87 void uECC_vli_clear(uECC_word_t *vli, wordcount_t num_words)  in uECC_vli_clear()  argument
90 	for (i = 0; i < num_words; ++i) {  in uECC_vli_clear()
95 uECC_word_t uECC_vli_isZero(const uECC_word_t *vli, wordcount_t num_words)  in uECC_vli_isZero()  argument
99 	for (i = 0; i < num_words; ++i) {  in uECC_vli_isZero()
146 		  wordcount_t num_words)  in uECC_vli_set()  argument
150 	for (i = 0; i < num_words; ++i) {  in uECC_vli_set()
157 				wordcount_t num_words)  in uECC_vli_cmp_unsafe()  argument
161 	for (i = num_words - 1; i >= 0; --i) {  in uECC_vli_cmp_unsafe()
172 			   wordcount_t num_words)  in uECC_vli_equal()  argument
178 	for (i = num_words - 1; i >= 0; --i) {  in uECC_vli_equal()
192 			 const uECC_word_t *right, wordcount_t num_words)  in uECC_vli_sub()  argument
196 	for (i = 0; i < num_words; ++i) {  in uECC_vli_sub()
209 				const uECC_word_t *right, wordcount_t num_words)  in uECC_vli_add()  argument
213 	for (i = 0; i < num_words; ++i) {  in uECC_vli_add()
223 			 wordcount_t num_words)  in uECC_vli_cmp()  argument
226 	uECC_word_t neg = !!uECC_vli_sub(tmp, left, right, num_words);  in uECC_vli_cmp()
227 	uECC_word_t equal = uECC_vli_isZero(tmp, num_words);  in uECC_vli_cmp()
232 static void uECC_vli_rshift1(uECC_word_t *vli, wordcount_t num_words)  in uECC_vli_rshift1()  argument
237 	vli += num_words;  in uECC_vli_rshift1()
260 			  const uECC_word_t *right, wordcount_t num_words)  in uECC_vli_mult()  argument
269 	for (k = 0; k < num_words; ++k) {  in uECC_vli_mult()
281 	for (k = num_words; k < num_words * 2 - 1; ++k) {  in uECC_vli_mult()
283 		for (i = (k + 1) - num_words; i < num_words; ++i) {  in uECC_vli_mult()
291 	result[num_words * 2 - 1] = r0;  in uECC_vli_mult()
296 		     wordcount_t num_words)  in uECC_vli_modAdd()  argument
298 	uECC_word_t carry = uECC_vli_add(result, left, right, num_words);  in uECC_vli_modAdd()
299 	if (carry || uECC_vli_cmp_unsafe(mod, result, num_words) != 1) {  in uECC_vli_modAdd()
302 		uECC_vli_sub(result, result, mod, num_words);  in uECC_vli_modAdd()
308 		     wordcount_t num_words)  in uECC_vli_modSub()  argument
310 	uECC_word_t l_borrow = uECC_vli_sub(result, left, right, num_words);  in uECC_vli_modSub()
314 		uECC_vli_add(result, result, mod, num_words);  in uECC_vli_modSub()
321     		   const uECC_word_t *mod, wordcount_t num_words)  in uECC_vli_mmod()  argument
329 	bitcount_t shift = (num_words * 2 * uECC_WORD_BITS) -  in uECC_vli_mmod()
330 			   uECC_vli_numBits(mod, num_words);  in uECC_vli_mmod()
336 		for(index = 0; index < (uECC_word_t)num_words; ++index) {  in uECC_vli_mmod()
341 		uECC_vli_set(mod_multiple + word_shift, mod, num_words);  in uECC_vli_mmod()
347 		for (i = 0; i < num_words * 2; ++i) {  in uECC_vli_mmod()
356 		uECC_vli_rshift1(mod_multiple, num_words);  in uECC_vli_mmod()
357 		mod_multiple[num_words - 1] |= mod_multiple[num_words] <<  in uECC_vli_mmod()
359 		uECC_vli_rshift1(mod_multiple + num_words, num_words);  in uECC_vli_mmod()
361 	uECC_vli_set(result, v[index], num_words);  in uECC_vli_mmod()
366 		      wordcount_t num_words)  in uECC_vli_modMult()  argument
369 	uECC_vli_mult(product, left, right, num_words);  in uECC_vli_modMult()
370 	uECC_vli_mmod(result, product, mod, num_words);  in uECC_vli_modMult()
377 	uECC_vli_mult(product, left, right, curve->num_words);  in uECC_vli_modMult_fast()
394 			      wordcount_t num_words)  in vli_modInv_update()  argument
400 		carry = uECC_vli_add(uv, uv, mod, num_words);  in vli_modInv_update()
402 	uECC_vli_rshift1(uv, num_words);  in vli_modInv_update()
404 		uv[num_words - 1] |= HIGH_BIT_SET;  in vli_modInv_update()
409 		     const uECC_word_t *mod, wordcount_t num_words)  in uECC_vli_modInv()  argument
