/src/libtorrent/src/ed25519/sc.cpp

Line	Count	Source
1		// ignore warnings in this file
2		#include "libtorrent/aux_/disable_warnings_push.hpp"
3
4		#include "fixedint.h"
5		#include "sc.h"
6
7	0	static u64 load_3(const unsigned char *in) {
8	0	u64 result;
9
10	0	result = (u64) in[0];
11	0	result \|= ((u64) in[1]) << 8;
12	0	result \|= ((u64) in[2]) << 16;
13
14	0	return result;
15	0	}
16
17	0	static u64 load_4(const unsigned char *in) {
18	0	u64 result;
19
20	0	result = (u64) in[0];
21	0	result \|= ((u64) in[1]) << 8;
22	0	result \|= ((u64) in[2]) << 16;
23	0	result \|= ((u64) in[3]) << 24;
24
25	0	return result;
26	0	}
27
28	0	static inline i64 shift_left(i64 v, int s) {
29	0	return i64(u64(v) << s);
30	0	}
31
32		/*
33		Input:
34		s[0]+256s[1]+...+256^63s[63] = s
35
36		Output:
37		s[0]+256s[1]+...+256^31s[31] = s mod l
38		where l = 2^252 + 27742317777372353535851937790883648493.
39		Overwrites s in place.
40		*/
41
42	0	void sc_reduce(unsigned char *s) {
43	0	i64 s0 = 2097151 & load_3(s);
44	0	i64 s1 = 2097151 & (load_4(s + 2) >> 5);
45	0	i64 s2 = 2097151 & (load_3(s + 5) >> 2);
46	0	i64 s3 = 2097151 & (load_4(s + 7) >> 7);
47	0	i64 s4 = 2097151 & (load_4(s + 10) >> 4);
48	0	i64 s5 = 2097151 & (load_3(s + 13) >> 1);
49	0	i64 s6 = 2097151 & (load_4(s + 15) >> 6);
50	0	i64 s7 = 2097151 & (load_3(s + 18) >> 3);
51	0	i64 s8 = 2097151 & load_3(s + 21);
52	0	i64 s9 = 2097151 & (load_4(s + 23) >> 5);
53	0	i64 s10 = 2097151 & (load_3(s + 26) >> 2);
54	0	i64 s11 = 2097151 & (load_4(s + 28) >> 7);
55	0	i64 s12 = 2097151 & (load_4(s + 31) >> 4);
56	0	i64 s13 = 2097151 & (load_3(s + 34) >> 1);
57	0	i64 s14 = 2097151 & (load_4(s + 36) >> 6);
58	0	i64 s15 = 2097151 & (load_3(s + 39) >> 3);
59	0	i64 s16 = 2097151 & load_3(s + 42);
60	0	i64 s17 = 2097151 & (load_4(s + 44) >> 5);
61	0	i64 s18 = 2097151 & (load_3(s + 47) >> 2);
62	0	i64 s19 = 2097151 & (load_4(s + 49) >> 7);
63	0	i64 s20 = 2097151 & (load_4(s + 52) >> 4);
64	0	i64 s21 = 2097151 & (load_3(s + 55) >> 1);
65	0	i64 s22 = 2097151 & (load_4(s + 57) >> 6);
66	0	i64 s23 = (load_4(s + 60) >> 3);
67	0	i64 carry0;
68	0	i64 carry1;
69	0	i64 carry2;
70	0	i64 carry3;
71	0	i64 carry4;
72	0	i64 carry5;
73	0	i64 carry6;
74	0	i64 carry7;
75	0	i64 carry8;
76	0	i64 carry9;
77	0	i64 carry10;
78	0	i64 carry11;
79	0	i64 carry12;
80	0	i64 carry13;
81	0	i64 carry14;
82	0	i64 carry15;
83	0	i64 carry16;
84
85	0	s11 += s23 * 666643;
86	0	s12 += s23 * 470296;
87	0	s13 += s23 * 654183;
88	0	s14 -= s23 * 997805;
89	0	s15 += s23 * 136657;
90	0	s16 -= s23 * 683901;
91	0	s23 = 0; // NOLINT
92	0	s10 += s22 * 666643;
93	0	s11 += s22 * 470296;
94	0	s12 += s22 * 654183;
95	0	s13 -= s22 * 997805;
96	0	s14 += s22 * 136657;
97	0	s15 -= s22 * 683901;
98	0	s22 = 0; // NOLINT
99	0	s9 += s21 * 666643;
100	0	s10 += s21 * 470296;
101	0	s11 += s21 * 654183;
102	0	s12 -= s21 * 997805;
103	0	s13 += s21 * 136657;
104	0	s14 -= s21 * 683901;
105	0	s21 = 0; // NOLINT
106	0	s8 += s20 * 666643;
107	0	s9 += s20 * 470296;
108	0	s10 += s20 * 654183;
109	0	s11 -= s20 * 997805;
110	0	s12 += s20 * 136657;
111	0	s13 -= s20 * 683901;
112	0	s20 = 0; // NOLINT
113	0	s7 += s19 * 666643;
114	0	s8 += s19 * 470296;
115	0	s9 += s19 * 654183;
116	0	s10 -= s19 * 997805;
