github.com/piotrnar/gocoin@v0.0.0-20240512203912-faa0448c5e96/lib/secp256k1/field_10x26.go (about) 1 // +build !amd64,!arm64,!arm64be,!ppc64,!ppc64le,!mips64,!mips64le,!s390x,!sparc64 2 3 package secp256k1 4 5 import ( 6 ) 7 8 const FieldArch = "10x26" 9 10 type Field struct { 11 n [10]uint32 12 } 13 14 func (r *Field) SetB32(a []byte) { 15 //println("SetB32") 16 r.n[0] = uint32(a[31]) | (uint32(a[30]) << 8) | (uint32(a[29]) << 16) | (uint32(a[28] & 0x3) << 24) 17 r.n[1] = uint32((a[28] >> 2) & 0x3f) | (uint32(a[27]) << 6) | (uint32(a[26]) << 14) | (uint32(a[25] & 0xf) << 22) 18 r.n[2] = uint32((a[25] >> 4) & 0xf) | (uint32(a[24]) << 4) | (uint32(a[23]) << 12) | (uint32(a[22] & 0x3f) << 20) 19 r.n[3] = uint32((a[22] >> 6) & 0x3) | (uint32(a[21]) << 2) | (uint32(a[20]) << 10) | (uint32(a[19]) << 18) 20 r.n[4] = uint32(a[18]) | (uint32(a[17]) << 8) | (uint32(a[16]) << 16) | (uint32(a[15] & 0x3) << 24) 21 r.n[5] = uint32((a[15] >> 2) & 0x3f) | (uint32(a[14]) << 6) | (uint32(a[13]) << 14) | (uint32(a[12] & 0xf) << 22) 22 r.n[6] = uint32((a[12] >> 4) & 0xf) | (uint32(a[11]) << 4) | (uint32(a[10]) << 12) | (uint32(a[9] & 0x3f) << 20) 23 r.n[7] = uint32((a[9] >> 6) & 0x3) | (uint32(a[8]) << 2) | (uint32(a[7]) << 10) | (uint32(a[6]) << 18) 24 r.n[8] = uint32(a[5]) | (uint32(a[4]) << 8) | (uint32(a[3]) << 16) | (uint32(a[2] & 0x3) << 24) 25 r.n[9] = uint32((a[2] >> 2) & 0x3f) | (uint32(a[1]) << 6) | (uint32(a[0]) << 14) 26 } 27 28 func (a *Field) IsZero() bool { 29 //println("IsZero") 30 return (a.n[0] == 0 && a.n[1] == 0 && a.n[2] == 0 && a.n[3] == 0 && a.n[4] == 0 && a.n[5] == 0 && a.n[6] == 0 && a.n[7] == 0 && a.n[8] == 0 && a.n[9] == 0) 31 } 32 33 34 func (r *Field) SetInt(a uint32) { 35 //println("SetInt") 36 r.n[0] = a; r.n[1] = 0; r.n[2] = 0; r.n[3] = 0; r.n[4] = 0; 37 r.n[5] = 0; r.n[6] = 0; r.n[7] = 0; r.n[8] = 0; r.n[9] = 0; 38 } 39 40 func (r *Field) Normalize() { 41 //println("Normalize") 42 c := r.n[0] 43 t0 := c & 0x3FFFFFF 44 c = (c >> 26) + r.n[1] 45 t1 := c & 0x3FFFFFF 46 c = (c >> 26) + r.n[2] 47 t2 := c & 0x3FFFFFF 48 c = (c >> 26) + r.n[3] 49 t3 := c & 0x3FFFFFF 50 c = (c >> 26) + r.n[4] 51 t4 := c & 0x3FFFFFF 52 c = (c >> 26) + r.n[5] 53 t5 := c & 0x3FFFFFF 54 c = (c >> 26) + r.n[6] 55 t6 := c & 0x3FFFFFF 56 c = (c >> 26) + r.n[7] 57 t7 := c & 0x3FFFFFF 58 c = (c >> 26) + r.n[8] 59 t8 := c & 0x3FFFFFF 60 c = (c >> 26) + r.n[9] 61 t9 := c & 0x03FFFFF 62 c >>= 22 63 64 // The following code will not modify the t's if c is initially 0. 