internal/sm2ec: loong64 p256NegCond

internal/sm2ec/p256_asm_loong64.s

@@ -16,6 +16,28 @@
 #define acc3 R11
 #define acc4 R12
 #define acc5 R13
+#define t0 R14
+#define t1 R15
+#define t2 R16
+#define t3 R17
+
+DATA p256p<>+0x00(SB)/8, $0xffffffffffffffff
+DATA p256p<>+0x08(SB)/8, $0xffffffff00000000
+DATA p256p<>+0x10(SB)/8, $0xffffffffffffffff
+DATA p256p<>+0x18(SB)/8, $0xfffffffeffffffff
+DATA p256ordK0<>+0x00(SB)/8, $0x327f9e8872350975
+DATA p256ord<>+0x00(SB)/8, $0x53bbf40939d54123
+DATA p256ord<>+0x08(SB)/8, $0x7203df6b21c6052b
+DATA p256ord<>+0x10(SB)/8, $0xffffffffffffffff
+DATA p256ord<>+0x18(SB)/8, $0xfffffffeffffffff
+DATA p256one<>+0x00(SB)/8, $0x0000000000000001
+DATA p256one<>+0x08(SB)/8, $0x00000000ffffffff
+DATA p256one<>+0x10(SB)/8, $0x0000000000000000
+DATA p256one<>+0x18(SB)/8, $0x0000000100000000
+GLOBL p256p<>(SB), RODATA, $32
+GLOBL p256ordK0<>(SB), RODATA, $8
+GLOBL p256ord<>(SB), RODATA, $32
+GLOBL p256one<>(SB), RODATA, $32
 
 /* ---------------------------------------*/
 // func p256OrdLittleToBig(res *[32]byte, in *p256OrdElement)
@@ -51,3 +73,52 @@ TEXT ·p256BigToLittle(SB),NOSPLIT,$0
 	MOVV acc0, (8*3)(res_ptr)
 
 	RET
+
+/* ---------------------------------------*/
+// func p256NegCond(val *p256Element, cond int)
+TEXT ·p256NegCond(SB),NOSPLIT,$0
+	MOVV val+0(FP), res_ptr
+	MOVV cond+8(FP), t0
+	// acc = poly
+	MOVV $-1, acc0
+	MOVV p256p<>+0x08(SB), acc1
+	MOVV $-1, acc2
+	MOVV p256p<>+0x18(SB), acc3
+	// Load the original value
+	MOVV (8*0)(res_ptr), acc4
+	MOVV (8*1)(res_ptr), x_ptr
+	MOVV (8*2)(res_ptr), y_ptr
+	MOVV (8*3)(res_ptr), acc5
+
+	// Speculatively subtract
+	SUBV acc4, acc0
+	SGTU x_ptr, acc1, t1
+	SUBV x_ptr, acc1
+	SUBV y_ptr, acc2
+	SGTU t1, acc2, t2
+	SUBV t1, acc2
+	SUBV acc5, acc3
+	SUBV t2, acc3
+
+	MASKNEZ t0, acc4, acc4
+	MASKEQZ t0, acc0, acc0
+	OR acc4, acc0
+
+	MASKNEZ t0, x_ptr, x_ptr
+	MASKEQZ t0, acc1, acc1
+	OR x_ptr, acc1
+
+	MASKNEZ t0, y_ptr, y_ptr
+	MASKEQZ t0, acc2, acc2
+	OR y_ptr, acc2
+
+	MASKNEZ t0, acc5, acc5
+	MASKEQZ t0, acc3, acc3
+	OR acc5, acc3
+
+	MOVV acc0, (8*0)(res_ptr)
+	MOVV acc1, (8*1)(res_ptr)
+	MOVV acc2, (8*2)(res_ptr)
+	MOVV acc3, (8*3)(res_ptr)
+
+	RET

internal/sm2ec/sm2p256_asm_loong64.go

@@ -9,3 +9,8 @@ func p256BigToLittle(res *p256Element, in *[32]byte)
 
 //go:noescape
 func p256LittleToBig(res *[32]byte, in *p256Element)
+
+// If cond is not 0, sets val = -val mod p.
+//
+//go:noescape
+func p256NegCond(val *p256Element, cond int)

internal/sm2ec/sm2p256_asm_loong64_test.go

@@ -34,3 +34,36 @@ func TestP256BigToLittle(t *testing.T) {
 		t.Errorf("p256LittleToBig(p256BigToLittle(...)) mismatch\nin:   %x\nback: %x", in, back)
 	}
 }
+
+func TestP256NegCond(t *testing.T) {
+	var tests = []struct {
+		input    p256Element
+		cond     int
+		expected p256Element
+	}{
+		{
+			input:    p256Element{1, 0, 0, 0},
+			cond:     1,
+			expected: p256Element{0xfffffffffffffffe, 0xffffffff00000000, 0xffffffffffffffff, 0xfffffffeffffffff},
+		},
+		{
+			input:    p256Element{1, 0, 0, 0},
+			cond:     0,
+			expected: p256Element{1, 0, 0, 0},
+		},
+		{
+			input:    p256Element{0x1, 0xffffffff00000001, 0xfffffffffffffffe, 0xfffffffeffffffff},
+			cond:     1,
+			expected: p256Element{0xfffffffffffffffe, 0xffffffffffffffff, 0, 0},
+		},
+	}
+
+	for i, test := range tests {
+		var result p256Element
+		copy(result[:], test.input[:])
+		p256NegCond(&result, test.cond)
+		if result != test.expected {
+			t.Errorf("test %d: got %x, want %x", i, result, test.expected)
+		}
+	}
+}