-rw-r--r-- 2861 libmceliece-20241009/crypto_xof/bitwrite16/64x4x2/write.c raw
// 20240805 djb: more cryptoint usage
// 20240504 djb
#include "crypto_int64.h"
#include "crypto_uint64.h"
#include "crypto_uint16.h"
#include "crypto_xof.h"
static inline crypto_uint64 equal_mask(crypto_uint16 x,crypto_uint16 y)
{
crypto_int64 mask = x^y;
mask -= 1;
mask >>= 37; // above 16; try to dodge "smart" compilers
return mask;
}
static void atmost8192(
unsigned char *h,long long hlen,
const unsigned char *m,long long mlen
)
{
long long i;
long long words = hlen>>3;
crypto_uint64 hlast = 0;
for (i = 0;i < 8*words;++i) h[i] = 0;
while (mlen >= 2) {
crypto_uint16 pos_0, pos_1;
crypto_uint64 word64_0, word64_1;
pos_0 = crypto_uint16_load(m);
word64_0 = crypto_uint64_shlmod(1,pos_0);
if (mlen >= 4) {
pos_1 = crypto_uint16_load(m+2);
word64_1 = crypto_uint64_shlmod(1,pos_1);
} else {
pos_1 = 0;
word64_1 = 0;
}
for (i = 0;i + 4 <= words;i += 4) {
crypto_uint64 hi0 = crypto_uint64_load(h+8*i);
crypto_uint64 hi1 = crypto_uint64_load(h+8*i+8);
crypto_uint64 hi2 = crypto_uint64_load(h+8*i+16);
crypto_uint64 hi3 = crypto_uint64_load(h+8*i+24);
crypto_uint64 base_0 = word64_0 & equal_mask(i>>2,pos_0>>8);
crypto_uint64 mask7_0 = crypto_int64_bitmod_mask(pos_0, 7);
crypto_uint64 base70_0 = base_0 & ~mask7_0;
crypto_uint64 base71_0 = base_0 & mask7_0;
crypto_uint64 mask6_0 = crypto_int64_bitmod_mask(pos_0, 6);
crypto_uint64 base_1 = word64_1 & equal_mask(i>>2,pos_1>>8);
crypto_uint64 mask7_1 = crypto_int64_bitmod_mask(pos_1, 7);
crypto_uint64 base70_1 = base_1 & ~mask7_1;
crypto_uint64 base71_1 = base_1 & mask7_1;
crypto_uint64 mask6_1 = crypto_int64_bitmod_mask(pos_1, 6);
hi0 |= base70_0 & ~mask6_0;
hi1 |= base70_0 & mask6_0;
hi2 |= base71_0 & ~mask6_0;
hi3 |= base71_0 & mask6_0;
hi0 |= base70_1 & ~mask6_1;
hi1 |= base70_1 & mask6_1;
hi2 |= base71_1 & ~mask6_1;
hi3 |= base71_1 & mask6_1;
crypto_uint64_store(h+8*i,hi0);
crypto_uint64_store(h+8*i+8,hi1);
crypto_uint64_store(h+8*i+16,hi2);
crypto_uint64_store(h+8*i+24,hi3);
}
for (;i < words;++i) {
crypto_uint64 hi = crypto_uint64_load(h+8*i);
hi |= word64_0 & equal_mask(i,pos_0>>6);
hi |= word64_1 & equal_mask(i,pos_1>>6);
crypto_uint64_store(h+8*i,hi);
}
hlast |= word64_0 & equal_mask(words,pos_0>>6);
hlast |= word64_1 & equal_mask(words,pos_1>>6);
m += 2;
mlen -= 2;
}
for (i = 8*words;i < hlen;++i) {
h[i] = hlast;
hlast >>= 8;
}
}
void crypto_xof(
unsigned char *h,long long hlen,
const unsigned char *m,long long mlen
)
{
while (hlen > 8192) {
atmost8192(h,8192,m,mlen);
h += 8192;
hlen -= 8192;
}
if (hlen > 0)
atmost8192(h,hlen,m,mlen);
}