Lines Matching refs:u64
19 static __always_inline u64 eq_mask(u64 a, u64 b) in eq_mask()
21 u64 x = a ^ b; in eq_mask()
22 u64 minus_x = ~x + (u64)1U; in eq_mask()
23 u64 x_or_minus_x = x | minus_x; in eq_mask()
24 u64 xnx = x_or_minus_x >> (u32)63U; in eq_mask()
25 return xnx - (u64)1U; in eq_mask()
28 static __always_inline u64 gte_mask(u64 a, u64 b) in gte_mask()
30 u64 x = a; in gte_mask()
31 u64 y = b; in gte_mask()
32 u64 x_xor_y = x ^ y; in gte_mask()
33 u64 x_sub_y = x - y; in gte_mask()
34 u64 x_sub_y_xor_y = x_sub_y ^ y; in gte_mask()
35 u64 q = x_xor_y | x_sub_y_xor_y; in gte_mask()
36 u64 x_xor_q = x ^ q; in gte_mask()
37 u64 x_xor_q_ = x_xor_q >> (u32)63U; in gte_mask()
38 return x_xor_q_ - (u64)1U; in gte_mask()
43 static inline u64 add_scalar(u64 *out, const u64 *f1, u64 f2) in add_scalar()
45 u64 carry_r; in add_scalar()
76 static inline void fadd(u64 *out, const u64 *f1, const u64 *f2) in fadd()
118 static inline void fsub(u64 *out, const u64 *f1, const u64 *f2) in fsub()
162 static inline void fmul(u64 *out, const u64 *f1, const u64 *f2, u64 *tmp) in fmul()
243 static inline void fmul2(u64 *out, const u64 *f1, const u64 *f2, u64 *tmp) in fmul2()
385 static inline void fmul_scalar(u64 *out, const u64 *f1, u64 f2) in fmul_scalar()
387 register u64 f2_r asm("rdx") = f2; in fmul_scalar()
428 static inline void cswap2(u64 bit, const u64 *p1, const u64 *p2) in cswap2()
513 static inline void fsqr(u64 *out, const u64 *f, u64 *tmp) in fsqr()
606 static inline void fsqr2(u64 *out, const u64 *f, u64 *tmp) in fsqr2()
764 static void point_add_and_double(u64 *q, u64 *p01_tmp1, u64 *tmp2) in point_add_and_double()
766 u64 *nq = p01_tmp1; in point_add_and_double()
767 u64 *nq_p1 = p01_tmp1 + (u32)8U; in point_add_and_double()
768 u64 *tmp1 = p01_tmp1 + (u32)16U; in point_add_and_double()
769 u64 *x1 = q; in point_add_and_double()
770 u64 *x2 = nq; in point_add_and_double()
771 u64 *z2 = nq + (u32)4U; in point_add_and_double()
772 u64 *z3 = nq_p1 + (u32)4U; in point_add_and_double()
773 u64 *a = tmp1; in point_add_and_double()
774 u64 *b = tmp1 + (u32)4U; in point_add_and_double()
775 u64 *ab = tmp1; in point_add_and_double()
776 u64 *dc = tmp1 + (u32)8U; in point_add_and_double()
777 u64 *x3; in point_add_and_double()
778 u64 *z31; in point_add_and_double()
779 u64 *d0; in point_add_and_double()
780 u64 *c0; in point_add_and_double()
781 u64 *a1; in point_add_and_double()
782 u64 *b1; in point_add_and_double()
783 u64 *d; in point_add_and_double()
784 u64 *c; in point_add_and_double()
785 u64 *ab1; in point_add_and_double()
786 u64 *dc1; in point_add_and_double()
811 fmul_scalar(b1, c, (u64)121665U); in point_add_and_double()
817 static void point_double(u64 *nq, u64 *tmp1, u64 *tmp2) in point_double()
819 u64 *x2 = nq; in point_double()
820 u64 *z2 = nq + (u32)4U; in point_double()
821 u64 *a = tmp1; in point_double()
822 u64 *b = tmp1 + (u32)4U; in point_double()
