Lines Matching defs:out
91 // Add computes *out = a+b
94 void Add(FieldElement* out, const FieldElement& a, const FieldElement& b) {
96 (*out)[i] = a[i] + b[i];
111 // Subtract computes *out = a-b
114 // out[i] < 2**32
115 void Subtract(FieldElement* out, const FieldElement& a, const FieldElement& b) {
118 (*out)[i] = a[i] + kZero31ModP[i] - b[i];
151 void ReduceLarge(FieldElement* out, LargeFieldElement* inptr) {
168 // As the values become small enough, we start to store them in |out| and use
172 (*out)[i] = static_cast<uint32_t>(in[i] & kBottom28Bits);
177 (*out)[3] += static_cast<uint32_t>(in[8] & 0xffff) << 12; // "-2**96" term
178 (*out)[4] += static_cast<uint32_t>(in[8] >> 16); // rest of "-2**96" term
180 // out[3] < 2**29
181 // out[4] < 2**29
182 // out[1,2,5..7] < 2**28
184 (*out)[0] = static_cast<uint32_t>(in[0] & kBottom28Bits);
185 (*out)[1] += static_cast<uint32_t>((in[0] >> 28) & kBottom28Bits);
186 (*out)[2] += static_cast<uint32_t>(in[0] >> 56);
187 // out[0] < 2**28
188 // out[1..4] < 2**29
189 // out[5..7] < 2**28
198 // Mul computes *out = a*b
201 // out[i] < 2**29
202 void Mul(FieldElement* out, const FieldElement& a, const FieldElement& b) {
212 ReduceLarge(out, &tmp);
215 // Square computes *out = a*a
218 // out[i] < 2**29
219 void Square(FieldElement* out, const FieldElement& a) {
234 ReduceLarge(out, &tmp);
272 // Invert calcuates *out = in**-1 by computing in**(2**224 - 2**96 - 1), i.e.
274 void Invert(FieldElement* out, const FieldElement& in) {
319 Mul(out, f1, f3); // 2**224 - 2**96 - 1
327 FieldElement& out = *inout;
331 out[i+1] += out[i] >> 28;
332 out[i] &= kBottom28Bits;
334 uint32_t top = out[7] >> 28;
335 out[7] &= kBottom28Bits;
338 out[0] -= top;
339 out[3] += top << 12;
341 // We may just have made out[0] negative. So we carry down. If we made
342 // out[0] negative then we know that out[3] is sufficiently positive
345 uint32_t mask = static_cast<uint32_t>(static_cast<int32_t>(out[i]) >> 31);
346 out[i] += (1 << 28) & mask;
347 out[i+1] -= 1 & mask;
350 // We might have pushed out[3] over 2**28 so we perform another, partial
353 out[i+1] += out[i] >> 28;
354 out[i] &= kBottom28Bits;
356 top = out[7] >> 28;
357 out[7] &= kBottom28Bits;
360 out[0] -= top;
361 out[3] += top << 12;
363 // There are two cases to consider for out[3]:
364 // 1) The first time that we eliminated top, we didn't push out[3] over
367 // 2) We did push out[3] over 2**28 the first time that we eliminated top.
369 // the first top, 0xfff1000 <= out[3] <= 0xfffffff. Therefore, after
370 // overflowing and being reduced by the second carry chain, out[3] <=
374 // Again, we may just have made out[0] negative, so do the same carry down.
375 // As before, if we made out[0] negative then we know that out[3] is
378 uint32_t mask = static_cast<uint32_t>(static_cast<int32_t>(out[i]) >> 31);
379 out[i] += (1 << 28) & mask;
380 out[i+1] -= 1 & mask;
392 top_4_all_ones &= out[i];
405 uint32_t bottom_3_non_zero = out[0] | out[1] | out[2];
414 // Everything depends on the value of out[3].
419 uint32_t n = out[3] - 0xffff000;
429 // If out[3] > 0xffff000 then n's MSB will be zero.
435 out[0] -= 1 & mask;
436 out[3] -= 0xffff000 & mask;
437 out[4] -= 0xfffffff & mask;
438 out[5] -= 0xfffffff & mask;
439 out[6] -= 0xfffffff & mask;
440 out[7] -= 0xfffffff & mask;
457 void CopyConditional(Point* out, const Point& a, uint32_t mask);
458 void DoubleJacobian(Point* out, const Point& a);
460 // AddJacobian computes *out = a+b where a != b.
