Lines Matching refs:i
220 unsigned i; in felem_sum() local
222 for (i = 0;; i++) { in felem_sum()
223 out[i] = in[i] + in2[i]; in felem_sum()
224 out[i] += carry; in felem_sum()
225 carry = out[i] >> 29; in felem_sum()
226 out[i] &= kBottom29Bits; in felem_sum()
228 i++; in felem_sum()
229 if (i == NLIMBS) in felem_sum()
232 out[i] = in[i] + in2[i]; in felem_sum()
233 out[i] += carry; in felem_sum()
234 carry = out[i] >> 28; in felem_sum()
235 out[i] &= kBottom28Bits; in felem_sum()
258 unsigned i; in felem_diff() local
260 for (i = 0;; i++) { in felem_diff()
261 out[i] = in[i] - in2[i]; in felem_diff()
262 out[i] += zero31[i]; in felem_diff()
263 out[i] += carry; in felem_diff()
264 carry = out[i] >> 29; in felem_diff()
265 out[i] &= kBottom29Bits; in felem_diff()
267 i++; in felem_diff()
268 if (i == NLIMBS) in felem_diff()
271 out[i] = in[i] - in2[i]; in felem_diff()
272 out[i] += zero31[i]; in felem_diff()
273 out[i] += carry; in felem_diff()
274 carry = out[i] >> 28; in felem_diff()
275 out[i] &= kBottom28Bits; in felem_diff()
299 unsigned i; in felem_reduce_degree() local
317 for (i = 2; i < 17; i++) { in felem_reduce_degree()
318 tmp2[i] = ((limb)(tmp[i - 2] >> 32)) >> 25; in felem_reduce_degree()
319 tmp2[i] += ((limb)(tmp[i - 1])) >> 28; in felem_reduce_degree()
320 tmp2[i] += (((limb)(tmp[i - 1] >> 32)) << 4) & kBottom29Bits; in felem_reduce_degree()
321 tmp2[i] += ((limb) tmp[i]) & kBottom29Bits; in felem_reduce_degree()
322 tmp2[i] += carry; in felem_reduce_degree()
323 carry = tmp2[i] >> 29; in felem_reduce_degree()
324 tmp2[i] &= kBottom29Bits; in felem_reduce_degree()
326 i++; in felem_reduce_degree()
327 if (i == 17) in felem_reduce_degree()
329 tmp2[i] = ((limb)(tmp[i - 2] >> 32)) >> 25; in felem_reduce_degree()
330 tmp2[i] += ((limb)(tmp[i - 1])) >> 29; in felem_reduce_degree()
331 tmp2[i] += (((limb)(tmp[i - 1] >> 32)) << 3) & kBottom28Bits; in felem_reduce_degree()
332 tmp2[i] += ((limb) tmp[i]) & kBottom28Bits; in felem_reduce_degree()
333 tmp2[i] += carry; in felem_reduce_degree()
334 carry = tmp2[i] >> 28; in felem_reduce_degree()
335 tmp2[i] &= kBottom28Bits; in felem_reduce_degree()
353 for (i = 0;; i += 2) { in felem_reduce_degree()
354 tmp2[i + 1] += tmp2[i] >> 29; in felem_reduce_degree()
355 x = tmp2[i] & kBottom29Bits; in felem_reduce_degree()
357 tmp2[i] = 0; in felem_reduce_degree()
402 tmp2[i + 3] += (x << 10) & kBottom28Bits; in felem_reduce_degree()
403 tmp2[i + 4] += (x >> 18); in felem_reduce_degree()
405 tmp2[i + 6] += (x << 21) & kBottom29Bits; in felem_reduce_degree()
406 tmp2[i + 7] += x >> 8; in felem_reduce_degree()
410 tmp2[i + 7] += 0x10000000 & xMask; in felem_reduce_degree()
412 tmp2[i + 8] += (x - 1) & xMask; in felem_reduce_degree()
413 tmp2[i + 7] -= (x << 24) & kBottom28Bits; in felem_reduce_degree()
414 tmp2[i + 8] -= x >> 4; in felem_reduce_degree()
416 tmp2[i + 8] += 0x20000000 & xMask; in felem_reduce_degree()
417 tmp2[i + 8] -= x; in felem_reduce_degree()
418 tmp2[i + 8] += (x << 28) & kBottom29Bits; in felem_reduce_degree()
419 tmp2[i + 9] += ((x >> 1) - 1) & xMask; in felem_reduce_degree()
421 if (i+1 == NLIMBS) in felem_reduce_degree()
423 tmp2[i + 2] += tmp2[i + 1] >> 28; in felem_reduce_degree()
424 x = tmp2[i + 1] & kBottom28Bits; in felem_reduce_degree()
426 tmp2[i + 1] = 0; in felem_reduce_degree()
428 tmp2[i + 4] += (x << 11) & kBottom29Bits; in felem_reduce_degree()
429 tmp2[i + 5] += (x >> 18); in felem_reduce_degree()
431 tmp2[i + 7] += (x << 21) & kBottom28Bits; in felem_reduce_degree()
