github.com/cloudflare/circl@v1.5.0/dh/x448/curve_generic.go

github.com/cloudflare/circl@v1.5.0/dh/x448/curve_generic.go (about)

     1  package x448
     2  
     3  import (
     4  	"encoding/binary"
     5  	"math/bits"
     6  
     7  	"github.com/cloudflare/circl/math/fp448"
     8  )
     9  
    10  func doubleGeneric(x, z *fp448.Elt) {
    11  	t0, t1 := &fp448.Elt{}, &fp448.Elt{}
    12  	fp448.AddSub(x, z)
    13  	fp448.Sqr(x, x)
    14  	fp448.Sqr(z, z)
    15  	fp448.Sub(t0, x, z)
    16  	mulA24Generic(t1, t0)
    17  	fp448.Add(t1, t1, z)
    18  	fp448.Mul(x, x, z)
    19  	fp448.Mul(z, t0, t1)
    20  }
    21  
    22  func diffAddGeneric(w *[5]fp448.Elt, b uint) {
    23  	mu, x1, z1, x2, z2 := &w[0], &w[1], &w[2], &w[3], &w[4]
    24  	fp448.Cswap(x1, x2, b)
    25  	fp448.Cswap(z1, z2, b)
    26  	fp448.AddSub(x1, z1)
    27  	fp448.Mul(z1, z1, mu)
    28  	fp448.AddSub(x1, z1)
    29  	fp448.Sqr(x1, x1)
    30  	fp448.Sqr(z1, z1)
    31  	fp448.Mul(x1, x1, z2)
    32  	fp448.Mul(z1, z1, x2)
    33  }
    34  
    35  func ladderStepGeneric(w *[5]fp448.Elt, b uint) {
    36  	x1, x2, z2, x3, z3 := &w[0], &w[1], &w[2], &w[3], &w[4]
    37  	t0 := &fp448.Elt{}
    38  	t1 := &fp448.Elt{}
    39  	fp448.AddSub(x2, z2)
    40  	fp448.AddSub(x3, z3)
    41  	fp448.Mul(t0, x2, z3)
    42  	fp448.Mul(t1, x3, z2)
    43  	fp448.AddSub(t0, t1)
    44  	fp448.Cmov(x2, x3, b)
    45  	fp448.Cmov(z2, z3, b)
    46  	fp448.Sqr(x3, t0)
    47  	fp448.Sqr(z3, t1)
    48  	fp448.Mul(z3, x1, z3)
    49  	fp448.Sqr(x2, x2)
    50  	fp448.Sqr(z2, z2)
    51  	fp448.Sub(t0, x2, z2)
    52  	mulA24Generic(t1, t0)
    53  	fp448.Add(t1, t1, z2)
    54  	fp448.Mul(x2, x2, z2)
    55  	fp448.Mul(z2, t0, t1)
    56  }
    57  
    58  func mulA24Generic(z, x *fp448.Elt) {
    59  	const A24 = 39082
    60  	const n = 8
    61  	var xx [7]uint64
    62  	for i := range xx {
    63  		xx[i] = binary.LittleEndian.Uint64(x[i*n : (i+1)*n])
    64  	}
    65  	h0, l0 := bits.Mul64(xx[0], A24)
    66  	h1, l1 := bits.Mul64(xx[1], A24)
    67  	h2, l2 := bits.Mul64(xx[2], A24)
    68  	h3, l3 := bits.Mul64(xx[3], A24)
    69  	h4, l4 := bits.Mul64(xx[4], A24)
    70  	h5, l5 := bits.Mul64(xx[5], A24)
    71  	h6, l6 := bits.Mul64(xx[6], A24)
    72  
    73  	l1, c0 := bits.Add64(h0, l1, 0)
    74  	l2, c1 := bits.Add64(h1, l2, c0)
    75  	l3, c2 := bits.Add64(h2, l3, c1)
    76  	l4, c3 := bits.Add64(h3, l4, c2)
    77  	l5, c4 := bits.Add64(h4, l5, c3)
    78  	l6, c5 := bits.Add64(h5, l6, c4)
    79  	l7, _ := bits.Add64(h6, 0, c5)
    80  
    81  	l0, c0 = bits.Add64(l0, l7, 0)
    82  	l1, c1 = bits.Add64(l1, 0, c0)
    83  	l2, c2 = bits.Add64(l2, 0, c1)
    84  	l3, c3 = bits.Add64(l3, l7<<32, c2)
    85  	l4, c4 = bits.Add64(l4, 0, c3)
    86  	l5, c5 = bits.Add64(l5, 0, c4)
    87  	l6, l7 = bits.Add64(l6, 0, c5)
    88  
    89  	xx[0], c0 = bits.Add64(l0, l7, 0)
    90  	xx[1], c1 = bits.Add64(l1, 0, c0)
    91  	xx[2], c2 = bits.Add64(l2, 0, c1)
    92  	xx[3], c3 = bits.Add64(l3, l7<<32, c2)
    93  	xx[4], c4 = bits.Add64(l4, 0, c3)
    94  	xx[5], c5 = bits.Add64(l5, 0, c4)
    95  	xx[6], _ = bits.Add64(l6, 0, c5)
    96  
    97  	for i := range xx {
    98  		binary.LittleEndian.PutUint64(z[i*n:(i+1)*n], xx[i])
    99  	}
   100  }