From 4669c3db4c8af7997c9406dbc339692450928771 Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Tue, 28 Mar 2017 19:48:36 +0200
Subject: [PATCH] more merging of curve25519 into ed25519

---
 Makefile                                |  2 +-
 bip32.c                                 |  1 -
 ed25519-donna/curve25519-donna.h        |  9 ------
 ed25519-donna/curve25519.c              | 27 ------------------
 ed25519-donna/curve25519.h              | 10 -------
 ed25519-donna/ed25519-donna-impl-base.h | 14 +++++-----
 ed25519-donna/ed25519.c                 | 37 +++++++++++++++----------
 ed25519-donna/ed25519.h                 |  7 +++--
 ed25519-donna/modm-donna-32bit.h        | 14 +++++-----
 test_speed.c                            |  1 -
 10 files changed, 43 insertions(+), 79 deletions(-)
 delete mode 100644 ed25519-donna/curve25519-donna.h
 delete mode 100644 ed25519-donna/curve25519.c
 delete mode 100644 ed25519-donna/curve25519.h

diff --git a/Makefile b/Makefile
index 6a1f11083..5e0609f73 100644
--- a/Makefile
+++ b/Makefile
@@ -41,7 +41,7 @@ SRCS  += ripemd160.c
 SRCS  += sha2.c
 SRCS  += sha3.c
 SRCS  += aescrypt.c aeskey.c aestab.c aes_modes.c
-SRCS  += ed25519-donna/ed25519.c ed25519-donna/curve25519.c
+SRCS  += ed25519-donna/ed25519.c
 SRCS  += blake2b.c blake2s.c
 
 OBJS   = $(SRCS:.c=.o)
diff --git a/bip32.c b/bip32.c
index 5135efdc7..11f3df75d 100644
--- a/bip32.c
+++ b/bip32.c
@@ -37,7 +37,6 @@
 #include "secp256k1.h"
 #include "nist256p1.h"
 #include "ed25519.h"
-#include "curve25519.h"
 #if USE_ETHEREUM
 #include "sha3.h"
 #endif
diff --git a/ed25519-donna/curve25519-donna.h b/ed25519-donna/curve25519-donna.h
deleted file mode 100644
index feba4c6c8..000000000
--- a/ed25519-donna/curve25519-donna.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#include "curve25519.h"
-
-#include "ed25519-donna-portable.h"
-
-#include "curve25519-donna-32bit.h"
-
-#include "curve25519-donna-helpers.h"
-
-#include "curve25519-donna-scalarmult-base.h"
diff --git a/ed25519-donna/curve25519.c b/ed25519-donna/curve25519.c
deleted file mode 100644
index bfd2f58ec..000000000
--- a/ed25519-donna/curve25519.c
+++ /dev/null
@@ -1,27 +0,0 @@
-#include "curve25519-donna.h"
-
-#if !defined(CURVE25519_SUFFIX)
-#define CURVE25519_SUFFIX 
-#endif
-
-#define CURVE25519_FN3(fn,suffix) fn##suffix
-#define CURVE25519_FN2(fn,suffix) CURVE25519_FN3(fn,suffix)
-#define CURVE25519_FN(fn)         CURVE25519_FN2(fn,CURVE25519_SUFFIX)
-
-void
-CURVE25519_FN(curve25519_donna) (curve25519_key mypublic, const curve25519_key secret, const curve25519_key basepoint) {
-	curve25519_key e;
-	size_t i;
-
-	for (i = 0;i < 32;++i) e[i] = secret[i];
-	e[0] &= 0xf8;
-	e[31] &= 0x7f;
-	e[31] |= 0x40;
-	curve25519_scalarmult_donna(mypublic, e, basepoint);
-}
-
-void
-CURVE25519_FN(curve25519_donna_basepoint) (curve25519_key mypublic, const curve25519_key secret) {
-	static const curve25519_key basepoint = {9};
-	CURVE25519_FN(curve25519_donna)(mypublic, secret, basepoint);
-}
diff --git a/ed25519-donna/curve25519.h b/ed25519-donna/curve25519.h
deleted file mode 100644
index 51edd1e94..000000000
--- a/ed25519-donna/curve25519.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef CURVE25519_H
-#define CURVE25519_H
-
-typedef unsigned char curve25519_key[32];
-
-void curve25519_donna(curve25519_key mypublic, const curve25519_key secret, const curve25519_key basepoint);
-void curve25519_donna_basepoint(curve25519_key mypublic, const curve25519_key secret);
-
-#endif /* CURVE25519_H */
-
diff --git a/ed25519-donna/ed25519-donna-impl-base.h b/ed25519-donna/ed25519-donna-impl-base.h
index 49936aa00..e2e2db895 100644
--- a/ed25519-donna/ed25519-donna-impl-base.h
+++ b/ed25519-donna/ed25519-donna-impl-base.h
@@ -179,7 +179,7 @@ ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q)
 	pack & unpack
 */
 
