1
0
mirror of https://github.com/henrydcase/nobs.git synced 2024-11-26 00:51:22 +00:00
nobs/dh/sidh/p751/arith_arm64.s
Kris Kwiatkowski 90f8cba329
SIDH: Update (#9)
* Change license to BSD-3

* SIDH: Multiple developlemnts
2018-12-03 23:07:01 +00:00

1521 lines
26 KiB
ArmAsm

// +build arm64,!noasm
#include "textflag.h"
TEXT ·fp751ConditionalSwap(SB), NOSPLIT, $0-17
MOVD x+0(FP), R0
MOVD y+8(FP), R1
MOVB choice+16(FP), R2
// Set flags
// If choice is not 0 or 1, this implementation will swap completely
CMP $0, R2
LDP 0(R0), (R3, R4)
LDP 0(R1), (R5, R6)
CSEL EQ, R3, R5, R7
CSEL EQ, R4, R6, R8
STP (R7, R8), 0(R0)
CSEL NE, R3, R5, R9
CSEL NE, R4, R6, R10
STP (R9, R10), 0(R1)
LDP 16(R0), (R3, R4)
LDP 16(R1), (R5, R6)
CSEL EQ, R3, R5, R7
CSEL EQ, R4, R6, R8
STP (R7, R8), 16(R0)
CSEL NE, R3, R5, R9
CSEL NE, R4, R6, R10
STP (R9, R10), 16(R1)
LDP 32(R0), (R3, R4)
LDP 32(R1), (R5, R6)
CSEL EQ, R3, R5, R7
CSEL EQ, R4, R6, R8
STP (R7, R8), 32(R0)
CSEL NE, R3, R5, R9
CSEL NE, R4, R6, R10
STP (R9, R10), 32(R1)
LDP 48(R0), (R3, R4)
LDP 48(R1), (R5, R6)
CSEL EQ, R3, R5, R7
CSEL EQ, R4, R6, R8
STP (R7, R8), 48(R0)
CSEL NE, R3, R5, R9
CSEL NE, R4, R6, R10
STP (R9, R10), 48(R1)
LDP 64(R0), (R3, R4)
LDP 64(R1), (R5, R6)
CSEL EQ, R3, R5, R7
CSEL EQ, R4, R6, R8
STP (R7, R8), 64(R0)
CSEL NE, R3, R5, R9
CSEL NE, R4, R6, R10
STP (R9, R10), 64(R1)
LDP 80(R0), (R3, R4)
LDP 80(R1), (R5, R6)
CSEL EQ, R3, R5, R7
CSEL EQ, R4, R6, R8
STP (R7, R8), 80(R0)
CSEL NE, R3, R5, R9
CSEL NE, R4, R6, R10
STP (R9, R10), 80(R1)
RET
TEXT ·fp751AddReduced(SB), NOSPLIT, $0-24
MOVD z+0(FP), R2
MOVD x+8(FP), R0
MOVD y+16(FP), R1
// Load first summand into R3-R14
// Add first summand and second summand and store result in R3-R14
LDP 0(R0), (R3, R4)
LDP 0(R1), (R15, R16)
LDP 16(R0), (R5, R6)
LDP 16(R1), (R17, R19)
ADDS R15, R3
ADCS R16, R4
ADCS R17, R5
ADCS R19, R6
LDP 32(R0), (R7, R8)
LDP 32(R1), (R15, R16)
LDP 48(R0), (R9, R10)
LDP 48(R1), (R17, R19)
ADCS R15, R7
ADCS R16, R8
ADCS R17, R9
ADCS R19, R10
LDP 64(R0), (R11, R12)
LDP 64(R1), (R15, R16)
LDP 80(R0), (R13, R14)
LDP 80(R1), (R17, R19)
ADCS R15, R11
ADCS R16, R12
ADCS R17, R13
ADC R19, R14
// Subtract 2 * p751 in R15-R24 from the result in R3-R14
LDP ·p751x2+0(SB), (R15, R16)
SUBS R15, R3
SBCS R16, R4
LDP ·p751x2+40(SB), (R17, R19)
SBCS R16, R5
SBCS R16, R6
SBCS R16, R7
LDP ·p751x2+56(SB), (R20, R21)
SBCS R17, R8
SBCS R19, R9
LDP ·p751x2+72(SB), (R22, R23)
SBCS R20, R10
SBCS R21, R11
MOVD ·p751x2+88(SB), R24
SBCS R22, R12
SBCS R23, R13
SBCS R24, R14
SBC ZR, ZR, R25
// If x + y - 2 * p751 < 0, R25 is 1 and 2 * p751 should be added
AND R25, R15
AND R25, R16
AND R25, R17
AND R25, R19
AND R25, R20
AND R25, R21
AND R25, R22
AND R25, R23
AND R25, R24
ADDS R15, R3
ADCS R16, R4
STP (R3, R4), 0(R2)
ADCS R16, R5
ADCS R16, R6
STP (R5, R6), 16(R2)
ADCS R16, R7
ADCS R17, R8
STP (R7, R8), 32(R2)
ADCS R19, R9
ADCS R20, R10
STP (R9, R10), 48(R2)
ADCS R21, R11
ADCS R22, R12
STP (R11, R12), 64(R2)
ADCS R23, R13
ADC R24, R14
STP (R13, R14), 80(R2)
RET
TEXT ·fp751SubReduced(SB), NOSPLIT, $0-24
MOVD z+0(FP), R2
MOVD x+8(FP), R0
MOVD y+16(FP), R1
// Load x into R3-R14
// Subtract y from x and store result in R3-R14
