public static uint MulWordDwordAdd(uint x, ulong y, uint[] z, int zOff)
{
Debug.Assert(zOff <= 5);
ulong c = 0, xVal = x;
c += xVal * y + z[zOff + 0];
z[zOff + 0] = (uint)c;
c >>= 32;
c += xVal * (y >> 32) + z[zOff + 1];
z[zOff + 1] = (uint)c;
c >>= 32;
c += z[zOff + 2];
z[zOff + 2] = (uint)c;
c >>= 32;
return(c == 0 ? 0 : Nat.IncAt(8, z, zOff, 3));
}
public static uint Mul33WordAdd(uint x, uint y, uint[] z, int zOff)
{
Debug.Assert(x >> 31 == 0);
Debug.Assert(zOff <= 4);
ulong c = 0, yVal = y;
c += yVal * x + z[zOff + 0];
z[zOff + 0] = (uint)c;
c >>= 32;
c += yVal + z[zOff + 1];
z[zOff + 1] = (uint)c;
c >>= 32;
c += z[zOff + 2];
z[zOff + 2] = (uint)c;
c >>= 32;
return(c == 0 ? 0 : Nat.IncAt(7, z, zOff, 3));
}
private static void AddPInvTo(uint[] z)
{
long num = z[0] + 1L;
z[0] = (uint)num;
num = num >> 0x20;
if (num != 0L)
{
num += z[1];
z[1] = (uint)num;
num = num >> 0x20;
}
num = ((long)((ulong)num)) + (z[2] + 1L);
z[2] = (uint)num;
num = num >> 0x20;
if (num != 0L)
{
Nat.IncAt(6, z, 3);
}
}
private static void AddPInvTo(uint[] z)
{
long c = (long)z[0] + 1;
z[0] = (uint)c;
c >>= 32;
if (c != 0)
{
c += (long)z[1];
z[1] = (uint)c;
c >>= 32;
}
c += (long)z[2] + 1;
z[2] = (uint)c;
c >>= 32;
if (c != 0)
{
Nat.IncAt(6, z, 3);
}
}
private static void AddPInvTo(uint[] z)
{
long num = (long)z[0] + 1L;
z[0] = (uint)num;
num >>= 32;
if (num != 0)
{
num += z[1];
z[1] = (uint)num;
num >>= 32;
}
num += (long)z[2] + 1L;
z[2] = (uint)num;
num >>= 32;
if (num != 0)
{
Nat.IncAt(6, z, 3);
}
}
private static int SubPExtFrom(uint[] zz)
{
long num = (long)((ulong)zz[0] - (ulong)Curve25519Field.PExt[0]);
zz[0] = (uint)num;
num >>= 32;
if (num != 0L)
{
num = (long)Nat.DecAt(8, zz, 1);
}
num += (long)((ulong)zz[8] + 19uL);
zz[8] = (uint)num;
num >>= 32;
if (num != 0L)
{
num = (long)((ulong)Nat.IncAt(15, zz, 9));
}
num += (long)((ulong)zz[15] - (ulong)(Curve25519Field.PExt[15] + 1u));
zz[15] = (uint)num;
num >>= 32;
return((int)num);
}
private static uint AddPExtTo(uint[] zz)
{
long num = (long)((ulong)zz[0] + (ulong)Curve25519Field.PExt[0]);
zz[0] = (uint)num;
num >>= 32;
if (num != 0L)
{
num = (long)((ulong)Nat.IncAt(8, zz, 1));
}
num += (long)((ulong)zz[8] - 19uL);
zz[8] = (uint)num;
num >>= 32;
if (num != 0L)
{
num = (long)Nat.DecAt(15, zz, 9);
}
num += (long)((ulong)zz[15] + (ulong)(Curve25519Field.PExt[15] + 1u));
zz[15] = (uint)num;
num >>= 32;
return((uint)num);
}
private static uint AddPExtTo(uint[] zz)
{
long num = zz[0] + PExt[0];
zz[0] = (uint)num;
num = num >> 0x20;
if (num != 0L)
{
num = Nat.IncAt(8, zz, 1);
}
num = ((long)((ulong)num)) + (zz[8] - 0x13L);
zz[8] = (uint)num;
num = num >> 0x20;
if (num != 0L)
{
num = Nat.DecAt(15, zz, 9);
}
num = (long)(((ulong)num) + (zz[15] + (PExt[15] + 1)));
zz[15] = (uint)num;
num = num >> 0x20;
return((uint)num);
}
private static int SubPExtFrom(uint[] zz)
{
long c = (long)zz[0] - PExt[0];
zz[0] = (uint)c;
c >>= 32;
if (c != 0)
{
c = Nat.DecAt(8, zz, 1);
}
c += (long)zz[8] + PInv;
zz[8] = (uint)c;
