--- /dev/null
+/* Copyright (c) 2014 Cryptography Research, Inc.
+ * Released under the MIT License. See LICENSE.txt for license information.
+ */
+
+#include "f_field.h"
+
+static __inline__ uint64x2_t __attribute__((gnu_inline,always_inline,unused))
+xx_vaddup_u64(uint64x2_t x) {
+ __asm__ ("vadd.s64 %f0, %e0" : "+w"(x));
+ return x;
+}
+
+static __inline__ int64x2_t __attribute__((gnu_inline,always_inline,unused))
+vrev128_s64(int64x2_t x) {
+ __asm__ ("vswp.s64 %e0, %f0" : "+w"(x));
+ return x;
+}
+
+static __inline__ uint64x2_t __attribute__((gnu_inline,always_inline))
+vrev128_u64(uint64x2_t x) {
+ __asm__ ("vswp.s64 %e0, %f0" : "+w"(x));
+ return x;
+}
+
+static inline void __attribute__((gnu_inline,always_inline,unused))
+smlal (
+ uint64_t *acc,
+ const uint32_t a,
+ const uint32_t b
+) {
+ *acc += (int64_t)(int32_t)a * (int64_t)(int32_t)b;
+}
+
+static inline void __attribute__((gnu_inline,always_inline,unused))
+smlal2 (
+ uint64_t *acc,
+ const uint32_t a,
+ const uint32_t b
+) {
+ *acc += (int64_t)(int32_t)a * (int64_t)(int32_t)b * 2;
+}
+
+static inline void __attribute__((gnu_inline,always_inline,unused))
+smull (
+ uint64_t *acc,
+ const uint32_t a,
+ const uint32_t b
+) {
+ *acc = (int64_t)(int32_t)a * (int64_t)(int32_t)b;
+}
+
+static inline void __attribute__((gnu_inline,always_inline,unused))
+smull2 (
+ uint64_t *acc,
+ const uint32_t a,
+ const uint32_t b
+) {
+ *acc = (int64_t)(int32_t)a * (int64_t)(int32_t)b * 2;
+}
+
+void gf_mul (gf_s *__restrict__ cs, const gf as, const gf bs) {
+ #define _bl0 "q0"
+ #define _bl0_0 "d0"
+ #define _bl0_1 "d1"
+ #define _bh0 "q1"
+ #define _bh0_0 "d2"
+ #define _bh0_1 "d3"
+ #define _bs0 "q2"
+ #define _bs0_0 "d4"
+ #define _bs0_1 "d5"
+ #define _bl2 "q3"
+ #define _bl2_0 "d6"
+ #define _bl2_1 "d7"
+ #define _bh2 "q4"
+ #define _bh2_0 "d8"
+ #define _bh2_1 "d9"
+ #define _bs2 "q5"
+ #define _bs2_0 "d10"
+ #define _bs2_1 "d11"
+
+ #define _as0 "q6"
+ #define _as0_0 "d12"
+ #define _as0_1 "d13"
+ #define _as2 "q7"
+ #define _as2_0 "d14"
+ #define _as2_1 "d15"
