1 /* 2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 /* 27 * This file is generated by FieldGen.jsh. Do not modify it directly. 28 */ 29 30 package sun.security.util.math.intpoly; 31 32 import java.math.BigInteger; 33 public class IntegerPolynomialP521 extends IntegerPolynomial { 34 private static final int BITS_PER_LIMB = 28; 35 private static final int NUM_LIMBS = 19; 36 private static final int MAX_ADDS = 2; 37 public static final BigInteger MODULUS = evaluateModulus(); 38 private static final long CARRY_ADD = 1 << 27; 39 private static final int LIMB_MASK = -1 >>> (64 - BITS_PER_LIMB); IntegerPolynomialP521()40 public IntegerPolynomialP521() { 41 42 super(BITS_PER_LIMB, NUM_LIMBS, MAX_ADDS, MODULUS); 43 44 } evaluateModulus()45 private static BigInteger evaluateModulus() { 46 BigInteger result = BigInteger.valueOf(2).pow(521); 47 result = result.subtract(BigInteger.valueOf(1)); 48 return result; 49 } 50 @Override finalCarryReduceLast(long[] limbs)51 protected void finalCarryReduceLast(long[] limbs) { 52 long c = limbs[18] >> 17; 53 limbs[18] -= c << 17; 54 limbs[0] += c; 55 } carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36)56 private void carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36) { 57 long c37 = 0; 58 //reduce from position 36 59 c17 += (c36 << 11) & LIMB_MASK; 60 c18 += c36 >> 17; 61 //reduce from position 35 62 c16 += (c35 << 11) & LIMB_MASK; 63 c17 += c35 >> 17; 64 //reduce from position 34 65 c15 += (c34 << 11) & LIMB_MASK; 66 c16 += c34 >> 17; 67 //reduce from position 33 68 c14 += (c33 << 11) & LIMB_MASK; 69 c15 += c33 >> 17; 70 //reduce from position 32 71 c13 += (c32 << 11) & LIMB_MASK; 72 c14 += c32 >> 17; 73 //reduce from position 31 74 c12 += (c31 << 11) & LIMB_MASK; 75 c13 += c31 >> 17; 76 //reduce from position 30 77 c11 += (c30 << 11) & LIMB_MASK; 78 c12 += c30 >> 17; 79 //reduce from position 29 80 c10 += (c29 << 11) & LIMB_MASK; 81 c11 += c29 >> 17; 82 //reduce from position 28 83 c9 += (c28 << 11) & LIMB_MASK; 84 c10 += c28 >> 17; 85 //reduce from position 27 86 c8 += (c27 << 11) & LIMB_MASK; 87 c9 += c27 >> 17; 88 //reduce from position 26 89 c7 += (c26 << 11) & LIMB_MASK; 90 c8 += c26 >> 17; 91 //reduce from position 25 92 c6 += (c25 << 11) & LIMB_MASK; 93 c7 += c25 >> 17; 94 //reduce from position 24 95 c5 += (c24 << 11) & LIMB_MASK; 96 c6 += c24 >> 17; 97 //reduce from position 23 98 c4 += (c23 << 11) & LIMB_MASK; 99 c5 += c23 >> 17; 100 //reduce from position 22 101 c3 += (c22 << 11) & LIMB_MASK; 102 c4 += c22 >> 17; 103 //reduce from position 21 104 c2 += (c21 << 11) & LIMB_MASK; 105 c3 += c21 >> 17; 106 //reduce from position 20 107 c1 += (c20 << 11) & LIMB_MASK; 108 c2 += c20 >> 17; 109 //reduce from position 19 110 c0 += (c19 << 11) & LIMB_MASK; 111 c1 += c19 >> 17; 112 c19 = 0; 113 114 carryReduce0(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36, c37); 115 } carryReduce0(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37)116 void carryReduce0(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18, long c19, long c20, long c21, long c22, long c23, long c24, long c25, long c26, long c27, long c28, long c29, long c30, long c31, long c32, long c33, long c34, long c35, long c36, long c37) { 117 118 //carry from position 17 119 long t0 = (c17 + CARRY_ADD) >> 28; 120 c17 -= (t0 << 28); 121 c18 += t0; 122 //carry from position 18 123 t0 = (c18 + CARRY_ADD) >> 28; 124 c18 -= (t0 << 28); 125 c19 += t0; 126 //reduce from position 19 127 c0 += (c19 << 11) & LIMB_MASK; 128 c1 += c19 >> 17; 129 //carry from position 0 130 t0 = (c0 + CARRY_ADD) >> 28; 131 c0 -= (t0 << 28); 132 c1 += t0; 133 //carry from position 1 134 t0 = (c1 + CARRY_ADD) >> 28; 135 c1 -= (t0 << 28); 136 c2 += t0; 137 //carry from position 2 138 t0 = (c2 + CARRY_ADD) >> 28; 139 c2 -= (t0 << 28); 140 c3 += t0; 141 //carry from position 3 142 t0 = (c3 + CARRY_ADD) >> 28; 143 c3 -= (t0 << 28); 144 c4 += t0; 145 //carry from position 4 146 t0 = (c4 + CARRY_ADD) >> 28; 147 c4 -= (t0 << 28); 148 c5 += t0; 149 //carry from position 5 150 t0 = (c5 + CARRY_ADD) >> 28; 151 c5 -= (t0 << 28); 152 c6 += t0; 153 //carry from position 6 154 t0 = (c6 + CARRY_ADD) >> 28; 155 c6 -= (t0 << 28); 156 c7 += t0; 157 //carry from position 7 158 t0 = (c7 + CARRY_ADD) >> 28; 159 c7 -= (t0 << 28); 160 c8 += t0; 161 //carry from position 8 162 t0 = (c8 + CARRY_ADD) >> 28; 163 c8 -= (t0 << 28); 164 c9 += t0; 165 //carry from position 9 166 t0 = (c9 + CARRY_ADD) >> 28; 167 c9 -= (t0 << 28); 168 c10 += t0; 169 //carry from position 10 170 t0 = (c10 + CARRY_ADD) >> 28; 171 c10 -= (t0 << 28); 172 c11 += t0; 173 //carry from position 11 174 t0 = (c11 + CARRY_ADD) >> 28; 175 c11 -= (t0 << 28); 176 c12 += t0; 177 //carry from position 12 178 t0 = (c12 + CARRY_ADD) >> 28; 179 c12 -= (t0 << 28); 180 c13 += t0; 181 //carry from position 13 182 t0 = (c13 + CARRY_ADD) >> 28; 183 c13 -= (t0 << 28); 184 c14 += t0; 185 //carry from position 14 186 t0 = (c14 + CARRY_ADD) >> 28; 187 c14 -= (t0 << 28); 188 c15 += t0; 189 //carry from position 15 190 t0 = (c15 + CARRY_ADD) >> 28; 191 c15 -= (t0 << 28); 192 c16 += t0; 193 //carry from position 16 194 t0 = (c16 + CARRY_ADD) >> 28; 195 c16 -= (t0 << 28); 196 c17 += t0; 197 //carry from position 17 198 t0 = (c17 + CARRY_ADD) >> 28; 199 c17 -= (t0 << 28); 200 c18 += t0; 201 202 r[0] = c0; 203 r[1] = c1; 204 r[2] = c2; 205 r[3] = c3; 206 r[4] = c4; 207 r[5] = c5; 208 r[6] = c6; 209 r[7] = c7; 210 r[8] = c8; 211 r[9] = c9; 212 r[10] = c10; 213 r[11] = c11; 214 r[12] = c12; 215 r[13] = c13; 216 r[14] = c14; 217 