Lines Matching refs:out
143 static void bin66_to_felem(felem out, const u8 in[66]) in bin66_to_felem() argument
145 out[0] = (*((limb *) & in[0])) & bottom58bits; in bin66_to_felem()
146 out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits; in bin66_to_felem()
147 out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits; in bin66_to_felem()
148 out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits; in bin66_to_felem()
149 out[4] = (*((limb_aX *) & in[29])) & bottom58bits; in bin66_to_felem()
150 out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits; in bin66_to_felem()
151 out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits; in bin66_to_felem()
152 out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits; in bin66_to_felem()
153 out[8] = (*((limb_aX *) & in[58])) & bottom57bits; in bin66_to_felem()
160 static void felem_to_bin66(u8 out[66], const felem in) in felem_to_bin66()
162 memset(out, 0, 66); in felem_to_bin66()
163 (*((limb *) & out[0])) = in[0]; in felem_to_bin66()
164 (*((limb_aX *) & out[7])) |= in[1] << 2; in felem_to_bin66()
165 (*((limb_aX *) & out[14])) |= in[2] << 4; in felem_to_bin66()
166 (*((limb_aX *) & out[21])) |= in[3] << 6; in felem_to_bin66()
167 (*((limb_aX *) & out[29])) = in[4]; in felem_to_bin66()
168 (*((limb_aX *) & out[36])) |= in[5] << 2; in felem_to_bin66()
169 (*((limb_aX *) & out[43])) |= in[6] << 4; in felem_to_bin66()
170 (*((limb_aX *) & out[50])) |= in[7] << 6; in felem_to_bin66()
171 (*((limb_aX *) & out[58])) = in[8]; in felem_to_bin66()
175 static int BN_to_felem(felem out, const BIGNUM *bn) in BN_to_felem() argument
189 bin66_to_felem(out, b_out); in BN_to_felem()
194 static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) in felem_to_BN() argument
198 return BN_lebin2bn(b_out, sizeof(b_out), out); in felem_to_BN()
206 static void felem_one(felem out) in felem_one() argument
208 out[0] = 1; in felem_one()
209 out[1] = 0; in felem_one()
210 out[2] = 0; in felem_one()
211 out[3] = 0; in felem_one()
212 out[4] = 0; in felem_one()
213 out[5] = 0; in felem_one()
214 out[6] = 0; in felem_one()
215 out[7] = 0; in felem_one()
216 out[8] = 0; in felem_one()
219 static void felem_assign(felem out, const felem in) in felem_assign() argument
221 out[0] = in[0]; in felem_assign()
222 out[1] = in[1]; in felem_assign()
223 out[2] = in[2]; in felem_assign()
224 out[3] = in[3]; in felem_assign()
225 out[4] = in[4]; in felem_assign()
226 out[5] = in[5]; in felem_assign()
227 out[6] = in[6]; in felem_assign()
228 out[7] = in[7]; in felem_assign()
229 out[8] = in[8]; in felem_assign()
233 static void felem_sum64(felem out, const felem in) in felem_sum64() argument
235 out[0] += in[0]; in felem_sum64()
236 out[1] += in[1]; in felem_sum64()
237 out[2] += in[2]; in felem_sum64()
238 out[3] += in[3]; in felem_sum64()
239 out[4] += in[4]; in felem_sum64()
240 out[5] += in[5]; in felem_sum64()
241 out[6] += in[6]; in felem_sum64()
242 out[7] += in[7]; in felem_sum64()
243 out[8] += in[8]; in felem_sum64()
247 static void felem_scalar(felem out, const felem in, limb scalar) in felem_scalar() argument
249 out[0] = in[0] * scalar; in felem_scalar()
250 out[1] = in[1] * scalar; in felem_scalar()
251 out[2] = in[2] * scalar; in felem_scalar()
252 out[3] = in[3] * scalar; in felem_scalar()
253 out[4] = in[4] * scalar; in felem_scalar()
254 out[5] = in[5] * scalar; in felem_scalar()
255 out[6] = in[6] * scalar; in felem_scalar()
