jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
169 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: b5f7c2eff8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b5f7c2eff8'
${ noResults }
ed448goldilocks/src/p521/arch_x86_64_r12/p521.h

183 lines
3.3 KiB
Raw Blame History 

  1. /* Copyright (c) 2014 Cryptography Research, Inc.

  2.  * Released under the MIT License.  See LICENSE.txt for license information.

  3.  */

  4. #ifndef __P521_H__

  5. #define __P521_H__ 1

  6. 

  7. #include <stdint.h>

  8. #include <assert.h>

  9. #include <string.h>

  10. 

  11. #include "word.h"

  12. #include "constant_time.h"

  13. 

  14. #define LIMBPERM(x) (((x)%3)*4 + (x)/3)

  15. #define USE_P521_3x3_TRANSPOSE

  16. 

  17. typedef struct p521_t {

  18.   uint64_t limb[12];

  19. } __attribute__((aligned(32))) p521_t;

  20. 

  21. #ifdef __cplusplus

  22. extern "C" {

  23. #endif

  24. 

  25. static __inline__ void

  26. p521_add_RAW (

  27.     p521_t *out,

  28.     const p521_t *a,

  29.     const p521_t *b

  30. ) __attribute__((unused));

  31.              

  32. static __inline__ void

  33. p521_sub_RAW (

  34.     p521_t *out,

  35.     const p521_t *a,

  36.     const p521_t *b

  37. ) __attribute__((unused));

  38.              

  39. static __inline__ void

  40. p521_copy (

  41.     p521_t *out,

  42.     const p521_t *a

  43. ) __attribute__((unused));

  44.              

  45. static __inline__ void

  46. p521_weak_reduce (

  47.     p521_t *inout

  48. ) __attribute__((unused));

  49.              

  50. void

  51. p521_strong_reduce (

  52.     p521_t *inout

  53. );

  54. 

  55. static __inline__ void

  56. p521_bias (

  57.     p521_t *inout,

  58.     int amount

  59. ) __attribute__((unused));

  60.          

  61. void

  62. p521_mul (

  63.     p521_t *__restrict__ out,

  64.     const p521_t *a,

  65.     const p521_t *b

  66. );

  67. 

  68. void

  69. p521_mulw (

  70.     p521_t *__restrict__ out,

  71.     const p521_t *a,

  72.     uint64_t b

  73. );

  74. 

  75. void

  76. p521_sqr (

  77.     p521_t *__restrict__ out,

  78.     const p521_t *a

  79. );

  80. 

  81. void

  82. p521_serialize (

  83.     uint8_t *serial,

  84.     const struct p521_t *x

  85. );

  86. 

  87. mask_t

  88. p521_deserialize (

  89.     p521_t *x,

  90.     const uint8_t serial[66]

  91. );

  92. 

  93. /* -------------- Inline functions begin here -------------- */

  94. 

  95. typedef uint64x4_t uint64x3_t; /* fit it in a vector register */

  96. 

  97. static const uint64x3_t mask58 = { (1ull<<58) - 1, (1ull<<58) - 1, (1ull<<58) - 1, 0 };

  98. 

  99. /* Currently requires CLANG.  Sorry. */

  100. static inline uint64x3_t

  101. __attribute__((unused))

  102. timesW (

  103.   uint64x3_t u

  104. ) {

  105.   return u.zxyw + u.zwww;

  106. }

  107. 

  108. void

  109. p521_add_RAW (

  110.     p521_t *out,

  111.     const p521_t *a,

  112.     const p521_t *b

  113. ) {

  114.     unsigned int i;

  115.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  116.         ((uint64xn_t*)out)[i] = ((const uint64xn_t*)a)[i] + ((const uint64xn_t*)b)[i];

  117.     }

  118. }

  119. 

  120. void

  121. p521_sub_RAW (

  122.     p521_t *out,

  123.     const p521_t *a,

  124.     const p521_t *b

  125. ) {

  126.     unsigned int i;

  127.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  128.         ((uint64xn_t*)out)[i] = ((const uint64xn_t*)a)[i] - ((const uint64xn_t*)b)[i];

  129.     }

  130. }

  131. 

  132. void

  133. p521_copy (

  134.     p521_t *out,

  135.     const p521_t *a

  136. ) {

  137.     memcpy(out,a,sizeof(*a));

  138. }

  139. 

  140. void

  141. p521_bias (

  142.     p521_t *a,

  143.     int amt

  144. ) {

  145.     uint64_t co0 = ((1ull<<58)-2)*amt, co1 = ((1ull<<58)-1)*amt;

  146.     uint64x4_t vlo = { co0, co1, co1, 0 }, vhi = { co1, co1, co1, 0 };

  147.     ((uint64x4_t*)a)[0] += vlo;

  148.     ((uint64x4_t*)a)[1] += vhi;

  149.     ((uint64x4_t*)a)[2] += vhi;

  150. }

  151. 

  152. void

  153. p521_weak_reduce (

  154.     p521_t *a

  155. ) {

  156. #if 0

  157.     int i;

  158.     assert(a->limb[3] == 0 && a->limb[7] == 0 && a->limb[11] == 0);

  159.     for (i=0; i<12; i++) {

  160.         assert(a->limb[i] < 3ull<<61);

  161.     }

  162. #endif

  163.     

  164.     uint64x3_t

  165.         ot0 = ((uint64x4_t*)a)[0],

  166.         ot1 = ((uint64x4_t*)a)[1],

  167.         ot2 = ((uint64x4_t*)a)[2];

  168.     

  169.     uint64x3_t out0 = (ot0 & mask58) + timesW(ot2>>58);

  170.     uint64x3_t out1 = (ot1 & mask58) + (ot0>>58);

  171.     uint64x3_t out2 = (ot2 & mask58) + (ot1>>58);

  172. 

  173.     ((uint64x4_t*)a)[0] = out0;

  174.     ((uint64x4_t*)a)[1] = out1;

  175.     ((uint64x4_t*)a)[2] = out2;

  176. }

  177. 

  178. #ifdef __cplusplus

  179. }; /* extern "C" */

  180. #endif

  181. 

  182. #endif /* __P521_H__ */