SMusatov
/
mkp224o
зеркало из https://github.com/cathugger/mkp224o.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513
							#if defined(ED25519_GCC_32BIT_SSE_CHOOSE)

#define HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS

DONNA_NOINLINE static void
ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
	int32_t breg = (int32_t)b;
	uint32_t sign = (uint32_t)breg >> 31;
	uint32_t mask = ~(sign - 1);
	uint32_t u = (breg + mask) ^ mask;

	__asm__ __volatile__ (
		/* ysubx+xaddy */
		"movl %0, %%eax                  ;\n"
		"movd %%eax, %%xmm6              ;\n"
		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
		"pxor %%xmm0, %%xmm0             ;\n"
		"pxor %%xmm1, %%xmm1             ;\n"
		"pxor %%xmm2, %%xmm2             ;\n"
		"pxor %%xmm3, %%xmm3             ;\n"

		/* 0 */
		"movl $0, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movl $1, %%ecx                  ;\n"
		"movd %%ecx, %%xmm4              ;\n"
		"pxor %%xmm5, %%xmm5             ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm0              ;\n"
		"por %%xmm5, %%xmm1              ;\n"
		"por %%xmm4, %%xmm2              ;\n"
		"por %%xmm5, %%xmm3              ;\n"

		/* 1 */
		"movl $1, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 0(%1), %%xmm4            ;\n"
		"movdqa 16(%1), %%xmm5           ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm0              ;\n"
		"por %%xmm5, %%xmm1              ;\n"
		"movdqa 32(%1), %%xmm4           ;\n"
		"movdqa 48(%1), %%xmm5           ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm2              ;\n"
		"por %%xmm5, %%xmm3              ;\n"

		/* 2 */
		"movl $2, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 96(%1), %%xmm4           ;\n"
		"movdqa 112(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm0              ;\n"
		"por %%xmm5, %%xmm1              ;\n"
		"movdqa 128(%1), %%xmm4          ;\n"
		"movdqa 144(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm2              ;\n"
		"por %%xmm5, %%xmm3              ;\n"

		/* 3 */
		"movl $3, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 192(%1), %%xmm4          ;\n"
		"movdqa 208(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm0              ;\n"
		"por %%xmm5, %%xmm1              ;\n"
		"movdqa 224(%1), %%xmm4          ;\n"
		"movdqa 240(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm2              ;\n"
		"por %%xmm5, %%xmm3              ;\n"

		/* 4 */
		"movl $4, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 288(%1), %%xmm4          ;\n"
		"movdqa 304(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm0              ;\n"
		"por %%xmm5, %%xmm1              ;\n"
		"movdqa 320(%1), %%xmm4          ;\n"
		"movdqa 336(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm2              ;\n"
		"por %%xmm5, %%xmm3              ;\n"

		/* 5 */
		"movl $5, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 384(%1), %%xmm4          ;\n"
		"movdqa 400(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm0              ;\n"
		"por %%xmm5, %%xmm1              ;\n"
		"movdqa 416(%1), %%xmm4          ;\n"
		"movdqa 432(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm2              ;\n"
		"por %%xmm5, %%xmm3              ;\n"

		/* 6 */
		"movl $6, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 480(%1), %%xmm4          ;\n"
		"movdqa 496(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm0              ;\n"
		"por %%xmm5, %%xmm1              ;\n"
		"movdqa 512(%1), %%xmm4          ;\n"
		"movdqa 528(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm2              ;\n"
		"por %%xmm5, %%xmm3              ;\n"

		/* 7 */
		"movl $7, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 576(%1), %%xmm4          ;\n"
		"movdqa 592(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm0              ;\n"
		"por %%xmm5, %%xmm1              ;\n"
		"movdqa 608(%1), %%xmm4          ;\n"
		"movdqa 624(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm2              ;\n"
		"por %%xmm5, %%xmm3              ;\n"

