Lines Matching full:v1
65 uint32_t r, a, b, u0, v0, u1, v1, he, hr; in br_rsa_i15_compute_privexp() local
161 * u0, u1, v0 and v1. Initial values are: in br_rsa_i15_compute_privexp()
163 * b = r u1 = r v1 = e-1 in br_rsa_i15_compute_privexp()
166 * b = u1*e - v1*r in br_rsa_i15_compute_privexp()
172 * 0 <= v1 <= e in br_rsa_i15_compute_privexp()
175 * adjust u0, u1, v0 and v1 to maintain the invariants: in br_rsa_i15_compute_privexp()
182 * key or public exponent is not valid). The (u0,v0) or (u1,v1) in br_rsa_i15_compute_privexp()
192 * - When b is divided by 2, u1 and v1 must be divided by 2. in br_rsa_i15_compute_privexp()
193 * - When b is subtracted from a, u1 and v1 are subtracted from in br_rsa_i15_compute_privexp()
196 * u1 and v1, respectively. in br_rsa_i15_compute_privexp()
220 * * u1 <= u0 and v1 <= v0: just do the subtractions in br_rsa_i15_compute_privexp()
222 * * u1 > u0 and v1 > v0: compute: in br_rsa_i15_compute_privexp()
223 * (u0, v0) <- (u0 + r - u1, v0 + e - v1) in br_rsa_i15_compute_privexp()
225 * * u1 <= u0 and v1 > v0: compute: in br_rsa_i15_compute_privexp()
226 * (u0, v0) <- (u0 + r - u1, v0 + e - v1) in br_rsa_i15_compute_privexp()
228 * The fourth case (u1 > u0 and v1 <= v0) is not possible in br_rsa_i15_compute_privexp()
238 * solely on the comparison between v0 and v1. in br_rsa_i15_compute_privexp()
245 v1 = e - 1; in br_rsa_i15_compute_privexp()
261 /* a <- a-b, u0 <- u0-u1, v0 <- v0-v1 */ in br_rsa_i15_compute_privexp()
262 ctl = GT(v1, v0); in br_rsa_i15_compute_privexp()
265 v0 -= (v1 - (e & -ctl)) & -sab; in br_rsa_i15_compute_privexp()
267 /* b <- b-a, u1 <- u1-u0 mod r, v1 <- v1-v0 mod e */ in br_rsa_i15_compute_privexp()
268 ctl = GT(v0, v1); in br_rsa_i15_compute_privexp()
271 v1 -= (v0 - (e & -ctl)) & -sba; in br_rsa_i15_compute_privexp()
282 /* b <- b/2, u1 <- u1/2 mod r, v1 <- v1/2 mod e */ in br_rsa_i15_compute_privexp()
283 ctl = v1 & 1; in br_rsa_i15_compute_privexp()
286 v1 ^= (v1 ^ ((v1 >> 1) + (he & -ctl))) & -db; in br_rsa_i15_compute_privexp()