Merge pull request #187 from ocheron/decaf-update

Fix link error with OpenBSD

cbits/decaf/ed448goldilocks/decaf_all.c

@@ -0,0 +1,3 @@
+/* Combined to avoid link failure on OpenBSD with --strip-unneeded, see #186 */
+#include "decaf.c"
+#include "decaf_tables.c"

cbits/decaf/p448/arch_32/f_impl.h

@@ -10,37 +10,22 @@
 #define LIMB_PLACE_VALUE(i) 28
 
 void cryptonite_gf_add_RAW (gf out, const gf a, const gf b) {
-    for (unsigned int i=0; i<sizeof(*out)/sizeof(uint32xn_t); i++) {
+    for (unsigned int i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {
-        ((uint32xn_t*)out)[i] = ((const uint32xn_t*)a)[i] + ((const uint32xn_t*)b)[i];
-    }
-    /*
-    unsigned int i;
-    for (i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {
         out->limb[i] = a->limb[i] + b->limb[i];
     }
-    */
 }
 
 void cryptonite_gf_sub_RAW (gf out, const gf a, const gf b) {
-    for (unsigned int i=0; i<sizeof(*out)/sizeof(uint32xn_t); i++) {
+    for (unsigned int i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {
-        ((uint32xn_t*)out)[i] = ((const uint32xn_t*)a)[i] - ((const uint32xn_t*)b)[i];
-    }
-    /*
-    unsigned int i;
-    for (i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {
         out->limb[i] = a->limb[i] - b->limb[i];
     }
-    */
 }
 
-void cryptonite_gf_bias (gf a, int amt) {
+void cryptonite_gf_bias (gf a, int amt) {    
     uint32_t co1 = ((1ull<<28)-1)*amt, co2 = co1-amt;
-    uint32x4_t lo = {co1,co1,co1,co1}, hi = {co2,co1,co1,co1};
+    for (unsigned int i=0; i<sizeof(*a)/sizeof(a->limb[0]); i++) {
-    uint32x4_t *aa = (uint32x4_t*) a;
+        a->limb[i] += (i==sizeof(*a)/sizeof(a->limb[0])/2) ? co2 : co1;
-    aa[0] += lo;
+    }
-    aa[1] += lo;
-    aa[2] += hi;
-    aa[3] += lo;
 }
 
 void cryptonite_gf_weak_reduce (gf a) {

cbits/decaf/p448/f_generic.c

@@ -106,14 +106,14 @@ void cryptonite_gf_strong_reduce (gf a) {
     assert(word_is_zero(carry + scarry_0));
 }
 
-/** Add two gf elements */
+/** Subtract two gf elements d=a-b */
 void cryptonite_gf_sub (gf d, const gf a, const gf b) {
     cryptonite_gf_sub_RAW ( d, a, b );
     cryptonite_gf_bias( d, 2 );
     cryptonite_gf_weak_reduce ( d );
 }
 
-/** Subtract d = a-b */
+/** Add two field elements d = a+b */
 void cryptonite_gf_add (gf d, const gf a, const gf b) {
     cryptonite_gf_add_RAW ( d, a, b );
     cryptonite_gf_weak_reduce ( d );

cbits/decaf/tools/generate.sh

@@ -6,7 +6,7 @@
 # (available at <git://git.code.sf.net/p/ed448goldilocks/code>).
 #
 # Project is synced with upstream commit
-# 'b29565fdfd654385b6d6e3257e60a7e94636057f'.
+# '807a7e67decbf8ccc10be862cdf9ae03653ffe70'.
 #
 # Notes about transformations applied:
 #
@@ -33,6 +33,10 @@
 # * function posix_memalign is defined in order to avoid a warning on
 #   Windows/MinGW.  Hopefully it is not called.  This definition is put
 #   inside portable_endian.h because this file is already included.
+#
+# * files decaf.c and decaf_tables.c are compiled to a single object file
+#   decaf_all.o to avoid link failure on OpenBSD with --strip-unneeded
+#   and old versions of binutils (see #186)
 
 SRC_DIR="$1/src"
 DEST_DIR="`dirname "$0"`"/..
@@ -90,6 +94,12 @@ for CURVE in ed448goldilocks; do
   convert "$SRC_DIR"/GENERATED/c/$CURVE/decaf_tables.c "$DEST_DIR"/$CURVE
   convert "$SRC_DIR"/GENERATED/c/$CURVE/eddsa.c        "$DEST_DIR"/$CURVE
   convert "$SRC_DIR"/GENERATED/c/$CURVE/scalar.c       "$DEST_DIR"/$CURVE
+
+  cat > "$DEST_DIR"/$CURVE/decaf_all.c <<EOF
+/* Combined to avoid link failure on OpenBSD with --strip-unneeded, see #186 */
+#include "decaf.c"
+#include "decaf_tables.c"
+EOF
 done
 
 for FIELD in p448; do

cryptonite.cabal

@@ -48,6 +48,8 @@ extra-source-files:  cbits/*.h
                      cbits/decaf/p448/arch_32/*.h
                      cbits/decaf/p448/arch_ref64/*.h
                      cbits/decaf/p448/*.h
+                     cbits/decaf/ed448goldilocks/decaf_tables.c
+                     cbits/decaf/ed448goldilocks/decaf.c
                      cbits/p256/*.h
                      cbits/blake2/ref/*.h
                      cbits/blake2/sse/*.h
@@ -270,8 +272,7 @@ Library
                      , cbits/decaf/p448/f_arithmetic.c
                      , cbits/decaf/utils.c
                      , cbits/decaf/ed448goldilocks/scalar.c
-                     , cbits/decaf/ed448goldilocks/decaf_tables.c
+                     , cbits/decaf/ed448goldilocks/decaf_all.c
-                     , cbits/decaf/ed448goldilocks/decaf.c
                      , cbits/decaf/ed448goldilocks/eddsa.c
 
     include-dirs:      cbits/decaf/include/arch_ref64
@@ -282,8 +283,7 @@ Library
                      , cbits/decaf/p448/f_arithmetic.c
                      , cbits/decaf/utils.c
                      , cbits/decaf/ed448goldilocks/scalar.c
-                     , cbits/decaf/ed448goldilocks/decaf_tables.c
+                     , cbits/decaf/ed448goldilocks/decaf_all.c
-                     , cbits/decaf/ed448goldilocks/decaf.c
                      , cbits/decaf/ed448goldilocks/eddsa.c
 
     include-dirs:      cbits/decaf/include/arch_32