Lines Matching +full:- +full:19 +full:v
57 j -= k;
60 tmp[35 - k] |= (unsigned char)w;
61 tmp[34 - k] |= (unsigned char)(w >> 8);
62 tmp[33 - k] |= (unsigned char)(w >> 16);
63 tmp[32 - k] |= (unsigned char)(w >> 24);
74 * that right-shifting a signed negative integer copies the sign bit
75 * (arithmetic right-shift). This is "implementation-defined behaviour",
84 | ((-((uint32_t)(x) >> 31)) << (32 - (n))))
90 * Convert an integer from unsigned little-endian encoding to a sequence of
91 * 13-bit words in little-endian order. The final "partial" word is
102 while (len -- > 0) { in le8_to_le13()
108 acc_len -= 13; in le8_to_le13()
115 * Convert an integer (13-bit words, little-endian) to unsigned
116 * little-endian encoding. The total encoding length is provided; all
127 while (len -- > 0) { in le13_to_le8()
134 acc_len -= 8; in le13_to_le8()
161 * mul20() multiplies two 260-bit integers together. Each word must fit
165 * square20() computes the square of a 260-bit integer. Each word must
176 * Two-level Karatsuba: turns a 20x20 multiplication into in mul20()
177 * nine 5x5 multiplications. We use 13-bit words but do not in mul20()
180 * - First Karatsuba decomposition turns the 20x20 mul on in mul20()
181 * 13-bit words into three 10x10 muls, two on 13-bit words in mul20()
182 * and one on 14-bit words. in mul20()
184 * - Second Karatsuba decomposition further splits these into: in mul20()
186 * * four 5x5 muls on 13-bit words in mul20()
187 * * four 5x5 muls on 14-bit words in mul20()
188 * * one 5x5 mul on 15-bit words in mul20()
190 * Highest word value is 8191, 16382 or 32764, for 13-bit, 14-bit in mul20()
191 * or 15-bit words, respectively. in mul20()
193 uint32_t u[45], v[45], w[90]; in mul20() local
219 (dw)[5 * (d_off) + 0] -= (s1w)[5 * (s1_off) + 0] \ in mul20()
221 (dw)[5 * (d_off) + 1] -= (s1w)[5 * (s1_off) + 1] \ in mul20()
223 (dw)[5 * (d_off) + 2] -= (s1w)[5 * (s1_off) + 2] \ in mul20()
225 (dw)[5 * (d_off) + 3] -= (s1w)[5 * (s1_off) + 3] \ in mul20()
227 (dw)[5 * (d_off) + 4] -= (s1w)[5 * (s1_off) + 4] \ in mul20()
259 memcpy(v, b, 20 * sizeof *b); in mul20()
260 ZADD(v, 4, b, 0, b, 1); in mul20()
261 ZADD(v, 5, b, 2, b, 3); in mul20()
262 ZADD(v, 6, b, 0, b, 2); in mul20()
263 ZADD(v, 7, b, 1, b, 3); in mul20()
264 ZADD(v, 8, v, 6, v, 7); in mul20()
268 * each, so we can add product results together "as is" in 32-bit in mul20()
272 w[(i << 1) + 0] = MUL15(u[i + 0], v[i + 0]); in mul20()
273 w[(i << 1) + 1] = MUL15(u[i + 0], v[i + 1]) in mul20()
274 + MUL15(u[i + 1], v[i + 0]); in mul20()
275 w[(i << 1) + 2] = MUL15(u[i + 0], v[i + 2]) in mul20()
276 + MUL15(u[i + 1], v[i + 1]) in mul20()
277 + MUL15(u[i + 2], v[i + 0]); in mul20()
278 w[(i << 1) + 3] = MUL15(u[i + 0], v[i + 3]) in mul20()
279 + MUL15(u[i + 1], v[i + 2]) in mul20()
280 + MUL15(u[i + 2], v[i + 1]) in mul20()
281 + MUL15(u[i + 3], v[i + 0]); in mul20()
282 w[(i << 1) + 4] = MUL15(u[i + 0], v[i + 4]) in mul20()
283 + MUL15(u[i + 1], v[i + 3]) in mul20()
284 + MUL15(u[i + 2], v[i + 2]) in mul20()
285 + MUL15(u[i + 3], v[i + 1]) in mul20()
