kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-20 02:25:14 -07:00
Code Releases Wiki Activity

Trim/untab/indent

Browse Source
This commit is contained in:
Frank Denis 2016-02-27 13:15:57 +01:00
parent adfe6c9d55
commit bb596e8eb7
7 changed files with 469 additions and 469 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h
View File

@ -50,13 +50,13 @@
#define BYTES2CHARS(bytes) ((((bytes) * 8) + 5) / 6)
typedef struct {
void * base, * aligned;
size_t size;
void * base, * aligned;
size_t size;
} escrypt_region_t;
typedef union {
uint64_t d[8];
uint32_t w[16];
uint64_t d[8];
uint32_t w[16];
} escrypt_block_t;
typedef escrypt_region_t escrypt_local_t;

342
src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c
View File

@ -41,58 +41,58 @@
static inline void
blkcpy_64(escrypt_block_t *dest, const escrypt_block_t *src)
{
int i;
int i;
#if (ARCH_BITS==32)
for (i = 0; i < 16; ++i)
dest->w[i] = src->w[i];
for (i = 0; i < 16; ++i)
dest->w[i] = src->w[i];
#else
for (i = 0; i < 8; ++i)
dest->d[i] = src->d[i];
for (i = 0; i < 8; ++i)
dest->d[i] = src->d[i];
#endif
}
static inline void
blkxor_64(escrypt_block_t *dest, const escrypt_block_t *src)
{
int i;
int i;
#if (ARCH_BITS==32)
for (i = 0; i < 16; ++i)
dest->w[i] ^= src->w[i];
for (i = 0; i < 16; ++i)
dest->w[i] ^= src->w[i];
#else
for (i = 0; i < 8; ++i)
dest->d[i] ^= src->d[i];
for (i = 0; i < 8; ++i)
dest->d[i] ^= src->d[i];
#endif
}
static inline void
blkcpy(escrypt_block_t *dest, const escrypt_block_t *src, size_t len)
{
size_t i, L;
size_t i, L;
#if (ARCH_BITS==32)
L = (len>>2);
for (i = 0; i < L; ++i)
dest->w[i] = src->w[i];
L = (len>>2);
for (i = 0; i < L; ++i)
dest->w[i] = src->w[i];
#else
L = (len>>3);
for (i = 0; i < L; ++i)
dest->d[i] = src->d[i];
L = (len>>3);
for (i = 0; i < L; ++i)
dest->d[i] = src->d[i];
#endif
}
static inline void
blkxor(escrypt_block_t *dest, const escrypt_block_t *src, size_t len)
{
size_t i, L;
size_t i, L;
#if (ARCH_BITS==32)
L = (len>>2);
for (i = 0; i < L; ++i)
dest->w[i] ^= src->w[i];
L = (len>>2);
for (i = 0; i < L; ++i)
dest->w[i] ^= src->w[i];
#else
L = (len>>3);
for (i = 0; i < L; ++i)
dest->d[i] ^= src->d[i];
L = (len>>3);
for (i = 0; i < L; ++i)
dest->d[i] ^= src->d[i];
#endif
}
@ -103,42 +103,42 @@ blkxor(escrypt_block_t *dest, const escrypt_block_t *src, size_t len)
static void
salsa20_8(uint32_t B[16])
{
escrypt_block_t X;
uint32_t *x = X.w;
size_t i;
escrypt_block_t X;
uint32_t *x = X.w;
size_t i;
blkcpy_64(&X, (escrypt_block_t*)B);
for (i = 0; i < 8; i += 2) {
blkcpy_64(&X, (escrypt_block_t*)B);
for (i = 0; i < 8; i += 2) {
#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
/* Operate on columns. */
x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9);
x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18);
/* Operate on columns. */
x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9);
x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18);
x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9);
x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18);
x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9);
x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18);
x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9);
x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18);
x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9);
x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18);
x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9);
x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18);
x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9);
x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18);
/* Operate on rows. */
x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9);
x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18);
/* Operate on rows. */
x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9);
x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18);
x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9);
