kris
/
sike_ifma
1
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Toiminta
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Haara
116 KiB
 
 
 
Haara: master
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
sike_ifma/sidh_ref/fp_x64.c

868 rivejä
24 KiB
Raaka Pysyvä linkki Blame Historia 

  1. /********************************************************************************************

  2. * SIDH: an efficient supersingular isogeny-based cryptography library for ephemeral 

  3. *       Diffie-Hellman key exchange.

  4. *

  5. *    Copyright (c) Microsoft Corporation. All rights reserved.

  6. *

  7. *

  8. * Abstract: modular arithmetic optimized for x64 platforms

  9. *

  10. *********************************************************************************************/

  11. 

  12. #include "P751_internal.h"

  13. 

  14. // Global constants

  15. extern const uint64_t p751[NWORDS_FIELD];

  16. extern const uint64_t p751p1[NWORDS_FIELD];

  17. extern const uint64_t p751x2[NWORDS_FIELD];

  18. 

  19. __inline void fpadd751(const digit_t *a, const digit_t *b, digit_t *c)

  20. {   // Modular addition, c = a+b mod p751.

  21.     // Inputs: a, b in [0, 2*p751-1]

  22.     // Output: c in [0, 2*p751-1]

  23. 

  24. #if (OS_TARGET == OS_WIN)

  25.     unsigned int i, carry = 0;

  26.     digit_t mask;

  27. 

  28.     for (i = 0; i < NWORDS_FIELD; i++)

  29.     {

  30.         ADDC(carry, a[i], b[i], carry, c[i]);

  31.     }

  32. 

  33.     carry = 0;

  34.     for (i = 0; i < NWORDS_FIELD; i++)

  35.     {

  36.         SUBC(carry, c[i], ((digit_t *)p751x2)[i], carry, c[i]);

  37.     }

  38.     mask = 0 - (digit_t)carry;

  39. 

  40.     carry = 0;

  41.     for (i = 0; i < NWORDS_FIELD; i++)

  42.     {

  43.         ADDC(carry, c[i], ((digit_t *)p751x2)[i] & mask, carry, c[i]);

  44.     }

  45. 

  46. #elif (OS_TARGET == OS_LINUX)

  47. 

  48.     fpadd751_asm(a, b, c);

  49. 

  50. #endif

  51. }

  52. 

  53. __inline void fpsub751(const digit_t *a, const digit_t *b, digit_t *c)

  54. {   // Modular subtraction, c = a-b mod p751.

  55.     // Inputs: a, b in [0, 2*p751-1]

  56.     // Output: c in [0, 2*p751-1]

  57. 

  58. #if (OS_TARGET == OS_WIN)

  59.     unsigned int i, borrow = 0;

  60.     digit_t mask;

  61. 

  62.     for (i = 0; i < NWORDS_FIELD; i++)

  63.     {

  64.         SUBC(borrow, a[i], b[i], borrow, c[i]);

  65.     }

  66.     mask = 0 - (digit_t)borrow;

  67. 

  68.     borrow = 0;

  69.     for (i = 0; i < NWORDS_FIELD; i++)

  70.     {

  71.         ADDC(borrow, c[i], ((digit_t *)p751x2)[i] & mask, borrow, c[i]);

  72.     }

  73. 

  74. #elif (OS_TARGET == OS_LINUX)

  75. 

  76.     fpsub751_asm(a, b, c);

  77. 

  78. #endif

  79. }

  80. 

  81. __inline void fpneg751(digit_t *a)

  82. {   // Modular negation, a = -a mod p751.

  83.     // Input/output: a in [0, 2*p751-1]

  84.     unsigned int i, borrow = 0;

  85. 

  86.     for (i = 0; i < NWORDS_FIELD; i++)

  87.     {

  88.         SUBC(borrow, ((digit_t *)p751x2)[i], a[i], borrow, a[i]);

  89.     }

  90. }

  91. 

  92. void fpdiv2_751(const digit_t *a, digit_t *c)

  93. {   // Modular division by two, c = a/2 mod p751.

  94.     // Input : a in [0, 2*p751-1]

  95.     // Output: c in [0, 2*p751-1]

  96.     unsigned int i, carry = 0;

  97.     digit_t mask;

  98. 

  99.     mask = 0 - (digit_t)(a[0] & 1); // If a is odd compute a+p751

  100.     for (i = 0; i < NWORDS_FIELD; i++)

  101.     {

  102.         ADDC(carry, a[i], ((digit_t *)p751)[i] & mask, carry, c[i]);

  103.     }

  104. 

  105.     mp_shiftr1(c, NWORDS_FIELD);

  106. }

  107. 

  108. void fpcorrection751(digit_t *a)

  109. { // Modular correction to reduce field element a in [0, 2*p751-1] to [0, p751-1].

  110.     unsigned int i, borrow = 0;

  111.     digit_t mask;

  112. 

  113.     for (i = 0; i < NWORDS_FIELD; i++)

  114.     {

  115.         SUBC(borrow, a[i], ((digit_t *)p751)[i], borrow, a[i]);

  116.     }

  117.     mask = 0 - (digit_t)borrow;

  118. 

