// linker define ge25519_double_scalarmult_precompute // linker use EC2D0 EC2D1 EC2D2 EC2D3 mask63 /* Assembly for the precomputaion phase used in double base scalar multiplication. * * This assembly has been developed after studying the * amd64-64-24k implementation of the work "High speed * high security signatures" by Bernstein et al. */ #define mask63 CRYPTO_SHARED_NAMESPACE(mask63) #define EC2D0 CRYPTO_SHARED_NAMESPACE(EC2D0) #define EC2D1 CRYPTO_SHARED_NAMESPACE(EC2D1) #define EC2D2 CRYPTO_SHARED_NAMESPACE(EC2D2) #define EC2D3 CRYPTO_SHARED_NAMESPACE(EC2D3) .p2align 5 .globl _CRYPTO_SHARED_NAMESPACE(ge25519_double_scalarmult_precompute) .globl CRYPTO_SHARED_NAMESPACE(ge25519_double_scalarmult_precompute) _CRYPTO_SHARED_NAMESPACE(ge25519_double_scalarmult_precompute): CRYPTO_SHARED_NAMESPACE(ge25519_double_scalarmult_precompute): movq %rsp,%r11 andq $-32,%rsp subq $392,%rsp movq %r11,0(%rsp) movq %r12,8(%rsp) movq %r13,16(%rsp) movq %r14,24(%rsp) movq %r15,32(%rsp) movq %rbx,40(%rsp) movq %rbp,48(%rsp) decq %rdx movq %rdx,56(%rsp) movq 0(%rsi),%r8 movq 8(%rsi),%r9 movq 16(%rsi),%r10 movq 24(%rsi),%r11 movq %r8,0(%rdi) movq %r9,8(%rdi) movq %r10,16(%rdi) movq %r11,24(%rdi) movq 32(%rsi),%r8 movq 40(%rsi),%r9 movq 48(%rsi),%r10 movq 56(%rsi),%r11 movq %r8,32(%rdi) movq %r9,40(%rdi) movq %r10,48(%rdi) movq %r11,56(%rdi) movq 64(%rsi),%r8 movq 72(%rsi),%r9 movq 80(%rsi),%r10 movq 88(%rsi),%r11 movq %r8,64(%rdi) movq %r9,72(%rdi) movq %r10,80(%rdi) movq %r11,88(%rdi) movq 96(%rsi),%r8 movq 104(%rsi),%r9 movq 112(%rsi),%r10 movq 120(%rsi),%r11 movq %r8,96(%rdi) movq %r9,104(%rdi) movq %r10,112(%rdi) movq %r11,120(%rdi) /* dbl p1p1 */ // square movq 0(%rdi),%rbx movq 8(%rdi),%rbp movq 16(%rdi),%rcx movq 24(%rdi),%rsi movq %rsi,%rax mulq %rsi movq %rax,%r12 xorq %r13,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq %rbp,%rax mulq %rsi movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rcx,%rax mulq %rcx addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rcx,%rax mulq %rsi addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq %rbx,%rax mulq %rsi addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq %rbp,%rax mulq %rcx addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq %rbx,%rax mulq %rbx addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rbx,%rax mulq %rbp addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq %rbx,%rax mulq %rcx addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq %rbp,%rax mulq %rbp addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 imul $19,%r15,%r15 andq mask63(%rip),%r14 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,64(%rsp) movq %r10,72(%rsp) movq %r12,80(%rsp) movq %r14,88(%rsp) // square movq 32(%rdi),%rbx movq 40(%rdi),%rbp movq 48(%rdi),%rcx movq 56(%rdi),%rsi movq %rsi,%rax mulq %rsi movq %rax,%r12 xorq %r13,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq %rbp,%rax mulq %rsi movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rcx,%rax mulq %rcx addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rcx,%rax mulq %rsi addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq %rbx,%rax mulq %rsi addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq %rbp,%rax mulq %rcx addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq %rbx,%rax mulq %rbx addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rbx,%rax mulq %rbp addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq %rbx,%rax mulq %rcx addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq %rbp,%rax mulq %rbp addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 imul $19,%r15,%r15 andq mask63(%rip),%r14 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,96(%rsp) movq %r10,104(%rsp) movq %r12,112(%rsp) movq %r14,120(%rsp) // square movq 64(%rdi),%rbx movq 72(%rdi),%rbp movq 80(%rdi),%rcx movq 88(%rdi),%rsi movq %rsi,%rax mulq %rsi movq %rax,%r12 xorq %r13,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq %rbp,%rax mulq %rsi movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rcx,%rax mulq %rcx addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rcx,%rax mulq %rsi addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq %rbx,%rax mulq %rsi addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq %rbp,%rax mulq %rcx addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq %rbx,%rax mulq %rbx addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rbx,%rax mulq %rbp addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq %rbx,%rax mulq %rcx addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq %rbp,%rax mulq %rbp addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 imul $19,%r15,%r15 andq mask63(%rip),%r14 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 // double addq %r8,%r8 adcq %r10,%r10 adcq %r12,%r12 adcq %r14,%r14 movq $0,%rdx movq $38,%rcx cmovae %rdx,%rcx addq %rcx,%r8 adcq %rdx,%r10 adcq %rdx,%r12 adcq %rdx,%r14 cmovc %rcx,%rdx addq %rdx,%r8 movq %r8,128(%rsp) movq %r10,136(%rsp) movq %r12,144(%rsp) movq %r14,152(%rsp) // sub movq $0,%r8 movq $0,%r9 movq $0,%r10 movq $0,%r11 subq 64(%rsp),%r8 sbbq 72(%rsp),%r9 sbbq 80(%rsp),%r10 sbbq 88(%rsp),%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r8 sbbq %rdx,%r9 sbbq %rdx,%r10 sbbq %rdx,%r11 cmovc %rax,%rdx subq %rdx,%r8 movq %r8,64(%rsp) movq %r9,72(%rsp) movq %r10,80(%rsp) movq %r11,88(%rsp) // sub movq $0,%r12 movq $0,%r13 movq $0,%r14 movq $0,%r15 subq 96(%rsp),%r12 sbbq 104(%rsp),%r13 sbbq 112(%rsp),%r14 sbbq 120(%rsp),%r15 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r12 sbbq %rdx,%r13 sbbq %rdx,%r14 sbbq %rdx,%r15 cmovc %rax,%rdx subq %rdx,%r12 movq %r12,160(%rsp) movq %r13,168(%rsp) movq %r14,176(%rsp) movq %r15,184(%rsp) // add movq %r8,%r12 movq %r9,%r13 movq %r10,%r14 movq %r11,%r15 addq 96(%rsp),%r12 adcq 104(%rsp),%r13 adcq 112(%rsp),%r14 adcq 120(%rsp),%r15 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r12 adcq %rdx,%r13 adcq %rdx,%r14 adcq %rdx,%r15 cmovc %rax,%rdx subq %rdx,%r12 movq %r12,224(%rsp) movq %r13,232(%rsp) movq %r14,240(%rsp) movq %r15,248(%rsp) // sub subq 96(%rsp),%r8 sbbq 104(%rsp),%r9 sbbq 112(%rsp),%r10 sbbq 120(%rsp),%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r8 sbbq %rdx,%r9 sbbq %rdx,%r10 sbbq %rdx,%r11 cmovc %rax,%rdx subq %rdx,%r8 movq %r8,256(%rsp) movq %r9,264(%rsp) movq %r10,272(%rsp) movq %r11,280(%rsp) // sub subq 128(%rsp),%r12 sbbq 136(%rsp),%r13 sbbq 144(%rsp),%r14 sbbq 152(%rsp),%r15 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r12 sbbq %rdx,%r13 sbbq %rdx,%r14 sbbq %rdx,%r15 cmovc %rax,%rdx subq %rdx,%r12 movq %r12,288(%rsp) movq %r13,296(%rsp) movq %r14,304(%rsp) movq %r15,312(%rsp) // add movq 0(%rdi),%r8 movq 8(%rdi),%r9 movq 16(%rdi),%r10 movq 24(%rdi),%r11 addq 32(%rdi),%r8 adcq 40(%rdi),%r9 adcq 48(%rdi),%r10 adcq 56(%rdi),%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r8 adcq %rdx,%r9 adcq %rdx,%r10 adcq %rdx,%r11 cmovc %rax,%rdx addq %rdx,%r8 movq %r8,96(%rsp) movq %r9,104(%rsp) movq %r10,112(%rsp) movq %r11,120(%rsp) // square movq 96(%rsp),%rbx movq 104(%rsp),%rbp movq 112(%rsp),%rcx movq 120(%rsp),%rsi movq %rsi,%rax mulq %rsi movq %rax,%r12 xorq %r13,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq %rbp,%rax mulq %rsi movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rcx,%rax mulq %rcx addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rcx,%rax mulq %rsi addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq %rbx,%rax mulq %rsi addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq %rbp,%rax mulq %rcx addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq %rbx,%rax mulq %rbx addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq %rbx,%rax mulq %rbp addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq %rbx,%rax mulq %rcx addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq %rbp,%rax mulq %rbp addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 imul $19,%r15,%r15 andq mask63(%rip),%r14 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 // add addq 64(%rsp),%r8 adcq 72(%rsp),%r10 adcq 80(%rsp),%r12 adcq 88(%rsp),%r14 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r8 adcq %rdx,%r10 adcq %rdx,%r12 adcq %rdx,%r14 cmovc %rax,%rdx addq %rdx,%r8 addq 160(%rsp),%r8 adcq 168(%rsp),%r10 adcq 176(%rsp),%r12 adcq 184(%rsp),%r14 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r8 adcq %rdx,%r10 adcq %rdx,%r12 adcq %rdx,%r14 cmovc %rax,%rdx addq %rdx,%r8 movq %r8,192(%rsp) movq %r10,200(%rsp) movq %r12,208(%rsp) movq %r14,216(%rsp) /* p1p1 to p3 */ // mul movq 200(%rsp),%rax mulq 312(%rsp) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 208(%rsp),%rax mulq 304(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 216(%rsp),%rax mulq 296(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 208(%rsp),%rax mulq 312(%rsp) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 216(%rsp),%rax mulq 304(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 216(%rsp),%rax mulq 312(%rsp) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 192(%rsp),%rax mulq 312(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 200(%rsp),%rax mulq 304(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 208(%rsp),%rax mulq 296(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 216(%rsp),%rax mulq 288(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 192(%rsp),%rax mulq 288(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 192(%rsp),%rax mulq 296(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 200(%rsp),%rax mulq 288(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 192(%rsp),%rax mulq 304(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 200(%rsp),%rax mulq 296(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 208(%rsp),%rax mulq 288(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,64(%rsp) movq %r10,72(%rsp) movq %r12,80(%rsp) movq %r14,88(%rsp) // mul movq 232(%rsp),%rax mulq 280(%rsp) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 240(%rsp),%rax mulq 272(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 248(%rsp),%rax mulq 264(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 240(%rsp),%rax mulq 280(%rsp) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 248(%rsp),%rax mulq 272(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 248(%rsp),%rax mulq 280(%rsp) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 224(%rsp),%rax mulq 280(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 232(%rsp),%rax mulq 272(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 240(%rsp),%rax mulq 264(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 248(%rsp),%rax mulq 256(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 224(%rsp),%rax mulq 256(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 224(%rsp),%rax mulq 264(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 232(%rsp),%rax mulq 256(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 224(%rsp),%rax mulq 272(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 232(%rsp),%rax mulq 264(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 240(%rsp),%rax mulq 256(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,96(%rsp) movq %r10,104(%rsp) movq %r12,112(%rsp) movq %r14,120(%rsp) // mul movq 232(%rsp),%rax mulq 312(%rsp) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 240(%rsp),%rax mulq 304(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 248(%rsp),%rax mulq 296(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 240(%rsp),%rax mulq 312(%rsp) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 248(%rsp),%rax mulq 304(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 248(%rsp),%rax mulq 312(%rsp) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 224(%rsp),%rax mulq 312(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 232(%rsp),%rax mulq 304(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 240(%rsp),%rax mulq 296(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 248(%rsp),%rax mulq 