#include "crypto_asm_hidden.h" #define mask63 CRYPTO_SHARED_NAMESPACE(mask63) // ge25519_double .p2align 5 ASM_HIDDEN _CRYPTO_NAMESPACE(ge25519_double) .globl _CRYPTO_NAMESPACE(ge25519_double) ASM_HIDDEN CRYPTO_NAMESPACE(ge25519_double) .globl CRYPTO_NAMESPACE(ge25519_double) _CRYPTO_NAMESPACE(ge25519_double): CRYPTO_NAMESPACE(ge25519_double): movq %rsp,%r11 andq $-32,%rsp subq $288,%rsp movq %r11,0(%rsp) movq %r12,8(%rsp) movq %r13,16(%rsp) movq %r14,24(%rsp) movq %r15,32(%rsp) movq %rbx,40(%rsp) movq %rbp,48(%rsp) movq %rdi,56(%rsp) movq %rsi,%rdi /* dbl p1p1 */ // square movq 0(%rdi),%rdx mulx 8(%rdi),%r9,%r10 mulx 16(%rdi),%rcx,%r11 addq %rcx,%r10 mulx 24(%rdi),%rcx,%r12 adcq %rcx,%r11 adcq $0,%r12 movq 8(%rdi),%rdx mulx 16(%rdi),%rax,%rbx mulx 24(%rdi),%rcx,%r13 addq %rcx,%rbx adcq $0,%r13 addq %rax,%r11 adcq %rbx,%r12 adcq $0,%r13 movq 16(%rdi),%rdx mulx 24(%rdi),%rax,%r14 addq %rax,%r13 adcq $0,%r14 movq $0,%r15 shld $1,%r14,%r15 shld $1,%r13,%r14 shld $1,%r12,%r13 shld $1,%r11,%r12 shld $1,%r10,%r11 shld $1,%r9,%r10 shlq $1,%r9 movq 0(%rdi),%rdx mulx %rdx,%r8,%rax addq %rax,%r9 movq 8(%rdi),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r10 adcq %rbx,%r11 movq 16(%rdi),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r12 adcq %rbx,%r13 movq 24(%rdi),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r14 adcq %rbx,%r15 movq $38,%rdx mulx %r12,%r12,%rbx mulx %r13,%r13,%rcx addq %rbx,%r13 mulx %r14,%r14,%rbx adcq %rcx,%r14 mulx %r15,%r15,%rcx adcq %rbx,%r15 adcq $0,%rcx addq %r12,%r8 adcq %r13,%r9 adcq %r14,%r10 adcq %r15,%r11 adcq $0,%rcx shld $1,%r11,%rcx andq mask63(%rip),%r11 imul $19,%rcx,%rcx addq %rcx,%r8 adcq $0,%r9 adcq $0,%r10 adcq $0,%r11 movq %r8,64(%rsp) movq %r9,72(%rsp) movq %r10,80(%rsp) movq %r11,88(%rsp) // square movq 32(%rdi),%rdx mulx 40(%rdi),%r9,%r10 mulx 48(%rdi),%rcx,%r11 addq %rcx,%r10 mulx 56(%rdi),%rcx,%r12 adcq %rcx,%r11 adcq $0,%r12 movq 40(%rdi),%rdx mulx 48(%rdi),%rax,%rbx mulx 56(%rdi),%rcx,%r13 addq %rcx,%rbx adcq $0,%r13 addq %rax,%r11 adcq %rbx,%r12 adcq $0,%r13 movq 48(%rdi),%rdx mulx 56(%rdi),%rax,%r14 addq %rax,%r13 adcq $0,%r14 movq $0,%r15 shld $1,%r14,%r15 shld $1,%r13,%r14 shld $1,%r12,%r13 shld $1,%r11,%r12 shld $1,%r10,%r11 shld $1,%r9,%r10 shlq $1,%r9 movq 32(%rdi),%rdx mulx %rdx,%r8,%rax addq %rax,%r9 movq 40(%rdi),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r10 adcq %rbx,%r11 movq 48(%rdi),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r12 adcq %rbx,%r13 movq 56(%rdi),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r14 adcq %rbx,%r15 movq $38,%rdx mulx %r12,%r12,%rbx mulx %r13,%r13,%rcx addq %rbx,%r13 mulx %r14,%r14,%rbx adcq %rcx,%r14 mulx %r15,%r15,%rcx adcq %rbx,%r15 adcq $0,%rcx addq %r12,%r8 adcq %r13,%r9 adcq %r14,%r10 adcq %r15,%r11 adcq $0,%rcx shld $1,%r11,%rcx andq mask63(%rip),%r11 imul $19,%rcx,%rcx addq %rcx,%r8 adcq $0,%r9 adcq $0,%r10 adcq $0,%r11 movq %r8,96(%rsp) movq %r9,104(%rsp) movq %r10,112(%rsp) movq %r11,120(%rsp) // square movq 64(%rdi),%rdx mulx 72(%rdi),%r9,%r10 mulx 80(%rdi),%rcx,%r11 addq %rcx,%r10 mulx 88(%rdi),%rcx,%r12 adcq %rcx,%r11 adcq $0,%r12 movq 72(%rdi),%rdx mulx 80(%rdi),%rax,%rbx mulx 88(%rdi),%rcx,%r13 addq %rcx,%rbx adcq $0,%r13 addq %rax,%r11 adcq %rbx,%r12 adcq $0,%r13 movq 80(%rdi),%rdx mulx 88(%rdi),%rax,%r14 addq %rax,%r13 adcq $0,%r14 movq $0,%r15 shld $1,%r14,%r15 shld $1,%r13,%r14 shld $1,%r12,%r13 shld $1,%r11,%r12 shld $1,%r10,%r11 shld $1,%r9,%r10 shlq $1,%r9 movq 64(%rdi),%rdx mulx %rdx,%r8,%rax addq %rax,%r9 movq 72(%rdi),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r10 adcq %rbx,%r11 movq 80(%rdi),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r12 adcq %rbx,%r13 movq 88(%rdi),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r14 adcq %rbx,%r15 movq $38,%rdx mulx %r12,%r12,%rbx mulx %r13,%r13,%rcx addq %rbx,%r13 mulx %r14,%r14,%rbx adcq %rcx,%r14 mulx %r15,%r15,%rcx adcq %rbx,%r15 adcq $0,%rcx addq %r12,%r8 adcq %r13,%r9 adcq %r14,%r10 adcq %r15,%r11 adcq $0,%rcx shld $1,%r11,%rcx andq mask63(%rip),%r11 imul $19,%rcx,%rcx addq %rcx,%r8 adcq $0,%r9 adcq $0,%r10 adcq $0,%r11 // double addq %r8,%r8 adcq %r9,%r9 adcq %r10,%r10 adcq %r11,%r11 movq $0,%rdx movq $38,%rcx cmovae %rdx,%rcx addq %rcx,%r8 adcq %rdx,%r9 adcq %rdx,%r10 adcq %rdx,%r11 cmovc %rcx,%rdx addq %rdx,%r8 movq %r8,128(%rsp) movq %r9,136(%rsp) movq %r10,144(%rsp) movq %r11,152(%rsp) // neg movq $0,%r8 movq $0,%r9 movq $0,%r10 movq $0,%r11 subq 64(%rsp),%r8 sbbq 72(%rsp),%r9 sbbq 80(%rsp),%r10 sbbq 88(%rsp),%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r8 sbbq %rdx,%r9 sbbq %rdx,%r10 sbbq %rdx,%r11 cmovc %rax,%rdx subq %rdx,%r8 movq %r8,64(%rsp) movq %r9,72(%rsp) movq %r10,80(%rsp) movq %r11,88(%rsp) // copy movq %r8,%r12 movq %r9,%r13 movq %r10,%r14 movq %r11,%r15 // sub subq 96(%rsp),%r8 sbbq 104(%rsp),%r9 sbbq 112(%rsp),%r10 sbbq 120(%rsp),%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r8 sbbq %rdx,%r9 sbbq %rdx,%r10 sbbq %rdx,%r11 cmovc %rax,%rdx subq %rdx,%r8 movq %r8,224(%rsp) movq %r9,232(%rsp) movq %r10,240(%rsp) movq %r11,248(%rsp) // add addq 96(%rsp),%r12 adcq 104(%rsp),%r13 adcq 112(%rsp),%r14 adcq 120(%rsp),%r15 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r12 adcq %rdx,%r13 adcq %rdx,%r14 adcq %rdx,%r15 cmovc %rax,%rdx subq %rdx,%r12 movq %r12,192(%rsp) movq %r13,200(%rsp) movq %r14,208(%rsp) movq %r15,216(%rsp) // sub subq 128(%rsp),%r12 sbbq 136(%rsp),%r13 sbbq 144(%rsp),%r14 sbbq 