1 /* 2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 /* 27 * This file is generated by FieldGen.jsh. Do not modify it directly. 28 */ 29 30 package sun.security.util.math.intpoly; 31 32 import java.math.BigInteger; 33 public class P521OrderField extends IntegerPolynomial { 34 private static final int BITS_PER_LIMB = 28; 35 private static final int NUM_LIMBS = 19; 36 private static final int MAX_ADDS = 1; 37 public static final BigInteger MODULUS = evaluateModulus(); 38 private static final long CARRY_ADD = 1 << 27; 39 private static final int LIMB_MASK = -1 >>> (64 - BITS_PER_LIMB); P521OrderField()40 public P521OrderField() { 41 42 super(BITS_PER_LIMB, NUM_LIMBS, MAX_ADDS, MODULUS); 43 44 } evaluateModulus()45 private static BigInteger evaluateModulus() { 46 BigInteger result = BigInteger.valueOf(2).pow(521); 47 result = result.add(BigInteger.valueOf(20472841)); 48 result = result.add(BigInteger.valueOf(2).pow(28).multiply(BigInteger.valueOf(117141993))); 49 result = result.subtract(BigInteger.valueOf(2).pow(56).multiply(BigInteger.valueOf(62411077))); 50 result = result.subtract(BigInteger.valueOf(2).pow(84).multiply(BigInteger.valueOf(56915814))); 51 result = result.add(BigInteger.valueOf(2).pow(112).multiply(BigInteger.valueOf(97532854))); 52 result = result.add(BigInteger.valueOf(2).pow(140).multiply(BigInteger.valueOf(76509338))); 53 result = result.subtract(BigInteger.valueOf(2).pow(168).multiply(BigInteger.valueOf(75510783))); 54 result = result.subtract(BigInteger.valueOf(2).pow(196).multiply(BigInteger.valueOf(67962521))); 55 result = result.add(BigInteger.valueOf(2).pow(224).multiply(BigInteger.valueOf(25593732))); 56 result = result.subtract(BigInteger.valueOf(2).pow(252).multiply(BigInteger.valueOf(91))); 57 return result; 58 } 59 @Override finalCarryReduceLast(long[] limbs)60 protected void finalCarryReduceLast(long[] limbs) { 61 long c = limbs[18] >> 17; 62 limbs[18] -= c << 17; 63 long t0 = -20472841 * c; 64 limbs[0] += t0; 65 t0 = -117141993 * c; 66 limbs[1] += t0; 67 t0 = 62411077 * c; 68 limbs[2] += t0; 69 t0 = 56915814 * c; 70 limbs[3] += t0; 71 t0 = -97532854 * c; 72 limbs[4] += t0; 73 t0 = -76509338 * c; 74 limbs[5] += t0; 75 t0 = 75510783 * c; 76 limbs[6] += t0; 77 t0 = 67962521 * c; 78 limbs[7] += t0; 79 t0 = -25593732 * c; 80 limbs[8] += t0; 81 t0 = 91 * c; 82 limbs[9] += t0; 83 } carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36)84 private void carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36) { 85 long c37 = 0; 86 //carry from position 0 87 long t0 = (c0 + CARRY_ADD) >> 28; 88 c0 -= (t0 << 28); 89 c1 += t0; 90 //carry from position 1 91 t0 = (c1 + CARRY_ADD) >> 28; 92 c1 -= (t0 << 28); 93 c2 += t0; 94 //carry from position 2 95 t0 = (c2 + CARRY_ADD) >> 28; 96 c2 -= (t0 << 28); 97 c3 += t0; 98 //carry from position 3 99 t0 = (c3 + CARRY_ADD) >> 28; 100 c3 -= (t0 << 28); 101 c4 += t0; 102 //carry from position 4 103 t0 = (c4 + CARRY_ADD) >> 28; 104 c4 -= (t0 << 28); 105 c5 += t0; 106 //carry from position 5 107 t0 = (c5 + CARRY_ADD) >> 28; 108 c5 -= (t0 << 28); 109 c6 += t0; 110 //carry from position 6 111 t0 = (c6 + CARRY_ADD) >> 28; 112 c6 -= (t0 << 28); 113 c7 += t0; 114 //carry from position 7 115 t0 = (c7 + CARRY_ADD) >> 28; 116 c7 -= (t0 << 28); 117 c8 += t0; 118 //carry from position 8 119 t0 = (c8 + CARRY_ADD) >> 28; 120 c8 -= (t0 << 28); 121 c9 += t0; 122 //carry from position 9 123 t0 = (c9 + CARRY_ADD) >> 28; 124 c9 -= (t0 << 28); 125 c10 += t0; 126 //carry from position 10 127 t0 = (c10 + CARRY_ADD) >> 28; 128 c10 -= (t0 << 28); 129 c11 += t0; 130 //carry from position 11 131 t0 = (c11 + CARRY_ADD) >> 28; 132 c11 -= (t0 << 28); 133 c12 += t0; 134 //carry from position 12 135 t0 = (c12 + CARRY_ADD) >> 28; 136 c12 -= (t0 << 28); 137 c13 += t0; 138 //carry from position 13 139 t0 = (c13 + CARRY_ADD) >> 28; 140 c13 -= (t0 << 28); 141 c14 += t0; 142 //carry from position 14 143 t0 = (c14 + CARRY_ADD) >> 28; 144 c14 -= (t0 << 28); 145 c15 += t0; 146 //carry from position 15 147 t0 = (c15 + CARRY_ADD) >> 28; 148 c15 -= (t0 << 28); 149 c16 += t0; 150 //carry from position 16 151 t0 = (c16 + CARRY_ADD) >> 28; 152 c16 -= (t0 << 28); 153 c17 += t0; 154 //carry from position 17 155 t0 = (c17 + CARRY_ADD) >> 28; 156 c17 -= (t0 << 28); 157 c18 += t0; 158 //carry from position 18 159 t0 = (c18 + CARRY_ADD) >> 28; 160 c18 -= (t0 << 28); 161 c19 += t0; 162 //carry from position 19 163 t0 = (c19 + CARRY_ADD) >> 28; 164 c19 -= (t0 << 28); 165 c20 += t0; 166 //carry from position 20 167 t0 = (c20 + CARRY_ADD) >> 28; 168 c20 -= (t0 << 28); 169 c21 += t0; 170 //carry from position 21 171 t0 = (c21 + CARRY_ADD) >> 28; 172 c21 -= (t0 << 28); 173 c22 += t0; 174 //carry from position 22 175 t0 = (c22 + CARRY_ADD) >> 28; 176 c22 -= (t0 << 28); 177 c23 += t0; 178 //carry from position 23 179 t0 = (c23 + CARRY_ADD) >> 28; 180 c23 -= (t0 << 28); 181 c24 += t0; 182 //carry from position 24 183 t0 = (c24 + CARRY_ADD) >> 28; 184 c24 -= (t0 << 28); 185 c25 += t0; 186 //carry from position 25 187 t0 = (c25 + CARRY_ADD) >> 28; 188 c25 -= (t0 << 28); 189 c26 += t0; 190 //carry from position 26 191 t0 = (c26 + CARRY_ADD) >> 28; 192 c26 -= (t0 << 28); 193 c27 += t0; 194 //carry from position 27 195 t0 = (c27 + CARRY_ADD) >> 28; 196 c27 -= (t0 << 28); 197 c28 += t0; 198 //carry from position 28 199 t0 = (c28 + CARRY_ADD) >> 28; 200 c28 -= (t0 << 28); 201 c29 += t0; 202 //carry from position 29 203 t0 = (c29 + CARRY_ADD) >> 28; 204 c29 -= (t0 << 28); 205 c30 += t0; 206 //carry from position 30 207 t0 = (c30 + CARRY_ADD) >> 28; 208 c30 -= (t0 << 28); 209 c31 += t0; 210 //carry from position 31 211 t0 = (c31 + CARRY_ADD) >> 28; 212 c31 -= (t0 << 