Lines Matching refs:felem
50 * The value of an felem (field element) is:
56 * This means that an felem hits 2**257, rather than 2**256 as we would like. A
61 * Finally, the values stored in an felem are in Montgomery form. So the value
66 typedef limb felem[NLIMBS];
71 /* kOne is the number 1 as an felem. It's 2**257 mod p split up into 29 and
73 static const felem kOne = {
78 static const felem kZero = {0};
79 static const felem kP = {
84 static const felem k2P = {
93 * The first table contains (x,y) felem pairs for 16 multiples of the base
196 static void felem_reduce_carry(felem inout, limb carry) {
218 static void felem_sum(felem out, const felem in, const felem in2) {
249 static const felem zero31 = { two31m3, two30m2, two31m2, two30p13m2, two31m2, two30m2, two31p24m2, two30m27m2, two31m2 };
256 static void felem_diff(felem out, const felem in, const felem in2) {
282 * with the same 29,28,... bit positions as an felem.
291 static void felem_reduce_degree(felem out, u64 tmp[17]) {
302 * felem. So the top of an element of tmp might overlap with another
480 static void felem_square(felem out, const felem in) {
529 static void felem_mul(felem out, const felem in, const felem in2) {
598 static void felem_assign(felem out, const felem in) {
599 memcpy(out, in, sizeof(felem));
609 static void felem_inv(felem out, const felem in) {
610 felem ftmp, ftmp2;
612 felem e2, e4, e8, e16, e32, e64;
674 static void felem_scalar_3(felem out) {
701 static void felem_scalar_4(felem out) {
732 static void felem_scalar_8(felem out) {
761 static char felem_is_zero_vartime(const felem in) {
804 static void point_double(felem x_out, felem y_out, felem z_out, const felem x,
805 const felem y, const felem z) {
806 felem delta, gamma, alpha, beta, tmp, tmp2;
841 static void point_add_mixed(felem x_out, felem y_out, felem z_out,
842 const felem x1, const felem y1, const felem z1,
843 const felem x2, const felem y2) {
844 felem z1z1, z1z1z1, s2, u2, h, i, j, r, rr, v, tmp;
879 static void point_add(felem x_out, felem y_out, felem z_out, const felem x1,
880 const felem y1, const felem z1, const felem x2,
881 const felem y2, const felem z2) {
882 felem z1z1, z1z1z1, z2z2, z2z2z2, s1, s2, u1, u2, h, i, j, r, rr, v, tmp;
927 felem x_out, felem y_out, felem z_out, const felem x1, const felem y1,
928 const felem z1, const felem x2, const felem y2, const felem z2) {
929 felem z1z1, z1z1z1, z2z2, z2z2z2, s1, s2, u1, u2, h, i, j, r, rr, v, tmp;
977 static void copy_conditional(felem out, const felem in, limb mask) {
988 static void select_affine_point(felem out_x, felem out_y, const limb* table,
992 memset(out_x, 0, sizeof(felem));
993 memset(out_y, 0, sizeof(felem));
1012 static void select_jacobian_point(felem out_x, felem out_y, felem out_z,
1016 memset(out_x, 0, sizeof(felem));
1017 memset(out_y, 0, sizeof(felem));
1018 memset(out_z, 0, sizeof(felem));
1046 static void scalar_base_mult(felem nx, felem ny, felem nz,
1052 felem px, py;
1053 felem tx, ty, tz;
1055 memset(nx, 0, sizeof(felem));
1056 memset(ny, 0, sizeof(felem));
1057 memset(nz, 0, sizeof(felem));
1103 static void point_to_affine(felem x_out, felem y_out, const felem nx,
1104 const felem ny, const felem nz) {
1105 felem z_inv, z_inv_sq;
1114 static void scalar_mult(felem nx, felem ny, felem nz, const felem x,
1115 const felem y, const p256_int* scalar) {
1117 felem px, py, pz, tx, ty, tz;
1118 felem precomp[16][3];
1122 memset(precomp, 0, sizeof(felem) * 3);
1123 memcpy(&precomp[1][0], x, sizeof(felem));
1124 memcpy(&precomp[1][1], y, sizeof(felem));
1125 memcpy(&precomp[1][2], kOne, sizeof(felem));
1135 memset(nx, 0, sizeof(felem));
1136 memset(ny, 0, sizeof(felem));
1137 memset(nz, 0, sizeof(felem));
1179 static void to_montgomery(felem out, const p256_int* in) {
1200 static void from_montgomery(p256_int* out, const felem in) {
1226 felem x, y, z;
1231 felem x_affine, y_affine;
1248 felem x1, y1, z1, x2, y2, z2, px, py;
