diff options
Diffstat (limited to 'comm/third_party/botan/src/lib/pubkey/ed25519/sc_muladd.cpp')
| -rw-r--r-- | comm/third_party/botan/src/lib/pubkey/ed25519/sc_muladd.cpp | 221 |
1 files changed, 221 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/lib/pubkey/ed25519/sc_muladd.cpp b/comm/third_party/botan/src/lib/pubkey/ed25519/sc_muladd.cpp new file mode 100644 index 0000000000..4a88be22de --- /dev/null +++ b/comm/third_party/botan/src/lib/pubkey/ed25519/sc_muladd.cpp @@ -0,0 +1,221 @@ +/* +* Ed25519 +* (C) 2017 Ribose Inc +* +* Based on the public domain code from SUPERCOP ref10 by +* Peter Schwabe, Daniel J. Bernstein, Niels Duif, Tanja Lange, Bo-Yin Yang +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/internal/ed25519_internal.h> + +namespace Botan { + +/* +Input: + a[0]+256*a[1]+...+256^31*a[31] = a + b[0]+256*b[1]+...+256^31*b[31] = b + c[0]+256*c[1]+...+256^31*c[31] = c + +Output: + s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l + where l = 2^252 + 27742317777372353535851937790883648493. +*/ + +void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) + { + const int32_t MASK = 0x1fffff; + + const int64_t a0 = MASK & load_3(a); + const int64_t a1 = MASK & (load_4(a + 2) >> 5); + const int64_t a2 = MASK & (load_3(a + 5) >> 2); + const int64_t a3 = MASK & (load_4(a + 7) >> 7); + const int64_t a4 = MASK & (load_4(a + 10) >> 4); + const int64_t a5 = MASK & (load_3(a + 13) >> 1); + const int64_t a6 = MASK & (load_4(a + 15) >> 6); + const int64_t a7 = MASK & (load_3(a + 18) >> 3); + const int64_t a8 = MASK & load_3(a + 21); + const int64_t a9 = MASK & (load_4(a + 23) >> 5); + const int64_t a10 = MASK & (load_3(a + 26) >> 2); + const int64_t a11 = (load_4(a + 28) >> 7); + const int64_t b0 = MASK & load_3(b); + const int64_t b1 = MASK & (load_4(b + 2) >> 5); + const int64_t b2 = MASK & (load_3(b + 5) >> 2); + const int64_t b3 = MASK & (load_4(b + 7) >> 7); + const int64_t b4 = MASK & (load_4(b + 10) >> 4); + const int64_t b5 = MASK & (load_3(b + 13) >> 1); + const int64_t b6 = MASK & (load_4(b + 15) >> 6); + const int64_t b7 = MASK & (load_3(b + 18) >> 3); + const int64_t b8 = MASK & load_3(b + 21); + const int64_t b9 = MASK & (load_4(b + 23) >> 5); + const int64_t b10 = MASK & (load_3(b + 26) >> 2); + const int64_t b11 = (load_4(b + 28) >> 7); + const int64_t c0 = MASK & load_3(c); + const int64_t c1 = MASK & (load_4(c + 2) >> 5); + const int64_t c2 = MASK & (load_3(c + 5) >> 2); + const int64_t c3 = MASK & (load_4(c + 7) >> 7); + const int64_t c4 = MASK & (load_4(c + 10) >> 4); + const int64_t c5 = MASK & (load_3(c + 13) >> 1); + const int64_t c6 = MASK & (load_4(c + 15) >> 6); + const int64_t c7 = MASK & (load_3(c + 18) >> 3); + const int64_t c8 = MASK & load_3(c + 21); + const int64_t c9 = MASK & (load_4(c + 23) >> 5); + const int64_t c10 = MASK & (load_3(c + 26) >> 2); + const int64_t c11 = (load_4(c + 28) >> 7); + + int64_t s0 = c0 + a0*b0; + int64_t s1 = c1 + a0*b1 + a1*b0; + int64_t s2 = c2 + a0*b2 + a1*b1 + a2*b0; + int64_t s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0; + int64_t s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0; + int64_t s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0; + int64_t s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0; + int64_t s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0; + int64_t s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0; + int64_t s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0; + int64_t s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0; + int64_t s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0; + int64_t s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1; + int64_t s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2; + int64_t s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3; + int64_t s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4; + int64_t s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5; + int64_t