pynacl

Python wrapper for http://nacl.cace-project.eu/
git clone https://code.literati.org/pynacl.git
Log | Files | Refs | README

commit b5cad41dd1889e1b327140001ac62b4298b71dcb
parent 7a59b0bda2936a71a6d3af09c9d973663c1ff19e
Author: Brian Warner <warner@lothar.com>
Date:   Thu, 12 Jan 2012 23:44:14 -0800

embed copy of NaCl-20110221

Diffstat:
Anacl-20110221/MACROS | 56++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/OPERATIONS | 11+++++++++++
Anacl-20110221/PROTOTYPES.c | 26++++++++++++++++++++++++++
Anacl-20110221/PROTOTYPES.cpp | 17+++++++++++++++++
Anacl-20110221/commandline/nacl-sha256.c | 64++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/commandline/nacl-sha512.c | 64++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/alpha.c | 80+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/alpha.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/amd64cpuinfo.c | 16++++++++++++++++
Anacl-20110221/cpucycles/amd64cpuinfo.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/amd64cpuspeed.c | 25+++++++++++++++++++++++++
Anacl-20110221/cpucycles/amd64cpuspeed.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/amd64tscfreq.c | 18++++++++++++++++++
Anacl-20110221/cpucycles/amd64tscfreq.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/celllinux.c | 83+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/celllinux.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/cortex.c | 73+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/cortex.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/dev4ns.c | 62++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/dev4ns.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/do | 105+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/gettimeofday.c | 32++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/gettimeofday.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/hppapstat.c | 26++++++++++++++++++++++++++
Anacl-20110221/cpucycles/hppapstat.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/ia64cpuinfo.c | 15+++++++++++++++
Anacl-20110221/cpucycles/ia64cpuinfo.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/mips.c | 65+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/mips.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/monotonic.c | 34++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/monotonic.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/monotoniccpuinfo.c | 33+++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/monotoniccpuinfo.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/osfreq.c | 65+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/powerpccpuinfo.c | 95+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/powerpccpuinfo.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/powerpcmacos.c | 42++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/powerpcmacos.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/sgi.c | 38++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/sgi.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/sparc32cpuinfo.c | 16++++++++++++++++
Anacl-20110221/cpucycles/sparc32cpuinfo.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/sparccpuinfo.c | 15+++++++++++++++
Anacl-20110221/cpucycles/sparccpuinfo.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/test.c | 77+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/x86cpuinfo.c | 15+++++++++++++++
Anacl-20110221/cpucycles/x86cpuinfo.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/x86cpuspeed.c | 24++++++++++++++++++++++++
Anacl-20110221/cpucycles/x86cpuspeed.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/x86estimate.c | 59+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpucycles/x86estimate.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpucycles/x86tscfreq.c | 17+++++++++++++++++
Anacl-20110221/cpucycles/x86tscfreq.h | 27+++++++++++++++++++++++++++
Anacl-20110221/cpuid/cbytes.c | 16++++++++++++++++
Anacl-20110221/cpuid/cpuid.c | 41+++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpuid/do | 37+++++++++++++++++++++++++++++++++++++
Anacl-20110221/cpuid/unknown.c | 7+++++++
Anacl-20110221/cpuid/x86.c | 41+++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_auth/hmacsha256/checksum | 1+
Anacl-20110221/crypto_auth/hmacsha256/ref/api.h | 2++
Anacl-20110221/crypto_auth/hmacsha256/ref/hmac.c | 83+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_auth/hmacsha256/ref/verify.c | 9+++++++++
Anacl-20110221/crypto_auth/hmacsha256/used | 0
Anacl-20110221/crypto_auth/hmacsha512256/checksum | 1+
Anacl-20110221/crypto_auth/hmacsha512256/ref/api.h | 2++
Anacl-20110221/crypto_auth/hmacsha512256/ref/hmac.c | 86+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_auth/hmacsha512256/ref/verify.c | 9+++++++++
Anacl-20110221/crypto_auth/hmacsha512256/selected | 0
Anacl-20110221/crypto_auth/hmacsha512256/used | 0
Anacl-20110221/crypto_auth/measure.c | 69+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_auth/try.c | 119+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_auth/wrapper-auth.cpp | 11+++++++++++
Anacl-20110221/crypto_auth/wrapper-verify.cpp | 14++++++++++++++
Anacl-20110221/crypto_box/curve25519xsalsa20poly1305/checksum | 1+
Anacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/after.c | 22++++++++++++++++++++++
Anacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/api.h | 6++++++
Anacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/before.c | 17+++++++++++++++++
Anacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/box.c | 27+++++++++++++++++++++++++++
Anacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c | 12++++++++++++
Anacl-20110221/crypto_box/curve25519xsalsa20poly1305/selected | 0
Anacl-20110221/crypto_box/curve25519xsalsa20poly1305/used | 0
Anacl-20110221/crypto_box/measure.c | 137+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_box/try.c | 195+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_box/wrapper-box.cpp | 24++++++++++++++++++++++++
Anacl-20110221/crypto_box/wrapper-keypair.cpp | 12++++++++++++
Anacl-20110221/crypto_box/wrapper-open.cpp | 27+++++++++++++++++++++++++++
Anacl-20110221/crypto_core/hsalsa20/checksum | 1+
Anacl-20110221/crypto_core/hsalsa20/ref/api.h | 4++++
Anacl-20110221/crypto_core/hsalsa20/ref/core.c | 135+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_core/hsalsa20/ref/implementors | 1+
Anacl-20110221/crypto_core/hsalsa20/ref2/api.h | 4++++
Anacl-20110221/crypto_core/hsalsa20/ref2/core.c | 108+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_core/hsalsa20/ref2/implementors | 1+
Anacl-20110221/crypto_core/hsalsa20/used | 0
Anacl-20110221/crypto_core/measure.c | 18++++++++++++++++++
Anacl-20110221/crypto_core/salsa20/checksum | 1+
Anacl-20110221/crypto_core/salsa20/ref/api.h | 4++++
Anacl-20110221/crypto_core/salsa20/ref/core.c | 134+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_core/salsa20/ref/implementors | 1+
Anacl-20110221/crypto_core/salsa20/used | 0
Anacl-20110221/crypto_core/salsa2012/checksum | 1+
Anacl-20110221/crypto_core/salsa2012/ref/api.h | 4++++
Anacl-20110221/crypto_core/salsa2012/ref/core.c | 134+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_core/salsa2012/ref/implementors | 1+
Anacl-20110221/crypto_core/salsa2012/used | 0
Anacl-20110221/crypto_core/salsa208/checksum | 1+
Anacl-20110221/crypto_core/salsa208/ref/api.h | 4++++
Anacl-20110221/crypto_core/salsa208/ref/core.c | 134+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_core/salsa208/ref/implementors | 1+
Anacl-20110221/crypto_core/salsa208/used | 0
Anacl-20110221/crypto_core/try.c | 116+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_core/wrapper-empty.cpp | 0
Anacl-20110221/crypto_hash/measure.c | 66++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_hash/sha256/checksum | 1+
Anacl-20110221/crypto_hash/sha256/ref/api.h | 1+
Anacl-20110221/crypto_hash/sha256/ref/hash.c | 69+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_hash/sha256/ref/implementors | 1+
Anacl-20110221/crypto_hash/sha256/used | 0
Anacl-20110221/crypto_hash/sha512/checksum | 1+
Anacl-20110221/crypto_hash/sha512/ref/api.h | 1+
Anacl-20110221/crypto_hash/sha512/ref/hash.c | 71+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_hash/sha512/ref/implementors | 1+
Anacl-20110221/crypto_hash/sha512/selected | 0
Anacl-20110221/crypto_hash/sha512/used | 0
Anacl-20110221/crypto_hash/try.c | 77+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_hash/wrapper-hash.cpp | 10++++++++++
Anacl-20110221/crypto_hashblocks/measure.c | 18++++++++++++++++++
Anacl-20110221/crypto_hashblocks/sha256/checksum | 1+
Anacl-20110221/crypto_hashblocks/sha256/inplace/api.h | 2++
Anacl-20110221/crypto_hashblocks/sha256/inplace/blocks.c | 228+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_hashblocks/sha256/inplace/implementors | 1+
Anacl-20110221/crypto_hashblocks/sha256/ref/api.h | 2++
Anacl-20110221/crypto_hashblocks/sha256/ref/blocks.c | 212+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_hashblocks/sha256/ref/implementors | 1+
Anacl-20110221/crypto_hashblocks/sha256/used | 0
Anacl-20110221/crypto_hashblocks/sha512/checksum | 1+
Anacl-20110221/crypto_hashblocks/sha512/inplace/api.h | 2++
Anacl-20110221/crypto_hashblocks/sha512/inplace/blocks.c | 256+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_hashblocks/sha512/inplace/implementors | 1+
Anacl-20110221/crypto_hashblocks/sha512/ref/api.h | 2++
Anacl-20110221/crypto_hashblocks/sha512/ref/blocks.c | 239+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_hashblocks/sha512/ref/implementors | 1+
Anacl-20110221/crypto_hashblocks/sha512/selected | 0
Anacl-20110221/crypto_hashblocks/sha512/used | 0
Anacl-20110221/crypto_hashblocks/try.c | 79+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_hashblocks/wrapper-empty.cpp | 0
Anacl-20110221/crypto_onetimeauth/measure.c | 69+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/53/api.h | 2++
Anacl-20110221/crypto_onetimeauth/poly1305/53/auth.c | 1616+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/53/verify.c | 9+++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/amd64/api.h | 2++
Anacl-20110221/crypto_onetimeauth/poly1305/amd64/auth.s | 2787+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/amd64/constants.s | 85+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/amd64/verify.c | 9+++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/checksum | 1+
Anacl-20110221/crypto_onetimeauth/poly1305/ref/api.h | 2++
Anacl-20110221/crypto_onetimeauth/poly1305/ref/auth.c | 104+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/ref/verify.c | 9+++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/selected | 0
Anacl-20110221/crypto_onetimeauth/poly1305/used | 0
Anacl-20110221/crypto_onetimeauth/poly1305/x86/api.h | 2++
Anacl-20110221/crypto_onetimeauth/poly1305/x86/auth.s | 2779+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/x86/constants.s | 85+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_onetimeauth/poly1305/x86/verify.c | 9+++++++++
Anacl-20110221/crypto_onetimeauth/try.c | 119+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_onetimeauth/wrapper-auth.cpp | 11+++++++++++
Anacl-20110221/crypto_onetimeauth/wrapper-verify.cpp | 14++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/api.h | 2++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/base.c | 8++++++++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/const.s | 114+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/fromdouble.s | 195+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/implementors | 1+
Anacl-20110221/crypto_scalarmult/curve25519/athlon/init.s | 13+++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/mainloop.s | 3990+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/mult.s | 410+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/smult.c | 91+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/square.s | 298+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/athlon/todouble.s | 144+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/checksum | 1+
Anacl-20110221/crypto_scalarmult/curve25519/donna_c64/api.h | 2++
Anacl-20110221/crypto_scalarmult/curve25519/donna_c64/base.c | 8++++++++
Anacl-20110221/crypto_scalarmult/curve25519/donna_c64/implementors | 1+
Anacl-20110221/crypto_scalarmult/curve25519/donna_c64/smult.c | 477+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/ref/api.h | 2++
Anacl-20110221/crypto_scalarmult/curve25519/ref/base.c | 16++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/ref/implementors | 1+
Anacl-20110221/crypto_scalarmult/curve25519/ref/smult.c | 265+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/curve25519/used | 0
Anacl-20110221/crypto_scalarmult/measure.c | 61+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/try.c | 126+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_scalarmult/wrapper-base.cpp | 11+++++++++++
Anacl-20110221/crypto_scalarmult/wrapper-mult.cpp | 12++++++++++++
Anacl-20110221/crypto_secretbox/measure.c | 75+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_secretbox/try.c | 129+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_secretbox/wrapper-box.cpp | 19+++++++++++++++++++
Anacl-20110221/crypto_secretbox/wrapper-open.cpp | 22++++++++++++++++++++++
Anacl-20110221/crypto_secretbox/xsalsa20poly1305/checksum | 1+
Anacl-20110221/crypto_secretbox/xsalsa20poly1305/ref/api.h | 4++++
Anacl-20110221/crypto_secretbox/xsalsa20poly1305/ref/box.c | 35+++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_secretbox/xsalsa20poly1305/selected | 0
Anacl-20110221/crypto_secretbox/xsalsa20poly1305/used | 0
Anacl-20110221/crypto_sign/edwards25519sha512batch/ref/api.h | 3+++
Anacl-20110221/crypto_sign/edwards25519sha512batch/ref/fe25519.c | 345+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_sign/edwards25519sha512batch/ref/fe25519.h | 54++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_sign/edwards25519sha512batch/ref/ge25519.c | 227+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_sign/edwards25519sha512batch/ref/ge25519.h | 34++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_sign/edwards25519sha512batch/ref/sc25519.c | 146+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_sign/edwards25519sha512batch/ref/sc25519.h | 51+++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_sign/edwards25519sha512batch/ref/sign.c | 103+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_sign/edwards25519sha512batch/selected | 0
Anacl-20110221/crypto_sign/edwards25519sha512batch/used | 0
Anacl-20110221/crypto_sign/measure.c | 83+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_sign/try.c | 86+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_sign/wrapper-keypair.cpp | 12++++++++++++
Anacl-20110221/crypto_sign/wrapper-sign-open.cpp | 24++++++++++++++++++++++++
Anacl-20110221/crypto_sign/wrapper-sign.cpp | 23+++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/checksum | 1+
Anacl-20110221/crypto_stream/aes128ctr/core2/afternm.s | 12308+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/core2/api.h | 3+++
Anacl-20110221/crypto_stream/aes128ctr/core2/beforenm.s | 13694+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/core2/stream.c | 14++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/core2/xor.c | 15+++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/core2/xor_afternm.s | 12407+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/afternm.c | 158+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/api.h | 3+++
Anacl-20110221/crypto_stream/aes128ctr/portable/beforenm.c | 59+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/common.c | 64++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/common.h | 788+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/consts.c | 14++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/consts.h | 28++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/int128.c | 128+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/int128.h | 47+++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/stream.c | 28++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/types.h | 10++++++++++
Anacl-20110221/crypto_stream/aes128ctr/portable/xor_afternm.c | 180+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/aes128ctr/used | 0
Anacl-20110221/crypto_stream/measure.c | 73+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa20/amd64_xmm6/api.h | 2++
Anacl-20110221/crypto_stream/salsa20/amd64_xmm6/implementors | 1+
Anacl-20110221/crypto_stream/salsa20/amd64_xmm6/stream.s | 4823++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa20/checksum | 1+
Anacl-20110221/crypto_stream/salsa20/ref/api.h | 2++
Anacl-20110221/crypto_stream/salsa20/ref/implementors | 1+
Anacl-20110221/crypto_stream/salsa20/ref/stream.c | 49+++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa20/ref/xor.c | 52++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa20/used | 0
Anacl-20110221/crypto_stream/salsa20/x86_xmm5/api.h | 2++
Anacl-20110221/crypto_stream/salsa20/x86_xmm5/implementors | 1+
Anacl-20110221/crypto_stream/salsa20/x86_xmm5/stream.s | 5078+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa2012/amd64_xmm6/api.h | 2++
Anacl-20110221/crypto_stream/salsa2012/amd64_xmm6/implementors | 1+
Anacl-20110221/crypto_stream/salsa2012/amd64_xmm6/stream.s | 4823++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa2012/checksum | 1+
Anacl-20110221/crypto_stream/salsa2012/ref/api.h | 2++
Anacl-20110221/crypto_stream/salsa2012/ref/implementors | 1+
Anacl-20110221/crypto_stream/salsa2012/ref/stream.c | 49+++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa2012/ref/xor.c | 52++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa2012/used | 0
Anacl-20110221/crypto_stream/salsa2012/x86_xmm5/api.h | 2++
Anacl-20110221/crypto_stream/salsa2012/x86_xmm5/implementors | 1+
Anacl-20110221/crypto_stream/salsa2012/x86_xmm5/stream.s | 5078+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa208/amd64_xmm6/api.h | 2++
Anacl-20110221/crypto_stream/salsa208/amd64_xmm6/implementors | 1+
Anacl-20110221/crypto_stream/salsa208/amd64_xmm6/stream.s | 4823++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa208/checksum | 1+
Anacl-20110221/crypto_stream/salsa208/ref/api.h | 2++
Anacl-20110221/crypto_stream/salsa208/ref/implementors | 1+
Anacl-20110221/crypto_stream/salsa208/ref/stream.c | 49+++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa208/ref/xor.c | 52++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/salsa208/used | 0
Anacl-20110221/crypto_stream/salsa208/x86_xmm5/api.h | 2++
Anacl-20110221/crypto_stream/salsa208/x86_xmm5/implementors | 1+
Anacl-20110221/crypto_stream/salsa208/x86_xmm5/stream.s | 5078+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/try.c | 124+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_stream/wrapper-stream.cpp | 12++++++++++++
Anacl-20110221/crypto_stream/wrapper-xor.cpp | 17+++++++++++++++++
Anacl-20110221/crypto_stream/xsalsa20/checksum | 1+
Anacl-20110221/crypto_stream/xsalsa20/ref/api.h | 2++
Anacl-20110221/crypto_stream/xsalsa20/ref/implementors | 1+
Anacl-20110221/crypto_stream/xsalsa20/ref/stream.c | 22++++++++++++++++++++++
Anacl-20110221/crypto_stream/xsalsa20/ref/xor.c | 23+++++++++++++++++++++++
Anacl-20110221/crypto_stream/xsalsa20/selected | 0
Anacl-20110221/crypto_stream/xsalsa20/used | 0
Anacl-20110221/crypto_verify/16/checksum | 1+
Anacl-20110221/crypto_verify/16/ref/api.h | 1+
Anacl-20110221/crypto_verify/16/ref/verify.c | 24++++++++++++++++++++++++
Anacl-20110221/crypto_verify/16/used | 0
Anacl-20110221/crypto_verify/32/checksum | 1+
Anacl-20110221/crypto_verify/32/ref/api.h | 1+
Anacl-20110221/crypto_verify/32/ref/verify.c | 40++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_verify/32/used | 0
Anacl-20110221/crypto_verify/measure.c | 18++++++++++++++++++
Anacl-20110221/crypto_verify/try.c | 75+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/crypto_verify/wrapper-empty.cpp | 0
Anacl-20110221/curvecp/LIBS | 31+++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/README | 10++++++++++
Anacl-20110221/curvecp/SOURCES | 36++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/TARGETS | 5+++++
Anacl-20110221/curvecp/blocking.c | 12++++++++++++
Anacl-20110221/curvecp/blocking.h | 7+++++++
Anacl-20110221/curvecp/byte.h | 8++++++++
Anacl-20110221/curvecp/byte_copy.c | 8++++++++
Anacl-20110221/curvecp/byte_isequal.c | 10++++++++++
Anacl-20110221/curvecp/byte_zero.c | 7+++++++
Anacl-20110221/curvecp/crypto_block.c | 35+++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/crypto_block.h | 4++++
Anacl-20110221/curvecp/curvecpclient.c | 476+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/curvecpmakekey.c | 57+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/curvecpmessage.c | 654+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/curvecpprintkey.c | 46++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/curvecpserver.c | 497+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/die.c | 42++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/die.h | 16++++++++++++++++
Anacl-20110221/curvecp/e.c | 106+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/e.h | 438+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/hexparse.c | 25+++++++++++++++++++++++++
Anacl-20110221/curvecp/hexparse.h | 6++++++
Anacl-20110221/curvecp/load.c | 33+++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/load.h | 6++++++
Anacl-20110221/curvecp/nameparse.c | 19+++++++++++++++++++
Anacl-20110221/curvecp/nameparse.h | 6++++++
Anacl-20110221/curvecp/nanoseconds.c | 12++++++++++++
Anacl-20110221/curvecp/nanoseconds.h | 6++++++
Anacl-20110221/curvecp/open.h | 10++++++++++
Anacl-20110221/curvecp/open_cwd.c | 6++++++
Anacl-20110221/curvecp/open_lock.c | 19+++++++++++++++++++
Anacl-20110221/curvecp/open_pipe.c | 15+++++++++++++++
Anacl-20110221/curvecp/open_read.c | 17+++++++++++++++++
Anacl-20110221/curvecp/open_write.c | 17+++++++++++++++++
Anacl-20110221/curvecp/portparse.c | 14++++++++++++++
Anacl-20110221/curvecp/portparse.h | 6++++++
Anacl-20110221/curvecp/randommod.c | 14++++++++++++++
Anacl-20110221/curvecp/randommod.h | 6++++++
Anacl-20110221/curvecp/safenonce.c | 74++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/safenonce.h | 6++++++
Anacl-20110221/curvecp/savesync.c | 24++++++++++++++++++++++++
Anacl-20110221/curvecp/savesync.h | 6++++++
Anacl-20110221/curvecp/socket.h | 9+++++++++
Anacl-20110221/curvecp/socket_bind.c | 15+++++++++++++++
Anacl-20110221/curvecp/socket_recv.c | 23+++++++++++++++++++++++
Anacl-20110221/curvecp/socket_send.c | 19+++++++++++++++++++
Anacl-20110221/curvecp/socket_udp.c | 36++++++++++++++++++++++++++++++++++++
Anacl-20110221/curvecp/uint16_pack.c | 7+++++++
Anacl-20110221/curvecp/uint16_pack.h | 8++++++++
Anacl-20110221/curvecp/uint16_unpack.c | 9+++++++++
Anacl-20110221/curvecp/uint16_unpack.h | 8++++++++
Anacl-20110221/curvecp/uint32_pack.c | 9+++++++++
Anacl-20110221/curvecp/uint32_pack.h | 8++++++++
Anacl-20110221/curvecp/uint32_unpack.c | 11+++++++++++
Anacl-20110221/curvecp/uint32_unpack.h | 8++++++++
Anacl-20110221/curvecp/uint64_pack.c | 13+++++++++++++
Anacl-20110221/curvecp/uint64_pack.h | 8++++++++
Anacl-20110221/curvecp/uint64_unpack.c | 15+++++++++++++++
Anacl-20110221/curvecp/uint64_unpack.h | 8++++++++
Anacl-20110221/curvecp/writeall.c | 27+++++++++++++++++++++++++++
Anacl-20110221/curvecp/writeall.h | 6++++++
Anacl-20110221/do | 468+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/inttypes/crypto_int16.c | 3+++
Anacl-20110221/inttypes/crypto_int32.c | 3+++
Anacl-20110221/inttypes/crypto_int64.c | 3+++
Anacl-20110221/inttypes/crypto_int8.c | 3+++
Anacl-20110221/inttypes/crypto_uint16.c | 3+++
Anacl-20110221/inttypes/crypto_uint32.c | 3+++
Anacl-20110221/inttypes/crypto_uint64.c | 3+++
Anacl-20110221/inttypes/crypto_uint8.c | 3+++
Anacl-20110221/inttypes/do | 47+++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/inttypes/signed.h | 17+++++++++++++++++
Anacl-20110221/inttypes/unsigned.h | 17+++++++++++++++++
Anacl-20110221/measure-anything.c | 225+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/okcompilers/abiname.c | 45+++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/okcompilers/archivers | 2++
Anacl-20110221/okcompilers/c | 8++++++++
Anacl-20110221/okcompilers/cpp | 8++++++++
Anacl-20110221/okcompilers/do | 196+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/okcompilers/lib.c | 29+++++++++++++++++++++++++++++
Anacl-20110221/okcompilers/lib.cpp | 19+++++++++++++++++++
Anacl-20110221/okcompilers/main.c | 25+++++++++++++++++++++++++
Anacl-20110221/okcompilers/main.cpp | 22++++++++++++++++++++++
Anacl-20110221/randombytes/devurandom.c | 34++++++++++++++++++++++++++++++++++
Anacl-20110221/randombytes/devurandom.h | 24++++++++++++++++++++++++
Anacl-20110221/randombytes/do | 43+++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/randombytes/test.c | 15+++++++++++++++
Anacl-20110221/tests/auth.c | 19+++++++++++++++++++
Anacl-20110221/tests/auth.out | 4++++
Anacl-20110221/tests/auth2.c | 34++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/auth2.out | 4++++
Anacl-20110221/tests/auth3.c | 34++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/auth3.out | 1+
Anacl-20110221/tests/auth4.cpp | 44++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/auth4.out | 1+
Anacl-20110221/tests/auth5.c | 36++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/auth5.out | 0
Anacl-20110221/tests/auth6.cpp | 46++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/auth6.out | 0
Anacl-20110221/tests/box.c | 63+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/box.out | 19+++++++++++++++++++
Anacl-20110221/tests/box2.c | 64++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/box2.out | 17+++++++++++++++++
Anacl-20110221/tests/box3.cpp | 60++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/box3.out | 19+++++++++++++++++++
Anacl-20110221/tests/box4.cpp | 66++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/box4.out | 17+++++++++++++++++
Anacl-20110221/tests/box5.cpp | 30++++++++++++++++++++++++++++++
Anacl-20110221/tests/box5.out | 0
Anacl-20110221/tests/box6.cpp | 43+++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/box6.out | 0
Anacl-20110221/tests/box7.c | 36++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/box7.out | 0
Anacl-20110221/tests/box8.c | 41+++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/box8.out | 0
Anacl-20110221/tests/core1.c | 30++++++++++++++++++++++++++++++
Anacl-20110221/tests/core1.out | 4++++
Anacl-20110221/tests/core2.c | 33+++++++++++++++++++++++++++++++++
Anacl-20110221/tests/core2.out | 4++++
Anacl-20110221/tests/core3.c | 41+++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/core3.out | 1+
Anacl-20110221/tests/core4.c | 33+++++++++++++++++++++++++++++++++
Anacl-20110221/tests/core4.out | 8++++++++
Anacl-20110221/tests/core5.c | 32++++++++++++++++++++++++++++++++
Anacl-20110221/tests/core5.out | 4++++
Anacl-20110221/tests/core6.c | 47+++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/core6.out | 4++++
Anacl-20110221/tests/hash.c | 14++++++++++++++
Anacl-20110221/tests/hash.out | 1+
Anacl-20110221/tests/hash2.cpp | 18++++++++++++++++++
Anacl-20110221/tests/hash2.out | 1+
Anacl-20110221/tests/hash3.c | 14++++++++++++++
Anacl-20110221/tests/hash3.out | 1+
Anacl-20110221/tests/hash4.cpp | 18++++++++++++++++++
Anacl-20110221/tests/hash4.out | 1+
Anacl-20110221/tests/onetimeauth.c | 42++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/onetimeauth.out | 2++
Anacl-20110221/tests/onetimeauth2.c | 40++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/onetimeauth2.out | 1+
Anacl-20110221/tests/onetimeauth5.cpp | 46++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/onetimeauth5.out | 2++
Anacl-20110221/tests/onetimeauth6.cpp | 50++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/onetimeauth6.out | 1+
Anacl-20110221/tests/onetimeauth7.c | 36++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/onetimeauth7.out | 0
Anacl-20110221/tests/onetimeauth8.cpp | 46++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/onetimeauth8.out | 0
Anacl-20110221/tests/scalarmult.c | 23+++++++++++++++++++++++
Anacl-20110221/tests/scalarmult.out | 4++++
Anacl-20110221/tests/scalarmult2.c | 23+++++++++++++++++++++++
Anacl-20110221/tests/scalarmult2.out | 4++++
Anacl-20110221/tests/scalarmult3.cpp | 31+++++++++++++++++++++++++++++++
Anacl-20110221/tests/scalarmult3.out | 4++++
Anacl-20110221/tests/scalarmult4.cpp | 31+++++++++++++++++++++++++++++++
Anacl-20110221/tests/scalarmult4.out | 4++++
Anacl-20110221/tests/scalarmult5.c | 30++++++++++++++++++++++++++++++
Anacl-20110221/tests/scalarmult5.out | 4++++
Anacl-20110221/tests/scalarmult6.c | 30++++++++++++++++++++++++++++++
Anacl-20110221/tests/scalarmult6.out | 4++++
Anacl-20110221/tests/scalarmult7.cpp | 32++++++++++++++++++++++++++++++++
Anacl-20110221/tests/scalarmult7.out | 4++++
Anacl-20110221/tests/secretbox.c | 56++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/secretbox.out | 19+++++++++++++++++++
Anacl-20110221/tests/secretbox2.c | 57+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/secretbox2.out | 17+++++++++++++++++
Anacl-20110221/tests/secretbox3.cpp | 52++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/secretbox3.out | 19+++++++++++++++++++
Anacl-20110221/tests/secretbox4.cpp | 54++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/secretbox4.out | 17+++++++++++++++++
Anacl-20110221/tests/secretbox5.cpp | 29+++++++++++++++++++++++++++++
Anacl-20110221/tests/secretbox5.out | 0
Anacl-20110221/tests/secretbox6.cpp | 42++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/secretbox6.out | 0
Anacl-20110221/tests/secretbox7.c | 32++++++++++++++++++++++++++++++++
Anacl-20110221/tests/secretbox7.out | 0
Anacl-20110221/tests/secretbox8.c | 37+++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/secretbox8.out | 0
Anacl-20110221/tests/stream.c | 29+++++++++++++++++++++++++++++
Anacl-20110221/tests/stream.out | 1+
Anacl-20110221/tests/stream2.c | 27+++++++++++++++++++++++++++
Anacl-20110221/tests/stream2.out | 1+
Anacl-20110221/tests/stream3.c | 28++++++++++++++++++++++++++++
Anacl-20110221/tests/stream3.out | 4++++
Anacl-20110221/tests/stream4.c | 53+++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/stream4.out | 17+++++++++++++++++
Anacl-20110221/tests/stream5.cpp | 29+++++++++++++++++++++++++++++
Anacl-20110221/tests/stream5.out | 1+
Anacl-20110221/tests/stream6.cpp | 27+++++++++++++++++++++++++++
Anacl-20110221/tests/stream6.out | 1+
Anacl-20110221/tests/stream7.cpp | 30++++++++++++++++++++++++++++++
Anacl-20110221/tests/stream7.out | 4++++
Anacl-20110221/tests/stream8.cpp | 56++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/tests/stream8.out | 17+++++++++++++++++
Anacl-20110221/try-anything.c | 173+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anacl-20110221/version | 1+
490 files changed, 97801 insertions(+), 0 deletions(-)

diff --git a/nacl-20110221/MACROS b/nacl-20110221/MACROS @@ -0,0 +1,56 @@ +crypto_verify +crypto_verify_BYTES +crypto_core +crypto_core_OUTPUTBYTES +crypto_core_INPUTBYTES +crypto_core_KEYBYTES +crypto_core_CONSTBYTES +crypto_hashblocks +crypto_hashblocks_STATEBYTES +crypto_hashblocks_BLOCKBYTES +crypto_hash +crypto_hash_BYTES +crypto_stream +crypto_stream_xor +crypto_stream_beforenm +crypto_stream_afternm +crypto_stream_xor_afternm +crypto_stream_KEYBYTES +crypto_stream_NONCEBYTES +crypto_stream_BEFORENMBYTES +crypto_onetimeauth +crypto_onetimeauth_verify +crypto_onetimeauth_BYTES +crypto_onetimeauth_KEYBYTES +crypto_auth +crypto_auth_verify +crypto_auth_BYTES +crypto_auth_KEYBYTES +crypto_secretbox +crypto_secretbox_open +crypto_secretbox_KEYBYTES +crypto_secretbox_NONCEBYTES +crypto_secretbox_ZEROBYTES +crypto_secretbox_BOXZEROBYTES +crypto_scalarmult +crypto_scalarmult_base +crypto_scalarmult_BYTES +crypto_scalarmult_SCALARBYTES +crypto_box +crypto_box_open +crypto_box_keypair +crypto_box_beforenm +crypto_box_afternm +crypto_box_open_afternm +crypto_box_PUBLICKEYBYTES +crypto_box_SECRETKEYBYTES +crypto_box_BEFORENMBYTES +crypto_box_NONCEBYTES +crypto_box_ZEROBYTES +crypto_box_BOXZEROBYTES +crypto_sign +crypto_sign_open +crypto_sign_keypair +crypto_sign_BYTES +crypto_sign_PUBLICKEYBYTES +crypto_sign_SECRETKEYBYTES diff --git a/nacl-20110221/OPERATIONS b/nacl-20110221/OPERATIONS @@ -0,0 +1,11 @@ +crypto_verify +crypto_core +crypto_hashblocks +crypto_hash +crypto_stream +crypto_onetimeauth +crypto_auth +crypto_secretbox +crypto_scalarmult +crypto_box +crypto_sign diff --git a/nacl-20110221/PROTOTYPES.c b/nacl-20110221/PROTOTYPES.c @@ -0,0 +1,26 @@ +extern int crypto_verify(const unsigned char *,const unsigned char *); +extern int crypto_core(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_hashblocks(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_hash(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_stream(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_beforenm(unsigned char *,const unsigned char *); +extern int crypto_stream_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_onetimeauth(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_onetimeauth_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_auth(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_auth_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_secretbox(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_secretbox_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_scalarmult(unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_scalarmult_base(unsigned char *,const unsigned char *); +extern int crypto_box(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_box_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_box_keypair(unsigned char *,unsigned char *); +extern int crypto_box_beforenm(unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_box_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_box_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_sign(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_sign_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_sign_keypair(unsigned char *,unsigned char *); diff --git a/nacl-20110221/PROTOTYPES.cpp b/nacl-20110221/PROTOTYPES.cpp @@ -0,0 +1,17 @@ +extern std::string crypto_auth(const std::string &,const std::string &); +extern void crypto_auth_verify(const std::string &,const std::string &,const std::string &); +extern std::string crypto_box(const std::string &,const std::string &,const std::string &,const std::string &); +extern std::string crypto_box_open(const std::string &,const std::string &,const std::string &,const std::string &); +extern std::string crypto_box_keypair(std::string *); +extern std::string crypto_hash(const std::string &); +extern std::string crypto_onetimeauth(const std::string &,const std::string &); +extern void crypto_onetimeauth_verify(const std::string &,const std::string &,const std::string &); +extern std::string crypto_scalarmult(const std::string &,const std::string &); +extern std::string crypto_scalarmult_base(const std::string &); +extern std::string crypto_secretbox(const std::string &,const std::string &,const std::string &); +extern std::string crypto_secretbox_open(const std::string &,const std::string &,const std::string &); +extern std::string crypto_stream(size_t,const std::string &,const std::string &); +extern std::string crypto_stream_xor(const std::string &,const std::string &,const std::string &); +extern std::string crypto_sign(const std::string &,const std::string &); +extern std::string crypto_sign_open(const std::string &,const std::string &); +extern std::string crypto_sign_keypair(std::string *); diff --git a/nacl-20110221/commandline/nacl-sha256.c b/nacl-20110221/commandline/nacl-sha256.c @@ -0,0 +1,64 @@ +/* +commandline/nacl-sha256.c version 20080713 +D. J. Bernstein +Public domain. +*/ + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/mman.h> +#include <unistd.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> +#include "crypto_hash_sha256.h" + +unsigned char *input; +unsigned long long inputalloc; +unsigned long long inputlen; + +unsigned char h[crypto_hash_sha256_BYTES]; + +void h_print(void) +{ + int i; + for (i = 0;i < crypto_hash_sha256_BYTES;++i) printf("%02x",255 & (int) h[i]); + printf("\n"); +} + +int main() +{ + struct stat st; + int ch; + + if (fstat(0,&st) == 0) { + input = mmap(0,st.st_size,PROT_READ,MAP_SHARED,0,0); + if (input != MAP_FAILED) { + crypto_hash_sha256(h,input,st.st_size); + h_print(); + return 0; + } + } + + input = 0; + inputalloc = 0; + inputlen = 0; + + while ((ch = getchar()) != EOF) { + if (inputlen >= inputalloc) { + void *newinput; + while (inputlen >= inputalloc) + inputalloc = inputalloc * 2 + 1; + if (posix_memalign(&newinput,16,inputalloc) != 0) return 111; + memcpy(newinput,input,inputlen); + free(input); + input = newinput; + } + input[inputlen++] = ch; + } + + crypto_hash_sha256(h,input,inputlen); + h_print(); + + return 0; +} diff --git a/nacl-20110221/commandline/nacl-sha512.c b/nacl-20110221/commandline/nacl-sha512.c @@ -0,0 +1,64 @@ +/* +commandline/nacl-sha512.c version 20080713 +D. J. Bernstein +Public domain. +*/ + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/mman.h> +#include <unistd.