58     poly1305_state *state) {  in poly1305_aligned_state()  argument
59   dev_assert_secret(((uintptr_t)state & 63) == 0);  in poly1305_aligned_state()
60   return (struct poly1305_state_st *)(((uintptr_t)state + 63) & ~63);  in poly1305_aligned_state()
63 // poly1305_blocks updates |state| given some amount of input data. This
66 static void poly1305_update(struct poly1305_state_st *state, const uint8_t *in,  in poly1305_update()  argument
88   state->h0 += t0 & 0x3ffffff;  in poly1305_update()
89   state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;  in poly1305_update()
90   state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;  in poly1305_update()
91   state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;  in poly1305_update()
92   state->h4 += (t3 >> 8) | (1 << 24);  in poly1305_update()
95   t[0] = mul32x32_64(state->h0, state->r0) + mul32x32_64(state->h1, state->s4) +  in poly1305_update()
96          mul32x32_64(state->h2, state->s3) + mul32x32_64(state->h3, state->s2) +  in poly1305_update()
97          mul32x32_64(state->h4, state->s1);  in poly1305_update()
98   t[1] = mul32x32_64(state->h0, state->r1) + mul32x32_64(state->h1, state->r0) +  in poly1305_update()
99          mul32x32_64(state->h2, state->s4) + mul32x32_64(state->h3, state->s3) +  in poly1305_update()
100          mul32x32_64(state->h4, state->s2);  in poly1305_update()
101   t[2] = mul32x32_64(state->h0, state->r2) + mul32x32_64(state->h1, state->r1) +  in poly1305_update()
102          mul32x32_64(state->h2, state->r0) + mul32x32_64(state->h3, state->s4) +  in poly1305_update()
103          mul32x32_64(state->h4, state->s3);  in poly1305_update()
104   t[3] = mul32x32_64(state->h0, state->r3) + mul32x32_64(state->h1, state->r2) +  in poly1305_update()
105          mul32x32_64(state->h2, state->r1) + mul32x32_64(state->h3, state->r0) +  in poly1305_update()
106          mul32x32_64(state->h4, state->s4);  in poly1305_update()
107   t[4] = mul32x32_64(state->h0, state->r4) + mul32x32_64(state->h1, state->r3) +  in poly1305_update()
108          mul32x32_64(state->h2, state->r2) + mul32x32_64(state->h3, state->r1) +  in poly1305_update()
109          mul32x32_64(state->h4, state->r0);  in poly1305_update()
111   state->h0 = (uint32_t)t[0] & 0x3ffffff;  in poly1305_update()
114   state->h1 = (uint32_t)t[1] & 0x3ffffff;  in poly1305_update()
117   state->h2 = (uint32_t)t[2] & 0x3ffffff;  in poly1305_update()
120   state->h3 = (uint32_t)t[3] & 0x3ffffff;  in poly1305_update()
123   state->h4 = (uint32_t)t[4] & 0x3ffffff;  in poly1305_update()
125   state->h0 += b * 5;  in poly1305_update()
151   state->h0 += t0 & 0x3ffffff;  in poly1305_update()
152   state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;  in poly1305_update()
153   state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;  in poly1305_update()
154   state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;  in poly1305_update()
155   state->h4 += (t3 >> 8);  in poly1305_update()
161   struct poly1305_state_st *state = poly1305_aligned_state(statep);  in GFp_poly1305_init()  local
170   state->r0 = t0 & 0x3ffffff;  in GFp_poly1305_init()
173   state->r1 = t0 & 0x3ffff03;  in GFp_poly1305_init()
176   state->r2 = t1 & 0x3ffc0ff;  in GFp_poly1305_init()
179   state->r3 = t2 & 0x3f03fff;  in GFp_poly1305_init()
181   state->r4 = t3 & 0x00fffff;  in GFp_poly1305_init()
183   state->s1 = state->r1 * 5;  in GFp_poly1305_init()
184   state->s2 = state->r2 * 5;  in GFp_poly1305_init()
185   state->s3 = state->r3 * 5;  in GFp_poly1305_init()
186   state->s4 = state->r4 * 5;  in GFp_poly1305_init()
188   // init state  in GFp_poly1305_init()
189   state->h0 = 0;  in GFp_poly1305_init()
190   state->h1 = 0;  in GFp_poly1305_init()
191   state->h2 = 0;  in GFp_poly1305_init()
192   state->h3 = 0;  in GFp_poly1305_init()
193   state->h4 = 0;  in GFp_poly1305_init()
195   state->buf_used = 0;  in GFp_poly1305_init()
196   GFp_memcpy(state->key, key + 16, sizeof(state->key));  in GFp_poly1305_init()
201   struct poly1305_state_st *state = poly1305_aligned_state(statep);  in GFp_poly1305_update()  local
203   if (state->buf_used) {  in GFp_poly1305_update()
204     size_t todo = 16 - state->buf_used;  in GFp_poly1305_update()
209       state->buf[state->buf_used + i] = in[i];  in GFp_poly1305_update()
211     state->buf_used += todo;  in GFp_poly1305_update()
215     if (state->buf_used == 16) {  in GFp_poly1305_update()
216       poly1305_update(state, state->buf, 16);  in GFp_poly1305_update()
217       state->buf_used = 0;  in GFp_poly1305_update()
223     poly1305_update(state, in, todo);  in GFp_poly1305_update()
230       state->buf[i] = in[i];  in GFp_poly1305_update()
232     state->buf_used = in_len;  in GFp_poly1305_update()
237   struct poly1305_state_st *state = poly1305_aligned_state(statep);  in GFp_poly1305_finish()  local
242   if (state->buf_used) {  in GFp_poly1305_finish()
243     poly1305_update(state, state->buf, state->buf_used);  in GFp_poly1305_finish()
246   b = state->h0 >> 26;  in GFp_poly1305_finish()
247   state->h0 = state->h0 & 0x3ffffff;  in GFp_poly1305_finish()
248   state->h1 += b;  in GFp_poly1305_finish()
249   b = state->h1 >> 26;  in GFp_poly1305_finish()
250   state->h1 = state->h1 & 0x3ffffff;  in GFp_poly1305_finish()
251   state->h2 += b;  in GFp_poly1305_finish()
252   b = state->h2 >> 26;  in GFp_poly1305_finish()
253   state->h2 = state->h2 & 0x3ffffff;  in GFp_poly1305_finish()
254   state->h3 += b;  in GFp_poly1305_finish()
255   b = state->h3 >> 26;  in GFp_poly1305_finish()
256   state->h3 = state->h3 & 0x3ffffff;  in GFp_poly1305_finish()
257   state->h4 += b;  in GFp_poly1305_finish()
258   b = state->h4 >> 26;  in GFp_poly1305_finish()
259   state->h4 = state->h4 & 0x3ffffff;  in GFp_poly1305_finish()
260   state->h0 += b * 5;  in GFp_poly1305_finish()
262   g0 = state->h0 + 5;  in GFp_poly1305_finish()
265   g1 = state->h1 + b;  in GFp_poly1305_finish()
268   g2 = state->h2 + b;  in GFp_poly1305_finish()
271   g3 = state->h3 + b;  in GFp_poly1305_finish()
274   g4 = state->h4 + b - (1 << 26);  in GFp_poly1305_finish()
278   state->h0 = (state->h0 & nb) | (g0 & b);  in GFp_poly1305_finish()
279   state->h1 = (state->h1 & nb) | (g1 & b);  in GFp_poly1305_finish()
280   state->h2 = (state->h2 & nb) | (g2 & b);  in GFp_poly1305_finish()
281   state->h3 = (state->h3 & nb) | (g3 & b);  in GFp_poly1305_finish()
282   state->h4 = (state->h4 & nb) | (g4 & b);  in GFp_poly1305_finish()
284   f0 = ((state->h0) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]);  in GFp_poly1305_finish()
285   f1 = ((state->h1 >> 6) | (state->h2 << 20)) +  in GFp_poly1305_finish()
286        (uint64_t)U8TO32_LE(&state->key[4]);  in GFp_poly1305_finish()
287   f2 = ((state->h2 >> 12) | (state->h3 << 14)) +  in GFp_poly1305_finish()
288        (uint64_t)U8TO32_LE(&state->key[8]);  in GFp_poly1305_finish()
289   f3 = ((state->h3 >> 18) | (state->h4 << 8)) +  in GFp_poly1305_finish()
290        (uint64_t)U8TO32_LE(&state->key[12]);  in GFp_poly1305_finish()