aws-crt 0.1.9 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (581) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/auth.h +1 -0
  5. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/aws_imds_client.h +5 -0
  6. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/credentials.h +5 -0
  7. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/aws_signing.h +1 -0
  8. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/credentials_utils.h +2 -0
  9. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/signing_config.h +1 -0
  10. data/aws-crt-ffi/crt/aws-c-auth/source/auth.c +3 -1
  11. data/aws-crt-ffi/crt/aws-c-auth/source/aws_imds_client.c +146 -63
  12. data/aws-crt-ffi/crt/aws-c-auth/source/aws_signing.c +41 -19
  13. data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_imds.c +1 -0
  14. data/aws-crt-ffi/crt/aws-c-auth/source/credentials_utils.c +1 -0
  15. data/aws-crt-ffi/crt/aws-c-auth/source/signable_http_request.c +2 -1
  16. data/aws-crt-ffi/crt/aws-c-auth/source/signing_config.c +25 -0
  17. data/aws-crt-ffi/crt/aws-c-auth/tests/CMakeLists.txt +3 -0
  18. data/aws-crt-ffi/crt/aws-c-auth/tests/aws_imds_client_test.c +197 -31
  19. data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_imds_tests.c +16 -18
  20. data/aws-crt-ffi/crt/aws-c-auth/tests/sigv4_signing_tests.c +3 -1
  21. data/aws-crt-ffi/crt/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h +22 -0
  22. data/aws-crt-ffi/crt/aws-c-cal/source/darwin/commoncrypto_aes.c +46 -17
  23. data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_aes.c +1 -0
  24. data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_platform_init.c +7 -0
  25. data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_rsa.c +59 -2
  26. data/aws-crt-ffi/crt/aws-c-cal/source/unix/opensslcrypto_ecc.c +1 -0
  27. data/aws-crt-ffi/crt/aws-c-common/CMakeLists.txt +13 -1
  28. data/aws-crt-ffi/crt/aws-c-common/THIRD-PARTY-LICENSES.txt +28 -7
  29. data/aws-crt-ffi/crt/aws-c-common/bin/system_info/CMakeLists.txt +18 -0
  30. data/aws-crt-ffi/crt/aws-c-common/bin/system_info/print_system_info.c +48 -0
  31. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/allocator.h +23 -0
  32. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/byte_buf.h +12 -0
  33. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/cross_process_lock.h +35 -0
  34. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/hash_table.h +1 -0
  35. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/priority_queue.h +24 -0
  36. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/private/system_info_priv.h +37 -0
  37. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_info.h +47 -0
  38. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_resource_util.h +30 -0
  39. data/aws-crt-ffi/crt/aws-c-common/include/aws/testing/aws_test_harness.h +3 -2
  40. data/aws-crt-ffi/crt/aws-c-common/source/allocator.c +64 -13
  41. data/aws-crt-ffi/crt/aws-c-common/source/android/logging.c +14 -0
  42. data/aws-crt-ffi/crt/aws-c-common/source/common.c +3 -3
  43. data/aws-crt-ffi/crt/aws-c-common/source/file.c +96 -35
  44. data/aws-crt-ffi/crt/aws-c-common/source/linux/system_info.c +24 -0
  45. data/aws-crt-ffi/crt/aws-c-common/source/memtrace.c +10 -3
  46. data/aws-crt-ffi/crt/aws-c-common/source/platform_fallback_stubs/system_info.c +21 -0
  47. data/aws-crt-ffi/crt/aws-c-common/source/posix/cross_process_lock.c +141 -0
  48. data/aws-crt-ffi/crt/aws-c-common/source/posix/system_info.c +1 -1
  49. data/aws-crt-ffi/crt/aws-c-common/source/posix/system_resource_utils.c +32 -0
  50. data/aws-crt-ffi/crt/aws-c-common/source/priority_queue.c +24 -0
  51. data/aws-crt-ffi/crt/aws-c-common/source/system_info.c +80 -0
  52. data/aws-crt-ffi/crt/aws-c-common/source/task_scheduler.c +2 -2
  53. data/aws-crt-ffi/crt/aws-c-common/source/windows/cross_process_lock.c +93 -0
  54. data/aws-crt-ffi/crt/aws-c-common/source/windows/system_resource_utils.c +31 -0
  55. data/aws-crt-ffi/crt/aws-c-common/tests/CMakeLists.txt +16 -0
  56. data/aws-crt-ffi/crt/aws-c-common/tests/alloc_test.c +83 -22
  57. data/aws-crt-ffi/crt/aws-c-common/tests/cross_process_lock_tests.c +116 -0
  58. data/aws-crt-ffi/crt/aws-c-common/tests/file_test.c +103 -0
  59. data/aws-crt-ffi/crt/aws-c-common/tests/priority_queue_test.c +36 -0
  60. data/aws-crt-ffi/crt/aws-c-common/tests/system_info_tests.c +19 -0
  61. data/aws-crt-ffi/crt/aws-c-common/tests/system_resource_util_test.c +37 -0
  62. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/connection.h +9 -0
  63. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/http.h +1 -0
  64. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_impl.h +5 -4
  65. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_manager_system_vtable.h +10 -18
  66. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/proxy_impl.h +5 -1
  67. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/request_response_impl.h +5 -0
  68. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/request_response.h +10 -0
  69. data/aws-crt-ffi/crt/aws-c-http/source/connection.c +5 -2
  70. data/aws-crt-ffi/crt/aws-c-http/source/connection_manager.c +22 -21
  71. data/aws-crt-ffi/crt/aws-c-http/source/h1_connection.c +102 -17
  72. data/aws-crt-ffi/crt/aws-c-http/source/h1_stream.c +1 -0
  73. data/aws-crt-ffi/crt/aws-c-http/source/http.c +3 -0
  74. data/aws-crt-ffi/crt/aws-c-http/source/proxy_connection.c +2 -2
  75. data/aws-crt-ffi/crt/aws-c-http/tests/CMakeLists.txt +2 -0
  76. data/aws-crt-ffi/crt/aws-c-http/tests/test_connection_manager.c +18 -18
  77. data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_client.c +111 -1
  78. data/aws-crt-ffi/crt/aws-c-http/tests/test_proxy.c +2 -2
  79. data/aws-crt-ffi/crt/aws-c-http/tests/test_stream_manager.c +2 -2
  80. data/aws-crt-ffi/crt/aws-c-io/include/aws/io/retry_strategy.h +1 -1
  81. data/aws-crt-ffi/crt/aws-c-io/source/exponential_backoff_retry_strategy.c +1 -1
  82. data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_tls_op_handler.c +2 -4
  83. data/aws-crt-ffi/crt/aws-lc/CMakeLists.txt +16 -8
  84. data/aws-crt-ffi/crt/aws-lc/cmake/go.cmake +6 -0
  85. data/aws-crt-ffi/crt/aws-lc/crypto/CMakeLists.txt +6 -9
  86. data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_time.c +34 -1
  87. data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_utctm.c +4 -1
  88. data/aws-crt-ffi/crt/aws-lc/crypto/asn1/asn1_test.cc +41 -0
  89. data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_mem.c +6 -7
  90. data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_test.cc +152 -16
  91. data/aws-crt-ffi/crt/aws-lc/crypto/bio/connect.c +6 -12
  92. data/aws-crt-ffi/crt/aws-lc/crypto/bio/fd.c +2 -2
  93. data/aws-crt-ffi/crt/aws-lc/crypto/bio/file.c +20 -8
  94. data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket.c +2 -2
  95. data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket_helper.c +2 -2
  96. data/aws-crt-ffi/crt/aws-lc/crypto/blake2/blake2.c +11 -1
  97. data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbb.c +13 -3
  98. data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbs.c +9 -0
  99. data/aws-crt-ffi/crt/aws-lc/crypto/chacha/asm/chacha-armv8.pl +1 -1
  100. data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha.c +49 -8
  101. data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha_test.cc +110 -0
  102. data/aws-crt-ffi/crt/aws-lc/crypto/chacha/internal.h +8 -1
  103. data/aws-crt-ffi/crt/aws-lc/crypto/compiler_test.cc +4 -1
  104. data/aws-crt-ffi/crt/aws-lc/crypto/conf/conf_test.cc +1 -0
  105. data/aws-crt-ffi/crt/aws-lc/crypto/crypto_test.cc +9 -0
  106. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519.c +189 -108
  107. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519_nohw.c +78 -6
  108. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/ed25519_test.cc +9 -0
  109. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/internal.h +24 -10
  110. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/spake25519.c +4 -4
  111. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/x25519_test.cc +80 -11
  112. data/aws-crt-ffi/crt/aws-lc/crypto/decrepit/evp/evp_do_all.c +2 -0
  113. data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_extra.c +8 -0
  114. data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_test.cc +110 -45
  115. data/aws-crt-ffi/crt/aws-lc/crypto/dsa/dsa_test.cc +8 -2
  116. data/aws-crt-ffi/crt/aws-lc/crypto/dsa/internal.h +18 -0
  117. data/aws-crt-ffi/crt/aws-lc/crypto/dynamic_loading_test.c +8 -5
  118. data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/ec_derive.c +4 -3
  119. data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/hash_to_curve.c +6 -18
  120. data/aws-crt-ffi/crt/aws-lc/crypto/endian_test.cc +308 -0
  121. data/aws-crt-ffi/crt/aws-lc/crypto/err/ssl.errordata +2 -0
  122. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_extra_test.cc +2 -0
  123. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_test.cc +11 -1
  124. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_tests.txt +25 -0
  125. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_ec_asn1.c +1 -1
  126. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_kem.c +2 -2
  127. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_rsa_asn1.c +1 -0
  128. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/print.c +7 -6
  129. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/scrypt.c +13 -1
  130. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/CMakeLists.txt +13 -4
  131. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/aes/aes_nohw.c +18 -6
  132. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bcm.c +12 -4
  133. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_assert_test.cc +77 -0
  134. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_test.cc +30 -0
  135. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bytes.c +112 -22
  136. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/div.c +12 -5
  137. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/exponentiation.c +54 -1
  138. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/gcd.c +5 -6
  139. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/internal.h +37 -15
  140. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery.c +4 -11
  141. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery_inv.c +51 -15
  142. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/cipher/aead.c +2 -2
  143. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digest.c +29 -6
  144. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digests.c +89 -0
  145. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/internal.h +4 -0
  146. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec.c +19 -36
  147. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_key.c +3 -3
  148. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_montgomery.c +9 -7
  149. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_test.cc +33 -9
  150. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/internal.h +17 -12
  151. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p224-64.c +5 -8
  152. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256-nistz.c +8 -8
  153. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256.c +9 -8
  154. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p384.c +33 -16
  155. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p521.c +14 -6
  156. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/scalar.c +26 -24
  157. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/simple_mul.c +8 -5
  158. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/wnaf.c +3 -3
  159. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ecdsa/ecdsa.c +9 -3
  160. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/evp.c +43 -12
  161. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/p_ec.c +4 -3
  162. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/hmac/hmac.c +3 -1
  163. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/modes/xts.c +26 -3
  164. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/cpu_jitter_test.cc +1 -1
  165. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/internal.h +20 -11
  166. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/rand.c +10 -10
  167. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/urandom.c +2 -2
  168. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/internal.h +59 -0
  169. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/padding.c +9 -3
  170. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa.c +7 -0
  171. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa_impl.c +51 -60
  172. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator.c +5 -2
  173. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator_test.cc +205 -5
  174. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha1-armv8.pl +1 -1
  175. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha512-armv8.pl +1 -1
  176. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/internal.h +8 -0
  177. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3.c +37 -15
  178. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3_test.cc +115 -110
  179. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha512.c +55 -1
  180. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sshkdf/sshkdf.c +2 -2
  181. data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_test.cc +12 -0
  182. data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_tests.txt +10 -0
  183. data/aws-crt-ffi/crt/aws-lc/crypto/hrss/asm/poly_rq_mul.S +2 -6
  184. data/aws-crt-ffi/crt/aws-lc/crypto/impl_dispatch_test.cc +9 -1
  185. data/aws-crt-ffi/crt/aws-lc/crypto/internal.h +90 -8
  186. data/aws-crt-ffi/crt/aws-lc/crypto/kem/kem.c +28 -27
  187. data/aws-crt-ffi/crt/aws-lc/crypto/kyber/kem_kyber.h +14 -0
  188. data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_dat.h +52 -2
  189. data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_mac.num +5 -0
  190. data/aws-crt-ffi/crt/aws-lc/crypto/obj/objects.txt +7 -0
  191. data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/arm-xlate.pl +3 -14
  192. data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/ppc-xlate.pl +1 -5
  193. data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86_64-xlate.pl +4 -15
  194. data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86asm.pl +4 -13
  195. data/aws-crt-ffi/crt/aws-lc/crypto/poly1305/poly1305_arm_asm.S +3 -13
  196. data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/deterministic.c +4 -3
  197. data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/fuchsia.c +4 -4
  198. data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/rand_test.cc +0 -63
  199. data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/windows.c +41 -19
  200. data/aws-crt-ffi/crt/aws-lc/crypto/rsa_extra/rsa_test.cc +3 -3
  201. data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash.c +12 -5
  202. data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash_test.cc +5 -5
  203. data/aws-crt-ffi/crt/aws-lc/crypto/stack/stack.c +68 -46
  204. data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/pmbtoken.c +4 -4
  205. data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/voprf.c +2 -2
  206. data/aws-crt-ffi/crt/aws-lc/crypto/x509/by_dir.c +0 -6
  207. data/aws-crt-ffi/crt/aws-lc/crypto/x509/internal.h +4 -1
  208. data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_lu.c +33 -9
  209. data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_test.cc +87 -0
  210. data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_trs.c +1 -1
  211. data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_vfy.c +35 -13
  212. data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_lib.c +2 -0
  213. data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_purp.c +4 -6
  214. data/aws-crt-ffi/crt/aws-lc/generated-src/crypto_test_data.cc +179 -151
  215. data/aws-crt-ffi/crt/aws-lc/generated-src/err_data.c +353 -349
  216. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/chacha/chacha-armv8.S +4 -14
  217. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
  218. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
  219. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
  220. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
  221. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
  222. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
  223. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
  224. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
  225. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
  226. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
  227. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
  228. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
  229. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
  230. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
  231. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
  232. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
  233. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/test/trampoline-armv8.S +4 -14
  234. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/chacha/chacha-armv4.S +3 -13
  235. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
  236. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/armv4-mont.S +3 -13
  237. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
  238. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
  239. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
  240. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
  241. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
  242. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
  243. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
  244. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/test/trampoline-armv4.S +3 -13
  245. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/chacha/chacha-armv8.S +4 -14
  246. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
  247. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
  248. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
  249. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
  250. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
  251. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/bn-armv8.S +3 -13
  252. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +3 -13
  253. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
  254. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
  255. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
  256. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
  257. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
  258. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
  259. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
  260. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
  261. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
  262. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/test/trampoline-armv8.S +3 -13
  263. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/chacha/chacha-armv4.S +3 -13
  264. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
  265. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/armv4-mont.S +3 -13
  266. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
  267. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
  268. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
  269. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
  270. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
  271. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
  272. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
  273. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/test/trampoline-armv4.S +3 -13
  274. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S +1 -5
  275. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S +1 -5
  276. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/test/trampoline-ppc.S +1 -5
  277. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/chacha/chacha-x86.S +3 -12
  278. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/aesni-x86.S +3 -12
  279. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/bn-586.S +4 -13
  280. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/co-586.S +4 -13
  281. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
  282. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-x86.S +3 -12
  283. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/md5-586.S +4 -13
  284. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha1-586.S +4 -13
  285. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha256-586.S +3 -12
  286. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha512-586.S +3 -12
  287. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
  288. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/x86-mont.S +3 -12
  289. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/test/trampoline-x86.S +3 -12
  290. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
  291. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
  292. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
  293. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
  294. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
  295. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
  296. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
  297. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
  298. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
  299. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
  300. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
  301. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
  302. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
  303. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
  304. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
  305. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
  306. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
  307. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
  308. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
  309. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
  310. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
  311. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
  312. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/test/trampoline-x86_64.S +2 -11
  313. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/chacha/chacha-x86.S +3 -12
  314. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/aesni-x86.S +3 -12
  315. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/bn-586.S +3 -12
  316. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/co-586.S +3 -12
  317. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
  318. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-x86.S +3 -12
  319. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/md5-586.S +3 -12
  320. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha1-586.S +3 -12
  321. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha256-586.S +3 -12
  322. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha512-586.S +3 -12
  323. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
  324. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/x86-mont.S +3 -12
  325. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/test/trampoline-x86.S +3 -12
  326. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
  327. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
  328. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
  329. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
  330. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
  331. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
  332. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
  333. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
  334. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
  335. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
  336. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
  337. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
  338. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
  339. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
  340. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
  341. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
  342. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
