edwards25519: remove Go 1.12 compatibility hack

2021-03-30 16:12:53 +02:00 · 2021-03-30 16:12:53 +02:00 · 8afd860d6f
parent 1765c13863
commit 8afd860d6f
4 changed files with 21 additions and 63 deletions
--- a/fe.go
+++ b/fe.go
@ -7,6 +7,7 @@ package edwards25519
 import (
 	"crypto/subtle"
 	"encoding/binary"
+	"math/bits"
 )

 // fieldElement represents an element of the field GF(2^255-19). Note that this
@ -330,6 +331,14 @@ func (v *fieldElement) Mult32(x *fieldElement, y uint32) *fieldElement {
 	return v
 }

+// mul51 returns lo + hi * 2⁵¹ = a * b.
+func mul51(a uint64, b uint32) (lo uint64, hi uint64) {
+	mh, ml := bits.Mul64(a, uint64(b))
+	lo = ml & maskLow51Bits
+	hi = (mh << 13) | (ml >> 51)
+	return
+}
+
 // Pow22523 set v = x^((p-5)/8), and returns v. (p-5)/8 is 2^252-3.
 func (v *fieldElement) Pow22523(x *fieldElement) *fieldElement {
 	var t0, t1, t2 fieldElement
--- a/fe_generic.go
+++ b/fe_generic.go
@ -4,6 +4,8 @@

 package edwards25519

+import "math/bits"
+
 func feMulGeneric(v, x, y *fieldElement) {
 	x0 := x.l0
 	x1 := x.l1
@ -178,6 +180,16 @@ func feSquareGeneric(v, x *fieldElement) {
 	v.carryPropagate()
 }

+// madd64 returns ol + oh * 2⁶⁴ = lo + hi * 2⁶⁴ + a * b. That is, it multiplies
+// a and b, and adds the result to the split uint128 [lo,hi].
+func madd64(lo, hi, a, b uint64) (ol uint64, oh uint64) {
+	oh, ol = bits.Mul64(a, b)
+	var c uint64
+	ol, c = bits.Add64(ol, lo, 0)
+	oh, _ = bits.Add64(oh, hi, c)
+	return
+}
+
 // carryPropagate brings the limbs below 52 bits by applying the reduction
 // identity to the l4 carry.
 func (v *fieldElement) carryPropagateGeneric() *fieldElement {
--- a/fe_mul_bits.go
+++ b/fe_mul_bits.go
@ -1,27 +0,0 @@
-// Copyright (c) 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.13
-
-package edwards25519
-
-import "math/bits"
-
-// madd64 returns ol + oh * 2⁶⁴ = lo + hi * 2⁶⁴ + a * b. That is, it multiplies
-// a and b, and adds the result to the split uint128 [lo,hi].
-func madd64(lo, hi, a, b uint64) (ol uint64, oh uint64) {
-	oh, ol = bits.Mul64(a, b)
-	var c uint64
-	ol, c = bits.Add64(ol, lo, 0)
-	oh, _ = bits.Add64(oh, hi, c)
-	return
-}
-
-// mul51 returns lo + hi * 2⁵¹ = a * b.
-func mul51(a uint64, b uint32) (lo uint64, hi uint64) {
-	mh, ml := bits.Mul64(a, uint64(b))
-	lo = ml & maskLow51Bits
-	hi = (mh << 13) | (ml >> 51)
-	return
-}
--- a/fe_mul_compat.go
+++ b/fe_mul_compat.go
@ -1,36 +0,0 @@
-// Copyright (c) 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.13
-
-package edwards25519
-
-import "unsafe"
-
-// madd64 returns ol + oh * 2⁶⁴ = lo + hi * 2⁶⁴ + a * b. That is, it multiplies
-// a and b, and adds the result to the split uint128 [lo,hi].
-func madd64(lo, hi, a, b uint64) (ol uint64, oh uint64) {
-	t1 := (a>>32)*(b&0xFFFFFFFF) + ((a & 0xFFFFFFFF) * (b & 0xFFFFFFFF) >> 32)
-	t2 := (a&0xFFFFFFFF)*(b>>32) + (t1 & 0xFFFFFFFF)
-	ol = (a * b) + lo
-	cmp := ol < lo
-	oh = hi + (a>>32)*(b>>32) + t1>>32 + t2>>32 + uint64(*(*byte)(unsafe.Pointer(&cmp)))
-	return
-}
-
-const mask32 = 1<<32 - 1
-
-// mul51 returns lo + hi * 2⁵¹ = a * b.
-func mul51(a uint64, b uint32) (lo uint64, hi uint64) {
-	w0 := (a & mask32) * uint64(b)
-	t := (a>>32)*uint64(b) + w0>>32
-	w1 := t & mask32
-	w2 := t >> 32
-	mh := w2 + w1>>32
-	ml := a * uint64(b)
-
-	lo = ml & maskLow51Bits
-	hi = (mh << 13) | (ml >> 51)
-	return
-}