github.com/theQRL/go-zond@v0.1.1/crypto/bls12381/arithmetic_fallback.go (about) 1 // Native go field arithmetic code is generated with 'goff' 2 // https://github.com/ConsenSys/goff 3 // Many function signature of field operations are renamed. 4 5 // Copyright 2020 ConsenSys AG 6 // 7 // Licensed under the Apache License, Version 2.0 (the "License"); 8 // you may not use this file except in compliance with the License. 9 // You may obtain a copy of the License at 10 // 11 // http://www.apache.org/licenses/LICENSE-2.0 12 // 13 // Unless required by applicable law or agreed to in writing, software 14 // distributed under the License is distributed on an "AS IS" BASIS, 15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 // See the License for the specific language governing permissions and 17 // limitations under the License. 18 19 // field modulus q = 20 // 21 // 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787 22 // Code generated by goff DO NOT EDIT 23 // goff version: v0.1.0 - build: 790f1f56eac432441e043abff8819eacddd1d668 24 // fe are assumed to be in Montgomery form in all methods 25 26 // /!\ WARNING /!\ 27 // this code has not been audited and is provided as-is. In particular, 28 // there is no security guarantees such as constant time implementation 29 // or side-channel attack resistance 30 // /!\ WARNING /!\ 31 32 // Package bls (generated by goff) contains field arithmetics operations 33 34 //go:build !amd64 || (!blsasm && !blsadx) 35 // +build !amd64 !blsasm,!blsadx 36 37 package bls12381 38 39 import ( 40 "math/bits" 41 ) 42 43 func add(z, x, y *fe) { 44 var carry uint64 45 46 z[0], carry = bits.Add64(x[0], y[0], 0) 47 z[1], carry = bits.Add64(x[1], y[1], carry) 48 z[2], carry = bits.Add64(x[2], y[2], carry) 49 z[3], carry = bits.Add64(x[3], y[3], carry) 50 z[4], carry = bits.Add64(x[4], y[4], carry) 51 z[5], _ = bits.Add64(x[5], y[5], carry) 52 53 // if z > q --> z -= q 54 // note: this is NOT constant time 55 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 56 var b uint64 57 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 58 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 59 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 60 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 61 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 62 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 63 } 64 } 65 66 func addAssign(x, y *fe) { 67 var carry uint64 68 69 x[0], carry = bits.Add64(x[0], y[0], 0) 70 x[1], carry = bits.Add64(x[1], y[1], carry) 71 x[2], carry = bits.Add64(x[2], y[2], carry) 72 x[3], carry = bits.Add64(x[3], y[3], carry) 73 x[4], carry = bits.Add64(x[4], y[4], carry) 74 x[5], _ = bits.Add64(x[5], y[5], carry) 75 76 // if z > q --> z -= q 77 // note: this is NOT constant time 78 if !(x[5] < 1873798617647539866 || (x[5] == 1873798617647539866 && (x[4] < 5412103778470702295 || (x[4] == 5412103778470702295 && (x[3] < 7239337960414712511 || (x[3] == 7239337960414712511 && (x[2] < 7435674573564081700 || (x[2] == 7435674573564081700 && (x[1] < 2210141511517208575 || (x[1] == 2210141511517208575 && (x[0] < 13402431016077863595))))))))))) { 79 var b uint64 80 x[0], b = bits.Sub64(x[0], 13402431016077863595, 0) 81 x[1], b = bits.Sub64(x[1], 2210141511517208575, b) 82 x[2], b = bits.Sub64(x[2], 7435674573564081700, b) 83 x[3], b = bits.Sub64(x[3], 7239337960414712511, b) 84 x[4], b = bits.Sub64(x[4], 5412103778470702295, b) 85 x[5], _ = bits.Sub64(x[5], 1873798617647539866, b) 86 } 87 } 88 89 func ladd(z, x, y *fe) { 90 var carry uint64 91 z[0], carry = bits.Add64(x[0], y[0], 0) 92 z[1], carry = bits.Add64(x[1], y[1], carry) 93 z[2], carry = bits.Add64(x[2], y[2], carry) 94 z[3], carry = bits.Add64(x[3], y[3], carry) 95 z[4], carry = bits.Add64(x[4], y[4], carry) 96 z[5], _ = bits.Add64(x[5], y[5], carry) 97 } 98 99 func laddAssign(x, y *fe) { 100 var carry uint64 101 x[0], carry = bits.Add64(x[0], y[0], 0) 102 x[1], carry = bits.Add64(x[1], y[1], carry) 103 x[2], carry = bits.Add64(x[2], y[2], carry) 104 x[3], carry = bits.Add64(x[3], y[3], carry) 105 x[4], carry = bits.Add64(x[4], y[4], carry) 106 x[5], _ = bits.Add64(x[5], y[5], carry) 107 } 108 109 func double(z, x *fe) { 110 var carry uint64 111 112 z[0], carry = bits.Add64(x[0], x[0], 0) 113 z[1], carry = bits.Add64(x[1], x[1], carry) 114 z[2], carry = bits.Add64(x[2], x[2], carry) 115 z[3], carry = bits.Add64(x[3], x[3], carry) 116 z[4], carry = bits.Add64(x[4], x[4], carry) 117 z[5], _ = bits.Add64(x[5], x[5], carry) 118 119 // if z > q --> z -= q 120 // note: this is NOT constant time 121 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 122 var b uint64 123 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 124 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 125 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 126 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 127 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 128 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 129 } 130 } 131 132 func doubleAssign(z *fe) { 133 var carry uint64 134 135 z[0], carry = bits.Add64(z[0], z[0], 0) 136 z[1], carry = bits.Add64(z[1], z[1], carry) 137 z[2], carry = bits.Add64(z[2], z[2], carry) 138 z[3], carry = bits.Add64(z[3], z[3], carry) 139 z[4], carry = bits.Add64(z[4], z[4], carry) 140 z[5], _ = bits.Add64(z[5], z[5], carry) 141 142 // if z > q --> z -= q 143 // note: this is NOT constant time 144 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 145 var b uint64 146 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 147 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 148 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 149 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 150 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 151 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 152 } 153 } 154 155 func ldouble(z, x *fe) { 156 var carry uint64 157 158 z[0], carry = bits.Add64(x[0], x[0], 0) 159 z[1], carry = bits.Add64(x[1], x[1], carry) 160 z[2], carry = bits.Add64(x[2], x[2], carry) 161 z[3], carry = bits.Add64(x[3], x[3], carry) 162 z[4], carry = bits.Add64(x[4], x[4], carry) 163 z[5], _ = bits.Add64(x[5], x[5], carry) 164 } 165 166 func sub(z, x, y *fe) { 167 var b uint64 168 z[0], b = bits.Sub64(x[0], y[0], 0) 169 z[1], b = bits.Sub64(x[1], y[1], b) 170 z[2], b = bits.Sub64(x[2], y[2], b) 171 z[3], b = bits.Sub64(x[3], y[3], b) 172 z[4], b = bits.Sub64(x[4], y[4], b) 173 z[5], b = bits.Sub64(x[5], y[5], b) 174 if b != 0 { 175 var c uint64 176 z[0], c = bits.Add64(z[0], 13402431016077863595, 0) 177 z[1], c = bits.Add64(z[1], 2210141511517208575, c) 178 z[2], c = bits.Add64(z[2], 7435674573564081700, c) 179 z[3], c = bits.Add64(z[3], 7239337960414712511, c) 180 z[4], c = bits.Add64(z[4], 5412103778470702295, c) 181 z[5], _ = bits.Add64(z[5], 1873798617647539866, c) 182 } 183 } 184 185 func subAssign(z, x *fe) { 186 var b uint64 187 z[0], b = bits.Sub64(z[0], x[0], 0) 188 z[1], b = bits.Sub64(z[1], x[1], b) 189 z[2], b = bits.Sub64(z[2], x[2], b) 190 z[3], b = bits.Sub64(z[3], x[3], b) 191 z[4], b = bits.Sub64(z[4], x[4], b) 192 z[5], b = bits.Sub64(z[5], x[5], b) 193 if b != 0 { 194 var c uint64 195 z[0], c = bits.Add64(z[0], 13402431016077863595, 0) 196 z[1], c = bits.Add64(z[1], 2210141511517208575, c) 197 z[2], c = bits.Add64(z[2], 7435674573564081700, c) 198 z[3], c = bits.Add64(z[3], 7239337960414712511, c) 199 z[4], c = bits.Add64(z[4], 5412103778470702295, c) 200 z[5], _ = bits.Add64(z[5], 1873798617647539866, c) 201 } 202 } 203 204 func lsubAssign(z, x *fe) { 205 var b uint64 206 z[0], b = bits.Sub64(z[0], x[0], 0) 207 z[1], b = bits.Sub64(z[1], x[1], b) 208 z[2], b = bits.Sub64(z[2], x[2], b) 209 z[3], b = bits.Sub64(z[3], x[3], b) 210 z[4], b = bits.Sub64(z[4], x[4], b) 211 z[5], _ = bits.Sub64(z[5], x[5], b) 212 } 213 214 func neg(z *fe, x *fe) { 215 if x.isZero() { 216 z.zero() 217 return 218 } 219 var borrow uint64 220 z[0], borrow = bits.Sub64(13402431016077863595, x[0], 0) 221 z[1], borrow = bits.Sub64(2210141511517208575, x[1], borrow) 222 z[2], borrow = bits.Sub64(7435674573564081700, x[2], borrow) 223 z[3], borrow = bits.Sub64(7239337960414712511, x[3], borrow) 224 z[4], borrow = bits.Sub64(5412103778470702295, x[4], borrow) 225 z[5], _ = bits.Sub64(1873798617647539866, x[5], borrow) 226 } 227 228 func mul(z, x, y *fe) { 229 var t [6]uint64 230 var c [3]uint64 231 { 232 // round 0 233 v := x[0] 234 c[1], c[0] = bits.Mul64(v, y[0]) 235 m := c[0] * 9940570264628428797 236 c[2] = madd0(m, 13402431016077863595, c[0]) 237 c[1], c[0] = madd1(v, y[1], c[1]) 238 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 239 c[1], c[0] = madd1(v, y[2], c[1]) 240 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 241 c[1], c[0] = madd1(v, y[3], c[1]) 242 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 243 c[1], c[0] = madd1(v, y[4], c[1]) 244 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 245 c[1], c[0] = madd1(v, y[5], c[1]) 246 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 247 } 248 { 249 // round 1 250 v := x[1] 251 c[1], c[0] = madd1(v, y[0], t[0]) 252 m := c[0] * 9940570264628428797 253 c[2] = madd0(m, 13402431016077863595, c[0]) 254 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 255 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 256 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 257 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 258 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 259 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 260 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 261 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 262 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 263 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 264 } 265 { 266 // round 2 267 v := x[2] 268 c[1], c[0] = madd1(v, y[0], t[0]) 269 m := c[0] * 9940570264628428797 270 c[2] = madd0(m, 13402431016077863595, c[0]) 271 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 272 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 273 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 274 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 275 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 276 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 277 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 