Define p503 with crypto_word_t, not uint64_t.
Most of the crypto_word_t* casts in third_party/sike are due to p503
being defined with uint64_t. This is a strict aliasing violation and
easily avoided with a TOBN-like macro when defining p503.
This clears almost all of the casts. Also remove an unused stdbool.h
include.
Change-Id: Ife3a4ec620f8b7f4e09c87c6fc43d8b82396046b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/36064
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <alangley@gmail.com>
diff --git a/third_party/sike/P503.c b/third_party/sike/P503.c
index aecf623..b8463e7 100644
--- a/third_party/sike/P503.c
+++ b/third_party/sike/P503.c
@@ -9,48 +9,78 @@
// Parameters for isogeny system "SIKEp503"
const struct params_t p503 = {
.prime = {
- 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xABFFFFFFFFFFFFFF,
- 0x13085BDA2211E7A0, 0x1B9BF6C87B7E7DAF, 0x6045C6BDDA77A4D0, 0x004066F541811E1E
+ U64_TO_WORDS(0xFFFFFFFFFFFFFFFF), U64_TO_WORDS(0xFFFFFFFFFFFFFFFF),
+ U64_TO_WORDS(0xFFFFFFFFFFFFFFFF), U64_TO_WORDS(0xABFFFFFFFFFFFFFF),
+ U64_TO_WORDS(0x13085BDA2211E7A0), U64_TO_WORDS(0x1B9BF6C87B7E7DAF),
+ U64_TO_WORDS(0x6045C6BDDA77A4D0), U64_TO_WORDS(0x004066F541811E1E)
},
.prime_p1 = {
- 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0xAC00000000000000,
- 0x13085BDA2211E7A0, 0x1B9BF6C87B7E7DAF, 0x6045C6BDDA77A4D0, 0x004066F541811E1E
+ U64_TO_WORDS(0x0000000000000000), U64_TO_WORDS(0x0000000000000000),
+ U64_TO_WORDS(0x0000000000000000), U64_TO_WORDS(0xAC00000000000000),
+ U64_TO_WORDS(0x13085BDA2211E7A0), U64_TO_WORDS(0x1B9BF6C87B7E7DAF),
+ U64_TO_WORDS(0x6045C6BDDA77A4D0), U64_TO_WORDS(0x004066F541811E1E)
},
.prime_x2 = {
- 0xFFFFFFFFFFFFFFFE, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0x57FFFFFFFFFFFFFF,
- 0x2610B7B44423CF41, 0x3737ED90F6FCFB5E, 0xC08B8D7BB4EF49A0, 0x0080CDEA83023C3C
+ U64_TO_WORDS(0xFFFFFFFFFFFFFFFE), U64_TO_WORDS(0xFFFFFFFFFFFFFFFF),
+ U64_TO_WORDS(0xFFFFFFFFFFFFFFFF), U64_TO_WORDS(0x57FFFFFFFFFFFFFF),
+ U64_TO_WORDS(0x2610B7B44423CF41), U64_TO_WORDS(0x3737ED90F6FCFB5E),
+ U64_TO_WORDS(0xC08B8D7BB4EF49A0), U64_TO_WORDS(0x0080CDEA83023C3C)
},
.A_gen = {
- 0xE7EF4AA786D855AF, 0xED5758F03EB34D3B, 0x09AE172535A86AA9, 0x237B9CC07D622723,
- 0xE3A284CBA4E7932D, 0x27481D9176C5E63F, 0x6A323FF55C6E71BF, 0x002ECC31A6FB8773, // XPA0
- 0x64D02E4E90A620B8, 0xDAB8128537D4B9F1, 0x4BADF77B8A228F98, 0x0F5DBDF9D1FB7D1B,
- 0xBEC4DB288E1A0DCC, 0xE76A8665E80675DB, 0x6D6F252E12929463, 0x003188BD1463FACC, // XPA1