152(%rsp),%r15 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r12 sbbq %rdx,%r13 sbbq %rdx,%r14 sbbq %rdx,%r15 cmovc %rax,%rdx subq %rdx,%r12 movq %r12,256(%rsp) movq %r13,264(%rsp) movq %r14,272(%rsp) movq %r15,280(%rsp) // add movq 0(%rdi),%r8 movq 8(%rdi),%r9 movq 16(%rdi),%r10 movq 24(%rdi),%r11 addq 32(%rdi),%r8 adcq 40(%rdi),%r9 adcq 48(%rdi),%r10 adcq 56(%rdi),%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r8 adcq %rdx,%r9 adcq %rdx,%r10 adcq %rdx,%r11 cmovc %rax,%rdx addq %rdx,%r8 movq %r8,160(%rsp) movq %r9,168(%rsp) movq %r10,176(%rsp) movq %r11,184(%rsp) // square movq 160(%rsp),%rdx mulx 168(%rsp),%r9,%r10 mulx 176(%rsp),%rcx,%r11 addq %rcx,%r10 mulx 184(%rsp),%rcx,%r12 adcq %rcx,%r11 adcq $0,%r12 movq 168(%rsp),%rdx mulx 176(%rsp),%rax,%rbx mulx 184(%rsp),%rcx,%r13 addq %rcx,%rbx adcq $0,%r13 addq %rax,%r11 adcq %rbx,%r12 adcq $0,%r13 movq 176(%rsp),%rdx mulx 184(%rsp),%rax,%r14 addq %rax,%r13 adcq $0,%r14 movq $0,%r15 shld $1,%r14,%r15 shld $1,%r13,%r14 shld $1,%r12,%r13 shld $1,%r11,%r12 shld $1,%r10,%r11 shld $1,%r9,%r10 shlq $1,%r9 movq 160(%rsp),%rdx mulx %rdx,%r8,%rax addq %rax,%r9 movq 168(%rsp),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r10 adcq %rbx,%r11 movq 176(%rsp),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r12 adcq %rbx,%r13 movq 184(%rsp),%rdx mulx %rdx,%rax,%rbx adcq %rax,%r14 adcq %rbx,%r15 movq $38,%rdx mulx %r12,%r12,%rbx mulx %r13,%r13,%rcx addq %rbx,%r13 mulx %r14,%r14,%rbx adcq %rcx,%r14 mulx %r15,%r15,%rcx adcq %rbx,%r15 adcq $0,%rcx addq %r12,%r8 adcq %r13,%r9 adcq %r14,%r10 adcq %r15,%r11 adcq $0,%rcx shld $1,%r11,%rcx andq mask63(%rip),%r11 imul $19,%rcx,%rcx addq %rcx,%r8 adcq $0,%r9 adcq $0,%r10 adcq $0,%r11 // add addq 64(%rsp),%r8 adcq 72(%rsp),%r9 adcq 80(%rsp),%r10 adcq 88(%rsp),%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r8 adcq %rdx,%r9 adcq %rdx,%r10 adcq %rdx,%r11 cmovc %rax,%rdx addq %rdx,%r8 // sub subq 96(%rsp),%r8 sbbq 104(%rsp),%r9 sbbq 112(%rsp),%r10 sbbq 120(%rsp),%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r8 sbbq %rdx,%r9 sbbq %rdx,%r10 sbbq %rdx,%r11 cmovc %rax,%rdx subq %rdx,%r8 movq %r8,160(%rsp) movq %r9,168(%rsp) movq %r10,176(%rsp) movq %r11,184(%rsp) /* p1p1 to p3 */ movq 56(%rsp),%rdi // mul movq 160(%rsp),%rdx mulx 256(%rsp),%r8,%r9 mulx 264(%rsp),%rcx,%r10 addq %rcx,%r9 mulx 272(%rsp),%rcx,%r11 adcq %rcx,%r10 mulx 280(%rsp),%rcx,%r12 adcq %rcx,%r11 adcq $0,%r12 movq 168(%rsp),%rdx mulx 256(%rsp),%rax,%rbx mulx 264(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 272(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 280(%rsp),%rcx,%r13 adcq %rcx,%rsi adcq $0,%r13 addq %rax,%r9 adcq %rbx,%r10 adcq %rbp,%r11 adcq %rsi,%r12 adcq $0,%r13 movq 