1 /* 2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 /* 27 * This file is generated by FieldGen.jsh. Do not modify it directly. 28 */ 29 30 package sun.security.util.math.intpoly; 31 32 import java.math.BigInteger; 33 public class IntegerPolynomialP384 extends IntegerPolynomial { 34 private static final int BITS_PER_LIMB = 28; 35 private static final int NUM_LIMBS = 14; 36 private static final int MAX_ADDS = 2; 37 public static final BigInteger MODULUS = evaluateModulus(); 38 private static final long CARRY_ADD = 1 << 27; 39 private static final int LIMB_MASK = -1 >>> (64 - BITS_PER_LIMB); IntegerPolynomialP384()40 public IntegerPolynomialP384() { 41 42 super(BITS_PER_LIMB, NUM_LIMBS, MAX_ADDS, MODULUS); 43 44 } evaluateModulus()45 private static BigInteger evaluateModulus() { 46 BigInteger result = BigInteger.valueOf(2).pow(384); 47 result = result.subtract(BigInteger.valueOf(2).pow(128)); 48 result = result.subtract(BigInteger.valueOf(2).pow(96)); 49 result = result.add(BigInteger.valueOf(2).pow(32)); 50 result = result.subtract(BigInteger.valueOf(1)); 51 return result; 52 } 53 @Override finalCarryReduceLast(long[] limbs)54 protected void finalCarryReduceLast(long[] limbs) { 55 long c = limbs[13] >> 20; 56 limbs[13] -= c << 20; 57 limbs[4] += (c << 16) & LIMB_MASK; 58 limbs[5] += c >> 12; 59 limbs[3] += (c << 12) & LIMB_MASK; 60 limbs[4] += c >> 16; 61 limbs[1] -= (c << 4) & LIMB_MASK; 62 limbs[2] -= c >> 24; 63 limbs[0] += c; 64 } carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26)65 private void carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26) { 66 long c27 = 0; 67 //reduce from position 26 68 c16 += (c26 << 24) & LIMB_MASK; 69 c17 += c26 >> 4; 70 c15 += (c26 << 20) & LIMB_MASK; 71 c16 += c26 >> 8; 72 c13 -= (c26 << 12) & LIMB_MASK; 73 c14 -= c26 >> 16; 74 c12 += (c26 << 8) & LIMB_MASK; 75 c13 += c26 >> 20; 76 //reduce from position 25 77 c15 += (c25 << 24) & LIMB_MASK; 78 c16 += c25 >> 4; 79 c14 += (c25 << 20) & LIMB_MASK; 80 c15 += c25 >> 8; 81 c12 -= (c25 << 12) & LIMB_MASK; 82 c13 -= c25 >> 16; 83 c11 += (c25 << 8) & LIMB_MASK; 84 c12 += c25 >> 20; 85 //reduce from position 24 86 c14 += (c24 << 24) & LIMB_MASK; 87 c15 += c24 >> 4; 88 c13 += (c24 << 20) & LIMB_MASK; 89 c14 += c24 >> 8; 90 c11 -= (c24 << 12) & LIMB_MASK; 91 c12 -= c24 >> 16; 92 c10 += (c24 << 8) & LIMB_MASK; 93 c11 += c24 >> 20; 94 //reduce from position 23 95 c13 += (c23 << 24) & LIMB_MASK; 96 c14 += c23 >> 4; 97 c12 += (c23 << 20) & LIMB_MASK; 98 c13 += c23 >> 8; 99 c10 -= (c23 << 12) & LIMB_MASK; 100 c11 -= c23 >> 16; 101 c9 += (c23 << 8) & LIMB_MASK; 