- 0xB79D41025DE85D56, 0x0B867DA9DF169686, 0x740E5368021C827D, 0x20615D72157BF25C,
- 0xFF1590013C9B9F5B, 0xC884DCADE8C16CEA, 0xEBD05E53BF724E01, 0x0032FEF8FDA5748C, // XQA0
- 0x12E2E849AA0A8006, 0x41CF47008635A1E8, 0x9CD720A70798AED7, 0x42A820B42FCF04CF,
- 0x7BF9BAD32AAE88B1, 0xF619127A54090BBE, 0x1CB10D8F56408EAA, 0x001D6B54C3C0EDEB, // XRA0
- 0x34DB54931CBAAC36, 0x420A18CB8DD5F0C4, 0x32008C1A48C0F44D, 0x3B3BA772B1CFD44D,
- 0xA74B058FDAF13515, 0x095FC9CA7EEC17B4, 0x448E829D28F120F8, 0x00261EC3ED16A489 // XRA1
+ U64_TO_WORDS(0xE7EF4AA786D855AF), U64_TO_WORDS(0xED5758F03EB34D3B),
+ U64_TO_WORDS(0x09AE172535A86AA9), U64_TO_WORDS(0x237B9CC07D622723),
+ U64_TO_WORDS(0xE3A284CBA4E7932D), U64_TO_WORDS(0x27481D9176C5E63F),
+ U64_TO_WORDS(0x6A323FF55C6E71BF), U64_TO_WORDS(0x002ECC31A6FB8773), // XPA0
+ U64_TO_WORDS(0x64D02E4E90A620B8), U64_TO_WORDS(0xDAB8128537D4B9F1),
+ U64_TO_WORDS(0x4BADF77B8A228F98), U64_TO_WORDS(0x0F5DBDF9D1FB7D1B),
+ U64_TO_WORDS(0xBEC4DB288E1A0DCC), U64_TO_WORDS(0xE76A8665E80675DB),
+ U64_TO_WORDS(0x6D6F252E12929463), U64_TO_WORDS(0x003188BD1463FACC), // XPA1
+ U64_TO_WORDS(0xB79D41025DE85D56), U64_TO_WORDS(0x0B867DA9DF169686),
+ U64_TO_WORDS(0x740E5368021C827D), U64_TO_WORDS(0x20615D72157BF25C),
+ U64_TO_WORDS(0xFF1590013C9B9F5B), U64_TO_WORDS(0xC884DCADE8C16CEA),
+ U64_TO_WORDS(0xEBD05E53BF724E01), U64_TO_WORDS(0x0032FEF8FDA5748C), // XQA0
+ U64_TO_WORDS(0x12E2E849AA0A8006), U64_TO_WORDS(0x41CF47008635A1E8),
+ U64_TO_WORDS(0x9CD720A70798AED7), U64_TO_WORDS(0x42A820B42FCF04CF),
+ U64_TO_WORDS(0x7BF9BAD32AAE88B1), U64_TO_WORDS(0xF619127A54090BBE),
+ U64_TO_WORDS(0x1CB10D8F56408EAA), U64_TO_WORDS(0x001D6B54C3C0EDEB), // XRA0
+ U64_TO_WORDS(0x34DB54931CBAAC36), U64_TO_WORDS(0x420A18CB8DD5F0C4),
+ U64_TO_WORDS(0x32008C1A48C0F44D), U64_TO_WORDS(0x3B3BA772B1CFD44D),
+ U64_TO_WORDS(0xA74B058FDAF13515), U64_TO_WORDS(0x095FC9CA7EEC17B4),
+ U64_TO_WORDS(0x448E829D28F120F8), U64_TO_WORDS(0x00261EC3ED16A489) // XRA1
},
.B_gen = {
- 0x7EDE37F4FA0BC727, 0xF7F8EC5C8598941C, 0xD15519B516B5F5C8, 0xF6D5AC9B87A36282,
- 0x7B19F105B30E952E, 0x13BD8B2025B4EBEE, 0x7B96D27F4EC579A2, 0x00140850CAB7E5DE, // XPB0
- 0x7764909DAE7B7B2D, 0x578ABB16284911AB, 0x76E2BFD146A6BF4D, 0x4824044B23AA02F0,
- 0x1105048912A321F3, 0xB8A2E482CF0F10C1, 0x42FF7D0BE2152085, 0x0018E599C5223352, // XPB1
- 0x4256C520FB388820, 0x744FD7C3BAAF0A13, 0x4B6A2DDDB12CBCB8, 0xE46826E27F427DF8,
- 0xFE4A663CD505A61B, 0xD6B3A1BAF025C695, 0x7C3BB62B8FCC00BD, 0x003AFDDE4A35746C, // XQB0