65 d := c * 0x3D1 + t0 66 t0 = d & 0x3FFFFFF 67 d = (d >> 26) + t1 + c*0x40 68 t1 = d & 0x3FFFFFF 69 d = (d >> 26) + t2 70 t2 = d & 0x3FFFFFF 71 d = (d >> 26) + t3 72 t3 = d & 0x3FFFFFF 73 d = (d >> 26) + t4 74 t4 = d & 0x3FFFFFF 75 d = (d >> 26) + t5 76 t5 = d & 0x3FFFFFF 77 d = (d >> 26) + t6 78 t6 = d & 0x3FFFFFF 79 d = (d >> 26) + t7 80 t7 = d & 0x3FFFFFF 81 d = (d >> 26) + t8 82 t8 = d & 0x3FFFFFF 83 d = (d >> 26) + t9 84 t9 = d & 0x03FFFFF 85 86 // Subtract p if result >= p 87 low := (uint64(t1) << 26) | uint64(t0) 88 //mask := uint64(-(int64)((t9 < 0x03FFFFF) | (t8 < 0x3FFFFFF) | (t7 < 0x3FFFFFF) | (t6 < 0x3FFFFFF) | (t5 < 0x3FFFFFF) | (t4 < 0x3FFFFFF) | (t3 < 0x3FFFFFF) | (t2 < 0x3FFFFFF) | (low < 0xFFFFEFFFFFC2F))) 89 var mask uint64 90 if (t9 < 0x03FFFFF) || 91 (t8 < 0x3FFFFFF) || 92 (t7 < 0x3FFFFFF) || 93 (t6 < 0x3FFFFFF) || 94 (t5 < 0x3FFFFFF) || 95 (t4 < 0x3FFFFFF) || 96 (t3 < 0x3FFFFFF) || 97 (t2 < 0x3FFFFFF) || 98 (low < 0xFFFFEFFFFFC2F) { 99 mask = 0xFFFFFFFFFFFFFFFF 100 } 101 t9 &= uint32(mask) 102 t8 &= uint32(mask) 103 t7 &= uint32(mask) 104 t6 &= uint32(mask) 105 t5 &= uint32(mask) 106 t4 &= uint32(mask) 107 t3 &= uint32(mask) 108 t2 &= uint32(mask) 109 low -= ((mask^0xFFFFFFFFFFFFFFFF) & 0xFFFFEFFFFFC2F) 110 111 // push internal variables back 112 r.n[0] = uint32(low) & 0x3FFFFFF 113 r.n[1] = uint32(low >> 26) & 0x3FFFFFF 114 r.n[2] = t2; r.n[3] = t3; r.n[4] = t4 115 r.n[5] = t5; r.n[6] = t6; r.n[7] = t7; 116 r.n[8] = t8; r.n[9] = t9 117 } 118 119 func (a *Field) GetB32(r []byte) { 120 //println("GetB32") 121 r[0] = byte(a.n[9] >> 14) 122 r[1] = byte(a.n[9] >> 6) 123 r[2] = byte((a.n[9] & 0x3F) << 2) | byte((a.n[8] >> 24) & 0x3) 124 r[3] = byte(a.n[8] >> 16) 125 r[4] = byte(a.n[8] >> 8) 126 r[5] = byte(a.n[8]) 127 r[6] = byte(a.n[7] >> 18) 128 r[7] = byte(a.n[7] >> 10) 129 r[8] = byte(a.n[7] >> 2) 130 r[9] = byte((a.n[7] & 0x3) << 6) | byte((a.n[6] >> 20) & 0x3f) 131 r[10] = byte(a.n[6] >> 12) 132 r[11] = byte(a.n[6] >> 4) 133 r[12] = byte((a.n[6] & 0xf) << 4) | byte((a.n[5] >> 22) & 0xf) 134 r[13] = byte(a.n[5] >> 14) 135 r[14] = byte(a.n[5] >> 6) 136 r[15] = byte((a.n[5] & 0x3f) << 2) | byte((a.n[4] >> 24) & 0x3) 137 r[16] = byte(a.n[4] >> 16) 138 r[17] = byte(a.n[4] >> 8) 139 r[18] = byte(a.n[4]) 140 r[19] = byte(a.n[3] >> 18) 141 r[20] = byte(a.n[3] >> 