2017-12-02 02:12:25 +08:00
|
|
|
/*
|
2021-04-08 20:04:41 +08:00
|
|
|
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
2017-12-02 02:12:25 +08:00
|
|
|
* Copyright 2014 Cryptography Research, Inc.
|
|
|
|
*
|
2018-12-06 20:38:06 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2017-12-02 02:12:25 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
*
|
|
|
|
* Originally written by Mike Hamburg
|
2017-11-15 23:27:21 +08:00
|
|
|
*/
|
|
|
|
|
2019-09-28 06:45:57 +08:00
|
|
|
#ifndef OSSL_CRYPTO_EC_CURVE448_WORD_H
|
|
|
|
# define OSSL_CRYPTO_EC_CURVE448_WORD_H
|
2017-12-04 19:38:58 +08:00
|
|
|
|
|
|
|
# include <string.h>
|
|
|
|
# include <assert.h>
|
2018-02-12 21:56:50 +08:00
|
|
|
# include <stdlib.h>
|
2017-12-04 19:38:58 +08:00
|
|
|
# include <openssl/e_os2.h>
|
|
|
|
# include "curve448utils.h"
|
|
|
|
|
2021-01-19 11:14:25 +08:00
|
|
|
# ifdef INT128_MAX
|
|
|
|
# include "arch_64/arch_intrinsics.h"
|
|
|
|
# else
|
|
|
|
# include "arch_32/arch_intrinsics.h"
|
|
|
|
# endif
|
|
|
|
|
2017-12-04 19:38:58 +08:00
|
|
|
# if (ARCH_WORD_BITS == 64)
|
|
|
|
typedef uint64_t word_t, mask_t;
|
2021-03-29 15:20:53 +08:00
|
|
|
typedef uint128_t dword_t;
|
2017-12-04 19:38:58 +08:00
|
|
|
typedef int32_t hsword_t;
|
|
|
|
typedef int64_t sword_t;
|
2021-03-29 15:20:53 +08:00
|
|
|
typedef int128_t dsword_t;
|
2017-12-04 19:38:58 +08:00
|
|
|
# elif (ARCH_WORD_BITS == 32)
|
|
|
|
typedef uint32_t word_t, mask_t;
|
|
|
|
typedef uint64_t dword_t;
|
|
|
|
typedef int16_t hsword_t;
|
|
|
|
typedef int32_t sword_t;
|
|
|
|
typedef int64_t dsword_t;
|
|
|
|
# else
|
2017-12-06 00:37:57 +08:00
|
|
|
# error "For now, we only support 32- and 64-bit architectures."
|
2017-12-04 19:38:58 +08:00
|
|
|
# endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Scalar limbs are keyed off of the API word size instead of the arch word
|
|
|
|
* size.
|
|
|
|
*/
|
2017-12-06 00:37:57 +08:00
|
|
|
# if C448_WORD_BITS == 64
|
2017-12-04 19:38:58 +08:00
|
|
|
# define SC_LIMB(x) (x)
|
2017-12-06 00:37:57 +08:00
|
|
|
# elif C448_WORD_BITS == 32
|
2018-02-12 21:56:50 +08:00
|
|
|
# define SC_LIMB(x) ((uint32_t)(x)),((x) >> 32)
|
2017-12-04 19:38:58 +08:00
|
|
|
# else
|
2017-12-06 00:37:57 +08:00
|
|
|
# error "For now we only support 32- and 64-bit architectures."
|
2017-12-04 19:38:58 +08:00
|
|
|
# endif
|
|
|
|
|
|
|
|
/*
|
2017-12-06 00:37:57 +08:00
|
|
|
* The plan on booleans: The external interface uses c448_bool_t, but this
|
2017-12-04 19:38:58 +08:00
|
|
|
* might be a different size than our particular arch's word_t (and thus
|
|
|
|
* mask_t). Also, the caller isn't guaranteed to pass it as nonzero. So
|
|
|
|
* bool_to_mask converts word sizes and checks nonzero. On the flip side,
|
|
|
|
* mask_t is always -1 or 0, but it might be a different size than
|
2017-12-06 00:37:57 +08:00
|
|
|
* c448_bool_t. On the third hand, we have success vs boolean types, but
|
|
|
|
* that's handled in common.h: it converts between c448_bool_t and
|
|
|
|
* c448_error_t.
|
2017-11-15 23:27:21 +08:00
|
|
|
*/
|
2017-12-06 00:37:57 +08:00
|
|
|
static ossl_inline c448_bool_t mask_to_bool(mask_t m)
|
2017-12-04 19:38:58 +08:00
|
|
|
{
|
2017-12-06 00:37:57 +08:00
|
|
|
return (c448_sword_t)(sword_t)m;
|
2017-11-15 23:27:21 +08:00
|
|
|
}
|
|
|
|
|
2017-12-06 00:37:57 +08:00
|
|
|
static ossl_inline mask_t bool_to_mask(c448_bool_t m)
|
2017-12-04 19:38:58 +08:00
|
|
|
{
|
2017-11-15 23:27:21 +08:00
|
|
|
/* On most arches this will be optimized to a simple cast. */
|
|
|
|
mask_t ret = 0;
|
2018-01-18 20:55:23 +08:00
|
|
|
unsigned int i;
|
2017-12-06 00:37:57 +08:00
|
|
|
unsigned int limit = sizeof(c448_bool_t) / sizeof(mask_t);
|
2017-12-04 21:30:53 +08:00
|
|
|
|
2017-12-04 19:38:58 +08:00
|
|
|
if (limit < 1)
|
|
|
|
limit = 1;
|
2017-12-04 21:30:53 +08:00
|
|
|
for (i = 0; i < limit; i++)
|
2017-12-04 19:38:58 +08:00
|
|
|
ret |= ~word_is_zero(m >> (i * 8 * sizeof(word_t)));
|
2017-12-04 21:30:53 +08:00
|
|
|
|
2017-11-15 23:27:21 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2019-09-28 06:45:57 +08:00
|
|
|
#endif /* OSSL_CRYPTO_EC_CURVE448_WORD_H */
|