117	0	s11 += s19 * 136657;
118	0	s12 -= s19 * 683901;
119	0	s19 = 0; // NOLINT
120	0	s6 += s18 * 666643;
121	0	s7 += s18 * 470296;
122	0	s8 += s18 * 654183;
123	0	s9 -= s18 * 997805;
124	0	s10 += s18 * 136657;
125	0	s11 -= s18 * 683901;
126	0	s18 = 0; // NOLINT
127	0	carry6 = (s6 + (1 << 20)) >> 21;
128	0	s7 += carry6;
129	0	s6 -= shift_left(carry6, 21);
130	0	carry8 = (s8 + (1 << 20)) >> 21;
131	0	s9 += carry8;
132	0	s8 -= shift_left(carry8, 21);
133	0	carry10 = (s10 + (1 << 20)) >> 21;
134	0	s11 += carry10;
135	0	s10 -= shift_left(carry10, 21);
136	0	carry12 = (s12 + (1 << 20)) >> 21;
137	0	s13 += carry12;
138	0	s12 -= shift_left(carry12, 21);
139	0	carry14 = (s14 + (1 << 20)) >> 21;
140	0	s15 += carry14;
141	0	s14 -= shift_left(carry14, 21);
142	0	carry16 = (s16 + (1 << 20)) >> 21;
143	0	s17 += carry16;
144	0	s16 -= shift_left(carry16, 21);
145	0	carry7 = (s7 + (1 << 20)) >> 21;
146	0	s8 += carry7;
147	0	s7 -= shift_left(carry7, 21);
148	0	carry9 = (s9 + (1 << 20)) >> 21;
149	0	s10 += carry9;
150	0	s9 -= shift_left(carry9, 21);
151	0	carry11 = (s11 + (1 << 20)) >> 21;
152	0	s12 += carry11;
153	0	s11 -= shift_left(carry11, 21);
154	0	carry13 = (s13 + (1 << 20)) >> 21;
155	0	s14 += carry13;
156	0	s13 -= shift_left(carry13, 21);
157	0	carry15 = (s15 + (1 << 20)) >> 21;
158	0	s16 += carry15;
159	0	s15 -= shift_left(carry15, 21);
160	0	s5 += s17 * 666643;
161	0	s6 += s17 * 470296;
162	0	s7 += s17 * 654183;
163	0	s8 -= s17 * 997805;
164	0	s9 += s17 * 136657;
165	0	s10 -= s17 * 683901;
166	0	s17 = 0; // NOLINT
167	0	s4 += s16 * 666643;
168	0	s5 += s16 * 470296;
169	0	s6 += s16 * 654183;
170	0	s7 -= s16 * 997805;
171	0	s8 += s16 * 136657;
172	0	s9 -= s16 * 683901;
173	0	s16 = 0; // NOLINT
174	0	s3 += s15 * 666643;
175	0	s4 += s15 * 470296;
176	0	s5 += s15 * 654183;
177	0	s6 -= s15 * 997805;
178	0	s7 += s15 * 136657;
179	0	s8 -= s15 * 683901;
180	0	s15 = 0; // NOLINT
181	0	s2 += s14 * 666643;
182	0	s3 += s14 * 470296;
183	0	s4 += s14 * 654183;
184	0	s5 -= s14 * 997805;
185	0	s6 += s14 * 136657;
186	0	s7 -= s14 * 683901;
187	0	s14 = 0; // NOLINT
188	0	s1 += s13 * 666643;
189	0	s2 += s13 * 470296;
190	0	s3 += s13 * 654183;
191	0	s4 -= s13 * 997805;
192	0	s5 += s13 * 136657;
193	0	s6 -= s13 * 683901;
194	0	s13 = 0; // NOLINT
195	0	s0 += s12 * 666643;
196	0	s1 += s12 * 470296;
197	0	s2 += s12 * 654183;
198	0	s3 -= s12 * 997805;
199	0	s4 += s12 * 136657;
200	0	s5 -= s12 * 683901;
201	0	s12 = 0;
202	0	carry0 = (s0 + (1 << 20)) >> 21;
203	0	s1 += carry0;
204	0	s0 -= shift_left(carry0, 21);
205	0	carry2 = (s2 + (1 << 20)) >> 21;
206	0	s3 += carry2;
207	0	s2 -= shift_left(carry2, 21);
208	0	carry4 = (s4 + (1 << 20)) >> 21;
209	0	s5 += carry4;
210	0	s4 -= shift_left(carry4, 21);
211	0	carry6 = (s6 + (1 << 20)) >> 21;
212	0	s7 += carry6;
213	0	s6 -= shift_left(carry6, 21);
214	0	carry8 = (s8 + (1 << 20)) >> 21;
215	0	s9 += carry8;
216	0	s8 -= shift_left(carry8, 21);
217	0	carry10 = (s10 + (1 << 20)) >> 21;
218	0	s11 += carry10;
219	0	s10 -= shift_left(carry10, 21);
220	0	carry1 = (s1 + (1 << 20)) >> 21;
221	0	s2 += carry1;
222	0	s1 -= shift_left(carry1, 21);
223	0	carry3 = (s3 + (1 << 20)) >> 21;
224	0	s4 += carry3;
225	0	s3 -= shift_left(carry3, 21);