10) 142 r[21] = byte(a.n[3] >> 2) 143 r[22] = byte((a.n[3] & 0x3) << 6) | byte((a.n[2] >> 20) & 0x3f) 144 r[23] = byte(a.n[2] >> 12) 145 r[24] = byte(a.n[2] >> 4) 146 r[25] = byte((a.n[2] & 0xf) << 4) | byte((a.n[1] >> 22) & 0xf) 147 r[26] = byte(a.n[1] >> 14) 148 r[27] = byte(a.n[1] >> 6) 149 r[28] = byte((a.n[1] & 0x3f) << 2) | byte((a.n[0] >> 24) & 0x3) 150 r[29] = byte(a.n[0] >> 16) 151 r[30] = byte(a.n[0] >> 8) 152 r[31] = byte(a.n[0]) 153 } 154 155 func (a *Field) Equals(b *Field) bool { 156 //println("Equals") 157 return (a.n[0] == b.n[0] && a.n[1] == b.n[1] && a.n[2] == b.n[2] && a.n[3] == b.n[3] && a.n[4] == b.n[4] && 158 a.n[5] == b.n[5] && a.n[6] == b.n[6] && a.n[7] == b.n[7] && a.n[8] == b.n[8] && a.n[9] == b.n[9]) 159 } 160 161 func (r *Field) SetAdd(a *Field) { 162 //println("SetAdd") 163 r.n[0] += a.n[0] 164 r.n[1] += a.n[1] 165 r.n[2] += a.n[2] 166 r.n[3] += a.n[3] 167 r.n[4] += a.n[4] 168 r.n[5] += a.n[5] 169 r.n[6] += a.n[6] 170 r.n[7] += a.n[7] 171 r.n[8] += a.n[8] 172 r.n[9] += a.n[9] 173 } 174 175 func (r *Field) MulInt(a uint32) { 176 //println("MulInt") 177 r.n[0] *= a 178 r.n[1] *= a 179 r.n[2] *= a 180 r.n[3] *= a 181 r.n[4] *= a 182 r.n[5] *= a 183 r.n[6] *= a 184 r.n[7] *= a 185 r.n[8] *= a 186 r.n[9] *= a 187 } 188 189 190 func (a *Field) Negate(r *Field, m uint32) { 191 //println("Negate") 192 r.n[0] = 0x3FFFC2F * (m + 1) - a.n[0] 193 r.n[1] = 0x3FFFFBF * (m + 1) - a.n[1] 194 r.n[2] = 0x3FFFFFF * (m + 1) - a.n[2] 195 r.n[3] = 0x3FFFFFF * (m + 1) - a.n[3] 196 r.n[4] = 0x3FFFFFF * (m + 1) - a.n[4] 197 r.n[5] = 0x3FFFFFF * (m + 1) - a.n[5] 198 r.n[6] = 0x3FFFFFF * (m + 1) - a.n[6] 199 r.n[7] = 0x3FFFFFF * (m + 1) - a.n[7] 200 r.n[8] = 0x3FFFFFF * (m + 1) - a.n[8] 201 r.n[9] = 0x03FFFFF * (m + 1) - a.n[9] 202 } 203 204 205 func (a *Field) Mul(r, b *Field) { 206 //println("Mul", a.String(), b.String()) 207 var c, d uint64 208 var t0, t1, t2, t3, t4, t5, t6 uint64 209 var t7, t8, t9, t10, t11, t12, t13 uint64 210 var t14, t15, t16, t17, t18, t19 uint64 211 212 c = uint64(a.n[0]) * uint64(b.n[0]) 213 t0 = c & 0x3FFFFFF 214 c = c >> 26 215 c = c + uint64(a.n[0])*uint64(b.n[1]) + 216 uint64(a.n[1])*uint64(b.n[0]) 217 t1 = c & 0x3FFFFFF 218 c = c >> 26 219 c = c + uint64(a.n[0])*uint64(b.n[2]) + 220 uint64(a.n[1])*uint64(b.n[1]) + 221 uint64(a.n[2])*uint64(b.n[0]) 222 t2 = c & 0x3FFFFFF 223 c = c >> 26 224 c = c + uint64(a.n[0])*uint64(b.n[3]) + 