-STATIC void
+static void
 ge25519_pack(unsigned char r[32], const ge25519 *p) {
 	bignum25519 tx, ty, zi;
 	unsigned char parity[32];
@@ -191,7 +191,7 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) {
 	r[31] ^= ((parity[0] & 1) << 7);
 }
 
-STATIC int ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
+static int ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
 	static const unsigned char zero[32] = {0};
 	static const bignum25519 one = {1};
 	unsigned char parity = p[31] >> 7;
@@ -258,7 +258,7 @@ DONNA_INLINE static void ge25519_set_neutral(ge25519 *r)
 #define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2))
 
 /* computes [s1]p1 + [s2]base */
-STATIC void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
+static void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
 	signed char slide1[256], slide2[256];
 	ge25519_pniels pre1[S1_TABLE_SIZE];
 	ge25519 d1;
@@ -298,7 +298,7 @@ STATIC void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, con
 
 /* computes [s1]p1 */
 #if 0 // UNUSED
-STATIC void ge25519_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
+static void ge25519_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
 	signed char slide1[256];
 	ge25519_pniels pre1[S1_TABLE_SIZE];
 	ge25519 d1;
@@ -382,7 +382,7 @@ DONNA_INLINE static void ge25519_cmove_stride4b(long * r, long * p, long * pos,
 #define HAS_CMOVE_STRIDE4B
 
 #if 0 // UNUSED
-STATIC void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pniels * p, int pos, int n) {
+static void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pniels * p, int pos, int n) {
 #ifdef HAS_CMOVE_STRIDE4B
   size_t i;
   for(i=0; i<sizeof(ge25519_pniels)/sizeof(long); i+=4) {
@@ -401,7 +401,7 @@ STATIC void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25
 }
 #endif
 
-STATIC void ge25519_move_conditional_niels_array(ge25519_niels * r, const uint8_t p[8][96], int pos, int n) {
+static void ge25519_move_conditional_niels_array(ge25519_niels * r, const uint8_t p[8][96], int pos, int n) {
   size_t i;
   for(i=0; i<96/sizeof(long); i+=4) {
     ge25519_cmove_stride4(((long*)r)+i,
@@ -414,7 +414,7 @@ STATIC void ge25519_move_conditional_niels_array(ge25519_niels * r, const uint8_
 
 /* computes [s1]p1, constant time */
 #if 0 // UNUSED
-STATIC void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
+static void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
 	signed char slide1[64];
 	ge25519_pniels pre1[9];
 	ge25519_pniels pre;
diff --git a/ed25519-donna/ed25519.c b/ed25519-donna/ed25519.c
index 9ed7c387f..6b13f6087 100644
--- a/ed25519-donna/ed25519.c
+++ b/ed25519-donna/ed25519.c
@@ -5,20 +5,12 @@
 */
 
 
-/* define ED25519_SUFFIX to have it appended to the end of each public function */
-#if !defined(ED25519_SUFFIX)
-#define ED25519_SUFFIX 
-#endif
-
-#define ED25519_FN3(fn,suffix) fn##suffix
-#define ED25519_FN2(fn,suffix) ED25519_FN3(fn,suffix)
-#define ED25519_FN(fn)         ED25519_FN2(fn,ED25519_SUFFIX)
-#define STATIC static
-
 #include "ed25519-donna.h"
 #include "ed25519.h"
 #include "ed25519-hash-custom.h"
 
+#include "curve25519-donna-scalarmult-base.h"
+
 /*
 	Generates a (extsk[0..31]) and aExt (extsk[32..63])
 */
@@ -42,7 +34,7 @@ ed25519_hram(hash_512bits hram, const ed25519_signature RS, const ed25519_public
 }
 
 void
-ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
+ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk) {
 	bignum256modm a;
 	ge25519 ALIGN(16) A;
 	hash_512bits extsk;
@@ -56,7 +48,7 @@ ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key p
 
 
 void
-ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS) {
+ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS) {
 	ed25519_hash_context ctx;
 	bignum256modm r, S, a;
 	ge25519 ALIGN(16) R;
@@ -91,7 +83,7 @@ ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_sec
 }
 
 int
-ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
+ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
 	ge25519 ALIGN(16) R, A;
 	hash_512bits hash;
 	bignum256modm hram, S;
@@ -120,7 +112,7 @@ ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed2551
 */
 
 void
-ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25519_key e) {
+curved25519_scalarmult_basepoint(curved25519_key pk, const curved25519_key e) {
 	curved25519_key ec;
 	bignum256modm s;
 	bignum25519 ALIGN(16) yplusz, zminusy;
@@ -146,3 +138,20 @@ ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25
 	curve25519_contract(pk, yplusz);
 }
 
