Lines Matching refs:product
410 uint128_t product;
412 product = mul_64_64(left[i], right[k - i]);
414 r01 = add_128_128(r01, product);
415 r2 += (r01.m_high < product.m_high);
427 /* Compute product = left * right, for a small right value. */
435 uint128_t product;
437 product = mul_64_64(left[k], right);
438 r01 = add_128_128(r01, product);
464 uint128_t product;
466 product = mul_64_64(left[i], left[k - i]);
469 r2 += product.m_high >> 63;
470 product.m_high = (product.m_high << 1) |
471 (product.m_low >> 63);
472 product.m_low <<= 1;
475 r01 = add_128_128(r01, product);
476 r2 += (r01.m_high < product.m_high);
522 * Computes result = product % mod
530 static void vli_mmod_special(u64 *result, const u64 *product,
537 vli_set(r, product, ndigits * 2);
551 * Computes result = product % mod
564 static void vli_mmod_special2(u64 *result, const u64 *product,
577 vli_set(r, product, ndigits);
579 vli_set(q, product + ndigits, ndigits);
609 * Computes result = product % mod, where product is 2N words long.
613 static void vli_mmod_slow(u64 *result, u64 *product, const u64 *mod,
618 u64 *v[2] = { tmp, product };
654 /* Computes result = product % mod using Barrett's reduction with precomputed
663 static void vli_mmod_barrett(u64 *result, u64 *product, const u64 *mod,
670 vli_mult(q, product + ndigits, mu, ndigits);
672 vli_add(q + ndigits, q + ndigits, product + ndigits, ndigits);
674 vli_sub(r, product, r, ndigits * 2);
689 static void vli_mmod_fast_192(u64 *result, const u64 *product,
695 vli_set(result, product, ndigits);
697 vli_set(tmp, &product[3], ndigits);
701 tmp[1] = product[3];
702 tmp[2] = product[4];
705 tmp[0] = tmp[1] = product[5];
713 /* Computes result = product % curve_prime
716 static void vli_mmod_fast_256(u64 *result, const u64 *product,
723 vli_set(result, product, ndigits);
727 tmp[1] = product[5] & 0xffffffff00000000ull;
728 tmp[2] = product[6];
729 tmp[3] = product[7];
734 tmp[1] = product[6] << 32;
735 tmp[2] = (product[6] >> 32) | (product[7] << 32);
736 tmp[3] = product[7] >> 32;
741 tmp[0] = product[4];
742 tmp[1] = product[5] & 0xffffffff;
744 tmp[3] = product[7];
748 tmp[0] = (product[4] >> 32) | (product[5] << 32);
749 tmp[1] = (product[5] >> 32) | (product[6] & 0xffffffff00000000ull);
750 tmp[2] = product[7];
751 tmp[3] = (product[6] >> 32) | (product[4] << 32);
755 tmp[0] = (product[5] >> 32) | (product[6] << 32);
756 tmp[1] = (product[6] >> 32);
758 tmp[3] = (product[4] & 0xffffffff) | (product[5] << 32);
762 tmp[0] = product[6];
763 tmp[1] = product[7];
765 tmp[3] = (product[4] >> 32) | (product[5] & 0xffffffff00000000ull);
769 tmp[0] = (product[6] >> 32) | (product[7] << 32);
770 tmp[1] = (product[7] >> 32) | (product[4] << 32);
771 tmp[2] = (product[4] >> 32) | (product[5] << 32);
772 tmp[3] = (product[6] << 32);
776 tmp[0] = product[7];
777 tmp[1] = product[4] & 0xffffffff00000000ull;
778 tmp[2] = product[5];
779 tmp[3] = product[6] & 0xffffffff00000000ull;
796 /* Computes result = product % curve_prime
