From ac76ef8ee7395722a891672822725a3f3fe7e9a8 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 18 Jan 2021 09:03:58 +1000 Subject: [PATCH] Curve25519: replace uint64_t with word64 Remove usages of stdint.h types Added a sword type for signed words. --- src/internal.c | 4 +- src/ssl.c | 4 +- src/tls13.c | 4 +- src/wolfio.c | 4 +- wolfcrypt/src/aes.c | 186 +- wolfcrypt/src/des3.c | 32 +- wolfcrypt/src/fe_448.c | 1424 +++++++------- wolfcrypt/src/fe_operations.c | 1378 +++++++------- wolfcrypt/src/fe_x25519_128.i | 106 +- wolfcrypt/src/ge_448.c | 2959 +++++++++++++++-------------- wolfcrypt/src/ge_operations.c | 232 +-- wolfcrypt/src/md5.c | 6 +- wolfcrypt/src/random.c | 34 +- wolfcrypt/src/rsa.c | 10 +- wolfcrypt/src/sha.c | 8 +- wolfcrypt/src/sha256.c | 2 +- wolfcrypt/src/wc_port.c | 6 +- wolfssl/openssl/crypto.h | 4 +- wolfssl/openssl/ssl.h | 3 +- wolfssl/wolfcrypt/fe_448.h | 34 +- wolfssl/wolfcrypt/fe_operations.h | 18 +- wolfssl/wolfcrypt/ge_448.h | 4 +- wolfssl/wolfcrypt/ge_operations.h | 8 +- wolfssl/wolfcrypt/types.h | 11 + wolfssl/wolfio.h | 8 +- 25 files changed, 3246 insertions(+), 3243 deletions(-) diff --git a/src/internal.c b/src/internal.c index ad34b7f1c..36bf50976 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7587,8 +7587,8 @@ ProtocolVersion MakeDTLSv1_2(void) word32 LowResTimer(void) { - const uint32_t systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); - uint32_t *systemTickPtr = systemTickPointer(); + const word32 systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); + word32 *systemTickPtr = systemTickPointer(); return (word32) *systemTickPtr/systemTickTimeInHz; } diff --git a/src/ssl.c b/src/ssl.c index e2576a553..718340ded 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33886,14 +33886,14 @@ void *wolfSSL_OPENSSL_malloc(size_t a) return (void *)XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL); } -int wolfSSL_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) +int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings) { (void)opts; (void)settings; return wolfSSL_library_init(); } -int wolfSSL_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS* settings) +int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS* settings) { (void)opts; (void)settings; diff --git a/src/tls13.c b/src/tls13.c index 3b639d332..d5b37f93d 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1221,8 +1221,8 @@ end: #elif defined(WOLFSSL_DEOS) word32 TimeNowInMilliseconds(void) { - const uint32_t systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); - uint32_t *systemTickPtr = systemTickPointer(); + const word32 systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); + word32 *systemTickPtr = systemTickPointer(); return (word32) (*systemTickPtr/systemTickTimeInHz) * 1000; } diff --git a/src/wolfio.c b/src/wolfio.c index 7a90ce7c8..4faea569e 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -2142,7 +2142,7 @@ int Mynewt_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx) struct mn_sockaddr_in from; struct os_mbuf *m; int read_sz = 0; - uint16_t total; + word16 total; if (mynewt_ctx == NULL || mynewt_ctx->mnSocket == NULL) { WOLFSSL_MSG("Mynewt Recv NULL parameters"); @@ -2385,7 +2385,7 @@ int GNRC_ReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *_ctx) { sock_udp_ep_t ep; int ret; - uint32_t timeout = wolfSSL_dtls_get_current_timeout(ssl) * 1000000; + word32 timeout = wolfSSL_dtls_get_current_timeout(ssl) * 1000000; sock_tls_t *ctx = (sock_tls_t *)_ctx; if (!ctx) return WOLFSSL_CBIO_ERR_GENERAL; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 6cae25544..104f7d1f6 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -340,13 +340,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, - (uint32_t*)outBlock, STM32_HAL_TIMEOUT); + ret = HAL_CRYP_Encrypt(&hcryp, (word32*)inBlock, AES_BLOCK_SIZE, + (word32*)outBlock, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYPEx_AES(&hcryp, (byte*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); #else - ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (byte*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); #endif if (ret != HAL_OK) { @@ -380,18 +380,18 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits /* flush IN/OUT FIFOs */ CRYP_FIFOFlush(); - CRYP_DataIn(*(uint32_t*)&inBlock[0]); - CRYP_DataIn(*(uint32_t*)&inBlock[4]); - CRYP_DataIn(*(uint32_t*)&inBlock[8]); - CRYP_DataIn(*(uint32_t*)&inBlock[12]); + CRYP_DataIn(*(word32*)&inBlock[0]); + CRYP_DataIn(*(word32*)&inBlock[4]); + CRYP_DataIn(*(word32*)&inBlock[8]); + CRYP_DataIn(*(word32*)&inBlock[12]); /* wait until the complete message has been processed */ while (CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - *(uint32_t*)&outBlock[0] = CRYP_DataOut(); - *(uint32_t*)&outBlock[4] = CRYP_DataOut(); - *(uint32_t*)&outBlock[8] = CRYP_DataOut(); - *(uint32_t*)&outBlock[12] = CRYP_DataOut(); + *(word32*)&outBlock[0] = CRYP_DataOut(); + *(word32*)&outBlock[4] = CRYP_DataOut(); + *(word32*)&outBlock[8] = CRYP_DataOut(); + *(word32*)&outBlock[12] = CRYP_DataOut(); /* disable crypto processor */ CRYP_Cmd(DISABLE); @@ -433,13 +433,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, - (uint32_t*)outBlock, STM32_HAL_TIMEOUT); + ret = HAL_CRYP_Decrypt(&hcryp, (word32*)inBlock, AES_BLOCK_SIZE, + (word32*)outBlock, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYPEx_AES(&hcryp, (byte*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); #else - ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (byte*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); #endif if (ret != HAL_OK) { @@ -482,18 +482,18 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits /* flush IN/OUT FIFOs */ CRYP_FIFOFlush(); - CRYP_DataIn(*(uint32_t*)&inBlock[0]); - CRYP_DataIn(*(uint32_t*)&inBlock[4]); - CRYP_DataIn(*(uint32_t*)&inBlock[8]); - CRYP_DataIn(*(uint32_t*)&inBlock[12]); + CRYP_DataIn(*(word32*)&inBlock[0]); + CRYP_DataIn(*(word32*)&inBlock[4]); + CRYP_DataIn(*(word32*)&inBlock[8]); + CRYP_DataIn(*(word32*)&inBlock[12]); /* wait until the complete message has been processed */ while (CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - *(uint32_t*)&outBlock[0] = CRYP_DataOut(); - *(uint32_t*)&outBlock[4] = CRYP_DataOut(); - *(uint32_t*)&outBlock[8] = CRYP_DataOut(); - *(uint32_t*)&outBlock[12] = CRYP_DataOut(); + *(word32*)&outBlock[0] = CRYP_DataOut(); + *(word32*)&outBlock[4] = CRYP_DataOut(); + *(word32*)&outBlock[8] = CRYP_DataOut(); + *(word32*)&outBlock[12] = CRYP_DataOut(); /* disable crypto processor */ CRYP_Cmd(DISABLE); @@ -522,7 +522,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits /* if LTC doesn't have GCM, use software with LTC AES ECB mode */ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) { - uint32_t keySize = 0; + word32 keySize = 0; byte* key = (byte*)aes->key; wc_AesGetKeySize(aes, &keySize); @@ -536,7 +536,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #ifdef HAVE_AES_DECRYPT static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) { - uint32_t keySize = 0; + word32 keySize = 0; byte* key = (byte*)aes->key; wc_AesGetKeySize(aes, &keySize); @@ -852,7 +852,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits static int AES_ECB_encrypt(Aes* aes, const byte* inBlock, byte* outBlock, int sz) { - uint32_t ret; + word32 ret; if (WOLFSSL_SCE_GSCE_HANDLE.p_cfg->endian_flag == CRYPTO_WORD_ENDIAN_BIG) { @@ -910,7 +910,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits static int AES_ECB_decrypt(Aes* aes, const byte* inBlock, byte* outBlock, int sz) { - uint32_t ret; + word32 ret; if (WOLFSSL_SCE_GSCE_HANDLE.p_cfg->endian_flag == CRYPTO_WORD_ENDIAN_BIG) { @@ -2646,7 +2646,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - aes->ctx.key.pKey = (uint8_t*)aes->key; + aes->ctx.key.pKey = (byte*)aes->key; aes->ctx.key.keySize= keylen; ret = SaSi_AesSetKey(&aes->ctx.user_ctx, @@ -3085,13 +3085,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv) HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, - (uint32_t*)out, STM32_HAL_TIMEOUT); + ret = HAL_CRYP_Encrypt(&hcryp, (word32*)in, blocks * AES_BLOCK_SIZE, + (word32*)out, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, blocks * AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #else - ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (byte*)in, blocks * AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #endif if (ret != HAL_OK) { @@ -3139,13 +3139,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv) HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, - (uint32_t*)out, STM32_HAL_TIMEOUT); + ret = HAL_CRYP_Decrypt(&hcryp, (word32*)in, blocks * AES_BLOCK_SIZE, + (word32*)out, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, blocks * AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #else - ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (byte*)in, blocks * AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #endif if (ret != HAL_OK) { @@ -3209,18 +3209,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* flush IN/OUT FIFOs */ CRYP_FIFOFlush(); - CRYP_DataIn(*(uint32_t*)&in[0]); - CRYP_DataIn(*(uint32_t*)&in[4]); - CRYP_DataIn(*(uint32_t*)&in[8]); - CRYP_DataIn(*(uint32_t*)&in[12]); + CRYP_DataIn(*(word32*)&in[0]); + CRYP_DataIn(*(word32*)&in[4]); + CRYP_DataIn(*(word32*)&in[8]); + CRYP_DataIn(*(word32*)&in[12]); /* wait until the complete message has been processed */ while (CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - *(uint32_t*)&out[0] = CRYP_DataOut(); - *(uint32_t*)&out[4] = CRYP_DataOut(); - *(uint32_t*)&out[8] = CRYP_DataOut(); - *(uint32_t*)&out[12] = CRYP_DataOut(); + *(word32*)&out[0] = CRYP_DataOut(); + *(word32*)&out[4] = CRYP_DataOut(); + *(word32*)&out[8] = CRYP_DataOut(); + *(word32*)&out[12] = CRYP_DataOut(); /* store iv for next call */ XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); @@ -3296,18 +3296,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* flush IN/OUT FIFOs */ CRYP_FIFOFlush(); - CRYP_DataIn(*(uint32_t*)&in[0]); - CRYP_DataIn(*(uint32_t*)&in[4]); - CRYP_DataIn(*(uint32_t*)&in[8]); - CRYP_DataIn(*(uint32_t*)&in[12]); + CRYP_DataIn(*(word32*)&in[0]); + CRYP_DataIn(*(word32*)&in[4]); + CRYP_DataIn(*(word32*)&in[8]); + CRYP_DataIn(*(word32*)&in[12]); /* wait until the complete message has been processed */ while (CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - *(uint32_t*)&out[0] = CRYP_DataOut(); - *(uint32_t*)&out[4] = CRYP_DataOut(); - *(uint32_t*)&out[8] = CRYP_DataOut(); - *(uint32_t*)&out[12] = CRYP_DataOut(); + *(word32*)&out[0] = CRYP_DataOut(); + *(word32*)&out[4] = CRYP_DataOut(); + *(word32*)&out[8] = CRYP_DataOut(); + *(word32*)&out[12] = CRYP_DataOut(); /* store iv for next call */ XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); @@ -3434,7 +3434,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #elif defined(FREESCALE_LTC) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - uint32_t keySize; + word32 keySize; status_t status; byte *iv, *enc_key; word32 blocks = (sz / AES_BLOCK_SIZE); @@ -3465,7 +3465,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #ifdef HAVE_AES_DECRYPT int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - uint32_t keySize; + word32 keySize; status_t status; byte* iv, *dec_key; word32 blocks = (sz / AES_BLOCK_SIZE); @@ -3618,11 +3618,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #elif defined(WOLFSSL_CRYPTOCELL) && defined(WOLFSSL_CRYPTOCELL_AES) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - return SaSi_AesBlock(&aes->ctx.user_ctx, (uint8_t* )in, sz, out); + return SaSi_AesBlock(&aes->ctx.user_ctx, (byte* )in, sz, out); } int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - return SaSi_AesBlock(&aes->ctx.user_ctx, (uint8_t* )in, sz, out); + return SaSi_AesBlock(&aes->ctx.user_ctx, (byte* )in, sz, out); } #elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) /* implemented in wolfcrypt/src/port/caam/caam_aes.c */ @@ -3898,8 +3898,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, - (uint32_t*)out, STM32_HAL_TIMEOUT); + ret = HAL_CRYP_Encrypt(&hcryp, (word32*)in, AES_BLOCK_SIZE, + (word32*)out, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -3949,18 +3949,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* flush IN/OUT FIFOs */ CRYP_FIFOFlush(); - CRYP_DataIn(*(uint32_t*)&in[0]); - CRYP_DataIn(*(uint32_t*)&in[4]); - CRYP_DataIn(*(uint32_t*)&in[8]); - CRYP_DataIn(*(uint32_t*)&in[12]); + CRYP_DataIn(*(word32*)&in[0]); + CRYP_DataIn(*(word32*)&in[4]); + CRYP_DataIn(*(word32*)&in[8]); + CRYP_DataIn(*(word32*)&in[12]); /* wait until the complete message has been processed */ while (CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - *(uint32_t*)&out[0] = CRYP_DataOut(); - *(uint32_t*)&out[4] = CRYP_DataOut(); - *(uint32_t*)&out[8] = CRYP_DataOut(); - *(uint32_t*)&out[12] = CRYP_DataOut(); + *(word32*)&out[0] = CRYP_DataOut(); + *(word32*)&out[4] = CRYP_DataOut(); + *(word32*)&out[8] = CRYP_DataOut(); + *(word32*)&out[12] = CRYP_DataOut(); /* disable crypto processor */ CRYP_Cmd(DISABLE); @@ -3993,7 +3993,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int ret = 0; - uint32_t keySize; + word32 keySize; byte *iv, *enc_key; byte* tmp; @@ -4020,7 +4020,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return ret; LTC_AES_CryptCtr(LTC_BASE, in, out, sz, iv, enc_key, keySize, (byte*)aes->tmp, - (uint32_t*)&aes->left); + (word32*)&aes->left); wolfSSL_CryptHwMutexUnLock(); } @@ -6520,11 +6520,11 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz HAL_CRYP_Init(&hcryp); /* GCM payload phase - can handle partial blocks */ - status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + status = HAL_CRYP_Encrypt(&hcryp, (word32*)in, + (blocks * AES_BLOCK_SIZE) + partial, (word32*)out, STM32_HAL_TIMEOUT); if (status == HAL_OK) { /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (word32*)tag, STM32_HAL_TIMEOUT); } #elif defined(STM32_CRYPTO_AES_ONLY) @@ -6556,14 +6556,14 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); - status = HAL_CRYPEx_AES_Auth(&hcryp, (uint8_t*)partialBlock, partial, - (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); + status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)partialBlock, partial, + (byte*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK) { /* GCM final phase */ hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; - status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT); + status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT); } #else hcryp.Init.HeaderSize = authPadSz; @@ -6577,13 +6577,13 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); - status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (uint8_t*)partialBlock, partial, - (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); + status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (byte*)partialBlock, partial, + (byte*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK) { /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT); + status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (byte*)tag, STM32_HAL_TIMEOUT); } #endif @@ -6593,11 +6593,11 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz #else /* Standard Peripheral Library */ ByteReverseWords(keyCopy, (word32*)aes->key, keySize); - status = CRYP_AES_GCM(MODE_ENCRYPT, (uint8_t*)ctr, - (uint8_t*)keyCopy, keySize * 8, - (uint8_t*)in, sz, - (uint8_t*)authInPadded, authInSz, - (uint8_t*)out, (uint8_t*)tag); + status = CRYP_AES_GCM(MODE_ENCRYPT, (byte*)ctr, + (byte*)keyCopy, keySize * 8, + (byte*)in, sz, + (byte*)authInPadded, authInSz, + (byte*)out, (byte*)tag); if (status != SUCCESS) ret = AES_GCM_AUTH_E; #endif /* WOLFSSL_STM32_CUBEMX */ @@ -6989,11 +6989,11 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, HAL_CRYP_Init(&hcryp); /* GCM payload phase - can handle partial blocks */ - status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + status = HAL_CRYP_Decrypt(&hcryp, (word32*)in, + (blocks * AES_BLOCK_SIZE) + partial, (word32*)out, STM32_HAL_TIMEOUT); if (status == HAL_OK && tagComputed == 0) { /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (word32*)tag, STM32_HAL_TIMEOUT); } #elif defined(STM32_CRYPTO_AES_ONLY) @@ -7068,11 +7068,11 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, * they are not block aligned, because this length (in bits) is used * in the final GHASH. */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); /* use this to get tag */ - status = CRYP_AES_GCM(MODE_DECRYPT, (uint8_t*)ctr, - (uint8_t*)keyCopy, keySize * 8, - (uint8_t*)in, sz, - (uint8_t*)authInPadded, authInSz, - (uint8_t*)out, (uint8_t*)partialBlock); + status = CRYP_AES_GCM(MODE_DECRYPT, (byte*)ctr, + (byte*)keyCopy, keySize * 8, + (byte*)in, sz, + (byte*)authInPadded, authInSz, + (byte*)out, (byte*)partialBlock); if (status != SUCCESS) ret = AES_GCM_AUTH_E; if (tagComputed == 0) @@ -7596,7 +7596,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* authIn, word32 authInSz) { byte *key; - uint32_t keySize; + word32 keySize; status_t status; /* sanity check on arguments */ @@ -7634,7 +7634,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* authIn, word32 authInSz) { byte *key; - uint32_t keySize; + word32 keySize; status_t status; /* sanity check on arguments */ diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index a6548dc5d..bc8971e82 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -216,8 +216,8 @@ hcryp.Instance = CRYP; hcryp.Init.KeySize = CRYP_KEYSIZE_128B; hcryp.Init.DataType = CRYP_DATATYPE_8B; - hcryp.Init.pKey = (uint8_t*)des->key; - hcryp.Init.pInitVect = (uint8_t*)des->reg; + hcryp.Init.pKey = (byte*)des->key; + hcryp.Init.pInitVect = (byte*)des->reg; HAL_CRYP_Init(&hcryp); @@ -227,21 +227,21 @@ if (mode == DES_CBC) { if (dir == DES_ENCRYPTION) { - HAL_CRYP_DESCBC_Encrypt(&hcryp, (uint8_t*)in, + HAL_CRYP_DESCBC_Encrypt(&hcryp, (byte*)in, DES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); } else { - HAL_CRYP_DESCBC_Decrypt(&hcryp, (uint8_t*)in, + HAL_CRYP_DESCBC_Decrypt(&hcryp, (byte*)in, DES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); } } else { if (dir == DES_ENCRYPTION) { - HAL_CRYP_DESECB_Encrypt(&hcryp, (uint8_t*)in, + HAL_CRYP_DESECB_Encrypt(&hcryp, (byte*)in, DES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); } else { - HAL_CRYP_DESECB_Decrypt(&hcryp, (uint8_t*)in, + HAL_CRYP_DESECB_Decrypt(&hcryp, (byte*)in, DES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); } } @@ -304,14 +304,14 @@ /* if input and output same will overwrite input iv */ XMEMCPY(des->tmp, in + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE); - CRYP_DataIn(*(uint32_t*)&in[0]); - CRYP_DataIn(*(uint32_t*)&in[4]); + CRYP_DataIn(*(word32*)&in[0]); + CRYP_DataIn(*(word32*)&in[4]); /* wait until the complete message has been processed */ while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - *(uint32_t*)&out[0] = CRYP_DataOut(); - *(uint32_t*)&out[4] = CRYP_DataOut(); + *(word32*)&out[0] = CRYP_DataOut(); + *(word32*)&out[4] = CRYP_DataOut(); /* store iv for next call */ XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE); @@ -359,8 +359,8 @@ hcryp.Instance = CRYP; hcryp.Init.KeySize = CRYP_KEYSIZE_128B; hcryp.Init.DataType = CRYP_DATATYPE_8B; - hcryp.Init.pKey = (uint8_t*)des->key; - hcryp.Init.pInitVect = (uint8_t*)des->reg; + hcryp.Init.pKey = (byte*)des->key; + hcryp.Init.pInitVect = (byte*)des->reg; HAL_CRYP_Init(&hcryp); @@ -439,14 +439,14 @@ /* flush IN/OUT FIFOs */ CRYP_FIFOFlush(); - CRYP_DataIn(*(uint32_t*)&in[0]); - CRYP_DataIn(*(uint32_t*)&in[4]); + CRYP_DataIn(*(word32*)&in[0]); + CRYP_DataIn(*(word32*)&in[4]); /* wait until the complete message has been processed */ while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - *(uint32_t*)&out[0] = CRYP_DataOut(); - *(uint32_t*)&out[4] = CRYP_DataOut(); + *(word32*)&out[0] = CRYP_DataOut(); + *(word32*)&out[4] = CRYP_DataOut(); /* store iv for next call */ XMEMCPY(des->reg, out + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE); diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c index 1a4ce2fba..17dd022af 100644 --- a/wolfcrypt/src/fe_448.c +++ b/wolfcrypt/src/fe_448.c @@ -1,6 +1,6 @@ /* fe_448.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2021 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -54,11 +54,11 @@ void fe448_init(void) * * a [in] Field element in range 0..2^448-1. */ -void fe448_norm(uint8_t* a) +void fe448_norm(word8* a) { int i; - int16_t c = 0; - int16_t o = 0; + sword16 c = 0; + sword16 o = 0; for (i = 0; i < 56; i++) { c += a[i]; @@ -70,7 +70,7 @@ void fe448_norm(uint8_t* a) for (i = 0; i < 56; i++) { if ((i == 0) || (i == 28)) o += c; o += a[i]; - a[i] = (uint8_t)o; + a[i] = (word8)o; o >>= 8; } } @@ -80,7 +80,7 @@ void fe448_norm(uint8_t* a) * d [in] Destination field element. * a [in] Source field element. */ -void fe448_copy(uint8_t* d, const uint8_t* a) +void fe448_copy(word8* d, const word8* a) { int i; for (i = 0; i < 56; i++) { @@ -95,11 +95,11 @@ void fe448_copy(uint8_t* d, const uint8_t* a) * b [in] Second field element. * c [in] Swap when 1. Valid values: 0, 1. */ -static void fe448_cswap(uint8_t* a, uint8_t* b, int c) +static void fe448_cswap(word8* a, word8* b, int c) { int i; - uint8_t mask = -(uint8_t)c; - uint8_t t[56]; + word8 mask = -(word8)c; + word8 t[56]; for (i = 0; i < 56; i++) t[i] = (a[i] ^ b[i]) & mask; @@ -115,23 +115,23 @@ static void fe448_cswap(uint8_t* a, uint8_t* b, int c) * a [in] Field element to add. * b [in] Field element to add. */ -void fe448_add(uint8_t* r, const uint8_t* a, const uint8_t* b) +void fe448_add(word8* r, const word8* a, const word8* b) { int i; - int16_t c = 0; - int16_t o = 0; + sword16 c = 0; + sword16 o = 0; for (i = 0; i < 56; i++) { c += a[i]; c += b[i]; - r[i] = (uint8_t)c; + r[i] = (word8)c; c >>= 8; } for (i = 0; i < 56; i++) { if ((i == 0) || (i == 28)) o += c; o += r[i]; - r[i] = (uint8_t)o; + r[i] = (word8)o; o >>= 8; } } @@ -142,11 +142,11 @@ void fe448_add(uint8_t* r, const uint8_t* a, const uint8_t* b) * a [in] Field element to subtract from. * b [in] Field element to subtract. */ -void fe448_sub(uint8_t* r, const uint8_t* a, const uint8_t* b) +void fe448_sub(word8* r, const word8* a, const word8* b) { int i; - int16_t c = 0; - int16_t o = 0; + sword16 c = 0; + sword16 o = 0; for (i = 0; i < 56; i++) { if (i == 28) @@ -155,14 +155,14 @@ void fe448_sub(uint8_t* r, const uint8_t* a, const uint8_t* b) c += 0x1fe; c += a[i]; c -= b[i]; - r[i] = (uint8_t)c; + r[i] = (word8)c; c >>= 8; } for (i = 0; i < 56; i++) { if ((i == 0) || (i == 28)) o += c; o += r[i]; - r[i] = (uint8_t)o; + r[i] = (word8)o; o >>= 8; } } @@ -172,22 +172,22 @@ void fe448_sub(uint8_t* r, const uint8_t* a, const uint8_t* b) * r [in] Field element to hold result. * a [in] Field element to multiply. */ -void fe448_mul39081(uint8_t* r, const uint8_t* a) +void fe448_mul39081(word8* r, const word8* a) { int i; - int32_t c = 0; - int32_t o = 0; + sword32 c = 0; + sword32 o = 0; for (i = 0; i < 56; i++) { - c += a[i] * (int32_t)39081; - r[i] = (uint8_t)c; + c += a[i] * (sword32)39081; + r[i] = (word8)c; c >>= 8; } for (i = 0; i < 56; i++) { if ((i == 0) || (i == 28)) o += c; o += r[i]; - r[i] = (uint8_t)o; + r[i] = (word8)o; o >>= 8; } } @@ -198,36 +198,36 @@ void fe448_mul39081(uint8_t* r, const uint8_t* a) * a [in] Field element to multiply. * b [in] Field element to multiply. */ -void fe448_mul(uint8_t* r, const uint8_t* a, const uint8_t* b) +void fe448_mul(word8* r, const word8* a, const word8* b) { int i, k; - int32_t c = 0; - int16_t o = 0, cc = 0; - uint8_t t[112]; + sword32 c = 0; + sword16 o = 0, cc = 0; + word8 t[112]; for (k = 0; k < 56; k++) { i = 0; for (; i <= k; i++) { - c += (int32_t)a[i] * b[k - i]; + c += (sword32)a[i] * b[k - i]; } - t[k] = (uint8_t)c; + t[k] = (word8)c; c >>= 8; } for (; k < 111; k++) { i = k - 55; for (; i < 56; i++) { - c += (int32_t)a[i] * b[k - i]; + c += (sword32)a[i] * b[k - i]; } - t[k] = (uint8_t)c; + t[k] = (word8)c; c >>= 8; } - t[k] = (uint8_t)c; + t[k] = (word8)c; for (i = 0; i < 28; i++) { o += t[i]; o += t[i + 56]; o += t[i + 84]; - r[i] = (uint8_t)o; + r[i] = (word8)o; o >>= 8; } for (i = 28; i < 56; i++) { @@ -235,13 +235,13 @@ void fe448_mul(uint8_t* r, const uint8_t* a, const uint8_t* b) o += t[i + 56]; o += t[i + 28]; o += t[i + 56]; - r[i] = (uint8_t)o; + r[i] = (word8)o; o >>= 8; } for (i = 0; i < 56; i++) { if ((i == 0) || (i == 28)) cc += o; cc += r[i]; - r[i] = (uint8_t)cc; + r[i] = (word8)cc; cc >>= 8; } } @@ -251,25 +251,25 @@ void fe448_mul(uint8_t* r, const uint8_t* a, const uint8_t* b) * r [in] Field element to hold result. * a [in] Field element to square. */ -void fe448_sqr(uint8_t* r, const uint8_t* a) +void fe448_sqr(word8* r, const word8* a) { int i, k; - int32_t c = 0; - int32_t p; - int16_t o = 0, cc = 0; - uint8_t t[112]; + sword32 c = 0; + sword32 p; + sword16 o = 0, cc = 0; + word8 t[112]; for (k = 0; k < 56; k++) { i = 0; for (; i <= k; i++) { if (k - i < i) break; - p = (int32_t)a[i] * a[k - i]; + p = (sword32)a[i] * a[k - i]; if (k - i != i) p *= 2; c += p; } - t[k] = (uint8_t)c; + t[k] = (word8)c; c >>= 8; } for (; k < 111; k++) { @@ -277,21 +277,21 @@ void fe448_sqr(uint8_t* r, const uint8_t* a) for (; i < 56; i++) { if (k - i < i) break; - p = (int32_t)a[i] * a[k - i]; + p = (sword32)a[i] * a[k - i]; if (k - i != i) p *= 2; c += p; } - t[k] = (uint8_t)c; + t[k] = (word8)c; c >>= 8; } - t[k] = (uint8_t)c; + t[k] = (word8)c; for (i = 0; i < 28; i++) { o += t[i]; o += t[i + 56]; o += t[i + 84]; - r[i] = (uint8_t)o; + r[i] = (word8)o; o >>= 8; } for (i = 28; i < 56; i++) { @@ -299,13 +299,13 @@ void fe448_sqr(uint8_t* r, const uint8_t* a) o += t[i + 56]; o += t[i + 28]; o += t[i + 56]; - r[i] = (uint8_t)o; + r[i] = (word8)o; o >>= 8; } for (i = 0; i < 56; i++) { if ((i == 0) || (i == 28)) cc += o; cc += r[i]; - r[i] = (uint8_t)cc; + r[i] = (word8)cc; cc >>= 8; } fe448_norm(r); @@ -319,10 +319,10 @@ void fe448_sqr(uint8_t* r, const uint8_t* a) * r [in] Field element to hold result. * a [in] Field element to invert. */ -void fe448_invert(uint8_t* r, const uint8_t* a) +void fe448_invert(word8* r, const word8* a) { int i; - uint8_t t[56]; + word8 t[56]; fe448_sqr(t, a); fe448_mul(t, t, a); @@ -349,13 +349,13 @@ void fe448_invert(uint8_t* r, const uint8_t* a) */ int curve448(byte* r, const byte* n, const byte* a) { - uint8_t x1[56]; - uint8_t x2[56] = {1}; - uint8_t z2[56] = {0}; - uint8_t x3[56]; - uint8_t z3[56] = {1}; - uint8_t t0[56]; - uint8_t t1[56]; + word8 x1[56]; + word8 x2[56] = {1}; + word8 z2[56] = {0}; + word8 x3[56]; + word8 z3[56] = {1}; + word8 t0[56]; + word8 t1[56]; int i; unsigned int swap; unsigned int b; @@ -408,10 +408,10 @@ int curve448(byte* r, const byte* n, const byte* a) * a [in] Field element. * returns 0 when zero, and any other value otherwise. */ -int fe448_isnonzero(const uint8_t* a) +int fe448_isnonzero(const word8* a) { int i; - uint8_t c = 0; + byte c = 0; for (i = 0; i < 56; i++) c |= a[i]; return c; @@ -424,11 +424,11 @@ int fe448_isnonzero(const uint8_t* a) * r [in] Field element to hold result. * a [in] Field element. */ -void fe448_neg(uint8_t* r, const uint8_t* a) +void fe448_neg(word8* r, const word8* a) { int i; - int16_t c = 0; - int16_t o = 0; + sword16 c = 0; + sword16 o = 0; for (i = 0; i < 56; i++) { if (i == 28) @@ -436,14 +436,14 @@ void fe448_neg(uint8_t* r, const uint8_t* a) else c += 0x1fe; c -= a[i]; - r[i] = (uint8_t)c; + r[i] = (word8)c; c >>= 8; } for (i = 0; i < 56; i++) { if ((i == 0) || (i == 28)) o += c; o += r[i]; - r[i] = (uint8_t)o; + r[i] = (word8)o; o >>= 8; } } @@ -454,10 +454,10 @@ void fe448_neg(uint8_t* r, const uint8_t* a) * r [in] Field element to hold result. * a [in] Field element to exponentiate. */ -void fe448_pow_2_446_222_1(uint8_t* r, const uint8_t* a) +void fe448_pow_2_446_222_1(word8* r, const word8* a) { int i; - uint8_t t[56]; + word8 t[56]; fe448_sqr(t, a); fe448_mul(t, t, a); @@ -481,11 +481,11 @@ void fe448_pow_2_446_222_1(uint8_t* r, const uint8_t* a) * b A field element. * c If 1 then copy and if 0 then don't copy. */ -void fe448_cmov(uint8_t* a, const uint8_t* b, int c) +void fe448_cmov(word8* a, const word8* b, int c) { int i; - uint8_t m = -(uint8_t)c; - uint8_t t[56]; + word8 m = -(word8)c; + word8 t[56]; for (i = 0; i < 56; i++) t[i] = m & (a[i] ^ b[i]); @@ -507,64 +507,64 @@ void fe448_init(void) * r [in] Array to encode into. * b [in] Byte array. */ -void fe448_from_bytes(int64_t* r, const unsigned char* b) +void fe448_from_bytes(sword64* r, const unsigned char* b) { - r[ 0] = ((int64_t) (b[ 0]) << 0) - | ((int64_t) (b[ 1]) << 8) - | ((int64_t) (b[ 2]) << 16) - | ((int64_t) (b[ 3]) << 24) - | ((int64_t) (b[ 4]) << 32) - | ((int64_t) (b[ 5]) << 40) - | ((int64_t) (b[ 6]) << 48); - r[ 1] = ((int64_t) (b[ 7]) << 0) - | ((int64_t) (b[ 8]) << 8) - | ((int64_t) (b[ 9]) << 16) - | ((int64_t) (b[10]) << 24) - | ((int64_t) (b[11]) << 32) - | ((int64_t) (b[12]) << 40) - | ((int64_t) (b[13]) << 48); - r[ 2] = ((int64_t) (b[14]) << 0) - | ((int64_t) (b[15]) << 8) - | ((int64_t) (b[16]) << 16) - | ((int64_t) (b[17]) << 24) - | ((int64_t) (b[18]) << 32) - | ((int64_t) (b[19]) << 40) - | ((int64_t) (b[20]) << 48); - r[ 3] = ((int64_t) (b[21]) << 0) - | ((int64_t) (b[22]) << 8) - | ((int64_t) (b[23]) << 16) - | ((int64_t) (b[24]) << 24) - | ((int64_t) (b[25]) << 32) - | ((int64_t) (b[26]) << 40) - | ((int64_t) (b[27]) << 48); - r[ 4] = ((int64_t) (b[28]) << 0) - | ((int64_t) (b[29]) << 8) - | ((int64_t) (b[30]) << 16) - | ((int64_t) (b[31]) << 24) - | ((int64_t) (b[32]) << 32) - | ((int64_t) (b[33]) << 40) - | ((int64_t) (b[34]) << 48); - r[ 5] = ((int64_t) (b[35]) << 0) - | ((int64_t) (b[36]) << 8) - | ((int64_t) (b[37]) << 16) - | ((int64_t) (b[38]) << 24) - | ((int64_t) (b[39]) << 32) - | ((int64_t) (b[40]) << 40) - | ((int64_t) (b[41]) << 48); - r[ 6] = ((int64_t) (b[42]) << 0) - | ((int64_t) (b[43]) << 8) - | ((int64_t) (b[44]) << 16) - | ((int64_t) (b[45]) << 24) - | ((int64_t) (b[46]) << 32) - | ((int64_t) (b[47]) << 40) - | ((int64_t) (b[48]) << 48); - r[ 7] = ((int64_t) (b[49]) << 0) - | ((int64_t) (b[50]) << 8) - | ((int64_t) (b[51]) << 16) - | ((int64_t) (b[52]) << 24) - | ((int64_t) (b[53]) << 32) - | ((int64_t) (b[54]) << 40) - | ((int64_t) (b[55]) << 48); + r[ 0] = ((sword64) (b[ 0]) << 0) + | ((sword64) (b[ 1]) << 8) + | ((sword64) (b[ 2]) << 16) + | ((sword64) (b[ 3]) << 24) + | ((sword64) (b[ 4]) << 32) + | ((sword64) (b[ 5]) << 40) + | ((sword64) (b[ 6]) << 48); + r[ 1] = ((sword64) (b[ 7]) << 0) + | ((sword64) (b[ 8]) << 8) + | ((sword64) (b[ 9]) << 16) + | ((sword64) (b[10]) << 24) + | ((sword64) (b[11]) << 32) + | ((sword64) (b[12]) << 40) + | ((sword64) (b[13]) << 48); + r[ 2] = ((sword64) (b[14]) << 0) + | ((sword64) (b[15]) << 8) + | ((sword64) (b[16]) << 16) + | ((sword64) (b[17]) << 24) + | ((sword64) (b[18]) << 32) + | ((sword64) (b[19]) << 40) + | ((sword64) (b[20]) << 48); + r[ 3] = ((sword64) (b[21]) << 0) + | ((sword64) (b[22]) << 8) + | ((sword64) (b[23]) << 16) + | ((sword64) (b[24]) << 24) + | ((sword64) (b[25]) << 32) + | ((sword64) (b[26]) << 40) + | ((sword64) (b[27]) << 48); + r[ 4] = ((sword64) (b[28]) << 0) + | ((sword64) (b[29]) << 8) + | ((sword64) (b[30]) << 16) + | ((sword64) (b[31]) << 24) + | ((sword64) (b[32]) << 32) + | ((sword64) (b[33]) << 40) + | ((sword64) (b[34]) << 48); + r[ 5] = ((sword64) (b[35]) << 0) + | ((sword64) (b[36]) << 8) + | ((sword64) (b[37]) << 16) + | ((sword64) (b[38]) << 24) + | ((sword64) (b[39]) << 32) + | ((sword64) (b[40]) << 40) + | ((sword64) (b[41]) << 48); + r[ 6] = ((sword64) (b[42]) << 0) + | ((sword64) (b[43]) << 8) + | ((sword64) (b[44]) << 16) + | ((sword64) (b[45]) << 24) + | ((sword64) (b[46]) << 32) + | ((sword64) (b[47]) << 40) + | ((sword64) (b[48]) << 48); + r[ 7] = ((sword64) (b[49]) << 0) + | ((sword64) (b[50]) << 8) + | ((sword64) (b[51]) << 16) + | ((sword64) (b[52]) << 24) + | ((sword64) (b[53]) << 32) + | ((sword64) (b[54]) << 40) + | ((sword64) (b[55]) << 48); } /* Convert the field element to a byte array from an array of 56-bits. @@ -572,19 +572,19 @@ void fe448_from_bytes(int64_t* r, const unsigned char* b) * b [in] Byte array. * a [in] Array to encode into. */ -void fe448_to_bytes(unsigned char* b, const int64_t* a) +void fe448_to_bytes(unsigned char* b, const sword64* a) { - int128_t t; + sword128 t; /* Mod */ - int64_t in0 = a[0]; - int64_t in1 = a[1]; - int64_t in2 = a[2]; - int64_t in3 = a[3]; - int64_t in4 = a[4]; - int64_t in5 = a[5]; - int64_t in6 = a[6]; - int64_t in7 = a[7]; - int64_t o = in7 >> 56; + sword64 in0 = a[0]; + sword64 in1 = a[1]; + sword64 in2 = a[2]; + sword64 in3 = a[3]; + sword64 in4 = a[4]; + sword64 in5 = a[5]; + sword64 in6 = a[6]; + sword64 in7 = a[7]; + sword64 o = in7 >> 56; in7 -= o << 56; in0 += o; in4 += o; @@ -672,7 +672,7 @@ void fe448_to_bytes(unsigned char* b, const int64_t* a) * * a [in] Field element. */ -void fe448_1(int64_t* a) +void fe448_1(sword64* a) { a[0] = 1; a[1] = 0; @@ -688,7 +688,7 @@ void fe448_1(int64_t* a) * * a [in] Field element. */ -void fe448_0(int64_t* a) +void fe448_0(sword64* a) { a[0] = 0; a[1] = 0; @@ -705,7 +705,7 @@ void fe448_0(int64_t* a) * d [in] Destination field element. * a [in] Source field element. */ -void fe448_copy(int64_t* d, const int64_t* a) +void fe448_copy(sword64* d, const sword64* a) { d[0] = a[0]; d[1] = a[1]; @@ -724,17 +724,17 @@ void fe448_copy(int64_t* d, const int64_t* a) * b [in] Second field element. * c [in] Swap when 1. Valid values: 0, 1. */ -static void fe448_cswap(int64_t* a, int64_t* b, int c) +static void fe448_cswap(sword64* a, sword64* b, int c) { - int64_t mask = -(int64_t)c; - int64_t t0 = (a[0] ^ b[0]) & mask; - int64_t t1 = (a[1] ^ b[1]) & mask; - int64_t t2 = (a[2] ^ b[2]) & mask; - int64_t t3 = (a[3] ^ b[3]) & mask; - int64_t t4 = (a[4] ^ b[4]) & mask; - int64_t t5 = (a[5] ^ b[5]) & mask; - int64_t t6 = (a[6] ^ b[6]) & mask; - int64_t t7 = (a[7] ^ b[7]) & mask; + sword64 mask = -(sword64)c; + sword64 t0 = (a[0] ^ b[0]) & mask; + sword64 t1 = (a[1] ^ b[1]) & mask; + sword64 t2 = (a[2] ^ b[2]) & mask; + sword64 t3 = (a[3] ^ b[3]) & mask; + sword64 t4 = (a[4] ^ b[4]) & mask; + sword64 t5 = (a[5] ^ b[5]) & mask; + sword64 t6 = (a[6] ^ b[6]) & mask; + sword64 t7 = (a[7] ^ b[7]) & mask; a[0] ^= t0; a[1] ^= t1; a[2] ^= t2; @@ -759,7 +759,7 @@ static void fe448_cswap(int64_t* a, int64_t* b, int c) * a [in] Field element to add. * b [in] Field element to add. */ -void fe448_add(int64_t* r, const int64_t* a, const int64_t* b) +void fe448_add(sword64* r, const sword64* a, const sword64* b) { r[0] = a[0] + b[0]; r[1] = a[1] + b[1]; @@ -777,7 +777,7 @@ void fe448_add(int64_t* r, const int64_t* a, const int64_t* b) * a [in] Field element to subtract from. * b [in] Field element to subtract. */ -void fe448_sub(int64_t* r, const int64_t* a, const int64_t* b) +void fe448_sub(sword64* r, const sword64* a, const sword64* b) { r[0] = a[0] - b[0]; r[1] = a[1] - b[1]; @@ -794,37 +794,37 @@ void fe448_sub(int64_t* r, const int64_t* a, const int64_t* b) * r [in] Field element to hold result. * a [in] Field element to multiply. */ -void fe448_mul39081(int64_t* r, const int64_t* a) +void fe448_mul39081(sword64* r, const sword64* a) { - int128_t t; - int64_t o; - int128_t t0 = a[0] * (int128_t)39081; - int128_t t1 = a[1] * (int128_t)39081; - int128_t t2 = a[2] * (int128_t)39081; - int128_t t3 = a[3] * (int128_t)39081; - int128_t