  119.     borrow = 0;

  120.     for (i = 0; i < NWORDS_FIELD; i++)

  121.     {

  122.         ADDC(borrow, a[i], ((digit_t *)p751)[i] & mask, borrow, a[i]);

  123.     }

  124. }

  125. 

  126. void mp_mul(const digit_t *a, const digit_t *b, digit_t *c, const unsigned int nwords)

  127. { // Multiprecision multiply, c = a*b, where lng(a) = lng(b) = nwords.

  128. 

  129.     UNREFERENCED_PARAMETER(nwords);

  130. 

  131. #if (OS_TARGET == OS_WIN)

  132.     digit_t t = 0;

  133.     uint128_t uv = {0};

  134.     unsigned int carry = 0;

  135. 

  136.     MULADD128(a[0], b[0], uv, carry, uv);

  137.     t += carry;

  138.     c[0] = uv[0];

  139.     uv[0] = uv[1];

  140.     uv[1] = t;

  141.     t = 0;

  142. 

  143.     MULADD128(a[0], b[1], uv, carry, uv);

  144.     t += carry;

  145.     MULADD128(a[1], b[0], uv, carry, uv);

  146.     t += carry;

  147.     c[1] = uv[0];

  148.     uv[0] = uv[1];

  149.     uv[1] = t;

  150.     t = 0;

  151. 

  152.     MULADD128(a[0], b[2], uv, carry, uv);

  153.     t += carry;

  154.     MULADD128(a[1], b[1], uv, carry, uv);

  155.     t += carry;

  156.     MULADD128(a[2], b[0], uv, carry, uv);

  157.     t += carry;

  158.     c[2] = uv[0];

  159.     uv[0] = uv[1];

  160.     uv[1] = t;

  161.     t = 0;

  162. 

  163.     MULADD128(a[0], b[3], uv, carry, uv);

  164.     t += carry;

  165.     MULADD128(a[2], b[1], uv, carry, uv);

  166.     t += carry;

  167.     MULADD128(a[1], b[2], uv, carry, uv);

  168.     t += carry;

  169.     MULADD128(a[3], b[0], uv, carry, uv);

  170.     t += carry;

  171.     c[3] = uv[0];

  172.     uv[0] = uv[1];

  173.     uv[1] = t;

  174.     t = 0;

  175. 

  176.     MULADD128(a[0], b[4], uv, carry, uv);

  177.     t += carry;

  178.     MULADD128(a[3], b[1], uv, carry, uv);

  179.     t += carry;

  180.     MULADD128(a[2], b[2], uv, carry, uv);

  181.     t += carry;

  182.     MULADD128(a[1], b[3], uv, carry, uv);

  183.     t += carry;

  184.     MULADD128(a[4], b[0], uv, carry, uv);

  185.     t += carry;

  186.     c[4] = uv[0];

  187.     uv[0] = uv[1];

  188.     uv[1] = t;

  189.     t = 0;

  190. 

  191.     MULADD128(a[0], b[5], uv, carry, uv);

  192.     t += carry;

  193.     MULADD128(a[4], b[1], uv, carry, uv);

  194.     t += carry;

  195.     MULADD128(a[3], b[2], uv, carry, uv);

  196.     t += carry;

  197.     MULADD128(a[2], b[3], uv, carry, uv);

  198.     t += carry;

  199.     MULADD128(a[1], b[4], uv, carry, uv);

  200.     t += carry;

  201.     MULADD128(a[5], b[0], uv, carry, uv);

  202.     t += carry;

  203.     c[5] = uv[0];

  204.     uv[0] = uv[1];

  205.     uv[1] = t;

  206.     t = 0;

  207. 

  208.     MULADD128(a[0], b[6], uv, carry, uv);

  209.     t += carry;

  210.     MULADD128(a[5], b[1], uv, carry, uv);

  211.     t += carry;

  212.     MULADD128(a[4], b[2], uv, carry, uv);

  213.     t += carry;

  214.     MULADD128(a[3], b[3], uv, carry, uv);

  215.     t += carry;

  216.     MULADD128(a[2], b[4], uv, carry, uv);

  217.     t += carry;

  218.     MULADD128(a[1], b[5], uv, carry, uv);

  219.     t += carry;

  220.     MULADD128(a[6], b[0], uv, carry, uv);

  221.     t += carry;

  222.     c[6] = uv[0];

  223.     uv[0] = uv[1];

  224.     uv[1] = t;

  225.     t = 0;

  226. 

  227.     MULADD128(a[0], b[7], uv, carry, uv);

  228.     t += carry;

  229.     MULADD128(a[6], b[1], uv, carry, uv);

  230.     t += carry;

  231.     MULADD128(a[5], b[2], uv, carry, uv);

  232.     t += carry;

  233.     MULADD128(a[4], b[3], uv, carry, uv);

  234.     t += carry;

  235.     MULADD128(a[3], b[4], uv, carry, uv);

  236.     t += carry;

  237.     MULADD128(a[2], b[5], uv, carry, uv);

  238.     t += carry;

  239.     MULADD128(a[1], b[6], uv, carry, uv);

  240.     t += carry;

  241.     MULADD128(a[7], b[0], uv, carry, uv);

  242.     t += carry;

  243.     c[7] = uv[0];

  244.     uv[0] = uv[1];

  245.     uv[1] = t;

  246.     t = 0;

  247. 

