2019-11-20 13:30:46 +08:00
|
|
|
// Copyright 2019 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2021-03-01 07:08:33 +08:00
|
|
|
//go:build !go1.13
|
2019-11-20 13:30:46 +08:00
|
|
|
// +build !go1.13
|
|
|
|
|
|
|
|
package poly1305
|
|
|
|
|
|
|
|
// Generic fallbacks for the math/bits intrinsics, copied from
|
|
|
|
// src/math/bits/bits.go. They were added in Go 1.12, but Add64 and Sum64 had
|
|
|
|
// variable time fallbacks until Go 1.13.
|
|
|
|
|
|
|
|
func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
|
|
|
|
sum = x + y + carry
|
|
|
|
carryOut = ((x & y) | ((x | y) &^ sum)) >> 63
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
|
|
|
|
diff = x - y - borrow
|
|
|
|
borrowOut = ((^x & y) | (^(x ^ y) & diff)) >> 63
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func bitsMul64(x, y uint64) (hi, lo uint64) {
|
|
|
|
const mask32 = 1<<32 - 1
|
|
|
|
x0 := x & mask32
|
|
|
|
x1 := x >> 32
|
|
|
|
y0 := y & mask32
|
|
|
|
y1 := y >> 32
|
|
|
|
w0 := x0 * y0
|
|
|
|
t := x1*y0 + w0>>32
|
|
|
|
w1 := t & mask32
|
|
|
|
w2 := t >> 32
|
|
|
|
w1 += x0 * y1
|
|
|
|
hi = x1*y1 + w2 + w1>>32
|
|
|
|
lo = x * y
|
|
|
|
return
|
|
|
|
}
|