170 #define add(c1, c0, a, b)        \  argument
175         _t = a + b;              \
176         c1 = (uint32_t)(_t < a); \
181 #define add_cout(carry, c, a, b) add((carry), (c), (a), (b))  argument
183 #define add_cout_cin(carryout, c, a, b, carryin)       \  argument
186         uint64_t _t = (uint64_t)(a) + (b) + (carryin); \
191 #define sub_borrowout(borrow, c, a, b)       \  argument
194         uint32_t _b = (uint32_t)((b) > (a)); \
195         (c)         = (a) - (b);             \
199 #define sub_borrowin_borrowout(borrowout, c, a, b, borrowin) \  argument
203         sub_borrowout(_borrow1, _t, (a), (b));               \
208 #define sub_borrowout_1(borrow, c, a) \  argument
212         c           = a - b;          \
216 #define sub_borrowin_borrowout_1(borrowout, c, a, borrowin) \  argument
220         sub_borrowout_1(_borrow1, _t, a);                   \
228 #define mul(c1, c0, a, b)                      \  argument
233         __m = (uint64_t)a * (uint64_t)b;       \
242 #define muladd(c1, c0, a, b)   \  argument
247         mul(c1, c0, a, b);     \
256 #define muladdadd(c1, c0, a, b)            \  argument
261         mul(c1, c0, a, b);                 \
269 #define square_casper(c, a) multiply_casper(c, a, a)  argument
270 #define sub_casper(c, a, b) CASPER_montsub(c, a, b, &CASPER_MEM[(N_wordlen + 4U)])  argument
271 #define add_casper(c, a, b) CASPER_montadd(c, a, b, &CASPER_MEM[(N_wordlen + 4U)])  argument
272 #define mul2_casper(c, a)   add_casper(c, a, a)  argument
273 #define half(c, a, b)       CASPER_half(c, a, b)  argument
402 static void invert_mod_p384(uint32_t *c, uint32_t *a);
405 static void invert_mod_p256(uint32_t *c, uint32_t *a);
408 static void invert_mod_p521(uint32_t *c, uint32_t *a);
419 static void CASPER_half(uint32_t *c, uint32_t *a, uint32_t *b);
423 static void multiply_casper(uint32_t w_out[], const uint32_t a[], const uint32_t b[]);
431 static void casper_select(uint32_t *c, uint32_t *a, uint32_t *b, int m, int n);
434 static uint32_t add_n_1(uint32_t *c, uint32_t *a, uint32_t b, int n);
438 static uint32_t add_n(uint32_t *c, uint32_t *a, uint32_t *b, int n);
441 static uint32_t sub_n_1(uint32_t *c, uint32_t *a, uint32_t b, int n);
445 static uint32_t sub_n(uint32_t *c, uint32_t *a, uint32_t *b, int n);
463 …unsigned w_out[], const unsigned a[], const unsigned b[], const unsigned Nmod[], const unsigned *N…
467 …uint32_t w_out[], const uint32_t a[], const uint32_t b[], const uint32_t Nmod[], const uint32_t *N…
470 …uint32_t w_out[], const uint32_t a[], const uint32_t b[], const uint32_t Nmod[], const uint32_t *N…
567 static void casper_select(uint32_t *c, uint32_t *a, uint32_t *b, int m, int n)  in casper_select()  argument
574         SET_WORD(&c[i], (GET_WORD(&a[i]) & m2) | (GET_WORD(&b[i]) & m1));  in casper_select()
830 …unsigned w_out[], const unsigned a[], const unsigned b[], const unsigned Nmod[], const unsigned *N…  in MultprecCiosMul()  argument
841     a64 = (uint64_t *)(uintptr_t)a;  in MultprecCiosMul()
846     if (a != NULL)  in MultprecCiosMul()
859         if (a != NULL)  in MultprecCiosMul()
1123 …uint8_t a[((CASPER_MAX_ECC_SIZE_WORDLEN + 4U) - CASPER_MAX_ECC_SIZE_WORDLEN) * sizeof(uint32_t)] =…  in CASPER_ecc_init()  local
1124 …CASPER_MEMCPY(&CASPER_MEM[(N_wordlen + 4U) + N_wordlen], a, ((N_wordlen + 4U) - N_wordlen) * sizeo…  in CASPER_ecc_init()
1129     uint32_t a[CASPER_MAX_ECC_SIZE_WORDLEN] = {0};  in CASPER_ECC_equal()  local
1132     CASPER_MEMCPY(a, op1, N_wordlen * sizeof(uint32_t));  in CASPER_ECC_equal()
1138         c = (a[0] ^ b[0]);  in CASPER_ECC_equal()
1141             c |= (a[_i] ^ b[_i]);  in CASPER_ECC_equal()