226	0	carry5 = (s5 + (1 << 20)) >> 21;
227	0	s6 += carry5;
228	0	s5 -= shift_left(carry5, 21);
229	0	carry7 = (s7 + (1 << 20)) >> 21;
230	0	s8 += carry7;
231	0	s7 -= shift_left(carry7, 21);
232	0	carry9 = (s9 + (1 << 20)) >> 21;
233	0	s10 += carry9;
234	0	s9 -= shift_left(carry9, 21);
235	0	carry11 = (s11 + (1 << 20)) >> 21;
236	0	s12 += carry11;
237	0	s11 -= shift_left(carry11, 21);
238	0	s0 += s12 * 666643;
239	0	s1 += s12 * 470296;
240	0	s2 += s12 * 654183;
241	0	s3 -= s12 * 997805;
242	0	s4 += s12 * 136657;
243	0	s5 -= s12 * 683901;
244	0	s12 = 0;
245	0	carry0 = s0 >> 21;
246	0	s1 += carry0;
247	0	s0 -= shift_left(carry0, 21);
248	0	carry1 = s1 >> 21;
249	0	s2 += carry1;
250	0	s1 -= shift_left(carry1, 21);
251	0	carry2 = s2 >> 21;
252	0	s3 += carry2;
253	0	s2 -= shift_left(carry2, 21);
254	0	carry3 = s3 >> 21;
255	0	s4 += carry3;
256	0	s3 -= shift_left(carry3, 21);
257	0	carry4 = s4 >> 21;
258	0	s5 += carry4;
259	0	s4 -= shift_left(carry4, 21);
260	0	carry5 = s5 >> 21;
261	0	s6 += carry5;
262	0	s5 -= shift_left(carry5, 21);
263	0	carry6 = s6 >> 21;
264	0	s7 += carry6;
265	0	s6 -= shift_left(carry6, 21);
266	0	carry7 = s7 >> 21;
267	0	s8 += carry7;
268	0	s7 -= shift_left(carry7, 21);
269	0	carry8 = s8 >> 21;
270	0	s9 += carry8;
271	0	s8 -= shift_left(carry8, 21);
272	0	carry9 = s9 >> 21;
273	0	s10 += carry9;
274	0	s9 -= shift_left(carry9, 21);
275	0	carry10 = s10 >> 21;
276	0	s11 += carry10;
277	0	s10 -= shift_left(carry10, 21);
278	0	carry11 = s11 >> 21;
279	0	s12 += carry11;
280	0	s11 -= shift_left(carry11, 21);
281	0	s0 += s12 * 666643;
282	0	s1 += s12 * 470296;
283	0	s2 += s12 * 654183;
284	0	s3 -= s12 * 997805;
285	0	s4 += s12 * 136657;
286	0	s5 -= s12 * 683901;
287	0	s12 = 0; // NOLINT
288	0	carry0 = s0 >> 21;
289	0	s1 += carry0;
290	0	s0 -= shift_left(carry0, 21);
291	0	carry1 = s1 >> 21;
292	0	s2 += carry1;
293	0	s1 -= shift_left(carry1, 21);
294	0	carry2 = s2 >> 21;
295	0	s3 += carry2;
296	0	s2 -= shift_left(carry2, 21);
297	0	carry3 = s3 >> 21;
298	0	s4 += carry3;
299	0	s3 -= shift_left(carry3, 21);
300	0	carry4 = s4 >> 21;
301	0	s5 += carry4;
302	0	s4 -= shift_left(carry4, 21);
303	0	carry5 = s5 >> 21;
304	0	s6 += carry5;
305	0	s5 -= shift_left(carry5, 21);
306	0	carry6 = s6 >> 21;
307	0	s7 += carry6;
308	0	s6 -= shift_left(carry6, 21);
309	0	carry7 = s7 >> 21;
310	0	s8 += carry7;
311	0	s7 -= shift_left(carry7, 21);
312	0	carry8 = s8 >> 21;
313	0	s9 += carry8;
314	0	s8 -= shift_left(carry8, 21);
315	0	carry9 = s9 >> 21;
316	0	s10 += carry9;
317	0	s9 -= shift_left(carry9, 21);
318	0	carry10 = s10 >> 21;
319	0	s11 += carry10;
320	0	s10 -= shift_left(carry10, 21);
321
322	0	s[0] = (unsigned char) ((s0 >> 0) & 0xff);
323	0	s[1] = (unsigned char) ((s0 >> 8) & 0xff);
324	0	s[2] = (unsigned char) (((s0 >> 16) \| (s1 << 5)) & 0xff);
325	0	s[3] = (unsigned char) ((s1 >> 3) & 0xff);
326	0	s[4] = (unsigned char) ((s1 >> 11) & 0xff);
327	0	s[5] = (unsigned char) (((s1 >> 19) \| (s2 << 2)) & 0xff);
328	0	s[6] = (unsigned char) ((s2 >> 6) & 0xff);
329	0	s[7] = (unsigned char) (((s2 >> 14) \| (s3 << 7)) & 0xff);
330	0	s[8] = (unsigned char) ((s3 >> 1) & 0xff);
331	0	s[9] = (unsigned char) ((s3 >> 9) & 0xff);
332	0	s[10] = (unsigned char) (((s3 >> 17) \| (s4 << 4)) & 0xff);