286 + MUL15(u[i + 4], v[i + 0]); in mul20()
287 w[(i << 1) + 5] = MUL15(u[i + 1], v[i + 4]) in mul20()
288 + MUL15(u[i + 2], v[i + 3]) in mul20()
289 + MUL15(u[i + 3], v[i + 2]) in mul20()
290 + MUL15(u[i + 4], v[i + 1]); in mul20()
291 w[(i << 1) + 6] = MUL15(u[i + 2], v[i + 4]) in mul20()
292 + MUL15(u[i + 3], v[i + 3]) in mul20()
293 + MUL15(u[i + 4], v[i + 2]); in mul20()
294 w[(i << 1) + 7] = MUL15(u[i + 3], v[i + 4]) in mul20()
295 + MUL15(u[i + 4], v[i + 3]); in mul20()
296 w[(i << 1) + 8] = MUL15(u[i + 4], v[i + 4]); in mul20()
312 w[80 + 0] = MUL15(u[40 + 0], v[40 + 0]); in mul20()
313 w[80 + 1] = MUL15(u[40 + 0], v[40 + 1]) in mul20()
314 + MUL15(u[40 + 1], v[40 + 0]); in mul20()
315 w[80 + 2] = MUL15(u[40 + 0], v[40 + 2]) in mul20()
316 + MUL15(u[40 + 1], v[40 + 1]) in mul20()
317 + MUL15(u[40 + 2], v[40 + 0]); in mul20()
318 w[80 + 3] = MUL15(u[40 + 0], v[40 + 3]) in mul20()
319 + MUL15(u[40 + 1], v[40 + 2]) in mul20()
320 + MUL15(u[40 + 2], v[40 + 1]) in mul20()
321 + MUL15(u[40 + 3], v[40 + 0]); in mul20()
322 w[80 + 4] = MUL15(u[40 + 0], v[40 + 4]) in mul20()
323 + MUL15(u[40 + 1], v[40 + 3]) in mul20()
324 + MUL15(u[40 + 2], v[40 + 2]) in mul20()
325 + MUL15(u[40 + 3], v[40 + 1]); in mul20()
326 /* + MUL15(u[40 + 4], v[40 + 0]) */ in mul20()
327 w[80 + 5] = MUL15(u[40 + 1], v[40 + 4]) in mul20()
328 + MUL15(u[40 + 2], v[40 + 3]) in mul20()
329 + MUL15(u[40 + 3], v[40 + 2]) in mul20()
330 + MUL15(u[40 + 4], v[40 + 1]); in mul20()
331 w[80 + 6] = MUL15(u[40 + 2], v[40 + 4]) in mul20()
332 + MUL15(u[40 + 3], v[40 + 3]) in mul20()
333 + MUL15(u[40 + 4], v[40 + 2]); in mul20()
334 w[80 + 7] = MUL15(u[40 + 3], v[40 + 4]) in mul20()
335 + MUL15(u[40 + 4], v[40 + 3]); in mul20()
336 w[80 + 8] = MUL15(u[40 + 4], v[40 + 4]); in mul20()
340 w[80 + 4] += MUL15(u[40 + 4], v[40 + 0]); in mul20()
343 * The products on 14-bit words in slots 6 and 7 yield values in mul20()
346 * in a _signed_ 32-bit integer, i.e. 31 bits + a sign bit. in mul20()
375 /* first-level recomposition */ in mul20()
601 t[19] = MUL15(a[ 0], b[19]) in mul20()
620 + MUL15(a[19], b[ 0]); in mul20()
621 t[20] = MUL15(a[ 1], b[19]) in mul20()
639 + MUL15(a[19], b[ 1]); in mul20()
640 t[21] = MUL15(a[ 2], b[19]) in mul20()
657 + MUL15(a[19], b[ 2]); in mul20()
658 t[22] = MUL15(a[ 3], b[19]) in mul20()
674 + MUL15(a[19], b[ 3]); in mul20()
675 t[23] = MUL15(a[ 4], b[19]) in mul20()
690 + MUL15(a[19], b[ 4]); in mul20()
691 t[24] = MUL15(a[ 5], b[19]) in mul20()
705 + MUL15(a[19], b[ 5]); in mul20()
706 t[25] = MUL15(a[ 6], b[19]) in mul20()
719 + MUL15(a[19], b[ 6]); in mul20()
720 t[26] = MUL15(a[ 7], b[19]) in mul20()
732 + MUL15(a[19], b[ 7]); in mul20()
733 t[27] = MUL15(a[ 8], b[19]) in mul20()
744 + MUL15(a[19], b[ 8]); in mul20()
745 t[28] = MUL15(a[ 9], b[19]) in mul20()
755 + MUL15(a[19], b[ 9]); in mul20()
756 t[29] = MUL15(a[10], b[19]) in mul20()
765 + MUL15(a[19], b[10]); in mul20()
766 t[30] = MUL15(a[11], b[19]) in mul20()
774 + MUL15(a[19], b[11]); in mul20()
775 t[31] = MUL15(a[12], b[19]) in mul20()
