Lines Matching defs:in
3 // found in the LICENSE file.
87 // kZero31ModP is 0 mod p where bit 31 is set in all limbs so that we can
88 // subtract smaller amounts without underflow. See the section "Subtraction" in
101 // See the section on "Subtraction" in [1] for details.
109 // kZero63ModP is 0 mod p where bit 63 is set in all limbs. See the section
110 // "Subtraction" in [1] for why.
119 // still spaced 28-bits apart and in little-endian order. So the limbs are at
125 // in[i] < 2**62
127 LargeFieldElement& in(*inptr);
130 in[i] += kZero63ModP[i];
136 in[i-8] -= in[i]; // reflection off the "+1" term of p.
137 in[i-5] += (in[i] & 0xffff) << 12; // part of the "-2**96" reflection.
138 in[i-4] += in[i] >> 16; // the rest of the "-2**96" reflection.
140 in[8] = 0;
141 // in[0..8] < 2**64
143 // As the values become small enough, we start to store them in |out| and use
146 in[i+1] += in[i] >> 28;
147 (*out)[i] = static_cast<uint32>(in[i] & kBottom28Bits);
151 in[0] -= in[8]; // reflection off the "+1" term of p.
152 (*out)[3] += static_cast<uint32>(in[8] & 0xffff) << 12; // "-2**96" term
153 (*out)[4] += static_cast<uint32>(in[8] >> 16); // rest of "-2**96" term
154 // in[0] < 2**64
159 (*out)[0] = static_cast<uint32>(in[0] & kBottom28Bits);
160 (*out)[1] += static_cast<uint32>((in[0] >> 28) & kBottom28Bits);
161 (*out)[2] += static_cast<uint32>(in[0] >> 56);
241 // Invert calcuates *out = in**-1 by computing in**(2**224 - 2**96 - 1), i.e.
243 void Invert(FieldElement* out, const FieldElement& in) {
246 Square(&f1, in); // 2
247 Mul(&f1, f1, in); // 2**2 - 1
249 Mul(&f1, f1, in); // 2**3 - 1
284 Mul(&f1, f1, in); // 2**127 - 1
293 // On entry, in[i] < 2**29
294 // On exit, in[i] < 2**28
337 // The first value of top was in [0..16), therefore, prior to eliminating
357 // ends up with any zero bits in the bottom 28 bits, then this wasn't
364 // Now we replicate any zero bits to all the bits in top_4_all_ones.
414 // group with a = -3 defined in FIPS 186-3, section D.2.2.
609 // Get224Bits reads 7 words from in and scatters their contents in
611 void Get224Bits(uint32* out, const uint32* in) {
612 out[0] = NetToHost32(in[6]) & kBottom28Bits;
613 out[1] = ((NetToHost32(in[5]) << 4) |
614 (NetToHost32(in[6]) >> 28)) & kBottom28Bits;
615 out[2] = ((NetToHost32(in[4]) << 8) |
616 (NetToHost32(in[5]) >> 24)) & kBottom28Bits;
617 out[3] = ((NetToHost32(in[3]) << 12) |
618 (NetToHost32(in[4]) >> 20)) & kBottom28Bits;
619 out[4] = ((NetToHost32(in[2]) << 16) |
620 (NetToHost32(in[3]) >> 16)) & kBottom28Bits;
621 out[5] = ((NetToHost32(in[1]) << 20) |
622 (NetToHost32(in[2]) >> 12)) & kBottom28Bits;
623 out[6] = ((NetToHost32(in[0]) << 24) |
624 (NetToHost32(in[1]) >> 8)) & kBottom28Bits;
625 out[7] = (NetToHost32(in[0]) >> 4) & kBottom28Bits;
629 // each of 8 input words and writing them in big-endian order to 7 words at
631 void Put224Bits(uint32* out, const uint32* in) {
632 out[6] = HostToNet32((in[0] >> 0) | (in[1] << 28));
633 out[5] = HostToNet32((in[1] >> 4) | (in[2] << 24));
634 out[4] = HostToNet32((in[2] >> 8) | (in[3] << 20));
635 out[3] = HostToNet32((in[3] >> 12) | (in[4] << 16));
636 out[2] = HostToNet32((in[4] >> 16) | (in[5] << 12));
637 out[1] = HostToNet32((in[5] >> 20) | (in[6] << 8));
638 out[0] = HostToNet32((in[6] >> 24) | (in[7] << 4));
647 bool Point::SetFromString(const base::StringPiece& in) {
648 if (in.size() != 2*28)
650 const uint32* inwords = reinterpret_cast<const uint32*>(in.data());
702 void ScalarMult(const Point& in, const uint8* scalar, Point* out) {
703 ::ScalarMult(out, in, scalar, 28);
723 void Negate(const Point& in, Point* out) {
725 // is the negative in Jacobian coordinates, but it doesn't actually appear to
726 // be true in testing so this performs the negation in affine coordinates.
728 Invert(&zinv, in.z);
730 Mul(&out->x, in.x, zinv_sq);
732 Mul(&y, in.y, zinv_sq);