415 	if (uECC_vli_isZero(input, num_words)) {  in uECC_vli_modInv()
416 		uECC_vli_clear(result, num_words);  in uECC_vli_modInv()
420 	uECC_vli_set(a, input, num_words);  in uECC_vli_modInv()
421 	uECC_vli_set(b, mod, num_words);  in uECC_vli_modInv()
422 	uECC_vli_clear(u, num_words);  in uECC_vli_modInv()
424 	uECC_vli_clear(v, num_words);  in uECC_vli_modInv()
425 	while ((cmpResult = uECC_vli_cmp_unsafe(a, b, num_words)) != 0) {  in uECC_vli_modInv()
427 			uECC_vli_rshift1(a, num_words);  in uECC_vli_modInv()
428       			vli_modInv_update(u, mod, num_words);  in uECC_vli_modInv()
430 			uECC_vli_rshift1(b, num_words);  in uECC_vli_modInv()
431 			vli_modInv_update(v, mod, num_words);  in uECC_vli_modInv()
433 			uECC_vli_sub(a, a, b, num_words);  in uECC_vli_modInv()
434 			uECC_vli_rshift1(a, num_words);  in uECC_vli_modInv()
435 			if (uECC_vli_cmp_unsafe(u, v, num_words) < 0) {  in uECC_vli_modInv()
436         			uECC_vli_add(u, u, mod, num_words);  in uECC_vli_modInv()
438       			uECC_vli_sub(u, u, v, num_words);  in uECC_vli_modInv()
439       			vli_modInv_update(u, mod, num_words);  in uECC_vli_modInv()
441       			uECC_vli_sub(b, b, a, num_words);  in uECC_vli_modInv()
442       			uECC_vli_rshift1(b, num_words);  in uECC_vli_modInv()
443       			if (uECC_vli_cmp_unsafe(v, u, num_words) < 0) {  in uECC_vli_modInv()
444         			uECC_vli_add(v, v, mod, num_words);  in uECC_vli_modInv()
446       			uECC_vli_sub(v, v, u, num_words);  in uECC_vli_modInv()
447       			vli_modInv_update(v, mod, num_words);  in uECC_vli_modInv()
450   	uECC_vli_set(result, u, num_words);  in uECC_vli_modInv()
461 	wordcount_t num_words = curve->num_words;  in double_jacobian_default()  local
463 	if (uECC_vli_isZero(Z1, num_words)) {  in double_jacobian_default()
473 	uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = x1 + z1^2 */  in double_jacobian_default()
474 	uECC_vli_modAdd(Z1, Z1, Z1, curve->p, num_words); /* t3 = 2*z1^2 */  in double_jacobian_default()
475 	uECC_vli_modSub(Z1, X1, Z1, curve->p, num_words); /* t3 = x1 - z1^2 */  in double_jacobian_default()
478 	uECC_vli_modAdd(Z1, X1, X1, curve->p, num_words); /* t3 = 2*(x1^2 - z1^4) */  in double_jacobian_default()
479 	uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = 3*(x1^2 - z1^4) */  in double_jacobian_default()
481 		uECC_word_t l_carry = uECC_vli_add(X1, X1, curve->p, num_words);  in double_jacobian_default()
482 		uECC_vli_rshift1(X1, num_words);  in double_jacobian_default()
483 		X1[num_words - 1] |= l_carry << (uECC_WORD_BITS - 1);  in double_jacobian_default()
485 		uECC_vli_rshift1(X1, num_words);  in double_jacobian_default()
490 	uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - A */  in double_jacobian_default()
491 	uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - 2A = x3 */  in double_jacobian_default()
492 	uECC_vli_modSub(t5, t5, Z1, curve->p, num_words); /* t5 = A - x3 */  in double_jacobian_default()
495 	uECC_vli_modSub(t4, X1, t4, curve->p, num_words);  in double_jacobian_default()
497 	uECC_vli_set(X1, Z1, num_words);  in double_jacobian_default()
498 	uECC_vli_set(Z1, Y1, num_words);  in double_jacobian_default()
499 	uECC_vli_set(Y1, t4, num_words);  in double_jacobian_default()
507 	wordcount_t num_words = curve->num_words;  in x_side_default()  local
510 	uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */  in x_side_default()
513 	uECC_vli_modAdd(result, result, curve->b, curve->p, num_words);  in x_side_default()
624 	return uECC_vli_isZero(point, curve->num_words * 2);  in EccPoint_isZero()
645 	wordcount_t num_words = curve->num_words;  in XYcZ_initial_double()  local
647 		uECC_vli_set(z, initial_Z, num_words);  in XYcZ_initial_double()
649 		uECC_vli_clear(z, num_words);  in XYcZ_initial_double()