  343. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
  344. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
  345. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
  346. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
  347. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
  348. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/test/trampoline-x86_64.S +2 -11
  349. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/chacha/chacha-armv8.S +4 -14
  350. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
  351. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
  352. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
  353. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
  354. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
  355. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
  356. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
  357. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
  358. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
  359. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
  360. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
  361. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
  362. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
  363. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
  364. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
  365. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
  366. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/test/trampoline-armv8.S +4 -14
  367. data/aws-crt-ffi/crt/aws-lc/go.mod +4 -4
  368. data/aws-crt-ffi/crt/aws-lc/go.sum +8 -10
  369. data/aws-crt-ffi/crt/aws-lc/include/openssl/aead.h +2 -2
  370. data/aws-crt-ffi/crt/aws-lc/include/openssl/arm_arch.h +4 -119
  371. data/aws-crt-ffi/crt/aws-lc/include/openssl/asm_base.h +185 -0
  372. data/aws-crt-ffi/crt/aws-lc/include/openssl/asn1.h +5 -0
  373. data/aws-crt-ffi/crt/aws-lc/include/openssl/base.h +31 -134
  374. data/aws-crt-ffi/crt/aws-lc/include/openssl/bio.h +30 -18
  375. data/aws-crt-ffi/crt/aws-lc/include/openssl/bn.h +0 -2
  376. data/aws-crt-ffi/crt/aws-lc/include/openssl/chacha.h +6 -0
  377. data/aws-crt-ffi/crt/aws-lc/include/openssl/cipher.h +2 -2
  378. data/aws-crt-ffi/crt/aws-lc/include/openssl/digest.h +9 -6
  379. data/aws-crt-ffi/crt/aws-lc/include/openssl/dsa.h +0 -21
  380. data/aws-crt-ffi/crt/aws-lc/include/openssl/ec.h +1 -1
  381. data/aws-crt-ffi/crt/aws-lc/include/openssl/err.h +1 -1
  382. data/aws-crt-ffi/crt/aws-lc/include/openssl/evp.h +8 -5
  383. data/aws-crt-ffi/crt/aws-lc/include/openssl/nid.h +21 -0
  384. data/aws-crt-ffi/crt/aws-lc/include/openssl/rsa.h +1 -65
  385. data/aws-crt-ffi/crt/aws-lc/include/openssl/sha.h +22 -1
  386. data/aws-crt-ffi/crt/aws-lc/include/openssl/ssl.h +121 -13
  387. data/aws-crt-ffi/crt/aws-lc/include/openssl/stack.h +229 -208
  388. data/aws-crt-ffi/crt/aws-lc/include/openssl/target.h +166 -0
  389. data/aws-crt-ffi/crt/aws-lc/include/openssl/x509.h +30 -10
  390. data/aws-crt-ffi/crt/aws-lc/include/openssl/x509v3.h +6 -4
  391. data/aws-crt-ffi/crt/aws-lc/sources.cmake +2 -0
  392. data/aws-crt-ffi/crt/aws-lc/ssl/extensions.cc +12 -7
  393. data/aws-crt-ffi/crt/aws-lc/ssl/handshake_server.cc +28 -18
  394. data/aws-crt-ffi/crt/aws-lc/ssl/internal.h +41 -6
  395. data/aws-crt-ffi/crt/aws-lc/ssl/s3_both.cc +9 -17
  396. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_cipher.cc +13 -5
  397. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_key_share.cc +542 -2
  398. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_lib.cc +35 -0
  399. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_test.cc +1847 -14
  400. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_x509.cc +128 -0
  401. data/aws-crt-ffi/crt/aws-lc/ssl/test/PORTING.md +10 -7
  402. data/aws-crt-ffi/crt/aws-lc/ssl/test/bssl_shim.cc +133 -77
  403. data/aws-crt-ffi/crt/aws-lc/ssl/test/handshake_util.cc +3 -3
  404. data/aws-crt-ffi/crt/aws-lc/ssl/test/handshaker.cc +4 -0
  405. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_client.go +6 -2
  406. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_messages.go +894 -1042
  407. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_server.go +24 -23
  408. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/prf.go +6 -5
  409. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/runner.go +56 -55
  410. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/shim_dispatcher.go +188 -0
  411. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/ticket.go +37 -39
  412. data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.cc +59 -24
  413. data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.h +3 -2
  414. data/aws-crt-ffi/crt/aws-lc/ssl/tls13_server.cc +10 -11
  415. data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/app.py +4 -4
  416. data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/{aws_lc_mac_arm_ci_stack.py → aws_lc_ec2_test_framework_ci_stack.py} +13 -29
  417. data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml +43 -0
  418. data/aws-crt-ffi/crt/aws-lc/tests/ci/common_posix_setup.sh +10 -0
  419. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/amazonlinux-2023_base/Dockerfile +5 -1
  420. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/ubuntu-22.04_base/Dockerfile +19 -3
  421. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/amazonlinux-2_gcc-7x-intel-sde/Dockerfile +5 -4
  422. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/build_images.sh +1 -0
  423. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/push_images.sh +2 -1
  424. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-20.04_clang-10x_formal-verification/create_image.sh +1 -1
  425. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile +1 -0
  426. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_clang-14x-sde/Dockerfile +42 -0
  427. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/vs2017/Dockerfile +14 -0
  428. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/windows_base/Dockerfile +3 -0
  429. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/README.md +12 -0
  430. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/nginx_patch/aws-lc-nginx.patch +68 -23
  431. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_crt_integration.sh +27 -0
  432. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_monit_integration.sh +56 -0
  433. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/sslproxy_patch/aws-lc-sslproxy.patch +2 -2
  434. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_ec2_test_framework.sh +135 -0
  435. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_fips_tests.sh +14 -2
  436. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde.sh +4 -1
  437. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde_asan.sh +14 -0
  438. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_windows_tests.bat +39 -3
  439. data/aws-crt-ffi/crt/aws-lc/third_party/fiat/README.md +21 -6
  440. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519.S +284 -0
  441. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519_alt.S +210 -0
  442. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_mod_n25519.S +186 -0
  443. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_neg_p25519.S +65 -0
  444. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519.S +1043 -352
  445. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_alt.S +1043 -352
  446. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte.S +1043 -352
  447. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte_alt.S +1043 -352
  448. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base.S +1042 -352
  449. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_alt.S +1042 -352
  450. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte.S +1042 -352
  451. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte_alt.S +1043 -354
  452. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode.S +700 -0
  453. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode_alt.S +563 -0
  454. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_encode.S +131 -0
  455. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase.S +9626 -0
  456. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase_alt.S +9468 -0
  457. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble.S +3157 -0
  458. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble_alt.S +2941 -0
  459. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p384/Makefile +1 -1
  460. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p521/Makefile +1 -1
  461. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/include/s2n-bignum_aws-lc.h +34 -0
  462. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519.S +219 -0
  463. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519_alt.S +245 -0
  464. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_mod_n25519.S +228 -0
  465. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_neg_p25519.S +86 -0
  466. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519.S +1350 -407
  467. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519_alt.S +1350 -407
  468. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base.S +1344 -400
  469. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base_alt.S +1348 -402
  470. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode.S +670 -0
  471. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode_alt.S +751 -0
  472. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_encode.S +81 -0
  473. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase.S +9910 -0
  474. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase_alt.S +9986 -0
  475. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble.S +3619 -0
  476. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble_alt.S +3736 -0
  477. data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.json +1978 -0
  478. data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.txt +1403 -0
  479. data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.json +1993 -0
  480. data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.txt +1416 -0
  481. data/aws-crt-ffi/crt/aws-lc/tool/digest.cc +4 -0
  482. data/aws-crt-ffi/crt/aws-lc/tool/internal.h +1 -0
  483. data/aws-crt-ffi/crt/aws-lc/tool/speed.cc +53 -6
  484. data/aws-crt-ffi/crt/aws-lc/util/all_tests.go +43 -12
  485. data/aws-crt-ffi/crt/aws-lc/util/all_tests.json +13 -5
  486. data/aws-crt-ffi/crt/aws-lc/util/bot/DEPS +4 -4
  487. data/aws-crt-ffi/crt/aws-lc/util/bot/update_clang.py +8 -2
  488. data/aws-crt-ffi/crt/aws-lc/util/codecov-ci.sh +82 -0
  489. data/aws-crt-ffi/crt/aws-lc/util/convert_wycheproof/convert_wycheproof.go +7 -5
  490. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/ACVP.md +7 -0
  491. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/hash.go +24 -9
  492. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/rsa.go +3 -4
  493. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/subprocess.go +15 -10
  494. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-224.bz2 +0 -0
  495. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHA2-512-224.bz2 +0 -0
  496. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-128.bz2 +0 -0
  497. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-256.bz2 +0 -0
  498. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/sha512-224-tests.json +1 -0
  499. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-128-tests.json +1 -0
  500. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-256-tests.json +1 -0
  501. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/tests.json +1 -0
  502. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-224.bz2 +0 -0
  503. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHA2-512-224.bz2 +0 -0
  504. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-128.bz2 +0 -0
  505. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-256.bz2 +0 -0
  506. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/main.cc +4 -0
  507. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/modulewrapper.cc +144 -1
  508. data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/delocate.go +9 -3
  509. data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/in.s +4 -0
  510. data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/out.s +11 -0
  511. data/aws-crt-ffi/crt/aws-lc/util/fipstools/inject_hash/inject_hash.go +13 -4
  512. data/aws-crt-ffi/crt/aws-lc/util/fipstools/test-break-kat.sh +2 -0
  513. data/aws-crt-ffi/crt/aws-lc/util/testconfig/testconfig.go +2 -1
  514. data/aws-crt-ffi/crt/s2n/api/s2n.h +9 -5
  515. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/handshake.rs +9 -6
  516. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/resumption.rs +14 -14
  517. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/throughput.rs +9 -6
  518. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/harness.rs +106 -102
  519. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/openssl.rs +24 -20
  520. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/rustls.rs +28 -24
  521. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/s2n_tls.rs +52 -50
  522. data/aws-crt-ffi/crt/s2n/bindings/rust/generate/Cargo.toml +1 -0
  523. data/aws-crt-ffi/crt/s2n/bindings/rust/integration/Cargo.toml +3 -0
  524. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/Cargo.toml +2 -2
  525. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/connection.rs +9 -0
  526. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/templates/Cargo.template +2 -1
  527. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/Cargo.toml +2 -2
  528. data/aws-crt-ffi/crt/s2n/tests/cbmc/sources/make_common_datastructures.c +9 -2
  529. data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_client_cert_verify_recv_test.c +1 -1
  530. data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c +1 -1
  531. data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_tls13_cert_verify_recv_test.c +1 -1
  532. data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_version_negotiation.py +4 -4
  533. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_auth_selection_test.c +19 -9
  534. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_auth_handshake_test.c +3 -3
  535. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_cert_verify_test.c +1 -1
  536. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_recv_test.c +1 -1
  537. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_test.c +4 -4
  538. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_signature_algorithms_extension_test.c +4 -5
  539. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_protocol_versions_test.c +390 -0
  540. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c +8 -4
  541. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_handshake_test.c +2 -1
  542. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_quic_support_io_test.c +106 -0
  543. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_security_policies_test.c +6 -2
  544. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_offload_signing_test.c +3 -3
  545. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_session_resumption_test.c +135 -0
  546. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_new_session_ticket_test.c +32 -0
  547. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_signature_algorithms_extension_test.c +1 -1
  548. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_signature_algorithms_test.c +307 -283
  549. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_request_test.c +1 -1
  550. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_verify_test.c +18 -17
  551. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_x509_validator_test.c +125 -0
  552. data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_signature_algorithms.c +8 -1
  553. data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.c +43 -11
  554. data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.h +3 -0
  555. data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_server_signature_algorithms.c +8 -1
  556. data/aws-crt-ffi/crt/s2n/tls/s2n_auth_selection.c +4 -2
  557. data/aws-crt-ffi/crt/s2n/tls/s2n_client_cert_verify.c +7 -10
  558. data/aws-crt-ffi/crt/s2n/tls/s2n_client_hello.c +2 -2
  559. data/aws-crt-ffi/crt/s2n/tls/s2n_connection.c +75 -14
  560. data/aws-crt-ffi/crt/s2n/tls/s2n_handshake.h +2 -2
  561. data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.c +1 -1
  562. data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.h +1 -0
  563. data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.c +29 -0
  564. data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.h +5 -0
  565. data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.c +40 -0
  566. data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.h +4 -0
  567. data/aws-crt-ffi/crt/s2n/tls/s2n_server_cert_request.c +1 -1
  568. data/aws-crt-ffi/crt/s2n/tls/s2n_server_hello.c +0 -3
  569. data/aws-crt-ffi/crt/s2n/tls/s2n_server_key_exchange.c +8 -9
  570. data/aws-crt-ffi/crt/s2n/tls/s2n_server_new_session_ticket.c +8 -0
  571. data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.c +111 -72
  572. data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.h +11 -9
  573. data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.c +9 -0
  574. data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.h +2 -0
  575. data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_certificate_verify.c +12 -18
  576. data/aws-crt-ffi/crt/s2n/tls/s2n_x509_validator.c +7 -7
  577. data/aws-crt-ffi/src/api.h +1 -0
  578. data/lib/aws-crt/native.rb +1 -1
  579. metadata +68 -5
  580. data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml +0 -34
  581. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_m1_ec2_instance.sh +0 -96
data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble_alt.S ADDED
@@ -0,0 +1,2941 @@
1
+ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2
+ // SPDX-License-Identifier: Apache-2.0 OR ISC
3
+
4
+ // ----------------------------------------------------------------------------
5
+ // Double scalar multiplication for edwards25519, fresh and base point
6
+ // Input scalar[4], point[8], bscalar[4]; output res[8]
7
+ //
8
+ // extern void edwards25519_scalarmuldouble_alt
9
+ // (uint64_t res[static 8],uint64_t scalar[static 4],
10
+ // uint64_t point[static 8],uint64_t bscalar[static 4]);
11
+ //
12
+ // Given scalar = n, point = P and bscalar = m, returns in res
13
+ // the point (X,Y) = n * P + m * B where B = (...,4/5) is
14
+ // the standard basepoint for the edwards25519 (Ed25519) curve.
15
+ //
16
+ // Both 256-bit coordinates of the input point P are implicitly
17
+ // reduced modulo 2^255-19 if they are not already in reduced form,
18
+ // but the conventional usage is that they *are* already reduced.
19
+ // The scalars can be arbitrary 256-bit numbers but may also be
20
+ // considered as implicitly reduced modulo the group order.
21
+ //
22
+ // Standard ARM ABI: X0 = res, X1 = scalar, X2 = point, X3 = bscalar
23
+ // ----------------------------------------------------------------------------
24
+ #include "_internal_s2n_bignum.h"
25
+
26
+ S2N_BN_SYM_VISIBILITY_DIRECTIVE(edwards25519_scalarmuldouble_alt)
27
+ S2N_BN_SYM_PRIVACY_DIRECTIVE(edwards25519_scalarmuldouble_alt)
28
+
29
+ .text
30
+ .balign 4
31
+
32
+ // Size of individual field elements
33
+
34
+ #define NUMSIZE 32
35
+
36
+ // Stable home for the input result argument during the whole body
37
+
38
+ #define res x25
39
+
40
+ // Additional pointer variables for local subroutines
41
+
42
+ #define p0 x22
43
+ #define p1 x23
44
+ #define p2 x24
45
+
46
+ // Other variables that are only needed prior to the modular inverse.
47
+
48
+ #define i x19
49
+ #define bf x20
50
+ #define cf x21
51
+
52
+ // Pointer-offset pairs for result and temporaries on stack with some aliasing.
53
+
54
+ #define resx res, #(0*NUMSIZE)
55
+ #define resy res, #(1*NUMSIZE)
56
+
57
+ #define scalar sp, #(0*NUMSIZE)
58
+ #define bscalar sp, #(1*NUMSIZE)
59
+
60
+ #define btabent sp, #(2*NUMSIZE)
61
+ #define acc sp, #(5*NUMSIZE)
62
+ #define acc_x sp, #(5*NUMSIZE)
63
+ #define acc_y sp, #(6*NUMSIZE)
64
+ #define acc_z sp, #(7*NUMSIZE)
65
+ #define acc_w sp, #(8*NUMSIZE)
66
+
67
+ #define tabent sp, #(9*NUMSIZE)
68
+
69
+ #define tab sp, #(13*NUMSIZE)
70
+
71
+ // Total size to reserve on the stack (excluding local subroutines)
72
+
73
+ #define NSPACE (45*NUMSIZE)
74
+
75
+ // Sub-references used in local subroutines with local stack
76
+
77
+ #define x_0 p0, #0
78
+ #define y_0 p0, #NUMSIZE
79
+ #define z_0 p0, #(2*NUMSIZE)
80
+ #define w_0 p0, #(3*NUMSIZE)
81
+
82
+ #define x_1 p1, #0
83
+ #define y_1 p1, #NUMSIZE
84
+ #define z_1 p1, #(2*NUMSIZE)
85
+ #define w_1 p1, #(3*NUMSIZE)
86
+
87
+ #define x_2 p2, #0
88
+ #define y_2 p2, #NUMSIZE
89
+ #define z_2 p2, #(2*NUMSIZE)
90
+ #define w_2 p2, #(3*NUMSIZE)
91
+
92
+ #define t0 sp, #(0*NUMSIZE)
93
+ #define t1 sp, #(1*NUMSIZE)
94
+ #define t2 sp, #(2*NUMSIZE)
95
+ #define t3 sp, #(3*NUMSIZE)
96
+ #define t4 sp, #(4*NUMSIZE)
97
+ #define t5 sp, #(5*NUMSIZE)
98
+
99
+ // Load 64-bit immediate into a register
100
+
101
+ #define movbig(nn,n3,n2,n1,n0) \
102
+ movz nn, n0; \
103
+ movk nn, n1, lsl #16; \
104
+ movk nn, n2, lsl #32; \
105
+ movk nn, n3, lsl #48
106
+
107
+ // Macro wrapping up the basic field operation bignum_mul_p25519_alt, only
108
+ // trivially different from a pure function call to that subroutine.
109
+
110
+ #define mul_p25519(P0,P1,P2) \
111
+ ldp x3, x4, [P1]; \
112
+ ldp x7, x8, [P2]; \
113
+ mul x12, x3, x7; \
114
+ umulh x13, x3, x7; \
115
+ mul x11, x3, x8; \
116
+ umulh x14, x3, x8; \
117
+ adds x13, x13, x11; \
118
+ ldp x9, x10, [P2+16]; \
119
+ mul x11, x3, x9; \
120
+ umulh x15, x3, x9; \
121
+ adcs x14, x14, x11; \
122
+ mul x11, x3, x10; \
123
+ umulh x16, x3, x10; \
124
+ adcs x15, x15, x11; \
125
+ adc x16, x16, xzr; \
126
+ ldp x5, x6, [P1+16]; \
127
+ mul x11, x4, x7; \
128
+ adds x13, x13, x11; \
129
+ mul x11, x4, x8; \
130
+ adcs x14, x14, x11; \
131
+ mul x11, x4, x9; \
132
+ adcs x15, x15, x11; \
133
+ mul x11, x4, x10; \
134
+ adcs x16, x16, x11; \
135
+ umulh x3, x4, x10; \
136
+ adc x3, x3, xzr; \
137
+ umulh x11, x4, x7; \
138
+ adds x14, x14, x11; \
139
+ umulh x11, x4, x8; \
140
+ adcs x15, x15, x11; \
141
+ umulh x11, x4, x9; \
142
+ adcs x16, x16, x11; \
143
+ adc x3, x3, xzr; \
144
+ mul x11, x5, x7; \
145
+ adds x14, x14, x11; \
146
+ mul x11, x5, x8; \
147
+ adcs x15, x15, x11; \
148
+ mul x11, x5, x9; \
149
+ adcs x16, x16, x11; \
150
+ mul x11, x5, x10; \
151
+ adcs x3, x3, x11; \
152
+ umulh x4, x5, x10; \
153
+ adc x4, x4, xzr; \
154
+ umulh x11, x5, x7; \
155
+ adds x15, x15, x11; \
156
+ umulh x11, x5, x8; \
157
+ adcs x16, x16, x11; \
158
+ umulh x11, x5, x9; \
159
+ adcs x3, x3, x11; \
160
+ adc x4, x4, xzr; \
161
+ mul x11, x6, x7; \
162
+ adds x15, x15, x11; \
163
+ mul x11, x6, x8; \
164
+ adcs x16, x16, x11; \
165
+ mul x11, x6, x9; \
166
+ adcs x3, x3, x11; \
167
+ mul x11, x6, x10; \
168
+ adcs x4, x4, x11; \
169
+ umulh x5, x6, x10; \
170
+ adc x5, x5, xzr; \
171
+ umulh x11, x6, x7; \
172
+ adds x16, x16, x11; \
173
+ umulh x11, x6, x8; \
174
+ adcs x3, x3, x11; \
175
+ umulh x11, x6, x9; \
176
+ adcs x4, x4, x11; \
177
+ adc x5, x5, xzr; \
178
+ mov x7, #0x26; \
179
+ mul x11, x7, x16; \
180
+ umulh x9, x7, x16; \
181
+ adds x12, x12, x11; \
182
+ mul x11, x7, x3; \
183
+ umulh x3, x7, x3; \
184
+ adcs x13, x13, x11; \
185
+ mul x11, x7, x4; \
186
+ umulh x4, x7, x4; \
187
+ adcs x14, x14, x11; \
188
+ mul x11, x7, x5; \
189
+ umulh x5, x7, x5; \
190
+ adcs x15, x15, x11; \
191
+ cset x16, cs; \
192
+ adds x15, x15, x4; \
193
+ adc x16, x16, x5; \
194
+ cmn x15, x15; \
195
+ orr x15, x15, #0x8000000000000000; \
196
+ adc x8, x16, x16; \
197
+ mov x7, #0x13; \
198
+ madd x11, x7, x8, x7; \
199
+ adds x12, x12, x11; \
200
+ adcs x13, x13, x9; \
201
+ adcs x14, x14, x3; \
202
+ adcs x15, x15, xzr; \
203
+ csel x7, x7, xzr, cc; \
204
+ subs x12, x12, x7; \
205
+ sbcs x13, x13, xzr; \
206
+ sbcs x14, x14, xzr; \
207
+ sbc x15, x15, xzr; \
208
+ and x15, x15, #0x7fffffffffffffff; \
209
+ stp x12, x13, [P0]; \
210
+ stp x14, x15, [P0+16]
211
+
212
+ // A version of multiplication that only guarantees output < 2 * p_25519.
