Botan 3.11.0
Crypto and TLS for C&
poly_dbl.cpp
Go to the documentation of this file.
1/*
2* (C) 2017,2018 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/poly_dbl.h>
8
9#include <botan/exceptn.h>
10#include <botan/internal/ct_utils.h>
11#include <botan/internal/loadstor.h>
12
13namespace Botan {
14
15namespace {
16
17/*
18* The minimum weight irreducible binary polynomial of size n
19*
20* See "Table of Low-Weight Binary Irreducible Polynomials"
21* by Gadiel Seroussi, HP Labs Tech Report HPL-98-135
22* https://shiftleft.com/mirrors/www.hpl.hp.com/techreports/98/HPL-98-135.pdf
23*/
24enum class MinWeightPolynomial : uint32_t {
25 P64 = 0x1B,
26 P128 = 0x87,
27 P192 = 0x87,
28 P256 = 0x425,
29 P512 = 0x125,
30 P1024 = 0x80043,
31};
32
33/**
34* If the top bit of c is set, returns the carry (the polynomial)
35*
36* Otherwise returns zero.
37*/
38template <MinWeightPolynomial P>
39inline uint64_t return_carry(uint64_t c) {
40 return CT::Mask<uint64_t>::expand_top_bit(c).if_set_return(static_cast<uint64_t>(P));
41}
42
43template <size_t LIMBS, MinWeightPolynomial P>
44void poly_double(uint8_t out[], const uint8_t in[]) {
45 uint64_t W[LIMBS];
46 load_be(W, in, LIMBS);
47
48 const uint64_t carry = return_carry<P>(W[0]);
49
50 if constexpr(LIMBS > 0) {
51 for(size_t i = 0; i != LIMBS - 1; ++i) {
52 W[i] = (W[i] << 1) ^ (W[i + 1] >> 63);
53 }
54 }
55
56 W[LIMBS - 1] = (W[LIMBS - 1] << 1) ^ carry;
57
58 copy_out_be(std::span(out, LIMBS * 8), W);
59}
60
61template <size_t LIMBS, MinWeightPolynomial P>
62void poly_double_le(uint8_t out[], const uint8_t in[]) {
63 uint64_t W[LIMBS];
64 load_le(W, in, LIMBS);
65
66 const uint64_t carry = return_carry<P>(W[LIMBS - 1]);
67
68 if constexpr(LIMBS > 0) {
69 for(size_t i = 0; i != LIMBS - 1; ++i) {
70 W[LIMBS - 1 - i] = (W[LIMBS - 1 - i] << 1) ^ (W[LIMBS - 2 - i] >> 63);
71 }
72 }
73
74 W[0] = (W[0] << 1) ^ carry;
75
76 copy_out_le(std::span(out, LIMBS * 8), W);
77}
78
79} // namespace
80
81void poly_double_n(uint8_t out[], const uint8_t in[], size_t n) {
82 switch(n) {
83 case 8:
84 return poly_double<1, MinWeightPolynomial::P64>(out, in);
85 case 16:
86 return poly_double<2, MinWeightPolynomial::P128>(out, in);
87 case 24:
88 return poly_double<3, MinWeightPolynomial::P192>(out, in);
89 case 32:
90 return poly_double<4, MinWeightPolynomial::P256>(out, in);
91 case 64:
92 return poly_double<8, MinWeightPolynomial::P512>(out, in);
93 case 128:
94 return poly_double<16, MinWeightPolynomial::P1024>(out, in);
95 default:
96 throw Invalid_Argument("Unsupported size for poly_double_n");
97 }
98}
99
100void poly_double_n_le(uint8_t out[], const uint8_t in[], size_t n) {
101 switch(n) {
102 case 8:
103 return poly_double_le<1, MinWeightPolynomial::P64>(out, in);
104 case 16:
105 return poly_double_le<2, MinWeightPolynomial::P128>(out, in);
106 case 24:
107 return poly_double_le<3, MinWeightPolynomial::P192>(out, in);
108 case 32:
109 return poly_double_le<4, MinWeightPolynomial::P256>(out, in);
110 case 64:
111 return poly_double_le<8, MinWeightPolynomial::P512>(out, in);
112 case 128:
113 return poly_double_le<16, MinWeightPolynomial::P1024>(out, in);
114 default:
115 throw Invalid_Argument("Unsupported size for poly_double_n_le");
116 }
117}
118
119void xts_compute_tweak_block(uint8_t tweak[], size_t BS, size_t blocks_in_tweak) {
120 BOTAN_ASSERT_NOMSG(blocks_in_tweak > 0);
121
122 if(BS == 16) {
123 constexpr size_t LIMBS = 2;
124
125 uint64_t W[LIMBS];
126 load_le(W, &tweak[0], LIMBS);
127
128 for(size_t i = 1; i < blocks_in_tweak; ++i) {
129 const uint64_t carry = return_carry<MinWeightPolynomial::P128>(W[1]);
130 W[1] = (W[1] << 1) ^ (W[0] >> 63);
131 W[0] = (W[0] << 1) ^ carry;
132 copy_out_le(std::span(&tweak[i * BS], 2 * 8), W);
133 }
134 } else {
135 for(size_t i = 1; i < blocks_in_tweak; ++i) {
136 const uint8_t* prev = &tweak[(i - 1) * BS];
137 uint8_t* cur = &tweak[i * BS];
138 poly_double_n_le(cur, prev, BS);
139 }
140 }
141}
142
143} // namespace Botan
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::CT::Mask::expand_top_bit
static constexpr Mask< T > expand_top_bit(T v)
Definition ct_utils.h:415
Botan::Invalid_Argument
Definition exceptn.h:132
Botan::copy_out_le
void copy_out_le(std::span< uint8_t > out, const InR &in)
Definition loadstor.h:789
Botan::copy_out_be
void copy_out_be(std::span< uint8_t > out, const InR &in)
Definition loadstor.h:773
Botan::poly_double_n_le
void poly_double_n_le(uint8_t out[], const uint8_t in[], size_t n)
Definition poly_dbl.cpp:100
Botan::carry
void carry(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:27
Botan::load_le
constexpr auto load_le(ParamTs &&... params)
Definition loadstor.h:495
Botan::xts_compute_tweak_block
void xts_compute_tweak_block(uint8_t tweak[], size_t BS, size_t blocks_in_tweak)
Definition poly_dbl.cpp:119
Botan::poly_double_n
void poly_double_n(uint8_t out[], const uint8_t in[], size_t n)
Definition poly_dbl.cpp:81
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504
Generated by doxygen 1.15.0