Lines Matching defs:out
75 // Add computes *out = a+b
78 void Add(FieldElement* out, const FieldElement& a, const FieldElement& b) {
80 (*out)[i] = a[i] + b[i];
95 // Subtract computes *out = a-b
98 // out[i] < 2**32
99 void Subtract(FieldElement* out, const FieldElement& a, const FieldElement& b) {
102 (*out)[i] = a[i] + kZero31ModP[i] - b[i];
126 void ReduceLarge(FieldElement* out, LargeFieldElement* inptr) {
143 // As the values become small enough, we start to store them in |out| and use
147 (*out)[i] = static_cast<uint32>(in[i] & kBottom28Bits);
152 (*out)[3] += static_cast<uint32>(in[8] & 0xffff) << 12; // "-2**96" term
153 (*out)[4] += static_cast<uint32>(in[8] >> 16); // rest of "-2**96" term
155 // out[3] < 2**29
156 // out[4] < 2**29
157 // out[1,2,5..7] < 2**28
159 (*out)[0] = static_cast<uint32>(in[0] & kBottom28Bits);
160 (*out)[1] += static_cast<uint32>((in[0] >> 28) & kBottom28Bits);
161 (*out)[2] += static_cast<uint32>(in[0] >> 56);
162 // out[0] < 2**28
163 // out[1..4] < 2**29
164 // out[5..7] < 2**28
167 // Mul computes *out = a*b
170 // out[i] < 2**29
171 void Mul(FieldElement* out, const FieldElement& a, const FieldElement& b) {
181 ReduceLarge(out, &tmp);
184 // Square computes *out = a*a
187 // out[i] < 2**29
188 void Square(FieldElement* out, const FieldElement& a) {
203 ReduceLarge(out, &tmp);
241 // Invert calcuates *out = in**-1 by computing in**(2**224 - 2**96 - 1), i.e.
243 void Invert(FieldElement* out, const FieldElement& in) {
288 Mul(out, f1, f3); // 2**224 - 2**96 - 1
296 FieldElement& out = *inout;
300 out[i+1] += out[i] >> 28;
301 out[i] &= kBottom28Bits;
303 uint32 top = out[7] >> 28;
304 out[7] &= kBottom28Bits;
307 out[0] -= top;
308 out[3] += top << 12;
310 // We may just have made out[0] negative. So we carry down. If we made
311 // out[0] negative then we know that out[3] is sufficiently positive
314 uint32 mask = static_cast<uint32>(static_cast<int32>(out[i]) >> 31);
315 out[i] += (1 << 28) & mask;
316 out[i+1] -= 1 & mask;
319 // We might have pushed out[3] over 2**28 so we perform another, partial
322 out[i+1] += out[i] >> 28;
323 out[i] &= kBottom28Bits;
325 top = out[7] >> 28;
326 out[7] &= kBottom28Bits;
329 out[0] -= top;
330 out[3] += top << 12;
332 // There are two cases to consider for out[3]:
333 // 1) The first time that we eliminated top, we didn't push out[3] over
336 // 2) We did push out[3] over 2**28 the first time that we eliminated top.
338 // the first top, 0xfff1000 <= out[3] <= 0xfffffff. Therefore, after
339 // overflowing and being reduced by the second carry chain, out[3] <=
343 // Again, we may just have made out[0] negative, so do the same carry down.
344 // As before, if we made out[0] negative then we know that out[3] is
347 uint32 mask = static_cast<uint32>(static_cast<int32>(out[i]) >> 31);
348 out[i] += (1 << 28) & mask;
349 out[i+1] -= 1 & mask;
361 top_4_all_ones &= out[i];
374 uint32 bottom_3_non_zero = out[0] | out[1] | out[2];
383 // Everything depends on the value of out[3].
388 uint32 n = out[3] - 0xffff000;
398 // If out[3] > 0xffff000 then n's MSB will be zero.
402 out[0] -= 1 & mask;
403 out[3] -= 0xffff000 & mask;
404 out[4] -= 0xfffffff & mask;
405 out[5] -= 0xfffffff & mask;
406 out[6] -= 0xfffffff & mask;
407 out[7] -= 0xfffffff & mask;
424 void CopyConditional(Point* out, const Point& a, uint32 mask);
425 void DoubleJacobian(Point* out, const Point& a);
427 // AddJacobian computes *out = a+b where a != b.
