search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / nettle / arm / ecc-256-redc.asm
blobcbf10a8900d4b95d7b41a1d01400b37b6dd6c4b6
1 C nettle, low-level cryptographics library
2 C
3 C Copyright (C) 2013, Niels Möller
4 C
5 C The nettle library is free software; you can redistribute it and/or modify
6 C it under the terms of the GNU Lesser General Public License as published by
7 C the Free Software Foundation; either version 2.1 of the License, or (at your
8 C option) any later version.
9 C
10 C The nettle library is distributed in the hope that it will be useful, but
11 C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
13 C License for more details.
14 C
15 C You should have received a copy of the GNU Lesser General Public License
16 C along with the nettle library; see the file COPYING.LIB. If not, write to
17 C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 C MA 02111-1301, USA.
19
20 .file "ecc-256-redc.asm"
21 .arm
22
23 define(<RP>, <r1>)
24
25 define(<T0>, <r0>) C Overlaps unused ecc argument
26 define(<T1>, <r2>)
27 define(<T2>, <r3>)
28 define(<T3>, <r4>)
29 define(<T4>, <r5>)
30 define(<T5>, <r6>)
31 define(<T6>, <r7>)
32 define(<T7>, <r8>)
33 define(<F0>, <r10>)
34 define(<F1>, <r11>)
35 define(<F2>, <r12>)
36 define(<F3>, <lr>)
37
38 C ecc_256_redc (const struct ecc_curve *ecc, mp_limb_t *rp)
39 .text
40 .align 2
41
42 PROLOGUE(nettle_ecc_256_redc)
43 push {r4,r5,r6,r7,r8,r10,r11,lr}
44
45 ldm RP!, {T0,T1,T2,T3,T4,T5,T6,T7}
46
47 C Set <F3,F2,F1> to the high 4 limbs of (B^2-B+1)<T2,T1,T0>
48 C T2 T1
49 C T2 T1 T0
50 C - T2 T1 T0
51 C -------------
52 C F3 F2 F1 F0
53
54
55 adds F1, T0, T2
56 adcs F2, T1, #0
57 adc F3, T2, #0
58
59 subs F0, T1, T0
60 sbcs F1, F1, T1 C Could also be rsc ?
61 sbcs F2, F2, T2
62 sbc F3, F3, #0
63
64 C Add:
65 C T10 T9 T8 T7 T6 T5 T4 T3
66 C + F3 F2 F1 F0 T0 T2 T1 T0
67 C --------------------------
68 C T7 T6 T5 T4 T3 T2 T1 T0
69
70 adds T3, T3, T0
71 adcs T1, T4, T1
72 adcs T2, T5, T2
73 adcs T6, T6, T0
74 mov T0, T3 C FIXME: Be more clever?
75 mov T3, T6
76 adcs T4, T7, F0
77
78 ldm RP!, {T5,T6,T7}
79 adcs T5, T5, F1
80 adcs T6, T6, F2
81 adcs T7, T7, F3
82
83 C New F3, F2, F1, F0, also adding in carry
84 adcs F1, T0, T2
85 adcs F2, T1, #0
86 adc F3, T2, #0
87
88 subs F0, T1, T0
89 sbcs F1, F1, T1 C Could also be rsc ?
90 sbcs F2, F2, T2
91 sbc F3, F3, #0
92
93 C Start adding
94 adds T3, T3, T0
95 adcs T1, T4, T1
96 adcs T2, T5, T2
97 adcs T6, T6, T0
98 mov T0, T3 C FIXME: Be more clever?
99 mov T3, T6
100 adcs T4, T7, F0
101
102 ldm RP!, {T5,T6,T7}
103 adcs T5, T5, F1
104 adcs T6, T6, F2
105 adcs T7, T7, F3
106
107 C Final iteration, eliminate only T0, T1
108 C Set <F2, F1, F0> to the high 3 limbs of (B^2-B+1)<T1,T0>
109
110 C T1 T0 T1
111 C - T1 T0
112 C -------------
113 C F2 F1 F0
114
115 C First add in carry
116 adcs F1, T0, #0
117 adcs F2, T1, #0
118 subs F0, T1, T0
119 sbcs F1, F1, T1
120 sbc F2, F2, #0
121
122 C Add:
123 C T9 T8 T7 T6 T5 T4 T3 T2
124 C + F2 F1 F0 T0 0 T1 T0 0
125 C --------------------------
126 C F2 F1 T7 T6 T5 T4 T3 T2
127
128 adds T3, T3, T0
129 adcs T4, T4, T1
130 adcs T5, T5, #0
131 adcs T6, T6, T0
132 adcs T7, T7, F0
133 ldm RP!, {T0, T1}
134 mov F3, #0
135 adcs F1, F1, T0
136 adcs F2, F2, T1
137
138 C Sum is < B^8 + p, so it's enough to fold carry once,
139 C If carry, add in
140 C B^7 - B^6 - B^3 + 1 = <0, B-2, B-1, B-1, B-1, 0, 0, 1>
141
142 C Mask from carry flag, leaving carry intact
143 adc F3, F3, #0
144 rsb F3, F3, #0
145
146 adcs T0, T2, #0
147 adcs T1, T3, #0
148 adcs T2, T4, #0
149 adcs T3, T5, F3
150 adcs T4, T6, F3
151 adcs T5, T7, F3
152 and F3, F3, #-2
153 adcs T6, F1, F3
154 adcs T7, F2, #0
155
156 sub RP, RP, #64
157 stm RP, {T0,T1,T2,T3,T4,T5,T6,T7}
158
159 pop {r4,r5,r6,r7,r8,r10,r11,pc}
160 EPILOGUE(nettle_ecc_256_redc)