Home | History | Annotate | Download | only in libmincrypt

Lines Matching full:limb

53  * That is, each limb is alternately 29 or 28-bits wide in little-endian
58  * when multiplying as terms end up one bit short of a limb which would require
64 typedef u32 limb;
66 typedef limb felem[NLIMBS];
68 static const limb kBottom28Bits = 0xfffffff;
69 static const limb kBottom29Bits = 0x1fffffff;
118 static const limb kPrecomputed[NLIMBS * 2 * 15 * 2] = {
188  * x must be a u32 or an equivalent type such as limb. */
196 static void felem_reduce_carry(felem inout, limb carry) {
219   limb carry = 0;
241 #define two31m3 (((limb)1) << 31) - (((limb)1) << 3)
242 #define two30m2 (((limb)1) << 30) - (((limb)1) << 2)
243 #define two30p13m2 (((limb)1) << 30) + (((limb)1) << 13) - (((limb)1) << 2)
244 #define two31m2 (((limb)1) << 31) - (((limb)1) << 2)
245 #define two31p24m2 (((limb)1) << 31) + (((limb)1) << 24) - (((limb)1) << 2)
246 #define two30m27m2 (((limb)1) << 30) - (((limb)1) << 27) - (((limb)1) << 2)
257   limb carry = 0;
294     * Limb number:   0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10...
298   limb tmp2[18], carry, x, xMask;
305   tmp2[0] = (limb)(tmp[0] & kBottom29Bits);
307   /* In the following we use "(limb) tmp[x]" and "(limb) (tmp[x]>>32)" to try
311   tmp2[1] = ((limb) tmp[0]) >> 29;
312   tmp2[1] |= (((limb)(tmp[0] >> 32)) << 3) & kBottom28Bits;
313   tmp2[1] += ((limb) tmp[1]) & kBottom28Bits;
318     tmp2[i] = ((limb)(tmp[i - 2] >> 32)) >> 25;
319     tmp2[i] += ((limb)(tmp[i - 1])) >> 28;
320     tmp2[i] += (((limb)(tmp[i - 1] >> 32)) << 4) & kBottom29Bits;
321     tmp2[i] += ((limb) tmp[i]) & kBottom29Bits;
329     tmp2[i] = ((limb)(tmp[i - 2] >> 32)) >> 25;
330     tmp2[i] += ((limb)(tmp[i - 1])) >> 29;
331     tmp2[i] += (((limb)(tmp[i - 1] >> 32)) << 3) & kBottom28Bits;
332     tmp2[i] += ((limb) tmp[i]) & kBottom28Bits;
338   tmp2[17] = ((limb)(tmp[15] >> 32)) >> 25;
339   tmp2[17] += ((limb)(tmp[16])) >> 29;
340   tmp2[17] += (((limb)(tmp[16] >> 32)) << 3);
675   limb carry = 0;
702   limb carry = 0, next_carry;
733   limb carry = 0, next_carry;
762   limb carry;
764   limb tmp[NLIMBS];
977 static void copy_conditional(felem out, const felem in, limb mask) {
981     const limb tmp = mask & (in[i] ^ out[i]);
988 static void select_affine_point(felem out_x, felem out_y, const limb* table,
989                                 limb index) {
990   limb i, j;
996     limb mask = i ^ index;
1013                                   const limb* table, limb index) {
1014   limb i, j;
1026     limb mask = i ^ index;
1049   limb n_is_infinity_mask = -1, p_is_noninfinite_mask, mask;
1071       limb index = bit0 | (bit1 << 1) | (bit2 << 2) | (bit3 << 3);
1119   limb n_is_infinity_mask, index, p_is_noninfinite_mask, mask;