333	0	s[11] = (unsigned char) ((s4 >> 4) & 0xff);
334	0	s[12] = (unsigned char) ((s4 >> 12) & 0xff);
335	0	s[13] = (unsigned char) (((s4 >> 20) \| (s5 << 1)) & 0xff);
336	0	s[14] = (unsigned char) ((s5 >> 7) & 0xff);
337	0	s[15] = (unsigned char) (((s5 >> 15) \| (s6 << 6)) & 0xff);
338	0	s[16] = (unsigned char) ((s6 >> 2) & 0xff);
339	0	s[17] = (unsigned char) ((s6 >> 10) & 0xff);
340	0	s[18] = (unsigned char) (((s6 >> 18) \| (s7 << 3)) & 0xff);
341	0	s[19] = (unsigned char) ((s7 >> 5) & 0xff);
342	0	s[20] = (unsigned char) ((s7 >> 13) & 0xff);
343	0	s[21] = (unsigned char) ((s8 >> 0) & 0xff);
344	0	s[22] = (unsigned char) ((s8 >> 8) & 0xff);
345	0	s[23] = (unsigned char) (((s8 >> 16) \| (s9 << 5)) & 0xff);
346	0	s[24] = (unsigned char) ((s9 >> 3) & 0xff);
347	0	s[25] = (unsigned char) ((s9 >> 11) & 0xff);
348	0	s[26] = (unsigned char) (((s9 >> 19) \| (s10 << 2)) & 0xff);
349	0	s[27] = (unsigned char) ((s10 >> 6) & 0xff);
350	0	s[28] = (unsigned char) (((s10 >> 14) \| (s11 << 7)) & 0xff);
351	0	s[29] = (unsigned char) ((s11 >> 1) & 0xff);
352	0	s[30] = (unsigned char) ((s11 >> 9) & 0xff);
353	0	s[31] = (unsigned char) ((s11 >> 17) & 0xff);
354	0	}
355
356
357
358		/*
359		Input:
360		a[0]+256a[1]+...+256^31a[31] = a
361		b[0]+256b[1]+...+256^31b[31] = b
362		c[0]+256c[1]+...+256^31c[31] = c
363
364		Output:
365		s[0]+256s[1]+...+256^31s[31] = (ab+c) mod l
366		where l = 2^252 + 27742317777372353535851937790883648493.
367		*/
368
369	0	void sc_muladd(unsigned char s, const unsigned char a, const unsigned char b, const unsigned char c) {
370	0	i64 a0 = 2097151 & load_3(a);
371	0	i64 a1 = 2097151 & (load_4(a + 2) >> 5);
372	0	i64 a2 = 2097151 & (load_3(a + 5) >> 2);
373	0	i64 a3 = 2097151 & (load_4(a + 7) >> 7);
374	0	i64 a4 = 2097151 & (load_4(a + 10) >> 4);
375	0	i64 a5 = 2097151 & (load_3(a + 13) >> 1);
376	0	i64 a6 = 2097151 & (load_4(a + 15) >> 6);
377	0	i64 a7 = 2097151 & (load_3(a + 18) >> 3);
378	0	i64 a8 = 2097151 & load_3(a + 21);
379	0	i64 a9 = 2097151 & (load_4(a + 23) >> 5);
380	0	i64 a10 = 2097151 & (load_3(a + 26) >> 2);
381	0	i64 a11 = (load_4(a + 28) >> 7);
382	0	i64 b0 = 2097151 & load_3(b);
383	0	i64 b1 = 2097151 & (load_4(b + 2) >> 5);
384	0	i64 b2 = 2097151 & (load_3(b + 5) >> 2);
385	0	i64 b3 = 2097151 & (load_4(b + 7) >> 7);
386	0	i64 b4 = 2097151 & (load_4(b + 10) >> 4);
387	0	i64 b5 = 2097151 & (load_3(b + 13) >> 1);
388	0	i64 b6 = 2097151 & (load_4(b + 15) >> 6);
389	0	i64 b7 = 2097151 & (load_3(b + 18) >> 3);
390	0	i64 b8 = 2097151 & load_3(b + 21);
391	0	i64 b9 = 2097151 & (load_4(b + 23) >> 5);
392	0	i64 b10 = 2097151 & (load_3(b + 26) >> 2);
393	0	i64 b11 = (load_4(b + 28) >> 7);
394	0	i64 c0 = 2097151 & load_3(c);
395	0	i64 c1 = 2097151 & (load_4(c + 2) >> 5);
396	0	i64 c2 = 2097151 & (load_3(c + 5) >> 2);
397	0	i64 c3 = 2097151 & (load_4(c + 7) >> 7);
398	0	i64 c4 = 2097151 & (load_4(c + 10) >> 4);
399	0	i64 c5 = 2097151 & (load_3(c + 13) >> 1);
400	0	i64 c6 = 2097151 & (load_4(c + 15) >> 6);
401	0	i64 c7 = 2097151 & (load_3(c + 18) >> 3);
402	0	i64 c8 = 2097151 & load_3(c + 21);
403	0	i64 c9 = 2097151 & (load_4(c + 23) >> 5);
404	0	i64 c10 = 2097151 & (load_3(c + 26) >> 2);
405	0	i64 c11 = (load_4(c + 28) >> 7);
