utils/gcm-ref (present_gf_pmull): Round width up to a multiple of 64 bits.

[catacomb] / utils / gcm-ref

diff --git a/utils/gcm-ref b/utils/gcm-ref
index ccbf432..bec00d7 100755 (executable)
--- a/utils/gcm-ref
+++ b/utils/gcm-ref
@@ -54,7 +54,7 @@ def poly(nbits):
   base = C.GF(0).setbit(nbits).setbit(0)
   for k in xrange(1, nbits, 2):
     for cc in combs(range(1, nbits), k):
-      p = base + sum(C.GF(0).setbit(c) for c in cc)
+      p = base + sum((C.GF(0).setbit(c) for c in cc), C.GF(0))
       if p.irreduciblep(): POLYMAP[nbits] = p; return p
   raise ValueError, nbits
 
@@ -172,7 +172,7 @@ def demo_table_b(u, v):
 @demo
 def demo_table_l(u, v):
   """Little-endian table lookup."""
-  return table_common(u, v, endswap_words, lambda b: b.getu32l(), 0x18)
+  return table_common(u, v, endswap_words_32, lambda b: b.getu32l(), 0x18)
 
 ###--------------------------------------------------------------------------
 ### Implementation using 64×64->128-bit binary polynomial multiplication.
@@ -258,6 +258,7 @@ def present_gf_pmull(tag, wd, x, w, n, what):
   if tag == TAG_PRODPIECE or tag == TAG_REDCFULL or tag == TAG_SHIFTED:
     return
   elif tag == TAG_INPUT_V or tag == TAG_KPIECE_V:
+    w = (w + 63)&~63
     bx = C.ReadBuffer(x.storeb(w/8))
     by = C.WriteBuffer()
     while bx.left: chunk = bx.get(8); by.put(chunk).put(chunk)
@@ -281,7 +282,7 @@ def poly64_mul_simple(u, v, presfn, wd, dispwd, mulwd, uwhat, vwhat):
   ## straightforward except for the 96-bit case, where we end up with two
   ## short pieces which we pad at the beginning.
   if uw%mulwd: pad = (-uw)%mulwd; u += C.ByteString.zero(pad); uw += pad
-  if vw%mulwd: pad = (-uw)%mulwd; v += C.ByteString.zero(pad); vw += pad
+  if vw%mulwd: pad = (-vw)%mulwd; v += C.ByteString.zero(pad); vw += pad
   uu = split_gf(u, mulwd)
   vv = split_gf(v, mulwd)