LDP 0(R0), (R3, R4)
LDP 0(R1), (R15, R16)
LDP 16(R0), (R5, R6)
LDP 16(R1), (R17, R19)
SUBS R15, R3
SBCS R16, R4
SBCS R17, R5
SBCS R19, R6
LDP 32(R0), (R7, R8)
LDP 32(R1), (R15, R16)
LDP 48(R0), (R9, R10)
LDP 48(R1), (R17, R19)
SBCS R15, R7
SBCS R16, R8
SBCS R17, R9
SBCS R19, R10
LDP 64(R0), (R11, R12)
LDP 64(R1), (R15, R16)
LDP 80(R0), (R13, R14)
LDP 80(R1), (R17, R19)
SBCS R15, R11
SBCS R16, R12
SBCS R17, R13
SBCS R19, R14
SBC ZR, ZR, R15
// If x - y < 0, R15 is 1 and 2 * p751 should be added
LDP ·p751x2+0(SB), (R16, R17)
AND R15, R16
AND R15, R17
LDP ·p751x2+40(SB), (R19, R20)
AND R15, R19
AND R15, R20
ADDS R16, R3
ADCS R17, R4
STP (R3, R4), 0(R2)
ADCS R17, R5
ADCS R17, R6
STP (R5, R6), 16(R2)
ADCS R17, R7
ADCS R19, R8
STP (R7, R8), 32(R2)
ADCS R20, R9
LDP ·p751x2+56(SB), (R16, R17)
AND R15, R16
AND R15, R17
LDP ·p751x2+72(SB), (R19, R20)
AND R15, R19
AND R15, R20
ADCS R16, R10
STP (R9, R10), 48(R2)
ADCS R17, R11
ADCS R19, R12
STP (R11, R12), 64(R2)
ADCS R20, R13
MOVD ·p751x2+88(SB), R16
AND R15, R16
ADC R16, R14
STP (R13, R14), 80(R2)
RET
TEXT ·fp751AddLazy(SB), NOSPLIT, $0-24
MOVD z+0(FP), R2
MOVD x+8(FP), R0
MOVD y+16(FP), R1
// Load first summand into R3-R14
// Add first summand and second summand and store result in R3-R14
LDP 0(R0), (R3, R4)
LDP 0(R1), (R15, R16)
LDP 16(R0), (R5, R6)
LDP 16(R1), (R17, R19)
ADDS R15, R3
ADCS R16, R4
STP (R3, R4), 0(R2)
ADCS R17, R5
ADCS R19, R6
STP (R5, R6), 16(R2)
LDP 32(R0), (R7, R8)
LDP 32(R1), (R15, R16)
LDP 48(R0), (R9, R10)
LDP 48(R1), (R17, R19)
ADCS R15, R7
ADCS R16, R8
STP (R7, R8), 32(R2)
ADCS R17, R9
ADCS R19, R10
STP (R9, R10), 48(R2)
LDP 64(R0), (R11, R12)
LDP 64(R1), (R15, R16)
LDP 80(R0), (R13, R14)
LDP 80(R1), (R17, R19)
ADCS R15, R11
ADCS R16, R12
STP (R11, R12), 64(R2)
ADCS R17, R13
ADC R19, R14
STP (R13, R14), 80(R2)
RET
TEXT ·fp751X2AddLazy(SB), NOSPLIT, $0-24
MOVD z+0(FP), R2
MOVD x+8(FP), R0
MOVD y+16(FP), R1
LDP 0(R0), (R3, R4)
LDP 0(R1), (R15, R16)
LDP 16(R0), (R5, R6)
LDP 16(R1), (R17, R19)
ADDS R15, R3
ADCS R16, R4
STP (R3, R4), 0(R2)
ADCS R17, R5
ADCS R19, R6
STP (R5, R6), 16(R2)
LDP 32(R0), (R7, R8)
LDP 32(R1), (R15, R16)
LDP 48(R0), (R9, R10)
LDP 48(R1), (R17, R19)
ADCS R15, R7
ADCS R16, R8
STP (R7, R8), 32(R2)
ADCS R17, R9
ADCS R19, R10
STP (R9, R10), 48(R2)
LDP 64(R0), (R11, R12)
LDP 64(R1), (R15, R16)
LDP 80(R0), (R13, R14)
LDP 80(R1), (R17, R19)
ADCS R15, R11
ADCS R16, R12
STP (R11, R12), 64(R2)
ADCS R17, R13
ADCS R19, R14
STP (R13, R14), 80(R2)
LDP 96(R0), (R3, R4)
LDP 96(R1), (R15, R16)
LDP 112(R0), (R5, R6)
LDP 112(R1), (R17, R19)
ADCS R15, R3
ADCS R16, R4
STP (R3, R4), 96(R2)
ADCS R17, R5
ADCS R19, R6
STP (R5, R6), 112(R2)
LDP 128(R0), (R7, R8)
LDP 128(R1), (R15, R16)
LDP 144(R0), (R9, R10)
LDP 144(R1), (R17, R19)
ADCS R15, R7
ADCS R16, R8
STP (R7, R8), 128(R2)
ADCS R17, R9
ADCS R19, R10
STP (R9, R10), 144(R2)
LDP 160(R0), (R11, R12)
LDP 160(R1), (R15, R16)
LDP 176(R0), (R13, R14)
LDP 176(R1), (R17, R19)
ADCS R15, R11
ADCS R16, R12
STP (R11, R12), 160(R2)
ADCS R17, R13
ADC R19, R14
STP (R13, R14), 176(R2)
RET
TEXT ·fp751X2SubLazy(SB), NOSPLIT, $0-24
MOVD z+0(FP), R2
MOVD x+8(FP), R0
MOVD y+16(FP), R1
LDP 0(R0), (R3, R4)
LDP 0(R1), (R15, R16)
