __add_mod_384x384,.-__add_mod_384x384 105 | 106 | .type __sub_mod_384x384,\@abi-omnipotent 107 | .align 32 108 | __sub_mod_384x384: 109 | mov 8*0($a_ptr), @acc[0] 110 | mov 8*1($a_ptr), @acc[1] 111 | mov 8*2($a_ptr), @acc[2] 112 | mov 8*3($a_ptr), @acc[3] 113 | mov 8*4($a_ptr), @acc[4] 114 | mov 8*5($a_ptr), @acc[5] 115 | mov 8*6($a_ptr), @acc[6] 116 | 117 | sub 8*0($b_org), @acc[0] 118 | mov 8*7($a_ptr), @acc[7] 119 | sbb 8*1($b_org), @acc[1] 120 | mov 8*8($a_ptr), @acc[8] 121 | sbb 8*2($b_org), @acc[2] 122 | mov 8*9($a_ptr), @acc[9] 123 | sbb 8*3($b_org), @acc[3] 124 | mov 8*10($a_ptr), @acc[10] 125 | sbb 8*4($b_org), @acc[4] 126 | mov 8*11($a_ptr), @acc[11] 127 | sbb 8*5($b_org), @acc[5] 128 | mov @acc[0], 8*0($r_ptr) 129 | sbb 8*6($b_org), @acc[6] 130 | mov 8*0($n_ptr), @acc[0] 131 | mov @acc[1], 8*1($r_ptr) 132 | sbb 8*7($b_org), @acc[7] 133 | mov 8*1($n_ptr), @acc[1] 134 | mov @acc[2], 8*2($r_ptr) 135 | sbb 8*8($b_org), @acc[8] 136 | mov 8*2($n_ptr), @acc[2] 137 | mov @acc[3], 8*3($r_ptr) 138 | sbb 8*9($b_org), @acc[9] 139 | mov 8*3($n_ptr), @acc[3] 140 | mov @acc[4], 8*4($r_ptr) 141 | sbb 8*10($b_org), @acc[10] 142 | mov 8*4($n_ptr), @acc[4] 143 | mov @acc[5], 8*5($r_ptr) 144 | sbb 8*11($b_org), @acc[11] 145 | mov 8*5($n_ptr), @acc[5] 146 | sbb $b_org, $b_org 147 | 148 | and $b_org, @acc[0] 149 | and $b_org, @acc[1] 150 | and $b_org, @acc[2] 151 | and $b_org, @acc[3] 152 | and $b_org, @acc[4] 153 | and $b_org, @acc[5] 154 | 155 | add @acc[0], @acc[6] 156 | adc @acc[1], @acc[7] 157 | mov @acc[6], 8*6($r_ptr) 158 | adc @acc[2], @acc[8] 159 | mov @acc[7], 8*7($r_ptr) 160 | adc @acc[3], @acc[9] 161 | mov @acc[8], 8*8($r_ptr) 162 | adc @acc[4], @acc[10] 163 | mov @acc[9], 8*9($r_ptr) 164 | adc @acc[5], @acc[11] 165 | mov @acc[10], 8*10($r_ptr) 166 | mov @acc[11], 8*11($r_ptr) 167 | 168 | ret 169 | .size __sub_mod_384x384,.-__sub_mod_384x384 170 | 171 | .globl add_mod_384x384 172 | .hidden add_mod_384x384 173 | .type add_mod_384x384,\@function,4,"unwind" 174 | .align 32 175 | add_mod_384x384: 176 | .cfi_startproc 177 | push %rbp 178 | .cfi_push %rbp 179 | push %rbx 180 | .cfi_push %rbx 181 | push %r12 182 | .cfi_push %r12 183 | push %r13 184 | .cfi_push %r13 185 | push %r14 186 | .cfi_push %r14 187 | push %r15 188 | .cfi_push %r15 189 | sub \$8, %rsp 190 | .cfi_adjust_cfa_offset 8 191 | .cfi_end_prologue 192 | 193 | call __add_mod_384x384 194 | 195 | mov 8(%rsp),%r15 196 | .cfi_restore %r15 197 | mov 16(%rsp),%r14 198 | .cfi_restore %r14 199 | mov 24(%rsp),%r13 200 | .cfi_restore %r13 201 | mov 32(%rsp),%r12 202 | .cfi_restore %r12 203 | mov 40(%rsp),%rbx 204 | .cfi_restore %rbx 205 | mov 48(%rsp),%rbp 206 | .cfi_restore %rbp 207 | lea 56(%rsp),%rsp 208 | .cfi_adjust_cfa_offset -56 209 | .cfi_epilogue 210 | ret 211 | .cfi_endproc 212 | .size add_mod_384x384,.-add_mod_384x384 213 | 214 | .globl sub_mod_384x384 215 | .hidden sub_mod_384x384 216 | .type sub_mod_384x384,\@function,4,"unwind" 217 | .align 32 218 | sub_mod_384x384: 219 | .cfi_startproc 220 | push %rbp 221 | .cfi_push %rbp 222 | push %rbx 223 | .cfi_push %rbx 224 | push %r12 225 | .cfi_push %r12 226 | push %r13 227 | .cfi_push %r13 228 | push %r14 229 | .cfi_push %r14 230 | push %r15 231 | .cfi_push %r15 232 | sub \$8, %rsp 233 | .cfi_adjust_cfa_offset 8 234 | .cfi_end_prologue 235 | 236 | call __sub_mod_384x384 237 | 238 | mov 8(%rsp),%r15 239 | .cfi_restore %r15 240 | mov 16(%rsp),%r14 241 | .cfi_restore %r14 242 | mov 24(%rsp),%r13 243 | .cfi_restore %r13 244 | mov 32(%rsp),%r12 245 | .cfi_restore %r12 246 | mov 40(%rsp),%rbx 247 | .cfi_restore %rbx 248 | mov 48(%rsp),%rbp 249 | .cfi_restore %rbp 250 | lea 56(%rsp),%rsp 251 | .cfi_adjust_cfa_offset -56 252 | .cfi_epilogue 253 | ret 254 | .cfi_endproc 255 | .size sub_mod_384x384,.-sub_mod_384x384 256 | ___ 257 | } 258 | 259 | print $code; 260 | close STDOUT; 261 | --------------------------------------------------------------------------------