chromium/third_party/boringssl/src/crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc

/* x86_64 BIGNUM accelerator version 0.1, December 2002.
 *
 * Implemented by Andy Polyakov <[email protected]> for the OpenSSL
 * project.
 *
 * Rights for redistribution and usage in source and binary forms are
 * granted according to the OpenSSL license. Warranty of any kind is
 * disclaimed.
 *
 * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
 *    versions, like 1.0...
 * A. Well, that's because this code is basically a quick-n-dirty
 *    proof-of-concept hack. As you can see it's implemented with
 *    inline assembler, which means that you're bound to GCC and that
 *    there might be enough room for further improvement.
 *
 * Q. Why inline assembler?
 * A. x86_64 features own ABI which I'm not familiar with. This is
 *    why I decided to let the compiler take care of subroutine
 *    prologue/epilogue as well as register allocation. For reference.
 *    Win64 implements different ABI for AMD64, different from Linux.
 *
 * Q. How much faster does it get?
 * A. 'apps/openssl speed rsa dsa' output with no-asm:
 *
 *	                  sign    verify    sign/s verify/s
 *	rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
 *	rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
 *	rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
 *	rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
 *	                  sign    verify    sign/s verify/s
 *	dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
 *	dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
 *	dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
 *
 *    'apps/openssl speed rsa dsa' output with this module:
 *
 *	                  sign    verify    sign/s verify/s
 *	rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
 *	rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
 *	rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
 *	rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
 *	                  sign    verify    sign/s verify/s
 *	dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
 *	dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
 *	dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
 *
 *    For the reference. IA-32 assembler implementation performs
 *    very much like 64-bit code compiled with no-asm on the same
 *    machine.
 */

#include <openssl/bn.h>

// TODO(davidben): Get this file working on MSVC x64.
#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \
    (defined(__GNUC__) || defined(__clang__))

#include "../internal.h"


#undef mul
#undef mul_add

// "m"(a), "+m"(r)	is the way to favor DirectPath µ-code;
// "g"(0)		let the compiler to decide where does it
//			want to keep the value of zero;
#define mul_add

#define mul
#undef sqr
#define sqr

BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, size_t num,
                          BN_ULONG w) {}

BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, size_t num,
                      BN_ULONG w) {}

void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, size_t n) {}

BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                      size_t n) {}

BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                      size_t n) {}

// mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0)
// mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0)
// sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0)
// sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0)

// Keep in mind that carrying into high part of multiplication result can not
// overflow, because it cannot be all-ones.
#define mul_add_c

#define sqr_add_c

#define mul_add_c2

#define sqr_add_c2

void bn_mul_comba8(BN_ULONG r[16], const BN_ULONG a[8], const BN_ULONG b[8]) {}

void bn_mul_comba4(BN_ULONG r[8], const BN_ULONG a[4], const BN_ULONG b[4]) {}

void bn_sqr_comba8(BN_ULONG r[16], const BN_ULONG a[8]) {}

void bn_sqr_comba4(BN_ULONG r[8], const BN_ULONG a[4]) {}

#undef mul_add
#undef mul
#undef sqr
#undef mul_add_c
#undef sqr_add_c
#undef mul_add_c2
#undef sqr_add_c2

#endif  // !NO_ASM && X86_64 && (__GNUC__ || __clang__)