Lines Matching +full:14 +full:a
5 * a copy of this software and associated documentation files (the
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
74 * that right-shifting a signed negative integer copies the sign bit
90 * Convert an integer from unsigned little-endian encoding to a sequence of
139 * Normalise an array of words to a strict 13 bits per word. Returned
165 * square20() computes the square of a 260-bit integer. Each word must
173 mul20(uint32_t *d, const uint32_t *a, const uint32_t *b) in mul20() argument
176 * Two-level Karatsuba: turns a 20x20 multiplication into in mul20()
182 * and one on 14-bit words. in mul20()
187 * * four 5x5 muls on 14-bit words in mul20()
190 * Highest word value is 8191, 16382 or 32764, for 13-bit, 14-bit in mul20()
252 memcpy(u, a, 20 * sizeof *a); in mul20()
253 ZADD(u, 4, a, 0, a, 1); in mul20()
254 ZADD(u, 5, a, 2, a, 3); in mul20()
255 ZADD(u, 6, a, 0, a, 2); in mul20()
256 ZADD(u, 7, a, 1, a, 3); in mul20()
308 * then do a carry propagation (this reduces words to 13 bits in mul20()
343 * The products on 14-bit words in slots 6 and 7 yield values in mul20()
346 * in a _signed_ 32-bit integer, i.e. 31 bits + a sign bit. in mul20()
347 * However, 10*(16382^2) does not fit. So we must perform a in mul20()
370 ZSUB2F(w, 16, w, 12, w, 14); in mul20()
373 ZADDT(w, 14, w, 17); in mul20()
378 ZSUB2F(w, 14, w, 2, w, 6); in mul20()
382 ZADDT(w, 4, w, 14); in mul20()
399 square20(uint32_t *d, const uint32_t *a) in square20() argument
401 mul20(d, a, a); in square20()
407 mul20(uint32_t *d, const uint32_t *a, const uint32_t *b) in mul20() argument
411 t[ 0] = MUL15(a[ 0], b[ 0]); in mul20()
412 t[ 1] = MUL15(a[ 0], b[ 1]) in mul20()
413 + MUL15(a[ 1], b[ 0]); in mul20()
414 t[ 2] = MUL15(a[ 0], b[ 2]) in mul20()
415 + MUL15(a[ 1], b[ 1]) in mul20()
416 + MUL15(a[ 2], b[ 0]); in mul20()
417 t[ 3] = MUL15(a[ 0], b[ 3]) in mul20()
418 + MUL15(a[ 1], b[ 2]) in mul20()
419 + MUL15(a[ 2], b[ 1]) in mul20()
420 + MUL15(a[ 3], b[ 0]); in mul20()
421 t[ 4] = MUL15(a[ 0], b[ 4]) in mul20()
422 + MUL15(a[ 1], b[ 3]) in mul20()
423 + MUL15(a[ 2], b[ 2]) in mul20()
424 + MUL15(a[ 3], b[ 1]) in mul20()
425 + MUL15(a[ 4], b[ 0]); in mul20()
426 t[ 5] = MUL15(a[ 0], b[ 5]) in mul20()
427 + MUL15(a[ 1], b[ 4]) in mul20()
428 + MUL15(a[ 2], b[ 3]) in mul20()
429 + MUL15(a[ 3], b[ 2]) in mul20()
430 + MUL15(a[ 4], b[ 1]) in mul20()
431 + MUL15(a[ 5], b[ 0]); in mul20()
432 t[ 6] = MUL15(a[ 0], b[ 6]) in mul20()
433 + MUL15(a[ 1], b[ 5]) in mul20()
434 + MUL15(a[ 2], b[ 4]) in mul20()
435 + MUL15(a[ 3], b[ 3]) in mul20()
436 + MUL15(a[ 4], b[ 2]) in mul20()
437 + MUL15(a[ 5], b[ 1]) in mul20()
438 + MUL15(a[ 6], b[ 0]); in mul20()
439 t[ 7] = MUL15(a[ 0], b[ 7]) in mul20()
440 + MUL15(a[ 1], b[ 6]) in mul20()
441 + MUL15(a[ 2], b[ 5]) in mul20()
442 + MUL15(a[ 3], b[ 4]) in mul20()
443 + MUL15(a[ 4], b[ 3]) in mul20()
444 + MUL15(a[ 5], b[ 2]) in mul20()
445 + MUL15(a[ 6], b[ 1]) in mul20()
446 + MUL15(a[ 7], b[ 0]); in mul20()
447 t[ 8] = MUL15(a[ 0], b[ 8]) in mul20()
448 + MUL15(a[ 1], b[ 7]) in mul20()
449 + MUL15(a[ 2], b[ 6]) in mul20()
450 + MUL15(a[ 3], b[ 5]) in mul20()
451 + MUL15(a[ 4], b[ 4]) in mul20()
452 + MUL15(a[ 5], b[ 3]) in mul20()
453 + MUL15(a[ 6], b[ 2]) in mul20()
454 + MUL15(a[ 7], b[ 1]) in mul20()
455 + MUL15(a[ 8], b[ 0]); in mul20()
456 t[ 9] = MUL15(a[ 0], b[ 9]) in mul20()
457 + MUL15(a[ 1], b[ 8]) in mul20()
458 + MUL15(a[ 2], b[ 7]) in mul20()