x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18);
x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9);
x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18);
x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9);
x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18);
x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9);
x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18);
x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9);
x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18);
x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9);
x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18);
#undef R
}
for (i = 0; i < 16; i++)
B[i] += x[i];
}
for (i = 0; i < 16; i++)
B[i] += x[i];
}
/**
@ -150,29 +150,29 @@ salsa20_8(uint32_t B[16])
static void
blockmix_salsa8(const uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r)
{
size_t i;
size_t i;
/* 1: X <-- B_{2r - 1} */
blkcpy_64((escrypt_block_t*)X, (escrypt_block_t*)&Bin[(2 * r - 1) * 16]);
/* 1: X <-- B_{2r - 1} */
blkcpy_64((escrypt_block_t*)X, (escrypt_block_t*)&Bin[(2 * r - 1) * 16]);
/* 2: for i = 0 to 2r - 1 do */
for (i = 0; i < 2 * r; i += 2) {
/* 3: X <-- H(X \xor B_i) */
blkxor_64((escrypt_block_t*)X, (escrypt_block_t*)&Bin[i * 16]);
salsa20_8(X);
/* 2: for i = 0 to 2r - 1 do */
for (i = 0; i < 2 * r; i += 2) {
/* 3: X <-- H(X \xor B_i) */
blkxor_64((escrypt_block_t*)X, (escrypt_block_t*)&Bin[i * 16]);
salsa20_8(X);
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
blkcpy_64((escrypt_block_t*)&Bout[i * 8], (escrypt_block_t*)X);
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
blkcpy_64((escrypt_block_t*)&Bout[i * 8], (escrypt_block_t*)X);
/* 3: X <-- H(X \xor B_i) */
blkxor_64((escrypt_block_t*)X, (escrypt_block_t*)&Bin[i * 16 + 16]);
salsa20_8(X);
/* 3: X <-- H(X \xor B_i) */
blkxor_64((escrypt_block_t*)X, (escrypt_block_t*)&Bin[i * 16 + 16]);
salsa20_8(X);
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
blkcpy_64((escrypt_block_t*)&Bout[i * 8 + r * 16], (escrypt_block_t*)X);
}
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
blkcpy_64((escrypt_block_t*)&Bout[i * 8 + r * 16], (escrypt_block_t*)X);
}
}
/**
@ -182,9 +182,9 @@ blockmix_salsa8(const uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r)
static inline uint64_t
integerify(const void * B, size_t r)
{
const uint32_t * X = (const uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64);
const uint32_t * X = (const uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64);
return (((uint64_t)(X[1]) << 32) + X[0]);
return (((uint64_t)(X[1]) << 32) + X[0]);
}
/**
@ -198,51 +198,51 @@ integerify(const void * B, size_t r)
static void
smix(uint8_t * B, size_t r, uint64_t N, uint32_t * V, uint32_t * XY)
{
uint32_t * X = XY;
uint32_t * Y = &XY[32 * r];
uint32_t * Z = &XY[64 * r];
uint64_t i;
uint64_t j;
size_t k;
uint32_t * X = XY;
uint32_t * Y = &XY[32 * r];
uint32_t * Z = &XY[64 * r];
uint64_t i;
uint64_t j;
size_t k;
/* 1: X <-- B */
for (k = 0; k < 32 * r; k++)
X[k] = LOAD32_LE(&B[4 * k]);
/* 1: X <-- B */
for (k = 0; k < 32 * r; k++)
X[k] = LOAD32_LE(&B[4 * k]);
/* 2: for i = 0 to N - 1 do */
for (i = 0; i < N; i += 2) {
/* 3: V_i <-- X */
blkcpy((escrypt_block_t*)&V[i * (32 * r)], (escrypt_block_t*)X, 128 * r);
/* 2: for i = 0 to N - 1 do */
for (i = 0; i < N; i += 2) {
/* 3: V_i <-- X */
blkcpy((escrypt_block_t*)&V[i * (32 * r)], (escrypt_block_t*)X, 128 * r);
/* 4: X <-- H(X) */
blockmix_salsa8(X, Y, Z, r);
/* 4: X <-- H(X) */
blockmix_salsa8(X, Y, Z, r);
/* 3: V_i <-- X */
blkcpy((escrypt_block_t*)&V[(i + 1) * (32 * r)], (escrypt_block_t*)Y, 128 * r);
/* 3: V_i <-- X */
blkcpy((escrypt_block_t*)&V[(i + 1) * (32 * r)], (escrypt_block_t*)Y, 128 * r);
/* 4: X <-- H(X) */
blockmix_salsa8(Y, X, Z, r);
}
/* 4: X <-- H(X) */
blockmix_salsa8(Y, X, Z, r);
}
/* 6: for i = 0 to N - 1 do */
for (i = 0; i < N; i += 2) {
/* 7: j <-- Integerify(X) mod N */
j = integerify(X, r) & (N - 1);
