pq_crypto 0.6.1 → 0.6.2

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/pointwise_montgomery_aarch64_asm.S

@@ -0,0 +1,84 @@
+/* Copyright (c) The mldsa-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+
+#include "../../../common.h"
+#if defined(MLD_ARITH_BACKEND_AARCH64) &&                                      \
+    (!defined(MLD_CONFIG_NO_SIGN_API) || !defined(MLD_CONFIG_NO_VERIFY_API) || \
+     defined(MLD_CONFIG_REDUCE_RAM) || defined(MLD_UNIT_TEST)) &&              \
+    !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/pointwise_montgomery_aarch64_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+.text
+.balign 4
+.global MLD_ASM_NAMESPACE(poly_pointwise_montgomery_aarch64_asm)
+MLD_ASM_FN_SYMBOL(poly_pointwise_montgomery_aarch64_asm)
+
+        .cfi_startproc
+        mov w3, #0xe001             // =57345
+        movk w3, #0x7f, lsl #16
+        dup v0.4s, w3
+        mov w3, #0x2001             // =8193
+        movk w3, #0x380, lsl #16
+        dup v1.4s, w3
+        mov x3, #0x40               // =64
+
+Lpoly_pointwise_montgomery_loop_start:
+        ldr q16, [x0]
+        ldr q17, [x0, #0x10]
+        ldr q18, [x0, #0x20]
+        ldr q19, [x0, #0x30]
+        ldr q21, [x1, #0x10]
+        ldr q22, [x1, #0x20]
+        ldr q23, [x1, #0x30]
+        ldr q20, [x1], #0x40
+        smull v24.2d, v16.2s, v20.2s
+        smull2 v25.2d, v16.4s, v20.4s
+        smull v26.2d, v17.2s, v21.2s
+        smull2 v27.2d, v17.4s, v21.4s
+        smull v28.2d, v18.2s, v22.2s
+        smull2 v29.2d, v18.4s, v22.4s
+        smull v30.2d, v19.2s, v23.2s
+        smull2 v31.2d, v19.4s, v23.4s
+        uzp1 v16.4s, v24.4s, v25.4s
+        mul v16.4s, v16.4s, v1.4s
+        smlsl v24.2d, v16.2s, v0.2s
+        smlsl2 v25.2d, v16.4s, v0.4s
+        uzp2 v16.4s, v24.4s, v25.4s
+        uzp1 v17.4s, v26.4s, v27.4s
+        mul v17.4s, v17.4s, v1.4s
+        smlsl v26.2d, v17.2s, v0.2s
+        smlsl2 v27.2d, v17.4s, v0.4s
+        uzp2 v17.4s, v26.4s, v27.4s
+        uzp1 v18.4s, v28.4s, v29.4s
+        mul v18.4s, v18.4s, v1.4s
+        smlsl v28.2d, v18.2s, v0.2s
+        smlsl2 v29.2d, v18.4s, v0.4s
+        uzp2 v18.4s, v28.4s, v29.4s
+        uzp1 v19.4s, v30.4s, v31.4s
+        mul v19.4s, v19.4s, v1.4s
+        smlsl v30.2d, v19.2s, v0.2s
+        smlsl2 v31.2d, v19.4s, v0.4s
+        uzp2 v19.4s, v30.4s, v31.4s
+        str q17, [x0, #0x10]
+        str q18, [x0, #0x20]
+        str q19, [x0, #0x30]
+        str q16, [x0], #0x40
+        subs x3, x3, #0x4
+        cbnz x3, Lpoly_pointwise_montgomery_loop_start
+        ret
+        .cfi_endproc
+
+MLD_ASM_FN_SIZE(poly_pointwise_montgomery_aarch64_asm)
+
+#endif /* MLD_ARITH_BACKEND_AARCH64 && (!MLD_CONFIG_NO_SIGN_API || \
+          !MLD_CONFIG_NO_VERIFY_API || MLD_CONFIG_REDUCE_RAM || MLD_UNIT_TEST) \
+          && !MLD_CONFIG_MULTILEVEL_NO_SHARED */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_caddq_aarch64_asm.S