782 + MUL15(a[19], b[12]); in mul20()
783 t[32] = MUL15(a[13], b[19]) in mul20()
789 + MUL15(a[19], b[13]); in mul20()
790 t[33] = MUL15(a[14], b[19]) in mul20()
795 + MUL15(a[19], b[14]); in mul20()
796 t[34] = MUL15(a[15], b[19]) in mul20()
800 + MUL15(a[19], b[15]); in mul20()
801 t[35] = MUL15(a[16], b[19]) in mul20()
804 + MUL15(a[19], b[16]); in mul20()
805 t[36] = MUL15(a[17], b[19]) in mul20()
807 + MUL15(a[19], b[17]); in mul20()
808 t[37] = MUL15(a[18], b[19]) in mul20()
809 + MUL15(a[19], b[18]); in mul20()
810 t[38] = MUL15(a[19], b[19]); in mul20()
920 t[19] = ((MUL15(a[ 0], a[19]) in square20()
931 + ((MUL15(a[ 1], a[19]) in square20()
940 t[21] = ((MUL15(a[ 2], a[19]) in square20()
950 + ((MUL15(a[ 3], a[19]) in square20()
958 t[23] = ((MUL15(a[ 4], a[19]) in square20()
967 + ((MUL15(a[ 5], a[19]) in square20()
974 t[25] = ((MUL15(a[ 6], a[19]) in square20()
982 + ((MUL15(a[ 7], a[19]) in square20()
988 t[27] = ((MUL15(a[ 8], a[19]) in square20()
995 + ((MUL15(a[ 9], a[19]) in square20()
1000 t[29] = ((MUL15(a[10], a[19]) in square20()
1006 + ((MUL15(a[11], a[19]) in square20()
1010 t[31] = ((MUL15(a[12], a[19]) in square20()
1015 + ((MUL15(a[13], a[19]) in square20()
1018 t[33] = ((MUL15(a[14], a[19]) in square20()
1022 + ((MUL15(a[15], a[19]) in square20()
1024 t[35] = ((MUL15(a[16], a[19]) in square20()
1027 + ((MUL15(a[17], a[19])) << 1); in square20()
1028 t[37] = ((MUL15(a[18], a[19])) << 1); in square20()
1029 t[38] = MUL15(a[19], a[19]); in square20()
1051 cc = 19; in reduce_final_f255()
1059 cc = t[19] >> 8; in reduce_final_f255()
1060 t[19] &= 0xFF; in reduce_final_f255()
1073 * of two 256-bit integers must fit on 512 bits. in f255_mulgen()
1083 * Since the modulus is 2^255-19 and word 20 corresponds to in f255_mulgen()
1085 * a factor of 19*2^5 = 608. The extra bits in word 19 are also in f255_mulgen()
1088 cc = MUL15(t[19] >> 8, 19); in f255_mulgen()
1089 t[19] &= 0xFF; in f255_mulgen()
1116 MM1(19); in f255_mulgen()
1120 cc = MUL15(w >> 8, 19); in f255_mulgen()
1121 t[19] &= 0xFF; in f255_mulgen()
1148 MM2(19); in f255_mulgen()
1154 * Perform a multiplication of two integers modulo 2^255-19.
1156 * little-endian order. Input value may be up to 2^256-1; on output, value
1181 cc = MUL15(w >> 8, 19); in f255_add()
1182 d[19] &= 0xFF; in f255_add()
1198 * We actually compute a - b + 2*p, so that the final value is in f255_sub()
1204 cc = (uint32_t)-38; in f255_sub()
1206 w = a[i] - b[i] + cc; in f255_sub()
1210 cc = MUL15((w + 0x200) >> 8, 19); in f255_sub()
1211 d[19] &= 0xFF; in f255_sub()
1235 cc = MUL15(w >> 8, 19); in f255_mul_a24()
1236 d[19] &= 0xFF; in f255_mul_a24()
1287 ctl = -ctl; in cswap()
1327 x1[19] = le8_to_le13(x1, G, 32); in api_mul()
1335 memset(k, 0, (sizeof k) - kblen); in api_mul()
1336 memcpy(k + (sizeof k) - kblen, kb, kblen); in api_mul()
1346 for (i = 254; i >= 0; i --) { in api_mul()
1349 kt = (k[31 - (i >> 3)] >> (i & 7)) & 1; in api_mul()
1406 * square-and-multiply algorithm; we mutualise most non-squarings in api_mul()
1423 for (i = 14; i >= 0; i --) { in api_mul()