1150     uint32_t a[CASPER_MAX_ECC_SIZE_WORDLEN] = {0};  in CASPER_ECC_equal_to_zero()  local
1152     CASPER_MEMCPY(a, op1, N_wordlen * sizeof(uint32_t));  in CASPER_ECC_equal_to_zero()
1157         c = a[0];  in CASPER_ECC_equal_to_zero()
1160             c |= a[_i];  in CASPER_ECC_equal_to_zero()
1621 …uint32_t w_out[], const uint32_t a[], const uint32_t b[], const uint32_t Nmod[], const uint32_t *N…  in MultprecCiosMul_ct()  argument
1632     a64 = (uint64_t *)(uintptr_t)a;  in MultprecCiosMul_ct()
1637     if (a != NULL)  in MultprecCiosMul_ct()
1650         if (a != NULL)  in MultprecCiosMul_ct()
1770 static void CASPER_half(uint32_t *c, uint32_t *a, uint32_t *b)  in CASPER_half()  argument
1772     shiftright(b, a, 1U); /* Compute a/2 and (a+p)/2       */  in CASPER_half()
1775     CASPER_MEMCPY(c, a, N_wordlen * sizeof(uint32_t));  in CASPER_half()
1787 … casper_select(c, b, c, (int32_t)(uint32_t)(GET_WORD(&a[0]) & 1U), (int16_t)(uint16_t)(N_wordlen));  in CASPER_half()
1905 static void multiply_casper(uint32_t w_out[], const uint32_t a[], const uint32_t b[])  in multiply_casper()  argument
1912         MultprecCiosMul_ct(w_out, a, b, &CASPER_MEM[(N_wordlen + 4U)], Np);  in multiply_casper()
1917         MultprecCiosMul_ct(w_out, a, b, &CASPER_MEM[(N_wordlen + 4U)], Np);  in multiply_casper()
1923         MultprecCiosMul521_ct(w_out, a, b, &CASPER_MEM[(N_wordlen + 4U)], Np);  in multiply_casper()
2203 static uint32_t sub_n(uint32_t *c, uint32_t *a, uint32_t *b, int n)  in sub_n()  argument
2207     sub_borrowout(borrow, GET_WORD(&c[0]), a[0], GET_WORD(&b[0]));  in sub_n()
2210         sub_borrowin_borrowout(borrow, GET_WORD(&c[i]), a[i], GET_WORD(&b[i]), borrow);  in sub_n()
2217 static uint32_t sub_n_1(uint32_t *c, uint32_t *a, uint32_t b, int n) {
2220   sub_borrowout(borrow, c[0], a[0], b);
2222     sub_borrowin_borrowout_1(borrow, c[i], a[i], borrow);
2228 static uint32_t add_n(uint32_t *c, uint32_t *a, uint32_t *b, int n) {
2231   add_cout(carry, c[0], a[0], b[0]);
2233     add_cout_cin(carry, c[i], a[i], b[i], carry);
2240 static uint32_t add_n_1(uint32_t *c, uint32_t *a, uint32_t b, int n)  in add_n_1()  argument
2244     add_cout(carry, c[0], a[0], b);  in add_n_1()
2247         add_cout_cin(carry, c[i], a[i], 0U, carry);  in add_n_1()
2809 static void invert_mod_p256(uint32_t *c, uint32_t *a)  in invert_mod_p256()  argument
2838     square_casper(tmp, a);  in invert_mod_p256()
2839     multiply_casper(t2, tmp, a);  in invert_mod_p256()
2882     multiply_casper(tmp, t, a);  in invert_mod_p256()
2932     multiply_casper(c, tmp, a);  in invert_mod_p256()
2966 static void invert_mod_p384(uint32_t *c, uint32_t *a)  in invert_mod_p384()  argument
2986     square_casper(tmp, a);        // 2  in invert_mod_p384()
2990     multiply_casper(d, a, t2);    // 13  in invert_mod_p384()
2991     multiply_casper(e, d, a);     // 14  in invert_mod_p384()
2992     multiply_casper(t0, e, a);    // 15  in invert_mod_p384()
3185 static void invert_mod_p521(uint32_t *c, uint32_t *a)  in invert_mod_p521()  argument
3200     square_casper(d2, a);  in invert_mod_p521()
3201     multiply_casper(T2, d2, a);  in invert_mod_p521()
3288     multiply_casper(d2, d3, a);  in invert_mod_p521()
3293     multiply_casper(c, e3, a);  in invert_mod_p521()
3319 …uint32_t w_out[], const uint32_t a[], const uint32_t b[], const uint32_t Nmod[], const uint32_t *N…  in MultprecCiosMul521_ct()  argument
3327     a64 = (uint64_t *)(uintptr_t)a;  in MultprecCiosMul521_ct()
3331     if (a != NULL)  in MultprecCiosMul521_ct()
3344         if (a != NULL)  in MultprecCiosMul521_ct()