| /* Copyright (c) 2015, Google Inc. |
| * |
| * Permission to use, copy, modify, and/or distribute this software for any |
| * purpose with or without fee is hereby granted, provided that the above |
| * copyright notice and this permission notice appear in all copies. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
| * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
| * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
| * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ |
| |
| /* This file is adapted from crypto_scalarmult/curve25519/amd64-51/ in |
| * SUPERCOP 20141124 (http://bench.cr.yp.to/supercop.html). That code is public |
| * domain licensed but the standard ISC license is included above to keep |
| * licensing simple. */ |
| |
| #if !defined(OPENSSL_NO_ASM) |
| #if defined(__x86_64__) |
| |
| .data |
| .p2align 4 |
| |
| #if defined(__APPLE__) |
| /* OS X's C ABI prefixes functions with underscore. */ |
| #define C_ABI(x) _ ## x |
| #define HIDDEN .private_extern |
| #else |
| #define C_ABI(x) x |
| #define HIDDEN .hidden |
| #endif |
| |
| x25519_x86_64_REDMASK51: .quad 0x0007FFFFFFFFFFFF |
| x25519_x86_64_121666_213: .quad 996687872 |
| x25519_x86_64_2P0: .quad 0xFFFFFFFFFFFDA |
| x25519_x86_64_2P1234: .quad 0xFFFFFFFFFFFFE |
| x25519_x86_64_4P0: .quad 0x1FFFFFFFFFFFB4 |
| x25519_x86_64_4P1234: .quad 0x1FFFFFFFFFFFFC |
| x25519_x86_64_MU0: .quad 0xED9CE5A30A2C131B |
| x25519_x86_64_MU1: .quad 0x2106215D086329A7 |
| x25519_x86_64_MU2: .quad 0xFFFFFFFFFFFFFFEB |
| x25519_x86_64_MU3: .quad 0xFFFFFFFFFFFFFFFF |
| x25519_x86_64_MU4: .quad 0x000000000000000F |
| x25519_x86_64_ORDER0: .quad 0x5812631A5CF5D3ED |
| x25519_x86_64_ORDER1: .quad 0x14DEF9DEA2F79CD6 |
| x25519_x86_64_ORDER2: .quad 0x0000000000000000 |
| x25519_x86_64_ORDER3: .quad 0x1000000000000000 |
| x25519_x86_64_EC2D0: .quad 1859910466990425 |
| x25519_x86_64_EC2D1: .quad 932731440258426 |
| x25519_x86_64_EC2D2: .quad 1072319116312658 |
| x25519_x86_64_EC2D3: .quad 1815898335770999 |
| x25519_x86_64_EC2D4: .quad 633789495995903 |
| x25519_x86_64__38: .quad 38 |
| |
| .text |
| .p2align 5 |
| |
| .globl C_ABI(x25519_x86_64_freeze) |
| HIDDEN C_ABI(x25519_x86_64_freeze) |
| C_ABI(x25519_x86_64_freeze): |
| mov %rsp,%r11 |
| and $31,%r11 |
| add $64,%r11 |
| sub %r11,%rsp |
| movq %r11,0(%rsp) |
| movq %r12,8(%rsp) |
| movq %r13,16(%rsp) |
| movq %r14,24(%rsp) |
| movq %r15,32(%rsp) |
| movq %rbx,40(%rsp) |
| movq %rbp,48(%rsp) |
| movq 0(%rdi),%rsi |
| movq 8(%rdi),%rdx |
| movq 16(%rdi),%rcx |
| movq 24(%rdi),%r8 |
| movq 32(%rdi),%r9 |
| movq x25519_x86_64_REDMASK51(%rip),%rax |
| mov %rax,%r10 |
| sub $18,%r10 |
| mov $3,%r11 |
| ._reduceloop: |
| mov %rsi,%r12 |
| shr $51,%r12 |
| and %rax,%rsi |
| add %r12,%rdx |
| mov %rdx,%r12 |
| shr $51,%r12 |
| and %rax,%rdx |
| add %r12,%rcx |
| mov %rcx,%r12 |
| shr $51,%r12 |
| and %rax,%rcx |
| add %r12,%r8 |
| mov %r8,%r12 |
| shr $51,%r12 |
| and %rax,%r8 |
| add %r12,%r9 |
| mov %r9,%r12 |
| shr $51,%r12 |
| and %rax,%r9 |
| imulq $19,%r12,%r12 |
| add %r12,%rsi |
| sub $1,%r11 |
| ja ._reduceloop |
| mov $1,%r12 |
| cmp %r10,%rsi |
| cmovl %r11,%r12 |
| cmp %rax,%rdx |
| cmovne %r11,%r12 |
| cmp %rax,%rcx |
| cmovne %r11,%r12 |
| cmp %rax,%r8 |
| cmovne %r11,%r12 |
| cmp %rax,%r9 |
| cmovne %r11,%r12 |
| neg %r12 |
| and %r12,%rax |
| and %r12,%r10 |
| sub %r10,%rsi |
| sub %rax,%rdx |
| sub %rax,%rcx |
| sub %rax,%r8 |
| sub %rax,%r9 |
| movq %rsi,0(%rdi) |
| movq %rdx,8(%rdi) |
| movq %rcx,16(%rdi) |
| movq %r8,24(%rdi) |
| movq %r9,32(%rdi) |
| movq 0(%rsp),%r11 |
| movq 8(%rsp),%r12 |
| movq 16(%rsp),%r13 |
| movq 24(%rsp),%r14 |
| movq 32(%rsp),%r15 |
| movq 40(%rsp),%rbx |
| movq 48(%rsp),%rbp |
| add %r11,%rsp |
| mov %rdi,%rax |
| mov %rsi,%rdx |
| ret |
| |
| .p2align 5 |
| .globl C_ABI(x25519_x86_64_mul) |
| HIDDEN C_ABI(x25519_x86_64_mul) |
| C_ABI(x25519_x86_64_mul): |
| mov %rsp,%r11 |
| and $31,%r11 |
| add $96,%r11 |
| sub %r11,%rsp |
| movq %r11,0(%rsp) |
| movq %r12,8(%rsp) |
| movq %r13,16(%rsp) |
| movq %r14,24(%rsp) |
| movq %r15,32(%rsp) |
| movq %rbx,40(%rsp) |
| movq %rbp,48(%rsp) |
| movq %rdi,56(%rsp) |
| mov %rdx,%rcx |
| movq 24(%rsi),%rdx |
| imulq $19,%rdx,%rax |
| movq %rax,64(%rsp) |
| mulq 16(%rcx) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 32(%rsi),%rdx |
| imulq $19,%rdx,%rax |
| movq %rax,72(%rsp) |
| mulq 8(%rcx) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 0(%rsi),%rax |
| mulq 0(%rcx) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 0(%rsi),%rax |
| mulq 8(%rcx) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 0(%rsi),%rax |
| mulq 16(%rcx) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 0(%rsi),%rax |
| mulq 24(%rcx) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 0(%rsi),%rax |
| mulq 32(%rcx) |
| mov %rax,%rbx |
| mov %rdx,%rbp |
| movq 8(%rsi),%rax |
| mulq 0(%rcx) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 8(%rsi),%rax |
| mulq 8(%rcx) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 8(%rsi),%rax |
| mulq 16(%rcx) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 8(%rsi),%rax |
| mulq 24(%rcx) |
| add %rax,%rbx |
| adc %rdx,%rbp |
