Hello,
On 2025-02-17 07:26, NIIBE Yutaka via Gcrypt-devel wrote:
Hello, Jussi,
Jussi Kivilinna <jussi.kivili...@iki.fi> wrote:
I think this function could use 'add_ssaaaa' macro to handle addition
with
carry.
Something like this (completely untested):
cy = s2_limb;
while ( s1_size )
{
x = *s1_ptr;
add_ssaaaa(cy, x, 0, cy, 0, x);
*s1_ptr++ = x;
s1_size--;
}
return cy;
Good. I'm going to push this to master for _gcry_mpih_add_1_lli
function.
Further, I'm goint to push the chnage for _gcry_mpih_add_lli
function as:
Is LLI variant really needed? This looks the same as the
_gcry_mpih_add_n.
The assembly versions of this (for select architectures) should all be
constant time.
Well, looking at some of those implementations, they look overly complex
and we carry assembly implementations for now old/obsolete
architectures.
I think we should remove obsolete ones in favor of just using the
generic
version. I'd just keep assembly for following architectures:
- amd64
- i386
- aarch64
- arm
- generic
We could then validate that these really have constant time (or LLI)
implementations.
-Jussi
mpi_limb_t
_gcry_mpih_add_lli (mpi_ptr_t wp, mpi_ptr_t up, mpi_ptr_t vp,
mpi_size_t usize)
{
mpi_size_t i;
mpi_limb_t cy;
cy = 0;
for (i = 0; i < usize; i++)
{
mpi_limb_t u = up[i];
mpi_limb_t v = vp[i];
mpi_limb_t w;
add_ssaaaa (cy, w, 0, u, 0, cy);
add_ssaaaa (cy, w, cy, w, 0, v);
wp[i] = w;
}
return cy;
}
_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
