jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 94c51dd2c4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '94c51dd2c4'
${ noResults }
ed448goldilocks/src/arch_x86_64/p448.h

405 lines
7.3 KiB
Raw Blame History 

  1. /* Copyright (c) 2014 Cryptography Research, Inc.

  2.  * Released under the MIT License.  See LICENSE.txt for license information.

  3.  */

  4. #ifndef __P448_H__

  5. #define __P448_H__ 1

  6. 

  7. #include <stdint.h>

  8. #include <assert.h>

  9. 

  10. #include "word.h"

  11. 

  12. typedef struct p448_t {

  13.   uint64_t limb[8];

  14. } __attribute__((aligned(32))) p448_t;

  15. 

  16. #ifdef __cplusplus

  17. extern "C" {

  18. #endif

  19. 

  20. static __inline__ void

  21. p448_set_ui (

  22.     p448_t *out,

  23.     uint64_t x

  24. ) __attribute__((unused,always_inline));

  25.            

  26. static __inline__ void

  27. p448_cond_swap (

  28.     p448_t *a,

  29.     p448_t *b,

  30.     mask_t do_swap

  31. ) __attribute__((unused,always_inline));

  32. 

  33. static __inline__ void

  34. p448_add (

  35.     p448_t *out,

  36.     const p448_t *a,

  37.     const p448_t *b

  38. ) __attribute__((unused,always_inline));

  39.              

  40. static __inline__ void

  41. p448_sub (

  42.     p448_t *out,

  43.     const p448_t *a,

  44.     const p448_t *b

  45. ) __attribute__((unused,always_inline));

  46.              

  47. static __inline__ void

  48. p448_neg (

  49.     p448_t *out,

  50.     const p448_t *a

  51. ) __attribute__((unused,always_inline));

  52.             

  53. static __inline__ void

  54. p448_cond_neg (

  55.     p448_t *a,

  56.     mask_t doNegate

  57. ) __attribute__((unused,always_inline));

  58. 

  59. static __inline__ void

  60. p448_addw (

  61.     p448_t *a,

  62.     uint64_t x

  63. ) __attribute__((unused,always_inline));

  64.              

  65. static __inline__ void

  66. p448_subw (

  67.     p448_t *a,

  68.     uint64_t x

  69. ) __attribute__((unused,always_inline));

  70.              

  71. static __inline__ void

  72. p448_copy (

  73.     p448_t *out,

  74.     const p448_t *a

  75. ) __attribute__((unused,always_inline));

  76.              

  77. static __inline__ void

  78. p448_weak_reduce (

  79.     p448_t *inout

  80. ) __attribute__((unused,always_inline));

  81.              

  82. void

  83. p448_strong_reduce (

  84.     p448_t *inout

  85. );

  86. 

  87. mask_t

  88. p448_is_zero (

  89.     const p448_t *in

  90. );

  91.   

  92. static

  93. #ifndef GCC_HAS_A_BUG_SO_DONT_INLINE_FIELD_BIAS

  94.     __inline__

  95. #endif

  96. void

  97. p448_bias (

  98.     p448_t *inout,

  99.     int amount

  100. )

  101. #ifdef GCC_HAS_A_BUG_SO_DONT_INLINE_FIELD_BIAS

  102.     __attribute__((unused,noinline,optimize("O1")))

  103. #else

  104.     __attribute__((unused,always_inline))

  105. #endif

  106. ;

  107.          

  108. void

  109. p448_mul (

  110.     p448_t *__restrict__ out,

  111.     const p448_t *a,

  112.     const p448_t *b

  113. );

  114. 

  115. void

  116. p448_mulw (

  117.     p448_t *__restrict__ out,

  118.     const p448_t *a,

  119.     uint64_t b

  120. );

  121. 

  122. void

  123. p448_sqr (

  124.     p448_t *__restrict__ out,

  125.     const p448_t *a

  126. );

  127.          

  128. static __inline__ void

  129. p448_sqrn (

  130.     p448_t *__restrict__ y,

  131.     const p448_t *x,

  132.     int n

  133. ) __attribute__((unused,always_inline));

  134. 

  135. void

  136. p448_serialize (

  137.     uint8_t *serial,

  138.     const struct p448_t *x

  139. );

  140. 

  141. mask_t

  142. p448_deserialize (

  143.     p448_t *x,

  144.     const uint8_t serial[56]

  145. );

  146.     

  147. static __inline__ void

  148. p448_mask(

  149.     struct p448_t *a,

  150.     const struct p448_t *b,

  151.     mask_t mask

  152. ) __attribute__((unused,always_inline));

  153. 

  154. /**

  155. * Returns 1/x.

  156. * 

  157. * If x=0, returns 0.

  158. */

  159. void

  160. p448_inverse (

  161.    struct p448_t*       a,

  162.    const struct p448_t* x

  163. );

  164.        

  165. void

  166. simultaneous_invert_p448 (

  167.     struct p448_t *__restrict__ out,

  168.     const struct p448_t *in,

  169.     unsigned int n

  170. );

  171. 

  172. static inline mask_t

  173. p448_eq (

  174.     const struct p448_t *a,

  175.     const struct p448_t *b

  176. ) __attribute__((always_inline,unused));

  177. 

  178. /* -------------- Inline functions begin here -------------- */

  179. 

  180. void

  181. p448_set_ui (

  182.     p448_t *out,

  183.     uint64_t x

  184. ) {

  185.     int i;

  186.     out->limb[0] = x;

  187.     for (i=1; i<8; i++) {

  188.       out->limb[i] = 0;

  189.     }

  190. }

  191.             

  192. void

  193. p448_cond_swap (

  194.     p448_t *a,

  195.     p448_t *b,

  196.     mask_t doswap

  197. ) {

  198.     big_register_t *aa = (big_register_t*)a;

  199.     big_register_t *bb = (big_register_t*)b;

  200.     big_register_t m = br_set_to_mask(doswap);

  201. 

  202.     unsigned int i;

  203.     for (i=0; i<sizeof(*a)/sizeof(*aa); i++) {

  204.         big_register_t x = m & (aa[i]^bb[i]);

  205.         aa[i] ^= x;

  206.         bb[i] ^= x;

  207.     }

  208. }

  209. 

  210. void

  211. p448_add (

  212.     p448_t *out,

  213.     const p448_t *a,

  214.     const p448_t *b

  215. ) {

  216.     unsigned int i;

  217.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  218.         ((uint64xn_t*)out)[i] = ((const uint64xn_t*)a)[i] + ((const uint64xn_t*)b)[i];

  219.     }

  220.     /*

  221.     unsigned int i;

  222.     for (i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {

  223.         out->limb[i] = a->limb[i] + b->limb[i];

  224.     }

  225.     */

  226. }

  227. 

  228. void

  229. p448_sub (

  230.     p448_t *out,

  231.     const p448_t *a,

  232.     const p448_t *b

  233. ) {

  234.     unsigned int i;

  235.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  236.         ((uint64xn_t*)out)[i] = ((const uint64xn_t*)a)[i] - ((const uint64xn_t*)b)[i];

  237.     }

  238.     /*

  239.     unsigned int i;

  240.     for (i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {

  241.         out->limb[i] = a->limb[i] - b->limb[i];

  242.     }

  243.     */

  244. }

  245. 

  246. void

  247. p448_neg (

  248.     struct p448_t *out,

  249.     const p448_t *a

  250. ) {

  251.     unsigned int i;

  252.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  253.         ((uint64xn_t*)out)[i] = -((const uint64xn_t*)a)[i];

  254.     }

  255.     /*

  256.     unsigned int i;

  257.     for (i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {

  258.         out->limb[i] = -a->limb[i];

  259.     }

  260.     */

  261. }

  262. 

  263. void

  264. p448_cond_neg(

  265.     struct p448_t *a,

  266.     mask_t doNegate

  267. ) {

  268.     unsigned int i;

  269.     struct p448_t negated;

  270.     big_register_t *aa = (big_register_t *)a;

  271.     big_register_t *nn = (big_register_t*)&negated;

  272.     big_register_t m = br_set_to_mask(doNegate);

  273.     

  274.     p448_neg(&negated, a);

  275.     p448_bias(&negated, 2);

  276.     

  277.     for (i=0; i<sizeof(*a)/sizeof(*aa); i++) {

  278.         aa[i] = (aa[i] & ~m) | (nn[i] & m);

  279.     }

  280. }

  281. 

  282. void

  283. p448_addw (

  284.     p448_t *a,

  285.     uint64_t x

  286. ) {

  287.   a->limb[0] += x;

  288. }

  289.              

  290. void

  291. p448_subw (

  292.     p448_t *a,

  293.     uint64_t x

  294. ) {

  295.   a->limb[0] -= x;

  296. }

  297. 

  298. void

  299. p448_copy (

  300.     p448_t *out,

  301.     const p448_t *a

  302. ) {

  303.     unsigned int i;

  304.     for (i=0; i<sizeof(*out)/sizeof(big_register_t); i++) {

  305.         ((big_register_t *)out)[i] = ((const big_register_t *)a)[i];

  306.     }

  307. }

  308. 

  309. void

  310. p448_bias (

  311.     p448_t *a,

  312.     int amt

  313. ) {

  314.     uint64_t co1 = ((1ull<<56)-1)*amt, co2 = co1-amt;

  315.     

  316. #if __AVX2__

  317.     uint64x4_t lo = {co1,co1,co1,co1}, hi = {co2,co1,co1,co1};

  318.     uint64x4_t *aa = (uint64x4_t*) a;

  319.     aa[0] += lo;

  320.     aa[1] += hi;

  321. #elif __SSE2__

  322.     uint64x2_t lo = {co1,co1}, hi = {co2,co1};

  323.     uint64x2_t *aa = (uint64x2_t*) a;

  324.     aa[0] += lo;

  325.     aa[1] += lo;

  326.     aa[2] += hi;

  327.     aa[3] += lo;

  328. #else

  329.     unsigned int i;

  330.     for (i=0; i<sizeof(*a)/sizeof(uint64_t); i++) {

  331.         a->limb[i] += (i==4) ? co2 : co1;

  332.     }

  333. #endif

  334. }

  335. 

  336. void

  337. p448_weak_reduce (

  338.     p448_t *a

  339. ) {

  340.     /* PERF: use pshufb/palignr if anyone cares about speed of this */

  341.     uint64_t mask = (1ull<<56) - 1;

  342.     uint64_t tmp = a->limb[7] >> 56;

  343.     int i;

  344.     a->limb[4] += tmp;

  345.     for (i=7; i>0; i--) {

  346.         a->limb[i] = (a->limb[i] & mask) + (a->limb[i-1]>>56);

  347.     }

  348.     a->limb[0] = (a->limb[0] & mask) + tmp;

  349. }

  350. 

  351. void

  352. p448_sqrn (

  353.     p448_t *__restrict__ y,

  354.     const p448_t *x,

  355.     int n

  356. ) {

  357.     p448_t tmp;

  358.     assert(n>0);

  359.     if (n&1) {

  360.         p448_sqr(y,x);

  361.         n--;

  362.     } else {

  363.         p448_sqr(&tmp,x);

  364.         p448_sqr(y,&tmp);

  365.         n-=2;

  366.     }

  367.     for (; n; n-=2) {

  368.         p448_sqr(&tmp,y);

  369.         p448_sqr(y,&tmp);

  370.     }

  371. }

  372. 

  373. mask_t

  374. p448_eq (

  375.     const struct p448_t *a,

  376.     const struct p448_t *b

  377. ) {

  378.     struct p448_t ra, rb;

  379.     p448_copy(&ra, a);

  380.     p448_copy(&rb, b);

  381.     p448_weak_reduce(&ra);

  382.     p448_weak_reduce(&rb);

  383.     p448_sub(&ra, &ra, &rb);

  384.     p448_bias(&ra, 2);

  385.     return p448_is_zero(&ra);

  386. }

  387. 

  388. void

  389. p448_mask (

  390.     struct p448_t *a,

  391.     const struct p448_t *b,

  392.     mask_t mask

  393. ) {

  394.     unsigned int i;

  395.     for (i=0; i<sizeof(*a)/sizeof(a->limb[0]); i++) {

  396.         a->limb[i] = b->limb[i] & mask;

  397.     }

  398. }

  399. 

  400. #ifdef __cplusplus

  401. }; /* extern "C" */

  402. #endif

  403. 

  404. #endif /* __P448_H__ */