Lines Matching +full:- +full:10 +full:v
57 j -= k;
60 tmp[35 - k] |= (unsigned char)w;
61 tmp[34 - k] |= (unsigned char)(w >> 8);
62 tmp[33 - k] |= (unsigned char)(w >> 16);
63 tmp[32 - k] |= (unsigned char)(w >> 24);
74 * that right-shifting a signed negative integer copies the sign bit
75 * (arithmetic right-shift). This is "implementation-defined behaviour",
84 | ((-((uint32_t)(x) >> 31)) << (32 - (n))))
90 * Convert an integer from unsigned little-endian encoding to a sequence of
91 * 13-bit words in little-endian order. The final "partial" word is
102 while (len -- > 0) { in le8_to_le13()
108 acc_len -= 13; in le8_to_le13()
115 * Convert an integer (13-bit words, little-endian) to unsigned
116 * little-endian encoding. The total encoding length is provided; all
127 while (len -- > 0) { in le13_to_le8()
134 acc_len -= 8; in le13_to_le8()
161 * mul20() multiplies two 260-bit integers together. Each word must fit
165 * square20() computes the square of a 260-bit integer. Each word must
176 * Two-level Karatsuba: turns a 20x20 multiplication into in mul20()
177 * nine 5x5 multiplications. We use 13-bit words but do not in mul20()
180 * - First Karatsuba decomposition turns the 20x20 mul on in mul20()
181 * 13-bit words into three 10x10 muls, two on 13-bit words in mul20()
182 * and one on 14-bit words. in mul20()
184 * - Second Karatsuba decomposition further splits these into: in mul20()
186 * * four 5x5 muls on 13-bit words in mul20()
187 * * four 5x5 muls on 14-bit words in mul20()
188 * * one 5x5 mul on 15-bit words in mul20()
190 * Highest word value is 8191, 16382 or 32764, for 13-bit, 14-bit in mul20()
191 * or 15-bit words, respectively. in mul20()
193 uint32_t u[45], v[45], w[90]; in mul20() local
219 (dw)[5 * (d_off) + 0] -= (s1w)[5 * (s1_off) + 0] \ in mul20()
221 (dw)[5 * (d_off) + 1] -= (s1w)[5 * (s1_off) + 1] \ in mul20()
223 (dw)[5 * (d_off) + 2] -= (s1w)[5 * (s1_off) + 2] \ in mul20()
225 (dw)[5 * (d_off) + 3] -= (s1w)[5 * (s1_off) + 3] \ in mul20()
227 (dw)[5 * (d_off) + 4] -= (s1w)[5 * (s1_off) + 4] \ in mul20()
259 memcpy(v, b, 20 * sizeof *b); in mul20()
260 ZADD(v, 4, b, 0, b, 1); in mul20()
261 ZADD(v, 5, b, 2, b, 3); in mul20()
262 ZADD(v, 6, b, 0, b, 2); in mul20()
263 ZADD(v, 7, b, 1, b, 3); in mul20()
264 ZADD(v, 8, v, 6, v, 7); in mul20()
268 * each, so we can add product results together "as is" in 32-bit in mul20()
272 w[(i << 1) + 0] = MUL15(u[i + 0], v[i + 0]); in mul20()
273 w[(i << 1) + 1] = MUL15(u[i + 0], v[i + 1]) in mul20()
274 + MUL15(u[i + 1], v[i + 0]); in mul20()
275 w[(i << 1) + 2] = MUL15(u[i + 0], v[i + 2]) in mul20()
276 + MUL15(u[i + 1], v[i + 1]) in mul20()
277 + MUL15(u[i + 2], v[i + 0]); in mul20()
278 w[(i << 1) + 3] = MUL15(u[i + 0], v[i + 3]) in mul20()
279 + MUL15(u[i + 1], v[i + 2]) in mul20()
280 + MUL15(u[i + 2], v[i + 1]) in mul20()
281 + MUL15(u[i + 3], v[i + 0]); in mul20()
282 w[(i << 1) + 4] = MUL15(u[i + 0], v[i + 4]) in mul20()
283 + MUL15(u[i + 1], v[i + 3]) in mul20()
284 + MUL15(u[i + 2], v[i + 2]) in mul20()
285 + MUL15(u[i + 3], v[i + 1]) in mul20()
286 + MUL15(u[i + 4], v[i + 0]); in mul20()
287 w[(i << 1) + 5] = MUL15(u[i + 1], v[i + 4]) in mul20()
288 + MUL15(u[i + 2], v[i + 3]) in mul20()
289 + MUL15(u[i + 3], v[i + 2]) in mul20()
290 + MUL15(u[i + 4], v[i + 1]); in mul20()
291 w[(i << 1) + 6] = MUL15(u[i + 2], v[i + 4]) in mul20()
292 + MUL15(u[i + 3], v[i + 3]) in mul20()
293 + MUL15(u[i + 4], v[i + 2]); in mul20()
294 w[(i << 1) + 7] = MUL15(u[i + 3], v[i + 4]) in mul20()
295 + MUL15(u[i + 4], v[i + 3]); in mul20()
296 w[(i << 1) + 8] = MUL15(u[i + 4], v[i + 4]); in mul20()
312 w[80 + 0] = MUL15(u[40 + 0], v[40 + 0]); in mul20()
313 w[80 + 1] = MUL15(u[40 + 0], v[40 + 1]) in mul20()
314 + MUL15(u[40 + 1], v[40 + 0]); in mul20()
315 w[80 + 2] = MUL15(u[40 + 0], v[40 + 2]) in mul20()
316 + MUL15(u[40 + 1], v[40 + 1]) in mul20()
317 + MUL15(u[40 + 2], v[40 + 0]); in mul20()
318 w[80 + 3] = MUL15(u[40 + 0], v[40 + 3]) in mul20()
319 + MUL15(u[40 + 1], v[40 + 2]) in mul20()
320 + MUL15(u[40 + 2], v[40 + 1]) in mul20()
321 + MUL15(u[40 + 3], v[40 + 0]); in mul20()
322 w[80 + 4] = MUL15(u[40 + 0], v[40 + 4]) in mul20()
323 + MUL15(u[40 + 1], v[40 + 3]) in mul20()
324 + MUL15(u[40 + 2], v[40 + 2]) in mul20()
325 + MUL15(u[40 + 3], v[40 + 1]); in mul20()
326 /* + MUL15(u[40 + 4], v[40 + 0]) */ in mul20()
327 w[80 + 5] = MUL15(u[40 + 1], v[40 + 4]) in mul20()
328 + MUL15(u[40 + 2], v[40 + 3]) in mul20()
329 + MUL15(u[40 + 3], v[40 + 2]) in mul20()
330 + MUL15(u[40 + 4], v[40 + 1]); in mul20()
331 w[80 + 6] = MUL15(u[40 + 2], v[40 + 4]) in mul20()
332 + MUL15(u[40 + 3], v[40 + 3]) in mul20()
333 + MUL15(u[40 + 4], v[40 + 2]); in mul20()
334 w[80 + 7] = MUL15(u[40 + 3], v[40 + 4]) in mul20()
335 + MUL15(u[40 + 4], v[40 + 3]); in mul20()
336 w[80 + 8] = MUL15(u[40 + 4], v[40 + 4]); in mul20()
340 w[80 + 4] += MUL15(u[40 + 4], v[40 + 0]); in mul20()
343 * The products on 14-bit words in slots 6 and 7 yield values in mul20()
346 * in a _signed_ 32-bit integer, i.e. 31 bits + a sign bit. in mul20()
347 * However, 10*(16382^2) does not fit. So we must perform a in mul20()
364 ZSUB2F(w, 10, w, 4, w, 6); in mul20()
366 ZADDT(w, 5, w, 10); in mul20()
375 /* first-level recomposition */ in mul20()
466 t[10] = MUL15(a[ 0], b[10]) in mul20()
476 + MUL15(a[10], b[ 0]); in mul20()
478 + MUL15(a[ 1], b[10]) in mul20()
487 + MUL15(a[10], b[ 1]) in mul20()
491 + MUL15(a[ 2], b[10]) in mul20()
499 + MUL15(a[10], b[ 2]) in mul20()
505 + MUL15(a[ 3], b[10]) in mul20()
512 + MUL15(a[10], b[ 3]) in mul20()
520 + MUL15(a[ 4], b[10]) in mul20()
526 + MUL15(a[10], b[ 4]) in mul20()
536 + MUL15(a[ 5], b[10]) in mul20()