| movq 8(%rsi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 32(%rcx) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 16(%rsi),%rax |
| mulq 0(%rcx) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 16(%rsi),%rax |
| mulq 8(%rcx) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 16(%rsi),%rax |
| mulq 16(%rcx) |
| add %rax,%rbx |
| adc %rdx,%rbp |
| movq 16(%rsi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 24(%rcx) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 16(%rsi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 32(%rcx) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 24(%rsi),%rax |
| mulq 0(%rcx) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 24(%rsi),%rax |
| mulq 8(%rcx) |
| add %rax,%rbx |
| adc %rdx,%rbp |
| movq 64(%rsp),%rax |
| mulq 24(%rcx) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 64(%rsp),%rax |
| mulq 32(%rcx) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 32(%rsi),%rax |
| mulq 0(%rcx) |
| add %rax,%rbx |
| adc %rdx,%rbp |
| movq 72(%rsp),%rax |
| mulq 16(%rcx) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 72(%rsp),%rax |
| mulq 24(%rcx) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 72(%rsp),%rax |
| mulq 32(%rcx) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq x25519_x86_64_REDMASK51(%rip),%rsi |
| shld $13,%r8,%r9 |
| and %rsi,%r8 |
| shld $13,%r10,%r11 |
| and %rsi,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rsi,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rsi,%r14 |
| add %r13,%r14 |
| shld $13,%rbx,%rbp |
| and %rsi,%rbx |
| add %r15,%rbx |
| imulq $19,%rbp,%rdx |
| add %rdx,%r8 |
| mov %r8,%rdx |
| shr $51,%rdx |
| add %r10,%rdx |
| mov %rdx,%rcx |
| shr $51,%rdx |
| and %rsi,%r8 |
| add %r12,%rdx |
| mov %rdx,%r9 |
| shr $51,%rdx |
| and %rsi,%rcx |
| add %r14,%rdx |
| mov %rdx,%rax |
| shr $51,%rdx |
| and %rsi,%r9 |
| add %rbx,%rdx |
| mov %rdx,%r10 |
| shr $51,%rdx |
| and %rsi,%rax |
| imulq $19,%rdx,%rdx |
| add %rdx,%r8 |
| and %rsi,%r10 |
| movq %r8,0(%rdi) |
| movq %rcx,8(%rdi) |
| movq %r9,16(%rdi) |
| movq %rax,24(%rdi) |
| movq %r10,32(%rdi) |
| movq 0(%rsp),%r11 |
| movq 8(%rsp),%r12 |
| movq 16(%rsp),%r13 |
| movq 24(%rsp),%r14 |
| movq 32(%rsp),%r15 |
| movq 40(%rsp),%rbx |
| movq 48(%rsp),%rbp |
| add %r11,%rsp |
| mov %rdi,%rax |
| mov %rsi,%rdx |
| ret |
| |
| .p2align 5 |
| .globl C_ABI(x25519_x86_64_square) |
| HIDDEN C_ABI(x25519_x86_64_square) |
| C_ABI(x25519_x86_64_square): |
| mov %rsp,%r11 |
| and $31,%r11 |
| add $64,%r11 |
| sub %r11,%rsp |
| movq %r11,0(%rsp) |
| movq %r12,8(%rsp) |
| movq %r13,16(%rsp) |
| movq %r14,24(%rsp) |
| movq %r15,32(%rsp) |
| movq %rbx,40(%rsp) |
| movq %rbp,48(%rsp) |
| movq 0(%rsi),%rax |
| mulq 0(%rsi) |
| mov %rax,%rcx |
| mov %rdx,%r8 |
| movq 0(%rsi),%rax |
| shl $1,%rax |
| mulq 8(%rsi) |
| mov %rax,%r9 |
| mov %rdx,%r10 |
| movq 0(%rsi),%rax |
| shl $1,%rax |
| mulq 16(%rsi) |
| mov %rax,%r11 |
| mov %rdx,%r12 |
| movq 0(%rsi),%rax |
| shl $1,%rax |
| mulq 24(%rsi) |
| mov %rax,%r13 |
| mov %rdx,%r14 |
| movq 0(%rsi),%rax |
| shl $1,%rax |
| mulq 32(%rsi) |
| mov %rax,%r15 |
| mov %rdx,%rbx |
| movq 8(%rsi),%rax |
| mulq 8(%rsi) |
| add %rax,%r11 |
| adc %rdx,%r12 |
| movq 8(%rsi),%rax |
| shl $1,%rax |
| mulq 16(%rsi) |
| add %rax,%r13 |
| adc %rdx,%r14 |
| movq 8(%rsi),%rax |
| shl $1,%rax |
| mulq 24(%rsi) |
| add %rax,%r15 |
| adc %rdx,%rbx |
| movq 8(%rsi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 32(%rsi) |
| add %rax,%rcx |
| adc %rdx,%r8 |
| movq 16(%rsi),%rax |
| mulq 16(%rsi) |
| add %rax,%r15 |
| adc %rdx,%rbx |
| movq 16(%rsi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 24(%rsi) |
| add %rax,%rcx |
| adc %rdx,%r8 |
| movq 16(%rsi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 32(%rsi) |
| add %rax,%r9 |
| adc %rdx,%r10 |
| movq 24(%rsi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 24(%rsi) |
| add %rax,%r9 |
| adc %rdx,%r10 |
| movq 24(%rsi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 32(%rsi) |
| add %rax,%r11 |
| adc %rdx,%r12 |
| movq 32(%rsi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 32(%rsi) |
| add %rax,%r13 |
| adc %rdx,%r14 |
| movq x25519_x86_64_REDMASK51(%rip),%rsi |
| shld $13,%rcx,%r8 |
| and %rsi,%rcx |
| shld $13,%r9,%r10 |
| and %rsi,%r9 |
| add %r8,%r9 |
| shld $13,%r11,%r12 |
| and %rsi,%r11 |
| add %r10,%r11 |
| shld $13,%r13,%r14 |
| and %rsi,%r13 |
| add %r12,%r13 |
| shld $13,%r15,%rbx |
| and %rsi,%r15 |
| add %r14,%r15 |
| imulq $19,%rbx,%rdx |
| add %rdx,%rcx |
| mov %rcx,%rdx |
| shr $51,%rdx |
| add %r9,%rdx |
| and %rsi,%rcx |
| mov %rdx,%r8 |
| shr $51,%rdx |
| add %r11,%rdx |
| and %rsi,%r8 |
| mov %rdx,%r9 |
| shr $51,%rdx |
| add %r13,%rdx |
| and %rsi,%r9 |
| mov %rdx,%rax |
| shr $51,%rdx |
| add %r15,%rdx |
| and %rsi,%rax |
| mov %rdx,%r10 |
| shr $51,%rdx |
| imulq $19,%rdx,%rdx |
| add %rdx,%rcx |
| and %rsi,%r10 |
| movq %rcx,0(%rdi) |
| movq %r8,8(%rdi) |
| movq %r9,16(%rdi) |
| movq %rax,24(%rdi) |
| movq %r10,32(%rdi) |
| movq 0(%rsp),%r11 |
| movq 8(%rsp),%r12 |
| movq 16(%rsp),%r13 |
| movq 24(%rsp),%r14 |
| movq 32(%rsp),%r15 |
| movq 40(%rsp),%rbx |
| movq 48(%rsp),%rbp |
| add %r11,%rsp |
| mov %rdi,%rax |
| mov %rsi,%rdx |
| ret |
| |
| .p2align 5 |
| .globl C_ABI(x25519_x86_64_ladderstep) |