/* 6: for i = 0 to N - 1 do */
for (i = 0; i < N; i += 2) {
/* 7: j <-- Integerify(X) mod N */
j = integerify(X, r) & (N - 1);
/* 8: X <-- H(X \xor V_j) */
blkxor((escrypt_block_t*)X, (escrypt_block_t*)&V[j * (32 * r)], 128 * r);
blockmix_salsa8(X, Y, Z, r);
/* 8: X <-- H(X \xor V_j) */
blkxor((escrypt_block_t*)X, (escrypt_block_t*)&V[j * (32 * r)], 128 * r);
blockmix_salsa8(X, Y, Z, r);
/* 7: j <-- Integerify(X) mod N */
j = integerify(Y, r) & (N - 1);
/* 7: j <-- Integerify(X) mod N */
j = integerify(Y, r) & (N - 1);
/* 8: X <-- H(X \xor V_j) */
blkxor((escrypt_block_t*)Y, (escrypt_block_t*)&V[j * (32 * r)], 128 * r);
blockmix_salsa8(Y, X, Z, r);
}
/* 10: B' <-- X */
for (k = 0; k < 32 * r; k++)
STORE32_LE(&B[4 * k], X[k]);
/* 8: X <-- H(X \xor V_j) */
blkxor((escrypt_block_t*)Y, (escrypt_block_t*)&V[j * (32 * r)], 128 * r);
blockmix_salsa8(Y, X, Z, r);
}
/* 10: B' <-- X */
for (k = 0; k < 32 * r; k++)
STORE32_LE(&B[4 * k], X[k]);
}
/**
@ -262,80 +262,80 @@ escrypt_kdf_nosse(escrypt_local_t * local,
uint64_t N, uint32_t _r, uint32_t _p,
uint8_t * buf, size_t buflen)
{
size_t B_size, V_size, XY_size, need;
uint8_t * B;
uint32_t * V, * XY;
size_t B_size, V_size, XY_size, need;
uint8_t * B;
uint32_t * V, * XY;
size_t r = _r, p = _p;
uint32_t i;
uint32_t i;
/* Sanity-check parameters. */
/* Sanity-check parameters. */
#if SIZE_MAX > UINT32_MAX
if (buflen > (((uint64_t)(1) << 32) - 1) * 32) {
errno = EFBIG;
return -1;
}
if (buflen > (((uint64_t)(1) << 32) - 1) * 32) {
errno = EFBIG;
return -1;
}
#endif
if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) {
errno = EFBIG;
return -1;
}
if (N > UINT32_MAX) {
errno = EFBIG;
return -1;
}
if (((N & (N - 1)) != 0) || (N < 2)) {
errno = EINVAL;
return -1;
}
if (r == 0 || p == 0) {
errno = EINVAL;
return -1;
}
if ((r > SIZE_MAX / 128 / p) ||
if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) {
errno = EFBIG;
return -1;
}
if (N > UINT32_MAX) {
errno = EFBIG;
return -1;
}
if (((N & (N - 1)) != 0) || (N < 2)) {
errno = EINVAL;
return -1;
}
if (r == 0 || p == 0) {
errno = EINVAL;
return -1;
}
if ((r > SIZE_MAX / 128 / p) ||
#if SIZE_MAX / 256 <= UINT32_MAX
(r > SIZE_MAX / 256) ||
(r > SIZE_MAX / 256) ||
#endif
(N > SIZE_MAX / 128 / r)) {
errno = ENOMEM;
return -1;
}
(N > SIZE_MAX / 128 / r)) {
errno = ENOMEM;
return -1;
}
/* Allocate memory. */
B_size = (size_t)128 * r * p;
V_size = (size_t)128 * r * N;
need = B_size + V_size;
if (need < V_size) {
errno = ENOMEM;
return -1;
}
XY_size = (size_t)256 * r + 64;
need += XY_size;
if (need < XY_size) {
errno = ENOMEM;
return -1;
}
if (local->size < need) {
if (free_region(local))
return -1;
if (!alloc_region(local, need))
return -1;
}
B = (uint8_t *)local->aligned;
V = (uint32_t *)((uint8_t *)B + B_size);
XY = (uint32_t *)((uint8_t *)V + V_size);
/* Allocate memory. */
B_size = (size_t)128 * r * p;
V_size = (size_t)128 * r * N;
need = B_size + V_size;
if (need < V_size) {
errno = ENOMEM;
return -1;
}
XY_size = (size_t)256 * r + 64;
need += XY_size;
if (need < XY_size) {
errno = ENOMEM;
return -1;
}
if (local->size < need) {
if (free_region(local))
return -1;
if (!alloc_region(local, need))
return -1;
}
B = (uint8_t *)local->aligned;
V = (uint32_t *)((uint8_t *)B + B_size);
XY = (uint32_t *)((uint8_t *)V + V_size);
/* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, B_size);
/* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, B_size);
/* 2: for i = 0 to p - 1 do */
for (i = 0; i < p; i++) {
/* 3: B_i <-- MF(B_i, N) */
smix(&B[(size_t)128 * i * r], r, N, V, XY);
}
/* 2: for i = 0 to p - 1 do */
for (i = 0; i < p; i++) {
/* 3: B_i <-- MF(B_i, N) */
smix(&B[(size_t)128 * i * r], r, N, V, XY);
}
/* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
PBKDF2_SHA256(passwd, passwdlen, B, B_size, 1, buf, buflen);
/* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
PBKDF2_SHA256(passwd, passwdlen, B, B_size, 1, buf, buflen);
/* Success! */
return 0;
/* Success! */
return 0;
}

