Acasă Explorează Ajutor
Autentificare
OWEALs
/
openssl
oglindă de git://git.openssl.org/openssl.git
2
0
Bifurcare 0
Fisiere Probleme 1 Wiki
Arbore: 506cb0f632
Ramuri Etichete
openssl
/
crypto
/
sha
/
asm
/
keccak1600-c64x.pl

keccak1600-c64x.pl 22 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884 
  1. #!/usr/bin/env perl
    2. 

  2. # Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3. #
    4. 

  4. # Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5. # this file except in compliance with the License.  You can obtain a copy
    6. 

  6. # in the file LICENSE in the source distribution or at
    7. 

  7. # https://www.openssl.org/source/license.html
    8. 

  8. #
    9. 

  9. # ====================================================================
    10. 

  10. # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
    11. 

  11. # project. The module is, however, dual licensed under OpenSSL and
    12. 

  12. # CRYPTOGAMS licenses depending on where you obtain it. For further
    13. 

  13. # details see http://www.openssl.org/~appro/cryptogams/.
    14. 

  14. # ====================================================================
    15. 

  15. #
    16. 

  16. # [ABI- and endian-neutral] Keccak-1600 for C64x.
    17. 

  17. #
    18. 

  18. # June 2017.
    19. 

  19. #
    20. 

  20. # This is straightforward KECCAK_1X_ALT variant (see sha/keccak1600.c)
    21. 

  21. # with bit interleaving. 64-bit values are simply split between A- and
    22. 

  22. # B-files, with A-file holding least significant halves. This works
    23. 

  23. # out perfectly, because all operations including cross-communications
    24. 

  24. # [in rotate operations] are always complementary. Performance is
    25. 

  25. # [incredible for a 32-bit processor] 10.9 cycles per processed byte
    26. 

  26. # for r=1088, which corresponds to SHA3-256. This is >15x faster than
    27. 

  27. # compiler-generated KECCAK_1X_ALT code, and >10x than other variants.
    28. 

  28. # On average processor ends up issuing ~4.5 instructions per cycle...
    29. 

  29. 

  30. my @A = map([ $_, ($_+1), ($_+2), ($_+3), ($_+4) ], (5,10,16,21,26));
    31. 

  31.    $A[1][4] = 31;	# B14 is reserved, A14 is used as iota[]
    32. 

  32.    ($A[3][0],$A[4][1]) = ($A[4][1],$A[3][0]);
    33. 

  33. my @C = (0..4,$A[3][0],$A[4][0]);
    34. 

  34. my $iotas = "A14";
    35. 

  35. 

  36. my @rhotates = ([  0,  1, 62, 28, 27 ],
    37. 

  37.                 [ 36, 44,  6, 55, 20 ],
    38. 

  38.                 [  3, 10, 43, 25, 39 ],
    39. 

  39.                 [ 41, 45, 15, 21,  8 ],
    40. 

  40.                 [ 18,  2, 61, 56, 14 ]);
    41. 

  41. 

  42. sub ROL64 {
    43. 

  43.     my ($src,$rot,$dst,$p) = @_;
    44. 

  44. 

  45.     if ($rot&1) {
    46. 

  46. $code.=<<___;
    47. 

  47. $p	ROTL	B$src,$rot/2+1,A$dst
    48. 

  48. ||	ROTL	A$src,$rot/2,  B$dst
    49. 

  49. ___
    50. 

  50.     } else {
    51. 

  51. $code.=<<___;
    52. 

  52. $p	ROTL	A$src,$rot/2,A$dst
    53. 

  53. ||	ROTL	B$src,$rot/2,B$dst
    54. 

  54. ___
    55. 

  55.     }
    56. 

  56. }
    57. 

  57. 

  58. ########################################################################
    59. 

  59. # Stack frame layout
    60. 

  60. #
    61. 

  61. # SP--->+------+------+
    62. 

  62. #       |      |      |
    63. 

  63. # +1--->+------+------+<- -9	below 4 slots are used by KeccakF1600_int
    64. 

  64. #       |      |      |
    65. 

  65. # +2--->+------+------+<- -8
    66. 

  66. #       |      |      |
    67. 

  67. # +3--->+------+------+<- -7
    68. 

  68. #       | A2   | A3   |		A3:A2 are preserved by KeccakF1600_int
    69. 

  69. # +4--->+------+------+<- -6
    70. 

  70. #       | B2   | B3   |		B3:B2 are preserved by KeccakF1600_int
    71. 

  71. # +5--->+------+------+<- -5	below is ABI-compliant layout
    72. 

  72. #       | A10  | A11  |
    73. 

  73. # +6--->+------+------+<- -4
    74. 

  74. #       | A12  | A13  |
    75. 

  75. # +7--->+------+------+<- -3
    76. 

  76. #       | A14  | B3   |
    77. 

  77. # +8--->+------+------+<- -2
    78. 

  78. #       | B10  | B11  |
    79. 

  79. # +9--->+------+------+<- -1
    80. 

  80. #       | B12  | B13  |
    81. 

  81. #       +------+------+<---FP
    82. 

  82. #       | A15  |
    83. 

  83. #       +------+--
    84. 

  84. 

  85. $code.=<<___;
    86. 

  86. 	.text
    87. 

  87. 

  88. 	.if	.ASSEMBLER_VERSION<7000000
    89. 

  89. 	.asg	0,__TI_EABI__
    90. 

  90. 	.endif
    91. 

  91. 	.if	__TI_EABI__
    92. 

  92. 	.nocmp
    93. 

  93. 	.asg	KeccakF1600,_KeccakF1600
    94. 

  94. 	.asg	SHA3_absorb,_SHA3_absorb
    95. 

  95. 	.asg	SHA3_squeeze,_SHA3_squeeze
    96. 

  96. 	.endif
    97. 

  97. 

  98. 	.asg	B3,RA
    99. 

  99. 	.asg	A15,FP
    100. 

  100. 	.asg	B15,SP
    101. 

  101. 

  102. 	.align	32
    103. 

  103. _KeccakF1600_int:
    104. 

  104. 	.asmfunc
    105. 

  105. 	STDW	A3:A2,*FP[-7]
    106. 

  106. ||	STDW	B3:B2,*SP[4]
    107. 

  107. _KeccakF1600_cheat:
    108. 

  108. 	.if	__TI_EABI__
    109. 

  109. 	ADDKPC	_KeccakF1600_int,B0
    110. 

  110. ||	MVKL	\$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas
    111. 

  111. 	MVKH	\$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas
    112. 

  112. 	.else
    113. 

  113. 	ADDKPC	_KeccakF1600_int,B0
    114. 

  114. ||	MVKL	(iotas-_KeccakF1600_int),$iotas
    115. 

  115. 	MVKH	(iotas-_KeccakF1600_int),$iotas
    116. 

  116. 	.endif
    117. 

  117. 	ADD	B0,$iotas,$iotas
    118. 

  118. loop?:
    119. 

  119. 	XOR	A$A[0][2],A$A[1][2],A$C[2]	; Theta
    120. 

  120. ||	XOR	B$A[0][2],B$A[1][2],B$C[2]
    121. 

  121. ||	XOR	A$A[0][3],A$A[1][3],A$C[3]
    122. 

  122. ||	XOR	B$A[0][3],B$A[1][3],B$C[3]
    123. 

  123. ||	XOR	A$A[0][0],A$A[1][0],A$C[0]
    124. 

  124. ||	XOR	B$A[0][0],B$A[1][0],B$C[0]
    125. 

  125. 	XOR	A$A[2][2],A$C[2],A$C[2]
    126. 

  126. ||	XOR	B$A[2][2],B$C[2],B$C[2]
    127. 

  127. ||	XOR	A$A[2][3],A$C[3],A$C[3]
    128. 

