Home | History | Annotate | Download | only in libmincrypt

Lines Matching refs:MOD

108 // top, c[] -= MOD[] & mask (0 or -1)
110 static p256_digit subM(const p256_int* MOD,
118     borrow -= P256_DIGIT(MOD, i) & mask;
125 // top, c[] += MOD[] & mask (0 or -1)
127 static p256_digit addM(const p256_int* MOD,
135     carry += P256_DIGIT(MOD, i) & mask;
142 // c = a * b mod MOD. c can be a and/or b.
143 void p256_modmul(const p256_int* MOD,
168     // Guestimate reducer as top * MOD, since msw of MOD is -1.
169     top_reducer = mulAdd(MOD, top, 0, reducer);
177     top = subM(MOD, top, tmp + i, ~(top - 1));
185   // tmp might still be larger than MOD, yet same bit length.
187   addM(MOD, 0, tmp, subM(MOD, 0, tmp, -1));
290 // b = 1/a mod MOD, binary euclid.
291 void p256_modinv_vartime(const p256_int* MOD,
296   p256_int U = *MOD;
305         // R = (R+MOD)/2
306         p256_shr1(&R, p256_add(&R, MOD, &R), &R);
313         // S = (S+MOD)/2
314         p256_shr1(&S, p256_add(&S, MOD, &S) , &S);
319         if (p256_sub(&S, &R, &S)) p256_add(&S, MOD, &S);
323         if (p256_sub(&R, &S, &R)) p256_add(&R, MOD, &R);
328   p256_mod(MOD, &R, b);
331 void p256_mod(const p256_int* MOD,
335   addM(MOD, 0, P256_DIGITS(out), subM(MOD, 0, P256_DIGITS(out), -1));
338 // Verify y^2 == x^3 - 3x + b mod p