x86_64 assembly for ecc_192_modp

diff --git a/ChangeLog b/ChangeLog
index 523675b616789adb59964f1eb1632acd50671e38..7f6d4f1ea38987a47bfd4612445970dc33767311 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2013-02-27  Niels Möller  <nisse@lysator.liu.se>
 
+       * ecc-192.c: Check HAVE_NATIVE_ecc_192_modp, and use native
+       version if available.
+
+       * x86_64/ecc-192-modp.asm: New file.
+
        * configure.ac (OPT_ASM_SOURCES): New substituted variable.
        (asm_replace_list, asm_optional_list): New variables. For files in
        asm_optional_list, also add them to OPT_ASM_SOURCES and define

diff --git a/ecc-192.c b/ecc-192.c
index e379a99b271a800f9ed66a11a7d396a8ec9018cf..9e785dc1a9b478857b9057c3c4ac024a9347d236 100644 (file)
--- a/ecc-192.c
+++ b/ecc-192.c
@@ -36,9 +36,15 @@
 
 #include "ecc-192.h"
 
+#if HAVE_NATIVE_ecc_192_modp
+
+#define ecc_192_modp nettle_ecc_192_modp
+void
+ecc_192_modp (const struct ecc_curve *ecc, mp_limb_t *rp);
+
 /* Use that p = 2^{192} - 2^64 - 1, to eliminate 128 bits at a time. */
 
-#if GMP_NUMB_BITS == 32
+#elif GMP_NUMB_BITS == 32
 /* p is 6 limbs, p = B^6 - B^2 - 1 */
 static void
 ecc_192_modp (const struct ecc_curve *ecc UNUSED, mp_limb_t *rp)
@@ -89,7 +95,7 @@ ecc_192_modp (const struct ecc_curve *ecc UNUSED, mp_limb_t *rp)
 }
   
 #else
-#define ecc_192_modp ecc_generoc_modp
+#define ecc_192_modp ecc_generic_modp
 #endif
 
 const struct ecc_curve nettle_secp_192r1 =

diff --git a/x86_64/ecc-192-modp.asm b/x86_64/ecc-192-modp.asm
new file mode 100644 (file)
index 0000000..288340f
--- /dev/null
+++ b/x86_64/ecc-192-modp.asm
@@ -0,0 +1,72 @@
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB.  If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+       .file "ecc-192-modp.asm"
+
+define(<RP>, <%rsi>)
+define(<T1>, <%rdi>) C Overlaps unused ecc input
+define(<T2>, <%rcx>)
+define(<T3>, <%rdx>)
+define(<T4>, <%r8>)
+define(<T5>, <%r9>)
+define(<T6>, <%r10>)
+
+       C ecc_192_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+       .text
+       ALIGN(4)
+PROLOGUE(nettle_ecc_192_modp)
+       W64_ENTRY(2, 0)
+       C First: (B+1)*{r5, r4} < B^3 + B^2 - B
+       mov     32(RP), T1
+       mov     40(RP), T2
+       mov     T2, T3
+       xor     T4, T4
+       add     T1, T2
+       adc     $0, T3
+       adc     $0, T4
+
+       add     8(RP), T1
+       adc     16(RP), T2
+       adc     24(RP), T3
+       adc     $0, T4
+       C Sum is < 2B^4 + B^3 - B - 1, so {T4, T3} < 3B
+
+       C Next: (B+1) * {T4, T3} < 3B^2 + 2B
+       mov     T4, T5
+       add     T3, T4
+       adc     $0, T5
+
+       xor     T6, T6
+       add     (RP), T3
+       adc     T4, T1
+       adc     T5, T2
+       adc     $0, T6
+
+       C Fold in final carry.
+       add     T6, T3
+       adc     T6, T1
+       adc     $0, T2
+
+       mov     T3, (RP)
+       mov     T1, 8(RP)
+       mov     T2, 16(RP)
+
+       W64_EXIT(2, 0)
+       ret
+EPILOGUE(nettle_ecc_192_modp)