823 u64 *d = tmp1 + (u32)8U; in point_double()
824 u64 *c = tmp1 + (u32)12U; in point_double()
825 u64 *ab = tmp1; in point_double()
826 u64 *dc = tmp1 + (u32)8U; in point_double()
835 fmul_scalar(b, c, (u64)121665U); in point_double()
840 static void montgomery_ladder(u64 *out, const u8 *key, u64 *init1) in montgomery_ladder()
842 u64 tmp2[16U] = { 0U }; in montgomery_ladder()
843 u64 p01_tmp1_swap[33U] = { 0U }; in montgomery_ladder()
844 u64 *p0 = p01_tmp1_swap; in montgomery_ladder()
845 u64 *p01 = p01_tmp1_swap; in montgomery_ladder()
846 u64 *p03 = p01; in montgomery_ladder()
847 u64 *p11 = p01 + (u32)8U; in montgomery_ladder()
848 u64 *x0; in montgomery_ladder()
849 u64 *z0; in montgomery_ladder()
850 u64 *p01_tmp1; in montgomery_ladder()
851 u64 *p01_tmp11; in montgomery_ladder()
852 u64 *nq10; in montgomery_ladder()
853 u64 *nq_p11; in montgomery_ladder()
854 u64 *swap1; in montgomery_ladder()
855 u64 sw0; in montgomery_ladder()
856 u64 *nq1; in montgomery_ladder()
857 u64 *tmp1; in montgomery_ladder()
861 x0[0U] = (u64)1U; in montgomery_ladder()
862 x0[1U] = (u64)0U; in montgomery_ladder()
863 x0[2U] = (u64)0U; in montgomery_ladder()
864 x0[3U] = (u64)0U; in montgomery_ladder()
865 z0[0U] = (u64)0U; in montgomery_ladder()
866 z0[1U] = (u64)0U; in montgomery_ladder()
867 z0[2U] = (u64)0U; in montgomery_ladder()
868 z0[3U] = (u64)0U; in montgomery_ladder()
874 cswap2((u64)1U, nq10, nq_p11); in montgomery_ladder()
876 swap1[0U] = (u64)1U; in montgomery_ladder()
880 u64 *p01_tmp12 = p01_tmp1_swap; in montgomery_ladder()
881 u64 *swap2 = p01_tmp1_swap + (u32)32U; in montgomery_ladder()
882 u64 *nq2 = p01_tmp12; in montgomery_ladder()
883 u64 *nq_p12 = p01_tmp12 + (u32)8U; in montgomery_ladder()
884 u64 bit = (u64)(key[((u32)253U - i) / (u32)8U] >> ((u32)253U - i) % (u32)8U & (u8)1U); in montgomery_ladder()
885 u64 sw = swap2[0U] ^ bit; in montgomery_ladder()
904 static void fsquare_times(u64 *o, const u64 *inp, u64 *tmp, u32 n1) in fsquare_times()
912 static void finv(u64 *o, const u64 *i, u64 *tmp) in finv()
914 u64 t1[16U] = { 0U }; in finv()
915 u64 *a0 = t1; in finv()
916 u64 *b = t1 + (u32)4U; in finv()
917 u64 *c = t1 + (u32)8U; in finv()
918 u64 *t00 = t1 + (u32)12U; in finv()
919 u64 *tmp1 = tmp; in finv()
920 u64 *a; in finv()
921 u64 *t0; in finv()
948 static void store_felem(u64 *b, u64 *f) in store_felem()
950 u64 f30 = f[3U]; in store_felem()
951 u64 top_bit0 = f30 >> (u32)63U; in store_felem()
952 u64 f31; in store_felem()
953 u64 top_bit; in store_felem()
954 u64 f0; in store_felem()
955 u64 f1; in store_felem()
956 u64 f2; in store_felem()
957 u64 f3; in store_felem()
958 u64 m0; in store_felem()
959 u64 m1; in store_felem()
960 u64 m2; in store_felem()
961 u64 m3; in store_felem()
962 u64 mask; in store_felem()
963 u64 f0_; in store_felem()
964 u64 f1_; in store_felem()
965 u64 f2_; in store_felem()
966 u64 f3_; in store_felem()