| HIDDEN C_ABI(x25519_x86_64_ladderstep) |
| C_ABI(x25519_x86_64_ladderstep): |
| mov %rsp,%r11 |
| and $31,%r11 |
| add $352,%r11 |
| sub %r11,%rsp |
| movq %r11,0(%rsp) |
| movq %r12,8(%rsp) |
| movq %r13,16(%rsp) |
| movq %r14,24(%rsp) |
| movq %r15,32(%rsp) |
| movq %rbx,40(%rsp) |
| movq %rbp,48(%rsp) |
| movq 40(%rdi),%rsi |
| movq 48(%rdi),%rdx |
| movq 56(%rdi),%rcx |
| movq 64(%rdi),%r8 |
| movq 72(%rdi),%r9 |
| mov %rsi,%rax |
| mov %rdx,%r10 |
| mov %rcx,%r11 |
| mov %r8,%r12 |
| mov %r9,%r13 |
| add x25519_x86_64_2P0(%rip),%rax |
| add x25519_x86_64_2P1234(%rip),%r10 |
| add x25519_x86_64_2P1234(%rip),%r11 |
| add x25519_x86_64_2P1234(%rip),%r12 |
| add x25519_x86_64_2P1234(%rip),%r13 |
| addq 80(%rdi),%rsi |
| addq 88(%rdi),%rdx |
| addq 96(%rdi),%rcx |
| addq 104(%rdi),%r8 |
| addq 112(%rdi),%r9 |
| subq 80(%rdi),%rax |
| subq 88(%rdi),%r10 |
| subq 96(%rdi),%r11 |
| subq 104(%rdi),%r12 |
| subq 112(%rdi),%r13 |
| movq %rsi,56(%rsp) |
| movq %rdx,64(%rsp) |
| movq %rcx,72(%rsp) |
| movq %r8,80(%rsp) |
| movq %r9,88(%rsp) |
| movq %rax,96(%rsp) |
| movq %r10,104(%rsp) |
| movq %r11,112(%rsp) |
| movq %r12,120(%rsp) |
| movq %r13,128(%rsp) |
| movq 96(%rsp),%rax |
| mulq 96(%rsp) |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 96(%rsp),%rax |
| shl $1,%rax |
| mulq 104(%rsp) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 96(%rsp),%rax |
| shl $1,%rax |
| mulq 112(%rsp) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 96(%rsp),%rax |
| shl $1,%rax |
| mulq 120(%rsp) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 96(%rsp),%rax |
| shl $1,%rax |
| mulq 128(%rsp) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 104(%rsp),%rax |
| mulq 104(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 104(%rsp),%rax |
| shl $1,%rax |
| mulq 112(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 104(%rsp),%rax |
| shl $1,%rax |
| mulq 120(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 104(%rsp),%rdx |
| imulq $38,%rdx,%rax |
| mulq 128(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 112(%rsp),%rax |
| mulq 112(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 112(%rsp),%rdx |
| imulq $38,%rdx,%rax |
| mulq 120(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 112(%rsp),%rdx |
| imulq $38,%rdx,%rax |
| mulq 128(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 120(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 120(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 120(%rsp),%rdx |
| imulq $38,%rdx,%rax |
| mulq 128(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 128(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 128(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq x25519_x86_64_REDMASK51(%rip),%rdx |
| shld $13,%rsi,%rcx |
| and %rdx,%rsi |
| shld $13,%r8,%r9 |
| and %rdx,%r8 |
| add %rcx,%r8 |
| shld $13,%r10,%r11 |
| and %rdx,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rdx,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rdx,%r14 |
| add %r13,%r14 |
| imulq $19,%r15,%rcx |
| add %rcx,%rsi |
| mov %rsi,%rcx |
| shr $51,%rcx |
| add %r8,%rcx |
| and %rdx,%rsi |
| mov %rcx,%r8 |
| shr $51,%rcx |
| add %r10,%rcx |
| and %rdx,%r8 |
| mov %rcx,%r9 |
| shr $51,%rcx |
| add %r12,%rcx |
| and %rdx,%r9 |
| mov %rcx,%rax |
| shr $51,%rcx |
| add %r14,%rcx |
| and %rdx,%rax |
| mov %rcx,%r10 |
| shr $51,%rcx |
| imulq $19,%rcx,%rcx |
| add %rcx,%rsi |
| and %rdx,%r10 |
| movq %rsi,136(%rsp) |
| movq %r8,144(%rsp) |
| movq %r9,152(%rsp) |
| movq %rax,160(%rsp) |
| movq %r10,168(%rsp) |
| movq 56(%rsp),%rax |
| mulq 56(%rsp) |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 56(%rsp),%rax |
| shl $1,%rax |
| mulq 64(%rsp) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 56(%rsp),%rax |
| shl $1,%rax |
| mulq 72(%rsp) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 56(%rsp),%rax |
| shl $1,%rax |
| mulq 80(%rsp) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 56(%rsp),%rax |
| shl $1,%rax |
| mulq 88(%rsp) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 64(%rsp),%rax |
| mulq 64(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 64(%rsp),%rax |
| shl $1,%rax |
| mulq 72(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 64(%rsp),%rax |
| shl $1,%rax |
| mulq 80(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 64(%rsp),%rdx |
| imulq $38,%rdx,%rax |
| mulq 88(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 72(%rsp),%rax |
| mulq 72(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 72(%rsp),%rdx |
| imulq $38,%rdx,%rax |
| mulq 80(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 72(%rsp),%rdx |
| imulq $38,%rdx,%rax |
| mulq 88(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 80(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 80(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 80(%rsp),%rdx |
| imulq $38,%rdx,%rax |
| mulq 88(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 88(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 88(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq x25519_x86_64_REDMASK51(%rip),%rdx |
| shld $13,%rsi,%rcx |
| and %rdx,%rsi |
| shld $13,%r8,%r9 |
| and %rdx,%r8 |
| add %rcx,%r8 |
| shld $13,%r10,%r11 |
