jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

generate most of f_impl.h. Not tested on most arches yet :-(

master
Michael Hamburg 10 years ago
parent
294eabaec7
commit
4218223dd7
21 changed files with 196 additions and 837 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +35
    -5
      src/gen_headers/f_field_h.py
  2. +1
    -1
      src/p25519/arch_ref64/f_impl.c
  3. +0
    -78
      src/p25519/arch_ref64/f_impl.h
  4. +1
    -1
      src/p25519/arch_x86_64/f_impl.c
  5. +0
    -90
      src/p25519/arch_x86_64/f_impl.h
  6. +1
    -2
      src/p448/arch_32/f_impl.c
  7. +0
    -76
      src/p448/arch_32/f_impl.h
  8. +1
    -2
      src/p448/arch_arm_32/f_impl.c
  9. +0
    -76
      src/p448/arch_arm_32/f_impl.h
  10. +1
    -2
      src/p448/arch_neon_experimental/f_impl.c
  11. +1
    -77
      src/p448/arch_neon_experimental/f_impl.h
  12. +1
    -1
      src/p448/arch_ref64/f_impl.c
  13. +0
    -76
      src/p448/arch_ref64/f_impl.h
  14. +1
    -1
      src/p448/arch_x86_64/f_impl.c
  15. +0
    -79
      src/p448/arch_x86_64/f_impl.h
  16. +20
    -21
      src/p480/arch_x86_64/f_impl.c
  17. +40
    -60
      src/p480/arch_x86_64/f_impl.h
  18. +20
    -20
      src/p521/arch_ref64/f_impl.c
  19. +39
    -59
      src/p521/arch_ref64/f_impl.h
  20. +20
    -20
      src/p521/arch_x86_64_r12/f_impl.c
  21. +14
    -90
      src/p521/arch_x86_64_r12/f_impl.h

+ 35
- 5
src/gen_headers/f_field_h.py View File

@@ -9,22 +9,52 @@ f_field_h = gen_file(
#include "constant_time.h"
#include <string.h>

#include "f_impl.h"

#include "decaf/decaf_%(gf_bits)s.h" /* HACK in genheader */
#include "word.h"

#define GF_LIT_LIMB_BITS %(gf_lit_limb_bits)d
#define GF_BITS %(gf_bits)d
#define gf gf_%(gf_shortname)s_t
#define gf_s gf_%(gf_shortname)s_s
#define gf_mul gf_%(gf_shortname)s_mul
#define gf_sqr gf_%(gf_shortname)s_sqr
#define gf_copy gf_%(gf_shortname)s_copy
#define gf_add_RAW gf_%(gf_shortname)s_add_RAW
#define gf_sub_RAW gf_%(gf_shortname)s_sub_RAW
#define gf_mulw gf_%(gf_shortname)s_mulw
#define gf_bias gf_%(gf_shortname)s_bias
#define gf_isr gf_%(gf_shortname)s_isr
#define gf_weak_reduce gf_%(gf_shortname)s_weak_reduce
#define gf_strong_reduce gf_%(gf_shortname)s_strong_reduce
#define gf_mul gf_%(gf_shortname)s_mul
#define gf_sqr gf_%(gf_shortname)s_sqr
#define gf_mulw gf_%(gf_shortname)s_mulw
#define gf_isr gf_%(gf_shortname)s_isr
#define gf_serialize gf_%(gf_shortname)s_serialize
#define gf_deserialize gf_%(gf_shortname)s_deserialize

#define SQRT_MINUS_ONE P%(gf_shortname)s_SQRT_MINUS_ONE /* might not be defined */

#define INLINE_UNUSED __inline__ __attribute__((unused,always_inline))

#ifdef __cplusplus
extern "C" {
#endif

/* Defined below in f_impl.h */
static INLINE_UNUSED void gf_copy (gf out, const gf a) { *out = *a; }
static INLINE_UNUSED void gf_add_RAW (gf out, const gf a, const gf b);
static INLINE_UNUSED void gf_sub_RAW (gf out, const gf a, const gf b);
static INLINE_UNUSED void gf_bias (gf inout, int amount);
static INLINE_UNUSED void gf_weak_reduce (gf inout);

void gf_strong_reduce (gf inout);
void gf_mul (gf_s *__restrict__ out, const gf a, const gf b);
void gf_mulw (gf_s *__restrict__ out, const gf a, uint64_t b);
void gf_sqr (gf_s *__restrict__ out, const gf a);
void gf_serialize (uint8_t *serial, const gf x);
mask_t gf_deserialize (gf x, const uint8_t serial[(GF_BITS-1)/8+1]);

