diff --git a/core/crypto/_fiat/fiat.odin b/core/crypto/_fiat/fiat.odin index f0551722f..cc73c6927 100644 --- a/core/crypto/_fiat/fiat.odin +++ b/core/crypto/_fiat/fiat.odin @@ -9,7 +9,7 @@ package fiat u1 :: distinct u8 i1 :: distinct i8 -@(optimization_mode="none") +@(optimization_mode = "none") cmovznz_u64 :: proc "contextless" (arg1: u1, arg2, arg3: u64) -> (out1: u64) { x1 := (u64(arg1) * 0xffffffffffffffff) x2 := ((x1 & arg3) | ((~x1) & arg2)) @@ -17,7 +17,7 @@ cmovznz_u64 :: proc "contextless" (arg1: u1, arg2, arg3: u64) -> (out1: u64) { return } -@(optimization_mode="none") +@(optimization_mode = "none") cmovznz_u32 :: proc "contextless" (arg1: u1, arg2, arg3: u32) -> (out1: u32) { x1 := (u32(arg1) * 0xffffffff) x2 := ((x1 & arg3) | ((~x1) & arg2)) diff --git a/core/crypto/_fiat/field_curve25519/field.odin b/core/crypto/_fiat/field_curve25519/field.odin index a8e0a0316..cf7f694bc 100644 --- a/core/crypto/_fiat/field_curve25519/field.odin +++ b/core/crypto/_fiat/field_curve25519/field.odin @@ -3,11 +3,15 @@ package field_curve25519 import "core:crypto" import "core:mem" -fe_relax_cast :: #force_inline proc "contextless" (arg1: ^Tight_Field_Element) -> ^Loose_Field_Element { +fe_relax_cast :: #force_inline proc "contextless" ( + arg1: ^Tight_Field_Element, +) -> ^Loose_Field_Element { return transmute(^Loose_Field_Element)(arg1) } -fe_tighten_cast :: #force_inline proc "contextless" (arg1: ^Loose_Field_Element) -> ^Tight_Field_Element { +fe_tighten_cast :: #force_inline proc "contextless" ( + arg1: ^Loose_Field_Element, +) -> ^Tight_Field_Element { return transmute(^Tight_Field_Element)(arg1) } @@ -46,7 +50,7 @@ fe_equal_bytes :: proc "contextless" (arg1: ^Tight_Field_Element, arg2: ^[32]byt return ret } -fe_carry_pow2k :: proc (out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element, arg2: uint) { +fe_carry_pow2k :: proc(out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element, arg2: uint) { // Special case: `arg1^(2 * 0) = 1`, though this should never happen. if arg2 == 0 { fe_one(out1) @@ -54,7 +58,7 @@ fe_carry_pow2k :: proc (out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element, } fe_carry_square(out1, arg1) - for _ in 1.. int { +fe_carry_invsqrt :: proc(out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element) -> int { // Inverse square root taken from Monocypher. tmp1, tmp2, tmp3: Tight_Field_Element = ---, ---, --- @@ -116,7 +120,7 @@ fe_carry_invsqrt :: proc (out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element // then isr = x^((p-1)/4) * sqrt(-1) // else isr = x^((p-1)/4) fe_carry_mul(out1, fe_relax_cast(&tmp1), fe_relax_cast(&SQRT_M1)) - fe_cond_assign(out1, &tmp1, (m1|ms) ~ 1) + fe_cond_assign(out1, &tmp1, (m1 | ms) ~ 1) mem.zero_explicit(&tmp1, size_of(tmp1)) mem.zero_explicit(&tmp2, size_of(tmp2)) @@ -126,7 +130,7 @@ fe_carry_invsqrt :: proc (out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element return p1 | m1 } -fe_carry_inv :: proc (out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element) { +fe_carry_inv :: proc(out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element) { tmp1: Tight_Field_Element fe_carry_square(&tmp1, arg1) @@ -166,7 +170,7 @@ fe_set :: proc "contextless" (out1, arg1: ^Tight_Field_Element) { out1[4] = x5 } -@(optimization_mode="none") +@(optimization_mode = "none") fe_cond_swap :: #force_no_inline proc "contextless" (out1, out2: ^Tight_Field_Element, arg1: int) { mask := (u64(arg1) * 0xffffffffffffffff) x := (out1[0] ~ out2[0]) & mask diff --git a/core/crypto/_fiat/field_curve25519/field51.odin b/core/crypto/_fiat/field_curve25519/field51.odin index 3cbc296b7..4cda96c81 100644 --- a/core/crypto/_fiat/field_curve25519/field51.odin +++ b/core/crypto/_fiat/field_curve25519/field51.odin @@ -42,7 +42,7 @@ import "core:math/bits" Loose_Field_Element :: distinct [5]u64 Tight_Field_Element :: distinct [5]u64 -SQRT_M1 := Tight_Field_Element{ +SQRT_M1 := Tight_Field_Element { 1718705420411056, 234908883556509, 2233514472574048, @@ -50,7 +50,13 @@ SQRT_M1 := Tight_Field_Element{ 765476049583133, } -_addcarryx_u51 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: u64) -> (out1: u64, out2: fiat.u1) { +_addcarryx_u51 :: #force_inline proc "contextless" ( + arg1: fiat.u1, + arg2, arg3: u64, +) -> ( + out1: u64, + out2: fiat.u1, +) { x1 := ((u64(arg1) + arg2) + arg3) x2 := (x1 & 0x7ffffffffffff) x3 := fiat.u1((x1 >> 51)) @@ -59,7 +65,13 @@ _addcarryx_u51 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: u return } -_subborrowx_u51 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: u64) -> (out1: u64, out2: fiat.u1) { +_subborrowx_u51 :: #force_inline proc "contextless" ( + arg1: fiat.u1, + arg2, arg3: u64, +) -> ( + out1: u64, + out2: fiat.u1, +) { x1 := ((i64(arg2) - i64(arg1)) - i64(arg3)) x2 := fiat.i1((x1 >> 51)) x3 := (u64(x1) & 0x7ffffffffffff) @@ -68,7 +80,7 @@ _subborrowx_u51 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: return } -fe_carry_mul :: proc (out1: ^Tight_Field_Element, arg1, arg2: ^Loose_Field_Element) { +fe_carry_mul :: proc(out1: ^Tight_Field_Element, arg1, arg2: ^Loose_Field_Element) { x2, x1 := bits.mul_u64(arg1[4], (arg2[4] * 0x13)) x4, x3 := bits.mul_u64(arg1[4], (arg2[3] * 0x13)) x6, x5 := bits.mul_u64(arg1[4], (arg2[2] * 0x13)) @@ -167,7 +179,7 @@ fe_carry_mul :: proc (out1: ^Tight_Field_Element, arg1, arg2: ^Loose_Field_Eleme out1[4] = x152 } -fe_carry_square :: proc (out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element) { +fe_carry_square :: proc(out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element) { x1 := (arg1[4] * 0x13) x2 := (x1 * 0x2) x3 := (arg1[4] * 0x2) @@ -303,8 +315,11 @@ fe_opp :: proc "contextless" (out1: ^Loose_Field_Element, arg1: ^Tight_Field_Ele out1[4] = x5 } -@(optimization_mode="none") -fe_cond_assign :: #force_no_inline proc "contextless" (out1, arg1: ^Tight_Field_Element, arg2: int) { +@(optimization_mode = "none") +fe_cond_assign :: #force_no_inline proc "contextless" ( + out1, arg1: ^Tight_Field_Element, + arg2: int, +) { x1 := fiat.cmovznz_u64(fiat.u1(arg2), out1[0], arg1[0]) x2 := fiat.cmovznz_u64(fiat.u1(arg2), out1[1], arg1[1]) x3 := fiat.cmovznz_u64(fiat.u1(arg2), out1[2], arg1[2]) @@ -525,7 +540,7 @@ fe_relax :: proc "contextless" (out1: ^Loose_Field_Element, arg1: ^Tight_Field_E out1[4] = x5 } -fe_carry_scmul_121666 :: proc (out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element) { +fe_carry_scmul_121666 :: proc(out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element) { x2, x1 := bits.mul_u64(0x1db42, arg1[4]) x4, x3 := bits.mul_u64(0x1db42, arg1[3]) x6, x5 := bits.mul_u64(0x1db42, arg1[2]) diff --git a/core/crypto/_fiat/field_poly1305/field.odin b/core/crypto/_fiat/field_poly1305/field.odin index 9b00ff3ec..f5557cf5f 100644 --- a/core/crypto/_fiat/field_poly1305/field.odin +++ b/core/crypto/_fiat/field_poly1305/field.odin @@ -3,15 +3,19 @@ package field_poly1305 import "core:encoding/endian" import "core:mem" -fe_relax_cast :: #force_inline proc "contextless" (arg1: ^Tight_Field_Element) -> ^Loose_Field_Element { +fe_relax_cast :: #force_inline proc "contextless" ( + arg1: ^Tight_Field_Element, +) -> ^Loose_Field_Element { return transmute(^Loose_Field_Element)(arg1) } -fe_tighten_cast :: #force_inline proc "contextless" (arg1: ^Loose_Field_Element) -> ^Tight_Field_Element { +fe_tighten_cast :: #force_inline proc "contextless" ( + arg1: ^Loose_Field_Element, +) -> ^Tight_Field_Element { return transmute(^Tight_Field_Element)(arg1) } -fe_from_bytes :: #force_inline proc (out1: ^Tight_Field_Element, arg1: []byte, arg2: byte) { +fe_from_bytes :: #force_inline proc(out1: ^Tight_Field_Element, arg1: []byte, arg2: byte) { // fiat-crypto's deserialization routine effectively processes a // single byte at a time, and wants 256-bits of input for a value // that will be 128-bits or 129-bits. @@ -67,8 +71,11 @@ fe_set :: #force_inline proc "contextless" (out1, arg1: ^Tight_Field_Element) { out1[2] = x3 } -@(optimization_mode="none") -fe_cond_swap :: #force_no_inline proc "contextless" (out1, out2: ^Tight_Field_Element, arg1: bool) { +@(optimization_mode = "none") +fe_cond_swap :: #force_no_inline proc "contextless" ( + out1, out2: ^Tight_Field_Element, + arg1: bool, +) { mask := -u64(arg1) x := (out1[0] ~ out2[0]) & mask x1, y1 := out1[0] ~ x, out2[0] ~ x diff --git a/core/crypto/_fiat/field_poly1305/field4344.odin b/core/crypto/_fiat/field_poly1305/field4344.odin index ddc10de52..bddb0c322 100644 --- a/core/crypto/_fiat/field_poly1305/field4344.odin +++ b/core/crypto/_fiat/field_poly1305/field4344.odin @@ -39,7 +39,13 @@ import "core:math/bits" Loose_Field_Element :: distinct [3]u64 Tight_Field_Element :: distinct [3]u64 -_addcarryx_u44 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: u64) -> (out1: u64, out2: fiat.u1) { +_addcarryx_u44 :: #force_inline proc "contextless" ( + arg1: fiat.u1, + arg2, arg3: u64, +) -> ( + out1: u64, + out2: fiat.u1, +) { x1 := ((u64(arg1) + arg2) + arg3) x2 := (x1 & 0xfffffffffff) x3 := fiat.u1((x1 >> 44)) @@ -48,7 +54,13 @@ _addcarryx_u44 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: u return } -_subborrowx_u44 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: u64) -> (out1: u64, out2: fiat.u1) { +_subborrowx_u44 :: #force_inline proc "contextless" ( + arg1: fiat.u1, + arg2, arg3: u64, +) -> ( + out1: u64, + out2: fiat.u1, +) { x1 := ((i64(arg2) - i64(arg1)) - i64(arg3)) x2 := fiat.i1((x1 >> 44)) x3 := (u64(x1) & 0xfffffffffff) @@ -57,7 +69,13 @@ _subborrowx_u44 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: return } -_addcarryx_u43 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: u64) -> (out1: u64, out2: fiat.u1) { +_addcarryx_u43 :: #force_inline proc "contextless" ( + arg1: fiat.u1, + arg2, arg3: u64, +) -> ( + out1: u64, + out2: fiat.u1, +) { x1 := ((u64(arg1) + arg2) + arg3) x2 := (x1 & 0x7ffffffffff) x3 := fiat.u1((x1 >> 43)) @@ -66,7 +84,13 @@ _addcarryx_u43 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: u return } -_subborrowx_u43 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: u64) -> (out1: u64, out2: fiat.u1) { +_subborrowx_u43 :: #force_inline proc "contextless" ( + arg1: fiat.u1, + arg2, arg3: u64, +) -> ( + out1: u64, + out2: fiat.u1, +) { x1 := ((i64(arg2) - i64(arg1)) - i64(arg3)) x2 := fiat.i1((x1 >> 43)) x3 := (u64(x1) & 0x7ffffffffff) @@ -75,7 +99,7 @@ _subborrowx_u43 :: #force_inline proc "contextless" (arg1: fiat.u1, arg2, arg3: return } -fe_carry_mul :: proc (out1: ^Tight_Field_Element, arg1, arg2: ^Loose_Field_Element) { +fe_carry_mul :: proc(out1: ^Tight_Field_Element, arg1, arg2: ^Loose_Field_Element) { x2, x1 := bits.mul_u64(arg1[2], (arg2[2] * 0x5)) x4, x3 := bits.mul_u64(arg1[2], (arg2[1] * 0xa)) x6, x5 := bits.mul_u64(arg1[1], (arg2[2] * 0xa)) @@ -120,7 +144,7 @@ fe_carry_mul :: proc (out1: ^Tight_Field_Element, arg1, arg2: ^Loose_Field_Eleme out1[2] = x62 } -fe_carry_square :: proc (out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element) { +fe_carry_square :: proc(out1: ^Tight_Field_Element, arg1: ^Loose_Field_Element) { x1 := (arg1[2] * 0x5) x2 := (x1 * 0x2) x3 := (arg1[2] * 0x2) @@ -201,8 +225,11 @@ fe_opp :: proc "contextless" (out1: ^Loose_Field_Element, arg1: ^Tight_Field_Ele out1[2] = x3 } -@(optimization_mode="none") -fe_cond_assign :: #force_no_inline proc "contextless" (out1, arg1: ^Tight_Field_Element, arg2: bool) { +@(optimization_mode = "none") +fe_cond_assign :: #force_no_inline proc "contextless" ( + out1, arg1: ^Tight_Field_Element, + arg2: bool, +) { x1 := fiat.cmovznz_u64(fiat.u1(arg2), out1[0], arg1[0]) x2 := fiat.cmovznz_u64(fiat.u1(arg2), out1[1], arg1[1]) x3 := fiat.cmovznz_u64(fiat.u1(arg2), out1[2], arg1[2])