| and %rdx,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rdx,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rdx,%r14 |
| add %r13,%r14 |
| imulq $19,%r15,%rcx |
| add %rcx,%rsi |
| mov %rsi,%rcx |
| shr $51,%rcx |
| add %r8,%rcx |
| and %rdx,%rsi |
| mov %rcx,%r8 |
| shr $51,%rcx |
| add %r10,%rcx |
| and %rdx,%r8 |
| mov %rcx,%r9 |
| shr $51,%rcx |
| add %r12,%rcx |
| and %rdx,%r9 |
| mov %rcx,%rax |
| shr $51,%rcx |
| add %r14,%rcx |
| and %rdx,%rax |
| mov %rcx,%r10 |
| shr $51,%rcx |
| imulq $19,%rcx,%rcx |
| add %rcx,%rsi |
| and %rdx,%r10 |
| movq %rsi,176(%rsp) |
| movq %r8,184(%rsp) |
| movq %r9,192(%rsp) |
| movq %rax,200(%rsp) |
| movq %r10,208(%rsp) |
| mov %rsi,%rsi |
| mov %r8,%rdx |
| mov %r9,%rcx |
| mov %rax,%r8 |
| mov %r10,%r9 |
| add x25519_x86_64_2P0(%rip),%rsi |
| add x25519_x86_64_2P1234(%rip),%rdx |
| add x25519_x86_64_2P1234(%rip),%rcx |
| add x25519_x86_64_2P1234(%rip),%r8 |
| add x25519_x86_64_2P1234(%rip),%r9 |
| subq 136(%rsp),%rsi |
| subq 144(%rsp),%rdx |
| subq 152(%rsp),%rcx |
| subq 160(%rsp),%r8 |
| subq 168(%rsp),%r9 |
| movq %rsi,216(%rsp) |
| movq %rdx,224(%rsp) |
| movq %rcx,232(%rsp) |
| movq %r8,240(%rsp) |
| movq %r9,248(%rsp) |
| movq 120(%rdi),%rsi |
| movq 128(%rdi),%rdx |
| movq 136(%rdi),%rcx |
| movq 144(%rdi),%r8 |
| movq 152(%rdi),%r9 |
| mov %rsi,%rax |
| mov %rdx,%r10 |
| mov %rcx,%r11 |
| mov %r8,%r12 |
| mov %r9,%r13 |
| add x25519_x86_64_2P0(%rip),%rax |
| add x25519_x86_64_2P1234(%rip),%r10 |
| add x25519_x86_64_2P1234(%rip),%r11 |
| add x25519_x86_64_2P1234(%rip),%r12 |
| add x25519_x86_64_2P1234(%rip),%r13 |
| addq 160(%rdi),%rsi |
| addq 168(%rdi),%rdx |
| addq 176(%rdi),%rcx |
| addq 184(%rdi),%r8 |
| addq 192(%rdi),%r9 |
| subq 160(%rdi),%rax |
| subq 168(%rdi),%r10 |
| subq 176(%rdi),%r11 |
| subq 184(%rdi),%r12 |
| subq 192(%rdi),%r13 |
| movq %rsi,256(%rsp) |
| movq %rdx,264(%rsp) |
| movq %rcx,272(%rsp) |
| movq %r8,280(%rsp) |
| movq %r9,288(%rsp) |
| movq %rax,296(%rsp) |
| movq %r10,304(%rsp) |
| movq %r11,312(%rsp) |
| movq %r12,320(%rsp) |
| movq %r13,328(%rsp) |
| movq 280(%rsp),%rsi |
| imulq $19,%rsi,%rax |
| movq %rax,336(%rsp) |
| mulq 112(%rsp) |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 288(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| movq %rax,344(%rsp) |
| mulq 104(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 256(%rsp),%rax |
| mulq 96(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 256(%rsp),%rax |
| mulq 104(%rsp) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 256(%rsp),%rax |
| mulq 112(%rsp) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 256(%rsp),%rax |
| mulq 120(%rsp) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 256(%rsp),%rax |
| mulq 128(%rsp) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 264(%rsp),%rax |
| mulq 96(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 264(%rsp),%rax |
| mulq 104(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 264(%rsp),%rax |
| mulq 112(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 264(%rsp),%rax |
| mulq 120(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 264(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 128(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 272(%rsp),%rax |
| mulq 96(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 272(%rsp),%rax |
| mulq 104(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 272(%rsp),%rax |
| mulq 112(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 272(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 120(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 272(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 128(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 280(%rsp),%rax |
| mulq 96(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 280(%rsp),%rax |
| mulq 104(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 336(%rsp),%rax |
| mulq 120(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 336(%rsp),%rax |
| mulq 128(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 288(%rsp),%rax |
| mulq 96(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 344(%rsp),%rax |
| mulq 112(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 344(%rsp),%rax |
| mulq 120(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 344(%rsp),%rax |
| mulq 128(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq x25519_x86_64_REDMASK51(%rip),%rdx |
| shld $13,%rsi,%rcx |
| and %rdx,%rsi |
| shld $13,%r8,%r9 |
| and %rdx,%r8 |
| add %rcx,%r8 |
| shld $13,%r10,%r11 |
| and %rdx,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rdx,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rdx,%r14 |
| add %r13,%r14 |
| imulq $19,%r15,%rcx |
| add %rcx,%rsi |
| mov %rsi,%rcx |
| shr $51,%rcx |
| add %r8,%rcx |
| mov %rcx,%r8 |
| shr $51,%rcx |
| and %rdx,%rsi |
| add %r10,%rcx |
| mov %rcx,%r9 |
| shr $51,%rcx |
| and %rdx,%r8 |
| add %r12,%rcx |
| mov %rcx,%rax |
| shr $51,%rcx |
| and %rdx,%r9 |
| add %r14,%rcx |
| mov %rcx,%r10 |
| shr $51,%rcx |
| and %rdx,%rax |
| imulq $19,%rcx,%rcx |
| add %rcx,%rsi |
| and %rdx,%r10 |
| movq %rsi,96(%rsp) |
| movq %r8,104(%rsp) |
| movq %r9,112(%rsp) |
| movq %rax,120(%rsp) |
| movq %r10,128(%rsp) |
| movq 320(%rsp),%rsi |
| imulq $19,%rsi,%rax |