799 static void vli_mmod_fast_384(u64 *result, const u64 *product,
806 vli_set(result, product, ndigits);
811 tmp[2] = SL32OR32(product[11], (product[10]>>32)); //a22||a21
812 tmp[3] = product[11]>>32; // 0 ||a23
819 tmp[0] = product[6]; //a13||a12
820 tmp[1] = product[7]; //a15||a14
821 tmp[2] = product[8]; //a17||a16
822 tmp[3] = product[9]; //a19||a18
823 tmp[4] = product[10]; //a21||a20
824 tmp[5] = product[11]; //a23||a22
828 tmp[0] = SL32OR32(product[11], (product[10]>>32)); //a22||a21
829 tmp[1] = SL32OR32(product[6], (product[11]>>32)); //a12||a23
830 tmp[2] = SL32OR32(product[7], (product[6])>>32); //a14||a13
831 tmp[3] = SL32OR32(product[8], (product[7]>>32)); //a16||a15
832 tmp[4] = SL32OR32(product[9], (product[8]>>32)); //a18||a17
833 tmp[5] = SL32OR32(product[10], (product[9]>>32)); //a20||a19
837 tmp[0] = AND64H(product[11]); //a23|| 0
838 tmp[1] = (product[10]<<32); //a20|| 0
839 tmp[2] = product[6]; //a13||a12
840 tmp[3] = product[7]; //a15||a14
841 tmp[4] = product[8]; //a17||a16
842 tmp[5] = product[9]; //a19||a18
848 tmp[2] = product[10]; //a21||a20
849 tmp[3] = product[11]; //a23||a22
855 tmp[0] = AND64L(product[10]); // 0 ||a20
856 tmp[1] = AND64H(product[10]); //a21|| 0
857 tmp[2] = product[11]; //a23||a22
864 tmp[0] = SL32OR32(product[6], (product[11]>>32)); //a12||a23
865 tmp[1] = SL32OR32(product[7], (product[6]>>32)); //a14||a13
866 tmp[2] = SL32OR32(product[8], (product[7]>>32)); //a16||a15
867 tmp[3] = SL32OR32(product[9], (product[8]>>32)); //a18||a17
868 tmp[4] = SL32OR32(product[10], (product[9]>>32)); //a20||a19
869 tmp[5] = SL32OR32(product[11], (product[10]>>32)); //a22||a21
873 tmp[0] = (product[10]<<32); //a20|| 0
874 tmp[1] = SL32OR32(product[11], (product[10]>>32)); //a22||a21
875 tmp[2] = (product[11]>>32); // 0 ||a23
883 tmp[1] = AND64H(product[11]); //a23|| 0
884 tmp[2] = product[11]>>32; // 0 ||a23
905 /* Computes result = product % curve_prime for different curve_primes.
910 static bool vli_mmod_fast(u64 *result, u64 *product,
921 vli_mmod_special(result, product, curve_prime,
926 vli_mmod_special2(result, product, curve_prime,
930 vli_mmod_barrett(result, product, curve_prime, ndigits);
936 vli_mmod_fast_192(result, product, curve_prime, tmp);
939 vli_mmod_fast_256(result, product, curve_prime, tmp);
942 vli_mmod_fast_384(result, product, curve_prime, tmp);
958 u64 product[ECC_MAX_DIGITS * 2];
960 vli_mult(product, left, right, ndigits);
961 vli_mmod_slow(result, product, mod, ndigits);
969 u64 product[2 * ECC_MAX_DIGITS];
971 vli_mult(product, left, right, curve->g.ndigits);
972 vli_mmod_fast(result, product, curve);
979 u64 product[2 * ECC_MAX_DIGITS];
981 vli_square(product, left, curve->g.ndigits);
982 vli_mmod_fast(result, product, curve);
1614 struct ecc_point *product, *pk;
1644 product = ecc_alloc_point(ndigits);
1645 if (!product) {
1650 ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
1652 if (ecc_point_is_zero(product)) {
1657 ecc_swap_digits(product->x, secret, ndigits);
1662 ecc_free_point(product);