256 out[7] = in[7] * scalar; in felem_scalar()
257 out[8] = in[8] * scalar; in felem_scalar()
261 static void felem_scalar64(felem out, limb scalar) in felem_scalar64() argument
263 out[0] *= scalar; in felem_scalar64()
264 out[1] *= scalar; in felem_scalar64()
265 out[2] *= scalar; in felem_scalar64()
266 out[3] *= scalar; in felem_scalar64()
267 out[4] *= scalar; in felem_scalar64()
268 out[5] *= scalar; in felem_scalar64()
269 out[6] *= scalar; in felem_scalar64()
270 out[7] *= scalar; in felem_scalar64()
271 out[8] *= scalar; in felem_scalar64()
275 static void felem_scalar128(largefelem out, limb scalar) in felem_scalar128() argument
277 out[0] *= scalar; in felem_scalar128()
278 out[1] *= scalar; in felem_scalar128()
279 out[2] *= scalar; in felem_scalar128()
280 out[3] *= scalar; in felem_scalar128()
281 out[4] *= scalar; in felem_scalar128()
282 out[5] *= scalar; in felem_scalar128()
283 out[6] *= scalar; in felem_scalar128()
284 out[7] *= scalar; in felem_scalar128()
285 out[8] *= scalar; in felem_scalar128()
295 static void felem_neg(felem out, const felem in) in felem_neg() argument
301 out[0] = two62m3 - in[0]; in felem_neg()
302 out[1] = two62m2 - in[1]; in felem_neg()
303 out[2] = two62m2 - in[2]; in felem_neg()
304 out[3] = two62m2 - in[3]; in felem_neg()
305 out[4] = two62m2 - in[4]; in felem_neg()
306 out[5] = two62m2 - in[5]; in felem_neg()
307 out[6] = two62m2 - in[6]; in felem_neg()
308 out[7] = two62m2 - in[7]; in felem_neg()
309 out[8] = two62m2 - in[8]; in felem_neg()
319 static void felem_diff64(felem out, const felem in) in felem_diff64() argument
327 out[0] += two62m3 - in[0]; in felem_diff64()
328 out[1] += two62m2 - in[1]; in felem_diff64()
329 out[2] += two62m2 - in[2]; in felem_diff64()
330 out[3] += two62m2 - in[3]; in felem_diff64()
331 out[4] += two62m2 - in[4]; in felem_diff64()
332 out[5] += two62m2 - in[5]; in felem_diff64()
333 out[6] += two62m2 - in[6]; in felem_diff64()
334 out[7] += two62m2 - in[7]; in felem_diff64()
335 out[8] += two62m2 - in[8]; in felem_diff64()
345 static void felem_diff_128_64(largefelem out, const felem in) in felem_diff_128_64() argument
358 out[0] += two63m6 - in[0]; in felem_diff_128_64()
359 out[1] += two63m5 - in[1]; in felem_diff_128_64()
360 out[2] += two63m5 - in[2]; in felem_diff_128_64()
361 out[3] += two63m5 - in[3]; in felem_diff_128_64()
362 out[4] += two63m5 - in[4]; in felem_diff_128_64()
363 out[5] += two63m5 - in[5]; in felem_diff_128_64()
364 out[6] += two63m5 - in[6]; in felem_diff_128_64()
365 out[7] += two63m5 - in[7]; in felem_diff_128_64()
366 out[8] += two63m5 - in[8]; in felem_diff_128_64()
376 static void felem_diff128(largefelem out, const largefelem in) in felem_diff128() argument
386 out[0] += (two127m70 - in[0]); in felem_diff128()
387 out[1] += (two127m69 - in[1]); in felem_diff128()
388 out[2] += (two127m69 - in[2]); in felem_diff128()
389 out[3] += (two127m69 - in[3]); in felem_diff128()
390 out[4] += (two127m69 - in[4]); in felem_diff128()
391 out[5] += (two127m69 - in[5]); in felem_diff128()
392 out[6] += (two127m69 - in[6]); in felem_diff128()
393 out[7] += (two127m69 - in[7]); in felem_diff128()
394 out[8] += (two127m69 - in[8]); in felem_diff128()
404 static void felem_square_ref(largefelem out, const felem in) in felem_square_ref() argument
421 out[0] = ((uint128_t) in[0]) * in[0]; in felem_square_ref()
422 out[1] = ((uint128_t) in[0]) * inx2[1]; in felem_square_ref()