| movq %rax,256(%rsp) |
| mulq 72(%rsp) |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 328(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| movq %rax,264(%rsp) |
| mulq 64(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 296(%rsp),%rax |
| mulq 56(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 296(%rsp),%rax |
| mulq 64(%rsp) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 296(%rsp),%rax |
| mulq 72(%rsp) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 296(%rsp),%rax |
| mulq 80(%rsp) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 296(%rsp),%rax |
| mulq 88(%rsp) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 304(%rsp),%rax |
| mulq 56(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 304(%rsp),%rax |
| mulq 64(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 304(%rsp),%rax |
| mulq 72(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 304(%rsp),%rax |
| mulq 80(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 304(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 88(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 312(%rsp),%rax |
| mulq 56(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 312(%rsp),%rax |
| mulq 64(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 312(%rsp),%rax |
| mulq 72(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 312(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 80(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 312(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 88(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 320(%rsp),%rax |
| mulq 56(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 320(%rsp),%rax |
| mulq 64(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 256(%rsp),%rax |
| mulq 80(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 256(%rsp),%rax |
| mulq 88(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 328(%rsp),%rax |
| mulq 56(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 264(%rsp),%rax |
| mulq 72(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 264(%rsp),%rax |
| mulq 80(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 264(%rsp),%rax |
| mulq 88(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq x25519_x86_64_REDMASK51(%rip),%rdx |
| shld $13,%rsi,%rcx |
| and %rdx,%rsi |
| shld $13,%r8,%r9 |
| and %rdx,%r8 |
| add %rcx,%r8 |
| shld $13,%r10,%r11 |
| and %rdx,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rdx,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rdx,%r14 |
| add %r13,%r14 |
| imulq $19,%r15,%rcx |
| add %rcx,%rsi |
| mov %rsi,%rcx |
| shr $51,%rcx |
| add %r8,%rcx |
| mov %rcx,%r8 |
| shr $51,%rcx |
| and %rdx,%rsi |
| add %r10,%rcx |
| mov %rcx,%r9 |
| shr $51,%rcx |
| and %rdx,%r8 |
| add %r12,%rcx |
| mov %rcx,%rax |
| shr $51,%rcx |
| and %rdx,%r9 |
| add %r14,%rcx |
| mov %rcx,%r10 |
| shr $51,%rcx |
| and %rdx,%rax |
| imulq $19,%rcx,%rcx |
| add %rcx,%rsi |
| and %rdx,%r10 |
| mov %rsi,%rdx |
| mov %r8,%rcx |
| mov %r9,%r11 |
| mov %rax,%r12 |
| mov %r10,%r13 |
| add x25519_x86_64_2P0(%rip),%rdx |
| add x25519_x86_64_2P1234(%rip),%rcx |
| add x25519_x86_64_2P1234(%rip),%r11 |
| add x25519_x86_64_2P1234(%rip),%r12 |
| add x25519_x86_64_2P1234(%rip),%r13 |
| addq 96(%rsp),%rsi |
| addq 104(%rsp),%r8 |
| addq 112(%rsp),%r9 |
| addq 120(%rsp),%rax |
| addq 128(%rsp),%r10 |
| subq 96(%rsp),%rdx |
| subq 104(%rsp),%rcx |
| subq 112(%rsp),%r11 |
| subq 120(%rsp),%r12 |
| subq 128(%rsp),%r13 |
| movq %rsi,120(%rdi) |
| movq %r8,128(%rdi) |
| movq %r9,136(%rdi) |
| movq %rax,144(%rdi) |
| movq %r10,152(%rdi) |
| movq %rdx,160(%rdi) |
| movq %rcx,168(%rdi) |
| movq %r11,176(%rdi) |
| movq %r12,184(%rdi) |
| movq %r13,192(%rdi) |
| movq 120(%rdi),%rax |
| mulq 120(%rdi) |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 120(%rdi),%rax |
| shl $1,%rax |
| mulq 128(%rdi) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 120(%rdi),%rax |
| shl $1,%rax |
| mulq 136(%rdi) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 120(%rdi),%rax |
| shl $1,%rax |
| mulq 144(%rdi) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 120(%rdi),%rax |
| shl $1,%rax |
| mulq 152(%rdi) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 128(%rdi),%rax |
| mulq 128(%rdi) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 128(%rdi),%rax |
| shl $1,%rax |
| mulq 136(%rdi) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 128(%rdi),%rax |
| shl $1,%rax |
| mulq 144(%rdi) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 128(%rdi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 152(%rdi) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 136(%rdi),%rax |
| mulq 136(%rdi) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 136(%rdi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 144(%rdi) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 136(%rdi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 152(%rdi) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 144(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 144(%rdi) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 144(%rdi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 152(%rdi) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 152(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 152(%rdi) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq x25519_x86_64_REDMASK51(%rip),%rdx |
