## We start by carving the operands into 64-bit pieces. This is
## straightforward except for the 96-bit case, where we end up with two
## short pieces which we pad at the beginning.
- if uw%mulwd: pad = (-uw)%mulwd; u += C.ByteString.zero(pad); uw += pad
- if vw%mulwd: pad = (-vw)%mulwd; v += C.ByteString.zero(pad); vw += pad
- uu = split_gf(u, mulwd)
- vv = split_gf(v, mulwd)
+ upad = (-uw)%mulwd; u += C.ByteString.zero(upad); uw += upad
+ vpad = (-vw)%mulwd; v += C.ByteString.zero(vpad); vw += vpad
+ uu = split_gf(u, mulwd); vv = split_gf(v, mulwd)
## Report and accumulate the individual product pieces.
x = C.GF(0)
x += t << (mulwd*i)
presfn(TAG_PRODUCT, wd, x, uw + vw, dispwd, '%s %s' % (uwhat, vwhat))
- return x
+ return x >> (upad + vpad)
def poly64_mul_karatsuba(u, v, klimit, presfn, wd,
dispwd, mulwd, uwhat, vwhat):
## Now we have to shift everything up one bit to account for GCM's crazy
## bit ordering.
y = x << 1
- if w == 96: y >>= 64
presfn(TAG_SHIFTED, w, y, 2*w, dispwd, 'y')
## Now for the reduction.
~mdw / catacomb / commitdiff