		/* 8 */
		"movl $8, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 672(%1), %%xmm4          ;\n"
		"movdqa 688(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm0              ;\n"
		"por %%xmm5, %%xmm1              ;\n"
		"movdqa 704(%1), %%xmm4          ;\n"
		"movdqa 720(%1), %%xmm5          ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"por %%xmm4, %%xmm2              ;\n"
		"por %%xmm5, %%xmm3              ;\n"

		/* conditional swap based on sign */
		"movl %3, %%ecx                  ;\n"
		"movl %2, %%eax                  ;\n"
		"xorl $1, %%ecx                  ;\n"
		"movd %%ecx, %%xmm6              ;\n"
		"pxor %%xmm7, %%xmm7             ;\n"
		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
		"pxor %%xmm0, %%xmm2             ;\n"
		"pxor %%xmm1, %%xmm3             ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa %%xmm2, %%xmm4           ;\n"
		"movdqa %%xmm3, %%xmm5           ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"pand %%xmm7, %%xmm5             ;\n"
		"pxor %%xmm4, %%xmm0             ;\n"
		"pxor %%xmm5, %%xmm1             ;\n"
		"pxor %%xmm0, %%xmm2             ;\n"
		"pxor %%xmm1, %%xmm3             ;\n"

		/* store ysubx */
		"movd %%xmm0, %%ecx              ;\n"
		"movl %%ecx, %%edx               ;\n"
		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 0(%%eax)            ;\n"
		"movd %%xmm0, %%ecx              ;\n"
		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
		"shrdl $26, %%ecx, %%edx         ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 4(%%eax)            ;\n"
		"movd %%xmm0, %%edx              ;\n"
		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
		"shrdl $19, %%edx, %%ecx         ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 8(%%eax)            ;\n"
		"movd %%xmm0, %%ecx              ;\n"
		"shrdl $13, %%ecx, %%edx         ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 12(%%eax)           ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
		"shrl $6, %%ecx                  ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 16(%%eax)           ;\n"
		"movl %%edx, %%ecx               ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 20(%%eax)           ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
		"shrdl $25, %%edx, %%ecx         ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 24(%%eax)           ;\n"
		"movd %%xmm1, %%ecx              ;\n"
		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
		"shrdl $19, %%ecx, %%edx         ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 28(%%eax)           ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"shrdl $12, %%edx, %%ecx         ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 32(%%eax)           ;\n"
		"shrl $6, %%edx                  ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"xorl %%ecx, %%ecx               ;\n"
		"movl %%edx, 36(%%eax)           ;\n"
		"movl %%ecx, 40(%%eax)           ;\n"
		"movl %%ecx, 44(%%eax)           ;\n"

		/* store xaddy */
		"addl $48, %%eax                 ;\n"
		"movdqa %%xmm2, %%xmm0           ;\n"
		"movdqa %%xmm3, %%xmm1           ;\n"
		"movd %%xmm0, %%ecx              ;\n"
		"movl %%ecx, %%edx               ;\n"
		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 0(%%eax)            ;\n"
		"movd %%xmm0, %%ecx              ;\n"
		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
		"shrdl $26, %%ecx, %%edx         ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 4(%%eax)            ;\n"
		"movd %%xmm0, %%edx              ;\n"
		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
		"shrdl $19, %%edx, %%ecx         ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 8(%%eax)            ;\n"
		"movd %%xmm0, %%ecx              ;\n"
		"shrdl $13, %%ecx, %%edx         ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 12(%%eax)           ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
		"shrl $6, %%ecx                  ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 16(%%eax)           ;\n"
		"movl %%edx, %%ecx               ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 20(%%eax)           ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
		"shrdl $25, %%edx, %%ecx         ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 24(%%eax)           ;\n"
		"movd %%xmm1, %%ecx              ;\n"
		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
		"shrdl $19, %%ecx, %%edx         ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 28(%%eax)           ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"shrdl $12, %%edx, %%ecx         ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 32(%%eax)           ;\n"
		"shrl $6, %%edx                  ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"xorl %%ecx, %%ecx               ;\n"
		"movl %%edx, 36(%%eax)           ;\n"
		"movl %%ecx, 40(%%eax)           ;\n"
		"movl %%ecx, 44(%%eax)           ;\n"

