Lines Matching +full:19 +full:- +full:input
1 // SPDX-License-Identifier: GPL-2.0 OR MIT
3 * Copyright (C) 2016-2017 INRIA and Microsoft Corporation.
4 * Copyright (C) 2018-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
6 * This is a machine-generated formally verified implementation of Curve25519
7 * ECDH from: <https://github.com/mitls/hacl-star>. Though originally machine
9 * optimized for 64-bit machines that can efficiently work with 128-bit
23 u64 c = xnx - (u64)1U; in u64_eq_mask()
32 u64 x_sub_y = x - y; in u64_gte_mask()
37 u64 c = x_xor_q_ - (u64)1U; in u64_gte_mask()
46 u64 b0_ = b0 + 19 * (b4 >> 51); in modulo_carry_top()
51 static __always_inline void fproduct_copy_from_wide_(u64 *output, u128 *input) in fproduct_copy_from_wide_() argument
54 u128 xi = input[0]; in fproduct_copy_from_wide_()
58 u128 xi = input[1]; in fproduct_copy_from_wide_()
62 u128 xi = input[2]; in fproduct_copy_from_wide_()
66 u128 xi = input[3]; in fproduct_copy_from_wide_()
70 u128 xi = input[4]; in fproduct_copy_from_wide_()
76 fproduct_sum_scalar_multiplication_(u128 *output, u64 *input, u64 s) in fproduct_sum_scalar_multiplication_() argument
78 output[0] += (u128)input[0] * s; in fproduct_sum_scalar_multiplication_()
79 output[1] += (u128)input[1] * s; in fproduct_sum_scalar_multiplication_()
80 output[2] += (u128)input[2] * s; in fproduct_sum_scalar_multiplication_()
81 output[3] += (u128)input[3] * s; in fproduct_sum_scalar_multiplication_()
82 output[4] += (u128)input[4] * s; in fproduct_sum_scalar_multiplication_()
131 u32 ctr = 5 - 0 - 1; in fmul_shift_reduce()
132 u64 z = output[ctr - 1]; in fmul_shift_reduce()
136 u32 ctr = 5 - 1 - 1; in fmul_shift_reduce()
137 u64 z = output[ctr - 1]; in fmul_shift_reduce()
141 u32 ctr = 5 - 2 - 1; in fmul_shift_reduce()
142 u64 z = output[ctr - 1]; in fmul_shift_reduce()
146 u32 ctr = 5 - 3 - 1; in fmul_shift_reduce()
147 u64 z = output[ctr - 1]; in fmul_shift_reduce()
152 output[0] = 19 * b0; in fmul_shift_reduce()
155 static __always_inline void fmul_mul_shift_reduce_(u128 *output, u64 *input, in fmul_mul_shift_reduce_() argument
162 fproduct_sum_scalar_multiplication_(output, input, input2i); in fmul_mul_shift_reduce_()
163 fmul_shift_reduce(input); in fmul_mul_shift_reduce_()
167 fproduct_sum_scalar_multiplication_(output, input, input2i); in fmul_mul_shift_reduce_()
168 fmul_shift_reduce(input); in fmul_mul_shift_reduce_()
172 fproduct_sum_scalar_multiplication_(output, input, input2i); in fmul_mul_shift_reduce_()
173 fmul_shift_reduce(input); in fmul_mul_shift_reduce_()
177 fproduct_sum_scalar_multiplication_(output, input, input2i); in fmul_mul_shift_reduce_()
178 fmul_shift_reduce(input); in fmul_mul_shift_reduce_()
182 fproduct_sum_scalar_multiplication_(output, input, input2i); in fmul_mul_shift_reduce_()
185 static __always_inline void fmul_fmul(u64 *output, u64 *input, u64 *input21) in fmul_fmul() argument
187 u64 tmp[5] = { input[0], input[1], input[2], input[3], input[4] }; in fmul_fmul()
203 b0_ = ((b0) + (((u128)(19) * (((u64)(((b4) >> (51)))))))); in fmul_fmul()
225 u64 d2 = r2 * 2 * 19; in fsquare_fsquare__()
226 u64 d419 = r4 * 19; in fsquare_fsquare__()
231 (((u128)(r3 * 19) * (r3)))); in fsquare_fsquare__()
260 b0_ = ((b0) + (((u128)(19) * (((u64)(((b4) >> (51)))))))); in fsquare_fsquare_()
281 static __always_inline void fsquare_fsquare_times(u64 *output, u64 *input, in fsquare_fsquare_times() argument
285 memcpy(output, input, 5 * sizeof(*input)); in fsquare_fsquare_times()
371 a[0] = yi - xi; in fdifference()
376 a[1] = yi - xi; in fdifference()
381 a[2] = yi - xi; in fdifference()
386 a[3] = yi - xi; in fdifference()
391 a[4] = yi - xi; in fdifference()
426 b0_ = ((b0) + (((u128)(19) * (((u64)(((b4) >> (51)))))))); in fscalar()
437 static __always_inline void crecip(u64 *output, u64 *input) in crecip() argument
439 crecip_crecip(output, input); in crecip()
445 u32 i = ctr - 1; in point_swap_conditional_step()
466 u64 swap1 = 0 - iswap; in point_swap_conditional()
471 static __always_inline void point_copy(u64 *output, u64 *input) in point_copy() argument
473 memcpy(output, input, 5 * sizeof(*input)); in point_copy()
474 memcpy(output + 5, input + 5, 5 * sizeof(*input)); in point_copy()
569 while (i--) { in ladder_smallloop_cmult_small_loop()
581 while (i--) { in ladder_bigloop_cmult_big_loop()
