github.com/bcskill/bcschain/v3@v3.4.9-beta2/crypto/bls12381/arithmetic_fallback.go (about) 1 // Native go field arithmetic code is generated with 'goff' 2 // https://github.com/ConsenSys/goff 3 // Many function signature of field operations are renamed. 4 5 // Copyright 2020 ConsenSys AG 6 // 7 // Licensed under the Apache License, Version 2.0 (the "License"); 8 // you may not use this file except in compliance with the License. 9 // You may obtain a copy of the License at 10 // 11 // http://www.apache.org/licenses/LICENSE-2.0 12 // 13 // Unless required by applicable law or agreed to in writing, software 14 // distributed under the License is distributed on an "AS IS" BASIS, 15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 // See the License for the specific language governing permissions and 17 // limitations under the License. 18 19 // field modulus q = 20 // 21 // 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787 22 // Code generated by goff DO NOT EDIT 23 // goff version: v0.1.0 - build: 790f1f56eac432441e043abff8819eacddd1d668 24 // fe are assumed to be in Montgomery form in all methods 25 26 // /!\ WARNING /!\ 27 // this code has not been audited and is provided as-is. In particular, 28 // there is no security guarantees such as constant time implementation 29 // or side-channel attack resistance 30 // /!\ WARNING /!\ 31 32 // Package bls (generated by goff) contains field arithmetics operations 33 34 // +build !amd64 !blsasm,!blsadx 35 36 package bls12381 37 38 import ( 39 "math/bits" 40 ) 41 42 func add(z, x, y *fe) { 43 var carry uint64 44 45 z[0], carry = bits.Add64(x[0], y[0], 0) 46 z[1], carry = bits.Add64(x[1], y[1], carry) 47 z[2], carry = bits.Add64(x[2], y[2], carry) 48 z[3], carry = bits.Add64(x[3], y[3], carry) 49 z[4], carry = bits.Add64(x[4], y[4], carry) 50 z[5], _ = bits.Add64(x[5], y[5], carry) 51 52 // if z > q --> z -= q 53 // note: this is NOT constant time 54 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 55 var b uint64 56 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 57 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 58 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 59 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 60 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 61 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 62 } 63 } 64 65 func addAssign(x, y *fe) { 66 var carry uint64 67 68 x[0], carry = bits.Add64(x[0], y[0], 0) 69 x[1], carry = bits.Add64(x[1], y[1], carry) 70 x[2], carry = bits.Add64(x[2], y[2], carry) 71 x[3], carry = bits.Add64(x[3], y[3], carry) 72 x[4], carry = bits.Add64(x[4], y[4], carry) 73 x[5], _ = bits.Add64(x[5], y[5], carry) 74 75 // if z > q --> z -= q 76 // note: this is NOT constant time 77 if !(x[5] < 1873798617647539866 || (x[5] == 1873798617647539866 && (x[4] < 5412103778470702295 || (x[4] == 5412103778470702295 && (x[3] < 7239337960414712511 || (x[3] == 7239337960414712511 && (x[2] < 7435674573564081700 || (x[2] == 7435674573564081700 && (x[1] < 2210141511517208575 || (x[1] == 2210141511517208575 && (x[0] < 13402431016077863595))))))))))) { 78 var b uint64 79 x[0], b = bits.Sub64(x[0], 13402431016077863595, 0) 80 x[1], b = bits.Sub64(x[1], 2210141511517208575, b) 81 x[2], b = bits.Sub64(x[2], 7435674573564081700, b) 82 x[3], b = bits.Sub64(x[3], 7239337960414712511, b) 83 x[4], b = bits.Sub64(x[4], 5412103778470702295, b) 84 x[5], _ = bits.Sub64(x[5], 1873798617647539866, b) 85 } 86 } 87 88 func ladd(z, x, y *fe) { 89 var carry uint64 90 z[0], carry = bits.Add64(x[0], y[0], 0) 91 z[1], carry = bits.Add64(x[1], y[1], carry) 92 z[2], carry = bits.Add64(x[2], y[2], carry) 93 z[3], carry = bits.Add64(x[3], y[3], carry) 94 z[4], carry = bits.Add64(x[4], y[4], carry) 95 z[5], _ = bits.Add64(x[5], y[5], carry) 96 } 97 98 func laddAssign(x, y *fe) { 99 var carry uint64 100 x[0], carry = bits.Add64(x[0], y[0], 0) 101 x[1], carry = bits.Add64(x[1], y[1], carry) 102 x[2], carry = bits.Add64(x[2], y[2], carry) 103 x[3], carry = bits.Add64(x[3], y[3], carry) 104 x[4], carry = bits.Add64(x[4], y[4], carry) 