  248.     MULADD128(a[0], b[8], uv, carry, uv);

  249.     t += carry;

  250.     MULADD128(a[7], b[1], uv, carry, uv);

  251.     t += carry;

  252.     MULADD128(a[6], b[2], uv, carry, uv);

  253.     t += carry;

  254.     MULADD128(a[5], b[3], uv, carry, uv);

  255.     t += carry;

  256.     MULADD128(a[4], b[4], uv, carry, uv);

  257.     t += carry;

  258.     MULADD128(a[3], b[5], uv, carry, uv);

  259.     t += carry;

  260.     MULADD128(a[2], b[6], uv, carry, uv);

  261.     t += carry;

  262.     MULADD128(a[1], b[7], uv, carry, uv);

  263.     t += carry;

  264.     MULADD128(a[8], b[0], uv, carry, uv);

  265.     t += carry;

  266.     c[8] = uv[0];

  267.     uv[0] = uv[1];

  268.     uv[1] = t;

  269.     t = 0;

  270. 

  271.     MULADD128(a[0], b[9], uv, carry, uv);

  272.     t += carry;

  273.     MULADD128(a[8], b[1], uv, carry, uv);

  274.     t += carry;

  275.     MULADD128(a[7], b[2], uv, carry, uv);

  276.     t += carry;

  277.     MULADD128(a[6], b[3], uv, carry, uv);

  278.     t += carry;

  279.     MULADD128(a[5], b[4], uv, carry, uv);

  280.     t += carry;

  281.     MULADD128(a[4], b[5], uv, carry, uv);

  282.     t += carry;

  283.     MULADD128(a[3], b[6], uv, carry, uv);

  284.     t += carry;

  285.     MULADD128(a[2], b[7], uv, carry, uv);

  286.     t += carry;

  287.     MULADD128(a[1], b[8], uv, carry, uv);

  288.     t += carry;

  289.     MULADD128(a[9], b[0], uv, carry, uv);

  290.     t += carry;

  291.     c[9] = uv[0];

  292.     uv[0] = uv[1];

  293.     uv[1] = t;

  294.     t = 0;

  295. 

  296.     MULADD128(a[0], b[10], uv, carry, uv);

  297.     t += carry;

  298.     MULADD128(a[9], b[1], uv, carry, uv);

  299.     t += carry;

  300.     MULADD128(a[8], b[2], uv, carry, uv);

  301.     t += carry;

  302.     MULADD128(a[7], b[3], uv, carry, uv);

  303.     t += carry;

  304.     MULADD128(a[6], b[4], uv, carry, uv);

  305.     t += carry;

  306.     MULADD128(a[5], b[5], uv, carry, uv);

  307.     t += carry;

  308.     MULADD128(a[4], b[6], uv, carry, uv);

  309.     t += carry;

  310.     MULADD128(a[3], b[7], uv, carry, uv);

  311.     t += carry;

  312.     MULADD128(a[2], b[8], uv, carry, uv);

  313.     t += carry;

  314.     MULADD128(a[1], b[9], uv, carry, uv);

  315.     t += carry;

  316.     MULADD128(a[10], b[0], uv, carry, uv);

  317.     t += carry;

  318.     c[10] = uv[0];

  319.     uv[0] = uv[1];

  320.     uv[1] = t;

  321.     t = 0;

  322. 

  323.     MULADD128(a[0], b[11], uv, carry, uv);

  324.     t += carry;

  325.     MULADD128(a[10], b[1], uv, carry, uv);

  326.     t += carry;

  327.     MULADD128(a[9], b[2], uv, carry, uv);

  328.     t += carry;

  329.     MULADD128(a[8], b[3], uv, carry, uv);

  330.     t += carry;

  331.     MULADD128(a[7], b[4], uv, carry, uv);

  332.     t += carry;

  333.     MULADD128(a[6], b[5], uv, carry, uv);

  334.     t += carry;

  335.     MULADD128(a[5], b[6], uv, carry, uv);

  336.     t += carry;

  337.     MULADD128(a[4], b[7], uv, carry, uv);

  338.     t += carry;

  339.     MULADD128(a[3], b[8], uv, carry, uv);

  340.     t += carry;

  341.     MULADD128(a[2], b[9], uv, carry, uv);

  342.     t += carry;

  343.     MULADD128(a[1], b[10], uv, carry, uv);

  344.     t += carry;

  345.     MULADD128(a[11], b[0], uv, carry, uv);

  346.     t += carry;

  347.     c[11] = uv[0];

  348.     uv[0] = uv[1];

  349.     uv[1] = t;

  350.     t = 0;

  351. 