213
+ // This basically skips the +1 and final correction in quotient estimation.
214
+
215
+ #define mul_4(P0,P1,P2) \
216
+ ldp x3, x4, [P1]; \
217
+ ldp x7, x8, [P2]; \
218
+ mul x12, x3, x7; \
219
+ umulh x13, x3, x7; \
220
+ mul x11, x3, x8; \
221
+ umulh x14, x3, x8; \
222
+ adds x13, x13, x11; \
223
+ ldp x9, x10, [P2+16]; \
224
+ mul x11, x3, x9; \
225
+ umulh x15, x3, x9; \
226
+ adcs x14, x14, x11; \
227
+ mul x11, x3, x10; \
228
+ umulh x16, x3, x10; \
229
+ adcs x15, x15, x11; \
230
+ adc x16, x16, xzr; \
231
+ ldp x5, x6, [P1+16]; \
232
+ mul x11, x4, x7; \
233
+ adds x13, x13, x11; \
234
+ mul x11, x4, x8; \
235
+ adcs x14, x14, x11; \
236
+ mul x11, x4, x9; \
237
+ adcs x15, x15, x11; \
238
+ mul x11, x4, x10; \
239
+ adcs x16, x16, x11; \
240
+ umulh x3, x4, x10; \
241
+ adc x3, x3, xzr; \
242
+ umulh x11, x4, x7; \
243
+ adds x14, x14, x11; \
244
+ umulh x11, x4, x8; \
245
+ adcs x15, x15, x11; \
246
+ umulh x11, x4, x9; \
247
+ adcs x16, x16, x11; \
248
+ adc x3, x3, xzr; \
249
+ mul x11, x5, x7; \
250
+ adds x14, x14, x11; \
251
+ mul x11, x5, x8; \
252
+ adcs x15, x15, x11; \
253
+ mul x11, x5, x9; \
254
+ adcs x16, x16, x11; \
255
+ mul x11, x5, x10; \
256
+ adcs x3, x3, x11; \
257
+ umulh x4, x5, x10; \
258
+ adc x4, x4, xzr; \
259
+ umulh x11, x5, x7; \
260
+ adds x15, x15, x11; \
261
+ umulh x11, x5, x8; \
262
+ adcs x16, x16, x11; \
263
+ umulh x11, x5, x9; \
264
+ adcs x3, x3, x11; \
265
+ adc x4, x4, xzr; \
266
+ mul x11, x6, x7; \
267
+ adds x15, x15, x11; \
268
+ mul x11, x6, x8; \
269
+ adcs x16, x16, x11; \
270
+ mul x11, x6, x9; \
271
+ adcs x3, x3, x11; \
272
+ mul x11, x6, x10; \
273
+ adcs x4, x4, x11; \
274
+ umulh x5, x6, x10; \
275
+ adc x5, x5, xzr; \
276
+ umulh x11, x6, x7; \
277
+ adds x16, x16, x11; \
278
+ umulh x11, x6, x8; \
279
+ adcs x3, x3, x11; \
280
+ umulh x11, x6, x9; \
281
+ adcs x4, x4, x11; \
282
+ adc x5, x5, xzr; \
283
+ mov x7, #0x26; \
284
+ mul x11, x7, x16; \
285
+ umulh x9, x7, x16; \
286
+ adds x12, x12, x11; \
287
+ mul x11, x7, x3; \
288
+ umulh x3, x7, x3; \
289
+ adcs x13, x13, x11; \
290
+ mul x11, x7, x4; \
291
+ umulh x4, x7, x4; \
292
+ adcs x14, x14, x11; \
293
+ mul x11, x7, x5; \
294
+ umulh x5, x7, x5; \
295
+ adcs x15, x15, x11; \
296
+ cset x16, cs; \
297
+ adds x15, x15, x4; \
298
+ adc x16, x16, x5; \
299
+ cmn x15, x15; \
300
+ bic x15, x15, #0x8000000000000000; \
301
+ adc x8, x16, x16; \
302
+ mov x7, #0x13; \
303
+ mul x11, x7, x8; \
304
+ adds x12, x12, x11; \
305
+ adcs x13, x13, x9; \
306
+ adcs x14, x14, x3; \
307
+ adc x15, x15, xzr; \
308
+ stp x12, x13, [P0]; \
309
+ stp x14, x15, [P0+16]
310
+
311
+ // Squaring just giving a result < 2 * p_25519, which is done by
312
+ // basically skipping the +1 in the quotient estimate and the final
313
+ // optional correction.
314
+
315
+ #define sqr_4(P0,P1) \
316
+ ldp x2, x3, [P1]; \
317
+ mul x9, x2, x3; \
318
+ umulh x10, x2, x3; \
319
+ ldp x4, x5, [P1+16]; \
320
+ mul x11, x2, x5; \
321
+ umulh x12, x2, x5; \
322
+ mul x7, x2, x4; \
323
+ umulh x6, x2, x4; \
324
+ adds x10, x10, x7; \
325
+ adcs x11, x11, x6; \
326
+ mul x7, x3, x4; \
327
+ umulh x6, x3, x4; \
328
+ adc x6, x6, xzr; \
329
+ adds x11, x11, x7; \
330
+ mul x13, x4, x5; \
331
+ umulh x14, x4, x5; \
332
+ adcs x12, x12, x6; \
333
+ mul x7, x3, x5; \
334
+ umulh x6, x3, x5; \
335
+ adc x6, x6, xzr; \
336
+ adds x12, x12, x7; \
337
+ adcs x13, x13, x6; \
338
+ adc x14, x14, xzr; \
339
+ adds x9, x9, x9; \
340
+ adcs x10, x10, x10; \
341
+ adcs x11, x11, x11; \
342
+ adcs x12, x12, x12; \
343
+ adcs x13, x13, x13; \
344
+ adcs x14, x14, x14; \
345
+ cset x6, cs; \
346
+ umulh x7, x2, x2; \
347
+ mul x8, x2, x2; \
348
+ adds x9, x9, x7; \
349
+ mul x7, x3, x3; \
350
+ adcs x10, x10, x7; \
351
+ umulh x7, x3, x3; \
352
+ adcs x11, x11, x7; \
353
+ mul x7, x4, x4; \
354
+ adcs x12, x12, x7; \
355
+ umulh x7, x4, x4; \
356
+ adcs x13, x13, x7; \
357
+ mul x7, x5, x5; \
358
+ adcs x14, x14, x7; \
359
+ umulh x7, x5, x5; \
360
+ adc x6, x6, x7; \
361
+ mov x3, #0x26; \
362
+ mul x7, x3, x12; \
363
+ umulh x4, x3, x12; \
364
+ adds x8, x8, x7; \
365
+ mul x7, x3, x13; \
366
+ umulh x13, x3, x13; \
367
+ adcs x9, x9, x7; \
368
+ mul x7, x3, x14; \
369
+ umulh x14, x3, x14; \
370
+ adcs x10, x10, x7; \
371
+ mul x7, x3, x6; \
372
+ umulh x6, x3, x6; \
373
+ adcs x11, x11, x7; \
374
+ cset x12, cs; \
375
+ adds x11, x11, x14; \
376
+ adc x12, x12, x6; \
377
+ cmn x11, x11; \
378
+ bic x11, x11, #0x8000000000000000; \
379
+ adc x2, x12, x12; \
380
+ mov x3, #0x13; \
381
+ mul x7, x3, x2; \
382
+ adds x8, x8, x7; \
383
+ adcs x9, x9, x4; \
384
+ adcs x10, x10, x13; \
385
+ adc x11, x11, xzr; \
386
+ stp x8, x9, [P0]; \
387
+ stp x10, x11, [P0+16]
388
+
389
+ // Modular subtraction with double modulus 2 * p_25519 = 2^256 - 38
390
+
391
+ #define sub_twice4(P0,P1,P2) \
392
+ ldp x5, x6, [P1]; \
393
+ ldp x4, x3, [P2]; \
394
+ subs x5, x5, x4; \
395
+ sbcs x6, x6, x3; \
396
+ ldp x7, x8, [P1+16]; \
397
+ ldp x4, x3, [P2+16]; \
398
+ sbcs x7, x7, x4; \
399
+ sbcs x8, x8, x3; \
400
+ mov x4, #38; \
401
+ csel x3, x4, xzr, lo; \
402
+ subs x5, x5, x3; \
403
+ sbcs x6, x6, xzr; \
404
+ sbcs x7, x7, xzr; \
405
+ sbc x8, x8, xzr; \
406
+ stp x5, x6, [P0]; \
407
+ stp x7, x8, [P0+16]
408
+
409
+ // Modular addition and doubling with double modulus 2 * p_25519 = 2^256 - 38.
410
+ // This only ensures that the result fits in 4 digits, not that it is reduced
411
+ // even w.r.t. double modulus. The result is always correct modulo provided
412
+ // the sum of the inputs is < 2^256 + 2^256 - 38, so in particular provided
413
+ // at least one of them is reduced double modulo.
414
+
415
+ #define add_twice4(P0,P1,P2) \
416
+ ldp x3, x4, [P1]; \
417
+ ldp x7, x8, [P2]; \
418
+ adds x3, x3, x7; \
419
+ adcs x4, x4, x8; \
420
+ ldp x5, x6, [P1+16]; \
421
+ ldp x7, x8, [P2+16]; \
422
+ adcs x5, x5, x7; \
423
+ adcs x6, x6, x8; \
424
+ mov x9, #38; \
425
+ csel x9, x9, xzr, cs; \
426
+ adds x3, x3, x9; \
427
+ adcs x4, x4, xzr; \
428
+ adcs x5, x5, xzr; \
429
+ adc x6, x6, xzr; \
430
+ stp x3, x4, [P0]; \
431
+ stp x5, x6, [P0+16]
432
+
433
+ #define double_twice4(P0,P1) \
434
+ ldp x3, x4, [P1]; \
435
+ adds x3, x3, x3; \
436
+ adcs x4, x4, x4; \
437
+ ldp x5, x6, [P1+16]; \
438
+ adcs x5, x5, x5; \
439
+ adcs x6, x6, x6; \
440
+ mov x9, #38; \
441
+ csel x9, x9, xzr, cs; \
442
+ adds x3, x3, x9; \
443
+ adcs x4, x4, xzr; \
444
+ adcs x5, x5, xzr; \
445
+ adc x6, x6, xzr; \
446
+ stp x3, x4, [P0]; \
447
+ stp x5, x6, [P0+16]
448
+
449
+ // Load the constant k_25519 = 2 * d_25519 using immediate operations
450
+
451
+ #define load_k25519(P0) \
452
+ movz x0, #0xf159; \
453
+ movz x1, #0xb156; \
454
+ movz x2, #0xd130; \
455
+ movz x3, #0xfce7; \
456
+ movk x0, #0x26b2, lsl #16; \
457
+ movk x1, #0x8283, lsl #16; \
458
+ movk x2, #0xeef3, lsl #16; \
459
+ movk x3, #0x56df, lsl #16; \
460
+ movk x0, #0x9b94, lsl #32; \
461
+ movk x1, #0x149a, lsl #32; \
462
+ movk x2, #0x80f2, lsl #32; \
463
+ movk x3, #0xd9dc, lsl #32; \
464
+ movk x0, #0xebd6, lsl #48; \
465
+ movk x1, #0x00e0, lsl #48; \
466
+ movk x2, #0x198e, lsl #48; \
467
+ movk x3, #0x2406, lsl #48; \
468
+ stp x0, x1, [P0]; \
469
+ stp x2, x3, [P0+16]
470
+
471
+ S2N_BN_SYMBOL(edwards25519_scalarmuldouble_alt):
472
+
473
+ // Save regs and make room for temporaries
474
+
475
+ stp x19, x20, [sp, -16]!
476
+ stp x21, x22, [sp, -16]!
477
+ stp x23, x24, [sp, -16]!
478
+ stp x25, x30, [sp, -16]!
479
+ sub sp, sp, #NSPACE
480
+
481
+ // Move the output pointer to a stable place
482
+
483
+ mov res, x0
484
+
485
+ // Copy scalars while recoding all 4-bit nybbles except the top
486
+ // one (bits 252..255) into signed 4-bit digits. This is essentially
487
+ // done just by adding the recoding constant 0x0888..888, after
488
+ // which all digits except the first have an implicit bias of -8,
489
+ // so 0 -> -8, 1 -> -7, ... 7 -> -1, 8 -> 0, 9 -> 1, ... 15 -> 7.
490
+ // (We could literally create 2s complement signed nybbles by
491
+ // XORing with the same constant 0x0888..888 afterwards, but it
492
+ // doesn't seem to make the end usage any simpler.)
493
+ //
494
+ // In order to ensure that the unrecoded top nybble (bits 252..255)
495
+ // does not become > 8 as a result of carries lower down from the
496
+ // recoding, we first (conceptually) subtract the group order iff
497
+ // the top digit of the scalar is > 2^63. In the implementation the
498
+ // reduction and recoding are combined by optionally using the
499
+ // modified recoding constant 0x0888...888 + (2^256 - group_order).
500
+
501
+ movbig(x4,#0xc7f5, #0x6fb5, #0xa0d9, #0xe920)
502
+ movbig(x5,#0xe190, #0xb993, #0x70cb, #0xa1d5)
503
+ mov x7, #0x8888888888888888
504
+ sub x6, x7, #1
505
+ bic x8, x7, #0xF000000000000000
506
+
507
+ ldp x10, x11, [x3]
508
+ ldp x12, x13, [x3, #16]
509
+ mov x3, 0x8000000000000000
510
+ cmp x3, x13
511
+ csel x14, x7, x4, cs
512
+ csel x15, x7, x5, cs
513
+ csel x16, x7, x6, cs
514
+ csel x17, x8, x7, cs
515
+ adds x10, x10, x14
516
+ adcs x11, x11, x15
517
+ adcs x12, x12, x16
518
+ adc x13, x13, x17
519
+ stp x10, x11, [bscalar]
520
+ stp x12, x13, [bscalar+16]
521
+
522
+ ldp x10, x11, [x1]
523
+ ldp x12, x13, [x1, #16]
524
+ mov x3, 0x8000000000000000
525
+ cmp x3, x13
526
+ csel x14, x7, x4, cs
527
+ csel x15, x7, x5, cs
528
+ csel x16, x7, x6, cs
529
+ csel x17, x8, x7, cs
530
+ adds x10, x10, x14
531
+ adcs x11, x11, x15
532
+ adcs x12, x12, x16
533
+ adc x13, x13, x17
534
+ stp x10, x11, [scalar]
535
+ stp x12, x13, [scalar+16]
536
+
537
+ // Create table of multiples 1..8 of the general input point at "tab".
538
+ // Reduce the input coordinates x and y modulo 2^256 - 38 first, for the
539
+ // sake of definiteness; this is the reduction that will be maintained.
540
+ // We could slightly optimize the additions because we know the input
541
+ // point is affine (so Z = 1), but it doesn't seem worth the complication.
542
+
543
+ ldp x10, x11, [x2]
544
+ ldp x12, x13, [x2, #16]
545
+ adds x14, x10, #38
546
+ adcs x15, x11, xzr
547
+ adcs x16, x12, xzr
548
+ adcs x17, x13, xzr
549
+ csel x10, x14, x10, cs
550
+ csel x11, x15, x11, cs
551
+ csel x12, x16, x12, cs
552
+ csel x13, x17, x13, cs
553
+ stp x10, x11, [tab]
554
+ stp x12, x13, [tab+16]
555
+
556
+ ldp x10, x11, [x2, #32]
557
+ ldp x12, x13, [x2, #48]
558
+ adds x14, x10, #38
559
+ adcs x15, x11, xzr
560
+ adcs x16, x12, xzr
561
+ adcs x17, x13, xzr
562
+ csel x10, x14, x10, cs
563
+ csel x11, x15, x11, cs
564
+ csel x12, x16, x12, cs
565
+ csel x13, x17, x13, cs
566
+ stp x10, x11, [tab+32]
567
+ stp x12, x13, [tab+48]
568
+
569
+ mov x1, #1
570
+ stp x1, xzr, [tab+64]
571
+ stp xzr, xzr, [tab+80]
572
+
573
+ add p0, tab+96
574
+ add p1, tab
575
+ add p2, tab+32
576
+ mul_4(x_0,x_1,x_2)
577
+
578
+ // Multiple 2
579
+
580
+ add p0, tab+1*128
581
+ add p1, tab
582
+ bl edwards25519_scalarmuldouble_alt_epdouble
583
+
584
+ // Multiple 3
585
+
586
+ add p0, tab+2*128
587
+ add p1, tab
588
+ add p2, tab+1*128
589
+ bl edwards25519_scalarmuldouble_alt_epadd
590
+
591
+ // Multiple 4
592
+
593
+ add p0, tab+3*128
594
+ add p1, tab+1*128
595
+ bl edwards25519_scalarmuldouble_alt_epdouble
596
+
597
+ // Multiple 5
598
+
599
+ add p0, tab+4*128
600
+ add p1, tab
601
+ add p2, tab+3*128
602
+ bl edwards25519_scalarmuldouble_alt_epadd
603
+
604
+ // Multiple 6
605
+
606
+ add p0, tab+5*128
607
+ add p1, tab+2*128
608
+ bl edwards25519_scalarmuldouble_alt_epdouble
609
+
610
+ // Multiple 7
611
+
612
+ add p0, tab+6*128
613
+ add p1, tab
614
+ add p2, tab+5*128
615
+ bl edwards25519_scalarmuldouble_alt_epadd
616
+
617
+ // Multiple 8
618
+
619
+ add p0, tab+7*128
620
+ add p1, tab+3*128
621
+ bl edwards25519_scalarmuldouble_alt_epdouble
622
+
623
+ // Handle the initialization, starting the loop counter at i = 252
624
+ // and initializing acc to the sum of the table entries for the
625
+ // top nybbles of the scalars (the ones with no implicit -8 bias).
626
+
627
+ mov i, #252
628
+
629
+ // Index for btable entry...