+void
+curve25519_donna(curve25519_key mypublic, const curve25519_key secret, const curve25519_key basepoint) {
+	curve25519_key e;
+	size_t i;
+
+	for (i = 0;i < 32;++i) e[i] = secret[i];
+	e[0] &= 0xf8;
+	e[31] &= 0x7f;
+	e[31] |= 0x40;
+	curve25519_scalarmult_donna(mypublic, e, basepoint);
+}
+
+void
+curve25519_donna_basepoint(curve25519_key mypublic, const curve25519_key secret) {
+	static const curve25519_key basepoint = {9};
+	curve25519_donna(mypublic, secret, basepoint);
+}
diff --git a/ed25519-donna/ed25519.h b/ed25519-donna/ed25519.h
index 94fb88314..928e7cd06 100644
--- a/ed25519-donna/ed25519.h
+++ b/ed25519-donna/ed25519.h
@@ -1,8 +1,6 @@
 #ifndef ED25519_H
 #define ED25519_H
 
-#include <stdlib.h>
-
 #if defined(__cplusplus)
 extern "C" {
 #endif
@@ -11,6 +9,8 @@ typedef unsigned char ed25519_signature[64];
 typedef unsigned char ed25519_public_key[32];
 typedef unsigned char ed25519_secret_key[32];
 
+typedef unsigned char curve25519_key[32];
+
 typedef unsigned char curved25519_key[32];
 
 void ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk);
@@ -21,6 +21,9 @@ int ed25519_sign_open_batch(const unsigned char **m, size_t *mlen, const unsigne
 
 void curved25519_scalarmult_basepoint(curved25519_key pk, const curved25519_key e);
 
+void curve25519_donna(curve25519_key mypublic, const curve25519_key secret, const curve25519_key basepoint);
+void curve25519_donna_basepoint(curve25519_key mypublic, const curve25519_key secret);
+
 #if defined(__cplusplus)
 }
 #endif
diff --git a/ed25519-donna/modm-donna-32bit.h b/ed25519-donna/modm-donna-32bit.h
index 1976bae37..16fba16d4 100644
--- a/ed25519-donna/modm-donna-32bit.h
+++ b/ed25519-donna/modm-donna-32bit.h
@@ -140,7 +140,7 @@ barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignum256m
 }
 
 /* addition modulo m */
-STATIC void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
+static void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
 	bignum256modm_element_t c;
 
 	c  = x[0] + y[0]; r[0] = c & 0x3fffffff; c >>= 30;
@@ -157,7 +157,7 @@ STATIC void add256_modm(bignum256modm r, const bignum256modm x, const bignum256m
 }
 
 /* multiplication modulo m */
-STATIC void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
+static void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
 	bignum256modm r1, q1;
 	uint64_t c;
 	bignum256modm_element_t f;
@@ -202,7 +202,7 @@ STATIC void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256m
 	barrett_reduce256_modm(r, q1, r1);
 }
 
-STATIC void expand256_modm(bignum256modm out, const unsigned char *in, size_t len) {
+static void expand256_modm(bignum256modm out, const unsigned char *in, size_t len) {
 	unsigned char work[64] = {0};
 	bignum256modm_element_t x[16];
 	bignum256modm q1;
@@ -254,7 +254,7 @@ STATIC void expand256_modm(bignum256modm out, const unsigned char *in, size_t le
 	barrett_reduce256_modm(out, q1, out);
 }
 
-STATIC void expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
+static void expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
 	bignum256modm_element_t x[8];
 
 	x[0] = U8TO32_LE(in +  0);
@@ -277,7 +277,7 @@ STATIC void expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
 	out[8] = ((x[ 7] >> 16)                ) & 0x0000ffff;
 }
 
-STATIC void contract256_modm(unsigned char out[32], const bignum256modm in) {
+static void contract256_modm(unsigned char out[32], const bignum256modm in) {
 	U32TO8_LE(out +  0, (in[0]      ) | (in[1] << 30));
 	U32TO8_LE(out +  4, (in[1] >>  2) | (in[2] << 28));
 	U32TO8_LE(out +  8, (in[2] >>  4) | (in[3] << 26));
@@ -290,7 +290,7 @@ STATIC void contract256_modm(unsigned char out[32], const bignum256modm in) {
 
 
 
-STATIC void contract256_window4_modm(signed char r[64], const bignum256modm in) {
+static void contract256_window4_modm(signed char r[64], const bignum256modm in) {
 	char carry;
 	signed char *quads = r;
 	bignum256modm_element_t i, j, v;
@@ -325,7 +325,7 @@ STATIC void contract256_window4_modm(signed char r[64], const bignum256modm in)
 	r[63] += carry;
 }
 
-STATIC void contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) {
+static void contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) {
 	int i,j,k,b;
 	int m = (1 << (windowsize - 1)) - 1, soplen = 256;
 	signed char *bits = r;
diff --git a/test_speed.c b/test_speed.c
index d9010bb90..c6fa53174 100644
--- a/test_speed.c
+++ b/test_speed.c
@@ -8,7 +8,6 @@
 #include "secp256k1.h"
 #include "nist256p1.h"
 #include "ed25519.h"
-#include "curve25519.h"
 
 static uint8_t msg[32];