406	0	i64 s0;
407	0	i64 s1;
408	0	i64 s2;
409	0	i64 s3;
410	0	i64 s4;
411	0	i64 s5;
412	0	i64 s6;
413	0	i64 s7;
414	0	i64 s8;
415	0	i64 s9;
416	0	i64 s10;
417	0	i64 s11;
418	0	i64 s12;
419	0	i64 s13;
420	0	i64 s14;
421	0	i64 s15;
422	0	i64 s16;
423	0	i64 s17;
424	0	i64 s18;
425	0	i64 s19;
426	0	i64 s20;
427	0	i64 s21;
428	0	i64 s22;
429	0	i64 s23;
430	0	i64 carry0;
431	0	i64 carry1;
432	0	i64 carry2;
433	0	i64 carry3;
434	0	i64 carry4;
435	0	i64 carry5;
436	0	i64 carry6;
437	0	i64 carry7;
438	0	i64 carry8;
439	0	i64 carry9;
440	0	i64 carry10;
441	0	i64 carry11;
442	0	i64 carry12;
443	0	i64 carry13;
444	0	i64 carry14;
445	0	i64 carry15;
446	0	i64 carry16;
447	0	i64 carry17;
448	0	i64 carry18;
449	0	i64 carry19;
450	0	i64 carry20;
451	0	i64 carry21;
452	0	i64 carry22;
453
454	0	s0 = c0 + a0 * b0;
455	0	s1 = c1 + a0 * b1 + a1 * b0;
456	0	s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0;
457	0	s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
458	0	s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
459	0	s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
460	0	s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
461	0	s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0;
462	0	s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0;
463	0	s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0;
464	0	s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0;
465	0	s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
466	0	s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1;
467	0	s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2;
468	0	s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3;
469	0	s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4;
470	0	s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
471	0	s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
472	0	s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
473	0	s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
474	0	s20 = a9 * b11 + a10 * b10 + a11 * b9;
475	0	s21 = a10 * b11 + a11 * b10;
476	0	s22 = a11 * b11;
477	0	s23 = 0;
478	0	carry0 = (s0 + (1 << 20)) >> 21;
479	0	s1 += carry0;
480	0	s0 -= shift_left(carry0, 21);
481	0	carry2 = (s2 + (1 << 20)) >> 21;
482	0	s3 += carry2;
483	0	s2 -= shift_left(carry2, 21);
484	0	carry4 = (s4 + (1 << 20)) >> 21;
485	0	s5 += carry4;
486	0	s4 -= shift_left(carry4, 21);
487	0	carry6 = (s6 + (1 << 20)) >> 21;
488	0	s7 += carry6;
489	0	s6 -= shift_left(carry6, 21);
490	0	carry8 = (s8 + (1 << 20)) >> 21;
491	0	s9 += carry8;
492	0	s8 -= shift_left(carry8, 21);
493	0	carry10 = (s10 + (1 << 20)) >> 21;
494	0	s11 += carry10;
495	0	s10 -= shift_left(carry10, 21);
496	0	carry12 = (s12 + (1 << 20)) >> 21;
497	0	s13 += carry12;
498	0	s12 -= shift_left(carry12, 21);
499	0	carry14 = (s14 + (1 << 20)) >> 21;
500	0	s15 += carry14;
501	0	s14 -= shift_left(carry14, 21);
502	0	carry16 = (s16 + (1 << 20)) >> 21;
503	0	s17 += carry16;
504	0	s16 -= shift_left(carry16, 21);
505	0	carry18 = (s18 + (1 << 20)) >> 21;
506	0	s19 += carry18;
507	0	s18 -= shift_left(carry18, 21);
508	0	carry20 = (s20 + (1 << 20)) >> 21;
509	0	s21 += carry20;
510	0	s20 -= shift_left(carry20, 21);
511	0	carry22 = (s22 + (1 << 20)) >> 21;