t4 = a[4] * (int128_t)39081; - int128_t t5 = a[5] * (int128_t)39081; - int128_t t6 = a[6] * (int128_t)39081; - int128_t t7 = a[7] * (int128_t)39081; - o = (int64_t)(t0 >> 56); t1 += o; t = (int128_t)o << 56; t0 -= t; - o = (int64_t)(t1 >> 56); t2 += o; t = (int128_t)o << 56; t1 -= t; - o = (int64_t)(t2 >> 56); t3 += o; t = (int128_t)o << 56; t2 -= t; - o = (int64_t)(t3 >> 56); t4 += o; t = (int128_t)o << 56; t3 -= t; - o = (int64_t)(t4 >> 56); t5 += o; t = (int128_t)o << 56; t4 -= t; - o = (int64_t)(t5 >> 56); t6 += o; t = (int128_t)o << 56; t5 -= t; - o = (int64_t)(t6 >> 56); t7 += o; t = (int128_t)o << 56; t6 -= t; - o = (int64_t)(t7 >> 56); t0 += o; - t4 += o; t = (int128_t)o << 56; t7 -= t; + sword128 t; + sword64 o; + sword128 t0 = a[0] * (sword128)39081; + sword128 t1 = a[1] * (sword128)39081; + sword128 t2 = a[2] * (sword128)39081; + sword128 t3 = a[3] * (sword128)39081; + sword128 t4 = a[4] * (sword128)39081; + sword128 t5 = a[5] * (sword128)39081; + sword128 t6 = a[6] * (sword128)39081; + sword128 t7 = a[7] * (sword128)39081; + o = (sword64)(t0 >> 56); t1 += o; t = (sword128)o << 56; t0 -= t; + o = (sword64)(t1 >> 56); t2 += o; t = (sword128)o << 56; t1 -= t; + o = (sword64)(t2 >> 56); t3 += o; t = (sword128)o << 56; t2 -= t; + o = (sword64)(t3 >> 56); t4 += o; t = (sword128)o << 56; t3 -= t; + o = (sword64)(t4 >> 56); t5 += o; t = (sword128)o << 56; t4 -= t; + o = (sword64)(t5 >> 56); t6 += o; t = (sword128)o << 56; t5 -= t; + o = (sword64)(t6 >> 56); t7 += o; t = (sword128)o << 56; t6 -= t; + o = (sword64)(t7 >> 56); t0 += o; + t4 += o; t = (sword128)o << 56; t7 -= t; /* Store */ - r[0] = (int64_t)t0; - r[1] = (int64_t)t1; - r[2] = (int64_t)t2; - r[3] = (int64_t)t3; - r[4] = (int64_t)t4; - r[5] = (int64_t)t5; - r[6] = (int64_t)t6; - r[7] = (int64_t)t7; + r[0] = (sword64)t0; + r[1] = (sword64)t1; + r[2] = (sword64)t2; + r[3] = (sword64)t3; + r[4] = (sword64)t4; + r[5] = (sword64)t5; + r[6] = (sword64)t6; + r[7] = (sword64)t7; } /* Mulitply two field elements. r = (a * b) mod (2^448 - 2^224 - 1) @@ -833,74 +833,74 @@ void fe448_mul39081(int64_t* r, const int64_t* a) * a [in] Field element to multiply. * b [in] Field element to multiply. */ -void fe448_mul(int64_t* r, const int64_t* a, const int64_t* b) +void fe448_mul(sword64* r, const sword64* a, const sword64* b) { - int128_t t; - int64_t o; - int128_t t0 = (int128_t)a[ 0] * b[ 0]; - int128_t t1 = (int128_t)a[ 0] * b[ 1]; - int128_t t101 = (int128_t)a[ 1] * b[ 0]; - int128_t t2 = (int128_t)a[ 0] * b[ 2]; - int128_t t102 = (int128_t)a[ 1] * b[ 1]; - int128_t t202 = (int128_t)a[ 2] * b[ 0]; - int128_t t3 = (int128_t)a[ 0] * b[ 3]; - int128_t t103 = (int128_t)a[ 1] * b[ 2]; - int128_t t203 = (int128_t)a[ 2] * b[ 1]; - int128_t t303 = (int128_t)a[ 3] * b[ 0]; - int128_t t4 = (int128_t)a[ 0] * b[ 4]; - int128_t t104 = (int128_t)a[ 1] * b[ 3]; - int128_t t204 = (int128_t)a[ 2] * b[ 2]; - int128_t t304 = (int128_t)a[ 3] * b[ 1]; - int128_t t404 = (int128_t)a[ 4] * b[ 0]; - int128_t t5 = (int128_t)a[ 0] * b[ 5]; - int128_t t105 = (int128_t)a[ 1] * b[ 4]; - int128_t t205 = (int128_t)a[ 2] * b[ 3]; - int128_t t305 = (int128_t)a[ 3] * b[ 2]; - int128_t t405 = (int128_t)a[ 4] * b[ 1]; - int128_t t505 = (int128_t)a[ 5] * b[ 0]; - int128_t t6 = (int128_t)a[ 0] * b[ 6]; - int128_t t106 = (int128_t)a[ 1] * b[ 5]; - int128_t t206 = (int128_t)a[ 2] * b[ 4]; - int128_t t306 = (int128_t)a[ 3] * b[ 3]; - int128_t t406 = (int128_t)a[ 4] * b[ 2]; - int128_t t506 = (int128_t)a[ 5] * b[ 1]; - int128_t t606 = (int128_t)a[ 6] * b[ 0]; - int128_t t7 = (int128_t)a[ 0] * b[ 7]; - int128_t t107 = (int128_t)a[ 1] * b[ 6]; - int128_t t207 = (int128_t)a[ 2] * b[ 5]; - int128_t t307 = (int128_t)a[ 3] * b[ 4]; - int128_t t407 = (int128_t)a[ 4] * b[ 3]; - int128_t t507 = (int128_t)a[ 5] * b[ 2]; - int128_t t607 = (int128_t)a[ 6] * b[ 1]; - int128_t t707 = (int128_t)a[ 7] * b[ 0]; - int128_t t8 = (int128_t)a[ 1] * b[ 7]; - int128_t t108 = (int128_t)a[ 2] * b[ 6]; - int128_t t208 = (int128_t)a[ 3] * b[ 5]; - int128_t t308 = (int128_t)a[ 4] * b[ 4]; - int128_t t408 = (int128_t)a[ 5] * b[ 3]; - int128_t t508 = (int128_t)a[ 6] * b[ 2]; - int128_t t608 = (int128_t)a[ 7] * b[ 1]; - int128_t t9 = (int128_t)a[ 2] * b[ 7]; - int128_t t109 = (int128_t)a[ 3] * b[ 6]; - int128_t t209 = (int128_t)a[ 4] * b[ 5]; - int128_t t309 = (int128_t)a[ 5] * b[ 4]; - int128_t t409 = (int128_t)a[ 6] * b[ 3]; - int128_t t509 = (int128_t)a[ 7] * b[ 2]; - int128_t t10 = (int128_t)a[ 3] * b[ 7]; - int128_t t110 = (int128_t)a[ 4] * b[ 6]; - int128_t t210 = (int128_t)a[ 5] * b[ 5]; - int128_t t310 = (int128_t)a[ 6] * b[ 4]; - int128_t t410 = (int128_t)a[ 7] * b[ 3]; - int128_t t11 = (int128_t)a[ 4] * b[ 7]; - int128_t t111 = (int128_t)a[ 5] * b[ 6]; - int128_t t211 = (int128_t)a[ 6] * b[ 5]; - int128_t t311 = (int128_t)a[ 7] * b[ 4]; - int128_t t12 = (int128_t)a[ 5] * b[ 7]; - int128_t t112 = (int128_t)a[ 6] * b[ 6]; - int128_t t212 = (int128_t)a[ 7] * b[ 5]; - int128_t t13 = (int128_t)a[ 6] * b[ 7]; - int128_t t113 = (int128_t)a[ 7] * b[ 6]; - int128_t t14 = (int128_t)a[ 7] * b[ 7]; + sword128 t; + sword64 o; + sword128 t0 = (sword128)a[ 0] * b[ 0]; + sword128 t1 = (sword128)a[ 0] * b[ 1]; + sword128 t101 = (sword128)a[ 1] * b[ 0]; + sword128 t2 = (sword128)a[ 0] * b[ 2]; + sword128 t102 = (sword128)a[ 1] * b[ 1]; + sword128 t202 = (sword128)a[ 2] * b[ 0]; + sword128 t3 = (sword128)a[ 0] * b[ 3]; + sword128 t103 = (sword128)a[ 1] * b[ 2]; + sword128 t203 = (sword128)a[ 2] * b[ 1]; + sword128 t303 = (sword128)a[ 3] * b[ 0]; + sword128 t4 = (sword128)a[ 0] * b[ 4]; + sword128 t104 = (sword128)a[ 1] * b[ 3]; + sword128 t204 = (sword128)a[ 2] * b[ 2]; + sword128 t304 = (sword128)a[ 3] * b[ 1]; + sword128 t404 = (sword128)a[ 4] * b[ 0]; + sword128 t5 = (sword128)a[ 0] * b[ 5]; + sword128 t105 = (sword128)a[ 1] * b[ 4]; + sword128 t205 = (sword128)a[ 2] * b[ 3]; + sword128 t305 = (sword128)a[ 3] * b[ 2]; + sword128 t405 = (sword128)a[ 4] * b[ 1]; + sword128 t505 = (sword128)a[ 5] * b[ 0]; + sword128 t6 = (sword128)a[ 0] * b[ 6]; + sword128 t106 = (sword128)a[ 1] * b[ 5]; + sword128 t206 = (sword128)a[ 2] * b[ 4]; + sword128 t306 = (sword128)a[ 3] * b[ 3]; + sword128 t406 = (sword128)a[ 4] * b[ 2]; + sword128 t506 = (sword128)a[ 5] * b[ 1]; + sword128 t606 = (sword128)a[ 6] * b[ 0]; + sword128 t7 = (sword128)a[ 0] * b[ 7]; + sword128 t107 = (sword128)a[ 1] * b[ 6]; + sword128 t207 = (sword128)a[ 2] * b[ 5]; + sword128 t307 = (sword128)a[ 3] * b[ 4]; + sword128 t407 = (sword128)a[ 4] * b[ 3]; + sword128 t507 = (sword128)a[ 5] * b[ 2]; + sword128 t607 = (sword128)a[ 6] * b[ 1]; + sword128 t707 = (sword128)a[ 7] * b[ 0]; + sword128 t8 = (sword128)a[ 1] * b[ 7]; + sword128 t108 = (sword128)a[ 2] * b[ 6]; + sword128 t208 = (sword128)a[ 3] * b[ 5]; + sword128 t308 = (sword128)a[ 4] * b[ 4]; + sword128 t408 = (sword128)a[ 5] * b[ 3]; + sword128 t508 = (sword128)a[ 6] * b[ 2]; + sword128 t608 = (sword128)a[ 7] * b[ 1]; + sword128 t9 = (sword128)a[ 2] * b[ 7]; + sword128 t109 = (sword128)a[ 3] * b[ 6]; + sword128 t209 = (sword128)a[ 4] * b[ 5]; + sword128 t309 = (sword128)a[ 5] * b[ 4]; + sword128 t409 = (sword128)a[ 6] * b[ 3]; + sword128 t509 = (sword128)a[ 7] * b[ 2]; + sword128 t10 = (sword128)a[ 3] * b[ 7]; + sword128 t110 = (sword128)a[ 4] * b[ 6]; + sword128 t210 = (sword128)a[ 5] * b[ 5]; + sword128 t310 = (sword128)a[ 6] * b[ 4]; + sword128 t410 = (sword128)a[ 7] * b[ 3]; + sword128 t11 = (sword128)a[ 4] * b[ 7]; + sword128 t111 = (sword128)a[ 5] * b[ 6]; + sword128 t211 = (sword128)a[ 6] * b[ 5]; + sword128 t311 = (sword128)a[ 7] * b[ 4]; + sword128 t12 = (sword128)a[ 5] * b[ 7]; + sword128 t112 = (sword128)a[ 6] * b[ 6]; + sword128 t212 = (sword128)a[ 7] * b[ 5]; + sword128 t13 = (sword128)a[ 6] * b[ 7]; + sword128 t113 = (sword128)a[ 7] * b[ 6]; + sword128 t14 = (sword128)a[ 7] * b[ 7]; t1 += t101; t2 += t102; t2 += t202; t3 += t103; t3 += t203; t3 += t303; @@ -929,26 +929,26 @@ void fe448_mul(int64_t* r, const int64_t* a, const int64_t* b) t6 += t14 + t10 + t14; t7 += t11; o = t7 >> 56; t0 += o; - t4 += o; t = (int128_t)o << 56; t7 -= t; - o = (int64_t)(t0 >> 56); t1 += o; t = (int128_t)o << 56; t0 -= t; - o = (int64_t)(t1 >> 56); t2 += o; t = (int128_t)o << 56; t1 -= t; - o = (int64_t)(t2 >> 56); t3 += o; t = (int128_t)o << 56; t2 -= t; - o = (int64_t)(t3 >> 56); t4 += o; t = (int128_t)o << 56; t3 -= t; - o = (int64_t)(t4 >> 56); t5 += o; t = (int128_t)o << 56; t4 -= t; - o = (int64_t)(t5 >> 56); t6 += o; t = (int128_t)o << 56; t5 -= t; - o = (int64_t)(t6 >> 56); t7 += o; t = (int128_t)o << 56; t6 -= t; - o = (int64_t)(t7 >> 56); t0 += o; - t4 += o; t = (int128_t)o << 56; t7 -= t; + t4 += o; t = (sword128)o << 56; t7 -= t; + o = (sword64)(t0 >> 56); t1 += o; t = (sword128)o << 56; t0 -= t; + o = (sword64)(t1 >> 56); t2 += o; t = (sword128)o << 56; t1 -= t; + o = (sword64)(t2 >> 56); t3 += o; t = (sword128)o << 56; t2 -= t; + o = (sword64)(t3 >> 56); t4 += o; t = (sword128)o << 56; t3 -= t; + o = (sword64)(t4 >> 56); t5 += o; t = (sword128)o << 56; t4 -= t; + o = (sword64)(t5 >> 56); t6 += o; t = (sword128)o << 56; t5 -= t; + o = (sword64)(t6 >> 56); t7 += o; t = (sword128)o << 56; t6 -= t; + o = (sword64)(t7 >> 56); t0 += o; + t4 += o; t = (sword128)o << 56; t7 -= t; /* Store */ - r[0] = (int64_t)t0; - r[1] = (int64_t)t1; - r[2] = (int64_t)t2; - r[3] = (int64_t)t3; - r[4] = (int64_t)t4; - r[5] = (int64_t)t5; - r[6] = (int64_t)t6; - r[7] = (int64_t)t7; + r[0] = (sword64)t0; + r[1] = (sword64)t1; + r[2] = (sword64)t2; + r[3] = (sword64)t3; + r[4] = (sword64)t4; + r[5] = (sword64)t5; + r[6] = (sword64)t6; + r[7] = (sword64)t7; } /* Square a field element. r = (a * a) mod (2^448 - 2^224 - 1) @@ -956,46 +956,46 @@ void fe448_mul(int64_t* r, const int64_t* a, const int64_t* b) * r [in] Field element to hold result. * a [in] Field element to square. */ -void fe448_sqr(int64_t* r, const int64_t* a) +void fe448_sqr(sword64* r, const sword64* a) { - int128_t t; - int64_t o; - int128_t t0 = (int128_t)a[ 0] * a[ 0]; - int128_t t1 = 2 * (int128_t)a[ 0] * a[ 1]; - int128_t t2 = 2 * (int128_t)a[ 0] * a[ 2]; - int128_t t102 = (int128_t)a[ 1] * a[ 1]; - int128_t t3 = 2 * (int128_t)a[ 0] * a[ 3]; - int128_t t103 = 2 * (int128_t)a[ 1] * a[ 2]; - int128_t t4 = 2 * (int128_t)a[ 0] * a[ 4]; - int128_t t104 = 2 * (int128_t)a[ 1] * a[ 3]; - int128_t t204 = (int128_t)a[ 2] * a[ 2]; - int128_t t5 = 2 * (int128_t)a[ 0] * a[ 5]; - int128_t t105 = 2 * (int128_t)a[ 1] * a[ 4]; - int128_t t205 = 2 * (int128_t)a[ 2] * a[ 3]; - int128_t t6 = 2 * (int128_t)a[ 0] * a[ 6]; - int128_t t106 = 2 * (int128_t)a[ 1] * a[ 5]; - int128_t t206 = 2 * (int128_t)a[ 2] * a[ 4]; - int128_t t306 = (int128_t)a[ 3] * a[ 3]; - int128_t t7 = 2 * (int128_t)a[ 0] * a[ 7]; - int128_t t107 = 2 * (int128_t)a[ 1] * a[ 6]; - int128_t t207 = 2 * (int128_t)a[ 2] * a[ 5]; - int128_t t307 = 2 * (int128_t)a[ 3] * a[ 4]; - int128_t t8 = 2 * (int128_t)a[ 1] * a[ 7]; - int128_t t108 = 2 * (int128_t)a[ 2] * a[ 6]; - int128_t t208 = 2 * (int128_t)a[ 3] * a[ 5]; - int128_t t308 = (int128_t)a[ 4] * a[ 4]; - int128_t t9 = 2 * (int128_t)a[ 2] * a[ 7]; - int128_t t109 = 2 * (int128_t)a[ 3] * a[ 6]; - int128_t t209 = 2 * (int128_t)a[ 4] * a[ 5]; - int128_t t10 = 2 * (int128_t)a[ 3] * a[ 7]; - int128_t t110 = 2 * (int128_t)a[ 4] * a[ 6]; - int128_t t210 = (int128_t)a[ 5] * a[ 5]; - int128_t t11 = 2 * (int128_t)a[ 4] * a[ 7]; - int128_t t111 = 2 * (int128_t)a[ 5] * a[ 6]; - int128_t t12 = 2 * (int128_t)a[ 5] * a[ 7]; - int128_t t112 = (int128_t)a[ 6] * a[ 6]; - int128_t t13 = 2 * (int128_t)a[ 6] * a[ 7]; - int128_t t14 = (int128_t)a[ 7] * a[ 7]; + sword128 t; + sword64 o; + sword128 t0 = (sword128)a[ 0] * a[ 0]; + sword128 t1 = 2 * (sword128)a[ 0] * a[ 1]; + sword128 t2 = 2 * (sword128)a[ 0] * a[ 2]; + sword128 t102 = (sword128)a[ 1] * a[ 1]; + sword128 t3 = 2 * (sword128)a[ 0] * a[ 3]; + sword128 t103 = 2 * (sword128)a[ 1] * a[ 2]; + sword128 t4 = 2 * (sword128)a[ 0] * a[ 4]; + sword128 t104 = 2 * (sword128)a[ 1] * a[ 3]; + sword128 t204 = (sword128)a[ 2] * a[ 2]; + sword128 t5 = 2 * (sword128)a[ 0] * a[ 5]; + sword128 t105 = 2 * (sword128)a[ 1] * a[ 4]; + sword128 t205 = 2 * (sword128)a[ 2] * a[ 3]; + sword128 t6 = 2 * (sword128)a[ 0] * a[ 6]; + sword128 t106 = 2 * (sword128)a[ 1] * a[ 5]; + sword128 t206 = 2 * (sword128)a[ 2] * a[ 4]; + sword128 t306 = (sword128)a[ 3] * a[ 3]; + sword128 t7 = 2 * (sword128)a[ 0] * a[ 7]; + sword128 t107 = 2 * (sword128)a[ 1] * a[ 6]; + sword128 t207 = 2 * (sword128)a[ 2] * a[ 5]; + sword128 t307 = 2 * (sword128)a[ 3] * a[ 4]; + sword128 t8 = 2 * (sword128)a[ 1] * a[ 7]; + sword128 t108 = 2 * (sword128)a[ 2] * a[ 6]; + sword128 t208 = 2 * (sword128)a[ 3] * a[ 5]; + sword128 t308 = (sword128)a[ 4] * a[ 4]; + sword128 t9 = 2 * (sword128)a[ 2] * a[ 7]; + sword128 t109 = 2 * (sword128)a[ 3] * a[ 6]; + sword128 t209 = 2 * (sword128)a[ 4] * a[ 5]; + sword128 t10 = 2 * (sword128)a[ 3] * a[ 7]; + sword128 t110 = 2 * (sword128)a[ 4] * a[ 6]; + sword128 t210 = (sword128)a[ 5] * a[ 5]; + sword128 t11 = 2 * (sword128)a[ 4] * a[ 7]; + sword128 t111 = 2 * (sword128)a[ 5] * a[ 6]; + sword128 t12 = 2 * (sword128)a[ 5] * a[ 7]; + sword128 t112 = (sword128)a[ 6] * a[ 6]; + sword128 t13 = 2 * (sword128)a[ 6] * a[ 7]; + sword128 t14 = (sword128)a[ 7] * a[ 7]; t2 += t102; t3 += t103; t4 += t104; t4 += t204; @@ -1018,26 +1018,26 @@ void fe448_sqr(int64_t* r, const int64_t* a) t6 += t14 + t10 + t14; t7 += t11; o = t7 >> 56; t0 += o; - t4 += o; t = (int128_t)o << 56; t7 -= t; - o = (int64_t)(t0 >> 56); t1 += o; t = (int128_t)o << 56; t0 -= t; - o = (int64_t)(t1 >> 56); t2 += o; t = (int128_t)o << 56; t1 -= t; - o = (int64_t)(t2 >> 56); t3 += o; t = (int128_t)o << 56; t2 -= t; - o = (int64_t)(t3 >> 56); t4 += o; t = (int128_t)o << 56; t3 -= t; - o = (int64_t)(t4 >> 56); t5 += o; t = (int128_t)o << 56; t4 -= t; - o = (int64_t)(t5 >> 56); t6 += o; t = (int128_t)o << 56; t5 -= t; - o = (int64_t)(t6 >> 56); t7 += o; t = (int128_t)o << 56; t6 -= t; - o = (int64_t)(t7 >> 56); t0 += o; - t4 += o; t = (int128_t)o << 56; t7 -= t; + t4 += o; t = (sword128)o << 56; t7 -= t; + o = (sword64)(t0 >> 56); t1 += o; t = (sword128)o << 56; t0 -= t; + o = (sword64)(t1 >> 56); t2 += o; t = (sword128)o << 56; t1 -= t; + o = (sword64)(t2 >> 56); t3 += o; t = (sword128)o << 56; t2 -= t; + o = (sword64)(t3 >> 56); t4 += o; t = (sword128)o << 56; t3 -= t; + o = (sword64)(t4 >> 56); t5 += o; t = (sword128)o << 56; t4 -= t; + o = (sword64)(t5 >> 56); t6 += o; t = (sword128)o << 56; t5 -= t; + o = (sword64)(t6 >> 56); t7 += o; t = (sword128)o << 56; t6 -= t; + o = (sword64)(t7 >> 56); t0 += o; + t4 += o; t = (sword128)o << 56; t7 -= t; /* Store */ - r[0] = (int64_t)t0; - r[1] = (int64_t)t1; - r[2] = (int64_t)t2; - r[3] = (int64_t)t3; - r[4] = (int64_t)t4; - r[5] = (int64_t)t5; - r[6] = (int64_t)t6; - r[7] = (int64_t)t7; + r[0] = (sword64)t0; + r[1] = (sword64)t1; + r[2] = (sword64)t2; + r[3] = (sword64)t3; + r[4] = (sword64)t4; + r[5] = (sword64)t5; + r[6] = (sword64)t6; + r[7] = (sword64)t7; } /* Invert the field element. (r * a) mod (2^448 - 2^224 - 1) = 1 @@ -1048,12 +1048,12 @@ void fe448_sqr(int64_t* r, const int64_t* a) * r [in] Field element to hold result. * a [in] Field element to invert. */ -void fe448_invert(int64_t* r, const int64_t* a) +void fe448_invert(sword64* r, const sword64* a) { - int64_t t1[8]; - int64_t t2[8]; - int64_t t3[8]; - int64_t t4[8]; + sword64 t1[8]; + sword64 t2[8]; + sword64 t3[8]; + sword64 t4[8]; int i; fe448_sqr(t1, a); @@ -1119,13 +1119,13 @@ void fe448_invert(int64_t* r, const int64_t* a) */ int curve448(byte* r, const byte* n, const byte* a) { - int64_t x1[8]; - int64_t x2[8]; - int64_t z2[8]; - int64_t x3[8]; - int64_t z3[8]; - int64_t t0[8]; - int64_t t1[8]; + sword64 x1[8]; + sword64 x2[8]; + sword64 z2[8]; + sword64 x3[8]; + sword64 z3[8]; + sword64 t0[8]; + sword64 t1[8]; int i; unsigned int swap; unsigned int b; @@ -1183,11 +1183,11 @@ int curve448(byte* r, const byte* n, const byte* a) * a [in] Field element. * returns 0 when zero, and any other value otherwise. */ -int fe448_isnonzero(const int64_t* a) +int fe448_isnonzero(const sword64* a) { - uint8_t b[56]; + byte b[56]; int i; - uint8_t c = 0; + byte c = 0; fe448_to_bytes(b, a); for (i = 0; i < 56; i++) c |= b[i]; @@ -1200,9 +1200,9 @@ int fe448_isnonzero(const int64_t* a) * a [in] Field element. * returns 1 when negative, and 0 otherwise. */ -int fe448_isnegative(const int64_t* a) +int fe448_isnegative(const sword64* a) { - uint8_t b[56]; + byte b[56]; fe448_to_bytes(b, a); return b[0] & 1; } @@ -1212,7 +1212,7 @@ int fe448_isnegative(const int64_t* a) * r [in] Field element to hold result. * a [in] Field element. */ -void fe448_neg(int64_t* r, const int64_t* a) +void fe448_neg(sword64* r, const sword64* a) { r[0] = -a[0]; r[1] = -a[1]; @@ -1230,13 +1230,13 @@ void fe448_neg(int64_t* r, const int64_t* a) * r [in] Field element to hold result. * a [in] Field element to exponentiate. */ -void fe448_pow_2_446_222_1(int64_t* r, const int64_t* a) +void fe448_pow_2_446_222_1(sword64* r, const sword64* a) { - int64_t t1[8]; - int64_t t2[8]; - int64_t t3[8]; - int64_t t4[8]; - int64_t t5[8]; + sword64 t1[8]; + sword64 t2[8]; + sword64 t3[8]; + sword64 t4[8]; + sword64 t5[8]; int i; fe448_sqr(t3, a); @@ -1316,17 +1316,17 @@ void fe448_pow_2_446_222_1(int64_t* r, const int64_t* a) * b A field element. * c If 1 then copy and if 0 then don't copy. */ -void fe448_cmov(int64_t* a, const int64_t* b, int c) +void fe448_cmov(sword64* a, const sword64* b, int c) { - int64_t m = -(int64_t)c; - int64_t t0 = m & (a[0] ^ b[0]); - int64_t t1 = m & (a[1] ^ b[1]); - int64_t t2 = m & (a[2] ^ b[2]); - int64_t t3 = m & (a[3] ^ b[3]); - int64_t t4 = m & (a[4] ^ b[4]); - int64_t t5 = m & (a[5] ^ b[5]); - int64_t t6 = m & (a[6] ^ b[6]); - int64_t t7 = m & (a[7] ^ b[7]); + sword64 m = -(sword64)c; + sword64 t0 = m & (a[0] ^ b[0]); + sword64 t1 = m & (a[1] ^ b[1]); + sword64 t2 = m & (a[2] ^ b[2]); + sword64 t3 = m & (a[3] ^ b[3]); + sword64 t4 = m & (a[4] ^ b[4]); + sword64 t5 = m & (a[5] ^ b[5]); + sword64 t6 = m & (a[6] ^ b[6]); + sword64 t7 = m & (a[7] ^ b[7]); a[0] ^= t0; a[1] ^= t1; @@ -1352,72 +1352,72 @@ void fe448_init(void) * r [in] Array to encode into. * b [in] Byte array. */ -void fe448_from_bytes(int32_t* r, const unsigned char* b) +void fe448_from_bytes(sword32* r, const unsigned char* b) { - r[ 0] = (((int32_t)((b[ 0] ) >> 0)) << 0) - | (((int32_t)((b[ 1] ) >> 0)) << 8) - | (((int32_t)((b[ 2] ) >> 0)) << 16) - | ((((int32_t)((b[ 3] & 0xf )) >> 0)) << 24); - r[ 1] = (((int32_t)((b[ 3] ) >> 4)) << 0) - | (((int32_t)((b[ 4] ) >> 0)) << 4) - | (((int32_t)((b[ 5] ) >> 0)) << 12) - | (((int32_t)((b[ 6] ) >> 0)) << 20); - r[ 2] = (((int32_t)((b[ 7] ) >> 0)) << 0) - | (((int32_t)((b[ 8] ) >> 0)) << 8) - | (((int32_t)((b[ 9] ) >> 0)) << 16) - | ((((int32_t)((b[10] & 0xf )) >> 0)) << 24); - r[ 3] = (((int32_t)((b[10] ) >> 4)) << 0) - | (((int32_t)((b[11] ) >> 0)) << 4) - | (((int32_t)((b[12] ) >> 0)) << 12) - | (((int32_t)((b[13] ) >> 0)) << 20); - r[ 4] = (((int32_t)((b[14] ) >> 0)) << 0) - | (((int32_t)((b[15] ) >> 0)) << 8) - | (((int32_t)((b[16] ) >> 0)) << 16) - | ((((int32_t)((b[17] & 0xf )) >> 0)) << 24); - r[ 5] = (((int32_t)((b[17] ) >> 4)) << 0) - | (((int32_t)((b[18] ) >> 0)) << 4) - | (((int32_t)((b[19] ) >> 0)) << 12) - | (((int32_t)((b[20] ) >> 0)) << 20); - r[ 6] = (((int32_t)((b[21] ) >> 0)) << 0) - | (((int32_t)((b[22] ) >> 0)) << 8) - | (((int32_t)((b[23] ) >> 0)) << 16) - | ((((int32_t)((b[24] & 0xf )) >> 0)) << 24); - r[ 7] = (((int32_t)((b[24] ) >> 4)) << 0) - | (((int32_t)((b[25] ) >> 0)) << 4) - | (((int32_t)((b[26] ) >> 0)) << 12) - | (((int32_t)((b[27] ) >> 0)) << 20); - r[ 8] = (((int32_t)((b[28] ) >> 0)) << 0) - | (((int32_t)((b[29] ) >> 0)) << 8) - | (((int32_t)((b[30] ) >> 0)) << 16) - | ((((int32_t)((b[31] & 0xf )) >> 0)) << 24); - r[ 9] = (((int32_t)((b[31] ) >> 4)) << 0) - | (((int32_t)((b[32] ) >> 0)) << 4) - | (((int32_t)((b[33] ) >> 0)) << 12) - | (((int32_t)((b[34] ) >> 0)) << 20); - r[10] = (((int32_t)((b[35] ) >> 0)) << 0) - | (((int32_t)((b[36] ) >> 0)) << 8) - | (((int32_t)((b[37] ) >> 0)) << 16) - | ((((int32_t)((b[38] & 0xf )) >> 0)) << 24); - r[11] = (((int32_t)((b[38] ) >> 4)) << 0) - | (((int32_t)((b[39] ) >> 0)) << 4) - | (((int32_t)((b[40] ) >> 0)) << 12) - | (((int32_t)((b[41] ) >> 0)) << 20); - r[12] = (((int32_t)((b[42] ) >> 0)) << 0) - | (((int32_t)((b[43] ) >> 0)) << 8) - | (((int32_t)((b[44] ) >> 0)) << 16) - | ((((int32_t)((b[45] & 0xf )) >> 0)) << 24); - r[13] = (((int32_t)((b[45] ) >> 4)) << 0) - | (((int32_t)((b[46] ) >> 0)) << 4) - | (((int32_t)((b[47] ) >> 0)) << 12) - | (((int32_t)((b[48] ) >> 0)) << 20); - r[14] = (((int32_t)((b[49] ) >> 0)) << 0) - | (((int32_t)((b[50] ) >> 0)) << 8) - | (((int32_t)((b[51] ) >> 0)) << 16) - | ((((int32_t)((b[52] & 0xf )) >> 0)) << 24); - r[15] = (((int32_t)((b[52] ) >> 4)) << 0) - | (((int32_t)((b[53] ) >> 0)) << 4) - | (((int32_t)((b[54] ) >> 0)) << 12) - | (((int32_t)((b[55] ) >> 0)) << 20); + r[ 0] = (((sword32)((b[ 0] ) >> 0)) << 0) + | (((sword32)((b[ 1] ) >> 0)) << 8) + | (((sword32)((b[ 2] ) >> 0)) << 16) + | ((((sword32)((b[ 3] & 0xf )) >> 0)) << 24); + r[ 1] = (((sword32)((b[ 3] ) >> 4)) << 0) + | (((sword32)((b[ 4] ) >> 0)) << 4) + | (((sword32)((b[ 5] ) >> 0)) << 12) + | (((sword32)((b[ 6] ) >> 0)) << 20); + r[ 2] = (((sword32)((b[ 7] ) >> 0)) << 0) + | (((sword32)((b[ 8] ) >> 0)) << 8) + | (((sword32)((b[ 9] ) >> 0)) << 16) + | ((((sword32)((b[10] & 0xf )) >> 0)) << 24); + r[ 3] = (((sword32)((b[10] ) >> 4)) << 0) + | (((sword32)((b[11] ) >> 0)) << 4) + | (((sword32)((b[12] ) >> 0)) << 12) + | (((sword32)((b[13] ) >> 0)) << 20); + r[ 4] = (((sword32)((b[14] ) >> 0)) << 0) + | (((sword32)((b[15] ) >> 0)) << 8) + | (((sword32)((b[16] ) >> 0)) << 16) + | ((((sword32)((b[17] & 0xf )) >> 0)) << 24); + r[ 5] = (((sword32)((b[17] ) >> 4)) << 0) + | (((sword32)((b[18] ) >> 0)) << 4) + | (((sword32)((b[19] ) >> 0)) << 12) + | (((sword32)((b[20] ) >> 0)) << 20); + r[ 6] = (((sword32)((b[21] ) >> 0)) << 0) + | (((sword32)((b[22] ) >> 0)) << 8) + | (((sword32)((b[23] ) >> 0)) << 16) + | ((((sword32)((b[24] & 0xf )) >> 0)) << 24); + r[ 7] = (((sword32)((b[24] ) >> 4)) << 0) + | (((sword32)((b[25] ) >> 0)) << 4) + | (((sword32)((b[26] ) >> 0)) << 12) + | (((sword32)((b[27] ) >> 0)) << 20); + r[ 8] = (((sword32)((b[28] ) >> 0)) << 0) + | (((sword32)((b[29] ) >> 0)) << 8) + | (((sword32)((b[30] ) >> 0)) << 16) + | ((((sword32)((b[31] & 0xf )) >> 0)) << 24); + r[ 9] = (((sword32)((b[31] ) >> 4)) << 0) + | (((sword32)((b[32] ) >> 0)) << 4) + | (((sword32)((b[33] ) >> 0)) << 12) + | (((sword32)((b[34] ) >> 0)) << 20); + r[10] = (((sword32)((b[35] ) >> 0)) << 0) + | (((sword32)((b[36] ) >> 0)) << 8) + | (((sword32)((b[37] ) >> 0)) << 16) + | ((((sword32)((b[38] & 0xf )) >> 0)) << 24); + r[11] = (((sword32)((b[38] ) >> 4)) << 0) + | (((sword32)((b[39] ) >> 0)) << 4) + | (((sword32)((b[40] ) >> 0)) << 12) + | (((sword32)((b[41] ) >> 0)) << 20); + r[12] = (((sword32)((b[42] ) >> 0)) << 0) + | (((sword32)((b[43] ) >> 0)) << 8) + | (((sword32)((b[44] ) >> 0)) << 16) + | ((((sword32)((b[45] & 0xf )) >> 0)) << 24); + r[13] = (((sword32)((b[45] ) >> 4)) << 0) + | (((sword32)((b[46] ) >> 0)) << 4) + | (((sword32)((b[47] ) >> 0)) << 12) + | (((sword32)((b[48] ) >> 0)) << 20); + r[14] = (((sword32)((b[49] ) >> 0)) << 0) + | (((sword32)((b[50] ) >> 0)) << 8) + | (((sword32)((b[51] ) >> 0)) << 16) + | ((((sword32)((b[52] & 0xf )) >> 0)) << 24); + r[15] = (((sword32)((b[52] ) >> 4)) << 0) + | (((sword32)((b[53] ) >> 0)) << 4) + | (((sword32)((b[54] ) >> 0)) << 12) + | (((sword32)((b[55] ) >> 0)) << 20); } /* Convert the field element to a byte array from an array of 28-bits. @@ -1425,27 +1425,27 @@ void fe448_from_bytes(int32_t* r, const unsigned char* b) * b [in] Byte array. * a [in] Array to encode into. */ -void fe448_to_bytes(unsigned char* b, const int32_t* a) +void fe448_to_bytes(unsigned char* b, const sword32* a) { - int64_t t; + sword64 t; /* Mod */ - int32_t in0 = a[0]; - int32_t in1 = a[1]; - int32_t in2 = a[2]; - int32_t in3 = a[3]; - int32_t in4 = a[4]; - int32_t in5 = a[5]; - int32_t in6 = a[6]; - int32_t in7 = a[7]; - int32_t in8 = a[8]; - int32_t in9 = a[9]; - int32_t in10 = a[10]; - int32_t in11 = a[11]; - int32_t in12 = a[12]; - int32_t in13 = a[13]; - int32_t in14 = a[14]; - int32_t in15 = a[15]; - int32_t o = in15 >> 28; + sword32 in0 = a[0]; + sword32 in1 = a[1]; + sword32 in2 = a[2]; + sword32 in3 = a[3]; + sword32 in4 = a[4]; + sword32 in5 = a[5]; + sword32 in6 = a[6]; + sword32 in7 = a[7]; + sword32 in8 = a[8]; + sword32 in9 = a[9]; + sword32 in10 = a[10]; + sword32 in11 = a[11]; + sword32 in12 = a[12]; + sword32 in13 = a[13]; + sword32 in14 = a[14]; + sword32 in15 = a[15]; + sword32 o = in15 >> 28; in15 -= o << 28; in0 += o; in8 += o; @@ -1549,7 +1549,7 @@ void fe448_to_bytes(unsigned char* b, const int32_t* a) * * a [in] Field element. */ -void fe448_1(int32_t* a) +void fe448_1(sword32* a) { a[0] = 1; a[1] = 0; @@ -1573,7 +1573,7 @@ void fe448_1(int32_t* a) * * a [in] Field element. */ -void fe448_0(int32_t* a) +void fe448_0(sword32* a) { a[0] = 0; a[1] = 0; @@ -1598,7 +1598,7 @@ void fe448_0(int32_t* a) * d [in] Destination field element. * a [in] Source field element. */ -void fe448_copy(int32_t* d, const int32_t* a) +void fe448_copy(sword32* d, const sword32* a) { d[0] = a[0]; d[1] = a[1]; @@ -1625,25 +1625,25 @@ void fe448_copy(int32_t* d, const int32_t* a) * b [in] Second field element. * c [in] Swap when 1. Valid values: 0, 1. */ -static void fe448_cswap(int32_t* a, int32_t* b, int c) +static void fe448_cswap(sword32* a, sword32* b, int c) { - int32_t mask = -(int32_t)c; - int32_t t0 = (a[0] ^ b[0]) & mask; - int32_t t1 = (a[1] ^ b[1]) & mask; - int32_t t2 = (a[2] ^ b[2]) & mask; - int32_t t3 = (a[3] ^ b[3]) & mask; - int32_t t4 = (a[4] ^ b[4]) & mask; - int32_t t5 = (a[5] ^ b[5]) & mask; - int32_t t6 = (a[6] ^ b[6]) & mask; - int32_t t7 = (a[7] ^ b[7]) & mask; - int32_t t8 = (a[8] ^ b[8]) & mask; - int32_t t9 = (a[9] ^ b[9]) & mask; - int32_t t10 = (a[10] ^ b[10]) & mask; - int32_t t11 = (a[11] ^ b[11]) & mask; - int32_t t12 = (a[12] ^ b[12]) & mask; - int32_t t13 = (a[13] ^ b[13]) & mask; - int32_t t14 = (a[14] ^ b[14]) & mask; - int32_t t15 = (a[15] ^ b[15]) & mask; + sword32 mask = -(sword32)c; + sword32 t0 = (a[0] ^ b[0]) & mask; + sword32 t1 = (a[1] ^ b[1]) & mask; + sword32 t2 = (a[2] ^ b[2]) & mask; + sword32 t3 = (a[3] ^ b[3]) & mask; + sword32 t4 = (a[4] ^ b[4]) & mask; + sword32 t5 = (a[5] ^ b[5]) & mask; + sword32 t6 = (a[6] ^ b[6]) & mask; + sword32 t7 = (a[7] ^ b[7]) & mask; + sword32 t8 = (a[8] ^ b[8]) & mask; + sword32 t9 = (a[9] ^ b[9]) & mask; + sword32 t10 = (a[10] ^ b[10]) & mask; + sword32 t11 = (a[11] ^ b[11]) & mask; + sword32 t12 = (a[12] ^ b[12]) & mask; + sword32 t13 = (a[13] ^ b[13]) & mask; + sword32 t14 = (a[14] ^ b[14]) & mask; + sword32 t15 = (a[15] ^ b[15]) & mask; a[0] ^= t0; a[1] ^= t1; a[2] ^= t2; @@ -1684,7 +1684,7 @@ static void fe448_cswap(int32_t* a, int32_t* b, int c) * a [in] Field element to add. * b [in] Field element to add. */ -void fe448_add(int32_t* r, const int32_t* a, const int32_t* b) +void fe448_add(sword32* r, const sword32* a, const sword32* b) { r[0] = a[0] + b[0]; r[1] = a[1] + b[1]; @@ -1710,7 +1710,7 @@ void fe448_add(int32_t* r, const int32_t* a, const int32_t* b) * a [in] Field element to subtract from. * b [in] Field element to subtract. */ -void fe448_sub(int32_t* r, const int32_t* a, const int32_t* b) +void fe448_sub(sword32* r, const sword32* a, const sword32* b) { r[0] = a[0] - b[0]; r[1] = a[1] - b[1]; @@ -1730,9 +1730,9 @@ void fe448_sub(int32_t* r, const int32_t* a, const int32_t* b) r[15] = a[15] - b[15]; } -void fe448_reduce(int32_t* a) +void fe448_reduce(sword32* a) { - int64_t o; + sword64 o; o = a[0 ] >> 28; a[1 ] += o; a[0 ] -= o << 28; o = a[1 ] >> 28; a[2 ] += o; a[1 ] -= o << 28; @@ -1757,61 +1757,61 @@ void fe448_reduce(int32_t* a) * r [in] Field element to hold result. * a [in] Field element to multiply. */ -void fe448_mul39081(int32_t* r, const int32_t* a) +void fe448_mul39081(sword32* r, const sword32* a) { - int64_t t; - int32_t o; - int64_t t0 = a[0] * (int64_t)39081; - int64_t t1 = a[1] * (int64_t)39081; - int64_t t2 = a[2] * (int64_t)39081; - int64_t t3 = a[3] * (int64_t)39081; - int64_t t4 = a[4] * (int64_t)39081; - int64_t t5 = a[5] * (int64_t)39081; - int64_t t6 = a[6] * (int64_t)39081; - int64_t t7 = a[7] * (int64_t)39081; - int64_t t8 = a[8] * (int64_t)39081; - int64_t t9 = a[9] * (int64_t)39081; - int64_t t10 = a[10] * (int64_t)39081; - int64_t t11 = a[11] * (int64_t)39081; - int64_t t12 = a[12] * (int64_t)39081; - int64_t t13 = a[13] * (int64_t)39081; - int64_t t14 = a[14] * (int64_t)39081; - int64_t t15 = a[15] * (int64_t)39081; - o = (int32_t)(t0 >> 28); t1 += o; t = (int64_t)o << 28; t0 -= t; - o = (int32_t)(t1 >> 28); t2 += o; t = (int64_t)o << 28; t1 -= t; - o = (int32_t)(t2 >> 28); t3 += o; t = (int64_t)o << 28; t2 -= t; - o = (int32_t)(t3 >> 28); t4 += o; t = (int64_t)o << 28; t3 -= t; - o = (int32_t)(t4 >> 28); t5 += o; t = (int64_t)o << 28; t4 -= t; - o = (int32_t)(t5 >> 28); t6 += o; t = (int64_t)o << 28; t5 -= t; - o = (int32_t)(t6 >> 28); t7 += o; t = (int64_t)o << 28; t6 -= t; - o = (int32_t)(t7 >> 28); t8 += o; t = (int64_t)o << 28; t7 -= t; - o = (int32_t)(t8 >> 28); t9 += o; t = (int64_t)o << 28; t8 -= t; - o = (int32_t)(t9 >> 28); t10 += o; t = (int64_t)o << 28; t9 -= t; - o = (int32_t)(t10 >> 28); t11 += o; t = (int64_t)o << 28; t10 -= t; - o = (int32_t)(t11 >> 28); t12 += o; t = (int64_t)o << 28; t11 -= t; - o = (int32_t)(t12 >> 28); t13 += o; t = (int64_t)o << 28; t12 -= t; - o = (int32_t)(t13 >> 28); t14 += o; t = (int64_t)o << 28; t13 -= t; - o = (int32_t)(t14 >> 28); t15 += o; t = (int64_t)o << 28; t14 -= t; - o = (int32_t)(t15 >> 28); t0 += o; - t8 += o; t = (int64_t)o << 28; t15 -= t; + sword64 t; + sword32 o; + sword64 t0 = a[0] * (sword64)39081; + sword64 t1 = a[1] * (sword64)39081; + sword64 t2 = a[2] * (sword64)39081; + sword64 t3 = a[3] * (sword64)39081; + sword64 t4 = a[4] * (sword64)39081; + sword64 t5 = a[5] * (sword64)39081; + sword64 t6 = a[6] * (sword64)39081; + sword64 t7 = a[7] * (sword64)39081; + sword64 t8 = a[8] * (sword64)39081; + sword64 t9 = a[9] * (sword64)39081; + sword64 t10 = a[10] * (sword64)39081; + sword64 t11 = a[11] * (sword64)39081; + sword64 t12 = a[12] * (sword64)39081; + sword64 t13 = a[13] * (sword64)39081; + sword64 t14 = a[14] * (sword64)39081; + sword64 t15 = a[15] * (sword64)39081; + o = (sword32)(t0 >> 28); t1 += o; t = (sword64)o << 28; t0 -= t; + o = (sword32)(t1 >> 28); t2 += o; t = (sword64)o << 28; t1 -= t; + o = (sword32)(t2 >> 28); t3 += o; t = (sword64)o << 28; t2 -= t; + o = (sword32)(t3 >> 28); t4 += o; t = (sword64)o << 28; t3 -= t; + o = (sword32)(t4 >> 28); t5 += o; t = (sword64)o << 28; t4 -= t; + o = (sword32)(t5 >> 28); t6 += o; t = (sword64)o << 28; t5 -= t; + o = (sword32)(t6 >> 28); t7 += o; t = (sword64)o << 28; t6 -= t; + o = (sword32)(t7 >> 28); t8 += o; t = (sword64)o << 28; t7 -= t; + o = (sword32)(t8 >> 28); t9 += o; t = (sword64)o << 28; t8 -= t; + o = (sword32)(t9 >> 28); t10 += o; t = (sword64)o << 28; t9 -= t; + o = (sword32)(t10 >> 28); t11 += o; t = (sword64)o << 28; t10 -= t; + o = (sword32)(t11 >> 28); t12 += o; t = (sword64)o << 28; t11 -= t; + o = (sword32)(t12 >> 28); t13 += o; t = (sword64)o << 28; t12 -= t; + o = (sword32)(t13 >> 28); t14 += o; t = (sword64)o << 28; t13 -= t; + o = (sword32)(t14 >> 28); t15 += o; t = (sword64)o << 28; t14 -= t; + o = (sword32)(t15 >> 28); t0 += o; + t8 += o; t = (sword64)o << 28; t15 -= t; /* Store */ - r[0] = (int32_t)t0; - r[1] = (int32_t)t1; - r[2] = (int32_t)t2; - r[3] = (int32_t)t3; - r[4] = (int32_t)t4; - r[5] = (int32_t)t5; - r[6] = (int32_t)t6; - r[7] = (int32_t)t7; - r[8] = (int32_t)t8; - r[9] = (int32_t)t9; - r[10] = (int32_t)t10; - r[11] = (int32_t)t11; - r[12] = (int32_t)t12; - r[13] = (int32_t)t13; - r[14] = (int32_t)t14; - r[15] = (int32_t)t15; + r[0] = (sword32)t0; + r[1] = (sword32)t1; + r[2] = (sword32)t2; + r[3] = (sword32)t3; + r[4] = (sword32)t4; + r[5] = (sword32)t5; + r[6] = (sword32)t6; + r[7] = (sword32)t7; + r[8] = (sword32)t8; + r[9] = (sword32)t9; + r[10] = (sword32)t10; + r[11] = (sword32)t11; + r[12] = (sword32)t12; + r[13] = (sword32)t13; + r[14] = (sword32)t14; + r[15] = (sword32)t15; } /* Mulitply two field elements. r = a * b @@ -1820,73 +1820,73 @@ void fe448_mul39081(int32_t* r, const int32_t* a) * a [in] Field element to multiply. * b [in] Field element to multiply. */ -static WC_INLINE void fe448_mul_8(int32_t* r, const int32_t* a, const int32_t* b) +static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b) { - int64_t t; - int64_t t0 = (int64_t)a[ 0] * b[ 0]; - int64_t t1 = (int64_t)a[ 0] * b[ 1]; - int64_t t101 = (int64_t)a[ 1] * b[ 0]; - int64_t t2 = (int64_t)a[ 0] * b[ 2]; - int64_t t102 = (int64_t)a[ 1] * b[ 1]; - int64_t t202 = (int64_t)a[ 2] * b[ 0]; - int64_t t3 = (int64_t)a[ 0] * b[ 3]; - int64_t t103 = (int64_t)a[ 1] * b[ 2]; - int64_t t203 = (int64_t)a[ 2] * b[ 1]; - int64_t t303 = (int64_t)a[ 3] * b[ 0]; - int64_t t4 = (int64_t)a[ 0] * b[ 4]; - int64_t t104 = (int64_t)a[ 1] * b[ 3]; - int64_t t204 = (int64_t)a[ 2] * b[ 2]; - int64_t t304 = (int64_t)a[ 3] * b[ 1]; - int64_t t404 = (int64_t)a[ 4] * b[ 0]; - int64_t t5 = (int64_t)a[ 0] * b[ 5]; - int64_t t105 = (int64_t)a[ 1] * b[ 4]; - int64_t t205 = (int64_t)a[ 2] * b[ 3]; - int64_t t305 = (int64_t)a[ 3] * b[ 2]; - int64_t t405 = (int64_t)a[ 4] * b[ 1]; - int64_t t505 = (int64_t)a[ 5] * b[ 0]; - int64_t t6 = (int64_t)a[ 0] * b[ 6]; - int64_t t106 = (int64_t)a[ 1] * b[ 5]; - int64_t t206 = (int64_t)a[ 2] * b[ 4]; - int64_t t306 = (int64_t)a[ 3] * b[ 3]; - int64_t t406 = (int64_t)a[ 4] * b[ 2]; - int64_t t506 = (int64_t)a[ 5] * b[ 1]; - int64_t t606 = (int64_t)a[ 6] * b[ 0]; - int64_t t7 = (int64_t)a[ 0] * b[ 7]; - int64_t t107 = (int64_t)a[ 1] * b[ 6]; - int64_t t207 = (int64_t)a[ 2] * b[ 5]; - int64_t t307 = (int64_t)a[ 3] * b[ 4]; - int64_t t407 = (int64_t)a[ 4] * b[ 3]; - int64_t t507 = (int64_t)a[ 5] * b[ 2]; - int64_t t607 = (int64_t)a[ 6] * b[ 1]; - int64_t t707 = (int64_t)a[ 7] * b[ 0]; - int64_t t8 = (int64_t)a[ 1] * b[ 7]; - int64_t t108 = (int64_t)a[ 2] * b[ 6]; - int64_t t208 = (int64_t)a[ 3] * b[ 5]; - int64_t t308 = (int64_t)a[ 4] * b[ 4]; - int64_t t408 = (int64_t)a[ 5] * b[ 3]; - int64_t t508 = (int64_t)a[ 6] * b[ 2]; - int64_t t608 = (int64_t)a[ 7] * b[ 1]; - int64_t t9 = (int64_t)a[ 2] * b[ 7]; - int64_t t109 = (int64_t)a[ 3] * b[ 6]; - int64_t t209 = (int64_t)a[ 4] * b[ 5]; - int64_t t309 = (int64_t)a[ 5] * b[ 4]; - int64_t t409 = (int64_t)a[ 6] * b[ 3]; - int64_t t509 = (int64_t)a[ 7] * b[ 2]; - int64_t t10 = (int64_t)a[ 3] * b[ 7]; - int64_t t110 = (int64_t)a[ 4] * b[ 6]; - int64_t t210 = (int64_t)a[ 5] * b[ 5]; - int64_t t310 = (int64_t)a[ 6] * b[ 4]; - int64_t t410 = (int64_t)a[ 7] * b[ 3]; - int64_t t11 = (int64_t)a[ 4] * b[ 7]; - int64_t t111 = (int64_t)a[ 5] * b[ 6]; - int64_t t211 = (int64_t)a[ 6] * b[ 5]; - int64_t t311 = (int64_t)a[ 7] * b[ 4]; - int64_t t12 = (int64_t)a[ 5] * b[ 7]; - int64_t t112 = (int64_t)a[ 6] * b[ 6]; - int64_t t212 = (int64_t)a[ 7] * b[ 5]; - int64_t t13 = (int64_t)a[ 6] * b[ 7]; - int64_t t113 = (int64_t)a[ 7] * b[ 6]; - int64_t t14 = (int64_t)a[ 7] * b[ 7]; + sword64 t; + sword64 t0 = (sword64)a[ 0] * b[ 0]; + sword64 t1 = (sword64)a[ 0] * b[ 1]; + sword64 t101 = (sword64)a[ 1] * b[ 0]; + sword64 t2 = (sword64)a[ 0] * b[ 2]; + sword64 t102 = (sword64)a[ 1] * b[ 1]; + sword64 t202 = (sword64)a[ 2] * b[ 0]; + sword64 t3 = (sword64)a[ 0] * b[ 3]; + sword64 t103 = (sword64)a[ 1] * b[ 2]; + sword64 t203 = (sword64)a[ 2] * b[ 1]; + sword64 t303 = (sword64)a[ 3] * b[ 0]; + sword64 t4 = (sword64)a[ 0] * b[ 4]; + sword64 t104 = (sword64)a[ 1] * b[ 3]; + sword64 t204 = (sword64)a[ 2] * b[ 2]; + sword64 t304 = (sword64)a[ 3] * b[ 1]; + sword64 t404 = (sword64)a[ 4] * b[ 0]; + sword64 t5 = (sword64)a[ 0] * b[ 5]; + sword64 t105 = (sword64)a[ 1] * b[ 4]; + sword64 t205 = (sword64)a[ 2] * b[ 3]; + sword64 t305 = (sword64)a[ 3] * b[ 2]; + sword64 t405 = (sword64)a[ 4] * b[ 1]; + sword64 t505 = (sword64)a[ 5] * b[ 0]; + sword64 t6 = (sword64)a[ 0] * b[ 6]; + sword64 t106 = (sword64)a[ 1] * b[ 5]; + sword64 t206 = (sword64)a[ 2] * b[ 4]; + sword64 t306 = (sword64)a[ 3] * b[ 3]; + sword64 t406 = (sword64)a[ 4] * b[ 2]; + sword64 t506 = (sword64)a[ 5] * b[ 1]; + sword64 t606 = (sword64)a[ 6] * b[ 0]; + sword64 t7 = (sword64)a[ 0] * b[ 7]; + sword64 t107 = (sword64)a[ 1] * b[ 6]; + sword64 t207 = (sword64)a[ 2] * b[ 5]; + sword64 t307 = (sword64)a[ 3] * b[ 4]; + sword64 t407 = (sword64)a[ 4] * b[ 3]; + sword64 t507 = (sword64)a[ 5] * b[ 2]; + sword64 t607 = (sword64)a[ 6] * b[ 1]; + sword64 t707 = (sword64)a[ 7] * b[ 0]; + sword64 t8 = (sword64)a[ 1] * b[ 7]; + sword64 t108 = (sword64)a[ 2] * b[ 6]; + sword64 t208 = (sword64)a[ 3] * b[ 5]; + sword64 t308 = (sword64)a[ 4] * b[ 4]; + sword64 t408 = (sword64)a[ 5] * b[ 3]; + sword64 t508 = (sword64)a[ 6] * b[ 2]; + sword64 t608 = (sword64)a[ 7] * b[ 1]; + sword64 t9 = (sword64)a[ 2] * b[ 7]; + sword64 t109 = (sword64)a[ 3] * b[ 6]; + sword64 t209 = (sword64)a[ 4] * b[ 5]; + sword64 t309 = (sword64)a[ 5] * b[ 4]; + sword64 t409 = (sword64)a[ 6] * b[ 3]; + sword64 t509 = (sword64)a[ 7] * b[ 2]; + sword64 t10 = (sword64)a[ 3] * b[ 7]; + sword64 t110 = (sword64)a[ 4] * b[ 6]; + sword64 t210 = (sword64)a[ 5] * b[ 5]; + sword64 t310 = (sword64)a[ 6] * b[ 4]; + sword64 t410 = (sword64)a[ 7] * b[ 3]; + sword64 t11 = (sword64)a[ 4] * b[ 7]; + sword64 t111 = (sword64)a[ 5] * b[ 6]; + sword64 t211 = (sword64)a[ 6] * b[ 5]; + sword64 t311 = (sword64)a[ 7] * b[ 4]; + sword64 t12 = (sword64)a[ 5] * b[ 7]; + sword64 t112 = (sword64)a[ 6] * b[ 6]; + sword64 t212 = (sword64)a[ 7] * b[ 5]; + sword64 t13 = (sword64)a[ 6] * b[ 7]; + sword64 t113 = (sword64)a[ 7] * b[ 6]; + sword64 t14 = (sword64)a[ 7] * b[ 7]; t1 += t101; t2 += t102; t2 += t202; t3 += t103; t3 += t203; t3 += t303; @@ -1904,8 +1904,8 @@ static WC_INLINE void fe448_mul_8(int32_t* r, const int32_t* a, const int32_t* b t11 += t111; t11 += t211; t11 += t311; t12 += t112; t12 += t212; t13 += t113; - int64_t o = t14 >> 28; - int64_t t15 = o; + sword64 o = t14 >> 28; + sword64 t15 = o; t14 -= o << 28; o = (t0 >> 28); t1 += o; t = o << 28; t0 -= t; o = (t1 >> 28); t2 += o; t = o << 28; t1 -= t; @@ -1926,22 +1926,22 @@ static WC_INLINE void fe448_mul_8(int32_t* r, const int32_t* a, const int32_t* b t8 += o; t = o << 28; t15 -= t; /* Store */ - r[0] = (int32_t)t0; - r[1] = (int32_t)t1; - r[2] = (int32_t)t2; - r[3] = (int32_t)t3; - r[4] = (int32_t)t4; - r[5] = (int32_t)t5; - r[6] = (int32_t)t6; - r[7] = (int32_t)t7; - r[8] = (int32_t)t8; - r[9] = (int32_t)t9; - r[10] = (int32_t)t10; - r[11] = (int32_t)t11; - r[12] = (int32_t)t12; - r[13] = (int32_t)t13; - r[14] = (int32_t)t14; - r[15] = (int32_t)t15; + r[0] = (sword32)t0; + r[1] = (sword32)t1; + r[2] = (sword32)t2; + r[3] = (sword32)t3; + r[4] = (sword32)t4; + r[5] = (sword32)t5; + r[6] = (sword32)t6; + r[7] = (sword32)t7; + r[8] = (sword32)t8; + r[9] = (sword32)t9; + r[10] = (sword32)t10; + r[11] = (sword32)t11; + r[12] = (sword32)t12; + r[13] = (sword32)t13; + r[14] = (sword32)t14; + r[15] = (sword32)t15; } /* Mulitply two field elements. r = (a * b) mod (2^448 - 2^224 - 1) @@ -1950,13 +1950,13 @@ static WC_INLINE void fe448_mul_8(int32_t* r, const int32_t* a, const int32_t* b * a [in] Field element to multiply. * b [in] Field element to multiply. */ -void fe448_mul(int32_t* r, const int32_t* a, const int32_t* b) +void fe448_mul(sword32* r, const sword32* a, const sword32* b) { - int32_t r0[16]; - int32_t r1[16]; - int32_t* a1 = r1; - int32_t b1[8]; - int32_t r2[16]; + sword32 r0[16]; + sword32 r1[16]; + sword32* a1 = r1; + sword32 b1[8]; + sword32 r2[16]; a1[0] = a[0] + a[8]; a1[1] = a[1] + a[9]; a1[2] = a[2] + a[10]; @@ -1999,45 +1999,45 @@ void fe448_mul(int32_t* r, const int32_t* a, const int32_t* b) * r [in] Field element to hold result. * a [in] Field element to square. */ -static WC_INLINE void fe448_sqr_8(int32_t* r, const int32_t* a) +static WC_INLINE void fe448_sqr_8(sword32* r, const sword32* a) { - int64_t t; - int64_t t0 = (int64_t)a[ 0] * a[ 0]; - int64_t t1 = 2 * (int64_t)a[ 0] * a[ 1]; - int64_t t2 = 2 * (int64_t)a[ 0] * a[ 2]; - int64_t t102 = (int64_t)a[ 1] * a[ 1]; - int64_t t3 = 2 * (int64_t)a[ 0] * a[ 3]; - int64_t t103 = 2 * (int64_t)a[ 1] * a[ 2]; - int64_t t4 = 2 * (int64_t)a[ 0] * a[ 4]; - int64_t t104 = 2 * (int64_t)a[ 1] * a[ 3]; - int64_t t204 = (int64_t)a[ 2] * a[ 2]; - int64_t t5 = 2 * (int64_t)a[ 0] * a[ 5]; - int64_t t105 = 2 * (int64_t)a[ 1] * a[ 4]; - int64_t t205 = 2 * (int64_t)a[ 2] * a[ 3]; - int64_t t6 = 2 * (int64_t)a[ 0] * a[ 6]; - int64_t t106 = 2 * (int64_t)a[ 1] * a[ 5]; - int64_t t206 = 2 * (int64_t)a[ 2] * a[ 4]; - int64_t t306 = (int64_t)a[ 3] * a[ 3]; - int64_t t7 = 2 * (int64_t)a[ 0] * a[ 7]; - int64_t t107 = 2 * (int64_t)a[ 1] * a[ 6]; - int64_t t207 = 2 * (int64_t)a[ 2] * a[ 5]; - int64_t t307 = 2 * (int64_t)a[ 3] * a[ 4]; - int64_t t8 = 2 * (int64_t)a[ 1] * a[ 7]; - int64_t t108 = 2 * (int64_t)a[ 2] * a[ 6]; - int64_t t208 = 2 * (int64_t)a[ 3] * a[ 5]; - int64_t t308 = (int64_t)a[ 4] * a[ 4]; - int64_t t9 = 2 * (int64_t)a[ 2] * a[ 7]; - int64_t t109 = 2 * (int64_t)a[ 3] * a[ 6]; - int64_t t209 = 2 * (int64_t)a[ 4] * a[ 5]; - int64_t t10 = 2 * (int64_t)a[ 3] * a[ 7]; - int64_t t110 = 2 * (int64_t)a[ 4] * a[ 6]; - int64_t t210 = (int64_t)a[ 5] * a[ 5]; - int64_t t11 = 2 * (int64_t)a[ 4] * a[ 7]; - int64_t t111 = 2 * (int64_t)a[ 5] * a[ 6]; - int64_t t12 = 2 * (int64_t)a[ 5] * a[ 7]; - int64_t t112 = (int64_t)a[ 6] * a[ 6]; - int64_t t13 = 2 * (int64_t)a[ 6] * a[ 7]; - int64_t t14 = (int64_t)a[ 7] * a[ 7]; + sword64 t; + sword64 t0 = (sword64)a[ 0] * a[ 0]; + sword64 t1 = 2 * (sword64)a[ 0] * a[ 1]; + sword64 t2 = 2 * (sword64)a[ 0] * a[ 2]; + sword64 t102 = (sword64)a[ 1] * a[ 1]; + sword64 t3 = 2 * (sword64)a[ 0] * a[ 3]; + sword64 t103 = 2 * (sword64)a[ 1] * a[ 2]; + sword64 t4 = 2 * (sword64)a[ 0] * a[ 4]; + sword64 t104 = 2 * (sword64)a[ 1] * a[ 3]; + sword64 t204 = (sword64)a[ 2] * a[ 2]; + sword64 t5 = 2 * (sword64)a[ 0] * a[ 5]; + sword64 t105 = 2 * (sword64)a[ 1] * a[ 4]; + sword64 t205 = 2 * (sword64)a[ 2] * a[ 3]; + sword64 t6 = 2 * (sword64)a[ 0] * a[ 6]; + sword64 t106 = 2 * (sword64)a[ 1] * a[ 5]; + sword64 t206 = 2 * (sword64)a[ 2] * a[ 4]; + sword64 t306 = (sword64)a[ 3] * a[ 3]; + sword64 t7 = 2 * (sword64)a[ 0] * a[ 7]; + sword64 t107 = 2 * (sword64)a[ 1] * a[ 6]; + sword64 t207 = 2 * (sword64)a[ 2] * a[ 5]; + sword64 t307 = 2 * (sword64)a[ 3] * a[ 4]; + sword64 t8 = 2 * (sword64)a[ 1] * a[ 7]; + sword64 t108 = 2 * (sword64)a[ 2] * a[ 6]; + sword64 t208 = 2 * (sword64)a[ 3] * a[ 5]; + sword64 t308 = (sword64)a[ 4] * a[ 4]; + sword64 t9 = 2 * (sword64)a[ 2] * a[ 7]; + sword64 t109 = 2 * (sword64)a[ 3] * a[ 6]; + sword64 t209 = 2 * (sword64)a[ 4] * a[ 5]; + sword64 t10 = 2 * (sword64)a[ 3] * a[ 7]; + sword64 t110 = 2 * (sword64)a[ 4] * a[ 6]; + sword64 t210 = (sword64)a[ 5] * a[ 5]; + sword64 t11 = 2 * (sword64)a[ 4] * a[ 7]; + sword64 t111 = 2 * (sword64)a[ 5] * a[ 6]; + sword64 t12 = 2 * (sword64)a[ 5] * a[ 7]; + sword64 t112 = (sword64)a[ 6] * a[ 6]; + sword64 t13 = 2 * (sword64)a[ 6] * a[ 7]; + sword64 t14 = (sword64)a[ 7] * a[ 7]; t2 += t102; t3 += t103; t4 += t104; t4 += t204; @@ -2049,8 +2049,8 @@ static WC_INLINE void fe448_sqr_8(int32_t* r, const int32_t* a) t10 += t110; t10 += t210; t11 += t111; t12 += t112; - int64_t o = t14 >> 28; - int64_t t15 = o; + sword64 o = t14 >> 28; + sword64 t15 = o; t14 -= o << 28; o = (t0 >> 28); t1 += o; t = o << 28; t0 -= t; o = (t1 >> 28); t2 += o; t = o << 28; t1 -= t; @@ -2071,22 +2071,22 @@ static WC_INLINE void fe448_sqr_8(int32_t* r, const int32_t* a) t8 += o; t = o << 28; t15 -= t; /* Store */ - r[0] = (int32_t)t0; - r[1] = (int32_t)t1; - r[2] = (int32_t)t2; - r[3] = (int32_t)t3; - r[4] = (int32_t)t4; - r[5] = (int32_t)t5; - r[6] = (int32_t)t6; - r[7] = (int32_t)t7; - r[8] = (int32_t)t8; - r[9] = (int32_t)t9; - r[10] = (int32_t)t10; - r[11] = (int32_t)t11; - r[12] = (int32_t)t12; - r[13] = (int32_t)t13; - r[14] = (int32_t)t14; - r[15] = (int32_t)t15; + r[0] = (sword32)t0; + r[1] = (sword32)t1; + r[2] = (sword32)t2; + r[3] = (sword32)t3; + r[4] = (sword32)t4; + r[5] = (sword32)t5; + r[6] = (sword32)t6; + r[7] = (sword32)t7; + r[8] = (sword32)t8; + r[9] = (sword32)t9; + r[10] = (sword32)t10; + r[11] = (sword32)t11; + r[12] = (sword32)t12; + r[13] = (sword32)t13; + r[14] = (sword32)t14; + r[15] = (sword32)t15; } /* Square a field element. r = (a * a) mod (2^448 - 2^224 - 1) @@ -2094,12 +2094,12 @@ static WC_INLINE void fe448_sqr_8(int32_t* r, const int32_t* a) * r [in] Field element to hold result. * a [in] Field element to square. */ -void fe448_sqr(int32_t* r, const int32_t* a) +void fe448_sqr(sword32* r, const sword32* a) { - int32_t r0[16]; - int32_t r1[16]; - int32_t* a1 = r1; - int32_t r2[16]; + sword32 r0[16]; + sword32 r1[16]; + sword32* a1 = r1; + sword32 r2[16]; a1[0] = a[0] + a[8]; a1[1] = a[1] + a[9]; a1[2] = a[2] + a[10]; @@ -2137,12 +2137,12 @@ void fe448_sqr(int32_t* r, const int32_t* a) * r [in] Field element to hold result. * a [in] Field element to invert. */ -void fe448_invert(int32_t* r, const int32_t* a) +void fe448_invert(sword32* r, const sword32* a) { - int32_t t1[16]; - int32_t t2[16]; - int32_t t3[16]; - int32_t t4[16]; + sword32 t1[16]; + sword32 t2[16]; + sword32 t3[16]; + sword32 t4[16]; int i; fe448_sqr(t1, a); @@ -2208,13 +2208,13 @@ void fe448_invert(int32_t* r, const int32_t* a) */ int curve448(byte* r, const byte* n, const byte* a) { - int32_t x1[16]; - int32_t x2[16]; - int32_t z2[16]; - int32_t x3[16]; - int32_t z3[16]; - int32_t t0[16]; - int32_t t1[16]; + sword32 x1[16]; + sword32 x2[16]; + sword32 z2[16]; + sword32 x3[16]; + sword32 z3[16]; + sword32 t0[16]; + sword32 t1[16]; int i; unsigned int swap; unsigned int b; @@ -2272,11 +2272,11 @@ int curve448(byte* r, const byte* n, const byte* a) * a [in] Field element. * returns 0 when zero, and any other value otherwise. */ -int fe448_isnonzero(const int32_t* a) +int fe448_isnonzero(const sword32* a) { - uint8_t b[56]; + byte b[56]; int i; - uint8_t c = 0; + byte c = 0; fe448_to_bytes(b, a); for (i = 0; i < 56; i++) c |= b[i]; @@ -2289,9 +2289,9 @@ int fe448_isnonzero(const int32_t* a) * a [in] Field element. * returns 1 when negative, and 0 otherwise. */ -int fe448_isnegative(const int32_t* a) +int fe448_isnegative(const sword32* a) { - uint8_t b[56]; + byte b[56]; fe448_to_bytes(b, a); return b[0] & 1; } @@ -2301,7 +2301,7 @@ int fe448_isnegative(const int32_t* a) * r [in] Field element to hold result. * a [in] Field element. */ -void fe448_neg(int32_t* r, const int32_t* a) +void fe448_neg(sword32* r, const sword32* a) { r[0] = -a[0]; r[1] = -a[1]; @@ -2327,13 +2327,13 @@ void fe448_neg(int32_t* r, const int32_t* a) * r [in] Field element to hold result. * a [in] Field element to exponentiate. */ -void fe448_pow_2_446_222_1(int32_t* r, const int32_t* a) +void fe448_pow_2_446_222_1(sword32* r, const sword32* a) { - int32_t t1[16]; - int32_t t2[16]; - int32_t t3[16]; - int32_t t4[16]; - int32_t t5[16]; + sword32 t1[16]; + sword32 t2[16]; + sword32 t3[16]; + sword32 t4[16]; + sword32 t5[16]; int i; fe448_sqr(t3, a); @@ -2413,25 +2413,25 @@ void fe448_pow_2_446_222_1(int32_t* r, const int32_t* a) * b A field element. * c If 1 then copy and if 0 then don't copy. */ -void fe448_cmov(int32_t* a, const int32_t* b, int c) +void fe448_cmov(sword32* a, const sword32* b, int c) { - int32_t m = -(int32_t)c; - int32_t t0 = m & (a[0] ^ b[0]); - int32_t t1 = m & (a[1] ^ b[1]); - int32_t t2 = m & (a[2] ^ b[2]); - int32_t t3 = m & (a[3] ^ b[3]); - int32_t t4 = m & (a[4] ^ b[4]); - int32_t t5 = m & (a[5] ^ b[5]); - int32_t t6 = m & (a[6] ^ b[6]); - int32_t t7 = m & (a[7] ^ b[7]); - int32_t t8 = m & (a[8] ^ b[8]); - int32_t t9 = m & (a[9] ^ b[9]); - int32_t t10 = m & (a[10] ^ b[10]); - int32_t t11 = m & (a[11] ^ b[11]); - int32_t t12 = m & (a[12] ^ b[12]); - int32_t t13 = m & (a[13] ^ b[13]); - int32_t t14 = m & (a[14] ^ b[14]); - int32_t t15 = m & (a[15] ^ b[15]); + sword32 m = -(sword32)c; + sword32 t0 = m & (a[0] ^ b[0]); + sword32 t1 = m & (a[1] ^ b[1]); + sword32 t2 = m & (a[2] ^ b[2]); + sword32 t3 = m & (a[3] ^ b[3]); + sword32 t4 = m & (a[4] ^ b[4]); + sword32 t5 = m & (a[5] ^ b[5]); + sword32 t6 = m & (a[6] ^ b[6]); + sword32 t7 = m & (a[7] ^ b[7]); + sword32 t8 = m & (a[8] ^ b[8]); + sword32 t9 = m & (a[9] ^ b[9]); + sword32 t10 = m & (a[10] ^ b[10]); + sword32 t11 = m & (a[11] ^ b[11]); + sword32 t12 = m & (a[12] ^ b[12]); + sword32 t13 = m & (a[13] ^ b[13]); + sword32 t14 = m & (a[14] ^ b[14]); + sword32 t15 = m & (a[15] ^ b[15]); a[0] ^= t0; a[1] ^= t1; diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index 64d3cec5b..8a0248a5f 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -58,23 +58,23 @@ t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on context. */ -uint64_t load_3(const unsigned char *in) +word64 load_3(const unsigned char *in) { - uint64_t result; - result = (uint64_t) in[0]; - result |= ((uint64_t) in[1]) << 8; - result |= ((uint64_t) in[2]) << 16; + word64 result; + result = (word64) in[0]; + result |= ((word64) in[1]) << 8; + result |= ((word64) in[2]) << 16; return result; } -uint64_t load_4(const unsigned char *in) +word64 load_4(const unsigned char *in) { - uint64_t result; - result = (uint64_t) in[0]; - result |= ((uint64_t) in[1]) << 8; - result |= ((uint64_t) in[2]) << 16; - result |= ((uint64_t) in[3]) << 24; + word64 result; + result = (word64) in[0]; + result |= ((word64) in[1]) << 8; + result |= ((word64) in[2]) << 16; + result |= ((word64) in[3]) << 24; return result; } #endif @@ -223,134 +223,134 @@ See fe_mul.c for discussion of implementation strategy. void fe_sq(fe h,const fe f) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t f0_2 = 2 * f0; - int32_t f1_2 = 2 * f1; - int32_t f2_2 = 2 * f2; - int32_t f3_2 = 2 * f3; - int32_t f4_2 = 2 * f4; - int32_t f5_2 = 2 * f5; - int32_t f6_2 = 2 * f6; - int32_t f7_2 = 2 * f7; - int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ - int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ - int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ - int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ - int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * (int64_t) f0; - int64_t f0f1_2 = f0_2 * (int64_t) f1; - int64_t f0f2_2 = f0_2 * (int64_t) f2; - int64_t f0f3_2 = f0_2 * (int64_t) f3; - int64_t f0f4_2 = f0_2 * (int64_t) f4; - int64_t f0f5_2 = f0_2 * (int64_t) f5; - int64_t f0f6_2 = f0_2 * (int64_t) f6; - int64_t f0f7_2 = f0_2 * (int64_t) f7; - int64_t f0f8_2 = f0_2 * (int64_t) f8; - int64_t f0f9_2 = f0_2 * (int64_t) f9; - int64_t f1f1_2 = f1_2 * (int64_t) f1; - int64_t f1f2_2 = f1_2 * (int64_t) f2; - int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - int64_t f1f4_2 = f1_2 * (int64_t) f4; - int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - int64_t f1f6_2 = f1_2 * (int64_t) f6; - int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - int64_t f1f8_2 = f1_2 * (int64_t) f8; - int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - int64_t f2f2 = f2 * (int64_t) f2; - int64_t f2f3_2 = f2_2 * (int64_t) f3; - int64_t f2f4_2 = f2_2 * (int64_t) f4; - int64_t f2f5_2 = f2_2 * (int64_t) f5; - int64_t f2f6_2 = f2_2 * (int64_t) f6; - int64_t f2f7_2 = f2_2 * (int64_t) f7; - int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - int64_t f2f9_38 = f2 * (int64_t) f9_38; - int64_t f3f3_2 = f3_2 * (int64_t) f3; - int64_t f3f4_2 = f3_2 * (int64_t) f4; - int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - int64_t f3f6_2 = f3_2 * (int64_t) f6; - int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - int64_t f4f4 = f4 * (int64_t) f4; - int64_t f4f5_2 = f4_2 * (int64_t) f5; - int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - int64_t f4f7_38 = f4 * (int64_t) f7_38; - int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - int64_t f4f9_38 = f4 * (int64_t) f9_38; - int64_t f5f5_38 = f5 * (int64_t) f5_38; - int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - int64_t f6f6_19 = f6 * (int64_t) f6_19; - int64_t f6f7_38 = f6 * (int64_t) f7_38; - int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - int64_t f6f9_38 = f6 * (int64_t) f9_38; - int64_t f7f7_38 = f7 * (int64_t) f7_38; - int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - int64_t f8f8_19 = f8 * (int64_t) f8_19; - int64_t f8f9_38 = f8 * (int64_t) f9_38; - int64_t f9f9_38 = f9 * (int64_t) f9_38; - int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; - int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; - int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; - int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; - int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; - int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; - int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; - int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; - int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; - int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; + sword32 f0_2 = 2 * f0; + sword32 f1_2 = 2 * f1; + sword32 f2_2 = 2 * f2; + sword32 f3_2 = 2 * f3; + sword32 f4_2 = 2 * f4; + sword32 f5_2 = 2 * f5; + sword32 f6_2 = 2 * f6; + sword32 f7_2 = 2 * f7; + sword32 f5_38 = 38 * f5; /* 1.959375*2^30 */ + sword32 f6_19 = 19 * f6; /* 1.959375*2^30 */ + sword32 f7_38 = 38 * f7; /* 1.959375*2^30 */ + sword32 f8_19 = 19 * f8; /* 1.959375*2^30 */ + sword32 f9_38 = 38 * f9; /* 1.959375*2^30 */ + sword64 f0f0 = f0 * (sword64) f0; + sword64 f0f1_2 = f0_2 * (sword64) f1; + sword64 f0f2_2 = f0_2 * (sword64) f2; + sword64 f0f3_2 = f0_2 * (sword64) f3; + sword64 f0f4_2 = f0_2 * (sword64) f4; + sword64 f0f5_2 = f0_2 * (sword64) f5; + sword64 f0f6_2 = f0_2 * (sword64) f6; + sword64 f0f7_2 = f0_2 * (sword64) f7; + sword64 f0f8_2 = f0_2 * (sword64) f8; + sword64 f0f9_2 = f0_2 * (sword64) f9; + sword64 f1f1_2 = f1_2 * (sword64) f1; + sword64 f1f2_2 = f1_2 * (sword64) f2; + sword64 f1f3_4 = f1_2 * (sword64) f3_2; + sword64 f1f4_2 = f1_2 * (sword64) f4; + sword64 f1f5_4 = f1_2 * (sword64) f5_2; + sword64 f1f6_2 = f1_2 * (sword64) f6; + sword64 f1f7_4 = f1_2 * (sword64) f7_2; + sword64 f1f8_2 = f1_2 * (sword64) f8; + sword64 f1f9_76 = f1_2 * (sword64) f9_38; + sword64 f2f2 = f2 * (sword64) f2; + sword64 f2f3_2 = f2_2 * (sword64) f3; + sword64 f2f4_2 = f2_2 * (sword64) f4; + sword64 f2f5_2 = f2_2 * (sword64) f5; + sword64 f2f6_2 = f2_2 * (sword64) f6; + sword64 f2f7_2 = f2_2 * (sword64) f7; + sword64 f2f8_38 = f2_2 * (sword64) f8_19; + sword64 f2f9_38 = f2 * (sword64) f9_38; + sword64 f3f3_2 = f3_2 * (sword64) f3; + sword64 f3f4_2 = f3_2 * (sword64) f4; + sword64 f3f5_4 = f3_2 * (sword64) f5_2; + sword64 f3f6_2 = f3_2 * (sword64) f6; + sword64 f3f7_76 = f3_2 * (sword64) f7_38; + sword64 f3f8_38 = f3_2 * (sword64) f8_19; + sword64 f3f9_76 = f3_2 * (sword64) f9_38; + sword64 f4f4 = f4 * (sword64) f4; + sword64 f4f5_2 = f4_2 * (sword64) f5; + sword64 f4f6_38 = f4_2 * (sword64) f6_19; + sword64 f4f7_38 = f4 * (sword64) f7_38; + sword64 f4f8_38 = f4_2 * (sword64) f8_19; + sword64 f4f9_38 = f4 * (sword64) f9_38; + sword64 f5f5_38 = f5 * (sword64) f5_38; + sword64 f5f6_38 = f5_2 * (sword64) f6_19; + sword64 f5f7_76 = f5_2 * (sword64) f7_38; + sword64 f5f8_38 = f5_2 * (sword64) f8_19; + sword64 f5f9_76 = f5_2 * (sword64) f9_38; + sword64 f6f6_19 = f6 * (sword64) f6_19; + sword64 f6f7_38 = f6 * (sword64) f7_38; + sword64 f6f8_38 = f6_2 * (sword64) f8_19; + sword64 f6f9_38 = f6 * (sword64) f9_38; + sword64 f7f7_38 = f7 * (sword64) f7_38; + sword64 f7f8_38 = f7_2 * (sword64) f8_19; + sword64 f7f9_76 = f7_2 * (sword64) f9_38; + sword64 f8f8_19 = f8 * (sword64) f8_19; + sword64 f8f9_38 = f8 * (sword64) f9_38; + sword64 f9f9_38 = f9 * (sword64) f9_38; + sword64 h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; + sword64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; + sword64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; + sword64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; + sword64 h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; + sword64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; + sword64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; + sword64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; + sword64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; + sword64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; + sword64 carry0; + sword64 carry1; + sword64 carry2; + sword64 carry3; + sword64 carry4; + sword64 carry5; + sword64 carry6; + sword64 carry7; + sword64 carry8; + sword64 carry9; - carry0 = (h0 + (int64_t) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry4 = (h4 + (int64_t) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; + carry0 = (h0 + (sword64) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; + carry4 = (h4 + (sword64) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry1 = (h1 + (int64_t) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry5 = (h5 + (int64_t) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; + carry1 = (h1 + (sword64) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; + carry5 = (h5 + (sword64) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - carry2 = (h2 + (int64_t) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry6 = (h6 + (int64_t) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; + carry2 = (h2 + (sword64) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; + carry6 = (h6 + (sword64) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - carry3 = (h3 + (int64_t) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry7 = (h7 + (int64_t) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; + carry3 = (h3 + (sword64) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; + carry7 = (h7 + (sword64) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - carry4 = (h4 + (int64_t) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry8 = (h8 + (int64_t) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; + carry4 = (h4 + (sword64) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; + carry8 = (h8 + (sword64) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - carry9 = (h9 + (int64_t) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; + carry9 = (h9 + (sword64) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - carry0 = (h0 + (int64_t) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; + carry0 = (h0 + (sword64) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; + h[0] = (sword32)h0; + h[1] = (sword32)h1; + h[2] = (sword32)h2; + h[3] = (sword32)h3; + h[4] = (sword32)h4; + h[5] = (sword32)h5; + h[6] = (sword32)h6; + h[7] = (sword32)h7; + h[8] = (sword32)h8; + h[9] = (sword32)h9; } @@ -368,36 +368,36 @@ Postconditions: void fe_add(fe h,const fe f,const fe g) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t g0 = g[0]; - int32_t g1 = g[1]; - int32_t g2 = g[2]; - int32_t g3 = g[3]; - int32_t g4 = g[4]; - int32_t g5 = g[5]; - int32_t g6 = g[6]; - int32_t g7 = g[7]; - int32_t g8 = g[8]; - int32_t g9 = g[9]; - int32_t h0 = f0 + g0; - int32_t h1 = f1 + g1; - int32_t h2 = f2 + g2; - int32_t h3 = f3 + g3; - int32_t h4 = f4 + g4; - int32_t h5 = f5 + g5; - int32_t h6 = f6 + g6; - int32_t h7 = f7 + g7; - int32_t h8 = f8 + g8; - int32_t h9 = f9 + g9; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; + sword32 g0 = g[0]; + sword32 g1 = g[1]; + sword32 g2 = g[2]; + sword32 g3 = g[3]; + sword32 g4 = g[4]; + sword32 g5 = g[5]; + sword32 g6 = g[6]; + sword32 g7 = g[7]; + sword32 g8 = g[8]; + sword32 g9 = g[9]; + sword32 h0 = f0 + g0; + sword32 h1 = f1 + g1; + sword32 h2 = f2 + g2; + sword32 h3 = f3 + g3; + sword32 h4 = f4 + g4; + sword32 h5 = f5 + g5; + sword32 h6 = f6 + g6; + sword32 h7 = f7 + g7; + sword32 h8 = f8 + g8; + sword32 h9 = f9 + g9; h[0] = h0; h[1] = h1; h[2] = h2; @@ -438,29 +438,29 @@ Proof: void fe_tobytes(unsigned char *s,const fe h) { - int32_t h0 = h[0]; - int32_t h1 = h[1]; - int32_t h2 = h[2]; - int32_t h3 = h[3]; - int32_t h4 = h[4]; - int32_t h5 = h[5]; - int32_t h6 = h[6]; - int32_t h7 = h[7]; - int32_t h8 = h[8]; - int32_t h9 = h[9]; - int32_t q; - int32_t carry0; - int32_t carry1; - int32_t carry2; - int32_t carry3; - int32_t carry4; - int32_t carry5; - int32_t carry6; - int32_t carry7; - int32_t carry8; - int32_t carry9; + sword32 h0 = h[0]; + sword32 h1 = h[1]; + sword32 h2 = h[2]; + sword32 h3 = h[3]; + sword32 h4 = h[4]; + sword32 h5 = h[5]; + sword32 h6 = h[6]; + sword32 h7 = h[7]; + sword32 h8 = h[8]; + sword32 h9 = h[9]; + sword32 q; + sword32 carry0; + sword32 carry1; + sword32 carry2; + sword32 carry3; + sword32 carry4; + sword32 carry5; + sword32 carry6; + sword32 carry7; + sword32 carry8; + sword32 carry9; - q = (19 * h9 + (((int32_t) 1) << 24)) >> 25; + q = (19 * h9 + (((sword32) 1) << 24)) >> 25; q = (h0 + q) >> 26; q = (h1 + q) >> 25; q = (h2 + q) >> 26; @@ -544,36 +544,36 @@ Postconditions: void fe_sub(fe h,const fe f,const fe g) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t g0 = g[0]; - int32_t g1 = g[1]; - int32_t g2 = g[2]; - int32_t g3 = g[3]; - int32_t g4 = g[4]; - int32_t g5 = g[5]; - int32_t g6 = g[6]; - int32_t g7 = g[7]; - int32_t g8 = g[8]; - int32_t g9 = g[9]; - int32_t h0 = f0 - g0; - int32_t h1 = f1 - g1; - int32_t h2 = f2 - g2; - int32_t h3 = f3 - g3; - int32_t h4 = f4 - g4; - int32_t h5 = f5 - g5; - int32_t h6 = f6 - g6; - int32_t h7 = f7 - g7; - int32_t h8 = f8 - g8; - int32_t h9 = f9 - g9; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; + sword32 g0 = g[0]; + sword32 g1 = g[1]; + sword32 g2 = g[2]; + sword32 g3 = g[3]; + sword32 g4 = g[4]; + sword32 g5 = g[5]; + sword32 g6 = g[6]; + sword32 g7 = g[7]; + sword32 g8 = g[8]; + sword32 g9 = g[9]; + sword32 h0 = f0 - g0; + sword32 h1 = f1 - g1; + sword32 h2 = f2 - g2; + sword32 h3 = f3 - g3; + sword32 h4 = f4 - g4; + sword32 h5 = f5 - g5; + sword32 h6 = f6 - g6; + sword32 h7 = f7 - g7; + sword32 h8 = f8 - g8; + sword32 h9 = f9 - g9; h[0] = h0; h[1] = h1; h[2] = h2; @@ -595,49 +595,49 @@ Ignores top bit of h. void fe_frombytes(fe h,const unsigned char *s) { - int64_t h0 = load_4(s); - int64_t h1 = load_3(s + 4) << 6; - int64_t h2 = load_3(s + 7) << 5; - int64_t h3 = load_3(s + 10) << 3; - int64_t h4 = load_3(s + 13) << 2; - int64_t h5 = load_4(s + 16); - int64_t h6 = load_3(s + 20) << 7; - int64_t h7 = load_3(s + 23) << 5; - int64_t h8 = load_3(s + 26) << 4; - int64_t h9 = (load_3(s + 29) & 8388607) << 2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; + sword64 h0 = load_4(s); + sword64 h1 = load_3(s + 4) << 6; + sword64 h2 = load_3(s + 7) << 5; + sword64 h3 = load_3(s + 10) << 3; + sword64 h4 = load_3(s + 13) << 2; + sword64 h5 = load_4(s + 16); + sword64 h6 = load_3(s + 20) << 7; + sword64 h7 = load_3(s + 23) << 5; + sword64 h8 = load_3(s + 26) << 4; + sword64 h9 = (load_3(s + 29) & 8388607) << 2; + sword64 carry0; + sword64 carry1; + sword64 carry2; + sword64 carry3; + sword64 carry4; + sword64 carry5; + sword64 carry6; + sword64 carry7; + sword64 carry8; + sword64 carry9; - carry9 = (h9 + (int64_t) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - carry1 = (h1 + (int64_t) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry3 = (h3 + (int64_t) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry5 = (h5 + (int64_t) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - carry7 = (h7 + (int64_t) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; + carry9 = (h9 + (sword64) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; + carry1 = (h1 + (sword64) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; + carry3 = (h3 + (sword64) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; + carry5 = (h5 + (sword64) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; + carry7 = (h7 + (sword64) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - carry0 = (h0 + (int64_t) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry2 = (h2 + (int64_t) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry4 = (h4 + (int64_t) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry6 = (h6 + (int64_t) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - carry8 = (h8 + (int64_t) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; + carry0 = (h0 + (sword64) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; + carry2 = (h2 + (sword64) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; + carry4 = (h4 + (sword64) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; + carry6 = (h6 + (sword64) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; + carry8 = (h8 + (sword64) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; + h[0] = (sword32)h0; + h[1] = (sword32)h1; + h[2] = (sword32)h2; + h[3] = (sword32)h3; + h[4] = (sword32)h4; + h[5] = (sword32)h5; + h[6] = (sword32)h6; + h[7] = (sword32)h7; + h[8] = (sword32)h8; + h[9] = (sword32)h9; } #endif @@ -684,16 +684,16 @@ h = f void fe_copy(fe h,const fe f) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; h[0] = f0; h[1] = f1; h[2] = f2; @@ -741,160 +741,160 @@ With tighter constraints on inputs can squeeze carries into int32. void fe_mul(fe h,const fe f,const fe g) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t g0 = g[0]; - int32_t g1 = g[1]; - int32_t g2 = g[2]; - int32_t g3 = g[3]; - int32_t g4 = g[4]; - int32_t g5 = g[5]; - int32_t g6 = g[6]; - int32_t g7 = g[7]; - int32_t g8 = g[8]; - int32_t g9 = g[9]; - int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */ - int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ - int32_t g3_19 = 19 * g3; - int32_t g4_19 = 19 * g4; - int32_t g5_19 = 19 * g5; - int32_t g6_19 = 19 * g6; - int32_t g7_19 = 19 * g7; - int32_t g8_19 = 19 * g8; - int32_t g9_19 = 19 * g9; - int32_t f1_2 = 2 * f1; - int32_t f3_2 = 2 * f3; - int32_t f5_2 = 2 * f5; - int32_t f7_2 = 2 * f7; - int32_t f9_2 = 2 * f9; - int64_t f0g0 = f0 * (int64_t) g0; - int64_t f0g1 = f0 * (int64_t) g1; - int64_t f0g2 = f0 * (int64_t) g2; - int64_t f0g3 = f0 * (int64_t) g3; - int64_t f0g4 = f0 * (int64_t) g4; - int64_t f0g5 = f0 * (int64_t) g5; - int64_t f0g6 = f0 * (int64_t) g6; - int64_t f0g7 = f0 * (int64_t) g7; - int64_t f0g8 = f0 * (int64_t) g8; - int64_t f0g9 = f0 * (int64_t) g9; - int64_t f1g0 = f1 * (int64_t) g0; - int64_t f1g1_2 = f1_2 * (int64_t) g1; - int64_t f1g2 = f1 * (int64_t) g2; - int64_t f1g3_2 = f1_2 * (int64_t) g3; - int64_t f1g4 = f1 * (int64_t) g4; - int64_t f1g5_2 = f1_2 * (int64_t) g5; - int64_t f1g6 = f1 * (int64_t) g6; - int64_t f1g7_2 = f1_2 * (int64_t) g7; - int64_t f1g8 = f1 * (int64_t) g8; - int64_t f1g9_38 = f1_2 * (int64_t) g9_19; - int64_t f2g0 = f2 * (int64_t) g0; - int64_t f2g1 = f2 * (int64_t) g1; - int64_t f2g2 = f2 * (int64_t) g2; - int64_t f2g3 = f2 * (int64_t) g3; - int64_t f2g4 = f2 * (int64_t) g4; - int64_t f2g5 = f2 * (int64_t) g5; - int64_t f2g6 = f2 * (int64_t) g6; - int64_t f2g7 = f2 * (int64_t) g7; - int64_t f2g8_19 = f2 * (int64_t) g8_19; - int64_t f2g9_19 = f2 * (int64_t) g9_19; - int64_t f3g0 = f3 * (int64_t) g0; - int64_t f3g1_2 = f3_2 * (int64_t) g1; - int64_t f3g2 = f3 * (int64_t) g2; - int64_t f3g3_2 = f3_2 * (int64_t) g3; - int64_t f3g4 = f3 * (int64_t) g4; - int64_t f3g5_2 = f3_2 * (int64_t) g5; - int64_t f3g6 = f3 * (int64_t) g6; - int64_t f3g7_38 = f3_2 * (int64_t) g7_19; - int64_t f3g8_19 = f3 * (int64_t) g8_19; - int64_t f3g9_38 = f3_2 * (int64_t) g9_19; - int64_t f4g0 = f4 * (int64_t) g0; - int64_t f4g1 = f4 * (int64_t) g1; - int64_t f4g2 = f4 * (int64_t) g2; - int64_t f4g3 = f4 * (int64_t) g3; - int64_t f4g4 = f4 * (int64_t) g4; - int64_t f4g5 = f4 * (int64_t) g5; - int64_t f4g6_19 = f4 * (int64_t) g6_19; - int64_t f4g7_19 = f4 * (int64_t) g7_19; - int64_t f4g8_19 = f4 * (int64_t) g8_19; - int64_t f4g9_19 = f4 * (int64_t) g9_19; - int64_t f5g0 = f5 * (int64_t) g0; - int64_t f5g1_2 = f5_2 * (int64_t) g1; - int64_t f5g2 = f5 * (int64_t) g2; - int64_t f5g3_2 = f5_2 * (int64_t) g3; - int64_t f5g4 = f5 * (int64_t) g4; - int64_t f5g5_38 = f5_2 * (int64_t) g5_19; - int64_t f5g6_19 = f5 * (int64_t) g6_19; - int64_t f5g7_38 = f5_2 * (int64_t) g7_19; - int64_t f5g8_19 = f5 * (int64_t) g8_19; - int64_t f5g9_38 = f5_2 * (int64_t) g9_19; - int64_t f6g0 = f6 * (int64_t) g0; - int64_t f6g1 = f6 * (int64_t) g1; - int64_t f6g2 = f6 * (int64_t) g2; - int64_t f6g3 = f6 * (int64_t) g3; - int64_t f6g4_19 = f6 * (int64_t) g4_19; - int64_t f6g5_19 = f6 * (int64_t) g5_19; - int64_t f6g6_19 = f6 * (int64_t) g6_19; - int64_t f6g7_19 = f6 * (int64_t) g7_19; - int64_t f6g8_19 = f6 * (int64_t) g8_19; - int64_t f6g9_19 = f6 * (int64_t) g9_19; - int64_t f7g0 = f7 * (int64_t) g0; - int64_t f7g1_2 = f7_2 * (int64_t) g1; - int64_t f7g2 = f7 * (int64_t) g2; - int64_t f7g3_38 = f7_2 * (int64_t) g3_19; - int64_t f7g4_19 = f7 * (int64_t) g4_19; - int64_t f7g5_38 = f7_2 * (int64_t) g5_19; - int64_t f7g6_19 = f7 * (int64_t) g6_19; - int64_t f7g7_38 = f7_2 * (int64_t) g7_19; - int64_t f7g8_19 = f7 * (int64_t) g8_19; - int64_t f7g9_38 = f7_2 * (int64_t) g9_19; - int64_t f8g0 = f8 * (int64_t) g0; - int64_t f8g1 = f8 * (int64_t) g1; - int64_t f8g2_19 = f8 * (int64_t) g2_19; - int64_t f8g3_19 = f8 * (int64_t) g3_19; - int64_t f8g4_19 = f8 * (int64_t) g4_19; - int64_t f8g5_19 = f8 * (int64_t) g5_19; - int64_t f8g6_19 = f8 * (int64_t) g6_19; - int64_t f8g7_19 = f8 * (int64_t) g7_19; - int64_t f8g8_19 = f8 * (int64_t) g8_19; - int64_t f8g9_19 = f8 * (int64_t) g9_19; - int64_t f9g0 = f9 * (int64_t) g0; - int64_t f9g1_38 = f9_2 * (int64_t) g1_19; - int64_t f9g2_19 = f9 * (int64_t) g2_19; - int64_t f9g3_38 = f9_2 * (int64_t) g3_19; - int64_t f9g4_19 = f9 * (int64_t) g4_19; - int64_t f9g5_38 = f9_2 * (int64_t) g5_19; - int64_t f9g6_19 = f9 * (int64_t) g6_19; - int64_t f9g7_38 = f9_2 * (int64_t) g7_19; - int64_t f9g8_19 = f9 * (int64_t) g8_19; - int64_t f9g9_38 = f9_2 * (int64_t) g9_19; - int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38; - int64_t h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19; - int64_t h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38; - int64_t h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19; - int64_t h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38; - int64_t h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19; - int64_t h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38; - int64_t h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19; - int64_t h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38; - int64_t h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; + sword32 g0 = g[0]; + sword32 g1 = g[1]; + sword32 g2 = g[2]; + sword32 g3 = g[3]; + sword32 g4 = g[4]; + sword32 g5 = g[5]; + sword32 g6 = g[6]; + sword32 g7 = g[7]; + sword32 g8 = g[8]; + sword32 g9 = g[9]; + sword32 g1_19 = 19 * g1; /* 1.959375*2^29 */ + sword32 g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ + sword32 g3_19 = 19 * g3; + sword32 g4_19 = 19 * g4; + sword32 g5_19 = 19 * g5; + sword32 g6_19 = 19 * g6; + sword32 g7_19 = 19 * g7; + sword32 g8_19 = 19 * g8; + sword32 g9_19 = 19 * g9; + sword32 f1_2 = 2 * f1; + sword32 f3_2 = 2 * f3; + sword32 f5_2 = 2 * f5; + sword32 f7_2 = 2 * f7; + sword32 f9_2 = 2 * f9; + sword64 f0g0 = f0 * (sword64) g0; + sword64 f0g1 = f0 * (sword64) g1; + sword64 f0g2 = f0 * (sword64) g2; + sword64 f0g3 = f0 * (sword64) g3; + sword64 f0g4 = f0 * (sword64) g4; + sword64 f0g5 = f0 * (sword64) g5; + sword64 f0g6 = f0 * (sword64) g6; + sword64 f0g7 = f0 * (sword64) g7; + sword64 f0g8 = f0 * (sword64) g8; + sword64 f0g9 = f0 * (sword64) g9; + sword64 f1g0 = f1 * (sword64) g0; + sword64 f1g1_2 = f1_2 * (sword64) g1; + sword64 f1g2 = f1 * (sword64) g2; + sword64 f1g3_2 = f1_2 * (sword64) g3; + sword64 f1g4 = f1 * (sword64) g4; + sword64 f1g5_2 = f1_2 * (sword64) g5; + sword64 f1g6 = f1 * (sword64) g6; + sword64 f1g7_2 = f1_2 * (sword64) g7; + sword64 f1g8 = f1 * (sword64) g8; + sword64 f1g9_38 = f1_2 * (sword64) g9_19; + sword64 f2g0 = f2 * (sword64) g0; + sword64 f2g1 = f2 * (sword64) g1; + sword64 f2g2 = f2 * (sword64) g2; + sword64 f2g3 = f2 * (sword64) g3; + sword64 f2g4 = f2 * (sword64) g4; + sword64 f2g5 = f2 * (sword64) g5; + sword64 f2g6 = f2 * (sword64) g6; + sword64 f2g7 = f2 * (sword64) g7; + sword64 f2g8_19 = f2 * (sword64) g8_19; + sword64 f2g9_19 = f2 * (sword64) g9_19; + sword64 f3g0 = f3 * (sword64) g0; + sword64 f3g1_2 = f3_2 * (sword64) g1; + sword64 f3g2 = f3 * (sword64) g2; + sword64 f3g3_2 = f3_2 * (sword64) g3; + sword64 f3g4 = f3 * (sword64) g4; + sword64 f3g5_2 = f3_2 * (sword64) g5; + sword64 f3g6 = f3 * (sword64) g6; + sword64 f3g7_38 = f3_2 * (sword64) g7_19; + sword64 f3g8_19 = f3 * (sword64) g8_19; + sword64 f3g9_38 = f3_2 * (sword64) g9_19; + sword64 f4g0 = f4 * (sword64) g0; + sword64 f4g1 = f4 * (sword64) g1; + sword64 f4g2 = f4 * (sword64) g2; + sword64 f4g3 = f4 * (sword64) g3; + sword64 f4g4 = f4 * (sword64) g4; + sword64 f4g5 = f4 * (sword64) g5; + sword64 f4g6_19 = f4 * (sword64) g6_19; + sword64 f4g7_19 = f4 * (sword64) g7_19; + sword64 f4g8_19 = f4 * (sword64) g8_19; + sword64 f4g9_19 = f4 * (sword64) g9_19; + sword64 f5g0 = f5 * (sword64) g0; + sword64 f5g1_2 = f5_2 * (sword64) g1; + sword64 f5g2 = f5 * (sword64) g2; + sword64 f5g3_2 = f5_2 * (sword64) g3; + sword64 f5g4 = f5 * (sword64) g4; + sword64 f5g5_38 = f5_2 * (sword64) g5_19; + sword64 f5g6_19 = f5 * (sword64) g6_19; + sword64 f5g7_38 = f5_2 * (sword64) g7_19; + sword64 f5g8_19 = f5 * (sword64) g8_19; + sword64 f5g9_38 = f5_2 * (sword64) g9_19; + sword64 f6g0 = f6 * (sword64) g0; + sword64 f6g1 = f6 * (sword64) g1; + sword64 f6g2 = f6 * (sword64) g2; + sword64 f6g3 = f6 * (sword64) g3; + sword64 f6g4_19 = f6 * (sword64) g4_19; + sword64 f6g5_19 = f6 * (sword64) g5_19; + sword64 f6g6_19 = f6 * (sword64) g6_19; + sword64 f6g7_19 = f6 * (sword64) g7_19; + sword64 f6g8_19 = f6 * (sword64) g8_19; + sword64 f6g9_19 = f6 * (sword64) g9_19; + sword64 f7g0 = f7 * (sword64) g0; + sword64 f7g1_2 = f7_2 * (sword64) g1; + sword64 f7g2 = f7 * (sword64) g2; + sword64 f7g3_38 = f7_2 * (sword64) g3_19; + sword64 f7g4_19 = f7 * (sword64) g4_19; + sword64 f7g5_38 = f7_2 * (sword64) g5_19; + sword64 f7g6_19 = f7 * (sword64) g6_19; + sword64 f7g7_38 = f7_2 * (sword64) g7_19; + sword64 f7g8_19 = f7 * (sword64) g8_19; + sword64 f7g9_38 = f7_2 * (sword64) g9_19; + sword64 f8g0 = f8 * (sword64) g0; + sword64 f8g1 = f8 * (sword64) g1; + sword64 f8g2_19 = f8 * (sword64) g2_19; + sword64 f8g3_19 = f8 * (sword64) g3_19; + sword64 f8g4_19 = f8 * (sword64) g4_19; + sword64 f8g5_19 = f8 * (sword64) g5_19; + sword64 f8g6_19 = f8 * (sword64) g6_19; + sword64 f8g7_19 = f8 * (sword64) g7_19; + sword64 f8g8_19 = f8 * (sword64) g8_19; + sword64 f8g9_19 = f8 * (sword64) g9_19; + sword64 f9g0 = f9 * (sword64) g0; + sword64 f9g1_38 = f9_2 * (sword64) g1_19; + sword64 f9g2_19 = f9 * (sword64) g2_19; + sword64 f9g3_38 = f9_2 * (sword64) g3_19; + sword64 f9g4_19 = f9 * (sword64) g4_19; + sword64 f9g5_38 = f9_2 * (sword64) g5_19; + sword64 f9g6_19 = f9 * (sword64) g6_19; + sword64 f9g7_38 = f9_2 * (sword64) g7_19; + sword64 f9g8_19 = f9 * (sword64) g8_19; + sword64 f9g9_38 = f9_2 * (sword64) g9_19; + sword64 h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38; + sword64 h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19; + sword64 h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38; + sword64 h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19; + sword64 h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38; + sword64 h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19; + sword64 h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38; + sword64 h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19; + sword64 h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38; + sword64 h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ; + sword64 carry0; + sword64 carry1; + sword64 carry2; + sword64 carry3; + sword64 carry4; + sword64 carry5; + sword64 carry6; + sword64 carry7; + sword64 carry8; + sword64 carry9; /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38)) @@ -903,59 +903,59 @@ void fe_mul(fe h,const fe f,const fe g) i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */ - carry0 = (h0 + (int64_t) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry4 = (h4 + (int64_t) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; + carry0 = (h0 + (sword64) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; + carry4 = (h4 + (sword64) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; /* |h0| <= 2^25 */ /* |h4| <= 2^25 */ /* |h1| <= 1.71*2^59 */ /* |h5| <= 1.71*2^59 */ - carry1 = (h1 + (int64_t) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry5 = (h5 + (int64_t) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; + carry1 = (h1 + (sword64) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; + carry5 = (h5 + (sword64) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; /* |h1| <= 2^24; from now on fits into int32 */ /* |h5| <= 2^24; from now on fits into int32 */ /* |h2| <= 1.41*2^60 */ /* |h6| <= 1.41*2^60 */ - carry2 = (h2 + (int64_t) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry6 = (h6 + (int64_t) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; + carry2 = (h2 + (sword64) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; + carry6 = (h6 + (sword64) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; /* |h2| <= 2^25; from now on fits into int32 unchanged */ /* |h6| <= 2^25; from now on fits into int32 unchanged */ /* |h3| <= 1.71*2^59 */ /* |h7| <= 1.71*2^59 */ - carry3 = (h3 + (int64_t) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry7 = (h7 + (int64_t) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; + carry3 = (h3 + (sword64) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; + carry7 = (h7 + (sword64) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; /* |h3| <= 2^24; from now on fits into int32 unchanged */ /* |h7| <= 2^24; from now on fits into int32 unchanged */ /* |h4| <= 1.72*2^34 */ /* |h8| <= 1.41*2^60 */ - carry4 = (h4 + (int64_t) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry8 = (h8 + (int64_t) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; + carry4 = (h4 + (sword64) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; + carry8 = (h8 + (sword64) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; /* |h4| <= 2^25; from now on fits into int32 unchanged */ /* |h8| <= 2^25; from now on fits into int32 unchanged */ /* |h5| <= 1.01*2^24 */ /* |h9| <= 1.71*2^59 */ - carry9 = (h9 + (int64_t) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; + carry9 = (h9 + (sword64) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; /* |h9| <= 2^24; from now on fits into int32 unchanged */ /* |h0| <= 1.1*2^39 */ - carry0 = (h0 + (int64_t) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; + carry0 = (h0 + (sword64) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; /* |h0| <= 2^25; from now on fits into int32 unchanged */ /* |h1| <= 1.01*2^24 */ - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; + h[0] = (sword32)h0; + h[1] = (sword32)h1; + h[2] = (sword32)h2; + h[3] = (sword32)h3; + h[4] = (sword32)h4; + h[5] = (sword32)h5; + h[6] = (sword32)h6; + h[7] = (sword32)h7; + h[8] = (sword32)h8; + h[9] = (sword32)h9; } @@ -968,36 +968,36 @@ Preconditions: b in {0,1}. void fe_cswap(fe f, fe g, int b) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t g0 = g[0]; - int32_t g1 = g[1]; - int32_t g2 = g[2]; - int32_t g3 = g[3]; - int32_t g4 = g[4]; - int32_t g5 = g[5]; - int32_t g6 = g[6]; - int32_t g7 = g[7]; - int32_t g8 = g[8]; - int32_t g9 = g[9]; - int32_t x0 = f0 ^ g0; - int32_t x1 = f1 ^ g1; - int32_t x2 = f2 ^ g2; - int32_t x3 = f3 ^ g3; - int32_t x4 = f4 ^ g4; - int32_t x5 = f5 ^ g5; - int32_t x6 = f6 ^ g6; - int32_t x7 = f7 ^ g7; - int32_t x8 = f8 ^ g8; - int32_t x9 = f9 ^ g9; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; + sword32 g0 = g[0]; + sword32 g1 = g[1]; + sword32 g2 = g[2]; + sword32 g3 = g[3]; + sword32 g4 = g[4]; + sword32 g5 = g[5]; + sword32 g6 = g[6]; + sword32 g7 = g[7]; + sword32 g8 = g[8]; + sword32 g9 = g[9]; + sword32 x0 = f0 ^ g0; + sword32 x1 = f1 ^ g1; + sword32 x2 = f2 ^ g2; + sword32 x3 = f3 ^ g3; + sword32 x4 = f4 ^ g4; + sword32 x5 = f5 ^ g5; + sword32 x6 = f6 ^ g6; + sword32 x7 = f7 ^ g7; + sword32 x8 = f8 ^ g8; + sword32 x9 = f9 ^ g9; b = -b; x0 &= b; x1 &= b; @@ -1045,59 +1045,59 @@ Postconditions: void fe_mul121666(fe h,fe f) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int64_t h0 = f0 * (int64_t) 121666; - int64_t h1 = f1 * (int64_t) 121666; - int64_t h2 = f2 * (int64_t) 121666; - int64_t h3 = f3 * (int64_t) 121666; - int64_t h4 = f4 * (int64_t) 121666; - int64_t h5 = f5 * (int64_t) 121666; - int64_t h6 = f6 * (int64_t) 121666; - int64_t h7 = f7 * (int64_t) 121666; - int64_t h8 = f8 * (int64_t) 121666; - int64_t h9 = f9 * (int64_t) 121666; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; + sword64 h0 = f0 * (sword64) 121666; + sword64 h1 = f1 * (sword64) 121666; + sword64 h2 = f2 * (sword64) 121666; + sword64 h3 = f3 * (sword64) 121666; + sword64 h4 = f4 * (sword64) 121666; + sword64 h5 = f5 * (sword64) 121666; + sword64 h6 = f6 * (sword64) 121666; + sword64 h7 = f7 * (sword64) 121666; + sword64 h8 = f8 * (sword64) 121666; + sword64 h9 = f9 * (sword64) 121666; + sword64 carry0; + sword64 carry1; + sword64 carry2; + sword64 carry3; + sword64 carry4; + sword64 carry5; + sword64 carry6; + sword64 carry7; + sword64 carry8; + sword64 carry9; - carry9 = (h9 + (int64_t) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - carry1 = (h1 + (int64_t) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry3 = (h3 + (int64_t) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry5 = (h5 + (int64_t) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - carry7 = (h7 + (int64_t) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; + carry9 = (h9 + (sword64) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; + carry1 = (h1 + (sword64) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; + carry3 = (h3 + (sword64) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; + carry5 = (h5 + (sword64) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; + carry7 = (h7 + (sword64) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - carry0 = (h0 + (int64_t) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry2 = (h2 + (int64_t) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry4 = (h4 + (int64_t) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry6 = (h6 + (int64_t) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - carry8 = (h8 + (int64_t) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; + carry0 = (h0 + (sword64) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; + carry2 = (h2 + (sword64) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; + carry4 = (h4 + (sword64) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; + carry6 = (h6 + (sword64) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; + carry8 = (h8 + (sword64) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; + h[0] = (sword32)h0; + h[1] = (sword32)h1; + h[2] = (sword32)h2; + h[3] = (sword32)h3; + h[4] = (sword32)h4; + h[5] = (sword32)h5; + h[6] = (sword32)h6; + h[7] = (sword32)h7; + h[8] = (sword32)h8; + h[9] = (sword32)h9; } @@ -1118,104 +1118,104 @@ See fe_mul.c for discussion of implementation strategy. void fe_sq2(fe h,const fe f) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t f0_2 = 2 * f0; - int32_t f1_2 = 2 * f1; - int32_t f2_2 = 2 * f2; - int32_t f3_2 = 2 * f3; - int32_t f4_2 = 2 * f4; - int32_t f5_2 = 2 * f5; - int32_t f6_2 = 2 * f6; - int32_t f7_2 = 2 * f7; - int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ - int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ - int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ - int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ - int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * (int64_t) f0; - int64_t f0f1_2 = f0_2 * (int64_t) f1; - int64_t f0f2_2 = f0_2 * (int64_t) f2; - int64_t f0f3_2 = f0_2 * (int64_t) f3; - int64_t f0f4_2 = f0_2 * (int64_t) f4; - int64_t f0f5_2 = f0_2 * (int64_t) f5; - int64_t f0f6_2 = f0_2 * (int64_t) f6; - int64_t f0f7_2 = f0_2 * (int64_t) f7; - int64_t f0f8_2 = f0_2 * (int64_t) f8; - int64_t f0f9_2 = f0_2 * (int64_t) f9; - int64_t f1f1_2 = f1_2 * (int64_t) f1; - int64_t f1f2_2 = f1_2 * (int64_t) f2; - int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - int64_t f1f4_2 = f1_2 * (int64_t) f4; - int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - int64_t f1f6_2 = f1_2 * (int64_t) f6; - int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - int64_t f1f8_2 = f1_2 * (int64_t) f8; - int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - int64_t f2f2 = f2 * (int64_t) f2; - int64_t f2f3_2 = f2_2 * (int64_t) f3; - int64_t f2f4_2 = f2_2 * (int64_t) f4; - int64_t f2f5_2 = f2_2 * (int64_t) f5; - int64_t f2f6_2 = f2_2 * (int64_t) f6; - int64_t f2f7_2 = f2_2 * (int64_t) f7; - int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - int64_t f2f9_38 = f2 * (int64_t) f9_38; - int64_t f3f3_2 = f3_2 * (int64_t) f3; - int64_t f3f4_2 = f3_2 * (int64_t) f4; - int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - int64_t f3f6_2 = f3_2 * (int64_t) f6; - int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - int64_t f4f4 = f4 * (int64_t) f4; - int64_t f4f5_2 = f4_2 * (int64_t) f5; - int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - int64_t f4f7_38 = f4 * (int64_t) f7_38; - int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - int64_t f4f9_38 = f4 * (int64_t) f9_38; - int64_t f5f5_38 = f5 * (int64_t) f5_38; - int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - int64_t f6f6_19 = f6 * (int64_t) f6_19; - int64_t f6f7_38 = f6 * (int64_t) f7_38; - int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - int64_t f6f9_38 = f6 * (int64_t) f9_38; - int64_t f7f7_38 = f7 * (int64_t) f7_38; - int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - int64_t f8f8_19 = f8 * (int64_t) f8_19; - int64_t f8f9_38 = f8 * (int64_t) f9_38; - int64_t f9f9_38 = f9 * (int64_t) f9_38; - int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; - int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; - int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; - int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; - int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; - int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; - int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; - int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; - int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; - int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; + sword32 f0_2 = 2 * f0; + sword32 f1_2 = 2 * f1; + sword32 f2_2 = 2 * f2; + sword32 f3_2 = 2 * f3; + sword32 f4_2 = 2 * f4; + sword32 f5_2 = 2 * f5; + sword32 f6_2 = 2 * f6; + sword32 f7_2 = 2 * f7; + sword32 f5_38 = 38 * f5; /* 1.959375*2^30 */ + sword32 f6_19 = 19 * f6; /* 1.959375*2^30 */ + sword32 f7_38 = 38 * f7; /* 1.959375*2^30 */ + sword32 f8_19 = 19 * f8; /* 1.959375*2^30 */ + sword32 f9_38 = 38 * f9; /* 1.959375*2^30 */ + sword64 f0f0 = f0 * (sword64) f0; + sword64 f0f1_2 = f0_2 * (sword64) f1; + sword64 f0f2_2 = f0_2 * (sword64) f2; + sword64 f0f3_2 = f0_2 * (sword64) f3; + sword64 f0f4_2 = f0_2 * (sword64) f4; + sword64 f0f5_2 = f0_2 * (sword64) f5; + sword64 f0f6_2 = f0_2 * (sword64) f6; + sword64 f0f7_2 = f0_2 * (sword64) f7; + sword64 f0f8_2 = f0_2 * (sword64) f8; + sword64 f0f9_2 = f0_2 * (sword64) f9; + sword64 f1f1_2 = f1_2 * (sword64) f1; + sword64 f1f2_2 = f1_2 * (sword64) f2; + sword64 f1f3_4 = f1_2 * (sword64) f3_2; + sword64 f1f4_2 = f1_2 * (sword64) f4; + sword64 f1f5_4 = f1_2 * (sword64) f5_2; + sword64 f1f6_2 = f1_2 * (sword64) f6; + sword64 f1f7_4 = f1_2 * (sword64) f7_2; + sword64 f1f8_2 = f1_2 * (sword64) f8; + sword64 f1f9_76 = f1_2 * (sword64) f9_38; + sword64 f2f2 = f2 * (sword64) f2; + sword64 f2f3_2 = f2_2 * (sword64) f3; + sword64 f2f4_2 = f2_2 * (sword64) f4; + sword64 f2f5_2 = f2_2 * (sword64) f5; + sword64 f2f6_2 = f2_2 * (sword64) f6; + sword64 f2f7_2 = f2_2 * (sword64) f7; + sword64 f2f8_38 = f2_2 * (sword64) f8_19; + sword64 f2f9_38 = f2 * (sword64) f9_38; + sword64 f3f3_2 = f3_2 * (sword64) f3; + sword64 f3f4_2 = f3_2 * (sword64) f4; + sword64 f3f5_4 = f3_2 * (sword64) f5_2; + sword64 f3f6_2 = f3_2 * (sword64) f6; + sword64 f3f7_76 = f3_2 * (sword64) f7_38; + sword64 f3f8_38 = f3_2 * (sword64) f8_19; + sword64 f3f9_76 = f3_2 * (sword64) f9_38; + sword64 f4f4 = f4 * (sword64) f4; + sword64 f4f5_2 = f4_2 * (sword64) f5; + sword64 f4f6_38 = f4_2 * (sword64) f6_19; + sword64 f4f7_38 = f4 * (sword64) f7_38; + sword64 f4f8_38 = f4_2 * (sword64) f8_19; + sword64 f4f9_38 = f4 * (sword64) f9_38; + sword64 f5f5_38 = f5 * (sword64) f5_38; + sword64 f5f6_38 = f5_2 * (sword64) f6_19; + sword64 f5f7_76 = f5_2 * (sword64) f7_38; + sword64 f5f8_38 = f5_2 * (sword64) f8_19; + sword64 f5f9_76 = f5_2 * (sword64) f9_38; + sword64 f6f6_19 = f6 * (sword64) f6_19; + sword64 f6f7_38 = f6 * (sword64) f7_38; + sword64 f6f8_38 = f6_2 * (sword64) f8_19; + sword64 f6f9_38 = f6 * (sword64) f9_38; + sword64 f7f7_38 = f7 * (sword64) f7_38; + sword64 f7f8_38 = f7_2 * (sword64) f8_19; + sword64 f7f9_76 = f7_2 * (sword64) f9_38; + sword64 f8f8_19 = f8 * (sword64) f8_19; + sword64 f8f9_38 = f8 * (sword64) f9_38; + sword64 f9f9_38 = f9 * (sword64) f9_38; + sword64 h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; + sword64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; + sword64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; + sword64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; + sword64 h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; + sword64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; + sword64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; + sword64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; + sword64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; + sword64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; + sword64 carry0; + sword64 carry1; + sword64 carry2; + sword64 carry3; + sword64 carry4; + sword64 carry5; + sword64 carry6; + sword64 carry7; + sword64 carry8; + sword64 carry9; h0 += h0; h1 += h1; @@ -1228,35 +1228,35 @@ void fe_sq2(fe h,const fe f) h8 += h8; h9 += h9; - carry0 = (h0 + (int64_t) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry4 = (h4 + (int64_t) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; + carry0 = (h0 + (sword64) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; + carry4 = (h4 + (sword64) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry1 = (h1 + (int64_t) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry5 = (h5 + (int64_t) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; + carry1 = (h1 + (sword64) (1UL<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; + carry5 = (h5 + (sword64) (1UL<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - carry2 = (h2 + (int64_t) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry6 = (h6 + (int64_t) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; + carry2 = (h2 + (sword64) (1UL<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; + carry6 = (h6 + (sword64) (1UL<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - carry3 = (h3 + (int64_t) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry7 = (h7 + (int64_t) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; + carry3 = (h3 + (sword64) (1UL<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; + carry7 = (h7 + (sword64) (1UL<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - carry4 = (h4 + (int64_t) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry8 = (h8 + (int64_t) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; + carry4 = (h4 + (sword64) (1UL<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; + carry8 = (h8 + (sword64) (1UL<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - carry9 = (h9 + (int64_t) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; + carry9 = (h9 + (sword64) (1UL<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - carry0 = (h0 + (int64_t) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; + carry0 = (h0 + (sword64) (1UL<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; + h[0] = (sword32)h0; + h[1] = (sword32)h1; + h[2] = (sword32)h2; + h[3] = (sword32)h3; + h[4] = (sword32)h4; + h[5] = (sword32)h5; + h[6] = (sword32)h6; + h[7] = (sword32)h7; + h[8] = (sword32)h8; + h[9] = (sword32)h9; } @@ -1306,26 +1306,26 @@ Postconditions: void fe_neg(fe h,const fe f) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t h0 = -f0; - int32_t h1 = -f1; - int32_t h2 = -f2; - int32_t h3 = -f3; - int32_t h4 = -f4; - int32_t h5 = -f5; - int32_t h6 = -f6; - int32_t h7 = -f7; - int32_t h8 = -f8; - int32_t h9 = -f9; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; + sword32 h0 = -f0; + sword32 h1 = -f1; + sword32 h2 = -f2; + sword32 h3 = -f3; + sword32 h4 = -f4; + sword32 h5 = -f5; + sword32 h6 = -f6; + sword32 h7 = -f7; + sword32 h8 = -f8; + sword32 h9 = -f9; h[0] = h0; h[1] = h1; h[2] = h2; @@ -1379,36 +1379,36 @@ Preconditions: b in {0,1}. void fe_cmov(fe f, const fe g, int b) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t g0 = g[0]; - int32_t g1 = g[1]; - int32_t g2 = g[2]; - int32_t g3 = g[3]; - int32_t g4 = g[4]; - int32_t g5 = g[5]; - int32_t g6 = g[6]; - int32_t g7 = g[7]; - int32_t g8 = g[8]; - int32_t g9 = g[9]; - int32_t x0 = f0 ^ g0; - int32_t x1 = f1 ^ g1; - int32_t x2 = f2 ^ g2; - int32_t x3 = f3 ^ g3; - int32_t x4 = f4 ^ g4; - int32_t x5 = f5 ^ g5; - int32_t x6 = f6 ^ g6; - int32_t x7 = f7 ^ g7; - int32_t x8 = f8 ^ g8; - int32_t x9 = f9 ^ g9; + sword32 f0 = f[0]; + sword32 f1 = f[1]; + sword32 f2 = f[2]; + sword32 f3 = f[3]; + sword32 f4 = f[4]; + sword32 f5 = f[5]; + sword32 f6 = f[6]; + sword32 f7 = f[7]; + sword32 f8 = f[8]; + sword32 f9 = f[9]; + sword32 g0 = g[0]; + sword32 g1 = g[1]; + sword32 g2 = g[2]; + sword32 g3 = g[3]; + sword32 g4 = g[4]; + sword32 g5 = g[5]; + sword32 g6 = g[6]; + sword32 g7 = g[7]; + sword32 g8 = g[8]; + sword32 g9 = g[9]; + sword32 x0 = f0 ^ g0; + sword32 x1 = f1 ^ g1; + sword32 x2 = f2 ^ g2; + sword32 x3 = f3 ^ g3; + sword32 x4 = f4 ^ g4; + sword32 x5 = f5 ^ g5; + sword32 x6 = f6 ^ g6; + sword32 x7 = f7 ^ g7; + sword32 x8 = f8 ^ g8; + sword32 x9 = f9 ^ g9; b = -b; x0 &= b; x1 &= b; diff --git a/wolfcrypt/src/fe_x25519_128.i b/wolfcrypt/src/fe_x25519_128.i index a20fcf79a..4f5aaf3df 100644 --- a/wolfcrypt/src/fe_x25519_128.i +++ b/wolfcrypt/src/fe_x25519_128.i @@ -1,6 +1,6 @@ /* fe_x25519_128.i * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2021 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,42 +31,42 @@ void fe_init(void) */ void fe_frombytes(fe out, const unsigned char *in) { - out[0] = (((int64_t)((in[ 0] ) )) ) - | (((int64_t)((in[ 1] ) )) << 8) - | (((int64_t)((in[ 2] ) )) << 16) - | (((int64_t)((in[ 3] ) )) << 24) - | (((int64_t)((in[ 4] ) )) << 32) - | (((int64_t)((in[ 5] ) )) << 40) - | (((int64_t)((in[ 6] ) & 0x07)) << 48); - out[1] = (((int64_t)((in[ 6] >> 3) & 0x1f)) ) - | (((int64_t)((in[ 7] ) )) << 5) - | (((int64_t)((in[ 8] ) )) << 13) - | (((int64_t)((in[ 9] ) )) << 21) - | (((int64_t)((in[10] ) )) << 29) - | (((int64_t)((in[11] ) )) << 37) - | (((int64_t)((in[12] ) & 0x3f)) << 45); - out[2] = (((int64_t)((in[12] >> 6) & 0x03)) ) - | (((int64_t)((in[13] ) )) << 2) - | (((int64_t)((in[14] ) )) << 10) - | (((int64_t)((in[15] ) )) << 18) - | (((int64_t)((in[16] ) )) << 26) - | (((int64_t)((in[17] ) )) << 34) - | (((int64_t)((in[18] ) )) << 42) - | (((int64_t)((in[19] ) & 0x01)) << 50); - out[3] = (((int64_t)((in[19] >> 1) & 0x7f)) ) - | (((int64_t)((in[20] ) )) << 7) - | (((int64_t)((in[21] ) )) << 15) - | (((int64_t)((in[22] ) )) << 23) - | (((int64_t)((in[23] ) )) << 31) - | (((int64_t)((in[24] ) )) << 39) - | (((int64_t)((in[25] ) & 0x0f)) << 47); - out[4] = (((int64_t)((in[25] >> 4) & 0x0f)) ) - | (((int64_t)((in[26] ) )) << 4) - | (((int64_t)((in[27] ) )) << 12) - | (((int64_t)((in[28] ) )) << 20) - | (((int64_t)((in[29] ) )) << 28) - | (((int64_t)((in[30] ) )) << 36) - | (((int64_t)((in[31] ) & 0x7f)) << 44); + out[0] = (((sword64)((in[ 0] ) )) ) + | (((sword64)((in[ 1] ) )) << 8) + | (((sword64)((in[ 2] ) )) << 16) + | (((sword64)((in[ 3] ) )) << 24) + | (((sword64)((in[ 4] ) )) << 32) + | (((sword64)((in[ 5] ) )) << 40) + | (((sword64)((in[ 6] ) & 0x07)) << 48); + out[1] = (((sword64)((in[ 6] >> 3) & 0x1f)) ) + | (((sword64)((in[ 7] ) )) << 5) + | (((sword64)((in[ 8] ) )) << 13) + | (((sword64)((in[ 9] ) )) << 21) + | (((sword64)((in[10] ) )) << 29) + | (((sword64)((in[11] ) )) << 37) + | (((sword64)((in[12] ) & 0x3f)) << 45); + out[2] = (((sword64)((in[12] >> 6) & 0x03)) ) + | (((sword64)((in[13] ) )) << 2) + | (((sword64)((in[14] ) )) << 10) + | (((sword64)((in[15] ) )) << 18) + | (((sword64)((in[16] ) )) << 26) + | (((sword64)((in[17] ) )) << 34) + | (((sword64)((in[18] ) )) << 42) + | (((sword64)((in[19] ) & 0x01)) << 50); + out[3] = (((sword64)((in[19] >> 1) & 0x7f)) ) + | (((sword64)((in[20] ) )) << 7) + | (((sword64)((in[21] ) )) << 15) + | (((sword64)((in[22] ) )) << 23) + | (((sword64)((in[23] ) )) << 31) + | (((sword64)((in[24] ) )) << 39) + | (((sword64)((in[25] ) & 0x0f)) << 47); + out[4] = (((sword64)((in[25] >> 4) & 0x0f)) ) + | (((sword64)((in[26] ) )) << 4) + | (((sword64)((in[27] ) )) << 12) + | (((sword64)((in[28] ) )) << 20) + | (((sword64)((in[29] ) )) << 28) + | (((sword64)((in[30] ) )) << 36) + | (((sword64)((in[31] ) & 0x7f)) << 44); } /* Convert a number represented as an array of words to an array of bytes. @@ -79,7 +79,7 @@ void fe_frombytes(fe out, const unsigned char *in) void fe_tobytes(unsigned char *out, const fe n) { fe in; - int64_t c; + sword64 c; in[0] = n[0]; in[1] = n[1]; @@ -195,8 +195,8 @@ void fe_copy(fe r, const fe a) */ void fe_cswap(fe a, fe b, int c) { - int64_t m = c; - int64_t t0, t1, t2, t3, t4; + sword64 m = c; + sword64 t0, t1, t2, t3, t4; /* Convert conditional into mask. */ m = -m; @@ -507,8 +507,8 @@ void fe_neg(fe r, const fe a) */ void fe_cmov(fe a, const fe b, int c) { - int64_t m = c; - int64_t t0, t1, t2, t3, t4; + sword64 m = c; + sword64 t0, t1, t2, t3, t4; /* Convert conditional into mask. */ m = -m; @@ -595,13 +595,13 @@ void fe_sq2(fe r, const fe a) * in An array of bytes. * returns a 64-bit word. */ -uint64_t load_3(const unsigned char *in) +word64 load_3(const unsigned char *in) { - uint64_t result; + word64 result; - result = ((((uint64_t)in[0]) ) | - (((uint64_t)in[1]) << 8) | - (((uint64_t)in[2]) << 16)); + result = ((((word64)in[0]) ) | + (((word64)in[1]) << 8) | + (((word64)in[2]) << 16)); return result; } @@ -611,14 +611,14 @@ uint64_t load_3(const unsigned char *in) * in An array of bytes. * returns a 64-bit word. */ -uint64_t load_4(const unsigned char *in) +word64 load_4(const unsigned char *in) { - uint64_t result; + word64 result; - result = ((((uint64_t)in[0]) ) | - (((uint64_t)in[1]) << 8) | - (((uint64_t)in[2]) << 16) | - (((uint64_t)in[3]) << 24)); + result = ((((word64)in[0]) ) | + (((word64)in[1]) << 8) | + (((word64)in[2]) << 16) | + (((word64)in[3]) << 24)); return result; } diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c index 971880cb2..419fc5a39 100644 --- a/wolfcrypt/src/ge_448.c +++ b/wolfcrypt/src/ge_448.c @@ -1,6 +1,6 @@ /* ge_448.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2021 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -78,7 +78,7 @@ static const ge448_p2 ed448_base = { }; /* Part of order of ed448 that needs tp be multiplied when reducing */ -static const uint8_t ed448_order_mul[56] = { +static const word8 ed448_order_mul[56] = { 0x0d, 0xbb, 0xa7, 0x54, 0x6d, 0x3d, 0x87, 0xdc, 0xaa, 0x70, 0x3a, 0x72, 0x8d, 0x3d, 0x93, 0xde, 0x6f, 0xc9, 0x29, 0x51, 0xb6, 0x24, 0xb1, 0x3b, 0x16, 0xdc, 0x35, 0x83, @@ -89,18 +89,18 @@ static const uint8_t ed448_order_mul[56] = { * * b [in] Scalar to reduce. */ -void sc448_reduce(uint8_t* b) +void sc448_reduce(byte* b) { int i, j; - uint32_t t[114]; - uint8_t o; + word32 t[114]; + word8 o; for (i = 0; i < 86; i++) { t[i] = b[i]; } for (i = 0; i < 58; i++) { for (j = 0; j < 28; j++) - t[i+j] += b[i+56] * ((uint32_t)ed448_order_mul[j] << 2); + t[i+j] += b[i+56] * ((word32)ed448_order_mul[j] << 2); t[i+56] = 0; } for (i = 54; i < 87; i++) { @@ -109,7 +109,7 @@ void sc448_reduce(uint8_t* b) } for (i = 0; i < 31; i++) { for (j = 0; j < 28; j++) - t[i+j] += t[i+56] * ((uint32_t)ed448_order_mul[j] << 2); + t[i+j] += t[i+56] * ((word32)ed448_order_mul[j] << 2); t[i+56] = 0; } for (i = 54; i < 60; i++) { @@ -118,7 +118,7 @@ void sc448_reduce(uint8_t* b) } for (i = 0; i < 4; i++) { for (j = 0; j < 28; j++) - t[i+j] += t[i+56] * ((uint32_t)ed448_order_mul[j] << 2); + t[i+j] += t[i+56] * ((word32)ed448_order_mul[j] << 2); t[i+56] = 0; } for (i = 0; i < 55; i++) { @@ -128,7 +128,7 @@ void sc448_reduce(uint8_t* b) o = t[55] >> 6; t[55] &= 0x3f; for (j = 0; j < 28; j++) - t[j] += o * (uint32_t)ed448_order_mul[j]; + t[j] += o * (word32)ed448_order_mul[j]; for (i = 0; i < 55; i++) { t[i+1] += t[i] >> 8; b[i] = t[i] & 0xff; @@ -144,19 +144,18 @@ void sc448_reduce(uint8_t* b) * b [in] Scalar to multiply. * d [in] Scalar to add to multiplicative result. */ -void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, - const uint8_t* d) +void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) { int i, j; - uint32_t t[112]; - uint8_t o; + word32 t[112]; + word8 o; /* a * b + d */ for (i = 0; i < 56; i++) t[i] = d[i]; for (i = 0; i < 56; i++) { for (j = 0; j < 56; j++) - t[i+j] += (int16_t)a[i] * b[j]; + t[i+j] += (sword16)a[i] * b[j]; t[i+56] = 0; } @@ -166,7 +165,7 @@ void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, } for (i = 0; i < 56; i++) { for (j = 0; j < 28; j++) - t[i+j] += t[i+56] * ((uint32_t)ed448_order_mul[j] << 2); + t[i+j] += t[i+56] * ((word32)ed448_order_mul[j] << 2); t[i+56] = 0; } for (i = 54; i < 85; i++) { @@ -175,7 +174,7 @@ void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, } for (i = 0; i < 29; i++) { for (j = 0; j < 28; j++) - t[i+j] += t[i+56] * ((uint32_t)ed448_order_mul[j] << 2); + t[i+j] += t[i+56] * ((word32)ed448_order_mul[j] << 2); t[i+56] = 0; } for (i = 54; i < 58; i++) { @@ -184,7 +183,7 @@ void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, } for (i = 0; i < 2; i++) { for (j = 0; j < 28; j++) - t[i+j] += t[i+56] * ((uint32_t)ed448_order_mul[j] << 2); + t[i+j] += t[i+56] * ((word32)ed448_order_mul[j] << 2); t[i+56] = 0; } for (i = 0; i < 55; i++) { @@ -194,7 +193,7 @@ void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, o = t[55] >> 6; t[55] &= 0x3f; for (j = 0; j < 28; j++) - t[j] += o * (uint32_t)ed448_order_mul[j]; + t[j] += o * (word32)ed448_order_mul[j]; for (i = 0; i < 55; i++) { t[i+1] += t[i] >> 8; r[i] = t[i] & 0xff; @@ -277,7 +276,7 @@ static WC_INLINE void ge448_add(ge448_p2* r, const ge448_p2* p, * b [in] Array of bytes to hold compressed point. * p [in] Point to convert. */ -void ge448_to_bytes(uint8_t *s, const ge448_p2 *h) +void ge448_to_bytes(byte *s, const ge448_p2 *h) { ge448 recip[56]; ge448 x[56]; @@ -296,7 +295,7 @@ void ge448_to_bytes(uint8_t *s, const ge448_p2 *h) * xIn [in] The x-ordinate. * yIn [in] The y-ordinate. */ -int ge448_compress_key(uint8_t* out, const uint8_t* xIn, const uint8_t* yIn) +int ge448_compress_key(byte* out, const byte* xIn, const byte* yIn) { ge448 x[56]; @@ -314,7 +313,7 @@ int ge448_compress_key(uint8_t* out, const uint8_t* xIn, const uint8_t* yIn) * r [in] Point to hold result. * a [in] Scalar to multiply by. */ -static void ge448_scalarmult(ge448_p2* h, const ge448_p2* p, const uint8_t* a) +static void ge448_scalarmult(ge448_p2* h, const ge448_p2* p, const byte* a) { ge448_p2 r; ge448_p2 s; @@ -343,7 +342,7 @@ static void ge448_scalarmult(ge448_p2* h, const ge448_p2* p, const uint8_t* a) * r [in] Point to hold result. * a [in] Scalar to multiply by. */ -void ge448_scalarmult_base(ge448_p2* h, const uint8_t* a) +void ge448_scalarmult_base(ge448_p2* h, const byte* a) { ge448_scalarmult(h, &ed448_base, a); } @@ -356,8 +355,8 @@ void ge448_scalarmult_base(ge448_p2* h, const uint8_t* a) * r [in] Point to hold result. * a [in] Scalar to multiply by. */ -int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a, - const ge448_p2 *A, const uint8_t *b) +int ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a, + const ge448_p2 *A, const byte *b) { ge448_p2 t; @@ -376,7 +375,7 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a, * b [in] Array of bytes representing point. * returns 0 on success and -1 on failure. */ -int ge448_from_bytes_negate_vartime(ge448_p2 *r, const uint8_t *b) +int ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b) { int ret = 0; ge448 u[GE448_WORDS]; @@ -433,152 +432,152 @@ int ge448_from_bytes_negate_vartime(ge448_p2 *r, const uint8_t *b) * * b [in] Scalar to reduce. */ -void sc448_reduce(uint8_t* b) +void sc448_reduce(byte* b) { - uint64_t d[8]; - uint128_t t[17]; - uint128_t c; - uint64_t o; + word64 d[8]; + word128 t[17]; + word128 c; + word64 o; /* Load from bytes */ - t[ 0] = ((int64_t) (b[ 0]) << 0) - | ((int64_t) (b[ 1]) << 8) - | ((int64_t) (b[ 2]) << 16) - | ((int64_t) (b[ 3]) << 24) - | ((int64_t) (b[ 4]) << 32) - | ((int64_t) (b[ 5]) << 40) - | ((int64_t) (b[ 6]) << 48); - t[ 1] = ((int64_t) (b[ 7]) << 0) - | ((int64_t) (b[ 8]) << 8) - | ((int64_t) (b[ 9]) << 16) - | ((int64_t) (b[10]) << 24) - | ((int64_t) (b[11]) << 32) - | ((int64_t) (b[12]) << 40) - | ((int64_t) (b[13]) << 48); - t[ 2] = ((int64_t) (b[14]) << 0) - | ((int64_t) (b[15]) << 8) - | ((int64_t) (b[16]) << 16) - | ((int64_t) (b[17]) << 24) - | ((int64_t) (b[18]) << 32) - | ((int64_t) (b[19]) << 40) - | ((int64_t) (b[20]) << 48); - t[ 3] = ((int64_t) (b[21]) << 0) - | ((int64_t) (b[22]) << 8) - | ((int64_t) (b[23]) << 16) - | ((int64_t) (b[24]) << 24) - | ((int64_t) (b[25]) << 32) - | ((int64_t) (b[26]) << 40) - | ((int64_t) (b[27]) << 48); - t[ 