541 + MUL15(a[10], b[ 5]) in mul20()
553 + MUL15(a[ 6], b[10]) in mul20()
557 + MUL15(a[10], b[ 6]) in mul20()
571 + MUL15(a[ 7], b[10]) in mul20()
574 + MUL15(a[10], b[ 7]) in mul20()
590 + MUL15(a[ 8], b[10]) in mul20()
592 + MUL15(a[10], b[ 8]) in mul20()
610 + MUL15(a[ 9], b[10]) in mul20()
611 + MUL15(a[10], b[ 9]) in mul20()
630 + MUL15(a[10], b[10]) in mul20()
648 + MUL15(a[10], b[11]) in mul20()
649 + MUL15(a[11], b[10]) in mul20()
665 + MUL15(a[10], b[12]) in mul20()
667 + MUL15(a[12], b[10]) in mul20()
681 + MUL15(a[10], b[13]) in mul20()
684 + MUL15(a[13], b[10]) in mul20()
696 + MUL15(a[10], b[14]) in mul20()
700 + MUL15(a[14], b[10]) in mul20()
710 + MUL15(a[10], b[15]) in mul20()
715 + MUL15(a[15], b[10]) in mul20()
723 + MUL15(a[10], b[16]) in mul20()
729 + MUL15(a[16], b[10]) in mul20()
735 + MUL15(a[10], b[17]) in mul20()
742 + MUL15(a[17], b[10]) in mul20()
746 + MUL15(a[10], b[18]) in mul20()
754 + MUL15(a[18], b[10]) in mul20()
756 t[29] = MUL15(a[10], b[19]) in mul20()
765 + MUL15(a[19], b[10]); in mul20()
850 t[10] = MUL15(a[ 5], a[ 5]) in square20()
851 + ((MUL15(a[ 0], a[10]) in square20()
857 + MUL15(a[ 1], a[10]) in square20()
865 + MUL15(a[ 2], a[10]) in square20()
872 + MUL15(a[ 3], a[10]) in square20()
881 + MUL15(a[ 4], a[10]) in square20()
889 + MUL15(a[ 5], a[10]) in square20()
899 + MUL15(a[ 6], a[10]) in square20()
908 + MUL15(a[ 7], a[10]) in square20()
919 + MUL15(a[ 8], a[10])) << 1); in square20()
929 + MUL15(a[ 9], a[10])) << 1); in square20()
930 t[20] = MUL15(a[10], a[10]) in square20()
948 + MUL15(a[10], a[11])) << 1); in square20()
957 + MUL15(a[10], a[12])) << 1); in square20()
964 + MUL15(a[10], a[13]) in square20()
972 + MUL15(a[10], a[14]) in square20()
978 + MUL15(a[10], a[15]) in square20()
985 + MUL15(a[10], a[16]) in square20()
990 + MUL15(a[10], a[17]) in square20()
996 + MUL15(a[10], a[18]) in square20()
1000 t[29] = ((MUL15(a[10], a[19]) in square20()
1073 * of two 256-bit integers must fit on 512 bits. in f255_mulgen()
1083 * Since the modulus is 2^255-19 and word 20 corresponds to in f255_mulgen()
1107 MM1(10); in f255_mulgen()
1139 MM2(10); in f255_mulgen()
1154 * Perform a multiplication of two integers modulo 2^255-19.
1156 * little-endian order. Input value may be up to 2^256-1; on output, value
1198 * We actually compute a - b + 2*p, so that the final value is in f255_sub()
1204 cc = (uint32_t)-38; in f255_sub()
1206 w = a[i] - b[i] + cc; in f255_sub()
1287 ctl = -ctl; in cswap()
1335 memset(k, 0, (sizeof k) - kblen); in api_mul()
1336 memcpy(k + (sizeof k) - kblen, kb, kblen); in api_mul()
1346 for (i = 254; i >= 0; i --) { in api_mul()
1349 kt = (k[31 - (i >> 3)] >> (i & 7)) & 1; in api_mul()
1406 * square-and-multiply algorithm; we mutualise most non-squarings in api_mul()
1423 for (i = 14; i >= 0; i --) { in api_mul()