423 out[2] = ((uint128_t) in[0]) * inx2[2] + ((uint128_t) in[1]) * in[1]; in felem_square_ref()
424 out[3] = ((uint128_t) in[0]) * inx2[3] + ((uint128_t) in[1]) * inx2[2]; in felem_square_ref()
425 out[4] = ((uint128_t) in[0]) * inx2[4] + in felem_square_ref()
427 out[5] = ((uint128_t) in[0]) * inx2[5] + in felem_square_ref()
429 out[6] = ((uint128_t) in[0]) * inx2[6] + in felem_square_ref()
432 out[7] = ((uint128_t) in[0]) * inx2[7] + in felem_square_ref()
435 out[8] = ((uint128_t) in[0]) * inx2[8] + in felem_square_ref()
450 out[0] += ((uint128_t) in[1]) * inx4[8] + in felem_square_ref()
455 out[1] += ((uint128_t) in[2]) * inx4[8] + in felem_square_ref()
460 out[2] += ((uint128_t) in[3]) * inx4[8] + in felem_square_ref()
464 out[3] += ((uint128_t) in[4]) * inx4[8] + in felem_square_ref()
468 out[4] += ((uint128_t) in[5]) * inx4[8] + ((uint128_t) in[6]) * inx4[7]; in felem_square_ref()
471 out[5] += ((uint128_t) in[6]) * inx4[8] + ((uint128_t) in[7]) * inx2[7]; in felem_square_ref()
474 out[6] += ((uint128_t) in[7]) * inx4[8]; in felem_square_ref()
477 out[7] += ((uint128_t) in[8]) * inx2[8]; in felem_square_ref()
488 static void felem_mul_ref(largefelem out, const felem in1, const felem in2) in felem_mul_ref() argument
493 out[0] = ((uint128_t) in1[0]) * in2[0]; in felem_mul_ref()
495 out[1] = ((uint128_t) in1[0]) * in2[1] + in felem_mul_ref()
498 out[2] = ((uint128_t) in1[0]) * in2[2] + in felem_mul_ref()
502 out[3] = ((uint128_t) in1[0]) * in2[3] + in felem_mul_ref()
507 out[4] = ((uint128_t) in1[0]) * in2[4] + in felem_mul_ref()
513 out[5] = ((uint128_t) in1[0]) * in2[5] + in felem_mul_ref()
520 out[6] = ((uint128_t) in1[0]) * in2[6] + in felem_mul_ref()
528 out[7] = ((uint128_t) in1[0]) * in2[7] + in felem_mul_ref()
537 out[8] = ((uint128_t) in1[0]) * in2[8] + in felem_mul_ref()
549 out[0] += ((uint128_t) in1[1]) * in2x2[8] + in felem_mul_ref()
558 out[1] += ((uint128_t) in1[2]) * in2x2[8] + in felem_mul_ref()
566 out[2] += ((uint128_t) in1[3]) * in2x2[8] + in felem_mul_ref()
573 out[3] += ((uint128_t) in1[4]) * in2x2[8] + in felem_mul_ref()
579 out[4] += ((uint128_t) in1[5]) * in2x2[8] + in felem_mul_ref()
584 out[5] += ((uint128_t) in1[6]) * in2x2[8] + in felem_mul_ref()
588 out[6] += ((uint128_t) in1[7]) * in2x2[8] + in felem_mul_ref()
591 out[7] += ((uint128_t) in1[8]) * in2x2[8]; in felem_mul_ref()
603 static void felem_reduce(felem out, const largefelem in) in felem_reduce() argument
607 out[0] = ((limb) in[0]) & bottom58bits; in felem_reduce()
608 out[1] = ((limb) in[1]) & bottom58bits; in felem_reduce()
609 out[2] = ((limb) in[2]) & bottom58bits; in felem_reduce()
610 out[3] = ((limb) in[3]) & bottom58bits; in felem_reduce()
611 out[4] = ((limb) in[4]) & bottom58bits; in felem_reduce()
612 out[5] = ((limb) in[5]) & bottom58bits; in felem_reduce()
613 out[6] = ((limb) in[6]) & bottom58bits; in felem_reduce()
614 out[7] = ((limb) in[7]) & bottom58bits; in felem_reduce()
615 out[8] = ((limb) in[8]) & bottom58bits; in felem_reduce()
619 out[1] += ((limb) in[0]) >> 58; in felem_reduce()
620 out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6; in felem_reduce()
625 out[2] += ((limb) (in[0] >> 64)) >> 52; in felem_reduce()
627 out[2] += ((limb) in[1]) >> 58; in felem_reduce()
628 out[2] += (((limb) (in[1] >> 64)) & bottom52bits) << 6; in felem_reduce()
629 out[3] += ((limb) (in[1] >> 64)) >> 52; in felem_reduce()
631 out[3] += ((limb) in[2]) >> 58; in felem_reduce()
