Lines Matching full:state
52 void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]);
54 void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in,
57 void CRYPTO_poly1305_finish_neon(poly1305_state *state, uint8_t mac[16]);
71 /* poly1305_blocks updates |state| given some amount of input data. This
74 static void poly1305_update(struct poly1305_state_st *state, const uint8_t *in, in poly1305_update() argument
96 state->h0 += t0 & 0x3ffffff; in poly1305_update()
97 state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; in poly1305_update()
98 state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; in poly1305_update()
99 state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; in poly1305_update()
100 state->h4 += (t3 >> 8) | (1 << 24); in poly1305_update()
103 t[0] = mul32x32_64(state->h0, state->r0) + mul32x32_64(state->h1, state->s4) + in poly1305_update()
104 mul32x32_64(state->h2, state->s3) + mul32x32_64(state->h3, state->s2) + in poly1305_update()
105 mul32x32_64(state->h4, state->s1); in poly1305_update()
106 t[1] = mul32x32_64(state->h0, state->r1) + mul32x32_64(state->h1, state->r0) + in poly1305_update()
107 mul32x32_64(state->h2, state->s4) + mul32x32_64(state->h3, state->s3) + in poly1305_update()
108 mul32x32_64(state->h4, state->s2); in poly1305_update()
109 t[2] = mul32x32_64(state->h0, state->r2) + mul32x32_64(state->h1, state->r1) + in poly1305_update()
110 mul32x32_64(state->h2, state->r0) + mul32x32_64(state->h3, state->s4) + in poly1305_update()
111 mul32x32_64(state->h4, state->s3); in poly1305_update()
112 t[3] = mul32x32_64(state->h0, state->r3) + mul32x32_64(state->h1, state->r2) + in poly1305_update()
113 mul32x32_64(state->h2, state->r1) + mul32x32_64(state->h3, state->r0) + in poly1305_update()
114 mul32x32_64(state->h4, state->s4); in poly1305_update()
115 t[4] = mul32x32_64(state->h0, state->r4) + mul32x32_64(state->h1, state->r3) + in poly1305_update()
116 mul32x32_64(state->h2, state->r2) + mul32x32_64(state->h3, state->r1) + in poly1305_update()
117 mul32x32_64(state->h4, state->r0); in poly1305_update()
119 state->h0 = (uint32_t)t[0] & 0x3ffffff; in poly1305_update()
122 state->h1 = (uint32_t)t[1] & 0x3ffffff; in poly1305_update()
125 state->h2 = (uint32_t)t[2] & 0x3ffffff; in poly1305_update()
128 state->h3 = (uint32_t)t[3] & 0x3ffffff; in poly1305_update()
131 state->h4 = (uint32_t)t[4] & 0x3ffffff; in poly1305_update()
133 state->h0 += b * 5; in poly1305_update()
159 state->h0 += t0 & 0x3ffffff; in poly1305_update()
160 state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; in poly1305_update()
161 state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; in poly1305_update()
162 state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; in poly1305_update()
163 state->h4 += (t3 >> 8); in poly1305_update()
169 struct poly1305_state_st *state = (struct poly1305_state_st *)statep; in CRYPTO_poly1305_init() local
185 state->r0 = t0 & 0x3ffffff; in CRYPTO_poly1305_init()
188 state->r1 = t0 & 0x3ffff03; in CRYPTO_poly1305_init()
191 state->r2 = t1 & 0x3ffc0ff; in CRYPTO_poly1305_init()
194 state->r3 = t2 & 0x3f03fff; in CRYPTO_poly1305_init()
196 state->r4 = t3 & 0x00fffff; in CRYPTO_poly1305_init()
198 state->s1 = state->r1 * 5; in CRYPTO_poly1305_init()
199 state->s2 = state->r2 * 5; in CRYPTO_poly1305_init()
200 state->s3 = state->r3 * 5; in CRYPTO_poly1305_init()
201 state->s4 = state->r4 * 5; in CRYPTO_poly1305_init()