653 	uECC_vli_set(X2, X1, num_words);  in XYcZ_initial_double()
654 	uECC_vli_set(Y2, Y1, num_words);  in XYcZ_initial_double()
667 	wordcount_t num_words = curve->num_words;  in XYcZ_add()  local
669 	uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */  in XYcZ_add()
673 	uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */  in XYcZ_add()
676 	uECC_vli_modSub(t5, t5, X1, curve->p, num_words); /* t5 = D - B */  in XYcZ_add()
677 	uECC_vli_modSub(t5, t5, X2, curve->p, num_words); /* t5 = D - B - C = x3 */  in XYcZ_add()
678 	uECC_vli_modSub(X2, X2, X1, curve->p, num_words); /* t3 = C - B */  in XYcZ_add()
680 	uECC_vli_modSub(X2, X1, t5, curve->p, num_words); /* t3 = B - x3 */  in XYcZ_add()
682 	uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y3 */  in XYcZ_add()
684 	uECC_vli_set(X2, t5, num_words);  in XYcZ_add()
699 	wordcount_t num_words = curve->num_words;  in XYcZ_addC()  local
701 	uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */  in XYcZ_addC()
705 	uECC_vli_modAdd(t5, Y2, Y1, curve->p, num_words); /* t5 = y2 + y1 */  in XYcZ_addC()
706 	uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */  in XYcZ_addC()
708 	uECC_vli_modSub(t6, X2, X1, curve->p, num_words); /* t6 = C - B */  in XYcZ_addC()
710 	uECC_vli_modAdd(t6, X1, X2, curve->p, num_words); /* t6 = B + C */  in XYcZ_addC()
712 	uECC_vli_modSub(X2, X2, t6, curve->p, num_words); /* t3 = D - (B + C) = x3 */  in XYcZ_addC()
714 	uECC_vli_modSub(t7, X1, X2, curve->p, num_words); /* t7 = B - x3 */  in XYcZ_addC()
717 	uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words);  in XYcZ_addC()
720 	uECC_vli_modSub(t7, t7, t6, curve->p, num_words); /* t7 = F - (B + C) = x3' */  in XYcZ_addC()
721 	uECC_vli_modSub(t6, t7, X1, curve->p, num_words); /* t6 = x3' - B */  in XYcZ_addC()
724 	uECC_vli_modSub(Y1, t6, Y1, curve->p, num_words);  in XYcZ_addC()
726 	uECC_vli_set(X1, t7, num_words);  in XYcZ_addC()
740 	wordcount_t num_words = curve->num_words;  in EccPoint_mult()  local
742 	uECC_vli_set(Rx[1], point, num_words);  in EccPoint_mult()
743   	uECC_vli_set(Ry[1], point + num_words, num_words);  in EccPoint_mult()
757 	uECC_vli_modSub(z, Rx[1], Rx[0], curve->p, num_words); /* X1 - X0 */  in EccPoint_mult()
760 	uECC_vli_modInv(z, z, curve->p, num_words); /* 1 / (xP * Yb * (X1 - X0))*/  in EccPoint_mult()
762 	uECC_vli_modMult_fast(z, z, point + num_words, curve);  in EccPoint_mult()
770 	uECC_vli_set(result, Rx[0], num_words);  in EccPoint_mult()
771 	uECC_vli_set(result + num_words, Ry[0], num_words);  in EccPoint_mult()
838 			     wordcount_t num_words)  in uECC_generate_random_int()  argument
842 	bitcount_t num_bits = uECC_vli_numBits(top, num_words);  in uECC_generate_random_int()
849 		if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) {  in uECC_generate_random_int()
852 		random[num_words - 1] &=  in uECC_generate_random_int()
853         		mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits));  in uECC_generate_random_int()
854 		if (!uECC_vli_isZero(random, num_words) &&  in uECC_generate_random_int()
855 			uECC_vli_cmp(top, random, num_words) == 1) {  in uECC_generate_random_int()
867 	wordcount_t num_words = curve->num_words;  in uECC_valid_point()  local
875 	if (uECC_vli_cmp_unsafe(curve->p, point, num_words) != 1 ||  in uECC_valid_point()
876 		uECC_vli_cmp_unsafe(curve->p, point + num_words, num_words) != 1) {  in uECC_valid_point()
880 	uECC_vli_modSquare_fast(tmp1, point + num_words, curve);  in uECC_valid_point()
884 	if (uECC_vli_equal(tmp1, tmp2, num_words) != 0)  in uECC_valid_point()
897 	_public + curve->num_words,  in uECC_valid_public_key()
937 	curve->num_bytes, curve->num_bytes, _public + curve->num_words);  in uECC_compute_public_key()