Hi,
+.abiversion2
I'd prefer that was left to the compiler flags.
Problem is that it's the compiler that is responsible for providing this
directive in the intermediate .s prior invoking the assembler. And there
is no assembler flag to pass through -Wa.
Hmm, right. But none of our exis
Hi,
+.abiversion2
I'd prefer that was left to the compiler flags.
Problem is that it's the compiler that is responsible for providing this
directive in the intermediate .s prior invoking the assembler. And there
is no assembler flag to pass through -Wa. If concern is ABI neutrality,
t
Thanks for the info. I should be able to do it. I was hoping an
assembly guru like you can show me some tricks here if there is :)
No tricks in cswap, it's as straightforward as it gets, so go ahead :-)
+static void cswap(fe51 p, fe51 q, unsigned int bit)
+{
+ u64 t, i;
+ u64 c = 0 - (u64) bit;
+
+ for (i = 0; i < 5; ++i) {
+ t = c & (p[i] ^ q[i]);
+ p[i] ^= t;
+ q[i] ^= t;
+ }
+}
The "c" in cswap stands for "constant-time," and the problem is that
contemporary
Hi,
+SYM_FUNC_START(x25519_fe51_sqr_times)
...
+
+.Lsqr_times_loop:
...
+
+ std 9,16(3)
+ std 10,24(3)
+ std 11,32(3)
+ std 7,0(3)
+ std 8,8(3)
+ bdnz.Lsqr_times_loop
I see no reason for why the stores can't be moved outside the loop
Hi,
+static void cswap(fe51 p, fe51 q, unsigned int bit)
+{
+ u64 t, i;
+ u64 c = 0 - (u64) bit;
+
+ for (i = 0; i < 5; ++i) {
+ t = c & (p[i] ^ q[i]);
+ p[i] ^= t;
+ q[i] ^= t;
+ }
+}
The "c" in cswap stands for "constant-time,
Hi,
Couple of remarks inline.
+# [1] https://www.openssl.org/~appro/cryptogams/
https://github.com/dot-asm/cryptogams/ is arguably better reference.
+SYM_FUNC_START(x25519_fe51_mul)
+.align 5
The goal is to align the label, not the first instruction after the
directive. It's not a proble
