Lines Matching defs:out
129 static void bin32_to_felem(felem out, const u8 in[32])
131 out[0] = *((u64 *)&in[0]);
132 out[1] = *((u64 *)&in[8]);
133 out[2] = *((u64 *)&in[16]);
134 out[3] = *((u64 *)&in[24]);
141 static void smallfelem_to_bin32(u8 out[32], const smallfelem in)
143 *((u64 *)&out[0]) = in[0];
144 *((u64 *)&out[8]) = in[1];
145 *((u64 *)&out[16]) = in[2];
146 *((u64 *)&out[24]) = in[3];
150 static int BN_to_felem(felem out, const BIGNUM *bn)
164 bin32_to_felem(out, b_out);
169 static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in)
173 return BN_lebin2bn(b_out, sizeof(b_out), out);
181 static void smallfelem_one(smallfelem out)
183 out[0] = 1;
184 out[1] = 0;
185 out[2] = 0;
186 out[3] = 0;
189 static void smallfelem_assign(smallfelem out, const smallfelem in)
191 out[0] = in[0];
192 out[1] = in[1];
193 out[2] = in[2];
194 out[3] = in[3];
197 static void felem_assign(felem out, const felem in)
199 out[0] = in[0];
200 out[1] = in[1];
201 out[2] = in[2];
202 out[3] = in[3];
205 /* felem_sum sets out = out + in. */
206 static void felem_sum(felem out, const felem in)
208 out[0] += in[0];
209 out[1] += in[1];
210 out[2] += in[2];
211 out[3] += in[3];
214 /* felem_small_sum sets out = out + in. */
215 static void felem_small_sum(felem out, const smallfelem in)
217 out[0] += in[0];
218 out[1] += in[1];
219 out[2] += in[2];
220 out[3] += in[3];
223 /* felem_scalar sets out = out * scalar */
224 static void felem_scalar(felem out, const u64 scalar)
226 out[0] *= scalar;
227 out[1] *= scalar;
228 out[2] *= scalar;
229 out[3] *= scalar;
232 /* longfelem_scalar sets out = out * scalar */
233 static void longfelem_scalar(longfelem out, const u64 scalar)
235 out[0] *= scalar;
236 out[1] *= scalar;
237 out[2] *= scalar;
238 out[3] *= scalar;
239 out[4] *= scalar;
240 out[5] *= scalar;
241 out[6] *= scalar;
242 out[7] *= scalar;
254 * smallfelem_neg sets |out| to |-small|
256 * out[i] < out[i] + 2^105
258 static void smallfelem_neg(felem out, const smallfelem small)
261 out[0] = zero105[0] - small[0];
262 out[1] = zero105[1] - small[1];
263 out[2] = zero105[2] - small[2];
264 out[3] = zero105[3] - small[3];
268 * felem_diff subtracts |in| from |out|
272 * out[i] < out[i] + 2^105
274 static void felem_diff(felem out, const felem in)
279 out[0] += zero105[0];
280 out[1] += zero105[1];
281 out[2] += zero105[2];
282 out[3] += zero105[3];
284 out[0] -= in[0];
285 out[1] -= in[1];
286 out[2] -= in[2];
287 out[3] -= in[3];
300 * felem_diff_zero107 subtracts |in| from |out|
304 * out[i] < out[i] + 2^107
306 static void felem_diff_zero107(felem out, const felem in)
311 out[0] += zero107[0];
312 out[1] += zero107[1];
313 out[2] += zero107[2];
314 out[3] += zero107[3];
316 out[0] -= in[0];
317 out[1] -= in[1];
318 out[2] -= in[2];
319 out[3] -= in[3];
323 * longfelem_diff subtracts |in| from |out|
327 * out[i] < out[i] + 2^70 + 2^40
329 static void longfelem_diff(longfelem out, const longfelem in)
341 out[0] += two70m8p6;
342 out[1] += two70p40;
343 out[2] += two70;
344 out[3] += two70m40m38p6;
345 out[4] += two70m6;
346 out[5] += two70m6;
347 out[6] += two70m6;
348 out[7] += two70m6;
351 out[0] -= in[0];
352 out[1] -= in[1];
353 out[2] -= in[2];
354 out[3] -= in[3];
355 out[4] -= in[4];
356 out[5] -= in[5];
357 out[6] -= in[6];
