Commit 2d740faf authored by Andrew M's avatar Andrew M

use ALIGN(x) instead of MM16 for variable alignment

parent d3c8d1c4
......@@ -11,7 +11,7 @@
*/
static void
curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) {
MM16 bignum25519 t0,c;
bignum25519 ALIGN(16) t0,c;
/* 2^5 - 2^0 */ /* b */
/* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5);
......@@ -35,7 +35,7 @@ curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) {
*/
static void
curve25519_recip(bignum25519 out, const bignum25519 z) {
MM16 bignum25519 a,t0,b;
bignum25519 ALIGN(16) a,t0,b;
/* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */
/* 8 */ curve25519_square_times(t0, a, 2);
......@@ -53,7 +53,7 @@ curve25519_recip(bignum25519 out, const bignum25519 z) {
*/
static void
curve25519_pow_two252m3(bignum25519 two252m3, const bignum25519 z) {
MM16 bignum25519 b,c,t0;
bignum25519 ALIGN(16) b,c,t0;
/* 2 */ curve25519_square_times(c, z, 1); /* c = 2 */
/* 8 */ curve25519_square_times(t0, c, 2); /* t0 = 8 */
......
......@@ -28,43 +28,43 @@ typedef uint32_t bignum25519[12];
typedef packedelem32 packed32bignum25519[5];
typedef packedelem64 packed64bignum25519[10];
static const packedelem32 MM16 bot32bitmask = {{0xffffffff, 0x00000000, 0xffffffff, 0x00000000}};
static const packedelem32 MM16 top32bitmask = {{0x00000000, 0xffffffff, 0x00000000, 0xffffffff}};
static const packedelem32 MM16 top64bitmask = {{0x00000000, 0x00000000, 0xffffffff, 0xffffffff}};
static const packedelem32 MM16 bot64bitmask = {{0xffffffff, 0xffffffff, 0x00000000, 0x00000000}};
static const packedelem32 bot32bitmask = {{0xffffffff, 0x00000000, 0xffffffff, 0x00000000}};
static const packedelem32 top32bitmask = {{0x00000000, 0xffffffff, 0x00000000, 0xffffffff}};
static const packedelem32 top64bitmask = {{0x00000000, 0x00000000, 0xffffffff, 0xffffffff}};
static const packedelem32 bot64bitmask = {{0xffffffff, 0xffffffff, 0x00000000, 0x00000000}};
/* reduction masks */
static const packedelem64 MM16 packedmask26 = {{0x03ffffff, 0x03ffffff}};
static const packedelem64 MM16 packedmask25 = {{0x01ffffff, 0x01ffffff}};
static const packedelem32 MM16 packedmask2625 = {{0x3ffffff,0,0x1ffffff,0}};
static const packedelem32 MM16 packedmask26262626 = {{0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff}};
static const packedelem32 MM16 packedmask25252525 = {{0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff}};
static const packedelem64 packedmask26 = {{0x03ffffff, 0x03ffffff}};
static const packedelem64 packedmask25 = {{0x01ffffff, 0x01ffffff}};
static const packedelem32 packedmask2625 = {{0x3ffffff,0,0x1ffffff,0}};
static const packedelem32 packedmask26262626 = {{0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff}};
static const packedelem32 packedmask25252525 = {{0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff}};
/* multipliers */
static const packedelem64 MM16 packednineteen = {{19, 19}};
static const packedelem64 MM16 packednineteenone = {{19, 1}};
static const packedelem64 MM16 packedthirtyeight = {{38, 38}};
static const packedelem64 MM16 packed3819 = {{19*2,19}};
static const packedelem64 MM16 packed9638 = {{19*4,19*2}};
static const packedelem64 packednineteen = {{19, 19}};
static const packedelem64 packednineteenone = {{19, 1}};
static const packedelem64 packedthirtyeight = {{38, 38}};
static const packedelem64 packed3819 = {{19*2,19}};
static const packedelem64 packed9638 = {{19*4,19*2}};
/* 121666,121665 */
static const packedelem64 packed121666121665 = {{121666, 121665}};
/* 2*(2^255 - 19) = 0 mod p */
static const packedelem32 MM16 packed2p0 = {{0x7ffffda,0x3fffffe,0x7fffffe,0x3fffffe}};
static const packedelem32 MM16 packed2p1 = {{0x7fffffe,0x3fffffe,0x7fffffe,0x3fffffe}};
static const packedelem32 MM16 packed2p2 = {{0x7fffffe,0x3fffffe,0x0000000,0x0000000}};
static const packedelem32 packed2p0 = {{0x7ffffda,0x3fffffe,0x7fffffe,0x3fffffe}};
static const packedelem32 packed2p1 = {{0x7fffffe,0x3fffffe,0x7fffffe,0x3fffffe}};
static const packedelem32 packed2p2 = {{0x7fffffe,0x3fffffe,0x0000000,0x0000000}};
static const packedelem32 MM16 packed32packed2p0 = {{0x7ffffda,0x7ffffda,0x3fffffe,0x3fffffe}};
static const packedelem32 MM16 packed32packed2p1 = {{0x7fffffe,0x7fffffe,0x3fffffe,0x3fffffe}};
static const packedelem32 packed32packed2p0 = {{0x7ffffda,0x7ffffda,0x3fffffe,0x3fffffe}};
static const packedelem32 packed32packed2p1 = {{0x7fffffe,0x7fffffe,0x3fffffe,0x3fffffe}};
/* 4*(2^255 - 19) = 0 mod p */
static const packedelem32 MM16 packed4p0 = {{0xfffffb4,0x7fffffc,0xffffffc,0x7fffffc}};
static const packedelem32 MM16 packed4p1 = {{0xffffffc,0x7fffffc,0xffffffc,0x7fffffc}};
static const packedelem32 MM16 packed4p2 = {{0xffffffc,0x7fffffc,0x0000000,0x0000000}};
static const packedelem32 packed4p0 = {{0xfffffb4,0x7fffffc,0xffffffc,0x7fffffc}};
static const packedelem32 packed4p1 = {{0xffffffc,0x7fffffc,0xffffffc,0x7fffffc}};
static const packedelem32 packed4p2 = {{0xffffffc,0x7fffffc,0x0000000,0x0000000}};
static const packedelem32 MM16 packed32packed4p0 = {{0xfffffb4,0xfffffb4,0x7fffffc,0x7fffffc}};
static const packedelem32 MM16 packed32packed4p1 = {{0xffffffc,0xffffffc,0x7fffffc,0x7fffffc}};
static const packedelem32 packed32packed4p0 = {{0xfffffb4,0xfffffb4,0x7fffffc,0x7fffffc}};
static const packedelem32 packed32packed4p1 = {{0xffffffc,0xffffffc,0x7fffffc,0x7fffffc}};
/* out = in */
DONNA_INLINE static void
......@@ -952,7 +952,7 @@ curve25519_expand(bignum25519 out, const unsigned char in[32]) {
*/
static void
curve25519_contract(unsigned char out[32], const bignum25519 in) {
MM16 bignum25519 f;
bignum25519 ALIGN(16) f;
curve25519_copy(f, in);
#define carry_pass() \
......