512	0	s23 += carry22;
513	0	s22 -= shift_left(carry22, 21);
514	0	carry1 = (s1 + (1 << 20)) >> 21;
515	0	s2 += carry1;
516	0	s1 -= shift_left(carry1, 21);
517	0	carry3 = (s3 + (1 << 20)) >> 21;
518	0	s4 += carry3;
519	0	s3 -= shift_left(carry3, 21);
520	0	carry5 = (s5 + (1 << 20)) >> 21;
521	0	s6 += carry5;
522	0	s5 -= shift_left(carry5, 21);
523	0	carry7 = (s7 + (1 << 20)) >> 21;
524	0	s8 += carry7;
525	0	s7 -= shift_left(carry7, 21);
526	0	carry9 = (s9 + (1 << 20)) >> 21;
527	0	s10 += carry9;
528	0	s9 -= shift_left(carry9, 21);
529	0	carry11 = (s11 + (1 << 20)) >> 21;
530	0	s12 += carry11;
531	0	s11 -= shift_left(carry11, 21);
532	0	carry13 = (s13 + (1 << 20)) >> 21;
533	0	s14 += carry13;
534	0	s13 -= shift_left(carry13, 21);
535	0	carry15 = (s15 + (1 << 20)) >> 21;
536	0	s16 += carry15;
537	0	s15 -= shift_left(carry15, 21);
538	0	carry17 = (s17 + (1 << 20)) >> 21;
539	0	s18 += carry17;
540	0	s17 -= shift_left(carry17, 21);
541	0	carry19 = (s19 + (1 << 20)) >> 21;
542	0	s20 += carry19;
543	0	s19 -= shift_left(carry19, 21);
544	0	carry21 = (s21 + (1 << 20)) >> 21;
545	0	s22 += carry21;
546	0	s21 -= shift_left(carry21, 21);
547	0	s11 += s23 * 666643;
548	0	s12 += s23 * 470296;
549	0	s13 += s23 * 654183;
550	0	s14 -= s23 * 997805;
551	0	s15 += s23 * 136657;
552	0	s16 -= s23 * 683901;
553	0	s23 = 0; // NOLINT
554	0	s10 += s22 * 666643;
555	0	s11 += s22 * 470296;
556	0	s12 += s22 * 654183;
557	0	s13 -= s22 * 997805;
558	0	s14 += s22 * 136657;
559	0	s15 -= s22 * 683901;
560	0	s22 = 0; // NOLINT
561	0	s9 += s21 * 666643;
562	0	s10 += s21 * 470296;
563	0	s11 += s21 * 654183;
564	0	s12 -= s21 * 997805;
565	0	s13 += s21 * 136657;
566	0	s14 -= s21 * 683901;
567	0	s21 = 0; // NOLINT
568	0	s8 += s20 * 666643;
569	0	s9 += s20 * 470296;
570	0	s10 += s20 * 654183;
571	0	s11 -= s20 * 997805;
572	0	s12 += s20 * 136657;
573	0	s13 -= s20 * 683901;
574	0	s20 = 0; // NOLINT
575	0	s7 += s19 * 666643;
576	0	s8 += s19 * 470296;
577	0	s9 += s19 * 654183;
578	0	s10 -= s19 * 997805;
579	0	s11 += s19 * 136657;
580	0	s12 -= s19 * 683901;
581	0	s19 = 0; // NOLINT
582	0	s6 += s18 * 666643;
583	0	s7 += s18 * 470296;
584	0	s8 += s18 * 654183;
585	0	s9 -= s18 * 997805;
586	0	s10 += s18 * 136657;
587	0	s11 -= s18 * 683901;
588	0	s18 = 0; // NOLINT
589	0	carry6 = (s6 + (1 << 20)) >> 21;
590	0	s7 += carry6;
591	0	s6 -= shift_left(carry6, 21);
592	0	carry8 = (s8 + (1 << 20)) >> 21;
593	0	s9 += carry8;
594	0	s8 -= shift_left(carry8, 21);
595	0	carry10 = (s10 + (1 << 20)) >> 21;
596	0	s11 += carry10;
597	0	s10 -= shift_left(carry10, 21);
598	0	carry12 = (s12 + (1 << 20)) >> 21;
599	0	s13 += carry12;
600	0	s12 -= shift_left(carry12, 21);
601	0	carry14 = (s14 + (1 << 20)) >> 21;
602	0	s15 += carry14;
603	0	s14 -= shift_left(carry14, 21);
604	0	carry16 = (s16 + (1 << 20)) >> 21;
605	0	s17 += carry16;
606	0	s16 -= shift_left(carry16, 21);
607	0	carry7 = (s7 + (1 << 20)) >> 21;
608	0	s8 += carry7;
609	0	s7 -= shift_left(carry7, 21);
610	0	carry9 = (s9 + (1 << 20)) >> 21;
611	0	s10 += carry9;
612	0	s9 -= shift_left(carry9, 21);
613	0	carry11 = (s11 + (1 << 20)) >> 21;
614	0	s12 += carry11;
615	0	s11 -= shift_left(carry11, 21);
616	0	carry13 = (s13 + (1 << 20)) >> 21;
617	0	s14 += carry13;