- 0x75601CD1E6C0DFCB, 0x1A9007239B58F93E, 0xC1F1BE80C62107AC, 0x7F513B898F29FF08,
- 0xEA0BEDFF43E1F7B2, 0x2C6D94018CBAE6D0, 0x3A430D31BCD84672, 0x000D26892ECCFE83, // XRB0
- 0x1119D62AEA3007A1, 0xE3702AA4E04BAE1B, 0x9AB96F7D59F990E7, 0xF58440E8B43319C0,
- 0xAF8134BEE1489775, 0xE7F7774E905192AA, 0xF54AE09308E98039, 0x001EF7A041A86112 // XRB1
+ U64_TO_WORDS(0x7EDE37F4FA0BC727), U64_TO_WORDS(0xF7F8EC5C8598941C),
+ U64_TO_WORDS(0xD15519B516B5F5C8), U64_TO_WORDS(0xF6D5AC9B87A36282),
+ U64_TO_WORDS(0x7B19F105B30E952E), U64_TO_WORDS(0x13BD8B2025B4EBEE),
+ U64_TO_WORDS(0x7B96D27F4EC579A2), U64_TO_WORDS(0x00140850CAB7E5DE), // XPB0
+ U64_TO_WORDS(0x7764909DAE7B7B2D), U64_TO_WORDS(0x578ABB16284911AB),
+ U64_TO_WORDS(0x76E2BFD146A6BF4D), U64_TO_WORDS(0x4824044B23AA02F0),
+ U64_TO_WORDS(0x1105048912A321F3), U64_TO_WORDS(0xB8A2E482CF0F10C1),
+ U64_TO_WORDS(0x42FF7D0BE2152085), U64_TO_WORDS(0x0018E599C5223352), // XPB1
+ U64_TO_WORDS(0x4256C520FB388820), U64_TO_WORDS(0x744FD7C3BAAF0A13),
+ U64_TO_WORDS(0x4B6A2DDDB12CBCB8), U64_TO_WORDS(0xE46826E27F427DF8),
+ U64_TO_WORDS(0xFE4A663CD505A61B), U64_TO_WORDS(0xD6B3A1BAF025C695),
+ U64_TO_WORDS(0x7C3BB62B8FCC00BD), U64_TO_WORDS(0x003AFDDE4A35746C), // XQB0
+ U64_TO_WORDS(0x75601CD1E6C0DFCB), U64_TO_WORDS(0x1A9007239B58F93E),
+ U64_TO_WORDS(0xC1F1BE80C62107AC), U64_TO_WORDS(0x7F513B898F29FF08),
+ U64_TO_WORDS(0xEA0BEDFF43E1F7B2), U64_TO_WORDS(0x2C6D94018CBAE6D0),
+ U64_TO_WORDS(0x3A430D31BCD84672), U64_TO_WORDS(0x000D26892ECCFE83), // XRB0
+ U64_TO_WORDS(0x1119D62AEA3007A1), U64_TO_WORDS(0xE3702AA4E04BAE1B),
+ U64_TO_WORDS(0x9AB96F7D59F990E7), U64_TO_WORDS(0xF58440E8B43319C0),
+ U64_TO_WORDS(0xAF8134BEE1489775), U64_TO_WORDS(0xE7F7774E905192AA),
+ U64_TO_WORDS(0xF54AE09308E98039), U64_TO_WORDS(0x001EF7A041A86112) // XRB1
},
.mont_R2 = {
- 0x5289A0CF641D011F, 0x9B88257189FED2B9, 0xA3B365D58DC8F17A, 0x5BC57AB6EFF168EC,
- 0x9E51998BD84D4423, 0xBF8999CBAC3B5695, 0x46E9127BCE14CDB6, 0x003F6CFCE8B81771
+ U64_TO_WORDS(0x5289A0CF641D011F), U64_TO_WORDS(0x9B88257189FED2B9),
+ U64_TO_WORDS(0xA3B365D58DC8F17A), U64_TO_WORDS(0x5BC57AB6EFF168EC),
+ U64_TO_WORDS(0x9E51998BD84D4423), U64_TO_WORDS(0xBF8999CBAC3B5695),
+ U64_TO_WORDS(0x46E9127BCE14CDB6), U64_TO_WORDS(0x003F6CFCE8B81771)
},
.mont_one = {
- 0x00000000000003F9, 0x0000000000000000, 0x0000000000000000, 0xB400000000000000,
- 0x63CB1A6EA6DED2B4, 0x51689D8D667EB37D, 0x8ACD77C71AB24142, 0x0026FBAEC60F5953