#ifdef __cplusplus
} /* extern "C" */
#endif

#include "f_impl.h" /* Bring in the inline implementations */
""")

+ 1
- 1
src/p25519/arch_ref64/f_impl.c View File

@@ -2,7 +2,7 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "f_impl.h"
#include "f_field.h"

static __inline__ __uint128_t widemul(
const uint64_t a,


+ 0
- 78
src/p25519/arch_ref64/f_impl.h View File

@@ -14,88 +14,10 @@
#define LBITS 51
#define FIELD_LITERAL(a,b,c,d,e) {{ a,b,c,d,e }}

/*
#define FIELD_LITERAL(a,b,c,d) {{ \
(a##ull) & LMASK, \
((a##ull)>>51 | (b##ull)<<13) & LMASK, \
((b##ull)>>38 | (c##ull)<<26) & LMASK, \
((c##ull)>>25 | (d##ull)<<39) & LMASK, \
(d##ull)>>12 \
}}
*/

#ifdef __cplusplus
extern "C" {
#endif

static __inline__ void
gf_25519_add_RAW (
gf_25519_t out,
const gf_25519_t a,
const gf_25519_t b
) __attribute__((unused));
static __inline__ void
gf_25519_sub_RAW (
gf_25519_t out,
const gf_25519_t a,
const gf_25519_t b
) __attribute__((unused));
static __inline__ void
gf_25519_copy (
gf_25519_t out,
const gf_25519_t a
) __attribute__((unused));
static __inline__ void
gf_25519_weak_reduce (
gf_25519_t inout
) __attribute__((unused));
void
gf_25519_strong_reduce (
gf_25519_t inout
);

static __inline__ void
gf_25519_bias (
gf_25519_t inout,
int amount
) __attribute__((unused));
void
gf_25519_mul (
gf_25519_s *__restrict__ out,
const gf_25519_t a,
const gf_25519_t b
);

void
gf_25519_mulw (
gf_25519_s *__restrict__ out,
const gf_25519_t a,
uint64_t b
);

void
gf_25519_sqr (
gf_25519_s *__restrict__ out,
const gf_25519_t a
);

void
gf_25519_serialize (
uint8_t serial[32],
const gf_25519_t x
);

mask_t
gf_25519_deserialize (
gf_25519_t x,
const uint8_t serial[32]
);

/* -------------- Inline functions begin here -------------- */

void


+ 1
- 1
src/p25519/arch_x86_64/f_impl.c View File

@@ -2,7 +2,7 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "f_impl.h"
#include "f_field.h"
#include "x86-64-arith.h"

static inline uint64_t shr(__uint128_t x, int n) {


+ 0
- 90
src/p25519/arch_x86_64/f_impl.h View File

@@ -14,88 +14,6 @@
#define DECAF_255_LIMB_BITS 51
#define FIELD_LITERAL(a,b,c,d,e) {{ a,b,c,d,e }}

/*
#define FIELD_LITERAL(a,b,c,d) {{ \
(a##ull) & LMASK, \
((a##ull)>>51 | (b##ull)<<13) & LMASK, \
((b##ull)>>38 | (c##ull)<<26) & LMASK, \
((c##ull)>>25 | (d##ull)<<39) & LMASK, \
(d##ull)>>12 \
}}
*/

#ifdef __cplusplus
extern "C" {
#endif

static __inline__ void
gf_25519_add_RAW (
gf_25519_t out,
const gf_25519_t a,
const gf_25519_t b
) __attribute__((unused));
static __inline__ void
gf_25519_sub_RAW (
gf_25519_t out,
const gf_25519_t a,
const gf_25519_t b
) __attribute__((unused));
static __inline__ void
gf_25519_copy (
gf_25519_t out,
const gf_25519_t a
) __attribute__((unused));
static __inline__ void
gf_25519_weak_reduce (
gf_25519_t inout
) __attribute__((unused));
void
gf_25519_strong_reduce (
gf_25519_t inout
);

static __inline__ void
gf_25519_bias (
gf_25519_t inout,
int amount
) __attribute__((unused));
void
gf_25519_mul (
gf_25519_s *__restrict__ out,
const gf_25519_t a,
const gf_25519_t b
);

void
gf_25519_mulw (
gf_25519_s *__restrict__ out,
const gf_25519_t a,
uint64_t b
);

void
gf_25519_sqr (
gf_25519_s *__restrict__ out,
const gf_25519_t a
);

void
gf_25519_serialize (
uint8_t serial[32],
const gf_25519_t x
);

mask_t
gf_25519_deserialize (
gf_25519_t x,
const uint8_t serial[32]
);