176(%rsp),%rdx mulx 256(%rsp),%rax,%rbx mulx 264(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 272(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 280(%rsp),%rcx,%r14 adcq %rcx,%rsi adcq $0,%r14 addq %rax,%r10 adcq %rbx,%r11 adcq %rbp,%r12 adcq %rsi,%r13 adcq $0,%r14 movq 184(%rsp),%rdx mulx 256(%rsp),%rax,%rbx mulx 264(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 272(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 280(%rsp),%rcx,%r15 adcq %rcx,%rsi adcq $0,%r15 addq %rax,%r11 adcq %rbx,%r12 adcq %rbp,%r13 adcq %rsi,%r14 adcq $0,%r15 movq $38,%rdx mulx %r12,%r12,%rbx mulx %r13,%r13,%rcx addq %rbx,%r13 mulx %r14,%r14,%rbx adcq %rcx,%r14 mulx %r15,%r15,%rcx adcq %rbx,%r15 adcq $0,%rcx addq %r12,%r8 adcq %r13,%r9 adcq %r14,%r10 adcq %r15,%r11 adcq $0,%rcx shld $1,%r11,%rcx andq mask63(%rip),%r11 imul $19,%rcx,%rcx addq %rcx,%r8 adcq $0,%r9 adcq $0,%r10 adcq $0,%r11 movq %r8,0(%rdi) movq %r9,8(%rdi) movq %r10,16(%rdi) movq %r11,24(%rdi) // mul movq 192(%rsp),%rdx mulx 224(%rsp),%r8,%r9 mulx 232(%rsp),%rcx,%r10 addq %rcx,%r9 mulx 240(%rsp),%rcx,%r11 adcq %rcx,%r10 mulx 248(%rsp),%rcx,%r12 adcq %rcx,%r11 adcq $0,%r12 movq 200(%rsp),%rdx mulx 224(%rsp),%rax,%rbx mulx 232(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 240(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 248(%rsp),%rcx,%r13 adcq %rcx,%rsi adcq $0,%r13 addq %rax,%r9 adcq %rbx,%r10 adcq %rbp,%r11 adcq %rsi,%r12 adcq $0,%r13 movq 208(%rsp),%rdx mulx 224(%rsp),%rax,%rbx mulx 232(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 240(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 248(%rsp),%rcx,%r14 adcq %rcx,%rsi adcq $0,%r14 addq %rax,%r10 adcq %rbx,%r11 adcq %rbp,%r12 adcq %rsi,%r13 adcq $0,%r14 movq 216(%rsp),%rdx mulx 224(%rsp),%rax,%rbx mulx 232(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 240(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 248(%rsp),%rcx,%r15 adcq %rcx,%rsi adcq $0,%r15 addq %rax,%r11 adcq %rbx,%r12 adcq %rbp,%r13 adcq %rsi,%r14 adcq $0,%r15 movq $38,%rdx mulx %r12,%r12,%rbx mulx %r13,%r13,%rcx addq %rbx,%r13 mulx %r14,%r14,%rbx adcq %rcx,%r14 mulx %r15,%r15,%rcx adcq %rbx,%r15 adcq $0,%rcx addq %r12,%r8 adcq %r13,%r9 adcq %r14,%r10 adcq %r15,%r11 adcq $0,%rcx shld $1,%r11,%rcx andq mask63(%rip),%r11 imul $19,%rcx,%rcx addq %rcx,%r8 adcq $0,%r9 adcq $0,%r10 adcq $0,%r11 movq %r8,32(%rdi) movq %r9,40(%rdi) movq %r10,48(%rdi) movq %r11,56(%rdi) // mul movq 192(%rsp),%rdx mulx 256(%rsp),%r8,%r9 mulx 264(%rsp),%rcx,%r10 addq %rcx,%r9 mulx 272(%rsp),%rcx,%r11 adcq %rcx,%r10 mulx 280(%rsp),%rcx,%r12 adcq %rcx,%r11 adcq $0,%r12 movq 200(%rsp),%rdx mulx 256(%rsp),%rax,%rbx mulx 264(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 