		/* t2d */
		"movl %0, %%eax                  ;\n"
		"movd %%eax, %%xmm6              ;\n"
		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
		"pxor %%xmm0, %%xmm0             ;\n"
		"pxor %%xmm1, %%xmm1             ;\n"

		/* 0 */
		"movl $0, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"pxor %%xmm0, %%xmm0             ;\n"
		"pxor %%xmm1, %%xmm1             ;\n"

		/* 1 */
		"movl $1, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 64(%1), %%xmm3           ;\n"
		"movdqa 80(%1), %%xmm4           ;\n"
		"pand %%xmm7, %%xmm3             ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"por %%xmm3, %%xmm0              ;\n"
		"por %%xmm4, %%xmm1              ;\n"

		/* 2 */
		"movl $2, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 160(%1), %%xmm3          ;\n"
		"movdqa 176(%1), %%xmm4          ;\n"
		"pand %%xmm7, %%xmm3             ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"por %%xmm3, %%xmm0              ;\n"
		"por %%xmm4, %%xmm1              ;\n"

		/* 3 */
		"movl $3, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 256(%1), %%xmm3          ;\n"
		"movdqa 272(%1), %%xmm4          ;\n"
		"pand %%xmm7, %%xmm3             ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"por %%xmm3, %%xmm0              ;\n"
		"por %%xmm4, %%xmm1              ;\n"

		/* 4 */
		"movl $4, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 352(%1), %%xmm3          ;\n"
		"movdqa 368(%1), %%xmm4          ;\n"
		"pand %%xmm7, %%xmm3             ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"por %%xmm3, %%xmm0              ;\n"
		"por %%xmm4, %%xmm1              ;\n"

		/* 5 */
		"movl $5, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 448(%1), %%xmm3          ;\n"
		"movdqa 464(%1), %%xmm4          ;\n"
		"pand %%xmm7, %%xmm3             ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"por %%xmm3, %%xmm0              ;\n"
		"por %%xmm4, %%xmm1              ;\n"

		/* 6 */
		"movl $6, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 544(%1), %%xmm3          ;\n"
		"movdqa 560(%1), %%xmm4          ;\n"
		"pand %%xmm7, %%xmm3             ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"por %%xmm3, %%xmm0              ;\n"
		"por %%xmm4, %%xmm1              ;\n"

		/* 7 */
		"movl $7, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 640(%1), %%xmm3          ;\n"
		"movdqa 656(%1), %%xmm4          ;\n"
		"pand %%xmm7, %%xmm3             ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"por %%xmm3, %%xmm0              ;\n"
		"por %%xmm4, %%xmm1              ;\n"

		/* 8 */
		"movl $8, %%eax                  ;\n"
		"movd %%eax, %%xmm7              ;\n"
		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
		"pcmpeqd %%xmm6, %%xmm7          ;\n"
		"movdqa 736(%1), %%xmm3          ;\n"
		"movdqa 752(%1), %%xmm4          ;\n"
		"pand %%xmm7, %%xmm3             ;\n"
		"pand %%xmm7, %%xmm4             ;\n"
		"por %%xmm3, %%xmm0              ;\n"
		"por %%xmm4, %%xmm1              ;\n"