| shld $13,%rsi,%rcx |
| and %rdx,%rsi |
| shld $13,%r8,%r9 |
| and %rdx,%r8 |
| add %rcx,%r8 |
| shld $13,%r10,%r11 |
| and %rdx,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rdx,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rdx,%r14 |
| add %r13,%r14 |
| imulq $19,%r15,%rcx |
| add %rcx,%rsi |
| mov %rsi,%rcx |
| shr $51,%rcx |
| add %r8,%rcx |
| and %rdx,%rsi |
| mov %rcx,%r8 |
| shr $51,%rcx |
| add %r10,%rcx |
| and %rdx,%r8 |
| mov %rcx,%r9 |
| shr $51,%rcx |
| add %r12,%rcx |
| and %rdx,%r9 |
| mov %rcx,%rax |
| shr $51,%rcx |
| add %r14,%rcx |
| and %rdx,%rax |
| mov %rcx,%r10 |
| shr $51,%rcx |
| imulq $19,%rcx,%rcx |
| add %rcx,%rsi |
| and %rdx,%r10 |
| movq %rsi,120(%rdi) |
| movq %r8,128(%rdi) |
| movq %r9,136(%rdi) |
| movq %rax,144(%rdi) |
| movq %r10,152(%rdi) |
| movq 160(%rdi),%rax |
| mulq 160(%rdi) |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 160(%rdi),%rax |
| shl $1,%rax |
| mulq 168(%rdi) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 160(%rdi),%rax |
| shl $1,%rax |
| mulq 176(%rdi) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 160(%rdi),%rax |
| shl $1,%rax |
| mulq 184(%rdi) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 160(%rdi),%rax |
| shl $1,%rax |
| mulq 192(%rdi) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 168(%rdi),%rax |
| mulq 168(%rdi) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 168(%rdi),%rax |
| shl $1,%rax |
| mulq 176(%rdi) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 168(%rdi),%rax |
| shl $1,%rax |
| mulq 184(%rdi) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 168(%rdi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 192(%rdi) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 176(%rdi),%rax |
| mulq 176(%rdi) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 176(%rdi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 184(%rdi) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 176(%rdi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 192(%rdi) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 184(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 184(%rdi) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 184(%rdi),%rdx |
| imulq $38,%rdx,%rax |
| mulq 192(%rdi) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 192(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 192(%rdi) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq x25519_x86_64_REDMASK51(%rip),%rdx |
| shld $13,%rsi,%rcx |
| and %rdx,%rsi |
| shld $13,%r8,%r9 |
| and %rdx,%r8 |
| add %rcx,%r8 |
| shld $13,%r10,%r11 |
| and %rdx,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rdx,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rdx,%r14 |
| add %r13,%r14 |
| imulq $19,%r15,%rcx |
| add %rcx,%rsi |
| mov %rsi,%rcx |
| shr $51,%rcx |
| add %r8,%rcx |
| and %rdx,%rsi |
| mov %rcx,%r8 |
| shr $51,%rcx |
| add %r10,%rcx |
| and %rdx,%r8 |
| mov %rcx,%r9 |
| shr $51,%rcx |
| add %r12,%rcx |
| and %rdx,%r9 |
| mov %rcx,%rax |
| shr $51,%rcx |
| add %r14,%rcx |
| and %rdx,%rax |
| mov %rcx,%r10 |
| shr $51,%rcx |
| imulq $19,%rcx,%rcx |
| add %rcx,%rsi |
| and %rdx,%r10 |
| movq %rsi,160(%rdi) |
| movq %r8,168(%rdi) |
| movq %r9,176(%rdi) |
| movq %rax,184(%rdi) |
| movq %r10,192(%rdi) |
| movq 184(%rdi),%rsi |
| imulq $19,%rsi,%rax |
| movq %rax,56(%rsp) |
| mulq 16(%rdi) |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 192(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| movq %rax,64(%rsp) |
| mulq 8(%rdi) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 160(%rdi),%rax |
| mulq 0(%rdi) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 160(%rdi),%rax |
| mulq 8(%rdi) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 160(%rdi),%rax |
| mulq 16(%rdi) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 160(%rdi),%rax |
| mulq 24(%rdi) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 160(%rdi),%rax |
| mulq 32(%rdi) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 168(%rdi),%rax |
| mulq 0(%rdi) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 168(%rdi),%rax |
| mulq 8(%rdi) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 168(%rdi),%rax |
| mulq 16(%rdi) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 168(%rdi),%rax |
| mulq 24(%rdi) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 168(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 32(%rdi) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 176(%rdi),%rax |
| mulq 0(%rdi) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 176(%rdi),%rax |
| mulq 8(%rdi) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 176(%rdi),%rax |
| mulq 16(%rdi) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 176(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 24(%rdi) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 176(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 32(%rdi) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 184(%rdi),%rax |
| mulq 0(%rdi) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 184(%rdi),%rax |