/* -------------- Inline functions begin here -------------- */

void
@@ -123,14 +41,6 @@ gf_25519_sub_RAW (
}
}

void
gf_25519_copy (
gf_25519_t out,
const gf_25519_t a
) {
memcpy(out,a,sizeof(*a));
}

void
gf_25519_bias (
gf_25519_t a,


+ 1
- 2
src/p448/arch_32/f_impl.c View File

@@ -2,8 +2,7 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "word.h"
#include "f_impl.h"
#include "f_field.h"

static inline mask_t __attribute__((always_inline))
is_zero (


+ 0
- 76
src/p448/arch_32/f_impl.h View File

@@ -22,74 +22,6 @@ typedef struct gf_448_s {
extern "C" {
#endif

static __inline__ void
gf_448_add_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_sub_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_weak_reduce (
gf_448_t inout
) __attribute__((unused,always_inline));
void
gf_448_strong_reduce (
gf_448_t inout
);
static __inline__ void
gf_448_bias (
gf_448_t inout,
int amount
) __attribute__((unused,always_inline));

void
gf_448_mul (
gf_448_s *__restrict__ out,
const gf_448_t a,
const gf_448_t b
);

void
gf_448_mulw (
gf_448_s *__restrict__ out,
const gf_448_t a,
uint64_t b
);

void
gf_448_sqr (
gf_448_s *__restrict__ out,
const gf_448_t a
);

void
gf_448_serialize (
uint8_t *serial,
const gf_448_t x
);

mask_t
gf_448_deserialize (
gf_448_t x,
const uint8_t serial[56]
);

/* -------------- Inline functions begin here -------------- */

void
@@ -128,14 +60,6 @@ gf_448_sub_RAW (
*/
}

void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) {
*out = *a;
}

void
gf_448_bias (
gf_448_t a,


+ 1
- 2
src/p448/arch_arm_32/f_impl.c View File

@@ -2,8 +2,7 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "word.h"
#include "f_impl.h"
#include "f_field.h"

static inline mask_t __attribute__((always_inline))
is_zero (


+ 0
- 76
src/p448/arch_arm_32/f_impl.h View File

@@ -22,74 +22,6 @@ typedef struct gf_448_s {
extern "C" {
#endif

static __inline__ void
gf_448_add_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_sub_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_weak_reduce (
gf_448_t inout
) __attribute__((unused,always_inline));
void
gf_448_strong_reduce (
gf_448_t inout
);
static __inline__ void
gf_448_bias (
gf_448_t inout,
int amount
) __attribute__((unused,always_inline));

void
gf_448_mul (
gf_448_s *__restrict__ out,
const gf_448_t a,
const gf_448_t b
);

void
gf_448_mulw (
gf_448_s *__restrict__ out,
const gf_448_t a,
uint64_t b
);

void
gf_448_sqr (
gf_448_s *__restrict__ out,
const gf_448_t a
);

void
gf_448_serialize (
uint8_t *serial,
const gf_448_t x
);

mask_t
gf_448_deserialize (
gf_448_t x,
const uint8_t serial[56]
);

/* -------------- Inline functions begin here -------------- */

void
@@ -128,14 +60,6 @@ gf_448_sub_RAW (
*/
}

void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) {
*out = *a;
}

void
gf_448_bias (
gf_448_t a,


+ 1
- 2
src/p448/arch_neon_experimental/f_impl.c View File

@@ -2,8 +2,7 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "word.h"
#include "f_impl.h"
#include "f_field.h"

static inline mask_t __attribute__((always_inline))
is_zero (


+ 1
- 77
src/p448/arch_neon_experimental/f_impl.h View File

@@ -27,75 +27,7 @@ typedef struct gf_448_s {
#ifdef __cplusplus
extern "C" {
#endif

static __inline__ void
gf_448_add_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_sub_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_weak_reduce (
gf_448_t inout
) __attribute__((unused,always_inline));
void
gf_448_strong_reduce (
gf_448_t inout
);
static __inline__ void
gf_448_bias (
gf_448_t inout,
int amount
) __attribute__((unused,always_inline));

void
gf_448_mul (
gf_448_s *__restrict__ out,
const gf_448_t a,
const gf_448_t b
);

void
gf_448_mulw (
gf_448_s *__restrict__ out,
const gf_448_t a,
uint64_t b
);

void
gf_448_sqr (
gf_448_s *__restrict__ out,
const gf_448_t a
);

void
gf_448_serialize (
uint8_t *serial,
const gf_448_t x
);

mask_t
gf_448_deserialize (
gf_448_t x,
const uint8_t serial[56]
);

/* -------------- Inline functions begin here -------------- */

void
@@ -128,14 +60,6 @@ gf_448_sub_RAW (
*/
}

void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) {
*out = *a;
}

void
gf_448_bias (
gf_448_t a,


+ 1
- 1
src/p448/arch_ref64/f_impl.c View File

@@ -2,7 +2,7 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "f_impl.h"
#include "f_field.h"

static __inline__ __uint128_t widemul(
const uint64_t a,


+ 0
- 76
src/p448/arch_ref64/f_impl.h View File

@@ -21,74 +21,6 @@ typedef struct gf_448_s {
extern "C" {
#endif

static __inline__ void
gf_448_add_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused));
static __inline__ void
gf_448_sub_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused));
static __inline__ void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) __attribute__((unused));
static __inline__ void
gf_448_weak_reduce (
gf_448_t inout
) __attribute__((unused));
void
gf_448_strong_reduce (
gf_448_t inout
);

static __inline__ void
gf_448_bias (
gf_448_t inout,
int amount
) __attribute__((unused));
void
gf_448_mul (
gf_448_s *__restrict__ out,
const gf_448_t a,
const gf_448_t b
);

void
gf_448_mulw (
gf_448_s *__restrict__ out,
const gf_448_t a,
uint64_t b
);

void
gf_448_sqr (
gf_448_s *__restrict__ out,
const gf_448_t a
);

void
gf_448_serialize (
uint8_t *serial,
const gf_448_t x
);

mask_t
gf_448_deserialize (
gf_448_t x,
const uint8_t serial[56]
);

/* -------------- Inline functions begin here -------------- */

void
@@ -118,14 +50,6 @@ gf_448_sub_RAW (
gf_448_weak_reduce(out);
}

void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) {
memcpy(out,a,sizeof(*a));
}

void
gf_448_bias (
gf_448_t a,


+ 1
- 1
src/p448/arch_x86_64/f_impl.c View File

@@ -2,7 +2,7 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "f_impl.h"
#include "f_field.h"
#include "x86-64-arith.h"

void


+ 0
- 79
src/p448/arch_x86_64/f_impl.h View File

@@ -17,74 +17,6 @@
extern "C" {
#endif

static __inline__ void
gf_448_add_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_sub_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) __attribute__((unused,always_inline));
static __inline__ void
gf_448_weak_reduce (
gf_448_t inout
) __attribute__((unused,always_inline));
void
gf_448_strong_reduce (
gf_448_t inout
);

static __inline__ void
gf_448_bias (
gf_448_t inout,
int amount
) __attribute__((unused,always_inline));
void
gf_448_mul (
gf_448_s *__restrict__ out,
const gf_448_t a,
const gf_448_t b
);

void
gf_448_mulw (
gf_448_s *__restrict__ out,
const gf_448_t a,
uint64_t b
);

void
gf_448_sqr (
gf_448_s *__restrict__ out,
const gf_448_t a
);

void
gf_448_serialize (
uint8_t *serial,
const gf_448_t x
);

mask_t
gf_448_deserialize (
gf_448_t x,
const uint8_t serial[56]
);

/* -------------- Inline functions begin here -------------- */

void
@@ -123,17 +55,6 @@ gf_448_sub_RAW (
*/
}

void
gf_448_copy (
gf_448_t out,
const gf_448_t a
) {
unsigned int i;
for (i=0; i<sizeof(*out)/sizeof(big_register_t); i++) {
((big_register_t *)out)[i] = ((const big_register_t *)a)[i];
}
}

void
gf_448_bias (
gf_448_t a,


+ 20
- 21
src/p480/arch_x86_64/f_impl.c View File

@@ -2,14 +2,13 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "f_impl.h"
#include "x86-64-arith.h"
#include "f_field.h"

void
p480_mul (
p480_t *__restrict__ cs,
const p480_t *as,
const p480_t *bs
gf_480_mul (
gf_480_t *__restrict__ cs,
const gf_480_t *as,
const gf_480_t *bs
) {
const uint64_t *a = as->limb, *b = bs->limb;
uint64_t *c = cs->limb;
@@ -146,9 +145,9 @@ p480_mul (
}

void
p480_mulw (
p480_t *__restrict__ cs,
const p480_t *as,
gf_480_mulw (
gf_480_t *__restrict__ cs,
const gf_480_t *as,
uint64_t b
) {
const uint64_t *a = as->limb;
@@ -191,9 +190,9 @@ p480_mulw (
}

void
p480_sqr (
p480_t *__restrict__ cs,
const p480_t *as
gf_480_sqr (
gf_480_t *__restrict__ cs,
const gf_480_t *as
) {
const uint64_t *a = as->limb;
uint64_t *c = cs->limb;
@@ -306,8 +305,8 @@ p480_sqr (
}

void
p480_strong_reduce (
p480_t *a
gf_480_strong_reduce (
gf_480_t *a
) {
uint64_t mask = (1ull<<60)-1;

@@ -349,14 +348,14 @@ p480_strong_reduce (
}

void
p480_serialize (
gf_480_serialize (
uint8_t *serial,
const struct p480_t *x
const struct gf_480_t *x
) {
int i,j,k=0;
p480_t red;
p480_copy(&red, x);
p480_strong_reduce(&red);
gf_480_t red;
gf_480_copy(&red, x);
gf_480_strong_reduce(&red);
word_t r = 0;
for (i=0; i<8; i+=2) {
r = red.limb[i];
@@ -375,8 +374,8 @@ p480_serialize (
}

mask_t
p480_deserialize (
p480_t *x,
gf_480_deserialize (
gf_480_t *x,
const uint8_t serial[60]
) {
int i,j,k=0;


+ 40
- 60
src/p480/arch_x86_64/f_impl.h View File

@@ -1,97 +1,77 @@
/* Copyright (c) 2014 Cryptography Research, Inc.
* Released under the MIT License. See LICENSE.txt for license information.
*/
#ifndef __p480_H__
#define __p480_H__ 1
#ifndef __gf_480_H__
#define __gf_480_H__ 1

#include <stdint.h>
#include <assert.h>

#include "word.h"

typedef struct p480_t {
typedef struct gf_480_t {
uint64_t limb[8];
} __attribute__((aligned(32))) p480_t;
} __attribute__((aligned(32))) gf_480_t;

#ifdef __cplusplus
extern "C" {
#endif

static __inline__ void
p480_add_RAW (
p480_t *out,
const p480_t *a,
const p480_t *b
) __attribute__((unused,always_inline));
static __inline__ void
p480_sub_RAW (
p480_t *out,
const p480_t *a,
const p480_t *b
) __attribute__((unused,always_inline));
static __inline__ void
p480_copy (
p480_t *out,
const p480_t *a
) __attribute__((unused,always_inline));
static __inline__ void
p480_weak_reduce (
p480_t *inout
gf_480_weak_reduce (
gf_480_t *inout
) __attribute__((unused,always_inline));
void
p480_strong_reduce (
p480_t *inout
gf_480_strong_reduce (
gf_480_t *inout
);
static __inline__ void
p480_bias (
p480_t *inout,
gf_480_bias (
gf_480_t *inout,
int amount
) __attribute__((unused,always_inline));
void
p480_mul (
p480_t *__restrict__ out,
const p480_t *a,
const p480_t *b
gf_480_mul (
gf_480_t *__restrict__ out,
const gf_480_t *a,
const gf_480_t *b
);

void
p480_mulw (
p480_t *__restrict__ out,
const p480_t *a,
gf_480_mulw (
gf_480_t *__restrict__ out,
const gf_480_t *a,
uint64_t b
);

void
p480_sqr (
p480_t *__restrict__ out,
const p480_t *a
gf_480_sqr (
gf_480_t *__restrict__ out,
const gf_480_t *a
);

void
p480_serialize (
gf_480_serialize (
uint8_t *serial,
const struct p480_t *x
const struct gf_480_t *x
);

mask_t
p480_deserialize (
p480_t *x,
gf_480_deserialize (
gf_480_t *x,
const uint8_t serial[60]
);

/* -------------- Inline functions begin here -------------- */

void
p480_add_RAW (
p480_t *out,
const p480_t *a,
const p480_t *b
gf_480_add_RAW (
gf_480_t *out,
const gf_480_t *a,
const gf_480_t *b
) {
unsigned int i;
for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {
@@ -106,10 +86,10 @@ p480_add_RAW (
}

void
p480_sub_RAW (
p480_t *out,
const p480_t *a,
const p480_t *b
gf_480_sub_RAW (
gf_480_t *out,
const gf_480_t *a,
const gf_480_t *b
) {
unsigned int i;
for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {
@@ -124,9 +104,9 @@ p480_sub_RAW (
}

void
p480_copy (
p480_t *out,
const p480_t *a
gf_480_copy (
gf_480_t *out,
const gf_480_t *a
) {
unsigned int i;
for (i=0; i<sizeof(*out)/sizeof(big_register_t); i++) {
@@ -135,8 +115,8 @@ p480_copy (
}

void
p480_bias (
p480_t *a,
gf_480_bias (
gf_480_t *a,
int amt
) {
uint64_t co1 = ((1ull<<60)-1)*amt, co2 = co1-amt;
@@ -162,8 +142,8 @@ p480_bias (
}

void
p480_weak_reduce (
p480_t *a
gf_480_weak_reduce (
gf_480_t *a
) {
/* PERF: use pshufb/palignr if anyone cares about speed of this */
uint64_t mask = (1ull<<60) - 1;
@@ -180,4 +160,4 @@ p480_weak_reduce (
}; /* extern "C" */
#endif

#endif /* __p480_H__ */
#endif /* __gf_480_H__ */

+ 20
- 20
src/p521/arch_ref64/f_impl.c View File

@@ -2,7 +2,7 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "f_impl.h"
#include "f_field.h"

static __inline__ __uint128_t widemul(
const uint64_t a,
@@ -17,10 +17,10 @@ static __inline__ uint64_t is_zero(uint64_t a) {
}

void
p521_mul (
p521_t *__restrict__ cs,
const p521_t *as,
const p521_t *bs
gf_521_mul (
gf_521_t *__restrict__ cs,
const gf_521_t *as,
const gf_521_t *bs
) {
uint64_t *c = cs->limb;
const uint64_t *a = as->limb, *b = bs->limb;
@@ -158,9 +158,9 @@ p521_mul (
}

void
p521_mulw (
p521_t *__restrict__ cs,
const p521_t *as,
gf_521_mulw (
gf_521_t *__restrict__ cs,
const gf_521_t *as,
uint64_t b
) {
const uint64_t *a = as->limb;
@@ -197,9 +197,9 @@ p521_mulw (
}

void
p521_sqr (
p521_t *__restrict__ cs,
const p521_t *as
gf_521_sqr (
gf_521_t *__restrict__ cs,
const gf_521_t *as
) {
uint64_t *c = cs->limb;
const uint64_t *a = as->limb;
@@ -306,8 +306,8 @@ p521_sqr (
}

void
p521_strong_reduce (
p521_t *a
gf_521_strong_reduce (
gf_521_t *a
) {
uint64_t mask = (1ull<<58)-1, mask2 = (1ull<<57)-1;

@@ -347,14 +347,14 @@ p521_strong_reduce (
}

void
p521_serialize (
gf_521_serialize (
uint8_t *serial,
const struct p521_t *x
const struct gf_521_t *x
) {
int i,k=0;
p521_t red;
p521_copy(&red, x);
p521_strong_reduce(&red);
gf_521_t red;
gf_521_copy(&red, x);
gf_521_strong_reduce(&red);
uint64_t r=0;
int bits = 0;
@@ -371,8 +371,8 @@ p521_serialize (
}

mask_t
p521_deserialize (
p521_t *x,
gf_521_deserialize (
gf_521_t *x,
const uint8_t serial[66]
) {
int i,k=0,bits=0;


