Lines Matching +full:1 +full:k
77 #define MASK63 (((uint64_t)1 << 63) - (uint64_t)1)
89 w = m & (a[1] ^ b[1]); a[1] ^= w; b[1] ^= w; in f255_cswap()
107 z = (unsigned __int128)a[1] + (unsigned __int128)b[1] + (z >> 64); in f255_add()
117 * 2^256+74; thus, the carry cc is equal to 0, 1 or 2. in f255_add()
126 d[1] = (uint64_t)z; in f255_add()
134 unsigned char k; in f255_add()
136 k = _addcarry_u64(0, a[0], b[0], &t0); in f255_add()
137 k = _addcarry_u64(k, a[1], b[1], &t1); in f255_add()
138 k = _addcarry_u64(k, a[2], b[2], &t2); in f255_add()
139 k = _addcarry_u64(k, a[3], b[3], &t3); in f255_add()
140 cc = (k << 1) + (t3 >> 63); in f255_add()
145 * 2^256+74; thus, the carry cc is equal to 0, 1 or 2. in f255_add()
151 k = _addcarry_u64(0, t0, 19 * cc, &d[0]); in f255_add()
152 k = _addcarry_u64(k, t1, 0, &d[1]); in f255_add()
153 k = _addcarry_u64(k, t2, 0, &d[2]); in f255_add()
154 (void)_addcarry_u64(k, t3, 0, &d[3]); in f255_add()
180 z = (unsigned __int128)a[1] - (unsigned __int128)b[1] in f255_sub()
191 t4 = 1 + (uint64_t)(z >> 64); in f255_sub()
195 * but not 11 (value t <= 2^256 - 38 + 2^255 + 37 = 2^256 + 2^255 - 1). in f255_sub()
204 d[1] = (uint64_t)z; in f255_sub()
219 unsigned char k; in f255_sub()
221 k = _subborrow_u64(0, a[0], b[0], &t0); in f255_sub()
222 k = _subborrow_u64(k, a[1], b[1], &t1); in f255_sub()
223 k = _subborrow_u64(k, a[2], b[2], &t2); in f255_sub()
224 k = _subborrow_u64(k, a[3], b[3], &t3); in f255_sub()
225 (void)_subborrow_u64(k, 1, 0, &t4); in f255_sub()
227 k = _subborrow_u64(0, t0, 38, &t0); in f255_sub()
228 k = _subborrow_u64(k, t1, 0, &t1); in f255_sub()
229 k = _subborrow_u64(k, t2, 0, &t2); in f255_sub()
230 k = _subborrow_u64(k, t3, 0, &t3); in f255_sub()
231 (void)_subborrow_u64(k, t4, 0, &t4); in f255_sub()
235 * but not 11 (value t <= 2^256 - 38 + 2^255 + 37 = 2^256 + 2^255 - 1). in f255_sub()
241 k = _addcarry_u64(0, t0, t4, &d[0]); in f255_sub()
242 k = _addcarry_u64(k, t1, 0, &d[1]); in f255_sub()
243 k = _addcarry_u64(k, t2, 0, &d[2]); in f255_sub()
244 (void)_addcarry_u64(k, t3, 0, &d[3]); in f255_sub()
265 z = (unsigned __int128)a[0] * (unsigned __int128)b[1] + (z >> 64); in f255_mul()
273 z = (unsigned __int128)a[1] * (unsigned __int128)b[0] in f255_mul()
276 z = (unsigned __int128)a[1] * (unsigned __int128)b[1] in f255_mul()
279 z = (unsigned __int128)a[1] * (unsigned __int128)b[2] in f255_mul()
282 z = (unsigned __int128)a[1] * (unsigned __int128)b[3] in f255_mul()
290 z = (unsigned __int128)a[2] * (unsigned __int128)b[1] in f255_mul()
304 z = (unsigned __int128)a[3] * (unsigned __int128)b[1] in f255_mul()
327 t7 = ((t7 << 1) | (t6 >> 63)) & MASK63; in f255_mul()
328 t6 = (t6 << 1) | (t5 >> 63); in f255_mul()
329 t5 = (t5 << 1) | (t4 >> 63); in f255_mul()
