]> Git Repo - secp256k1.git/blob - src/field_5x52_asm_impl.h
projects / secp256k1.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Implement endomorphism optimization for secp256k1_ecmult_const
[secp256k1.git] / src / field_5x52_asm_impl.h
1 /**********************************************************************
2  * Copyright (c) 2013-2014 Diederik Huys, Pieter Wuille               *
3  * Distributed under the MIT software license, see the accompanying   *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6
7 /**
8  * Changelog:
9  * - March 2013, Diederik Huys:    original version
10  * - November 2014, Pieter Wuille: updated to use Peter Dettman's parallel multiplication algorithm
11  * - December 2014, Pieter Wuille: converted from YASM to GCC inline assembly
12  */
13
14 #ifndef _SECP256K1_FIELD_INNER5X52_IMPL_H_
15 #define _SECP256K1_FIELD_INNER5X52_IMPL_H_
16
17 SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) {
18 /**
19  * Registers: rdx:rax = multiplication accumulator
20  *            r9:r8   = c
21  *            r15:rcx = d
22  *            r10-r14 = a0-a4
23  *            rbx     = b
24  *            rdi     = r
25  *            rsi     = a / t?
26  */
27   uint64_t tmp1, tmp2, tmp3;
28 __asm__ __volatile__(
29     "movq 0(%%rsi),%%r10\n"
30     "movq 8(%%rsi),%%r11\n"
31     "movq 16(%%rsi),%%r12\n"
32     "movq 24(%%rsi),%%r13\n"
33     "movq 32(%%rsi),%%r14\n"
34
35     /* d += a3 * b0 */
36     "movq 0(%%rbx),%%rax\n"
37     "mulq %%r13\n"
38     "movq %%rax,%%rcx\n"
39     "movq %%rdx,%%r15\n"
40     /* d += a2 * b1 */
41     "movq 8(%%rbx),%%rax\n"
42     "mulq %%r12\n"
43     "addq %%rax,%%rcx\n"
44     "adcq %%rdx,%%r15\n"
45     /* d += a1 * b2 */
46     "movq 16(%%rbx),%%rax\n"
47     "mulq %%r11\n"
48     "addq %%rax,%%rcx\n"
49     "adcq %%rdx,%%r15\n"
50     /* d = a0 * b3 */
51     "movq 24(%%rbx),%%rax\n"
52     "mulq %%r10\n"
53     "addq %%rax,%%rcx\n"
54     "adcq %%rdx,%%r15\n"
55     /* c = a4 * b4 */
56     "movq 32(%%rbx),%%rax\n"
57     "mulq %%r14\n"
58     "movq %%rax,%%r8\n"
59     "movq %%rdx,%%r9\n"
60     /* d += (c & M) * R */
61     "movq $0xfffffffffffff,%%rdx\n"
62     "andq %%rdx,%%rax\n"
63     "movq $0x1000003d10,%%rdx\n"
64     "mulq %%rdx\n"
65     "addq %%rax,%%rcx\n"
66     "adcq %%rdx,%%r15\n"
67     /* c >>= 52 (%%r8 only) */
68     "shrdq $52,%%r9,%%r8\n"
69     /* t3 (tmp1) = d & M */
70     "movq %%rcx,%%rsi\n"
71     "movq $0xfffffffffffff,%%rdx\n"
72     "andq %%rdx,%%rsi\n"
73     "movq %%rsi,%q1\n"