@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) The mldsa-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+#include "../../../common.h"
+
+#if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/poly_caddq_aarch64_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+.text
+.balign 4
+.global MLD_ASM_NAMESPACE(poly_caddq_aarch64_asm)
+MLD_ASM_FN_SYMBOL(poly_caddq_aarch64_asm)
+
+        .cfi_startproc
+        mov w9, #0xe001             // =57345
+        movk w9, #0x7f, lsl #16
+        dup v4.4s, w9
+        mov x1, #0x10               // =16
+
+Lpoly_caddq_loop:
+        ldr q0, [x0]
+        ldr q1, [x0, #0x10]
+        ldr q2, [x0, #0x20]
+        ldr q3, [x0, #0x30]
+        ushr v5.4s, v0.4s, #0x1f
+        mla v0.4s, v5.4s, v4.4s
+        ushr v5.4s, v1.4s, #0x1f
+        mla v1.4s, v5.4s, v4.4s
+        ushr v5.4s, v2.4s, #0x1f
+        mla v2.4s, v5.4s, v4.4s
+        ushr v5.4s, v3.4s, #0x1f
+        mla v3.4s, v5.4s, v4.4s
+        str q1, [x0, #0x10]
+        str q2, [x0, #0x20]
+        str q3, [x0, #0x30]
+        str q0, [x0], #0x40
+        subs x1, x1, #0x1
+        b.ne Lpoly_caddq_loop
+        ret
+        .cfi_endproc
+
+MLD_ASM_FN_SIZE(poly_caddq_aarch64_asm)
+
+#endif /* MLD_ARITH_BACKEND_AARCH64 && !MLD_CONFIG_MULTILEVEL_NO_SHARED */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_chknorm_aarch64_asm.S

@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) The mldsa-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+#include "../../../common.h"
+
+#if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/poly_chknorm_aarch64_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+.text
+.balign 4
+.global MLD_ASM_NAMESPACE(poly_chknorm_aarch64_asm)
+MLD_ASM_FN_SYMBOL(poly_chknorm_aarch64_asm)
+
+        .cfi_startproc
+        dup v20.4s, w1
+        eor v21.16b, v21.16b, v21.16b
+        mov x2, #0x10               // =16
+
+Lpoly_chknorm_loop:
+        ldr q1, [x0, #0x10]
+        ldr q2, [x0, #0x20]
+        ldr q3, [x0, #0x30]
+        ldr q0, [x0], #0x40
+        abs v1.4s, v1.4s
+        cmge v1.4s, v1.4s, v20.4s
+        orr v21.16b, v21.16b, v1.16b
+        abs v2.4s, v2.4s
+        cmge v2.4s, v2.4s, v20.4s
+        orr v21.16b, v21.16b, v2.16b
+        abs v3.4s, v3.4s
+        cmge v3.4s, v3.4s, v20.4s
+        orr v21.16b, v21.16b, v3.16b
+        abs v0.4s, v0.4s
+        cmge v0.4s, v0.4s, v20.4s
+        orr v21.16b, v21.16b, v0.16b
+        subs x2, x2, #0x1
+        b.ne Lpoly_chknorm_loop
+        umaxv s21, v21.4s
+        fmov w0, s21
+        and w0, w0, #0x1
+        ret
+        .cfi_endproc
+
+MLD_ASM_FN_SIZE(poly_chknorm_aarch64_asm)
+
+#endif /* MLD_ARITH_BACKEND_AARCH64 && !MLD_CONFIG_MULTILEVEL_NO_SHARED */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_decompose_32_aarch64_asm.S

@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) The mldsa-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+#include "../../../common.h"
+
+#if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_NO_SIGN_API) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED) && \