static const ge25519 MM16 ge25519_basepoint = {
static const ge25519 ALIGN(16) ge25519_basepoint = {
{0x0325d51a,0x018b5823,0x00f6592a,0x0104a92d,0x01a4b31d,0x01d6dc5c,0x027118fe,0x007fd814,0x013cd6e5,0x0085a4db},
{0x02666658,0x01999999,0x00cccccc,0x01333333,0x01999999,0x00666666,0x03333333,0x00cccccc,0x02666666,0x01999999},
{0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000},
......@@ -9,11 +9,11 @@ static const ge25519 MM16 ge25519_basepoint = {
d
*/
static const bignum25519 MM16 ge25519_ecd = {
static const bignum25519 ALIGN(16) ge25519_ecd = {
0x035978a3,0x00d37284,0x03156ebd,0x006a0a0e,0x0001c029,0x0179e898,0x03a03cbb,0x01ce7198,0x02e2b6ff,0x01480db3
};
static const bignum25519 MM16 ge25519_ec2d = {
static const bignum25519 ALIGN(16) ge25519_ec2d = {
0x02b2f159,0x01a6e509,0x022add7a,0x00d4141d,0x00038052,0x00f3d130,0x03407977,0x019ce331,0x01c56dff,0x00901b67
};
......@@ -21,11 +21,11 @@ static const bignum25519 MM16 ge25519_ec2d = {
sqrt(-1)
*/
static const bignum25519 MM16 ge25519_sqrtneg1 = {
static const bignum25519 ALIGN(16) ge25519_sqrtneg1 = {
0x020ea0b0,0x0186c9d2,0x008f189d,0x0035697f,0x00bd0c60,0x01fbd7a7,0x02804c9e,0x01e16569,0x0004fc1d,0x00ae0c92
};
static const ge25519_niels MM16 ge25519_niels_sliding_multiples[32] = {
static const ge25519_niels ALIGN(16) ge25519_niels_sliding_multiples[32] = {
{{0x0340913e,0x000e4175,0x03d673a2,0x002e8a05,0x03f4e67c,0x008f8a09,0x00c21a34,0x004cf4b8,0x01298f81,0x0113f4be},{0x018c3b85,0x0124f1bd,0x01c325f7,0x0037dc60,0x033e4cb7,0x003d42c2,0x01a44c32,0x014ca4e1,0x03a33d4b,0x001f3e74},{0x037aaa68,0x00448161,0x0093d579,0x011e6556,0x009b67a0,0x0143598c,0x01bee5ee,0x00b50b43,0x0289f0c6,0x01bc45ed}},
{{0x00fcd265,0x0047fa29,0x034faacc,0x01ef2e0d,0x00ef4d4f,0x014bd6bd,0x00f98d10,0x014c5026,0x007555bd,0x00aae456},{0x00ee9730,0x016c2a13,0x017155e4,0x01874432,0x00096a10,0x01016732,0x01a8014f,0x011e9823,0x01b9a80f,0x01e85938},{0x01d0d889,0x01a4cfc3,0x034c4295,0x0110e1ae,0x0162508c,0x00f2db4c,0x0072a2c6,0x0098da2e,0x02f12b9b,0x0168a09a}},
{{0x0047d6ba,0x0060b0e9,0x0136eff2,0x008a5939,0x03540053,0x0064a087,0x02788e5c,0x00be7c67,0x033eb1b5,0x005529f9},{0x00a5bb33,0x00af1102,0x01a05442,0x001e3af7,0x02354123,0x00bfec44,0x01f5862d,0x00dd7ba3,0x03146e20,0x00a51733},{0x012a8285,0x00f6fc60,0x023f9797,0x003e85ee,0x009c3820,0x01bda72d,0x01b3858d,0x00d35683,0x0296b3bb,0x010eaaf9}},
......