428 void AddJacobian(Point *out,
479 DoubleJacobian(out, a);
496 Subtract(&out->z, z2z2, z1z1);
497 Reduce(&out->z);
498 Mul(&out->z, out->z, h);
506 Square(&out->x, r);
507 Subtract(&out->x, out->x, z1z1);
508 Reduce(&out->x);
515 Subtract(&z1z1, v, out->x);
518 Subtract(&out->y, z1z1, s1);
519 Reduce(&out->y);
521 CopyConditional(out, a, z2_is_zero);
522 CopyConditional(out, b, z1_is_zero);
525 // DoubleJacobian computes *out = a+a.
526 void DoubleJacobian(Point* out, const Point& a) {
545 Add(&out->z, a.y, a.z);
546 Reduce(&out->z);
547 Square(&out->z, out->z);
548 Subtract(&out->z, out->z, gamma);
549 Reduce(&out->z);
550 Subtract(&out->z, out->z, delta);
551 Reduce(&out->z);
558 Square(&out->x, alpha);
559 Subtract(&out->x, out->x, delta);
560 Reduce(&out->x);
567 Subtract(&beta, beta, out->x);
574 Mul(&out->y, alpha, beta);
575 Subtract(&out->y, out->y, gamma);
576 Reduce(&out->y);
579 // CopyConditional sets *out=a if mask is 0xffffffff. mask must be either 0 of
581 void CopyConditional(Point* out,
585 out->x[i] ^= mask & (a.x[i] ^ out->x[i]);
586 out->y[i] ^= mask & (a.y[i] ^ out->y[i]);
587 out->z[i] ^= mask & (a.z[i] ^ out->z[i]);
591 // ScalarMult calculates *out = a*scalar where scalar is a big-endian number of
593 void ScalarMult(Point* out, const Point& a,
595 memset(out, 0, sizeof(*out));
600 DoubleJacobian(out, *out);
603 AddJacobian(&tmp, a, *out);
604 CopyConditional(out, tmp, bit);
610 // little-endian form into 8 words at out, 28 bits per output word.
611 void Get224Bits(uint32* out, const uint32* in) {
612 out[0] = NetToHost32(in[6]) & kBottom28Bits;
613 out[1] = ((NetToHost32(in[5]) << 4) |
615 out[2] = ((NetToHost32(in[4]) << 8) |
617 out[3] = ((NetToHost32(in[3]) << 12) |
619 out[4] = ((NetToHost32(in[2]) << 16) |
621 out[5] = ((NetToHost32(in[1]) << 20) |
623 out[6] = ((NetToHost32(in[0]) << 24) |
625 out[7] = (NetToHost32(in[0]) >> 4) & kBottom28Bits;
630 // out.
631 void Put224Bits(uint32* out, const uint32* in) {
632 out[6] = HostToNet32((in[0] >> 0) | (in[1] << 28));
633 out[5] = HostToNet32((in[1] >> 4) | (in[2] << 24));
634 out[4] = HostToNet32((in[2] >> 8) | (in[3] << 20));
635 out[3] = HostToNet32((in[3] >> 12) | (in[4] << 16));
636 out[2] = HostToNet32((in[4] >> 16) | (in[5] << 12));
637 out[1] = HostToNet32((in[5] >> 20) | (in[6] << 8));
638 out[0] = HostToNet32((in[6] >> 24) | (in[7] << 4));
702 void ScalarMult(const Point& in, const uint8* scalar, Point* out) {
703 ::ScalarMult(out, in, scalar, 28);
715 void ScalarBaseMult(const uint8* scalar, Point* out) {
716 ::ScalarMult(out, kBasePoint, scalar, 28);
719 void Add(const Point& a, const Point& b, Point* out) {
720 AddJacobian(out, a, b);
723 void Negate(const Point& in, Point* out) {
730 Mul(&out->x, in.x, zinv_sq);
734 Subtract(&out->y, kP, y);
735 Reduce(&out->y);
737 memset(&out->z, 0, sizeof(out->z));
738 out->z[0] = 1;
