Lines Matching defs:mod
488 /* Computes result = (left + right) % mod.
489 * Assumes that left < mod and right < mod, result != mod.
492 const u64 *mod, unsigned int ndigits)
498 /* result > mod (result = mod + remainder), so subtract mod to
501 if (carry || vli_cmp(result, mod, ndigits) >= 0)
502 vli_sub(result, result, mod, ndigits);
505 /* Computes result = (left - right) % mod.
506 * Assumes that left < mod and right < mod, result != mod.
509 const u64 *mod, unsigned int ndigits)
515 * result + mod (with overflow).
518 vli_add(result, result, mod, ndigits);
522 * Computes result = product % mod
528 * Algorithm 9.2.13 (Fast mod operation for special-form moduli).
531 const u64 *mod, unsigned int ndigits)
533 u64 c = -mod[0];
543 vli_set(t, mod, ndigits);
551 * Computes result = product % mod
565 const u64 *mod, unsigned int ndigits)
567 u64 c2 = mod[0] * 2;
570 u64 m[ECC_MAX_DIGITS * 2]; /* expanded mod */
574 vli_set(m, mod, ndigits);
589 vli_uadd(qc, qc, mod[0], ndigits * 2);
609 * Computes result = product % mod, where product is 2N words long.
613 static void vli_mmod_slow(u64 *result, u64 *product, const u64 *mod,
621 /* Shift mod so its highest set bit is at the maximum position. */
622 int shift = (ndigits * 2 * 64) - vli_num_bits(mod, ndigits);
629 mod_m[word_shift + i] = (mod[i] << bit_shift) | carry;
630 carry = mod[i] >> (64 - bit_shift);
633 vli_set(mod_m + word_shift, mod, ndigits);
654 /* Computes result = product % mod using Barrett's reduction with precomputed
655 * value mu appended to the mod after ndigits, mu = (2^{2w} / mod) and have
663 static void vli_mmod_barrett(u64 *result, u64 *product, const u64 *mod,
668 const u64 *mu = mod + ndigits;
673 vli_mult(r, mod, q + ndigits, ndigits);
676 vli_cmp(r, mod, ndigits) != -1) {
679 carry = vli_sub(r, r, mod, ndigits);
952 /* Computes result = (left * right) % mod.
953 * Assumes that mod is big enough curve order.
956 const u64 *mod, unsigned int ndigits)
961 vli_mmod_slow(result, product, mod, ndigits);
986 /* Computes result = (1 / p_input) % mod. All VLIs are the same size.
990 void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
1004 vli_set(b, mod, ndigits);
1016 carry = vli_add(u, u, mod, ndigits);
1025 carry = vli_add(v, v, mod, ndigits);
1035 vli_add(u, u, mod, ndigits);
1039 carry = vli_add(u, u, mod, ndigits);
1049 vli_add(v, v, mod, ndigits);
1053 carry = vli_add(v, v, mod, ndigits);
1339 /* Computes R = P + Q mod p */
1359 /* Computes R = u1P + u2Q mod p using Shamir's trick.
1461 * d = (c mod(n–1)) + 1 where c is a string of random bits, 64 bits longer
1463 * 0 <= c mod(n-1) <= n-2 and implies that
1568 /* Check 3: Verify that y^2 == (x^3 + a·x + b) mod p */