102 c10 += c23 >> 20; 103 //reduce from position 22 104 c12 += (c22 << 24) & LIMB_MASK; 105 c13 += c22 >> 4; 106 c11 += (c22 << 20) & LIMB_MASK; 107 c12 += c22 >> 8; 108 c9 -= (c22 << 12) & LIMB_MASK; 109 c10 -= c22 >> 16; 110 c8 += (c22 << 8) & LIMB_MASK; 111 c9 += c22 >> 20; 112 //reduce from position 21 113 c11 += (c21 << 24) & LIMB_MASK; 114 c12 += c21 >> 4; 115 c10 += (c21 << 20) & LIMB_MASK; 116 c11 += c21 >> 8; 117 c8 -= (c21 << 12) & LIMB_MASK; 118 c9 -= c21 >> 16; 119 c7 += (c21 << 8) & LIMB_MASK; 120 c8 += c21 >> 20; 121 //reduce from position 20 122 c10 += (c20 << 24) & LIMB_MASK; 123 c11 += c20 >> 4; 124 c9 += (c20 << 20) & LIMB_MASK; 125 c10 += c20 >> 8; 126 c7 -= (c20 << 12) & LIMB_MASK; 127 c8 -= c20 >> 16; 128 c6 += (c20 << 8) & LIMB_MASK; 129 c7 += c20 >> 20; 130 //reduce from position 19 131 c9 += (c19 << 24) & LIMB_MASK; 132 c10 += c19 >> 4; 133 c8 += (c19 << 20) & LIMB_MASK; 134 c9 += c19 >> 8; 135 c6 -= (c19 << 12) & LIMB_MASK; 136 c7 -= c19 >> 16; 137 c5 += (c19 << 8) & LIMB_MASK; 138 c6 += c19 >> 20; 139 //reduce from position 18 140 c8 += (c18 << 24) & LIMB_MASK; 141 c9 += c18 >> 4; 142 c7 += (c18 << 20) & LIMB_MASK; 143 c8 += c18 >> 8; 144 c5 -= (c18 << 12) & LIMB_MASK; 145 c6 -= c18 >> 16; 146 c4 += (c18 << 8) & LIMB_MASK; 147 c5 += c18 >> 20; 148 //reduce from position 17 149 c7 += (c17 << 24) & LIMB_MASK; 150 c8 += c17 >> 4; 151 c6 += (c17 << 20) & LIMB_MASK; 152 c7 += c17 >> 8; 153 c4 -= (c17 << 12) & LIMB_MASK; 154 c5 -= c17 >> 16; 155 c3 += (c17 << 8) & LIMB_MASK; 156 c4 += c17 >> 20; 157 //reduce from position 16 158 c6 += (c16 << 24) & LIMB_MASK; 159 c7 += c16 >> 4; 160 c5 += (c16 << 20) & LIMB_MASK; 161 c6 += c16 >> 8; 162 c3 -= (c16 << 12) & LIMB_MASK; 163 c4 -= c16 >> 16; 164 c2 += (c16 << 8) & LIMB_MASK; 165 c3 += c16 >> 20; 166 //reduce from position 15 167 c5 += (c15 << 24) & LIMB_MASK; 168 c6 += c15 >> 4; 169 c4 += (c15 << 20) & LIMB_MASK; 170 c5 += c15 >> 8; 171 c2 -= (c15 << 12) & LIMB_MASK; 172 c3 -= c15 >> 16; 173 c1 += (c15 << 8) & LIMB_MASK; 174 c2 += c15 >> 20; 175 //reduce from position 14 176 c4 += (c14 << 24) & LIMB_MASK; 177 c5 += c14 >> 4; 178 c3 += (c14 << 20) & LIMB_MASK; 179 c4 += c14 >> 8; 180 c1 -= (c14 << 12) & LIMB_MASK; 181 c2 -= c14 >> 16; 182 c0 += (c14 << 8) & LIMB_MASK; 183 c1 += c14 >> 20; 184 c14 = 0; 185 186 carryReduce0(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27); 187 } carryReduce0(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27)188 void carryReduce0(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27) { 189 190 //carry from position 12 191 long t0 = (c12 + CARRY_ADD) >> 28; 192 c12 -= (t0 << 28); 193 c13 += t0; 194 //carry from position 13 195 t0 = (c13 + CARRY_ADD) >> 28; 196 c13 -= (t0 << 28); 197 c14 += t0; 198 //reduce from position 14 199 c4 += (c14 << 24) & LIMB_MASK; 200 c5 += c14 >> 4; 201 c3 += (c14 << 20) & LIMB_MASK; 202 c4 += c14 >> 8; 203 c1 -= (c14 << 12) & LIMB_MASK; 204 c2 -= c14 >> 16; 205 c0 += (c14 << 8) & LIMB_MASK; 206 c1 += c14 >> 20; 207 //carry from position 0 208 t0 = (c0 + CARRY_ADD) >> 28; 209 c0 -= (t0 << 28); 210 c1 += t0; 211 //carry from position 1 212 t0 = (c1 + CARRY_ADD) >> 28; 213 c1 -= (t0 << 28); 214 c2 += t0; 215 //carry from position 2 216 t0 = (c2 + CARRY_ADD) >> 28; 217 c2 -= (t0 << 28); 218 c3 += t0; 219 //carry from position 3 220 t0 = (c3 + CARRY_ADD) >> 28; 221 c3 -= (t0 << 28); 222 c4 += t0; 223 //carry from position 4 224 t0 = (c4 + CARRY_ADD) >> 28; 225 c4 -= (t0 << 28); 226 c5 += t0; 227 //carry from position 5 228 t0 = (c5 + CARRY_ADD) >> 28; 229 c5 -= (t0 << 28); 230 c6 += t0; 231 //carry from position 6 232 t0 = (c6 + CARRY_ADD) >> 28; 233 c6 -= (t0 << 28); 234 c7 += t0; 235 //carry from position 7 236 t0 = (c7 + CARRY_ADD) >> 28; 237 c7 -= (t0 << 28); 238 c8 += t0; 239 //carry from position 8 240 t0 = (c8 + CARRY_ADD) >> 28; 241 c8 -= (t0 << 28); 242 c9 += t0; 243 //carry from position 9 244 t0 = (c9 + CARRY_ADD) >> 28; 245 c9 -= (t0 << 28); 246 c10 += t0; 247 //carry from position 10 248 t0 = (c10 + CARRY_ADD) >> 28; 249 c10 -= (t0 << 28); 250 c11 += t0; 251 //carry from position 11 252 t0 = (c11 + CARRY_ADD) >> 28; 253 c11 -= (t0 << 28); 254 c12 += t0; 255 //carry from position 12 256 t0 = (c12 + CARRY_ADD) >> 28; 257 c12 -= (t0 << 28); 258 c13 += t0; 259 260 r[0] = c0; 261 r[1] = c1; 262 r[2] = c2; 263 r[3] = c3; 264 r[4] = c4; 265 r[5] = c5; 266 r[6] = c6; 267 r[7] = c7; 268 r[8] = c8; 269 r[9] = c9; 270 r[10] = c10; 271 r[11] = c11; 272 r[12] = c12; 273 r[13] = c13; 274 } carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13)275 private void carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13) { 276 long c14 = 0; 277 //carry from position 12 278 long t0 = (c12 + CARRY_ADD) >> 28; 279 c12 -= (t0 << 28); 280 c13 += t0; 281 //carry from position 13 282 t0 = (c13 + CARRY_ADD) >> 28; 283 c13 -= (t0 << 28); 284 c14 += t0; 285 //reduce from position 14 286 c4 += (c14 << 24) & LIMB_MASK; 287 c5 += c14 >> 4; 288 c3 += (c14 << 20) & LIMB_MASK; 289 c4 += c14 >> 8; 290 c1 -= (c14 << 12) & LIMB_MASK; 291 c2 -= c14 >> 16; 292 c0 += (c14 << 8) & LIMB_MASK; 293 c1 += c14 >> 20; 294 //carry from position 0 295 t0 = (c0 + CARRY_ADD) >> 28; 296 c0 -= (t0 << 28); 