diff options
Diffstat (limited to 'vendor/golang.org/x/crypto/curve25519')
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/const_amd64.h | 8 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/const_amd64.s | 20 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/cswap_amd64.s | 88 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/curve25519.go | 841 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/doc.go | 23 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/freeze_amd64.s | 73 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s | 1377 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go | 240 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/mul_amd64.s | 169 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/curve25519/square_amd64.s | 132 |
10 files changed, 2971 insertions, 0 deletions
diff --git a/vendor/golang.org/x/crypto/curve25519/const_amd64.h b/vendor/golang.org/x/crypto/curve25519/const_amd64.h new file mode 100644 index 0000000..80ad222 --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/const_amd64.h | |||
@@ -0,0 +1,8 @@ | |||
1 | // Copyright 2012 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // This code was translated into a form compatible with 6a from the public | ||
6 | // domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html | ||
7 | |||
8 | #define REDMASK51 0x0007FFFFFFFFFFFF | ||
diff --git a/vendor/golang.org/x/crypto/curve25519/const_amd64.s b/vendor/golang.org/x/crypto/curve25519/const_amd64.s new file mode 100644 index 0000000..0ad5398 --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/const_amd64.s | |||
@@ -0,0 +1,20 @@ | |||
1 | // Copyright 2012 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // This code was translated into a form compatible with 6a from the public | ||
6 | // domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html | ||
7 | |||
8 | // +build amd64,!gccgo,!appengine | ||
9 | |||
10 | // These constants cannot be encoded in non-MOVQ immediates. | ||
11 | // We access them directly from memory instead. | ||
12 | |||
13 | DATA ·_121666_213(SB)/8, $996687872 | ||
14 | GLOBL ·_121666_213(SB), 8, $8 | ||
15 | |||
16 | DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA | ||
17 | GLOBL ·_2P0(SB), 8, $8 | ||
18 | |||
19 | DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE | ||
20 | GLOBL ·_2P1234(SB), 8, $8 | ||
diff --git a/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s b/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s new file mode 100644 index 0000000..45484d1 --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s | |||
@@ -0,0 +1,88 @@ | |||
1 | // Copyright 2012 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // This code was translated into a form compatible with 6a from the public | ||
6 | // domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html | ||
7 | |||
8 | // +build amd64,!gccgo,!appengine | ||
9 | |||
10 | // func cswap(inout *[5]uint64, v uint64) | ||
11 | TEXT ·cswap(SB),7,$0 | ||
12 | MOVQ inout+0(FP),DI | ||
13 | MOVQ v+8(FP),SI | ||
14 | |||
15 | CMPQ SI,$1 | ||
16 | MOVQ 0(DI),SI | ||
17 | MOVQ 80(DI),DX | ||
18 | MOVQ 8(DI),CX | ||
19 | MOVQ 88(DI),R8 | ||
20 | MOVQ SI,R9 | ||
21 | CMOVQEQ DX,SI | ||
22 | CMOVQEQ R9,DX | ||
23 | MOVQ CX,R9 | ||
24 | CMOVQEQ R8,CX | ||
25 | CMOVQEQ R9,R8 | ||
26 | MOVQ SI,0(DI) | ||
27 | MOVQ DX,80(DI) | ||
28 | MOVQ CX,8(DI) | ||
29 | MOVQ R8,88(DI) | ||
30 | MOVQ 16(DI),SI | ||
31 | MOVQ 96(DI),DX | ||
32 | MOVQ 24(DI),CX | ||
33 | MOVQ 104(DI),R8 | ||
34 | MOVQ SI,R9 | ||
35 | CMOVQEQ DX,SI | ||
36 | CMOVQEQ R9,DX | ||
37 | MOVQ CX,R9 | ||
38 | CMOVQEQ R8,CX | ||
39 | CMOVQEQ R9,R8 | ||
40 | MOVQ SI,16(DI) | ||
41 | MOVQ DX,96(DI) | ||
42 | MOVQ CX,24(DI) | ||
43 | MOVQ R8,104(DI) | ||
44 | MOVQ 32(DI),SI | ||
45 | MOVQ 112(DI),DX | ||
46 | MOVQ 40(DI),CX | ||
47 | MOVQ 120(DI),R8 | ||
48 | MOVQ SI,R9 | ||
49 | CMOVQEQ DX,SI | ||
50 | CMOVQEQ R9,DX | ||
51 | MOVQ CX,R9 | ||
52 | CMOVQEQ R8,CX | ||
53 | CMOVQEQ R9,R8 | ||
54 | MOVQ SI,32(DI) | ||
55 | MOVQ DX,112(DI) | ||
56 | MOVQ CX,40(DI) | ||
57 | MOVQ R8,120(DI) | ||
58 | MOVQ 48(DI),SI | ||
59 | MOVQ 128(DI),DX | ||
60 | MOVQ 56(DI),CX | ||
61 | MOVQ 136(DI),R8 | ||
62 | MOVQ SI,R9 | ||
63 | CMOVQEQ DX,SI | ||
64 | CMOVQEQ R9,DX | ||
65 | MOVQ CX,R9 | ||
66 | CMOVQEQ R8,CX | ||
67 | CMOVQEQ R9,R8 | ||
68 | MOVQ SI,48(DI) | ||
69 | MOVQ DX,128(DI) | ||
70 | MOVQ CX,56(DI) | ||
71 | MOVQ R8,136(DI) | ||
72 | MOVQ 64(DI),SI | ||
73 | MOVQ 144(DI),DX | ||
74 | MOVQ 72(DI),CX | ||
75 | MOVQ 152(DI),R8 | ||
76 | MOVQ SI,R9 | ||
77 | CMOVQEQ DX,SI | ||
78 | CMOVQEQ R9,DX | ||
79 | MOVQ CX,R9 | ||
80 | CMOVQEQ R8,CX | ||
81 | CMOVQEQ R9,R8 | ||
82 | MOVQ SI,64(DI) | ||
83 | MOVQ DX,144(DI) | ||
84 | MOVQ CX,72(DI) | ||
85 | MOVQ R8,152(DI) | ||
86 | MOVQ DI,AX | ||
87 | MOVQ SI,DX | ||
88 | RET | ||
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519.go b/vendor/golang.org/x/crypto/curve25519/curve25519.go new file mode 100644 index 0000000..6918c47 --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/curve25519.go | |||
@@ -0,0 +1,841 @@ | |||
1 | // Copyright 2013 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // We have a implementation in amd64 assembly so this code is only run on | ||
6 | // non-amd64 platforms. The amd64 assembly does not support gccgo. | ||
7 | // +build !amd64 gccgo appengine | ||
8 | |||
9 | package curve25519 | ||
10 | |||
11 | // This code is a port of the public domain, "ref10" implementation of | ||
12 | // curve25519 from SUPERCOP 20130419 by D. J. Bernstein. | ||
13 | |||
14 | // fieldElement represents an element of the field GF(2^255 - 19). An element | ||
15 | // t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77 | ||
16 | // t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on | ||
17 | // context. | ||
18 | type fieldElement [10]int32 | ||
19 | |||
20 | func feZero(fe *fieldElement) { | ||
21 | for i := range fe { | ||
22 | fe[i] = 0 | ||
23 | } | ||
24 | } | ||
25 | |||
26 | func feOne(fe *fieldElement) { | ||
27 | feZero(fe) | ||
28 | fe[0] = 1 | ||
29 | } | ||
30 | |||
31 | func feAdd(dst, a, b *fieldElement) { | ||
32 | for i := range dst { | ||
33 | dst[i] = a[i] + b[i] | ||
34 | } | ||
35 | } | ||
36 | |||
37 | func feSub(dst, a, b *fieldElement) { | ||
38 | for i := range dst { | ||
39 | dst[i] = a[i] - b[i] | ||
40 | } | ||
41 | } | ||
42 | |||
43 | func feCopy(dst, src *fieldElement) { | ||
44 | for i := range dst { | ||
45 | dst[i] = src[i] | ||
46 | } | ||
47 | } | ||
48 | |||
49 | // feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0. | ||
50 | // | ||
51 | // Preconditions: b in {0,1}. | ||
52 | func feCSwap(f, g *fieldElement, b int32) { | ||
53 | var x fieldElement | ||
54 | b = -b | ||
55 | for i := range x { | ||
56 | x[i] = b & (f[i] ^ g[i]) | ||
57 | } | ||
58 | |||
59 | for i := range f { | ||
60 | f[i] ^= x[i] | ||
61 | } | ||
62 | for i := range g { | ||
63 | g[i] ^= x[i] | ||
64 | } | ||
65 | } | ||
66 | |||
67 | // load3 reads a 24-bit, little-endian value from in. | ||
68 | func load3(in []byte) int64 { | ||
69 | var r int64 | ||
70 | r = int64(in[0]) | ||
71 | r |= int64(in[1]) << 8 | ||
72 | r |= int64(in[2]) << 16 | ||
73 | return r | ||
74 | } | ||
75 | |||
76 | // load4 reads a 32-bit, little-endian value from in. | ||
77 | func load4(in []byte) int64 { | ||
78 | var r int64 | ||
79 | r = int64(in[0]) | ||
80 | r |= int64(in[1]) << 8 | ||
81 | r |= int64(in[2]) << 16 | ||
82 | r |= int64(in[3]) << 24 | ||
83 | return r | ||
84 | } | ||
85 | |||
86 | func feFromBytes(dst *fieldElement, src *[32]byte) { | ||
87 | h0 := load4(src[:]) | ||
88 | h1 := load3(src[4:]) << 6 | ||
89 | h2 := load3(src[7:]) << 5 | ||
90 | h3 := load3(src[10:]) << 3 | ||
91 | h4 := load3(src[13:]) << 2 | ||
92 | h5 := load4(src[16:]) | ||
93 | h6 := load3(src[20:]) << 7 | ||
94 | h7 := load3(src[23:]) << 5 | ||
95 | h8 := load3(src[26:]) << 4 | ||
96 | h9 := load3(src[29:]) << 2 | ||
97 | |||
98 | var carry [10]int64 | ||
99 | carry[9] = (h9 + 1<<24) >> 25 | ||
100 | h0 += carry[9] * 19 | ||
101 | h9 -= carry[9] << 25 | ||
102 | carry[1] = (h1 + 1<<24) >> 25 | ||
103 | h2 += carry[1] | ||
104 | h1 -= carry[1] << 25 | ||
105 | carry[3] = (h3 + 1<<24) >> 25 | ||
106 | h4 += carry[3] | ||
107 | h3 -= carry[3] << 25 | ||
108 | carry[5] = (h5 + 1<<24) >> 25 | ||
109 | h6 += carry[5] | ||
110 | h5 -= carry[5] << 25 | ||
111 | carry[7] = (h7 + 1<<24) >> 25 | ||
112 | h8 += carry[7] | ||
113 | h7 -= carry[7] << 25 | ||
114 | |||
115 | carry[0] = (h0 + 1<<25) >> 26 | ||
116 | h1 += carry[0] | ||
117 | h0 -= carry[0] << 26 | ||
118 | carry[2] = (h2 + 1<<25) >> 26 | ||
119 | h3 += carry[2] | ||
120 | h2 -= carry[2] << 26 | ||
121 | carry[4] = (h4 + 1<<25) >> 26 | ||
122 | h5 += carry[4] | ||
123 | h4 -= carry[4] << 26 | ||
124 | carry[6] = (h6 + 1<<25) >> 26 | ||
125 | h7 += carry[6] | ||
126 | h6 -= carry[6] << 26 | ||
127 | carry[8] = (h8 + 1<<25) >> 26 | ||
128 | h9 += carry[8] | ||
129 | h8 -= carry[8] << 26 | ||
130 | |||
131 | dst[0] = int32(h0) | ||
132 | dst[1] = int32(h1) | ||
133 | dst[2] = int32(h2) | ||
134 | dst[3] = int32(h3) | ||
135 | dst[4] = int32(h4) | ||
136 | dst[5] = int32(h5) | ||
137 | dst[6] = int32(h6) | ||
138 | dst[7] = int32(h7) | ||
139 | dst[8] = int32(h8) | ||
140 | dst[9] = int32(h9) | ||
141 | } | ||
142 | |||
143 | // feToBytes marshals h to s. | ||
144 | // Preconditions: | ||
145 | // |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. | ||
146 | // | ||
147 | // Write p=2^255-19; q=floor(h/p). | ||
148 | // Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))). | ||
149 | // | ||
150 | // Proof: | ||
151 | // Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4. | ||
152 | // Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4. | ||
153 | // | ||
154 | // Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9). | ||
155 | // Then 0<y<1. | ||
156 | // | ||
157 | // Write r=h-pq. | ||
158 | // Have 0<=r<=p-1=2^255-20. | ||
159 | // Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1. | ||
160 | // | ||
161 | // Write x=r+19(2^-255)r+y. | ||
162 | // Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q. | ||
163 | // | ||
164 | // Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1)) | ||
165 | // so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q. | ||
166 | func feToBytes(s *[32]byte, h *fieldElement) { | ||
167 | var carry [10]int32 | ||
168 | |||
169 | q := (19*h[9] + (1 << 24)) >> 25 | ||
170 | q = (h[0] + q) >> 26 | ||
171 | q = (h[1] + q) >> 25 | ||
172 | q = (h[2] + q) >> 26 | ||
173 | q = (h[3] + q) >> 25 | ||
174 | q = (h[4] + q) >> 26 | ||
175 | q = (h[5] + q) >> 25 | ||
176 | q = (h[6] + q) >> 26 | ||
177 | q = (h[7] + q) >> 25 | ||
178 | q = (h[8] + q) >> 26 | ||
179 | q = (h[9] + q) >> 25 | ||
180 | |||
181 | // Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. | ||
182 | h[0] += 19 * q | ||
183 | // Goal: Output h-2^255 q, which is between 0 and 2^255-20. | ||
