x86_64-gcc.c revision 276864
12061Sjkh#include "../bn_lcl.h" 250479Speter#if !(defined(__GNUC__) && __GNUC__>=2) 32061Sjkh# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ 438666Sjb#else 532427Sjb/* 6111131Sru * x86_64 BIGNUM accelerator version 0.1, December 2002. 7111131Sru * 838666Sjb * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL 938666Sjb * project. 1038666Sjb * 1138666Sjb * Rights for redistribution and usage in source and binary forms are 1264049Salex * granted according to the OpenSSL license. Warranty of any kind is 1364049Salex * disclaimed. 14116679Ssimokawa * 1566071Smarkm * Q. Version 0.1? It doesn't sound like Andy, he used to assign real 16116679Ssimokawa * versions, like 1.0... 1773504Sobrien * A. Well, that's because this code is basically a quick-n-dirty 1838666Sjb * proof-of-concept hack. As you can see it's implemented with 1932427Sjb * inline assembler, which means that you're bound to GCC and that 2038666Sjb * there might be enough room for further improvement. 21108451Sschweikh * 2238666Sjb * Q. Why inline assembler? 2338666Sjb * A. x86_64 features own ABI which I'm not familiar with. This is 2438666Sjb * why I decided to let the compiler take care of subroutine 2538666Sjb * prologue/epilogue as well as register allocation. For reference. 2617308Speter * Win64 implements different ABI for AMD64, different from Linux. 2791606Skeramida * 2819175Sbde * Q. How much faster does it get? 2996205Sjwd * A. 'apps/openssl speed rsa dsa' output with no-asm: 3096205Sjwd * 3138042Sbde * sign verify sign/s verify/s 3296205Sjwd * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2 3396205Sjwd * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0 3438042Sbde * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8 3596205Sjwd * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6 3696205Sjwd * sign verify sign/s verify/s 3717308Speter * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3 3896205Sjwd * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2 3996205Sjwd * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0 4017308Speter * 4196205Sjwd * 'apps/openssl speed rsa dsa' output with this module: 4296205Sjwd * 4396205Sjwd * sign verify sign/s verify/s 4496205Sjwd * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9 4596205Sjwd * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7 4696205Sjwd * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0 4796205Sjwd * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8 4896205Sjwd * sign verify sign/s verify/s 4996205Sjwd * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3 5096205Sjwd * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4 5196205Sjwd * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6 5296205Sjwd * 5398775Sdillon * For the reference. IA-32 assembler implementation performs 5498723Sdillon * very much like 64-bit code compiled with no-asm on the same 5598723Sdillon * machine. 