......@@ -17,7 +17,7 @@ static const bignum25519 ge25519_sqrtneg1 = {
0x00061b274a0ea0b0,0x0000d5a5fc8f189d,0x0007ef5e9cbd0c60,0x00078595a6804c9e,0x0002b8324804fc1d
};
static const MM16 ge25519_niels ge25519_niels_sliding_multiples[32] = {
static const ge25519_niels ge25519_niels_sliding_multiples[32] = {
{{0x00003905d740913e,0x0000ba2817d673a2,0x00023e2827f4e67c,0x000133d2e0c21a34,0x00044fd2f9298f81},{0x000493c6f58c3b85,0x0000df7181c325f7,0x0000f50b0b3e4cb7,0x0005329385a44c32,0x00007cf9d3a33d4b},{0x00011205877aaa68,0x000479955893d579,0x00050d66309b67a0,0x0002d42d0dbee5ee,0x0006f117b689f0c6}},
{{0x00011fe8a4fcd265,0x0007bcb8374faacc,0x00052f5af4ef4d4f,0x0005314098f98d10,0x0002ab91587555bd},{0x0005b0a84cee9730,0x00061d10c97155e4,0x0004059cc8096a10,0x00047a608da8014f,0x0007a164e1b9a80f},{0x0006933f0dd0d889,0x00044386bb4c4295,0x0003cb6d3162508c,0x00026368b872a2c6,0x0005a2826af12b9b}},
{{0x000182c3a447d6ba,0x00022964e536eff2,0x000192821f540053,0x0002f9f19e788e5c,0x000154a7e73eb1b5},{0x0002bc4408a5bb33,0x000078ebdda05442,0x0002ffb112354123,0x000375ee8df5862d,0x0002945ccf146e20},{0x0003dbf1812a8285,0x0000fa17ba3f9797,0x0006f69cb49c3820,0x00034d5a0db3858d,0x00043aabe696b3bb}},
......
/* multiples of the base point in packed {ysubx, xaddy, t2d} form */
static const uint8_t MM16 ge25519_niels_base_multiples[256][96] = {
static const uint8_t ALIGN(16) ge25519_niels_base_multiples[256][96] = {
{0x3e,0x91,0x40,0xd7,0x05,0x39,0x10,0x9d,0xb3,0xbe,0x40,0xd1,0x05,0x9f,0x39,0xfd,0x09,0x8a,0x8f,0x68,0x34,0x84,0xc1,0xa5,0x67,0x12,0xf8,0x98,0x92,0x2f,0xfd,0x44,0x85,0x3b,0x8c,0xf5,0xc6,0x93,0xbc,0x2f,0x19,0x0e,0x8c,0xfb,0xc6,0x2d,0x93,0xcf,0xc2,0x42,0x3d,0x64,0x98,0x48,0x0b,0x27,0x65,0xba,0xd4,0x33,0x3a,0x9d,0xcf,0x07,0x59,0xbb,0x6f,0x4b,0x67,0x15,0xbd,0xdb,0xea,0xa5,0xa2,0xee,0x00,0x3f,0xe1,0x41,0xfa,0xc6,0x57,0xc9,0x1c,0x9d,0xd4,0xcd,0xca,0xec,0x16,0xaf,0x1f,0xbe,0x0e,0x4f},
{0xa8,0xd5,0xb4,0x42,0x60,0xa5,0x99,0x8a,0xf6,0xac,0x60,0x4e,0x0c,0x81,0x2b,0x8f,0xaa,0x37,0x6e,0xb1,0x6b,0x23,0x9e,0xe0,0x55,0x25,0xc9,0x69,0xa6,0x95,0xb5,0x6b,0xd7,0x71,0x3c,0x93,0xfc,0xe7,0x24,0x92,0xb5,0xf5,0x0f,0x7a,0x96,0x9d,0x46,0x9f,0x02,0x07,0xd6,0xe1,0x65,0x9a,0xa6,0x5a,0x2e,0x2e,0x7d,0xa8,0x3f,0x06,0x0c,0x59,0x02,0x68,0xd3,0xda,0xaa,0x7e,0x34,0x6e,0x05,0x48,0xee,0x83,0x93,0x59,0xf3,0xba,0x26,0x68,0x07,0xe6,0x10,0xbe,0xca,0x3b,0xb8,0xd1,0x5e,0x16,0x0a,0x4f,0x31,0x49},
{0x65,0xd2,0xfc,0xa4,0xe8,0x1f,0x61,0x56,0x7d,0xba,0xc1,0xe5,0xfd,0x53,0xd3,0x3b,0xbd,0xd6,0x4b,0x21,0x1a,0xf3,0x31,0x81,0x62,0xda,0x5b,0x55,0x87,0x15,0xb9,0x2a,0x30,0x97,0xee,0x4c,0xa8,0xb0,0x25,0xaf,0x8a,0x4b,0x86,0xe8,0x30,0x84,0x5a,0x02,0x32,0x67,0x01,0x9f,0x02,0x50,0x1b,0xc1,0xf4,0xf8,0x80,0x9a,0x1b,0x4e,0x16,0x7a,0x34,0x48,0x67,0xf1,0xf4,0x11,0xf2,0x9b,0x95,0xf8,0x2d,0xf6,0x17,0x6b,0x4e,0xb8,0x4e,0x2a,0x72,0x5b,0x07,0x6f,0xde,0xd7,0x21,0x2a,0xbb,0x63,0xb9,0x04,0x9a,0x54},
......
......@@ -203,8 +203,8 @@ ge25519_is_neutral_vartime(const ge25519 *p) {
int
ED25519_FN(ed25519_sign_open_batch) (const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid) {
batch_heap MM16 batch;
ge25519 MM16 p;
batch_heap ALIGN(16) batch;
ge25519 ALIGN(16) p;
bignum256modm *r_scalars;
size_t i, batchsize;
unsigned char hram[64];
......
......@@ -31,7 +31,7 @@ ge25519_full_to_pniels(ge25519_pniels *p, const ge25519 *r) {
static void
ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519 *q) {
bignum25519 MM16 a,b,c,d,t,u;
bignum25519 a,b,c,d,t,u;
curve25519_sub(a, p->y, p->x);
curve25519_add(b, p->y, p->x);
......@@ -52,7 +52,7 @@ ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519 *q) {
static void
ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) {
bignum25519 MM16 a,b,c;
bignum25519 a,b,c;
curve25519_square(a, p->x);
curve25519_square(b, p->y);
......@@ -70,7 +70,7 @@ static void
ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, unsigned char signbit) {
const bignum25519 *qb = (const bignum25519 *)q;
bignum25519 *rb = (bignum25519 *)r;
bignum25519 MM16 a,b,c;
bignum25519 a,b,c;
curve25519_sub(a, p->y, p->x);
curve25519_add(b, p->y, p->x);
......@@ -89,7 +89,7 @@ static void
ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, unsigned char signbit) {
const bignum25519 *qb = (const bignum25519 *)q;
bignum25519 *rb = (bignum25519 *)r;
bignum25519 MM16 a,b,c;
bignum25519 a,b,c;
curve25519_sub(a, p->y, p->x);
curve25519_add(b, p->y, p->x);
......@@ -107,28 +107,28 @@ ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *
static void
ge25519_double_partial(ge25519 *r, const ge25519 *p) {
ge25519_p1p1 MM16 t;
ge25519_p1p1 t;
ge25519_double_p1p1(&t, p);
ge25519_p1p1_to_partial(r, &t);
}
static void
ge25519_double(ge25519 *r, const ge25519 *p) {
ge25519_p1p1 MM16 t;
ge25519_p1p1 t;
ge25519_double_p1p1(&t, p);
ge25519_p1p1_to_full(r, &t);
}
static void
ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q) {
ge25519_p1p1 MM16 t;
ge25519_p1p1 t;
ge25519_add_p1p1(&t, p, q);
ge25519_p1p1_to_full(r, &t);
}
static void
ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
bignum25519 MM16 a,b,c,e,f,g,h;
bignum25519 a,b,c,e,f,g,h;
curve25519_sub(a, r->y, r->x);
curve25519_add(b, r->y, r->x);
......@@ -148,7 +148,7 @@ ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
static void
ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) {
bignum25519 MM16 a,b,c,x,y,z,t;
bignum25519 a,b,c,x,y,z,t;
curve25519_sub(a, p->y, p->x);
curve25519_add(b, p->y, p->x);
......@@ -178,7 +178,7 @@ ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q)
static void
ge25519_pack(unsigned char r[32], const ge25519 *p) {
bignum25519 MM16 tx, ty, zi;
bignum25519 tx, ty, zi;
unsigned char parity[32];
curve25519_recip(zi, p->z);
curve25519_mul(tx, p->x, zi);
......@@ -191,10 +191,10 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) {
static int
ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
static const unsigned char zero[32] = {0};
static const bignum25519 MM16 one = {1};
static const bignum25519 one = {1};
unsigned char parity = p[31] >> 7;
unsigned char check[32];
bignum25519 MM16 t, root, num, den, d3;
bignum25519 t, root, num, den, d3;
curve25519_expand(r->y, p);
curve25519_copy(r->z, one);
......@@ -252,9 +252,9 @@ ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
static void
ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
signed char slide1[256], slide2[256];
ge25519_pniels MM16 pre1[S1_TABLE_SIZE];
ge25519 MM16 d1;
ge25519_p1p1 MM16 t;
ge25519_pniels pre1[S1_TABLE_SIZE];
ge25519 d1;
ge25519_p1p1 t;
int32_t i;
contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
......@@ -335,7 +335,7 @@ static void
ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96], const bignum256modm s) {
signed char b[64];
uint32_t i;
ge25519_niels MM16 t;
ge25519_niels t;
contract256_window4_modm(b, s);
......
......@@ -4,7 +4,7 @@
static void
ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) {
packed64bignum25519 MM16 xz, tt, xzout;
packed64bignum25519 ALIGN(16) xz, tt, xzout;
curve25519_mul(r->y, p->y, p->z);
curve25519_tangle64(xz, p->x, p->z);
curve25519_tangleone64(tt, p->t);
......@@ -14,7 +14,7 @@ ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) {
static void
ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) {
packed64bignum25519 MM16 zy, xt, xx, zz, ty;
packed64bignum25519 ALIGN(16) zy, xt, xx, zz, ty;
curve25519_tangle64(ty, p->t, p->y);
curve25519_tangleone64(xx, p->x);
curve25519_mul_packed64(xt, xx, ty);
......@@ -38,9 +38,9 @@ ge25519_full_to_pniels(ge25519_pniels *p, const ge25519 *r) {
static void
ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519 *q) {
bignum25519 MM16 a,b,c,d;
packed32bignum25519 MM16 xx, yy, yypxx, yymxx, bd, ac, bdmac, bdpac;
packed64bignum25519 MM16 at, bu, atbu, ptz, qtz, cd;
bignum25519 ALIGN(16) a,b,c,d;
packed32bignum25519 ALIGN(16) xx, yy, yypxx, yymxx, bd, ac, bdmac, bdpac;
packed64bignum25519 ALIGN(16) at, bu, atbu, ptz, qtz, cd;
curve25519_tangle32(yy, p->y, q->y);
curve25519_tangle32(xx, p->x, q->x);
......@@ -67,9 +67,9 @@ ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519 *q) {
static void
ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) {
bignum25519 MM16 a,b,c,x;
packed64bignum25519 MM16 xy, zx, ab, cx;
packed32bignum25519 MM16 xc, yz, xt, yc, ac, bc;
bignum25519 ALIGN(16) a,b,c,x;
packed64bignum25519 ALIGN(16) xy, zx, ab, cx;
packed32bignum25519 ALIGN(16) xc, yz, xt, yc, ac, bc;
curve25519_add(x, p->x, p->y);
curve25519_tangle64(xy, p->x, p->y);
......@@ -93,9 +93,9 @@ static void
ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, unsigned char signbit) {
const bignum25519 *qb = (const bignum25519 *)q;
bignum25519 *rb = (bignum25519 *)r;
bignum25519 MM16 a,b,c;
packed64bignum25519 MM16 ab, yx, aybx;
packed32bignum25519 MM16 bd, ac, bdac;
bignum25519 ALIGN(16) a,b,c;
packed64bignum25519 ALIGN(16) ab, yx, aybx;
packed32bignum25519 ALIGN(16) bd, ac, bdac;
curve25519_sub(a, p->y, p->x);
curve25519_add(b, p->y, p->x);
......@@ -118,9 +118,9 @@ static void
ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, unsigned char signbit) {
const bignum25519 *qb = (const bignum25519 *)q;
bignum25519 *rb = (bignum25519 *)r;
bignum25519 MM16 a,b,c;
packed64bignum25519 MM16 ab, yx, aybx, zt, zt2d, tc;
packed32bignum25519 MM16 bd, ac, bdac;
bignum25519 ALIGN(16) a,b,c;
packed64bignum25519 ALIGN(16) ab, yx, aybx, zt, zt2d, tc;
packed32bignum25519 ALIGN(16) bd, ac, bdac;
curve25519_sub(a, p->y, p->x);
curve25519_add(b, p->y, p->x);
......@@ -144,30 +144,30 @@ ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *
static void
ge25519_double(ge25519 *r, const ge25519 *p) {
ge25519_p1p1 MM16 t;
ge25519_p1p1 ALIGN(16) t;
ge25519_double_p1p1(&t, p);
ge25519_p1p1_to_full(r, &t);
}
static void
ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q) {