+ U64_TO_WORDS(0x00000000000003F9), U64_TO_WORDS(0x0000000000000000),
+ U64_TO_WORDS(0x0000000000000000), U64_TO_WORDS(0xB400000000000000),
+ U64_TO_WORDS(0x63CB1A6EA6DED2B4), U64_TO_WORDS(0x51689D8D667EB37D),
+ U64_TO_WORDS(0x8ACD77C71AB24142), U64_TO_WORDS(0x0026FBAEC60F5953)
},
.A_strat = {
61, 32, 16, 8, 4, 2, 1, 1, 2, 1, 1, 4, 2, 1, 1, 2, 1, 1, 8, 4, 2, 1, 1, 2, 1, 1,
diff --git a/third_party/sike/asm/fp_generic.c b/third_party/sike/asm/fp_generic.c
index cb786ff..60e0da1 100644
--- a/third_party/sike/asm/fp_generic.c
+++ b/third_party/sike/asm/fp_generic.c
@@ -62,13 +62,13 @@
carry = 0;
for (i = 0; i < NWORDS_FIELD; i++) {
- SUBC(carry, c[i], ((crypto_word_t*)p503.prime_x2)[i], carry, c[i]);
+ SUBC(carry, c[i], p503.prime_x2[i], carry, c[i]);
}
mask = 0 - (crypto_word_t)carry;
carry = 0;
for (i = 0; i < NWORDS_FIELD; i++) {
- ADDC(carry, c[i], ((crypto_word_t*)p503.prime_x2)[i] & mask, carry, c[i]);
+ ADDC(carry, c[i], p503.prime_x2[i] & mask, carry, c[i]);
}
}
@@ -86,7 +86,7 @@
borrow = 0;
for (i = 0; i < NWORDS_FIELD; i++) {
- ADDC(borrow, c[i], ((crypto_word_t*)p503.prime_x2)[i] & mask, borrow, c[i]);
+ ADDC(borrow, c[i], p503.prime_x2[i] & mask, borrow, c[i]);
}
}
@@ -139,7 +139,7 @@
for (i = 0; i < NWORDS_FIELD; i++) {
for (j = 0; j < i; j++) {
if (j < (i-p503_ZERO_WORDS+1)) {
- MUL(mc[j], ((crypto_word_t*)p503.prime_p1)[i-j], UV+1, UV[0]);
+ MUL(mc[j], p503.prime_p1[i-j], UV+1, UV[0]);
ADDC(0, UV[0], v, carry, v);
ADDC(carry, UV[1], u, carry, u);
t += carry;
@@ -160,7 +160,7 @@
}
for (j = i-NWORDS_FIELD+1; j < NWORDS_FIELD; j++) {
if (j < (NWORDS_FIELD-count)) {
- MUL(mc[j], ((crypto_word_t*)p503.prime_p1)[i-j], UV+1, UV[0]);
+ MUL(mc[j], p503.prime_p1[i-j], UV+1, UV[0]);
ADDC(0, UV[0], v, carry, v);
ADDC(carry, UV[1], u, carry, u);
t += carry;
diff --git a/third_party/sike/fpx.c b/third_party/sike/fpx.c
index abb1ca2..9ff88e8 100644
--- a/third_party/sike/fpx.c
+++ b/third_party/sike/fpx.c
@@ -227,7 +227,7 @@
void sike_fpneg(felm_t a) {
uint32_t borrow = 0;
for (size_t i = 0; i < NWORDS_FIELD; i++) {
- SUBC(borrow, ((crypto_word_t*)p503.prime_x2)[i], a[i], borrow, a[i]);
+ SUBC(borrow, p503.prime_x2[i], a[i], borrow, a[i]);
}
}
@@ -240,7 +240,7 @@
mask = 0 - (crypto_word_t)(a[0] & 1); // If a is odd compute a+p503
for (size_t i = 0; i < NWORDS_FIELD; i++) {
- ADDC(carry, a[i], ((crypto_word_t*)p503.prime)[i] & mask, carry, c[i]);
+ ADDC(carry, a[i], p503.prime[i] & mask, carry, c[i]);
}
// Multiprecision right shift by one.