4] = ((int64_t) (b[28]) << 0) - | ((int64_t) (b[29]) << 8) - | ((int64_t) (b[30]) << 16) - | ((int64_t) (b[31]) << 24) - | ((int64_t) (b[32]) << 32) - | ((int64_t) (b[33]) << 40) - | ((int64_t) (b[34]) << 48); - t[ 5] = ((int64_t) (b[35]) << 0) - | ((int64_t) (b[36]) << 8) - | ((int64_t) (b[37]) << 16) - | ((int64_t) (b[38]) << 24) - | ((int64_t) (b[39]) << 32) - | ((int64_t) (b[40]) << 40) - | ((int64_t) (b[41]) << 48); - t[ 6] = ((int64_t) (b[42]) << 0) - | ((int64_t) (b[43]) << 8) - | ((int64_t) (b[44]) << 16) - | ((int64_t) (b[45]) << 24) - | ((int64_t) (b[46]) << 32) - | ((int64_t) (b[47]) << 40) - | ((int64_t) (b[48]) << 48); - t[ 7] = ((int64_t) (b[49]) << 0) - | ((int64_t) (b[50]) << 8) - | ((int64_t) (b[51]) << 16) - | ((int64_t) (b[52]) << 24) - | ((int64_t) (b[53]) << 32) - | ((int64_t) (b[54]) << 40) - | ((int64_t) (b[55]) << 48); - t[ 8] = ((int64_t) (b[56]) << 0) - | ((int64_t) (b[57]) << 8) - | ((int64_t) (b[58]) << 16) - | ((int64_t) (b[59]) << 24) - | ((int64_t) (b[60]) << 32) - | ((int64_t) (b[61]) << 40) - | ((int64_t) (b[62]) << 48); - t[ 9] = ((int64_t) (b[63]) << 0) - | ((int64_t) (b[64]) << 8) - | ((int64_t) (b[65]) << 16) - | ((int64_t) (b[66]) << 24) - | ((int64_t) (b[67]) << 32) - | ((int64_t) (b[68]) << 40) - | ((int64_t) (b[69]) << 48); - t[10] = ((int64_t) (b[70]) << 0) - | ((int64_t) (b[71]) << 8) - | ((int64_t) (b[72]) << 16) - | ((int64_t) (b[73]) << 24) - | ((int64_t) (b[74]) << 32) - | ((int64_t) (b[75]) << 40) - | ((int64_t) (b[76]) << 48); - t[11] = ((int64_t) (b[77]) << 0) - | ((int64_t) (b[78]) << 8) - | ((int64_t) (b[79]) << 16) - | ((int64_t) (b[80]) << 24) - | ((int64_t) (b[81]) << 32) - | ((int64_t) (b[82]) << 40) - | ((int64_t) (b[83]) << 48); - t[12] = ((int64_t) (b[84]) << 0) - | ((int64_t) (b[85]) << 8) - | ((int64_t) (b[86]) << 16) - | ((int64_t) (b[87]) << 24) - | ((int64_t) (b[88]) << 32) - | ((int64_t) (b[89]) << 40) - | ((int64_t) (b[90]) << 48); - t[13] = ((int64_t) (b[91]) << 0) - | ((int64_t) (b[92]) << 8) - | ((int64_t) (b[93]) << 16) - | ((int64_t) (b[94]) << 24) - | ((int64_t) (b[95]) << 32) - | ((int64_t) (b[96]) << 40) - | ((int64_t) (b[97]) << 48); - t[14] = ((int64_t) (b[98]) << 0) - | ((int64_t) (b[99]) << 8) - | ((int64_t) (b[100]) << 16) - | ((int64_t) (b[101]) << 24) - | ((int64_t) (b[102]) << 32) - | ((int64_t) (b[103]) << 40) - | ((int64_t) (b[104]) << 48); - t[15] = ((int64_t) (b[105]) << 0) - | ((int64_t) (b[106]) << 8) - | ((int64_t) (b[107]) << 16) - | ((int64_t) (b[108]) << 24) - | ((int64_t) (b[109]) << 32) - | ((int64_t) (b[110]) << 40) - | ((int64_t) (b[111]) << 48); - t[16] = ((int64_t) (b[112]) << 0) - | ((int64_t) (b[113]) << 8); + t[ 0] = ((sword64) (b[ 0]) << 0) + | ((sword64) (b[ 1]) << 8) + | ((sword64) (b[ 2]) << 16) + | ((sword64) (b[ 3]) << 24) + | ((sword64) (b[ 4]) << 32) + | ((sword64) (b[ 5]) << 40) + | ((sword64) (b[ 6]) << 48); + t[ 1] = ((sword64) (b[ 7]) << 0) + | ((sword64) (b[ 8]) << 8) + | ((sword64) (b[ 9]) << 16) + | ((sword64) (b[10]) << 24) + | ((sword64) (b[11]) << 32) + | ((sword64) (b[12]) << 40) + | ((sword64) (b[13]) << 48); + t[ 2] = ((sword64) (b[14]) << 0) + | ((sword64) (b[15]) << 8) + | ((sword64) (b[16]) << 16) + | ((sword64) (b[17]) << 24) + | ((sword64) (b[18]) << 32) + | ((sword64) (b[19]) << 40) + | ((sword64) (b[20]) << 48); + t[ 3] = ((sword64) (b[21]) << 0) + | ((sword64) (b[22]) << 8) + | ((sword64) (b[23]) << 16) + | ((sword64) (b[24]) << 24) + | ((sword64) (b[25]) << 32) + | ((sword64) (b[26]) << 40) + | ((sword64) (b[27]) << 48); + t[ 4] = ((sword64) (b[28]) << 0) + | ((sword64) (b[29]) << 8) + | ((sword64) (b[30]) << 16) + | ((sword64) (b[31]) << 24) + | ((sword64) (b[32]) << 32) + | ((sword64) (b[33]) << 40) + | ((sword64) (b[34]) << 48); + t[ 5] = ((sword64) (b[35]) << 0) + | ((sword64) (b[36]) << 8) + | ((sword64) (b[37]) << 16) + | ((sword64) (b[38]) << 24) + | ((sword64) (b[39]) << 32) + | ((sword64) (b[40]) << 40) + | ((sword64) (b[41]) << 48); + t[ 6] = ((sword64) (b[42]) << 0) + | ((sword64) (b[43]) << 8) + | ((sword64) (b[44]) << 16) + | ((sword64) (b[45]) << 24) + | ((sword64) (b[46]) << 32) + | ((sword64) (b[47]) << 40) + | ((sword64) (b[48]) << 48); + t[ 7] = ((sword64) (b[49]) << 0) + | ((sword64) (b[50]) << 8) + | ((sword64) (b[51]) << 16) + | ((sword64) (b[52]) << 24) + | ((sword64) (b[53]) << 32) + | ((sword64) (b[54]) << 40) + | ((sword64) (b[55]) << 48); + t[ 8] = ((sword64) (b[56]) << 0) + | ((sword64) (b[57]) << 8) + | ((sword64) (b[58]) << 16) + | ((sword64) (b[59]) << 24) + | ((sword64) (b[60]) << 32) + | ((sword64) (b[61]) << 40) + | ((sword64) (b[62]) << 48); + t[ 9] = ((sword64) (b[63]) << 0) + | ((sword64) (b[64]) << 8) + | ((sword64) (b[65]) << 16) + | ((sword64) (b[66]) << 24) + | ((sword64) (b[67]) << 32) + | ((sword64) (b[68]) << 40) + | ((sword64) (b[69]) << 48); + t[10] = ((sword64) (b[70]) << 0) + | ((sword64) (b[71]) << 8) + | ((sword64) (b[72]) << 16) + | ((sword64) (b[73]) << 24) + | ((sword64) (b[74]) << 32) + | ((sword64) (b[75]) << 40) + | ((sword64) (b[76]) << 48); + t[11] = ((sword64) (b[77]) << 0) + | ((sword64) (b[78]) << 8) + | ((sword64) (b[79]) << 16) + | ((sword64) (b[80]) << 24) + | ((sword64) (b[81]) << 32) + | ((sword64) (b[82]) << 40) + | ((sword64) (b[83]) << 48); + t[12] = ((sword64) (b[84]) << 0) + | ((sword64) (b[85]) << 8) + | ((sword64) (b[86]) << 16) + | ((sword64) (b[87]) << 24) + | ((sword64) (b[88]) << 32) + | ((sword64) (b[89]) << 40) + | ((sword64) (b[90]) << 48); + t[13] = ((sword64) (b[91]) << 0) + | ((sword64) (b[92]) << 8) + | ((sword64) (b[93]) << 16) + | ((sword64) (b[94]) << 24) + | ((sword64) (b[95]) << 32) + | ((sword64) (b[96]) << 40) + | ((sword64) (b[97]) << 48); + t[14] = ((sword64) (b[98]) << 0) + | ((sword64) (b[99]) << 8) + | ((sword64) (b[100]) << 16) + | ((sword64) (b[101]) << 24) + | ((sword64) (b[102]) << 32) + | ((sword64) (b[103]) << 40) + | ((sword64) (b[104]) << 48); + t[15] = ((sword64) (b[105]) << 0) + | ((sword64) (b[106]) << 8) + | ((sword64) (b[107]) << 16) + | ((sword64) (b[108]) << 24) + | ((sword64) (b[109]) << 32) + | ((sword64) (b[110]) << 40) + | ((sword64) (b[111]) << 48); + t[16] = ((sword64) (b[112]) << 0) + | ((sword64) (b[113]) << 8); /* Mod curve order */ /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */ /* Mod top half of extra words */ - t[ 4] += (int128_t)0x21cf5b5529eec34L * t[12]; - t[ 5] += (int128_t)0x0f635c8e9c2ab70L * t[12]; - t[ 6] += (int128_t)0x2d944a725bf7a4cL * t[12]; - t[ 7] += (int128_t)0x20cd77058eec490L * t[12]; - t[ 5] += (int128_t)0x21cf5b5529eec34L * t[13]; - t[ 6] += (int128_t)0x0f635c8e9c2ab70L * t[13]; - t[ 7] += (int128_t)0x2d944a725bf7a4cL * t[13]; - t[ 8] += (int128_t)0x20cd77058eec490L * t[13]; - t[ 6] += (int128_t)0x21cf5b5529eec34L * t[14]; - t[ 7] += (int128_t)0x0f635c8e9c2ab70L * t[14]; - t[ 8] += (int128_t)0x2d944a725bf7a4cL * t[14]; - t[ 9] += (int128_t)0x20cd77058eec490L * t[14]; - t[ 7] += (int128_t)0x21cf5b5529eec34L * t[15]; - t[ 8] += (int128_t)0x0f635c8e9c2ab70L * t[15]; - t[ 9] += (int128_t)0x2d944a725bf7a4cL * t[15]; - t[10] += (int128_t)0x20cd77058eec490L * t[15]; - t[ 8] += (int128_t)0x21cf5b5529eec34L * t[16]; - t[ 9] += (int128_t)0x0f635c8e9c2ab70L * t[16]; - t[10] += (int128_t)0x2d944a725bf7a4cL * t[16]; - t[11] += (int128_t)0x20cd77058eec490L * t[16]; + t[ 4] += (sword128)0x21cf5b5529eec34L * t[12]; + t[ 5] += (sword128)0x0f635c8e9c2ab70L * t[12]; + t[ 6] += (sword128)0x2d944a725bf7a4cL * t[12]; + t[ 7] += (sword128)0x20cd77058eec490L * t[12]; + t[ 5] += (sword128)0x21cf5b5529eec34L * t[13]; + t[ 6] += (sword128)0x0f635c8e9c2ab70L * t[13]; + t[ 7] += (sword128)0x2d944a725bf7a4cL * t[13]; + t[ 8] += (sword128)0x20cd77058eec490L * t[13]; + t[ 6] += (sword128)0x21cf5b5529eec34L * t[14]; + t[ 7] += (sword128)0x0f635c8e9c2ab70L * t[14]; + t[ 8] += (sword128)0x2d944a725bf7a4cL * t[14]; + t[ 9] += (sword128)0x20cd77058eec490L * t[14]; + t[ 7] += (sword128)0x21cf5b5529eec34L * t[15]; + t[ 8] += (sword128)0x0f635c8e9c2ab70L * t[15]; + t[ 9] += (sword128)0x2d944a725bf7a4cL * t[15]; + t[10] += (sword128)0x20cd77058eec490L * t[15]; + t[ 8] += (sword128)0x21cf5b5529eec34L * t[16]; + t[ 9] += (sword128)0x0f635c8e9c2ab70L * t[16]; + t[10] += (sword128)0x2d944a725bf7a4cL * t[16]; + t[11] += (sword128)0x20cd77058eec490L * t[16]; t[12] = 0; /* Propagate carries */ c = t[ 4] >> 56; t[ 5] += c; t[ 4] = t[ 4] & 0xffffffffffffff; @@ -590,26 +589,26 @@ void sc448_reduce(uint8_t* b) c = t[10] >> 56; t[11] += c; t[10] = t[10] & 0xffffffffffffff; c = t[11] >> 56; t[12] += c; t[11] = t[11] & 0xffffffffffffff; /* Mod bottom half of extra words */ - t[ 0] += (int128_t)0x21cf5b5529eec34L * t[ 8]; - t[ 1] += (int128_t)0x0f635c8e9c2ab70L * t[ 8]; - t[ 2] += (int128_t)0x2d944a725bf7a4cL * t[ 8]; - t[ 3] += (int128_t)0x20cd77058eec490L * t[ 8]; - t[ 1] += (int128_t)0x21cf5b5529eec34L * t[ 9]; - t[ 2] += (int128_t)0x0f635c8e9c2ab70L * t[ 9]; - t[ 3] += (int128_t)0x2d944a725bf7a4cL * t[ 9]; - t[ 4] += (int128_t)0x20cd77058eec490L * t[ 9]; - t[ 2] += (int128_t)0x21cf5b5529eec34L * t[10]; - t[ 3] += (int128_t)0x0f635c8e9c2ab70L * t[10]; - t[ 4] += (int128_t)0x2d944a725bf7a4cL * t[10]; - t[ 5] += (int128_t)0x20cd77058eec490L * t[10]; - t[ 3] += (int128_t)0x21cf5b5529eec34L * t[11]; - t[ 4] += (int128_t)0x0f635c8e9c2ab70L * t[11]; - t[ 5] += (int128_t)0x2d944a725bf7a4cL * t[11]; - t[ 6] += (int128_t)0x20cd77058eec490L * t[11]; - t[ 4] += (int128_t)0x21cf5b5529eec34L * t[12]; - t[ 5] += (int128_t)0x0f635c8e9c2ab70L * t[12]; - t[ 6] += (int128_t)0x2d944a725bf7a4cL * t[12]; - t[ 7] += (int128_t)0x20cd77058eec490L * t[12]; + t[ 0] += (sword128)0x21cf5b5529eec34L * t[ 8]; + t[ 1] += (sword128)0x0f635c8e9c2ab70L * t[ 8]; + t[ 2] += (sword128)0x2d944a725bf7a4cL * t[ 8]; + t[ 3] += (sword128)0x20cd77058eec490L * t[ 8]; + t[ 1] += (sword128)0x21cf5b5529eec34L * t[ 9]; + t[ 2] += (sword128)0x0f635c8e9c2ab70L * t[ 9]; + t[ 3] += (sword128)0x2d944a725bf7a4cL * t[ 9]; + t[ 4] += (sword128)0x20cd77058eec490L * t[ 9]; + t[ 2] += (sword128)0x21cf5b5529eec34L * t[10]; + t[ 3] += (sword128)0x0f635c8e9c2ab70L * t[10]; + t[ 4] += (sword128)0x2d944a725bf7a4cL * t[10]; + t[ 5] += (sword128)0x20cd77058eec490L * t[10]; + t[ 3] += (sword128)0x21cf5b5529eec34L * t[11]; + t[ 4] += (sword128)0x0f635c8e9c2ab70L * t[11]; + t[ 5] += (sword128)0x2d944a725bf7a4cL * t[11]; + t[ 6] += (sword128)0x20cd77058eec490L * t[11]; + t[ 4] += (sword128)0x21cf5b5529eec34L * t[12]; + t[ 5] += (sword128)0x0f635c8e9c2ab70L * t[12]; + t[ 6] += (sword128)0x2d944a725bf7a4cL * t[12]; + t[ 7] += (sword128)0x20cd77058eec490L * t[12]; t[ 8] = 0; /* Propagate carries */ c = t[ 0] >> 56; t[ 1] += c; t[ 0] = t[ 0] & 0xffffffffffffff; @@ -620,19 +619,19 @@ void sc448_reduce(uint8_t* b) c = t[ 5] >> 56; t[ 6] += c; t[ 5] = t[ 5] & 0xffffffffffffff; c = t[ 6] >> 56; t[ 7] += c; t[ 6] = t[ 6] & 0xffffffffffffff; c = t[ 7] >> 56; t[ 8] += c; t[ 7] = t[ 7] & 0xffffffffffffff; - t[ 0] += (int128_t)0x21cf5b5529eec34L * t[ 8]; - t[ 1] += (int128_t)0x0f635c8e9c2ab70L * t[ 8]; - t[ 2] += (int128_t)0x2d944a725bf7a4cL * t[ 8]; - t[ 3] += (int128_t)0x20cd77058eec490L * t[ 8]; + t[ 0] += (sword128)0x21cf5b5529eec34L * t[ 8]; + t[ 1] += (sword128)0x0f635c8e9c2ab70L * t[ 8]; + t[ 2] += (sword128)0x2d944a725bf7a4cL * t[ 8]; + t[ 3] += (sword128)0x20cd77058eec490L * t[ 8]; /* Propagate carries */ - c = t[ 0] >> 56; t[ 1] += c; d[ 0] = (int64_t)(t[ 0] & 0xffffffffffffff); - c = t[ 1] >> 56; t[ 2] += c; d[ 1] = (int64_t)(t[ 1] & 0xffffffffffffff); - c = t[ 2] >> 56; t[ 3] += c; d[ 2] = (int64_t)(t[ 2] & 0xffffffffffffff); - c = t[ 3] >> 56; t[ 4] += c; d[ 3] = (int64_t)(t[ 3] & 0xffffffffffffff); - c = t[ 4] >> 56; t[ 5] += c; d[ 4] = (int64_t)(t[ 4] & 0xffffffffffffff); - c = t[ 5] >> 56; t[ 6] += c; d[ 5] = (int64_t)(t[ 5] & 0xffffffffffffff); - c = t[ 6] >> 56; t[ 7] += c; d[ 6] = (int64_t)(t[ 6] & 0xffffffffffffff); - d[ 7] = (uint64_t)t[7]; + c = t[ 0] >> 56; t[ 1] += c; d[ 0] = (sword64)(t[ 0] & 0xffffffffffffff); + c = t[ 1] >> 56; t[ 2] += c; d[ 1] = (sword64)(t[ 1] & 0xffffffffffffff); + c = t[ 2] >> 56; t[ 3] += c; d[ 2] = (sword64)(t[ 2] & 0xffffffffffffff); + c = t[ 3] >> 56; t[ 4] += c; d[ 3] = (sword64)(t[ 3] & 0xffffffffffffff); + c = t[ 4] >> 56; t[ 5] += c; d[ 4] = (sword64)(t[ 4] & 0xffffffffffffff); + c = t[ 5] >> 56; t[ 6] += c; d[ 5] = (sword64)(t[ 5] & 0xffffffffffffff); + c = t[ 6] >> 56; t[ 7] += c; d[ 6] = (sword64)(t[ 6] & 0xffffffffffffff); + d[ 7] = (word64)t[7]; /* Mod bits over 56 in last word */ o = d[7] >> 54; d[ 7] &= 0x3fffffffffffff; d[ 0] += 0x873d6d54a7bb0dL * o; @@ -715,251 +714,250 @@ void sc448_reduce(uint8_t* b) * b [in] Scalar to multiply. * d [in] Scalar to add to multiplicative result. */ -void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, - const uint8_t* d) +void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) { - uint64_t ad[8], bd[8], dd[8], rd[8]; - uint128_t t[16]; - uint128_t c; - uint64_t o; + word64 ad[8], bd[8], dd[8], rd[8]; + word128 t[16]; + word128 c; + word64 o; /* Load from bytes */ - ad[ 0] = ((int64_t) (a[ 0]) << 0) - | ((int64_t) (a[ 1]) << 8) - | ((int64_t) (a[ 2]) << 16) - | ((int64_t) (a[ 3]) << 24) - | ((int64_t) (a[ 4]) << 32) - | ((int64_t) (a[ 5]) << 40) - | ((int64_t) (a[ 6]) << 48); - ad[ 1] = ((int64_t) (a[ 7]) << 0) - | ((int64_t) (a[ 8]) << 8) - | ((int64_t) (a[ 9]) << 16) - | ((int64_t) (a[10]) << 24) - | ((int64_t) (a[11]) << 32) - | ((int64_t) (a[12]) << 40) - | ((int64_t) (a[13]) << 48); - ad[ 2] = ((int64_t) (a[14]) << 0) - | ((int64_t) (a[15]) << 8) - | ((int64_t) (a[16]) << 16) - | ((int64_t) (a[17]) << 24) - | ((int64_t) (a[18]) << 32) - | ((int64_t) (a[19]) << 40) - | ((int64_t) (a[20]) << 48); - ad[ 3] = ((int64_t) (a[21]) << 0) - | ((int64_t) (a[22]) << 8) - | ((int64_t) (a[23]) << 16) - | ((int64_t) (a[24]) << 24) - | ((int64_t) (a[25]) << 32) - | ((int64_t) (a[26]) << 40) - | ((int64_t) (a[27]) << 48); - ad[ 4] = ((int64_t) (a[28]) << 0) - | ((int64_t) (a[29]) << 8) - | ((int64_t) (a[30]) << 16) - | ((int64_t) (a[31]) << 24) - | ((int64_t) (a[32]) << 32) - | ((int64_t) (a[33]) << 40) - | ((int64_t) (a[34]) << 48); - ad[ 5] = ((int64_t) (a[35]) << 0) - | ((int64_t) (a[36]) << 8) - | ((int64_t) (a[37]) << 16) - | ((int64_t) (a[38]) << 24) - | ((int64_t) (a[39]) << 32) - | ((int64_t) (a[40]) << 40) - | ((int64_t) (a[41]) << 48); - ad[ 6] = ((int64_t) (a[42]) << 0) - | ((int64_t) (a[43]) << 8) - | ((int64_t) (a[44]) << 16) - | ((int64_t) (a[45]) << 24) - | ((int64_t) (a[46]) << 32) - | ((int64_t) (a[47]) << 40) - | ((int64_t) (a[48]) << 48); - ad[ 7] = ((int64_t) (a[49]) << 0) - | ((int64_t) (a[50]) << 8) - | ((int64_t) (a[51]) << 16) - | ((int64_t) (a[52]) << 24) - | ((int64_t) (a[53]) << 32) - | ((int64_t) (a[54]) << 40) - | ((int64_t) (a[55]) << 48); + ad[ 0] = ((sword64) (a[ 0]) << 0) + | ((sword64) (a[ 1]) << 8) + | ((sword64) (a[ 2]) << 16) + | ((sword64) (a[ 3]) << 24) + | ((sword64) (a[ 4]) << 32) + | ((sword64) (a[ 5]) << 40) + | ((sword64) (a[ 6]) << 48); + ad[ 1] = ((sword64) (a[ 7]) << 0) + | ((sword64) (a[ 8]) << 8) + | ((sword64) (a[ 9]) << 16) + | ((sword64) (a[10]) << 24) + | ((sword64) (a[11]) << 32) + | ((sword64) (a[12]) << 40) + | ((sword64) (a[13]) << 48); + ad[ 2] = ((sword64) (a[14]) << 0) + | ((sword64) (a[15]) << 8) + | ((sword64) (a[16]) << 16) + | ((sword64) (a[17]) << 24) + | ((sword64) (a[18]) << 32) + | ((sword64) (a[19]) << 40) + | ((sword64) (a[20]) << 48); + ad[ 3] = ((sword64) (a[21]) << 0) + | ((sword64) (a[22]) << 8) + | ((sword64) (a[23]) << 16) + | ((sword64) (a[24]) << 24) + | ((sword64) (a[25]) << 32) + | ((sword64) (a[26]) << 40) + | ((sword64) (a[27]) << 48); + ad[ 4] = ((sword64) (a[28]) << 0) + | ((sword64) (a[29]) << 8) + | ((sword64) (a[30]) << 16) + | ((sword64) (a[31]) << 24) + | ((sword64) (a[32]) << 32) + | ((sword64) (a[33]) << 40) + | ((sword64) (a[34]) << 48); + ad[ 5] = ((sword64) (a[35]) << 0) + | ((sword64) (a[36]) << 8) + | ((sword64) (a[37]) << 16) + | ((sword64) (a[38]) << 24) + | ((sword64) (a[39]) << 32) + | ((sword64) (a[40]) << 40) + | ((sword64) (a[41]) << 48); + ad[ 6] = ((sword64) (a[42]) << 0) + | ((sword64) (a[43]) << 8) + | ((sword64) (a[44]) << 16) + | ((sword64) (a[45]) << 24) + | ((sword64) (a[46]) << 32) + | ((sword64) (a[47]) << 40) + | ((sword64) (a[48]) << 48); + ad[ 7] = ((sword64) (a[49]) << 0) + | ((sword64) (a[50]) << 8) + | ((sword64) (a[51]) << 16) + | ((sword64) (a[52]) << 24) + | ((sword64) (a[53]) << 32) + | ((sword64) (a[54]) << 40) + | ((sword64) (a[55]) << 48); /* Load from bytes */ - bd[ 0] = ((int64_t) (b[ 0]) << 0) - | ((int64_t) (b[ 1]) << 8) - | ((int64_t) (b[ 2]) << 16) - | ((int64_t) (b[ 3]) << 24) - | ((int64_t) (b[ 4]) << 32) - | ((int64_t) (b[ 5]) << 40) - | ((int64_t) (b[ 6]) << 48); - bd[ 1] = ((int64_t) (b[ 7]) << 0) - | ((int64_t) (b[ 8]) << 8) - | ((int64_t) (b[ 9]) << 16) - | ((int64_t) (b[10]) << 24) - | ((int64_t) (b[11]) << 32) - | ((int64_t) (b[12]) << 40) - | ((int64_t) (b[13]) << 48); - bd[ 2] = ((int64_t) (b[14]) << 0) - | ((int64_t) (b[15]) << 8) - | ((int64_t) (b[16]) << 16) - | ((int64_t) (b[17]) << 24) - | ((int64_t) (b[18]) << 32) - | ((int64_t) (b[19]) << 40) - | ((int64_t) (b[20]) << 48); - bd[ 3] = ((int64_t) (b[21]) << 0) - | ((int64_t) (b[22]) << 8) - | ((int64_t) (b[23]) << 16) - | ((int64_t) (b[24]) << 24) - | ((int64_t) (b[25]) << 32) - | ((int64_t) (b[26]) << 40) - | ((int64_t) (b[27]) << 48); - bd[ 4] = ((int64_t) (b[28]) << 0) - | ((int64_t) (b[29]) << 8) - | ((int64_t) (b[30]) << 16) - | ((int64_t) (b[31]) << 24) - | ((int64_t) (b[32]) << 32) - | ((int64_t) (b[33]) << 40) - | ((int64_t) (b[34]) << 48); - bd[ 5] = ((int64_t) (b[35]) << 0) - | ((int64_t) (b[36]) << 8) - | ((int64_t) (b[37]) << 16) - | ((int64_t) (b[38]) << 24) - | ((int64_t) (b[39]) << 32) - | ((int64_t) (b[40]) << 40) - | ((int64_t) (b[41]) << 48); - bd[ 6] = ((int64_t) (b[42]) << 0) - | ((int64_t) (b[43]) << 8) - | ((int64_t) (b[44]) << 16) - | ((int64_t) (b[45]) << 24) - | ((int64_t) (b[46]) << 32) - | ((int64_t) (b[47]) << 40) - | ((int64_t) (b[48]) << 48); - bd[ 7] = ((int64_t) (b[49]) << 0) - | ((int64_t) (b[50]) << 8) - | ((int64_t) (b[51]) << 16) - | ((int64_t) (b[52]) << 24) - | ((int64_t) (b[53]) << 32) - | ((int64_t) (b[54]) << 40) - | ((int64_t) (b[55]) << 48); + bd[ 0] = ((sword64) (b[ 0]) << 0) + | ((sword64) (b[ 1]) << 8) + | ((sword64) (b[ 2]) << 16) + | ((sword64) (b[ 3]) << 24) + | ((sword64) (b[ 4]) << 32) + | ((sword64) (b[ 5]) << 40) + | ((sword64) (b[ 6]) << 48); + bd[ 1] = ((sword64) (b[ 7]) << 0) + | ((sword64) (b[ 8]) << 8) + | ((sword64) (b[ 9]) << 16) + | ((sword64) (b[10]) << 24) + | ((sword64) (b[11]) << 32) + | ((sword64) (b[12]) << 40) + | ((sword64) (b[13]) << 48); + bd[ 2] = ((sword64) (b[14]) << 0) + | ((sword64) (b[15]) << 8) + | ((sword64) (b[16]) << 16) + | ((sword64) (b[17]) << 24) + | ((sword64) (b[18]) << 32) + | ((sword64) (b[19]) << 40) + | ((sword64) (b[20]) << 48); + bd[ 3] = ((sword64) (b[21]) << 0) + | ((sword64) (b[22]) << 8) + | ((sword64) (b[23]) << 16) + | ((sword64) (b[24]) << 24) + | ((sword64) (b[25]) << 32) + | ((sword64) (b[26]) << 40) + | ((sword64) (b[27]) << 48); + bd[ 4] = ((sword64) (b[28]) << 0) + | ((sword64) (b[29]) << 8) + | ((sword64) (b[30]) << 16) + | ((sword64) (b[31]) << 24) + | ((sword64) (b[32]) << 32) + | ((sword64) (b[33]) << 40) + | ((sword64) (b[34]) << 48); + bd[ 5] = ((sword64) (b[35]) << 0) + | ((sword64) (b[36]) << 8) + | ((sword64) (b[37]) << 16) + | ((sword64) (b[38]) << 24) + | ((sword64) (b[39]) << 32) + | ((sword64) (b[40]) << 40) + | ((sword64) (b[41]) << 48); + bd[ 6] = ((sword64) (b[42]) << 0) + | ((sword64) (b[43]) << 8) + | ((sword64) (b[44]) << 16) + | ((sword64) (b[45]) << 24) + | ((sword64) (b[46]) << 32) + | ((sword64) (b[47]) << 40) + | ((sword64) (b[48]) << 48); + bd[ 7] = ((sword64) (b[49]) << 0) + | ((sword64) (b[50]) << 8) + | ((sword64) (b[51]) << 16) + | ((sword64) (b[52]) << 24) + | ((sword64) (b[53]) << 32) + | ((sword64) (b[54]) << 40) + | ((sword64) (b[55]) << 48); /* Load from bytes */ - dd[ 0] = ((int64_t) (d[ 0]) << 0) - | ((int64_t) (d[ 1]) << 8) - | ((int64_t) (d[ 2]) << 16) - | ((int64_t) (d[ 3]) << 24) - | ((int64_t) (d[ 4]) << 32) - | ((int64_t) (d[ 5]) << 40) - | ((int64_t) (d[ 6]) << 48); - dd[ 1] = ((int64_t) (d[ 7]) << 0) - | ((int64_t) (d[ 8]) << 8) - | ((int64_t) (d[ 9]) << 16) - | ((int64_t) (d[10]) << 24) - | ((int64_t) (d[11]) << 32) - | ((int64_t) (d[12]) << 40) - | ((int64_t) (d[13]) << 48); - dd[ 2] = ((int64_t) (d[14]) << 0) - | ((int64_t) (d[15]) << 8) - | ((int64_t) (d[16]) << 16) - | ((int64_t) (d[17]) << 24) - | ((int64_t) (d[18]) << 32) - | ((int64_t) (d[19]) << 40) - | ((int64_t) (d[20]) << 48); - dd[ 3] = ((int64_t) (d[21]) << 0) - | ((int64_t) (d[22]) << 8) - | ((int64_t) (d[23]) << 16) - | ((int64_t) (d[24]) << 24) - | ((int64_t) (d[25]) << 32) - | ((int64_t) (d[26]) << 40) - | ((int64_t) (d[27]) << 48); - dd[ 4] = ((int64_t) (d[28]) << 0) - | ((int64_t) (d[29]) << 8) - | ((int64_t) (d[30]) << 16) - | ((int64_t) (d[31]) << 24) - | ((int64_t) (d[32]) << 32) - | ((int64_t) (d[33]) << 40) - | ((int64_t) (d[34]) << 48); - dd[ 5] = ((int64_t) (d[35]) << 0) - | ((int64_t) (d[36]) << 8) - | ((int64_t) (d[37]) << 16) - | ((int64_t) (d[38]) << 24) - | ((int64_t) (d[39]) << 32) - | ((int64_t) (d[40]) << 40) - | ((int64_t) (d[41]) << 48); - dd[ 6] = ((int64_t) (d[42]) << 0) - | ((int64_t) (d[43]) << 8) - | ((int64_t) (d[44]) << 16) - | ((int64_t) (d[45]) << 24) - | ((int64_t) (d[46]) << 32) - | ((int64_t) (d[47]) << 40) - | ((int64_t) (d[48]) << 48); - dd[ 7] = ((int64_t) (d[49]) << 0) - | ((int64_t) (d[50]) << 8) - | ((int64_t) (d[51]) << 16) - | ((int64_t) (d[52]) << 24) - | ((int64_t) (d[53]) << 32) - | ((int64_t) (d[54]) << 40) - | ((int64_t) (d[55]) << 48); + dd[ 0] = ((sword64) (d[ 0]) << 0) + | ((sword64) (d[ 1]) << 8) + | ((sword64) (d[ 2]) << 16) + | ((sword64) (d[ 3]) << 24) + | ((sword64) (d[ 4]) << 32) + | ((sword64) (d[ 5]) << 40) + | ((sword64) (d[ 6]) << 48); + dd[ 1] = ((sword64) (d[ 7]) << 0) + | ((sword64) (d[ 8]) << 8) + | ((sword64) (d[ 9]) << 16) + | ((sword64) (d[10]) << 24) + | ((sword64) (d[11]) << 32) + | ((sword64) (d[12]) << 40) + | ((sword64) (d[13]) << 48); + dd[ 2] = ((sword64) (d[14]) << 0) + | ((sword64) (d[15]) << 8) + | ((sword64) (d[16]) << 16) + | ((sword64) (d[17]) << 24) + | ((sword64) (d[18]) << 32) + | ((sword64) (d[19]) << 40) + | ((sword64) (d[20]) << 48); + dd[ 3] = ((sword64) (d[21]) << 0) + | ((sword64) (d[22]) << 8) + | ((sword64) (d[23]) << 16) + | ((sword64) (d[24]) << 24) + | ((sword64) (d[25]) << 32) + | ((sword64) (d[26]) << 40) + | ((sword64) (d[27]) << 48); + dd[ 4] = ((sword64) (d[28]) << 0) + | ((sword64) (d[29]) << 8) + | ((sword64) (d[30]) << 16) + | ((sword64) (d[31]) << 24) + | ((sword64) (d[32]) << 32) + | ((sword64) (d[33]) << 40) + | ((sword64) (d[34]) << 48); + dd[ 5] = ((sword64) (d[35]) << 0) + | ((sword64) (d[36]) << 8) + | ((sword64) (d[37]) << 16) + | ((sword64) (d[38]) << 24) + | ((sword64) (d[39]) << 32) + | ((sword64) (d[40]) << 40) + | ((sword64) (d[41]) << 48); + dd[ 6] = ((sword64) (d[42]) << 0) + | ((sword64) (d[43]) << 8) + | ((sword64) (d[44]) << 16) + | ((sword64) (d[45]) << 24) + | ((sword64) (d[46]) << 32) + | ((sword64) (d[47]) << 40) + | ((sword64) (d[48]) << 48); + dd[ 7] = ((sword64) (d[49]) << 0) + | ((sword64) (d[50]) << 8) + | ((sword64) (d[51]) << 16) + | ((sword64) (d[52]) << 24) + | ((sword64) (d[53]) << 32) + | ((sword64) (d[54]) << 40) + | ((sword64) (d[55]) << 48); /* a * b + d */ - t[ 0] = dd[ 0] + (int128_t)ad[ 0] * bd[ 0]; - t[ 1] = dd[ 1] + (int128_t)ad[ 0] * bd[ 1] - + (int128_t)ad[ 1] * bd[ 0]; - t[ 2] = dd[ 2] + (int128_t)ad[ 0] * bd[ 2] - + (int128_t)ad[ 1] * bd[ 1] - + (int128_t)ad[ 2] * bd[ 0]; - t[ 3] = dd[ 3] + (int128_t)ad[ 0] * bd[ 3] - + (int128_t)ad[ 1] * bd[ 2] - + (int128_t)ad[ 2] * bd[ 1] - + (int128_t)ad[ 3] * bd[ 0]; - t[ 4] = dd[ 4] + (int128_t)ad[ 0] * bd[ 4] - + (int128_t)ad[ 1] * bd[ 3] - + (int128_t)ad[ 2] * bd[ 2] - + (int128_t)ad[ 3] * bd[ 1] - + (int128_t)ad[ 4] * bd[ 0]; - t[ 5] = dd[ 5] + (int128_t)ad[ 0] * bd[ 5] - + (int128_t)ad[ 1] * bd[ 4] - + (int128_t)ad[ 2] * bd[ 3] - + (int128_t)ad[ 3] * bd[ 2] - + (int128_t)ad[ 4] * bd[ 1] - + (int128_t)ad[ 5] * bd[ 0]; - t[ 6] = dd[ 6] + (int128_t)ad[ 0] * bd[ 6] - + (int128_t)ad[ 1] * bd[ 5] - + (int128_t)ad[ 2] * bd[ 4] - + (int128_t)ad[ 3] * bd[ 3] - + (int128_t)ad[ 4] * bd[ 2] - + (int128_t)ad[ 5] * bd[ 1] - + (int128_t)ad[ 6] * bd[ 0]; - t[ 7] = dd[ 7] + (int128_t)ad[ 0] * bd[ 7] - + (int128_t)ad[ 1] * bd[ 6] - + (int128_t)ad[ 2] * bd[ 5] - + (int128_t)ad[ 3] * bd[ 4] - + (int128_t)ad[ 4] * bd[ 3] - + (int128_t)ad[ 5] * bd[ 2] - + (int128_t)ad[ 6] * bd[ 1] - + (int128_t)ad[ 7] * bd[ 0]; - t[ 8] = (int128_t)ad[ 1] * bd[ 7] - + (int128_t)ad[ 2] * bd[ 6] - + (int128_t)ad[ 3] * bd[ 5] - + (int128_t)ad[ 4] * bd[ 4] - + (int128_t)ad[ 5] * bd[ 3] - + (int128_t)ad[ 6] * bd[ 2] - + (int128_t)ad[ 7] * bd[ 1]; - t[ 9] = (int128_t)ad[ 2] * bd[ 7] - + (int128_t)ad[ 3] * bd[ 6] - + (int128_t)ad[ 4] * bd[ 5] - + (int128_t)ad[ 5] * bd[ 4] - + (int128_t)ad[ 6] * bd[ 3] - + (int128_t)ad[ 7] * bd[ 2]; - t[10] = (int128_t)ad[ 3] * bd[ 7] - + (int128_t)ad[ 4] * bd[ 6] - + (int128_t)ad[ 5] * bd[ 5] - + (int128_t)ad[ 6] * bd[ 4] - + (int128_t)ad[ 7] * bd[ 3]; - t[11] = (int128_t)ad[ 4] * bd[ 7] - + (int128_t)ad[ 5] * bd[ 6] - + (int128_t)ad[ 6] * bd[ 5] - + (int128_t)ad[ 7] * bd[ 4]; - t[12] = (int128_t)ad[ 5] * bd[ 7] - + (int128_t)ad[ 6] * bd[ 6] - + (int128_t)ad[ 7] * bd[ 5]; - t[13] = (int128_t)ad[ 6] * bd[ 7] - + (int128_t)ad[ 7] * bd[ 6]; - t[14] = (int128_t)ad[ 7] * bd[ 7]; + t[ 0] = dd[ 0] + (sword128)ad[ 0] * bd[ 0]; + t[ 1] = dd[ 1] + (sword128)ad[ 0] * bd[ 1] + + (sword128)ad[ 1] * bd[ 0]; + t[ 2] = dd[ 2] + (sword128)ad[ 0] * bd[ 2] + + (sword128)ad[ 1] * bd[ 1] + + (sword128)ad[ 2] * bd[ 0]; + t[ 3] = dd[ 3] + (sword128)ad[ 0] * bd[ 3] + + (sword128)ad[ 1] * bd[ 2] + + (sword128)ad[ 2] * bd[ 1] + + (sword128)ad[ 3] * bd[ 0]; + t[ 4] = dd[ 4] + (sword128)ad[ 0] * bd[ 4] + + (sword128)ad[ 1] * bd[ 3] + + (sword128)ad[ 2] * bd[ 2] + + (sword128)ad[ 3] * bd[ 1] + + (sword128)ad[ 4] * bd[ 0]; + t[ 5] = dd[ 5] + (sword128)ad[ 0] * bd[ 5] + + (sword128)ad[ 1] * bd[ 4] + + (sword128)ad[ 2] * bd[ 3] + + (sword128)ad[ 3] * bd[ 2] + + (sword128)ad[ 4] * bd[ 1] + + (sword128)ad[ 5] * bd[ 0]; + t[ 6] = dd[ 6] + (sword128)ad[ 0] * bd[ 6] + + (sword128)ad[ 1] * bd[ 5] + + (sword128)ad[ 2] * bd[ 4] + + (sword128)ad[ 3] * bd[ 3] + + (sword128)ad[ 4] * bd[ 2] + + (sword128)ad[ 5] * bd[ 1] + + (sword128)ad[ 6] * bd[ 0]; + t[ 7] = dd[ 7] + (sword128)ad[ 0] * bd[ 7] + + (sword128)ad[ 1] * bd[ 6] + + (sword128)ad[ 2] * bd[ 5] + + (sword128)ad[ 3] * bd[ 4] + + (sword128)ad[ 4] * bd[ 3] + + (sword128)ad[ 5] * bd[ 2] + + (sword128)ad[ 6] * bd[ 1] + + (sword128)ad[ 7] * bd[ 0]; + t[ 8] = (sword128)ad[ 1] * bd[ 7] + + (sword128)ad[ 2] * bd[ 6] + + (sword128)ad[ 3] * bd[ 5] + + (sword128)ad[ 4] * bd[ 4] + + (sword128)ad[ 5] * bd[ 3] + + (sword128)ad[ 6] * bd[ 2] + + (sword128)ad[ 7] * bd[ 1]; + t[ 9] = (sword128)ad[ 2] * bd[ 7] + + (sword128)ad[ 3] * bd[ 6] + + (sword128)ad[ 4] * bd[ 5] + + (sword128)ad[ 5] * bd[ 4] + + (sword128)ad[ 6] * bd[ 3] + + (sword128)ad[ 7] * bd[ 2]; + t[10] = (sword128)ad[ 3] * bd[ 7] + + (sword128)ad[ 4] * bd[ 6] + + (sword128)ad[ 5] * bd[ 5] + + (sword128)ad[ 6] * bd[ 4] + + (sword128)ad[ 7] * bd[ 3]; + t[11] = (sword128)ad[ 4] * bd[ 7] + + (sword128)ad[ 5] * bd[ 6] + + (sword128)ad[ 6] * bd[ 5] + + (sword128)ad[ 7] * bd[ 4]; + t[12] = (sword128)ad[ 5] * bd[ 7] + + (sword128)ad[ 6] * bd[ 6] + + (sword128)ad[ 7] * bd[ 5]; + t[13] = (sword128)ad[ 6] * bd[ 7] + + (sword128)ad[ 7] * bd[ 6]; + t[14] = (sword128)ad[ 7] * bd[ 7]; t[15] = 0; /* Mod curve order */ @@ -981,22 +979,22 @@ void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, c = t[13] >> 56; t[14] += c; t[13] = t[13] & 0xffffffffffffff; c = t[14] >> 56; t[15] += c; t[14] = t[14] & 0xffffffffffffff; /* Mod top half of extra words */ - t[ 4] += (int128_t)0x21cf5b5529eec34L * t[12]; - t[ 5] += (int128_t)0x0f635c8e9c2ab70L * t[12]; - t[ 6] += (int128_t)0x2d944a725bf7a4cL * t[12]; - t[ 7] += (int128_t)0x20cd77058eec490L * t[12]; - t[ 5] += (int128_t)0x21cf5b5529eec34L * t[13]; - t[ 6] += (int128_t)0x0f635c8e9c2ab70L * t[13]; - t[ 7] += (int128_t)0x2d944a725bf7a4cL * t[13]; - t[ 8] += (int128_t)0x20cd77058eec490L * t[13]; - t[ 6] += (int128_t)0x21cf5b5529eec34L * t[14]; - t[ 7] += (int128_t)0x0f635c8e9c2ab70L * t[14]; - t[ 8] += (int128_t)0x2d944a725bf7a4cL * t[14]; - t[ 9] += (int128_t)0x20cd77058eec490L * t[14]; - t[ 7] += (int128_t)0x21cf5b5529eec34L * t[15]; - t[ 8] += (int128_t)0x0f635c8e9c2ab70L * t[15]; - t[ 9] += (int128_t)0x2d944a725bf7a4cL * t[15]; - t[10] += (int128_t)0x20cd77058eec490L * t[15]; + t[ 4] += (sword128)0x21cf5b5529eec34L * t[12]; + t[ 5] += (sword128)0x0f635c8e9c2ab70L * t[12]; + t[ 6] += (sword128)0x2d944a725bf7a4cL * t[12]; + t[ 7] += (sword128)0x20cd77058eec490L * t[12]; + t[ 5] += (sword128)0x21cf5b5529eec34L * t[13]; + t[ 6] += (sword128)0x0f635c8e9c2ab70L * t[13]; + t[ 7] += (sword128)0x2d944a725bf7a4cL * t[13]; + t[ 8] += (sword128)0x20cd77058eec490L * t[13]; + t[ 6] += (sword128)0x21cf5b5529eec34L * t[14]; + t[ 7] += (sword128)0x0f635c8e9c2ab70L * t[14]; + t[ 8] += (sword128)0x2d944a725bf7a4cL * t[14]; + t[ 9] += (sword128)0x20cd77058eec490L * t[14]; + t[ 7] += (sword128)0x21cf5b5529eec34L * t[15]; + t[ 8] += (sword128)0x0f635c8e9c2ab70L * t[15]; + t[ 9] += (sword128)0x2d944a725bf7a4cL * t[15]; + t[10] += (sword128)0x20cd77058eec490L * t[15]; /* Propagate carries */ c = t[ 4] >> 56; t[ 5] += c; t[ 4] = t[ 4] & 0xffffffffffffff; c = t[ 5] >> 56; t[ 6] += c; t[ 5] = t[ 5] & 0xffffffffffffff; @@ -1006,31 +1004,31 @@ void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, c = t[ 9] >> 56; t[10] += c; t[ 9] = t[ 9] & 0xffffffffffffff; c = t[10] >> 56; t[11] += c; t[10] = t[10] & 0xffffffffffffff; /* Mod bottom half of extra words */ - t[ 0] += (int128_t)0x21cf5b5529eec34L * t[ 8]; - t[ 1] += (int128_t)0x0f635c8e9c2ab70L * t[ 8]; - t[ 2] += (int128_t)0x2d944a725bf7a4cL * t[ 8]; - t[ 3] += (int128_t)0x20cd77058eec490L * t[ 8]; - t[ 1] += (int128_t)0x21cf5b5529eec34L * t[ 9]; - t[ 2] += (int128_t)0x0f635c8e9c2ab70L * t[ 9]; - t[ 3] += (int128_t)0x2d944a725bf7a4cL * t[ 9]; - t[ 4] += (int128_t)0x20cd77058eec490L * t[ 9]; - t[ 2] += (int128_t)0x21cf5b5529eec34L * t[10]; - t[ 3] += (int128_t)0x0f635c8e9c2ab70L * t[10]; - t[ 4] += (int128_t)0x2d944a725bf7a4cL * t[10]; - t[ 5] += (int128_t)0x20cd77058eec490L * t[10]; - t[ 3] += (int128_t)0x21cf5b5529eec34L * t[11]; - t[ 4] += (int128_t)0x0f635c8e9c2ab70L * t[11]; - t[ 5] += (int128_t)0x2d944a725bf7a4cL * t[11]; - t[ 6] += (int128_t)0x20cd77058eec490L * t[11]; + t[ 0] += (sword128)0x21cf5b5529eec34L * t[ 8]; + t[ 1] += (sword128)0x0f635c8e9c2ab70L * t[ 8]; + t[ 2] += (sword128)0x2d944a725bf7a4cL * t[ 8]; + t[ 3] += (sword128)0x20cd77058eec490L * t[ 8]; + t[ 1] += (sword128)0x21cf5b5529eec34L * t[ 9]; + t[ 2] += (sword128)0x0f635c8e9c2ab70L * t[ 9]; + t[ 3] += (sword128)0x2d944a725bf7a4cL * t[ 9]; + t[ 4] += (sword128)0x20cd77058eec490L * t[ 9]; + t[ 2] += (sword128)0x21cf5b5529eec34L * t[10]; + t[ 3] += (sword128)0x0f635c8e9c2ab70L * t[10]; + t[ 4] += (sword128)0x2d944a725bf7a4cL * t[10]; + t[ 5] += (sword128)0x20cd77058eec490L * t[10]; + t[ 3] += (sword128)0x21cf5b5529eec34L * t[11]; + t[ 4] += (sword128)0x0f635c8e9c2ab70L * t[11]; + t[ 5] += (sword128)0x2d944a725bf7a4cL * t[11]; + t[ 6] += (sword128)0x20cd77058eec490L * t[11]; /* Propagate carries */ - c = t[ 0] >> 56; t[ 1] += c; rd[ 0] = (int64_t)(t[ 0] & 0xffffffffffffff); - c = t[ 1] >> 56; t[ 2] += c; rd[ 1] = (int64_t)(t[ 1] & 0xffffffffffffff); - c = t[ 2] >> 56; t[ 3] += c; rd[ 2] = (int64_t)(t[ 2] & 0xffffffffffffff); - c = t[ 3] >> 56; t[ 4] += c; rd[ 3] = (int64_t)(t[ 3] & 0xffffffffffffff); - c = t[ 4] >> 56; t[ 5] += c; rd[ 4] = (int64_t)(t[ 4] & 0xffffffffffffff); - c = t[ 5] >> 56; t[ 6] += c; rd[ 5] = (int64_t)(t[ 5] & 0xffffffffffffff); - c = t[ 6] >> 56; t[ 7] += c; rd[ 6] = (int64_t)(t[ 6] & 0xffffffffffffff); - rd[ 7] = (uint64_t)t[7]; + c = t[ 0] >> 56; t[ 1] += c; rd[ 0] = (sword64)(t[ 0] & 0xffffffffffffff); + c = t[ 1] >> 56; t[ 2] += c; rd[ 1] = (sword64)(t[ 1] & 0xffffffffffffff); + c = t[ 2] >> 56; t[ 3] += c; rd[ 2] = (sword64)(t[ 2] & 0xffffffffffffff); + c = t[ 3] >> 56; t[ 4] += c; rd[ 3] = (sword64)(t[ 3] & 0xffffffffffffff); + c = t[ 4] >> 56; t[ 5] += c; rd[ 4] = (sword64)(t[ 4] & 0xffffffffffffff); + c = t[ 5] >> 56; t[ 6] += c; rd[ 5] = (sword64)(t[ 5] & 0xffffffffffffff); + c = t[ 6] >> 56; t[ 7] += c; rd[ 6] = (sword64)(t[ 6] & 0xffffffffffffff); + rd[ 7] = (word64)t[7]; /* Mod bits over 56 in last word */ o = rd[7] >> 54; rd[ 7] &= 0x3fffffffffffff; rd[ 0] += 0x873d6d54a7bb0dL * o; @@ -5075,220 +5073,220 @@ static const ge448_precomp base_i[16] = { * * b [in] Scalar to reduce. */ -void sc448_reduce(uint8_t* b) +void sc448_reduce(byte* b) { - uint32_t d[16]; - uint64_t t[33]; - uint64_t c; - uint32_t o; + word32 d[16]; + word64 t[33]; + word64 c; + word32 o; /* Load from bytes */ - t[ 0] = (((int32_t)((b[ 0] ) >> 0)) << 0) - | (((int32_t)((b[ 1] ) >> 0)) << 8) - | (((int32_t)((b[ 2] ) >> 0)) << 16) - | ((((int32_t)((b[ 3] & 0xf )) >> 0)) << 24); - t[ 1] = (((int32_t)((b[ 3] ) >> 4)) << 0) - | (((int32_t)((b[ 4] ) >> 0)) << 4) - | (((int32_t)((b[ 5] ) >> 0)) << 12) - | (((int32_t)((b[ 6] ) >> 0)) << 20); - t[ 2] = (((int32_t)((b[ 7] ) >> 0)) << 0) - | (((int32_t)((b[ 8] ) >> 0)) << 8) - | (((int32_t)((b[ 9] ) >> 0)) << 16) - | ((((int32_t)((b[10] & 0xf )) >> 0)) << 24); - t[ 3] = (((int32_t)((b[10] ) >> 4)) << 0) - | (((int32_t)((b[11] ) >> 0)) << 4) - | (((int32_t)((b[12] ) >> 0)) << 12) - | (((int32_t)((b[13] ) >> 0)) << 20); - t[ 4] = (((int32_t)((b[14] ) >> 0)) << 0) - | (((int32_t)((b[15] ) >> 0)) << 8) - | (((int32_t)((b[16] ) >> 0)) << 16) - | ((((int32_t)((b[17] & 0xf )) >> 0)) << 24); - t[ 5] = (((int32_t)((b[17] ) >> 4)) << 0) - | (((int32_t)((b[18] ) >> 0)) << 4) - | (((int32_t)((b[19] ) >> 0)) << 12) - | (((int32_t)((b[20] ) >> 0)) << 20); - t[ 6] = (((int32_t)((b[21] ) >> 0)) << 0) - | (((int32_t)((b[22] ) >> 0)) << 8) - | (((int32_t)((b[23] ) >> 0)) << 16) - | ((((int32_t)((b[24] & 0xf )) >> 0)) << 24); - t[ 7] = (((int32_t)((b[24] ) >> 4)) << 0) - | (((int32_t)((b[25] ) >> 0)) << 4) - | (((int32_t)((b[26] ) >> 0)) << 12) - | (((int32_t)((b[27] ) >> 0)) << 20); - t[ 8] = (((int32_t)((b[28] ) >> 0)) << 0) - | (((int32_t)((b[29] ) >> 0)) << 8) - | (((int32_t)((b[30] ) >> 0)) << 16) - | ((((int32_t)((b[31] & 0xf )) >> 0)) << 24); - t[ 9] = (((int32_t)((b[31] ) >> 4)) << 0) - | (((int32_t)((b[32] ) >> 0)) << 4) - | (((int32_t)((b[33] ) >> 0)) << 12) - | (((int32_t)((b[34] ) >> 0)) << 20); - t[10] = (((int32_t)((b[35] ) >> 0)) << 0) - | (((int32_t)((b[36] ) >> 0)) << 8) - | (((int32_t)((b[37] ) >> 0)) << 16) - | ((((int32_t)((b[38] & 0xf )) >> 0)) << 24); - t[11] = (((int32_t)((b[38] ) >> 4)) << 0) - | (((int32_t)((b[39] ) >> 0)) << 4) - | (((int32_t)((b[40] ) >> 0)) << 12) - | (((int32_t)((b[41] ) >> 0)) << 20); - t[12] = (((int32_t)((b[42] ) >> 0)) << 0) - | (((int32_t)((b[43] ) >> 0)) << 8) - | (((int32_t)((b[44] ) >> 0)) << 16) - | ((((int32_t)((b[45] & 0xf )) >> 0)) << 24); - t[13] = (((int32_t)((b[45] ) >> 4)) << 0) - | (((int32_t)((b[46] ) >> 0)) << 4) - | (((int32_t)((b[47] ) >> 0)) << 12) - | (((int32_t)((b[48] ) >> 0)) << 