diff options
author | Amitay Isaacs <amitay@ozlabs.org> | 2021-01-19 04:04:48 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-04-08 13:18:10 +0200 |
commit | 70fd5110261e9c663b2f6a6009514f72c303d85d (patch) | |
tree | b241bcf785236db2b1d2b277646c7399982013b8 | |
parent | curve448: Rename arch_ref64 to arch_64 (diff) | |
download | openssl-70fd5110261e9c663b2f6a6009514f72c303d85d.tar.xz openssl-70fd5110261e9c663b2f6a6009514f72c303d85d.zip |
curve448: Modernise reference 64-bit code
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
-rw-r--r-- | crypto/ec/curve448/arch_64/arch_intrinsics.h | 14 | ||||
-rw-r--r-- | crypto/ec/curve448/arch_64/f_impl.c | 24 | ||||
-rw-r--r-- | crypto/ec/curve448/arch_64/f_impl.h | 29 |
3 files changed, 37 insertions, 30 deletions
diff --git a/crypto/ec/curve448/arch_64/arch_intrinsics.h b/crypto/ec/curve448/arch_64/arch_intrinsics.h index 650b63897d..ef611b903f 100644 --- a/crypto/ec/curve448/arch_64/arch_intrinsics.h +++ b/crypto/ec/curve448/arch_64/arch_intrinsics.h @@ -10,22 +10,20 @@ * Originally written by Mike Hamburg */ -#ifndef __ARCH_REF64_ARCH_INTRINSICS_H__ -# define __ARCH_REF64_ARCH_INTRINSICS_H__ +#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H +# define OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H # define ARCH_WORD_BITS 64 -static __inline__ __attribute((always_inline, unused)) -uint64_t word_is_zero(uint64_t a) +static ossl_inline uint64_t word_is_zero(uint64_t a) { /* let's hope the compiler isn't clever enough to optimize this. */ return (((__uint128_t) a) - 1) >> 64; } -static __inline__ __attribute((always_inline, unused)) -__uint128_t widemul(uint64_t a, uint64_t b) +static ossl_inline uint128_t widemul(uint64_t a, uint64_t b) { - return ((__uint128_t) a) * b; + return ((uint128_t) a) * b; } -#endif /* ARCH_REF64_ARCH_INTRINSICS_H__ */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H */ diff --git a/crypto/ec/curve448/arch_64/f_impl.c b/crypto/ec/curve448/arch_64/f_impl.c index 7cb5749cda..b615bab206 100644 --- a/crypto/ec/curve448/arch_64/f_impl.c +++ b/crypto/ec/curve448/arch_64/f_impl.c @@ -9,14 +9,15 @@ * * Originally written by Mike Hamburg */ + #include "field.h" -void gf_mul(gf_s * __restrict__ cs, const gf as, const gf bs) +void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs) { const uint64_t *a = as->limb, *b = bs->limb; uint64_t *c = cs->limb; - __uint128_t accum0 = 0, accum1 = 0, accum2; - uint64_t mask = (1ull << 56) - 1; + uint128_t accum0 = 0, accum1 = 0, accum2; + uint64_t mask = (1ULL << 56) - 1; uint64_t aa[4], bb[4], bbb[4]; unsigned int i; @@ -171,12 +172,12 @@ void gf_mul(gf_s * __restrict__ cs, const gf as, const gf bs) c[1] += ((uint64_t)(accum1)); } -void gf_mulw_unsigned(gf_s * __restrict__ cs, const gf as, uint32_t b) +void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b) { const uint64_t *a = as->limb; uint64_t *c = cs->limb; - __uint128_t accum0 = 0, accum4 = 0; - uint64_t mask = (1ull << 56) - 1; + uint128_t accum0 = 0, accum4 = 0; + uint64_t mask = (1ULL << 56) - 1; int i; for (i = 0; i < 4; i++) { @@ -197,19 +198,18 @@ void gf_mulw_unsigned(gf_s * __restrict__ cs, const gf as, uint32_t b) c[1] += accum4 >> 56; } -void gf_sqr(gf_s * __restrict__ cs, const gf as) +void gf_sqr(gf_s * RESTRICT cs, const gf as) { const uint64_t *a = as->limb; uint64_t *c = cs->limb; - __uint128_t accum0 = 0, accum1 = 0, accum2; - uint64_t mask = (1ull << 56) - 1; + uint128_t accum0 = 0, accum1 = 0, accum2; + uint64_t mask = (1ULL << 56) - 1; uint64_t aa[4]; + unsigned int i; /* For some reason clang doesn't vectorize this without prompting? */ - unsigned int i; - for (i = 0; i < 4; i++) { + for (i = 0; i < 4; i++) aa[i] = a[i] + a[i + 4]; - } accum2 = widemul(a[0], a[3]); accum0 = widemul(aa[0], aa[3]); diff --git a/crypto/ec/curve448/arch_64/f_impl.h b/crypto/ec/curve448/arch_64/f_impl.h index 8751ceecd9..725dfa85ab 100644 --- a/crypto/ec/curve448/arch_64/f_impl.h +++ b/crypto/ec/curve448/arch_64/f_impl.h @@ -10,40 +10,49 @@ * Originally written by Mike Hamburg */ -#define GF_HEADROOM 9999 /* Everything is reduced anyway */ -#define FIELD_LITERAL(a,b,c,d,e,f,g,h) {{a,b,c,d,e,f,g,h}} +#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H +# define OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H -#define LIMB_PLACE_VALUE(i) 56 +# define GF_HEADROOM 9999 /* Everything is reduced anyway */ +# define FIELD_LITERAL(a,b,c,d,e,f,g,h) {{a,b,c,d,e,f,g,h}} + +# define LIMB_PLACE_VALUE(i) 56 void gf_add_RAW(gf out, const gf a, const gf b) { - for (unsigned int i = 0; i < 8; i++) + unsigned int i; + + for (i = 0; i < 8; i++) out->limb[i] = a->limb[i] + b->limb[i]; + gf_weak_reduce(out); } void gf_sub_RAW(gf out, const gf a, const gf b) { - uint64_t co1 = ((1ull << 56) - 1) * 2, co2 = co1 - 2; + uint64_t co1 = ((1ULL << 56) - 1) * 2, co2 = co1 - 2; + unsigned int i; - for (unsigned int i = 0; i < 8; i++) + for (i = 0; i < 8; i++) out->limb[i] = a->limb[i] - b->limb[i] + ((i == 4) ? co2 : co1); + gf_weak_reduce(out); } void gf_bias(gf a, int amt) { - (void)a; - (void)amt; } void gf_weak_reduce(gf a) { - uint64_t mask = (1ull << 56) - 1; + uint64_t mask = (1ULL << 56) - 1; uint64_t tmp = a->limb[7] >> 56; + unsigned int i; a->limb[4] += tmp; - for (unsigned int i = 7; i > 0; i--) + for (i = 7; i > 0; i--) a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 56); a->limb[0] = (a->limb[0] & mask) + tmp; } + +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H */ |