phantom/mkp224o
1
0
Fork 0
mirror of https://github.com/cathugger/mkp224o.git synced 2025-04-29 14:59:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: phantom:v1.4.0
Branches Tags
phantom:master
phantom:v1.7.0
phantom:v1.6.1
phantom:v1.6.0
phantom:v1.5.0
phantom:v1.4.0
phantom:v1.3.0
phantom:v1.2.0
phantom:v1.1.0
...
compare: phantom:master
Branches Tags
phantom:master
phantom:v1.7.0
phantom:v1.6.1
phantom:v1.6.0
phantom:v1.5.0
phantom:v1.4.0
phantom:v1.3.0
phantom:v1.2.0
phantom:v1.1.0

109 commits
v1.4.0 ... master

Author SHA1 Message Date
cathugger
5172c0fd71
make depends 2024-02-15 21:48:15 +00:00
cathugger
fb5320a537
gpg TZ 2024-01-22 05:08:12 +00:00
cathugger
3e7aaf8a3a
add dep 2024-01-20 12:48:15 +00:00
cathugger
a3add1b889
add packages needed to build release 2024-01-20 12:48:15 +00:00
cathugger
1a8c287ac3
Merge pull request #103 from Y-Kim-64/update-readme-url 
Update outdated URL in README.md
 2023-12-08 17:37:12 +00:00
cathugger
b0f394c17a
README.md: attempt to fix 2023-12-08 17:34:42 +00:00
cathugger
c72ddad656
README.md: attempt to use footnotes 2023-12-08 17:32:51 +00:00
Yeonjun Kim
6d4034abf1 Update outdated URL in README.md 2023-10-23 19:46:20 +09:00
cathugger
870c089a3c
better ruler fix 2023-09-06 02:24:14 +03:00
cathugger
1b00917e52
spaces/tabs fix 2023-09-06 02:19:20 +03:00
cathugger
4cc50f41ce
onionready: always refer warnnear 2023-09-06 02:15:13 +03:00
cathugger
6c704d20c4
use "latest wins" logic for skipnear/warnnear args 2023-09-06 01:43:44 +03:00
cathugger
c7a8d75229
don't skipnear if warnnear is set 2023-09-06 01:24:58 +03:00
cathugger
80e1bd0b47
near passkeys skip/warn modes & help tweak 2023-09-06 01:00:04 +03:00
Marni
42e4d3a5fc
Docker support (#99) 
* add Dockerfile

* add basic documentation for docker image

* change cmd to entrypoint in Dockerfile

This is so that you can add args without docker assuming you're trying
to override the command

* Create docker-publish.yml github CI action

This is taken from the marketplace, I didn't write this

* correct docker image tag

* fix checkpoint loading (use carry for add)

* Fix digit typos in README

* revamp docker support

don't use volume, use latest alpine so i won't need to bump it
use multistage static build for minimal size with stripping
correctly save git version details

* tweak workflows

* try making cosign work

* Revert "try making cosign work"

This reverts commit a70723db66.

* fix

* remove root dockerfile

---------

Co-authored-by: cathugger <cathugger@cock.li>
Co-authored-by: dunsany <118174187+dunsany@users.noreply.github.com>
 2023-08-06 18:22:54 +00:00
cathugger
ec788fec85
revamp docker support 
don't use volume, use latest alpine so i won't need to bump it
use multistage static build for minimal size with stripping
correctly save git version details
 2023-08-06 16:08:33 +00:00
cathugger
951437bf51
Merge pull request #100 from dunsany/patch-1 
Fix digit typos in README
 2023-08-06 02:25:00 +00:00
cathugger
6a2b5e60bf
fix checkpoint loading (use carry for add) 2023-08-06 05:13:37 +03:00
dunsany
e9f6027a7c
Fix digit typos in README 2023-07-26 10:27:45 +02:00
cathugger
2b417046b6
remove slow/fast workers 2023-06-09 17:16:46 +03:00
cathugger
d612b74842
improve readme a bit 2023-03-26 23:43:49 +00:00
cathugger
68928c4984
fix assembler compilation on MacOS 2023-01-14 14:37:41 +00:00
cathugger
309b86fd59
more helpful error messages 2022-12-19 18:30:24 +02:00
cathugger
d202229a43
add libc6-dev to debian deps 
thanks @EsmailELBoBDev2 for report
 2022-09-19 06:15:42 +00:00
cathugger
a6e53b0997
fixup release script 2022-06-30 22:19:56 +00:00
cathugger
f667a8a256
fix syncwritefile on windows 2022-06-24 18:08:51 +00:00
cathugger
bd1b6d927e
cleanup some remaining dead refs 2022-06-01 18:41:40 +00:00
cathugger
5ac2c8fa60
some cleanups & make depend 2022-05-31 02:11:40 +03:00
cathugger
4e20f086e3
fix amd64 asm stuff calling on windows 2022-05-31 01:41:03 +03:00
cathugger
fca1c18def
uhhh make depend 2022-05-30 20:47:53 +00:00
cathugger
a437e34a26
one more adjust 2022-05-30 20:44:35 +00:00
cathugger
4e98a931f4
tweak release script, add signing one 2022-05-30 20:34:31 +00:00
cathugger
7f714ee4f7
this makes more sense 2022-05-17 16:03:08 +00:00
cathugger
b428196b5e
more stuff 2022-05-17 16:01:52 +00:00
cathugger
ef71219c2b
Merge pull request #72 from eighthave/master 
Vagrantfile for fully automated, secure runs
 2022-05-17 13:45:31 +00:00
cathugger
1884eaf5a2
some fixups 2022-05-16 21:21:01 +00:00
cathugger
481a6b701f
fix win side, add incomplete build script 2022-05-16 21:17:50 +00:00
Hans-Christoph Steiner
5f946123f2
Vagrantfile for fully automated, secure runs 
Just running `vagrant up` will start a VM, build mkp224o, remove root
and internet access, then run mkp224o.  This provides an easy to use,
disposible way to generate onion services.
 2022-05-16 16:55:05 +02:00
cathugger
8b2d09d1c0
edit readme a bit more 2022-05-12 15:02:09 +00:00
cathugger
ac633abd2b
don't email me i dont read stuff anyway 
also PGP key link is dead
 2022-05-12 14:45:22 +00:00
cathugger
6438396a33
more :> 2022-05-05 23:18:41 +03:00
cathugger
01062d70d1
mmm right 2022-05-05 19:45:42 +00:00
cathugger
0eee09364d
change usage formatting, print version 2022-05-05 15:36:36 +00:00
cathugger
f374555fd4
rebase on newer SUPERCOP, use PIE, some other stuff 2022-05-05 13:22:34 +00:00
cathugger
0819ccd81d
Merge pull request #70 from scribblemaniac/fix-69 
Fix missing #ifdefs
 2022-03-20 23:27:04 +00:00
scribblemaniac
51d76913f1
Fix missing #ifdefs 2022-03-14 19:39:18 -06:00
cathugger
1e18c10a11
make depend 2021-12-14 13:55:33 +00:00
cathugger
3648c1f37e
Merge pull request #61 from scribblemaniac/checkpointing 
Add checkpointing support for passphrases
 2021-12-10 11:30:53 +00:00
cathugger
67868f4126
cleanup, free memory 2021-12-10 13:27:01 +02:00
cathugger
1679e51e1b
move this there 2021-12-08 20:24:55 +00:00
cathugger
90fe9f35d1
some tweaks 2021-12-08 20:22:24 +00:00
cathugger
5b4074a47e
make checkpoint stuff actually proper 2021-12-08 20:14:20 +00:00
cathugger
f575bbe011
Merge github-cathugger:cathugger/mkp224o into checkpointing 2021-12-08 17:28:43 +00:00
cathugger
73d2791286
fix default ed25519 impl check in configure.ac 2021-12-08 16:25:58 +00:00
scribblemaniac
3706518f76
Move checkpoint saving to main thread 
Checkpoints will now be saved every 5 minutes and when the program
ends.
 2021-11-05 19:29:11 -06:00
scribblemaniac
c9396de8b2
Use long argument for checkpoint 2021-11-05 17:27:14 -06:00
cathugger
d6e2aecf52
small fixup 2021-11-03 19:57:41 +02:00
cathugger
eea863e3ac
a bit of calcest and some other stuff 2021-11-03 00:20:43 +00:00
cathugger
e12a3eb7c9
apparently this check was always wrong lmao 2021-11-02 17:07:30 +00:00
cathugger
f1c56e7480
idk 2021-11-02 17:32:10 +02:00
cathugger
7dea621e41
some tweaks 2021-11-02 15:07:37 +00:00
scribblemaniac
2a4afad91a
Add checkpointing support for passphrases 2021-10-15 22:53:53 -06:00
cathugger
ff3873965f
please new autoconf 2021-08-23 12:05:25 +00:00
cathugger
fc6285523f
fix compilation err in non-intfilter cases 2021-03-23 10:36:42 +00:00
cathugger
c9d018a253
whatever i implemented it anyway 2021-03-21 17:16:23 +00:00
cathugger
f43c3b021e
fix intfilter expansion logic 
also makes it simpler and probably faster.
someone should contrib non-gnuc popcount if they care, i ran out of patience with this (yes i know it's simple) (it probably doesn't even need to be exactly popcount).
 2021-03-21 16:52:15 +00:00
cathugger
68a06c4ced
tweak wording a bit 2021-03-09 08:58:46 +00:00
cathugger
2c871f4690
Merge pull request #46 from einsz/patch-1 
Fix possible numbers in base32
 2021-01-13 11:03:54 +00:00
einsz
5938904f46
Fix possible numbers in base32 
The readme stated is is possible to gerenate a 0 and also stated 2 and 7 are not included in the base32 character set... fixed that.
 2021-01-12 23:29:40 +01:00
cathugger
f6bda1035c
an attempt to clarify filter validation err 2020-12-22 10:50:09 +00:00
cathugger
6f1264177e
using trailing spaces for hard breaks is fucking stupid 2020-11-24 17:06:19 +00:00
cathugger
fdb715fee0
more readme 2020-11-24 16:39:21 +00:00
cathugger
3ffe5ee8a9
more readme tweaks 2020-11-24 16:35:55 +00:00
cathugger
2822508f8d
tweak readme heading sizes 2020-11-24 16:23:21 +00:00
cathugger
02c35e5f69
actually set stack size for new threads 
forgot to actually pass argument
 2020-11-23 03:38:56 +00:00
cathugger
57c306d512
disable this again 2020-11-22 13:16:43 +00:00
cathugger
af5a7cfe12
set thread size 2020-11-22 13:13:50 +00:00
cathugger
51d87c3857
dont do indirection in for batch stuff 2020-11-22 10:21:06 +00:00
cathugger
5b5f414b79
fix gitignore 2020-11-22 05:13:24 +00:00
cathugger
30491bd9f8
various things 
disable paranoid check which was never triggered as far as I'm aware
add editorconfig
some whitespace changes in configure.ac
which to batch mode by default
start working on putting all filtering options in one bin
some other tweaks
 2020-11-21 11:34:25 +00:00
cathugger
9eb4b328f0
Merge pull request #40 from iamstefin/contrib-docker 
Added Docker support
 2020-09-04 17:27:05 +00:00
Stefin
b94137e72d
Added maintainer for Dockerfile 2020-09-02 05:34:47 -05:00
Stefin
3025c59eab
Added README.md for contrib/docker 2020-09-02 05:33:04 -05:00
cathugger
9d3dd71411
https for CC0 link 2020-08-28 23:25:24 +00:00
cathugger
e421c8bb70
Merge pull request #41 from tohn/markdown 
Markdown
 2020-08-28 23:22:08 +00:00
Yannic Haupenthal
e28c8183aa
use different mail format 2020-08-28 21:30:22 +02:00
Yannic Haupenthal
1de7b078af
use markdown instead of text 2020-08-28 18:59:29 +02:00
Yannic Haupenthal
bb9e793540
rename file 2020-08-19 18:37:46 +02:00
Stefin
1b6cb117b4
Update .dockerignore 2020-08-18 14:41:11 -05:00
Stefin
5c99601865
Update Dockerfile 2020-08-18 14:40:12 -05:00
Stefin
d392ec642c
Update contrib/docker/Dockerfile 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2020-08-09 09:25:37 -05:00
Stef
95a7e0580a added docker support 2020-08-06 00:28:57 -05:00
cathugger
2e0344928f
sign 2020-07-19 00:18:09 +03:00
cathugger
158964b251 adjust OPTIMISATION.txt for current stuff 2020-07-18 16:18:24 +03:00
cathugger
e0bc8f1d4e fmt 2020-07-16 20:34:43 +00:00
cathugger
e854cae46e add faq to readme 2020-07-16 20:33:20 +00:00
cathugger
d5b90d43a9
some tweaks 2020-05-23 16:41:51 +00:00
cathugger
a3e141e79b
close filter files, more error handling 2020-05-22 22:30:14 +00:00
cathugger
e933a9b806
correctly handle filter file loading error, small tweak 2020-05-22 17:55:37 +00:00
cathugger
897dcbd350
adjust gitignore 2020-01-17 19:22:47 +00:00
cathugger
c57f10316f
rawyaml mode 2020-01-17 14:15:56 +00:00
cathugger
30c05eb266
remove some unused stuff, small fixups, use -Wextra 2020-01-14 17:51:56 +00:00
cathugger
e6d0f59f1d
estimate calc utility (WIP) 2020-01-14 17:15:44 +00:00
cathugger
d3640b7322
use GNUmakefile, since we depend on GNU stuff 2019-12-22 22:28:12 +02:00
cathugger
9032811fc5
small cleanup, makefile preparation for calcdiff 2019-12-22 22:01:26 +02:00
cathugger
451c9610aa
don't offload dead code elimination to compiler as we can do that in preprocessor 2019-11-20 16:22:43 +00:00
cathugger
5c7e0144d9
remove BATCHNUM limitations 2019-11-20 16:17:21 +00:00
cathugger
9bc52c5fb7
implement worker_batch_pass 2019-11-15 04:58:21 +00:00
cathugger
6f7e220b60
fix ed25519-donna makedepends 2019-11-15 02:48:19 +00:00
136 changed files with 4028 additions and 3047 deletions
Show stats Expand all files Collapse all files

15
.editorconfig Normal file
View file

@ -0,0 +1,15 @@
[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
[*.{c,h}]
indent_style = tab
[{GNUmakefile.in,configure.ac}]
indent_style = tab
[ed25519/{ref10,amd64-51-30k,amd64-64-24k}/*.{c,h,py}]
indent_style = space
indent_size = 2

85
.github/workflows/docker-publish.yml vendored Normal file
View file

@ -0,0 +1,85 @@
name: Docker
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@v3
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v2
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v4
with:
file: ./contrib/docker/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}

7
.gitignore vendored
View file

@ -1,5 +1,7 @@
# output files
mkp224o
calcest
test_*
*.o
# generated onions
@ -7,8 +9,9 @@ mkp224o
# garbage
configure
Makefile
Makefile.in.bak
configure~
GNUmakefile
GNUmakefile.in.bak
config.status
config.log
*.cache

436
Makefile.in → GNUmakefile.in
View file

@ -1,23 +1,23 @@
CC= @CC@
CSTD= @CSTD@
CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @MYDEFS@
ASFLAGS=
LDFLAGS= @NOPIE@ @LDFLAGS@
CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @PIE@ @MYDEFS@ -DVERSION='"@VERSION@"'
ASFLAGS= @PIE@
LDFLAGS= @LDFLAGS@
MV= mv
ED25519_DEFS= -DED25519_ref10 -DED25519_amd64_51_30k -DED25519_amd64_64_24k -DED25519_donna
ED25519_ref10= $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/ref10/*.c))
ED25519_amd64_51_30k= \
$(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.c)) \
$(patsubst @SRCDIR@/%.s,%.s.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.s))
$(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.S))
ED25519_amd64_64_24k= \
$(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.c)) \
$(patsubst @SRCDIR@/%.s,%.s.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.s))
$(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.S))
ED25519_donna=
ED25519OBJ= $(ED25519_@ED25519IMPL@)
ED25519_OBJ= $(ED25519_@ED25519IMPL@)
MAINOBJ= \
MAIN_OBJ= \
main.c.o \
worker.c.o \
yaml.c.o \
@ -28,88 +28,122 @@ MAINOBJ= \
base64_to.c.o \
base64_from.c.o \
ioutil.c.o \
$(ED25519OBJ) \
$(ED25519_OBJ) \
keccak.c.o
TEST_BASE64OBJ= \
UTIL_CALCEST_OBJ= \
calcest.c.o
TEST_BASE64_OBJ= \
test_base64.c.o \
base64_to.c.o \
base64_from.c.o
TEST_BASE32OBJ= \
TEST_BASE32_OBJ= \
test_base32.c.o \
base32_to.c.o \
base32_from.c.o
TEST_BASE16OBJ= \
TEST_BASE16_OBJ= \
test_base16.c.o \
base16_to.c.o \
base16_from.c.o
TEST_ED25519OBJ= \
TEST_ED25519_OBJ= \
test_ed25519.c.o \
base16_to.c.o \
base16_from.c.o \
$(ED25519OBJ)
$(ED25519_OBJ)
ALLO= $(sort \
$(MAINOBJ) \
$(TEST_BASE64OBJ) \
$(TEST_BASE32OBJ) \
$(TEST_BASE16OBJ) \
$(TEST_ED25519OBJ) \
ALL_O= $(sort \
$(MAIN_OBJ) \
$(UTIL_CALCEST_OBJ) \
$(TEST_BASE64_OBJ) \
$(TEST_BASE32_OBJ) \
$(TEST_BASE16_OBJ) \
$(TEST_ED25519_OBJ) \
$(ED25519_ref10) \
$(ED25519_amd64_51_30k) \
$(ED25519_amd64_64_24k))
ALLC= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALLO)))
CLEANO= $(filter %.o,$(ALLO))
ALL_C= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALL_O)))
CLEAN_O= $(filter %.o,$(ALL_O))
MAINLIB= -lpthread -lsodium @MAINLIB@
TEST_ED25519LIB= -lsodium
MAIN_LIB= -lpthread -lsodium @MAINLIB@
UTIL_CALCEST_LIB= -lm
TEST_ED25519_LIB= -lsodium
ALLTGTS= mkp224o test_base64 test_base32 test_base16 test_ed25519
ALLEXE= $(patsubst %,%@EXEEXT@,$(ALLTGTS))
MAIN_TGT= mkp224o
UTIL_TGT= calcest
TEST_TGT= test_base64 test_base32 test_base16 test_ed25519
.PHONY: default all clean distclean depend
MAIN_EXE= $(patsubst %,%@EXEEXT@,$(MAIN_TGT))
UTIL_EXE= $(patsubst %,%@EXEEXT@,$(UTIL_TGT))
TEST_EXE= $(patsubst %,%@EXEEXT@,$(TEST_TGT))
default: mkp224o@EXEEXT@
ALL_EXE= $(MAIN_EXE) $(UTIL_EXE) $(TEST_EXE)
all: $(ALLEXE)
.PHONY: default all main util test clean distclean depend
mkp224o@EXEEXT@: $(MAINOBJ)
$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAINLIB) && $(MV) $@.tmp $@
default: $(MAIN_EXE)
test_base64@EXEEXT@: $(TEST_BASE64OBJ)
all: $(ALL_EXE)
main: $(MAIN_EXE)
util: $(UTIL_EXE)
test: $(TEST_EXE)
mkp224o@EXEEXT@: $(MAIN_OBJ)
$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAIN_LIB) && $(MV) $@.tmp $@
calcest@EXEEXT@: $(UTIL_CALCEST_OBJ)
$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(UTIL_CALCEST_LIB) && $(MV) $@.tmp $@
test_base64@EXEEXT@: $(TEST_BASE64_OBJ)
$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@
test_base32@EXEEXT@: $(TEST_BASE32OBJ)
test_base32@EXEEXT@: $(TEST_BASE32_OBJ)
$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@
test_base16@EXEEXT@: $(TEST_BASE16OBJ)
test_base16@EXEEXT@: $(TEST_BASE16_OBJ)
$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@
test_ed25519@EXEEXT@: $(TEST_ED25519OBJ)
$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519LIB) && $(MV) $@.tmp $@
test_ed25519@EXEEXT@: $(TEST_ED25519_OBJ)
$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519_LIB) && $(MV) $@.tmp $@
clean:
$(RM) $(CLEANO)
$(RM) $(ALLEXE)
$(RM) $(CLEAN_O)
$(RM) $(ALL_EXE)
distclean: clean
$(RM) -r autom4te.cache
$(RM) configure config.status config.log
$(RM) Makefile
$(RM) GNUmakefile
depend:
cd "@SRCDIR@" && makedepend -Y -fMakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALLC)
# makedepend from imake
cd "@SRCDIR@" && makedepend -Y -fGNUmakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALL_C)
VPATH=@SRCDIR@
%.c.o: CFLAGS += \
-D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@' \
-D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@' \
-D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \
-D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \
%.S.o: ASFLAGS += \
-D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@' \
-D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@' \
-D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \
-D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \
%.c.o: %.c
$(CC) $(CFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@
%.s.o: %.s
%.S.o: %.S
$(CC) $(ASFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@
# DO NOT DELETE THIS LINE
@ -121,63 +155,77 @@ base32_to.c.o: types.h base32.h
base64_from.c.o: types.h base64.h
base64_to.c.o: types.h base64.h
cpucount.c.o: cpucount.h
ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ed25519.h
ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/randombytes.h
ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/hram.h
ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data
ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h
ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519_base_niels_smalltables.data
ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/hram.h
ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h
ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h
@ -185,6 +233,7 @@ ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h
ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ed25519.h
@ -192,107 +241,142 @@ ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ed25519.h
ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/compat.h
ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ed25519.h
ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/randombytes.h
ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/hram.h
ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data
ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h
ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519_base_slide_multiples.data
ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/index_heap.h
ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519_base_niels.data
ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/hram.h
ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ed25519.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ed25519.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ge25519.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/fe25519.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/sc25519.h
ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/hram.h
ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/index_heap.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_sign.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ed25519.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/randombytes.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_sign.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ed25519.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_verify_32.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_sign.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ed25519.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ge25519.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/fe25519.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/compat.h
ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/sc25519.h
ed25519/ref10/fe_0.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
ed25519/ref10/fe_1.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
ed25519/ref10/fe_add.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
@ -310,7 +394,7 @@ ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/fe.h
ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/crypto_int32.h
ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/fe.h
ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_int32.h
ed25519/ref10/fe_isnonzero.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_verify_32.h
ed25519/ref10/fe_mul.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
ed25519/ref10/fe_mul.c.o: ed25519/ref10/crypto_int64.h
ed25519/ref10/fe_neg.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
@ -369,72 +453,96 @@ ed25519/ref10/ge_sub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
ed25519/ref10/ge_sub.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_sub.h
ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/crypto_int32.h
ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/randombytes.h
ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/ed25519.h
ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/ref10/keypair.c.o: ed25519/ref10/randombytes.h
ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_sign.h
ed25519/ref10/keypair.c.o: ed25519/ref10/ed25519.h
ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_hash_sha512.h
ed25519/ref10/keypair.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_int32.h
ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/ref10/open.c.o: ed25519/amd64-51-30k/ed25519.h
ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
ed25519/ref10/open.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
ed25519/ref10/open.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h
ed25519/ref10/open.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h
ed25519/ref10/open.c.o: ed25519/ref10/crypto_hash_sha512.h
ed25519/ref10/open.c.o: ed25519/ref10/crypto_verify_32.h ed25519/ref10/ge.h
ed25519/ref10/open.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
ed25519/ref10/open.c.o: ed25519/ref10/sc.h
ed25519/ref10/sc_muladd.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h
ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint32.h
ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint64.h
ed25519/ref10/sc_reduce.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h
ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint32.h
ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint64.h
ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h
ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/ed25519.h
ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
ed25519/ref10/sign.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
ed25519/ref10/sign.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h
ioutil.c.o: types.h ioutil.h
ed25519/ref10/sign.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h
ed25519/ref10/sign.c.o: ed25519/ref10/crypto_hash_sha512.h ed25519/ref10/ge.h
ed25519/ref10/sign.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
ed25519/ref10/sign.c.o: ed25519/ref10/sc.h
ioutil.c.o: types.h ioutil.h vec.h
keccak.c.o: types.h keccak.h
main.c.o: types.h vec.h base32.h cpucount.h keccak.h ioutil.h common.h yaml.h
main.c.o: filters.h worker.h filters_main.inc.h filters_common.inc.h
main.c.o: filters.h worker.h likely.h filters_inc.inc.h filters_main.inc.h
main.c.o: filters_common.inc.h ifilter_bitsum.h
test_base16.c.o: types.h base16.h
test_base32.c.o: types.h base32.h
test_base64.c.o: types.h base64.h
test_ed25519.c.o: types.h base16.h ed25519/ed25519.h ed25519/ref10/ed25519.h
test_ed25519.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
test_ed25519.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/ed25519.h
test_ed25519.c.o: types.h base16.h ed25519/ed25519.h
test_ed25519.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h
test_ed25519.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h
test_ed25519.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
test_ed25519.c.o: ed25519/amd64-51-30k/crypto_sign.h
test_ed25519.c.o: ed25519/amd64-51-30k/ed25519.h
test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h
test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h
test_ed25519.c.o: ed25519/amd64-51-30k/compat.h
test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h
test_ed25519.c.o: ed25519/amd64-64-24k/crypto_sign.h
test_ed25519.c.o: ed25519/amd64-64-24k/ed25519.h
test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h
test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h
test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h
test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h
test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h
test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-64bit.h
test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-32bit.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h
test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h testutil.h
test_ed25519.c.o: ed25519/ed25519_impl_post.h
vec.c.o: vec.h
worker.c.o: types.h likely.h vec.h base32.h keccak.h ed25519/ed25519.h
worker.c.o: types.h likely.h vec.h base32.h keccak.h ioutil.h common.h yaml.h
worker.c.o: worker.h filters.h filters_inc.inc.h filters_worker.inc.h
worker.c.o: filters_common.inc.h ed25519/ed25519.h worker_impl.inc.h
worker.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h
worker.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h ed25519/ref10/fe.h
worker.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/ed25519.h
worker.c.o: ed25519/amd64-51-30k/ge25519.h ed25519/amd64-51-30k/fe25519.h
worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/ed25519.h
worker.c.o: ed25519/amd64-64-24k/ge25519.h
worker.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/crypto_sign.h
worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/ge25519.h
worker.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/compat.h
worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/crypto_sign.h
worker.c.o: ed25519/amd64-64-24k/ed25519.h ed25519/amd64-64-24k/ge25519.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h
worker.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h
worker.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h
worker.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h
worker.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h
worker.c.o: ed25519/ed25519-donna/modm-donna-64bit.h
worker.c.o: ed25519/ed25519-donna/modm-donna-32bit.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h ioutil.h common.h
worker.c.o: yaml.h worker.h filters.h filters_worker.inc.h
worker.c.o: filters_common.inc.h worker_slow.inc.h worker_fast.inc.h
worker.c.o: worker_fast_pass.inc.h worker_batch.inc.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h
worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h
worker.c.o: worker_batch.inc.h worker_batch_pass.inc.h
worker.c.o: ed25519/ed25519_impl_post.h
yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h

33
OPTIMISATION.txt
View file

@ -1,26 +1,25 @@
This document describes configuration options which may help one to generate onions faster.
First of all, default configuration options are tuned for portability, not performance.
First of all, default configuration options are tuned for portability, and may be a bit suboptimal.
User is expected to pick optimal settings depending on hardware mkp224o will run on and ammount of filters.
ED25519 implementations:
mkp224o includes multiple implementations of ed25519 code, tuned for different processors.
Default is ref10 implementation from SUPERCOP, which is suboptimal in many cases.
Implementation is selected at configuration time, when running `./configure` script.
If one already configured/compiled code and wants to change options, just re-run
`./configure` and also run `make clean` to clear compiled files, if any.
Note that options and CFLAGS/LDFLAGS settings won't carry over from previous configure run,
so you have to include options you've previously configured, if you want them to remain.
At the time of writing, these implementations are present:
+----------------+-----------------------+-------------------------------------------------+
| implementation | enable flag | notes |
|----------------+-----------------------+-------------------------------------------------+
| ref10 | --enable-ref10 | SUPERCOP' ref10, pure C, very portable, default |
| amd64-51-30k | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, amd64 assembler, |
| | | only works in x86_64 architecture |
| amd64-64-24k | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, amd64 assembler, |
| | | only works in x86_64 architecture |
| ed25519-donna | --enable-donna | portable, based on amd64-51-30k, but C, not asm |
| ed25519-donna | --enable-donna-sse2 | uses SSE2, needs x86 architecture |
+----------------+-----------------------+-------------------------------------------------+
+----------------+-----------------------+----------------------------------------------------------+
| implementation | enable flag | notes |
|----------------+-----------------------+----------------------------------------------------------+
| ref10 | --enable-ref10 | SUPERCOP' ref10, pure C, very portable, previous default |
| amd64-51-30k | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, only works on x86_64 |
| amd64-64-24k | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, only works on x86_64 |
| ed25519-donna | --enable-donna | based on amd64-51-30k, C, portable, current default |
| ed25519-donna | --enable-donna-sse2 | uses SSE2, needs x86 architecture |
+----------------+-----------------------+----------------------------------------------------------+
When to use what:
- on 32-bit x86 architecture "--enable-donna" will probably be fastest, but one should try
using "--enable-donna-sse2" too
@ -91,6 +90,14 @@ Current options, at the time of writing:
and have some random filters which may have different length.
Batch mode:
mkp224o now includes experimental key generation mode which performs certain operations in batches,
and is around 15 times faster than current default.
It is currently experimental, and is activated by -B run-time flag.
Batched element count is configured by --enable-batchnum=number option at configure time,
increasing or decreasing it may make batch mode faster or slower, depending on hardware.
Benchmarking:
It's always good idea to see if your settings give you desired effect.
There currently isn't any automated way to benchmark different configuration options, but it's pretty simple to do by hand.