203 /* init state */ in CRYPTO_poly1305_init()
204 state->h0 = 0; in CRYPTO_poly1305_init()
205 state->h1 = 0; in CRYPTO_poly1305_init()
206 state->h2 = 0; in CRYPTO_poly1305_init()
207 state->h3 = 0; in CRYPTO_poly1305_init()
208 state->h4 = 0; in CRYPTO_poly1305_init()
210 state->buf_used = 0; in CRYPTO_poly1305_init()
211 memcpy(state->key, key + 16, sizeof(state->key)); in CRYPTO_poly1305_init()
217 struct poly1305_state_st *state = (struct poly1305_state_st *)statep; in CRYPTO_poly1305_update() local
226 if (state->buf_used) { in CRYPTO_poly1305_update()
227 unsigned int todo = 16 - state->buf_used; in CRYPTO_poly1305_update()
232 state->buf[state->buf_used + i] = in[i]; in CRYPTO_poly1305_update()
234 state->buf_used += todo; in CRYPTO_poly1305_update()
238 if (state->buf_used == 16) { in CRYPTO_poly1305_update()
239 poly1305_update(state, state->buf, 16); in CRYPTO_poly1305_update()
240 state->buf_used = 0; in CRYPTO_poly1305_update()
246 poly1305_update(state, in, todo); in CRYPTO_poly1305_update()
253 state->buf[i] = in[i]; in CRYPTO_poly1305_update()
255 state->buf_used = in_len; in CRYPTO_poly1305_update()
260 struct poly1305_state_st *state = (struct poly1305_state_st *)statep; in CRYPTO_poly1305_finish() local
272 if (state->buf_used) { in CRYPTO_poly1305_finish()
273 poly1305_update(state, state->buf, state->buf_used); in CRYPTO_poly1305_finish()
276 b = state->h0 >> 26; in CRYPTO_poly1305_finish()
277 state->h0 = state->h0 & 0x3ffffff; in CRYPTO_poly1305_finish()
278 state->h1 += b; in CRYPTO_poly1305_finish()
279 b = state->h1 >> 26; in CRYPTO_poly1305_finish()
280 state->h1 = state->h1 & 0x3ffffff; in CRYPTO_poly1305_finish()
281 state->h2 += b; in CRYPTO_poly1305_finish()
282 b = state->h2 >> 26; in CRYPTO_poly1305_finish()
283 state->h2 = state->h2 & 0x3ffffff; in CRYPTO_poly1305_finish()
284 state->h3 += b; in CRYPTO_poly1305_finish()
285 b = state->h3 >> 26; in CRYPTO_poly1305_finish()
286 state->h3 = state->h3 & 0x3ffffff; in CRYPTO_poly1305_finish()
287 state->h4 += b; in CRYPTO_poly1305_finish()
288 b = state->h4 >> 26; in CRYPTO_poly1305_finish()
289 state->h4 = state->h4 & 0x3ffffff; in CRYPTO_poly1305_finish()
290 state->h0 += b * 5; in CRYPTO_poly1305_finish()
292 g0 = state->h0 + 5; in CRYPTO_poly1305_finish()
295 g1 = state->h1 + b; in CRYPTO_poly1305_finish()
298 g2 = state->h2 + b; in CRYPTO_poly1305_finish()
301 g3 = state->h3 + b; in CRYPTO_poly1305_finish()
304 g4 = state->h4 + b - (1 << 26); in CRYPTO_poly1305_finish()
308 state->h0 = (state->h0 & nb) | (g0 & b); in CRYPTO_poly1305_finish()
309 state->h1 = (state->h1 & nb) | (g1 & b); in CRYPTO_poly1305_finish()
310 state->h2 = (state->h2 & nb) | (g2 & b); in CRYPTO_poly1305_finish()
311 state->h3 = (state->h3 & nb) | (g3 & b); in CRYPTO_poly1305_finish()
312 state->h4 = (state->h4 & nb) | (g4 & b); in CRYPTO_poly1305_finish()
314 f0 = ((state->h0) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]); in CRYPTO_poly1305_finish()
315 f1 = ((state->h1 >> 6) | (state->h2 << 20)) + in CRYPTO_poly1305_finish()
316 (uint64_t)U8TO32_LE(&state->key[4]); in CRYPTO_poly1305_finish()
317 f2 = ((state->h2 >> 12) | (state->h3 << 14)) + in CRYPTO_poly1305_finish()
318 (uint64_t)U8TO32_LE(&state->key[8]); in CRYPTO_poly1305_finish()
319 f3 = ((state->h3 >> 18) | (state->h4 << 8)) + in CRYPTO_poly1305_finish()
320 (uint64_t)U8TO32_LE(&state->key[12]); in CRYPTO_poly1305_finish()