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> +#include "crypto_hash_sha512.h" + +unsigned char *input; +unsigned long long inputalloc; +unsigned long long inputlen; + +unsigned char h[crypto_hash_sha512_BYTES]; + +void h_print(void) +{ + int i; + for (i = 0;i < crypto_hash_sha512_BYTES;++i) printf("%02x",255 & (int) h[i]); + printf("\n"); +} + +int main() +{ + struct stat st; + int ch; + + if (fstat(0,&st) == 0) { + input = mmap(0,st.st_size,PROT_READ,MAP_SHARED,0,0); + if (input != MAP_FAILED) { + crypto_hash_sha512(h,input,st.st_size); + h_print(); + return 0; + } + } + + input = 0; + inputalloc = 0; + inputlen = 0; + + while ((ch = getchar()) != EOF) { + if (inputlen >= inputalloc) { + void *newinput; + while (inputlen >= inputalloc) + inputalloc = inputalloc * 2 + 1; + if (posix_memalign(&newinput,16,inputalloc) != 0) return 111; + memcpy(newinput,input,inputlen); + free(input); + input = newinput; + } + input[inputlen++] = ch; + } + + crypto_hash_sha512(h,input,inputlen); + h_print(); + + return 0; +} diff --git a/nacl-20110221/cpucycles/alpha.c b/nacl-20110221/cpucycles/alpha.c @@ -0,0 +1,80 @@ +/* +cpucycles/alpha.c version 20060316 +D. J. Bernstein +Public domain. +*/ + +#include <time.h> +#include <unistd.h> +#include <sys/time.h> + +static long long tod(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static long long rpcc(void) +{ + unsigned long long t; + asm volatile("rpcc %0" : "=r"(t)); + return t & 0xffffffff; +} + +static long long firstrpcc; +static long long firsttod; +static long long lastrpcc; +static long long lasttod; +static double mhz = 0; + +static void init(void) +{ + firstrpcc = rpcc(); + firsttod = tod(); + + do { + lastrpcc = rpcc(); + lasttod = tod(); + } while (lasttod - firsttod < 10000); + + lastrpcc -= firstrpcc; lastrpcc &= 0xffffffff; + lasttod -= firsttod; + + mhz = (double) lastrpcc / (double) lasttod; +} + +long long cpucycles_alpha(void) +{ + double x; + long long y; + + if (!mhz) init(); + + lastrpcc = rpcc(); + lasttod = tod(); + + lastrpcc -= firstrpcc; lastrpcc &= 0xffffffff; + lasttod -= firsttod; + + /* Number of cycles since firstrpcc is lastrpcc + 2^32 y for unknown y. */ + /* Number of microseconds since firsttod is lasttod. */ + + x = (lasttod * mhz - lastrpcc) * 0.00000000023283064365386962890625; + y = x; + while (x > y + 0.5) y += 1; + while (x < y - 0.5) y -= 1; + + y *= 4294967296ULL; + lastrpcc += y; + + mhz = (double) lastrpcc / (double) lasttod; + + return firstrpcc + lastrpcc; +} + +long long cpucycles_alpha_persecond(void) +{ + if (!mhz) init(); + return 1000000.0 * mhz; +} diff --git a/nacl-20110221/cpucycles/alpha.h b/nacl-20110221/cpucycles/alpha.h @@ -0,0 +1,27 @@ +/* +cpucycles alpha.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_alpha_h +#define CPUCYCLES_alpha_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_alpha(void); +extern long long cpucycles_alpha_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "alpha" +#define cpucycles cpucycles_alpha +#define cpucycles_persecond cpucycles_alpha_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/amd64cpuinfo.c b/nacl-20110221/cpucycles/amd64cpuinfo.c @@ -0,0 +1,16 @@ +#include <stdio.h> +#include <sys/types.h> +#include "osfreq.c" + +long long cpucycles_amd64cpuinfo(void) +{ + unsigned long long result; + asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" + : "=a" (result) :: "%rdx"); + return result; +} + +long long cpucycles_amd64cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/nacl-20110221/cpucycles/amd64cpuinfo.h b/nacl-20110221/cpucycles/amd64cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles amd64cpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_amd64cpuinfo_h +#define CPUCYCLES_amd64cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_amd64cpuinfo(void); +extern long long cpucycles_amd64cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "amd64cpuinfo" +#define cpucycles cpucycles_amd64cpuinfo +#define cpucycles_persecond cpucycles_amd64cpuinfo_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/amd64cpuspeed.c b/nacl-20110221/cpucycles/amd64cpuspeed.c @@ -0,0 +1,25 @@ +#include <stdio.h> +#include <sys/types.h> +#include <sys/param.h> +#include <sys/sysctl.h> + +long long cpucycles_amd64cpuspeed(void) +{ + unsigned long long result; + asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" + : "=a" (result) :: "%rdx"); + return result; +} + +long long cpucycles_amd64cpuspeed_persecond(void) +{ + int oid[2]; + int val; + size_t size; + oid[0] = CTL_HW; + oid[1] = HW_CPUSPEED; + size = sizeof val; + if (sysctl(oid,2,&val,&size,0,0) == -1) return 0; + if (size != sizeof val) return 0; + return val * 1000000LL; +} diff --git a/nacl-20110221/cpucycles/amd64cpuspeed.h b/nacl-20110221/cpucycles/amd64cpuspeed.h @@ -0,0 +1,27 @@ +/* +cpucycles amd64cpuspeed.h version 20090716 +Matthew Dempsky +Public domain. +*/ + +#ifndef CPUCYCLES_amd64cpuspeed_h +#define CPUCYCLES_amd64cpuspeed_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_amd64cpuspeed(void); +extern long long cpucycles_amd64cpuspeed_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "amd64cpuspeed" +#define cpucycles cpucycles_amd64cpuspeed +#define cpucycles_persecond cpucycles_amd64cpuspeed_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/amd64tscfreq.c b/nacl-20110221/cpucycles/amd64tscfreq.c @@ -0,0 +1,18 @@ +#include <stdio.h> +#include <sys/types.h> + +long long cpucycles_amd64tscfreq(void) +{ + unsigned long long result; + asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" + : "=a" (result) :: "%rdx"); + return result; +} + +long long cpucycles_amd64tscfreq_persecond(void) +{ + long result = 0; + size_t resultlen = sizeof(long); + sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0); + return result; +} diff --git a/nacl-20110221/cpucycles/amd64tscfreq.h b/nacl-20110221/cpucycles/amd64tscfreq.h @@ -0,0 +1,27 @@ +/* +cpucycles amd64tscfreq.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_amd64tscfreq_h +#define CPUCYCLES_amd64tscfreq_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_amd64tscfreq(void); +extern long long cpucycles_amd64tscfreq_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "amd64tscfreq" +#define cpucycles cpucycles_amd64tscfreq +#define cpucycles_persecond cpucycles_amd64tscfreq_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/celllinux.c b/nacl-20110221/cpucycles/celllinux.c @@ -0,0 +1,83 @@ +#include <time.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/time.h> +#include <sys/types.h> +#include <spu_mfcio.h> + +static long myround(double u) +{ + long result = u; + while (result + 0.5 < u) result += 1; + while (result - 0.5 > u) result -= 1; + return result; +} + +static long long microseconds(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static long long timebase(void) +{ + unsigned long long result; + result = -spu_read_decrementer(); + return 0xffffffff & result; +} + +static double cpufrequency = 0; +static long tbcycles = 0; + +static double guesstbcycles(void) +{ + long long tb0; long long us0; + long long tb1; long long us1; + + tb0 = timebase(); + us0 = microseconds(); + do { + tb1 = timebase(); + us1 = microseconds(); + } while (us1 - us0 < 10000 || tb1 - tb0 < 1000); + if (tb1 <= tb0) return 0; + tb1 -= tb0; + us1 -= us0; + return (cpufrequency * 0.000001 * (double) us1) / (double) tb1; +} + +static void init(void) +{ + int loop; + double guess1; + double guess2; + + spu_write_decrementer(0xffffffff); + + cpufrequency = 3192000000.0; + + for (loop = 0;loop < 100;++loop) { + guess1 = guesstbcycles(); + guess2 = guesstbcycles(); + tbcycles = myround(guess1); + if (guess1 - tbcycles > 0.1) continue; + if (tbcycles - guess1 > 0.1) continue; + if (guess2 - tbcycles > 0.1) continue; + if (tbcycles - guess2 > 0.1) continue; + return; + } + tbcycles = 0; +} + +long long cpucycles_celllinux(void) +{ + if (!tbcycles) init(); + return timebase() * tbcycles; +} + +long long cpucycles_celllinux_persecond(void) +{ + if (!tbcycles) init(); + return cpufrequency; +} diff --git a/nacl-20110221/cpucycles/celllinux.h b/nacl-20110221/cpucycles/celllinux.h @@ -0,0 +1,27 @@ +/* +cpucycles celllinux.h version 20081201 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_celllinux_h +#define CPUCYCLES_celllinux_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_celllinux(void); +extern long long cpucycles_celllinux_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "celllinux" +#define cpucycles cpucycles_celllinux +#define cpucycles_persecond cpucycles_celllinux_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/cortex.c b/nacl-20110221/cpucycles/cortex.c @@ -0,0 +1,73 @@ +/* +cpucycles/cortex.c version 20101203 +D. J. Bernstein +Public domain. +*/ + +#define SCALE 1 +#include <time.h> +#include <unistd.h> +#include <sys/time.h> + +static int enabled = 0; + +static int prev[3]; +static unsigned long long prevcycles = 0; +static int now[3]; +static long long cyclespersec = 0; + +static void readticks(unsigned int *result) +{ + struct timeval t; + unsigned int cc; + if (!enabled) { + asm volatile("mcr p15, 0, %0, c9, c12, 0" :: "r"(17)); + asm volatile("mcr p15, 0, %0, c9, c12, 1" :: "r"(0x8000000f)); + asm volatile("mcr p15, 0, %0, c9, c12, 3" :: "r"(0x8000000f)); + enabled = 1; + } + asm volatile("mrc p15, 0, %0, c9, c13, 0" : "=r"(cc)); + gettimeofday(&t,(struct timezone *) 0); + result[0] = cc; + result[1] = t.tv_usec; + result[2] = t.tv_sec; +} + +long long cpucycles_cortex(void) +{ + unsigned long long delta4; + int deltan; + int deltas; + unsigned long long guesscycles; + + readticks(now); + delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */ + deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */ + deltas = now[2] - prev[2]; /* signed change in number of seconds */ + if ((deltas == 0 && deltan < 200000) || (deltas == 1 && deltan < -800000)) + return (prevcycles + delta4) * SCALE; + + prev[0] = now[0]; + prev[1] = now[1]; + prev[2] = now[2]; + + if ((deltas == 0 && deltan < 300000) || (deltas == 1 && deltan < -700000)) { + // actual number of cycles cannot have increased by 2^32 in <0.3ms + cyclespersec = 1000000 * (unsigned long long) delta4; + cyclespersec /= deltan + 1000000 * (long long) deltas; + } else { + guesscycles = deltas * cyclespersec; + guesscycles += (deltan * cyclespersec) / 1000000; + while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL; + /* XXX: could do longer-term extrapolation here */ + } + + prevcycles += delta4; + return prevcycles * SCALE; +} + +long long cpucycles_cortex_persecond(void) +{ + while (!cyclespersec) cpucycles_cortex(); + return cyclespersec * SCALE; +} diff --git a/nacl-20110221/cpucycles/cortex.h b/nacl-20110221/cpucycles/cortex.h @@ -0,0 +1,27 @@ +/* +cpucycles cortex.h version 20100912 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_cortex_h +#define CPUCYCLES_cortex_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_cortex(void); +extern long long cpucycles_cortex_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "cortex" +#define cpucycles cpucycles_cortex +#define cpucycles_persecond cpucycles_cortex_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/dev4ns.c b/nacl-20110221/cpucycles/dev4ns.c @@ -0,0 +1,62 @@ +#include <sys/types.h> +#include <fcntl.h> +#include <time.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/time.h> + +static int fddev = -1; +static int prev[3]; +static unsigned long long prevcycles = 0; +static int now[3]; +static long long cyclespersec = 0; + +static void readdev(unsigned int *result) +{ + if (read(fddev,result,12) == 12) return; + result[0] = result[1] = result[2] = 0; +} + +long long cpucycles_dev4ns(void) +{ + unsigned long long delta4; + int deltan; + int deltas; + unsigned long long guesscycles; + + if (fddev == -1) { + fddev = open("/dev/cpucycles4ns",O_RDONLY); + readdev(prev); + } + + readdev(now); + delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */ + deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */ + deltas = now[2] - prev[2]; /* signed change in number of seconds */ + if ((deltas == 0 && deltan < 200000000) || (deltas == 1 && deltan < -800000000)) + return prevcycles + delta4; + + prev[0] = now[0]; + prev[1] = now[1]; + prev[2] = now[2]; + + if ((deltas == 0 && deltan < 300000000) || (deltas == 1 && deltan < -700000000)) { + // actual number of cycles cannot have increased by 2^32 in <0.3ms + cyclespersec = 1000000000 * (unsigned long long) delta4; + cyclespersec /= deltan + 1000000000 * (long long) deltas; + } else { + guesscycles = deltas * cyclespersec; + guesscycles += (deltan * cyclespersec) / 1000000000; + while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL; + /* XXX: could do longer-term extrapolation here */ + } + + prevcycles += delta4; + return prevcycles; +} + +long long cpucycles_dev4ns_persecond(void) +{ + while (!cyclespersec) cpucycles_dev4ns(); + return cyclespersec; +} diff --git a/nacl-20110221/cpucycles/dev4ns.h b/nacl-20110221/cpucycles/dev4ns.h @@ -0,0 +1,27 @@ +/* +cpucycles dev4ns.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_dev4ns_h +#define CPUCYCLES_dev4ns_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_dev4ns(void); +extern long long cpucycles_dev4ns_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "dev4ns" +#define cpucycles cpucycles_dev4ns +#define cpucycles_persecond cpucycles_dev4ns_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/do b/nacl-20110221/cpucycles/do @@ -0,0 +1,105 @@ +#!/bin/sh -e + +okabi | ( + while read abi + do + + rm -f cpucycles.o cpucycles.h + + ( + case "$abi" in + ppc*) + echo powerpccpuinfo + echo powerpcmacos + ;; + amd64*) + echo amd64tscfreq + echo amd64cpuinfo + echo amd64cpuspeed + ;; + x86*) + echo x86tscfreq + echo x86cpuinfo + echo x86cpuspeed + echo x86estimate + ;; + cell*) + echo celllinux + ;; + sparc*) + echo sparccpuinfo + echo sparc32cpuinfo + ;; + mips*) + echo mips + ;; + hppa*) + echo hppapstat + ;; + alpha*) + echo alpha + ;; + sgi*) + echo sgi + ;; + arm*) + echo cortex + echo dev4ns + ;; + esac + + echo amd64tscfreq + echo amd64cpuinfo + echo amd64cpuspeed + echo x86tscfreq + echo x86cpuinfo + echo x86cpuspeed + echo x86estimate + echo ia64cpuinfo + echo powerpccpuinfo + echo powerpcmacos + echo celllinux + echo sparccpuinfo + echo sparc32cpuinfo + echo mips + echo hppapstat + echo alpha + echo sgi + echo cortex + echo dev4ns + echo monotoniccpuinfo + echo monotonic + echo gettimeofday + ) | ( + while read n + do + okc-$abi | ( + while read c + do + echo "=== `date` === Trying $n.c with $c..." >&2 + rm -f test cpucycles-impl.o cpucycles-impl.h cpucycles-impl.c + cp $n.c cpucycles-impl.c || continue + cp $n.h cpucycles-impl.h || continue + $c -c cpucycles-impl.c || continue + $c -o test test.c cpucycles-impl.o || continue + ./test || continue + echo "=== `date` === Success. Using $n.c." >&2 + mkdir -p lib/$abi + mv cpucycles-impl.o lib/$abi/cpucycles.o + mkdir -p include/$abi + mv cpucycles-impl.h include/$abi/cpucycles.h + exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 + ) || ( + echo ===== Giving up. >&2 + rm -f test cpucycles-impl.o cpucycles-impl.h cpucycles-impl.c + exit 111 + ) || exit 0 + + done + exit 0 +) || exit 111 diff --git a/nacl-20110221/cpucycles/gettimeofday.c b/nacl-20110221/cpucycles/gettimeofday.c @@ -0,0 +1,32 @@ +#include <time.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/time.h> +#include <sys/types.h> +#include "osfreq.c" + +static double cpufrequency = 0; + +static void init(void) +{ + cpufrequency = osfreq(); +} + +long long cpucycles_gettimeofday(void) +{ + double result; + struct timeval t; + if (!cpufrequency) init(); + gettimeofday(&t,(struct timezone *) 0); + result = t.tv_usec; + result *= 0.000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_gettimeofday_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/nacl-20110221/cpucycles/gettimeofday.h b/nacl-20110221/cpucycles/gettimeofday.h @@ -0,0 +1,27 @@ +/* +cpucycles gettimeofday.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_gettimeofday_h +#define CPUCYCLES_gettimeofday_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_gettimeofday(void); +extern long long cpucycles_gettimeofday_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "gettimeofday" +#define cpucycles cpucycles_gettimeofday +#define cpucycles_persecond cpucycles_gettimeofday_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/hppapstat.c b/nacl-20110221/cpucycles/hppapstat.c @@ -0,0 +1,26 @@ +#include <stdio.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/param.h> +#include <sys/pstat.h> +#include <machine/inline.h> + +long long cpucycles_hppapstat(void) +{ + register long long result; + _MFCTL(16,result); + return result; +} + +long long cpucycles_hppapstat_persecond(void) +{ + struct pst_processor pst; + union pstun pu; + double result; + + pu.pst_processor = &pst; + if (pstat(PSTAT_PROCESSOR,pu,sizeof(pst),1,0) < 0) return 0; + result = pst.psp_iticksperclktick; + result *= (double) sysconf(_SC_CLK_TCK); + return result; +} diff --git a/nacl-20110221/cpucycles/hppapstat.h b/nacl-20110221/cpucycles/hppapstat.h @@ -0,0 +1,27 @@ +/* +cpucycles hppapstat.h version 20060319 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_hppapstat_h +#define CPUCYCLES_hppapstat_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_hppapstat(void); +extern long long cpucycles_hppapstat_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "hppapstat" +#define cpucycles cpucycles_hppapstat +#define cpucycles_persecond cpucycles_hppapstat_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/ia64cpuinfo.c b/nacl-20110221/cpucycles/ia64cpuinfo.c @@ -0,0 +1,15 @@ +#include <stdio.h> +#include <sys/types.h> +#include "osfreq.c" + +long long cpucycles_ia64cpuinfo(void) +{ + long long result; + asm volatile("mov %0=ar.itc" : "=r"(result)); + return result; +} + +long long cpucycles_ia64cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/nacl-20110221/cpucycles/ia64cpuinfo.h b/nacl-20110221/cpucycles/ia64cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles ia64cpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_ia64cpuinfo_h +#define CPUCYCLES_ia64cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_ia64cpuinfo(void); +extern long long cpucycles_ia64cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "ia64cpuinfo" +#define cpucycles cpucycles_ia64cpuinfo +#define cpucycles_persecond cpucycles_ia64cpuinfo_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/mips.c b/nacl-20110221/cpucycles/mips.c @@ -0,0 +1,65 @@ +/* +cpucycles/mips.c version 20100803 +D. J. Bernstein +Public domain. +*/ + +#define SCALE 2 +#include <time.h> +#include <unistd.h> +#include <sys/time.h> + +static int prev[3]; +static unsigned long long prevcycles = 0; +static int now[3]; +static long long cyclespersec = 0; + +static void readticks(unsigned int *result) +{ + struct timeval t; + unsigned int cc; + asm volatile(".byte 59; .byte 16; .byte 2; .byte 124; move %0,$2" : "=r"(cc) : : "$2"); + gettimeofday(&t,(struct timezone *) 0); + result[0] = cc; + result[1] = t.tv_usec; + result[2] = t.tv_sec; +} + +long long cpucycles_mips(void) +{ + unsigned long long delta4; + int deltan; + int deltas; + unsigned long long guesscycles; + + readticks(now); + delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */ + deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */ + deltas = now[2] - prev[2]; /* signed change in number of seconds */ + if ((deltas == 0 && deltan < 200000) || (deltas == 1 && deltan < -800000)) + return (prevcycles + delta4) * SCALE; + + prev[0] = now[0]; + prev[1] = now[1]; + prev[2] = now[2]; + + if ((deltas == 0 && deltan < 300000) || (deltas == 1 && deltan < -700000)) { + // actual number of cycles cannot have increased by 2^32 in <0.3ms + cyclespersec = 1000000 * (unsigned long long) delta4; + cyclespersec /= deltan + 1000000 * (long long) deltas; + } else { + guesscycles = deltas * cyclespersec; + guesscycles += (deltan * cyclespersec) / 1000000; + while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL; + /* XXX: could do longer-term extrapolation here */ + } + + prevcycles += delta4; + return prevcycles * SCALE; +} + +long long cpucycles_mips_persecond(void) +{ + while (!cyclespersec) cpucycles_mips(); + return cyclespersec * SCALE; +} diff --git a/nacl-20110221/cpucycles/mips.h b/nacl-20110221/cpucycles/mips.h @@ -0,0 +1,27 @@ +/* +cpucycles mips.h version 20100802 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_mips_h +#define CPUCYCLES_mips_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_mips(void); +extern long long cpucycles_mips_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "mips" +#define cpucycles cpucycles_mips +#define cpucycles_persecond cpucycles_mips_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/monotonic.c b/nacl-20110221/cpucycles/monotonic.c @@ -0,0 +1,34 @@ +#include <time.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/time.h> +#include <sys/types.h> +#include <sys/sysctl.h> + +static double cpufrequency = 0; + +static void init(void) +{ + long result = 0; size_t resultlen = sizeof(long); + sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0); + cpufrequency = result; +} + +long long cpucycles_monotonic(void) +{ + double result; + struct timespec t; + if (!cpufrequency) init(); + clock_gettime(CLOCK_MONOTONIC,&t); + result = t.tv_nsec; + result *= 0.000000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_monotonic_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/nacl-20110221/cpucycles/monotonic.h b/nacl-20110221/cpucycles/monotonic.h @@ -0,0 +1,27 @@ +/* +cpucycles monotonic.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_monotonic_h +#define CPUCYCLES_monotonic_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_monotonic(void); +extern long long cpucycles_monotonic_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "monotonic" +#define cpucycles cpucycles_monotonic +#define cpucycles_persecond cpucycles_monotonic_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/monotoniccpuinfo.c b/nacl-20110221/cpucycles/monotoniccpuinfo.c @@ -0,0 +1,33 @@ +#include <time.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/time.h> +#include <sys/types.h> +#include <sys/sysctl.h> +#include "osfreq.c" + +static double cpufrequency = 0; + +static void init(void) +{ + cpufrequency = osfreq(); +} + +long long cpucycles_monotoniccpuinfo(void) +{ + double result; + struct timespec t; + if (!cpufrequency) init(); + clock_gettime(CLOCK_MONOTONIC,&t); + result = t.tv_nsec; + result *= 0.000000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_monotoniccpuinfo_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/nacl-20110221/cpucycles/monotoniccpuinfo.h b/nacl-20110221/cpucycles/monotoniccpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles monotoniccpuinfo.h version 20100804 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_monotoniccpuinfo_h +#define CPUCYCLES_monotoniccpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_monotoniccpuinfo(void); +extern long long cpucycles_monotoniccpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "monotoniccpuinfo" +#define cpucycles cpucycles_monotoniccpuinfo +#define cpucycles_persecond cpucycles_monotoniccpuinfo_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/osfreq.c b/nacl-20110221/cpucycles/osfreq.c @@ -0,0 +1,65 @@ +static double osfreq(void) +{ + FILE *f; + double result; + int s; + + f = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq", "r"); + if (f) { + s = fscanf(f,"%lf",&result); + fclose(f); + if (s > 0) return 1000.0 * result; + } + + f = fopen("/sys/devices/system/cpu/cpu0/clock_tick", "r"); + if (f) { + s = fscanf(f,"%lf",&result); + fclose(f); + if (s > 0) return result; + } + + f = fopen("/proc/cpuinfo","r"); + if (f) { + for (;;) { + s = fscanf(f,"cpu MHz : %lf",&result); + if (s > 0) break; + if (s == 0) s = fscanf(f,"%*[^\n]\n"); + if (s < 0) { result = 0; break; } + } + fclose(f); + if (result) return 1000000.0 * result; + } + + f = fopen("/proc/cpuinfo","r"); + if (f) { + for (;;) { + s = fscanf(f,"clock : %lf",&result); + if (s > 0) break; + if (s == 0) s = fscanf(f,"%*[^\n]\n"); + if (s < 0) { result = 0; break; } + } + fclose(f); + if (result) return 1000000.0 * result; + } + + f = popen("/usr/sbin/lsattr -E -l proc0 -a frequency 2>/dev/null","r"); + if (f) { + s = fscanf(f,"frequency %lf",&result); + pclose(f); + if (s > 0) return result; + } + + f = popen("/usr/sbin/psrinfo -v 2>/dev/null","r"); + if (f) { + for (;;) { + s = fscanf(f," The %*s processor operates at %lf MHz",&result); + if (s > 0) break; + if (s == 0) s = fscanf(f,"%*[^\n]\n"); + if (s < 0) { result = 0; break; } + } + pclose(f); + if (result) return 1000000.0 * result; + } + + return 0; +} diff --git a/nacl-20110221/cpucycles/powerpccpuinfo.c b/nacl-20110221/cpucycles/powerpccpuinfo.c @@ -0,0 +1,95 @@ +#include <time.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/time.h> +#include <sys/types.h> +#include "osfreq.c" + +static long myround(double u) +{ + long result = u; + while (result + 0.5 < u) result += 1; + while (result - 0.5 > u) result -= 1; + return result; +} + +static long long microseconds(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static int tbshift = 0; + +static long long timebase(void) +{ + unsigned long high; + unsigned long low; + unsigned long newhigh; + unsigned long long result; + asm volatile( + "7:mftbu %0;mftb %1;mftbu %2;cmpw %0,%2;bne 7b" + : "=r" (high), "=r" (low), "=r" (newhigh) + ); + result = high; + result <<= 32; + result |= low; + return result >> tbshift; +} + +static double cpufrequency = 0; +static long tbcycles = 0; + +static double guesstbcycles(void) +{ + long long tb0; long long us0; + long long tb1; long long us1; + + tb0 = timebase(); + us0 = microseconds(); + do { + tb1 = timebase(); + us1 = microseconds(); + } while (us1 - us0 < 10000 || tb1 - tb0 < 1000); + if (tb1 <= tb0) return 0; + tb1 -= tb0; + us1 -= us0; + return (cpufrequency * 0.000001 * (double) us1) / (double) tb1; +} + +static void init(void) +{ + int loop; + double guess1; + double guess2; + + cpufrequency = osfreq(); + if (!cpufrequency) return; + + for (tbshift = 0;tbshift < 10;++tbshift) { + for (loop = 0;loop < 100;++loop) { + guess1 = guesstbcycles(); + guess2 = guesstbcycles(); + tbcycles = myround(guess1); + if (guess1 - tbcycles > 0.1) continue; + if (tbcycles - guess1 > 0.1) continue; + if (guess2 - tbcycles > 0.1) continue; + if (tbcycles - guess2 > 0.1) continue; + return; + } + } + tbcycles = 0; +} + +long long cpucycles_powerpccpuinfo(void) +{ + if (!tbcycles) init(); + return timebase() * tbcycles; +} + +long long cpucycles_powerpccpuinfo_persecond(void) +{ + if (!tbcycles) init(); + return cpufrequency; +} diff --git a/nacl-20110221/cpucycles/powerpccpuinfo.h b/nacl-20110221/cpucycles/powerpccpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles powerpccpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_powerpccpuinfo_h +#define CPUCYCLES_powerpccpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_powerpccpuinfo(void); +extern long long cpucycles_powerpccpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "powerpccpuinfo" +#define cpucycles cpucycles_powerpccpuinfo +#define cpucycles_persecond cpucycles_powerpccpuinfo_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/powerpcmacos.c b/nacl-20110221/cpucycles/powerpcmacos.c @@ -0,0 +1,42 @@ +#include <sys/types.h> +#include <sys/sysctl.h> +#include <mach/mach_time.h> + +#define timebase mach_absolute_time + +static int cpumib[2] = { CTL_HW, HW_CPU_FREQ } ; +static int tbmib[2] = { CTL_HW, HW_TB_FREQ } ; + +static long myround(double u) +{ + long result = u; + while (result + 0.5 < u) result += 1; + while (result - 0.5 > u) result -= 1; + return result; +} + +static long tbcycles = 0; + +static void init(void) +{ + unsigned int cpufrequency = 0; size_t cpufrequencylen = sizeof(unsigned int); + unsigned int tbfrequency = 0; size_t tbfrequencylen = sizeof(unsigned int); + sysctl(cpumib,2,&cpufrequency,&cpufrequencylen,0,0); + sysctl(tbmib,2,&tbfrequency,&tbfrequencylen,0,0); + if (tbfrequency > 0) + tbcycles = myround((double) (unsigned long long) cpufrequency + / (double) (unsigned long long) tbfrequency); +} + +long long cpucycles_powerpcmacos(void) +{ + if (!tbcycles) init(); + return timebase() * tbcycles; +} + +long long cpucycles_powerpcmacos_persecond(void) +{ + unsigned int result = 0; size_t resultlen = sizeof(unsigned int); + sysctl(cpumib,2,&result,&resultlen,0,0); + return (unsigned long long) result; +} diff --git a/nacl-20110221/cpucycles/powerpcmacos.h b/nacl-20110221/cpucycles/powerpcmacos.h @@ -0,0 +1,27 @@ +/* +cpucycles powerpcmacos.h version 20060319 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_powerpcmacos_h +#define CPUCYCLES_powerpcmacos_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_powerpcmacos(void); +extern long long cpucycles_powerpcmacos_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "powerpcmacos" +#define cpucycles cpucycles_powerpcmacos +#define cpucycles_persecond cpucycles_powerpcmacos_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/sgi.c b/nacl-20110221/cpucycles/sgi.c @@ -0,0 +1,38 @@ +#include <time.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/time.h> +#include <sys/types.h> +#include <sys/sysctl.h> + +static double cpufrequency = 0; + +static void init(void) +{ + FILE *f; + + f = popen("hinv -c processor | awk '{if ($3==\"MHZ\") print $2*1000000}'","r"); + if (!f) return; + if (fscanf(f,"%lf",&cpufrequency) < 1) cpufrequency = 0; + pclose(f); + if (!cpufrequency) return; +} + +long long cpucycles_sgi(void) +{ + double result; + struct timespec t; + if (!cpufrequency) init(); + clock_gettime(CLOCK_SGI_CYCLE,&t); + result = t.tv_nsec; + result *= 0.000000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_sgi_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/nacl-20110221/cpucycles/sgi.h b/nacl-20110221/cpucycles/sgi.h @@ -0,0 +1,27 @@ +/* +cpucycles sgi.h version 20070916 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_sgi_h +#define CPUCYCLES_sgi_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_sgi(void); +extern long long cpucycles_sgi_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "sgi" +#define cpucycles cpucycles_sgi +#define cpucycles_persecond cpucycles_sgi_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/sparc32cpuinfo.c b/nacl-20110221/cpucycles/sparc32cpuinfo.c @@ -0,0 +1,16 @@ +#include <stdio.h> +#include <sys/types.h> +#include "osfreq.c" + +long long cpucycles_sparc32cpuinfo(void) +{ + long long result; + asm volatile(".word 2202075136; .word 2570088480; srl %%g1,0,%L0; mov %%o4,%H0" + : "=r" (result) : : "g1","o4"); + return result; +} + +long long cpucycles_sparc32cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/nacl-20110221/cpucycles/sparc32cpuinfo.h b/nacl-20110221/cpucycles/sparc32cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles sparc32cpuinfo.h version 20100804 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_sparc32cpuinfo_h +#define CPUCYCLES_sparc32cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_sparc32cpuinfo(void); +extern long long cpucycles_sparc32cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "sparc32cpuinfo" +#define cpucycles cpucycles_sparc32cpuinfo +#define cpucycles_persecond cpucycles_sparc32cpuinfo_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/sparccpuinfo.c b/nacl-20110221/cpucycles/sparccpuinfo.c @@ -0,0 +1,15 @@ +#include <stdio.h> +#include <sys/types.h> +#include "osfreq.c" + +long long cpucycles_sparccpuinfo(void) +{ + long long result; + asm volatile("rd %%tick,%0" : "=r" (result)); + return result; +} + +long long cpucycles_sparccpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/nacl-20110221/cpucycles/sparccpuinfo.h b/nacl-20110221/cpucycles/sparccpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles sparccpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_sparccpuinfo_h +#define CPUCYCLES_sparccpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_sparccpuinfo(void); +extern long long cpucycles_sparccpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "sparccpuinfo" +#define cpucycles cpucycles_sparccpuinfo +#define cpucycles_persecond cpucycles_sparccpuinfo_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/test.c b/nacl-20110221/cpucycles/test.c @@ -0,0 +1,77 @@ +#include <time.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/time.h> +#include "cpucycles-impl.h" + +static long long tod(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +long long todstart; +long long todend; +long long cpustart; +long long cpuend; + +long long cyclespersecond; +long long cyclespertod; + +long long t[1001]; + +int main() +{ + int j; + int i; + + if (!cpucycles()) { + fprintf(stderr,"cpucycles() = %lld\n",cpucycles()); + return 100; + } + for (i = 0;i <= 1000;++i) t[i] = cpucycles(); + for (i = 0;i < 1000;++i) if (t[i] > t[i + 1]) { + fprintf(stderr,"t[%d] = %lld\n",i,t[i]); + fprintf(stderr,"t[%d] = %lld\n",i + 1,t[i + 1]); + fprintf(stderr,"cpucycles_persecond() = %lld\n",cpucycles_persecond()); + return 100; + } + if (t[0] == t[1000]) { + fprintf(stderr,"t[%d] = %lld\n",0,t[0]); + fprintf(stderr,"t[%d] = %lld\n",1000,t[1000]); + fprintf(stderr,"cpucycles_persecond() = %lld\n",cpucycles_persecond()); + return 100; + } + + cyclespersecond = cpucycles_persecond(); + + if (cyclespersecond <= 0) { + fprintf(stderr,"cpucycles_persecond() = %lld\n",cyclespersecond); + return 100; + } + + todstart = tod(); + cpustart = cpucycles(); + for (j = 0;j < 1000;++j) for (i = 0;i <= 1000;++i) t[i] = t[i] + i + j; + todend = tod(); + cpuend = cpucycles(); + + todend -= todstart; + cpuend -= cpustart; + + cyclespertod = (long long) (((double) cpuend) * 1000000.0 / (double) todend); + + if (cyclespertod > 10 * cyclespersecond) { + fprintf(stderr,"cyclespertod = %lld, cyclespersecond = %lld\n",cyclespertod,cyclespersecond); + return 100; + } + + for (i = 0;i <= 1000;++i) t[i] = cpucycles(); + printf("%s",cpucycles_implementation); + printf(" %lld",cyclespersecond); + printf(" %lld",cyclespertod); + for (i = 0;i < 64;++i) printf(" %lld",t[i + 1] - t[i]); + printf("\n"); + return 0; +} diff --git a/nacl-20110221/cpucycles/x86cpuinfo.c b/nacl-20110221/cpucycles/x86cpuinfo.c @@ -0,0 +1,15 @@ +#include <stdio.h> +#include <sys/types.h> +#include "osfreq.c" + +long long cpucycles_x86cpuinfo(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +long long cpucycles_x86cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/nacl-20110221/cpucycles/x86cpuinfo.h b/nacl-20110221/cpucycles/x86cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles x86cpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_x86cpuinfo_h +#define CPUCYCLES_x86cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86cpuinfo(void); +extern long long cpucycles_x86cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86cpuinfo" +#define cpucycles cpucycles_x86cpuinfo +#define cpucycles_persecond cpucycles_x86cpuinfo_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/x86cpuspeed.c b/nacl-20110221/cpucycles/x86cpuspeed.c @@ -0,0 +1,24 @@ +#include <stdio.h> +#include <sys/types.h> +#include <sys/param.h> +#include <sys/sysctl.h> + +long long cpucycles_x86cpuspeed(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +long long cpucycles_x86cpuspeed_persecond(void) +{ + int oid[2]; + int val; + size_t size; + oid[0] = CTL_HW; + oid[1] = HW_CPUSPEED; + size = sizeof val; + if (sysctl(oid,2,&val,&size,0,0) == -1) return 0; + if (size != sizeof val) return 0; + return val * 1000000LL; +} diff --git a/nacl-20110221/cpucycles/x86cpuspeed.h b/nacl-20110221/cpucycles/x86cpuspeed.h @@ -0,0 +1,27 @@ +/* +cpucycles x86cpuspeed.h version 20090716 +Matthew Dempsky +Public domain. +*/ + +#ifndef CPUCYCLES_x86cpuspeed_h +#define CPUCYCLES_x86cpuspeed_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86cpuspeed(void); +extern long long cpucycles_x86cpuspeed_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86cpuspeed" +#define cpucycles cpucycles_x86cpuspeed +#define cpucycles_persecond cpucycles_x86cpuspeed_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/x86estimate.c b/nacl-20110221/cpucycles/x86estimate.c @@ -0,0 +1,59 @@ +#include <time.h> +#include <sys/time.h> +#include <sys/types.h> +#include <sys/sysctl.h> + +long long cpucycles_x86estimate(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +static long long microseconds(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static double guessfreq(void) +{ + long long tb0; long long us0; + long long tb1; long long us1; + + tb0 = cpucycles_x86estimate(); + us0 = microseconds(); + do { + tb1 = cpucycles_x86estimate(); + us1 = microseconds(); + } while (us1 - us0 < 10000 || tb1 - tb0 < 1000); + if (tb1 <= tb0) return 0; + tb1 -= tb0; + us1 -= us0; + return ((double) tb1) / (0.000001 * (double) us1); +} + +static double cpufrequency = 0; + +static void init(void) +{ + double guess1; + double guess2; + int loop; + + for (loop = 0;loop < 100;++loop) { + guess1 = guessfreq(); + guess2 = guessfreq(); + if (guess1 > 1.01 * guess2) continue; + if (guess2 > 1.01 * guess1) continue; + cpufrequency = 0.5 * (guess1 + guess2); + break; + } +} + +long long cpucycles_x86estimate_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/nacl-20110221/cpucycles/x86estimate.h b/nacl-20110221/cpucycles/x86estimate.h @@ -0,0 +1,27 @@ +/* +cpucycles x86estimate.h version 20070121 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_x86estimate_h +#define CPUCYCLES_x86estimate_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86estimate(void); +extern long long cpucycles_x86estimate_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86estimate" +#define cpucycles cpucycles_x86estimate +#define cpucycles_persecond cpucycles_x86estimate_persecond +#endif + +#endif diff --git a/nacl-20110221/cpucycles/x86tscfreq.c b/nacl-20110221/cpucycles/x86tscfreq.c @@ -0,0 +1,17 @@ +#include <sys/types.h> +#include <sys/sysctl.h> + +long long cpucycles_x86tscfreq(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +long long cpucycles_x86tscfreq_persecond(void) +{ + long result = 0; + size_t resultlen = sizeof(long); + sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0); + return result; +} diff --git a/nacl-20110221/cpucycles/x86tscfreq.h b/nacl-20110221/cpucycles/x86tscfreq.h @@ -0,0 +1,27 @@ +/* +cpucycles x86tscfreq.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_x86tscfreq_h +#define CPUCYCLES_x86tscfreq_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86tscfreq(void); +extern long long cpucycles_x86tscfreq_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86tscfreq" +#define cpucycles cpucycles_x86tscfreq +#define cpucycles_persecond cpucycles_x86tscfreq_persecond +#endif + +#endif diff --git a/nacl-20110221/cpuid/cbytes.c b/nacl-20110221/cpuid/cbytes.c @@ -0,0 +1,16 @@ +#include <stdio.h> + +int main() +{ + char ch; + int loop = 0; + while (scanf("%c",&ch) == 1) { + printf("0x%02x,",255 & (int) ch); + if (++loop == 16) { + loop = 0; + printf("\n"); + } + } + printf("0x00\n"); + return 0; +} diff --git a/nacl-20110221/cpuid/cpuid.c b/nacl-20110221/cpuid/cpuid.c @@ -0,0 +1,41 @@ +#include <stdio.h> +#include <stdlib.h> +#include <signal.h> +#include <unistd.h> + +void nope() +{ + exit(1); +} + +int main() +{ + unsigned long x[4]; + unsigned long y[4]; + int i; + int j; + char c; + + signal(SIGILL,nope); + + x[0] = 0; + x[1] = 0; + x[2] = 0; + x[3] = 0; + + asm volatile(".byte 15;.byte 162" : "=a"(x[0]),"=b"(x[1]),"=c"(x[3]),"=d"(x[2]) : "0"(0) ); + if (!x[0]) return 0; + asm volatile(".byte 15;.byte 162" : "=a"(y[0]),"=b"(y[1]),"=c"(y[2]),"=d"(y[3]) : "0"(1) ); + + for (i = 1;i < 4;++i) + for (j = 0;j < 4;++j) { + c = x[i] >> (8 * j); + if (c < 32) c = 32; + if (c > 126) c = 126; + putchar(c); + } + + printf("-%08x-%08x\n",y[0],y[3]); + + return 0; +} diff --git a/nacl-20110221/cpuid/do b/nacl-20110221/cpuid/do @@ -0,0 +1,37 @@ +#!/bin/sh -e + +mkdir include + +( + echo x86 + echo unknown +) | ( + while read n + do + okabi | ( + while read abi + do + okc-$abi | ( + while read c + do + echo "=== `date` === Trying $n.c with $c..." >&2 + rm -f cpuid.c + cp $n.c cpuid.c || continue + $c -o cpuid cpuid.c || continue + $c -o cbytes cbytes.c || continue + ./cpuid > cpuid.out || continue + echo 'static const char cpuid[] = {' > cpuid.h || continue + ./cbytes < cpuid.out >> cpuid.h || continue + echo '} ;' >> cpuid.h || continue + cp cpuid.h include/cpuid.h || continue + cat cpuid.out + exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 +) diff --git a/nacl-20110221/cpuid/unknown.c b/nacl-20110221/cpuid/unknown.c @@ -0,0 +1,7 @@ +#include <stdio.h> + +main() +{ + printf("unknown CPU ID\n"); + return 0; +} diff --git a/nacl-20110221/cpuid/x86.c b/nacl-20110221/cpuid/x86.c @@ -0,0 +1,41 @@ +#include <stdio.h> +#include <stdlib.h> +#include <signal.h> +#include <unistd.h> + +void nope() +{ + exit(1); +} + +int main() +{ + unsigned long x[4]; + unsigned long y[4]; + int i; + int j; + char c; + + signal(SIGILL,nope); + + x[0] = 0; + x[1] = 0; + x[2] = 0; + x[3] = 0; + + asm volatile(".byte 15;.byte 162" : "=a"(x[0]),"=b"(x[1]),"=c"(x[3]),"=d"(x[2]) : "0"(0) ); + if (!x[0]) return 0; + asm volatile(".byte 15;.byte 162" : "=a"(y[0]),"=b"(y[1]),"=c"(y[2]),"=d"(y[3]) : "0"(1) ); + + for (i = 1;i < 4;++i) + for (j = 0;j < 4;++j) { + c = x[i] >> (8 * j); + if (c < 32) c = 32; + if (c > 126) c = 126; + putchar(c); + } + + printf("-%08x-%08x\n",(unsigned int) y[0],(unsigned int) y[3]); + + return 0; +} diff --git a/nacl-20110221/crypto_auth/hmacsha256/checksum b/nacl-20110221/crypto_auth/hmacsha256/checksum @@ -0,0 +1 @@ +3bd7abd4f4dce04396f2ac7cb1cff70607f692411c49a1563b037d31e1662632 diff --git a/nacl-20110221/crypto_auth/hmacsha256/ref/api.h b/nacl-20110221/crypto_auth/hmacsha256/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_KEYBYTES 32 diff --git a/nacl-20110221/crypto_auth/hmacsha256/ref/hmac.c b/nacl-20110221/crypto_auth/hmacsha256/ref/hmac.c @@ -0,0 +1,83 @@ +/* + * 20080913 + * D. J. Bernstein + * Public domain. + * */ + +#include "crypto_hashblocks_sha256.h" +#include "crypto_auth.h" + +#define blocks crypto_hashblocks_sha256 + +typedef unsigned int uint32; + +static const char iv[32] = { + 0x6a,0x09,0xe6,0x67, + 0xbb,0x67,0xae,0x85, + 0x3c,0x6e,0xf3,0x72, + 0xa5,0x4f,0xf5,0x3a, + 0x51,0x0e,0x52,0x7f, + 0x9b,0x05,0x68,0x8c, + 0x1f,0x83,0xd9,0xab, + 0x5b,0xe0,0xcd,0x19, +} ; + +int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char h[32]; + unsigned char padded[128]; + int i; + unsigned long long bits = 512 + (inlen << 3); + + for (i = 0;i < 32;++i) h[i] = iv[i]; + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36; + for (i = 32;i < 64;++i) padded[i] = 0x36; + + blocks(h,padded,64); + blocks(h,in,inlen); + in += inlen; + inlen &= 63; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 56) { + for (i = inlen + 1;i < 56;++i) padded[i] = 0; + padded[56] = bits >> 56; + padded[57] = bits >> 48; + padded[58] = bits >> 40; + padded[59] = bits >> 32; + padded[60] = bits >> 24; + padded[61] = bits >> 16; + padded[62] = bits >> 8; + padded[63] = bits; + blocks(h,padded,64); + } else { + for (i = inlen + 1;i < 120;++i) padded[i] = 0; + padded[120] = bits >> 56; + padded[121] = bits >> 48; + padded[122] = bits >> 40; + padded[123] = bits >> 32; + padded[124] = bits >> 24; + padded[125] = bits >> 16; + padded[126] = bits >> 8; + padded[127] = bits; + blocks(h,padded,128); + } + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c; + for (i = 32;i < 64;++i) padded[i] = 0x5c; + for (i = 0;i < 32;++i) padded[64 + i] = h[i]; + + for (i = 0;i < 32;++i) out[i] = iv[i]; + + for (i = 32;i < 64;++i) padded[64 + i] = 0; + padded[64 + 32] = 0x80; + padded[64 + 62] = 3; + + blocks(out,padded,128); + + return 0; +} diff --git a/nacl-20110221/crypto_auth/hmacsha256/ref/verify.c b/nacl-20110221/crypto_auth/hmacsha256/ref/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_32.h" +#include "crypto_auth.h" + +int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[32]; + crypto_auth(correct,in,inlen,k); + return crypto_verify_32(h,correct); +} diff --git a/nacl-20110221/crypto_auth/hmacsha256/used b/nacl-20110221/crypto_auth/hmacsha256/used diff --git a/nacl-20110221/crypto_auth/hmacsha512256/checksum b/nacl-20110221/crypto_auth/hmacsha512256/checksum @@ -0,0 +1 @@ +2f5e8a6a0cac012d8d001351d7d583e69f91390df46305c3608e0c2893491886 diff --git a/nacl-20110221/crypto_auth/hmacsha512256/ref/api.h b/nacl-20110221/crypto_auth/hmacsha512256/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_KEYBYTES 32 diff --git a/nacl-20110221/crypto_auth/hmacsha512256/ref/hmac.c b/nacl-20110221/crypto_auth/hmacsha512256/ref/hmac.c @@ -0,0 +1,86 @@ +/* + * 20080913 + * D. J. Bernstein + * Public domain. + * */ + +#include "crypto_hashblocks_sha512.h" +#include "crypto_auth.h" + +#define blocks crypto_hashblocks_sha512 + +typedef unsigned long long uint64; + +static const unsigned char iv[64] = { + 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, + 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, + 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, + 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, + 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, + 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, + 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, + 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 +} ; + +int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char h[64]; + unsigned char padded[256]; + int i; + unsigned long long bytes = 128 + inlen; + + for (i = 0;i < 64;++i) h[i] = iv[i]; + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36; + for (i = 32;i < 128;++i) padded[i] = 0x36; + + blocks(h,padded,128); + blocks(h,in,inlen); + in += inlen; + inlen &= 127; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 112) { + for (i = inlen + 1;i < 119;++i) padded[i] = 0; + padded[119] = bytes >> 61; + padded[120] = bytes >> 53; + padded[121] = bytes >> 45; + padded[122] = bytes >> 37; + padded[123] = bytes >> 29; + padded[124] = bytes >> 21; + padded[125] = bytes >> 13; + padded[126] = bytes >> 5; + padded[127] = bytes << 3; + blocks(h,padded,128); + } else { + for (i = inlen + 1;i < 247;++i) padded[i] = 0; + padded[247] = bytes >> 61; + padded[248] = bytes >> 53; + padded[249] = bytes >> 45; + padded[250] = bytes >> 37; + padded[251] = bytes >> 29; + padded[252] = bytes >> 21; + padded[253] = bytes >> 13; + padded[254] = bytes >> 5; + padded[255] = bytes << 3; + blocks(h,padded,256); + } + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c; + for (i = 32;i < 128;++i) padded[i] = 0x5c; + + for (i = 0;i < 64;++i) padded[128 + i] = h[i]; + for (i = 0;i < 64;++i) h[i] = iv[i]; + + for (i = 64;i < 128;++i) padded[128 + i] = 0; + padded[128 + 64] = 0x80; + padded[128 + 126] = 6; + + blocks(h,padded,256); + for (i = 0;i < 32;++i) out[i] = h[i]; + + return 0; +} diff --git a/nacl-20110221/crypto_auth/hmacsha512256/ref/verify.c b/nacl-20110221/crypto_auth/hmacsha512256/ref/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_32.h" +#include "crypto_auth.h" + +int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[32]; + crypto_auth(correct,in,inlen,k); + return crypto_verify_32(h,correct); +} diff --git a/nacl-20110221/crypto_auth/hmacsha512256/selected b/nacl-20110221/crypto_auth/hmacsha512256/selected diff --git a/nacl-20110221/crypto_auth/hmacsha512256/used b/nacl-20110221/crypto_auth/hmacsha512256/used diff --git a/nacl-20110221/crypto_auth/measure.c b/nacl-20110221/crypto_auth/measure.c @@ -0,0 +1,69 @@ +#include "crypto_auth.h" +#include "randombytes.h" +#include "cpucycles.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_auth_IMPLEMENTATION; +const char *implementationversion = crypto_auth_VERSION; +const char *sizenames[] = { "outputbytes", "keybytes", 0 }; +const long long sizes[] = { crypto_auth_BYTES, crypto_auth_KEYBYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *k; +static unsigned char *m; +static unsigned char *h; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_auth_KEYBYTES); + m = alignedcalloc(MAXTEST_BYTES); + h = alignedcalloc(crypto_auth_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(k,crypto_auth_KEYBYTES); + randombytes(m,mlen); + randombytes(h,crypto_auth_BYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_auth(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_auth_verify(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"verify_cycles",cycles,TIMINGS); + } + } +} diff --git a/nacl-20110221/crypto_auth/try.c b/nacl-20110221/crypto_auth/try.c @@ -0,0 +1,119 @@ +/* + * crypto_auth/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include "crypto_hash_sha256.h" +#include "crypto_auth.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_auth_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *m; +static unsigned char *k; +static unsigned char *h2; +static unsigned char *m2; +static unsigned char *k2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_auth_BYTES); + m = alignedcalloc(MAXTEST_BYTES); + k = alignedcalloc(crypto_auth_KEYBYTES); + h2 = alignedcalloc(crypto_auth_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES); + k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_auth(h,m,TUNE_BYTES,k); + crypto_auth_verify(h,m,TUNE_BYTES,k); +} + +char checksum[crypto_auth_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i; + long long klen = crypto_auth_KEYBYTES; + long long hlen = crypto_auth_BYTES; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; + + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; + for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output"; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap"; + for (j = 0;j < hlen;++j) m2[j] = m[j]; + if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero"; + for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap"; + for (j = 0;j < hlen;++j) k2[j] = k[j]; + + if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; + + for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < klen;++j) k[j] ^= h2[j % 32]; + if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; + if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32]; + m[mlen] = h2[0]; + } + if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero"; + if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero"; + + for (i = 0;i < crypto_auth_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/nacl-20110221/crypto_auth/wrapper-auth.cpp b/nacl-20110221/crypto_auth/wrapper-auth.cpp @@ -0,0 +1,11 @@ +#include <string> +using std::string; +#include "crypto_auth.h" + +string crypto_auth(const string &m,const string &k) +{ + if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length"; + unsigned char a[crypto_auth_BYTES]; + crypto_auth(a,(const unsigned char *) m.c_str(),m.size(),(const unsigned char *) k.c_str()); + return string((char *) a,crypto_auth_BYTES); +} diff --git a/nacl-20110221/crypto_auth/wrapper-verify.cpp b/nacl-20110221/crypto_auth/wrapper-verify.cpp @@ -0,0 +1,14 @@ +#include <string> +using std::string; +#include "crypto_auth.h" + +void crypto_auth_verify(const string &a,const string &m,const string &k) +{ + if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length"; + if (a.size() != crypto_auth_BYTES) throw "incorrect authenticator length"; + if (crypto_auth_verify( + (const unsigned char *) a.c_str(), + (const unsigned char *) m.c_str(),m.size(), + (const unsigned char *) k.c_str()) == 0) return; + throw "invalid authenticator"; +} diff --git a/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/checksum b/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/checksum @@ -0,0 +1 @@ +5fac7400caabc14a99c5c0bc13fb1df5e468e870382a3a1c diff --git a/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/after.c b/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/after.c @@ -0,0 +1,22 @@ +#include "crypto_secretbox_xsalsa20poly1305.h" +#include "crypto_box.h" + +int crypto_box_afternm( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + return crypto_secretbox_xsalsa20poly1305(c,m,mlen,n,k); +} + +int crypto_box_open_afternm( + unsigned char *m, + const unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + return crypto_secretbox_xsalsa20poly1305_open(m,c,clen,n,k); +} diff --git a/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/api.h b/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/api.h @@ -0,0 +1,6 @@ +#define CRYPTO_PUBLICKEYBYTES 32 +#define CRYPTO_SECRETKEYBYTES 32 +#define CRYPTO_BEFORENMBYTES 32 +#define CRYPTO_NONCEBYTES 24 +#define CRYPTO_ZEROBYTES 32 +#define CRYPTO_BOXZEROBYTES 16 diff --git a/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/before.c b/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/before.c @@ -0,0 +1,17 @@ +#include "crypto_core_hsalsa20.h" +#include "crypto_scalarmult_curve25519.h" +#include "crypto_box.h" + +static const unsigned char sigma[16] = "expand 32-byte k"; +static const unsigned char n[16] = {0}; + +int crypto_box_beforenm( + unsigned char *k, + const unsigned char *pk, + const unsigned char *sk +) +{ + unsigned char s[32]; + crypto_scalarmult_curve25519(s,sk,pk); + return crypto_core_hsalsa20(k,n,s,sigma); +} diff --git a/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/box.c b/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/box.c @@ -0,0 +1,27 @@ +#include "crypto_box.h" + +int crypto_box( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *pk, + const unsigned char *sk +) +{ + unsigned char k[crypto_box_BEFORENMBYTES]; + crypto_box_beforenm(k,pk,sk); + return crypto_box_afternm(c,m,mlen,n,k); +} + +int crypto_box_open( + unsigned char *m, + const unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *pk, + const unsigned char *sk +) +{ + unsigned char k[crypto_box_BEFORENMBYTES]; + crypto_box_beforenm(k,pk,sk); + return crypto_box_open_afternm(m,c,clen,n,k); +} diff --git a/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c b/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c @@ -0,0 +1,12 @@ +#include "crypto_scalarmult_curve25519.h" +#include "crypto_box.h" +#include "randombytes.h" + +int crypto_box_keypair( + unsigned char *pk, + unsigned char *sk +) +{ + randombytes(sk,32); + return crypto_scalarmult_curve25519_base(pk,sk); +} diff --git a/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/selected b/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/selected diff --git a/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/used b/nacl-20110221/crypto_box/curve25519xsalsa20poly1305/used diff --git a/nacl-20110221/crypto_box/measure.c b/nacl-20110221/crypto_box/measure.c @@ -0,0 +1,137 @@ +#include <stdlib.h> +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_box.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_box_IMPLEMENTATION; +const char *implementationversion = crypto_box_VERSION; +const char *sizenames[] = { "publickeybytes", "secretkeybytes", "beforenmbytes", "noncebytes", "zerobytes", "boxzerobytes", 0 }; +const long long sizes[] = { crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES, crypto_box_BEFORENMBYTES, crypto_box_NONCEBYTES, crypto_box_ZEROBYTES, crypto_box_BOXZEROBYTES }; + +#define MAXTEST_BYTES 4096 + +static unsigned char *ska; +static unsigned char *pka; +static unsigned char *skb; +static unsigned char *pkb; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *sa; +static unsigned char *sb; + +void preallocate(void) +{ +} + +void allocate(void) +{ + ska = alignedcalloc(crypto_box_SECRETKEYBYTES); + pka = alignedcalloc(crypto_box_PUBLICKEYBYTES); + skb = alignedcalloc(crypto_box_SECRETKEYBYTES); + pkb = alignedcalloc(crypto_box_PUBLICKEYBYTES); + n = alignedcalloc(crypto_box_NONCEBYTES); + m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + sa = alignedcalloc(crypto_box_BEFORENMBYTES); + sb = alignedcalloc(crypto_box_BEFORENMBYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_keypair(pka,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"keypair_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_keypair(pkb,skb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"keypair_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_beforenm(sa,pkb,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"beforenm_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_beforenm(sb,pka,skb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"beforenm_cycles",cycles,TIMINGS); + + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 8) { + randombytes(n,crypto_box_NONCEBYTES); + randombytes(m + crypto_box_ZEROBYTES,mlen); + randombytes(c,mlen + crypto_box_ZEROBYTES); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,pka,skb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open(m,c,mlen + crypto_box_ZEROBYTES,n,pkb,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_cycles",cycles,TIMINGS); + + ++c[crypto_box_ZEROBYTES]; + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open(m,c,mlen + crypto_box_ZEROBYTES,n,pkb,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"forgery_open_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_afternm(c,m,mlen + crypto_box_ZEROBYTES,n,sb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"afternm_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open_afternm(m,c,mlen + crypto_box_ZEROBYTES,n,sa); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_afternm_cycles",cycles,TIMINGS); + + ++c[crypto_box_ZEROBYTES]; + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open_afternm(m,c,mlen + crypto_box_ZEROBYTES,n,sa); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"forgery_open_afternm_cycles",cycles,TIMINGS); + } + } +} diff --git a/nacl-20110221/crypto_box/try.c b/nacl-20110221/crypto_box/try.c @@ -0,0 +1,195 @@ +/* + * crypto_box/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include "crypto_box.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_box_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *ska; +static unsigned char *pka; +static unsigned char *skb; +static unsigned char *pkb; +static unsigned char *s; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *t; +static unsigned char *ska2; +static unsigned char *pka2; +static unsigned char *skb2; +static unsigned char *pkb2; +static unsigned char *s2; +static unsigned char *n2; +static unsigned char *m2; +static unsigned char *c2; +static unsigned char *t2; + +#define sklen crypto_box_SECRETKEYBYTES +#define pklen crypto_box_PUBLICKEYBYTES +#define nlen crypto_box_NONCEBYTES +#define slen crypto_box_BEFORENMBYTES + +void preallocate(void) +{ +} + +void allocate(void) +{ + ska = alignedcalloc(sklen); + pka = alignedcalloc(pklen); + skb = alignedcalloc(sklen); + pkb = alignedcalloc(pklen); + n = alignedcalloc(nlen); + m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + s = alignedcalloc(slen); + ska2 = alignedcalloc(sklen); + pka2 = alignedcalloc(pklen); + skb2 = alignedcalloc(sklen); + pkb2 = alignedcalloc(pklen); + n2 = alignedcalloc(nlen); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + c2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + t2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + s2 = alignedcalloc(slen); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_box(c,m,TUNE_BYTES + crypto_box_ZEROBYTES,n,pka,skb); + crypto_box_open(t,c,TUNE_BYTES + crypto_box_ZEROBYTES,n,pkb,ska); +} + +char checksum[nlen * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + if (crypto_box_keypair(pka,ska) != 0) return "crypto_box_keypair returns nonzero"; + if (crypto_box_keypair(pkb,skb) != 0) return "crypto_box_keypair returns nonzero"; + + for (j = 0;j < crypto_box_ZEROBYTES;++j) m[j] = 0; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i + crypto_box_ZEROBYTES; + long long tlen = i + crypto_box_ZEROBYTES; + long long clen = i + crypto_box_ZEROBYTES; + + for (j = -16;j < 0;++j) ska[j] = random(); + for (j = -16;j < 0;++j) skb[j] = random(); + for (j = -16;j < 0;++j) pka[j] = random(); + for (j = -16;j < 0;++j) pkb[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = -16;j < 0;++j) n[j] = random(); + + for (j = sklen;j < sklen + 16;++j) ska[j] = random(); + for (j = sklen;j < sklen + 16;++j) skb[j] = random(); + for (j = pklen;j < pklen + 16;++j) pka[j] = random(); + for (j = pklen;j < pklen + 16;++j) pkb[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + + for (j = -16;j < sklen + 16;++j) ska2[j] = ska[j]; + for (j = -16;j < sklen + 16;++j) skb2[j] = skb[j]; + for (j = -16;j < pklen + 16;++j) pka2[j] = pka[j]; + for (j = -16;j < pklen + 16;++j) pkb2[j] = pkb[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < clen + 16;++j) c2[j] = c[j] = random(); + + if (crypto_box(c,m,mlen,n,pkb,ska) != 0) return "crypto_box returns nonzero"; + + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box overwrites n"; + for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_box writes before output"; + for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box writes after output"; + for (j = 0;j < crypto_box_BOXZEROBYTES;++j) + if (c[j] != 0) return "crypto_box does not clear extra bytes"; + + for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box overwrites ska"; + for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box overwrites skb"; + for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box overwrites pka"; + for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box overwrites pkb"; + + for (j = -16;j < 0;++j) c[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + + if (crypto_box_open(t,c,clen,n,pka,skb) != 0) return "crypto_box_open returns nonzero"; + + for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box_open overwrites c"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open overwrites n"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open writes after output"; + for (j = 0;j < crypto_box_ZEROBYTES;++j) + if (t[j] != 0) return "crypto_box_open does not clear extra bytes"; + + for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box_open overwrites ska"; + for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites skb"; + for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pka"; + for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box_open overwrites pkb"; + + for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "plaintext does not match"; + + for (j = -16;j < slen + 16;++j) s2[j] = s[j] = random(); + if (crypto_box_beforenm(s,pkb,ska) != 0) return "crypto_box_beforenm returns nonzero"; + for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pk"; + for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites sk"; + for (j = -16;j < 0;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes before output"; + for (j = slen;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes after output"; + + for (j = -16;j < slen + 16;++j) s2[j] = s[j]; + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + if (crypto_box_afternm(t,m,mlen,n,s) != 0) return "crypto_box_afternm returns nonzero"; + for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_afternm overwrites s"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_afternm overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_afternm overwrites n"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes after output"; + for (j = 0;j < crypto_box_BOXZEROBYTES;++j) + if (t[j] != 0) return "crypto_box_afternm does not clear extra bytes"; + for (j = 0;j < mlen;++j) if (t[j] != c[j]) return "crypto_box_afternm does not match crypto_box"; + + if (crypto_box_beforenm(s,pka,skb) != 0) return "crypto_box_beforenm returns nonzero"; + + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + if (crypto_box_open_afternm(t,c,clen,n,s) != 0) return "crypto_box_open_afternm returns nonzero"; + for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_open_afternm overwrites s"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_open_afternm overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open_afternm overwrites n"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes after output"; + for (j = 0;j < crypto_box_ZEROBYTES;++j) + if (t[j] != 0) return "crypto_box_open_afternm does not clear extra bytes"; + for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "crypto_box_open_afternm does not match crypto_box_open"; + + for (j = 0;j < i;++j) n[j % nlen] ^= c[j + crypto_box_BOXZEROBYTES]; + if (i == 0) m[crypto_box_ZEROBYTES] = 0; + m[i + crypto_box_ZEROBYTES] = m[crypto_box_ZEROBYTES]; + for (j = 0;j < i;++j) m[j + crypto_box_ZEROBYTES] ^= c[j + crypto_box_BOXZEROBYTES]; + } + + for (i = 0;i < nlen;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (n[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & n[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/nacl-20110221/crypto_box/wrapper-box.cpp b/nacl-20110221/crypto_box/wrapper-box.cpp @@ -0,0 +1,24 @@ +#include <string> +using std::string; +#include "crypto_box.h" + +string crypto_box(const string &m,const string &n,const string &pk,const string &sk) +{ + if (pk.size() != crypto_box_PUBLICKEYBYTES) throw "incorrect public-key length"; + if (sk.size() != crypto_box_SECRETKEYBYTES) throw "incorrect secret-key length"; + if (n.size() != crypto_box_NONCEBYTES) throw "incorrect nonce length"; + size_t mlen = m.size() + crypto_box_ZEROBYTES; + unsigned char mpad[mlen]; + for (int i = 0;i < crypto_box_ZEROBYTES;++i) mpad[i] = 0; + for (int i = crypto_box_ZEROBYTES;i < mlen;++i) mpad[i] = m[i - crypto_box_ZEROBYTES]; + unsigned char cpad[mlen]; + crypto_box(cpad,mpad,mlen, + (const unsigned char *) n.c_str(), + (const unsigned char *) pk.c_str(), + (const unsigned char *) sk.c_str() + ); + return string( + (char *) cpad + crypto_box_BOXZEROBYTES, + mlen - crypto_box_BOXZEROBYTES + ); +} diff --git a/nacl-20110221/crypto_box/wrapper-keypair.cpp b/nacl-20110221/crypto_box/wrapper-keypair.cpp @@ -0,0 +1,12 @@ +#include <string> +using std::string; +#include "crypto_box.h" + +string crypto_box_keypair(string *sk_string) +{ + unsigned char pk[crypto_box_PUBLICKEYBYTES]; + unsigned char sk[crypto_box_SECRETKEYBYTES]; + crypto_box_keypair(pk,sk); + *sk_string = string((char *) sk,sizeof sk); + return string((char *) pk,sizeof pk); +} diff --git a/nacl-20110221/crypto_box/wrapper-open.cpp b/nacl-20110221/crypto_box/wrapper-open.cpp @@ -0,0 +1,27 @@ +#include <string> +using std::string; +#include "crypto_box.h" + +string crypto_box_open(const string &c,const string &n,const string &pk,const string &sk) +{ + if (pk.size() != crypto_box_PUBLICKEYBYTES) throw "incorrect public-key length"; + if (sk.size() != crypto_box_SECRETKEYBYTES) throw "incorrect secret-key length"; + if (n.size() != crypto_box_NONCEBYTES) throw "incorrect nonce length"; + size_t clen = c.size() + crypto_box_BOXZEROBYTES; + unsigned char cpad[clen]; + for (int i = 0;i < crypto_box_BOXZEROBYTES;++i) cpad[i] = 0; + for (int i = crypto_box_BOXZEROBYTES;i < clen;++i) cpad[i] = c[i - crypto_box_BOXZEROBYTES]; + unsigned char mpad[clen]; + if (crypto_box_open(mpad,cpad,clen, + (const unsigned char *) n.c_str(), + (const unsigned char *) pk.c_str(), + (const unsigned char *) sk.c_str() + ) != 0) + throw "ciphertext fails verification"; + if (clen < crypto_box_ZEROBYTES) + throw "ciphertext too short"; // should have been caught by _open + return string( + (char *) mpad + crypto_box_ZEROBYTES, + clen - crypto_box_ZEROBYTES + ); +} diff --git a/nacl-20110221/crypto_core/hsalsa20/checksum b/nacl-20110221/crypto_core/hsalsa20/checksum @@ -0,0 +1 @@ +28ebe700b5878570702a68740aa131e6fa907e58a3f6915cd183c6db3f7afd7a diff --git a/nacl-20110221/crypto_core/hsalsa20/ref/api.h b/nacl-20110221/crypto_core/hsalsa20/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 32 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/nacl-20110221/crypto_core/hsalsa20/ref/core.c b/nacl-20110221/crypto_core/hsalsa20/ref/core.c @@ -0,0 +1,135 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 20 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + x0 -= load_littleendian(c + 0); + x5 -= load_littleendian(c + 4); + x10 -= load_littleendian(c + 8); + x15 -= load_littleendian(c + 12); + x6 -= load_littleendian(in + 0); + x7 -= load_littleendian(in + 4); + x8 -= load_littleendian(in + 8); + x9 -= load_littleendian(in + 12); + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x5); + store_littleendian(out + 8,x10); + store_littleendian(out + 12,x15); + store_littleendian(out + 16,x6); + store_littleendian(out + 20,x7); + store_littleendian(out + 24,x8); + store_littleendian(out + 28,x9); + + return 0; +} diff --git a/nacl-20110221/crypto_core/hsalsa20/ref/implementors b/nacl-20110221/crypto_core/hsalsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/nacl-20110221/crypto_core/hsalsa20/ref2/api.h b/nacl-20110221/crypto_core/hsalsa20/ref2/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 32 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/nacl-20110221/crypto_core/hsalsa20/ref2/core.c b/nacl-20110221/crypto_core/hsalsa20/ref2/core.c @@ -0,0 +1,108 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 20 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + int i; + + x0 = load_littleendian(c + 0); + x1 = load_littleendian(k + 0); + x2 = load_littleendian(k + 4); + x3 = load_littleendian(k + 8); + x4 = load_littleendian(k + 12); + x5 = load_littleendian(c + 4); + x6 = load_littleendian(in + 0); + x7 = load_littleendian(in + 4); + x8 = load_littleendian(in + 8); + x9 = load_littleendian(in + 12); + x10 = load_littleendian(c + 8); + x11 = load_littleendian(k + 16); + x12 = load_littleendian(k + 20); + x13 = load_littleendian(k + 24); + x14 = load_littleendian(k + 28); + x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x5); + store_littleendian(out + 8,x10); + store_littleendian(out + 12,x15); + store_littleendian(out + 16,x6); + store_littleendian(out + 20,x7); + store_littleendian(out + 24,x8); + store_littleendian(out + 28,x9); + + return 0; +} diff --git a/nacl-20110221/crypto_core/hsalsa20/ref2/implementors b/nacl-20110221/crypto_core/hsalsa20/ref2/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/nacl-20110221/crypto_core/hsalsa20/used b/nacl-20110221/crypto_core/hsalsa20/used diff --git a/nacl-20110221/crypto_core/measure.c b/nacl-20110221/crypto_core/measure.c @@ -0,0 +1,18 @@ +#include "crypto_core.h" + +const char *primitiveimplementation = crypto_core_IMPLEMENTATION; +const char *implementationversion = crypto_core_VERSION; +const char *sizenames[] = { "outputbytes", "inputbytes", "keybytes", "constbytes", 0 }; +const long long sizes[] = { crypto_core_OUTPUTBYTES, crypto_core_INPUTBYTES, crypto_core_KEYBYTES, crypto_core_CONSTBYTES }; + +void preallocate(void) +{ +} + +void allocate(void) +{ +} + +void measure(void) +{ +} diff --git a/nacl-20110221/crypto_core/salsa20/checksum b/nacl-20110221/crypto_core/salsa20/checksum @@ -0,0 +1 @@ +9d1ee8d84b974e648507ffd93829376c5b4420751710e44f6593abd8769378011d85ecda51ceb8f43661d3c65ef5b57c4f5bf8df76c8202784c8df8def61e6a6 diff --git a/nacl-20110221/crypto_core/salsa20/ref/api.h b/nacl-20110221/crypto_core/salsa20/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 64 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/nacl-20110221/crypto_core/salsa20/ref/core.c b/nacl-20110221/crypto_core/salsa20/ref/core.c @@ -0,0 +1,134 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 20 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x1); + store_littleendian(out + 8,x2); + store_littleendian(out + 12,x3); + store_littleendian(out + 16,x4); + store_littleendian(out + 20,x5); + store_littleendian(out + 24,x6); + store_littleendian(out + 28,x7); + store_littleendian(out + 32,x8); + store_littleendian(out + 36,x9); + store_littleendian(out + 40,x10); + store_littleendian(out + 44,x11); + store_littleendian(out + 48,x12); + store_littleendian(out + 52,x13); + store_littleendian(out + 56,x14); + store_littleendian(out + 60,x15); + + return 0; +} diff --git a/nacl-20110221/crypto_core/salsa20/ref/implementors b/nacl-20110221/crypto_core/salsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/nacl-20110221/crypto_core/salsa20/used b/nacl-20110221/crypto_core/salsa20/used diff --git a/nacl-20110221/crypto_core/salsa2012/checksum b/nacl-20110221/crypto_core/salsa2012/checksum @@ -0,0 +1 @@ +f36d643f798efc0fca888d3ac4bdcc54c98a968c2da16bd5b8bfe9fe9025a6ca3a207e9362dc7cf17ddfc7477ee754d3f521b1df91640093754f7275b1a54293 diff --git a/nacl-20110221/crypto_core/salsa2012/ref/api.h b/nacl-20110221/crypto_core/salsa2012/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 64 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/nacl-20110221/crypto_core/salsa2012/ref/core.c b/nacl-20110221/crypto_core/salsa2012/ref/core.c @@ -0,0 +1,134 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 12 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x1); + store_littleendian(out + 8,x2); + store_littleendian(out + 12,x3); + store_littleendian(out + 16,x4); + store_littleendian(out + 20,x5); + store_littleendian(out + 24,x6); + store_littleendian(out + 28,x7); + store_littleendian(out + 32,x8); + store_littleendian(out + 36,x9); + store_littleendian(out + 40,x10); + store_littleendian(out + 44,x11); + store_littleendian(out + 48,x12); + store_littleendian(out + 52,x13); + store_littleendian(out + 56,x14); + store_littleendian(out + 60,x15); + + return 0; +} diff --git a/nacl-20110221/crypto_core/salsa2012/ref/implementors b/nacl-20110221/crypto_core/salsa2012/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/nacl-20110221/crypto_core/salsa2012/used b/nacl-20110221/crypto_core/salsa2012/used diff --git a/nacl-20110221/crypto_core/salsa208/checksum b/nacl-20110221/crypto_core/salsa208/checksum @@ -0,0 +1 @@ +1e13ea9e74cb36989f7cbf4abc80b29154e1a8b150bd5244951318abea002a93ae9fe2abbcf7217526ac2a85b66c256ba9374b1257eda0c01816da328edfa11a diff --git a/nacl-20110221/crypto_core/salsa208/ref/api.h b/nacl-20110221/crypto_core/salsa208/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 64 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/nacl-20110221/crypto_core/salsa208/ref/core.c b/nacl-20110221/crypto_core/salsa208/ref/core.c @@ -0,0 +1,134 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 8 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x1); + store_littleendian(out + 8,x2); + store_littleendian(out + 12,x3); + store_littleendian(out + 16,x4); + store_littleendian(out + 20,x5); + store_littleendian(out + 24,x6); + store_littleendian(out + 28,x7); + store_littleendian(out + 32,x8); + store_littleendian(out + 36,x9); + store_littleendian(out + 40,x10); + store_littleendian(out + 44,x11); + store_littleendian(out + 48,x12); + store_littleendian(out + 52,x13); + store_littleendian(out + 56,x14); + store_littleendian(out + 60,x15); + + return 0; +} diff --git a/nacl-20110221/crypto_core/salsa208/ref/implementors b/nacl-20110221/crypto_core/salsa208/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/nacl-20110221/crypto_core/salsa208/used b/nacl-20110221/crypto_core/salsa208/used diff --git a/nacl-20110221/crypto_core/try.c b/nacl-20110221/crypto_core/try.c @@ -0,0 +1,116 @@ +/* + * crypto_core/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include <stdlib.h> +#include "crypto_core.