1 /** 2 * \file bn_mul.h 3 * 4 * \brief Multi-precision integer library 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 9 * 10 * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 * not use this file except in compliance with the License. 12 * You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, software 17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 * See the License for the specific language governing permissions and 20 * limitations under the License. 21 */ 22 /* 23 * Multiply source vector [s] with b, add result 24 * to destination vector [d] and set carry c. 25 * 26 * Currently supports: 27 * 28 * . IA-32 (386+) . AMD64 / EM64T 29 * . IA-32 (SSE2) . Motorola 68000 30 * . PowerPC, 32-bit . MicroBlaze 31 * . PowerPC, 64-bit . TriCore 32 * . SPARC v8 . ARM v3+ 33 * . Alpha . MIPS32 34 * . C, longlong . C, generic 35 */ 36 #ifndef MBEDTLS_BN_MUL_H 37 #define MBEDTLS_BN_MUL_H 38 39 #include "mbedtls/build_info.h" 40 41 #include "mbedtls/bignum.h" 42 43 44 /* 45 * Conversion macros for embedded constants: 46 * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2 47 */ 48 #if defined(MBEDTLS_HAVE_INT32) 49 50 #define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \ 51 ( (mbedtls_mpi_uint) (a) << 0 ) | \ 52 ( (mbedtls_mpi_uint) (b) << 8 ) | \ 53 ( (mbedtls_mpi_uint) (c) << 16 ) | \ 54 ( (mbedtls_mpi_uint) (d) << 24 ) 55 56 #define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \ 57 MBEDTLS_BYTES_TO_T_UINT_4( a, b, 0, 0 ) 58 59 #define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \ 60 MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ), \ 61 MBEDTLS_BYTES_TO_T_UINT_4( e, f, g, h ) 62 63 #else /* 64-bits */ 64 65 #define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \ 66 ( (mbedtls_mpi_uint) (a) << 0 ) | \ 67 ( (mbedtls_mpi_uint) (b) << 8 ) | \ 68 ( (mbedtls_mpi_uint) (c) << 16 ) | \ 69 ( (mbedtls_mpi_uint) (d) << 24 ) | \ 70 ( (mbedtls_mpi_uint) (e) << 32 ) | \ 71 ( (mbedtls_mpi_uint) (f) << 40 ) | \ 72 ( (mbedtls_mpi_uint) (g) << 48 ) | \ 73 ( (mbedtls_mpi_uint) (h) << 56 ) 74 75 #define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \ 76 MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 ) 77 78 #define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \ 79 MBEDTLS_BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 ) 80 81 #endif /* bits in mbedtls_mpi_uint */ 82 83 #if defined(MBEDTLS_HAVE_ASM) 84 85 #ifndef asm 86 #define asm __asm 87 #endif 88 89 /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ 90 #if defined(__GNUC__) && \ 91 ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) 92 93 /* 94 * GCC < 5.0 treated the x86 ebx (which is used for the GOT) as a 95 * fixed reserved register when building as PIC, leading to errors 96 * like: bn_mul.h:46:13: error: PIC register clobbered by 'ebx' in 'asm' 97 * 98 * This is fixed by an improved register allocator in GCC 5+. From the 99 * release notes: 100 * Register allocation improvements: Reuse of the PIC hard register, 101 * instead of using a fixed register, was implemented on x86/x86-64 102 * targets. This improves generated PIC code performance as more hard 103 * registers can be used. 104 */ 105 #if defined(__GNUC__) && __GNUC__ < 5 && defined(__PIC__) 106 #define MULADDC_CANNOT_USE_EBX 107 #endif 108 109 /* 110 * Disable use of the i386 assembly code below if option -O0, to disable all 111 * compiler optimisations, is passed, detected with __OPTIMIZE__ 112 * This is done as the number of registers used in the assembly code doesn't 113 * work with the -O0 option. 