@@ -256,13 +256,13 @@
crypto_word_t mask;
for (size_t i = 0; i < NWORDS_FIELD; i++) {
- SUBC(borrow, a[i], ((crypto_word_t*)p503.prime)[i], borrow, a[i]);
+ SUBC(borrow, a[i], p503.prime[i], borrow, a[i]);
}
mask = 0 - (crypto_word_t)borrow;
borrow = 0;
for (size_t i = 0; i < NWORDS_FIELD; i++) {
- ADDC(borrow, a[i], ((crypto_word_t*)p503.prime)[i] & mask, borrow, a[i]);
+ ADDC(borrow, a[i], p503.prime[i] & mask, borrow, a[i]);
}
}
@@ -283,7 +283,7 @@
mask = mp_subfast(tt1, tt2, tt1); // tt1 = a0*b0 - a1*b1. If tt1 < 0 then mask = 0xFF..F, else if tt1 >= 0 then mask = 0x00..0
for (size_t i = 0; i < NWORDS_FIELD; i++) {
- t1[i] = ((crypto_word_t*)p503.prime)[i] & mask;
+ t1[i] = p503.prime[i] & mask;
}
sike_fprdc(tt3, c->c1); // c[1] = (a0+a1)*(b0+b1) - a0*b0 - a1*b1
diff --git a/third_party/sike/fpx.h b/third_party/sike/fpx.h
index ed67768..e787c28 100644
--- a/third_party/sike/fpx.h
+++ b/third_party/sike/fpx.h
@@ -97,8 +97,8 @@
// mc_i = a_i*R^2*R^(-1) = a_i*R in GF(p^2).
#define sike_to_fp2mont(a, mc) \
do { \
- sike_fpmul_mont(a->c0, (crypto_word_t*)&p503.mont_R2, mc->c0); \
- sike_fpmul_mont(a->c1, (crypto_word_t*)&p503.mont_R2, mc->c1); \
+ sike_fpmul_mont(a->c0, p503.mont_R2, mc->c0); \
+ sike_fpmul_mont(a->c1, p503.mont_R2, mc->c1); \
} while(0)
// Conversion of a GF(p^2) element from Montgomery representation to standard representation,
diff --git a/third_party/sike/isogeny.c b/third_party/sike/isogeny.c
index 45f9c40..b8807f3 100644
--- a/third_party/sike/isogeny.c
+++ b/third_party/sike/isogeny.c
@@ -190,7 +190,7 @@
f2elm_t t0, t1, one = F2ELM_INIT;
extern const struct params_t p503;
- sike_fpcopy((crypto_word_t*)&p503.mont_one, one->c0);
+ sike_fpcopy(p503.mont_one, one->c0);
sike_fp2add(xP, xQ, t1); // t1 = xP+xQ
sike_fp2mul_mont(xP, xQ, t0); // t0 = xP*xQ
sike_fp2mul_mont(xR, t1, A); // A = xR*t1
diff --git a/third_party/sike/sike.c b/third_party/sike/sike.c
index 01add94..53ed213 100644
--- a/third_party/sike/sike.c
+++ b/third_party/sike/sike.c
@@ -115,7 +115,7 @@
const size_t nbits = is_A?SIDHp503_PRV_A_BITSZ:SIDHp503_PRV_B_BITSZ;
// Initializing constant
- sike_fpcopy((crypto_word_t*)&p503.mont_one, A24[0].c0);
+ sike_fpcopy(p503.mont_one, A24[0].c0);
sike_fp2add(A24, A24, A24);
sike_fp2add(A, A24, A24);
sike_fp2div2(A24, A24);
@@ -123,11 +123,11 @@
// Initializing points