s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6; + int64_t s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7; + int64_t s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8; + int64_t s20 = a9*b11 + a10*b10 + a11*b9; + int64_t s21 = a10*b11 + a11*b10; + int64_t s22 = a11*b11; + int64_t s23 = 0; + + carry<21>(s0, s1); + carry<21>(s2, s3); + carry<21>(s4, s5); + carry<21>(s6, s7); + carry<21>(s8, s9); + carry<21>(s10, s11); + carry<21>(s12, s13); + carry<21>(s14, s15); + carry<21>(s16, s17); + carry<21>(s18, s19); + carry<21>(s20, s21); + carry<21>(s22, s23); + + carry<21>(s1, s2); + carry<21>(s3, s4); + carry<21>(s5, s6); + carry<21>(s7, s8); + carry<21>(s9, s10); + carry<21>(s11, s12); + carry<21>(s13, s14); + carry<21>(s15, s16); + carry<21>(s17, s18); + carry<21>(s19, s20); + carry<21>(s21, s22); + + redc_mul(s11, s12, s13, s14, s15, s16, s23); + redc_mul(s10, s11, s12, s13, s14, s15, s22); + redc_mul( s9, s10, s11, s12, s13, s14, s21); + redc_mul( s8, s9, s10, s11, s12, s13, s20); + redc_mul( s7, s8, s9, s10, s11, s12, s19); + redc_mul( s6, s7, s8, s9, s10, s11, s18); + + carry<21>(s6, s7); + carry<21>(s8, s9); + carry<21>(s10, s11); + carry<21>(s12, s13); + carry<21>(s14, s15); + carry<21>(s16, s17); + + carry<21>(s7, s8); + carry<21>(s9, s10); + carry<21>(s11, s12); + carry<21>(s13, s14); + carry<21>(s15, s16); + + redc_mul(s5, s6, s7, s8, s9, s10, s17); + redc_mul(s4, s5, s6, s7, s8, s9, s16); + redc_mul(s3, s4, s5, s6, s7, s8, s15); + redc_mul(s2, s3, s4, s5, s6, s7, s14); + redc_mul(s1, s2, s3, s4, s5, s6, s13); + redc_mul(s0, s1, s2, s3, s4, s5, s12); + + carry<21>(s0, s1); + carry<21>(s2, s3); + carry<21>(s4, s5); + carry<21>(s6, s7); + carry<21>(s8, s9); + carry<21>(s10, s11); + + carry<21>(s1, s2); + carry<21>(s3, s4); + carry<21>(s5, s6); + carry<21>(s7, s8); + carry<21>(s9, s10); + carry<21>(s11, s12); + + redc_mul(s0, s1, s2, s3, s4, s5, s12); + + carry0<21>(s0, s1); + carry0<21>(s1, s2); + carry0<21>(s2, s3); + carry0<21>(s3, s4); + carry0<21>(s4, s5); + carry0<21>(s5, s6); + carry0<21>(s6, s7); + carry0<21>(s7, s8); + carry0<21>(s8, s9); + carry0<21>(s9, s10); + carry0<21>(s10, s11); + carry0<21>(s11, s12); + + redc_mul(s0, s1, s2, s3, s4, s5, s12); + + carry0<21>(s0, s1); + carry0<21>(s1, s2); + carry0<21>(s2, s3); + carry0<21>(s3, s4); + carry0<21>(s4, s5); + carry0<21>(s5, s6); + carry0<21>(s6, s7); + carry0<21>(s7, s8); + carry0<21>(s8, s9); + carry0<21>(s9, s10); + carry0<21>(s10, s11); + + s[0] = static_cast<uint8_t>(s0 >> 0); + s[1] = static_cast<uint8_t>(s0 >> 8); + s[2] = static_cast<uint8_t>((s0 >> 16) | (s1 << 5)); + s[3] = static_cast<uint8_t>(s1 >> 3); + s[4] = static_cast<uint8_t>(s1 >> 11); + s[5] = static_cast<uint8_t>((s1 >> 19) | (s2 << 2)); + s[6] = static_cast<uint8_t>(s2 >> 6); + s[7] = static_cast<uint8_t>((s2 >> 14) | (s3 << 7)); + s[8] = static_cast<uint8_t>(s3 >> 1); + s[9] = static_cast<uint8_t>(s3 >> 9); + s[10] = static_cast<uint8_t>((s3 >> 17) | (s4 << 4)); + s[11] = static_cast<uint8_t>(s4 >> 4); + s[12] = static_cast<uint8_t>(s4 >> 12); + s[13] = static_cast<uint8_t>((s4 >> 20) | (s5 << 1)); + s[14] = static_cast<uint8_t>(s5 >> 7); + s[15] = static_cast<uint8_t>((s5 >> 15) | (s6 << 6)); + s[16] = static_cast<uint8_t>(s6 >> 2); + s[17] = static_cast<uint8_t>(s6 >> 10); + s[18] = static_cast<uint8_t>((s6 >> 18) | (s7 << 3)); + s[19] = static_cast<uint8_t>(s7 >> 5); + s[20] = static_cast<uint8_t>(s7 >> 13); + s[21] = static_cast<uint8_t>(s8 >> 0); + s[22] = static_cast<uint8_t>(s8 >> 8); + s[23] = static_cast<uint8_t>((s8 >> 16) | (s9 << 5)); + s[24] = static_cast<uint8_t>(s9 >> 3); + s[25] = static_cast<uint8_t>(s9 >> 11); + s[26] = static_cast<uint8_t>((s9 >> 19) | (s10 << 2)); + s[27] = static_cast<uint8_t>(s10 >> 6); + s[28] = static_cast<uint8_t>((s10 >> 14) | (s11 << 7)); + s[29] = static_cast<uint8_t>(s11 >> 1); + s[30] = static_cast<uint8_t>(s11 >> 9); + s[31] = static_cast<uint8_t>(s11 >> 17); + } + +} |