105 x[5], _ = bits.Add64(x[5], y[5], carry) 106 } 107 108 func double(z, x *fe) { 109 var carry uint64 110 111 z[0], carry = bits.Add64(x[0], x[0], 0) 112 z[1], carry = bits.Add64(x[1], x[1], carry) 113 z[2], carry = bits.Add64(x[2], x[2], carry) 114 z[3], carry = bits.Add64(x[3], x[3], carry) 115 z[4], carry = bits.Add64(x[4], x[4], carry) 116 z[5], _ = bits.Add64(x[5], x[5], carry) 117 118 // if z > q --> z -= q 119 // note: this is NOT constant time 120 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 121 var b uint64 122 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 123 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 124 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 125 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 126 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 127 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 128 } 129 } 130 131 func doubleAssign(z *fe) { 132 var carry uint64 133 134 z[0], carry = bits.Add64(z[0], z[0], 0) 135 z[1], carry = bits.Add64(z[1], z[1], carry) 136 z[2], carry = bits.Add64(z[2], z[2], carry) 137 z[3], carry = bits.Add64(z[3], z[3], carry) 138 z[4], carry = bits.Add64(z[4], z[4], carry) 139 z[5], _ = bits.Add64(z[5], z[5], carry) 140 141 // if z > q --> z -= q 142 // note: this is NOT constant time 143 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 144 var b uint64 145 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 146 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 147 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 148 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 149 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 150 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 151 } 152 } 153 154 func ldouble(z, x *fe) { 155 var carry uint64 156 157 z[0], carry = bits.Add64(x[0], x[0], 0) 158 z[1], carry = bits.Add64(x[1], x[1], carry) 159 z[2], carry = bits.Add64(x[2], x[2], carry) 160 z[3], carry = bits.Add64(x[3], x[3], carry) 161 z[4], carry = bits.Add64(x[4], x[4], carry) 162 z[5], _ = bits.Add64(x[5], x[5], carry) 163 } 164 165 func sub(z, x, y *fe) { 166 var b uint64 167 z[0], b = bits.Sub64(x[0], y[0], 0) 168 z[1], b = bits.Sub64(x[1], y[1], b) 169 z[2], b = bits.Sub64(x[2], y[2], b) 170 z[3], b = bits.Sub64(x[3], y[3], b) 171 z[4], b = bits.Sub64(x[4], y[4], b) 172 z[5], b = bits.Sub64(x[5], y[5], b) 173 if b != 0 { 174 var c uint64 175 z[0], c = bits.Add64(z[0], 13402431016077863595, 0) 176 z[1], c = bits.Add64(z[1], 2210141511517208575, c) 177 z[2], c = bits.Add64(z[2], 7435674573564081700, c) 178 z[3], c = bits.Add64(z[3], 7239337960414712511, c) 179 z[4], c = bits.Add64(z[4], 5412103778470702295, c) 180 z[5], _ = bits.Add64(z[5], 1873798617647539866, c) 181 } 182 } 183 184 func subAssign(z, x *fe) { 185 var b uint64 186 z[0], b = bits.Sub64(z[0], x[0], 0) 187 z[1], b = bits.Sub64(z[1], x[1], b) 188 z[2], b = bits.Sub64(z[2], x[2], b) 189 z[3], b = bits.Sub64(z[3], x[3], b) 190 z[4], b = bits.Sub64(z[4], x[4], b) 191 z[5], b = bits.Sub64(z[5], x[5], b) 192 if b != 0 { 193 var c uint64 194 z[0], c = bits.Add64(z[0], 13402431016077863595, 0) 195 z[1], c = bits.Add64(z[1], 2210141511517208575, c) 196 z[2], c = bits.Add64(z[2], 7435674573564081700, c) 197 z[3], c = bits.Add64(z[3], 7239337960414712511, c) 198 z[4], c = bits.Add64(z[4], 5412103778470702295, c) 199 z[5], _ = bits.Add64(z[5], 1873798617647539866, c) 200 } 201 } 202 203 func lsubAssign(z, x *fe) { 204 var b uint64 205 z[0], b = bits.Sub64(z[0], x[0], 0) 206 z[1], b = bits.Sub64(z[1], x[1], b) 207 z[2], b = bits.Sub64(z[2], x[2], b) 208 z[3], b = bits.Sub64(z[3], x[3], b) 209 z[4], b = bits.Sub64(z[4], x[4], b) 210 z[5], _ = bits.Sub64(z[5], x[5], b) 211 } 212 213 func neg(z *fe, x *fe) { 214 if x.isZero() { 215 z.zero() 216 return 217 } 218 var borrow uint64 219 z[0], borrow = bits.Sub64(13402431016077863595, x[0], 0) 220 z[1], borrow = bits.Sub64(2210141511517208575, x[1], borrow) 221 z[2], borrow = bits.Sub64(7435674573564081700, x[2], borrow) 222 z[3], borrow = bits.Sub64(7239337960414712511, x[3], borrow) 223 