459 + MUL15(a[ 3], b[ 6]) in mul20()
460 + MUL15(a[ 4], b[ 5]) in mul20()
461 + MUL15(a[ 5], b[ 4]) in mul20()
462 + MUL15(a[ 6], b[ 3]) in mul20()
463 + MUL15(a[ 7], b[ 2]) in mul20()
464 + MUL15(a[ 8], b[ 1]) in mul20()
465 + MUL15(a[ 9], b[ 0]); in mul20()
466 t[10] = MUL15(a[ 0], b[10]) in mul20()
467 + MUL15(a[ 1], b[ 9]) in mul20()
468 + MUL15(a[ 2], b[ 8]) in mul20()
469 + MUL15(a[ 3], b[ 7]) in mul20()
470 + MUL15(a[ 4], b[ 6]) in mul20()
471 + MUL15(a[ 5], b[ 5]) in mul20()
472 + MUL15(a[ 6], b[ 4]) in mul20()
473 + MUL15(a[ 7], b[ 3]) in mul20()
474 + MUL15(a[ 8], b[ 2]) in mul20()
475 + MUL15(a[ 9], b[ 1]) in mul20()
476 + MUL15(a[10], b[ 0]); in mul20()
477 t[11] = MUL15(a[ 0], b[11]) in mul20()
478 + MUL15(a[ 1], b[10]) in mul20()
479 + MUL15(a[ 2], b[ 9]) in mul20()
480 + MUL15(a[ 3], b[ 8]) in mul20()
481 + MUL15(a[ 4], b[ 7]) in mul20()
482 + MUL15(a[ 5], b[ 6]) in mul20()
483 + MUL15(a[ 6], b[ 5]) in mul20()
484 + MUL15(a[ 7], b[ 4]) in mul20()
485 + MUL15(a[ 8], b[ 3]) in mul20()
486 + MUL15(a[ 9], b[ 2]) in mul20()
487 + MUL15(a[10], b[ 1]) in mul20()
488 + MUL15(a[11], b[ 0]); in mul20()
489 t[12] = MUL15(a[ 0], b[12]) in mul20()
490 + MUL15(a[ 1], b[11]) in mul20()
491 + MUL15(a[ 2], b[10]) in mul20()
492 + MUL15(a[ 3], b[ 9]) in mul20()
493 + MUL15(a[ 4], b[ 8]) in mul20()
494 + MUL15(a[ 5], b[ 7]) in mul20()
495 + MUL15(a[ 6], b[ 6]) in mul20()
496 + MUL15(a[ 7], b[ 5]) in mul20()
497 + MUL15(a[ 8], b[ 4]) in mul20()
498 + MUL15(a[ 9], b[ 3]) in mul20()
499 + MUL15(a[10], b[ 2]) in mul20()
500 + MUL15(a[11], b[ 1]) in mul20()
501 + MUL15(a[12], b[ 0]); in mul20()
502 t[13] = MUL15(a[ 0], b[13]) in mul20()
503 + MUL15(a[ 1], b[12]) in mul20()
504 + MUL15(a[ 2], b[11]) in mul20()
505 + MUL15(a[ 3], b[10]) in mul20()
506 + MUL15(a[ 4], b[ 9]) in mul20()
507 + MUL15(a[ 5], b[ 8]) in mul20()
508 + MUL15(a[ 6], b[ 7]) in mul20()
509 + MUL15(a[ 7], b[ 6]) in mul20()
510 + MUL15(a[ 8], b[ 5]) in mul20()
511 + MUL15(a[ 9], b[ 4]) in mul20()
512 + MUL15(a[10], b[ 3]) in mul20()
513 + MUL15(a[11], b[ 2]) in mul20()
514 + MUL15(a[12], b[ 1]) in mul20()
515 + MUL15(a[13], b[ 0]); in mul20()
516 t[14] = MUL15(a[ 0], b[14]) in mul20()
517 + MUL15(a[ 1], b[13]) in mul20()
518 + MUL15(a[ 2], b[12]) in mul20()
519 + MUL15(a[ 3], b[11]) in mul20()
520 + MUL15(a[ 4], b[10]) in mul20()
521 + MUL15(a[ 5], b[ 9]) in mul20()
522 + MUL15(a[ 6], b[ 8]) in mul20()
523 + MUL15(a[ 7], b[ 7]) in mul20()
524 + MUL15(a[ 8], b[ 6]) in mul20()
525 + MUL15(a[ 9], b[ 5]) in mul20()
526 + MUL15(a[10], b[ 4]) in mul20()
527 + MUL15(a[11], b[ 3]) in mul20()
528 + MUL15(a[12], b[ 2]) in mul20()
529 + MUL15(a[13], b[ 1]) in mul20()
530 + MUL15(a[14], b[ 0]); in mul20()
531 t[15] = MUL15(a[ 0], b[15]) in mul20()
532 + MUL15(a[ 1], b[14]) in mul20()
533 + MUL15(a[ 2], b[13]) in mul20()
534 + MUL15(a[ 3], b[12]) in mul20()
535 + MUL15(a[ 4], b[11]) in mul20()
536 + MUL15(a[ 5], b[10]) in mul20()
537 + MUL15(a[ 6], b[ 9]) in mul20()
538 + MUL15(a[ 7], b[ 8]) in mul20()
539 + MUL15(a[ 8], b[ 7]) in mul20()
540 + MUL15(a[ 9], b[ 6]) in mul20()
541 + MUL15(a[10], b[ 5]) in mul20()
542 + MUL15(a[11], b[ 4]) in mul20()
543 + MUL15(a[12], b[ 3]) in mul20()
544 + MUL15(a[13], b[ 2]) in mul20()
545 + MUL15(a[14], b[ 1]) in mul20()
546 + MUL15(a[15], b[ 0]); in mul20()
547 t[16] = MUL15(a[ 0], b[16]) in mul20()
548 + MUL15(a[ 1], b[15]) in mul20()
549 + MUL15(a[ 2], b[14]) in mul20()
550 + MUL15(a[ 3], b[13]) in mul20()