330 t4 = (t4 << 1) | (t3 >> 63); in f255_mul()
368 * can only have value 0, 1 or 2. We just add th*19, which in f255_mul()
374 d[1] = (uint64_t)z; in f255_mul()
383 unsigned char k; in f255_mul()
389 t1 = _umul128(a[0], b[1], &h1); in f255_mul()
390 k = _addcarry_u64(0, t1, h0, &t1); in f255_mul()
392 k = _addcarry_u64(k, t2, h1, &t2); in f255_mul()
394 k = _addcarry_u64(k, t3, h2, &t3); in f255_mul()
395 (void)_addcarry_u64(k, h3, 0, &t4); in f255_mul()
397 k = _addcarry_u64(0, _umul128(a[1], b[0], &h0), t1, &t1); in f255_mul()
398 k = _addcarry_u64(k, _umul128(a[1], b[1], &h1), t2, &t2); in f255_mul()
399 k = _addcarry_u64(k, _umul128(a[1], b[2], &h2), t3, &t3); in f255_mul()
400 k = _addcarry_u64(k, _umul128(a[1], b[3], &h3), t4, &t4); in f255_mul()
401 t5 = k; in f255_mul()
402 k = _addcarry_u64(0, t2, h0, &t2); in f255_mul()
403 k = _addcarry_u64(k, t3, h1, &t3); in f255_mul()
404 k = _addcarry_u64(k, t4, h2, &t4); in f255_mul()
405 (void)_addcarry_u64(k, t5, h3, &t5); in f255_mul()
407 k = _addcarry_u64(0, _umul128(a[2], b[0], &h0), t2, &t2); in f255_mul()
408 k = _addcarry_u64(k, _umul128(a[2], b[1], &h1), t3, &t3); in f255_mul()
409 k = _addcarry_u64(k, _umul128(a[2], b[2], &h2), t4, &t4); in f255_mul()
410 k = _addcarry_u64(k, _umul128(a[2], b[3], &h3), t5, &t5); in f255_mul()
411 t6 = k; in f255_mul()
412 k = _addcarry_u64(0, t3, h0, &t3); in f255_mul()
413 k = _addcarry_u64(k, t4, h1, &t4); in f255_mul()
414 k = _addcarry_u64(k, t5, h2, &t5); in f255_mul()
415 (void)_addcarry_u64(k, t6, h3, &t6); in f255_mul()
417 k = _addcarry_u64(0, _umul128(a[3], b[0], &h0), t3, &t3); in f255_mul()
418 k = _addcarry_u64(k, _umul128(a[3], b[1], &h1), t4, &t4); in f255_mul()
419 k = _addcarry_u64(k, _umul128(a[3], b[2], &h2), t5, &t5); in f255_mul()
420 k = _addcarry_u64(k, _umul128(a[3], b[3], &h3), t6, &t6); in f255_mul()
421 t7 = k; in f255_mul()
422 k = _addcarry_u64(0, t4, h0, &t4); in f255_mul()
423 k = _addcarry_u64(k, t5, h1, &t5); in f255_mul()
424 k = _addcarry_u64(k, t6, h2, &t6); in f255_mul()
425 (void)_addcarry_u64(k, t7, h3, &t7); in f255_mul()
439 t7 = ((t7 << 1) | (t6 >> 63)) & MASK63; in f255_mul()
440 t6 = (t6 << 1) | (t5 >> 63); in f255_mul()
441 t5 = (t5 << 1) | (t4 >> 63); in f255_mul()
442 t4 = (t4 << 1) | (t3 >> 63); in f255_mul()
453 k = _addcarry_u64(0, t5, h0, &t5); in f255_mul()
454 k = _addcarry_u64(k, t6, h1, &t6); in f255_mul()
455 k = _addcarry_u64(k, t7, h2, &t7); in f255_mul()
456 (void)_addcarry_u64(k, h3, 0, &h3); in f255_mul()
457 th = (361 & -th) + (19 * ((h3 << 1) + (t7 >> 63))); in f255_mul()
467 k = _addcarry_u64(0, t0, t4, &t0); in f255_mul()
468 k = _addcarry_u64(k, t1, t5, &t1); in f255_mul()
469 k = _addcarry_u64(k, t2, t6, &t2); in f255_mul()
470 k = _addcarry_u64(k, t3, t7, &t3); in f255_mul()
471 t4 = k; in f255_mul()
472 k = _addcarry_u64(0, t0, th, &t0); in f255_mul()
473 k = _addcarry_u64(k, t1, 0, &t1); in f255_mul()
474 k = _addcarry_u64(k, t2, 0, &t2); in f255_mul()
475 k = _addcarry_u64(k, t3, 0, &t3); in f255_mul()
476 (void)_addcarry_u64(k, t4, 0, &t4); in f255_mul()
478 th = (t4 << 1) + (t3 >> 63); in f255_mul()
483 * can only have value 0, 1 or 2. We just add th*19, which in f255_mul()
486 k = _addcarry_u64(0, t0, 19 * th, &d[0]); in f255_mul()
487 k = _addcarry_u64(k, t1, 0, &d[1]); in f255_mul()
488 k = _addcarry_u64(k, t2, 0, &d[2]); in f255_mul()
489 (void)_addcarry_u64(k, t3, 0, &d[3]); in f255_mul()
507 z = (unsigned __int128)a[1] * 121665 + (z >> 64); in f255_mul_a24()
525 d[1] = (uint64_t)z; in f255_mul_a24()
533 unsigned char k; in f255_mul_a24()
536 t1 = _umul128(a[1], 121665, &h1); in f255_mul_a24()
537 k = _addcarry_u64(0, t1, h0, &t1); in f255_mul_a24()
539 k = _addcarry_u64(k, t2, h1, &t2); in f255_mul_a24()
541 k = _addcarry_u64(k, t3, h2, &t3); in f255_mul_a24()
542 (void)_addcarry_u64(k, h3, 0, &t4); in f255_mul_a24()
544 t4 = (t4 << 1) + (t3 >> 63); in f255_mul_a24()
546 k = _addcarry_u64(0, t0, 19 * t4, &t0); in f255_mul_a24()
547 k = _addcarry_u64(k, t1, 0, &t1); in f255_mul_a24()
548 k = _addcarry_u64(k, t2, 0, &t2); in f255_mul_a24()
549 (void)_addcarry_u64(k, t3, 0, &t3); in f255_mul_a24()
553 k = _addcarry_u64(0, t0, t4, &d[0]); in f255_mul_a24()
554 k = _addcarry_u64(k, t1, 0, &d[1]); in f255_mul_a24()
555 k = _addcarry_u64(k, t2, 0, &d[2]); in f255_mul_a24()
556 (void)_addcarry_u64(k, t3, 0, &d[3]); in f255_mul_a24()
580 z = (unsigned __int128)a[1] + (z >> 64); in f255_final_reduce()
589 a[1] ^= m & (a[1] ^ t1); in f255_final_reduce()
596 unsigned char k; in f255_final_reduce()
604 k = _addcarry_u64(0, a[0], 19, &t0); in f255_final_reduce()
605 k = _addcarry_u64(k, a[1], 0, &t1); in f255_final_reduce()
606 k = _addcarry_u64(k, a[2], 0, &t2); in f255_final_reduce()
607 (void)_addcarry_u64(k, a[3], 0, &t3); in f255_final_reduce()
612 a[1] ^= m & (a[1] ^ t1); in f255_final_reduce()
623 unsigned char k[32]; in api_mul() local
643 x1[1] = br_dec64le(&G[ 8]); in api_mul()
653 x2[0] = 1; in api_mul()
662 memset(k, 0, (sizeof k) - kblen); in api_mul()
663 memcpy(k + (sizeof k) - kblen, kb, kblen); in api_mul()
664 k[31] &= 0xF8; in api_mul()
665 k[0] &= 0x7F; in api_mul()
666 k[0] |= 0x40; in api_mul()
675 kt = (k[31 - (i >> 3)] >> (i & 7)) & 1; in api_mul()
730 * Compute 1/z2 = z2^(p-2). Since p = 2^255-19, we can mutualize in api_mul()
749 if ((0xFFEB >> i) & 1) { in api_mul()
755 * Compute x2/z2. We have 1/z2 in x3. in api_mul()
764 br_enc64le(G + 8, x2[1]); in api_mul()
767 return 1; in api_mul()