z[4], borrow = bits.Sub64(5412103778470702295, x[4], borrow) 224 z[5], _ = bits.Sub64(1873798617647539866, x[5], borrow) 225 } 226 227 func mul(z, x, y *fe) { 228 var t [6]uint64 229 var c [3]uint64 230 { 231 // round 0 232 v := x[0] 233 c[1], c[0] = bits.Mul64(v, y[0]) 234 m := c[0] * 9940570264628428797 235 c[2] = madd0(m, 13402431016077863595, c[0]) 236 c[1], c[0] = madd1(v, y[1], c[1]) 237 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 238 c[1], c[0] = madd1(v, y[2], c[1]) 239 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 240 c[1], c[0] = madd1(v, y[3], c[1]) 241 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 242 c[1], c[0] = madd1(v, y[4], c[1]) 243 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 244 c[1], c[0] = madd1(v, y[5], c[1]) 245 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 246 } 247 { 248 // round 1 249 v := x[1] 250 c[1], c[0] = madd1(v, y[0], t[0]) 251 m := c[0] * 9940570264628428797 252 c[2] = madd0(m, 13402431016077863595, c[0]) 253 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 254 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 255 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 256 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 257 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 258 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 259 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 260 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 261 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 262 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 263 } 264 { 265 // round 2 266 v := x[2] 267 c[1], c[0] = madd1(v, y[0], t[0]) 268 m := c[0] * 9940570264628428797 269 c[2] = madd0(m, 13402431016077863595, c[0]) 270 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 271 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 272 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 273 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 274 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 275 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 276 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 277 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 278 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 279 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 280 } 281 { 282 // round 3 283 v := x[3] 284 c[1], c[0] = madd1(v, y[0], t[0]) 285 m := c[0] * 9940570264628428797 286 c[2] = madd0(m, 13402431016077863595, c[0]) 287 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 288 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 289 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 290 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 291 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 292 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 293 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 294 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 295 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 296 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 297 } 298 { 299 // round 4 300 v := x[4] 301 c[1], c[0] = madd1(v, y[0], t[0]) 302 m := c[0] * 9940570264628428797 303 c[2] = madd0(m, 13402431016077863595, c[0]) 304 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 305 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 306 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 307 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 308 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 309 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 310 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 311 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 312 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 313 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 314 } 315 { 316 // round 5 317 v := x[5] 318 c[1], c[0] = madd1(v, y[0], t[0]) 319 m := c[0] * 9940570264628428797 320 c[2] = madd0(m, 13402431016077863595, c[0]) 321 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 322 c[2], z[0] = madd2(m, 2210141511517208575, c[2], c[0]) 323 