3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
12 # Montgomery multiplication for ARMv4.
14 # Performance improvement naturally varies among CPU implementations
15 # and compilers. The code was observed to provide +65-35% improvement
16 # [depending on key length, less for longer keys] on ARM920T, and
17 # +115-80% on Intel IXP425. This is compared to pre-bn_mul_mont code
18 # base and compiler generated code with in-lined umull and even umlal
19 # instructions. The latter means that this code didn't really have an
20 # "advantage" of utilizing some "secret" instruction.
22 # The code is interoperable with Thumb ISA and is rather compact, less
23 # than 1/2KB. Windows CE port would be trivial, as it's exclusively
24 # about decorations, ABI and instruction syntax are identical.
28 # Add NEON code path, which handles lengths divisible by 8. RSA/DSA
29 # performance improvement on Cortex-A8 is ~45-100% depending on key
30 # length, more for longer keys. On Cortex-A15 the span is ~10-105%.
31 # On Snapdragon S4 improvement was measured to vary from ~70% to
32 # incredible ~380%, yes, 4.8x faster, for RSA4096 sign. But this is
33 # rather because original integer-only code seems to perform
34 # suboptimally on S4. Situation on Cortex-A9 is unfortunately
35 # different. It's being looked into, but the trouble is that
36 # performance for vectors longer than 256 bits is actually couple
37 # of percent worse than for integer-only code. The code is chosen
38 # for execution on all NEON-capable processors, because gain on
39 # others outweighs the marginal loss on Cortex-A9.
42 if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
43 else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} }
45 if ($flavour && $flavour ne "void") {
46 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
47 ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
48 ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
49 die "can't locate arm-xlate.pl";
51 open STDOUT,"| \"$^X\" $xlate $flavour $output";
53 open STDOUT,">$output";
56 $num="r0"; # starts as num argument, but holds &tp[num-1]
58 $bp="r2"; $bi="r2"; $rp="r2";
65 ########### # r9 is reserved by ELF as platform specific, e.g. TLS pointer
66 $alo="r10"; # sl, gcc uses it to keep @GOT
69 ########### # r13 is stack pointer
71 ########### # r15 is program counter
73 #### argument block layout relative to &tp[num-1], a.k.a. $num
75 # ap permanently resides in r1
77 # np permanently resides in r3
79 $_num="$num,#15*4"; $_bpend=$_num;
87 #if __ARM_MAX_ARCH__>=7
90 .word OPENSSL_armcap_P-.Lbn_mul_mont
94 .type bn_mul_mont,%function
99 ldr ip,[sp,#4] @ load num
100 stmdb sp!,{r0,r2} @ sp points at argument block
101 #if __ARM_MAX_ARCH__>=7
105 ldr r2,.LOPENSSL_armcap
110 tst r0,#1 @ NEON available?
119 mov $num,ip @ load num
124 stmdb sp!,{r4-r12,lr} @ save 10 registers
126 mov $num,$num,lsl#2 @ rescale $num for byte count
127 sub sp,sp,$num @ alloca(4*num)
128 sub sp,sp,#4 @ +extra dword
129 sub $num,$num,#4 @ "num=num-1"
130 add $tp,$bp,$num @ &bp[num-1]
132 add $num,sp,$num @ $num to point at &tp[num-1]
134 ldr $bi,[$bp] @ bp[0]
135 ldr $aj,[$ap],#4 @ ap[0],ap++
136 ldr $nj,[$np],#4 @ np[0],np++
138 str $tp,[$_bpend] @ save &bp[num]
140 umull $alo,$ahi,$aj,$bi @ ap[0]*bp[0]
141 str $n0,[$_n0] @ save n0 value
142 mul $n0,$alo,$n0 @ "tp[0]"*n0
144 umlal $alo,$nlo,$nj,$n0 @ np[0]*n0+"t[0]"
148 ldr $aj,[$ap],#4 @ ap[j],ap++
150 ldr $nj,[$np],#4 @ np[j],np++
152 umlal $alo,$ahi,$aj,$bi @ ap[j]*bp[0]
154 umlal $nlo,$nhi,$nj,$n0 @ np[j]*n0
156 str $nlo,[$tp],#4 @ tp[j-1]=,tp++
162 ldr $tp,[$_bp] @ restore bp
164 ldr $n0,[$_n0] @ restore n0
166 str $nlo,[$num] @ tp[num-1]=
167 str $nhi,[$num,#4] @ tp[num]=
170 sub $tj,$num,sp @ "original" $num-1 value
171 sub $ap,$ap,$tj @ "rewind" ap to &ap[1]
172 ldr $bi,[$tp,#4]! @ *(++bp)
173 sub $np,$np,$tj @ "rewind" np to &np[1]
174 ldr $aj,[$ap,#-4] @ ap[0]
175 ldr $alo,[sp] @ tp[0]
176 ldr $nj,[$np,#-4] @ np[0]
177 ldr $tj,[sp,#4] @ tp[1]
180 umlal $alo,$ahi,$aj,$bi @ ap[0]*bp[i]+tp[0]
181 str $tp,[$_bp] @ save bp
184 umlal $alo,$nlo,$nj,$n0 @ np[0]*n0+"tp[0]"
188 ldr $aj,[$ap],#4 @ ap[j],ap++
189 adds $alo,$ahi,$tj @ +=tp[j]
190 ldr $nj,[$np],#4 @ np[j],np++
192 umlal $alo,$ahi,$aj,$bi @ ap[j]*bp[i]
194 umlal $nlo,$nhi,$nj,$n0 @ np[j]*n0
196 ldr $tj,[$tp,#8] @ tp[j+1]
198 str $nlo,[$tp],#4 @ tp[j-1]=,tp++
205 ldr $tp,[$_bp] @ restore bp
207 ldr $n0,[$_n0] @ restore n0
209 ldr $tj,[$_bpend] @ restore &bp[num]
211 str $nlo,[$num] @ tp[num-1]=
212 str $nhi,[$num,#4] @ tp[num]=
217 ldr $rp,[$_rp] @ pull rp
218 add $num,$num,#4 @ $num to point at &tp[num]
219 sub $aj,$num,sp @ "original" num value
220 mov $tp,sp @ "rewind" $tp
221 mov $ap,$tp @ "borrow" $ap
222 sub $np,$np,$aj @ "rewind" $np to &np[0]
224 subs $tj,$tj,$tj @ "clear" carry flag
225 .Lsub: ldr $tj,[$tp],#4
227 sbcs $tj,$tj,$nj @ tp[j]-np[j]
228 str $tj,[$rp],#4 @ rp[j]=
229 teq $tp,$num @ preserve carry
231 sbcs $nhi,$nhi,#0 @ upmost carry
232 mov $tp,sp @ "rewind" $tp
233 sub $rp,$rp,$aj @ "rewind" $rp
237 orr $ap,$ap,$np @ ap=borrow?tp:rp
239 .Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh
240 str sp,[$tp],#4 @ zap tp
245 add sp,$num,#4 @ skip over tp[num+1]
246 ldmia sp!,{r4-r12,lr} @ restore registers
247 add sp,sp,#2*4 @ skip over {r0,r2}
254 moveq pc,lr @ be binary compatible with V4, yet
255 bx lr @ interoperable with Thumb ISA:-)
257 .size bn_mul_mont,.-bn_mul_mont
260 sub Dlo() { shift=~m|q([1]?[0-9])|?"d".($1*2):""; }
261 sub Dhi() { shift=~m|q([1]?[0-9])|?"d".($1*2+1):""; }
263 my ($A0,$A1,$A2,$A3)=map("d$_",(0..3));
264 my ($N0,$N1,$N2,$N3)=map("d$_",(4..7));
265 my ($Z,$Temp)=("q4","q5");
266 my ($A0xB,$A1xB,$A2xB,$A3xB,$A4xB,$A5xB,$A6xB,$A7xB)=map("q$_",(6..13));
267 my ($Bi,$Ni,$M0)=map("d$_",(28..31));
269 my $temp=&Dlo($Temp);
271 my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5));
272 my ($tinptr,$toutptr,$inner,$outer)=map("r$_",(6..9));
275 #if __ARM_MAX_ARCH__>=7
279 .type bn_mul8x_mont_neon,%function
284 vstmdb sp!,{d8-d15} @ ABI specification says so
285 ldmia ip,{r4-r5} @ load rest of parameter block
288 vld1.32 {${Bi}[0]}, [$bptr,:32]!
289 sub $toutptr,$toutptr,$num,lsl#4
290 vld1.32 {$A0-$A3}, [$aptr]! @ can't specify :32 :-(
291 and $toutptr,$toutptr,#-64
292 vld1.32 {${M0}[0]}, [$n0,:32]
293 mov sp,$toutptr @ alloca
294 veor $zero,$zero,$zero
298 vmull.u32 $A0xB,$Bi,${A0}[0]
299 vmull.u32 $A1xB,$Bi,${A0}[1]
300 vmull.u32 $A2xB,$Bi,${A1}[0]
301 vshl.i64 $temp,`&Dhi("$A0xB")`,#16
302 vmull.u32 $A3xB,$Bi,${A1}[1]
304 vadd.u64 $temp,$temp,`&Dlo("$A0xB")`
305 veor $zero,$zero,$zero
306 vmul.u32 $Ni,$temp,$M0
308 vmull.u32 $A4xB,$Bi,${A2}[0]
309 vld1.32 {$N0-$N3}, [$nptr]!
310 vmull.u32 $A5xB,$Bi,${A2}[1]
311 vmull.u32 $A6xB,$Bi,${A3}[0]
313 vmull.u32 $A7xB,$Bi,${A3}[1]
317 @ special case for num=8, everything is in register bank...
319 vmlal.u32 $A0xB,$Ni,${N0}[0]
321 vmlal.u32 $A1xB,$Ni,${N0}[1]
322 vmlal.u32 $A2xB,$Ni,${N1}[0]
323 vmlal.u32 $A3xB,$Ni,${N1}[1]
325 vmlal.u32 $A4xB,$Ni,${N2}[0]
327 vmlal.u32 $A5xB,$Ni,${N2}[1]
329 vmlal.u32 $A6xB,$Ni,${N3}[0]
331 vmlal.u32 $A7xB,$Ni,${N3}[1]
334 vshr.u64 $temp,$temp,#16
337 vadd.u64 $temp,$temp,`&Dhi("$Temp")`
340 vshr.u64 $temp,$temp,#16
346 vld1.32 {${Bi}[0]}, [$bptr,:32]!
347 veor $zero,$zero,$zero
349 vadd.u64 `&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
351 vmlal.u32 $A0xB,$Bi,${A0}[0]
352 vmlal.u32 $A1xB,$Bi,${A0}[1]
353 vmlal.u32 $A2xB,$Bi,${A1}[0]
354 vshl.i64 $temp,`&Dhi("$A0xB")`,#16
355 vmlal.u32 $A3xB,$Bi,${A1}[1]
357 vadd.u64 $temp,$temp,`&Dlo("$A0xB")`
358 veor $zero,$zero,$zero
359 subs $outer,$outer,#1
360 vmul.u32 $Ni,$temp,$M0
362 vmlal.u32 $A4xB,$Bi,${A2}[0]
363 vmlal.u32 $A5xB,$Bi,${A2}[1]
364 vmlal.u32 $A6xB,$Bi,${A3}[0]
366 vmlal.u32 $A7xB,$Bi,${A3}[1]
368 vmlal.u32 $A0xB,$Ni,${N0}[0]
369 vmlal.u32 $A1xB,$Ni,${N0}[1]
370 vmlal.u32 $A2xB,$Ni,${N1}[0]
371 vmlal.u32 $A3xB,$Ni,${N1}[1]
373 vmlal.u32 $A4xB,$Ni,${N2}[0]
375 vmlal.u32 $A5xB,$Ni,${N2}[1]
377 vmlal.u32 $A6xB,$Ni,${N3}[0]
379 vmlal.u32 $A7xB,$Ni,${N3}[1]
382 vshr.u64 $temp,$temp,#16
385 vadd.u64 $temp,$temp,`&Dhi("$Temp")`
388 vshr.u64 $temp,$temp,#16
392 vadd.u64 `&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
394 vshr.u64 $temp,`&Dlo("$A0xB")`,#16
396 vadd.u64 `&Dhi("$A0xB")`,`&Dhi("$A0xB")`,$temp
398 vshr.u64 $temp,`&Dhi("$A0xB")`,#16
399 vzip.16 `&Dlo("$A0xB")`,`&Dhi("$A0xB")`
405 vmlal.u32 $A0xB,$Ni,${N0}[0]
406 vld1.32 {$A0-$A3}, [$aptr]!
407 vmlal.u32 $A1xB,$Ni,${N0}[1]
408 subs $inner,$inner,#8
409 vmlal.u32 $A2xB,$Ni,${N1}[0]
410 vmlal.u32 $A3xB,$Ni,${N1}[1]
412 vmlal.u32 $A4xB,$Ni,${N2}[0]
413 vld1.32 {$N0-$N1}, [$nptr]!
414 vmlal.u32 $A5xB,$Ni,${N2}[1]
415 vst1.64 {$A0xB-$A1xB}, [$toutptr,:256]!
416 vmlal.u32 $A6xB,$Ni,${N3}[0]
417 vmlal.u32 $A7xB,$Ni,${N3}[1]
418 vst1.64 {$A2xB-$A3xB}, [$toutptr,:256]!
420 vmull.u32 $A0xB,$Bi,${A0}[0]
421 vld1.32 {$N2-$N3}, [$nptr]!
422 vmull.u32 $A1xB,$Bi,${A0}[1]
423 vst1.64 {$A4xB-$A5xB}, [$toutptr,:256]!
424 vmull.u32 $A2xB,$Bi,${A1}[0]
425 vmull.u32 $A3xB,$Bi,${A1}[1]
426 vst1.64 {$A6xB-$A7xB}, [$toutptr,:256]!
428 vmull.u32 $A4xB,$Bi,${A2}[0]
429 vmull.u32 $A5xB,$Bi,${A2}[1]
430 vmull.u32 $A6xB,$Bi,${A3}[0]
431 vmull.u32 $A7xB,$Bi,${A3}[1]
435 vmlal.u32 $A0xB,$Ni,${N0}[0]
437 vmlal.u32 $A1xB,$Ni,${N0}[1]
438 sub $aptr,$aptr,$num,lsl#2 @ rewind $aptr
439 vmlal.u32 $A2xB,$Ni,${N1}[0]
440 vld1.64 {$Temp}, [sp,:128]
441 vmlal.u32 $A3xB,$Ni,${N1}[1]
444 vmlal.u32 $A4xB,$Ni,${N2}[0]
445 vst1.64 {$A0xB-$A1xB}, [$toutptr,:256]!
446 vmlal.u32 $A5xB,$Ni,${N2}[1]
447 vshr.u64 $temp,$temp,#16
448 vld1.64 {$A0xB}, [$tinptr, :128]!
449 vmlal.u32 $A6xB,$Ni,${N3}[0]
450 vst1.64 {$A2xB-$A3xB}, [$toutptr,:256]!
451 vmlal.u32 $A7xB,$Ni,${N3}[1]
453 vst1.64 {$A4xB-$A5xB}, [$toutptr,:256]!
454 vadd.u64 $temp,$temp,`&Dhi("$Temp")`
456 vst1.64 {$A6xB-$A7xB}, [$toutptr,:256]!
457 vld1.64 {$A1xB-$A2xB}, [$tinptr, :256]!
458 vst1.64 {$Z}, [$toutptr,:128]
459 vshr.u64 $temp,$temp,#16
465 vld1.32 {${Bi}[0]}, [$bptr,:32]!
466 sub $nptr,$nptr,$num,lsl#2 @ rewind $nptr
467 vld1.32 {$A0-$A3}, [$aptr]!
468 veor $zero,$zero,$zero
472 vadd.u64 `&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
474 vmlal.u32 $A0xB,$Bi,${A0}[0]
475 vld1.64 {$A3xB-$A4xB},[$tinptr,:256]!
476 vmlal.u32 $A1xB,$Bi,${A0}[1]
477 vmlal.u32 $A2xB,$Bi,${A1}[0]
478 vld1.64 {$A5xB-$A6xB},[$tinptr,:256]!
479 vmlal.u32 $A3xB,$Bi,${A1}[1]
481 vshl.i64 $temp,`&Dhi("$A0xB")`,#16
482 veor $zero,$zero,$zero
483 vadd.u64 $temp,$temp,`&Dlo("$A0xB")`
484 vld1.64 {$A7xB},[$tinptr,:128]!
485 vmul.u32 $Ni,$temp,$M0
487 vmlal.u32 $A4xB,$Bi,${A2}[0]
488 vld1.32 {$N0-$N3}, [$nptr]!
489 vmlal.u32 $A5xB,$Bi,${A2}[1]
490 vmlal.u32 $A6xB,$Bi,${A3}[0]
492 vmlal.u32 $A7xB,$Bi,${A3}[1]
495 vmlal.u32 $A0xB,$Ni,${N0}[0]
496 vld1.32 {$A0-$A3}, [$aptr]!
497 vmlal.u32 $A1xB,$Ni,${N0}[1]
498 subs $inner,$inner,#8
499 vmlal.u32 $A2xB,$Ni,${N1}[0]
500 vmlal.u32 $A3xB,$Ni,${N1}[1]
501 vst1.64 {$A0xB-$A1xB}, [$toutptr,:256]!
503 vmlal.u32 $A4xB,$Ni,${N2}[0]
504 vld1.64 {$A0xB}, [$tinptr, :128]!
505 vmlal.u32 $A5xB,$Ni,${N2}[1]
506 vst1.64 {$A2xB-$A3xB}, [$toutptr,:256]!
507 vmlal.u32 $A6xB,$Ni,${N3}[0]
508 vld1.64 {$A1xB-$A2xB}, [$tinptr, :256]!
509 vmlal.u32 $A7xB,$Ni,${N3}[1]
510 vst1.64 {$A4xB-$A5xB}, [$toutptr,:256]!
512 vmlal.u32 $A0xB,$Bi,${A0}[0]
513 vld1.64 {$A3xB-$A4xB}, [$tinptr, :256]!
514 vmlal.u32 $A1xB,$Bi,${A0}[1]
515 vst1.64 {$A6xB-$A7xB}, [$toutptr,:256]!
516 vmlal.u32 $A2xB,$Bi,${A1}[0]
517 vld1.64 {$A5xB-$A6xB}, [$tinptr, :256]!
518 vmlal.u32 $A3xB,$Bi,${A1}[1]
519 vld1.32 {$N0-$N3}, [$nptr]!
521 vmlal.u32 $A4xB,$Bi,${A2}[0]
522 vld1.64 {$A7xB}, [$tinptr, :128]!
523 vmlal.u32 $A5xB,$Bi,${A2}[1]
524 vmlal.u32 $A6xB,$Bi,${A3}[0]
525 vmlal.u32 $A7xB,$Bi,${A3}[1]
529 vmlal.u32 $A0xB,$Ni,${N0}[0]
531 vmlal.u32 $A1xB,$Ni,${N0}[1]
532 sub $aptr,$aptr,$num,lsl#2 @ rewind $aptr
533 vmlal.u32 $A2xB,$Ni,${N1}[0]
534 vld1.64 {$Temp}, [sp,:128]
535 vmlal.u32 $A3xB,$Ni,${N1}[1]
536 subs $outer,$outer,#1
538 vmlal.u32 $A4xB,$Ni,${N2}[0]
539 vst1.64 {$A0xB-$A1xB}, [$toutptr,:256]!
540 vmlal.u32 $A5xB,$Ni,${N2}[1]
541 vld1.64 {$A0xB}, [$tinptr, :128]!
542 vshr.u64 $temp,$temp,#16
543 vst1.64 {$A2xB-$A3xB}, [$toutptr,:256]!
544 vmlal.u32 $A6xB,$Ni,${N3}[0]
545 vld1.64 {$A1xB-$A2xB}, [$tinptr, :256]!
546 vmlal.u32 $A7xB,$Ni,${N3}[1]
548 vst1.64 {$A4xB-$A5xB}, [$toutptr,:256]!
549 vadd.u64 $temp,$temp,`&Dhi("$Temp")`
550 vst1.64 {$A6xB-$A7xB}, [$toutptr,:256]!
551 vshr.u64 $temp,$temp,#16
559 vadd.u64 `&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
560 vld1.64 {$A3xB-$A4xB}, [$tinptr, :256]!
561 vshr.u64 $temp,`&Dlo("$A0xB")`,#16
562 vadd.u64 `&Dhi("$A0xB")`,`&Dhi("$A0xB")`,$temp
563 vld1.64 {$A5xB-$A6xB}, [$tinptr, :256]!
564 vshr.u64 $temp,`&Dhi("$A0xB")`,#16
565 vld1.64 {$A7xB}, [$tinptr, :128]!
566 vzip.16 `&Dlo("$A0xB")`,`&Dhi("$A0xB")`
569 vadd.u64 `&Dlo("$A1xB")`,`&Dlo("$A1xB")`,$temp
570 vst1.32 {`&Dlo("$A0xB")`[0]}, [$toutptr, :32]!
571 vshr.u64 $temp,`&Dlo("$A1xB")`,#16
572 vadd.u64 `&Dhi("$A1xB")`,`&Dhi("$A1xB")`,$temp
573 vshr.u64 $temp,`&Dhi("$A1xB")`,#16
574 vzip.16 `&Dlo("$A1xB")`,`&Dhi("$A1xB")`
576 vadd.u64 `&Dlo("$A2xB")`,`&Dlo("$A2xB")`,$temp
577 vst1.32 {`&Dlo("$A1xB")`[0]}, [$toutptr, :32]!
578 vshr.u64 $temp,`&Dlo("$A2xB")`,#16
579 vadd.u64 `&Dhi("$A2xB")`,`&Dhi("$A2xB")`,$temp
580 vshr.u64 $temp,`&Dhi("$A2xB")`,#16
581 vzip.16 `&Dlo("$A2xB")`,`&Dhi("$A2xB")`
583 vadd.u64 `&Dlo("$A3xB")`,`&Dlo("$A3xB")`,$temp
584 vst1.32 {`&Dlo("$A2xB")`[0]}, [$toutptr, :32]!
585 vshr.u64 $temp,`&Dlo("$A3xB")`,#16
586 vadd.u64 `&Dhi("$A3xB")`,`&Dhi("$A3xB")`,$temp
587 vshr.u64 $temp,`&Dhi("$A3xB")`,#16
588 vzip.16 `&Dlo("$A3xB")`,`&Dhi("$A3xB")`
590 vadd.u64 `&Dlo("$A4xB")`,`&Dlo("$A4xB")`,$temp
591 vst1.32 {`&Dlo("$A3xB")`[0]}, [$toutptr, :32]!
592 vshr.u64 $temp,`&Dlo("$A4xB")`,#16
593 vadd.u64 `&Dhi("$A4xB")`,`&Dhi("$A4xB")`,$temp
594 vshr.u64 $temp,`&Dhi("$A4xB")`,#16
595 vzip.16 `&Dlo("$A4xB")`,`&Dhi("$A4xB")`
597 vadd.u64 `&Dlo("$A5xB")`,`&Dlo("$A5xB")`,$temp
598 vst1.32 {`&Dlo("$A4xB")`[0]}, [$toutptr, :32]!
599 vshr.u64 $temp,`&Dlo("$A5xB")`,#16
600 vadd.u64 `&Dhi("$A5xB")`,`&Dhi("$A5xB")`,$temp
601 vshr.u64 $temp,`&Dhi("$A5xB")`,#16
602 vzip.16 `&Dlo("$A5xB")`,`&Dhi("$A5xB")`
604 vadd.u64 `&Dlo("$A6xB")`,`&Dlo("$A6xB")`,$temp
605 vst1.32 {`&Dlo("$A5xB")`[0]}, [$toutptr, :32]!
606 vshr.u64 $temp,`&Dlo("$A6xB")`,#16
607 vadd.u64 `&Dhi("$A6xB")`,`&Dhi("$A6xB")`,$temp
608 vld1.64 {$A0xB}, [$tinptr, :128]!
609 vshr.u64 $temp,`&Dhi("$A6xB")`,#16
610 vzip.16 `&Dlo("$A6xB")`,`&Dhi("$A6xB")`
612 vadd.u64 `&Dlo("$A7xB")`,`&Dlo("$A7xB")`,$temp
613 vst1.32 {`&Dlo("$A6xB")`[0]}, [$toutptr, :32]!
614 vshr.u64 $temp,`&Dlo("$A7xB")`,#16
615 vadd.u64 `&Dhi("$A7xB")`,`&Dhi("$A7xB")`,$temp
616 vld1.64 {$A1xB-$A2xB}, [$tinptr, :256]!
617 vshr.u64 $temp,`&Dhi("$A7xB")`,#16
618 vzip.16 `&Dlo("$A7xB")`,`&Dhi("$A7xB")`
619 subs $inner,$inner,#8
620 vst1.32 {`&Dlo("$A7xB")`[0]}, [$toutptr, :32]!
624 vst1.32 {${temp}[0]}, [$toutptr, :32] @ top-most bit
625 sub $nptr,$nptr,$num,lsl#2 @ rewind $nptr
626 subs $aptr,sp,#0 @ clear carry flag
627 add $bptr,sp,$num,lsl#2
630 ldmia $aptr!, {r4-r7}
631 ldmia $nptr!, {r8-r11}
636 teq $aptr,$bptr @ preserves carry
637 stmia $rptr!, {r8-r11}
640 ldr r10, [$aptr] @ load top-most bit
642 sub r11,$bptr,sp @ this is num*4
645 sub $rptr,$rptr,r11 @ rewind $rptr
646 mov $nptr,$bptr @ second 3/4th of frame
647 sbcs r10,r10,#0 @ result is carry flag
650 ldmia $aptr!, {r4-r7}
651 ldmia $rptr, {r8-r11}
653 vst1.64 {q0-q1}, [$nptr,:256]! @ wipe
656 vst1.64 {q0-q1}, [$nptr,:256]! @ wipe
659 stmia $rptr!, {r8-r11}
661 ldmia $rptr, {r8-r11}
663 vst1.64 {q0-q1}, [$aptr,:256]! @ wipe
666 vst1.64 {q0-q1}, [$nptr,:256]! @ wipe
668 teq $aptr,$bptr @ preserves carry
669 stmia $rptr!, {r8-r11}
670 bne .LNEON_copy_n_zap
676 .size bn_mul8x_mont_neon,.-bn_mul8x_mont_neon
681 .asciz "Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
683 #if __ARM_MAX_ARCH__>=7
684 .comm OPENSSL_armcap_P,4,4
688 $code =~ s/\`([^\`]*)\`/eval $1/gem;
689 $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4
690 $code =~ s/\bret\b/bx lr/gm;
projects / openssl.git / blob