630
+
631
+ ldr x0, [bscalar+24]
632
+ lsr bf, x0, #60
633
+
634
+ // ...and constant-time indexing based on that index
635
+
636
+ adr x14, edwards25519_scalarmuldouble_alt_table
637
+
638
+ mov x0, #1
639
+ mov x1, xzr
640
+ mov x2, xzr
641
+ mov x3, xzr
642
+ mov x4, #1
643
+ mov x5, xzr
644
+ mov x6, xzr
645
+ mov x7, xzr
646
+ mov x8, xzr
647
+ mov x9, xzr
648
+ mov x10, xzr
649
+ mov x11, xzr
650
+
651
+ cmp bf, #1
652
+ ldp x12, x13, [x14]
653
+ csel x0, x0, x12, ne
654
+ csel x1, x1, x13, ne
655
+ ldp x12, x13, [x14, #16]
656
+ csel x2, x2, x12, ne
657
+ csel x3, x3, x13, ne
658
+ ldp x12, x13, [x14, #32]
659
+ csel x4, x4, x12, ne
660
+ csel x5, x5, x13, ne
661
+ ldp x12, x13, [x14, #48]
662
+ csel x6, x6, x12, ne
663
+ csel x7, x7, x13, ne
664
+ ldp x12, x13, [x14, #64]
665
+ csel x8, x8, x12, ne
666
+ csel x9, x9, x13, ne
667
+ ldp x12, x13, [x14, #80]
668
+ csel x10, x10, x12, ne
669
+ csel x11, x11, x13, ne
670
+ add x14, x14, #96
671
+
672
+ cmp bf, #2
673
+ ldp x12, x13, [x14]
674
+ csel x0, x0, x12, ne
675
+ csel x1, x1, x13, ne
676
+ ldp x12, x13, [x14, #16]
677
+ csel x2, x2, x12, ne
678
+ csel x3, x3, x13, ne
679
+ ldp x12, x13, [x14, #32]
680
+ csel x4, x4, x12, ne
681
+ csel x5, x5, x13, ne
682
+ ldp x12, x13, [x14, #48]
683
+ csel x6, x6, x12, ne
684
+ csel x7, x7, x13, ne
685
+ ldp x12, x13, [x14, #64]
686
+ csel x8, x8, x12, ne
687
+ csel x9, x9, x13, ne
688
+ ldp x12, x13, [x14, #80]
689
+ csel x10, x10, x12, ne
690
+ csel x11, x11, x13, ne
691
+ add x14, x14, #96
692
+
693
+ cmp bf, #3
694
+ ldp x12, x13, [x14]
695
+ csel x0, x0, x12, ne
696
+ csel x1, x1, x13, ne
697
+ ldp x12, x13, [x14, #16]
698
+ csel x2, x2, x12, ne
699
+ csel x3, x3, x13, ne
700
+ ldp x12, x13, [x14, #32]
701
+ csel x4, x4, x12, ne
702
+ csel x5, x5, x13, ne
703
+ ldp x12, x13, [x14, #48]
704
+ csel x6, x6, x12, ne
705
+ csel x7, x7, x13, ne
706
+ ldp x12, x13, [x14, #64]
707
+ csel x8, x8, x12, ne
708
+ csel x9, x9, x13, ne
709
+ ldp x12, x13, [x14, #80]
710
+ csel x10, x10, x12, ne
711
+ csel x11, x11, x13, ne
712
+ add x14, x14, #96
713
+
714
+ cmp bf, #4
715
+ ldp x12, x13, [x14]
716
+ csel x0, x0, x12, ne
717
+ csel x1, x1, x13, ne
718
+ ldp x12, x13, [x14, #16]
719
+ csel x2, x2, x12, ne
720
+ csel x3, x3, x13, ne
721
+ ldp x12, x13, [x14, #32]
722
+ csel x4, x4, x12, ne
723
+ csel x5, x5, x13, ne
724
+ ldp x12, x13, [x14, #48]
725
+ csel x6, x6, x12, ne
726
+ csel x7, x7, x13, ne
727
+ ldp x12, x13, [x14, #64]
728
+ csel x8, x8, x12, ne
729
+ csel x9, x9, x13, ne
730
+ ldp x12, x13, [x14, #80]
731
+ csel x10, x10, x12, ne
732
+ csel x11, x11, x13, ne
733
+ add x14, x14, #96
734
+
735
+ cmp bf, #5
736
+ ldp x12, x13, [x14]
737
+ csel x0, x0, x12, ne
738
+ csel x1, x1, x13, ne
739
+ ldp x12, x13, [x14, #16]
740
+ csel x2, x2, x12, ne
741
+ csel x3, x3, x13, ne
742
+ ldp x12, x13, [x14, #32]
743
+ csel x4, x4, x12, ne
744
+ csel x5, x5, x13, ne
745
+ ldp x12, x13, [x14, #48]
746
+ csel x6, x6, x12, ne
747
+ csel x7, x7, x13, ne
748
+ ldp x12, x13, [x14, #64]
749
+ csel x8, x8, x12, ne
750
+ csel x9, x9, x13, ne
751
+ ldp x12, x13, [x14, #80]
752
+ csel x10, x10, x12, ne
753
+ csel x11, x11, x13, ne
754
+ add x14, x14, #96
755
+
756
+ cmp bf, #6
757
+ ldp x12, x13, [x14]
758
+ csel x0, x0, x12, ne
759
+ csel x1, x1, x13, ne
760
+ ldp x12, x13, [x14, #16]
761
+ csel x2, x2, x12, ne
762
+ csel x3, x3, x13, ne
763
+ ldp x12, x13, [x14, #32]
764
+ csel x4, x4, x12, ne
765
+ csel x5, x5, x13, ne
766
+ ldp x12, x13, [x14, #48]
767
+ csel x6, x6, x12, ne
768
+ csel x7, x7, x13, ne
769
+ ldp x12, x13, [x14, #64]
770
+ csel x8, x8, x12, ne
771
+ csel x9, x9, x13, ne
772
+ ldp x12, x13, [x14, #80]
773
+ csel x10, x10, x12, ne
774
+ csel x11, x11, x13, ne
775
+ add x14, x14, #96
776
+
777
+ cmp bf, #7
778
+ ldp x12, x13, [x14]
779
+ csel x0, x0, x12, ne
780
+ csel x1, x1, x13, ne
781
+ ldp x12, x13, [x14, #16]
782
+ csel x2, x2, x12, ne
783
+ csel x3, x3, x13, ne
784
+ ldp x12, x13, [x14, #32]
785
+ csel x4, x4, x12, ne
786
+ csel x5, x5, x13, ne
787
+ ldp x12, x13, [x14, #48]
788
+ csel x6, x6, x12, ne
789
+ csel x7, x7, x13, ne
790
+ ldp x12, x13, [x14, #64]
791
+ csel x8, x8, x12, ne
792
+ csel x9, x9, x13, ne
793
+ ldp x12, x13, [x14, #80]
794
+ csel x10, x10, x12, ne
795
+ csel x11, x11, x13, ne
796
+ add x14, x14, #96
797
+
798
+ cmp bf, #8
799
+ ldp x12, x13, [x14]
800
+ csel x0, x0, x12, ne
801
+ csel x1, x1, x13, ne
802
+ ldp x12, x13, [x14, #16]
803
+ csel x2, x2, x12, ne
804
+ csel x3, x3, x13, ne
805
+ ldp x12, x13, [x14, #32]
806
+ csel x4, x4, x12, ne
807
+ csel x5, x5, x13, ne
808
+ ldp x12, x13, [x14, #48]
809
+ csel x6, x6, x12, ne
810
+ csel x7, x7, x13, ne
811
+ ldp x12, x13, [x14, #64]
812
+ csel x8, x8, x12, ne
813
+ csel x9, x9, x13, ne
814
+ ldp x12, x13, [x14, #80]
815
+ csel x10, x10, x12, ne
816
+ csel x11, x11, x13, ne
817
+
818
+ stp x0, x1, [btabent]
819
+ stp x2, x3, [btabent+16]
820
+ stp x4, x5, [btabent+32]
821
+ stp x6, x7, [btabent+48]
822
+ stp x8, x9, [btabent+64]
823
+ stp x10, x11, [btabent+80]
824
+
825
+ // Index for table entry...
826
+
827
+ ldr x0, [scalar+24]
828
+ lsr bf, x0, #60
829
+
830
+ // ...and constant-time indexing based on that index
831
+
832
+ add p0, tab
833
+
834
+ mov x0, xzr
835
+ mov x1, xzr
836
+ mov x2, xzr
837
+ mov x3, xzr
838
+ mov x4, #1
839
+ mov x5, xzr
840
+ mov x6, xzr
841
+ mov x7, xzr
842
+ mov x8, #1
843
+ mov x9, xzr
844
+ mov x10, xzr
845
+ mov x11, xzr
846
+ mov x12, xzr
847
+ mov x13, xzr
848
+ mov x14, xzr
849
+ mov x15, xzr
850
+
851
+ cmp bf, #1
852
+ ldp x16, x17, [p0]
853
+ csel x0, x0, x16, ne
854
+ csel x1, x1, x17, ne
855
+ ldp x16, x17, [p0, #16]
856
+ csel x2, x2, x16, ne
857
+ csel x3, x3, x17, ne
858
+ ldp x16, x17, [p0, #32]
859
+ csel x4, x4, x16, ne
860
+ csel x5, x5, x17, ne
861
+ ldp x16, x17, [p0, #48]
862
+ csel x6, x6, x16, ne
863
+ csel x7, x7, x17, ne
864
+ ldp x16, x17, [p0, #64]
865
+ csel x8, x8, x16, ne
866
+ csel x9, x9, x17, ne
867
+ ldp x16, x17, [p0, #80]
868
+ csel x10, x10, x16, ne
869
+ csel x11, x11, x17, ne
870
+ ldp x16, x17, [p0, #96]
871
+ csel x12, x12, x16, ne
872
+ csel x13, x13, x17, ne
873
+ ldp x16, x17, [p0, #112]
874
+ csel x14, x14, x16, ne
875
+ csel x15, x15, x17, ne
876
+ add p0, p0, #128
877
+
878
+ cmp bf, #2
879
+ ldp x16, x17, [p0]
880
+ csel x0, x0, x16, ne
881
+ csel x1, x1, x17, ne
882
+ ldp x16, x17, [p0, #16]
883
+ csel x2, x2, x16, ne
884
+ csel x3, x3, x17, ne
885
+ ldp x16, x17, [p0, #32]
886
+ csel x4, x4, x16, ne
887
+ csel x5, x5, x17, ne
888
+ ldp x16, x17, [p0, #48]
889
+ csel x6, x6, x16, ne
890
+ csel x7, x7, x17, ne
891
+ ldp x16, x17, [p0, #64]
892
+ csel x8, x8, x16, ne
893
+ csel x9, x9, x17, ne
894
+ ldp x16, x17, [p0, #80]
895
+ csel x10, x10, x16, ne
896
+ csel x11, x11, x17, ne
897
+ ldp x16, x17, [p0, #96]
898
+ csel x12, x12, x16, ne
899
+ csel x13, x13, x17, ne
900
+ ldp x16, x17, [p0, #112]
901
+ csel x14, x14, x16, ne
902
+ csel x15, x15, x17, ne
903
+ add p0, p0, #128
904
+
905
+ cmp bf, #3
906
+ ldp x16, x17, [p0]
907
+ csel x0, x0, x16, ne
908
+ csel x1, x1, x17, ne
909
+ ldp x16, x17, [p0, #16]
910
+ csel x2, x2, x16, ne
911
+ csel x3, x3, x17, ne
912
+ ldp x16, x17, [p0, #32]
913
+ csel x4, x4, x16, ne
914
+ csel x5, x5, x17, ne
915
+ ldp x16, x17, [p0, #48]
916
+ csel x6, x6, x16, ne
917
+ csel x7, x7, x17, ne
918
+ ldp x16, x17, [p0, #64]
919
+ csel x8, x8, x16, ne
920
+ csel x9, x9, x17, ne
921
+ ldp x16, x17, [p0, #80]
922
+ csel x10, x10, x16, ne
923
+ csel x11, x11, x17, ne
924
+ ldp x16, x17, [p0, #96]
925
+ csel x12, x12, x16, ne
926
+ csel x13, x13, x17, ne
927
+ ldp x16, x17, [p0, #112]
928
+ csel x14, x14, x16, ne
929
+ csel x15, x15, x17, ne
930
+ add p0, p0, #128
931
+
932
+ cmp bf, #4
933
+ ldp x16, x17, [p0]
934
+ csel x0, x0, x16, ne
935
+ csel x1, x1, x17, ne
936
+ ldp x16, x17, [p0, #16]
937
+ csel x2, x2, x16, ne
938
+ csel x3, x3, x17, ne
939
+ ldp x16, x17, [p0, #32]
940
+ csel x4, x4, x16, ne
941
+ csel x5, x5, x17, ne
942
+ ldp x16, x17, [p0, #48]
943
+ csel x6, x6, x16, ne
944
+ csel x7, x7, x17, ne
945
+ ldp x16, x17, [p0, #64]
946
+ csel x8, x8, x16, ne
947
+ csel x9, x9, x17, ne
948
+ ldp x16, x17, [p0, #80]
949
+ csel x10, x10, x16, ne
950
+ csel x11, x11, x17, ne
951
+ ldp x16, x17, [p0, #96]
952
+ csel x12, x12, x16, ne
953
+ csel x13, x13, x17, ne
954
+ ldp x16, x17, [p0, #112]
955
+ csel x14, x14, x16, ne
956
+ csel x15, x15, x17, ne
957
+ add p0, p0, #128
958
+
959
+ cmp bf, #5
960
+ ldp x16, x17, [p0]
961
+ csel x0, x0, x16, ne
962
+ csel x1, x1, x17, ne
963
+ ldp x16, x17, [p0, #16]
964
+ csel x2, x2, x16, ne
965
+ csel x3, x3, x17, ne
966
+ ldp x16, x17, [p0, #32]
967
+ csel x4, x4, x16, ne
968
+ csel x5, x5, x17, ne
969
+ ldp x16, x17, [p0, #48]
970
+ csel x6, x6, x16, ne
971
+ csel x7, x7, x17, ne
972
+ ldp x16, x17, [p0, #64]
973
+ csel x8, x8, x16, ne
974
+ csel x9, x9, x17, ne
975
+ ldp x16, x17, [p0, #80]
976
+ csel x10, x10, x16, ne
977
+ csel x11, x11, x17, ne
978
+ ldp x16, x17, [p0, #96]
979
+ csel x12, x12, x16, ne
980
+ csel x13, x13, x17, ne
981
+ ldp x16, x17, [p0, #112]
982
+ csel x14, x14, x16, ne
983
+ csel x15, x15, x17, ne
984
+ add p0, p0, #128
985
+
986
+ cmp bf, #6
987
+ ldp x16, x17, [p0]
988
+ csel x0, x0, x16, ne
989
+ csel x1, x1, x17, ne
990
+ ldp x16, x17, [p0, #16]
991
+ csel x2, x2, x16, ne
992
+ csel x3, x3, x17, ne
993
+ ldp x16, x17, [p0, #32]
994
+ csel x4, x4, x16, ne
995
+ csel x5, x5, x17, ne
996
+ ldp x16, x17, [p0, #48]
997
+ csel x6, x6, x16, ne
998
+ csel x7, x7, x17, ne
999
+ ldp x16, x17, [p0, #64]
1000
+ csel x8, x8, x16, ne
1001
+ csel x9, x9, x17, ne
1002
+ ldp x16, x17, [p0, #80]
1003
+ csel x10, x10, x16, ne
1004
+ csel x11, x11, x17, ne
1005
+ ldp x16, x17, [p0, #96]
1006
+ csel x12, x12, x16, ne
1007
+ csel x13, x13, x17, ne
1008
+ ldp x16, x17, [p0, #112]
1009
+ csel x14, x14, x16, ne
1010
+ csel x15, x15, x17, ne
1011
+ add p0, p0, #128
1012
+
1013
+ cmp bf, #7
1014
+ ldp x16, x17, [p0]
1015
+ csel x0, x0, x16, ne
1016
+ csel x1, x1, x17, ne
1017
+ ldp x16, x17, [p0, #16]
1018
+ csel x2, x2, x16, ne
1019
+ csel x3, x3, x17, ne
1020
+ ldp x16, x17, [p0, #32]
1021
+ csel x4, x4, x16, ne
1022
+ csel x5, x5, x17, ne
1023
+ ldp x16, x17, [p0, #48]
1024
+ csel x6, x6, x16, ne
1025
+ csel x7, x7, x17, ne
1026
+ ldp x16, x17, [p0, #64]
1027
+ csel x8, x8, x16, ne
1028
+ csel x9, x9, x17, ne
1029
+ ldp x16, x17, [p0, #80]
1030
+ csel x10, x10, x16, ne
1031
+ csel x11, x11, x17, ne
1032
+ ldp x16, x17, [p0, #96]
1033
+ csel x12, x12, x16, ne
1034
+ csel x13, x13, x17, ne
1035
+ ldp x16, x17, [p0, #112]
1036
+ csel x14, x14, x16, ne
1037
+ csel x15, x15, x17, ne
1038
+ add p0, p0, #128
1039
+
1040
+ cmp bf, #8
1041
+ ldp x16, x17, [p0]
1042
+ csel x0, x0, x16, ne
1043
+ csel x1, x1, x17, ne
1044
+ ldp x16, x17, [p0, #16]
1045
+ csel x2, x2, x16, ne
1046
+ csel x3, x3, x17, ne
1047
+ ldp x16, x17, [p0, #32]
1048
+ csel x4, x4, x16, ne
1049
+ csel x5, x5, x17, ne
1050
+ ldp x16, x17, [p0, #48]
1051
+ csel x6, x6, x16, ne
1052
+ csel x7, x7, x17, ne
1053
+ ldp x16, x17, [p0, #64]
1054
+ csel x8, x8, x16, ne
1055
+ csel x9, x9, x17, ne
1056
+ ldp x16, x17, [p0, #80]
1057
+ csel x10, x10, x16, ne
1058
+ csel x11, x11, x17, ne
1059
+ ldp x16, x17, [p0, #96]
1060
+ csel x12, x12, x16, ne
1061
+ csel x13, x13, x17, ne
1062
+ ldp x16, x17, [p0, #112]
1063
+ csel x14, x14, x16, ne
1064
+ csel x15, x15, x17, ne
1065
+
1066
+ stp x0, x1, [tabent]
1067
+ stp x2, x3, [tabent+16]
1068
+ stp x4, x5, [tabent+32]
1069
+ stp x6, x7, [tabent+48]
1070
+ stp x8, x9, [tabent+64]
1071
+ stp x10, x11, [tabent+80]
1072
+ stp x12, x13, [tabent+96]
1073
+ stp x14, x15, [tabent+112]
1074
+
1075
+ // Add those elements to initialize the accumulator for bit position 252
1076
+
1077
+ add p0, acc
1078
+ add p1, tabent
1079
+ add p2, btabent
1080
+ bl edwards25519_scalarmuldouble_alt_pepadd
1081
+
1082
+ // Main loop with acc = [scalar/2^i] * point + [bscalar/2^i] * basepoint
1083
+ // Start with i = 252 for bits 248..251 and go down four at a time to 3..0
1084
+
1085
+ edwards25519_scalarmuldouble_alt_loop:
1086
+
1087
+ sub i, i, #4
1088
+
1089
+ // Double to acc' = 2 * acc
1090
+
1091
+ add p0, acc
1092
+ add p1, acc
1093
+ bl edwards25519_scalarmuldouble_alt_pdouble
1094
+
1095
+ // Get btable entry, first getting the adjusted bitfield...
1096
+
1097
+ lsr x0, i, #6
1098
+ add x1, bscalar
1099
+ ldr x2, [x1, x0, lsl #3]
1100
+ lsr x3, x2, i
1101
+ and x0, x3, #15
1102
+ subs bf, x0, #8
1103
+ cneg bf, bf, cc
1104
+ csetm cf, cc
1105
+
1106
+ // ... then doing constant-time lookup with the appropriate index...