288(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 224(%rsp),%rax mulq 288(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 224(%rsp),%rax mulq 296(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 232(%rsp),%rax mulq 288(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 224(%rsp),%rax mulq 304(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 232(%rsp),%rax mulq 296(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 240(%rsp),%rax mulq 288(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,128(%rsp) movq %r10,136(%rsp) movq %r12,144(%rsp) movq %r14,152(%rsp) // mul movq 200(%rsp),%rax mulq 280(%rsp) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 208(%rsp),%rax mulq 272(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 216(%rsp),%rax mulq 264(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 208(%rsp),%rax mulq 280(%rsp) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 216(%rsp),%rax mulq 272(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 216(%rsp),%rax mulq 280(%rsp) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 192(%rsp),%rax mulq 280(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 200(%rsp),%rax mulq 272(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 208(%rsp),%rax mulq 264(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 216(%rsp),%rax mulq 256(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 192(%rsp),%rax mulq 256(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 192(%rsp),%rax mulq 264(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 200(%rsp),%rax mulq 256(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 192(%rsp),%rax mulq 272(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 200(%rsp),%rax mulq 264(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 208(%rsp),%rax mulq 256(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,160(%rsp) movq %r10,168(%rsp) movq %r12,176(%rsp) movq %r14,184(%rsp) // Convert pre[0] to projective Niels representation movq 0(%rdi),%rbx movq 8(%rdi),%rcx movq 16(%rdi),%rbp movq 24(%rdi),%rsi movq 32(%rdi),%r8 movq 40(%rdi),%r9 movq 48(%rdi),%r10 movq 56(%rdi),%r11 movq %r8,%r12 movq %r9,%r13 movq %r10,%r14 movq %r11,%r15 subq %rbx,%r8 sbbq %rcx,%r9 sbbq %rbp,%r10 sbbq %rsi,%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r8 sbbq %rdx,%r9 sbbq %rdx,%r10 sbbq %rdx,%r11 cmovc %rax,%rdx subq %rdx,%r8 movq %r8,0(%rdi) movq %r9,8(%rdi) movq %r10,16(%rdi) movq %r11,24(%rdi) addq %rbx,%r12 adcq %rcx,%r13 adcq %rbp,%r14 adcq %rsi,%r15 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r12 adcq %rdx,%r13 adcq %rdx,%r14 adcq %rdx,%r15 cmovc %rax,%rdx addq %rdx,%r12 movq %r12,32(%rdi) movq %r13,40(%rdi) movq %r14,48(%rdi) movq %r15,56(%rdi) // mul movq EC2D1(%rip),%rax mulq 120(%rdi) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq EC2D2(%rip),%rax mulq 112(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq EC2D3(%rip),%rax mulq 104(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq EC2D2(%rip),%rax mulq 120(%rdi) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq EC2D3(%rip),%rax mulq 112(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq EC2D3(%rip),%rax mulq 120(%rdi) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq EC2D0(%rip),%rax mulq 120(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq EC2D1(%rip),%rax mulq 112(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq EC2D2(%rip),%rax mulq 104(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq EC2D3(%rip),%rax mulq 96(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq EC2D0(%rip),%rax mulq 96(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq EC2D0(%rip),%rax mulq 104(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq EC2D1(%rip),%rax mulq 96(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq EC2D0(%rip),%rax mulq 112(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq EC2D1(%rip),%rax mulq 104(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq EC2D2(%rip),%rax mulq 