551 + MUL15(a[ 4], b[12]) in mul20()
552 + MUL15(a[ 5], b[11]) in mul20()
553 + MUL15(a[ 6], b[10]) in mul20()
554 + MUL15(a[ 7], b[ 9]) in mul20()
555 + MUL15(a[ 8], b[ 8]) in mul20()
556 + MUL15(a[ 9], b[ 7]) in mul20()
557 + MUL15(a[10], b[ 6]) in mul20()
558 + MUL15(a[11], b[ 5]) in mul20()
559 + MUL15(a[12], b[ 4]) in mul20()
560 + MUL15(a[13], b[ 3]) in mul20()
561 + MUL15(a[14], b[ 2]) in mul20()
562 + MUL15(a[15], b[ 1]) in mul20()
563 + MUL15(a[16], b[ 0]); in mul20()
564 t[17] = MUL15(a[ 0], b[17]) in mul20()
565 + MUL15(a[ 1], b[16]) in mul20()
566 + MUL15(a[ 2], b[15]) in mul20()
567 + MUL15(a[ 3], b[14]) in mul20()
568 + MUL15(a[ 4], b[13]) in mul20()
569 + MUL15(a[ 5], b[12]) in mul20()
570 + MUL15(a[ 6], b[11]) in mul20()
571 + MUL15(a[ 7], b[10]) in mul20()
572 + MUL15(a[ 8], b[ 9]) in mul20()
573 + MUL15(a[ 9], b[ 8]) in mul20()
574 + MUL15(a[10], b[ 7]) in mul20()
575 + MUL15(a[11], b[ 6]) in mul20()
576 + MUL15(a[12], b[ 5]) in mul20()
577 + MUL15(a[13], b[ 4]) in mul20()
578 + MUL15(a[14], b[ 3]) in mul20()
579 + MUL15(a[15], b[ 2]) in mul20()
580 + MUL15(a[16], b[ 1]) in mul20()
581 + MUL15(a[17], b[ 0]); in mul20()
582 t[18] = MUL15(a[ 0], b[18]) in mul20()
583 + MUL15(a[ 1], b[17]) in mul20()
584 + MUL15(a[ 2], b[16]) in mul20()
585 + MUL15(a[ 3], b[15]) in mul20()
586 + MUL15(a[ 4], b[14]) in mul20()
587 + MUL15(a[ 5], b[13]) in mul20()
588 + MUL15(a[ 6], b[12]) in mul20()
589 + MUL15(a[ 7], b[11]) in mul20()
590 + MUL15(a[ 8], b[10]) in mul20()
591 + MUL15(a[ 9], b[ 9]) in mul20()
592 + MUL15(a[10], b[ 8]) in mul20()
593 + MUL15(a[11], b[ 7]) in mul20()
594 + MUL15(a[12], b[ 6]) in mul20()
595 + MUL15(a[13], b[ 5]) in mul20()
596 + MUL15(a[14], b[ 4]) in mul20()
597 + MUL15(a[15], b[ 3]) in mul20()
598 + MUL15(a[16], b[ 2]) in mul20()
599 + MUL15(a[17], b[ 1]) in mul20()
600 + MUL15(a[18], b[ 0]); in mul20()
601 t[19] = MUL15(a[ 0], b[19]) in mul20()
602 + MUL15(a[ 1], b[18]) in mul20()
603 + MUL15(a[ 2], b[17]) in mul20()
604 + MUL15(a[ 3], b[16]) in mul20()
605 + MUL15(a[ 4], b[15]) in mul20()
606 + MUL15(a[ 5], b[14]) in mul20()
607 + MUL15(a[ 6], b[13]) in mul20()
608 + MUL15(a[ 7], b[12]) in mul20()
609 + MUL15(a[ 8], b[11]) in mul20()
610 + MUL15(a[ 9], b[10]) in mul20()
611 + MUL15(a[10], b[ 9]) in mul20()
612 + MUL15(a[11], b[ 8]) in mul20()
613 + MUL15(a[12], b[ 7]) in mul20()
614 + MUL15(a[13], b[ 6]) in mul20()
615 + MUL15(a[14], b[ 5]) in mul20()
616 + MUL15(a[15], b[ 4]) in mul20()
617 + MUL15(a[16], b[ 3]) in mul20()
618 + MUL15(a[17], b[ 2]) in mul20()
619 + MUL15(a[18], b[ 1]) in mul20()
620 + MUL15(a[19], b[ 0]); in mul20()
621 t[20] = MUL15(a[ 1], b[19]) in mul20()
622 + MUL15(a[ 2], b[18]) in mul20()
623 + MUL15(a[ 3], b[17]) in mul20()
624 + MUL15(a[ 4], b[16]) in mul20()
625 + MUL15(a[ 5], b[15]) in mul20()
626 + MUL15(a[ 6], b[14]) in mul20()
627 + MUL15(a[ 7], b[13]) in mul20()
628 + MUL15(a[ 8], b[12]) in mul20()
629 + MUL15(a[ 9], b[11]) in mul20()
630 + MUL15(a[10], b[10]) in mul20()
631 + MUL15(a[11], b[ 9]) in mul20()
632 + MUL15(a[12], b[ 8]) in mul20()
633 + MUL15(a[13], b[ 7]) in mul20()
634 + MUL15(a[14], b[ 6]) in mul20()
635 + MUL15(a[15], b[ 5]) in mul20()
636 + MUL15(a[16], b[ 4]) in mul20()
637 + MUL15(a[17], b[ 3]) in mul20()
638 + MUL15(a[18], b[ 2]) in mul20()
639 + MUL15(a[19], b[ 1]); in mul20()
640 t[21] = MUL15(a[ 2], b[19]) in mul20()
641 + MUL15(a[ 3], b[18]) in mul20()
642 + MUL15(a[ 4], b[17]) in mul20()
643 + MUL15(a[ 5], b[16]) in mul20()