114 */ 115 #if defined(__i386__) && defined(__OPTIMIZE__) && !defined(MULADDC_CANNOT_USE_EBX) 116 117 #define MULADDC_X1_INIT \ 118 { mbedtls_mpi_uint t; \ 119 asm( \ 120 "movl %%ebx, %0 \n\t" \ 121 "movl %5, %%esi \n\t" \ 122 "movl %6, %%edi \n\t" \ 123 "movl %7, %%ecx \n\t" \ 124 "movl %8, %%ebx \n\t" 125 126 #define MULADDC_X1_CORE \ 127 "lodsl \n\t" \ 128 "mull %%ebx \n\t" \ 129 "addl %%ecx, %%eax \n\t" \ 130 "adcl $0, %%edx \n\t" \ 131 "addl (%%edi), %%eax \n\t" \ 132 "adcl $0, %%edx \n\t" \ 133 "movl %%edx, %%ecx \n\t" \ 134 "stosl \n\t" 135 136 #define MULADDC_X1_STOP \ 137 "movl %4, %%ebx \n\t" \ 138 "movl %%ecx, %1 \n\t" \ 139 "movl %%edi, %2 \n\t" \ 140 "movl %%esi, %3 \n\t" \ 141 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ 142 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ 143 : "eax", "ebx", "ecx", "edx", "esi", "edi" \ 144 ); } 145 146 #if defined(MBEDTLS_HAVE_SSE2) 147 148 #define MULADDC_X8_INIT MULADDC_X1_INIT 149 150 #define MULADDC_X8_CORE \ 151 "movd %%ecx, %%mm1 \n\t" \ 152 "movd %%ebx, %%mm0 \n\t" \ 153 "movd (%%edi), %%mm3 \n\t" \ 154 "paddq %%mm3, %%mm1 \n\t" \ 155 "movd (%%esi), %%mm2 \n\t" \ 156 "pmuludq %%mm0, %%mm2 \n\t" \ 157 "movd 4(%%esi), %%mm4 \n\t" \ 158 "pmuludq %%mm0, %%mm4 \n\t" \ 159 "movd 8(%%esi), %%mm6 \n\t" \ 160 "pmuludq %%mm0, %%mm6 \n\t" \ 161 "movd 12(%%esi), %%mm7 \n\t" \ 162 "pmuludq %%mm0, %%mm7 \n\t" \ 163 "paddq %%mm2, %%mm1 \n\t" \ 164 "movd 4(%%edi), %%mm3 \n\t" \ 165 "paddq %%mm4, %%mm3 \n\t" \ 166 "movd 8(%%edi), %%mm5 \n\t" \ 167 "paddq %%mm6, %%mm5 \n\t" \ 168 "movd 12(%%edi), %%mm4 \n\t" \ 169 "paddq %%mm4, %%mm7 \n\t" \ 170 "movd %%mm1, (%%edi) \n\t" \ 171 "movd 16(%%esi), %%mm2 \n\t" \ 172 "pmuludq %%mm0, %%mm2 \n\t" \ 173 "psrlq $32, %%mm1 \n\t" \ 174 "movd 20(%%esi), %%mm4 \n\t" \ 175 "pmuludq %%mm0, %%mm4 \n\t" \ 176 "paddq %%mm3, %%mm1 \n\t" \ 177 "movd 24(%%esi), %%mm6 \n\t" \ 178 "pmuludq %%mm0, %%mm6 \n\t" \ 179 "movd %%mm1, 4(%%edi) \n\t" \ 180 "psrlq $32, %%mm1 \n\t" \ 181 "movd 28(%%esi), %%mm3 \n\t" \ 182 "pmuludq %%mm0, %%mm3 \n\t" \ 183 "paddq %%mm5, %%mm1 \n\t" \ 184 "movd 16(%%edi), %%mm5 \n\t" \ 185 "paddq %%mm5, %%mm2 \n\t" \ 186 "movd %%mm1, 8(%%edi) \n\t" \ 187 "psrlq $32, %%mm1 \n\t" \ 188 "paddq %%mm7, %%mm1 \n\t" \ 189 "movd 20(%%edi), %%mm5 \n\t" \ 190 "paddq %%mm5, %%mm4 \n\t" \ 191 "movd %%mm1, 12(%%edi) \n\t" \ 192 "psrlq $32, %%mm1 \n\t" \ 193 "paddq %%mm2, %%mm1 \n\t" \ 194 "movd 24(%%edi), %%mm5 \n\t" \ 195 "paddq %%mm5, %%mm6 \n\t" \ 196 "movd %%mm1, 16(%%edi) \n\t" \ 197 "psrlq $32, %%mm1 \n\t" \ 198 "paddq %%mm4, %%mm1 \n\t" \ 199 "movd 28(%%edi), %%mm5 \n\t" \ 200 "paddq %%mm5, %%mm3 \n\t" \ 201 "movd %%mm1, 20(%%edi) \n\t" \ 202 "psrlq $32, %%mm1 \n\t" \ 203 "paddq %%mm6, %%mm1 \n\t" \ 204 "movd %%mm1, 24(%%edi) \n\t" \ 205 "psrlq $32, %%mm1 \n\t" \ 206 "paddq %%mm3, %%mm1 \n\t" \ 207 "movd %%mm1, 28(%%edi) \n\t" \ 208 "addl $32, %%edi \n\t" \ 209 "addl $32, %%esi \n\t" \ 210 "psrlq $32, %%mm1 \n\t" \ 211 "movd %%mm1, %%ecx \n\t" 212 213 #define MULADDC_X8_STOP \ 214 "emms \n\t" \ 215 "movl %4, %%ebx \n\t" \ 216 "movl %%ecx, %1 \n\t" \ 217 "movl %%edi, %2 \n\t" \ 218 "movl %%esi, %3 \n\t" \ 219 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ 220 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ 221 : "eax", "ebx", "ecx", "edx", "esi", "edi" \ 222 ); } \ 223 224 #endif /* SSE2 */ 225 226 #endif /* i386 */ 227 228 #if defined(__amd64__) || defined (__x86_64__) 229 230 #define MULADDC_X1_INIT \ 231 asm( \ 232 "xorq %%r8, %%r8\n" 233 234 #define MULADDC_X1_CORE \ 235 "movq (%%rsi), %%rax\n" \ 236 "mulq %%rbx\n" \ 237 "addq $8, %%rsi\n" \ 238 "addq %%rcx, %%rax\n" \ 239 "movq %%r8, %%rcx\n" \ 240 "adcq $0, %%rdx\n" \ 241 "nop \n" \ 242 "addq %%rax, (%%rdi)\n" \ 243 "adcq %%rdx, %%rcx\n" \ 244 "addq $8, %%rdi\n" 245 246 #define MULADDC_X1_STOP \ 247 : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ 248 : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ 249 : "rax", "rdx", "r8" \ 250 ); 251 252 #endif /* AMD64 */ 253 254 #if defined(__aarch64__) 255 256 #define MULADDC_X1_INIT \ 257 asm( 258 259 #define MULADDC_X1_CORE \ 260 "ldr x4, [%2], #8 \n\t" \ 261 "ldr x5, [%1] \n\t" \ 262 "mul x6, x4, %4 \n\t" \ 263 "umulh x7, x4, %4 \n\t" \ 264 "adds x5, x5, x6 \n\t" \ 265 "adc x7, x7, xzr \n\t" \ 266 "adds x5, x5, %0 \n\t" \ 267 "adc %0, x7, xzr \n\t" \ 268 "str x5, [%1], #8 \n\t" 269 270 #define MULADDC_X1_STOP \ 271 : "+r" (c), "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d) \ 272 : "r" (b), "m" (*(const uint64_t (*)[16]) s) \ 273 : "x4", "x5", "x6", "x7", "cc" \ 274 ); 275 276 #endif /* Aarch64 */ 277 278 #if defined(__mc68020__) || defined(__mcpu32__) 279 280 #define MULADDC_X1_INIT \ 281 asm( \ 282 "movl %3, %%a2 \n\t" \ 283 "movl %4, %%a3 \n\t" \ 284 "movl %5, %%d3 \n\t" \ 285 "movl %6, %%d2 \n\t" \ 286 "moveq #0, %%d0 \n\t" 287 288 #define MULADDC_X1_CORE \ 289 "movel %%a2@+, %%d1 \n\t" \ 290 "mulul %%d2, %%d4:%%d1 \n\t" \ 291 "addl %%d3, %%d1 \n\t" \ 292 "addxl %%d0, %%d4 \n\t" \ 293 "moveq #0, %%d3 \n\t" \ 294 "addl %%d1, %%a3@+ \n\t" \ 295 "addxl %%d4, %%d3 \n\t" 296 297 #define MULADDC_X1_STOP \ 298 "movl %%d3, %0 \n\t" \ 299 "movl %%a3, %1 \n\t" \ 300 "movl %%a2, %2 \n\t" \ 301 : "=m" (c), "=m" (d), "=m" (s) \ 302 : "m" (s), "m" (d), "m" (c), "m" (b) \ 303 : "d0", "d1", "d2", "d3", "d4", "a2", "a3" \ 304 ); 305 306 #define MULADDC_X8_INIT MULADDC_X1_INIT 307 308 #define MULADDC_X8_CORE \ 309 "movel %%a2@+, %%d1 \n\t" \ 310 "mulul %%d2, %%d4:%%d1 \n\t" \ 311 "addxl %%d3, %%d1 \n\t" \ 312 "addxl %%d0, %%d4 \n\t" \ 313 "addl %%d1, %%a3@+ \n\t" \ 314 "movel %%a2@+, %%d1 \n\t" \ 315 "mulul %%d2, %%d3:%%d1 \n\t" \ 316 "addxl %%d4, %%d1 \n\t" \ 317 "addxl %%d0, %%d3 \n\t" \ 318 "addl %%d1, %%a3@+ \n\t" \ 319 "movel %%a2@+, %%d1 \n\t" \ 320 "mulul %%d2, %%d4:%%d1 \n\t" \ 321 "addxl %%d3, %%d1 \n\t" \ 322 "addxl %%d0, %%d4 \n\t" \ 323 "addl %%d1, %%a3@+ \n\t" \ 324 "movel %%a2@+, %%d1 \n\t" \ 325 "mulul %%d2, %%d3:%%d1 \n\t" \ 326 "addxl %%d4, %%d1 \n\t" \ 327 "addxl %%d0, %%d3 \n\t" \ 328 "addl %%d1, %%a3@+ \n\t" \ 329 "movel %%a2@+, %%d1 \n\t" \ 330 "mulul %%d2, %%d4:%%d1 \n\t" \ 331 "addxl %%d3, %%d1 \n\t" \ 332 "addxl %%d0, %%d4 \n\t" \ 333 "addl %%d1, %%a3@+ \n\t" \ 334 "movel %%a2@+, %%d1 \n\t" \ 335 "mulul %%d2, %%d3:%%d1 \n\t" \ 336 "addxl %%d4, %%d1 \n\t" \ 337 "addxl %%d0, %%d3 \n\t" \ 338 "addl %%d1, %%a3@+ \n\t" \ 339 "movel %%a2@+, %%d1 \n\t" \ 340 "mulul %%d2, %%d4:%%d1 \n\t" \ 341 "addxl %%d3, %%d1 \n\t" \ 342 "addxl %%d0, %%d4 \n\t" \ 343 "addl %%d1, %%a3@+ \n\t" \ 344 "movel %%a2@+, %%d1 \n\t" \ 345 "mulul %%d2, %%d3:%%d1 \n\t" \ 346 "addxl %%d4, %%d1 \n\t" \ 347 "addxl %%d0, %%d3 \n\t" \ 348 "addl %%d1, %%a3@+ \n\t" \ 349 "addxl %%d0, %%d3 \n\t" 350 351 #define MULADDC_X8_STOP MULADDC_X1_STOP 352 353 #endif /* MC68000 */ 354 355 #if defined(__powerpc64__) || defined(__ppc64__) 356 357 #if defined(__MACH__) && defined(__APPLE__) 358 359 #define MULADDC_X1_INIT \ 360 asm( \ 361 "ld r3, %3 \n\t" \ 362 "ld r4, %4 \n\t" \ 363 "ld r5, %5 \n\t" \ 364 "ld r6, %6 \n\t" \ 365 "addi r3, r3, -8 \n\t" \ 366 "addi r4, r4, -8 \n\t" \ 367 "addic r5, r5, 0 \n\t" 368 369 #define MULADDC_X1_CORE \ 370 "ldu r7, 8(r3) \n\t" \ 371 "mulld r8, r7, r6 \n\t" \ 372 "mulhdu r9, r7, r6 \n\t" \ 373 "adde r8, r8, r5 \n\t" \ 374 "ld r7, 8(r4) \n\t" \ 375 "addze r5, r9 \n\t" \ 376 "addc r8, r8, r7 \n\t" \ 377 "stdu r8, 8(r4) \n\t" 378 379 #define MULADDC_X1_STOP \ 380 "addze r5, r5 \n\t" \ 381 "addi r4, r4, 8 \n\t" \ 382 "addi r3, r3, 8 \n\t" \ 383 "std r5, %0 \n\t" \ 384 "std r4, %1 \n\t" \ 385 "std r3, %2 \n\t" \ 386 : "=m" (c), "=m" (d), "=m" (s) \ 387 : "m" (s), "m" (d), "m" (c), "m" (b) \ 388 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 389 ); 390 391 392 #else /* __MACH__ && __APPLE__ */ 393 394 #define MULADDC_X1_INIT \ 395 asm( \ 396 "ld %%r3, %3 \n\t" \ 397 "ld %%r4, %4 \n\t" \ 398 "ld %%r5, %5 \n\t" \ 399 "ld %%r6, %6 \n\t" \ 400 "addi %%r3, %%r3, -8 \n\t" \ 401 "addi %%r4, %%r4, -8 \n\t" \ 402 "addic %%r5, %%r5, 0 \n\t" 403 404 #define MULADDC_X1_CORE \ 405 "ldu %%r7, 8(%%r3) \n\t" \ 406 "mulld %%r8, %%r7, %%r6 \n\t" \ 407 "mulhdu %%r9, %%r7, %%r6 \n\t" \ 408 "adde %%r8, %%r8, %%r5 \n\t" \ 409 "ld %%r7, 8(%%r4) \n\t" \ 410 "addze %%r5, %%r9 \n\t" \ 411 "addc %%r8, %%r8, %%r7 \n\t" \ 412 "stdu %%r8, 8(%%r4) \n\t" 413 414 #define MULADDC_X1_STOP \ 415 "addze %%r5, %%r5 \n\t" \ 416 "addi %%r4, %%r4, 8 \n\t" \ 417 "addi %%r3, %%r3, 8 \n\t" \ 418 "std %%r5, %0 \n\t" \ 419 "std %%r4, %1 \n\t" \ 420 "std %%r3, %2 \n\t" \ 421 : "=m" (c), "=m" (d), "=m" (s) \ 422 : "m" (s), "m" (d), "m" (c), "m" (b) \ 423 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 424 ); 425 426 #endif /* __MACH__ && __APPLE__ */ 427 428 #elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32 */ 429 430 #if defined(__MACH__) && defined(__APPLE__) 431 432 #define MULADDC_X1_INIT \ 433 asm( \ 434 "lwz r3, %3 \n\t" \ 435 "lwz r4, %4 \n\t" \ 436 "lwz r5, %5 \n\t" \ 437 "lwz r6, %6 \n\t" \ 438 "addi r3, r3, -4 \n\t" \ 439 "addi r4, r4, -4 \n\t" \ 440 "addic r5, r5, 0 \n\t" 441 442 #define MULADDC_X1_CORE \ 443 "lwzu r7, 4(r3) \n\t" \ 444 "mullw r8, r7, r6 \n\t" \ 445 "mulhwu r9, r7, r6 \n\t" \ 446 "adde r8, r8, r5 \n\t" \ 447 "lwz r7, 4(r4) \n\t" \ 448 "addze r5, r9 \n\t" \ 449 "addc r8, r8, r7 \n\t" \ 450 "stwu r8, 4(r4) \n\t" 451 452 #define MULADDC_X1_STOP \ 453 "addze r5, r5 \n\t" \ 454 "addi r4, r4, 4 \n\t" \ 455 "addi r3, r3, 4 \n\t" \ 456 "stw r5, %0 \n\t" \ 457 "stw r4, %1 \n\t" \ 458 "stw r3, %2 \n\t" \ 459 : "=m" (c), "=m" (d), "=m" (s) \ 460 : "m" (s), "m" (d), "m" (c), "m" (b) \ 461 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 462 ); 463 464 #else /* __MACH__ && __APPLE__ */ 465 466 #define MULADDC_X1_INIT \ 467 asm( \ 468 "lwz %%r3, %3 \n\t" \ 469 "lwz %%r4, %4 \n\t" \ 470 "lwz %%r5, %5 \n\t" \ 471 "lwz %%r6, %6 \n\t" \ 472 "addi %%r3, %%r3, -4 \n\t" \ 473 "addi %%r4, %%r4, -4 \n\t" \ 474 "addic %%r5, %%r5, 0 \n\t" 475 476 #define MULADDC_X1_CORE \ 477 "lwzu %%r7, 4(%%r3) \n\t" \ 478 "mullw %%r8, %%r7, %%r6 \n\t" \ 479 "mulhwu %%r9, %%r7, %%r6 \n\t" \ 480 "adde %%r8, %%r8, %%r5 \n\t" \ 481 "lwz %%r7, 4(%%r4) \n\t" \ 482 "addze %%r5, %%r9 \n\t" \ 483 "addc %%r8, %%r8, %%r7 \n\t" \ 484 "stwu %%r8, 4(%%r4) \n\t" 485 486 #define MULADDC_X1_STOP \ 487 "addze %%r5, %%r5 \n\t" \ 488 "addi %%r4, %%r4, 4 \n\t" \ 489 "addi %%r3, %%r3, 4 \n\t" \ 490 "stw %%r5, %0 \n\t" \ 491 "stw %%r4, %1 \n\t" \ 492 "stw %%r3, %2 \n\t" \ 493 : "=m" (c), "=m" (d), "=m" (s) \ 494 : "m" (s), "m" (d), "m" (c), "m" (b) \ 495 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 496 ); 497 498 #endif /* __MACH__ && __APPLE__ */ 499 500 #endif /* PPC32 */ 501 502 /* 503 * The Sparc(64) assembly is reported to be broken. 504 * Disable it for now, until we're able to fix it. 505 */ 506 #if 0 && defined(__sparc__) 507 #if defined(__sparc64__) 508 509 #define MULADDC_X1_INIT \ 510 asm( \ 511 "ldx %3, %%o0 \n\t" \ 512 "ldx %4, %%o1 \n\t" \ 513 "ld %5, %%o2 \n\t" \ 514 "ld %6, %%o3 \n\t" 515 516 #define MULADDC_X1_CORE \ 517 "ld [%%o0], %%o4 \n\t" \ 518 "inc 4, %%o0 \n\t" \ 519 "ld [%%o1], %%o5 \n\t" \ 520 "umul %%o3, %%o4, %%o4 \n\t" \ 521 "addcc %%o4, %%o2, %%o4 \n\t" \ 522 "rd %%y, %%g1 \n\t" \ 523 "addx %%g1, 0, %%g1 \n\t" \ 524 "addcc %%o4, %%o5, %%o4 \n\t" \ 525 "st %%o4, [%%o1] \n\t" \ 526 "addx %%g1, 0, %%o2 \n\t" \ 527 "inc 4, %%o1 \n\t" 528 529 #define MULADDC_X1_STOP \ 530 "st %%o2, %0 \n\t" \ 531 "stx %%o1, %1 \n\t" \ 532 "stx %%o0, %2 \n\t" \ 533 : "=m" (c), "=m" (d), "=m" (s) \ 534 : "m" (s), "m" (d), "m" (c), "m" (b) \ 535 : "g1", "o0", "o1", "o2", "o3", "o4", \ 536 "o5" \ 537 ); 538 539 #else /* __sparc64__ */ 540 541 #define MULADDC_X1_INIT \ 542 asm( \ 543 "ld %3, %%o0 \n\t" \ 544 "ld %4, %%o1 \n\t" \ 545 "ld %5, %%o2 \n\t" \ 546 "ld %6, %%o3 \n\t" 547 548 #define MULADDC_X1_CORE \ 549 "ld [%%o0], %%o4 \n\t" \ 550 "inc 4, %%o0 \n\t" \ 551 "ld [%%o1], %%o5 \n\t" \ 552 "umul %%o3, %%o4, %%o4 \n\t" \ 553 "addcc %%o4, %%o2, %%o4 \n\t" \ 554 "rd %%y, %%g1 \n\t" \ 555 "addx %%g1, 0, %%g1 \n\t" \ 556 "addcc %%o4, %%o5, %%o4 \n\t" \ 557 "st %%o4, [%%o1] \n\t" \ 558 "addx %%g1, 0, %%o2 \n\t" \ 559 "inc 4, %%o1 \n\t" 560 561 #define MULADDC_X1_STOP \ 562 "st %%o2, %0 \n\t" \ 563 "st %%o1, %1 \n\t" \ 564 "st %%o0, %2 \n\t" \ 565 : "=m" (c), "=m" (d), "=m" (s) \ 566 : "m" (s), "m" (d), "m" (c), "m" (b) \ 567 : "g1", "o0", "o1", "o2", "o3", "o4", \ 568 "o5" \ 569 ); 570 571 #endif /* __sparc64__ */ 572 #endif /* __sparc__ */ 573 574 #if defined(__microblaze__) || defined(microblaze) 575 576 #define MULADDC_X1_INIT \ 577 asm( \ 578 "lwi r3, %3 \n\t" \ 579 "lwi r4, %4 \n\t" \ 580 "lwi r5, %5 \n\t" \ 581 "lwi r6, %6 \n\t" \ 582 "andi r7, r6, 0xffff \n\t" \ 583 "bsrli r6, r6, 16 \n\t" 584 585 #if(__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) 586 #define MULADDC_LHUI \ 587 "lhui r9, r3, 0 \n\t" \ 588 "addi r3, r3, 2 \n\t" \ 589 "lhui r8, r3, 0 \n\t" 590 #else 591 #define MULADDC_LHUI \ 592 "lhui r8, r3, 0 \n\t" \ 593 "addi r3, r3, 2 \n\t" \ 594 "lhui r9, r3, 0 \n\t" 595 #endif 596 597 #define MULADDC_X1_CORE \ 598 MULADDC_LHUI \ 599 "addi r3, r3, 2 \n\t" \ 600 "mul r10, r9, r6 \n\t" \ 601 "mul r11, r8, r7 \n\t" \ 602 "mul r12, r9, r7 \n\t" \ 603 "mul r13, r8, r6 \n\t" \ 604 "bsrli r8, r10, 16 \n\t" \ 605 "bsrli r9, r11, 16 \n\t" \ 606 "add r13, r13, r8 \n\t" \ 607 "add r13, r13, r9 \n\t" \ 608 "bslli r10, r10, 16 \n\t" \ 609 "bslli r11, r11, 16 \n\t" \ 610 "add r12, r12, r10 \n\t" \ 611 "addc r13, r13, r0 \n\t" \ 612 "add r12, r12, r11 \n\t" \ 613 "addc r13, r13, r0 \n\t" \ 614 "lwi r10, r4, 0 \n\t" \ 615 "add r12, r12, r10 \n\t" \ 616 "addc r13, r13, r0 \n\t" \ 617 "add r12, r12, r5 \n\t" \ 618 "addc r5, r13, r0 \n\t" \ 619 "swi r12, r4, 0 \n\t" \ 620 "addi r4, r4, 4 \n\t" 621 622 #define MULADDC_X1_STOP \ 623 "swi r5, %0 \n\t" \ 624 "swi r4, %1 \n\t" \ 625 "swi r3, %2 \n\t" \ 626 : "=m" (c), "=m" (d), "=m" (s) \ 627 : "m" (s), "m" (d), "m" (c), "m" (b) \ 628 : "r3", "r4", "r5", "r6", "r7", "r8", \ 629 "r9", "r10", "r11", "r12", "r13" \ 630 ); 631 632 #endif /* MicroBlaze */ 633 634 #if defined(__tricore__) 635 636 #define MULADDC_X1_INIT \ 637 asm( \ 638 "ld.a %%a2, %3 \n\t" \ 639 "ld.a %%a3, %4 \n\t" \ 640 "ld.w %%d4, %5 \n\t" \ 641 "ld.w %%d1, %6 \n\t" \ 642 "xor %%d5, %%d5 \n\t" 643 644 #define MULADDC_X1_CORE \ 645 "ld.w %%d0, [%%a2+] \n\t" \ 646 "madd.u %%e2, %%e4, %%d0, %%d1 \n\t" \ 647 "ld.w %%d0, [%%a3] \n\t" \ 648 "addx %%d2, %%d2, %%d0 \n\t" \ 649 "addc %%d3, %%d3, 0 \n\t" \ 650 "mov %%d4, %%d3 \n\t" \ 651 "st.w [%%a3+], %%d2 \n\t" 652 653 #define MULADDC_X1_STOP \ 654 "st.w %0, %%d4 \n\t" \ 655 "st.a %1, %%a3 \n\t" \ 656 "st.a %2, %%a2 \n\t" \ 657 : "=m" (c), "=m" (d), "=m" (s) \ 658 : "m" (s), "m" (d), "m" (c), "m" (b) \ 659 : "d0", "d1", "e2", "d4", "a2", "a3" \ 660 ); 661 662 #endif /* TriCore */ 663 664 /* 665 * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about 666 * our use of r7 below, unless -fomit-frame-pointer is passed. 667 * 668 * On the other hand, -fomit-frame-pointer is implied by any -Ox options with 669 * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by 670 * clang and armcc5 under the same conditions). 671 * 672 * So, only use the optimized assembly below for optimized build, which avoids 673 * the build error and is pretty reasonable anyway. 