ge25519_p1p1 MM16 t;
ge25519_p1p1 ALIGN(16) t;
ge25519_add_p1p1(&t, p, q);
ge25519_p1p1_to_full(r, &t);
}
static void
ge25519_double_partial(ge25519 *r, const ge25519 *p) {
ge25519_p1p1 MM16 t;
ge25519_p1p1 ALIGN(16) t;
ge25519_double_p1p1(&t, p);
ge25519_p1p1_to_partial(r, &t);
}
static void
ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
packed64bignum25519 MM16 ab, yx, aybx, eg, ff, hh, xz, ty;
packed32bignum25519 MM16 bd, ac, bdac;
bignum25519 MM16 a,b,c,d,e,f,g,h;
packed64bignum25519 ALIGN(16) ab, yx, aybx, eg, ff, hh, xz, ty;
packed32bignum25519 ALIGN(16) bd, ac, bdac;
bignum25519 ALIGN(16) a,b,c,d,e,f,g,h;
curve25519_sub(a, r->y, r->x);
curve25519_add(b, r->y, r->x);
......@@ -194,8 +194,8 @@ ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
static void
ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) {
ge25519_p1p1 MM16 t;
ge25519 MM16 f;
ge25519_p1p1 ALIGN(16) t;
ge25519 ALIGN(16) f;
ge25519_pnielsadd_p1p1(&t, p, q, 0);
ge25519_p1p1_to_full(&f, &t);
ge25519_full_to_pniels(r, &f);
......@@ -207,7 +207,7 @@ ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q)
static void
ge25519_pack(unsigned char r[32], const ge25519 *p) {
bignum25519 MM16 tx, ty, zi;
bignum25519 ALIGN(16) tx, ty, zi;
unsigned char parity[32];
curve25519_recip(zi, p->z);
curve25519_mul(tx, p->x, zi);
......@@ -220,11 +220,11 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) {
static int
ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
static const bignum25519 MM16 one = {1};
static const bignum25519 ALIGN(16) one = {1};
static const unsigned char zero[32] = {0};
unsigned char parity = p[31] >> 7;
unsigned char check[32];
bignum25519 MM16 t, root, num, den, d3;
bignum25519 ALIGN(16) t, root, num, den, d3;
curve25519_expand(r->y, p);
curve25519_copy(r->z, one);
......@@ -283,9 +283,9 @@ ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
static void
ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
signed char slide1[256], slide2[256];
ge25519_pniels MM16 pre1[S1_TABLE_SIZE];
ge25519 MM16 d1;
ge25519_p1p1 MM16 t;
ge25519_pniels ALIGN(16) pre1[S1_TABLE_SIZE];
ge25519 ALIGN(16) d1;
ge25519_p1p1 ALIGN(16) t;
int32_t i;
contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
......@@ -331,14 +331,14 @@ ge25519_windowb_equal(uint32_t b, uint32_t c) {
static void
ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
bignum25519 MM16 neg;
bignum25519 ALIGN(16) neg;
uint32_t sign = (uint32_t)((unsigned char)b >> 7);
uint32_t mask = ~(sign - 1);
uint32_t u = (b + mask) ^ mask;
uint32_t i;
/* ysubx, xaddy, t2d in packed form. initialize to ysubx = 1, xaddy = 1, t2d = 0 */
uint8_t MM16 packed[96] = {0};
uint8_t ALIGN(16) packed[96] = {0};
packed[0] = 1;
packed[32] = 1;
......@@ -362,7 +362,7 @@ static void
ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bignum256modm s) {
signed char b[64];
uint32_t i;
ge25519_niels MM16 t;
ge25519_niels ALIGN(16) t;
contract256_window4_modm(b, s);
......