644 + MUL15(a[ 6], b[15]) in mul20()
645 + MUL15(a[ 7], b[14]) in mul20()
646 + MUL15(a[ 8], b[13]) in mul20()
647 + MUL15(a[ 9], b[12]) in mul20()
648 + MUL15(a[10], b[11]) in mul20()
649 + MUL15(a[11], b[10]) in mul20()
650 + MUL15(a[12], b[ 9]) in mul20()
651 + MUL15(a[13], b[ 8]) in mul20()
652 + MUL15(a[14], b[ 7]) in mul20()
653 + MUL15(a[15], b[ 6]) in mul20()
654 + MUL15(a[16], b[ 5]) in mul20()
655 + MUL15(a[17], b[ 4]) in mul20()
656 + MUL15(a[18], b[ 3]) in mul20()
657 + MUL15(a[19], b[ 2]); in mul20()
658 t[22] = MUL15(a[ 3], b[19]) in mul20()
659 + MUL15(a[ 4], b[18]) in mul20()
660 + MUL15(a[ 5], b[17]) in mul20()
661 + MUL15(a[ 6], b[16]) in mul20()
662 + MUL15(a[ 7], b[15]) in mul20()
663 + MUL15(a[ 8], b[14]) in mul20()
664 + MUL15(a[ 9], b[13]) in mul20()
665 + MUL15(a[10], b[12]) in mul20()
666 + MUL15(a[11], b[11]) in mul20()
667 + MUL15(a[12], b[10]) in mul20()
668 + MUL15(a[13], b[ 9]) in mul20()
669 + MUL15(a[14], b[ 8]) in mul20()
670 + MUL15(a[15], b[ 7]) in mul20()
671 + MUL15(a[16], b[ 6]) in mul20()
672 + MUL15(a[17], b[ 5]) in mul20()
673 + MUL15(a[18], b[ 4]) in mul20()
674 + MUL15(a[19], b[ 3]); in mul20()
675 t[23] = MUL15(a[ 4], b[19]) in mul20()
676 + MUL15(a[ 5], b[18]) in mul20()
677 + MUL15(a[ 6], b[17]) in mul20()
678 + MUL15(a[ 7], b[16]) in mul20()
679 + MUL15(a[ 8], b[15]) in mul20()
680 + MUL15(a[ 9], b[14]) in mul20()
681 + MUL15(a[10], b[13]) in mul20()
682 + MUL15(a[11], b[12]) in mul20()
683 + MUL15(a[12], b[11]) in mul20()
684 + MUL15(a[13], b[10]) in mul20()
685 + MUL15(a[14], b[ 9]) in mul20()
686 + MUL15(a[15], b[ 8]) in mul20()
687 + MUL15(a[16], b[ 7]) in mul20()
688 + MUL15(a[17], b[ 6]) in mul20()
689 + MUL15(a[18], b[ 5]) in mul20()
690 + MUL15(a[19], b[ 4]); in mul20()
691 t[24] = MUL15(a[ 5], b[19]) in mul20()
692 + MUL15(a[ 6], b[18]) in mul20()
693 + MUL15(a[ 7], b[17]) in mul20()
694 + MUL15(a[ 8], b[16]) in mul20()
695 + MUL15(a[ 9], b[15]) in mul20()
696 + MUL15(a[10], b[14]) in mul20()
697 + MUL15(a[11], b[13]) in mul20()
698 + MUL15(a[12], b[12]) in mul20()
699 + MUL15(a[13], b[11]) in mul20()
700 + MUL15(a[14], b[10]) in mul20()
701 + MUL15(a[15], b[ 9]) in mul20()
702 + MUL15(a[16], b[ 8]) in mul20()
703 + MUL15(a[17], b[ 7]) in mul20()
704 + MUL15(a[18], b[ 6]) in mul20()
705 + MUL15(a[19], b[ 5]); in mul20()
706 t[25] = MUL15(a[ 6], b[19]) in mul20()
707 + MUL15(a[ 7], b[18]) in mul20()
708 + MUL15(a[ 8], b[17]) in mul20()
709 + MUL15(a[ 9], b[16]) in mul20()
710 + MUL15(a[10], b[15]) in mul20()
711 + MUL15(a[11], b[14]) in mul20()
712 + MUL15(a[12], b[13]) in mul20()
713 + MUL15(a[13], b[12]) in mul20()
714 + MUL15(a[14], b[11]) in mul20()
715 + MUL15(a[15], b[10]) in mul20()
716 + MUL15(a[16], b[ 9]) in mul20()
717 + MUL15(a[17], b[ 8]) in mul20()
718 + MUL15(a[18], b[ 7]) in mul20()
719 + MUL15(a[19], b[ 6]); in mul20()
720 t[26] = MUL15(a[ 7], b[19]) in mul20()
721 + MUL15(a[ 8], b[18]) in mul20()
722 + MUL15(a[ 9], b[17]) in mul20()
723 + MUL15(a[10], b[16]) in mul20()
724 + MUL15(a[11], b[15]) in mul20()
725 + MUL15(a[12], b[14]) in mul20()
726 + MUL15(a[13], b[13]) in mul20()
727 + MUL15(a[14], b[12]) in mul20()
728 + MUL15(a[15], b[11]) in mul20()
729 + MUL15(a[16], b[10]) in mul20()
730 + MUL15(a[17], b[ 9]) in mul20()
731 + MUL15(a[18], b[ 8]) in mul20()
732 + MUL15(a[19], b[ 7]); in mul20()
733 t[27] = MUL15(a[ 8], b[19]) in mul20()
734 + MUL15(a[ 9], b[18]) in mul20()
735 + MUL15(a[10], b[17]) in mul20()
