crypto/ec/curve448/arch_64/f_impl.h

   1 /*
   2  * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  * Copyright 2014-2016 Cryptography Research, Inc.
   4  *
   5  * Licensed under the OpenSSL license (the "License").  You may not use
   6  * this file except in compliance with the License.  You can obtain a copy
   7  * in the file LICENSE in the source distribution or at
   8  * https://www.openssl.org/source/license.html
   9  *
  10  * Originally written by Mike Hamburg
  11  */
  12
  13 #ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H
  14 # define OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H
  15
  16 # define GF_HEADROOM 9999        /* Everything is reduced anyway */
  17 # define FIELD_LITERAL(a,b,c,d,e,f,g,h) {{a,b,c,d,e,f,g,h}}
  18
  19 # define LIMB_PLACE_VALUE(i) 56
  20
  21 void gf_add_RAW(gf out, const gf a, const gf b)
  22 {
  23     unsigned int i;
  24
  25     for (i = 0; i < NLIMBS; i++)
  26         out->limb[i] = a->limb[i] + b->limb[i];
  27
  28     gf_weak_reduce(out);
  29 }
  30
  31 void gf_sub_RAW(gf out, const gf a, const gf b)
  32 {
  33     uint64_t co1 = ((1ULL << 56) - 1) * 2, co2 = co1 - 2;
  34     unsigned int i;
  35
  36     for (i = 0; i < NLIMBS; i++)
  37         out->limb[i] = a->limb[i] - b->limb[i] + ((i == NLIMBS / 2) ? co2 : co1);
  38
  39     gf_weak_reduce(out);
  40 }
  41
  42 void gf_bias(gf a, int amt)
  43 {
  44 }
  45
  46 void gf_weak_reduce(gf a)
  47 {
  48     uint64_t mask = (1ULL << 56) - 1;
  49     uint64_t tmp = a->limb[NLIMBS - 1] >> 56;
  50     unsigned int i;
  51
  52     a->limb[NLIMBS / 2] += tmp;
  53     for (i = NLIMBS - 1; i > 0; i--)
  54         a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 56);
  55     a->limb[0] = (a->limb[0] & mask) + tmp;
  56 }
  57
  58 #endif                  /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H */