sv fe_carry(fe h, i64 t[10])
{
i64 c0, c1, c2, c3, c4, c5, c6, c7, c8, c9;
- c9 = (t[9] + (i64) (1<<24)) >> 25; t[0] += c9 * 19; t[9] -= c9 << 25;
- c1 = (t[1] + (i64) (1<<24)) >> 25; t[2] += c1; t[1] -= c1 << 25;
- c3 = (t[3] + (i64) (1<<24)) >> 25; t[4] += c3; t[3] -= c3 << 25;
- c5 = (t[5] + (i64) (1<<24)) >> 25; t[6] += c5; t[5] -= c5 << 25;
- c7 = (t[7] + (i64) (1<<24)) >> 25; t[8] += c7; t[7] -= c7 << 25;
- c0 = (t[0] + (i64) (1<<25)) >> 26; t[1] += c0; t[0] -= c0 << 26;
- c2 = (t[2] + (i64) (1<<25)) >> 26; t[3] += c2; t[2] -= c2 << 26;
- c4 = (t[4] + (i64) (1<<25)) >> 26; t[5] += c4; t[4] -= c4 << 26;
- c6 = (t[6] + (i64) (1<<25)) >> 26; t[7] += c6; t[6] -= c6 << 26;
- c8 = (t[8] + (i64) (1<<25)) >> 26; t[9] += c8; t[8] -= c8 << 26;
+ c9 = (t[9] + (i64) (1<<24)) >> 25; t[0] += c9 * 19; t[9] -= (u64)c9 << 25;
+ c1 = (t[1] + (i64) (1<<24)) >> 25; t[2] += c1; t[1] -= (u64)c1 << 25;
+ c3 = (t[3] + (i64) (1<<24)) >> 25; t[4] += c3; t[3] -= (u64)c3 << 25;
+ c5 = (t[5] + (i64) (1<<24)) >> 25; t[6] += c5; t[5] -= (u64)c5 << 25;
+ c7 = (t[7] + (i64) (1<<24)) >> 25; t[8] += c7; t[7] -= (u64)c7 << 25;
+ c0 = (t[0] + (i64) (1<<25)) >> 26; t[1] += c0; t[0] -= (u64)c0 << 26;
+ c2 = (t[2] + (i64) (1<<25)) >> 26; t[3] += c2; t[2] -= (u64)c2 << 26;
+ c4 = (t[4] + (i64) (1<<25)) >> 26; t[5] += c4; t[4] -= (u64)c4 << 26;
+ c6 = (t[6] + (i64) (1<<25)) >> 26; t[7] += c6; t[6] -= (u64)c6 << 26;
+ c8 = (t[8] + (i64) (1<<25)) >> 26; t[9] += c8; t[8] -= (u64)c8 << 26;
FOR (i, 0, 10) { h[i] = t[i]; }
}
+ f5*(i64)g4 + f6*(i64)g3 + f7*(i64)g2 + f8*(i64)g1 + f9*(i64)g0;
i64 c0, c1, c2, c3, c4, c5, c6, c7, c8, c9;
- c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0; h0 -= c0 << 26;
- c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4; h4 -= c4 << 26;
- c1 = (h1 + (i64) (1<<24)) >> 25; h2 += c1; h1 -= c1 << 25;
- c5 = (h5 + (i64) (1<<24)) >> 25; h6 += c5; h5 -= c5 << 25;
- c2 = (h2 + (i64) (1<<25)) >> 26; h3 += c2; h2 -= c2 << 26;
- c6 = (h6 + (i64) (1<<25)) >> 26; h7 += c6; h6 -= c6 << 26;
- c3 = (h3 + (i64) (1<<24)) >> 25; h4 += c3; h3 -= c3 << 25;
- c7 = (h7 + (i64) (1<<24)) >> 25; h8 += c7; h7 -= c7 << 25;
- c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4; h4 -= c4 << 26;
- c8 = (h8 + (i64) (1<<25)) >> 26; h9 += c8; h8 -= c8 << 26;
- c9 = (h9 + (i64) (1<<24)) >> 25; h0 += c9 * 19; h9 -= c9 << 25;
- c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0; h0 -= c0 << 26;
+ c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0; h0 -= (u64)c0 << 26;
+ c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4; h4 -= (u64)c4 << 26;
+ c1 = (h1 + (i64) (1<<24)) >> 25; h2 += c1; h1 -= (u64)c1 << 25;
+ c5 = (h5 + (i64) (1<<24)) >> 25; h6 += c5; h5 -= (u64)c5 << 25;
+ c2 = (h2 + (i64) (1<<25)) >> 26; h3 += c2; h2 -= (u64)c2 << 26;
+ c6 = (h6 + (i64) (1<<25)) >> 26; h7 += c6; h6 -= (u64)c6 << 26;
+ c3 = (h3 + (i64) (1<<24)) >> 25; h4 += c3; h3 -= (u64)c3 << 25;
+ c7 = (h7 + (i64) (1<<24)) >> 25; h8 += c7; h7 -= (u64)c7 << 25;
+ c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4; h4 -= (u64)c4 << 26;
+ c8 = (h8 + (i64) (1<<25)) >> 26; h9 += c8; h8 -= (u64)c8 << 26;
+ c9 = (h9 + (i64) (1<<24)) >> 25; h0 += c9 * 19; h9 -= (u64)c9 << 25;
+ c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0; h0 -= (u64)c0 << 26;
h[0] = h0; h[1] = h1; h[2] = h2; h[3] = h3; h[4] = h4;
h[5] = h5; h[6] = h6; h[7] = h7; h[8] = h8; h[9] = h9;
}
t[0] += 19 * q;
- i32 c0 = t[0] >> 26; t[1] += c0; t[0] -= c0 << 26;
- i32 c1 = t[1] >> 25; t[2] += c1; t[1] -= c1 << 25;
- i32 c2 = t[2] >> 26; t[3] += c2; t[2] -= c2 << 26;
- i32 c3 = t[3] >> 25; t[4] += c3; t[3] -= c3 << 25;
- i32 c4 = t[4] >> 26; t[5] += c4; t[4] -= c4 << 26;
- i32 c5 = t[5] >> 25; t[6] += c5; t[5] -= c5 << 25;
- i32 c6 = t[6] >> 26; t[7] += c6; t[6] -= c6 << 26;
- i32 c7 = t[7] >> 25; t[8] += c7; t[7] -= c7 << 25;
- i32 c8 = t[8] >> 26; t[9] += c8; t[8] -= c8 << 26;
- i32 c9 = t[9] >> 25; t[9] -= c9 << 25;
+ i32 c0 = t[0] >> 26; t[1] += c0; t[0] -= (u64)c0 << 26;
+ i32 c1 = t[1] >> 25; t[2] += c1; t[1] -= (u64)c1 << 25;
+ i32 c2 = t[2] >> 26; t[3] += c2; t[2] -= (u64)c2 << 26;
+ i32 c3 = t[3] >> 25; t[4] += c3; t[3] -= (u64)c3 << 25;
+ i32 c4 = t[4] >> 26; t[5] += c4; t[4] -= (u64)c4 << 26;
+ i32 c5 = t[5] >> 25; t[6] += c5; t[5] -= (u64)c5 << 25;
+ i32 c6 = t[6] >> 26; t[7] += c6; t[6] -= (u64)c6 << 26;
+ i32 c7 = t[7] >> 25; t[8] += c7; t[7] -= (u64)c7 << 25;
+ i32 c8 = t[8] >> 26; t[9] += c8; t[8] -= (u64)c8 << 26;
+ i32 c9 = t[9] >> 25; t[9] -= (u64)c9 << 25;
store32_le(s + 0, ((u32)t[0] >> 0) | ((u32)t[1] << 26));
store32_le(s + 4, ((u32)t[1] >> 6) | ((u32)t[2] << 19));
store32_le(s + 8, ((u32)t[2] >> 13) | ((u32)t[3] << 13));
store32_le(s + 12, ((u32)t[3] >> 19) | ((u32)t[4] << 6));
- store32_le(s + 16, ((u32)t[5] << 0) | ((u32)t[6] << 25));
+ store32_le(s + 16, ((u32)t[5] >> 0) | ((u32)t[6] << 25));
store32_le(s + 20, ((u32)t[6] >> 7) | ((u32)t[7] << 19));
store32_le(s + 24, ((u32)t[7] >> 13) | ((u32)t[8] << 12));
store32_le(s + 28, ((u32)t[8] >> 20) | ((u32)t[9] << 6));
0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 };
- unsigned i;
- for (i = 63; i >= 32; i--) {
+ for (unsigned i = 63; i >= 32; i--) {
i64 carry = 0;
FOR (j, i-32, i-12) {
x[j] += carry - 16 * x[i] * L[j - (i - 32)];
carry = (x[j] + 128) >> 8;
- x[j] -= carry << 8;
+ x[j] -= (u64)carry << 8;
}
x[i-12] += carry;
x[i] = 0;
}
i64 carry = 0;
- FOR(j, 0, 32) {
- x[j] += carry - (x[31] >> 4) * L[j];
- carry = x[j] >> 8;
- x[j] &= 255;
+ FOR(i, 0, 32) {
+ x[i] += carry - (x[31] >> 4) * L[i];
+ carry = x[i] >> 8;
+ x[i] &= 255;
}
- FOR(j, 0, 32) { x[j] -= carry * L[j]; }
+ FOR(i, 0, 32) { x[i] -= carry * L[i]; }
FOR(i, 0, 32) {
x[i+1] += x[i] >> 8;
r[i ] = x[i] & 255;
projects / Monocypher.git / commitdiff