66
src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c
View File

@ -34,67 +34,67 @@
void *
alloc_region(escrypt_region_t * region, size_t size)
{
uint8_t * base, * aligned;
uint8_t * base, * aligned;
#if defined(MAP_ANON) && defined(HAVE_MMAP)
if ((base = (uint8_t *) mmap(NULL, size, PROT_READ | PROT_WRITE,
if ((base = (uint8_t *) mmap(NULL, size, PROT_READ | PROT_WRITE,
#ifdef MAP_NOCORE
MAP_ANON | MAP_PRIVATE | MAP_NOCORE,
MAP_ANON | MAP_PRIVATE | MAP_NOCORE,
#else
MAP_ANON | MAP_PRIVATE,
MAP_ANON | MAP_PRIVATE,
#endif
-1, 0)) == MAP_FAILED)
base = NULL; /* LCOV_EXCL_LINE */
aligned = base;
-1, 0)) == MAP_FAILED)
base = NULL; /* LCOV_EXCL_LINE */
aligned = base;
#elif defined(HAVE_POSIX_MEMALIGN)
if ((errno = posix_memalign((void **) &base, 64, size)) != 0)
base = NULL;
aligned = base;
if ((errno = posix_memalign((void **) &base, 64, size)) != 0)
base = NULL;
aligned = base;
#else
base = aligned = NULL;
if (size + 63 < size)
errno = ENOMEM;
else if ((base = (uint8_t *) malloc(size + 63)) != NULL) {
aligned = base + 63;
aligned -= (uintptr_t)aligned & 63;
}
base = aligned = NULL;
if (size + 63 < size)
errno = ENOMEM;
else if ((base = (uint8_t *) malloc(size + 63)) != NULL) {
aligned = base + 63;
aligned -= (uintptr_t)aligned & 63;
}
#endif
region->base = base;
region->aligned = aligned;
region->size = base ? size : 0;
return aligned;
region->base = base;
region->aligned = aligned;
region->size = base ? size : 0;
return aligned;
}
static inline void
init_region(escrypt_region_t * region)
{
region->base = region->aligned = NULL;
region->size = 0;
region->base = region->aligned = NULL;
region->size = 0;
}
int
free_region(escrypt_region_t * region)
{
if (region->base) {
if (region->base) {
#if defined(MAP_ANON) && defined(HAVE_MMAP)
if (munmap(region->base, region->size))
return -1; /* LCOV_EXCL_LINE */
if (munmap(region->base, region->size))
return -1; /* LCOV_EXCL_LINE */
#else
free(region->base);
free(region->base);
#endif
}
init_region(region);
return 0;
}
init_region(region);
return 0;
}
int
escrypt_init_local(escrypt_local_t * local)
{
init_region(local);
return 0;
init_region(local);
return 0;
}
int
escrypt_free_local(escrypt_local_t * local)
{
return free_region(local);
return free_region(local);
}