432 tmp2[i + 8] += x >> 7; in felem_reduce_degree()
438 tmp2[i + 8] += 0x20000000 & xMask; in felem_reduce_degree()
439 tmp2[i + 9] += (x - 1) & xMask; in felem_reduce_degree()
440 tmp2[i + 8] -= (x << 25) & kBottom29Bits; in felem_reduce_degree()
441 tmp2[i + 9] -= x >> 4; in felem_reduce_degree()
443 tmp2[i + 9] += 0x10000000 & xMask; in felem_reduce_degree()
444 tmp2[i + 9] -= x; in felem_reduce_degree()
445 tmp2[i + 10] += (x - 1) & xMask; in felem_reduce_degree()
451 for (i = 0; i < 8; i++) { in felem_reduce_degree()
455 out[i] = tmp2[i + 9]; in felem_reduce_degree()
456 out[i] += carry; in felem_reduce_degree()
457 out[i] += (tmp2[i + 10] << 28) & kBottom29Bits; in felem_reduce_degree()
458 carry = out[i] >> 29; in felem_reduce_degree()
459 out[i] &= kBottom29Bits; in felem_reduce_degree()
461 i++; in felem_reduce_degree()
462 out[i] = tmp2[i + 9] >> 1; in felem_reduce_degree()
463 out[i] += carry; in felem_reduce_degree()
464 carry = out[i] >> 28; in felem_reduce_degree()
465 out[i] &= kBottom28Bits; in felem_reduce_degree()
613 unsigned i; in felem_inv() local
628 for (i = 0; i < 8; i++) { in felem_inv()
633 for (i = 0; i < 16; i++) { in felem_inv()
638 for (i = 0; i < 32; i++) { in felem_inv()
643 for (i = 0; i < 192; i++) { in felem_inv()
648 for (i = 0; i < 16; i++) { in felem_inv()
652 for (i = 0; i < 8; i++) { in felem_inv()
656 for (i = 0; i < 4; i++) { in felem_inv()
676 unsigned i; in felem_scalar_3() local
678 for (i = 0;; i++) { in felem_scalar_3()
679 out[i] *= 3; in felem_scalar_3()
680 out[i] += carry; in felem_scalar_3()
681 carry = out[i] >> 29; in felem_scalar_3()
682 out[i] &= kBottom29Bits; in felem_scalar_3()
684 i++; in felem_scalar_3()
685 if (i == NLIMBS) in felem_scalar_3()
688 out[i] *= 3; in felem_scalar_3()
689 out[i] += carry; in felem_scalar_3()
690 carry = out[i] >> 28; in felem_scalar_3()
691 out[i] &= kBottom28Bits; in felem_scalar_3()
703 unsigned i; in felem_scalar_4() local
705 for (i = 0;; i++) { in felem_scalar_4()
706 next_carry = out[i] >> 27; in felem_scalar_4()
707 out[i] <<= 2; in felem_scalar_4()
708 out[i] &= kBottom29Bits; in felem_scalar_4()
709 out[i] += carry; in felem_scalar_4()
710 carry = next_carry + (out[i] >> 29); in felem_scalar_4()
711 out[i] &= kBottom29Bits; in felem_scalar_4()
713 i++; in felem_scalar_4()
714 if (i == NLIMBS) in felem_scalar_4()
717 next_carry = out[i] >> 26; in felem_scalar_4()
718 out[i] <<= 2; in felem_scalar_4()
719 out[i] &= kBottom28Bits; in felem_scalar_4()
720 out[i] += carry; in felem_scalar_4()
721 carry = next_carry + (out[i] >> 28); in felem_scalar_4()
722 out[i] &= kBottom28Bits; in felem_scalar_4()
734 unsigned i; in felem_scalar_8() local
736 for (i = 0;; i++) { in felem_scalar_8()
737 next_carry = out[i] >> 26; in felem_scalar_8()
738 out[i] <<= 3; in felem_scalar_8()
739 out[i] &= kBottom29Bits; in felem_scalar_8()
740 out[i] += carry; in felem_scalar_8()
741 carry = next_carry + (out[i] >> 29); in felem_scalar_8()
742 out[i] &= kBottom29Bits; in felem_scalar_8()
744 i++; in felem_scalar_8()
745 if (i == NLIMBS) in felem_scalar_8()
748 next_carry = out[i] >> 25; in felem_scalar_8()
749 out[i] <<= 3; in felem_scalar_8()
750 out[i] &= kBottom28Bits; in felem_scalar_8()
751 out[i] += carry; in felem_scalar_8()
752 carry = next_carry + (out[i] >> 28); in felem_scalar_8()
753 out[i] &= kBottom28Bits; in felem_scalar_8()
763 int i; in felem_is_zero_vartime() local
771 for (i = 0;; i++) { in felem_is_zero_vartime()