632 out[3] += (((limb) (in[2] >> 64)) & bottom52bits) << 6; in felem_reduce()
633 out[4] += ((limb) (in[2] >> 64)) >> 52; in felem_reduce()
635 out[4] += ((limb) in[3]) >> 58; in felem_reduce()
636 out[4] += (((limb) (in[3] >> 64)) & bottom52bits) << 6; in felem_reduce()
637 out[5] += ((limb) (in[3] >> 64)) >> 52; in felem_reduce()
639 out[5] += ((limb) in[4]) >> 58; in felem_reduce()
640 out[5] += (((limb) (in[4] >> 64)) & bottom52bits) << 6; in felem_reduce()
641 out[6] += ((limb) (in[4] >> 64)) >> 52; in felem_reduce()
643 out[6] += ((limb) in[5]) >> 58; in felem_reduce()
644 out[6] += (((limb) (in[5] >> 64)) & bottom52bits) << 6; in felem_reduce()
645 out[7] += ((limb) (in[5] >> 64)) >> 52; in felem_reduce()
647 out[7] += ((limb) in[6]) >> 58; in felem_reduce()
648 out[7] += (((limb) (in[6] >> 64)) & bottom52bits) << 6; in felem_reduce()
649 out[8] += ((limb) (in[6] >> 64)) >> 52; in felem_reduce()
651 out[8] += ((limb) in[7]) >> 58; in felem_reduce()
652 out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6; in felem_reduce()
666 out[0] += overflow1; /* out[0] < 2^60 */ in felem_reduce()
667 out[1] += overflow2; /* out[1] < 2^59 + 2^6 + 2^13 */ in felem_reduce()
669 out[1] += out[0] >> 58; in felem_reduce()
670 out[0] &= bottom58bits; in felem_reduce()
679 static void felem_square_wrapper(largefelem out, const felem in);
680 static void felem_mul_wrapper(largefelem out, const felem in1, const felem in2);
682 static void (*felem_square_p)(largefelem out, const felem in) =
684 static void (*felem_mul_p)(largefelem out, const felem in1, const felem in2) =
687 void p521_felem_square(largefelem out, const felem in);
688 void p521_felem_mul(largefelem out, const felem in1, const felem in2);
710 static void felem_square_wrapper(largefelem out, const felem in) in felem_square_wrapper() argument
713 felem_square_p(out, in); in felem_square_wrapper()
716 static void felem_mul_wrapper(largefelem out, const felem in1, const felem in2) in felem_mul_wrapper() argument
719 felem_mul_p(out, in1, in2); in felem_mul_wrapper()
729 static void felem_square_reduce(felem out, const felem in) in felem_square_reduce() argument
733 felem_reduce(out, tmp); in felem_square_reduce()
736 static void felem_mul_reduce(felem out, const felem in1, const felem in2) in felem_mul_reduce() argument
740 felem_reduce(out, tmp); in felem_mul_reduce()
751 static void felem_inv(felem out, const felem in) in felem_inv() argument
847 felem_reduce(out, tmp); /* 2^521 - 3 */ in felem_inv()
941 static void felem_contract(felem out, const felem in) in felem_contract() argument
946 felem_assign(out, in); in felem_contract()
948 out[0] += out[8] >> 57; in felem_contract()
949 out[8] &= bottom57bits; in felem_contract()
951 out[1] += out[0] >> 58; in felem_contract()
952 out[0] &= bottom58bits; in felem_contract()
953 out[2] += out[1] >> 58; in felem_contract()
954 out[1] &= bottom58bits; in felem_contract()
955 out[3] += out[2] >> 58; in felem_contract()
956 out[2] &= bottom58bits; in felem_contract()
957 out[4] += out[3] >> 58; in felem_contract()
958 out[3] &= bottom58bits; in felem_contract()
959 out[5] += out[4] >> 58; in felem_contract()
960 out[4] &= bottom58bits; in felem_contract()
961 out[6] += out[5] >> 58; in felem_contract()
962 out[5] &= bottom58bits; in felem_contract()
963 out[7] += out[6] >> 58; in felem_contract()
964 out[6] &= bottom58bits; in felem_contract()
965 out[8] += out[7] >> 58; in felem_contract()
966 out[7] &= bottom58bits; in felem_contract()
