2  *  Copyright (C) 2017 - This file is part of libecc project
7  *      Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr>
28  *	- r = 2^p_rounded_bitlen mod (p), where
31  *	- r_square = r^2 mod (p)
32  *	- mpinv = -p^-1 mod (2^WORDSIZE).
37  * The function returns 0 on success, -1 on error. out parameters 'r',
71 	/* _mpinv = 2^wlen - (modinv(prime, 2^wlen)) */  in nn_compute_redc1_coefs()
117  * and mpinv is -p^(-1) mod (2^WORDSIZE).
122  * The function returns 0 on success, -1 on error.
127 	word_t prod_high, prod_low, carry, acc, m;  in _nn_mul_redc1()  local
146 	a = (in1->wlen <= in2->wlen) ? in2 : in1;  in _nn_mul_redc1()
147 	b = (in1->wlen <= in2->wlen) ? in1 : in2;  in _nn_mul_redc1()
156 	ret = nn_set_wlen(out, p->wlen); EG(ret, err);  in _nn_mul_redc1()
158 	len = out->wlen;  in _nn_mul_redc1()
159 	len_mul = b->wlen;  in _nn_mul_redc1()
164 	MUST_HAVE(((WORD_BITS * (out->wlen + 1)) <= NN_MAX_BIT_LEN), ret, err);  in _nn_mul_redc1()
165 	old_wlen = out->wlen;  in _nn_mul_redc1()
166 	out->wlen = (u8)(out->wlen + 1);  in _nn_mul_redc1()
172 	for (i = 0; i < out->wlen; i++) {  in _nn_mul_redc1()
173 		out->val[i] = 0;  in _nn_mul_redc1()
176 		carry = WORD(0);  in _nn_mul_redc1()
178 			WORD_MUL(prod_high, prod_low, a->val[i], b->val[j]);  in _nn_mul_redc1()
179 			prod_low  = (word_t)(prod_low + carry);  in _nn_mul_redc1()
180 			prod_high = (word_t)(prod_high + (prod_low < carry));  in _nn_mul_redc1()
181 			out->val[j] = (word_t)(out->val[j] + prod_low);  in _nn_mul_redc1()
182 			carry = (word_t)(prod_high + (out->val[j] < prod_low));  in _nn_mul_redc1()
185 			out->val[j] = (word_t)(out->val[j] + carry);  in _nn_mul_redc1()
186 			carry = (word_t)(out->val[j] < carry);  in _nn_mul_redc1()
188 		out->val[j] = (word_t)(out->val[j] + carry);  in _nn_mul_redc1()
189 		acc = (word_t)(out->val[j] < carry);  in _nn_mul_redc1()
191 		m = (word_t)(out->val[0] * mpinv);  in _nn_mul_redc1()
192 		WORD_MUL(prod_high, prod_low, m, p->val[0]);  in _nn_mul_redc1()
193 		prod_low = (word_t)(prod_low + out->val[0]);  in _nn_mul_redc1()
194 		carry = (word_t)(prod_high + (prod_low < out->val[0]));  in _nn_mul_redc1()
196 			WORD_MUL(prod_high, prod_low, m, p->val[j]);  in _nn_mul_redc1()
197 			prod_low  = (word_t)(prod_low + carry);  in _nn_mul_redc1()
198 			prod_high = (word_t)(prod_high + (prod_low < carry));  in _nn_mul_redc1()
199 			out->val[j - 1] = (word_t)(prod_low + out->val[j]);  in _nn_mul_redc1()
200 			carry = (word_t)(prod_high + (out->val[j - 1] < prod_low));  in _nn_mul_redc1()
202 		out->val[j - 1] = (word_t)(carry + out->val[j]);  in _nn_mul_redc1()
203 		carry = (word_t)(out->val[j - 1] < out->val[j]);  in _nn_mul_redc1()
204 		out->val[j] = (word_t)(acc + carry);  in _nn_mul_redc1()
214 	out->wlen = old_wlen;  in _nn_mul_redc1()
284  * The function returns 0 on success, -1 on error.
297 		/* When p_in is even, we fallback to less efficient mul then mod */  in nn_mod_mul()