121  * Each of the nine values is called a 'limb'. Since the limbs are spaced only
123  * bits of each limb overlap with the least significant bits of the next.
130 typedef uint64_t limb;
131 typedef limb felem[NLIMBS];
134 static const limb bottom57bits = 0x1ffffffffffffff;
135 static const limb bottom58bits = 0x3ffffffffffffff;
143     out[0] = (*((limb *) & in[0])) & bottom58bits;
144     out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits;
145     out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits;
146     out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits;
147     out[4] = (*((limb *) & in[29])) & bottom58bits;
148     out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits;
149     out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits;
150     out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits;
151     out[8] = (*((limb *) & in[58])) & bottom57bits;
161     (*((limb *) & out[0])) = in[0];
162     (*((limb *) & out[7])) |= in[1] << 2;
163     (*((limb *) & out[14])) |= in[2] << 4;
164     (*((limb *) & out[21])) |= in[3] << 6;
165     (*((limb *) & out[29])) = in[4];
166     (*((limb *) & out[36])) |= in[5] << 2;
167     (*((limb *) & out[43])) |= in[6] << 4;
168     (*((limb *) & out[50])) |= in[7] << 6;
169     (*((limb *) & out[58])) = in[8];
259 static void felem_scalar(felem out, const felem in, limb scalar)
273 static void felem_scalar64(felem out, limb scalar)
287 static void felem_scalar128(largefelem out, limb scalar)
310     static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
311     static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);
336     static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
337     static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);
362     static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5);
363     static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4);
587 static const limb bottom52bits = 0xfffffffffffff;
600     out[0] = ((limb) in[0]) & bottom58bits;
601     out[1] = ((limb) in[1]) & bottom58bits;
602     out[2] = ((limb) in[2]) & bottom58bits;
603     out[3] = ((limb) in[3]) & bottom58bits;
604     out[4] = ((limb) in[4]) & bottom58bits;
605     out[5] = ((limb) in[5]) & bottom58bits;
606     out[6] = ((limb) in[6]) & bottom58bits;
607     out[7] = ((limb) in[7]) & bottom58bits;
608     out[8] = ((limb) in[8]) & bottom58bits;
612     out[1] += ((limb) in[0]) >> 58;
613     out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6;
618     out[2] += ((limb) (in[0] >> 64)) >> 52;
620     out[2] += ((limb) in[1]) >> 58;
621     out[2] += (((limb) (in[1] >> 64)) & bottom52bits) << 6;
622     out[3] += ((limb) (in[1] >> 64)) >> 52;
624     out[3] += ((limb) in[2]) >> 58;
625     out[3] += (((limb) (in[2] >> 64)) & bottom52bits) << 6;
626     out[4] += ((limb) (in[2] >> 64)) >> 52;
628     out[4] += ((limb) in[3]) >> 58;
629     out[4] += (((limb) (in[3] >> 64)) & bottom52bits) << 6;
630     out[5] += ((limb) (in[3] >> 64)) >> 52;
632     out[5] += ((limb) in[4]) >> 58;
633     out[5] += (((limb) (in[4] >> 64)) & bottom52bits) << 6;
634     out[6] += ((limb) (in[4] >> 64)) >> 52;
636     out[6] += ((limb) in[5]) >> 58;
637     out[6] += (((limb) (in[5] >> 64)) & bottom52bits) << 6;
638     out[7] += ((limb) (in[5] >> 64)) >> 52;
640     out[7] += ((limb) in[6]) >> 58;
641     out[7] += (((limb) (in[6] >> 64)) & bottom52bits) << 6;
642     out[8] += ((limb) (in[6] >> 64)) >> 52;
644     out[8] += ((limb) in[7]) >> 58;
645     out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6;
650     overflow1 = ((limb) (in[7] >> 64)) >> 52;
652     overflow1 += ((limb) in[8]) >> 58;
653     overflow1 += (((limb) (in[8] >> 64)) & bottom52bits) << 6;
654     overflow2 = ((limb) (in[8] >> 64)) >> 52;
801  * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
806 static limb felem_is_zero(const felem in)
809     limb is_zero, is_p;
834      * The ninth limb of 2*(2^521-1) is 0x03ffffffffffffff, which is greater
876     return (int)(felem_is_zero(in) & ((limb) 1));
886     limb is_p, is_greater, sign;
887     static const limb two58 = ((limb) 1) << 58;
1128 static void copy_conditional(felem out, const felem in, limb mask)
1132         const limb tmp = mask & (in[i] ^ out[i]);
1155     limb x_equal, y_equal, z1_is_zero, z2_is_zero;
1453 static void select_point(const limb idx, unsigned int size,
1457     limb *outlimbs = &out[0][0];
1461         const limb *inlimbs = &pre_comp[i][0][0];
1462         limb mask = i ^ idx;
1497     limb bits;
1553                 copy_conditional(tmp[1], tmp[3], (-(limb) sign));

Indexes created Wed Aug 28 06:45:35 MDT 2024