Lines Matching full:product
434 uint128_t product; in vli_mult() local
436 product = mul_64_64(left[i], right[k - i]); in vli_mult()
438 r01 = add_128_128(r01, product); in vli_mult()
439 r2 += (r01.m_high < product.m_high); in vli_mult()
451 /* Compute product = left * right, for a small right value. */
459 uint128_t product; in vli_umult() local
461 product = mul_64_64(left[k], right); in vli_umult()
462 r01 = add_128_128(r01, product); in vli_umult()
488 uint128_t product; in vli_square() local
490 product = mul_64_64(left[i], left[k - i]); in vli_square()
493 r2 += product.m_high >> 63; in vli_square()
494 product.m_high = (product.m_high << 1) | in vli_square()
495 (product.m_low >> 63); in vli_square()
496 product.m_low <<= 1; in vli_square()
499 r01 = add_128_128(r01, product); in vli_square()
500 r2 += (r01.m_high < product.m_high); in vli_square()
546 * Computes result = product % mod
554 static void vli_mmod_special(u64 *result, const u64 *product, in vli_mmod_special() argument
561 vli_set(r, product, ndigits * 2); in vli_mmod_special()
575 * Computes result = product % mod
588 static void vli_mmod_special2(u64 *result, const u64 *product, in vli_mmod_special2() argument
601 vli_set(r, product, ndigits); in vli_mmod_special2()
603 vli_set(q, product + ndigits, ndigits); in vli_mmod_special2()
633 * Computes result = product % mod, where product is 2N words long.
637 static void vli_mmod_slow(u64 *result, u64 *product, const u64 *mod, in vli_mmod_slow() argument
642 u64 *v[2] = { tmp, product }; in vli_mmod_slow()
678 /* Computes result = product % mod using Barrett's reduction with precomputed
687 static void vli_mmod_barrett(u64 *result, u64 *product, const u64 *mod, in vli_mmod_barrett() argument
694 vli_mult(q, product + ndigits, mu, ndigits); in vli_mmod_barrett()
696 vli_add(q + ndigits, q + ndigits, product + ndigits, ndigits); in vli_mmod_barrett()
698 vli_sub(r, product, r, ndigits * 2); in vli_mmod_barrett()
713 static void vli_mmod_fast_192(u64 *result, const u64 *product, in vli_mmod_fast_192() argument
719 vli_set(result, product, ndigits); in vli_mmod_fast_192()
721 vli_set(tmp, &product[3], ndigits); in vli_mmod_fast_192()
725 tmp[1] = product[3]; in vli_mmod_fast_192()
726 tmp[2] = product[4]; in vli_mmod_fast_192()
729 tmp[0] = tmp[1] = product[5]; in vli_mmod_fast_192()
737 /* Computes result = product % curve_prime
740 static void vli_mmod_fast_256(u64 *result, const u64 *product, in vli_mmod_fast_256() argument
747 vli_set(result, product, ndigits); in vli_mmod_fast_256()
751 tmp[1] = product[5] & 0xffffffff00000000ull; in vli_mmod_fast_256()
752 tmp[2] = product[6]; in vli_mmod_fast_256()
753 tmp[3] = product[7]; in vli_mmod_fast_256()
758 tmp[1] = product[6] << 32; in vli_mmod_fast_256()
759 tmp[2] = (product[6] >> 32) | (product[7] << 32); in vli_mmod_fast_256()
760 tmp[3] = product[7] >> 32; in vli_mmod_fast_256()
765 tmp[0] = product[4]; in vli_mmod_fast_256()
766 tmp[1] = product[5] & 0xffffffff; in vli_mmod_fast_256()
768 tmp[3] = product[7]; in vli_mmod_fast_256()
772 tmp[0] = (product[4] >> 32) | (product[5] << 32); in vli_mmod_fast_256()