74     /* d >>= 52 */
75     "shrdq $52,%%r15,%%rcx\n"
76     "xorq %%r15,%%r15\n"
77     /* d += a4 * b0 */
78     "movq 0(%%rbx),%%rax\n"
79     "mulq %%r14\n"
80     "addq %%rax,%%rcx\n"
81     "adcq %%rdx,%%r15\n"
82     /* d += a3 * b1 */
83     "movq 8(%%rbx),%%rax\n"
84     "mulq %%r13\n"
85     "addq %%rax,%%rcx\n"
86     "adcq %%rdx,%%r15\n"
87     /* d += a2 * b2 */
88     "movq 16(%%rbx),%%rax\n"
89     "mulq %%r12\n"
90     "addq %%rax,%%rcx\n"
91     "adcq %%rdx,%%r15\n"
92     /* d += a1 * b3 */
93     "movq 24(%%rbx),%%rax\n"
94     "mulq %%r11\n"
95     "addq %%rax,%%rcx\n"
96     "adcq %%rdx,%%r15\n"
97     /* d += a0 * b4 */
98     "movq 32(%%rbx),%%rax\n"
99     "mulq %%r10\n"
100     "addq %%rax,%%rcx\n"
101     "adcq %%rdx,%%r15\n"
102     /* d += c * R */
103     "movq %%r8,%%rax\n"
104     "movq $0x1000003d10,%%rdx\n"
105     "mulq %%rdx\n"
106     "addq %%rax,%%rcx\n"
107     "adcq %%rdx,%%r15\n"
108     /* t4 = d & M (%%rsi) */
109     "movq %%rcx,%%rsi\n"
110     "movq $0xfffffffffffff,%%rdx\n"
111     "andq %%rdx,%%rsi\n"
112     /* d >>= 52 */
113     "shrdq $52,%%r15,%%rcx\n"
114     "xorq %%r15,%%r15\n"
115     /* tx = t4 >> 48 (tmp3) */
116     "movq %%rsi,%%rax\n"
117     "shrq $48,%%rax\n"
118     "movq %%rax,%q3\n"
119     /* t4 &= (M >> 4) (tmp2) */
120     "movq $0xffffffffffff,%%rax\n"
121     "andq %%rax,%%rsi\n"
122     "movq %%rsi,%q2\n"
123     /* c = a0 * b0 */
124     "movq 0(%%rbx),%%rax\n"
125     "mulq %%r10\n"
126     "movq %%rax,%%r8\n"
127     "movq %%rdx,%%r9\n"
128     /* d += a4 * b1 */
129     "movq 8(%%rbx),%%rax\n"
130     "mulq %%r14\n"
131     "addq %%rax,%%rcx\n"
132     "adcq %%rdx,%%r15\n"
133     /* d += a3 * b2 */
134     "movq 16(%%rbx),%%rax\n"
135     "mulq %%r13\n"
136     "addq %%rax,%%rcx\n"
137     "adcq %%rdx,%%r15\n"
138     /* d += a2 * b3 */
139     "movq 24(%%rbx),%%rax\n"
140     "mulq %%r12\n"
141     "addq %%rax,%%rcx\n"
142     "adcq %%rdx,%%r15\n"
143     /* d += a1 * b4 */
144     "movq 32(%%rbx),%%rax\n"
145     "mulq %%r11\n"
146     "addq %%rax,%%rcx\n"
147     "adcq %%rdx,%%r15\n"
148     /* u0 = d & M (%%rsi) */
149     "movq %%rcx,%%rsi\n"
150     "movq $0xfffffffffffff,%%rdx\n"
151     "andq %%rdx,%%rsi\n"
152     /* d >>= 52 */
153     "shrdq $52,%%r15,%%rcx\n"
154     "xorq %%r15,%%r15\n"
155     /* u0 = (u0 << 4) | tx (%%rsi) */
156     "shlq $4,%%rsi\n"
157     "movq %q3,%%rax\n"
158     "orq %%rax,%%rsi\n"
159     /* c += u0 * (R >> 4) */
160     "movq $0x1000003d1,%%rax\n"
161     "mulq %%rsi\n"