  128. ||	XOR	B$A[2][3],B$C[3],B$C[3]
    129. 

  129. ||	XOR	A$A[2][0],A$C[0],A$C[0]
    130. 

  130. ||	XOR	B$A[2][0],B$C[0],B$C[0]
    131. 

  131. 	XOR	A$A[3][2],A$C[2],A$C[2]
    132. 

  132. ||	XOR	B$A[3][2],B$C[2],B$C[2]
    133. 

  133. ||	XOR	A$A[3][3],A$C[3],A$C[3]
    134. 

  134. ||	XOR	B$A[3][3],B$C[3],B$C[3]
    135. 

  135. ||	XOR	A$A[3][0],A$C[0],A$C[0]
    136. 

  136. ||	XOR	B$A[3][0],B$C[0],B$C[0]
    137. 

  137. 	XOR	A$A[4][2],A$C[2],A$C[2]
    138. 

  138. ||	XOR	B$A[4][2],B$C[2],B$C[2]
    139. 

  139. ||	XOR	A$A[4][3],A$C[3],A$C[3]
    140. 

  140. ||	XOR	B$A[4][3],B$C[3],B$C[3]
    141. 

  141. ||	XOR	A$A[4][0],A$C[0],A$C[0]
    142. 

  142. ||	XOR	B$A[4][0],B$C[0],B$C[0]
    143. 

  143. 	XOR	A$A[0][4],A$A[1][4],A$C[4]
    144. 

  144. ||	XOR	B$A[0][4],B$A[1][4],B$C[4]
    145. 

  145. ||	XOR	A$A[0][1],A$A[1][1],A$C[1]
    146. 

  146. ||	XOR	B$A[0][1],B$A[1][1],B$C[1]
    147. 

  147. ||	STDW	A$A[3][0]:A$A[4][0],*SP[1]	; offload some data
    148. 

  148. 	STDW	B$A[3][0]:B$A[4][0],*SP[2]
    149. 

  149. ||	XOR	A$A[2][4],A$C[4],A$C[4]
    150. 

  150. ||	XOR	B$A[2][4],B$C[4],B$C[4]
    151. 

  151. ||	XOR	A$A[2][1],A$C[1],A$C[1]
    152. 

  152. ||	XOR	B$A[2][1],B$C[1],B$C[1]
    153. 

  153. ||	ROTL	B$C[2],1,A$C[5]			; ROL64(C[2],1)
    154. 

  154. ||	ROTL	A$C[2],0,B$C[5]
    155. 

  155. 	XOR	A$A[3][4],A$C[4],A$C[4]
    156. 

  156. ||	XOR	B$A[3][4],B$C[4],B$C[4]
    157. 

  157. ||	XOR	A$A[3][1],A$C[1],A$C[1]
    158. 

  158. ||	XOR	B$A[3][1],B$C[1],B$C[1]
    159. 

  159. ||	ROTL	B$C[3],1,A$C[6]			; ROL64(C[3],1)
    160. 

  160. ||	ROTL	A$C[3],0,B$C[6]
    161. 

  161. 	XOR	A$A[4][4],A$C[4],A$C[4]
    162. 

  162. ||	XOR	B$A[4][4],B$C[4],B$C[4]
    163. 

  163. ||	XOR	A$A[4][1],A$C[1],A$C[1]
    164. 

  164. ||	XOR	B$A[4][1],B$C[1],B$C[1]
    165. 

  165. ||	XOR	A$C[0],A$C[5],A$C[5]		; C[0] ^ ROL64(C[2],1)
    166. 

  166. ||	XOR	B$C[0],B$C[5],B$C[5]
    167. 

  167. 	XOR	A$C[5],A$A[0][1],A$A[0][1]
    168. 

  168. ||	XOR	B$C[5],B$A[0][1],B$A[0][1]
    169. 

  169. ||	XOR	A$C[5],A$A[1][1],A$A[1][1]
    170. 

  170. ||	XOR	B$C[5],B$A[1][1],B$A[1][1]
    171. 

  171. ||	XOR	A$C[5],A$A[2][1],A$A[2][1]
    172. 

  172. ||	XOR	B$C[5],B$A[2][1],B$A[2][1]
    173. 

  173. 	XOR	A$C[5],A$A[3][1],A$A[3][1]
    174. 

  174. ||	XOR	B$C[5],B$A[3][1],B$A[3][1]
    175. 

  175. ||	XOR	A$C[5],A$A[4][1],A$A[4][1]
    176. 

  176. ||	XOR	B$C[5],B$A[4][1],B$A[4][1]
    177. 

  177. ||	ROTL	B$C[4],1,A$C[5]			; ROL64(C[4],1)
    178. 

  178. ||	ROTL	A$C[4],0,B$C[5]
    179. 

  179. ||	XOR	A$C[1],A$C[6],A$C[6]		; C[1] ^ ROL64(C[3],1)
    180. 

  180. ||	XOR	B$C[1],B$C[6],B$C[6]
    181. 

  181. 	XOR	A$C[6],A$A[0][2],A$A[0][2]
    182. 

  182. ||	XOR	B$C[6],B$A[0][2],B$A[0][2]
    183. 

  183. ||	XOR	A$C[6],A$A[1][2],A$A[1][2]
    184. 

  184. ||	XOR	B$C[6],B$A[1][2],B$A[1][2]
    185. 

  185. ||	XOR	A$C[6],A$A[2][2],A$A[2][2]
    186. 

  186. ||	XOR	B$C[6],B$A[2][2],B$A[2][2]
    187. 

  187. ||	ROTL	B$C[1],1,A$C[1]			; ROL64(C[1],1)
    188. 

  188. ||	ROTL	A$C[1],0,B$C[1]
    189. 

  189. 	XOR	A$C[6],A$A[3][2],A$A[3][2]
    190. 

  190. ||	XOR	B$C[6],B$A[3][2],B$A[3][2]
    191. 

  191. ||	XOR	A$C[6],A$A[4][2],A$A[4][2]
    192. 

  192. ||	XOR	B$C[6],B$A[4][2],B$A[4][2]
    193. 

  193. ||	ROTL	B$C[0],1,A$C[6]			; ROL64(C[0],1)
    194. 

  194. ||	ROTL	A$C[0],0,B$C[6]
    195. 

  195. ||	XOR	A$C[5],A$C[2],A$C[2]		; C[2] ^= ROL64(C[4],1)
    196. 

  196. ||	XOR	B$C[5],B$C[2],B$C[2]
    197. 

  197. 	XOR	A$C[2],A$A[0][3],A$A[0][3]
    198. 

  198. ||	XOR	B$C[2],B$A[0][3],B$A[0][3]
    199. 

  199. ||	XOR	A$C[2],A$A[1][3],A$A[1][3]
    200. 

  200. ||	XOR	B$C[2],B$A[1][3],B$A[1][3]
    201. 

  201. ||	XOR	A$C[2],A$A[2][3],A$A[2][3]
    202. 

  202. ||	XOR	B$C[2],B$A[2][3],B$A[2][3]
    203. 

  203. 	XOR	A$C[6],A$C[3],A$C[3]		; C[3] ^= ROL64(C[0],1)
    204. 

  204. ||	XOR	B$C[6],B$C[3],B$C[3]
    205. 

  205. ||	LDDW	*FP[-9],A$A[3][0]:A$A[4][0]	; restore offloaded data
    206. 

  206. ||	LDDW	*SP[2],B$A[3][0]:B$A[4][0]
    207. 

  207. ||	XOR	A$C[2],A$A[3][3],A$A[3][3]
    208. 

  208. ||	XOR	B$C[2],B$A[3][3],B$A[3][3]
    209. 

  209. 	XOR	A$C[2],A$A[4][3],A$A[4][3]
    210. 

  210. ||	XOR	B$C[2],B$A[4][3],B$A[4][3]
    211. 