+ #define _al0 "q8"
+ #define _al0_0 "d16"
+ #define _al0_1 "d17"
+ #define _ah0 "q9"
+ #define _ah0_0 "d18"
+ #define _ah0_1 "d19"
+ #define _al2 "q10"
+ #define _al2_0 "d20"
+ #define _al2_1 "d21"
+ #define _ah2 "q11"
+ #define _ah2_0 "d22"
+ #define _ah2_1 "d23"
+
+ #define _a0a "q12"
+ #define _a0a_0 "d24"
+ #define _a0a_1 "d25"
+ #define _a0b "q13"
+ #define _a0b_0 "d26"
+ #define _a0b_1 "d27"
+ #define _a1a "q14"
+ #define _a1a_0 "d28"
+ #define _a1a_1 "d29"
+ #define _a1b "q15"
+ #define _a1b_0 "d30"
+ #define _a1b_1 "d31"
+ #define VMAC(op,result,a,b,n) #op" "result", "a", "b"[" #n "]\n\t"
+ #define VOP3(op,result,a,b) #op" "result", "a", "b"\n\t"
+ #define VOP2(op,result,a) #op" "result", "a"\n\t"
+
+ int32x2_t *vc = (int32x2_t*) cs->limb;
+
+ __asm__ __volatile__(
+
+ "vld2.32 {"_al0_0","_al0_1","_ah0_0","_ah0_1"}, [%[a],:128]!" "\n\t"
+ VOP3(vadd.i32,_as0,_al0,_ah0)
+
+ "vld2.32 {"_bl0_0","_bl0_1","_bh0_0","_bh0_1"}, [%[b],:128]!" "\n\t"
+ VOP3(vadd.i32,_bs0_1,_bl0_1,_bh0_1)
+ VOP3(vsub.i32,_bs0_0,_bl0_0,_bh0_0)
+
+ "vld2.32 {"_bl2_0","_bl2_1","_bh2_0","_bh2_1"}, [%[b],:128]!" "\n\t"
+ VOP3(vadd.i32,_bs2,_bl2,_bh2)
+
+ "vld2.32 {"_al2_0","_al2_1","_ah2_0","_ah2_1"}, [%[a],:128]!" "\n\t"
+ VOP3(vadd.i32,_as2,_al2,_ah2)
+
+ VMAC(vmull.s32,_a0b,_as0_1,_bs2_1,0)
+ VMAC(vmlal.s32,_a0b,_as2_0,_bs2_0,0)
+ VMAC(vmlal.s32,_a0b,_as2_1,_bs0_1,0)
+ VMAC(vmlal.s32,_a0b,_as0_0,_bh0_0,0)
+
+ VMAC(vmull.s32,_a1b,_as0_1,_bs2_1,1)
+ VMAC(vmlal.s32,_a1b,_as2_0,_bs2_0,1)
+ VMAC(vmlal.s32,_a1b,_as2_1,_bs0_1,1)
+ VMAC(vmlal.s32,_a1b,_as0_0,_bh0_0,1)
+
+ VOP2(vmov,_a0a,_a0b)
+ VMAC(vmlal.s32,_a0a,_ah0_1,_bh2_1,0)
+ VMAC(vmlal.s32,_a0a,_ah2_0,_bh2_0,0)
+ VMAC(vmlal.s32,_a0a,_ah2_1,_bh0_1,0)
+ VMAC(vmlal.s32,_a0a,_ah0_0,_bl0_0,0)
+
+ VMAC(vmlsl.s32,_a0b,_al0_1,_bl2_1,0)
+ VMAC(vmlsl.s32,_a0b,_al2_0,_bl2_0,0)
+ VMAC(vmlsl.s32,_a0b,_al2_1,_bl0_1,0)
+ VMAC(vmlal.s32,_a0b,_al0_0,_bs0_0,0)
+
+ VOP2(vmov,_a1a,_a1b)
+ VMAC(vmlal.s32,_a1a,_ah0_1,_bh2_1,1)
+ VMAC(vmlal.s32,_a1a,_ah2_0,_bh2_0,1)
+ VMAC(vmlal.s32,_a1a,_ah2_1,_bh0_1,1)
+ VMAC(vmlal.s32,_a1a,_ah0_0,_bl0_0,1)
+
+ VOP2(vswp,_a0b_1,_a0a_0)
+
+ VMAC(vmlsl.s32,_a1b,_al0_1,_bl2_1,1)
+ VMAC(vmlsl.s32,_a1b,_al2_0,_bl2_0,1)
+ VMAC(vmlsl.s32,_a1b,_al2_1,_bl0_1,1)
+ VMAC(vmlal.s32,_a1b,_al0_0,_bs0_0,1)
+
+ VOP3(vsra.u64,_a0a,_a0b,"#28")
+ VOP3(vsub.i32,_bs0_1,_bl0_1,_bh0_1)
+ VOP2(vmovn.i64,_a0b_0,_a0b)
+
+ VOP2(vswp,_a1b_1,_a1a_0)
+ VOP3(vadd.i64,_a1b,_a0a,_a1b)
+
+
+ VMAC(vmull.s32,_a0a,_as2_0,_bs2_1,0)
+ VOP2(vmovn.i64,_a0b_1,_a1b)
+ VMAC(vmlal.s32,_a0a,_as2_1,_bs2_0,0)
+ VOP3(vsra.u64,_a1a,_a1b,"#28")
+ VMAC(vmlal.s32,_a0a,_as0_0,_bh0_1,0)
+ VOP2(vbic.i32,_a0b,"#0xf0000000")
+ VMAC(vmlal.s32,_a0a,_as0_1,_bh0_0,0)
+ "vstmia %[c]!, {"_a0b_0", "_a0b_1"}" "\n\t"
+
+ VMAC(vmull.s32,_a1b,_as2_0,_bs2_1,1)
+ VMAC(vmlal.s32,_a1b,_as2_1,_bs2_0,1)
+ VMAC(vmlal.s32,_a1b,_as0_0,_bh0_1,1)
+ VMAC(vmlal.s32,_a1b,_as0_1,_bh0_0,1)
+
+ VOP2(vmov,_a0b_1,_a0a_1)
+ VOP3(vadd.i64,_a0b_0,_a0a_0,_a1a_0)
+ VOP3(vadd.i64,_a0a_0,_a0a_0,_a1a_1)
+ VMAC(vmlal.s32,_a0a,_ah2_0,_bh2_1,0)
+ VMAC(vmlal.s32,_a0a,_ah2_1,_bh2_0,0)
+ VMAC(vmlal.s32,_a0a,_ah0_0,_bl0_1,0)
+ VMAC(vmlal.s32,_a0a,_ah0_1,_bl0_0,0)
+
+ VMAC(vmlsl.s32,_a0b,_al2_0,_bl2_1,0)
+ VMAC(vmlsl.s32,_a0b,_al2_1,_bl2_0,0)
+ VMAC(vmlal.s32,_a0b,_al0_0,_bs0_1,0)
+ VMAC(vmlal.s32,_a0b,_al0_1,_bs0_0,0)
+
+ VOP2(vmov,_a1a,_a1b)
+ VMAC(vmlal.s32,_a1a,_ah2_0,_bh2_1,1)
+ VMAC(vmlal.s32,_a1a,_ah2_1,_bh2_0,1)
+ VMAC(vmlal.s32,_a1a,_ah0_0,_bl0_1,1)
+ VMAC(vmlal.s32,_a1a,_ah0_1,_bl0_0,1)
+
+ VOP2(vswp,_a0b_1,_a0a_0)
+
+ VMAC(vmlsl.s32,_a1b,_al2_0,_bl2_1,1)
+ VMAC(vmlsl.s32,_a1b,_al2_1,_bl2_0,1)
+ VMAC(vmlal.s32,_a1b,_al0_0,_bs0_1,1)
+ VMAC(vmlal.s32,_a1b,_al0_1,_bs0_0,1)
+
+ VOP3(vsra.u64,_a0a,_a0b,"#28")
+ VOP3(vsub.i32,_bs2_0,_bl2_0,_bh2_0)
+ VOP2(vmovn.i64,_a0b_0,_a0b)
+
+ VOP2(vswp,_a1b_1,_a1a_0)
+ VOP3(vadd.i64,_a1b,_a0a,_a1b)
+
+ VMAC(vmull.s32,_a0a,_as2_1,_bs2_1,0)
+ VOP2(vmovn.i64,_a0b_1,_a1b)
+ VMAC(vmlal.s32,_a0a,_as0_0,_bh2_0,0)
+ VOP3(vsra.u64,_a1a,_a1b,"#28")
+ VMAC(vmlal.s32,_a0a,_as0_1,_bh0_1,0)
+ VOP2(vbic.i32,_a0b,"#0xf0000000")
+ VMAC(vmlal.s32,_a0a,_as2_0,_bh0_0,0)
+ "vstmia %[c]!, {"_a0b_0", "_a0b_1"}" "\n\t"
+
+ VMAC(vmull.s32,_a1b,_as2_1,_bs2_1,1)
+ VMAC(vmlal.s32,_a1b,_as0_0,_bh2_0,1)
+ VMAC(vmlal.s32,_a1b,_as0_1,_bh0_1,1)
+ VMAC(vmlal.s32,_a1b,_as2_0,_bh0_0,1)
+
+ VOP2(vmov,_a0b_1,_a0a_1)
+ VOP3(vadd.i64,_a0b_0,_a0a_0,_a1a_0)
+ VOP3(vadd.i64,_a0a_0,_a0a_0,_a1a_1)
+ VMAC(vmlal.s32,_a0a,_ah2_1,_bh2_1,0)
+ VMAC(vmlal.s32,_a0a,_ah0_0,_bl2_0,0)
+ VMAC(vmlal.s32,_a0a,_ah0_1,_bl0_1,0)
+ VMAC(vmlal.s32,_a0a,_ah2_0,_bl0_0,0)
+
+ VMAC(vmlsl.s32,_a0b,_al2_1,_bl2_1,0)
+ VMAC(vmlal.s32,_a0b,_al0_0,_bs2_0,0)
+ VMAC(vmlal.s32,_a0b,_al0_1,_bs0_1,0)
+ VMAC(vmlal.s32,_a0b,_al2_0,_bs0_0,0)
+
+ VOP2(vmov,_a1a,_a1b)
+ VMAC(vmlal.s32,_a1a,_ah2_1,_bh2_1,1)
+ VMAC(vmlal.s32,_a1a,_ah0_0,_bl2_0,1)
+ VMAC(vmlal.s32,_a1a,_ah0_1,_bl0_1,1)
+ VMAC(vmlal.s32,_a1a,_ah2_0,_bl0_0,1)
+
+ VOP2(vswp,_a0b_1,_a0a_0)
+
+ VMAC(vmlsl.s32,_a1b,_al2_1,_bl2_1,1)
+ VMAC(vmlal.s32,_a1b,_al0_0,_bs2_0,1)
+ VMAC(vmlal.s32,_a1b,_al0_1,_bs0_1,1)
+ VMAC(vmlal.s32,_a1b,_al2_0,_bs0_0,1)
+
+ VOP3(vsub.i32,_bs2_1,_bl2_1,_bh2_1)
+ VOP3(vsra.u64,_a0a,_a0b,"#28")
+ VOP2(vmovn.i64,_a0b_0,_a0b)
+
+ VOP2(vswp,_a1b_1,_a1a_0)
+ VOP3(vadd.i64,_a1b,_a0a,_a1b)
+
+ VMAC(vmull.s32,_a0a,_as0_0,_bh2_1,0)
+ VOP2(vmovn.i64,_a0b_1,_a1b)
+ VMAC(vmlal.s32,_a0a,_as0_1,_bh2_0,0)
+ VOP3(vsra.u64,_a1a,_a1b,"#28")
+ VMAC(vmlal.s32,_a0a,_as2_0,_bh0_1,0)
+ VOP2(vbic.i32,_a0b,"#0xf0000000")
+ VMAC(vmlal.s32,_a0a,_as2_1,_bh0_0,0)
+ "vstmia %[c]!, {"_a0b_0", "_a0b_1"}" "\n\t"
+
+ VMAC(vmull.s32,_a1b,_as0_0,_bh2_1,1)
+ VMAC(vmlal.s32,_a1b,_as0_1,_bh2_0,1)
+ VMAC(vmlal.s32,_a1b,_as2_0,_bh0_1,1)
+ VMAC(vmlal.s32,_a1b,_as2_1,_bh0_0,1)
+
+ VOP2(vmov,_a0b_1,_a0a_1)
+ VOP3(vadd.i64,_a0b_0,_a0a_0,_a1a_0)
+ VOP3(vadd.i64,_a0a_0,_a0a_0,_a1a_1)
+ VMAC(vmlal.s32,_a0a,_ah0_0,_bl2_1,0)
+ VMAC(vmlal.s32,_a0a,_ah0_1,_bl2_0,0)
+ VMAC(vmlal.s32,_a0a,_ah2_0,_bl0_1,0)
+ VMAC(vmlal.s32,_a0a,_ah2_1,_bl0_0,0)
+
+ VMAC(vmlal.s32,_a0b,_al0_0,_bs2_1,0)
+ VMAC(vmlal.s32,_a0b,_al0_1,_bs2_0,0)
+ VMAC(vmlal.s32,_a0b,_al2_0,_bs0_1,0)
+ VMAC(vmlal.s32,_a0b,_al2_1,_bs0_0,0)
+
+ VOP2(vmov,_a1a,_a1b)
+ VMAC(vmlal.s32,_a1a,_ah0_0,_bl2_1,1)
+ VMAC(vmlal.s32,_a1a,_ah0_1,_bl2_0,1)
+ VMAC(vmlal.s32,_a1a,_ah2_0,_bl0_1,1)
+ VMAC(vmlal.s32,_a1a,_ah2_1,_bl0_0,1)
+
+ VOP2(vswp,_a0b_1,_a0a_0)
+
+ VMAC(vmlal.s32,_a1b,_al0_0,_bs2_1,1)
+ VMAC(vmlal.s32,_a1b,_al0_1,_bs2_0,1)
+ VMAC(vmlal.s32,_a1b,_al2_0,_bs0_1,1)
+ VMAC(vmlal.s32,_a1b,_al2_1,_bs0_0,1)
+
+ VOP3(vsra.u64,_a0a,_a0b,"#28")
+ VOP2(vmovn.i64,_a0b_0,_a0b)
+
+ VOP2(vswp,_a1b_1,_a1a_0)
+ VOP3(vadd.i64,_a0a,_a0a,_a1b)
+
+ VOP2(vmovn.i64,_a0b_1,_a0a)
+ VOP3(vsra.u64,_a1a,_a0a,"#28")
+
+ VOP2(vbic.i32,_a0b,"#0xf0000000")
+
+ VOP2(vswp,_a1a_0,_a1a_1)
+
+ "vstmia %[c]!, {"_a0b_0", "_a0b_1"}" "\n\t"
+ "sub %[c], #64" "\n\t"
+
+ VOP3(vadd.i64,_a1a_1,_a1a_1,_a1a_0)
+
+ "vldmia %[c], {"_a0a_0", "_a0a_1", "_a0b_0"}" "\n\t"
+ VOP2(vaddw.s32,_a1a,_a0a_0)
+ VOP2(vmovn.i64,_a0a_0,_a1a)
+ VOP2(vshr.s64,_a1a,"#28")
+
+ VOP2(vaddw.s32,_a1a,_a0a_1)
+ VOP2(vmovn.i64,_a0a_1,_a1a)
+ VOP2(vshr.s64,_a1a,"#28")
+
+ VOP2(vbic.i32,_a0a,"#0xf0000000")
+
+ VOP2(vaddw.s32,_a1a,_a0b_0)
+ VOP2(vmovn.i64,_a0b_0,_a1a)
+
+ "vstmia %[c], {"_a0a_0", "_a0a_1", "_a0b_0"}" "\n\t"
+
+ : [a]"+r"(as)
+ , [b]"+r"(bs)
+ , [c]"+r"(vc)
+
+ :: "q0","q1","q2","q3",
+ "q4","q5","q6","q7",
+ "q8","q9","q10","q11",
+ "q12","q13","q14","q15",
+ "memory"
+ );
+}
+
+void gf_sqr (gf_s *__restrict__ cs, const gf bs) {
+ int32x2_t *vc = (int32x2_t*) cs->limb;
+
+ __asm__ __volatile__ (
+ "vld2.32 {"_bl0_0","_bl0_1","_bh0_0","_bh0_1"}, [%[b],:128]!" "\n\t"
+ VOP3(vadd.i32,_bs0_1,_bl0_1,_bh0_1) /* 0 .. 2^30 */
+ VOP3(vsub.i32,_bs0_0,_bl0_0,_bh0_0) /* +- 2^29 */
+ VOP3(vadd.i32,_as0,_bl0,_bh0) /* 0 .. 2^30 */
+
+ "vld2.32 {"_bl2_0","_bl2_1","_bh2_0","_bh2_1"}, [%[b],:128]!" "\n\t"
+ VOP3(vadd.i32,_bs2,_bl2,_bh2) /* 0 .. 2^30 */
+ VOP2(vmov,_as2,_bs2)
+
+ VMAC(vqdmull.s32,_a0b,_as0_1,_bs2_1,0) /* 0 .. 8 * 2^58. danger for vqdmlal is 32 */
+ VMAC(vmlal.s32,_a0b,_as2_0,_bs2_0,0) /* 0 .. 12 */
+ VMAC(vmlal.s32,_a0b,_as0_0,_bh0_0,0) /* 0 .. 14 */
+
+ VMAC(vqdmull.s32,_a1b,_as0_1,_bs2_1,1) /* 0 .. 8 */
+ VMAC(vmlal.s32,_a1b,_as2_0,_bs2_0,1) /* 0 .. 14 */
+ VMAC(vmlal.s32,_a1b,_as0_0,_bh0_0,1) /* 0 .. 16 */
+
+ VOP2(vmov,_a0a,_a0b) /* 0 .. 14 */
+ VMAC(vqdmlal.s32,_a0a,_bh0_1,_bh2_1,0) /* 0 .. 16 */
+ VMAC(vmlal.s32,_a0a,_bh2_0,_bh2_0,0) /* 0 .. 17 */
+ VMAC(vmlal.s32,_a0a,_bh0_0,_bl0_0,0) /* 0 .. 18 */
+
+ VMAC(vqdmlsl.s32,_a0b,_bl0_1,_bl2_1,0) /*-2 .. 14 */
+ VMAC(vmlsl.s32,_a0b,_bl2_0,_bl2_0,0) /*-3 .. 14 */
+ VMAC(vmlal.s32,_a0b,_bl0_0,_bs0_0,0) /*-4 .. 15 */
+
+ VOP2(vmov,_a1a,_a1b)
+ VMAC(vqdmlal.s32,_a1a,_bh0_1,_bh2_1,1) /* 0 .. 18 */
+ VMAC(vmlal.s32,_a1a,_bh2_0,_bh2_0,1) /* 0 .. 19 */
+ VMAC(vmlal.s32,_a1a,_bh0_0,_bl0_0,1) /* 0 .. 20 */
+
+ VOP2(vswp,_a0b_1,_a0a_0)
+
+ VMAC(vqdmlsl.s32,_a1b,_bl0_1,_bl2_1,1) /*-2 .. 16 */
+ VMAC(vmlsl.s32,_a1b,_bl2_0,_bl2_0,1) /*-3 .. 16 */
+ VMAC(vmlal.s32,_a1b,_bl0_0,_bs0_0,1) /*-4 .. 17 */
+
+ VOP3(vsra.u64,_a0a,_a0b,"#28")
+ VOP3(vsub.i32,_bs0_1,_bl0_1,_bh0_1)
+ VOP2(vmovn.i64,_a0b_0,_a0b)
+
+ VOP2(vswp,_a1b_1,_a1a_0)
+ VOP3(vadd.i64,_a1b,_a0a,_a1b)
+
+
+ VMAC(vqdmull.s32,_a0a,_as2_0,_bs2_1,0) /* 0 .. 8 */
+ VOP2(vmovn.i64,_a0b_1,_a1b)
+ VOP3(vsra.u64,_a1a,_a1b,"#28")
+ VMAC(vqdmlal.s32,_a0a,_as0_0,_bh0_1,0) /* 0 .. 12 */
+ VOP2(vbic.i32,_a0b,"#0xf0000000")
+ "vstmia %[c]!, {"_a0b_0", "_a0b_1"}" "\n\t"
+
+ VMAC(vqdmull.s32,_a1b,_as2_0,_bs2_1,1) /* 0 .. 8 */
+ VMAC(vqdmlal.s32,_a1b,_as0_0,_bh0_1,1) /* 0 .. 12 */
+
+ VOP2(vmov,_a0b,_a0a) /* 0 .. 12 */
+ VMAC(vqdmlal.s32,_a0a,_bh2_0,_bh2_1,0) /* 0 .. 14 */
+ VMAC(vqdmlal.s32,_a0a,_bh0_0,_bl0_1,0) /* 0 .. 16 */
+
+ VMAC(vqdmlsl.s32,_a0b,_bl2_0,_bl2_1,0) /*-2 .. 12 */
+ VMAC(vqdmlal.s32,_a0b,_bl0_0,_bs0_1,0) /*-4 .. 14 */
+ VOP3(vadd.i64,_a0a_0,_a0a_0,_a1a_1)
+ VOP3(vadd.i64,_a0b_0,_a0b_0,_a1a_0)
+
+ VOP2(vmov,_a1a,_a1b) /* 0 .. 12 */
+ VMAC(vqdmlal.s32,_a1a,_bh2_0,_bh2_1,1) /* 0 .. 14 */
+ VMAC(vqdmlal.s32,_a1a,_bh0_0,_bl0_1,1) /* 0 .. 16 */
+
+ VOP2(vswp,_a0b_1,_a0a_0)
+
+ VMAC(vqdmlsl.s32,_a1b,_bl2_0,_bl2_1,1) /*-2 .. 12 */
+ VMAC(vqdmlal.s32,_a1b,_bl0_0,_bs0_1,1) /*-4 .. 14 */
+
+ VOP3(vsra.u64,_a0a,_a0b,"#28")
+ VOP3(vsub.i32,_bs2_0,_bl2_0,_bh2_0)
+ VOP2(vmovn.i64,_a0b_0,_a0b)
+
+ VOP2(vswp,_a1b_1,_a1a_0)
+ VOP3(vadd.i64,_a1b,_a0a,_a1b)
+
+ VMAC(vmull.s32,_a0a,_as2_1,_bs2_1,0)
+ VOP2(vmovn.i64,_a0b_1,_a1b)
+ VMAC(vqdmlal.s32,_a0a,_as0_0,_bh2_0,0)
+ VOP3(vsra.u64,_a1a,_a1b,"#28")
+ VMAC(vmlal.s32,_a0a,_as0_1,_bh0_1,0)
+ VOP2(vbic.i32,_a0b,"#0xf0000000")
+ "vstmia %[c]!, {"_a0b_0", "_a0b_1"}" "\n\t"
+
+ VMAC(vmull.s32,_a1b,_as2_1,_bs2_1,1)
+ VMAC(vqdmlal.s32,_a1b,_as0_0,_bh2_0,1)
+ VMAC(vmlal.s32,_a1b,_as0_1,_bh0_1,1)
+
+ VOP2(vmov,_a0b_1,_a0a_1)
+ VOP3(vadd.i64,_a0b_0,_a0a_0,_a1a_0)
+ VOP3(vadd.i64,_a0a_0,_a0a_0,_a1a_1)
+ VMAC(vmlal.s32,_a0a,_bh2_1,_bh2_1,0)
+ VMAC(vqdmlal.s32,_a0a,_bh0_0,_bl2_0,0)
+ VMAC(vmlal.s32,_a0a,_bh0_1,_bl0_1,0)
+
+ VMAC(vmlsl.s32,_a0b,_bl2_1,_bl2_1,0)
+ VMAC(vqdmlal.s32,_a0b,_bl0_0,_bs2_0,0)
+ VMAC(vmlal.s32,_a0b,_bl0_1,_bs0_1,0)
+
+ VOP2(vmov,_a1a,_a1b)
+ VMAC(vmlal.s32,_a1a,_bh2_1,_bh2_1,1)
+ VMAC(vqdmlal.s32,_a1a,_bh0_0,_bl2_0,1)
+ VMAC(vmlal.s32,_a1a,_bh0_1,_bl0_1,1)
+
+ VOP2(vswp,_a0b_1,_a0a_0)
+
+ VMAC(vmlsl.s32,_a1b,_bl2_1,_bl2_1,1)
+ VMAC(vqdmlal.s32,_a1b,_bl0_0,_bs2_0,1)
+ VMAC(vmlal.s32,_a1b,_bl0_1,_bs0_1,1)
+
+ VOP3(vsub.i32,_bs2_1,_bl2_1,_bh2_1)
+ VOP3(vsra.u64,_a0a,_a0b,"#28")
+ VOP2(vmovn.i64,_a0b_0,_a0b)
+
+ VOP2(vswp,_a1b_1,_a1a_0)
+ VOP3(vadd.i64,_a1b,_a0a,_a1b)
+
+ VMAC(vqdmull.s32,_a0a,_as0_0,_bh2_1,0)
+ VOP2(vmovn.i64,_a0b_1,_a1b)
+ VOP3(vsra.u64,_a1a,_a1b,"#28")
+ VMAC(vqdmlal.s32,_a0a,_as2_0,_bh0_1,0)
+ VOP2(vbic.i32,_a0b,"#0xf0000000")
+ "vstmia %[c]!, {"_a0b_0", "_a0b_1"}" "\n\t"
+
+ VMAC(vqdmull.s32,_a1b,_as0_0,_bh2_1,1)
+ VMAC(vqdmlal.s32,_a1b,_as2_0,_bh0_1,1)
+
+ VOP2(vmov,_a0b_1,_a0a_1)
+ VOP3(vadd.i64,_a0b_0,_a0a_0,_a1a_0)
+ VOP3(vadd.i64,_a0a_0,_a0a_0,_a1a_1)
+ VMAC(vqdmlal.s32,_a0a,_bh0_0,_bl2_1,0)
+ VMAC(vqdmlal.s32,_a0a,_bh2_0,_bl0_1,0)
+
+ VMAC(vqdmlal.s32,_a0b,_bl0_0,_bs2_1,0)
+ VMAC(vqdmlal.s32,_a0b,_bl2_0,_bs0_1,0)
+
+ VOP2(vmov,_a1a,_a1b)
+ VMAC(vqdmlal.s32,_a1a,_bh0_0,_bl2_1,1)
+ VMAC(vqdmlal.s32,_a1a,_bh2_0,_bl0_1,1)
+
+ VOP2(vswp,_a0b_1,_a0a_0)
+
+ VMAC(vqdmlal.s32,_a1b,_bl0_0,_bs2_1,1)
+ VMAC(vqdmlal.s32,_a1b,_bl2_0,_bs0_1,1)
+
+ VOP3(vsra.u64,_a0a,_a0b,"#28")
+ VOP2(vmovn.i64,_a0b_0,_a0b)
+
+ VOP2(vswp,_a1b_1,_a1a_0)
+ VOP3(vadd.i64,_a0a,_a0a,_a1b)
+
+ VOP2(vmovn.i64,_a0b_1,_a0a)
+ VOP3(vsra.u64,_a1a,_a0a,"#28")
+
+ VOP2(vbic.i32,_a0b,"#0xf0000000")
+
+ VOP2(vswp,_a1a_0,_a1a_1)
+
+ "vstmia %[c]!, {"_a0b_0", "_a0b_1"}" "\n\t"
+ "sub %[c], #64" "\n\t"
+
+ VOP3(vadd.i64,_a1a_1,_a1a_1,_a1a_0)
+
+ "vldmia %[c], {"_a0a_0", "_a0a_1", "_a0b_0"}" "\n\t"
+ VOP2(vaddw.s32,_a1a,_a0a_0)
+ VOP2(vmovn.i64,_a0a_0,_a1a)
+ VOP2(vshr.s64,_a1a,"#28")
+
+ VOP2(vaddw.s32,_a1a,_a0a_1)
+ VOP2(vmovn.i64,_a0a_1,_a1a)
+ VOP2(vshr.s64,_a1a,"#28")
+
+ VOP2(vbic.i32,_a0a,"#0xf0000000")
+
+ VOP2(vaddw.s32,_a1a,_a0b_0)
+ VOP2(vmovn.i64,_a0b_0,_a1a)
+
+ "vstmia %[c], {"_a0a_0", "_a0a_1", "_a0b_0"}" "\n\t"
+
+ : [b]"+r"(bs)
+ , [c]"+r"(vc)
+
+ :: "q0","q1","q2","q3",
+ "q4","q5","q6","q7",
+ "q12","q13","q14","q15",
+ "memory"
+ );
+}
+
+void gf_mulw_unsigned (gf_s *__restrict__ cs, const gf as, uint32_t b) {
+ uint32x2_t vmask = {(1<<28) - 1, (1<<28)-1};
+ assert(b<(1<<28));
+
+ uint64x2_t accum;
+ const uint32x2_t *va = (const uint32x2_t *) as->limb;
+ uint32x2_t *vo = (uint32x2_t *) cs->limb;
+ uint32x2_t vc, vn;
+ uint32x2_t vb = {b, 0};
+
+ vc = va[0];
+ accum = vmull_lane_u32(vc, vb, 0);
+ vo[0] = vmovn_u64(accum) & vmask;
+ accum = vshrq_n_u64(accum,28);
+
+ /* PERF: the right way to do this is to reduce behind, i.e.
+ * vmull + vmlal round 0
+ * vmull + vmlal round 1
+ * vmull + vmlal round 2
+ * vsraq round 0, 1
+ * vmull + vmlal round 3
+ * vsraq round 1, 2
+ * ...
+ */
+
+ int i;
+ for (i=1; i<8; i++) {
+ vn = va[i];
+ accum = vmlal_lane_u32(accum, vn, vb, 0);
+ vo[i] = vmovn_u64(accum) & vmask;
+ accum = vshrq_n_u64(accum,28);
+ vc = vn;
+ }
+
+ accum = xx_vaddup_u64(vrev128_u64(accum));
+ accum = vaddw_u32(accum, vo[0]);
+ vo[0] = vmovn_u64(accum) & vmask;
+
+ accum = vshrq_n_u64(accum,28);
+ vo[1] += vmovn_u64(accum);
+}
projects / openssl.git / blobdiff