search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libsodium: Needed for Dnscrypto-proxy Release 1.3.0
[tomato.git] / release / src / router / libsodium / src / libsodium / crypto_sign / ed25519 / ref10 / sc_reduce.c
blobd01f5a5737eb89a958089ceb78537ab7988f71cb
1 #include "sc.h"
2 #include "crypto_int64.h"
3 #include "crypto_uint32.h"
4 #include "crypto_uint64.h"
5
6 static crypto_uint64 load_3(const unsigned char *in)
7 {
8 crypto_uint64 result;
9 result = (crypto_uint64) in[0];
10 result |= ((crypto_uint64) in[1]) << 8;
11 result |= ((crypto_uint64) in[2]) << 16;
12 return result;
13 }
14
15 static crypto_uint64 load_4(const unsigned char *in)
16 {
17 crypto_uint64 result;
18 result = (crypto_uint64) in[0];
19 result |= ((crypto_uint64) in[1]) << 8;
20 result |= ((crypto_uint64) in[2]) << 16;
21 result |= ((crypto_uint64) in[3]) << 24;
22 return result;
23 }
24
25 /*
26 Input:
27 s[0]+256*s[1]+...+256^63*s[63] = s
28
29 Output:
30 s[0]+256*s[1]+...+256^31*s[31] = s mod l
31 where l = 2^252 + 27742317777372353535851937790883648493.
32 Overwrites s in place.
33 */
34
35 void sc_reduce(unsigned char *s)
36 {
37 crypto_int64 s0 = 2097151 & load_3(s);
38 crypto_int64 s1 = 2097151 & (load_4(s + 2) >> 5);
39 crypto_int64 s2 = 2097151 & (load_3(s + 5) >> 2);
40 crypto_int64 s3 = 2097151 & (load_4(s + 7) >> 7);
41 crypto_int64 s4 = 2097151 & (load_4(s + 10) >> 4);
42 crypto_int64 s5 = 2097151 & (load_3(s + 13) >> 1);
43 crypto_int64 s6 = 2097151 & (load_4(s + 15) >> 6);
44 crypto_int64 s7 = 2097151 & (load_3(s + 18) >> 3);
45 crypto_int64 s8 = 2097151 & load_3(s + 21);
46 crypto_int64 s9 = 2097151 & (load_4(s + 23) >> 5);
47 crypto_int64 s10 = 2097151 & (load_3(s + 26) >> 2);
48 crypto_int64 s11 = 2097151 & (load_4(s + 28) >> 7);
49 crypto_int64 s12 = 2097151 & (load_4(s + 31) >> 4);
50 crypto_int64 s13 = 2097151 & (load_3(s + 34) >> 1);
51 crypto_int64 s14 = 2097151 & (load_4(s + 36) >> 6);
52 crypto_int64 s15 = 2097151 & (load_3(s + 39) >> 3);
53 crypto_int64 s16 = 2097151 & load_3(s + 42);
54 crypto_int64 s17 = 2097151 & (load_4(s + 44) >> 5);
55 crypto_int64 s18 = 2097151 & (load_3(s + 47) >> 2);
56 crypto_int64 s19 = 2097151 & (load_4(s + 49) >> 7);
57 crypto_int64 s20 = 2097151 & (load_4(s + 52) >> 4);
58 crypto_int64 s21 = 2097151 & (load_3(s + 55) >> 1);
59 crypto_int64 s22 = 2097151 & (load_4(s + 57) >> 6);
60 crypto_int64 s23 = (load_4(s + 60) >> 3);
61 crypto_int64 carry0;
62 crypto_int64 carry1;
63 crypto_int64 carry2;
64 crypto_int64 carry3;
65 crypto_int64 carry4;
66 crypto_int64 carry5;
67 crypto_int64 carry6;
68 crypto_int64 carry7;
69 crypto_int64 carry8;
70 crypto_int64 carry9;
71 crypto_int64 carry10;
72 crypto_int64 carry11;
73 crypto_int64 carry12;
74 crypto_int64 carry13;
75 crypto_int64 carry14;
76 crypto_int64 carry15;
77 crypto_int64 carry16;
78
79 s11 += s23 * 666643;
80 s12 += s23 * 470296;
81 s13 += s23 * 654183;
82 s14 -= s23 * 997805;
83 s15 += s23 * 136657;
84 s16 -= s23 * 683901;
85 s23 = 0;
86
87 s10 += s22 * 666643;
88 s11 += s22 * 470296;
89 s12 += s22 * 654183;
90 s13 -= s22 * 997805;
91 s14 += s22 * 136657;
92 s15 -= s22 * 683901;
93 s22 = 0;
94
95 s9 += s21 * 666643;
96 s10 += s21 * 470296;
97 s11 += s21 * 654183;
98 s12 -= s21 * 997805;
99 s13 += s21 * 136657;
100 s14 -= s21 * 683901;
101 s21 = 0;
102
103 s8 += s20 * 666643;
104 s9 += s20 * 470296;
105 s10 += s20 * 654183;
106 s11 -= s20 * 997805;
107 s12 += s20 * 136657;
108 s13 -= s20 * 683901;
109 s20 = 0;
110
111 s7 += s19 * 666643;
112 s8 += s19 * 470296;
113 s9 += s19 * 654183;
114 s10 -= s19 * 997805;
115 s11 += s19 * 136657;
116 s12 -= s19 * 683901;
117 s19 = 0;
118
119 s6 += s18 * 666643;
120 s7 += s18 * 470296;
121 s8 += s18 * 654183;
122 s9 -= s18 * 997805;
123 s10 += s18 * 136657;
124 s11 -= s18 * 683901;
125 s18 = 0;
126
127 carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
128 carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
129 carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
130 carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
131 carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
132 carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
133
134 carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
135 carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
136 carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
137 carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
138 carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
139
140 s5 += s17 * 666643;
141 s6 += s17 * 470296;
142 s7 += s17 * 654183;
143 s8 -= s17 * 997805;
144 s9 += s17 * 136657;
145 s10 -= s17 * 683901;
146 s17 = 0;
147
148 s4 += s16 * 666643;
149 s5 += s16 * 470296;
150 s6 += s16 * 654183;
151 s7 -= s16 * 997805;
152 s8 += s16 * 136657;
153 s9 -= s16 * 683901;
154 s16 = 0;
155
156 s3 += s15 * 666643;
157 s4 += s15 * 470296;
158 s5 += s15 * 654183;
159 s6 -= s15 * 997805;
160 s7 += s15 * 136657;
161 s8 -= s15 * 683901;
162 s15 = 0;
163
164 s2 += s14 * 666643;
165 s3 += s14 * 470296;
166 s4 += s14 * 654183;
167 s5 -= s14 * 997805;
168 s6 += s14 * 136657;
169 s7 -= s14 * 683901;
170 s14 = 0;
171
172 s1 += s13 * 666643;
173 s2 += s13 * 470296;
174 s3 += s13 * 654183;
175 s4 -= s13 * 997805;
176 s5 += s13 * 136657;
177 s6 -= s13 * 683901;
178 s13 = 0;
179
180 s0 += s12 * 666643;
181 s1 += s12 * 470296;
182 s2 += s12 * 654183;
183 s3 -= s12 * 997805;
184 s4 += s12 * 136657;
185 s5 -= s12 * 683901;
186 s12 = 0;
187
188 carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
189 carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
190 carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
191 carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
192 carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
193 carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
194
195 carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
196 carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
197 carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
198 carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
199 carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
200 carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
201
202 s0 += s12 * 666643;
203 s1 += s12 * 470296;
204 s2 += s12 * 654183;
205 s3 -= s12 * 997805;
206 s4 += s12 * 136657;
207 s5 -= s12 * 683901;
208 s12 = 0;
209
210 carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
211 carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
212 carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
213 carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
214 carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
215 carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
216 carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
217 carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
218 carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
219 carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
220 carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
221 carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
222
223 s0 += s12 * 666643;
224 s1 += s12 * 470296;
225 s2 += s12 * 654183;
226 s3 -= s12 * 997805;
227 s4 += s12 * 136657;
228 s5 -= s12 * 683901;
229 s12 = 0;
230
231 carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
232 carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
233 carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
234 carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
235 carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
236 carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
237 carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
238 carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
239 carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
240 carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
241 carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
242
243 s[0] = s0 >> 0;
244 s[1] = s0 >> 8;
245 s[2] = (s0 >> 16) | (s1 << 5);
246 s[3] = s1 >> 3;
247 s[4] = s1 >> 11;
248 s[5] = (s1 >> 19) | (s2 << 2);
249 s[6] = s2 >> 6;
250 s[7] = (s2 >> 14) | (s3 << 7);
251 s[8] = s3 >> 1;
252 s[9] = s3 >> 9;
253 s[10] = (s3 >> 17) | (s4 << 4);
254 s[11] = s4 >> 4;
255 s[12] = s4 >> 12;
256 s[13] = (s4 >> 20) | (s5 << 1);
257 s[14] = s5 >> 7;
258 s[15] = (s5 >> 15) | (s6 << 6);
259 s[16] = s6 >> 2;
260 s[17] = s6 >> 10;
261 s[18] = (s6 >> 18) | (s7 << 3);
262 s[19] = s7 >> 5;
263 s[20] = s7 >> 13;
264 s[21] = s8 >> 0;
265 s[22] = s8 >> 8;
266 s[23] = (s8 >> 16) | (s9 << 5);
267 s[24] = s9 >> 3;
268 s[25] = s9 >> 11;
269 s[26] = (s9 >> 19) | (s10 << 2);
270 s[27] = s10 >> 6;
271 s[28] = (s10 >> 14) | (s11 << 7);
272 s[29] = s11 >> 1;
273 s[30] = s11 >> 9;
274 s[31] = s11 >> 17;
275 }
Tomato firmware and modifications.