225 uint64(a.n[1])*uint64(b.n[2]) + 226 uint64(a.n[2])*uint64(b.n[1]) + 227 uint64(a.n[3])*uint64(b.n[0]) 228 t3 = c & 0x3FFFFFF 229 c = c >> 26 230 c = c + uint64(a.n[0])*uint64(b.n[4]) + 231 uint64(a.n[1])*uint64(b.n[3]) + 232 uint64(a.n[2])*uint64(b.n[2]) + 233 uint64(a.n[3])*uint64(b.n[1]) + 234 uint64(a.n[4])*uint64(b.n[0]) 235 t4 = c & 0x3FFFFFF 236 c = c >> 26 237 c = c + uint64(a.n[0])*uint64(b.n[5]) + 238 uint64(a.n[1])*uint64(b.n[4]) + 239 uint64(a.n[2])*uint64(b.n[3]) + 240 uint64(a.n[3])*uint64(b.n[2]) + 241 uint64(a.n[4])*uint64(b.n[1]) + 242 uint64(a.n[5])*uint64(b.n[0]) 243 t5 = c & 0x3FFFFFF 244 c = c >> 26 245 c = c + uint64(a.n[0])*uint64(b.n[6]) + 246 uint64(a.n[1])*uint64(b.n[5]) + 247 uint64(a.n[2])*uint64(b.n[4]) + 248 uint64(a.n[3])*uint64(b.n[3]) + 249 uint64(a.n[4])*uint64(b.n[2]) + 250 uint64(a.n[5])*uint64(b.n[1]) + 251 uint64(a.n[6])*uint64(b.n[0]) 252 t6 = c & 0x3FFFFFF 253 c = c >> 26 254 c = c + uint64(a.n[0])*uint64(b.n[7]) + 255 uint64(a.n[1])*uint64(b.n[6]) + 256 uint64(a.n[2])*uint64(b.n[5]) + 257 uint64(a.n[3])*uint64(b.n[4]) + 258 uint64(a.n[4])*uint64(b.n[3]) + 259 uint64(a.n[5])*uint64(b.n[2]) + 260 uint64(a.n[6])*uint64(b.n[1]) + 261 uint64(a.n[7])*uint64(b.n[0]) 262 t7 = c & 0x3FFFFFF 263 c = c >> 26 264 c = c + uint64(a.n[0])*uint64(b.n[8]) + 265 uint64(a.n[1])*uint64(b.n[7]) + 266 uint64(a.n[2])*uint64(b.n[6]) + 267 uint64(a.n[3])*uint64(b.n[5]) + 268 uint64(a.n[4])*uint64(b.n[4]) + 269 uint64(a.n[5])*uint64(b.n[3]) + 270 uint64(a.n[6])*uint64(b.n[2]) + 271 uint64(a.n[7])*uint64(b.n[1]) + 272 uint64(a.n[8])*uint64(b.n[0]) 273 t8 = c & 0x3FFFFFF 274 c = c >> 26 275 c = c + uint64(a.n[0])*uint64(b.n[9]) + 276 uint64(a.n[1])*uint64(b.n[8]) + 277 uint64(a.n[2])*uint64(b.n[7]) + 278 uint64(a.n[3])*uint64(b.n[6]) + 279 uint64(a.n[4])*uint64(b.n[5]) + 280 uint64(a.n[5])*uint64(b.n[4]) + 281 uint64(a.n[6])*uint64(b.n[3]) + 282 uint64(a.n[7])*uint64(b.n[2]) + 283 uint64(a.n[8])*uint64(b.n[1]) + 284 uint64(a.n[9])*uint64(b.n[0]) 285 t9 = c & 0x3FFFFFF 286 c = c >> 26 287 c = c + uint64(a.n[1])*uint64(b.n[9]) + 288 uint64(a.n[2])*uint64(b.n[8]) + 289 uint64(a.n[3])*uint64(b.n[7]) + 290 uint64(a.n[4])*uint64(b.n[6]) + 291 uint64(a.n[5])*uint64(b.n[5]) + 292 uint64(a.n[6])*uint64(b.n[4]) + 293 uint64(a.n[7])*uint64(b.n[3]) + 294 uint64(a.n[8])*uint64(b.n[2]) + 295 uint64(a.n[9])*uint64(b.n[1]) 296 t10 = c & 0x3FFFFFF 297 c = c >> 26 298 c = c + uint64(a.n[2])*uint64(b.n[9]) + 299 uint64(a.n[3])*uint64(b.n[8]) + 300 uint64(a.n[4])*uint64(b.n[7]) + 301 uint64(a.n[5])*uint64(b.n[6]) + 302 uint64(a.n[6])*uint64(b.n[5]) + 303 uint64(a.n[7])*uint64(b.n[4]) + 304 uint64(a.n[8])*uint64(b.n[3]) + 305 uint64(a.n[9])*uint64(b.n[2]) 306 t11 = c & 0x3FFFFFF 307 c = c >> 26 308 c = c + uint64(a.n[3])*uint64(b.n[9]) + 309 uint64(a.n[4])*uint64(b.n[8]) + 310 uint64(a.n[5])*uint64(b.n[7]) + 311 uint64(a.n[6])*uint64(b.n[6]) + 312 uint64(a.n[7])*uint64(b.n[5]) + 313 uint64(a.n[8])*uint64(b.n[4]) + 314 uint64(a.n[9])*uint64(b.n[3]) 315 t12 = c & 0x3FFFFFF 316 c = c >> 26 317 c = c + uint64(a.n[4])*uint64(b.n[9]) + 318 uint64(a.n[5])*uint64(b.n[8]) + 319 uint64(a.n[6])*uint64(b.n[7]) + 320 uint64(a.n[7])*uint64(b.n[6]) + 321 uint64(a.n[8])*uint64(b.n[5]) + 322 uint64(a.n[9])*uint64(b.n[4]) 323 t13 = c & 0x3FFFFFF 324 c = c >> 26 325 c = c + uint64(a.n[5])*uint64(b.n[9]) + 326 uint64(a.n[6])*uint64(b.n[8]) + 327 uint64(a.n[7])*uint64(b.n[7]) + 328 uint64(a.n[8])*uint64(b.n[6]) + 329 uint64(a.n[9])*uint64(b.n[5]) 330 t14 = c & 0x3FFFFFF 331 c = c >> 26 332 c = c + uint64(a.n[6])*uint64(b.n[9]) + 333 uint64(a.n[7])*uint64(b.n[8]) + 334 uint64(a.n[8])*uint64(b.n[7]) + 335 uint64(a.n[9])*uint64(b.n[6]) 336 t15 = c & 0x3FFFFFF 337 c = c >> 26 338 c = c + uint64(a.n[7])*uint64(b.n[9]) + 339 uint64(a.n[8])*uint64(b.n[8]) + 340 uint64(a.n[9])*uint64(b.n[7]) 341 t16 = c & 0x3FFFFFF 342 c = c >> 26 343 c = c + uint64(a.n[8])*uint64(b.n[9]) + 344 uint64(a.n[9])*uint64(b.n[8]) 345 t17 = c & 0x3FFFFFF 346 c = c >> 26 347 c = c + uint64(a.n[9])*uint64(b.n[9]) 348 t18 = c & 0x3FFFFFF 349 c = c >> 26 350 t19 = c 351 352 c = t0 + t10*0x3D10 353 t0 = c & 0x3FFFFFF 354 c = c >> 26 355 c = c + t1 + t10*0x400 + t11*0x3D10 356 t1 = c & 0x3FFFFFF 357 c = c >> 26 358 c = c + t2 + t11*0x400 + t12*0x3D10 359 t2 = c & 0x3FFFFFF 360 c = c >> 26 361 c = c + t3 + t12*0x400 + t13*0x3D10 362 r.n[3] = uint32(c) & 0x3FFFFFF 363 c = c >> 26 364 c = c + t4 + t13*0x400 + t14*0x3D10 365 r.n[4] = uint32(c) & 0x3FFFFFF 366 c = c >> 26 367 c = c + t5 + t14*0x400 + t15*0x3D10 368 r.n[5] = uint32(c) & 0x3FFFFFF 369 c = c >> 26 370 c = c + t6 + t15*0x400 + t16*0x3D10 371 r.n[6] = uint32(c) & 0x3FFFFFF 372 c = c >> 26 373 c = c + t7 + t16*0x400 + t17*0x3D10 374 r.n[7] = uint32(c) & 0x3FFFFFF 375 c = c >> 26 376 c = c + t8 + t17*0x400 + t18*0x3D10 377 