162     "addq %%rax,%%r8\n"
163     "adcq %%rdx,%%r9\n"
164     /* r[0] = c & M */
165     "movq %%r8,%%rax\n"
166     "movq $0xfffffffffffff,%%rdx\n"
167     "andq %%rdx,%%rax\n"
168     "movq %%rax,0(%%rdi)\n"
169     /* c >>= 52 */
170     "shrdq $52,%%r9,%%r8\n"
171     "xorq %%r9,%%r9\n"
172     /* c += a1 * b0 */
173     "movq 0(%%rbx),%%rax\n"
174     "mulq %%r11\n"
175     "addq %%rax,%%r8\n"
176     "adcq %%rdx,%%r9\n"
177     /* c += a0 * b1 */
178     "movq 8(%%rbx),%%rax\n"
179     "mulq %%r10\n"
180     "addq %%rax,%%r8\n"
181     "adcq %%rdx,%%r9\n"
182     /* d += a4 * b2 */
183     "movq 16(%%rbx),%%rax\n"
184     "mulq %%r14\n"
185     "addq %%rax,%%rcx\n"
186     "adcq %%rdx,%%r15\n"
187     /* d += a3 * b3 */
188     "movq 24(%%rbx),%%rax\n"
189     "mulq %%r13\n"
190     "addq %%rax,%%rcx\n"
191     "adcq %%rdx,%%r15\n"
192     /* d += a2 * b4 */
193     "movq 32(%%rbx),%%rax\n"
194     "mulq %%r12\n"
195     "addq %%rax,%%rcx\n"
196     "adcq %%rdx,%%r15\n"
197     /* c += (d & M) * R */
198     "movq %%rcx,%%rax\n"
199     "movq $0xfffffffffffff,%%rdx\n"
200     "andq %%rdx,%%rax\n"
201     "movq $0x1000003d10,%%rdx\n"
202     "mulq %%rdx\n"
203     "addq %%rax,%%r8\n"
204     "adcq %%rdx,%%r9\n"
205     /* d >>= 52 */
206     "shrdq $52,%%r15,%%rcx\n"
207     "xorq %%r15,%%r15\n"
208     /* r[1] = c & M */
209     "movq %%r8,%%rax\n"
210     "movq $0xfffffffffffff,%%rdx\n"
211     "andq %%rdx,%%rax\n"
212     "movq %%rax,8(%%rdi)\n"
213     /* c >>= 52 */
214     "shrdq $52,%%r9,%%r8\n"
215     "xorq %%r9,%%r9\n"
216     /* c += a2 * b0 */
217     "movq 0(%%rbx),%%rax\n"
218     "mulq %%r12\n"
219     "addq %%rax,%%r8\n"
220     "adcq %%rdx,%%r9\n"
221     /* c += a1 * b1 */
222     "movq 8(%%rbx),%%rax\n"
223     "mulq %%r11\n"
224     "addq %%rax,%%r8\n"
225     "adcq %%rdx,%%r9\n"
226     /* c += a0 * b2 (last use of %%r10 = a0) */
227     "movq 16(%%rbx),%%rax\n"
228     "mulq %%r10\n"
229     "addq %%rax,%%r8\n"
230     "adcq %%rdx,%%r9\n"
231     /* fetch t3 (%%r10, overwrites a0), t4 (%%rsi) */
232     "movq %q2,%%rsi\n"
233     "movq %q1,%%r10\n"
234     /* d += a4 * b3 */
235     "movq 24(%%rbx),%%rax\n"
236     "mulq %%r14\n"
237     "addq %%rax,%%rcx\n"
238     "adcq %%rdx,%%r15\n"
239     /* d += a3 * b4 */
240     "movq 32(%%rbx),%%rax\n"
241     "mulq %%r13\n"
242     "addq %%rax,%%rcx\n"
243     "adcq %%rdx,%%r15\n"
244     /* c += (d & M) * R */
245     "movq %%rcx,%%rax\n"
246     "movq $0xfffffffffffff,%%rdx\n"
