github.com/klaytn/klaytn@v1.12.1/crypto/bls12381/arithmetic_fallback.go (about) 1 // Native go field arithmetic code is generated with 'goff' 2 // https://github.com/ConsenSys/goff 3 // Many function signature of field operations are renamed. 4 5 // Copyright 2020 ConsenSys AG 6 // 7 // Licensed under the Apache License, Version 2.0 (the "License"); 8 // you may not use this file except in compliance with the License. 9 // You may obtain a copy of the License at 10 // 11 // http://www.apache.org/licenses/LICENSE-2.0 12 // 13 // Unless required by applicable law or agreed to in writing, software 14 // distributed under the License is distributed on an "AS IS" BASIS, 15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 // See the License for the specific language governing permissions and 17 // limitations under the License. 18 19 // field modulus q = 20 // 21 // 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787 22 // Code generated by goff DO NOT EDIT 23 // goff version: v0.1.0 - build: 790f1f56eac432441e043abff8819eacddd1d668 24 // fe are assumed to be in Montgomery form in all methods 25 26 // /!\ WARNING /!\ 27 // this code has not been audited and is provided as-is. In particular, 28 // there is no security guarantees such as constant time implementation 29 // or side-channel attack resistance 30 // /!\ WARNING /!\ 31 32 // Package bls (generated by goff) contains field arithmetics operations 33 34 //go:build !amd64 || (!blsasm && !blsadx) 35 // +build !amd64 !blsasm,!blsadx 36 37 package bls12381 38 39 import ( 40 "math/bits" 41 ) 42 43 func add(z, x, y *fe) { 44 var carry uint64 45 46 z[0], carry = bits.Add64(x[0], y[0], 0) 47 z[1], carry = bits.Add64(x[1], y[1], carry) 48 z[2], carry = bits.Add64(x[2], y[2], carry) 49 z[3], carry = bits.Add64(x[3], y[3], carry) 50 z[4], carry = bits.Add64(x[4], y[4], carry) 51 z[5], _ = bits.Add64(x[5], y[5], carry) 52 53 // if z > q --> z -= q 54 // note: this is NOT constant time 55 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 56 var b uint64 57 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 58 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 59 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 60 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 61 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 62 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 63 } 64 } 65 66 func addAssign(x, y *fe) { 67 var carry uint64 68 69 x[0], carry = bits.Add64(x[0], y[0], 0) 70 x[1], carry = bits.Add64(x[1], y[1], carry) 71 x[2], carry = bits.Add64(x[2], y[2], carry) 72 x[3], carry = bits.Add64(x[3], y[3], carry) 73 x[4], carry = bits.Add64(x[4], y[4], carry) 74 x[5], _ = bits.Add64(x[5], y[5], carry) 75 76 // if z > q --> z -= q 77 // note: this is NOT constant time 78 if !(x[5] < 1873798617647539866 || (x[5] == 1873798617647539866 && (x[4] < 5412103778470702295 || (x[4] == 5412103778470702295 && (x[3] < 7239337960414712511 || (x[3] == 7239337960414712511 && (x[2] < 7435674573564081700 || (x[2] == 7435674573564081700 && (x[1] < 2210141511517208575 || (x[1] == 2210141511517208575 && (x[0] < 13402431016077863595))))))))))) { 79 var b uint64 80 x[0], b = bits.Sub64(x[0], 13402431016077863595, 0) 81 x[1], b = bits.Sub64(x[1], 2210141511517208575, b) 82 x[2], b = bits.Sub64(x[2], 7435674573564081700, b) 83 x[3], b = bits.Sub64(x[3], 7239337960414712511, b) 84 x[4], b = bits.Sub64(x[4], 5412103778470702295, b) 85 x[5], _ = bits.Sub64(x[5], 1873798617647539866, b) 86 } 87 } 88 89 func ladd(z, x, y *fe) { 90 var carry uint64 91 z[0], carry = bits.Add64(x[0], y[0], 0) 92 z[1], carry = bits.Add64(x[1], y[1], carry) 93 z[2], carry = bits.Add64(x[2], y[2], carry) 94 z[3], carry = bits.Add64(x[3], y[3], carry) 95 z[4], carry = bits.Add64(x[4], y[4], carry) 96 z[5], _ = bits.Add64(x[5], y[5], carry) 97 } 98 99 func laddAssign(x, y *fe) { 100 var carry uint64 101 x[0], carry = bits.Add64(x[0], y[0], 0) 102 x[1], carry = bits.Add64(x[1], y[1], carry) 103 x[2], carry = bits.Add64(x[2], y[2], carry) 104 x[3], carry = bits.Add64(x[3], y[3], carry) 105 x[4], carry = bits.Add64(x[4], y[4], carry) 106 x[5], _ = bits.Add64(x[5], y[5], carry) 107 } 108 109 func double(z, x *fe) { 110 var carry uint64 111 112 z[0], carry = bits.Add64(x[0], x[0], 0) 113 z[1], carry = bits.Add64(x[1], x[1], carry) 114 z[2], carry = bits.Add64(x[2], x[2], carry) 115 z[3], carry = bits.Add64(x[3], x[3], carry) 116 z[4], carry = bits.Add64(x[4], x[4], carry) 117 z[5], _ = bits.Add64(x[5], x[5], carry) 118 119 // if z > q --> z -= q 120 // note: this is NOT constant time 121 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 122 var b uint64 123 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 124 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 125 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 126 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 127 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 128 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 129 } 130 } 131 132 func doubleAssign(z *fe) { 133 var carry uint64 134 135 z[0], carry = bits.Add64(z[0], z[0], 0) 136 z[1], carry = bits.Add64(z[1], z[1], carry) 137 z[2], carry = bits.Add64(z[2], z[2], carry) 138 z[3], carry = bits.Add64(z[3], z[3], carry) 139 z[4], carry = bits.Add64(z[4], z[4], carry) 140 z[5], _ = bits.Add64(z[5], z[5], carry) 141 142 // if z > q --> z -= q 143 // note: this is NOT constant time 144 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 145 var b uint64 146 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 147 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 148 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 149 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 150 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 151 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 152 } 153 } 154 155 func ldouble(z, x *fe) { 156 var carry uint64 157 158 z[0], carry = bits.Add64(x[0], x[0], 0) 159 z[1], carry = bits.Add64(x[1], x[1], carry) 160 z[2], carry = bits.Add64(x[2], x[2], carry) 161 z[3], carry = bits.Add64(x[3], x[3], carry) 162 z[4], carry = bits.Add64(x[4], x[4], carry) 163 z[5], _ = bits.Add64(x[5], x[5], carry) 164 } 165 166 func sub(z, x, y *fe) { 167 var b uint64 168 z[0], b = bits.Sub64(x[0], y[0], 0) 169 z[1], b = bits.Sub64(x[1], y[1], b) 170 z[2], b = bits.Sub64(x[2], y[2], b) 171 z[3], b = bits.Sub64(x[3], y[3], b) 172 z[4], b = bits.Sub64(x[4], y[4], b) 173 z[5], b = bits.Sub64(x[5], y[5], b) 174 if b != 0 { 175 var c uint64 176 z[0], c = bits.Add64(z[0], 13402431016077863595, 0) 177 z[1], c = bits.Add64(z[1], 2210141511517208575, c) 178 z[2], c = bits.Add64(z[2], 7435674573564081700, c) 179 z[3], c = bits.Add64(z[3], 7239337960414712511, c) 180 z[4], c = bits.Add64(z[4], 5412103778470702295, c) 181 z[5], _ = bits.Add64(z[5], 1873798617647539866, c) 182 } 183 } 184 185 func subAssign(z, x *fe) { 186 var b uint64 187 z[0], b = bits.Sub64(z[0], x[0], 0) 188 z[1], b = bits.Sub64(z[1], x[1], b) 189 z[2], b = bits.Sub64(z[2], x[2], b) 190 z[3], b = bits.Sub64(z[3], x[3], b) 191 z[4], b = bits.Sub64(z[4], x[4], b) 192 z[5], b = bits.Sub64(z[5], x[5], b) 193 if b != 0 { 194 var c uint64 195 z[0], c = bits.Add64(z[0], 13402431016077863595, 0) 196 z[1], c = bits.Add64(z[1], 2210141511517208575, c) 197 z[2], c = bits.Add64(z[2], 7435674573564081700, c) 198 z[3], c = bits.Add64(z[3], 7239337960414712511, c) 199 z[4], c = bits.Add64(z[4], 5412103778470702295, c) 200 z[5], _ = bits.Add64(z[5], 1873798617647539866, c) 201 } 202 } 203 204 func lsubAssign(z, x *fe) { 205 var b uint64 206 z[0], b = bits.Sub64(z[0], x[0], 0) 207 z[1], b = bits.Sub64(z[1], x[1], b) 208 z[2], b = bits.Sub64(z[2], x[2], b) 209 z[3], b = bits.Sub64(z[3], x[3], b) 210 z[4], b = bits.Sub64(z[4], x[4], b) 211 z[5], _ = bits.Sub64(z[5], x[5], b) 212 } 213 214 func neg(z *fe, x *fe) { 215 if x.isZero() { 216 z.zero() 217 return 218 } 219 var borrow uint64 220 z[0], borrow = bits.Sub64(13402431016077863595, x[0], 0) 221 z[1], borrow = bits.Sub64(2210141511517208575, x[1], borrow) 222 z[2], borrow = bits.Sub64(7435674573564081700, x[2], borrow) 223 z[3], borrow = bits.Sub64(7239337960414712511, x[3], borrow) 