| 1 | #include "fixedint.h" |
|---|---|
| 2 | #include "sc.h" |
| 3 | |
| 4 | #ifndef ED25519_LOAD_BYTES |
| 5 | #define ED25519_LOAD_BYTES |
| 6 | |
| 7 | static uint64_t load_3(const unsigned char *in) { |
| 8 | uint64_t result; |
| 9 | |
| 10 | result = (uint64_t) in[0]; |
| 11 | result |= ((uint64_t) in[1]) << 8; |
| 12 | result |= ((uint64_t) in[2]) << 16; |
| 13 | |
| 14 | return result; |
| 15 | } |
| 16 | |
| 17 | static uint64_t load_4(const unsigned char *in) { |
| 18 | uint64_t result; |
| 19 | |
| 20 | result = (uint64_t) in[0]; |
| 21 | result |= ((uint64_t) in[1]) << 8; |
| 22 | result |= ((uint64_t) in[2]) << 16; |
| 23 | result |= ((uint64_t) in[3]) << 24; |
| 24 | |
| 25 | return result; |
| 26 | } |
| 27 | |
| 28 | #endif |
| 29 | |
| 30 | /* |
| 31 | Input: |
| 32 | s[0]+256*s[1]+...+256^63*s[63] = s |
| 33 | |
| 34 | Output: |
| 35 | s[0]+256*s[1]+...+256^31*s[31] = s mod l |
| 36 | where l = 2^252 + 27742317777372353535851937790883648493. |
| 37 | Overwrites s in place. |
| 38 | */ |
| 39 | |
| 40 | void sc_reduce(unsigned char *s) { |
| 41 | int64_t s0 = 2097151 & load_3(in: s); |
| 42 | int64_t s1 = 2097151 & (load_4(in: s + 2) >> 5); |
| 43 | int64_t s2 = 2097151 & (load_3(in: s + 5) >> 2); |
| 44 | int64_t s3 = 2097151 & (load_4(in: s + 7) >> 7); |
| 45 | int64_t s4 = 2097151 & (load_4(in: s + 10) >> 4); |
| 46 | int64_t s5 = 2097151 & (load_3(in: s + 13) >> 1); |
| 47 | int64_t s6 = 2097151 & (load_4(in: s + 15) >> 6); |
| 48 | int64_t s7 = 2097151 & (load_3(in: s + 18) >> 3); |
| 49 | int64_t s8 = 2097151 & load_3(in: s + 21); |
| 50 | int64_t s9 = 2097151 & (load_4(in: s + 23) >> 5); |
| 51 | int64_t s10 = 2097151 & (load_3(in: s + 26) >> 2); |
| 52 | int64_t s11 = 2097151 & (load_4(in: s + 28) >> 7); |
| 53 | int64_t s12 = 2097151 & (load_4(in: s + 31) >> 4); |
| 54 | int64_t s13 = 2097151 & (load_3(in: s + 34) >> 1); |
| 55 | int64_t s14 = 2097151 & (load_4(in: s + 36) >> 6); |
| 56 | int64_t s15 = 2097151 & (load_3(in: s + 39) >> 3); |
| 57 | int64_t s16 = 2097151 & load_3(in: s + 42); |
| 58 | int64_t s17 = 2097151 & (load_4(in: s + 44) >> 5); |
| 59 | int64_t s18 = 2097151 & (load_3(in: s + 47) >> 2); |
| 60 | int64_t s19 = 2097151 & (load_4(in: s + 49) >> 7); |
| 61 | int64_t s20 = 2097151 & (load_4(in: s + 52) >> 4); |
| 62 | int64_t s21 = 2097151 & (load_3(in: s + 55) >> 1); |
| 63 | int64_t s22 = 2097151 & (load_4(in: s + 57) >> 6); |
| 64 | int64_t s23 = (load_4(in: s + 60) >> 3); |
| 65 | int64_t carry0; |
| 66 | int64_t carry1; |
| 67 | int64_t carry2; |
| 68 | int64_t carry3; |
| 69 | int64_t carry4; |
| 70 | int64_t carry5; |
| 71 | int64_t carry6; |
| 72 | int64_t carry7; |
| 73 | int64_t carry8; |
| 74 | int64_t carry9; |
| 75 | int64_t carry10; |
| 76 | int64_t carry11; |
| 77 | int64_t carry12; |
| 78 | int64_t carry13; |
| 79 | int64_t carry14; |
| 80 | int64_t carry15; |
| 81 | int64_t carry16; |
| 82 | |
| 83 | s11 += s23 * 666643; |
| 84 | s12 += s23 * 470296; |
| 85 | s13 += s23 * 654183; |
| 86 | s14 -= s23 * 997805; |
| 87 | s15 += s23 * 136657; |
| 88 | s16 -= s23 * 683901; |
| 89 | s23 = 0; |
| 90 | s10 += s22 * 666643; |
| 91 | s11 += s22 * 470296; |
| 92 | s12 += s22 * 654183; |
| 93 | s13 -= s22 * 997805; |
| 94 | s14 += s22 * 136657; |
| 95 | s15 -= s22 * 683901; |
| 96 | s22 = 0; |
| 97 | s9 += s21 * 666643; |
| 98 | s10 += s21 * 470296; |
| 99 | s11 += s21 * 654183; |
| 100 | s12 -= s21 * 997805; |
| 101 | s13 += s21 * 136657; |
| 102 | s14 -= s21 * 683901; |
