search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / nettle / arm / ecc-384-modp.asm
blobfb5a6e12afec6edc526b4716278d693199e34621
1 C nettle, low-level cryptographics library
2 C
3 C Copyright (C) 2013, Niels Möller
4 C
5 C The nettle library is free software; you can redistribute it and/or modify
6 C it under the terms of the GNU Lesser General Public License as published by
7 C the Free Software Foundation; either version 2.1 of the License, or (at your
8 C option) any later version.
9 C
10 C The nettle library is distributed in the hope that it will be useful, but
11 C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
13 C License for more details.
14 C
15 C You should have received a copy of the GNU Lesser General Public License
16 C along with the nettle library; see the file COPYING.LIB. If not, write to
17 C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 C MA 02111-1301, USA.
19
20 .file "ecc-384-modp.asm"
21 .arm
22
23 define(<RP>, <r1>)
24 define(<T0>, <r0>)
25 define(<T1>, <r2>)
26 define(<T2>, <r3>)
27 define(<T3>, <r4>)
28 define(<F0>, <r5>)
29 define(<F1>, <r6>)
30 define(<F2>, <r7>)
31 define(<F3>, <r8>)
32 define(<F4>, <r10>)
33 define(<N>, <r12>)
34 define(<H>, <lr>)
35
36 C ecc_384_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
37 .text
38 .align 2
39
40 PROLOGUE(nettle_ecc_384_modp)
41 push {r4,r5,r6,r7,r8,r10,lr}
42
43 add RP, RP, #80
44 ldm RP, {T0, T1, T2, T3} C 20-23
45
46 C First get top 4 limbs, which need folding twice, as
47 C
48 C T3 T2 T1 T0
49 C T3 T2 T1
50 C -T3
51 C ----------------
52 C F4 F3 F2 F1 F0
53 C
54 C Start with
55 C
56 C T3 T1 T0
57 C T1
58 C -T3
59 C -----------
60 C F2 F1 F0 Always fits
61
62 adds F0, T0, T1
63 adcs F1, T1, #0
64 adcs F2, T3, #0
65 subs F0, F0, T3
66 sbcs F1, F1, #0
67 sbcs F2, F2, #0
68
69 C T3 T2 T2 0
70 C F2 F1 F0
71 C ----------------
72 C F4 F3 F2 F1 F0
73
74 mov F4, #0
75 adds F1, F1, T2
76 adcs F2, F2, T2
77 adcs F3, T3, #0
78 adcs F4, F4, #0
79
80 C Add in to high part
81 sub RP, RP, #32
82 ldm RP, {T0, T1, T2, T3} C 12-15
83 mov H, #0
84 adds F0, T0, F0
85 adcs F1, T1, F1
86 adcs F2, T2, F2
87 adcs F3, T3, F3
88 adcs F4, F4, #0 C Do F4 later
89
90 C Add to low part, keeping carry (positive or negative) in H
91 sub RP, RP, #48
92 ldm RP, {T0, T1, T2, T3} C 0-3
93 mov H, #0
94 adds T0, T0, F0
95 adcs T1, T1, F1
96 adcs T2, T2, F2
97 adcs T3, T3, F3
98 adc H, H, #0
99 subs T1, T1, F0
100 sbcs T2, T2, F1
101 sbcs T3, T3, F2
102 sbc H, H, #0
103 adds T3, T3, F0
104 adc H, H, #0
105
106 stm RP!, {T0,T1,T2,T3} C 0-3
107 mov N, #2
108 .Loop:
109 ldm RP, {T0,T1,T2,T3} C 4-7
110
111 C First, propagate carry
112 adds T0, T0, H
113 asr H, #31 C Sign extend
114 adcs T1, T1, H
115 adcs T2, T2, H
116 adcs T3, T3, H
117 adc H, H, #0
118
119 C +B^4 term
120 adds T0, T0, F0
121 adcs T1, T1, F1
122 adcs T2, T2, F2
123 adcs T3, T3, F3
124 adc H, H, #0
125
126 C +B^3 terms
127 ldr F0, [RP, #+48] C 16
128 adds T0, T0, F1
129 adcs T1, T1, F2
130 adcs T2, T2, F3
131 adcs T3, T3, F0
132 adc H, H, #0
133
134 C -B
135 ldr F1, [RP, #+52] C 17-18
136 ldr F2, [RP, #+56]
137 subs T0, T0, F3
138 sbcs T1, T1, F0
139 sbcs T2, T2, F1
140 sbcs T3, T3, F2
141 sbcs H, H, #0
142
143 C +1
144 ldr F3, [RP, #+60] C 19
145 adds T0, T0, F0
146 adcs T1, T1, F1
147 adcs T2, T2, F2
148 adcs T3, T3, F3
149 adc H, H, #0
150 subs N, N, #1
151 stm RP!, {T0,T1,T2,T3}
152 bne .Loop
153
154 C Fold high limbs, we need to add in
155 C
156 C F4 F4 0 -F4 F4 H H 0 -H H
157 C
158 C We always have F4 >= 0, but we can have H < 0.
159 C Sign extension gets tricky when F4 = 0 and H < 0.
160 sub RP, RP, #48
161
162 ldm RP, {T0,T1,T2,T3} C 0-3
163
164 C H H 0 -H H
165 C ----------------
166 C S H F3 F2 F1 F0
167 C
168 C Define S = H >> 31 (asr), we then have
169 C
170 C F0 = H
171 C F1 = S - H
172 C F2 = - [H > 0]
173 C F3 = H - [H > 0]
174 C H = H + S
175 C
176 C And we get underflow in S - H iff H > 0
177
178 C H = 0 H > 0 H = -1
179 mov F0, H C 0 H -1
180 asr H, #31
181 subs F1, H, F0 C 0,C=1 -H,C=0 0,C=1
182 sbc F2, F2, F2 C 0 -1 0
183 sbc F3, F0, #0 C 0 H-1 -1
184
185 adds T0, T0, F0
186 adcs T1, T1, F1
187 adcs T2, T2, F2
188 adcs T3, T3, F3
189 adc H, H, F0 C 0+cy H+cy -2+cy
190
191 stm RP!, {T0,T1,T2,T3} C 0-3
192 ldm RP, {T0,T1,T2,T3} C 4-7
193
194 C F4 0 -F4
195 C ---------
196 C F3 F2 F1
197
198 rsbs F1, F4, #0
199 sbc F2, F2, F2
200 sbc F3, F4, #0
201
202 C Sign extend H
203 adds F0, F4, H
204 asr H, H, #31
205 adcs F1, F1, H
206 adcs F2, F2, H
207 adcs F3, F3, H
208 adcs F4, F4, H
209 adc H, H, #0
210
211 adds T0, T0, F0
212 adcs T1, T1, F1
213 adcs T2, T2, F2
214 adcs T3, T3, F3
215
216 stm RP!, {T0,T1,T2,T3} C 4-7
217 ldm RP, {T0,T1,T2,T3} C 8-11
218
219 adcs T0, T0, F4
220 adcs T1, T1, H
221 adcs T2, T2, H
222 adcs T3, T3, H
223 adc H, H, #0
224
225 stm RP, {T0,T1,T2,T3} C 8-11
226
227 C Final (unlikely) carry
228 sub RP, RP, #32
229 ldm RP, {T0,T1,T2,T3} C 0-3
230 C Fold H into F0-F4
231 mov F0, H
232 asr H, #31
233 subs F1, H, F0
234 sbc F2, F2, F2
235 sbc F3, F0, #0
236 add F4, F0, H
237
238 adds T0, T0, F0
239 adcs T1, T1, F1
240 adcs T2, T2, F2
241 adcs T3, T3, F3
242
243 stm RP!, {T0,T1,T2,T3} C 0-3
244 ldm RP, {T0,T1,T2,T3} C 4-7
245 adcs T0, T0, F4
246 adcs T1, T1, H
247 adcs T2, T2, H
248 adcs T3, T3, H
249 stm RP!, {T0,T1,T2,T3} C 4-7
250 ldm RP, {T0,T1,T2,T3} C 8-11
251 adcs T0, T0, H
252 adcs T1, T1, H
253 adcs T2, T2, H
254 adcs T3, T3, H
255 stm RP!, {T0,T1,T2,T3} C 8-11
256 pop {r4,r5,r6,r7,r8,r10,pc}
257 EPILOGUE(nettle_ecc_384_modp)