184 | |||
185 | carry[0] = h[0] >> 26 | ||
186 | h[1] += carry[0] | ||
187 | h[0] -= carry[0] << 26 | ||
188 | carry[1] = h[1] >> 25 | ||
189 | h[2] += carry[1] | ||
190 | h[1] -= carry[1] << 25 | ||
191 | carry[2] = h[2] >> 26 | ||
192 | h[3] += carry[2] | ||
193 | h[2] -= carry[2] << 26 | ||
194 | carry[3] = h[3] >> 25 | ||
195 | h[4] += carry[3] | ||
196 | h[3] -= carry[3] << 25 | ||
197 | carry[4] = h[4] >> 26 | ||
198 | h[5] += carry[4] | ||
199 | h[4] -= carry[4] << 26 | ||
200 | carry[5] = h[5] >> 25 | ||
201 | h[6] += carry[5] | ||
202 | h[5] -= carry[5] << 25 | ||
203 | carry[6] = h[6] >> 26 | ||
204 | h[7] += carry[6] | ||
205 | h[6] -= carry[6] << 26 | ||
206 | carry[7] = h[7] >> 25 | ||
207 | h[8] += carry[7] | ||
208 | h[7] -= carry[7] << 25 | ||
209 | carry[8] = h[8] >> 26 | ||
210 | h[9] += carry[8] | ||
211 | h[8] -= carry[8] << 26 | ||
212 | carry[9] = h[9] >> 25 | ||
213 | h[9] -= carry[9] << 25 | ||
214 | // h10 = carry9 | ||
215 | |||
216 | // Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20. | ||
217 | // Have h[0]+...+2^230 h[9] between 0 and 2^255-1; | ||
218 | // evidently 2^255 h10-2^255 q = 0. | ||
219 | // Goal: Output h[0]+...+2^230 h[9]. | ||
220 | |||
221 | s[0] = byte(h[0] >> 0) | ||
222 | s[1] = byte(h[0] >> 8) | ||
223 | s[2] = byte(h[0] >> 16) | ||
224 | s[3] = byte((h[0] >> 24) | (h[1] << 2)) | ||
225 | s[4] = byte(h[1] >> 6) | ||
226 | s[5] = byte(h[1] >> 14) | ||
227 | s[6] = byte((h[1] >> 22) | (h[2] << 3)) | ||
228 | s[7] = byte(h[2] >> 5) | ||
229 | s[8] = byte(h[2] >> 13) | ||
230 | s[9] = byte((h[2] >> 21) | (h[3] << 5)) | ||
231 | s[10] = byte(h[3] >> 3) | ||
232 | s[11] = byte(h[3] >> 11) | ||
233 | s[12] = byte((h[3] >> 19) | (h[4] << 6)) | ||
234 | s[13] = byte(h[4] >> 2) | ||
235 | s[14] = byte(h[4] >> 10) | ||
236 | s[15] = byte(h[4] >> 18) | ||
237 | s[16] = byte(h[5] >> 0) | ||
238 | s[17] = byte(h[5] >> 8) | ||
239 | s[18] = byte(h[5] >> 16) | ||
240 | s[19] = byte((h[5] >> 24) | (h[6] << 1)) | ||
241 | s[20] = byte(h[6] >> 7) | ||
242 | s[21] = byte(h[6] >> 15) | ||
243 | s[22] = byte((h[6] >> 23) | (h[7] << 3)) | ||
244 | s[23] = byte(h[7] >> 5) | ||
245 | s[24] = byte(h[7] >> 13) | ||
246 | s[25] = byte((h[7] >> 21) | (h[8] << 4)) | ||
247 | s[26] = byte(h[8] >> 4) | ||
248 | s[27] = byte(h[8] >> 12) | ||
249 | s[28] = byte((h[8] >> 20) | (h[9] << 6)) | ||
250 | s[29] = byte(h[9] >> 2) | ||
251 | s[30] = byte(h[9] >> 10) | ||
252 | s[31] = byte(h[9] >> 18) | ||
253 | } | ||
254 | |||
255 | // feMul calculates h = f * g | ||
256 | // Can overlap h with f or g. | ||
257 | // | ||
258 | // Preconditions: | ||
259 | // |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. | ||
260 | // |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. | ||
261 | // | ||
262 | // Postconditions: | ||
263 | // |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. | ||
264 | // | ||
265 | // Notes on implementation strategy: | ||
266 | // | ||
267 | // Using schoolbook multiplication. | ||
268 | // Karatsuba would save a little in some cost models. | ||
269 | // | ||
270 | // Most multiplications by 2 and 19 are 32-bit precomputations; | ||
271 | // cheaper than 64-bit postcomputations. | ||
272 | // | ||
273 | // There is one remaining multiplication by 19 in the carry chain; | ||
274 | // one *19 precomputation can be merged into this, | ||
275 | // but the resulting data flow is considerably less clean. | ||
276 | // | ||
277 | // There are 12 carries below. | ||
278 | // 10 of them are 2-way parallelizable and vectorizable. | ||
279 | // Can get away with 11 carries, but then data flow is much deeper. | ||
280 | // | ||
281 | // With tighter constraints on inputs can squeeze carries into int32. | ||
282 | func feMul(h, f, g *fieldElement) { | ||
283 | f0 := f[0] | ||
284 | f1 := f[1] | ||
285 | f2 := f[2] | ||
286 | f3 := f[3] | ||
287 | f4 := f[4] | ||
288 | f5 := f[5] | ||
289 | f6 := f[6] | ||
290 | f7 := f[7] | ||
291 | f8 := f[8] | ||
292 | f9 := f[9] | ||
293 | g0 := g[0] | ||
294 | g1 := g[1] | ||
295 | g2 := g[2] | ||
296 | g3 := g[3] | ||
297 | g4 := g[4] | ||
298 | g5 := g[5] | ||
299 | g6 := g[6] | ||
300 | g7 := g[7] | ||
301 | g8 := g[8] | ||
302 | g9 := g[9] | ||
303 | g1_19 := 19 * g1 // 1.4*2^29 | ||
304 | g2_19 := 19 * g2 // 1.4*2^30; still ok | ||
305 | g3_19 := 19 * g3 | ||
306 | g4_19 := 19 * g4 | ||
307 | g5_19 := 19 * g5 | ||
308 | g6_19 := 19 * g6 | ||
309 | g7_19 := 19 * g7 | ||
310 | g8_19 := 19 * g8 | ||
311 | g9_19 := 19 * g9 | ||
312 | f1_2 := 2 * f1 | ||
313 | f3_2 := 2 * f3 | ||
314 | f5_2 := 2 * f5 | ||
315 | f7_2 := 2 * f7 | ||
316 | f9_2 := 2 * f9 | ||
317 | f0g0 := int64(f0) * int64(g0) | ||
318 | f0g1 := int64(f0) * int64(g1) | ||
319 | f0g2 := int64(f0) * int64(g2) | ||
320 | f0g3 := int64(f0) * int64(g3) | ||
321 | f0g4 := int64(f0) * int64(g4) | ||
322 | f0g5 := int64(f0) * int64(g5) | ||
323 | f0g6 := int64(f0) * int64(g6) | ||
324 | f0g7 := int64(f0) * int64(g7) | ||
325 | f0g8 := int64(f0) * int64(g8) | ||
326 | f0g9 := int64(f0) * int64(g9) | ||
327 | f1g0 := int64(f1) * int64(g0) | ||
328 | f1g1_2 := int64(f1_2) * int64(g1) | ||
329 | f1g2 := int64(f1) * int64(g2) | ||
330 | f1g3_2 := int64(f1_2) * int64(g3) | ||
331 | f1g4 := int64(f1) * int64(g4) | ||
332 | f1g5_2 := int64(f1_2) * int64(g5) | ||
333 | f1g6 := int64(f1) * int64(g6) | ||
334 | f1g7_2 := int64(f1_2) * int64(g7) | ||
335 | f1g8 := int64(f1) * int64(g8) | ||
336 | f1g9_38 := int64(f1_2) * int64(g9_19) | ||
337 | f2g0 := int64(f2) * int64(g0) | ||
338 | f2g1 := int64(f2) * int64(g1) | ||
339 | f2g2 := int64(f2) * int64(g2) | ||
340 | f2g3 := int64(f2) * int64(g3) | ||
341 | f2g4 := int64(f2) * int64(g4) | ||
342 | f2g5 := int64(f2) * int64(g5) | ||
343 | f2g6 := int64(f2) * int64(g6) | ||
344 | f2g7 := int64(f2) * int64(g7) | ||
345 | f2g8_19 := int64(f2) * int64(g8_19) | ||
346 | f2g9_19 := int64(f2) * int64(g9_19) | ||
347 | f3g0 := int64(f3) * int64(g0) | ||
348 | f3g1_2 := int64(f3_2) * int64(g1) | ||
349 | f3g2 := int64(f3) * int64(g2) | ||
350 | f3g3_2 := int64(f3_2) * int64(g3) | ||
351 | f3g4 := int64(f3) * int64(g4) | ||
352 | f3g5_2 := int64(f3_2) * int64(g5) | ||
353 | f3g6 := int64(f3) * int64(g6) | ||
354 | f3g7_38 := int64(f3_2) * int64(g7_19) | ||
355 | f3g8_19 := int64(f3) * int64(g8_19) | ||
356 | f3g9_38 := int64(f3_2) * int64(g9_19) | ||
357 | f4g0 := int64(f4) * int64(g0) | ||
358 | f4g1 := int64(f4) * int64(g1) | ||
359 | f4g2 := int64(f4) * int64(g2) | ||
360 | f4g3 := int64(f4) * int64(g3) | ||
361 | f4g4 := int64(f4) * int64(g4) | ||
362 | f4g5 := int64(f4) * int64(g5) | ||
363 | f4g6_19 := int64(f4) * int64(g6_19) | ||
364 | f4g7_19 := int64(f4) * int64(g7_19) | ||
365 | f4g8_19 := int64(f4) * int64(g8_19) | ||
366 | f4g9_19 := int64(f4) * int64(g9_19) | ||
367 | f5g0 := int64(f5) * int64(g0) | ||
368 | f5g1_2 := int64(f5_2) * int64(g1) | ||
369 | f5g2 := int64(f5) * int64(g2) | ||
370 | f5g3_2 := int64(f5_2) * int64(g3) | ||
371 | f5g4 := int64(f5) * int64(g4) | ||
372 | f5g5_38 := int64(f5_2) * int64(g5_19) | ||
373 | f5g6_19 := int64(f5) * int64(g6_19) | ||
374 | f5g7_38 := int64(f5_2) * int64(g7_19) | ||
375 | f5g8_19 := int64(f5) * int64(g8_19) | ||
376 | f5g9_38 := int64(f5_2) * int64(g9_19) | ||
377 | f6g0 := int64(f6) * int64(g0) | ||
378 | f6g1 := int64(f6) * int64(g1) | ||
379 | f6g2 := int64(f6) * int64(g2) | ||
380 | f6g3 := int64(f6) * int64(g3) | ||
381 | f6g4_19 := int64(f6) * int64(g4_19) | ||
382 | f6g5_19 := int64(f6) * int64(g5_19) | ||
383 | f6g6_19 := int64(f6) * int64(g6_19) | ||
384 | f6g7_19 := int64(f6) * int64(g7_19) | ||
385 | f6g8_19 := int64(f6) * int64(g8_19) | ||
386 | f6g9_19 := int64(f6) * int64(g9_19) | ||
387 | f7g0 := int64(f7) * int64(g0) | ||
388 | f7g1_2 := int64(f7_2) * int64(g1) | ||
389 | f7g2 := int64(f7) * int64(g2) | ||
390 | f7g3_38 := int64(f7_2) * int64(g3_19) | ||
391 | f7g4_19 := int64(f7) * int64(g4_19) | ||
392 | f7g5_38 := int64(f7_2) * int64(g5_19) | ||
393 | f7g6_19 := int64(f7) * int64(g6_19) | ||
394 | f7g7_38 := int64(f7_2) * int64(g7_19) | ||
395 | f7g8_19 := int64(f7) * int64(g8_19) | ||
396 | f7g9_38 := int64(f7_2) * int64(g9_19) | ||
397 | f8g0 := int64(f8) * int64(g0) | ||
398 | f8g1 := int64(f8) * int64(g1) | ||
399 | f8g2_19 := int64(f8) * int64(g2_19) | ||
400 | f8g3_19 := int64(f8) * int64(g3_19) | ||
401 | f8g4_19 := int64(f8) * int64(g4_19) | ||
402 | f8g5_19 := int64(f8) * int64(g5_19) | ||
403 | f8g6_19 := int64(f8) * int64(g6_19) | ||
404 | f8g7_19 := int64(f8) * int64(g7_19) | ||
405 | f8g8_19 := int64(f8) * int64(g8_19) | ||
406 | f8g9_19 := int64(f8) * int64(g9_19) | ||
407 | f9g0 := int64(f9) * int64(g0) | ||
408 | f9g1_38 := int64(f9_2) * int64(g1_19) | ||
409 | f9g2_19 := int64(f9) * int64(g2_19) | ||
410 | f9g3_38 := int64(f9_2) * int64(g3_19) | ||
411 | f9g4_19 := int64(f9) * int64(g4_19) | ||
412 | f9g5_38 := int64(f9_2) * int64(g5_19) | ||
413 | f9g6_19 := int64(f9) * int64(g6_19) | ||
414 | f9g7_38 := int64(f9_2) * int64(g7_19) | ||
415 | f9g8_19 := int64(f9) * int64(g8_19) | ||
416 | f9g9_38 := int64(f9_2) * int64(g9_19) | ||
417 | h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38 | ||
418 | h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19 | ||
419 | h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38 | ||
420 | h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19 | ||
421 | h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38 | ||
422 | h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19 | ||
423 | h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38 | ||
424 | h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19 | ||
425 | h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38 | ||
426 | h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0 | ||
427 | var carry [10]int64 | ||
428 | |||
429 | // |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38)) | ||
430 | // i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8 | ||
431 | // |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19)) | ||
432 | // i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9 | ||
433 | |||
434 | carry[0] = (h0 + (1 << 25)) >> 26 | ||
435 | h1 += carry[0] | ||
436 | h0 -= carry[0] << 26 | ||
437 | carry[4] = (h4 + (1 << 25)) >> 26 | ||
438 | h5 += carry[4] | ||
439 | h4 -= carry[4] << 26 | ||
440 | // |h0| <= 2^25 | ||
441 | // |h4| <= 2^25 | ||
442 | // |h1| <= 1.51*2^58 | ||
443 | // |h5| <= 1.51*2^58 | ||
444 | |||
445 | carry[1] = (h1 + (1 << 24)) >> 25 | ||
446 | h2 += carry[1] | ||
447 | h1 -= carry[1] << 25 | ||
448 | carry[5] = (h5 + (1 << 24)) >> 25 | ||
449 | h6 += carry[5] | ||
450 | h5 -= carry[5] << 25 | ||
451 | // |h1| <= 2^24; from now on fits into int32 | ||
452 | // |h5| <= 2^24; from now on fits into int32 | ||
453 | // |h2| <= 1.21*2^59 | ||
454 | // |h6| <= 1.21*2^59 | ||
455 | |||
456 | carry[2] = (h2 + (1 << 25)) >> 26 | ||
457 | h3 += carry[2] | ||
458 | h2 -= carry[2] << 26 | ||
459 | carry[6] = (h6 + (1 << 25)) >> 26 | ||