736 + MUL15(a[11], b[16]) in mul20()
737 + MUL15(a[12], b[15]) in mul20()
738 + MUL15(a[13], b[14]) in mul20()
739 + MUL15(a[14], b[13]) in mul20()
740 + MUL15(a[15], b[12]) in mul20()
741 + MUL15(a[16], b[11]) in mul20()
742 + MUL15(a[17], b[10]) in mul20()
743 + MUL15(a[18], b[ 9]) in mul20()
744 + MUL15(a[19], b[ 8]); in mul20()
745 t[28] = MUL15(a[ 9], b[19]) in mul20()
746 + MUL15(a[10], b[18]) in mul20()
747 + MUL15(a[11], b[17]) in mul20()
748 + MUL15(a[12], b[16]) in mul20()
749 + MUL15(a[13], b[15]) in mul20()
750 + MUL15(a[14], b[14]) in mul20()
751 + MUL15(a[15], b[13]) in mul20()
752 + MUL15(a[16], b[12]) in mul20()
753 + MUL15(a[17], b[11]) in mul20()
754 + MUL15(a[18], b[10]) in mul20()
755 + MUL15(a[19], b[ 9]); in mul20()
756 t[29] = MUL15(a[10], b[19]) in mul20()
757 + MUL15(a[11], b[18]) in mul20()
758 + MUL15(a[12], b[17]) in mul20()
759 + MUL15(a[13], b[16]) in mul20()
760 + MUL15(a[14], b[15]) in mul20()
761 + MUL15(a[15], b[14]) in mul20()
762 + MUL15(a[16], b[13]) in mul20()
763 + MUL15(a[17], b[12]) in mul20()
764 + MUL15(a[18], b[11]) in mul20()
765 + MUL15(a[19], b[10]); in mul20()
766 t[30] = MUL15(a[11], b[19]) in mul20()
767 + MUL15(a[12], b[18]) in mul20()
768 + MUL15(a[13], b[17]) in mul20()
769 + MUL15(a[14], b[16]) in mul20()
770 + MUL15(a[15], b[15]) in mul20()
771 + MUL15(a[16], b[14]) in mul20()
772 + MUL15(a[17], b[13]) in mul20()
773 + MUL15(a[18], b[12]) in mul20()
774 + MUL15(a[19], b[11]); in mul20()
775 t[31] = MUL15(a[12], b[19]) in mul20()
776 + MUL15(a[13], b[18]) in mul20()
777 + MUL15(a[14], b[17]) in mul20()
778 + MUL15(a[15], b[16]) in mul20()
779 + MUL15(a[16], b[15]) in mul20()
780 + MUL15(a[17], b[14]) in mul20()
781 + MUL15(a[18], b[13]) in mul20()
782 + MUL15(a[19], b[12]); in mul20()
783 t[32] = MUL15(a[13], b[19]) in mul20()
784 + MUL15(a[14], b[18]) in mul20()
785 + MUL15(a[15], b[17]) in mul20()
786 + MUL15(a[16], b[16]) in mul20()
787 + MUL15(a[17], b[15]) in mul20()
788 + MUL15(a[18], b[14]) in mul20()
789 + MUL15(a[19], b[13]); in mul20()
790 t[33] = MUL15(a[14], b[19]) in mul20()
791 + MUL15(a[15], b[18]) in mul20()
792 + MUL15(a[16], b[17]) in mul20()
793 + MUL15(a[17], b[16]) in mul20()
794 + MUL15(a[18], b[15]) in mul20()
795 + MUL15(a[19], b[14]); in mul20()
796 t[34] = MUL15(a[15], b[19]) in mul20()
797 + MUL15(a[16], b[18]) in mul20()
798 + MUL15(a[17], b[17]) in mul20()
799 + MUL15(a[18], b[16]) in mul20()
800 + MUL15(a[19], b[15]); in mul20()
801 t[35] = MUL15(a[16], b[19]) in mul20()
802 + MUL15(a[17], b[18]) in mul20()
803 + MUL15(a[18], b[17]) in mul20()
804 + MUL15(a[19], b[16]); in mul20()
805 t[36] = MUL15(a[17], b[19]) in mul20()
806 + MUL15(a[18], b[18]) in mul20()
807 + MUL15(a[19], b[17]); in mul20()
808 t[37] = MUL15(a[18], b[19]) in mul20()
809 + MUL15(a[19], b[18]); in mul20()
810 t[38] = MUL15(a[19], b[19]); in mul20()
816 square20(uint32_t *d, const uint32_t *a) in square20() argument
820 t[ 0] = MUL15(a[ 0], a[ 0]); in square20()
821 t[ 1] = ((MUL15(a[ 0], a[ 1])) << 1); in square20()
822 t[ 2] = MUL15(a[ 1], a[ 1]) in square20()
823 + ((MUL15(a[ 0], a[ 2])) << 1); in square20()
824 t[ 3] = ((MUL15(a[ 0], a[ 3]) in square20()
825 + MUL15(a[ 1], a[ 2])) << 1); in square20()
826 t[ 4] = MUL15(a[ 2], a[ 2]) in square20()
827 + ((MUL15(a[ 0], a[ 4]) in square20()
828 + MUL15(a[ 1], a[ 3])) << 1); in square20()
829 t[ 5] = ((MUL15(a[ 0], a[ 5]) in square20()
830 + MUL15(a[ 1], a[ 4]) in square20()
831 + MUL15(a[ 2], a[ 3])) << 1); in square20()
