x25519-termux 1.1.0

data/Rakefile

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/clean"
+
+CLEAN.include("**/*.o", "**/*.so", "**/*.bundle", "pkg", "tmp")
+
+require "rake/extensiontask"
+Rake::ExtensionTask.new("x25519_ref10") do |ext|
+  ext.ext_dir = "ext/x25519_ref10"
+end
+
+# unless ARGV.include? '--disable-preccomputed'
+#   Rake::ExtensionTask.new("x25519_precomputed") do |ext|
+#     ext.ext_dir = "ext/x25519_precomputed"
+#   end
+# end
+
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new
+
+require "rubocop/rake_task"
+RuboCop::RakeTask.new
+
+task default: %w[compile spec rubocop]

data/appveyor.yml

@@ -0,0 +1,20 @@
+branches:
+  only:
+    - master
+
+environment:
+  PATH: C:\Ruby%RUBY_VERSION%\DevKit\mingw\bin;C:\Ruby%RUBY_VERSION%\bin;C:\Ruby%RUBY_VERSION%\DevKit\bin;%PATH%
+  matrix:
+  - RUBY_VERSION: "22-x64"
+  - RUBY_VERSION: "23-x64"
+  - RUBY_VERSION: "24-x64"
+
+build: off
+
+test_script:
+  - SET RAKEOPT=-rdevkit
+  - ruby -v
+  - gem -v
+  - bundle -v
+  - bundle
+  - bundle exec rake compile spec

data/ext/extconf_helpers.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+# rubocop:disable Style/GlobalVars
+
+def add_cflags flags
+  print "checking if the C compiler accepts #{flags}... "
+  with_cflags("#{$CFLAGS} #{flags}") do
+    if test_compile
+      puts 'OK'
+      true
+    else
+      puts "\rC compiler does not accept #{flags}"
+      false
+    end
+  end
+end
+
+def test_compile
+  try_compile "int main() {return 0;}", "", {werror: true}
+end

data/ext/x25519_precomputed/cputest.c

@@ -0,0 +1,74 @@
+/*
+Test for 4th generation Intel Core processor family features (e.g. Haswell)
+From https://software.intel.com/en-us/articles/how-to-detect-new-instruction-support-in-the-4th-generation-intel-core-processor-family
+*/
+
+#include <stdint.h>
+#if defined(_MSC_VER)
+# include <intrin.h>
+#endif
+
+static void run_cpuid(uint32_t eax, uint32_t ecx, uint32_t* abcd)
+{
+#if defined(_MSC_VER)
+    __cpuidex(abcd, eax, ecx);
+#else
+    uint32_t ebx = 0, edx;
+# if defined( __i386__ ) && defined ( __PIC__ )
+     /* in case of PIC under 32-bit EBX cannot be clobbered */
+    __asm__ ( "movl %%ebx, %%edi \n\t cpuid \n\t xchgl %%ebx, %%edi" : "=D" (ebx),
+# else
+    __asm__ ( "cpuid" : "+b" (ebx),
+# endif
+              "+a" (eax), "+c" (ecx), "=d" (edx) );
+    abcd[0] = eax; abcd[1] = ebx; abcd[2] = ecx; abcd[3] = edx;
+#endif
+}
+
+static int check_xcr0_ymm()
+{
+    uint32_t xcr0;
+#if defined(_MSC_VER)
+    xcr0 = (uint32_t)_xgetbv(0);  /* min VS2010 SP1 compiler is required */
+#else
+    __asm__ ("xgetbv" : "=a" (xcr0) : "c" (0) : "%edx" );
+#endif
+    return ((xcr0 & 6) == 6); /* checking if xmm and ymm state are enabled in XCR0 */
+}
+
+int check_4th_gen_intel_core_features()
+{
+    uint32_t abcd[4];
+    uint32_t fma_movbe_osxsave_mask = ((1 << 12) | (1 << 22) | (1 << 27));
+    uint32_t avx2_bmi12_mask = (1 << 5) | (1 << 3) | (1 << 8);
+
+    extern int errno;
+
+    /* CPUID.(EAX=01H, ECX=0H):ECX.FMA[bit 12]==1   &&
+       CPUID.(EAX=01H, ECX=0H):ECX.MOVBE[bit 22]==1 &&
+       CPUID.(EAX=01H, ECX=0H):ECX.OSXSAVE[bit 27]==1 */
+    run_cpuid( 1, 0, abcd );
+
+    if (errno)
+        return 0;
+
+    if ( (abcd[2] & fma_movbe_osxsave_mask) != fma_movbe_osxsave_mask )
+        return 0;
+
+    if ( ! check_xcr0_ymm() )
+        return 0;
+
+    /*  CPUID.(EAX=07H, ECX=0H):EBX.AVX2[bit 5]==1  &&
+        CPUID.(EAX=07H, ECX=0H):EBX.BMI1[bit 3]==1  &&
+        CPUID.(EAX=07H, ECX=0H):EBX.BMI2[bit 8]==1  */
+    run_cpuid( 7, 0, abcd );
+    if ( (abcd[1] & avx2_bmi12_mask) != avx2_bmi12_mask )
+        return 0;
+
+    /* CPUID.(EAX=80000001H):ECX.LZCNT[bit 5]==1 */
+    run_cpuid( 0x80000001, 0, abcd );
+    if ( (abcd[2] & (1 << 5)) == 0)
+        return 0;
+
+    return 1;
+}

data/ext/x25519_precomputed/extconf.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+# rubocop:disable Style/GlobalVars
+
+require "mkmf"
+
+require_relative '../extconf_helpers'
+
+if enable_config('precomputed') == false
+  add_cflags ' -DDISABLE_PRECOMPUTED'
+end
+
+add_cflags '-Wall -O3 -pedantic -std=c99'
+add_cflags '-mbmi -mbmi2'
+add_cflags '-march=native -mtune=native'
+
+create_makefile("x25519_precomputed")
+
+# rubocop:enable Style/GlobalVars

data/ext/x25519_precomputed/fp25519_x64.c

@@ -0,0 +1,943 @@
+/**
+ * Copyright (c) 2017, Armando Faz <armfazh@ic.unicamp.br>. All rights reserved.
+ * Institute of Computing.
+ * University of Campinas, Brazil.
+ *
+ * Copyright (C) 2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2018 Samuel Neves <sneves@dei.uc.pt>. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions and the following
+ *    disclaimer in the documentation and/or other materials provided
+ *    with the distribution.