| 103 | s21 = 0; |
| 104 | s8 += s20 * 666643; |
| 105 | s9 += s20 * 470296; |
| 106 | s10 += s20 * 654183; |
| 107 | s11 -= s20 * 997805; |
| 108 | s12 += s20 * 136657; |
| 109 | s13 -= s20 * 683901; |
| 110 | s20 = 0; |
| 111 | s7 += s19 * 666643; |
| 112 | s8 += s19 * 470296; |
| 113 | s9 += s19 * 654183; |
| 114 | s10 -= s19 * 997805; |
| 115 | s11 += s19 * 136657; |
| 116 | s12 -= s19 * 683901; |
| 117 | s19 = 0; |
| 118 | s6 += s18 * 666643; |
| 119 | s7 += s18 * 470296; |
| 120 | s8 += s18 * 654183; |
| 121 | s9 -= s18 * 997805; |
| 122 | s10 += s18 * 136657; |
| 123 | s11 -= s18 * 683901; |
| 124 | s18 = 0; |
| 125 | carry6 = (s6 + (1 << 20)) >> 21; |
| 126 | s7 += carry6; |
| 127 | s6 -= carry6 << 21; |
| 128 | carry8 = (s8 + (1 << 20)) >> 21; |
| 129 | s9 += carry8; |
| 130 | s8 -= carry8 << 21; |
| 131 | carry10 = (s10 + (1 << 20)) >> 21; |
| 132 | s11 += carry10; |
| 133 | s10 -= carry10 << 21; |
| 134 | carry12 = (s12 + (1 << 20)) >> 21; |
| 135 | s13 += carry12; |
| 136 | s12 -= carry12 << 21; |
| 137 | carry14 = (s14 + (1 << 20)) >> 21; |
| 138 | s15 += carry14; |
| 139 | s14 -= carry14 << 21; |
| 140 | carry16 = (s16 + (1 << 20)) >> 21; |
| 141 | s17 += carry16; |
| 142 | s16 -= carry16 << 21; |
| 143 | carry7 = (s7 + (1 << 20)) >> 21; |
| 144 | s8 += carry7; |
| 145 | s7 -= carry7 << 21; |
| 146 | carry9 = (s9 + (1 << 20)) >> 21; |
| 147 | s10 += carry9; |
| 148 | s9 -= carry9 << 21; |
| 149 | carry11 = (s11 + (1 << 20)) >> 21; |
| 150 | s12 += carry11; |
| 151 | s11 -= carry11 << 21; |
| 152 | carry13 = (s13 + (1 << 20)) >> 21; |
| 153 | s14 += carry13; |
| 154 | s13 -= carry13 << 21; |
| 155 | carry15 = (s15 + (1 << 20)) >> 21; |
| 156 | s16 += carry15; |
| 157 | s15 -= carry15 << 21; |
| 158 | s5 += s17 * 666643; |
| 159 | s6 += s17 * 470296; |
| 160 | s7 += s17 * 654183; |
| 161 | s8 -= s17 * 997805; |
| 162 | s9 += s17 * 136657; |
| 163 | s10 -= s17 * 683901; |
| 164 | s17 = 0; |
| 165 | s4 += s16 * 666643; |
| 166 | s5 += s16 * 470296; |
| 167 | s6 += s16 * 654183; |
| 168 | s7 -= s16 * 997805; |
| 169 | s8 += s16 * 136657; |
| 170 | s9 -= s16 * 683901; |
| 171 | s16 = 0; |
| 172 | s3 += s15 * 666643; |
| 173 | s4 += s15 * 470296; |
| 174 | s5 += s15 * 654183; |
| 175 | s6 -= s15 * 997805; |
| 176 | s7 += s15 * 136657; |
| 177 | s8 -= s15 * 683901; |
| 178 | s15 = 0; |
| 179 | s2 += s14 * 666643; |
| 180 | s3 += s14 * 470296; |
| 181 | s4 += s14 * 654183; |
| 182 | s5 -= s14 * 997805; |
| 183 | s6 += s14 * 136657; |
| 184 | s7 -= s14 * 683901; |
| 185 | s14 = 0; |
| 186 | s1 += s13 * 666643; |
| 187 | s2 += s13 * 470296; |
| 188 | s3 += s13 * 654183; |
| 189 | s4 -= s13 * 997805; |
| 190 | s5 += s13 * 136657; |
| 191 | s6 -= s13 * 683901; |
| 192 | s13 = 0; |
| 193 | s0 += s12 * 666643; |
| 194 | s1 += s12 * 470296; |
| 195 | s2 += s12 * 654183; |
| 196 | s3 -= s12 * 997805; |
| 197 | s4 += s12 * 136657; |
| 198 | s5 -= s12 * 683901; |
| 199 | s12 = 0; |
| 200 | carry0 = (s0 + (1 << 20)) >> 21; |
| 201 | s1 += carry0; |
| 202 | s0 -= carry0 << 21; |
| 203 | carry2 = (s2 + (1 << 20)) >> 21; |
| 204 | s3 += carry2; |
| 205 | s2 -= carry2 << 21; |
| 206 | carry4 = (s4 + (1 << 20)) >> 21; |
| 207 | s5 += carry4; |
| 208 | s4 -= carry4 << 21; |
| 209 | carry6 = (s6 + (1 << 20)) >> 21; |
| 210 | s7 += carry6; |
| 211 | s6 -= carry6 << 21; |
| 212 | carry8 = (s8 + (1 << 20)) >> 21; |
| 213 | s9 += carry8; |
| 214 | s8 -= carry8 << 21; |
| 215 | carry10 = (s10 + (1 << 20)) >> 21; |