20); - t[14] = (((int32_t)((b[49] ) >> 0)) << 0) - | (((int32_t)((b[50] ) >> 0)) << 8) - | (((int32_t)((b[51] ) >> 0)) << 16) - | ((((int32_t)((b[52] & 0xf )) >> 0)) << 24); - t[15] = (((int32_t)((b[52] ) >> 4)) << 0) - | (((int32_t)((b[53] ) >> 0)) << 4) - | (((int32_t)((b[54] ) >> 0)) << 12) - | (((int32_t)((b[55] ) >> 0)) << 20); - t[16] = (((int32_t)((b[56] ) >> 0)) << 0) - | (((int32_t)((b[57] ) >> 0)) << 8) - | (((int32_t)((b[58] ) >> 0)) << 16) - | ((((int32_t)((b[59] & 0xf )) >> 0)) << 24); - t[17] = (((int32_t)((b[59] ) >> 4)) << 0) - | (((int32_t)((b[60] ) >> 0)) << 4) - | (((int32_t)((b[61] ) >> 0)) << 12) - | (((int32_t)((b[62] ) >> 0)) << 20); - t[18] = (((int32_t)((b[63] ) >> 0)) << 0) - | (((int32_t)((b[64] ) >> 0)) << 8) - | (((int32_t)((b[65] ) >> 0)) << 16) - | ((((int32_t)((b[66] & 0xf )) >> 0)) << 24); - t[19] = (((int32_t)((b[66] ) >> 4)) << 0) - | (((int32_t)((b[67] ) >> 0)) << 4) - | (((int32_t)((b[68] ) >> 0)) << 12) - | (((int32_t)((b[69] ) >> 0)) << 20); - t[20] = (((int32_t)((b[70] ) >> 0)) << 0) - | (((int32_t)((b[71] ) >> 0)) << 8) - | (((int32_t)((b[72] ) >> 0)) << 16) - | ((((int32_t)((b[73] & 0xf )) >> 0)) << 24); - t[21] = (((int32_t)((b[73] ) >> 4)) << 0) - | (((int32_t)((b[74] ) >> 0)) << 4) - | (((int32_t)((b[75] ) >> 0)) << 12) - | (((int32_t)((b[76] ) >> 0)) << 20); - t[22] = (((int32_t)((b[77] ) >> 0)) << 0) - | (((int32_t)((b[78] ) >> 0)) << 8) - | (((int32_t)((b[79] ) >> 0)) << 16) - | ((((int32_t)((b[80] & 0xf )) >> 0)) << 24); - t[23] = (((int32_t)((b[80] ) >> 4)) << 0) - | (((int32_t)((b[81] ) >> 0)) << 4) - | (((int32_t)((b[82] ) >> 0)) << 12) - | (((int32_t)((b[83] ) >> 0)) << 20); - t[24] = (((int32_t)((b[84] ) >> 0)) << 0) - | (((int32_t)((b[85] ) >> 0)) << 8) - | (((int32_t)((b[86] ) >> 0)) << 16) - | ((((int32_t)((b[87] & 0xf )) >> 0)) << 24); - t[25] = (((int32_t)((b[87] ) >> 4)) << 0) - | (((int32_t)((b[88] ) >> 0)) << 4) - | (((int32_t)((b[89] ) >> 0)) << 12) - | (((int32_t)((b[90] ) >> 0)) << 20); - t[26] = (((int32_t)((b[91] ) >> 0)) << 0) - | (((int32_t)((b[92] ) >> 0)) << 8) - | (((int32_t)((b[93] ) >> 0)) << 16) - | ((((int32_t)((b[94] & 0xf )) >> 0)) << 24); - t[27] = (((int32_t)((b[94] ) >> 4)) << 0) - | (((int32_t)((b[95] ) >> 0)) << 4) - | (((int32_t)((b[96] ) >> 0)) << 12) - | (((int32_t)((b[97] ) >> 0)) << 20); - t[28] = (((int32_t)((b[98] ) >> 0)) << 0) - | (((int32_t)((b[99] ) >> 0)) << 8) - | (((int32_t)((b[100] ) >> 0)) << 16) - | ((((int32_t)((b[101] & 0xf )) >> 0)) << 24); - t[29] = (((int32_t)((b[101] ) >> 4)) << 0) - | (((int32_t)((b[102] ) >> 0)) << 4) - | (((int32_t)((b[103] ) >> 0)) << 12) - | (((int32_t)((b[104] ) >> 0)) << 20); - t[30] = (((int32_t)((b[105] ) >> 0)) << 0) - | (((int32_t)((b[106] ) >> 0)) << 8) - | (((int32_t)((b[107] ) >> 0)) << 16) - | ((((int32_t)((b[108] & 0xf )) >> 0)) << 24); - t[31] = (((int32_t)((b[108] ) >> 4)) << 0) - | (((int32_t)((b[109] ) >> 0)) << 4) - | (((int32_t)((b[110] ) >> 0)) << 12) - | (((int32_t)((b[111] ) >> 0)) << 20); - t[32] = (((int32_t)((b[112] ) >> 0)) << 0) - | (((int32_t)((b[113] ) >> 0)) << 8); + t[ 0] = (((sword32)((b[ 0] ) >> 0)) << 0) + | (((sword32)((b[ 1] ) >> 0)) << 8) + | (((sword32)((b[ 2] ) >> 0)) << 16) + | ((((sword32)((b[ 3] & 0xf )) >> 0)) << 24); + t[ 1] = (((sword32)((b[ 3] ) >> 4)) << 0) + | (((sword32)((b[ 4] ) >> 0)) << 4) + | (((sword32)((b[ 5] ) >> 0)) << 12) + | (((sword32)((b[ 6] ) >> 0)) << 20); + t[ 2] = (((sword32)((b[ 7] ) >> 0)) << 0) + | (((sword32)((b[ 8] ) >> 0)) << 8) + | (((sword32)((b[ 9] ) >> 0)) << 16) + | ((((sword32)((b[10] & 0xf )) >> 0)) << 24); + t[ 3] = (((sword32)((b[10] ) >> 4)) << 0) + | (((sword32)((b[11] ) >> 0)) << 4) + | (((sword32)((b[12] ) >> 0)) << 12) + | (((sword32)((b[13] ) >> 0)) << 20); + t[ 4] = (((sword32)((b[14] ) >> 0)) << 0) + | (((sword32)((b[15] ) >> 0)) << 8) + | (((sword32)((b[16] ) >> 0)) << 16) + | ((((sword32)((b[17] & 0xf )) >> 0)) << 24); + t[ 5] = (((sword32)((b[17] ) >> 4)) << 0) + | (((sword32)((b[18] ) >> 0)) << 4) + | (((sword32)((b[19] ) >> 0)) << 12) + | (((sword32)((b[20] ) >> 0)) << 20); + t[ 6] = (((sword32)((b[21] ) >> 0)) << 0) + | (((sword32)((b[22] ) >> 0)) << 8) + | (((sword32)((b[23] ) >> 0)) << 16) + | ((((sword32)((b[24] & 0xf )) >> 0)) << 24); + t[ 7] = (((sword32)((b[24] ) >> 4)) << 0) + | (((sword32)((b[25] ) >> 0)) << 4) + | (((sword32)((b[26] ) >> 0)) << 12) + | (((sword32)((b[27] ) >> 0)) << 20); + t[ 8] = (((sword32)((b[28] ) >> 0)) << 0) + | (((sword32)((b[29] ) >> 0)) << 8) + | (((sword32)((b[30] ) >> 0)) << 16) + | ((((sword32)((b[31] & 0xf )) >> 0)) << 24); + t[ 9] = (((sword32)((b[31] ) >> 4)) << 0) + | (((sword32)((b[32] ) >> 0)) << 4) + | (((sword32)((b[33] ) >> 0)) << 12) + | (((sword32)((b[34] ) >> 0)) << 20); + t[10] = (((sword32)((b[35] ) >> 0)) << 0) + | (((sword32)((b[36] ) >> 0)) << 8) + | (((sword32)((b[37] ) >> 0)) << 16) + | ((((sword32)((b[38] & 0xf )) >> 0)) << 24); + t[11] = (((sword32)((b[38] ) >> 4)) << 0) + | (((sword32)((b[39] ) >> 0)) << 4) + | (((sword32)((b[40] ) >> 0)) << 12) + | (((sword32)((b[41] ) >> 0)) << 20); + t[12] = (((sword32)((b[42] ) >> 0)) << 0) + | (((sword32)((b[43] ) >> 0)) << 8) + | (((sword32)((b[44] ) >> 0)) << 16) + | ((((sword32)((b[45] & 0xf )) >> 0)) << 24); + t[13] = (((sword32)((b[45] ) >> 4)) << 0) + | (((sword32)((b[46] ) >> 0)) << 4) + | (((sword32)((b[47] ) >> 0)) << 12) + | (((sword32)((b[48] ) >> 0)) << 20); + t[14] = (((sword32)((b[49] ) >> 0)) << 0) + | (((sword32)((b[50] ) >> 0)) << 8) + | (((sword32)((b[51] ) >> 0)) << 16) + | ((((sword32)((b[52] & 0xf )) >> 0)) << 24); + t[15] = (((sword32)((b[52] ) >> 4)) << 0) + | (((sword32)((b[53] ) >> 0)) << 4) + | (((sword32)((b[54] ) >> 0)) << 12) + | (((sword32)((b[55] ) >> 0)) << 20); + t[16] = (((sword32)((b[56] ) >> 0)) << 0) + | (((sword32)((b[57] ) >> 0)) << 8) + | (((sword32)((b[58] ) >> 0)) << 16) + | ((((sword32)((b[59] & 0xf )) >> 0)) << 24); + t[17] = (((sword32)((b[59] ) >> 4)) << 0) + | (((sword32)((b[60] ) >> 0)) << 4) + | (((sword32)((b[61] ) >> 0)) << 12) + | (((sword32)((b[62] ) >> 0)) << 20); + t[18] = (((sword32)((b[63] ) >> 0)) << 0) + | (((sword32)((b[64] ) >> 0)) << 8) + | (((sword32)((b[65] ) >> 0)) << 16) + | ((((sword32)((b[66] & 0xf )) >> 0)) << 24); + t[19] = (((sword32)((b[66] ) >> 4)) << 0) + | (((sword32)((b[67] ) >> 0)) << 4) + | (((sword32)((b[68] ) >> 0)) << 12) + | (((sword32)((b[69] ) >> 0)) << 20); + t[20] = (((sword32)((b[70] ) >> 0)) << 0) + | (((sword32)((b[71] ) >> 0)) << 8) + | (((sword32)((b[72] ) >> 0)) << 16) + | ((((sword32)((b[73] & 0xf )) >> 0)) << 24); + t[21] = (((sword32)((b[73] ) >> 4)) << 0) + | (((sword32)((b[74] ) >> 0)) << 4) + | (((sword32)((b[75] ) >> 0)) << 12) + | (((sword32)((b[76] ) >> 0)) << 20); + t[22] = (((sword32)((b[77] ) >> 0)) << 0) + | (((sword32)((b[78] ) >> 0)) << 8) + | (((sword32)((b[79] ) >> 0)) << 16) + | ((((sword32)((b[80] & 0xf )) >> 0)) << 24); + t[23] = (((sword32)((b[80] ) >> 4)) << 0) + | (((sword32)((b[81] ) >> 0)) << 4) + | (((sword32)((b[82] ) >> 0)) << 12) + | (((sword32)((b[83] ) >> 0)) << 20); + t[24] = (((sword32)((b[84] ) >> 0)) << 0) + | (((sword32)((b[85] ) >> 0)) << 8) + | (((sword32)((b[86] ) >> 0)) << 16) + | ((((sword32)((b[87] & 0xf )) >> 0)) << 24); + t[25] = (((sword32)((b[87] ) >> 4)) << 0) + | (((sword32)((b[88] ) >> 0)) << 4) + | (((sword32)((b[89] ) >> 0)) << 12) + | (((sword32)((b[90] ) >> 0)) << 20); + t[26] = (((sword32)((b[91] ) >> 0)) << 0) + | (((sword32)((b[92] ) >> 0)) << 8) + | (((sword32)((b[93] ) >> 0)) << 16) + | ((((sword32)((b[94] & 0xf )) >> 0)) << 24); + t[27] = (((sword32)((b[94] ) >> 4)) << 0) + | (((sword32)((b[95] ) >> 0)) << 4) + | (((sword32)((b[96] ) >> 0)) << 12) + | (((sword32)((b[97] ) >> 0)) << 20); + t[28] = (((sword32)((b[98] ) >> 0)) << 0) + | (((sword32)((b[99] ) >> 0)) << 8) + | (((sword32)((b[100] ) >> 0)) << 16) + | ((((sword32)((b[101] & 0xf )) >> 0)) << 24); + t[29] = (((sword32)((b[101] ) >> 4)) << 0) + | (((sword32)((b[102] ) >> 0)) << 4) + | (((sword32)((b[103] ) >> 0)) << 12) + | (((sword32)((b[104] ) >> 0)) << 20); + t[30] = (((sword32)((b[105] ) >> 0)) << 0) + | (((sword32)((b[106] ) >> 0)) << 8) + | (((sword32)((b[107] ) >> 0)) << 16) + | ((((sword32)((b[108] & 0xf )) >> 0)) << 24); + t[31] = (((sword32)((b[108] ) >> 4)) << 0) + | (((sword32)((b[109] ) >> 0)) << 4) + | (((sword32)((b[110] ) >> 0)) << 12) + | (((sword32)((b[111] ) >> 0)) << 20); + t[32] = (((sword32)((b[112] ) >> 0)) << 0) + | (((sword32)((b[113] ) >> 0)) << 8); /* Mod curve order */ /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */ /* Mod top half of extra words */ - t[ 8] += (int64_t)0x129eec34 * t[24]; - t[ 9] += (int64_t)0x21cf5b54 * t[24]; - t[10] += (int64_t)0x29c2ab70 * t[24]; - t[11] += (int64_t)0x0f635c8c * t[24]; - t[12] += (int64_t)0x25bf7a4c * t[24]; - t[13] += (int64_t)0x2d944a70 * t[24]; - t[14] += (int64_t)0x18eec490 * t[24]; - t[15] += (int64_t)0x20cd7704 * t[24]; - t[ 9] += (int64_t)0x129eec34 * t[25]; - t[10] += (int64_t)0x21cf5b54 * t[25]; - t[11] += (int64_t)0x29c2ab70 * t[25]; - t[12] += (int64_t)0x0f635c8c * t[25]; - t[13] += (int64_t)0x25bf7a4c * t[25]; - t[14] += (int64_t)0x2d944a70 * t[25]; - t[15] += (int64_t)0x18eec490 * t[25]; - t[16] += (int64_t)0x20cd7704 * t[25]; - t[10] += (int64_t)0x129eec34 * t[26]; - t[11] += (int64_t)0x21cf5b54 * t[26]; - t[12] += (int64_t)0x29c2ab70 * t[26]; - t[13] += (int64_t)0x0f635c8c * t[26]; - t[14] += (int64_t)0x25bf7a4c * t[26]; - t[15] += (int64_t)0x2d944a70 * t[26]; - t[16] += (int64_t)0x18eec490 * t[26]; - t[17] += (int64_t)0x20cd7704 * t[26]; - t[11] += (int64_t)0x129eec34 * t[27]; - t[12] += (int64_t)0x21cf5b54 * t[27]; - t[13] += (int64_t)0x29c2ab70 * t[27]; - t[14] += (int64_t)0x0f635c8c * t[27]; - t[15] += (int64_t)0x25bf7a4c * t[27]; - t[16] += (int64_t)0x2d944a70 * t[27]; - t[17] += (int64_t)0x18eec490 * t[27]; - t[18] += (int64_t)0x20cd7704 * t[27]; - t[12] += (int64_t)0x129eec34 * t[28]; - t[13] += (int64_t)0x21cf5b54 * t[28]; - t[14] += (int64_t)0x29c2ab70 * t[28]; - t[15] += (int64_t)0x0f635c8c * t[28]; - t[16] += (int64_t)0x25bf7a4c * t[28]; - t[17] += (int64_t)0x2d944a70 * t[28]; - t[18] += (int64_t)0x18eec490 * t[28]; - t[19] += (int64_t)0x20cd7704 * t[28]; - t[13] += (int64_t)0x129eec34 * t[29]; - t[14] += (int64_t)0x21cf5b54 * t[29]; - t[15] += (int64_t)0x29c2ab70 * t[29]; - t[16] += (int64_t)0x0f635c8c * t[29]; - t[17] += (int64_t)0x25bf7a4c * t[29]; - t[18] += (int64_t)0x2d944a70 * t[29]; - t[19] += (int64_t)0x18eec490 * t[29]; - t[20] += (int64_t)0x20cd7704 * t[29]; - t[14] += (int64_t)0x129eec34 * t[30]; - t[15] += (int64_t)0x21cf5b54 * t[30]; - t[16] += (int64_t)0x29c2ab70 * t[30]; - t[17] += (int64_t)0x0f635c8c * t[30]; - t[18] += (int64_t)0x25bf7a4c * t[30]; - t[19] += (int64_t)0x2d944a70 * t[30]; - t[20] += (int64_t)0x18eec490 * t[30]; - t[21] += (int64_t)0x20cd7704 * t[30]; - t[15] += (int64_t)0x129eec34 * t[31]; - t[16] += (int64_t)0x21cf5b54 * t[31]; - t[17] += (int64_t)0x29c2ab70 * t[31]; - t[18] += (int64_t)0x0f635c8c * t[31]; - t[19] += (int64_t)0x25bf7a4c * t[31]; - t[20] += (int64_t)0x2d944a70 * t[31]; - t[21] += (int64_t)0x18eec490 * t[31]; - t[22] += (int64_t)0x20cd7704 * t[31]; - t[16] += (int64_t)0x129eec34 * t[32]; - t[17] += (int64_t)0x21cf5b54 * t[32]; - t[18] += (int64_t)0x29c2ab70 * t[32]; - t[19] += (int64_t)0x0f635c8c * t[32]; - t[20] += (int64_t)0x25bf7a4c * t[32]; - t[21] += (int64_t)0x2d944a70 * t[32]; - t[22] += (int64_t)0x18eec490 * t[32]; - t[23] += (int64_t)0x20cd7704 * t[32]; + t[ 8] += (sword64)0x129eec34 * t[24]; + t[ 9] += (sword64)0x21cf5b54 * t[24]; + t[10] += (sword64)0x29c2ab70 * t[24]; + t[11] += (sword64)0x0f635c8c * t[24]; + t[12] += (sword64)0x25bf7a4c * t[24]; + t[13] += (sword64)0x2d944a70 * t[24]; + t[14] += (sword64)0x18eec490 * t[24]; + t[15] += (sword64)0x20cd7704 * t[24]; + t[ 9] += (sword64)0x129eec34 * t[25]; + t[10] += (sword64)0x21cf5b54 * t[25]; + t[11] += (sword64)0x29c2ab70 * t[25]; + t[12] += (sword64)0x0f635c8c * t[25]; + t[13] += (sword64)0x25bf7a4c * t[25]; + t[14] += (sword64)0x2d944a70 * t[25]; + t[15] += (sword64)0x18eec490 * t[25]; + t[16] += (sword64)0x20cd7704 * t[25]; + t[10] += (sword64)0x129eec34 * t[26]; + t[11] += (sword64)0x21cf5b54 * t[26]; + t[12] += (sword64)0x29c2ab70 * t[26]; + t[13] += (sword64)0x0f635c8c * t[26]; + t[14] += (sword64)0x25bf7a4c * t[26]; + t[15] += (sword64)0x2d944a70 * t[26]; + t[16] += (sword64)0x18eec490 * t[26]; + t[17] += (sword64)0x20cd7704 * t[26]; + t[11] += (sword64)0x129eec34 * t[27]; + t[12] += (sword64)0x21cf5b54 * t[27]; + t[13] += (sword64)0x29c2ab70 * t[27]; + t[14] += (sword64)0x0f635c8c * t[27]; + t[15] += (sword64)0x25bf7a4c * t[27]; + t[16] += (sword64)0x2d944a70 * t[27]; + t[17] += (sword64)0x18eec490 * t[27]; + t[18] += (sword64)0x20cd7704 * t[27]; + t[12] += (sword64)0x129eec34 * t[28]; + t[13] += (sword64)0x21cf5b54 * t[28]; + t[14] += (sword64)0x29c2ab70 * t[28]; + t[15] += (sword64)0x0f635c8c * t[28]; + t[16] += (sword64)0x25bf7a4c * t[28]; + t[17] += (sword64)0x2d944a70 * t[28]; + t[18] += (sword64)0x18eec490 * t[28]; + t[19] += (sword64)0x20cd7704 * t[28]; + t[13] += (sword64)0x129eec34 * t[29]; + t[14] += (sword64)0x21cf5b54 * t[29]; + t[15] += (sword64)0x29c2ab70 * t[29]; + t[16] += (sword64)0x0f635c8c * t[29]; + t[17] += (sword64)0x25bf7a4c * t[29]; + t[18] += (sword64)0x2d944a70 * t[29]; + t[19] += (sword64)0x18eec490 * t[29]; + t[20] += (sword64)0x20cd7704 * t[29]; + t[14] += (sword64)0x129eec34 * t[30]; + t[15] += (sword64)0x21cf5b54 * t[30]; + t[16] += (sword64)0x29c2ab70 * t[30]; + t[17] += (sword64)0x0f635c8c * t[30]; + t[18] += (sword64)0x25bf7a4c * t[30]; + t[19] += (sword64)0x2d944a70 * t[30]; + t[20] += (sword64)0x18eec490 * t[30]; + t[21] += (sword64)0x20cd7704 * t[30]; + t[15] += (sword64)0x129eec34 * t[31]; + t[16] += (sword64)0x21cf5b54 * t[31]; + t[17] += (sword64)0x29c2ab70 * t[31]; + t[18] += (sword64)0x0f635c8c * t[31]; + t[19] += (sword64)0x25bf7a4c * t[31]; + t[20] += (sword64)0x2d944a70 * t[31]; + t[21] += (sword64)0x18eec490 * t[31]; + t[22] += (sword64)0x20cd7704 * t[31]; + t[16] += (sword64)0x129eec34 * t[32]; + t[17] += (sword64)0x21cf5b54 * t[32]; + t[18] += (sword64)0x29c2ab70 * t[32]; + t[19] += (sword64)0x0f635c8c * t[32]; + t[20] += (sword64)0x25bf7a4c * t[32]; + t[21] += (sword64)0x2d944a70 * t[32]; + t[22] += (sword64)0x18eec490 * t[32]; + t[23] += (sword64)0x20cd7704 * t[32]; t[24] = 0; /* Propagate carries */ c = t[ 8] >> 28; t[ 9] += c; t[ 8] = t[ 8] & 0xfffffff; @@ -5308,78 +5306,78 @@ void sc448_reduce(uint8_t* b) c = t[22] >> 28; t[23] += c; t[22] = t[22] & 0xfffffff; c = t[23] >> 28; t[24] += c; t[23] = t[23] & 0xfffffff; /* Mod bottom half of extra words */ - t[ 0] += (int64_t)0x129eec34 * t[16]; - t[ 1] += (int64_t)0x21cf5b54 * t[16]; - t[ 2] += (int64_t)0x29c2ab70 * t[16]; - t[ 3] += (int64_t)0x0f635c8c * t[16]; - t[ 4] += (int64_t)0x25bf7a4c * t[16]; - t[ 5] += (int64_t)0x2d944a70 * t[16]; - t[ 6] += (int64_t)0x18eec490 * t[16]; - t[ 7] += (int64_t)0x20cd7704 * t[16]; - t[ 1] += (int64_t)0x129eec34 * t[17]; - t[ 2] += (int64_t)0x21cf5b54 * t[17]; - t[ 3] += (int64_t)0x29c2ab70 * t[17]; - t[ 4] += (int64_t)0x0f635c8c * t[17]; - t[ 5] += (int64_t)0x25bf7a4c * t[17]; - t[ 6] += (int64_t)0x2d944a70 * t[17]; - t[ 7] += (int64_t)0x18eec490 * t[17]; - t[ 8] += (int64_t)0x20cd7704 * t[17]; - t[ 2] += (int64_t)0x129eec34 * t[18]; - t[ 3] += (int64_t)0x21cf5b54 * t[18]; - t[ 4] += (int64_t)0x29c2ab70 * t[18]; - t[ 5] += (int64_t)0x0f635c8c * t[18]; - t[ 6] += (int64_t)0x25bf7a4c * t[18]; - t[ 7] += (int64_t)0x2d944a70 * t[18]; - t[ 8] += (int64_t)0x18eec490 * t[18]; - t[ 9] += (int64_t)0x20cd7704 * t[18]; - t[ 3] += (int64_t)0x129eec34 * t[19]; - t[ 4] += (int64_t)0x21cf5b54 * t[19]; - t[ 5] += (int64_t)0x29c2ab70 * t[19]; - t[ 6] += (int64_t)0x0f635c8c * t[19]; - t[ 7] += (int64_t)0x25bf7a4c * t[19]; - t[ 8] += (int64_t)0x2d944a70 * t[19]; - t[ 9] += (int64_t)0x18eec490 * t[19]; - t[10] += (int64_t)0x20cd7704 * t[19]; - t[ 4] += (int64_t)0x129eec34 * t[20]; - t[ 5] += (int64_t)0x21cf5b54 * t[20]; - t[ 6] += (int64_t)0x29c2ab70 * t[20]; - t[ 7] += (int64_t)0x0f635c8c * t[20]; - t[ 8] += (int64_t)0x25bf7a4c * t[20]; - t[ 9] += (int64_t)0x2d944a70 * t[20]; - t[10] += (int64_t)0x18eec490 * t[20]; - t[11] += (int64_t)0x20cd7704 * t[20]; - t[ 5] += (int64_t)0x129eec34 * t[21]; - t[ 6] += (int64_t)0x21cf5b54 * t[21]; - t[ 7] += (int64_t)0x29c2ab70 * t[21]; - t[ 8] += (int64_t)0x0f635c8c * t[21]; - t[ 9] += (int64_t)0x25bf7a4c * t[21]; - t[10] += (int64_t)0x2d944a70 * t[21]; - t[11] += (int64_t)0x18eec490 * t[21]; - t[12] += (int64_t)0x20cd7704 * t[21]; - t[ 6] += (int64_t)0x129eec34 * t[22]; - t[ 7] += (int64_t)0x21cf5b54 * t[22]; - t[ 8] += (int64_t)0x29c2ab70 * t[22]; - t[ 9] += (int64_t)0x0f635c8c * t[22]; - t[10] += (int64_t)0x25bf7a4c * t[22]; - t[11] += (int64_t)0x2d944a70 * t[22]; - t[12] += (int64_t)0x18eec490 * t[22]; - t[13] += (int64_t)0x20cd7704 * t[22]; - t[ 7] += (int64_t)0x129eec34 * t[23]; - t[ 8] += (int64_t)0x21cf5b54 * t[23]; - t[ 9] += (int64_t)0x29c2ab70 * t[23]; - t[10] += (int64_t)0x0f635c8c * t[23]; - t[11] += (int64_t)0x25bf7a4c * t[23]; - t[12] += (int64_t)0x2d944a70 * t[23]; - t[13] += (int64_t)0x18eec490 * t[23]; - t[14] += (int64_t)0x20cd7704 * t[23]; - t[ 8] += (int64_t)0x129eec34 * t[24]; - t[ 9] += (int64_t)0x21cf5b54 * t[24]; - t[10] += (int64_t)0x29c2ab70 * t[24]; - t[11] += (int64_t)0x0f635c8c * t[24]; - t[12] += (int64_t)0x25bf7a4c * t[24]; - t[13] += (int64_t)0x2d944a70 * t[24]; - t[14] += (int64_t)0x18eec490 * t[24]; - t[15] += (int64_t)0x20cd7704 * t[24]; + t[ 0] += (sword64)0x129eec34 * t[16]; + t[ 1] += (sword64)0x21cf5b54 * t[16]; + t[ 2] += (sword64)0x29c2ab70 * t[16]; + t[ 3] += (sword64)0x0f635c8c * t[16]; + t[ 4] += (sword64)0x25bf7a4c * t[16]; + t[ 5] += (sword64)0x2d944a70 * t[16]; + t[ 6] += (sword64)0x18eec490 * t[16]; + t[ 7] += (sword64)0x20cd7704 * t[16]; + t[ 1] += (sword64)0x129eec34 * t[17]; + t[ 2] += (sword64)0x21cf5b54 * t[17]; + t[ 3] += (sword64)0x29c2ab70 * t[17]; + t[ 4] += (sword64)0x0f635c8c * t[17]; + t[ 5] += (sword64)0x25bf7a4c * t[17]; + t[ 6] += (sword64)0x2d944a70 * t[17]; + t[ 7] += (sword64)0x18eec490 * t[17]; + t[ 8] += (sword64)0x20cd7704 * t[17]; + t[ 2] += (sword64)0x129eec34 * t[18]; + t[ 3] += (sword64)0x21cf5b54 * t[18]; + t[ 4] += (sword64)0x29c2ab70 * t[18]; + t[ 5] += (sword64)0x0f635c8c * t[18]; + t[ 6] += (sword64)0x25bf7a4c * t[18]; + t[ 7] += (sword64)0x2d944a70 * t[18]; + t[ 8] += (sword64)0x18eec490 * t[18]; + t[ 9] += (sword64)0x20cd7704 * t[18]; + t[ 3] += (sword64)0x129eec34 * t[19]; + t[ 4] += (sword64)0x21cf5b54 * t[19]; + t[ 5] += (sword64)0x29c2ab70 * t[19]; + t[ 6] += (sword64)0x0f635c8c * t[19]; + t[ 7] += (sword64)0x25bf7a4c * t[19]; + t[ 8] += (sword64)0x2d944a70 * t[19]; + t[ 9] += (sword64)0x18eec490 * t[19]; + t[10] += (sword64)0x20cd7704 * t[19]; + t[ 4] += (sword64)0x129eec34 * t[20]; + t[ 5] += (sword64)0x21cf5b54 * t[20]; + t[ 6] += (sword64)0x29c2ab70 * t[20]; + t[ 7] += (sword64)0x0f635c8c * t[20]; + t[ 8] += (sword64)0x25bf7a4c * t[20]; + t[ 9] += (sword64)0x2d944a70 * t[20]; + t[10] += (sword64)0x18eec490 * t[20]; + t[11] += (sword64)0x20cd7704 * t[20]; + t[ 5] += (sword64)0x129eec34 * t[21]; + t[ 6] += (sword64)0x21cf5b54 * t[21]; + t[ 7] += (sword64)0x29c2ab70 * t[21]; + t[ 8] += (sword64)0x0f635c8c * t[21]; + t[ 9] += (sword64)0x25bf7a4c * t[21]; + t[10] += (sword64)0x2d944a70 * t[21]; + t[11] += (sword64)0x18eec490 * t[21]; + t[12] += (sword64)0x20cd7704 * t[21]; + t[ 6] += (sword64)0x129eec34 * t[22]; + t[ 7] += (sword64)0x21cf5b54 * t[22]; + t[ 8] += (sword64)0x29c2ab70 * t[22]; + t[ 9] += (sword64)0x0f635c8c * t[22]; + t[10] += (sword64)0x25bf7a4c * t[22]; + t[11] += (sword64)0x2d944a70 * t[22]; + t[12] += (sword64)0x18eec490 * t[22]; + t[13] += (sword64)0x20cd7704 * t[22]; + t[ 7] += (sword64)0x129eec34 * t[23]; + t[ 8] += (sword64)0x21cf5b54 * t[23]; + t[ 9] += (sword64)0x29c2ab70 * t[23]; + t[10] += (sword64)0x0f635c8c * t[23]; + t[11] += (sword64)0x25bf7a4c * t[23]; + t[12] += (sword64)0x2d944a70 * t[23]; + t[13] += (sword64)0x18eec490 * t[23]; + t[14] += (sword64)0x20cd7704 * t[23]; + t[ 8] += (sword64)0x129eec34 * t[24]; + t[ 9] += (sword64)0x21cf5b54 * t[24]; + t[10] += (sword64)0x29c2ab70 * t[24]; + t[11] += (sword64)0x0f635c8c * t[24]; + t[12] += (sword64)0x25bf7a4c * t[24]; + t[13] += (sword64)0x2d944a70 * t[24]; + t[14] += (sword64)0x18eec490 * t[24]; + t[15] += (sword64)0x20cd7704 * t[24]; t[16] = 0; /* Propagate carries */ c = t[ 0] >> 28; t[ 1] += c; t[ 0] = t[ 0] & 0xfffffff; @@ -5398,31 +5396,31 @@ void sc448_reduce(uint8_t* b) c = t[13] >> 28; t[14] += c; t[13] = t[13] & 0xfffffff; c = t[14] >> 28; t[15] += c; t[14] = t[14] & 0xfffffff; c = t[15] >> 28; t[16] += c; t[15] = t[15] & 0xfffffff; - t[ 0] += (int64_t)0x129eec34 * t[16]; - t[ 1] += (int64_t)0x21cf5b54 * t[16]; - t[ 2] += (int64_t)0x29c2ab70 * t[16]; - t[ 3] += (int64_t)0x0f635c8c * t[16]; - t[ 4] += (int64_t)0x25bf7a4c * t[16]; - t[ 5] += (int64_t)0x2d944a70 * t[16]; - t[ 6] += (int64_t)0x18eec490 * t[16]; - t[ 7] += (int64_t)0x20cd7704 * t[16]; + t[ 0] += (sword64)0x129eec34 * t[16]; + t[ 1] += (sword64)0x21cf5b54 * t[16]; + t[ 2] += (sword64)0x29c2ab70 * t[16]; + t[ 3] += (sword64)0x0f635c8c * t[16]; + t[ 4] += (sword64)0x25bf7a4c * t[16]; + t[ 5] += (sword64)0x2d944a70 * t[16]; + t[ 6] += (sword64)0x18eec490 * t[16]; + t[ 7] += (sword64)0x20cd7704 * t[16]; /* Propagate carries */ - c = t[ 0] >> 28; t[ 1] += c; d[ 0] = (int32_t)(t[ 0] & 0xfffffff); - c = t[ 1] >> 28; t[ 2] += c; d[ 1] = (int32_t)(t[ 1] & 0xfffffff); - c = t[ 2] >> 28; t[ 3] += c; d[ 2] = (int32_t)(t[ 2] & 0xfffffff); - c = t[ 3] >> 28; t[ 4] += c; d[ 3] = (int32_t)(t[ 3] & 0xfffffff); - c = t[ 4] >> 28; t[ 5] += c; d[ 4] = (int32_t)(t[ 4] & 0xfffffff); - c = t[ 5] >> 28; t[ 6] += c; d[ 5] = (int32_t)(t[ 5] & 0xfffffff); - c = t[ 6] >> 28; t[ 7] += c; d[ 6] = (int32_t)(t[ 6] & 0xfffffff); - c = t[ 7] >> 28; t[ 8] += c; d[ 7] = (int32_t)(t[ 7] & 0xfffffff); - c = t[ 8] >> 28; t[ 9] += c; d[ 8] = (int32_t)(t[ 8] & 0xfffffff); - c = t[ 9] >> 28; t[10] += c; d[ 9] = (int32_t)(t[ 9] & 0xfffffff); - c = t[10] >> 28; t[11] += c; d[10] = (int32_t)(t[10] & 0xfffffff); - c = t[11] >> 28; t[12] += c; d[11] = (int32_t)(t[11] & 0xfffffff); - c = t[12] >> 28; t[13] += c; d[12] = (int32_t)(t[12] & 0xfffffff); - c = t[13] >> 28; t[14] += c; d[13] = (int32_t)(t[13] & 0xfffffff); - c = t[14] >> 28; t[15] += c; d[14] = (int32_t)(t[14] & 0xfffffff); - d[15] = (uint32_t)t[15]; + c = t[ 0] >> 28; t[ 1] += c; d[ 0] = (sword32)(t[ 0] & 0xfffffff); + c = t[ 1] >> 28; t[ 2] += c; d[ 1] = (sword32)(t[ 1] & 0xfffffff); + c = t[ 2] >> 28; t[ 3] += c; d[ 2] = (sword32)(t[ 2] & 0xfffffff); + c = t[ 3] >> 28; t[ 4] += c; d[ 3] = (sword32)(t[ 3] & 0xfffffff); + c = t[ 4] >> 28; t[ 5] += c; d[ 4] = (sword32)(t[ 4] & 0xfffffff); + c = t[ 5] >> 28; t[ 6] += c; d[ 5] = (sword32)(t[ 5] & 0xfffffff); + c = t[ 6] >> 28; t[ 7] += c; d[ 6] = (sword32)(t[ 6] & 0xfffffff); + c = t[ 7] >> 28; t[ 8] += c; d[ 7] = (sword32)(t[ 7] & 0xfffffff); + c = t[ 8] >> 28; t[ 9] += c; d[ 8] = (sword32)(t[ 8] & 0xfffffff); + c = t[ 9] >> 28; t[10] += c; d[ 9] = (sword32)(t[ 9] & 0xfffffff); + c = t[10] >> 28; t[11] += c; d[10] = (sword32)(t[10] & 0xfffffff); + c = t[11] >> 28; t[12] += c; d[11] = (sword32)(t[11] & 0xfffffff); + c = t[12] >> 28; t[13] += c; d[12] = (sword32)(t[12] & 0xfffffff); + c = t[13] >> 28; t[14] += c; d[13] = (sword32)(t[13] & 0xfffffff); + c = t[14] >> 28; t[15] += c; d[14] = (sword32)(t[14] & 0xfffffff); + d[15] = (word32)t[15]; /* Mod bits over 28 in last word */ o = d[15] >> 26; d[15] &= 0x3ffffff; d[ 0] += 0x4a7bb0d * o; @@ -5517,467 +5515,466 @@ void sc448_reduce(uint8_t* b) * b [in] Scalar to multiply. * d [in] Scalar to add to multiplicative result. */ -void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, - const uint8_t* d) +void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) { - uint32_t ad[16], bd[16], dd[16], rd[16]; - uint64_t t[32]; - uint64_t c; - uint32_t o; + word32 ad[16], bd[16], dd[16], rd[16]; + word64 t[32]; + word64 c; + word32 o; /* Load from bytes */ - ad[ 0] = (((int32_t)((a[ 0] ) >> 0)) << 0) - | (((int32_t)((a[ 1] ) >> 0)) << 8) - | (((int32_t)((a[ 2] ) >> 0)) << 16) - | ((((int32_t)((a[ 3] & 0xf )) >> 0)) << 24); - ad[ 1] = (((int32_t)((a[ 3] ) >> 4)) << 0) - | (((int32_t)((a[ 4] ) >> 0)) << 4) - | (((int32_t)((a[ 5] ) >> 0)) << 12) - | (((int32_t)((a[ 6] ) >> 0)) << 20); - ad[ 2] = (((int32_t)((a[ 7] ) >> 0)) << 0) - | (((int32_t)((a[ 8] ) >> 0)) << 8) - | (((int32_t)((a[ 9] ) >> 0)) << 16) - | ((((int32_t)((a[10] & 0xf )) >> 0)) << 24); - ad[ 3] = (((int32_t)((a[10] ) >> 4)) << 0) - | (((int32_t)((a[11] ) >> 0)) << 4) - | (((int32_t)((a[12] ) >> 0)) << 12) - | (((int32_t)((a[13] ) >> 0)) << 20); - ad[ 4] = (((int32_t)((a[14] ) >> 0)) << 0) - | (((int32_t)((a[15] ) >> 0)) << 8) - | (((int32_t)((a[16] ) >> 0)) << 16) - | ((((int32_t)((a[17] & 0xf )) >> 0)) << 24); - ad[ 5] = (((int32_t)((a[17] ) >> 4)) << 0) - | (((int32_t)((a[18] ) >> 0)) << 4) - | (((int32_t)((a[19] ) >> 0)) << 12) - | (((int32_t)((a[20] ) >> 0)) << 20); - ad[ 6] = (((int32_t)((a[21] ) >> 0)) << 0) - | (((int32_t)((a[22] ) >> 0)) << 8) - | (((int32_t)((a[23] ) >> 0)) << 16) - | ((((int32_t)((a[24] & 0xf )) >> 0)) << 24); - ad[ 7] = (((int32_t)((a[24] ) >> 4)) << 0) - | (((int32_t)((a[25] ) >> 0)) << 4) - | (((int32_t)((a[26] ) >> 0)) << 12) - | (((int32_t)((a[27] ) >> 0)) << 20); - ad[ 8] = (((int32_t)((a[28] ) >> 0)) << 0) - | (((int32_t)((a[29] ) >> 0)) << 8) - | (((int32_t)((a[30] ) >> 0)) << 16) - | ((((int32_t)((a[31] & 0xf )) >> 0)) << 24); - ad[ 9] = (((int32_t)((a[31] ) >> 4)) << 0) - | (((int32_t)((a[32] ) >> 0)) << 4) - | (((int32_t)((a[33] ) >> 0)) << 12) - | (((int32_t)((a[34] ) >> 0)) << 20); - ad[10] = (((int32_t)((a[35] ) >> 0)) << 0) - | (((int32_t)((a[36] ) >> 0)) << 8) - | (((int32_t)((a[37] ) >> 0)) << 16) - | ((((int32_t)((a[38] & 0xf )) >> 0)) << 24); - ad[11] = (((int32_t)((a[38] ) >> 4)) << 0) - | (((int32_t)((a[39] ) >> 0)) << 4) - | (((int32_t)((a[40] ) >> 0)) << 12) - | (((int32_t)((a[41] ) >> 0)) << 20); - ad[12] = (((int32_t)((a[42] ) >> 0)) << 0) - | (((int32_t)((a[43] ) >> 0)) << 8) - | (((int32_t)((a[44] ) >> 0)) << 16) - | ((((int32_t)((a[45] & 0xf )) >> 0)) << 24); - ad[13] = (((int32_t)((a[45] ) >> 4)) << 0) - | (((int32_t)((a[46] ) >> 0)) << 4) - | (((int32_t)((a[47] ) >> 0)) << 12) - | (((int32_t)((a[48] ) >> 0)) << 20); - ad[14] = (((int32_t)((a[49] ) >> 0)) << 0) - | (((int32_t)((a[50] ) >> 0)) << 8) - | (((int32_t)((a[51] ) >> 0)) << 16) - | ((((int32_t)((a[52] & 0xf )) >> 0)) << 24); - ad[15] = (((int32_t)((a[52] ) >> 4)) << 0) - | (((int32_t)((a[53] ) >> 0)) << 4) - | (((int32_t)((a[54] ) >> 0)) << 12) - | (((int32_t)((a[55] ) >> 0)) << 20); + ad[ 0] = (((sword32)((a[ 0] ) >> 0)) << 0) + | (((sword32)((a[ 1] ) >> 0)) << 8) + | (((sword32)((a[ 2] ) >> 0)) << 16) + | ((((sword32)((a[ 3] & 0xf )) >> 0)) << 24); + ad[ 1] = (((sword32)((a[ 3] ) >> 4)) << 0) + | (((sword32)((a[ 4] ) >> 0)) << 4) + | (((sword32)((a[ 5] ) >> 0)) << 12) + | (((sword32)((a[ 6] ) >> 0)) << 20); + ad[ 2] = (((sword32)((a[ 7] ) >> 0)) << 0) + | (((sword32)((a[ 8] ) >> 0)) << 8) + | (((sword32)((a[ 9] ) >> 0)) << 16) + | ((((sword32)((a[10] & 0xf )) >> 0)) << 24); + ad[ 3] = (((sword32)((a[10] ) >> 4)) << 0) + | (((sword32)((a[11] ) >> 0)) << 4) + | (((sword32)((a[12] ) >> 0)) << 12) + | (((sword32)((a[13] ) >> 0)) << 20); + ad[ 4] = (((sword32)((a[14] ) >> 0)) << 0) + | (((sword32)((a[15] ) >> 0)) << 8) + | (((sword32)((a[16] ) >> 0)) << 16) + | ((((sword32)((a[17] & 0xf )) >> 0)) << 24); + ad[ 5] = (((sword32)((a[17] ) >> 4)) << 0) + | (((sword32)((a[18] ) >> 0)) << 4) + | (((sword32)((a[19] ) >> 0)) << 12) + | (((sword32)((a[20] ) >> 0)) << 20); + ad[ 6] = (((sword32)((a[21] ) >> 0)) << 0) + | (((sword32)((a[22] ) >> 0)) << 8) + | (((sword32)((a[23] ) >> 0)) << 16) + | ((((sword32)((a[24] & 0xf )) >> 0)) << 24); + ad[ 7] = (((sword32)((a[24] ) >> 4)) << 0) + | (((sword32)((a[25] ) >> 0)) << 4) + | (((sword32)((a[26] ) >> 0)) << 12) + | (((sword32)((a[27] ) >> 0)) << 20); + ad[ 8] = (((sword32)((a[28] ) >> 0)) << 0) + | (((sword32)((a[29] ) >> 0)) << 8) + | (((sword32)((a[30] ) >> 0)) << 16) + | ((((sword32)((a[31] & 0xf )) >> 0)) << 24); + ad[ 9] = (((sword32)((a[31] ) >> 4)) << 0) + | (((sword32)((a[32] ) >> 0)) << 4) + | (((sword32)((a[33] ) >> 0)) << 12) + | (((sword32)((a[34] ) >> 0)) << 20); + ad[10] = (((sword32)((a[35] ) >> 0)) << 0) + | (((sword32)((a[36] ) >> 0)) << 8) + | (((sword32)((a[37] ) >> 0)) << 16) + | ((((sword32)((a[38] & 0xf )) >> 0)) << 24); + ad[11] = (((sword32)((a[38] ) >> 4)) << 0) + | (((sword32)((a[39] ) >> 0)) << 4) + | (((sword32)((a[40] ) >> 0)) << 12) + | (((sword32)((a[41] ) >> 0)) << 20); + ad[12] = (((sword32)((a[42] ) >> 0)) << 0) + | (((sword32)((a[43] ) >> 0)) << 8) + | (((sword32)((a[44] ) >> 0)) << 16) + | ((((sword32)((a[45] & 0xf )) >> 0)) << 24); + ad[13] = (((sword32)((a[45] ) >> 4)) << 0) + | (((sword32)((a[46] ) >> 0)) << 4) + | (((sword32)((a[47] ) >> 0)) << 12) + | (((sword32)((a[48] ) >> 0)) << 20); + ad[14] = (((sword32)((a[49] ) >> 0)) << 0) + | (((sword32)((a[50] ) >> 0)) << 8) + | (((sword32)((a[51] ) >> 0)) << 16) + | ((((sword32)((a[52] & 0xf )) >> 0)) << 24); + ad[15] = (((sword32)((a[52] ) >> 4)) << 0) + | (((sword32)((a[53] ) >> 0)) << 4) + | (((sword32)((a[54] ) >> 0)) << 12) + | (((sword32)((a[55] ) >> 0)) << 20); /* Load from bytes */ - bd[ 0] = (((int32_t)((b[ 0] ) >> 0)) << 0) - | (((int32_t)((b[ 1] ) >> 0)) << 8) - | (((int32_t)((b[ 2] ) >> 0)) << 16) - | ((((int32_t)((b[ 3] & 0xf )) >> 0)) << 24); - bd[ 1] = (((int32_t)((b[ 3] ) >> 4)) << 0) - | (((int32_t)((b[ 4] ) >> 0)) << 4) - | (((int32_t)((b[ 5] ) >> 0)) << 12) - | (((int32_t)((b[ 6] ) >> 0)) << 20); - bd[ 2] = (((int32_t)((b[ 7] ) >> 0)) << 0) - | (((int32_t)((b[ 8] ) >> 0)) << 8) - | (((int32_t)((b[ 9] ) >> 0)) << 16) - | ((((int32_t)((b[10] & 0xf )) >> 0)) << 24); - bd[ 3] = (((int32_t)((b[10] ) >> 4)) << 0) - | (((int32_t)((b[11] ) >> 0)) << 4) - | (((int32_t)((b[12] ) >> 0)) << 12) - | (((int32_t)((b[13] ) >> 0)) << 20); - bd[ 4] = (((int32_t)((b[14] ) >> 0)) << 0) - | (((int32_t)((b[15] ) >> 0)) << 8) - | (((int32_t)((b[16] ) >> 0)) << 16) - | ((((int32_t)((b[17] & 0xf )) >> 0)) << 24); - bd[ 5] = (((int32_t)((b[17] ) >> 4)) << 0) - | (((int32_t)((b[18] ) >> 0)) << 4) - | (((int32_t)((b[19] ) >> 0)) << 12) - | (((int32_t)((b[20] ) >> 0)) << 20); - bd[ 6] = (((int32_t)((b[21] ) >> 0)) << 0) - | (((int32_t)((b[22] ) >> 0)) << 8) - | (((int32_t)((b[23] ) >> 0)) << 16) - | ((((int32_t)((b[24] & 0xf )) >> 0)) << 24); - bd[ 7] = (((int32_t)((b[24] ) >> 4)) << 0) - | (((int32_t)((b[25] ) >> 0)) << 4) - | (((int32_t)((b[26] ) >> 0)) << 12) - | (((int32_t)((b[27] ) >> 0)) << 20); - bd[ 8] = (((int32_t)((b[28] ) >> 0)) << 0) - | (((int32_t)((b[29] ) >> 0)) << 8) - | (((int32_t)((b[30] ) >> 0)) << 16) - | ((((int32_t)((b[31] & 0xf )) >> 0)) << 24); - bd[ 9] = (((int32_t)((b[31] ) >> 4)) << 0) - | (((int32_t)((b[32] ) >> 0)) << 4) - | (((int32_t)((b[33] ) >> 0)) << 12) - | (((int32_t)((b[34] ) >> 0)) << 20); - bd[10] = (((int32_t)((b[35] ) >> 0)) << 0) - | (((int32_t)((b[36] ) >> 0)) << 8) - | (((int32_t)((b[37] ) >> 0)) << 16) - | ((((int32_t)((b[38] & 0xf )) >> 0)) << 24); - bd[11] = (((int32_t)((b[38] ) >> 4)) << 0) - | (((int32_t)((b[39] ) >> 0)) << 4) - | (((int32_t)((b[40] ) >> 0)) << 12) - | (((int32_t)((b[41] ) >> 0)) << 20); - bd[12] = (((int32_t)((b[42] ) >> 0)) << 0) - | (((int32_t)((b[43] ) >> 0)) << 8) - | (((int32_t)((b[44] ) >> 0)) << 16) - | ((((int32_t)((b[45] & 0xf )) >> 0)) << 24); - bd[13] = (((int32_t)((b[45] ) >> 4)) << 0) - | (((int32_t)((b[46] ) >> 0)) << 4) - | (((int32_t)((b[47] ) >> 0)) << 12) - | (((int32_t)((b[48] ) >> 0)) << 20); - bd[14] = (((int32_t)((b[49] ) >> 0)) << 0) - | (((int32_t)((b[50] ) >> 0)) << 8) - | (((int32_t)((b[51] ) >> 0)) << 16) - | ((((int32_t)((b[52] & 0xf )) >> 0)) << 24); - bd[15] = (((int32_t)((b[52] ) >> 4)) << 0) - | (((int32_t)((b[53] ) >> 0)) << 4) - | (((int32_t)((b[54] ) >> 0)) << 12) - | (((int32_t)((b[55] ) >> 0)) << 20); + bd[ 0] = (((sword32)((b[ 0] ) >> 0)) << 0) + | (((sword32)((b[ 1] ) >> 0)) << 8) + | (((sword32)((b[ 2] ) >> 0)) << 16) + | ((((sword32)((b[ 3] & 0xf )) >> 0)) << 24); + bd[ 1] = (((sword32)((b[ 3] ) >> 4)) << 0) + | (((sword32)((b[ 4] ) >> 0)) << 4) + | (((sword32)((b[ 5] ) >> 0)) << 12) + | (((sword32)((b[ 6] ) >> 0)) << 20); + bd[ 2] = (((sword32)((b[ 7] ) >> 0)) << 0) + | (((sword32)((b[ 8] ) >> 0)) << 8) + | (((sword32)((b[ 9] ) >> 0)) << 16) + | ((((sword32)((b[10] & 0xf )) >> 0)) << 24); + bd[ 3] = (((sword32)((b[10] ) >> 4)) << 0) + | (((sword32)((b[11] ) >> 0)) << 4) + | (((sword32)((b[12] ) >> 0)) << 12) + | (((sword32)((b[13] ) >> 0)) << 20); + bd[ 4] = (((sword32)((b[14] ) >> 0)) << 0) + | (((sword32)((b[15] ) >> 0)) << 8) + | (((sword32)((b[16] ) >> 0)) << 16) + | ((((sword32)((b[17] & 0xf )) >> 0)) << 24); + bd[ 5] = (((sword32)((b[17] ) >> 4)) << 0) + | (((sword32)((b[18] ) >> 0)) << 4) + | (((sword32)((b[19] ) >> 0)) << 12) + | (((sword32)((b[20] ) >> 0)) << 20); + bd[ 6] = (((sword32)((b[21] ) >> 0)) << 0) + | (((sword32)((b[22] ) >> 0)) << 8) + | (((sword32)((b[23] ) >> 0)) << 16) + | ((((sword32)((b[24] & 0xf )) >> 0)) << 24); + bd[ 7] = (((sword32)((b[24] ) >> 4)) << 0) + | (((sword32)((b[25] ) >> 0)) << 4) + | (((sword32)((b[26] ) >> 0)) << 12) + | (((sword32)((b[27] ) >> 0)) << 20); + bd[ 8] = (((sword32)((b[28] ) >> 0)) << 0) + | (((sword32)((b[29] ) >> 0)) << 8) + | (((sword32)((b[30] ) >> 0)) << 16) + | ((((sword32)((b[31] & 0xf )) >> 0)) << 24); + bd[ 9] = (((sword32)((b[31] ) >> 4)) << 0) + | (((sword32)((b[32] ) >> 0)) << 4) + | (((sword32)((b[33] ) >> 0)) << 12) + | (((sword32)((b[34] ) >> 0)) << 20); + bd[10] = (((sword32)((b[35] ) >> 0)) << 0) + | (((sword32)((b[36] ) >> 0)) << 8) + | (((sword32)((b[37] ) >> 0)) << 16) + | ((((sword32)((b[38] & 0xf )) >> 0)) << 24); + bd[11] = (((sword32)((b[38] ) >> 4)) << 0) + | (((sword32)((b[39] ) >> 0)) << 4) + | (((sword32)((b[40] ) >> 0)) << 12) + | (((sword32)((b[41] ) >> 0)) << 20); + bd[12] = (((sword32)((b[42] ) >> 0)) << 0) + | (((sword32)((b[43] ) >> 0)) << 8) + | (((sword32)((b[44] ) >> 0)) << 16) + | ((((sword32)((b[45] & 0xf )) >> 0)) << 24); + bd[13] = (((sword32)((b[45] ) >> 4)) << 0) + | (((sword32)((b[46] ) >> 0)) << 4) + | (((sword32)((b[47] ) >> 0)) << 12) + | (((sword32)((b[48] ) >> 0)) << 20); + bd[14] = (((sword32)((b[49] ) >> 0)) << 0) + | (((sword32)((b[50] ) >> 0)) << 8) + | (((sword32)((b[51] ) >> 0)) << 16) + | ((((sword32)((b[52] & 0xf )) >> 0)) << 24); + bd[15] = (((sword32)((b[52] ) >> 4)) << 0) + | (((sword32)((b[53] ) >> 0)) << 4) + | (((sword32)((b[54] ) >> 0)) << 12) + | (((sword32)((b[55] ) >> 0)) << 20); /* Load from bytes */ - dd[ 0] = (((int32_t)((d[ 0] ) >> 0)) << 0) - | (((int32_t)((d[ 1] ) >> 0)) << 8) - | (((int32_t)((d[ 2] ) >> 0)) << 16) - | ((((int32_t)((d[ 3] & 0xf )) >> 0)) << 24); - dd[ 1] = (((int32_t)((d[ 3] ) >> 4)) << 0) - | (((int32_t)((d[ 4] ) >> 0)) << 4) - | (((int32_t)((d[ 5] ) >> 0)) << 12) - | (((int32_t)((d[ 6] ) >> 0)) << 20); - dd[ 2] = (((int32_t)((d[ 7] ) >> 0)) << 0) - | (((int32_t)((d[ 8] ) >> 0)) << 8) - | (((int32_t)((d[ 9] ) >> 0)) << 16) - | ((((int32_t)((d[10] & 0xf )) >> 0)) << 24); - dd[ 3] = (((int32_t)((d[10] ) >> 4)) << 0) - | (((int32_t)((d[11] ) >> 0)) << 