773 tmp[1] = (product[5] >> 32) | (product[6] & 0xffffffff00000000ull); in vli_mmod_fast_256()
774 tmp[2] = product[7]; in vli_mmod_fast_256()
775 tmp[3] = (product[6] >> 32) | (product[4] << 32); in vli_mmod_fast_256()
779 tmp[0] = (product[5] >> 32) | (product[6] << 32); in vli_mmod_fast_256()
780 tmp[1] = (product[6] >> 32); in vli_mmod_fast_256()
782 tmp[3] = (product[4] & 0xffffffff) | (product[5] << 32); in vli_mmod_fast_256()
786 tmp[0] = product[6]; in vli_mmod_fast_256()
787 tmp[1] = product[7]; in vli_mmod_fast_256()
789 tmp[3] = (product[4] >> 32) | (product[5] & 0xffffffff00000000ull); in vli_mmod_fast_256()
793 tmp[0] = (product[6] >> 32) | (product[7] << 32); in vli_mmod_fast_256()
794 tmp[1] = (product[7] >> 32) | (product[4] << 32); in vli_mmod_fast_256()
795 tmp[2] = (product[4] >> 32) | (product[5] << 32); in vli_mmod_fast_256()
796 tmp[3] = (product[6] << 32); in vli_mmod_fast_256()
800 tmp[0] = product[7]; in vli_mmod_fast_256()
801 tmp[1] = product[4] & 0xffffffff00000000ull; in vli_mmod_fast_256()
802 tmp[2] = product[5]; in vli_mmod_fast_256()
803 tmp[3] = product[6] & 0xffffffff00000000ull; in vli_mmod_fast_256()
820 /* Computes result = product % curve_prime
823 static void vli_mmod_fast_384(u64 *result, const u64 *product, in vli_mmod_fast_384() argument
830 vli_set(result, product, ndigits); in vli_mmod_fast_384()
835 tmp[2] = SL32OR32(product[11], (product[10]>>32)); //a22||a21 in vli_mmod_fast_384()
836 tmp[3] = product[11]>>32; // 0 ||a23 in vli_mmod_fast_384()
843 tmp[0] = product[6]; //a13||a12 in vli_mmod_fast_384()
844 tmp[1] = product[7]; //a15||a14 in vli_mmod_fast_384()
845 tmp[2] = product[8]; //a17||a16 in vli_mmod_fast_384()
846 tmp[3] = product[9]; //a19||a18 in vli_mmod_fast_384()
847 tmp[4] = product[10]; //a21||a20 in vli_mmod_fast_384()
848 tmp[5] = product[11]; //a23||a22 in vli_mmod_fast_384()
852 tmp[0] = SL32OR32(product[11], (product[10]>>32)); //a22||a21 in vli_mmod_fast_384()
853 tmp[1] = SL32OR32(product[6], (product[11]>>32)); //a12||a23 in vli_mmod_fast_384()
854 tmp[2] = SL32OR32(product[7], (product[6])>>32); //a14||a13 in vli_mmod_fast_384()
855 tmp[3] = SL32OR32(product[8], (product[7]>>32)); //a16||a15 in vli_mmod_fast_384()
856 tmp[4] = SL32OR32(product[9], (product[8]>>32)); //a18||a17 in vli_mmod_fast_384()
857 tmp[5] = SL32OR32(product[10], (product[9]>>32)); //a20||a19 in vli_mmod_fast_384()
861 tmp[0] = AND64H(product[11]); //a23|| 0 in vli_mmod_fast_384()
862 tmp[1] = (product[10]<<32); //a20|| 0 in vli_mmod_fast_384()
863 tmp[2] = product[6]; //a13||a12 in vli_mmod_fast_384()
864 tmp[3] = product[7]; //a15||a14 in vli_mmod_fast_384()
865 tmp[4] = product[8]; //a17||a16 in vli_mmod_fast_384()
866 tmp[5] = product[9]; //a19||a18 in vli_mmod_fast_384()
872 tmp[2] = product[10]; //a21||a20 in vli_mmod_fast_384()
873 tmp[3] = product[11]; //a23||a22 in vli_mmod_fast_384()
879 tmp[0] = AND64L(product[10]); // 0 ||a20 in vli_mmod_fast_384()
880 tmp[1] = AND64H(product[10]); //a21|| 0 in vli_mmod_fast_384()
881 tmp[2] = product[11]; //a23||a22 in vli_mmod_fast_384()
