-/*
- * qfarith.h: utilities for quick field arithmetic
- */
-/*
- * This file is Free Software. It has been modified to as part of its
- * incorporation into secnet.
- *
- * Copyright 2017 Mark Wooding
- *
- * You may redistribute this file and/or modify it under the terms of
- * the permissive licence shown below.
- *
- * You may redistribute secnet as a whole and/or modify it under the
- * terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 3, or (at your option) any
- * later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see
- * https://www.gnu.org/licenses/gpl.html.
- */
-/*
- * Imported from Catacomb, and modified for Secnet (2017-04-30):
- *
- * * Use `fake-mLib-bits.h' in place of the real <mLib/bits.h>.
- *
- * * Use C99 signed integer types instead of our own local probing.
- *
- * * Remove the support for non-two's-complement targets.
- *
- * The file's original comment headers are preserved below.
- */
/* -*-c-*-
*
* Utilities for quick field arithmetic
/*----- Licensing notice --------------------------------------------------*
*
- * This file is part of Catacomb.
+ * This file is part of secnet.
+ * See README for full list of copyright holders.
+ *
+ * secnet is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version d of the License, or
+ * (at your option) any later version.
+ *
+ * secnet is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 3 along with secnet; if not, see
+ * https://www.gnu.org/licenses/gpl.html.
+ *
+ * This file was originally part of Catacomb, but has been automatically
+ * modified for incorporation into secnet: see `import-catacomb-crypto'
+ * for details.
*
* Catacomb is free software; you can redistribute it and/or modify
* it under the terms of the GNU Library General Public License as
/*----- Header files ------------------------------------------------------*/
#include <limits.h>
-#include <stdint.h>
#include "fake-mLib-bits.h"
-
/*----- Signed integer types ----------------------------------------------*/
-typedef int_fast32_t int32;
-typedef int_fast64_t int64;
+typedef int32_t int32;
+typedef int64_t int64;
#define HAVE_INT64 1
/*----- General bit-hacking utilities -------------------------------------*/
/*----- Constant-time utilities -------------------------------------------*/
/* The following have better implementations on a two's complement target. */
-#ifdef NEG_TWOC
-
- /* If we have two's complement arithmetic then masks are signed; this
- * avoids a switch to unsigned representation, with the consequent problem
- * of overflow when we convert back.
- */
- typedef int32 mask32;
-
- /* Convert an unsigned mask M into a `mask32'. This is a hairy-looking
- * no-op on many targets, but, given that we have two's complement
- * integers, it is free of arithmetic overflow.
- */
-# define FIX_MASK32(m) \
- ((mask32)((m)&0x7fffffffu) + (-(mask32)0x7fffffff - 1)*(((m) >> 31)&1u))
-
- /* If Z is zero and M has its low 32 bits set, then copy (at least) the low
- * 32 bits of X to Z; if M is zero, do nothing. Otherwise, scramble Z
- * unhelpfully.
- */
-# define CONDPICK(z, x, m) do { (z) |= (x)&(m); } while (0)
-
- /* If M has its low 32 bits set, then return (at least) the low 32 bits of
- * X in Z; if M is zero, then return (at least) the low 32 bits of Y in Z.
- * Otherwise, return an unhelful result.
- */
-# define PICK2(x, y, m) (((x)&(m)) | ((y)&~(m)))
-
- /* If M has its low 32 bits set then swap (at least) the low 32 bits of X
- * and Y; if M is zero, then do nothing. Otherwise, scramble X and Y
- * unhelpfully.
- */
-# define CONDSWAP(x, y, m) \
- do { mask32 t_ = ((x) ^ (y))&(m); (x) ^= t_; (y) ^= t_; } while (0)
-#else
-# error "Targets without two's complement arithmetic aren't supported"
-#endif
+
+/* If we have two's complement arithmetic then masks are signed; this
+ * avoids a switch to unsigned representation, with the consequent problem
+ * of overflow when we convert back.
+ */
+typedef int32 mask32;
+
+/* Convert an unsigned mask M into a `mask32'. This is a hairy-looking
+ * no-op on many targets, but, given that we have two's complement
+ * integers, it is free of arithmetic overflow.
+ */
+#define FIX_MASK32(m) \
+ ((mask32)((m)&0x7fffffffu) + (-(mask32)0x7fffffff - 1)*(((m) >> 31)&1u))
+
+/* If Z is zero and M has its low 32 bits set, then copy (at least) the low
+ * 32 bits of X to Z; if M is zero, do nothing. Otherwise, scramble Z
+ * unhelpfully.
+ */
+#define CONDPICK(z, x, m) do { (z) |= (x)&(m); } while (0)
+
+/* If M has its low 32 bits set, then return (at least) the low 32 bits of
+ * X in Z; if M is zero, then return (at least) the low 32 bits of Y in Z.
+ * Otherwise, return an unhelful result.
+ */
+#define PICK2(x, y, m) (((x)&(m)) | ((y)&~(m)))
+
+/* If M has its low 32 bits set then swap (at least) the low 32 bits of X
+ * and Y; if M is zero, then do nothing. Otherwise, scramble X and Y
+ * unhelpfully.
+ */
+#define CONDSWAP(x, y, m) \
+ do { mask32 t_ = ((x) ^ (y))&(m); (x) ^= t_; (y) ^= t_; } while (0)
/* Return zero if bit 31 of X is clear, or a mask with (at least) the low 32
* bits set if bit 31 of X is set.