4) - | (((int32_t)((d[12] ) >> 0)) << 12) - | (((int32_t)((d[13] ) >> 0)) << 20); - dd[ 4] = (((int32_t)((d[14] ) >> 0)) << 0) - | (((int32_t)((d[15] ) >> 0)) << 8) - | (((int32_t)((d[16] ) >> 0)) << 16) - | ((((int32_t)((d[17] & 0xf )) >> 0)) << 24); - dd[ 5] = (((int32_t)((d[17] ) >> 4)) << 0) - | (((int32_t)((d[18] ) >> 0)) << 4) - | (((int32_t)((d[19] ) >> 0)) << 12) - | (((int32_t)((d[20] ) >> 0)) << 20); - dd[ 6] = (((int32_t)((d[21] ) >> 0)) << 0) - | (((int32_t)((d[22] ) >> 0)) << 8) - | (((int32_t)((d[23] ) >> 0)) << 16) - | ((((int32_t)((d[24] & 0xf )) >> 0)) << 24); - dd[ 7] = (((int32_t)((d[24] ) >> 4)) << 0) - | (((int32_t)((d[25] ) >> 0)) << 4) - | (((int32_t)((d[26] ) >> 0)) << 12) - | (((int32_t)((d[27] ) >> 0)) << 20); - dd[ 8] = (((int32_t)((d[28] ) >> 0)) << 0) - | (((int32_t)((d[29] ) >> 0)) << 8) - | (((int32_t)((d[30] ) >> 0)) << 16) - | ((((int32_t)((d[31] & 0xf )) >> 0)) << 24); - dd[ 9] = (((int32_t)((d[31] ) >> 4)) << 0) - | (((int32_t)((d[32] ) >> 0)) << 4) - | (((int32_t)((d[33] ) >> 0)) << 12) - | (((int32_t)((d[34] ) >> 0)) << 20); - dd[10] = (((int32_t)((d[35] ) >> 0)) << 0) - | (((int32_t)((d[36] ) >> 0)) << 8) - | (((int32_t)((d[37] ) >> 0)) << 16) - | ((((int32_t)((d[38] & 0xf )) >> 0)) << 24); - dd[11] = (((int32_t)((d[38] ) >> 4)) << 0) - | (((int32_t)((d[39] ) >> 0)) << 4) - | (((int32_t)((d[40] ) >> 0)) << 12) - | (((int32_t)((d[41] ) >> 0)) << 20); - dd[12] = (((int32_t)((d[42] ) >> 0)) << 0) - | (((int32_t)((d[43] ) >> 0)) << 8) - | (((int32_t)((d[44] ) >> 0)) << 16) - | ((((int32_t)((d[45] & 0xf )) >> 0)) << 24); - dd[13] = (((int32_t)((d[45] ) >> 4)) << 0) - | (((int32_t)((d[46] ) >> 0)) << 4) - | (((int32_t)((d[47] ) >> 0)) << 12) - | (((int32_t)((d[48] ) >> 0)) << 20); - dd[14] = (((int32_t)((d[49] ) >> 0)) << 0) - | (((int32_t)((d[50] ) >> 0)) << 8) - | (((int32_t)((d[51] ) >> 0)) << 16) - | ((((int32_t)((d[52] & 0xf )) >> 0)) << 24); - dd[15] = (((int32_t)((d[52] ) >> 4)) << 0) - | (((int32_t)((d[53] ) >> 0)) << 4) - | (((int32_t)((d[54] ) >> 0)) << 12) - | (((int32_t)((d[55] ) >> 0)) << 20); + dd[ 0] = (((sword32)((d[ 0] ) >> 0)) << 0) + | (((sword32)((d[ 1] ) >> 0)) << 8) + | (((sword32)((d[ 2] ) >> 0)) << 16) + | ((((sword32)((d[ 3] & 0xf )) >> 0)) << 24); + dd[ 1] = (((sword32)((d[ 3] ) >> 4)) << 0) + | (((sword32)((d[ 4] ) >> 0)) << 4) + | (((sword32)((d[ 5] ) >> 0)) << 12) + | (((sword32)((d[ 6] ) >> 0)) << 20); + dd[ 2] = (((sword32)((d[ 7] ) >> 0)) << 0) + | (((sword32)((d[ 8] ) >> 0)) << 8) + | (((sword32)((d[ 9] ) >> 0)) << 16) + | ((((sword32)((d[10] & 0xf )) >> 0)) << 24); + dd[ 3] = (((sword32)((d[10] ) >> 4)) << 0) + | (((sword32)((d[11] ) >> 0)) << 4) + | (((sword32)((d[12] ) >> 0)) << 12) + | (((sword32)((d[13] ) >> 0)) << 20); + dd[ 4] = (((sword32)((d[14] ) >> 0)) << 0) + | (((sword32)((d[15] ) >> 0)) << 8) + | (((sword32)((d[16] ) >> 0)) << 16) + | ((((sword32)((d[17] & 0xf )) >> 0)) << 24); + dd[ 5] = (((sword32)((d[17] ) >> 4)) << 0) + | (((sword32)((d[18] ) >> 0)) << 4) + | (((sword32)((d[19] ) >> 0)) << 12) + | (((sword32)((d[20] ) >> 0)) << 20); + dd[ 6] = (((sword32)((d[21] ) >> 0)) << 0) + | (((sword32)((d[22] ) >> 0)) << 8) + | (((sword32)((d[23] ) >> 0)) << 16) + | ((((sword32)((d[24] & 0xf )) >> 0)) << 24); + dd[ 7] = (((sword32)((d[24] ) >> 4)) << 0) + | (((sword32)((d[25] ) >> 0)) << 4) + | (((sword32)((d[26] ) >> 0)) << 12) + | (((sword32)((d[27] ) >> 0)) << 20); + dd[ 8] = (((sword32)((d[28] ) >> 0)) << 0) + | (((sword32)((d[29] ) >> 0)) << 8) + | (((sword32)((d[30] ) >> 0)) << 16) + | ((((sword32)((d[31] & 0xf )) >> 0)) << 24); + dd[ 9] = (((sword32)((d[31] ) >> 4)) << 0) + | (((sword32)((d[32] ) >> 0)) << 4) + | (((sword32)((d[33] ) >> 0)) << 12) + | (((sword32)((d[34] ) >> 0)) << 20); + dd[10] = (((sword32)((d[35] ) >> 0)) << 0) + | (((sword32)((d[36] ) >> 0)) << 8) + | (((sword32)((d[37] ) >> 0)) << 16) + | ((((sword32)((d[38] & 0xf )) >> 0)) << 24); + dd[11] = (((sword32)((d[38] ) >> 4)) << 0) + | (((sword32)((d[39] ) >> 0)) << 4) + | (((sword32)((d[40] ) >> 0)) << 12) + | (((sword32)((d[41] ) >> 0)) << 20); + dd[12] = (((sword32)((d[42] ) >> 0)) << 0) + | (((sword32)((d[43] ) >> 0)) << 8) + | (((sword32)((d[44] ) >> 0)) << 16) + | ((((sword32)((d[45] & 0xf )) >> 0)) << 24); + dd[13] = (((sword32)((d[45] ) >> 4)) << 0) + | (((sword32)((d[46] ) >> 0)) << 4) + | (((sword32)((d[47] ) >> 0)) << 12) + | (((sword32)((d[48] ) >> 0)) << 20); + dd[14] = (((sword32)((d[49] ) >> 0)) << 0) + | (((sword32)((d[50] ) >> 0)) << 8) + | (((sword32)((d[51] ) >> 0)) << 16) + | ((((sword32)((d[52] & 0xf )) >> 0)) << 24); + dd[15] = (((sword32)((d[52] ) >> 4)) << 0) + | (((sword32)((d[53] ) >> 0)) << 4) + | (((sword32)((d[54] ) >> 0)) << 12) + | (((sword32)((d[55] ) >> 0)) << 20); /* a * b + d */ - t[ 0] = dd[ 0] + (int64_t)ad[ 0] * bd[ 0]; - t[ 1] = dd[ 1] + (int64_t)ad[ 0] * bd[ 1] - + (int64_t)ad[ 1] * bd[ 0]; - t[ 2] = dd[ 2] + (int64_t)ad[ 0] * bd[ 2] - + (int64_t)ad[ 1] * bd[ 1] - + (int64_t)ad[ 2] * bd[ 0]; - t[ 3] = dd[ 3] + (int64_t)ad[ 0] * bd[ 3] - + (int64_t)ad[ 1] * bd[ 2] - + (int64_t)ad[ 2] * bd[ 1] - + (int64_t)ad[ 3] * bd[ 0]; - t[ 4] = dd[ 4] + (int64_t)ad[ 0] * bd[ 4] - + (int64_t)ad[ 1] * bd[ 3] - + (int64_t)ad[ 2] * bd[ 2] - + (int64_t)ad[ 3] * bd[ 1] - + (int64_t)ad[ 4] * bd[ 0]; - t[ 5] = dd[ 5] + (int64_t)ad[ 0] * bd[ 5] - + (int64_t)ad[ 1] * bd[ 4] - + (int64_t)ad[ 2] * bd[ 3] - + (int64_t)ad[ 3] * bd[ 2] - + (int64_t)ad[ 4] * bd[ 1] - + (int64_t)ad[ 5] * bd[ 0]; - t[ 6] = dd[ 6] + (int64_t)ad[ 0] * bd[ 6] - + (int64_t)ad[ 1] * bd[ 5] - + (int64_t)ad[ 2] * bd[ 4] - + (int64_t)ad[ 3] * bd[ 3] - + (int64_t)ad[ 4] * bd[ 2] - + (int64_t)ad[ 5] * bd[ 1] - + (int64_t)ad[ 6] * bd[ 0]; - t[ 7] = dd[ 7] + (int64_t)ad[ 0] * bd[ 7] - + (int64_t)ad[ 1] * bd[ 6] - + (int64_t)ad[ 2] * bd[ 5] - + (int64_t)ad[ 3] * bd[ 4] - + (int64_t)ad[ 4] * bd[ 3] - + (int64_t)ad[ 5] * bd[ 2] - + (int64_t)ad[ 6] * bd[ 1] - + (int64_t)ad[ 7] * bd[ 0]; - t[ 8] = dd[ 8] + (int64_t)ad[ 0] * bd[ 8] - + (int64_t)ad[ 1] * bd[ 7] - + (int64_t)ad[ 2] * bd[ 6] - + (int64_t)ad[ 3] * bd[ 5] - + (int64_t)ad[ 4] * bd[ 4] - + (int64_t)ad[ 5] * bd[ 3] - + (int64_t)ad[ 6] * bd[ 2] - + (int64_t)ad[ 7] * bd[ 1] - + (int64_t)ad[ 8] * bd[ 0]; - t[ 9] = dd[ 9] + (int64_t)ad[ 0] * bd[ 9] - + (int64_t)ad[ 1] * bd[ 8] - + (int64_t)ad[ 2] * bd[ 7] - + (int64_t)ad[ 3] * bd[ 6] - + (int64_t)ad[ 4] * bd[ 5] - + (int64_t)ad[ 5] * bd[ 4] - + (int64_t)ad[ 6] * bd[ 3] - + (int64_t)ad[ 7] * bd[ 2] - + (int64_t)ad[ 8] * bd[ 1] - + (int64_t)ad[ 9] * bd[ 0]; - t[10] = dd[10] + (int64_t)ad[ 0] * bd[10] - + (int64_t)ad[ 1] * bd[ 9] - + (int64_t)ad[ 2] * bd[ 8] - + (int64_t)ad[ 3] * bd[ 7] - + (int64_t)ad[ 4] * bd[ 6] - + (int64_t)ad[ 5] * bd[ 5] - + (int64_t)ad[ 6] * bd[ 4] - + (int64_t)ad[ 7] * bd[ 3] - + (int64_t)ad[ 8] * bd[ 2] - + (int64_t)ad[ 9] * bd[ 1] - + (int64_t)ad[10] * bd[ 0]; - t[11] = dd[11] + (int64_t)ad[ 0] * bd[11] - + (int64_t)ad[ 1] * bd[10] - + (int64_t)ad[ 2] * bd[ 9] - + (int64_t)ad[ 3] * bd[ 8] - + (int64_t)ad[ 4] * bd[ 7] - + (int64_t)ad[ 5] * bd[ 6] - + (int64_t)ad[ 6] * bd[ 5] - + (int64_t)ad[ 7] * bd[ 4] - + (int64_t)ad[ 8] * bd[ 3] - + (int64_t)ad[ 9] * bd[ 2] - + (int64_t)ad[10] * bd[ 1] - + (int64_t)ad[11] * bd[ 0]; - t[12] = dd[12] + (int64_t)ad[ 0] * bd[12] - + (int64_t)ad[ 1] * bd[11] - + (int64_t)ad[ 2] * bd[10] - + (int64_t)ad[ 3] * bd[ 9] - + (int64_t)ad[ 4] * bd[ 8] - + (int64_t)ad[ 5] * bd[ 7] - + (int64_t)ad[ 6] * bd[ 6] - + (int64_t)ad[ 7] * bd[ 5] - + (int64_t)ad[ 8] * bd[ 4] - + (int64_t)ad[ 9] * bd[ 3] - + (int64_t)ad[10] * bd[ 2] - + (int64_t)ad[11] * bd[ 1] - + (int64_t)ad[12] * bd[ 0]; - t[13] = dd[13] + (int64_t)ad[ 0] * bd[13] - + (int64_t)ad[ 1] * bd[12] - + (int64_t)ad[ 2] * bd[11] - + (int64_t)ad[ 3] * bd[10] - + (int64_t)ad[ 4] * bd[ 9] - + (int64_t)ad[ 5] * bd[ 8] - + (int64_t)ad[ 6] * bd[ 7] - + (int64_t)ad[ 7] * bd[ 6] - + (int64_t)ad[ 8] * bd[ 5] - + (int64_t)ad[ 9] * bd[ 4] - + (int64_t)ad[10] * bd[ 3] - + (int64_t)ad[11] * bd[ 2] - + (int64_t)ad[12] * bd[ 1] - + (int64_t)ad[13] * bd[ 0]; - t[14] = dd[14] + (int64_t)ad[ 0] * bd[14] - + (int64_t)ad[ 1] * bd[13] - + (int64_t)ad[ 2] * bd[12] - + (int64_t)ad[ 3] * bd[11] - + (int64_t)ad[ 4] * bd[10] - + (int64_t)ad[ 5] * bd[ 9] - + (int64_t)ad[ 6] * bd[ 8] - + (int64_t)ad[ 7] * bd[ 7] - + (int64_t)ad[ 8] * bd[ 6] - + (int64_t)ad[ 9] * bd[ 5] - + (int64_t)ad[10] * bd[ 4] - + (int64_t)ad[11] * bd[ 3] - + (int64_t)ad[12] * bd[ 2] - + (int64_t)ad[13] * bd[ 1] - + (int64_t)ad[14] * bd[ 0]; - t[15] = dd[15] + (int64_t)ad[ 0] * bd[15] - + (int64_t)ad[ 1] * bd[14] - + (int64_t)ad[ 2] * bd[13] - + (int64_t)ad[ 3] * bd[12] - + (int64_t)ad[ 4] * bd[11] - + (int64_t)ad[ 5] * bd[10] - + (int64_t)ad[ 6] * bd[ 9] - + (int64_t)ad[ 7] * bd[ 8] - + (int64_t)ad[ 8] * bd[ 7] - + (int64_t)ad[ 9] * bd[ 6] - + (int64_t)ad[10] * bd[ 5] - + (int64_t)ad[11] * bd[ 4] - + (int64_t)ad[12] * bd[ 3] - + (int64_t)ad[13] * bd[ 2] - + (int64_t)ad[14] * bd[ 1] - + (int64_t)ad[15] * bd[ 0]; - t[16] = (int64_t)ad[ 1] * bd[15] - + (int64_t)ad[ 2] * bd[14] - + (int64_t)ad[ 3] * bd[13] - + (int64_t)ad[ 4] * bd[12] - + (int64_t)ad[ 5] * bd[11] - + (int64_t)ad[ 6] * bd[10] - + (int64_t)ad[ 7] * bd[ 9] - + (int64_t)ad[ 8] * bd[ 8] - + (int64_t)ad[ 9] * bd[ 7] - + (int64_t)ad[10] * bd[ 6] - + (int64_t)ad[11] * bd[ 5] - + (int64_t)ad[12] * bd[ 4] - + (int64_t)ad[13] * bd[ 3] - + (int64_t)ad[14] * bd[ 2] - + (int64_t)ad[15] * bd[ 1]; - t[17] = (int64_t)ad[ 2] * bd[15] - + (int64_t)ad[ 3] * bd[14] - + (int64_t)ad[ 4] * bd[13] - + (int64_t)ad[ 5] * bd[12] - + (int64_t)ad[ 6] * bd[11] - + (int64_t)ad[ 7] * bd[10] - + (int64_t)ad[ 8] * bd[ 9] - + (int64_t)ad[ 9] * bd[ 8] - + (int64_t)ad[10] * bd[ 7] - + (int64_t)ad[11] * bd[ 6] - + (int64_t)ad[12] * bd[ 5] - + (int64_t)ad[13] * bd[ 4] - + (int64_t)ad[14] * bd[ 3] - + (int64_t)ad[15] * bd[ 2]; - t[18] = (int64_t)ad[ 3] * bd[15] - + (int64_t)ad[ 4] * bd[14] - + (int64_t)ad[ 5] * bd[13] - + (int64_t)ad[ 6] * bd[12] - + (int64_t)ad[ 7] * bd[11] - + (int64_t)ad[ 8] * bd[10] - + (int64_t)ad[ 9] * bd[ 9] - + (int64_t)ad[10] * bd[ 8] - + (int64_t)ad[11] * bd[ 7] - + (int64_t)ad[12] * bd[ 6] - + (int64_t)ad[13] * bd[ 5] - + (int64_t)ad[14] * bd[ 4] - + (int64_t)ad[15] * bd[ 3]; - t[19] = (int64_t)ad[ 4] * bd[15] - + (int64_t)ad[ 5] * bd[14] - + (int64_t)ad[ 6] * bd[13] - + (int64_t)ad[ 7] * bd[12] - + (int64_t)ad[ 8] * bd[11] - + (int64_t)ad[ 9] * bd[10] - + (int64_t)ad[10] * bd[ 9] - + (int64_t)ad[11] * bd[ 8] - + (int64_t)ad[12] * bd[ 7] - + (int64_t)ad[13] * bd[ 6] - + (int64_t)ad[14] * bd[ 5] - + (int64_t)ad[15] * bd[ 4]; - t[20] = (int64_t)ad[ 5] * bd[15] - + (int64_t)ad[ 6] * bd[14] - + (int64_t)ad[ 7] * bd[13] - + (int64_t)ad[ 8] * bd[12] - + (int64_t)ad[ 9] * bd[11] - + (int64_t)ad[10] * bd[10] - + (int64_t)ad[11] * bd[ 9] - + (int64_t)ad[12] * bd[ 8] - + (int64_t)ad[13] * bd[ 7] - + (int64_t)ad[14] * bd[ 6] - + (int64_t)ad[15] * bd[ 5]; - t[21] = (int64_t)ad[ 6] * bd[15] - + (int64_t)ad[ 7] * bd[14] - + (int64_t)ad[ 8] * bd[13] - + (int64_t)ad[ 9] * bd[12] - + (int64_t)ad[10] * bd[11] - + (int64_t)ad[11] * bd[10] - + (int64_t)ad[12] * bd[ 9] - + (int64_t)ad[13] * bd[ 8] - + (int64_t)ad[14] * bd[ 7] - + (int64_t)ad[15] * bd[ 6]; - t[22] = (int64_t)ad[ 7] * bd[15] - + (int64_t)ad[ 8] * bd[14] - + (int64_t)ad[ 9] * bd[13] - + (int64_t)ad[10] * bd[12] - + (int64_t)ad[11] * bd[11] - + (int64_t)ad[12] * bd[10] - + (int64_t)ad[13] * bd[ 9] - + (int64_t)ad[14] * bd[ 8] - + (int64_t)ad[15] * bd[ 7]; - t[23] = (int64_t)ad[ 8] * bd[15] - + (int64_t)ad[ 9] * bd[14] - + (int64_t)ad[10] * bd[13] - + (int64_t)ad[11] * bd[12] - + (int64_t)ad[12] * bd[11] - + (int64_t)ad[13] * bd[10] - + (int64_t)ad[14] * bd[ 9] - + (int64_t)ad[15] * bd[ 8]; - t[24] = (int64_t)ad[ 9] * bd[15] - + (int64_t)ad[10] * bd[14] - + (int64_t)ad[11] * bd[13] - + (int64_t)ad[12] * bd[12] - + (int64_t)ad[13] * bd[11] - + (int64_t)ad[14] * bd[10] - + (int64_t)ad[15] * bd[ 9]; - t[25] = (int64_t)ad[10] * bd[15] - + (int64_t)ad[11] * bd[14] - + (int64_t)ad[12] * bd[13] - + (int64_t)ad[13] * bd[12] - + (int64_t)ad[14] * bd[11] - + (int64_t)ad[15] * bd[10]; - t[26] = (int64_t)ad[11] * bd[15] - + (int64_t)ad[12] * bd[14] - + (int64_t)ad[13] * bd[13] - + (int64_t)ad[14] * bd[12] - + (int64_t)ad[15] * bd[11]; - t[27] = (int64_t)ad[12] * bd[15] - + (int64_t)ad[13] * bd[14] - + (int64_t)ad[14] * bd[13] - + (int64_t)ad[15] * bd[12]; - t[28] = (int64_t)ad[13] * bd[15] - + (int64_t)ad[14] * bd[14] - + (int64_t)ad[15] * bd[13]; - t[29] = (int64_t)ad[14] * bd[15] - + (int64_t)ad[15] * bd[14]; - t[30] = (int64_t)ad[15] * bd[15]; + t[ 0] = dd[ 0] + (sword64)ad[ 0] * bd[ 0]; + t[ 1] = dd[ 1] + (sword64)ad[ 0] * bd[ 1] + + (sword64)ad[ 1] * bd[ 0]; + t[ 2] = dd[ 2] + (sword64)ad[ 0] * bd[ 2] + + (sword64)ad[ 1] * bd[ 1] + + (sword64)ad[ 2] * bd[ 0]; + t[ 3] = dd[ 3] + (sword64)ad[ 0] * bd[ 3] + + (sword64)ad[ 1] * bd[ 2] + + (sword64)ad[ 2] * bd[ 1] + + (sword64)ad[ 3] * bd[ 0]; + t[ 4] = dd[ 4] + (sword64)ad[ 0] * bd[ 4] + + (sword64)ad[ 1] * bd[ 3] + + (sword64)ad[ 2] * bd[ 2] + + (sword64)ad[ 3] * bd[ 1] + + (sword64)ad[ 4] * bd[ 0]; + t[ 5] = dd[ 5] + (sword64)ad[ 0] * bd[ 5] + + (sword64)ad[ 1] * bd[ 4] + + (sword64)ad[ 2] * bd[ 3] + + (sword64)ad[ 3] * bd[ 2] + + (sword64)ad[ 4] * bd[ 1] + + (sword64)ad[ 5] * bd[ 0]; + t[ 6] = dd[ 6] + (sword64)ad[ 0] * bd[ 6] + + (sword64)ad[ 1] * bd[ 5] + + (sword64)ad[ 2] * bd[ 4] + + (sword64)ad[ 3] * bd[ 3] + + (sword64)ad[ 4] * bd[ 2] + + (sword64)ad[ 5] * bd[ 1] + + (sword64)ad[ 6] * bd[ 0]; + t[ 7] = dd[ 7] + (sword64)ad[ 0] * bd[ 7] + + (sword64)ad[ 1] * bd[ 6] + + (sword64)ad[ 2] * bd[ 5] + + (sword64)ad[ 3] * bd[ 4] + + (sword64)ad[ 4] * bd[ 3] + + (sword64)ad[ 5] * bd[ 2] + + (sword64)ad[ 6] * bd[ 1] + + (sword64)ad[ 7] * bd[ 0]; + t[ 8] = dd[ 8] + (sword64)ad[ 0] * bd[ 8] + + (sword64)ad[ 1] * bd[ 7] + + (sword64)ad[ 2] * bd[ 6] + + (sword64)ad[ 3] * bd[ 5] + + (sword64)ad[ 4] * bd[ 4] + + (sword64)ad[ 5] * bd[ 3] + + (sword64)ad[ 6] * bd[ 2] + + (sword64)ad[ 7] * bd[ 1] + + (sword64)ad[ 8] * bd[ 0]; + t[ 9] = dd[ 9] + (sword64)ad[ 0] * bd[ 9] + + (sword64)ad[ 1] * bd[ 8] + + (sword64)ad[ 2] * bd[ 7] + + (sword64)ad[ 3] * bd[ 6] + + (sword64)ad[ 4] * bd[ 5] + + (sword64)ad[ 5] * bd[ 4] + + (sword64)ad[ 6] * bd[ 3] + + (sword64)ad[ 7] * bd[ 2] + + (sword64)ad[ 8] * bd[ 1] + + (sword64)ad[ 9] * bd[ 0]; + t[10] = dd[10] + (sword64)ad[ 0] * bd[10] + + (sword64)ad[ 1] * bd[ 9] + + (sword64)ad[ 2] * bd[ 8] + + (sword64)ad[ 3] * bd[ 7] + + (sword64)ad[ 4] * bd[ 6] + + (sword64)ad[ 5] * bd[ 5] + + (sword64)ad[ 6] * bd[ 4] + + (sword64)ad[ 7] * bd[ 3] + + (sword64)ad[ 8] * bd[ 2] + + (sword64)ad[ 9] * bd[ 1] + + (sword64)ad[10] * bd[ 0]; + t[11] = dd[11] + (sword64)ad[ 0] * bd[11] + + (sword64)ad[ 1] * bd[10] + + (sword64)ad[ 2] * bd[ 9] + + (sword64)ad[ 3] * bd[ 8] + + (sword64)ad[ 4] * bd[ 7] + + (sword64)ad[ 5] * bd[ 6] + + (sword64)ad[ 6] * bd[ 5] + + (sword64)ad[ 7] * bd[ 4] + + (sword64)ad[ 8] * bd[ 3] + + (sword64)ad[ 9] * bd[ 2] + + (sword64)ad[10] * bd[ 1] + + (sword64)ad[11] * bd[ 0]; + t[12] = dd[12] + (sword64)ad[ 0] * bd[12] + + (sword64)ad[ 1] * bd[11] + + (sword64)ad[ 2] * bd[10] + + (sword64)ad[ 3] * bd[ 9] + + (sword64)ad[ 4] * bd[ 8] + + (sword64)ad[ 5] * bd[ 7] + + (sword64)ad[ 6] * bd[ 6] + + (sword64)ad[ 7] * bd[ 5] + + (sword64)ad[ 8] * bd[ 4] + + (sword64)ad[ 9] * bd[ 3] + + (sword64)ad[10] * bd[ 2] + + (sword64)ad[11] * bd[ 1] + + (sword64)ad[12] * bd[ 0]; + t[13] = dd[13] + (sword64)ad[ 0] * bd[13] + + (sword64)ad[ 1] * bd[12] + + (sword64)ad[ 2] * bd[11] + + (sword64)ad[ 3] * bd[10] + + (sword64)ad[ 4] * bd[ 9] + + (sword64)ad[ 5] * bd[ 8] + + (sword64)ad[ 6] * bd[ 7] + + (sword64)ad[ 7] * bd[ 6] + + (sword64)ad[ 8] * bd[ 5] + + (sword64)ad[ 9] * bd[ 4] + + (sword64)ad[10] * bd[ 3] + + (sword64)ad[11] * bd[ 2] + + (sword64)ad[12] * bd[ 1] + + (sword64)ad[13] * bd[ 0]; + t[14] = dd[14] + (sword64)ad[ 0] * bd[14] + + (sword64)ad[ 1] * bd[13] + + (sword64)ad[ 2] * bd[12] + + (sword64)ad[ 3] * bd[11] + + (sword64)ad[ 4] * bd[10] + + (sword64)ad[ 5] * bd[ 9] + + (sword64)ad[ 6] * bd[ 8] + + (sword64)ad[ 7] * bd[ 7] + + (sword64)ad[ 8] * bd[ 6] + + (sword64)ad[ 9] * bd[ 5] + + (sword64)ad[10] * bd[ 4] + + (sword64)ad[11] * bd[ 3] + + (sword64)ad[12] * bd[ 2] + + (sword64)ad[13] * bd[ 1] + + (sword64)ad[14] * bd[ 0]; + t[15] = dd[15] + (sword64)ad[ 0] * bd[15] + + (sword64)ad[ 1] * bd[14] + + (sword64)ad[ 2] * bd[13] + + (sword64)ad[ 3] * bd[12] + + (sword64)ad[ 4] * bd[11] + + (sword64)ad[ 5] * bd[10] + + (sword64)ad[ 6] * bd[ 9] + + (sword64)ad[ 7] * bd[ 8] + + (sword64)ad[ 8] * bd[ 7] + + (sword64)ad[ 9] * bd[ 6] + + (sword64)ad[10] * bd[ 5] + + (sword64)ad[11] * bd[ 4] + + (sword64)ad[12] * bd[ 3] + + (sword64)ad[13] * bd[ 2] + + (sword64)ad[14] * bd[ 1] + + (sword64)ad[15] * bd[ 0]; + t[16] = (sword64)ad[ 1] * bd[15] + + (sword64)ad[ 2] * bd[14] + + (sword64)ad[ 3] * bd[13] + + (sword64)ad[ 4] * bd[12] + + (sword64)ad[ 5] * bd[11] + + (sword64)ad[ 6] * bd[10] + + (sword64)ad[ 7] * bd[ 9] + + (sword64)ad[ 8] * bd[ 8] + + (sword64)ad[ 9] * bd[ 7] + + (sword64)ad[10] * bd[ 6] + + (sword64)ad[11] * bd[ 5] + + (sword64)ad[12] * bd[ 4] + + (sword64)ad[13] * bd[ 3] + + (sword64)ad[14] * bd[ 2] + + (sword64)ad[15] * bd[ 1]; + t[17] = (sword64)ad[ 2] * bd[15] + + (sword64)ad[ 3] * bd[14] + + (sword64)ad[ 4] * bd[13] + + (sword64)ad[ 5] * bd[12] + + (sword64)ad[ 6] * bd[11] + + (sword64)ad[ 7] * bd[10] + + (sword64)ad[ 8] * bd[ 9] + + (sword64)ad[ 9] * bd[ 8] + + (sword64)ad[10] * bd[ 7] + + (sword64)ad[11] * bd[ 6] + + (sword64)ad[12] * bd[ 5] + + (sword64)ad[13] * bd[ 4] + + (sword64)ad[14] * bd[ 3] + + (sword64)ad[15] * bd[ 2]; + t[18] = (sword64)ad[ 3] * bd[15] + + (sword64)ad[ 4] * bd[14] + + (sword64)ad[ 5] * bd[13] + + (sword64)ad[ 6] * bd[12] + + (sword64)ad[ 7] * bd[11] + + (sword64)ad[ 8] * bd[10] + + (sword64)ad[ 9] * bd[ 9] + + (sword64)ad[10] * bd[ 8] + + (sword64)ad[11] * bd[ 7] + + (sword64)ad[12] * bd[ 6] + + (sword64)ad[13] * bd[ 5] + + (sword64)ad[14] * bd[ 4] + + (sword64)ad[15] * bd[ 3]; + t[19] = (sword64)ad[ 4] * bd[15] + + (sword64)ad[ 5] * bd[14] + + (sword64)ad[ 6] * bd[13] + + (sword64)ad[ 7] * bd[12] + + (sword64)ad[ 8] * bd[11] + + (sword64)ad[ 9] * bd[10] + + (sword64)ad[10] * bd[ 9] + + (sword64)ad[11] * bd[ 8] + + (sword64)ad[12] * bd[ 7] + + (sword64)ad[13] * bd[ 6] + + (sword64)ad[14] * bd[ 5] + + (sword64)ad[15] * bd[ 4]; + t[20] = (sword64)ad[ 5] * bd[15] + + (sword64)ad[ 6] * bd[14] + + (sword64)ad[ 7] * bd[13] + + (sword64)ad[ 8] * bd[12] + + (sword64)ad[ 9] * bd[11] + + (sword64)ad[10] * bd[10] + + (sword64)ad[11] * bd[ 9] + + (sword64)ad[12] * bd[ 8] + + (sword64)ad[13] * bd[ 7] + + (sword64)ad[14] * bd[ 6] + + (sword64)ad[15] * bd[ 5]; + t[21] = (sword64)ad[ 6] * bd[15] + + (sword64)ad[ 7] * bd[14] + + (sword64)ad[ 8] * bd[13] + + (sword64)ad[ 9] * bd[12] + + (sword64)ad[10] * bd[11] + + (sword64)ad[11] * bd[10] + + (sword64)ad[12] * bd[ 9] + + (sword64)ad[13] * bd[ 8] + + (sword64)ad[14] * bd[ 7] + + (sword64)ad[15] * bd[ 6]; + t[22] = (sword64)ad[ 7] * bd[15] + + (sword64)ad[ 8] * bd[14] + + (sword64)ad[ 9] * bd[13] + + (sword64)ad[10] * bd[12] + + (sword64)ad[11] * bd[11] + + (sword64)ad[12] * bd[10] + + (sword64)ad[13] * bd[ 9] + + (sword64)ad[14] * bd[ 8] + + (sword64)ad[15] * bd[ 7]; + t[23] = (sword64)ad[ 8] * bd[15] + + (sword64)ad[ 9] * bd[14] + + (sword64)ad[10] * bd[13] + + (sword64)ad[11] * bd[12] + + (sword64)ad[12] * bd[11] + + (sword64)ad[13] * bd[10] + + (sword64)ad[14] * bd[ 9] + + (sword64)ad[15] * bd[ 8]; + t[24] = (sword64)ad[ 9] * bd[15] + + (sword64)ad[10] * bd[14] + + (sword64)ad[11] * bd[13] + + (sword64)ad[12] * bd[12] + + (sword64)ad[13] * bd[11] + + (sword64)ad[14] * bd[10] + + (sword64)ad[15] * bd[ 9]; + t[25] = (sword64)ad[10] * bd[15] + + (sword64)ad[11] * bd[14] + + (sword64)ad[12] * bd[13] + + (sword64)ad[13] * bd[12] + + (sword64)ad[14] * bd[11] + + (sword64)ad[15] * bd[10]; + t[26] = (sword64)ad[11] * bd[15] + + (sword64)ad[12] * bd[14] + + (sword64)ad[13] * bd[13] + + (sword64)ad[14] * bd[12] + + (sword64)ad[15] * bd[11]; + t[27] = (sword64)ad[12] * bd[15] + + (sword64)ad[13] * bd[14] + + (sword64)ad[14] * bd[13] + + (sword64)ad[15] * bd[12]; + t[28] = (sword64)ad[13] * bd[15] + + (sword64)ad[14] * bd[14] + + (sword64)ad[15] * bd[13]; + t[29] = (sword64)ad[14] * bd[15] + + (sword64)ad[15] * bd[14]; + t[30] = (sword64)ad[15] * bd[15]; t[31] = 0; /* Mod curve order */ @@ -6015,70 +6012,70 @@ void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, c = t[29] >> 28; t[30] += c; t[29] = t[29] & 0xfffffff; c = t[30] >> 28; t[31] += c; t[30] = t[30] & 0xfffffff; /* Mod top half of extra words */ - t[ 8] += (int64_t)0x129eec34 * t[24]; - t[ 9] += (int64_t)0x21cf5b54 * t[24]; - t[10] += (int64_t)0x29c2ab70 * t[24]; - t[11] += (int64_t)0x0f635c8c * t[24]; - t[12] += (int64_t)0x25bf7a4c * t[24]; - t[13] += (int64_t)0x2d944a70 * t[24]; - t[14] += (int64_t)0x18eec490 * t[24]; - t[15] += (int64_t)0x20cd7704 * t[24]; - t[ 9] += (int64_t)0x129eec34 * t[25]; - t[10] += (int64_t)0x21cf5b54 * t[25]; - t[11] += (int64_t)0x29c2ab70 * t[25]; - t[12] += (int64_t)0x0f635c8c * t[25]; - t[13] += (int64_t)0x25bf7a4c * t[25]; - t[14] += (int64_t)0x2d944a70 * t[25]; - t[15] += (int64_t)0x18eec490 * t[25]; - t[16] += (int64_t)0x20cd7704 * t[25]; - t[10] += (int64_t)0x129eec34 * t[26]; - t[11] += (int64_t)0x21cf5b54 * t[26]; - t[12] += (int64_t)0x29c2ab70 * t[26]; - t[13] += (int64_t)0x0f635c8c * t[26]; - t[14] += (int64_t)0x25bf7a4c * t[26]; - t[15] += (int64_t)0x2d944a70 * t[26]; - t[16] += (int64_t)0x18eec490 * t[26]; - t[17] += (int64_t)0x20cd7704 * t[26]; - t[11] += (int64_t)0x129eec34 * t[27]; - t[12] += (int64_t)0x21cf5b54 * t[27]; - t[13] += (int64_t)0x29c2ab70 * t[27]; - t[14] += (int64_t)0x0f635c8c * t[27]; - t[15] += (int64_t)0x25bf7a4c * t[27]; - t[16] += (int64_t)0x2d944a70 * t[27]; - t[17] += (int64_t)0x18eec490 * t[27]; - t[18] += (int64_t)0x20cd7704 * t[27]; - t[12] += (int64_t)0x129eec34 * t[28]; - t[13] += (int64_t)0x21cf5b54 * t[28]; - t[14] += (int64_t)0x29c2ab70 * t[28]; - t[15] += (int64_t)0x0f635c8c * t[28]; - t[16] += (int64_t)0x25bf7a4c * t[28]; - t[17] += (int64_t)0x2d944a70 * t[28]; - t[18] += (int64_t)0x18eec490 * t[28]; - t[19] += (int64_t)0x20cd7704 * t[28]; - t[13] += (int64_t)0x129eec34 * t[29]; - t[14] += (int64_t)0x21cf5b54 * t[29]; - t[15] += (int64_t)0x29c2ab70 * t[29]; - t[16] += (int64_t)0x0f635c8c * t[29]; - t[17] += (int64_t)0x25bf7a4c * t[29]; - t[18] += (int64_t)0x2d944a70 * t[29]; - t[19] += (int64_t)0x18eec490 * t[29]; - t[20] += (int64_t)0x20cd7704 * t[29]; - t[14] += (int64_t)0x129eec34 * t[30]; - t[15] += (int64_t)0x21cf5b54 * t[30]; - t[16] += (int64_t)0x29c2ab70 * t[30]; - t[17] += (int64_t)0x0f635c8c * t[30]; - t[18] += (int64_t)0x25bf7a4c * t[30]; - t[19] += (int64_t)0x2d944a70 * t[30]; - t[20] += (int64_t)0x18eec490 * t[30]; - t[21] += (int64_t)0x20cd7704 * t[30]; - t[15] += (int64_t)0x129eec34 * t[31]; - t[16] += (int64_t)0x21cf5b54 * t[31]; - t[17] += (int64_t)0x29c2ab70 * t[31]; - t[18] += (int64_t)0x0f635c8c * t[31]; - t[19] += (int64_t)0x25bf7a4c * t[31]; - t[20] += (int64_t)0x2d944a70 * t[31]; - t[21] += (int64_t)0x18eec490 * t[31]; - t[22] += (int64_t)0x20cd7704 * t[31]; + t[ 8] += (sword64)0x129eec34 * t[24]; + t[ 9] += (sword64)0x21cf5b54 * t[24]; + t[10] += (sword64)0x29c2ab70 * t[24]; + t[11] += (sword64)0x0f635c8c * t[24]; + t[12] += (sword64)0x25bf7a4c * t[24]; + t[13] += (sword64)0x2d944a70 * t[24]; + t[14] += (sword64)0x18eec490 * t[24]; + t[15] += (sword64)0x20cd7704 * t[24]; + t[ 9] += (sword64)0x129eec34 * t[25]; + t[10] += (sword64)0x21cf5b54 * t[25]; + t[11] += (sword64)0x29c2ab70 * t[25]; + t[12] += (sword64)0x0f635c8c * t[25]; + t[13] += (sword64)0x25bf7a4c * t[25]; + t[14] += (sword64)0x2d944a70 * t[25]; + t[15] += (sword64)0x18eec490 * t[25]; + t[16] += (sword64)0x20cd7704 * t[25]; + t[10] += (sword64)0x129eec34 * t[26]; + t[11] += (sword64)0x21cf5b54 * t[26]; + t[12] += (sword64)0x29c2ab70 * t[26]; + t[13] += (sword64)0x0f635c8c * t[26]; + t[14] += (sword64)0x25bf7a4c * t[26]; + t[15] += (sword64)0x2d944a70 * t[26]; + t[16] += (sword64)0x18eec490 * t[26]; + t[17] += (sword64)0x20cd7704 * t[26]; + t[11] += (sword64)0x129eec34 * t[27]; + t[12] += (sword64)0x21cf5b54 * t[27]; + t[13] += (sword64)0x29c2ab70 * t[27]; + t[14] += (sword64)0x0f635c8c * t[27]; + t[15] += (sword64)0x25bf7a4c * t[27]; + t[16] += (sword64)0x2d944a70 * t[27]; + t[17] += (sword64)0x18eec490 * t[27]; + t[18] += (sword64)0x20cd7704 * t[27]; + t[12] += (sword64)0x129eec34 * t[28]; + t[13] += (sword64)0x21cf5b54 * t[28]; + t[14] += (sword64)0x29c2ab70 * t[28]; + t[15] += (sword64)0x0f635c8c * t[28]; + t[16] += (sword64)0x25bf7a4c * t[28]; + t[17] += (sword64)0x2d944a70 * t[28]; + t[18] += (sword64)0x18eec490 * t[28]; + t[19] += (sword64)0x20cd7704 * t[28]; + t[13] += (sword64)0x129eec34 * t[29]; + t[14] += (sword64)0x21cf5b54 * t[29]; + t[15] += (sword64)0x29c2ab70 * t[29]; + t[16] += (sword64)0x0f635c8c * t[29]; + t[17] += (sword64)0x25bf7a4c * t[29]; + t[18] += (sword64)0x2d944a70 * t[29]; + t[19] += (sword64)0x18eec490 * t[29]; + t[20] += (sword64)0x20cd7704 * t[29]; + t[14] += (sword64)0x129eec34 * t[30]; + t[15] += (sword64)0x21cf5b54 * t[30]; + t[16] += (sword64)0x29c2ab70 * t[30]; + t[17] += (sword64)0x0f635c8c * t[30]; + t[18] += (sword64)0x25bf7a4c * t[30]; + t[19] += (sword64)0x2d944a70 * t[30]; + t[20] += (sword64)0x18eec490 * t[30]; + t[21] += (sword64)0x20cd7704 * t[30]; + t[15] += (sword64)0x129eec34 * t[31]; + t[16] += (sword64)0x21cf5b54 * t[31]; + t[17] += (sword64)0x29c2ab70 * t[31]; + t[18] += (sword64)0x0f635c8c * t[31]; + t[19] += (sword64)0x25bf7a4c * t[31]; + t[20] += (sword64)0x2d944a70 * t[31]; + t[21] += (sword64)0x18eec490 * t[31]; + t[22] += (sword64)0x20cd7704 * t[31]; /* Propagate carries */ c = t[ 8] >> 28; t[ 9] += c; t[ 8] = t[ 8] & 0xfffffff; c = t[ 9] >> 28; t[10] += c; t[ 9] = t[ 9] & 0xfffffff; @@ -6096,87 +6093,87 @@ void sc448_muladd(uint8_t* r, const uint8_t* a, const uint8_t* b, c = t[21] >> 28; t[22] += c; t[21] = t[21] & 0xfffffff; c = t[22] >> 28; t[23] += c; t[22] = t[22] & 0xfffffff; /* Mod bottom half of extra words */ - t[ 0] += (int64_t)0x129eec34 * t[16]; - t[ 1] += (int64_t)0x21cf5b54 * t[16]; - t[ 2] += (int64_t)0x29c2ab70 * t[16]; - t[ 3] += (int64_t)0x0f635c8c * t[16]; - t[ 4] += (int64_t)0x25bf7a4c * t[16]; - t[ 5] += (int64_t)0x2d944a70 * t[16]; - t[ 6] += (int64_t)0x18eec490 * t[16]; - t[ 7] += (int64_t)0x20cd7704 * t[16]; - t[ 1] += (int64_t)0x129eec34 * t[17]; - t[ 2] += (int64_t)0x21cf5b54 * t[17]; - t[ 3] += (int64_t)0x29c2ab70 * t[17]; - t[ 4] += (int64_t)0x0f635c8c * t[17]; - t[ 5] += (int64_t)0x25bf7a4c * t[17]; - t[ 6] += (int64_t)0x2d944a70 * t[17]; - t[ 7] += (int64_t)0x18eec490 * t[17]; - t[ 8] += (int64_t)0x20cd7704 * t[17]; - t[ 2] += (int64_t)0x129eec34 * t[18]; - t[ 3] += (int64_t)0x21cf5b54 * t[18]; - t[ 4] += (int64_t)0x29c2ab70 * t[18]; - t[ 5] += (int64_t)0x0f635c8c * t[18]; - t[ 6] += (int64_t)0x25bf7a4c * t[18]; - t[ 7] += (int64_t)0x2d944a70 * t[18]; - t[ 8] += (int64_t)0x18eec490 * t[18]; - t[ 9] += (int64_t)0x20cd7704 * t[18]; - t[ 3] += (int64_t)0x129eec34 * t[19]; - t[ 4] += (int64_t)0x21cf5b54 * t[19]; - t[ 5] += (int64_t)0x29c2ab70 * t[19]; - t[ 6] += (int64_t)0x0f635c8c * t[19]; - t[ 7] += (int64_t)0x25bf7a4c * t[19]; - t[ 8] += (int64_t)0x2d944a70 * t[19]; - t[ 9] += (int64_t)0x18eec490 * t[19]; - t[10] += (int64_t)0x20cd7704 * t[19]; - t[ 4] += (int64_t)0x129eec34 * t[20]; - t[ 5] += (int64_t)0x21cf5b54 * t[20]; - t[ 6] += (int64_t)0x29c2ab70 * t[20]; - t[ 7] += (int64_t)0x0f635c8c * t[20]; - t[ 8] += (int64_t)0x25bf7a4c * t[20]; - t[ 9] += (int64_t)0x2d944a70 * t[20]; - t[10] += (int64_t)0x18eec490 * t[20]; - t[11] += (int64_t)0x20cd7704 * t[20]; - t[ 5] += (int64_t)0x129eec34 * t[21]; - t[ 6] += (int64_t)0x21cf5b54 * t[21]; - t[ 7] += (int64_t)0x29c2ab70 * t[21]; - t[ 8] += (int64_t)0x0f635c8c * t[21]; - t[ 9] += (int64_t)0x25bf7a4c * t[21]; - t[10] += (int64_t)0x2d944a70 * t[21]; - t[11] += (int64_t)0x18eec490 * t[21]; - t[12] += (int64_t)0x20cd7704 * t[21]; - t[ 6] += (int64_t)0x129eec34 * t[22]; - t[ 7] += (int64_t)0x21cf5b54 * t[22]; - t[ 8] += (int64_t)0x29c2ab70 * t[22]; - t[ 9] += (int64_t)0x0f635c8c * t[22]; - t[10] += (int64_t)0x25bf7a4c * t[22]; - t[11] += (int64_t)0x2d944a70 * t[22]; - t[12] += (int64_t)0x18eec490 * t[22]; - t[13] += (int64_t)0x20cd7704 * t[22]; - t[ 7] += (int64_t)0x129eec34 * t[23]; - t[ 8] += (int64_t)0x21cf5b54 * t[23]; - t[ 9] += (int64_t)0x29c2ab70 * t[23]; - t[10] += (int64_t)0x0f635c8c * t[23]; - t[11] += (int64_t)0x25bf7a4c * t[23]; - t[12] += (int64_t)0x2d944a70 * t[23]; - t[13] += (int64_t)0x18eec490 * t[23]; - t[14] += (int64_t)0x20cd7704 * t[23]; + t[ 0] += (sword64)0x129eec34 * t[16]; + t[ 1] += (sword64)0x21cf5b54 * t[16]; + t[ 2] += (sword64)0x29c2ab70 * t[16]; + t[ 3] += (sword64)0x0f635c8c * t[16]; + t[ 4] += (sword64)0x25bf7a4c * t[16]; + t[ 5] += (sword64)0x2d944a70 * t[16]; + t[ 6] += (sword64)0x18eec490 * t[16]; + t[ 7] += (sword64)0x20cd7704 * t[16]; + t[ 1] += (sword64)0x129eec34 * t[17]; + t[ 2] += (sword64)0x21cf5b54 * t[17]; + t[ 3] += (sword64)0x29c2ab70 * t[17]; + t[ 4] += (sword64)0x0f635c8c * t[17]; + t[ 5] += (sword64)0x25bf7a4c * t[17]; + t[ 6] += (sword64)0x2d944a70 * t[17]; + t[ 7] += (sword64)0x18eec490 * t[17]; + t[ 8] += (sword64)0x20cd7704 * t[17]; + t[ 2] += (sword64)0x129eec34 * t[18]; + t[ 3] += (sword64)0x21cf5b54 * t[18]; + t[ 4] += (sword64)0x29c2ab70 * t[18]; + t[ 5] += (sword64)0x0f635c8c * t[18]; + t[ 6] += (sword64)0x25bf7a4c * t[18]; + t[ 7] += (sword64)0x2d944a70 * t[18]; + t[ 8] += (sword64)0x18eec490 * t[18]; + t[ 9] += (sword64)0x20cd7704 * t[18]; + t[ 3] += (sword64)0x129eec34 * t[19]; + t[ 4] += (sword64)0x21cf5b54 * t[19]; + t[ 5] += (sword64)0x29c2ab70 * t[19]; + t[ 6] += (sword64)0x0f635c8c * t[19]; + t[ 7] += (sword64)0x25bf7a4c * t[19]; + t[ 8] += (sword64)0x2d944a70 * t[19]; + t[ 9] += (sword64)0x18eec490 * t[19]; + t[10] += (sword64)0x20cd7704 * t[19]; + t[ 4] += (sword64)0x129eec34 * t[20]; + t[ 5] += (sword64)0x21cf5b54 * t[20]; + t[ 6] += (sword64)0x29c2ab70 * t[20]; + t[ 7] += (sword64)0x0f635c8c * t[20]; + t[ 8] += (sword64)0x25bf7a4c * t[20]; + t[ 9] += (sword64)0x2d944a70 * t[20]; + t[10] += (sword64)0x18eec490 * t[20]; + t[11] += (sword64)0x20cd7704 * t[20]; + t[ 5] += (sword64)0x129eec34 * t[21]; + t[ 6] += (sword64)0x21cf5b54 * t[21]; + t[ 7] += (sword64)0x29c2ab70 * t[21]; + t[ 8] += (sword64)0x0f635c8c * t[21]; + t[ 9] += (sword64)0x25bf7a4c * t[21]; + t[10] += (sword64)0x2d944a70 * t[21]; + t[11] += (sword64)0x18eec490 * t[21]; + t[12] += (sword64)0x20cd7704 * t[21]; + t[ 6] += (sword64)0x129eec34 * t[22]; + t[ 7] += (sword64)0x21cf5b54 * t[22]; + t[ 8] += (sword64)0x29c2ab70 * t[22]; + t[ 9] += (sword64)0x0f635c8c * t[22]; + t[10] += (sword64)0x25bf7a4c * t[22]; + t[11] += (sword64)0x2d944a70 * t[22]; + t[12] += (sword64)0x18eec490 * t[22]; + t[13] += (sword64)0x20cd7704 * t[22]; + t[ 7] += (sword64)0x129eec34 * t[23]; + t[ 8] += (sword64)0x21cf5b54 * t[23]; + t[ 9] += (sword64)0x29c2ab70 * t[23]; + t[10] += (sword64)0x0f635c8c * t[23]; + t[11] += (sword64)0x25bf7a4c * t[23]; + t[12] += (sword64)0x2d944a70 * t[23]; + t[13] += (sword64)0x18eec490 * t[23]; + t[14] += (sword64)0x20cd7704 * t[23]; /* Propagate carries */ - c = t[ 0] >> 28; t[ 1] += c; rd[ 0] = (int32_t)(t[ 0] & 0xfffffff); - c = t[ 1] >> 28; t[ 2] += c; rd[ 1] = (int32_t)(t[ 1] & 0xfffffff); - c = t[ 2] >> 28; t[ 3] += c; rd[ 2] = (int32_t)(t[ 2] & 0xfffffff); - c = t[ 3] >> 28; t[ 4] += c; rd[ 3] = (int32_t)(t[ 3] & 0xfffffff); - c = t[ 4] >> 28; t[ 5] += c; rd[ 4] = (int32_t)(t[ 4] & 0xfffffff); - c = t[ 5] >> 28; t[ 6] += c; rd[ 5] = (int32_t)(t[ 5] & 0xfffffff); - c = t[ 6] >> 28; t[ 7] += c; rd[ 6] = (int32_t)(t[ 6] & 0xfffffff); - c = t[ 7] >> 28; t[ 8] += c; rd[ 7] = (int32_t)(t[ 7] & 0xfffffff); - c = t[ 8] >> 28; t[ 9] += c; rd[ 8] = (int32_t)(t[ 8] & 0xfffffff); - c = t[ 9] >> 28; t[10] += c; rd[ 9] = (int32_t)(t[ 9] & 0xfffffff); - c = t[10] >> 28; t[11] += c; rd[10] = (int32_t)(t[10] & 0xfffffff); - c = t[11] >> 28; t[12] += c; rd[11] = (int32_t)(t[11] & 0xfffffff); - c = t[12] >> 28; t[13] += c; rd[12] = (int32_t)(t[12] & 0xfffffff); - c = t[13] >> 28; t[14] += c; rd[13] = (int32_t)(t[13] & 0xfffffff); - c = t[14] >> 28; t[15] += c; rd[14] = (int32_t)(t[14] & 0xfffffff); - rd[15] = (uint32_t)t[15]; + c = t[ 0] >> 28; t[ 1] += c; rd[ 0] = (sword32)(t[ 0] & 0xfffffff); + c = t[ 1] >> 28; t[ 2] += c; rd[ 1] = (sword32)(t[ 1] & 0xfffffff); + c = t[ 2] >> 28; t[ 3] += c; rd[ 2] = (sword32)(t[ 2] & 0xfffffff); + c = t[ 3] >> 28; t[ 4] += c; rd[ 3] = (sword32)(t[ 3] & 0xfffffff); + c = t[ 4] >> 28; t[ 5] += c; rd[ 4] = (sword32)(t[ 4] & 0xfffffff); + c = t[ 5] >> 28; t[ 6] += c; rd[ 5] = (sword32)(t[ 5] & 0xfffffff); + c = t[ 6] >> 28; t[ 7] += c; rd[ 6] = (sword32)(t[ 6] & 0xfffffff); + c = t[ 7] >> 28; t[ 8] += c; rd[ 7] = (sword32)(t[ 7] & 0xfffffff); + c = t[ 8] >> 28; t[ 9] += c; rd[ 8] = (sword32)(t[ 8] & 0xfffffff); + c = t[ 9] >> 28; t[10] += c; rd[ 9] = (sword32)(t[ 9] & 0xfffffff); + c = t[10] >> 28; t[11] += c; rd[10] = (sword32)(t[10] & 0xfffffff); + c = t[11] >> 28; t[12] += c; rd[11] = (sword32)(t[11] & 0xfffffff); + c = t[12] >> 28; t[13] += c; rd[12] = (sword32)(t[12] & 0xfffffff); + c = t[13] >> 28; t[14] += c; rd[13] = (sword32)(t[13] & 0xfffffff); + c = t[14] >> 28; t[15] += c; rd[14] = (sword32)(t[14] & 0xfffffff); + rd[15] = (word32)t[15]; /* Mod bits over 28 in last word */ o = rd[15] >> 26; rd[15] &= 0x3ffffff; rd[ 0] += 0x4a7bb0d * o; @@ -10448,7 +10445,7 @@ static WC_INLINE void ge448_sub(ge448_p2 *r, const ge448_p2 *p, * b [in] Array of bytes to hold compressed point. * p [in] Point to convert. */ -void ge448_to_bytes(uint8_t *b, const ge448_p2 *p) +void ge448_to_bytes(byte *b, const ge448_p2 *p) { ge448 recip[GE448_WORDS]; ge448 x[GE448_WORDS]; @@ -10466,7 +10463,7 @@ void ge448_to_bytes(uint8_t *b, const ge448_p2 *p) * b [in] Array of bytes to hold compressed point. * p [in] Point to convert. */ -static void ge448_p2z1_to_bytes(uint8_t *b, const ge448_p2 *p) +static void ge448_p2z1_to_bytes(byte *b, const ge448_p2 *p) { fe448_to_bytes(b, p->Y); b[56] = fe448_isnegative(p->X) << 7; @@ -10478,11 +10475,11 @@ static void ge448_p2z1_to_bytes(uint8_t *b, const ge448_p2 *p) * xIn [in] The x-ordinate. * yIn [in] The y-ordinate. */ -int ge448_compress_key(uint8_t* out, const uint8_t* xIn, const uint8_t* yIn) +int ge448_compress_key(byte* out, const byte* xIn, const byte* yIn) { ge448_p2 g; - uint8_t bArray[ED448_KEY_SIZE]; - uint32_t i; + byte bArray[ED448_KEY_SIZE]; + word32 i; fe448_from_bytes(g.X, xIn); fe448_from_bytes(g.Y, yIn); @@ -10502,9 +10499,9 @@ int ge448_compress_key(uint8_t* out, const uint8_t* xIn, const uint8_t* yIn) * b [in] An 8-bit signed value. * returns 1 when negative and 0 otherwise. */ -static uint8_t negative(int8_t b) +static byte negative(byte b) { - return ((uint8_t)b) >> 7; + return ((byte)b) >> 7; } /* Determine whether two values are equal. a == b @@ -10514,9 +10511,9 @@ static uint8_t negative(int8_t b) * b [in] An 8-bit unsigned value. * returns 1 when equal and 0 otherwise. */ -static uint8_t equal(uint8_t a, uint8_t b) +static byte equal(byte a, byte b) { - return (uint8_t)(((uint32_t)(a ^ b) - 1) >> 31); + return (byte)(((word32)(a ^ b) - 1) >> 31); } /* Conditional move the point into result point if two values are equal. @@ -10527,8 +10524,8 @@ static uint8_t equal(uint8_t a, uint8_t b) * b [in] An 8-bit unsigned value. * n [in] An 8-bit unsigned value. */ -static WC_INLINE void cmov(ge448_precomp* r, const ge448_precomp* p, uint8_t b, - uint8_t n) +static WC_INLINE void cmov(ge448_precomp* r, const ge448_precomp* p, byte b, + byte n) { b = equal(b, n); fe448_cmov(r->x, p->x, b); @@ -10542,11 +10539,11 @@ static WC_INLINE void cmov(ge448_precomp* r, const ge448_precomp* p, uint8_t b, * pos [in] Position of array of entries to choose from. * b [in] Index of point to select. -ve value means negate the point. */ -static void ge448_select(ge448_precomp* r, int pos, int8_t b) +static void ge448_select(ge448_precomp* r, int pos, byte b) { ge448 minusx[16]; - uint8_t bnegative = negative(b); - uint8_t babs = b - (((-bnegative) & b) << 1); + byte bnegative = negative(b); + byte babs = b - (((-bnegative) & b) << 1); ge448_precomp_0(r); cmov(r, &base[pos][0], babs, 1); @@ -10566,12 +10563,12 @@ static void ge448_select(ge448_precomp* r, int pos, int8_t b) * r [in] Point to hold result. * a [in] Scalar to multiply by. */ -void ge448_scalarmult_base(ge448_p2* r, const uint8_t* a) +void ge448_scalarmult_base(ge448_p2* r, const byte* a) { - int8_t carry; + byte carry; ge448_precomp t; int i; - int8_t e[113]; + byte e[113]; carry = 0; for (i = 0; i < 56; ++i) { @@ -10615,7 +10612,7 @@ void ge448_scalarmult_base(ge448_p2* r, const uint8_t* a) * r [in] Array of indeces. * a [in] Scalar to break up. */ -static void slide(int8_t *r, const uint8_t *a) +static void slide(char *r, const byte *a) { int i; int b; @@ -10663,113 +10660,117 @@ static void slide(int8_t *r, const uint8_t *a) * r [in] Point to hold result. * a [in] Scalar to multiply by. */ -int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a, - const ge448_p2 *p, const uint8_t *b) +int ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a, + const ge448_p2 *p, const byte *b) { #define GE448_WINDOW_BUF_SIZE 448 -#if !defined(WOLFSSL_SMALL_STACK) || (defined(WOLFSSL_NO_MALLOC) && !defined(XMALLOC_USER)) - int8_t aslide[GE448_WINDOW_BUF_SIZE]; - int8_t bslide[GE448_WINDOW_BUF_SIZE]; - ge448_p2 pi[16]; /* p,3p,..,31p */ - ge448_p2 p2_data, *p2 = &p2_data; - int i; - -#else - int8_t *aslide = NULL; - int8_t *bslide = NULL; +#if defined(WOLFSSL_SMALL_STACK) && (!defined(WOLFSSL_NO_MALLOC) || defined(XMALLOC_USER)) + char *aslide = NULL; + char *bslide = NULL; ge448_p2 *pi = NULL; /* p,3p,..,31p */ ge448_p2 *p2 = NULL; - int i, ret; +#else + char aslide[448]; + char bslide[448]; + ge448_p2 pi[16]; /* p,3p,..,31p */ + ge448_p2 p2[1]; +#endif + int i; + int ret = 0; - aslide = (int8_t *)XMALLOC(GE448_WINDOW_BUF_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (! aslide) { +#if defined(WOLFSSL_SMALL_STACK) && (!defined(WOLFSSL_NO_MALLOC) || defined(XMALLOC_USER)) + aslide = (char *)XMALLOC(GE448_WINDOW_BUF_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (aslide == NULL) { ret = MEMORY_E; - goto out; } - bslide = (int8_t *)XMALLOC(GE448_WINDOW_BUF_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (! bslide) { - ret = MEMORY_E; - goto out; + if (ret == 0) { + bslide = (char *)XMALLOC(GE448_WINDOW_BUF_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (bslide == NULL) { + ret = MEMORY_E; + } } - pi = (ge448_p2 *)XMALLOC(16 * sizeof *pi, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (! pi) { - ret = MEMORY_E; - goto out; + if (ret == 0) { + pi = (ge448_p2 *)XMALLOC(16 * sizeof *pi, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (pi == NULL) { + ret = MEMORY_E; + } } - p2 = (ge448_p2 *)XMALLOC(sizeof *p2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (! p2) { - ret = MEMORY_E; - goto out; + if (ret == 0) { + p2 = (ge448_p2 *)XMALLOC(sizeof *p2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (p2 == NULL) { + ret = MEMORY_E; + } } #endif - slide(aslide, a); - slide(bslide, b); + if (ret == 0) { + slide(aslide, a); + slide(bslide, b); - fe448_copy(pi[0].X, p->X); - fe448_copy(pi[0].Y, p->Y); - fe448_copy(pi[0].Z, p->Z); - ge448_dbl(p2, p); - ge448_add(&pi[1], p2, &pi[0]); - ge448_add(&pi[2], p2, &pi[1]); - ge448_add(&pi[3], p2, &pi[2]); - ge448_add(&pi[4], p2, &pi[3]); - ge448_add(&pi[5], p2, &pi[4]); - ge448_add(&pi[6], p2, &pi[5]); - ge448_add(&pi[7], p2, &pi[6]); - ge448_add(&pi[8], p2, &pi[7]); - ge448_add(&pi[9], p2, &pi[8]); - ge448_add(&pi[10], p2, &pi[9]); - ge448_add(&pi[11], p2, &pi[10]); - ge448_add(&pi[12], p2, &pi[11]); - ge448_add(&pi[13], p2, &pi[12]); - ge448_add(&pi[14], p2, &pi[13]); - ge448_add(&pi[15], p2, &pi[14]); + fe448_copy(pi[0].X, p->X); + fe448_copy(pi[0].Y, p->Y); + fe448_copy(pi[0].Z, p->Z); + ge448_dbl(p2, p); + ge448_add(&pi[1], p2, &pi[0]); + ge448_add(&pi[2], p2, &pi[1]); + ge448_add(&pi[3], p2, &pi[2]); + ge448_add(&pi[4], p2, &pi[3]); + ge448_add(&pi[5], p2, &pi[4]); + ge448_add(&pi[6], p2, &pi[5]); + ge448_add(&pi[7], p2, &pi[6]); + ge448_add(&pi[8], p2, &pi[7]); + ge448_add(&pi[9], p2, &pi[8]); + ge448_add(&pi[10], p2, &pi[9]); + ge448_add(&pi[11], p2, &pi[10]); + ge448_add(&pi[12], p2, &pi[11]); + ge448_add(&pi[13], p2, &pi[12]); + ge448_add(&pi[14], p2, &pi[13]); + ge448_add(&pi[15], p2, &pi[14]); - ge448_0(r); + ge448_0(r); - /* Find first index that is not 0. */ - for (i = 447; i >= 0; --i) { - if (aslide[i] || bslide[i]) { - break; + /* Find first index that is not 0. */ + for (i = 447; i >= 0; --i) { + if (aslide[i] || bslide[i]) { + break; + } + } + + for (; i >= 0; --i) { + ge448_dbl(r, r); + + if (aslide[i] > 0) + ge448_add(r, r, &pi[aslide[i]/2]); + else if (aslide[i] < 0) + ge448_sub(r, r ,&pi[(-aslide[i])/2]); + + if (bslide[i] > 0) + ge448_madd(r, r, &base_i[bslide[i]/2]); + else if (bslide[i] < 0) + ge448_msub(r, r, &base_i[(-bslide[i])/2]); } } - for (; i >= 0; --i) { - ge448_dbl(r, r); - - if (aslide[i] > 0) - ge448_add(r, r, &pi[aslide[i]/2]); - else if (aslide[i] < 0) - ge448_sub(r, r, &pi[(-aslide[i])/2]); - - if (bslide[i] > 0) - ge448_madd(r, r, &base_i[bslide[i]/2]); - else if (bslide[i] < 0) - ge448_msub(r, r, &base_i[(-bslide[i])/2]); - } - -#if defined(WOLFSSL_SMALL_STACK) && !(defined(WOLFSSL_NO_MALLOC) && !defined(XMALLOC_USER)) - ret = 0; - - out: - - if (aslide) - XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (bslide) - XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (pi) - XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (p2) +#if defined(WOLFSSL_SMALL_STACK) && (!defined(WOLFSSL_NO_MALLOC) || defined(XMALLOC_USER)) + if (p2 != NULL) { XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -#else - return 0; + } + if (pi != NULL) { + XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (bslide != NULL) { + XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (aslide != NULL) { + XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } #endif -#undef GE448_WINDOW_BUF_SIZE + return ret; } /* Convert compressed point to negative of affine point. @@ -10780,7 +10781,7 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a, * b [in] Array of bytes representing point. * returns 0 on success and -1 on failure. */ -int ge448_from_bytes_negate_vartime(ge448_p2 *r, const uint8_t *b) +int ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b) { int ret = 0; ge448 u[GE448_WORDS]; diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c index 73fa06e35..beaa56e66 100644 --- a/wolfcrypt/src/ge_operations.c +++ b/wolfcrypt/src/ge_operations.c @@ -96,23 +96,23 @@ Representations: #define ORDER_5 0xa6f7c #ifdef CURVED25519_ASM_32BIT -uint64_t load_3(const unsigned char *in) +word64 load_3(const unsigned char *in) { - uint64_t result; - result = (uint64_t) in[0]; - result |= ((uint64_t) in[1]) << 8; - result |= ((uint64_t) in[2]) << 16; + word64 result; + result = (word64) in[0]; + result |= ((word64) in[1]) << 8; + result |= ((word64) in[2]) << 16; return result; } -uint64_t load_4(const unsigned char *in) +word64 load_4(const unsigned char *in) { - uint64_t result; - result = (uint64_t) in[0]; - result |= ((uint64_t) in[1]) << 8; - result |= ((uint64_t) in[2]) << 16; - result |= ((uint64_t) in[3]) << 24; + word64 result; + result = (word64) in[0]; + result |= ((word64) in[1]) << 8; + result |= ((word64) in[2]) << 16; + result |= ((word64) in[3]) << 24; return result; } #endif @@ -128,8 +128,8 @@ Output: */ void sc_reduce(byte* s) { - int64_t t[24]; - int64_t carry; + sword64 t[24]; + sword64 carry; t[ 0] = MASK_21 & (load_3(s + 0) >> 0); t[ 1] = MASK_21 & (load_4(s + 2) >> 5); @@ -331,9 +331,9 @@ Output: */ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) { - uint32_t ad[12], bd[12], cd[12]; - int64_t t[24]; - int64_t carry; + word32 ad[12], bd[12], cd[12]; + sword64 t[24]; + sword64 carry; ad[ 0] = MASK_21 & (load_3(a + 0) >> 0); ad[ 1] = MASK_21 & (load_4(a + 2) >> 5); @@ -346,7 +346,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) ad[ 8] = MASK_21 & (load_3(a + 21) >> 0); ad[ 9] = MASK_21 & (load_4(a + 23) >> 5); ad[10] = MASK_21 & (load_3(a + 26) >> 2); - ad[11] = (uint32_t)(load_4(a + 28) >> 7); + ad[11] = (word32)(load_4(a + 28) >> 7); bd[ 0] = MASK_21 & (load_3(b + 0) >> 0); bd[ 1] = MASK_21 & (load_4(b + 2) >> 5); bd[ 2] = MASK_21 & (load_3(b + 5) >> 2); @@ -358,7 +358,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) bd[ 8] = MASK_21 & (load_3(b + 21) >> 0); bd[ 9] = MASK_21 & (load_4(b + 23) >> 5); bd[10] = MASK_21 & (load_3(b + 26) >> 2); - bd[11] = (uint32_t)(load_4(b + 28) >> 7); + bd[11] = (word32)(load_4(b + 28) >> 7); cd[ 0] = MASK_21 & (load_3(c + 0) >> 0); cd[ 1] = MASK_21 & (load_4(c + 2) >> 5); cd[ 2] = MASK_21 & (load_3(c + 5) >> 2); @@ -370,86 +370,86 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) cd[ 8] = MASK_21 & (load_3(c + 21) >> 0); cd[ 9] = MASK_21 & (load_4(c + 23) >> 5); cd[10] = MASK_21 & (load_3(c + 26) >> 2); - cd[11] = (uint32_t)(load_4(c + 28) >> 7); + cd[11] = (word32)(load_4(c + 28) >> 7); - t[ 0] = cd[ 0] + (int64_t)ad[ 0] * bd[ 0]; - t[ 1] = cd[ 1] + (int64_t)ad[ 0] * bd[ 1] + (int64_t)ad[ 1] * bd[ 0]; - t[ 2] = cd[ 2] + (int64_t)ad[ 0] * bd[ 2] + (int64_t)ad[ 1] * bd[ 1] + - (int64_t)ad[ 2] * bd[ 0]; - t[ 3] = cd[ 3] + (int64_t)ad[ 0] * bd[ 3] + (int64_t)ad[ 1] * bd[ 2] + - (int64_t)ad[ 2] * bd[ 1] + (int64_t)ad[ 3] * bd[ 0]; - t[ 4] = cd[ 4] + (int64_t)ad[ 0] * bd[ 4] + (int64_t)ad[ 1] * bd[ 3] + - (int64_t)ad[ 2] * bd[ 2] + (int64_t)ad[ 3] * bd[ 1] + - (int64_t)ad[ 4] * bd[ 0]; - t[ 5] = cd[ 5] + (int64_t)ad[ 0] * bd[ 5] + (int64_t)ad[ 1] * bd[ 4] + - (int64_t)ad[ 2] * bd[ 3] + (int64_t)ad[ 3] * bd[ 2] + - (int64_t)ad[ 4] * bd[ 1] + (int64_t)ad[ 5] * bd[ 0]; - t[ 6] = cd[ 6] + (int64_t)ad[ 0] * bd[ 6] + (int64_t)ad[ 1] * bd[ 5] + - (int64_t)ad[ 2] * bd[ 4] + (int64_t)ad[ 3] * bd[ 3] + - (int64_t)ad[ 4] * bd[ 2] + (int64_t)ad[ 5] * bd[ 1] + - (int64_t)ad[ 6] * bd[ 0]; - t[ 7] = cd[ 7] + (int64_t)ad[ 0] * bd[ 7] + (int64_t)ad[ 1] * bd[ 6] + - (int64_t)ad[ 2] * bd[ 5] + (int64_t)ad[ 3] * bd[ 4] + - (int64_t)ad[ 4] * bd[ 3] + (int64_t)ad[ 5] * bd[ 2] + - (int64_t)ad[ 6] * bd[ 1] + (int64_t)ad[ 7] * bd[ 0]; - t[ 8] = cd[ 8] + (int64_t)ad[ 0] * bd[ 8] + (int64_t)ad[ 1] * bd[ 7] + - (int64_t)ad[ 2] * bd[ 6] + (int64_t)ad[ 3] * bd[ 5] + - (int64_t)ad[ 4] * bd[ 4] + (int64_t)ad[ 5] * bd[ 3] + - (int64_t)ad[ 6] * bd[ 2] + (int64_t)ad[ 7] * bd[ 1] + - (int64_t)ad[ 8] * bd[ 0]; - t[ 9] = cd[ 9] + (int64_t)ad[ 0] * bd[ 9] + (int64_t)ad[ 1] * bd[ 8] + - (int64_t)ad[ 2] * bd[ 7] + (int64_t)ad[ 3] * bd[ 6] + - (int64_t)ad[ 4] * bd[ 5] + (int64_t)ad[ 5] * bd[ 4] + - (int64_t)ad[ 6] * bd[ 3] + (int64_t)ad[ 7] * bd[ 2] + - (int64_t)ad[ 8] * bd[ 1] + (int64_t)ad[ 9] * bd[ 0]; - t[10] = cd[10] + (int64_t)ad[ 0] * bd[10] + (int64_t)ad[ 1] * bd[ 9] + - (int64_t)ad[ 2] * bd[ 8] + (int64_t)ad[ 3] * bd[ 7] + - (int64_t)ad[ 4] * bd[ 6] + (int64_t)ad[ 5] * bd[ 5] + - (int64_t)ad[ 6] * bd[ 4] + (int64_t)ad[ 7] * bd[ 3] + - (int64_t)ad[ 8] * bd[ 2] + (int64_t)ad[ 9] * bd[ 1] + - (int64_t)ad[10] * bd[ 0]; - t[11] = cd[11] + (int64_t)ad[ 0] * bd[11] + (int64_t)ad[ 1] * bd[10] + - (int64_t)ad[ 2] * bd[ 9] + (int64_t)ad[ 3] * bd[ 8] + - (int64_t)ad[ 4] * bd[ 7] + (int64_t)ad[ 5] * bd[ 6] + - (int64_t)ad[ 6] * bd[ 5] + (int64_t)ad[ 7] * bd[ 4] + - (int64_t)ad[ 8] * bd[ 3] + (int64_t)ad[ 9] * bd[ 2] + - (int64_t)ad[10] * bd[ 1] + (int64_t)ad[11] * bd[ 0]; - t[12] = (int64_t)ad[ 1] * bd[11] + (int64_t)ad[ 2] * bd[10] + - (int64_t)ad[ 3] * bd[ 9] + (int64_t)ad[ 4] * bd[ 8] + - (int64_t)ad[ 5] * bd[ 7] + (int64_t)ad[ 6] * bd[ 6] + - (int64_t)ad[ 7] * bd[ 5] + (int64_t)ad[ 8] * bd[ 4] + - (int64_t)ad[ 9] * bd[ 3] + (int64_t)ad[10] * bd[ 2] + - (int64_t)ad[11] * bd[ 1]; - t[13] = (int64_t)ad[ 2] * bd[11] + (int64_t)ad[ 3] * bd[10] + - (int64_t)ad[ 4] * bd[ 9] + (int64_t)ad[ 5] * bd[ 8] + - (int64_t)ad[ 6] * bd[ 7] + (int64_t)ad[ 7] * bd[ 6] + - (int64_t)ad[ 8] * bd[ 5] + (int64_t)ad[ 9] * bd[ 4] + - (int64_t)ad[10] * bd[ 3] + (int64_t)ad[11] * bd[ 2]; - t[14] = (int64_t)ad[ 3] * bd[11] + (int64_t)ad[ 4] * bd[10] + - (int64_t)ad[ 5] * bd[ 9] + (int64_t)ad[ 6] * bd[ 8] + - (int64_t)ad[ 7] * bd[ 7] + (int64_t)ad[ 8] * bd[ 6] + - (int64_t)ad[ 9] * bd[ 5] + (int64_t)ad[10] * bd[ 4] + - (int64_t)ad[11] * bd[ 3]; - t[15] = (int64_t)ad[ 4] * bd[11] + (int64_t)ad[ 5] * bd[10] + - (int64_t)ad[ 6] * bd[ 9] + (int64_t)ad[ 7] * bd[ 8] + - (int64_t)ad[ 8] * bd[ 7] + (int64_t)ad[ 9] * bd[ 6] + - (int64_t)ad[10] * bd[ 5] + (int64_t)ad[11] * bd[ 4]; - t[16] = (int64_t)ad[ 5] * bd[11] + (int64_t)ad[ 6] * bd[10] + - (int64_t)ad[ 7] * bd[ 9] + (int64_t)ad[ 8] * bd[ 8] + - (int64_t)ad[ 9] * bd[ 7] + (int64_t)ad[10] * bd[ 6] + - (int64_t)ad[11] * bd[ 5]; - t[17] = (int64_t)ad[ 6] * bd[11] + (int64_t)ad[ 7] * bd[10] + - (int64_t)ad[ 8] * bd[ 9] + (int64_t)ad[ 9] * bd[ 8] + - (int64_t)ad[10] * bd[ 7] + (int64_t)ad[11] * bd[ 6]; - t[18] = (int64_t)ad[ 7] * bd[11] + (int64_t)ad[ 8] * bd[10] + - (int64_t)ad[ 9] * bd[ 9] + (int64_t)ad[10] * bd[ 8] + - (int64_t)ad[11] * bd[ 7]; - t[19] = (int64_t)ad[ 8] * bd[11] + (int64_t)ad[ 9] * bd[10] + - (int64_t)ad[10] * bd[ 9] + (int64_t)ad[11] * bd[ 8]; - t[20] = (int64_t)ad[ 9] * bd[11] + (int64_t)ad[10] * bd[10] + - (int64_t)ad[11] * bd[ 9]; - t[21] = (int64_t)ad[10] * bd[11] + (int64_t)ad[11] * bd[10]; - t[22] = (int64_t)ad[11] * bd[11]; + t[ 0] = cd[ 0] + (sword64)ad[ 0] * bd[ 0]; + t[ 1] = cd[ 1] + (sword64)ad[ 0] * bd[ 1] + (sword64)ad[ 1] * bd[ 0]; + t[ 2] = cd[ 2] + (sword64)ad[ 0] * bd[ 2] + (sword64)ad[ 1] * bd[ 1] + + (sword64)ad[ 2] * bd[ 0]; + t[ 3] = cd[ 3] + (sword64)ad[ 0] * bd[ 3] + (sword64)ad[ 1] * bd[ 2] + + (sword64)ad[ 2] * bd[ 1] + (sword64)ad[ 3] * bd[ 0]; + t[ 4] = cd[ 4] + (sword64)ad[ 0] * bd[ 4] + (sword64)ad[ 1] * bd[ 3] + + (sword64)ad[ 2] * bd[ 2] + (sword64)ad[ 3] * bd[ 1] + + (sword64)ad[ 4] * bd[ 0]; + t[ 5] = cd[ 5] + (sword64)ad[ 0] * bd[ 5] + (sword64)ad[ 1] * bd[ 4] + + (sword64)ad[ 2] * bd[ 3] + (sword64)ad[ 3] * bd[ 2] + + (sword64)ad[ 4] * bd[ 1] + (sword64)ad[ 5] * bd[ 0]; + t[ 6] = cd[ 6] + (sword64)ad[ 0] * bd[ 6] + (sword64)ad[ 1] * bd[ 5] + + (sword64)ad[ 2] * bd[ 4] + (sword64)ad[ 3] * bd[ 3] + + (sword64)ad[ 4] * bd[ 2] + (sword64)ad[ 5] * bd[ 1] + + (sword64)ad[ 6] * bd[ 0]; + t[ 7] = cd[ 7] + (sword64)ad[ 0] * bd[ 7] + (sword64)ad[ 1] * bd[ 6] + + (sword64)ad[ 2] * bd[ 5] + (sword64)ad[ 3] * bd[ 4] + + (sword64)ad[ 4] * bd[ 3] + (sword64)ad[ 5] * bd[ 2] + + (sword64)ad[ 6] * bd[ 1] + (sword64)ad[ 7] * bd[ 0]; + t[ 8] = cd[ 8] + (sword64)ad[ 0] * bd[ 8] + (sword64)ad[ 1] * bd[ 7] + + (sword64)ad[ 2] * bd[ 6] + (sword64)ad[ 3] * bd[ 5] + + (sword64)ad[ 4] * bd[ 4] + (sword64)ad[ 5] * bd[ 3] + + (sword64)ad[ 6] * bd[ 2] + (sword64)ad[ 7] * bd[ 1] + + (sword64)ad[ 8] * bd[ 0]; + t[ 9] = cd[ 9] + (sword64)ad[ 0] * bd[ 9] + (sword64)ad[ 1] * bd[ 8] + + (sword64)ad[ 2] * bd[ 7] + (sword64)ad[ 3] * bd[ 6] + + (sword64)ad[ 4] * bd[ 5] + (sword64)ad[ 5] * bd[ 4] + + (sword64)ad[ 6] * bd[ 3] + (sword64)ad[ 7] * bd[ 2] + + (sword64)ad[ 8] * bd[ 1] + (sword64)ad[ 9] * bd[ 0]; + t[10] = cd[10] + (sword64)ad[ 0] * bd[10] + (sword64)ad[ 1] * bd[ 9] + + (sword64)ad[ 2] * bd[ 8] + (sword64)ad[ 3] * bd[ 7] + + (sword64)ad[ 4] * bd[ 6] + (sword64)ad[ 5] * bd[ 5] + + (sword64)ad[ 6] * bd[ 4] + (sword64)ad[ 7] * bd[ 3] + + (sword64)ad[ 8] * bd[ 2] + (sword64)ad[ 9] * bd[ 1] + + (sword64)ad[10] * bd[ 0]; + t[11] = cd[11] + (sword64)ad[ 0] * bd[11] + (sword64)ad[ 1] * bd[10] + + (sword64)ad[ 2] * bd[ 9] + (sword64)ad[ 3] * bd[ 8] + + (sword64)ad[ 4] * bd[ 7] + (sword64)ad[ 5] * bd[ 6] + + (sword64)ad[ 6] * bd[ 5] + (sword64)ad[ 7] * bd[ 4] + + (sword64)ad[ 8] * bd[ 3] + (sword64)ad[ 9] * bd[ 2] + + (sword64)ad[10] * bd[ 1] + (sword64)ad[11] * bd[ 0]; + t[12] = (sword64)ad[ 1] * bd[11] + (sword64)ad[ 2] * bd[10] + + (sword64)ad[ 3] * bd[ 9] + (sword64)ad[ 4] * bd[ 8] + + (sword64)ad[ 5] * bd[ 7] + (sword64)ad[ 6] * bd[ 6] + + (sword64)ad[ 7] * bd[ 5] + (sword64)ad[ 8] * bd[ 4] + + (sword64)ad[ 9] * bd[ 3] + (sword64)ad[10] * bd[ 2] + + (sword64)ad[11] * bd[ 1]; + t[13] = (sword64)ad[ 2] * bd[11] + (sword64)ad[ 3] * bd[10] + + (sword64)ad[ 4] * bd[ 9] + (sword64)ad[ 5] * bd[ 8] + + (sword64)ad[ 6] * bd[ 7] + (sword64)ad[ 7] * bd[ 6] + + (sword64)ad[ 8] * bd[ 5] + (sword64)ad[ 9] * bd[ 4] + + (sword64)ad[10] * bd[ 3] + (sword64)ad[11] * bd[ 2]; + t[14] = (sword64)ad[ 3] * bd[11] + (sword64)ad[ 4] * bd[10] + + (sword64)ad[ 5] * bd[ 9] + (sword64)ad[ 6] * bd[ 8] + + (sword64)ad[ 7] * bd[ 7] + (sword64)ad[ 8] * bd[ 6] + + (sword64)ad[ 9] * bd[ 5] + (sword64)ad[10] * bd[ 4] + + (sword64)ad[11] * bd[ 3]; + t[15] = (sword64)ad[ 4] * bd[11] + (sword64)ad[ 5] * bd[10] + + (sword64)ad[ 6] * bd[ 9] + (sword64)ad[ 7] * bd[ 8] + + (sword64)ad[ 8] * bd[ 7] + (sword64)ad[ 9] * bd[ 6] + + (sword64)ad[10] * bd[ 5] + (sword64)ad[11] * bd[ 4]; + t[16] = (sword64)ad[ 5] * bd[11] + (sword64)ad[ 6] * bd[10] + + (sword64)ad[ 7] * bd[ 9] + (sword64)ad[ 8] * bd[ 8] + + (sword64)ad[ 9] * bd[ 7] + (sword64)ad[10] * bd[ 6] + + (sword64)ad[11] * bd[ 5]; + t[17] = (sword64)ad[ 6] * bd[11] + (sword64)ad[ 7] * bd[10] + + (sword64)ad[ 8] * bd[ 9] + (sword64)ad[ 9] * bd[ 8] + + (sword64)ad[10] * bd[ 7] + (sword64)ad[11] * bd[ 6]; + t[18] = (sword64)ad[ 7] * bd[11] + (sword64)ad[ 8] * bd[10] + + (sword64)ad[ 9] * bd[ 9] + (sword64)ad[10] * bd[ 8] + + (sword64)ad[11] * bd[ 7]; + t[19] = (sword64)ad[ 8] * bd[11] + (sword64)ad[ 9] * bd[10] + + (sword64)ad[10] * bd[ 9] + (sword64)ad[11] * bd[ 8]; + t[20] = (sword64)ad[ 9] * bd[11] + (sword64)ad[10] * bd[10] + + (sword64)ad[11] * bd[ 9]; + t[21] = (sword64)ad[10] * bd[11] + (sword64)ad[11] * bd[10]; + t[22] = (sword64)ad[11] * bd[11]; t[23] = 0; carry = t[ 0] >> 21; t[ 1] += carry; t[ 0] &= MASK_21; @@ -639,28 +639,28 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) s[31] = (byte)(t[11] >> 17); } #else -static uint64_t load_6(const byte* a) +static word64 load_6(const byte* a) { - uint64_t n; - n = ((uint64_t)a[0] << 0) | - ((uint64_t)a[1] << 8) | - ((uint64_t)a[2] << 16) | - ((uint64_t)a[3] << 24) | - ((uint64_t)a[4] << 32) | - ((uint64_t)a[5] << 40); + word64 n; + n = ((word64)a[0] << 0) | + ((word64)a[1] << 8) | + ((word64)a[2] << 16) | + ((word64)a[3] << 24) | + ((word64)a[4] << 32) | + ((word64)a[5] << 40); return n; } -static uint64_t load_7(const byte* a) +static word64 load_7(const byte* a) { - uint64_t n; - n = ((uint64_t)a[0] << 0) | - ((uint64_t)a[1] << 8) | - ((uint64_t)a[2] << 16) | - ((uint64_t)a[3] << 24) | - ((uint64_t)a[4] << 32) | - ((uint64_t)a[5] << 40) | - ((uint64_t)a[6] << 48); + word64 n; + n = ((word64)a[0] << 0) | + ((word64)a[1] << 8) | + ((word64)a[2] << 16) | + ((word64)a[3] << 24) | + ((word64)a[4] << 32) | + ((word64)a[5] << 40) | + ((word64)a[6] << 48); return n; } @@ -790,7 +790,7 @@ Output: */ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) { - uint64_t ad[6], bd[6], cd[6]; + word64 ad[6], bd[6], cd[6]; __int128_t t[12]; __int128_t carry; @@ -990,7 +990,7 @@ static unsigned char equal(signed char b,signed char c) unsigned char ub = b; unsigned char uc = c; unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ - uint32_t y = x; /* 0: yes; 1..255: no */ + word32 y = x; /* 0: yes; 1..255: no */ y -= 1; /* 4294967295: yes; 0..254: no */ y >>= 31; /* 1: yes; 0: no */ return (unsigned char)y; diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c index 7eb2a5120..7bc2489e8 100644 --- a/wolfcrypt/src/md5.c +++ b/wolfcrypt/src/md5.c @@ -127,7 +127,7 @@ static int Transform(wc_Md5* md5, const byte* data) #ifdef FREESCALE_MMCAU_CLASSIC_SHA cau_md5_hash_n((byte*)data, 1, (unsigned char*)md5->digest); #else - MMCAU_MD5_HashN((byte*)data, 1, (uint32_t*)md5->digest); + MMCAU_MD5_HashN((byte*)data, 1, (word32*)md5->digest); #endif wolfSSL_CryptHwMutexUnLock(); } @@ -148,7 +148,7 @@ static int Transform_Len(wc_Md5* md5, const byte* data, word32 len) #ifdef FREESCALE_MMCAU_CLASSIC_SHA cau_md5_hash_n(local, 1, (unsigned char*)md5->digest); #else - MMCAU_MD5_HashN(local, 1, (uint32_t*)md5->digest); + MMCAU_MD5_HashN(local, 1, (word32*)md5->digest); #endif data += WC_MD5_BLOCK_SIZE; len -= WC_MD5_BLOCK_SIZE; @@ -162,7 +162,7 @@ static int Transform_Len(wc_Md5* md5, const byte* data, word32 len) (unsigned char*)md5->digest); #else MMCAU_MD5_HashN((byte*)data, len / WC_MD5_BLOCK_SIZE, - (uint32_t*)md5->digest); + (word32*)md5->digest); #endif } wolfSSL_CryptHwMutexUnLock(); diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index bd8a2142a..15127b084 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1957,7 +1957,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) ((wolfssl_word)&output[i] % sizeof(word32)) != 0 ) { /* Single byte at a time */ - uint32_t tmpRng = 0; + word32 tmpRng = 0; if (HAL_RNG_GenerateRandomNumber(&hrng, &tmpRng) != HAL_OK) { wolfSSL_CryptHwMutexUnLock(); return RAN_BLOCK_E; @@ -1966,7 +1966,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } else { /* Use native 32 instruction */ - if (HAL_RNG_GenerateRandomNumber(&hrng, (uint32_t*)&output[i]) != HAL_OK) { + if (HAL_RNG_GenerateRandomNumber(&hrng, (word32*)&output[i]) != HAL_OK) { wolfSSL_CryptHwMutexUnLock(); return RAN_BLOCK_E; } @@ -2169,9 +2169,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { int remaining = sz, length, pos = 0; - uint32_t err_code; - uint8_t available; - static uint8_t initialized = 0; + word32 err_code; + byte available; + static byte initialized = 0; (void)os; @@ -2410,10 +2410,10 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { int ret; - uint32_t buffer[4]; + word32 buffer[4]; while (sz > 0) { - uint32_t len = sizeof(buffer); + word32 len = sizeof(buffer); if (sz < len) { len = sz; @@ -2439,9 +2439,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { - uint32_t ret; - uint32_t blocks; - word32 len = sz; + word32 ret; + word32 blocks; + word32 len = sz; ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->open(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl, WOLFSSL_SCE_TRNG_HANDLE.p_cfg); @@ -2450,28 +2450,28 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return -1; } - blocks = sz / sizeof(uint32_t); + blocks = sz / sizeof(word32); if (blocks > 0) { ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->read(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl, - (uint32_t*)output, blocks); + (word32*)output, blocks); if (ret != SSP_SUCCESS) { return -1; } } - len = len - (blocks * sizeof(uint32_t)); + len = len - (blocks * sizeof(word32)); if (len > 0) { - uint32_t tmp; + word32 tmp; - if (len > sizeof(uint32_t)) { + if (len > sizeof(word32)) { return -1; } ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->read(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl, - (uint32_t*)tmp, 1); + (word32*)tmp, 1); if (ret != SSP_SUCCESS) { return -1; } - XMEMCPY(output + (blocks * sizeof(uint32_t)), (byte*)&tmp, len); + XMEMCPY(output + (blocks * sizeof(word32)), (byte*)&tmp, len); } ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->close(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl); diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 419bd30fd..4e5c8215f 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -505,14 +505,14 @@ static int cc310_RSA_GenerateKeyPair(RsaKey* key, int size, long e) CRYS_RSAKGData_t KeyGenData; CRYS_RSAKGFipsContext_t FipsCtx; byte ex[3]; - uint16_t eSz = sizeof(ex); + word16 eSz = sizeof(ex); byte n[256]; - uint16_t nSz = sizeof(n); + word16 nSz = sizeof(n); ret = CRYS_RSA_KG_GenerateKeyPair(&wc_rndState, wc_rndGenVectFunc, (byte*)&e, - 3*sizeof(uint8_t), + 3*sizeof(byte), size, &key->ctx.privKey, &key->ctx.pubKey, @@ -2679,7 +2679,7 @@ static int cc310_RsaPublicDecrypt(const byte* in, word32 inLen, byte* out, { CRYSError_t ret = 0; CRYS_RSAPrimeData_t primeData; - uint16_t actualOutLen = outLen; + word16 actualOutLen = outLen; ret = CRYS_RSA_PKCS1v15_Decrypt(&key->ctx.privKey, &primeData, @@ -2699,7 +2699,7 @@ int cc310_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, CRYS_RSA_HASH_OpMode_t mode) { CRYSError_t ret = 0; - uint16_t actualOutLen = outLen*sizeof(byte); + word16 actualOutLen = outLen*sizeof(byte); CRYS_RSAPrivUserContext_t contextPrivate; ret = CRYS_RSA_PKCS1v15_Sign(&wc_rndState, diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index ee50ac907..63f4ed402 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -190,7 +190,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) { - uint32_t hashlen = WC_SHA_DIGEST_SIZE; + word32 hashlen = WC_SHA_DIGEST_SIZE; LTC_HASH_Finish(&sha->ctx, hash, &hashlen); return wc_InitSha(sha); /* reset state */ } @@ -224,7 +224,7 @@ #ifdef FREESCALE_MMCAU_CLASSIC_SHA cau_sha1_initialize_output(sha->digest); #else - MMCAU_SHA1_InitializeOutput((uint32_t*)sha->digest); + MMCAU_SHA1_InitializeOutput((word32*)sha->digest); #endif wolfSSL_CryptHwMutexUnLock(); @@ -242,7 +242,7 @@ #ifdef FREESCALE_MMCAU_CLASSIC_SHA cau_sha1_hash_n((byte*)data, 1, sha->digest); #else - MMCAU_SHA1_HashN((byte*)data, 1, (uint32_t*)sha->digest); + MMCAU_SHA1_HashN((byte*)data, 1, (word32*)sha->digest); #endif wolfSSL_CryptHwMutexUnLock(); } @@ -276,7 +276,7 @@ cau_sha1_hash_n((byte*)data, len/WC_SHA_BLOCK_SIZE, sha->digest); #else MMCAU_SHA1_HashN((byte*)data, len/WC_SHA_BLOCK_SIZE, - (uint32_t*)sha->digest); + (word32*)sha->digest); #endif } wolfSSL_CryptHwMutexUnLock(); diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 285076f92..e610d5413 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -461,7 +461,7 @@ static int InitSha256(wc_Sha256* sha256) #ifdef FREESCALE_MMCAU_CLASSIC_SHA cau_sha256_initialize_output(sha256->digest); #else - MMCAU_SHA256_InitializeOutput((uint32_t*)sha256->digest); + MMCAU_SHA256_InitializeOutput((word32*)sha256->digest); #endif wolfSSL_CryptHwMutexUnLock(); diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index aa19830fd..cc7022e14 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -2163,7 +2163,7 @@ time_t pic32_time(time_t* timer) #ifdef MICROCHIP_TCPIP_V5 DWORD sec = 0; #else - uint32_t sec = 0; + word32 sec = 0; #endif time_t localTime; @@ -2186,8 +2186,8 @@ time_t pic32_time(time_t* timer) time_t deos_time(time_t* timer) { - const uint32_t systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); - uint32_t *systemTickPtr = systemTickPointer(); + const word32 systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); + word32 *systemTickPtr = systemTickPointer(); if (timer != NULL) *timer = *systemTickPtr/systemTickTimeInHz; diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 640ee386f..f4da403b8 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -44,12 +44,10 @@ WOLFSSL_API unsigned long wolfSSLeay(void); WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void); #ifdef OPENSSL_EXTRA -#include - WOLFSSL_API void wolfSSL_OPENSSL_free(void*); WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); -WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings); #endif #define CRYPTO_THREADID void diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 49189d057..95c0fdb57 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -70,8 +70,7 @@ #endif #ifdef OPENSSL_EXTRA -#include -WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings); #endif typedef WOLFSSL SSL; diff --git a/wolfssl/wolfcrypt/fe_448.h b/wolfssl/wolfcrypt/fe_448.h index bcf8815a2..0bdcebdfa 100644 --- a/wolfssl/wolfcrypt/fe_448.h +++ b/wolfssl/wolfcrypt/fe_448.h @@ -27,10 +27,6 @@ #if defined(HAVE_CURVE448) || defined(HAVE_ED448) -#ifndef WOLFSSL_LINUXKM -#include -#endif - #include #if defined(HAVE___UINT128_T) && !defined(NO_CURVED448_128BIT) @@ -45,19 +41,23 @@ #if !defined(CURVE448_SMALL) && !defined(ED448_SMALL) #if defined(CURVED448_128BIT) - typedef int64_t fe448; + typedef sword64 fe448; #ifndef WOLFSSL_UINT128_T_DEFINED #ifdef __SIZEOF_INT128__ typedef __uint128_t uint128_t; typedef __int128_t int128_t; + typedef __uint128_t word128; + typedef __int128_t sword128; #else typedef unsigned long uint128_t __attribute__ ((mode(TI))); typedef long int128_t __attribute__ ((mode(TI))); + typedef uint128_t word128; + typedef int128_t sword128; #endif #define WOLFSSL_UINT128_T_DEFINED #endif #else - typedef int32_t fe448; + typedef sword32 fe448; #endif WOLFSSL_LOCAL void fe448_init(void); @@ -94,21 +94,21 @@ WOLFSSL_LOCAL void fe448_init(void); WOLFSSL_LOCAL int curve448(byte* r, const byte* n, const byte* a); #define fe448_reduce(a) -WOLFSSL_LOCAL void fe448_neg(uint8_t*,const uint8_t*); -WOLFSSL_LOCAL void fe448_add(uint8_t*, const uint8_t*, const uint8_t*); -WOLFSSL_LOCAL void fe448_sub(uint8_t*, const uint8_t*, const uint8_t*); -WOLFSSL_LOCAL void fe448_mul(uint8_t*,const uint8_t*,const uint8_t*); -WOLFSSL_LOCAL void fe448_sqr(uint8_t*, const uint8_t*); -WOLFSSL_LOCAL void fe448_mul39081(uint8_t*, const uint8_t*); -WOLFSSL_LOCAL void fe448_invert(uint8_t*, const uint8_t*); +WOLFSSL_LOCAL void fe448_neg(word8*,const word8*); +WOLFSSL_LOCAL void fe448_add(word8*, const word8*, const word8*); +WOLFSSL_LOCAL void fe448_sub(word8*, const word8*, const word8*); +WOLFSSL_LOCAL void fe448_mul(word8*,const word8*,const word8*); +WOLFSSL_LOCAL void fe448_sqr(word8*, const word8*); +WOLFSSL_LOCAL void fe448_mul39081(word8*, const word8*); +WOLFSSL_LOCAL void fe448_invert(word8*, const word8*); -WOLFSSL_LOCAL void fe448_copy(uint8_t*, const uint8_t*); -WOLFSSL_LOCAL int fe448_isnonzero(const uint8_t*); +WOLFSSL_LOCAL void fe448_copy(word8*, const word8*); +WOLFSSL_LOCAL int fe448_isnonzero(const word8*); WOLFSSL_LOCAL void fe448_norm(byte *a); -WOLFSSL_LOCAL void fe448_cmov(uint8_t*,const uint8_t*, int); -WOLFSSL_LOCAL void fe448_pow_2_446_222_1(uint8_t*,const uint8_t*); +WOLFSSL_LOCAL void fe448_cmov(word8*,const word8*, int); +WOLFSSL_LOCAL void fe448_pow_2_446_222_1(word8*,const word8*); #endif /* !CURVE448_SMALL || !ED448_SMALL */ diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h index 73d130579..60a1e87ae 100644 --- a/wolfssl/wolfcrypt/fe_operations.h +++ b/wolfssl/wolfcrypt/fe_operations.h @@ -27,12 +27,6 @@ #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) -#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) -#ifndef WOLFSSL_LINUXKM - #include -#endif -#endif - #include #if defined(USE_INTEL_SPEEDUP) && !defined(NO_CURVED25519_X64) @@ -88,13 +82,13 @@ WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p); #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) #ifdef CURVED25519_ASM_64BIT - typedef int64_t fe[4]; + typedef sword64 fe[4]; #elif defined(CURVED25519_ASM_32BIT) - typedef int32_t fe[8]; + typedef sword32 fe[8]; #elif defined(CURVED25519_128BIT) - typedef int64_t fe[5]; + typedef sword64 fe[5]; #else - typedef int32_t fe[10]; + typedef sword32 fe[10]; #endif WOLFSSL_LOCAL void fe_copy(fe, const fe); @@ -122,8 +116,8 @@ WOLFSSL_LOCAL void fe_cmov(fe,const fe, int); WOLFSSL_LOCAL void fe_pow22523(fe,const fe); /* 64 type needed for SHA512 */ -WOLFSSL_LOCAL uint64_t load_3(const unsigned char *in); -WOLFSSL_LOCAL uint64_t load_4(const unsigned char *in); +WOLFSSL_LOCAL word64 load_3(const unsigned char *in); +WOLFSSL_LOCAL word64 load_4(const unsigned char *in); #ifdef CURVED25519_ASM WOLFSSL_LOCAL void fe_ge_to_p2(fe rx, fe ry, fe rz, const fe px, const fe py, diff --git a/wolfssl/wolfcrypt/ge_448.h b/wolfssl/wolfcrypt/ge_448.h index 51cb02af6..c4fb2293f 100644 --- a/wolfssl/wolfcrypt/ge_448.h +++ b/wolfssl/wolfcrypt/ge_448.h @@ -45,10 +45,10 @@ Representations: typedef byte ge448; #define GE448_WORDS 56 #elif defined(CURVED448_128BIT) - typedef int64_t ge448; + typedef sword64 ge448; #define GE448_WORDS 8 #else - typedef int32_t ge448; + typedef sword32 ge448; #define GE448_WORDS 16 #endif diff --git a/wolfssl/wolfcrypt/ge_operations.h b/wolfssl/wolfcrypt/ge_operations.h index 9d89c0ac7..9632e1539 100644 --- a/wolfssl/wolfcrypt/ge_operations.h +++ b/wolfssl/wolfcrypt/ge_operations.h @@ -48,13 +48,13 @@ Representations: #ifdef ED25519_SMALL typedef byte ge[F25519_SIZE]; #elif defined(CURVED25519_ASM_64BIT) - typedef int64_t ge[4]; + typedef sword64 ge[4]; #elif defined(CURVED25519_ASM_32BIT) - typedef int32_t ge[8]; + typedef sword32 ge[8]; #elif defined(CURVED25519_128BIT) - typedef int64_t ge[5]; + typedef sword64 ge[5]; #else - typedef int32_t ge[10]; + typedef sword32 ge[10]; #endif typedef struct { diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 7148e1d24..bbab5121f 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -64,12 +64,18 @@ decouple library dependencies with standard string, memory and so on. #ifndef WOLFSSL_TYPES #ifndef byte typedef unsigned char byte; + typedef char sword8; + typedef unsigned char word8; #endif #ifdef WC_16BIT_CPU + typedef int sword16; typedef unsigned int word16; + typedef long sword32; typedef unsigned long word32; #else + typedef short sword16; typedef unsigned short word16; + typedef int sword32; typedef unsigned int word32; #endif typedef byte word24[3]; @@ -114,22 +120,27 @@ decouple library dependencies with standard string, memory and so on. #if defined(_MSC_VER) || defined(__BCPLUSPLUS__) #define WORD64_AVAILABLE #define W64LIT(x) x##ui64 + typedef __int64 sword64; typedef unsigned __int64 word64; #elif defined(__EMSCRIPTEN__) #define WORD64_AVAILABLE #define W64LIT(x) x##ull + typedef long long sword64; typedef unsigned long long word64; #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 #define WORD64_AVAILABLE #define W64LIT(x) x##LL + typedef long sword64; typedef unsigned long word64; #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 #define WORD64_AVAILABLE #define W64LIT(x) x##LL + typedef long long sword64; typedef unsigned long long word64; #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 #define WORD64_AVAILABLE #define W64LIT(x) x##LL + typedef long long sword64; typedef unsigned long long word64; #endif diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 989cc5e1a..d8e16df01 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -502,9 +502,9 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); } conn; WOLFSSL_CTX *ctx; WOLFSSL *ssl; - uint8_t *input_databuf; - uint8_t *output_databuf; - uint8_t *ssl_rx_databuf; + byte *input_databuf; + byte *output_databuf; + byte *ssl_rx_databuf; int ssl_rb_len; int ssl_rb_off; struct process *process; @@ -512,7 +512,7 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); tcp_socket_event_callback_t event_callback; int closing; uip_ipaddr_t peer_addr; - uint16_t peer_port; + word16 peer_port; }; typedef struct uip_wolfssl_ctx uip_wolfssl_ctx;