  352.     MULADD128(a[1], b[11], uv, carry, uv);

  353.     t += carry;

  354.     MULADD128(a[10], b[2], uv, carry, uv);

  355.     t += carry;

  356.     MULADD128(a[9], b[3], uv, carry, uv);

  357.     t += carry;

  358.     MULADD128(a[8], b[4], uv, carry, uv);

  359.     t += carry;

  360.     MULADD128(a[7], b[5], uv, carry, uv);

  361.     t += carry;

  362.     MULADD128(a[6], b[6], uv, carry, uv);

  363.     t += carry;

  364.     MULADD128(a[5], b[7], uv, carry, uv);

  365.     t += carry;

  366.     MULADD128(a[4], b[8], uv, carry, uv);

  367.     t += carry;

  368.     MULADD128(a[3], b[9], uv, carry, uv);

  369.     t += carry;

  370.     MULADD128(a[2], b[10], uv, carry, uv);

  371.     t += carry;

  372.     MULADD128(a[11], b[1], uv, carry, uv);

  373.     t += carry;

  374.     c[12] = uv[0];

  375.     uv[0] = uv[1];

  376.     uv[1] = t;

  377.     t = 0;

  378. 

  379.     MULADD128(a[11], b[2], uv, carry, uv);

  380.     t += carry;

  381.     MULADD128(a[10], b[3], uv, carry, uv);

  382.     t += carry;

  383.     MULADD128(a[9], b[4], uv, carry, uv);

  384.     t += carry;

  385.     MULADD128(a[8], b[5], uv, carry, uv);

  386.     t += carry;

  387.     MULADD128(a[7], b[6], uv, carry, uv);

  388.     t += carry;

  389.     MULADD128(a[6], b[7], uv, carry, uv);

  390.     t += carry;

  391.     MULADD128(a[5], b[8], uv, carry, uv);

  392.     t += carry;

  393.     MULADD128(a[4], b[9], uv, carry, uv);

  394.     t += carry;

  395.     MULADD128(a[3], b[10], uv, carry, uv);

  396.     t += carry;

  397.     MULADD128(a[2], b[11], uv, carry, uv);

  398.     t += carry;

  399.     c[13] = uv[0];

  400.     uv[0] = uv[1];

  401.     uv[1] = t;

  402.     t = 0;

  403. 

  404.     MULADD128(a[11], b[3], uv, carry, uv);

  405.     t += carry;

  406.     MULADD128(a[10], b[4], uv, carry, uv);

  407.     t += carry;

  408.     MULADD128(a[9], b[5], uv, carry, uv);

  409.     t += carry;

  410.     MULADD128(a[8], b[6], uv, carry, uv);

  411.     t += carry;

  412.     MULADD128(a[7], b[7], uv, carry, uv);

  413.     t += carry;

  414.     MULADD128(a[6], b[8], uv, carry, uv);

  415.     t += carry;

  416.     MULADD128(a[5], b[9], uv, carry, uv);

  417.     t += carry;

  418.     MULADD128(a[4], b[10], uv, carry, uv);

  419.     t += carry;

  420.     MULADD128(a[3], b[11], uv, carry, uv);

  421.     t += carry;

  422.     c[14] = uv[0];

  423.     uv[0] = uv[1];

  424.     uv[1] = t;

  425.     t = 0;

  426. 

  427.     MULADD128(a[11], b[4], uv, carry, uv);

  428.     t += carry;

  429.     MULADD128(a[10], b[5], uv, carry, uv);

  430.     t += carry;

  431.     MULADD128(a[9], b[6], uv, carry, uv);

  432.     t += carry;

  433.     MULADD128(a[8], b[7], uv, carry, uv);

  434.     t += carry;

  435.     MULADD128(a[7], b[8], uv, carry, uv);

  436.     t += carry;

  437.     MULADD128(a[6], b[9], uv, carry, uv);

  438.     t += carry;

  439.     MULADD128(a[5], b[10], uv, carry, uv);

  440.     t += carry;

  441.     MULADD128(a[4], b[11], uv, carry, uv);

  442.     t += carry;

  443.     c[15] = uv[0];

  444.     uv[0] = uv[1];

  445.     uv[1] = t;

  446.     t = 0;

  447. 

  448.     MULADD128(a[11], b[5], uv, carry, uv);

  449.     t += carry;

  450.     MULADD128(a[10], b[6], uv, carry, uv);

  451.     t += carry;

  452.     MULADD128(a[9], b[7], uv, carry, uv);

  453.     t += carry;

  454.     MULADD128(a[8], b[8], uv, carry, uv);

  455.     t += carry;

  456.     MULADD128(a[7], b[9], uv, carry, uv);

  457.     t += carry;

  458.     MULADD128(a[6], b[10], uv, carry, uv);

  459.     t += carry;

  460.     MULADD128(a[5], b[11], uv, carry, uv);

  461.     t += carry;

  462.     c[16] = uv[0];

  463.     uv[0] = uv[1];

  464.     uv[1] = t;

  465.     t = 0;

  466. 

  467.     MULADD128(a[11], b[6], uv, carry, uv);

  468.     t += carry;

  469.     MULADD128(a[10], b[7], uv, carry, uv);

  470.     t += carry;

  471.     MULADD128(a[9], b[8], uv, carry, uv);

  472.     t += carry;

  473.     MULADD128(a[8], b[9], uv, carry, uv);

  474.     t += carry;

  475.     MULADD128(a[7], b[10], uv, carry, uv);

  476.     t += carry;

  477.     MULADD128(a[6], b[11], uv, carry, uv);

  478.     t += carry;

  479.     c[17] = uv[0];

  480.     uv[0] = uv[1];

  481.     uv[1] = t;

  482.     t = 0;

  483. 

  484.     MULADD128(a[11], b[7], uv, carry, uv);

  485.     t += carry;

  486.     MULADD128(a[10], b[8], uv, carry, uv);

  487.     t += carry;

  488.     MULADD128(a[9], b[9], uv, carry, uv);

  489.     t += carry;

  490.     MULADD128(a[8], b[10], uv, carry, uv);

  491.     t += carry;

  492.     MULADD128(a[7], b[11], uv, carry, uv);

  493.     t += carry;

  494.     c[18] = uv[0];

  495.     uv[0] = uv[1];

  496.     uv[1] = t;

  497.     t = 0;

  498. 

  499.     MULADD128(a[11], b[8], uv, carry, uv);

  500.     t += carry;

  501.     MULADD128(a[10], b[9], uv, carry, uv);

  502.     t += carry;

  503.     MULADD128(a[9], b[10], uv, carry, uv);

  504.     t += carry;

  505.     MULADD128(a[8], b[11], uv, carry, uv);

  506.     t += carry;

  507.     c[19] = uv[0];

  508.     uv[0] = uv[1];

  509.     uv[1] = t;

  510.     t = 0;

  511. 

  512.     MULADD128(a[11], b[9], uv, carry, uv);

  513.     t += carry;

  514.     MULADD128(a[10], b[10], uv, carry, uv);

  515.     t += carry;

  516.     MULADD128(a[9], b[11], uv, carry, uv);

  517.     t += carry;

  518.     c[20] = uv[0];

  519.     uv[0] = uv[1];

  520.     uv[1] = t;

  521.     t = 0;

  522. 

  523.     MULADD128(a[11], b[10], uv, carry, uv);

  524.     t += carry;

  525.     MULADD128(a[10], b[11], uv, carry, uv);

  526.     t += carry;

  527.     c[21] = uv[0];

  528.     uv[0] = uv[1];

  529.     uv[1] = t;

  530. 

  531.     MULADD128(a[11], b[11], uv, carry, uv);

  532.     c[22] = uv[0];

  533.     c[23] = uv[1];

  534. 

  535. #elif (OS_TARGET == OS_LINUX)

  536. 

  537.     mul751_asm(a, b, c);

  538. 

  539. #endif

  540. }

  541. 

  542. void rdc_mont(const dfelm_t ma, felm_t mc)

  543. {   // Efficient Montgomery reduction using comba and exploiting the special form of the prime p751.

  544.     // mc = ma*R^-1 mod p751x2, where R = 2^768.

  545.     // If ma < 2^768*p751, the output mc is in the range [0, 2*p751-1].

  546.     // ma is assumed to be in Montgomery representation.

  547. 

  548. #if (OS_TARGET == OS_WIN)

  549.     unsigned int carry;

  550.     digit_t t = 0;

  551.     uint128_t uv = {0};

  552. 

  553.     mc[0] = ma[0];

  554.     mc[1] = ma[1];

  555.     mc[2] = ma[2];

  556.     mc[3] = ma[3];

  557.     mc[4] = ma[4];

  558.     MUL128(mc[0], ((digit_t *)p751p1)[5], uv);

  559.     ADDC(0, uv[0], ma[5], carry, uv[0]);

  560.     ADDC(carry, uv[1], 0, carry, uv[1]);

  561.     mc[5] = uv[0];

  562.     uv[0] = uv[1];

  563.     uv[1] = 0;

  564. 

  565.     MULADD128(mc[0], ((digit_t *)p751p1)[6], uv, carry, uv);

  566.     MULADD128(mc[1], ((digit_t *)p751p1)[5], uv, carry, uv);

  567.     t += carry;

  568.     ADDC(0, uv[0], ma[6], carry, uv[0]);

  569.     ADDC(carry, uv[1], 0, carry, uv[1]);

  570.     t += carry;

  571.     mc[6] = uv[0];

  572.     uv[0] = uv[1];

  573.     uv[1] = t;

  574.     t = 0;

  575. 

  576.     MULADD128(mc[0], ((digit_t *)p751p1)[7], uv, carry, uv);

  577.     t += carry;

  578.     MULADD128(mc[1], ((digit_t *)p751p1)[6], uv, carry, uv);

  579.     t += carry;

  580.     MULADD128(mc[2], ((digit_t *)p751p1)[5], uv, carry, uv);

  581.     t += carry;

  582.     ADDC(0, uv[0], ma[7], carry, uv[0]);

  583.     ADDC(carry, uv[1], 0, carry, uv[1]);

  584.     t += carry;

  585.     mc[7] = uv[0];

  586.     uv[0] = uv[1];

  587.     uv[1] = t;

  588.     t = 0;

  589. 

  590.     MULADD128(mc[0], ((digit_t *)p751p1)[8], uv, carry, uv);

  591.     t += carry;

  592.     MULADD128(mc[1], ((digit_t *)p751p1)[7], uv, carry, uv);

  593.     t += carry;

  594.     MULADD128(mc[2], ((digit_t *)p751p1)[6], uv, carry, uv);

  595.     t += carry;

  596.     MULADD128(mc[3], ((digit_t *)p751p1)[5], uv, carry, uv);

  597.     t += carry;

  598.     ADDC(0, uv[0], ma[8], carry, uv[0]);

  599.     ADDC(carry, uv[1], 0, carry, uv[1]);

  600.     t += carry;

  601.     mc[8] = uv[0];

  602.     uv[0] = uv[1];

  603.     uv[1] = t;

  604.     t = 0;

  605. 

  606.     MULADD128(mc[0], ((digit_t *)p751p1)[9], uv, carry, uv);

  607.     t += carry;

  608.     MULADD128(mc[1], ((digit_t *)p751p1)[8], uv, carry, uv);

  609.     t += carry;

  610.     MULADD128(mc[2], ((digit_t *)p751p1)[7], uv, carry, uv);

  611.     t += carry;

  612.     MULADD128(mc[3], ((digit_t *)p751p1)[6], uv, carry, uv);

  613.     t += carry;

  614.     MULADD128(mc[4], ((digit_t *)p751p1)[5], uv, carry, uv);

  615.     t += carry;

  616.     ADDC(0, uv[0], ma[9], carry, uv[0]);

  617.     ADDC(carry, uv[1], 0, carry, uv[1]);

  618.     t += carry;

  619.     mc[9] = uv[0];

  620.     uv[0] = uv[1];

  621.     uv[1] = t;

  622.     t = 0;

  623. 

  624.     MULADD128(mc[0], ((digit_t *)p751p1)[10], uv, carry, uv);

  625.     t += carry;

  626.     MULADD128(mc[1], ((digit_t *)p751p1)[9], uv, carry, uv);

  627.     t += carry;

  628.     MULADD128(mc[2], ((digit_t *)p751p1)[8], uv, carry, uv);

  629.     t += carry;

  630.     MULADD128(mc[3], ((digit_t *)p751p1)[7], uv, carry, uv);

  631.     t += carry;

  632.     MULADD128(mc[4], ((digit_t *)p751p1)[6], uv, carry, uv);

  633.     t += carry;

  634.     MULADD128(mc[5], ((digit_t *)p751p1)[5], uv, carry, uv);

  635.     t += carry;

  636.     ADDC(0, uv[0], ma[10], carry, uv[0]);

  637.     ADDC(carry, uv[1], 0, carry, uv[1]);

  638.     t += carry;

  639.     mc[10] = uv[0];

  640.     uv[0] = uv[1];

  641.     uv[1] = t;

  642.     t = 0;

  643. 

  644.     MULADD128(mc[0], ((digit_t *)p751p1)[11], uv, carry, uv);

  645.     t += carry;

  646.     MULADD128(mc[1], ((digit_t *)p751p1)[10], uv, carry, uv);

  647.     t += carry;

  648.     MULADD128(mc[2], ((digit_t *)p751p1)[9], uv, carry, uv);

  649.     t += carry;

  650.     MULADD128(mc[3], ((digit_t *)p751p1)[8], uv, carry, uv);

  651.     t += carry;

  652.     MULADD128(mc[4], ((digit_t *)p751p1)[7], uv, carry, uv);

  653.     t += carry;

  654.     MULADD128(mc[5], ((digit_t *)p751p1)[6], uv, carry, uv);

  655.     t += carry;

  656.     MULADD128(mc[6], ((digit_t *)p751p1)[5], uv, carry, uv);

  657.     t += carry;

  658.     ADDC(0, uv[0], ma[11], carry, uv[0]);

  659.     ADDC(carry, uv[1], 0, carry, uv[1]);

  660.     t += carry;

  661.     mc[11] = uv[0];

  662.     uv[0] = uv[1];

  663.     uv[1] = t;

  664.     t = 0;

  665. 

  666.     MULADD128(mc[1], ((digit_t *)p751p1)[11], uv, carry, uv);

  667.     t += carry;

  668.     MULADD128(mc[2], ((digit_t *)p751p1)[10], uv, carry, uv);

  669.     t += carry;

  670.     MULADD128(mc[3], ((digit_t *)p751p1)[9], uv, carry, uv);

  671.     t += carry;

  672.     MULADD128(mc[4], ((digit_t *)p751p1)[8], uv, carry, uv);

  673.     t += carry;

  674.     MULADD128(mc[5], ((digit_t *)p751p1)[7], uv, carry, uv);

  675.     t += carry;

  676.     MULADD128(mc[6], ((digit_t *)p751p1)[6], uv, carry, uv);

  677.     t += carry;

  678.     MULADD128(mc[7], ((digit_t *)p751p1)[5], uv, carry, uv);

  679.     t += carry;

  680.     ADDC(0, uv[0], ma[12], carry, uv[0]);

  681.     ADDC(carry, uv[1], 0, carry, uv[1]);

  682.     t += carry;

  683.     mc[0] = uv[0];

  684.     uv[0] = uv[1];

  685.     uv[1] = t;

  686.     t = 0;

  687. 

  688.     MULADD128(mc[2], ((digit_t *)p751p1)[11], uv, carry, uv);

  689.     t += carry;

  690.     MULADD128(mc[3], ((digit_t *)p751p1)[10], uv, carry, uv);

  691.     t += carry;

  692.     MULADD128(mc[4], ((digit_t *)p751p1)[9], uv, carry, uv);

  693.     t += carry;

  694.     MULADD128(mc[5], ((digit_t *)p751p1)[8], uv, carry, uv);

  695.     t += carry;

  696.     MULADD128(mc[6], ((digit_t *)p751p1)[7], uv, carry, uv);

  697.     t += carry;

  698.     MULADD128(mc[7], ((digit_t *)p751p1)[6], uv, carry, uv);

  699.     t += carry;

  700.     MULADD128(mc[8], ((digit_t *)p751p1)[5], uv, carry, uv);

  701.     t += carry;

  702.     ADDC(0, uv[0], ma[13], carry, uv[0]);

  703.     ADDC(carry, uv[1], 0, carry, uv[1]);

  704.     t += carry;

  705.     mc[1] = uv[0];

  706.     uv[0] = uv[1];

  707.     uv[1] = t;

  708.     t = 0;

  709. 

  710.     MULADD128(mc[3], ((digit_t *)p751p1)[11], uv, carry, uv);

  711.     t += carry;

  712.     MULADD128(mc[4], ((digit_t *)p751p1)[10], uv, carry, uv);

  713.     t += carry;

  714.     MULADD128(mc[5], ((digit_t *)p751p1)[9], uv, carry, uv);

  715.     t += carry;

  716.     MULADD128(mc[6], ((digit_t *)p751p1)[8], uv, carry, uv);

  717.     t += carry;

  718.     MULADD128(mc[7], ((digit_t *)p751p1)[7], uv, carry, uv);

  719.     t += carry;

  720.     MULADD128(mc[8], ((digit_t *)p751p1)[6], uv, carry, uv);

  721.     t += carry;

  722.     MULADD128(mc[9], ((digit_t *)p751p1)[5], uv, carry, uv);

  723.     t += carry;

  724.     ADDC(0, uv[0], ma[14], carry, uv[0]);

  725.     ADDC(carry, uv[1], 0, carry, uv[1]);

  726.     t += carry;

  727.     mc[2] = uv[0];

  728.     uv[0] = uv[1];

  729.     uv[1] = t;

  730.     t = 0;

  731. 

  732.     MULADD128(mc[4], ((digit_t *)p751p1)[11], uv, carry, uv);

  733.     t += carry;

  734.     MULADD128(mc[5], ((digit_t *)p751p1)[10], uv, carry, uv);

  735.     t += carry;

  736.     MULADD128(mc[6], ((digit_t *)p751p1)[9], uv, carry, uv);

  737.     t += carry;

  738.     MULADD128(mc[7], ((digit_t *)p751p1)[8], uv, carry, uv);

  739.     t += carry;

  740.     MULADD128(mc[8], ((digit_t *)p751p1)[7], uv, carry, uv);

  741.     t += carry;

  742.     MULADD128(mc[9], ((digit_t *)p751p1)[6], uv, carry, uv);

  743.     t += carry;

  744.     MULADD128(mc[10], ((digit_t *)p751p1)[5], uv, carry, uv);

  745.     t += carry;

  746.     ADDC(0, uv[0], ma[15], carry, uv[0]);

  747.     ADDC(carry, uv[1], 0, carry, uv[1]);

  748.     t += carry;

  749.     mc[3] = uv[0];

  750.     uv[0] = uv[1];

  751.     uv[1] = t;

  752.     t = 0;

  753. 

  754.     MULADD128(mc[5], ((digit_t *)p751p1)[11], uv, carry, uv);

  755.     t += carry;

  756.     MULADD128(mc[6], ((digit_t *)p751p1)[10], uv, carry, uv);

  757.     t += carry;

  758.     MULADD128(mc[7], ((digit_t *)p751p1)[9], uv, carry, uv);

  759.     t += carry;

  760.     MULADD128(mc[8], ((digit_t *)p751p1)[8], uv, carry, uv);

  761.     t += carry;

  762.     MULADD128(mc[9], ((digit_t *)p751p1)[7], uv, carry, uv);

  763.     t += carry;

  764.     MULADD128(mc[10], ((digit_t *)p751p1)[6], uv, carry, uv);

  765.     t += carry;

  766.     MULADD128(mc[11], ((digit_t *)p751p1)[5], uv, carry, uv);

  767.     t += carry;

  768.     ADDC(0, uv[0], ma[16], carry, uv[0]);

  769.     ADDC(carry, uv[1], 0, carry, uv[1]);

  770.     t += carry;

  771.     mc[4] = uv[0];

  772.     uv[0] = uv[1];

  773.     uv[1] = t;

  774.     t = 0;

  775. 

