jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: b0a2110717
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b0a2110717'
${ noResults }
ed448goldilocks/src/p521/arch_x86_64_r12/p521.h

251 lines
4.3 KiB
Raw Blame History 

  1. /* Copyright (c) 2014 Cryptography Research, Inc.

  2.  * Released under the MIT License.  See LICENSE.txt for license information.

  3.  */

  4. #ifndef __P521_H__

  5. #define __P521_H__ 1

  6. 

  7. #include <stdint.h>

  8. #include <assert.h>

  9. #include <string.h>

  10. 

  11. #include "word.h"

  12. #include "constant_time.h"

  13. 

  14. #define LIMBPERM(x) (((x)%3)*4 + (x)/3)

  15. #define USE_P521_3x3_TRANSPOSE

  16. 

  17. typedef struct p521_t {

  18.   uint64_t limb[12];

  19. } __attribute__((aligned(32))) p521_t;

  20. 

  21. #ifdef __cplusplus

  22. extern "C" {

  23. #endif

  24. 

  25. static __inline__ void

  26. p521_set_ui (

  27.     p521_t *out,

  28.     uint64_t x

  29. ) __attribute__((unused));

  30. 

  31. static __inline__ void

  32. p521_add_RAW (

  33.     p521_t *out,

  34.     const p521_t *a,

  35.     const p521_t *b

  36. ) __attribute__((unused));

  37.              

  38. static __inline__ void

  39. p521_sub_RAW (

  40.     p521_t *out,

  41.     const p521_t *a,

  42.     const p521_t *b

  43. ) __attribute__((unused));

  44.              

  45. static __inline__ void

  46. p521_neg_RAW (

  47.     p521_t *out,

  48.     const p521_t *a

  49. ) __attribute__((unused));

  50. 

  51. static __inline__ void

  52. p521_addw (

  53.     p521_t *a,

  54.     uint64_t x

  55. ) __attribute__((unused));

  56.              

  57. static __inline__ void

  58. p521_subw (

  59.     p521_t *a,

  60.     uint64_t x

  61. ) __attribute__((unused));

  62.              

  63. static __inline__ void

  64. p521_copy (

  65.     p521_t *out,

  66.     const p521_t *a

  67. ) __attribute__((unused));

  68.              

  69. static __inline__ void

  70. p521_weak_reduce (

  71.     p521_t *inout

  72. ) __attribute__((unused));

  73.              

  74. void

  75. p521_strong_reduce (

  76.     p521_t *inout

  77. );

  78. 

  79. mask_t

  80. p521_is_zero (

  81.     const p521_t *in

  82. );

  83. 

  84. static __inline__ void

  85. p521_bias (

  86.     p521_t *inout,

  87.     int amount

  88. ) __attribute__((unused));

  89.          

  90. void

  91. p521_mul (

  92.     p521_t *__restrict__ out,

  93.     const p521_t *a,

  94.     const p521_t *b

  95. );

  96. 

  97. void

  98. p521_mulw (

  99.     p521_t *__restrict__ out,

  100.     const p521_t *a,

  101.     uint64_t b

  102. );

  103. 

  104. void

  105. p521_sqr (

  106.     p521_t *__restrict__ out,

  107.     const p521_t *a

  108. );

  109. 

  110. void

  111. p521_serialize (

  112.     uint8_t *serial,

  113.     const struct p521_t *x

  114. );

  115. 

  116. mask_t

  117. p521_deserialize (

  118.     p521_t *x,

  119.     const uint8_t serial[66]

  120. );

  121. 

  122. /* -------------- Inline functions begin here -------------- */

  123. 

  124. typedef uint64x4_t uint64x3_t; /* fit it in a vector register */

  125. 

  126. static const uint64x3_t mask58 = { (1ull<<58) - 1, (1ull<<58) - 1, (1ull<<58) - 1, 0 };

  127. 

  128. /* Currently requires CLANG.  Sorry. */

  129. static inline uint64x3_t

  130. __attribute__((unused))

  131. timesW (

  132.   uint64x3_t u

  133. ) {

  134.   return u.zxyw + u.zwww;

  135. }

  136. 