1107
+
1108
+ adr x14, edwards25519_scalarmuldouble_alt_table
1109
+
1110
+ mov x0, #1
1111
+ mov x1, xzr
1112
+ mov x2, xzr
1113
+ mov x3, xzr
1114
+ mov x4, #1
1115
+ mov x5, xzr
1116
+ mov x6, xzr
1117
+ mov x7, xzr
1118
+ mov x8, xzr
1119
+ mov x9, xzr
1120
+ mov x10, xzr
1121
+ mov x11, xzr
1122
+
1123
+ cmp bf, #1
1124
+ ldp x12, x13, [x14]
1125
+ csel x0, x0, x12, ne
1126
+ csel x1, x1, x13, ne
1127
+ ldp x12, x13, [x14, #16]
1128
+ csel x2, x2, x12, ne
1129
+ csel x3, x3, x13, ne
1130
+ ldp x12, x13, [x14, #32]
1131
+ csel x4, x4, x12, ne
1132
+ csel x5, x5, x13, ne
1133
+ ldp x12, x13, [x14, #48]
1134
+ csel x6, x6, x12, ne
1135
+ csel x7, x7, x13, ne
1136
+ ldp x12, x13, [x14, #64]
1137
+ csel x8, x8, x12, ne
1138
+ csel x9, x9, x13, ne
1139
+ ldp x12, x13, [x14, #80]
1140
+ csel x10, x10, x12, ne
1141
+ csel x11, x11, x13, ne
1142
+ add x14, x14, #96
1143
+
1144
+ cmp bf, #2
1145
+ ldp x12, x13, [x14]
1146
+ csel x0, x0, x12, ne
1147
+ csel x1, x1, x13, ne
1148
+ ldp x12, x13, [x14, #16]
1149
+ csel x2, x2, x12, ne
1150
+ csel x3, x3, x13, ne
1151
+ ldp x12, x13, [x14, #32]
1152
+ csel x4, x4, x12, ne
1153
+ csel x5, x5, x13, ne
1154
+ ldp x12, x13, [x14, #48]
1155
+ csel x6, x6, x12, ne
1156
+ csel x7, x7, x13, ne
1157
+ ldp x12, x13, [x14, #64]
1158
+ csel x8, x8, x12, ne
1159
+ csel x9, x9, x13, ne
1160
+ ldp x12, x13, [x14, #80]
1161
+ csel x10, x10, x12, ne
1162
+ csel x11, x11, x13, ne
1163
+ add x14, x14, #96
1164
+
1165
+ cmp bf, #3
1166
+ ldp x12, x13, [x14]
1167
+ csel x0, x0, x12, ne
1168
+ csel x1, x1, x13, ne
1169
+ ldp x12, x13, [x14, #16]
1170
+ csel x2, x2, x12, ne
1171
+ csel x3, x3, x13, ne
1172
+ ldp x12, x13, [x14, #32]
1173
+ csel x4, x4, x12, ne
1174
+ csel x5, x5, x13, ne
1175
+ ldp x12, x13, [x14, #48]
1176
+ csel x6, x6, x12, ne
1177
+ csel x7, x7, x13, ne
1178
+ ldp x12, x13, [x14, #64]
1179
+ csel x8, x8, x12, ne
1180
+ csel x9, x9, x13, ne
1181
+ ldp x12, x13, [x14, #80]
1182
+ csel x10, x10, x12, ne
1183
+ csel x11, x11, x13, ne
1184
+ add x14, x14, #96
1185
+
1186
+ cmp bf, #4
1187
+ ldp x12, x13, [x14]
1188
+ csel x0, x0, x12, ne
1189
+ csel x1, x1, x13, ne
1190
+ ldp x12, x13, [x14, #16]
1191
+ csel x2, x2, x12, ne
1192
+ csel x3, x3, x13, ne
1193
+ ldp x12, x13, [x14, #32]
1194
+ csel x4, x4, x12, ne
1195
+ csel x5, x5, x13, ne
1196
+ ldp x12, x13, [x14, #48]
1197
+ csel x6, x6, x12, ne
1198
+ csel x7, x7, x13, ne
1199
+ ldp x12, x13, [x14, #64]
1200
+ csel x8, x8, x12, ne
1201
+ csel x9, x9, x13, ne
1202
+ ldp x12, x13, [x14, #80]
1203
+ csel x10, x10, x12, ne
1204
+ csel x11, x11, x13, ne
1205
+ add x14, x14, #96
1206
+
1207
+ cmp bf, #5
1208
+ ldp x12, x13, [x14]
1209
+ csel x0, x0, x12, ne
1210
+ csel x1, x1, x13, ne
1211
+ ldp x12, x13, [x14, #16]
1212
+ csel x2, x2, x12, ne
1213
+ csel x3, x3, x13, ne
1214
+ ldp x12, x13, [x14, #32]
1215
+ csel x4, x4, x12, ne
1216
+ csel x5, x5, x13, ne
1217
+ ldp x12, x13, [x14, #48]
1218
+ csel x6, x6, x12, ne
1219
+ csel x7, x7, x13, ne
1220
+ ldp x12, x13, [x14, #64]
1221
+ csel x8, x8, x12, ne
1222
+ csel x9, x9, x13, ne
1223
+ ldp x12, x13, [x14, #80]
1224
+ csel x10, x10, x12, ne
1225
+ csel x11, x11, x13, ne
1226
+ add x14, x14, #96
1227
+
1228
+ cmp bf, #6
1229
+ ldp x12, x13, [x14]
1230
+ csel x0, x0, x12, ne
1231
+ csel x1, x1, x13, ne
1232
+ ldp x12, x13, [x14, #16]
1233
+ csel x2, x2, x12, ne
1234
+ csel x3, x3, x13, ne
1235
+ ldp x12, x13, [x14, #32]
1236
+ csel x4, x4, x12, ne
1237
+ csel x5, x5, x13, ne
1238
+ ldp x12, x13, [x14, #48]
1239
+ csel x6, x6, x12, ne
1240
+ csel x7, x7, x13, ne
1241
+ ldp x12, x13, [x14, #64]
1242
+ csel x8, x8, x12, ne
1243
+ csel x9, x9, x13, ne
1244
+ ldp x12, x13, [x14, #80]
1245
+ csel x10, x10, x12, ne
1246
+ csel x11, x11, x13, ne
1247
+ add x14, x14, #96
1248
+
1249
+ cmp bf, #7
1250
+ ldp x12, x13, [x14]
1251
+ csel x0, x0, x12, ne
1252
+ csel x1, x1, x13, ne
1253
+ ldp x12, x13, [x14, #16]
1254
+ csel x2, x2, x12, ne
1255
+ csel x3, x3, x13, ne
1256
+ ldp x12, x13, [x14, #32]
1257
+ csel x4, x4, x12, ne
1258
+ csel x5, x5, x13, ne
1259
+ ldp x12, x13, [x14, #48]
1260
+ csel x6, x6, x12, ne
1261
+ csel x7, x7, x13, ne
1262
+ ldp x12, x13, [x14, #64]
1263
+ csel x8, x8, x12, ne
1264
+ csel x9, x9, x13, ne
1265
+ ldp x12, x13, [x14, #80]
1266
+ csel x10, x10, x12, ne
1267
+ csel x11, x11, x13, ne
1268
+ add x14, x14, #96
1269
+
1270
+ cmp bf, #8
1271
+ ldp x12, x13, [x14]
1272
+ csel x0, x0, x12, ne
1273
+ csel x1, x1, x13, ne
1274
+ ldp x12, x13, [x14, #16]
1275
+ csel x2, x2, x12, ne
1276
+ csel x3, x3, x13, ne
1277
+ ldp x12, x13, [x14, #32]
1278
+ csel x4, x4, x12, ne
1279
+ csel x5, x5, x13, ne
1280
+ ldp x12, x13, [x14, #48]
1281
+ csel x6, x6, x12, ne
1282
+ csel x7, x7, x13, ne
1283
+ ldp x12, x13, [x14, #64]
1284
+ csel x8, x8, x12, ne
1285
+ csel x9, x9, x13, ne
1286
+ ldp x12, x13, [x14, #80]
1287
+ csel x10, x10, x12, ne
1288
+ csel x11, x11, x13, ne
1289
+
1290
+ // ... then optionally negating before storing. The table entry
1291
+ // is in precomputed form and we currently have
1292
+ //
1293
+ // [x3;x2;x1;x0] = y - x
1294
+ // [x7;x6;x5;x4] = x + y
1295
+ // [x11;x10;x9;x8] = 2 * d * x * y
1296
+ //
1297
+ // Negation for Edwards curves is -(x,y) = (-x,y), which in this modified
1298
+ // form amounts to swapping the first two fields and negating the third.
1299
+ // The negation does not always fully reduce even mod 2^256-38 in the zero
1300
+ // case, instead giving -0 = 2^256-38. But that is fine since the result is
1301
+ // always fed to a multiplication inside the "pepadd" function below that
1302
+ // handles any 256-bit input.
1303
+
1304
+ cmp cf, xzr
1305
+
1306
+ csel x12, x0, x4, eq
1307
+ csel x4, x0, x4, ne
1308
+ csel x13, x1, x5, eq
1309
+ csel x5, x1, x5, ne
1310
+ csel x14, x2, x6, eq
1311
+ csel x6, x2, x6, ne
1312
+ csel x15, x3, x7, eq
1313
+ csel x7, x3, x7, ne
1314
+
1315
+ eor x8, x8, cf
1316
+ eor x9, x9, cf
1317
+ eor x10, x10, cf
1318
+ eor x11, x11, cf
1319
+ mov x0, #37
1320
+ and x0, x0, cf
1321
+ subs x8, x8, x0
1322
+ sbcs x9, x9, xzr
1323
+ sbcs x10, x10, xzr
1324
+ sbc x11, x11, xzr
1325
+
1326
+ stp x12, x13, [btabent]
1327
+ stp x14, x15, [btabent+16]
1328
+ stp x4, x5, [btabent+32]
1329
+ stp x6, x7, [btabent+48]
1330
+ stp x8, x9, [btabent+64]
1331
+ stp x10, x11, [btabent+80]
1332
+
1333
+ // Get table entry, first getting the adjusted bitfield...
1334
+
1335
+ lsr x0, i, #6
1336
+ ldr x1, [sp, x0, lsl #3]
1337
+ lsr x2, x1, i
1338
+ and x0, x2, #15
1339
+ subs bf, x0, #8
1340
+ cneg bf, bf, cc
1341
+ csetm cf, cc
1342
+
1343
+ // ... then getting the unadjusted table entry
1344
+
1345
+ add p0, tab
1346
+
1347
+ mov x0, xzr
1348
+ mov x1, xzr
1349
+ mov x2, xzr
1350
+ mov x3, xzr
1351
+ mov x4, #1
1352
+ mov x5, xzr
1353
+ mov x6, xzr
1354
+ mov x7, xzr
1355
+ mov x8, #1
1356
+ mov x9, xzr
1357
+ mov x10, xzr
1358
+ mov x11, xzr
1359
+ mov x12, xzr
1360
+ mov x13, xzr
1361
+ mov x14, xzr
1362
+ mov x15, xzr
1363
+
1364
+ cmp bf, #1
1365
+ ldp x16, x17, [p0]
1366
+ csel x0, x0, x16, ne
1367
+ csel x1, x1, x17, ne
1368
+ ldp x16, x17, [p0, #16]
1369
+ csel x2, x2, x16, ne
1370
+ csel x3, x3, x17, ne
1371
+ ldp x16, x17, [p0, #32]
1372
+ csel x4, x4, x16, ne
1373
+ csel x5, x5, x17, ne
1374
+ ldp x16, x17, [p0, #48]
1375
+ csel x6, x6, x16, ne
1376
+ csel x7, x7, x17, ne
1377
+ ldp x16, x17, [p0, #64]
1378
+ csel x8, x8, x16, ne
1379
+ csel x9, x9, x17, ne
1380
+ ldp x16, x17, [p0, #80]
1381
+ csel x10, x10, x16, ne
1382
+ csel x11, x11, x17, ne
1383
+ ldp x16, x17, [p0, #96]
1384
+ csel x12, x12, x16, ne
1385
+ csel x13, x13, x17, ne
1386
+ ldp x16, x17, [p0, #112]
1387
+ csel x14, x14, x16, ne
1388
+ csel x15, x15, x17, ne
1389
+ add p0, p0, #128
1390
+
1391
+ cmp bf, #2
1392
+ ldp x16, x17, [p0]
1393
+ csel x0, x0, x16, ne
1394
+ csel x1, x1, x17, ne
1395
+ ldp x16, x17, [p0, #16]
1396
+ csel x2, x2, x16, ne
1397
+ csel x3, x3, x17, ne
1398
+ ldp x16, x17, [p0, #32]
1399
+ csel x4, x4, x16, ne
1400
+ csel x5, x5, x17, ne
1401
+ ldp x16, x17, [p0, #48]
1402
+ csel x6, x6, x16, ne
1403
+ csel x7, x7, x17, ne
1404
+ ldp x16, x17, [p0, #64]
1405
+ csel x8, x8, x16, ne
1406
+ csel x9, x9, x17, ne
1407
+ ldp x16, x17, [p0, #80]
1408
+ csel x10, x10, x16, ne
1409
+ csel x11, x11, x17, ne
1410
+ ldp x16, x17, [p0, #96]
1411
+ csel x12, x12, x16, ne
1412
+ csel x13, x13, x17, ne
1413
+ ldp x16, x17, [p0, #112]
1414
+ csel x14, x14, x16, ne
1415
+ csel x15, x15, x17, ne
1416
+ add p0, p0, #128
1417
+
1418
+ cmp bf, #3
1419
+ ldp x16, x17, [p0]
1420
+ csel x0, x0, x16, ne
1421
+ csel x1, x1, x17, ne
1422
+ ldp x16, x17, [p0, #16]
1423
+ csel x2, x2, x16, ne
1424
+ csel x3, x3, x17, ne
1425
+ ldp x16, x17, [p0, #32]
1426
+ csel x4, x4, x16, ne
1427
+ csel x5, x5, x17, ne
1428
+ ldp x16, x17, [p0, #48]
1429
+ csel x6, x6, x16, ne
1430
+ csel x7, x7, x17, ne
1431
+ ldp x16, x17, [p0, #64]
1432
+ csel x8, x8, x16, ne
1433
+ csel x9, x9, x17, ne
1434
+ ldp x16, x17, [p0, #80]
1435
+ csel x10, x10, x16, ne
1436
+ csel x11, x11, x17, ne
1437
+ ldp x16, x17, [p0, #96]
1438
+ csel x12, x12, x16, ne
1439
+ csel x13, x13, x17, ne
1440
+ ldp x16, x17, [p0, #112]
1441
+ csel x14, x14, x16, ne
1442
+ csel x15, x15, x17, ne
1443
+ add p0, p0, #128
1444
+
1445
+ cmp bf, #4
1446
+ ldp x16, x17, [p0]
1447
+ csel x0, x0, x16, ne
1448
+ csel x1, x1, x17, ne
1449
+ ldp x16, x17, [p0, #16]
1450
+ csel x2, x2, x16, ne
1451
+ csel x3, x3, x17, ne
1452
+ ldp x16, x17, [p0, #32]
1453
+ csel x4, x4, x16, ne
1454
+ csel x5, x5, x17, ne
1455
+ ldp x16, x17, [p0, #48]
1456
+ csel x6, x6, x16, ne
1457
+ csel x7, x7, x17, ne
1458
+ ldp x16, x17, [p0, #64]
1459
+ csel x8, x8, x16, ne
1460
+ csel x9, x9, x17, ne
1461
+ ldp x16, x17, [p0, #80]
1462
+ csel x10, x10, x16, ne
1463
+ csel x11, x11, x17, ne
1464
+ ldp x16, x17, [p0, #96]
1465
+ csel x12, x12, x16, ne
1466
+ csel x13, x13, x17, ne
1467
+ ldp x16, x17, [p0, #112]
1468
+ csel x14, x14, x16, ne
1469
+ csel x15, x15, x17, ne
1470
+ add p0, p0, #128
1471
+
1472
+ cmp bf, #5
1473
+ ldp x16, x17, [p0]
1474
+ csel x0, x0, x16, ne
1475
+ csel x1, x1, x17, ne
1476
+ ldp x16, x17, [p0, #16]
1477
+ csel x2, x2, x16, ne
1478
+ csel x3, x3, x17, ne
1479
+ ldp x16, x17, [p0, #32]
1480
+ csel x4, x4, x16, ne
1481
+ csel x5, x5, x17, ne
1482
+ ldp x16, x17, [p0, #48]
1483
+ csel x6, x6, x16, ne
1484
+ csel x7, x7, x17, ne
1485
+ ldp x16, x17, [p0, #64]
1486
+ csel x8, x8, x16, ne
1487
+ csel x9, x9, x17, ne
1488
+ ldp x16, x17, [p0, #80]
1489
+ csel x10, x10, x16, ne
1490
+ csel x11, x11, x17, ne
1491
+ ldp x16, x17, [p0, #96]
1492
+ csel x12, x12, x16, ne
1493
+ csel x13, x13, x17, ne
1494
+ ldp x16, x17, [p0, #112]
1495
+ csel x14, x14, x16, ne
1496
+ csel x15, x15, x17, ne
1497
+ add p0, p0, #128
1498
+
1499
+ cmp bf, #6
1500
+ ldp x16, x17, [p0]
1501
+ csel x0, x0, x16, ne
1502
+ csel x1, x1, x17, ne
1503
+ ldp x16, x17, [p0, #16]
1504
+ csel x2, x2, x16, ne
1505
+ csel x3, x3, x17, ne
1506
+ ldp x16, x17, [p0, #32]
1507
+ csel x4, x4, x16, ne
1508
+ csel x5, x5, x17, ne
1509
+ ldp x16, x17, [p0, #48]
1510
+ csel x6, x6, x16, ne
1511
+ csel x7, x7, x17, ne
1512
+ ldp x16, x17, [p0, #64]
1513
+ csel x8, x8, x16, ne
1514
+ csel x9, x9, x17, ne
1515
+ ldp x16, x17, [p0, #80]
1516
+ csel x10, x10, x16, ne
1517
+ csel x11, x11, x17, ne
1518
+ ldp x16, x17, [p0, #96]
1519
+ csel x12, x12, x16, ne
1520
+ csel x13, x13, x17, ne
1521
+ ldp x16, x17, [p0, #112]
1522
+ csel x14, x14, x16, ne
1523
+ csel x15, x15, x17, ne
1524
+ add p0, p0, #128
1525
+
1526
+ cmp bf, #7
1527
+ ldp x16, x17, [p0]
1528
+ csel x0, x0, x16, ne
1529
+ csel x1, x1, x17, ne
1530
+ ldp x16, x17, [p0, #16]
1531
+ csel x2, x2, x16, ne
1532
+ csel x3, x3, x17, ne
1533
+ ldp x16, x17, [p0, #32]
1534
+ csel x4, x4, x16, ne
1535
+ csel x5, x5, x17, ne
1536
+ ldp x16, x17, [p0, #48]
1537
+ csel x6, x6, x16, ne
1538
+ csel x7, x7, x17, ne
1539
+ ldp x16, x17, [p0, #64]
1540
+ csel x8, x8, x16, ne
1541
+ csel x9, x9, x17, ne
1542
+ ldp x16, x17, [p0, #80]
1543
+ csel x10, x10, x16, ne
1544
+ csel x11, x11, x17, ne
1545
+ ldp x16, x17, [p0, #96]
1546
+ csel x12, x12, x16, ne
1547
+ csel x13, x13, x17, ne
1548
+ ldp x16, x17, [p0, #112]
1549
+ csel x14, x14, x16, ne
1550
+ csel x15, x15, x17, ne
1551
+ add p0, p0, #128
1552
+
1553
+ cmp bf, #8
1554
+ ldp x16, x17, [p0]
1555
+ csel x0, x0, x16, ne
1556
+ csel x1, x1, x17, ne
1557
+ ldp x16, x17, [p0, #16]
1558
+ csel x2, x2, x16, ne
1559
+ csel x3, x3, x17, ne
1560
+ ldp x16, x17, [p0, #32]
1561
+ csel x4, x4, x16, ne
1562
+ csel x5, x5, x17, ne
1563
+ ldp x16, x17, [p0, #48]
1564
+ csel x6, x6, x16, ne
1565
+ csel x7, x7, x17, ne
1566
+ ldp x16, x17, [p0, #64]
1567
+ csel x8, x8, x16, ne
1568
+ csel x9, x9, x17, ne
1569
+ ldp x16, x17, [p0, #80]
1570
+ csel x10, x10, x16, ne
1571
+ csel x11, x11, x17, ne
1572
+ ldp x16, x17, [p0, #96]
1573
+ csel x12, x12, x16, ne
1574
+ csel x13, x13, x17, ne
1575
+ ldp x16, x17, [p0, #112]
1576
+ csel x14, x14, x16, ne
1577
+ csel x15, x15, x17, ne
1578
+
1579
+ // ... then optionally negating before storing. This time the table
1580
+ // entry is extended-projective, and is in registers thus:
1581
+ //
1582
+ // [x3;x2;x1;x0] = X
1583
+ // [x7;x6;x5;x4] = Y
1584
+ // [x11;x10;x9;x8] = Z
1585
+ // [x15;x14;x13;x12] = W
1586
+ //
1587
+ // This time we just need to negate the X and the W fields.