143
README.md Normal file
View file

@ -0,0 +1,143 @@
## mkp224o - vanity address generator for ed25519 onion services
This tool generates vanity ed25519 (hidden service version 3[^1][^2],
formely known as proposal 224) onion addresses.
### Requirements for building
* C99 compatible compiler (gcc and clang should work)
* libsodium (including headers)
* GNU make
* GNU autoconf (to generate configure script, needed only if not using release tarball)
* UNIX-like platform (currently tested in Linux and OpenBSD, but should
also build under cygwin and msys2).
For debian-like linux distros, this should be enough to prepare for building:
```bash
apt install gcc libc6-dev libsodium-dev make autoconf
```
### Building
Run `./autogen.sh` to generate a configure script, if there isn't one already.
Run `./configure` to generate a makefile.
On \*BSD platforms you may need to specify extra include/library paths:
`./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`.
On AMD64 platforms, you probably also want to pass something like
`--enable-amd64-51-30k` to the configure script invocation for faster key generation;
run `./configure --help` to see all available options.
Finally, `make` to start building (`gmake` in \*BSD platforms).
### Usage
mkp224o needs one or more filters to work.
You may specify them as command line arguments,
eg `./mkp224o test`, or load them from file with `-f` switch.
It makes directories with secret/public keys and hostnames
for each discovered service. By default, the working directory is the current
directory, but that can be overridden with `-d` switch.
Use `-s` switch to enable printing of statistics, which may be useful
when benchmarking different ed25519 implementations on your machine.
Use `-h` switch to obtain all available options.
I highly recommend reading [OPTIMISATION.txt][OPTIMISATION] for
performance-related tips.
### FAQ and other useful info
* How do I generate address?
Once compiled, run it like `./mkp224o neko`, and it will try creating
keys for onions starting with "neko" in this example; use `./mkp224o
-d nekokeys neko` to not litter current directory and put all
discovered keys in directory named "nekokeys".
* How do I make tor use generated keys?
Copy key folder (though technically only `hs_ed25519_secret_key` is required)
to where you want your service keys to reside:
```bash
sudo cp -r neko54as6d54....onion /var/lib/tor/nekosvc
```
You may need to adjust ownership and permissions:
```bash
sudo chown -R tor: /var/lib/tor/nekosvc
sudo chmod -R u+rwX,og-rwx /var/lib/tor/nekosvc
```
Then edit `torrc` and add new service with that folder.\
After reload/restart tor should pick it up.
* How to generate addresses with `0-1` and `8-9` digits?
Onion addresses use base32 encoding which does not include `0,1,8,9`
numbers.\
So no, that's not possible to generate these, and mkp224o tries to
detect invalid filters containing them early on.
* How long is it going to take?
Because of probablistic nature of brute force key generation, and
varience of hardware it's going to run on, it's hard to make promisses
about how long it's going to take, especially when the most of users
want just a few keys.\
See [this issue][#27] for very valuable discussion about this.\
If your machine is powerful enough, 6 character prefix shouldn't take
more than few tens of minutes, if using batch mode (read
[OPTIMISATION.txt][OPTIMISATION]) 7 characters can take hours
to days.\
No promisses though, it depends on pure luck.
* Will this work with onionbalance?
It appears that onionbalance supports loading usual
`hs_ed25519_secret_key` key so it should work.
* Is there a docker image?
Yes, if you do not wish to compile mkp224o yourself, you can use
the `ghcr.io/cathugger/mkp224o` image like so:
```bash
docker run --rm -it -v $PWD:/keys ghcr.io/cathugger/mkp224o:master -d /keys neko
```
### Acknowledgements & Legal
To the extent possible under law, the author(s) have dedicated all
copyright and related and neighboring rights to this software to the
public domain worldwide. This software is distributed without any
warranty.
You should have received a copy of the CC0 Public Domain Dedication
along with this software. If not, see [CC0][].
* `keccak.c` is based on [Keccak-more-compact.c][keccak.c]
* `ed25519/{ref10,amd64-51-30k,amd64-64-24k}` are adopted from
[SUPERCOP][]
* `ed25519/ed25519-donna` adopted from [ed25519-donna][]
* Idea used in `worker_fast()` is stolen from [horse25519][]
* base64 routines and initial YAML processing work contributed by
Alexander Khristoforov (heios at protonmail dot com)
* Passphrase-based generation code and idea used in `worker_batch()`
contributed by [foobar2019][]
[OPTIMISATION]: ./OPTIMISATION.txt
[#27]: https://github.com/cathugger/mkp224o/issues/27
[keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c
[CC0]: https://creativecommons.org/publicdomain/zero/1.0/
[SUPERCOP]: https://bench.cr.yp.to/supercop.html
[ed25519-donna]: https://github.com/floodyberry/ed25519-donna
[horse25519]: https://github.com/Yawning/horse25519
[foobar2019]: https://github.com/foobar2019
[^1]: https://spec.torproject.org/rend-spec/index.html
[^2]: https://gitlab.torproject.org/tpo/core/torspec/-/raw/main/attic/text_formats/rend-spec-v3.txt

46
README.txt
View file

@ -1,46 +0,0 @@
mkp224o - vanity address generator for ed25519 onion services
This tool generates vanity ed25519 (hidden service version 3, formely known as proposal 224) onion addresses.
For context, see <https://gitweb.torproject.org/torspec.git/plain/rend-spec-v3.txt>.
REQUIREMENTS:
C99 compatible compiler (gcc and clang should work),
libsodium (including headers), GNU make,
GNU autoconf (to generate configure script, needed only if not using release tarball),
UNIX-like platform (currently tested in Linux and OpenBSD, but should also build under cygwin and msys2).
For debian-like linux distros, this should be enough to prepare for building:
`apt install gcc libsodium-dev make autoconf`.
BUILDING:
`./autogen.sh` to generate configure script, if it's not there already.
`./configure` to generate makefile; in *BSD platforms you probably want to use
`./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`.
You probably also want to pass something like "--enable-amd64-51-30k"
or "--enable-donna" to configure script for faster key generation;
run `./configure --help` to see all available options.
Finally, `make` to start building (`gmake` in *BSD platforms).
USAGE:
Generator needs one or more filters to work.
It makes directory with secret/public keys and hostname
for each discovered service. By default root is current
directory, but that can be overridden with -d switch.
Use -s switch to enable printing of statistics, which may be useful
when benchmarking different ed25519 implementations on your machine.
Use -h switch to obtain all available options.
I highly recommend reading OPTIMISATION.txt for performance-related tips.
CONTACT:
For bug reports/questions/whatever else, email cathugger at cock dot li.
PGP key, if needed, can be found at <http://cathug2kyi4ilneggumrenayhuhsvrgn6qv2y47bgeet42iivkpynqad.onion/contact.html>.
ACKNOWLEDGEMENTS & LEGAL:
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
keccak.c is based on <https://github.com/gvanas/KeccakCodePackage/blob/master/Standalone/CompactFIPS202/Keccak-more-compact.c>.
ed25519/{ref10,amd64-51-30k,amd64-64-24k} are adopted from SUPERCOP <https://bench.cr.yp.to/supercop.html>.
ed25519/ed25519-donna adopted from <https://github.com/floodyberry/ed25519-donna>.
Idea used in worker_fast() is stolen from <https://github.com/Yawning/horse25519>.
base64 routines and initial YAML processing work contributed by Alexander Khristoforov <heios@protonmail.com>.
Passphrase-based generation code and idea used in worker_batch() contributed by <https://github.com/foobar2019>.

48
calcest.c Normal file
View file

@ -0,0 +1,48 @@
#include <stdio.h>
#include <stddef.h>
#include <math.h>
/*
* as per scribblemaniac's explanation:
* t - number of trials
* n - character count
* p - probability
* condition: >=1 matches
* formula: t = log(1-p)/log(1-1/32^n)
* comes from:
* distribution X~Binomial(t, 1/32^n)
* P(X>=1)=p
*/
const double probs[] = { 0.5, 0.8, 0.9, 0.95, 0.99 };
const int charcounts[] = { 2, 3, 4, 5, 6, 7, 8, 9, 10 };
int main(int argc,char **argv)
{
// TODO
(void) argc;
(void) argv;
printf(" |");
for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) {
printf(" %15d%% |",(int)((probs[i]*100)+0.5));
}
printf("\n");
printf("---+");
for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) {
printf("------------------+");
}
printf("\n");
for (size_t i = 0; i < sizeof(charcounts)/sizeof(charcounts[0]); ++i) {
printf("%2d |",charcounts[i]);
for (size_t j = 0; j < sizeof(probs)/sizeof(probs[0]); ++j) {
double t = log2(1 - probs[j]) / log2(1 - (1 / pow(32,charcounts[i])));
printf(" %16.0f |",t);
}
printf("\n");
}
return 0;
}

3
common.h
View file

@ -7,6 +7,9 @@
#define PKPREFIX_SIZE (29 + 3)
#define SKPREFIX_SIZE (29 + 3)
extern const char * const pkprefix;
extern const char * const skprefix;
#define FORMATTED_PUBLIC_LEN (PKPREFIX_SIZE + PUBLIC_LEN)
#define FORMATTED_SECRET_LEN (SKPREFIX_SIZE + SECRET_LEN)

160
configure.ac
View file

@ -5,9 +5,45 @@ AC_CONFIG_SRCDIR([main.c])
oldcflags="$CFLAGS"
AC_PROG_CC
# determine version
ver=""
if test -r "$srcdir/version.txt"
then
ver=`cat "$srcdir/version.txt"`
elif test -d "$srcdir/.git"
then
if git --version >/dev/null 2>&1
then
# try matching exact tag
ver=`git -C "$srcdir" describe --tags --exact-match 2>/dev/null`
if test -z "$ver"
then
# otherwise obtain full commit ID
ver=`git -C "$srcdir" rev-parse HEAD 2>/dev/null`
if test -n "$ver"
then
ver=git-$ver
fi
fi
if test -n "$ver"
then
if ! git -C "$srcdir" diff --exit-code >/dev/null 2>&1
then
# add at the end to mark modified version
ver="$ver"'*'
fi
fi
fi
fi
if test -z "$ver"
then
ver=unknown
fi
# NOTE: this script intentionally doesn't check for small details like posix functions and hard dependencies (libsodium) so you may get errors at compilation
if test "x$oldcflags" != "x$CFLAGS"
if test x"$oldcflags" != x"$CFLAGS"
then
oldcflags="-O3"
CFLAGS="-march=native"
@ -27,31 +63,18 @@ then
CFLAGS="$oldcflags"
fi
nopie=""
pie=""
oldcflags="$CFLAGS"
CFLAGS="-nopie -Werror"
AC_MSG_CHECKING([whether CC supports -nopie])
CFLAGS="-fPIE -Werror"
AC_MSG_CHECKING([whether CC supports -fPIE])
AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[nopie="-nopie"],
[AC_MSG_RESULT([no])]
[AC_MSG_RESULT([yes])]
[pie="-fPIE"],
[AC_MSG_RESULT([no])]
)
CFLAGS="$oldcflags"
if test "x$nopie" = "x"
then
oldcflags="$CFLAGS"
CFLAGS="-no-pie -Werror"
AC_MSG_CHECKING([whether CC supports -no-pie])
AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[nopie="-no-pie"],
[AC_MSG_RESULT([no])]
)
CFLAGS="$oldcflags"
fi
MYDEFS=""
MAINLIB=""
@ -60,8 +83,8 @@ AC_ARG_ENABLE([ref10],
[AS_HELP_STRING([--enable-ref10],
[use SUPERCOP ref10 ed25519 implementation @<:@default=no@:>@])],
[
AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "ref10"],
[AC_ERROR([only one ed25519 implementation can be defined])])
AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "ref10"],
[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
ed25519impl="ref10"
],
[]
@ -71,8 +94,8 @@ AC_ARG_ENABLE([amd64-51-30k],
[AS_HELP_STRING([--enable-amd64-51-30k],
[use SUPERCOP amd64-51-30k ed25519 implementation @<:@default=no@:>@])],
[
AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_51_30k"],
[AC_ERROR([only one ed25519 implementation can be defined])])
AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_51_30k"],
[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
ed25519impl="amd64_51_30k"
],
[]
@ -82,8 +105,8 @@ AC_ARG_ENABLE([amd64-64-24k],
[AS_HELP_STRING([--enable-amd64-64-24k],
[use SUPERCOP amd64-64-24k ed25519 implementation @<:@default=no@:>@])],
[
AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_64_24k"],
[AC_ERROR([only one ed25519 implementation can be defined])])
AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_64_24k"],
[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
ed25519impl="amd64_64_24k"
],
[]
@ -93,8 +116,8 @@ AC_ARG_ENABLE([donna],
[AS_HELP_STRING([--enable-donna],
[use ed25519-donna implementation @<:@default=yes@:>@])],
[
AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna"],
[AC_ERROR([only one ed25519 implementation can be defined])])
AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna"],
[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
ed25519impl="donna"
],
[]
@ -104,15 +127,15 @@ AC_ARG_ENABLE([donna-sse2],
[AS_HELP_STRING([--enable-donna-sse2],
[use ed25519-donna SSE2 implementation @<:@default=no@:>@])],
[
AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna-sse2"],
[AC_ERROR([only one ed25519 implementation can be defined])])
AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna-sse2"],
[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
ed25519impl="donna-sse2"
],
[]
)
# default
AS_IF([test "x$ed25519impl" == "x"],[ed25519impl="donna"])
AS_IF([test x"$ed25519impl" = x""],[ed25519impl="donna"])
if test "$ed25519impl" = "donna-sse2"
then
@ -178,30 +201,38 @@ oldcflags="$CFLAGS"
CFLAGS="-std=c99"
AC_MSG_CHECKING([whether CC supports -std=c99])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[c99="yes"]
[cstd="-std=c99"],
[AC_MSG_RESULT([no])]
[AC_MSG_RESULT([yes])]
[c99="yes"]
[cstd="-std=c99"],
[AC_MSG_RESULT([no])]
)
CFLAGS="$cstd -Wall"
AC_MSG_CHECKING([whether CC supports -Wall])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wall"],
[AC_MSG_RESULT([no])]
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wall"],
[AC_MSG_RESULT([no])]
)
CFLAGS="$cstd -Wextra"
AC_MSG_CHECKING([whether CC supports -Wextra])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wextra"],
[AC_MSG_RESULT([no])]
)
# (negative) detection on clang fails without -Werror
CFLAGS="$cstd -Wno-maybe-uninitialized -Werror"
AC_MSG_CHECKING([whether CC supports -Wno-maybe-uninitialized])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wno-maybe-uninitialized"],
[AC_MSG_RESULT([no])]
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wno-maybe-uninitialized"],
[AC_MSG_RESULT([no])]
)
if test "x$c99" = "xyes" -a "x$ed25519impl" != "xdonna" -a "x$enable_intfilter" != "x128"
if test x"$c99" = x"yes" -a x"$ed25519impl" != x"donna" -a x"$enable_intfilter" != x"128"
then
CFLAGS="$cstd -pedantic"
AC_MSG_CHECKING([whether CC supports -pedantic])
@ -222,7 +253,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#ifndef _WIN32
[AC_MSG_RESULT([no])]
)
if test "x$ed25519impl" = "xdonna"
if test x"$ed25519impl" = x"donna"
then
CFLAGS="$cstd -Wno-unused-function -Werror"
AC_MSG_CHECKING([whether CC supports -Wno-unused-function])
@ -233,21 +264,32 @@ then
)
fi
if test x"$ed25519impl" = x"amd64_64_24k"
then
CFLAGS="$cstd -Wno-unused-const-variable -Werror"
AC_MSG_CHECKING([whether CC supports -Wno-unused-const-variable])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wno-unused-const-variable"],
[AC_MSG_RESULT([no])]
)
fi
CFLAGS="$cstd -Wmissing-prototypes -Werror"
AC_MSG_CHECKING([whether CC supports -Wmissing-prototypes])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wmissing-prototypes"],
[AC_MSG_RESULT([no])]
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wmissing-prototypes"],
[AC_MSG_RESULT([no])]
)
# XXX AC_LANG_PROGRAM produces unsuitable prototype so this check must be last one
CFLAGS="$cstd -Wstrict-prototypes -Werror"
AC_MSG_CHECKING([whether CC supports -Wstrict-prototypes])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wstrict-prototypes"],
[AC_MSG_RESULT([no])]
[AC_MSG_RESULT([yes])]
[cstd="$cstd -Wstrict-prototypes"],
[AC_MSG_RESULT([no])]
)
CFLAGS="$oldcflags"
@ -257,7 +299,7 @@ AC_ARG_ENABLE([binfilterlen],
[set binary string filter length (if you don't use intfilter) @<:@default=32@:>@])],
[], [enable_binfilterlen=no]
)
if test "x$enable_binfilterlen" != "xyes" -a "x$enable_binfilterlen" != "xno"
if test x"$enable_binfilterlen" != x"yes" -a x"$enable_binfilterlen" != x"no"
then
MYDEFS="$MYDEFS -DBINFILTERLEN=$enable_binfilterlen"
fi
@ -267,7 +309,7 @@ AC_ARG_ENABLE([binsearch],
[enable binary search algoritm; MUCH faster if there are a lot of filters @<:@default=no@:>@])],
[], [enable_binsearch=no]
)
if test "x$enable_binsearch" = "xyes"
if test x"$enable_binsearch" = x"yes"
then
MYDEFS="$MYDEFS -DBINSEARCH"
fi
@ -277,7 +319,7 @@ AC_ARG_ENABLE([besort],
[force intfilter binsearch case to use big endian sorting and not omit masks from filters; useful if your filters aren't of same length @<:@default=no@:>@])],
[], [enable_besort=no]
)
if test "x$enable_besort" = "xyes"
if test x"$enable_besort" = x"yes"
then
MYDEFS="$MYDEFS -DBESORT"
fi
@ -287,14 +329,14 @@ AC_ARG_ENABLE([statistics],
[collect statistics @<:@default=yes@:>@])],
[], [enable_statistics=yes]
)
if test "x$enable_statistics" = "xyes"
if test x"$enable_statistics" = x"yes"
then
MYDEFS="$MYDEFS -DSTATISTICS"
fi
AC_ARG_WITH([pcre2],[AC_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"])
AC_ARG_WITH([pcre2],[AS_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"])
AC_ARG_ENABLE([regex],[AC_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no])
AC_ARG_ENABLE([regex],[AS_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no])
case "$enable_regex" in
no|"")
;;
@ -321,7 +363,7 @@ yes|pcre2)
fi
else
AC_MSG_RESULT([not found])
AC_ERROR([pcre2-config cannot be executed])
AC_MSG_ERROR(pcre2-config cannot be executed)
fi
;;
*)
@ -349,6 +391,8 @@ AC_SUBST(CSTD,["$cstd"])
AC_SUBST(ED25519IMPL,["$ed25519impl"])
AC_SUBST(MYDEFS,["$MYDEFS"])
AC_SUBST(MAINLIB,["$MAINLIB"])
AC_SUBST(NOPIE,["$nopie"])
AC_SUBST(PIE,["$pie"])
AC_SUBST(SRCDIR,["$srcdir"])
AC_OUTPUT(Makefile)
AC_SUBST(VERSION,["$ver"])
AC_CONFIG_FILES([GNUmakefile])
AC_OUTPUT

14
contrib/docker/Dockerfile Normal file
View file

@ -0,0 +1,14 @@
FROM alpine:latest AS builder
RUN apk add --no-cache gcc libc-dev libsodium-dev libsodium-static make autoconf git
WORKDIR /app
COPY . .
RUN ./autogen.sh
RUN ./configure --enable-amd64-51-30k CFLAGS="-O3 -march=x86-64 -mtune=generic -fomit-frame-pointer" LDFLAGS="-static"
RUN make
RUN strip mkp224o
FROM scratch
WORKDIR /app
COPY --from=builder /app/mkp224o .
ENTRYPOINT ["./mkp224o"]

7
contrib/docker/README.md Normal file
View file

@ -0,0 +1,7 @@
# Usage
## Building Image Locally
`docker build -f contrib/docker/Dockerfile -t mkp224o .`
## Running Image Locally
`docker run -it -v $(pwd):/root/data mkp224o neko`

2
contrib/release-scripts/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
/build
/out

2
contrib/release-scripts/README.md Normal file
View file

@ -0,0 +1,2 @@
packages that work on archlinux:
wine-wow64 mingw-w64-toolchain mingw-w64-ldd mingw-w64-pcre2 mingw-w64-libsodium zip zopfli

80
contrib/release-scripts/release.sh Executable file
View file

@ -0,0 +1,80 @@
#!/bin/sh
set -eux
V=$1
D=$(realpath "$0")
D=$(dirname "$D")
cd "$D"
export TZ=UTC
mkdir -p build
export WINEARCH=win64
export WINEPREFIX=$(realpath ./build/winepfx)
OPATH=$PATH
rm -rf out
mkdir -p out
# prepare source
SV=mkp224o-$V
SO=$(realpath ./out/$SV)
git clone ../../ "$SO"
git -C ../../ diff | git -C "$SO" apply --allow-empty
cd "$SO"
rm -rf .git
./autogen.sh
rm -rf *.cache
echo v$V > version.txt
cd ../..
# build windows bins
B=$(realpath ./build)
for w in x86_64 i686
do
cd "$B"
rm -rf $w
mkdir $w
cd $w
p=$w-w64-mingw32
case $w in
i686)
CFLAGS="-march=i686 -mtune=generic"
W=32
;;
x86_64)
CFLAGS="-march=x86-64 -mtune=generic"
W=64
;;
esac
CFLAGS="-O3 $CFLAGS -fomit-frame-pointer"
export PATH=/usr/$p/bin:$OPATH
../../out/$SV/configure --enable-regex --enable-donna --with-pcre2="/usr/$p/bin/pcre2-config" CC="${p}-gcc" CFLAGS="$CFLAGS"
make main util
$p-strip mkp224o.exe
$p-strip calcest.exe
cd ..
BO="$SO-w$W"
mkdir -p "$BO"
cp $w/mkp224o.exe "$BO/"
cp $w/calcest.exe "$BO/"
cd "$BO"
$p-ldd mkp224o.exe | grep -v 'not found' | awk '{print $3}' | xargs -r cp -v -t ./
done
export PATH=$OPATH
# compress stuff
cd "$D/out"
tar --portability --no-acls --no-selinux --no-xattrs --owner root:0 --group=root:0 --sort=name -c -f $SV-src.tar $SV
zopfli -i100 -c $SV-src.tar > $SV-src.tar.gz
zstd -19 -f $SV-src.tar -o $SV-src.tar.zst
rm $SV-src.tar
zip -9 -X -r $SV-w32.zip $SV-w32
zip -9 -X -r $SV-w64.zip $SV-w64

20
contrib/release-scripts/sign.sh Executable file
View file

@ -0,0 +1,20 @@
#!/bin/sh
if [ x"$1" = x ]
then
echo "Usage: $0 key-id" >&2
exit 1
fi
D=$(realpath "$0")
D=$(dirname "$D")
cd "$D"
export TZ=UTC
cd out
gpg --detach-sign -u "$1" mkp224o-*-src.tar.gz
gpg --detach-sign -u "$1" mkp224o-*-src.tar.zst
gpg --detach-sign -u "$1" mkp224o-*-w32.zip
gpg --detach-sign -u "$1" mkp224o-*-w64.zip

46
contrib/vagrant/Vagrantfile vendored Normal file
View file

@ -0,0 +1,46 @@
# set this to choose the starting prefix of the onion name
filter = "prefix"
Vagrant.configure("2") do |config|
config.vm.box = "debian/bullseye64"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 2
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision :shell, inline: <<-SHELL
set -ex
sed -i s,http:,https:, /etc/apt/sources.list
apt-get update
apt-get -qy dist-upgrade
apt-get -qy install --no-install-recommends git gcc libc-dev libsodium-dev make autoconf htop screen
SHELL
config.vm.provision :shell, privileged: false, inline: <<-SHELL
git clone https://github.com/cathugger/mkp224o.git /home/vagrant/mkp224o
SHELL
# disable internet access
config.vm.provision "shell",
run: "always",
inline: "ip route del default || true"
# disable root
config.vm.provision "shell", inline: "passwd --lock root"
config.vm.provision "shell", inline: "SUDO_FORCE_REMOVE=yes dpkg --purge sudo"
config.vm.provision :shell, privileged: false, inline: <<-SHELL
set -ex
cd mkp224o
./autogen.sh
./configure
make
./mkp224o -h
mkdir ~/#{filter}
cd ~/#{filter}
screen -d -m -L -Logfile #{filter}.log -S run-#{filter} nice ~/mkp224o/mkp224o -S 300 #{filter}
SHELL
end

94
ed25519/amd64-51-30k/batch.c
View file

@ -1,94 +0,0 @@
#include "crypto_sign.h"
#include "crypto_verify_32.h"
#include "crypto_hash_sha512.h"
#include "randombytes.h"
#include "ge25519.h"
#include "hram.h"
#define MAXBATCH 64
int crypto_sign_open_batch(
unsigned char* const m[],unsigned long long mlen[],
unsigned char* const sm[],const unsigned long long smlen[],
unsigned char* const pk[],
unsigned long long num
)
{
int ret = 0;
unsigned long long i, j;
shortsc25519 r[MAXBATCH];
sc25519 scalars[2*MAXBATCH+1];
ge25519 points[2*MAXBATCH+1];
unsigned char hram[crypto_hash_sha512_BYTES];
unsigned long long batchsize;
for (i = 0;i < num;++i) mlen[i] = -1;
while (num >= 3) {
batchsize = num;
if (batchsize > MAXBATCH) batchsize = MAXBATCH;
for (i = 0;i < batchsize;++i)
if (smlen[i] < 64) goto fallback;
randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize);
/* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */
for(i=0;i<batchsize;i++)
{
sc25519_from32bytes(&scalars[i], sm[i]+32);
sc25519_mul_shortsc(&scalars[i], &scalars[i], &r[i]);
}
for(i=1;i<batchsize;i++)
sc25519_add(&scalars[0], &scalars[0], &scalars[i]);
/* Computing scalars[1] ... scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
for(i=0;i<batchsize;i++)
{
get_hram(hram, sm[i], pk[i], m[i], smlen[i]);
sc25519_from64bytes(&scalars[i+1],hram);
sc25519_mul_shortsc(&scalars[i+1],&scalars[i+1],&r[i]);
}
/* Setting scalars[batchsize+1] ... scalars[2*batchsize] to r[i] */
for(i=0;i<batchsize;i++)
sc25519_from_shortsc(&scalars[batchsize+i+1],&r[i]);
/* Computing points */
points[0] = ge25519_base;
for(i=0;i<batchsize;i++)
if (ge25519_unpackneg_vartime(&points[i+1], pk[i])) goto fallback;
for(i=0;i<batchsize;i++)
if (ge25519_unpackneg_vartime(&points[batchsize+i+1], sm[i])) goto fallback;
ge25519_multi_scalarmult_vartime(points, points, scalars, 2*batchsize+1);
if (ge25519_isneutral_vartime(points)) {
for(i=0;i<batchsize;i++)
{
for(j=0;j<smlen[i]-64;j++)
m[i][j] = sm[i][j + 64];
mlen[i] = smlen[i]-64;
}
} else {
fallback:
for (i = 0;i < batchsize;++i)
ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
}
m += batchsize;
mlen += batchsize;
sm += batchsize;
smlen += batchsize;
pk += batchsize;
num -= batchsize;
}
for (i = 0;i < num;++i)
ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
return ret;
}

50
ed25519/amd64-51-30k/choose_t.s → ed25519/amd64-51-30k/choose_t.S
View file

@ -105,13 +105,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_choose_t
# qhasm: enter CRYPTO_NAMESPACE(batch_choose_t)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_choose_t
.globl crypto_sign_ed25519_amd64_51_30k_batch_choose_t
_crypto_sign_ed25519_amd64_51_30k_batch_choose_t:
crypto_sign_ed25519_amd64_51_30k_batch_choose_t:
.globl _CRYPTO_NAMESPACE(batch_choose_t)
.globl CRYPTO_NAMESPACE(batch_choose_t)
_CRYPTO_NAMESPACE(batch_choose_t):
CRYPTO_NAMESPACE(batch_choose_t):
mov %rsp,%r11
and $31,%r11
add $64,%r11
@ -1677,30 +1677,30 @@ movq 952(%rcx,%rdi),%rdi
# asm 2: cmove <t=%rdi,<tt2d4=%r11
cmove %rdi,%r11
# qhasm: tt0 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>tt0=int64#1
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>tt0=%rdi
movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdi
# qhasm: tt0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=int64#1
# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=%rdi
movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdi
# qhasm: tt1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=int64#4
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=%rcx
movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
# qhasm: tt1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=int64#4
# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=%rcx
movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx
# qhasm: tt2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=int64#5
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=%r8
movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: tt2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=int64#5
# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=%r8
movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: tt3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=int64#10
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=%r12
movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
# qhasm: tt3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=int64#10
# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=%r12
movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12
# qhasm: tt4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=int64#11
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=%r13
movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r13
# qhasm: tt4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=int64#11
# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=%r13
movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r13
# qhasm: tt0 -= tt2d0
# asm 1: sub <tt2d0=int64#2,<tt0=int64#1

10
ed25519/amd64-51-30k/compat.h Normal file
View file

@ -0,0 +1,10 @@
#ifndef COMPAT_H
#define COMPAT_H
#if defined(_WIN32) && defined(__GNUC__)
#define SYSVABI __attribute__((sysv_abi))
#else
#define SYSVABI
#endif
#endif