5698723Sdillon */ 5798723Sdillon 5838666Sjb#ifdef _WIN64 5938666Sjb#define BN_ULONG unsigned long long 6017308Speter#else 61123311Speter#define BN_ULONG unsigned long 62123311Speter#endif 63123311Speter 64123311Speter#undef mul 6595509Sru#undef mul_add 6695793Sru#undef sqr 67116679Ssimokawa 68120760Sru/* 69116679Ssimokawa * "m"(a), "+m"(r) is the way to favor DirectPath �-code; 70123311Speter * "g"(0) let the compiler to decide where does it 71123311Speter * want to keep the value of zero; 72123311Speter */ 732061Sjkh#define mul_add(r,a,word,carry) do { \ 7497769Sru register BN_ULONG high,low; \ 7597252Sru asm ("mulq %3" \ 76119579Sru : "=a"(low),"=d"(high) \ 7797252Sru : "a"(word),"m"(a) \ 7895730Sru : "cc"); \ 7995793Sru asm ("addq %2,%0; adcq %3,%1" \ 80111617Sru : "+r"(carry),"+d"(high)\ 8195730Sru : "a"(low),"g"(0) \ 82116679Ssimokawa : "cc"); \ 8395730Sru asm ("addq %2,%0; adcq %3,%1" \ 84116679Ssimokawa : "+m"(r),"+d"(high) \ 8595730Sru : "r"(carry),"g"(0) \ 86110035Sru : "cc"); \ 87107516Sru carry=high; \ 88110035Sru } while (0) 89117234Sru 90110035Sru#define mul(r,a,word,carry) do { \ 91117229Sru register BN_ULONG high,low; \ 92117234Sru asm ("mulq %3" \ 9354324Smarcel : "=a"(low),"=d"(high) \ 9417308Speter : "a"(word),"g"(a) \ 95119519Smarcel : "cc"); \ 96119519Smarcel asm ("addq %2,%0; adcq %3,%1" \ 97119519Smarcel : "+r"(carry),"+d"(high)\ 98119519Smarcel : "a"(low),"g"(0) \ 99119519Smarcel : "cc"); \ 100119519Smarcel (r)=carry, carry=high; \ 101119579Sru } while (0) 102119519Smarcel 103119519Smarcel#define sqr(r0,r1,a) \ 104119519Smarcel asm ("mulq %2" \ 105119519Smarcel : "=a"(r0),"=d"(r1) \ 106119519Smarcel : "a"(a) \ 107126031Sgad : "cc"); 108126024Sgad 109126024SgadBN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) 110126024Sgad { 111126024Sgad BN_ULONG c1=0; 112126024Sgad 113126024Sgad if (num <= 0) return(c1); 114126024Sgad 115126024Sgad while (num&~3) 116126024Sgad { 117126024Sgad mul_add(rp[0],ap[0],w,c1); 118126024Sgad mul_add(rp[1],ap[1],w,c1); 119126024Sgad mul_add(rp[2],ap[2],w,c1); 120126024Sgad mul_add(rp[3],ap[3],w,c1); 121126031Sgad ap+=4; rp+=4; num-=4; 122126024Sgad } 123126024Sgad if (num) 124126024Sgad { 125126024Sgad mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; 126126024Sgad mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; 127126024Sgad mul_add(rp[2],ap[2],w,c1); return c1; 128126024Sgad } 129126024Sgad 130126024Sgad return(c1); 131126024Sgad } 132126024Sgad 133126024SgadBN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) 134126024Sgad { 135125885Sgad BN_ULONG c1=0; 136125885Sgad 13738666Sjb if (num <= 0) return(c1); 13817308Speter 139119519Smarcel while (num&~3) 140119579Sru { 14138666Sjb mul(rp[0],ap[0],w,c1); 142110035Sru mul(rp[1],ap[1],w,c1); 1432302Spaul mul(rp[2],ap[2],w,c1); 14439206Sjkh mul(rp[3],ap[3],w,c1); 14539206Sjkh ap+=4; rp+=4; num-=4; 14639206Sjkh } 14773349Sru if (num) 14817308Speter { 14954324Smarcel mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; 15054324Smarcel mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; 15154324Smarcel mul(rp[2],ap[2],w,c1); 15254324Smarcel } 15354324Smarcel return(c1); 15454324Smarcel } 15554324Smarcel 156118531Sruvoid bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) 15754324Smarcel { 15854324Smarcel if (n <= 0) return; 15954324Smarcel 16054324Smarcel while (n&~3) 16154324Smarcel { 16254324Smarcel sqr(r[0],r[1],a[0]); 163110035Sru sqr(r[2],r[3],a[1]); 16454324Smarcel sqr(r[4],r[5],a[2]); 165110035Sru sqr(r[6],r[7],a[3]); 166110035Sru a+=4; r+=8; n-=4; 16754324Smarcel } 16854324Smarcel if (n) 16954324Smarcel { 17054324Smarcel sqr(r[0],r[1],a[0]); if (--n == 0) return; 17154324Smarcel sqr(r[2],r[3],a[1]); if (--n == 0) return; 172110035Sru sqr(r[4],r[5],a[2]); 17354324Smarcel } 17454324Smarcel } 17554324Smarcel 176118531SruBN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) 177118531Sru{ BN_ULONG ret,waste; 17854324Smarcel 17954324Smarcel asm ("divq %4" 18054324Smarcel : "=a"(ret),"=d"(waste) 18195730Sru : "a"(l),"d"(h),"g"(d) 18295730Sru : "cc"); 18395730Sru 18495730Sru return ret; 18595730Sru} 18695730Sru 18795730SruBN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) 18838666Sjb{ BN_ULONG ret=0,i=0; 189107374Sru 19017308Speter if (n <= 0) return 0; 19155678Smarcel 192110035Sru asm volatile ( 193117793Sru " subq %2,%2 \n" 194110035Sru ".p2align 4 \n" 195110035Sru "1: movq (%4,%2,8),%0 \n" 196110035Sru " adcq (%5,%2,8),%0 \n" 1972061Sjkh " movq %0,(%3,%2,8) \n" 19817308Speter " leaq 1(%2),%2 \n" 199107516Sru " loop 1b \n" 200107374Sru " sbbq %0,%0 \n" 20155678Smarcel : "=&a"(ret),"+c"(n),"=&r"(i) 202107516Sru : "r"(rp),"r"(ap),"r"(bp) 203107516Sru : "cc", "memory" 204107516Sru ); 205107516Sru 206107516Sru return ret&1; 207107516Sru} 208107516Sru 209107516Sru#ifndef SIMICS 210122204SkrisBN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) 21155678Smarcel{ BN_ULONG ret=0,i=0; 21255678Smarcel 213116696Sru if (n <= 0) return 0; 21455678Smarcel 21555678Smarcel asm volatile ( 216107516Sru " subq %2,%2 \n" 217107516Sru ".p2align 4 \n" 218107516Sru "1: movq (%4,%2,8),%0 \n" 219107516Sru " sbbq (%5,%2,8),%0 \n" 22055678Smarcel " movq %0,(%3,%2,8) \n" 22155678Smarcel " leaq 1(%2),%2 \n" 222111131Sru " loop 1b \n" 223111131Sru " sbbq %0,%0 \n" 224111131Sru : "=&a"(ret),"+c"(n),"=&r"(i) 225111131Sru : "r"(rp),"r"(ap),"r"(bp) 226111131Sru : "cc", "memory" 227111131Sru ); 228111131Sru 229103985Sphk return ret&1; 230103985Sphk} 231103985Sphk#else 232103985Sphk/* Simics 1.4<7 has buggy sbbq:-( */ 233111089Sphk#define BN_MASK2 0xffffffffffffffffL 234111131SruBN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) 235111131Sru { 236111131Sru BN_ULONG t1,t2; 237111131Sru int c=0; 238111131Sru 239111131Sru if (n <= 0) return((BN_ULONG)0); 240111131Sru 241111131Sru for (;;) 242111131Sru { 243111133Sru t1=a[0]; t2=b[0]; 244103985Sphk r[0]=(t1-t2-c)&BN_MASK2; 245111131Sru if (t1 != t2) c=(t1 < t2); 246111131Sru if (--n <= 0) break; 247103985Sphk 248111131Sru t1=a[1]; t2=b[1]; 249103985Sphk r[1]=(t1-t2-c)&BN_MASK2; 250118531Sru if (t1 != t2) c=(t1 < t2); 251118531Sru if (--n <= 0) break; 252103985Sphk 253103985Sphk t1=a[2]; t2=b[2]; 254111131Sru r[2]=(t1-t2-c)&BN_MASK2; 255111131Sru if (t1 != t2) c=(t1 < t2); 256103985Sphk if (--n <= 0) break; 257103985Sphk 258111131Sru t1=a[3]; t2=b[3]; 259111131Sru r[3]=(t1-t2-c)&BN_MASK2; 260111131Sru if (t1 != t2) c=(t1 < t2); 261111131Sru if (--n <= 0) break; 262111131Sru 263103985Sphk a+=4; 264 b+=4; 265 r+=4; 266 } 267 return(c); 268 } 269#endif 270 271/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ 272/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ 273/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ 274/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ 275 276/* 277 * Keep in mind that carrying into high part of multiplication result 278 * can not overflow, because it cannot be all-ones. 279 */ 280#if 0 281/* original macros are kept for reference purposes */ 282#define mul_add_c(a,b,c0,c1,c2) { \ 283 BN_ULONG ta=(a),tb=(b); \ 284 t1 = ta * tb; \ 285 t2 = BN_UMULT_HIGH(ta,tb); \ 286 c0 += t1; t2 += (c0<t1)?1:0; \ 287 c1 += t2; c2 += (c1<t2)?1:0; \ 288 } 289 290#define mul_add_c2(a,b,c0,c1,c2) { \ 291 BN_ULONG ta=(a),tb=(b),t0; \ 292 t1 = BN_UMULT_HIGH(ta,tb); \ 293 t0 = ta * tb; \ 294 c0 += t0; t2 = t1+((c0<t0)?1:0);\ 295 c1 += t2; c2 += (c1<t2)?1:0; \ 296 c0 += t0; t1 += (c0<t0)?1:0; \ 297 c1 += t1; c2 += (c1<t1)?1:0; \ 298 } 299#else 300#define mul_add_c(a,b,c0,c1,c2) do { \ 301 asm ("mulq %3" \ 302 : "=a"(t1),"=d"(t2) \ 303 : "a"(a),"m"(b) \ 304 : "cc"); \ 305 asm ("addq %2,%0; adcq %3,%1" \ 306 : "+r"(c0),"+d"(t2) \ 307 : "a"(t1),"g"(0) \ 308 : "cc"); \ 309 asm ("addq %2,%0; adcq %3,%1" \ 310 : "+r"(c1),"+r"(c2) \ 311 : "d"(t2),"g"(0) \ 312 : "cc"); \ 313 } while (0) 314 315#define sqr_add_c(a,i,c0,c1,c2) do { \ 316 asm ("mulq %2" \ 317 : "=a"(t1),"=d"(t2) \ 318 : "a"(a[i]) \ 319 : "cc"); \ 320 asm ("addq %2,%0; adcq %3,%1" \ 321 : "+r"(c0),"+d"(t2) \ 322 : "a"(t1),"g"(0) \ 323 : "cc"); \ 324 asm ("addq %2,%0; adcq %3,%1" \ 325 : "+r"(c1),"+r"(c2) \ 326 : "d"(t2),"g"(0) \ 327 : "cc"); \ 328 } while (0) 329 330#define mul_add_c2(a,b,c0,c1,c2) do { \ 331 asm ("mulq %3" \ 332 : "=a"(t1),"=d"(t2) \ 333 : "a"(a),"m"(b) \ 334 : "cc"); \ 335 asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \ 336 : "+r"(c0),"+r"(c1),"+r"(c2) \ 337 : "r"(t1),"r"(t2),"g"(0) \ 338 : "cc"); \ 339 asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \ 340 : "+r"(c0),"+r"(c1),"+r"(c2) \ 341 : "r"(t1),"r"(t2),"g"(0) \ 342 : "cc"); \ 343 } while (0) 344#endif 345 346#define sqr_add_c2(a,i,j,c0,c1,c2) \ 347 mul_add_c2((a)[i],(a)[j],c0,c1,c2) 348 349void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 350 { 351 BN_ULONG t1,t2; 352 BN_ULONG c1,c2,c3; 353 354 c1=0; 355 c2=0; 356 c3=0; 357 mul_add_c(a[0],b[0],c1,c2,c3); 358 r[0]=c1; 359 c1=0; 360 mul_add_c(a[0],b[1],c2,c3,c1); 361 mul_add_c(a[1],b[0],c2,c3,c1); 362 r[1]=c2; 363 c2=0; 364 mul_add_c(a[2],b[0],c3,c1,c2); 365 mul_add_c(a[1],b[1],c3,c1,c2); 366 mul_add_c(a[0],b[2],c3,c1,c2); 367 r[2]=c3; 368 c3=0; 369 mul_add_c(a[0],b[3],c1,c2,c3); 370 mul_add_c(a[1],b[2],c1,c2,c3); 371 mul_add_c(a[2],b[1],c1,c2,c3); 372 mul_add_c(a[3],b[0],c1,c2,c3); 373 r[3]=c1; 374 c1=0; 375 mul_add_c(a[4],b[0],c2,c3,c1); 376 mul_add_c(a[3],b[1],c2,c3,c1); 377 mul_add_c(a[2],b[2],c2,c3,c1); 378 mul_add_c(a[1],b[3],c2,c3,c1); 379 mul_add_c(a[0],b[4],c2,c3,c1); 380 r[4]=c2; 381 c2=0; 382 mul_add_c(a[0],b[5],c3,c1,c2); 383 mul_add_c(a[1],b[4],c3,c1,c2); 384 mul_add_c(a[2],b[3],c3,c1,c2); 385 mul_add_c(a[3],b[2],c3,c1,c2); 386 mul_add_c(a[4],b[1],c3,c1,c2); 387 mul_add_c(a[5],b[0],c3,c1,c2); 388 r[5]=c3; 389 c3=0; 390 mul_add_c(a[6],b[0],c1,c2,c3); 391 mul_add_c(a[5],b[1],c1,c2,c3); 392 mul_add_c(a[4],b[2],c1,c2,c3); 393 mul_add_c(a[3],b[3],c1,c2,c3); 394 mul_add_c(a[2],b[4],c1,c2,c3); 395 mul_add_c(a[1],b[5],c1,c2,c3); 396 mul_add_c(a[0],b[6],c1,c2,c3); 397 r[6]=c1; 398 c1=0; 399 mul_add_c(a[0],b[7],c2,c3,c1); 400 mul_add_c(a[1],b[6],c2,c3,c1); 401 mul_add_c(a[2],b[5],c2,c3,c1); 402 mul_add_c(a[3],b[4],c2,c3,c1); 403 mul_add_c(a[4],b[3],c2,c3,c1); 404 mul_add_c(a[5],b[2],c2,c3,c1); 405 mul_add_c(a[6],b[1],c2,c3,c1); 406 mul_add_c(a[7],b[0],c2,c3,c1); 407 r[7]=c2; 408 c2=0; 409 mul_add_c(a[7],b[1],c3,c1,c2); 410 mul_add_c(a[6],b[2],c3,c1,c2); 411 mul_add_c(a[5],b[3],c3,c1,c2); 412 mul_add_c(a[4],b[4],c3,c1,c2); 413 mul_add_c(a[3],b[5],c3,c1,c2); 414 mul_add_c(a[2],b[6],c3,c1,c2); 415 mul_add_c(a[1],b[7],c3,c1,c2); 416 r[8]=c3; 417 c3=0; 418 mul_add_c(a[2],b[7],c1,c2,c3); 419 mul_add_c(a[3],b[6],c1,c2,c3); 420 mul_add_c(a[4],b[5],c1,c2,c3); 421 mul_add_c(a[5],b[4],c1,c2,c3); 422 mul_add_c(a[6],b[3],c1,c2,c3); 423 mul_add_c(a[7],b[2],c1,c2,c3); 424 r[9]=c1; 425 c1=0; 426 mul_add_c(a[7],b[3],c2,c3,c1); 427 mul_add_c(a[6],b[4],c2,c3,c1); 428 mul_add_c(a[5],b[5],c2,c3,c1); 429 mul_add_c(a[4],b[6],c2,c3,c1); 430 mul_add_c(a[3],b[7],c2,c3,c1); 431 r[10]=c2; 432 c2=0; 433 mul_add_c(a[4],b[7],c3,c1,c2); 434 mul_add_c(a[5],b[6],c3,c1,c2); 435 mul_add_c(a[6],b[5],c3,c1,c2); 436 mul_add_c(a[7],b[4],c3,c1,c2); 437 r[11]=c3; 438 c3=0; 439 mul_add_c(a[7],b[5],c1,c2,c3); 440 mul_add_c(a[6],b[6],c1,c2,c3); 441 mul_add_c(a[5],b[7],c1,c2,c3); 442 r[12]=c1; 443 c1=0; 444 mul_add_c(a[6],b[7],c2,c3,c1); 445 mul_add_c(a[7],b[6],c2,c3,c1); 446 r[13]=c2; 447 c2=0; 448 mul_add_c(a[7],b[7],c3,c1,c2); 449 r[14]=c3; 450 r[15]=c1; 451 } 452 453void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 454 { 455 BN_ULONG t1,t2; 456 BN_ULONG c1,c2,c3; 457 458 c1=0; 459 c2=0; 460 c3=0; 461 mul_add_c(a[0],b[0],c1,c2,c3); 462 r[0]=c1; 463 c1=0; 464 mul_add_c(a[0],b[1],c2,c3,c1); 465 mul_add_c(a[1],b[0],c2,c3,c1); 466 r[1]=c2; 467 c2=0; 468 mul_add_c(a[2],b[0],c3,c1,c2); 469 mul_add_c(a[1],b[1],c3,c1,c2); 470 mul_add_c(a[0],b[2],c3,c1,c2); 471 r[2]=c3; 472 c3=0; 473 mul_add_c(a[0],b[3],c1,c2,c3); 474 mul_add_c(a[1],b[2],c1,c2,c3); 475 mul_add_c(a[2],b[1],c1,c2,c3); 476 mul_add_c(a[3],b[0],c1,c2,c3); 477 r[3]=c1; 478 c1=0; 479 mul_add_c(a[3],b[1],c2,c3,c1); 480 mul_add_c(a[2],b[2],c2,c3,c1); 481 mul_add_c(a[1],b[3],c2,c3,c1); 482 r[4]=c2; 483 c2=0; 484 mul_add_c(a[2],b[3],c3,c1,c2); 485 mul_add_c(a[3],b[2],c3,c1,c2); 486 r[5]=c3; 487 c3=0; 488 mul_add_c(a[3],b[3],c1,c2,c3); 489 r[6]=c1; 490 r[7]=c2; 491 } 492 493void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) 494 { 495 BN_ULONG t1,t2; 496 BN_ULONG c1,c2,c3; 497 498 c1=0; 499 c2=0; 500 c3=0; 501 sqr_add_c(a,0,c1,c2,c3); 502 r[0]=c1; 503 c1=0; 504 sqr_add_c2(a,1,0,c2,c3,c1); 505 r[1]=c2; 506 c2=0; 507 sqr_add_c(a,1,c3,c1,c2); 508 sqr_add_c2(a,2,0,c3,c1,c2); 509 r[2]=c3; 510 c3=0; 511 sqr_add_c2(a,3,0,c1,c2,c3); 512 sqr_add_c2(a,2,1,c1,c2,c3); 513 r[3]=c1; 514 c1=0; 515 sqr_add_c(a,2,c2,c3,c1); 516 sqr_add_c2(a,3,1,c2,c3,c1); 517 sqr_add_c2(a,4,0,c2,c3,c1); 518 r[4]=c2; 519 c2=0; 520 sqr_add_c2(a,5,0,c3,c1,c2); 521 sqr_add_c2(a,4,1,c3,c1,c2); 522 sqr_add_c2(a,3,2,c3,c1,c2); 523 r[5]=c3; 524 c3=0; 525 sqr_add_c(a,3,c1,c2,c3); 526 sqr_add_c2(a,4,2,c1,c2,c3); 527 sqr_add_c2(a,5,1,c1,c2,c3); 528 sqr_add_c2(a,6,0,c1,c2,c3); 529 r[6]=c1; 530 c1=0; 531 sqr_add_c2(a,7,0,c2,c3,c1); 532 sqr_add_c2(a,6,1,c2,c3,c1); 533 sqr_add_c2(a,5,2,c2,c3,c1); 534 sqr_add_c2(a,4,3,c2,c3,c1); 535 r[7]=c2; 536 c2=0; 537 sqr_add_c(a,4,c3,c1,c2); 538 sqr_add_c2(a,5,3,c3,c1,c2); 539 sqr_add_c2(a,6,2,c3,c1,c2); 540 sqr_add_c2(a,7,1,c3,c1,c2); 541 r[8]=c3; 542 c3=0; 543 sqr_add_c2(a,7,2,c1,c2,c3); 544 sqr_add_c2(a,6,3,c1,c2,c3); 545 sqr_add_c2(a,5,4,c1,c2,c3); 546 r[9]=c1; 547 c1=0; 548 sqr_add_c(a,5,c2,c3,c1); 549 sqr_add_c2(a,6,4,c2,c3,c1); 550 sqr_add_c2(a,7,3,c2,c3,c1); 551 r[10]=c2; 552 c2=0; 553 sqr_add_c2(a,7,4,c3,c1,c2); 554 sqr_add_c2(a,6,5,c3,c1,c2); 555 r[11]=c3; 556 c3=0; 557 sqr_add_c(a,6,c1,c2,c3); 558 sqr_add_c2(a,7,5,c1,c2,c3); 559 r[12]=c1; 560 c1=0; 561 sqr_add_c2(a,7,6,c2,c3,c1); 562 r[13]=c2; 563 c2=0; 564 sqr_add_c(a,7,c3,c1,c2); 565 r[14]=c3; 566 r[15]=c1; 567 } 568 569void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) 570 { 571 BN_ULONG t1,t2; 572 BN_ULONG c1,c2,c3; 573 574 c1=0; 575 c2=0; 576 c3=0; 577 sqr_add_c(a,0,c1,c2,c3); 578 r[0]=c1; 579 c1=0; 580 sqr_add_c2(a,1,0,c2,c3,c1); 581 r[1]=c2; 582 c2=0; 583 sqr_add_c(a,1,c3,c1,c2); 584 sqr_add_c2(a,2,0,c3,c1,c2); 585 r[2]=c3; 586 c3=0; 587 sqr_add_c2(a,3,0,c1,c2,c3); 588 sqr_add_c2(a,2,1,c1,c2,c3); 589 r[3]=c1; 590 c1=0; 591 sqr_add_c(a,2,c2,c3,c1); 592 sqr_add_c2(a,3,1,c2,c3,c1); 593 r[4]=c2; 594 c2=0; 595 sqr_add_c2(a,3,2,c3,c1,c2); 596 r[5]=c3; 597 c3=0; 598 sqr_add_c(a,3,c1,c2,c3); 599 r[6]=c1; 600 r[7]=c2; 601 } 602#endif 603