+ 39
- 59
src/p521/arch_ref64/f_impl.h View File

@@ -10,122 +10,102 @@

#include "word.h"

typedef struct p521_t {
typedef struct gf_521_t {
uint64_t limb[9];
} p521_t;
} gf_521_t;

#ifdef __cplusplus
extern "C" {
#endif

static __inline__ void
p521_add_RAW (
p521_t *out,
const p521_t *a,
const p521_t *b
) __attribute__((unused));
static __inline__ void
p521_sub_RAW (
p521_t *out,
const p521_t *a,
const p521_t *b
) __attribute__((unused));
static __inline__ void
p521_copy (
p521_t *out,
const p521_t *a
) __attribute__((unused));
static __inline__ void
p521_weak_reduce (
p521_t *inout
gf_521_weak_reduce (
gf_521_t *inout
) __attribute__((unused));
void
p521_strong_reduce (
p521_t *inout
gf_521_strong_reduce (
gf_521_t *inout
);

static __inline__ void
p521_bias (
p521_t *inout,
gf_521_bias (
gf_521_t *inout,
int amount
) __attribute__((unused));
void
p521_mul (
p521_t *__restrict__ out,
const p521_t *a,
const p521_t *b
gf_521_mul (
gf_521_t *__restrict__ out,
const gf_521_t *a,
const gf_521_t *b
);

void
p521_mulw (
p521_t *__restrict__ out,
const p521_t *a,
gf_521_mulw (
gf_521_t *__restrict__ out,
const gf_521_t *a,
uint64_t b
);

void
p521_sqr (
p521_t *__restrict__ out,
const p521_t *a
gf_521_sqr (
gf_521_t *__restrict__ out,
const gf_521_t *a
);

void
p521_serialize (
gf_521_serialize (
uint8_t *serial,
const struct p521_t *x
const struct gf_521_t *x
);

mask_t
p521_deserialize (
p521_t *x,
gf_521_deserialize (
gf_521_t *x,
const uint8_t serial[66]
);

/* -------------- Inline functions begin here -------------- */

void
p521_add_RAW (
p521_t *out,
const p521_t *a,
const p521_t *b
gf_521_add_RAW (
gf_521_t *out,
const gf_521_t *a,
const gf_521_t *b
) {
unsigned int i;
for (i=0; i<9; i++) {
out->limb[i] = a->limb[i] + b->limb[i];
}
p521_weak_reduce(out);
gf_521_weak_reduce(out);
}

void
p521_sub_RAW (
p521_t *out,
const p521_t *a,
const p521_t *b
gf_521_sub_RAW (
gf_521_t *out,
const gf_521_t *a,
const gf_521_t *b
) {
unsigned int i;
uint64_t co1 = ((1ull<<58)-1)*4, co2 = ((1ull<<57)-1)*4;
for (i=0; i<9; i++) {
out->limb[i] = a->limb[i] - b->limb[i] + ((i==8) ? co2 : co1);
}
p521_weak_reduce(out);
gf_521_weak_reduce(out);
}

void
p521_copy (
p521_t *out,
const p521_t *a
gf_521_copy (
gf_521_t *out,
const gf_521_t *a
) {
memcpy(out,a,sizeof(*a));
}

void
p521_bias (
p521_t *a,
gf_521_bias (
gf_521_t *a,
int amt
) {
(void) a;
@@ -133,8 +113,8 @@ p521_bias (
}

void
p521_weak_reduce (
p521_t *a
gf_521_weak_reduce (
gf_521_t *a
) {
uint64_t mask = (1ull<<58) - 1;
uint64_t tmp = a->limb[8] >> 57;


+ 20
- 20
src/p521/arch_x86_64_r12/f_impl.c View File

@@ -2,7 +2,7 @@
* Released under the MIT License. See LICENSE.txt for license information.
*/

#include "f_impl.h"
#include "f_field.h"

typedef struct {
uint64x3_t lo, hi, hier;
@@ -168,10 +168,10 @@ static inline void hexad_sqr_signed (


void
p521_mul (
p521_t *__restrict__ cs,
const p521_t *as,
const p521_t *bs
gf_521_mul (
gf_521_t *__restrict__ cs,
const gf_521_t *as,
const gf_521_t *bs
) {
int i;
@@ -254,9 +254,9 @@ p521_mul (


void
p521_sqr (
p521_t *__restrict__ cs,
const p521_t *as
gf_521_sqr (
gf_521_t *__restrict__ cs,
const gf_521_t *as
) {