1588
+ // The crude way negation is done can result in values of X or W
1589
+ // (when initially zero before negation) being exactly equal to
1590
+ // 2^256-38, but the "pepadd" function handles that correctly.
1591
+
1592
+ eor x0, x0, cf
1593
+ eor x1, x1, cf
1594
+ eor x2, x2, cf
1595
+ eor x3, x3, cf
1596
+ mov x16, #37
1597
+ and x16, x16, cf
1598
+ subs x0, x0, x16
1599
+ sbcs x1, x1, xzr
1600
+ sbcs x2, x2, xzr
1601
+ sbc x3, x3, xzr
1602
+
1603
+ eor x12, x12, cf
1604
+ eor x13, x13, cf
1605
+ eor x14, x14, cf
1606
+ eor x15, x15, cf
1607
+ subs x12, x12, x16
1608
+ sbcs x13, x13, xzr
1609
+ sbcs x14, x14, xzr
1610
+ sbc x15, x15, xzr
1611
+
1612
+ stp x0, x1, [tabent]
1613
+ stp x2, x3, [tabent+16]
1614
+ stp x4, x5, [tabent+32]
1615
+ stp x6, x7, [tabent+48]
1616
+ stp x8, x9, [tabent+64]
1617
+ stp x10, x11, [tabent+80]
1618
+ stp x12, x13, [tabent+96]
1619
+ stp x14, x15, [tabent+112]
1620
+
1621
+ // Double to acc' = 4 * acc
1622
+
1623
+ add p0, acc
1624
+ add p1, acc
1625
+ bl edwards25519_scalarmuldouble_alt_pdouble
1626
+
1627
+ // Add tabent := tabent + btabent
1628
+
1629
+ add p0, tabent
1630
+ add p1, tabent
1631
+ add p2, btabent
1632
+ bl edwards25519_scalarmuldouble_alt_pepadd
1633
+
1634
+ // Double to acc' = 8 * acc
1635
+
1636
+ add p0, acc
1637
+ add p1, acc
1638
+ bl edwards25519_scalarmuldouble_alt_pdouble
1639
+
1640
+ // Double to acc' = 16 * acc
1641
+
1642
+ add p0, acc
1643
+ add p1, acc
1644
+ bl edwards25519_scalarmuldouble_alt_epdouble
1645
+
1646
+ // Add table entry, acc := acc + tabent
1647
+
1648
+ add p0, acc
1649
+ add p1, acc
1650
+ add p2, tabent
1651
+ bl edwards25519_scalarmuldouble_alt_epadd
1652
+
1653
+ // Loop down
1654
+
1655
+ cbnz i, edwards25519_scalarmuldouble_alt_loop
1656
+
1657
+ // Modular inverse setup
1658
+
1659
+ add x0, tabent
1660
+ add x1, acc+64
1661
+
1662
+ // Inline copy of bignum_inv_p25519, identical except for stripping out
1663
+ // the prologue and epilogue saving and restoring registers and making
1664
+ // and reclaiming room on the stack. For more details and explanations see
1665
+ // "arm/curve25519/bignum_inv_p25519.S". Note that the stack it uses for
1666
+ // its own temporaries is 128 bytes, so it has no effect on variables
1667
+ // that are needed in the rest of our computation here: res, acc, tabent.
1668
+
1669
+ mov x20, x0
1670
+ mov x10, #0xffffffffffffffed
1671
+ mov x11, #0xffffffffffffffff
1672
+ stp x10, x11, [sp]
1673
+ mov x12, #0x7fffffffffffffff
1674
+ stp x11, x12, [sp, #16]
1675
+ ldp x2, x3, [x1]
1676
+ ldp x4, x5, [x1, #16]
1677
+ mov x7, #0x13
1678
+ lsr x6, x5, #63
1679
+ madd x6, x7, x6, x7
1680
+ adds x2, x2, x6
1681
+ adcs x3, x3, xzr
1682
+ adcs x4, x4, xzr
1683
+ orr x5, x5, #0x8000000000000000
1684
+ adcs x5, x5, xzr
1685
+ csel x6, x7, xzr, cc
1686
+ subs x2, x2, x6
1687
+ sbcs x3, x3, xzr
1688
+ sbcs x4, x4, xzr
1689
+ sbc x5, x5, xzr
1690
+ and x5, x5, #0x7fffffffffffffff
1691
+ stp x2, x3, [sp, #32]
1692
+ stp x4, x5, [sp, #48]
1693
+ stp xzr, xzr, [sp, #64]
1694
+ stp xzr, xzr, [sp, #80]
1695
+ mov x10, #0x2099
1696
+ movk x10, #0x7502, lsl #16
1697
+ movk x10, #0x9e23, lsl #32
1698
+ movk x10, #0xa0f9, lsl #48
1699
+ mov x11, #0x2595
1700
+ movk x11, #0x1d13, lsl #16
1701
+ movk x11, #0x8f3f, lsl #32
1702
+ movk x11, #0xa8c6, lsl #48
1703
+ mov x12, #0x5242
1704
+ movk x12, #0x5ac, lsl #16
1705
+ movk x12, #0x8938, lsl #32
1706
+ movk x12, #0x6c6c, lsl #48
1707
+ mov x13, #0x615
1708
+ movk x13, #0x4177, lsl #16
1709
+ movk x13, #0x8b2, lsl #32
1710
+ movk x13, #0x2765, lsl #48
1711
+ stp x10, x11, [sp, #96]
1712
+ stp x12, x13, [sp, #112]
1713
+ mov x21, #0xa
1714
+ mov x22, #0x1
1715
+ b edwards25519_scalarmuldouble_alt_invmidloop
1716
+ edwards25519_scalarmuldouble_alt_invloop:
1717
+ cmp x10, xzr
1718
+ csetm x14, mi
1719
+ cneg x10, x10, mi
1720
+ cmp x11, xzr
1721
+ csetm x15, mi
1722
+ cneg x11, x11, mi
1723
+ cmp x12, xzr
1724
+ csetm x16, mi
1725
+ cneg x12, x12, mi
1726
+ cmp x13, xzr
1727
+ csetm x17, mi
1728
+ cneg x13, x13, mi
1729
+ and x0, x10, x14
1730
+ and x1, x11, x15
1731
+ add x9, x0, x1
1732
+ and x0, x12, x16
1733
+ and x1, x13, x17
1734
+ add x19, x0, x1
1735
+ ldr x7, [sp]
1736
+ eor x1, x7, x14
1737
+ mul x0, x1, x10
1738
+ umulh x1, x1, x10
1739
+ adds x4, x9, x0
1740
+ adc x2, xzr, x1
1741
+ ldr x8, [sp, #32]
1742
+ eor x1, x8, x15
1743
+ mul x0, x1, x11
1744
+ umulh x1, x1, x11
1745
+ adds x4, x4, x0
1746
+ adc x2, x2, x1
1747
+ eor x1, x7, x16
1748
+ mul x0, x1, x12
1749
+ umulh x1, x1, x12
1750
+ adds x5, x19, x0
1751
+ adc x3, xzr, x1
1752
+ eor x1, x8, x17
1753
+ mul x0, x1, x13
1754
+ umulh x1, x1, x13
1755
+ adds x5, x5, x0
1756
+ adc x3, x3, x1
1757
+ ldr x7, [sp, #8]
1758
+ eor x1, x7, x14
1759
+ mul x0, x1, x10
1760
+ umulh x1, x1, x10
1761
+ adds x2, x2, x0
1762
+ adc x6, xzr, x1
1763
+ ldr x8, [sp, #40]
1764
+ eor x1, x8, x15
1765
+ mul x0, x1, x11
1766
+ umulh x1, x1, x11
1767
+ adds x2, x2, x0
1768
+ adc x6, x6, x1
1769
+ extr x4, x2, x4, #59
1770
+ str x4, [sp]
1771
+ eor x1, x7, x16
1772
+ mul x0, x1, x12
1773
+ umulh x1, x1, x12
1774
+ adds x3, x3, x0
1775
+ adc x4, xzr, x1
1776
+ eor x1, x8, x17
1777
+ mul x0, x1, x13
1778
+ umulh x1, x1, x13
1779
+ adds x3, x3, x0
1780
+ adc x4, x4, x1
1781
+ extr x5, x3, x5, #59
1782
+ str x5, [sp, #32]
1783
+ ldr x7, [sp, #16]
1784
+ eor x1, x7, x14
1785
+ mul x0, x1, x10
1786
+ umulh x1, x1, x10
1787
+ adds x6, x6, x0
1788
+ adc x5, xzr, x1
1789
+ ldr x8, [sp, #48]
1790
+ eor x1, x8, x15
1791
+ mul x0, x1, x11
1792
+ umulh x1, x1, x11
1793
+ adds x6, x6, x0
1794
+ adc x5, x5, x1
1795
+ extr x2, x6, x2, #59
1796
+ str x2, [sp, #8]
1797
+ eor x1, x7, x16
1798
+ mul x0, x1, x12
1799
+ umulh x1, x1, x12
1800
+ adds x4, x4, x0
1801
+ adc x2, xzr, x1
1802
+ eor x1, x8, x17
1803
+ mul x0, x1, x13
1804
+ umulh x1, x1, x13
1805
+ adds x4, x4, x0
1806
+ adc x2, x2, x1
1807
+ extr x3, x4, x3, #59
1808
+ str x3, [sp, #40]
1809
+ ldr x7, [sp, #24]
1810
+ eor x1, x7, x14
1811
+ asr x3, x1, #63
1812
+ and x3, x3, x10
1813
+ neg x3, x3
1814
+ mul x0, x1, x10
1815
+ umulh x1, x1, x10
1816
+ adds x5, x5, x0
1817
+ adc x3, x3, x1
1818
+ ldr x8, [sp, #56]
1819
+ eor x1, x8, x15
1820
+ asr x0, x1, #63
1821
+ and x0, x0, x11
1822
+ sub x3, x3, x0
1823
+ mul x0, x1, x11
1824
+ umulh x1, x1, x11
1825
+ adds x5, x5, x0
1826
+ adc x3, x3, x1
1827
+ extr x6, x5, x6, #59
1828
+ str x6, [sp, #16]
1829
+ extr x5, x3, x5, #59
1830
+ str x5, [sp, #24]
1831
+ eor x1, x7, x16
1832
+ asr x5, x1, #63
1833
+ and x5, x5, x12
1834
+ neg x5, x5
1835
+ mul x0, x1, x12
1836
+ umulh x1, x1, x12
1837
+ adds x2, x2, x0
1838
+ adc x5, x5, x1
1839
+ eor x1, x8, x17
1840
+ asr x0, x1, #63
1841
+ and x0, x0, x13
1842
+ sub x5, x5, x0
1843
+ mul x0, x1, x13
1844
+ umulh x1, x1, x13
1845
+ adds x2, x2, x0
1846
+ adc x5, x5, x1
1847
+ extr x4, x2, x4, #59
1848
+ str x4, [sp, #48]
1849
+ extr x2, x5, x2, #59
1850
+ str x2, [sp, #56]
1851
+ ldr x7, [sp, #64]
1852
+ eor x1, x7, x14
1853
+ mul x0, x1, x10
1854
+ umulh x1, x1, x10
1855
+ adds x4, x9, x0
1856
+ adc x2, xzr, x1
1857
+ ldr x8, [sp, #96]
1858
+ eor x1, x8, x15
1859
+ mul x0, x1, x11
1860
+ umulh x1, x1, x11
1861
+ adds x4, x4, x0
1862
+ str x4, [sp, #64]
1863
+ adc x2, x2, x1
1864
+ eor x1, x7, x16
1865
+ mul x0, x1, x12
1866
+ umulh x1, x1, x12
1867
+ adds x5, x19, x0
1868
+ adc x3, xzr, x1
1869
+ eor x1, x8, x17
1870
+ mul x0, x1, x13
1871
+ umulh x1, x1, x13
1872
+ adds x5, x5, x0
1873
+ str x5, [sp, #96]
1874
+ adc x3, x3, x1
1875
+ ldr x7, [sp, #72]
1876
+ eor x1, x7, x14
1877
+ mul x0, x1, x10
1878
+ umulh x1, x1, x10
1879
+ adds x2, x2, x0
1880
+ adc x6, xzr, x1
1881
+ ldr x8, [sp, #104]
1882
+ eor x1, x8, x15
1883
+ mul x0, x1, x11
1884
+ umulh x1, x1, x11
1885
+ adds x2, x2, x0
1886
+ str x2, [sp, #72]
1887
+ adc x6, x6, x1
1888
+ eor x1, x7, x16
1889
+ mul x0, x1, x12
1890
+ umulh x1, x1, x12
1891
+ adds x3, x3, x0
1892
+ adc x4, xzr, x1
1893
+ eor x1, x8, x17
1894
+ mul x0, x1, x13
1895
+ umulh x1, x1, x13
1896
+ adds x3, x3, x0
1897
+ str x3, [sp, #104]
1898
+ adc x4, x4, x1
1899
+ ldr x7, [sp, #80]
1900
+ eor x1, x7, x14
1901
+ mul x0, x1, x10
1902
+ umulh x1, x1, x10
1903
+ adds x6, x6, x0
1904
+ adc x5, xzr, x1
1905
+ ldr x8, [sp, #112]
1906
+ eor x1, x8, x15
1907
+ mul x0, x1, x11
1908
+ umulh x1, x1, x11
1909
+ adds x6, x6, x0
1910
+ str x6, [sp, #80]
1911
+ adc x5, x5, x1
1912
+ eor x1, x7, x16
1913
+ mul x0, x1, x12
1914
+ umulh x1, x1, x12
1915
+ adds x4, x4, x0
1916
+ adc x2, xzr, x1
1917
+ eor x1, x8, x17
1918
+ mul x0, x1, x13
1919
+ umulh x1, x1, x13
1920
+ adds x4, x4, x0
1921
+ str x4, [sp, #112]
1922
+ adc x2, x2, x1
1923
+ ldr x7, [sp, #88]
1924
+ eor x1, x7, x14
1925
+ and x3, x14, x10
1926
+ neg x3, x3
1927
+ mul x0, x1, x10
1928
+ umulh x1, x1, x10
1929
+ adds x5, x5, x0
1930
+ adc x3, x3, x1
1931
+ ldr x8, [sp, #120]
1932
+ eor x1, x8, x15
1933
+ and x0, x15, x11
1934
+ sub x3, x3, x0
1935
+ mul x0, x1, x11
1936
+ umulh x1, x1, x11
1937
+ adds x5, x5, x0
1938
+ adc x3, x3, x1
1939
+ extr x6, x3, x5, #63
1940
+ ldp x0, x1, [sp, #64]
1941
+ add x6, x6, x3, asr #63
1942
+ mov x3, #0x13
1943
+ mul x4, x6, x3
1944
+ add x5, x5, x6, lsl #63
1945
+ smulh x3, x6, x3
1946
+ ldr x6, [sp, #80]
1947
+ adds x0, x0, x4
1948
+ adcs x1, x1, x3
1949
+ asr x3, x3, #63
1950
+ adcs x6, x6, x3
1951
+ adc x5, x5, x3
1952
+ stp x0, x1, [sp, #64]
1953
+ stp x6, x5, [sp, #80]
1954
+ eor x1, x7, x16
1955
+ and x5, x16, x12
1956
+ neg x5, x5
1957
+ mul x0, x1, x12
1958
+ umulh x1, x1, x12
1959
+ adds x2, x2, x0
1960
+ adc x5, x5, x1
1961
+ eor x1, x8, x17
1962
+ and x0, x17, x13
1963
+ sub x5, x5, x0
1964
+ mul x0, x1, x13
1965
+ umulh x1, x1, x13
1966
+ adds x2, x2, x0
1967
+ adc x5, x5, x1
1968
+ extr x6, x5, x2, #63
1969
+ ldp x0, x1, [sp, #96]
1970
+ add x6, x6, x5, asr #63
1971
+ mov x5, #0x13
1972
+ mul x4, x6, x5
1973
+ add x2, x2, x6, lsl #63
1974
+ smulh x5, x6, x5
1975
+ ldr x3, [sp, #112]
1976
+ adds x0, x0, x4
1977
+ adcs x1, x1, x5
1978
+ asr x5, x5, #63
1979
+ adcs x3, x3, x5
1980
+ adc x2, x2, x5
1981
+ stp x0, x1, [sp, #96]
1982
+ stp x3, x2, [sp, #112]
1983
+ edwards25519_scalarmuldouble_alt_invmidloop:
1984
+ mov x1, x22
1985
+ ldr x2, [sp]
1986
+ ldr x3, [sp, #32]
1987
+ and x4, x2, #0xfffff
1988
+ orr x4, x4, #0xfffffe0000000000
1989
+ and x5, x3, #0xfffff
1990
+ orr x5, x5, #0xc000000000000000
1991
+ tst x5, #0x1
1992
+ csel x6, x4, xzr, ne
1993
+ ccmp x1, xzr, #0x8, ne
1994
+ cneg x1, x1, ge
1995
+ cneg x6, x6, ge
1996
+ csel x4, x5, x4, ge
1997
+ add x5, x5, x6
1998
+ add x1, x1, #0x2
1999
+ tst x5, #0x2
2000
+ asr x5, x5, #1
2001
+ csel x6, x4, xzr, ne
2002
+ ccmp x1, xzr, #0x8, ne
2003
+ cneg x1, x1, ge
2004
+ cneg x6, x6, ge
2005
+ csel x4, x5, x4, ge
2006
+ add x5, x5, x6
2007
+ add x1, x1, #0x2
2008
+ tst x5, #0x2
2009
+ asr x5, x5, #1
2010
+ csel x6, x4, xzr, ne
2011
+ ccmp x1, xzr, #0x8, ne
2012
+ cneg x1, x1, ge
2013
+ cneg x6, x6, ge
2014
+ csel x4, x5, x4, ge
2015
+ add x5, x5, x6
2016
+ add x1, x1, #0x2
2017
+ tst x5, #0x2
2018
+ asr x5, x5, #1
2019
+ csel x6, x4, xzr, ne
2020
+ ccmp x1, xzr, #0x8, ne
2021
+ cneg x1, x1, ge
2022
+ cneg x6, x6, ge
2023
+ csel x4, x5, x4, ge
2024
+ add x5, x5, x6
2025
+ add x1, x1, #0x2
2026
+ tst x5, #0x2
2027
+ asr x5, x5, #1
2028
+ csel x6, x4, xzr, ne
2029
+ ccmp x1, xzr, #0x8, ne
2030
+ cneg x1, x1, ge
2031
+ cneg x6, x6, ge
2032
+ csel x4, x5, x4, ge
2033
+ add x5, x5, x6
2034
+ add x1, x1, #0x2
2035
+ tst x5, #0x2
2036
+ asr x5, x5, #1
2037
+ csel x6, x4, xzr, ne
2038
+ ccmp x1, xzr, #0x8, ne
2039
+ cneg x1, x1, ge
2040
+ cneg x6, x6, ge
2041
+ csel x4, x5, x4, ge
2042
+ add x5, x5, x6
2043
+ add x1, x1, #0x2
2044
+ tst x5, #0x2
2045
+ asr x5, x5, #1
2046
+ csel x6, x4, xzr, ne
2047
+ ccmp x1, xzr, #0x8, ne
2048
+ cneg x1, x1, ge
2049
+ cneg x6, x6, ge
2050
+ csel x4, x5, x4, ge
2051
+ add x5, x5, x6
2052
+ add x1, x1, #0x2
2053
+ tst x5, #0x2
2054
+ asr x5, x5, #1
2055
+ csel x6, x4, xzr, ne
2056
+ ccmp x1, xzr, #0x8, ne
2057
+ cneg x1, x1, ge
2058
+ cneg x6, x6, ge
2059
+ csel x4, x5, x4, ge
2060
+ add x5, x5, x6
2061
+ add x1, x1, #0x2
2062
+ tst x5, #0x2
2063
+ asr x5, x5, #1
2064
+ csel x6, x4, xzr, ne
2065
+ ccmp x1, xzr, #0x8, ne
2066
+ cneg x1, x1, ge
2067
+ cneg x6, x6, ge
2068
+ csel x4, x5, x4, ge
2069
+ add x5, x5, x6
2070
+ add x1, x1, #0x2
2071
+ tst x5, #0x2
2072
+ asr x5, x5, #1
2073
+ csel x6, x4, xzr, ne
2074
+ ccmp x1, xzr, #0x8, ne
2075
+ cneg x1, x1, ge
2076
+ cneg x6, x6, ge
2077
+ csel x4, x5, x4, ge
2078
+ add x5, x5, x6
2079
+ add x1, x1, #0x2
2080
+ tst x5, #0x2
2081
+ asr x5, x5, #1
2082
+ csel x6, x4, xzr, ne
2083
+ ccmp x1, xzr, #0x8, ne
2084
+ cneg x1, x1, ge
2085
+ cneg x6, x6, ge
2086
+ csel x4, x5, x4, ge
2087
+ add x5, x5, x6
2088
+ add x1, x1, #0x2
2089
+ tst x5, #0x2
2090
+ asr x5, x5, #1
2091
+ csel x6, x4, xzr, ne
2092
+ ccmp x1, xzr, #0x8, ne
2093
+ cneg x1, x1, ge
2094
+ cneg x6, x6, ge
2095
+ csel x4, x5, x4, ge
2096
+ add x5, x5, x6
2097
+ add x1, x1, #0x2
2098
+ tst x5, #0x2
2099
+ asr x5, x5, #1
2100
+ csel x6, x4, xzr, ne
2101
+ ccmp x1, xzr, #0x8, ne
2102
+ cneg x1, x1, ge
2103
+ cneg x6, x6, ge
2104
+ csel x4, x5, x4, ge
2105
+ add x5, x5, x6
2106
+ add x1, x1, #0x2
2107
+ tst x5, #0x2
2108
+ asr x5, x5, #1
2109
+ csel x6, x4, xzr, ne
2110
+ ccmp x1, xzr, #0x8, ne
2111
+ cneg x1, x1, ge
2112
+ cneg x6, x6, ge
2113
+ csel x4, x5, x4, ge
2114
+ add x5, x5, x6
2115
+ add x1, x1, #0x2
2116
+ tst x5, #0x2
2117
+ asr x5, x5, #1
2118
+ csel x6, x4, xzr, ne
2119
+ ccmp x1, xzr, #0x8, ne
2120
+ cneg x1, x1, ge
2121
+ cneg x6, x6, ge
2122
+ csel x4, x5, x4, ge
2123
+ add x5, x5, x6
2124
+ add x1, x1, #0x2
2125
+ tst x5, #0x2
2126
+ asr x5, x5, #1
2127
+ csel x6, x4, xzr, ne
2128
+ ccmp x1, xzr, #0x8, ne
2129
+ cneg x1, x1, ge
2130
+ cneg x6, x6, ge
2131
+ csel x4, x5, x4, ge
2132
+ add x5, x5, x6
2133
+ add x1, x1, #0x2
2134
+ tst x5, #0x2
2135
+ asr x5, x5, #1
2136
+ csel x6, x4, xzr, ne
2137
+ ccmp x1, xzr, #0x8, ne
2138
+ cneg x1, x1, ge
2139
+ cneg x6, x6, ge
2140
+ csel x4, x5, x4, ge
2141
+ add x5, x5, x6
2142
+ add x1, x1, #0x2
2143
+ tst x5, #0x2
2144
+ asr x5, x5, #1
2145
+ csel x6, x4, xzr, ne
2146
+ ccmp x1, xzr, #0x8, ne
2147
+ cneg x1, x1, ge
2148
+ cneg x6, x6, ge
2149
+ csel x4, x5, x4, ge
2150
+ add x5, x5, x6
2151
+ add x1, x1, #0x2
2152
+ tst x5, #0x2
2153
+ asr x5, x5, #1
2154
+ csel x6, x4, xzr, ne
2155
+ ccmp x1, xzr, #0x8, ne
2156
+ cneg x1, x1, ge
2157
+ cneg x6, x6, ge
2158
+ csel x4, x5, x4, ge
2159
+ add x5, x5, x6
2160
+ add x1, x1, #0x2
2161
+ tst x5, #0x2
2162
+ asr x5, x5, #1
2163
+ csel x6, x4, xzr, ne
2164
+ ccmp x1, xzr, #0x8, ne
2165
+ cneg x1, x1, ge
2166
+ cneg x6, x6, ge
2167
+ csel x4, x5, x4, ge
2168
+ add x5, x5, x6
2169
+ add x1, x1, #0x2
2170
+ asr x5, x5, #1
2171
+ add x8, x4, #0x100, lsl #12
2172
+ sbfx x8, x8, #21, #21
2173
+ mov x11, #0x100000
2174
+ add x11, x11, x11, lsl #21
2175
+ add x9, x4, x11
2176
+ asr x9, x9, #42
2177
+ add x10, x5, #0x100, lsl #12
2178
+ sbfx x10, x10, #21, #21
2179
+ add x11, x5, x11
2180
+ asr x11, x11, #42
2181
+ mul x6, x8, x2
2182
+ mul x7, x9, x3
2183
+ mul x2, x10, x2
2184
+ mul x3, x11, x3
2185
+ add x4, x6, x7
2186
+ add x5, x2, x3
2187
+ asr x2, x4, #20
2188
+ asr x3, x5, #20
2189
+ and x4, x2, #0xfffff
2190
+ orr x4, x4, #0xfffffe0000000000
2191
+ and x5, x3, #0xfffff
2192
+ orr x5, x5, #0xc000000000000000
2193
+ tst x5, #0x1
2194
+ csel x6, x4, xzr, ne
2195
+ ccmp x1, xzr, #0x8, ne
2196
+ cneg x1, x1, ge
2197
+ cneg x6, x6, ge
2198
+ csel x4, x5, x4, ge
2199
+ add x5, x5, x6
2200
+ add x1, x1, #0x2
2201
+ tst x5, #0x2
2202
+ asr x5, x5, #1
2203
+ csel x6, x4, xzr, ne
2204
+ ccmp x1, xzr, #0x8, ne
2205
+ cneg x1, x1, ge
2206
+ cneg x6, x6, ge
2207
+ csel x4, x5, x4, ge
2208
+ add x5, x5, x6
2209
+ add x1, x1, #0x2
2210
+ tst x5, #0x2
2211
+ asr x5, x5, #1
2212
+ csel x6, x4, xzr, ne
2213
+ ccmp x1, xzr, #0x8, ne
2214
+ cneg x1, x1, ge
2215
+ cneg x6, x6, ge
2216
+ csel x4, x5, x4, ge
2217
+ add x5, x5, x6
2218
+ add x1, x1, #0x2
2219
+ tst x5, #0x2
2220
+ asr x5, x5, #1
2221
+ csel x6, x4, xzr, ne
2222
+ ccmp x1, xzr, #0x8, ne
2223
+ cneg x1, x1, ge
2224
+ cneg x6, x6, ge
2225
+ csel x4, x5, x4, ge
2226
+ add x5, x5, x6
2227
+ add x1, x1, #0x2
2228
+ tst x5, #0x2
2229
+ asr x5, x5, #1
2230
+ csel x6, x4, xzr, ne
2231
+ ccmp x1, xzr, #0x8, ne
2232
+ cneg x1, x1, ge
2233
+ cneg x6, x6, ge
2234
+ csel x4, x5, x4, ge
2235
+ add x5, x5, x6
2236
+ add x1, x1, #0x2
2237
+ tst x5, #0x2
2238
+ asr x5, x5, #1
2239
+ csel x6, x4, xzr, ne
2240
+ ccmp x1, xzr, #0x8, ne
2241
+ cneg x1, x1, ge
2242
+ cneg x6, x6, ge
2243
+ csel x4, x5, x4, ge
2244
+ add x5, x5, x6
2245
+ add x1, x1, #0x2
2246
+ tst x5, #0x2
2247
+ asr x5, x5, #1
2248
+ csel x6, x4, xzr, ne
2249
+ ccmp x1, xzr, #0x8, ne
2250
+ cneg x1, x1, ge
2251
+ cneg x6, x6, ge
2252
+ csel x4, x5, x4, ge
2253
+ add x5, x5, x6
2254
+ add x1, x1, #0x2
2255
+ tst x5, #0x2
2256
+ asr x5, x5, #1
2257
+ csel x6, x4, xzr, ne
2258
+ ccmp x1, xzr, #0x8, ne
2259
+ cneg x1, x1, ge
2260
+ cneg x6, x6, ge
2261
+ csel x4, x5, x4, ge
2262
+ add x5, x5, x6
2263
+ add x1, x1, #0x2
2264
+ tst x5, #0x2
2265
+ asr x5, x5, #1
2266
+ csel x6, x4, xzr, ne
2267
+ ccmp x1, xzr, #0x8, ne
2268
+ cneg x1, x1, ge
2269
+ cneg x6, x6, ge
2270
+ csel x4, x5, x4, ge
2271
+ add x5, x5, x6
2272
+ add x1, x1, #0x2
2273
+ tst x5, #0x2
2274
+ asr x5, x5, #1
2275
+ csel x6, x4, xzr, ne
2276
+ ccmp x1, xzr, #0x8, ne
2277
+ cneg x1, x1, ge
2278
+ cneg x6, x6, ge
2279
+ csel x4, x5, x4, ge
2280
+ add x5, x5, x6
2281
+ add x1, x1, #0x2
2282
+ tst x5, #0x2
2283
+ asr x5, x5, #1
2284
+ csel x6, x4, xzr, ne
2285
+ ccmp x1, xzr, #0x8, ne
2286
+ cneg x1, x1, ge
2287
+ cneg x6, x6, ge
2288
+ csel x4, x5, x4, ge
2289
+ add x5, x5, x6
2290
+ add x1, x1, #0x2
2291
+ tst x5, #0x2
2292
+ asr x5, x5, #1
2293
+ csel x6, x4, xzr, ne
2294
+ ccmp x1, xzr, #0x8, ne
2295
+ cneg x1, x1, ge
2296
+ cneg x6, x6, ge
2297
+ csel x4, x5, x4, ge
2298
+ add x5, x5, x6
2299
+ add x1, x1, #0x2
2300
+ tst x5, #0x2
2301
+ asr x5, x5, #1
2302
+ csel x6, x4, xzr, ne
2303
+ ccmp x1, xzr, #0x8, ne
2304
+ cneg x1, x1, ge
2305
+ cneg x6, x6, ge
2306
+ csel x4, x5, x4, ge
2307
+ add x5, x5, x6
2308
+ add x1, x1, #0x2
2309
+ tst x5, #0x2
2310
+ asr x5, x5, #1
2311
+ csel x6, x4, xzr, ne
2312
+ ccmp x1, xzr, #0x8, ne
2313
+ cneg x1, x1, ge
2314
+ cneg x6, x6, ge
2315
+ csel x4, x5, x4, ge
2316
+ add x5, x5, x6
2317
+ add x1, x1, #0x2
2318
+ tst x5, #0x2
2319
+ asr x5, x5, #1
2320
+ csel x6, x4, xzr, ne
2321
+ ccmp x1, xzr, #0x8, ne
2322
+ cneg x1, x1, ge
2323
+ cneg x6, x6, ge
2324
+ csel x4, x5, x4, ge
2325
+ add x5, x5, x6
2326
+ add x1, x1, #0x2
2327
+ tst x5, #0x2
2328
+ asr x5, x5, #1
2329
+ csel x6, x4, xzr, ne
2330
+ ccmp x1, xzr, #0x8, ne
2331
+ cneg x1, x1, ge
2332
+ cneg x6, x6, ge
2333
+ csel x4, x5, x4, ge
2334
+ add x5, x5, x6
2335
+ add x1, x1, #0x2
2336
+ tst x5, #0x2
2337
+ asr x5, x5, #1
2338
+ csel x6, x4, xzr, ne
2339
+ ccmp x1, xzr, #0x8, ne
2340
+ cneg x1, x1, ge
2341
+ cneg x6, x6, ge
2342
+ csel x4, x5, x4, ge
2343
+ add x5, x5, x6
2344
+ add x1, x1, #0x2
2345
+ tst x5, #0x2
2346
+ asr x5, x5, #1
2347
+ csel x6, x4, xzr, ne
2348
+ ccmp x1, xzr, #0x8, ne
2349
+ cneg x1, x1, ge
2350
+ cneg x6, x6, ge
2351
+ csel x4, x5, x4, ge
2352
+ add x5, x5, x6
2353
+ add x1, x1, #0x2
2354
+ tst x5, #0x2
2355
+ asr x5, x5, #1
2356
+ csel x6, x4, xzr, ne
2357
+ ccmp x1, xzr, #0x8, ne
2358
+ cneg x1, x1, ge
2359
+ cneg x6, x6, ge
2360
+ csel x4, x5, x4, ge
2361
+ add x5, x5, x6
2362
+ add x1, x1, #0x2
2363
+ tst x5, #0x2
2364
+ asr x5, x5, #1
2365
+ csel x6, x4, xzr, ne
2366
+ ccmp x1, xzr, #0x8, ne
2367
+ cneg x1, x1, ge
2368
+ cneg x6, x6, ge
2369
+ csel x4, x5, x4, ge
2370
+ add x5, x5, x6
2371
+ add x1, x1, #0x2
2372
+ asr x5, x5, #1
2373
+ add x12, x4, #0x100, lsl #12
2374
+ sbfx x12, x12, #21, #21
2375
+ mov x15, #0x100000
2376
+ add x15, x15, x15, lsl #21
2377
+ add x13, x4, x15
2378
+ asr x13, x13, #42
2379
+ add x14, x5, #0x100, lsl #12
2380
+ sbfx x14, x14, #21, #21
2381
+ add x15, x5, x15
2382
+ asr x15, x15, #42
2383
+ mul x6, x12, x2
2384
+ mul x7, x13, x3
2385
+ mul x2, x14, x2
2386
+ mul x3, x15, x3
2387
+ add x4, x6, x7
2388
+ add x5, x2, x3
2389
+ asr x2, x4, #20
2390
+ asr x3, x5, #20
2391
+ and x4, x2, #0xfffff
2392
+ orr x4, x4, #0xfffffe0000000000
2393
+ and x5, x3, #0xfffff
2394
+ orr x5, x5, #0xc000000000000000
2395
+ tst x5, #0x1
2396
+ csel x6, x4, xzr, ne
2397
+ ccmp x1, xzr, #0x8, ne
2398
+ cneg x1, x1, ge
2399
+ cneg x6, x6, ge
2400
+ csel x4, x5, x4, ge
2401
+ add x5, x5, x6
2402
+ add x1, x1, #0x2
2403
+ tst x5, #0x2
2404
+ asr x5, x5, #1
2405
+ csel x6, x4, xzr, ne
2406
+ ccmp x1, xzr, #0x8, ne
2407
+ cneg x1, x1, ge
2408
+ cneg x6, x6, ge
2409
+ csel x4, x5, x4, ge
2410
+ add x5, x5, x6
2411
+ add x1, x1, #0x2
2412
+ tst x5, #0x2
2413
+ asr x5, x5, #1
2414
+ csel x6, x4, xzr, ne
2415
+ ccmp x1, xzr, #0x8, ne
2416
+ cneg x1, x1, ge
2417
+ cneg x6, x6, ge
2418
+ csel x4, x5, x4, ge
2419
+ add x5, x5, x6
2420
+ add x1, x1, #0x2
2421
+ tst x5, #0x2
2422
+ asr x5, x5, #1
2423
+ csel x6, x4, xzr, ne
2424
+ ccmp x1, xzr, #0x8, ne
2425
+ cneg x1, x1, ge
2426
+ cneg x6, x6, ge
2427
+ csel x4, x5, x4, ge
2428
+ add x5, x5, x6
2429
+ add x1, x1, #0x2
2430
+ tst x5, #0x2
2431
+ asr x5, x5, #1
2432
+ csel x6, x4, xzr, ne
2433
+ ccmp x1, xzr, #0x8, ne
2434
+ cneg x1, x1, ge
2435
+ cneg x6, x6, ge
2436
+ csel x4, x5, x4, ge
2437
+ add x5, x5, x6
2438
+ add x1, x1, #0x2
2439
+ tst x5, #0x2
2440
+ asr x5, x5, #1
2441
+ csel x6, x4, xzr, ne
2442
+ ccmp x1, xzr, #0x8, ne
2443
+ cneg x1, x1, ge
2444
+ cneg x6, x6, ge
2445
+ csel x4, x5, x4, ge
2446
+ add x5, x5, x6
2447
+ add x1, x1, #0x2
2448
+ tst x5, #0x2
2449
+ asr x5, x5, #1
2450
+ csel x6, x4, xzr, ne
2451
+ ccmp x1, xzr, #0x8, ne
2452
+ cneg x1, x1, ge
2453
+ cneg x6, x6, ge
2454
+ csel x4, x5, x4, ge
2455
+ add x5, x5, x6
2456
+ add x1, x1, #0x2
2457
+ tst x5, #0x2
2458
+ asr x5, x5, #1
2459
+ csel x6, x4, xzr, ne
2460
+ ccmp x1, xzr, #0x8, ne
2461
+ cneg x1, x1, ge
2462
+ cneg x6, x6, ge
2463
+ csel x4, x5, x4, ge
2464
+ add x5, x5, x6
2465
+ add x1, x1, #0x2
2466
+ tst x5, #0x2
2467
+ asr x5, x5, #1
2468
+ csel x6, x4, xzr, ne
2469
+ ccmp x1, xzr, #0x8, ne
2470
+ cneg x1, x1, ge
2471
+ cneg x6, x6, ge
2472
+ csel x4, x5, x4, ge
2473
+ add x5, x5, x6
2474
+ add x1, x1, #0x2
2475
+ tst x5, #0x2
2476
+ asr x5, x5, #1
2477
+ csel x6, x4, xzr, ne
2478
+ ccmp x1, xzr, #0x8, ne
2479
+ cneg x1, x1, ge
2480
+ cneg x6, x6, ge
2481
+ csel x4, x5, x4, ge
2482
+ add x5, x5, x6
2483
+ add x1, x1, #0x2
2484
+ tst x5, #0x2
2485
+ asr x5, x5, #1
2486
+ mul x2, x12, x8
2487
+ mul x3, x12, x9
2488
+ mul x6, x14, x8
2489
+ mul x7, x14, x9
2490
+ madd x8, x13, x10, x2
2491
+ madd x9, x13, x11, x3
2492
+ madd x16, x15, x10, x6
2493
+ madd x17, x15, x11, x7
2494
+ csel x6, x4, xzr, ne
2495
+ ccmp x1, xzr, #0x8, ne
2496
+ cneg x1, x1, ge
2497
+ cneg x6, x6, ge
2498
+ csel x4, x5, x4, ge
2499
+ add x5, x5, x6
2500
+ add x1, x1, #0x2
2501
+ tst x5, #0x2
2502
+ asr x5, x5, #1
2503
+ csel x6, x4, xzr, ne
2504
+ ccmp x1, xzr, #0x8, ne
2505
+ cneg x1, x1, ge
2506
+ cneg x6, x6, ge
2507
+ csel x4, x5, x4, ge
2508
+ add x5, x5, x6
2509
+ add x1, x1, #0x2
2510
+ tst x5, #0x2
2511
+ asr x5, x5, #1
2512
+ csel x6, x4, xzr, ne