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_core_IMPLEMENTATION; + +static unsigned char *h; +static unsigned char *n; +static unsigned char *k; +static unsigned char *c; +static unsigned char *h2; +static unsigned char *n2; +static unsigned char *k2; +static unsigned char *c2; + +#define hlen crypto_core_OUTPUTBYTES +#define nlen crypto_core_INPUTBYTES +#define klen crypto_core_KEYBYTES +#define clen crypto_core_CONSTBYTES + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(hlen); + n = alignedcalloc(nlen); + k = alignedcalloc(klen); + c = alignedcalloc(clen); + h2 = alignedcalloc(hlen); + n2 = alignedcalloc(nlen + crypto_core_OUTPUTBYTES); + k2 = alignedcalloc(klen + crypto_core_OUTPUTBYTES); + c2 = alignedcalloc(clen + crypto_core_OUTPUTBYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_core(h,n,k,c); +} + +static unsigned char newbyte(void) +{ + unsigned long long x; + long long j; + x = 8675309; + for (j = 0;j < hlen;++j) { x += h[j]; x *= x; x += (x >> 31); } + for (j = 0;j < nlen;++j) { x += n[j]; x *= x; x += (x >> 31); } + for (j = 0;j < klen;++j) { x += k[j]; x *= x; x += (x >> 31); } + for (j = 0;j < clen;++j) { x += c[j]; x *= x; x += (x >> 31); } + for (j = 0;j < 100;++j) { x += j ; x *= x; x += (x >> 31); } + return x; +} + +char checksum[hlen * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < 100;++i) { + for (j = -16;j < 0;++j) h[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < 0;++j) n[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < 0;++j) k[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < 0;++j) c[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero"; + for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_core writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_core writes after output"; + for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_core writes to k"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_core writes to n"; + for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_core writes to c"; + + if (crypto_core(n2,n2,k,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < hlen;++j) if (h[j] != n2[j]) return "crypto_core does not handle n overlap"; + for (j = 0;j < hlen;++j) n2[j] = n[j]; + if (crypto_core(k2,n2,k2,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < hlen;++j) if (h[j] != k2[j]) return "crypto_core does not handle k overlap"; + for (j = 0;j < hlen;++j) k2[j] = k[j]; + if (crypto_core(c2,n2,k2,c2) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < hlen;++j) if (h[j] != c2[j]) return "crypto_core does not handle c overlap"; + for (j = 0;j < hlen;++j) c2[j] = c[j]; + + for (j = 0;j < nlen;++j) n[j] = newbyte(); + if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < klen;++j) k[j] = newbyte(); + if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < clen;++j) c[j] = newbyte(); + } + + for (i = 0;i < hlen;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/nacl-20110221/crypto_core/wrapper-empty.cpp b/nacl-20110221/crypto_core/wrapper-empty.cpp diff --git a/nacl-20110221/crypto_hash/measure.c b/nacl-20110221/crypto_hash/measure.c @@ -0,0 +1,66 @@ +#include <stdlib.h> +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_hash.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_hash_IMPLEMENTATION; +const char *implementationversion = crypto_hash_VERSION; +const char *sizenames[] = { "outputbytes", 0 }; +const long long sizes[] = { crypto_hash_BYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *h; +static unsigned char *m; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_hash_BYTES); + m = alignedcalloc(MAXTEST_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +static void printcycles(long long mlen) +{ + int i; + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); +} + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(m,mlen); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_hash(h,m,mlen); + } + printcycles(mlen); + } + } +} diff --git a/nacl-20110221/crypto_hash/sha256/checksum b/nacl-20110221/crypto_hash/sha256/checksum @@ -0,0 +1 @@ +86df8bd202b2a2b5fdc04a7f50a591e43a345849c12fef08d487109648a08e05 diff --git a/nacl-20110221/crypto_hash/sha256/ref/api.h b/nacl-20110221/crypto_hash/sha256/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 32 diff --git a/nacl-20110221/crypto_hash/sha256/ref/hash.c b/nacl-20110221/crypto_hash/sha256/ref/hash.c @@ -0,0 +1,69 @@ +/* +20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_hashblocks_sha256.h" +#include "crypto_hash.h" + +#define blocks crypto_hashblocks_sha256 + +typedef unsigned int uint32; + +static const char iv[32] = { + 0x6a,0x09,0xe6,0x67, + 0xbb,0x67,0xae,0x85, + 0x3c,0x6e,0xf3,0x72, + 0xa5,0x4f,0xf5,0x3a, + 0x51,0x0e,0x52,0x7f, + 0x9b,0x05,0x68,0x8c, + 0x1f,0x83,0xd9,0xab, + 0x5b,0xe0,0xcd,0x19, +} ; + +int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) +{ + unsigned char h[32]; + unsigned char padded[128]; + int i; + unsigned long long bits = inlen << 3; + + for (i = 0;i < 32;++i) h[i] = iv[i]; + + blocks(h,in,inlen); + in += inlen; + inlen &= 63; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 56) { + for (i = inlen + 1;i < 56;++i) padded[i] = 0; + padded[56] = bits >> 56; + padded[57] = bits >> 48; + padded[58] = bits >> 40; + padded[59] = bits >> 32; + padded[60] = bits >> 24; + padded[61] = bits >> 16; + padded[62] = bits >> 8; + padded[63] = bits; + blocks(h,padded,64); + } else { + for (i = inlen + 1;i < 120;++i) padded[i] = 0; + padded[120] = bits >> 56; + padded[121] = bits >> 48; + padded[122] = bits >> 40; + padded[123] = bits >> 32; + padded[124] = bits >> 24; + padded[125] = bits >> 16; + padded[126] = bits >> 8; + padded[127] = bits; + blocks(h,padded,128); + } + + for (i = 0;i < 32;++i) out[i] = h[i]; + + return 0; +} diff --git a/nacl-20110221/crypto_hash/sha256/ref/implementors b/nacl-20110221/crypto_hash/sha256/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein (wrapper around crypto_hashblocks/sha256) diff --git a/nacl-20110221/crypto_hash/sha256/used b/nacl-20110221/crypto_hash/sha256/used diff --git a/nacl-20110221/crypto_hash/sha512/checksum b/nacl-20110221/crypto_hash/sha512/checksum @@ -0,0 +1 @@ +9a2a989e136a02c3362c98e6e1e0b52fab980a1dafbebe4dd5e44d15d061742e35fb686befd4e33c608d251c96e26c020f90d92bb7ec8a657f79bb8e0b00a473 diff --git a/nacl-20110221/crypto_hash/sha512/ref/api.h b/nacl-20110221/crypto_hash/sha512/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 64 diff --git a/nacl-20110221/crypto_hash/sha512/ref/hash.c b/nacl-20110221/crypto_hash/sha512/ref/hash.c @@ -0,0 +1,71 @@ +/* +20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_hashblocks_sha512.h" +#include "crypto_hash.h" + +#define blocks crypto_hashblocks_sha512 + +static const unsigned char iv[64] = { + 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, + 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, + 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, + 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, + 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, + 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, + 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, + 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 +} ; + +typedef unsigned long long uint64; + +int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) +{ + unsigned char h[64]; + unsigned char padded[256]; + int i; + unsigned long long bytes = inlen; + + for (i = 0;i < 64;++i) h[i] = iv[i]; + + blocks(h,in,inlen); + in += inlen; + inlen &= 127; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 112) { + for (i = inlen + 1;i < 119;++i) padded[i] = 0; + padded[119] = bytes >> 61; + padded[120] = bytes >> 53; + padded[121] = bytes >> 45; + padded[122] = bytes >> 37; + padded[123] = bytes >> 29; + padded[124] = bytes >> 21; + padded[125] = bytes >> 13; + padded[126] = bytes >> 5; + padded[127] = bytes << 3; + blocks(h,padded,128); + } else { + for (i = inlen + 1;i < 247;++i) padded[i] = 0; + padded[247] = bytes >> 61; + padded[248] = bytes >> 53; + padded[249] = bytes >> 45; + padded[250] = bytes >> 37; + padded[251] = bytes >> 29; + padded[252] = bytes >> 21; + padded[253] = bytes >> 13; + padded[254] = bytes >> 5; + padded[255] = bytes << 3; + blocks(h,padded,256); + } + + for (i = 0;i < 64;++i) out[i] = h[i]; + + return 0; +} diff --git a/nacl-20110221/crypto_hash/sha512/ref/implementors b/nacl-20110221/crypto_hash/sha512/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein (wrapper around crypto_hashblocks/sha512) diff --git a/nacl-20110221/crypto_hash/sha512/selected b/nacl-20110221/crypto_hash/sha512/selected diff --git a/nacl-20110221/crypto_hash/sha512/used b/nacl-20110221/crypto_hash/sha512/used diff --git a/nacl-20110221/crypto_hash/try.c b/nacl-20110221/crypto_hash/try.c @@ -0,0 +1,77 @@ +/* + * crypto_hash/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include <stdlib.h> +#include "crypto_hash.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_hash_IMPLEMENTATION; + +#define MAXTEST_BYTES (10000 + crypto_hash_BYTES) +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *h2; +static unsigned char *m; +static unsigned char *m2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_hash_BYTES); + h2 = alignedcalloc(crypto_hash_BYTES); + m = alignedcalloc(MAXTEST_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_hash(h,m,TUNE_BYTES); +} + +char checksum[crypto_hash_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long hlen = crypto_hash_BYTES; + long long mlen = i; + for (j = -16;j < 0;++j) h[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < 0;++j) m[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + if (crypto_hash(h,m,mlen) != 0) return "crypto_hash returns nonzero"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_hash writes to input"; + for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_hash writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_hash writes after output"; + if (crypto_hash(m2,m2,mlen) != 0) return "crypto_hash returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_hash does not handle overlap"; + for (j = 0;j < mlen;++j) m[j] ^= h[j % hlen]; + m[mlen] = h[0]; + } + if (crypto_hash(h,m,CHECKSUM_BYTES) != 0) return "crypto_hash returns nonzero"; + + for (i = 0;i < crypto_hash_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/nacl-20110221/crypto_hash/wrapper-hash.cpp b/nacl-20110221/crypto_hash/wrapper-hash.cpp @@ -0,0 +1,10 @@ +#include <string> +using std::string; +#include "crypto_hash.h" + +string crypto_hash(const string &m) +{ + unsigned char h[crypto_hash_BYTES]; + crypto_hash(h,(const unsigned char *) m.c_str(),m.size()); + return string((char *) h,sizeof h); +} diff --git a/nacl-20110221/crypto_hashblocks/measure.c b/nacl-20110221/crypto_hashblocks/measure.c @@ -0,0 +1,18 @@ +#include "crypto_hashblocks.h" + +const char *primitiveimplementation = crypto_hashblocks_IMPLEMENTATION; +const char *implementationversion = crypto_hashblocks_VERSION; +const char *sizenames[] = { "statebytes", 0 }; +const long long sizes[] = { crypto_hashblocks_STATEBYTES }; + +void preallocate(void) +{ +} + +void allocate(void) +{ +} + +void measure(void) +{ +} diff --git a/nacl-20110221/crypto_hashblocks/sha256/checksum b/nacl-20110221/crypto_hashblocks/sha256/checksum @@ -0,0 +1 @@ +69a9dc2464f9593161e462d3dbb634b84f1d68d67d26df29aaa805f9dcd8f656 diff --git a/nacl-20110221/crypto_hashblocks/sha256/inplace/api.h b/nacl-20110221/crypto_hashblocks/sha256/inplace/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 32 +#define CRYPTO_BLOCKBYTES 64 diff --git a/nacl-20110221/crypto_hashblocks/sha256/inplace/blocks.c b/nacl-20110221/crypto_hashblocks/sha256/inplace/blocks.c @@ -0,0 +1,228 @@ +#include "crypto_hashblocks.h" + +typedef unsigned int uint32; + +static uint32 load_bigendian(const unsigned char *x) +{ + return + (uint32) (x[3]) \ + | (((uint32) (x[2])) << 8) \ + | (((uint32) (x[1])) << 16) \ + | (((uint32) (x[0])) << 24) + ; +} + +static void store_bigendian(unsigned char *x,uint32 u) +{ + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) + +#define M(w0,w14,w9,w1) w0 += sigma1(w14) + w9 + sigma0(w1); + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(r0,r1,r2,r3,r4,r5,r6,r7,w,k) \ + r7 += Sigma1(r4) + Ch(r4,r5,r6) + k + w; \ + r3 += r7; \ + r7 += Sigma0(r0) + Maj(r0,r1,r2); + +#define G(r0,r1,r2,r3,r4,r5,r6,r7,i) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w0 ,round[i + 0]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w1 ,round[i + 1]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w2 ,round[i + 2]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w3 ,round[i + 3]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w4 ,round[i + 4]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w5 ,round[i + 5]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w6 ,round[i + 6]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w7 ,round[i + 7]) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w8 ,round[i + 8]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w9 ,round[i + 9]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w10,round[i + 10]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w11,round[i + 11]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w12,round[i + 12]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w13,round[i + 13]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w14,round[i + 14]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w15,round[i + 15]) + +static const uint32 round[64] = { + 0x428a2f98 +, 0x71374491 +, 0xb5c0fbcf +, 0xe9b5dba5 +, 0x3956c25b +, 0x59f111f1 +, 0x923f82a4 +, 0xab1c5ed5 +, 0xd807aa98 +, 0x12835b01 +, 0x243185be +, 0x550c7dc3 +, 0x72be5d74 +, 0x80deb1fe +, 0x9bdc06a7 +, 0xc19bf174 +, 0xe49b69c1 +, 0xefbe4786 +, 0x0fc19dc6 +, 0x240ca1cc +, 0x2de92c6f +, 0x4a7484aa +, 0x5cb0a9dc +, 0x76f988da +, 0x983e5152 +, 0xa831c66d +, 0xb00327c8 +, 0xbf597fc7 +, 0xc6e00bf3 +, 0xd5a79147 +, 0x06ca6351 +, 0x14292967 +, 0x27b70a85 +, 0x2e1b2138 +, 0x4d2c6dfc +, 0x53380d13 +, 0x650a7354 +, 0x766a0abb +, 0x81c2c92e +, 0x92722c85 +, 0xa2bfe8a1 +, 0xa81a664b +, 0xc24b8b70 +, 0xc76c51a3 +, 0xd192e819 +, 0xd6990624 +, 0xf40e3585 +, 0x106aa070 +, 0x19a4c116 +, 0x1e376c08 +, 0x2748774c +, 0x34b0bcb5 +, 0x391c0cb3 +, 0x4ed8aa4a +, 0x5b9cca4f +, 0x682e6ff3 +, 0x748f82ee +, 0x78a5636f +, 0x84c87814 +, 0x8cc70208 +, 0x90befffa +, 0xa4506ceb +, 0xbef9a3f7 +, 0xc67178f2 +} ; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint32 state[8]; + uint32 r0; + uint32 r1; + uint32 r2; + uint32 r3; + uint32 r4; + uint32 r5; + uint32 r6; + uint32 r7; + + r0 = load_bigendian(statebytes + 0); state[0] = r0; + r1 = load_bigendian(statebytes + 4); state[1] = r1; + r2 = load_bigendian(statebytes + 8); state[2] = r2; + r3 = load_bigendian(statebytes + 12); state[3] = r3; + r4 = load_bigendian(statebytes + 16); state[4] = r4; + r5 = load_bigendian(statebytes + 20); state[5] = r5; + r6 = load_bigendian(statebytes + 24); state[6] = r6; + r7 = load_bigendian(statebytes + 28); state[7] = r7; + + while (inlen >= 64) { + uint32 w0 = load_bigendian(in + 0); + uint32 w1 = load_bigendian(in + 4); + uint32 w2 = load_bigendian(in + 8); + uint32 w3 = load_bigendian(in + 12); + uint32 w4 = load_bigendian(in + 16); + uint32 w5 = load_bigendian(in + 20); + uint32 w6 = load_bigendian(in + 24); + uint32 w7 = load_bigendian(in + 28); + uint32 w8 = load_bigendian(in + 32); + uint32 w9 = load_bigendian(in + 36); + uint32 w10 = load_bigendian(in + 40); + uint32 w11 = load_bigendian(in + 44); + uint32 w12 = load_bigendian(in + 48); + uint32 w13 = load_bigendian(in + 52); + uint32 w14 = load_bigendian(in + 56); + uint32 w15 = load_bigendian(in + 60); + + G(r0,r1,r2,r3,r4,r5,r6,r7,0) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,16) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,32) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,48) + + r0 += state[0]; + r1 += state[1]; + r2 += state[2]; + r3 += state[3]; + r4 += state[4]; + r5 += state[5]; + r6 += state[6]; + r7 += state[7]; + + state[0] = r0; + state[1] = r1; + state[2] = r2; + state[3] = r3; + state[4] = r4; + state[5] = r5; + state[6] = r6; + state[7] = r7; + + in += 64; + inlen -= 64; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 4,state[1]); + store_bigendian(statebytes + 8,state[2]); + store_bigendian(statebytes + 12,state[3]); + store_bigendian(statebytes + 16,state[4]); + store_bigendian(statebytes + 20,state[5]); + store_bigendian(statebytes + 24,state[6]); + store_bigendian(statebytes + 28,state[7]); + + return 0; +} diff --git a/nacl-20110221/crypto_hashblocks/sha256/inplace/implementors b/nacl-20110221/crypto_hashblocks/sha256/inplace/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/nacl-20110221/crypto_hashblocks/sha256/ref/api.h b/nacl-20110221/crypto_hashblocks/sha256/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 32 +#define CRYPTO_BLOCKBYTES 64 diff --git a/nacl-20110221/crypto_hashblocks/sha256/ref/blocks.c b/nacl-20110221/crypto_hashblocks/sha256/ref/blocks.c @@ -0,0 +1,212 @@ +#include "crypto_hashblocks.h" + +typedef unsigned int uint32; + +static uint32 load_bigendian(const unsigned char *x) +{ + return + (uint32) (x[3]) \ + | (((uint32) (x[2])) << 8) \ + | (((uint32) (x[1])) << 16) \ + | (((uint32) (x[0])) << 24) + ; +} + +static void store_bigendian(unsigned char *x,uint32 u) +{ + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(w,k) \ + T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ + T2 = Sigma0(a) + Maj(a,b,c); \ + h = g; \ + g = f; \ + f = e; \ + e = d + T1; \ + d = c; \ + c = b; \ + b = a; \ + a = T1 + T2; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint32 state[8]; + uint32 a; + uint32 b; + uint32 c; + uint32 d; + uint32 e; + uint32 f; + uint32 g; + uint32 h; + uint32 T1; + uint32 T2; + + a = load_bigendian(statebytes + 0); state[0] = a; + b = load_bigendian(statebytes + 4); state[1] = b; + c = load_bigendian(statebytes + 8); state[2] = c; + d = load_bigendian(statebytes + 12); state[3] = d; + e = load_bigendian(statebytes + 16); state[4] = e; + f = load_bigendian(statebytes + 20); state[5] = f; + g = load_bigendian(statebytes + 24); state[6] = g; + h = load_bigendian(statebytes + 28); state[7] = h; + + while (inlen >= 64) { + uint32 w0 = load_bigendian(in + 0); + uint32 w1 = load_bigendian(in + 4); + uint32 w2 = load_bigendian(in + 8); + uint32 w3 = load_bigendian(in + 12); + uint32 w4 = load_bigendian(in + 16); + uint32 w5 = load_bigendian(in + 20); + uint32 w6 = load_bigendian(in + 24); + uint32 w7 = load_bigendian(in + 28); + uint32 w8 = load_bigendian(in + 32); + uint32 w9 = load_bigendian(in + 36); + uint32 w10 = load_bigendian(in + 40); + uint32 w11 = load_bigendian(in + 44); + uint32 w12 = load_bigendian(in + 48); + uint32 w13 = load_bigendian(in + 52); + uint32 w14 = load_bigendian(in + 56); + uint32 w15 = load_bigendian(in + 60); + + F(w0 ,0x428a2f98) + F(w1 ,0x71374491) + F(w2 ,0xb5c0fbcf) + F(w3 ,0xe9b5dba5) + F(w4 ,0x3956c25b) + F(w5 ,0x59f111f1) + F(w6 ,0x923f82a4) + F(w7 ,0xab1c5ed5) + F(w8 ,0xd807aa98) + F(w9 ,0x12835b01) + F(w10,0x243185be) + F(w11,0x550c7dc3) + F(w12,0x72be5d74) + F(w13,0x80deb1fe) + F(w14,0x9bdc06a7) + F(w15,0xc19bf174) + + EXPAND + + F(w0 ,0xe49b69c1) + F(w1 ,0xefbe4786) + F(w2 ,0x0fc19dc6) + F(w3 ,0x240ca1cc) + F(w4 ,0x2de92c6f) + F(w5 ,0x4a7484aa) + F(w6 ,0x5cb0a9dc) + F(w7 ,0x76f988da) + F(w8 ,0x983e5152) + F(w9 ,0xa831c66d) + F(w10,0xb00327c8) + F(w11,0xbf597fc7) + F(w12,0xc6e00bf3) + F(w13,0xd5a79147) + F(w14,0x06ca6351) + F(w15,0x14292967) + + EXPAND + + F(w0 ,0x27b70a85) + F(w1 ,0x2e1b2138) + F(w2 ,0x4d2c6dfc) + F(w3 ,0x53380d13) + F(w4 ,0x650a7354) + F(w5 ,0x766a0abb) + F(w6 ,0x81c2c92e) + F(w7 ,0x92722c85) + F(w8 ,0xa2bfe8a1) + F(w9 ,0xa81a664b) + F(w10,0xc24b8b70) + F(w11,0xc76c51a3) + F(w12,0xd192e819) + F(w13,0xd6990624) + F(w14,0xf40e3585) + F(w15,0x106aa070) + + EXPAND + + F(w0 ,0x19a4c116) + F(w1 ,0x1e376c08) + F(w2 ,0x2748774c) + F(w3 ,0x34b0bcb5) + F(w4 ,0x391c0cb3) + F(w5 ,0x4ed8aa4a) + F(w6 ,0x5b9cca4f) + F(w7 ,0x682e6ff3) + F(w8 ,0x748f82ee) + F(w9 ,0x78a5636f) + F(w10,0x84c87814) + F(w11,0x8cc70208) + F(w12,0x90befffa) + F(w13,0xa4506ceb) + F(w14,0xbef9a3f7) + F(w15,0xc67178f2) + + a += state[0]; + b += state[1]; + c += state[2]; + d += state[3]; + e += state[4]; + f += state[5]; + g += state[6]; + h += state[7]; + + state[0] = a; + state[1] = b; + state[2] = c; + state[3] = d; + state[4] = e; + state[5] = f; + state[6] = g; + state[7] = h; + + in += 64; + inlen -= 64; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 4,state[1]); + store_bigendian(statebytes + 8,state[2]); + store_bigendian(statebytes + 12,state[3]); + store_bigendian(statebytes + 16,state[4]); + store_bigendian(statebytes + 20,state[5]); + store_bigendian(statebytes + 24,state[6]); + store_bigendian(statebytes + 28,state[7]); + + return 0; +} diff --git a/nacl-20110221/crypto_hashblocks/sha256/ref/implementors b/nacl-20110221/crypto_hashblocks/sha256/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/nacl-20110221/crypto_hashblocks/sha256/used b/nacl-20110221/crypto_hashblocks/sha256/used diff --git a/nacl-20110221/crypto_hashblocks/sha512/checksum b/nacl-20110221/crypto_hashblocks/sha512/checksum @@ -0,0 +1 @@ +f005c91634ae549f0dd4529ddbaf07038cb75a59b818cd1d4eb4e2b4019ab6733556131f320c4a145c735a22594581d454cccb15c18bf198ffcb2da29fe39456 diff --git a/nacl-20110221/crypto_hashblocks/sha512/inplace/api.h b/nacl-20110221/crypto_hashblocks/sha512/inplace/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 64 +#define CRYPTO_BLOCKBYTES 128 diff --git a/nacl-20110221/crypto_hashblocks/sha512/inplace/blocks.c b/nacl-20110221/crypto_hashblocks/sha512/inplace/blocks.c @@ -0,0 +1,256 @@ +#include "crypto_hashblocks.h" + +typedef unsigned long long uint64; + +static uint64 load_bigendian(const unsigned char *x) +{ + return + (uint64) (x[7]) \ + | (((uint64) (x[6])) << 8) \ + | (((uint64) (x[5])) << 16) \ + | (((uint64) (x[4])) << 24) \ + | (((uint64) (x[3])) << 32) \ + | (((uint64) (x[2])) << 40) \ + | (((uint64) (x[1])) << 48) \ + | (((uint64) (x[0])) << 56) + ; +} + +static void store_bigendian(unsigned char *x,uint64 u) +{ + x[7] = u; u >>= 8; + x[6] = u; u >>= 8; + x[5] = u; u >>= 8; + x[4] = u; u >>= 8; + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7)) +#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(r0,r1,r2,r3,r4,r5,r6,r7,w,k) \ + r7 += Sigma1(r4) + Ch(r4,r5,r6) + k + w; \ + r3 += r7; \ + r7 += Sigma0(r0) + Maj(r0,r1,r2); + +#define G(r0,r1,r2,r3,r4,r5,r6,r7,i) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w0 ,round[i + 0]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w1 ,round[i + 1]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w2 ,round[i + 2]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w3 ,round[i + 3]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w4 ,round[i + 4]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w5 ,round[i + 5]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w6 ,round[i + 6]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w7 ,round[i + 7]) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w8 ,round[i + 8]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w9 ,round[i + 9]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w10,round[i + 10]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w11,round[i + 11]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w12,round[i + 12]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w13,round[i + 13]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w14,round[i + 14]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w15,round[i + 15]) + +static const uint64 round[80] = { + 0x428a2f98d728ae22ULL +, 0x7137449123ef65cdULL +, 0xb5c0fbcfec4d3b2fULL +, 0xe9b5dba58189dbbcULL +, 0x3956c25bf348b538ULL +, 0x59f111f1b605d019ULL +, 0x923f82a4af194f9bULL +, 0xab1c5ed5da6d8118ULL +, 0xd807aa98a3030242ULL +, 0x12835b0145706fbeULL +, 0x243185be4ee4b28cULL +, 0x550c7dc3d5ffb4e2ULL +, 0x72be5d74f27b896fULL +, 0x80deb1fe3b1696b1ULL +, 0x9bdc06a725c71235ULL +, 0xc19bf174cf692694ULL +, 0xe49b69c19ef14ad2ULL +, 0xefbe4786384f25e3ULL +, 0x0fc19dc68b8cd5b5ULL +, 0x240ca1cc77ac9c65ULL +, 0x2de92c6f592b0275ULL +, 0x4a7484aa6ea6e483ULL +, 0x5cb0a9dcbd41fbd4ULL +, 0x76f988da831153b5ULL +, 0x983e5152ee66dfabULL +, 0xa831c66d2db43210ULL +, 0xb00327c898fb213fULL +, 0xbf597fc7beef0ee4ULL +, 0xc6e00bf33da88fc2ULL +, 0xd5a79147930aa725ULL +, 0x06ca6351e003826fULL +, 0x142929670a0e6e70ULL +, 0x27b70a8546d22ffcULL +, 0x2e1b21385c26c926ULL +, 0x4d2c6dfc5ac42aedULL +, 0x53380d139d95b3dfULL +, 0x650a73548baf63deULL +, 0x766a0abb3c77b2a8ULL +, 0x81c2c92e47edaee6ULL +, 0x92722c851482353bULL +, 0xa2bfe8a14cf10364ULL +, 0xa81a664bbc423001ULL +, 0xc24b8b70d0f89791ULL +, 0xc76c51a30654be30ULL +, 0xd192e819d6ef5218ULL +, 0xd69906245565a910ULL +, 0xf40e35855771202aULL +, 0x106aa07032bbd1b8ULL +, 0x19a4c116b8d2d0c8ULL +, 0x1e376c085141ab53ULL +, 0x2748774cdf8eeb99ULL +, 0x34b0bcb5e19b48a8ULL +, 0x391c0cb3c5c95a63ULL +, 0x4ed8aa4ae3418acbULL +, 0x5b9cca4f7763e373ULL +, 0x682e6ff3d6b2b8a3ULL +, 0x748f82ee5defb2fcULL +, 0x78a5636f43172f60ULL +, 0x84c87814a1f0ab72ULL +, 0x8cc702081a6439ecULL +, 0x90befffa23631e28ULL +, 0xa4506cebde82bde9ULL +, 0xbef9a3f7b2c67915ULL +, 0xc67178f2e372532bULL +, 0xca273eceea26619cULL +, 0xd186b8c721c0c207ULL +, 0xeada7dd6cde0eb1eULL +, 0xf57d4f7fee6ed178ULL +, 0x06f067aa72176fbaULL +, 0x0a637dc5a2c898a6ULL +, 0x113f9804bef90daeULL +, 0x1b710b35131c471bULL +, 0x28db77f523047d84ULL +, 0x32caab7b40c72493ULL +, 0x3c9ebe0a15c9bebcULL +, 0x431d67c49c100d4cULL +, 0x4cc5d4becb3e42b6ULL +, 0x597f299cfc657e2aULL +, 0x5fcb6fab3ad6faecULL +, 0x6c44198c4a475817ULL +}; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint64 state[8]; + uint64 r0; + uint64 r1; + uint64 r2; + uint64 r3; + uint64 r4; + uint64 r5; + uint64 r6; + uint64 r7; + + r0 = load_bigendian(statebytes + 0); state[0] = r0; + r1 = load_bigendian(statebytes + 8); state[1] = r1; + r2 = load_bigendian(statebytes + 16); state[2] = r2; + r3 = load_bigendian(statebytes + 24); state[3] = r3; + r4 = load_bigendian(statebytes + 32); state[4] = r4; + r5 = load_bigendian(statebytes + 40); state[5] = r5; + r6 = load_bigendian(statebytes + 48); state[6] = r6; + r7 = load_bigendian(statebytes + 56); state[7] = r7; + + while (inlen >= 128) { + uint64 w0 = load_bigendian(in + 0); + uint64 w1 = load_bigendian(in + 8); + uint64 w2 = load_bigendian(in + 16); + uint64 w3 = load_bigendian(in + 24); + uint64 w4 = load_bigendian(in + 32); + uint64 w5 = load_bigendian(in + 40); + uint64 w6 = load_bigendian(in + 48); + uint64 w7 = load_bigendian(in + 56); + uint64 w8 = load_bigendian(in + 64); + uint64 w9 = load_bigendian(in + 72); + uint64 w10 = load_bigendian(in + 80); + uint64 w11 = load_bigendian(in + 88); + uint64 w12 = load_bigendian(in + 96); + uint64 w13 = load_bigendian(in + 104); + uint64 w14 = load_bigendian(in + 112); + uint64 w15 = load_bigendian(in + 120); + + G(r0,r1,r2,r3,r4,r5,r6,r7,0) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,16) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,32) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,48) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,64) + + r0 += state[0]; + r1 += state[1]; + r2 += state[2]; + r3 += state[3]; + r4 += state[4]; + r5 += state[5]; + r6 += state[6]; + r7 += state[7]; + + state[0] = r0; + state[1] = r1; + state[2] = r2; + state[3] = r3; + state[4] = r4; + state[5] = r5; + state[6] = r6; + state[7] = r7; + + in += 128; + inlen -= 128; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 8,state[1]); + store_bigendian(statebytes + 16,state[2]); + store_bigendian(statebytes + 24,state[3]); + store_bigendian(statebytes + 32,state[4]); + store_bigendian(statebytes + 40,state[5]); + store_bigendian(statebytes + 48,state[6]); + store_bigendian(statebytes + 56,state[7]); + + return 0; +} diff --git a/nacl-20110221/crypto_hashblocks/sha512/inplace/implementors b/nacl-20110221/crypto_hashblocks/sha512/inplace/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/nacl-20110221/crypto_hashblocks/sha512/ref/api.h b/nacl-20110221/crypto_hashblocks/sha512/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 64 +#define CRYPTO_BLOCKBYTES 128 diff --git a/nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c b/nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c @@ -0,0 +1,239 @@ +#include "crypto_hashblocks.h" + +typedef unsigned long long uint64; + +static uint64 load_bigendian(const unsigned char *x) +{ + return + (uint64) (x[7]) \ + | (((uint64) (x[6])) << 8) \ + | (((uint64) (x[5])) << 16) \ + | (((uint64) (x[4])) << 24) \ + | (((uint64) (x[3])) << 32) \ + | (((uint64) (x[2])) << 40) \ + | (((uint64) (x[1])) << 48) \ + | (((uint64) (x[0])) << 56) + ; +} + +static void store_bigendian(unsigned char *x,uint64 u) +{ + x[7] = u; u >>= 8; + x[6] = u; u >>= 8; + x[5] = u; u >>= 8; + x[4] = u; u >>= 8; + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7)) +#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(w,k) \ + T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ + T2 = Sigma0(a) + Maj(a,b,c); \ + h = g; \ + g = f; \ + f = e; \ + e = d + T1; \ + d = c; \ + c = b; \ + b = a; \ + a = T1 + T2; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint64 state[8]; + uint64 a; + uint64 b; + uint64 c; + uint64 d; + uint64 e; + uint64 f; + uint64 g; + uint64 h; + uint64 T1; + uint64 T2; + + a = load_bigendian(statebytes + 0); state[0] = a; + b = load_bigendian(statebytes + 8); state[1] = b; + c = load_bigendian(statebytes + 16); state[2] = c; + d = load_bigendian(statebytes + 24); state[3] = d; + e = load_bigendian(statebytes + 32); state[4] = e; + f = load_bigendian(statebytes + 40); state[5] = f; + g = load_bigendian(statebytes + 48); state[6] = g; + h = load_bigendian(statebytes + 56); state[7] = h; + + while (inlen >= 128) { + uint64 w0 = load_bigendian(in + 0); + uint64 w1 = load_bigendian(in + 8); + uint64 w2 = load_bigendian(in + 16); + uint64 w3 = load_bigendian(in + 24); + uint64 w4 = load_bigendian(in + 32); + uint64 w5 = load_bigendian(in + 40); + uint64 w6 = load_bigendian(in + 48); + uint64 w7 = load_bigendian(in + 56); + uint64 w8 = load_bigendian(in + 64); + uint64 w9 = load_bigendian(in + 72); + uint64 w10 = load_bigendian(in + 80); + uint64 w11 = load_bigendian(in + 88); + uint64 w12 = load_bigendian(in + 96); + uint64 w13 = load_bigendian(in + 104); + uint64 w14 = load_bigendian(in + 112); + uint64 w15 = load_bigendian(in + 120); + + F(w0 ,0x428a2f98d728ae22ULL) + F(w1 ,0x7137449123ef65cdULL) + F(w2 ,0xb5c0fbcfec4d3b2fULL) + F(w3 ,0xe9b5dba58189dbbcULL) + F(w4 ,0x3956c25bf348b538ULL) + F(w5 ,0x59f111f1b605d019ULL) + F(w6 ,0x923f82a4af194f9bULL) + F(w7 ,0xab1c5ed5da6d8118ULL) + F(w8 ,0xd807aa98a3030242ULL) + F(w9 ,0x12835b0145706fbeULL) + F(w10,0x243185be4ee4b28cULL) + F(w11,0x550c7dc3d5ffb4e2ULL) + F(w12,0x72be5d74f27b896fULL) + F(w13,0x80deb1fe3b1696b1ULL) + F(w14,0x9bdc06a725c71235ULL) + F(w15,0xc19bf174cf692694ULL) + + EXPAND + + F(w0 ,0xe49b69c19ef14ad2ULL) + F(w1 ,0xefbe4786384f25e3ULL) + F(w2 ,0x0fc19dc68b8cd5b5ULL) + F(w3 ,0x240ca1cc77ac9c65ULL) + F(w4 ,0x2de92c6f592b0275ULL) + F(w5 ,0x4a7484aa6ea6e483ULL) + F(w6 ,0x5cb0a9dcbd41fbd4ULL) + F(w7 ,0x76f988da831153b5ULL) + F(w8 ,0x983e5152ee66dfabULL) + F(w9 ,0xa831c66d2db43210ULL) + F(w10,0xb00327c898fb213fULL) + F(w11,0xbf597fc7beef0ee4ULL) + F(w12,0xc6e00bf33da88fc2ULL) + F(w13,0xd5a79147930aa725ULL) + F(w14,0x06ca6351e003826fULL) + F(w15,0x142929670a0e6e70ULL) + + EXPAND + + F(w0 ,0x27b70a8546d22ffcULL) + F(w1 ,0x2e1b21385c26c926ULL) + F(w2 ,0x4d2c6dfc5ac42aedULL) + F(w3 ,0x53380d139d95b3dfULL) + F(w4 ,0x650a73548baf63deULL) + F(w5 ,0x766a0abb3c77b2a8ULL) + F(w6 ,0x81c2c92e47edaee6ULL) + F(w7 ,0x92722c851482353bULL) + F(w8 ,0xa2bfe8a14cf10364ULL) + F(w9 ,0xa81a664bbc423001ULL) + F(w10,0xc24b8b70d0f89791ULL) + F(w11,0xc76c51a30654be30ULL) + F(w12,0xd192e819d6ef5218ULL) + F(w13,0xd69906245565a910ULL) + F(w14,0xf40e35855771202aULL) + F(w15,0x106aa07032bbd1b8ULL) + + EXPAND + + F(w0 ,0x19a4c116b8d2d0c8ULL) + F(w1 ,0x1e376c085141ab53ULL) + F(w2 ,0x2748774cdf8eeb99ULL) + F(w3 ,0x34b0bcb5e19b48a8ULL) + F(w4 ,0x391c0cb3c5c95a63ULL) + F(w5 ,0x4ed8aa4ae3418acbULL) + F(w6 ,0x5b9cca4f7763e373ULL) + F(w7 ,0x682e6ff3d6b2b8a3ULL) + F(w8 ,0x748f82ee5defb2fcULL) + F(w9 ,0x78a5636f43172f60ULL) + F(w10,0x84c87814a1f0ab72ULL) + F(w11,0x8cc702081a6439ecULL) + F(w12,0x90befffa23631e28ULL) + F(w13,0xa4506cebde82bde9ULL) + F(w14,0xbef9a3f7b2c67915ULL) + F(w15,0xc67178f2e372532bULL) + + EXPAND + + F(w0 ,0xca273eceea26619cULL) + F(w1 ,0xd186b8c721c0c207ULL) + F(w2 ,0xeada7dd6cde0eb1eULL) + F(w3 ,0xf57d4f7fee6ed178ULL) + F(w4 ,0x06f067aa72176fbaULL) + F(w5 ,0x0a637dc5a2c898a6ULL) + F(w6 ,0x113f9804bef90daeULL) + F(w7 ,0x1b710b35131c471bULL) + F(w8 ,0x28db77f523047d84ULL) + F(w9 ,0x32caab7b40c72493ULL) + F(w10,0x3c9ebe0a15c9bebcULL) + F(w11,0x431d67c49c100d4cULL) + F(w12,0x4cc5d4becb3e42b6ULL) + F(w13,0x597f299cfc657e2aULL) + F(w14,0x5fcb6fab3ad6faecULL) + F(w15,0x6c44198c4a475817ULL) + + a += state[0]; + b += state[1]; + c += state[2]; + d += state[3]; + e += state[4]; + f += state[5]; + g += state[6]; + h += state[7]; + + state[0] = a; + state[1] = b; + state[2] = c; + state[3] = d; + state[4] = e; + state[5] = f; + state[6] = g; + state[7] = h; + + in += 128; + inlen -= 128; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 8,state[1]); + store_bigendian(statebytes + 16,state[2]); + store_bigendian(statebytes + 24,state[3]); + store_bigendian(statebytes + 32,state[4]); + store_bigendian(statebytes + 40,state[5]); + store_bigendian(statebytes + 48,state[6]); + store_bigendian(statebytes + 56,state[7]); + + return 0; +} diff --git a/nacl-20110221/crypto_hashblocks/sha512/ref/implementors b/nacl-20110221/crypto_hashblocks/sha512/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/nacl-20110221/crypto_hashblocks/sha512/selected b/nacl-20110221/crypto_hashblocks/sha512/selected diff --git a/nacl-20110221/crypto_hashblocks/sha512/used b/nacl-20110221/crypto_hashblocks/sha512/used diff --git a/nacl-20110221/crypto_hashblocks/try.c b/nacl-20110221/crypto_hashblocks/try.c @@ -0,0 +1,79 @@ +/* + * crypto_hashblocks/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include <stdlib.h> +#include "crypto_hashblocks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_hashblocks_IMPLEMENTATION; + +#define MAXTEST_BYTES (10000 + crypto_hashblocks_STATEBYTES) +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *h2; +static unsigned char *m; +static unsigned char *m2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_hashblocks_STATEBYTES); + h2 = alignedcalloc(crypto_hashblocks_STATEBYTES); + m = alignedcalloc(MAXTEST_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_hashblocks(h,m,TUNE_BYTES); +} + +char checksum[crypto_hashblocks_STATEBYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long hlen = crypto_hashblocks_STATEBYTES; + long long mlen = i; + for (j = -16;j < 0;++j) h[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < 0;++j) m[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + if (crypto_hashblocks(h,m,mlen) != 0) return "crypto_hashblocks returns nonzero"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_hashblocks writes to input"; + for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_hashblocks writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_hashblocks writes after output"; + for (j = 0;j < hlen;++j) m2[j] = h2[j]; + if (crypto_hashblocks(h2,m2,mlen) != 0) return "crypto_hashblocks returns nonzero"; + if (crypto_hashblocks(m2,m2,mlen) != 0) return "crypto_hashblocks returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h2[j]) return "crypto_hashblocks does not handle overlap"; + for (j = 0;j < mlen;++j) m[j] ^= h[j % hlen]; + m[mlen] = h[0]; + } + if (crypto_hashblocks(h,m,CHECKSUM_BYTES) != 0) return "crypto_hashblocks returns nonzero"; + + for (i = 0;i < crypto_hashblocks_STATEBYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/nacl-20110221/crypto_hashblocks/wrapper-empty.cpp b/nacl-20110221/crypto_hashblocks/wrapper-empty.cpp diff --git a/nacl-20110221/crypto_onetimeauth/measure.c b/nacl-20110221/crypto_onetimeauth/measure.c @@ -0,0 +1,69 @@ +#include "crypto_onetimeauth.h" +#include "randombytes.h" +#include "cpucycles.