674 */ 675 #if defined(__GNUC__) && !defined(__OPTIMIZE__) 676 #define MULADDC_CANNOT_USE_R7 677 #endif 678 679 #if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7) 680 681 #if defined(__thumb__) && !defined(__thumb2__) 682 683 #define MULADDC_X1_INIT \ 684 asm( \ 685 "ldr r0, %3 \n\t" \ 686 "ldr r1, %4 \n\t" \ 687 "ldr r2, %5 \n\t" \ 688 "ldr r3, %6 \n\t" \ 689 "lsr r7, r3, #16 \n\t" \ 690 "mov r9, r7 \n\t" \ 691 "lsl r7, r3, #16 \n\t" \ 692 "lsr r7, r7, #16 \n\t" \ 693 "mov r8, r7 \n\t" 694 695 #define MULADDC_X1_CORE \ 696 "ldmia r0!, {r6} \n\t" \ 697 "lsr r7, r6, #16 \n\t" \ 698 "lsl r6, r6, #16 \n\t" \ 699 "lsr r6, r6, #16 \n\t" \ 700 "mov r4, r8 \n\t" \ 701 "mul r4, r6 \n\t" \ 702 "mov r3, r9 \n\t" \ 703 "mul r6, r3 \n\t" \ 704 "mov r5, r9 \n\t" \ 705 "mul r5, r7 \n\t" \ 706 "mov r3, r8 \n\t" \ 707 "mul r7, r3 \n\t" \ 708 "lsr r3, r6, #16 \n\t" \ 709 "add r5, r5, r3 \n\t" \ 710 "lsr r3, r7, #16 \n\t" \ 711 "add r5, r5, r3 \n\t" \ 712 "add r4, r4, r2 \n\t" \ 713 "mov r2, #0 \n\t" \ 714 "adc r5, r2 \n\t" \ 715 "lsl r3, r6, #16 \n\t" \ 716 "add r4, r4, r3 \n\t" \ 717 "adc r5, r2 \n\t" \ 718 "lsl r3, r7, #16 \n\t" \ 719 "add r4, r4, r3 \n\t" \ 720 "adc r5, r2 \n\t" \ 721 "ldr r3, [r1] \n\t" \ 722 "add r4, r4, r3 \n\t" \ 723 "adc r2, r5 \n\t" \ 724 "stmia r1!, {r4} \n\t" 725 726 #define MULADDC_X1_STOP \ 727 "str r2, %0 \n\t" \ 728 "str r1, %1 \n\t" \ 729 "str r0, %2 \n\t" \ 730 : "=m" (c), "=m" (d), "=m" (s) \ 731 : "m" (s), "m" (d), "m" (c), "m" (b) \ 732 : "r0", "r1", "r2", "r3", "r4", "r5", \ 733 "r6", "r7", "r8", "r9", "cc" \ 734 ); 735 736 #elif (__ARM_ARCH >= 6) && \ 737 defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) 738 739 #define MULADDC_X1_INIT \ 740 { \ 741 mbedtls_mpi_uint tmp_a, tmp_b; \ 742 asm volatile ( 743 744 #define MULADDC_X1_CORE \ 745 ".p2align 2 \n\t" \ 746 "ldr %[a], [%[in]], #4 \n\t" \ 747 "ldr %[b], [%[acc]] \n\t" \ 748 "umaal %[b], %[carry], %[scalar], %[a] \n\t" \ 749 "str %[b], [%[acc]], #4 \n\t" 750 751 #define MULADDC_X1_STOP \ 752 : [a] "=&r" (tmp_a), \ 753 [b] "=&r" (tmp_b), \ 754 [in] "+r" (s), \ 755 [acc] "+r" (d), \ 756 [carry] "+l" (c) \ 757 : [scalar] "r" (b) \ 758 : "memory" \ 759 ); \ 760 } 761 762 #define MULADDC_X2_INIT \ 763 { \ 764 mbedtls_mpi_uint tmp_a0, tmp_b0; \ 765 mbedtls_mpi_uint tmp_a1, tmp_b1; \ 766 asm volatile ( 767 768 /* - Make sure loop is 4-byte aligned to avoid stalls 769 * upon repeated non-word aligned instructions in 770 * some microarchitectures. 771 * - Don't use ldm with post-increment or back-to-back 772 * loads with post-increment and same address register 773 * to avoid stalls on some microarchitectures. 774 * - Bunch loads and stores to reduce latency on some 775 * microarchitectures. E.g., on Cortex-M4, the first 776 * in a series of load/store operations has latency 777 * 2 cycles, while subsequent loads/stores are single-cycle. */ 778 #define MULADDC_X2_CORE \ 779 ".p2align 2 \n\t" \ 780 "ldr %[a0], [%[in]], #+8 \n\t" \ 781 "ldr %[b0], [%[acc]], #+8 \n\t" \ 782 "ldr %[a1], [%[in], #-4] \n\t" \ 783 "ldr %[b1], [%[acc], #-4] \n\t" \ 784 "umaal %[b0], %[carry], %[scalar], %[a0] \n\t" \ 785 "umaal %[b1], %[carry], %[scalar], %[a1] \n\t" \ 786 "str %[b0], [%[acc], #-8] \n\t" \ 787 "str %[b1], [%[acc], #-4] \n\t" 788 789 #define MULADDC_X2_STOP \ 790 : [a0] "=&r" (tmp_a0), \ 791 [b0] "=&r" (tmp_b0), \ 792 [a1] "=&r" (tmp_a1), \ 793 [b1] "=&r" (tmp_b1), \ 794 [in] "+r" (s), \ 795 [acc] "+r" (d), \ 796 [carry] "+l" (c) \ 797 : [scalar] "r" (b) \ 798 : "memory" \ 799 ); \ 800 } 801 802 #else 803 804 #define MULADDC_X1_INIT \ 805 asm( \ 806 "ldr r0, %3 \n\t" \ 807 "ldr r1, %4 \n\t" \ 808 "ldr r2, %5 \n\t" \ 809 "ldr r3, %6 \n\t" 810 811 #define MULADDC_X1_CORE \ 812 "ldr r4, [r0], #4 \n\t" \ 813 "mov r5, #0 \n\t" \ 814 "ldr r6, [r1] \n\t" \ 815 "umlal r2, r5, r3, r4 \n\t" \ 816 "adds r7, r6, r2 \n\t" \ 817 "adc r2, r5, #0 \n\t" \ 818 "str r7, [r1], #4 \n\t" 819 820 #define MULADDC_X1_STOP \ 821 "str r2, %0 \n\t" \ 822 "str r1, %1 \n\t" \ 823 "str r0, %2 \n\t" \ 824 : "=m" (c), "=m" (d), "=m" (s) \ 825 : "m" (s), "m" (d), "m" (c), "m" (b) \ 826 : "r0", "r1", "r2", "r3", "r4", "r5", \ 827 "r6", "r7", "cc" \ 828 ); 829 830 #endif /* Thumb */ 831 832 #endif /* ARMv3 */ 