diff options
| author | Samuel Neves <sneves@dei.uc.pt> | 2018-08-08 00:23:27 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-08-07 17:25:07 -0700 |
| commit | 913b4e55505b4ca638c025163ebf3a7ce01f8b9e (patch) | |
| tree | 794e4aa4f4c45efe577dccfc913afa5dfd4cbb4f /src | |
| parent | 68550c35a4e0e365bb7d8d2c338bce6aa6294396 (diff) | |
curve25519-hacl64: simplify u64_eq_mask
Avoid signed right shift.
Z3 script showing equivalence:
>>> from z3 import *
>>>
>>> x = BitVec("x", 64)
>>> y = BitVec("y", 64)
>>>
>>> # Before
... x_ = ~(x ^ y)
>>> x_ &= x_ << 32
>>> x_ &= x_ << 16
>>> x_ &= x_ << 8
>>> x_ &= x_ << 4
>>> x_ &= x_ << 2
>>> x_ &= x_ << 1
>>> x_ >>= 63
>>>
>>> # After
... y_ = x ^ y
>>> y_ = y_ | -y_
>>> y_ = LShR(y_, 63) - 1
>>>
>>> prove(x_ == y_)
proved
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/curve25519-hacl64.h | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/src/crypto/curve25519-hacl64.h b/src/crypto/curve25519-hacl64.h index 4fd95cb..5631cde 100644 --- a/src/crypto/curve25519-hacl64.h +++ b/src/crypto/curve25519-hacl64.h @@ -10,14 +10,9 @@ typedef __uint128_t u128; static __always_inline u64 u64_eq_mask(u64 x, u64 y) { - x = ~(x ^ y); - x &= x << 32; - x &= x << 16; - x &= x << 8; - x &= x << 4; - x &= x << 2; - x &= x << 1; - return ((s64)x) >> 63; + x ^= y; + x |= -x; + return (x >> 63) - 1; } static __always_inline u64 u64_gte_mask(u64 x, u64 y) |