446
src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c
View File

@ -50,57 +50,57 @@
#if defined(__XOP__) && defined(DISABLED)
#define ARX(out, in1, in2, s) \
out = _mm_xor_si128(out, _mm_roti_epi32(_mm_add_epi32(in1, in2), s));
out = _mm_xor_si128(out, _mm_roti_epi32(_mm_add_epi32(in1, in2), s));
#else
#define ARX(out, in1, in2, s) \
{ \
__m128i T = _mm_add_epi32(in1, in2); \
out = _mm_xor_si128(out, _mm_slli_epi32(T, s)); \
out = _mm_xor_si128(out, _mm_srli_epi32(T, 32-s)); \
}
{ \
__m128i T = _mm_add_epi32(in1, in2); \
out = _mm_xor_si128(out, _mm_slli_epi32(T, s)); \
out = _mm_xor_si128(out, _mm_srli_epi32(T, 32-s)); \
}
#endif
#define SALSA20_2ROUNDS \
/* Operate on "columns". */ \
ARX(X1, X0, X3, 7) \
ARX(X2, X1, X0, 9) \
ARX(X3, X2, X1, 13) \
ARX(X0, X3, X2, 18) \
/* Operate on "columns". */ \
ARX(X1, X0, X3, 7) \
ARX(X2, X1, X0, 9) \
ARX(X3, X2, X1, 13) \
ARX(X0, X3, X2, 18) \
\
/* Rearrange data. */ \
X1 = _mm_shuffle_epi32(X1, 0x93); \
X2 = _mm_shuffle_epi32(X2, 0x4E); \
X3 = _mm_shuffle_epi32(X3, 0x39); \
/* Rearrange data. */ \
X1 = _mm_shuffle_epi32(X1, 0x93); \
X2 = _mm_shuffle_epi32(X2, 0x4E); \
X3 = _mm_shuffle_epi32(X3, 0x39); \
\
/* Operate on "rows". */ \
ARX(X3, X0, X1, 7) \
ARX(X2, X3, X0, 9) \
ARX(X1, X2, X3, 13) \
ARX(X0, X1, X2, 18) \
/* Operate on "rows". */ \
ARX(X3, X0, X1, 7) \
ARX(X2, X3, X0, 9) \
ARX(X1, X2, X3, 13) \
ARX(X0, X1, X2, 18) \
\
/* Rearrange data. */ \
X1 = _mm_shuffle_epi32(X1, 0x39); \
X2 = _mm_shuffle_epi32(X2, 0x4E); \
X3 = _mm_shuffle_epi32(X3, 0x93);
/* Rearrange data. */ \
X1 = _mm_shuffle_epi32(X1, 0x39); \
X2 = _mm_shuffle_epi32(X2, 0x4E); \
X3 = _mm_shuffle_epi32(X3, 0x93);
/**
* Apply the salsa20/8 core to the block provided in (X0 ... X3) ^ (Z0 ... Z3).
*/
#define SALSA20_8_XOR(in, out) \
{ \
__m128i Y0 = X0 = _mm_xor_si128(X0, (in)[0]); \
__m128i Y1 = X1 = _mm_xor_si128(X1, (in)[1]); \
__m128i Y2 = X2 = _mm_xor_si128(X2, (in)[2]); \
__m128i Y3 = X3 = _mm_xor_si128(X3, (in)[3]); \
SALSA20_2ROUNDS \
SALSA20_2ROUNDS \
SALSA20_2ROUNDS \
SALSA20_2ROUNDS \
(out)[0] = X0 = _mm_add_epi32(X0, Y0); \
(out)[1] = X1 = _mm_add_epi32(X1, Y1); \
(out)[2] = X2 = _mm_add_epi32(X2, Y2); \
(out)[3] = X3 = _mm_add_epi32(X3, Y3); \
}
{ \
__m128i Y0 = X0 = _mm_xor_si128(X0, (in)[0]); \
__m128i Y1 = X1 = _mm_xor_si128(X1, (in)[1]); \
__m128i Y2 = X2 = _mm_xor_si128(X2, (in)[2]); \
__m128i Y3 = X3 = _mm_xor_si128(X3, (in)[3]); \
SALSA20_2ROUNDS \
SALSA20_2ROUNDS \
SALSA20_2ROUNDS \
SALSA20_2ROUNDS \
(out)[0] = X0 = _mm_add_epi32(X0, Y0); \
(out)[1] = X1 = _mm_add_epi32(X1, Y1); \
(out)[2] = X2 = _mm_add_epi32(X2, Y2); \
(out)[3] = X3 = _mm_add_epi32(X3, Y3); \
}
/**
* blockmix_salsa8(Bin, Bout, r):
@ -110,95 +110,95 @@
static inline void
blockmix_salsa8(const __m128i * Bin, __m128i * Bout, size_t r)
{
__m128i X0, X1, X2, X3;
size_t i;
__m128i X0, X1, X2, X3;
size_t i;
/* 1: X <-- B_{2r - 1} */
X0 = Bin[8 * r - 4];
X1 = Bin[8 * r - 3];
X2 = Bin[8 * r - 2];
X3 = Bin[8 * r - 1];
/* 1: X <-- B_{2r - 1} */
X0 = Bin[8 * r - 4];
X1 = Bin[8 * r - 3];
X2 = Bin[8 * r - 2];
X3 = Bin[8 * r - 1];
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(Bin, Bout)
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(Bin, Bout)
/* 2: for i = 0 to 2r - 1 do */
r--;
for (i = 0; i < r;) {
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(&Bin[i * 8 + 4], &Bout[(r + i) * 4 + 4])
/* 2: for i = 0 to 2r - 1 do */
r--;
for (i = 0; i < r;) {
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(&Bin[i * 8 + 4], &Bout[(r + i) * 4 + 4])
i++;
i++;
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(&Bin[i * 8], &Bout[i * 4])
}
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(&Bin[i * 8], &Bout[i * 4])
}
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(&Bin[i * 8 + 4], &Bout[(r + i) * 4 + 4])
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(&Bin[i * 8 + 4], &Bout[(r + i) * 4 + 4])
}
#define XOR4(in) \
X0 = _mm_xor_si128(X0, (in)[0]); \
X1 = _mm_xor_si128(X1, (in)[1]); \
X2 = _mm_xor_si128(X2, (in)[2]); \
X3 = _mm_xor_si128(X3, (in)[3]);
X0 = _mm_xor_si128(X0, (in)[0]); \
X1 = _mm_xor_si128(X1, (in)[1]); \
X2 = _mm_xor_si128(X2, (in)[2]); \
