| /third_party/node/deps/openssl/openssl/crypto/ec/curve448/arch_32/ |
| H A D | f_impl.h | 28 out->limb[i] = a->limb[i] + b->limb[i]; in gf_add_RAW()
36 out->limb[i] = a->limb[i] - b->limb[i]; in gf_sub_RAW()
45 a->limb[i] += (i == NLIMBS / 2) ? co2 : co1; in gf_bias()
51 uint32_t tmp = a->limb[NLIMBS - 1] >> 28; in gf_weak_reduce()
54 a->limb[NLIMBS / 2] += tmp; in gf_weak_reduce()
56 a->limb[ in gf_weak_reduce()
[all...] |
| H A D | f_impl32.c | 26 const uint32_t *a = as->limb, *b = bs->limb; in gf_mul()
27 uint32_t *c = cs->limb; in gf_mul()
75 const uint32_t *a = as->limb; in gf_mulw_unsigned()
76 uint32_t *c = cs->limb; in gf_mulw_unsigned()
|
| /third_party/openssl/crypto/ec/curve448/arch_32/ |
| H A D | f_impl.h | 28 out->limb[i] = a->limb[i] + b->limb[i]; in gf_add_RAW()
36 out->limb[i] = a->limb[i] - b->limb[i]; in gf_sub_RAW()
45 a->limb[i] += (i == NLIMBS / 2) ? co2 : co1; in gf_bias()
51 uint32_t tmp = a->limb[NLIMBS - 1] >> 28; in gf_weak_reduce()
54 a->limb[NLIMBS / 2] += tmp; in gf_weak_reduce()
56 a->limb[ in gf_weak_reduce()
[all...] |
| H A D | f_impl32.c | 26 const uint32_t *a = as->limb, *b = bs->limb; in gf_mul()
27 uint32_t *c = cs->limb; in gf_mul()
75 const uint32_t *a = as->limb; in gf_mulw_unsigned()
76 uint32_t *c = cs->limb; in gf_mulw_unsigned()
|
| /third_party/node/deps/openssl/openssl/crypto/ec/curve448/arch_64/ |
| H A D | f_impl.h | 26 out->limb[i] = a->limb[i] + b->limb[i]; in gf_add_RAW()
37 out->limb[i] = a->limb[i] - b->limb[i] + ((i == NLIMBS / 2) ? co2 : co1); in gf_sub_RAW()
49 uint64_t tmp = a->limb[NLIMBS - 1] >> 56; in gf_weak_reduce()
52 a->limb[NLIMBS / 2] += tmp; in gf_weak_reduce()
54 a->limb[i] = (a->limb[ in gf_weak_reduce()
[all...] |
| H A D | f_impl64.c | 26 const uint64_t *a = as->limb, *b = bs->limb; in gf_mul()
27 uint64_t *c = cs->limb; in gf_mul()
78 const uint64_t *a = as->limb; in gf_mulw_unsigned()
79 uint64_t *c = cs->limb; in gf_mulw_unsigned()
104 const uint64_t *a = as->limb; in gf_sqr()
105 uint64_t *c = cs->limb; in gf_sqr()
|
| /third_party/openssl/crypto/ec/curve448/arch_64/ |
| H A D | f_impl.h | 26 out->limb[i] = a->limb[i] + b->limb[i]; in gf_add_RAW()
37 out->limb[i] = a->limb[i] - b->limb[i] + ((i == NLIMBS / 2) ? co2 : co1); in gf_sub_RAW()
49 uint64_t tmp = a->limb[NLIMBS - 1] >> 56; in gf_weak_reduce()
52 a->limb[NLIMBS / 2] += tmp; in gf_weak_reduce()
54 a->limb[i] = (a->limb[ in gf_weak_reduce()
[all...] |
| H A D | f_impl64.c | 26 const uint64_t *a = as->limb, *b = bs->limb; in gf_mul()
27 uint64_t *c = cs->limb; in gf_mul()
78 const uint64_t *a = as->limb; in gf_mulw_unsigned()
79 uint64_t *c = cs->limb; in gf_mulw_unsigned()
104 const uint64_t *a = as->limb; in gf_sqr()
105 uint64_t *c = cs->limb; in gf_sqr()
|
| /third_party/node/deps/openssl/openssl/crypto/ec/curve448/ |
| H A D | scalar.c | 58 chain = (chain + accum[i]) - sub->limb[i]; in sc_subx()
59 out->limb[i] = (c448_word_t)chain; in sc_subx()
66 chain = (chain + out->limb[i]) + (p->limb[i] & borrow); in sc_subx()
67 out->limb[i] = (c448_word_t)chain; in sc_subx()
80 c448_word_t mand = a->limb[i]; in sc_montmul()
81 const c448_word_t *mier = b->limb; in sc_montmul()
93 mier = sc_p->limb; in sc_montmul()
120 sc_subx(out, a->limb, b, sc_p, 0); in ossl_curve448_scalar_sub()
131 chain = (chain + a->limb[ in ossl_curve448_scalar_add()
[all...] |
| H A D | f_generic.c | 35 buffer |= ((dword_t) red->limb[LIMBPERM(j)]) << fill; in gf_serialize()
52 return 0 - (y->limb[0] & 1); in gf_hibit()