		/* store t2d */
		"movl %2, %%eax                  ;\n"
		"addl $96, %%eax                 ;\n"
		"movd %%xmm0, %%ecx              ;\n"
		"movl %%ecx, %%edx               ;\n"
		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 0(%%eax)            ;\n"
		"movd %%xmm0, %%ecx              ;\n"
		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
		"shrdl $26, %%ecx, %%edx         ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 4(%%eax)            ;\n"
		"movd %%xmm0, %%edx              ;\n"
		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
		"shrdl $19, %%edx, %%ecx         ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 8(%%eax)            ;\n"
		"movd %%xmm0, %%ecx              ;\n"
		"shrdl $13, %%ecx, %%edx         ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 12(%%eax)           ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
		"shrl $6, %%ecx                  ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 16(%%eax)           ;\n"
		"movl %%edx, %%ecx               ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 20(%%eax)           ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
		"shrdl $25, %%edx, %%ecx         ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 24(%%eax)           ;\n"
		"movd %%xmm1, %%ecx              ;\n"
		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
		"shrdl $19, %%ecx, %%edx         ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"movl %%edx, 28(%%eax)           ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"movd %%xmm1, %%edx              ;\n"
		"shrdl $12, %%edx, %%ecx         ;\n"
		"andl $0x3ffffff, %%ecx          ;\n"
		"movl %%ecx, 32(%%eax)           ;\n"
		"shrl $6, %%edx                  ;\n"
		"andl $0x1ffffff, %%edx          ;\n"
		"xorl %%ecx, %%ecx               ;\n"
		"movl %%edx, 36(%%eax)           ;\n"
		"movl %%ecx, 40(%%eax)           ;\n"
		"movl %%ecx, 44(%%eax)           ;\n"
		"movdqa 0(%%eax), %%xmm0         ;\n"
		"movdqa 16(%%eax), %%xmm1        ;\n"
		"movdqa 32(%%eax), %%xmm2        ;\n"

		/* conditionally negate t2d */

		/* set up 2p in to 3/4 */
		"movl $0x7ffffda, %%ecx          ;\n"
		"movl $0x3fffffe, %%edx          ;\n"
		"movd %%ecx, %%xmm3              ;\n"
		"movd %%edx, %%xmm5              ;\n"
		"movl $0x7fffffe, %%ecx          ;\n"
		"movd %%ecx, %%xmm4              ;\n"
		"punpckldq %%xmm5, %%xmm3        ;\n"
		"punpckldq %%xmm5, %%xmm4        ;\n"
		"punpcklqdq %%xmm4, %%xmm3       ;\n"
		"movdqa %%xmm4, %%xmm5           ;\n"
		"punpcklqdq %%xmm4, %%xmm4       ;\n"

		/* subtract and conditionally move */
		"movl %3, %%ecx                  ;\n"
		"sub $1, %%ecx                   ;\n"
		"movd %%ecx, %%xmm6              ;\n"
		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
		"movdqa %%xmm6, %%xmm7           ;\n"
		"psubd %%xmm0, %%xmm3            ;\n"
		"psubd %%xmm1, %%xmm4            ;\n"
		"psubd %%xmm2, %%xmm5            ;\n"
		"pand %%xmm6, %%xmm0             ;\n"
		"pand %%xmm6, %%xmm1             ;\n"
		"pand %%xmm6, %%xmm2             ;\n"
		"pandn %%xmm3, %%xmm6            ;\n"
		"movdqa %%xmm7, %%xmm3           ;\n"
		"pandn %%xmm4, %%xmm7            ;\n"
		"pandn %%xmm5, %%xmm3            ;\n"
		"por %%xmm6, %%xmm0              ;\n"
		"por %%xmm7, %%xmm1              ;\n"
		"por %%xmm3, %%xmm2              ;\n"

		/* store */
		"movdqa %%xmm0, 0(%%eax)         ;\n"
		"movdqa %%xmm1, 16(%%eax)        ;\n"
		"movdqa %%xmm2, 32(%%eax)        ;\n"
		:
		: "m"(u), "r"(&table[pos * 8]), "m"(t), "m"(sign) /* %0 = u, %1 = table, %2 = t, %3 = sign */
		: "%eax", "%ecx", "%edx", "%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7", "cc", "memory"
	);
}

#endif /* defined(ED25519_GCC_32BIT_SSE_CHOOSE) */