967 u64 o0; in store_felem()
968 u64 o1; in store_felem()
969 u64 o2; in store_felem()
970 u64 o3; in store_felem()
971 f[3U] = f30 & (u64)0x7fffffffffffffffU; in store_felem()
972 add_scalar(f, f, (u64)19U * top_bit0); in store_felem()
975 f[3U] = f31 & (u64)0x7fffffffffffffffU; in store_felem()
976 add_scalar(f, f, (u64)19U * top_bit); in store_felem()
981 m0 = gte_mask(f0, (u64)0xffffffffffffffedU); in store_felem()
982 m1 = eq_mask(f1, (u64)0xffffffffffffffffU); in store_felem()
983 m2 = eq_mask(f2, (u64)0xffffffffffffffffU); in store_felem()
984 m3 = eq_mask(f3, (u64)0x7fffffffffffffffU); in store_felem()
986 f0_ = f0 - (mask & (u64)0xffffffffffffffedU); in store_felem()
987 f1_ = f1 - (mask & (u64)0xffffffffffffffffU); in store_felem()
988 f2_ = f2 - (mask & (u64)0xffffffffffffffffU); in store_felem()
989 f3_ = f3 - (mask & (u64)0x7fffffffffffffffU); in store_felem()
1000 static void encode_point(u8 *o, const u64 *i) in encode_point()
1002 const u64 *x = i; in encode_point()
1003 const u64 *z = i + (u32)4U; in encode_point()
1004 u64 tmp[4U] = { 0U }; in encode_point()
1005 u64 tmp_w[16U] = { 0U }; in encode_point()
1008 store_felem((u64 *)o, tmp); in encode_point()
1013 u64 init1[8U] = { 0U }; in curve25519_ever64()
1014 u64 tmp[4U] = { 0U }; in curve25519_ever64()
1015 u64 tmp3; in curve25519_ever64()
1016 u64 *x; in curve25519_ever64()
1017 u64 *z; in curve25519_ever64()
1021 u64 *os = tmp; in curve25519_ever64()
1023 u64 u = *(u64 *)bj; in curve25519_ever64()
1024 u64 r = u; in curve25519_ever64()
1025 u64 x0 = r; in curve25519_ever64()
1030 tmp[3U] = tmp3 & (u64)0x7fffffffffffffffU; in curve25519_ever64()
1033 z[0U] = (u64)1U; in curve25519_ever64()
1034 z[1U] = (u64)0U; in curve25519_ever64()
1035 z[2U] = (u64)0U; in curve25519_ever64()
1036 z[3U] = (u64)0U; in curve25519_ever64()
1067 static const u64 p_minus_s[] = { 0x816b1e0137d48290ULL, 0x440f6a51eb4d1207ULL, 0x52385f46dca2b71dUL…
1069 static const u64 table_ladder[] = {
1326 u64 swap = 1; in curve25519_ever64_base()
1328 u64 tmp[16 + 32 + 4]; in curve25519_ever64_base()
1329 u64 *x1 = &tmp[0]; in curve25519_ever64_base()
1330 u64 *z1 = &tmp[4]; in curve25519_ever64_base()
1331 u64 *x2 = &tmp[8]; in curve25519_ever64_base()
1332 u64 *z2 = &tmp[12]; in curve25519_ever64_base()
1333 u64 *xz1 = &tmp[0]; in curve25519_ever64_base()
1334 u64 *xz2 = &tmp[8]; in curve25519_ever64_base()
1335 u64 *a = &tmp[0 + 16]; in curve25519_ever64_base()
1336 u64 *b = &tmp[4 + 16]; in curve25519_ever64_base()
1337 u64 *c = &tmp[8 + 16]; in curve25519_ever64_base()
1338 u64 *ab = &tmp[0 + 16]; in curve25519_ever64_base()
1339 u64 *abcd = &tmp[0 + 16]; in curve25519_ever64_base()
1340 u64 *ef = &tmp[16 + 16]; in curve25519_ever64_base()
1341 u64 *efgh = &tmp[16 + 16]; in curve25519_ever64_base()
1342 u64 *key = &tmp[0 + 16 + 32]; in curve25519_ever64_base()
1356 u64 bit = (key[i] >> j) & 1; in curve25519_ever64_base()