1 /** 2 * \file bn_mul.h 3 * 4 * \brief Multi-precision integer library 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 9 * 10 * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 * not use this file except in compliance with the License. 12 * You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, software 17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 * See the License for the specific language governing permissions and 20 * limitations under the License. 21 */ 22 /* 23 * Multiply source vector [s] with b, add result 24 * to destination vector [d] and set carry c. 25 * 26 * Currently supports: 27 * 28 * . IA-32 (386+) . AMD64 / EM64T 29 * . IA-32 (SSE2) . Motorola 68000 30 * . PowerPC, 32-bit . MicroBlaze 31 * . PowerPC, 64-bit . TriCore 32 * . SPARC v8 . ARM v3+ 33 * . Alpha . MIPS32 34 * . C, longlong . C, generic 35 */ 36 #ifndef MBEDTLS_BN_MUL_H 37 #define MBEDTLS_BN_MUL_H 38 39 #include "mbedtls/build_info.h" 40 41 #include "mbedtls/bignum.h" 42 43 44 /* 45 * Conversion macros for embedded constants: 46 * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2 47 */ 48 #if defined(MBEDTLS_HAVE_INT32) 49 50 #define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \ 51 ( (mbedtls_mpi_uint) (a) << 0 ) | \ 52 ( (mbedtls_mpi_uint) (b) << 8 ) | \ 53 ( (mbedtls_mpi_uint) (c) << 16 ) | \ 54 ( (mbedtls_mpi_uint) (d) << 24 ) 55 56 #define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \ 57 MBEDTLS_BYTES_TO_T_UINT_4( a, b, 0, 0 ) 58 59 #define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \ 60 MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ), \ 61 MBEDTLS_BYTES_TO_T_UINT_4( e, f, g, h ) 62 63 #else /* 64-bits */ 64 65 #define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \ 66 ( (mbedtls_mpi_uint) (a) << 0 ) | \ 67 ( (mbedtls_mpi_uint) (b) << 8 ) | \ 68 ( (mbedtls_mpi_uint) (c) << 16 ) | \ 69 ( (mbedtls_mpi_uint) (d) << 24 ) | \ 70 ( (mbedtls_mpi_uint) (e) << 32 ) | \ 71 ( (mbedtls_mpi_uint) (f) << 40 ) | \ 72 ( (mbedtls_mpi_uint) (g) << 48 ) | \ 73 ( (mbedtls_mpi_uint) (h) << 56 ) 74 75 #define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \ 76 MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 ) 77 78 #define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \ 79 MBEDTLS_BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 ) 80 81 #endif /* bits in mbedtls_mpi_uint */ 82 83 #if defined(MBEDTLS_HAVE_ASM) 84 85 #ifndef asm 86 #define asm __asm 87 #endif 88 89 /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ 90 #if defined(__GNUC__) && \ 91 ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) 92 93 /* 94 * Disable use of the i386 assembly code below if option -O0, to disable all 95 * compiler optimisations, is passed, detected with __OPTIMIZE__ 96 * This is done as the number of registers used in the assembly code doesn't 97 * work with the -O0 option. 98 */ 99 #if defined(__i386__) && defined(__OPTIMIZE__) 100 101 #define MULADDC_INIT \ 102 asm( \ 103 "movl %%ebx, %0 \n\t" \ 104 "movl %5, %%esi \n\t" \ 105 "movl %6, %%edi \n\t" \ 106 "movl %7, %%ecx \n\t" \ 107 "movl %8, %%ebx \n\t" 108 109 #define MULADDC_CORE \ 110 "lodsl \n\t" \ 111 "mull %%ebx \n\t" \ 112 "addl %%ecx, %%eax \n\t" \ 113 "adcl $0, %%edx \n\t" \ 114 "addl (%%edi), %%eax \n\t" \ 115 "adcl $0, %%edx \n\t" \ 116 "movl %%edx, %%ecx \n\t" \ 117 "stosl \n\t" 118 119 #if defined(MBEDTLS_HAVE_SSE2) 120 121 #define MULADDC_HUIT \ 122 "movd %%ecx, %%mm1 \n\t" \ 123 "movd %%ebx, %%mm0 \n\t" \ 124 "movd (%%edi), %%mm3 \n\t" \ 125 "paddq %%mm3, %%mm1 \n\t" \ 126 "movd (%%esi), %%mm2 \n\t" \ 127 "pmuludq %%mm0, %%mm2 \n\t" \ 128 "movd 4(%%esi), %%mm4 \n\t" \ 129 "pmuludq %%mm0, %%mm4 \n\t" \ 130 "movd 8(%%esi), %%mm6 \n\t" \ 131 "pmuludq %%mm0, %%mm6 \n\t" \ 132 "movd 12(%%esi), %%mm7 \n\t" \ 133 "pmuludq %%mm0, %%mm7 \n\t" \ 134 "paddq %%mm2, %%mm1 \n\t" \ 135 "movd 4(%%edi), %%mm3 \n\t" \ 136 "paddq %%mm4, %%mm3 \n\t" \ 137 "movd 8(%%edi), %%mm5 \n\t" \ 138 "paddq %%mm6, %%mm5 \n\t" \ 139 "movd 12(%%edi), %%mm4 \n\t" \ 140 "paddq %%mm4, %%mm7 \n\t" \ 141 "movd %%mm1, (%%edi) \n\t" \ 142 "movd 16(%%esi), %%mm2 \n\t" \ 143 "pmuludq %%mm0, %%mm2 \n\t" \ 144 "psrlq $32, %%mm1 \n\t" \ 145 "movd 20(%%esi), %%mm4 \n\t" \ 146 "pmuludq %%mm0, %%mm4 \n\t" \ 147 "paddq %%mm3, %%mm1 \n\t" \ 148 "movd 24(%%esi), %%mm6 \n\t" \ 149 "pmuludq %%mm0, %%mm6 \n\t" \ 150 "movd %%mm1, 4(%%edi) \n\t" \ 151 "psrlq $32, %%mm1 \n\t" \ 152 "movd 28(%%esi), %%mm3 \n\t" \ 153 "pmuludq %%mm0, %%mm3 \n\t" \ 154 "paddq %%mm5, %%mm1 \n\t" \ 155 "movd 16(%%edi), %%mm5 \n\t" \ 156 "paddq %%mm5, %%mm2 \n\t" \ 157 "movd %%mm1, 8(%%edi) \n\t" \ 158 "psrlq $32, %%mm1 \n\t" \ 159 "paddq %%mm7, %%mm1 \n\t" \ 160 "movd 20(%%edi), %%mm5 \n\t" \ 161 "paddq %%mm5, %%mm4 \n\t" \ 162 "movd %%mm1, 12(%%edi) \n\t" \ 163 "psrlq $32, %%mm1 \n\t" \ 164 "paddq %%mm2, %%mm1 \n\t" \ 165 "movd 24(%%edi), %%mm5 \n\t" \ 166 "paddq %%mm5, %%mm6 \n\t" \ 167 "movd %%mm1, 16(%%edi) \n\t" \ 168 "psrlq $32, %%mm1 \n\t" \ 169 "paddq %%mm4, %%mm1 \n\t" \ 170 "movd 28(%%edi), %%mm5 \n\t" \ 171 "paddq %%mm5, %%mm3 \n\t" \ 172 "movd %%mm1, 20(%%edi) \n\t" \ 173 "psrlq $32, %%mm1 \n\t" \ 174 "paddq %%mm6, %%mm1 \n\t" \ 175 "movd %%mm1, 24(%%edi) \n\t" \ 176 "psrlq $32, %%mm1 \n\t" \ 177 "paddq %%mm3, %%mm1 \n\t" \ 178 "movd %%mm1, 28(%%edi) \n\t" \ 179 "addl $32, %%edi \n\t" \ 180 "addl $32, %%esi \n\t" \ 181 "psrlq $32, %%mm1 \n\t" \ 182 "movd %%mm1, %%ecx \n\t" 183 184 #define MULADDC_STOP \ 185 "emms \n\t" \ 186 "movl %4, %%ebx \n\t" \ 187 "movl %%ecx, %1 \n\t" \ 188 "movl %%edi, %2 \n\t" \ 189 "movl %%esi, %3 \n\t" \ 190 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ 191 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ 192 : "eax", "ebx", "ecx", "edx", "esi", "edi" \ 193 ); 194 195 #else 196 197 #define MULADDC_STOP \ 198 "movl %4, %%ebx \n\t" \ 199 "movl %%ecx, %1 \n\t" \ 200 "movl %%edi, %2 \n\t" \ 201 "movl %%esi, %3 \n\t" \ 202 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ 203 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ 204 : "eax", "ebx", "ecx", "edx", "esi", "edi" \ 205 ); 206 #endif /* SSE2 */ 207 #endif /* i386 */ 208 209 #if defined(__amd64__) || defined (__x86_64__) 210 211 #define MULADDC_INIT \ 212 asm( \ 213 "xorq %%r8, %%r8\n" 214 215 #define MULADDC_CORE \ 216 "movq (%%rsi), %%rax\n" \ 217 "mulq %%rbx\n" \ 218 "addq $8, %%rsi\n" \ 219 "addq %%rcx, %%rax\n" \ 220 "movq %%r8, %%rcx\n" \ 221 "adcq $0, %%rdx\n" \ 222 "nop \n" \ 223 "addq %%rax, (%%rdi)\n" \ 224 "adcq %%rdx, %%rcx\n" \ 225 "addq $8, %%rdi\n" 226 227 #define MULADDC_STOP \ 228 : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ 229 : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ 230 : "rax", "rdx", "r8" \ 231 ); 232 233 #endif /* AMD64 */ 234 235 #if defined(__aarch64__) 236 237 #define MULADDC_INIT \ 238 asm( 239 240 #define MULADDC_CORE \ 241 "ldr x4, [%2], #8 \n\t" \ 242 "ldr x5, [%1] \n\t" \ 243 "mul x6, x4, %4 \n\t" \ 244 "umulh x7, x4, %4 \n\t" \ 245 "adds x5, x5, x6 \n\t" \ 246 "adc x7, x7, xzr \n\t" \ 247 "adds x5, x5, %0 \n\t" \ 248 "adc %0, x7, xzr \n\t" \ 249 "str x5, [%1], #8 \n\t" 250 251 #define MULADDC_STOP \ 252 : "+r" (c), "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d) \ 253 : "r" (b), "m" (*(const uint64_t (*)[16]) s) \ 254 : "x4", "x5", "x6", "x7", "cc" \ 255 ); 256 257 #endif /* Aarch64 */ 258 259 #if defined(__mc68020__) || defined(__mcpu32__) 260 261 #define MULADDC_INIT \ 262 asm( \ 263 "movl %3, %%a2 \n\t" \ 264 "movl %4, %%a3 \n\t" \ 265 "movl %5, %%d3 \n\t" \ 266 "movl %6, %%d2 \n\t" \ 267 "moveq #0, %%d0 \n\t" 268 269 #define MULADDC_CORE \ 270 "movel %%a2@+, %%d1 \n\t" \ 271 "mulul %%d2, %%d4:%%d1 \n\t" \ 272 "addl %%d3, %%d1 \n\t" \ 273 "addxl %%d0, %%d4 \n\t" \ 274 "moveq #0, %%d3 \n\t" \ 275 "addl %%d1, %%a3@+ \n\t" \ 276 "addxl %%d4, %%d3 \n\t" 277 278 #define MULADDC_STOP \ 279 "movl %%d3, %0 \n\t" \ 280 "movl %%a3, %1 \n\t" \ 281 "movl %%a2, %2 \n\t" \ 282 : "=m" (c), "=m" (d), "=m" (s) \ 283 : "m" (s), "m" (d), "m" (c), "m" (b) \ 284 : "d0", "d1", "d2", "d3", "d4", "a2", "a3" \ 285 ); 286 287 #define MULADDC_HUIT \ 288 "movel %%a2@+, %%d1 \n\t" \ 289 "mulul %%d2, %%d4:%%d1 \n\t" \ 290 "addxl %%d3, %%d1 \n\t" \ 291 "addxl %%d0, %%d4 \n\t" \ 292 "addl %%d1, %%a3@+ \n\t" \ 293 "movel %%a2@+, %%d1 \n\t" \ 294 "mulul %%d2, %%d3:%%d1 \n\t" \ 295 "addxl %%d4, %%d1 \n\t" \ 296 "addxl %%d0, %%d3 \n\t" \ 297 "addl %%d1, %%a3@+ \n\t" \ 298 "movel %%a2@+, %%d1 \n\t" \ 299 "mulul %%d2, %%d4:%%d1 \n\t" \ 300 "addxl %%d3, %%d1 \n\t" \ 301 "addxl %%d0, %%d4 \n\t" \ 302 "addl %%d1, %%a3@+ \n\t" \ 303 "movel %%a2@+, %%d1 \n\t" \ 304 "mulul %%d2, %%d3:%%d1 \n\t" \ 305 "addxl %%d4, %%d1 \n\t" \ 306 "addxl %%d0, %%d3 \n\t" \ 307 "addl %%d1, %%a3@+ \n\t" \ 308 "movel %%a2@+, %%d1 \n\t" \ 309 "mulul %%d2, %%d4:%%d1 \n\t" \ 310 "addxl %%d3, %%d1 \n\t" \ 311 "addxl %%d0, %%d4 \n\t" \ 312 "addl %%d1, %%a3@+ \n\t" \ 313 "movel %%a2@+, %%d1 \n\t" \ 314 "mulul %%d2, %%d3:%%d1 \n\t" \ 315 "addxl %%d4, %%d1 \n\t" \ 316 "addxl %%d0, %%d3 \n\t" \ 317 "addl %%d1, %%a3@+ \n\t" \ 318 "movel %%a2@+, %%d1 \n\t" \ 319 "mulul %%d2, %%d4:%%d1 \n\t" \ 320 "addxl %%d3, %%d1 \n\t" \ 321 "addxl %%d0, %%d4 \n\t" \ 322 "addl %%d1, %%a3@+ \n\t" \ 323 "movel %%a2@+, %%d1 \n\t" \ 324 "mulul %%d2, %%d3:%%d1 \n\t" \ 325 "addxl %%d4, %%d1 \n\t" \ 326 "addxl %%d0, %%d3 \n\t" \ 327 "addl %%d1, %%a3@+ \n\t" \ 328 "addxl %%d0, %%d3 \n\t" 329 330 #endif /* MC68000 */ 331 332 #if defined(__powerpc64__) || defined(__ppc64__) 333 334 #if defined(__MACH__) && defined(__APPLE__) 335 336 #define MULADDC_INIT \ 337 asm( \ 338 "ld r3, %3 \n\t" \ 339 "ld r4, %4 \n\t" \ 340 "ld r5, %5 \n\t" \ 341 "ld r6, %6 \n\t" \ 342 "addi r3, r3, -8 \n\t" \ 343 "addi r4, r4, -8 \n\t" \ 344 "addic r5, r5, 0 \n\t" 345 346 #define MULADDC_CORE \ 347 "ldu r7, 8(r3) \n\t" \ 348 "mulld r8, r7, r6 \n\t" \ 349 "mulhdu r9, r7, r6 \n\t" \ 350 "adde r8, r8, r5 \n\t" \ 351 "ld r7, 8(r4) \n\t" \ 352 "addze r5, r9 \n\t" \ 353 "addc r8, r8, r7 \n\t" \ 354 "stdu r8, 8(r4) \n\t" 355 356 #define MULADDC_STOP \ 357 "addze r5, r5 \n\t" \ 358 "addi r4, r4, 8 \n\t" \ 359 "addi r3, r3, 8 \n\t" \ 360 "std r5, %0 \n\t" \ 361 "std r4, %1 \n\t" \ 362 "std r3, %2 \n\t" \ 363 : "=m" (c), "=m" (d), "=m" (s) \ 364 : "m" (s), "m" (d), "m" (c), "m" (b) \ 365 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 366 ); 367 368 369 #else /* __MACH__ && __APPLE__ */ 370 371 #define MULADDC_INIT \ 372 asm( \ 373 "ld %%r3, %3 \n\t" \ 374 "ld %%r4, %4 \n\t" \ 375 "ld %%r5, %5 \n\t" \ 376 "ld %%r6, %6 \n\t" \ 377 "addi %%r3, %%r3, -8 \n\t" \ 378 "addi %%r4, %%r4, -8 \n\t" \ 379 "addic %%r5, %%r5, 0 \n\t" 380 381 #define MULADDC_CORE \ 382 "ldu %%r7, 8(%%r3) \n\t" \ 383 "mulld %%r8, %%r7, %%r6 \n\t" \ 384 "mulhdu %%r9, %%r7, %%r6 \n\t" \ 385 "adde %%r8, %%r8, %%r5 \n\t" \ 386 "ld %%r7, 8(%%r4) \n\t" \ 387 "addze %%r5, %%r9 \n\t" \ 388 "addc %%r8, %%r8, %%r7 \n\t" \ 389 "stdu %%r8, 8(%%r4) \n\t" 390 391 #define MULADDC_STOP \ 392 "addze %%r5, %%r5 \n\t" \ 393 "addi %%r4, %%r4, 8 \n\t" \ 394 "addi %%r3, %%r3, 8 \n\t" \ 395 "std %%r5, %0 \n\t" \ 396 "std %%r4, %1 \n\t" \ 397 "std %%r3, %2 \n\t" \ 398 : "=m" (c), "=m" (d), "=m" (s) \ 399 : "m" (s), "m" (d), "m" (c), "m" (b) \ 400 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 401 ); 402 403 #endif /* __MACH__ && __APPLE__ */ 404 405 #elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32 */ 406 407 #if defined(__MACH__) && defined(__APPLE__) 408 409 #define MULADDC_INIT \ 410 asm( \ 411 "lwz r3, %3 \n\t" \ 412 "lwz r4, %4 \n\t" \ 413 "lwz r5, %5 \n\t" \ 414 "lwz r6, %6 \n\t" \ 415 "addi r3, r3, -4 \n\t" \ 416 "addi r4, r4, -4 \n\t" \ 417 "addic r5, r5, 0 \n\t" 418 419 #define MULADDC_CORE \ 420 "lwzu r7, 4(r3) \n\t" \ 421 "mullw r8, r7, r6 \n\t" \ 422 "mulhwu r9, r7, r6 \n\t" \ 423 "adde r8, r8, r5 \n\t" \ 424 "lwz r7, 4(r4) \n\t" \ 425 "addze r5, r9 \n\t" \ 426 "addc r8, r8, r7 \n\t" \ 427 "stwu r8, 4(r4) \n\t" 428 429 #define MULADDC_STOP \ 430 "addze r5, r5 \n\t" \ 431 "addi r4, r4, 4 \n\t" \ 432 "addi r3, r3, 4 \n\t" \ 433 "stw r5, %0 \n\t" \ 434 "stw r4, %1 \n\t" \ 435 "stw r3, %2 \n\t" \ 436 : "=m" (c), "=m" (d), "=m" (s) \ 437 : "m" (s), "m" (d), "m" (c), "m" (b) \ 438 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 439 ); 440 441 #else /* __MACH__ && __APPLE__ */ 442 443 #define MULADDC_INIT \ 444 asm( \ 445 "lwz %%r3, %3 \n\t" \ 446 "lwz %%r4, %4 \n\t" \ 447 "lwz %%r5, %5 \n\t" \ 448 "lwz %%r6, %6 \n\t" \ 449 "addi %%r3, %%r3, -4 \n\t" \ 450 "addi %%r4, %%r4, -4 \n\t" \ 451 "addic %%r5, %%r5, 0 \n\t" 452 453 #define MULADDC_CORE \ 454 "lwzu %%r7, 4(%%r3) \n\t" \ 455 "mullw %%r8, %%r7, %%r6 \n\t" \ 456 "mulhwu %%r9, %%r7, %%r6 \n\t" \ 457 "adde %%r8, %%r8, %%r5 \n\t" \ 458 "lwz %%r7, 4(%%r4) \n\t" \ 459 "addze %%r5, %%r9 \n\t" \ 460 "addc %%r8, %%r8, %%r7 \n\t" \ 461 "stwu %%r8, 4(%%r4) \n\t" 462 463 #define MULADDC_STOP \ 464 "addze %%r5, %%r5 \n\t" \ 465 "addi %%r4, %%r4, 4 \n\t" \ 466 "addi %%r3, %%r3, 4 \n\t" \ 467 "stw %%r5, %0 \n\t" \ 468 "stw %%r4, %1 \n\t" \ 469 "stw %%r3, %2 \n\t" \ 470 : "=m" (c), "=m" (d), "=m" (s) \ 471 : "m" (s), "m" (d), "m" (c), "m" (b) \ 472 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 473 ); 474 475 #endif /* __MACH__ && __APPLE__ */ 476 477 #endif /* PPC32 */ 478 479 /* 480 * The Sparc(64) assembly is reported to be broken. 481 * Disable it for now, until we're able to fix it. 482 */ 483 #if 0 && defined(__sparc__) 484 #if defined(__sparc64__) 485 486 #define MULADDC_INIT \ 487 asm( \ 488 "ldx %3, %%o0 \n\t" \ 489 "ldx %4, %%o1 \n\t" \ 490 "ld %5, %%o2 \n\t" \ 491 "ld %6, %%o3 \n\t" 492 493 #define MULADDC_CORE \ 494 "ld [%%o0], %%o4 \n\t" \ 495 "inc 4, %%o0 \n\t" \ 496 "ld [%%o1], %%o5 \n\t" \ 497 "umul %%o3, %%o4, %%o4 \n\t" \ 498 "addcc %%o4, %%o2, %%o4 \n\t" \ 499 "rd %%y, %%g1 \n\t" \ 500 "addx %%g1, 0, %%g1 \n\t" \ 501 "addcc %%o4, %%o5, %%o4 \n\t" \ 502 "st %%o4, [%%o1] \n\t" \ 503 "addx %%g1, 0, %%o2 \n\t" \ 504 "inc 4, %%o1 \n\t" 505 506 #define MULADDC_STOP \ 507 "st %%o2, %0 \n\t" \ 508 "stx %%o1, %1 \n\t" \ 509 "stx %%o0, %2 \n\t" \ 510 : "=m" (c), "=m" (d), "=m" (s) \ 511 : "m" (s), "m" (d), "m" (c), "m" (b) \ 512 : "g1", "o0", "o1", "o2", "o3", "o4", \ 513 "o5" \ 514 ); 515 516 #else /* __sparc64__ */ 517 518 #define MULADDC_INIT \ 519 asm( \ 520 "ld %3, %%o0 \n\t" \ 521 "ld %4, %%o1 \n\t" \ 522 "ld %5, %%o2 \n\t" \ 523 "ld %6, %%o3 \n\t" 524 525 #define MULADDC_CORE \ 526 "ld [%%o0], %%o4 \n\t" \ 527 "inc 4, %%o0 \n\t" \ 528 "ld [%%o1], %%o5 \n\t" \ 529 "umul %%o3, %%o4, %%o4 \n\t" \ 530 "addcc %%o4, %%o2, %%o4 \n\t" \ 531 "rd %%y, %%g1 \n\t" \ 532 "addx %%g1, 0, %%g1 \n\t" \ 533 "addcc %%o4, %%o5, %%o4 \n\t" \ 534 "st %%o4, [%%o1] \n\t" \ 535 "addx %%g1, 0, %%o2 \n\t" \ 536 "inc 4, %%o1 \n\t" 537 538 #define MULADDC_STOP \ 539 "st %%o2, %0 \n\t" \ 540 "st %%o1, %1 \n\t" \ 541 "st %%o0, %2 \n\t" \ 542 : "=m" (c), "=m" (d), "=m" (s) \ 543 : "m" (s), "m" (d), "m" (c), "m" (b) \ 544 : "g1", "o0", "o1", "o2", "o3", "o4", \ 545 "o5" \ 546 ); 547 548 #endif /* __sparc64__ */ 549 #endif /* __sparc__ */ 550 551 #if defined(__microblaze__) || defined(microblaze) 552 553 #define MULADDC_INIT \ 554 asm( \ 555 "lwi r3, %3 \n\t" \ 556 "lwi r4, %4 \n\t" \ 557 "lwi r5, %5 \n\t" \ 558 "lwi r6, %6 \n\t" \ 559 "andi r7, r6, 0xffff \n\t" \ 560 "bsrli r6, r6, 16 \n\t" 561 562 #define MULADDC_CORE \ 563 "lhui r8, r3, 0 \n\t" \ 564 "addi r3, r3, 2 \n\t" \ 565 "lhui r9, r3, 0 \n\t" \ 566 "addi r3, r3, 2 \n\t" \ 567 "mul r10, r9, r6 \n\t" \ 568 "mul r11, r8, r7 \n\t" \ 569 "mul r12, r9, r7 \n\t" \ 570 "mul r13, r8, r6 \n\t" \ 571 "bsrli r8, r10, 16 \n\t" \ 572 "bsrli r9, r11, 16 \n\t" \ 573 "add r13, r13, r8 \n\t" \ 574 "add r13, r13, r9 \n\t" \ 575 "bslli r10, r10, 16 \n\t" \ 576 "bslli r11, r11, 16 \n\t" \ 577 "add r12, r12, r10 \n\t" \ 578 "addc r13, r13, r0 \n\t" \ 579 "add r12, r12, r11 \n\t" \ 580 "addc r13, r13, r0 \n\t" \ 581 "lwi r10, r4, 0 \n\t" \ 582 "add r12, r12, r10 \n\t" \ 583 "addc r13, r13, r0 \n\t" \ 584 "add r12, r12, r5 \n\t" \ 585 "addc r5, r13, r0 \n\t" \ 586 "swi r12, r4, 0 \n\t" \ 587 "addi r4, r4, 4 \n\t" 588 589 #define MULADDC_STOP \ 590 "swi r5, %0 \n\t" \ 591 "swi r4, %1 \n\t" \ 592 "swi r3, %2 \n\t" \ 593 : "=m" (c), "=m" (d), "=m" (s) \ 594 : "m" (s), "m" (d), "m" (c), "m" (b) \ 595 : "r3", "r4", "r5", "r6", "r7", "r8", \ 596 "r9", "r10", "r11", "r12", "r13" \ 597 ); 598 599 #endif /* MicroBlaze */ 600 601 #if defined(__tricore__) 602 603 #define MULADDC_INIT \ 604 asm( \ 605 "ld.a %%a2, %3 \n\t" \ 606 "ld.a %%a3, %4 \n\t" \ 607 "ld.w %%d4, %5 \n\t" \ 608 "ld.w %%d1, %6 \n\t" \ 609 "xor %%d5, %%d5 \n\t" 610 611 #define MULADDC_CORE \ 612 "ld.w %%d0, [%%a2+] \n\t" \ 613 "madd.u %%e2, %%e4, %%d0, %%d1 \n\t" \ 614 "ld.w %%d0, [%%a3] \n\t" \ 615 "addx %%d2, %%d2, %%d0 \n\t" \ 616 "addc %%d3, %%d3, 0 \n\t" \ 617 "mov %%d4, %%d3 \n\t" \ 618 "st.w [%%a3+], %%d2 \n\t" 619 620 #define MULADDC_STOP \ 621 "st.w %0, %%d4 \n\t" \ 622 "st.a %1, %%a3 \n\t" \ 623 "st.a %2, %%a2 \n\t" \ 624 : "=m" (c), "=m" (d), "=m" (s) \ 625 : "m" (s), "m" (d), "m" (c), "m" (b) \ 626 : "d0", "d1", "e2", "d4", "a2", "a3" \ 627 ); 628 629 #endif /* TriCore */ 630 631 /* 632 * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about 633 * our use of r7 below, unless -fomit-frame-pointer is passed. 634 * 635 * On the other hand, -fomit-frame-pointer is implied by any -Ox options with 636 * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by 637 * clang and armcc5 under the same conditions). 638 * 639 * So, only use the optimized assembly below for optimized build, which avoids 640 * the build error and is pretty reasonable anyway. 641 */ 642 #if defined(__GNUC__) && !defined(__OPTIMIZE__) 643 #define MULADDC_CANNOT_USE_R7 644 #endif 645 646 #if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7) 647 648 #if defined(__thumb__) && !defined(__thumb2__) 649 650 #define MULADDC_INIT \ 651 asm( \ 652 "ldr r0, %3 \n\t" \ 653 "ldr r1, %4 \n\t" \ 654 "ldr r2, %5 \n\t" \ 655 "ldr r3, %6 \n\t" \ 656 "lsr r7, r3, #16 \n\t" \ 657 "mov r9, r7 \n\t" \ 658 "lsl r7, r3, #16 \n\t" \ 659 "lsr r7, r7, #16 \n\t" \ 660 "mov r8, r7 \n\t" 661 662 #define MULADDC_CORE \ 663 "ldmia r0!, {r6} \n\t" \ 664 "lsr r7, r6, #16 \n\t" \ 665 "lsl r6, r6, #16 \n\t" \ 666 "lsr r6, r6, #16 \n\t" \ 667 "mov r4, r8 \n\t" \ 668 "mul r4, r6 \n\t" \ 669 "mov r3, r9 \n\t" \ 670 "mul r6, r3 \n\t" \ 671 "mov r5, r9 \n\t" \ 672 "mul r5, r7 \n\t" \ 673 "mov r3, r8 \n\t" \ 674 "mul r7, r3 \n\t" \ 675 "lsr r3, r6, #16 \n\t" \ 676 "add r5, r5, r3 \n\t" \ 677 "lsr r3, r7, #16 \n\t" \ 678 "add r5, r5, r3 \n\t" \ 679 "add r4, r4, r2 \n\t" \ 680 "mov r2, #0 \n\t" \ 681 "adc r5, r2 \n\t" \ 682 "lsl r3, r6, #16 \n\t" \ 683 "add r4, r4, r3 \n\t" \ 684 "adc r5, r2 \n\t" \ 685 "lsl r3, r7, #16 \n\t" \ 686 "add r4, r4, r3 \n\t" \ 687 "adc r5, r2 \n\t" \ 688 "ldr r3, [r1] \n\t" \ 689 "add r4, r4, r3 \n\t" \ 690 "adc r2, r5 \n\t" \ 691 "stmia r1!, {r4} \n\t" 692 693 #define MULADDC_STOP \ 694 "str r2, %0 \n\t" \ 695 "str r1, %1 \n\t" \ 696 "str r0, %2 \n\t" \ 697 : "=m" (c), "=m" (d), "=m" (s) \ 698 : "m" (s), "m" (d), "m" (c), "m" (b) \ 699 : "r0", "r1", "r2", "r3", "r4", "r5", \ 700 "r6", "r7", "r8", "r9", "cc" \ 701 ); 702 703 #elif (__ARM_ARCH >= 6) && \ 704 defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) 705 706 #define MULADDC_INIT \ 707 asm( 708 709 #define MULADDC_CORE \ 710 "ldr r0, [%0], #4 \n\t" \ 711 "ldr r1, [%1] \n\t" \ 712 "umaal r1, %2, %3, r0 \n\t" \ 713 "str r1, [%1], #4 \n\t" 714 715 #define MULADDC_STOP \ 716 : "=r" (s), "=r" (d), "=r" (c) \ 717 : "r" (b), "0" (s), "1" (d), "2" (c) \ 718 : "r0", "r1", "memory" \ 719 ); 720 721 #else 722 723 #define MULADDC_INIT \ 724 asm( \ 725 "ldr r0, %3 \n\t" \ 726 "ldr r1, %4 \n\t" \ 727 "ldr r2, %5 \n\t" \ 728 "ldr r3, %6 \n\t" 729 730 #define MULADDC_CORE \ 731 "ldr r4, [r0], #4 \n\t" \ 732 "mov r5, #0 \n\t" \ 733 "ldr r6, [r1] \n\t" \ 734 "umlal r2, r5, r3, r4 \n\t" \ 735 "adds r7, r6, r2 \n\t" \ 736 "adc r2, r5, #0 \n\t" \ 737 "str r7, [r1], #4 \n\t" 738 739 #define MULADDC_STOP \ 740 "str r2, %0 \n\t" \ 741 "str r1, %1 \n\t" \ 742 "str r0, %2 \n\t" \ 743 : "=m" (c), "=m" (d), "=m" (s) \ 744 : "m" (s), "m" (d), "m" (c), "m" (b) \ 745 : "r0", "r1", "r2", "r3", "r4", "r5", \ 746 "r6", "r7", "cc" \ 747 ); 748 749 #endif /* Thumb */ 750 751 #endif /* ARMv3 */ 752 753 #if defined(__alpha__) 754 755 #define MULADDC_INIT \ 756 asm( \ 757 "ldq $1, %3 \n\t" \ 758 "ldq $2, %4 \n\t" \ 759 "ldq $3, %5 \n\t" \ 760 "ldq $4, %6 \n\t" 761 762 #define MULADDC_CORE \ 763 "ldq $6, 0($1) \n\t" \ 764 "addq $1, 8, $1 \n\t" \ 765 "mulq $6, $4, $7 \n\t" \ 766 "umulh $6, $4, $6 \n\t" \ 767 "addq $7, $3, $7 \n\t" \ 768 "cmpult $7, $3, $3 \n\t" \ 769 "ldq $5, 0($2) \n\t" \ 770 "addq $7, $5, $7 \n\t" \ 771 "cmpult $7, $5, $5 \n\t" \ 772 "stq $7, 0($2) \n\t" \ 773 "addq $2, 8, $2 \n\t" \ 774 "addq $6, $3, $3 \n\t" \ 775 "addq $5, $3, $3 \n\t" 776 777 #define MULADDC_STOP \ 778 "stq $3, %0 \n\t" \ 779 "stq $2, %1 \n\t" \ 780 "stq $1, %2 \n\t" \ 781 : "=m" (c), "=m" (d), "=m" (s) \ 782 : "m" (s), "m" (d), "m" (c), "m" (b) \ 783 : "$1", "$2", "$3", "$4", "$5", "$6", "$7" \ 784 ); 785 #endif /* Alpha */ 786 787 #if defined(__mips__) && !defined(__mips64) 788 789 #define MULADDC_INIT \ 790 asm( \ 791 "lw $10, %3 \n\t" \ 792 "lw $11, %4 \n\t" \ 793 "lw $12, %5 \n\t" \ 794 "lw $13, %6 \n\t" 795 796 #define MULADDC_CORE \ 797 "lw $14, 0($10) \n\t" \ 798 "multu $13, $14 \n\t" \ 799 "addi $10, $10, 4 \n\t" \ 800 "mflo $14 \n\t" \ 801 "mfhi $9 \n\t" \ 802 "addu $14, $12, $14 \n\t" \ 803 "lw $15, 0($11) \n\t" \ 804 "sltu $12, $14, $12 \n\t" \ 805 "addu $15, $14, $15 \n\t" \ 806 "sltu $14, $15, $14 \n\t" \ 807 "addu $12, $12, $9 \n\t" \ 808 "sw $15, 0($11) \n\t" \ 809 "addu $12, $12, $14 \n\t" \ 810 "addi $11, $11, 4 \n\t" 811 812 #define MULADDC_STOP \ 813 "sw $12, %0 \n\t" \ 814 "sw $11, %1 \n\t" \ 815 "sw $10, %2 \n\t" \ 816 : "=m" (c), "=m" (d), "=m" (s) \ 817 : "m" (s), "m" (d), "m" (c), "m" (b) \ 818 : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \ 819 ); 820 821 #endif /* MIPS */ 822 #endif /* GNUC */ 823 824 #if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) 825 826 #define MULADDC_INIT \ 827 __asm mov esi, s \ 828 __asm mov edi, d \ 829 __asm mov ecx, c \ 830 __asm mov ebx, b 831 832 #define MULADDC_CORE \ 833 __asm lodsd \ 834 __asm mul ebx \ 835 __asm add eax, ecx \ 836 __asm adc edx, 0 \ 837 __asm add eax, [edi] \ 838 __asm adc edx, 0 \ 839 __asm mov ecx, edx \ 840 __asm stosd 841 842 #if defined(MBEDTLS_HAVE_SSE2) 843 844 #define EMIT __asm _emit 845 846 #define MULADDC_HUIT \ 847 EMIT 0x0F EMIT 0x6E EMIT 0xC9 \ 848 EMIT 0x0F EMIT 0x6E EMIT 0xC3 \ 849 EMIT 0x0F EMIT 0x6E EMIT 0x1F \ 850 EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ 851 EMIT 0x0F EMIT 0x6E EMIT 0x16 \ 852 EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ 853 EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x04 \ 854 EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ 855 EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x08 \ 856 EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ 857 EMIT 0x0F EMIT 0x6E EMIT 0x7E EMIT 0x0C \ 858 EMIT 0x0F EMIT 0xF4 EMIT 0xF8 \ 859 EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ 860 EMIT 0x0F EMIT 0x6E EMIT 0x5F EMIT 0x04 \ 861 EMIT 0x0F EMIT 0xD4 EMIT 0xDC \ 862 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x08 \ 863 EMIT 0x0F EMIT 0xD4 EMIT 0xEE \ 864 EMIT 0x0F EMIT 0x6E EMIT 0x67 EMIT 0x0C \ 865 EMIT 0x0F EMIT 0xD4 EMIT 0xFC \ 866 EMIT 0x0F EMIT 0x7E EMIT 0x0F \ 867 EMIT 0x0F EMIT 0x6E EMIT 0x56 EMIT 0x10 \ 868 EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ 869 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 870 EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x14 \ 871 EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ 872 EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ 873 EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x18 \ 874 EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ 875 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x04 \ 876 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 877 EMIT 0x0F EMIT 0x6E EMIT 0x5E EMIT 0x1C \ 878 EMIT 0x0F EMIT 0xF4 EMIT 0xD8 \ 879 EMIT 0x0F EMIT 0xD4 EMIT 0xCD \ 880 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x10 \ 881 EMIT 0x0F EMIT 0xD4 EMIT 0xD5 \ 882 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x08 \ 883 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 884 EMIT 0x0F EMIT 0xD4 EMIT 0xCF \ 885 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x14 \ 886 EMIT 0x0F EMIT 0xD4 EMIT 0xE5 \ 887 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x0C \ 888 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 889 EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ 890 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x18 \ 891 EMIT 0x0F EMIT 0xD4 EMIT 0xF5 \ 892 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x10 \ 893 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 894 EMIT 0x0F EMIT 0xD4 EMIT 0xCC \ 895 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x1C \ 896 EMIT 0x0F EMIT 0xD4 EMIT 0xDD \ 897 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x14 \ 898 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 899 EMIT 0x0F EMIT 0xD4 EMIT 0xCE \ 900 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x18 \ 901 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 902 EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ 903 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x1C \ 904 EMIT 0x83 EMIT 0xC7 EMIT 0x20 \ 905 EMIT 0x83 EMIT 0xC6 EMIT 0x20 \ 906 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 907 EMIT 0x0F EMIT 0x7E EMIT 0xC9 908 909 #define MULADDC_STOP \ 910 EMIT 0x0F EMIT 0x77 \ 911 __asm mov c, ecx \ 912 __asm mov d, edi \ 913 __asm mov s, esi \ 914 915 #else 916 917 #define MULADDC_STOP \ 918 __asm mov c, ecx \ 919 __asm mov d, edi \ 920 __asm mov s, esi \ 921 922 #endif /* SSE2 */ 923 #endif /* MSVC */ 924 925 #endif /* MBEDTLS_HAVE_ASM */ 926 927 #if !defined(MULADDC_CORE) 928 #if defined(MBEDTLS_HAVE_UDBL) 929 930 #define MULADDC_INIT \ 931 { \ 932 mbedtls_t_udbl r; \ 933 mbedtls_mpi_uint r0, r1; 934 935 #define MULADDC_CORE \ 936 r = *(s++) * (mbedtls_t_udbl) b; \ 937 r0 = (mbedtls_mpi_uint) r; \ 938 r1 = (mbedtls_mpi_uint)( r >> biL ); \ 939 r0 += c; r1 += (r0 < c); \ 940 r0 += *d; r1 += (r0 < *d); \ 941 c = r1; *(d++) = r0; 942 943 #define MULADDC_STOP \ 944 } 945 946 #else 947 #define MULADDC_INIT \ 948 { \ 949 mbedtls_mpi_uint s0, s1, b0, b1; \ 950 mbedtls_mpi_uint r0, r1, rx, ry; \ 951 b0 = ( b << biH ) >> biH; \ 952 b1 = ( b >> biH ); 953 954 #define MULADDC_CORE \ 955 s0 = ( *s << biH ) >> biH; \ 956 s1 = ( *s >> biH ); s++; \ 957 rx = s0 * b1; r0 = s0 * b0; \ 958 ry = s1 * b0; r1 = s1 * b1; \ 959 r1 += ( rx >> biH ); \ 960 r1 += ( ry >> biH ); \ 961 rx <<= biH; ry <<= biH; \ 962 r0 += rx; r1 += (r0 < rx); \ 963 r0 += ry; r1 += (r0 < ry); \ 964 r0 += c; r1 += (r0 < c); \ 965 r0 += *d; r1 += (r0 < *d); \ 966 c = r1; *(d++) = r0; 967 968 #define MULADDC_STOP \ 969 } 970 971 #endif /* C (generic) */ 972 #endif /* C (longlong) */ 973 974 #endif /* bn_mul.h */ 975