247     "andq %%rdx,%%rax\n"
248     "movq $0x1000003d10,%%rdx\n"
249     "mulq %%rdx\n"
250     "addq %%rax,%%r8\n"
251     "adcq %%rdx,%%r9\n"
252     /* d >>= 52 (%%rcx only) */
253     "shrdq $52,%%r15,%%rcx\n"
254     /* r[2] = c & M */
255     "movq %%r8,%%rax\n"
256     "movq $0xfffffffffffff,%%rdx\n"
257     "andq %%rdx,%%rax\n"
258     "movq %%rax,16(%%rdi)\n"
259     /* c >>= 52 */
260     "shrdq $52,%%r9,%%r8\n"
261     "xorq %%r9,%%r9\n"
262     /* c += t3 */
263     "addq %%r10,%%r8\n"
264     /* c += d * R */
265     "movq %%rcx,%%rax\n"
266     "movq $0x1000003d10,%%rdx\n"
267     "mulq %%rdx\n"
268     "addq %%rax,%%r8\n"
269     "adcq %%rdx,%%r9\n"
270     /* r[3] = c & M */
271     "movq %%r8,%%rax\n"
272     "movq $0xfffffffffffff,%%rdx\n"
273     "andq %%rdx,%%rax\n"
274     "movq %%rax,24(%%rdi)\n"
275     /* c >>= 52 (%%r8 only) */
276     "shrdq $52,%%r9,%%r8\n"
277     /* c += t4 (%%r8 only) */
278     "addq %%rsi,%%r8\n"
279     /* r[4] = c */
280     "movq %%r8,32(%%rdi)\n"
281 : "+S"(a), "=m"(tmp1), "=m"(tmp2), "=m"(tmp3)
282 : "b"(b), "D"(r)
283 : "%rax", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15", "cc", "memory"
284 );
285 }
286
287 SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t *a) {
288 /**
289  * Registers: rdx:rax = multiplication accumulator
290  *            r9:r8   = c
291  *            rcx:rbx = d
292  *            r10-r14 = a0-a4
293  *            r15     = M (0xfffffffffffff)
294  *            rdi     = r
295  *            rsi     = a / t?
296  */
297   uint64_t tmp1, tmp2, tmp3;
298 __asm__ __volatile__(
299     "movq 0(%%rsi),%%r10\n"
300     "movq 8(%%rsi),%%r11\n"
301     "movq 16(%%rsi),%%r12\n"
302     "movq 24(%%rsi),%%r13\n"
303     "movq 32(%%rsi),%%r14\n"
304     "movq $0xfffffffffffff,%%r15\n"
305
306     /* d = (a0*2) * a3 */
307     "leaq (%%r10,%%r10,1),%%rax\n"
308     "mulq %%r13\n"
309     "movq %%rax,%%rbx\n"
310     "movq %%rdx,%%rcx\n"
311     /* d += (a1*2) * a2 */
312     "leaq (%%r11,%%r11,1),%%rax\n"
313     "mulq %%r12\n"
314     "addq %%rax,%%rbx\n"
315     "adcq %%rdx,%%rcx\n"
316     /* c = a4 * a4 */
317     "movq %%r14,%%rax\n"
318     "mulq %%r14\n"
319     "movq %%rax,%%r8\n"
320     "movq %%rdx,%%r9\n"
321     /* d += (c & M) * R */
322     "andq %%r15,%%rax\n"
323     "movq $0x1000003d10,%%rdx\n"
324     "mulq %%rdx\n"
325     "addq %%rax,%%rbx\n"
326     "adcq %%rdx,%%rcx\n"
327     /* c >>= 52 (%%r8 only) */
328     "shrdq $52,%%r9,%%r8\n"
329     /* t3 (tmp1) = d & M */
330     "movq %%rbx,%%rsi\n"