......@@ -11,14 +11,14 @@
#endif
#define DONNA_INLINE __forceinline
#define DONNA_NOINLINE __declspec(noinline)
#define MM16 __declspec(align(16))
#define ALIGN(x) __declspec(align(x))
#define ROTL32(a,b) _rotl(a,b)
#define ROTR32(a,b) _rotr(a,b)
#else
#include <sys/param.h>
#define DONNA_INLINE inline __attribute__((always_inline))
#define DONNA_NOINLINE __attribute__((noinline))
#define MM16 __attribute__((aligned(16)))
#define ALIGN(x) __attribute__((aligned(x)))
#define ROTL32(a,b) (((a) << (b)) | ((a) >> (32 - b)))
#define ROTR32(a,b) (((a) >> (b)) | ((a) << (32 - b)))
#endif
......
......@@ -44,7 +44,7 @@ ed25519_hram(hash_512bits hram, const ed25519_signature RS, const ed25519_public
void
ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
bignum256modm a;
ge25519 MM16 A;
ge25519 ALIGN(16) A;
hash_512bits extsk;
/* A = aB */
......@@ -59,7 +59,7 @@ void
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS) {
ed25519_hash_context ctx;
bignum256modm r, S, a;
ge25519 MM16 R;
ge25519 ALIGN(16) R;
hash_512bits extsk, hashr, hram;
ed25519_extsk(extsk, sk);
......@@ -92,7 +92,7 @@ ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_sec
int
ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
ge25519 MM16 R, A;
ge25519 ALIGN(16) R, A;
hash_512bits hash;
bignum256modm hram, S;
unsigned char checkR[32];
......@@ -125,8 +125,8 @@ void
ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25519_key e) {
curved25519_key ec;
bignum256modm s;
bignum25519 MM16 yplusz, zminusy;
ge25519 MM16 p;
bignum25519 ALIGN(16) yplusz, zminusy;
ge25519 ALIGN(16) p;
size_t i;
/* clamp */
......
......@@ -28,7 +28,7 @@ test_adds() {
};
#else
/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
static const bignum25519 MM16 max_bignum = {
static const bignum25519 ALIGN(16) max_bignum = {
0x3ffffff,0x2000300,0x3ffffff,0x1ffffff,0x3ffffff,
0x1ffffff,0x3ffffff,0x1ffffff,0x3ffffff,0x1ffffff
};
......@@ -46,8 +46,8 @@ test_adds() {
};
#endif
unsigned char result[32];
static const bignum25519 MM16 zero = {0};
bignum25519 MM16 a, b, c;
static const bignum25519 ALIGN(16) zero = {0};
bignum25519 ALIGN(16) a, b, c;
size_t i;
/* a = (max_bignum + max_bignum) */
......@@ -100,7 +100,7 @@ test_subs() {
};
#else
/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
static const bignum25519 MM16 max_bignum = {
static const bignum25519 ALIGN(16) max_bignum = {
0x3ffffff,0x2000300,0x3ffffff,0x1ffffff,0x3ffffff,
0x1ffffff,0x3ffffff,0x1ffffff,0x3ffffff,0x1ffffff
};
......@@ -118,8 +118,8 @@ test_subs() {
};
#endif
unsigned char result[32];
static const bignum25519 MM16 zero = {0};
bignum25519 MM16 a, b, c;
static const bignum25519 ALIGN(16) zero = {0};
bignum25519 ALIGN(16) a, b, c;
size_t i;
/* a = max_bignum - 0, which expands to 2p + max_bignum - 0 */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment