Lines Matching refs:state

54     poly1305_state *state) {  in poly1305_aligned_state()  argument
55 return (struct poly1305_state_st *)(((uintptr_t)state + 63) & ~63); in poly1305_aligned_state()
61 static void poly1305_update(struct poly1305_state_st *state, const uint8_t *in, in poly1305_update() argument
83 state->h0 += t0 & 0x3ffffff; in poly1305_update()
84 state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; in poly1305_update()
85 state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; in poly1305_update()
86 state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; in poly1305_update()
87 state->h4 += (t3 >> 8) | (1 << 24); in poly1305_update()
90 t[0] = mul32x32_64(state->h0, state->r0) + mul32x32_64(state->h1, state->s4) + in poly1305_update()
91 mul32x32_64(state->h2, state->s3) + mul32x32_64(state->h3, state->s2) + in poly1305_update()
92 mul32x32_64(state->h4, state->s1); in poly1305_update()
93 t[1] = mul32x32_64(state->h0, state->r1) + mul32x32_64(state->h1, state->r0) + in poly1305_update()
94 mul32x32_64(state->h2, state->s4) + mul32x32_64(state->h3, state->s3) + in poly1305_update()
95 mul32x32_64(state->h4, state->s2); in poly1305_update()
96 t[2] = mul32x32_64(state->h0, state->r2) + mul32x32_64(state->h1, state->r1) + in poly1305_update()
97 mul32x32_64(state->h2, state->r0) + mul32x32_64(state->h3, state->s4) + in poly1305_update()
98 mul32x32_64(state->h4, state->s3); in poly1305_update()
99 t[3] = mul32x32_64(state->h0, state->r3) + mul32x32_64(state->h1, state->r2) + in poly1305_update()
100 mul32x32_64(state->h2, state->r1) + mul32x32_64(state->h3, state->r0) + in poly1305_update()
101 mul32x32_64(state->h4, state->s4); in poly1305_update()
102 t[4] = mul32x32_64(state->h0, state->r4) + mul32x32_64(state->h1, state->r3) + in poly1305_update()
103 mul32x32_64(state->h2, state->r2) + mul32x32_64(state->h3, state->r1) + in poly1305_update()
104 mul32x32_64(state->h4, state->r0); in poly1305_update()
106 state->h0 = (uint32_t)t[0] & 0x3ffffff; in poly1305_update()
109 state->h1 = (uint32_t)t[1] & 0x3ffffff; in poly1305_update()
112 state->h2 = (uint32_t)t[2] & 0x3ffffff; in poly1305_update()
115 state->h3 = (uint32_t)t[3] & 0x3ffffff; in poly1305_update()
118 state->h4 = (uint32_t)t[4] & 0x3ffffff; in poly1305_update()
120 state->h0 += b * 5; in poly1305_update()
146 state->h0 += t0 & 0x3ffffff; in poly1305_update()
147 state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; in poly1305_update()
148 state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; in poly1305_update()
149 state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; in poly1305_update()
150 state->h4 += (t3 >> 8); in poly1305_update()
156 struct poly1305_state_st *state = poly1305_aligned_state(statep); in CRYPTO_poly1305_init() local
172 state->r0 = t0 & 0x3ffffff; in CRYPTO_poly1305_init()
175 state->r1 = t0 & 0x3ffff03; in CRYPTO_poly1305_init()
178 state->r2 = t1 & 0x3ffc0ff; in CRYPTO_poly1305_init()
181 state->r3 = t2 & 0x3f03fff; in CRYPTO_poly1305_init()
183 state->r4 = t3 & 0x00fffff; in CRYPTO_poly1305_init()
185 state->s1 = state->r1 * 5; in CRYPTO_poly1305_init()
186 state->s2 = state->r2 * 5; in CRYPTO_poly1305_init()
187 state->s3 = state->r3 * 5; in CRYPTO_poly1305_init()
188 state->s4 = state->r4 * 5; in CRYPTO_poly1305_init()
191 state->h0 = 0; in CRYPTO_poly1305_init()
192 state->h1 = 0; in CRYPTO_poly1305_init()
193 state->h2 = 0; in CRYPTO_poly1305_init()
194 state->h3 = 0; in CRYPTO_poly1305_init()
195 state->h4 = 0; in CRYPTO_poly1305_init()
197 state->buf_used = 0; in CRYPTO_poly1305_init()
198 OPENSSL_memcpy(state->key, key + 16, sizeof(state->key)); in CRYPTO_poly1305_init()
204 struct poly1305_state_st *state = poly1305_aligned_state(statep); in CRYPTO_poly1305_update() local
213 if (state->buf_used) { in CRYPTO_poly1305_update()
214 unsigned todo = 16 - state->buf_used; in CRYPTO_poly1305_update()
219 state->buf[state->buf_used + i] = in[i]; in CRYPTO_poly1305_update()
221 state->buf_used += todo; in CRYPTO_poly1305_update()
225 if (state->buf_used == 16) { in CRYPTO_poly1305_update()
226 poly1305_update(state, state->buf, 16); in CRYPTO_poly1305_update()
227 state->buf_used = 0; in CRYPTO_poly1305_update()
233 poly1305_update(state, in, todo); in CRYPTO_poly1305_update()
240 state->buf[i] = in[i]; in CRYPTO_poly1305_update()
242 state->buf_used = (unsigned)in_len; in CRYPTO_poly1305_update()
247 struct poly1305_state_st *state = poly1305_aligned_state(statep); in CRYPTO_poly1305_finish() local
259 if (state->buf_used) { in CRYPTO_poly1305_finish()
260 poly1305_update(state, state->buf, state->buf_used); in CRYPTO_poly1305_finish()
263 b = state->h0 >> 26; in CRYPTO_poly1305_finish()
264 state->h0 = state->h0 & 0x3ffffff; in CRYPTO_poly1305_finish()
265 state->h1 += b; in CRYPTO_poly1305_finish()
266 b = state->h1 >> 26; in CRYPTO_poly1305_finish()
267 state->h1 = state->h1 & 0x3ffffff; in CRYPTO_poly1305_finish()
268 state->h2 += b; in CRYPTO_poly1305_finish()
269 b = state->h2 >> 26; in CRYPTO_poly1305_finish()
270 state->h2 = state->h2 & 0x3ffffff; in CRYPTO_poly1305_finish()
271 state->h3 += b; in CRYPTO_poly1305_finish()
272 b = state->h3 >> 26; in CRYPTO_poly1305_finish()
273 state->h3 = state->h3 & 0x3ffffff; in CRYPTO_poly1305_finish()
274 state->h4 += b; in CRYPTO_poly1305_finish()
275 b = state->h4 >> 26; in CRYPTO_poly1305_finish()
276 state->h4 = state->h4 & 0x3ffffff; in CRYPTO_poly1305_finish()
277 state->h0 += b * 5; in CRYPTO_poly1305_finish()
279 g0 = state->h0 + 5; in CRYPTO_poly1305_finish()
282 g1 = state->h1 + b; in CRYPTO_poly1305_finish()
285 g2 = state->h2 + b; in CRYPTO_poly1305_finish()
288 g3 = state->h3 + b; in CRYPTO_poly1305_finish()
291 g4 = state->h4 + b - (1 << 26); in CRYPTO_poly1305_finish()
295 state->h0 = (state->h0 & nb) | (g0 & b); in CRYPTO_poly1305_finish()
296 state->h1 = (state->h1 & nb) | (g1 & b); in CRYPTO_poly1305_finish()
297 state->h2 = (state->h2 & nb) | (g2 & b); in CRYPTO_poly1305_finish()
298 state->h3 = (state->h3 & nb) | (g3 & b); in CRYPTO_poly1305_finish()
299 state->h4 = (state->h4 & nb) | (g4 & b); in CRYPTO_poly1305_finish()
301 f0 = ((state->h0) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]); in CRYPTO_poly1305_finish()
302 f1 = ((state->h1 >> 6) | (state->h2 << 20)) + in CRYPTO_poly1305_finish()
303 (uint64_t)U8TO32_LE(&state->key[4]); in CRYPTO_poly1305_finish()
304 f2 = ((state->h2 >> 12) | (state->h3 << 14)) + in CRYPTO_poly1305_finish()
305 (uint64_t)U8TO32_LE(&state->key[8]); in CRYPTO_poly1305_finish()
306 f3 = ((state->h3 >> 18) | (state->h4 << 8)) + in CRYPTO_poly1305_finish()
307 (uint64_t)U8TO32_LE(&state->key[12]); in CRYPTO_poly1305_finish()