github.com/neatio-net/neatio@v1.7.3-0.20231114194659-f4d7a2226baa/utilities/crypto/secp256k1/libsecp256k1/src/asm/field_10x26_arm.s (about) 1 @ vim: set tabstop=8 softtabstop=8 shiftwidth=8 noexpandtab syntax=armasm: 2 /********************************************************************** 3 * Copyright (c) 2014 Wladimir J. van der Laan * 4 * Distributed under the MIT software license, see the accompanying * 5 * file COPYING or http://www.opensource.org/licenses/mit-license.php.* 6 **********************************************************************/ 7 /* 8 ARM implementation of field_10x26 inner loops. 9 10 Note: 11 12 - To avoid unnecessary loads and make use of available registers, two 13 'passes' have every time been interleaved, with the odd passes accumulating c' and d' 14 which will be added to c and d respectively in the the even passes 15 16 */ 17 18 .syntax unified 19 .arch armv7-a 20 @ eabi attributes - see readelf -A 21 .eabi_attribute 8, 1 @ Tag_ARM_ISA_use = yes 22 .eabi_attribute 9, 0 @ Tag_Thumb_ISA_use = no 23 .eabi_attribute 10, 0 @ Tag_FP_arch = none 24 .eabi_attribute 24, 1 @ Tag_ABI_align_needed = 8-byte 25 .eabi_attribute 25, 1 @ Tag_ABI_align_preserved = 8-byte, except leaf SP 26 .eabi_attribute 30, 2 @ Tag_ABI_optimization_goals = Agressive Speed 27 .eabi_attribute 34, 1 @ Tag_CPU_unaligned_access = v6 28 .text 29 30 @ Field constants 31 .set field_R0, 0x3d10 32 .set field_R1, 0x400 33 .set field_not_M, 0xfc000000 @ ~M = ~0x3ffffff 34 35 .align 2 36 .global secp256k1_fe_mul_inner 37 .type secp256k1_fe_mul_inner, %function 38 @ Arguments: 39 @ r0 r Restrict: can overlap with a, not with b 40 @ r1 a 41 @ r2 b 42 @ Stack (total 4+10*4 = 44) 43 @ sp + #0 saved 'r' pointer 44 @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 45 secp256k1_fe_mul_inner: 46 stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} 47 sub sp, sp, #48 @ frame=44 + alignment 48 str r0, [sp, #0] @ save result address, we need it only at the end 49 50 /****************************************** 51 * Main computation code. 52 ****************************************** 53 54 Allocation: 55 r0,r14,r7,r8 scratch 56 r1 a (pointer) 57 r2 b (pointer) 58 r3:r4 c 59 r5:r6 d 60 r11:r12 c' 61 r9:r10 d' 62 63 Note: do not write to r[] here, it may overlap with a[] 64 */ 65 66 /* A - interleaved with B */ 67 ldr r7, [r1, #0*4] @ a[0] 68 ldr r8, [r2, #9*4] @ b[9] 69 ldr r0, [r1, #1*4] @ a[1] 70 umull r5, r6, r7, r8 @ d = a[0] * b[9] 71 ldr r14, [r2, #8*4] @ b[8] 72 umull r9, r10, r0, r8 @ d' = a[1] * b[9] 73 ldr r7, [r1, #2*4] @ a[2] 74 umlal r5, r6, r0, r14 @ d += a[1] * b[8] 75 ldr r8, [r2, #7*4] @ b[7] 76 umlal r9, r10, r7, r14 @ d' += a[2] * b[8] 77 ldr r0, [r1, #3*4] @ a[3] 78 umlal r5, r6, r7, r8 @ d += a[2] * b[7] 79 ldr r14, [r2, #6*4] @ b[6] 80 umlal r9, r10, r0, r8 @ d' += a[3] * b[7] 81 ldr r7, [r1, #4*4] @ a[4] 82 umlal r5, r6, r0, r14 @ d += a[3] * b[6] 83 ldr r8, [r2, #5*4] @ b[5] 84 umlal r9, r10, r7, r14 @ d' += a[4] * b[6] 85 ldr r0, [r1, #5*4] @ a[5] 86 umlal r5, r6, r7, r8 @ d += a[4] * b[5] 87 ldr r14, [r2, #4*4] @ b[4] 88 umlal r9, r10, r0, r8 @ d' += a[5] * b[5] 89 ldr r7, [r1, #6*4] @ a[6] 90 umlal r5, r6, r0, r14 @ d += a[5] * b[4] 91 ldr r8, [r2, #3*4] @ b[3] 92 umlal r9, r10, r7, r14 @ d' += a[6] * b[4] 93 ldr r0, [r1, #7*4] @ a[7] 94 umlal r5, r6, r7, r8 @ d += a[6] * b[3] 95 ldr r14, [r2, #2*4] @ b[2] 96 umlal r9, r10, r0, r8 @ d' += a[7] * b[3] 97 ldr r7, [r1, #8*4] @ a[8] 98 umlal r5, r6, r0, r14 @ d += a[7] * b[2] 99 ldr r8, [r2, #1*4] @ b[1] 100 umlal r9, r10, r7, r14 @ d' += a[8] * b[2] 101 ldr r0, [r1, #9*4] @ a[9] 102 umlal