+           (defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || (MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_PARAMETER_SET == 87))
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/poly_decompose_32_aarch64_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+.text
+.balign 4
+.global MLD_ASM_NAMESPACE(poly_decompose_32_aarch64_asm)
+MLD_ASM_FN_SYMBOL(poly_decompose_32_aarch64_asm)
+
+        .cfi_startproc
+        mov w4, #0xe001             // =57345
+        movk w4, #0x7f, lsl #16
+        dup v20.4s, w4
+        mov w5, #0xe100             // =57600
+        movk w5, #0x7b, lsl #16
+        dup v21.4s, w5
+        mov w7, #0xfe00             // =65024
+        movk w7, #0x7, lsl #16
+        dup v22.4s, w7
+        mov w11, #0x401             // =1025
+        movk w11, #0x4010, lsl #16
+        dup v23.4s, w11
+        mov x3, #0x10               // =16
+
+Lpoly_decompose_32_loop:
+        ldr q0, [x1]
+        ldr q1, [x1, #0x10]
+        ldr q2, [x1, #0x20]
+        ldr q3, [x1, #0x30]
+        sqdmulh v5.4s, v1.4s, v23.4s
+        srshr v5.4s, v5.4s, #0x12
+        cmgt v24.4s, v1.4s, v21.4s
+        mls v1.4s, v5.4s, v22.4s
+        bic v5.16b, v5.16b, v24.16b
+        add v1.4s, v1.4s, v24.4s
+        sqdmulh v6.4s, v2.4s, v23.4s
+        srshr v6.4s, v6.4s, #0x12
+        cmgt v24.4s, v2.4s, v21.4s
+        mls v2.4s, v6.4s, v22.4s
+        bic v6.16b, v6.16b, v24.16b
+        add v2.4s, v2.4s, v24.4s
+        sqdmulh v7.4s, v3.4s, v23.4s
+        srshr v7.4s, v7.4s, #0x12
+        cmgt v24.4s, v3.4s, v21.4s
+        mls v3.4s, v7.4s, v22.4s
+        bic v7.16b, v7.16b, v24.16b
+        add v3.4s, v3.4s, v24.4s
+        sqdmulh v4.4s, v0.4s, v23.4s
+        srshr v4.4s, v4.4s, #0x12
+        cmgt v24.4s, v0.4s, v21.4s
+        mls v0.4s, v4.4s, v22.4s
+        bic v4.16b, v4.16b, v24.16b
+        add v0.4s, v0.4s, v24.4s
+        str q5, [x0, #0x10]
+        str q6, [x0, #0x20]
+        str q7, [x0, #0x30]
+        str q4, [x0], #0x40
+        str q1, [x1, #0x10]
+        str q2, [x1, #0x20]
+        str q3, [x1, #0x30]
+        str q0, [x1], #0x40
+        subs x3, x3, #0x1
+        b.ne Lpoly_decompose_32_loop
+        ret
+        .cfi_endproc
+
+MLD_ASM_FN_SIZE(poly_decompose_32_aarch64_asm)
+
+#endif /* MLD_ARITH_BACKEND_AARCH64 && !MLD_CONFIG_NO_SIGN_API && \
+          !MLD_CONFIG_MULTILEVEL_NO_SHARED && \
+          (MLD_CONFIG_MULTILEVEL_WITH_SHARED || MLD_CONFIG_PARAMETER_SET == 65 \
+          || MLD_CONFIG_PARAMETER_SET == 87) */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_decompose_88_aarch64_asm.S

@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) The mldsa-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+#include "../../../common.h"
+
+#if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_NO_SIGN_API) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED) && \
+           (defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || MLD_CONFIG_PARAMETER_SET == 44)
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/poly_decompose_88_aarch64_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+.text
+.balign 4
+.global MLD_ASM_NAMESPACE(poly_decompose_88_aarch64_asm)
+MLD_ASM_FN_SYMBOL(poly_decompose_88_aarch64_asm)
+
+        .cfi_startproc
+        mov w4, #0xe001             // =57345
+        movk w4, #0x7f, lsl #16
+        dup v20.4s, w4
+        mov w5, #0x6c00             // =27648
+        movk w5, #0x7e, lsl #16
+        dup v21.4s, w5
+        mov w7, #0xe800             // =59392
+        movk w7, #0x2, lsl #16
+        dup v22.4s, w7
+        mov w11, #0x581             // =1409
+        movk w11, #0x5816, lsl #16
+        dup v23.4s, w11
+        mov x3, #0x10               // =16
+
+Lpoly_decompose_88_loop:
+        ldr q0, [x1]
+        ldr q1, [x1, #0x10]
+        ldr q2, [x1, #0x20]
+        ldr q3, [x1, #0x30]
+        sqdmulh v5.4s, v1.4s, v23.4s
+        srshr v5.4s, v5.4s, #0x11
+        cmgt v24.4s, v1.4s, v21.4s
+        mls v1.4s, v5.4s, v22.4s
+        bic v5.16b, v5.16b, v24.16b
+        add v1.4s, v1.4s, v24.4s
+        sqdmulh v6.4s, v2.4s, v23.4s
+        srshr v6.4s, v6.4s, #0x11
+        cmgt v24.4s, v2.4s, v21.4s
+        mls v2.4s, v6.4s, v22.4s
+        bic v6.16b, v6.16b, v24.16b
+        add v2.4s, v2.4s, v24.4s
+        sqdmulh v7.4s, v3.4s, v23.4s
+        srshr v7.4s, v7.4s, #0x11
+        cmgt v24.4s, v3.4s, v21.4s
+        mls v3.4s, v7.4s, v22.4s
+        bic v7.16b, v7.16b, v24.16b
+        add v3.4s, v3.4s, v24.4s
+        sqdmulh v4.4s, v0.4s, v23.4s
+        srshr v4.4s, v4.4s, #0x11
+        cmgt v24.4s, v0.4s, v21.4s
+        mls v0.4s, v4.4s, v22.4s
+        bic v4.16b, v4.16b, v24.16b
+        add v0.4s, v0.4s, v24.4s
+        str q5, [x0, #0x10]
+        str q6, [x0, #0x20]
+        str q7, [x0, #0x30]
+        str q4, [x0], #0x40
+        str q1, [x1, #0x10]
+        str q2, [x1, #0x20]
+        str q3, [x1, #0x30]
+        str q0, [x1], #0x40
+        subs x3, x3, #0x1
+        b.ne Lpoly_decompose_88_loop
+        ret
+        .cfi_endproc
+
+MLD_ASM_FN_SIZE(poly_decompose_88_aarch64_asm)
+
+#endif /* MLD_ARITH_BACKEND_AARCH64 && !MLD_CONFIG_NO_SIGN_API && \
+          !MLD_CONFIG_MULTILEVEL_NO_SHARED && \
+          (MLD_CONFIG_MULTILEVEL_WITH_SHARED || MLD_CONFIG_PARAMETER_SET == 44) \
+        */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_use_hint_32_aarch64_asm.S

@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) The mldsa-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+#include "../../../common.h"
+
+#if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_NO_VERIFY_API) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED) && \
+           (defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || (MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_PARAMETER_SET == 87))
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/poly_use_hint_32_aarch64_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+.text
+.balign 4
+.global MLD_ASM_NAMESPACE(poly_use_hint_32_aarch64_asm)
+MLD_ASM_FN_SYMBOL(poly_use_hint_32_aarch64_asm)
+
+        .cfi_startproc
+        mov w4, #0xe001             // =57345
+        movk w4, #0x7f, lsl #16
+        dup v20.4s, w4
+        mov w5, #0xe100             // =57600
+        movk w5, #0x7b, lsl #16
+        dup v21.4s, w5
+        mov w7, #0xfe00             // =65024
+        movk w7, #0x7, lsl #16
+        dup v22.4s, w7
+        mov w11, #0x401             // =1025
+        movk w11, #0x4010, lsl #16
+        dup v23.4s, w11
+        movi v24.4s, #0xf
+        mov x3, #0x10               // =16
+
+Lpoly_use_hint_32_loop:
+        ldr q1, [x0, #0x10]
+        ldr q2, [x0, #0x20]
+        ldr q3, [x0, #0x30]
+        ldr q0, [x0]
+        ldr q5, [x1, #0x10]
+        ldr q6, [x1, #0x20]
+        ldr q7, [x1, #0x30]
+        ldr q4, [x1], #0x40
+        sqdmulh v17.4s, v1.4s, v23.4s
+        srshr v17.4s, v17.4s, #0x12
+        cmgt v25.4s, v1.4s, v21.4s
+        mls v1.4s, v17.4s, v22.4s
+        bic v17.16b, v17.16b, v25.16b
+        add v1.4s, v1.4s, v25.4s
+        cmle v1.4s, v1.4s, #0
+        orr v1.4s, #0x1
+        mla v17.4s, v1.4s, v5.4s
+        and v17.16b, v17.16b, v24.16b
+        sqdmulh v18.4s, v2.4s, v23.4s
+        srshr v18.4s, v18.4s, #0x12
+        cmgt v25.4s, v2.4s, v21.4s
+        mls v2.4s, v18.4s, v22.4s
+        bic v18.16b, v18.16b, v25.16b
+        add v2.4s, v2.4s, v25.4s
+        cmle v2.4s, v2.4s, #0
+        orr v2.4s, #0x1
+        mla v18.4s, v2.4s, v6.4s
+        and v18.16b, v18.16b, v24.16b
+        sqdmulh v19.4s, v3.4s, v23.4s
+        srshr v19.4s, v19.4s, #0x12
+        cmgt v25.4s, v3.4s, v21.4s
+        mls v3.4s, v19.4s, v22.4s
+        bic v19.16b, v19.16b, v25.16b
+        add v3.4s, v3.4s, v25.4s
+        cmle v3.4s, v3.4s, #0
+        orr v3.4s, #0x1
+        mla v19.4s, v3.4s, v7.4s
+        and v19.16b, v19.16b, v24.16b
+        sqdmulh v16.4s, v0.4s, v23.4s
+        srshr v16.4s, v16.4s, #0x12
+        cmgt v25.4s, v0.4s, v21.4s
+        mls v0.4s, v16.4s, v22.4s
+        bic v16.16b, v16.16b, v25.16b
+        add v0.4s, v0.4s, v25.4s
+        cmle v0.4s, v0.4s, #0
+        orr v0.4s, #0x1
+        mla v16.4s, v0.4s, v4.4s
+        and v16.16b, v16.16b, v24.16b
+        str q17, [x0, #0x10]
+        str q18, [x0, #0x20]
+        str q19, [x0, #0x30]
+        str q16, [x0], #0x40
+        subs x3, x3, #0x1
+        b.ne Lpoly_use_hint_32_loop
+        ret
+        .cfi_endproc
+
+MLD_ASM_FN_SIZE(poly_use_hint_32_aarch64_asm)
+
+#endif /* MLD_ARITH_BACKEND_AARCH64 && !MLD_CONFIG_NO_VERIFY_API && \
+          !MLD_CONFIG_MULTILEVEL_NO_SHARED && \
+          (MLD_CONFIG_MULTILEVEL_WITH_SHARED || MLD_CONFIG_PARAMETER_SET == 65 \
+          || MLD_CONFIG_PARAMETER_SET == 87) */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_use_hint_88_aarch64_asm.S

@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) The mldsa-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+#include "../../../common.h"
+
+#if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_NO_VERIFY_API) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED) && \
+           (defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || MLD_CONFIG_PARAMETER_SET == 44)
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/poly_use_hint_88_aarch64_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+.text
+.balign 4
+.global MLD_ASM_NAMESPACE(poly_use_hint_88_aarch64_asm)
+MLD_ASM_FN_SYMBOL(poly_use_hint_88_aarch64_asm)
+
+        .cfi_startproc
+        mov w4, #0xe001             // =57345
+        movk w4, #0x7f, lsl #16
+        dup v20.4s, w4
+        mov w5, #0x6c00             // =27648
+        movk w5, #0x7e, lsl #16
+        dup v21.4s, w5
+        mov w7, #0xe800             // =59392
+        movk w7, #0x2, lsl #16
+        dup v22.4s, w7
+        mov w11, #0x581             // =1409
+        movk w11, #0x5816, lsl #16
+        dup v23.4s, w11
+        movi v24.4s, #0x2b
+        mov x3, #0x10               // =16
+
+Lpoly_use_hint_88_loop:
+        ldr q1, [x0, #0x10]
+        ldr q2, [x0, #0x20]
+        ldr q3, [x0, #0x30]
+        ldr q0, [x0]
+        ldr q5, [x1, #0x10]
+        ldr q6, [x1, #0x20]
+        ldr q7, [x1, #0x30]
+        ldr q4, [x1], #0x40
+        sqdmulh v17.4s, v1.4s, v23.4s
+        srshr v17.4s, v17.4s, #0x11
+        cmgt v25.4s, v1.4s, v21.4s
+        mls v1.4s, v17.4s, v22.4s
+        bic v17.16b, v17.16b, v25.16b
+        add v1.4s, v1.4s, v25.4s
+        cmle v1.4s, v1.4s, #0
+        orr v1.4s, #0x1
+        mla v17.4s, v1.4s, v5.4s
+        cmgt v25.4s, v17.4s, v24.4s
+        bic v17.16b, v17.16b, v25.16b
+        umin v17.4s, v17.4s, v24.4s
+        sqdmulh v18.4s, v2.4s, v23.4s
+        srshr v18.4s, v18.4s, #0x11
+        cmgt v25.4s, v2.4s, v21.4s
+        mls v2.4s, v18.4s, v22.4s
+        bic v18.16b, v18.16b, v25.16b
+        add v2.4s, v2.4s, v25.4s
+        cmle v2.4s, v2.4s, #0
+        orr v2.4s, #0x1
+        mla v18.4s, v2.4s, v6.4s
+        cmgt v25.4s, v18.4s, v24.4s
+        bic v18.16b, v18.16b, v25.16b
+        umin v18.4s, v18.4s, v24.4s
+        sqdmulh v19.4s, v3.4s, v23.4s
+        srshr v19.4s, v19.4s, #0x11
+        cmgt v25.4s, v3.4s, v21.4s
+        mls v3.4s, v19.4s, v22.4s
+        bic v19.16b, v19.16b, v25.16b
+        add v3.4s, v3.4s, v25.4s
+        cmle v3.4s, v3.4s, #0
+        orr v3.4s, #0x1
+        mla v19.4s, v3.4s, v7.4s
+        cmgt v25.4s, v19.4s, v24.4s
+        bic v19.16b, v19.16b, v25.16b
+        umin v19.4s, v19.4s, v24.4s
+        sqdmulh v16.4s, v0.4s, v23.4s
+        srshr v16.4s, v16.4s, #0x11
+        cmgt v25.4s, v0.4s, v21.4s
+        mls v0.4s, v16.4s, v22.4s
+        bic v16.16b, v16.16b, v25.16b
+        add v0.4s, v0.4s, v25.4s
+        cmle v0.4s, v0.4s, #0
+        orr v0.4s, #0x1
+        mla v16.4s, v0.4s, v4.4s
+        cmgt v25.4s, v16.4s, v24.4s
+        bic v16.16b, v16.16b, v25.16b
+        umin v16.4s, v16.4s, v24.4s
+        str q17, [x0, #0x10]
+        str q18, [x0, #0x20]
+        str q19, [x0, #0x30]
+        str q16, [x0], #0x40
+        subs x3, x3, #0x1
+        b.ne Lpoly_use_hint_88_loop
+        ret
+        .cfi_endproc
+
+MLD_ASM_FN_SIZE(poly_use_hint_88_aarch64_asm)
+
+#endif /* MLD_ARITH_BACKEND_AARCH64 && !MLD_CONFIG_NO_VERIFY_API && \
+          !MLD_CONFIG_MULTILEVEL_NO_SHARED && \
+          (MLD_CONFIG_MULTILEVEL_WITH_SHARED || MLD_CONFIG_PARAMETER_SET == 44) \
+        */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/polyz_unpack_17_aarch64_asm.S

@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) The mldsa-native project authors
+ * Copyright (c) The mlkem-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+
+ #include "../../../common.h"
+#if defined(MLD_ARITH_BACKEND_AARCH64) && \
+           (!defined(MLD_CONFIG_NO_SIGN_API) || !defined(MLD_CONFIG_NO_VERIFY_API)) && \
+           !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED) && \
+           (defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || MLD_CONFIG_PARAMETER_SET == 44)
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/polyz_unpack_17_aarch64_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+.text
+.balign 4
+.global MLD_ASM_NAMESPACE(polyz_unpack_17_aarch64_asm)
+MLD_ASM_FN_SYMBOL(polyz_unpack_17_aarch64_asm)
+
+        .cfi_startproc
+        ldr q24, [x2]
+        ldr q25, [x2, #0x10]
+        ldr q26, [x2, #0x20]
+        ldr q27, [x2, #0x30]
+        mov x3, #0xfe00000000       // =1090921693184
+        mov v28.d[0], x3
+        mov x3, #0xfc               // =252
+        movk x3, #0xfa, lsl #32
+        mov v28.d[1], x3
+        movi v29.4s, #0x3, msl #16
+        movi v30.4s, #0x2, lsl #16
+        mov x9, #0x10               // =16
+
+Lpolyz_unpack_17_loop:
+        ld1 { v0.16b, v1.16b }, [x1]
+        add x1, x1, #0x14
+        ld1 { v2.16b }, [x1], #16
+        tbl v4.16b, { v0.16b }, v24.16b
+        tbl v5.16b, { v0.16b, v1.16b }, v25.16b
+        tbl v6.16b, { v1.16b }, v26.16b
+        tbl v7.16b, { v1.16b, v2.16b }, v27.16b
+        ushl v4.4s, v4.4s, v28.4s
+        and v4.16b, v4.16b, v29.16b
+        sub v4.4s, v30.4s, v4.4s
+        ushl v5.4s, v5.4s, v28.4s
+        and v5.16b, v5.16b, v29.16b
+        sub v5.4s, v30.4s, v5.4s
+        ushl v6.4s, v6.4s, v28.4s
+        and v6.16b, v6.16b, v29.16b
+        sub v6.4s, v30.4s, v6.4s
+        ushl v7.4s, v7.4s, v28.4s
+        and v7.16b, v7.16b, v29.16b
+        sub v7.4s, v30.4s, v7.4s
+        str q5, [x0, #0x10]
+        str q6, [x0, #0x20]
+        str q7, [x0, #0x30]
+        str q4, [x0], #0x40
+        subs x9, x9, #0x1
+        b.ne Lpolyz_unpack_17_loop
+        ret
+        .cfi_endproc
+
+MLD_ASM_FN_SIZE(polyz_unpack_17_aarch64_asm)
+
+#endif /* MLD_ARITH_BACKEND_AARCH64 && (!MLD_CONFIG_NO_SIGN_API || \
+          !MLD_CONFIG_NO_VERIFY_API) && !MLD_CONFIG_MULTILEVEL_NO_SHARED && \
+          (MLD_CONFIG_MULTILEVEL_WITH_SHARED || MLD_CONFIG_PARAMETER_SET == 44) \
+        */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif