Dmitry Eremin-Solenikov writes:
> "unsigned long w" comes from the time when Nettle didn't use uint64_t.
> It is unused now and thus can be dropped.
I've done something very similar on the block16-refactor branch.
> + r->u64[0] = (x->u64[0] >> 1) ^ (mask & (GHASH_POLYNOMIAL << 56));
I've found this needs to be (uint64_t) GHASH_POLYNOMIAL << 56. Otherwise
tests fail when I cross compile for (32-bit) mips and run under qemu.
I'm also trying to move helper functions (most or all should be inline)
to block16-internal.h.
Next, I'm looking into unifying the various shift operations. It seems
we have the following variants:
Big-endian left shift: cmac, eax, polynomial 0x87
Little-endian left shift: xts, polynomial 0x87
Big-endian right shift: gcm, polynomial 0xE1 (bit-reverse of 0x87)
If I understand it correctly after a quick look (long since I looked at
GCM in detail), its represents the polynomials with a peculiar bit-order
where what's otherwise the least significant bit represents the
coefficient of the highest power of x. The multiplication is kind-of
invariant under bit-reversal, but I'm not sure if it's possible to
rearrange it to use a different bit order without explicit bit reversal
of the input. At least, not an easy change.
I'm thinking of some shared macros or inline functions to abstract the
left shift operations, say block16_mulx_be, block16_mulx_le.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