832 t[ 6] = MUL15(a[ 3], a[ 3]) in square20()
833 + ((MUL15(a[ 0], a[ 6]) in square20()
834 + MUL15(a[ 1], a[ 5]) in square20()
835 + MUL15(a[ 2], a[ 4])) << 1); in square20()
836 t[ 7] = ((MUL15(a[ 0], a[ 7]) in square20()
837 + MUL15(a[ 1], a[ 6]) in square20()
838 + MUL15(a[ 2], a[ 5]) in square20()
839 + MUL15(a[ 3], a[ 4])) << 1); in square20()
840 t[ 8] = MUL15(a[ 4], a[ 4]) in square20()
841 + ((MUL15(a[ 0], a[ 8]) in square20()
842 + MUL15(a[ 1], a[ 7]) in square20()
843 + MUL15(a[ 2], a[ 6]) in square20()
844 + MUL15(a[ 3], a[ 5])) << 1); in square20()
845 t[ 9] = ((MUL15(a[ 0], a[ 9]) in square20()
846 + MUL15(a[ 1], a[ 8]) in square20()
847 + MUL15(a[ 2], a[ 7]) in square20()
848 + MUL15(a[ 3], a[ 6]) in square20()
849 + MUL15(a[ 4], a[ 5])) << 1); in square20()
850 t[10] = MUL15(a[ 5], a[ 5]) in square20()
851 + ((MUL15(a[ 0], a[10]) in square20()
852 + MUL15(a[ 1], a[ 9]) in square20()
853 + MUL15(a[ 2], a[ 8]) in square20()
854 + MUL15(a[ 3], a[ 7]) in square20()
855 + MUL15(a[ 4], a[ 6])) << 1); in square20()
856 t[11] = ((MUL15(a[ 0], a[11]) in square20()
857 + MUL15(a[ 1], a[10]) in square20()
858 + MUL15(a[ 2], a[ 9]) in square20()
859 + MUL15(a[ 3], a[ 8]) in square20()
860 + MUL15(a[ 4], a[ 7]) in square20()
861 + MUL15(a[ 5], a[ 6])) << 1); in square20()
862 t[12] = MUL15(a[ 6], a[ 6]) in square20()
863 + ((MUL15(a[ 0], a[12]) in square20()
864 + MUL15(a[ 1], a[11]) in square20()
865 + MUL15(a[ 2], a[10]) in square20()
866 + MUL15(a[ 3], a[ 9]) in square20()
867 + MUL15(a[ 4], a[ 8]) in square20()
868 + MUL15(a[ 5], a[ 7])) << 1); in square20()
869 t[13] = ((MUL15(a[ 0], a[13]) in square20()
870 + MUL15(a[ 1], a[12]) in square20()
871 + MUL15(a[ 2], a[11]) in square20()
872 + MUL15(a[ 3], a[10]) in square20()
873 + MUL15(a[ 4], a[ 9]) in square20()
874 + MUL15(a[ 5], a[ 8]) in square20()
875 + MUL15(a[ 6], a[ 7])) << 1); in square20()
876 t[14] = MUL15(a[ 7], a[ 7]) in square20()
877 + ((MUL15(a[ 0], a[14]) in square20()
878 + MUL15(a[ 1], a[13]) in square20()
879 + MUL15(a[ 2], a[12]) in square20()
880 + MUL15(a[ 3], a[11]) in square20()
881 + MUL15(a[ 4], a[10]) in square20()
882 + MUL15(a[ 5], a[ 9]) in square20()
883 + MUL15(a[ 6], a[ 8])) << 1); in square20()
884 t[15] = ((MUL15(a[ 0], a[15]) in square20()
885 + MUL15(a[ 1], a[14]) in square20()
886 + MUL15(a[ 2], a[13]) in square20()
887 + MUL15(a[ 3], a[12]) in square20()
888 + MUL15(a[ 4], a[11]) in square20()
889 + MUL15(a[ 5], a[10]) in square20()
890 + MUL15(a[ 6], a[ 9]) in square20()
891 + MUL15(a[ 7], a[ 8])) << 1); in square20()
892 t[16] = MUL15(a[ 8], a[ 8]) in square20()
893 + ((MUL15(a[ 0], a[16]) in square20()
894 + MUL15(a[ 1], a[15]) in square20()
895 + MUL15(a[ 2], a[14]) in square20()
896 + MUL15(a[ 3], a[13]) in square20()
897 + MUL15(a[ 4], a[12]) in square20()
898 + MUL15(a[ 5], a[11]) in square20()
899 + MUL15(a[ 6], a[10]) in square20()
900 + MUL15(a[ 7], a[ 9])) << 1); in square20()
901 t[17] = ((MUL15(a[ 0], a[17]) in square20()
902 + MUL15(a[ 1], a[16]) in square20()
903 + MUL15(a[ 2], a[15]) in square20()
904 + MUL15(a[ 3], a[14]) in square20()
905 + MUL15(a[ 4], a[13]) in square20()
906 + MUL15(a[ 5], a[12]) in square20()
907 + MUL15(a[ 6], a[11]) in square20()
908 + MUL15(a[ 7], a[10]) in square20()
909 + MUL15(a[ 8], a[ 9])) << 1); in square20()
910 t[18] = MUL15(a[ 9], a[ 9]) in square20()
911 + ((MUL15(a[ 0], a[18]) in square20()
912 + MUL15(a[ 1], a[17]) in square20()