| 216 | s11 += carry10; |
| 217 | s10 -= carry10 << 21; |
| 218 | carry1 = (s1 + (1 << 20)) >> 21; |
| 219 | s2 += carry1; |
| 220 | s1 -= carry1 << 21; |
| 221 | carry3 = (s3 + (1 << 20)) >> 21; |
| 222 | s4 += carry3; |
| 223 | s3 -= carry3 << 21; |
| 224 | carry5 = (s5 + (1 << 20)) >> 21; |
| 225 | s6 += carry5; |
| 226 | s5 -= carry5 << 21; |
| 227 | carry7 = (s7 + (1 << 20)) >> 21; |
| 228 | s8 += carry7; |
| 229 | s7 -= carry7 << 21; |
| 230 | carry9 = (s9 + (1 << 20)) >> 21; |
| 231 | s10 += carry9; |
| 232 | s9 -= carry9 << 21; |
| 233 | carry11 = (s11 + (1 << 20)) >> 21; |
| 234 | s12 += carry11; |
| 235 | s11 -= carry11 << 21; |
| 236 | s0 += s12 * 666643; |
| 237 | s1 += s12 * 470296; |
| 238 | s2 += s12 * 654183; |
| 239 | s3 -= s12 * 997805; |
| 240 | s4 += s12 * 136657; |
| 241 | s5 -= s12 * 683901; |
| 242 | s12 = 0; |
| 243 | carry0 = s0 >> 21; |
| 244 | s1 += carry0; |
| 245 | s0 -= carry0 << 21; |
| 246 | carry1 = s1 >> 21; |
| 247 | s2 += carry1; |
| 248 | s1 -= carry1 << 21; |
| 249 | carry2 = s2 >> 21; |
| 250 | s3 += carry2; |
| 251 | s2 -= carry2 << 21; |
| 252 | carry3 = s3 >> 21; |
| 253 | s4 += carry3; |
| 254 | s3 -= carry3 << 21; |
| 255 | carry4 = s4 >> 21; |
| 256 | s5 += carry4; |
| 257 | s4 -= carry4 << 21; |
| 258 | carry5 = s5 >> 21; |
| 259 | s6 += carry5; |
| 260 | s5 -= carry5 << 21; |
| 261 | carry6 = s6 >> 21; |
| 262 | s7 += carry6; |
| 263 | s6 -= carry6 << 21; |
| 264 | carry7 = s7 >> 21; |
| 265 | s8 += carry7; |
| 266 | s7 -= carry7 << 21; |
| 267 | carry8 = s8 >> 21; |
| 268 | s9 += carry8; |
| 269 | s8 -= carry8 << 21; |
| 270 | carry9 = s9 >> 21; |
| 271 | s10 += carry9; |
| 272 | s9 -= carry9 << 21; |
| 273 | carry10 = s10 >> 21; |
| 274 | s11 += carry10; |
| 275 | s10 -= carry10 << 21; |
| 276 | carry11 = s11 >> 21; |
| 277 | s12 += carry11; |
| 278 | s11 -= carry11 << 21; |
| 279 | s0 += s12 * 666643; |
| 280 | s1 += s12 * 470296; |
| 281 | s2 += s12 * 654183; |
| 282 | s3 -= s12 * 997805; |
| 283 | s4 += s12 * 136657; |
| 284 | s5 -= s12 * 683901; |
| 285 | s12 = 0; |
| 286 | carry0 = s0 >> 21; |
| 287 | s1 += carry0; |
| 288 | s0 -= carry0 << 21; |
| 289 | carry1 = s1 >> 21; |
| 290 | s2 += carry1; |
| 291 | s1 -= carry1 << 21; |
| 292 | carry2 = s2 >> 21; |
| 293 | s3 += carry2; |
| 294 | s2 -= carry2 << 21; |
| 295 | carry3 = s3 >> 21; |
| 296 | s4 += carry3; |
| 297 | s3 -= carry3 << 21; |
| 298 | carry4 = s4 >> 21; |
| 299 | s5 += carry4; |
| 300 | s4 -= carry4 << 21; |
| 301 | carry5 = s5 >> 21; |
| 302 | s6 += carry5; |
| 303 | s5 -= carry5 << 21; |
| 304 | carry6 = s6 >> 21; |
| 305 | s7 += carry6; |
| 306 | s6 -= carry6 << 21; |
| 307 | carry7 = s7 >> 21; |
| 308 | s8 += carry7; |
| 309 | s7 -= carry7 << 21; |
| 310 | carry8 = s8 >> 21; |
| 311 | s9 += carry8; |
| 312 | s8 -= carry8 << 21; |
| 313 | carry9 = s9 >> 21; |
| 314 | s10 += carry9; |
| 315 | s9 -= carry9 << 21; |
| 316 | carry10 = s10 >> 21; |
| 317 | s11 += carry10; |
| 318 | s10 -= carry10 << 21; |
| 319 | |
| 320 | s[0] = (unsigned char) (s0 >> 0); |
| 321 | s[1] = (unsigned char) (s0 >> 8); |
| 322 | s[2] = (unsigned char) ((s0 >> 16) | (s1 << 5)); |
| 323 | s[3] = (unsigned char) (s1 >> 3); |
| 324 | s[4] = (unsigned char) (s1 >> 11); |
| 325 | s[5] = (unsigned char) ((s1 >> 19) | (s2 << 2)); |
| 326 | s[6] = (unsigned char) (s2 >> 6); |
| 327 | s[7] = (unsigned char) ((s2 >> 14) | (s3 << 7)); |
| 328 | s[8] = (unsigned char) (s3 >> 1); |
| 329 | s[9] = (unsigned char) (s3 >> 9); |
| 330 | s[10] = (unsigned char) ((s3 >> 17) | (s4 << 4)); |
| 331 | s[11] = (unsigned char) (s4 >> 4); |
| 332 | s[12] = (unsigned char) (s4 >> 12); |
| 333 | s[13] = (unsigned char) ((s4 >> 20) | (s5 << 1)); |
| 334 | s[14] = (unsigned char) (s5 >> 7); |
| 335 | s[15] = (unsigned char) ((s5 >> 15) | (s6 << 6)); |
| 336 | s[16] = (unsigned char) (s6 >> 2); |
| 337 | s[17] = (unsigned char) (s6 >> 10); |
| 338 | s[18] = (unsigned char) ((s6 >> 18) | (s7 << 3)); |
| 339 | s[19] = (unsigned char) (s7 >> 5); |
| 340 | s[20] = (unsigned char) (s7 >> 13); |
| 341 | s[21] = (unsigned char) (s8 >> 0); |
| 342 | s[22] = (unsigned char) (s8 >> 8); |
| 343 | s[23] = (unsigned char) ((s8 >> 16) | (s9 << 5)); |
| 344 | s[24] = (unsigned char) (s9 >> 3); |
| 345 | s[25] = (unsigned char) (s9 >> 11); |
| 346 | s[26] = (unsigned char) ((s9 >> 19) | (s10 << 2)); |
| 347 | s[27] = (unsigned char) (s10 >> 6); |
| 348 | s[28] = (unsigned char) ((s10 >> 14) | (s11 << 7)); |
| 349 | s[29] = (unsigned char) (s11 >> 1); |
| 350 | s[30] = (unsigned char) (s11 >> 9); |
| 351 | s[31] = (unsigned char) (s11 >> 17); |
| 352 | } |
| 353 | |
| 354 | |
| 355 | |
| 356 | /* |
| 357 | Input: |
| 358 | a[0]+256*a[1]+...+256^31*a[31] = a |
| 359 | b[0]+256*b[1]+...+256^31*b[31] = b |
| 360 | c[0]+256*c[1]+...+256^31*c[31] = c |
| 361 | |
| 362 | Output: |
| 363 | s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l |
| 364 | where l = 2^252 + 27742317777372353535851937790883648493. |
| 365 | */ |
| 366 | |
| 367 | void sc_muladd(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c) { |
| 368 | int64_t a0 = 2097151 & load_3(in: a); |
| 369 | int64_t a1 = 2097151 & (load_4(in: a + 2) >> 5); |
| 370 | int64_t a2 = 2097151 & (load_3(in: a + 5) >> 2); |
| 371 | int64_t a3 = 2097151 & (load_4(in: a + 7) >> 7); |
| 372 | int64_t a4 = 2097151 & (load_4(in: a + 10) >> 4); |
| 373 | int64_t a5 = 2097151 & (load_3(in: a + 13) >> 1); |
| 374 | int64_t a6 = 2097151 & (load_4(in: a + 15) >> 6); |
| 375 | int64_t a7 = 2097151 & (load_3(in: a + 18) >> 3); |
| 376 | int64_t a8 = 2097151 & load_3(in: a + 21); |
| 377 | int64_t a9 = 2097151 & (load_4(in: a + 23) >> 5); |
| 378 | int64_t a10 = 2097151 & (load_3(in: a + 26) >> 2); |
| 379 | int64_t a11 = (load_4(in: a + 28) >> 7); |
| 380 | int64_t b0 = 2097151 & load_3(in: b); |
| 381 | int64_t b1 = 2097151 & (load_4(in: b + 2) >> 5); |
| 382 | int64_t b2 = 2097151 & (load_3(in: b + 5) >> 2); |
| 383 | int64_t b3 = 2097151 & (load_4(in: b + 7) >> 7); |
| 384 | int64_t b4 = 2097151 & (load_4(in: b + 10) >> 4); |
| 385 | int64_t b5 = 2097151 & (load_3(in: b + 13) >> 1); |
| 386 | int64_t b6 = 2097151 & (load_4(in: b + 15) >> 6); |
| 387 | int64_t b7 = 2097151 & (load_3(in: b + 18) >> 3); |
| 388 | int64_t b8 = 2097151 & load_3(in: b + 21); |
| 389 | int64_t b9 = 2097151 & (load_4(in: b + 23) >> 5); |
| 390 | int64_t b10 = 2097151 & (load_3(in: b + 26) >> 2); |
| 391 | int64_t b11 = (load_4(in: b + 28) >> 7); |
| 392 | int64_t c0 = 2097151 & load_3(in: c); |
| 393 | int64_t c1 = 2097151 & (load_4(in: c + 2) >> 5); |
| 394 | int64_t c2 = 2097151 & (load_3(in: c + 5) >> 2); |
| 395 | int64_t c3 = 2097151 & (load_4(in: c + 7) >> 7); |
| 396 | int64_t c4 = 2097151 & (load_4(in: c + 10) >> 4); |
| 397 | int64_t c5 = 2097151 & (load_3(in: c + 13) >> 1); |
| 398 | int64_t c6 = 2097151 & (load_4(in: c + 15) >> 6); |
| 399 | int64_t c7 = 2097151 & (load_3(in: c + 18) >> 3); |
| 400 | int64_t c8 = 2097151 & load_3(in: c + 21); |
| 401 | int64_t c9 = 2097151 & (load_4(in: c + 23) >> 5); |
| 402 | int64_t c10 = 2097151 & (load_3(in: c + 26) >> 2); |
| 403 | int64_t c11 = (load_4(in: c + 28) >> 7); |
| 404 | int64_t s0; |
| 405 | int64_t s1; |
| 406 | int64_t s2; |
| 407 | int64_t s3; |
| 408 | int64_t s4; |
| 409 | int64_t s5; |
| 410 | int64_t s6; |
| 411 | int64_t s7; |
| 412 | int64_t s8; |
| 413 | int64_t s9; |
| 414 | int64_t s10; |
| 415 | int64_t s11; |
| 416 | int64_t s12; |
| 417 | int64_t s13; |
| 418 | int64_t s14; |
| 419 | int64_t s15; |
| 420 | int64_t s16; |
| 421 | int64_t s17; |
| 422 | int64_t s18; |
| 423 | int64_t s19; |
| 424 | int64_t s20; |
| 425 | int64_t s21; |
| 426 | int64_t s22; |
| 427 | int64_t s23; |
| 428 | int64_t carry0; |
| 429 | int64_t carry1; |
| 430 | int64_t carry2; |
| 431 | int64_t carry3; |
| 432 | int64_t carry4; |
| 433 | int64_t carry5; |
| 434 | int64_t carry6; |
| 435 | int64_t carry7; |
| 436 | int64_t carry8; |
| 437 | int64_t carry9; |
| 438 | int64_t carry10; |
| 439 | int64_t carry11; |
| 440 | int64_t carry12; |
| 441 | int64_t carry13; |
| 442 | int64_t carry14; |
| 443 | int64_t carry15; |
| 444 | int64_t carry16; |
| 445 | int64_t carry17; |
| 446 | int64_t carry18; |
| 447 | int64_t carry19; |
| 448 | int64_t carry20; |
| 449 | int64_t carry21; |
| 450 | int64_t carry22; |
| 451 | |
| 452 | s0 = c0 + a0 * b0; |
| 453 | s1 = c1 + a0 * b1 + a1 * b0; |
| 454 | s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; |
| 455 | s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; |
| 456 | s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; |
| 457 | s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; |
| 458 | s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; |
| 459 | s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0; |
| 460 | s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0; |
| 461 | s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; |
| 462 | s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; |
| 463 | s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; |
| 464 | s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; |
| 465 | s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; |
| 466 | s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3; |
| 467 | s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4; |
| 468 | s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; |
| 469 | s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; |
| 470 | s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; |
| 471 | s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; |
| 472 | s20 = a9 * b11 + a10 * b10 + a11 * b9; |
| 473 | s21 = a10 * b11 + a11 * b10; |
| 474 | s22 = a11 * b11; |
| 475 | s23 = 0; |
| 476 | carry0 = (s0 + (1 << 20)) >> 21; |
| 477 | s1 += carry0; |
| 478 | s0 -= carry0 << 21; |
| 479 | carry2 = (s2 + (1 << 20)) >> 21; |
| 480 | s3 += carry2; |
| 481 | s2 -= carry2 << 21; |
| 482 | carry4 = (s4 + (1 << 20)) >> 21; |
| 483 | s5 += carry4; |
| 484 | s4 -= carry4 << 21; |
| 485 | carry6 = (s6 + (1 << 20)) >> 21; |
| 486 | s7 += carry6; |
| 487 | s6 -= carry6 << 21; |
| 488 | carry8 = (s8 + (1 << 20)) >> 21; |
| 489 | s9 += carry8; |
| 490 | s8 -= carry8 << 21; |
| 491 | carry10 = (s10 + (1 << 20)) >> 21; |
| 492 | s11 += carry10; |
| 493 | s10 -= carry10 << 21; |
| 494 | carry12 = (s12 + (1 << 20)) >> 21; |
| 495 | s13 += carry12; |
| 496 | s12 -= carry12 << 21; |
| 497 | carry14 = (s14 + (1 << 20)) >> 21; |
| 498 | s15 += carry14; |
| 499 | s14 -= carry14 << 21; |
| 500 | carry16 = (s16 + (1 << 20)) >> 21; |
| 501 | s17 += carry16; |
| 502 | s16 -= carry16 << 21; |
| 503 | carry18 = (s18 + (1 << 20)) >> 21; |
| 504 | s19 += carry18; |
| 505 | s18 -= carry18 << 21; |
| 506 | carry20 = (s20 + (1 << 20)) >> 21; |
| 507 | s21 += carry20; |
| 508 | s20 -= carry20 << 21; |
| 509 | carry22 = (s22 + (1 << 20)) >> 21; |
| 510 | s23 += carry22; |
| 511 | s22 -= carry22 << 21; |
| 512 | carry1 = (s1 + (1 << 20)) >> 21; |
| 513 | s2 += carry1; |
| 514 | s1 -= carry1 << 21; |
| 515 | carry3 = (s3 + (1 << 20)) >> 21; |
| 516 | s4 += carry3; |
| 517 | s3 -= carry3 << 21; |
| 518 | carry5 = (s5 + (1 << 20)) >> 21; |
| 519 | s6 += carry5; |
| 520 | s5 -= carry5 << 21; |
| 521 | carry7 = (s7 + (1 << 20)) >> 21; |
| 522 | s8 += carry7; |
| 523 | s7 -= carry7 << 21; |
| 524 | carry9 = (s9 + (1 << 20)) >> 21; |
| 525 | s10 += carry9; |
| 526 | s9 -= carry9 << 21; |
| 527 | carry11 = (s11 + (1 << 20)) >> 21; |
| 528 | s12 += carry11; |
| 529 | s11 -= carry11 << 21; |
| 530 | carry13 = (s13 + (1 << 20)) >> 21; |
| 531 | s14 += carry13; |
| 532 | s13 -= carry13 << 21; |
| 533 | carry15 = (s15 + (1 << 20)) >> 21; |
| 534 | s16 += carry15; |
| 535 | s15 -= carry15 << 21; |
| 536 | carry17 = (s17 + (1 << 20)) >> 21; |
| 537 | s18 += carry17; |
| 538 | s17 -= carry17 << 21; |
| 539 | carry19 = (s19 + (1 << 20)) >> 21; |
| 540 | s20 += carry19; |
| 541 | s19 -= carry19 << 21; |
| 542 | carry21 = (s21 + (1 << 20)) >> 21; |
| 543 | s22 += carry21; |
| 544 | s21 -= carry21 << 21; |
| 545 | s11 += s23 * 666643; |
| 546 | s12 += s23 * 470296; |
| 547 | s13 += s23 * 654183; |
| 548 | s14 -= s23 * 997805; |
| 549 | s15 += s23 * 136657; |
| 550 | s16 -= s23 * 683901; |
| 551 | s23 = 0; |
| 552 | s10 += s22 * 666643; |
| 553 | s11 += s22 * 470296; |
| 554 | s12 += s22 * 654183; |
| 555 | s13 -= s22 * 997805; |
| 556 | s14 += s22 * 136657; |
| 557 | s15 -= s22 * 683901; |
| 558 | s22 = 0; |
| 559 | s9 += s21 * 666643; |
| 560 | s10 += s21 * 470296; |
| 561 | s11 += s21 * 654183; |
| 562 | s12 -= s21 * 997805; |
| 563 | s13 += s21 * 136657; |
| 564 | s14 -= s21 * 683901; |
| 565 | s21 = 0; |
| 566 | s8 += s20 * 666643; |
| 567 | s9 += s20 * 470296; |
| 568 | s10 += s20 * 654183; |
| 569 | s11 -= s20 * 997805; |
| 570 | s12 += s20 * 136657; |
| 571 | s13 -= s20 * 683901; |
| 572 | s20 = 0; |
| 573 | s7 += s19 * 666643; |
| 574 | s8 += s19 * 470296; |
| 575 | s9 += s19 * 654183; |
| 576 | s10 -= s19 * 997805; |
| 577 | s11 += s19 * 136657; |
| 578 | s12 -= s19 * 683901; |
| 579 | s19 = 0; |
| 580 | s6 += s18 * 666643; |
| 581 | s7 += s18 * 470296; |
| 582 | s8 += s18 * 654183; |
| 583 | s9 -= s18 * 997805; |
| 584 | s10 += s18 * 136657; |
| 585 | s11 -= s18 * 683901; |
| 586 | s18 = 0; |
| 587 | carry6 = (s6 + (1 << 20)) >> 21; |
| 588 | s7 += carry6; |
| 589 | s6 -= carry6 << 21; |
| 590 | carry8 = (s8 + (1 << 20)) >> 21; |
| 591 | s9 += carry8; |
| 592 | s8 -= carry8 << 21; |
| 593 | carry10 = (s10 + (1 << 20)) >> 21; |
| 594 | s11 += carry10; |
| 595 | s10 -= carry10 << 21; |
| 596 | carry12 = (s12 + (1 << 20)) >> 21; |
| 597 | s13 += carry12; |
| 598 | s12 -= carry12 << 21; |
| 599 | carry14 = (s14 + (1 << 20)) >> 21; |
| 600 | s15 += carry14; |
| 601 | s14 -= carry14 << 21; |
| 602 | carry16 = (s16 + (1 << 20)) >> 21; |
| 603 | s17 += carry16; |
| 604 | s16 -= carry16 << 21; |
| 605 | carry7 = (s7 + (1 << 20)) >> 21; |
| 606 | s8 += carry7; |
| 607 | s7 -= carry7 << 21; |
| 608 | carry9 = (s9 + (1 << 20)) >> 21; |
| 609 | s10 += carry9; |
| 610 | s9 -= carry9 << 21; |
| 611 | carry11 = (s11 + (1 << 20)) >> 21; |
| 612 | s12 += carry11; |
| 613 | s11 -= carry11 << 21; |
| 614 | carry13 = (s13 + (1 << 20)) >> 21; |
| 615 | s14 += carry13; |
| 616 | s13 -= carry13 << 21; |
| 617 | carry15 = (s15 + (1 << 20)) >> 21; |
| 618 | s16 += carry15; |
| 619 | s15 -= carry15 << 21; |
| 620 | s5 += s17 * 666643; |
| 621 | s6 += s17 * 470296; |
| 622 | s7 += s17 * 654183; |
| 623 | s8 -= s17 * 997805; |
| 624 | s9 += s17 * 136657; |
| 625 | s10 -= s17 * 683901; |
| 626 | s17 = 0; |
| 627 | s4 += s16 * 666643; |
| 628 | s5 += s16 * 470296; |
| 629 | s6 += s16 * 654183; |
| 630 | s7 -= s16 * 997805; |
| 631 | s8 += s16 * 136657; |
| 632 | s9 -= s16 * 683901; |
| 633 | s16 = 0; |
| 634 | s3 += s15 * 666643; |
| 635 | s4 += s15 * 470296; |
| 636 | s5 += s15 * 654183; |
| 637 | s6 -= s15 * 997805; |
| 638 | s7 += s15 * 136657; |
| 639 | s8 -= s15 * 683901; |
| 640 | s15 = 0; |
| 641 | s2 += s14 * 666643; |
| 642 | s3 += s14 * 470296; |
| 643 | s4 += s14 * 654183; |
| 644 | s5 -= s14 * 997805; |
| 645 | s6 += s14 * 136657; |
| 646 | s7 -= s14 * 683901; |
| 647 | s14 = 0; |
| 648 | s1 += s13 * 666643; |
| 649 | s2 += s13 * 470296; |
| 650 | s3 += s13 * 654183; |
| 651 | s4 -= s13 * 997805; |
| 652 | s5 += s13 * 136657; |
| 653 | s6 -= s13 * 683901; |
| 654 | s13 = 0; |
| 655 | s0 += s12 * 666643; |
| 656 | s1 += s12 * 470296; |
| 657 | s2 += s12 * 654183; |
| 658 | s3 -= s12 * 997805; |
| 659 | s4 += s12 * 136657; |
| 660 | s5 -= s12 * 683901; |
| 661 | s12 = 0; |
| 662 | carry0 = (s0 + (1 << 20)) >> 21; |
| 663 | s1 += carry0; |
| 664 | s0 -= carry0 << 21; |
| 665 | carry2 = (s2 + (1 << 20)) >> 21; |
| 666 | s3 += carry2; |
| 667 | s2 -= carry2 << 21; |
| 668 | carry4 = (s4 + (1 << 20)) >> 21; |
| 669 | s5 += carry4; |
| 670 | s4 -= carry4 << 21; |
| 671 | carry6 = (s6 + (1 << 20)) >> 21; |
| 672 | s7 += carry6; |
| 673 | s6 -= carry6 << 21; |
| 674 | carry8 = (s8 + (1 << 20)) >> 21; |
| 675 | s9 += carry8; |
| 676 | s8 -= carry8 << 21; |
| 677 | carry10 = (s10 + (1 << 20)) >> 21; |
| 678 | s11 += carry10; |
| 679 | s10 -= carry10 << 21; |
| 680 | carry1 = (s1 + (1 << 20)) >> 21; |
| 681 | s2 += carry1; |
| 682 | s1 -= carry1 << 21; |
| 683 | carry3 = (s3 + (1 << 20)) >> 21; |
| 684 | s4 += carry3; |
| 685 | s3 -= carry3 << 21; |
| 686 | carry5 = (s5 + (1 << 20)) >> 21; |
| 687 | s6 += carry5; |
| 688 | s5 -= carry5 << 21; |
| 689 | carry7 = (s7 + (1 << 20)) >> 21; |
| 690 | s8 += carry7; |
| 691 | s7 -= carry7 << 21; |
| 692 | carry9 = (s9 + (1 << 20)) >> 21; |
| 693 | s10 += carry9; |
| 694 | s9 -= carry9 << 21; |
| 695 | carry11 = (s11 + (1 << 20)) >> 21; |
| 696 | s12 += carry11; |
| 697 | s11 -= carry11 << 21; |
| 698 | s0 += s12 * 666643; |
| 699 | s1 += s12 * 470296; |
| 700 | s2 += s12 * 654183; |
| 701 | s3 -= s12 * 997805; |
| 702 | s4 += s12 * 136657; |
| 703 | s5 -= s12 * 683901; |
| 704 | s12 = 0; |
| 705 | carry0 = s0 >> 21; |
| 706 | s1 += carry0; |
| 707 | s0 -= carry0 << 21; |
| 708 | carry1 = s1 >> 21; |
| 709 | s2 += carry1; |
| 710 | s1 -= carry1 << 21; |
| 711 | carry2 = s2 >> 21; |
| 712 | s3 += carry2; |
| 713 | s2 -= carry2 << 21; |
| 714 | carry3 = s3 >> 21; |
| 715 | s4 += carry3; |
| 716 | s3 -= carry3 << 21; |
| 717 | carry4 = s4 >> 21; |
| 718 | s5 += carry4; |
| 719 | s4 -= carry4 << 21; |
| 720 | carry5 = s5 >> 21; |
| 721 | s6 += carry5; |