297 c1 += t0; 298 //carry from position 1 299 t0 = (c1 + CARRY_ADD) >> 28; 300 c1 -= (t0 << 28); 301 c2 += t0; 302 //carry from position 2 303 t0 = (c2 + CARRY_ADD) >> 28; 304 c2 -= (t0 << 28); 305 c3 += t0; 306 //carry from position 3 307 t0 = (c3 + CARRY_ADD) >> 28; 308 c3 -= (t0 << 28); 309 c4 += t0; 310 //carry from position 4 311 t0 = (c4 + CARRY_ADD) >> 28; 312 c4 -= (t0 << 28); 313 c5 += t0; 314 //carry from position 5 315 t0 = (c5 + CARRY_ADD) >> 28; 316 c5 -= (t0 << 28); 317 c6 += t0; 318 //carry from position 6 319 t0 = (c6 + CARRY_ADD) >> 28; 320 c6 -= (t0 << 28); 321 c7 += t0; 322 //carry from position 7 323 t0 = (c7 + CARRY_ADD) >> 28; 324 c7 -= (t0 << 28); 325 c8 += t0; 326 //carry from position 8 327 t0 = (c8 + CARRY_ADD) >> 28; 328 c8 -= (t0 << 28); 329 c9 += t0; 330 //carry from position 9 331 t0 = (c9 + CARRY_ADD) >> 28; 332 c9 -= (t0 << 28); 333 c10 += t0; 334 //carry from position 10 335 t0 = (c10 + CARRY_ADD) >> 28; 336 c10 -= (t0 << 28); 337 c11 += t0; 338 //carry from position 11 339 t0 = (c11 + CARRY_ADD) >> 28; 340 c11 -= (t0 << 28); 341 c12 += t0; 342 //carry from position 12 343 t0 = (c12 + CARRY_ADD) >> 28; 344 c12 -= (t0 << 28); 345 c13 += t0; 346 347 r[0] = c0; 348 r[1] = c1; 349 r[2] = c2; 350 r[3] = c3; 351 r[4] = c4; 352 r[5] = c5; 353 r[6] = c6; 354 r[7] = c7; 355 r[8] = c8; 356 r[9] = c9; 357 r[10] = c10; 358 r[11] = c11; 359 r[12] = c12; 360 r[13] = c13; 361 } 362 @Override mult(long[] a, long[] b, long[] r)363 protected void mult(long[] a, long[] b, long[] r) { 364 long c0 = (a[0] * b[0]); 365 long c1 = (a[0] * b[1]) + (a[1] * b[0]); 366 long c2 = (a[0] * b[2]) + (a[1] * b[1]) + (a[2] * b[0]); 367 long c3 = (a[0] * b[3]) + (a[1] * b[2]) + (a[2] * b[1]) + (a[3] * b[0]); 368 long c4 = (a[0] * b[4]) + (a[1] * b[3]) + (a[2] * b[2]) + (a[3] * b[1]) + (a[4] * b[0]); 369 long c5 = (a[0] * b[5]) + (a[1] * b[4]) + (a[2] * b[3]) + (a[3] * b[2]) + (a[4] * b[1]) + (a[5] * b[0]); 370 long c6 = (a[0] * b[6]) + (a[1] * b[5]) + (a[2] * b[4]) + (a[3] * b[3]) + (a[4] * b[2]) + (a[5] * b[1]) + (a[6] * b[0]); 371 long c7 = (a[0] * b[7]) + (a[1] * b[6]) + (a[2] * b[5]) + (a[3] * b[4]) + (a[4] * b[3]) + (a[5] * b[2]) + (a[6] * b[1]) + (a[7] * b[0]); 372 long c8 = (a[0] * b[8]) + (a[1] * b[7]) + (a[2] * b[6]) + (a[3] * b[5]) + (a[4] * b[4]) + (a[5] * b[3]) + (a[6] * b[2]) + (a[7] * b[1]) + (a[8] * b[0]); 373 long c9 = (a[0] * b[9]) + (a[1] * b[8]) + (a[2] * b[7]) + (a[3] * b[6]) + (a[4] * b[5]) + (a[5] * b[4]) + (a[6] * b[3]) + (a[7] * b[2]) + (a[8] * b[1]) + (a[9] * b[0]); 374 long c10 = (a[0] * b[10]) + (a[1] * b[9]) + (a[2] * b[8]) + (a[3] * b[7]) + (a[4] * b[6]) + (a[5] * b[5]) + (a[6] * b[4]) + (a[7] * b[3]) + (a[8] * b[2]) + (a[9] * b[1]) + (a[10] * b[0]); 375 long c11 = (a[0] * b[11]) + (a[1] * b[10]) + (a[2] * b[9]) + (a[3] * b[8]) + (a[4] * b[7]) + (a[5] * b[6]) + (a[6] * b[5]) + (a[7] * b[4]) + (a[8] * b[3]) + (a[9] * b[2]) + (a[10] * b[1]) + (a[11] * b[0]); 376 long c12 = (a[0] * b[12]) + (a[1] * b[11]) + (a[2] * b[10]) + (a[3] * b[9]) + (a[4] * b[8]) + (a[5] * b[7]) + (a[6] * b[6]) + (a[7] * b[5]) + (a[8] * b[4]) + (a[9] * b[3]) + (a[10] * b[2]) + (a[11] * b[1]) + (a[12] * b[0]); 377 long c13 = (a[0] * b[13]) + (a[1] * b[12]) + (a[2] * b[11]) + (a[3] * b[10]) + (a[4] * b[9]) + (a[5] * b[8]) + (a[6] * b[7]) + (a[7] * b[6]) + (a[8] * b[5]) + (a[9] * b[4]) + (a[10] * b[3]) + (a[11] * b[2]) + (a[12] * b[1]) + (a[13] * b[0]); 378 long c14 = (a[1] * b[13]) + (a[2] * b[12]) + (a[3] * b[11]) + (a[4] * b[10]) + (a[5] * b[9]) + (a[6] * b[8]) + (a[7] * b[7]) + (a[8] * b[6]) + (a[9] * b[5]) + (a[10] * b[4]) + (a[11] * b[3]) + (a[12] * b[2]) + (a[13] * b[1]); 379 long c15 = (a[2] * b[13]) + (a[3] * b[12]) + (a[4] * b[11]) + (a[5] * b[10]) + (a[6] * b[9]) + (a[7] * b[8]) + (a[8] * b[7]) + (a[9] * b[6]) + (a[10] * b[5]) + (a[11] * b[4]) + (a[12] * b[3]) + (a[13] * b[2]); 380 long c16 = (a[3] * b[13]) + (a[4] * b[12]) + (a[5] * b[11]) + (a[6] * b[10]) + (a[7] * b[9]) + (a[8] * b[8]) + (a[9] * b[7]) + (a[10] * b[6]) + (a[11] * b[5]) + (a[12] * b[4]) + (a[13] * b[3]); 381 long c17 = (a[4] * b[13]) + (a[5] * b[12]) + (a[6] * b[11]) + (a[7] * b[10]) + (a[8] * b[9]) + (a[9] * b[8]) + (a[10] * b[7]) + (a[11] * b[6]) + (a[12] * b[5]) + (a[13] * b[4]); 382 long c18 = (a[5] * b[13]) + (a[6] * b[12]) + (a[7] * b[11]) + (a[8] * b[10]) + (a[9] * b[9]) + (a[10] * b[8]) + (a[11] * b[7]) + (a[12] * b[6]) + (a[13] * b[5]); 383 long c19 = (a[6] * b[13]) + (a[7] * b[12]) + (a[8] * b[11]) + (a[9] * b[10]) + (a[10] * b[9]) + (a[11] * b[8]) + (a[12] * b[7]) + (a[13] * b[6]); 384 long c20 = (a[7] * b[13]) + (a[8] * b[12]) + (a[9] * b[11]) + (a[10] * b[10]) + (a[11] * b[9]) + (a[12] * b[8]) + (a[13] * b[7]); 385 long c21 = (a[8] * b[13]) + (a[9] * b[12]) + (a[10] * b[11]) + (a[11] * b[10]) + (a[12] * b[9]) + (a[13] * b[8]); 386 long c22 = (a[9] * b[13]) + (a[10] * b[12]) + (a[11] * b[11]) + (a[12] * b[10]) + (a[13] * b[9]); 387 long c23 = (a[10] * b[13]) + (a[11] * b[12]) + (a[12] * b[11]) + (a[13] * b[10]); 388 long c24 = (a[11] * b[13]) + (a[12] * b[12]) + (a[13] * b[11]); 389 long c25 = (a[12] * b[13]) + (a[13] * b[12]); 390 long c26 = (a[13] * b[13]); 391 392 carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26); 