2 * Copyright (C) 2017 Denys Vlasenko
4 * Licensed under GPLv2, see file LICENSE in this source tree.
9 * @file pstm_sqr_comba.c
10 * @version 33ef80f (HEAD, tag: MATRIXSSL-3-7-2-OPEN, tag: MATRIXSSL-3-7-2-COMM, origin/master, origin/HEAD, master)
12 * Multiprecision Squaring with Comba technique.
15 * Copyright (c) 2013-2015 INSIDE Secure Corporation
16 * Copyright (c) PeerSec Networks, 2002-2011
19 * The latest version of this code is available at http://www.matrixssl.org
21 * This software is open source; you can redistribute it and/or modify
22 * it under the terms of the GNU General Public License as published by
23 * the Free Software Foundation; either version 2 of the License, or
24 * (at your option) any later version.
26 * This General Public License does NOT permit incorporating this software
27 * into proprietary programs. If you are unable to comply with the GPL, a
28 * commercial license for this software may be purchased from INSIDE at
29 * http://www.insidesecure.com/eng/Company/Locations
31 * This program is distributed in WITHOUT ANY WARRANTY; without even the
32 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
33 * See the GNU General Public License for more details.
35 * You should have received a copy of the GNU General Public License
36 * along with this program; if not, write to the Free Software
37 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
38 * http://www.gnu.org/copyleft/gpl.html
40 /******************************************************************************/
43 //#include "../cryptoApi.h"
46 /******************************************************************************/
48 /* x86-32 optimized for 32 bit platforms. For 64 bit mode use X86_64 instead */
49 #if !defined(__GNUC__) || !defined(__i386__)
50 #error "PSTM_X86 option requires GCC and 32 bit mode x86 processor"
52 //#pragma message ("Using 32 bit x86 Assembly Optimizations")
59 #define COMBA_STORE(x) \
62 #define COMBA_STORE2(x) \
65 #define CARRY_FORWARD \
66 do { c0 = c1; c1 = c2; c2 = 0; } while (0);
70 #define SQRADD(i, j) \
72 "movl %6,%%eax \n\t" \
74 "addl %%eax,%0 \n\t" \
75 "adcl %%edx,%1 \n\t" \
77 :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%edx","%cc");
79 #define SQRADD2(i, j) \
81 "movl %6,%%eax \n\t" \
83 "addl %%eax,%0 \n\t" \
84 "adcl %%edx,%1 \n\t" \
86 "addl %%eax,%0 \n\t" \
87 "adcl %%edx,%1 \n\t" \
89 :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j) :"%eax","%edx","%cc");
91 #define SQRADDSC(i, j) \
93 "movl %6,%%eax \n\t" \
95 "movl %%eax,%0 \n\t" \
96 "movl %%edx,%1 \n\t" \
98 :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%eax","%edx","%cc");
100 #define SQRADDAC(i, j) \
102 "movl %6,%%eax \n\t" \
104 "addl %%eax,%0 \n\t" \
105 "adcl %%edx,%1 \n\t" \
107 :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%eax","%edx","%cc");
117 :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "%cc");
119 /******************************************************************************/
120 #elif defined(PSTM_X86_64)
121 /* x86-64 optimized */
122 #if !defined(__GNUC__) || !defined(__x86_64__) || !defined(PSTM_64BIT)
123 #error "PSTM_X86_64 option requires PSTM_64BIT, GCC and 64 bit mode x86 processor"
125 //#pragma message ("Using 64 bit x86_64 Assembly Optimizations")
129 #define CLEAR_CARRY \
132 #define COMBA_STORE(x) \
135 #define COMBA_STORE2(x) \
138 #define CARRY_FORWARD \
139 do { c0 = c1; c1 = c2; c2 = 0; } while (0);
143 #define SQRADD(i, j) \
145 "movq %6,%%rax \n\t" \
147 "addq %%rax,%0 \n\t" \
148 "adcq %%rdx,%1 \n\t" \
150 :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i) :"%rax","%rdx","cc");
152 #define SQRADD2(i, j) \
154 "movq %6,%%rax \n\t" \
156 "addq %%rax,%0 \n\t" \
