7void multiplication_u64(uint64_t *output_low, uint64_t *output_high, uint64_t input_a, uint64_t input_b) {
8 register uint64_t al, ah, bl, bh, temp;
9 uint64_t albl, albh, ahbl, ahbh, res1, res2, res3, carry;
10 uint64_t mask_low = (uint64_t) (-1) >> (
sizeof(uint64_t) * 4), mask_high =
11 (uint64_t) (-1) << (
sizeof(uint64_t) * 4);
13 al = input_a & mask_low;
14 ah = input_a >> (
sizeof(uint64_t) * 4);
15 bl = input_b & mask_low;
16 bh = input_b >> (
sizeof(uint64_t) * 4);
22 *output_low = albl & mask_low;
24 res1 = albl >> (
sizeof(uint64_t) * 4);
25 res2 = ahbl & mask_low;
26 res3 = albh & mask_low;
27 temp = res1 + res2 + res3;
28 carry = temp >> (
sizeof(uint64_t) * 4);
29 *output_low ^= temp << (
sizeof(uint64_t) * 4);
31 res1 = ahbl >> (
sizeof(uint64_t) * 4);
32 res2 = albh >> (
sizeof(uint64_t) * 4);
33 res3 = ahbh & mask_low;
34 temp = res1 + res2 + res3 + carry;
35 *output_high = temp & mask_low;
36 carry = temp & mask_high;
37 *output_high ^= (ahbh & mask_high) + carry;
44 x1 = (!(!input_decision));
45 x2 = ((int8_t) (0x0 - x1) & UINT64_C(0xffffffffffffffff));
46 x3 = ((x2 & input_b) | ((~x2) & input_a));
51 return (uint64_t) ((x | (0 - x)) >> 63);
59 return (uint64_t) ((x ^ ((x ^ y) | ((x - y) ^ y))) >> 63);
66 for (
i = 0;
i < input_length;
i++)
67 r |= input_a[
i] ^ input_b[
i];
71 return (uint8_t)(1 - r);
76 for (
i = 0;
i < input_length;
i++)
77 output[
i] ^= input_selector & (input[
i] ^ output[
i]);
82 for (
i = 0;
i < input_words_length - 1;
i++) {
84 input_a_output_shifted_a[
i], 1, 64);
86 input_a_output_shifted_a[input_words_length - 1] >>= 1;
91 for (
i = input_words_length - 1;
i > 0;
i--) {
93 input_a_output_shifted_a[
i - 1], 1, 64);
95 input_a_output_shifted_a[0] <<= 1;
99 uint64_t
i, carry = 0;
106 for (
i = 0;
i < input_length;
i++) {
113 uint8_t is_equal[input_length], is_smaller[input_length];
115 for(
i = 0;
i < input_length;
i++) {
116 uint8_t *ta = (uint8_t *) &input_a[
i];
117 uint8_t *tb = (uint8_t *) &input_b[
i];
122 for(
i = input_length - 1; (int)
i >= 0;
i--) {
124 for(
j = input_length - 1;
j >
i;
j--) {
127 ret |= (is_smaller[
i] & t);
void multiprecision_shift_to_right(uint64_t *input_a_output_shifted_a, uint64_t input_words_length)
void multiprecision_subtraction(uint64_t *output, const uint64_t *input_a, const uint64_t *input_b, uint64_t input_length)
void conditional_move_u64(uint64_t *output, uint8_t input_decision, uint64_t input_a, uint64_t input_b)
void multiprecision_shift_to_left(uint64_t *input_a_output_shifted_a, uint64_t input_words_length)
uint64_t constant_time_is_zero_u64(uint64_t x)
uint8_t multiprecision_is_smaller(const uint64_t *input_a, const uint64_t *input_b, uint64_t input_length)
void constant_time_conditional_mov(uint8_t *output, const uint8_t *input, uint64_t input_length, uint8_t input_selector)
void multiplication_u64(uint64_t *output_low, uint64_t *output_high, uint64_t input_a, uint64_t input_b)
void multiprecision_addition(uint64_t *output, const uint64_t *input_a, const uint64_t *input_b, uint64_t input_length)
uint64_t constant_time_is_lessthan_u64(uint64_t x, uint64_t y)
uint64_t constant_time_is_nonzero_u64(uint64_t x)
uint8_t constant_time_compare(const uint8_t *input_a, const uint8_t *input_b, uint64_t input_length)
#define subtraction_with_borrow_u64(output, output_borrow, input_borrow, input_a, input_b)
#define constant_time_shift_to_right_u64(shiftOut, highIn, lowIn, shift, DigitSize)
#define constant_time_shift_to_left_u64(shiftOut, highIn, lowIn, shift, DigitSize)
#define addition_with_carry_u64(output, output_carry, input_carry, input_a, input_b)
1.14.0