r[15] = c15; 218 r[16] = c16; 219 r[17] = c17; 220 r[18] = c18; 221 } carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18)222 private void carryReduce(long[] r, long c0, long c1, long c2, long c3, long c4, long c5, long c6, long c7, long c8, long c9, long c10, long c11, long c12, long c13, long c14, long c15, long c16, long c17, long c18) { 223 long c19 = 0; 224 //carry from position 17 225 long t0 = (c17 + CARRY_ADD) >> 28; 226 c17 -= (t0 << 28); 227 c18 += t0; 228 //carry from position 18 229 t0 = (c18 + CARRY_ADD) >> 28; 230 c18 -= (t0 << 28); 231 c19 += t0; 232 //reduce from position 19 233 c0 += (c19 << 11) & LIMB_MASK; 234 c1 += c19 >> 17; 235 //carry from position 0 236 t0 = (c0 + CARRY_ADD) >> 28; 237 c0 -= (t0 << 28); 238 c1 += t0; 239 //carry from position 1 240 t0 = (c1 + CARRY_ADD) >> 28; 241 c1 -= (t0 << 28); 242 c2 += t0; 243 //carry from position 2 244 t0 = (c2 + CARRY_ADD) >> 28; 245 c2 -= (t0 << 28); 246 c3 += t0; 247 //carry from position 3 248 t0 = (c3 + CARRY_ADD) >> 28; 249 c3 -= (t0 << 28); 250 c4 += t0; 251 //carry from position 4 252 t0 = (c4 + CARRY_ADD) >> 28; 253 c4 -= (t0 << 28); 254 c5 += t0; 255 //carry from position 5 256 t0 = (c5 + CARRY_ADD) >> 28; 257 c5 -= (t0 << 28); 258 c6 += t0; 259 //carry from position 6 260 t0 = (c6 + CARRY_ADD) >> 28; 261 c6 -= (t0 << 28); 262 c7 += t0; 263 //carry from position 7 264 t0 = (c7 + CARRY_ADD) >> 28; 265 c7 -= (t0 << 28); 266 c8 += t0; 267 //carry from position 8 268 t0 = (c8 + CARRY_ADD) >> 28; 269 c8 -= (t0 << 28); 270 c9 += t0; 271 //carry from position 9 272 t0 = (c9 + CARRY_ADD) >> 28; 273 c9 -= (t0 << 28); 274 c10 += t0; 275 //carry from position 10 276 t0 = (c10 + CARRY_ADD) >> 28; 277 c10 -= (t0 << 28); 278 c11 += t0; 279 //carry from position 11 280 t0 = (c11 + CARRY_ADD) >> 28; 281 c11 -= (t0 << 28); 282 c12 += t0; 283 //carry from position 12 284 t0 = (c12 + CARRY_ADD) >> 28; 285 c12 -= (t0 << 28); 286 c13 += t0; 287 //carry from position 13 288 t0 = (c13 + CARRY_ADD) >> 28; 289 c13 -= (t0 << 28); 290 c14 += t0; 291 //carry from position 14 292 t0 = (c14 + CARRY_ADD) >> 28; 293 c14 -= (t0 << 28); 294 c15 += t0; 295 //carry from position 15 296 t0 = (c15 + CARRY_ADD) >> 28; 297 c15 -= (t0 << 28); 298 c16 += t0; 299 //carry from position 16 300 t0 = (c16 + CARRY_ADD) >> 28; 301 c16 -= (t0 << 28); 302 c17 += t0; 303 //carry from position 17 304 t0 = (c17 + CARRY_ADD) >> 28; 305 c17 -= (t0 << 28); 306 c18 += t0; 307 308 r[0] = c0; 309 r[1] = c1; 310 r[2] = c2; 311 r[3] = c3; 312 r[4] = c4; 313 r[5] = c5; 314 r[6] = c6; 315 r[7] = c7; 316 r[8] = c8; 317 r[9] = c9; 318 r[10] = c10; 319 r[11] = c11; 320 r[12] = c12; 321 r[13] = c13; 322 r[14] = c14; 323 r[15] = c15; 324 r[16] = c16; 325 r[17] = c17; 326 r[18] = c18; 327 } 328 @Override