+ *  * Neither the name of University of Campinas nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "fp25519_x64.h"
+
+/**
+ *
+ * @param c Two 512-bit products: c0[0:7]=a0[0:3]*b0[0:3] and c1[8:15]=a1[4:7]*b1[4:7]
+ * @param a Two 256-bit integers: a0[0:3] and a1[4:7]
+ * @param b Two 256-bit integers: b0[0:3] and b1[4:7]
+ */
+void mul2_256x256_integer_x64(uint64_t *const c, uint64_t *const a,
+                              uint64_t *const b) {
+#ifdef __BMI2__
+#ifdef __ADX__
+  __asm__ __volatile__(
+    "xorl %%r14d, %%r14d ;"
+    "movq   (%1), %%rdx; " /* A[0] */
+    "mulx   (%2),  %%r8, %%r12; " /* A[0]*B[0] */  "xorl %%r10d, %%r10d ;"  "movq %%r8, (%0) ;"
+    "mulx  8(%2), %%r10, %%rax; " /* A[0]*B[1] */  "adox %%r10, %%r12 ;"
+    "mulx 16(%2),  %%r8, %%rbx; " /* A[0]*B[2] */  "adox  %%r8, %%rax ;"
+    "mulx 24(%2), %%r10, %%rcx; " /* A[0]*B[3] */  "adox %%r10, %%rbx ;"
+    /*******************************************/  "adox %%r14, %%rcx ;"
+
+    "movq  8(%1), %%rdx; " /* A[1] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[1]*B[0] */  "adox %%r12,  %%r8 ;"  "movq  %%r8, 8(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[1]*B[1] */  "adox %%r10,  %%r9 ;"  "adcx  %%r9, %%rax ;"
+    "mulx 16(%2),  %%r8, %%r13; " /* A[1]*B[2] */  "adox  %%r8, %%r11 ;"  "adcx %%r11, %%rbx ;"
+    "mulx 24(%2), %%r10, %%r12; " /* A[1]*B[3] */  "adox %%r10, %%r13 ;"  "adcx %%r13, %%rcx ;"
+    /*******************************************/  "adox %%r14, %%r12 ;"  "adcx %%r14, %%r12 ;"
+
+    "movq 16(%1), %%rdx; " /* A[2] */              "xorl %%r10d, %%r10d ;"
+    "mulx   (%2),  %%r8,  %%r9; " /* A[2]*B[0] */  "adox %%rax,  %%r8 ;"  "movq %%r8, 16(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[2]*B[1] */  "adox %%r10,  %%r9 ;"  "adcx  %%r9, %%rbx ;"
+    "mulx 16(%2),  %%r8, %%r13; " /* A[2]*B[2] */  "adox  %%r8, %%r11 ;"  "adcx %%r11, %%rcx ;"
+    "mulx 24(%2), %%r10, %%rax; " /* A[2]*B[3] */  "adox %%r10, %%r13 ;"  "adcx %%r13, %%r12 ;"
+    /*******************************************/  "adox %%r14, %%rax ;"  "adcx %%r14, %%rax ;"
+
+    "movq 24(%1), %%rdx; " /* A[3] */              "xorl %%r10d, %%r10d ;"
+    "mulx   (%2),  %%r8,  %%r9; " /* A[3]*B[0] */  "adox %%rbx,  %%r8 ;"  "movq %%r8, 24(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[3]*B[1] */  "adox %%r10,  %%r9 ;"  "adcx  %%r9, %%rcx ;"  "movq %%rcx, 32(%0) ;"
+    "mulx 16(%2),  %%r8, %%r13; " /* A[3]*B[2] */  "adox  %%r8, %%r11 ;"  "adcx %%r11, %%r12 ;"  "movq %%r12, 40(%0) ;"
+    "mulx 24(%2), %%r10, %%rbx; " /* A[3]*B[3] */  "adox %%r10, %%r13 ;"  "adcx %%r13, %%rax ;"  "movq %%rax, 48(%0) ;"
+    /*******************************************/  "adox %%r14, %%rbx ;"  "adcx %%r14, %%rbx ;"  "movq %%rbx, 56(%0) ;"
+
+    "movq 32(%1), %%rdx; " /* C[0] */
+    "mulx 32(%2),  %%r8, %%r12; " /* C[0]*D[0] */  "xorl %%r10d, %%r10d ;" "movq %%r8, 64(%0);"
+    "mulx 40(%2), %%r10, %%rax; " /* C[0]*D[1] */  "adox %%r10, %%r12 ;"
+    "mulx 48(%2),  %%r8, %%rbx; " /* C[0]*D[2] */  "adox  %%r8, %%rax ;"
+    "mulx 56(%2), %%r10, %%rcx; " /* C[0]*D[3] */  "adox %%r10, %%rbx ;"
+    /*******************************************/  "adox %%r14, %%rcx ;"
+
+    "movq 40(%1), %%rdx; " /* C[1] */              "xorl %%r10d, %%r10d ;"
+    "mulx 32(%2),  %%r8,  %%r9; " /* C[1]*D[0] */  "adox %%r12,  %%r8 ;"  "movq  %%r8, 72(%0);"
+    "mulx 40(%2), %%r10, %%r11; " /* C[1]*D[1] */  "adox %%r10,  %%r9 ;"  "adcx  %%r9, %%rax ;"
+    "mulx 48(%2),  %%r8, %%r13; " /* C[1]*D[2] */  "adox  %%r8, %%r11 ;"  "adcx %%r11, %%rbx ;"
+    "mulx 56(%2), %%r10, %%r12; " /* C[1]*D[3] */  "adox %%r10, %%r13 ;"  "adcx %%r13, %%rcx ;"
+    /*******************************************/  "adox %%r14, %%r12 ;"  "adcx %%r14, %%r12 ;"
+
+    "movq 48(%1), %%rdx; " /* C[2] */              "xorl %%r10d, %%r10d ;"
+    "mulx 32(%2),  %%r8,  %%r9; " /* C[2]*D[0] */  "adox %%rax,  %%r8 ;"  "movq  %%r8, 80(%0);"
+    "mulx 40(%2), %%r10, %%r11; " /* C[2]*D[1] */  "adox %%r10,  %%r9 ;"  "adcx  %%r9, %%rbx ;"
+    "mulx 48(%2),  %%r8, %%r13; " /* C[2]*D[2] */  "adox  %%r8, %%r11 ;"  "adcx %%r11, %%rcx ;"
+    "mulx 56(%2), %%r10, %%rax; " /* C[2]*D[3] */  "adox %%r10, %%r13 ;"  "adcx %%r13, %%r12 ;"
+    /*******************************************/  "adox %%r14, %%rax ;"  "adcx %%r14, %%rax ;"
+
+    "movq 56(%1), %%rdx; " /* C[3] */              "xorl %%r10d, %%r10d ;"
+    "mulx 32(%2),  %%r8,  %%r9; " /* C[3]*D[0] */  "adox %%rbx,  %%r8 ;"  "movq  %%r8, 88(%0);"
+    "mulx 40(%2), %%r10, %%r11; " /* C[3]*D[1] */  "adox %%r10,  %%r9 ;"  "adcx  %%r9, %%rcx ;"  "movq %%rcx,  96(%0) ;"
+    "mulx 48(%2),  %%r8, %%r13; " /* C[3]*D[2] */  "adox  %%r8, %%r11 ;"  "adcx %%r11, %%r12 ;"  "movq %%r12, 104(%0) ;"
+    "mulx 56(%2), %%r10, %%rbx; " /* C[3]*D[3] */  "adox %%r10, %%r13 ;"  "adcx %%r13, %%rax ;"  "movq %%rax, 112(%0) ;"
+    /*******************************************/  "adox %%r14, %%rbx ;"  "adcx %%r14, %%rbx ;"  "movq %%rbx, 120(%0) ;"
+  :
+  : "r" (c), "r" (a), "r" (b)
+  : "memory", "cc", "%rax", "%rbx", "%rcx", "%rdx",
+    "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14"
+  );
+#else
+  __asm__ __volatile__(
+    "movq   (%1), %%rdx; " /* A[0] */
+    "mulx   (%2),  %%r8, %%r12; " /* A[0]*B[0] */                           "movq %%r8,  (%0) ;"
+    "mulx  8(%2), %%r10, %%rax; " /* A[0]*B[1] */    "addq %%r10, %%r12 ;"
+    "mulx 16(%2),  %%r8, %%rbx; " /* A[0]*B[2] */    "adcq  %%r8, %%rax ;"
+    "mulx 24(%2), %%r10, %%rcx; " /* A[0]*B[3] */    "adcq %%r10, %%rbx ;"
+    /*******************************************/    "adcq    $0, %%rcx ;"
+
+    "movq  8(%1), %%rdx; " /* A[1] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[1]*B[0] */    "addq %%r12,  %%r8 ;"  "movq %%r8, 8(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[1]*B[1] */    "adcq %%r10,  %%r9 ;"