278 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 279 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 280 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 281 } 282 { 283 // round 3 284 v := x[3] 285 c[1], c[0] = madd1(v, y[0], t[0]) 286 m := c[0] * 9940570264628428797 287 c[2] = madd0(m, 13402431016077863595, c[0]) 288 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 289 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 290 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 291 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 292 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 293 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 294 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 295 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 296 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 297 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 298 } 299 { 300 // round 4 301 v := x[4] 302 c[1], c[0] = madd1(v, y[0], t[0]) 303 m := c[0] * 9940570264628428797 304 c[2] = madd0(m, 13402431016077863595, c[0]) 305 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 306 c[2], t[0] = madd2(m, 2210141511517208575, c[2], c[0]) 307 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 308 c[2], t[1] = madd2(m, 7435674573564081700, c[2], c[0]) 309 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 310 c[2], t[2] = madd2(m, 7239337960414712511, c[2], c[0]) 311 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 312 c[2], t[3] = madd2(m, 5412103778470702295, c[2], c[0]) 313 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 314 t[5], t[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 315 } 316 { 317 // round 5 318 v := x[5] 319 c[1], c[0] = madd1(v, y[0], t[0]) 320 m := c[0] * 9940570264628428797 321 c[2] = madd0(m, 13402431016077863595, c[0]) 322 c[1], c[0] = madd2(v, y[1], c[1], t[1]) 323 c[2], z[0] = madd2(m, 2210141511517208575, c[2], c[0]) 324 c[1], c[0] = madd2(v, y[2], c[1], t[2]) 325 c[2], z[1] = madd2(m, 7435674573564081700, c[2], c[0]) 326 c[1], c[0] = madd2(v, y[3], c[1], t[3]) 327 c[2], z[2] = madd2(m, 7239337960414712511, c[2], c[0]) 328 c[1], c[0] = madd2(v, y[4], c[1], t[4]) 329 c[2], z[3] = madd2(m, 5412103778470702295, c[2], c[0]) 330 c[1], c[0] = madd2(v, y[5], c[1], t[5]) 331 z[5], z[4] = madd3(m, 1873798617647539866, c[0], c[2], c[1]) 332 } 333 334 // if z > q --> z -= q 335 // note: this is NOT constant time 336 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 337 var b uint64 338 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 339 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 340 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 341 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 342 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 343 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 344 } 345 } 346 347 func square(z, x *fe) { 348 349 var p [6]uint64 350 351 var u, v uint64 352 { 353 // round 0 354 u, p[0] = bits.Mul64(x[0], x[0]) 355 m := p[0] * 9940570264628428797 356 C := madd0(m, 13402431016077863595, p[0]) 357 var t uint64 358 t, u, v = madd1sb(x[0], x[1], u) 359 C, p[0] = madd2(m, 2210141511517208575, v, C) 360 t, u, v = madd1s(x[0], x[2], t, u) 361 C, p[1] = madd2(m, 7435674573564081700, v, C) 362 t, u, v = madd1s(x[0], x[3], t, u) 363 C, p[2] = madd2(m, 7239337960414712511, v, C) 364 t, u, v = madd1s(x[0], x[4], t, u) 365 C, p[3] = madd2(m, 5412103778470702295, v, C) 