28); 213 c32 += t0; 214 //carry from position 32 215 t0 = (c32 + CARRY_ADD) >> 28; 216 c32 -= (t0 << 28); 217 c33 += t0; 218 //carry from position 33 219 t0 = (c33 + CARRY_ADD) >> 28; 220 c33 -= (t0 << 28); 221 c34 += t0; 222 //carry from position 34 223 t0 = (c34 + CARRY_ADD) >> 28; 224 c34 -= (t0 << 28); 225 c35 += t0; 226 //carry from position 35 227 t0 = (c35 + CARRY_ADD) >> 28; 228 c35 -= (t0 << 28); 229 c36 += t0; 230 //carry from position 36 231 t0 = (c36 + CARRY_ADD) >> 28; 232 c36 -= (t0 << 28); 233 c37 += t0; 234 235 carryReduce0(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36, c37); 236 } carryReduce0(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37)237 void carryReduce0(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37) { 238 long t0; 239 240 //reduce from position 37 241 t0 = -20472841 * c37; 242 c18 += (t0 << 11) & LIMB_MASK; 243 c19 += t0 >> 17; 244 t0 = -117141993 * c37; 245 c19 += (t0 << 11) & LIMB_MASK; 246 c20 += t0 >> 17; 247 t0 = 62411077 * c37; 248 c20 += (t0 << 11) & LIMB_MASK; 249 c21 += t0 >> 17; 250 t0 = 56915814 * c37; 251 c21 += (t0 << 11) & LIMB_MASK; 252 c22 += t0 >> 17; 253 t0 = -97532854 * c37; 254 c22 += (t0 << 11) & LIMB_MASK; 255 c23 += t0 >> 17; 256 t0 = -76509338 * c37; 257 c23 += (t0 << 11) & LIMB_MASK; 258 c24 += t0 >> 17; 259 t0 = 75510783 * c37; 260 c24 += (t0 << 11) & LIMB_MASK; 261 c25 += t0 >> 17; 262 t0 = 67962521 * c37; 263 c25 += (t0 << 11) & LIMB_MASK; 264 c26 += t0 >> 17; 265 t0 = -25593732 * c37; 266 c26 += (t0 << 11) & LIMB_MASK; 267 c27 += t0 >> 17; 268 t0 = 91 * c37; 269 c27 += (t0 << 11) & LIMB_MASK; 270 c28 += t0 >> 17; 271 //reduce from position 36 272 t0 = -20472841 * c36; 273 c17 += (t0 << 11) & LIMB_MASK; 274 c18 += t0 >> 17; 275 t0 = -117141993 * c36; 276 c18 += (t0 << 11) & LIMB_MASK; 277 c19 += t0 >> 17; 278 t0 = 62411077 * c36; 279 c19 += (t0 << 11) & LIMB_MASK; 280 c20 += t0 >> 17; 281 t0 = 56915814 * c36; 282 c20 += (t0 << 11) & LIMB_MASK; 283 c21 += t0 >> 17; 284 t0 = -97532854 * c36; 285 c21 += (t0 << 11) & LIMB_MASK; 286 c22 += t0 >> 17; 287 t0 = -76509338 * c36; 288 c22 += (t0 << 11) & LIMB_MASK; 289 c23 += t0 >> 17; 290 t0 = 75510783 * c36; 291 c23 += (t0 << 11) & LIMB_MASK; 292 c24 += t0 >> 17; 293 t0 = 67962521 * c36; 294 c24 += (t0 << 11) & LIMB_MASK; 295 c25 += t0 >> 17; 296 t0 = -25593732 * c36; 297 c25 += (t0 << 11) & LIMB_MASK; 298 c26 += t0 >> 17; 299 t0 = 91 * c36; 300 c26 += (t0 << 11) & LIMB_MASK; 301 c27 += t0 >> 17; 302 //reduce from position 35 303 t0 = -20472841 * c35; 304 c16 += (t0 << 11) & LIMB_MASK; 305 c17 += t0 >> 17; 306 t0 = -117141993 * c35; 307 c17 += (t0 << 11) & LIMB_MASK; 308 c18 += t0 >> 17; 309 t0 = 62411077 * c35; 310 c18 += (t0 << 11) & LIMB_MASK; 311 c19 += t0 >> 17; 312 t0 = 56915814 * c35; 313 c19 += (t0 << 11) & LIMB_MASK; 314 c20 += t0 >> 17; 315 t0 = -97532854 * c35; 316 c20 += (t0 << 11) & LIMB_MASK; 317 c21 += t0 >> 17; 318 t0 = -76509338 * c35; 319 c21 += (t0 << 11) & LIMB_MASK; 320 c22 += t0 >> 17; 321 t0 = 75510783 * c35; 322 c22 += (t0 << 11) & LIMB_MASK; 323 c23 += t0 >> 17; 324 t0 = 67962521 * c35; 325 c23 += (t0 << 11) & LIMB_MASK; 326 c24 += t0 >> 17; 327 t0 = -25593732 * c35; 328 c24 += (t0 << 11) & LIMB_MASK; 329 c25 += t0 >> 17; 330 t0 = 91 * c35; 331 c25 += (t0 << 11) & LIMB_MASK; 332 c26 += t0 >> 17; 333 //reduce from position 34 334 t0 = -20472841 * c34; 335 c15 += (t0 << 11) & LIMB_MASK; 336 c16 += t0 >> 17; 337 t0 = -117141993 * c34; 338 c16 += (t0 << 11) & LIMB_MASK; 339 c17 += t0 >> 17; 340 t0 = 62411077 * c34; 341 c17 += (t0 << 11) & LIMB_MASK; 342 c18 += t0 >> 17; 343 t0 = 56915814 * c34; 344 c18 += (t0 << 11) & LIMB_MASK; 345 c19 += t0 >> 17; 346 t0 = -97532854 * c34; 347 c19 += (t0 << 11) & LIMB_MASK; 348 c20 += t0 >> 17; 349 t0 = -76509338 * c34; 350 c20 += (t0 << 11) & LIMB_MASK; 351 c21 += t0 >> 17; 352 t0 = 75510783 * c34; 353 c21 += (t0 << 11) & LIMB_MASK; 354 c22 += t0 >> 17; 355 t0 = 67962521 * c34; 356 c22 += (t0 << 11) & LIMB_MASK; 357 c23 += t0 >> 17; 358 t0 = -25593732 * c34; 359 c23 += (t0 << 11) & LIMB_MASK; 360 c24 += t0 >> 17; 361 t0 = 91 * c34; 362 c24 += (t0 << 11) & LIMB_MASK; 363 c25 += t0 >> 17; 364 //reduce from position 33 365 t0 = -20472841 * c33; 366 c14 += (t0 << 11) & LIMB_MASK; 367 c15 += t0 >> 17; 368 t0 = -117141993 * c33; 369 c15 += (t0 << 11) & LIMB_MASK; 370 c16 += t0 >> 17; 371 t0 = 62411077 * c33; 372 c16 += (t0 << 11) & LIMB_MASK; 373 c17 += t0 >> 17; 374 t0 = 56915814 * c33; 375 c17 += (t0 << 11) & LIMB_MASK; 376 c18 += t0 >> 17; 377 t0 = -97532854 * c33; 378 c18 += (t0 << 11) & LIMB_MASK; 379 c19 += t0 >> 17; 380 t0 = -76509338 * c33; 381 c19 += (t0 << 11) & LIMB_MASK; 382 c20 += t0 >> 17; 383 t0 = 75510783 * c33; 384 c20 += (t0 << 11) & LIMB_MASK; 385 c21 += t0 >> 17; 386 t0 = 67962521 * c33; 387 c21 += (t0 << 11) & LIMB_MASK; 388 c22 += t0 >> 17; 389 t0 = -25593732 * c33; 390 c22 += (t0 << 11) & LIMB_MASK; 391 c23 += t0 >> 17; 392 t0 = 91 * c33; 393 c23 += (t0 << 11) & LIMB_MASK; 394 c24 += t0 >> 17; 395 //reduce from position 32 396 t0 = -20472841 * c32; 397 c13 += (t0 << 11) & LIMB_MASK; 398 c14 += t0 >> 17; 399 t0 = -117141993 * c32; 400 c14 += (t0 << 11) & LIMB_MASK; 401 c15 += t0 >> 17; 402 t0 = 62411077 * c32; 403 c15 += (t0 << 11) & LIMB_MASK; 404 c16 += t0 >> 17; 405 t0 = 56915814 * c32; 406 c16 += (t0 << 11) & LIMB_MASK; 407 c17 += t0 >> 17; 408 t0 = -97532854 * c32; 409 c17 += (t0 << 11) & LIMB_MASK; 410 c18 += t0 >> 17; 411 t0 = -76509338 * c32; 412 c18 += (t0 << 11) & LIMB_MASK; 413 c19 += t0 >> 17; 414 t0 = 75510783 * c32; 415 c19 += (t0 << 11) & LIMB_MASK; 416 c20 += t0 >> 17; 417 t0 = 67962521 * c32; 418 c20 += (t0 << 11) & LIMB_MASK; 419 c21 += t0 >> 17; 420 t0 = -25593732 * c32; 421 c21 += (t0 << 11) & LIMB_MASK; 422 c22 += t0 >> 17; 423 t0 = 91 * c32; 424 c22 += (t0 << 11) & LIMB_MASK; 425 c23 += t0 >> 17; 426 //reduce from position 31 427 t0 = -20472841 * c31; 428 c12 += (t0 << 11) & LIMB_MASK; 429 c13 += t0 >> 17; 430 t0 = -117141993 * c31; 431 c13 += (t0 << 11) & LIMB_MASK; 432 c14 += t0 >> 17; 433 t0 = 62411077 * c31; 434 c14 += (t0 << 11) & LIMB_MASK; 435 c15 += t0 >> 17; 436 t0 = 56915814 * c31; 437 c15 += (t0 << 11) & LIMB_MASK; 438 c16 += t0 >> 17; 439 t0 = -97532854 * c31; 440 c16 += (t0 << 11) & LIMB_MASK; 441 c17 += t0 >> 17; 442 t0 = -76509338 * c31; 443 c17 += (t0 << 11) & LIMB_MASK; 444 c18 += t0 >> 17; 445 t0 = 75510783 * c31; 446 c18 += (t0 << 11) & LIMB_MASK; 447 c19 += t0 >> 17; 448 t0 = 67962521 * c31; 449 c19 += (t0 << 11) & LIMB_MASK; 450 c20 += t0 >> 17; 451 t0 = -25593732 * c31; 452 c20 += (t0 << 11) & LIMB_MASK; 453 c21 += t0 >> 17; 454 t0 = 91 * c31; 455 c21 += (t0 << 11) & LIMB_MASK; 456 c22 += t0 >> 17; 457 //reduce from position 30 458 t0 = -20472841 * c30; 459 c11 += (t0 << 11) & LIMB_MASK; 460 c12 += t0 >> 17; 461 t0 = -117141993 * c30; 462 c12 += (t0 << 11) & LIMB_MASK; 463 c13 += t0 >> 17; 464 t0 = 62411077 * c30; 465 c13 += (t0 << 11) & LIMB_MASK; 466 c14 += t0 >> 17; 467 t0 = 56915814 * c30; 468 c14 += (t0 << 11) & LIMB_MASK; 469 c15 += t0 >> 17; 470 t0 = -97532854 * c30; 471 c15 += (t0 << 11) & LIMB_MASK; 472 c16 += t0 >> 17; 473 t0 = -76509338 * c30; 474 c16 += (t0 << 11) & LIMB_MASK; 475 c17 += t0 >> 17; 476 t0 = 75510783 * c30; 477 c17 += (t0 << 11) & LIMB_MASK; 478 c18 += t0 >> 17; 479 t0 = 67962521 * c30; 480 c18 += (t0 << 11) & LIMB_MASK; 481 c19 += t0 >> 17; 482 t0 = -25593732 * c30; 483 c19 += (t0 << 11) & LIMB_MASK; 484 c20 += t0 >> 17; 485 t0 = 91 * c30; 486 c20 += (t0 << 11) & LIMB_MASK; 487 c21 += t0 >> 17; 488 //reduce from position 29 489 t0 = -20472841 * c29; 490 c10 += (t0 << 11) & LIMB_MASK; 491 c11 += t0 >> 17; 492 t0 = -117141993 * c29; 493 c11 += (t0 << 11) & LIMB_MASK; 494 c12 += t0 >> 17; 495 t0 = 62411077 * c29; 496 c12 += (t0 << 11) & LIMB_MASK; 497 c13 += t0 >> 17; 498 t0 = 56915814 * c29; 499 c13 += (t0 << 11) & LIMB_MASK; 500 c14 += t0 >> 17; 501 t0 = -97532854 * c29; 502 c14 += (t0 << 11) & LIMB_MASK; 503 c15 += t0 >> 17; 504 t0 = -76509338 * c29; 505 c15 += (t0 << 11) & LIMB_MASK; 506 c16 += t0 >> 17; 507 t0 = 75510783 * c29; 508 c16 += (t0 << 11) & LIMB_MASK; 509 c17 += t0 >> 17; 510 t0 = 67962521 * c29; 511 c17 += (t0 << 11) & LIMB_MASK; 512 c18 += t0 >> 17; 513 t0 = -25593732 * c29; 514 c18 += (t0 << 11) & LIMB_MASK; 515 c19 += t0 >> 17; 516 t0 = 91 * c29; 517 c19 += (t0 << 11) & LIMB_MASK; 518 c20 += t0 >> 17; 519 //reduce from position 28 520 t0 = -20472841 * c28; 521 c9 += (t0 << 11) & LIMB_MASK; 522 c10 += t0 >> 17; 523 t0 = -117141993 * c28; 524 c10 += (t0 << 11) & LIMB_MASK; 525 c11 += t0 >> 17; 526 t0 = 62411077 * c28; 527 c11 += (t0 << 11) & LIMB_MASK; 528 c12 += t0 >> 17; 529 t0 = 56915814 * c28; 530 c12 += (t0 << 11) & LIMB_MASK; 531 c13 += t0 >> 17; 532 t0 = -97532854 * c28; 533 c13 += (t0 << 11) & LIMB_MASK; 534 c14 += t0 >> 17; 535 t0 = -76509338 * c28; 536 c14 += (t0 << 11) & LIMB_MASK; 537 c15 += t0 >> 17; 538 t0 = 75510783 * c28; 539 c15 += (t0 << 11) & LIMB_MASK; 540 c16 += t0 >> 17; 541 t0 = 67962521 * c28; 542 c16 += (t0 << 11) & LIMB_MASK; 543 c17 += t0 >> 17; 544 t0 = -25593732 * c28; 545 c17 += (t0 << 11) & LIMB_MASK; 546 c18 += t0 >> 17; 547 t0 = 91 * c28; 548 c18 += (t0 << 11) & LIMB_MASK; 549 c19 += t0 >> 17; 550 551 carryReduce1(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36, c37); 552 } carryReduce1(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37)553 void carryReduce1(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37) { 554 long t0; 555 556 //carry from position 19 557 t0 = (c19 + CARRY_ADD) >> 28; 558 c19 -= (t0 << 28); 559 c20 += t0; 560 //carry from position 20 561 t0 = (c20 + CARRY_ADD) >> 28; 562 c20 -= (t0 << 28); 563 c21 += t0; 564 //carry from position 21 565 t0 = (c21 + CARRY_ADD) >> 28; 566 c21 -= (t0 << 28); 567 c22 += t0; 568 //carry from position 22 569 t0 = (c22 + CARRY_ADD) >> 28; 570 c22 -= (t0 << 28); 571 c23 += t0; 572 //carry from position 23 573 t0 = (c23 + CARRY_ADD) >> 28; 574 c23 -= (t0 << 28); 575 c24 += t0; 576 //carry from position 24 577 t0 = (c24 + CARRY_ADD) >> 28; 578 c24 -= (t0 << 28); 579 c25 += t0; 580 //carry from position 25 581 t0 = (c25 + CARRY_ADD) >> 28; 582 c25 -= (t0 << 28); 583 c26 += t0; 584 //carry from position 26 585 t0 = (c26 + CARRY_ADD) >> 28; 586 c26 -= (t0 << 28); 587 c27 += t0; 588 //reduce from position 27 589 t0 = -20472841 * c27; 590 c8 += (t0 << 11) & LIMB_MASK; 591 c9 += t0 >> 17; 592 t0 = -117141993 * c27; 593 c9 += (t0 << 11) & LIMB_MASK; 594 c10 += t0 >> 17; 595 t0 = 62411077 * c27; 596 c10 += (t0 << 11) & LIMB_MASK; 597 c11 += t0 >> 17; 598 t0 = 56915814 * c27; 599 c11 += (t0 << 11) & LIMB_MASK; 600 c12 += t0 >> 17; 601 t0 = -97532854 * c27; 602 c12 += (t0 << 11) & LIMB_MASK; 603 c13 += t0 >> 17; 604 t0 = -76509338 * c27; 605 c13 += (t0 << 11) & LIMB_MASK; 606 c14 += t0 >> 17; 607 t0 = 75510783 * c27; 608 c14 += (t0 << 11) & LIMB_MASK; 609 c15 += t0 >> 17; 610 t0 = 67962521 * c27; 611 c15 += (t0 << 11) & LIMB_MASK; 612 c16 += t0 >> 17; 613 t0 = -25593732 * c27; 614 c16 += (t0 << 11) & LIMB_MASK; 615 c17 += t0 >> 17; 616 t0 = 91 * c27; 617 c17 += (t0 << 11) & LIMB_MASK; 618 c18 += t0 >> 17; 619 //reduce from position 26 620 t0 = -20472841 * c26; 621 c7 += (t0 << 11) & LIMB_MASK; 622 c8 += t0 >> 17; 623 t0 = -117141993 * c26; 624 c8 += (t0 << 11) & LIMB_MASK; 625 c9 += t0 >> 17; 626 t0 = 62411077 * c26; 627 c9 += (t0 << 11) & LIMB_MASK; 628 c10 += t0 >> 17; 629 t0 = 56915814 * c26; 630 c10 += (t0 << 11) & LIMB_MASK; 631 c11 += t0 >> 17; 632 t0 = -97532854 * c26; 633 c11 += (t0 << 11) & LIMB_MASK; 634 c12 += t0 >> 17; 635 t0 = -76509338 * c26; 636 c12 += (t0 << 11) & LIMB_MASK; 637 c13 += t0 >> 17; 638 t0 = 75510783 * c26; 639 c13 += (t0 << 11) & LIMB_MASK; 640 c14 += t0 >> 17; 641 t0 = 67962521 * c26; 642 c14 += (t0 << 11) & LIMB_MASK; 643 c15 += t0 >> 17; 644 t0 = -25593732 * c26; 645 c15 += (t0 << 11) & LIMB_MASK; 646 c16 += t0 >> 17; 647 t0 = 91 * c26; 648 c16 += (t0 << 11) & LIMB_MASK; 649 c17 += t0 >> 17; 650 //reduce from position 25 651 t0 = -20472841 * c25; 652 c6 += (t0 << 11) & LIMB_MASK; 653 c7 += t0 >> 17; 654 t0 = -117141993 * c25; 655 c7 += (t0 << 11) & LIMB_MASK; 656 c8 += t0 >> 17; 657 t0 = 62411077 * c25; 658 c8 += (t0 << 11) & LIMB_MASK; 659 c9 += t0 >> 17; 660 t0 = 56915814 * c25; 661 c9 += (t0 << 11) & LIMB_MASK; 662 c10 += t0 >> 17; 663 t0 = -97532854 * c25; 664 c10 += (t0 << 11) & LIMB_MASK; 665 c11 += t0 >> 17; 666 t0 = -76509338 * c25; 667 c11 += (t0 << 11) & LIMB_MASK; 668 c12 += t0 >> 17; 669 t0 = 75510783 * c25; 670 c12 += (t0 << 11) & LIMB_MASK; 671 c13 += t0 >> 17; 672 t0 = 67962521 * c25; 673 c13 += (t0 << 11) & LIMB_MASK; 674 c14 += t0 >> 17; 675 t0 = -25593732 * c25; 676 c14 += (t0 << 11) & LIMB_MASK; 677 c15 += t0 >> 17; 678 t0 = 91 * c25; 679 c15 += (t0 << 11) & LIMB_MASK; 680 c16 += t0 >> 17; 681 //reduce from position 24 682 t0 = -20472841 * c24; 683 c5 += (t0 << 11) & LIMB_MASK; 684 c6 += t0 >> 17; 685 t0 = -117141993 * c24; 686 c6 += (t0 << 11) & LIMB_MASK; 687 c7 += t0 >> 17; 688 t0 = 62411077 * c24; 689 c7 += (t0 << 11) & LIMB_MASK; 690 c8 += t0 >> 17; 691 t0 = 56915814 * c24; 692 c8 += (t0 << 11) & LIMB_MASK; 693 c9 += t0 >> 17; 694 t0 = -97532854 * c24; 695 c9 += (t0 << 11) & LIMB_MASK; 696 c10 += t0 >> 17; 697 t0 = -76509338 * c24; 698 c10 += (t0 << 11) & LIMB_MASK; 699 c11 += t0 >> 17; 700 t0 = 75510783 * c24; 701 c11 += (t0 << 11) & LIMB_MASK; 702 c12 += t0 >> 17; 703 t0 = 67962521 * c24; 704 c12 += (t0 << 11) & LIMB_MASK; 705 c13 += t0 >> 17; 706 t0 = -25593732 * c24; 707 c13 += (t0 << 11) & LIMB_MASK; 708 c14 += t0 >> 17; 709 t0 = 91 * c24; 710 c14 += (t0 << 11) & LIMB_MASK; 711 c15 += t0 >> 17; 712 //reduce from position 23 713 t0 = -20472841 * c23; 714 c4 += (t0 << 11) & LIMB_MASK; 715 c5 += t0 >> 17; 716 t0 = -117141993 * c23; 717 c5 += (t0 << 11) & LIMB_MASK; 718 c6 += t0 >> 17; 719 t0 = 62411077 * c23; 720 c6 += (t0 << 11) & LIMB_MASK; 721 c7 += t0 >> 17; 722 t0 = 56915814 * c23; 723 c7 += (t0 << 11) & LIMB_MASK; 724 c8 += t0 >> 17; 725 t0 = -97532854 * c23; 726 c8 += (t0 << 11) & LIMB_MASK; 727 c9 += t0 >> 17; 728 t0 = -76509338 * c23; 729 c9 += (t0 << 11) & LIMB_MASK; 730 c10 += t0 >> 17; 731 t0 = 75510783 * c23; 732 c10 += (t0 << 11) & LIMB_MASK; 733 c11 += t0 >> 17; 734 t0 = 67962521 * c23; 735 c11 += (t0 << 11) & LIMB_MASK; 736 c12 += t0 >> 17; 737 t0 = -25593732 * c23; 738 c12 += (t0 << 11) & LIMB_MASK; 739 c13 += t0 >> 17; 740 t0 = 91 * c23; 741 c13 += (t0 << 11) & LIMB_MASK; 742 c14 += t0 >> 17; 743 //reduce from position 22 744 t0 = -20472841 * c22; 745 c3 += (t0 << 11) & LIMB_MASK; 746 c4 += t0 >> 17; 747 t0 = -117141993 * c22; 748 c4 += (t0 << 11) & LIMB_MASK; 749 c5 += t0 >> 17; 750 t0 = 62411077 * c22; 751 c5 += (t0 << 11) & LIMB_MASK; 752 c6 += t0 >> 17; 753 t0 = 56915814 * c22; 754 c6 += (t0 << 11) & LIMB_MASK; 755 c7 += t0 >> 17; 756 t0 = -97532854 * c22; 757 c7 += (t0 << 11) & LIMB_MASK; 758 c8 += t0 >> 17; 759 t0 = -76509338 * c22; 760 c8 += (t0 << 11) & LIMB_MASK; 761 c9 += t0 >> 17; 762 t0 = 75510783 * c22; 763 c9 += (t0 << 11) & LIMB_MASK; 764 c10 += t0 >> 17; 765 t0 = 67962521 * c22; 766 c10 += (t0 << 11) & LIMB_MASK; 767 c11 += t0 >> 17; 768 t0 = -25593732 * c22; 769 c11 += (t0 << 11) & LIMB_MASK; 770 c12 += t0 >> 17; 771 t0 = 91 * c22; 772 c12 += (t0 << 11) & LIMB_MASK; 773 c13 += t0 >> 17; 774 //reduce from position 21 775 t0 = -20472841 * c21; 776 c2 += (t0 << 11) & LIMB_MASK; 777 c3 += t0 >> 17; 778 t0 = -117141993 * c21; 779 c3 += (t0 << 11) & LIMB_MASK; 780 c4 += t0 >> 17; 781 t0 = 62411077 * c21; 782 c4 += (t0 << 11) & LIMB_MASK; 783 c5 += t0 >> 17; 784 t0 = 56915814 * c21; 785 c5 += (t0 << 11) & LIMB_MASK; 786 c6 += t0 >> 17; 787 t0 = -97532854 * c21; 788 c6 += (t0 << 11) & LIMB_MASK; 789 c7 += t0 >> 17; 790 t0 = -76509338 * c21; 791 c7 += (t0 << 11) & LIMB_MASK; 792 c8 += t0 >> 17; 793 t0 = 75510783 * c21; 794 c8 += (t0 << 11) & LIMB_MASK; 795 c9 += t0 >> 17; 796 t0 = 67962521 * c21; 797 c9 += (t0 << 11) & LIMB_MASK; 798 c10 += t0 >> 17; 799 t0 = -25593732 * c21; 800 c10 += (t0 << 11) & LIMB_MASK; 801 c11 += t0 >> 17; 802 t0 = 91 * c21; 803 c11 += (t0 << 11) & LIMB_MASK; 804 c12 += t0 >> 17; 805 //reduce from position 20 806 t0 = -20472841 * c20; 807 c1 += (t0 << 11) & LIMB_MASK; 808 c2 += t0 >> 17; 809 t0 = -117141993 * c20; 810 c2 += (t0 << 11) & LIMB_MASK; 811 c3 += t0 >> 17; 812 t0 = 62411077 * c20; 813 c3 += (t0 << 11) & LIMB_MASK; 814 c4 += t0 >> 17; 815 t0 = 56915814 * c20; 816 c4 += (t0 << 11) & LIMB_MASK; 817 c5 += t0 >> 17; 818 t0 = -97532854 * c20; 819 c5 += (t0 << 11) & LIMB_MASK; 820 c6 += t0 >> 17; 821 t0 = -76509338 * c20; 822 c6 += (t0 << 11) & LIMB_MASK; 823 c7 += t0 >> 17; 824 t0 = 75510783 * c20; 825 c7 += (t0 << 11) & LIMB_MASK; 826 c8 += t0 >> 17; 827 t0 = 67962521 * c20; 828 c8 += (t0 << 11) & LIMB_MASK; 829 c9 += t0 >> 17; 830 t0 = -25593732 * c20; 831 c9 += (t0 << 11) & LIMB_MASK; 832 c10 += t0 >> 17; 833 t0 = 91 * c20; 834 c10 += (t0 << 11) & LIMB_MASK; 835 c11 += t0 >> 17; 836 //reduce from position 19 837 t0 = -20472841 * c19; 838 c0 += (t0 << 11) & LIMB_MASK; 839 c1 += t0 >> 17; 840 t0 = -117141993 * c19; 841 c1 += (t0 << 11) & LIMB_MASK; 842 c2 += t0 >> 17; 843 t0 = 62411077 * c19; 844 c2 += (t0 << 11) & LIMB_MASK; 845 c3 += t0 >> 17; 846 t0 = 56915814 * c19; 847 c3 += (t0 << 11) & LIMB_MASK; 848 c4 += t0 >> 17; 849 t0 = -97532854 * c19; 850 c4 += (t0 << 11) & LIMB_MASK; 851 c5 += t0 >> 17; 852 t0 = -76509338 * c19; 853 c5 += (t0 << 11) & LIMB_MASK; 854 c6 += t0 >> 17; 855 t0 = 75510783 * c19; 856 c6 += (t0 << 11) & LIMB_MASK; 857 c7 += t0 >> 17; 858 t0 = 67962521 * c19; 859 c7 += (t0 << 11) & LIMB_MASK; 860 c8 += t0 >> 17; 861 t0 = -25593732 * c19; 862 c8 += (t0 << 11) & LIMB_MASK; 863 c9 += t0 >> 17; 864 t0 = 91 * c19; 865 c9 += (t0 << 11) & LIMB_MASK; 866 c10 += t0 >> 17; 867 c19 = 0; 868 869 carryReduce2(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36, c37); 870 } carryReduce2(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37)871 void carryReduce2(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37) { 872 long t0; 873 874 //carry from position 0 875 t0 = (c0 + CARRY_ADD) >> 28; 876 c0 -= (t0 << 28); 877 c1 += t0; 878 //carry from position 1 879 t0 = (c1 + CARRY_ADD) >> 28; 880 c1 -= (t0 << 28); 881 c2 += t0; 882 //carry from position 2 883 t0 = (c2 + CARRY_ADD) >> 28; 884 c2 -= (t0 << 28); 885 c3 += t0; 886 //carry from position 3 887 t0 = (c3 + CARRY_ADD) >> 28; 888 c3 -= (t0 << 28); 889 c4 += t0; 890 //carry from position 4 891 t0 = (c4 + CARRY_ADD) >> 28; 892 c4 -= (t0 << 28); 893 c5 += t0; 894 //carry from position 5 895 t0 = (c5 + CARRY_ADD) >> 28; 896 c5 -= (t0 << 28); 897 c6 += t0; 898 //carry from position 6 899 t0 = (c6 + CARRY_ADD) >> 28; 900 c6 -= (t0 << 28); 901 c7 += t0; 902 //carry from position 7 903 t0 = (c7 + CARRY_ADD) >> 28; 904 c7 -= (t0 << 28); 905 c8 += t0; 906 //carry from position 8 907 t0 = (c8 + CARRY_ADD) >> 28; 908 c8 -= (t0 << 28); 909 c9 += t0; 910 //carry from position 9 911 t0 = (c9 + CARRY_ADD) >> 28; 912 c9 -= (t0 << 28); 913 c10 += t0; 914 //carry from position 10 915 t0 = (c10 + CARRY_ADD) >> 28; 916 c10 -= (t0 << 28); 917 c11 += t0; 918 //carry from position 11 919 t0 = (c11 + CARRY_ADD) >> 28; 920 c11 -= (t0 << 28); 921 c12 += t0; 922 //carry from position 12 923 t0 = (c12 + CARRY_ADD) >> 28; 924 c12 -= (t0 << 28); 925 c13 += t0; 926 //carry from position 13 927 t0 = (c13 + CARRY_ADD) >> 28; 928 c13 -= (t0 << 28); 929 c14 += t0; 930 //carry from position 14 931 t0 = (c14 + CARRY_ADD) >> 28; 932 c14 -= (t0 << 28); 933 c15 += t0; 934 //carry from position 15 935 t0 = (c15 + CARRY_ADD) >> 28; 936 c15 -= (t0 << 28); 937 c16 += t0; 938 //carry from position 16 939 t0 = (c16 + CARRY_ADD) >> 28; 940 c16 -= (t0 << 28); 941 c17 += t0; 942 //carry from position 17 943 t0 = (c17 + CARRY_ADD) >> 28; 944 c17 -= (t0 << 28); 945 c18 += t0; 946 //carry from position 18 947 t0 = (c18 + CARRY_ADD) >> 28; 948 c18 -= (t0 << 28); 949 c19 += t0; 950 951 carryReduce3(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36, c37); 952 } carryReduce3(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37)953 void carryReduce3(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37) { 954 long t0; 955 956 //reduce from position 19 957 t0 = -20472841 * c19; 958 c0 += (t0 << 11) & LIMB_MASK; 959 c1 += t0 >> 17; 960 t0 = -117141993 * c19; 961 c1 += (t0 << 11) & LIMB_MASK; 962 c2 += t0 >> 17; 963 t0 = 62411077 * c19; 964 c2 += (t0 << 11) & LIMB_MASK; 965 c3 += t0 >> 17; 966 t0 = 56915814 * c19; 967 c3 += (t0 << 11) & LIMB_MASK; 968 c4 += t0 >> 17; 969 t0 = -97532854 * c19; 970 c4 += (t0 << 11) & LIMB_MASK; 971 c5 += t0 >> 17; 972 t0 = -76509338 * c19; 973 c5 += (t0 << 11) & LIMB_MASK; 974 c6 += t0 >> 17; 975 t0 = 75510783 * c19; 976 c6 += (t0 << 11) & LIMB_MASK; 977 c7 += t0 >> 17; 978 t0 = 67962521 * c19; 979 c7 += (t0 << 11) & LIMB_MASK; 980 c8 += t0 >> 17; 981 t0 = -25593732 * c19; 982 c8 += (t0 << 11) & LIMB_MASK; 983 c9 += t0 >> 17; 984 t0 = 91 * c19; 985 c9 += (t0 << 11) & LIMB_MASK; 986 c10 += t0 >> 17; 987 //carry from position 0 988 t0 = (c0 + CARRY_ADD) >> 28; 989 c0 -= (t0 << 28); 990 c1 += t0; 991 //carry from position 1 992 t0 = (c1 + CARRY_ADD) >> 28; 993 c1 -= (t0 << 28); 994 c2 += t0; 995 //carry from position 2 996 t0 = (c2 + CARRY_ADD) >> 28; 997 c2 -= (t0 << 28); 998 c3 += t0; 999 //carry from position 3 1000 t0 = (c3 + CARRY_ADD) >> 28; 1001 c3 -= (t0 << 28); 1002 c4 += t0; 1003 //carry from position 4 1004 t0 = (c4 + CARRY_ADD) >> 28; 1005 c4 -= (t0 << 28); 1006 c5 += t0; 1007 //carry from position 5 1008 t0 = (c5 + CARRY_ADD) >> 28; 1009 c5 -= (t0 << 28); 1010 c6 += t0; 1011 //carry from position 6 1012 t0 = (c6 + CARRY_ADD) >> 28; 1013 c6 -= (t0 << 28); 1014 c7 += t0; 1015 //carry from position 7 1016 t0 = (c7 + CARRY_ADD) >> 28; 1017 c7 -= (t0 << 28); 1018 c8 += t0; 1019 //carry from position 8 1020 t0 = (c8 + CARRY_ADD) >> 28; 1021 c8 -= (t0 << 28); 1022 c9 += t0; 1023 //carry from position 9 1024 t0 = (c9 + CARRY_ADD) >> 28; 1025 c9 -= (t0 << 28); 1026 c10 += t0; 1027 //carry from position 10 1028 t0 = (c10 + CARRY_ADD) >> 28; 1029 c10 -= (t0 << 28); 1030 c11 += t0; 1031 //carry from position 11 1032 t0 = (c11 + CARRY_ADD) >> 28; 1033 c11 -= (t0 << 28); 1034 c12 += t0; 1035 //carry from position 12 1036 t0 = (c12 + CARRY_ADD) >> 28; 1037 c12 -= (t0 << 28); 1038 c13 += t0; 1039 //carry from position 13 1040 t0 = (c13 + CARRY_ADD) >> 28; 1041 c13 -= (t0 << 28); 1042 c14 += t0; 1043 //carry from position 14 1044 t0 = (c14 + CARRY_ADD) >> 28; 1045 c14 -= (t0 << 28); 1046 c15 += t0; 1047 //carry from position 15 1048 t0 = (c15 + CARRY_ADD) >> 28; 1049 c15 -= (t0 << 28); 1050 c16 += t0; 1051 //carry from position 16 1052 t0 = (c16 + CARRY_ADD) >> 28; 1053 c16 -= (t0 << 28); 1054 c17 += t0; 1055 //carry from position 