+    "mulx 16(%2),  %%r8, %%r13; " /* A[1]*B[2] */    "adcq  %%r8, %%r11 ;"
+    "mulx 24(%2), %%r10, %%r12; " /* A[1]*B[3] */    "adcq %%r10, %%r13 ;"
+    /*******************************************/    "adcq    $0, %%r12 ;"
+
+    "addq  %%r9, %%rax ;"
+    "adcq %%r11, %%rbx ;"
+    "adcq %%r13, %%rcx ;"
+    "adcq    $0, %%r12 ;"
+
+    "movq 16(%1), %%rdx; " /* A[2] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[2]*B[0] */    "addq %%rax,  %%r8 ;"  "movq %%r8, 16(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[2]*B[1] */    "adcq %%r10,  %%r9 ;"
+    "mulx 16(%2),  %%r8, %%r13; " /* A[2]*B[2] */    "adcq  %%r8, %%r11 ;"
+    "mulx 24(%2), %%r10, %%rax; " /* A[2]*B[3] */    "adcq %%r10, %%r13 ;"
+    /*******************************************/    "adcq    $0, %%rax ;"
+
+    "addq  %%r9, %%rbx ;"
+    "adcq %%r11, %%rcx ;"
+    "adcq %%r13, %%r12 ;"
+    "adcq    $0, %%rax ;"
+
+    "movq 24(%1), %%rdx; " /* A[3] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[3]*B[0] */    "addq %%rbx,  %%r8 ;"  "movq %%r8, 24(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[3]*B[1] */    "adcq %%r10,  %%r9 ;"
+    "mulx 16(%2),  %%r8, %%r13; " /* A[3]*B[2] */    "adcq  %%r8, %%r11 ;"
+    "mulx 24(%2), %%r10, %%rbx; " /* A[3]*B[3] */    "adcq %%r10, %%r13 ;"
+    /*******************************************/    "adcq    $0, %%rbx ;"
+
+    "addq  %%r9, %%rcx ;"  "movq %%rcx, 32(%0) ;"
+    "adcq %%r11, %%r12 ;"  "movq %%r12, 40(%0) ;"
+    "adcq %%r13, %%rax ;"  "movq %%rax, 48(%0) ;"
+    "adcq    $0, %%rbx ;"  "movq %%rbx, 56(%0) ;"
+
+    "movq 32(%1), %%rdx; " /* C[0] */
+    "mulx 32(%2),  %%r8, %%r12; " /* C[0]*D[0] */                           "movq %%r8, 64(%0) ;"
+    "mulx 40(%2), %%r10, %%rax; " /* C[0]*D[1] */    "addq %%r10, %%r12 ;"
+    "mulx 48(%2),  %%r8, %%rbx; " /* C[0]*D[2] */    "adcq  %%r8, %%rax ;"
+    "mulx 56(%2), %%r10, %%rcx; " /* C[0]*D[3] */    "adcq %%r10, %%rbx ;"
+    /*******************************************/    "adcq    $0, %%rcx ;"
+
+    "movq 40(%1), %%rdx; " /* C[1] */
+    "mulx 32(%2),  %%r8,  %%r9; " /* C[1]*D[0] */    "addq %%r12,  %%r8 ;"  "movq %%r8, 72(%0) ;"
+    "mulx 40(%2), %%r10, %%r11; " /* C[1]*D[1] */    "adcq %%r10,  %%r9 ;"
+    "mulx 48(%2),  %%r8, %%r13; " /* C[1]*D[2] */    "adcq  %%r8, %%r11 ;"
+    "mulx 56(%2), %%r10, %%r12; " /* C[1]*D[3] */    "adcq %%r10, %%r13 ;"
+    /*******************************************/    "adcq    $0, %%r12 ;"
+
+    "addq  %%r9, %%rax ;"
+    "adcq %%r11, %%rbx ;"
+    "adcq %%r13, %%rcx ;"
+    "adcq    $0, %%r12 ;"
+
+    "movq 48(%1), %%rdx; " /* C[2] */
+    "mulx 32(%2),  %%r8,  %%r9; " /* C[2]*D[0] */    "addq %%rax,  %%r8 ;"  "movq %%r8, 80(%0) ;"
+    "mulx 40(%2), %%r10, %%r11; " /* C[2]*D[1] */    "adcq %%r10,  %%r9 ;"
+    "mulx 48(%2),  %%r8, %%r13; " /* C[2]*D[2] */    "adcq  %%r8, %%r11 ;"
+    "mulx 56(%2), %%r10, %%rax; " /* C[2]*D[3] */    "adcq %%r10, %%r13 ;"
+    /*******************************************/    "adcq    $0, %%rax ;"
+
+    "addq  %%r9, %%rbx ;"
+    "adcq %%r11, %%rcx ;"
+    "adcq %%r13, %%r12 ;"
+    "adcq    $0, %%rax ;"
+
+    "movq 56(%1), %%rdx; " /* C[3] */
+    "mulx 32(%2),  %%r8,  %%r9; " /* C[3]*D[0] */    "addq %%rbx,  %%r8 ;"  "movq %%r8, 88(%0) ;"
+    "mulx 40(%2), %%r10, %%r11; " /* C[3]*D[1] */    "adcq %%r10,  %%r9 ;"
+    "mulx 48(%2),  %%r8, %%r13; " /* C[3]*D[2] */    "adcq  %%r8, %%r11 ;"
+    "mulx 56(%2), %%r10, %%rbx; " /* C[3]*D[3] */    "adcq %%r10, %%r13 ;"
+    /*******************************************/    "adcq    $0, %%rbx ;"
+
+    "addq  %%r9, %%rcx ;"  "movq %%rcx,  96(%0) ;"
+    "adcq %%r11, %%r12 ;"  "movq %%r12, 104(%0) ;"
+    "adcq %%r13, %%rax ;"  "movq %%rax, 112(%0) ;"
+    "adcq    $0, %%rbx ;"  "movq %%rbx, 120(%0) ;"
+  :
+  : "r" (c), "r" (a), "r" (b)
+  : "memory", "cc", "%rax", "%rbx", "%rcx", "%rdx",
+    "%r8", "%r9", "%r10", "%r11", "%r12", "%r13"
+  );
+#endif
+#else   /* Without BMI2 */
+  /**
+  * TODO: Multiplications using MULQ instruction.
+  **/
+#endif
+}
+
+/**
+ *
+ * @param c
+ * @param a
+ */
+void sqr2_256x256_integer_x64(uint64_t *const c, uint64_t *const a) {
+#ifdef __BMI2__
+#ifdef __ADX__
+  __asm__ __volatile__(
+    "movq   (%1), %%rdx        ;" /* A[0]      */
+    "mulx  8(%1),  %%r8, %%r14 ;" /* A[1]*A[0] */  "xorl %%r15d, %%r15d;"
+    "mulx 16(%1),  %%r9, %%r10 ;" /* A[2]*A[0] */  "adcx %%r14,  %%r9 ;"
+    "mulx 24(%1), %%rax, %%rcx ;" /* A[3]*A[0] */  "adcx %%rax, %%r10 ;"
+    "movq 24(%1), %%rdx        ;" /* A[3]      */
+    "mulx  8(%1), %%r11, %%r12 ;" /* A[1]*A[3] */  "adcx %%rcx, %%r11 ;"
+    "mulx 16(%1), %%rax, %%r13 ;" /* A[2]*A[3] */  "adcx %%rax, %%r12 ;"
+    "movq  8(%1), %%rdx        ;" /* A[1]      */  "adcx %%r15, %%r13 ;"
+    "mulx 16(%1), %%rax, %%rcx ;" /* A[2]*A[1] */  "movq    $0, %%r14 ;"
+    /*******************************************/  "adcx %%r15, %%r14 ;"
+
+    "xorl %%r15d, %%r15d;"
+    "adox %%rax, %%r10 ;"  "adcx  %%r8,  %%r8 ;"
+    "adox %%rcx, %%r11 ;"  "adcx  %%r9,  %%r9 ;"
+    "adox %%r15, %%r12 ;"  "adcx %%r10, %%r10 ;"
+    "adox %%r15, %%r13 ;"  "adcx %%r11, %%r11 ;"
+    "adox %%r15, %%r14 ;"  "adcx %%r12, %%r12 ;"
+                           "adcx %%r13, %%r13 ;"
+                           "adcx %%r14, %%r14 ;"
+
+    "movq   (%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[0]^2 */
+    /********************/  "movq %%rax,  0(%0) ;"
+    "addq %%rcx,  %%r8 ;"   "movq  %%r8,  8(%0) ;"
+    "movq  8(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[1]^2 */
+    "adcq %%rax,  %%r9 ;"   "movq  %%r9, 16(%0) ;"
+    "adcq %%rcx, %%r10 ;"   "movq %%r10, 24(%0) ;"
+    "movq 16(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[2]^2 */
+    "adcq %%rax, %%r11 ;"   "movq %%r11, 32(%0) ;"
+    "adcq %%rcx, %%r12 ;"   "movq %%r12, 40(%0) ;"
+    "movq 24(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[3]^2 */
