1
0
mirror of https://github.com/henrydcase/nobs.git synced 2024-11-22 23:28:57 +00:00
nobs/dh/sidh/sidh_generic.go

53 lines
1.4 KiB
Go

// +build !amd64 noasm
package sidh
var three238m1 = []uint8{
0xf8, 0x84, 0x83, 0x82, 0x8a, 0x71, 0xcd, 0xed,
0x14, 0x7a, 0x42, 0xd4, 0xbf, 0x35, 0x3b, 0x73,
0x38, 0xcf, 0xd7, 0x94, 0xcf, 0x29, 0x82, 0xf8,
0xd6, 0x2a, 0x7c, 0x0c, 0x99, 0x6c, 0xc5, 0x63,
0xc7, 0x22, 0x42, 0x8f, 0x7e, 0xa8, 0x58, 0xb8,
0xf5, 0xea, 0x25, 0xb5, 0xc6, 0xc9, 0x54, 0x02}
func addc8(cin, a, b uint8) (ret, cout uint8) {
t := a + cin
ret = b + t
cout = ((a & b) | ((a | b) & (^ret))) >> 7
return
}
func subc8(bIn, a, b uint8) (ret, bOut uint8) {
var tmp1 = a - b
ret = tmp1 - bIn
// Set bOut if bIn!=0 and tmp1==0 in constant time
bOut = bIn & (1 ^ ((tmp1 | uint8(0-tmp1)) >> 7))
// Constant time check if a<b
bOut |= (a ^ ((a ^ b) | (uint8(a-b) ^ b))) >> 7
return
}
// Set result to zero if the input scalar is <= 3^238, otherwise result is 1.
// Scalar must be array of 48 bytes. This function is specific to P751.
func checkLessThanThree238(scalar []byte) uint8 {
var borrow uint8
for i := 0; i < len(three238m1); i++ {
_, borrow = subc8(borrow, three238m1[i], scalar[i])
}
return borrow
}
// Multiply 48-byte scalar by 3 to get a scalar in 3*[0,3^238). This
// function is specific to P751.
func multiplyByThree(scalar []byte) {
var carry uint8
var dbl [48]uint8
for i := 0; i < len(scalar); i++ {
dbl[i], carry = addc8(carry, scalar[i], scalar[i])
}
for i := 0; i < len(scalar); i++ {
scalar[i], carry = addc8(carry, dbl[i], scalar[i])
}
}