913 + MUL15(a[ 2], a[16]) in square20()
914 + MUL15(a[ 3], a[15]) in square20()
915 + MUL15(a[ 4], a[14]) in square20()
916 + MUL15(a[ 5], a[13]) in square20()
917 + MUL15(a[ 6], a[12]) in square20()
918 + MUL15(a[ 7], a[11]) in square20()
919 + MUL15(a[ 8], a[10])) << 1); in square20()
920 t[19] = ((MUL15(a[ 0], a[19]) in square20()
921 + MUL15(a[ 1], a[18]) in square20()
922 + MUL15(a[ 2], a[17]) in square20()
923 + MUL15(a[ 3], a[16]) in square20()
924 + MUL15(a[ 4], a[15]) in square20()
925 + MUL15(a[ 5], a[14]) in square20()
926 + MUL15(a[ 6], a[13]) in square20()
927 + MUL15(a[ 7], a[12]) in square20()
928 + MUL15(a[ 8], a[11]) in square20()
929 + MUL15(a[ 9], a[10])) << 1); in square20()
930 t[20] = MUL15(a[10], a[10]) in square20()
931 + ((MUL15(a[ 1], a[19]) in square20()
932 + MUL15(a[ 2], a[18]) in square20()
933 + MUL15(a[ 3], a[17]) in square20()
934 + MUL15(a[ 4], a[16]) in square20()
935 + MUL15(a[ 5], a[15]) in square20()
936 + MUL15(a[ 6], a[14]) in square20()
937 + MUL15(a[ 7], a[13]) in square20()
938 + MUL15(a[ 8], a[12]) in square20()
939 + MUL15(a[ 9], a[11])) << 1); in square20()
940 t[21] = ((MUL15(a[ 2], a[19]) in square20()
941 + MUL15(a[ 3], a[18]) in square20()
942 + MUL15(a[ 4], a[17]) in square20()
943 + MUL15(a[ 5], a[16]) in square20()
944 + MUL15(a[ 6], a[15]) in square20()
945 + MUL15(a[ 7], a[14]) in square20()
946 + MUL15(a[ 8], a[13]) in square20()
947 + MUL15(a[ 9], a[12]) in square20()
948 + MUL15(a[10], a[11])) << 1); in square20()
949 t[22] = MUL15(a[11], a[11]) in square20()
950 + ((MUL15(a[ 3], a[19]) in square20()
951 + MUL15(a[ 4], a[18]) in square20()
952 + MUL15(a[ 5], a[17]) in square20()
953 + MUL15(a[ 6], a[16]) in square20()
954 + MUL15(a[ 7], a[15]) in square20()
955 + MUL15(a[ 8], a[14]) in square20()
956 + MUL15(a[ 9], a[13]) in square20()
957 + MUL15(a[10], a[12])) << 1); in square20()
958 t[23] = ((MUL15(a[ 4], a[19]) in square20()
959 + MUL15(a[ 5], a[18]) in square20()
960 + MUL15(a[ 6], a[17]) in square20()
961 + MUL15(a[ 7], a[16]) in square20()
962 + MUL15(a[ 8], a[15]) in square20()
963 + MUL15(a[ 9], a[14]) in square20()
964 + MUL15(a[10], a[13]) in square20()
965 + MUL15(a[11], a[12])) << 1); in square20()
966 t[24] = MUL15(a[12], a[12]) in square20()
967 + ((MUL15(a[ 5], a[19]) in square20()
968 + MUL15(a[ 6], a[18]) in square20()
969 + MUL15(a[ 7], a[17]) in square20()
970 + MUL15(a[ 8], a[16]) in square20()
971 + MUL15(a[ 9], a[15]) in square20()
972 + MUL15(a[10], a[14]) in square20()
973 + MUL15(a[11], a[13])) << 1); in square20()
974 t[25] = ((MUL15(a[ 6], a[19]) in square20()
975 + MUL15(a[ 7], a[18]) in square20()
976 + MUL15(a[ 8], a[17]) in square20()
977 + MUL15(a[ 9], a[16]) in square20()
978 + MUL15(a[10], a[15]) in square20()
979 + MUL15(a[11], a[14]) in square20()
980 + MUL15(a[12], a[13])) << 1); in square20()
981 t[26] = MUL15(a[13], a[13]) in square20()
982 + ((MUL15(a[ 7], a[19]) in square20()
983 + MUL15(a[ 8], a[18]) in square20()
984 + MUL15(a[ 9], a[17]) in square20()
985 + MUL15(a[10], a[16]) in square20()
986 + MUL15(a[11], a[15]) in square20()
987 + MUL15(a[12], a[14])) << 1); in square20()
988 t[27] = ((MUL15(a[ 8], a[19]) in square20()
989 + MUL15(a[ 9], a[18]) in square20()
990 + MUL15(a[10], a[17]) in square20()
991 + MUL15(a[11], a[16]) in square20()
992 + MUL15(a[12], a[15]) in square20()
993 + MUL15(a[13], a[14])) << 1); in square20()
994 t[28] = MUL15(a[14], a[14]) in square20()
995 + ((MUL15(a[ 9], a[19]) in square20()