  776.     MULADD128(mc[6], ((digit_t *)p751p1)[11], uv, carry, uv);

  777.     t += carry;

  778.     MULADD128(mc[7], ((digit_t *)p751p1)[10], uv, carry, uv);

  779.     t += carry;

  780.     MULADD128(mc[8], ((digit_t *)p751p1)[9], uv, carry, uv);

  781.     t += carry;

  782.     MULADD128(mc[9], ((digit_t *)p751p1)[8], uv, carry, uv);

  783.     t += carry;

  784.     MULADD128(mc[10], ((digit_t *)p751p1)[7], uv, carry, uv);

  785.     t += carry;

  786.     MULADD128(mc[11], ((digit_t *)p751p1)[6], uv, carry, uv);

  787.     t += carry;

  788.     ADDC(0, uv[0], ma[17], carry, uv[0]);

  789.     ADDC(carry, uv[1], 0, carry, uv[1]);

  790.     t += carry;

  791.     mc[5] = uv[0];

  792.     uv[0] = uv[1];

  793.     uv[1] = t;

  794.     t = 0;

  795. 

  796.     MULADD128(mc[7], ((digit_t *)p751p1)[11], uv, carry, uv);

  797.     t += carry;

  798.     MULADD128(mc[8], ((digit_t *)p751p1)[10], uv, carry, uv);

  799.     t += carry;

  800.     MULADD128(mc[9], ((digit_t *)p751p1)[9], uv, carry, uv);

  801.     t += carry;

  802.     MULADD128(mc[10], ((digit_t *)p751p1)[8], uv, carry, uv);

  803.     t += carry;

  804.     MULADD128(mc[11], ((digit_t *)p751p1)[7], uv, carry, uv);

  805.     t += carry;

  806.     ADDC(0, uv[0], ma[18], carry, uv[0]);

  807.     ADDC(carry, uv[1], 0, carry, uv[1]);

  808.     t += carry;

  809.     mc[6] = uv[0];

  810.     uv[0] = uv[1];

  811.     uv[1] = t;

  812.     t = 0;

  813. 

  814.     MULADD128(mc[8], ((digit_t *)p751p1)[11], uv, carry, uv);

  815.     t += carry;

  816.     MULADD128(mc[9], ((digit_t *)p751p1)[10], uv, carry, uv);

  817.     t += carry;

  818.     MULADD128(mc[10], ((digit_t *)p751p1)[9], uv, carry, uv);

  819.     t += carry;

  820.     MULADD128(mc[11], ((digit_t *)p751p1)[8], uv, carry, uv);

  821.     t += carry;

  822.     ADDC(0, uv[0], ma[19], carry, uv[0]);

  823.     ADDC(carry, uv[1], 0, carry, uv[1]);

  824.     t += carry;

  825.     mc[7] = uv[0];

  826.     uv[0] = uv[1];

  827.     uv[1] = t;

  828.     t = 0;

  829. 

  830.     MULADD128(mc[9], ((digit_t *)p751p1)[11], uv, carry, uv);

  831.     t += carry;

  832.     MULADD128(mc[10], ((digit_t *)p751p1)[10], uv, carry, uv);

  833.     t += carry;

  834.     MULADD128(mc[11], ((digit_t *)p751p1)[9], uv, carry, uv);

  835.     t += carry;

  836.     ADDC(0, uv[0], ma[20], carry, uv[0]);

  837.     ADDC(carry, uv[1], 0, carry, uv[1]);

  838.     t += carry;

  839.     mc[8] = uv[0];

  840.     uv[0] = uv[1];

  841.     uv[1] = t;

  842.     t = 0;

  843. 

  844.     MULADD128(mc[10], ((digit_t *)p751p1)[11], uv, carry, uv);

  845.     t += carry;

  846.     MULADD128(mc[11], ((digit_t *)p751p1)[10], uv, carry, uv);

  847.     t += carry;

  848.     ADDC(0, uv[0], ma[21], carry, uv[0]);

  849.     ADDC(carry, uv[1], 0, carry, uv[1]);

  850.     t += carry;

  851.     mc[9] = uv[0];

  852.     uv[0] = uv[1];

  853.     uv[1] = t;

  854.     t = 0;

  855. 

  856.     MULADD128(mc[11], ((digit_t *)p751p1)[11], uv, carry, uv);

  857.     t += carry;

  858.     ADDC(0, uv[0], ma[22], carry, mc[10]);

  859.     ADDC(carry, uv[1], 0, carry, uv[1]);

  860.     ADDC(0, uv[1], ma[23], carry, mc[11]);

  861. 

  862. #elif (OS_TARGET == OS_LINUX)

  863. 

  864.     rdc751_asm(ma, mc);

  865. 

  866. #endif

  867. }