157 "adcq %%rdx,%1 \n\t" \
159 "addq %%rax,%0 \n\t" \
160 "adcq %%rdx,%1 \n\t" \
162 :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) :"%rax","%rdx","cc");
164 #define SQRADDSC(i, j) \
166 "movq %6,%%rax \n\t" \
168 "movq %%rax,%0 \n\t" \
169 "movq %%rdx,%1 \n\t" \
171 :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%rax","%rdx","cc");
173 #define SQRADDAC(i, j) \
175 "movq %6,%%rax \n\t" \
177 "addq %%rax,%0 \n\t" \
178 "adcq %%rdx,%1 \n\t" \
180 :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%rax","%rdx","cc");
190 :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");
192 /******************************************************************************/
193 #elif defined(PSTM_ARM)
195 //#pragma message ("Using 32 bit ARM Assembly Optimizations")
199 #define CLEAR_CARRY \
202 #define COMBA_STORE(x) \
205 #define COMBA_STORE2(x) \
208 #define CARRY_FORWARD \
209 do { c0 = c1; c1 = c2; c2 = 0; } while (0);
213 /* multiplies point i and j, updates carry "c1" and digit c2 */
214 #define SQRADD(i, j) \
216 " UMULL r0,r1,%6,%6 \n\t" \
217 " ADDS %0,%0,r0 \n\t" \
218 " ADCS %1,%1,r1 \n\t" \
219 " ADC %2,%2,#0 \n\t" \
220 :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i) : "r0", "r1", "%cc");
222 /* for squaring some of the terms are doubled... */
223 #define SQRADD2(i, j) \
225 " UMULL r0,r1,%6,%7 \n\t" \
226 " ADDS %0,%0,r0 \n\t" \
227 " ADCS %1,%1,r1 \n\t" \
228 " ADC %2,%2,#0 \n\t" \
229 " ADDS %0,%0,r0 \n\t" \
230 " ADCS %1,%1,r1 \n\t" \
231 " ADC %2,%2,#0 \n\t" \
232 :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j) : "r0", "r1", "%cc");
234 #define SQRADDSC(i, j) \
236 " UMULL %0,%1,%6,%7 \n\t" \
237 " SUB %2,%2,%2 \n\t" \
238 :"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "%cc");
240 #define SQRADDAC(i, j) \
242 " UMULL r0,r1,%6,%7 \n\t" \
243 " ADDS %0,%0,r0 \n\t" \
244 " ADCS %1,%1,r1 \n\t" \
245 " ADC %2,%2,#0 \n\t" \
246 :"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "r0", "r1", "%cc");
250 " ADDS %0,%0,%3 \n\t" \
251 " ADCS %1,%1,%4 \n\t" \
252 " ADC %2,%2,%5 \n\t" \
253 " ADDS %0,%0,%3 \n\t" \
254 " ADCS %1,%1,%4 \n\t" \
255 " ADC %2,%2,%5 \n\t" \
256 :"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "%cc");
258 /******************************************************************************/
259 #elif defined(PSTM_MIPS)
261 //#pragma message ("Using 32 bit MIPS Assembly Optimizations")
265 #define CLEAR_CARRY \
268 #define COMBA_STORE(x) \
271 #define COMBA_STORE2(x) \
274 #define CARRY_FORWARD \
275 do { c0 = c1; c1 = c2; c2 = 0; } while (0);
279 /* multiplies point i and j, updates carry "c1" and digit c2 */
280 #define SQRADD(i, j) \
282 " multu %6,%6 \n\t" \
285 " addu %0,%0,$12 \n\t" \
286 " sltu $12,%0,$12 \n\t" \
287 " addu %1,%1,$13 \n\t" \
288 " sltu $13,%1,$13 \n\t" \
289 " addu %1,%1,$12 \n\t" \
290 " sltu $12,%1,$12 \n\t" \
291 " addu %2,%2,$13 \n\t" \
292 " addu %2,%2,$12 \n\t" \
293 :"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i):"$12","$13");
295 /* for squaring some of the terms are doubled... */
296 #define SQRADD2(i, j) \
298 " multu %6,%7 \n\t" \
302 " addu %0,%0,$12 \n\t" \
303 " sltu $14,%0,$12 \n\t" \
304 " addu %1,%1,$13 \n\t" \
305 " sltu $15,%1,$13 \n\t" \
306 " addu %1,%1,$14 \n\t" \
307 " sltu $14,%1,$14 \n\t" \
308 " addu %2,%2,$15 \n\t" \
309 " addu %2,%2,$14 \n\t" \
311 " addu %0,%0,$12 \n\t" \
312 " sltu $14,%0,$12 \n\t" \
313 " addu %1,%1,$13 \n\t" \
314 " sltu $15,%1,$13 \n\t" \
315 " addu %1,%1,$14 \n\t" \
316 " sltu $14,%1,$14 \n\t" \
317 " addu %2,%2,$15 \n\t" \
318 " addu %2,%2,$14 \n\t" \
319 :"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"$12", "$13", "$14", "$15");
321 #define SQRADDSC(i, j) \
323 " multu %6,%7 \n\t" \
326 " xor %2,%2,%2 \n\t" \
327 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "%cc");
329 #define SQRADDAC(i, j) \
331 " multu %6,%7 \n\t" \
334 " addu %0,%0,$12 \n\t" \
335 " sltu $12,%0,$12 \n\t" \
336 " addu %1,%1,$13 \n\t" \
337 " sltu $13,%1,$13 \n\t" \
338 " addu %1,%1,$12 \n\t" \
339 " sltu $12,%1,$12 \n\t" \
340 " addu %2,%2,$13 \n\t" \
341 " addu %2,%2,$12 \n\t" \
342 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"$12", "$13", "$14");
346 " addu %0,%0,%3 \n\t" \
347 " sltu $10,%0,%3 \n\t" \
348 " addu %1,%1,$10 \n\t" \
349 " sltu $10,%1,$10 \n\t" \
350 " addu %1,%1,%4 \n\t" \
351 " sltu $11,%1,%4 \n\t" \
352 " addu %2,%2,$10 \n\t" \
353 " addu %2,%2,$11 \n\t" \
354 " addu %2,%2,%5 \n\t" \
356 " addu %0,%0,%3 \n\t" \
357 " sltu $10,%0,%3 \n\t" \
358 " addu %1,%1,$10 \n\t" \
359 " sltu $10,%1,$10 \n\t" \
360 " addu %1,%1,%4 \n\t" \
361 " sltu $11,%1,%4 \n\t" \
362 " addu %2,%2,$10 \n\t" \
363 " addu %2,%2,$11 \n\t" \
364 " addu %2,%2,%5 \n\t" \
365 :"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "$10", "$11");
368 /******************************************************************************/
370 /* ISO C portable code */
374 #define CLEAR_CARRY \
377 #define COMBA_STORE(x) \
380 #define COMBA_STORE2(x) \
383 #define CARRY_FORWARD \
384 do { c0 = c1; c1 = c2; c2 = 0; } while (0);
388 /* multiplies point i and j, updates carry "c1" and digit c2 */
389 #define SQRADD(i, j) \
391 t = c0 + ((pstm_word)i) * ((pstm_word)j); c0 = (pstm_digit)t; \
392 t = c1 + (t >> DIGIT_BIT); \
393 c1 = (pstm_digit)t; c2 += (pstm_digit)(t >> DIGIT_BIT); \
397 /* for squaring some of the terms are doubled... */
398 #define SQRADD2(i, j) \
400 t = ((pstm_word)i) * ((pstm_word)j); \
401 tt = (pstm_word)c0 + t; c0 = (pstm_digit)tt; \
402 tt = (pstm_word)c1 + (tt >> DIGIT_BIT); \
403 c1 = (pstm_digit)tt; c2 += (pstm_digit)(tt >> DIGIT_BIT); \
404 tt = (pstm_word)c0 + t; c0 = (pstm_digit)tt; \
405 tt = (pstm_word)c1 + (tt >> DIGIT_BIT); \
406 c1 = (pstm_digit)tt; c2 += (pstm_digit)(tt >> DIGIT_BIT); \
409 #define SQRADDSC(i, j) \
411 t = ((pstm_word)i) * ((pstm_word)j); \
412 sc0 = (pstm_digit)t; sc1 = (pstm_digit)(t >> DIGIT_BIT); sc2 = 0; \
415 #define SQRADDAC(i, j) \
417 t = ((pstm_word)sc0) + ((pstm_word)i) * ((pstm_word)j); \
418 sc0 = (pstm_digit)t; \
419 t = ((pstm_word)sc1) + (t >> DIGIT_BIT); sc1 = (pstm_digit)t; \
420 sc2 += (pstm_digit)(t >> DIGIT_BIT); \
425 t = ((pstm_word)sc0) + ((pstm_word)sc0) + ((pstm_word)c0); \
426 c0 = (pstm_digit)t; \
427 t = ((pstm_word)sc1) + ((pstm_word)sc1) + c1 + (t >> DIGIT_BIT); \
428 c1 = (pstm_digit)t; \
429 c2 = c2 + sc2 + sc2 + (pstm_digit)(t >> DIGIT_BIT); \
434 /******************************************************************************/
436 Non-unrolled comba squarer
439 #define pstm_sqr_comba_gen(pool, A, B, paD, paDlen) \
440 pstm_sqr_comba_gen( A, B, paD, paDlen)
441 static int32 pstm_sqr_comba_gen(psPool_t *pool, pstm_int *A, pstm_int *B,
442 pstm_digit *paD, uint32 paDlen)
446 pstm_digit c0, c1, c2, *dst;
452 /* get size of output and trim */
453 pa = A->used + A->used;
455 /* number of output digits to produce */
459 If b is not large enough grow it and continue
462 if (pstm_grow(B, pa) != PSTM_OKAY) {
467 if (paDlen < (sizeof(pstm_digit) * pa)) {
468 paDfail = 1; /* have a paD, but it's not big enough */
469 dst = xzalloc(sizeof(pstm_digit) * pa);
472 memset(dst, 0x0, paDlen);
475 dst = xzalloc(sizeof(pstm_digit) * pa);
478 for (ix = 0; ix < pa; ix++) {
480 pstm_digit *tmpy, *tmpx;
482 /* get offsets into the two bignums */
483 ty = min(A->used-1, ix);
486 /* setup temp aliases */
491 This is the number of times the loop will iterate,
492 while (tx++ < a->used && ty-- >= 0) { ... }
494 iy = min(A->used-tx, ty+1);
497 now for squaring tx can never equal ty. We halve the distance since
498 they approach at a rate of 2x and we have to round because odd cases
501 iy = min(iy, (ty-tx+1)>>1);
503 /* forward carries */
507 for (iz = 0; iz < iy; iz++) {
508 SQRADD2(*tmpx++, *tmpy--);
511 /* even columns have the square term in them */
513 SQRADD(A->dp[ix>>1], A->dp[ix>>1]);
517 COMBA_STORE(dst[ix]);
529 for (ix = 0; ix < pa; ix++) {
532 /* clear unused digits (that existed in the old copy of c) */
533 for (; ix < iz; ix++) {
539 if ((paD == NULL) || paDfail == 1) {
545 /******************************************************************************/
547 Unrolled Comba loop for 1024 bit keys
549 #ifdef USE_1024_KEY_SPEED_OPTIMIZATIONS
550 static int32 pstm_sqr_comba16(pstm_int *A, pstm_int *B)
552 pstm_digit *a, b[32], c0, c1, c2, sc0, sc1, sc2;
558 if (pstm_grow(B, 32) != PSTM_OKAY) {
581 SQRADD2(a[0], a[2]); SQRADD(a[1], a[1]);
586 SQRADD2(a[0], a[3]); SQRADD2(a[1], a[2]);
591 SQRADD2(a[0], a[4]); SQRADD2(a[1], a[3]); SQRADD(a[2], a[2]);
596 SQRADDSC(a[0], a[5]); SQRADDAC(a[1], a[4]); SQRADDAC(a[2], a[3]); SQRADDDB;
601 SQRADDSC(a[0], a[6]); SQRADDAC(a[1], a[5]); SQRADDAC(a[2], a[4]); SQRADDDB; SQRADD(a[3], a[3]);
606 SQRADDSC(a[0], a[7]); SQRADDAC(a[1], a[6]); SQRADDAC(a[2], a[5]); SQRADDAC(a[3], a[4]); SQRADDDB;
611 SQRADDSC(a[0], a[8]); SQRADDAC(a[1], a[7]); SQRADDAC(a[2], a[6]); SQRADDAC(a[3], a[5]); SQRADDDB; SQRADD(a[4], a[4]);
616 SQRADDSC(a[0], a[9]); SQRADDAC(a[1], a[8]); SQRADDAC(a[2], a[7]); SQRADDAC(a[3], a[6]); SQRADDAC(a[4], a[5]); SQRADDDB;
621 SQRADDSC(a[0], a[10]); SQRADDAC(a[1], a[9]); SQRADDAC(a[2], a[8]); SQRADDAC(a[3], a[7]); SQRADDAC(a[4], a[6]); SQRADDDB; SQRADD(a[5], a[5]);
626 SQRADDSC(a[0], a[11]); SQRADDAC(a[1], a[10]); SQRADDAC(a[2], a[9]); SQRADDAC(a[3], a[8]); SQRADDAC(a[4], a[7]); SQRADDAC(a[5], a[6]); SQRADDDB;
631 SQRADDSC(a[0], a[12]); SQRADDAC(a[1], a[11]); SQRADDAC(a[2], a[10]); SQRADDAC(a[3], a[9]); SQRADDAC(a[4], a[8]); SQRADDAC(a[5], a[7]); SQRADDDB; SQRADD(a[6], a[6]);
636 SQRADDSC(a[0], a[13]); SQRADDAC(a[1], a[12]); SQRADDAC(a[2], a[11]); SQRADDAC(a[3], a[10]); SQRADDAC(a[4], a[9]); SQRADDAC(a[5], a[8]); SQRADDAC(a[6], a[7]); SQRADDDB;
641 SQRADDSC(a[0], a[14]); SQRADDAC(a[1], a[13]); SQRADDAC(a[2], a[12]); SQRADDAC(a[3], a[11]); SQRADDAC(a[4], a[10]); SQRADDAC(a[5], a[9]); SQRADDAC(a[6], a[8]); SQRADDDB; SQRADD(a[7], a[7]);
646 SQRADDSC(a[0], a[15]); SQRADDAC(a[1], a[14]); SQRADDAC(a[2], a[13]); SQRADDAC(a[3], a[12]); SQRADDAC(a[4], a[11]); SQRADDAC(a[5], a[10]); SQRADDAC(a[6], a[9]); SQRADDAC(a[7], a[8]); SQRADDDB;
651 SQRADDSC(a[1], a[15]); SQRADDAC(a[2], a[14]); SQRADDAC(a[3], a[13]); SQRADDAC(a[4], a[12]); SQRADDAC(a[5], a[11]); SQRADDAC(a[6], a[10]); SQRADDAC(a[7], a[9]); SQRADDDB; SQRADD(a[8], a[8]);
656 SQRADDSC(a[2], a[15]); SQRADDAC(a[3], a[14]); SQRADDAC(a[4], a[13]); SQRADDAC(a[5], a[12]); SQRADDAC(a[6], a[11]); SQRADDAC(a[7], a[10]); SQRADDAC(a[8], a[9]); SQRADDDB;
661 SQRADDSC(a[3], a[15]); SQRADDAC(a[4], a[14]); SQRADDAC(a[5], a[13]); SQRADDAC(a[6], a[12]); SQRADDAC(a[7], a[11]); SQRADDAC(a[8], a[10]); SQRADDDB; SQRADD(a[9], a[9]);
666 SQRADDSC(a[4], a[15]); SQRADDAC(a[5], a[14]); SQRADDAC(a[6], a[13]); SQRADDAC(a[7], a[12]); SQRADDAC(a[8], a[11]); SQRADDAC(a[9], a[10]); SQRADDDB;
671 SQRADDSC(a[5], a[15]); SQRADDAC(a[6], a[14]); SQRADDAC(a[7], a[13]); SQRADDAC(a[8], a[12]); SQRADDAC(a[9], a[11]); SQRADDDB; SQRADD(a[10], a[10]);
676 SQRADDSC(a[6], a[15]); SQRADDAC(a[7], a[14]); SQRADDAC(a[8], a[13]); SQRADDAC(a[9], a[12]); SQRADDAC(a[10], a[11]); SQRADDDB;
681 SQRADDSC(a[7], a[15]); SQRADDAC(a[8], a[14]); SQRADDAC(a[9], a[13]); SQRADDAC(a[10], a[12]); SQRADDDB; SQRADD(a[11], a[11]);
686 SQRADDSC(a[8], a[15]); SQRADDAC(a[9], a[14]); SQRADDAC(a[10], a[13]); SQRADDAC(a[11], a[12]); SQRADDDB;
691 SQRADDSC(a[9], a[15]); SQRADDAC(a[10], a[14]); SQRADDAC(a[11], a[13]); SQRADDDB; SQRADD(a[12], a[12]);
696 SQRADDSC(a[10], a[15]); SQRADDAC(a[11], a[14]); SQRADDAC(a[12], a[13]); SQRADDDB;
701 SQRADD2(a[11], a[15]); SQRADD2(a[12], a[14]); SQRADD(a[13], a[13]);
706 SQRADD2(a[12], a[15]); SQRADD2(a[13], a[14]);
711 SQRADD2(a[13], a[15]); SQRADD(a[14], a[14]);
716 SQRADD2(a[14], a[15]);
721 SQRADD(a[15], a[15]);
728 memcpy(B->dp, b, 32 * sizeof(pstm_digit));
732 #endif /* USE_1024_KEY_SPEED_OPTIMIZATIONS */
735 #ifdef USE_2048_KEY_SPEED_OPTIMIZATIONS
736 static int32 pstm_sqr_comba32(pstm_int *A, pstm_int *B)
738 pstm_digit *a, b[64], c0, c1, c2, sc0, sc1, sc2;
744 if (pstm_grow(B, 64) != PSTM_OKAY) {
766 SQRADD2(a[0], a[2]); SQRADD(a[1], a[1]);
771 SQRADD2(a[0], a[3]); SQRADD2(a[1], a[2]);
776 SQRADD2(a[0], a[4]); SQRADD2(a[1], a[3]); SQRADD(a[2], a[2]);
781 SQRADDSC(a[0], a[5]); SQRADDAC(a[1], a[4]); SQRADDAC(a[2], a[3]); SQRADDDB;
786 SQRADDSC(a[0], a[6]); SQRADDAC(a[1], a[5]); SQRADDAC(a[2], a[4]); SQRADDDB; SQRADD(a[3], a[3]);
791 SQRADDSC(a[0], a[7]); SQRADDAC(a[1], a[6]); SQRADDAC(a[2], a[5]); SQRADDAC(a[3], a[4]); SQRADDDB;
796 SQRADDSC(a[0], a[8]); SQRADDAC(a[1], a[7]); SQRADDAC(a[2], a[6]); SQRADDAC(a[3], a[5]); SQRADDDB; SQRADD(a[4], a[4]);
801 SQRADDSC(a[0], a[9]); SQRADDAC(a[1], a[8]); SQRADDAC(a[2], a[7]); SQRADDAC(a[3], a[6]); SQRADDAC(a[4], a[5]); SQRADDDB;
806 SQRADDSC(a[0], a[10]); SQRADDAC(a[1], a[9]); SQRADDAC(a[2], a[8]); SQRADDAC(a[3], a[7]); SQRADDAC(a[4], a[6]); SQRADDDB; SQRADD(a[5], a[5]);
811 SQRADDSC(a[0], a[11]); SQRADDAC(a[1], a[10]); SQRADDAC(a[2], a[9]); SQRADDAC(a[3], a[8]); SQRADDAC(a[4], a[7]); SQRADDAC(a[5], a[6]); SQRADDDB;
816 SQRADDSC(a[0], a[12]); SQRADDAC(a[1], a[11]); SQRADDAC(a[2], a[10]); SQRADDAC(a[3], a[9]); SQRADDAC(a[4], a[8]); SQRADDAC(a[5], a[7]); SQRADDDB; SQRADD(a[6], a[6]);
821 SQRADDSC(a[0], a[13]); SQRADDAC(a[1], a[12]); SQRADDAC(a[2], a[11]); SQRADDAC(a[3], a[10]); SQRADDAC(a[4], a[9]); SQRADDAC(a[5], a[8]); SQRADDAC(a[6], a[7]); SQRADDDB;
826 SQRADDSC(a[0], a[14]); SQRADDAC(a[1], a[13]); SQRADDAC(a[2], a[12]); SQRADDAC(a[3], a[11]); SQRADDAC(a[4], a[10]); SQRADDAC(a[5], a[9]); SQRADDAC(a[6], a[8]); SQRADDDB; SQRADD(a[7], a[7]);
831 SQRADDSC(a[0], a[15]); SQRADDAC(a[1], a[14]); SQRADDAC(a[2], a[13]); SQRADDAC(a[3], a[12]); SQRADDAC(a[4], a[11]); SQRADDAC(a[5], a[10]); SQRADDAC(a[6], a[9]); SQRADDAC(a[7], a[8]); SQRADDDB;
836 SQRADDSC(a[0], a[16]); SQRADDAC(a[1], a[15]); SQRADDAC(a[2], a[14]); SQRADDAC(a[3], a[13]); SQRADDAC(a[4], a[12]); SQRADDAC(a[5], a[11]); SQRADDAC(a[6], a[10]); SQRADDAC(a[7], a[9]); SQRADDDB; SQRADD(a[8], a[8]);
841 SQRADDSC(a[0], a[17]); SQRADDAC(a[1], a[16]); SQRADDAC(a[2], a[15]); SQRADDAC(a[3], a[14]); SQRADDAC(a[4], a[13]); SQRADDAC(a[5], a[12]); SQRADDAC(a[6], a[11]); SQRADDAC(a[7], a[10]); SQRADDAC(a[8], a[9]); SQRADDDB;
846 SQRADDSC(a[0], a[18]); SQRADDAC(a[1], a[17]); SQRADDAC(a[2], a[16]); SQRADDAC(a[3], a[15]); SQRADDAC(a[4], a[14]); SQRADDAC(a[5], a[13]); SQRADDAC(a[6], a[12]); SQRADDAC(a[7], a[11]); SQRADDAC(a[8], a[10]); SQRADDDB; SQRADD(a[9], a[9]);
851 SQRADDSC(a[0], a[19]); SQRADDAC(a[1], a[18]); SQRADDAC(a[2], a[17]); SQRADDAC(a[3], a[16]); SQRADDAC(a[4], a[15]); SQRADDAC(a[5], a[14]); SQRADDAC(a[6], a[13]); SQRADDAC(a[7], a[12]); SQRADDAC(a[8], a[11]); SQRADDAC(a[9], a[10]); SQRADDDB;
856 SQRADDSC(a[0], a[20]); SQRADDAC(a[1], a[19]); SQRADDAC(a[2], a[18]); SQRADDAC(a[3], a[17]); SQRADDAC(a[4], a[16]); SQRADDAC(a[5], a[15]); SQRADDAC(a[6], a[14]); SQRADDAC(a[7], a[13]); SQRADDAC(a[8], a[12]); SQRADDAC(a[9], a[11]); SQRADDDB; SQRADD(a[10], a[10]);
861 SQRADDSC(a[0], a[21]); SQRADDAC(a[1], a[20]); SQRADDAC(a[2], a[19]); SQRADDAC(a[3], a[18]); SQRADDAC(a[4], a[17]); SQRADDAC(a[5], a[16]); SQRADDAC(a[6], a[15]); SQRADDAC(a[7], a[14]); SQRADDAC(a[8], a[13]); SQRADDAC(a[9], a[12]); SQRADDAC(a[10], a[11]); SQRADDDB;
866 SQRADDSC(a[0], a[22]); SQRADDAC(a[1], a[21]); SQRADDAC(a[2], a[20]); SQRADDAC(a[3], a[19]); SQRADDAC(a[4], a[18]); SQRADDAC(a[5], a[17]); SQRADDAC(a[6], a[16]); SQRADDAC(a[7], a[15]); SQRADDAC(a[8], a[14]); SQRADDAC(a[9], a[13]); SQRADDAC(a[10], a[12]); SQRADDDB; SQRADD(a[11], a[11]);
871 SQRADDSC(a[0], a[23]); SQRADDAC(a[1], a[22]); SQRADDAC(a[2], a[21]); SQRADDAC(a[3], a[20]); SQRADDAC(a[4], a[19]); SQRADDAC(a[5], a[18]); SQRADDAC(a[6], a[17]); SQRADDAC(a[7], a[16]); SQRADDAC(a[8], a[15]); SQRADDAC(a[9], a[14]); SQRADDAC(a[10], a[13]); SQRADDAC(a[11], a[12]); SQRADDDB;
876 SQRADDSC(a[0], a[24]); SQRADDAC(a[1], a[23]); SQRADDAC(a[2], a[22]); SQRADDAC(a[3], a[21]); SQRADDAC(a[4], a[20]); SQRADDAC(a[5], a[19]); SQRADDAC(a[6], a[18]); SQRADDAC(a[7], a[17]); SQRADDAC(a[8], a[16]); SQRADDAC(a[9], a[15]); SQRADDAC(a[10], a[14]); SQRADDAC(a[11], a[13]); SQRADDDB; SQRADD(a[12], a[12]);
881 SQRADDSC(a[0], a[25]); SQRADDAC(a[1], a[24]); SQRADDAC(a[2], a[23]); SQRADDAC(a[3], a[22]); SQRADDAC(a[4], a[21]); SQRADDAC(a[5], a[20]); SQRADDAC(a[6], a[19]); SQRADDAC(a[7], a[18]); SQRADDAC(a[8], a[17]); SQRADDAC(a[9], a[16]); SQRADDAC(a[10], a[15]); SQRADDAC(a[11], a[14]); SQRADDAC(a[12], a[13]); SQRADDDB;
886 SQRADDSC(a[0], a[26]); SQRADDAC(a[1], a[25]); SQRADDAC(a[2], a[24]); SQRADDAC(a[3], a[23]); SQRADDAC(a[4], a[22]); SQRADDAC(a[5], a[21]); SQRADDAC(a[6], a[20]); SQRADDAC(a[7], a[19]); SQRADDAC(a[8], a[18]); SQRADDAC(a[9], a[17]); SQRADDAC(a[10], a[16]); SQRADDAC(a[11], a[15]); SQRADDAC(a[12], a[14]); SQRADDDB; SQRADD(a[13], a[13]);
891 SQRADDSC(a[0], a[27]); SQRADDAC(a[1], a[26]); SQRADDAC(a[2], a[25]); SQRADDAC(a[3], a[24]); SQRADDAC(a[4], a[23]); SQRADDAC(a[5], a[22]); SQRADDAC(a[6], a[21]); SQRADDAC(a[7], a[20]); SQRADDAC(a[8], a[19]); SQRADDAC(a[9], a[18]); SQRADDAC(a[10], a[17]); SQRADDAC(a[11], a[16]); SQRADDAC(a[12], a[15]); SQRADDAC(a[13], a[14]); SQRADDDB;
896 SQRADDSC(a[0], a[28]); SQRADDAC(a[1], a[27]); SQRADDAC(a[2], a[26]); SQRADDAC(a[3], a[25]); SQRADDAC(a[4], a[24]); SQRADDAC(a[5], a[23]); SQRADDAC(a[6], a[22]); SQRADDAC(a[7], a[21]); SQRADDAC(a[8], a[20]); SQRADDAC(a[9], a[19]); SQRADDAC(a[10], a[18]); SQRADDAC(a[11], a[17]); SQRADDAC(a[12], a[16]); SQRADDAC(a[13], a[15]); SQRADDDB; SQRADD(a[14], a[14]);
901 SQRADDSC(a[0], a[29]); SQRADDAC(a[1], a[28]); SQRADDAC(a[2], a[27]); SQRADDAC(a[3], a[26]); SQRADDAC(a[4], a[25]); SQRADDAC(a[5], a[24]); SQRADDAC(a[6], a[23]); SQRADDAC(a[7], a[22]); SQRADDAC(a[8], a[21]); SQRADDAC(a[9], a[20]); SQRADDAC(a[10], a[19]); SQRADDAC(a[11], a[18]); SQRADDAC(a[12], a[17]); SQRADDAC(a[13], a[16]); SQRADDAC(a[14], a[15]); SQRADDDB;
906 SQRADDSC(a[0], a[30]); SQRADDAC(a[1], a[29]); SQRADDAC(a[2], a[28]); SQRADDAC(a[3], a[27]); SQRADDAC(a[4], a[26]); SQRADDAC(a[5], a[25]); SQRADDAC(a[6], a[24]); SQRADDAC(a[7], a[23]); SQRADDAC(a[8], a[22]); SQRADDAC(a[9], a[21]); SQRADDAC(a[10], a[20]); SQRADDAC(a[11], a[19]); SQRADDAC(a[12], a[18]); SQRADDAC(a[13], a[17]); SQRADDAC(a[14], a[16]); SQRADDDB; SQRADD(a[15], a[15]);
911 SQRADDSC(a[0], a[31]); SQRADDAC(a[1], a[30]); SQRADDAC(a[2], a[29]); SQRADDAC(a[3], a[28]); SQRADDAC(a[4], a[27]); SQRADDAC(a[5], a[26]); SQRADDAC(a[6], a[25]); SQRADDAC(a[7], a[24]); SQRADDAC(a[8], a[23]); SQRADDAC(a[9], a[22]); SQRADDAC(a[10], a[21]); SQRADDAC(a[11], a[20]); SQRADDAC(a[12], a[19]); SQRADDAC(a[13], a[18]); SQRADDAC(a[14], a[17]); SQRADDAC(a[15], a[16]); SQRADDDB;
916 SQRADDSC(a[1], a[31]); SQRADDAC(a[2], a[30]); SQRADDAC(a[3], a[29]); SQRADDAC(a[4], a[28]); SQRADDAC(a[5], a[27]); SQRADDAC(a[6], a[26]); SQRADDAC(a[7], a[25]); SQRADDAC(a[8], a[24]); SQRADDAC(a[9], a[23]); SQRADDAC(a[10], a[22]); SQRADDAC(a[11], a[21]); SQRADDAC(a[12], a[20]); SQRADDAC(a[13], a[19]); SQRADDAC(a[14], a[18]); SQRADDAC(a[15], a[17]); SQRADDDB; SQRADD(a[16], a[16]);
921 SQRADDSC(a[2], a[31]); SQRADDAC(a[3], a[30]); SQRADDAC(a[4], a[29]); SQRADDAC(a[5], a[28]); SQRADDAC(a[6], a[27]); SQRADDAC(a[7], a[26]); SQRADDAC(a[8], a[25]); SQRADDAC(a[9], a[24]); SQRADDAC(a[10], a[23]); SQRADDAC(a[11], a[22]); SQRADDAC(a[12], a[21]); SQRADDAC(a[13], a[20]); SQRADDAC(a[14], a[19]); SQRADDAC(a[15], a[18]); SQRADDAC(a[16], a[17]); SQRADDDB;
926 SQRADDSC(a[3], a[31]); SQRADDAC(a[4], a[30]); SQRADDAC(a[5], a[29]); SQRADDAC(a[6], a[28]); SQRADDAC(a[7], a[27]); SQRADDAC(a[8], a[26]); SQRADDAC(a[9], a[25]); SQRADDAC(a[10], a[24]); SQRADDAC(a[11], a[23]); SQRADDAC(a[12], a[22]); SQRADDAC(a[13], a[21]); SQRADDAC(a[14], a[20]); SQRADDAC(a[15], a[19]); SQRADDAC(a[16], a[18]); SQRADDDB; SQRADD(a[17], a[17]);
931 SQRADDSC(a[4], a[31]); SQRADDAC(a[5], a[30]); SQRADDAC(a[6], a[29]); SQRADDAC(a[7], a[28]); SQRADDAC(a[8], a[27]); SQRADDAC(a[9], a[26]); SQRADDAC(a[10], a[25]); SQRADDAC(a[11], a[24]); SQRADDAC(a[12], a[23]); SQRADDAC(a[13], a[22]); SQRADDAC(a[14], a[21]); SQRADDAC(a[15], a[20]); SQRADDAC(a[16], a[19]); SQRADDAC(a[17], a[18]); SQRADDDB;
936 SQRADDSC(a[5], a[31]); SQRADDAC(a[6], a[30]); SQRADDAC(a[7], a[29]); SQRADDAC(a[8], a[28]); SQRADDAC(a[9], a[27]); SQRADDAC(a[10], a[26]); SQRADDAC(a[11], a[25]); SQRADDAC(a[12], a[24]); SQRADDAC(a[13], a[23]); SQRADDAC(a[14], a[22]); SQRADDAC(a[15], a[21]); SQRADDAC(a[16], a[20]); SQRADDAC(a[17], a[19]); SQRADDDB; SQRADD(a[18], a[18]);
941 SQRADDSC(a[6], a[31]); SQRADDAC(a[7], a[30]); SQRADDAC(a[8], a[29]); SQRADDAC(a[9], a[28]); SQRADDAC(a[10], a[27]); SQRADDAC(a[11], a[26]); SQRADDAC(a[12], a[25]); SQRADDAC(a[13], a[24]); SQRADDAC(a[14], a[23]); SQRADDAC(a[15], a[22]); SQRADDAC(a[16], a[21]); SQRADDAC(a[17], a[20]); SQRADDAC(a[18], a[19]); SQRADDDB;
946 SQRADDSC(a[7], a[31]); SQRADDAC(a[8], a[30]); SQRADDAC(a[9], a[29]); SQRADDAC(a[10], a[28]); SQRADDAC(a[11], a[27]); SQRADDAC(a[12], a[26]); SQRADDAC(a[13], a[25]); SQRADDAC(a[14], a[24]); SQRADDAC(a[15], a[23]); SQRADDAC(a[16], a[22]); SQRADDAC(a[17], a[21]); SQRADDAC(a[18], a[20]); SQRADDDB; SQRADD(a[19], a[19]);
951 SQRADDSC(a[8], a[31]); SQRADDAC(a[9], a[30]); SQRADDAC(a[10], a[29]); SQRADDAC(a[11], a[28]); SQRADDAC(a[12], a[27]); SQRADDAC(a[13], a[26]); SQRADDAC(a[14], a[25]); SQRADDAC(a[15], a[24]); SQRADDAC(a[16], a[23]); SQRADDAC(a[17], a[22]); SQRADDAC(a[18], a[21]); SQRADDAC(a[19], a[20]); SQRADDDB;
956 SQRADDSC(a[9], a[31]); SQRADDAC(a[10], a[30]); SQRADDAC(a[11], a[29]); SQRADDAC(a[12], a[28]); SQRADDAC(a[13], a[27]); SQRADDAC(a[14], a[26]); SQRADDAC(a[15], a[25]); SQRADDAC(a[16], a[24]); SQRADDAC(a[17], a[23]); SQRADDAC(a[18], a[22]); SQRADDAC(a[19], a[21]); SQRADDDB; SQRADD(a[20], a[20]);
961 SQRADDSC(a[10], a[31]); SQRADDAC(a[11], a[30]); SQRADDAC(a[12], a[29]); SQRADDAC(a[13], a[28]); SQRADDAC(a[14], a[27]); SQRADDAC(a[15], a[26]); SQRADDAC(a[16], a[25]); SQRADDAC(a[17], a[24]); SQRADDAC(a[18], a[23]); SQRADDAC(a[19], a[22]); SQRADDAC(a[20], a[21]); SQRADDDB;
966 SQRADDSC(a[11], a[31]); SQRADDAC(a[12], a[30]); SQRADDAC(a[13], a[29]); SQRADDAC(a[14], a[28]); SQRADDAC(a[15], a[27]); SQRADDAC(a[16], a[26]); SQRADDAC(a[17], a[25]); SQRADDAC(a[18], a[24]); SQRADDAC(a[19], a[23]); SQRADDAC(a[20], a[22]); SQRADDDB; SQRADD(a[21], a[21]);
971 SQRADDSC(a[12], a[31]); SQRADDAC(a[13], a[30]); SQRADDAC(a[14], a[29]); SQRADDAC(a[15], a[28]); SQRADDAC(a[16], a[27]); SQRADDAC(a[17], a[26]); SQRADDAC(a[18], a[25]); SQRADDAC(a[19], a[24]); SQRADDAC(a[20], a[23]); SQRADDAC(a[21], a[22]); SQRADDDB;
976 SQRADDSC(a[13], a[31]); SQRADDAC(a[14], a[30]); SQRADDAC(a[15], a[29]); SQRADDAC(a[16], a[28]); SQRADDAC(a[17], a[27]); SQRADDAC(a[18], a[26]); SQRADDAC(a[19], a[25]); SQRADDAC(a[20], a[24]); SQRADDAC(a[21], a[23]); SQRADDDB; SQRADD(a[22], a[22]);
981 SQRADDSC(a[14], a[31]); SQRADDAC(a[15], a[30]); SQRADDAC(a[16], a[29]); SQRADDAC(a[17], a[28]); SQRADDAC(a[18], a[27]); SQRADDAC(a[19], a[26]); SQRADDAC(a[20], a[25]); SQRADDAC(a[21], a[24]); SQRADDAC(a[22], a[23]); SQRADDDB;
986 SQRADDSC(a[15], a[31]); SQRADDAC(a[16], a[30]); SQRADDAC(a[17], a[29]); SQRADDAC(a[18], a[28]); SQRADDAC(a[19], a[27]); SQRADDAC(a[20], a[26]); SQRADDAC(a[21], a[25]); SQRADDAC(a[22], a[24]); SQRADDDB; SQRADD(a[23], a[23]);
991 SQRADDSC(a[16], a[31]); SQRADDAC(a[17], a[30]); SQRADDAC(a[18], a[29]); SQRADDAC(a[19], a[28]); SQRADDAC(a[20], a[27]); SQRADDAC(a[21], a[26]); SQRADDAC(a[22], a[25]); SQRADDAC(a[23], a[24]); SQRADDDB;
996 SQRADDSC(a[17], a[31]); SQRADDAC(a[18], a[30]); SQRADDAC(a[19], a[29]); SQRADDAC(a[20], a[28]); SQRADDAC(a[21], a[27]); SQRADDAC(a[22], a[26]); SQRADDAC(a[23], a[25]); SQRADDDB; SQRADD(a[24], a[24]);
1001 SQRADDSC(a[18], a[31]); SQRADDAC(a[19], a[30]); SQRADDAC(a[20], a[29]); SQRADDAC(a[21], a[28]); SQRADDAC(a[22], a[27]); SQRADDAC(a[23], a[26]); SQRADDAC(a[24], a[25]); SQRADDDB;
1006 SQRADDSC(a[19], a[31]); SQRADDAC(a[20], a[30]); SQRADDAC(a[21], a[29]); SQRADDAC(a[22], a[28]); SQRADDAC(a[23], a[27]); SQRADDAC(a[24], a[26]); SQRADDDB; SQRADD(a[25], a[25]);
1011 SQRADDSC(a[20], a[31]); SQRADDAC(a[21], a[30]); SQRADDAC(a[22], a[29]); SQRADDAC(a[23], a[28]); SQRADDAC(a[24], a[27]); SQRADDAC(a[25], a[26]); SQRADDDB;
1016 SQRADDSC(a[21], a[31]); SQRADDAC(a[22], a[30]); SQRADDAC(a[23], a[29]); SQRADDAC(a[24], a[28]); SQRADDAC(a[25], a[27]); SQRADDDB; SQRADD(a[26], a[26]);
1021 SQRADDSC(a[22], a[31]); SQRADDAC(a[23], a[30]); SQRADDAC(a[24], a[29]); SQRADDAC(a[25], a[28]); SQRADDAC(a[26], a[27]); SQRADDDB;
1026 SQRADDSC(a[23], a[31]); SQRADDAC(a[24], a[30]); SQRADDAC(a[25], a[29]); SQRADDAC(a[26], a[28]); SQRADDDB; SQRADD(a[27], a[27]);
1031 SQRADDSC(a[24], a[31]); SQRADDAC(a[25], a[30]); SQRADDAC(a[26], a[29]); SQRADDAC(a[27], a[28]); SQRADDDB;
1036 SQRADDSC(a[25], a[31]); SQRADDAC(a[26], a[30]); SQRADDAC(a[27], a[29]); SQRADDDB; SQRADD(a[28], a[28]);
1041 SQRADDSC(a[26], a[31]); SQRADDAC(a[27], a[30]); SQRADDAC(a[28], a[29]); SQRADDDB;
1046 SQRADD2(a[27], a[31]); SQRADD2(a[28], a[30]); SQRADD(a[29], a[29]);
1051 SQRADD2(a[28], a[31]); SQRADD2(a[29], a[30]);
1056 SQRADD2(a[29], a[31]); SQRADD(a[30], a[30]);
1061 SQRADD2(a[30], a[31]);
1066 SQRADD(a[31], a[31]);
1068 COMBA_STORE2(b[63]);
1072 B->sign = PSTM_ZPOS;
1073 memcpy(B->dp, b, 64 * sizeof(pstm_digit));
1077 #endif /* USE_2048_KEY_SPEED_OPTIMIZATIONS */
1079 /******************************************************************************/
1082 int32 pstm_sqr_comba(psPool_t *pool, pstm_int *A, pstm_int *B, pstm_digit *paD,
1085 #ifdef USE_1024_KEY_SPEED_OPTIMIZATIONS
1086 if (A->used == 16) {
1087 return pstm_sqr_comba16(A, B);
1089 #ifdef USE_2048_KEY_SPEED_OPTIMIZATIONS
1090 if (A->used == 32) {
1091 return pstm_sqr_comba32(A, B);
1093 #endif /* USE_2048_KEY_SPEED_OPTIMIZATIONS */
1094 return pstm_sqr_comba_gen(pool, A, B, paD, paDlen);
1097 #ifdef USE_2048_KEY_SPEED_OPTIMIZATIONS
1098 if (A->used == 32) {
1099 return pstm_sqr_comba32(A, B);
1101 #endif /* USE_2048_KEY_SPEED_OPTIMIZATIONS */
1102 return pstm_sqr_comba_gen(pool, A, B, paD, paDlen);
1106 #endif /* DISABLE_PSTM */
1107 /******************************************************************************/
projects / oweals / busybox.git / blob