2513
+ ccmp x1, xzr, #0x8, ne
2514
+ cneg x1, x1, ge
2515
+ cneg x6, x6, ge
2516
+ csel x4, x5, x4, ge
2517
+ add x5, x5, x6
2518
+ add x1, x1, #0x2
2519
+ tst x5, #0x2
2520
+ asr x5, x5, #1
2521
+ csel x6, x4, xzr, ne
2522
+ ccmp x1, xzr, #0x8, ne
2523
+ cneg x1, x1, ge
2524
+ cneg x6, x6, ge
2525
+ csel x4, x5, x4, ge
2526
+ add x5, x5, x6
2527
+ add x1, x1, #0x2
2528
+ tst x5, #0x2
2529
+ asr x5, x5, #1
2530
+ csel x6, x4, xzr, ne
2531
+ ccmp x1, xzr, #0x8, ne
2532
+ cneg x1, x1, ge
2533
+ cneg x6, x6, ge
2534
+ csel x4, x5, x4, ge
2535
+ add x5, x5, x6
2536
+ add x1, x1, #0x2
2537
+ tst x5, #0x2
2538
+ asr x5, x5, #1
2539
+ csel x6, x4, xzr, ne
2540
+ ccmp x1, xzr, #0x8, ne
2541
+ cneg x1, x1, ge
2542
+ cneg x6, x6, ge
2543
+ csel x4, x5, x4, ge
2544
+ add x5, x5, x6
2545
+ add x1, x1, #0x2
2546
+ tst x5, #0x2
2547
+ asr x5, x5, #1
2548
+ csel x6, x4, xzr, ne
2549
+ ccmp x1, xzr, #0x8, ne
2550
+ cneg x1, x1, ge
2551
+ cneg x6, x6, ge
2552
+ csel x4, x5, x4, ge
2553
+ add x5, x5, x6
2554
+ add x1, x1, #0x2
2555
+ tst x5, #0x2
2556
+ asr x5, x5, #1
2557
+ csel x6, x4, xzr, ne
2558
+ ccmp x1, xzr, #0x8, ne
2559
+ cneg x1, x1, ge
2560
+ cneg x6, x6, ge
2561
+ csel x4, x5, x4, ge
2562
+ add x5, x5, x6
2563
+ add x1, x1, #0x2
2564
+ tst x5, #0x2
2565
+ asr x5, x5, #1
2566
+ csel x6, x4, xzr, ne
2567
+ ccmp x1, xzr, #0x8, ne
2568
+ cneg x1, x1, ge
2569
+ cneg x6, x6, ge
2570
+ csel x4, x5, x4, ge
2571
+ add x5, x5, x6
2572
+ add x1, x1, #0x2
2573
+ asr x5, x5, #1
2574
+ add x12, x4, #0x100, lsl #12
2575
+ sbfx x12, x12, #22, #21
2576
+ mov x15, #0x100000
2577
+ add x15, x15, x15, lsl #21
2578
+ add x13, x4, x15
2579
+ asr x13, x13, #43
2580
+ add x14, x5, #0x100, lsl #12
2581
+ sbfx x14, x14, #22, #21
2582
+ add x15, x5, x15
2583
+ asr x15, x15, #43
2584
+ mneg x2, x12, x8
2585
+ mneg x3, x12, x9
2586
+ mneg x4, x14, x8
2587
+ mneg x5, x14, x9
2588
+ msub x10, x13, x16, x2
2589
+ msub x11, x13, x17, x3
2590
+ msub x12, x15, x16, x4
2591
+ msub x13, x15, x17, x5
2592
+ mov x22, x1
2593
+ subs x21, x21, #0x1
2594
+ b.ne edwards25519_scalarmuldouble_alt_invloop
2595
+ ldr x0, [sp]
2596
+ ldr x1, [sp, #32]
2597
+ mul x0, x0, x10
2598
+ madd x1, x1, x11, x0
2599
+ asr x0, x1, #63
2600
+ cmp x10, xzr
2601
+ csetm x14, mi
2602
+ cneg x10, x10, mi
2603
+ eor x14, x14, x0
2604
+ cmp x11, xzr
2605
+ csetm x15, mi
2606
+ cneg x11, x11, mi
2607
+ eor x15, x15, x0
2608
+ cmp x12, xzr
2609
+ csetm x16, mi
2610
+ cneg x12, x12, mi
2611
+ eor x16, x16, x0
2612
+ cmp x13, xzr
2613
+ csetm x17, mi
2614
+ cneg x13, x13, mi
2615
+ eor x17, x17, x0
2616
+ and x0, x10, x14
2617
+ and x1, x11, x15
2618
+ add x9, x0, x1
2619
+ ldr x7, [sp, #64]
2620
+ eor x1, x7, x14
2621
+ mul x0, x1, x10
2622
+ umulh x1, x1, x10
2623
+ adds x4, x9, x0
2624
+ adc x2, xzr, x1
2625
+ ldr x8, [sp, #96]
2626
+ eor x1, x8, x15
2627
+ mul x0, x1, x11
2628
+ umulh x1, x1, x11
2629
+ adds x4, x4, x0
2630
+ str x4, [sp, #64]
2631
+ adc x2, x2, x1
2632
+ ldr x7, [sp, #72]
2633
+ eor x1, x7, x14
2634
+ mul x0, x1, x10
2635
+ umulh x1, x1, x10
2636
+ adds x2, x2, x0
2637
+ adc x6, xzr, x1
2638
+ ldr x8, [sp, #104]
2639
+ eor x1, x8, x15
2640
+ mul x0, x1, x11
2641
+ umulh x1, x1, x11
2642
+ adds x2, x2, x0
2643
+ str x2, [sp, #72]
2644
+ adc x6, x6, x1
2645
+ ldr x7, [sp, #80]
2646
+ eor x1, x7, x14
2647
+ mul x0, x1, x10
2648
+ umulh x1, x1, x10
2649
+ adds x6, x6, x0
2650
+ adc x5, xzr, x1
2651
+ ldr x8, [sp, #112]
2652
+ eor x1, x8, x15
2653
+ mul x0, x1, x11
2654
+ umulh x1, x1, x11
2655
+ adds x6, x6, x0
2656
+ str x6, [sp, #80]
2657
+ adc x5, x5, x1
2658
+ ldr x7, [sp, #88]
2659
+ eor x1, x7, x14
2660
+ and x3, x14, x10
2661
+ neg x3, x3
2662
+ mul x0, x1, x10
2663
+ umulh x1, x1, x10
2664
+ adds x5, x5, x0
2665
+ adc x3, x3, x1
2666
+ ldr x8, [sp, #120]
2667
+ eor x1, x8, x15
2668
+ and x0, x15, x11
2669
+ sub x3, x3, x0
2670
+ mul x0, x1, x11
2671
+ umulh x1, x1, x11
2672
+ adds x5, x5, x0
2673
+ adc x3, x3, x1
2674
+ extr x6, x3, x5, #63
2675
+ ldp x0, x1, [sp, #64]
2676
+ tst x3, x3
2677
+ cinc x6, x6, pl
2678
+ mov x3, #0x13
2679
+ mul x4, x6, x3
2680
+ add x5, x5, x6, lsl #63
2681
+ smulh x6, x6, x3
2682
+ ldr x2, [sp, #80]
2683
+ adds x0, x0, x4
2684
+ adcs x1, x1, x6
2685
+ asr x6, x6, #63
2686
+ adcs x2, x2, x6
2687
+ adcs x5, x5, x6
2688
+ csel x3, x3, xzr, mi
2689
+ subs x0, x0, x3
2690
+ sbcs x1, x1, xzr
2691
+ sbcs x2, x2, xzr
2692
+ sbc x5, x5, xzr
2693
+ and x5, x5, #0x7fffffffffffffff
2694
+ mov x4, x20
2695
+ stp x0, x1, [x4]
2696
+ stp x2, x5, [x4, #16]
2697
+
2698
+ // Store result. Note that these are the only reductions mod 2^255-19
2699
+
2700
+ mov p0, res
2701
+ add p1, acc
2702
+ add p2, tabent
2703
+ mul_p25519(x_0,x_1,x_2)
2704
+
2705
+ add p0, res, #32
2706
+ add p1, acc+32
2707
+ add p2, tabent
2708
+ mul_p25519(x_0,x_1,x_2)
2709
+
2710
+ // Restore stack and registers
2711
+
2712
+ add sp, sp, #NSPACE
2713
+ ldp x25, x30, [sp], 16
2714
+ ldp x23, x24, [sp], 16
2715
+ ldp x21, x22, [sp], 16
2716
+ ldp x19, x20, [sp], 16
2717
+
2718
+ ret
2719
+
2720
+ // ****************************************************************************
2721
+ // Localized versions of subroutines.
2722
+ // These are close to the standalone functions "edwards25519_epdouble" etc.,
2723
+ // but are only maintaining reduction modulo 2^256 - 38, not 2^255 - 19.
2724
+ // ****************************************************************************
2725
+
2726
+ edwards25519_scalarmuldouble_alt_epdouble:
2727
+ sub sp, sp, #(5*NUMSIZE)
2728
+ add_twice4(t0,x_1,y_1)
2729
+ sqr_4(t1,z_1)
2730
+ sqr_4(t2,x_1)
2731
+ sqr_4(t3,y_1)
2732
+ double_twice4(t1,t1)
2733
+ sqr_4(t0,t0)
2734
+ add_twice4(t4,t2,t3)
2735
+ sub_twice4(t2,t2,t3)
2736
+ add_twice4(t3,t1,t2)
2737
+ sub_twice4(t1,t4,t0)
2738
+ mul_4(y_0,t2,t4)
2739
+ mul_4(z_0,t3,t2)
2740
+ mul_4(w_0,t1,t4)
2741
+ mul_4(x_0,t1,t3)
2742
+ add sp, sp, #(5*NUMSIZE)
2743
+ ret
2744
+
2745
+ edwards25519_scalarmuldouble_alt_pdouble:
2746
+ sub sp, sp, #(5*NUMSIZE)
2747
+ add_twice4(t0,x_1,y_1)
2748
+ sqr_4(t1,z_1)
2749
+ sqr_4(t2,x_1)
2750
+ sqr_4(t3,y_1)
2751
+ double_twice4(t1,t1)
2752
+ sqr_4(t0,t0)
2753
+ add_twice4(t4,t2,t3)
2754
+ sub_twice4(t2,t2,t3)
2755
+ add_twice4(t3,t1,t2)
2756
+ sub_twice4(t1,t4,t0)
2757
+ mul_4(y_0,t2,t4)
2758
+ mul_4(z_0,t3,t2)
2759
+ mul_4(x_0,t1,t3)
2760
+ add sp, sp, #(5*NUMSIZE)
2761
+ ret
2762
+
2763
+ edwards25519_scalarmuldouble_alt_epadd:
2764
+ sub sp, sp, #(6*NUMSIZE)
2765
+ mul_4(t0,w_1,w_2)
2766
+ sub_twice4(t1,y_1,x_1)
2767
+ sub_twice4(t2,y_2,x_2)
2768
+ add_twice4(t3,y_1,x_1)
2769
+ add_twice4(t4,y_2,x_2)
2770
+ double_twice4(t5,z_2)
2771
+ mul_4(t1,t1,t2)
2772
+ mul_4(t3,t3,t4)
2773
+ load_k25519(t2)
2774
+ mul_4(t2,t2,t0)
2775
+ mul_4(t4,z_1,t5)
2776
+ sub_twice4(t0,t3,t1)
2777
+ add_twice4(t5,t3,t1)
2778
+ sub_twice4(t1,t4,t2)
2779
+ add_twice4(t3,t4,t2)
2780
+ mul_4(w_0,t0,t5)
2781
+ mul_4(x_0,t0,t1)
2782
+ mul_4(y_0,t3,t5)
2783
+ mul_4(z_0,t1,t3)
2784
+ add sp, sp, #(6*NUMSIZE)
2785
+ ret
2786
+
2787
+ edwards25519_scalarmuldouble_alt_pepadd:
2788
+ sub sp, sp, #(6*NUMSIZE)
2789
+ double_twice4(t0,z_1);
2790
+ sub_twice4(t1,y_1,x_1);
2791
+ add_twice4(t2,y_1,x_1);
2792
+ mul_4(t3,w_1,z_2);
2793
+ mul_4(t1,t1,x_2);
2794
+ mul_4(t2,t2,y_2);
2795
+ sub_twice4(t4,t0,t3);
2796
+ add_twice4(t0,t0,t3);
2797
+ sub_twice4(t5,t2,t1);
2798
+ add_twice4(t1,t2,t1);
2799
+ mul_4(z_0,t4,t0);
2800
+ mul_4(x_0,t5,t4);
2801
+ mul_4(y_0,t0,t1);
2802
+ mul_4(w_0,t5,t1);
2803
+ add sp, sp, #(6*NUMSIZE)
2804
+ ret
2805
+
2806
+ // ****************************************************************************
2807
+ // The precomputed data (all read-only). This is currently part of the same
2808
+ // text section, which gives position-independent code with simple PC-relative
2809
+ // addressing. However it could be put in a separate section via something like
2810
+ //
2811
+ // .section .rodata
2812
+ // ****************************************************************************
2813
+
2814
+ // Precomputed table of multiples of generator for edwards25519
2815
+ // all in precomputed extended-projective (y-x,x+y,2*d*x*y) triples.
2816
+
2817
+ edwards25519_scalarmuldouble_alt_table:
2818
+
2819
+ // 1 * G
2820
+
2821
+ .quad 0x9d103905d740913e
2822
+ .quad 0xfd399f05d140beb3
2823
+ .quad 0xa5c18434688f8a09
2824
+ .quad 0x44fd2f9298f81267
2825
+ .quad 0x2fbc93c6f58c3b85
2826
+ .quad 0xcf932dc6fb8c0e19
2827
+ .quad 0x270b4898643d42c2
2828
+ .quad 0x07cf9d3a33d4ba65
2829
+ .quad 0xabc91205877aaa68
2830
+ .quad 0x26d9e823ccaac49e
2831
+ .quad 0x5a1b7dcbdd43598c
2832
+ .quad 0x6f117b689f0c65a8
2833
+
2834
+ // 2 * G
2835
+
2836
+ .quad 0x8a99a56042b4d5a8
2837
+ .quad 0x8f2b810c4e60acf6
2838
+ .quad 0xe09e236bb16e37aa
2839
+ .quad 0x6bb595a669c92555
2840
+ .quad 0x9224e7fc933c71d7
2841
+ .quad 0x9f469d967a0ff5b5
2842
+ .quad 0x5aa69a65e1d60702
2843
+ .quad 0x590c063fa87d2e2e
2844
+ .quad 0x43faa8b3a59b7a5f
2845
+ .quad 0x36c16bdd5d9acf78
2846
+ .quad 0x500fa0840b3d6a31
2847
+ .quad 0x701af5b13ea50b73
2848
+
2849
+ // 3 * G
2850
+
2851
+ .quad 0x56611fe8a4fcd265
2852
+ .quad 0x3bd353fde5c1ba7d
2853
+ .quad 0x8131f31a214bd6bd
2854
+ .quad 0x2ab91587555bda62
2855
+ .quad 0xaf25b0a84cee9730
2856
+ .quad 0x025a8430e8864b8a
2857
+ .quad 0xc11b50029f016732
2858
+ .quad 0x7a164e1b9a80f8f4
2859
+ .quad 0x14ae933f0dd0d889
2860
+ .quad 0x589423221c35da62
2861
+ .quad 0xd170e5458cf2db4c
2862
+ .quad 0x5a2826af12b9b4c6
2863
+
2864
+ // 4 * G
2865
+
2866
+ .quad 0x95fe050a056818bf
2867
+ .quad 0x327e89715660faa9
2868
+ .quad 0xc3e8e3cd06a05073
2869
+ .quad 0x27933f4c7445a49a
2870
+ .quad 0x287351b98efc099f
2871
+ .quad 0x6765c6f47dfd2538
2872
+ .quad 0xca348d3dfb0a9265
2873
+ .quad 0x680e910321e58727
2874
+ .quad 0x5a13fbe9c476ff09
2875
+ .quad 0x6e9e39457b5cc172
2876
+ .quad 0x5ddbdcf9102b4494
2877
+ .quad 0x7f9d0cbf63553e2b
2878
+
2879
+ // 5 * G
2880
+
2881
+ .quad 0x7f9182c3a447d6ba
2882
+ .quad 0xd50014d14b2729b7
2883
+ .quad 0xe33cf11cb864a087
2884
+ .quad 0x154a7e73eb1b55f3
2885
+ .quad 0xa212bc4408a5bb33
2886
+ .quad 0x8d5048c3c75eed02
2887
+ .quad 0xdd1beb0c5abfec44
2888
+ .quad 0x2945ccf146e206eb
2889
+ .quad 0xbcbbdbf1812a8285
2890
+ .quad 0x270e0807d0bdd1fc
2891
+ .quad 0xb41b670b1bbda72d
2892
+ .quad 0x43aabe696b3bb69a
2893
+
2894
+ // 6 * G
2895
+
2896
+ .quad 0x499806b67b7d8ca4
2897
+ .quad 0x575be28427d22739
2898
+ .quad 0xbb085ce7204553b9
2899
+ .quad 0x38b64c41ae417884
2900
+ .quad 0x3a0ceeeb77157131
2901
+ .quad 0x9b27158900c8af88
2902
+ .quad 0x8065b668da59a736
2903
+ .quad 0x51e57bb6a2cc38bd
2904
+ .quad 0x85ac326702ea4b71
2905
+ .quad 0xbe70e00341a1bb01
2906
+ .quad 0x53e4a24b083bc144
2907
+ .quad 0x10b8e91a9f0d61e3
2908
+
2909
+ // 7 * G
2910
+
2911
+ .quad 0xba6f2c9aaa3221b1
2912
+ .quad 0x6ca021533bba23a7
2913
+ .quad 0x9dea764f92192c3a
2914
+ .quad 0x1d6edd5d2e5317e0
2915
+ .quad 0x6b1a5cd0944ea3bf
2916
+ .quad 0x7470353ab39dc0d2
2917
+ .quad 0x71b2528228542e49
2918
+ .quad 0x461bea69283c927e
2919
+ .quad 0xf1836dc801b8b3a2
2920
+ .quad 0xb3035f47053ea49a
2921
+ .quad 0x529c41ba5877adf3
2922
+ .quad 0x7a9fbb1c6a0f90a7
2923
+
2924
+ // 8 * G
2925
+
2926
+ .quad 0xe2a75dedf39234d9
2927
+ .quad 0x963d7680e1b558f9
2928
+ .quad 0x2c2741ac6e3c23fb
2929
+ .quad 0x3a9024a1320e01c3
2930
+ .quad 0x59b7596604dd3e8f
2931
+ .quad 0x6cb30377e288702c
2932
+ .quad 0xb1339c665ed9c323
2933
+ .quad 0x0915e76061bce52f
2934
+ .quad 0xe7c1f5d9c9a2911a
2935
+ .quad 0xb8a371788bcca7d7
2936
+ .quad 0x636412190eb62a32
2937
+ .quad 0x26907c5c2ecc4e95
2938
+
2939
+ #if defined(__linux__) && defined(__ELF__)
2940
+ .section .note.GNU-stack, "", %progbits
2941
+ #endif