@@ -210,18 +210,6 @@ func ExtensionFieldConditionalSwap(x, y *ExtensionFieldElement, choice uint8) { | |||
fp751ConditionalSwap(&x.B, &y.B, choice) | |||
} | |||
// Set dest = if choice == 0 { x } else { y }, in constant time. | |||
// | |||
// Can overlap z with x or y or both. | |||
// | |||
// Returns dest to allow chaining operations. | |||
func (dest *ExtensionFieldElement) ConditionalAssign(x, y *ExtensionFieldElement, choice uint8) *ExtensionFieldElement { | |||
fp751ConditionalAssign(&dest.A, &x.A, &y.A, choice) | |||
fp751ConditionalAssign(&dest.B, &x.B, &y.B, choice) | |||
return dest | |||
} | |||
// Returns true if lhs = rhs. Takes variable time. | |||
func (lhs *ExtensionFieldElement) VartimeEq(rhs *ExtensionFieldElement) bool { | |||
return lhs.A.vartimeEq(rhs.A) && lhs.B.vartimeEq(rhs.B) | |||
@@ -387,17 +375,6 @@ func PrimeFieldConditionalSwap(x, y *PrimeFieldElement, choice uint8) { | |||
fp751ConditionalSwap(&x.A, &y.A, choice) | |||
} | |||
// Set dest = if choice == 0 { x } else { y }, in constant time. | |||
// | |||
// Can overlap z with x or y or both. | |||
// | |||
// Returns dest to allow chaining operations. | |||
func (dest *PrimeFieldElement) ConditionalAssign(x, y *PrimeFieldElement, choice uint8) *PrimeFieldElement { | |||
fp751ConditionalAssign(&dest.A, &x.A, &y.A, choice) | |||
return dest | |||
} | |||
// Set dest = sqrt(x), if x is a square. If x is nonsquare dest is undefined. | |||
// | |||
// Allowed to overlap x with dest. | |||
@@ -500,13 +477,6 @@ type fp751X2 [2 * fp751NumWords]uint64 | |||
//go:noescape | |||
func fp751ConditionalSwap(x, y *Fp751Element, choice uint8) | |||
// If choice = 0, set z = x. If choice = 1, set z = y. | |||
// This function executes in constant time. | |||
// | |||
// Can overlap z with x or y or both. | |||
//go:noescape | |||
func fp751ConditionalAssign(z, x, y *Fp751Element, choice uint8) | |||
// Compute z = x + y (mod p). | |||
//go:noescape | |||
func fp751AddReduced(z, x, y *Fp751Element) | |||
@@ -250,101 +250,6 @@ TEXT ·fp751ConditionalSwap(SB), NOSPLIT, $0-17 | |||
RET | |||
TEXT ·fp751ConditionalAssign(SB), NOSPLIT, $0-25 | |||
MOVQ z+0(FP), REG_P3 | |||
MOVQ x+8(FP), REG_P1 | |||
MOVQ y+16(FP), REG_P2 | |||
MOVB choice+24(FP), AL // AL = 0 or 1 | |||
MOVBLZX AL, AX // AX = 0 or 1 | |||
NEGQ AX // RAX = 0x00..00 or 0xff..ff | |||
MOVQ (0*8)(REG_P1), BX // BX = x[0] | |||
MOVQ (0*8)(REG_P2), CX // CX = y[0] | |||
XORQ BX, CX // CX = y[0] ^ x[0] | |||
ANDQ AX, CX // CX = (y[0] ^ x[0]) & mask | |||
XORQ BX, CX // CX = (y[0] ^ x[0]) & mask) ^ x[0] | |||
MOVQ CX, (0*8)(REG_P3) // = x[0] or y[0] | |||
MOVQ (1*8)(REG_P1), BX | |||
MOVQ (1*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (1*8)(REG_P3) | |||
MOVQ (2*8)(REG_P1), BX | |||
MOVQ (2*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (2*8)(REG_P3) | |||
MOVQ (3*8)(REG_P1), BX | |||
MOVQ (3*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (3*8)(REG_P3) | |||
MOVQ (4*8)(REG_P1), BX | |||
MOVQ (4*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (4*8)(REG_P3) | |||
MOVQ (5*8)(REG_P1), BX | |||
MOVQ (5*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (5*8)(REG_P3) | |||
MOVQ (6*8)(REG_P1), BX | |||
MOVQ (6*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (6*8)(REG_P3) | |||
MOVQ (7*8)(REG_P1), BX | |||
MOVQ (7*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (7*8)(REG_P3) | |||
MOVQ (8*8)(REG_P1), BX | |||
MOVQ (8*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (8*8)(REG_P3) | |||
MOVQ (9*8)(REG_P1), BX | |||
MOVQ (9*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (9*8)(REG_P3) | |||
MOVQ (10*8)(REG_P1), BX | |||
MOVQ (10*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (10*8)(REG_P3) | |||
MOVQ (11*8)(REG_P1), BX | |||
MOVQ (11*8)(REG_P2), CX | |||
XORQ BX, CX | |||
ANDQ AX, CX | |||
XORQ BX, CX | |||
MOVQ CX, (11*8)(REG_P3) | |||
RET | |||
TEXT ·fp751AddReduced(SB), NOSPLIT, $0-24 | |||
MOVQ z+0(FP), REG_P3 | |||
@@ -390,24 +390,6 @@ func TestFp751ElementConditionalSwap(t *testing.T) { | |||
} | |||
} | |||
func TestFp751ElementConditionalAssign(t *testing.T) { | |||
var one = Fp751Element{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} | |||
var two = Fp751Element{2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2} | |||
var three = Fp751Element{3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3} | |||
fp751ConditionalAssign(&one, &two, &three, 0) | |||
if one != two { | |||
t.Error("Found", one, "expected", two) | |||
} | |||
fp751ConditionalAssign(&one, &two, &three, 1) | |||
if one != three { | |||
t.Error("Found", one, "expected", three) | |||
} | |||
} | |||
// Package-level storage for this field element is intended to deter | |||
// compiler optimizations. | |||
var benchmarkFp751Element Fp751Element | |||