618	0	s13 -= shift_left(carry13, 21);
619	0	carry15 = (s15 + (1 << 20)) >> 21;
620	0	s16 += carry15;
621	0	s15 -= shift_left(carry15, 21);
622	0	s5 += s17 * 666643;
623	0	s6 += s17 * 470296;
624	0	s7 += s17 * 654183;
625	0	s8 -= s17 * 997805;
626	0	s9 += s17 * 136657;
627	0	s10 -= s17 * 683901;
628	0	s17 = 0; // NOLINT
629	0	s4 += s16 * 666643;
630	0	s5 += s16 * 470296;
631	0	s6 += s16 * 654183;
632	0	s7 -= s16 * 997805;
633	0	s8 += s16 * 136657;
634	0	s9 -= s16 * 683901;
635	0	s16 = 0; // NOLINT
636	0	s3 += s15 * 666643;
637	0	s4 += s15 * 470296;
638	0	s5 += s15 * 654183;
639	0	s6 -= s15 * 997805;
640	0	s7 += s15 * 136657;
641	0	s8 -= s15 * 683901;
642	0	s15 = 0; // NOLINT
643	0	s2 += s14 * 666643;
644	0	s3 += s14 * 470296;
645	0	s4 += s14 * 654183;
646	0	s5 -= s14 * 997805;
647	0	s6 += s14 * 136657;
648	0	s7 -= s14 * 683901;
649	0	s14 = 0; // NOLINT
650	0	s1 += s13 * 666643;
651	0	s2 += s13 * 470296;
652	0	s3 += s13 * 654183;
653	0	s4 -= s13 * 997805;
654	0	s5 += s13 * 136657;
655	0	s6 -= s13 * 683901;
656	0	s13 = 0; // NOLINT
657	0	s0 += s12 * 666643;
658	0	s1 += s12 * 470296;
659	0	s2 += s12 * 654183;
660	0	s3 -= s12 * 997805;
661	0	s4 += s12 * 136657;
662	0	s5 -= s12 * 683901;
663	0	s12 = 0; // NOLINT
664	0	carry0 = (s0 + (1 << 20)) >> 21;
665	0	s1 += carry0;
666	0	s0 -= shift_left(carry0, 21);
667	0	carry2 = (s2 + (1 << 20)) >> 21;
668	0	s3 += carry2;
669	0	s2 -= shift_left(carry2, 21);
670	0	carry4 = (s4 + (1 << 20)) >> 21;
671	0	s5 += carry4;
672	0	s4 -= shift_left(carry4, 21);
673	0	carry6 = (s6 + (1 << 20)) >> 21;
674	0	s7 += carry6;
675	0	s6 -= shift_left(carry6, 21);
676	0	carry8 = (s8 + (1 << 20)) >> 21;
677	0	s9 += carry8;
678	0	s8 -= shift_left(carry8, 21);
679	0	carry10 = (s10 + (1 << 20)) >> 21;
680	0	s11 += carry10;
681	0	s10 -= shift_left(carry10, 21);
682	0	carry1 = (s1 + (1 << 20)) >> 21;
683	0	s2 += carry1;
684	0	s1 -= shift_left(carry1, 21);
685	0	carry3 = (s3 + (1 << 20)) >> 21;
686	0	s4 += carry3;
687	0	s3 -= shift_left(carry3, 21);
688	0	carry5 = (s5 + (1 << 20)) >> 21;
689	0	s6 += carry5;
690	0	s5 -= shift_left(carry5, 21);
691	0	carry7 = (s7 + (1 << 20)) >> 21;
692	0	s8 += carry7;
693	0	s7 -= shift_left(carry7, 21);
694	0	carry9 = (s9 + (1 << 20)) >> 21;
695	0	s10 += carry9;
696	0	s9 -= shift_left(carry9, 21);
697	0	carry11 = (s11 + (1 << 20)) >> 21;
698	0	s12 += carry11;
699	0	s11 -= shift_left(carry11, 21);
700	0	s0 += s12 * 666643;
701	0	s1 += s12 * 470296;
702	0	s2 += s12 * 654183;
703	0	s3 -= s12 * 997805;
704	0	s4 += s12 * 136657;
705	0	s5 -= s12 * 683901;
706	0	s12 = 0;
707	0	carry0 = s0 >> 21;
708	0	s1 += carry0;
709	0	s0 -= shift_left(carry0, 21);
710	0	carry1 = s1 >> 21;
711	0	s2 += carry1;
712	0	s1 -= shift_left(carry1, 21);
713	0	carry2 = s2 >> 21;
714	0	s3 += carry2;
715	0	s2 -= shift_left(carry2, 21);
716	0	carry3 = s3 >> 21;
717	0	s4 += carry3;
718	0	s3 -= shift_left(carry3, 21);
719	0	carry4 = s4 >> 21;
720	0	s5 += carry4;
721	0	s4 -= shift_left(carry4, 21);
722	0	carry5 = s5 >> 21;
723	0	s6 += carry5;
724	0	s5 -= shift_left(carry5, 21);
725	0	carry6 = s6 >> 21;
726	0	s7 += carry6;
727	0	s6 -= shift_left(carry6, 21);
728	0	carry7 = s7 >> 21;
729	0	s8 += carry7;
730	0	s7 -= shift_left(carry7, 21);
731	0	carry8 = s8 >> 21;