17 1056 t0 = (c17 + CARRY_ADD) >> 28; 1057 c17 -= (t0 << 28); 1058 c18 += t0; 1059 1060 r[0] = c0; 1061 r[1] = c1; 1062 r[2] = c2; 1063 r[3] = c3; 1064 r[4] = c4; 1065 r[5] = c5; 1066 r[6] = c6; 1067 r[7] = c7; 1068 r[8] = c8; 1069 r[9] = c9; 1070 r[10] = c10; 1071 r[11] = c11; 1072 r[12] = c12; 1073 r[13] = c13; 1074 r[14] = c14; 1075 r[15] = c15; 1076 r[16] = c16; 1077 r[17] = c17; 1078 r[18] = c18; 1079 } carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18)1080 private void carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18) { 1081 long c19 = 0; 1082 //carry from position 0 1083 long t0 = (c0 + CARRY_ADD) >> 28; 1084 c0 -= (t0 << 28); 1085 c1 += t0; 1086 //carry from position 1 1087 t0 = (c1 + CARRY_ADD) >> 28; 1088 c1 -= (t0 << 28); 1089 c2 += t0; 1090 //carry from position 2 1091 t0 = (c2 + CARRY_ADD) >> 28; 1092 c2 -= (t0 << 28); 1093 c3 += t0; 1094 //carry from position 3 1095 t0 = (c3 + CARRY_ADD) >> 28; 1096 c3 -= (t0 << 28); 1097 c4 += t0; 1098 //carry from position 4 1099 t0 = (c4 + CARRY_ADD) >> 28; 1100 c4 -= (t0 << 28); 1101 c5 += t0; 1102 //carry from position 5 1103 t0 = (c5 + CARRY_ADD) >> 28; 1104 c5 -= (t0 << 28); 1105 c6 += t0; 1106 //carry from position 6 1107 t0 = (c6 + CARRY_ADD) >> 28; 1108 c6 -= (t0 << 28); 1109 c7 += t0; 1110 //carry from position 7 1111 t0 = (c7 + CARRY_ADD) >> 28; 1112 c7 -= (t0 << 28); 1113 c8 += t0; 1114 //carry from position 8 1115 t0 = (c8 + CARRY_ADD) >> 28; 1116 c8 -= (t0 << 28); 1117 c9 += t0; 1118 //carry from position 9 1119 t0 = (c9 + CARRY_ADD) >> 28; 1120 c9 -= (t0 << 28); 1121 c10 += t0; 1122 //carry from position 10 1123 t0 = (c10 + CARRY_ADD) >> 28; 1124 c10 -= (t0 << 28); 1125 c11 += t0; 1126 //carry from position 11 1127 t0 = (c11 + CARRY_ADD) >> 28; 1128 c11 -= (t0 << 28); 1129 c12 += t0; 1130 //carry from position 12 1131 t0 = (c12 + CARRY_ADD) >> 28; 1132 c12 -= (t0 << 28); 1133 c13 += t0; 1134 //carry from position 13 1135 t0 = (c13 + CARRY_ADD) >> 28; 1136 c13 -= (t0 << 28); 1137 c14 += t0; 1138 //carry from position 14 1139 t0 = (c14 + CARRY_ADD) >> 28; 1140 c14 -= (t0 << 28); 1141 c15 += t0; 1142 //carry from position 15 1143 t0 = (c15 + CARRY_ADD) >> 28; 1144 c15 -= (t0 << 28); 1145 c16 += t0; 1146 //carry from position 16 1147 t0 = (c16 + CARRY_ADD) >> 28; 1148 c16 -= (t0 << 28); 1149 c17 += t0; 1150 //carry from position 17 1151 t0 = (c17 + CARRY_ADD) >> 28; 1152 c17 -= (t0 << 28); 1153 c18 += t0; 1154 //carry from position 18 1155 t0 = (c18 + CARRY_ADD) >> 28; 1156 c18 -= (t0 << 28); 1157 c19 += t0; 1158 1159 carryReduce0(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19); 1160 } carryReduce0(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19)1161 void carryReduce0(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19) { 1162 long t0; 1163 1164 //reduce from position 19 1165 t0 = -20472841 * c19; 1166 c0 += (t0 << 11) & LIMB_MASK; 1167 c1 += t0 >> 17; 1168 t0 = -117141993 * c19; 1169 c1 += (t0 << 11) & LIMB_MASK; 1170 c2 += t0 >> 17; 1171 t0 = 62411077 * c19; 1172 c2 += (t0 << 11) & LIMB_MASK; 1173 c3 += t0 >> 17; 1174 t0 = 56915814 * c19; 1175 c3 += (t0 << 11) & LIMB_MASK; 1176 c4 += t0 >> 17; 1177 t0 = -97532854 * c19; 1178 c4 += (t0 << 11) & LIMB_MASK; 1179 c5 += t0 >> 17; 1180 t0 = -76509338 * c19; 1181 c5 += (t0 << 11) & LIMB_MASK; 1182 c6 += t0 >> 17; 1183 t0 = 75510783 * c19; 1184 c6 += (t0 << 11) & LIMB_MASK; 1185 c7 += t0 >> 17; 1186 t0 = 67962521 * c19; 1187 c7 += (t0 << 11) & LIMB_MASK; 1188 c8 += t0 >> 17; 1189 t0 = -25593732 * c19; 1190 c8 += (t0 << 11) & LIMB_MASK; 1191 c9 += t0 >> 17; 1192 t0 = 91 * c19; 1193 c9 += (t0 << 11) & LIMB_MASK; 1194 c10 += t0 >> 17; 1195 //carry from position 0 1196 t0 = (c0 + CARRY_ADD) >> 28; 1197 c0 -= (t0 << 28); 1198 c1 += t0; 1199 //carry from position 1 1200 t0 = (c1 + CARRY_ADD) >> 28; 1201 c1 -= (t0 << 28); 1202 c2 += t0; 1203 //carry from position 2 1204 t0 = (c2 + CARRY_ADD) >> 28; 1205 c2 -= (t0 << 28); 1206 c3 += t0; 1207 //carry from position 3 1208 t0 = (c3 + CARRY_ADD) >> 28; 1209 c3 -= (t0 << 28); 1210 c4 += t0; 1211 //carry from position 4 1212 t0 = (c4 + CARRY_ADD) >> 28; 1213 c4 -= (t0 << 28); 1214 c5 += t0; 1215 //carry from position 5 1216 t0 = (c5 + CARRY_ADD) >> 28; 1217 c5 -= (t0 << 28); 1218 c6 += t0; 1219 //carry from position 6 1220 t0 = (c6 + CARRY_ADD) >> 28; 1221 c6 -= (t0 << 28); 1222 c7 += t0; 1223 //carry from position 7 1224 t0 = (c7 + CARRY_ADD) >> 28; 1225 c7 -= (t0 << 28); 1226 c8 += t0; 1227 //carry from position 8 1228 t0 = (c8 + CARRY_ADD) >> 28; 1229 c8 -= (t0 << 28); 1230 c9 += t0; 1231 //carry from position 9 1232 t0 = (c9 + CARRY_ADD) >> 28; 1233 c9 -= (t0 << 28); 1234 c10 += t0; 1235 //carry from position 10 1236 t0 = (c10 + CARRY_ADD) >> 28; 1237 c10 -= (t0 << 28); 1238 c11 += t0; 1239 //carry from position 11 1240 t0 = (c11 + CARRY_ADD) >> 28; 1241 c11 -= (t0 << 28); 1242 c12 += t0; 1243 //carry from position 12 1244 t0 = (c12 + CARRY_ADD) >> 28; 1245 c12 -= (t0 << 28); 1246 c13 += t0; 1247 //carry from position 13 1248 t0 = (c13 + CARRY_ADD) >> 28; 1249 c13 -= (t0 << 28); 1250 c14 += t0; 1251 //carry from position 14 1252 t0 = (c14 + CARRY_ADD) >> 28; 1253 c14 -= (t0 << 28); 1254 c15 += t0; 1255 //carry from position 15 1256 t0 = (c15 + CARRY_ADD) >> 28; 1257 c15 -= (t0 << 28); 1258 c16 += t0; 1259 //carry from position 16 1260 t0 = (c16 + CARRY_ADD) >> 28; 1261 c16 -= (t0 << 28); 1262 c17 += t0; 1263 //carry from position 17 1264 t0 = (c17 + CARRY_ADD) >> 28; 1265 c17 -= (t0 << 28); 1266 c18 += t0; 1267 1268 r[0] = c0; 1269 r[1] = c1; 1270 r[2] = c2; 1271 r[3] = c3; 1272 r[4] = c4; 1273 r[5] = c5; 1274 r[6] = c6; 1275 r[7] = c7; 1276 r[8] = c8; 1277 r[9] = c9; 1278 r[10] = c10; 