Hello,
вт, 9 июл. 2019 г. в 00:44, Niels Möller nisse@lysator.liu.se:
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
"unsigned long w" comes from the time when Nettle didn't use uint64_t. It is unused now and thus can be dropped.
I've done something very similar on the block16-refactor branch.
No problem.
- r->u64[0] = (x->u64[0] >> 1) ^ (mask & (GHASH_POLYNOMIAL << 56));
I've found this needs to be (uint64_t) GHASH_POLYNOMIAL << 56. Otherwise tests fail when I cross compile for (32-bit) mips and run under qemu.
I've just changed GHASH_POLYNOMIAL to `UINT64_C(0xE1)`. Then all tests succeed.
I'm also trying to move helper functions (most or all should be inline) to block16-internal.h.
Next, I'm looking into unifying the various shift operations. It seems we have the following variants:
Big-endian left shift: cmac, eax, polynomial 0x87 Little-endian left shift: xts, polynomial 0x87 Big-endian right shift: gcm, polynomial 0xE1 (bit-reverse of 0x87)
I'm going to need big-endian left shift with polynomial 0x87 for MGM (Multilinear Galois Mode: draft-smyshlyaev-mgm), so unifying them will be nice.