  211. ||	XOR	A$C[3],A$A[0][4],A$A[0][4]
    212. 

  212. ||	XOR	B$C[3],B$A[0][4],B$A[0][4]
    213. 

  213. ||	XOR	A$C[3],A$A[1][4],A$A[1][4]
    214. 

  214. ||	XOR	B$C[3],B$A[1][4],B$A[1][4]
    215. 

  215. 	XOR	A$C[3],A$A[2][4],A$A[2][4]
    216. 

  216. ||	XOR	B$C[3],B$A[2][4],B$A[2][4]
    217. 

  217. ||	XOR	A$C[3],A$A[3][4],A$A[3][4]
    218. 

  218. ||	XOR	B$C[3],B$A[3][4],B$A[3][4]
    219. 

  219. ||	XOR	A$C[3],A$A[4][4],A$A[4][4]
    220. 

  220. ||	XOR	B$C[3],B$A[4][4],B$A[4][4]
    221. 

  221. 	XOR	A$C[1],A$C[4],A$C[4]		; C[4] ^= ROL64(C[1],1)
    222. 

  222. ||	XOR	B$C[1],B$C[4],B$C[4]
    223. 

  223. ||	MV	A$A[0][1],A$C[1]		; Rho+Pi, "early start"
    224. 

  224. ||	MV	B$A[0][1],B$C[1]
    225. 

  225. ___
    226. 

  226. 	&ROL64	($A[1][1],$rhotates[1][1],$A[0][1],"||");
    227. 

  227. $code.=<<___;
    228. 

  228. 	XOR	A$C[4],A$A[0][0],A$A[0][0]
    229. 

  229. ||	XOR	B$C[4],B$A[0][0],B$A[0][0]
    230. 

  230. ||	XOR	A$C[4],A$A[1][0],A$A[1][0]
    231. 

  231. ||	XOR	B$C[4],B$A[1][0],B$A[1][0]
    232. 

  232. ||	MV	A$A[0][3],A$C[3]
    233. 

  233. ||	MV	B$A[0][3],B$C[3]
    234. 

  234. ___
    235. 

  235. 	&ROL64	($A[3][3],$rhotates[3][3],$A[0][3],"||");
    236. 

  236. $code.=<<___;
    237. 

  237. 	XOR	A$C[4],A$A[2][0],A$A[2][0]
    238. 

  238. ||	XOR	B$C[4],B$A[2][0],B$A[2][0]
    239. 

  239. ||	XOR	A$C[4],A$A[3][0],A$A[3][0]
    240. 

  240. ||	XOR	B$C[4],B$A[3][0],B$A[3][0]
    241. 

  241. ||	MV	A$A[0][2],A$C[2]
    242. 

  242. ||	MV	B$A[0][2],B$C[2]
    243. 

  243. ___
    244. 

  244. 	&ROL64	($A[2][2],$rhotates[2][2],$A[0][2],"||");
    245. 

  245. $code.=<<___;
    246. 

  246. 	XOR	A$C[4],A$A[4][0],A$A[4][0]
    247. 

  247. ||	XOR	B$C[4],B$A[4][0],B$A[4][0]
    248. 

  248. ||	MV	A$A[0][4],A$C[4]
    249. 

  249. ||	MV	B$A[0][4],B$C[4]
    250. 

  250. ___
    251. 

  251. 	&ROL64	($A[4][4],$rhotates[4][4],$A[0][4],"||");
    252. 

  252. 

  253. 	&ROL64	($A[1][4],$rhotates[1][4],$A[1][1]);
    254. 

  254. $code.=<<___;
    255. 

  255. ||	LDW	*${iotas}++[2],A$C[0]
    256. 

  256. ___
    257. 

  257. 	&ROL64	($A[2][3],$rhotates[2][3],$A[2][2]);
    258. 

  258. $code.=<<___;
    259. 

  259. ||	LDW	*${iotas}[-1],B$C[0]
    260. 

  260. ___
    261. 

  261. 	&ROL64	($A[3][2],$rhotates[3][2],$A[3][3]);
    262. 

  262. 	&ROL64	($A[4][1],$rhotates[4][1],$A[4][4]);
    263. 

  263. 

  264. 	&ROL64	($A[4][2],$rhotates[4][2],$A[1][4]);
    265. 

  265. 	&ROL64	($A[3][4],$rhotates[3][4],$A[2][3]);
    266. 

  266. 	&ROL64	($A[2][1],$rhotates[2][1],$A[3][2]);
    267. 

  267. 	&ROL64	($A[1][3],$rhotates[1][3],$A[4][1]);
    268. 

  268. 

  269. 	&ROL64	($A[2][4],$rhotates[2][4],$A[4][2]);
    270. 

  270. 	&ROL64	($A[4][3],$rhotates[4][3],$A[3][4]);
    271. 

  271. 	&ROL64	($A[1][2],$rhotates[1][2],$A[2][1]);
    272. 

  272. 	&ROL64	($A[3][1],$rhotates[3][1],$A[1][3]);
    273. 

  273. 

  274. 	&ROL64	($A[4][0],$rhotates[4][0],$A[2][4]);
    275. 

  275. 	&ROL64	($A[3][0],$rhotates[3][0],$A[4][3]);
    276. 

  276. 	&ROL64	($A[2][0],$rhotates[2][0],$A[1][2]);
    277. 

  277. 	&ROL64	($A[1][0],$rhotates[1][0],$A[3][1]);
    278. 

  278. 

  279. 	#&ROL64	($C[3],   $rhotates[0][3],$A[1][0]);	# moved below
    280. 

  280. 	&ROL64	($C[1],   $rhotates[0][1],$A[2][0]);
    281. 

  281. 	&ROL64	($C[4],   $rhotates[0][4],$A[3][0]);
    282. 

  282. 	&ROL64	($C[2],   $rhotates[0][2],$A[4][0]);
    283. 

  283. $code.=<<___;
    284. 

  284. ||	ANDN	A$A[0][2],A$A[0][1],A$C[4]	; Chi+Iota
    285. 

  285. ||	ANDN	B$A[0][2],B$A[0][1],B$C[4]
    286. 

  286. ||	ANDN	A$A[0][3],A$A[0][2],A$C[1]
    287. 

  287. ||	ANDN	B$A[0][3],B$A[0][2],B$C[1]
    288. 

  288. ||	ANDN	A$A[0][4],A$A[0][3],A$C[2]
    289. 

  289. ||	ANDN	B$A[0][4],B$A[0][3],B$C[2]
    290. 

  290. ___
    291. 

  291. 	&ROL64	($C[3],   $rhotates[0][3],$A[1][0]);
    292. 

  292. $code.=<<___;
    293. 

  293. ||	ANDN	A$A[0][0],A$A[0][4],A$C[3]
    294. 

  294. ||	ANDN	B$A[0][0],B$A[0][4],B$C[3]
    295. 

  295. ||	XOR	A$C[4],A$A[0][0],A$A[0][0]
    296. 

  296. ||	XOR	B$C[4],B$A[0][0],B$A[0][0]
    297. 

  297. ||	ANDN	A$A[0][1],A$A[0][0],A$C[4]
    298. 

  298. ||	ANDN	B$A[0][1],B$A[0][0],B$C[4]
    299. 

  299. 	XOR	A$C[1],A$A[0][1],A$A[0][1]
    300. 

  300. ||	XOR	B$C[1],B$A[0][1],B$A[0][1]
    301. 

  301. ||	XOR	A$C[2],A$A[0][2],A$A[0][2]
    302. 

  302. ||	XOR	B$C[2],B$A[0][2],B$A[0][2]
    303. 

  303. ||	XOR	A$C[3],A$A[0][3],A$A[0][3]
    304. 

  304. ||	XOR	B$C[3],B$A[0][3],B$A[0][3]
    305. 

  305. 	XOR	A$C[4],A$A[0][4],A$A[0][4]
    306. 

  306. ||	XOR	B$C[4],B$A[0][4],B$A[0][4]
    307. 

  307. ||	XOR	A$C[0],A$A[0][0],A$A[0][0]	; A[0][0] ^= iotas[i++];
    308. 

  308. ||	XOR	B$C[0],B$A[0][0],B$A[0][0]
    309. 

  309. ||	EXTU	$iotas,24,24,A0			; A0 is A$C[0], as we done?
    310. 

  310. 

  311. 	ANDN	A$A[1][2],A$A[1][1],A$C[4]
    312. 

  312. ||	ANDN	B$A[1][2],B$A[1][1],B$C[4]
    313. 

  313. ||	ANDN	A$A[1][3],A$A[1][2],A$C[1]
    314. 

  314. ||	ANDN	B$A[1][3],B$A[1][2],B$C[1]
    315. 

  315. ||	ANDN	A$A[1][4],A$A[1][3],A$C[2]
    316. 

  316. ||	ANDN	B$A[1][4],B$A[1][3],B$C[2]
    317. 

  317. 	ANDN	A$A[1][0],A$A[1][4],A$C[3]
    318. 

  318. ||	ANDN	B$A[1][0],B$A[1][4],B$C[3]
    319. 

  319. ||	XOR	A$C[4],A$A[1][0],A$A[1][0]
    320. 

  320. ||	XOR	B$C[4],B$A[1][0],B$A[1][0]
    321. 

  321. ||	ANDN	A$A[1][1],A$A[1][0],A$C[4]
    322. 

  322. ||	ANDN	B$A[1][1],B$A[1][0],B$C[4]
    323. 

  323. 	XOR	A$C[1],A$A[1][1],A$A[1][1]
    324. 

  324. ||	XOR	B$C[1],B$A[1][1],B$A[1][1]
    325. 

  325. ||	XOR	A$C[2],A$A[1][2],A$A[1][2]
    326. 

  326. ||	XOR	B$C[2],B$A[1][2],B$A[1][2]
    327. 

  327. ||	XOR	A$C[3],A$A[1][3],A$A[1][3]
    328. 

  328. ||	XOR	B$C[3],B$A[1][3],B$A[1][3]
    329. 

  329. 	XOR	A$C[4],A$A[1][4],A$A[1][4]
    330. 

  330. ||	XOR	B$C[4],B$A[1][4],B$A[1][4]
    331. 

  331. 

  332. ||	ANDN	A$A[2][2],A$A[2][1],A$C[4]
    333. 

  333. ||	ANDN	B$A[2][2],B$A[2][1],B$C[4]
    334. 

  334. ||	ANDN	A$A[2][3],A$A[2][2],A$C[1]
    335. 

  335. ||	ANDN	B$A[2][3],B$A[2][2],B$C[1]
    336. 

  336. 	ANDN	A$A[2][4],A$A[2][3],A$C[2]
    337. 

  337. ||	ANDN	B$A[2][4],B$A[2][3],B$C[2]
    338. 

  338. ||	ANDN	A$A[2][0],A$A[2][4],A$C[3]
    339. 

  339. ||	ANDN	B$A[2][0],B$A[2][4],B$C[3]
    340. 

  340. ||	XOR	A$C[4],A$A[2][0],A$A[2][0]
    341. 

  341. ||	XOR	B$C[4],B$A[2][0],B$A[2][0]
    342. 

  342. 	ANDN	A$A[2][1],A$A[2][0],A$C[4]
    343. 

  343. ||	ANDN	B$A[2][1],B$A[2][0],B$C[4]
    344. 

  344. ||	XOR	A$C[1],A$A[2][1],A$A[2][1]
    345. 

  345. ||	XOR	B$C[1],B$A[2][1],B$A[2][1]
    346. 

  346. ||	XOR	A$C[2],A$A[2][2],A$A[2][2]
    347. 

  347. ||	XOR	B$C[2],B$A[2][2],B$A[2][2]
    348. 

  348. 	XOR	A$C[3],A$A[2][3],A$A[2][3]
    349. 

  349. ||	XOR	B$C[3],B$A[2][3],B$A[2][3]
    350. 

  350. ||	XOR	A$C[4],A$A[2][4],A$A[2][4]
    351. 

  351. ||	XOR	B$C[4],B$A[2][4],B$A[2][4]
    352. 

  352. 

  353. 	ANDN	A$A[3][2],A$A[3][1],A$C[4]
    354. 

  354. ||	ANDN	B$A[3][2],B$A[3][1],B$C[4]
    355. 

  355. ||	ANDN	A$A[3][3],A$A[3][2],A$C[1]
    356. 

  356. ||	ANDN	B$A[3][3],B$A[3][2],B$C[1]
    357. 

  357. ||	ANDN	A$A[3][4],A$A[3][3],A$C[2]
    358. 

  358. ||	ANDN	B$A[3][4],B$A[3][3],B$C[2]
    359. 

  359. 	ANDN	A$A[3][0],A$A[3][4],A$C[3]
    360. 

  360. ||	ANDN	B$A[3][0],B$A[3][4],B$C[3]
    361. 

  361. ||	XOR	A$C[4],A$A[3][0],A$A[3][0]
    362. 

  362. ||	XOR	B$C[4],B$A[3][0],B$A[3][0]
    363. 

  363. ||	ANDN	A$A[3][1],A$A[3][0],A$C[4]
    364. 

  364. ||	ANDN	B$A[3][1],B$A[3][0],B$C[4]
    365. 

  365. 	XOR	A$C[1],A$A[3][1],A$A[3][1]
    366. 

  366. ||	XOR	B$C[1],B$A[3][1],B$A[3][1]
    367. 

  367. ||	XOR	A$C[2],A$A[3][2],A$A[3][2]
    368. 

  368. ||	XOR	B$C[2],B$A[3][2],B$A[3][2]
    369. 

  369. ||	XOR	A$C[3],A$A[3][3],A$A[3][3]
    370. 

  370. ||[A0]	BNOP	loop?
    371. 

  371. 	XOR	B$C[3],B$A[3][3],B$A[3][3]
    372. 

  372. ||	XOR	A$C[4],A$A[3][4],A$A[3][4]
    373. 

  373. ||	XOR	B$C[4],B$A[3][4],B$A[3][4]
    374. 

  374. ||[!A0]	LDDW	*FP[-7],A3:A2
    375. 

  375. ||[!A0]	LDDW	*SP[4], RA:B2
    376. 

  376. 

  377. 	ANDN	A$A[4][2],A$A[4][1],A$C[4]
    378. 

  378. ||	ANDN	B$A[4][2],B$A[4][1],B$C[4]
    379. 

  379. ||	ANDN	A$A[4][3],A$A[4][2],A$C[1]
    380. 

  380. ||	ANDN	B$A[4][3],B$A[4][2],B$C[1]
    381. 

  381. ||	ANDN	A$A[4][4],A$A[4][3],A$C[2]
    382. 

  382. ||	ANDN	B$A[4][4],B$A[4][3],B$C[2]
    383. 

  383. 	ANDN	A$A[4][0],A$A[4][4],A$C[3]
    384. 

  384. ||	ANDN	B$A[4][0],B$A[4][4],B$C[3]
    385. 

  385. ||	XOR	A$C[4],A$A[4][0],A$A[4][0]
    386. 

  386. ||	XOR	B$C[4],B$A[4][0],B$A[4][0]
    387. 

  387. ||	ANDN	A$A[4][1],A$A[4][0],A$C[4]
    388. 

  388. ||	ANDN	B$A[4][1],B$A[4][0],B$C[4]
    389. 

  389. 	XOR	A$C[1],A$A[4][1],A$A[4][1]
    390. 

  390. ||	XOR	B$C[1],B$A[4][1],B$A[4][1]
    391. 

  391. ||	XOR	A$C[2],A$A[4][2],A$A[4][2]
    392. 

  392. ||	XOR	B$C[2],B$A[4][2],B$A[4][2]
    393. 

  393. ||	XOR	A$C[3],A$A[4][3],A$A[4][3]
    394. 

  394. ||	XOR	B$C[3],B$A[4][3],B$A[4][3]
    395. 

  395. 	XOR	A$C[4],A$A[4][4],A$A[4][4]
    396. 

  396. ||	XOR	B$C[4],B$A[4][4],B$A[4][4]
    397. 

  397. ;;===== branch to loop? is taken here
    398. 

  398. 

  399. 	BNOP	RA,5
    400. 

  400. 	.endasmfunc
    401. 

  401. 

  402. 	.newblock
    403. 

  403. 	.global	_KeccakF1600
    404. 

  404. 	.align	32
    405. 

  405. _KeccakF1600:
    406. 

  406. 	.asmfunc stack_usage(80)
    407. 

  407. 	STW	FP,*SP--(80)			; save frame pointer
    408. 

  408. ||	MV	SP,FP
    409. 

  409. 	STDW	B13:B12,*SP[9]
    410. 

  410. ||	STDW	A13:A12,*FP[-4]
    411. 

  411. 	STDW	B11:B10,*SP[8]
    412. 

  412. ||	STDW	A11:A10,*FP[-5]
    413. 

  413. 	STW	RA, *SP[15]
    414. 

  414. ||	STW	A14,*FP[-6]
    415. 

  415. ||	MV	A4,A2
    416. 

  416. ||	ADD	4,A4,B2
    417. 

  417. 

  418. 	LDW	*A2++[2],A$A[0][0]		; load A[5][5]
    419. 

  419. ||	LDW	*B2++[2],B$A[0][0]
    420. 

  420. 	LDW	*A2++[2],A$A[0][1]
    421. 

  421. ||	LDW	*B2++[2],B$A[0][1]
    422. 

  422. 	LDW	*A2++[2],A$A[0][2]
    423. 

  423. ||	LDW	*B2++[2],B$A[0][2]
    424. 

  424. 	LDW	*A2++[2],A$A[0][3]
    425. 

  425. ||	LDW	*B2++[2],B$A[0][3]
    426. 

  426. 	LDW	*A2++[2],A$A[0][4]
    427. 

  427. ||	LDW	*B2++[2],B$A[0][4]
    428. 

  428. 

  429. 	LDW	*A2++[2],A$A[1][0]
    430. 

  430. ||	LDW	*B2++[2],B$A[1][0]
    431. 

  431. 	LDW	*A2++[2],A$A[1][1]
    432. 

  432. ||	LDW	*B2++[2],B$A[1][1]
    433. 

  433. 	LDW	*A2++[2],A$A[1][2]
    434. 

  434. ||	LDW	*B2++[2],B$A[1][2]
    435. 

  435. 	LDW	*A2++[2],A$A[1][3]
    436. 

  436. ||	LDW	*B2++[2],B$A[1][3]
    437. 

  437. 	LDW	*A2++[2],A$A[1][4]
    438. 

  438. ||	LDW	*B2++[2],B$A[1][4]
    439. 

  439. 

  440. 	LDW	*A2++[2],A$A[2][0]
    441. 

  441. ||	LDW	*B2++[2],B$A[2][0]
    442. 

  442. 	LDW	*A2++[2],A$A[2][1]
    443. 

  443. ||	LDW	*B2++[2],B$A[2][1]
    444. 

  444. 	LDW	*A2++[2],A$A[2][2]
    445. 

  445. ||	LDW	*B2++[2],B$A[2][2]
    446. 

  446. 	LDW	*A2++[2],A$A[2][3]
    447. 

  447. ||	LDW	*B2++[2],B$A[2][3]
    448. 

  448. 	LDW	*A2++[2],A$A[2][4]
    449. 

  449. ||	LDW	*B2++[2],B$A[2][4]
    450. 

  450. 

  451. 	LDW	*A2++[2],A$A[3][0]
    452. 

  452. ||	LDW	*B2++[2],B$A[3][0]
    453. 

  453. 	LDW	*A2++[2],A$A[3][1]
    454. 

  454. ||	LDW	*B2++[2],B$A[3][1]
    455. 

  455. 	LDW	*A2++[2],A$A[3][2]
    456. 

  456. ||	LDW	*B2++[2],B$A[3][2]
    457. 

  457. 	LDW	*A2++[2],A$A[3][3]
    458. 

  458. ||	LDW	*B2++[2],B$A[3][3]
    459. 

  459. 	LDW	*A2++[2],A$A[3][4]
    460. 

  460. ||	LDW	*B2++[2],B$A[3][4]
    461. 

  461. ||	BNOP	_KeccakF1600_int
    462. 

  462. 

  463. 	ADDKPC	ret?,RA
    464. 

  464. ||	LDW	*A2++[2],A$A[4][0]
    465. 

  465. ||	LDW	*B2++[2],B$A[4][0]
    466. 

  466. 	LDW	*A2++[2],A$A[4][1]
    467. 

  467. ||	LDW	*B2++[2],B$A[4][1]
    468. 

  468. 	LDW	*A2++[2],A$A[4][2]
    469. 

  469. ||	LDW	*B2++[2],B$A[4][2]
    470. 

  470. 	LDW	*A2++[2],A$A[4][3]
    471. 

  471. ||	LDW	*B2++[2],B$A[4][3]
    472. 

  472. 	LDW	*A2,A$A[4][4]
    473. 

  473. ||	LDW	*B2,B$A[4][4]
    474. 

  474. ||	ADDK	-192,A2				; rewind
    475. 

  475. ||	ADDK	-192,B2
    476. 

  476. 

  477. 	.align	16
    478. 

  478. ret?:
    479. 

  479. 	STW	A$A[0][0],*A2++[2]		; store A[5][5]
    480. 

  480. ||	STW	B$A[0][0],*B2++[2]
    481. 

  481. 	STW	A$A[0][1],*A2++[2]
    482. 

  482. ||	STW	B$A[0][1],*B2++[2]
    483. 

  483. 	STW	A$A[0][2],*A2++[2]
    484. 

  484. ||	STW	B$A[0][2],*B2++[2]
    485. 

  485. 	STW	A$A[0][3],*A2++[2]
    486. 

  486. ||	STW	B$A[0][3],*B2++[2]
    487. 

  487. 	STW	A$A[0][4],*A2++[2]
    488. 

  488. ||	STW	B$A[0][4],*B2++[2]
    489. 

  489. 

  490. 	STW	A$A[1][0],*A2++[2]
    491. 

  491. ||	STW	B$A[1][0],*B2++[2]
    492. 

  492. 	STW	A$A[1][1],*A2++[2]
    493. 

  493. ||	STW	B$A[1][1],*B2++[2]
    494. 

  494. 	STW	A$A[1][2],*A2++[2]
    495. 

  495. ||	STW	B$A[1][2],*B2++[2]
    496. 

  496. 	STW	A$A[1][3],*A2++[2]
    497. 

  497. ||	STW	B$A[1][3],*B2++[2]
    498. 

  498. 	STW	A$A[1][4],*A2++[2]
    499. 

  499. ||	STW	B$A[1][4],*B2++[2]
    500. 

  500. 

  501. 	STW	A$A[2][0],*A2++[2]
    502. 

  502. ||	STW	B$A[2][0],*B2++[2]
    503. 

  503. 	STW	A$A[2][1],*A2++[2]
    504. 

  504. ||	STW	B$A[2][1],*B2++[2]
    505. 

  505. 	STW	A$A[2][2],*A2++[2]
    506. 

  506. ||	STW	B$A[2][2],*B2++[2]
    507. 

  507. 	STW	A$A[2][3],*A2++[2]
    508. 

  508. ||	STW	B$A[2][3],*B2++[2]
    509. 

  509. 	STW	A$A[2][4],*A2++[2]
    510. 

  510. ||	STW	B$A[2][4],*B2++[2]
    511. 

  511. 

  512. 	STW	A$A[3][0],*A2++[2]
    513. 

  513. ||	STW	B$A[3][0],*B2++[2]
    514. 

  514. 	STW	A$A[3][1],*A2++[2]
    515. 

  515. ||	STW	B$A[3][1],*B2++[2]
    516. 

  516. 	STW	A$A[3][2],*A2++[2]
    517. 

  517. ||	STW	B$A[3][2],*B2++[2]
    518. 

  518. 	STW	A$A[3][3],*A2++[2]
    519. 

  519. ||	STW	B$A[3][3],*B2++[2]
    520. 

  520. 	STW	A$A[3][4],*A2++[2]
    521. 

  521. ||	STW	B$A[3][4],*B2++[2]
    522. 

  522. 

  523. 	LDW	*SP[15],RA
    524. 

  524. ||	LDW	*FP[-6],A14
    525. 

  525. 

  526. 	STW	A$A[4][0],*A2++[2]
    527. 

  527. ||	STW	B$A[4][0],*B2++[2]
    528. 

  528. 	STW	A$A[4][1],*A2++[2]
    529. 

  529. ||	STW	B$A[4][1],*B2++[2]
    530. 

  530. 	STW	A$A[4][2],*A2++[2]
    531. 

  531. ||	STW	B$A[4][2],*B2++[2]
    532. 

  532. 	STW	A$A[4][3],*A2++[2]
    533. 

  533. ||	STW	B$A[4][3],*B2++[2]
    534. 

  534. 	STW	A$A[4][4],*A2
    535. 

  535. ||	STW	B$A[4][4],*B2
    536. 

  536. ||	ADDK	-192,A2				; rewind
    537. 

  537. 

  538. 	MV	A2,A4				; return original A4
    539. 

  539. ||	LDDW	*SP[8], B11:B10
    540. 

  540. ||	LDDW	*FP[-5],A11:A10
    541. 

  541. 	LDDW	*SP[9], B13:B12
    542. 

  542. ||	LDDW	*FP[-4],A13:A12
    543. 

  543. ||	BNOP	RA
    544. 

  544. 	LDW	*++SP(80),FP			; restore frame pointer
    545. 

  545. 	NOP	4				; wait till FP is committed
    546. 

  546. 	.endasmfunc
    547. 

  547. 

  548. 	.newblock
    549. 

  549. 	.asg	B2,BSZ
    550. 

  550. 	.asg	A2,INP
    551. 

  551. 	.asg	A3,LEN
    552. 

  552. 	.global	_SHA3_absorb
    553. 

  553. 	.align	32
    554. 

  554. _SHA3_absorb:
    555. 

  555. 	.asmfunc stack_usage(80)
    556. 

  556. 	STW	FP,*SP--(80)			; save frame pointer
    557. 

  557. ||	MV	SP,FP
    558. 

  558. 	STDW	B13:B12,*SP[9]
    559. 

  559. ||	STDW	A13:A12,*FP[-4]
    560. 

  560. 	STDW	B11:B10,*SP[8]
    561. 

  561. ||	STDW	A11:A10,*FP[-5]
    562. 

  562. 	STW	RA, *SP[15]
    563. 

  563. ||	STW	A14,*FP[-6]
    564. 

  564. 

  565. 	STW	A4,*SP[1]			; save A[][]
    566. 

  566. ||	MV	B4,INP				; reassign arguments
    567. 

  567. ||	MV	A6,LEN
    568. 

  568. ||	MV	B6,BSZ
    569. 

  569. ||	ADD	4,A4,B4
    570. 

  570. 

  571. 	LDW	*A4++[2],A$A[0][0]		; load A[5][5]
    572. 

  572. ||	LDW	*B4++[2],B$A[0][0]
    573. 

  573. 	LDW	*A4++[2],A$A[0][1]
    574. 

  574. ||	LDW	*B4++[2],B$A[0][1]
    575. 

  575. 	LDW	*A4++[2],A$A[0][2]
    576. 

  576. ||	LDW	*B4++[2],B$A[0][2]
    577. 

  577. 	LDW	*A4++[2],A$A[0][3]
    578. 

  578. ||	LDW	*B4++[2],B$A[0][3]
    579. 

  579. 	LDW	*A4++[2],A$A[0][4]
    580. 

  580. ||	LDW	*B4++[2],B$A[0][4]
    581. 

  581. 

  582. 	LDW	*A4++[2],A$A[1][0]
    583. 

  583. ||	LDW	*B4++[2],B$A[1][0]
    584. 

  584. 	LDW	*A4++[2],A$A[1][1]
    585. 

  585. ||	LDW	*B4++[2],B$A[1][1]
    586. 

  586. 	LDW	*A4++[2],A$A[1][2]
    587. 

  587. ||	LDW	*B4++[2],B$A[1][2]
    588. 

  588. 	LDW	*A4++[2],A$A[1][3]
    589. 

  589. ||	LDW	*B4++[2],B$A[1][3]
    590. 

  590. 	LDW	*A4++[2],A$A[1][4]
    591. 

  591. ||	LDW	*B4++[2],B$A[1][4]
    592. 

  592. 

  593. 	LDW	*A4++[2],A$A[2][0]
    594. 

  594. ||	LDW	*B4++[2],B$A[2][0]
    595. 

  595. 	LDW	*A4++[2],A$A[2][1]
    596. 

  596. ||	LDW	*B4++[2],B$A[2][1]
    597. 

  597. 	LDW	*A4++[2],A$A[2][2]
    598. 

  598. ||	LDW	*B4++[2],B$A[2][2]
    599. 

  599. 	LDW	*A4++[2],A$A[2][3]
    600. 

  600. ||	LDW	*B4++[2],B$A[2][3]
    601. 

  601. 	LDW	*A4++[2],A$A[2][4]
    602. 

  602. ||	LDW	*B4++[2],B$A[2][4]
    603. 

  603. 

  604. 	LDW	*A4++[2],A$A[3][0]
    605. 

  605. ||	LDW	*B4++[2],B$A[3][0]
    606. 

  606. 	LDW	*A4++[2],A$A[3][1]
    607. 

  607. ||	LDW	*B4++[2],B$A[3][1]
    608. 

  608. 	LDW	*A4++[2],A$A[3][2]
    609. 

  609. ||	LDW	*B4++[2],B$A[3][2]
    610. 

  610. 	LDW	*A4++[2],A$A[3][3]
    611. 

  611. ||	LDW	*B4++[2],B$A[3][3]
    612. 

  612. 	LDW	*A4++[2],A$A[3][4]
    613. 

  613. ||	LDW	*B4++[2],B$A[3][4]
    614. 

  614. 

  615. 	LDW	*A4++[2],A$A[4][0]
    616. 

  616. ||	LDW	*B4++[2],B$A[4][0]
    617. 

  617. 	LDW	*A4++[2],A$A[4][1]
    618. 

  618. ||	LDW	*B4++[2],B$A[4][1]
    619. 

  619. 	LDW	*A4++[2],A$A[4][2]
    620. 

  620. ||	LDW	*B4++[2],B$A[4][2]
    621. 

  621. 	LDW	*A4++[2],A$A[4][3]
    622. 

  622. ||	LDW	*B4++[2],B$A[4][3]
    623. 

  623. 	LDW	*A4,A$A[4][4]
    624. 

  624. ||	LDW	*B4,B$A[4][4]
    625. 

  625. ||	ADDKPC	loop?,RA
    626. 

  626. 	STDW	RA:BSZ,*SP[4]
    627. 

  627. 

  628. loop?:
    629. 

  629. 	CMPLTU	LEN,BSZ,A0			; len < bsz?
    630. 

  630. ||	SHRU	BSZ,3,BSZ
    631. 

  631.   [A0]	BNOP	ret?
    632. 

  632. ||[A0]	ZERO	BSZ
    633. 

  633. ||[A0]	LDW	*SP[1],A2			; pull A[][]
    634. 

  634.   [BSZ]	LDNDW	*INP++,A1:A0
    635. 

  635. ||[BSZ]	SUB	LEN,8,LEN
    636. 

  636. ||[BSZ]	SUB	BSZ,1,BSZ
    637. 

  637. 	NOP	4
    638. 

  638. ___
    639. 

  639. for ($y = 0; $y < 5; $y++) {
    640. 

  640.     for ($x = 0; $x < ($y<4 ? 5 : 4); $x++) {
    641. 

  641. $code.=<<___;
    642. 

  642. 	.if	.BIG_ENDIAN
    643. 

  643. 	SWAP2	A0,A1
    644. 

  644. ||	SWAP2	A1,A0
    645. 

  645. 	SWAP4	A0,A0
    646. 

  646. 	SWAP4	A1,A1
    647. 

  647. ||[!BSZ]BNOP	_KeccakF1600_cheat
    648. 

  648. ||[!BSZ]STDW	LEN:INP,*SP[3]
    649. 

  649. ||	DEAL	A0,A0
    650. 

  650. 	.else
    651. 

  651.   [!BSZ]BNOP	_KeccakF1600_cheat
    652. 

  652. ||[!BSZ]STDW	LEN:INP,*SP[3]
    653. 

  653. ||	DEAL	A0,A0
    654. 

  654. 	.endif
    655. 

  655.   [BSZ]	LDNDW	*INP++,A1:A0
    656. 

  656. ||	DEAL	A1,A1
    657. 

  657.   [BSZ]	SUB	LEN,8,LEN
    658. 

  658. ||[BSZ]	SUB	BSZ,1,BSZ
    659. 

  659. 	PACK2	A1,A0,A0
    660. 

  660. ||	PACKH2	A1,A0,A1
    661. 

  661. 	XOR	A0,A$A[$y][$x],A$A[$y][$x]
    662. 

  662. 	XOR	A1,B$A[$y][$x],B$A[$y][$x]
    663. 

  663. ___
    664. 

  664.     }
    665. 

  665. }
    666. 

  666. $code.=<<___;
    667. 

  667. 	.if	.BIG_ENDIAN
    668. 

  668. 	SWAP2	A0,A1
    669. 

  669. ||	SWAP2	A1,A0
    670. 

  670. 	SWAP4	A0,A0
    671. 

  671. 	SWAP4	A1,A1
    672. 

  672. 	.endif
    673. 

  673. 	BNOP	_KeccakF1600_cheat
    674. 

  674. ||	STDW	LEN:INP,*SP[3]
    675. 

  675. ||	DEAL	A0,A0
    676. 

  676. 	DEAL	A1,A1
    677. 

  677. 	NOP
    678. 

  678. 	PACK2	A1,A0,A0
    679. 

  679. ||	PACKH2	A1,A0,A1
    680. 

  680. 	XOR	A0,A$A[4][4],A$A[4][4]
    681. 

  681. 	XOR	A1,B$A[4][4],B$A[4][4]
    682. 

  682. 

  683. 	.align	16
    684. 

  684. ret?:
    685. 

  685. 	MV	LEN,A4				; return value
    686. 

  686. ||	ADD	4,A2,B2
    687. 

  687. 

  688. 	STW	A$A[0][0],*A2++[2]		; store A[5][5]
    689. 

  689. ||	STW	B$A[0][0],*B2++[2]
    690. 

  690. 	STW	A$A[0][1],*A2++[2]
    691. 

  691. ||	STW	B$A[0][1],*B2++[2]
    692. 

  692. 	STW	A$A[0][2],*A2++[2]
    693. 

  693. ||	STW	B$A[0][2],*B2++[2]
    694. 

  694. 	STW	A$A[0][3],*A2++[2]
    695. 

  695. ||	STW	B$A[0][3],*B2++[2]
    696. 

  696. 	STW	A$A[0][4],*A2++[2]
    697. 

  697. ||	STW	B$A[0][4],*B2++[2]
    698. 

  698. 

  699. 	STW	A$A[1][0],*A2++[2]
    700. 

  700. ||	STW	B$A[1][0],*B2++[2]
    701. 

  701. 	STW	A$A[1][1],*A2++[2]
    702. 

  702. ||	STW	B$A[1][1],*B2++[2]
    703. 

  703. 	STW	A$A[1][2],*A2++[2]
    704. 

  704. ||	STW	B$A[1][2],*B2++[2]
    705. 

  705. 	STW	A$A[1][3],*A2++[2]
    706. 

  706. ||	STW	B$A[1][3],*B2++[2]
    707. 

  707. 	STW	A$A[1][4],*A2++[2]
    708. 

  708. ||	STW	B$A[1][4],*B2++[2]
    709. 

  709. 

  710. 	STW	A$A[2][0],*A2++[2]
    711. 

  711. ||	STW	B$A[2][0],*B2++[2]
    712. 

  712. 	STW	A$A[2][1],*A2++[2]
    713. 

  713. ||	STW	B$A[2][1],*B2++[2]
    714. 

  714. 	STW	A$A[2][2],*A2++[2]
    715. 

  715. ||	STW	B$A[2][2],*B2++[2]
    716. 

  716. 	STW	A$A[2][3],*A2++[2]
    717. 

  717. ||	STW	B$A[2][3],*B2++[2]
    718. 

  718. 	STW	A$A[2][4],*A2++[2]
    719. 

  719. ||	STW	B$A[2][4],*B2++[2]
    720. 

  720. 

  721. 	LDW	*SP[15],RA
    722. 

  722. ||	LDW	*FP[-6],A14
    723. 

  723. 

  724. 	STW	A$A[3][0],*A2++[2]
    725. 

  725. ||	STW	B$A[3][0],*B2++[2]
    726. 

  726. 	STW	A$A[3][1],*A2++[2]
    727. 

  727. ||	STW	B$A[3][1],*B2++[2]
    728. 

  728. 	STW	A$A[3][2],*A2++[2]
    729. 

  729. ||	STW	B$A[3][2],*B2++[2]
    730. 

  730. 	STW	A$A[3][3],*A2++[2]
    731. 

  731. ||	STW	B$A[3][3],*B2++[2]
    732. 

  732. 	STW	A$A[3][4],*A2++[2]
    733. 

  733. ||	STW	B$A[3][4],*B2++[2]
    734. 

  734. 

  735. 	LDDW	*SP[8], B11:B10
    736. 

  736. ||	LDDW	*FP[-5],A11:A10
    737. 

  737. 	LDDW	*SP[9], B13:B12
    738. 

  738. ||	LDDW	*FP[-4],A13:A12
    739. 

  739. 	BNOP	RA
    740. 

  740. ||	LDW	*++SP(80),FP			; restore frame pointer
    741. 

  741. 

  742. 	STW	A$A[4][0],*A2++[2]
    743. 

  743. ||	STW	B$A[4][0],*B2++[2]
    744. 

  744. 	STW	A$A[4][1],*A2++[2]
    745. 

  745. ||	STW	B$A[4][1],*B2++[2]
    746. 

  746. 	STW	A$A[4][2],*A2++[2]
    747. 

  747. ||	STW	B$A[4][2],*B2++[2]
    748. 

  748. 	STW	A$A[4][3],*A2++[2]
    749. 

  749. ||	STW	B$A[4][3],*B2++[2]
    750. 

  750. 	STW	A$A[4][4],*A2++[2]
    751. 

  751. ||	STW	B$A[4][4],*B2++[2]
    752. 

  752. 	.endasmfunc
    753. 

  753. 

  754. 	.newblock
    755. 

  755. 	.global	_SHA3_squeeze
    756. 

  756. 	.asg	A12,OUT
    757. 

  757. 	.asg	A13,LEN
    758. 

  758. 	.asg	A14,BSZ
    759. 

  759. 	.align	32
    760. 

  760. _SHA3_squeeze:
    761. 

  761. 	.asmfunc stack_usage(24)
    762. 

  762. 	STW	FP,*SP--(24)			; save frame pointer
    763. 

  763. ||	MV	SP,FP
    764. 

  764. 	STW	RA, *SP[5]
    765. 

  765. ||	STW	A14,*FP[-2]
    766. 

  766. 	STDW	A13:A12,*FP[-2]
    767. 

  767. ||	MV	B4,OUT				; reassign arguments
    768. 

  768. 	MV	A6,LEN
    769. 

  769. ||	MV	B6,BSZ
    770. 

  770. 

  771. loop?:
    772. 

  772. 	LDW	*SP[5],RA			; reload RA
    773. 

  773. ||	SHRU	BSZ,3,A1
    774. 

  774. ||	MV	A4,A8
    775. 

  775. ||	ADD	4,A4,B8
    776. 

  776. block?:
    777. 

  777. 	CMPLTU	LEN,8,A0			; len < 8?
    778. 

  778.   [A0]	BNOP	tail?
    779. 

  779. 	LDW	*A8++[2],A9
    780. 

  780. ||	LDW	*B8++[2],B9
    781. 

  781. ||	SUB	LEN,8,LEN			; len -= 8
    782. 

  782. 	MV	LEN,A0
    783. 

  783. ||	SUB	A1,1,A1				; bsz--
    784. 

  784. ||	NOP	4
    785. 

  785. 	.if	.BIG_ENDIAN
    786. 

  786. 	SWAP4	A9,A9
    787. 

  787. ||	SWAP4	B9,B9
    788. 

  788. 	SWAP2	A9,A9
    789. 

  789. ||	SWAP2	B9,B9
    790. 

  790. 	.endif
    791. 

  791.   [!A0]	BNOP	ret?
    792. 

  792. ||[!A0]	ZERO	A1
    793. 

  793. 	PACK2	B9,A9,B7
    794. 

  794. ||[A1]	BNOP	block?
    795. 

  795. 	PACKH2	B9,A9,B9
    796. 

  796. ||	SHFL	B7,B7
    797. 

  797. 	SHFL	B9,B9
    798. 

  798. 	STNW	B7,*OUT++
    799. 

  799. 	STNW	B9,*OUT++
    800. 

  800. 	NOP
    801. 

  801. 

  802. 	BNOP	_KeccakF1600,4
    803. 

  803. 	ADDKPC	loop?,RA
    804. 

  804. 

  805. 	.align	16
    806. 

  806. tail?:
    807. 

  807. 	.if	.BIG_ENDIAN
    808. 

  808. 	SWAP4	A9,A9
    809. 

  809. ||	SWAP4	B9,B9
    810. 

  810. 	SWAP2	A9,A9
    811. 

  811. ||	SWAP2	B9,B9
    812. 

  812. 	.endif
    813. 

  813. 	PACK2	B9,A9,B7
    814. 

  814. 	PACKH2	B9,A9,B9
    815. 

  815. ||	SHFL	B7,B7
    816. 

  816. 	SHFL	B9,B9
    817. 

  817. 

  818. 	STB	B7,*OUT++
    819. 

  819. ||	SHRU	B7,8,B7
    820. 

  820. ||	ADD	LEN,7,A0
    821. 

  821.   [A0]	STB	B7,*OUT++
    822. 

  822. ||[A0]	SHRU	B7,8,B7
    823. 

  823. ||[A0]	SUB	A0,1,A0
    824. 

  824.   [A0]	STB	B7,*OUT++
    825. 

  825. ||[A0]	SHRU	B7,8,B7
    826. 

  826. ||[A0]	SUB	A0,1,A0
    827. 

  827.   [A0]	STB	B7,*OUT++
    828. 

  828. ||[A0]	SUB	A0,1,A0
    829. 

  829.   [A0]	STB	B9,*OUT++
    830. 

  830. ||[A0]	SHRU	B9,8,B9
    831. 

  831. ||[A0]	SUB	A0,1,A0
    832. 

  832.   [A0]	STB	B9,*OUT++
    833. 

  833. ||[A0]	SHRU	B9,8,B9
    834. 

  834. ||[A0]	SUB	A0,1,A0
    835. 

  835.   [A0]	STB	B9,*OUT++
    836. 

  836. 

  837. ret?:
    838. 

  838. 	LDDW	*FP[-2],A13:A12
    839. 

  839. 	BNOP	RA
    840. 

  840. ||	LDW	*FP[-2],A14
    841. 

  841. 	LDW	*++SP(24),FP			; restore frame pointer
    842. 

  842. 	NOP	4				; wait till FP is committed
    843. 

  843. 	.endasmfunc
    844. 

  844. 

  845. 	.if	__TI_EABI__
    846. 

  846. 	.sect	".text:sha_asm.const"
    847. 

  847. 	.else
    848. 

  848. 	.sect	".const:sha_asm"
    849. 

  849. 	.endif
    850. 

  850. 	.align	256
    851. 

  851. 	.uword	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
    852. 

  852. iotas:
    853. 

  853. 	.uword	0x00000001, 0x00000000
    854. 

  854. 	.uword	0x00000000, 0x00000089
    855. 

  855. 	.uword	0x00000000, 0x8000008b
    856. 

  856. 	.uword	0x00000000, 0x80008080
    857. 

  857. 	.uword	0x00000001, 0x0000008b
    858. 

  858. 	.uword	0x00000001, 0x00008000
    859. 

  859. 	.uword	0x00000001, 0x80008088
    860. 

  860. 	.uword	0x00000001, 0x80000082
    861. 

  861. 	.uword	0x00000000, 0x0000000b
    862. 

  862. 	.uword	0x00000000, 0x0000000a
    863. 

  863. 	.uword	0x00000001, 0x00008082
    864. 

  864. 	.uword	0x00000000, 0x00008003
    865. 

  865. 	.uword	0x00000001, 0x0000808b
    866. 

  866. 	.uword	0x00000001, 0x8000000b
    867. 

  867. 	.uword	0x00000001, 0x8000008a
    868. 

  868. 	.uword	0x00000001, 0x80000081
    869. 

  869. 	.uword	0x00000000, 0x80000081
    870. 

  870. 	.uword	0x00000000, 0x80000008
    871. 

  871. 	.uword	0x00000000, 0x00000083
    872. 

  872. 	.uword	0x00000000, 0x80008003
    873. 

  873. 	.uword	0x00000001, 0x80008088
    874. 

  874. 	.uword	0x00000000, 0x80000088
    875. 

  875. 	.uword	0x00000001, 0x00008000
    876. 

  876. 	.uword	0x00000000, 0x80008082
    877. 

  877. 

  878. 	.cstring "Keccak-1600 absorb and squeeze for C64x, CRYPTOGAMS by <appro\@openssl.org>"
    879. 

  879. 	.align	4
    880. 

  880. ___
    881. 

  881. 

  882. $output=pop and open STDOUT,">$output";
    883. 

  883. print $code;
    884. 

  884. close STDOUT;
    885.