LDP 16(R0), (R5, R6)
LDP 16(R1), (R17, R19)
SUBS R15, R3
SBCS R16, R4
STP (R3, R4), 0(R2)
SBCS R17, R5
SBCS R19, R6
STP (R5, R6), 16(R2)
LDP 32(R0), (R7, R8)
LDP 32(R1), (R15, R16)
LDP 48(R0), (R9, R10)
LDP 48(R1), (R17, R19)
SBCS R15, R7
SBCS R16, R8
STP (R7, R8), 32(R2)
SBCS R17, R9
SBCS R19, R10
STP (R9, R10), 48(R2)
LDP 64(R0), (R11, R12)
LDP 64(R1), (R15, R16)
LDP 80(R0), (R13, R14)
LDP 80(R1), (R17, R19)
SBCS R15, R11
SBCS R16, R12
STP (R11, R12), 64(R2)
SBCS R17, R13
SBCS R19, R14
STP (R13, R14), 80(R2)
LDP 96(R0), (R3, R4)
LDP 96(R1), (R15, R16)
LDP 112(R0), (R5, R6)
LDP 112(R1), (R17, R19)
SBCS R15, R3
SBCS R16, R4
SBCS R17, R5
SBCS R19, R6
LDP 128(R0), (R7, R8)
LDP 128(R1), (R15, R16)
LDP 144(R0), (R9, R10)
LDP 144(R1), (R17, R19)
SBCS R15, R7
SBCS R16, R8
SBCS R17, R9
SBCS R19, R10
LDP 160(R0), (R11, R12)
LDP 160(R1), (R15, R16)
LDP 176(R0), (R13, R14)
LDP 176(R1), (R17, R19)
SBCS R15, R11
SBCS R16, R12
SBCS R17, R13
SBCS R19, R14
SBC ZR, ZR, R15
// If x - y < 0, R15 is 1 and p751 should be added
MOVD ·p751+0(SB), R20
AND R15, R20
LDP ·p751+40(SB), (R16, R17)
ADDS R20, R3
ADCS R20, R4
STP (R3, R4), 96(R2)
ADCS R20, R5
ADCS R20, R6
STP (R5, R6), 112(R2)
ADCS R20, R7
LDP ·p751+56(SB), (R19, R20)
AND R15, R16
AND R15, R17
ADCS R16, R8
STP (R7, R8), 128(R2)
ADCS R17, R9
LDP ·p751+72(SB), (R16, R17)
AND R15, R19
AND R15, R20
ADCS R19, R10
STP (R9, R10), 144(R2)
ADCS R20, R11
MOVD ·p751+88(SB), R19
AND R15, R16
AND R15, R17
ADCS R16, R12
STP (R11, R12), 160(R2)
ADCS R17, R13
AND R15, R19
ADC R19, R14
STP (R13, R14), 176(R2)
RET
// Expects that X0*Y0 is already in Z0(low),Z3(high) and X0*Y1 in Z1(low),Z2(high)
// Z0 is not actually touched
// Result of (X0-X2) * (Y0-Y2) will be in Z0-Z5
// Inputs remain intact
#define mul192x192comba(X0, X1, X2, Y0, Y1, Y2, Z0, Z1, Z2, Z3, Z4, Z5, T0, T1, T2, T3) \
MUL X1, Y0, T2 \
UMULH X1, Y0, T3 \
\
ADDS Z3, Z1 \
ADCS ZR, Z2 \
ADC ZR, ZR, Z3 \
\
MUL X0, Y2, T0 \
UMULH X0, Y2, T1 \
\
ADDS T2, Z1 \
ADCS T3, Z2 \
ADC ZR, Z3 \
\
MUL X1, Y1, T2 \
UMULH X1, Y1, T3 \
\
ADDS T0, Z2 \
ADCS T1, Z3 \
ADC ZR, ZR, Z4 \
\
MUL X2, Y0, T0 \
UMULH X2, Y0, T1 \
\
ADDS T2, Z2 \
ADCS T3, Z3 \
ADC ZR, Z4 \
\
MUL X1, Y2, T2 \
UMULH X1, Y2, T3 \
\
ADDS T0, Z2 \
ADCS T1, Z3 \
ADC ZR, Z4 \
\
MUL X2, Y1, T0 \
UMULH X2, Y1, T1 \
\
ADDS T2, Z3 \
ADCS T3, Z4 \
ADC ZR, ZR, Z5 \
\
MUL X2, Y2, T2 \
UMULH X2, Y2, T3 \
\
ADDS T0, Z3 \
ADCS T1, Z4 \
ADC ZR, Z5 \
\
ADDS T2, Z4 \
ADC T3, Z5
// Expects that X points to (X4-X6), Y to (Y4-Y6)
// Result of (X0-X5) * (Y0-Y5) will be in (0(Z), 8(Z), 16(Z), T0-T8)
// Inputs get overwritten
#define mul384x384karatsuba(X, Y, Z, X0, X1, X2, X3, X4, X5, Y0, Y1, Y2, Y3, Y4, Y5, T0, T1, T2, T3, T4, T5, T6, T7, T8, T9, T10)\
ADDS X0, X3 \ // xH + xL, destroys xH
ADCS X1, X4 \
ADCS X2, X5 \
ADC ZR, ZR, T10 \
\
ADDS Y0, Y3 \ // yH + yL, destroys yH
ADCS Y1, Y4 \
ADCS Y2, Y5 \
ADC ZR, ZR, T6 \
\
SUB T10, ZR, T7 \
SUB T6, ZR, T8 \
AND T6, T10 \ // combined carry
\
AND T7, Y3, T0 \ // masked(yH + yL)
AND T7, Y4, T1 \
AND T7, Y5, T2 \
\
AND T8, X3, T3 \ // masked(xH + xL)
AND T8, X4, T4 \
AND T8, X5, T5 \
\
ADDS T3, T0 \
ADCS T4, T1 \
STP (T0, T1), 0+Z \
\
MUL X3, Y3, T0 \