  137. void

  138. p521_set_ui (

  139.     p521_t *out,

  140.     uint64_t x

  141. ) {

  142.     int i;

  143.     out->limb[0] = x;

  144.     for (i=1; i<12; i++) {

  145.       out->limb[i] = 0;

  146.     }

  147. }

  148. 

  149. void

  150. p521_add_RAW (

  151.     p521_t *out,

  152.     const p521_t *a,

  153.     const p521_t *b

  154. ) {

  155.     unsigned int i;

  156.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  157.         ((uint64xn_t*)out)[i] = ((const uint64xn_t*)a)[i] + ((const uint64xn_t*)b)[i];

  158.     }

  159. }

  160. 

  161. void

  162. p521_sub_RAW (

  163.     p521_t *out,

  164.     const p521_t *a,

  165.     const p521_t *b

  166. ) {

  167.     unsigned int i;

  168.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  169.         ((uint64xn_t*)out)[i] = ((const uint64xn_t*)a)[i] - ((const uint64xn_t*)b)[i];

  170.     }

  171. }

  172. 

  173. void

  174. p521_neg_RAW (

  175.     struct p521_t *out,

  176.     const p521_t *a

  177. ) {

  178.     unsigned int i;

  179.     for (i=0; i<sizeof(*out)/sizeof(uint64xn_t); i++) {

  180.         ((uint64xn_t*)out)[i] = -((const uint64xn_t*)a)[i];

  181.     }

  182. }

  183. 

  184. void

  185. p521_addw (

  186.     p521_t *a,

  187.     uint64_t x

  188. ) {

  189.     a->limb[0] += x;

  190. }

  191.              

  192. void

  193. p521_subw (

  194.     p521_t *a,

  195.     uint64_t x

  196. ) {

  197.     a->limb[0] -= x;

  198. }

  199. 

  200. void

  201. p521_copy (

  202.     p521_t *out,

  203.     const p521_t *a

  204. ) {

  205.     memcpy(out,a,sizeof(*a));

  206. }

  207. 

  208. void

  209. p521_bias (

  210.     p521_t *a,

  211.     int amt

  212. ) {

  213.     uint64_t co0 = ((1ull<<58)-2)*amt, co1 = ((1ull<<58)-1)*amt;

  214.     uint64x4_t vlo = { co0, co1, co1, 0 }, vhi = { co1, co1, co1, 0 };

  215.     ((uint64x4_t*)a)[0] += vlo;

  216.     ((uint64x4_t*)a)[1] += vhi;

  217.     ((uint64x4_t*)a)[2] += vhi;

  218. }

  219. 

  220. void

  221. p521_weak_reduce (

  222.     p521_t *a

  223. ) {

  224. #if 0

  225.     int i;

  226.     assert(a->limb[3] == 0 && a->limb[7] == 0 && a->limb[11] == 0);

  227.     for (i=0; i<12; i++) {

  228.         assert(a->limb[i] < 3ull<<61);

  229.     }

  230. #endif

  231.     

  232.     uint64x3_t

  233.         ot0 = ((uint64x4_t*)a)[0],

  234.         ot1 = ((uint64x4_t*)a)[1],

  235.         ot2 = ((uint64x4_t*)a)[2];

  236.     

  237.     uint64x3_t out0 = (ot0 & mask58) + timesW(ot2>>58);

  238.     uint64x3_t out1 = (ot1 & mask58) + (ot0>>58);

  239.     uint64x3_t out2 = (ot2 & mask58) + (ot1>>58);

  240. 

  241.     ((uint64x4_t*)a)[0] = out0;

  242.     ((uint64x4_t*)a)[1] = out1;

  243.     ((uint64x4_t*)a)[2] = out2;

  244. }

  245. 

  246. #ifdef __cplusplus

  247. }; /* extern "C" */

  248. #endif

  249. 

  250. #endif /* __P521_H__ */