-rw-r--r-- 8733 libntruprime-20241008/crypto_decode/953x2115/int16/decode.c raw
/* auto-generated; do not edit */ #include "crypto_decode.h" #include "crypto_int16.h" #include "crypto_int32.h" #define int16 crypto_int16 #define int32 crypto_int32 static int16 mullo(int16 x,int16 y) { return x*y; } static int16 mulhi(int16 x,int16 y) { return (x*(int32)y)>>16; } void crypto_decode(void *v,const unsigned char *s) { int16 *R = v; long long i; int16 a0,a1,ri,lo,s0,s1; s += crypto_decode_STRBYTES; a1 = 0; a1 += *--s; /* 0...255 */ a1 -= 124; /* -124...131 */ a1 -= 124; /* -248...7 */ a1 += crypto_int16_negative_mask(a1)&124; /* -124...123 */ a1 += crypto_int16_negative_mask(a1)&124; /* 0...123 */ R[0] = a1; /* reconstruct mod 1*[3846]+[2107] */ ri = R[0]; s1 = *--s; s0 = *--s; lo = mullo(ri,-4362); a0 = mulhi(ri,964)-mulhi(lo,3846); /* -1923...2164 */ a0 += s1; /* -1923...2419 */ lo = mullo(a0,-4362); a0 = mulhi(a0,964)-mulhi(lo,3846); /* -1952...1958 */ a0 += s0; /* -1952...2213 */ a0 += crypto_int16_negative_mask(a0)&3846; /* 0...3845 */ a1 = (ri<<15)+(s1<<7)+((s0-a0)>>1); a1 = mullo(a1,-16597); /* invalid inputs might need reduction mod 2107 */ a1 -= 2107; a1 += crypto_int16_negative_mask(a1)&2107; R[0] = a0; R[1] = a1; /* reconstruct mod 3*[15876]+[8694] */ ri = R[1]; s1 = *--s; s0 = *--s; lo = mullo(ri,-1057); a0 = mulhi(ri,-3716)-mulhi(lo,15876); /* -8867...7938 */ a0 += s1; /* -8867...8193 */ lo = mullo(a0,-1057); a0 = mulhi(a0,-3716)-mulhi(lo,15876); /* -8403...8440 */ a0 += s0; /* -8403...8695 */ a0 += crypto_int16_negative_mask(a0)&15876; /* 0...15875 */ a1 = (ri<<14)+(s1<<6)+((s0-a0)>>2); a1 = mullo(a1,12417); /* invalid inputs might need reduction mod 8694 */ a1 -= 8694; a1 += crypto_int16_negative_mask(a1)&8694; R[2] = a0; R[3] = a1; for (i = 0;i >= 0;--i) { ri = R[i]; s1 = *--s; s0 = *--s; lo = mullo(ri,-1057); a0 = mulhi(ri,-3716)-mulhi(lo,15876); /* -8867...7938 */ a0 += s1; /* -8867...8193 */ lo = mullo(a0,-1057); a0 = mulhi(a0,-3716)-mulhi(lo,15876); /* -8403...8440 */ a0 += s0; /* -8403...8695 */ a0 += crypto_int16_negative_mask(a0)&15876; /* 0...15875 */ a1 = (ri<<14)+(s1<<6)+((s0-a0)>>2); a1 = mullo(a1,12417); /* invalid inputs might need reduction mod 15876 */ a1 -= 15876; a1 += crypto_int16_negative_mask(a1)&15876; R[2*i] = a0; R[2*i+1] = a1; } /* reconstruct mod 7*[126]+[69] */ ri = R[3]; a0 = ri; lo = mullo(a0,-520); a0 = mulhi(a0,16)-mulhi(lo,126); /* -63...67 */ a0 += crypto_int16_negative_mask(a0)&126; /* 0...125 */ a1 = (ri-a0)>>1; a1 = mullo(a1,-4161); /* invalid inputs might need reduction mod 69 */ a1 -= 69; a1 += crypto_int16_negative_mask(a1)&69; R[6] = a0; R[7] = a1; for (i = 2;i >= 0;--i) { ri = R[i]; a0 = ri; lo = mullo(a0,-520); a0 = mulhi(a0,16)-mulhi(lo,126); /* -63...67 */ a0 += crypto_int16_negative_mask(a0)&126; /* 0...125 */ a1 = (ri-a0)>>1; a1 = mullo(a1,-4161); /* invalid inputs might need reduction mod 126 */ a1 -= 126; a1 += crypto_int16_negative_mask(a1)&126; R[2*i] = a0; R[2*i+1] = a1; } /* reconstruct mod 14*[2863]+[69] */ R[14] = R[7]; for (i = 6;i >= 0;--i) { ri = R[i]; s1 = *--s; s0 = *--s; lo = mullo(ri,-5860); a0 = mulhi(ri,36)-mulhi(lo,2863); /* -1432...1440 */ a0 += s1; /* -1432...1695 */ lo = mullo(a0,-5860); a0 = mulhi(a0,36)-mulhi(lo,2863); /* -1433...1432 */ a0 += s0; /* -1433...1687 */ a0 += crypto_int16_negative_mask(a0)&2863; /* 0...2862 */ a1 = (s1<<8)+s0-a0; a1 = mullo(a1,7119); /* invalid inputs might need reduction mod 2863 */ a1 -= 2863; a1 += crypto_int16_negative_mask(a1)&2863; R[2*i] = a0; R[2*i+1] = a1; } /* reconstruct mod 29*[856]+[5227] */ ri = R[14]; s1 = *--s; s0 = *--s; lo = mullo(ri,-19600); a0 = mulhi(ri,-384)-mulhi(lo,856); /* -524...428 */ a0 += s1; /* -524...683 */ lo = mullo(a0,-19600); a0 = mulhi(a0,-384)-mulhi(lo,856); /* -433...431 */ a0 += s0; /* -433...686 */ a0 += crypto_int16_negative_mask(a0)&856; /* 0...855 */ a1 = (ri<<13)+(s1<<5)+((s0-a0)>>3); a1 = mullo(a1,-21437); /* invalid inputs might need reduction mod 5227 */ a1 -= 5227; a1 += crypto_int16_negative_mask(a1)&5227; R[28] = a0; R[29] = a1; for (i = 13;i >= 0;--i) { ri = R[i]; s0 = *--s; lo = mullo(ri,-19600); a0 = mulhi(ri,-384)-mulhi(lo,856); /* -524...428 */ a0 += s0; /* -524...683 */ a0 += crypto_int16_negative_mask(a0)&856; /* 0...855 */ a1 = (ri<<5)+((s0-a0)>>3); a1 = mullo(a1,-21437); /* invalid inputs might need reduction mod 856 */ a1 -= 856; a1 += crypto_int16_negative_mask(a1)&856; R[2*i] = a0; R[2*i+1] = a1; } /* reconstruct mod 59*[468]+[2859] */ ri = R[29]; s0 = *--s; lo = mullo(ri,29687); a0 = mulhi(ri,-116)-mulhi(lo,468); /* -263...234 */ a0 += s0; /* -263...489 */ a0 -= 468; /* -731..>21 */ a0 += crypto_int16_negative_mask(a0)&468; /* -263...467 */ a0 += crypto_int16_negative_mask(a0)&468; /* 0...467 */ a1 = (ri<<6)+((s0-a0)>>2); a1 = mullo(a1,-12323); /* invalid inputs might need reduction mod 2859 */ a1 -= 2859; a1 += crypto_int16_negative_mask(a1)&2859; R[58] = a0; R[59] = a1; for (i = 28;i >= 0;--i) { ri = R[i]; s0 = *--s; lo = mullo(ri,29687); a0 = mulhi(ri,-116)-mulhi(lo,468); /* -263...234 */ a0 += s0; /* -263...489 */ a0 -= 468; /* -731..