c >>= 32;
if (c != 0)
{
c = Nat.IncAt(15, zz, 9);
}
c += (long)zz[15] - (PExt[15] + 1);
zz[15] = (uint)c;
c >>= 32;
return((int)c);
}
private static int SubPExtFrom(uint[] zz)
{
long num = (long)zz[0] - (long)PExt[0];
zz[0] = (uint)num;
num >>= 32;
if (num != 0)
{
num = Nat.DecAt(8, zz, 1);
}
num += (long)zz[8] + 19L;
zz[8] = (uint)num;
num >>= 32;
if (num != 0)
{
num = Nat.IncAt(15, zz, 9);
}
num += (long)zz[15] - (long)(PExt[15] + 1);
zz[15] = (uint)num;
num >>= 32;
return((int)num);
}
private static uint AddPExtTo(uint[] zz)
{
long c = (long)zz[0] + PExt[0];
zz[0] = (uint)c;
c >>= 32;
if (c != 0)
{
c = Nat.IncAt(8, zz, 1);
}
c += (long)zz[8] - PInv;
zz[8] = (uint)c;
c >>= 32;
if (c != 0)
{
c = Nat.DecAt(15, zz, 9);
}
c += (long)zz[15] + (PExt[15] + 1);
zz[15] = (uint)c;
c >>= 32;
return((uint)c);
}
private static uint AddPExtTo(uint[] zz)
{
long num = (long)zz[0] + (long)PExt[0];
zz[0] = (uint)num;
num >>= 32;
if (num != 0)
{
num = Nat.IncAt(8, zz, 1);
}
num += (long)zz[8] - 19L;
zz[8] = (uint)num;
num >>= 32;
if (num != 0)
{
num = Nat.DecAt(15, zz, 9);
}
num += (long)zz[15] + (long)(PExt[15] + 1);
zz[15] = (uint)num;
num >>= 32;
return((uint)num);
}
private static int SubPExtFrom(uint[] zz)
{
long num = zz[0] - PExt[0];
zz[0] = (uint)num;
num = num >> 0x20;
if (num != 0L)
{
num = Nat.DecAt(8, zz, 1);
}
num = ((long)((ulong)num)) + (zz[8] + 0x13L);
zz[8] = (uint)num;
num = num >> 0x20;
if (num != 0L)
{
num = Nat.IncAt(15, zz, 9);
}
num = (long)(((ulong)num) + (zz[15] - (PExt[15] + 1)));
zz[15] = (uint)num;
num = num >> 0x20;
return((int)num);
}
private static void AddPInvTo(uint[] z)
{
long num = (long)((ulong)z[0] - 1uL);
z[0] = (uint)num;
num >>= 32;
if (num != 0L)
{
num += (long)((ulong)z[1]);
z[1] = (uint)num;
num >>= 32;
num += (long)((ulong)z[2]);
z[2] = (uint)num;
num >>= 32;
}
num += (long)((ulong)z[3] + 1uL);
z[3] = (uint)num;
num >>= 32;
if (num != 0L)
{
Nat.IncAt(7, z, 4);
}
}
public static uint Mul33DWordAdd(uint x, ulong y, uint[] z, int zOff)
{
Debug.Assert(x >> 31 == 0);
Debug.Assert(zOff <= 3);
ulong c = 0, xVal = x;
ulong y00 = y & M;
c += xVal * y00 + z[zOff + 0];
z[zOff + 0] = (uint)c;
c >>= 32;
ulong y01 = y >> 32;
c += xVal * y01 + y00 + z[zOff + 1];
z[zOff + 1] = (uint)c;
c >>= 32;
c += y01 + z[zOff + 2];
z[zOff + 2] = (uint)c;
c >>= 32;
c += z[zOff + 3];
z[zOff + 3] = (uint)c;
c >>= 32;
return(c == 0 ? 0 : Nat.IncAt(7, z, zOff, 4));
}
public static void Reduce32(uint x, uint[] z)
{
ulong num = 0uL;
if (x != 0u)
{
num += (ulong)z[0] + (ulong)x;
z[0] = (uint)num;
num >>= 32;
if (num != 0uL)
{
num += (ulong)z[1];
z[1] = (uint)num;
num >>= 32;
}
num += (ulong)z[2] + (ulong)x;
z[2] = (uint)num;
num >>= 32;
}
if ((num != 0uL && Nat.IncAt(6, z, 3) != 0u) || (z[5] == 4294967295u && Nat192.Gte(z, SecP192R1Field.P)))
{
SecP192R1Field.AddPInvTo(z);
}
}
public static void Reduce32(uint x, uint[] z)
{
long cc = 0;
if (x != 0)
{
long xx12 = x;
cc += (long)z[0] + xx12;
z[0] = (uint)cc;
cc >>= 32;
cc += (long)z[1] - xx12;
z[1] = (uint)cc;
cc >>= 32;
if (cc != 0)
{
cc += (long)z[2];
z[2] = (uint)cc;
cc >>= 32;
}
cc += (long)z[3] + xx12;
z[3] = (uint)cc;
cc >>= 32;
cc += (long)z[4] + xx12;
z[4] = (uint)cc;
cc >>= 32;
Debug.Assert(cc == 0 || cc == 1);
}
if ((cc != 0 && Nat.IncAt(12, z, 5) != 0) ||
(z[11] == P11 && Nat.Gte(12, z, P)))
{
AddPInvTo(z);
}
}
public static void Reduce32(uint x, uint[] z)
{
ulong num = 0L;
if (x != 0)
{
num += z[0] + x;
z[0] = (uint)num;
num = num >> 0x20;
if (num != 0L)
{
num += z[1];
z[1] = (uint)num;
num = num >> 0x20;
}
num += z[2] + x;
z[2] = (uint)num;
num = num >> 0x20;
}
if (((num != 0L) && (Nat.IncAt(6, z, 3) != 0)) || ((z[5] == uint.MaxValue) && Nat192.Gte(z, P)))
{
AddPInvTo(z);
}
}
public static void Reduce32(uint x, uint[] z)
{
ulong num = 0uL;
if (x != 0)
{
num += (ulong)((long)z[0] + (long)x);
z[0] = (uint)num;
num >>= 32;
if (num != 0)
{
num += z[1];
z[1] = (uint)num;
num >>= 32;
}
num += (ulong)((long)z[2] + (long)x);
z[2] = (uint)num;
num >>= 32;
}
if ((num != 0 && Nat.IncAt(6, z, 3) != 0) || (z[5] == 4294967295u && Nat192.Gte(z, P)))
{
AddPInvTo(z);
}
}
public static void Reduce(uint[] xx, uint[] z)
{
ulong xx06 = xx[6], xx07 = xx[7], xx08 = xx[8];
ulong xx09 = xx[9], xx10 = xx[10], xx11 = xx[11];
ulong t0 = xx06 + xx10;
ulong t1 = xx07 + xx11;
ulong cc = 0;
cc += (ulong)xx[0] + t0;
uint z0 = (uint)cc;
cc >>= 32;
cc += (ulong)xx[1] + t1;
z[1] = (uint)cc;
cc >>= 32;
t0 += xx08;
t1 += xx09;
cc += (ulong)xx[2] + t0;
ulong z2 = (uint)cc;
cc >>= 32;
cc += (ulong)xx[3] + t1;
z[3] = (uint)cc;
cc >>= 32;
t0 -= xx06;
t1 -= xx07;
cc += (ulong)xx[4] + t0;
z[4] = (uint)cc;
cc >>= 32;
cc += (ulong)xx[5] + t1;
z[5] = (uint)cc;
cc >>= 32;
z2 += cc;
cc += z0;
z[0] = (uint)cc;
cc >>= 32;
if (cc != 0)
{
cc += z[1];
z[1] = (uint)cc;
z2 += cc >> 32;
}
z[2] = (uint)z2;
cc = z2 >> 32;
Debug.Assert(cc == 0 || cc == 1);
if ((cc != 0 && Nat.IncAt(6, z, 3) != 0) ||
(z[5] == P5 && Nat192.Gte(z, P)))
{
AddPInvTo(z);
}
}
public static void Reduce(uint[] xx, uint[] z)
{
long xx10 = xx[10], xx11 = xx[11], xx12 = xx[12], xx13 = xx[13];
const long n = 1;
long t0 = (long)xx[7] + xx11 - n;
long t1 = (long)xx[8] + xx12;
long t2 = (long)xx[9] + xx13;
long cc = 0;
cc += (long)xx[0] - t0;
long z0 = (uint)cc;
cc >>= 32;
cc += (long)xx[1] - t1;
z[1] = (uint)cc;
cc >>= 32;
cc += (long)xx[2] - t2;
z[2] = (uint)cc;
cc >>= 32;
cc += (long)xx[3] + t0 - xx10;
long z3 = (uint)cc;
cc >>= 32;
cc += (long)xx[4] + t1 - xx11;
z[4] = (uint)cc;
cc >>= 32;
cc += (long)xx[5] + t2 - xx12;
z[5] = (uint)cc;
cc >>= 32;
cc += (long)xx[6] + xx10 - xx13;
z[6] = (uint)cc;
cc >>= 32;
cc += n;
Debug.Assert(cc >= 0);
z3 += cc;
z0 -= cc;
z[0] = (uint)z0;
cc = z0 >> 32;
if (cc != 0)
{
cc += (long)z[1];
z[1] = (uint)cc;
cc >>= 32;
cc += (long)z[2];
z[2] = (uint)cc;
z3 += cc >> 32;
}
z[3] = (uint)z3;
cc = z3 >> 32;
Debug.Assert(cc == 0 || cc == 1);
if ((cc != 0 && Nat.IncAt(7, z, 4) != 0) ||
(z[6] == P6 && Nat224.Gte(z, P)))
{
AddPInvTo(z);
}
}
