Lines Matching defs:mod
477 /* Computes result = (left + right) % mod.
478 * Assumes that left < mod and right < mod, result != mod.
481 const u64 *mod, unsigned int ndigits)
487 /* result > mod (result = mod + remainder), so subtract mod to
490 if (carry || vli_cmp(result, mod, ndigits) >= 0)
491 vli_sub(result, result, mod, ndigits);
494 /* Computes result = (left - right) % mod.
495 * Assumes that left < mod and right < mod, result != mod.
498 const u64 *mod, unsigned int ndigits)
504 * result + mod (with overflow).
507 vli_add(result, result, mod, ndigits);
511 * Computes result = product % mod
517 * Algorithm 9.2.13 (Fast mod operation for special-form moduli).
520 const u64 *mod, unsigned int ndigits)
522 u64 c = -mod[0];
532 vli_set(t, mod, ndigits);
540 * Computes result = product % mod
554 const u64 *mod, unsigned int ndigits)
556 u64 c2 = mod[0] * 2;
559 u64 m[ECC_MAX_DIGITS * 2]; /* expanded mod */
563 vli_set(m, mod, ndigits);
578 vli_uadd(qc, qc, mod[0], ndigits * 2);
598 * Computes result = product % mod, where product is 2N words long.
602 static void vli_mmod_slow(u64 *result, u64 *product, const u64 *mod,
610 /* Shift mod so its highest set bit is at the maximum position. */
611 int shift = (ndigits * 2 * 64) - vli_num_bits(mod, ndigits);
618 mod_m[word_shift + i] = (mod[i] << bit_shift) | carry;
619 carry = mod[i] >> (64 - bit_shift);
622 vli_set(mod_m + word_shift, mod, ndigits);
643 /* Computes result = product % mod using Barrett's reduction with precomputed
644 * value mu appended to the mod after ndigits, mu = (2^{2w} / mod) and have
652 static void vli_mmod_barrett(u64 *result, u64 *product, const u64 *mod,
657 const u64 *mu = mod + ndigits;
662 vli_mult(r, mod, q + ndigits, ndigits);
665 vli_cmp(r, mod, ndigits) != -1) {
668 carry = vli_sub(r, r, mod, ndigits);
941 /* Computes result = (left * right) % mod.
942 * Assumes that mod is big enough curve order.
945 const u64 *mod, unsigned int ndigits)
950 vli_mmod_slow(result, product, mod, ndigits);
975 /* Computes result = (1 / p_input) % mod. All VLIs are the same size.
979 void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
993 vli_set(b, mod, ndigits);
1005 carry = vli_add(u, u, mod, ndigits);
1014 carry = vli_add(v, v, mod, ndigits);
1024 vli_add(u, u, mod, ndigits);
1028 carry = vli_add(u, u, mod, ndigits);
1038 vli_add(v, v, mod, ndigits);
1042 carry = vli_add(v, v, mod, ndigits);
1327 /* Computes R = P + Q mod p */
1347 /* Computes R = u1P + u2Q mod p using Shamir's trick.
1447 * d = (c mod(n–1)) + 1 where c is a string of random bits, 64 bits longer
1449 * 0 <= c mod(n-1) <= n-2 and implies that
1554 /* Check 3: Verify that y^2 == (x^3 + a·x + b) mod p */