New version with sc25519 inversion

configure.ac

 ## ExampleLib Example: an example of using Automake to link with a library
 
-AC_INIT([ED25519], [3:9], [bernd@net2o.de], [ed25519-donna],
+AC_INIT([ED25519], [3:10], [bernd@net2o.de], [ed25519-donna],
         [http://keccak.noekeon.org/])
 AC_PREREQ([2.59])
 AM_INIT_AUTOMAKE([1.10 -Wall no-define])

debian/changelog

-ed25519-prim (3.9) stable; urgency=low
+ed25519-prim (3.10) stable; urgency=low
 
   * Initial Release
 

debian/control

@@ -5,7 +5,7 @@ Maintainer: Bernd Paysan <bernd@net2o.de>
 Build-Depends: debhelper, build-essential, gcc, autoconf, automake, libtool, libtool-bin, libc
 
 Package: ed25519-prim
-Version: 3.9
+Version: 3.10
 Architecture: any
 Depends:  ${shlibs:Depends}
 Multi-Arch: same

ed25519-donna.h

@@ -57,6 +57,7 @@
 #else
 	#include "modm-donna-32bit.h"
 #endif
+#include "modm-invert.h"
 
 typedef unsigned char hash_512bits[64];
 

ed25519-prims.h

@@ -38,6 +38,7 @@ void contract256_modm(unsigned char out[32], const bignum256modm in);
 void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y);
 void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y);
 void sub256_modm_batch(bignum256modm out, const bignum256modm a, const bignum256modm b, size_t limbsize);
+void invert256_modm(bignum256modm recip, const bignum256modm s);
 int lt256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize);
 int lte256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize);
 int iszero256_modm_batch(const bignum256modm a);

modm-invert.h

+/*
+	derived from libsodium, ISC license
+*/
+
+STATIC inline void
+sq256_modm(bignum256modm s, const bignum256modm a)
+{
+    mul256_modm(s, a, a);
+}
+
+STATIC inline void
+sqmul256_modm(bignum256modm s, const int n, const bignum256modm a)
+{
+    int i;
+
+    for (i = 0; i < n; i++) {
+        sq256_modm(s, s);
+    }
+    mul256_modm(s, s, a);
+}
+
+STATIC void
+invert256_modm(bignum256modm recip, const bignum256modm s)
+{
+    bignum256modm _10, _100, _11, _101, _111, _1001, _1011, _1111;
+
+    sq256_modm(_10, s);
+    sq256_modm(_100, _10);
+    mul256_modm(_11, _10, s);
+    mul256_modm(_101, _10, _11);
+    mul256_modm(_111, _10, _101);
+    mul256_modm(_1001, _10, _111);
+    mul256_modm(_1011, _10, _1001);
+    mul256_modm(_1111, _100, _1011);
+    mul256_modm(recip, _1111, s);
+
+    sqmul256_modm(recip, 123 + 3, _101);
+    sqmul256_modm(recip, 2 + 2, _11);
+    sqmul256_modm(recip, 1 + 4, _1111);
+    sqmul256_modm(recip, 1 + 4, _1111);
+    sqmul256_modm(recip, 4, _1001);
+    sqmul256_modm(recip, 2, _11);
+    sqmul256_modm(recip, 1 + 4, _1111);
+    sqmul256_modm(recip, 1 + 3, _101);
+    sqmul256_modm(recip, 3 + 3, _101);
+    sqmul256_modm(recip, 3, _111);
+    sqmul256_modm(recip, 1 + 4, _1111);
+    sqmul256_modm(recip, 2 + 3, _111);
+    sqmul256_modm(recip, 2 + 2, _11);
+    sqmul256_modm(recip, 1 + 4, _1011);
+    sqmul256_modm(recip, 2 + 4, _1011);
+    sqmul256_modm(recip, 6 + 4, _1001);
+    sqmul256_modm(recip, 2 + 2, _11);
+    sqmul256_modm(recip, 3 + 2, _11);
+    sqmul256_modm(recip, 3 + 2, _11);
+    sqmul256_modm(recip, 1 + 4, _1001);
+    sqmul256_modm(recip, 1 + 3, _111);
+    sqmul256_modm(recip, 2 + 4, _1111);
+    sqmul256_modm(recip, 1 + 4, _1011);
+    sqmul256_modm(recip, 3, _101);
+    sqmul256_modm(recip, 2 + 4, _1111);
+    sqmul256_modm(recip, 3, _101);
+    sqmul256_modm(recip, 1 + 2, _11);
+}