Update crypto code from Catacomb 2.5.0.

This change committed automatically by `import-catacomb-crypto'.

  * Import new `ed25519-tests.in' from upstream `pub/t/ed25519.djb' and
    `pub/t/ed25519.local'.
  * Import new `ed25519.c' from upstream `pub/ed25519.c'.
  * Import new `ed25519.h' from upstream `pub/ed25519.h'.
  * Import new `ed448-tests.in' from upstream `pub/t/ed448'.
  * Import new `ed448.c' from upstream `pub/ed448.c'.
  * Import new `ed448.h' from upstream `pub/ed448.h'.
  * Import updated `f25519-tests.in' from upstream `math/t/f25519'.
  * Import updated `f25519.c' from upstream `math/f25519.c'.
  * Import updated `f25519.h' from upstream `math/f25519.h'.
  * Import updated `fgoldi-tests.in' from upstream `math/t/fgoldi'.
  * Import updated `fgoldi.c' from upstream `math/fgoldi.c'.
  * Import updated `fgoldi.h' from upstream `math/fgoldi.h'.
  * Import new `keccak1600-tests.in' from upstream `symm/t/keccak1600'.
  * Import new `keccak1600.c' from upstream `symm/keccak1600.c'.
  * Import new `keccak1600.h' from upstream `symm/keccak1600.h'.
  * Import new `scaf.c' from upstream `math/scaf.c'.
  * Import new `scaf.h' from upstream `math/scaf.h'.
  * Import new `scmul.h' from upstream `math/scmul.h'.
  * Import new `sha3-tests.in' from upstream
    `symm/t/SHA3_224LongMsg.rsp', `symm/t/SHA3_224Monte.rsp',
    `symm/t/SHA3_224ShortMsg.rsp', `symm/t/SHA3_256LongMsg.rsp',
    `symm/t/SHA3_256Monte.rsp', `symm/t/SHA3_256ShortMsg.rsp',
    `symm/t/SHA3_384LongMsg.rsp', `symm/t/SHA3_384Monte.rsp',
    `symm/t/SHA3_384ShortMsg.rsp', `symm/t/SHA3_512LongMsg.rsp',
    `symm/t/SHA3_512Monte.rsp', `symm/t/SHA3_512ShortMsg.rsp',
    `symm/t/SHAKE128LongMsg.rsp', `symm/t/SHAKE128ShortMsg.rsp',
    `symm/t/SHAKE128VariableOut.rsp', `symm/t/SHAKE256LongMsg.rsp',
    `symm/t/SHAKE256ShortMsg.rsp', `symm/t/SHAKE256VariableOut.rsp', and
    `symm/t/sha3.local'.
  * Import new `sha3.c' from upstream `symm/sha3.c'.
  * Import new `sha3.h' from upstream `symm/sha3.h'.
  * Import updated `x25519-tests.in' from upstream `pub/t/x25519'.
  * Import new `x25519.slow-tests.in' from upstream `pub/t/x25519.slow'.
  * Import updated `x448-tests.in' from upstream `pub/t/x448'.
  * Import updated `x448.h' from upstream `pub/x448.h'.
  * Import new `x448.slow-tests.in' from upstream `pub/t/x448.slow'.

Detailed list of changes:

    commit f521d4c7a97076db34681c598d7965c7d05713b0
    Author: Mark Wooding <mdw@distorted.org.uk>
    Date:   Wed, 10 May 2017 21:01:03 +0100

        math/f{25519,goldi}.[ch]: Export the piece type.

     math/f25519.c | 6 ++++--
     math/f25519.h | 7 +++++++
     math/fgoldi.c | 6 ++++--
     math/fgoldi.h | 7 +++++++
     4 files changed, 22 insertions(+), 4 deletions(-)

    commit e830bb692041c75eb29b8c511db21af81b3aae2d
    Author: Mark Wooding <mdw@distorted.org.uk>
    Date:   Mon, 1 May 2017 01:38:30 +0100

        math/f25519.c, utils/curve25519.sage: Slightly improve `quosqrt' algorithm.

        The algorithm from the Bernstein et al. paper was somewhat ugly.
        Replace it with a different one using the techniques I used in `fgoldi'
        for the main calculation, but with the same end structure.

     math/f25519.c | 102 ++++++++++++++++++++++++++++++----------------------------
     1 file changed, 53 insertions(+), 49 deletions(-)

    commit 1bc00e2a032fa3899ed734f6cfeab88e9000041d
    Author: Mark Wooding <mdw@distorted.org.uk>
    Date:   Mon, 1 May 2017 01:38:30 +0100

        math/fgoldi.[ch]: Implement the extra operations needed for Ed448.

     math/fgoldi.c | 289 ++++++++++++++++++++++++++++
     math/fgoldi.h |  77 ++++++++
     math/t/fgoldi | 607 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
     3 files changed, 973 insertions(+)

    commit c578d5d85b11f004c151948684ca5753a5ac5962
    Author: Mark Wooding <mdw@distorted.org.uk>
    Date:   Wed, 10 May 2017 21:58:36 +0100

        pub/ed448.[ch], etc.: Add the Ed448 signature scheme from RFC8032.

     pub/x448.h | 3 ++-
     1 file changed, 2 insertions(+), 1 deletion(-)

    commit 1e4c26653e52aa4c4b06e345617135a6ff271ab5
    Author: Mark Wooding <mdw@distorted.org.uk>
    Date:   Thu, 19 Oct 2017 19:35:23 +0100

        pub/t/x*: Rearrange the Monte-Carlo tests.

          * Insert more intermediate values, specifically at every power of 10.

          * Rather than calculating the whole thing from scratch each time,
            tests other than the first one continue from the previous
            state (which I had to calculate the hard way and enter into the
            test-vector files).  The total iteration count and final results
            still match the RFC.

          * Split the very slow high-iteration-count tests into a separate file,
            where they can be run discretionally without having to edit source
            files.  Arrange to distribute these new files.

     pub/t/x25519 | 15 ++++++++-------
     pub/t/x448   | 15 ++++++++-------
     2 files changed, 16 insertions(+), 14 deletions(-)

    commit 89bd399d7d3fdeb58f7a442bcd139b707e08e8d0
    Author: Mark Wooding <mdw@distorted.org.uk>
    Date:   Fri, 1 Mar 2019 12:21:16 +0000

        math/f25519.c, math/fgoldi.c: Remove some unused constant definitions.

     math/f25519.c | 2 --
     math/fgoldi.c | 4 ----
     2 files changed, 6 deletions(-)

    commit 68012cc7915db546ea09027d41c1360e3a5921c0
    Author: Mark Wooding <mdw@distorted.org.uk>
    Date:   Fri, 1 Mar 2019 12:21:38 +0000

        math/f25519.c: Order 10-bit constants the same as 26-bit constants.

     math/f25519.c | 4 ++--
     1 file changed, 2 insertions(+), 2 deletions(-)

Upstream-Revision: ad7da99a043dab9addc7fce6b22b30f12c7676e6