X3 = _mm_xor_si128(X3, (in)[3]);
#define XOR4_2(in1, in2) \
X0 = _mm_xor_si128((in1)[0], (in2)[0]); \
X1 = _mm_xor_si128((in1)[1], (in2)[1]); \
X2 = _mm_xor_si128((in1)[2], (in2)[2]); \
X3 = _mm_xor_si128((in1)[3], (in2)[3]);
X0 = _mm_xor_si128((in1)[0], (in2)[0]); \
X1 = _mm_xor_si128((in1)[1], (in2)[1]); \
X2 = _mm_xor_si128((in1)[2], (in2)[2]); \
X3 = _mm_xor_si128((in1)[3], (in2)[3]);
static inline uint32_t
blockmix_salsa8_xor(const __m128i * Bin1, const __m128i * Bin2, __m128i * Bout,
size_t r)
{
__m128i X0, X1, X2, X3;
size_t i;
__m128i X0, X1, X2, X3;
size_t i;
/* 1: X <-- B_{2r - 1} */
XOR4_2(&Bin1[8 * r - 4], &Bin2[8 * r - 4])
/* 1: X <-- B_{2r - 1} */
XOR4_2(&Bin1[8 * r - 4], &Bin2[8 * r - 4])
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(Bin1)
SALSA20_8_XOR(Bin2, Bout)
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(Bin1)
SALSA20_8_XOR(Bin2, Bout)
/* 2: for i = 0 to 2r - 1 do */
r--;
for (i = 0; i < r;) {
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(&Bin1[i * 8 + 4])
SALSA20_8_XOR(&Bin2[i * 8 + 4], &Bout[(r + i) * 4 + 4])
/* 2: for i = 0 to 2r - 1 do */
r--;
for (i = 0; i < r;) {
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(&Bin1[i * 8 + 4])
SALSA20_8_XOR(&Bin2[i * 8 + 4], &Bout[(r + i) * 4 + 4])
i++;
i++;
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(&Bin1[i * 8])
SALSA20_8_XOR(&Bin2[i * 8], &Bout[i * 4])
}
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(&Bin1[i * 8])
SALSA20_8_XOR(&Bin2[i * 8], &Bout[i * 4])
}
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(&Bin1[i * 8 + 4])
SALSA20_8_XOR(&Bin2[i * 8 + 4], &Bout[(r + i) * 4 + 4])
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(&Bin1[i * 8 + 4])
SALSA20_8_XOR(&Bin2[i * 8 + 4], &Bout[(r + i) * 4 + 4])
return _mm_cvtsi128_si32(X0);
return _mm_cvtsi128_si32(X0);
}
#undef ARX
@ -214,7 +214,7 @@ blockmix_salsa8_xor(const __m128i * Bin1, const __m128i * Bin2, __m128i * Bout,
static inline uint32_t
integerify(const void * B, size_t r)
{
return *(const uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64);
return *(const uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64);
}
/**
@ -228,70 +228,70 @@ integerify(const void * B, size_t r)
static void
smix(uint8_t * B, size_t r, uint32_t N, void * V, void * XY)
{
size_t s = 128 * r;
__m128i * X = (__m128i *) V, * Y;
uint32_t * X32 = (uint32_t *) V;
uint32_t i, j;
size_t k;
size_t s = 128 * r;
__m128i * X = (__m128i *) V, * Y;
uint32_t * X32 = (uint32_t *) V;
uint32_t i, j;
size_t k;
/* 1: X <-- B */
/* 3: V_i <-- X */
for (k = 0; k < 2 * r; k++) {
for (i = 0; i < 16; i++) {
X32[k * 16 + i] =
LOAD32_LE(&B[(k * 16 + (i * 5 % 16)) * 4]);
}
}
/* 1: X <-- B */
/* 3: V_i <-- X */
for (k = 0; k < 2 * r; k++) {
for (i = 0; i < 16; i++) {
X32[k * 16 + i] =
LOAD32_LE(&B[(k * 16 + (i * 5 % 16)) * 4]);
}
}
/* 2: for i = 0 to N - 1 do */
for (i = 1; i < N - 1; i += 2) {
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
Y = (__m128i *)((uintptr_t)(V) + i * s);
blockmix_salsa8(X, Y, r);
/* 2: for i = 0 to N - 1 do */
for (i = 1; i < N - 1; i += 2) {
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
Y = (__m128i *)((uintptr_t)(V) + i * s);
blockmix_salsa8(X, Y, r);
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
X = (__m128i *)((uintptr_t)(V) + (i + 1) * s);
blockmix_salsa8(Y, X, r);
}
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
X = (__m128i *)((uintptr_t)(V) + (i + 1) * s);
blockmix_salsa8(Y, X, r);
}
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
Y = (__m128i *)((uintptr_t)(V) + i * s);
blockmix_salsa8(X, Y, r);
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
Y = (__m128i *)((uintptr_t)(V) + i * s);
blockmix_salsa8(X, Y, r);
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
X = (__m128i *) XY;
blockmix_salsa8(Y, X, r);
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
X = (__m128i *) XY;
blockmix_salsa8(Y, X, r);
X32 = (uint32_t *) XY;
Y = (__m128i *)((uintptr_t)(XY) + s);
X32 = (uint32_t *) XY;
Y = (__m128i *)((uintptr_t)(XY) + s);
/* 7: j <-- Integerify(X) mod N */
j = integerify(X, r) & (N - 1);
/* 7: j <-- Integerify(X) mod N */
j = integerify(X, r) & (N - 1);