996 + MUL15(a[10], a[18]) in square20()
997 + MUL15(a[11], a[17]) in square20()
998 + MUL15(a[12], a[16]) in square20()
999 + MUL15(a[13], a[15])) << 1); in square20()
1000 t[29] = ((MUL15(a[10], a[19]) in square20()
1001 + MUL15(a[11], a[18]) in square20()
1002 + MUL15(a[12], a[17]) in square20()
1003 + MUL15(a[13], a[16]) in square20()
1004 + MUL15(a[14], a[15])) << 1); in square20()
1005 t[30] = MUL15(a[15], a[15]) in square20()
1006 + ((MUL15(a[11], a[19]) in square20()
1007 + MUL15(a[12], a[18]) in square20()
1008 + MUL15(a[13], a[17]) in square20()
1009 + MUL15(a[14], a[16])) << 1); in square20()
1010 t[31] = ((MUL15(a[12], a[19]) in square20()
1011 + MUL15(a[13], a[18]) in square20()
1012 + MUL15(a[14], a[17]) in square20()
1013 + MUL15(a[15], a[16])) << 1); in square20()
1014 t[32] = MUL15(a[16], a[16]) in square20()
1015 + ((MUL15(a[13], a[19]) in square20()
1016 + MUL15(a[14], a[18]) in square20()
1017 + MUL15(a[15], a[17])) << 1); in square20()
1018 t[33] = ((MUL15(a[14], a[19]) in square20()
1019 + MUL15(a[15], a[18]) in square20()
1020 + MUL15(a[16], a[17])) << 1); in square20()
1021 t[34] = MUL15(a[17], a[17]) in square20()
1022 + ((MUL15(a[15], a[19]) in square20()
1023 + MUL15(a[16], a[18])) << 1); in square20()
1024 t[35] = ((MUL15(a[16], a[19]) in square20()
1025 + MUL15(a[17], a[18])) << 1); in square20()
1026 t[36] = MUL15(a[18], a[18]) in square20()
1027 + ((MUL15(a[17], a[19])) << 1); in square20()
1028 t[37] = ((MUL15(a[18], a[19])) << 1); in square20()
1029 t[38] = MUL15(a[19], a[19]); in square20()
1037 * Perform a "final reduction" in field F255 (field for Curve25519)
1066 f255_mulgen(uint32_t *d, const uint32_t *a, const uint32_t *b, int square) in f255_mulgen() argument
1076 square20(t, a); in f255_mulgen()
1078 mul20(t, a, b); in f255_mulgen()
1085 * a factor of 19*2^5 = 608. The extra bits in word 19 are also in f255_mulgen()
1111 MM1(14); in f255_mulgen()
1143 MM2(14); in f255_mulgen()
1154 * Perform a multiplication of two integers modulo 2^255-19.
1162 #define f255_mul(d, a, b) f255_mulgen(d, a, b, 0) argument
1163 #define f255_square(d, a) f255_mulgen(d, a, a, 1) argument
1170 f255_add(uint32_t *d, const uint32_t *a, const uint32_t *b) in f255_add() argument
1177 w = a[i] + b[i] + cc; in f255_add()
1195 f255_sub(uint32_t *d, const uint32_t *a, const uint32_t *b) in f255_sub() argument
1198 * We actually compute a - b + 2*p, so that the final value is in f255_sub()
1206 w = a[i] - b[i] + cc; in f255_sub()
1224 f255_mul_a24(uint32_t *d, const uint32_t *a) in f255_mul_a24() argument
1231 w = MUL15(a[i], 121665) + cc; in f255_mul_a24()
1283 cswap(uint32_t *a, uint32_t *b, uint32_t ctl) in cswap() argument
1291 aw = a[i]; in cswap()
1294 a[i] = aw ^ tw; in cswap()
1304 uint32_t a[20], aa[20], b[20], bb[20]; in api_mul() local
1362 f255_add(a, x2, z2); in api_mul()
1363 f255_square(aa, a); in api_mul()
1369 f255_mul(da, d, a); in api_mul()
1373 print_int("a ", a); in api_mul()
1405 * Inverse z2 with a modular exponentiation. This is a simple in api_mul()
1409 memcpy(a, z2, sizeof z2); in api_mul()
1411 f255_square(a, a); in api_mul()
1412 f255_mul(a, a, z2); in api_mul()
1414 memcpy(b, a, sizeof a); in api_mul()
1415 for (i = 0; i < 14; i ++) { in api_mul()
1421 f255_mul(b, b, a); in api_mul()
1423 for (i = 14; i >= 0; i --) { in api_mul()
1449 api_muladd(unsigned char *A, const unsigned char *B, size_t len, in api_muladd() argument
1458 (void)A; in api_muladd()