dont do indirection in for batch stuff

2025-12-05 21:27:13 -06:00 · 2020-11-22 10:21:06 +00:00
parent 5b5f414b79
commit 51d87c3857
19 changed files with 86 additions and 71 deletions
--- a/ed25519/amd64-64-24k/fe25519.h
+++ b/ed25519/amd64-64-24k/fe25519.h
@@ -22,9 +22,9 @@
 #define fe25519_batchinvert    crypto_sign_ed25519_amd64_64_fe25519_batchinvert
 #define fe25519_pow2523        crypto_sign_ed25519_amd64_64_fe25519_pow2523

-typedef struct 
+typedef struct
 {
-  unsigned long long v[4]; 
+  unsigned long long v[4];
 }
 fe25519;

@@ -62,7 +62,7 @@ void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e);

 void fe25519_invert(fe25519 *r, const fe25519 *x);

-void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num);
+void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset);

 void fe25519_pow2523(fe25519 *r, const fe25519 *x);

--- a/ed25519/amd64-64-24k/fe25519_batchinvert.c
+++ b/ed25519/amd64-64-24k/fe25519_batchinvert.c
@@ -1,26 +1,34 @@
 #include "fe25519.h"

-// tmp MUST != out
+// tmp MUST != out or in
 // in MAY == out
-void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num)
+void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset)
 {
  fe25519 acc;
  fe25519 tmpacc;
  size_t i;
+  const fe25519 *inp;
+  fe25519 *outp;

  fe25519_setint(&acc,1);

+  inp = in;
  for (i = 0;i < num;++i) {
    tmp[i] = acc;
-    fe25519_mul(&acc,&acc,in[i]);
+    fe25519_mul(&acc,&acc,inp);
+    inp = (const fe25519 *)((const char *)inp + offset);
  }

  fe25519_invert(&acc,&acc);

  i = num;
+  inp = (const fe25519 *)((const char *)in + offset * num);
+  outp = (fe25519 *)((char *)out + offset * num);
  while (i--) {
-    fe25519_mul(&tmpacc,&acc,in[i]);
-    fe25519_mul(out[i],&acc,&tmp[i]);
+    inp = (const fe25519 *)((const char *)inp - offset);
+    outp = (fe25519 *)((char *)outp - offset);
+    fe25519_mul(&tmpacc,&acc,inp);
+    fe25519_mul(outp,&acc,&tmp[i]);
    acc = tmpacc;
  }
 }
--- a/ed25519/amd64-64-24k/ge25519.h
+++ b/ed25519/amd64-64-24k/ge25519.h
@@ -81,7 +81,7 @@ extern int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);

 extern void ge25519_pack(unsigned char r[32], const ge25519 *p);

-extern void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num);
+extern void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num);
 extern void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf);

 extern int ge25519_isneutral_vartime(const ge25519 *p);
--- a/ed25519/amd64-64-24k/ge25519_batchpack.c
+++ b/ed25519/amd64-64-24k/ge25519_batchpack.c
@@ -1,13 +1,12 @@
 #include "fe25519.h"
 #include "ge25519.h"

-// assumes inz[] points to things in in[]
 // NOTE: leaves in unfinished state
-void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num)
+void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num)
 {
  fe25519 ty;

-  fe25519_batchinvert(inz, tmp, inz, num);
+  fe25519_batchinvert(&in->z, &in->z, tmp, num, sizeof(ge25519_p3));

  for (size_t i = 0; i < num; ++i) {
    fe25519_mul(&ty, &in[i].y, &in[i].z);