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 324 c[2], z[1] = madd2(m, 7435674573564081700, c[2], c[0]) 325 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 326 c[2], z[2] = madd2(m, 7239337960414712511, c[2], c[0]) 327 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 328 c[2], z[3] = madd2(m, 5412103778470702295, c[2], c[0]) 329 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 330 z[5], z[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 331 } 332 333 // if z > q --> z -= q 334 // note: this is NOT constant time 335 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 336 var b uint64 337 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 338 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 339 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 340 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 341 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 342 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 343 } 344 } 345 346 func square(z, x *fe) { 347 348 var p [6]uint64 349 350 var u, v uint64 351 { 352 // round 0 353 u, p[0] = bits.Mul64(x[0], x[0]) 354 m := p[0] * 9940570264628428797 355 C := madd0(m, 13402431016077863595, p[0]) 356 var t uint64 357 t, u, v = madd1sb(x[0], x[1], u) 358 C, p[0] = madd2(m, 2210141511517208575, v, C) 359 t, u, v = madd1s(x[0], x[2], t, u) 360 C, p[1] = madd2(m, 7435674573564081700, v, C) 361 t, u, v = madd1s(x[0], x[3], t, u) 362 C, p[2] = madd2(m, 7239337960414712511, v, C) 363 t, u, v = madd1s(x[0], x[4], t, u) 364 C, p[3] = madd2(m, 5412103778470702295, v, C) 365 _, u, v = madd1s(x[0], x[5], t, u) 366 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 367 } 368 { 369 // round 1 370 m := p[0] * 9940570264628428797 371 C := madd0(m, 13402431016077863595, p[0]) 372 u, v = madd1(x[1], x[1], p[1]) 373 C, p[0] = madd2(m, 2210141511517208575, v, C) 374 var t uint64 375 t, u, v = madd2sb(x[1], x[2], p[2], u) 376 C, p[1] = madd2(m, 7435674573564081700, v, C) 377 t, u, v = madd2s(x[1], x[3], p[3], t, u) 378 C, p[2] = madd2(m, 7239337960414712511, v, C) 379 t, u, v = madd2s(x[1], x[4], p[4], t, u) 380 C, p[3] = madd2(m, 5412103778470702295, v, C) 381 _, u, v = madd2s(x[1], x[5], p[5], t, u) 382 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 383 } 384 { 385 // round 2 386 m := p[0] * 9940570264628428797 387 C := madd0(m, 13402431016077863595, p[0]) 388 C, p[0] = madd2(m, 2210141511517208575, p[1], C) 389 u, v = madd1(x[2], x[2], p[2]) 390 C, p[1] = madd2(m, 7435674573564081700, v, C) 391 var t uint64 392 t, u, v = madd2sb(x[2], x[3], p[3], u) 393 C, p[2] = madd2(m, 7239337960414712511, v, C) 394 t, u, v = madd2s(x[2], x[4], p[4], t, u) 395 C, p[3] = madd2(m, 5412103778470702295, v, C) 396 _, u, v = madd2s(x[2], x[5], p[5], t, u) 397 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 398 } 399 { 400 // round 3 401 m := p[0] * 9940570264628428797 402 C := madd0(m, 13402431016077863595, p[0]) 403 C, p[0] = madd2(m, 2210141511517208575, p[1], C) 404 C, p[1] = madd2(m, 7435674573564081700, p[2], C) 405 u, v = madd1(x[3], x[3], p[3]) 406 C, p[2] = madd2(m, 7239337960414712511, v, C) 407 var t uint64 408 t, u, v = madd2sb(x[3], x[4], p[4], u) 409 C, p[3] = madd2(m, 5412103778470702295, v, C) 410 _, u, v = madd2s(x[3], x[5], p[5], t, u) 411 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 412 } 413 { 414 // round 4 415 m := p[0] * 9940570264628428797 416 C := madd0(m, 13402431016077863595, p[0]) 417 C, p[0] = madd2(m, 2210141511517208575, p[1], C) 418 C, p[1] = madd2(m, 7435674573564081700, p[2], C) 419 C, p[2] = madd2(m, 7239337960414712511, p[3], C) 420 u, v = madd1(x[4], x[4], p[4]) 421 C, p[3] = madd2(m, 5412103778470702295, v, C) 422 _, u, v = madd2sb(x[4], x[5], p[5], u) 423 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 424 } 425 { 426 // round 5 427 m := p[0] * 9940570264628428797 428 C := madd0(m, 13402431016077863595, p[0]) 429 C, z[0] = madd2(m, 2210141511517208575, p[1], C) 430 C, z[1] = madd2(m, 7435674573564081700, p[2], C) 431 C, z[2] = madd2(m, 7239337960414712511, p[3], C) 432 C, z[3] = madd2(m, 