jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 25697caf5c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '25697caf5c'
${ noResults }
ed448goldilocks/p448.h

243 lines
5.3 KiB
Raw Blame History 

  1. /* Copyright (c) 2014 Cryptography Research, Inc.

  2.  * Released under the MIT License.  See LICENSE.txt for license information.

  3.  */

  4. #ifndef __P448_H__

  5. #define __P448_H__ 1

  6. 

  7. #include <stdint.h>

  8. #include <assert.h>

  9. 

  10. #include "word.h"

  11. 

  12. typedef struct p448_t {

  13.   uint64_t limb[8];

  14. } __attribute__((aligned(32))) p448_t;

  15. 

  16. #ifdef __cplusplus

  17. extern "C" {

  18. #endif

  19. 

  20. static __inline__ void

  21. p448_set_ui(p448_t *out,

  22.             uint64_t x)

  23.     __attribute__((unused,always_inline));

  24.            

  25. static __inline__ void

  26. p448_cond_swap(p448_t *a,

  27.                p448_t *b,

  28.                mask_t do_swap)

  29.     __attribute__((unused,always_inline));

  30. 

  31. static __inline__ void

  32. p448_add(p448_t *out,

  33.          const p448_t *a,

  34.          const p448_t *b)

  35.     __attribute__((unused,always_inline));

  36.              

  37. static __inline__ void

  38. p448_sub(p448_t *out,

  39.          const p448_t *a,

  40.          const p448_t *b)

  41.     __attribute__((unused,always_inline));

  42.              

  43. static __inline__ void

  44. p448_neg(p448_t *out,

  45.          const p448_t *a)

  46.     __attribute__((unused,always_inline));

  47.             

  48. static __inline__ void

  49. p448_cond_neg(p448_t *a,

  50.               mask_t doNegate)

  51.    __attribute__((unused,always_inline));

  52. 

  53. static __inline__ void

  54. p448_addw(p448_t *a,

  55.           uint64_t x)

  56.     __attribute__((unused,always_inline));

  57.              

  58. static __inline__ void

  59. p448_subw(p448_t *a,

  60.           uint64_t x)

  61.     __attribute__((unused,always_inline));

  62.              

  63. static __inline__ void

  64. p448_copy(p448_t *out, const p448_t *a)

  65.     __attribute__((unused,always_inline));

  66.              

  67. static __inline__ void

  68. p448_weak_reduce(p448_t *inout)

  69.     __attribute__((unused,always_inline));

  70.              

  71. void

  72. p448_strong_reduce(p448_t *inout);

  73. 

  74. mask_t

  75. p448_is_zero(const p448_t *in);

  76.              

  77. static __inline__ void

  78. p448_bias(p448_t *inout, int amount)

  79.     __attribute__((unused,always_inline));

  80.          

  81. void

  82. p448_mul(p448_t *__restrict__ out,

  83.          const p448_t *a,

  84.          const p448_t *b);

  85. 

  86. void

  87. p448_mulw(p448_t *__restrict__ out,

  88.           const p448_t *a,

  89.           uint64_t b);

  90. 

  91. void

  92. p448_sqr(p448_t *__restrict__ out,

  93.          const p448_t *a);

  94.          

  95. static __inline__ void

  96. p448_sqrn(p448_t *__restrict__ y, const p448_t *x, int n)

  97.     __attribute__((unused,always_inline));

  98. 

  99. void

  100. p448_set_ui(p448_t *out,

  101.             uint64_t x) {

  102.     int i;

  103.     out->limb[0] = x;

  104.     for (i=1; i<8; i++) {

  105.       out->limb[i] = 0;

  106.     }

  107. }

  108.             

  109. void

  110. p448_cond_swap(p448_t *a, p448_t *b, mask_t doswap) {

  111.   big_register_t *aa = (big_register_t*)a;

  112.   big_register_t *bb = (big_register_t*)b;

  113.   big_register_t m = doswap;

  114.   

  115.   unsigned int i;

  116.   for (i=0; i<sizeof(*a)/sizeof(*aa); i++) {

  117.       big_register_t x = m & (aa[i]^bb[i]);

  118.       aa[i] ^= x;

  119.       bb[i] ^= x;

  120.   }

  121. }

  122. 

  123. void

  124. p448_add(p448_t *out, const p448_t *a, const p448_t *b) {

  125.     unsigned int i;

  126.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  127.         ((uint64xn_t*)out)[i] = ((const uint64xn_t*)a)[i] + ((const uint64xn_t*)b)[i];

  128.     }

  129.     /*

  130.     unsigned int i;

  131.     for (i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {

  132.         out->limb[i] = a->limb[i] + b->limb[i];

  133.     }

  134.     */

  135. }

  136. 

  137. void

  138. p448_sub(p448_t *out, const p448_t *a, const p448_t *b) {

  139.     unsigned int i;

  140.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  141.         ((uint64xn_t*)out)[i] = ((const uint64xn_t*)a)[i] - ((const uint64xn_t*)b)[i];

  142.     }

  143.     /*

  144.     unsigned int i;

  145.     for (i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {

  146.         out->limb[i] = a->limb[i] - b->limb[i];

  147.     }

  148.     */

  149. }

  150. 

  151. void

  152. p448_neg(p448_t *out, const p448_t *a) {

  153.     unsigned int i;

  154.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  155.         ((uint64xn_t*)out)[i] = -((const uint64xn_t*)a)[i];

  156.     }

  157.     /*

  158.     unsigned int i;

  159.     for (i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {

  160.         out->limb[i] = -a->limb[i];

  161.     }

  162.     */

  163. }

  164. 

  165. void

  166. p448_cond_neg(

  167.     p448_t *a,

  168.     mask_t doNegate

  169. ) {

  170.     unsigned int i;

  171.     struct p448_t negated;

  172.     big_register_t *aa = (big_register_t *)a;

  173.     big_register_t *nn = (big_register_t*)&negated;

  174.     big_register_t m = doNegate;

  175.     

  176.     p448_neg(&negated, a);

  177.     p448_bias(&negated, 2);

  178.     

  179.     for (i=0; i<sizeof(*a)/sizeof(*aa); i++) {

  180.         aa[i] = (aa[i] & ~m) | (nn[i] & m);

  181.     }

  182. }

  183. 

  184. void

  185. p448_addw(p448_t *a, uint64_t x) {

  186.   a->limb[0] += x;

  187. }

  188.              

  189. void

  190. p448_subw(p448_t *a, uint64_t x) {

  191.   a->limb[0] -= x;

  192. }

  193. 

  194. void

  195. p448_copy(p448_t *out, const p448_t *a) {

  196.   *out = *a;

  197. }

  198. 

  199. void

  200. p448_bias(p448_t *a, int amt) {

  201.     uint64_t co1 = ((1ull<<56)-1)*amt, co2 = co1-amt;

  202.     uint64x4_t lo = {co1,co1,co1,co1}, hi = {co2,co1,co1,co1};

  203.     uint64x4_t *aa = (uint64x4_t*) a;

  204.     aa[0] += lo;

  205.     aa[1] += hi;

  206. }

  207. 

  208. void

  209. p448_weak_reduce(p448_t *a) {

  210.     /* TODO: use pshufb/palignr if anyone cares about speed of this */

  211.     uint64_t mask = (1ull<<56) - 1;

  212.     uint64_t tmp = a->limb[7] >> 56;

  213.     int i;

  214.     a->limb[4] += tmp;

  215.     for (i=7; i>0; i--) {

  216.         a->limb[i] = (a->limb[i] & mask) + (a->limb[i-1]>>56);

  217.     }

  218.     a->limb[0] = (a->limb[0] & mask) + tmp;

  219. }

  220. 

  221. void p448_sqrn(p448_t *__restrict__ y, const p448_t *x, int n) {

  222.     p448_t tmp;

  223.     assert(n>0);

  224.     if (n&1) {

  225.         p448_sqr(y,x);

  226.         n--;

  227.     } else {

  228.         p448_sqr(&tmp,x);

  229.         p448_sqr(y,&tmp);

  230.         n-=2;

  231.     }

  232.     for (; n; n-=2) {

  233.         p448_sqr(&tmp,y);

  234.         p448_sqr(y,&tmp);

  235.     }

  236. }

  237. 

  238. #ifdef __cplusplus

  239. }; /* extern "C" */

  240. #endif

  241. 

  242. #endif /* __P448_H__ */