366 _, u, v = madd1s(x[0], x[5], t, u) 367 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 368 } 369 { 370 // round 1 371 m := p[0] * 9940570264628428797 372 C := madd0(m, 13402431016077863595, p[0]) 373 u, v = madd1(x[1], x[1], p[1]) 374 C, p[0] = madd2(m, 2210141511517208575, v, C) 375 var t uint64 376 t, u, v = madd2sb(x[1], x[2], p[2], u) 377 C, p[1] = madd2(m, 7435674573564081700, v, C) 378 t, u, v = madd2s(x[1], x[3], p[3], t, u) 379 C, p[2] = madd2(m, 7239337960414712511, v, C) 380 t, u, v = madd2s(x[1], x[4], p[4], t, u) 381 C, p[3] = madd2(m, 5412103778470702295, v, C) 382 _, u, v = madd2s(x[1], x[5], p[5], t, u) 383 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 384 } 385 { 386 // round 2 387 m := p[0] * 9940570264628428797 388 C := madd0(m, 13402431016077863595, p[0]) 389 C, p[0] = madd2(m, 2210141511517208575, p[1], C) 390 u, v = madd1(x[2], x[2], p[2]) 391 C, p[1] = madd2(m, 7435674573564081700, v, C) 392 var t uint64 393 t, u, v = madd2sb(x[2], x[3], p[3], u) 394 C, p[2] = madd2(m, 7239337960414712511, v, C) 395 t, u, v = madd2s(x[2], x[4], p[4], t, u) 396 C, p[3] = madd2(m, 5412103778470702295, v, C) 397 _, u, v = madd2s(x[2], x[5], p[5], t, u) 398 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 399 } 400 { 401 // round 3 402 m := p[0] * 9940570264628428797 403 C := madd0(m, 13402431016077863595, p[0]) 404 C, p[0] = madd2(m, 2210141511517208575, p[1], C) 405 C, p[1] = madd2(m, 7435674573564081700, p[2], C) 406 u, v = madd1(x[3], x[3], p[3]) 407 C, p[2] = madd2(m, 7239337960414712511, v, C) 408 var t uint64 409 t, u, v = madd2sb(x[3], x[4], p[4], u) 410 C, p[3] = madd2(m, 5412103778470702295, v, C) 411 _, u, v = madd2s(x[3], x[5], p[5], t, u) 412 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 413 } 414 { 415 // round 4 416 m := p[0] * 9940570264628428797 417 C := madd0(m, 13402431016077863595, p[0]) 418 C, p[0] = madd2(m, 2210141511517208575, p[1], C) 419 C, p[1] = madd2(m, 7435674573564081700, p[2], C) 420 C, p[2] = madd2(m, 7239337960414712511, p[3], C) 421 u, v = madd1(x[4], x[4], p[4]) 422 C, p[3] = madd2(m, 5412103778470702295, v, C) 423 _, u, v = madd2sb(x[4], x[5], p[5], u) 424 p[5], p[4] = madd3(m, 1873798617647539866, v, C, u) 425 } 426 { 427 // round 5 428 m := p[0] * 9940570264628428797 429 C := madd0(m, 13402431016077863595, p[0]) 430 C, z[0] = madd2(m, 2210141511517208575, p[1], C) 431 C, z[1] = madd2(m, 7435674573564081700, p[2], C) 432 C, z[2] = madd2(m, 7239337960414712511, p[3], C) 433 C, z[3] = madd2(m, 5412103778470702295, p[4], C) 434 u, v = madd1(x[5], x[5], p[5]) 435 z[5], z[4] = madd3(m, 1873798617647539866, v, C, u) 436 } 437 438 // if z > q --> z -= q 439 // note: this is NOT constant time 440 if !(z[5] < 1873798617647539866 || (z[5] == 1873798617647539866 && (z[4] < 5412103778470702295 || (z[4] == 5412103778470702295 && (z[3] < 7239337960414712511 || (z[3] == 7239337960414712511 && (z[2] < 7435674573564081700 || (z[2] == 7435674573564081700 && (z[1] < 2210141511517208575 || (z[1] == 2210141511517208575 && (z[0] < 13402431016077863595))))))))))) { 441 var b uint64 442 z[0], b = bits.Sub64(z[0], 13402431016077863595, 0) 443 z[1], b = bits.Sub64(z[1], 2210141511517208575, b) 444 z[2], b = bits.Sub64(z[2], 7435674573564081700, b) 445 z[3], b = bits.Sub64(z[3], 7239337960414712511, b) 446 z[4], b = bits.Sub64(z[4], 5412103778470702295, b) 447 z[5], _ = bits.Sub64(z[5], 1873798617647539866, b) 448 } 449 } 450 451 // arith.go 452 // Copyright 2020 ConsenSys AG 453 // 454 // Licensed under the Apache License, Version 2.0 (the "License"); 455 // you may not use this file except in compliance with the License. 