/* 6: for i = 0 to N - 1 do */
for (i = 0; i < N; i += 2) {
__m128i * V_j = (__m128i *)((uintptr_t)(V) + j * s);
/* 6: for i = 0 to N - 1 do */
for (i = 0; i < N; i += 2) {
__m128i * V_j = (__m128i *)((uintptr_t)(V) + j * s);
/* 8: X <-- H(X \xor V_j) */
/* 7: j <-- Integerify(X) mod N */
j = blockmix_salsa8_xor(X, V_j, Y, r) & (N - 1);
V_j = (__m128i *)((uintptr_t)(V) + j * s);
/* 8: X <-- H(X \xor V_j) */
/* 7: j <-- Integerify(X) mod N */
j = blockmix_salsa8_xor(X, V_j, Y, r) & (N - 1);
V_j = (__m128i *)((uintptr_t)(V) + j * s);
/* 8: X <-- H(X \xor V_j) */
/* 7: j <-- Integerify(X) mod N */
j = blockmix_salsa8_xor(Y, V_j, X, r) & (N - 1);
}
/* 8: X <-- H(X \xor V_j) */
/* 7: j <-- Integerify(X) mod N */
j = blockmix_salsa8_xor(Y, V_j, X, r) & (N - 1);
}
/* 10: B' <-- X */
for (k = 0; k < 2 * r; k++) {
for (i = 0; i < 16; i++) {
STORE32_LE(&B[(k * 16 + (i * 5 % 16)) * 4], X32[k * 16 + i]);
}
}
/* 10: B' <-- X */
for (k = 0; k < 2 * r; k++) {
for (i = 0; i < 16; i++) {
STORE32_LE(&B[(k * 16 + (i * 5 % 16)) * 4], X32[k * 16 + i]);
}
}
}
/**
@ -311,81 +311,81 @@ escrypt_kdf_sse(escrypt_local_t * local,
uint64_t N, uint32_t _r, uint32_t _p,
uint8_t * buf, size_t buflen)
{
size_t B_size, V_size, XY_size, need;
uint8_t * B;
uint32_t * V, * XY;
size_t B_size, V_size, XY_size, need;
uint8_t * B;
uint32_t * V, * XY;
size_t r = _r, p = _p;
uint32_t i;
uint32_t i;
/* Sanity-check parameters. */
/* Sanity-check parameters. */
#if SIZE_MAX > UINT32_MAX
if (buflen > (((uint64_t)(1) << 32) - 1) * 32) {
errno = EFBIG;
return -1;
}
if (buflen > (((uint64_t)(1) << 32) - 1) * 32) {
errno = EFBIG;
return -1;
}
#endif
if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) {
errno = EFBIG;
return -1;
}
if (N > UINT32_MAX) {
errno = EFBIG;
return -1;
}
if (((N & (N - 1)) != 0) || (N < 2)) {
errno = EINVAL;
return -1;
}
if (r == 0 || p == 0) {
errno = EINVAL;
return -1;
}
if ((r > SIZE_MAX / 128 / p) ||
if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) {
errno = EFBIG;
return -1;
}
if (N > UINT32_MAX) {
errno = EFBIG;
return -1;
}
if (((N & (N - 1)) != 0) || (N < 2)) {
errno = EINVAL;
return -1;
}
if (r == 0 || p == 0) {
errno = EINVAL;
return -1;
}
if ((r > SIZE_MAX / 128 / p) ||
#if SIZE_MAX / 256 <= UINT32_MAX
(r > SIZE_MAX / 256) ||
(r > SIZE_MAX / 256) ||
#endif
(N > SIZE_MAX / 128 / r)) {
errno = ENOMEM;
return -1;
}
(N > SIZE_MAX / 128 / r)) {
errno = ENOMEM;
return -1;
}
/* Allocate memory. */
B_size = (size_t)128 * r * p;
V_size = (size_t)128 * r * N;
need = B_size + V_size;
if (need < V_size) {
errno = ENOMEM;
return -1;
}
XY_size = (size_t)256 * r + 64;
need += XY_size;
if (need < XY_size) {
errno = ENOMEM;
return -1;
}
if (local->size < need) {
if (free_region(local))
return -1; /* LCOV_EXCL_LINE */
if (!alloc_region(local, need))
return -1; /* LCOV_EXCL_LINE */
}
B = (uint8_t *)local->aligned;
V = (uint32_t *)((uint8_t *)B + B_size);
XY = (uint32_t *)((uint8_t *)V + V_size);
/* Allocate memory. */
B_size = (size_t)128 * r * p;
V_size = (size_t)128 * r * N;
need = B_size + V_size;
if (need < V_size) {
errno = ENOMEM;
return -1;
}
XY_size = (size_t)256 * r + 64;
need += XY_size;
if (need < XY_size) {
errno = ENOMEM;
return -1;
}
if (local->size < need) {
if (free_region(local))
return -1; /* LCOV_EXCL_LINE */
if (!alloc_region(local, need))
return -1; /* LCOV_EXCL_LINE */
}
B = (uint8_t *)local->aligned;
V = (uint32_t *)((uint8_t *)B + B_size);
XY = (uint32_t *)((uint8_t *)V + V_size);
/* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, B_size);
/* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, B_size);
/* 2: for i = 0 to p - 1 do */
for (i = 0; i < p; i++) {
/* 3: B_i <-- MF(B_i, N) */
smix(&B[(size_t)128 * i * r], r, (uint32_t) N, V, XY);
}
/* 2: for i = 0 to p - 1 do */
for (i = 0; i < p; i++) {
/* 3: B_i <-- MF(B_i, N) */
smix(&B[(size_t)128 * i * r], r, (uint32_t) N, V, XY);
}
/* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
PBKDF2_SHA256(passwd, passwdlen, B, B_size, 1, buf, buflen);
/* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
PBKDF2_SHA256(passwd, passwdlen, B, B_size, 1, buf, buflen);
/* Success! */
return 0;
/* Success! */
return 0;
}
#endif