| mulq 8(%rdi) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 56(%rsp),%rax |
| mulq 24(%rdi) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 56(%rsp),%rax |
| mulq 32(%rdi) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 192(%rdi),%rax |
| mulq 0(%rdi) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 64(%rsp),%rax |
| mulq 16(%rdi) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 64(%rsp),%rax |
| mulq 24(%rdi) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 64(%rsp),%rax |
| mulq 32(%rdi) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq x25519_x86_64_REDMASK51(%rip),%rdx |
| shld $13,%rsi,%rcx |
| and %rdx,%rsi |
| shld $13,%r8,%r9 |
| and %rdx,%r8 |
| add %rcx,%r8 |
| shld $13,%r10,%r11 |
| and %rdx,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rdx,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rdx,%r14 |
| add %r13,%r14 |
| imulq $19,%r15,%rcx |
| add %rcx,%rsi |
| mov %rsi,%rcx |
| shr $51,%rcx |
| add %r8,%rcx |
| mov %rcx,%r8 |
| shr $51,%rcx |
| and %rdx,%rsi |
| add %r10,%rcx |
| mov %rcx,%r9 |
| shr $51,%rcx |
| and %rdx,%r8 |
| add %r12,%rcx |
| mov %rcx,%rax |
| shr $51,%rcx |
| and %rdx,%r9 |
| add %r14,%rcx |
| mov %rcx,%r10 |
| shr $51,%rcx |
| and %rdx,%rax |
| imulq $19,%rcx,%rcx |
| add %rcx,%rsi |
| and %rdx,%r10 |
| movq %rsi,160(%rdi) |
| movq %r8,168(%rdi) |
| movq %r9,176(%rdi) |
| movq %rax,184(%rdi) |
| movq %r10,192(%rdi) |
| movq 200(%rsp),%rsi |
| imulq $19,%rsi,%rax |
| movq %rax,56(%rsp) |
| mulq 152(%rsp) |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 208(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| movq %rax,64(%rsp) |
| mulq 144(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 176(%rsp),%rax |
| mulq 136(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 176(%rsp),%rax |
| mulq 144(%rsp) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 176(%rsp),%rax |
| mulq 152(%rsp) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 176(%rsp),%rax |
| mulq 160(%rsp) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 176(%rsp),%rax |
| mulq 168(%rsp) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 184(%rsp),%rax |
| mulq 136(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 184(%rsp),%rax |
| mulq 144(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 184(%rsp),%rax |
| mulq 152(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 184(%rsp),%rax |
| mulq 160(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 184(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 168(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 192(%rsp),%rax |
| mulq 136(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 192(%rsp),%rax |
| mulq 144(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 192(%rsp),%rax |
| mulq 152(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 192(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 160(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 192(%rsp),%rdx |
| imulq $19,%rdx,%rax |
| mulq 168(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 200(%rsp),%rax |
| mulq 136(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 200(%rsp),%rax |
| mulq 144(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 56(%rsp),%rax |
| mulq 160(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 56(%rsp),%rax |
| mulq 168(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 208(%rsp),%rax |
| mulq 136(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 64(%rsp),%rax |
| mulq 152(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 64(%rsp),%rax |
| mulq 160(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 64(%rsp),%rax |
| mulq 168(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq x25519_x86_64_REDMASK51(%rip),%rdx |
| shld $13,%rsi,%rcx |
| and %rdx,%rsi |
| shld $13,%r8,%r9 |
| and %rdx,%r8 |
| add %rcx,%r8 |
| shld $13,%r10,%r11 |
| and %rdx,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rdx,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rdx,%r14 |
| add %r13,%r14 |
| imulq $19,%r15,%rcx |
| add %rcx,%rsi |
| mov %rsi,%rcx |
| shr $51,%rcx |
| add %r8,%rcx |
| mov %rcx,%r8 |
| shr $51,%rcx |
| and %rdx,%rsi |
| add %r10,%rcx |
| mov %rcx,%r9 |
| shr $51,%rcx |
| and %rdx,%r8 |
| add %r12,%rcx |
| mov %rcx,%rax |
| shr $51,%rcx |
| and %rdx,%r9 |
| add %r14,%rcx |
| mov %rcx,%r10 |
| shr $51,%rcx |
| and %rdx,%rax |
| imulq $19,%rcx,%rcx |
| add %rcx,%rsi |
| and %rdx,%r10 |
| movq %rsi,40(%rdi) |
| movq %r8,48(%rdi) |
| movq %r9,56(%rdi) |
| movq %rax,64(%rdi) |
| movq %r10,72(%rdi) |
| movq 216(%rsp),%rax |
| mulq x25519_x86_64_121666_213(%rip) |
| shr $13,%rax |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 224(%rsp),%rax |
| mulq x25519_x86_64_121666_213(%rip) |
| shr $13,%rax |
| add %rax,%rcx |
| mov %rdx,%r8 |
| movq 232(%rsp),%rax |
| mulq x25519_x86_64_121666_213(%rip) |
| shr $13,%rax |
| add %rax,%r8 |
| mov %rdx,%r9 |
| movq 240(%rsp),%rax |
| mulq x25519_x86_64_121666_213(%rip) |
| shr $13,%rax |
| add %rax,%r9 |
| mov %rdx,%r10 |
| movq 248(%rsp),%rax |
| mulq x25519_x86_64_121666_213(%rip) |
| shr $13,%rax |
| add %rax,%r10 |
| imulq $19,%rdx,%rdx |
| add %rdx,%rsi |
| addq 136(%rsp),%rsi |
| addq 144(%rsp),%rcx |
| addq 152(%rsp),%r8 |
| addq 160(%rsp),%r9 |
| addq 168(%rsp),%r10 |
| movq %rsi,80(%rdi) |
| movq %rcx,88(%rdi) |
| movq %r8,96(%rdi) |
| movq %r9,104(%rdi) |
| movq %r10,112(%rdi) |
| movq 104(%rdi),%rsi |
| imulq $19,%rsi,%rax |
| movq %rax,56(%rsp) |
| mulq 232(%rsp) |
| mov %rax,%rsi |
| mov %rdx,%rcx |
| movq 112(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| movq %rax,64(%rsp) |
| mulq 224(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 80(%rdi),%rax |
| mulq 216(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 80(%rdi),%rax |
| mulq 224(%rsp) |
| mov %rax,%r8 |
| mov %rdx,%r9 |
| movq 80(%rdi),%rax |
| mulq 232(%rsp) |
| mov %rax,%r10 |
| mov %rdx,%r11 |
| movq 80(%rdi),%rax |
| mulq 240(%rsp) |
| mov %rax,%r12 |
| mov %rdx,%r13 |
| movq 80(%rdi),%rax |
| mulq 248(%rsp) |
| mov %rax,%r14 |
| mov %rdx,%r15 |
| movq 88(%rdi),%rax |
| mulq 216(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 88(%rdi),%rax |
| mulq 224(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 88(%rdi),%rax |
| mulq 232(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 88(%rdi),%rax |
| mulq 240(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 88(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 248(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 96(%rdi),%rax |
| mulq 216(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 96(%rdi),%rax |
| mulq 224(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 96(%rdi),%rax |
| mulq 232(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 96(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 240(%rsp) |
| add %rax,%rsi |
| adc %rdx,%rcx |
| movq 96(%rdi),%rdx |
| imulq $19,%rdx,%rax |
| mulq 248(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 104(%rdi),%rax |
| mulq 216(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq 104(%rdi),%rax |
| mulq 224(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 56(%rsp),%rax |
| mulq 240(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 56(%rsp),%rax |
| mulq 248(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 112(%rdi),%rax |
| mulq 216(%rsp) |
| add %rax,%r14 |
| adc %rdx,%r15 |
| movq 64(%rsp),%rax |
| mulq 232(%rsp) |
| add %rax,%r8 |
| adc %rdx,%r9 |
| movq 64(%rsp),%rax |
| mulq 240(%rsp) |
| add %rax,%r10 |
| adc %rdx,%r11 |
| movq 64(%rsp),%rax |
| mulq 248(%rsp) |
| add %rax,%r12 |
| adc %rdx,%r13 |
| movq x25519_x86_64_REDMASK51(%rip),%rdx |
| shld $13,%rsi,%rcx |
| and %rdx,%rsi |
| shld $13,%r8,%r9 |
| and %rdx,%r8 |
| add %rcx,%r8 |
| shld $13,%r10,%r11 |
| and %rdx,%r10 |
| add %r9,%r10 |
| shld $13,%r12,%r13 |
| and %rdx,%r12 |
| add %r11,%r12 |
| shld $13,%r14,%r15 |
| and %rdx,%r14 |
| add %r13,%r14 |
| imulq $19,%r15,%rcx |
| add %rcx,%rsi |
| mov %rsi,%rcx |
| shr $51,%rcx |
| add %r8,%rcx |
| mov %rcx,%r8 |
| shr $51,%rcx |
| and %rdx,%rsi |
| add %r10,%rcx |
| mov %rcx,%r9 |
| shr $51,%rcx |
| and %rdx,%r8 |
| add %r12,%rcx |
| mov %rcx,%rax |
| shr $51,%rcx |
| and %rdx,%r9 |
| add %r14,%rcx |
| mov %rcx,%r10 |
| shr $51,%rcx |
| and %rdx,%rax |
| imulq $19,%rcx,%rcx |
| add %rcx,%rsi |
| and %rdx,%r10 |
| movq %rsi,80(%rdi) |
| movq %r8,88(%rdi) |
| movq %r9,96(%rdi) |
| movq %rax,104(%rdi) |
| movq %r10,112(%rdi) |
| movq 0(%rsp),%r11 |
| movq 8(%rsp),%r12 |
| movq 16(%rsp),%r13 |
| movq 24(%rsp),%r14 |
| movq 32(%rsp),%r15 |
| movq 40(%rsp),%rbx |
| movq 48(%rsp),%rbp |
| add %r11,%rsp |
| mov %rdi,%rax |
| mov %rsi,%rdx |
| ret |
| |
| .p2align 5 |
| .globl C_ABI(x25519_x86_64_work_cswap) |
| HIDDEN C_ABI(x25519_x86_64_work_cswap) |
| C_ABI(x25519_x86_64_work_cswap): |
| mov %rsp,%r11 |
| and $31,%r11 |
| add $0,%r11 |
| sub %r11,%rsp |
| cmp $1,%rsi |
| movq 0(%rdi),%rsi |
| movq 80(%rdi),%rdx |
| movq 8(%rdi),%rcx |
| movq 88(%rdi),%r8 |
| mov %rsi,%r9 |
| cmove %rdx,%rsi |
| cmove %r9,%rdx |
| mov %rcx,%r9 |
| cmove %r8,%rcx |
| cmove %r9,%r8 |
| movq %rsi,0(%rdi) |
| movq %rdx,80(%rdi) |
| movq %rcx,8(%rdi) |
| movq %r8,88(%rdi) |
| movq 16(%rdi),%rsi |
| movq 96(%rdi),%rdx |
| movq 24(%rdi),%rcx |
| movq 104(%rdi),%r8 |
| mov %rsi,%r9 |
| cmove %rdx,%rsi |
| cmove %r9,%rdx |
| mov %rcx,%r9 |
| cmove %r8,%rcx |
| cmove %r9,%r8 |
| movq %rsi,16(%rdi) |
| movq %rdx,96(%rdi) |
| movq %rcx,24(%rdi) |
| movq %r8,104(%rdi) |
| movq 32(%rdi),%rsi |
| movq 112(%rdi),%rdx |
| movq 40(%rdi),%rcx |
| movq 120(%rdi),%r8 |
| mov %rsi,%r9 |
| cmove %rdx,%rsi |
| cmove %r9,%rdx |
| mov %rcx,%r9 |
| cmove %r8,%rcx |
| cmove %r9,%r8 |
| movq %rsi,32(%rdi) |
| movq %rdx,112(%rdi) |
| movq %rcx,40(%rdi) |
| movq %r8,120(%rdi) |
| movq 48(%rdi),%rsi |
| movq 128(%rdi),%rdx |
| movq 56(%rdi),%rcx |
| movq 136(%rdi),%r8 |
| mov %rsi,%r9 |
| cmove %rdx,%rsi |
| cmove %r9,%rdx |
| mov %rcx,%r9 |
| cmove %r8,%rcx |
| cmove %r9,%r8 |
| movq %rsi,48(%rdi) |
| movq %rdx,128(%rdi) |
| movq %rcx,56(%rdi) |
| movq %r8,136(%rdi) |
| movq 64(%rdi),%rsi |
| movq 144(%rdi),%rdx |
| movq 72(%rdi),%rcx |
| movq 152(%rdi),%r8 |
| mov %rsi,%r9 |
| cmove %rdx,%rsi |
| cmove %r9,%rdx |
| mov %rcx,%r9 |
| cmove %r8,%rcx |
| cmove %r9,%r8 |
| movq %rsi,64(%rdi) |
| movq %rdx,144(%rdi) |
| movq %rcx,72(%rdi) |
| movq %r8,152(%rdi) |
| add %r11,%rsp |
| mov %rdi,%rax |
| mov %rsi,%rdx |
| ret |
| |
| #endif /* __x86_64__ */ |
| #endif /* !OPENSSL_NO_ASM */ |