456 // You may obtain a copy of the License at 457 // 458 // http://www.apache.org/licenses/LICENSE-2.0 459 // 460 // Unless required by applicable law or agreed to in writing, software 461 // distributed under the License is distributed on an "AS IS" BASIS, 462 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 463 // See the License for the specific language governing permissions and 464 // limitations under the License. 465 466 // Code generated by goff DO NOT EDIT 467 468 func madd(a, b, t, u, v uint64) (uint64, uint64, uint64) { 469 var carry uint64 470 hi, lo := bits.Mul64(a, b) 471 v, carry = bits.Add64(lo, v, 0) 472 u, carry = bits.Add64(hi, u, carry) 473 t, _ = bits.Add64(t, 0, carry) 474 return t, u, v 475 } 476 477 // madd0 hi = a*b + c (discards lo bits) 478 func madd0(a, b, c uint64) (hi uint64) { 479 var carry, lo uint64 480 hi, lo = bits.Mul64(a, b) 481 _, carry = bits.Add64(lo, c, 0) 482 hi, _ = bits.Add64(hi, 0, carry) 483 return 484 } 485 486 // madd1 hi, lo = a*b + c 487 func madd1(a, b, c uint64) (hi uint64, lo uint64) { 488 var carry uint64 489 hi, lo = bits.Mul64(a, b) 490 lo, carry = bits.Add64(lo, c, 0) 491 hi, _ = bits.Add64(hi, 0, carry) 492 return 493 } 494 495 // madd2 hi, lo = a*b + c + d 496 func madd2(a, b, c, d uint64) (hi uint64, lo uint64) { 497 var carry uint64 498 hi, lo = bits.Mul64(a, b) 499 c, carry = bits.Add64(c, d, 0) 500 hi, _ = bits.Add64(hi, 0, carry) 501 lo, carry = bits.Add64(lo, c, 0) 502 hi, _ = bits.Add64(hi, 0, carry) 503 return 504 } 505 506 // madd2s superhi, hi, lo = 2*a*b + c + d + e 507 func madd2s(a, b, c, d, e uint64) (superhi, hi, lo uint64) { 508 var carry, sum uint64 509 510 hi, lo = bits.Mul64(a, b) 511 lo, carry = bits.Add64(lo, lo, 0) 512 hi, superhi = bits.Add64(hi, hi, carry) 513 514 sum, carry = bits.Add64(c, e, 0) 515 hi, _ = bits.Add64(hi, 0, carry) 516 lo, carry = bits.Add64(lo, sum, 0) 517 hi, _ = bits.Add64(hi, 0, carry) 518 hi, _ = bits.Add64(hi, 0, d) 519 return 520 } 521 522 func madd1s(a, b, d, e uint64) (superhi, hi, lo uint64) { 523 var carry uint64 524 525 hi, lo = bits.Mul64(a, b) 526 lo, carry = bits.Add64(lo, lo, 0) 527 hi, superhi = bits.Add64(hi, hi, carry) 528 lo, carry = bits.Add64(lo, e, 0) 529 hi, _ = bits.Add64(hi, 0, carry) 530 hi, _ = bits.Add64(hi, 0, d) 531 return 532 } 533 534 func madd2sb(a, b, c, e uint64) (superhi, hi, lo uint64) { 535 var carry, sum uint64 536 537 hi, lo = bits.Mul64(a, b) 538 lo, carry = bits.Add64(lo, lo, 0) 539 hi, superhi = bits.Add64(hi, hi, carry) 540 541 sum, carry = bits.Add64(c, e, 0) 542 hi, _ = bits.Add64(hi, 0, carry) 543 lo, carry = bits.Add64(lo, sum, 0) 544 hi, _ = bits.Add64(hi, 0, carry) 545 return 546 } 547 548 func madd1sb(a, b, e uint64) (superhi, hi, lo uint64) { 549 var carry uint64 550 551 hi, lo = bits.Mul64(a, b) 552 lo, carry = bits.Add64(lo, lo, 0) 553 hi, superhi = bits.Add64(hi, hi, carry) 554 lo, carry = bits.Add64(lo, e, 0) 555 hi, _ = bits.Add64(hi, 0, carry) 556 return 557 } 558 559 func madd3(a, b, c, d, e uint64) (hi uint64, lo uint64) { 560 var carry uint64 561 hi, lo = bits.Mul64(a, b) 562 c, carry = bits.Add64(c, d, 0) 563 hi, _ = bits.Add64(hi, 0, carry) 564 lo, carry = bits.Add64(lo, c, 0) 565 hi, _ = bits.Add64(hi, e, carry) 566 return 567 }