| 722 | s5 -= carry5 << 21; |
| 723 | carry6 = s6 >> 21; |
| 724 | s7 += carry6; |
| 725 | s6 -= carry6 << 21; |
| 726 | carry7 = s7 >> 21; |
| 727 | s8 += carry7; |
| 728 | s7 -= carry7 << 21; |
| 729 | carry8 = s8 >> 21; |
| 730 | s9 += carry8; |
| 731 | s8 -= carry8 << 21; |
| 732 | carry9 = s9 >> 21; |
| 733 | s10 += carry9; |
| 734 | s9 -= carry9 << 21; |
| 735 | carry10 = s10 >> 21; |
| 736 | s11 += carry10; |
| 737 | s10 -= carry10 << 21; |
| 738 | carry11 = s11 >> 21; |
| 739 | s12 += carry11; |
| 740 | s11 -= carry11 << 21; |
| 741 | s0 += s12 * 666643; |
| 742 | s1 += s12 * 470296; |
| 743 | s2 += s12 * 654183; |
| 744 | s3 -= s12 * 997805; |
| 745 | s4 += s12 * 136657; |
| 746 | s5 -= s12 * 683901; |
| 747 | s12 = 0; |
| 748 | carry0 = s0 >> 21; |
| 749 | s1 += carry0; |
| 750 | s0 -= carry0 << 21; |
| 751 | carry1 = s1 >> 21; |
| 752 | s2 += carry1; |
| 753 | s1 -= carry1 << 21; |
| 754 | carry2 = s2 >> 21; |
| 755 | s3 += carry2; |
| 756 | s2 -= carry2 << 21; |
| 757 | carry3 = s3 >> 21; |
| 758 | s4 += carry3; |
| 759 | s3 -= carry3 << 21; |
| 760 | carry4 = s4 >> 21; |
| 761 | s5 += carry4; |
| 762 | s4 -= carry4 << 21; |
| 763 | carry5 = s5 >> 21; |
| 764 | s6 += carry5; |
| 765 | s5 -= carry5 << 21; |
| 766 | carry6 = s6 >> 21; |
| 767 | s7 += carry6; |
| 768 | s6 -= carry6 << 21; |
| 769 | carry7 = s7 >> 21; |
| 770 | s8 += carry7; |
| 771 | s7 -= carry7 << 21; |
| 772 | carry8 = s8 >> 21; |
| 773 | s9 += carry8; |
| 774 | s8 -= carry8 << 21; |
| 775 | carry9 = s9 >> 21; |
| 776 | s10 += carry9; |
| 777 | s9 -= carry9 << 21; |
| 778 | carry10 = s10 >> 21; |
| 779 | s11 += carry10; |
| 780 | s10 -= carry10 << 21; |
| 781 | |
| 782 | s[0] = (unsigned char) (s0 >> 0); |
| 783 | s[1] = (unsigned char) (s0 >> 8); |
| 784 | s[2] = (unsigned char) ((s0 >> 16) | (s1 << 5)); |
| 785 | s[3] = (unsigned char) (s1 >> 3); |
| 786 | s[4] = (unsigned char) (s1 >> 11); |
| 787 | s[5] = (unsigned char) ((s1 >> 19) | (s2 << 2)); |
| 788 | s[6] = (unsigned char) (s2 >> 6); |
| 789 | s[7] = (unsigned char) ((s2 >> 14) | (s3 << 7)); |
| 790 | s[8] = (unsigned char) (s3 >> 1); |
| 791 | s[9] = (unsigned char) (s3 >> 9); |
| 792 | s[10] = (unsigned char) ((s3 >> 17) | (s4 << 4)); |
| 793 | s[11] = (unsigned char) (s4 >> 4); |
| 794 | s[12] = (unsigned char) (s4 >> 12); |
| 795 | s[13] = (unsigned char) ((s4 >> 20) | (s5 << 1)); |
| 796 | s[14] = (unsigned char) (s5 >> 7); |
| 797 | s[15] = (unsigned char) ((s5 >> 15) | (s6 << 6)); |
| 798 | s[16] = (unsigned char) (s6 >> 2); |
| 799 | s[17] = (unsigned char) (s6 >> 10); |
| 800 | s[18] = (unsigned char) ((s6 >> 18) | (s7 << 3)); |
| 801 | s[19] = (unsigned char) (s7 >> 5); |
| 802 | s[20] = (unsigned char) (s7 >> 13); |
| 803 | s[21] = (unsigned char) (s8 >> 0); |
| 804 | s[22] = (unsigned char) (s8 >> 8); |
| 805 | s[23] = (unsigned char) ((s8 >> 16) | (s9 << 5)); |
| 806 | s[24] = (unsigned char) (s9 >> 3); |
| 807 | s[25] = (unsigned char) (s9 >> 11); |
| 808 | s[26] = (unsigned char) ((s9 >> 19) | (s10 << 2)); |
| 809 | s[27] = (unsigned char) (s10 >> 6); |
| 810 | s[28] = (unsigned char) ((s10 >> 14) | (s11 << 7)); |
| 811 | s[29] = (unsigned char) (s11 >> 1); |
| 812 | s[30] = (unsigned char) (s11 >> 9); |
| 813 | s[31] = (unsigned char) (s11 >> 17); |
| 814 | } |
| 815 |
Generated while processing olm/src/ed25519.c
Generated on 2025-Aug-08 from project olm revision 3.2.16
Powered by 
Code Browser 2.1
Generator usage only permitted with license.