Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
"unsigned long w" comes from the time when Nettle didn't use uint64_t. It is unused now and thus can be dropped.
I've done something very similar on the block16-refactor branch.
- r->u64[0] = (x->u64[0] >> 1) ^ (mask & (GHASH_POLYNOMIAL << 56));
I've found this needs to be (uint64_t) GHASH_POLYNOMIAL << 56. Otherwise tests fail when I cross compile for (32-bit) mips and run under qemu.
I'm also trying to move helper functions (most or all should be inline) to block16-internal.h.
Next, I'm looking into unifying the various shift operations. It seems we have the following variants:
Big-endian left shift: cmac, eax, polynomial 0x87 Little-endian left shift: xts, polynomial 0x87 Big-endian right shift: gcm, polynomial 0xE1 (bit-reverse of 0x87)
If I understand it correctly after a quick look (long since I looked at GCM in detail), its represents the polynomials with a peculiar bit-order where what's otherwise the least significant bit represents the coefficient of the highest power of x. The multiplication is kind-of invariant under bit-reversal, but I'm not sure if it's possible to rearrange it to use a different bit order without explicit bit reversal of the input. At least, not an easy change.
I'm thinking of some shared macros or inline functions to abstract the left shift operations, say block16_mulx_be, block16_mulx_le.
Regards, /Niels