4
src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h
View File

@ -15,9 +15,9 @@ extern "C" {
#include "crypto_uint64.h"
#include "fe51_namespace.h"
typedef struct
typedef struct
{
crypto_uint64 v[5];
crypto_uint64 v[5];
}
fe51;

66
src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c
View File

@ -11,47 +11,47 @@
void fe51_invert(fe51 *r, const fe51 *x)
{
fe51 z2;
fe51 z9;
fe51 z11;
fe51 z2_5_0;
fe51 z2_10_0;
fe51 z2_20_0;
fe51 z2_50_0;
fe51 z2_100_0;
fe51 t;
/* 2 */ fe51_square(&z2,x);
/* 4 */ fe51_square(&t,&z2);
/* 8 */ fe51_square(&t,&t);
/* 9 */ fe51_mul(&z9,&t,x);
/* 11 */ fe51_mul(&z11,&z9,&z2);
/* 22 */ fe51_square(&t,&z11);
/* 2^5 - 2^0 = 31 */ fe51_mul(&z2_5_0,&t,&z9);
fe51 z2;
fe51 z9;
fe51 z11;
fe51 z2_5_0;
fe51 z2_10_0;
fe51 z2_20_0;
fe51 z2_50_0;
fe51 z2_100_0;
fe51 t;
/* 2^10 - 2^5 */ fe51_nsquare(&t,&z2_5_0, 5);
/* 2^10 - 2^0 */ fe51_mul(&z2_10_0,&t,&z2_5_0);
/* 2 */ fe51_square(&z2,x);
/* 4 */ fe51_square(&t,&z2);
/* 8 */ fe51_square(&t,&t);
/* 9 */ fe51_mul(&z9,&t,x);
/* 11 */ fe51_mul(&z11,&z9,&z2);
/* 22 */ fe51_square(&t,&z11);
/* 2^5 - 2^0 = 31 */ fe51_mul(&z2_5_0,&t,&z9);
/* 2^20 - 2^10 */ fe51_nsquare(&t,&z2_10_0, 10);
/* 2^20 - 2^0 */ fe51_mul(&z2_20_0,&t,&z2_10_0);
/* 2^10 - 2^5 */ fe51_nsquare(&t,&z2_5_0, 5);
/* 2^10 - 2^0 */ fe51_mul(&z2_10_0,&t,&z2_5_0);
/* 2^40 - 2^20 */ fe51_nsquare(&t,&z2_20_0, 20);
/* 2^40 - 2^0 */ fe51_mul(&t,&t,&z2_20_0);
/* 2^20 - 2^10 */ fe51_nsquare(&t,&z2_10_0, 10);
/* 2^20 - 2^0 */ fe51_mul(&z2_20_0,&t,&z2_10_0);
/* 2^50 - 2^10 */ fe51_nsquare(&t,&t,10);
/* 2^50 - 2^0 */ fe51_mul(&z2_50_0,&t,&z2_10_0);
/* 2^40 - 2^20 */ fe51_nsquare(&t,&z2_20_0, 20);
/* 2^40 - 2^0 */ fe51_mul(&t,&t,&z2_20_0);
/* 2^100 - 2^50 */ fe51_nsquare(&t,&z2_50_0, 50);
/* 2^100 - 2^0 */ fe51_mul(&z2_100_0,&t,&z2_50_0);
/* 2^50 - 2^10 */ fe51_nsquare(&t,&t,10);
/* 2^50 - 2^0 */ fe51_mul(&z2_50_0,&t,&z2_10_0);
/* 2^200 - 2^100 */ fe51_nsquare(&t,&z2_100_0, 100);
/* 2^200 - 2^0 */ fe51_mul(&t,&t,&z2_100_0);
/* 2^100 - 2^50 */ fe51_nsquare(&t,&z2_50_0, 50);
/* 2^100 - 2^0 */ fe51_mul(&z2_100_0,&t,&z2_50_0);
/* 2^250 - 2^50 */ fe51_nsquare(&t,&t, 50);
/* 2^250 - 2^0 */ fe51_mul(&t,&t,&z2_50_0);
/* 2^200 - 2^100 */ fe51_nsquare(&t,&z2_100_0, 100);
/* 2^200 - 2^0 */ fe51_mul(&t,&t,&z2_100_0);
/* 2^255 - 2^5 */ fe51_nsquare(&t,&t,5);
/* 2^255 - 21 */ fe51_mul(r,&t,&z11);
/* 2^250 - 2^50 */ fe51_nsquare(&t,&t, 50);
/* 2^250 - 2^0 */ fe51_mul(&t,&t,&z2_50_0);
/* 2^255 - 2^5 */ fe51_nsquare(&t,&t,5);
/* 2^255 - 21 */ fe51_mul(r,&t,&z11);
}
#endif

6
test/default/box.c
View File

@ -55,12 +55,12 @@ int main(void)
printf("\n");
}
printf("\n");
ret = crypto_box(c, m, 163, nonce, small_order_p, alicesk);
assert(ret == -1);
memset(c, 0, sizeof c);
ret = crypto_box_beforenm(k, bobpk, alicesk);
assert(ret == 0);
crypto_box_afternm(c, m, 163, nonce, k);
@ -70,7 +70,7 @@ int main(void)
printf("\n");
}
printf("\n");
ret = crypto_box_beforenm(k, small_order_p, alicesk);
assert(ret == -1);