+    "adcq %%rax, %%r13 ;"   "movq %%r13, 48(%0) ;"
+    "adcq %%rcx, %%r14 ;"   "movq %%r14, 56(%0) ;"
+
+
+    "movq 32(%1), %%rdx        ;" /* B[0]      */
+    "mulx 40(%1),  %%r8, %%r14 ;" /* B[1]*B[0] */  "xorl %%r15d, %%r15d;"
+    "mulx 48(%1),  %%r9, %%r10 ;" /* B[2]*B[0] */  "adcx %%r14,  %%r9 ;"
+    "mulx 56(%1), %%rax, %%rcx ;" /* B[3]*B[0] */  "adcx %%rax, %%r10 ;"
+    "movq 56(%1), %%rdx        ;" /* B[3]      */
+    "mulx 40(%1), %%r11, %%r12 ;" /* B[1]*B[3] */  "adcx %%rcx, %%r11 ;"
+    "mulx 48(%1), %%rax, %%r13 ;" /* B[2]*B[3] */  "adcx %%rax, %%r12 ;"
+    "movq 40(%1), %%rdx        ;" /* B[1]      */  "adcx %%r15, %%r13 ;"
+    "mulx 48(%1), %%rax, %%rcx ;" /* B[2]*B[1] */  "movq    $0, %%r14 ;"
+    /*******************************************/  "adcx %%r15, %%r14 ;"
+
+    "xorl %%r15d, %%r15d;"
+    "adox %%rax, %%r10 ;"  "adcx  %%r8,  %%r8 ;"
+    "adox %%rcx, %%r11 ;"  "adcx  %%r9,  %%r9 ;"
+    "adox %%r15, %%r12 ;"  "adcx %%r10, %%r10 ;"
+    "adox %%r15, %%r13 ;"  "adcx %%r11, %%r11 ;"
+    "adox %%r15, %%r14 ;"  "adcx %%r12, %%r12 ;"
+                           "adcx %%r13, %%r13 ;"
+                           "adcx %%r14, %%r14 ;"
+
+    "movq 32(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* B[0]^2 */
+    /********************/  "movq %%rax,  64(%0) ;"
+    "addq %%rcx,  %%r8 ;"   "movq  %%r8,  72(%0) ;"
+    "movq 40(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* B[1]^2 */
+    "adcq %%rax,  %%r9 ;"   "movq  %%r9,  80(%0) ;"
+    "adcq %%rcx, %%r10 ;"   "movq %%r10,  88(%0) ;"
+    "movq 48(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* B[2]^2 */
+    "adcq %%rax, %%r11 ;"   "movq %%r11,  96(%0) ;"
+    "adcq %%rcx, %%r12 ;"   "movq %%r12, 104(%0) ;"
+    "movq 56(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* B[3]^2 */
+    "adcq %%rax, %%r13 ;"   "movq %%r13, 112(%0) ;"
+    "adcq %%rcx, %%r14 ;"   "movq %%r14, 120(%0) ;"
+  :
+  : "r" (c), "r" (a)
+  : "memory", "cc", "%rax", "%rcx", "%rdx",
+    "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15"
+  );
+#else    /* Without ADX */
+  __asm__ __volatile__(
+    "movq  8(%1), %%rdx        ;" /* A[1]      */
+    "mulx   (%1),  %%r8,  %%r9 ;" /* A[0]*A[1] */
+    "mulx 16(%1), %%r10, %%r11 ;" /* A[2]*A[1] */
+    "mulx 24(%1), %%rcx, %%r14 ;" /* A[3]*A[1] */
+
+    "movq 16(%1), %%rdx        ;" /* A[2]      */
+    "mulx 24(%1), %%r12, %%r13 ;" /* A[3]*A[2] */
+    "mulx   (%1), %%rax, %%rdx ;" /* A[0]*A[2] */
+
+    "addq %%rax,  %%r9 ;"
+    "adcq %%rdx, %%r10 ;"
+    "adcq %%rcx, %%r11 ;"
+    "adcq %%r14, %%r12 ;"
+    "adcq    $0, %%r13 ;"
+    "movq    $0, %%r14 ;"
+    "adcq    $0, %%r14 ;"
+
+    "movq   (%1), %%rdx        ;" /* A[0]      */
+    "mulx 24(%1), %%rax, %%rcx ;" /* A[0]*A[3] */
+
+    "addq %%rax, %%r10 ;"
+    "adcq %%rcx, %%r11 ;"
+    "adcq    $0, %%r12 ;"
+    "adcq    $0, %%r13 ;"
+    "adcq    $0, %%r14 ;"
+
+    "shldq $1, %%r13, %%r14 ;"
+    "shldq $1, %%r12, %%r13 ;"
+    "shldq $1, %%r11, %%r12 ;"
+    "shldq $1, %%r10, %%r11 ;"
+    "shldq $1,  %%r9, %%r10 ;"
+    "shldq $1,  %%r8,  %%r9 ;"
+    "shlq  $1,  %%r8        ;"
+
+    /********************/ "mulx %%rdx, %%rax, %%rcx ; " /* A[0]^2 */
+    /********************/ "movq %%rax,  0(%0) ;"
+    "addq %%rcx,  %%r8 ;"  "movq  %%r8,  8(%0) ;"
+    "movq  8(%1), %%rdx ;" "mulx %%rdx, %%rax, %%rcx ; " /* A[1]^2 */
+    "adcq %%rax,  %%r9 ;"  "movq  %%r9, 16(%0) ;"
+    "adcq %%rcx, %%r10 ;"  "movq %%r10, 24(%0) ;"
+    "movq 16(%1), %%rdx ;" "mulx %%rdx, %%rax, %%rcx ; " /* A[2]^2 */
+    "adcq %%rax, %%r11 ;"  "movq %%r11, 32(%0) ;"
+    "adcq %%rcx, %%r12 ;"  "movq %%r12, 40(%0) ;"
+    "movq 24(%1), %%rdx ;" "mulx %%rdx, %%rax, %%rcx ; " /* A[3]^2 */
+    "adcq %%rax, %%r13 ;"  "movq %%r13, 48(%0) ;"
+    "adcq %%rcx, %%r14 ;"  "movq %%r14, 56(%0) ;"
+
+    "movq 40(%1), %%rdx        ;" /* B[1]      */
+    "mulx 32(%1),  %%r8,  %%r9 ;" /* B[0]*B[1] */
+    "mulx 48(%1), %%r10, %%r11 ;" /* B[2]*B[1] */
+    "mulx 56(%1), %%rcx, %%r14 ;" /* B[3]*B[1] */
+
+    "movq 48(%1), %%rdx        ;" /* B[2]      */
+    "mulx 56(%1), %%r12, %%r13 ;" /* B[3]*B[2] */
+    "mulx 32(%1), %%rax, %%rdx ;" /* B[0]*B[2] */
+
+    "addq %%rax,  %%r9 ;"
+    "adcq %%rdx, %%r10 ;"
+    "adcq %%rcx, %%r11 ;"
+    "adcq %%r14, %%r12 ;"
+    "adcq    $0, %%r13 ;"
+    "movq    $0, %%r14 ;"
+    "adcq    $0, %%r14 ;"
+
+    "movq 32(%1), %%rdx        ;" /* B[0]      */
+    "mulx 56(%1), %%rax, %%rcx ;" /* B[0]*B[3] */
+
+    "addq %%rax, %%r10 ;"
+    "adcq %%rcx, %%r11 ;"
+    "adcq    $0, %%r12 ;"
+    "adcq    $0, %%r13 ;"
+    "adcq    $0, %%r14 ;"
+
+    "shldq $1, %%r13, %%r14 ;"
+    "shldq $1, %%r12, %%r13 ;"
+    "shldq $1, %%r11, %%r12 ;"
+    "shldq $1, %%r10, %%r11 ;"
+    "shldq $1,  %%r9, %%r10 ;"
+    "shldq $1,  %%r8,  %%r9 ;"
+    "shlq  $1,  %%r8        ;"
+
+    /********************/  "mulx %%rdx, %%rax, %%rcx ; " /* B[0]^2 */
+    /********************/  "movq %%rax,  64(%0) ;"
+    "addq %%rcx,  %%r8 ;"   "movq  %%r8,  72(%0) ;"
+    "movq 40(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ; " /* B[1]^2 */
+    "adcq %%rax,  %%r9 ;"   "movq  %%r9,  80(%0) ;"
+    "adcq %%rcx, %%r10 ;"   "movq %%r10,  88(%0) ;"
+    "movq 48(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ; " /* B[2]^2 */
+    "adcq %%rax, %%r11 ;"   "movq %%r11,  96(%0) ;"
+    "adcq %%rcx, %%r12 ;"   "movq %%r12, 104(%0) ;"
+    "movq 56(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ; " /* B[3]^2 */
+    "adcq %%rax, %%r13 ;"   "movq %%r13, 112(%0) ;"
+    "adcq %%rcx, %%r14 ;"   "movq %%r14, 120(%0) ;"
+  :
+  : "r" (c), "r" (a)
+  : "memory", "cc", "%rax", "%rcx", "%rdx",
+    "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14"
+  );
+#endif
+#else    /* Without BMI2 */
+  /**
+  * TODO: Multiplications using MULQ instruction.