833 834 #if defined(__alpha__) 835 836 #define MULADDC_X1_INIT \ 837 asm( \ 838 "ldq $1, %3 \n\t" \ 839 "ldq $2, %4 \n\t" \ 840 "ldq $3, %5 \n\t" \ 841 "ldq $4, %6 \n\t" 842 843 #define MULADDC_X1_CORE \ 844 "ldq $6, 0($1) \n\t" \ 845 "addq $1, 8, $1 \n\t" \ 846 "mulq $6, $4, $7 \n\t" \ 847 "umulh $6, $4, $6 \n\t" \ 848 "addq $7, $3, $7 \n\t" \ 849 "cmpult $7, $3, $3 \n\t" \ 850 "ldq $5, 0($2) \n\t" \ 851 "addq $7, $5, $7 \n\t" \ 852 "cmpult $7, $5, $5 \n\t" \ 853 "stq $7, 0($2) \n\t" \ 854 "addq $2, 8, $2 \n\t" \ 855 "addq $6, $3, $3 \n\t" \ 856 "addq $5, $3, $3 \n\t" 857 858 #define MULADDC_X1_STOP \ 859 "stq $3, %0 \n\t" \ 860 "stq $2, %1 \n\t" \ 861 "stq $1, %2 \n\t" \ 862 : "=m" (c), "=m" (d), "=m" (s) \ 863 : "m" (s), "m" (d), "m" (c), "m" (b) \ 864 : "$1", "$2", "$3", "$4", "$5", "$6", "$7" \ 865 ); 866 #endif /* Alpha */ 867 868 #if defined(__mips__) && !defined(__mips64) 869 870 #define MULADDC_X1_INIT \ 871 asm( \ 872 "lw $10, %3 \n\t" \ 873 "lw $11, %4 \n\t" \ 874 "lw $12, %5 \n\t" \ 875 "lw $13, %6 \n\t" 876 877 #define MULADDC_X1_CORE \ 878 "lw $14, 0($10) \n\t" \ 879 "multu $13, $14 \n\t" \ 880 "addi $10, $10, 4 \n\t" \ 881 "mflo $14 \n\t" \ 882 "mfhi $9 \n\t" \ 883 "addu $14, $12, $14 \n\t" \ 884 "lw $15, 0($11) \n\t" \ 885 "sltu $12, $14, $12 \n\t" \ 886 "addu $15, $14, $15 \n\t" \ 887 "sltu $14, $15, $14 \n\t" \ 888 "addu $12, $12, $9 \n\t" \ 889 "sw $15, 0($11) \n\t" \ 890 "addu $12, $12, $14 \n\t" \ 891 "addi $11, $11, 4 \n\t" 892 893 #define MULADDC_X1_STOP \ 894 "sw $12, %0 \n\t" \ 895 "sw $11, %1 \n\t" \ 896 "sw $10, %2 \n\t" \ 897 : "=m" (c), "=m" (d), "=m" (s) \ 898 : "m" (s), "m" (d), "m" (c), "m" (b) \ 899 : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \ 900 ); 901 902 #endif /* MIPS */ 903 #endif /* GNUC */ 904 905 #if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) 906 907 #define MULADDC_X1_INIT \ 908 __asm mov esi, s \ 909 __asm mov edi, d \ 910 __asm mov ecx, c \ 911 __asm mov ebx, b 912 913 #define MULADDC_X1_CORE \ 914 __asm lodsd \ 915 __asm mul ebx \ 916 __asm add eax, ecx \ 917 __asm adc edx, 0 \ 918 __asm add eax, [edi] \ 919 __asm adc edx, 0 \ 920 __asm mov ecx, edx \ 921 __asm stosd 922 923 #define MULADDC_X1_STOP \ 924 __asm mov c, ecx \ 925 __asm mov d, edi \ 926 __asm mov s, esi 927 928 #if defined(MBEDTLS_HAVE_SSE2) 929 930 #define EMIT __asm _emit 931 932 #define MULADDC_X8_INIT MULADDC_X1_INIT 933 934 #define MULADDC_X8_CORE \ 935 EMIT 0x0F EMIT 0x6E EMIT 0xC9 \ 936 EMIT 0x0F EMIT 0x6E EMIT 0xC3 \ 937 EMIT 0x0F EMIT 0x6E EMIT 0x1F \ 938 EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ 939 EMIT 0x0F EMIT 0x6E EMIT 0x16 \ 940 EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ 941 EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x04 \ 942 EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ 943 EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x08 \ 944 EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ 945 EMIT 0x0F EMIT 0x6E EMIT 0x7E EMIT 0x0C \ 946 EMIT 0x0F EMIT 0xF4 EMIT 0xF8 \ 947 EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ 948 EMIT 0x0F EMIT 0x6E EMIT 0x5F EMIT 0x04 \ 949 EMIT 0x0F EMIT 0xD4 EMIT 0xDC \ 950 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x08 \ 951 EMIT 0x0F EMIT 0xD4 EMIT 0xEE \ 952 EMIT 0x0F EMIT 0x6E EMIT 0x67 EMIT 0x0C \ 953 EMIT 0x0F EMIT 0xD4 EMIT 0xFC \ 954 EMIT 0x0F EMIT 0x7E EMIT 0x0F \ 955 EMIT 0x0F EMIT 0x6E EMIT 0x56 EMIT 0x10 \ 956 EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ 957 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 958 EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x14 \ 959 EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ 960 EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ 961 EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x18 \ 962 EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ 963 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x04 \ 964 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 965 EMIT 0x0F EMIT 0x6E EMIT 0x5E EMIT 0x1C \ 966 EMIT 0x0F EMIT 0xF4 EMIT 0xD8 \ 967 EMIT 0x0F EMIT 0xD4 EMIT 0xCD \ 968 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x10 \ 969 EMIT 0x0F EMIT 0xD4 EMIT 0xD5 \ 970 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x08 \ 971 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 972 EMIT 0x0F EMIT 0xD4 EMIT 0xCF \ 973 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x14 \ 974 EMIT 0x0F EMIT 0xD4 EMIT 0xE5 \ 975 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x0C \ 976 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 977 EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ 978 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x18 \ 979 EMIT 0x0F EMIT 0xD4 EMIT 0xF5 \ 980 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x10 \ 981 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 982 EMIT 0x0F EMIT 0xD4 EMIT 0xCC \ 983 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x1C \ 984 EMIT 0x0F EMIT 0xD4 EMIT 0xDD \ 985 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x14 \ 986 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 987 EMIT 0x0F EMIT 0xD4 EMIT 0xCE \ 988 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x18 \ 989 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 990 EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ 991 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x1C \ 992 EMIT 0x83 EMIT 0xC7 EMIT 0x20 \ 993 EMIT 0x83 EMIT 0xC6 EMIT 0x20 \ 994 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 995 EMIT 0x0F EMIT 0x7E EMIT 0xC9 996 997 #define MULADDC_X8_STOP \ 998 EMIT 0x0F EMIT 0x77 \ 999 __asm mov c, ecx \ 1000 __asm mov d, edi \ 1001 __asm mov s, esi 1002 1003 #endif /* SSE2 */ 1004 #endif /* MSVC */ 1005 1006 #endif /* MBEDTLS_HAVE_ASM */ 1007 1008 #if !defined(MULADDC_X1_CORE) 1009 #if defined(MBEDTLS_HAVE_UDBL) 1010 1011 #define MULADDC_X1_INIT \ 1012 { \ 1013 mbedtls_t_udbl r; \ 1014 mbedtls_mpi_uint r0, r1; 1015 1016 #define MULADDC_X1_CORE \ 1017 r = *(s++) * (mbedtls_t_udbl) b; \ 1018 r0 = (mbedtls_mpi_uint) r; \ 1019 r1 = (mbedtls_mpi_uint)( r >> biL ); \ 1020 r0 += c; r1 += (r0 < c); \ 1021 r0 += *d; r1 += (r0 < *d); \ 1022 c = r1; *(d++) = r0; 1023 1024 #define MULADDC_X1_STOP \ 1025 } 1026 1027 #else /* MBEDTLS_HAVE_UDBL */ 1028 1029 #define MULADDC_X1_INIT \ 1030 { \ 1031 mbedtls_mpi_uint s0, s1, b0, b1; \ 1032 mbedtls_mpi_uint r0, r1, rx, ry; \ 1033 b0 = ( b << biH ) >> biH; \ 1034 b1 = ( b >> biH ); 1035 1036 #define MULADDC_X1_CORE \ 1037 s0 = ( *s << biH ) >> biH; \ 1038 s1 = ( *s >> biH ); s++; \ 1039 rx = s0 * b1; r0 = s0 * b0; \ 1040 ry = s1 * b0; r1 = s1 * b1; \ 1041 r1 += ( rx >> biH ); \ 1042 r1 += ( ry >> biH ); \ 1043 rx <<= biH; ry <<= biH; \ 1044 r0 += rx; r1 += (r0 < rx); \ 1045 r0 += ry; r1 += (r0 < ry); \ 1046 r0 += c; r1 += (r0 < c); \ 1047 r0 += *d; r1 += (r0 < *d); \ 1048 c = r1; *(d++) = r0; 1049 1050 #define MULADDC_X1_STOP \ 1051 } 1052 1053 #endif /* C (longlong) */ 1054 #endif /* C (generic) */ 1055 1056 #if !defined(MULADDC_X2_CORE) 1057 #define MULADDC_X2_INIT MULADDC_X1_INIT 1058 #define MULADDC_X2_STOP MULADDC_X1_STOP 1059 #define MULADDC_X2_CORE MULADDC_X1_CORE MULADDC_X1_CORE 1060 #endif /* MULADDC_X2_CORE */ 1061 1062 #if !defined(MULADDC_X4_CORE) 1063 #define MULADDC_X4_INIT MULADDC_X2_INIT 1064 #define MULADDC_X4_STOP MULADDC_X2_STOP 1065 #define MULADDC_X4_CORE MULADDC_X2_CORE MULADDC_X2_CORE 1066 #endif /* MULADDC_X4_CORE */ 1067 1068 #if !defined(MULADDC_X8_CORE) 1069 #define MULADDC_X8_INIT MULADDC_X4_INIT 1070 #define MULADDC_X8_STOP MULADDC_X4_STOP 1071 #define MULADDC_X8_CORE MULADDC_X4_CORE MULADDC_X4_CORE 1072 #endif /* MULADDC_X8_CORE */ 1073 1074 #endif /* bn_mul.h */ 1075