272(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 280(%rsp),%rcx,%r13 adcq %rcx,%rsi adcq $0,%r13 addq %rax,%r9 adcq %rbx,%r10 adcq %rbp,%r11 adcq %rsi,%r12 adcq $0,%r13 movq 208(%rsp),%rdx mulx 256(%rsp),%rax,%rbx mulx 264(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 272(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 280(%rsp),%rcx,%r14 adcq %rcx,%rsi adcq $0,%r14 addq %rax,%r10 adcq %rbx,%r11 adcq %rbp,%r12 adcq %rsi,%r13 adcq $0,%r14 movq 216(%rsp),%rdx mulx 256(%rsp),%rax,%rbx mulx 264(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 272(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 280(%rsp),%rcx,%r15 adcq %rcx,%rsi adcq $0,%r15 addq %rax,%r11 adcq %rbx,%r12 adcq %rbp,%r13 adcq %rsi,%r14 adcq $0,%r15 movq $38,%rdx mulx %r12,%r12,%rbx mulx %r13,%r13,%rcx addq %rbx,%r13 mulx %r14,%r14,%rbx adcq %rcx,%r14 mulx %r15,%r15,%rcx adcq %rbx,%r15 adcq $0,%rcx addq %r12,%r8 adcq %r13,%r9 adcq %r14,%r10 adcq %r15,%r11 adcq $0,%rcx shld $1,%r11,%rcx andq mask63(%rip),%r11 imul $19,%rcx,%rcx addq %rcx,%r8 adcq $0,%r9 adcq $0,%r10 adcq $0,%r11 movq %r8,64(%rdi) movq %r9,72(%rdi) movq %r10,80(%rdi) movq %r11,88(%rdi) // mul movq 160(%rsp),%rdx mulx 224(%rsp),%r8,%r9 mulx 232(%rsp),%rcx,%r10 addq %rcx,%r9 mulx 240(%rsp),%rcx,%r11 adcq %rcx,%r10 mulx 248(%rsp),%rcx,%r12 adcq %rcx,%r11 adcq $0,%r12 movq 168(%rsp),%rdx mulx 224(%rsp),%rax,%rbx mulx 232(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 240(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 248(%rsp),%rcx,%r13 adcq %rcx,%rsi adcq $0,%r13 addq %rax,%r9 adcq %rbx,%r10 adcq %rbp,%r11 adcq %rsi,%r12 adcq $0,%r13 movq 176(%rsp),%rdx mulx 224(%rsp),%rax,%rbx mulx 232(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 240(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 248(%rsp),%rcx,%r14 adcq %rcx,%rsi adcq $0,%r14 addq %rax,%r10 adcq %rbx,%r11 adcq %rbp,%r12 adcq %rsi,%r13 adcq $0,%r14 movq 184(%rsp),%rdx mulx 224(%rsp),%rax,%rbx mulx 232(%rsp),%rcx,%rbp addq %rcx,%rbx mulx 240(%rsp),%rcx,%rsi adcq %rcx,%rbp mulx 248(%rsp),%rcx,%r15 adcq %rcx,%rsi adcq $0,%r15 addq %rax,%r11 adcq %rbx,%r12 adcq %rbp,%r13 adcq %rsi,%r14 adcq $0,%r15 movq $38,%rdx mulx %r12,%r12,%rbx mulx %r13,%r13,%rcx addq %rbx,%r13 mulx %r14,%r14,%rbx adcq %rcx,%r14 mulx %r15,%r15,%rcx adcq %rbx,%r15 adcq $0,%rcx addq %r12,%r8 adcq %r13,%r9 adcq %r14,%r10 adcq %r15,%r11 adcq $0,%rcx shld $1,%r11,%rcx andq mask63(%rip),%r11 imul $19,%rcx,%rcx addq %rcx,%r8 adcq $0,%r9 adcq $0,%r10 adcq $0,%r11 movq %r8,96(%rdi) movq %r9,104(%rdi) movq %r10,112(%rdi) movq %r11,120(%rdi) movq 0(%rsp),%r11 movq 8(%rsp),%r12 movq 16(%rsp),%r13 movq 24(%rsp),%r14 movq 32(%rsp),%r15 movq 40(%rsp),%rbx movq 48(%rsp),%rbp movq %r11,%rsp ret