331     "andq %%r15,%%rsi\n"
332     "movq %%rsi,%q1\n"
333     /* d >>= 52 */
334     "shrdq $52,%%rcx,%%rbx\n"
335     "xorq %%rcx,%%rcx\n"
336     /* a4 *= 2 */
337     "addq %%r14,%%r14\n"
338     /* d += a0 * a4 */
339     "movq %%r10,%%rax\n"
340     "mulq %%r14\n"
341     "addq %%rax,%%rbx\n"
342     "adcq %%rdx,%%rcx\n"
343     /* d+= (a1*2) * a3 */
344     "leaq (%%r11,%%r11,1),%%rax\n"
345     "mulq %%r13\n"
346     "addq %%rax,%%rbx\n"
347     "adcq %%rdx,%%rcx\n"
348     /* d += a2 * a2 */
349     "movq %%r12,%%rax\n"
350     "mulq %%r12\n"
351     "addq %%rax,%%rbx\n"
352     "adcq %%rdx,%%rcx\n"
353     /* d += c * R */
354     "movq %%r8,%%rax\n"
355     "movq $0x1000003d10,%%rdx\n"
356     "mulq %%rdx\n"
357     "addq %%rax,%%rbx\n"
358     "adcq %%rdx,%%rcx\n"
359     /* t4 = d & M (%%rsi) */
360     "movq %%rbx,%%rsi\n"
361     "andq %%r15,%%rsi\n"
362     /* d >>= 52 */
363     "shrdq $52,%%rcx,%%rbx\n"
364     "xorq %%rcx,%%rcx\n"
365     /* tx = t4 >> 48 (tmp3) */
366     "movq %%rsi,%%rax\n"
367     "shrq $48,%%rax\n"
368     "movq %%rax,%q3\n"
369     /* t4 &= (M >> 4) (tmp2) */
370     "movq $0xffffffffffff,%%rax\n"
371     "andq %%rax,%%rsi\n"
372     "movq %%rsi,%q2\n"
373     /* c = a0 * a0 */
374     "movq %%r10,%%rax\n"
375     "mulq %%r10\n"
376     "movq %%rax,%%r8\n"
377     "movq %%rdx,%%r9\n"
378     /* d += a1 * a4 */
379     "movq %%r11,%%rax\n"
380     "mulq %%r14\n"
381     "addq %%rax,%%rbx\n"
382     "adcq %%rdx,%%rcx\n"
383     /* d += (a2*2) * a3 */
384     "leaq (%%r12,%%r12,1),%%rax\n"
385     "mulq %%r13\n"
386     "addq %%rax,%%rbx\n"
387     "adcq %%rdx,%%rcx\n"
388     /* u0 = d & M (%%rsi) */
389     "movq %%rbx,%%rsi\n"
390     "andq %%r15,%%rsi\n"
391     /* d >>= 52 */
392     "shrdq $52,%%rcx,%%rbx\n"
393     "xorq %%rcx,%%rcx\n"
394     /* u0 = (u0 << 4) | tx (%%rsi) */
395     "shlq $4,%%rsi\n"
396     "movq %q3,%%rax\n"
397     "orq %%rax,%%rsi\n"
398     /* c += u0 * (R >> 4) */
399     "movq $0x1000003d1,%%rax\n"
400     "mulq %%rsi\n"
401     "addq %%rax,%%r8\n"
402     "adcq %%rdx,%%r9\n"
403     /* r[0] = c & M */
404     "movq %%r8,%%rax\n"
405     "andq %%r15,%%rax\n"
406     "movq %%rax,0(%%rdi)\n"
407     /* c >>= 52 */
408     "shrdq $52,%%r9,%%r8\n"
409     "xorq %%r9,%%r9\n"
410     /* a0 *= 2 */
411     "addq %%r10,%%r10\n"
412     /* c += a0 * a1 */
413     "movq %%r10,%%rax\n"
414     "mulq %%r11\n"
415     "addq %%rax,%%r8\n"
416     "adcq %%rdx,%%r9\n"
417     /* d += a2 * a4 */
418     "movq %%r12,%%rax\n"
