4
/* nettle, low-level cryptographics library
6
* Copyright (C) 2013 Niels Möller
8
* The nettle library is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU Lesser General Public License as published by
10
* the Free Software Foundation; either version 2.1 of the License, or (at your
11
* option) any later version.
13
* The nettle library is distributed in the hope that it will be useful, but
14
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
16
* License for more details.
18
* You should have received a copy of the GNU Lesser General Public License
19
* along with the nettle library; see the file COPYING.LIB. If not, write to
20
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
32
#define HI(x) (x >> 32)
33
#define LO(x) (x & 0xffffffffUL)
36
poly128_mul (const uint32_t *k, uint64_t *y)
38
uint64_t y0,y1,y2,y3,p0,p1,p2,p3,m0,m1,m2;
45
m0 = y0 * k[2] + y1 * k[3];
46
p1 = y0 * k[1] + y1 * k[2] + y2 * k[3];
47
m1 = y0 * k[0] + y1 * k[1] + y2 * k[2] + y3 * k[3];
48
p2 = y1 * k[0] + y2 * k[1] + y3 * k[2];
49
m2 = y2 * k[0] + y3 * k[1];
52
/* Collaps to 4 64-bit words,
59
/* But it's convenient to reduce (p3,p2,p1,p0) and (m2,m1,m0) mod p first.*/
60
m1 += UMAC_P128_OFFSET * HI(p3);
61
p1 += UMAC_P128_OFFSET * (LO(p3) + HI(m2));
62
m0 += UMAC_P128_OFFSET * (HI(p2) + LO(m2));
63
p0 += UMAC_P128_OFFSET * (LO(p2) + HI(m1));
72
/* First add high parts, with no possibilities for carries */
90
p0 += UMAC_P128_OFFSET;
91
p1 += (p0 < UMAC_P128_OFFSET);
99
_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml)
103
if ( (mh >> 32) == 0xffffffff)
116
y[1] = UMAC_P128_LO-1;
119
mh -= (ml < UMAC_P128_OFFSET);
120
ml -= UMAC_P128_OFFSET;
122
assert (mh < UMAC_P128_HI || ml < UMAC_P128_LO);
134
yl += UMAC_P128_OFFSET;
135
yh += yl < UMAC_P128_OFFSET;
added
removed
umac-poly128.c
