• Home
  • History
  • Annotate
  • Raw
  • Download
  • only in /freebsd-13-stable/contrib/bearssl/src/ec/

Lines Matching defs:P1

831  * Point addition (Jacobian coordinates): P1 is replaced with P1+P2.
834  *   - If P1 == 0 but P2 != 0
835  *   - If P1 != 0 but P2 == 0
836  *   - If P1 == P2
838  * In all three cases, P1 is set to the point at infinity.
842  *   - P1 and P2 have the same Y coordinate.
843  *   - P1 == 0 and P2 == 0.
851  * Therefore, assuming that P1 != 0 and P2 != 0 on input, then the caller
856  *     P1+P2 == 0, so the result is indeed the point at infinity.
857  *   - Otherwise, P1 == P2, so a "double" operation should have been
861  * e.g. if P1 and P2 have the same Y coordinate, but distinct X coordinates.
864 p256_add(p256_jacobian *P1, const p256_jacobian *P2)
886 	f256_montymul(t1, P1->x, t3);
888 	f256_montymul(t3, P1->y, t4);
893 	f256_montysquare(t4, P1->z);
895 	f256_montymul(t5, P1->z, t4);
920 	f256_montysquare(P1->x, t4);
921 	f256_sub(P1->x, P1->x, t5);
922 	f256_sub(P1->x, P1->x, t6);
923 	f256_sub(P1->x, P1->x, t6);
928 	f256_sub(t6, t6, P1->x);
929 	f256_montymul(P1->y, t4, t6);
931 	f256_sub(P1->y, P1->y, t1);
936 	f256_montymul(t1, P1->z, P2->z);
937 	f256_montymul(P1->z, t1, t2);
943  * Point addition (mixed coordinates): P1 is replaced with P1+P2.
949  *   - If P1 == 0
950  *   - If P1 == P2
952  * In both cases, P1 is set to the point at infinity.
956  *   - P1 and P2 have the same Y (affine) coordinate.
957  *   - The Y coordinate of P2 is 0 and P1 is the point at infinity.
963  * Therefore, assuming that P1 != 0 on input, then the caller
968  *     P1+P2 == 0, so the result is indeed the point at infinity.
969  *   - Otherwise, P1 == P2, so a "double" operation should have been
976 p256_add_mixed(p256_jacobian *P1, const p256_affine *P2)
997 	memcpy(t1, P1->x, sizeof t1);
998 	memcpy(t3, P1->y, sizeof t3);
1003 	f256_montysquare(t4, P1->z);
1005 	f256_montymul(t5, P1->z, t4);
1030 	f256_montysquare(P1->x, t4);
1031 	f256_sub(P1->x, P1->x, t5);
1032 	f256_sub(P1->x, P1->x, t6);
1033 	f256_sub(P1->x, P1->x, t6);
1038 	f256_sub(t6, t6, P1->x);
1039 	f256_montymul(P1->y, t4, t6);
1041 	f256_sub(P1->y, P1->y, t1);
1046 	f256_montymul(P1->z, P1->z, t2);
1054  * Point addition (mixed coordinates, complete): P1 is replaced with P1+P2.
1061 p256_add_complete_mixed(p256_jacobian *P1, const p256_affine *P2)
1078 	 *  - If P1 is the point-at-infinity (z1 = 0), then z3 is
1081 	 *  - If P1 = P2, then u1 = u2 and s1 = s2, and x3, y3 and z3
1084 	 * However, if P1 + P2 = 0, then u1 = u2 but s1 != s2, and then
1087 	 * To fix the case P1 = 0, we perform at the end a copy of P2
1088 	 * over P1, conditional to z1 = 0.
1090 	 * For P1 = P2: in that case, both h and r are set to 0, and
1092 	 * occurrence to make a mask which will be all-one if P1 = P2,
1112 	 * Set zz to -1 if P1 is the point at infinity, 0 otherwise.
1114 	zz = P1->z[0] | P1->z[1] | P1->z[2] | P1->z[3] | P1->z[4];
1120 	memcpy(t1, P1->x, sizeof t1);
1121 	memcpy(t3, P1->y, sizeof t3);
1126 	f256_montysquare(t4, P1->z);
1128 	f256_montymul(t5, P1->z, t4);
1139 	 * If both h = 0 and r = 0, then P1 = P2, and we want to set
1158 	f256_montysquare(P1->x, t4);
1159 	f256_sub(P1->x, P1->x, t5);
1160 	f256_sub(P1->x, P1->x, t6);
1161 	f256_sub(P1->x, P1->x, t6);
1166 	f256_sub(t6, t6, P1->x);
1167 	f256_montymul(P1->y, t4, t6);
1169 	f256_sub(P1->y, P1->y, t1);
1174 	f256_montymul(P1->z, P1->z, t2);
1177 	 * The "double" result, in case P1 = P2.
1223 		P1->x[i] |= tt & t5[i];
1224 		P1->y[i] |= tt & t6[i];
1225 		P1->z[i] |= tt & t1[i];
1229 	 * If P1 = 0, then we get z3 = 0 (which is invalid); if z1 is 0,
1234 		P1->x[i] ^= zz & (P1->x[i] ^ P2->x[i]);
1235 		P1->y[i] ^= zz & (P1->y[i] ^ P2->y[i]);
1236 		P1->z[i] ^= zz & (P1->z[i] ^ F256_R[i]);