+  **/
+#endif
+}
+
+/**
+ *
+ * @param c
+ * @param a
+ */
+void red_EltFp25519_2w_x64(uint64_t *const c, uint64_t *const a) {
+#ifdef __BMI2__
+#ifdef __ADX__
+  __asm__ __volatile__(
+    "movl    $38, %%edx; " /* 2*c = 38 = 2^256 */
+    "mulx 32(%1),  %%r8, %%r10; " /* c*C[4] */   "xorl %%ebx, %%ebx ;"  "adox   (%1),  %%r8 ;"
+    "mulx 40(%1),  %%r9, %%r11; " /* c*C[5] */   "adcx %%r10,  %%r9 ;"  "adox  8(%1),  %%r9 ;"
+    "mulx 48(%1), %%r10, %%rax; " /* c*C[6] */   "adcx %%r11, %%r10 ;"  "adox 16(%1), %%r10 ;"
+    "mulx 56(%1), %%r11, %%rcx; " /* c*C[7] */   "adcx %%rax, %%r11 ;"  "adox 24(%1), %%r11 ;"
+    /****************************************/   "adcx %%rbx, %%rcx ;"  "adox  %%rbx, %%rcx ;"
+    "clc ;"
+    "mulx %%rcx, %%rax, %%rcx ; " /* c*C[4] */
+    "adcx %%rax,  %%r8 ;"
+    "adcx %%rcx,  %%r9 ;"  "movq  %%r9,  8(%0) ;"
+    "adcx %%rbx, %%r10 ;"  "movq %%r10, 16(%0) ;"
+    "adcx %%rbx, %%r11 ;"  "movq %%r11, 24(%0) ;"
+    "mov     $0, %%ecx ;"
+    "cmovc %%edx, %%ecx ;"
+    "addq %%rcx,  %%r8 ;"  "movq  %%r8,   (%0) ;"
+
+    "mulx  96(%1),  %%r8, %%r10; " /* c*C[4] */  "xorl %%ebx, %%ebx ;"  "adox 64(%1),  %%r8 ;"
+    "mulx 104(%1),  %%r9, %%r11; " /* c*C[5] */  "adcx %%r10,  %%r9 ;"  "adox 72(%1),  %%r9 ;"
+    "mulx 112(%1), %%r10, %%rax; " /* c*C[6] */  "adcx %%r11, %%r10 ;"  "adox 80(%1), %%r10 ;"
+    "mulx 120(%1), %%r11, %%rcx; " /* c*C[7] */  "adcx %%rax, %%r11 ;"  "adox 88(%1), %%r11 ;"
+    /*****************************************/  "adcx %%rbx, %%rcx ;"  "adox  %%rbx, %%rcx ;"
+    "clc ;"
+    "mulx %%rcx, %%rax, %%rcx ; " /* c*C[4] */
+    "adcx %%rax,  %%r8 ;"
+    "adcx %%rcx,  %%r9 ;"  "movq  %%r9, 40(%0) ;"
+    "adcx %%rbx, %%r10 ;"  "movq %%r10, 48(%0) ;"
+    "adcx %%rbx, %%r11 ;"  "movq %%r11, 56(%0) ;"
+    "mov     $0, %%ecx ;"
+    "cmovc %%edx, %%ecx ;"
+    "addq %%rcx,  %%r8 ;"  "movq  %%r8, 32(%0) ;"
+  :
+  : "r" (c), "r" (a)
+  : "memory", "cc", "%rax", "%rbx", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11"
+  );
+#else
+  __asm__ __volatile__(
+    "movl    $38, %%edx ; " /* 2*c = 38 = 2^256 */
+    "mulx 32(%1),  %%r8, %%r10 ;" /* c*C[4] */
+    "mulx 40(%1),  %%r9, %%r11 ;" /* c*C[5] */  "addq %%r10,  %%r9 ;"
+    "mulx 48(%1), %%r10, %%rax ;" /* c*C[6] */  "adcq %%r11, %%r10 ;"
+    "mulx 56(%1), %%r11, %%rcx ;" /* c*C[7] */  "adcq %%rax, %%r11 ;"
+    /****************************************/  "adcq    $0, %%rcx ;"
+    "addq   (%1),  %%r8 ;"
+    "adcq  8(%1),  %%r9 ;"
+    "adcq 16(%1), %%r10 ;"
+    "adcq 24(%1), %%r11 ;"
+    "adcq     $0, %%rcx ;"
+    "mulx %%rcx, %%rax, %%rcx ;" /* c*C[4] */
+    "addq %%rax,  %%r8 ;"
+    "adcq %%rcx,  %%r9 ;"  "movq  %%r9,  8(%0) ;"
+    "adcq    $0, %%r10 ;"  "movq %%r10, 16(%0) ;"
+    "adcq    $0, %%r11 ;"  "movq %%r11, 24(%0) ;"
+    "mov     $0, %%ecx ;"
+    "cmovc %%edx, %%ecx ;"
+    "addq %%rcx,  %%r8 ;"  "movq  %%r8,   (%0) ;"
+
+    "mulx  96(%1),  %%r8, %%r10 ;" /* c*C[4] */
+    "mulx 104(%1),  %%r9, %%r11 ;" /* c*C[5] */  "addq %%r10,  %%r9 ;"
+    "mulx 112(%1), %%r10, %%rax ;" /* c*C[6] */  "adcq %%r11, %%r10 ;"
+    "mulx 120(%1), %%r11, %%rcx ;" /* c*C[7] */  "adcq %%rax, %%r11 ;"
+    /*****************************************/  "adcq    $0, %%rcx ;"
+    "addq 64(%1),  %%r8 ;"
+    "adcq 72(%1),  %%r9 ;"
+    "adcq 80(%1), %%r10 ;"
+    "adcq 88(%1), %%r11 ;"
+    "adcq     $0, %%rcx ;"
+    "mulx %%rcx, %%rax, %%rcx ;"  /* c*C[4] */
+    "addq %%rax,  %%r8 ;"
+    "adcq %%rcx,  %%r9 ;"  "movq  %%r9, 40(%0) ;"
+    "adcq    $0, %%r10 ;"  "movq %%r10, 48(%0) ;"
+    "adcq    $0, %%r11 ;"  "movq %%r11, 56(%0) ;"
+    "mov     $0, %%ecx ;"
+    "cmovc %%edx, %%ecx ;"
+    "addq %%rcx,  %%r8 ;"  "movq  %%r8, 32(%0) ;"
+  :
+  : "r" (c), "r" (a)
+  : "memory", "cc", "%rax", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11"
+  );
+#endif
+#else    /* Without BMI2 */
+  /* [TODO] */
+#endif
+}
+
+void mul_256x256_integer_x64(uint64_t *const c, uint64_t *const a, uint64_t *const b) {
+#ifdef __BMI2__
+#ifdef __ADX__
+  __asm__ __volatile__(
+    "movq   (%1), %%rdx; " /* A[0] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[0]*B[0] */    "xorl %%r10d, %%r10d ;"                           "movq  %%r8,  (%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[0]*B[1] */    "adox  %%r9, %%r10 ;"                             "movq %%r10, 8(%0) ;"
+    "mulx 16(%2), %%r12, %%r13; " /* A[0]*B[2] */    "adox %%r11, %%r12 ;"
+    "mulx 24(%2), %%r14, %%rdx; " /* A[0]*B[3] */    "adox %%r13, %%r14 ;"                                                       "movq $0, %%rax ;"
+    /*******************************************/    "adox %%rdx, %%rax ;"
+
+    "movq  8(%1), %%rdx; " /* A[1] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[1]*B[0] */    "xorl %%r10d, %%r10d ;"  "adcx 8(%0),  %%r8 ;"    "movq  %%r8,  8(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[1]*B[1] */    "adox  %%r9, %%r10 ;"    "adcx %%r12, %%r10 ;"    "movq %%r10, 16(%0) ;"
+    "mulx 16(%2), %%r12, %%r13; " /* A[1]*B[2] */    "adox %%r11, %%r12 ;"    "adcx %%r14, %%r12 ;"                              "movq $0, %%r8  ;"
+    "mulx 24(%2), %%r14, %%rdx; " /* A[1]*B[3] */    "adox %%r13, %%r14 ;"    "adcx %%rax, %%r14 ;"                              "movq $0, %%rax ;"
+    /*******************************************/    "adox %%rdx, %%rax ;"    "adcx  %%r8, %%rax ;"
+
+    "movq 16(%1), %%rdx; " /* A[2] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[2]*B[0] */    "xorl %%r10d, %%r10d ;"  "adcx 16(%0), %%r8 ;"    "movq  %%r8, 16(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[2]*B[1] */    "adox  %%r9, %%r10 ;"    "adcx %%r12, %%r10 ;"    "movq %%r10, 24(%0) ;"
+    "mulx 16(%2), %%r12, %%r13; " /* A[2]*B[2] */    "adox %%r11, %%r12 ;"    "adcx %%r14, %%r12 ;"                              "movq $0, %%r8  ;"
+    "mulx 24(%2), %%r14, %%rdx; " /* A[2]*B[3] */    "adox %%r13, %%r14 ;"    "adcx %%rax, %%r14 ;"                              "movq $0, %%rax ;"
+    /*******************************************/    "adox %%rdx, %%rax ;"    "adcx  %%r8, %%rax ;"
+
+    "movq 24(%1), %%rdx; " /* A[3] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[3]*B[0] */    "xorl %%r10d, %%r10d ;"  "adcx 24(%0), %%r8 ;"    "movq  %%r8, 24(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[3]*B[1] */    "adox  %%r9, %%r10 ;"    "adcx %%r12, %%r10 ;"    "movq %%r10, 32(%0) ;"
+    "mulx 16(%2), %%r12, %%r13; " /* A[3]*B[2] */    "adox %%r11, %%r12 ;"    "adcx %%r14, %%r12 ;"    "movq %%r12, 40(%0) ;"    "movq $0, %%r8  ;"
+    "mulx 24(%2), %%r14, %%rdx; " /* A[3]*B[3] */    "adox %%r13, %%r14 ;"    "adcx %%rax, %%r14 ;"    "movq %%r14, 48(%0) ;"    "movq $0, %%rax ;"
+    /*******************************************/    "adox %%rdx, %%rax ;"    "adcx  %%r8, %%rax ;"    "movq %%rax, 56(%0) ;"
+  :
+  : "r" (c), "r" (a), "r" (b)
+  : "memory", "cc", "%rax", "%rdx", "%r8",
+    "%r9", "%r10", "%r11", "%r12", "%r13", "%r14"
+  );
+#else
+  __asm__ __volatile__(
+    "movq   (%1), %%rdx; " /* A[0] */
+    "mulx   (%2),  %%r8, %%r12; " /* A[0]*B[0] */                           "movq %%r8,  (%0) ;"
+    "mulx  8(%2), %%r10, %%rax; " /* A[0]*B[1] */    "addq %%r10, %%r12 ;"
+    "mulx 16(%2),  %%r8, %%rbx; " /* A[0]*B[2] */    "adcq  %%r8, %%rax ;"
+    "mulx 24(%2), %%r10, %%rcx; " /* A[0]*B[3] */    "adcq %%r10, %%rbx ;"
+    /*******************************************/    "adcq    $0, %%rcx ;"
+
+    "movq  8(%1), %%rdx; " /* A[1] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[1]*B[0] */    "addq %%r12,  %%r8 ;"  "movq %%r8, 8(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[1]*B[1] */    "adcq %%r10,  %%r9 ;"
+    "mulx 16(%2),  %%r8, %%r13; " /* A[1]*B[2] */    "adcq  %%r8, %%r11 ;"
+    "mulx 24(%2), %%r10, %%r12; " /* A[1]*B[3] */    "adcq %%r10, %%r13 ;"
+    /*******************************************/    "adcq    $0, %%r12 ;"
+
+    "addq  %%r9, %%rax ;"
+    "adcq %%r11, %%rbx ;"
+    "adcq %%r13, %%rcx ;"
+    "adcq    $0, %%r12 ;"
+
+    "movq 16(%1), %%rdx; " /* A[2] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[2]*B[0] */    "addq %%rax,  %%r8 ;"  "movq %%r8, 16(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[2]*B[1] */    "adcq %%r10,  %%r9 ;"
+    "mulx 16(%2),  %%r8, %%r13; " /* A[2]*B[2] */    "adcq  %%r8, %%r11 ;"
+    "mulx 24(%2), %%r10, %%rax; " /* A[2]*B[3] */    "adcq %%r10, %%r13 ;"
+    /*******************************************/    "adcq    $0, %%rax ;"
+
+    "addq  %%r9, %%rbx ;"
+    "adcq %%r11, %%rcx ;"
+    "adcq %%r13, %%r12 ;"
+    "adcq    $0, %%rax ;"
+
+    "movq 24(%1), %%rdx; " /* A[3] */
+    "mulx   (%2),  %%r8,  %%r9; " /* A[3]*B[0] */    "addq %%rbx,  %%r8 ;"  "movq %%r8, 24(%0) ;"
+    "mulx  8(%2), %%r10, %%r11; " /* A[3]*B[1] */    "adcq %%r10,  %%r9 ;"
+    "mulx 16(%2),  %%r8, %%r13; " /* A[3]*B[2] */    "adcq  %%r8, %%r11 ;"
+    "mulx 24(%2), %%r10, %%rbx; " /* A[3]*B[3] */    "adcq %%r10, %%r13 ;"
+    /*******************************************/    "adcq    $0, %%rbx ;"
+
+    "addq  %%r9, %%rcx ;"  "movq %%rcx, 32(%0) ;"
+    "adcq %%r11, %%r12 ;"  "movq %%r12, 40(%0) ;"
+    "adcq %%r13, %%rax ;"  "movq %%rax, 48(%0) ;"
+    "adcq    $0, %%rbx ;"  "movq %%rbx, 56(%0) ;"
+  :
+  : "r" (c), "r" (a), "r" (b)
+  : "memory", "cc", "%rax", "%rbx", "%rcx", "%rdx",
+    "%r8", "%r9", "%r10", "%r11", "%r12", "%r13"
+  );
+#endif
+#else    /* Without BMI2 */
+  /**
+  * TODO: Multiplications using MULQ instruction.
+  **/
+#endif
+}
+
+void sqr_256x256_integer_x64(uint64_t *const c, uint64_t *const a) {
+#ifdef __BMI2__
+#ifdef __ADX__
+  __asm__ __volatile__(
+    "movq   (%1), %%rdx        ;" /* A[0]      */
+    "mulx  8(%1),  %%r8, %%r14 ;" /* A[1]*A[0] */  "xorl %%r15d, %%r15d;"
+    "mulx 16(%1),  %%r9, %%r10 ;" /* A[2]*A[0] */  "adcx %%r14,  %%r9 ;"
+    "mulx 24(%1), %%rax, %%rcx ;" /* A[3]*A[0] */  "adcx %%rax, %%r10 ;"
+    "movq 24(%1), %%rdx        ;" /* A[3]      */
+    "mulx  8(%1), %%r11, %%r12 ;" /* A[1]*A[3] */  "adcx %%rcx, %%r11 ;"
+    "mulx 16(%1), %%rax, %%r13 ;" /* A[2]*A[3] */  "adcx %%rax, %%r12 ;"
+    "movq  8(%1), %%rdx        ;" /* A[1]      */  "adcx %%r15, %%r13 ;"
+    "mulx 16(%1), %%rax, %%rcx ;" /* A[2]*A[1] */  "movq    $0, %%r14 ;"
+    /*******************************************/  "adcx %%r15, %%r14 ;"
+
+    "xorl %%r15d, %%r15d;"
+    "adox %%rax, %%r10 ;"  "adcx  %%r8,  %%r8 ;"
+    "adox %%rcx, %%r11 ;"  "adcx  %%r9,  %%r9 ;"
+    "adox %%r15, %%r12 ;"  "adcx %%r10, %%r10 ;"
+    "adox %%r15, %%r13 ;"  "adcx %%r11, %%r11 ;"
+    "adox %%r15, %%r14 ;"  "adcx %%r12, %%r12 ;"
+                           "adcx %%r13, %%r13 ;"
+                           "adcx %%r14, %%r14 ;"
+
+    "movq   (%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[0]^2 */
+    /********************/  "movq %%rax,  0(%0) ;"
+    "addq %%rcx,  %%r8 ;"   "movq  %%r8,  8(%0) ;"
+    "movq  8(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[1]^2 */
+    "adcq %%rax,  %%r9 ;"   "movq  %%r9, 16(%0) ;"
+    "adcq %%rcx, %%r10 ;"   "movq %%r10, 24(%0) ;"
+    "movq 16(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[2]^2 */
+    "adcq %%rax, %%r11 ;"   "movq %%r11, 32(%0) ;"
+    "adcq %%rcx, %%r12 ;"   "movq %%r12, 40(%0) ;"
+    "movq 24(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[3]^2 */
+    "adcq %%rax, %%r13 ;"   "movq %%r13, 48(%0) ;"
+    "adcq %%rcx, %%r14 ;"   "movq %%r14, 56(%0) ;"
+  :
+  : "r" (c), "r" (a)
+  : "memory", "cc", "%rax", "%rcx", "%rdx",
+    "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15"
+  );
+#else    /* Without ADX */
+   __asm__ __volatile__(
+    "movq  8(%1), %%rdx        ;" /* A[1]      */
+    "mulx   (%1),  %%r8,  %%r9 ;" /* A[0]*A[1] */
+    "mulx 16(%1), %%r10, %%r11 ;" /* A[2]*A[1] */
+    "mulx 24(%1), %%rcx, %%r14 ;" /* A[3]*A[1] */
+
+    "movq 16(%1), %%rdx        ;" /* A[2]      */
+    "mulx 24(%1), %%r12, %%r13 ;" /* A[3]*A[2] */
+    "mulx   (%1), %%rax, %%rdx ;" /* A[0]*A[2] */
+
+    "addq %%rax,  %%r9 ;"
+    "adcq %%rdx, %%r10 ;"
+    "adcq %%rcx, %%r11 ;"
+    "adcq %%r14, %%r12 ;"
+    "adcq    $0, %%r13 ;"
+    "movq    $0, %%r14 ;"
+    "adcq    $0, %%r14 ;"
+
+    "movq   (%1), %%rdx        ;" /* A[0]      */
+    "mulx 24(%1), %%rax, %%rcx ;" /* A[0]*A[3] */
+
+    "addq %%rax, %%r10 ;"
+    "adcq %%rcx, %%r11 ;"
+    "adcq    $0, %%r12 ;"
+    "adcq    $0, %%r13 ;"
+    "adcq    $0, %%r14 ;"
+
+    "shldq $1, %%r13, %%r14 ;"
+    "shldq $1, %%r12, %%r13 ;"
+    "shldq $1, %%r11, %%r12 ;"
+    "shldq $1, %%r10, %%r11 ;"
+    "shldq $1,  %%r9, %%r10 ;"
+    "shldq $1,  %%r8,  %%r9 ;"
+    "shlq  $1,  %%r8        ;"
+
+    /********************/  "mulx %%rdx, %%rax, %%rcx ;" /* A[0]^2 */
+    /********************/  "movq %%rax,  0(%0) ;"
+    "addq %%rcx,  %%r8 ;"   "movq  %%r8,  8(%0) ;"
+    "movq  8(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[1]^2 */
+    "adcq %%rax,  %%r9 ;"   "movq  %%r9, 16(%0) ;"
+    "adcq %%rcx, %%r10 ;"   "movq %%r10, 24(%0) ;"
+    "movq 16(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[2]^2 */
+    "adcq %%rax, %%r11 ;"   "movq %%r11, 32(%0) ;"
+    "adcq %%rcx, %%r12 ;"   "movq %%r12, 40(%0) ;"
+    "movq 24(%1), %%rdx ;"  "mulx %%rdx, %%rax, %%rcx ;" /* A[3]^2 */
+    "adcq %%rax, %%r13 ;"   "movq %%r13, 48(%0) ;"
+    "adcq %%rcx, %%r14 ;"   "movq %%r14, 56(%0) ;"
+  :
+  : "r" (c), "r" (a)
+  : "memory", "cc", "%rax", "%rcx", "%rdx",
+    "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14"
+  );
+#endif
+#else    /* Without BMI2 */
+  /**
+  * TODO: Multiplications using MULQ instruction.
+  **/
+#endif
+}
+
+void red_EltFp25519_1w_x64(uint64_t *const c, uint64_t *const a) {
+#ifdef __BMI2__
+#ifdef __ADX__
+  __asm__ __volatile__(
+    "movl    $38, %%edx ;" /* 2*c = 38 = 2^256 */
+    "mulx 32(%1),  %%r8, %%r10 ;" /* c*C[4] */  "xorl %%ebx, %%ebx ;"  "adox   (%1),  %%r8 ;"
+    "mulx 40(%1),  %%r9, %%r11 ;" /* c*C[5] */  "adcx %%r10,  %%r9 ;"  "adox  8(%1),  %%r9 ;"
+    "mulx 48(%1), %%r10, %%rax ;" /* c*C[6] */  "adcx %%r11, %%r10 ;"  "adox 16(%1), %%r10 ;"
+    "mulx 56(%1), %%r11, %%rcx ;" /* c*C[7] */  "adcx %%rax, %%r11 ;"  "adox 24(%1), %%r11 ;"
+    /****************************************/  "adcx %%rbx, %%rcx ;"  "adox  %%rbx, %%rcx ;"
+    "clc ;"
+    "mulx %%rcx, %%rax, %%rcx ;" /* c*C[4] */
+    "adcx %%rax,  %%r8 ;"
+    "adcx %%rcx,  %%r9 ;"  "movq  %%r9,  8(%0) ;"
+    "adcx %%rbx, %%r10 ;"  "movq %%r10, 16(%0) ;"
+    "adcx %%rbx, %%r11 ;"  "movq %%r11, 24(%0) ;"
+    "mov     $0, %%ecx ;"
+    "cmovc %%edx, %%ecx ;"
+    "addq %%rcx,  %%r8 ;"  "movq  %%r8,   (%0) ;"
+  :
+  : "r" (c), "r" (a)
+  : "memory", "cc", "%rax", "%rbx", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11"
+  );
+#else
+  __asm__ __volatile__(
+    "movl    $38, %%edx ;" /* 2*c = 38 = 2^256 */
+    "mulx 32(%1),  %%r8, %%r10 ;" /* c*C[4] */
+    "mulx 40(%1),  %%r9, %%r11 ;" /* c*C[5] */  "addq %%r10,  %%r9 ;"
+    "mulx 48(%1), %%r10, %%rax ;" /* c*C[6] */  "adcq %%r11, %%r10 ;"
+    "mulx 56(%1), %%r11, %%rcx ;" /* c*C[7] */  "adcq %%rax, %%r11 ;"
+    /****************************************/  "adcq    $0, %%rcx ;"
+    "addq   (%1),  %%r8 ;"
+    "adcq  8(%1),  %%r9 ;"
+    "adcq 16(%1), %%r10 ;"
+    "adcq 24(%1), %%r11 ;"
+    "adcq     $0, %%rcx ;"
+    "mulx %%rcx, %%rax, %%rcx ;" /* c*C[4] */
+    "addq %%rax,  %%r8 ;"
+    "adcq %%rcx,  %%r9 ;"  "movq  %%r9,  8(%0) ;"
+    "adcq    $0, %%r10 ;"  "movq %%r10, 16(%0) ;"
+    "adcq    $0, %%r11 ;"  "movq %%r11, 24(%0) ;"
+    "mov     $0, %%ecx ;"
+    "cmovc %%edx, %%ecx ;"
+    "addq %%rcx,  %%r8 ;"  "movq  %%r8,   (%0) ;"
+  :
+  : "r" (c), "r" (a)
+  : "memory", "cc", "%rax", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11"
+  );
+#endif
+#else    /* Without BMI2 */
+  /**
+  * TODO: Multiplications using MULQ instruction.
+  **/
+#endif
+}
+
+inline void add_EltFp25519_1w_x64(uint64_t *const c, uint64_t *const a, uint64_t *const b) {
+#ifdef __ADX__
+  __asm__ __volatile__(
+    "mov     $38, %%eax ;"
+    "xorl  %%ecx, %%ecx ;"
+    "movq   (%2),  %%r8 ;"  "adcx   (%1),  %%r8 ;"
+    "movq  8(%2),  %%r9 ;"  "adcx  8(%1),  %%r9 ;"
+    "movq 16(%2), %%r10 ;"  "adcx 16(%1), %%r10 ;"
+    "movq 24(%2), %%r11 ;"  "adcx 24(%1), %%r11 ;"
+    "cmovc %%eax, %%ecx ;"
+    "xorl %%eax, %%eax  ;"
+    "adcx %%rcx,  %%r8  ;"
+    "adcx %%rax,  %%r9  ;"  "movq  %%r9,  8(%0) ;"
+    "adcx %%rax, %%r10  ;"  "movq %%r10, 16(%0) ;"
+    "adcx %%rax, %%r11  ;"  "movq %%r11, 24(%0) ;"
+    "mov     $38, %%ecx ;"
+    "cmovc %%ecx, %%eax ;"
+    "addq %%rax,  %%r8  ;"  "movq  %%r8,   (%0) ;"
+  :
+  : "r" (c), "r" (a), "r" (b)
+  : "memory", "cc", "%rax", "%rcx", "%r8", "%r9", "%r10", "%r11"
+  );
+#else
+  __asm__ __volatile__(
+    "mov     $38, %%eax ;"
+    "movq   (%2),  %%r8 ;"  "addq   (%1),  %%r8 ;"
+    "movq  8(%2),  %%r9 ;"  "adcq  8(%1),  %%r9 ;"
+    "movq 16(%2), %%r10 ;"  "adcq 16(%1), %%r10 ;"
+    "movq 24(%2), %%r11 ;"  "adcq 24(%1), %%r11 ;"
+    "mov      $0, %%ecx ;"
+    "cmovc %%eax, %%ecx ;"
+    "addq %%rcx,  %%r8  ;"
+    "adcq    $0,  %%r9  ;"  "movq  %%r9,  8(%0) ;"
+    "adcq    $0, %%r10  ;"  "movq %%r10, 16(%0) ;"
+    "adcq    $0, %%r11  ;"  "movq %%r11, 24(%0) ;"
+    "mov     $0, %%ecx  ;"
+    "cmovc %%eax, %%ecx ;"
+    "addq %%rcx,  %%r8  ;"  "movq  %%r8,   (%0) ;"
+  :
+  : "r" (c), "r" (a), "r" (b)
+  : "memory", "cc", "%rax", "%rcx", "%r8", "%r9", "%r10", "%r11"
+  );
+#endif
+}
+
+inline void sub_EltFp25519_1w_x64(uint64_t *const c, uint64_t *const a, uint64_t *const b) {
+  __asm__ __volatile__(
+    "mov     $38, %%eax ;"
+    "movq   (%1),  %%r8 ;"  "subq   (%2),  %%r8 ;"
+    "movq  8(%1),  %%r9 ;"  "sbbq  8(%2),  %%r9 ;"
+    "movq 16(%1), %%r10 ;"  "sbbq 16(%2), %%r10 ;"
+    "movq 24(%1), %%r11 ;"  "sbbq 24(%2), %%r11 ;"
+    "mov      $0, %%ecx ;"
+    "cmovc %%eax, %%ecx ;"
+    "subq %%rcx,  %%r8  ;"
+    "sbbq    $0,  %%r9  ;"  "movq  %%r9,  8(%0) ;"
+    "sbbq    $0, %%r10  ;"  "movq %%r10, 16(%0) ;"
+    "sbbq    $0, %%r11  ;"  "movq %%r11, 24(%0) ;"
+    "mov     $0, %%ecx  ;"
+    "cmovc %%eax, %%ecx ;"
+    "subq %%rcx,  %%r8  ;"  "movq  %%r8,   (%0) ;"
+  :
+  : "r" (c), "r" (a), "r" (b)
+  : "memory", "cc", "%rax", "%rcx", "%r8", "%r9", "%r10", "%r11"
+  );
+}
+
+/**
+ * Multiplication by a24 = (A+2)/4 = (486662+2)/4 = 121666
+ **/
+inline void mul_a24_EltFp25519_1w_x64(uint64_t *const c, uint64_t *const a) {
+#ifdef __BMI2__
+  const uint64_t a24 = 121666;
+  __asm__ __volatile__(
+    "movq     %2, %%rdx ;"
+    "mulx   (%1),  %%r8, %%r10 ;"
+    "mulx  8(%1),  %%r9, %%r11 ;"  "addq %%r10,  %%r9 ;"
+    "mulx 16(%1), %%r10, %%rax ;"  "adcq %%r11, %%r10 ;"
+    "mulx 24(%1), %%r11, %%rcx ;"  "adcq %%rax, %%r11 ;"
+    /***************************/  "adcq    $0, %%rcx ;"
+    "movl   $38, %%edx ;" /* 2*c = 38 = 2^256 mod 2^255-19*/
+    "mulx %%rcx, %%rax, %%rcx ;"
+    "addq %%rax,  %%r8 ;"
+    "adcq %%rcx,  %%r9 ;"  "movq  %%r9,  8(%0) ;"
+    "adcq    $0, %%r10 ;"  "movq %%r10, 16(%0) ;"
+    "adcq    $0, %%r11 ;"  "movq %%r11, 24(%0) ;"
+    "mov     $0, %%ecx ;"
+    "cmovc %%edx, %%ecx ;"
+    "addq %%rcx,  %%r8 ;"  "movq  %%r8,   (%0) ;"
+  :
+  : "r" (c), "r" (a), "r" (a24)
+  : "memory", "cc", "%rax", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11"
+  );
+#else /* Without BMI2 */
+  /**
+  * TODO: Multiplications using MULQ instruction.
+  **/
+#endif
+}
+
+void inv_EltFp25519_1w_x64(uint64_t *const c, uint64_t *const a) {
+#define sqrn_EltFp25519_1w_x64(A, times)\
+  counter = times;\
+  while ( counter-- > 0) {\
+      sqr_EltFp25519_1w_x64(A);\
+  }
+
+  EltFp25519_1w_Buffer_x64 buffer_1w;
+  EltFp25519_1w_x64 x0, x1, x2;
+  uint64_t * T[5];
+  uint64_t counter;
+
+  T[0] = x0;
+  T[1] = c; /* x^(-1) */
+  T[2] = x1;
+  T[3] = x2;
+  T[4] = a; /* x */
+
+  copy_EltFp25519_1w_x64(T[1], a);
+  sqrn_EltFp25519_1w_x64(T[1], 1);
+  copy_EltFp25519_1w_x64(T[2], T[1]);
+  sqrn_EltFp25519_1w_x64(T[2], 2);
+  mul_EltFp25519_1w_x64(T[0], a, T[2]);
+  mul_EltFp25519_1w_x64(T[1], T[1], T[0]);
+  copy_EltFp25519_1w_x64(T[2], T[1]);
+  sqrn_EltFp25519_1w_x64(T[2], 1);
+  mul_EltFp25519_1w_x64(T[0], T[0], T[2]);
+  copy_EltFp25519_1w_x64(T[2], T[0]);
+  sqrn_EltFp25519_1w_x64(T[2], 5);
+  mul_EltFp25519_1w_x64(T[0], T[0], T[2]);
+  copy_EltFp25519_1w_x64(T[2], T[0]);
+  sqrn_EltFp25519_1w_x64(T[2], 10);
+  mul_EltFp25519_1w_x64(T[2], T[2], T[0]);
+  copy_EltFp25519_1w_x64(T[3], T[2]);
+  sqrn_EltFp25519_1w_x64(T[3], 20);
+  mul_EltFp25519_1w_x64(T[3], T[3], T[2]);
+  sqrn_EltFp25519_1w_x64(T[3], 10);
+  mul_EltFp25519_1w_x64(T[3], T[3], T[0]);
+  copy_EltFp25519_1w_x64(T[0], T[3]);
+  sqrn_EltFp25519_1w_x64(T[0], 50);
+  mul_EltFp25519_1w_x64(T[0], T[0], T[3]);
+  copy_EltFp25519_1w_x64(T[2], T[0]);
+  sqrn_EltFp25519_1w_x64(T[2], 100);
+  mul_EltFp25519_1w_x64(T[2], T[2], T[0]);
+  sqrn_EltFp25519_1w_x64(T[2], 50);
+  mul_EltFp25519_1w_x64(T[2], T[2], T[3]);
+  sqrn_EltFp25519_1w_x64(T[2], 5);
+  mul_EltFp25519_1w_x64(T[1], T[1], T[2]);
+#undef sqrn_EltFp25519_1w_x64
+}
+
+/**
+ * Given C, a 256-bit number, fred_EltFp25519_1w_x64 updates C
+ * with a number such that 0 <= C < 2**255-19.
+ * Contributed by: Samuel Neves.
+ **/
+inline void fred_EltFp25519_1w_x64(uint64_t *const c) {
+  __asm__ __volatile__ (
+  /* First, obtains a number less than 2^255. */
+    "btrq   $63, 24(%0) ;"
+    "sbbl %%ecx, %%ecx  ;"
+    "andq   $19, %%rcx  ;"
+    "addq %%rcx,   (%0) ;"
+    "adcq    $0,  8(%0) ;"
+    "adcq    $0, 16(%0) ;"
+    "adcq    $0, 24(%0) ;"
+
+    "btrq   $63, 24(%0) ;"
+    "sbbl %%ecx, %%ecx  ;"
+    "andq   $19, %%rcx  ;"
+    "addq %%rcx,   (%0) ;"
+    "adcq    $0,  8(%0) ;"
+    "adcq    $0, 16(%0) ;"
+    "adcq    $0, 24(%0) ;"
+
+  /* Then, in case the number fall into [2^255-19, 2^255-1] */
+    "cmpq $-19,   (%0)   ;"
+    "setaeb %%al         ;"
+    "cmpq  $-1,  8(%0)   ;"
+    "setzb %%bl          ;"
+    "cmpq  $-1, 16(%0)   ;"
+    "setzb %%cl          ;"
+    "movq 24(%0), %%rdx  ;"
+    "addq   $1, %%rdx    ;"
+    "shrq  $63, %%rdx    ;"
+    "andb %%bl, %%al     ;"
+    "andb %%dl, %%cl     ;"
+    "test %%cl, %%al     ;"
+    "movl  $0, %%eax     ;"
+    "movl $19, %%ecx     ;"
+    "cmovnz %%rcx, %%rax ;"
+    "addq %%rax,   (%0)  ;"
+    "adcq    $0,  8(%0)  ;"
+    "adcq    $0, 16(%0)  ;"
+    "adcq    $0, 24(%0)  ;"
+    "btrq   $63, 24(%0)  ;"
+  :
+  : "r"(c)
+  : "memory", "cc", "%rax", "%rbx", "%rcx", "%rdx"
+  );
+}