224 z[4], borrow = bits.Sub64(5412103778470702295, x[4], borrow) 225 z[5], _ = bits.Sub64(1873798617647539866, x[5], borrow) 226 } 227 228 func mul(z, x, y *fe) { 229 var t [6]uint64 230 var c [3]uint64 231 { 232 // round 0 233 v := x[0] 234 c[1], c[0] = bits.Mul64(v, y[0]) 235 m := c[0] * 9940570264628428797 236 c[2] = madd0(m, 13402431016077863595, c[0]) 237 c[1], c[0] = madd1(v, y[1], c[1]) 238 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 239 c[1], c[0] = madd1(v, y[2], c[1]) 240 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 241 c[1], c[0] = madd1(v, y[3], c[1]) 242 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 243 c[1], c[0] = madd1(v, y[4], c[1]) 244 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 245 c[1], c[0] = madd1(v, y[5], c[1]) 246 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 247 } 248 { 249 // round 1 250 v := x[1] 251 c[1], c[0] = madd1(v, y[0], t[0]) 252 m := c[0] * 9940570264628428797 253 c[2] = madd0(m, 13402431016077863595, c[0]) 254 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 255 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 256 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 257 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 258 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 259 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 260 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 261 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 262 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 263 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 264 } 265 { 266 // round 2 267 v := x[2] 268 c[1], c[0] = madd1(v, y[0], t[0]) 269 m := c[0] * 9940570264628428797 270 c[2] = madd0(m, 13402431016077863595, c[0]) 271 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 272 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 273 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 274 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 275 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 276 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 277 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 278 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 279 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 280 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 281 } 282 { 283 // round 3 284 v := x[3] 285 c[1], c[0] = madd1(v, y[0], t[0]) 286 m := c[0] * 9940570264628428797 287 c[2] = madd0(m, 13402431016077863595, c[0]) 288 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 289 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 290 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 291 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 292 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 293 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 294 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 295 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 296 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 297 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 298 } 299 { 300 // round 4 301 v := x[4] 302 c[1], c[0] = madd1(v, y[0], t[0]) 303 m := c[0] * 9940570264628428797 304 c[2] = madd0(m, 13402431016077863595, c[0]) 305 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 306 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 307 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 308 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 309 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 310 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 311 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 312 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 313 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 314 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 315 } 316 { 317 // round 5 318 v := x[5] 319 c[1], c[0] = madd1(v, y[0], t[0]) 320 m := c[0] * 9940570264628428797 321 c[2] = madd0(m, 13402431016077863595, c[0]) 322 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 323 c[2], z[0] = madd2(m, 2210141511517208575, c[2], c[0]) 