sike_fp2copy(xQ, R0->X);
- sike_fpcopy((crypto_word_t*)&p503.mont_one, R0->Z[0].c0);
+ sike_fpcopy(p503.mont_one, R0->Z[0].c0);
sike_fp2copy(xPQ, R2->X);
- sike_fpcopy((crypto_word_t*)&p503.mont_one, R2->Z[0].c0);
+ sike_fpcopy(p503.mont_one, R2->Z[0].c0);
sike_fp2copy(xP, R->X);
- sike_fpcopy((crypto_word_t*)&p503.mont_one, R->Z[0].c0);
+ sike_fpcopy(p503.mont_one, R->Z[0].c0);
memset(R->Z->c1, 0, sizeof(R->Z->c1));
// Main loop
@@ -195,14 +195,14 @@
unsigned int m, index = 0, pts_index[MAX_INT_POINTS_ALICE], npts = 0, ii = 0;
// Initialize basis points
- sike_init_basis((crypto_word_t*)p503.A_gen, XPA, XQA, XRA);
- sike_init_basis((crypto_word_t*)p503.B_gen, phiP->X, phiQ->X, phiR->X);
- sike_fpcopy((crypto_word_t*)&p503.mont_one, (phiP->Z)->c0);
- sike_fpcopy((crypto_word_t*)&p503.mont_one, (phiQ->Z)->c0);
- sike_fpcopy((crypto_word_t*)&p503.mont_one, (phiR->Z)->c0);
+ sike_init_basis(p503.A_gen, XPA, XQA, XRA);
+ sike_init_basis(p503.B_gen, phiP->X, phiQ->X, phiR->X);
+ sike_fpcopy(p503.mont_one, (phiP->Z)->c0);
+ sike_fpcopy(p503.mont_one, (phiQ->Z)->c0);
+ sike_fpcopy(p503.mont_one, (phiR->Z)->c0);
// Initialize constants
- sike_fpcopy((crypto_word_t*)&p503.mont_one, A24plus->c0);
+ sike_fpcopy(p503.mont_one, A24plus->c0);
sike_fp2add(A24plus, A24plus, C24);
// Retrieve kernel point
@@ -267,14 +267,14 @@
unsigned int m, index = 0, pts_index[MAX_INT_POINTS_BOB], npts = 0, ii = 0;
// Initialize basis points
- sike_init_basis((crypto_word_t*)p503.B_gen, XPB, XQB, XRB);
- sike_init_basis((crypto_word_t*)p503.A_gen, phiP->X, phiQ->X, phiR->X);
- sike_fpcopy((crypto_word_t*)&p503.mont_one, (phiP->Z)->c0);
- sike_fpcopy((crypto_word_t*)&p503.mont_one, (phiQ->Z)->c0);
- sike_fpcopy((crypto_word_t*)&p503.mont_one, (phiR->Z)->c0);
+ sike_init_basis(p503.B_gen, XPB, XQB, XRB);
+ sike_init_basis(p503.A_gen, phiP->X, phiQ->X, phiR->X);
+ sike_fpcopy(p503.mont_one, (phiP->Z)->c0);
+ sike_fpcopy(p503.mont_one, (phiQ->Z)->c0);
+ sike_fpcopy(p503.mont_one, (phiR->Z)->c0);
// Initialize constants
- sike_fpcopy((crypto_word_t*)&p503.mont_one, A24plus->c0);
+ sike_fpcopy(p503.mont_one, A24plus->c0);
sike_fp2add(A24plus, A24plus, A24plus);
sike_fp2copy(A24plus, A24minus);
sike_fp2neg(A24minus);
@@ -345,7 +345,7 @@
// Initialize constants
get_A(PKB[0], PKB[1], PKB[2], A); // TODO: Can return projective A?
