2017-12-01 18:12:25 +00:00
|
|
|
/*
|
2018-01-18 13:12:46 +00:00
|
|
|
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
2017-12-01 18:12:25 +00:00
|
|
|
* Copyright 2014 Cryptography Research, Inc.
|
|
|
|
*
|
|
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
*
|
|
|
|
* Originally written by Mike Hamburg
|
2017-11-15 15:27:21 +00:00
|
|
|
*/
|
|
|
|
|
2018-02-12 14:27:02 +00:00
|
|
|
#ifndef HEADER_WORD_H
|
|
|
|
# define HEADER_WORD_H
|
2017-12-04 11:38:58 +00:00
|
|
|
|
|
|
|
# include <string.h>
|
|
|
|
# include <assert.h>
|
2018-02-12 13:56:50 +00:00
|
|
|
# include <stdlib.h>
|
2017-12-04 11:38:58 +00:00
|
|
|
# include <openssl/e_os2.h>
|
|
|
|
# include "arch_intrinsics.h"
|
|
|
|
# include "curve448utils.h"
|
|
|
|
|
|
|
|
# if (ARCH_WORD_BITS == 64)
|
|
|
|
typedef uint64_t word_t, mask_t;
|
|
|
|
typedef __uint128_t dword_t;
|
|
|
|
typedef int32_t hsword_t;
|
|
|
|
typedef int64_t sword_t;
|
|
|
|
typedef __int128_t dsword_t;
|
|
|
|
# elif (ARCH_WORD_BITS == 32)
|
|
|
|
typedef uint32_t word_t, mask_t;
|
|
|
|
typedef uint64_t dword_t;
|
|
|
|
typedef int16_t hsword_t;
|
|
|
|
typedef int32_t sword_t;
|
|
|
|
typedef int64_t dsword_t;
|
|
|
|
# else
|
2017-12-05 16:37:57 +00:00
|
|
|
# error "For now, we only support 32- and 64-bit architectures."
|
2017-12-04 11:38:58 +00:00
|
|
|
# endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Scalar limbs are keyed off of the API word size instead of the arch word
|
|
|
|
* size.
|
|
|
|
*/
|
2017-12-05 16:37:57 +00:00
|
|
|
# if C448_WORD_BITS == 64
|
2017-12-04 11:38:58 +00:00
|
|
|
# define SC_LIMB(x) (x)
|
2017-12-05 16:37:57 +00:00
|
|
|
# elif C448_WORD_BITS == 32
|
2018-02-12 13:56:50 +00:00
|
|
|
# define SC_LIMB(x) ((uint32_t)(x)),((x) >> 32)
|
2017-12-04 11:38:58 +00:00
|
|
|
# else
|
2017-12-05 16:37:57 +00:00
|
|
|
# error "For now we only support 32- and 64-bit architectures."
|
2017-12-04 11:38:58 +00:00
|
|
|
# endif
|
|
|
|
|
|
|
|
/*
|
2017-12-05 16:37:57 +00:00
|
|
|
* The plan on booleans: The external interface uses c448_bool_t, but this
|
2017-12-04 11:38:58 +00:00
|
|
|
* might be a different size than our particular arch's word_t (and thus
|
|
|
|
* mask_t). Also, the caller isn't guaranteed to pass it as nonzero. So
|
|
|
|
* bool_to_mask converts word sizes and checks nonzero. On the flip side,
|
|
|
|
* mask_t is always -1 or 0, but it might be a different size than
|
2017-12-05 16:37:57 +00:00
|
|
|
* c448_bool_t. On the third hand, we have success vs boolean types, but
|
|
|
|
* that's handled in common.h: it converts between c448_bool_t and
|
|
|
|
* c448_error_t.
|
2017-11-15 15:27:21 +00:00
|
|
|
*/
|
2017-12-05 16:37:57 +00:00
|
|
|
static ossl_inline c448_bool_t mask_to_bool(mask_t m)
|
2017-12-04 11:38:58 +00:00
|
|
|
{
|
2017-12-05 16:37:57 +00:00
|
|
|
return (c448_sword_t)(sword_t)m;
|
2017-11-15 15:27:21 +00:00
|
|
|
}
|
|
|
|
|
2017-12-05 16:37:57 +00:00
|
|
|
static ossl_inline mask_t bool_to_mask(c448_bool_t m)
|
2017-12-04 11:38:58 +00:00
|
|
|
{
|
2017-11-15 15:27:21 +00:00
|
|
|
/* On most arches this will be optimized to a simple cast. */
|
|
|
|
mask_t ret = 0;
|
2018-01-18 12:55:23 +00:00
|
|
|
unsigned int i;
|
2017-12-05 16:37:57 +00:00
|
|
|
unsigned int limit = sizeof(c448_bool_t) / sizeof(mask_t);
|
2017-12-04 13:30:53 +00:00
|
|
|
|
2017-12-04 11:38:58 +00:00
|
|
|
if (limit < 1)
|
|
|
|
limit = 1;
|
2017-12-04 13:30:53 +00:00
|
|
|
for (i = 0; i < limit; i++)
|
2017-12-04 11:38:58 +00:00
|
|
|
ret |= ~word_is_zero(m >> (i * 8 * sizeof(word_t)));
|
2017-12-04 13:30:53 +00:00
|
|
|
|
2017-11-15 15:27:21 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2018-02-12 14:27:02 +00:00
|
|
|
#endif /* HEADER_WORD_H */
|