979 is_p = out[0] ^ kPrime[0]; in felem_contract()
980 is_p |= out[1] ^ kPrime[1]; in felem_contract()
981 is_p |= out[2] ^ kPrime[2]; in felem_contract()
982 is_p |= out[3] ^ kPrime[3]; in felem_contract()
983 is_p |= out[4] ^ kPrime[4]; in felem_contract()
984 is_p |= out[5] ^ kPrime[5]; in felem_contract()
985 is_p |= out[6] ^ kPrime[6]; in felem_contract()
986 is_p |= out[7] ^ kPrime[7]; in felem_contract()
987 is_p |= out[8] ^ kPrime[8]; in felem_contract()
1001 out[0] &= is_p; in felem_contract()
1002 out[1] &= is_p; in felem_contract()
1003 out[2] &= is_p; in felem_contract()
1004 out[3] &= is_p; in felem_contract()
1005 out[4] &= is_p; in felem_contract()
1006 out[5] &= is_p; in felem_contract()
1007 out[6] &= is_p; in felem_contract()
1008 out[7] &= is_p; in felem_contract()
1009 out[8] &= is_p; in felem_contract()
1015 is_greater = out[8] >> 57; in felem_contract()
1024 out[0] -= kPrime[0] & is_greater; in felem_contract()
1025 out[1] -= kPrime[1] & is_greater; in felem_contract()
1026 out[2] -= kPrime[2] & is_greater; in felem_contract()
1027 out[3] -= kPrime[3] & is_greater; in felem_contract()
1028 out[4] -= kPrime[4] & is_greater; in felem_contract()
1029 out[5] -= kPrime[5] & is_greater; in felem_contract()
1030 out[6] -= kPrime[6] & is_greater; in felem_contract()
1031 out[7] -= kPrime[7] & is_greater; in felem_contract()
1032 out[8] -= kPrime[8] & is_greater; in felem_contract()
1035 sign = -(out[0] >> 63); in felem_contract()
1036 out[0] += (two58 & sign); in felem_contract()
1037 out[1] -= (1 & sign); in felem_contract()
1038 sign = -(out[1] >> 63); in felem_contract()
1039 out[1] += (two58 & sign); in felem_contract()
1040 out[2] -= (1 & sign); in felem_contract()
1041 sign = -(out[2] >> 63); in felem_contract()
1042 out[2] += (two58 & sign); in felem_contract()
1043 out[3] -= (1 & sign); in felem_contract()
1044 sign = -(out[3] >> 63); in felem_contract()
1045 out[3] += (two58 & sign); in felem_contract()
1046 out[4] -= (1 & sign); in felem_contract()
1047 sign = -(out[4] >> 63); in felem_contract()
1048 out[4] += (two58 & sign); in felem_contract()
1049 out[5] -= (1 & sign); in felem_contract()
1050 sign = -(out[0] >> 63); in felem_contract()
1051 out[5] += (two58 & sign); in felem_contract()
1052 out[6] -= (1 & sign); in felem_contract()
1053 sign = -(out[6] >> 63); in felem_contract()
1054 out[6] += (two58 & sign); in felem_contract()
1055 out[7] -= (1 & sign); in felem_contract()
1056 sign = -(out[7] >> 63); in felem_contract()
1057 out[7] += (two58 & sign); in felem_contract()
1058 out[8] -= (1 & sign); in felem_contract()
1059 sign = -(out[5] >> 63); in felem_contract()
1060 out[5] += (two58 & sign); in felem_contract()
1061 out[6] -= (1 & sign); in felem_contract()
1062 sign = -(out[6] >> 63); in felem_contract()
1063 out[6] += (two58 & sign); in felem_contract()
1064 out[7] -= (1 & sign); in felem_contract()
1065 sign = -(out[7] >> 63); in felem_contract()
1066 out[7] += (two58 & sign); in felem_contract()
1067 out[8] -= (1 & sign); in felem_contract()
1185 static void copy_conditional(felem out, const felem in, limb mask) in copy_conditional() argument
1189 const limb tmp = mask & (in[i] ^ out[i]); in copy_conditional()
1190 out[i] ^= tmp; in copy_conditional()
1546 const felem pre_comp[][3], felem out[3]) in select_point()
1549 limb *outlimbs = &out[0][0]; in select_point()
1551 memset(out, 0, sizeof(*out) * 3); in select_point()