>21 */ a0 += crypto_int16_negative_mask(a0)&468; /* -263...467 */ a0 += crypto_int16_negative_mask(a0)&468; /* 0...467 */ a1 = (ri<<6)+((s0-a0)>>2); a1 = mullo(a1,-12323); /* invalid inputs might need reduction mod 468 */ a1 -= 468; a1 += crypto_int16_negative_mask(a1)&468; R[2*i] = a0; R[2*i+1] = a1; } /* reconstruct mod 119*[346]+[2115] */ ri = R[59]; s0 = *--s; lo = mullo(ri,17047); a0 = mulhi(ri,22)-mulhi(lo,346); /* -173...178 */ a0 += s0; /* -173...433 */ a0 -= 346; /* -519..>87 */ a0 += crypto_int16_negative_mask(a0)&346; /* -173...345 */ a0 += crypto_int16_negative_mask(a0)&346; /* 0...345 */ a1 = (ri<<7)+((s0-a0)>>1); a1 = mullo(a1,25381); /* invalid inputs might need reduction mod 2115 */ a1 -= 2115; a1 += crypto_int16_negative_mask(a1)&2115; R[118] = a0; R[119] = a1; for (i = 58;i >= 0;--i) { ri = R[i]; s0 = *--s; lo = mullo(ri,17047); a0 = mulhi(ri,22)-mulhi(lo,346); /* -173...178 */ a0 += s0; /* -173...433 */ a0 -= 346; /* -519..>87 */ a0 += crypto_int16_negative_mask(a0)&346; /* -173...345 */ a0 += crypto_int16_negative_mask(a0)&346; /* 0...345 */ a1 = (ri<<7)+((s0-a0)>>1); a1 = mullo(a1,25381); /* invalid inputs might need reduction mod 346 */ a1 -= 346; a1 += crypto_int16_negative_mask(a1)&346; R[2*i] = a0; R[2*i+1] = a1; } /* reconstruct mod 238*[4761]+[2115] */ R[238] = R[119]; for (i = 118;i >= 0;--i) { ri = R[i]; s1 = *--s; s0 = *--s; lo = mullo(ri,-3524); a0 = mulhi(ri,-548)-mulhi(lo,4761); /* -2518...2380 */ a0 += s1; /* -2518...2635 */ lo = mullo(a0,-3524); a0 = mulhi(a0,-548)-mulhi(lo,4761); /* -2403...2401 */ a0 += s0; /* -2403...2656 */ a0 += crypto_int16_negative_mask(a0)&4761; /* 0...4760 */ a1 = (s1<<8)+s0-a0; a1 = mullo(a1,8617); /* invalid inputs might need reduction mod 4761 */ a1 -= 4761; a1 += crypto_int16_negative_mask(a1)&4761; R[2*i] = a0; R[2*i+1] = a1; } /* reconstruct mod 476*[69]+[2115] */ R[476] = R[238]; for (i = 237;i >= 0;--i) { ri = R[i]; a0 = ri; lo = mullo(a0,-950); a0 = mulhi(a0,-14)-mulhi(lo,69); /* -38...34 */ a0 += crypto_int16_negative_mask(a0)&69; /* 0...68 */ a1 = (ri-a0)>>0; a1 = mullo(a1,4749); /* invalid inputs might need reduction mod 69 */ a1 -= 69; a1 += crypto_int16_negative_mask(a1)&69; R[2*i] = a0; R[2*i+1] = a1; } /* reconstruct mod 953*[2115] */ R[952] = 3*R[476]-3171; for (i = 475;i >= 0;--i) { ri = R[i]; s1 = *--s; s0 = *--s; lo = mullo(ri,-7932); a0 = mulhi(ri,1036)-mulhi(lo,2115); /* -1058...1316 */ a0 += s1; /* -1058...1571 */ lo = mullo(a0,-7932); a0 = mulhi(a0,1036)-mulhi(lo,2115); /* -1075...1082 */ a0 += s0; /* -1075...1337 */ a0 += crypto_int16_negative_mask(a0)&2115; /* 0...2114 */ a1 = (s1<<8)+s0-a0; a1 = mullo(a1,-31637); /* invalid inputs might need reduction mod 2115 */ a1 -= 2115; a1 += crypto_int16_negative_mask(a1)&2115; R[2*i] = 3*a0-3171; R[2*i+1] = 3*a1-3171; } }