62 return 0 - (y->limb[0] & 1); in gf_lobit()
87 x->limb[LIMBPERM(i)] = (word_t) in gf_deserialize()
92 (scarry + x->limb[LIMBPERM(i)] - in gf_deserialize()
93 MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t)); in gf_deserialize()
115 scarry = scarry + a->limb[LIMBPERM(i)] - MODULUS->limb[LIMBPERM(i)]; in gf_strong_reduce()
116 a->limb[LIMBPERM(i)] = scarry & LIMB_MASK(LIMBPERM(i)); in gf_strong_reduce()
132 carry + a->limb[LIMBPER in gf_strong_reduce()
[all...] |
| H A D | field.h | 36 word_t limb[NLIMBS]; member
139 x[0].limb[i] = constant_time_select_32(is_z, z[0].limb[i], in gf_cond_sel()
140 y[0].limb[i]); in gf_cond_sel()
143 x[0].limb[i] = constant_time_select_64(is_z, z[0].limb[i], in gf_cond_sel()
144 y[0].limb[i]); in gf_cond_sel()
165 constant_time_cond_swap_32(swap, &(x[0].limb[i]), &(y->limb[i])); in gf_cond_swap()
168 constant_time_cond_swap_64(swap, &(x[0].limb[ in gf_cond_swap()
[all...] |
| H A D | curve448.c | 256 (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k; in ossl_curve448_precomputed_scalarmul()
559 uint64_t current = scalar->limb[0] & 0xFFFF; in recode_wnaf()
562 const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2; in recode_wnaf()
579 current += (uint32_t)((scalar->limb[w / B_OVER_16] in recode_wnaf()
|
| /third_party/openssl/crypto/ec/curve448/ |
| H A D | scalar.c | 58 chain = (chain + accum[i]) - sub->limb[i]; in sc_subx()
59 out->limb[i] = (c448_word_t)chain; in sc_subx()
66 chain = (chain + out->limb[i]) + (p->limb[i] & borrow); in sc_subx()
67 out->limb[i] = (c448_word_t)chain; in sc_subx()
80 c448_word_t mand = a->limb[i]; in sc_montmul()
81 const c448_word_t *mier = b->limb; in sc_montmul()
93 mier = sc_p->limb; in sc_montmul()
120 sc_subx(out, a->limb, b, sc_p, 0); in ossl_curve448_scalar_sub()
131 chain = (chain + a->limb[ in ossl_curve448_scalar_add()
[all...] |
| H A D | f_generic.c | 35 buffer |= ((dword_t) red->limb[LIMBPERM(j)]) << fill; in gf_serialize()
52 return 0 - (y->limb[0] & 1); in gf_hibit()
62 return 0 - (y->limb[0] & 1); in gf_lobit()
87 x->limb[LIMBPERM(i)] = (word_t) in gf_deserialize()
92 (scarry + x->limb[LIMBPERM(i)] - in gf_deserialize()
93 MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t)); in gf_deserialize()
115 scarry = scarry + a->limb[LIMBPERM(i)] - MODULUS->limb[LIMBPERM(i)]; in gf_strong_reduce()
116 a->limb[LIMBPERM(i)] = scarry & LIMB_MASK(LIMBPERM(i)); in gf_strong_reduce()
132 carry + a->limb[LIMBPER in gf_strong_reduce()
[all...] |
| H A D | field.h | 36 word_t limb[NLIMBS]; member
139 x[0].limb[i] = constant_time_select_32(is_z, z[0].limb[i], in gf_cond_sel()
140 y[0].limb[i]); in gf_cond_sel()
143 x[0].limb[i] = constant_time_select_64(is_z, z[0].limb[i], in gf_cond_sel()
144 y[0].limb[i]); in gf_cond_sel()
165 constant_time_cond_swap_32(swap, &(x[0].limb[i]), &(y->limb[i])); in gf_cond_swap()
168 constant_time_cond_swap_64(swap, &(x[0].limb[ in gf_cond_swap()
[all...] |
| H A D | curve448.c | 256 (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k; in ossl_curve448_precomputed_scalarmul()
559 uint64_t current = scalar->limb[0] & 0xFFFF; in recode_wnaf()
562 const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2; in recode_wnaf()
579 current += (uint32_t)((scalar->limb[w / B_OVER_16] in recode_wnaf()
|
| /third_party/node/deps/openssl/openssl/crypto/ec/ |
| H A D | ecp_nistp521.c | 122 * Each of the nine values is called a 'limb'. Since the limbs are spaced only
124 * bits of each limb overlap with the least significant bits of the next.
131 typedef uint64_t limb; typedef
132 typedef limb limb_aX __attribute((__aligned__(1)));
133 typedef limb felem[NLIMBS];
136 static const limb bottom57bits = 0x1ffffffffffffff;
137 static const limb bottom58bits = 0x3ffffffffffffff;
145 out[0] = (*((limb *) & in[0])) & bottom58bits; in bin66_to_felem()
163 (*((limb *) & out[0])) = in[0]; in felem_to_bin66()
247 static void felem_scalar(felem out, const felem in, limb scala
[all...] |
| H A D | ecp_nistp256.c | 103 * apart, but are 128-bits wide, the most significant bits of each limb overlap
115 typedef uint128_t limb; typedef
116 typedef limb felem[NLIMBS];
117 typedef limb longfelem[NLIMBS * 2];
245 #define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9)
246 #define two105 (((limb)1) << 105)
247 #define two105m41p9 (((limb)1) << 105) - (((limb)
[all...] |
| H A D | ecp_nistp224.c | 64 * A 4-limb representation is an 'felem';
75 typedef uint64_t limb; typedef
79 typedef limb felem[4];
313 out[0] = *((const limb *)(in)) & 0x00ffffffffffffff; in bin28_to_felem()
397 static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2); in felem_diff()
398 static const limb two58m2 = (((limb) 1) << 58) - (((limb) in felem_diff()
[all...] |
| /third_party/openssl/crypto/ec/ |
| H A D | ecp_nistp521.c | 122 * Each of the nine values is called a 'limb'. Since the limbs are spaced only
124 * bits of each limb overlap with the least significant bits of the next.
131 typedef uint64_t limb; typedef
132 typedef limb limb_aX __attribute((__aligned__(1)));
133 typedef limb felem[NLIMBS];
136 static const limb bottom57bits = 0x1ffffffffffffff;
137 static const limb bottom58bits = 0x3ffffffffffffff;
145 out[0] = (*((limb *) & in[0])) & bottom58bits; in bin66_to_felem()
163 (*((limb *) & out[0])) = in[0]; in felem_to_bin66()
247 static void felem_scalar(felem out, const felem in, limb scala
[all...] |
| H A D | ecp_nistp256.c | 103 * apart, but are 128-bits wide, the most significant bits of each limb overlap
115 typedef uint128_t limb; typedef
116 typedef limb felem[NLIMBS];
117 typedef limb longfelem[NLIMBS * 2];
245 #define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9)
246 #define two105 (((limb)1) << 105)
247 #define two105m41p9 (((limb)1) << 105) - (((limb)
[all...] |
| H A D | ecp_nistp224.c | 64 * A 4-limb representation is an 'felem';
75 typedef uint64_t limb; typedef
79 typedef limb felem[4];
313 out[0] = *((const limb *)(in)) & 0x00ffffffffffffff; in bin28_to_felem()
397 static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2); in felem_diff()
398 static const limb two58m2 = (((limb) 1) << 58) - (((limb) in felem_diff()
[all...] |
| /third_party/node/deps/openssl/openssl/crypto/bn/ |
| H A D | bn_lib.c | 526 i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ in bn2binpad()
1027 BN_ULONG limb; in bn_correct_top_consttime() local
1031 limb = a->d[j]; in bn_correct_top_consttime()
1032 limb |= 0 - limb; in bn_correct_top_consttime()
1033 limb >>= BN_BITS2 - 1; in bn_correct_top_consttime()
1034 limb = 0 - limb; in bn_correct_top_consttime()
1035 mask = (unsigned int)limb; in bn_correct_top_consttime()
|
| /third_party/openssl/crypto/bn/ |
| H A D | bn_lib.c | 526 i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ in bn2binpad()
1027 BN_ULONG limb; in bn_correct_top_consttime() local
1031 limb = a->d[j]; in bn_correct_top_consttime()
1032 limb |= 0 - limb; in bn_correct_top_consttime()
1033 limb >>= BN_BITS2 - 1; in bn_correct_top_consttime()
1034 limb = 0 - limb; in bn_correct_top_consttime()
1035 mask = (unsigned int)limb; in bn_correct_top_consttime()
|
| /third_party/mbedtls/3rdparty/p256-m/p256-m/ |
| H A D | p256-m.c | 58 * Represented using 32-bit limbs, least significant limb first.
690 * Take advantage of the fact that both p's and n's least significant limb in m256_inv()
702 uint32_t limb = mod->m[i] - 2; in m256_inv() local
705 if ((limb & 1) != 0) { in m256_inv()
709 limb >>= 1; in m256_inv()
716 limb = mod->m[i]; in m256_inv()
|