772 tmp[i] += carry; in felem_is_zero_vartime()
773 carry = tmp[i] >> 29; in felem_is_zero_vartime()
774 tmp[i] &= kBottom29Bits; in felem_is_zero_vartime()
776 i++; in felem_is_zero_vartime()
777 if (i == NLIMBS) in felem_is_zero_vartime()
780 tmp[i] += carry; in felem_is_zero_vartime()
781 carry = tmp[i] >> 28; in felem_is_zero_vartime()
782 tmp[i] &= kBottom28Bits; in felem_is_zero_vartime()
844 felem z1z1, z1z1z1, s2, u2, h, i, j, r, rr, v, tmp; in point_add_mixed() local
853 felem_sum(i, h, h); in point_add_mixed()
854 felem_square(i, i); in point_add_mixed()
855 felem_mul(j, h, i); in point_add_mixed()
858 felem_mul(v, x1, i); in point_add_mixed()
882 felem z1z1, z1z1z1, z2z2, z2z2z2, s1, s2, u1, u2, h, i, j, r, rr, v, tmp; in point_add() local
900 felem_sum(i, h, h); in point_add()
901 felem_square(i, i); in point_add()
902 felem_mul(j, h, i); in point_add()
905 felem_mul(v, u1, i); in point_add()
929 felem z1z1, z1z1z1, z2z2, z2z2z2, s1, s2, u1, u2, h, i, j, r, rr, v, tmp; in point_add_or_double_vartime() local
949 felem_sum(i, h, h); in point_add_or_double_vartime()
950 felem_square(i, i); in point_add_or_double_vartime()
951 felem_mul(j, h, i); in point_add_or_double_vartime()
959 felem_mul(v, u1, i); in point_add_or_double_vartime()
978 int i; in copy_conditional() local
980 for (i = 0; i < NLIMBS; i++) { in copy_conditional()
981 const limb tmp = mask & (in[i] ^ out[i]); in copy_conditional()
982 out[i] ^= tmp; in copy_conditional()
990 limb i, j; in select_affine_point() local
995 for (i = 1; i < 16; i++) { in select_affine_point()
996 limb mask = i ^ index; in select_affine_point()
1014 limb i, j; in select_jacobian_point() local
1025 for (i = 1; i < 16; i++) { in select_jacobian_point()
1026 limb mask = i ^ index; in select_jacobian_point()
1048 int i, j; in scalar_base_mult() local
1061 for (i = 0; i < 32; i++) { in scalar_base_mult()
1062 if (i) { in scalar_base_mult()
1067 char bit0 = p256_get_bit(scalar, 31 - i + j); in scalar_base_mult()
1068 char bit1 = p256_get_bit(scalar, 95 - i + j); in scalar_base_mult()
1069 char bit2 = p256_get_bit(scalar, 159 - i + j); in scalar_base_mult()
1070 char bit3 = p256_get_bit(scalar, 223 - i + j); in scalar_base_mult()
1116 int i; in scalar_mult() local
1127 for (i = 2; i < 16; i += 2) { in scalar_mult()
1128 point_double(precomp[i][0], precomp[i][1], precomp[i][2], in scalar_mult()
1129 precomp[i / 2][0], precomp[i / 2][1], precomp[i / 2][2]); in scalar_mult()
1131 point_add_mixed(precomp[i + 1][0], precomp[i + 1][1], precomp[i + 1][2], in scalar_mult()
1132 precomp[i][0], precomp[i][1], precomp[i][2], x, y); in scalar_mult()
1141 for (i = 0; i < 256; i += 4) { in scalar_mult()
1142 if (i) { in scalar_mult()
1149 index = (p256_get_bit(scalar, 255 - i - 0) << 3) | in scalar_mult()
1150 (p256_get_bit(scalar, 255 - i - 1) << 2) | in scalar_mult()
1151 (p256_get_bit(scalar, 255 - i - 2) << 1) | in scalar_mult()
1152 p256_get_bit(scalar, 255 - i - 3); in scalar_mult()
1181 int i; in to_montgomery() local
1186 for (i = 0; i < NLIMBS; i++) { in to_montgomery()
1187 if ((i & 1) == 0) { in to_montgomery()
1188 out[i] = P256_DIGIT(&in_shifted, 0) & kBottom29Bits; in to_montgomery()
1191 out[i] = P256_DIGIT(&in_shifted, 0) & kBottom28Bits; in to_montgomery()
1202 int i, top; in from_montgomery() local
1208 for (i = NLIMBS - 2; i >= 0; i--) { in from_montgomery()
1209 if ((i & 1) == 0) { in from_montgomery()
1214 top |= p256_add_d(&tmp, in[i], &result); in from_montgomery()