324 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 325 c[2], z[1] = madd2(m, 7435674573564081700, c[2], c[0]) 326 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 327 c[2], z[2] = madd2(m, 7239337960414712511, c[2], c[0]) 328 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 329 c[2], z[3] = madd2(m, 5412103778470702295, c[2], c[0]) 330 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 331 z[5], z[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 332 } 333 334 // if z > q --> z -= q 335 // note: this is NOT constant time 336 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 337 var b uint64 338 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 339 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 340 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 341 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 342 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 343 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 344 } 345 } 346 347 func square(z, x *fe) { 348 var p [6]uint64 349 350 var u, v uint64 351 { 352 // round 0 353 u, p[0] = bits.Mul64(x[0], x[0]) 354 m := p[0] * 9940570264628428797 355 C := madd0(m, 13402431016077863595, p[0]) 356 var t uint64 357 t, u, v = madd1sb(x[0], x[1], u) 358 C, p[0] = madd2(m, 2210141511517208575, v, C) 359 t, u, v = madd1s(x[0], x[2], t, u) 360 C, p[1] = madd2(m, 7435674573564081700, v, C) 361 t, u, v = madd1s(x[0], x[3], t, u) 362 C, p[2] = madd2(m, 7239337960414712511, v, C) 363 t, u, v = madd1s(x[0], x[4], t, u) 364 C, p[3] = madd2(m, 5412103778470702295, v, C) 365 _, u, v = madd1s(x[0], x[5], t, u) 366 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 367 } 368 { 369 // round 1 370 m := p[0] * 9940570264628428797 371 C := madd0(m, 13402431016077863595, p[0]) 372 u, v = madd1(x[1], x[1], p[1]) 373 C, p[0] = madd2(m, 2210141511517208575, v, C) 374 var t uint64 375 t, u, v = madd2sb(x[1], x[2], p[2], u) 376 C, p[1] = madd2(m, 7435674573564081700, v, C) 377 t, u, v = madd2s(x[1], x[3], p[3], t, u) 378 C, p[2] = madd2(m, 7239337960414712511, v, C) 379 t, u, v = madd2s(x[1], x[4], p[4], t, u) 380 C, p[3] = madd2(m, 5412103778470702295, v, C) 381 _, u, v = madd2s(x[1], x[5], p[5], t, u) 382 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 383 } 384 { 385 // round 2 386 m := p[0] * 9940570264628428797 387 C := madd0(m, 13402431016077863595, p[0]) 388 C, p[0] = madd2(m, 2210141511517208575, p[1], C) 389 u, v = madd1(x[2], x[2], p[2]) 390 C, p[1] = madd2(m, 7435674573564081700, v, C) 391 var t uint64 392 t, u, v = madd2sb(x[2], x[3], p[3], u) 393 C, p[2] = madd2(m, 7239337960414712511, v, C) 394 t, u, v = madd2s(x[2], x[4], p[4], t, u) 395 C, p[3] = madd2(m, 5412103778470702295, v, C) 396 _, u, v = madd2s(x[2], x[5], p[5], t, u) 397 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 398 } 399 { 400 // round 3 401 m := p[0] * 9940570264628428797 402 C := madd0(m, 13402431016077863595, p[0]) 403 C, p[0] = madd2(m, 2210141511517208575, p[1], C) 404 C, p[1] = madd2(m, 7435674573564081700, p[2], C) 405 u, v = madd1(x[3], x[3], p[3]) 406 C, p[2] = madd2(m, 7239337960414712511, v, C) 407 var t uint64 408 t, u, v = madd2sb(x[3], x[4], p[4], u) 409 C, p[3] = madd2(m, 5412103778470702295, v, C) 410 _, u, v = madd2s(x[3], x[5], p[5], t, u) 411 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 412 } 413 { 414 // round 4 415 m := p[0] * 9940570264628428797 416 C := madd0(m, 13402431016077863595, p[0]) 417 C, p[0] = madd2(m, 2210141511517208575, p[1], C) 418 C, p[1] = madd2(m, 7435674573564081700, p[2], C) 419 C, p[2] = madd2(m, 7239337960414712511, p[3], C) 420 u, v = madd1(x[4], x[4], p[4]) 421 C, p[3] = madd2(m, 5412103778470702295, v, C) 422 _, u, v = madd2sb(x[4], x[5], p[5], u) 423 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 424 } 425 { 426 // round 5 427 m := p[0] * 9940570264628428797 428 C := madd0(m, 13402431016077863595, p[0]) 429 C, z[0] = madd2(m, 2210141511517208575, p[1], C) 430 C, z[1] = madd2(m, 7435674573564081700, p[2], C) 431 C, z[2] = madd2(m, 7239337960414712511, p[3], C) 432 C, z[3] = madd2(m, 