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION; +const char *implementationversion = crypto_onetimeauth_VERSION; +const char *sizenames[] = { "outputbytes", "keybytes", 0 }; +const long long sizes[] = { crypto_onetimeauth_BYTES, crypto_onetimeauth_KEYBYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *k; +static unsigned char *m; +static unsigned char *h; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_onetimeauth_KEYBYTES); + m = alignedcalloc(MAXTEST_BYTES); + h = alignedcalloc(crypto_onetimeauth_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(k,crypto_onetimeauth_KEYBYTES); + randombytes(m,mlen); + randombytes(h,crypto_onetimeauth_BYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_onetimeauth(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_onetimeauth_verify(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"verify_cycles",cycles,TIMINGS); + } + } +} diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/53/api.h b/nacl-20110221/crypto_onetimeauth/poly1305/53/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/53/auth.c b/nacl-20110221/crypto_onetimeauth/poly1305/53/auth.c @@ -0,0 +1,1616 @@ +/* +20080910 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_onetimeauth.h" + +typedef unsigned char uchar; +typedef int int32; +typedef unsigned int uint32; +typedef long long int64; +typedef unsigned long long uint64; + +static const double poly1305_53_constants[] = { + 0.00000000558793544769287109375 /* alpham80 = 3 2^(-29) */ +, 24.0 /* alpham48 = 3 2^3 */ +, 103079215104.0 /* alpham16 = 3 2^35 */ +, 6755399441055744.0 /* alpha0 = 3 2^51 */ +, 1770887431076116955136.0 /* alpha18 = 3 2^69 */ +, 29014219670751100192948224.0 /* alpha32 = 3 2^83 */ +, 7605903601369376408980219232256.0 /* alpha50 = 3 2^101 */ +, 124615124604835863084731911901282304.0 /* alpha64 = 3 2^115 */ +, 32667107224410092492483962313449748299776.0 /* alpha82 = 3 2^133 */ +, 535217884764734955396857238543560676143529984.0 /* alpha96 = 3 2^147 */ +, 35076039295941670036888435985190792471742381031424.0 /* alpha112 = 3 2^163 */ +, 9194973245195333150150082162901855101712434733101613056.0 /* alpha130 = 3 2^181 */ +, 0.0000000000000000000000000000000000000036734198463196484624023016788195177431833298649127735047148490821200539357960224151611328125 /* scale = 5 2^(-130) */ +, 6755408030990331.0 /* offset0 = alpha0 + 2^33 - 5 */ +, 29014256564239239022116864.0 /* offset1 = alpha32 + 2^65 - 2^33 */ +, 124615283061160854719918951570079744.0 /* offset2 = alpha64 + 2^97 - 2^65 */ +, 535219245894202480694386063513315216128475136.0 /* offset3 = alpha96 + 2^130 - 2^97 */ +} ; + +int crypto_onetimeauth(unsigned char *out,const unsigned char *m,unsigned long long l,const unsigned char *k) +{ + register const unsigned char *r = k; + register const unsigned char *s = k + 16; + double r0high_stack; + double r1high_stack; + double r1low_stack; + double sr1high_stack; + double r2low_stack; + double sr2high_stack; + double r0low_stack; + double sr1low_stack; + double r2high_stack; + double sr2low_stack; + double r3high_stack; + double sr3high_stack; + double r3low_stack; + double sr3low_stack; + int64 d0; + int64 d1; + int64 d2; + int64 d3; + register double scale; + register double alpha0; + register double alpha32; + register double alpha64; + register double alpha96; + register double alpha130; + register double h0; + register double h1; + register double h2; + register double h3; + register double h4; + register double h5; + register double h6; + register double h7; + register double y7; + register double y6; + register double y1; + register double y0; + register double y5; + register double y4; + register double x7; + register double x6; + register double x1; + register double x0; + register double y3; + register double y2; + register double r3low; + register double r0low; + register double r3high; + register double r0high; + register double sr1low; + register double x5; + register double r3lowx0; + register double sr1high; + register double x4; + register double r0lowx6; + register double r1low; + register double x3; + register double r3highx0; + register double r1high; + register double x2; + register double r0highx6; + register double sr2low; + register double r0lowx0; + register double sr2high; + register double sr1lowx6; + register double r2low; + register double r0highx0; + register double r2high; + register double sr1highx6; + register double sr3low; + register double r1lowx0; + register double sr3high; + register double sr2lowx6; + register double r1highx0; + register double sr2highx6; + register double r2lowx0; + register double sr3lowx6; + register double r2highx0; + register double sr3highx6; + register double r1highx4; + register double r1lowx4; + register double r0highx4; + register double r0lowx4; + register double sr3highx4; + register double sr3lowx4; + register double sr2highx4; + register double sr2lowx4; + register double r0lowx2; + register double r0highx2; + register double r1lowx2; + register double r1highx2; + register double r2lowx2; + register double r2highx2; + register double sr3lowx2; + register double sr3highx2; + register double z0; + register double z1; + register double z2; + register double z3; + register int64 r0; + register int64 r1; + register int64 r2; + register int64 r3; + register uint32 r00; + register uint32 r01; + register uint32 r02; + register uint32 r03; + register uint32 r10; + register uint32 r11; + register uint32 r12; + register uint32 r13; + register uint32 r20; + register uint32 r21; + register uint32 r22; + register uint32 r23; + register uint32 r30; + register uint32 r31; + register uint32 r32; + register uint32 r33; + register int64 m0; + register int64 m1; + register int64 m2; + register int64 m3; + register uint32 m00; + register uint32 m01; + register uint32 m02; + register uint32 m03; + register uint32 m10; + register uint32 m11; + register uint32 m12; + register uint32 m13; + register uint32 m20; + register uint32 m21; + register uint32 m22; + register uint32 m23; + register uint32 m30; + register uint32 m31; + register uint32 m32; + register uint64 m33; + register char *constants; + register int32 lbelow2; + register int32 lbelow3; + register int32 lbelow4; + register int32 lbelow5; + register int32 lbelow6; + register int32 lbelow7; + register int32 lbelow8; + register int32 lbelow9; + register int32 lbelow10; + register int32 lbelow11; + register int32 lbelow12; + register int32 lbelow13; + register int32 lbelow14; + register int32 lbelow15; + register double alpham80; + register double alpham48; + register double alpham16; + register double alpha18; + register double alpha50; + register double alpha82; + register double alpha112; + register double offset0; + register double offset1; + register double offset2; + register double offset3; + register uint32 s00; + register uint32 s01; + register uint32 s02; + register uint32 s03; + register uint32 s10; + register uint32 s11; + register uint32 s12; + register uint32 s13; + register uint32 s20; + register uint32 s21; + register uint32 s22; + register uint32 s23; + register uint32 s30; + register uint32 s31; + register uint32 s32; + register uint32 s33; + register uint64 bits32; + register uint64 f; + register uint64 f0; + register uint64 f1; + register uint64 f2; + register uint64 f3; + register uint64 f4; + register uint64 g; + register uint64 g0; + register uint64 g1; + register uint64 g2; + register uint64 g3; + register uint64 g4; + + r00 = *(uchar *) (r + 0); + constants = (char *) &poly1305_53_constants; + + r01 = *(uchar *) (r + 1); + + r02 = *(uchar *) (r + 2); + r0 = 2151; + + r03 = *(uchar *) (r + 3); r03 &= 15; + r0 <<= 51; + + r10 = *(uchar *) (r + 4); r10 &= 252; + r01 <<= 8; + r0 += r00; + + r11 = *(uchar *) (r + 5); + r02 <<= 16; + r0 += r01; + + r12 = *(uchar *) (r + 6); + r03 <<= 24; + r0 += r02; + + r13 = *(uchar *) (r + 7); r13 &= 15; + r1 = 2215; + r0 += r03; + + d0 = r0; + r1 <<= 51; + r2 = 2279; + + r20 = *(uchar *) (r + 8); r20 &= 252; + r11 <<= 8; + r1 += r10; + + r21 = *(uchar *) (r + 9); + r12 <<= 16; + r1 += r11; + + r22 = *(uchar *) (r + 10); + r13 <<= 24; + r1 += r12; + + r23 = *(uchar *) (r + 11); r23 &= 15; + r2 <<= 51; + r1 += r13; + + d1 = r1; + r21 <<= 8; + r2 += r20; + + r30 = *(uchar *) (r + 12); r30 &= 252; + r22 <<= 16; + r2 += r21; + + r31 = *(uchar *) (r + 13); + r23 <<= 24; + r2 += r22; + + r32 = *(uchar *) (r + 14); + r2 += r23; + r3 = 2343; + + d2 = r2; + r3 <<= 51; + alpha32 = *(double *) (constants + 40); + + r33 = *(uchar *) (r + 15); r33 &= 15; + r31 <<= 8; + r3 += r30; + + r32 <<= 16; + r3 += r31; + + r33 <<= 24; + r3 += r32; + + r3 += r33; + h0 = alpha32 - alpha32; + + d3 = r3; + h1 = alpha32 - alpha32; + + alpha0 = *(double *) (constants + 24); + h2 = alpha32 - alpha32; + + alpha64 = *(double *) (constants + 56); + h3 = alpha32 - alpha32; + + alpha18 = *(double *) (constants + 32); + h4 = alpha32 - alpha32; + + r0low = *(double *) &d0; + h5 = alpha32 - alpha32; + + r1low = *(double *) &d1; + h6 = alpha32 - alpha32; + + r2low = *(double *) &d2; + h7 = alpha32 - alpha32; + + alpha50 = *(double *) (constants + 48); + r0low -= alpha0; + + alpha82 = *(double *) (constants + 64); + r1low -= alpha32; + + scale = *(double *) (constants + 96); + r2low -= alpha64; + + alpha96 = *(double *) (constants + 72); + r0high = r0low + alpha18; + + r3low = *(double *) &d3; + + alpham80 = *(double *) (constants + 0); + r1high = r1low + alpha50; + sr1low = scale * r1low; + + alpham48 = *(double *) (constants + 8); + r2high = r2low + alpha82; + sr2low = scale * r2low; + + r0high -= alpha18; + r0high_stack = r0high; + + r3low -= alpha96; + + r1high -= alpha50; + r1high_stack = r1high; + + sr1high = sr1low + alpham80; + + alpha112 = *(double *) (constants + 80); + r0low -= r0high; + + alpham16 = *(double *) (constants + 16); + r2high -= alpha82; + sr3low = scale * r3low; + + alpha130 = *(double *) (constants + 88); + sr2high = sr2low + alpham48; + + r1low -= r1high; + r1low_stack = r1low; + + sr1high -= alpham80; + sr1high_stack = sr1high; + + r2low -= r2high; + r2low_stack = r2low; + + sr2high -= alpham48; + sr2high_stack = sr2high; + + r3high = r3low + alpha112; + r0low_stack = r0low; + + sr1low -= sr1high; + sr1low_stack = sr1low; + + sr3high = sr3low + alpham16; + r2high_stack = r2high; + + sr2low -= sr2high; + sr2low_stack = sr2low; + + r3high -= alpha112; + r3high_stack = r3high; + + + sr3high -= alpham16; + sr3high_stack = sr3high; + + + r3low -= r3high; + r3low_stack = r3low; + + + sr3low -= sr3high; + sr3low_stack = sr3low; + +if (l < 16) goto addatmost15bytes; + + m00 = *(uchar *) (m + 0); + m0 = 2151; + + m0 <<= 51; + m1 = 2215; + m01 = *(uchar *) (m + 1); + + m1 <<= 51; + m2 = 2279; + m02 = *(uchar *) (m + 2); + + m2 <<= 51; + m3 = 2343; + m03 = *(uchar *) (m + 3); + + m10 = *(uchar *) (m + 4); + m01 <<= 8; + m0 += m00; + + m11 = *(uchar *) (m + 5); + m02 <<= 16; + m0 += m01; + + m12 = *(uchar *) (m + 6); + m03 <<= 24; + m0 += m02; + + m13 = *(uchar *) (m + 7); + m3 <<= 51; + m0 += m03; + + m20 = *(uchar *) (m + 8); + m11 <<= 8; + m1 += m10; + + m21 = *(uchar *) (m + 9); + m12 <<= 16; + m1 += m11; + + m22 = *(uchar *) (m + 10); + m13 <<= 24; + m1 += m12; + + m23 = *(uchar *) (m + 11); + m1 += m13; + + m30 = *(uchar *) (m + 12); + m21 <<= 8; + m2 += m20; + + m31 = *(uchar *) (m + 13); + m22 <<= 16; + m2 += m21; + + m32 = *(uchar *) (m + 14); + m23 <<= 24; + m2 += m22; + + m33 = *(uchar *) (m + 15); + m2 += m23; + + d0 = m0; + m31 <<= 8; + m3 += m30; + + d1 = m1; + m32 <<= 16; + m3 += m31; + + d2 = m2; + m33 += 256; + + m33 <<= 24; + m3 += m32; + + m3 += m33; + d3 = m3; + + m += 16; + l -= 16; + + z0 = *(double *) &d0; + + z1 = *(double *) &d1; + + z2 = *(double *) &d2; + + z3 = *(double *) &d3; + + z0 -= alpha0; + + z1 -= alpha32; + + z2 -= alpha64; + + z3 -= alpha96; + + h0 += z0; + + h1 += z1; + + h3 += z2; + + h5 += z3; + +if (l < 16) goto multiplyaddatmost15bytes; + +multiplyaddatleast16bytes:; + + m2 = 2279; + m20 = *(uchar *) (m + 8); + y7 = h7 + alpha130; + + m2 <<= 51; + m3 = 2343; + m21 = *(uchar *) (m + 9); + y6 = h6 + alpha130; + + m3 <<= 51; + m0 = 2151; + m22 = *(uchar *) (m + 10); + y1 = h1 + alpha32; + + m0 <<= 51; + m1 = 2215; + m23 = *(uchar *) (m + 11); + y0 = h0 + alpha32; + + m1 <<= 51; + m30 = *(uchar *) (m + 12); + y7 -= alpha130; + + m21 <<= 8; + m2 += m20; + m31 = *(uchar *) (m + 13); + y6 -= alpha130; + + m22 <<= 16; + m2 += m21; + m32 = *(uchar *) (m + 14); + y1 -= alpha32; + + m23 <<= 24; + m2 += m22; + m33 = *(uchar *) (m + 15); + y0 -= alpha32; + + m2 += m23; + m00 = *(uchar *) (m + 0); + y5 = h5 + alpha96; + + m31 <<= 8; + m3 += m30; + m01 = *(uchar *) (m + 1); + y4 = h4 + alpha96; + + m32 <<= 16; + m02 = *(uchar *) (m + 2); + x7 = h7 - y7; + y7 *= scale; + + m33 += 256; + m03 = *(uchar *) (m + 3); + x6 = h6 - y6; + y6 *= scale; + + m33 <<= 24; + m3 += m31; + m10 = *(uchar *) (m + 4); + x1 = h1 - y1; + + m01 <<= 8; + m3 += m32; + m11 = *(uchar *) (m + 5); + x0 = h0 - y0; + + m3 += m33; + m0 += m00; + m12 = *(uchar *) (m + 6); + y5 -= alpha96; + + m02 <<= 16; + m0 += m01; + m13 = *(uchar *) (m + 7); + y4 -= alpha96; + + m03 <<= 24; + m0 += m02; + d2 = m2; + x1 += y7; + + m0 += m03; + d3 = m3; + x0 += y6; + + m11 <<= 8; + m1 += m10; + d0 = m0; + x7 += y5; + + m12 <<= 16; + m1 += m11; + x6 += y4; + + m13 <<= 24; + m1 += m12; + y3 = h3 + alpha64; + + m1 += m13; + d1 = m1; + y2 = h2 + alpha64; + + x0 += x1; + + x6 += x7; + + y3 -= alpha64; + r3low = r3low_stack; + + y2 -= alpha64; + r0low = r0low_stack; + + x5 = h5 - y5; + r3lowx0 = r3low * x0; + r3high = r3high_stack; + + x4 = h4 - y4; + r0lowx6 = r0low * x6; + r0high = r0high_stack; + + x3 = h3 - y3; + r3highx0 = r3high * x0; + sr1low = sr1low_stack; + + x2 = h2 - y2; + r0highx6 = r0high * x6; + sr1high = sr1high_stack; + + x5 += y3; + r0lowx0 = r0low * x0; + r1low = r1low_stack; + + h6 = r3lowx0 + r0lowx6; + sr1lowx6 = sr1low * x6; + r1high = r1high_stack; + + x4 += y2; + r0highx0 = r0high * x0; + sr2low = sr2low_stack; + + h7 = r3highx0 + r0highx6; + sr1highx6 = sr1high * x6; + sr2high = sr2high_stack; + + x3 += y1; + r1lowx0 = r1low * x0; + r2low = r2low_stack; + + h0 = r0lowx0 + sr1lowx6; + sr2lowx6 = sr2low * x6; + r2high = r2high_stack; + + x2 += y0; + r1highx0 = r1high * x0; + sr3low = sr3low_stack; + + h1 = r0highx0 + sr1highx6; + sr2highx6 = sr2high * x6; + sr3high = sr3high_stack; + + x4 += x5; + r2lowx0 = r2low * x0; + z2 = *(double *) &d2; + + h2 = r1lowx0 + sr2lowx6; + sr3lowx6 = sr3low * x6; + + x2 += x3; + r2highx0 = r2high * x0; + z3 = *(double *) &d3; + + h3 = r1highx0 + sr2highx6; + sr3highx6 = sr3high * x6; + + r1highx4 = r1high * x4; + z2 -= alpha64; + + h4 = r2lowx0 + sr3lowx6; + r1lowx4 = r1low * x4; + + r0highx4 = r0high * x4; + z3 -= alpha96; + + h5 = r2highx0 + sr3highx6; + r0lowx4 = r0low * x4; + + h7 += r1highx4; + sr3highx4 = sr3high * x4; + + h6 += r1lowx4; + sr3lowx4 = sr3low * x4; + + h5 += r0highx4; + sr2highx4 = sr2high * x4; + + h4 += r0lowx4; + sr2lowx4 = sr2low * x4; + + h3 += sr3highx4; + r0lowx2 = r0low * x2; + + h2 += sr3lowx4; + r0highx2 = r0high * x2; + + h1 += sr2highx4; + r1lowx2 = r1low * x2; + + h0 += sr2lowx4; + r1highx2 = r1high * x2; + + h2 += r0lowx2; + r2lowx2 = r2low * x2; + + h3 += r0highx2; + r2highx2 = r2high * x2; + + h4 += r1lowx2; + sr3lowx2 = sr3low * x2; + + h5 += r1highx2; + sr3highx2 = sr3high * x2; + alpha0 = *(double *) (constants + 24); + + m += 16; + h6 += r2lowx2; + + l -= 16; + h7 += r2highx2; + + z1 = *(double *) &d1; + h0 += sr3lowx2; + + z0 = *(double *) &d0; + h1 += sr3highx2; + + z1 -= alpha32; + + z0 -= alpha0; + + h5 += z3; + + h3 += z2; + + h1 += z1; + + h0 += z0; + +if (l >= 16) goto multiplyaddatleast16bytes; + +multiplyaddatmost15bytes:; + + y7 = h7 + alpha130; + + y6 = h6 + alpha130; + + y1 = h1 + alpha32; + + y0 = h0 + alpha32; + + y7 -= alpha130; + + y6 -= alpha130; + + y1 -= alpha32; + + y0 -= alpha32; + + y5 = h5 + alpha96; + + y4 = h4 + alpha96; + + x7 = h7 - y7; + y7 *= scale; + + x6 = h6 - y6; + y6 *= scale; + + x1 = h1 - y1; + + x0 = h0 - y0; + + y5 -= alpha96; + + y4 -= alpha96; + + x1 += y7; + + x0 += y6; + + x7 += y5; + + x6 += y4; + + y3 = h3 + alpha64; + + y2 = h2 + alpha64; + + x0 += x1; + + x6 += x7; + + y3 -= alpha64; + r3low = r3low_stack; + + y2 -= alpha64; + r0low = r0low_stack; + + x5 = h5 - y5; + r3lowx0 = r3low * x0; + r3high = r3high_stack; + + x4 = h4 - y4; + r0lowx6 = r0low * x6; + r0high = r0high_stack; + + x3 = h3 - y3; + r3highx0 = r3high * x0; + sr1low = sr1low_stack; + + x2 = h2 - y2; + r0highx6 = r0high * x6; + sr1high = sr1high_stack; + + x5 += y3; + r0lowx0 = r0low * x0; + r1low = r1low_stack; + + h6 = r3lowx0 + r0lowx6; + sr1lowx6 = sr1low * x6; + r1high = r1high_stack; + + x4 += y2; + r0highx0 = r0high * x0; + sr2low = sr2low_stack; + + h7 = r3highx0 + r0highx6; + sr1highx6 = sr1high * x6; + sr2high = sr2high_stack; + + x3 += y1; + r1lowx0 = r1low * x0; + r2low = r2low_stack; + + h0 = r0lowx0 + sr1lowx6; + sr2lowx6 = sr2low * x6; + r2high = r2high_stack; + + x2 += y0; + r1highx0 = r1high * x0; + sr3low = sr3low_stack; + + h1 = r0highx0 + sr1highx6; + sr2highx6 = sr2high * x6; + sr3high = sr3high_stack; + + x4 += x5; + r2lowx0 = r2low * x0; + + h2 = r1lowx0 + sr2lowx6; + sr3lowx6 = sr3low * x6; + + x2 += x3; + r2highx0 = r2high * x0; + + h3 = r1highx0 + sr2highx6; + sr3highx6 = sr3high * x6; + + r1highx4 = r1high * x4; + + h4 = r2lowx0 + sr3lowx6; + r1lowx4 = r1low * x4; + + r0highx4 = r0high * x4; + + h5 = r2highx0 + sr3highx6; + r0lowx4 = r0low * x4; + + h7 += r1highx4; + sr3highx4 = sr3high * x4; + + h6 += r1lowx4; + sr3lowx4 = sr3low * x4; + + h5 += r0highx4; + sr2highx4 = sr2high * x4; + + h4 += r0lowx4; + sr2lowx4 = sr2low * x4; + + h3 += sr3highx4; + r0lowx2 = r0low * x2; + + h2 += sr3lowx4; + r0highx2 = r0high * x2; + + h1 += sr2highx4; + r1lowx2 = r1low * x2; + + h0 += sr2lowx4; + r1highx2 = r1high * x2; + + h2 += r0lowx2; + r2lowx2 = r2low * x2; + + h3 += r0highx2; + r2highx2 = r2high * x2; + + h4 += r1lowx2; + sr3lowx2 = sr3low * x2; + + h5 += r1highx2; + sr3highx2 = sr3high * x2; + + h6 += r2lowx2; + + h7 += r2highx2; + + h0 += sr3lowx2; + + h1 += sr3highx2; + +addatmost15bytes:; + +if (l == 0) goto nomorebytes; + + lbelow2 = l - 2; + + lbelow3 = l - 3; + + lbelow2 >>= 31; + lbelow4 = l - 4; + + m00 = *(uchar *) (m + 0); + lbelow3 >>= 31; + m += lbelow2; + + m01 = *(uchar *) (m + 1); + lbelow4 >>= 31; + m += lbelow3; + + m02 = *(uchar *) (m + 2); + m += lbelow4; + m0 = 2151; + + m03 = *(uchar *) (m + 3); + m0 <<= 51; + m1 = 2215; + + m0 += m00; + m01 &= ~lbelow2; + + m02 &= ~lbelow3; + m01 -= lbelow2; + + m01 <<= 8; + m03 &= ~lbelow4; + + m0 += m01; + lbelow2 -= lbelow3; + + m02 += lbelow2; + lbelow3 -= lbelow4; + + m02 <<= 16; + m03 += lbelow3; + + m03 <<= 24; + m0 += m02; + + m0 += m03; + lbelow5 = l - 5; + + lbelow6 = l - 6; + lbelow7 = l - 7; + + lbelow5 >>= 31; + lbelow8 = l - 8; + + lbelow6 >>= 31; + m += lbelow5; + + m10 = *(uchar *) (m + 4); + lbelow7 >>= 31; + m += lbelow6; + + m11 = *(uchar *) (m + 5); + lbelow8 >>= 31; + m += lbelow7; + + m12 = *(uchar *) (m + 6); + m1 <<= 51; + m += lbelow8; + + m13 = *(uchar *) (m + 7); + m10 &= ~lbelow5; + lbelow4 -= lbelow5; + + m10 += lbelow4; + lbelow5 -= lbelow6; + + m11 &= ~lbelow6; + m11 += lbelow5; + + m11 <<= 8; + m1 += m10; + + m1 += m11; + m12 &= ~lbelow7; + + lbelow6 -= lbelow7; + m13 &= ~lbelow8; + + m12 += lbelow6; + lbelow7 -= lbelow8; + + m12 <<= 16; + m13 += lbelow7; + + m13 <<= 24; + m1 += m12; + + m1 += m13; + m2 = 2279; + + lbelow9 = l - 9; + m3 = 2343; + + lbelow10 = l - 10; + lbelow11 = l - 11; + + lbelow9 >>= 31; + lbelow12 = l - 12; + + lbelow10 >>= 31; + m += lbelow9; + + m20 = *(uchar *) (m + 8); + lbelow11 >>= 31; + m += lbelow10; + + m21 = *(uchar *) (m + 9); + lbelow12 >>= 31; + m += lbelow11; + + m22 = *(uchar *) (m + 10); + m2 <<= 51; + m += lbelow12; + + m23 = *(uchar *) (m + 11); + m20 &= ~lbelow9; + lbelow8 -= lbelow9; + + m20 += lbelow8; + lbelow9 -= lbelow10; + + m21 &= ~lbelow10; + m21 += lbelow9; + + m21 <<= 8; + m2 += m20; + + m2 += m21; + m22 &= ~lbelow11; + + lbelow10 -= lbelow11; + m23 &= ~lbelow12; + + m22 += lbelow10; + lbelow11 -= lbelow12; + + m22 <<= 16; + m23 += lbelow11; + + m23 <<= 24; + m2 += m22; + + m3 <<= 51; + lbelow13 = l - 13; + + lbelow13 >>= 31; + lbelow14 = l - 14; + + lbelow14 >>= 31; + m += lbelow13; + lbelow15 = l - 15; + + m30 = *(uchar *) (m + 12); + lbelow15 >>= 31; + m += lbelow14; + + m31 = *(uchar *) (m + 13); + m += lbelow15; + m2 += m23; + + m32 = *(uchar *) (m + 14); + m30 &= ~lbelow13; + lbelow12 -= lbelow13; + + m30 += lbelow12; + lbelow13 -= lbelow14; + + m3 += m30; + m31 &= ~lbelow14; + + m31 += lbelow13; + m32 &= ~lbelow15; + + m31 <<= 8; + lbelow14 -= lbelow15; + + m3 += m31; + m32 += lbelow14; + d0 = m0; + + m32 <<= 16; + m33 = lbelow15 + 1; + d1 = m1; + + m33 <<= 24; + m3 += m32; + d2 = m2; + + m3 += m33; + d3 = m3; + + alpha0 = *(double *) (constants + 24); + + z3 = *(double *) &d3; + + z2 = *(double *) &d2; + + z1 = *(double *) &d1; + + z0 = *(double *) &d0; + + z3 -= alpha96; + + z2 -= alpha64; + + z1 -= alpha32; + + z0 -= alpha0; + + h5 += z3; + + h3 += z2; + + h1 += z1; + + h0 += z0; + + y7 = h7 + alpha130; + + y6 = h6 + alpha130; + + y1 = h1 + alpha32; + + y0 = h0 + alpha32; + + y7 -= alpha130; + + y6 -= alpha130; + + y1 -= alpha32; + + y0 -= alpha32; + + y5 = h5 + alpha96; + + y4 = h4 + alpha96; + + x7 = h7 - y7; + y7 *= scale; + + x6 = h6 - y6; + y6 *= scale; + + x1 = h1 - y1; + + x0 = h0 - y0; + + y5 -= alpha96; + + y4 -= alpha96; + + x1 += y7; + + x0 += y6; + + x7 += y5; + + x6 += y4; + + y3 = h3 + alpha64; + + y2 = h2 + alpha64; + + x0 += x1; + + x6 += x7; + + y3 -= alpha64; + r3low = r3low_stack; + + y2 -= alpha64; + r0low = r0low_stack; + + x5 = h5 - y5; + r3lowx0 = r3low * x0; + r3high = r3high_stack; + + x4 = h4 - y4; + r0lowx6 = r0low * x6; + r0high = r0high_stack; + + x3 = h3 - y3; + r3highx0 = r3high * x0; + sr1low = sr1low_stack; + + x2 = h2 - y2; + r0highx6 = r0high * x6; + sr1high = sr1high_stack; + + x5 += y3; + r0lowx0 = r0low * x0; + r1low = r1low_stack; + + h6 = r3lowx0 + r0lowx6; + sr1lowx6 = sr1low * x6; + r1high = r1high_stack; + + x4 += y2; + r0highx0 = r0high * x0; + sr2low = sr2low_stack; + + h7 = r3highx0 + r0highx6; + sr1highx6 = sr1high * x6; + sr2high = sr2high_stack; + + x3 += y1; + r1lowx0 = r1low * x0; + r2low = r2low_stack; + + h0 = r0lowx0 + sr1lowx6; + sr2lowx6 = sr2low * x6; + r2high = r2high_stack; + + x2 += y0; + r1highx0 = r1high * x0; + sr3low = sr3low_stack; + + h1 = r0highx0 + sr1highx6; + sr2highx6 = sr2high * x6; + sr3high = sr3high_stack; + + x4 += x5; + r2lowx0 = r2low * x0; + + h2 = r1lowx0 + sr2lowx6; + sr3lowx6 = sr3low * x6; + + x2 += x3; + r2highx0 = r2high * x0; + + h3 = r1highx0 + sr2highx6; + sr3highx6 = sr3high * x6; + + r1highx4 = r1high * x4; + + h4 = r2lowx0 + sr3lowx6; + r1lowx4 = r1low * x4; + + r0highx4 = r0high * x4; + + h5 = r2highx0 + sr3highx6; + r0lowx4 = r0low * x4; + + h7 += r1highx4; + sr3highx4 = sr3high * x4; + + h6 += r1lowx4; + sr3lowx4 = sr3low * x4; + + h5 += r0highx4; + sr2highx4 = sr2high * x4; + + h4 += r0lowx4; + sr2lowx4 = sr2low * x4; + + h3 += sr3highx4; + r0lowx2 = r0low * x2; + + h2 += sr3lowx4; + r0highx2 = r0high * x2; + + h1 += sr2highx4; + r1lowx2 = r1low * x2; + + h0 += sr2lowx4; + r1highx2 = r1high * x2; + + h2 += r0lowx2; + r2lowx2 = r2low * x2; + + h3 += r0highx2; + r2highx2 = r2high * x2; + + h4 += r1lowx2; + sr3lowx2 = sr3low * x2; + + h5 += r1highx2; + sr3highx2 = sr3high * x2; + + h6 += r2lowx2; + + h7 += r2highx2; + + h0 += sr3lowx2; + + h1 += sr3highx2; + + +nomorebytes:; + + offset0 = *(double *) (constants + 104); + y7 = h7 + alpha130; + + offset1 = *(double *) (constants + 112); + y0 = h0 + alpha32; + + offset2 = *(double *) (constants + 120); + y1 = h1 + alpha32; + + offset3 = *(double *) (constants + 128); + y2 = h2 + alpha64; + + y7 -= alpha130; + + y3 = h3 + alpha64; + + y4 = h4 + alpha96; + + y5 = h5 + alpha96; + + x7 = h7 - y7; + y7 *= scale; + + y0 -= alpha32; + + y1 -= alpha32; + + y2 -= alpha64; + + h6 += x7; + + y3 -= alpha64; + + y4 -= alpha96; + + y5 -= alpha96; + + y6 = h6 + alpha130; + + x0 = h0 - y0; + + x1 = h1 - y1; + + x2 = h2 - y2; + + y6 -= alpha130; + + x0 += y7; + + x3 = h3 - y3; + + x4 = h4 - y4; + + x5 = h5 - y5; + + x6 = h6 - y6; + + y6 *= scale; + + x2 += y0; + + x3 += y1; + + x4 += y2; + + x0 += y6; + + x5 += y3; + + x6 += y4; + + x2 += x3; + + x0 += x1; + + x4 += x5; + + x6 += y5; + + x2 += offset1; + *(double *) &d1 = x2; + + x0 += offset0; + *(double *) &d0 = x0; + + x4 += offset2; + *(double *) &d2 = x4; + + x6 += offset3; + *(double *) &d3 = x6; + + + + + f0 = d0; + + f1 = d1; + bits32 = -1; + + f2 = d2; + bits32 >>= 32; + + f3 = d3; + f = f0 >> 32; + + f0 &= bits32; + f &= 255; + + f1 += f; + g0 = f0 + 5; + + g = g0 >> 32; + g0 &= bits32; + + f = f1 >> 32; + f1 &= bits32; + + f &= 255; + g1 = f1 + g; + + g = g1 >> 32; + f2 += f; + + f = f2 >> 32; + g1 &= bits32; + + f2 &= bits32; + f &= 255; + + f3 += f; + g2 = f2 + g; + + g = g2 >> 32; + g2 &= bits32; + + f4 = f3 >> 32; + f3 &= bits32; + + f4 &= 255; + g3 = f3 + g; + + g = g3 >> 32; + g3 &= bits32; + + g4 = f4 + g; + + g4 = g4 - 4; + s00 = *(uchar *) (s + 0); + + f = (int64) g4 >> 63; + s01 = *(uchar *) (s + 1); + + f0 &= f; + g0 &= ~f; + s02 = *(uchar *) (s + 2); + + f1 &= f; + f0 |= g0; + s03 = *(uchar *) (s + 3); + + g1 &= ~f; + f2 &= f; + s10 = *(uchar *) (s + 4); + + f3 &= f; + g2 &= ~f; + s11 = *(uchar *) (s + 5); + + g3 &= ~f; + f1 |= g1; + s12 = *(uchar *) (s + 6); + + f2 |= g2; + f3 |= g3; + s13 = *(uchar *) (s + 7); + + s01 <<= 8; + f0 += s00; + s20 = *(uchar *) (s + 8); + + s02 <<= 16; + f0 += s01; + s21 = *(uchar *) (s + 9); + + s03 <<= 24; + f0 += s02; + s22 = *(uchar *) (s + 10); + + s11 <<= 8; + f1 += s10; + s23 = *(uchar *) (s + 11); + + s12 <<= 16; + f1 += s11; + s30 = *(uchar *) (s + 12); + + s13 <<= 24; + f1 += s12; + s31 = *(uchar *) (s + 13); + + f0 += s03; + f1 += s13; + s32 = *(uchar *) (s + 14); + + s21 <<= 8; + f2 += s20; + s33 = *(uchar *) (s + 15); + + s22 <<= 16; + f2 += s21; + + s23 <<= 24; + f2 += s22; + + s31 <<= 8; + f3 += s30; + + s32 <<= 16; + f3 += s31; + + s33 <<= 24; + f3 += s32; + + f2 += s23; + f3 += s33; + + *(uchar *) (out + 0) = f0; + f0 >>= 8; + *(uchar *) (out + 1) = f0; + f0 >>= 8; + *(uchar *) (out + 2) = f0; + f0 >>= 8; + *(uchar *) (out + 3) = f0; + f0 >>= 8; + f1 += f0; + + *(uchar *) (out + 4) = f1; + f1 >>= 8; + *(uchar *) (out + 5) = f1; + f1 >>= 8; + *(uchar *) (out + 6) = f1; + f1 >>= 8; + *(uchar *) (out + 7) = f1; + f1 >>= 8; + f2 += f1; + + *(uchar *) (out + 8) = f2; + f2 >>= 8; + *(uchar *) (out + 9) = f2; + f2 >>= 8; + *(uchar *) (out + 10) = f2; + f2 >>= 8; + *(uchar *) (out + 11) = f2; + f2 >>= 8; + f3 += f2; + + *(uchar *) (out + 12) = f3; + f3 >>= 8; + *(uchar *) (out + 13) = f3; + f3 >>= 8; + *(uchar *) (out + 14) = f3; + f3 >>= 8; + *(uchar *) (out + 15) = f3; + + return 0; +} diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/53/verify.c b/nacl-20110221/crypto_onetimeauth/poly1305/53/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/amd64/api.h b/nacl-20110221/crypto_onetimeauth/poly1305/amd64/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/amd64/auth.s b/nacl-20110221/crypto_onetimeauth/poly1305/amd64/auth.s @@ -0,0 +1,2787 @@ + +# qhasm: int64 r11_caller + +# qhasm: int64 r12_caller + +# qhasm: int64 r13_caller + +# qhasm: int64 r14_caller + +# qhasm: int64 r15_caller + +# qhasm: int64 rbx_caller + +# qhasm: int64 rbp_caller + +# qhasm: caller r11_caller + +# qhasm: caller r12_caller + +# qhasm: caller r13_caller + +# qhasm: caller r14_caller + +# qhasm: caller r15_caller + +# qhasm: caller rbx_caller + +# qhasm: caller rbp_caller + +# qhasm: stack64 r11_stack + +# qhasm: stack64 r12_stack + +# qhasm: stack64 r13_stack + +# qhasm: stack64 r14_stack + +# qhasm: stack64 r15_stack + +# qhasm: stack64 rbx_stack + +# qhasm: stack64 rbp_stack + +# qhasm: int64 out + +# qhasm: stack64 out_stack + +# qhasm: int64 m + +# qhasm: int64 l + +# qhasm: int64 k + +# qhasm: stack64 k_stack + +# qhasm: int64 m0 + +# qhasm: int64 m1 + +# qhasm: int64 m2 + +# qhasm: int64 m3 + +# qhasm: float80 a0 + +# qhasm: float80 a1 + +# qhasm: float80 a2 + +# qhasm: float80 a3 + +# qhasm: float80 h0 + +# qhasm: float80 h1 + +# qhasm: float80 h2 + +# qhasm: float80 h3 + +# qhasm: float80 x0 + +# qhasm: float80 x1 + +# qhasm: float80 x2 + +# qhasm: float80 x3 + +# qhasm: float80 y0 + +# qhasm: float80 y1 + +# qhasm: float80 y2 + +# qhasm: float80 y3 + +# qhasm: float80 r0x0 + +# qhasm: float80 r1x0 + +# qhasm: float80 r2x0 + +# qhasm: float80 r3x0 + +# qhasm: float80 r0x1 + +# qhasm: float80 r1x1 + +# qhasm: float80 r2x1 + +# qhasm: float80 sr3x1 + +# qhasm: float80 r0x2 + +# qhasm: float80 r1x2 + +# qhasm: float80 sr2x2 + +# qhasm: float80 sr3x2 + +# qhasm: float80 r0x3 + +# qhasm: float80 sr1x3 + +# qhasm: float80 sr2x3 + +# qhasm: float80 sr3x3 + +# qhasm: stack64 d0 + +# qhasm: stack64 d1 + +# qhasm: stack64 d2 + +# qhasm: stack64 d3 + +# qhasm: stack64 r0 + +# qhasm: stack64 r1 + +# qhasm: stack64 r2 + +# qhasm: stack64 r3 + +# qhasm: stack64 sr1 + +# qhasm: stack64 sr2 + +# qhasm: stack64 sr3 + +# qhasm: enter crypto_onetimeauth_poly1305_amd64 +.text +.p2align 5 +.globl _crypto_onetimeauth_poly1305_amd64 +.globl crypto_onetimeauth_poly1305_amd64 +_crypto_onetimeauth_poly1305_amd64: +crypto_onetimeauth_poly1305_amd64: +mov %rsp,%r11 +and $31,%r11 +add $192,%r11 +sub %r11,%rsp + +# qhasm: input out + +# qhasm: input m + +# qhasm: input l + +# qhasm: input k + +# qhasm: r11_stack = r11_caller +# asm 1: movq <r11_caller=int64#9,>r11_stack=stack64#1 +# asm 2: movq <r11_caller=%r11,>r11_stack=32(%rsp) +movq %r11,32(%rsp) + +# qhasm: r12_stack = r12_caller +# asm 1: movq <r12_caller=int64#10,>r12_stack=stack64#2 +# asm 2: movq <r12_caller=%r12,>r12_stack=40(%rsp) +movq %r12,40(%rsp) + +# qhasm: r13_stack = r13_caller +# asm 1: movq <r13_caller=int64#11,>r13_stack=stack64#3 +# asm 2: movq <r13_caller=%r13,>r13_stack=48(%rsp) +movq %r13,48(%rsp) + +# qhasm: r14_stack = r14_caller +# asm 1: movq <r14_caller=int64#12,>r14_stack=stack64#4 +# asm 2: movq <r14_caller=%r14,>r14_stack=56(%rsp) +movq %r14,56(%rsp) + +# qhasm: r15_stack = r15_caller +# asm 1: movq <r15_caller=int64#13,>r15_stack=stack64#5 +# asm 2: movq <r15_caller=%r15,>r15_stack=64(%rsp) +movq %r15,64(%rsp) + +# qhasm: rbx_stack = rbx_caller +# asm 1: movq <rbx_caller=int64#14,>rbx_stack=stack64#6 +# asm 2: movq <rbx_caller=%rbx,>rbx_stack=72(%rsp) +movq %rbx,72(%rsp) + +# qhasm: rbp_stack = rbp_caller +# asm 1: movq <rbp_caller=int64#15,>rbp_stack=stack64#7 +# asm 2: movq <rbp_caller=%rbp,>rbp_stack=80(%rsp) +movq %rbp,80(%rsp) + +# qhasm: round *(uint16 *) &crypto_onetimeauth_poly1305_amd64_rounding +fldcw crypto_onetimeauth_poly1305_amd64_rounding(%rip) + +# qhasm: m0 = *(uint32 *) (k + 0) +# asm 1: movl 0(<k=int64#4),>m0=int64#5d +# asm 2: movl 0(<k=%rcx),>m0=%r8d +movl 0(%rcx),%r8d + +# qhasm: m1 = *(uint32 *) (k + 4) +# asm 1: movl 4(<k=int64#4),>m1=int64#6d +# asm 2: movl 4(<k=%rcx),>m1=%r9d +movl 4(%rcx),%r9d + +# qhasm: m2 = *(uint32 *) (k + 8) +# asm 1: movl 8(<k=int64#4),>m2=int64#7d +# asm 2: movl 8(<k=%rcx),>m2=%eax +movl 8(%rcx),%eax + +# qhasm: m3 = *(uint32 *) (k + 12) +# asm 1: movl 12(<k=int64#4),>m3=int64#8d +# asm 2: movl 12(<k=%rcx),>m3=%r10d +movl 12(%rcx),%r10d + +# qhasm: out_stack = out +# asm 1: movq <out=int64#1,>out_stack=stack64#8 +# asm 2: movq <out=%rdi,>out_stack=88(%rsp) +movq %rdi,88(%rsp) + +# qhasm: k_stack = k +# asm 1: movq <k=int64#4,>k_stack=stack64#9 +# asm 2: movq <k=%rcx,>k_stack=96(%rsp) +movq %rcx,96(%rsp) + +# qhasm: d0 top = 0x43300000 +# asm 1: movl $0x43300000,>d0=stack64#10 +# asm 2: movl $0x43300000,>d0=108(%rsp) +movl $0x43300000,108(%rsp) + +# qhasm: d1 top = 0x45300000 +# asm 1: movl $0x45300000,>d1=stack64#11 +# asm 2: movl $0x45300000,>d1=116(%rsp) +movl $0x45300000,116(%rsp) + +# qhasm: d2 top = 0x47300000 +# asm 1: movl $0x47300000,>d2=stack64#12 +# asm 2: movl $0x47300000,>d2=124(%rsp) +movl $0x47300000,124(%rsp) + +# qhasm: d3 top = 0x49300000 +# asm 1: movl $0x49300000,>d3=stack64#13 +# asm 2: movl $0x49300000,>d3=132(%rsp) +movl $0x49300000,132(%rsp) + +# qhasm: (uint32) m0 &= 0x0fffffff +# asm 1: and $0x0fffffff,<m0=int64#5d +# asm 2: and $0x0fffffff,<m0=%r8d +and $0x0fffffff,%r8d + +# qhasm: (uint32) m1 &= 0x0ffffffc +# asm 1: and $0x0ffffffc,<m1=int64#6d +# asm 2: and $0x0ffffffc,<m1=%r9d +and $0x0ffffffc,%r9d + +# qhasm: (uint32) m2 &= 0x0ffffffc +# asm 1: and $0x0ffffffc,<m2=int64#7d +# asm 2: and $0x0ffffffc,<m2=%eax +and $0x0ffffffc,%eax + +# qhasm: (uint32) m3 &= 0x0ffffffc +# asm 1: and $0x0ffffffc,<m3=int64#8d +# asm 2: and $0x0ffffffc,<m3=%r10d +and $0x0ffffffc,%r10d + +# qhasm: inplace d0 bottom = m0 +# asm 1: movl <m0=int64#5d,<d0=stack64#10 +# asm 2: movl <m0=%r8d,<d0=104(%rsp) +movl %r8d,104(%rsp) + +# qhasm: inplace d1 bottom = m1 +# asm 1: movl <m1=int64#6d,<d1=stack64#11 +# asm 2: movl <m1=%r9d,<d1=112(%rsp) +movl %r9d,112(%rsp) + +# qhasm: inplace d2 bottom = m2 +# asm 1: movl <m2=int64#7d,<d2=stack64#12 +# asm 2: movl <m2=%eax,<d2=120(%rsp) +movl %eax,120(%rsp) + +# qhasm: inplace d3 bottom = m3 +# asm 1: movl <m3=int64#8d,<d3=stack64#13 +# asm 2: movl <m3=%r10d,<d3=128(%rsp) +movl %r10d,128(%rsp) + +# qhasm: a0 = *(float64 *) &d0 +# asm 1: fldl <d0=stack64#10 +# asm 2: fldl <d0=104(%rsp) +fldl 104(%rsp) +# comment:fpstackfrombottom:<a0#28: + +# qhasm: a0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset0 +fsubl crypto_onetimeauth_poly1305_amd64_doffset0(%rip) +# comment:fpstackfrombottom:<a0#28: + +# qhasm: a1 = *(float64 *) &d1 +# asm 1: fldl <d1=stack64#11 +# asm 2: fldl <d1=112(%rsp) +fldl 112(%rsp) +# comment:fpstackfrombottom:<a0#28:<a1#29: + +# qhasm: a1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset1 +fsubl crypto_onetimeauth_poly1305_amd64_doffset1(%rip) +# comment:fpstackfrombottom:<a0#28:<a1#29: + +# qhasm: a2 = *(float64 *) &d2 +# asm 1: fldl <d2=stack64#12 +# asm 2: fldl <d2=120(%rsp) +fldl 120(%rsp) +# comment:fpstackfrombottom:<a0#28:<a1#29:<a2#30: + +# qhasm: a2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset2 +fsubl crypto_onetimeauth_poly1305_amd64_doffset2(%rip) +# comment:fpstackfrombottom:<a0#28:<a1#29:<a2#30: + +# qhasm: a3 = *(float64 *) &d3 +# asm 1: fldl <d3=stack64#13 +# asm 2: fldl <d3=128(%rsp) +fldl 128(%rsp) +# comment:fpstackfrombottom:<a0#28:<a1#29:<a2#30:<a3#31: + +# qhasm: a3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset3 +fsubl crypto_onetimeauth_poly1305_amd64_doffset3(%rip) +# comment:fpstackfrombottom:<a0#28:<a1#29:<a2#30:<a3#31: + +# qhasm: internal stacktop a0 +# asm 1: fxch <a0=float80#4 +# asm 2: fxch <a0=%st(3) +fxch %st(3) + +# qhasm: *(float64 *) &r0 = a0 +# asm 1: fstpl >r0=stack64#14 +# asm 2: fstpl >r0=136(%rsp) +fstpl 136(%rsp) +# comment:fpstackfrombottom:<a3#31:<a1#29:<a2#30: + +# qhasm: internal stacktop a1 +# asm 1: fxch <a1=float80#2 +# asm 2: fxch <a1=%st(1) +fxch %st(1) + +# qhasm: *(float64 *) &r1 = a1 +# asm 1: fstl >r1=stack64#15 +# asm 2: fstl >r1=144(%rsp) +fstl 144(%rsp) +# comment:fpstackfrombottom:<a3#31:<a2#30:<a1#29: + +# qhasm: a1 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale +fmull crypto_onetimeauth_poly1305_amd64_scale(%rip) +# comment:fpstackfrombottom:<a3#31:<a2#30:<a1#29: + +# qhasm: *(float64 *) &sr1 = a1 +# asm 1: fstpl >sr1=stack64#16 +# asm 2: fstpl >sr1=152(%rsp) +fstpl 152(%rsp) +# comment:fpstackfrombottom:<a3#31:<a2#30: + +# qhasm: *(float64 *) &r2 = a2 +# asm 1: fstl >r2=stack64#17 +# asm 2: fstl >r2=160(%rsp) +fstl 160(%rsp) +# comment:fpstackfrombottom:<a3#31:<a2#30: + +# qhasm: a2 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale +fmull crypto_onetimeauth_poly1305_amd64_scale(%rip) +# comment:fpstackfrombottom:<a3#31:<a2#30: + +# qhasm: *(float64 *) &sr2 = a2 +# asm 1: fstpl >sr2=stack64#18 +# asm 2: fstpl >sr2=168(%rsp) +fstpl 168(%rsp) +# comment:fpstackfrombottom:<a3#31: + +# qhasm: *(float64 *) &r3 = a3 +# asm 1: fstl >r3=stack64#19 +# asm 2: fstl >r3=176(%rsp) +fstl 176(%rsp) +# comment:fpstackfrombottom:<a3#31: + +# qhasm: a3 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale +fmull crypto_onetimeauth_poly1305_amd64_scale(%rip) +# comment:fpstackfrombottom:<a3#31: + +# qhasm: *(float64 *) &sr3 = a3 +# asm 1: fstpl >sr3=stack64#20 +# asm 2: fstpl >sr3=184(%rsp) +fstpl 184(%rsp) +# comment:fpstackfrombottom: + +# qhasm: h3 = 0 +fldz +# comment:fpstackfrombottom:<h3#39: + +# qhasm: h2 = 0 +fldz +# comment:fpstackfrombottom:<h3#39:<h2#40: + +# qhasm: h1 = 0 +fldz +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41: + +# qhasm: h0 = 0 +fldz +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: unsigned<? l - 16 +# asm 1: cmp $16,<l=int64#3 +# asm 2: cmp $16,<l=%rdx +cmp $16,%rdx +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fp stack unchanged by jump +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: goto addatmost15bytes if unsigned< +jb ._addatmost15bytes +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: initialatleast16bytes: +._initialatleast16bytes: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: m3 = *(uint32 *) (m + 12) +# asm 1: movl 12(<m=int64#2),>m3=int64#1d +# asm 2: movl 12(<m=%rsi),>m3=%edi +movl 12(%rsi),%edi +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: m2 = *(uint32 *) (m + 8) +# asm 1: movl 8(<m=int64#2),>m2=int64#4d +# asm 2: movl 8(<m=%rsi),>m2=%ecx +movl 8(%rsi),%ecx +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: m1 = *(uint32 *) (m + 4) +# asm 1: movl 4(<m=int64#2),>m1=int64#5d +# asm 2: movl 4(<m=%rsi),>m1=%r8d +movl 4(%rsi),%r8d +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: m0 = *(uint32 *) (m + 0) +# asm 1: movl 0(<m=int64#2),>m0=int64#6d +# asm 2: movl 0(<m=%rsi),>m0=%r9d +movl 0(%rsi),%r9d +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: inplace d3 bottom = m3 +# asm 1: movl <m3=int64#1d,<d3=stack64#13 +# asm 2: movl <m3=%edi,<d3=128(%rsp) +movl %edi,128(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: inplace d2 bottom = m2 +# asm 1: movl <m2=int64#4d,<d2=stack64#12 +# asm 2: movl <m2=%ecx,<d2=120(%rsp) +movl %ecx,120(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: inplace d1 bottom = m1 +# asm 1: movl <m1=int64#5d,<d1=stack64#11 +# asm 2: movl <m1=%r8d,<d1=112(%rsp) +movl %r8d,112(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: inplace d0 bottom = m0 +# asm 1: movl <m0=int64#6d,<d0=stack64#10 +# asm 2: movl <m0=%r9d,<d0=104(%rsp) +movl %r9d,104(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: m += 16 +# asm 1: add $16,<m=int64#2 +# asm 2: add $16,<m=%rsi +add $16,%rsi +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: l -= 16 +# asm 1: sub $16,<l=int64#3 +# asm 2: sub $16,<l=%rdx +sub $16,%rdx +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: internal stacktop h3 +# asm 1: fxch <h3=float80#4 +# asm 2: fxch <h3=%st(3) +fxch %st(3) + +# qhasm: h3 += *(float64 *) &d3 +# asm 1: faddl <d3=stack64#13 +# asm 2: faddl <d3=128(%rsp) +faddl 128(%rsp) +# comment:fpstackfrombottom:<h0#42:<h2#40:<h1#41:<h3#39: + +# qhasm: h3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset3minustwo128 +fsubl crypto_onetimeauth_poly1305_amd64_doffset3minustwo128(%rip) +# comment:fpstackfrombottom:<h0#42:<h2#40:<h1#41:<h3#39: + +# qhasm: internal stacktop h1 +# asm 1: fxch <h1=float80#2 +# asm 2: fxch <h1=%st(1) +fxch %st(1) + +# qhasm: h1 += *(float64 *) &d1 +# asm 1: faddl <d1=stack64#11 +# asm 2: faddl <d1=112(%rsp) +faddl 112(%rsp) +# comment:fpstackfrombottom:<h0#42:<h2#40:<h3#39:<h1#41: + +# qhasm: h1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset1 +fsubl crypto_onetimeauth_poly1305_amd64_doffset1(%rip) +# comment:fpstackfrombottom:<h0#42:<h2#40:<h3#39:<h1#41: + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#3 +# asm 2: fxch <h2=%st(2) +fxch %st(2) + +# qhasm: h2 += *(float64 *) &d2 +# asm 1: faddl <d2=stack64#12 +# asm 2: faddl <d2=120(%rsp) +faddl 120(%rsp) +# comment:fpstackfrombottom:<h0#42:<h1#41:<h3#39:<h2#40: + +# qhasm: h2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset2 +fsubl crypto_onetimeauth_poly1305_amd64_doffset2(%rip) +# comment:fpstackfrombottom:<h0#42:<h1#41:<h3#39:<h2#40: + +# qhasm: internal stacktop h0 +# asm 1: fxch <h0=float80#4 +# asm 2: fxch <h0=%st(3) +fxch %st(3) + +# qhasm: h0 += *(float64 *) &d0 +# asm 1: faddl <d0=stack64#10 +# asm 2: faddl <d0=104(%rsp) +faddl 104(%rsp) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: h0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset0 +fsubl crypto_onetimeauth_poly1305_amd64_doffset0(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: unsigned<? l - 16 +# asm 1: cmp $16,<l=int64#3 +# asm 2: cmp $16,<l=%rdx +cmp $16,%rdx +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: +# comment:fp stack unchanged by jump +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: goto multiplyaddatmost15bytes if unsigned< +jb ._multiplyaddatmost15bytes +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: multiplyaddatleast16bytes: +._multiplyaddatleast16bytes: +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: m3 = *(uint32 *) (m + 12) +# asm 1: movl 12(<m=int64#2),>m3=int64#1d +# asm 2: movl 12(<m=%rsi),>m3=%edi +movl 12(%rsi),%edi +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: m2 = *(uint32 *) (m + 8) +# asm 1: movl 8(<m=int64#2),>m2=int64#4d +# asm 2: movl 8(<m=%rsi),>m2=%ecx +movl 8(%rsi),%ecx +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: m1 = *(uint32 *) (m + 4) +# asm 1: movl 4(<m=int64#2),>m1=int64#5d +# asm 2: movl 4(<m=%rsi),>m1=%r8d +movl 4(%rsi),%r8d +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: m0 = *(uint32 *) (m + 0) +# asm 1: movl 0(<m=int64#2),>m0=int64#6d +# asm 2: movl 0(<m=%rsi),>m0=%r9d +movl 0(%rsi),%r9d +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: inplace d3 bottom = m3 +# asm 1: movl <m3=int64#1d,<d3=stack64#13 +# asm 2: movl <m3=%edi,<d3=128(%rsp) +movl %edi,128(%rsp) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: inplace d2 bottom = m2 +# asm 1: movl <m2=int64#4d,<d2=stack64#12 +# asm 2: movl <m2=%ecx,<d2=120(%rsp) +movl %ecx,120(%rsp) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: inplace d1 bottom = m1 +# asm 1: movl <m1=int64#5d,<d1=stack64#11 +# asm 2: movl <m1=%r8d,<d1=112(%rsp) +movl %r8d,112(%rsp) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: inplace d0 bottom = m0 +# asm 1: movl <m0=int64#6d,<d0=stack64#10 +# asm 2: movl <m0=%r9d,<d0=104(%rsp) +movl %r9d,104(%rsp) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: m += 16 +# asm 1: add $16,<m=int64#2 +# asm 2: add $16,<m=%rsi +add $16,%rsi +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: l -= 16 +# asm 1: sub $16,<l=int64#3 +# asm 2: sub $16,<l=%rdx +sub $16,%rdx +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: x0 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130 +fldl crypto_onetimeauth_poly1305_amd64_alpha130(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53: + +# qhasm: x0 += h3 +# asm 1: fadd <h3=float80#3,<x0=float80#1 +# asm 2: fadd <h3=%st(2),<x0=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53: + +# qhasm: x0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130 +fsubl crypto_onetimeauth_poly1305_amd64_alpha130(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53: + +# qhasm: h3 -= x0 +# asm 1: fsubr <x0=float80#1,<h3=float80#3 +# asm 2: fsubr <x0=%st(0),<h3=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53: + +# qhasm: x0 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale +fmull crypto_onetimeauth_poly1305_amd64_scale(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53: + +# qhasm: x1 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32 +fldl crypto_onetimeauth_poly1305_amd64_alpha32(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:<x1#54: + +# qhasm: x1 += h0 +# asm 1: fadd <h0=float80#3,<x1=float80#1 +# asm 2: fadd <h0=%st(2),<x1=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:<x1#54: + +# qhasm: x1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32 +fsubl crypto_onetimeauth_poly1305_amd64_alpha32(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:<x1#54: + +# qhasm: h0 -= x1 +# asm 1: fsubr <x1=float80#1,<h0=float80#3 +# asm 2: fsubr <x1=%st(0),<h0=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:<x1#54: + +# qhasm: internal stacktop h0 +# asm 1: fxch <h0=float80#3 +# asm 2: fxch <h0=%st(2) +fxch %st(2) + +# qhasm: x0 += h0 +# asm 1: faddp <h0=float80#1,<x0=float80#2 +# asm 2: faddp <h0=%st(0),<x0=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53: + +# qhasm: x2 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64 +fldl crypto_onetimeauth_poly1305_amd64_alpha64(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55: + +# qhasm: x2 += h1 +# asm 1: fadd <h1=float80#5,<x2=float80#1 +# asm 2: fadd <h1=%st(4),<x2=%st(0) +fadd %st(4),%st(0) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55: + +# qhasm: x2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64 +fsubl crypto_onetimeauth_poly1305_amd64_alpha64(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55: + +# qhasm: h1 -= x2 +# asm 1: fsubr <x2=float80#1,<h1=float80#5 +# asm 2: fsubr <x2=%st(0),<h1=%st(4) +fsubr %st(0),%st(4) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55: + +# qhasm: x3 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96 +fldl crypto_onetimeauth_poly1305_amd64_alpha96(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:<x3#56: + +# qhasm: x3 += h2 +# asm 1: fadd <h2=float80#7,<x3=float80#1 +# asm 2: fadd <h2=%st(6),<x3=%st(0) +fadd %st(6),%st(0) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:<x3#56: + +# qhasm: x3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96 +fsubl crypto_onetimeauth_poly1305_amd64_alpha96(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:<x3#56: + +# qhasm: h2 -= x3 +# asm 1: fsubr <x3=float80#1,<h2=float80#7 +# asm 2: fsubr <x3=%st(0),<h2=%st(6) +fsubr %st(0),%st(6) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:<x3#56: + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#7 +# asm 2: fxch <h2=%st(6) +fxch %st(6) + +# qhasm: x2 += h2 +# asm 1: faddp <h2=float80#1,<x2=float80#2 +# asm 2: faddp <h2=%st(0),<x2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#56:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55: + +# qhasm: internal stacktop h3 +# asm 1: fxch <h3=float80#4 +# asm 2: fxch <h3=%st(3) +fxch %st(3) + +# qhasm: x3 += h3 +# asm 1: faddp <h3=float80#1,<x3=float80#6 +# asm 2: faddp <h3=%st(0),<x3=%st(5) +faddp %st(0),%st(5) +# comment:fpstackfrombottom:<x3#56:<h1#41:<x2#55:<x1#54:<x0#53: + +# qhasm: internal stacktop h1 +# asm 1: fxch <h1=float80#4 +# asm 2: fxch <h1=%st(3) +fxch %st(3) + +# qhasm: x1 += h1 +# asm 1: faddp <h1=float80#1,<x1=float80#2 +# asm 2: faddp <h1=%st(0),<x1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54: + +# qhasm: h3 = *(float64 *) &r3 +# asm 1: fldl <r3=stack64#19 +# asm 2: fldl <r3=176(%rsp) +fldl 176(%rsp) +# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39: + +# qhasm: h3 *= x0 +# asm 1: fmul <x0=float80#4,<h3=float80#1 +# asm 2: fmul <x0=%st(3),<h3=%st(0) +fmul %st(3),%st(0) +# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39: + +# qhasm: h2 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#17 +# asm 2: fldl <r2=160(%rsp) +fldl 160(%rsp) +# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40: + +# qhasm: h2 *= x0 +# asm 1: fmul <x0=float80#5,<h2=float80#1 +# asm 2: fmul <x0=%st(4),<h2=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40: + +# qhasm: h1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#15 +# asm 2: fldl <r1=144(%rsp) +fldl 144(%rsp) +# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41: + +# qhasm: h1 *= x0 +# asm 1: fmul <x0=float80#6,<h1=float80#1 +# asm 2: fmul <x0=%st(5),<h1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41: + +# qhasm: h0 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: h0 *= x0 +# asm 1: fmulp <x0=float80#1,<h0=float80#7 +# asm 2: fmulp <x0=%st(0),<h0=%st(6) +fmulp %st(0),%st(6) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41: + +# qhasm: r2x1 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#17 +# asm 2: fldl <r2=160(%rsp) +fldl 160(%rsp) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r2x1#57: + +# qhasm: r2x1 *= x1 +# asm 1: fmul <x1=float80#5,<r2x1=float80#1 +# asm 2: fmul <x1=%st(4),<r2x1=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r2x1#57: + +# qhasm: h3 += r2x1 +# asm 1: faddp <r2x1=float80#1,<h3=float80#4 +# asm 2: faddp <r2x1=%st(0),<h3=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41: + +# qhasm: r1x1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#15 +# asm 2: fldl <r1=144(%rsp) +fldl 144(%rsp) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r1x1#58: + +# qhasm: r1x1 *= x1 +# asm 1: fmul <x1=float80#5,<r1x1=float80#1 +# asm 2: fmul <x1=%st(4),<r1x1=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r1x1#58: + +# qhasm: h2 += r1x1 +# asm 1: faddp <r1x1=float80#1,<h2=float80#3 +# asm 2: faddp <r1x1=%st(0),<h2=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41: + +# qhasm: r0x1 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r0x1#59: + +# qhasm: r0x1 *= x1 +# asm 1: fmul <x1=float80#5,<r0x1=float80#1 +# asm 2: fmul <x1=%st(4),<r0x1=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r0x1#59: + +# qhasm: h1 += r0x1 +# asm 1: faddp <r0x1=float80#1,<h1=float80#2 +# asm 2: faddp <r0x1=%st(0),<h1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41: + +# qhasm: sr3x1 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#20 +# asm 2: fldl <sr3=184(%rsp) +fldl 184(%rsp) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<sr3x1#60: + +# qhasm: sr3x1 *= x1 +# asm 1: fmulp <x1=float80#1,<sr3x1=float80#5 +# asm 2: fmulp <x1=%st(0),<sr3x1=%st(4) +fmulp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<sr3x1#60:<h3#39:<h2#40:<h1#41: + +# qhasm: internal stacktop sr3x1 +# asm 1: fxch <sr3x1=float80#4 +# asm 2: fxch <sr3x1=%st(3) +fxch %st(3) + +# qhasm: h0 += sr3x1 +# asm 1: faddp <sr3x1=float80#1,<h0=float80#6 +# asm 2: faddp <sr3x1=%st(0),<h0=%st(5) +faddp %st(0),%st(5) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40: + +# qhasm: r1x2 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#15 +# asm 2: fldl <r1=144(%rsp) +fldl 144(%rsp) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<r1x2#61: + +# qhasm: r1x2 *= x2 +# asm 1: fmul <x2=float80#5,<r1x2=float80#1 +# asm 2: fmul <x2=%st(4),<r1x2=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<r1x2#61: + +# qhasm: h3 += r1x2 +# asm 1: faddp <r1x2=float80#1,<h3=float80#3 +# asm 2: faddp <r1x2=%st(0),<h3=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40: + +# qhasm: r0x2 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<r0x2#62: + +# qhasm: r0x2 *= x2 +# asm 1: fmul <x2=float80#5,<r0x2=float80#1 +# asm 2: fmul <x2=%st(4),<r0x2=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<r0x2#62: + +# qhasm: h2 += r0x2 +# asm 1: faddp <r0x2=float80#1,<h2=float80#2 +# asm 2: faddp <r0x2=%st(0),<h2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40: + +# qhasm: sr3x2 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#20 +# asm 2: fldl <sr3=184(%rsp) +fldl 184(%rsp) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<sr3x2#63: + +# qhasm: sr3x2 *= x2 +# asm 1: fmul <x2=float80#5,<sr3x2=float80#1 +# asm 2: fmul <x2=%st(4),<sr3x2=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<sr3x2#63: + +# qhasm: h1 += sr3x2 +# asm 1: faddp <sr3x2=float80#1,<h1=float80#4 +# asm 2: faddp <sr3x2=%st(0),<h1=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40: + +# qhasm: sr2x2 = *(float64 *) &sr2 +# asm 1: fldl <sr2=stack64#18 +# asm 2: fldl <sr2=168(%rsp) +fldl 168(%rsp) +# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<sr2x2#64: + +# qhasm: sr2x2 *= x2 +# asm 1: fmulp <x2=float80#1,<sr2x2=float80#5 +# asm 2: fmulp <x2=%st(0),<sr2x2=%st(4) +fmulp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#56:<h0#42:<sr2x2#64:<h1#41:<h3#39:<h2#40: + +# qhasm: internal stacktop sr2x2 +# asm 1: fxch <sr2x2=float80#4 +# asm 2: fxch <sr2x2=%st(3) +fxch %st(3) + +# qhasm: h0 += sr2x2 +# asm 1: faddp <sr2x2=float80#1,<h0=float80#5 +# asm 2: faddp <sr2x2=%st(0),<h0=%st(4) +faddp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#56:<h0#42:<h2#40:<h1#41:<h3#39: + +# qhasm: r0x3 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x3#56:<h0#42:<h2#40:<h1#41:<h3#39:<r0x3#65: + +# qhasm: r0x3 *= x3 +# asm 1: fmul <x3=float80#6,<r0x3=float80#1 +# asm 2: fmul <x3=%st(5),<r0x3=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#56:<h0#42:<h2#40:<h1#41:<h3#39:<r0x3#65: + +# qhasm: h3 += r0x3 +# asm 1: faddp <r0x3=float80#1,<h3=float80#2 +# asm 2: faddp <r0x3=%st(0),<h3=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#56:<h0#42:<h2#40:<h1#41:<h3#39: + +# qhasm: stacktop h0 +# asm 1: fxch <h0=float80#4 +# asm 2: fxch <h0=%st(3) +fxch %st(3) +# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: sr3x3 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#20 +# asm 2: fldl <sr3=184(%rsp) +fldl 184(%rsp) +# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h1#41:<h0#42:<sr3x3#66: + +# qhasm: sr3x3 *= x3 +# asm 1: fmul <x3=float80#6,<sr3x3=float80#1 +# asm 2: fmul <x3=%st(5),<sr3x3=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h1#41:<h0#42:<sr3x3#66: + +# qhasm: h2 += sr3x3 +# asm 1: faddp <sr3x3=float80#1,<h2=float80#4 +# asm 2: faddp <sr3x3=%st(0),<h2=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: stacktop h1 +# asm 1: fxch <h1=float80#2 +# asm 2: fxch <h1=%st(1) +fxch %st(1) +# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41: + +# qhasm: sr2x3 = *(float64 *) &sr2 +# asm 1: fldl <sr2=stack64#18 +# asm 2: fldl <sr2=168(%rsp) +fldl 168(%rsp) +# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41:<sr2x3#67: + +# qhasm: sr2x3 *= x3 +# asm 1: fmul <x3=float80#6,<sr2x3=float80#1 +# asm 2: fmul <x3=%st(5),<sr2x3=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41:<sr2x3#67: + +# qhasm: h1 += sr2x3 +# asm 1: faddp <sr2x3=float80#1,<h1=float80#2 +# asm 2: faddp <sr2x3=%st(0),<h1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41: + +# qhasm: sr1x3 = *(float64 *) &sr1 +# asm 1: fldl <sr1=stack64#16 +# asm 2: fldl <sr1=152(%rsp) +fldl 152(%rsp) +# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41:<sr1x3#68: + +# qhasm: sr1x3 *= x3 +# asm 1: fmulp <x3=float80#1,<sr1x3=float80#6 +# asm 2: fmulp <x3=%st(0),<sr1x3=%st(5) +fmulp %st(0),%st(5) +# comment:fpstackfrombottom:<sr1x3#68:<h3#39:<h2#40:<h0#42:<h1#41: + +# qhasm: internal stacktop sr1x3 +# asm 1: fxch <sr1x3=float80#5 +# asm 2: fxch <sr1x3=%st(4) +fxch %st(4) + +# qhasm: h0 += sr1x3 +# asm 1: faddp <sr1x3=float80#1,<h0=float80#2 +# asm 2: faddp <sr1x3=%st(0),<h0=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42: + +# qhasm: unsigned<? l - 16 +# asm 1: cmp $16,<l=int64#3 +# asm 2: cmp $16,<l=%rdx +cmp $16,%rdx +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42: + +# qhasm: stacktop h3 +# asm 1: fxch <h3=float80#3 +# asm 2: fxch <h3=%st(2) +fxch %st(2) +# comment:fpstackfrombottom:<h1#41:<h0#42:<h2#40:<h3#39: + +# qhasm: y3 = *(float64 *) &d3 +# asm 1: fldl <d3=stack64#13 +# asm 2: fldl <d3=128(%rsp) +fldl 128(%rsp) +# comment:fpstackfrombottom:<h1#41:<h0#42:<h2#40:<h3#39:<y3#70: + +# qhasm: y3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset3minustwo128 +fsubl crypto_onetimeauth_poly1305_amd64_doffset3minustwo128(%rip) +# comment:fpstackfrombottom:<h1#41:<h0#42:<h2#40:<h3#39:<y3#70: + +# qhasm: h3 += y3 +# asm 1: faddp <y3=float80#1,<h3=float80#2 +# asm 2: faddp <y3=%st(0),<h3=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h1#41:<h0#42:<h2#40:<h3#39: + +# qhasm: stacktop h2 +# asm 1: fxch <h2=float80#2 +# asm 2: fxch <h2=%st(1) +fxch %st(1) +# comment:fpstackfrombottom:<h1#41:<h0#42:<h3#39:<h2#40: + +# qhasm: y2 = *(float64 *) &d2 +# asm 1: fldl <d2=stack64#12 +# asm 2: fldl <d2=120(%rsp) +fldl 120(%rsp) +# comment:fpstackfrombottom:<h1#41:<h0#42:<h3#39:<h2#40:<y2#71: + +# qhasm: y2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset2 +fsubl crypto_onetimeauth_poly1305_amd64_doffset2(%rip) +# comment:fpstackfrombottom:<h1#41:<h0#42:<h3#39:<h2#40:<y2#71: + +# qhasm: h2 += y2 +# asm 1: faddp <y2=float80#1,<h2=float80#2 +# asm 2: faddp <y2=%st(0),<h2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h1#41:<h0#42:<h3#39:<h2#40: + +# qhasm: stacktop h1 +# asm 1: fxch <h1=float80#4 +# asm 2: fxch <h1=%st(3) +fxch %st(3) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h3#39:<h1#41: + +# qhasm: y1 = *(float64 *) &d1 +# asm 1: fldl <d1=stack64#11 +# asm 2: fldl <d1=112(%rsp) +fldl 112(%rsp) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h3#39:<h1#41:<y1#72: + +# qhasm: y1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset1 +fsubl crypto_onetimeauth_poly1305_amd64_doffset1(%rip) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h3#39:<h1#41:<y1#72: + +# qhasm: h1 += y1 +# asm 1: faddp <y1=float80#1,<h1=float80#2 +# asm 2: faddp <y1=%st(0),<h1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h3#39:<h1#41: + +# qhasm: stacktop h0 +# asm 1: fxch <h0=float80#3 +# asm 2: fxch <h0=%st(2) +fxch %st(2) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: y0 = *(float64 *) &d0 +# asm 1: fldl <d0=stack64#10 +# asm 2: fldl <d0=104(%rsp) +fldl 104(%rsp) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<y0#73: + +# qhasm: y0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset0 +fsubl crypto_onetimeauth_poly1305_amd64_doffset0(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<y0#73: + +# qhasm: h0 += y0 +# asm 1: faddp <y0=float80#1,<h0=float80#2 +# asm 2: faddp <y0=%st(0),<h0=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: +# comment:fp stack unchanged by jump +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: goto multiplyaddatleast16bytes if !unsigned< +jae ._multiplyaddatleast16bytes +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: +# comment:fp stack unchanged by fallthrough +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: multiplyaddatmost15bytes: +._multiplyaddatmost15bytes: +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42: + +# qhasm: x0 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130 +fldl crypto_onetimeauth_poly1305_amd64_alpha130(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74: + +# qhasm: x0 += h3 +# asm 1: fadd <h3=float80#3,<x0=float80#1 +# asm 2: fadd <h3=%st(2),<x0=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74: + +# qhasm: x0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130 +fsubl crypto_onetimeauth_poly1305_amd64_alpha130(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74: + +# qhasm: h3 -= x0 +# asm 1: fsubr <x0=float80#1,<h3=float80#3 +# asm 2: fsubr <x0=%st(0),<h3=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74: + +# qhasm: x0 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale +fmull crypto_onetimeauth_poly1305_amd64_scale(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74: + +# qhasm: x1 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32 +fldl crypto_onetimeauth_poly1305_amd64_alpha32(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75: + +# qhasm: x1 += h0 +# asm 1: fadd <h0=float80#3,<x1=float80#1 +# asm 2: fadd <h0=%st(2),<x1=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75: + +# qhasm: x1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32 +fsubl crypto_onetimeauth_poly1305_amd64_alpha32(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75: + +# qhasm: h0 -= x1 +# asm 1: fsubr <x1=float80#1,<h0=float80#3 +# asm 2: fsubr <x1=%st(0),<h0=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75: + +# qhasm: x2 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64 +fldl crypto_onetimeauth_poly1305_amd64_alpha64(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76: + +# qhasm: x2 += h1 +# asm 1: fadd <h1=float80#6,<x2=float80#1 +# asm 2: fadd <h1=%st(5),<x2=%st(0) +fadd %st(5),%st(0) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76: + +# qhasm: x2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64 +fsubl crypto_onetimeauth_poly1305_amd64_alpha64(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76: + +# qhasm: h1 -= x2 +# asm 1: fsubr <x2=float80#1,<h1=float80#6 +# asm 2: fsubr <x2=%st(0),<h1=%st(5) +fsubr %st(0),%st(5) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76: + +# qhasm: x3 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96 +fldl crypto_onetimeauth_poly1305_amd64_alpha96(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:<x3#77: + +# qhasm: x3 += h2 +# asm 1: fadd <h2=float80#8,<x3=float80#1 +# asm 2: fadd <h2=%st(7),<x3=%st(0) +fadd %st(7),%st(0) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:<x3#77: + +# qhasm: x3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96 +fsubl crypto_onetimeauth_poly1305_amd64_alpha96(%rip) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:<x3#77: + +# qhasm: h2 -= x3 +# asm 1: fsubr <x3=float80#1,<h2=float80#8 +# asm 2: fsubr <x3=%st(0),<h2=%st(7) +fsubr %st(0),%st(7) +# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:<x3#77: + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#8 +# asm 2: fxch <h2=%st(7) +fxch %st(7) + +# qhasm: x2 += h2 +# asm 1: faddp <h2=float80#1,<x2=float80#2 +# asm 2: faddp <h2=%st(0),<x2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#77:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76: + +# qhasm: internal stacktop h1 +# asm 1: fxch <h1=float80#6 +# asm 2: fxch <h1=%st(5) +fxch %st(5) + +# qhasm: x1 += h1 +# asm 1: faddp <h1=float80#1,<x1=float80#2 +# asm 2: faddp <h1=%st(0),<x1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h3#39:<h0#42:<x0#74:<x1#75: + +# qhasm: internal stacktop h3 +# asm 1: fxch <h3=float80#4 +# asm 2: fxch <h3=%st(3) +fxch %st(3) + +# qhasm: x3 += h3 +# asm 1: faddp <h3=float80#1,<x3=float80#6 +# asm 2: faddp <h3=%st(0),<x3=%st(5) +faddp %st(0),%st(5) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<x0#74: + +# qhasm: x0 += h0 +# asm 1: faddp <h0=float80#1,<x0=float80#2 +# asm 2: faddp <h0=%st(0),<x0=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74: + +# qhasm: h3 = *(float64 *) &r3 +# asm 1: fldl <r3=stack64#19 +# asm 2: fldl <r3=176(%rsp) +fldl 176(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39: + +# qhasm: h3 *= x0 +# asm 1: fmul <x0=float80#2,<h3=float80#1 +# asm 2: fmul <x0=%st(1),<h3=%st(0) +fmul %st(1),%st(0) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39: + +# qhasm: h2 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#17 +# asm 2: fldl <r2=160(%rsp) +fldl 160(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40: + +# qhasm: h2 *= x0 +# asm 1: fmul <x0=float80#3,<h2=float80#1 +# asm 2: fmul <x0=%st(2),<h2=%st(0) +fmul %st(2),%st(0) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40: + +# qhasm: h1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#15 +# asm 2: fldl <r1=144(%rsp) +fldl 144(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40:<h1#41: + +# qhasm: h1 *= x0 +# asm 1: fmul <x0=float80#4,<h1=float80#1 +# asm 2: fmul <x0=%st(3),<h1=%st(0) +fmul %st(3),%st(0) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40:<h1#41: + +# qhasm: h0 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: h0 *= x0 +# asm 1: fmulp <x0=float80#1,<h0=float80#5 +# asm 2: fmulp <x0=%st(0),<h0=%st(4) +fmulp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41: + +# qhasm: r2x1 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#17 +# asm 2: fldl <r2=160(%rsp) +fldl 160(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r2x1#78: + +# qhasm: r2x1 *= x1 +# asm 1: fmul <x1=float80#6,<r2x1=float80#1 +# asm 2: fmul <x1=%st(5),<r2x1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r2x1#78: + +# qhasm: h3 += r2x1 +# asm 1: faddp <r2x1=float80#1,<h3=float80#4 +# asm 2: faddp <r2x1=%st(0),<h3=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41: + +# qhasm: r1x1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#15 +# asm 2: fldl <r1=144(%rsp) +fldl 144(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r1x1#79: + +# qhasm: r1x1 *= x1 +# asm 1: fmul <x1=float80#6,<r1x1=float80#1 +# asm 2: fmul <x1=%st(5),<r1x1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r1x1#79: + +# qhasm: h2 += r1x1 +# asm 1: faddp <r1x1=float80#1,<h2=float80#3 +# asm 2: faddp <r1x1=%st(0),<h2=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41: + +# qhasm: r0x1 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r0x1#80: + +# qhasm: r0x1 *= x1 +# asm 1: fmul <x1=float80#6,<r0x1=float80#1 +# asm 2: fmul <x1=%st(5),<r0x1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r0x1#80: + +# qhasm: h1 += r0x1 +# asm 1: faddp <r0x1=float80#1,<h1=float80#2 +# asm 2: faddp <r0x1=%st(0),<h1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41: + +# qhasm: sr3x1 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#20 +# asm 2: fldl <sr3=184(%rsp) +fldl 184(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<sr3x1#81: + +# qhasm: sr3x1 *= x1 +# asm 1: fmulp <x1=float80#1,<sr3x1=float80#6 +# asm 2: fmulp <x1=%st(0),<sr3x1=%st(5) +fmulp %st(0),%st(5) +# comment:fpstackfrombottom:<x3#77:<x2#76:<sr3x1#81:<h0#42:<h3#39:<h2#40:<h1#41: + +# qhasm: internal stacktop sr3x1 +# asm 1: fxch <sr3x1=float80#5 +# asm 2: fxch <sr3x1=%st(4) +fxch %st(4) + +# qhasm: h0 += sr3x1 +# asm 1: faddp <sr3x1=float80#1,<h0=float80#4 +# asm 2: faddp <sr3x1=%st(0),<h0=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40: + +# qhasm: r1x2 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#15 +# asm 2: fldl <r1=144(%rsp) +fldl 144(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<r1x2#82: + +# qhasm: r1x2 *= x2 +# asm 1: fmul <x2=float80#6,<r1x2=float80#1 +# asm 2: fmul <x2=%st(5),<r1x2=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<r1x2#82: + +# qhasm: h3 += r1x2 +# asm 1: faddp <r1x2=float80#1,<h3=float80#3 +# asm 2: faddp <r1x2=%st(0),<h3=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40: + +# qhasm: r0x2 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<r0x2#83: + +# qhasm: r0x2 *= x2 +# asm 1: fmul <x2=float80#6,<r0x2=float80#1 +# asm 2: fmul <x2=%st(5),<r0x2=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<r0x2#83: + +# qhasm: h2 += r0x2 +# asm 1: faddp <r0x2=float80#1,<h2=float80#2 +# asm 2: faddp <r0x2=%st(0),<h2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40: + +# qhasm: sr3x2 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#20 +# asm 2: fldl <sr3=184(%rsp) +fldl 184(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<sr3x2#84: + +# qhasm: sr3x2 *= x2 +# asm 1: fmul <x2=float80#6,<sr3x2=float80#1 +# asm 2: fmul <x2=%st(5),<sr3x2=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<sr3x2#84: + +# qhasm: h1 += sr3x2 +# asm 1: faddp <sr3x2=float80#1,<h1=float80#5 +# asm 2: faddp <sr3x2=%st(0),<h1=%st(4) +faddp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40: + +# qhasm: sr2x2 = *(float64 *) &sr2 +# asm 1: fldl <sr2=stack64#18 +# asm 2: fldl <sr2=168(%rsp) +fldl 168(%rsp) +# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<sr2x2#85: + +# qhasm: sr2x2 *= x2 +# asm 1: fmulp <x2=float80#1,<sr2x2=float80#6 +# asm 2: fmulp <x2=%st(0),<sr2x2=%st(5) +fmulp %st(0),%st(5) +# comment:fpstackfrombottom:<x3#77:<sr2x2#85:<h1#41:<h0#42:<h3#39:<h2#40: + +# qhasm: internal stacktop sr2x2 +# asm 1: fxch <sr2x2=float80#5 +# asm 2: fxch <sr2x2=%st(4) +fxch %st(4) + +# qhasm: h0 += sr2x2 +# asm 1: faddp <sr2x2=float80#1,<h0=float80#3 +# asm 2: faddp <sr2x2=%st(0),<h0=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39: + +# qhasm: r0x3 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<r0x3#86: + +# qhasm: r0x3 *= x3 +# asm 1: fmul <x3=float80#6,<r0x3=float80#1 +# asm 2: fmul <x3=%st(5),<r0x3=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<r0x3#86: + +# qhasm: h3 += r0x3 +# asm 1: faddp <r0x3=float80#1,<h3=float80#2 +# asm 2: faddp <r0x3=%st(0),<h3=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39: + +# qhasm: sr3x3 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#20 +# asm 2: fldl <sr3=184(%rsp) +fldl 184(%rsp) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr3x3#87: + +# qhasm: sr3x3 *= x3 +# asm 1: fmul <x3=float80#6,<sr3x3=float80#1 +# asm 2: fmul <x3=%st(5),<sr3x3=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr3x3#87: + +# qhasm: h2 += sr3x3 +# asm 1: faddp <sr3x3=float80#1,<h2=float80#5 +# asm 2: faddp <sr3x3=%st(0),<h2=%st(4) +faddp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39: + +# qhasm: sr2x3 = *(float64 *) &sr2 +# asm 1: fldl <sr2=stack64#18 +# asm 2: fldl <sr2=168(%rsp) +fldl 168(%rsp) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr2x3#88: + +# qhasm: sr2x3 *= x3 +# asm 1: fmul <x3=float80#6,<sr2x3=float80#1 +# asm 2: fmul <x3=%st(5),<sr2x3=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr2x3#88: + +# qhasm: h1 += sr2x3 +# asm 1: faddp <sr2x3=float80#1,<h1=float80#4 +# asm 2: faddp <sr2x3=%st(0),<h1=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39: + +# qhasm: sr1x3 = *(float64 *) &sr1 +# asm 1: fldl <sr1=stack64#16 +# asm 2: fldl <sr1=152(%rsp) +fldl 152(%rsp) +# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr1x3#89: + +# qhasm: sr1x3 *= x3 +# asm 1: fmulp <x3=float80#1,<sr1x3=float80#6 +# asm 2: fmulp <x3=%st(0),<sr1x3=%st(5) +fmulp %st(0),%st(5) +# comment:fpstackfrombottom:<sr1x3#89:<h2#40:<h1#41:<h0#42:<h3#39: + +# qhasm: internal stacktop sr1x3 +# asm 1: fxch <sr1x3=float80#5 +# asm 2: fxch <sr1x3=%st(4) +fxch %st(4) + +# qhasm: h0 += sr1x3 +# asm 1: faddp <sr1x3=float80#1,<h0=float80#2 +# asm 2: faddp <sr1x3=%st(0),<h0=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fp stack unchanged by fallthrough +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: addatmost15bytes: +._addatmost15bytes: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: =? l - 0 +# asm 1: cmp $0,<l=int64#3 +# asm 2: cmp $0,<l=%rdx +cmp $0,%rdx +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fp stack unchanged by jump +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: goto nomorebytes if = +je ._nomorebytes +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: stack128 lastchunk +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: int64 destination +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: int64 numbytes +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: ((uint32 *)&lastchunk)[0] = 0 +# asm 1: movl $0,>lastchunk=stack128#1 +# asm 2: movl $0,>lastchunk=0(%rsp) +movl $0,0(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: ((uint32 *)&lastchunk)[1] = 0 +# asm 1: movl $0,4+<lastchunk=stack128#1 +# asm 2: movl $0,4+<lastchunk=0(%rsp) +movl $0,4+0(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: ((uint32 *)&lastchunk)[2] = 0 +# asm 1: movl $0,8+<lastchunk=stack128#1 +# asm 2: movl $0,8+<lastchunk=0(%rsp) +movl $0,8+0(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: ((uint32 *)&lastchunk)[3] = 0 +# asm 1: movl $0,12+<lastchunk=stack128#1 +# asm 2: movl $0,12+<lastchunk=0(%rsp) +movl $0,12+0(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: destination = &lastchunk +# asm 1: leaq <lastchunk=stack128#1,>destination=int64#1 +# asm 2: leaq <lastchunk=0(%rsp),>destination=%rdi +leaq 0(%rsp),%rdi +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: numbytes = l +# asm 1: mov <l=int64#3,>numbytes=int64#4 +# asm 2: mov <l=%rdx,>numbytes=%rcx +mov %rdx,%rcx +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: while (numbytes) { *destination++ = *m++; --numbytes } +rep movsb +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: *(uint8 *) (destination + 0) = 1 +# asm 1: movb $1,0(<destination=int64#1) +# asm 2: movb $1,0(<destination=%rdi) +movb $1,0(%rdi) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: m3 = ((uint32 *)&lastchunk)[3] +# asm 1: movl 12+<lastchunk=stack128#1,>m3=int64#1d +# asm 2: movl 12+<lastchunk=0(%rsp),>m3=%edi +movl 12+0(%rsp),%edi +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: m2 = ((uint32 *)&lastchunk)[2] +# asm 1: movl 8+<lastchunk=stack128#1,>m2=int64#2d +# asm 2: movl 8+<lastchunk=0(%rsp),>m2=%esi +movl 8+0(%rsp),%esi +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: m1 = ((uint32 *)&lastchunk)[1] +# asm 1: movl 4+<lastchunk=stack128#1,>m1=int64#3d +# asm 2: movl 4+<lastchunk=0(%rsp),>m1=%edx +movl 4+0(%rsp),%edx +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: m0 = ((uint32 *)&lastchunk)[0] +# asm 1: movl <lastchunk=stack128#1,>m0=int64#4d +# asm 2: movl <lastchunk=0(%rsp),>m0=%ecx +movl 0(%rsp),%ecx +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: inplace d3 bottom = m3 +# asm 1: movl <m3=int64#1d,<d3=stack64#13 +# asm 2: movl <m3=%edi,<d3=128(%rsp) +movl %edi,128(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: inplace d2 bottom = m2 +# asm 1: movl <m2=int64#2d,<d2=stack64#12 +# asm 2: movl <m2=%esi,<d2=120(%rsp) +movl %esi,120(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: inplace d1 bottom = m1 +# asm 1: movl <m1=int64#3d,<d1=stack64#11 +# asm 2: movl <m1=%edx,<d1=112(%rsp) +movl %edx,112(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: inplace d0 bottom = m0 +# asm 1: movl <m0=int64#4d,<d0=stack64#10 +# asm 2: movl <m0=%ecx,<d0=104(%rsp) +movl %ecx,104(%rsp) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: internal stacktop h3 +# asm 1: fxch <h3=float80#4 +# asm 2: fxch <h3=%st(3) +fxch %st(3) + +# qhasm: h3 += *(float64 *) &d3 +# asm 1: faddl <d3=stack64#13 +# asm 2: faddl <d3=128(%rsp) +faddl 128(%rsp) +# comment:fpstackfrombottom:<h0#42:<h2#40:<h1#41:<h3#39: + +# qhasm: h3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset3 +fsubl crypto_onetimeauth_poly1305_amd64_doffset3(%rip) +# comment:fpstackfrombottom:<h0#42:<h2#40:<h1#41:<h3#39: + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#3 +# asm 2: fxch <h2=%st(2) +fxch %st(2) + +# qhasm: h2 += *(float64 *) &d2 +# asm 1: faddl <d2=stack64#12 +# asm 2: faddl <d2=120(%rsp) +faddl 120(%rsp) +# comment:fpstackfrombottom:<h0#42:<h3#39:<h1#41:<h2#40: + +# qhasm: h2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset2 +fsubl crypto_onetimeauth_poly1305_amd64_doffset2(%rip) +# comment:fpstackfrombottom:<h0#42:<h3#39:<h1#41:<h2#40: + +# qhasm: internal stacktop h1 +# asm 1: fxch <h1=float80#2 +# asm 2: fxch <h1=%st(1) +fxch %st(1) + +# qhasm: h1 += *(float64 *) &d1 +# asm 1: faddl <d1=stack64#11 +# asm 2: faddl <d1=112(%rsp) +faddl 112(%rsp) +# comment:fpstackfrombottom:<h0#42:<h3#39:<h2#40:<h1#41: + +# qhasm: h1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset1 +fsubl crypto_onetimeauth_poly1305_amd64_doffset1(%rip) +# comment:fpstackfrombottom:<h0#42:<h3#39:<h2#40:<h1#41: + +# qhasm: internal stacktop h0 +# asm 1: fxch <h0=float80#4 +# asm 2: fxch <h0=%st(3) +fxch %st(3) + +# qhasm: h0 += *(float64 *) &d0 +# asm 1: faddl <d0=stack64#10 +# asm 2: faddl <d0=104(%rsp) +faddl 104(%rsp) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42: + +# qhasm: h0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset0 +fsubl crypto_onetimeauth_poly1305_amd64_doffset0(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42: + +# qhasm: x0 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130 +fldl crypto_onetimeauth_poly1305_amd64_alpha130(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98: + +# qhasm: x0 += h3 +# asm 1: fadd <h3=float80#4,<x0=float80#1 +# asm 2: fadd <h3=%st(3),<x0=%st(0) +fadd %st(3),%st(0) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98: + +# qhasm: x0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130 +fsubl crypto_onetimeauth_poly1305_amd64_alpha130(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98: + +# qhasm: h3 -= x0 +# asm 1: fsubr <x0=float80#1,<h3=float80#4 +# asm 2: fsubr <x0=%st(0),<h3=%st(3) +fsubr %st(0),%st(3) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98: + +# qhasm: x0 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale +fmull crypto_onetimeauth_poly1305_amd64_scale(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98: + +# qhasm: x1 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32 +fldl crypto_onetimeauth_poly1305_amd64_alpha32(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99: + +# qhasm: x1 += h0 +# asm 1: fadd <h0=float80#3,<x1=float80#1 +# asm 2: fadd <h0=%st(2),<x1=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99: + +# qhasm: x1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32 +fsubl crypto_onetimeauth_poly1305_amd64_alpha32(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99: + +# qhasm: h0 -= x1 +# asm 1: fsubr <x1=float80#1,<h0=float80#3 +# asm 2: fsubr <x1=%st(0),<h0=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99: + +# qhasm: x2 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64 +fldl crypto_onetimeauth_poly1305_amd64_alpha64(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100: + +# qhasm: x2 += h1 +# asm 1: fadd <h1=float80#7,<x2=float80#1 +# asm 2: fadd <h1=%st(6),<x2=%st(0) +fadd %st(6),%st(0) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100: + +# qhasm: x2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64 +fsubl crypto_onetimeauth_poly1305_amd64_alpha64(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100: + +# qhasm: h1 -= x2 +# asm 1: fsubr <x2=float80#1,<h1=float80#7 +# asm 2: fsubr <x2=%st(0),<h1=%st(6) +fsubr %st(0),%st(6) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100: + +# qhasm: x3 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96 +fldl crypto_onetimeauth_poly1305_amd64_alpha96(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:<x3#101: + +# qhasm: x3 += h2 +# asm 1: fadd <h2=float80#6,<x3=float80#1 +# asm 2: fadd <h2=%st(5),<x3=%st(0) +fadd %st(5),%st(0) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:<x3#101: + +# qhasm: x3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96 +fsubl crypto_onetimeauth_poly1305_amd64_alpha96(%rip) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:<x3#101: + +# qhasm: h2 -= x3 +# asm 1: fsubr <x3=float80#1,<h2=float80#6 +# asm 2: fsubr <x3=%st(0),<h2=%st(5) +fsubr %st(0),%st(5) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:<x3#101: + +# qhasm: internal stacktop h0 +# asm 1: fxch <h0=float80#5 +# asm 2: fxch <h0=%st(4) +fxch %st(4) + +# qhasm: x0 += h0 +# asm 1: faddp <h0=float80#1,<x0=float80#4 +# asm 2: faddp <h0=%st(0),<x0=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<x3#101:<x0#98:<x1#99:<x2#100: + +# qhasm: internal stacktop h1 +# asm 1: fxch <h1=float80#7 +# asm 2: fxch <h1=%st(6) +fxch %st(6) + +# qhasm: x1 += h1 +# asm 1: faddp <h1=float80#1,<x1=float80#2 +# asm 2: faddp <h1=%st(0),<x1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x2#100:<h3#39:<h2#40:<x3#101:<x0#98:<x1#99: + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#4 +# asm 2: fxch <h2=%st(3) +fxch %st(3) + +# qhasm: x2 += h2 +# asm 1: faddp <h2=float80#1,<x2=float80#6 +# asm 2: faddp <h2=%st(0),<x2=%st(5) +faddp %st(0),%st(5) +# comment:fpstackfrombottom:<x2#100:<h3#39:<x1#99:<x3#101:<x0#98: + +# qhasm: internal stacktop h3 +# asm 1: fxch <h3=float80#4 +# asm 2: fxch <h3=%st(3) +fxch %st(3) + +# qhasm: x3 += h3 +# asm 1: faddp <h3=float80#1,<x3=float80#2 +# asm 2: faddp <h3=%st(0),<x3=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101: + +# qhasm: h3 = *(float64 *) &r3 +# asm 1: fldl <r3=stack64#19 +# asm 2: fldl <r3=176(%rsp) +fldl 176(%rsp) +# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39: + +# qhasm: h3 *= x0 +# asm 1: fmul <x0=float80#4,<h3=float80#1 +# asm 2: fmul <x0=%st(3),<h3=%st(0) +fmul %st(3),%st(0) +# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39: + +# qhasm: h2 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#17 +# asm 2: fldl <r2=160(%rsp) +fldl 160(%rsp) +# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40: + +# qhasm: h2 *= x0 +# asm 1: fmul <x0=float80#5,<h2=float80#1 +# asm 2: fmul <x0=%st(4),<h2=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40: + +# qhasm: h1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#15 +# asm 2: fldl <r1=144(%rsp) +fldl 144(%rsp) +# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41: + +# qhasm: h1 *= x0 +# asm 1: fmul <x0=float80#6,<h1=float80#1 +# asm 2: fmul <x0=%st(5),<h1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41: + +# qhasm: h0 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: h0 *= x0 +# asm 1: fmulp <x0=float80#1,<h0=float80#7 +# asm 2: fmulp <x0=%st(0),<h0=%st(6) +fmulp %st(0),%st(6) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41: + +# qhasm: r2x1 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#17 +# asm 2: fldl <r2=160(%rsp) +fldl 160(%rsp) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r2x1#102: + +# qhasm: r2x1 *= x1 +# asm 1: fmul <x1=float80#6,<r2x1=float80#1 +# asm 2: fmul <x1=%st(5),<r2x1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r2x1#102: + +# qhasm: h3 += r2x1 +# asm 1: faddp <r2x1=float80#1,<h3=float80#4 +# asm 2: faddp <r2x1=%st(0),<h3=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41: + +# qhasm: r1x1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#15 +# asm 2: fldl <r1=144(%rsp) +fldl 144(%rsp) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r1x1#103: + +# qhasm: r1x1 *= x1 +# asm 1: fmul <x1=float80#6,<r1x1=float80#1 +# asm 2: fmul <x1=%st(5),<r1x1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r1x1#103: + +# qhasm: h2 += r1x1 +# asm 1: faddp <r1x1=float80#1,<h2=float80#3 +# asm 2: faddp <r1x1=%st(0),<h2=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41: + +# qhasm: r0x1 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r0x1#104: + +# qhasm: r0x1 *= x1 +# asm 1: fmul <x1=float80#6,<r0x1=float80#1 +# asm 2: fmul <x1=%st(5),<r0x1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r0x1#104: + +# qhasm: h1 += r0x1 +# asm 1: faddp <r0x1=float80#1,<h1=float80#2 +# asm 2: faddp <r0x1=%st(0),<h1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41: + +# qhasm: sr3x1 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#20 +# asm 2: fldl <sr3=184(%rsp) +fldl 184(%rsp) +# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<sr3x1#105: + +# qhasm: sr3x1 *= x1 +# asm 1: fmulp <x1=float80#1,<sr3x1=float80#6 +# asm 2: fmulp <x1=%st(0),<sr3x1=%st(5) +fmulp %st(0),%st(5) +# comment:fpstackfrombottom:<x2#100:<h0#42:<sr3x1#105:<x3#101:<h3#39:<h2#40:<h1#41: + +# qhasm: internal stacktop sr3x1 +# asm 1: fxch <sr3x1=float80#5 +# asm 2: fxch <sr3x1=%st(4) +fxch %st(4) + +# qhasm: h0 += sr3x1 +# asm 1: faddp <sr3x1=float80#1,<h0=float80#6 +# asm 2: faddp <sr3x1=%st(0),<h0=%st(5) +faddp %st(0),%st(5) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40: + +# qhasm: r1x2 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#15 +# asm 2: fldl <r1=144(%rsp) +fldl 144(%rsp) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<r1x2#106: + +# qhasm: r1x2 *= x2 +# asm 1: fmul <x2=float80#7,<r1x2=float80#1 +# asm 2: fmul <x2=%st(6),<r1x2=%st(0) +fmul %st(6),%st(0) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<r1x2#106: + +# qhasm: h3 += r1x2 +# asm 1: faddp <r1x2=float80#1,<h3=float80#3 +# asm 2: faddp <r1x2=%st(0),<h3=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40: + +# qhasm: r0x2 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<r0x2#107: + +# qhasm: r0x2 *= x2 +# asm 1: fmul <x2=float80#7,<r0x2=float80#1 +# asm 2: fmul <x2=%st(6),<r0x2=%st(0) +fmul %st(6),%st(0) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<r0x2#107: + +# qhasm: h2 += r0x2 +# asm 1: faddp <r0x2=float80#1,<h2=float80#2 +# asm 2: faddp <r0x2=%st(0),<h2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40: + +# qhasm: sr3x2 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#20 +# asm 2: fldl <sr3=184(%rsp) +fldl 184(%rsp) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<sr3x2#108: + +# qhasm: sr3x2 *= x2 +# asm 1: fmul <x2=float80#7,<sr3x2=float80#1 +# asm 2: fmul <x2=%st(6),<sr3x2=%st(0) +fmul %st(6),%st(0) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<sr3x2#108: + +# qhasm: h1 += sr3x2 +# asm 1: faddp <sr3x2=float80#1,<h1=float80#5 +# asm 2: faddp <sr3x2=%st(0),<h1=%st(4) +faddp %st(0),%st(4) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40: + +# qhasm: sr2x2 = *(float64 *) &sr2 +# asm 1: fldl <sr2=stack64#18 +# asm 2: fldl <sr2=168(%rsp) +fldl 168(%rsp) +# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<sr2x2#109: + +# qhasm: sr2x2 *= x2 +# asm 1: fmulp <x2=float80#1,<sr2x2=float80#7 +# asm 2: fmulp <x2=%st(0),<sr2x2=%st(6) +fmulp %st(0),%st(6) +# comment:fpstackfrombottom:<sr2x2#109:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40: + +# qhasm: internal stacktop sr2x2 +# asm 1: fxch <sr2x2=float80#6 +# asm 2: fxch <sr2x2=%st(5) +fxch %st(5) + +# qhasm: h0 += sr2x2 +# asm 1: faddp <sr2x2=float80#1,<h0=float80#5 +# asm 2: faddp <sr2x2=%st(0),<h0=%st(4) +faddp %st(0),%st(4) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39: + +# qhasm: r0x3 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#14 +# asm 2: fldl <r0=136(%rsp) +fldl 136(%rsp) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<r0x3#110: + +# qhasm: r0x3 *= x3 +# asm 1: fmul <x3=float80#3,<r0x3=float80#1 +# asm 2: fmul <x3=%st(2),<r0x3=%st(0) +fmul %st(2),%st(0) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<r0x3#110: + +# qhasm: h3 += r0x3 +# asm 1: faddp <r0x3=float80#1,<h3=float80#2 +# asm 2: faddp <r0x3=%st(0),<h3=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39: + +# qhasm: sr3x3 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#20 +# asm 2: fldl <sr3=184(%rsp) +fldl 184(%rsp) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr3x3#111: + +# qhasm: sr3x3 *= x3 +# asm 1: fmul <x3=float80#3,<sr3x3=float80#1 +# asm 2: fmul <x3=%st(2),<sr3x3=%st(0) +fmul %st(2),%st(0) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr3x3#111: + +# qhasm: h2 += sr3x3 +# asm 1: faddp <sr3x3=float80#1,<h2=float80#6 +# asm 2: faddp <sr3x3=%st(0),<h2=%st(5) +faddp %st(0),%st(5) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39: + +# qhasm: sr2x3 = *(float64 *) &sr2 +# asm 1: fldl <sr2=stack64#18 +# asm 2: fldl <sr2=168(%rsp) +fldl 168(%rsp) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr2x3#112: + +# qhasm: sr2x3 *= x3 +# asm 1: fmul <x3=float80#3,<sr2x3=float80#1 +# asm 2: fmul <x3=%st(2),<sr2x3=%st(0) +fmul %st(2),%st(0) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr2x3#112: + +# qhasm: h1 += sr2x3 +# asm 1: faddp <sr2x3=float80#1,<h1=float80#4 +# asm 2: faddp <sr2x3=%st(0),<h1=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39: + +# qhasm: sr1x3 = *(float64 *) &sr1 +# asm 1: fldl <sr1=stack64#16 +# asm 2: fldl <sr1=152(%rsp) +fldl 152(%rsp) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr1x3#113: + +# qhasm: sr1x3 *= x3 +# asm 1: fmulp <x3=float80#1,<sr1x3=float80#3 +# asm 2: fmulp <x3=%st(0),<sr1x3=%st(2) +fmulp %st(0),%st(2) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<sr1x3#113:<h3#39: + +# qhasm: internal stacktop sr1x3 +# asm 1: fxch <sr1x3=float80#2 +# asm 2: fxch <sr1x3=%st(1) +fxch %st(1) + +# qhasm: h0 += sr1x3 +# asm 1: faddp <sr1x3=float80#1,<h0=float80#4 +# asm 2: faddp <sr1x3=%st(0),<h0=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<h3#39: +# comment:automatically reorganizing fp stack for fallthrough + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#4 +# asm 2: fxch <h2=%st(3) +fxch %st(3) +# comment:fpstackfrombottom:<h3#39:<h0#42:<h1#41:<h2#40: + +# qhasm: internal stacktop h0 +# asm 1: fxch <h0=float80#3 +# asm 2: fxch <h0=%st(2) +fxch %st(2) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: nomorebytes: +._nomorebytes: +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42: + +# qhasm: x0 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130 +fldl crypto_onetimeauth_poly1305_amd64_alpha130(%rip) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114: + +# qhasm: x0 += h3 +# asm 1: fadd <h3=float80#5,<x0=float80#1 +# asm 2: fadd <h3=%st(4),<x0=%st(0) +fadd %st(4),%st(0) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114: + +# qhasm: x0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130 +fsubl crypto_onetimeauth_poly1305_amd64_alpha130(%rip) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114: + +# qhasm: h3 -= x0 +# asm 1: fsubr <x0=float80#1,<h3=float80#5 +# asm 2: fsubr <x0=%st(0),<h3=%st(4) +fsubr %st(0),%st(4) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114: + +# qhasm: x0 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale +fmull crypto_onetimeauth_poly1305_amd64_scale(%rip) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114: + +# qhasm: x1 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32 +fldl crypto_onetimeauth_poly1305_amd64_alpha32(%rip) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115: + +# qhasm: x1 += h0 +# asm 1: fadd <h0=float80#3,<x1=float80#1 +# asm 2: fadd <h0=%st(2),<x1=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115: + +# qhasm: x1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32 +fsubl crypto_onetimeauth_poly1305_amd64_alpha32(%rip) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115: + +# qhasm: h0 -= x1 +# asm 1: fsubr <x1=float80#1,<h0=float80#3 +# asm 2: fsubr <x1=%st(0),<h0=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115: + +# qhasm: x2 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64 +fldl crypto_onetimeauth_poly1305_amd64_alpha64(%rip) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116: + +# qhasm: x2 += h1 +# asm 1: fadd <h1=float80#5,<x2=float80#1 +# asm 2: fadd <h1=%st(4),<x2=%st(0) +fadd %st(4),%st(0) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116: + +# qhasm: x2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64 +fsubl crypto_onetimeauth_poly1305_amd64_alpha64(%rip) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116: + +# qhasm: h1 -= x2 +# asm 1: fsubr <x2=float80#1,<h1=float80#5 +# asm 2: fsubr <x2=%st(0),<h1=%st(4) +fsubr %st(0),%st(4) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116: + +# qhasm: x3 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96 +fldl crypto_onetimeauth_poly1305_amd64_alpha96(%rip) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<x3#117: + +# qhasm: x3 += h2 +# asm 1: fadd <h2=float80#7,<x3=float80#1 +# asm 2: fadd <h2=%st(6),<x3=%st(0) +fadd %st(6),%st(0) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<x3#117: + +# qhasm: x3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96 +fsubl crypto_onetimeauth_poly1305_amd64_alpha96(%rip) +# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<x3#117: + +# qhasm: stacktop h2 +# asm 1: fxch <h2=float80#7 +# asm 2: fxch <h2=%st(6) +fxch %st(6) +# comment:fpstackfrombottom:<h3#39:<x3#117:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<h2#40: + +# qhasm: h2 -= x3 +# asm 1: fsub <x3=float80#7,<h2=float80#1 +# asm 2: fsub <x3=%st(6),<h2=%st(0) +fsub %st(6),%st(0) +# comment:fpstackfrombottom:<h3#39:<x3#117:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<h2#40: + +# qhasm: internal stacktop h0 +# asm 1: fxch <h0=float80#5 +# asm 2: fxch <h0=%st(4) +fxch %st(4) + +# qhasm: x0 += h0 +# asm 1: faddp <h0=float80#1,<x0=float80#4 +# asm 2: faddp <h0=%st(0),<x0=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<h3#39:<x3#117:<h1#41:<h2#40:<x0#114:<x1#115:<x2#116: + +# qhasm: internal stacktop h1 +# asm 1: fxch <h1=float80#5 +# asm 2: fxch <h1=%st(4) +fxch %st(4) + +# qhasm: x1 += h1 +# asm 1: faddp <h1=float80#1,<x1=float80#2 +# asm 2: faddp <h1=%st(0),<x1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h3#39:<x3#117:<x2#116:<h2#40:<x0#114:<x1#115: + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#3 +# asm 2: fxch <h2=%st(2) +fxch %st(2) + +# qhasm: x2 += h2 +# asm 1: faddp <h2=float80#1,<x2=float80#4 +# asm 2: faddp <h2=%st(0),<x2=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<h3#39:<x3#117:<x2#116:<x1#115:<x0#114: + +# qhasm: internal stacktop h3 +# asm 1: fxch <h3=float80#5 +# asm 2: fxch <h3=%st(4) +fxch %st(4) + +# qhasm: x3 += h3 +# asm 1: faddp <h3=float80#1,<x3=float80#4 +# asm 2: faddp <h3=%st(0),<x3=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x0#114:<x3#117:<x2#116:<x1#115: + +# qhasm: internal stacktop x0 +# asm 1: fxch <x0=float80#4 +# asm 2: fxch <x0=%st(3) +fxch %st(3) + +# qhasm: x0 += *(float64 *) &crypto_onetimeauth_poly1305_amd64_hoffset0 +faddl crypto_onetimeauth_poly1305_amd64_hoffset0(%rip) +# comment:fpstackfrombottom:<x1#115:<x3#117:<x2#116:<x0#114: + +# qhasm: internal stacktop x1 +# asm 1: fxch <x1=float80#4 +# asm 2: fxch <x1=%st(3) +fxch %st(3) + +# qhasm: x1 += *(float64 *) &crypto_onetimeauth_poly1305_amd64_hoffset1 +faddl crypto_onetimeauth_poly1305_amd64_hoffset1(%rip) +# comment:fpstackfrombottom:<x0#114:<x3#117:<x2#116:<x1#115: + +# qhasm: internal stacktop x2 +# asm 1: fxch <x2=float80#2 +# asm 2: fxch <x2=%st(1) +fxch %st(1) + +# qhasm: x2 += *(float64 *) &crypto_onetimeauth_poly1305_amd64_hoffset2 +faddl crypto_onetimeauth_poly1305_amd64_hoffset2(%rip) +# comment:fpstackfrombottom:<x0#114:<x3#117:<x1#115:<x2#116: + +# qhasm: internal stacktop x3 +# asm 1: fxch <x3=float80#3 +# asm 2: fxch <x3=%st(2) +fxch %st(2) + +# qhasm: x3 += *(float64 *) &crypto_onetimeauth_poly1305_amd64_hoffset3 +faddl crypto_onetimeauth_poly1305_amd64_hoffset3(%rip) +# comment:fpstackfrombottom:<x0#114:<x2#116:<x1#115:<x3#117: + +# qhasm: internal stacktop x0 +# asm 1: fxch <x0=float80#4 +# asm 2: fxch <x0=%st(3) +fxch %st(3) + +# qhasm: *(float64 *) &d0 = x0 +# asm 1: fstpl >d0=stack64#10 +# asm 2: fstpl >d0=104(%rsp) +fstpl 104(%rsp) +# comment:fpstackfrombottom:<x3#117:<x2#116:<x1#115: + +# qhasm: *(float64 *) &d1 = x1 +# asm 1: fstpl >d1=stack64#11 +# asm 2: fstpl >d1=112(%rsp) +fstpl 112(%rsp) +# comment:fpstackfrombottom:<x3#117:<x2#116: + +# qhasm: *(float64 *) &d2 = x2 +# asm 1: fstpl >d2=stack64#12 +# asm 2: fstpl >d2=120(%rsp) +fstpl 120(%rsp) +# comment:fpstackfrombottom:<x3#117: + +# qhasm: *(float64 *) &d3 = x3 +# asm 1: fstpl >d3=stack64#13 +# asm 2: fstpl >d3=128(%rsp) +fstpl 128(%rsp) +# comment:fpstackfrombottom: + +# qhasm: int64 f0 + +# qhasm: int64 f1 + +# qhasm: int64 f2 + +# qhasm: int64 f3 + +# qhasm: int64 f4 + +# qhasm: int64 g0 + +# qhasm: int64 g1 + +# qhasm: int64 g2 + +# qhasm: int64 g3 + +# qhasm: int64 f + +# qhasm: int64 notf + +# qhasm: stack64 f1_stack + +# qhasm: stack64 f2_stack + +# qhasm: stack64 f3_stack + +# qhasm: stack64 f4_stack + +# qhasm: stack64 g0_stack + +# qhasm: stack64 g1_stack + +# qhasm: stack64 g2_stack + +# qhasm: stack64 g3_stack + +# qhasm: g0 = top d0 +# asm 1: movl <d0=stack64#10,>g0=int64#1d +# asm 2: movl <d0=108(%rsp),>g0=%edi +movl 108(%rsp),%edi + +# qhasm: (uint32) g0 &= 63 +# asm 1: and $63,<g0=int64#1d +# asm 2: and $63,<g0=%edi +and $63,%edi + +# qhasm: g1 = top d1 +# asm 1: movl <d1=stack64#11,>g1=int64#2d +# asm 2: movl <d1=116(%rsp),>g1=%esi +movl 116(%rsp),%esi + +# qhasm: (uint32) g1 &= 63 +# asm 1: and $63,<g1=int64#2d +# asm 2: and $63,<g1=%esi +and $63,%esi + +# qhasm: g2 = top d2 +# asm 1: movl <d2=stack64#12,>g2=int64#3d +# asm 2: movl <d2=124(%rsp),>g2=%edx +movl 124(%rsp),%edx + +# qhasm: (uint32) g2 &= 63 +# asm 1: and $63,<g2=int64#3d +# asm 2: and $63,<g2=%edx +and $63,%edx + +# qhasm: g3 = top d3 +# asm 1: movl <d3=stack64#13,>g3=int64#4d +# asm 2: movl <d3=132(%rsp),>g3=%ecx +movl 132(%rsp),%ecx + +# qhasm: (uint32) g3 &= 63 +# asm 1: and $63,<g3=int64#4d +# asm 2: and $63,<g3=%ecx +and $63,%ecx + +# qhasm: f1 = bottom d1 +# asm 1: movl <d1=stack64#11,>f1=int64#5d +# asm 2: movl <d1=112(%rsp),>f1=%r8d +movl 112(%rsp),%r8d + +# qhasm: carry? (uint32) f1 += g0 +# asm 1: add <g0=int64#1d,<f1=int64#5d +# asm 2: add <g0=%edi,<f1=%r8d +add %edi,%r8d + +# qhasm: f1_stack = f1 +# asm 1: movq <f1=int64#5,>f1_stack=stack64#11 +# asm 2: movq <f1=%r8,>f1_stack=112(%rsp) +movq %r8,112(%rsp) + +# qhasm: f2 = bottom d2 +# asm 1: movl <d2=stack64#12,>f2=int64#1d +# asm 2: movl <d2=120(%rsp),>f2=%edi +movl 120(%rsp),%edi + +# qhasm: carry? (uint32) f2 += g1 + carry +# asm 1: adc <g1=int64#2d,<f2=int64#1d +# asm 2: adc <g1=%esi,<f2=%edi +adc %esi,%edi + +# qhasm: f2_stack = f2 +# asm 1: movq <f2=int64#1,>f2_stack=stack64#12 +# asm 2: movq <f2=%rdi,>f2_stack=120(%rsp) +movq %rdi,120(%rsp) + +# qhasm: f3 = bottom d3 +# asm 1: movl <d3=stack64#13,>f3=int64#1d +# asm 2: movl <d3=128(%rsp),>f3=%edi +movl 128(%rsp),%edi + +# qhasm: carry? (uint32) f3 += g2 + carry +# asm 1: adc <g2=int64#3d,<f3=int64#1d +# asm 2: adc <g2=%edx,<f3=%edi +adc %edx,%edi + +# qhasm: f3_stack = f3 +# asm 1: movq <f3=int64#1,>f3_stack=stack64#13 +# asm 2: movq <f3=%rdi,>f3_stack=128(%rsp) +movq %rdi,128(%rsp) + +# qhasm: f4 = 0 +# asm 1: mov $0,>f4=int64#1 +# asm 2: mov $0,>f4=%rdi +mov $0,%rdi + +# qhasm: carry? (uint32) f4 += g3 + carry +# asm 1: adc <g3=int64#4d,<f4=int64#1d +# asm 2: adc <g3=%ecx,<f4=%edi +adc %ecx,%edi + +# qhasm: f4_stack = f4 +# asm 1: movq <f4=int64#1,>f4_stack=stack64#14 +# asm 2: movq <f4=%rdi,>f4_stack=136(%rsp) +movq %rdi,136(%rsp) + +# qhasm: g0 = 5 +# asm 1: mov $5,>g0=int64#1 +# asm 2: mov $5,>g0=%rdi +mov $5,%rdi + +# qhasm: f0 = bottom d0 +# asm 1: movl <d0=stack64#10,>f0=int64#2d +# asm 2: movl <d0=104(%rsp),>f0=%esi +movl 104(%rsp),%esi + +# qhasm: carry? (uint32) g0 += f0 +# asm 1: add <f0=int64#2d,<g0=int64#1d +# asm 2: add <f0=%esi,<g0=%edi +add %esi,%edi + +# qhasm: g0_stack = g0 +# asm 1: movq <g0=int64#1,>g0_stack=stack64#10 +# asm 2: movq <g0=%rdi,>g0_stack=104(%rsp) +movq %rdi,104(%rsp) + +# qhasm: g1 = 0 +# asm 1: mov $0,>g1=int64#1 +# asm 2: mov $0,>g1=%rdi +mov $0,%rdi + +# qhasm: f1 = f1_stack +# asm 1: movq <f1_stack=stack64#11,>f1=int64#3 +# asm 2: movq <f1_stack=112(%rsp),>f1=%rdx +movq 112(%rsp),%rdx + +# qhasm: carry? (uint32) g1 += f1 + carry +# asm 1: adc <f1=int64#3d,<g1=int64#1d +# asm 2: adc <f1=%edx,<g1=%edi +adc %edx,%edi + +# qhasm: g1_stack = g1 +# asm 1: movq <g1=int64#1,>g1_stack=stack64#11 +# asm 2: movq <g1=%rdi,>g1_stack=112(%rsp) +movq %rdi,112(%rsp) + +# qhasm: g2 = 0 +# asm 1: mov $0,>g2=int64#1 +# asm 2: mov $0,>g2=%rdi +mov $0,%rdi + +# qhasm: f2 = f2_stack +# asm 1: movq <f2_stack=stack64#12,>f2=int64#4 +# asm 2: movq <f2_stack=120(%rsp),>f2=%rcx +movq 120(%rsp),%rcx + +# qhasm: carry? (uint32) g2 += f2 + carry +# asm 1: adc <f2=int64#4d,<g2=int64#1d +# asm 2: adc <f2=%ecx,<g2=%edi +adc %ecx,%edi + +# qhasm: g2_stack = g2 +# asm 1: movq <g2=int64#1,>g2_stack=stack64#12 +# asm 2: movq <g2=%rdi,>g2_stack=120(%rsp) +movq %rdi,120(%rsp) + +# qhasm: g3 = 0 +# asm 1: mov $0,>g3=int64#1 +# asm 2: mov $0,>g3=%rdi +mov $0,%rdi + +# qhasm: f3 = f3_stack +# asm 1: movq <f3_stack=stack64#13,>f3=int64#5 +# asm 2: movq <f3_stack=128(%rsp),>f3=%r8 +movq 128(%rsp),%r8 + +# qhasm: carry? (uint32) g3 += f3 + carry +# asm 1: adc <f3=int64#5d,<g3=int64#1d +# asm 2: adc <f3=%r8d,<g3=%edi +adc %r8d,%edi + +# qhasm: g3_stack = g3 +# asm 1: movq <g3=int64#1,>g3_stack=stack64#13 +# asm 2: movq <g3=%rdi,>g3_stack=128(%rsp) +movq %rdi,128(%rsp) + +# qhasm: f = 0xfffffffc +# asm 1: mov $0xfffffffc,>f=int64#1 +# asm 2: mov $0xfffffffc,>f=%rdi +mov $0xfffffffc,%rdi + +# qhasm: f4 = f4_stack +# asm 1: movq <f4_stack=stack64#14,>f4=int64#6 +# asm 2: movq <f4_stack=136(%rsp),>f4=%r9 +movq 136(%rsp),%r9 + +# qhasm: carry? (uint32) f += f4 + carry +# asm 1: adc <f4=int64#6d,<f=int64#1d +# asm 2: adc <f4=%r9d,<f=%edi +adc %r9d,%edi + +# qhasm: (int32) f >>= 16 +# asm 1: sar $16,<f=int64#1d +# asm 2: sar $16,<f=%edi +sar $16,%edi + +# qhasm: notf = f +# asm 1: mov <f=int64#1,>notf=int64#6 +# asm 2: mov <f=%rdi,>notf=%r9 +mov %rdi,%r9 + +# qhasm: (uint32) notf ^= 0xffffffff +# asm 1: xor $0xffffffff,<notf=int64#6d +# asm 2: xor $0xffffffff,<notf=%r9d +xor $0xffffffff,%r9d + +# qhasm: f0 &= f +# asm 1: and <f=int64#1,<f0=int64#2 +# asm 2: and <f=%rdi,<f0=%rsi +and %rdi,%rsi + +# qhasm: g0 = g0_stack +# asm 1: movq <g0_stack=stack64#10,>g0=int64#7 +# asm 2: movq <g0_stack=104(%rsp),>g0=%rax +movq 104(%rsp),%rax + +# qhasm: g0 &= notf +# asm 1: and <notf=int64#6,<g0=int64#7 +# asm 2: and <notf=%r9,<g0=%rax +and %r9,%rax + +# qhasm: f0 |= g0 +# asm 1: or <g0=int64#7,<f0=int64#2 +# asm 2: or <g0=%rax,<f0=%rsi +or %rax,%rsi + +# qhasm: f1 &= f +# asm 1: and <f=int64#1,<f1=int64#3 +# asm 2: and <f=%rdi,<f1=%rdx +and %rdi,%rdx + +# qhasm: g1 = g1_stack +# asm 1: movq <g1_stack=stack64#11,>g1=int64#7 +# asm 2: movq <g1_stack=112(%rsp),>g1=%rax +movq 112(%rsp),%rax + +# qhasm: g1 &= notf +# asm 1: and <notf=int64#6,<g1=int64#7 +# asm 2: and <notf=%r9,<g1=%rax +and %r9,%rax + +# qhasm: f1 |= g1 +# asm 1: or <g1=int64#7,<f1=int64#3 +# asm 2: or <g1=%rax,<f1=%rdx +or %rax,%rdx + +# qhasm: f2 &= f +# asm 1: and <f=int64#1,<f2=int64#4 +# asm 2: and <f=%rdi,<f2=%rcx +and %rdi,%rcx + +# qhasm: g2 = g2_stack +# asm 1: movq <g2_stack=stack64#12,>g2=int64#7 +# asm 2: movq <g2_stack=120(%rsp),>g2=%rax +movq 120(%rsp),%rax + +# qhasm: g2 &= notf +# asm 1: and <notf=int64#6,<g2=int64#7 +# asm 2: and <notf=%r9,<g2=%rax +and %r9,%rax + +# qhasm: f2 |= g2 +# asm 1: or <g2=int64#7,<f2=int64#4 +# asm 2: or <g2=%rax,<f2=%rcx +or %rax,%rcx + +# qhasm: f3 &= f +# asm 1: and <f=int64#1,<f3=int64#5 +# asm 2: and <f=%rdi,<f3=%r8 +and %rdi,%r8 + +# qhasm: g3 = g3_stack +# asm 1: movq <g3_stack=stack64#13,>g3=int64#1 +# asm 2: movq <g3_stack=128(%rsp),>g3=%rdi +movq 128(%rsp),%rdi + +# qhasm: g3 &= notf +# asm 1: and <notf=int64#6,<g3=int64#1 +# asm 2: and <notf=%r9,<g3=%rdi +and %r9,%rdi + +# qhasm: f3 |= g3 +# asm 1: or <g3=int64#1,<f3=int64#5 +# asm 2: or <g3=%rdi,<f3=%r8 +or %rdi,%r8 + +# qhasm: out = out_stack +# asm 1: movq <out_stack=stack64#8,>out=int64#1 +# asm 2: movq <out_stack=88(%rsp),>out=%rdi +movq 88(%rsp),%rdi + +# qhasm: k = k_stack +# asm 1: movq <k_stack=stack64#9,>k=int64#6 +# asm 2: movq <k_stack=96(%rsp),>k=%r9 +movq 96(%rsp),%r9 + +# qhasm: carry? (uint32) f0 += *(uint32 *) (k + 16) +# asm 1: addl 16(<k=int64#6),<f0=int64#2d +# asm 2: addl 16(<k=%r9),<f0=%esi +addl 16(%r9),%esi + +# qhasm: carry? (uint32) f1 += *(uint32 *) (k + 20) + carry +# asm 1: adcl 20(<k=int64#6),<f1=int64#3d +# asm 2: adcl 20(<k=%r9),<f1=%edx +adcl 20(%r9),%edx + +# qhasm: carry? (uint32) f2 += *(uint32 *) (k + 24) + carry +# asm 1: adcl 24(<k=int64#6),<f2=int64#4d +# asm 2: adcl 24(<k=%r9),<f2=%ecx +adcl 24(%r9),%ecx + +# qhasm: carry? (uint32) f3 += *(uint32 *) (k + 28) + carry +# asm 1: adcl 28(<k=int64#6),<f3=int64#5d +# asm 2: adcl 28(<k=%r9),<f3=%r8d +adcl 28(%r9),%r8d + +# qhasm: *(uint32 *) (out + 0) = f0 +# asm 1: movl <f0=int64#2d,0(<out=int64#1) +# asm 2: movl <f0=%esi,0(<out=%rdi) +movl %esi,0(%rdi) + +# qhasm: *(uint32 *) (out + 4) = f1 +# asm 1: movl <f1=int64#3d,4(<out=int64#1) +# asm 2: movl <f1=%edx,4(<out=%rdi) +movl %edx,4(%rdi) + +# qhasm: *(uint32 *) (out + 8) = f2 +# asm 1: movl <f2=int64#4d,8(<out=int64#1) +# asm 2: movl <f2=%ecx,8(<out=%rdi) +movl %ecx,8(%rdi) + +# qhasm: *(uint32 *) (out + 12) = f3 +# asm 1: movl <f3=int64#5d,12(<out=int64#1) +# asm 2: movl <f3=%r8d,12(<out=%rdi) +movl %r8d,12(%rdi) + +# qhasm: r11_caller = r11_stack +# asm 1: movq <r11_stack=stack64#1,>r11_caller=int64#9 +# asm 2: movq <r11_stack=32(%rsp),>r11_caller=%r11 +movq 32(%rsp),%r11 + +# qhasm: r12_caller = r12_stack +# asm 1: movq <r12_stack=stack64#2,>r12_caller=int64#10 +# asm 2: movq <r12_stack=40(%rsp),>r12_caller=%r12 +movq 40(%rsp),%r12 + +# qhasm: r13_caller = r13_stack +# asm 1: movq <r13_stack=stack64#3,>r13_caller=int64#11 +# asm 2: movq <r13_stack=48(%rsp),>r13_caller=%r13 +movq 48(%rsp),%r13 + +# qhasm: r14_caller = r14_stack +# asm 1: movq <r14_stack=stack64#4,>r14_caller=int64#12 +# asm 2: movq <r14_stack=56(%rsp),>r14_caller=%r14 +movq 56(%rsp),%r14 + +# qhasm: r15_caller = r15_stack +# asm 1: movq <r15_stack=stack64#5,>r15_caller=int64#13 +# asm 2: movq <r15_stack=64(%rsp),>r15_caller=%r15 +movq 64(%rsp),%r15 + +# qhasm: rbx_caller = rbx_stack +# asm 1: movq <rbx_stack=stack64#6,>rbx_caller=int64#14 +# asm 2: movq <rbx_stack=72(%rsp),>rbx_caller=%rbx +movq 72(%rsp),%rbx + +# qhasm: rbp_caller = rbp_stack +# asm 1: movq <rbp_stack=stack64#7,>rbp_caller=int64#15 +# asm 2: movq <rbp_stack=80(%rsp),>rbp_caller=%rbp +movq 80(%rsp),%rbp + +# qhasm: leave +add %r11,%rsp +xor %rax,%rax +xor %rdx,%rdx +ret diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/amd64/constants.s b/nacl-20110221/crypto_onetimeauth/poly1305/amd64/constants.s @@ -0,0 +1,85 @@ +# version 20080913 +# D. J. Bernstein +# Public domain. + +.data +.section .rodata +.p2align 5 + +.globl _crypto_onetimeauth_poly1305_amd64_constants +.globl crypto_onetimeauth_poly1305_amd64_constants +.globl crypto_onetimeauth_poly1305_amd64_scale +.globl crypto_onetimeauth_poly1305_amd64_two32 +.globl crypto_onetimeauth_poly1305_amd64_two64 +.globl crypto_onetimeauth_poly1305_amd64_two96 +.globl crypto_onetimeauth_poly1305_amd64_alpha32 +.globl crypto_onetimeauth_poly1305_amd64_alpha64 +.globl crypto_onetimeauth_poly1305_amd64_alpha96 +.globl crypto_onetimeauth_poly1305_amd64_alpha130 +.globl crypto_onetimeauth_poly1305_amd64_doffset0 +.globl crypto_onetimeauth_poly1305_amd64_doffset1 +.globl crypto_onetimeauth_poly1305_amd64_doffset2 +.globl crypto_onetimeauth_poly1305_amd64_doffset3 +.globl crypto_onetimeauth_poly1305_amd64_doffset3minustwo128 +.globl crypto_onetimeauth_poly1305_amd64_hoffset0 +.globl crypto_onetimeauth_poly1305_amd64_hoffset1 +.globl crypto_onetimeauth_poly1305_amd64_hoffset2 +.globl crypto_onetimeauth_poly1305_amd64_hoffset3 +.globl crypto_onetimeauth_poly1305_amd64_rounding + +_crypto_onetimeauth_poly1305_amd64_constants: +crypto_onetimeauth_poly1305_amd64_constants: +crypto_onetimeauth_poly1305_amd64_scale: +.long 0x0,0x37f40000 + +crypto_onetimeauth_poly1305_amd64_two32: +.long 0x0,0x41f00000 + +crypto_onetimeauth_poly1305_amd64_two64: +.long 0x0,0x43f00000 + +crypto_onetimeauth_poly1305_amd64_two96: +.long 0x0,0x45f00000 + +crypto_onetimeauth_poly1305_amd64_alpha32: +.long 0x0,0x45e80000 + +crypto_onetimeauth_poly1305_amd64_alpha64: +.long 0x0,0x47e80000 + +crypto_onetimeauth_poly1305_amd64_alpha96: +.long 0x0,0x49e80000 + +crypto_onetimeauth_poly1305_amd64_alpha130: +.long 0x0,0x4c080000 + +crypto_onetimeauth_poly1305_amd64_doffset0: +.long 0x0,0x43300000 + +crypto_onetimeauth_poly1305_amd64_doffset1: +.long 0x0,0x45300000 + +crypto_onetimeauth_poly1305_amd64_doffset2: +.long 0x0,0x47300000 + +crypto_onetimeauth_poly1305_amd64_doffset3: +.long 0x0,0x49300000 + +crypto_onetimeauth_poly1305_amd64_doffset3minustwo128: +.long 0x0,0x492ffffe + +crypto_onetimeauth_poly1305_amd64_hoffset0: +.long 0xfffffffb,0x43300001 + +crypto_onetimeauth_poly1305_amd64_hoffset1: +.long 0xfffffffe,0x45300001 + +crypto_onetimeauth_poly1305_amd64_hoffset2: +.long 0xfffffffe,0x47300001 + +crypto_onetimeauth_poly1305_amd64_hoffset3: +.long 0xfffffffe,0x49300003 + +crypto_onetimeauth_poly1305_amd64_rounding: +.byte 0x7f +.byte 0x13 diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/amd64/verify.c b/nacl-20110221/crypto_onetimeauth/poly1305/amd64/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/checksum b/nacl-20110221/crypto_onetimeauth/poly1305/checksum @@ -0,0 +1 @@ +e836d5ca58cf673fca2b4910f23f3990 diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/ref/api.h b/nacl-20110221/crypto_onetimeauth/poly1305/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/ref/auth.c b/nacl-20110221/crypto_onetimeauth/poly1305/ref/auth.c @@ -0,0 +1,104 @@ +/* +20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_onetimeauth.h" + +static void add(unsigned int h[17],const unsigned int c[17]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 17;++j) { u += h[j] + c[j]; h[j] = u & 255; u >>= 8; } +} + +static void squeeze(unsigned int h[17]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; } + u += h[16]; h[16] = u & 3; + u = 5 * (u >> 2); + for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; } + u += h[16]; h[16] = u; +} + +static const unsigned int minusp[17] = { + 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252 +} ; + +static void freeze(unsigned int h[17]) +{ + unsigned int horig[17]; + unsigned int j; + unsigned int negative; + for (j = 0;j < 17;++j) horig[j] = h[j]; + add(h,minusp); + negative = -(h[16] >> 7); + for (j = 0;j < 17;++j) h[j] ^= negative & (horig[j] ^ h[j]); +} + +static void mulmod(unsigned int h[17],const unsigned int r[17]) +{ + unsigned int hr[17]; + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 17;++i) { + u = 0; + for (j = 0;j <= i;++j) u += h[j] * r[i - j]; + for (j = i + 1;j < 17;++j) u += 320 * h[j] * r[i + 17 - j]; + hr[i] = u; + } + for (i = 0;i < 17;++i) h[i] = hr[i]; + squeeze(h); +} + +int crypto_onetimeauth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned int j; + unsigned int r[17]; + unsigned int h[17]; + unsigned int c[17]; + + r[0] = k[0]; + r[1] = k[1]; + r[2] = k[2]; + r[3] = k[3] & 15; + r[4] = k[4] & 252; + r[5] = k[5]; + r[6] = k[6]; + r[7] = k[7] & 15; + r[8] = k[8] & 252; + r[9] = k[9]; + r[10] = k[10]; + r[11] = k[11] & 15; + r[12] = k[12] & 252; + r[13] = k[13]; + r[14] = k[14]; + r[15] = k[15] & 15; + r[16] = 0; + + for (j = 0;j < 17;++j) h[j] = 0; + + while (inlen > 0) { + for (j = 0;j < 17;++j) c[j] = 0; + for (j = 0;(j < 16) && (j < inlen);++j) c[j] = in[j]; + c[j] = 1; + in += j; inlen -= j; + add(h,c); + mulmod(h,r); + } + + freeze(h); + + for (j = 0;j < 16;++j) c[j] = k[j + 16]; + c[16] = 0; + add(h,c); + for (j = 0;j < 16;++j) out[j] = h[j]; + return 0; +} diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/ref/verify.c b/nacl-20110221/crypto_onetimeauth/poly1305/ref/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/selected b/nacl-20110221/crypto_onetimeauth/poly1305/selected diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/used b/nacl-20110221/crypto_onetimeauth/poly1305/used diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/x86/api.h b/nacl-20110221/crypto_onetimeauth/poly1305/x86/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/nacl-20110221/crypto_onetimeauth/poly1305/x86/auth.s b/nacl-20110221/crypto_onetimeauth/poly1305/x86/auth.s @@ -0,0 +1,2779 @@ + +# qhasm: stack32 arg_out + +# qhasm: stack32 arg_m + +# qhasm: stack32 arg_l + +# qhasm: stack32 arg_ltop + +# qhasm: stack32 arg_k + +# qhasm: input arg_out + +# qhasm: input arg_m + +# qhasm: input arg_l + +# qhasm: input arg_ltop + +# qhasm: input arg_k + +# qhasm: int32 eax + +# qhasm: int32 ebx + +# qhasm: int32 esi + +# qhasm: int32 edi + +# qhasm: int32 ebp + +# qhasm: caller eax + +# qhasm: caller ebx + +# qhasm: caller esi + +# qhasm: caller edi + +# qhasm: caller ebp + +# qhasm: stack32 eax_stack + +# qhasm: stack32 ebx_stack + +# qhasm: stack32 esi_stack + +# qhasm: stack32 edi_stack + +# qhasm: stack32 ebp_stack + +# qhasm: int32 out + +# qhasm: stack32 out_stack + +# qhasm: int32 k + +# qhasm: stack32 k_stack + +# qhasm: int32 m + +# qhasm: int32 l + +# qhasm: int32 m0 + +# qhasm: int32 m1 + +# qhasm: int32 m2 + +# qhasm: int32 m3 + +# qhasm: float80 a0 + +# qhasm: float80 a1 + +# qhasm: float80 a2 + +# qhasm: float80 a3 + +# qhasm: float80 h0 + +# qhasm: float80 h1 + +# qhasm: float80 h2 + +# qhasm: float80 h3 + +# qhasm: float80 x0 + +# qhasm: float80 x1 + +# qhasm: float80 x2 + +# qhasm: float80 x3 + +# qhasm: float80 y0 + +# qhasm: float80 y1 + +# qhasm: float80 y2 + +# qhasm: float80 y3 + +# qhasm: float80 r0x0 + +# qhasm: float80 r1x0 + +# qhasm: float80 r2x0 + +# qhasm: float80 r3x0 + +# qhasm: float80 r0x1 + +# qhasm: float80 r1x1 + +# qhasm: float80 r2x1 + +# qhasm: float80 sr3x1 + +# qhasm: float80 r0x2 + +# qhasm: float80 r1x2 + +# qhasm: float80 sr2x2 + +# qhasm: float80 sr3x2 + +# qhasm: float80 r0x3 + +# qhasm: float80 sr1x3 + +# qhasm: float80 sr2x3 + +# qhasm: float80 sr3x3 + +# qhasm: stack64 d0 + +# qhasm: stack64 d1 + +# qhasm: stack64 d2 + +# qhasm: stack64 d3 + +# qhasm: stack64 r0 + +# qhasm: stack64 r1 + +# qhasm: stack64 r2 + +# qhasm: stack64 r3 + +# qhasm: stack64 sr1 + +# qhasm: stack64 sr2 + +# qhasm: stack64 sr3 + +# qhasm: enter crypto_onetimeauth_poly1305_x86 stackaligned4096 crypto_onetimeauth_poly1305_x86_constants +.text +.p2align 5 +.globl _crypto_onetimeauth_poly1305_x86 +.globl crypto_onetimeauth_poly1305_x86 +_crypto_onetimeauth_poly1305_x86: +crypto_onetimeauth_poly1305_x86: +mov %esp,%eax +sub $crypto_onetimeauth_poly1305_x86_constants,%eax +and $4095,%eax +add $192,%eax +sub %eax,%esp + +# qhasm: eax_stack = eax +# asm 1: movl <eax=int32#1,>eax_stack=stack32#1 +# asm 2: movl <eax=%eax,>eax_stack=0(%esp) +movl %eax,0(%esp) + +# qhasm: ebx_stack = ebx +# asm 1: movl <ebx=int32#4,>ebx_stack=stack32#2 +# asm 2: movl <ebx=%ebx,>ebx_stack=4(%esp) +movl %ebx,4(%esp) + +# qhasm: esi_stack = esi +# asm 1: movl <esi=int32#5,>esi_stack=stack32#3 +# asm 2: movl <esi=%esi,>esi_stack=8(%esp) +movl %esi,8(%esp) + +# qhasm: edi_stack = edi +# asm 1: movl <edi=int32#6,>edi_stack=stack32#4 +# asm 2: movl <edi=%edi,>edi_stack=12(%esp) +movl %edi,12(%esp) + +# qhasm: ebp_stack = ebp +# asm 1: movl <ebp=int32#7,>ebp_stack=stack32#5 +# asm 2: movl <ebp=%ebp,>ebp_stack=16(%esp) +movl %ebp,16(%esp) + +# qhasm: round *(uint16 *) &crypto_onetimeauth_poly1305_x86_rounding +fldcw crypto_onetimeauth_poly1305_x86_rounding + +# qhasm: k = arg_k +# asm 1: movl <arg_k=stack32#-5,>k=int32#3 +# asm 2: movl <arg_k=20(%esp,%eax),>k=%edx +movl 20(%esp,%eax),%edx + +# qhasm: m0 = *(uint32 *) (k + 0) +# asm 1: movl 0(<k=int32#3),>m0=int32#2 +# asm 2: movl 0(<k=%edx),>m0=%ecx +movl 0(%edx),%ecx + +# qhasm: m1 = *(uint32 *) (k + 4) +# asm 1: movl 4(<k=int32#3),>m1=int32#4 +# asm 2: movl 4(<k=%edx),>m1=%ebx +movl 4(%edx),%ebx + +# qhasm: m2 = *(uint32 *) (k + 8) +# asm 1: movl 8(<k=int32#3),>m2=int32#5 +# asm 2: movl 8(<k=%edx),>m2=%esi +movl 8(%edx),%esi + +# qhasm: m3 = *(uint32 *) (k + 12) +# asm 1: movl 12(<k=int32#3),>m3=int32#6 +# asm 2: movl 12(<k=%edx),>m3=%edi +movl 12(%edx),%edi + +# qhasm: d0 top = 0x43300000 +# asm 1: movl $0x43300000,>d0=stack64#1 +# asm 2: movl $0x43300000,>d0=100(%esp) +movl $0x43300000,100(%esp) + +# qhasm: d1 top = 0x45300000 +# asm 1: movl $0x45300000,>d1=stack64#2 +# asm 2: movl $0x45300000,>d1=108(%esp) +movl $0x45300000,108(%esp) + +# qhasm: d2 top = 0x47300000 +# asm 1: movl $0x47300000,>d2=stack64#3 +# asm 2: movl $0x47300000,>d2=116(%esp) +movl $0x47300000,116(%esp) + +# qhasm: d3 top = 0x49300000 +# asm 1: movl $0x49300000,>d3=stack64#4 +# asm 2: movl $0x49300000,>d3=124(%esp) +movl $0x49300000,124(%esp) + +# qhasm: m0 &= 0x0fffffff +# asm 1: and $0x0fffffff,<m0=int32#2 +# asm 2: and $0x0fffffff,<m0=%ecx +and $0x0fffffff,%ecx + +# qhasm: m1 &= 0x0ffffffc +# asm 1: and $0x0ffffffc,<m1=int32#4 +# asm 2: and $0x0ffffffc,<m1=%ebx +and $0x0ffffffc,%ebx + +# qhasm: m2 &= 0x0ffffffc +# asm 1: and $0x0ffffffc,<m2=int32#5 +# asm 2: and $0x0ffffffc,<m2=%esi +and $0x0ffffffc,%esi + +# qhasm: m3 &= 0x0ffffffc +# asm 1: and $0x0ffffffc,<m3=int32#6 +# asm 2: and $0x0ffffffc,<m3=%edi +and $0x0ffffffc,%edi + +# qhasm: inplace d0 bottom = m0 +# asm 1: movl <m0=int32#2,<d0=stack64#1 +# asm 2: movl <m0=%ecx,<d0=96(%esp) +movl %ecx,96(%esp) + +# qhasm: inplace d1 bottom = m1 +# asm 1: movl <m1=int32#4,<d1=stack64#2 +# asm 2: movl <m1=%ebx,<d1=104(%esp) +movl %ebx,104(%esp) + +# qhasm: inplace d2 bottom = m2 +# asm 1: movl <m2=int32#5,<d2=stack64#3 +# asm 2: movl <m2=%esi,<d2=112(%esp) +movl %esi,112(%esp) + +# qhasm: inplace d3 bottom = m3 +# asm 1: movl <m3=int32#6,<d3=stack64#4 +# asm 2: movl <m3=%edi,<d3=120(%esp) +movl %edi,120(%esp) + +# qhasm: a0 = *(float64 *) &d0 +# asm 1: fldl <d0=stack64#1 +# asm 2: fldl <d0=96(%esp) +fldl 96(%esp) +# comment:fpstackfrombottom:<a0#24: + +# qhasm: a0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset0 +fsubl crypto_onetimeauth_poly1305_x86_doffset0 +# comment:fpstackfrombottom:<a0#24: + +# qhasm: a1 = *(float64 *) &d1 +# asm 1: fldl <d1=stack64#2 +# asm 2: fldl <d1=104(%esp) +fldl 104(%esp) +# comment:fpstackfrombottom:<a0#24:<a1#25: + +# qhasm: a1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset1 +fsubl crypto_onetimeauth_poly1305_x86_doffset1 +# comment:fpstackfrombottom:<a0#24:<a1#25: + +# qhasm: a2 = *(float64 *) &d2 +# asm 1: fldl <d2=stack64#3 +# asm 2: fldl <d2=112(%esp) +fldl 112(%esp) +# comment:fpstackfrombottom:<a0#24:<a1#25:<a2#26: + +# qhasm: a2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset2 +fsubl crypto_onetimeauth_poly1305_x86_doffset2 +# comment:fpstackfrombottom:<a0#24:<a1#25:<a2#26: + +# qhasm: a3 = *(float64 *) &d3 +# asm 1: fldl <d3=stack64#4 +# asm 2: fldl <d3=120(%esp) +fldl 120(%esp) +# comment:fpstackfrombottom:<a0#24:<a1#25:<a2#26:<a3#27: + +# qhasm: a3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset3 +fsubl crypto_onetimeauth_poly1305_x86_doffset3 +# comment:fpstackfrombottom:<a0#24:<a1#25:<a2#26:<a3#27: + +# qhasm: internal stacktop a0 +# asm 1: fxch <a0=float80#4 +# asm 2: fxch <a0=%st(3) +fxch %st(3) + +# qhasm: *(float64 *) &r0 = a0 +# asm 1: fstpl >r0=stack64#5 +# asm 2: fstpl >r0=128(%esp) +fstpl 128(%esp) +# comment:fpstackfrombottom:<a3#27:<a1#25:<a2#26: + +# qhasm: internal stacktop a1 +# asm 1: fxch <a1=float80#2 +# asm 2: fxch <a1=%st(1) +fxch %st(1) + +# qhasm: *(float64 *) &r1 = a1 +# asm 1: fstl >r1=stack64#6 +# asm 2: fstl >r1=136(%esp) +fstl 136(%esp) +# comment:fpstackfrombottom:<a3#27:<a2#26:<a1#25: + +# qhasm: a1 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale +fmull crypto_onetimeauth_poly1305_x86_scale +# comment:fpstackfrombottom:<a3#27:<a2#26:<a1#25: + +# qhasm: *(float64 *) &sr1 = a1 +# asm 1: fstpl >sr1=stack64#7 +# asm 2: fstpl >sr1=144(%esp) +fstpl 144(%esp) +# comment:fpstackfrombottom:<a3#27:<a2#26: + +# qhasm: *(float64 *) &r2 = a2 +# asm 1: fstl >r2=stack64#8 +# asm 2: fstl >r2=152(%esp) +fstl 152(%esp) +# comment:fpstackfrombottom:<a3#27:<a2#26: + +# qhasm: a2 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale +fmull crypto_onetimeauth_poly1305_x86_scale +# comment:fpstackfrombottom:<a3#27:<a2#26: + +# qhasm: *(float64 *) &sr2 = a2 +# asm 1: fstpl >sr2=stack64#9 +# asm 2: fstpl >sr2=160(%esp) +fstpl 160(%esp) +# comment:fpstackfrombottom:<a3#27: + +# qhasm: *(float64 *) &r3 = a3 +# asm 1: fstl >r3=stack64#10 +# asm 2: fstl >r3=168(%esp) +fstl 168(%esp) +# comment:fpstackfrombottom:<a3#27: + +# qhasm: a3 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale +fmull crypto_onetimeauth_poly1305_x86_scale +# comment:fpstackfrombottom:<a3#27: + +# qhasm: *(float64 *) &sr3 = a3 +# asm 1: fstpl >sr3=stack64#11 +# asm 2: fstpl >sr3=176(%esp) +fstpl 176(%esp) +# comment:fpstackfrombottom: + +# qhasm: out = arg_out +# asm 1: movl <arg_out=stack32#-1,>out=int32#4 +# asm 2: movl <arg_out=4(%esp,%eax),>out=%ebx +movl 4(%esp,%eax),%ebx + +# qhasm: m = arg_m +# asm 1: movl <arg_m=stack32#-2,>m=int32#5 +# asm 2: movl <arg_m=8(%esp,%eax),>m=%esi +movl 8(%esp,%eax),%esi + +# qhasm: l = arg_l +# asm 1: movl <arg_l=stack32#-3,>l=int32#2 +# asm 2: movl <arg_l=12(%esp,%eax),>l=%ecx +movl 12(%esp,%eax),%ecx + +# qhasm: h3 = 0 +fldz +# comment:fpstackfrombottom:<h3#38: + +# qhasm: h2 = 0 +fldz +# comment:fpstackfrombottom:<h3#38:<h2#39: + +# qhasm: h1 = 0 +fldz +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40: + +# qhasm: h0 = 0 +fldz +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: k_stack = k +# asm 1: movl <k=int32#3,>k_stack=stack32#6 +# asm 2: movl <k=%edx,>k_stack=20(%esp) +movl %edx,20(%esp) +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: out_stack = out +# asm 1: movl <out=int32#4,>out_stack=stack32#7 +# asm 2: movl <out=%ebx,>out_stack=24(%esp) +movl %ebx,24(%esp) +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: unsigned<? l - 16 +# asm 1: cmp $16,<l=int32#2 +# asm 2: cmp $16,<l=%ecx +cmp $16,%ecx +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: +# comment:fp stack unchanged by jump +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: goto addatmost15bytes if unsigned< +jb ._addatmost15bytes +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: initialatleast16bytes: +._initialatleast16bytes: +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: m3 = *(uint32 *) (m + 12) +# asm 1: movl 12(<m=int32#5),>m3=int32#1 +# asm 2: movl 12(<m=%esi),>m3=%eax +movl 12(%esi),%eax +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: m2 = *(uint32 *) (m + 8) +# asm 1: movl 8(<m=int32#5),>m2=int32#3 +# asm 2: movl 8(<m=%esi),>m2=%edx +movl 8(%esi),%edx +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: m1 = *(uint32 *) (m + 4) +# asm 1: movl 4(<m=int32#5),>m1=int32#4 +# asm 2: movl 4(<m=%esi),>m1=%ebx +movl 4(%esi),%ebx +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: m0 = *(uint32 *) (m + 0) +# asm 1: movl 0(<m=int32#5),>m0=int32#6 +# asm 2: movl 0(<m=%esi),>m0=%edi +movl 0(%esi),%edi +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: inplace d3 bottom = m3 +# asm 1: movl <m3=int32#1,<d3=stack64#4 +# asm 2: movl <m3=%eax,<d3=120(%esp) +movl %eax,120(%esp) +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: inplace d2 bottom = m2 +# asm 1: movl <m2=int32#3,<d2=stack64#3 +# asm 2: movl <m2=%edx,<d2=112(%esp) +movl %edx,112(%esp) +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: inplace d1 bottom = m1 +# asm 1: movl <m1=int32#4,<d1=stack64#2 +# asm 2: movl <m1=%ebx,<d1=104(%esp) +movl %ebx,104(%esp) +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: inplace d0 bottom = m0 +# asm 1: movl <m0=int32#6,<d0=stack64#1 +# asm 2: movl <m0=%edi,<d0=96(%esp) +movl %edi,96(%esp) +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: m += 16 +# asm 1: add $16,<m=int32#5 +# asm 2: add $16,<m=%esi +add $16,%esi +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: l -= 16 +# asm 1: sub $16,<l=int32#2 +# asm 2: sub $16,<l=%ecx +sub $16,%ecx +# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: internal stacktop h3 +# asm 1: fxch <h3=float80#4 +# asm 2: fxch <h3=%st(3) +fxch %st(3) + +# qhasm: h3 += *(float64 *) &d3 +# asm 1: faddl <d3=stack64#4 +# asm 2: faddl <d3=120(%esp) +faddl 120(%esp) +# comment:fpstackfrombottom:<h0#41:<h2#39:<h1#40:<h3#38: + +# qhasm: h3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset3minustwo128 +fsubl crypto_onetimeauth_poly1305_x86_doffset3minustwo128 +# comment:fpstackfrombottom:<h0#41:<h2#39:<h1#40:<h3#38: + +# qhasm: internal stacktop h1 +# asm 1: fxch <h1=float80#2 +# asm 2: fxch <h1=%st(1) +fxch %st(1) + +# qhasm: h1 += *(float64 *) &d1 +# asm 1: faddl <d1=stack64#2 +# asm 2: faddl <d1=104(%esp) +faddl 104(%esp) +# comment:fpstackfrombottom:<h0#41:<h2#39:<h3#38:<h1#40: + +# qhasm: h1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset1 +fsubl crypto_onetimeauth_poly1305_x86_doffset1 +# comment:fpstackfrombottom:<h0#41:<h2#39:<h3#38:<h1#40: + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#3 +# asm 2: fxch <h2=%st(2) +fxch %st(2) + +# qhasm: h2 += *(float64 *) &d2 +# asm 1: faddl <d2=stack64#3 +# asm 2: faddl <d2=112(%esp) +faddl 112(%esp) +# comment:fpstackfrombottom:<h0#41:<h1#40:<h3#38:<h2#39: + +# qhasm: h2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset2 +fsubl crypto_onetimeauth_poly1305_x86_doffset2 +# comment:fpstackfrombottom:<h0#41:<h1#40:<h3#38:<h2#39: + +# qhasm: internal stacktop h0 +# asm 1: fxch <h0=float80#4 +# asm 2: fxch <h0=%st(3) +fxch %st(3) + +# qhasm: h0 += *(float64 *) &d0 +# asm 1: faddl <d0=stack64#1 +# asm 2: faddl <d0=96(%esp) +faddl 96(%esp) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: h0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset0 +fsubl crypto_onetimeauth_poly1305_x86_doffset0 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: unsigned<? l - 16 +# asm 1: cmp $16,<l=int32#2 +# asm 2: cmp $16,<l=%ecx +cmp $16,%ecx +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: +# comment:fp stack unchanged by jump +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: goto multiplyaddatmost15bytes if unsigned< +jb ._multiplyaddatmost15bytes +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: multiplyaddatleast16bytes: +._multiplyaddatleast16bytes: +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: m3 = *(uint32 *) (m + 12) +# asm 1: movl 12(<m=int32#5),>m3=int32#1 +# asm 2: movl 12(<m=%esi),>m3=%eax +movl 12(%esi),%eax +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: m2 = *(uint32 *) (m + 8) +# asm 1: movl 8(<m=int32#5),>m2=int32#3 +# asm 2: movl 8(<m=%esi),>m2=%edx +movl 8(%esi),%edx +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: m1 = *(uint32 *) (m + 4) +# asm 1: movl 4(<m=int32#5),>m1=int32#4 +# asm 2: movl 4(<m=%esi),>m1=%ebx +movl 4(%esi),%ebx +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: m0 = *(uint32 *) (m + 0) +# asm 1: movl 0(<m=int32#5),>m0=int32#6 +# asm 2: movl 0(<m=%esi),>m0=%edi +movl 0(%esi),%edi +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: inplace d3 bottom = m3 +# asm 1: movl <m3=int32#1,<d3=stack64#4 +# asm 2: movl <m3=%eax,<d3=120(%esp) +movl %eax,120(%esp) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: inplace d2 bottom = m2 +# asm 1: movl <m2=int32#3,<d2=stack64#3 +# asm 2: movl <m2=%edx,<d2=112(%esp) +movl %edx,112(%esp) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: inplace d1 bottom = m1 +# asm 1: movl <m1=int32#4,<d1=stack64#2 +# asm 2: movl <m1=%ebx,<d1=104(%esp) +movl %ebx,104(%esp) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: inplace d0 bottom = m0 +# asm 1: movl <m0=int32#6,<d0=stack64#1 +# asm 2: movl <m0=%edi,<d0=96(%esp) +movl %edi,96(%esp) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: m += 16 +# asm 1: add $16,<m=int32#5 +# asm 2: add $16,<m=%esi +add $16,%esi +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: l -= 16 +# asm 1: sub $16,<l=int32#2 +# asm 2: sub $16,<l=%ecx +sub $16,%ecx +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: x0 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130 +fldl crypto_onetimeauth_poly1305_x86_alpha130 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54: + +# qhasm: x0 += h3 +# asm 1: fadd <h3=float80#3,<x0=float80#1 +# asm 2: fadd <h3=%st(2),<x0=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54: + +# qhasm: x0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130 +fsubl crypto_onetimeauth_poly1305_x86_alpha130 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54: + +# qhasm: h3 -= x0 +# asm 1: fsubr <x0=float80#1,<h3=float80#3 +# asm 2: fsubr <x0=%st(0),<h3=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54: + +# qhasm: x0 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale +fmull crypto_onetimeauth_poly1305_x86_scale +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54: + +# qhasm: x1 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32 +fldl crypto_onetimeauth_poly1305_x86_alpha32 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:<x1#55: + +# qhasm: x1 += h0 +# asm 1: fadd <h0=float80#3,<x1=float80#1 +# asm 2: fadd <h0=%st(2),<x1=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:<x1#55: + +# qhasm: x1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32 +fsubl crypto_onetimeauth_poly1305_x86_alpha32 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:<x1#55: + +# qhasm: h0 -= x1 +# asm 1: fsubr <x1=float80#1,<h0=float80#3 +# asm 2: fsubr <x1=%st(0),<h0=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:<x1#55: + +# qhasm: internal stacktop h0 +# asm 1: fxch <h0=float80#3 +# asm 2: fxch <h0=%st(2) +fxch %st(2) + +# qhasm: x0 += h0 +# asm 1: faddp <h0=float80#1,<x0=float80#2 +# asm 2: faddp <h0=%st(0),<x0=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54: + +# qhasm: x2 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64 +fldl crypto_onetimeauth_poly1305_x86_alpha64 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56: + +# qhasm: x2 += h1 +# asm 1: fadd <h1=float80#5,<x2=float80#1 +# asm 2: fadd <h1=%st(4),<x2=%st(0) +fadd %st(4),%st(0) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56: + +# qhasm: x2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64 +fsubl crypto_onetimeauth_poly1305_x86_alpha64 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56: + +# qhasm: h1 -= x2 +# asm 1: fsubr <x2=float80#1,<h1=float80#5 +# asm 2: fsubr <x2=%st(0),<h1=%st(4) +fsubr %st(0),%st(4) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56: + +# qhasm: x3 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96 +fldl crypto_onetimeauth_poly1305_x86_alpha96 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:<x3#57: + +# qhasm: x3 += h2 +# asm 1: fadd <h2=float80#7,<x3=float80#1 +# asm 2: fadd <h2=%st(6),<x3=%st(0) +fadd %st(6),%st(0) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:<x3#57: + +# qhasm: x3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96 +fsubl crypto_onetimeauth_poly1305_x86_alpha96 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:<x3#57: + +# qhasm: h2 -= x3 +# asm 1: fsubr <x3=float80#1,<h2=float80#7 +# asm 2: fsubr <x3=%st(0),<h2=%st(6) +fsubr %st(0),%st(6) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:<x3#57: + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#7 +# asm 2: fxch <h2=%st(6) +fxch %st(6) + +# qhasm: x2 += h2 +# asm 1: faddp <h2=float80#1,<x2=float80#2 +# asm 2: faddp <h2=%st(0),<x2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#57:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56: + +# qhasm: internal stacktop h3 +# asm 1: fxch <h3=float80#4 +# asm 2: fxch <h3=%st(3) +fxch %st(3) + +# qhasm: x3 += h3 +# asm 1: faddp <h3=float80#1,<x3=float80#6 +# asm 2: faddp <h3=%st(0),<x3=%st(5) +faddp %st(0),%st(5) +# comment:fpstackfrombottom:<x3#57:<h1#40:<x2#56:<x1#55:<x0#54: + +# qhasm: internal stacktop h1 +# asm 1: fxch <h1=float80#4 +# asm 2: fxch <h1=%st(3) +fxch %st(3) + +# qhasm: x1 += h1 +# asm 1: faddp <h1=float80#1,<x1=float80#2 +# asm 2: faddp <h1=%st(0),<x1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55: + +# qhasm: h3 = *(float64 *) &r3 +# asm 1: fldl <r3=stack64#10 +# asm 2: fldl <r3=168(%esp) +fldl 168(%esp) +# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38: + +# qhasm: h3 *= x0 +# asm 1: fmul <x0=float80#4,<h3=float80#1 +# asm 2: fmul <x0=%st(3),<h3=%st(0) +fmul %st(3),%st(0) +# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38: + +# qhasm: h2 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#8 +# asm 2: fldl <r2=152(%esp) +fldl 152(%esp) +# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39: + +# qhasm: h2 *= x0 +# asm 1: fmul <x0=float80#5,<h2=float80#1 +# asm 2: fmul <x0=%st(4),<h2=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39: + +# qhasm: h1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#6 +# asm 2: fldl <r1=136(%esp) +fldl 136(%esp) +# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40: + +# qhasm: h1 *= x0 +# asm 1: fmul <x0=float80#6,<h1=float80#1 +# asm 2: fmul <x0=%st(5),<h1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40: + +# qhasm: h0 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#5 +# asm 2: fldl <r0=128(%esp) +fldl 128(%esp) +# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: h0 *= x0 +# asm 1: fmulp <x0=float80#1,<h0=float80#7 +# asm 2: fmulp <x0=%st(0),<h0=%st(6) +fmulp %st(0),%st(6) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40: + +# qhasm: r2x1 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#8 +# asm 2: fldl <r2=152(%esp) +fldl 152(%esp) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r2x1#58: + +# qhasm: r2x1 *= x1 +# asm 1: fmul <x1=float80#5,<r2x1=float80#1 +# asm 2: fmul <x1=%st(4),<r2x1=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r2x1#58: + +# qhasm: h3 += r2x1 +# asm 1: faddp <r2x1=float80#1,<h3=float80#4 +# asm 2: faddp <r2x1=%st(0),<h3=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40: + +# qhasm: r1x1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#6 +# asm 2: fldl <r1=136(%esp) +fldl 136(%esp) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r1x1#59: + +# qhasm: r1x1 *= x1 +# asm 1: fmul <x1=float80#5,<r1x1=float80#1 +# asm 2: fmul <x1=%st(4),<r1x1=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r1x1#59: + +# qhasm: h2 += r1x1 +# asm 1: faddp <r1x1=float80#1,<h2=float80#3 +# asm 2: faddp <r1x1=%st(0),<h2=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40: + +# qhasm: r0x1 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#5 +# asm 2: fldl <r0=128(%esp) +fldl 128(%esp) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r0x1#60: + +# qhasm: r0x1 *= x1 +# asm 1: fmul <x1=float80#5,<r0x1=float80#1 +# asm 2: fmul <x1=%st(4),<r0x1=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r0x1#60: + +# qhasm: h1 += r0x1 +# asm 1: faddp <r0x1=float80#1,<h1=float80#2 +# asm 2: faddp <r0x1=%st(0),<h1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40: + +# qhasm: sr3x1 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#11 +# asm 2: fldl <sr3=176(%esp) +fldl 176(%esp) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<sr3x1#61: + +# qhasm: sr3x1 *= x1 +# asm 1: fmulp <x1=float80#1,<sr3x1=float80#5 +# asm 2: fmulp <x1=%st(0),<sr3x1=%st(4) +fmulp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<sr3x1#61:<h3#38:<h2#39:<h1#40: + +# qhasm: internal stacktop sr3x1 +# asm 1: fxch <sr3x1=float80#4 +# asm 2: fxch <sr3x1=%st(3) +fxch %st(3) + +# qhasm: h0 += sr3x1 +# asm 1: faddp <sr3x1=float80#1,<h0=float80#6 +# asm 2: faddp <sr3x1=%st(0),<h0=%st(5) +faddp %st(0),%st(5) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39: + +# qhasm: r1x2 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#6 +# asm 2: fldl <r1=136(%esp) +fldl 136(%esp) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<r1x2#62: + +# qhasm: r1x2 *= x2 +# asm 1: fmul <x2=float80#5,<r1x2=float80#1 +# asm 2: fmul <x2=%st(4),<r1x2=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<r1x2#62: + +# qhasm: h3 += r1x2 +# asm 1: faddp <r1x2=float80#1,<h3=float80#3 +# asm 2: faddp <r1x2=%st(0),<h3=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39: + +# qhasm: r0x2 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#5 +# asm 2: fldl <r0=128(%esp) +fldl 128(%esp) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<r0x2#63: + +# qhasm: r0x2 *= x2 +# asm 1: fmul <x2=float80#5,<r0x2=float80#1 +# asm 2: fmul <x2=%st(4),<r0x2=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<r0x2#63: + +# qhasm: h2 += r0x2 +# asm 1: faddp <r0x2=float80#1,<h2=float80#2 +# asm 2: faddp <r0x2=%st(0),<h2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39: + +# qhasm: sr3x2 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#11 +# asm 2: fldl <sr3=176(%esp) +fldl 176(%esp) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<sr3x2#64: + +# qhasm: sr3x2 *= x2 +# asm 1: fmul <x2=float80#5,<sr3x2=float80#1 +# asm 2: fmul <x2=%st(4),<sr3x2=%st(0) +fmul %st(4),%st(0) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<sr3x2#64: + +# qhasm: h1 += sr3x2 +# asm 1: faddp <sr3x2=float80#1,<h1=float80#4 +# asm 2: faddp <sr3x2=%st(0),<h1=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39: + +# qhasm: sr2x2 = *(float64 *) &sr2 +# asm 1: fldl <sr2=stack64#9 +# asm 2: fldl <sr2=160(%esp) +fldl 160(%esp) +# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<sr2x2#65: + +# qhasm: sr2x2 *= x2 +# asm 1: fmulp <x2=float80#1,<sr2x2=float80#5 +# asm 2: fmulp <x2=%st(0),<sr2x2=%st(4) +fmulp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#57:<h0#41:<sr2x2#65:<h1#40:<h3#38:<h2#39: + +# qhasm: internal stacktop sr2x2 +# asm 1: fxch <sr2x2=float80#4 +# asm 2: fxch <sr2x2=%st(3) +fxch %st(3) + +# qhasm: h0 += sr2x2 +# asm 1: faddp <sr2x2=float80#1,<h0=float80#5 +# asm 2: faddp <sr2x2=%st(0),<h0=%st(4) +faddp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#57:<h0#41:<h2#39:<h1#40:<h3#38: + +# qhasm: r0x3 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#5 +# asm 2: fldl <r0=128(%esp) +fldl 128(%esp) +# comment:fpstackfrombottom:<x3#57:<h0#41:<h2#39:<h1#40:<h3#38:<r0x3#66: + +# qhasm: r0x3 *= x3 +# asm 1: fmul <x3=float80#6,<r0x3=float80#1 +# asm 2: fmul <x3=%st(5),<r0x3=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#57:<h0#41:<h2#39:<h1#40:<h3#38:<r0x3#66: + +# qhasm: h3 += r0x3 +# asm 1: faddp <r0x3=float80#1,<h3=float80#2 +# asm 2: faddp <r0x3=%st(0),<h3=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#57:<h0#41:<h2#39:<h1#40:<h3#38: + +# qhasm: stacktop h0 +# asm 1: fxch <h0=float80#4 +# asm 2: fxch <h0=%st(3) +fxch %st(3) +# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: sr3x3 = *(float64 *) &sr3 +# asm 1: fldl <sr3=stack64#11 +# asm 2: fldl <sr3=176(%esp) +fldl 176(%esp) +# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h1#40:<h0#41:<sr3x3#67: + +# qhasm: sr3x3 *= x3 +# asm 1: fmul <x3=float80#6,<sr3x3=float80#1 +# asm 2: fmul <x3=%st(5),<sr3x3=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h1#40:<h0#41:<sr3x3#67: + +# qhasm: h2 += sr3x3 +# asm 1: faddp <sr3x3=float80#1,<h2=float80#4 +# asm 2: faddp <sr3x3=%st(0),<h2=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: stacktop h1 +# asm 1: fxch <h1=float80#2 +# asm 2: fxch <h1=%st(1) +fxch %st(1) +# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40: + +# qhasm: sr2x3 = *(float64 *) &sr2 +# asm 1: fldl <sr2=stack64#9 +# asm 2: fldl <sr2=160(%esp) +fldl 160(%esp) +# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40:<sr2x3#68: + +# qhasm: sr2x3 *= x3 +# asm 1: fmul <x3=float80#6,<sr2x3=float80#1 +# asm 2: fmul <x3=%st(5),<sr2x3=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40:<sr2x3#68: + +# qhasm: h1 += sr2x3 +# asm 1: faddp <sr2x3=float80#1,<h1=float80#2 +# asm 2: faddp <sr2x3=%st(0),<h1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40: + +# qhasm: sr1x3 = *(float64 *) &sr1 +# asm 1: fldl <sr1=stack64#7 +# asm 2: fldl <sr1=144(%esp) +fldl 144(%esp) +# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40:<sr1x3#69: + +# qhasm: sr1x3 *= x3 +# asm 1: fmulp <x3=float80#1,<sr1x3=float80#6 +# asm 2: fmulp <x3=%st(0),<sr1x3=%st(5) +fmulp %st(0),%st(5) +# comment:fpstackfrombottom:<sr1x3#69:<h3#38:<h2#39:<h0#41:<h1#40: + +# qhasm: internal stacktop sr1x3 +# asm 1: fxch <sr1x3=float80#5 +# asm 2: fxch <sr1x3=%st(4) +fxch %st(4) + +# qhasm: h0 += sr1x3 +# asm 1: faddp <sr1x3=float80#1,<h0=float80#2 +# asm 2: faddp <sr1x3=%st(0),<h0=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41: + +# qhasm: unsigned<? l - 16 +# asm 1: cmp $16,<l=int32#2 +# asm 2: cmp $16,<l=%ecx +cmp $16,%ecx +# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41: + +# qhasm: stacktop h3 +# asm 1: fxch <h3=float80#3 +# asm 2: fxch <h3=%st(2) +fxch %st(2) +# comment:fpstackfrombottom:<h1#40:<h0#41:<h2#39:<h3#38: + +# qhasm: y3 = *(float64 *) &d3 +# asm 1: fldl <d3=stack64#4 +# asm 2: fldl <d3=120(%esp) +fldl 120(%esp) +# comment:fpstackfrombottom:<h1#40:<h0#41:<h2#39:<h3#38:<y3#71: + +# qhasm: y3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset3minustwo128 +fsubl crypto_onetimeauth_poly1305_x86_doffset3minustwo128 +# comment:fpstackfrombottom:<h1#40:<h0#41:<h2#39:<h3#38:<y3#71: + +# qhasm: h3 += y3 +# asm 1: faddp <y3=float80#1,<h3=float80#2 +# asm 2: faddp <y3=%st(0),<h3=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h1#40:<h0#41:<h2#39:<h3#38: + +# qhasm: stacktop h2 +# asm 1: fxch <h2=float80#2 +# asm 2: fxch <h2=%st(1) +fxch %st(1) +# comment:fpstackfrombottom:<h1#40:<h0#41:<h3#38:<h2#39: + +# qhasm: y2 = *(float64 *) &d2 +# asm 1: fldl <d2=stack64#3 +# asm 2: fldl <d2=112(%esp) +fldl 112(%esp) +# comment:fpstackfrombottom:<h1#40:<h0#41:<h3#38:<h2#39:<y2#72: + +# qhasm: y2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset2 +fsubl crypto_onetimeauth_poly1305_x86_doffset2 +# comment:fpstackfrombottom:<h1#40:<h0#41:<h3#38:<h2#39:<y2#72: + +# qhasm: h2 += y2 +# asm 1: faddp <y2=float80#1,<h2=float80#2 +# asm 2: faddp <y2=%st(0),<h2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h1#40:<h0#41:<h3#38:<h2#39: + +# qhasm: stacktop h1 +# asm 1: fxch <h1=float80#4 +# asm 2: fxch <h1=%st(3) +fxch %st(3) +# comment:fpstackfrombottom:<h2#39:<h0#41:<h3#38:<h1#40: + +# qhasm: y1 = *(float64 *) &d1 +# asm 1: fldl <d1=stack64#2 +# asm 2: fldl <d1=104(%esp) +fldl 104(%esp) +# comment:fpstackfrombottom:<h2#39:<h0#41:<h3#38:<h1#40:<y1#73: + +# qhasm: y1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset1 +fsubl crypto_onetimeauth_poly1305_x86_doffset1 +# comment:fpstackfrombottom:<h2#39:<h0#41:<h3#38:<h1#40:<y1#73: + +# qhasm: h1 += y1 +# asm 1: faddp <y1=float80#1,<h1=float80#2 +# asm 2: faddp <y1=%st(0),<h1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h2#39:<h0#41:<h3#38:<h1#40: + +# qhasm: stacktop h0 +# asm 1: fxch <h0=float80#3 +# asm 2: fxch <h0=%st(2) +fxch %st(2) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: y0 = *(float64 *) &d0 +# asm 1: fldl <d0=stack64#1 +# asm 2: fldl <d0=96(%esp) +fldl 96(%esp) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<y0#74: + +# qhasm: y0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset0 +fsubl crypto_onetimeauth_poly1305_x86_doffset0 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<y0#74: + +# qhasm: h0 += y0 +# asm 1: faddp <y0=float80#1,<h0=float80#2 +# asm 2: faddp <y0=%st(0),<h0=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: +# comment:fp stack unchanged by jump +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: goto multiplyaddatleast16bytes if !unsigned< +jae ._multiplyaddatleast16bytes +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: +# comment:fp stack unchanged by fallthrough +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: multiplyaddatmost15bytes: +._multiplyaddatmost15bytes: +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41: + +# qhasm: x0 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130 +fldl crypto_onetimeauth_poly1305_x86_alpha130 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75: + +# qhasm: x0 += h3 +# asm 1: fadd <h3=float80#3,<x0=float80#1 +# asm 2: fadd <h3=%st(2),<x0=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75: + +# qhasm: x0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130 +fsubl crypto_onetimeauth_poly1305_x86_alpha130 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75: + +# qhasm: h3 -= x0 +# asm 1: fsubr <x0=float80#1,<h3=float80#3 +# asm 2: fsubr <x0=%st(0),<h3=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75: + +# qhasm: x0 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale +fmull crypto_onetimeauth_poly1305_x86_scale +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75: + +# qhasm: x1 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32 +fldl crypto_onetimeauth_poly1305_x86_alpha32 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76: + +# qhasm: x1 += h0 +# asm 1: fadd <h0=float80#3,<x1=float80#1 +# asm 2: fadd <h0=%st(2),<x1=%st(0) +fadd %st(2),%st(0) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76: + +# qhasm: x1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32 +fsubl crypto_onetimeauth_poly1305_x86_alpha32 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76: + +# qhasm: h0 -= x1 +# asm 1: fsubr <x1=float80#1,<h0=float80#3 +# asm 2: fsubr <x1=%st(0),<h0=%st(2) +fsubr %st(0),%st(2) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76: + +# qhasm: x2 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64 +fldl crypto_onetimeauth_poly1305_x86_alpha64 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77: + +# qhasm: x2 += h1 +# asm 1: fadd <h1=float80#6,<x2=float80#1 +# asm 2: fadd <h1=%st(5),<x2=%st(0) +fadd %st(5),%st(0) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77: + +# qhasm: x2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64 +fsubl crypto_onetimeauth_poly1305_x86_alpha64 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77: + +# qhasm: h1 -= x2 +# asm 1: fsubr <x2=float80#1,<h1=float80#6 +# asm 2: fsubr <x2=%st(0),<h1=%st(5) +fsubr %st(0),%st(5) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77: + +# qhasm: x3 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96 +fldl crypto_onetimeauth_poly1305_x86_alpha96 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:<x3#78: + +# qhasm: x3 += h2 +# asm 1: fadd <h2=float80#8,<x3=float80#1 +# asm 2: fadd <h2=%st(7),<x3=%st(0) +fadd %st(7),%st(0) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:<x3#78: + +# qhasm: x3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96 +fsubl crypto_onetimeauth_poly1305_x86_alpha96 +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:<x3#78: + +# qhasm: h2 -= x3 +# asm 1: fsubr <x3=float80#1,<h2=float80#8 +# asm 2: fsubr <x3=%st(0),<h2=%st(7) +fsubr %st(0),%st(7) +# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:<x3#78: + +# qhasm: internal stacktop h2 +# asm 1: fxch <h2=float80#8 +# asm 2: fxch <h2=%st(7) +fxch %st(7) + +# qhasm: x2 += h2 +# asm 1: faddp <h2=float80#1,<x2=float80#2 +# asm 2: faddp <h2=%st(0),<x2=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#78:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77: + +# qhasm: internal stacktop h1 +# asm 1: fxch <h1=float80#6 +# asm 2: fxch <h1=%st(5) +fxch %st(5) + +# qhasm: x1 += h1 +# asm 1: faddp <h1=float80#1,<x1=float80#2 +# asm 2: faddp <h1=%st(0),<x1=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#78:<x2#77:<h3#38:<h0#41:<x0#75:<x1#76: + +# qhasm: internal stacktop h3 +# asm 1: fxch <h3=float80#4 +# asm 2: fxch <h3=%st(3) +fxch %st(3) + +# qhasm: x3 += h3 +# asm 1: faddp <h3=float80#1,<x3=float80#6 +# asm 2: faddp <h3=%st(0),<x3=%st(5) +faddp %st(0),%st(5) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<x0#75: + +# qhasm: x0 += h0 +# asm 1: faddp <h0=float80#1,<x0=float80#2 +# asm 2: faddp <h0=%st(0),<x0=%st(1) +faddp %st(0),%st(1) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75: + +# qhasm: h3 = *(float64 *) &r3 +# asm 1: fldl <r3=stack64#10 +# asm 2: fldl <r3=168(%esp) +fldl 168(%esp) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38: + +# qhasm: h3 *= x0 +# asm 1: fmul <x0=float80#2,<h3=float80#1 +# asm 2: fmul <x0=%st(1),<h3=%st(0) +fmul %st(1),%st(0) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38: + +# qhasm: h2 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#8 +# asm 2: fldl <r2=152(%esp) +fldl 152(%esp) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39: + +# qhasm: h2 *= x0 +# asm 1: fmul <x0=float80#3,<h2=float80#1 +# asm 2: fmul <x0=%st(2),<h2=%st(0) +fmul %st(2),%st(0) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39: + +# qhasm: h1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#6 +# asm 2: fldl <r1=136(%esp) +fldl 136(%esp) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39:<h1#40: + +# qhasm: h1 *= x0 +# asm 1: fmul <x0=float80#4,<h1=float80#1 +# asm 2: fmul <x0=%st(3),<h1=%st(0) +fmul %st(3),%st(0) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39:<h1#40: + +# qhasm: h0 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#5 +# asm 2: fldl <r0=128(%esp) +fldl 128(%esp) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39:<h1#40:<h0#41: + +# qhasm: h0 *= x0 +# asm 1: fmulp <x0=float80#1,<h0=float80#5 +# asm 2: fmulp <x0=%st(0),<h0=%st(4) +fmulp %st(0),%st(4) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40: + +# qhasm: r2x1 = *(float64 *) &r2 +# asm 1: fldl <r2=stack64#8 +# asm 2: fldl <r2=152(%esp) +fldl 152(%esp) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r2x1#79: + +# qhasm: r2x1 *= x1 +# asm 1: fmul <x1=float80#6,<r2x1=float80#1 +# asm 2: fmul <x1=%st(5),<r2x1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r2x1#79: + +# qhasm: h3 += r2x1 +# asm 1: faddp <r2x1=float80#1,<h3=float80#4 +# asm 2: faddp <r2x1=%st(0),<h3=%st(3) +faddp %st(0),%st(3) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40: + +# qhasm: r1x1 = *(float64 *) &r1 +# asm 1: fldl <r1=stack64#6 +# asm 2: fldl <r1=136(%esp) +fldl 136(%esp) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r1x1#80: + +# qhasm: r1x1 *= x1 +# asm 1: fmul <x1=float80#6,<r1x1=float80#1 +# asm 2: fmul <x1=%st(5),<r1x1=%st(0) +fmul %st(5),%st(0) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r1x1#80: + +# qhasm: h2 += r1x1 +# asm 1: faddp <r1x1=float80#1,<h2=float80#3 +# asm 2: faddp <r1x1=%st(0),<h2=%st(2) +faddp %st(0),%st(2) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40: + +# qhasm: r0x1 = *(float64 *) &r0 +# asm 1: fldl <r0=stack64#5 +# asm 2: fldl <r0=128(%esp) +fldl 128(%esp) +# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r0x1#81: + +# qhasm: r0x1 *= x1 +# asm 1: fmul <x1=float80#6,<r0x1=float80#1 +# asm 2: fmul <x1=%st(5),<r0x1=%st(0)