5412103778470702295, p[4], C) 433 u, v = madd1(x[5], x[5], p[5]) 434 z[5], z[4] = madd3(m, 1873798617647539866, v, C, u) 435 } 436 437 // if z > q --> z -= q 438 // note: this is NOT constant time 439 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 440 var b uint64 441 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 442 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 443 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 444 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 445 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 446 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 447 } 448 } 449 450 // arith.go 451 // Copyright 2020 ConsenSys AG 452 // 453 // Licensed under the Apache License, Version 2.0 (the "License"); 454 // you may not use this file except in compliance with the License. 455 // You may obtain a copy of the License at 456 // 457 // http://www.apache.org/licenses/LICENSE-2.0 458 // 459 // Unless required by applicable law or agreed to in writing, software 460 // distributed under the License is distributed on an "AS IS" BASIS, 461 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 462 // See the License for the specific language governing permissions and 463 // limitations under the License. 464 465 // Code generated by goff DO NOT EDIT 466 467 func madd(a, b, t, u, v uint64) (uint64, uint64, uint64) { 468 var carry uint64 469 hi, lo := bits.Mul64(a, b) 470 v, carry = bits.Add64(lo, v, 0) 471 u, carry = bits.Add64(hi, u, carry) 472 t, _ = bits.Add64(t, 0, carry) 473 return t, u, v 474 } 475 476 // madd0 hi = a*b + c (discards lo bits) 477 func madd0(a, b, c uint64) (hi uint64) { 478 var carry, lo uint64 479 hi, lo = bits.Mul64(a, b) 480 _, carry = bits.Add64(lo, c, 0) 481 hi, _ = bits.Add64(hi, 0, carry) 482 return 483 } 484 485 // madd1 hi, lo = a*b + c 486 func madd1(a, b, c uint64) (hi uint64, lo uint64) { 487 var carry uint64 488 hi, lo = bits.Mul64(a, b) 489 lo, carry = bits.Add64(lo, c, 0) 490 hi, _ = bits.Add64(hi, 0, carry) 491 return 492 } 493 494 // madd2 hi, lo = a*b + c + d 495 func madd2(a, b, c, d uint64) (hi uint64, lo uint64) { 496 var carry uint64 497 hi, lo = bits.Mul64(a, b) 498 c, carry = bits.Add64(c, d, 0) 499 hi, _ = bits.Add64(hi, 0, carry) 500 lo, carry = bits.Add64(lo, c, 0) 501 hi, _ = bits.Add64(hi, 0, carry) 502 return 503 } 504 505 // madd2s superhi, hi, lo = 2*a*b + c + d + e 506 func madd2s(a, b, c, d, e uint64) (superhi, hi, lo uint64) { 507 var carry, sum uint64 508 509 hi, lo = bits.Mul64(a, b) 510 lo, carry = bits.Add64(lo, lo, 0) 511 hi, superhi = bits.Add64(hi, hi, carry) 512 513 sum, carry = bits.Add64(c, e, 0) 514 hi, _ = bits.Add64(hi, 0, carry) 515 lo, carry = bits.Add64(lo, sum, 0) 516 hi, _ = bits.Add64(hi, 0, carry) 517 hi, _ = bits.Add64(hi, 0, d) 518 return 519 } 520 521 func madd1s(a, b, d, e uint64) (superhi, hi, lo uint64) { 522 var carry uint64 523 524 hi, lo = bits.Mul64(a, b) 525 lo, carry = bits.Add64(lo, lo, 0) 526 hi, superhi = bits.Add64(hi, hi, carry) 527 lo, carry = bits.Add64(lo, e, 0) 528 hi, _ = bits.Add64(hi, 0, carry) 529 hi, _ = bits.Add64(hi, 0, d) 530 return 531 } 532 533 func madd2sb(a, b, c, e uint64) (superhi, hi, lo uint64) { 534 var carry, sum uint64 535 536 hi, lo = bits.Mul64(a, b) 537 lo, carry = bits.Add64(lo, lo, 0) 538 hi, superhi = bits.Add64(hi, hi, carry) 539 540 sum, carry = bits.Add64(c, e, 0) 541 hi, _ = bits.Add64(hi, 0, carry) 542 lo, carry = bits.Add64(lo, sum, 0) 543 hi, _ = bits.Add64(hi, 0, carry) 544 return 545 } 546 547 func madd1sb(a, b, e uint64) (superhi, hi, lo uint64) { 548 var carry uint64 549 550 hi, lo = bits.Mul64(a, b) 551 lo, carry = bits.Add64(lo, lo, 0) 552 hi, superhi = bits.Add64(hi, hi, carry) 553 lo, carry = bits.Add64(lo, e, 0) 554 hi, _ = bits.Add64(hi, 0, carry) 555 return 556 } 557 558 func madd3(a, b, c, d, e uint64) (hi uint64, lo uint64) { 559 var carry uint64 560 hi, lo = bits.Mul64(a, b) 561 c, carry = bits.Add64(c, d, 0) 562 hi, _ = bits.Add64(hi, 0, carry) 563 lo, carry = bits.Add64(lo, c, 0) 564 hi, _ = bits.Add64(hi, e, carry) 565 return 566 }