math/mpx-mul4-*.S: Use more portable type syntax for ambiguous instructions.

[catacomb] / utils / advmodes

diff --git a/utils/advmodes b/utils/advmodes
index bee4e34..c4344b3 100755 (executable)
--- a/utils/advmodes
+++ b/utils/advmodes
@@ -34,7 +34,7 @@ def poly(nbits):
   base = C.GF(0).setbit(nbits).setbit(0)
   for k in xrange(1, nbits, 2):
     for cc in combs(range(1, nbits), k):
-      p = base + sum(C.GF(0).setbit(c) for c in cc)
+      p = base + sum((C.GF(0).setbit(c) for c in cc), C.GF(0))
       if p.irreduciblep(): POLYMAP[nbits] = p; return p
   raise ValueError, nbits
 
@@ -242,8 +242,8 @@ def omac_masks(E):
   p = poly(8*blksz)
   z = Z(blksz)
   L = E.encrypt(z)
-  m0 = mul_blk_gf(L, 2, p)
-  m1 = mul_blk_gf(m0, 2, p)
+  m0 = mul_blk_gf(L, C.GF(2), p)
+  m1 = mul_blk_gf(m0, C.GF(2), p)
   return m0, m1
 
 def dump_omac(E):
@@ -389,6 +389,15 @@ def gcmgen(bc):
           (bc.blksz - 4, bc.blksz + 3, 3*bc.blksz + 9),
           (bc.blksz - 1, 3*bc.blksz - 5, 3*bc.blksz + 5)]
 
+def gcm_mul_tests(nbits):
+  print 'gcm-mul%d {' % nbits
+  for i in xrange(64):
+    x = R.block(nbits/8)
+    y = R.block(nbits/8)
+    z = gcm_mul(x, y)
+    print '  %s\n    %s\n    %s;' % (hex(x), hex(y), hex(z))
+  print '}'
+
 ###--------------------------------------------------------------------------
 ### CCM.
 
@@ -577,14 +586,14 @@ def pmac2(E, m):
   blksz = E.__class__.blksz
   p = prim(8*blksz)
   L = E.encrypt(Z(blksz))
-  o = mul_blk_gf(L, 10, p)
+  o = mul_blk_gf(L, C.GF(10), p)
   a = Z(blksz)
   v, tl = blocks(m, blksz)
   for x in v:
     a ^= E.encrypt(x ^ o)
-    o = mul_blk_gf(o, 2, p)
-  if len(tl) == blksz: a ^= tl ^ mul_blk_gf(o, 3, p)
-  else: a ^= pad10star(tl, blksz) ^ mul_blk_gf(o, 5, p)
+    o = mul_blk_gf(o, C.GF(2), p)
+  if len(tl) == blksz: a ^= tl ^ mul_blk_gf(o, C.GF(3), p)
+  else: a ^= pad10star(tl, blksz) ^ mul_blk_gf(o, C.GF(5), p)
   return E.encrypt(a)
 
 def ocb3_masks(E):
@@ -731,18 +740,18 @@ def ocb2enc(E, n, h, m, tsz = None):
   if tsz is None: tsz = blksz
   p = prim(8*blksz)
   L = E.encrypt(n)
-  o = mul_blk_gf(L, 2, p)
+  o = mul_blk_gf(L, C.GF(2), p)
   a = Z(blksz)
   v, tl = blocks(m, blksz)
   y = C.WriteBuffer()
   for x in v:
     a ^= x
     y.put(E.encrypt(x ^ o) ^ o)
-    o = mul_blk_gf(o, 2, p)
+    o = mul_blk_gf(o, C.GF(2), p)
   n = len(tl)
   yfinal = E.encrypt(C.MP(8*n).storeb(blksz) ^ o)
   cfinal = tl ^ yfinal[:n]
-  a ^= (tl + yfinal[n:]) ^ mul_blk_gf(o, 3, p)
+  a ^= (tl + yfinal[n:]) ^ mul_blk_gf(o, C.GF(3), p)
   y.put(cfinal)
   t = E.encrypt(a)
   if h: t ^= pmac2(E, h)
@@ -752,7 +761,7 @@ def ocb2dec(E, n, h, y, t):
   blksz = E.__class__.blksz
   p = prim(8*blksz)
   L = E.encrypt(n)
-  o = mul_blk_gf(L, 2, p)
+  o = mul_blk_gf(L, C.GF(2), p)
   a = Z(blksz)
   v, tl = blocks(y, blksz)
   m = C.WriteBuffer()
@@ -760,11 +769,11 @@ def ocb2dec(E, n, h, y, t):
     u = E.encrypt(x ^ o) ^ o
     y.put(u)
     a ^= u
-    o = mul_blk_gf(o, 2, p)
+    o = mul_blk_gf(o, C.GF(2), p)
   n = len(tl)
   yfinal = E.encrypt(C.MP(8*n).storeb(blksz) ^ o)
   mfinal = tl ^ yfinal[:n]
-  a ^= (mfinal + yfinal[n:]) ^ mul_blk_gf(o, 3, p)
+  a ^= (mfinal + yfinal[n:]) ^ mul_blk_gf(o, C.GF(3), p)
   m.put(mfinal)
   u = E.encrypt(a)
   if h: u ^= pmac2(E, h)
@@ -975,6 +984,11 @@ MODEMAP = { 'eax-enc': (eaxgen, 3*[binarg] + [intarg], eaxenc),
             'pmac1': (pmacgen, [binarg], pmac1_pub) }
 
 mode = argv[1]
+if len(argv) == 3 and mode == 'gcm-mul':
+  VERBOSE = False
+  nbits = int(argv[2])
+  gcm_mul_tests(nbits)
+  exit(0)
 bc = None
 for d in CUSTOM, C.gcprps:
   try: bc = d[argv[2]]