96(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,96(%rdi) movq %r10,104(%rdi) movq %r12,112(%rdi) movq %r14,120(%rdi) movq $0,384(%rsp) .L: // pnielsadd_p1p1 movq 96(%rsp),%r8 movq 104(%rsp),%r9 movq 112(%rsp),%r10 movq 120(%rsp),%r11 movq %r8,%r12 movq %r9,%r13 movq %r10,%r14 movq %r11,%r15 subq 64(%rsp),%r8 sbbq 72(%rsp),%r9 sbbq 80(%rsp),%r10 sbbq 88(%rsp),%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r8 sbbq %rdx,%r9 sbbq %rdx,%r10 sbbq %rdx,%r11 cmovc %rax,%rdx subq %rdx,%r8 movq %r8,320(%rsp) movq %r9,328(%rsp) movq %r10,336(%rsp) movq %r11,344(%rsp) addq 64(%rsp),%r12 adcq 72(%rsp),%r13 adcq 80(%rsp),%r14 adcq 88(%rsp),%r15 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r12 adcq %rdx,%r13 adcq %rdx,%r14 adcq %rdx,%r15 cmovc %rax,%rdx addq %rdx,%r12 movq %r12,352(%rsp) movq %r13,360(%rsp) movq %r14,368(%rsp) movq %r15,376(%rsp) // mul movq 328(%rsp),%rax mulq 24(%rdi) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 336(%rsp),%rax mulq 16(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 344(%rsp),%rax mulq 8(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 336(%rsp),%rax mulq 24(%rdi) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 344(%rsp),%rax mulq 16(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 344(%rsp),%rax mulq 24(%rdi) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 320(%rsp),%rax mulq 24(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 328(%rsp),%rax mulq 16(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 336(%rsp),%rax mulq 8(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 344(%rsp),%rax mulq 0(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 320(%rsp),%rax mulq 0(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 320(%rsp),%rax mulq 8(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 328(%rsp),%rax mulq 0(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 320(%rsp),%rax mulq 16(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 328(%rsp),%rax mulq 8(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 336(%rsp),%rax mulq 0(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,320(%rsp) movq %r10,328(%rsp) movq %r12,336(%rsp) movq %r14,344(%rsp) // mul movq 360(%rsp),%rax mulq 56(%rdi) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 368(%rsp),%rax mulq 48(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 376(%rsp),%rax mulq 40(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 368(%rsp),%rax mulq 56(%rdi) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 376(%rsp),%rax mulq 48(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 376(%rsp),%rax mulq 56(%rdi) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 352(%rsp),%rax mulq 56(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 360(%rsp),%rax mulq 48(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 368(%rsp),%rax mulq 40(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 376(%rsp),%rax mulq 32(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 352(%rsp),%rax mulq 32(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 352(%rsp),%rax mulq 40(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 360(%rsp),%rax mulq 32(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 352(%rsp),%rax mulq 48(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 360(%rsp),%rax mulq 40(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 368(%rsp),%rax mulq 32(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 // add movq %r8,%r9 movq %r10,%r11 movq %r12,%r13 movq %r14,%r15 addq 320(%rsp),%r8 adcq 328(%rsp),%r10 adcq 336(%rsp),%r12 adcq 344(%rsp),%r14 movq $0,%rdx mov $38,%rax cmovae %rdx,%rax addq %rax,%r8 adcq %rdx,%r10 adcq %rdx,%r12 adcq %rdx,%r14 cmovc %rax,%rdx addq %rdx,%r8 movq %r8,256(%rsp) movq %r10,264(%rsp) movq %r12,272(%rsp) movq %r14,280(%rsp) // sub subq 320(%rsp),%r9 sbbq 328(%rsp),%r11 sbbq 336(%rsp),%r13 sbbq 344(%rsp),%r15 movq $0,%rdx mov $38,%rax cmovae %rdx,%rax subq %rax,%r9 sbbq %rdx,%r11 sbbq %rdx,%r13 sbbq %rdx,%r15 cmovc %rax,%rdx subq %rdx,%r9 movq %r9,192(%rsp) movq %r11,200(%rsp) movq %r13,208(%rsp) movq %r15,216(%rsp) // mul movq 168(%rsp),%rax mulq 120(%rdi) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 176(%rsp),%rax mulq 112(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 184(%rsp),%rax mulq 104(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 176(%rsp),%rax mulq 120(%rdi) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 184(%rsp),%rax mulq 112(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 184(%rsp),%rax mulq 120(%rdi) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 160(%rsp),%rax mulq 120(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 168(%rsp),%rax mulq 112(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 176(%rsp),%rax mulq 104(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 184(%rsp),%rax mulq 96(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 160(%rsp),%rax mulq 96(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 160(%rsp),%rax mulq 104(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 168(%rsp),%rax mulq 96(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 160(%rsp),%rax mulq 112(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 168(%rsp),%rax mulq 104(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 176(%rsp),%rax mulq 96(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,320(%rsp) movq %r10,328(%rsp) movq %r12,336(%rsp) movq %r14,344(%rsp) // mul movq 136(%rsp),%rax mulq 88(%rdi) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 144(%rsp),%rax mulq 80(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 152(%rsp),%rax mulq 72(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 144(%rsp),%rax mulq 88(%rdi) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 152(%rsp),%rax mulq 80(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 152(%rsp),%rax mulq 88(%rdi) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 128(%rsp),%rax mulq 88(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 136(%rsp),%rax mulq 80(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 144(%rsp),%rax mulq 72(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 152(%rsp),%rax mulq 64(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 128(%rsp),%rax mulq 64(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 128(%rsp),%rax mulq 72(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 136(%rsp),%rax mulq 64(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 128(%rsp),%rax mulq 80(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 136(%rsp),%rax mulq 72(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 144(%rsp),%rax mulq 64(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 // double addq %r8,%r8 adcq %r10,%r10 adcq %r12,%r12 adcq %r14,%r14 movq $0,%rdx mov $38,%rax cmovae %rdx,%rax addq %rax,%r8 adcq %rdx,%r10 adcq %rdx,%r12 adcq %rdx,%r14 cmovc %rax,%rdx addq %rdx,%r8 // add movq %r8,%r9 movq %r10,%r11 movq %r12,%r13 movq %r14,%r15 addq 320(%rsp),%r8 adcq 328(%rsp),%r10 adcq 336(%rsp),%r12 adcq 344(%rsp),%r14 movq $0,%rdx mov $38,%rax cmovae %rdx,%rax addq %rax,%r8 adcq %rdx,%r10 adcq %rdx,%r12 adcq %rdx,%r14 cmovc %rax,%rdx addq %rdx,%r8 movq %r8,224(%rsp) movq %r10,232(%rsp) movq %r12,240(%rsp) movq %r14,248(%rsp) // sub subq 320(%rsp),%r9 sbbq 328(%rsp),%r11 sbbq 336(%rsp),%r13 sbbq 344(%rsp),%r15 movq $0,%rdx mov $38,%rax cmovae %rdx,%rax subq %rax,%r9 sbbq %rdx,%r11 sbbq %rdx,%r13 sbbq %rdx,%r15 cmovc %rax,%rdx subq %rdx,%r9 movq %r9,288(%rsp) movq %r11,296(%rsp) movq %r13,304(%rsp) movq %r15,312(%rsp) /* p1p1 to p3 */ // mul movq 200(%rsp),%rax mulq 312(%rsp) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 208(%rsp),%rax mulq 304(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 216(%rsp),%rax mulq 296(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 208(%rsp),%rax mulq 312(%rsp) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 216(%rsp),%rax mulq 304(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 216(%rsp),%rax mulq 312(%rsp) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 192(%rsp),%rax mulq 312(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 200(%rsp),%rax mulq 304(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 208(%rsp),%rax mulq 296(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 216(%rsp),%rax mulq 288(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 192(%rsp),%rax mulq 288(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 192(%rsp),%rax mulq 296(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 200(%rsp),%rax mulq 288(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 192(%rsp),%rax mulq 304(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 200(%rsp),%rax mulq 296(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 208(%rsp),%rax mulq 288(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,128(%rdi) movq %r10,136(%rdi) movq %r12,144(%rdi) movq %r14,152(%rdi) // mul movq 232(%rsp),%rax mulq 280(%rsp) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 240(%rsp),%rax mulq 272(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 248(%rsp),%rax mulq 264(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 240(%rsp),%rax mulq 280(%rsp) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 248(%rsp),%rax mulq 272(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 248(%rsp),%rax mulq 280(%rsp) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 224(%rsp),%rax mulq 280(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 232(%rsp),%rax mulq 272(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 240(%rsp),%rax mulq 264(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 248(%rsp),%rax mulq 256(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 224(%rsp),%rax mulq 256(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 224(%rsp),%rax mulq 264(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 232(%rsp),%rax mulq 256(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 224(%rsp),%rax mulq 272(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 232(%rsp),%rax mulq 264(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 240(%rsp),%rax mulq 256(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,160(%rdi) movq %r10,168(%rdi) movq %r12,176(%rdi) movq %r14,184(%rdi) // mul movq 232(%rsp),%rax mulq 312(%rsp) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 240(%rsp),%rax mulq 304(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 248(%rsp),%rax mulq 296(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 240(%rsp),%rax mulq 312(%rsp) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 248(%rsp),%rax mulq 304(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 248(%rsp),%rax mulq 312(%rsp) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 224(%rsp),%rax mulq 312(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 232(%rsp),%rax mulq 304(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 240(%rsp),%rax mulq 296(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 248(%rsp),%rax mulq 288(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 224(%rsp),%rax mulq 288(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 224(%rsp),%rax mulq 296(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 232(%rsp),%rax mulq 288(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 224(%rsp),%rax mulq 304(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 232(%rsp),%rax mulq 296(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 240(%rsp),%rax mulq 288(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,192(%rdi) movq %r10,200(%rdi) movq %r12,208(%rdi) movq %r14,216(%rdi) // mul movq 200(%rsp),%rax mulq 280(%rsp) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq 208(%rsp),%rax mulq 272(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 216(%rsp),%rax mulq 264(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 208(%rsp),%rax mulq 280(%rsp) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq 216(%rsp),%rax mulq 272(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq 216(%rsp),%rax mulq 280(%rsp) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq 192(%rsp),%rax mulq 280(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 200(%rsp),%rax mulq 272(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 208(%rsp),%rax mulq 264(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq 216(%rsp),%rax mulq 256(%rsp) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq 192(%rsp),%rax mulq 256(%rsp) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq 192(%rsp),%rax mulq 264(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 200(%rsp),%rax mulq 256(%rsp) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq 192(%rsp),%rax mulq 272(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 200(%rsp),%rax mulq 264(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq 208(%rsp),%rax mulq 256(%rsp) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,224(%rdi) movq %r10,232(%rdi) movq %r12,240(%rdi) movq %r14,248(%rdi) // Convert pre[i1] to projective Niels representation movq 128(%rdi),%rbx movq 136(%rdi),%rcx movq 144(%rdi),%rbp movq 152(%rdi),%rsi movq 160(%rdi),%r8 movq 168(%rdi),%r9 movq 176(%rdi),%r10 movq 184(%rdi),%r11 movq %r8,%r12 movq %r9,%r13 movq %r10,%r14 movq %r11,%r15 subq %rbx,%r8 sbbq %rcx,%r9 sbbq %rbp,%r10 sbbq %rsi,%r11 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax subq %rax,%r8 sbbq %rdx,%r9 sbbq %rdx,%r10 sbbq %rdx,%r11 cmovc %rax,%rdx subq %rdx,%r9 movq %r8,128(%rdi) movq %r9,136(%rdi) movq %r10,144(%rdi) movq %r11,152(%rdi) addq %rbx,%r12 adcq %rcx,%r13 adcq %rbp,%r14 adcq %rsi,%r15 movq $0,%rdx movq $38,%rax cmovae %rdx,%rax addq %rax,%r12 adcq %rdx,%r13 adcq %rdx,%r14 adcq %rdx,%r15 cmovc %rax,%rdx addq %rdx,%r12 movq %r12,160(%rdi) movq %r13,168(%rdi) movq %r14,176(%rdi) movq %r15,184(%rdi) // mul movq EC2D1(%rip),%rax mulq 248(%rdi) movq %rax,%r8 xorq %r9,%r9 movq %rdx,%r10 xorq %r11,%r11 movq EC2D2(%rip),%rax mulq 240(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq EC2D3(%rip),%rax mulq 232(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq EC2D2(%rip),%rax mulq 248(%rdi) addq %rax,%r10 adcq $0,%r11 movq %rdx,%r12 xorq %r13,%r13 movq EC2D3(%rip),%rax mulq 240(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq $38,%rax mulq %r10 imul $38,%r11,%r11 movq %rax,%r10 addq %rdx,%r11 movq EC2D3(%rip),%rax mulq 248(%rdi) addq %rax,%r12 adcq $0,%r13 movq $38,%rax mulq %rdx movq %rax,%r14 movq %rdx,%r15 movq $38,%rax mulq %r12 imul $38,%r13,%r13 movq %rax,%r12 addq %rdx,%r13 movq EC2D0(%rip),%rax mulq 248(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq EC2D1(%rip),%rax mulq 240(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq EC2D2(%rip),%rax mulq 232(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq EC2D3(%rip),%rax mulq 224(%rdi) addq %rax,%r14 adcq $0,%r15 addq %rdx,%r8 adcq $0,%r9 movq $38,%rax mulq %r8 imul $38,%r9,%r9 movq %rax,%r8 addq %rdx,%r9 movq EC2D0(%rip),%rax mulq 224(%rdi) addq %rax,%r8 adcq $0,%r9 addq %rdx,%r10 adcq $0,%r11 movq EC2D0(%rip),%rax mulq 232(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq EC2D1(%rip),%rax mulq 224(%rdi) addq %rax,%r10 adcq $0,%r11 addq %rdx,%r12 adcq $0,%r13 movq EC2D0(%rip),%rax mulq 240(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq EC2D1(%rip),%rax mulq 232(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 movq EC2D2(%rip),%rax mulq 224(%rdi) addq %rax,%r12 adcq $0,%r13 addq %rdx,%r14 adcq $0,%r15 addq %r9,%r10 adcq $0,%r11 addq %r11,%r12 adcq $0,%r13 addq %r13,%r14 adcq $0,%r15 shld $1,%r14,%r15 andq mask63(%rip),%r14 imul $19,%r15,%r15 addq %r15,%r8 adcq $0,%r10 adcq $0,%r12 adcq $0,%r14 movq %r8,224(%rdi) movq %r10,232(%rdi) movq %r12,240(%rdi) movq %r14,248(%rdi) addq $128,%rdi movq 384(%rsp),%r8 incq %r8 movq %r8,384(%rsp) cmpq 56(%rsp),%r8 jl .L movq 0(%rsp),%r11 movq 8(%rsp),%r12 movq 16(%rsp),%r13 movq 24(%rsp),%r14 movq 32(%rsp),%r15 movq 40(%rsp),%rbx movq 48(%rsp),%rbp movq %r11,%rsp ret