358 out[7] -= in[7];
376 * out[i] < 2^64
378 static void felem_shrink(smallfelem out, const felem in)
463 out[0] = tmp[0];
464 out[1] = tmp[1];
465 out[2] = tmp[2];
466 out[3] = tmp[3];
470 static void smallfelem_expand(felem out, const smallfelem in)
472 out[0] = in[0];
473 out[1] = in[1];
474 out[2] = in[2];
475 out[3] = in[3];
479 * smallfelem_square sets |out| = |small|^2
483 * out[i] < 7 * 2^64 < 2^67
485 static void smallfelem_square(longfelem out, const smallfelem small)
493 out[0] = low;
494 out[1] = high;
499 out[1] += low;
500 out[1] += low;
501 out[2] = high;
506 out[2] += low;
507 out[2] *= 2;
508 out[3] = high;
513 out[3] += low;
514 out[4] = high;
519 out[3] += low;
520 out[3] *= 2;
521 out[4] += high;
526 out[2] += low;
527 out[3] += high;
532 out[4] += low;
533 out[4] *= 2;
534 out[5] = high;
539 out[5] += low;
540 out[5] *= 2;
541 out[6] = high;
542 out[6] += high;
547 out[4] += low;
548 out[5] += high;
553 out[6] += low;
554 out[7] = high;
558 * felem_square sets |out| = |in|^2
562 * out[i] < 7 * 2^64 < 2^67
564 static void felem_square(longfelem out, const felem in)
568 smallfelem_square(out, small);
572 * smallfelem_mul sets |out| = |small1| * |small2|
577 * out[i] < 7 * 2^64 < 2^67
579 static void smallfelem_mul(longfelem out, const smallfelem small1,
588 out[0] = low;
589 out[1] = high;
594 out[1] += low;
595 out[2] = high;
600 out[1] += low;
601 out[2] += high;
606 out[2] += low;
607 out[3] = high;
612 out[2] += low;
613 out[3] += high;
618 out[2] += low;
619 out[3] += high;
624 out[3] += low;
625 out[4] = high;
630 out[3] += low;
631 out[4] += high;
636 out[3] += low;
637 out[4] += high;
642 out[3] += low;
643 out[4] += high;
648 out[4] += low;
649 out[5] = high;
654 out[4] += low;
655 out[5] += high;
660 out[4] += low;
661 out[5] += high;
666 out[5] += low;
667 out[6] = high;
672 out[5] += low;
673 out[6] += high;
678 out[6] += low;
679 out[7] = high;
683 * felem_mul sets |out| = |in1| * |in2|
688 * out[i] < 7 * 2^64 < 2^67
690 static void felem_mul(longfelem out, const felem in1, const felem in2)
695 smallfelem_mul(out, small1, small2);
699 * felem_small_mul sets |out| = |small1| * |in2|
704 * out[i] < 7 * 2^64 < 2^67
706 static void felem_small_mul(longfelem out, const smallfelem small1,
711 smallfelem_mul(out, small1, small2);
725 * out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7]
726 * out[1] >= in[7] + 2^32*in[4]
727 * out[2] >= in[5] + 2^32*in[5]
728 * out[3] >= in[4] + 2^32*in[5] + 2^32*in[6]
730 * out[0] <= out[0] + in[4] + 2^32*in[5]
731 * out[1] <= out[1] + in[5] + 2^33*in[6]
732 * out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7]
733 * out[3] <= out[3] + 2^32*in[4] + 3*in[7]
735 static void felem_reduce_(felem out, const longfelem in)
740 out[0] += c;
741 out[3] -= c;
744 out[1] += c;
745 out[2] -= c;
749 out[1] -= (in[4] << 32);
750 out[3] += (in[4] << 32);
753 out[2] -= (in[5] << 32);
756 out[0] -= in[6];
757 out[0] -= (in[6] << 32);
758 out[1] += (in[6] << 33);
759 out[2] += (in[6] * 2);
760 out[3] -= (in[6] << 32);
763 out[0] -= in[7];
764 out[0] -= (in[7] << 32);
765 out[2] += (in[7] << 33);
766 out[3] += (in[7] * 3);
776 * out[i] < 2^101
778 static void felem_reduce(felem out, const longfelem in)
780 out[0] = zero100[0] + in[0];
781 out[1] = zero100[1] + in[1];
782 out[2] = zero100[2] + in[2];
783 out[3] = zero100[3] + in[3];
785 felem_reduce_(out, in);
788 * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0
789 * out[1] > 2^100 - 2^64 - 7*2^96 > 0
790 * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0
791 * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0
793 * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101
794 * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101
795 * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101
796 * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101
805 * out[i] < 2^106
807 static void felem_reduce_zero105(felem out, const longfelem in)
809 out[0] = zero105[0] + in[0];
810 out[1] = zero105[1] + in[1];
811 out[2] = zero105[2] + in[2];
812 out[3] = zero105[3] + in[3];
814 felem_reduce_(out, in);
817 * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
818 * out[1] > 2^105 - 2^71 - 2^103 > 0
819 * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0
820 * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0
822 * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
823 * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
824 * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106
825 * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
845 static void felem_contract(smallfelem out, const felem in)
850 felem_shrink(out, in);
855 * We are doing a constant time test if out >= kPrime. We need to compare
862 uint128_t a = ((uint128_t) kPrime[i]) - out[i];
864 * if out[i] > kPrime[i] then a will underflow and the high 64-bits
870 * if kPrime[i] == out[i] then |equal| will be all zeros and the
873 equal = kPrime[i] ^ out[i];
888 * and so out >= kPrime is true.
892 /* if out >= kPrime then we subtract kPrime. */
893 subtract_u64(&out[0], &carry, result & kPrime[0]);
894 subtract_u64(&out[1], &carry, carry);
895 subtract_u64(&out[2], &carry, carry);
896 subtract_u64(&out[3], &carry, carry);
898 subtract_u64(&out[1], &carry, result & kPrime[1]);
899 subtract_u64(&out[2], &carry, carry);
900 subtract_u64(&out[3], &carry, carry);
902 subtract_u64(&out[2], &carry, result & kPrime[2]);
903 subtract_u64(&out[3], &carry, carry);
905 subtract_u64(&out[3], &carry, result & kPrime[3]);
908 static void smallfelem_square_contract(smallfelem out, const smallfelem in)
915 felem_contract(out, tmp);
918 static void smallfelem_mul_contract(smallfelem out, const smallfelem in1,
926 felem_contract(out, tmp);
975 * felem_inv calculates |out| = |in|^{-1}
982 static void felem_inv(felem out, const felem in)
1073 felem_reduce(out, tmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */
1076 static void smallfelem_inv_contract(smallfelem out, const smallfelem in)
1082 felem_contract(out, tmp);
1203 /* copy_conditional copies in to out iff mask is all ones. */
1204 static void copy_conditional(felem out, const felem in, limb mask)
1208 const limb tmp = mask & (in[i] ^ out[i]);
1209 out[i] ^= tmp;
1213 /* copy_small_conditional copies in to out iff mask is all ones. */
1214 static void copy_small_conditional(felem out, const smallfelem in, limb mask)
1219 out[i] = ((limb) (in[i] & mask64)) | (out[i] & ~mask);
1634 * copies it to out.
1637 const smallfelem pre_comp[16][3], smallfelem out[3])
1640 u64 *outlimbs = &out[0][0];
1642 memset(out, 0, sizeof(*out) * 3);