1 /** 2 * \file bn_mul.h 3 * 4 * \brief Multi-precision integer library 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 /* 11 * Multiply source vector [s] with b, add result 12 * to destination vector [d] and set carry c. 13 * 14 * Currently supports: 15 * 16 * . IA-32 (386+) . AMD64 / EM64T 17 * . IA-32 (SSE2) . Motorola 68000 18 * . PowerPC, 32-bit . MicroBlaze 19 * . PowerPC, 64-bit . TriCore 20 * . SPARC v8 . ARM v3+ 21 * . Alpha . MIPS32 22 * . C, longlong . C, generic 23 */ 24 #ifndef MBEDTLS_BN_MUL_H 25 #define MBEDTLS_BN_MUL_H 26 27 #if !defined(MBEDTLS_CONFIG_FILE) 28 #include "mbedtls/config.h" 29 #else 30 #include MBEDTLS_CONFIG_FILE 31 #endif 32 33 #include "mbedtls/bignum.h" 34 35 36 /* 37 * Conversion macros for embedded constants: 38 * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2 39 */ 40 #if defined(MBEDTLS_HAVE_INT32) 41 42 #define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d) \ 43 ((mbedtls_mpi_uint) (a) << 0) | \ 44 ((mbedtls_mpi_uint) (b) << 8) | \ 45 ((mbedtls_mpi_uint) (c) << 16) | \ 46 ((mbedtls_mpi_uint) (d) << 24) 47 48 #define MBEDTLS_BYTES_TO_T_UINT_2(a, b) \ 49 MBEDTLS_BYTES_TO_T_UINT_4(a, b, 0, 0) 50 51 #define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h) \ 52 MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d), \ 53 MBEDTLS_BYTES_TO_T_UINT_4(e, f, g, h) 54 55 #else /* 64-bits */ 56 57 #define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h) \ 58 ((mbedtls_mpi_uint) (a) << 0) | \ 59 ((mbedtls_mpi_uint) (b) << 8) | \ 60 ((mbedtls_mpi_uint) (c) << 16) | \ 61 ((mbedtls_mpi_uint) (d) << 24) | \ 62 ((mbedtls_mpi_uint) (e) << 32) | \ 63 ((mbedtls_mpi_uint) (f) << 40) | \ 64 ((mbedtls_mpi_uint) (g) << 48) | \ 65 ((mbedtls_mpi_uint) (h) << 56) 66 67 #define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d) \ 68 MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, 0, 0, 0, 0) 69 70 #define MBEDTLS_BYTES_TO_T_UINT_2(a, b) \ 71 MBEDTLS_BYTES_TO_T_UINT_8(a, b, 0, 0, 0, 0, 0, 0) 72 73 #endif /* bits in mbedtls_mpi_uint */ 74 75 /* *INDENT-OFF* */ 76 #if defined(MBEDTLS_HAVE_ASM) 77 78 #ifndef asm 79 #define asm __asm 80 #endif 81 82 /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ 83 #if defined(__GNUC__) && \ 84 ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) 85 86 /* 87 * GCC < 5.0 treated the x86 ebx (which is used for the GOT) as a 88 * fixed reserved register when building as PIC, leading to errors 89 * like: bn_mul.h:46:13: error: PIC register clobbered by 'ebx' in 'asm' 90 * 91 * This is fixed by an improved register allocator in GCC 5+. From the 92 * release notes: 93 * Register allocation improvements: Reuse of the PIC hard register, 94 * instead of using a fixed register, was implemented on x86/x86-64 95 * targets. This improves generated PIC code performance as more hard 96 * registers can be used. 97 */ 98 #if defined(__GNUC__) && __GNUC__ < 5 && defined(__PIC__) 99 #define MULADDC_CANNOT_USE_EBX 100 #endif 101 102 /* 103 * Disable use of the i386 assembly code below if option -O0, to disable all 104 * compiler optimisations, is passed, detected with __OPTIMIZE__ 105 * This is done as the number of registers used in the assembly code doesn't 106 * work with the -O0 option. 107 */ 108 #if defined(__i386__) && defined(__OPTIMIZE__) && !defined(MULADDC_CANNOT_USE_EBX) 109 110 #define MULADDC_INIT \ 111 asm( \ 112 "movl %%ebx, %0 \n\t" \ 113 "movl %5, %%esi \n\t" \ 114 "movl %6, %%edi \n\t" \ 115 "movl %7, %%ecx \n\t" \ 116 "movl %8, %%ebx \n\t" 117 118 #define MULADDC_CORE \ 119 "lodsl \n\t" \ 120 "mull %%ebx \n\t" \ 121 "addl %%ecx, %%eax \n\t" \ 122 "adcl $0, %%edx \n\t" \ 123 "addl (%%edi), %%eax \n\t" \ 124 "adcl $0, %%edx \n\t" \ 125 "movl %%edx, %%ecx \n\t" \ 126 "stosl \n\t" 127 128 #if defined(MBEDTLS_HAVE_SSE2) 129 130 #define MULADDC_HUIT \ 131 "movd %%ecx, %%mm1 \n\t" \ 132 "movd %%ebx, %%mm0 \n\t" \ 133 "movd (%%edi), %%mm3 \n\t" \ 134 "paddq %%mm3, %%mm1 \n\t" \ 135 "movd (%%esi), %%mm2 \n\t" \ 136 "pmuludq %%mm0, %%mm2 \n\t" \ 137 "movd 4(%%esi), %%mm4 \n\t" \ 138 "pmuludq %%mm0, %%mm4 \n\t" \ 139 "movd 8(%%esi), %%mm6 \n\t" \ 140 "pmuludq %%mm0, %%mm6 \n\t" \ 141 "movd 12(%%esi), %%mm7 \n\t" \ 142 "pmuludq %%mm0, %%mm7 \n\t" \ 143 "paddq %%mm2, %%mm1 \n\t" \ 144 "movd 4(%%edi), %%mm3 \n\t" \ 145 "paddq %%mm4, %%mm3 \n\t" \ 146 "movd 8(%%edi), %%mm5 \n\t" \ 147 "paddq %%mm6, %%mm5 \n\t" \ 148 "movd 12(%%edi), %%mm4 \n\t" \ 149 "paddq %%mm4, %%mm7 \n\t" \ 150 "movd %%mm1, (%%edi) \n\t" \ 151 "movd 16(%%esi), %%mm2 \n\t" \ 152 "pmuludq %%mm0, %%mm2 \n\t" \ 153 "psrlq $32, %%mm1 \n\t" \ 154 "movd 20(%%esi), %%mm4 \n\t" \ 155 "pmuludq %%mm0, %%mm4 \n\t" \ 156 "paddq %%mm3, %%mm1 \n\t" \ 157 "movd 24(%%esi), %%mm6 \n\t" \ 158 "pmuludq %%mm0, %%mm6 \n\t" \ 159 "movd %%mm1, 4(%%edi) \n\t" \ 160 "psrlq $32, %%mm1 \n\t" \ 161 "movd 28(%%esi), %%mm3 \n\t" \ 162 "pmuludq %%mm0, %%mm3 \n\t" \ 163 "paddq %%mm5, %%mm1 \n\t" \ 164 "movd 16(%%edi), %%mm5 \n\t" \ 165 "paddq %%mm5, %%mm2 \n\t" \ 166 "movd %%mm1, 8(%%edi) \n\t" \ 167 "psrlq $32, %%mm1 \n\t" \ 168 "paddq %%mm7, %%mm1 \n\t" \ 169 "movd 20(%%edi), %%mm5 \n\t" \ 170 "paddq %%mm5, %%mm4 \n\t" \ 171 "movd %%mm1, 12(%%edi) \n\t" \ 172 "psrlq $32, %%mm1 \n\t" \ 173 "paddq %%mm2, %%mm1 \n\t" \ 174 "movd 24(%%edi), %%mm5 \n\t" \ 175 "paddq %%mm5, %%mm6 \n\t" \ 176 "movd %%mm1, 16(%%edi) \n\t" \ 177 "psrlq $32, %%mm1 \n\t" \ 178 "paddq %%mm4, %%mm1 \n\t" \ 179 "movd 28(%%edi), %%mm5 \n\t" \ 180 "paddq %%mm5, %%mm3 \n\t" \ 181 "movd %%mm1, 20(%%edi) \n\t" \ 182 "psrlq $32, %%mm1 \n\t" \ 183 "paddq %%mm6, %%mm1 \n\t" \ 184 "movd %%mm1, 24(%%edi) \n\t" \ 185 "psrlq $32, %%mm1 \n\t" \ 186 "paddq %%mm3, %%mm1 \n\t" \ 187 "movd %%mm1, 28(%%edi) \n\t" \ 188 "addl $32, %%edi \n\t" \ 189 "addl $32, %%esi \n\t" \ 190 "psrlq $32, %%mm1 \n\t" \ 191 "movd %%mm1, %%ecx \n\t" 192 193 #define MULADDC_STOP \ 194 "emms \n\t" \ 195 "movl %4, %%ebx \n\t" \ 196 "movl %%ecx, %1 \n\t" \ 197 "movl %%edi, %2 \n\t" \ 198 "movl %%esi, %3 \n\t" \ 199 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ 200 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ 201 : "eax", "ebx", "ecx", "edx", "esi", "edi" \ 202 ); 203 204 #else 205 206 #define MULADDC_STOP \ 207 "movl %4, %%ebx \n\t" \ 208 "movl %%ecx, %1 \n\t" \ 209 "movl %%edi, %2 \n\t" \ 210 "movl %%esi, %3 \n\t" \ 211 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ 212 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ 213 : "eax", "ebx", "ecx", "edx", "esi", "edi" \ 214 ); 215 #endif /* SSE2 */ 216 #endif /* i386 */ 217 218 #if defined(__amd64__) || defined (__x86_64__) 219 220 #define MULADDC_INIT \ 221 asm( \ 222 "xorq %%r8, %%r8\n" 223 224 #define MULADDC_CORE \ 225 "movq (%%rsi), %%rax\n" \ 226 "mulq %%rbx\n" \ 227 "addq $8, %%rsi\n" \ 228 "addq %%rcx, %%rax\n" \ 229 "movq %%r8, %%rcx\n" \ 230 "adcq $0, %%rdx\n" \ 231 "nop \n" \ 232 "addq %%rax, (%%rdi)\n" \ 233 "adcq %%rdx, %%rcx\n" \ 234 "addq $8, %%rdi\n" 235 236 #define MULADDC_STOP \ 237 : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ 238 : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ 239 : "rax", "rdx", "r8" \ 240 ); 241 242 #endif /* AMD64 */ 243 244 #if defined(__aarch64__) 245 246 #define MULADDC_INIT \ 247 asm( 248 249 #define MULADDC_CORE \ 250 "ldr x4, [%2], #8 \n\t" \ 251 "ldr x5, [%1] \n\t" \ 252 "mul x6, x4, %4 \n\t" \ 253 "umulh x7, x4, %4 \n\t" \ 254 "adds x5, x5, x6 \n\t" \ 255 "adc x7, x7, xzr \n\t" \ 256 "adds x5, x5, %0 \n\t" \ 257 "adc %0, x7, xzr \n\t" \ 258 "str x5, [%1], #8 \n\t" 259 260 #define MULADDC_STOP \ 261 : "+r" (c), "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d) \ 262 : "r" (b), "m" (*(const uint64_t (*)[16]) s) \ 263 : "x4", "x5", "x6", "x7", "cc" \ 264 ); 265 266 #endif /* Aarch64 */ 267 268 #if defined(__mc68020__) || defined(__mcpu32__) 269 270 #define MULADDC_INIT \ 271 asm( \ 272 "movl %3, %%a2 \n\t" \ 273 "movl %4, %%a3 \n\t" \ 274 "movl %5, %%d3 \n\t" \ 275 "movl %6, %%d2 \n\t" \ 276 "moveq #0, %%d0 \n\t" 277 278 #define MULADDC_CORE \ 279 "movel %%a2@+, %%d1 \n\t" \ 280 "mulul %%d2, %%d4:%%d1 \n\t" \ 281 "addl %%d3, %%d1 \n\t" \ 282 "addxl %%d0, %%d4 \n\t" \ 283 "moveq #0, %%d3 \n\t" \ 284 "addl %%d1, %%a3@+ \n\t" \ 285 "addxl %%d4, %%d3 \n\t" 286 287 #define MULADDC_STOP \ 288 "movl %%d3, %0 \n\t" \ 289 "movl %%a3, %1 \n\t" \ 290 "movl %%a2, %2 \n\t" \ 291 : "=m" (c), "=m" (d), "=m" (s) \ 292 : "m" (s), "m" (d), "m" (c), "m" (b) \ 293 : "d0", "d1", "d2", "d3", "d4", "a2", "a3" \ 294 ); 295 296 #define MULADDC_HUIT \ 297 "movel %%a2@+, %%d1 \n\t" \ 298 "mulul %%d2, %%d4:%%d1 \n\t" \ 299 "addxl %%d3, %%d1 \n\t" \ 300 "addxl %%d0, %%d4 \n\t" \ 301 "addl %%d1, %%a3@+ \n\t" \ 302 "movel %%a2@+, %%d1 \n\t" \ 303 "mulul %%d2, %%d3:%%d1 \n\t" \ 304 "addxl %%d4, %%d1 \n\t" \ 305 "addxl %%d0, %%d3 \n\t" \ 306 "addl %%d1, %%a3@+ \n\t" \ 307 "movel %%a2@+, %%d1 \n\t" \ 308 "mulul %%d2, %%d4:%%d1 \n\t" \ 309 "addxl %%d3, %%d1 \n\t" \ 310 "addxl %%d0, %%d4 \n\t" \ 311 "addl %%d1, %%a3@+ \n\t" \ 312 "movel %%a2@+, %%d1 \n\t" \ 313 "mulul %%d2, %%d3:%%d1 \n\t" \ 314 "addxl %%d4, %%d1 \n\t" \ 315 "addxl %%d0, %%d3 \n\t" \ 316 "addl %%d1, %%a3@+ \n\t" \ 317 "movel %%a2@+, %%d1 \n\t" \ 318 "mulul %%d2, %%d4:%%d1 \n\t" \ 319 "addxl %%d3, %%d1 \n\t" \ 320 "addxl %%d0, %%d4 \n\t" \ 321 "addl %%d1, %%a3@+ \n\t" \ 322 "movel %%a2@+, %%d1 \n\t" \ 323 "mulul %%d2, %%d3:%%d1 \n\t" \ 324 "addxl %%d4, %%d1 \n\t" \ 325 "addxl %%d0, %%d3 \n\t" \ 326 "addl %%d1, %%a3@+ \n\t" \ 327 "movel %%a2@+, %%d1 \n\t" \ 328 "mulul %%d2, %%d4:%%d1 \n\t" \ 329 "addxl %%d3, %%d1 \n\t" \ 330 "addxl %%d0, %%d4 \n\t" \ 331 "addl %%d1, %%a3@+ \n\t" \ 332 "movel %%a2@+, %%d1 \n\t" \ 333 "mulul %%d2, %%d3:%%d1 \n\t" \ 334 "addxl %%d4, %%d1 \n\t" \ 335 "addxl %%d0, %%d3 \n\t" \ 336 "addl %%d1, %%a3@+ \n\t" \ 337 "addxl %%d0, %%d3 \n\t" 338 339 #endif /* MC68000 */ 340 341 #if defined(__powerpc64__) || defined(__ppc64__) 342 343 #if defined(__MACH__) && defined(__APPLE__) 344 345 #define MULADDC_INIT \ 346 asm( \ 347 "ld r3, %3 \n\t" \ 348 "ld r4, %4 \n\t" \ 349 "ld r5, %5 \n\t" \ 350 "ld r6, %6 \n\t" \ 351 "addi r3, r3, -8 \n\t" \ 352 "addi r4, r4, -8 \n\t" \ 353 "addic r5, r5, 0 \n\t" 354 355 #define MULADDC_CORE \ 356 "ldu r7, 8(r3) \n\t" \ 357 "mulld r8, r7, r6 \n\t" \ 358 "mulhdu r9, r7, r6 \n\t" \ 359 "adde r8, r8, r5 \n\t" \ 360 "ld r7, 8(r4) \n\t" \ 361 "addze r5, r9 \n\t" \ 362 "addc r8, r8, r7 \n\t" \ 363 "stdu r8, 8(r4) \n\t" 364 365 #define MULADDC_STOP \ 366 "addze r5, r5 \n\t" \ 367 "addi r4, r4, 8 \n\t" \ 368 "addi r3, r3, 8 \n\t" \ 369 "std r5, %0 \n\t" \ 370 "std r4, %1 \n\t" \ 371 "std r3, %2 \n\t" \ 372 : "=m" (c), "=m" (d), "=m" (s) \ 373 : "m" (s), "m" (d), "m" (c), "m" (b) \ 374 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 375 ); 376 377 378 #else /* __MACH__ && __APPLE__ */ 379 380 #define MULADDC_INIT \ 381 asm( \ 382 "ld %%r3, %3 \n\t" \ 383 "ld %%r4, %4 \n\t" \ 384 "ld %%r5, %5 \n\t" \ 385 "ld %%r6, %6 \n\t" \ 386 "addi %%r3, %%r3, -8 \n\t" \ 387 "addi %%r4, %%r4, -8 \n\t" \ 388 "addic %%r5, %%r5, 0 \n\t" 389 390 #define MULADDC_CORE \ 391 "ldu %%r7, 8(%%r3) \n\t" \ 392 "mulld %%r8, %%r7, %%r6 \n\t" \ 393 "mulhdu %%r9, %%r7, %%r6 \n\t" \ 394 "adde %%r8, %%r8, %%r5 \n\t" \ 395 "ld %%r7, 8(%%r4) \n\t" \ 396 "addze %%r5, %%r9 \n\t" \ 397 "addc %%r8, %%r8, %%r7 \n\t" \ 398 "stdu %%r8, 8(%%r4) \n\t" 399 400 #define MULADDC_STOP \ 401 "addze %%r5, %%r5 \n\t" \ 402 "addi %%r4, %%r4, 8 \n\t" \ 403 "addi %%r3, %%r3, 8 \n\t" \ 404 "std %%r5, %0 \n\t" \ 405 "std %%r4, %1 \n\t" \ 406 "std %%r3, %2 \n\t" \ 407 : "=m" (c), "=m" (d), "=m" (s) \ 408 : "m" (s), "m" (d), "m" (c), "m" (b) \ 409 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 410 ); 411 412 #endif /* __MACH__ && __APPLE__ */ 413 414 #elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32 */ 415 416 #if defined(__MACH__) && defined(__APPLE__) 417 418 #define MULADDC_INIT \ 419 asm( \ 420 "lwz r3, %3 \n\t" \ 421 "lwz r4, %4 \n\t" \ 422 "lwz r5, %5 \n\t" \ 423 "lwz r6, %6 \n\t" \ 424 "addi r3, r3, -4 \n\t" \ 425 "addi r4, r4, -4 \n\t" \ 426 "addic r5, r5, 0 \n\t" 427 428 #define MULADDC_CORE \ 429 "lwzu r7, 4(r3) \n\t" \ 430 "mullw r8, r7, r6 \n\t" \ 431 "mulhwu r9, r7, r6 \n\t" \ 432 "adde r8, r8, r5 \n\t" \ 433 "lwz r7, 4(r4) \n\t" \ 434 "addze r5, r9 \n\t" \ 435 "addc r8, r8, r7 \n\t" \ 436 "stwu r8, 4(r4) \n\t" 437 438 #define MULADDC_STOP \ 439 "addze r5, r5 \n\t" \ 440 "addi r4, r4, 4 \n\t" \ 441 "addi r3, r3, 4 \n\t" \ 442 "stw r5, %0 \n\t" \ 443 "stw r4, %1 \n\t" \ 444 "stw r3, %2 \n\t" \ 445 : "=m" (c), "=m" (d), "=m" (s) \ 446 : "m" (s), "m" (d), "m" (c), "m" (b) \ 447 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 448 ); 449 450 #else /* __MACH__ && __APPLE__ */ 451 452 #define MULADDC_INIT \ 453 asm( \ 454 "lwz %%r3, %3 \n\t" \ 455 "lwz %%r4, %4 \n\t" \ 456 "lwz %%r5, %5 \n\t" \ 457 "lwz %%r6, %6 \n\t" \ 458 "addi %%r3, %%r3, -4 \n\t" \ 459 "addi %%r4, %%r4, -4 \n\t" \ 460 "addic %%r5, %%r5, 0 \n\t" 461 462 #define MULADDC_CORE \ 463 "lwzu %%r7, 4(%%r3) \n\t" \ 464 "mullw %%r8, %%r7, %%r6 \n\t" \ 465 "mulhwu %%r9, %%r7, %%r6 \n\t" \ 466 "adde %%r8, %%r8, %%r5 \n\t" \ 467 "lwz %%r7, 4(%%r4) \n\t" \ 468 "addze %%r5, %%r9 \n\t" \ 469 "addc %%r8, %%r8, %%r7 \n\t" \ 470 "stwu %%r8, 4(%%r4) \n\t" 471 472 #define MULADDC_STOP \ 473 "addze %%r5, %%r5 \n\t" \ 474 "addi %%r4, %%r4, 4 \n\t" \ 475 "addi %%r3, %%r3, 4 \n\t" \ 476 "stw %%r5, %0 \n\t" \ 477 "stw %%r4, %1 \n\t" \ 478 "stw %%r3, %2 \n\t" \ 479 : "=m" (c), "=m" (d), "=m" (s) \ 480 : "m" (s), "m" (d), "m" (c), "m" (b) \ 481 : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ 482 ); 483 484 #endif /* __MACH__ && __APPLE__ */ 485 486 #endif /* PPC32 */ 487 488 /* 489 * The Sparc(64) assembly is reported to be broken. 490 * Disable it for now, until we're able to fix it. 491 */ 492 #if 0 && defined(__sparc__) 493 #if defined(__sparc64__) 494 495 #define MULADDC_INIT \ 496 asm( \ 497 "ldx %3, %%o0 \n\t" \ 498 "ldx %4, %%o1 \n\t" \ 499 "ld %5, %%o2 \n\t" \ 500 "ld %6, %%o3 \n\t" 501 502 #define MULADDC_CORE \ 503 "ld [%%o0], %%o4 \n\t" \ 504 "inc 4, %%o0 \n\t" \ 505 "ld [%%o1], %%o5 \n\t" \ 506 "umul %%o3, %%o4, %%o4 \n\t" \ 507 "addcc %%o4, %%o2, %%o4 \n\t" \ 508 "rd %%y, %%g1 \n\t" \ 509 "addx %%g1, 0, %%g1 \n\t" \ 510 "addcc %%o4, %%o5, %%o4 \n\t" \ 511 "st %%o4, [%%o1] \n\t" \ 512 "addx %%g1, 0, %%o2 \n\t" \ 513 "inc 4, %%o1 \n\t" 514 515 #define MULADDC_STOP \ 516 "st %%o2, %0 \n\t" \ 517 "stx %%o1, %1 \n\t" \ 518 "stx %%o0, %2 \n\t" \ 519 : "=m" (c), "=m" (d), "=m" (s) \ 520 : "m" (s), "m" (d), "m" (c), "m" (b) \ 521 : "g1", "o0", "o1", "o2", "o3", "o4", \ 522 "o5" \ 523 ); 524 525 #else /* __sparc64__ */ 526 527 #define MULADDC_INIT \ 528 asm( \ 529 "ld %3, %%o0 \n\t" \ 530 "ld %4, %%o1 \n\t" \ 531 "ld %5, %%o2 \n\t" \ 532 "ld %6, %%o3 \n\t" 533 534 #define MULADDC_CORE \ 535 "ld [%%o0], %%o4 \n\t" \ 536 "inc 4, %%o0 \n\t" \ 537 "ld [%%o1], %%o5 \n\t" \ 538 "umul %%o3, %%o4, %%o4 \n\t" \ 539 "addcc %%o4, %%o2, %%o4 \n\t" \ 540 "rd %%y, %%g1 \n\t" \ 541 "addx %%g1, 0, %%g1 \n\t" \ 542 "addcc %%o4, %%o5, %%o4 \n\t" \ 543 "st %%o4, [%%o1] \n\t" \ 544 "addx %%g1, 0, %%o2 \n\t" \ 545 "inc 4, %%o1 \n\t" 546 547 #define MULADDC_STOP \ 548 "st %%o2, %0 \n\t" \ 549 "st %%o1, %1 \n\t" \ 550 "st %%o0, %2 \n\t" \ 551 : "=m" (c), "=m" (d), "=m" (s) \ 552 : "m" (s), "m" (d), "m" (c), "m" (b) \ 553 : "g1", "o0", "o1", "o2", "o3", "o4", \ 554 "o5" \ 555 ); 556 557 #endif /* __sparc64__ */ 558 #endif /* __sparc__ */ 559 560 #if defined(__microblaze__) || defined(microblaze) 561 562 #define MULADDC_INIT \ 563 asm( \ 564 "lwi r3, %3 \n\t" \ 565 "lwi r4, %4 \n\t" \ 566 "lwi r5, %5 \n\t" \ 567 "lwi r6, %6 \n\t" \ 568 "andi r7, r6, 0xffff \n\t" \ 569 "bsrli r6, r6, 16 \n\t" 570 571 #if(__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) 572 #define MULADDC_LHUI \ 573 "lhui r9, r3, 0 \n\t" \ 574 "addi r3, r3, 2 \n\t" \ 575 "lhui r8, r3, 0 \n\t" 576 #else 577 #define MULADDC_LHUI \ 578 "lhui r8, r3, 0 \n\t" \ 579 "addi r3, r3, 2 \n\t" \ 580 "lhui r9, r3, 0 \n\t" 581 #endif 582 583 #define MULADDC_CORE \ 584 MULADDC_LHUI \ 585 "addi r3, r3, 2 \n\t" \ 586 "mul r10, r9, r6 \n\t" \ 587 "mul r11, r8, r7 \n\t" \ 588 "mul r12, r9, r7 \n\t" \ 589 "mul r13, r8, r6 \n\t" \ 590 "bsrli r8, r10, 16 \n\t" \ 591 "bsrli r9, r11, 16 \n\t" \ 592 "add r13, r13, r8 \n\t" \ 593 "add r13, r13, r9 \n\t" \ 594 "bslli r10, r10, 16 \n\t" \ 595 "bslli r11, r11, 16 \n\t" \ 596 "add r12, r12, r10 \n\t" \ 597 "addc r13, r13, r0 \n\t" \ 598 "add r12, r12, r11 \n\t" \ 599 "addc r13, r13, r0 \n\t" \ 600 "lwi r10, r4, 0 \n\t" \ 601 "add r12, r12, r10 \n\t" \ 602 "addc r13, r13, r0 \n\t" \ 603 "add r12, r12, r5 \n\t" \ 604 "addc r5, r13, r0 \n\t" \ 605 "swi r12, r4, 0 \n\t" \ 606 "addi r4, r4, 4 \n\t" 607 608 #define MULADDC_STOP \ 609 "swi r5, %0 \n\t" \ 610 "swi r4, %1 \n\t" \ 611 "swi r3, %2 \n\t" \ 612 : "=m" (c), "=m" (d), "=m" (s) \ 613 : "m" (s), "m" (d), "m" (c), "m" (b) \ 614 : "r3", "r4", "r5", "r6", "r7", "r8", \ 615 "r9", "r10", "r11", "r12", "r13" \ 616 ); 617 618 #endif /* MicroBlaze */ 619 620 #if defined(__tricore__) 621 622 #define MULADDC_INIT \ 623 asm( \ 624 "ld.a %%a2, %3 \n\t" \ 625 "ld.a %%a3, %4 \n\t" \ 626 "ld.w %%d4, %5 \n\t" \ 627 "ld.w %%d1, %6 \n\t" \ 628 "xor %%d5, %%d5 \n\t" 629 630 #define MULADDC_CORE \ 631 "ld.w %%d0, [%%a2+] \n\t" \ 632 "madd.u %%e2, %%e4, %%d0, %%d1 \n\t" \ 633 "ld.w %%d0, [%%a3] \n\t" \ 634 "addx %%d2, %%d2, %%d0 \n\t" \ 635 "addc %%d3, %%d3, 0 \n\t" \ 636 "mov %%d4, %%d3 \n\t" \ 637 "st.w [%%a3+], %%d2 \n\t" 638 639 #define MULADDC_STOP \ 640 "st.w %0, %%d4 \n\t" \ 641 "st.a %1, %%a3 \n\t" \ 642 "st.a %2, %%a2 \n\t" \ 643 : "=m" (c), "=m" (d), "=m" (s) \ 644 : "m" (s), "m" (d), "m" (c), "m" (b) \ 645 : "d0", "d1", "e2", "d4", "a2", "a3" \ 646 ); 647 648 #endif /* TriCore */ 649 650 /* 651 * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about 652 * our use of r7 below, unless -fomit-frame-pointer is passed. 653 * 654 * On the other hand, -fomit-frame-pointer is implied by any -Ox options with 655 * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by 656 * clang and armcc5 under the same conditions). 657 * 658 * So, only use the optimized assembly below for optimized build, which avoids 659 * the build error and is pretty reasonable anyway. 660 */ 661 #if defined(__GNUC__) && !defined(__OPTIMIZE__) 662 #define MULADDC_CANNOT_USE_R7 663 #endif 664 665 #if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7) 666 667 #if defined(__thumb__) && !defined(__thumb2__) 668 #if !defined(__ARMCC_VERSION) && !defined(__clang__) \ 669 && !defined(__llvm__) && !defined(__INTEL_COMPILER) 670 /* 671 * Thumb 1 ISA. This code path has only been tested successfully on gcc; 672 * it does not compile on clang or armclang. 673 * 674 * Other compilers which define __GNUC__ may not work. The above macro 675 * attempts to exclude these untested compilers. 676 */ 677 678 #define MULADDC_INIT \ 679 asm( \ 680 "ldr r0, %3 \n\t" \ 681 "ldr r1, %4 \n\t" \ 682 "ldr r2, %5 \n\t" \ 683 "ldr r3, %6 \n\t" \ 684 "lsr r7, r3, #16 \n\t" \ 685 "mov r9, r7 \n\t" \ 686 "lsl r7, r3, #16 \n\t" \ 687 "lsr r7, r7, #16 \n\t" \ 688 "mov r8, r7 \n\t" 689 690 #define MULADDC_CORE \ 691 "ldmia r0!, {r6} \n\t" \ 692 "lsr r7, r6, #16 \n\t" \ 693 "lsl r6, r6, #16 \n\t" \ 694 "lsr r6, r6, #16 \n\t" \ 695 "mov r4, r8 \n\t" \ 696 "mul r4, r6 \n\t" \ 697 "mov r3, r9 \n\t" \ 698 "mul r6, r3 \n\t" \ 699 "mov r5, r9 \n\t" \ 700 "mul r5, r7 \n\t" \ 701 "mov r3, r8 \n\t" \ 702 "mul r7, r3 \n\t" \ 703 "lsr r3, r6, #16 \n\t" \ 704 "add r5, r5, r3 \n\t" \ 705 "lsr r3, r7, #16 \n\t" \ 706 "add r5, r5, r3 \n\t" \ 707 "add r4, r4, r2 \n\t" \ 708 "mov r2, #0 \n\t" \ 709 "adc r5, r2 \n\t" \ 710 "lsl r3, r6, #16 \n\t" \ 711 "add r4, r4, r3 \n\t" \ 712 "adc r5, r2 \n\t" \ 713 "lsl r3, r7, #16 \n\t" \ 714 "add r4, r4, r3 \n\t" \ 715 "adc r5, r2 \n\t" \ 716 "ldr r3, [r1] \n\t" \ 717 "add r4, r4, r3 \n\t" \ 718 "adc r2, r5 \n\t" \ 719 "stmia r1!, {r4} \n\t" 720 721 #define MULADDC_STOP \ 722 "str r2, %0 \n\t" \ 723 "str r1, %1 \n\t" \ 724 "str r0, %2 \n\t" \ 725 : "=m" (c), "=m" (d), "=m" (s) \ 726 : "m" (s), "m" (d), "m" (c), "m" (b) \ 727 : "r0", "r1", "r2", "r3", "r4", "r5", \ 728 "r6", "r7", "r8", "r9", "cc" \ 729 ); 730 731 #endif /* Compiler is gcc */ 732 733 #elif (__ARM_ARCH >= 6) && \ 734 defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) 735 736 #define MULADDC_INIT \ 737 asm( 738 739 #define MULADDC_CORE \ 740 "ldr r0, [%0], #4 \n\t" \ 741 "ldr r1, [%1] \n\t" \ 742 "umaal r1, %2, %3, r0 \n\t" \ 743 "str r1, [%1], #4 \n\t" 744 745 #define MULADDC_STOP \ 746 : "=r" (s), "=r" (d), "=r" (c) \ 747 : "r" (b), "0" (s), "1" (d), "2" (c) \ 748 : "r0", "r1", "memory" \ 749 ); 750 751 #else 752 753 #define MULADDC_INIT \ 754 asm( \ 755 "ldr r0, %3 \n\t" \ 756 "ldr r1, %4 \n\t" \ 757 "ldr r2, %5 \n\t" \ 758 "ldr r3, %6 \n\t" 759 760 #define MULADDC_CORE \ 761 "ldr r4, [r0], #4 \n\t" \ 762 "mov r5, #0 \n\t" \ 763 "ldr r6, [r1] \n\t" \ 764 "umlal r2, r5, r3, r4 \n\t" \ 765 "adds r7, r6, r2 \n\t" \ 766 "adc r2, r5, #0 \n\t" \ 767 "str r7, [r1], #4 \n\t" 768 769 #define MULADDC_STOP \ 770 "str r2, %0 \n\t" \ 771 "str r1, %1 \n\t" \ 772 "str r0, %2 \n\t" \ 773 : "=m" (c), "=m" (d), "=m" (s) \ 774 : "m" (s), "m" (d), "m" (c), "m" (b) \ 775 : "r0", "r1", "r2", "r3", "r4", "r5", \ 776 "r6", "r7", "cc" \ 777 ); 778 779 #endif /* Thumb */ 780 781 #endif /* ARMv3 */ 782 783 #if defined(__alpha__) 784 785 #define MULADDC_INIT \ 786 asm( \ 787 "ldq $1, %3 \n\t" \ 788 "ldq $2, %4 \n\t" \ 789 "ldq $3, %5 \n\t" \ 790 "ldq $4, %6 \n\t" 791 792 #define MULADDC_CORE \ 793 "ldq $6, 0($1) \n\t" \ 794 "addq $1, 8, $1 \n\t" \ 795 "mulq $6, $4, $7 \n\t" \ 796 "umulh $6, $4, $6 \n\t" \ 797 "addq $7, $3, $7 \n\t" \ 798 "cmpult $7, $3, $3 \n\t" \ 799 "ldq $5, 0($2) \n\t" \ 800 "addq $7, $5, $7 \n\t" \ 801 "cmpult $7, $5, $5 \n\t" \ 802 "stq $7, 0($2) \n\t" \ 803 "addq $2, 8, $2 \n\t" \ 804 "addq $6, $3, $3 \n\t" \ 805 "addq $5, $3, $3 \n\t" 806 807 #define MULADDC_STOP \ 808 "stq $3, %0 \n\t" \ 809 "stq $2, %1 \n\t" \ 810 "stq $1, %2 \n\t" \ 811 : "=m" (c), "=m" (d), "=m" (s) \ 812 : "m" (s), "m" (d), "m" (c), "m" (b) \ 813 : "$1", "$2", "$3", "$4", "$5", "$6", "$7" \ 814 ); 815 #endif /* Alpha */ 816 817 #if defined(__mips__) && !defined(__mips64) 818 819 #define MULADDC_INIT \ 820 asm( \ 821 "lw $10, %3 \n\t" \ 822 "lw $11, %4 \n\t" \ 823 "lw $12, %5 \n\t" \ 824 "lw $13, %6 \n\t" 825 826 #define MULADDC_CORE \ 827 "lw $14, 0($10) \n\t" \ 828 "multu $13, $14 \n\t" \ 829 "addi $10, $10, 4 \n\t" \ 830 "mflo $14 \n\t" \ 831 "mfhi $9 \n\t" \ 832 "addu $14, $12, $14 \n\t" \ 833 "lw $15, 0($11) \n\t" \ 834 "sltu $12, $14, $12 \n\t" \ 835 "addu $15, $14, $15 \n\t" \ 836 "sltu $14, $15, $14 \n\t" \ 837 "addu $12, $12, $9 \n\t" \ 838 "sw $15, 0($11) \n\t" \ 839 "addu $12, $12, $14 \n\t" \ 840 "addi $11, $11, 4 \n\t" 841 842 #define MULADDC_STOP \ 843 "sw $12, %0 \n\t" \ 844 "sw $11, %1 \n\t" \ 845 "sw $10, %2 \n\t" \ 846 : "=m" (c), "=m" (d), "=m" (s) \ 847 : "m" (s), "m" (d), "m" (c), "m" (b) \ 848 : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \ 849 ); 850 851 #endif /* MIPS */ 852 #endif /* GNUC */ 853 854 #if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) 855 856 #define MULADDC_INIT \ 857 __asm mov esi, s \ 858 __asm mov edi, d \ 859 __asm mov ecx, c \ 860 __asm mov ebx, b 861 862 #define MULADDC_CORE \ 863 __asm lodsd \ 864 __asm mul ebx \ 865 __asm add eax, ecx \ 866 __asm adc edx, 0 \ 867 __asm add eax, [edi] \ 868 __asm adc edx, 0 \ 869 __asm mov ecx, edx \ 870 __asm stosd 871 872 #if defined(MBEDTLS_HAVE_SSE2) 873 874 #define EMIT __asm _emit 875 876 #define MULADDC_HUIT \ 877 EMIT 0x0F EMIT 0x6E EMIT 0xC9 \ 878 EMIT 0x0F EMIT 0x6E EMIT 0xC3 \ 879 EMIT 0x0F EMIT 0x6E EMIT 0x1F \ 880 EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ 881 EMIT 0x0F EMIT 0x6E EMIT 0x16 \ 882 EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ 883 EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x04 \ 884 EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ 885 EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x08 \ 886 EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ 887 EMIT 0x0F EMIT 0x6E EMIT 0x7E EMIT 0x0C \ 888 EMIT 0x0F EMIT 0xF4 EMIT 0xF8 \ 889 EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ 890 EMIT 0x0F EMIT 0x6E EMIT 0x5F EMIT 0x04 \ 891 EMIT 0x0F EMIT 0xD4 EMIT 0xDC \ 892 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x08 \ 893 EMIT 0x0F EMIT 0xD4 EMIT 0xEE \ 894 EMIT 0x0F EMIT 0x6E EMIT 0x67 EMIT 0x0C \ 895 EMIT 0x0F EMIT 0xD4 EMIT 0xFC \ 896 EMIT 0x0F EMIT 0x7E EMIT 0x0F \ 897 EMIT 0x0F EMIT 0x6E EMIT 0x56 EMIT 0x10 \ 898 EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ 899 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 900 EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x14 \ 901 EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ 902 EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ 903 EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x18 \ 904 EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ 905 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x04 \ 906 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 907 EMIT 0x0F EMIT 0x6E EMIT 0x5E EMIT 0x1C \ 908 EMIT 0x0F EMIT 0xF4 EMIT 0xD8 \ 909 EMIT 0x0F EMIT 0xD4 EMIT 0xCD \ 910 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x10 \ 911 EMIT 0x0F EMIT 0xD4 EMIT 0xD5 \ 912 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x08 \ 913 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 914 EMIT 0x0F EMIT 0xD4 EMIT 0xCF \ 915 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x14 \ 916 EMIT 0x0F EMIT 0xD4 EMIT 0xE5 \ 917 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x0C \ 918 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 919 EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ 920 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x18 \ 921 EMIT 0x0F EMIT 0xD4 EMIT 0xF5 \ 922 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x10 \ 923 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 924 EMIT 0x0F EMIT 0xD4 EMIT 0xCC \ 925 EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x1C \ 926 EMIT 0x0F EMIT 0xD4 EMIT 0xDD \ 927 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x14 \ 928 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 929 EMIT 0x0F EMIT 0xD4 EMIT 0xCE \ 930 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x18 \ 931 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 932 EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ 933 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x1C \ 934 EMIT 0x83 EMIT 0xC7 EMIT 0x20 \ 935 EMIT 0x83 EMIT 0xC6 EMIT 0x20 \ 936 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ 937 EMIT 0x0F EMIT 0x7E EMIT 0xC9 938 939 #define MULADDC_STOP \ 940 EMIT 0x0F EMIT 0x77 \ 941 __asm mov c, ecx \ 942 __asm mov d, edi \ 943 __asm mov s, esi \ 944 945 #else 946 947 #define MULADDC_STOP \ 948 __asm mov c, ecx \ 949 __asm mov d, edi \ 950 __asm mov s, esi \ 951 952 #endif /* SSE2 */ 953 #endif /* MSVC */ 954 955 #endif /* MBEDTLS_HAVE_ASM */ 956 957 #if !defined(MULADDC_CORE) 958 #if defined(MBEDTLS_HAVE_UDBL) 959 960 #define MULADDC_INIT \ 961 { \ 962 mbedtls_t_udbl r; \ 963 mbedtls_mpi_uint r0, r1; 964 965 #define MULADDC_CORE \ 966 r = *(s++) * (mbedtls_t_udbl) b; \ 967 r0 = (mbedtls_mpi_uint) r; \ 968 r1 = (mbedtls_mpi_uint)( r >> biL ); \ 969 r0 += c; r1 += (r0 < c); \ 970 r0 += *d; r1 += (r0 < *d); \ 971 c = r1; *(d++) = r0; 972 973 #define MULADDC_STOP \ 974 } 975 976 #else 977 #define MULADDC_INIT \ 978 { \ 979 mbedtls_mpi_uint s0, s1, b0, b1; \ 980 mbedtls_mpi_uint r0, r1, rx, ry; \ 981 b0 = ( b << biH ) >> biH; \ 982 b1 = ( b >> biH ); 983 984 #define MULADDC_CORE \ 985 s0 = ( *s << biH ) >> biH; \ 986 s1 = ( *s >> biH ); s++; \ 987 rx = s0 * b1; r0 = s0 * b0; \ 988 ry = s1 * b0; r1 = s1 * b1; \ 989 r1 += ( rx >> biH ); \ 990 r1 += ( ry >> biH ); \ 991 rx <<= biH; ry <<= biH; \ 992 r0 += rx; r1 += (r0 < rx); \ 993 r0 += ry; r1 += (r0 < ry); \ 994 r0 += c; r1 += (r0 < c); \ 995 r0 += *d; r1 += (r0 < *d); \ 996 c = r1; *(d++) = r0; 997 998 #define MULADDC_STOP \ 999 } 1000 1001 #endif /* C (generic) */ 1002 #endif /* C (longlong) */ 1003 1004 /* *INDENT-ON* */ 1005 #endif /* bn_mul.h */ 1006