mult(long[] a, long[] b, long[] r)329 protected void mult(long[] a, long[] b, long[] r) { 330 long c0 = (a[0] * b[0]); 331 long c1 = (a[0] * b[1]) + (a[1] * b[0]); 332 long c2 = (a[0] * b[2]) + (a[1] * b[1]) + (a[2] * b[0]); 333 long c3 = (a[0] * b[3]) + (a[1] * b[2]) + (a[2] * b[1]) + (a[3] * b[0]); 334 long c4 = (a[0] * b[4]) + (a[1] * b[3]) + (a[2] * b[2]) + (a[3] * b[1]) + (a[4] * b[0]); 335 long c5 = (a[0] * b[5]) + (a[1] * b[4]) + (a[2] * b[3]) + (a[3] * b[2]) + (a[4] * b[1]) + (a[5] * b[0]); 336 long c6 = (a[0] * b[6]) + (a[1] * b[5]) + (a[2] * b[4]) + (a[3] * b[3]) + (a[4] * b[2]) + (a[5] * b[1]) + (a[6] * b[0]); 337 long c7 = (a[0] * b[7]) + (a[1] * b[6]) + (a[2] * b[5]) + (a[3] * b[4]) + (a[4] * b[3]) + (a[5] * b[2]) + (a[6] * b[1]) + (a[7] * b[0]); 338 long c8 = (a[0] * b[8]) + (a[1] * b[7]) + (a[2] * b[6]) + (a[3] * b[5]) + (a[4] * b[4]) + (a[5] * b[3]) + (a[6] * b[2]) + (a[7] * b[1]) + (a[8] * b[0]); 339 long c9 = (a[0] * b[9]) + (a[1] * b[8]) + (a[2] * b[7]) + (a[3] * b[6]) + (a[4] * b[5]) + (a[5] * b[4]) + (a[6] * b[3]) + (a[7] * b[2]) + (a[8] * b[1]) + (a[9] * b[0]); 340 long c10 = (a[0] * b[10]) + (a[1] * b[9]) + (a[2] * b[8]) + (a[3] * b[7]) + (a[4] * b[6]) + (a[5] * b[5]) + (a[6] * b[4]) + (a[7] * b[3]) + (a[8] * b[2]) + (a[9] * b[1]) + (a[10] * b[0]); 341 long c11 = (a[0] * b[11]) + (a[1] * b[10]) + (a[2] * b[9]) + (a[3] * b[8]) + (a[4] * b[7]) + (a[5] * b[6]) + (a[6] * b[5]) + (a[7] * b[4]) + (a[8] * b[3]) + (a[9] * b[2]) + (a[10] * b[1]) + (a[11] * b[0]); 342 long c12 = (a[0] * b[12]) + (a[1] * b[11]) + (a[2] * b[10]) + (a[3] * b[9]) + (a[4] * b[8]) + (a[5] * b[7]) + (a[6] * b[6]) + (a[7] * b[5]) + (a[8] * b[4]) + (a[9] * b[3]) + (a[10] * b[2]) + (a[11] * b[1]) + (a[12] * b[0]); 343 long c13 = (a[0] * b[13]) + (a[1] * b[12]) + (a[2] * b[11]) + (a[3] * b[10]) + (a[4] * b[9]) + (a[5] * b[8]) + (a[6] * b[7]) + (a[7] * b[6]) + (a[8] * b[5]) + (a[9] * b[4]) + (a[10] * b[3]) + (a[11] * b[2]) + (a[12] * b[1]) + (a[13] * b[0]); 344 long c14 = (a[0] * b[14]) + (a[1] * b[13]) + (a[2] * b[12]) + (a[3] * b[11]) + (a[4] * b[10]) + (a[5] * b[9]) + (a[6] * b[8]) + (a[7] * b[7]) + (a[8] * b[6]) + (a[9] * b[5]) + (a[10] * b[4]) + (a[11] * b[3]) + (a[12] * b[2]) + (a[13] * b[1]) + (a[14] * b[0]); 345 long c15 = (a[0] * b[15]) + (a[1] * b[14]) + (a[2] * b[13]) + (a[3] * b[12]) + (a[4] * b[11]) + (a[5] * b[10]) + (a[6] * b[9]) + (a[7] * b[8]) + (a[8] * b[7]) + (a[9] * b[6]) + (a[10] * b[5]) + (a[11] * b[4]) + (a[12] * b[3]) + (a[13] * b[2]) + (a[14] * b[1]) + (a[15] * b[0]); 346 long c16 = (a[0] * b[16]) + (a[1] * b[15]) + (a[2] * b[14]) + (a[3] * b[13]) + (a[4] * b[12]) + (a[5] * b[11]) + (a[6] * b[10]) + (a[7] * b[9]) + (a[8] * b[8]) + (a[9] * b[7]) + (a[10] * b[6]) + (a[11] * b[5]) + (a[12] * b[4]) + (a[13] * b[3]) + (a[14] * b[2]) + (a[15] * b[1]) + (a[16] * b[0]); 347 long c17 = (a[0] * b[17]) + (a[1] * b[16]) + (a[2] * b[15]) + (a[3] * b[14]) + (a[4] * b[13]) + (a[5] * b[12]) + (a[6] * b[11]) + (a[7] * b[10]) + (a[8] * b[9]) + (a[9] * b[8]) + (a[10] * b[7]) + (a[11] * b[6]) + (a[12] * b[5]) + (a[13] * b[4]) + (a[14] * b[3]) + (a[15] * b[2]) + (a[16] * b[1]) + (a[17] * b[0]); 348 long c18 = (a[0] * b[18]) + (a[1] * b[17]) + (a[2] * b[16]) + (a[3] * b[15]) + (a[4] * b[14]) + (a[5] * b[13]) + (a[6] * b[12]) + (a[7] * b[11]) + (a[8] * b[10]) + (a[9] * b[9]) + (a[10] * b[8]) + (a[11] * b[7]) + (a[12] * b[6]) + (a[13] * b[5]) + (a[14] * b[4]) + (a[15] * b[3]) + (a[16] * b[2]) + (a[17] * b[1]) + (a[18] * b[0]); 349 long c19 = (a[1] * b[18]) + (a[2] * b[17]) + (a[3] * b[16]) + (a[4] * b[15]) + (a[5] * b[14]) + (a[6] * b[13]) + (a[7] * b[12]) + (a[8] * b[11]) + (a[9] * b[10]) + (a[10] * b[9]) + (a[11] * b[8]) + (a[12] * b[7]) + (a[13] * b[6]) + (a[14] * b[5]) + (a[15] * b[4]) + (a[16] * b[3]) + (a[17] * b[2]) + (a[18] * b[1]); 350 long c20 = (a[2] * b[18]) + (a[3] * b[17]) + (a[4] * b[16]) + (a[5] * b[15]) + (a[6] * b[14]) + (a[7] * b[13]) + (a[8] * b[12]) + (a[9] * b[11]) + (a[10] * b[10]) + (a[11] * b[9]) + (a[12] * b[8]) + (a[13] * b[7]) + (a[14] * b[6]) + (a[15] * b[5]) + (a[16] * b[4]) + (a[17] * b[3]) + (a[18] * b[2]); 351 long c21 = (a[3] * b[18]) + (a[4] * b[17]) + (a[5] * b[16]) + (a[6] * b[15]) + (a[7] * b[14]) + (a[8] * b[13]) + (a[9] * b[12]) + (a[10] * b[11]) + (a[11] * b[10]) + (a[12] * b[9]) + (a[13] * b[8]) + (a[14] * b[7]) + (a[15] * b[6]) + (a[16] * b[5]) + (a[17] * b[4]) + (a[18] * b[3]); 352 long c22 = (a[4] * b[18]) + (a[5] * b[17]) + (a[6] * b[16]) + (a[7] * b[15]) + (a[8] * b[14]) + (a[9] * b[13]) + (a[10] * b[12]) + (a[11] * b[11]) + (a[12] * b[10]) + (a[13] * b[9]) + (a[14] * b[8]) + (a[15] * b[7]) + (a[16] * b[6]) + (a[17] * b[5]) + (a[18] * b[4]); 353 long c23 = (a[5] * b[18]) + (a[6] * b[17]) + (a[7] * b[16]) + (a[8] * b[15]) + (a[9] * b[14]) + (a[10] * b[13]) + (a[11] * b[12]) + (a[12] * b[11]) + (a[13] * b[10]) + (a[14] * b[9]) + (a[15] * b[8]) + (a[16] * b[7]) + (a[17] * b[6]) + (a[18] * b[5]); 354 long c24 = (a[6] * b[18]) + (a[7] * b[17]) + (a[8] * b[16]) + (a[9] * b[15]) + (a[10] * b[14]) + (a[11] * b[13]) + (a[12] * b[12]) + (a[13] * b[11]) + (a[14] * b[10]) + (a[15] * b[9]) + (a[16] * b[8]) + (a[17] * b[7]) + (a[18] * b[6]); 355 long c25 = (a[7] * b[18]) + (a[8] * b[17]) + (a[9] * b[16]) + (a[10] * b[15]) + (a[11] * b[14]) + (a[12] * b[13]) + (a[13] * b[12]) + (a[14] * b[11]) + (a[15] * b[10]) + (a[16] * b[9]) + (a[17] * b[8]) + (a[18] * b[7]); 356 long c26 = (a[8] * b[18]) + (a[9] * b[17]) + (a[10] * b[16]) + (a[11] * b[15]) + (a[12] * b[14]) + (a[13] * b[13]) + (a[14] * b[12]) + (a[15] * b[11]) + (a[16] * b[10]) + (a[17] * b[9]) + (a[18] * b[8]); 357 long c27 = (a[9] * b[18]) + (a[10] * b[17]) + (a[11] * b[16]) + (a[12] * b[15]) + (a[13] * b[14]) + (a[14] * b[13]) + (a[15] * b[12]) + (a[16] * b[11]) + (a[17] * b[10]) + (a[18] * b[9]); 358 long c28 = (a[10] * b[18]) + (a[11] * b[17]) + (a[12] * b[16]) + (a[13] * b[15]) + (a[14] * b[14]) + (a[15] * b[13]) + (a[16] * b[12]) + (a[17] * b[11]) + (a[18] * b[10]); 359 long c29 = (a[11] * b[18]) + (a[12] * b[17]) + (a[13] * b[16]) + (a[14] * b[15]) + (a[15] * b[14]) + (a[16] * b[13]) + (a[17] * b[12]) + (a[18] * b[11]); 360 long c30 = (a[12] * b[18]) + (a[13] * b[17]) + (a[14] * b[16]) + (a[15] * b[15]) + (a[16] * b[14]) + (a[17] * b[13]) + (a[18] * b[12]); 361 long c31 = (a[13] * b[18]) + (a[14] * b[17]) + (a[15] * b[16]) + (a[16] * b[15]) + (a[17] * b[14]) + (a[18] * b[13]); 362 long c32 = (a[14] * b[18]) + (a[15] * b[17]) + (a[16] * b[16]) + (a[17] * b[15]) + (a[18] * b[14]); 363 long c33 = (a[15] * b[18]) + (a[16] * b[17]) + (a[17] * b[16]) + (a[18] * b[15]); 364 long c34 = (a[16] * b[18]) + (a[17] * b[17]) + (a[18] * b[16]); 365 long c35 = (a[17] * b[18]) + (a[18] * b[17]); 366 long c36 = (a[18] * b[18]); 367 368 carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36); 369 } 370 @Override reduce(long[] a)371 protected void reduce(long[] a) { 372 carryReduce(a, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14], a[15], a[16], a[17], a[18]); 373 } 374 @Override square(long[] a, long[] r)375 protected void square(long[] a, long[] r) { 376 long c0 = (a[0] * a[0]); 377 long c1 = 2 * ((a[0] * a[1])); 378 long c2 = 2 * ((a[0] * a[2])) + (a[1] * a[1]); 379 long c3 = 2 * ((a[0] * a[3]) + (a[1] * a[2])); 380 long c4 = 2 * ((a[0] * a[4]) + (a[1] * a[3])) + (a[2] * a[2]); 381 long c5 = 2 * ((a[0] * a[5]) + (a[1] * a[4]) + (a[2] * a[3])); 382 long c6 = 2 * ((a[0] * a[6]) + (a[1] * a[5]) + (a[2] * a[4])) + (a[3] * a[3]); 383 long c7 = 2 * ((a[0] * a[7]) + (a[1] * a[6]) + (a[2] * a[5]) + (a[3] * a[4])); 384 long c8 = 2 * ((a[0] * a[8]) + (a[1] * a[7]) + (a[2] * a[6]) + (a[3] * a[5])) + (a[4] * a[4]); 385 long c9 = 2 * ((a[0] * a[9]) + (a[1] * a[8]) + (a[2] * a[7]) + (a[3] * a[6]) + (a[4] * a[5])); 386 long c10 = 2 * ((a[0] * a[10]) + (a[1] * a[9]) + (a[2] * a[8]) + (a[3] * a[7]) + (a[4] * a[6])) + (a[5] * a[5]); 387 long c11 = 2 * ((a[0] * a[11]) + (a[1] * a[10]) + (a[2] * a[9]) + (a[3] * a[8]) + (a[4] * a[7]) + (a[5] * a[6])); 388 long c12 = 2 * ((a[0] * a[12]) + (a[1] * a[11]) + (a[2] * a[10]) + (a[3] * a[9]) + (a[4] * a[8]) + (a[5] * a[7])) + (a[6] * a[6]); 389 long c13 = 2 * ((a[0] * a[13]) + (a[1] * a[12]) + (a[2] * a[11]) + (a[3] * a[10]) + (a[4] * a[9]) + (a[5] * a[8]) + (a[6] * a[7])); 390 long c14 = 2 * ((a[0] * a[14]) + (a[1] * a[13]) + (a[2] * a[12]) + (a[3] * a[11]) + (a[4] * a[10]) + (a[5] * a[9]) + (a[6] * a[8])) + (a[7] * a[7]); 391 long c15 = 2 * ((a[0] * a[15]) + (a[1] * a[14]) + (a[2] * a[13]) + (a[3] * a[12]) + (a[4] * a[11]) + (a[5] * a[10]) + (a[6] * a[9]) + (a[7] * a[8])); 392 long c16 = 2 * ((a[0] * a[16]) + (a[1] * a[15]) + (a[2] * a[14]) + (a[3] * a[13]) + (a[4] * a[12]) + (a[5] * a[11]) + (a[6] * a[10]) + (a[7] * a[9])) + (a[8] * a[8]); 393 long c17 = 2 * ((a[0] * a[17]) + (a[1] * a[16]) + (a[2] * a[15]) + (a[3] * a[14]) + (a[4] * a[13]) + (a[5] * a[12]) + (a[6] * a[11]) + (a[7] * a[10]) + (a[8] * a[9])); 394 long c18 = 2 * ((a[0] * a[18]) + (a[1] * a[17]) + (a[2] * a[16]) + (a[3] * a[15]) + (a[4] * a[14]) + (a[5] * a[13]) + (a[6] * a[12]) + (a[7] * a[11]) + (a[8] * a[10])) + (a[9] * a[9]); 395 long c19 = 2 * ((a[1] * a[18]) + (a[2] * a[17]) + (a[3] * a[16]) + (a[4] * a[15]) + (a[5] * a[14]) + (a[6] * a[13]) + (a[7] * a[12]) + (a[8] * a[11]) + (a[9] * a[10])); 396 long c20 = 2 * ((a[2] * a[18]) + (a[3] * a[17]) + (a[4] * a[16]) + (a[5] * a[15]) + (a[6] * a[14]) + (a[7] * a[13]) + (a[8] * a[12]) + (a[9] * a[11])) + (a[10] * a[10]); 397 long c21 = 2 * ((a[3] * a[18]) + (a[4] * a[17]) + (a[5] * a[16]) + (a[6] * a[15]) + (a[7] * a[14]) + (a[8] * a[13]) + (a[9] * a[12]) + (a[10] * a[11])); 398 long c22 = 2 * ((a[4] * a[18]) + (a[5] * a[17]) + (a[6] * a[16]) + (a[7] * a[15]) + (a[8] * a[14]) + (a[9] * a[13]) + (a[10] * a[12])) + (a[11] * a[11]); 399 long c23 = 2 * ((a[5] * a[18]) + (a[6] * a[17]) + (a[7] * a[16]) + (a[8] * a[15]) + (a[9] * a[14]) + (a[10] * a[13]) + (a[11] * a[12])); 400 long c24 = 2 * ((a[6] * a[18]) + (a[7] * a[17]) + (a[8] * a[16]) + (a[9] * a[15]) + (a[10] * a[14]) + (a[11] * a[13])) + (a[12] * a[12]); 401 long c25 = 2 * ((a[7] * a[18]) + (a[8] * a[17]) + (a[9] * a[16]) + (a[10] * a[15]) + (a[11] * a[14]) + (a[12] * a[13])); 402 long c26 = 2 * ((a[8] * a[18]) + (a[9] * a[17]) + (a[10] * a[16]) + (a[11] * a[15]) + (a[12] * a[14])) + (a[13] * a[13]); 403 long c27 = 2 * ((a[9] * a[18]) + (a[10] * a[17]) + (a[11] * a[16]) + (a[12] * a[15]) + (a[13] * a[14])); 404 long c28 = 2 * ((a[10] * a[18]) + (a[11] * a[17]) + (a[12] * a[16]) + (a[13] * a[15])) + (a[14] * a[14]); 405 long c29 = 2 * ((a[11] * a[18]) + (a[12] * a[17]) + (a[13] * a[16]) + (a[14] * a[15])); 406 long c30 = 2 * ((a[12] * a[18]) + (a[13] * a[17]) + (a[14] * a[16])) + (a[15] * a[15]); 407 long c31 = 2 * ((a[13] * a[18]) + (a[14] * a[17]) + (a[15] * a[16])); 408 long c32 = 2 * ((a[14] * a[18]) + (a[15] * a[17])) + (a[16] * a[16]); 409 long c33 = 2 * ((a[15] * a[18]) + (a[16] * a[17])); 410 long c34 = 2 * ((a[16] * a[18])) + (a[17] * a[17]); 411 long c35 = 2 * ((a[17] * a[18])); 412 long c36 = (a[18] * a[18]); 413 414 carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36); 415 } 416 } 417 418