@@ -313,9 +313,9 @@ p521_sqr (
}

void
p521_mulw (
p521_t *__restrict__ cs,
const p521_t *as,
gf_521_mulw (
gf_521_t *__restrict__ cs,
const gf_521_t *as,
uint64_t b
) {
@@ -375,8 +375,8 @@ p521_mulw (


void
p521_strong_reduce (
p521_t *a
gf_521_strong_reduce (
gf_521_t *a
) {
uint64_t mask = (1ull<<58)-1, mask2 = (1ull<<57)-1;

@@ -418,14 +418,14 @@ p521_strong_reduce (
}

void
p521_serialize (
gf_521_serialize (
uint8_t *serial,
const struct p521_t *x
const struct gf_521_t *x
) {
unsigned int i,k=0;
p521_t red;
p521_copy(&red, x);
p521_strong_reduce(&red);
gf_521_t red;
gf_521_copy(&red, x);
gf_521_strong_reduce(&red);
uint64_t r=0;
int bits = 0;
@@ -442,8 +442,8 @@ p521_serialize (
}

mask_t
p521_deserialize (
p521_t *x,
gf_521_deserialize (
gf_521_t *x,
const uint8_t serial[LIMBPERM(66)]
) {
int i,k=0,bits=0;


+ 14
- 90
src/p521/arch_x86_64_r12/f_impl.h View File

@@ -14,82 +14,14 @@
#define LIMBPERM(x) (((x)%3)*4 + (x)/3)
#define USE_P521_3x3_TRANSPOSE

typedef struct p521_t {
typedef struct gf_521_s {
uint64_t limb[12];
} __attribute__((aligned(32))) p521_t;
} __attribute__((aligned(32))) gf_521_t;

#ifdef __cplusplus
extern "C" {
#endif

static __inline__ void
p521_add_RAW (
p521_t *out,
const p521_t *a,
const p521_t *b
) __attribute__((unused));
static __inline__ void
p521_sub_RAW (
p521_t *out,
const p521_t *a,
const p521_t *b
) __attribute__((unused));
static __inline__ void
p521_copy (
p521_t *out,
const p521_t *a
) __attribute__((unused));
static __inline__ void
p521_weak_reduce (
p521_t *inout
) __attribute__((unused));
void
p521_strong_reduce (
p521_t *inout
);

static __inline__ void
p521_bias (
p521_t *inout,
int amount
) __attribute__((unused));
void
p521_mul (
p521_t *__restrict__ out,
const p521_t *a,
const p521_t *b
);

void
p521_mulw (
p521_t *__restrict__ out,
const p521_t *a,
uint64_t b
);

void
p521_sqr (
p521_t *__restrict__ out,
const p521_t *a
);

void
p521_serialize (
uint8_t *serial,
const struct p521_t *x
);

mask_t
p521_deserialize (
p521_t *x,
const uint8_t serial[66]
);

/* -------------- Inline functions begin here -------------- */

typedef uint64x4_t uint64x3_t; /* fit it in a vector register */
@@ -106,10 +38,10 @@ timesW (
}

void
p521_add_RAW (
p521_t *out,
const p521_t *a,
const p521_t *b
gf_521_add_RAW (
gf_521_t *out,
const gf_521_t *a,
const gf_521_t *b
) {
unsigned int i;
for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {
@@ -118,10 +50,10 @@ p521_add_RAW (
}

void
p521_sub_RAW (
p521_t *out,
const p521_t *a,
const p521_t *b
gf_521_sub_RAW (
gf_521_t *out,
const gf_521_t *a,
const gf_521_t *b
) {
unsigned int i;
for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {
@@ -130,16 +62,8 @@ p521_sub_RAW (
}

void
p521_copy (
p521_t *out,
const p521_t *a
) {
memcpy(out,a,sizeof(*a));
}

void
p521_bias (
p521_t *a,
gf_521_bias (
gf_521_t *a,
int amt
) {
uint64_t co0 = ((1ull<<58)-2)*amt, co1 = ((1ull<<58)-1)*amt;
@@ -150,8 +74,8 @@ p521_bias (
}

void
p521_weak_reduce (
p521_t *a
gf_521_weak_reduce (
gf_521_t *a
) {
#if 0
int i;


Write Preview
Loading…
Cancel
Save