732	0	s9 += carry8;
733	0	s8 -= shift_left(carry8, 21);
734	0	carry9 = s9 >> 21;
735	0	s10 += carry9;
736	0	s9 -= shift_left(carry9, 21);
737	0	carry10 = s10 >> 21;
738	0	s11 += carry10;
739	0	s10 -= shift_left(carry10, 21);
740	0	carry11 = s11 >> 21;
741	0	s12 += carry11;
742	0	s11 -= shift_left(carry11, 21);
743	0	s0 += s12 * 666643;
744	0	s1 += s12 * 470296;
745	0	s2 += s12 * 654183;
746	0	s3 -= s12 * 997805;
747	0	s4 += s12 * 136657;
748	0	s5 -= s12 * 683901;
749	0	s12 = 0; // NOLINT
750	0	carry0 = s0 >> 21;
751	0	s1 += carry0;
752	0	s0 -= shift_left(carry0, 21);
753	0	carry1 = s1 >> 21;
754	0	s2 += carry1;
755	0	s1 -= shift_left(carry1, 21);
756	0	carry2 = s2 >> 21;
757	0	s3 += carry2;
758	0	s2 -= shift_left(carry2, 21);
759	0	carry3 = s3 >> 21;
760	0	s4 += carry3;
761	0	s3 -= shift_left(carry3, 21);
762	0	carry4 = s4 >> 21;
763	0	s5 += carry4;
764	0	s4 -= shift_left(carry4, 21);
765	0	carry5 = s5 >> 21;
766	0	s6 += carry5;
767	0	s5 -= shift_left(carry5, 21);
768	0	carry6 = s6 >> 21;
769	0	s7 += carry6;
770	0	s6 -= shift_left(carry6, 21);
771	0	carry7 = s7 >> 21;
772	0	s8 += carry7;
773	0	s7 -= shift_left(carry7, 21);
774	0	carry8 = s8 >> 21;
775	0	s9 += carry8;
776	0	s8 -= shift_left(carry8, 21);
777	0	carry9 = s9 >> 21;
778	0	s10 += carry9;
779	0	s9 -= shift_left(carry9, 21);
780	0	carry10 = s10 >> 21;
781	0	s11 += carry10;
782	0	s10 -= shift_left(carry10, 21);
783
784	0	s[0] = (unsigned char) ((s0 >> 0) & 0xff);
785	0	s[1] = (unsigned char) ((s0 >> 8) & 0xff);
786	0	s[2] = (unsigned char) (((s0 >> 16) \| (s1 << 5)) & 0xff);
787	0	s[3] = (unsigned char) ((s1 >> 3) & 0xff);
788	0	s[4] = (unsigned char) ((s1 >> 11) & 0xff);
789	0	s[5] = (unsigned char) (((s1 >> 19) \| (s2 << 2)) & 0xff);
790	0	s[6] = (unsigned char) ((s2 >> 6) & 0xff);
791	0	s[7] = (unsigned char) (((s2 >> 14) \| (s3 << 7)) & 0xff);
792	0	s[8] = (unsigned char) ((s3 >> 1) & 0xff);
793	0	s[9] = (unsigned char) ((s3 >> 9) & 0xff);
794	0	s[10] = (unsigned char) (((s3 >> 17) \| (s4 << 4)) & 0xff);
795	0	s[11] = (unsigned char) ((s4 >> 4) & 0xff);
796	0	s[12] = (unsigned char) ((s4 >> 12) & 0xff);
797	0	s[13] = (unsigned char) (((s4 >> 20) \| (s5 << 1)) & 0xff);
798	0	s[14] = (unsigned char) ((s5 >> 7) & 0xff);
799	0	s[15] = (unsigned char) (((s5 >> 15) \| (s6 << 6)) & 0xff);
800	0	s[16] = (unsigned char) ((s6 >> 2) & 0xff);
801	0	s[17] = (unsigned char) ((s6 >> 10) & 0xff);
802	0	s[18] = (unsigned char) (((s6 >> 18) \| (s7 << 3)) & 0xff);
803	0	s[19] = (unsigned char) ((s7 >> 5) & 0xff);
804	0	s[20] = (unsigned char) ((s7 >> 13) & 0xff);
805	0	s[21] = (unsigned char) ((s8 >> 0) & 0xff);
806	0	s[22] = (unsigned char) ((s8 >> 8) & 0xff);
807	0	s[23] = (unsigned char) (((s8 >> 16) \| (s9 << 5)) & 0xff);
808	0	s[24] = (unsigned char) ((s9 >> 3) & 0xff);
809	0	s[25] = (unsigned char) ((s9 >> 11) & 0xff);
810	0	s[26] = (unsigned char) (((s9 >> 19) \| (s10 << 2)) & 0xff);
811	0	s[27] = (unsigned char) ((s10 >> 6) & 0xff);
812	0	s[28] = (unsigned char) (((s10 >> 14) \| (s11 << 7)) & 0xff);
813	0	s[29] = (unsigned char) ((s11 >> 1) & 0xff);
814	0	s[30] = (unsigned char) ((s11 >> 9) & 0xff);
815	0	s[31] = (unsigned char) ((s11 >> 17) & 0xff);
816	0	}

Coverage Report

Created: 2025-11-11 06:36