5412103778470702295, p[4], C) 433 u, v = madd1(x[5], x[5], p[5]) 434 z[5], z[4] = madd3(m, 1873798617647539866, v, C, u) 435 } 436 437 // if z > q --> z -= q 438 // note: this is NOT constant time 439 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 440 var b uint64 441 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 442 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 443 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 444 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 445 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 446 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 447 } 448 } 449 450 // arith.go 451 // Copyright 2020 ConsenSys AG 452 // 453 // Licensed under the Apache License, Version 2.0 (the "License"); 454 // you may not use this file except in compliance with the License. 455 // You may obtain a copy of the License at 456 // 457 // http://www.apache.org/licenses/LICENSE-2.0 458 // 459 // Unless required by applicable law or agreed to in writing, software 460 // distributed under the License is distributed on an "AS IS" BASIS, 461 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 462 // See the License for the specific language governing permissions and 463 // limitations under the License. 464 465 // Code generated by goff DO NOT EDIT 466 467 func madd(a, b, t, u, v uint64) (uint64, uint64, uint64) { 468 var carry uint64 469 hi, lo := bits.Mul64(a, b) 470 v, carry = bits.Add64(lo, v, 0) 471 u, carry = bits.Add64(hi, u, carry) 472 t, _ = bits.Add64(t, 0, carry) 473 return t, u, v 474 } 475 476 // madd0 hi = a*b + c (discards lo bits) 477 func madd0(a, b, c uint64) (hi uint64) { 478 var carry, lo uint64 479 hi, lo = bits.Mul64(a, b) 480 _, carry = bits.Add64(lo, c, 0) 481 hi, _ = bits.Add64(hi, 0, carry) 482 return 483 } 484 485 // madd1 hi, lo = a*b + c 486 func madd1(a, b, c uint64) (hi uint64, lo uint64) { 487 var carry uint64 488 hi, lo = bits.Mul64(a, b) 489 lo, carry = bits.Add64(lo, c, 0) 490 hi, _ = bits.Add64(hi, 0, carry) 491 return 492 } 493 494 // madd2 hi, lo = a*b + c + d 495 func madd2(a, b, c, d uint64) (hi uint64, lo uint64) { 496 var carry uint64 497 hi, lo = bits.Mul64(a, b) 498 c, carry = bits.Add64(c, d, 0) 499 hi, _ = bits.Add64(hi, 0, carry) 500 lo, carry = bits.Add64(lo, c, 0) 501 hi, _ = bits.Add64(hi, 0, carry) 502 return 503 } 504 505 // madd2s superhi, hi, lo = 2*a*b + c + d + e 506 func madd2s(a, b, c, d, e uint64) (superhi, hi, lo uint64) { 507 var carry, sum uint64 508 509 hi, lo = bits.Mul64(a, b) 510 lo, carry = bits.Add64(lo, lo, 0) 511 hi, superhi = bits.Add64(hi, hi, carry) 512 513 sum, carry = bits.Add64(c, e, 0) 514 hi, _ = bits.Add64(hi, 0, carry) 515 lo, carry = bits.Add64(lo, sum, 0) 516 hi, _ = bits.Add64(hi, 0, carry) 517 hi, _ = bits.Add64(hi, 0, d) 518 return 519 } 520 521 func madd1s(a, b, d, e uint64) (superhi, hi, lo uint64) { 522 var carry uint64 523 524 hi, lo = bits.Mul64(a, b) 525 lo, carry = bits.Add64(lo, lo, 0) 526 hi, superhi = bits.Add64(hi, hi, carry) 527 lo, carry = bits.Add64(lo, e, 0) 528 hi, _ = bits.Add64(hi, 0, carry) 529 hi, _ = bits.Add64(hi, 0, d) 530 return 531 } 532 533 func madd2sb(a, b, c, e uint64) (superhi, hi, lo uint64) { 534 var carry, sum uint64 535 536 hi, lo = bits.Mul64(a, b) 537 lo, carry = bits.Add64(lo, lo, 0) 538 hi, superhi = bits.Add64(hi, hi, carry) 539 540 sum, carry = bits.Add64(c, e, 0) 541 hi, _ = bits.Add64(hi, 0, carry) 542 lo, carry = bits.Add64(lo, sum, 0) 543 hi, _ = bits.Add64(hi, 0, carry) 544 return 545 } 546 547 func madd1sb(a, b, e uint64) (superhi, hi, lo uint64) { 548 var carry uint64 549 550 hi, lo = bits.Mul64(a, b) 551 lo, carry = bits.Add64(lo, lo, 0) 552 hi, superhi = bits.Add64(hi, hi, carry) 553 lo, carry = bits.Add64(lo, e, 0) 554 hi, _ = bits.Add64(hi, 0, carry) 555 return 556 } 557 558 func madd3(a, b, c, d, e uint64) (hi uint64, lo uint64) { 559 var carry uint64 560 hi, lo = bits.Mul64(a, b) 561 c, carry = bits.Add64(c, d, 0) 562 hi, _ = bits.Add64(hi, 0, carry) 563 lo, carry = bits.Add64(lo, c, 0) 564 hi, _ = bits.Add64(hi, e, carry) 565 return 566 }