1279 r[11] = c11; 1280 r[12] = c12; 1281 r[13] = c13; 1282 r[14] = c14; 1283 r[15] = c15; 1284 r[16] = c16; 1285 r[17] = c17; 1286 r[18] = c18; 1287 } 1288 @Override mult(long[] a, long[] b, long[] r)1289 protected void mult(long[] a, long[] b, long[] r) { 1290 long c0 = (a[0] * b[0]); 1291 long c1 = (a[0] * b[1]) + (a[1] * b[0]); 1292 long c2 = (a[0] * b[2]) + (a[1] * b[1]) + (a[2] * b[0]); 1293 long c3 = (a[0] * b[3]) + (a[1] * b[2]) + (a[2] * b[1]) + (a[3] * b[0]); 1294 long c4 = (a[0] * b[4]) + (a[1] * b[3]) + (a[2] * b[2]) + (a[3] * b[1]) + (a[4] * b[0]); 1295 long c5 = (a[0] * b[5]) + (a[1] * b[4]) + (a[2] * b[3]) + (a[3] * b[2]) + (a[4] * b[1]) + (a[5] * b[0]); 1296 long c6 = (a[0] * b[6]) + (a[1] * b[5]) + (a[2] * b[4]) + (a[3] * b[3]) + (a[4] * b[2]) + (a[5] * b[1]) + (a[6] * b[0]); 1297 long c7 = (a[0] * b[7]) + (a[1] * b[6]) + (a[2] * b[5]) + (a[3] * b[4]) + (a[4] * b[3]) + (a[5] * b[2]) + (a[6] * b[1]) + (a[7] * b[0]); 1298 long c8 = (a[0] * b[8]) + (a[1] * b[7]) + (a[2] * b[6]) + (a[3] * b[5]) + (a[4] * b[4]) + (a[5] * b[3]) + (a[6] * b[2]) + (a[7] * b[1]) + (a[8] * b[0]); 1299 long c9 = (a[0] * b[9]) + (a[1] * b[8]) + (a[2] * b[7]) + (a[3] * b[6]) + (a[4] * b[5]) + (a[5] * b[4]) + (a[6] * b[3]) + (a[7] * b[2]) + (a[8] * b[1]) + (a[9] * b[0]); 1300 long c10 = (a[0] * b[10]) + (a[1] * b[9]) + (a[2] * b[8]) + (a[3] * b[7]) + (a[4] * b[6]) + (a[5] * b[5]) + (a[6] * b[4]) + (a[7] * b[3]) + (a[8] * b[2]) + (a[9] * b[1]) + (a[10] * b[0]); 1301 long c11 = (a[0] * b[11]) + (a[1] * b[10]) + (a[2] * b[9]) + (a[3] * b[8]) + (a[4] * b[7]) + (a[5] * b[6]) + (a[6] * b[5]) + (a[7] * b[4]) + (a[8] * b[3]) + (a[9] * b[2]) + (a[10] * b[1]) + (a[11] * b[0]); 1302 long c12 = (a[0] * b[12]) + (a[1] * b[11]) + (a[2] * b[10]) + (a[3] * b[9]) + (a[4] * b[8]) + (a[5] * b[7]) + (a[6] * b[6]) + (a[7] * b[5]) + (a[8] * b[4]) + (a[9] * b[3]) + (a[10] * b[2]) + (a[11] * b[1]) + (a[12] * b[0]); 1303 long c13 = (a[0] * b[13]) + (a[1] * b[12]) + (a[2] * b[11]) + (a[3] * b[10]) + (a[4] * b[9]) + (a[5] * b[8]) + (a[6] * b[7]) + (a[7] * b[6]) + (a[8] * b[5]) + (a[9] * b[4]) + (a[10] * b[3]) + (a[11] * b[2]) + (a[12] * b[1]) + (a[13] * b[0]); 1304 long c14 = (a[0] * b[14]) + (a[1] * b[13]) + (a[2] * b[12]) + (a[3] * b[11]) + (a[4] * b[10]) + (a[5] * b[9]) + (a[6] * b[8]) + (a[7] * b[7]) + (a[8] * b[6]) + (a[9] * b[5]) + (a[10] * b[4]) + (a[11] * b[3]) + (a[12] * b[2]) + (a[13] * b[1]) + (a[14] * b[0]); 1305 long c15 = (a[0] * b[15]) + (a[1] * b[14]) + (a[2] * b[13]) + (a[3] * b[12]) + (a[4] * b[11]) + (a[5] * b[10]) + (a[6] * b[9]) + (a[7] * b[8]) + (a[8] * b[7]) + (a[9] * b[6]) + (a[10] * b[5]) + (a[11] * b[4]) + (a[12] * b[3]) + (a[13] * b[2]) + (a[14] * b[1]) + (a[15] * b[0]); 1306 long c16 = (a[0] * b[16]) + (a[1] * b[15]) + (a[2] * b[14]) + (a[3] * b[13]) + (a[4] * b[12]) + (a[5] * b[11]) + (a[6] * b[10]) + (a[7] * b[9]) + (a[8] * b[8]) + (a[9] * b[7]) + (a[10] * b[6]) + (a[11] * b[5]) + (a[12] * b[4]) + (a[13] * b[3]) + (a[14] * b[2]) + (a[15] * b[1]) + (a[16] * b[0]); 1307 long c17 = (a[0] * b[17]) + (a[1] * b[16]) + (a[2] * b[15]) + (a[3] * b[14]) + (a[4] * b[13]) + (a[5] * b[12]) + (a[6] * b[11]) + (a[7] * b[10]) + (a[8] * b[9]) + (a[9] * b[8]) + (a[10] * b[7]) + (a[11] * b[6]) + (a[12] * b[5]) + (a[13] * b[4]) + (a[14] * b[3]) + (a[15] * b[2]) + (a[16] * b[1]) + (a[17] * b[0]); 1308 long c18 = (a[0] * b[18]) + (a[1] * b[17]) + (a[2] * b[16]) + (a[3] * b[15]) + (a[4] * b[14]) + (a[5] * b[13]) + (a[6] * b[12]) + (a[7] * b[11]) + (a[8] * b[10]) + (a[9] * b[9]) + (a[10] * b[8]) + (a[11] * b[7]) + (a[12] * b[6]) + (a[13] * b[5]) + (a[14] * b[4]) + (a[15] * b[3]) + (a[16] * b[2]) + (a[17] * b[1]) + (a[18] * b[0]); 1309 long c19 = (a[1] * b[18]) + (a[2] * b[17]) + (a[3] * b[16]) + (a[4] * b[15]) + (a[5] * b[14]) + (a[6] * b[13]) + (a[7] * b[12]) + (a[8] * b[11]) + (a[9] * b[10]) + (a[10] * b[9]) + (a[11] * b[8]) + (a[12] * b[7]) + (a[13] * b[6]) + (a[14] * b[5]) + (a[15] * b[4]) + (a[16] * b[3]) + (a[17] * b[2]) + (a[18] * b[1]); 1310 long c20 = (a[2] * b[18]) + (a[3] * b[17]) + (a[4] * b[16]) + (a[5] * b[15]) + (a[6] * b[14]) + (a[7] * b[13]) + (a[8] * b[12]) + (a[9] * b[11]) + (a[10] * b[10]) + (a[11] * b[9]) + (a[12] * b[8]) + (a[13] * b[7]) + (a[14] * b[6]) + (a[15] * b[5]) + (a[16] * b[4]) + (a[17] * b[3]) + (a[18] * b[2]); 1311 long c21 = (a[3] * b[18]) + (a[4] * b[17]) + (a[5] * b[16]) + (a[6] * b[15]) + (a[7] * b[14]) + (a[8] * b[13]) + (a[9] * b[12]) + (a[10] * b[11]) + (a[11] * b[10]) + (a[12] * b[9]) + (a[13] * b[8]) + (a[14] * b[7]) + (a[15] * b[6]) + (a[16] * b[5]) + (a[17] * b[4]) + (a[18] * b[3]); 1312 long c22 = (a[4] * b[18]) + (a[5] * b[17]) + (a[6] * b[16]) + (a[7] * b[15]) + (a[8] * b[14]) + (a[9] * b[13]) + (a[10] * b[12]) + (a[11] * b[11]) + (a[12] * b[10]) + (a[13] * b[9]) + (a[14] * b[8]) + (a[15] * b[7]) + (a[16] * b[6]) + (a[17] * b[5]) + (a[18] * b[4]); 1313 long c23 = (a[5] * b[18]) + (a[6] * b[17]) + (a[7] * b[16]) + (a[8] * b[15]) + (a[9] * b[14]) + (a[10] * b[13]) + (a[11] * b[12]) + (a[12] * b[11]) + (a[13] * b[10]) + (a[14] * b[9]) + (a[15] * b[8]) + (a[16] * b[7]) + (a[17] * b[6]) + (a[18] * b[5]); 1314 long c24 = (a[6] * b[18]) + (a[7] * b[17]) + (a[8] * b[16]) + (a[9] * b[15]) + (a[10] * b[14]) + (a[11] * b[13]) + (a[12] * b[12]) + (a[13] * b[11]) + (a[14] * b[10]) + (a[15] * b[9]) + (a[16] * b[8]) + (a[17] * b[7]) + (a[18] * b[6]); 1315 long c25 = (a[7] * b[18]) + (a[8] * b[17]) + (a[9] * b[16]) + (a[10] * b[15]) + (a[11] * b[14]) + (a[12] * b[13]) + (a[13] * b[12]) + (a[14] * b[11]) + (a[15] * b[10]) + (a[16] * b[9]) + (a[17] * b[8]) + (a[18] * b[7]); 1316 long c26 = (a[8] * b[18]) + (a[9] * b[17]) + (a[10] * b[16]) + (a[11] * b[15]) + (a[12] * b[14]) + (a[13] * b[13]) + (a[14] * b[12]) + (a[15] * b[11]) + (a[16] * b[10]) + (a[17] * b[9]) + (a[18] * b[8]); 1317 long c27 = (a[9] * b[18]) + (a[10] * b[17]) + (a[11] * b[16]) + (a[12] * b[15]) + (a[13] * b[14]) + (a[14] * b[13]) + (a[15] * b[12]) + (a[16] * b[11]) + (a[17] * b[10]) + (a[18] * b[9]); 1318 long c28 = (a[10] * b[18]) + (a[11] * b[17]) + (a[12] * b[16]) + (a[13] * b[15]) + (a[14] * b[14]) + (a[15] * b[13]) + (a[16] * b[12]) + (a[17] * b[11]) + (a[18] * b[10]); 1319 long c29 = (a[11] * b[18]) + (a[12] * b[17]) + (a[13] * b[16]) + (a[14] * b[15]) + (a[15] * b[14]) + (a[16] * b[13]) + (a[17] * b[12]) + (a[18] * b[11]); 1320 long c30 = (a[12] * b[18]) + (a[13] * b[17]) + (a[14] * b[16]) + (a[15] * b[15]) + (a[16] * b[14]) + (a[17] * b[13]) + (a[18] * b[12]); 1321 long c31 = (a[13] * b[18]) + (a[14] * b[17]) + (a[15] * b[16]) + (a[16] * b[15]) + (a[17] * b[14]) + (a[18] * b[13]); 1322 long c32 = (a[14] * b[18]) + (a[15] * b[17]) + (a[16] * b[16]) + (a[17] * b[15]) + (a[18] * b[14]); 1323 long c33 = (a[15] * b[18]) + (a[16] * b[17]) + (a[17] * b[16]) + (a[18] * b[15]); 1324 long c34 = (a[16] * b[18]) + (a[17] * b[17]) + (a[18] * b[16]); 1325 long c35 = (a[17] * b[18]) + (a[18] * b[17]); 1326 long c36 = (a[18] * b[18]); 1327 1328 carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36); 1329 } 1330 @Override reduce(long[] a)1331 protected void reduce(long[] a) { 1332 carryReduce(a, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14], a[15], a[16], a[17], a[18]); 1333 } 1334 @Override square(long[] a, long[] r)1335 protected void square(long[] a, long[] r) { 1336 long c0 = (a[0] * a[0]); 1337 long c1 = 2 * ((a[0] * a[1])); 1338 long c2 = 2 * ((a[0] * a[2])) + (a[1] * a[1]); 1339 long c3 = 2 * ((a[0] * a[3]) + (a[1] * a[2])); 1340 long c4 = 2 * ((a[0] * a[4]) + (a[1] * a[3])) + (a[2] * a[2]); 1341 long c5 = 2 * ((a[0] * a[5]) + (a[1] * a[4]) + (a[2] * a[3])); 1342 long c6 = 2 * ((a[0] * a[6]) + (a[1] * a[5]) + (a[2] * a[4])) + (a[3] * a[3]); 1343 long c7 = 2 * ((a[0] * a[7]) + (a[1] * a[6]) + (a[2] * a[5]) + (a[3] * a[4])); 1344 long c8 = 2 * ((a[0] * a[8]) + (a[1] * a[7]) + (a[2] * a[6]) + (a[3] * a[5])) + (a[4] * a[4]); 1345 long c9 = 2 * ((a[0] * a[9]) + (a[1] * a[8]) + (a[2] * a[7]) + (a[3] * a[6]) + (a[4] * a[5])); 1346 long c10 = 2 * ((a[0] * a[10]) + (a[1] * a[9]) + (a[2] * a[8]) + (a[3] * a[7]) + (a[4] * a[6])) + (a[5] * a[5]); 1347 long c11 = 2 * ((a[0] * a[11]) + (a[1] * a[10]) + (a[2] * a[9]) + (a[3] * a[8]) + (a[4] * a[7]) + (a[5] * a[6])); 1348 long c12 = 2 * ((a[0] * a[12]) + (a[1] * a[11]) + (a[2] * a[10]) + (a[3] * a[9]) + (a[4] * a[8]) + (a[5] * a[7])) + (a[6] * a[6]); 1349 long c13 = 2 * ((a[0] * a[13]) + (a[1] * a[12]) + (a[2] * a[11]) + (a[3] * a[10]) + (a[4] * a[9]) + (a[5] * a[8]) + (a[6] * a[7])); 1350 long c14 = 2 * ((a[0] * a[14]) + (a[1] * a[13]) + (a[2] * a[12]) + (a[3] * a[11]) + (a[4] * a[10]) + (a[5] * a[9]) + (a[6] * a[8])) + (a[7] * a[7]); 1351 long c15 = 2 * ((a[0] * a[15]) + (a[1] * a[14]) + (a[2] * a[13]) + (a[3] * a[12]) + (a[4] * a[11]) + (a[5] * a[10]) + (a[6] * a[9]) + (a[7] * a[8])); 1352 long c16 = 2 * ((a[0] * a[16]) + (a[1] * a[15]) + (a[2] * a[14]) + (a[3] * a[13]) + (a[4] * a[12]) + (a[5] * a[11]) + (a[6] * a[10]) + (a[7] * a[9])) + (a[8] * a[8]); 1353 long c17 = 2 * ((a[0] * a[17]) + (a[1] * a[16]) + (a[2] * a[15]) + (a[3] * a[14]) + (a[4] * a[13]) + (a[5] * a[12]) + (a[6] * a[11]) + (a[7] * a[10]) + (a[8] * a[9])); 1354 long c18 = 2 * ((a[0] * a[18]) + (a[1] * a[17]) + (a[2] * a[16]) + (a[3] * a[15]) + (a[4] * a[14]) + (a[5] * a[13]) + (a[6] * a[12]) + (a[7] * a[11]) + (a[8] * a[10])) + (a[9] * a[9]); 1355 long c19 = 2 * ((a[1] * a[18]) + (a[2] * a[17]) + (a[3] * a[16]) + (a[4] * a[15]) + (a[5] * a[14]) + (a[6] * a[13]) + (a[7] * a[12]) + (a[8] * a[11]) + (a[9] * a[10])); 1356 long c20 = 2 * ((a[2] * a[18]) + (a[3] * a[17]) + (a[4] * a[16]) + (a[5] * a[15]) + (a[6] * a[14]) + (a[7] * a[13]) + (a[8] * a[12]) + (a[9] * a[11])) + (a[10] * a[10]); 1357 long c21 = 2 * ((a[3] * a[18]) + (a[4] * a[17]) + (a[5] * a[16]) + (a[6] * a[15]) + (a[7] * a[14]) + (a[8] * a[13]) + (a[9] * a[12]) + (a[10] * a[11])); 1358 long c22 = 2 * ((a[4] * a[18]) + (a[5] * a[17]) + (a[6] * a[16]) + (a[7] * a[15]) + (a[8] * a[14]) + (a[9] * a[13]) + (a[10] * a[12])) + (a[11] * a[11]); 1359 long c23 = 2 * ((a[5] * a[18]) + (a[6] * a[17]) + (a[7] * a[16]) + (a[8] * a[15]) + (a[9] * a[14]) + (a[10] * a[13]) + (a[11] * a[12])); 1360 long c24 = 2 * ((a[6] * a[18]) + (a[7] * a[17]) + (a[8] * a[16]) + (a[9] * a[15]) + (a[10] * a[14]) + (a[11] * a[13])) + (a[12] * a[12]); 1361 long c25 = 2 * ((a[7] * a[18]) + (a[8] * a[17]) + (a[9] * a[16]) + (a[10] * a[15]) + (a[11] * a[14]) + (a[12] * a[13])); 1362 long c26 = 2 * ((a[8] * a[18]) + (a[9] * a[17]) + (a[10] * a[16]) + (a[11] * a[15]) + (a[12] * a[14])) + (a[13] * a[13]); 1363 long c27 = 2 * ((a[9] * a[18]) + (a[10] * a[17]) + (a[11] * a[16]) + (a[12] * a[15]) + (a[13] * a[14])); 1364 long c28 = 2 * ((a[10] * a[18]) + (a[11] * a[17]) + (a[12] * a[16]) + (a[13] * a[15])) + (a[14] * a[14]); 1365 long c29 = 2 * ((a[11] * a[18]) + (a[12] * a[17]) + (a[13] * a[16]) + (a[14] * a[15])); 1366 long c30 = 2 * ((a[12] * a[18]) + (a[13] * a[17]) + (a[14] * a[16])) + (a[15] * a[15]); 1367 long c31 = 2 * ((a[13] * a[18]) + (a[14] * a[17]) + (a[15] * a[16])); 1368 long c32 = 2 * ((a[14] * a[18]) + (a[15] * a[17])) + (a[16] * a[16]); 1369 long c33 = 2 * ((a[15] * a[18]) + (a[16] * a[17])); 1370 long c34 = 2 * ((a[16] * a[18])) + (a[17] * a[17]); 1371 long c35 = 2 * ((a[17] * a[18])); 1372 long c36 = (a[18] * a[18]); 1373 1374 carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36); 1375 } 1376 } 1377 1378