MUL X3, Y4, T1 \
\
ADCS T5, T2 \
MOVD T2, 16+Z \
\
UMULH X3, Y4, T2 \
UMULH X3, Y3, T3 \
\
ADC ZR, T10 \
\ // (xH + xL) * (yH + yL)
mul192x192comba(X3, X4, X5, Y3, Y4, Y5, T0, T1, T2, T3, T4, T5, T6, T7, T8, T9)\
\
MUL X0, Y0, X3 \
LDP 0+Z, (T6, T7) \
MOVD 16+Z, T8 \
\
UMULH X0, Y0, Y3 \
ADDS T6, T3 \
ADCS T7, T4 \
MUL X0, Y1, X4 \
ADCS T8, T5 \
ADC ZR, T10 \
UMULH X0, Y1, X5 \
\ // xL * yL
mul192x192comba(X0, X1, X2, Y0, Y1, Y2, X3, X4, X5, Y3, Y4, Y5, T6, T7, T8, T9)\
\
STP (X3, X4), 0+Z \
MOVD X5, 16+Z \
\
SUBS X3, T0 \ // (xH + xL) * (yH + yL) - xL * yL
SBCS X4, T1 \
LDP 0+X, (X3, X4) \
SBCS X5, T2 \
MOVD 16+X, X5 \
SBCS Y3, T3 \
SBCS Y4, T4 \
SBCS Y5, T5 \
SBC ZR, T10 \
\
ADDS Y3, T0 \ // ((xH + xL) * (yH + yL) - xL * yL) * 2^192 + xL * yL
ADCS Y4, T1 \
LDP 0+Y, (Y3, Y4) \
MUL X3, Y3, X0 \
ADCS Y5, T2 \
UMULH X3, Y3, Y0 \
MOVD 16+Y, Y5 \
MUL X3, Y4, X1 \
ADCS ZR, T3 \
UMULH X3, Y4, X2 \
ADCS ZR, T4 \
ADCS ZR, T5 \
ADC ZR, T10 \
\ // xH * yH, overwrite xLow, yLow
mul192x192comba(X3, X4, X5, Y3, Y4, Y5, X0, X1, X2, Y0, Y1, Y2, T6, T7, T8, T9)\
\
SUBS X0, T0 \ // ((xH + xL) * (yH + yL) - xL * yL - xH * yH)
SBCS X1, T1 \
SBCS X2, T2 \
SBCS Y0, T3 \
SBCS Y1, T4 \
SBCS Y2, T5 \
SBC ZR, T10 \
\
ADDS X0, T3 \
ADCS X1, T4 \
ADCS X2, T5 \
ADCS T10, Y0, T6 \
ADCS ZR, Y1, T7 \
ADC ZR, Y2, T8
TEXT ·fp751Mul(SB), NOSPLIT, $0-24
MOVD z+0(FP), R2
MOVD x+8(FP), R0
MOVD y+16(FP), R1
// Load xL in R3-R8, xH in R9-R14
// (xH + xL) in R3-R8, destroys xH
LDP 0(R0), (R3, R4)
LDP 48(R0), (R9, R10)
ADDS R9, R3
ADCS R10, R4
LDP 16(R0), (R5, R6)
LDP 64(R0), (R11, R12)
ADCS R11, R5
ADCS R12, R6
LDP 32(R0), (R7, R8)
LDP 80(R0), (R13, R14)
ADCS R13, R7
ADCS R14, R8
ADC ZR, ZR, R22
// Load yL in R9-R14, yH in R15-21
// (yH + yL) in R9-R14, destroys yH
LDP 0(R1), (R9, R10)
LDP 48(R1), (R15, R16)
ADDS R15, R9
ADCS R16, R10
LDP 16(R1), (R11, R12)
LDP 64(R1), (R17, R19)
ADCS R17, R11
ADCS R19, R12
LDP 32(R1), (R13, R14)
LDP 80(R1), (R20, R21)
ADCS R20, R13
ADCS R21, R14
ADC ZR, ZR, R23
// Compute masks and combined carry
SUB R22, ZR, R24
SUB R23, ZR, R25
AND R23, R22
// Store xH, yH in z so mul384x384karatsuba can retrieve them from memory
// It doesn't have enough registers
// Meanwhile computed masked(xH + xL) in R15-R21
STP (R6, R7), 0(R2)
AND R25, R3, R15
AND R25, R4, R16
STP (R8, R12), 16(R2)
AND R25, R5, R17
AND R25, R6, R19
STP (R13, R14), 32(R2)
AND R25, R7, R20
AND R25, R8, R21
// Masked(xH + xL) + masked(yH + yL) in R15-R21
// Store intermediate values in z
AND R24, R9, R25
AND R24, R10, R26
ADDS R25, R15
ADCS R26, R16
STP (R15, R16), 96(R2)
AND R24, R11, R25
AND R24, R12, R26
ADCS R25, R17
ADCS R26, R19
STP (R17, R19), 112(R2)
AND R24, R13, R25
AND R24, R14, R26
ADCS R25, R20
ADCS R26, R21
STP (R20, R21), 128(R2)
// Store carry in R29 so it can remain there
ADC ZR, R22, R29
// (xH + xL) * (yH + yL)
mul384x384karatsuba(0(R2), 24(R2), 48(R2), R3, R4, R5, R6, R7, R8, R9, R10, R11, R12, R13, R14, R15, R16, R17, R19, R20, R21, R22, R23, R24, R25, R26)
// Load masked(xH + xL) + masked(yH + yL) and add that to its top half
// Store the result back in z
STP (R15, R16), 72(R2)
LDP 96(R2), (R3, R4)
ADDS R3, R19
STP (R17, R19), 88(R2)
ADCS R4, R20
LDP 112(R2), (R5, R6)
ADCS R5, R21
STP (R20, R21), 104(R2)
ADCS R6, R22
LDP 128(R2), (R7, R8)
ADCS R7, R23
STP (R22, R23), 120(R2)
ADCS R8, R24
MOVD R24, 136(R2)
ADC ZR, R29
// Load xL, yL
LDP 0(R0), (R3, R4)
LDP 16(R0), (R5, R6)
LDP 32(R0), (R7, R8)
LDP 0(R1), (R9, R10)
LDP 16(R1), (R11, R12)
LDP 32(R1), (R13, R14)
// xL * yL
mul384x384karatsuba(24(R0), 24(R1), 0(R2), R3, R4, R5, R6, R7, R8, R9, R10, R11, R12, R13, R14, R15, R16, R17, R19, R20, R21, R22, R23, R24, R25, R26)
// (xH + xL) * (yH + yL) - xL * yL in R3-R14
LDP 0(R2), (R12, R13)
LDP 48(R2), (R3, R4)
SUBS R12, R3
LDP 64(R2), (R5, R6)
MOVD 16(R2), R14
SBCS R13, R4
SBCS R14, R5
LDP 80(R2), (R7, R8)
SBCS R15, R6
SBCS R16, R7
LDP 96(R2), (R9, R10)
SBCS R17, R8
SBCS R19, R9
LDP 112(R2), (R11, R12)
SBCS R20, R10
SBCS R21, R11
LDP 128(R2), (R13, R14)
SBCS R22, R12
SBCS R23, R13
SBCS R24, R14
SBC ZR, R29
STP (R15, R16), 24(R2)
MOVD R17, 40(R2)
// ((xH + xL) * (yH + yL) - xL * yL) * 2^384 + xL * yL and store back in z
ADDS R19, R3
ADCS R20, R4
STP (R3, R4), 48(R2)
ADCS R21, R5
ADCS R22, R6
STP (R5, R6), 64(R2)
ADCS R23, R7
ADCS R24, R8
STP (R7, R8), 80(R2)
ADCS ZR, R9
ADCS ZR, R10
STP (R9, R10), 96(R2)
ADCS ZR, R11
ADCS ZR, R12
STP (R11, R12), 112(R2)
ADCS ZR, R13
ADCS ZR, R14
STP (R13, R14), 128(R2)
ADC ZR, R29
// Load xH, yH
LDP 48(R0), (R3, R4)
LDP 64(R0), (R5, R6)
LDP 80(R0), (R7, R8)
LDP 48(R1), (R9, R10)
LDP 64(R1), (R11, R12)
LDP 80(R1), (R13, R14)
// xH * yH
mul384x384karatsuba(72(R0), 72(R1), 144(R2), R3, R4, R5, R6, R7, R8, R9, R10, R11, R12, R13, R14, R15, R16, R17, R19, R20, R21, R22, R23, R24, R25, R26)
LDP 144(R2), (R12, R13)
MOVD 160(R2), R14
// (xH + xL) * (yH + yL) - xL * yL - xH * yH in R3-R14
// Store lower half in z, that's done
LDP 48(R2), (R3, R4)
SUBS R12, R3
LDP 64(R2), (R5, R6)
SBCS R13, R4
SBCS R14, R5
LDP 80(R2), (R7, R8)
SBCS R15, R6
SBCS R16, R7
LDP 96(R2), (R9, R10)
SBCS R17, R8
SBCS R19, R9
LDP 112(R2), (R11, R12)
SBCS R20, R10
SBCS R21, R11
LDP 128(R2), (R13, R14)
SBCS R22, R12
SBCS R23, R13
STP (R3, R4), 48(R2)
SBCS R24, R14
STP (R5, R6), 64(R2)
SBC ZR, R29
STP (R7, R8), 80(R2)
// (xH * yH) * 2^768 + ((xH + xL) * (yH + yL) - xL * yL - xH * yH) * 2^384 + xL * yL
// Store remaining limbs in z
LDP 144(R2), (R3, R4)
MOVD 160(R2), R5
ADDS R3, R9
ADCS R4, R10
STP (R9, R10), 96(R2)
ADCS R5, R11
ADCS R15, R12
STP (R11, R12), 112(R2)
ADCS R16, R13
ADCS R17, R14
STP (R13, R14), 128(R2)
ADCS R29, R19
ADCS ZR, R20
STP (R19, R20), 144(R2)
ADCS ZR, R21
ADCS ZR, R22
STP (R21, R22), 160(R2)
ADCS ZR, R23
ADC ZR, R24
STP (R23, R24), 176(R2)
RET
TEXT ·fp751MontgomeryReduce(SB), NOSPLIT, $0-16
MOVD z+0(FP), R0
MOVD x+8(FP), R1
// Load p751+1 in R14-R17, R29, R19-R20, spread over arithmetic
LDP ·p751p1+40(SB), (R14, R15)
// z0-z11 will be R2-R13
// Load x0-x4 to z0-z4 and x5, spread over arithmetic
LDP 0(R1), (R2, R3)
// x5 iteration
MUL R2, R14, R22
LDP 32(R1), (R6, R21)
UMULH R2, R14, R23
ADDS R21, R22, R7 // Set z5
ADC ZR, R23, R25
// x6 iteration
MUL R2, R15, R22
MOVD 48(R1), R21
UMULH R2, R15, R23
ADDS R22, R25
ADC R23, ZR, R26
MUL R3, R14, R22
LDP ·p751p1+56(SB), (R16, R17)
UMULH R3, R14, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, ZR, R24
ADDS R21, R25, R8 // Set z6
ADCS ZR, R26
ADC ZR, R24
// x7 iteration
MUL R2, R16, R22
MOVD 56(R1), R21
UMULH R2, R16, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, ZR, R25
MUL R3, R15, R22
LDP 16(R1), (R4, R5)
UMULH R3, R15, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R4, R14, R22
LDP ·p751p1+72(SB), (R29, R19)
UMULH R4, R14, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
ADDS R21, R26, R9 // Set z7
ADCS ZR, R24
ADC ZR, R25
// x8 iteration
MUL R2, R17, R22
MOVD 64(R1), R21
UMULH R2, R17, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, ZR, R26
MUL R3, R16, R22
MOVD ·p751p1+88(SB), R20
UMULH R3, R16, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R4, R15, R22
UMULH R4, R15, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R5, R14, R22
UMULH R5, R14, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
ADDS R24, R21, R10 // Set z8
ADCS ZR, R25
ADC ZR, R26
// x9 iteration
MUL R2, R29, R22
MOVD 72(R1), R21
UMULH R2, R29, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, ZR, R24
MUL R3, R17, R22
UMULH R3, R17, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R4, R16, R22
UMULH R4, R16, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R5, R15, R22
UMULH R5, R15, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R6, R14, R22
UMULH R6, R14, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
ADDS R21, R25, R11 // Set z9
ADCS ZR, R26
ADC ZR, R24
// x10 iteration
MUL R2, R19, R22
MOVD 80(R1), R21
UMULH R2, R19, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, ZR, R25
MUL R3, R29, R22
UMULH R3, R29, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R4, R17, R22
UMULH R4, R17, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R5, R16, R22
UMULH R5, R16, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R6, R15, R22
UMULH R6, R15, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R7, R14, R22
UMULH R7, R14, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
ADDS R21, R26, R12 // Set z10
ADCS ZR, R24
ADC ZR, R25
// x11 iteration
MUL R2, R20, R22
MOVD 88(R1), R21
UMULH R2, R20, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, ZR, R26
MUL R3, R19, R22
UMULH R3, R19, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R4, R29, R22
UMULH R4, R29, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R5, R17, R22
UMULH R5, R17, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R6, R16, R22
UMULH R6, R16, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R7, R15, R22
UMULH R7, R15, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R8, R14, R22
UMULH R8, R14, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
ADDS R21, R24, R13 // Set z11
ADCS ZR, R25
ADC ZR, R26
// x12 iteration
MUL R3, R20, R22
MOVD 96(R1), R21
UMULH R3, R20, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, ZR, R24
MUL R4, R19, R22
UMULH R4, R19, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R5, R29, R22
UMULH R5, R29, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R6, R17, R22
UMULH R6, R17, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R7, R16, R22
UMULH R7, R16, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R8, R15, R22
UMULH R8, R15, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R9, R14, R22
UMULH R9, R14, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
ADDS R21, R25, R2 // Set z0
ADCS ZR, R26
ADC ZR, R24
// x13 iteration
MUL R4, R20, R22
MOVD 104(R1), R21
UMULH R4, R20, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, ZR, R25
MUL R5, R19, R22
UMULH R5, R19, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R6, R29, R22
UMULH R6, R29, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R7, R17, R22
UMULH R7, R17, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R8, R16, R22
UMULH R8, R16, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R9, R15, R22
UMULH R9, R15, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R10, R14, R22
UMULH R10, R14, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
ADDS R21, R26, R3 // Set z1
STP (R2, R3), 0(R0)
ADCS ZR, R24
ADC ZR, R25
// x14 iteration
MUL R5, R20, R22
MOVD 112(R1), R21
UMULH R5, R20, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, ZR, R26
MUL R6, R19, R22
UMULH R6, R19, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R7, R29, R22
UMULH R7, R29, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R8, R17, R22
UMULH R8, R17, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R9, R16, R22
UMULH R9, R16, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R10, R15, R22
UMULH R10, R15, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R11, R14, R22
UMULH R11, R14, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
ADDS R21, R24, R4 // Set z2
ADCS ZR, R25
ADC ZR, R26
// x15 iteration
MUL R6, R20, R22
MOVD 120(R1), R21
UMULH R6, R20, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, ZR, R24
MUL R7, R19, R22
UMULH R7, R19, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R8, R29, R22
UMULH R8, R29, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R9, R17, R22
UMULH R9, R17, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R10, R16, R22
UMULH R10, R16, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R11, R15, R22
UMULH R11, R15, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R12, R14, R22
UMULH R12, R14, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
ADDS R21, R25, R5 // Set z3
STP (R4, R5), 16(R0)
ADCS ZR, R26
ADC ZR, R24
// x16 iteration
MUL R7, R20, R22
MOVD 128(R1), R21
UMULH R7, R20, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, ZR, R25
MUL R8, R19, R22
UMULH R8, R19, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R9, R29, R22
UMULH R9, R29, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R10, R17, R22
UMULH R10, R17, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R11, R16, R22
UMULH R11, R16, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R12, R15, R22
UMULH R12, R15, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R13, R14, R22
UMULH R13, R14, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
ADDS R21, R26, R6 // Set z4
ADCS ZR, R24
ADC ZR, R25
// x17 iteration
MUL R8, R20, R22
MOVD 136(R1), R21
UMULH R8, R20, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, ZR, R26
MUL R9, R19, R22
UMULH R9, R19, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R10, R29, R22
UMULH R10, R29, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R11, R17, R22
UMULH R11, R17, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R12, R16, R22
UMULH R12, R16, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R13, R15, R22
UMULH R13, R15, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
ADDS R21, R24, R7 // Set z5
STP (R6, R7), 32(R0)
ADCS ZR, R25
ADC ZR, R26
// x18 iteration
MUL R9, R20, R22
MOVD 144(R1), R21
UMULH R9, R20, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, ZR, R24
MUL R10, R19, R22
UMULH R10, R19, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R11, R29, R22
UMULH R11, R29, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R12, R17, R22
UMULH R12, R17, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
MUL R13, R16, R22
UMULH R13, R16, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
ADDS R21, R25, R8 // Set z6
ADCS ZR, R26
ADC ZR, R24
// x19 iteration
MUL R10, R20, R22
MOVD 152(R1), R21
UMULH R10, R20, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, ZR, R25
MUL R11, R19, R22
UMULH R11, R19, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R12, R29, R22
UMULH R12, R29, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
MUL R13, R17, R22
UMULH R13, R17, R23
ADDS R22, R26
ADCS R23, R24
ADC ZR, R25
ADDS R21, R26, R9 // Set z7
STP (R8, R9), 48(R0)
ADCS ZR, R24
ADC ZR, R25
// x20 iteration
MUL R11, R20, R22
MOVD 160(R1), R21
UMULH R11, R20, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, ZR, R26
MUL R12, R19, R22
UMULH R12, R19, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
MUL R13, R29, R22
UMULH R13, R29, R23
ADDS R22, R24
ADCS R23, R25
ADC ZR, R26
ADDS R21, R24, R10 // Set z8
ADCS ZR, R25
ADC ZR, R26
// x21 iteration
MUL R12, R20, R22
MOVD 168(R1), R21
UMULH R12, R20, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, ZR, R24
MUL R13, R19, R22
UMULH R13, R19, R23
ADDS R22, R25
ADCS R23, R26
ADC ZR, R24
ADDS R21, R25, R11 // Set z9
STP (R10, R11), 64(R0)
ADCS ZR, R26
ADC ZR, R24
// x22 iteration
MUL R13, R20, R22
MOVD 176(R1), R21
UMULH R13, R20, R23
ADDS R22, R26
ADC R23, R24
ADDS R21, R26, R12 // Set z10
MOVD 184(R1), R21
ADC R21, R24, R13 // Set z11
STP (R12, R13), 80(R0)
RET
TEXT ·fp751StrongReduce(SB), NOSPLIT, $0-8
MOVD x+0(FP), R0
// Keep x in R1-R12, p751 in R13-R21, subtract to R1-R12
MOVD ·p751+0(SB), R13
LDP 0(R0), (R1, R2)
LDP 16(R0), (R3, R4)
SUBS R13, R1
SBCS R13, R2
LDP 32(R0), (R5, R6)
LDP ·p751+40(SB), (R14, R15)
SBCS R13, R3
SBCS R13, R4
LDP 48(R0), (R7, R8)
LDP ·p751+56(SB), (R16, R17)
SBCS R13, R5
SBCS R14, R6
LDP 64(R0), (R9, R10)
LDP ·p751+72(SB), (R19, R20)
SBCS R15, R7
SBCS R16, R8
LDP 80(R0), (R11, R12)
MOVD ·p751+88(SB), R21
SBCS R17, R9
SBCS R19, R10
SBCS R20, R11
SBCS R21, R12
SBC ZR, ZR, R22
// Mask with the borrow and add p751
AND R22, R13
AND R22, R14
AND R22, R15
AND R22, R16
AND R22, R17
AND R22, R19
AND R22, R20
AND R22, R21
ADDS R13, R1
ADCS R13, R2
STP (R1, R2), 0(R0)
ADCS R13, R3
ADCS R13, R4
STP (R3, R4), 16(R0)
ADCS R13, R5
ADCS R14, R6
STP (R5, R6), 32(R0)
ADCS R15, R7
ADCS R16, R8
STP (R7, R8), 48(R0)
ADCS R17, R9
ADCS R19, R10
STP (R9, R10), 64(R0)
ADCS R20, R11
ADC R21, R12
STP (R11, R12), 80(R0)
RET