460 | h7 += carry[6] | ||
461 | h6 -= carry[6] << 26 | ||
462 | // |h2| <= 2^25; from now on fits into int32 unchanged | ||
463 | // |h6| <= 2^25; from now on fits into int32 unchanged | ||
464 | // |h3| <= 1.51*2^58 | ||
465 | // |h7| <= 1.51*2^58 | ||
466 | |||
467 | carry[3] = (h3 + (1 << 24)) >> 25 | ||
468 | h4 += carry[3] | ||
469 | h3 -= carry[3] << 25 | ||
470 | carry[7] = (h7 + (1 << 24)) >> 25 | ||
471 | h8 += carry[7] | ||
472 | h7 -= carry[7] << 25 | ||
473 | // |h3| <= 2^24; from now on fits into int32 unchanged | ||
474 | // |h7| <= 2^24; from now on fits into int32 unchanged | ||
475 | // |h4| <= 1.52*2^33 | ||
476 | // |h8| <= 1.52*2^33 | ||
477 | |||
478 | carry[4] = (h4 + (1 << 25)) >> 26 | ||
479 | h5 += carry[4] | ||
480 | h4 -= carry[4] << 26 | ||
481 | carry[8] = (h8 + (1 << 25)) >> 26 | ||
482 | h9 += carry[8] | ||
483 | h8 -= carry[8] << 26 | ||
484 | // |h4| <= 2^25; from now on fits into int32 unchanged | ||
485 | // |h8| <= 2^25; from now on fits into int32 unchanged | ||
486 | // |h5| <= 1.01*2^24 | ||
487 | // |h9| <= 1.51*2^58 | ||
488 | |||
489 | carry[9] = (h9 + (1 << 24)) >> 25 | ||
490 | h0 += carry[9] * 19 | ||
491 | h9 -= carry[9] << 25 | ||
492 | // |h9| <= 2^24; from now on fits into int32 unchanged | ||
493 | // |h0| <= 1.8*2^37 | ||
494 | |||
495 | carry[0] = (h0 + (1 << 25)) >> 26 | ||
496 | h1 += carry[0] | ||
497 | h0 -= carry[0] << 26 | ||
498 | // |h0| <= 2^25; from now on fits into int32 unchanged | ||
499 | // |h1| <= 1.01*2^24 | ||
500 | |||
501 | h[0] = int32(h0) | ||
502 | h[1] = int32(h1) | ||
503 | h[2] = int32(h2) | ||
504 | h[3] = int32(h3) | ||
505 | h[4] = int32(h4) | ||
506 | h[5] = int32(h5) | ||
507 | h[6] = int32(h6) | ||
508 | h[7] = int32(h7) | ||
509 | h[8] = int32(h8) | ||
510 | h[9] = int32(h9) | ||
511 | } | ||
512 | |||
513 | // feSquare calculates h = f*f. Can overlap h with f. | ||
514 | // | ||
515 | // Preconditions: | ||
516 | // |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. | ||
517 | // | ||
518 | // Postconditions: | ||
519 | // |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. | ||
520 | func feSquare(h, f *fieldElement) { | ||
521 | f0 := f[0] | ||
522 | f1 := f[1] | ||
523 | f2 := f[2] | ||
524 | f3 := f[3] | ||
525 | f4 := f[4] | ||
526 | f5 := f[5] | ||
527 | f6 := f[6] | ||
528 | f7 := f[7] | ||
529 | f8 := f[8] | ||
530 | f9 := f[9] | ||
531 | f0_2 := 2 * f0 | ||
532 | f1_2 := 2 * f1 | ||
533 | f2_2 := 2 * f2 | ||
534 | f3_2 := 2 * f3 | ||
535 | f4_2 := 2 * f4 | ||
536 | f5_2 := 2 * f5 | ||
537 | f6_2 := 2 * f6 | ||
538 | f7_2 := 2 * f7 | ||
539 | f5_38 := 38 * f5 // 1.31*2^30 | ||
540 | f6_19 := 19 * f6 // 1.31*2^30 | ||
541 | f7_38 := 38 * f7 // 1.31*2^30 | ||
542 | f8_19 := 19 * f8 // 1.31*2^30 | ||
543 | f9_38 := 38 * f9 // 1.31*2^30 | ||
544 | f0f0 := int64(f0) * int64(f0) | ||
545 | f0f1_2 := int64(f0_2) * int64(f1) | ||
546 | f0f2_2 := int64(f0_2) * int64(f2) | ||
547 | f0f3_2 := int64(f0_2) * int64(f3) | ||
548 | f0f4_2 := int64(f0_2) * int64(f4) | ||
549 | f0f5_2 := int64(f0_2) * int64(f5) | ||
550 | f0f6_2 := int64(f0_2) * int64(f6) | ||
551 | f0f7_2 := int64(f0_2) * int64(f7) | ||
552 | f0f8_2 := int64(f0_2) * int64(f8) | ||
553 | f0f9_2 := int64(f0_2) * int64(f9) | ||
554 | f1f1_2 := int64(f1_2) * int64(f1) | ||
555 | f1f2_2 := int64(f1_2) * int64(f2) | ||
556 | f1f3_4 := int64(f1_2) * int64(f3_2) | ||
557 | f1f4_2 := int64(f1_2) * int64(f4) | ||
558 | f1f5_4 := int64(f1_2) * int64(f5_2) | ||
559 | f1f6_2 := int64(f1_2) * int64(f6) | ||
560 | f1f7_4 := int64(f1_2) * int64(f7_2) | ||
561 | f1f8_2 := int64(f1_2) * int64(f8) | ||
562 | f1f9_76 := int64(f1_2) * int64(f9_38) | ||
563 | f2f2 := int64(f2) * int64(f2) | ||
564 | f2f3_2 := int64(f2_2) * int64(f3) | ||
565 | f2f4_2 := int64(f2_2) * int64(f4) | ||
566 | f2f5_2 := int64(f2_2) * int64(f5) | ||
567 | f2f6_2 := int64(f2_2) * int64(f6) | ||
568 | f2f7_2 := int64(f2_2) * int64(f7) | ||
569 | f2f8_38 := int64(f2_2) * int64(f8_19) | ||
570 | f2f9_38 := int64(f2) * int64(f9_38) | ||
571 | f3f3_2 := int64(f3_2) * int64(f3) | ||
572 | f3f4_2 := int64(f3_2) * int64(f4) | ||
573 | f3f5_4 := int64(f3_2) * int64(f5_2) | ||
574 | f3f6_2 := int64(f3_2) * int64(f6) | ||
575 | f3f7_76 := int64(f3_2) * int64(f7_38) | ||
576 | f3f8_38 := int64(f3_2) * int64(f8_19) | ||
577 | f3f9_76 := int64(f3_2) * int64(f9_38) | ||
578 | f4f4 := int64(f4) * int64(f4) | ||
579 | f4f5_2 := int64(f4_2) * int64(f5) | ||
580 | f4f6_38 := int64(f4_2) * int64(f6_19) | ||
581 | f4f7_38 := int64(f4) * int64(f7_38) | ||
582 | f4f8_38 := int64(f4_2) * int64(f8_19) | ||
583 | f4f9_38 := int64(f4) * int64(f9_38) | ||
584 | f5f5_38 := int64(f5) * int64(f5_38) | ||
585 | f5f6_38 := int64(f5_2) * int64(f6_19) | ||
586 | f5f7_76 := int64(f5_2) * int64(f7_38) | ||
587 | f5f8_38 := int64(f5_2) * int64(f8_19) | ||
588 | f5f9_76 := int64(f5_2) * int64(f9_38) | ||
589 | f6f6_19 := int64(f6) * int64(f6_19) | ||
590 | f6f7_38 := int64(f6) * int64(f7_38) | ||
591 | f6f8_38 := int64(f6_2) * int64(f8_19) | ||
592 | f6f9_38 := int64(f6) * int64(f9_38) | ||
593 | f7f7_38 := int64(f7) * int64(f7_38) | ||
594 | f7f8_38 := int64(f7_2) * int64(f8_19) | ||
595 | f7f9_76 := int64(f7_2) * int64(f9_38) | ||
596 | f8f8_19 := int64(f8) * int64(f8_19) | ||
597 | f8f9_38 := int64(f8) * int64(f9_38) | ||
598 | f9f9_38 := int64(f9) * int64(f9_38) | ||
599 | h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38 | ||
600 | h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38 | ||
601 | h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19 | ||
602 | h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38 | ||
603 | h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38 | ||
604 | h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38 | ||
605 | h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19 | ||
606 | h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38 | ||
607 | h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38 | ||
608 | h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2 | ||
609 | var carry [10]int64 | ||
610 | |||
611 | carry[0] = (h0 + (1 << 25)) >> 26 | ||
612 | h1 += carry[0] | ||
613 | h0 -= carry[0] << 26 | ||
614 | carry[4] = (h4 + (1 << 25)) >> 26 | ||
615 | h5 += carry[4] | ||
616 | h4 -= carry[4] << 26 | ||
617 | |||
618 | carry[1] = (h1 + (1 << 24)) >> 25 | ||
619 | h2 += carry[1] | ||
620 | h1 -= carry[1] << 25 | ||
621 | carry[5] = (h5 + (1 << 24)) >> 25 | ||
622 | h6 += carry[5] | ||
623 | h5 -= carry[5] << 25 | ||
624 | |||
625 | carry[2] = (h2 + (1 << 25)) >> 26 | ||
626 | h3 += carry[2] | ||
627 | h2 -= carry[2] << 26 | ||
628 | carry[6] = (h6 + (1 << 25)) >> 26 | ||
629 | h7 += carry[6] | ||
630 | h6 -= carry[6] << 26 | ||
631 | |||
632 | carry[3] = (h3 + (1 << 24)) >> 25 | ||
633 | h4 += carry[3] | ||
634 | h3 -= carry[3] << 25 | ||
635 | carry[7] = (h7 + (1 << 24)) >> 25 | ||
636 | h8 += carry[7] | ||
637 | h7 -= carry[7] << 25 | ||
638 | |||
639 | carry[4] = (h4 + (1 << 25)) >> 26 | ||
640 | h5 += carry[4] | ||
641 | h4 -= carry[4] << 26 | ||
642 | carry[8] = (h8 + (1 << 25)) >> 26 | ||
643 | h9 += carry[8] | ||
644 | h8 -= carry[8] << 26 | ||
645 | |||
646 | carry[9] = (h9 + (1 << 24)) >> 25 | ||
647 | h0 += carry[9] * 19 | ||
648 | h9 -= carry[9] << 25 | ||
649 | |||
650 | carry[0] = (h0 + (1 << 25)) >> 26 | ||
651 | h1 += carry[0] | ||
652 | h0 -= carry[0] << 26 | ||
653 | |||
654 | h[0] = int32(h0) | ||
655 | h[1] = int32(h1) | ||
656 | h[2] = int32(h2) | ||
657 | h[3] = int32(h3) | ||
658 | h[4] = int32(h4) | ||
659 | h[5] = int32(h5) | ||
660 | h[6] = int32(h6) | ||
661 | h[7] = int32(h7) | ||
662 | h[8] = int32(h8) | ||
663 | h[9] = int32(h9) | ||
664 | } | ||
665 | |||
666 | // feMul121666 calculates h = f * 121666. Can overlap h with f. | ||
667 | // | ||
668 | // Preconditions: | ||
669 | // |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. | ||
670 | // | ||
671 | // Postconditions: | ||
672 | // |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. | ||
673 | func feMul121666(h, f *fieldElement) { | ||
674 | h0 := int64(f[0]) * 121666 | ||
675 | h1 := int64(f[1]) * 121666 | ||
676 | h2 := int64(f[2]) * 121666 | ||
677 | h3 := int64(f[3]) * 121666 | ||
678 | h4 := int64(f[4]) * 121666 | ||
679 | h5 := int64(f[5]) * 121666 | ||
680 | h6 := int64(f[6]) * 121666 | ||
681 | h7 := int64(f[7]) * 121666 | ||
682 | h8 := int64(f[8]) * 121666 | ||
683 | h9 := int64(f[9]) * 121666 | ||
684 | var carry [10]int64 | ||
685 | |||
686 | carry[9] = (h9 + (1 << 24)) >> 25 | ||
687 | h0 += carry[9] * 19 | ||
688 | h9 -= carry[9] << 25 | ||
689 | carry[1] = (h1 + (1 << 24)) >> 25 | ||
690 | h2 += carry[1] | ||
691 | h1 -= carry[1] << 25 | ||
692 | carry[3] = (h3 + (1 << 24)) >> 25 | ||
693 | h4 += carry[3] | ||
694 | h3 -= carry[3] << 25 | ||
695 | carry[5] = (h5 + (1 << 24)) >> 25 | ||
696 | h6 += carry[5] | ||
697 | h5 -= carry[5] << 25 | ||
698 | carry[7] = (h7 + (1 << 24)) >> 25 | ||
699 | h8 += carry[7] | ||
700 | h7 -= carry[7] << 25 | ||
701 | |||
702 | carry[0] = (h0 + (1 << 25)) >> 26 | ||
703 | h1 += carry[0] | ||
704 | h0 -= carry[0] << 26 | ||
705 | carry[2] = (h2 + (1 << 25)) >> 26 | ||
706 | h3 += carry[2] | ||
707 | h2 -= carry[2] << 26 | ||
708 | carry[4] = (h4 + (1 << 25)) >> 26 | ||
709 | h5 += carry[4] | ||
710 | h4 -= carry[4] << 26 | ||
711 | carry[6] = (h6 + (1 << 25)) >> 26 | ||
712 | h7 += carry[6] | ||
713 | h6 -= carry[6] << 26 | ||
714 | carry[8] = (h8 + (1 << 25)) >> 26 | ||
715 | h9 += carry[8] | ||
716 | h8 -= carry[8] << 26 | ||
717 | |||
718 | h[0] = int32(h0) | ||
719 | h[1] = int32(h1) | ||
720 | h[2] = int32(h2) | ||
721 | h[3] = int32(h3) | ||
722 | h[4] = int32(h4) | ||
723 | h[5] = int32(h5) | ||
724 | h[6] = int32(h6) | ||
725 | h[7] = int32(h7) | ||
726 | h[8] = int32(h8) | ||
727 | h[9] = int32(h9) | ||
728 | } | ||
729 | |||
730 | // feInvert sets out = z^-1. | ||
731 | func feInvert(out, z *fieldElement) { | ||
732 | var t0, t1, t2, t3 fieldElement | ||
733 | var i int | ||
734 | |||
735 | feSquare(&t0, z) | ||
736 | for i = 1; i < 1; i++ { | ||
737 | feSquare(&t0, &t0) | ||
738 | } | ||
739 | feSquare(&t1, &t0) | ||
740 | for i = 1; i < 2; i++ { | ||
741 | feSquare(&t1, &t1) | ||
742 | } | ||
743 | feMul(&t1, z, &t1) | ||
744 | feMul(&t0, &t0, &t1) | ||
745 | feSquare(&t2, &t0) | ||
746 | for i = 1; i < 1; i++ { | ||
747 | feSquare(&t2, &t2) | ||
748 | } | ||
749 | feMul(&t1, &t1, &t2) | ||
750 | feSquare(&t2, &t1) | ||
751 | for i = 1; i < 5; i++ { | ||
752 | feSquare(&t2, &t2) | ||
753 | } | ||
754 | feMul(&t1, &t2, &t1) | ||
755 | feSquare(&t2, &t1) | ||
756 | for i = 1; i < 10; i++ { | ||
757 | feSquare(&t2, &t2) | ||
758 | } | ||
759 | feMul(&t2, &t2, &t1) | ||
760 | feSquare(&t3, &t2) | ||
761 | for i = 1; i < 20; i++ { | ||
762 | feSquare(&t3, &t3) | ||
763 | } | ||
764 | feMul(&t2, &t3, &t2) | ||
765 | feSquare(&t2, &t2) | ||
766 | for i = 1; i < 10; i++ { | ||
767 | feSquare(&t2, &t2) | ||
768 | } | ||
769 | feMul(&t1, &t2, &t1) | ||
770 | feSquare(&t2, &t1) | ||
771 | for i = 1; i < 50; i++ { | ||
772 | feSquare(&t2, &t2) | ||
773 | } | ||
774 | feMul(&t2, &t2, &t1) | ||
775 | feSquare(&t3, &t2) | ||
776 | for i = 1; i < 100; i++ { | ||
777 | feSquare(&t3, &t3) | ||
778 | } | ||
779 | feMul(&t2, &t3, &t2) | ||
780 | feSquare(&t2, &t2) | ||
781 | for i = 1; i < 50; i++ { | ||
782 | feSquare(&t2, &t2) | ||
783 | } | ||
784 | feMul(&t1, &t2, &t1) | ||
785 | feSquare(&t1, &t1) | ||
786 | for i = 1; i < 5; i++ { | ||
787 | feSquare(&t1, &t1) | ||
788 | } | ||
789 | feMul(out, &t1, &t0) | ||
790 | } | ||
791 | |||
792 | func scalarMult(out, in, base *[32]byte) { | ||
793 | var e [32]byte | ||
794 | |||
795 | copy(e[:], in[:]) | ||
796 | e[0] &= 248 | ||
797 | e[31] &= 127 | ||
798 | e[31] |= 64 | ||
799 | |||
800 | var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement | ||
801 | feFromBytes(&x1, base) | ||
802 | feOne(&x2) | ||
803 | feCopy(&x3, &x1) | ||
804 | feOne(&z3) | ||
805 | |||
806 | swap := int32(0) | ||
807 | for pos := 254; pos >= 0; pos-- { | ||
808 | b := e[pos/8] >> uint(pos&7) | ||
809 | b &= 1 | ||
810 | swap ^= int32(b) | ||
811 | feCSwap(&x2, &x3, swap) | ||
812 | feCSwap(&z2, &z3, swap) | ||
813 | swap = int32(b) | ||
814 | |||
815 | feSub(&tmp0, &x3, &z3) | ||
816 | feSub(&tmp1, &x2, &z2) | ||
817 | feAdd(&x2, &x2, &z2) | ||
818 | feAdd(&z2, &x3, &z3) | ||
819 | feMul(&z3, &tmp0, &x2) | ||
820 | feMul(&z2, &z2, &tmp1) | ||
821 | feSquare(&tmp0, &tmp1) | ||
822 | feSquare(&tmp1, &x2) | ||
823 | feAdd(&x3, &z3, &z2) | ||
824 | feSub(&z2, &z3, &z2) | ||
825 | feMul(&x2, &tmp1, &tmp0) | ||
826 | feSub(&tmp1, &tmp1, &tmp0) | ||
827 | feSquare(&z2, &z2) | ||
828 | feMul121666(&z3, &tmp1) | ||
829 | feSquare(&x3, &x3) | ||
830 | feAdd(&tmp0, &tmp0, &z3) | ||
831 | feMul(&z3, &x1, &z2) | ||
832 | feMul(&z2, &tmp1, &tmp0) | ||
833 | } | ||
834 | |||
835 | feCSwap(&x2, &x3, swap) | ||
836 | feCSwap(&z2, &z3, swap) | ||
837 | |||
838 | feInvert(&z2, &z2) | ||
839 | feMul(&x2, &x2, &z2) | ||
840 | feToBytes(out, &x2) | ||
841 | } | ||
diff --git a/vendor/golang.org/x/crypto/curve25519/doc.go b/vendor/golang.org/x/crypto/curve25519/doc.go new file mode 100644 index 0000000..ebeea3c --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/doc.go | |||
@@ -0,0 +1,23 @@ | |||
1 | // Copyright 2012 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // Package curve25519 provides an implementation of scalar multiplication on | ||
6 | // the elliptic curve known as curve25519. See http://cr.yp.to/ecdh.html | ||
7 | package curve25519 // import "golang.org/x/crypto/curve25519" | ||
8 | |||
9 | // basePoint is the x coordinate of the generator of the curve. | ||
10 | var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} | ||
11 | |||
12 | // ScalarMult sets dst to the product in*base where dst and base are the x | ||
13 | // coordinates of group points and all values are in little-endian form. | ||
14 | func ScalarMult(dst, in, base *[32]byte) { | ||
15 | scalarMult(dst, in, base) | ||
16 | } | ||
17 | |||
18 | // ScalarBaseMult sets dst to the product in*base where dst and base are the x | ||
19 | // coordinates of group points, base is the standard generator and all values | ||
20 | // are in little-endian form. | ||
21 | func ScalarBaseMult(dst, in *[32]byte) { | ||
22 | ScalarMult(dst, in, &basePoint) | ||
23 | } | ||
diff --git a/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s b/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s new file mode 100644 index 0000000..536479b --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s | |||
@@ -0,0 +1,73 @@ | |||
1 | // Copyright 2012 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // This code was translated into a form compatible with 6a from the public | ||
6 | // domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html | ||
7 | |||
8 | // +build amd64,!gccgo,!appengine | ||
9 | |||
10 | #include "const_amd64.h" | ||
11 | |||
12 | // func freeze(inout *[5]uint64) | ||
13 | TEXT ·freeze(SB),7,$0-8 | ||
14 | MOVQ inout+0(FP), DI | ||
15 | |||
16 | MOVQ 0(DI),SI | ||
17 | MOVQ 8(DI),DX | ||
18 | MOVQ 16(DI),CX | ||
19 | MOVQ 24(DI),R8 | ||
20 | MOVQ 32(DI),R9 | ||
21 | MOVQ $REDMASK51,AX | ||
22 | MOVQ AX,R10 | ||
23 | SUBQ $18,R10 | ||
24 | MOVQ $3,R11 | ||
25 | REDUCELOOP: | ||
26 | MOVQ SI,R12 | ||
27 | SHRQ $51,R12 | ||
28 | ANDQ AX,SI | ||
29 | ADDQ R12,DX | ||
30 | MOVQ DX,R12 | ||
31 | SHRQ $51,R12 | ||
32 | ANDQ AX,DX | ||
33 | ADDQ R12,CX | ||
34 | MOVQ CX,R12 | ||
35 | SHRQ $51,R12 | ||
36 | ANDQ AX,CX | ||
37 | ADDQ R12,R8 | ||
38 | MOVQ R8,R12 | ||
39 | SHRQ $51,R12 | ||
40 | ANDQ AX,R8 | ||
41 | ADDQ R12,R9 | ||
42 | MOVQ R9,R12 | ||
43 | SHRQ $51,R12 | ||
44 | ANDQ AX,R9 | ||
45 | IMUL3Q $19,R12,R12 | ||
46 | ADDQ R12,SI | ||
47 | SUBQ $1,R11 | ||
48 | JA REDUCELOOP | ||
49 | MOVQ $1,R12 | ||
50 | CMPQ R10,SI | ||
51 | CMOVQLT R11,R12 | ||
52 | CMPQ AX,DX | ||
53 | CMOVQNE R11,R12 | ||
54 | CMPQ AX,CX | ||
55 | CMOVQNE R11,R12 | ||
56 | CMPQ AX,R8 | ||
57 | CMOVQNE R11,R12 | ||
58 | CMPQ AX,R9 | ||
59 | CMOVQNE R11,R12 | ||
60 | NEGQ R12 | ||
61 | ANDQ R12,AX | ||
62 | ANDQ R12,R10 | ||
63 | SUBQ R10,SI | ||
64 | SUBQ AX,DX | ||
65 | SUBQ AX,CX | ||
66 | SUBQ AX,R8 | ||
67 | SUBQ AX,R9 | ||
68 | MOVQ SI,0(DI) | ||
69 | MOVQ DX,8(DI) | ||
70 | MOVQ CX,16(DI) | ||
71 | MOVQ R8,24(DI) | ||
72 | MOVQ R9,32(DI) | ||
73 | RET | ||
diff --git a/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s b/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s new file mode 100644 index 0000000..7074e5c --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s | |||
@@ -0,0 +1,1377 @@ | |||
1 | // Copyright 2012 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // This code was translated into a form compatible with 6a from the public | ||
6 | // domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html | ||
7 | |||
8 | // +build amd64,!gccgo,!appengine | ||
9 | |||
10 | #include "const_amd64.h" | ||
11 | |||
12 | // func ladderstep(inout *[5][5]uint64) | ||
13 | TEXT ·ladderstep(SB),0,$296-8 | ||
14 | MOVQ inout+0(FP),DI | ||
15 | |||
16 | MOVQ 40(DI),SI | ||
17 | MOVQ 48(DI),DX | ||
18 | MOVQ 56(DI),CX | ||
19 | MOVQ 64(DI),R8 | ||
20 | MOVQ 72(DI),R9 | ||
21 | MOVQ SI,AX | ||
22 | MOVQ DX,R10 | ||
23 | MOVQ CX,R11 | ||
24 | MOVQ R8,R12 | ||
25 | MOVQ R9,R13 | ||
26 | ADDQ ·_2P0(SB),AX | ||
27 | ADDQ ·_2P1234(SB),R10 | ||
28 | ADDQ ·_2P1234(SB),R11 | ||
29 | ADDQ ·_2P1234(SB),R12 | ||
30 | ADDQ ·_2P1234(SB),R13 | ||
31 | ADDQ 80(DI),SI | ||
32 | ADDQ 88(DI),DX | ||
33 | ADDQ 96(DI),CX | ||
34 | ADDQ 104(DI),R8 | ||
35 | ADDQ 112(DI),R9 | ||
36 | SUBQ 80(DI),AX | ||
37 | SUBQ 88(DI),R10 | ||
38 | SUBQ 96(DI),R11 | ||
39 | SUBQ 104(DI),R12 | ||
40 | SUBQ 112(DI),R13 | ||
41 | MOVQ SI,0(SP) | ||
42 | MOVQ DX,8(SP) | ||
43 | MOVQ CX,16(SP) | ||
44 | MOVQ R8,24(SP) | ||
45 | MOVQ R9,32(SP) | ||
46 | MOVQ AX,40(SP) | ||
47 | MOVQ R10,48(SP) | ||
48 | MOVQ R11,56(SP) | ||
49 | MOVQ R12,64(SP) | ||
50 | MOVQ R13,72(SP) | ||
51 | MOVQ 40(SP),AX | ||
52 | MULQ 40(SP) | ||
53 | MOVQ AX,SI | ||
54 | MOVQ DX,CX | ||
55 | MOVQ 40(SP),AX | ||
56 | SHLQ $1,AX | ||
57 | MULQ 48(SP) | ||
58 | MOVQ AX,R8 | ||
59 | MOVQ DX,R9 | ||
60 | MOVQ 40(SP),AX | ||
61 | SHLQ $1,AX | ||
62 | MULQ 56(SP) | ||
63 | MOVQ AX,R10 | ||
64 | MOVQ DX,R11 | ||
65 | MOVQ 40(SP),AX | ||
66 | SHLQ $1,AX | ||
67 | MULQ 64(SP) | ||
68 | MOVQ AX,R12 | ||
69 | MOVQ DX,R13 | ||
70 | MOVQ 40(SP),AX | ||
71 | SHLQ $1,AX | ||
72 | MULQ 72(SP) | ||
73 | MOVQ AX,R14 | ||
74 | MOVQ DX,R15 | ||
75 | MOVQ 48(SP),AX | ||
76 | MULQ 48(SP) | ||
77 | ADDQ AX,R10 | ||
78 | ADCQ DX,R11 | ||
79 | MOVQ 48(SP),AX | ||
80 | SHLQ $1,AX | ||
81 | MULQ 56(SP) | ||
82 | ADDQ AX,R12 | ||
83 | ADCQ DX,R13 | ||
84 | MOVQ 48(SP),AX | ||
85 | SHLQ $1,AX | ||
86 | MULQ 64(SP) | ||
87 | ADDQ AX,R14 | ||
88 | ADCQ DX,R15 | ||
89 | MOVQ 48(SP),DX | ||
90 | IMUL3Q $38,DX,AX | ||
91 | MULQ 72(SP) | ||
92 | ADDQ AX,SI | ||
93 | ADCQ DX,CX | ||
94 | MOVQ 56(SP),AX | ||
95 | MULQ 56(SP) | ||
96 | ADDQ AX,R14 | ||
97 | ADCQ DX,R15 | ||
98 | MOVQ 56(SP),DX | ||
99 | IMUL3Q $38,DX,AX | ||
100 | MULQ 64(SP) | ||
101 | ADDQ AX,SI | ||
102 | ADCQ DX,CX | ||
103 | MOVQ 56(SP),DX | ||
104 | IMUL3Q $38,DX,AX | ||
105 | MULQ 72(SP) | ||
106 | ADDQ AX,R8 | ||
107 | ADCQ DX,R9 | ||
108 | MOVQ 64(SP),DX | ||
109 | IMUL3Q $19,DX,AX | ||
110 | MULQ 64(SP) | ||
111 | ADDQ AX,R8 | ||
112 | ADCQ DX,R9 | ||
113 | MOVQ 64(SP),DX | ||
114 | IMUL3Q $38,DX,AX | ||
115 | MULQ 72(SP) | ||
116 | ADDQ AX,R10 | ||
117 | ADCQ DX,R11 | ||
118 | MOVQ 72(SP),DX | ||
119 | IMUL3Q $19,DX,AX | ||
120 | MULQ 72(SP) | ||
121 | ADDQ AX,R12 | ||
122 | ADCQ DX,R13 | ||
123 | MOVQ $REDMASK51,DX | ||
124 | SHLQ $13,CX:SI | ||
125 | ANDQ DX,SI | ||
126 | SHLQ $13,R9:R8 | ||
127 | ANDQ DX,R8 | ||
128 | ADDQ CX,R8 | ||
129 | SHLQ $13,R11:R10 | ||
130 | ANDQ DX,R10 | ||
131 | ADDQ R9,R10 | ||
132 | SHLQ $13,R13:R12 | ||
133 | ANDQ DX,R12 | ||
134 | ADDQ R11,R12 | ||
135 | SHLQ $13,R15:R14 | ||
136 | ANDQ DX,R14 | ||
137 | ADDQ R13,R14 | ||
138 | IMUL3Q $19,R15,CX | ||
139 | ADDQ CX,SI | ||
140 | MOVQ SI,CX | ||
141 | SHRQ $51,CX | ||
142 | ADDQ R8,CX | ||
143 | ANDQ DX,SI | ||
144 | MOVQ CX,R8 | ||
145 | SHRQ $51,CX | ||
146 | ADDQ R10,CX | ||
147 | ANDQ DX,R8 | ||
148 | MOVQ CX,R9 | ||
149 | SHRQ $51,CX | ||
150 | ADDQ R12,CX | ||
151 | ANDQ DX,R9 | ||
152 | MOVQ CX,AX | ||
153 | SHRQ $51,CX | ||
154 | ADDQ R14,CX | ||
155 | ANDQ DX,AX | ||
156 | MOVQ CX,R10 | ||
157 | SHRQ $51,CX | ||
158 | IMUL3Q $19,CX,CX | ||
159 | ADDQ CX,SI | ||
160 | ANDQ DX,R10 | ||
161 | MOVQ SI,80(SP) | ||
162 | MOVQ R8,88(SP) | ||
163 | MOVQ R9,96(SP) | ||
164 | MOVQ AX,104(SP) | ||
165 | MOVQ R10,112(SP) | ||
166 | MOVQ 0(SP),AX | ||
167 | MULQ 0(SP) | ||
168 | MOVQ AX,SI | ||
169 | MOVQ DX,CX | ||
170 | MOVQ 0(SP),AX | ||
171 | SHLQ $1,AX | ||
172 | MULQ 8(SP) | ||
173 | MOVQ AX,R8 | ||
174 | MOVQ DX,R9 | ||
175 | MOVQ 0(SP),AX | ||
176 | SHLQ $1,AX | ||
177 | MULQ 16(SP) | ||
178 | MOVQ AX,R10 | ||
179 | MOVQ DX,R11 | ||
180 | MOVQ 0(SP),AX | ||
181 | SHLQ $1,AX | ||
182 | MULQ 24(SP) | ||
183 | MOVQ AX,R12 | ||
184 | MOVQ DX,R13 | ||
185 | MOVQ 0(SP),AX | ||
186 | SHLQ $1,AX | ||
187 | MULQ 32(SP) | ||
188 | MOVQ AX,R14 | ||
189 | MOVQ DX,R15 | ||
190 | MOVQ 8(SP),AX | ||
191 | MULQ 8(SP) | ||
192 | ADDQ AX,R10 | ||
193 | ADCQ DX,R11 | ||
194 | MOVQ 8(SP),AX | ||
195 | SHLQ $1,AX | ||
196 | MULQ 16(SP) | ||
197 | ADDQ AX,R12 | ||
198 | ADCQ DX,R13 | ||
199 | MOVQ 8(SP),AX | ||
200 | SHLQ $1,AX | ||
201 | MULQ 24(SP) | ||
202 | ADDQ AX,R14 | ||
203 | ADCQ DX,R15 | ||
204 | MOVQ 8(SP),DX | ||
205 | IMUL3Q $38,DX,AX | ||
206 | MULQ 32(SP) | ||
207 | ADDQ AX,SI | ||
208 | ADCQ DX,CX | ||
209 | MOVQ 16(SP),AX | ||
210 | MULQ 16(SP) | ||
211 | ADDQ AX,R14 | ||
212 | ADCQ DX,R15 | ||
213 | MOVQ 16(SP),DX | ||
214 | IMUL3Q $38,DX,AX | ||
215 | MULQ 24(SP) | ||
216 | ADDQ AX,SI | ||
217 | ADCQ DX,CX | ||
218 | MOVQ 16(SP),DX | ||
219 | IMUL3Q $38,DX,AX | ||
220 | MULQ 32(SP) | ||
221 | ADDQ AX,R8 | ||
222 | ADCQ DX,R9 | ||
223 | MOVQ 24(SP),DX | ||
224 | IMUL3Q $19,DX,AX | ||
225 | MULQ 24(SP) | ||
226 | ADDQ AX,R8 | ||
227 | ADCQ DX,R9 | ||
228 | MOVQ 24(SP),DX | ||
229 | IMUL3Q $38,DX,AX | ||
230 | MULQ 32(SP) | ||
231 | ADDQ AX,R10 | ||
232 | ADCQ DX,R11 | ||
233 | MOVQ 32(SP),DX | ||
234 | IMUL3Q $19,DX,AX | ||
235 | MULQ 32(SP) | ||
236 | ADDQ AX,R12 | ||
237 | ADCQ DX,R13 | ||
238 | MOVQ $REDMASK51,DX | ||
239 | SHLQ $13,CX:SI | ||
240 | ANDQ DX,SI | ||
241 | SHLQ $13,R9:R8 | ||
242 | ANDQ DX,R8 | ||
243 | ADDQ CX,R8 | ||
244 | SHLQ $13,R11:R10 | ||
245 | ANDQ DX,R10 | ||
246 | ADDQ R9,R10 | ||
247 | SHLQ $13,R13:R12 | ||
248 | ANDQ DX,R12 | ||
249 | ADDQ R11,R12 | ||
250 | SHLQ $13,R15:R14 | ||
251 | ANDQ DX,R14 | ||
252 | ADDQ R13,R14 | ||
253 | IMUL3Q $19,R15,CX | ||
254 | ADDQ CX,SI | ||
255 | MOVQ SI,CX | ||
256 | SHRQ $51,CX | ||
257 | ADDQ R8,CX | ||
258 | ANDQ DX,SI | ||
259 | MOVQ CX,R8 | ||
260 | SHRQ $51,CX | ||
261 | ADDQ R10,CX | ||
262 | ANDQ DX,R8 | ||
263 | MOVQ CX,R9 | ||
264 | SHRQ $51,CX | ||
265 | ADDQ R12,CX | ||
266 | ANDQ DX,R9 | ||
267 | MOVQ CX,AX | ||
268 | SHRQ $51,CX | ||
269 | ADDQ R14,CX | ||
270 | ANDQ DX,AX | ||
271 | MOVQ CX,R10 | ||
272 | SHRQ $51,CX | ||
273 | IMUL3Q $19,CX,CX | ||
274 | ADDQ CX,SI | ||
275 | ANDQ DX,R10 | ||
276 | MOVQ SI,120(SP) | ||
277 | MOVQ R8,128(SP) | ||
278 | MOVQ R9,136(SP) | ||
279 | MOVQ AX,144(SP) | ||
280 | MOVQ R10,152(SP) | ||
281 | MOVQ SI,SI | ||
282 | MOVQ R8,DX | ||
283 | MOVQ R9,CX | ||
284 | MOVQ AX,R8 | ||
285 | MOVQ R10,R9 | ||
286 | ADDQ ·_2P0(SB),SI | ||
287 | ADDQ ·_2P1234(SB),DX | ||
288 | ADDQ ·_2P1234(SB),CX | ||
289 | ADDQ ·_2P1234(SB),R8 | ||
290 | ADDQ ·_2P1234(SB),R9 | ||
291 | SUBQ 80(SP),SI | ||
292 | SUBQ 88(SP),DX | ||
293 | SUBQ 96(SP),CX | ||
294 | SUBQ 104(SP),R8 | ||
295 | SUBQ 112(SP),R9 | ||
296 | MOVQ SI,160(SP) | ||
297 | MOVQ DX,168(SP) | ||
298 | MOVQ CX,176(SP) | ||
299 | MOVQ R8,184(SP) | ||
300 | MOVQ R9,192(SP) | ||
301 | MOVQ 120(DI),SI | ||
302 | MOVQ 128(DI),DX | ||
303 | MOVQ 136(DI),CX | ||
304 | MOVQ 144(DI),R8 | ||
305 | MOVQ 152(DI),R9 | ||
306 | MOVQ SI,AX | ||
307 | MOVQ DX,R10 | ||
308 | MOVQ CX,R11 | ||
309 | MOVQ R8,R12 | ||
310 | MOVQ R9,R13 | ||
311 | ADDQ ·_2P0(SB),AX | ||
312 | ADDQ ·_2P1234(SB),R10 | ||
313 | ADDQ ·_2P1234(SB),R11 | ||
314 | ADDQ ·_2P1234(SB),R12 | ||
315 | ADDQ ·_2P1234(SB),R13 | ||
316 | ADDQ 160(DI),SI | ||
317 | ADDQ 168(DI),DX | ||
318 | ADDQ 176(DI),CX | ||
319 | ADDQ 184(DI),R8 | ||
320 | ADDQ 192(DI),R9 | ||
321 | SUBQ 160(DI),AX | ||
322 | SUBQ 168(DI),R10 | ||
323 | SUBQ 176(DI),R11 | ||
324 | SUBQ 184(DI),R12 | ||
325 | SUBQ 192(DI),R13 | ||
326 | MOVQ SI,200(SP) | ||
327 | MOVQ DX,208(SP) | ||
328 | MOVQ CX,216(SP) | ||
329 | MOVQ R8,224(SP) | ||
330 | MOVQ R9,232(SP) | ||
331 | MOVQ AX,240(SP) | ||
332 | MOVQ R10,248(SP) | ||
333 | MOVQ R11,256(SP) | ||
334 | MOVQ R12,264(SP) | ||
335 | MOVQ R13,272(SP) | ||
336 | MOVQ 224(SP),SI | ||
337 | IMUL3Q $19,SI,AX | ||
338 | MOVQ AX,280(SP) | ||
339 | MULQ 56(SP) | ||
340 | MOVQ AX,SI | ||
341 | MOVQ DX,CX | ||
342 | MOVQ 232(SP),DX | ||
343 | IMUL3Q $19,DX,AX | ||
344 | MOVQ AX,288(SP) | ||
345 | MULQ 48(SP) | ||
346 | ADDQ AX,SI | ||
347 | ADCQ DX,CX | ||
348 | MOVQ 200(SP),AX | ||
349 | MULQ 40(SP) | ||
350 | ADDQ AX,SI | ||
351 | ADCQ DX,CX | ||
352 | MOVQ 200(SP),AX | ||
353 | MULQ 48(SP) | ||
354 | MOVQ AX,R8 | ||
355 | MOVQ DX,R9 | ||
356 | MOVQ 200(SP),AX | ||
357 | MULQ 56(SP) | ||
358 | MOVQ AX,R10 | ||
359 | MOVQ DX,R11 | ||
360 | MOVQ 200(SP),AX | ||
361 | MULQ 64(SP) | ||
362 | MOVQ AX,R12 | ||
363 | MOVQ DX,R13 | ||
364 | MOVQ 200(SP),AX | ||
365 | MULQ 72(SP) | ||
366 | MOVQ AX,R14 | ||
367 | MOVQ DX,R15 | ||
368 | MOVQ 208(SP),AX | ||
369 | MULQ 40(SP) | ||
370 | ADDQ AX,R8 | ||
371 | ADCQ DX,R9 | ||
372 | MOVQ 208(SP),AX | ||
373 | MULQ 48(SP) | ||
374 | ADDQ AX,R10 | ||
375 | ADCQ DX,R11 | ||
376 | MOVQ 208(SP),AX | ||
377 | MULQ 56(SP) | ||
378 | ADDQ AX,R12 | ||
379 | ADCQ DX,R13 | ||
380 | MOVQ 208(SP),AX | ||
381 | MULQ 64(SP) | ||
382 | ADDQ AX,R14 | ||
383 | ADCQ DX,R15 | ||
384 | MOVQ 208(SP),DX | ||
385 | IMUL3Q $19,DX,AX | ||
386 | MULQ 72(SP) | ||
387 | ADDQ AX,SI | ||
388 | ADCQ DX,CX | ||
389 | MOVQ 216(SP),AX | ||
390 | MULQ 40(SP) | ||
391 | ADDQ AX,R10 | ||
392 | ADCQ DX,R11 | ||
393 | MOVQ 216(SP),AX | ||
394 | MULQ 48(SP) | ||
395 | ADDQ AX,R12 | ||
396 | ADCQ DX,R13 | ||
397 | MOVQ 216(SP),AX | ||
398 | MULQ 56(SP) | ||
399 | ADDQ AX,R14 | ||
400 | ADCQ DX,R15 | ||
401 | MOVQ 216(SP),DX | ||
402 | IMUL3Q $19,DX,AX | ||
403 | MULQ 64(SP) | ||
404 | ADDQ AX,SI | ||
405 | ADCQ DX,CX | ||
406 | MOVQ 216(SP),DX | ||
407 | IMUL3Q $19,DX,AX | ||
408 | MULQ 72(SP) | ||
409 | ADDQ AX,R8 | ||
410 | ADCQ DX,R9 | ||
411 | MOVQ 224(SP),AX | ||
412 | MULQ 40(SP) | ||
413 | ADDQ AX,R12 | ||
414 | ADCQ DX,R13 | ||
415 | MOVQ 224(SP),AX | ||
416 | MULQ 48(SP) | ||
417 | ADDQ AX,R14 | ||
418 | ADCQ DX,R15 | ||
419 | MOVQ 280(SP),AX | ||
420 | MULQ 64(SP) | ||
421 | ADDQ AX,R8 | ||
422 | ADCQ DX,R9 | ||
423 | MOVQ 280(SP),AX | ||
424 | MULQ 72(SP) | ||
425 | ADDQ AX,R10 | ||
426 | ADCQ DX,R11 | ||
427 | MOVQ 232(SP),AX | ||
428 | MULQ 40(SP) | ||
429 | ADDQ AX,R14 | ||
430 | ADCQ DX,R15 | ||
431 | MOVQ 288(SP),AX | ||
432 | MULQ 56(SP) | ||
433 | ADDQ AX,R8 | ||
434 | ADCQ DX,R9 | ||
435 | MOVQ 288(SP),AX | ||
436 | MULQ 64(SP) | ||
437 | ADDQ AX,R10 | ||
438 | ADCQ DX,R11 | ||
439 | MOVQ 288(SP),AX | ||
440 | MULQ 72(SP) | ||
441 | ADDQ AX,R12 | ||
442 | ADCQ DX,R13 | ||
443 | MOVQ $REDMASK51,DX | ||
444 | SHLQ $13,CX:SI | ||
445 | ANDQ DX,SI | ||
446 | SHLQ $13,R9:R8 | ||
447 | ANDQ DX,R8 | ||
448 | ADDQ CX,R8 | ||
449 | SHLQ $13,R11:R10 | ||
450 | ANDQ DX,R10 | ||
451 | ADDQ R9,R10 | ||
452 | SHLQ $13,R13:R12 | ||
453 | ANDQ DX,R12 | ||
454 | ADDQ R11,R12 | ||
455 | SHLQ $13,R15:R14 | ||
456 | ANDQ DX,R14 | ||
457 | ADDQ R13,R14 | ||
458 | IMUL3Q $19,R15,CX | ||
459 | ADDQ CX,SI | ||
460 | MOVQ SI,CX | ||
461 | SHRQ $51,CX | ||
462 | ADDQ R8,CX | ||
463 | MOVQ CX,R8 | ||
464 | SHRQ $51,CX | ||
465 | ANDQ DX,SI | ||
466 | ADDQ R10,CX | ||
467 | MOVQ CX,R9 | ||
468 | SHRQ $51,CX | ||
469 | ANDQ DX,R8 | ||
470 | ADDQ R12,CX | ||
471 | MOVQ CX,AX | ||
472 | SHRQ $51,CX | ||
473 | ANDQ DX,R9 | ||
474 | ADDQ R14,CX | ||
475 | MOVQ CX,R10 | ||
476 | SHRQ $51,CX | ||
477 | ANDQ DX,AX | ||
478 | IMUL3Q $19,CX,CX | ||
479 | ADDQ CX,SI | ||
480 | ANDQ DX,R10 | ||
481 | MOVQ SI,40(SP) | ||
482 | MOVQ R8,48(SP) | ||
483 | MOVQ R9,56(SP) | ||
484 | MOVQ AX,64(SP) | ||
485 | MOVQ R10,72(SP) | ||
486 | MOVQ 264(SP),SI | ||
487 | IMUL3Q $19,SI,AX | ||
488 | MOVQ AX,200(SP) | ||
489 | MULQ 16(SP) | ||
490 | MOVQ AX,SI | ||
491 | MOVQ DX,CX | ||
492 | MOVQ 272(SP),DX | ||
493 | IMUL3Q $19,DX,AX | ||
494 | MOVQ AX,208(SP) | ||
495 | MULQ 8(SP) | ||
496 | ADDQ AX,SI | ||
497 | ADCQ DX,CX | ||
498 | MOVQ 240(SP),AX | ||
499 | MULQ 0(SP) | ||
500 | ADDQ AX,SI | ||
501 | ADCQ DX,CX | ||
502 | MOVQ 240(SP),AX | ||
503 | MULQ 8(SP) | ||
504 | MOVQ AX,R8 | ||
505 | MOVQ DX,R9 | ||
506 | MOVQ 240(SP),AX | ||
507 | MULQ 16(SP) | ||
508 | MOVQ AX,R10 | ||
509 | MOVQ DX,R11 | ||
510 | MOVQ 240(SP),AX | ||
511 | MULQ 24(SP) | ||
512 | MOVQ AX,R12 | ||
513 | MOVQ DX,R13 | ||
514 | MOVQ 240(SP),AX | ||
515 | MULQ 32(SP) | ||
516 | MOVQ AX,R14 | ||
517 | MOVQ DX,R15 | ||
518 | MOVQ 248(SP),AX | ||
519 | MULQ 0(SP) | ||
520 | ADDQ AX,R8 | ||
521 | ADCQ DX,R9 | ||
522 | MOVQ 248(SP),AX | ||
523 | MULQ 8(SP) | ||
524 | ADDQ AX,R10 | ||
525 | ADCQ DX,R11 | ||
526 | MOVQ 248(SP),AX | ||
527 | MULQ 16(SP) | ||
528 | ADDQ AX,R12 | ||
529 | ADCQ DX,R13 | ||
530 | MOVQ 248(SP),AX | ||
531 | MULQ 24(SP) | ||
532 | ADDQ AX,R14 | ||
533 | ADCQ DX,R15 | ||
534 | MOVQ 248(SP),DX | ||
535 | IMUL3Q $19,DX,AX | ||
536 | MULQ 32(SP) | ||
537 | ADDQ AX,SI | ||
538 | ADCQ DX,CX | ||
539 | MOVQ 256(SP),AX | ||
540 | MULQ 0(SP) | ||
541 | ADDQ AX,R10 | ||
542 | ADCQ DX,R11 | ||
543 | MOVQ 256(SP),AX | ||
544 | MULQ 8(SP) | ||
545 | ADDQ AX,R12 | ||
546 | ADCQ DX,R13 | ||
547 | MOVQ 256(SP),AX | ||
548 | MULQ 16(SP) | ||
549 | ADDQ AX,R14 | ||
550 | ADCQ DX,R15 | ||
551 | MOVQ 256(SP),DX | ||
552 | IMUL3Q $19,DX,AX | ||
553 | MULQ 24(SP) | ||
554 | ADDQ AX,SI | ||
555 | ADCQ DX,CX | ||
556 | MOVQ 256(SP),DX | ||
557 | IMUL3Q $19,DX,AX | ||
558 | MULQ 32(SP) | ||
559 | ADDQ AX,R8 | ||
560 | ADCQ DX,R9 | ||
561 | MOVQ 264(SP),AX | ||
562 | MULQ 0(SP) | ||
563 | ADDQ AX,R12 | ||
564 | ADCQ DX,R13 | ||
565 | MOVQ 264(SP),AX | ||
566 | MULQ 8(SP) | ||
567 | ADDQ AX,R14 | ||
568 | ADCQ DX,R15 | ||
569 | MOVQ 200(SP),AX | ||
570 | MULQ 24(SP) | ||
571 | ADDQ AX,R8 | ||
572 | ADCQ DX,R9 | ||
573 | MOVQ 200(SP),AX | ||
574 | MULQ 32(SP) | ||
575 | ADDQ AX,R10 | ||
576 | ADCQ DX,R11 | ||
577 | MOVQ 272(SP),AX | ||
578 | MULQ 0(SP) | ||
579 | ADDQ AX,R14 | ||
580 | ADCQ DX,R15 | ||
581 | MOVQ 208(SP),AX | ||
582 | MULQ 16(SP) | ||
583 | ADDQ AX,R8 | ||
584 | ADCQ DX,R9 | ||
585 | MOVQ 208(SP),AX | ||
586 | MULQ 24(SP) | ||
587 | ADDQ AX,R10 | ||
588 | ADCQ DX,R11 | ||
589 | MOVQ 208(SP),AX | ||
590 | MULQ 32(SP) | ||
591 | ADDQ AX,R12 | ||
592 | ADCQ DX,R13 | ||
593 | MOVQ $REDMASK51,DX | ||
594 | SHLQ $13,CX:SI | ||
595 | ANDQ DX,SI | ||
596 | SHLQ $13,R9:R8 | ||
597 | ANDQ DX,R8 | ||
598 | ADDQ CX,R8 | ||
599 | SHLQ $13,R11:R10 | ||
600 | ANDQ DX,R10 | ||
601 | ADDQ R9,R10 | ||
602 | SHLQ $13,R13:R12 | ||
603 | ANDQ DX,R12 | ||
604 | ADDQ R11,R12 | ||
605 | SHLQ $13,R15:R14 | ||
606 | ANDQ DX,R14 | ||
607 | ADDQ R13,R14 | ||
608 | IMUL3Q $19,R15,CX | ||
609 | ADDQ CX,SI | ||
610 | MOVQ SI,CX | ||
611 | SHRQ $51,CX | ||
612 | ADDQ R8,CX | ||
613 | MOVQ CX,R8 | ||
614 | SHRQ $51,CX | ||
615 | ANDQ DX,SI | ||
616 | ADDQ R10,CX | ||
617 | MOVQ CX,R9 | ||
618 | SHRQ $51,CX | ||
619 | ANDQ DX,R8 | ||
620 | ADDQ R12,CX | ||
621 | MOVQ CX,AX | ||
622 | SHRQ $51,CX | ||
623 | ANDQ DX,R9 | ||
624 | ADDQ R14,CX | ||
625 | MOVQ CX,R10 | ||
626 | SHRQ $51,CX | ||
627 | ANDQ DX,AX | ||
628 | IMUL3Q $19,CX,CX | ||
629 | ADDQ CX,SI | ||
630 | ANDQ DX,R10 | ||
631 | MOVQ SI,DX | ||
632 | MOVQ R8,CX | ||
633 | MOVQ R9,R11 | ||
634 | MOVQ AX,R12 | ||
635 | MOVQ R10,R13 | ||
636 | ADDQ ·_2P0(SB),DX | ||
637 | ADDQ ·_2P1234(SB),CX | ||
638 | ADDQ ·_2P1234(SB),R11 | ||
639 | ADDQ ·_2P1234(SB),R12 | ||
640 | ADDQ ·_2P1234(SB),R13 | ||
641 | ADDQ 40(SP),SI | ||
642 | ADDQ 48(SP),R8 | ||
643 | ADDQ 56(SP),R9 | ||
644 | ADDQ 64(SP),AX | ||
645 | ADDQ 72(SP),R10 | ||
646 | SUBQ 40(SP),DX | ||
647 | SUBQ 48(SP),CX | ||
648 | SUBQ 56(SP),R11 | ||
649 | SUBQ 64(SP),R12 | ||
650 | SUBQ 72(SP),R13 | ||
651 | MOVQ SI,120(DI) | ||
652 | MOVQ R8,128(DI) | ||
653 | MOVQ R9,136(DI) | ||
654 | MOVQ AX,144(DI) | ||
655 | MOVQ R10,152(DI) | ||
656 | MOVQ DX,160(DI) | ||
657 | MOVQ CX,168(DI) | ||
658 | MOVQ R11,176(DI) | ||
659 | MOVQ R12,184(DI) | ||
660 | MOVQ R13,192(DI) | ||
661 | MOVQ 120(DI),AX | ||
662 | MULQ 120(DI) | ||
663 | MOVQ AX,SI | ||
664 | MOVQ DX,CX | ||
665 | MOVQ 120(DI),AX | ||
666 | SHLQ $1,AX | ||
667 | MULQ 128(DI) | ||
668 | MOVQ AX,R8 | ||
669 | MOVQ DX,R9 | ||
670 | MOVQ 120(DI),AX | ||
671 | SHLQ $1,AX | ||
672 | MULQ 136(DI) | ||
673 | MOVQ AX,R10 | ||
674 | MOVQ DX,R11 | ||
675 | MOVQ 120(DI),AX | ||
676 | SHLQ $1,AX | ||
677 | MULQ 144(DI) | ||
678 | MOVQ AX,R12 | ||
679 | MOVQ DX,R13 | ||
680 | MOVQ 120(DI),AX | ||
681 | SHLQ $1,AX | ||
682 | MULQ 152(DI) | ||
683 | MOVQ AX,R14 | ||
684 | MOVQ DX,R15 | ||
685 | MOVQ 128(DI),AX | ||
686 | MULQ 128(DI) | ||
687 | ADDQ AX,R10 | ||
688 | ADCQ DX,R11 | ||
689 | MOVQ 128(DI),AX | ||
690 | SHLQ $1,AX | ||
691 | MULQ 136(DI) | ||
692 | ADDQ AX,R12 | ||
693 | ADCQ DX,R13 | ||
694 | MOVQ 128(DI),AX | ||
695 | SHLQ $1,AX | ||
696 | MULQ 144(DI) | ||
697 | ADDQ AX,R14 | ||
698 | ADCQ DX,R15 | ||
699 | MOVQ 128(DI),DX | ||
700 | IMUL3Q $38,DX,AX | ||
701 | MULQ 152(DI) | ||
702 | ADDQ AX,SI | ||
703 | ADCQ DX,CX | ||
704 | MOVQ 136(DI),AX | ||
705 | MULQ 136(DI) | ||
706 | ADDQ AX,R14 | ||
707 | ADCQ DX,R15 | ||
708 | MOVQ 136(DI),DX | ||
709 | IMUL3Q $38,DX,AX | ||
710 | MULQ 144(DI) | ||
711 | ADDQ AX,SI | ||
712 | ADCQ DX,CX | ||
713 | MOVQ 136(DI),DX | ||
714 | IMUL3Q $38,DX,AX | ||
715 | MULQ 152(DI) | ||
716 | ADDQ AX,R8 | ||
717 | ADCQ DX,R9 | ||
718 | MOVQ 144(DI),DX | ||
719 | IMUL3Q $19,DX,AX | ||
720 | MULQ 144(DI) | ||
721 | ADDQ AX,R8 | ||
722 | ADCQ DX,R9 | ||
723 | MOVQ 144(DI),DX | ||
724 | IMUL3Q $38,DX,AX | ||
725 | MULQ 152(DI) | ||
726 | ADDQ AX,R10 | ||
727 | ADCQ DX,R11 | ||
728 | MOVQ 152(DI),DX | ||
729 | IMUL3Q $19,DX,AX | ||
730 | MULQ 152(DI) | ||
731 | ADDQ AX,R12 | ||
732 | ADCQ DX,R13 | ||
733 | MOVQ $REDMASK51,DX | ||
734 | SHLQ $13,CX:SI | ||
735 | ANDQ DX,SI | ||
736 | SHLQ $13,R9:R8 | ||
737 | ANDQ DX,R8 | ||
738 | ADDQ CX,R8 | ||
739 | SHLQ $13,R11:R10 | ||
740 | ANDQ DX,R10 | ||
741 | ADDQ R9,R10 | ||
742 | SHLQ $13,R13:R12 | ||
743 | ANDQ DX,R12 | ||
744 | ADDQ R11,R12 | ||
745 | SHLQ $13,R15:R14 | ||
746 | ANDQ DX,R14 | ||
747 | ADDQ R13,R14 | ||
748 | IMUL3Q $19,R15,CX | ||
749 | ADDQ CX,SI | ||
750 | MOVQ SI,CX | ||
751 | SHRQ $51,CX | ||
752 | ADDQ R8,CX | ||
753 | ANDQ DX,SI | ||
754 | MOVQ CX,R8 | ||
755 | SHRQ $51,CX | ||
756 | ADDQ R10,CX | ||
757 | ANDQ DX,R8 | ||
758 | MOVQ CX,R9 | ||
759 | SHRQ $51,CX | ||
760 | ADDQ R12,CX | ||
761 | ANDQ DX,R9 | ||
762 | MOVQ CX,AX | ||
763 | SHRQ $51,CX | ||
764 | ADDQ R14,CX | ||
765 | ANDQ DX,AX | ||
766 | MOVQ CX,R10 | ||
767 | SHRQ $51,CX | ||
768 | IMUL3Q $19,CX,CX | ||
769 | ADDQ CX,SI | ||
770 | ANDQ DX,R10 | ||
771 | MOVQ SI,120(DI) | ||
772 | MOVQ R8,128(DI) | ||
773 | MOVQ R9,136(DI) | ||
774 | MOVQ AX,144(DI) | ||
775 | MOVQ R10,152(DI) | ||
776 | MOVQ 160(DI),AX | ||
777 | MULQ 160(DI) | ||
778 | MOVQ AX,SI | ||
779 | MOVQ DX,CX | ||
780 | MOVQ 160(DI),AX | ||
781 | SHLQ $1,AX | ||
782 | MULQ 168(DI) | ||
783 | MOVQ AX,R8 | ||
784 | MOVQ DX,R9 | ||
785 | MOVQ 160(DI),AX | ||
786 | SHLQ $1,AX | ||
787 | MULQ 176(DI) | ||
788 | MOVQ AX,R10 | ||
789 | MOVQ DX,R11 | ||
790 | MOVQ 160(DI),AX | ||
791 | SHLQ $1,AX | ||
792 | MULQ 184(DI) | ||
793 | MOVQ AX,R12 | ||
794 | MOVQ DX,R13 | ||
795 | MOVQ 160(DI),AX | ||
796 | SHLQ $1,AX | ||
797 | MULQ 192(DI) | ||
798 | MOVQ AX,R14 | ||
799 | MOVQ DX,R15 | ||
800 | MOVQ 168(DI),AX | ||
801 | MULQ 168(DI) | ||
802 | ADDQ AX,R10 | ||
803 | ADCQ DX,R11 | ||
804 | MOVQ 168(DI),AX | ||
805 | SHLQ $1,AX | ||
806 | MULQ 176(DI) | ||
807 | ADDQ AX,R12 | ||
808 | ADCQ DX,R13 | ||
809 | MOVQ 168(DI),AX | ||
810 | SHLQ $1,AX | ||
811 | MULQ 184(DI) | ||
812 | ADDQ AX,R14 | ||
813 | ADCQ DX,R15 | ||
814 | MOVQ 168(DI),DX | ||
815 | IMUL3Q $38,DX,AX | ||
816 | MULQ 192(DI) | ||
817 | ADDQ AX,SI | ||
818 | ADCQ DX,CX | ||
819 | MOVQ 176(DI),AX | ||
820 | MULQ 176(DI) | ||
821 | ADDQ AX,R14 | ||
822 | ADCQ DX,R15 | ||
823 | MOVQ 176(DI),DX | ||
824 | IMUL3Q $38,DX,AX | ||
825 | MULQ 184(DI) | ||
826 | ADDQ AX,SI | ||
827 | ADCQ DX,CX | ||
828 | MOVQ 176(DI),DX | ||
829 | IMUL3Q $38,DX,AX | ||
830 | MULQ 192(DI) | ||
831 | ADDQ AX,R8 | ||
832 | ADCQ DX,R9 | ||
833 | MOVQ 184(DI),DX | ||
834 | IMUL3Q $19,DX,AX | ||
835 | MULQ 184(DI) | ||
836 | ADDQ AX,R8 | ||
837 | ADCQ DX,R9 | ||
838 | MOVQ 184(DI),DX | ||
839 | IMUL3Q $38,DX,AX | ||
840 | MULQ 192(DI) | ||
841 | ADDQ AX,R10 | ||
842 | ADCQ DX,R11 | ||
843 | MOVQ 192(DI),DX | ||
844 | IMUL3Q $19,DX,AX | ||
845 | MULQ 192(DI) | ||
846 | ADDQ AX,R12 | ||
847 | ADCQ DX,R13 | ||
848 | MOVQ $REDMASK51,DX | ||
849 | SHLQ $13,CX:SI | ||
850 | ANDQ DX,SI | ||
851 | SHLQ $13,R9:R8 | ||
852 | ANDQ DX,R8 | ||
853 | ADDQ CX,R8 | ||
854 | SHLQ $13,R11:R10 | ||
855 | ANDQ DX,R10 | ||
856 | ADDQ R9,R10 | ||
857 | SHLQ $13,R13:R12 | ||
858 | ANDQ DX,R12 | ||
859 | ADDQ R11,R12 | ||
860 | SHLQ $13,R15:R14 | ||
861 | ANDQ DX,R14 | ||
862 | ADDQ R13,R14 | ||
863 | IMUL3Q $19,R15,CX | ||
864 | ADDQ CX,SI | ||
865 | MOVQ SI,CX | ||
866 | SHRQ $51,CX | ||
867 | ADDQ R8,CX | ||
868 | ANDQ DX,SI | ||
869 | MOVQ CX,R8 | ||
870 | SHRQ $51,CX | ||
871 | ADDQ R10,CX | ||
872 | ANDQ DX,R8 | ||
873 | MOVQ CX,R9 | ||
874 | SHRQ $51,CX | ||
875 | ADDQ R12,CX | ||
876 | ANDQ DX,R9 | ||
877 | MOVQ CX,AX | ||
878 | SHRQ $51,CX | ||
879 | ADDQ R14,CX | ||
880 | ANDQ DX,AX | ||
881 | MOVQ CX,R10 | ||
882 | SHRQ $51,CX | ||
883 | IMUL3Q $19,CX,CX | ||
884 | ADDQ CX,SI | ||
885 | ANDQ DX,R10 | ||
886 | MOVQ SI,160(DI) | ||
887 | MOVQ R8,168(DI) | ||
888 | MOVQ R9,176(DI) | ||
889 | MOVQ AX,184(DI) | ||
890 | MOVQ R10,192(DI) | ||
891 | MOVQ 184(DI),SI | ||
892 | IMUL3Q $19,SI,AX | ||
893 | MOVQ AX,0(SP) | ||
894 | MULQ 16(DI) | ||
895 | MOVQ AX,SI | ||
896 | MOVQ DX,CX | ||
897 | MOVQ 192(DI),DX | ||
898 | IMUL3Q $19,DX,AX | ||
899 | MOVQ AX,8(SP) | ||
900 | MULQ 8(DI) | ||
901 | ADDQ AX,SI | ||
902 | ADCQ DX,CX | ||
903 | MOVQ 160(DI),AX | ||
904 | MULQ 0(DI) | ||
905 | ADDQ AX,SI | ||
906 | ADCQ DX,CX | ||
907 | MOVQ 160(DI),AX | ||
908 | MULQ 8(DI) | ||
909 | MOVQ AX,R8 | ||
910 | MOVQ DX,R9 | ||
911 | MOVQ 160(DI),AX | ||
912 | MULQ 16(DI) | ||
913 | MOVQ AX,R10 | ||
914 | MOVQ DX,R11 | ||
915 | MOVQ 160(DI),AX | ||
916 | MULQ 24(DI) | ||
917 | MOVQ AX,R12 | ||
918 | MOVQ DX,R13 | ||
919 | MOVQ 160(DI),AX | ||
920 | MULQ 32(DI) | ||
921 | MOVQ AX,R14 | ||
922 | MOVQ DX,R15 | ||
923 | MOVQ 168(DI),AX | ||
924 | MULQ 0(DI) | ||
925 | ADDQ AX,R8 | ||
926 | ADCQ DX,R9 | ||
927 | MOVQ 168(DI),AX | ||
928 | MULQ 8(DI) | ||
929 | ADDQ AX,R10 | ||
930 | ADCQ DX,R11 | ||
931 | MOVQ 168(DI),AX | ||
932 | MULQ 16(DI) | ||
933 | ADDQ AX,R12 | ||
934 | ADCQ DX,R13 | ||
935 | MOVQ 168(DI),AX | ||
936 | MULQ 24(DI) | ||
937 | ADDQ AX,R14 | ||
938 | ADCQ DX,R15 | ||
939 | MOVQ 168(DI),DX | ||
940 | IMUL3Q $19,DX,AX | ||
941 | MULQ 32(DI) | ||
942 | ADDQ AX,SI | ||
943 | ADCQ DX,CX | ||
944 | MOVQ 176(DI),AX | ||
945 | MULQ 0(DI) | ||
946 | ADDQ AX,R10 | ||
947 | ADCQ DX,R11 | ||
948 | MOVQ 176(DI),AX | ||
949 | MULQ 8(DI) | ||
950 | ADDQ AX,R12 | ||
951 | ADCQ DX,R13 | ||
952 | MOVQ 176(DI),AX | ||
953 | MULQ 16(DI) | ||
954 | ADDQ AX,R14 | ||
955 | ADCQ DX,R15 | ||
956 | MOVQ 176(DI),DX | ||
957 | IMUL3Q $19,DX,AX | ||
958 | MULQ 24(DI) | ||
959 | ADDQ AX,SI | ||
960 | ADCQ DX,CX | ||
961 | MOVQ 176(DI),DX | ||
962 | IMUL3Q $19,DX,AX | ||
963 | MULQ 32(DI) | ||
964 | ADDQ AX,R8 | ||
965 | ADCQ DX,R9 | ||
966 | MOVQ 184(DI),AX | ||
967 | MULQ 0(DI) | ||
968 | ADDQ AX,R12 | ||
969 | ADCQ DX,R13 | ||
970 | MOVQ 184(DI),AX | ||
971 | MULQ 8(DI) | ||
972 | ADDQ AX,R14 | ||
973 | ADCQ DX,R15 | ||
974 | MOVQ 0(SP),AX | ||
975 | MULQ 24(DI) | ||
976 | ADDQ AX,R8 | ||
977 | ADCQ DX,R9 | ||
978 | MOVQ 0(SP),AX | ||
979 | MULQ 32(DI) | ||
980 | ADDQ AX,R10 | ||
981 | ADCQ DX,R11 | ||
982 | MOVQ 192(DI),AX | ||
983 | MULQ 0(DI) | ||
984 | ADDQ AX,R14 | ||
985 | ADCQ DX,R15 | ||
986 | MOVQ 8(SP),AX | ||
987 | MULQ 16(DI) | ||
988 | ADDQ AX,R8 | ||
989 | ADCQ DX,R9 | ||
990 | MOVQ 8(SP),AX | ||
991 | MULQ 24(DI) | ||
992 | ADDQ AX,R10 | ||
993 | ADCQ DX,R11 | ||
994 | MOVQ 8(SP),AX | ||
995 | MULQ 32(DI) | ||
996 | ADDQ AX,R12 | ||
997 | ADCQ DX,R13 | ||
998 | MOVQ $REDMASK51,DX | ||
999 | SHLQ $13,CX:SI | ||
1000 | ANDQ DX,SI | ||
1001 | SHLQ $13,R9:R8 | ||
1002 | ANDQ DX,R8 | ||
1003 | ADDQ CX,R8 | ||
1004 | SHLQ $13,R11:R10 | ||
1005 | ANDQ DX,R10 | ||
1006 | ADDQ R9,R10 | ||
1007 | SHLQ $13,R13:R12 | ||
1008 | ANDQ DX,R12 | ||
1009 | ADDQ R11,R12 | ||
1010 | SHLQ $13,R15:R14 | ||
1011 | ANDQ DX,R14 | ||
1012 | ADDQ R13,R14 | ||
1013 | IMUL3Q $19,R15,CX | ||
1014 | ADDQ CX,SI | ||
1015 | MOVQ SI,CX | ||
1016 | SHRQ $51,CX | ||
1017 | ADDQ R8,CX | ||
1018 | MOVQ CX,R8 | ||
1019 | SHRQ $51,CX | ||
1020 | ANDQ DX,SI | ||
1021 | ADDQ R10,CX | ||
1022 | MOVQ CX,R9 | ||
1023 | SHRQ $51,CX | ||
1024 | ANDQ DX,R8 | ||
1025 | ADDQ R12,CX | ||
1026 | MOVQ CX,AX | ||
1027 | SHRQ $51,CX | ||
1028 | ANDQ DX,R9 | ||
1029 | ADDQ R14,CX | ||
1030 | MOVQ CX,R10 | ||
1031 | SHRQ $51,CX | ||
1032 | ANDQ DX,AX | ||
1033 | IMUL3Q $19,CX,CX | ||
1034 | ADDQ CX,SI | ||
1035 | ANDQ DX,R10 | ||
1036 | MOVQ SI,160(DI) | ||
1037 | MOVQ R8,168(DI) | ||
1038 | MOVQ R9,176(DI) | ||
1039 | MOVQ AX,184(DI) | ||
1040 | MOVQ R10,192(DI) | ||
1041 | MOVQ 144(SP),SI | ||
1042 | IMUL3Q $19,SI,AX | ||
1043 | MOVQ AX,0(SP) | ||
1044 | MULQ 96(SP) | ||
1045 | MOVQ AX,SI | ||
1046 | MOVQ DX,CX | ||
1047 | MOVQ 152(SP),DX | ||
1048 | IMUL3Q $19,DX,AX | ||
1049 | MOVQ AX,8(SP) | ||
1050 | MULQ 88(SP) | ||
1051 | ADDQ AX,SI | ||
1052 | ADCQ DX,CX | ||
1053 | MOVQ 120(SP),AX | ||
1054 | MULQ 80(SP) | ||
1055 | ADDQ AX,SI | ||
1056 | ADCQ DX,CX | ||
1057 | MOVQ 120(SP),AX | ||
1058 | MULQ 88(SP) | ||
1059 | MOVQ AX,R8 | ||
1060 | MOVQ DX,R9 | ||
1061 | MOVQ 120(SP),AX | ||
1062 | MULQ 96(SP) | ||
1063 | MOVQ AX,R10 | ||
1064 | MOVQ DX,R11 | ||
1065 | MOVQ 120(SP),AX | ||
1066 | MULQ 104(SP) | ||
1067 | MOVQ AX,R12 | ||
1068 | MOVQ DX,R13 | ||
1069 | MOVQ 120(SP),AX | ||
1070 | MULQ 112(SP) | ||
1071 | MOVQ AX,R14 | ||
1072 | MOVQ DX,R15 | ||
1073 | MOVQ 128(SP),AX | ||
1074 | MULQ 80(SP) | ||
1075 | ADDQ AX,R8 | ||
1076 | ADCQ DX,R9 | ||
1077 | MOVQ 128(SP),AX | ||
1078 | MULQ 88(SP) | ||
1079 | ADDQ AX,R10 | ||
1080 | ADCQ DX,R11 | ||
1081 | MOVQ 128(SP),AX | ||
1082 | MULQ 96(SP) | ||
1083 | ADDQ AX,R12 | ||
1084 | ADCQ DX,R13 | ||
1085 | MOVQ 128(SP),AX | ||
1086 | MULQ 104(SP) | ||
1087 | ADDQ AX,R14 | ||
1088 | ADCQ DX,R15 | ||
1089 | MOVQ 128(SP),DX | ||
1090 | IMUL3Q $19,DX,AX | ||
1091 | MULQ 112(SP) | ||
1092 | ADDQ AX,SI | ||
1093 | ADCQ DX,CX | ||
1094 | MOVQ 136(SP),AX | ||
1095 | MULQ 80(SP) | ||
1096 | ADDQ AX,R10 | ||
1097 | ADCQ DX,R11 | ||
1098 | MOVQ 136(SP),AX | ||
1099 | MULQ 88(SP) | ||
1100 | ADDQ AX,R12 | ||
1101 | ADCQ DX,R13 | ||
1102 | MOVQ 136(SP),AX | ||
1103 | MULQ 96(SP) | ||
1104 | ADDQ AX,R14 | ||
1105 | ADCQ DX,R15 | ||
1106 | MOVQ 136(SP),DX | ||
1107 | IMUL3Q $19,DX,AX | ||
1108 | MULQ 104(SP) | ||
1109 | ADDQ AX,SI | ||
1110 | ADCQ DX,CX | ||
1111 | MOVQ 136(SP),DX | ||
1112 | IMUL3Q $19,DX,AX | ||
1113 | MULQ 112(SP) | ||
1114 | ADDQ AX,R8 | ||
1115 | ADCQ DX,R9 | ||
1116 | MOVQ 144(SP),AX | ||
1117 | MULQ 80(SP) | ||
1118 | ADDQ AX,R12 | ||
1119 | ADCQ DX,R13 | ||
1120 | MOVQ 144(SP),AX | ||
1121 | MULQ 88(SP) | ||
1122 | ADDQ AX,R14 | ||
1123 | ADCQ DX,R15 | ||
1124 | MOVQ 0(SP),AX | ||
1125 | MULQ 104(SP) | ||
1126 | ADDQ AX,R8 | ||
1127 | ADCQ DX,R9 | ||
1128 | MOVQ 0(SP),AX | ||
1129 | MULQ 112(SP) | ||
1130 | ADDQ AX,R10 | ||
1131 | ADCQ DX,R11 | ||
1132 | MOVQ 152(SP),AX | ||
1133 | MULQ 80(SP) | ||
1134 | ADDQ AX,R14 | ||
1135 | ADCQ DX,R15 | ||
1136 | MOVQ 8(SP),AX | ||
1137 | MULQ 96(SP) | ||
1138 | ADDQ AX,R8 | ||
1139 | ADCQ DX,R9 | ||
1140 | MOVQ 8(SP),AX | ||
1141 | MULQ 104(SP) | ||
1142 | ADDQ AX,R10 | ||
1143 | ADCQ DX,R11 | ||
1144 | MOVQ 8(SP),AX | ||
1145 | MULQ 112(SP) | ||
1146 | ADDQ AX,R12 | ||
1147 | ADCQ DX,R13 | ||
1148 | MOVQ $REDMASK51,DX | ||
1149 | SHLQ $13,CX:SI | ||
1150 | ANDQ DX,SI | ||
1151 | SHLQ $13,R9:R8 | ||
1152 | ANDQ DX,R8 | ||
1153 | ADDQ CX,R8 | ||
1154 | SHLQ $13,R11:R10 | ||
1155 | ANDQ DX,R10 | ||
1156 | ADDQ R9,R10 | ||
1157 | SHLQ $13,R13:R12 | ||
1158 | ANDQ DX,R12 | ||
1159 | ADDQ R11,R12 | ||
1160 | SHLQ $13,R15:R14 | ||
1161 | ANDQ DX,R14 | ||
1162 | ADDQ R13,R14 | ||
1163 | IMUL3Q $19,R15,CX | ||
1164 | ADDQ CX,SI | ||
1165 | MOVQ SI,CX | ||
1166 | SHRQ $51,CX | ||
1167 | ADDQ R8,CX | ||
1168 | MOVQ CX,R8 | ||
1169 | SHRQ $51,CX | ||
1170 | ANDQ DX,SI | ||
1171 | ADDQ R10,CX | ||
1172 | MOVQ CX,R9 | ||
1173 | SHRQ $51,CX | ||
1174 | ANDQ DX,R8 | ||
1175 | ADDQ R12,CX | ||
1176 | MOVQ CX,AX | ||
1177 | SHRQ $51,CX | ||
1178 | ANDQ DX,R9 | ||
1179 | ADDQ R14,CX | ||
1180 | MOVQ CX,R10 | ||
1181 | SHRQ $51,CX | ||
1182 | ANDQ DX,AX | ||
1183 | IMUL3Q $19,CX,CX | ||
1184 | ADDQ CX,SI | ||
1185 | ANDQ DX,R10 | ||
1186 | MOVQ SI,40(DI) | ||
1187 | MOVQ R8,48(DI) | ||
1188 | MOVQ R9,56(DI) | ||
1189 | MOVQ AX,64(DI) | ||
1190 | MOVQ R10,72(DI) | ||
1191 | MOVQ 160(SP),AX | ||
1192 | MULQ ·_121666_213(SB) | ||
1193 | SHRQ $13,AX | ||
1194 | MOVQ AX,SI | ||
1195 | MOVQ DX,CX | ||
1196 | MOVQ 168(SP),AX | ||
1197 | MULQ ·_121666_213(SB) | ||
1198 | SHRQ $13,AX | ||
1199 | ADDQ AX,CX | ||
1200 | MOVQ DX,R8 | ||
1201 | MOVQ 176(SP),AX | ||
1202 | MULQ ·_121666_213(SB) | ||
1203 | SHRQ $13,AX | ||
1204 | ADDQ AX,R8 | ||
1205 | MOVQ DX,R9 | ||
1206 | MOVQ 184(SP),AX | ||
1207 | MULQ ·_121666_213(SB) | ||
1208 | SHRQ $13,AX | ||
1209 | ADDQ AX,R9 | ||
1210 | MOVQ DX,R10 | ||
1211 | MOVQ 192(SP),AX | ||
1212 | MULQ ·_121666_213(SB) | ||
1213 | SHRQ $13,AX | ||
1214 | ADDQ AX,R10 | ||
1215 | IMUL3Q $19,DX,DX | ||
1216 | ADDQ DX,SI | ||
1217 | ADDQ 80(SP),SI | ||
1218 | ADDQ 88(SP),CX | ||
1219 | ADDQ 96(SP),R8 | ||
1220 | ADDQ 104(SP),R9 | ||
1221 | ADDQ 112(SP),R10 | ||
1222 | MOVQ SI,80(DI) | ||
1223 | MOVQ CX,88(DI) | ||
1224 | MOVQ R8,96(DI) | ||
1225 | MOVQ R9,104(DI) | ||
1226 | MOVQ R10,112(DI) | ||
1227 | MOVQ 104(DI),SI | ||
1228 | IMUL3Q $19,SI,AX | ||
1229 | MOVQ AX,0(SP) | ||
1230 | MULQ 176(SP) | ||
1231 | MOVQ AX,SI | ||
1232 | MOVQ DX,CX | ||
1233 | MOVQ 112(DI),DX | ||
1234 | IMUL3Q $19,DX,AX | ||
1235 | MOVQ AX,8(SP) | ||
1236 | MULQ 168(SP) | ||
1237 | ADDQ AX,SI | ||
1238 | ADCQ DX,CX | ||
1239 | MOVQ 80(DI),AX | ||
1240 | MULQ 160(SP) | ||
1241 | ADDQ AX,SI | ||
1242 | ADCQ DX,CX | ||
1243 | MOVQ 80(DI),AX | ||
1244 | MULQ 168(SP) | ||
1245 | MOVQ AX,R8 | ||
1246 | MOVQ DX,R9 | ||
1247 | MOVQ 80(DI),AX | ||
1248 | MULQ 176(SP) | ||
1249 | MOVQ AX,R10 | ||
1250 | MOVQ DX,R11 | ||
1251 | MOVQ 80(DI),AX | ||
1252 | MULQ 184(SP) | ||
1253 | MOVQ AX,R12 | ||
1254 | MOVQ DX,R13 | ||
1255 | MOVQ 80(DI),AX | ||
1256 | MULQ 192(SP) | ||
1257 | MOVQ AX,R14 | ||
1258 | MOVQ DX,R15 | ||
1259 | MOVQ 88(DI),AX | ||
1260 | MULQ 160(SP) | ||
1261 | ADDQ AX,R8 | ||
1262 | ADCQ DX,R9 | ||
1263 | MOVQ 88(DI),AX | ||
1264 | MULQ 168(SP) | ||
1265 | ADDQ AX,R10 | ||
1266 | ADCQ DX,R11 | ||
1267 | MOVQ 88(DI),AX | ||
1268 | MULQ 176(SP) | ||
1269 | ADDQ AX,R12 | ||
1270 | ADCQ DX,R13 | ||
1271 | MOVQ 88(DI),AX | ||
1272 | MULQ 184(SP) | ||
1273 | ADDQ AX,R14 | ||
1274 | ADCQ DX,R15 | ||
1275 | MOVQ 88(DI),DX | ||
1276 | IMUL3Q $19,DX,AX | ||
1277 | MULQ 192(SP) | ||
1278 | ADDQ AX,SI | ||
1279 | ADCQ DX,CX | ||
1280 | MOVQ 96(DI),AX | ||
1281 | MULQ 160(SP) | ||
1282 | ADDQ AX,R10 | ||
1283 | ADCQ DX,R11 | ||
1284 | MOVQ 96(DI),AX | ||
1285 | MULQ 168(SP) | ||
1286 | ADDQ AX,R12 | ||
1287 | ADCQ DX,R13 | ||
1288 | MOVQ 96(DI),AX | ||
1289 | MULQ 176(SP) | ||
1290 | ADDQ AX,R14 | ||
1291 | ADCQ DX,R15 | ||
1292 | MOVQ 96(DI),DX | ||
1293 | IMUL3Q $19,DX,AX | ||
1294 | MULQ 184(SP) | ||
1295 | ADDQ AX,SI | ||
1296 | ADCQ DX,CX | ||
1297 | MOVQ 96(DI),DX | ||
1298 | IMUL3Q $19,DX,AX | ||
1299 | MULQ 192(SP) | ||
1300 | ADDQ AX,R8 | ||
1301 | ADCQ DX,R9 | ||
1302 | MOVQ 104(DI),AX | ||
1303 | MULQ 160(SP) | ||
1304 | ADDQ AX,R12 | ||
1305 | ADCQ DX,R13 | ||
1306 | MOVQ 104(DI),AX | ||
1307 | MULQ 168(SP) | ||
1308 | ADDQ AX,R14 | ||
1309 | ADCQ DX,R15 | ||
1310 | MOVQ 0(SP),AX | ||
1311 | MULQ 184(SP) | ||
1312 | ADDQ AX,R8 | ||
1313 | ADCQ DX,R9 | ||
1314 | MOVQ 0(SP),AX | ||
1315 | MULQ 192(SP) | ||
1316 | ADDQ AX,R10 | ||
1317 | ADCQ DX,R11 | ||
1318 | MOVQ 112(DI),AX | ||
1319 | MULQ 160(SP) | ||
1320 | ADDQ AX,R14 | ||
1321 | ADCQ DX,R15 | ||
1322 | MOVQ 8(SP),AX | ||
1323 | MULQ 176(SP) | ||
1324 | ADDQ AX,R8 | ||
1325 | ADCQ DX,R9 | ||
1326 | MOVQ 8(SP),AX | ||
1327 | MULQ 184(SP) | ||
1328 | ADDQ AX,R10 | ||
1329 | ADCQ DX,R11 | ||
1330 | MOVQ 8(SP),AX | ||
1331 | MULQ 192(SP) | ||
1332 | ADDQ AX,R12 | ||
1333 | ADCQ DX,R13 | ||
1334 | MOVQ $REDMASK51,DX | ||
1335 | SHLQ $13,CX:SI | ||
1336 | ANDQ DX,SI | ||
1337 | SHLQ $13,R9:R8 | ||
1338 | ANDQ DX,R8 | ||
1339 | ADDQ CX,R8 | ||
1340 | SHLQ $13,R11:R10 | ||
1341 | ANDQ DX,R10 | ||
1342 | ADDQ R9,R10 | ||
1343 | SHLQ $13,R13:R12 | ||
1344 | ANDQ DX,R12 | ||
1345 | ADDQ R11,R12 | ||
1346 | SHLQ $13,R15:R14 | ||
1347 | ANDQ DX,R14 | ||
1348 | ADDQ R13,R14 | ||
1349 | IMUL3Q $19,R15,CX | ||
1350 | ADDQ CX,SI | ||
1351 | MOVQ SI,CX | ||
1352 | SHRQ $51,CX | ||
1353 | ADDQ R8,CX | ||
1354 | MOVQ CX,R8 | ||
1355 | SHRQ $51,CX | ||
1356 | ANDQ DX,SI | ||
1357 | ADDQ R10,CX | ||
1358 | MOVQ CX,R9 | ||
1359 | SHRQ $51,CX | ||
1360 | ANDQ DX,R8 | ||
1361 | ADDQ R12,CX | ||
1362 | MOVQ CX,AX | ||
1363 | SHRQ $51,CX | ||
1364 | ANDQ DX,R9 | ||
1365 | ADDQ R14,CX | ||
1366 | MOVQ CX,R10 | ||
1367 | SHRQ $51,CX | ||
1368 | ANDQ DX,AX | ||
1369 | IMUL3Q $19,CX,CX | ||
1370 | ADDQ CX,SI | ||
1371 | ANDQ DX,R10 | ||
1372 | MOVQ SI,80(DI) | ||
1373 | MOVQ R8,88(DI) | ||
1374 | MOVQ R9,96(DI) | ||
1375 | MOVQ AX,104(DI) | ||
1376 | MOVQ R10,112(DI) | ||
1377 | RET | ||
diff --git a/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go b/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go new file mode 100644 index 0000000..5822bd5 --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go | |||
@@ -0,0 +1,240 @@ | |||
1 | // Copyright 2012 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // +build amd64,!gccgo,!appengine | ||
6 | |||
7 | package curve25519 | ||
8 | |||
9 | // These functions are implemented in the .s files. The names of the functions | ||
10 | // in the rest of the file are also taken from the SUPERCOP sources to help | ||
11 | // people following along. | ||
12 | |||
13 | //go:noescape | ||
14 | |||
15 | func cswap(inout *[5]uint64, v uint64) | ||
16 | |||
17 | //go:noescape | ||
18 | |||
19 | func ladderstep(inout *[5][5]uint64) | ||
20 | |||
21 | //go:noescape | ||
22 | |||
23 | func freeze(inout *[5]uint64) | ||
24 | |||
25 | //go:noescape | ||
26 | |||
27 | func mul(dest, a, b *[5]uint64) | ||
28 | |||
29 | //go:noescape | ||
30 | |||
31 | func square(out, in *[5]uint64) | ||
32 | |||
33 | // mladder uses a Montgomery ladder to calculate (xr/zr) *= s. | ||
34 | func mladder(xr, zr *[5]uint64, s *[32]byte) { | ||
35 | var work [5][5]uint64 | ||
36 | |||
37 | work[0] = *xr | ||
38 | setint(&work[1], 1) | ||
39 | setint(&work[2], 0) | ||
40 | work[3] = *xr | ||
41 | setint(&work[4], 1) | ||
42 | |||
43 | j := uint(6) | ||
44 | var prevbit byte | ||
45 | |||
46 | for i := 31; i >= 0; i-- { | ||
47 | for j < 8 { | ||
48 | bit := ((*s)[i] >> j) & 1 | ||
49 | swap := bit ^ prevbit | ||
50 | prevbit = bit | ||
51 | cswap(&work[1], uint64(swap)) | ||
52 | ladderstep(&work) | ||
53 | j-- | ||
54 | } | ||
55 | j = 7 | ||
56 | } | ||
57 | |||
58 | *xr = work[1] | ||
59 | *zr = work[2] | ||
60 | } | ||
61 | |||
62 | func scalarMult(out, in, base *[32]byte) { | ||
63 | var e [32]byte | ||
64 | copy(e[:], (*in)[:]) | ||
65 | e[0] &= 248 | ||
66 | e[31] &= 127 | ||
67 | e[31] |= 64 | ||
68 | |||
69 | var t, z [5]uint64 | ||
70 | unpack(&t, base) | ||
71 | mladder(&t, &z, &e) | ||
72 | invert(&z, &z) | ||
73 | mul(&t, &t, &z) | ||
74 | pack(out, &t) | ||
75 | } | ||
76 | |||
77 | func setint(r *[5]uint64, v uint64) { | ||
78 | r[0] = v | ||
79 | r[1] = 0 | ||
80 | r[2] = 0 | ||
81 | r[3] = 0 | ||
82 | r[4] = 0 | ||
83 | } | ||
84 | |||
85 | // unpack sets r = x where r consists of 5, 51-bit limbs in little-endian | ||
86 | // order. | ||
87 | func unpack(r *[5]uint64, x *[32]byte) { | ||
88 | r[0] = uint64(x[0]) | | ||
89 | uint64(x[1])<<8 | | ||
90 | uint64(x[2])<<16 | | ||
91 | uint64(x[3])<<24 | | ||
92 | uint64(x[4])<<32 | | ||
93 | uint64(x[5])<<40 | | ||
94 | uint64(x[6]&7)<<48 | ||
95 | |||
96 | r[1] = uint64(x[6])>>3 | | ||
97 | uint64(x[7])<<5 | | ||
98 | uint64(x[8])<<13 | | ||
99 | uint64(x[9])<<21 | | ||
100 | uint64(x[10])<<29 | | ||
101 | uint64(x[11])<<37 | | ||
102 | uint64(x[12]&63)<<45 | ||
103 | |||
104 | r[2] = uint64(x[12])>>6 | | ||
105 | uint64(x[13])<<2 | | ||
106 | uint64(x[14])<<10 | | ||
107 | uint64(x[15])<<18 | | ||
108 | uint64(x[16])<<26 | | ||
109 | uint64(x[17])<<34 | | ||
110 | uint64(x[18])<<42 | | ||
111 | uint64(x[19]&1)<<50 | ||
112 | |||
113 | r[3] = uint64(x[19])>>1 | | ||
114 | uint64(x[20])<<7 | | ||
115 | uint64(x[21])<<15 | | ||
116 | uint64(x[22])<<23 | | ||
117 | uint64(x[23])<<31 | | ||
118 | uint64(x[24])<<39 | | ||
119 | uint64(x[25]&15)<<47 | ||
120 | |||
121 | r[4] = uint64(x[25])>>4 | | ||
122 | uint64(x[26])<<4 | | ||
123 | uint64(x[27])<<12 | | ||
124 | uint64(x[28])<<20 | | ||
125 | uint64(x[29])<<28 | | ||
126 | uint64(x[30])<<36 | | ||
127 | uint64(x[31]&127)<<44 | ||
128 | } | ||
129 | |||
130 | // pack sets out = x where out is the usual, little-endian form of the 5, | ||
131 | // 51-bit limbs in x. | ||
132 | func pack(out *[32]byte, x *[5]uint64) { | ||
133 | t := *x | ||
134 | freeze(&t) | ||
135 | |||
136 | out[0] = byte(t[0]) | ||
137 | out[1] = byte(t[0] >> 8) | ||
138 | out[2] = byte(t[0] >> 16) | ||
139 | out[3] = byte(t[0] >> 24) | ||
140 | out[4] = byte(t[0] >> 32) | ||
141 | out[5] = byte(t[0] >> 40) | ||
142 | out[6] = byte(t[0] >> 48) | ||
143 | |||
144 | out[6] ^= byte(t[1]<<3) & 0xf8 | ||
145 | out[7] = byte(t[1] >> 5) | ||
146 | out[8] = byte(t[1] >> 13) | ||
147 | out[9] = byte(t[1] >> 21) | ||
148 | out[10] = byte(t[1] >> 29) | ||
149 | out[11] = byte(t[1] >> 37) | ||
150 | out[12] = byte(t[1] >> 45) | ||
151 | |||
152 | out[12] ^= byte(t[2]<<6) & 0xc0 | ||
153 | out[13] = byte(t[2] >> 2) | ||
154 | out[14] = byte(t[2] >> 10) | ||
155 | out[15] = byte(t[2] >> 18) | ||
156 | out[16] = byte(t[2] >> 26) | ||
157 | out[17] = byte(t[2] >> 34) | ||
158 | out[18] = byte(t[2] >> 42) | ||
159 | out[19] = byte(t[2] >> 50) | ||
160 | |||
161 | out[19] ^= byte(t[3]<<1) & 0xfe | ||
162 | out[20] = byte(t[3] >> 7) | ||
163 | out[21] = byte(t[3] >> 15) | ||
164 | out[22] = byte(t[3] >> 23) | ||
165 | out[23] = byte(t[3] >> 31) | ||
166 | out[24] = byte(t[3] >> 39) | ||
167 | out[25] = byte(t[3] >> 47) | ||
168 | |||
169 | out[25] ^= byte(t[4]<<4) & 0xf0 | ||
170 | out[26] = byte(t[4] >> 4) | ||
171 | out[27] = byte(t[4] >> 12) | ||
172 | out[28] = byte(t[4] >> 20) | ||
173 | out[29] = byte(t[4] >> 28) | ||
174 | out[30] = byte(t[4] >> 36) | ||
175 | out[31] = byte(t[4] >> 44) | ||
176 | } | ||
177 | |||
178 | // invert calculates r = x^-1 mod p using Fermat's little theorem. | ||
179 | func invert(r *[5]uint64, x *[5]uint64) { | ||
180 | var z2, z9, z11, z2_5_0, z2_10_0, z2_20_0, z2_50_0, z2_100_0, t [5]uint64 | ||
181 | |||
182 | square(&z2, x) /* 2 */ | ||
183 | square(&t, &z2) /* 4 */ | ||
184 | square(&t, &t) /* 8 */ | ||
185 | mul(&z9, &t, x) /* 9 */ | ||
186 | mul(&z11, &z9, &z2) /* 11 */ | ||
187 | square(&t, &z11) /* 22 */ | ||
188 | mul(&z2_5_0, &t, &z9) /* 2^5 - 2^0 = 31 */ | ||
189 | |||
190 | square(&t, &z2_5_0) /* 2^6 - 2^1 */ | ||
191 | for i := 1; i < 5; i++ { /* 2^20 - 2^10 */ | ||
192 | square(&t, &t) | ||
193 | } | ||
194 | mul(&z2_10_0, &t, &z2_5_0) /* 2^10 - 2^0 */ | ||
195 | |||
196 | square(&t, &z2_10_0) /* 2^11 - 2^1 */ | ||
197 | for i := 1; i < 10; i++ { /* 2^20 - 2^10 */ | ||
198 | square(&t, &t) | ||
199 | } | ||
200 | mul(&z2_20_0, &t, &z2_10_0) /* 2^20 - 2^0 */ | ||
201 | |||
202 | square(&t, &z2_20_0) /* 2^21 - 2^1 */ | ||
203 | for i := 1; i < 20; i++ { /* 2^40 - 2^20 */ | ||
204 | square(&t, &t) | ||
205 | } | ||
206 | mul(&t, &t, &z2_20_0) /* 2^40 - 2^0 */ | ||
207 | |||
208 | square(&t, &t) /* 2^41 - 2^1 */ | ||
209 | for i := 1; i < 10; i++ { /* 2^50 - 2^10 */ | ||
210 | square(&t, &t) | ||
211 | } | ||
212 | mul(&z2_50_0, &t, &z2_10_0) /* 2^50 - 2^0 */ | ||
213 | |||
214 | square(&t, &z2_50_0) /* 2^51 - 2^1 */ | ||
215 | for i := 1; i < 50; i++ { /* 2^100 - 2^50 */ | ||
216 | square(&t, &t) | ||
217 | } | ||
218 | mul(&z2_100_0, &t, &z2_50_0) /* 2^100 - 2^0 */ | ||
219 | |||
220 | square(&t, &z2_100_0) /* 2^101 - 2^1 */ | ||
221 | for i := 1; i < 100; i++ { /* 2^200 - 2^100 */ | ||
222 | square(&t, &t) | ||
223 | } | ||
224 | mul(&t, &t, &z2_100_0) /* 2^200 - 2^0 */ | ||
225 | |||
226 | square(&t, &t) /* 2^201 - 2^1 */ | ||
227 | for i := 1; i < 50; i++ { /* 2^250 - 2^50 */ | ||
228 | square(&t, &t) | ||
229 | } | ||
230 | mul(&t, &t, &z2_50_0) /* 2^250 - 2^0 */ | ||
231 | |||
232 | square(&t, &t) /* 2^251 - 2^1 */ | ||
233 | square(&t, &t) /* 2^252 - 2^2 */ | ||
234 | square(&t, &t) /* 2^253 - 2^3 */ | ||
235 | |||
236 | square(&t, &t) /* 2^254 - 2^4 */ | ||
237 | |||
238 | square(&t, &t) /* 2^255 - 2^5 */ | ||
239 | mul(r, &t, &z11) /* 2^255 - 21 */ | ||
240 | } | ||
diff --git a/vendor/golang.org/x/crypto/curve25519/mul_amd64.s b/vendor/golang.org/x/crypto/curve25519/mul_amd64.s new file mode 100644 index 0000000..b162e65 --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/mul_amd64.s | |||
@@ -0,0 +1,169 @@ | |||
1 | // Copyright 2012 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // This code was translated into a form compatible with 6a from the public | ||
6 | // domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html | ||
7 | |||
8 | // +build amd64,!gccgo,!appengine | ||
9 | |||
10 | #include "const_amd64.h" | ||
11 | |||
12 | // func mul(dest, a, b *[5]uint64) | ||
13 | TEXT ·mul(SB),0,$16-24 | ||
14 | MOVQ dest+0(FP), DI | ||
15 | MOVQ a+8(FP), SI | ||
16 | MOVQ b+16(FP), DX | ||
17 | |||
18 | MOVQ DX,CX | ||
19 | MOVQ 24(SI),DX | ||
20 | IMUL3Q $19,DX,AX | ||
21 | MOVQ AX,0(SP) | ||
22 | MULQ 16(CX) | ||
23 | MOVQ AX,R8 | ||
24 | MOVQ DX,R9 | ||
25 | MOVQ 32(SI),DX | ||
26 | IMUL3Q $19,DX,AX | ||
27 | MOVQ AX,8(SP) | ||
28 | MULQ 8(CX) | ||
29 | ADDQ AX,R8 | ||
30 | ADCQ DX,R9 | ||
31 | MOVQ 0(SI),AX | ||
32 | MULQ 0(CX) | ||
33 | ADDQ AX,R8 | ||
34 | ADCQ DX,R9 | ||
35 | MOVQ 0(SI),AX | ||
36 | MULQ 8(CX) | ||
37 | MOVQ AX,R10 | ||
38 | MOVQ DX,R11 | ||
39 | MOVQ 0(SI),AX | ||
40 | MULQ 16(CX) | ||
41 | MOVQ AX,R12 | ||
42 | MOVQ DX,R13 | ||
43 | MOVQ 0(SI),AX | ||
44 | MULQ 24(CX) | ||
45 | MOVQ AX,R14 | ||
46 | MOVQ DX,R15 | ||
47 | MOVQ 0(SI),AX | ||
48 | MULQ 32(CX) | ||
49 | MOVQ AX,BX | ||
50 | MOVQ DX,BP | ||
51 | MOVQ 8(SI),AX | ||
52 | MULQ 0(CX) | ||
53 | ADDQ AX,R10 | ||
54 | ADCQ DX,R11 | ||
55 | MOVQ 8(SI),AX | ||
56 | MULQ 8(CX) | ||
57 | ADDQ AX,R12 | ||
58 | ADCQ DX,R13 | ||
59 | MOVQ 8(SI),AX | ||
60 | MULQ 16(CX) | ||
61 | ADDQ AX,R14 | ||
62 | ADCQ DX,R15 | ||
63 | MOVQ 8(SI),AX | ||
64 | MULQ 24(CX) | ||
65 | ADDQ AX,BX | ||
66 | ADCQ DX,BP | ||
67 | MOVQ 8(SI),DX | ||
68 | IMUL3Q $19,DX,AX | ||
69 | MULQ 32(CX) | ||
70 | ADDQ AX,R8 | ||
71 | ADCQ DX,R9 | ||
72 | MOVQ 16(SI),AX | ||
73 | MULQ 0(CX) | ||
74 | ADDQ AX,R12 | ||
75 | ADCQ DX,R13 | ||
76 | MOVQ 16(SI),AX | ||
77 | MULQ 8(CX) | ||
78 | ADDQ AX,R14 | ||
79 | ADCQ DX,R15 | ||
80 | MOVQ 16(SI),AX | ||
81 | MULQ 16(CX) | ||
82 | ADDQ AX,BX | ||
83 | ADCQ DX,BP | ||
84 | MOVQ 16(SI),DX | ||
85 | IMUL3Q $19,DX,AX | ||
86 | MULQ 24(CX) | ||
87 | ADDQ AX,R8 | ||
88 | ADCQ DX,R9 | ||
89 | MOVQ 16(SI),DX | ||
90 | IMUL3Q $19,DX,AX | ||
91 | MULQ 32(CX) | ||
92 | ADDQ AX,R10 | ||
93 | ADCQ DX,R11 | ||
94 | MOVQ 24(SI),AX | ||
95 | MULQ 0(CX) | ||
96 | ADDQ AX,R14 | ||
97 | ADCQ DX,R15 | ||
98 | MOVQ 24(SI),AX | ||
99 | MULQ 8(CX) | ||
100 | ADDQ AX,BX | ||
101 | ADCQ DX,BP | ||
102 | MOVQ 0(SP),AX | ||
103 | MULQ 24(CX) | ||
104 | ADDQ AX,R10 | ||
105 | ADCQ DX,R11 | ||
106 | MOVQ 0(SP),AX | ||
107 | MULQ 32(CX) | ||
108 | ADDQ AX,R12 | ||
109 | ADCQ DX,R13 | ||
110 | MOVQ 32(SI),AX | ||
111 | MULQ 0(CX) | ||
112 | ADDQ AX,BX | ||
113 | ADCQ DX,BP | ||
114 | MOVQ 8(SP),AX | ||
115 | MULQ 16(CX) | ||
116 | ADDQ AX,R10 | ||
117 | ADCQ DX,R11 | ||
118 | MOVQ 8(SP),AX | ||
119 | MULQ 24(CX) | ||
120 | ADDQ AX,R12 | ||
121 | ADCQ DX,R13 | ||
122 | MOVQ 8(SP),AX | ||
123 | MULQ 32(CX) | ||
124 | ADDQ AX,R14 | ||
125 | ADCQ DX,R15 | ||
126 | MOVQ $REDMASK51,SI | ||
127 | SHLQ $13,R9:R8 | ||
128 | ANDQ SI,R8 | ||
129 | SHLQ $13,R11:R10 | ||
130 | ANDQ SI,R10 | ||
131 | ADDQ R9,R10 | ||
132 | SHLQ $13,R13:R12 | ||
133 | ANDQ SI,R12 | ||
134 | ADDQ R11,R12 | ||
135 | SHLQ $13,R15:R14 | ||
136 | ANDQ SI,R14 | ||
137 | ADDQ R13,R14 | ||
138 | SHLQ $13,BP:BX | ||
139 | ANDQ SI,BX | ||
140 | ADDQ R15,BX | ||
141 | IMUL3Q $19,BP,DX | ||
142 | ADDQ DX,R8 | ||
143 | MOVQ R8,DX | ||
144 | SHRQ $51,DX | ||
145 | ADDQ R10,DX | ||
146 | MOVQ DX,CX | ||
147 | SHRQ $51,DX | ||
148 | ANDQ SI,R8 | ||
149 | ADDQ R12,DX | ||
150 | MOVQ DX,R9 | ||
151 | SHRQ $51,DX | ||
152 | ANDQ SI,CX | ||
153 | ADDQ R14,DX | ||
154 | MOVQ DX,AX | ||
155 | SHRQ $51,DX | ||
156 | ANDQ SI,R9 | ||
157 | ADDQ BX,DX | ||
158 | MOVQ DX,R10 | ||
159 | SHRQ $51,DX | ||
160 | ANDQ SI,AX | ||
161 | IMUL3Q $19,DX,DX | ||
162 | ADDQ DX,R8 | ||
163 | ANDQ SI,R10 | ||
164 | MOVQ R8,0(DI) | ||
165 | MOVQ CX,8(DI) | ||
166 | MOVQ R9,16(DI) | ||
167 | MOVQ AX,24(DI) | ||
168 | MOVQ R10,32(DI) | ||
169 | RET | ||
diff --git a/vendor/golang.org/x/crypto/curve25519/square_amd64.s b/vendor/golang.org/x/crypto/curve25519/square_amd64.s new file mode 100644 index 0000000..4e864a8 --- /dev/null +++ b/vendor/golang.org/x/crypto/curve25519/square_amd64.s | |||
@@ -0,0 +1,132 @@ | |||
1 | // Copyright 2012 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | // This code was translated into a form compatible with 6a from the public | ||
6 | // domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html | ||
7 | |||
8 | // +build amd64,!gccgo,!appengine | ||
9 | |||
10 | #include "const_amd64.h" | ||
11 | |||
12 | // func square(out, in *[5]uint64) | ||
13 | TEXT ·square(SB),7,$0-16 | ||
14 | MOVQ out+0(FP), DI | ||
15 | MOVQ in+8(FP), SI | ||
16 | |||
17 | MOVQ 0(SI),AX | ||
18 | MULQ 0(SI) | ||
19 | MOVQ AX,CX | ||
20 | MOVQ DX,R8 | ||
21 | MOVQ 0(SI),AX | ||
22 | SHLQ $1,AX | ||
23 | MULQ 8(SI) | ||
24 | MOVQ AX,R9 | ||
25 | MOVQ DX,R10 | ||
26 | MOVQ 0(SI),AX | ||
27 | SHLQ $1,AX | ||
28 | MULQ 16(SI) | ||
29 | MOVQ AX,R11 | ||
30 | MOVQ DX,R12 | ||
31 | MOVQ 0(SI),AX | ||
32 | SHLQ $1,AX | ||
33 | MULQ 24(SI) | ||
34 | MOVQ AX,R13 | ||
35 | MOVQ DX,R14 | ||
36 | MOVQ 0(SI),AX | ||
37 | SHLQ $1,AX | ||
38 | MULQ 32(SI) | ||
39 | MOVQ AX,R15 | ||
40 | MOVQ DX,BX | ||
41 | MOVQ 8(SI),AX | ||
42 | MULQ 8(SI) | ||
43 | ADDQ AX,R11 | ||
44 | ADCQ DX,R12 | ||
45 | MOVQ 8(SI),AX | ||
46 | SHLQ $1,AX | ||
47 | MULQ 16(SI) | ||
48 | ADDQ AX,R13 | ||
49 | ADCQ DX,R14 | ||
50 | MOVQ 8(SI),AX | ||
51 | SHLQ $1,AX | ||
52 | MULQ 24(SI) | ||
53 | ADDQ AX,R15 | ||
54 | ADCQ DX,BX | ||
55 | MOVQ 8(SI),DX | ||
56 | IMUL3Q $38,DX,AX | ||
57 | MULQ 32(SI) | ||
58 | ADDQ AX,CX | ||
59 | ADCQ DX,R8 | ||
60 | MOVQ 16(SI),AX | ||
61 | MULQ 16(SI) | ||
62 | ADDQ AX,R15 | ||
63 | ADCQ DX,BX | ||
64 | MOVQ 16(SI),DX | ||
65 | IMUL3Q $38,DX,AX | ||
66 | MULQ 24(SI) | ||
67 | ADDQ AX,CX | ||
68 | ADCQ DX,R8 | ||
69 | MOVQ 16(SI),DX | ||
70 | IMUL3Q $38,DX,AX | ||
71 | MULQ 32(SI) | ||
72 | ADDQ AX,R9 | ||
73 | ADCQ DX,R10 | ||
74 | MOVQ 24(SI),DX | ||
75 | IMUL3Q $19,DX,AX | ||
76 | MULQ 24(SI) | ||
77 | ADDQ AX,R9 | ||
78 | ADCQ DX,R10 | ||
79 | MOVQ 24(SI),DX | ||
80 | IMUL3Q $38,DX,AX | ||
81 | MULQ 32(SI) | ||
82 | ADDQ AX,R11 | ||
83 | ADCQ DX,R12 | ||
84 | MOVQ 32(SI),DX | ||
85 | IMUL3Q $19,DX,AX | ||
86 | MULQ 32(SI) | ||
87 | ADDQ AX,R13 | ||
88 | ADCQ DX,R14 | ||
89 | MOVQ $REDMASK51,SI | ||
90 | SHLQ $13,R8:CX | ||
91 | ANDQ SI,CX | ||
92 | SHLQ $13,R10:R9 | ||
93 | ANDQ SI,R9 | ||
94 | ADDQ R8,R9 | ||
95 | SHLQ $13,R12:R11 | ||
96 | ANDQ SI,R11 | ||
97 | ADDQ R10,R11 | ||
98 | SHLQ $13,R14:R13 | ||
99 | ANDQ SI,R13 | ||
100 | ADDQ R12,R13 | ||
101 | SHLQ $13,BX:R15 | ||
102 | ANDQ SI,R15 | ||
103 | ADDQ R14,R15 | ||
104 | IMUL3Q $19,BX,DX | ||
105 | ADDQ DX,CX | ||
106 | MOVQ CX,DX | ||
107 | SHRQ $51,DX | ||
108 | ADDQ R9,DX | ||
109 | ANDQ SI,CX | ||
110 | MOVQ DX,R8 | ||
111 | SHRQ $51,DX | ||
112 | ADDQ R11,DX | ||
113 | ANDQ SI,R8 | ||
114 | MOVQ DX,R9 | ||
115 | SHRQ $51,DX | ||
116 | ADDQ R13,DX | ||
117 | ANDQ SI,R9 | ||
118 | MOVQ DX,AX | ||
119 | SHRQ $51,DX | ||
120 | ADDQ R15,DX | ||
121 | ANDQ SI,AX | ||
122 | MOVQ DX,R10 | ||
123 | SHRQ $51,DX | ||
124 | IMUL3Q $19,DX,DX | ||
125 | ADDQ DX,CX | ||
126 | ANDQ SI,R10 | ||
127 | MOVQ CX,0(DI) | ||
128 | MOVQ R8,8(DI) | ||
129 | MOVQ R9,16(DI) | ||
130 | MOVQ AX,24(DI) | ||
131 | MOVQ R10,32(DI) | ||
132 | RET | ||