393 } 394 @Override reduce(long[] a)395 protected void reduce(long[] a) { 396 carryReduce(a, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13]); 397 } 398 @Override square(long[] a, long[] r)399 protected void square(long[] a, long[] r) { 400 long c0 = (a[0] * a[0]); 401 long c1 = 2 * ((a[0] * a[1])); 402 long c2 = 2 * ((a[0] * a[2])) + (a[1] * a[1]); 403 long c3 = 2 * ((a[0] * a[3]) + (a[1] * a[2])); 404 long c4 = 2 * ((a[0] * a[4]) + (a[1] * a[3])) + (a[2] * a[2]); 405 long c5 = 2 * ((a[0] * a[5]) + (a[1] * a[4]) + (a[2] * a[3])); 406 long c6 = 2 * ((a[0] * a[6]) + (a[1] * a[5]) + (a[2] * a[4])) + (a[3] * a[3]); 407 long c7 = 2 * ((a[0] * a[7]) + (a[1] * a[6]) + (a[2] * a[5]) + (a[3] * a[4])); 408 long c8 = 2 * ((a[0] * a[8]) + (a[1] * a[7]) + (a[2] * a[6]) + (a[3] * a[5])) + (a[4] * a[4]); 409 long c9 = 2 * ((a[0] * a[9]) + (a[1] * a[8]) + (a[2] * a[7]) + (a[3] * a[6]) + (a[4] * a[5])); 410 long c10 = 2 * ((a[0] * a[10]) + (a[1] * a[9]) + (a[2] * a[8]) + (a[3] * a[7]) + (a[4] * a[6])) + (a[5] * a[5]); 411 long c11 = 2 * ((a[0] * a[11]) + (a[1] * a[10]) + (a[2] * a[9]) + (a[3] * a[8]) + (a[4] * a[7]) + (a[5] * a[6])); 412 long c12 = 2 * ((a[0] * a[12]) + (a[1] * a[11]) + (a[2] * a[10]) + (a[3] * a[9]) + (a[4] * a[8]) + (a[5] * a[7])) + (a[6] * a[6]); 413 long c13 = 2 * ((a[0] * a[13]) + (a[1] * a[12]) + (a[2] * a[11]) + (a[3] * a[10]) + (a[4] * a[9]) + (a[5] * a[8]) + (a[6] * a[7])); 414 long c14 = 2 * ((a[1] * a[13]) + (a[2] * a[12]) + (a[3] * a[11]) + (a[4] * a[10]) + (a[5] * a[9]) + (a[6] * a[8])) + (a[7] * a[7]); 415 long c15 = 2 * ((a[2] * a[13]) + (a[3] * a[12]) + (a[4] * a[11]) + (a[5] * a[10]) + (a[6] * a[9]) + (a[7] * a[8])); 416 long c16 = 2 * ((a[3] * a[13]) + (a[4] * a[12]) + (a[5] * a[11]) + (a[6] * a[10]) + (a[7] * a[9])) + (a[8] * a[8]); 417 long c17 = 2 * ((a[4] * a[13]) + (a[5] * a[12]) + (a[6] * a[11]) + (a[7] * a[10]) + (a[8] * a[9])); 418 long c18 = 2 * ((a[5] * a[13]) + (a[6] * a[12]) + (a[7] * a[11]) + (a[8] * a[10])) + (a[9] * a[9]); 419 long c19 = 2 * ((a[6] * a[13]) + (a[7] * a[12]) + (a[8] * a[11]) + (a[9] * a[10])); 420 long c20 = 2 * ((a[7] * a[13]) + (a[8] * a[12]) + (a[9] * a[11])) + (a[10] * a[10]); 421 long c21 = 2 * ((a[8] * a[13]) + (a[9] * a[12]) + (a[10] * a[11])); 422 long c22 = 2 * ((a[9] * a[13]) + (a[10] * a[12])) + (a[11] * a[11]); 423 long c23 = 2 * ((a[10] * a[13]) + (a[11] * a[12])); 424 long c24 = 2 * ((a[11] * a[13])) + (a[12] * a[12]); 425 long c25 = 2 * ((a[12] * a[13])); 426 long c26 = (a[13] * a[13]); 427 428 carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26); 429 } 430 } 431 432