r.n[8] = uint32(c) & 0x3FFFFFF 378 c = c >> 26 379 c = c + t9 + t18*0x400 + t19*0x1000003D10 380 r.n[9] = uint32(c) & 0x03FFFFF 381 c = c >> 22 382 d = t0 + c*0x3D1 383 r.n[0] = uint32(d) & 0x3FFFFFF 384 d = d >> 26 385 d = d + t1 + c*0x40 386 r.n[1] = uint32(d) & 0x3FFFFFF 387 d = d >> 26 388 r.n[2] = uint32(t2 + d) 389 //println("Mul:", r.String()) 390 r.Normalize() 391 //println("Mul:", r.String()) 392 //os.Exit(0) 393 } 394 395 func (a *Field) Sqr(r *Field) { 396 var c, d uint64 397 var t0, t1, t2, t3, t4, t5, t6 uint64 398 var t7, t8, t9, t10, t11, t12, t13 uint64 399 var t14, t15, t16, t17, t18, t19 uint64 400 401 c = uint64(a.n[0]) * uint64(a.n[0]); 402 t0 = c & 0x3FFFFFF; c = c >> 26; 403 c = c + (uint64(a.n[0])*2) * uint64(a.n[1]); 404 t1 = c & 0x3FFFFFF; c = c >> 26; 405 c = c + (uint64(a.n[0])*2) * uint64(a.n[2]) + 406 uint64(a.n[1]) * uint64(a.n[1]); 407 t2 = c & 0x3FFFFFF; c = c >> 26; 408 c = c + (uint64(a.n[0])*2) * uint64(a.n[3]) + 409 (uint64(a.n[1])*2) * uint64(a.n[2]); 410 t3 = c & 0x3FFFFFF; c = c >> 26; 411 c = c + (uint64(a.n[0])*2) * uint64(a.n[4]) + 412 (uint64(a.n[1])*2) * uint64(a.n[3]) + 413 uint64(a.n[2]) * uint64(a.n[2]); 414 t4 = c & 0x3FFFFFF; c = c >> 26; 415 c = c + (uint64(a.n[0])*2) * uint64(a.n[5]) + 416 (uint64(a.n[1])*2) * uint64(a.n[4]) + 417 (uint64(a.n[2])*2) * uint64(a.n[3]); 418 t5 = c & 0x3FFFFFF; c = c >> 26; 419 c = c + (uint64(a.n[0])*2) * uint64(a.n[6]) + 420 (uint64(a.n[1])*2) * uint64(a.n[5]) + 421 (uint64(a.n[2])*2) * uint64(a.n[4]) + 422 uint64(a.n[3]) * uint64(a.n[3]); 423 t6 = c & 0x3FFFFFF; c = c >> 26; 424 c = c + (uint64(a.n[0])*2) * uint64(a.n[7]) + 425 (uint64(a.n[1])*2) * uint64(a.n[6]) + 426 (uint64(a.n[2])*2) * uint64(a.n[5]) + 427 (uint64(a.n[3])*2) * uint64(a.n[4]); 428 t7 = c & 0x3FFFFFF; c = c >> 26; 429 c = c + (uint64(a.n[0])*2) * uint64(a.n[8]) + 430 (uint64(a.n[1])*2) * uint64(a.n[7]) + 431 (uint64(a.n[2])*2) * uint64(a.n[6]) + 432 (uint64(a.n[3])*2) * uint64(a.n[5]) + 433 uint64(a.n[4]) * uint64(a.n[4]); 434 t8 = c & 0x3FFFFFF; c = c >> 26; 435 c = c + (uint64(a.n[0])*2) * uint64(a.n[9]) + 436 (uint64(a.n[1])*2) * uint64(a.n[8]) + 437 (uint64(a.n[2])*2) * uint64(a.n[7]) + 438 (uint64(a.n[3])*2) * uint64(a.n[6]) + 439 (uint64(a.n[4])*2) * uint64(a.n[5]); 440 t9 = c & 0x3FFFFFF; c = c >> 26; 441 c = c + (uint64(a.n[1])*2) * uint64(a.n[9]) + 442 (uint64(a.n[2])*2) * uint64(a.n[8]) + 443 (uint64(a.n[3])*2) * uint64(a.n[7]) + 444 (uint64(a.n[4])*2) * uint64(a.n[6]) + 445 uint64(a.n[5]) * uint64(a.n[5]); 446 t10 = c & 0x3FFFFFF; c = c >> 26; 447 c = c + (uint64(a.n[2])*2) * uint64(a.n[9]) + 448 (uint64(a.n[3])*2) * uint64(a.n[8]) + 449 (uint64(a.n[4])*2) * uint64(a.n[7]) + 450 (uint64(a.n[5])*2) * uint64(a.n[6]); 451 t11 = c & 0x3FFFFFF; c = c >> 26; 452 c = c + (uint64(a.n[3])*2) * uint64(a.n[9]) + 453 (uint64(a.n[4])*2) * uint64(a.n[8]) + 454 (uint64(a.n[5])*2) * uint64(a.n[7]) + 455 uint64(a.n[6]) * uint64(a.n[6]); 456 t12 = c & 0x3FFFFFF; c = c >> 26; 457 c = c + (uint64(a.n[4])*2) * uint64(a.n[9]) + 458 (uint64(a.n[5])*2) * uint64(a.n[8]) + 459 (uint64(a.n[6])*2) * uint64(a.n[7]); 460 t13 = c & 0x3FFFFFF; c = c >> 26; 461 c = c + (uint64(a.n[5])*2) * uint64(a.n[9]) + 462 (uint64(a.n[6])*2) * uint64(a.n[8]) + 463 uint64(a.n[7]) * uint64(a.n[7]); 464 t14 = c & 0x3FFFFFF; c = c >> 26; 465 c = c + (uint64(a.n[6])*2) * uint64(a.n[9]) + 466 (uint64(a.n[7])*2) * uint64(a.n[8]); 467 t15 = c & 0x3FFFFFF; c = c >> 26; 468 c = c + (uint64(a.n[7])*2) * uint64(a.n[9]) + 469 uint64(a.n[8]) * uint64(a.n[8]); 470 t16 = c & 0x3FFFFFF; c = c >> 26; 471 c = c + (uint64(a.n[8])*2) * uint64(a.n[9]); 472 t17 = c & 0x3FFFFFF; c = c >> 26; 473 c = c + uint64(a.n[9]) * uint64(a.n[9]); 474 t18 = c & 0x3FFFFFF; c = c >> 26; 475 t19 = c; 476 477 c = t0 + t10 * 0x3D10; 478 t0 = c & 0x3FFFFFF; c = c >> 26; 479 c = c + t1 + t10*0x400 + t11 * 0x3D10; 480 t1 = c & 0x3FFFFFF; c = c >> 26; 481 c = c + t2 + t11*0x400 + t12 * 0x3D10; 482 t2 = c & 0x3FFFFFF; c = c >> 26; 483 c = c + t3 + t12*0x400 + t13 * 0x3D10; 484 r.n[3] = uint32(c) & 0x3FFFFFF; c = c >> 26; 485 c = c + t4 + t13*0x400 + t14 * 0x3D10; 486 r.n[4] = uint32(c) & 0x3FFFFFF; c = c >> 26; 487 c = c + t5 + t14*0x400 + t15 * 0x3D10; 488 r.n[5] = uint32(c) & 0x3FFFFFF; c = c >> 26; 489 c = c + t6 + t15*0x400 + t16 * 0x3D10; 490 r.n[6] = uint32(c) & 0x3FFFFFF; c = c >> 26; 491 c = c + t7 + t16*0x400 + t17 * 0x3D10; 492 r.n[7] = uint32(c) & 0x3FFFFFF; c = c >> 26; 493 c = c + t8 + t17*0x400 + t18 * 0x3D10; 494 r.n[8] = uint32(c) & 0x3FFFFFF; c = c >> 26; 495 c = c + t9 + t18*0x400 + t19 * 0x1000003D10; 496 r.n[9] = uint32(c) & 0x03FFFFF; c = c >> 22; 497 d = t0 + c * 0x3D1; 498 r.n[0] = uint32(d) & 0x3FFFFFF; d = d >> 26; 499 d = d + t1 + c*0x40; 500 r.n[1] = uint32(d) & 0x3FFFFFF; d = d >> 26; 501 r.n[2] = uint32(t2 + d) 502 }