nobs/dh/sidh/sidh_generic.go

// +build !amd64 noasm

package sidh

var three238m1 = []uint8{
	0xf8, 0x84, 0x83, 0x82, 0x8a, 0x71, 0xcd, 0xed,
	0x14, 0x7a, 0x42, 0xd4, 0xbf, 0x35, 0x3b, 0x73,
	0x38, 0xcf, 0xd7, 0x94, 0xcf, 0x29, 0x82, 0xf8,
	0xd6, 0x2a, 0x7c, 0x0c, 0x99, 0x6c, 0xc5, 0x63,
	0xc7, 0x22, 0x42, 0x8f, 0x7e, 0xa8, 0x58, 0xb8,
	0xf5, 0xea, 0x25, 0xb5, 0xc6, 0xc9, 0x54, 0x02}

func addc8(cin, a, b uint8) (ret, cout uint8) {
	t := a + cin
	ret = b + t
	cout = ((a & b) | ((a | b) & (^ret))) >> 7
	return
}

func subc8(bIn, a, b uint8) (ret, bOut uint8) {
	var tmp1 = a - b
	ret = tmp1 - bIn
	// Set bOut if bIn!=0 and tmp1==0 in constant time
	bOut = bIn & (1 ^ ((tmp1 | uint8(0-tmp1)) >> 7))
	// Constant time check if a<b
	bOut |= (a ^ ((a ^ b) | (uint8(a-b) ^ b))) >> 7
	return
}

// Set result to zero if the input scalar is <= 3^238. scalar must be 48-byte array
// of bytes. This function is specific to P751.
func checkLessThanThree238(scalar []byte) uint64 {
	var borrow uint8
	for i := 0; i < len(three238m1); i++ {
		_, borrow = subc8(borrow, three238m1[i], scalar[i])
	}
	return uint64(borrow)
}

// Multiply 48-byte scalar by 3 to get a scalar in 3*[0,3^238). This
// function is specific to P751.
func multiplyByThree(scalar []byte) {
	var carry uint8
	var dbl [48]uint8

	for i := 0; i < len(scalar); i++ {
		dbl[i], carry = addc8(carry, scalar[i], scalar[i])
	}
	for i := 0; i < len(scalar); i++ {
		scalar[i], carry = addc8(carry, dbl[i], scalar[i])
	}
}
adds SIKE and SIDH 2018-07-23 23:18:38 +01:00			`// +build !amd64 noasm`

			`package sidh`

			`var three238m1 = []uint8{`
			`0xf8, 0x84, 0x83, 0x82, 0x8a, 0x71, 0xcd, 0xed,`
			`0x14, 0x7a, 0x42, 0xd4, 0xbf, 0x35, 0x3b, 0x73,`
			`0x38, 0xcf, 0xd7, 0x94, 0xcf, 0x29, 0x82, 0xf8,`
			`0xd6, 0x2a, 0x7c, 0x0c, 0x99, 0x6c, 0xc5, 0x63,`
			`0xc7, 0x22, 0x42, 0x8f, 0x7e, 0xa8, 0x58, 0xb8,`
			`0xf5, 0xea, 0x25, 0xb5, 0xc6, 0xc9, 0x54, 0x02}`

			`func addc8(cin, a, b uint8) (ret, cout uint8) {`
			`t := a + cin`
			`ret = b + t`
			`cout = ((a & b) \| ((a \| b) & (^ret))) >> 7`
			`return`
			`}`

			`func subc8(bIn, a, b uint8) (ret, bOut uint8) {`
			`var tmp1 = a - b`
			`ret = tmp1 - bIn`
			`// Set bOut if bIn!=0 and tmp1==0 in constant time`
			`bOut = bIn & (1 ^ ((tmp1 \| uint8(0-tmp1)) >> 7))`
			`// Constant time check if a<b`
			`bOut \|= (a ^ ((a ^ b) \| (uint8(a-b) ^ b))) >> 7`
			`return`
			`}`

			`// Set result to zero if the input scalar is <= 3^238. scalar must be 48-byte array`
			`// of bytes. This function is specific to P751.`
			`func checkLessThanThree238(scalar []byte) uint64 {`
			`var borrow uint8`
			`for i := 0; i < len(three238m1); i++ {`
			`_, borrow = subc8(borrow, three238m1[i], scalar[i])`
			`}`
			`return uint64(borrow)`
			`}`

			`// Multiply 48-byte scalar by 3 to get a scalar in 3*[0,3^238). This`
			`// function is specific to P751.`
			`func multiplyByThree(scalar []byte) {`
			`var carry uint8`
			`var dbl [48]uint8`

			`for i := 0; i < len(scalar); i++ {`
			`dbl[i], carry = addc8(carry, scalar[i], scalar[i])`
			`}`
			`for i := 0; i < len(scalar); i++ {`
			`scalar[i], carry = addc8(carry, dbl[i], scalar[i])`
			`}`
			`}`