r5, r6, r7, r8 @ d += a[8] * b[1] 103 ldr r14, [r2, #0*4] @ b[0] 104 umlal r9, r10, r0, r8 @ d' += a[9] * b[1] 105 ldr r7, [r1, #0*4] @ a[0] 106 umlal r5, r6, r0, r14 @ d += a[9] * b[0] 107 @ r7,r14 used in B 108 109 bic r0, r5, field_not_M @ t9 = d & M 110 str r0, [sp, #4 + 4*9] 111 mov r5, r5, lsr #26 @ d >>= 26 112 orr r5, r5, r6, asl #6 113 mov r6, r6, lsr #26 114 115 /* B */ 116 umull r3, r4, r7, r14 @ c = a[0] * b[0] 117 adds r5, r5, r9 @ d += d' 118 adc r6, r6, r10 119 120 bic r0, r5, field_not_M @ u0 = d & M 121 mov r5, r5, lsr #26 @ d >>= 26 122 orr r5, r5, r6, asl #6 123 mov r6, r6, lsr #26 124 movw r14, field_R0 @ c += u0 * R0 125 umlal r3, r4, r0, r14 126 127 bic r14, r3, field_not_M @ t0 = c & M 128 str r14, [sp, #4 + 0*4] 129 mov r3, r3, lsr #26 @ c >>= 26 130 orr r3, r3, r4, asl #6 131 mov r4, r4, lsr #26 132 mov r14, field_R1 @ c += u0 * R1 133 umlal r3, r4, r0, r14 134 135 /* C - interleaved with D */ 136 ldr r7, [r1, #0*4] @ a[0] 137 ldr r8, [r2, #2*4] @ b[2] 138 ldr r14, [r2, #1*4] @ b[1] 139 umull r11, r12, r7, r8 @ c' = a[0] * b[2] 140 ldr r0, [r1, #1*4] @ a[1] 141 umlal r3, r4, r7, r14 @ c += a[0] * b[1] 142 ldr r8, [r2, #0*4] @ b[0] 143 umlal r11, r12, r0, r14 @ c' += a[1] * b[1] 144 ldr r7, [r1, #2*4] @ a[2] 145 umlal r3, r4, r0, r8 @ c += a[1] * b[0] 146 ldr r14, [r2, #9*4] @ b[9] 147 umlal r11, r12, r7, r8 @ c' += a[2] * b[0] 148 ldr r0, [r1, #3*4] @ a[3] 149 umlal r5, r6, r7, r14 @ d += a[2] * b[9] 150 ldr r8, [r2, #8*4] @ b[8] 151 umull r9, r10, r0, r14 @ d' = a[3] * b[9] 152 ldr r7, [r1, #4*4] @ a[4] 153 umlal r5, r6, r0, r8 @ d += a[3] * b[8] 154 ldr r14, [r2, #7*4] @ b[7] 155 umlal r9, r10, r7, r8 @ d' += a[4] * b[8] 156 ldr r0, [r1, #5*4] @ a[5] 157 umlal r5, r6, r7, r14 @ d += a[4] * b[7] 158 ldr r8, [r2, #6*4] @ b[6] 159 umlal r9, r10, r0, r14 @ d' += a[5] * b[7] 160 ldr r7, [r1, #6*4] @ a[6] 161 umlal r5, r6, r0, r8 @ d += a[5] * b[6] 162 ldr r14, [r2, #5*4] @ b[5] 163 umlal r9, r10, r7, r8 @ d' += a[6] * b[6] 164 ldr r0, [r1, #7*4] @ a[7] 165 umlal r5, r6, r7, r14 @ d += a[6] * b[5] 166 ldr r8, [r2, #4*4] @ b[4] 167 umlal r9, r10, r0, r14 @ d' += a[7] * b[5] 168 ldr r7, [r1, #8*4] @ a[8] 169 umlal r5, r6, r0, r8 @ d += a[7] * b[4] 170 ldr r14, [r2, #3*4] @ b[3] 171 umlal r9, r10, r7, r8 @ d' += a[8] * b[4] 172 ldr r0, [r1, #9*4] @ a[9] 173 umlal r5, r6, r7, r14 @ d += a[8] * b[3] 174 ldr r8, [r2, #2*4] @ b[2] 175 umlal r9, r10, r0, r14 @ d' += a[9] * b[3] 176 umlal r5, r6, r0, r8 @ d += a[9] * b[2] 177 178 bic r0, r5, field_not_M @ u1 = d & M 179 mov r5, r5, lsr #26 @ d >>= 26 180 orr r5, r5, r6, asl #6 181 mov r6, r6, lsr #26 182 movw r14, field_R0 @ c += u1 * R0 183 umlal r3, r4, r0, r14 184 185 bic r14, r3, field_not_M @ t1 = c & M 186 str r14, [sp, #4 + 1*4] 187 mov r3, r3, lsr #26 @ c >>= 26 188 orr r3, r3, r4, asl #6 189 mov r4, r4, lsr #26 190 mov r14, field_R1 @ c += u1 * R1 191 umlal r3, r4, r0, r14 192 193 /* D */ 194 adds r3, r3, r11 @ c += c' 195 adc r4, r4, r12 196 adds r5, r5, r9 @ d += d' 197 adc r6, r6, r10 198 199 bic r0, r5, field_not_M @ u2 = d & M 200 mov r5, r5, lsr #26 @ d >>= 26 201 orr r5, r5, r6, asl #6 202 mov r6, r6, lsr #26 203 movw r14, field_R0 @ c += u2 * R0 204 umlal r3, r4, r0, r14 205 206 bic r14, r3, field_not_M @ t2 = c & M 207 str r14, [sp, #4 + 2*4] 208 mov r3, r3, lsr #26 @ c >>= 26 209 orr r3, r3, r4, asl #6 210 mov r4, r4, lsr #26 211 mov r14, field_R1 @ c += u2 * R1 212 umlal r3, r4, r0, r14 213 214 /* E - interleaved with F */ 215 ldr r7, [r1, #0*4] @ a[0] 216 ldr r8, [r2, #4*4] @ b[4] 217 umull r11, r12, r7, r8 @ c' = a[0] * b[4] 218 ldr r8, [r2, #3*4] @ b[3] 219 umlal r3, r4, r7, r8 @ c += a[0] * b[3] 220 ldr r7, [r1, #1*4] @ a[1] 221 umlal r11, r12, r7, r8 @ c' += a[1] * b[3] 222 ldr r8, [r2, #2*4] @ b[2] 223 umlal r3, r4, r7, r8 @ c += a[1] * b[2] 224 ldr r7, [r1, #2*4] @ a[2] 225 umlal r11, r12, r7, r8 @ c' += a[2] * b[2] 226 ldr r8, [r2, #1*4] @ b[1] 227 umlal r3, r4, r7, r8 @ c += a[2] * b[1] 228 ldr r7, [r1, #3*4] @ a[3] 229 umlal r11, r12, r7, r8 @ c' += a[3] * b[1] 230 ldr r8, [r2, #0*4] @ b[0] 231 umlal r3, r4, r7, r8 @ c += a[3] * b[0] 232 ldr r7, [r1, #4*4] @ a[4] 233 umlal r11, r12, r7, r8 @ c' += a[4] * b[0] 234 ldr r8, [r2, #9*4] @ b[9] 235 umlal r5, r6, r7, r8 @ d += a[4] * b[9] 236 ldr r7, [r1, #5*4] @ a[5] 237 umull r9, r10, r7, r8 @ d' = a[5] * b[9] 238 ldr r8, [r2, #8*4] @ b[8] 239 umlal r5, r6, r7, r8 @ d += a[5] * b[8] 240 ldr r7, [r1, #6*4] @ a[6] 241 umlal r9, r10, r7, r8 @ d' += a[6] * b[8] 242 ldr r8, [r2, #7*4] @ b[7] 243 umlal r5, r6, r7, r8 @ d += a[6] * b[7] 244 ldr r7, [r1, #7*4] @ a[7] 245 umlal r9, r10, r7, r8 @ d' += a[7] * b[7] 246 ldr r8, [r2, #6*4] @ b[6] 247 umlal r5, r6, r7, r8 @ d += a[7] * b[6] 248 ldr r7, [r1, #8*4] @ a[8] 249 umlal r9, r10, r7, r8 @ d' += a[8] * b[6] 250 ldr r8, [r2, #5*4] @ b[5] 251 umlal r5, r6, r7, r8 @ d += a[8] * b[5] 252 ldr r7, [r1, #9*4] @ a[9] 253 umlal r9, r10, r7, r8 @ d' += a[9] * b[5] 254 ldr r8, [r2, #4*4] @ b[4] 255 umlal r5, r6, r7, r8 @ d += a[9] * b[4] 256 257 bic r0, r5, field_not_M @ u3 = d & M 258 mov r5, r5, lsr #26 @ d >>= 26 259 orr r5, r5, r6, asl #6 260 mov r6, r6, lsr #26 261 movw r14, field_R0 @ c += u3 * R0 262 umlal r3, r4, r0, r14 263 264 bic r14, r3, field_not_M @ t3 = c & M 265 str r14, [sp, #4 + 3*4] 266 mov r3, r3, lsr #26 @ c >>= 26 267 orr r3, r3, r4, asl #6 268 mov r4, r4, lsr #26 269 mov r14, field_R1 @ c += u3 * R1 270 umlal r3, r4, r0, r14 271 272 /* F */ 273 adds r3, r3, r11 @ c += c' 274 adc r4, r4, r12 275 adds r5, r5, r9 @ d += d' 276 adc r6, r6, r10 277 278 bic r0, r5, field_not_M @ u4 = d & M 279 mov r5, r5, lsr #26 @ d >>= 26 280 orr r5, r5, r6, asl #6 281 mov r6, r6, lsr #26 282 movw r14, field_R0 @ c += u4 * R0 283 umlal r3, r4, r0, r14 284 285 bic r14, r3, field_not_M @ t4 = c & M 286 str r14, [sp, #4 + 4*4] 287 mov r3, r3, lsr #26 @ c >>= 26 288 orr r3, r3, r4, asl #6 289 mov r4, r4, lsr #26 290 mov r14, field_R1 @ c += u4 * R1 291 umlal r3, r4, r0, r14 292 293 /* G - interleaved with H */ 294 ldr r7, [r1, #0*4] @ a[0] 295 ldr r8, [r2, #6*4] @ b[6] 296 ldr r14, [r2, #5*4] @ b[5] 297 umull r11, r12, r7, r8 @ c' = a[0] * b[6] 298 ldr r0, [r1, #1*4] @ a[1] 299 umlal r3, r4, r7, r14 @ c += a[0] * b[5] 300 ldr r8, [r2, #4*4] @ b[4] 301 umlal r11, r12, r0, r14 @ c' += a[1] * b[5] 302 ldr r7, [r1, #2*4] @ a[2] 303 umlal r3, r4, r0, r8 @ c += a[1] * b[4] 304 ldr r14, [r2, #3*4] @ b[3] 305 umlal r11, r12, r7, r8 @ c' += a[2] * b[4] 306 ldr r0, [r1, #3*4] @ a[3] 307 umlal r3, r4, r7, r14 @ c += a[2] * b[3] 308 ldr r8, [r2, #2*4] @ b[2] 309 umlal r11, r12, r0, r14 @ c' += a[3] * b[3] 310 ldr r7, [r1, #4*4] @ a[4] 311 umlal r3, r4, r0, r8 @ c += a[3] * b[2] 312 ldr r14, [r2, #1*4] @ b[1] 313 umlal r11, r12, r7, r8 @ c' += a[4] * b[2] 314 ldr r0, [r1, #5*4] @ a[5] 315 umlal r3, r4, r7, r14 @ c += a[4] * b[1] 316 ldr r8, [r2, #0*4] @ b[0] 317 umlal r11, r12, r0, r14 @ c' += a[5] * b[1] 318 ldr r7, [r1, #6*4] @ a[6] 319 umlal r3, r4, r0, r8 @ c += a[5] * b[0] 320 ldr r14, [r2, #9*4] @ b[9] 321 umlal r11, r12, r7, r8 @ c' += a[6] * b[0] 322 ldr r0, [r1, #7*4] @ a[7] 323 umlal r5, r6, r7, r14 @ d += a[6] * b[9] 324 ldr r8, [r2, #8*4] @ b[8] 325 umull r9, r10, r0, r14 @ d' = a[7] * b[9] 326 ldr r7, [r1, #8*4] @ a[8] 327 umlal r5, r6, r0, r8 @ d += a[7] * b[8] 328 ldr r14, [r2, #7*4] @ b[7] 329 umlal r9, r10, r7, r8 @ d' += a[8] * b[8] 330 ldr r0, [r1, #9*4] @ a[9] 331 umlal r5, r6, r7, r14 @ d += a[8] * b[7] 332 ldr r8, [r2, #6*4] @ b[6] 333 umlal r9, r10, r0, r14 @ d' += a[9] * b[7] 334 umlal r5, r6, r0, r8 @ d += a[9] * b[6] 335 336 bic r0, r5, field_not_M @ u5 = d & M 337 mov r5, r5, lsr #26 @ d >>= 26 338 orr r5, r5, r6, asl #6 339 mov r6, r6, lsr #26 340 movw r14, field_R0 @ c += u5 * R0 341 umlal r3, r4, r0, r14 342 343 bic r14, r3, field_not_M @ t5 = c & M 344 str r14, [sp, #4 + 5*4] 345 mov r3, r3, lsr #26 @ c >>= 26 346 orr r3, r3, r4, asl #6 347 mov r4, r4, lsr #26 348 mov r14, field_R1 @ c += u5 * R1 349 umlal r3, r4, r0, r14 350 351 /* H */ 352 adds r3, r3, r11 @ c += c' 353 adc r4, r4, r12 354 adds r5, r5, r9 @ d += d' 355 adc r6, r6, r10 356 357 bic r0, r5, field_not_M @ u6 = d & M 358 mov r5, r5, lsr #26 @ d >>= 26 359 orr r5, r5, r6, asl #6 360 mov r6, r6, lsr #26 361 movw r14, field_R0 @ c += u6 * R0 362 umlal r3, r4, r0, r14 363 364 bic r14, r3, field_not_M @ t6 = c & M 365 str r14, [sp, #4 + 6*4] 366 mov r3, r3, lsr #26 @ c >>= 26 367 orr r3, r3, r4, asl #6 368 mov r4, r4, lsr #26 369 mov r14, field_R1 @ c += u6 * R1 370 umlal r3, r4, r0, r14 371 372 /* I - interleaved with J */ 373 ldr r8, [r2, #8*4] @ b[8] 374 ldr r7, [r1, #0*4] @ a[0] 375 ldr r14, [r2, #7*4] @ b[7] 376 umull r11, r12, r7, r8 @ c' = a[0] * b[8] 377 ldr r0, [r1, #1*4] @ a[1] 378 umlal r3, r4, r7, r14 @ c += a[0] * b[7] 379 ldr r8, [r2, #6*4] @ b[6] 380 umlal r11, r12, r0, r14 @ c' += a[1] * b[7] 381 ldr r7, [r1, #2*4] @ a[2] 382 umlal r3, r4, r0, r8 @ c += a[1] * b[6] 383 ldr r14, [r2, #5*4] @ b[5] 384 umlal r11, r12, r7, r8 @ c' += a[2] * b[6] 385 ldr r0, [r1, #3*4] @ a[3] 386 umlal r3, r4, r7, r14 @ c += a[2] * b[5] 387 ldr r8, [r2, #4*4] @ b[4] 388 umlal r11, r12, r0, r14 @ c' += a[3] * b[5] 389 ldr r7, [r1, #4*4] @ a[4] 390 umlal r3, r4, r0, r8 @ c += a[3] * b[4] 391 ldr r14, [r2, #3*4] @ b[3] 392 umlal r11, r12, r7, r8 @ c' += a[4] * b[4] 393 ldr r0, [r1, #5*4] @ a[5] 394 umlal r3, r4, r7, r14 @ c += a[4] * b[3] 395 ldr r8, [r2, #2*4] @ b[2] 396 umlal r11, r12, r0, r14 @ c' += a[5] * b[3] 397 ldr r7, [r1, #6*4] @ a[6] 398 umlal r3, r4, r0, r8 @ c += a[5] * b[2] 399 ldr r14, [r2, #1*4] @ b[1] 400 umlal r11, r12, r7, r8 @ c' += a[6] * b[2] 401 ldr r0, [r1, #7*4] @ a[7] 402 umlal r3, r4, r7, r14 @ c += a[6] * b[1] 403 ldr r8, [r2, #0*4] @ b[0] 404 umlal r11, r12, r0, r14 @ c' += a[7] * b[1] 405 ldr r7, [r1, #8*4] @ a[8] 406 umlal r3, r4, r0, r8 @ c += a[7] * b[0] 407 ldr r14, [r2, #9*4] @ b[9] 408 umlal r11, r12, r7, r8 @ c' += a[8] * b[0] 409 ldr r0, [r1, #9*4] @ a[9] 410 umlal r5, r6, r7, r14 @ d += a[8] * b[9] 411 ldr r8, [r2, #8*4] @ b[8] 412 umull r9, r10, r0, r14 @ d' = a[9] * b[9] 413 umlal r5, r6, r0, r8 @ d += a[9] * b[8] 414 415 bic r0, r5, field_not_M @ u7 = d & M 416 mov r5, r5, lsr #26 @ d >>= 26 417 orr r5, r5, r6, asl #6 418 mov r6, r6, lsr #26 419 movw r14, field_R0 @ c += u7 * R0 420 umlal r3, r4, r0, r14 421 422 bic r14, r3, field_not_M @ t7 = c & M 423 str r14, [sp, #4 + 7*4] 424 mov r3, r3, lsr #26 @ c >>= 26 425 orr r3, r3, r4, asl #6 426 mov r4, r4, lsr #26 427 mov r14, field_R1 @ c += u7 * R1 428 umlal r3, r4, r0, r14 429 430 /* J */ 431 adds r3, r3, r11 @ c += c' 432 adc r4, r4, r12 433 adds r5, r5, r9 @ d += d' 434 adc r6, r6, r10 435 436 bic r0, r5, field_not_M @ u8 = d & M 437 str r0, [sp, #4 + 8*4] 438 mov r5, r5, lsr #26 @ d >>= 26 439 orr r5, r5, r6, asl #6 440 mov r6, r6, lsr #26 441 movw r14, field_R0 @ c += u8 * R0 442 umlal r3, r4, r0, r14 443 444 /****************************************** 445 * compute and write back result 446 ****************************************** 447 Allocation: 448 r0 r 449 r3:r4 c 450 r5:r6 d 451 r7 t0 452 r8 t1 453 r9 t2 454 r11 u8 455 r12 t9 456 r1,r2,r10,r14 scratch 457 458 Note: do not read from a[] after here, it may overlap with r[] 459 */ 460 ldr r0, [sp, #0] 461 add r1, sp, #4 + 3*4 @ r[3..7] = t3..7, r11=u8, r12=t9 462 ldmia r1, {r2,r7,r8,r9,r10,r11,r12} 463 add r1, r0, #3*4 464 stmia r1, {r2,r7,r8,r9,r10} 465 466 bic r2, r3, field_not_M @ r[8] = c & M 467 str r2, [r0, #8*4] 468 mov r3, r3, lsr #26 @ c >>= 26 469 orr r3, r3, r4, asl #6 470 mov r4, r4, lsr #26 471 mov r14, field_R1 @ c += u8 * R1 472 umlal r3, r4, r11, r14 473 movw r14, field_R0 @ c += d * R0 474 umlal r3, r4, r5, r14 475 adds r3, r3, r12 @ c += t9 476 adc r4, r4, #0 477 478 add r1, sp, #4 + 0*4 @ r7,r8,r9 = t0,t1,t2 479 ldmia r1, {r7,r8,r9} 480 481 ubfx r2, r3, #0, #22 @ r[9] = c & (M >> 4) 482 str r2, [r0, #9*4] 483 mov r3, r3, lsr #22 @ c >>= 22 484 orr r3, r3, r4, asl #10 485 mov r4, r4, lsr #22 486 movw r14, field_R1 << 4 @ c += d * (R1 << 4) 487 umlal r3, r4, r5, r14 488 489 movw r14, field_R0 >> 4 @ d = c * (R0 >> 4) + t0 (64x64 multiply+add) 490 umull r5, r6, r3, r14 @ d = c.lo * (R0 >> 4) 491 adds r5, r5, r7 @ d.lo += t0 492 mla r6, r14, r4, r6 @ d.hi += c.hi * (R0 >> 4) 493 adc r6, r6, 0 @ d.hi += carry 494 495 bic r2, r5, field_not_M @ r[0] = d & M 496 str r2, [r0, #0*4] 497 498 mov r5, r5, lsr #26 @ d >>= 26 499 orr r5, r5, r6, asl #6 500 mov r6, r6, lsr #26 501 502 movw r14, field_R1 >> 4 @ d += c * (R1 >> 4) + t1 (64x64 multiply+add) 503 umull r1, r2, r3, r14 @ tmp = c.lo * (R1 >> 4) 504 adds r5, r5, r8 @ d.lo += t1 505 adc r6, r6, #0 @ d.hi += carry 506 adds r5, r5, r1 @ d.lo += tmp.lo 507 mla r2, r14, r4, r2 @ tmp.hi += c.hi * (R1 >> 4) 508 adc r6, r6, r2 @ d.hi += carry + tmp.hi 509 510 bic r2, r5, field_not_M @ r[1] = d & M 511 str r2, [r0, #1*4] 512 mov r5, r5, lsr #26 @ d >>= 26 (ignore hi) 513 orr r5, r5, r6, asl #6 514 515 add r5, r5, r9 @ d += t2 516 str r5, [r0, #2*4] @ r[2] = d 517 518 add sp, sp, #48 519 ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} 520 .size secp256k1_fe_mul_inner, .-secp256k1_fe_mul_inner 521 522 .align 2 523 .global secp256k1_fe_sqr_inner 524 .type secp256k1_fe_sqr_inner, %function 525 @ Arguments: 526 @ r0 r Can overlap with a 527 @ r1 a 528 @ Stack (total 4+10*4 = 44) 529 @ sp + #0 saved 'r' pointer 530 @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 531 secp256k1_fe_sqr_inner: 532 stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} 533 sub sp, sp, #48 @ frame=44 + alignment 534 str r0, [sp, #0] @ save result address, we need it only at the end 535 /****************************************** 536 * Main computation code. 537 ****************************************** 538 539 Allocation: 540 r0,r14,r2,r7,r8 scratch 541 r1 a (pointer) 542 r3:r4 c 543 r5:r6 d 544 r11:r12 c' 545 r9:r10 d' 546 547 Note: do not write to r[] here, it may overlap with a[] 548 */ 549 /* A interleaved with B */ 550 ldr r0, [r1, #1*4] @ a[1]*2 551 ldr r7, [r1, #0*4] @ a[0] 552 mov r0, r0, asl #1 553 ldr r14, [r1, #9*4] @ a[9] 554 umull r3, r4, r7, r7 @ c = a[0] * a[0] 555 ldr r8, [r1, #8*4] @ a[8] 556 mov r7, r7, asl #1 557 umull r5, r6, r7, r14 @ d = a[0]*2 * a[9] 558 ldr r7, [r1, #2*4] @ a[2]*2 559 umull r9, r10, r0, r14 @ d' = a[1]*2 * a[9] 560 ldr r14, [r1, #7*4] @ a[7] 561 umlal r5, r6, r0, r8 @ d += a[1]*2 * a[8] 562 mov r7, r7, asl #1 563 ldr r0, [r1, #3*4] @ a[3]*2 564 umlal r9, r10, r7, r8 @ d' += a[2]*2 * a[8] 565 ldr r8, [r1, #6*4] @ a[6] 566 umlal r5, r6, r7, r14 @ d += a[2]*2 * a[7] 567 mov r0, r0, asl #1 568 ldr r7, [r1, #4*4] @ a[4]*2 569 umlal r9, r10, r0, r14 @ d' += a[3]*2 * a[7] 570 ldr r14, [r1, #5*4] @ a[5] 571 mov r7, r7, asl #1 572 umlal r5, r6, r0, r8 @ d += a[3]*2 * a[6] 573 umlal r9, r10, r7, r8 @ d' += a[4]*2 * a[6] 574 umlal r5, r6, r7, r14 @ d += a[4]*2 * a[5] 575 umlal r9, r10, r14, r14 @ d' += a[5] * a[5] 576 577 bic r0, r5, field_not_M @ t9 = d & M 578 str r0, [sp, #4 + 9*4] 579 mov r5, r5, lsr #26 @ d >>= 26 580 orr r5, r5, r6, asl #6 581 mov r6, r6, lsr #26 582 583 /* B */ 584 adds r5, r5, r9 @ d += d' 585 adc r6, r6, r10 586 587 bic r0, r5, field_not_M @ u0 = d & M 588 mov r5, r5, lsr #26 @ d >>= 26 589 orr r5, r5, r6, asl #6 590 mov r6, r6, lsr #26 591 movw r14, field_R0 @ c += u0 * R0 592 umlal r3, r4, r0, r14 593 bic r14, r3, field_not_M @ t0 = c & M 594 str r14, [sp, #4 + 0*4] 595 mov r3, r3, lsr #26 @ c >>= 26 596 orr r3, r3, r4, asl #6 597 mov r4, r4, lsr #26 598 mov r14, field_R1 @ c += u0 * R1 599 umlal r3, r4, r0, r14 600 601 /* C interleaved with D */ 602 ldr r0, [r1, #0*4] @ a[0]*2 603 ldr r14, [r1, #1*4] @ a[1] 604 mov r0, r0, asl #1 605 ldr r8, [r1, #2*4] @ a[2] 606 umlal r3, r4, r0, r14 @ c += a[0]*2 * a[1] 607 mov r7, r8, asl #1 @ a[2]*2 608 umull r11, r12, r14, r14 @ c' = a[1] * a[1] 609 ldr r14, [r1, #9*4] @ a[9] 610 umlal r11, r12, r0, r8 @ c' += a[0]*2 * a[2] 611 ldr r0, [r1, #3*4] @ a[3]*2 612 ldr r8, [r1, #8*4] @ a[8] 613 umlal r5, r6, r7, r14 @ d += a[2]*2 * a[9] 614 mov r0, r0, asl #1 615 ldr r7, [r1, #4*4] @ a[4]*2 616 umull r9, r10, r0, r14 @ d' = a[3]*2 * a[9] 617 ldr r14, [r1, #7*4] @ a[7] 618 umlal r5, r6, r0, r8 @ d += a[3]*2 * a[8] 619 mov r7, r7, asl #1 620 ldr r0, [r1, #5*4] @ a[5]*2 621 umlal r9, r10, r7, r8 @ d' += a[4]*2 * a[8] 622 ldr r8, [r1, #6*4] @ a[6] 623 mov r0, r0, asl #1 624 umlal r5, r6, r7, r14 @ d += a[4]*2 * a[7] 625 umlal r9, r10, r0, r14 @ d' += a[5]*2 * a[7] 626 umlal r5, r6, r0, r8 @ d += a[5]*2 * a[6] 627 umlal r9, r10, r8, r8 @ d' += a[6] * a[6] 628 629 bic r0, r5, field_not_M @ u1 = d & M 630 mov r5, r5, lsr #26 @ d >>= 26 631 orr r5, r5, r6, asl #6 632 mov r6, r6, lsr #26 633 movw r14, field_R0 @ c += u1 * R0 634 umlal r3, r4, r0, r14 635 bic r14, r3, field_not_M @ t1 = c & M 636 str r14, [sp, #4 + 1*4] 637 mov r3, r3, lsr #26 @ c >>= 26 638 orr r3, r3, r4, asl #6 639 mov r4, r4, lsr #26 640 mov r14, field_R1 @ c += u1 * R1 641 umlal r3, r4, r0, r14 642 643 /* D */ 644 adds r3, r3, r11 @ c += c' 645 adc r4, r4, r12 646 adds r5, r5, r9 @ d += d' 647 adc r6, r6, r10 648 649 bic r0, r5, field_not_M @ u2 = d & M 650 mov r5, r5, lsr #26 @ d >>= 26 651 orr r5, r5, r6, asl #6 652 mov r6, r6, lsr #26 653 movw r14, field_R0 @ c += u2 * R0 654 umlal r3, r4, r0, r14 655 bic r14, r3, field_not_M @ t2 = c & M 656 str r14, [sp, #4 + 2*4] 657 mov r3, r3, lsr #26 @ c >>= 26 658 orr r3, r3, r4, asl #6 659 mov r4, r4, lsr #26 660 mov r14, field_R1 @ c += u2 * R1 661 umlal r3, r4, r0, r14 662 663 /* E interleaved with F */ 664 ldr r7, [r1, #0*4] @ a[0]*2 665 ldr r0, [r1, #1*4] @ a[1]*2 666 ldr r14, [r1, #2*4] @ a[2] 667 mov r7, r7, asl #1 668 ldr r8, [r1, #3*4] @ a[3] 669 ldr r2, [r1, #4*4] 670 umlal r3, r4, r7, r8 @ c += a[0]*2 * a[3] 671 mov r0, r0, asl #1 672 umull r11, r12, r7, r2 @ c' = a[0]*2 * a[4] 673 mov r2, r2, asl #1 @ a[4]*2 674 umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[3] 675 ldr r8, [r1, #9*4] @ a[9] 676 umlal r3, r4, r0, r14 @ c += a[1]*2 * a[2] 677 ldr r0, [r1, #5*4] @ a[5]*2 678 umlal r11, r12, r14, r14 @ c' += a[2] * a[2] 679 ldr r14, [r1, #8*4] @ a[8] 680 mov r0, r0, asl #1 681 umlal r5, r6, r2, r8 @ d += a[4]*2 * a[9] 682 ldr r7, [r1, #6*4] @ a[6]*2 683 umull r9, r10, r0, r8 @ d' = a[5]*2 * a[9] 684 mov r7, r7, asl #1 685 ldr r8, [r1, #7*4] @ a[7] 686 umlal r5, r6, r0, r14 @ d += a[5]*2 * a[8] 687 umlal r9, r10, r7, r14 @ d' += a[6]*2 * a[8] 688 umlal r5, r6, r7, r8 @ d += a[6]*2 * a[7] 689 umlal r9, r10, r8, r8 @ d' += a[7] * a[7] 690 691 bic r0, r5, field_not_M @ u3 = d & M 692 mov r5, r5, lsr #26 @ d >>= 26 693 orr r5, r5, r6, asl #6 694 mov r6, r6, lsr #26 695 movw r14, field_R0 @ c += u3 * R0 696 umlal r3, r4, r0, r14 697 bic r14, r3, field_not_M @ t3 = c & M 698 str r14, [sp, #4 + 3*4] 699 mov r3, r3, lsr #26 @ c >>= 26 700 orr r3, r3, r4, asl #6 701 mov r4, r4, lsr #26 702 mov r14, field_R1 @ c += u3 * R1 703 umlal r3, r4, r0, r14 704 705 /* F */ 706 adds r3, r3, r11 @ c += c' 707 adc r4, r4, r12 708 adds r5, r5, r9 @ d += d' 709 adc r6, r6, r10 710 711 bic r0, r5, field_not_M @ u4 = d & M 712 mov r5, r5, lsr #26 @ d >>= 26 713 orr r5, r5, r6, asl #6 714 mov r6, r6, lsr #26 715 movw r14, field_R0 @ c += u4 * R0 716 umlal r3, r4, r0, r14 717 bic r14, r3, field_not_M @ t4 = c & M 718 str r14, [sp, #4 + 4*4] 719 mov r3, r3, lsr #26 @ c >>= 26 720 orr r3, r3, r4, asl #6 721 mov r4, r4, lsr #26 722 mov r14, field_R1 @ c += u4 * R1 723 umlal r3, r4, r0, r14 724 725 /* G interleaved with H */ 726 ldr r7, [r1, #0*4] @ a[0]*2 727 ldr r0, [r1, #1*4] @ a[1]*2 728 mov r7, r7, asl #1 729 ldr r8, [r1, #5*4] @ a[5] 730 ldr r2, [r1, #6*4] @ a[6] 731 umlal r3, r4, r7, r8 @ c += a[0]*2 * a[5] 732 ldr r14, [r1, #4*4] @ a[4] 733 mov r0, r0, asl #1 734 umull r11, r12, r7, r2 @ c' = a[0]*2 * a[6] 735 ldr r7, [r1, #2*4] @ a[2]*2 736 umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[5] 737 mov r7, r7, asl #1 738 ldr r8, [r1, #3*4] @ a[3] 739 umlal r3, r4, r0, r14 @ c += a[1]*2 * a[4] 740 mov r0, r2, asl #1 @ a[6]*2 741 umlal r11, r12, r7, r14 @ c' += a[2]*2 * a[4] 742 ldr r14, [r1, #9*4] @ a[9] 743 umlal r3, r4, r7, r8 @ c += a[2]*2 * a[3] 744 ldr r7, [r1, #7*4] @ a[7]*2 745 umlal r11, r12, r8, r8 @ c' += a[3] * a[3] 746 mov r7, r7, asl #1 747 ldr r8, [r1, #8*4] @ a[8] 748 umlal r5, r6, r0, r14 @ d += a[6]*2 * a[9] 749 umull r9, r10, r7, r14 @ d' = a[7]*2 * a[9] 750 umlal r5, r6, r7, r8 @ d += a[7]*2 * a[8] 751 umlal r9, r10, r8, r8 @ d' += a[8] * a[8] 752 753 bic r0, r5, field_not_M @ u5 = d & M 754 mov r5, r5, lsr #26 @ d >>= 26 755 orr r5, r5, r6, asl #6 756 mov r6, r6, lsr #26 757 movw r14, field_R0 @ c += u5 * R0 758 umlal r3, r4, r0, r14 759 bic r14, r3, field_not_M @ t5 = c & M 760 str r14, [sp, #4 + 5*4] 761 mov r3, r3, lsr #26 @ c >>= 26 762 orr r3, r3, r4, asl #6 763 mov r4, r4, lsr #26 764 mov r14, field_R1 @ c += u5 * R1 765 umlal r3, r4, r0, r14 766 767 /* H */ 768 adds r3, r3, r11 @ c += c' 769 adc r4, r4, r12 770 adds r5, r5, r9 @ d += d' 771 adc r6, r6, r10 772 773 bic r0, r5, field_not_M @ u6 = d & M 774 mov r5, r5, lsr #26 @ d >>= 26 775 orr r5, r5, r6, asl #6 776 mov r6, r6, lsr #26 777 movw r14, field_R0 @ c += u6 * R0 778 umlal r3, r4, r0, r14 779 bic r14, r3, field_not_M @ t6 = c & M 780 str r14, [sp, #4 + 6*4] 781 mov r3, r3, lsr #26 @ c >>= 26 782 orr r3, r3, r4, asl #6 783 mov r4, r4, lsr #26 784 mov r14, field_R1 @ c += u6 * R1 785 umlal r3, r4, r0, r14 786 787 /* I interleaved with J */ 788 ldr r7, [r1, #0*4] @ a[0]*2 789 ldr r0, [r1, #1*4] @ a[1]*2 790 mov r7, r7, asl #1 791 ldr r8, [r1, #7*4] @ a[7] 792 ldr r2, [r1, #8*4] @ a[8] 793 umlal r3, r4, r7, r8 @ c += a[0]*2 * a[7] 794 ldr r14, [r1, #6*4] @ a[6] 795 mov r0, r0, asl #1 796 umull r11, r12, r7, r2 @ c' = a[0]*2 * a[8] 797 ldr r7, [r1, #2*4] @ a[2]*2 798 umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[7] 799 ldr r8, [r1, #5*4] @ a[5] 800 umlal r3, r4, r0, r14 @ c += a[1]*2 * a[6] 801 ldr r0, [r1, #3*4] @ a[3]*2 802 mov r7, r7, asl #1 803 umlal r11, r12, r7, r14 @ c' += a[2]*2 * a[6] 804 ldr r14, [r1, #4*4] @ a[4] 805 mov r0, r0, asl #1 806 umlal r3, r4, r7, r8 @ c += a[2]*2 * a[5] 807 mov r2, r2, asl #1 @ a[8]*2 808 umlal r11, r12, r0, r8 @ c' += a[3]*2 * a[5] 809 umlal r3, r4, r0, r14 @ c += a[3]*2 * a[4] 810 umlal r11, r12, r14, r14 @ c' += a[4] * a[4] 811 ldr r8, [r1, #9*4] @ a[9] 812 umlal r5, r6, r2, r8 @ d += a[8]*2 * a[9] 813 @ r8 will be used in J 814 815 bic r0, r5, field_not_M @ u7 = d & M 816 mov r5, r5, lsr #26 @ d >>= 26 817 orr r5, r5, r6, asl #6 818 mov r6, r6, lsr #26 819 movw r14, field_R0 @ c += u7 * R0 820 umlal r3, r4, r0, r14 821 bic r14, r3, field_not_M @ t7 = c & M 822 str r14, [sp, #4 + 7*4] 823 mov r3, r3, lsr #26 @ c >>= 26 824 orr r3, r3, r4, asl #6 825 mov r4, r4, lsr #26 826 mov r14, field_R1 @ c += u7 * R1 827 umlal r3, r4, r0, r14 828 829 /* J */ 830 adds r3, r3, r11 @ c += c' 831 adc r4, r4, r12 832 umlal r5, r6, r8, r8 @ d += a[9] * a[9] 833 834 bic r0, r5, field_not_M @ u8 = d & M 835 str r0, [sp, #4 + 8*4] 836 mov r5, r5, lsr #26 @ d >>= 26 837 orr r5, r5, r6, asl #6 838 mov r6, r6, lsr #26 839 movw r14, field_R0 @ c += u8 * R0 840 umlal r3, r4, r0, r14 841 842 /****************************************** 843 * compute and write back result 844 ****************************************** 845 Allocation: 846 r0 r 847 r3:r4 c 848 r5:r6 d 849 r7 t0 850 r8 t1 851 r9 t2 852 r11 u8 853 r12 t9 854 r1,r2,r10,r14 scratch 855 856 Note: do not read from a[] after here, it may overlap with r[] 857 */ 858 ldr r0, [sp, #0] 859 add r1, sp, #4 + 3*4 @ r[3..7] = t3..7, r11=u8, r12=t9 860 ldmia r1, {r2,r7,r8,r9,r10,r11,r12} 861 add r1, r0, #3*4 862 stmia r1, {r2,r7,r8,r9,r10} 863 864 bic r2, r3, field_not_M @ r[8] = c & M 865 str r2, [r0, #8*4] 866 mov r3, r3, lsr #26 @ c >>= 26 867 orr r3, r3, r4, asl #6 868 mov r4, r4, lsr #26 869 mov r14, field_R1 @ c += u8 * R1 870 umlal r3, r4, r11, r14 871 movw r14, field_R0 @ c += d * R0 872 umlal r3, r4, r5, r14 873 adds r3, r3, r12 @ c += t9 874 adc r4, r4, #0 875 876 add r1, sp, #4 + 0*4 @ r7,r8,r9 = t0,t1,t2 877 ldmia r1, {r7,r8,r9} 878 879 ubfx r2, r3, #0, #22 @ r[9] = c & (M >> 4) 880 str r2, [r0, #9*4] 881 mov r3, r3, lsr #22 @ c >>= 22 882 orr r3, r3, r4, asl #10 883 mov r4, r4, lsr #22 884 movw r14, field_R1 << 4 @ c += d * (R1 << 4) 885 umlal r3, r4, r5, r14 886 887 movw r14, field_R0 >> 4 @ d = c * (R0 >> 4) + t0 (64x64 multiply+add) 888 umull r5, r6, r3, r14 @ d = c.lo * (R0 >> 4) 889 adds r5, r5, r7 @ d.lo += t0 890 mla r6, r14, r4, r6 @ d.hi += c.hi * (R0 >> 4) 891 adc r6, r6, 0 @ d.hi += carry 892 893 bic r2, r5, field_not_M @ r[0] = d & M 894 str r2, [r0, #0*4] 895 896 mov r5, r5, lsr #26 @ d >>= 26 897 orr r5, r5, r6, asl #6 898 mov r6, r6, lsr #26 899 900 movw r14, field_R1 >> 4 @ d += c * (R1 >> 4) + t1 (64x64 multiply+add) 901 umull r1, r2, r3, r14 @ tmp = c.lo * (R1 >> 4) 902 adds r5, r5, r8 @ d.lo += t1 903 adc r6, r6, #0 @ d.hi += carry 904 adds r5, r5, r1 @ d.lo += tmp.lo 905 mla r2, r14, r4, r2 @ tmp.hi += c.hi * (R1 >> 4) 906 adc r6, r6, r2 @ d.hi += carry + tmp.hi 907 908 bic r2, r5, field_not_M @ r[1] = d & M 909 str r2, [r0, #1*4] 910 mov r5, r5, lsr #26 @ d >>= 26 (ignore hi) 911 orr r5, r5, r6, asl #6 912 913 add r5, r5, r9 @ d += t2 914 str r5, [r0, #2*4] @ r[2] = d 915 916 add sp, sp, #48 917 ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} 918 .size secp256k1_fe_sqr_inner, .-secp256k1_fe_sqr_inner 919