base = C.GF(0).setbit(nbits).setbit(0)
for k in xrange(1, nbits, 2):
for cc in combs(range(1, nbits), k):
- p = base + sum(C.GF(0).setbit(c) for c in cc)
+ p = base + sum((C.GF(0).setbit(c) for c in cc), C.GF(0))
if p.irreduciblep(): POLYMAP[nbits] = p; return p
raise ValueError, nbits
"""
Multiply U by V using table lookup; common for `table-b' and `table-l'.
- This matches the `simple_mulk_...' implementation in `gcm.c'. One-entry
+ This matches the `simple_mulk_...' implementation in `gcm.c'. One entry
per bit is the best we can manage if we want a constant-time
implementation: processing n bits at a time means we need to scan
(2^n - 1)/n times as much memory.
are processed most-significant first.
* IXMASK is a mask XORed into table indices to permute the table so that
- it's order matches that induced by GETWORD.
+ its order matches that induced by GETWORD.
The table is built such that tab[i XOR IXMASK] = U t^i.
"""
@demo
def demo_table_l(u, v):
"""Little-endian table lookup."""
- return table_common(u, v, endswap_words, lambda b: b.getu32l(), 0x18)
+ return table_common(u, v, endswap_words_32, lambda b: b.getu32l(), 0x18)
###--------------------------------------------------------------------------
### Implementation using 64×64->128-bit binary polynomial multiplication.
if tag == TAG_PRODPIECE or tag == TAG_REDCFULL or tag == TAG_SHIFTED:
return
elif tag == TAG_INPUT_V or tag == TAG_KPIECE_V:
+ w = (w + 63)&~63
bx = C.ReadBuffer(x.storeb(w/8))
by = C.WriteBuffer()
while bx.left: chunk = bx.get(8); by.put(chunk).put(chunk)
## straightforward except for the 96-bit case, where we end up with two
## short pieces which we pad at the beginning.
if uw%mulwd: pad = (-uw)%mulwd; u += C.ByteString.zero(pad); uw += pad
- if vw%mulwd: pad = (-uw)%mulwd; v += C.ByteString.zero(pad); vw += pad
+ if vw%mulwd: pad = (-vw)%mulwd; v += C.ByteString.zero(pad); vw += pad
uu = split_gf(u, mulwd)
vv = split_gf(v, mulwd)