419     "mulq %%r14\n"
420     "addq %%rax,%%rbx\n"
421     "adcq %%rdx,%%rcx\n"
422     /* d += a3 * a3 */
423     "movq %%r13,%%rax\n"
424     "mulq %%r13\n"
425     "addq %%rax,%%rbx\n"
426     "adcq %%rdx,%%rcx\n"
427     /* c += (d & M) * R */
428     "movq %%rbx,%%rax\n"
429     "andq %%r15,%%rax\n"
430     "movq $0x1000003d10,%%rdx\n"
431     "mulq %%rdx\n"
432     "addq %%rax,%%r8\n"
433     "adcq %%rdx,%%r9\n"
434     /* d >>= 52 */
435     "shrdq $52,%%rcx,%%rbx\n"
436     "xorq %%rcx,%%rcx\n"
437     /* r[1] = c & M */
438     "movq %%r8,%%rax\n"
439     "andq %%r15,%%rax\n"
440     "movq %%rax,8(%%rdi)\n"
441     /* c >>= 52 */
442     "shrdq $52,%%r9,%%r8\n"
443     "xorq %%r9,%%r9\n"
444     /* c += a0 * a2 (last use of %%r10) */
445     "movq %%r10,%%rax\n"
446     "mulq %%r12\n"
447     "addq %%rax,%%r8\n"
448     "adcq %%rdx,%%r9\n"
449     /* fetch t3 (%%r10, overwrites a0),t4 (%%rsi) */
450     "movq %q2,%%rsi\n"
451     "movq %q1,%%r10\n"
452     /* c += a1 * a1 */
453     "movq %%r11,%%rax\n"
454     "mulq %%r11\n"
455     "addq %%rax,%%r8\n"
456     "adcq %%rdx,%%r9\n"
457     /* d += a3 * a4 */
458     "movq %%r13,%%rax\n"
459     "mulq %%r14\n"
460     "addq %%rax,%%rbx\n"
461     "adcq %%rdx,%%rcx\n"
462     /* c += (d & M) * R */
463     "movq %%rbx,%%rax\n"
464     "andq %%r15,%%rax\n"
465     "movq $0x1000003d10,%%rdx\n"
466     "mulq %%rdx\n"
467     "addq %%rax,%%r8\n"
468     "adcq %%rdx,%%r9\n"
469     /* d >>= 52 (%%rbx only) */
470     "shrdq $52,%%rcx,%%rbx\n"
471     /* r[2] = c & M */
472     "movq %%r8,%%rax\n"
473     "andq %%r15,%%rax\n"
474     "movq %%rax,16(%%rdi)\n"
475     /* c >>= 52 */
476     "shrdq $52,%%r9,%%r8\n"
477     "xorq %%r9,%%r9\n"
478     /* c += t3 */
479     "addq %%r10,%%r8\n"
480     /* c += d * R */
481     "movq %%rbx,%%rax\n"
482     "movq $0x1000003d10,%%rdx\n"
483     "mulq %%rdx\n"
484     "addq %%rax,%%r8\n"
485     "adcq %%rdx,%%r9\n"
486     /* r[3] = c & M */
487     "movq %%r8,%%rax\n"
488     "andq %%r15,%%rax\n"
489     "movq %%rax,24(%%rdi)\n"
490     /* c >>= 52 (%%r8 only) */
491     "shrdq $52,%%r9,%%r8\n"
492     /* c += t4 (%%r8 only) */
493     "addq %%rsi,%%r8\n"
494     /* r[4] = c */
495     "movq %%r8,32(%%rdi)\n"
496 : "+S"(a), "=m"(tmp1), "=m"(tmp2), "=m"(tmp3)
497 : "D"(r)
498 : "%rax", "%rbx", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15", "cc", "memory"
499 );
500 }
501
502 #endif
Empty description
This page took 0.053181 seconds and 4 git commands to generate.