- sike_fpadd((crypto_word_t*)&p503.mont_one, (crypto_word_t*)&p503.mont_one, C24->c0);
+ sike_fpadd(p503.mont_one, p503.mont_one, C24->c0);
sike_fp2add(A, C24, A24plus);
sike_fpadd(C24->c0, C24->c0, C24->c0);
@@ -404,7 +404,7 @@
// Initialize constants
get_A(PKB[0], PKB[1], PKB[2], A);
- sike_fpadd((crypto_word_t*)&p503.mont_one, (crypto_word_t*)&p503.mont_one, A24minus->c0);
+ sike_fpadd(p503.mont_one, p503.mont_one, A24minus->c0);
sike_fp2add(A, A24minus, A24plus);
sike_fp2sub(A, A24minus, A24minus);
diff --git a/third_party/sike/utils.h b/third_party/sike/utils.h
index ee9e685..ab4a5e0 100644
--- a/third_party/sike/utils.h
+++ b/third_party/sike/utils.h
@@ -7,8 +7,8 @@
#ifndef UTILS_H_
#define UTILS_H_
-#include <stdbool.h>
-#include "openssl/base.h"
+#include <openssl/base.h>
+
#include "../crypto/internal.h"
#include "sike.h"
@@ -19,8 +19,6 @@
#define BITS_FIELD 503
// Byte size of the field
#define FIELD_BYTESZ BITS_TO_BYTES(BITS_FIELD)
-// Number of 64-bit words of a 503-bit field element
-#define NWORDS64_FIELD ((BITS_FIELD+63)/64)
// Number of 64-bit words of a 256-bit element
#define NBITS_ORDER 256
#define NWORDS64_ORDER ((NBITS_ORDER+63)/64)
@@ -40,6 +38,8 @@
#define p503_ZERO_WORDS 3
// log_2(RADIX)
#define LOG2RADIX 6
+ // U64_TO_WORDS expands |x| for a |crypto_word_t| array literal.
+ #define U64_TO_WORDS(x) UINT64_C(x)
#else
// Number of words of a 503-bit field element
#define NWORDS_FIELD 16
@@ -47,6 +47,9 @@
#define p503_ZERO_WORDS 7
// log_2(RADIX)
#define LOG2RADIX 5
+ // U64_TO_WORDS expands |x| for a |crypto_word_t| array literal.
+ #define U64_TO_WORDS(x) \
+ (uint32_t)(UINT64_C(x) & 0xffffffff), (uint32_t)(UINT64_C(x) >> 32)
#endif
// Extended datatype support
@@ -114,21 +117,21 @@
// Constants used during SIKEp503 computation.
struct params_t {
// Stores P503 prime
- const uint64_t prime[NWORDS64_FIELD];
+ const crypto_word_t prime[NWORDS_FIELD];
// Stores P503 + 1
- const uint64_t prime_p1[NWORDS64_FIELD];
+ const crypto_word_t prime_p1[NWORDS_FIELD];
// Stores P503 * 2
- const uint64_t prime_x2[NWORDS64_FIELD];
+ const crypto_word_t prime_x2[NWORDS_FIELD];
// Alice's generator values {XPA0 + XPA1*i, XQA0, XRA0 + XRA1*i}
// in GF(p503^2), expressed in Montgomery representation
- const uint64_t A_gen[5*NWORDS64_FIELD];
+ const crypto_word_t A_gen[5*NWORDS_FIELD];
// Bob's generator values {XPB0 + XPB1*i, XQB0, XRB0 + XRB1*i}
// in GF(p503^2), expressed in Montgomery representation
- const uint64_t B_gen[5*NWORDS64_FIELD];
+ const crypto_word_t B_gen[5*NWORDS_FIELD];
// Montgomery constant mont_R2 = (2^512)^2 mod p503
- const uint64_t mont_R2[NWORDS64_FIELD];
+ const crypto_word_t mont_R2[NWORDS_FIELD];
// Value 'one' in Montgomery representation
- const uint64_t mont_one[NWORDS64_FIELD];
+ const crypto_word_t mont_one[NWORDS_FIELD];
// Fixed parameters for isogeny tree computation
const unsigned int A_strat[A_max-1];
const unsigned int B_strat[B_max-1];