51
ed25519/amd64-51-30k/consts.S Normal file
View file

@ -0,0 +1,51 @@
#ifndef __APPLE__
.section .rodata
#else
.const
#endif
.globl CRYPTO_NAMESPACE(batch_REDMASK51)
.globl CRYPTO_NAMESPACE(batch_121666_213)
.globl CRYPTO_NAMESPACE(batch_2P0)
.globl CRYPTO_NAMESPACE(batch_2P1234)
.globl CRYPTO_NAMESPACE(batch_4P0)
.globl CRYPTO_NAMESPACE(batch_4P1234)
.globl CRYPTO_NAMESPACE(batch_MU0)
.globl CRYPTO_NAMESPACE(batch_MU1)
.globl CRYPTO_NAMESPACE(batch_MU2)
.globl CRYPTO_NAMESPACE(batch_MU3)
.globl CRYPTO_NAMESPACE(batch_MU4)
.globl CRYPTO_NAMESPACE(batch_ORDER0)
.globl CRYPTO_NAMESPACE(batch_ORDER1)
.globl CRYPTO_NAMESPACE(batch_ORDER2)
.globl CRYPTO_NAMESPACE(batch_ORDER3)
.globl CRYPTO_NAMESPACE(batch_EC2D0)
.globl CRYPTO_NAMESPACE(batch_EC2D1)
.globl CRYPTO_NAMESPACE(batch_EC2D2)
.globl CRYPTO_NAMESPACE(batch_EC2D3)
.globl CRYPTO_NAMESPACE(batch_EC2D4)
.globl CRYPTO_NAMESPACE(batch__38)
.p2align 4
CRYPTO_NAMESPACE(batch_REDMASK51): .quad 0x0007FFFFFFFFFFFF
CRYPTO_NAMESPACE(batch_121666_213): .quad 996687872
CRYPTO_NAMESPACE(batch_2P0): .quad 0xFFFFFFFFFFFDA
CRYPTO_NAMESPACE(batch_2P1234): .quad 0xFFFFFFFFFFFFE
CRYPTO_NAMESPACE(batch_4P0): .quad 0x1FFFFFFFFFFFB4
CRYPTO_NAMESPACE(batch_4P1234): .quad 0x1FFFFFFFFFFFFC
CRYPTO_NAMESPACE(batch_MU0): .quad 0xED9CE5A30A2C131B
CRYPTO_NAMESPACE(batch_MU1): .quad 0x2106215D086329A7
CRYPTO_NAMESPACE(batch_MU2): .quad 0xFFFFFFFFFFFFFFEB
CRYPTO_NAMESPACE(batch_MU3): .quad 0xFFFFFFFFFFFFFFFF
CRYPTO_NAMESPACE(batch_MU4): .quad 0x000000000000000F
CRYPTO_NAMESPACE(batch_ORDER0): .quad 0x5812631A5CF5D3ED
CRYPTO_NAMESPACE(batch_ORDER1): .quad 0x14DEF9DEA2F79CD6
CRYPTO_NAMESPACE(batch_ORDER2): .quad 0x0000000000000000
CRYPTO_NAMESPACE(batch_ORDER3): .quad 0x1000000000000000
CRYPTO_NAMESPACE(batch_EC2D0): .quad 1859910466990425
CRYPTO_NAMESPACE(batch_EC2D1): .quad 932731440258426
CRYPTO_NAMESPACE(batch_EC2D2): .quad 1072319116312658
CRYPTO_NAMESPACE(batch_EC2D3): .quad 1815898335770999
CRYPTO_NAMESPACE(batch_EC2D4): .quad 633789495995903
CRYPTO_NAMESPACE(batch__38): .quad 38

47
ed25519/amd64-51-30k/consts.s
View file

@ -1,47 +0,0 @@
.data
.globl crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
.globl crypto_sign_ed25519_amd64_51_30k_batch_121666_213
.globl crypto_sign_ed25519_amd64_51_30k_batch_2P0
.globl crypto_sign_ed25519_amd64_51_30k_batch_2P1234
.globl crypto_sign_ed25519_amd64_51_30k_batch_4P0
.globl crypto_sign_ed25519_amd64_51_30k_batch_4P1234
.globl crypto_sign_ed25519_amd64_51_30k_batch_MU0
.globl crypto_sign_ed25519_amd64_51_30k_batch_MU1
.globl crypto_sign_ed25519_amd64_51_30k_batch_MU2
.globl crypto_sign_ed25519_amd64_51_30k_batch_MU3
.globl crypto_sign_ed25519_amd64_51_30k_batch_MU4
.globl crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
.globl crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
.globl crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
.globl crypto_sign_ed25519_amd64_51_30k_batch_ORDER3
.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
.globl crypto_sign_ed25519_amd64_51_30k_batch__38
.p2align 4
crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51: .quad 0x0007FFFFFFFFFFFF
crypto_sign_ed25519_amd64_51_30k_batch_121666_213: .quad 996687872
crypto_sign_ed25519_amd64_51_30k_batch_2P0: .quad 0xFFFFFFFFFFFDA
crypto_sign_ed25519_amd64_51_30k_batch_2P1234: .quad 0xFFFFFFFFFFFFE
crypto_sign_ed25519_amd64_51_30k_batch_4P0: .quad 0x1FFFFFFFFFFFB4
crypto_sign_ed25519_amd64_51_30k_batch_4P1234: .quad 0x1FFFFFFFFFFFFC
crypto_sign_ed25519_amd64_51_30k_batch_MU0: .quad 0xED9CE5A30A2C131B
crypto_sign_ed25519_amd64_51_30k_batch_MU1: .quad 0x2106215D086329A7
crypto_sign_ed25519_amd64_51_30k_batch_MU2: .quad 0xFFFFFFFFFFFFFFEB
crypto_sign_ed25519_amd64_51_30k_batch_MU3: .quad 0xFFFFFFFFFFFFFFFF
crypto_sign_ed25519_amd64_51_30k_batch_MU4: .quad 0x000000000000000F
crypto_sign_ed25519_amd64_51_30k_batch_ORDER0: .quad 0x5812631A5CF5D3ED
crypto_sign_ed25519_amd64_51_30k_batch_ORDER1: .quad 0x14DEF9DEA2F79CD6
crypto_sign_ed25519_amd64_51_30k_batch_ORDER2: .quad 0x0000000000000000
crypto_sign_ed25519_amd64_51_30k_batch_ORDER3: .quad 0x1000000000000000
crypto_sign_ed25519_amd64_51_30k_batch_EC2D0: .quad 1859910466990425
crypto_sign_ed25519_amd64_51_30k_batch_EC2D1: .quad 932731440258426
crypto_sign_ed25519_amd64_51_30k_batch_EC2D2: .quad 1072319116312658
crypto_sign_ed25519_amd64_51_30k_batch_EC2D3: .quad 1815898335770999
crypto_sign_ed25519_amd64_51_30k_batch_EC2D4: .quad 633789495995903
crypto_sign_ed25519_amd64_51_30k_batch__38: .quad 38

14
ed25519/amd64-51-30k/crypto_sign.h
View file

@ -1,9 +1,9 @@
#define crypto_sign ed25519_amd64_51_30k_sign
#define crypto_sign_keypair ed25519_amd64_51_30k_keygen
#define crypto_sign_seckey ed25519_ramd64_51_30k_seckey
#define crypto_sign_seckey_expand ed25519_amd64_51_30k_seckey_expand
#define crypto_sign_pubkey ed25519_amd64_51_30k_pubkey
#define crypto_sign_open ed25519_amd64_51_30k_open
#define crypto_sign_open_batch ed25519_amd64_51_30k_open_batch
#define crypto_sign CRYPTO_NAMESPACE(sign)
#define crypto_sign_keypair CRYPTO_NAMESPACE(keygen)
#define crypto_sign_seckey CRYPTO_NAMESPACE(seckey)
#define crypto_sign_seckey_expand CRYPTO_NAMESPACE(seckey_expand)
#define crypto_sign_pubkey CRYPTO_NAMESPACE(pubkey)
#define crypto_sign_open CRYPTO_NAMESPACE(open)
#define crypto_sign_open_batch CRYPTO_NAMESPACE(open_batch)
#include "ed25519.h"

16
ed25519/amd64-51-30k/ed25519.h
View file

@ -1,20 +1,20 @@
int ed25519_amd64_51_30k_seckey(unsigned char *sk);
int ed25519_amd64_51_30k_seckey_expand(unsigned char *sk,const unsigned char *seed);
int ed25519_amd64_51_30k_pubkey(unsigned char *pk,const unsigned char *sk);
int ed25519_amd64_51_30k_keygen(unsigned char *pk,unsigned char *sk);
int ed25519_amd64_51_30k_sign(
int crypto_sign_seckey(unsigned char *sk);
int crypto_sign_seckey_expand(unsigned char *sk,const unsigned char *seed);
int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk);
int crypto_sign_keypair(unsigned char *pk,unsigned char *sk);
int crypto_sign(
unsigned char *sm,unsigned long long *smlen,
const unsigned char *m,unsigned long long mlen,
const unsigned char *sk
);
int ed25519_amd64_51_30k_open(
int crypto_sign_open(
unsigned char *m,unsigned long long *mlen,
const unsigned char *sm,unsigned long long smlen,
const unsigned char *pk
);
int ed25519_amd64_51_30k_batch(
int crypto_sign_open_batch(
unsigned char* const m[],unsigned long long mlen[],
unsigned char* const sm[],const unsigned long long smlen[],
unsigned char* const pk[],
unsigned char* const pk[],
unsigned long long num
);

53
ed25519/amd64-51-30k/fe25519.h
View file

@ -2,33 +2,34 @@
#define FE25519_H
#include <stddef.h>
#include "compat.h"
#define fe25519 crypto_sign_ed25519_amd64_51_30k_batch_fe25519
#define fe25519_freeze crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze
#define fe25519_unpack crypto_sign_ed25519_amd64_51_30k_batch_fe25519_unpack
#define fe25519_pack crypto_sign_ed25519_amd64_51_30k_batch_fe25519_pack
#define fe25519_iszero_vartime crypto_sign_ed25519_amd64_51_30k_batch_fe25519_iszero_vartime
#define fe25519_iseq_vartime crypto_sign_ed25519_amd64_51_30k_batch_fe25519_iseq_vartime
#define fe25519_cmov crypto_sign_ed25519_amd64_51_30k_batch_fe25519_cmov
#define fe25519_setint crypto_sign_ed25519_amd64_51_30k_batch_fe25519_setint
#define fe25519_neg crypto_sign_ed25519_amd64_51_30k_batch_fe25519_neg
#define fe25519_getparity crypto_sign_ed25519_amd64_51_30k_batch_fe25519_getparity
#define fe25519_add crypto_sign_ed25519_amd64_51_30k_batch_fe25519_add
#define fe25519_sub crypto_sign_ed25519_amd64_51_30k_batch_fe25519_sub
#define fe25519_mul crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul
#define fe25519_mul121666 crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul121666
#define fe25519_square crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square
#define fe25519_nsquare crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare
#define fe25519_invert crypto_sign_ed25519_amd64_51_30k_batch_fe25519_invert
#define fe25519_pow2523 crypto_sign_ed25519_amd64_51_30k_batch_fe25519_pow2523
#define fe25519 CRYPTO_NAMESPACE(batch_fe25519)
#define fe25519_freeze CRYPTO_NAMESPACE(batch_fe25519_freeze)
#define fe25519_unpack CRYPTO_NAMESPACE(batch_fe25519_unpack)
#define fe25519_pack CRYPTO_NAMESPACE(batch_fe25519_pack)
#define fe25519_iszero_vartime CRYPTO_NAMESPACE(batch_fe25519_iszero_vartime)
#define fe25519_iseq_vartime CRYPTO_NAMESPACE(batch_fe25519_iseq_vartime)
#define fe25519_cmov CRYPTO_NAMESPACE(batch_fe25519_cmov)
#define fe25519_setint CRYPTO_NAMESPACE(batch_fe25519_setint)
#define fe25519_neg CRYPTO_NAMESPACE(batch_fe25519_neg)
#define fe25519_getparity CRYPTO_NAMESPACE(batch_fe25519_getparity)
#define fe25519_add CRYPTO_NAMESPACE(batch_fe25519_add)
#define fe25519_sub CRYPTO_NAMESPACE(batch_fe25519_sub)
#define fe25519_mul CRYPTO_NAMESPACE(batch_fe25519_mul)
#define fe25519_square CRYPTO_NAMESPACE(batch_fe25519_square)
#define fe25519_nsquare CRYPTO_NAMESPACE(batch_fe25519_nsquare)
#define fe25519_invert CRYPTO_NAMESPACE(batch_fe25519_invert)
#define fe25519_batchinvert CRYPTO_NAMESPACE(batch_fe25519_batchinvert)
#define fe25519_pow2523 CRYPTO_NAMESPACE(batch_fe25519_pow2523)
typedef struct
typedef struct
{
unsigned long long v[5];
unsigned long long v[5];
}
fe25519;
void fe25519_freeze(fe25519 *r);
void fe25519_freeze(fe25519 *r) SYSVABI;
void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
@ -52,17 +53,15 @@ void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI;
void fe25519_mul121666(fe25519 *r, const fe25519 *x);
void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI;
void fe25519_square(fe25519 *r, const fe25519 *x);
void fe25519_nsquare(fe25519 *r, unsigned long long n);
void fe25519_nsquare(fe25519 *r, unsigned long long n) SYSVABI;
void fe25519_invert(fe25519 *r, const fe25519 *x);
void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num);
void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset);
void fe25519_pow2523(fe25519 *r, const fe25519 *x);

18
ed25519/amd64-51-30k/fe25519_batchinvert.c
View file

@ -1,26 +1,34 @@
#include "fe25519.h"
// tmp MUST != out
// tmp MUST != out or in
// in MAY == out
void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num)
void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset)
{
fe25519 acc;
fe25519 tmpacc;
size_t i;
const fe25519 *inp;
fe25519 *outp;
fe25519_setint(&acc,1);
inp = in;
for (i = 0;i < num;++i) {
tmp[i] = acc;
fe25519_mul(&acc,&acc,in[i]);
fe25519_mul(&acc,&acc,inp);
inp = (const fe25519 *)((const char *)inp + offset);
}
fe25519_invert(&acc,&acc);
i = num;
inp = (const fe25519 *)((const char *)in + offset * num);
outp = (fe25519 *)((char *)out + offset * num);
while (i--) {
fe25519_mul(&tmpacc,&acc,in[i]);
fe25519_mul(out[i],&acc,&tmp[i]);
inp = (const fe25519 *)((const char *)inp - offset);
outp = (fe25519 *)((char *)outp - offset);
fe25519_mul(&tmpacc,&acc,inp);
fe25519_mul(outp,&acc,&tmp[i]);
acc = tmpacc;
}
}

18
ed25519/amd64-51-30k/fe25519_freeze.s → ed25519/amd64-51-30k/fe25519_freeze.S
View file

@ -63,13 +63,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze
# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_freeze)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze
.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze
_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze:
crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze:
.globl _CRYPTO_NAMESPACE(batch_fe25519_freeze)
.globl CRYPTO_NAMESPACE(batch_fe25519_freeze)
_CRYPTO_NAMESPACE(batch_fe25519_freeze):
CRYPTO_NAMESPACE(batch_fe25519_freeze):
mov %rsp,%r11
and $31,%r11
add $64,%r11
@ -135,10 +135,10 @@ movq 24(%rdi),%r8
# asm 2: movq 32(<rp=%rdi),>r4=%r9
movq 32(%rdi),%r9
# qhasm: two51minus1 = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=%rax
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rax
# qhasm: two51minus1 = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=int64#7
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=%rax
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rax
# qhasm: two51minus19 = two51minus1
# asm 1: mov <two51minus1=int64#7,>two51minus19=int64#8

18
ed25519/amd64-51-30k/fe25519_mul.s → ed25519/amd64-51-30k/fe25519_mul.S
View file

@ -97,13 +97,13 @@
# qhasm: stack64 mulx419_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul
# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_mul)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul
.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul
_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul:
crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul:
.globl _CRYPTO_NAMESPACE(batch_fe25519_mul)
.globl CRYPTO_NAMESPACE(batch_fe25519_mul)
_CRYPTO_NAMESPACE(batch_fe25519_mul):
CRYPTO_NAMESPACE(batch_fe25519_mul):
mov %rsp,%r11
and $31,%r11
add $96,%r11
@ -689,10 +689,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi
# qhasm: mulr01 = (mulr01.r0) << 13
# asm 1: shld $13,<r0=int64#5,<mulr01=int64#6

18
ed25519/amd64-51-30k/fe25519_nsquare.s → ed25519/amd64-51-30k/fe25519_nsquare.S
View file

@ -87,13 +87,13 @@
# qhasm: stack64 n_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare
# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_nsquare)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare
.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare
_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare:
crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare:
.globl _CRYPTO_NAMESPACE(batch_fe25519_nsquare)
.globl CRYPTO_NAMESPACE(batch_fe25519_nsquare)
_CRYPTO_NAMESPACE(batch_fe25519_nsquare):
CRYPTO_NAMESPACE(batch_fe25519_nsquare):
mov %rsp,%r11
and $31,%r11
add $64,%r11
@ -497,10 +497,10 @@ add %rax,%r13
# asm 2: adc <squarerdx=%rdx,<squarer31=%r14
adc %rdx,%r14
# qhasm: squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: squarer01 = (squarer01.r0) << 13
# asm 1: shld $13,<r0=int64#4,<squarer01=int64#5

18
ed25519/amd64-51-30k/fe25519_square.s → ed25519/amd64-51-30k/fe25519_square.S
View file

@ -85,13 +85,13 @@
# qhasm: int64 squareredmask
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square
# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_square)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square
.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square
_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square:
crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square:
.globl _CRYPTO_NAMESPACE(batch_fe25519_square)
.globl CRYPTO_NAMESPACE(batch_fe25519_square)
_CRYPTO_NAMESPACE(batch_fe25519_square):
CRYPTO_NAMESPACE(batch_fe25519_square):
mov %rsp,%r11
and $31,%r11
add $64,%r11
@ -492,10 +492,10 @@ add %rax,%r13
# asm 2: adc <squarerdx=%rdx,<squarer31=%r14
adc %rdx,%r14
# qhasm: squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#2
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rsi
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#2
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rsi
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi
# qhasm: squarer01 = (squarer01.r0) << 13
# asm 1: shld $13,<r0=int64#4,<squarer01=int64#5

61
ed25519/amd64-51-30k/ge25519.h
View file

@ -11,27 +11,27 @@
#include "fe25519.h"
#include "sc25519.h"
#include "compat.h"
#define ge25519 crypto_sign_ed25519_amd64_51_30k_batch_ge25519
#define ge25519_base crypto_sign_ed25519_amd64_51_30k_batch_ge25519_base
#define ge25519_unpackneg_vartime crypto_sign_ed25519_amd64_51_30k_batch_unpackneg_vartime
#define ge25519_pack crypto_sign_ed25519_amd64_51_30k_batch_pack
#define ge25519_isneutral_vartime crypto_sign_ed25519_amd64_51_30k_batch_isneutral_vartime
#define ge25519_add crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add
#define ge25519_double crypto_sign_ed25519_amd64_51_30k_batch_ge25519_double
#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_amd64_51_30k_batch_double_scalarmult_vartime
#define ge25519_multi_scalarmult_vartime crypto_sign_ed25519_amd64_51_30k_batch_ge25519_multi_scalarmult_vartime
#define ge25519_scalarmult_base crypto_sign_ed25519_amd64_51_30k_batch_scalarmult_base
#define ge25519_p1p1_to_p2 crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2
#define ge25519_p1p1_to_p3 crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3
#define ge25519_p1p1_to_pniels crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels
#define ge25519_add_p1p1 crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1
#define ge25519_dbl_p1p1 crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1
#define choose_t crypto_sign_ed25519_amd64_51_30k_batch_choose_t
#define choose_t_smultq crypto_sign_ed25519_amd64_51_30k_batch_choose_t_smultq
#define ge25519_nielsadd2 crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2
#define ge25519_nielsadd_p1p1 crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1
#define ge25519_pnielsadd_p1p1 crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1
#define ge25519 CRYPTO_NAMESPACE(batch_ge25519)
#define ge25519_base CRYPTO_NAMESPACE(batch_ge25519_base)
#define ge25519_unpackneg_vartime CRYPTO_NAMESPACE(batch_unpackneg_vartime)
#define ge25519_pack CRYPTO_NAMESPACE(batch_pack)
#define ge25519_isneutral_vartime CRYPTO_NAMESPACE(batch_isneutral_vartime)
#define ge25519_add CRYPTO_NAMESPACE(batch_ge25519_add)
#define ge25519_double CRYPTO_NAMESPACE(batch_ge25519_double)
#define ge25519_double_scalarmult_vartime CRYPTO_NAMESPACE(batch_double_scalarmult_vartime)
#define ge25519_multi_scalarmult_vartime CRYPTO_NAMESPACE(batch_ge25519_multi_scalarmult_vartime)
#define ge25519_scalarmult_base CRYPTO_NAMESPACE(batch_scalarmult_base)
#define ge25519_p1p1_to_p2 CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2)
#define ge25519_p1p1_to_p3 CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3)
#define ge25519_p1p1_to_pniels CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels)
#define ge25519_add_p1p1 CRYPTO_NAMESPACE(batch_ge25519_add_p1p1)
#define ge25519_dbl_p1p1 CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1)
#define choose_t CRYPTO_NAMESPACE(batch_choose_t)
#define ge25519_nielsadd2 CRYPTO_NAMESPACE(batch_ge25519_nielsadd2)
#define ge25519_nielsadd_p1p1 CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1)
#define ge25519_pnielsadd_p1p1 CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1)
#define ge25519_p3 ge25519
@ -75,16 +75,15 @@ typedef struct
typedef unsigned char bytes32[32];
extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p);
extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p);
extern void ge25519_p1p1_to_pniels(ge25519_pniels *r, const ge25519_p1p1 *p);
extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q);
extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p);
extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples);
extern void choose_t_smultq(ge25519_pniels *t, signed long long b, const ge25519_pniels *pre);
extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q);
extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q);
extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q);
extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) SYSVABI;
extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) SYSVABI;
extern void ge25519_p1p1_to_pniels(ge25519_pniels *r, const ge25519_p1p1 *p) SYSVABI;
extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) SYSVABI;
extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) SYSVABI;
extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples) SYSVABI;
extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q) SYSVABI;
extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q) SYSVABI;
extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q) SYSVABI;
extern const ge25519 ge25519_base;
@ -92,7 +91,7 @@ extern int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
extern void ge25519_pack(unsigned char r[32], const ge25519 *p);
extern void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num);
extern void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num);
extern void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf);
extern int ge25519_isneutral_vartime(const ge25519 *p);

310
ed25519/amd64-51-30k/ge25519_add_p1p1.s → ed25519/amd64-51-30k/ge25519_add_p1p1.S
View file

@ -247,13 +247,13 @@
# qhasm: stack64 mulx419_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1
# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_add_p1p1)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1
.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1
_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1:
crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1:
.globl _CRYPTO_NAMESPACE(batch_ge25519_add_p1p1)
.globl CRYPTO_NAMESPACE(batch_ge25519_add_p1p1)
_CRYPTO_NAMESPACE(batch_ge25519_add_p1p1):
CRYPTO_NAMESPACE(batch_ge25519_add_p1p1):
mov %rsp,%r11
and $31,%r11
add $256,%r11
@ -329,10 +329,10 @@ movq 72(%rsi),%r10
# asm 2: mov <a0=%rdx,>b0=%r11
mov %rdx,%r11
# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=int64#3
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=%rdx
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
# qhasm: a0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<a0=int64#3
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<a0=%rdx
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx
# qhasm: x0 = *(uint64 *)(pp + 0)
# asm 1: movq 0(<pp=int64#2),>x0=int64#10
@ -354,10 +354,10 @@ sub %r12,%rdx
# asm 2: mov <a1=%r8,>b1=%r12
mov %r8,%r12
# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: a1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a1=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a1=%r8
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: x1 = *(uint64 *)(pp + 8)
# asm 1: movq 8(<pp=int64#2),>x1=int64#11
@ -379,10 +379,10 @@ sub %r13,%r8
# asm 2: mov <a2=%r9,>b2=%r13
mov %r9,%r13
# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=int64#6
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=%r9
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: a2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a2=int64#6
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a2=%r9
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: x2 = *(uint64 *)(pp + 16)
# asm 1: movq 16(<pp=int64#2),>x2=int64#12
@ -404,10 +404,10 @@ sub %r14,%r9
# asm 2: mov <a3=%rax,>b3=%r14
mov %rax,%r14
# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: a3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a3=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a3=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: x3 = *(uint64 *)(pp + 24)
# asm 1: movq 24(<pp=int64#2),>x3=int64#13
@ -429,10 +429,10 @@ sub %r15,%rax
# asm 2: mov <a4=%r10,>b4=%r15
mov %r10,%r15
# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: a4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a4=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a4=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: x4 = *(uint64 *)(pp + 32)
# asm 1: movq 32(<pp=int64#2),>x4=int64#14
@ -529,10 +529,10 @@ movq 72(%rcx),%r10
# asm 2: mov <t10=%rdx,>t20=%r11
mov %rdx,%r11
# qhasm: t10 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<t10=int64#3
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<t10=%rdx
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
# qhasm: t10 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<t10=int64#3
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<t10=%rdx
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx
# qhasm: rx0 = *(uint64 *) (qp + 0)
# asm 1: movq 0(<qp=int64#4),>rx0=int64#10
@ -554,10 +554,10 @@ sub %r12,%rdx
# asm 2: mov <t11=%r8,>t21=%r12
mov %r8,%r12
# qhasm: t11 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t11=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t11=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: t11 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<t11=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<t11=%r8
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: rx1 = *(uint64 *) (qp + 8)
# asm 1: movq 8(<qp=int64#4),>rx1=int64#11
@ -579,10 +579,10 @@ sub %r13,%r8
# asm 2: mov <t12=%r9,>t22=%r13
mov %r9,%r13
# qhasm: t12 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t12=int64#6
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t12=%r9
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: t12 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<t12=int64#6
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<t12=%r9
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: rx2 = *(uint64 *) (qp + 16)
# asm 1: movq 16(<qp=int64#4),>rx2=int64#12
@ -604,10 +604,10 @@ sub %r14,%r9
# asm 2: mov <t13=%rax,>t23=%r14
mov %rax,%r14
# qhasm: t13 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t13=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t13=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: t13 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<t13=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<t13=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: rx3 = *(uint64 *) (qp + 24)
# asm 1: movq 24(<qp=int64#4),>rx3=int64#13
@ -629,10 +629,10 @@ sub %r15,%rax
# asm 2: mov <t14=%r10,>t24=%r15
mov %r10,%r15
# qhasm: t14 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t14=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t14=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: t14 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<t14=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<t14=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: rx4 = *(uint64 *) (qp + 32)
# asm 1: movq 32(<qp=int64#4),>rx4=int64#14
@ -1234,10 +1234,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.a0) << 13
# asm 1: shld $13,<a0=int64#5,<mulr01=int64#6
@ -1984,10 +1984,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.rx0) << 13
# asm 1: shld $13,<rx0=int64#5,<mulr01=int64#6
@ -2199,30 +2199,30 @@ mov %r11,%r14
# asm 2: mov <rx4=%r12,>ry4=%r15
mov %r12,%r15
# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rx0=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rx0=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
# qhasm: rx0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<rx0=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<rx0=%r8
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8
# qhasm: rx1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx1=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx1=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: rx1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rx1=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rx1=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: rx2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx2=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx2=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: rx2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rx2=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rx2=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: rx3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx3=int64#9
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx3=%r11
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
# qhasm: rx3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rx3=int64#9
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rx3=%r11
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11
# qhasm: rx4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx4=int64#10
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx4=%r12
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
# qhasm: rx4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rx4=int64#10
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rx4=%r12
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12
# qhasm: ry0 += a0_stack
# asm 1: addq <a0_stack=stack64#8,<ry0=int64#3
@ -2859,10 +2859,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.c0) << 13
# asm 1: shld $13,<c0=int64#5,<mulr01=int64#6
@ -3089,8 +3089,8 @@ imulq $19,%rdx,%rax
# asm 2: movq <mulrax=%rax,>mulx319_stack=96(%rsp)
movq %rax,96(%rsp)
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: c0 = mulrax
# asm 1: mov <mulrax=int64#7,>c0=int64#5
@ -3117,8 +3117,8 @@ imulq $19,%rdx,%rax
# asm 2: movq <mulrax=%rax,>mulx419_stack=104(%rsp)
movq %rax,104(%rsp)
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: carry? c0 += mulrax
# asm 1: add <mulrax=int64#7,<c0=int64#5
@ -3135,8 +3135,8 @@ adc %rdx,%r9
# asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? c0 += mulrax
# asm 1: add <mulrax=int64#7,<c0=int64#5
@ -3153,8 +3153,8 @@ adc %rdx,%r9
# asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: c1 = mulrax
# asm 1: mov <mulrax=int64#7,>c1=int64#8
@ -3171,8 +3171,8 @@ mov %rdx,%r11
# asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: c2 = mulrax
# asm 1: mov <mulrax=int64#7,>c2=int64#10
@ -3189,8 +3189,8 @@ mov %rdx,%r13
# asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: c3 = mulrax
# asm 1: mov <mulrax=int64#7,>c3=int64#12
@ -3207,8 +3207,8 @@ mov %rdx,%r15
# asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: c4 = mulrax
# asm 1: mov <mulrax=int64#7,>c4=int64#14
@ -3225,8 +3225,8 @@ mov %rdx,%rbp
# asm 2: movq <c1_stack=64(%rsp),>mulrax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? c1 += mulrax
# asm 1: add <mulrax=int64#7,<c1=int64#8
@ -3243,8 +3243,8 @@ adc %rdx,%r11
# asm 2: movq <c1_stack=64(%rsp),>mulrax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: carry? c2 += mulrax
# asm 1: add <mulrax=int64#7,<c2=int64#10
@ -3261,8 +3261,8 @@ adc %rdx,%r13
# asm 2: movq <c1_stack=64(%rsp),>mulrax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: carry? c3 += mulrax
# asm 1: add <mulrax=int64#7,<c3=int64#12
@ -3279,8 +3279,8 @@ adc %rdx,%r15
# asm 2: movq <c1_stack=64(%rsp),>mulrax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: carry? c4 += mulrax
# asm 1: add <mulrax=int64#7,<c4=int64#14
@ -3302,8 +3302,8 @@ movq 64(%rsp),%rdx
# asm 2: imulq $19,<mulrax=%rdx,>mulrax=%rax
imulq $19,%rdx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: carry? c0 += mulrax
# asm 1: add <mulrax=int64#7,<c0=int64#5
@ -3320,8 +3320,8 @@ adc %rdx,%r9
# asm 2: movq <c2_stack=72(%rsp),>mulrax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? c2 += mulrax
# asm 1: add <mulrax=int64#7,<c2=int64#10
@ -3338,8 +3338,8 @@ adc %rdx,%r13
# asm 2: movq <c2_stack=72(%rsp),>mulrax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: carry? c3 += mulrax
# asm 1: add <mulrax=int64#7,<c3=int64#12
@ -3356,8 +3356,8 @@ adc %rdx,%r15
# asm 2: movq <c2_stack=72(%rsp),>mulrax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: carry? c4 += mulrax
# asm 1: add <mulrax=int64#7,<c4=int64#14
@ -3379,8 +3379,8 @@ movq 72(%rsp),%rdx
# asm 2: imulq $19,<mulrax=%rdx,>mulrax=%rax
imulq $19,%rdx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: carry? c0 += mulrax
# asm 1: add <mulrax=int64#7,<c0=int64#5
@ -3402,8 +3402,8 @@ movq 72(%rsp),%rdx
# asm 2: imulq $19,<mulrax=%rdx,>mulrax=%rax
imulq $19,%rdx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: carry? c1 += mulrax
# asm 1: add <mulrax=int64#7,<c1=int64#8
@ -3420,8 +3420,8 @@ adc %rdx,%r11
# asm 2: movq <c3_stack=80(%rsp),>mulrax=%rax
movq 80(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? c3 += mulrax
# asm 1: add <mulrax=int64#7,<c3=int64#12
@ -3438,8 +3438,8 @@ adc %rdx,%r15
# asm 2: movq <c3_stack=80(%rsp),>mulrax=%rax
movq 80(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: carry? c4 += mulrax
# asm 1: add <mulrax=int64#7,<c4=int64#14
@ -3456,8 +3456,8 @@ adc %rdx,%rbp
# asm 2: movq <mulx319_stack=96(%rsp),>mulrax=%rax
movq 96(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: carry? c1 += mulrax
# asm 1: add <mulrax=int64#7,<c1=int64#8
@ -3474,8 +3474,8 @@ adc %rdx,%r11
# asm 2: movq <mulx319_stack=96(%rsp),>mulrax=%rax
movq 96(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: carry? c2 += mulrax
# asm 1: add <mulrax=int64#7,<c2=int64#10
@ -3492,8 +3492,8 @@ adc %rdx,%r13
# asm 2: movq <c4_stack=88(%rsp),>mulrax=%rax
movq 88(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? c4 += mulrax
# asm 1: add <mulrax=int64#7,<c4=int64#14
@ -3510,8 +3510,8 @@ adc %rdx,%rbp
# asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
movq 104(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: carry? c1 += mulrax
# asm 1: add <mulrax=int64#7,<c1=int64#8
@ -3528,8 +3528,8 @@ adc %rdx,%r11
# asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
movq 104(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: carry? c2 += mulrax
# asm 1: add <mulrax=int64#7,<c2=int64#10
@ -3546,8 +3546,8 @@ adc %rdx,%r13
# asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
movq 104(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: carry? c3 += mulrax
# asm 1: add <mulrax=int64#7,<c3=int64#12
@ -3559,10 +3559,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.c0) << 13
# asm 1: shld $13,<c0=int64#5,<mulr01=int64#6
@ -4309,10 +4309,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi
# qhasm: mulr01 = (mulr01.rt0) << 13
# asm 1: shld $13,<rt0=int64#5,<mulr01=int64#6
@ -4549,30 +4549,30 @@ mov %rax,%r12
# asm 2: mov <rt4=%r10,>rz4=%r13
mov %r10,%r13
# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rt0=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rt0=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
# qhasm: rt0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<rt0=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<rt0=%r8
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8
# qhasm: rt1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt1=int64#4
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt1=%rcx
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
# qhasm: rt1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rt1=int64#4
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rt1=%rcx
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx
# qhasm: rt2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt2=int64#6
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt2=%r9
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: rt2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rt2=int64#6
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rt2=%r9
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: rt3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt3=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt3=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: rt3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rt3=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rt3=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: rt4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt4=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt4=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: rt4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rt4=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rt4=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: rz0 += c0_stack
# asm 1: addq <c0_stack=stack64#8,<rz0=int64#2

5
ed25519/amd64-51-30k/ge25519_batchpack.c
View file

@ -1,13 +1,12 @@
#include "fe25519.h"
#include "ge25519.h"
// assumes inz[] points to things in in[]
// NOTE: leaves in unfinished state
void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num)
void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num)
{
fe25519 ty;
fe25519_batchinvert(inz, tmp, inz, num);
fe25519_batchinvert(&in->z, &in->z, tmp, num, sizeof(ge25519_p3));
for (size_t i = 0; i < num; ++i) {
fe25519_mul(&ty, &in[i].y, &in[i].z);

162
ed25519/amd64-51-30k/ge25519_dbl_p1p1.s → ed25519/amd64-51-30k/ge25519_dbl_p1p1.S
View file

@ -241,13 +241,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1
# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1
.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1
_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1:
crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1:
.globl _CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1)
.globl CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1)
_CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1):
CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1):
mov %rsp,%r11
and $31,%r11
add $224,%r11
@ -648,10 +648,10 @@ add %rax,%r13
# asm 2: adc <squarerdx=%rdx,<squarer31=%r14
adc %rdx,%r14
# qhasm: squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: squarer01 = (squarer01.a0) << 13
# asm 1: shld $13,<a0=int64#4,<squarer01=int64#5
@ -1223,10 +1223,10 @@ add %rax,%r13
# asm 2: adc <squarerdx=%rdx,<squarer31=%r14
adc %rdx,%r14
# qhasm: squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: squarer01 = (squarer01.b0) << 13
# asm 1: shld $13,<b0=int64#4,<squarer01=int64#5
@ -1798,10 +1798,10 @@ add %rax,%r13
# asm 2: adc <squarerdx=%rdx,<squarer31=%r14
adc %rdx,%r14
# qhasm: squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: squarer01 = (squarer01.c0) << 13
# asm 1: shld $13,<c0=int64#4,<squarer01=int64#5
@ -2038,30 +2038,30 @@ movq %r10,160(%rsp)
# asm 2: movq <c4=%r11,>c4_stack=168(%rsp)
movq %r11,168(%rsp)
# qhasm: d0 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
# qhasm: d0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>d0=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>d0=%rdx
movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx
# qhasm: d1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=int64#4
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=%rcx
movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
# qhasm: d1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=int64#4
# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=%rcx
movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx
# qhasm: d2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=int64#5
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=%r8
movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: d2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=int64#5
# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=%r8
movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: d3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=int64#6
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=%r9
movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: d3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=int64#6
# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=%r9
movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: d4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=%rax
movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: d4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=int64#7
# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=%rax
movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: e0 = d0
# asm 1: mov <d0=int64#3,>e0=int64#8
@ -2263,30 +2263,30 @@ movq %r13,64(%rdi)
# asm 2: movq <rz4=%r14,72(<rp=%rdi)
movq %r14,72(%rdi)
# qhasm: d0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<d0=int64#3
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<d0=%rdx
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
# qhasm: d0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<d0=int64#3
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<d0=%rdx
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx
# qhasm: d1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d1=int64#4
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d1=%rcx
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
# qhasm: d1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<d1=int64#4
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<d1=%rcx
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx
# qhasm: d2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d2=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d2=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: d2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<d2=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<d2=%r8
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: d3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d3=int64#6
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d3=%r9
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: d3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<d3=int64#6
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<d3=%r9
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: d4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d4=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d4=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: d4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<d4=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<d4=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: d0 -= b0_stack
# asm 1: subq <b0_stack=stack64#13,<d0=int64#3
@ -2338,30 +2338,30 @@ movq %r9,104(%rdi)
# asm 2: movq <d4=%rax,112(<rp=%rdi)
movq %rax,112(%rdi)
# qhasm: rz0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_4P0,<rz0=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_4P0,<rz0=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_4P0,%r10
# qhasm: rz0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P0)
# asm 1: add CRYPTO_NAMESPACE(batch_4P0),<rz0=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_4P0),<rz0=%r10
add CRYPTO_NAMESPACE(batch_4P0)(%rip),%r10
# qhasm: rz1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz1=int64#9
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz1=%r11
add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,%r11
# qhasm: rz1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_4P1234),<rz1=int64#9
# asm 2: add CRYPTO_NAMESPACE(batch_4P1234),<rz1=%r11
add CRYPTO_NAMESPACE(batch_4P1234)(%rip),%r11
# qhasm: rz2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz2=int64#10
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz2=%r12
add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,%r12
# qhasm: rz2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_4P1234),<rz2=int64#10
# asm 2: add CRYPTO_NAMESPACE(batch_4P1234),<rz2=%r12
add CRYPTO_NAMESPACE(batch_4P1234)(%rip),%r12
# qhasm: rz3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz3=int64#11
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz3=%r13
add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,%r13
# qhasm: rz3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_4P1234),<rz3=int64#11
# asm 2: add CRYPTO_NAMESPACE(batch_4P1234),<rz3=%r13
add CRYPTO_NAMESPACE(batch_4P1234)(%rip),%r13
# qhasm: rz4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz4=int64#12
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz4=%r14
add crypto_sign_ed25519_amd64_51_30k_batch_4P1234,%r14
# qhasm: rz4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_4P1234),<rz4=int64#12
# asm 2: add CRYPTO_NAMESPACE(batch_4P1234),<rz4=%r14
add CRYPTO_NAMESPACE(batch_4P1234)(%rip),%r14
# qhasm: rz0 -= c0_stack
# asm 1: subq <c0_stack=stack64#18,<rz0=int64#8
@ -2848,10 +2848,10 @@ add %rax,%r12
# asm 2: adc <squarerdx=%rdx,<squarer31=%r13
adc %rdx,%r13
# qhasm: squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: squarer01 = (squarer01.rx0) << 13
# asm 1: shld $13,<rx0=int64#2,<squarer01=int64#4

2
ed25519/amd64-51-30k/ge25519_double_scalarmult.c
View file

@ -7,7 +7,7 @@
#define S2_SWINDOWSIZE 7
#define PRE2_SIZE (1<<(S2_SWINDOWSIZE-2))
ge25519_niels pre2[PRE2_SIZE] = {
static const ge25519_niels pre2[PRE2_SIZE] = {
#include "ge25519_base_slide_multiples.data"
};

186
ed25519/amd64-51-30k/ge25519_nielsadd2.s → ed25519/amd64-51-30k/ge25519_nielsadd2.S
View file

@ -333,13 +333,13 @@
# qhasm: stack64 mulx419_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2
# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_nielsadd2)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2
.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2
_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2:
crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2:
.globl _CRYPTO_NAMESPACE(batch_ge25519_nielsadd2)
.globl CRYPTO_NAMESPACE(batch_ge25519_nielsadd2)
_CRYPTO_NAMESPACE(batch_ge25519_nielsadd2):
CRYPTO_NAMESPACE(batch_ge25519_nielsadd2):
mov %rsp,%r11
and $31,%r11
add $256,%r11
@ -430,30 +430,30 @@ mov %r9,%r13
# asm 2: mov <a4=%rax,>b4=%r14
mov %rax,%r14
# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=int64#3
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=%rdx
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
# qhasm: a0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<a0=int64#3
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<a0=%rdx
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx
# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=int64#4
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=%rcx
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
# qhasm: a1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a1=int64#4
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a1=%rcx
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx
# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: a2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a2=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a2=%r8
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=int64#6
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=%r9
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: a3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a3=int64#6
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a3=%r9
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: a4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a4=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a4=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: b0 += *(uint64 *) (rp + 0)
# asm 1: addq 0(<rp=int64#1),<b0=int64#8
@ -1090,10 +1090,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.a0) << 13
# asm 1: shld $13,<a0=int64#4,<mulr01=int64#5
@ -1840,10 +1840,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.e0) << 13
# asm 1: shld $13,<e0=int64#4,<mulr01=int64#5
@ -2055,30 +2055,30 @@ mov %r10,%r13
# asm 2: mov <e4=%r11,>h4=%r14
mov %r11,%r14
# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<e0=int64#4
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<e0=%rcx
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rcx
# qhasm: e0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<e0=int64#4
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<e0=%rcx
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rcx
# qhasm: e1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e1=int64#6
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e1=%r9
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: e1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<e1=int64#6
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<e1=%r9
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: e2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e2=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e2=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: e2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<e2=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<e2=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: e3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e3=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e3=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: e3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<e3=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<e3=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: e4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e4=int64#9
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e4=%r11
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
# qhasm: e4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<e4=int64#9
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<e4=%r11
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11
# qhasm: h0 += a0_stack
# asm 1: addq <a0_stack=stack64#8,<h0=int64#3
@ -2715,10 +2715,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi
# qhasm: mulr01 = (mulr01.c0) << 13
# asm 1: shld $13,<c0=int64#4,<mulr01=int64#5
@ -2985,30 +2985,30 @@ mov %r11,%rbx
# asm 2: mov <f4=%r12,>g4=%rbp
mov %r12,%rbp
# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<f0=int64#2
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<f0=%rsi
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rsi
# qhasm: f0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<f0=int64#2
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<f0=%rsi
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rsi
# qhasm: f1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f1=int64#3
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f1=%rdx
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rdx
# qhasm: f1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<f1=int64#3
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<f1=%rdx
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rdx
# qhasm: f2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f2=int64#4
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f2=%rcx
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
# qhasm: f2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<f2=int64#4
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<f2=%rcx
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx
# qhasm: f3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f3=int64#9
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f3=%r11
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
# qhasm: f3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<f3=int64#9
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<f3=%r11
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11
# qhasm: f4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f4=int64#10
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f4=%r12
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
# qhasm: f4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<f4=int64#10
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<f4=%r12
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12
# qhasm: g0 += c0_stack
# asm 1: addq <c0_stack=stack64#18,<g0=int64#11
@ -3645,10 +3645,10 @@ add %rax,%r12
# asm 2: adc <mulrdx=%rdx,<mulr31=%r13
adc %rdx,%r13
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.rx0) << 13
# asm 1: shld $13,<rx0=int64#2,<mulr01=int64#4
@ -4395,10 +4395,10 @@ add %rax,%r12
# asm 2: adc <mulrdx=%rdx,<mulr31=%r13
adc %rdx,%r13
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.ry0) << 13
# asm 1: shld $13,<ry0=int64#2,<mulr01=int64#4
@ -5145,10 +5145,10 @@ add %rax,%r12
# asm 2: adc <mulrdx=%rdx,<mulr31=%r13
adc %rdx,%r13
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.rz0) << 13
# asm 1: shld $13,<rz0=int64#2,<mulr01=int64#4
@ -5895,10 +5895,10 @@ add %rax,%r12
# asm 2: adc <mulrdx=%rdx,<mulr31=%r13
adc %rdx,%r13
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.rt0) << 13
# asm 1: shld $13,<rt0=int64#2,<mulr01=int64#4

154
ed25519/amd64-51-30k/ge25519_nielsadd_p1p1.s → ed25519/amd64-51-30k/ge25519_nielsadd_p1p1.S
View file

@ -337,13 +337,13 @@
# qhasm: stack64 mulx419_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1
# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1
.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1
_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1:
crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1:
.globl _CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1)
.globl CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1)
_CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1):
CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1):
mov %rsp,%r11
and $31,%r11
add $160,%r11
@ -439,30 +439,30 @@ mov %rax,%r14
# asm 2: mov <a4=%r10,>b4=%r15
mov %r10,%r15
# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=int64#3
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=%rdx
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
# qhasm: a0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<a0=int64#3
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<a0=%rdx
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx
# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: a1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a1=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a1=%r8
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=int64#6
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=%r9
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: a2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a2=int64#6
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a2=%r9
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: a3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a3=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a3=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: a4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a4=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a4=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: b0 += *(uint64 *) (pp + 0)
# asm 1: addq 0(<pp=int64#2),<b0=int64#9
@ -1099,10 +1099,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.a0) << 13
# asm 1: shld $13,<a0=int64#5,<mulr01=int64#6
@ -1849,10 +1849,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.e0) << 13
# asm 1: shld $13,<e0=int64#5,<mulr01=int64#6
@ -2064,30 +2064,30 @@ mov %r11,%r14
# asm 2: mov <e4=%r12,>h4=%r15
mov %r12,%r15
# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<e0=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<e0=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
# qhasm: e0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<e0=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<e0=%r8
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8
# qhasm: e1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e1=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e1=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: e1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<e1=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<e1=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: e2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e2=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e2=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: e2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<e2=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<e2=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: e3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e3=int64#9
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e3=%r11
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
# qhasm: e3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<e3=int64#9
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<e3=%r11
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11
# qhasm: e4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e4=int64#10
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e4=%r12
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
# qhasm: e4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<e4=int64#10
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<e4=%r12
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12
# qhasm: h0 += a0_stack
# asm 1: addq <a0_stack=stack64#8,<h0=int64#3
@ -2724,10 +2724,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.c0) << 13
# asm 1: shld $13,<c0=int64#5,<mulr01=int64#6
@ -2994,30 +2994,30 @@ mov %r12,%rbx
# asm 2: mov <f4=%rsi,>g4=%rbp
mov %rsi,%rbp
# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<f0=int64#3
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<f0=%rdx
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
# qhasm: f0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<f0=int64#3
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<f0=%rdx
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx
# qhasm: f1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f1=int64#4
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f1=%rcx
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
# qhasm: f1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<f1=int64#4
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<f1=%rcx
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx
# qhasm: f2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f2=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f2=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: f2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<f2=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<f2=%r8
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: f3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f3=int64#10
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f3=%r12
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
# qhasm: f3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<f3=int64#10
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<f3=%r12
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12
# qhasm: f4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f4=int64#2
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f4=%rsi
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rsi
# qhasm: f4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<f4=int64#2
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<f4=%rsi
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rsi
# qhasm: g0 += c0_stack
# asm 1: addq <c0_stack=stack64#8,<g0=int64#11

34
ed25519/amd64-51-30k/ge25519_p1p1_to_p2.s → ed25519/amd64-51-30k/ge25519_p1p1_to_p2.S
View file

@ -103,13 +103,13 @@
# qhasm: stack64 mulx419_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2
# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2
.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2
_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2:
crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2:
.globl _CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2)
.globl CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2)
_CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2):
CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2):
mov %rsp,%r11
and $31,%r11
add $96,%r11
@ -685,10 +685,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.rx0) << 13
# asm 1: shld $13,<rx0=int64#4,<mulr01=int64#5
@ -1435,10 +1435,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.ry0) << 13
# asm 1: shld $13,<ry0=int64#4,<mulr01=int64#5
@ -2185,10 +2185,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi
# qhasm: mulr01 = (mulr01.rz0) << 13
# asm 1: shld $13,<rz0=int64#4,<mulr01=int64#5

42
ed25519/amd64-51-30k/ge25519_p1p1_to_p3.s → ed25519/amd64-51-30k/ge25519_p1p1_to_p3.S
View file

@ -113,13 +113,13 @@
# qhasm: stack64 mulx419_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3
# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3
.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3
_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3:
crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3:
.globl _CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3)
.globl CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3)
_CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3):
CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3):
mov %rsp,%r11
and $31,%r11
add $96,%r11
@ -695,10 +695,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.rx0) << 13
# asm 1: shld $13,<rx0=int64#4,<mulr01=int64#5
@ -1445,10 +1445,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.ry0) << 13
# asm 1: shld $13,<ry0=int64#4,<mulr01=int64#5
@ -2195,10 +2195,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.rz0) << 13
# asm 1: shld $13,<rz0=int64#4,<mulr01=int64#5
@ -2945,10 +2945,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi
# qhasm: mulr01 = (mulr01.rt0) << 13
# asm 1: shld $13,<rt0=int64#4,<mulr01=int64#5

190
ed25519/amd64-51-30k/ge25519_p1p1_to_pniels.s → ed25519/amd64-51-30k/ge25519_p1p1_to_pniels.S
View file

@ -171,13 +171,13 @@
# qhasm: stack64 mulx419_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels
# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels
.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels
_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels:
crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels:
.globl _CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels)
.globl CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels)
_CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels):
CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels):
mov %rsp,%r11
and $31,%r11
add $128,%r11
@ -753,10 +753,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.x0) << 13
# asm 1: shld $13,<x0=int64#4,<mulr01=int64#5
@ -1503,10 +1503,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.y0) << 13
# asm 1: shld $13,<y0=int64#4,<mulr01=int64#5
@ -1718,30 +1718,30 @@ mov %r10,%r13
# asm 2: mov <y4=%r11,>ysubx4=%r14
mov %r11,%r14
# qhasm: ysubx0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<ysubx0=int64#3
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<ysubx0=%rdx
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
# qhasm: ysubx0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<ysubx0=int64#3
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<ysubx0=%rdx
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx
# qhasm: ysubx1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx1=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx1=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: ysubx1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<ysubx1=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<ysubx1=%r8
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: ysubx2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx2=int64#10
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx2=%r12
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
# qhasm: ysubx2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<ysubx2=int64#10
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<ysubx2=%r12
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12
# qhasm: ysubx3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx3=int64#11
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx3=%r13
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r13
# qhasm: ysubx3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<ysubx3=int64#11
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<ysubx3=%r13
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r13
# qhasm: ysubx4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx4=int64#12
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx4=%r14
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r14
# qhasm: ysubx4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<ysubx4=int64#12
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<ysubx4=%r14
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r14
# qhasm: x0 = stackx0
# asm 1: movq <stackx0=stack64#8,>x0=int64#13
@ -2403,10 +2403,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.rz0) << 13
# asm 1: shld $13,<rz0=int64#4,<mulr01=int64#5
@ -3153,10 +3153,10 @@ add %rax,%r13
# asm 2: adc <mulrdx=%rdx,<mulr31=%r14
adc %rdx,%r14
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi
# qhasm: mulr01 = (mulr01.t0) << 13
# asm 1: shld $13,<t0=int64#4,<mulr01=int64#5
@ -3383,8 +3383,8 @@ imulq $19,%rsi,%rax
# asm 2: movq <mulrax=%rax,>mulx319_stack=96(%rsp)
movq %rax,96(%rsp)
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: t2d0 = mulrax
# asm 1: mov <mulrax=int64#7,>t2d0=int64#2
@ -3411,8 +3411,8 @@ imulq $19,%rdx,%rax
# asm 2: movq <mulrax=%rax,>mulx419_stack=104(%rsp)
movq %rax,104(%rsp)
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: carry? t2d0 += mulrax
# asm 1: add <mulrax=int64#7,<t2d0=int64#2
@ -3429,8 +3429,8 @@ adc %rdx,%rcx
# asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? t2d0 += mulrax
# asm 1: add <mulrax=int64#7,<t2d0=int64#2
@ -3447,8 +3447,8 @@ adc %rdx,%rcx
# asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: t2d1 = mulrax
# asm 1: mov <mulrax=int64#7,>t2d1=int64#5
@ -3465,8 +3465,8 @@ mov %rdx,%r9
# asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: t2d2 = mulrax
# asm 1: mov <mulrax=int64#7,>t2d2=int64#8
@ -3483,8 +3483,8 @@ mov %rdx,%r11
# asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: t2d3 = mulrax
# asm 1: mov <mulrax=int64#7,>t2d3=int64#10
@ -3501,8 +3501,8 @@ mov %rdx,%r13
# asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: t2d4 = mulrax
# asm 1: mov <mulrax=int64#7,>t2d4=int64#12
@ -3519,8 +3519,8 @@ mov %rdx,%r15
# asm 2: movq <stackt1=64(%rsp),>mulrax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? t2d1 += mulrax
# asm 1: add <mulrax=int64#7,<t2d1=int64#5
@ -3537,8 +3537,8 @@ adc %rdx,%r9
# asm 2: movq <stackt1=64(%rsp),>mulrax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: carry? t2d2 += mulrax
# asm 1: add <mulrax=int64#7,<t2d2=int64#8
@ -3555,8 +3555,8 @@ adc %rdx,%r11
# asm 2: movq <stackt1=64(%rsp),>mulrax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: carry? t2d3 += mulrax
# asm 1: add <mulrax=int64#7,<t2d3=int64#10
@ -3573,8 +3573,8 @@ adc %rdx,%r13
# asm 2: movq <stackt1=64(%rsp),>mulrax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: carry? t2d4 += mulrax
# asm 1: add <mulrax=int64#7,<t2d4=int64#12
@ -3596,8 +3596,8 @@ movq 64(%rsp),%rdx
# asm 2: imulq $19,<mulrax=%rdx,>mulrax=%rax
imulq $19,%rdx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: carry? t2d0 += mulrax
# asm 1: add <mulrax=int64#7,<t2d0=int64#2
@ -3614,8 +3614,8 @@ adc %rdx,%rcx
# asm 2: movq <stackt2=72(%rsp),>mulrax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? t2d2 += mulrax
# asm 1: add <mulrax=int64#7,<t2d2=int64#8
@ -3632,8 +3632,8 @@ adc %rdx,%r11
# asm 2: movq <stackt2=72(%rsp),>mulrax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: carry? t2d3 += mulrax
# asm 1: add <mulrax=int64#7,<t2d3=int64#10
@ -3650,8 +3650,8 @@ adc %rdx,%r13
# asm 2: movq <stackt2=72(%rsp),>mulrax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: carry? t2d4 += mulrax
# asm 1: add <mulrax=int64#7,<t2d4=int64#12
@ -3673,8 +3673,8 @@ movq 72(%rsp),%rdx
# asm 2: imulq $19,<mulrax=%rdx,>mulrax=%rax
imulq $19,%rdx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: carry? t2d0 += mulrax
# asm 1: add <mulrax=int64#7,<t2d0=int64#2
@ -3696,8 +3696,8 @@ movq 72(%rsp),%rdx
# asm 2: imulq $19,<mulrax=%rdx,>mulrax=%rax
imulq $19,%rdx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: carry? t2d1 += mulrax
# asm 1: add <mulrax=int64#7,<t2d1=int64#5
@ -3714,8 +3714,8 @@ adc %rdx,%r9
# asm 2: movq <stackt3=80(%rsp),>mulrax=%rax
movq 80(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? t2d3 += mulrax
# asm 1: add <mulrax=int64#7,<t2d3=int64#10
@ -3732,8 +3732,8 @@ adc %rdx,%r13
# asm 2: movq <stackt3=80(%rsp),>mulrax=%rax
movq 80(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)
# qhasm: carry? t2d4 += mulrax
# asm 1: add <mulrax=int64#7,<t2d4=int64#12
@ -3750,8 +3750,8 @@ adc %rdx,%r15
# asm 2: movq <mulx319_stack=96(%rsp),>mulrax=%rax
movq 96(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: carry? t2d1 += mulrax
# asm 1: add <mulrax=int64#7,<t2d1=int64#5
@ -3768,8 +3768,8 @@ adc %rdx,%r9
# asm 2: movq <mulx319_stack=96(%rsp),>mulrax=%rax
movq 96(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: carry? t2d2 += mulrax
# asm 1: add <mulrax=int64#7,<t2d2=int64#8
@ -3786,8 +3786,8 @@ adc %rdx,%r11
# asm 2: movq <stackt4=88(%rsp),>mulrax=%rax
movq 88(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)
# qhasm: carry? t2d4 += mulrax
# asm 1: add <mulrax=int64#7,<t2d4=int64#12
@ -3804,8 +3804,8 @@ adc %rdx,%r15
# asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
movq 104(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)
# qhasm: carry? t2d1 += mulrax
# asm 1: add <mulrax=int64#7,<t2d1=int64#5
@ -3822,8 +3822,8 @@ adc %rdx,%r9
# asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
movq 104(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)
# qhasm: carry? t2d2 += mulrax
# asm 1: add <mulrax=int64#7,<t2d2=int64#8
@ -3840,8 +3840,8 @@ adc %rdx,%r11
# asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
movq 104(%rsp),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
mulq crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)
# qhasm: carry? t2d3 += mulrax
# asm 1: add <mulrax=int64#7,<t2d3=int64#10
@ -3853,10 +3853,10 @@ add %rax,%r12
# asm 2: adc <mulrdx=%rdx,<mulr31=%r13
adc %rdx,%r13
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.t2d0) << 13
# asm 1: shld $13,<t2d0=int64#2,<mulr01=int64#4

162
ed25519/amd64-51-30k/ge25519_pnielsadd_p1p1.s → ed25519/amd64-51-30k/ge25519_pnielsadd_p1p1.S
View file

@ -247,13 +247,13 @@
# qhasm: stack64 mulx419_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1
# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1
.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1
_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1:
crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1:
.globl _CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1)
.globl CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1)
_CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1):
CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1):
mov %rsp,%r11
and $31,%r11
add $160,%r11
@ -349,30 +349,30 @@ mov %rax,%r14
# asm 2: mov <a4=%r10,>b4=%r15
mov %r10,%r15
# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=int64#3
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=%rdx
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
# qhasm: a0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<a0=int64#3
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<a0=%rdx
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx
# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
# qhasm: a1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a1=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a1=%r8
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8
# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=int64#6
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=%r9
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: a2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a2=int64#6
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a2=%r9
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: a3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a3=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a3=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: a4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<a4=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<a4=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: b0 += *(uint64 *) (pp + 0)
# asm 1: addq 0(<pp=int64#2),<b0=int64#9
@ -1009,10 +1009,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.a0) << 13
# asm 1: shld $13,<a0=int64#5,<mulr01=int64#6
@ -1759,10 +1759,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.rx0) << 13
# asm 1: shld $13,<rx0=int64#5,<mulr01=int64#6
@ -1974,30 +1974,30 @@ mov %r11,%r14
# asm 2: mov <rx4=%r12,>ry4=%r15
mov %r12,%r15
# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rx0=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rx0=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
# qhasm: rx0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<rx0=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<rx0=%r8
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8
# qhasm: rx1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx1=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx1=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: rx1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rx1=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rx1=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: rx2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx2=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx2=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: rx2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rx2=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rx2=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: rx3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx3=int64#9
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx3=%r11
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
# qhasm: rx3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rx3=int64#9
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rx3=%r11
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11
# qhasm: rx4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx4=int64#10
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx4=%r12
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
# qhasm: rx4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rx4=int64#10
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rx4=%r12
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12
# qhasm: ry0 += a0_stack
# asm 1: addq <a0_stack=stack64#8,<ry0=int64#3
@ -2634,10 +2634,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx
# qhasm: mulr01 = (mulr01.c0) << 13
# asm 1: shld $13,<c0=int64#5,<mulr01=int64#6
@ -3384,10 +3384,10 @@ add %rax,%r14
# asm 2: adc <mulrdx=%rdx,<mulr31=%r15
adc %rdx,%r15
# qhasm: mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
# qhasm: mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi
# qhasm: mulr01 = (mulr01.rt0) << 13
# asm 1: shld $13,<rt0=int64#5,<mulr01=int64#6
@ -3624,30 +3624,30 @@ mov %rax,%r12
# asm 2: mov <rt4=%r10,>rz4=%r13
mov %r10,%r13
# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rt0=int64#5
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rt0=%r8
add crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
# qhasm: rt0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
# asm 1: add CRYPTO_NAMESPACE(batch_2P0),<rt0=int64#5
# asm 2: add CRYPTO_NAMESPACE(batch_2P0),<rt0=%r8
add CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8
# qhasm: rt1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt1=int64#4
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt1=%rcx
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
# qhasm: rt1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rt1=int64#4
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rt1=%rcx
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx
# qhasm: rt2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt2=int64#6
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt2=%r9
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
# qhasm: rt2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rt2=int64#6
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rt2=%r9
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9
# qhasm: rt3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt3=int64#7
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt3=%rax
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
# qhasm: rt3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rt3=int64#7
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rt3=%rax
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax
# qhasm: rt4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
# asm 1: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt4=int64#8
# asm 2: add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt4=%r10
add crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
# qhasm: rt4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
# asm 1: add CRYPTO_NAMESPACE(batch_2P1234),<rt4=int64#8
# asm 2: add CRYPTO_NAMESPACE(batch_2P1234),<rt4=%r10
add CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10
# qhasm: rz0 += c0_stack
# asm 1: addq <c0_stack=stack64#8,<rz0=int64#2

10
ed25519/amd64-64-24k/heap_rootreplaced.s → ed25519/amd64-51-30k/heap_rootreplaced.S
View file

@ -93,13 +93,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_heap_rootreplaced
# qhasm: enter CRYPTO_NAMESPACE(batch_heap_rootreplaced)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_heap_rootreplaced
.globl crypto_sign_ed25519_amd64_64_heap_rootreplaced
_crypto_sign_ed25519_amd64_64_heap_rootreplaced:
crypto_sign_ed25519_amd64_64_heap_rootreplaced:
.globl _CRYPTO_NAMESPACE(batch_heap_rootreplaced)
.globl CRYPTO_NAMESPACE(batch_heap_rootreplaced)
_CRYPTO_NAMESPACE(batch_heap_rootreplaced):
CRYPTO_NAMESPACE(batch_heap_rootreplaced):
mov %rsp,%r11
and $31,%r11
add $64,%r11

10
ed25519/amd64-64-24k/heap_rootreplaced_1limb.s → ed25519/amd64-51-30k/heap_rootreplaced_1limb.S
View file

@ -93,13 +93,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb
# qhasm: enter CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb
.globl crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb
_crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb:
crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb:
.globl _CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb)
.globl CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb)
_CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb):
CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb):
mov %rsp,%r11
and $31,%r11
add $64,%r11

10
ed25519/amd64-64-24k/heap_rootreplaced_2limbs.s → ed25519/amd64-51-30k/heap_rootreplaced_2limbs.S
View file

@ -93,13 +93,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs
# qhasm: enter CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs
.globl crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs
_crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs:
crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs:
.globl _CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs)
.globl CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs)
_CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs):
CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs):
mov %rsp,%r11
and $31,%r11
add $64,%r11

10
ed25519/amd64-64-24k/heap_rootreplaced_3limbs.s → ed25519/amd64-51-30k/heap_rootreplaced_3limbs.S
View file

@ -93,13 +93,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs
# qhasm: enter CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs
.globl crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs
_crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs:
crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs:
.globl _CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs)
.globl CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs)
_CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs):
CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs):
mov %rsp,%r11
and $31,%r11
add $64,%r11

2
ed25519/amd64-51-30k/hram.h
View file

@ -1,7 +1,7 @@
#ifndef HRAM_H
#define HRAM_H
#define get_hram crypto_sign_ed25519_amd64_51_30k_batch_get_hram
#define get_hram CRYPTO_NAMESPACE(batch_get_hram)
extern void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen);

27
ed25519/amd64-51-30k/index_heap.h
View file

@ -2,16 +2,17 @@
#define INDEX_HEAP_H
#include "sc25519.h"
#include "compat.h"
#define heap_init crypto_sign_ed25519_amd64_51_30k_batch_heap_init
#define heap_extend crypto_sign_ed25519_amd64_51_30k_batch_heap_extend
#define heap_pop crypto_sign_ed25519_amd64_51_30k_batch_heap_pop
#define heap_push crypto_sign_ed25519_amd64_51_30k_batch_heap_push
#define heap_get2max crypto_sign_ed25519_amd64_51_30k_batch_heap_get2max
#define heap_rootreplaced crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced
#define heap_rootreplaced_3limbs crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs
#define heap_rootreplaced_2limbs crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs
#define heap_rootreplaced_1limb crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb
#define heap_init CRYPTO_NAMESPACE(batch_heap_init)
#define heap_extend CRYPTO_NAMESPACE(batch_heap_extend)
#define heap_pop CRYPTO_NAMESPACE(batch_heap_pop)
#define heap_push CRYPTO_NAMESPACE(batch_heap_push)
#define heap_get2max CRYPTO_NAMESPACE(batch_heap_get2max)
#define heap_rootreplaced CRYPTO_NAMESPACE(batch_heap_rootreplaced)
#define heap_rootreplaced_3limbs CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs)
#define heap_rootreplaced_2limbs CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs)
#define heap_rootreplaced_1limb CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb)
void heap_init(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
@ -23,9 +24,9 @@ void heap_push(unsigned long long *h, unsigned long long *hlen, unsigned long lo
void heap_get2max(unsigned long long *h, unsigned long long *max1, unsigned long long *max2, sc25519 *scalars);
void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
#endif

56
ed25519/amd64-51-30k/sc25519.h
View file

@ -1,35 +1,37 @@
#ifndef SC25519_H
#define SC25519_H
#define sc25519 crypto_sign_ed25519_amd64_51_30k_batch_sc25519
#define shortsc25519 crypto_sign_ed25519_amd64_51_30k_batch_shortsc25519
#define sc25519_from32bytes crypto_sign_ed25519_amd64_51_30k_batch_sc25519_from32bytes
#define shortsc25519_from16bytes crypto_sign_ed25519_amd64_51_30k_batch_shortsc25519_from16bytes
#define sc25519_from64bytes crypto_sign_ed25519_amd64_51_30k_batch_sc25519_from64bytes
#define sc25519_from_shortsc crypto_sign_ed25519_amd64_51_30k_batch_sc25519_from_shortsc
#define sc25519_to32bytes crypto_sign_ed25519_amd64_51_30k_batch_sc25519_to32bytes
#define sc25519_iszero_vartime crypto_sign_ed25519_amd64_51_30k_batch_sc25519_iszero_vartime
#define sc25519_isshort_vartime crypto_sign_ed25519_amd64_51_30k_batch_sc25519_isshort_vartime
#define sc25519_lt crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt
#define sc25519_add crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add
#define sc25519_sub_nored crypto_sign_ed25519_amd64_51_30k_batch_sc25519_sub_nored
#define sc25519_mul crypto_sign_ed25519_amd64_51_30k_batch_sc25519_mul
#define sc25519_mul_shortsc crypto_sign_ed25519_amd64_51_30k_batch_sc25519_mul_shortsc
#define sc25519_window4 crypto_sign_ed25519_amd64_51_30k_batch_sc25519_window4
#define sc25519_window5 crypto_sign_ed25519_amd64_51_30k_batch_sc25519_window5
#define sc25519_slide crypto_sign_ed25519_amd64_51_30k_batch_sc25519_slide
#define sc25519_2interleave2 crypto_sign_ed25519_amd64_51_30k_batch_sc25519_2interleave2
#define sc25519_barrett crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett
#include "compat.h"
typedef struct
#define sc25519 CRYPTO_NAMESPACE(batch_sc25519)
#define shortsc25519 CRYPTO_NAMESPACE(batch_shortsc25519)
#define sc25519_from32bytes CRYPTO_NAMESPACE(batch_sc25519_from32bytes)
#define shortsc25519_from16bytes CRYPTO_NAMESPACE(batch_shortsc25519_from16bytes)
#define sc25519_from64bytes CRYPTO_NAMESPACE(batch_sc25519_from64bytes)
#define sc25519_from_shortsc CRYPTO_NAMESPACE(batch_sc25519_from_shortsc)
#define sc25519_to32bytes CRYPTO_NAMESPACE(batch_sc25519_to32bytes)
#define sc25519_iszero_vartime CRYPTO_NAMESPACE(batch_sc25519_iszero_vartime)
#define sc25519_isshort_vartime CRYPTO_NAMESPACE(batch_sc25519_isshort_vartime)
#define sc25519_lt CRYPTO_NAMESPACE(batch_sc25519_lt)
#define sc25519_add CRYPTO_NAMESPACE(batch_sc25519_add)
#define sc25519_sub_nored CRYPTO_NAMESPACE(batch_sc25519_sub_nored)
#define sc25519_mul CRYPTO_NAMESPACE(batch_sc25519_mul)
#define sc25519_mul_shortsc CRYPTO_NAMESPACE(batch_sc25519_mul_shortsc)
#define sc25519_window4 CRYPTO_NAMESPACE(batch_sc25519_window4)
#define sc25519_window5 CRYPTO_NAMESPACE(batch_sc25519_window5)
#define sc25519_slide CRYPTO_NAMESPACE(batch_sc25519_slide)
#define sc25519_2interleave2 CRYPTO_NAMESPACE(batch_sc25519_2interleave2)
#define sc25519_barrett CRYPTO_NAMESPACE(batch_sc25519_barrett)
typedef struct
{
unsigned long long v[4];
unsigned long long v[4];
}
sc25519;
typedef struct
typedef struct
{
unsigned long long v[2];
unsigned long long v[2];
}
shortsc25519;
@ -43,11 +45,11 @@ void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
int sc25519_iszero_vartime(const sc25519 *x);
int sc25519_lt(const sc25519 *x, const sc25519 *y);
int sc25519_lt(const sc25519 *x, const sc25519 *y) SYSVABI;
void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI;
void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y);
void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI;
void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);
@ -64,6 +66,6 @@ void sc25519_slide(signed char r[256], const sc25519 *s, int swindowsize);
void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
void sc25519_barrett(sc25519 *r, unsigned long long x[8]);
void sc25519_barrett(sc25519 *r, unsigned long long x[8]) SYSVABI;
#endif

42
ed25519/amd64-64-24k/sc25519_add.s → ed25519/amd64-51-30k/sc25519_add.S
View file

@ -63,13 +63,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_sc25519_add
# qhasm: enter CRYPTO_NAMESPACE(batch_sc25519_add)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_sc25519_add
.globl crypto_sign_ed25519_amd64_64_sc25519_add
_crypto_sign_ed25519_amd64_64_sc25519_add:
crypto_sign_ed25519_amd64_64_sc25519_add:
.globl _CRYPTO_NAMESPACE(batch_sc25519_add)
.globl CRYPTO_NAMESPACE(batch_sc25519_add)
_CRYPTO_NAMESPACE(batch_sc25519_add):
CRYPTO_NAMESPACE(batch_sc25519_add):
mov %rsp,%r11
and $31,%r11
add $32,%r11
@ -150,25 +150,25 @@ mov %r9,%r10
# asm 2: mov <r3=%rsi,>t3=%r14
mov %rsi,%r14
# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,<t0=int64#3
# asm 2: sub crypto_sign_ed25519_amd64_64_ORDER0,<t0=%rdx
sub crypto_sign_ed25519_amd64_64_ORDER0,%rdx
# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
# asm 1: sub CRYPTO_NAMESPACE(batch_ORDER0),<t0=int64#3
# asm 2: sub CRYPTO_NAMESPACE(batch_ORDER0),<t0=%rdx
sub CRYPTO_NAMESPACE(batch_ORDER0)(%rip),%rdx
# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_64_ORDER1,<t1=int64#7
# asm 2: sbb crypto_sign_ed25519_amd64_64_ORDER1,<t1=%rax
sbb crypto_sign_ed25519_amd64_64_ORDER1,%rax
# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) - carry
# asm 1: sbb CRYPTO_NAMESPACE(batch_ORDER1),<t1=int64#7
# asm 2: sbb CRYPTO_NAMESPACE(batch_ORDER1),<t1=%rax
sbb CRYPTO_NAMESPACE(batch_ORDER1)(%rip),%rax
# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_64_ORDER2,<t2=int64#8
# asm 2: sbb crypto_sign_ed25519_amd64_64_ORDER2,<t2=%r10
sbb crypto_sign_ed25519_amd64_64_ORDER2,%r10
# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) - carry
# asm 1: sbb CRYPTO_NAMESPACE(batch_ORDER2),<t2=int64#8
# asm 2: sbb CRYPTO_NAMESPACE(batch_ORDER2),<t2=%r10
sbb CRYPTO_NAMESPACE(batch_ORDER2)(%rip),%r10
# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_64_ORDER3,<t3=int64#12
# asm 2: sbb crypto_sign_ed25519_amd64_64_ORDER3,<t3=%r14
sbb crypto_sign_ed25519_amd64_64_ORDER3,%r14
# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3) - carry
# asm 1: sbb CRYPTO_NAMESPACE(batch_ORDER3),<t3=int64#12
# asm 2: sbb CRYPTO_NAMESPACE(batch_ORDER3),<t3=%r14
sbb CRYPTO_NAMESPACE(batch_ORDER3)(%rip),%r14
# qhasm: r0 = t0 if !unsigned<
# asm 1: cmovae <t0=int64#3,<r0=int64#4

190
ed25519/amd64-64-24k/sc25519_barrett.s → ed25519/amd64-51-30k/sc25519_barrett.S
View file

@ -107,13 +107,13 @@
# qhasm: stack64 q33_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_sc25519_barrett
# qhasm: enter CRYPTO_NAMESPACE(batch_sc25519_barrett)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_sc25519_barrett
.globl crypto_sign_ed25519_amd64_64_sc25519_barrett
_crypto_sign_ed25519_amd64_64_sc25519_barrett:
crypto_sign_ed25519_amd64_64_sc25519_barrett:
.globl _CRYPTO_NAMESPACE(batch_sc25519_barrett)
.globl CRYPTO_NAMESPACE(batch_sc25519_barrett)
_CRYPTO_NAMESPACE(batch_sc25519_barrett):
CRYPTO_NAMESPACE(batch_sc25519_barrett):
mov %rsp,%r11
and $31,%r11
add $96,%r11
@ -184,8 +184,8 @@ xor %r11,%r11
# asm 2: movq 24(<xp=%rsi),>rax=%rax
movq 24(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
mulq crypto_sign_ed25519_amd64_64_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)
# qhasm: q23 = rax
# asm 1: mov <rax=int64#7,>q23=int64#10
@ -202,8 +202,8 @@ mov %rdx,%r13
# asm 2: movq 24(<xp=%rsi),>rax=%rax
movq 24(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
mulq crypto_sign_ed25519_amd64_64_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)
# qhasm: q24 = rax
# asm 1: mov <rax=int64#7,>q24=int64#12
@ -225,8 +225,8 @@ adc %rdx,%r8
# asm 2: movq 32(<xp=%rsi),>rax=%rax
movq 32(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2
mulq crypto_sign_ed25519_amd64_64_MU2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2)
mulq CRYPTO_NAMESPACE(batch_MU2)(%rip)
# qhasm: carry? q23 += rax
# asm 1: add <rax=int64#7,<q23=int64#10
@ -248,8 +248,8 @@ adc %rdx,%r13
# asm 2: movq 32(<xp=%rsi),>rax=%rax
movq 32(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
mulq crypto_sign_ed25519_amd64_64_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)
# qhasm: carry? q24 += rax
# asm 1: add <rax=int64#7,<q24=int64#12
@ -281,8 +281,8 @@ adc %rdx,%r13
# asm 2: movq 32(<xp=%rsi),>rax=%rax
movq 32(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
mulq crypto_sign_ed25519_amd64_64_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)
# qhasm: carry? q30 += rax
# asm 1: add <rax=int64#7,<q30=int64#5
@ -309,8 +309,8 @@ adc %rdx,%r9
# asm 2: movq 40(<xp=%rsi),>rax=%rax
movq 40(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1
mulq crypto_sign_ed25519_amd64_64_MU1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1)
mulq CRYPTO_NAMESPACE(batch_MU1)(%rip)
# qhasm: carry? q23 += rax
# asm 1: add <rax=int64#7,<q23=int64#10
@ -332,8 +332,8 @@ adc %rdx,%r13
# asm 2: movq 40(<xp=%rsi),>rax=%rax
movq 40(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2
mulq crypto_sign_ed25519_amd64_64_MU2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2)
mulq CRYPTO_NAMESPACE(batch_MU2)(%rip)
# qhasm: carry? q24 += rax
# asm 1: add <rax=int64#7,<q24=int64#12
@ -365,8 +365,8 @@ adc %rdx,%r13
# asm 2: movq 40(<xp=%rsi),>rax=%rax
movq 40(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
mulq crypto_sign_ed25519_amd64_64_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)
# qhasm: carry? q30 += rax
# asm 1: add <rax=int64#7,<q30=int64#5
@ -398,8 +398,8 @@ adc %rdx,%r13
# asm 2: movq 40(<xp=%rsi),>rax=%rax
movq 40(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
mulq crypto_sign_ed25519_amd64_64_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)
# qhasm: carry? q31 += rax
# asm 1: add <rax=int64#7,<q31=int64#6
@ -426,8 +426,8 @@ adc %rdx,%r10
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0
mulq crypto_sign_ed25519_amd64_64_MU0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0)
mulq CRYPTO_NAMESPACE(batch_MU0)(%rip)
# qhasm: carry? q23 += rax
# asm 1: add <rax=int64#7,<q23=int64#10
@ -449,8 +449,8 @@ adc %rdx,%r12
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1
mulq crypto_sign_ed25519_amd64_64_MU1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1)
mulq CRYPTO_NAMESPACE(batch_MU1)(%rip)
# qhasm: carry? q24 += rax
# asm 1: add <rax=int64#7,<q24=int64#12
@ -482,8 +482,8 @@ adc %rdx,%r12
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2
mulq crypto_sign_ed25519_amd64_64_MU2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2)
mulq CRYPTO_NAMESPACE(batch_MU2)(%rip)
# qhasm: carry? q30 += rax
# asm 1: add <rax=int64#7,<q30=int64#5
@ -515,8 +515,8 @@ adc %rdx,%r12
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
mulq crypto_sign_ed25519_amd64_64_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)
# qhasm: carry? q31 += rax
# asm 1: add <rax=int64#7,<q31=int64#6
@ -548,8 +548,8 @@ adc %rdx,%r12
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
mulq crypto_sign_ed25519_amd64_64_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)
# qhasm: carry? q32 += rax
# asm 1: add <rax=int64#7,<q32=int64#8
@ -576,8 +576,8 @@ adc %rdx,%r11
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0
mulq crypto_sign_ed25519_amd64_64_MU0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0)
mulq CRYPTO_NAMESPACE(batch_MU0)(%rip)
# qhasm: carry? q24 += rax
# asm 1: add <rax=int64#7,<q24=int64#12
@ -601,8 +601,8 @@ adc %rdx,%r12
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1
mulq crypto_sign_ed25519_amd64_64_MU1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1)
mulq CRYPTO_NAMESPACE(batch_MU1)(%rip)
# qhasm: carry? q30 += rax
# asm 1: add <rax=int64#7,<q30=int64#5
@ -639,8 +639,8 @@ movq %r8,56(%rsp)
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2
mulq crypto_sign_ed25519_amd64_64_MU2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2)
mulq CRYPTO_NAMESPACE(batch_MU2)(%rip)
# qhasm: carry? q31 += rax
# asm 1: add <rax=int64#7,<q31=int64#6
@ -677,8 +677,8 @@ movq %r9,64(%rsp)
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
mulq crypto_sign_ed25519_amd64_64_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)
# qhasm: carry? q32 += rax
# asm 1: add <rax=int64#7,<q32=int64#8
@ -715,8 +715,8 @@ movq %r10,72(%rsp)
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
mulq crypto_sign_ed25519_amd64_64_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)
# qhasm: carry? q33 += rax
# asm 1: add <rax=int64#7,<q33=int64#9
@ -743,8 +743,8 @@ movq %r11,80(%rsp)
# asm 2: movq <q30_stack=56(%rsp),>rax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
mulq crypto_sign_ed25519_amd64_64_ORDER0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip)
# qhasm: r20 = rax
# asm 1: mov <rax=int64#7,>r20=int64#5
@ -761,8 +761,8 @@ mov %rdx,%r9
# asm 2: movq <q30_stack=56(%rsp),>rax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1
mulq crypto_sign_ed25519_amd64_64_ORDER1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1)
mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip)
# qhasm: r21 = rax
# asm 1: mov <rax=int64#7,>r21=int64#8
@ -789,8 +789,8 @@ adc %rdx,%r9
# asm 2: movq <q30_stack=56(%rsp),>rax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2
mulq crypto_sign_ed25519_amd64_64_ORDER2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2)
mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip)
# qhasm: r22 = rax
# asm 1: mov <rax=int64#7,>r22=int64#9
@ -817,8 +817,8 @@ adc %rdx,%r9
# asm 2: movq <q30_stack=56(%rsp),>rax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3
mulq crypto_sign_ed25519_amd64_64_ORDER3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3)
mulq CRYPTO_NAMESPACE(batch_ORDER3)(%rip)
# qhasm: free rdx
@ -837,8 +837,8 @@ add %r9,%r12
# asm 2: movq <q31_stack=64(%rsp),>rax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
mulq crypto_sign_ed25519_amd64_64_ORDER0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip)
# qhasm: carry? r21 += rax
# asm 1: add <rax=int64#7,<r21=int64#8
@ -860,8 +860,8 @@ adc %rdx,%r9
# asm 2: movq <q31_stack=64(%rsp),>rax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1
mulq crypto_sign_ed25519_amd64_64_ORDER1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1)
mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip)
# qhasm: carry? r22 += rax
# asm 1: add <rax=int64#7,<r22=int64#9
@ -893,8 +893,8 @@ adc %rdx,%rcx
# asm 2: movq <q31_stack=64(%rsp),>rax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2
mulq crypto_sign_ed25519_amd64_64_ORDER2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2)
mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip)
# qhasm: free rdx
@ -913,8 +913,8 @@ add %rcx,%r12
# asm 2: movq <q32_stack=72(%rsp),>rax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
mulq crypto_sign_ed25519_amd64_64_ORDER0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip)
# qhasm: carry? r22 += rax
# asm 1: add <rax=int64#7,<r22=int64#9
@ -936,8 +936,8 @@ adc %rdx,%rcx
# asm 2: movq <q32_stack=72(%rsp),>rax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1
mulq crypto_sign_ed25519_amd64_64_ORDER1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1)
mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip)
# qhasm: free rdx
@ -956,8 +956,8 @@ add %rcx,%r12
# asm 2: movq <q33_stack=80(%rsp),>rax=%rax
movq 80(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
mulq crypto_sign_ed25519_amd64_64_ORDER0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip)
# qhasm: free rdx
@ -1026,25 +1026,25 @@ sbb %r12,%rsi
# asm 2: mov <r3=%rsi,>t3=%r11
mov %rsi,%r11
# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,<t0=int64#4
# asm 2: sub crypto_sign_ed25519_amd64_64_ORDER0,<t0=%rcx
sub crypto_sign_ed25519_amd64_64_ORDER0,%rcx
# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
# asm 1: sub CRYPTO_NAMESPACE(batch_ORDER0),<t0=int64#4
# asm 2: sub CRYPTO_NAMESPACE(batch_ORDER0),<t0=%rcx
sub CRYPTO_NAMESPACE(batch_ORDER0)(%rip),%rcx
# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_64_ORDER1,<t1=int64#6
# asm 2: sbb crypto_sign_ed25519_amd64_64_ORDER1,<t1=%r9
sbb crypto_sign_ed25519_amd64_64_ORDER1,%r9
# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) - carry
# asm 1: sbb CRYPTO_NAMESPACE(batch_ORDER1),<t1=int64#6
# asm 2: sbb CRYPTO_NAMESPACE(batch_ORDER1),<t1=%r9
sbb CRYPTO_NAMESPACE(batch_ORDER1)(%rip),%r9
# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_64_ORDER2,<t2=int64#8
# asm 2: sbb crypto_sign_ed25519_amd64_64_ORDER2,<t2=%r10
sbb crypto_sign_ed25519_amd64_64_ORDER2,%r10
# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) - carry
# asm 1: sbb CRYPTO_NAMESPACE(batch_ORDER2),<t2=int64#8
# asm 2: sbb CRYPTO_NAMESPACE(batch_ORDER2),<t2=%r10
sbb CRYPTO_NAMESPACE(batch_ORDER2)(%rip),%r10
# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_64_ORDER3,<t3=int64#9
# asm 2: sbb crypto_sign_ed25519_amd64_64_ORDER3,<t3=%r11
sbb crypto_sign_ed25519_amd64_64_ORDER3,%r11
# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3) - carry
# asm 1: sbb CRYPTO_NAMESPACE(batch_ORDER3),<t3=int64#9
# asm 2: sbb CRYPTO_NAMESPACE(batch_ORDER3),<t3=%r11
sbb CRYPTO_NAMESPACE(batch_ORDER3)(%rip),%r11
# qhasm: r0 = t0 if !unsigned<
# asm 1: cmovae <t0=int64#4,<r0=int64#3
@ -1086,25 +1086,25 @@ cmovae %r11,%rsi
# asm 2: mov <r3=%rsi,>t3=%r11
mov %rsi,%r11
# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
# asm 1: sub crypto_sign_ed25519_amd64_64_ORDER0,<t0=int64#4
# asm 2: sub crypto_sign_ed25519_amd64_64_ORDER0,<t0=%rcx
sub crypto_sign_ed25519_amd64_64_ORDER0,%rcx
# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
# asm 1: sub CRYPTO_NAMESPACE(batch_ORDER0),<t0=int64#4
# asm 2: sub CRYPTO_NAMESPACE(batch_ORDER0),<t0=%rcx
sub CRYPTO_NAMESPACE(batch_ORDER0)(%rip),%rcx
# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_64_ORDER1,<t1=int64#6
# asm 2: sbb crypto_sign_ed25519_amd64_64_ORDER1,<t1=%r9
sbb crypto_sign_ed25519_amd64_64_ORDER1,%r9
# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) - carry
# asm 1: sbb CRYPTO_NAMESPACE(batch_ORDER1),<t1=int64#6
# asm 2: sbb CRYPTO_NAMESPACE(batch_ORDER1),<t1=%r9
sbb CRYPTO_NAMESPACE(batch_ORDER1)(%rip),%r9
# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_64_ORDER2,<t2=int64#8
# asm 2: sbb crypto_sign_ed25519_amd64_64_ORDER2,<t2=%r10
sbb crypto_sign_ed25519_amd64_64_ORDER2,%r10
# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) - carry
# asm 1: sbb CRYPTO_NAMESPACE(batch_ORDER2),<t2=int64#8
# asm 2: sbb CRYPTO_NAMESPACE(batch_ORDER2),<t2=%r10
sbb CRYPTO_NAMESPACE(batch_ORDER2)(%rip),%r10
# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_64_ORDER3,<t3=int64#9
# asm 2: sbb crypto_sign_ed25519_amd64_64_ORDER3,<t3=%r11
sbb crypto_sign_ed25519_amd64_64_ORDER3,%r11
# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3) - carry
# asm 1: sbb CRYPTO_NAMESPACE(batch_ORDER3),<t3=int64#9
# asm 2: sbb CRYPTO_NAMESPACE(batch_ORDER3),<t3=%r11
sbb CRYPTO_NAMESPACE(batch_ORDER3)(%rip),%r11
# qhasm: r0 = t0 if !unsigned<
# asm 1: cmovae <t0=int64#4,<r0=int64#3

10
ed25519/amd64-64-24k/sc25519_lt.s → ed25519/amd64-51-30k/sc25519_lt.S
View file

@ -57,13 +57,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_sc25519_lt
# qhasm: enter CRYPTO_NAMESPACE(batch_sc25519_lt)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_sc25519_lt
.globl crypto_sign_ed25519_amd64_64_sc25519_lt
_crypto_sign_ed25519_amd64_64_sc25519_lt:
crypto_sign_ed25519_amd64_64_sc25519_lt:
.globl _CRYPTO_NAMESPACE(batch_sc25519_lt)
.globl CRYPTO_NAMESPACE(batch_sc25519_lt)
_CRYPTO_NAMESPACE(batch_sc25519_lt):
CRYPTO_NAMESPACE(batch_sc25519_lt):
mov %rsp,%r11
and $31,%r11
add $0,%r11

5
ed25519/amd64-51-30k/sc25519_mul.c
View file

@ -1,8 +1,9 @@
#include "sc25519.h"
#include "compat.h"
#define ull4_mul crypto_sign_ed25519_amd64_51_30k_batch_ull4_mul
#define ull4_mul CRYPTO_NAMESPACE(batch_ull4_mul)
extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]);
extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]) SYSVABI;
void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
{

10
ed25519/amd64-64-24k/sc25519_sub_nored.s → ed25519/amd64-51-30k/sc25519_sub_nored.S
View file

@ -63,13 +63,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_sc25519_sub_nored
# qhasm: enter CRYPTO_NAMESPACE(batch_sc25519_sub_nored)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_sc25519_sub_nored
.globl crypto_sign_ed25519_amd64_64_sc25519_sub_nored
_crypto_sign_ed25519_amd64_64_sc25519_sub_nored:
crypto_sign_ed25519_amd64_64_sc25519_sub_nored:
.globl _CRYPTO_NAMESPACE(batch_sc25519_sub_nored)
.globl CRYPTO_NAMESPACE(batch_sc25519_sub_nored)
_CRYPTO_NAMESPACE(batch_sc25519_sub_nored):
CRYPTO_NAMESPACE(batch_sc25519_sub_nored):
mov %rsp,%r11
and $31,%r11
add $0,%r11

10
ed25519/amd64-64-24k/ull4_mul.s → ed25519/amd64-51-30k/ull4_mul.S
View file

@ -77,13 +77,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_ull4_mul
# qhasm: enter CRYPTO_NAMESPACE(batch_ull4_mul)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_ull4_mul
.globl crypto_sign_ed25519_amd64_64_ull4_mul
_crypto_sign_ed25519_amd64_64_ull4_mul:
crypto_sign_ed25519_amd64_64_ull4_mul:
.globl _CRYPTO_NAMESPACE(batch_ull4_mul)
.globl CRYPTO_NAMESPACE(batch_ull4_mul)
_CRYPTO_NAMESPACE(batch_ull4_mul):
CRYPTO_NAMESPACE(batch_ull4_mul):
mov %rsp,%r11
and $31,%r11
add $64,%r11

94
ed25519/amd64-64-24k/batch.c
View file

@ -1,94 +0,0 @@
#include "crypto_sign.h"
#include "crypto_verify_32.h"
#include "crypto_hash_sha512.h"
#include "randombytes.h"
#include "ge25519.h"
#include "hram.h"
#define MAXBATCH 64
int crypto_sign_open_batch(
unsigned char* const m[],unsigned long long mlen[],
unsigned char* const sm[],const unsigned long long smlen[],
unsigned char* const pk[],
unsigned long long num
)
{
int ret = 0;
unsigned long long i, j;
shortsc25519 r[MAXBATCH];
sc25519 scalars[2*MAXBATCH+1];
ge25519 points[2*MAXBATCH+1];
unsigned char hram[crypto_hash_sha512_BYTES];
unsigned long long batchsize;
for (i = 0;i < num;++i) mlen[i] = -1;
while (num >= 3) {
batchsize = num;
if (batchsize > MAXBATCH) batchsize = MAXBATCH;
for (i = 0;i < batchsize;++i)
if (smlen[i] < 64) goto fallback;
randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize);
/* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */
for(i=0;i<batchsize;i++)
{
sc25519_from32bytes(&scalars[i], sm[i]+32);
sc25519_mul_shortsc(&scalars[i], &scalars[i], &r[i]);
}
for(i=1;i<batchsize;i++)
sc25519_add(&scalars[0], &scalars[0], &scalars[i]);
/* Computing scalars[1] ... scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
for(i=0;i<batchsize;i++)
{
get_hram(hram, sm[i], pk[i], m[i], smlen[i]);
sc25519_from64bytes(&scalars[i+1],hram);
sc25519_mul_shortsc(&scalars[i+1],&scalars[i+1],&r[i]);
}
/* Setting scalars[batchsize+1] ... scalars[2*batchsize] to r[i] */
for(i=0;i<batchsize;i++)
sc25519_from_shortsc(&scalars[batchsize+i+1],&r[i]);
/* Computing points */
points[0] = ge25519_base;
for(i=0;i<batchsize;i++)
if (ge25519_unpackneg_vartime(&points[i+1], pk[i])) goto fallback;
for(i=0;i<batchsize;i++)
if (ge25519_unpackneg_vartime(&points[batchsize+i+1], sm[i])) goto fallback;
ge25519_multi_scalarmult_vartime(points, points, scalars, 2*batchsize+1);
if (ge25519_isneutral_vartime(points)) {
for(i=0;i<batchsize;i++)
{
for(j=0;j<smlen[i]-64;j++)
m[i][j] = sm[i][j + 64];
mlen[i] = smlen[i]-64;
}
} else {
fallback:
for (i = 0;i < batchsize;++i)
ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
}
m += batchsize;
mlen += batchsize;
sm += batchsize;
smlen += batchsize;
pk += batchsize;
num -= batchsize;
}
for (i = 0;i < num;++i)
ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
return ret;
}

10
ed25519/amd64-64-24k/choose_t.s → ed25519/amd64-64-24k/choose_t.S
View file

@ -101,13 +101,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_choose_t
# qhasm: enter CRYPTO_NAMESPACE(choose_t)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_choose_t
.globl crypto_sign_ed25519_amd64_64_choose_t
_crypto_sign_ed25519_amd64_64_choose_t:
crypto_sign_ed25519_amd64_64_choose_t:
.globl _CRYPTO_NAMESPACE(choose_t)
.globl CRYPTO_NAMESPACE(choose_t)
_CRYPTO_NAMESPACE(choose_t):
CRYPTO_NAMESPACE(choose_t):
mov %rsp,%r11
and $31,%r11
add $64,%r11

10
ed25519/amd64-64-24k/compat.h Normal file
View file

@ -0,0 +1,10 @@
#ifndef COMPAT_H
#define COMPAT_H
#if defined(_WIN32) && defined(__GNUC__)
#define SYSVABI __attribute__((sysv_abi))
#else
#define SYSVABI
#endif
#endif

43
ed25519/amd64-64-24k/consts.S Normal file
View file

@ -0,0 +1,43 @@
#ifndef __APPLE__
.section .rodata
#else
.const
#endif
.globl CRYPTO_NAMESPACE(121666)
.globl CRYPTO_NAMESPACE(MU0)
.globl CRYPTO_NAMESPACE(MU1)
.globl CRYPTO_NAMESPACE(MU2)
.globl CRYPTO_NAMESPACE(MU3)
.globl CRYPTO_NAMESPACE(MU4)
.globl CRYPTO_NAMESPACE(ORDER0)
.globl CRYPTO_NAMESPACE(ORDER1)
.globl CRYPTO_NAMESPACE(ORDER2)
.globl CRYPTO_NAMESPACE(ORDER3)
.globl CRYPTO_NAMESPACE(EC2D0)
.globl CRYPTO_NAMESPACE(EC2D1)
.globl CRYPTO_NAMESPACE(EC2D2)
.globl CRYPTO_NAMESPACE(EC2D3)
.globl CRYPTO_NAMESPACE(38)
.p2align 4
CRYPTO_NAMESPACE(121666): .quad 121666
CRYPTO_NAMESPACE(MU0): .quad 0xED9CE5A30A2C131B
CRYPTO_NAMESPACE(MU1): .quad 0x2106215D086329A7
CRYPTO_NAMESPACE(MU2): .quad 0xFFFFFFFFFFFFFFEB
CRYPTO_NAMESPACE(MU3): .quad 0xFFFFFFFFFFFFFFFF
CRYPTO_NAMESPACE(MU4): .quad 0x000000000000000F
CRYPTO_NAMESPACE(ORDER0): .quad 0x5812631A5CF5D3ED
CRYPTO_NAMESPACE(ORDER1): .quad 0x14DEF9DEA2F79CD6
CRYPTO_NAMESPACE(ORDER2): .quad 0x0000000000000000
CRYPTO_NAMESPACE(ORDER3): .quad 0x1000000000000000
CRYPTO_NAMESPACE(EC2D0): .quad 0xEBD69B9426B2F146
CRYPTO_NAMESPACE(EC2D1): .quad 0x00E0149A8283B156
CRYPTO_NAMESPACE(EC2D2): .quad 0x198E80F2EEF3D130
CRYPTO_NAMESPACE(EC2D3): .quad 0xA406D9DC56DFFCE7
CRYPTO_NAMESPACE(38): .quad 38

39
ed25519/amd64-64-24k/consts.s
View file

@ -1,39 +0,0 @@
.data
.globl crypto_sign_ed25519_amd64_64_121666
.globl crypto_sign_ed25519_amd64_64_MU0
.globl crypto_sign_ed25519_amd64_64_MU1
.globl crypto_sign_ed25519_amd64_64_MU2
.globl crypto_sign_ed25519_amd64_64_MU3
.globl crypto_sign_ed25519_amd64_64_MU4
.globl crypto_sign_ed25519_amd64_64_ORDER0
.globl crypto_sign_ed25519_amd64_64_ORDER1
.globl crypto_sign_ed25519_amd64_64_ORDER2
.globl crypto_sign_ed25519_amd64_64_ORDER3
.globl crypto_sign_ed25519_amd64_64_EC2D0
.globl crypto_sign_ed25519_amd64_64_EC2D1
.globl crypto_sign_ed25519_amd64_64_EC2D2
.globl crypto_sign_ed25519_amd64_64_EC2D3
.globl crypto_sign_ed25519_amd64_64_38
.p2align 4
crypto_sign_ed25519_amd64_64_121666: .quad 121666
crypto_sign_ed25519_amd64_64_MU0: .quad 0xED9CE5A30A2C131B
crypto_sign_ed25519_amd64_64_MU1: .quad 0x2106215D086329A7
crypto_sign_ed25519_amd64_64_MU2: .quad 0xFFFFFFFFFFFFFFEB
crypto_sign_ed25519_amd64_64_MU3: .quad 0xFFFFFFFFFFFFFFFF
crypto_sign_ed25519_amd64_64_MU4: .quad 0x000000000000000F
crypto_sign_ed25519_amd64_64_ORDER0: .quad 0x5812631A5CF5D3ED
crypto_sign_ed25519_amd64_64_ORDER1: .quad 0x14DEF9DEA2F79CD6
crypto_sign_ed25519_amd64_64_ORDER2: .quad 0x0000000000000000
crypto_sign_ed25519_amd64_64_ORDER3: .quad 0x1000000000000000
crypto_sign_ed25519_amd64_64_EC2D0: .quad 0xEBD69B9426B2F146
crypto_sign_ed25519_amd64_64_EC2D1: .quad 0x00E0149A8283B156
crypto_sign_ed25519_amd64_64_EC2D2: .quad 0x198E80F2EEF3D130
crypto_sign_ed25519_amd64_64_EC2D3: .quad 0xA406D9DC56DFFCE7
crypto_sign_ed25519_amd64_64_38: .quad 38

14
ed25519/amd64-64-24k/crypto_sign.h
View file

@ -1,9 +1,9 @@
#define crypto_sign ed25519_amd64_64_sign
#define crypto_sign_keypair ed25519_amd64_64_keygen
#define crypto_sign_seckey ed25519_amd64_64_seckey
#define crypto_sign_seckey_expand ed25519_amd64_64_seckey_expand
#define crypto_sign_pubkey ed25519_amd64_64_pubkey
#define crypto_sign_open ed25519_amd64_64_open
#define crypto_sign_open_batch ed25519_amd64_64_open_batch
#define crypto_sign CRYPTO_NAMESPACE(sign)
#define crypto_sign_keypair CRYPTO_NAMESPACE(keygen)
#define crypto_sign_seckey CRYPTO_NAMESPACE(seckey)
#define crypto_sign_seckey_expand CRYPTO_NAMESPACE(seckey_expand)
#define crypto_sign_pubkey CRYPTO_NAMESPACE(pubkey)
#define crypto_sign_open CRYPTO_NAMESPACE(open)
#define crypto_sign_open_batch CRYPTO_NAMESPACE(open_batch)
#include "ed25519.h"

16
ed25519/amd64-64-24k/ed25519.h
View file

@ -1,20 +1,20 @@
int ed25519_amd64_64_seckey(unsigned char *sk);
int ed25519_amd64_64_seckey_expand(unsigned char *sk,const unsigned char *seed);
int ed25519_amd64_64_pubkey(unsigned char *pk,const unsigned char *sk);
int ed25519_amd64_64_keygen(unsigned char *pk,unsigned char *sk);
int ed25519_amd64_64_sign(
int crypto_sign_seckey(unsigned char *sk);
int crypto_sign_seckey_expand(unsigned char *sk,const unsigned char *seed);
int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk);
int crypto_sign_keypair(unsigned char *pk,unsigned char *sk);
int crypto_sign(
unsigned char *sm,unsigned long long *smlen,
const unsigned char *m,unsigned long long mlen,
const unsigned char *sk
);
int ed25519_amd64_64_open(
int crypto_sign_open(
unsigned char *m,unsigned long long *mlen,
const unsigned char *sm,unsigned long long smlen,
const unsigned char *pk
);
int ed25519_amd64_64_open_batch(
int crypto_sign_open_batch(
unsigned char* const m[],unsigned long long mlen[],
unsigned char* const sm[],const unsigned long long smlen[],
unsigned char* const pk[],
unsigned char* const pk[],
unsigned long long num
);

54
ed25519/amd64-64-24k/fe25519.h
View file

@ -2,33 +2,33 @@
#define FE25519_H
#include <stddef.h>
#include "compat.h"
#define fe25519 crypto_sign_ed25519_amd64_64_fe25519
#define fe25519_freeze crypto_sign_ed25519_amd64_64_fe25519_freeze
#define fe25519_unpack crypto_sign_ed25519_amd64_64_fe25519_unpack
#define fe25519_pack crypto_sign_ed25519_amd64_64_fe25519_pack
#define fe25519_iszero_vartime crypto_sign_ed25519_amd64_64_fe25519_iszero_vartime
#define fe25519_iseq_vartime crypto_sign_ed25519_amd64_64_fe25519_iseq_vartime
#define fe25519_cmov crypto_sign_ed25519_amd64_64_fe25519_cmov
#define fe25519_setint crypto_sign_ed25519_amd64_64_fe25519_setint
#define fe25519_neg crypto_sign_ed25519_amd64_64_fe25519_neg
#define fe25519_getparity crypto_sign_ed25519_amd64_64_fe25519_getparity
#define fe25519_add crypto_sign_ed25519_amd64_64_fe25519_add
#define fe25519_sub crypto_sign_ed25519_amd64_64_fe25519_sub
#define fe25519_mul crypto_sign_ed25519_amd64_64_fe25519_mul
#define fe25519_mul121666 crypto_sign_ed25519_amd64_64_fe25519_mul121666
#define fe25519_square crypto_sign_ed25519_amd64_64_fe25519_square
#define fe25519_invert crypto_sign_ed25519_amd64_64_fe25519_invert
#define fe25519_batchinvert crypto_sign_ed25519_amd64_64_fe25519_batchinvert
#define fe25519_pow2523 crypto_sign_ed25519_amd64_64_fe25519_pow2523
#define fe25519 CRYPTO_NAMESPACE(fe25519)
#define fe25519_freeze CRYPTO_NAMESPACE(fe25519_freeze)
#define fe25519_unpack CRYPTO_NAMESPACE(fe25519_unpack)
#define fe25519_pack CRYPTO_NAMESPACE(fe25519_pack)
#define fe25519_iszero_vartime CRYPTO_NAMESPACE(fe25519_iszero_vartime)
#define fe25519_iseq_vartime CRYPTO_NAMESPACE(fe25519_iseq_vartime)
#define fe25519_cmov CRYPTO_NAMESPACE(fe25519_cmov)
#define fe25519_setint CRYPTO_NAMESPACE(fe25519_setint)
#define fe25519_neg CRYPTO_NAMESPACE(fe25519_neg)
#define fe25519_getparity CRYPTO_NAMESPACE(fe25519_getparity)
#define fe25519_add CRYPTO_NAMESPACE(fe25519_add)
#define fe25519_sub CRYPTO_NAMESPACE(fe25519_sub)
#define fe25519_mul CRYPTO_NAMESPACE(fe25519_mul)
#define fe25519_square CRYPTO_NAMESPACE(fe25519_square)
#define fe25519_invert CRYPTO_NAMESPACE(fe25519_invert)
#define fe25519_batchinvert CRYPTO_NAMESPACE(fe25519_batchinvert)
#define fe25519_pow2523 CRYPTO_NAMESPACE(fe25519_pow2523)
typedef struct
typedef struct
{
unsigned long long v[4];
unsigned long long v[4];
}
fe25519;
void fe25519_freeze(fe25519 *r);
void fe25519_freeze(fe25519 *r) SYSVABI;
void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
@ -48,21 +48,19 @@ int fe25519_iszero_vartime(const fe25519 *x);
int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y);
void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI;
void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI;
void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI;
void fe25519_mul121666(fe25519 *r, const fe25519 *x);
void fe25519_square(fe25519 *r, const fe25519 *x);
void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI;
void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e);
void fe25519_invert(fe25519 *r, const fe25519 *x);
void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num);
void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset);
void fe25519_pow2523(fe25519 *r, const fe25519 *x);

10
ed25519/amd64-64-24k/fe25519_add.s → ed25519/amd64-64-24k/fe25519_add.S
View file

@ -65,13 +65,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_add
# qhasm: enter CRYPTO_NAMESPACE(fe25519_add)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_fe25519_add
.globl crypto_sign_ed25519_amd64_64_fe25519_add
_crypto_sign_ed25519_amd64_64_fe25519_add:
crypto_sign_ed25519_amd64_64_fe25519_add:
.globl _CRYPTO_NAMESPACE(fe25519_add)
.globl CRYPTO_NAMESPACE(fe25519_add)
_CRYPTO_NAMESPACE(fe25519_add):
CRYPTO_NAMESPACE(fe25519_add):
mov %rsp,%r11
and $31,%r11
add $0,%r11

18
ed25519/amd64-64-24k/fe25519_batchinvert.c
View file

@ -1,26 +1,34 @@
#include "fe25519.h"
// tmp MUST != out
// tmp MUST != out or in
// in MAY == out
void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num)
void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset)
{
fe25519 acc;
fe25519 tmpacc;
size_t i;
const fe25519 *inp;
fe25519 *outp;
fe25519_setint(&acc,1);
inp = in;
for (i = 0;i < num;++i) {
tmp[i] = acc;
fe25519_mul(&acc,&acc,in[i]);
fe25519_mul(&acc,&acc,inp);
inp = (const fe25519 *)((const char *)inp + offset);
}
fe25519_invert(&acc,&acc);
i = num;
inp = (const fe25519 *)((const char *)in + offset * num);
outp = (fe25519 *)((char *)out + offset * num);
while (i--) {
fe25519_mul(&tmpacc,&acc,in[i]);
fe25519_mul(out[i],&acc,&tmp[i]);
inp = (const fe25519 *)((const char *)inp - offset);
outp = (fe25519 *)((char *)outp - offset);
fe25519_mul(&tmpacc,&acc,inp);
fe25519_mul(outp,&acc,&tmp[i]);
acc = tmpacc;
}
}

10
ed25519/amd64-64-24k/fe25519_freeze.s → ed25519/amd64-64-24k/fe25519_freeze.S
View file

@ -63,13 +63,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_freeze
# qhasm: enter CRYPTO_NAMESPACE(fe25519_freeze)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_fe25519_freeze
.globl crypto_sign_ed25519_amd64_64_fe25519_freeze
_crypto_sign_ed25519_amd64_64_fe25519_freeze:
crypto_sign_ed25519_amd64_64_fe25519_freeze:
.globl _CRYPTO_NAMESPACE(fe25519_freeze)
.globl CRYPTO_NAMESPACE(fe25519_freeze)
_CRYPTO_NAMESPACE(fe25519_freeze):
CRYPTO_NAMESPACE(fe25519_freeze):
mov %rsp,%r11
and $31,%r11
add $64,%r11

26
ed25519/amd64-64-24k/fe25519_mul.s → ed25519/amd64-64-24k/fe25519_mul.S
View file

@ -89,13 +89,13 @@
# qhasm: int64 muli38
# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_mul
# qhasm: enter CRYPTO_NAMESPACE(fe25519_mul)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_fe25519_mul
.globl crypto_sign_ed25519_amd64_64_fe25519_mul
_crypto_sign_ed25519_amd64_64_fe25519_mul:
crypto_sign_ed25519_amd64_64_fe25519_mul:
.globl _CRYPTO_NAMESPACE(fe25519_mul)
.globl CRYPTO_NAMESPACE(fe25519_mul)
_CRYPTO_NAMESPACE(fe25519_mul):
CRYPTO_NAMESPACE(fe25519_mul):
mov %rsp,%r11
and $31,%r11
add $64,%r11
@ -651,8 +651,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -669,8 +669,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -692,8 +692,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -715,8 +715,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6

26
ed25519/amd64-64-24k/fe25519_square.s → ed25519/amd64-64-24k/fe25519_square.S
View file

@ -83,13 +83,13 @@
# qhasm: int64 squarei38
# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_square
# qhasm: enter CRYPTO_NAMESPACE(fe25519_square)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_fe25519_square
.globl crypto_sign_ed25519_amd64_64_fe25519_square
_crypto_sign_ed25519_amd64_64_fe25519_square:
crypto_sign_ed25519_amd64_64_fe25519_square:
.globl _CRYPTO_NAMESPACE(fe25519_square)
.globl CRYPTO_NAMESPACE(fe25519_square)
_CRYPTO_NAMESPACE(fe25519_square):
CRYPTO_NAMESPACE(fe25519_square):
mov %rsp,%r11
and $31,%r11
add $64,%r11
@ -425,8 +425,8 @@ adc %rdx,%rcx
# asm 2: mov <squarer4=%r11,>squarerax=%rax
mov %r11,%rax
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: squarer4 = squarerax
# asm 1: mov <squarerax=int64#7,>squarer4=int64#2
@ -443,8 +443,8 @@ mov %r12,%rax
# asm 2: mov <squarerdx=%rdx,>squarer5=%r11
mov %rdx,%r11
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer5 += squarerax
# asm 1: add <squarerax=int64#7,<squarer5=int64#9
@ -466,8 +466,8 @@ mov $0,%r12
# asm 2: adc <squarerdx=%rdx,<squarer6=%r12
adc %rdx,%r12
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer6 += squarerax
# asm 1: add <squarerax=int64#7,<squarer6=int64#10
@ -489,8 +489,8 @@ mov $0,%rcx
# asm 2: adc <squarerdx=%rdx,<squarer7=%rcx
adc %rdx,%rcx
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer7 += squarerax
# asm 1: add <squarerax=int64#7,<squarer7=int64#4

10
ed25519/amd64-64-24k/fe25519_sub.s → ed25519/amd64-64-24k/fe25519_sub.S
View file

@ -65,13 +65,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_sub
# qhasm: enter CRYPTO_NAMESPACE(fe25519_sub)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_fe25519_sub
.globl crypto_sign_ed25519_amd64_64_fe25519_sub
_crypto_sign_ed25519_amd64_64_fe25519_sub:
crypto_sign_ed25519_amd64_64_fe25519_sub:
.globl _CRYPTO_NAMESPACE(fe25519_sub)
.globl CRYPTO_NAMESPACE(fe25519_sub)
_CRYPTO_NAMESPACE(fe25519_sub):
CRYPTO_NAMESPACE(fe25519_sub):
mov %rsp,%r11
and $31,%r11
add $0,%r11

55
ed25519/amd64-64-24k/ge25519.h
View file

@ -3,25 +3,26 @@
#include "fe25519.h"
#include "sc25519.h"
#include "compat.h"
#define ge25519 crypto_sign_ed25519_amd64_64_ge25519
#define ge25519_base crypto_sign_ed25519_amd64_64_ge25519_base
#define ge25519_unpackneg_vartime crypto_sign_ed25519_amd64_64_unpackneg_vartime
#define ge25519_pack crypto_sign_ed25519_amd64_64_pack
#define ge25519_isneutral_vartime crypto_sign_ed25519_amd64_64_isneutral_vartime
#define ge25519_add crypto_sign_ed25519_amd64_64_ge25519_add
#define ge25519_double crypto_sign_ed25519_amd64_64_ge25519_double
#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_amd64_64_double_scalarmult_vartime
#define ge25519_multi_scalarmult_vartime crypto_sign_ed25519_amd64_64_ge25519_multi_scalarmult_vartime
#define ge25519_scalarmult_base crypto_sign_ed25519_amd64_64_scalarmult_base
#define ge25519_p1p1_to_p2 crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2
#define ge25519_p1p1_to_p3 crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3
#define ge25519_add_p1p1 crypto_sign_ed25519_amd64_64_ge25519_add_p1p1
#define ge25519_dbl_p1p1 crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1
#define choose_t crypto_sign_ed25519_amd64_64_choose_t
#define ge25519_nielsadd2 crypto_sign_ed25519_amd64_64_ge25519_nielsadd2
#define ge25519_nielsadd_p1p1 crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1
#define ge25519_pnielsadd_p1p1 crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1
#define ge25519 CRYPTO_NAMESPACE(ge25519)
#define ge25519_base CRYPTO_NAMESPACE(ge25519_base)
#define ge25519_unpackneg_vartime CRYPTO_NAMESPACE(unpackneg_vartime)
#define ge25519_pack CRYPTO_NAMESPACE(pack)
#define ge25519_isneutral_vartime CRYPTO_NAMESPACE(isneutral_vartime)
#define ge25519_add CRYPTO_NAMESPACE(ge25519_add)
#define ge25519_double CRYPTO_NAMESPACE(ge25519_double)
#define ge25519_double_scalarmult_vartime CRYPTO_NAMESPACE(double_scalarmult_vartime)
#define ge25519_multi_scalarmult_vartime CRYPTO_NAMESPACE(ge25519_multi_scalarmult_vartime)
#define ge25519_scalarmult_base CRYPTO_NAMESPACE(scalarmult_base)
#define ge25519_p1p1_to_p2 CRYPTO_NAMESPACE(ge25519_p1p1_to_p2)
#define ge25519_p1p1_to_p3 CRYPTO_NAMESPACE(ge25519_p1p1_to_p3)
#define ge25519_add_p1p1 CRYPTO_NAMESPACE(ge25519_add_p1p1)
#define ge25519_dbl_p1p1 CRYPTO_NAMESPACE(ge25519_dbl_p1p1)
#define choose_t CRYPTO_NAMESPACE(choose_t)
#define ge25519_nielsadd2 CRYPTO_NAMESPACE(ge25519_nielsadd2)
#define ge25519_nielsadd_p1p1 CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1)
#define ge25519_pnielsadd_p1p1 CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1)
#define ge25519_p3 ge25519
@ -66,14 +67,14 @@ typedef struct
typedef unsigned char bytes32[32];
extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p);
extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p);
extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q);
extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p);
extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples);
extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q);
extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q);
extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q);
extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) SYSVABI;
extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) SYSVABI;
extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) SYSVABI;
extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) SYSVABI;
extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples) SYSVABI;
extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q) SYSVABI;
extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q) SYSVABI;
extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q) SYSVABI;
extern const ge25519 ge25519_base;
@ -81,7 +82,7 @@ extern int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
extern void ge25519_pack(unsigned char r[32], const ge25519 *p);
extern void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num);
extern void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num);
extern void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf);
extern int ge25519_isneutral_vartime(const ge25519 *p);

218
ed25519/amd64-64-24k/ge25519_add_p1p1.s → ed25519/amd64-64-24k/ge25519_add_p1p1.S
View file

@ -225,13 +225,13 @@
# qhasm: int64 subt1
# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_add_p1p1
# qhasm: enter CRYPTO_NAMESPACE(ge25519_add_p1p1)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_ge25519_add_p1p1
.globl crypto_sign_ed25519_amd64_64_ge25519_add_p1p1
_crypto_sign_ed25519_amd64_64_ge25519_add_p1p1:
crypto_sign_ed25519_amd64_64_ge25519_add_p1p1:
.globl _CRYPTO_NAMESPACE(ge25519_add_p1p1)
.globl CRYPTO_NAMESPACE(ge25519_add_p1p1)
_CRYPTO_NAMESPACE(ge25519_add_p1p1):
CRYPTO_NAMESPACE(ge25519_add_p1p1):
mov %rsp,%r11
and $31,%r11
add $192,%r11
@ -1207,8 +1207,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#5
@ -1225,8 +1225,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r9
mov %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#6
@ -1248,8 +1248,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr6=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#8
@ -1271,8 +1271,8 @@ mov $0,%r11
# asm 2: adc <mulrdx=%rdx,<mulr7=%r11
adc %rdx,%r11
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#9
@ -1889,8 +1889,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#5
@ -1907,8 +1907,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r9
mov %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#6
@ -1930,8 +1930,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr6=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#8
@ -1953,8 +1953,8 @@ mov $0,%r11
# asm 2: adc <mulrdx=%rdx,<mulr7=%r11
adc %rdx,%r11
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#9
@ -2741,8 +2741,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#5
@ -2759,8 +2759,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r9
mov %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#6
@ -2782,8 +2782,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr6=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#8
@ -2805,8 +2805,8 @@ mov $0,%r11
# asm 2: adc <mulrdx=%rdx,<mulr7=%r11
adc %rdx,%r11
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#9
@ -2938,10 +2938,10 @@ mov $0,%r11
# asm 2: movq <c0_stack=56(%rsp),>mulx0=%r12
movq 56(%rsp),%r12
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D0,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0)
# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx0
# asm 1: mul <mulx0=int64#10
@ -2958,10 +2958,10 @@ mov %rax,%r13
# asm 2: mov <mulrdx=%rdx,>c1=%r14
mov %rdx,%r14
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D1,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1)
# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx0
# asm 1: mul <mulx0=int64#10
@ -2983,10 +2983,10 @@ mov $0,%r15
# asm 2: adc <mulrdx=%rdx,<c2=%r15
adc %rdx,%r15
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D2
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D2,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2)
# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx0
# asm 1: mul <mulx0=int64#10
@ -3008,10 +3008,10 @@ mov $0,%rbx
# asm 2: adc <mulrdx=%rdx,<c3=%rbx
adc %rdx,%rbx
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D3
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D3,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3)
# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx0
# asm 1: mul <mulx0=int64#10
@ -3033,10 +3033,10 @@ adc %rdx,%r8
# asm 2: movq <c1_stack=64(%rsp),>mulx1=%r12
movq 64(%rsp),%r12
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D0,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0)
# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx1
# asm 1: mul <mulx1=int64#10
@ -3058,10 +3058,10 @@ mov $0,%rbp
# asm 2: adc <mulrdx=%rdx,<mulc=%rbp
adc %rdx,%rbp
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D1,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1)
# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx1
# asm 1: mul <mulx1=int64#10
@ -3093,10 +3093,10 @@ mov $0,%rbp
# asm 2: adc <mulrdx=%rdx,<mulc=%rbp
adc %rdx,%rbp
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D2
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D2,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2)
# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx1
# asm 1: mul <mulx1=int64#10
@ -3128,10 +3128,10 @@ mov $0,%rbp
# asm 2: adc <mulrdx=%rdx,<mulc=%rbp
adc %rdx,%rbp
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D3
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D3,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3)
# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx1
# asm 1: mul <mulx1=int64#10
@ -3163,10 +3163,10 @@ adc %rdx,%r9
# asm 2: movq <c2_stack=72(%rsp),>mulx2=%r12
movq 72(%rsp),%r12
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D0,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0)
# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx2
# asm 1: mul <mulx2=int64#10
@ -3188,10 +3188,10 @@ mov $0,%rbp
# asm 2: adc <mulrdx=%rdx,<mulc=%rbp
adc %rdx,%rbp
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D1,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1)
# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx2
# asm 1: mul <mulx2=int64#10
@ -3223,10 +3223,10 @@ mov $0,%rbp
# asm 2: adc <mulrdx=%rdx,<mulc=%rbp
adc %rdx,%rbp
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D2
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D2,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2)
# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx2
# asm 1: mul <mulx2=int64#10
@ -3258,10 +3258,10 @@ mov $0,%rbp
# asm 2: adc <mulrdx=%rdx,<mulc=%rbp
adc %rdx,%rbp
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D3
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D3,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3)
# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx2
# asm 1: mul <mulx2=int64#10
@ -3293,10 +3293,10 @@ adc %rdx,%r10
# asm 2: movq <c3_stack=80(%rsp),>mulx3=%r12
movq 80(%rsp),%r12
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D0,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0)
# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx3
# asm 1: mul <mulx3=int64#10
@ -3318,10 +3318,10 @@ mov $0,%rbp
# asm 2: adc <mulrdx=%rdx,<mulc=%rbp
adc %rdx,%rbp
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D1,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1)
# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx3
# asm 1: mul <mulx3=int64#10
@ -3353,10 +3353,10 @@ mov $0,%rbp
# asm 2: adc <mulrdx=%rdx,<mulc=%rbp
adc %rdx,%rbp
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D2
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D2,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2)
# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx3
# asm 1: mul <mulx3=int64#10
@ -3388,10 +3388,10 @@ mov $0,%rbp
# asm 2: adc <mulrdx=%rdx,<mulc=%rbp
adc %rdx,%rbp
# qhasm: mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D3
# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=int64#7
# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax
movq crypto_sign_ed25519_amd64_64_EC2D3,%rax
# qhasm: mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3)
# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7
# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax
movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * mulx3
# asm 1: mul <mulx3=int64#10
@ -3423,8 +3423,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#5
@ -3441,8 +3441,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r9
mov %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#6
@ -3464,8 +3464,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr6=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#8
@ -3487,8 +3487,8 @@ mov $0,%r11
# asm 2: adc <mulrdx=%rdx,<mulr7=%r11
adc %rdx,%r11
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#9
@ -4105,8 +4105,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -4123,8 +4123,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -4146,8 +4146,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -4169,8 +4169,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6

5
ed25519/amd64-64-24k/ge25519_batchpack.c
View file

@ -1,13 +1,12 @@
#include "fe25519.h"
#include "ge25519.h"
// assumes inz[] points to things in in[]
// NOTE: leaves in unfinished state
void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num)
void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num)
{
fe25519 ty;
fe25519_batchinvert(inz, tmp, inz, num);
fe25519_batchinvert(&in->z, &in->z, tmp, num, sizeof(ge25519_p3));
for (size_t i = 0; i < num; ++i) {
fe25519_mul(&ty, &in[i].y, &in[i].z);

74
ed25519/amd64-64-24k/ge25519_dbl_p1p1.s → ed25519/amd64-64-24k/ge25519_dbl_p1p1.S
View file

@ -233,13 +233,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1
# qhasm: enter CRYPTO_NAMESPACE(ge25519_dbl_p1p1)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1
.globl crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1
_crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1:
crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1:
.globl _CRYPTO_NAMESPACE(ge25519_dbl_p1p1)
.globl CRYPTO_NAMESPACE(ge25519_dbl_p1p1)
_CRYPTO_NAMESPACE(ge25519_dbl_p1p1):
CRYPTO_NAMESPACE(ge25519_dbl_p1p1):
mov %rsp,%r11
and $31,%r11
add $192,%r11
@ -575,8 +575,8 @@ adc %rdx,%rcx
# asm 2: mov <squarer4=%r11,>squarerax=%rax
mov %r11,%rax
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: squarer4 = squarerax
# asm 1: mov <squarerax=int64#7,>squarer4=int64#9
@ -593,8 +593,8 @@ mov %r12,%rax
# asm 2: mov <squarerdx=%rdx,>squarer5=%r12
mov %rdx,%r12
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer5 += squarerax
# asm 1: add <squarerax=int64#7,<squarer5=int64#10
@ -616,8 +616,8 @@ mov $0,%r13
# asm 2: adc <squarerdx=%rdx,<squarer6=%r13
adc %rdx,%r13
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer6 += squarerax
# asm 1: add <squarerax=int64#7,<squarer6=int64#11
@ -639,8 +639,8 @@ mov $0,%rcx
# asm 2: adc <squarerdx=%rdx,<squarer7=%rcx
adc %rdx,%rcx
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer7 += squarerax
# asm 1: add <squarerax=int64#7,<squarer7=int64#4
@ -1042,8 +1042,8 @@ adc %rdx,%rcx
# asm 2: mov <squarer4=%r11,>squarerax=%rax
mov %r11,%rax
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: squarer4 = squarerax
# asm 1: mov <squarerax=int64#7,>squarer4=int64#9
@ -1060,8 +1060,8 @@ mov %r12,%rax
# asm 2: mov <squarerdx=%rdx,>squarer5=%r12
mov %rdx,%r12
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer5 += squarerax
# asm 1: add <squarerax=int64#7,<squarer5=int64#10
@ -1083,8 +1083,8 @@ mov $0,%r13
# asm 2: adc <squarerdx=%rdx,<squarer6=%r13
adc %rdx,%r13
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer6 += squarerax
# asm 1: add <squarerax=int64#7,<squarer6=int64#11
@ -1106,8 +1106,8 @@ mov $0,%rcx
# asm 2: adc <squarerdx=%rdx,<squarer7=%rcx
adc %rdx,%rcx
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer7 += squarerax
# asm 1: add <squarerax=int64#7,<squarer7=int64#4
@ -1509,8 +1509,8 @@ adc %rdx,%rcx
# asm 2: mov <squarer4=%r11,>squarerax=%rax
mov %r11,%rax
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: squarer4 = squarerax
# asm 1: mov <squarerax=int64#7,>squarer4=int64#9
@ -1527,8 +1527,8 @@ mov %r12,%rax
# asm 2: mov <squarerdx=%rdx,>squarer5=%r12
mov %rdx,%r12
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer5 += squarerax
# asm 1: add <squarerax=int64#7,<squarer5=int64#10
@ -1550,8 +1550,8 @@ mov $0,%r13
# asm 2: adc <squarerdx=%rdx,<squarer6=%r13
adc %rdx,%r13
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer6 += squarerax
# asm 1: add <squarerax=int64#7,<squarer6=int64#11
@ -1573,8 +1573,8 @@ mov $0,%rcx
# asm 2: adc <squarerdx=%rdx,<squarer7=%rcx
adc %rdx,%rcx
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer7 += squarerax
# asm 1: add <squarerax=int64#7,<squarer7=int64#4
@ -2631,8 +2631,8 @@ adc %rdx,%rsi
# asm 2: mov <squarer4=%r10,>squarerax=%rax
mov %r10,%rax
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: squarer4 = squarerax
# asm 1: mov <squarerax=int64#7,>squarer4=int64#8
@ -2649,8 +2649,8 @@ mov %r11,%rax
# asm 2: mov <squarerdx=%rdx,>squarer5=%r11
mov %rdx,%r11
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer5 += squarerax
# asm 1: add <squarerax=int64#7,<squarer5=int64#9
@ -2672,8 +2672,8 @@ mov $0,%r12
# asm 2: adc <squarerdx=%rdx,<squarer6=%r12
adc %rdx,%r12
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer6 += squarerax
# asm 1: add <squarerax=int64#7,<squarer6=int64#10
@ -2695,8 +2695,8 @@ mov $0,%rsi
# asm 2: adc <squarerdx=%rdx,<squarer7=%rsi
adc %rdx,%rsi
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? squarer7 += squarerax
# asm 1: add <squarerax=int64#7,<squarer7=int64#2

2
ed25519/amd64-64-24k/ge25519_double_scalarmult.c
View file

@ -7,7 +7,7 @@
#define S2_SWINDOWSIZE 7
#define PRE2_SIZE (1<<(S2_SWINDOWSIZE-2))
ge25519_niels pre2[PRE2_SIZE] = {
static const ge25519_niels pre2[PRE2_SIZE] = {
#include "ge25519_base_slide_multiples.data"
};

122
ed25519/amd64-64-24k/ge25519_nielsadd2.s → ed25519/amd64-64-24k/ge25519_nielsadd2.S
View file

@ -293,13 +293,13 @@
# qhasm: int64 subt1
# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_nielsadd2
# qhasm: enter CRYPTO_NAMESPACE(ge25519_nielsadd2)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_ge25519_nielsadd2
.globl crypto_sign_ed25519_amd64_64_ge25519_nielsadd2
_crypto_sign_ed25519_amd64_64_ge25519_nielsadd2:
crypto_sign_ed25519_amd64_64_ge25519_nielsadd2:
.globl _CRYPTO_NAMESPACE(ge25519_nielsadd2)
.globl CRYPTO_NAMESPACE(ge25519_nielsadd2)
_CRYPTO_NAMESPACE(ge25519_nielsadd2):
CRYPTO_NAMESPACE(ge25519_nielsadd2):
mov %rsp,%r11
and $31,%r11
add $192,%r11
@ -1060,8 +1060,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#4
@ -1078,8 +1078,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r8
mov %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#5
@ -1101,8 +1101,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr6=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#6
@ -1124,8 +1124,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr7=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#8
@ -1742,8 +1742,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#4
@ -1760,8 +1760,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r8
mov %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#5
@ -1783,8 +1783,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr6=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#6
@ -1806,8 +1806,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr7=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#8
@ -2594,8 +2594,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -2612,8 +2612,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -2635,8 +2635,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -2658,8 +2658,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6
@ -3531,8 +3531,8 @@ adc %rdx,%r9
# asm 2: mov <mulr4=%rsi,>mulrax=%rax
mov %rsi,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -3549,8 +3549,8 @@ mov %rcx,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -3572,8 +3572,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -3595,8 +3595,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6
@ -4213,8 +4213,8 @@ adc %rdx,%r9
# asm 2: mov <mulr4=%rsi,>mulrax=%rax
mov %rsi,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -4231,8 +4231,8 @@ mov %rcx,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -4254,8 +4254,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -4277,8 +4277,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6
@ -4895,8 +4895,8 @@ adc %rdx,%r9
# asm 2: mov <mulr4=%rsi,>mulrax=%rax
mov %rsi,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -4913,8 +4913,8 @@ mov %rcx,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -4936,8 +4936,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -4959,8 +4959,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6
@ -5577,8 +5577,8 @@ adc %rdx,%r9
# asm 2: mov <mulr4=%rsi,>mulrax=%rax
mov %rsi,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -5595,8 +5595,8 @@ mov %rcx,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -5618,8 +5618,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -5641,8 +5641,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6

58
ed25519/amd64-64-24k/ge25519_nielsadd_p1p1.s → ed25519/amd64-64-24k/ge25519_nielsadd_p1p1.S
View file

@ -297,13 +297,13 @@
# qhasm: int64 subt1
# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1
# qhasm: enter CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1
.globl crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1
_crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1:
crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1:
.globl _CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1)
.globl CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1)
_CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1):
CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1):
mov %rsp,%r11
and $31,%r11
add $128,%r11
@ -1069,8 +1069,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#5
@ -1087,8 +1087,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r9
mov %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#6
@ -1110,8 +1110,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr6=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#8
@ -1133,8 +1133,8 @@ mov $0,%r11
# asm 2: adc <mulrdx=%rdx,<mulr7=%r11
adc %rdx,%r11
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#9
@ -1751,8 +1751,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#5
@ -1769,8 +1769,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r9
mov %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#6
@ -1792,8 +1792,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr6=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#8
@ -1815,8 +1815,8 @@ mov $0,%r11
# asm 2: adc <mulrdx=%rdx,<mulr7=%r11
adc %rdx,%r11
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#9
@ -2603,8 +2603,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#4
@ -2621,8 +2621,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r8
mov %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#5
@ -2644,8 +2644,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr6=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#6
@ -2667,8 +2667,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr7=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#8

58
ed25519/amd64-64-24k/ge25519_p1p1_to_p2.s → ed25519/amd64-64-24k/ge25519_p1p1_to_p2.S
View file

@ -101,13 +101,13 @@
# qhasm: int64 muli38
# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2
# qhasm: enter CRYPTO_NAMESPACE(ge25519_p1p1_to_p2)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2
.globl crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2
_crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2:
crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2:
.globl _CRYPTO_NAMESPACE(ge25519_p1p1_to_p2)
.globl CRYPTO_NAMESPACE(ge25519_p1p1_to_p2)
_CRYPTO_NAMESPACE(ge25519_p1p1_to_p2):
CRYPTO_NAMESPACE(ge25519_p1p1_to_p2):
mov %rsp,%r11
and $31,%r11
add $64,%r11
@ -658,8 +658,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#4
@ -676,8 +676,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r8
mov %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#5
@ -699,8 +699,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr6=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#6
@ -722,8 +722,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr7=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#8
@ -1340,8 +1340,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#4
@ -1358,8 +1358,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r8
mov %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#5
@ -1381,8 +1381,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr6=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#6
@ -1404,8 +1404,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr7=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#8
@ -2022,8 +2022,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -2040,8 +2040,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -2063,8 +2063,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -2086,8 +2086,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6

74
ed25519/amd64-64-24k/ge25519_p1p1_to_p3.s → ed25519/amd64-64-24k/ge25519_p1p1_to_p3.S
View file

@ -109,13 +109,13 @@
# qhasm: int64 muli38
# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3
# qhasm: enter CRYPTO_NAMESPACE(ge25519_p1p1_to_p3)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3
.globl crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3
_crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3:
crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3:
.globl _CRYPTO_NAMESPACE(ge25519_p1p1_to_p3)
.globl CRYPTO_NAMESPACE(ge25519_p1p1_to_p3)
_CRYPTO_NAMESPACE(ge25519_p1p1_to_p3):
CRYPTO_NAMESPACE(ge25519_p1p1_to_p3):
mov %rsp,%r11
and $31,%r11
add $64,%r11
@ -666,8 +666,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#4
@ -684,8 +684,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r8
mov %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#5
@ -707,8 +707,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr6=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#6
@ -730,8 +730,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr7=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#8
@ -1348,8 +1348,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#4
@ -1366,8 +1366,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r8
mov %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#5
@ -1389,8 +1389,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr6=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#6
@ -1412,8 +1412,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr7=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#8
@ -2030,8 +2030,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#4
@ -2048,8 +2048,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r8
mov %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#5
@ -2071,8 +2071,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr6=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#6
@ -2094,8 +2094,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr7=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#8
@ -2712,8 +2712,8 @@ adc %rdx,%r10
# asm 2: mov <mulr4=%rcx,>mulrax=%rax
mov %rcx,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -2730,8 +2730,8 @@ mov %r8,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -2753,8 +2753,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -2776,8 +2776,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6

74
ed25519/amd64-64-24k/ge25519_pnielsadd_p1p1.s → ed25519/amd64-64-24k/ge25519_pnielsadd_p1p1.S
View file

@ -225,13 +225,13 @@
# qhasm: int64 subt1
# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1
# qhasm: enter CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1
.globl crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1
_crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1:
crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1:
.globl _CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1)
.globl CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1)
_CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1):
CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1):
mov %rsp,%r11
and $31,%r11
add $128,%r11
@ -997,8 +997,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#5
@ -1015,8 +1015,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r9
mov %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#6
@ -1038,8 +1038,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr6=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#8
@ -1061,8 +1061,8 @@ mov $0,%r11
# asm 2: adc <mulrdx=%rdx,<mulr7=%r11
adc %rdx,%r11
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#9
@ -1679,8 +1679,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#5
@ -1697,8 +1697,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r9
mov %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#6
@ -1720,8 +1720,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr6=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#8
@ -1743,8 +1743,8 @@ mov $0,%r11
# asm 2: adc <mulrdx=%rdx,<mulr7=%r11
adc %rdx,%r11
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#9
@ -2531,8 +2531,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#5
@ -2549,8 +2549,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%r9
mov %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#6
@ -2572,8 +2572,8 @@ mov $0,%r10
# asm 2: adc <mulrdx=%rdx,<mulr6=%r10
adc %rdx,%r10
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#8
@ -2595,8 +2595,8 @@ mov $0,%r11
# asm 2: adc <mulrdx=%rdx,<mulr7=%r11
adc %rdx,%r11
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#9
@ -3213,8 +3213,8 @@ adc %rdx,%r11
# asm 2: mov <mulr4=%r8,>mulrax=%rax
mov %r8,%rax
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: mulr4 = mulrax
# asm 1: mov <mulrax=int64#7,>mulr4=int64#2
@ -3231,8 +3231,8 @@ mov %r9,%rax
# asm 2: mov <mulrdx=%rdx,>mulr5=%rcx
mov %rdx,%rcx
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr5 += mulrax
# asm 1: add <mulrax=int64#7,<mulr5=int64#4
@ -3254,8 +3254,8 @@ mov $0,%r8
# asm 2: adc <mulrdx=%rdx,<mulr6=%r8
adc %rdx,%r8
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr6 += mulrax
# asm 1: add <mulrax=int64#7,<mulr6=int64#5
@ -3277,8 +3277,8 @@ mov $0,%r9
# asm 2: adc <mulrdx=%rdx,<mulr7=%r9
adc %rdx,%r9
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
mulq crypto_sign_ed25519_amd64_64_38
# qhasm: (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
mulq CRYPTO_NAMESPACE(38)(%rip)
# qhasm: carry? mulr7 += mulrax
# asm 1: add <mulrax=int64#7,<mulr7=int64#6

2
ed25519/amd64-64-24k/ge25519_scalarmult_base.c
View file

@ -11,10 +11,8 @@ static const ge25519_niels ge25519_base_multiples_niels[] = {
#endif
};
#ifdef SMALLTABLES
/* d */
static const fe25519 ecd = {{0x75EB4DCA135978A3, 0x00700A4D4141D8AB, 0x8CC740797779E898, 0x52036CEE2B6FFE73}};
#endif
void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s)
{

10
ed25519/amd64-51-30k/heap_rootreplaced.s → ed25519/amd64-64-24k/heap_rootreplaced.S
View file

@ -93,13 +93,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced
# qhasm: enter CRYPTO_NAMESPACE(heap_rootreplaced)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced
.globl crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced
_crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced:
crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced:
.globl _CRYPTO_NAMESPACE(heap_rootreplaced)
.globl CRYPTO_NAMESPACE(heap_rootreplaced)
_CRYPTO_NAMESPACE(heap_rootreplaced):
CRYPTO_NAMESPACE(heap_rootreplaced):
mov %rsp,%r11
and $31,%r11
add $64,%r11

10
ed25519/amd64-51-30k/heap_rootreplaced_1limb.s → ed25519/amd64-64-24k/heap_rootreplaced_1limb.S
View file

@ -93,13 +93,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb
# qhasm: enter CRYPTO_NAMESPACE(heap_rootreplaced_1limb)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb
.globl crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb
_crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb:
crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb:
.globl _CRYPTO_NAMESPACE(heap_rootreplaced_1limb)
.globl CRYPTO_NAMESPACE(heap_rootreplaced_1limb)
_CRYPTO_NAMESPACE(heap_rootreplaced_1limb):
CRYPTO_NAMESPACE(heap_rootreplaced_1limb):
mov %rsp,%r11
and $31,%r11
add $64,%r11

10
ed25519/amd64-51-30k/heap_rootreplaced_2limbs.s → ed25519/amd64-64-24k/heap_rootreplaced_2limbs.S
View file

@ -93,13 +93,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs
# qhasm: enter CRYPTO_NAMESPACE(heap_rootreplaced_2limbs)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs
.globl crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs
_crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs:
crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs:
.globl _CRYPTO_NAMESPACE(heap_rootreplaced_2limbs)
.globl CRYPTO_NAMESPACE(heap_rootreplaced_2limbs)
_CRYPTO_NAMESPACE(heap_rootreplaced_2limbs):
CRYPTO_NAMESPACE(heap_rootreplaced_2limbs):
mov %rsp,%r11
and $31,%r11
add $64,%r11

10
ed25519/amd64-51-30k/heap_rootreplaced_3limbs.s → ed25519/amd64-64-24k/heap_rootreplaced_3limbs.S
View file

@ -93,13 +93,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs
# qhasm: enter CRYPTO_NAMESPACE(heap_rootreplaced_3limbs)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs
.globl crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs
_crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs:
crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs:
.globl _CRYPTO_NAMESPACE(heap_rootreplaced_3limbs)
.globl CRYPTO_NAMESPACE(heap_rootreplaced_3limbs)
_CRYPTO_NAMESPACE(heap_rootreplaced_3limbs):
CRYPTO_NAMESPACE(heap_rootreplaced_3limbs):
mov %rsp,%r11
and $31,%r11
add $64,%r11

2
ed25519/amd64-64-24k/hram.h
View file

@ -1,7 +1,7 @@
#ifndef HRAM_H
#define HRAM_H
#define get_hram crypto_sign_ed25519_amd64_64_get_hram
#define get_hram CRYPTO_NAMESPACE(get_hram)
extern void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen);

27
ed25519/amd64-64-24k/index_heap.h
View file

@ -2,16 +2,17 @@
#define INDEX_HEAP_H
#include "sc25519.h"
#include "compat.h"
#define heap_init crypto_sign_ed25519_amd64_64_heap_init
#define heap_extend crypto_sign_ed25519_amd64_64_heap_extend
#define heap_pop crypto_sign_ed25519_amd64_64_heap_pop
#define heap_push crypto_sign_ed25519_amd64_64_heap_push
#define heap_get2max crypto_sign_ed25519_amd64_64_heap_get2max
#define heap_rootreplaced crypto_sign_ed25519_amd64_64_heap_rootreplaced
#define heap_rootreplaced_3limbs crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs
#define heap_rootreplaced_2limbs crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs
#define heap_rootreplaced_1limb crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb
#define heap_init CRYPTO_NAMESPACE(heap_init)
#define heap_extend CRYPTO_NAMESPACE(heap_extend)
#define heap_pop CRYPTO_NAMESPACE(heap_pop)
#define heap_push CRYPTO_NAMESPACE(heap_push)
#define heap_get2max CRYPTO_NAMESPACE(heap_get2max)
#define heap_rootreplaced CRYPTO_NAMESPACE(heap_rootreplaced)
#define heap_rootreplaced_3limbs CRYPTO_NAMESPACE(heap_rootreplaced_3limbs)
#define heap_rootreplaced_2limbs CRYPTO_NAMESPACE(heap_rootreplaced_2limbs)
#define heap_rootreplaced_1limb CRYPTO_NAMESPACE(heap_rootreplaced_1limb)
void heap_init(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
@ -23,9 +24,9 @@ void heap_push(unsigned long long *h, unsigned long long *hlen, unsigned long lo
void heap_get2max(unsigned long long *h, unsigned long long *max1, unsigned long long *max2, sc25519 *scalars);
void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
#endif

56
ed25519/amd64-64-24k/sc25519.h
View file

@ -1,34 +1,36 @@
#ifndef SC25519_H
#define SC25519_H
#define sc25519 crypto_sign_ed25519_amd64_64_sc25519
#define shortsc25519 crypto_sign_ed25519_amd64_64_shortsc25519
#define sc25519_from32bytes crypto_sign_ed25519_amd64_64_sc25519_from32bytes
#define shortsc25519_from16bytes crypto_sign_ed25519_amd64_64_shortsc25519_from16bytes
#define sc25519_from64bytes crypto_sign_ed25519_amd64_64_sc25519_from64bytes
#define sc25519_from_shortsc crypto_sign_ed25519_amd64_64_sc25519_from_shortsc
#define sc25519_to32bytes crypto_sign_ed25519_amd64_64_sc25519_to32bytes
#define sc25519_iszero_vartime crypto_sign_ed25519_amd64_64_sc25519_iszero_vartime
#define sc25519_isshort_vartime crypto_sign_ed25519_amd64_64_sc25519_isshort_vartime
#define sc25519_lt crypto_sign_ed25519_amd64_64_sc25519_lt
#define sc25519_add crypto_sign_ed25519_amd64_64_sc25519_add
#define sc25519_sub_nored crypto_sign_ed25519_amd64_64_sc25519_sub_nored
#define sc25519_mul crypto_sign_ed25519_amd64_64_sc25519_mul
#define sc25519_mul_shortsc crypto_sign_ed25519_amd64_64_sc25519_mul_shortsc
#define sc25519_window4 crypto_sign_ed25519_amd64_64_sc25519_window4
#define sc25519_slide crypto_sign_ed25519_amd64_64_sc25519_slide
#define sc25519_2interleave2 crypto_sign_ed25519_amd64_64_sc25519_2interleave2
#define sc25519_barrett crypto_sign_ed25519_amd64_64_sc25519_barrett
#include "compat.h"
typedef struct
#define sc25519 CRYPTO_NAMESPACE(sc25519)
#define shortsc25519 CRYPTO_NAMESPACE(shortsc25519)
#define sc25519_from32bytes CRYPTO_NAMESPACE(sc25519_from32bytes)
#define shortsc25519_from16bytes CRYPTO_NAMESPACE(shortsc25519_from16bytes)
#define sc25519_from64bytes CRYPTO_NAMESPACE(sc25519_from64bytes)
#define sc25519_from_shortsc CRYPTO_NAMESPACE(sc25519_from_shortsc)
#define sc25519_to32bytes CRYPTO_NAMESPACE(sc25519_to32bytes)
#define sc25519_iszero_vartime CRYPTO_NAMESPACE(sc25519_iszero_vartime)
#define sc25519_isshort_vartime CRYPTO_NAMESPACE(sc25519_isshort_vartime)
#define sc25519_lt CRYPTO_NAMESPACE(sc25519_lt)
#define sc25519_add CRYPTO_NAMESPACE(sc25519_add)
#define sc25519_sub_nored CRYPTO_NAMESPACE(sc25519_sub_nored)
#define sc25519_mul CRYPTO_NAMESPACE(sc25519_mul)
#define sc25519_mul_shortsc CRYPTO_NAMESPACE(sc25519_mul_shortsc)
#define sc25519_window4 CRYPTO_NAMESPACE(sc25519_window4)
#define sc25519_slide CRYPTO_NAMESPACE(sc25519_slide)
#define sc25519_2interleave2 CRYPTO_NAMESPACE(sc25519_2interleave2)
#define sc25519_barrett CRYPTO_NAMESPACE(sc25519_barrett)
typedef struct
{
unsigned long long v[4];
unsigned long long v[4];
}
sc25519;
typedef struct
typedef struct
{
unsigned long long v[2];
unsigned long long v[2];
}
shortsc25519;
@ -42,11 +44,11 @@ void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
int sc25519_iszero_vartime(const sc25519 *x);
int sc25519_lt(const sc25519 *x, const sc25519 *y);
int sc25519_lt(const sc25519 *x, const sc25519 *y) SYSVABI;
void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI;
void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y);
void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI;
void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);
@ -55,12 +57,12 @@ void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y);
/* Convert s into a representation of the form \sum_{i=0}^{63}r[i]2^(4*i)
* with r[i] in {-8,...,7}
*/
void sc25519_window4(signed char r[85], const sc25519 *s);
void sc25519_window4(signed char r[64], const sc25519 *s);
void sc25519_slide(signed char r[256], const sc25519 *s, int swindowsize);
void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
void sc25519_barrett(sc25519 *r, unsigned long long x[8]);
void sc25519_barrett(sc25519 *r, unsigned long long x[8]) SYSVABI;
#endif

42
ed25519/amd64-51-30k/sc25519_add.s → ed25519/amd64-64-24k/sc25519_add.S
View file

@ -63,13 +63,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add
# qhasm: enter CRYPTO_NAMESPACE(sc25519_add)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add
.globl crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add
_crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add:
crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add:
.globl _CRYPTO_NAMESPACE(sc25519_add)
.globl CRYPTO_NAMESPACE(sc25519_add)
_CRYPTO_NAMESPACE(sc25519_add):
CRYPTO_NAMESPACE(sc25519_add):
mov %rsp,%r11
and $31,%r11
add $32,%r11
@ -150,25 +150,25 @@ mov %r9,%r10
# asm 2: mov <r3=%rsi,>t3=%r14
mov %rsi,%r14
# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=int64#3
# asm 2: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=%rdx
sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,%rdx
# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
# asm 1: sub CRYPTO_NAMESPACE(ORDER0),<t0=int64#3
# asm 2: sub CRYPTO_NAMESPACE(ORDER0),<t0=%rdx
sub CRYPTO_NAMESPACE(ORDER0)(%rip),%rdx
# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=int64#7
# asm 2: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=%rax
sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,%rax
# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) - carry
# asm 1: sbb CRYPTO_NAMESPACE(ORDER1),<t1=int64#7
# asm 2: sbb CRYPTO_NAMESPACE(ORDER1),<t1=%rax
sbb CRYPTO_NAMESPACE(ORDER1)(%rip),%rax
# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=int64#8
# asm 2: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=%r10
sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,%r10
# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) - carry
# asm 1: sbb CRYPTO_NAMESPACE(ORDER2),<t2=int64#8
# asm 2: sbb CRYPTO_NAMESPACE(ORDER2),<t2=%r10
sbb CRYPTO_NAMESPACE(ORDER2)(%rip),%r10
# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=int64#12
# asm 2: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=%r14
sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,%r14
# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER3) - carry
# asm 1: sbb CRYPTO_NAMESPACE(ORDER3),<t3=int64#12
# asm 2: sbb CRYPTO_NAMESPACE(ORDER3),<t3=%r14
sbb CRYPTO_NAMESPACE(ORDER3)(%rip),%r14
# qhasm: r0 = t0 if !unsigned<
# asm 1: cmovae <t0=int64#3,<r0=int64#4

190
ed25519/amd64-51-30k/sc25519_barrett.s → ed25519/amd64-64-24k/sc25519_barrett.S
View file

@ -107,13 +107,13 @@
# qhasm: stack64 q33_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett
# qhasm: enter CRYPTO_NAMESPACE(sc25519_barrett)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett
.globl crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett
_crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett:
crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett:
.globl _CRYPTO_NAMESPACE(sc25519_barrett)
.globl CRYPTO_NAMESPACE(sc25519_barrett)
_CRYPTO_NAMESPACE(sc25519_barrett):
CRYPTO_NAMESPACE(sc25519_barrett):
mov %rsp,%r11
and $31,%r11
add $96,%r11
@ -184,8 +184,8 @@ xor %r11,%r11
# asm 2: movq 24(<xp=%rsi),>rax=%rax
movq 24(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
mulq CRYPTO_NAMESPACE(MU3)(%rip)
# qhasm: q23 = rax
# asm 1: mov <rax=int64#7,>q23=int64#10
@ -202,8 +202,8 @@ mov %rdx,%r13
# asm 2: movq 24(<xp=%rsi),>rax=%rax
movq 24(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
mulq CRYPTO_NAMESPACE(MU4)(%rip)
# qhasm: q24 = rax
# asm 1: mov <rax=int64#7,>q24=int64#12
@ -225,8 +225,8 @@ adc %rdx,%r8
# asm 2: movq 32(<xp=%rsi),>rax=%rax
movq 32(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2)
mulq CRYPTO_NAMESPACE(MU2)(%rip)
# qhasm: carry? q23 += rax
# asm 1: add <rax=int64#7,<q23=int64#10
@ -248,8 +248,8 @@ adc %rdx,%r13
# asm 2: movq 32(<xp=%rsi),>rax=%rax
movq 32(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
mulq CRYPTO_NAMESPACE(MU3)(%rip)
# qhasm: carry? q24 += rax
# asm 1: add <rax=int64#7,<q24=int64#12
@ -281,8 +281,8 @@ adc %rdx,%r13
# asm 2: movq 32(<xp=%rsi),>rax=%rax
movq 32(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
mulq CRYPTO_NAMESPACE(MU4)(%rip)
# qhasm: carry? q30 += rax
# asm 1: add <rax=int64#7,<q30=int64#5
@ -309,8 +309,8 @@ adc %rdx,%r9
# asm 2: movq 40(<xp=%rsi),>rax=%rax
movq 40(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1)
mulq CRYPTO_NAMESPACE(MU1)(%rip)
# qhasm: carry? q23 += rax
# asm 1: add <rax=int64#7,<q23=int64#10
@ -332,8 +332,8 @@ adc %rdx,%r13
# asm 2: movq 40(<xp=%rsi),>rax=%rax
movq 40(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2)
mulq CRYPTO_NAMESPACE(MU2)(%rip)
# qhasm: carry? q24 += rax
# asm 1: add <rax=int64#7,<q24=int64#12
@ -365,8 +365,8 @@ adc %rdx,%r13
# asm 2: movq 40(<xp=%rsi),>rax=%rax
movq 40(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
mulq CRYPTO_NAMESPACE(MU3)(%rip)
# qhasm: carry? q30 += rax
# asm 1: add <rax=int64#7,<q30=int64#5
@ -398,8 +398,8 @@ adc %rdx,%r13
# asm 2: movq 40(<xp=%rsi),>rax=%rax
movq 40(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
mulq CRYPTO_NAMESPACE(MU4)(%rip)
# qhasm: carry? q31 += rax
# asm 1: add <rax=int64#7,<q31=int64#6
@ -426,8 +426,8 @@ adc %rdx,%r10
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0)
mulq CRYPTO_NAMESPACE(MU0)(%rip)
# qhasm: carry? q23 += rax
# asm 1: add <rax=int64#7,<q23=int64#10
@ -449,8 +449,8 @@ adc %rdx,%r12
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1)
mulq CRYPTO_NAMESPACE(MU1)(%rip)
# qhasm: carry? q24 += rax
# asm 1: add <rax=int64#7,<q24=int64#12
@ -482,8 +482,8 @@ adc %rdx,%r12
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2)
mulq CRYPTO_NAMESPACE(MU2)(%rip)
# qhasm: carry? q30 += rax
# asm 1: add <rax=int64#7,<q30=int64#5
@ -515,8 +515,8 @@ adc %rdx,%r12
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
mulq CRYPTO_NAMESPACE(MU3)(%rip)
# qhasm: carry? q31 += rax
# asm 1: add <rax=int64#7,<q31=int64#6
@ -548,8 +548,8 @@ adc %rdx,%r12
# asm 2: movq 48(<xp=%rsi),>rax=%rax
movq 48(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
mulq CRYPTO_NAMESPACE(MU4)(%rip)
# qhasm: carry? q32 += rax
# asm 1: add <rax=int64#7,<q32=int64#8
@ -576,8 +576,8 @@ adc %rdx,%r11
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0)
mulq CRYPTO_NAMESPACE(MU0)(%rip)
# qhasm: carry? q24 += rax
# asm 1: add <rax=int64#7,<q24=int64#12
@ -601,8 +601,8 @@ adc %rdx,%r12
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1)
mulq CRYPTO_NAMESPACE(MU1)(%rip)
# qhasm: carry? q30 += rax
# asm 1: add <rax=int64#7,<q30=int64#5
@ -639,8 +639,8 @@ movq %r8,56(%rsp)
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2)
mulq CRYPTO_NAMESPACE(MU2)(%rip)
# qhasm: carry? q31 += rax
# asm 1: add <rax=int64#7,<q31=int64#6
@ -677,8 +677,8 @@ movq %r9,64(%rsp)
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
mulq CRYPTO_NAMESPACE(MU3)(%rip)
# qhasm: carry? q32 += rax
# asm 1: add <rax=int64#7,<q32=int64#8
@ -715,8 +715,8 @@ movq %r10,72(%rsp)
# asm 2: movq 56(<xp=%rsi),>rax=%rax
movq 56(%rsi),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
mulq crypto_sign_ed25519_amd64_51_30k_batch_MU4
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
mulq CRYPTO_NAMESPACE(MU4)(%rip)
# qhasm: carry? q33 += rax
# asm 1: add <rax=int64#7,<q33=int64#9
@ -743,8 +743,8 @@ movq %r11,80(%rsp)
# asm 2: movq <q30_stack=56(%rsp),>rax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
mulq CRYPTO_NAMESPACE(ORDER0)(%rip)
# qhasm: r20 = rax
# asm 1: mov <rax=int64#7,>r20=int64#5
@ -761,8 +761,8 @@ mov %rdx,%r9
# asm 2: movq <q30_stack=56(%rsp),>rax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1)
mulq CRYPTO_NAMESPACE(ORDER1)(%rip)
# qhasm: r21 = rax
# asm 1: mov <rax=int64#7,>r21=int64#8
@ -789,8 +789,8 @@ adc %rdx,%r9
# asm 2: movq <q30_stack=56(%rsp),>rax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2)
mulq CRYPTO_NAMESPACE(ORDER2)(%rip)
# qhasm: r22 = rax
# asm 1: mov <rax=int64#7,>r22=int64#9
@ -817,8 +817,8 @@ adc %rdx,%r9
# asm 2: movq <q30_stack=56(%rsp),>rax=%rax
movq 56(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER3
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER3)
mulq CRYPTO_NAMESPACE(ORDER3)(%rip)
# qhasm: free rdx
@ -837,8 +837,8 @@ add %r9,%r12
# asm 2: movq <q31_stack=64(%rsp),>rax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
mulq CRYPTO_NAMESPACE(ORDER0)(%rip)
# qhasm: carry? r21 += rax
# asm 1: add <rax=int64#7,<r21=int64#8
@ -860,8 +860,8 @@ adc %rdx,%r9
# asm 2: movq <q31_stack=64(%rsp),>rax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1)
mulq CRYPTO_NAMESPACE(ORDER1)(%rip)
# qhasm: carry? r22 += rax
# asm 1: add <rax=int64#7,<r22=int64#9
@ -893,8 +893,8 @@ adc %rdx,%rcx
# asm 2: movq <q31_stack=64(%rsp),>rax=%rax
movq 64(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2)
mulq CRYPTO_NAMESPACE(ORDER2)(%rip)
# qhasm: free rdx
@ -913,8 +913,8 @@ add %rcx,%r12
# asm 2: movq <q32_stack=72(%rsp),>rax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
mulq CRYPTO_NAMESPACE(ORDER0)(%rip)
# qhasm: carry? r22 += rax
# asm 1: add <rax=int64#7,<r22=int64#9
@ -936,8 +936,8 @@ adc %rdx,%rcx
# asm 2: movq <q32_stack=72(%rsp),>rax=%rax
movq 72(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1)
mulq CRYPTO_NAMESPACE(ORDER1)(%rip)
# qhasm: free rdx
@ -956,8 +956,8 @@ add %rcx,%r12
# asm 2: movq <q33_stack=80(%rsp),>rax=%rax
movq 80(%rsp),%rax
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
mulq crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
mulq CRYPTO_NAMESPACE(ORDER0)(%rip)
# qhasm: free rdx
@ -1026,25 +1026,25 @@ sbb %r12,%rsi
# asm 2: mov <r3=%rsi,>t3=%r11
mov %rsi,%r11
# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=int64#4
# asm 2: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=%rcx
sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,%rcx
# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
# asm 1: sub CRYPTO_NAMESPACE(ORDER0),<t0=int64#4
# asm 2: sub CRYPTO_NAMESPACE(ORDER0),<t0=%rcx
sub CRYPTO_NAMESPACE(ORDER0)(%rip),%rcx
# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=int64#6
# asm 2: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=%r9
sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,%r9
# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) - carry
# asm 1: sbb CRYPTO_NAMESPACE(ORDER1),<t1=int64#6
# asm 2: sbb CRYPTO_NAMESPACE(ORDER1),<t1=%r9
sbb CRYPTO_NAMESPACE(ORDER1)(%rip),%r9
# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=int64#8
# asm 2: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=%r10
sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,%r10
# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) - carry
# asm 1: sbb CRYPTO_NAMESPACE(ORDER2),<t2=int64#8
# asm 2: sbb CRYPTO_NAMESPACE(ORDER2),<t2=%r10
sbb CRYPTO_NAMESPACE(ORDER2)(%rip),%r10
# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=int64#9
# asm 2: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=%r11
sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,%r11
# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER3) - carry
# asm 1: sbb CRYPTO_NAMESPACE(ORDER3),<t3=int64#9
# asm 2: sbb CRYPTO_NAMESPACE(ORDER3),<t3=%r11
sbb CRYPTO_NAMESPACE(ORDER3)(%rip),%r11
# qhasm: r0 = t0 if !unsigned<
# asm 1: cmovae <t0=int64#4,<r0=int64#3
@ -1086,25 +1086,25 @@ cmovae %r11,%rsi
# asm 2: mov <r3=%rsi,>t3=%r11
mov %rsi,%r11
# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
# asm 1: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=int64#4
# asm 2: sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=%rcx
sub crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,%rcx
# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
# asm 1: sub CRYPTO_NAMESPACE(ORDER0),<t0=int64#4
# asm 2: sub CRYPTO_NAMESPACE(ORDER0),<t0=%rcx
sub CRYPTO_NAMESPACE(ORDER0)(%rip),%rcx
# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=int64#6
# asm 2: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=%r9
sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,%r9
# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) - carry
# asm 1: sbb CRYPTO_NAMESPACE(ORDER1),<t1=int64#6
# asm 2: sbb CRYPTO_NAMESPACE(ORDER1),<t1=%r9
sbb CRYPTO_NAMESPACE(ORDER1)(%rip),%r9
# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=int64#8
# asm 2: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=%r10
sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,%r10
# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) - carry
# asm 1: sbb CRYPTO_NAMESPACE(ORDER2),<t2=int64#8
# asm 2: sbb CRYPTO_NAMESPACE(ORDER2),<t2=%r10
sbb CRYPTO_NAMESPACE(ORDER2)(%rip),%r10
# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 - carry
# asm 1: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=int64#9
# asm 2: sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=%r11
sbb crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,%r11
# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER3) - carry
# asm 1: sbb CRYPTO_NAMESPACE(ORDER3),<t3=int64#9
# asm 2: sbb CRYPTO_NAMESPACE(ORDER3),<t3=%r11
sbb CRYPTO_NAMESPACE(ORDER3)(%rip),%r11
# qhasm: r0 = t0 if !unsigned<
# asm 1: cmovae <t0=int64#4,<r0=int64#3

10
ed25519/amd64-51-30k/sc25519_lt.s → ed25519/amd64-64-24k/sc25519_lt.S
View file

@ -57,13 +57,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt
# qhasm: enter CRYPTO_NAMESPACE(sc25519_lt)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt
.globl crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt
_crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt:
crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt:
.globl _CRYPTO_NAMESPACE(sc25519_lt)
.globl CRYPTO_NAMESPACE(sc25519_lt)
_CRYPTO_NAMESPACE(sc25519_lt):
CRYPTO_NAMESPACE(sc25519_lt):
mov %rsp,%r11
and $31,%r11
add $0,%r11

5
ed25519/amd64-64-24k/sc25519_mul.c
View file

@ -1,8 +1,9 @@
#include "sc25519.h"
#include "compat.h"
#define ull4_mul crypto_sign_ed25519_amd64_64_ull4_mul
#define ull4_mul CRYPTO_NAMESPACE(ull4_mul)
extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]);
extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]) SYSVABI;
void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
{

10
ed25519/amd64-51-30k/sc25519_sub_nored.s → ed25519/amd64-64-24k/sc25519_sub_nored.S
View file

@ -63,13 +63,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_sc25519_sub_nored
# qhasm: enter CRYPTO_NAMESPACE(sc25519_sub_nored)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_sc25519_sub_nored
.globl crypto_sign_ed25519_amd64_51_30k_batch_sc25519_sub_nored
_crypto_sign_ed25519_amd64_51_30k_batch_sc25519_sub_nored:
crypto_sign_ed25519_amd64_51_30k_batch_sc25519_sub_nored:
.globl _CRYPTO_NAMESPACE(sc25519_sub_nored)
.globl CRYPTO_NAMESPACE(sc25519_sub_nored)
_CRYPTO_NAMESPACE(sc25519_sub_nored):
CRYPTO_NAMESPACE(sc25519_sub_nored):
mov %rsp,%r11
and $31,%r11
add $0,%r11

10
ed25519/amd64-51-30k/ull4_mul.s → ed25519/amd64-64-24k/ull4_mul.S
View file

@ -77,13 +77,13 @@
# qhasm: stack64 caller7_stack
# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ull4_mul
# qhasm: enter CRYPTO_NAMESPACE(ull4_mul)
.text
.p2align 5
.globl _crypto_sign_ed25519_amd64_51_30k_batch_ull4_mul
.globl crypto_sign_ed25519_amd64_51_30k_batch_ull4_mul
_crypto_sign_ed25519_amd64_51_30k_batch_ull4_mul:
crypto_sign_ed25519_amd64_51_30k_batch_ull4_mul:
.globl _CRYPTO_NAMESPACE(ull4_mul)
.globl CRYPTO_NAMESPACE(ull4_mul)
_CRYPTO_NAMESPACE(ull4_mul):
CRYPTO_NAMESPACE(ull4_mul):
mov %rsp,%r11
and $31,%r11
add $64,%r11

4
ed25519/ed25519-donna/curve25519-donna-32bit.h
View file

@ -5,6 +5,8 @@
32 bit integer curve25519 implementation
*/
#if !defined(ED25519_SSE2) && !defined(ED25519_64BIT)
typedef uint32_t bignum25519[10];
typedef uint32_t bignum25519align16[12];
@ -577,3 +579,5 @@ curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint32_t iswap) {
x8 = swap & (a[8] ^ b[8]); a[8] ^= x8; b[8] ^= x8;
x9 = swap & (a[9] ^ b[9]); a[9] ^= x9; b[9] ^= x9;
}
#endif /* !defined(ED25519_SSE2) && !defined(ED25519_64BIT) */

3
ed25519/ed25519-donna/curve25519-donna-64bit.h
View file

@ -6,6 +6,8 @@
64bit integer curve25519 implementation
*/
#if !defined(ED25519_SSE2) && defined(ED25519_64BIT)
typedef uint64_t bignum25519[5];
static const uint64_t reduce_mask_40 = ((uint64_t)1 << 40) - 1;
@ -411,3 +413,4 @@ curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint64_t iswap) {
#define ED25519_64BIT_TABLES
#endif /* !defined(ED25519_SSE2) && defined(ED25519_64BIT) */

20
ed25519/ed25519-donna/curve25519-donna-helpers.h
View file

@ -48,7 +48,7 @@ curve25519_recip(bignum25519 out, const bignum25519 z) {
/* 2^255 - 21 */ curve25519_mul_noinline(out, b, a);
}
const static unsigned char curve25519_packedone[32] = {
static const unsigned char curve25519_packedone[32] = {
1, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
@ -67,23 +67,31 @@ curve25519_setone(bignum25519 out) {
* if that's the case then we're doing batch invert there
*/
static void
curve25519_batchrecip(bignum25519 *out[], bignum25519 tmp[], bignum25519 * const in[], size_t num) {
bignum25519 ALIGN(16) acc, tmpacc;
curve25519_batchrecip(bignum25519 *out, const bignum25519 *in, bignum25519 *tmp, size_t num, size_t offset) {
bignum25519 ALIGN(16) acc,tmpacc;
size_t i;
const bignum25519 *inp;
bignum25519 *outp;
curve25519_setone(acc);
inp = in;
for (i = 0; i < num; ++i) {
curve25519_copy(tmp[i], acc);
curve25519_mul(acc, acc, *in[i]);
curve25519_mul(acc, acc, *inp);
inp = (const bignum25519 *)((const char *)inp + offset);
}
curve25519_recip(acc, acc);
i = num;
inp = (const bignum25519 *)((const char *)in + offset * num);
outp = (bignum25519 *)((char *)out + offset * num);
while (i--) {
curve25519_mul(tmpacc, acc, *in[i]);
curve25519_mul(*out[i], acc, tmp[i]);
inp = (const bignum25519 *)((const char *)inp - offset);
outp = (bignum25519 *)((char *)outp - offset);
curve25519_mul(tmpacc, acc, *inp);
curve25519_mul(*outp, acc, tmp[i]);
curve25519_copy(acc, tmpacc);
}
}

3
ed25519/ed25519-donna/curve25519-donna-sse2.h
View file

@ -5,6 +5,8 @@
SSE2 curve25519 implementation
*/
#if defined(ED25519_SSE2)
#include <emmintrin.h>
typedef __m128i xmmi;
@ -1110,3 +1112,4 @@ curve25519_move_conditional_bytes(uint8_t out[96], const uint8_t in[96], uint32_
_mm_store_si128((xmmi*)out + 5, a5);
}
#endif /* defined(ED25519_SSE2) */

4
ed25519/ed25519-donna/ed25519-donna-32bit-tables.h
View file

@ -1,3 +1,5 @@
#if !defined(ED25519_64BIT)
static const ge25519 ALIGN(16) ge25519_basepoint = {
{0x0325d51a,0x018b5823,0x00f6592a,0x0104a92d,0x01a4b31d,0x01d6dc5c,0x027118fe,0x007fd814,0x013cd6e5,0x0085a4db},
{0x02666658,0x01999999,0x00cccccc,0x01333333,0x01999999,0x00666666,0x03333333,0x00cccccc,0x02666666,0x01999999},
@ -59,3 +61,5 @@ static const ge25519_niels ALIGN(16) ge25519_niels_sliding_multiples[32] = {
{{0x01085cf2,0x01fd47af,0x03e3f5e1,0x004b3e99,0x01e3d46a,0x0060033c,0x015ff0a8,0x0150cdd8,0x029e8e21,0x008cf1bc},{0x00156cb1,0x003d623f,0x01a4f069,0x00d8d053,0x01b68aea,0x01ca5ab6,0x0316ae43,0x0134dc44,0x001c8d58,0x0084b343},{0x0318c781,0x0135441f,0x03a51a5e,0x019293f4,0x0048bb37,0x013d3341,0x0143151e,0x019c74e1,0x00911914,0x0076ddde}},
{{0x006bc26f,0x00d48e5f,0x00227bbe,0x00629ea8,0x01ea5f8b,0x0179a330,0x027a1d5f,0x01bf8f8e,0x02d26e2a,0x00c6b65e},{0x01701ab6,0x0051da77,0x01b4b667,0x00a0ce7c,0x038ae37b,0x012ac852,0x03a0b0fe,0x0097c2bb,0x00a017d2,0x01eb8b2a},{0x0120b962,0x0005fb42,0x0353b6fd,0x0061f8ce,0x007a1463,0x01560a64,0x00e0a792,0x01907c92,0x013a6622,0x007b47f1}}
};
#endif /* !defined(ED25519_64BIT) */

4
ed25519/ed25519-donna/ed25519-donna-64bit-tables.h
View file

@ -1,3 +1,5 @@
#if defined(ED25519_64BIT)
static const ge25519 ge25519_basepoint = {
{0x00062d608f25d51a,0x000412a4b4f6592a,0x00075b7171a4b31d,0x0001ff60527118fe,0x000216936d3cd6e5},
{0x0006666666666658,0x0004cccccccccccc,0x0001999999999999,0x0003333333333333,0x0006666666666666},
@ -51,3 +53,5 @@ static const ge25519_niels ge25519_niels_sliding_multiples[32] = {
{{0x0007f51ebd085cf2,0x00012cfa67e3f5e1,0x0001800cf1e3d46a,0x00054337615ff0a8,0x000233c6f29e8e21},{0x0000f588fc156cb1,0x000363414da4f069,0x0007296ad9b68aea,0x0004d3711316ae43,0x000212cd0c1c8d58},{0x0004d5107f18c781,0x00064a4fd3a51a5e,0x0004f4cd0448bb37,0x000671d38543151e,0x0001db7778911914}},
{{0x000352397c6bc26f,0x00018a7aa0227bbe,0x0005e68cc1ea5f8b,0x0006fe3e3a7a1d5f,0x00031ad97ad26e2a},{0x00014769dd701ab6,0x00028339f1b4b667,0x0004ab214b8ae37b,0x00025f0aefa0b0fe,0x0007ae2ca8a017d2},{0x000017ed0920b962,0x000187e33b53b6fd,0x00055829907a1463,0x000641f248e0a792,0x0001ed1fc53a6622}}
};
#endif /* defined(ED25519_64BIT) */

18
ed25519/ed25519-donna/ed25519-donna-impl-base.h
View file

@ -1,3 +1,5 @@
#if !defined(ED25519_SSE2)
/*
conversions
*/
@ -6,15 +8,15 @@ DONNA_INLINE static void
ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) {
curve25519_mul(r->x, p->x, p->t);
curve25519_mul(r->y, p->y, p->z);
curve25519_mul(r->z, p->z, p->t);
curve25519_mul(r->z, p->z, p->t);
}
DONNA_INLINE static void
ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) {
curve25519_mul(r->x, p->x, p->t);
curve25519_mul(r->y, p->y, p->z);
curve25519_mul(r->z, p->z, p->t);
curve25519_mul(r->t, p->x, p->y);
curve25519_mul(r->z, p->z, p->t);
curve25519_mul(r->t, p->x, p->y);
}
static void
@ -188,13 +190,12 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) {
r[31] ^= ((parity[0] & 1) << 7);
}
// assumes inz[] points to things in in[]
// NOTE: leaves in unfinished state
static void
ge25519_batchpack_destructive_1(bytes32 out[], ge25519 in[], bignum25519 *inz[], bignum25519 tmp[], size_t num) {
ge25519_batchpack_destructive_1(bytes32 *out, ge25519 *in, bignum25519 *tmp, size_t num) {
bignum25519 ty;
curve25519_batchrecip(inz, tmp, inz, num);
curve25519_batchrecip(&in->z, &in->z, tmp, num, sizeof(ge25519));
for (size_t i = 0; i < num; ++i) {
curve25519_mul(ty, in[i].y, in[i].z);
@ -274,7 +275,7 @@ ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
#define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2))
/* computes [s1]p1 + [s2]basepoint */
static void
static void
ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
signed char slide1[256], slide2[256];
ge25519_pniels pre1[S1_TABLE_SIZE];
@ -369,7 +370,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96]
curve25519_add_reduce(r->y, t.xaddy, t.ysubx);
memset(r->z, 0, sizeof(bignum25519));
curve25519_copy(r->t, t.t2d);
r->z[0] = 2;
r->z[0] = 2;
for (i = 3; i < 64; i += 2) {
ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]);
ge25519_nielsadd2(r, &t);
@ -387,3 +388,4 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96]
}
}
#endif /* !defined(ED25519_SSE2) */

12
ed25519/ed25519-donna/ed25519-donna-impl-sse2.h
View file

@ -1,3 +1,5 @@
#if defined(ED25519_SSE2)
/*
conversions
*/
@ -12,7 +14,7 @@ ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) {
curve25519_untangle64(r->x, r->z, xzout);
}
static void
static void
ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) {
packed64bignum25519 ALIGN(16) zy, xt, xx, zz, ty;
curve25519_tangle64(ty, p->t, p->y);
@ -220,10 +222,10 @@ ge25519_pack(unsigned char r[32], const ge25519 *p) {
// assumes inz[] points to things in in[]
// NOTE: leaves in unfinished state
static void
ge25519_batchpack_destructive_1(bytes32 out[], ge25519 in[], bignum25519 *inz[], bignum25519 tmp[], size_t num) {
ge25519_batchpack_destructive_1(bytes32 *out, ge25519 *in, bignum25519 *tmp, size_t num) {
bignum25519 ALIGN(16) ty;
curve25519_batchrecip(inz, tmp, inz, num);
curve25519_batchrecip(&in->z, &in->z, tmp, num, sizeof(ge25519));
for (size_t i = 0; i < num; ++i) {
curve25519_mul(ty, in[i].y, in[i].z);
@ -393,7 +395,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bi
ge25519_scalarmult_base_choose_niels(&t, table, 0, b[1]);
curve25519_sub_reduce(r->x, t.xaddy, t.ysubx);
curve25519_add_reduce(r->y, t.xaddy, t.ysubx);
memset(r->z, 0, sizeof(bignum25519));
memset(r->z, 0, sizeof(bignum25519));
r->z[0] = 2;
curve25519_copy(r->t, t.t2d);
for (i = 3; i < 64; i += 2) {
@ -412,3 +414,5 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bi
ge25519_nielsadd2(r, &t);
}
}
#endif /* defined(ED25519_SSE2) */

Some files were not shown because too many files have changed in this diff Show more