888 tmp[0] = SL32OR32(product[6], (product[11]>>32)); //a12||a23 in vli_mmod_fast_384()
889 tmp[1] = SL32OR32(product[7], (product[6]>>32)); //a14||a13 in vli_mmod_fast_384()
890 tmp[2] = SL32OR32(product[8], (product[7]>>32)); //a16||a15 in vli_mmod_fast_384()
891 tmp[3] = SL32OR32(product[9], (product[8]>>32)); //a18||a17 in vli_mmod_fast_384()
892 tmp[4] = SL32OR32(product[10], (product[9]>>32)); //a20||a19 in vli_mmod_fast_384()
893 tmp[5] = SL32OR32(product[11], (product[10]>>32)); //a22||a21 in vli_mmod_fast_384()
897 tmp[0] = (product[10]<<32); //a20|| 0 in vli_mmod_fast_384()
898 tmp[1] = SL32OR32(product[11], (product[10]>>32)); //a22||a21 in vli_mmod_fast_384()
899 tmp[2] = (product[11]>>32); // 0 ||a23 in vli_mmod_fast_384()
907 tmp[1] = AND64H(product[11]); //a23|| 0 in vli_mmod_fast_384()
908 tmp[2] = product[11]>>32; // 0 ||a23 in vli_mmod_fast_384()
930 * Computes result = product % curve_prime
934 static void vli_mmod_fast_521(u64 *result, const u64 *product, in vli_mmod_fast_521() argument
940 /* Initialize result with lowest 521 bits from product */ in vli_mmod_fast_521()
941 vli_set(result, product, ndigits); in vli_mmod_fast_521()
945 tmp[i] = (product[8 + i] >> 9) | (product[9 + i] << 55); in vli_mmod_fast_521()
951 /* Computes result = product % curve_prime for different curve_primes.
956 static bool vli_mmod_fast(u64 *result, u64 *product, in vli_mmod_fast() argument
967 vli_mmod_special(result, product, curve_prime, in vli_mmod_fast()
972 vli_mmod_special2(result, product, curve_prime, in vli_mmod_fast()
976 vli_mmod_barrett(result, product, curve_prime, ndigits); in vli_mmod_fast()
982 vli_mmod_fast_192(result, product, curve_prime, tmp); in vli_mmod_fast()
985 vli_mmod_fast_256(result, product, curve_prime, tmp); in vli_mmod_fast()
988 vli_mmod_fast_384(result, product, curve_prime, tmp); in vli_mmod_fast()
991 vli_mmod_fast_521(result, product, curve_prime, tmp); in vli_mmod_fast()
1007 u64 product[ECC_MAX_DIGITS * 2]; in vli_mod_mult_slow() local
1009 vli_mult(product, left, right, ndigits); in vli_mod_mult_slow()
1010 vli_mmod_slow(result, product, mod, ndigits); in vli_mod_mult_slow()
1018 u64 product[2 * ECC_MAX_DIGITS]; in vli_mod_mult_fast() local
1020 vli_mult(product, left, right, curve->g.ndigits); in vli_mod_mult_fast()
1021 vli_mmod_fast(result, product, curve); in vli_mod_mult_fast()
1028 u64 product[2 * ECC_MAX_DIGITS]; in vli_mod_square_fast() local
1030 vli_square(product, left, curve->g.ndigits); in vli_mod_square_fast()
1031 vli_mmod_fast(result, product, curve); in vli_mod_square_fast()
1667 struct ecc_point *product, *pk; in crypto_ecdh_shared_secret() local
1693 product = ecc_alloc_point(ndigits); in crypto_ecdh_shared_secret()
1694 if (!product) { in crypto_ecdh_shared_secret()
1699 ecc_point_mult(product, pk, private_key, rand_z, curve, ndigits); in crypto_ecdh_shared_secret()
1701 if (ecc_point_is_zero(product)) { in crypto_ecdh_shared_secret()
1706 ecc_swap_digits(product->x, secret, ndigits); in crypto_ecdh_shared_secret()
1710 ecc_free_point(product); in crypto_ecdh_shared_secret()