601 static __always_inline void format_fexpand(u64 *output, const u8 *input) in format_fexpand() argument
603 const u8 *x00 = input + 6; in format_fexpand()
604 const u8 *x01 = input + 12; in format_fexpand()
605 const u8 *x02 = input + 19; in format_fexpand()
606 const u8 *x0 = input + 24; in format_fexpand()
608 i0 = get_unaligned_le64(input); in format_fexpand()
625 static __always_inline void format_fcontract_first_carry_pass(u64 *input) in format_fcontract_first_carry_pass() argument
627 u64 t0 = input[0]; in format_fcontract_first_carry_pass()
628 u64 t1 = input[1]; in format_fcontract_first_carry_pass()
629 u64 t2 = input[2]; in format_fcontract_first_carry_pass()
630 u64 t3 = input[3]; in format_fcontract_first_carry_pass()
631 u64 t4 = input[4]; in format_fcontract_first_carry_pass()
640 input[0] = t0_; in format_fcontract_first_carry_pass()
641 input[1] = t1__; in format_fcontract_first_carry_pass()
642 input[2] = t2__; in format_fcontract_first_carry_pass()
643 input[3] = t3__; in format_fcontract_first_carry_pass()
644 input[4] = t4_; in format_fcontract_first_carry_pass()
647 static __always_inline void format_fcontract_first_carry_full(u64 *input) in format_fcontract_first_carry_full() argument
649 format_fcontract_first_carry_pass(input); in format_fcontract_first_carry_full()
650 modulo_carry_top(input); in format_fcontract_first_carry_full()
653 static __always_inline void format_fcontract_second_carry_pass(u64 *input) in format_fcontract_second_carry_pass() argument
655 u64 t0 = input[0]; in format_fcontract_second_carry_pass()
656 u64 t1 = input[1]; in format_fcontract_second_carry_pass()
657 u64 t2 = input[2]; in format_fcontract_second_carry_pass()
658 u64 t3 = input[3]; in format_fcontract_second_carry_pass()
659 u64 t4 = input[4]; in format_fcontract_second_carry_pass()
668 input[0] = t0_; in format_fcontract_second_carry_pass()
669 input[1] = t1__; in format_fcontract_second_carry_pass()
670 input[2] = t2__; in format_fcontract_second_carry_pass()
671 input[3] = t3__; in format_fcontract_second_carry_pass()
672 input[4] = t4_; in format_fcontract_second_carry_pass()
675 static __always_inline void format_fcontract_second_carry_full(u64 *input) in format_fcontract_second_carry_full() argument
681 format_fcontract_second_carry_pass(input); in format_fcontract_second_carry_full()
682 modulo_carry_top(input); in format_fcontract_second_carry_full()
683 i0 = input[0]; in format_fcontract_second_carry_full()
684 i1 = input[1]; in format_fcontract_second_carry_full()
687 input[0] = i0_; in format_fcontract_second_carry_full()
688 input[1] = i1_; in format_fcontract_second_carry_full()
691 static __always_inline void format_fcontract_trim(u64 *input) in format_fcontract_trim() argument
693 u64 a0 = input[0]; in format_fcontract_trim()
694 u64 a1 = input[1]; in format_fcontract_trim()
695 u64 a2 = input[2]; in format_fcontract_trim()
696 u64 a3 = input[3]; in format_fcontract_trim()
697 u64 a4 = input[4]; in format_fcontract_trim()
704 u64 a0_ = a0 - (0x7ffffffffffedLLU & mask); in format_fcontract_trim()
705 u64 a1_ = a1 - (0x7ffffffffffffLLU & mask); in format_fcontract_trim()
706 u64 a2_ = a2 - (0x7ffffffffffffLLU & mask); in format_fcontract_trim()
707 u64 a3_ = a3 - (0x7ffffffffffffLLU & mask); in format_fcontract_trim()
708 u64 a4_ = a4 - (0x7ffffffffffffLLU & mask); in format_fcontract_trim()
709 input[0] = a0_; in format_fcontract_trim()
710 input[1] = a1_; in format_fcontract_trim()
711 input[2] = a2_; in format_fcontract_trim()
712 input[3] = a3_; in format_fcontract_trim()
713 input[4] = a4_; in format_fcontract_trim()
716 static __always_inline void format_fcontract_store(u8 *output, u64 *input) in format_fcontract_store() argument
718 u64 t0 = input[0]; in format_fcontract_store()
719 u64 t1 = input[1]; in format_fcontract_store()
720 u64 t2 = input[2]; in format_fcontract_store()
721 u64 t3 = input[3]; in format_fcontract_store()
722 u64 t4 = input[4]; in format_fcontract_store()
737 static __always_inline void format_fcontract(u8 *output, u64 *input) in format_fcontract() argument
739 format_fcontract_first_carry_full(input); in format_fcontract()
740 format_fcontract_second_carry_full(input); in format_fcontract()
741 format_fcontract_trim(input); in format_fcontract()
742 format_fcontract_store(output, input); in format_fcontract()