461 void AddJacobian(Point *out,
512 DoubleJacobian(out, a);
529 Subtract(&out->z, z2z2, z1z1);
530 Reduce(&out->z);
531 Mul(&out->z, out->z, h);
539 Square(&out->x, r);
540 Subtract(&out->x, out->x, z1z1);
541 Reduce(&out->x);
548 Subtract(&z1z1, v, out->x);
551 Subtract(&out->y, z1z1, s1);
552 Reduce(&out->y);
554 CopyConditional(out, a, z2_is_zero);
555 CopyConditional(out, b, z1_is_zero);
558 // DoubleJacobian computes *out = a+a.
559 void DoubleJacobian(Point* out, const Point& a) {
578 Add(&out->z, a.y, a.z);
579 Reduce(&out->z);
580 Square(&out->z, out->z);
581 Subtract(&out->z, out->z, gamma);
582 Reduce(&out->z);
583 Subtract(&out->z, out->z, delta);
584 Reduce(&out->z);
591 Square(&out->x, alpha);
592 Subtract(&out->x, out->x, delta);
593 Reduce(&out->x);
600 Subtract(&beta, beta, out->x);
607 Mul(&out->y, alpha, beta);
608 Subtract(&out->y, out->y, gamma);
609 Reduce(&out->y);
612 // CopyConditional sets *out=a if mask is 0xffffffff. mask must be either 0 of
614 void CopyConditional(Point* out, const Point& a, uint32_t mask) {
616 out->x[i] ^= mask & (a.x[i] ^ out->x[i]);
617 out->y[i] ^= mask & (a.y[i] ^ out->y[i]);
618 out->z[i] ^= mask & (a.z[i] ^ out->z[i]);
622 // ScalarMult calculates *out = a*scalar where scalar is a big-endian number of
624 void ScalarMult(Point* out,
628 memset(out, 0, sizeof(*out));
633 DoubleJacobian(out, *out);
636 AddJacobian(&tmp, a, *out);
637 CopyConditional(out, tmp, bit);
643 // little-endian form into 8 words at out, 28 bits per output word.
644 void Get224Bits(uint32_t* out, const uint32_t* in) {
645 out[0] = NetToHost32(in[6]) & kBottom28Bits;
646 out[1] = ((NetToHost32(in[5]) << 4) |
648 out[2] = ((NetToHost32(in[4]) << 8) |
650 out[3] = ((NetToHost32(in[3]) << 12) |
652 out[4] = ((NetToHost32(in[2]) << 16) |
654 out[5] = ((NetToHost32(in[1]) << 20) |
656 out[6] = ((NetToHost32(in[0]) << 24) |
658 out[7] = (NetToHost32(in[0]) >> 4) & kBottom28Bits;
663 // out.
664 void Put224Bits(uint32_t* out, const uint32_t* in) {
665 out[6] = HostToNet32((in[0] >> 0) | (in[1] << 28));
666 out[5] = HostToNet32((in[1] >> 4) | (in[2] << 24));
667 out[4] = HostToNet32((in[2] >> 8) | (in[3] << 20));
668 out[3] = HostToNet32((in[3] >> 12) | (in[4] << 16));
669 out[2] = HostToNet32((in[4] >> 16) | (in[5] << 12));
670 out[1] = HostToNet32((in[5] >> 20) | (in[6] << 8));
671 out[0] = HostToNet32((in[6] >> 24) | (in[7] << 4));
735 void ScalarMult(const Point& in, const uint8_t* scalar, Point* out) {
736 ::ScalarMult(out, in, scalar, 28);
748 void ScalarBaseMult(const uint8_t* scalar, Point* out) {
749 ::ScalarMult(out, kBasePoint, scalar, 28);
752 void Add(const Point& a, const Point& b, Point* out) {
753 AddJacobian(out, a, b);
756 void Negate(const Point& in, Point* out) {
763 Mul(&out->x, in.x, zinv_sq);
767 Subtract(&out->y, kP, y);
768 Reduce(&out->y);
770 memset(&out->z, 0, sizeof(out->z));
771 out->z[0] = 1;
