2 * Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * https://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * Portions Copyright (c) 2022 Tino Reichardt <milky-zfs@mcmilk.de>
19 * - modified assembly to fit into OpenZFS
25 # define __ARM_ARCH__ 7
27 # define __ARM_ARCH__ __ARM_ARCH
30 #if defined(__thumb2__)
42 .word 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
43 .word 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
44 .word 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
45 .word 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
46 .word 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
47 .word 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
48 .word 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
49 .word 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
50 .word 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
51 .word 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
52 .word 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
53 .word 0xd192e819,0xd6990624,0xf40e3585,0x106aa070
54 .word 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
55 .word 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
56 .word 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
57 .word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
62 .globl zfs_sha256_block_armv7
63 .type zfs_sha256_block_armv7,%function
64 zfs_sha256_block_armv7:
65 .Lzfs_sha256_block_armv7:
67 #if __ARM_ARCH__<7 && !defined(__thumb2__)
68 sub r3,pc,#8 @ zfs_sha256_block_armv7
70 adr r3,.Lzfs_sha256_block_armv7
73 add r2,r1,r2,lsl#6 @ len to point at the end of inp
74 stmdb sp!,{r0,r1,r2,r4-r11,lr}
75 ldmia r0,{r4,r5,r6,r7,r8,r9,r10,r11}
76 sub r14,r3,#256+32 @ K256
77 sub sp,sp,#16*4 @ alloca(X[16])
89 str r1,[sp,#17*4] @ make room for r1
92 add r4,r4,r12 @ h+=Maj(a,b,c) from the past
93 eor r0,r0,r8,ror#19 @ Sigma1(e)
99 add r4,r4,r12 @ h+=Maj(a,b,c) from the past
106 str r1,[sp,#17*4] @ make room for r1
110 eor r0,r0,r8,ror#19 @ Sigma1(e)
112 ldr r12,[r14],#4 @ *K256++
113 add r11,r11,r2 @ h+=X[i]
116 add r11,r11,r0,ror#6 @ h+=Sigma1(e)
118 add r11,r11,r12 @ h+=K256[i]
119 eor r2,r2,r10 @ Ch(e,f,g)
121 add r11,r11,r2 @ h+=Ch(e,f,g)
124 cmp r12,#0xf2 @ done?
128 ldr r2,[r1],#4 @ prefetch
132 eor r12,r4,r5 @ a^b, b^c in next round
134 ldr r2,[sp,#2*4] @ from future BODY_16_xx
135 eor r12,r4,r5 @ a^b, b^c in next round
136 ldr r1,[sp,#15*4] @ from future BODY_16_xx
138 eor r0,r0,r4,ror#20 @ Sigma0(a)
139 and r3,r3,r12 @ (b^c)&=(a^b)
141 eor r3,r3,r5 @ Maj(a,b,c)
142 add r11,r11,r0,ror#2 @ h+=Sigma0(a)
143 @ add r11,r11,r3 @ h+=Maj(a,b,c)
147 str r1,[sp,#17*4] @ make room for r1
150 add r11,r11,r3 @ h+=Maj(a,b,c) from the past
151 eor r0,r0,r7,ror#19 @ Sigma1(e)
156 @ ldrb r2,[r1,#3] @ 1
157 add r11,r11,r3 @ h+=Maj(a,b,c) from the past
164 str r1,[sp,#17*4] @ make room for r1
168 eor r0,r0,r7,ror#19 @ Sigma1(e)
170 ldr r3,[r14],#4 @ *K256++
171 add r10,r10,r2 @ h+=X[i]
174 add r10,r10,r0,ror#6 @ h+=Sigma1(e)
176 add r10,r10,r3 @ h+=K256[i]
177 eor r2,r2,r9 @ Ch(e,f,g)
178 eor r0,r11,r11,ror#11
179 add r10,r10,r2 @ h+=Ch(e,f,g)
186 ldr r2,[r1],#4 @ prefetch
190 eor r3,r11,r4 @ a^b, b^c in next round
192 ldr r2,[sp,#3*4] @ from future BODY_16_xx
193 eor r3,r11,r4 @ a^b, b^c in next round
194 ldr r1,[sp,#0*4] @ from future BODY_16_xx
196 eor r0,r0,r11,ror#20 @ Sigma0(a)
197 and r12,r12,r3 @ (b^c)&=(a^b)
199 eor r12,r12,r4 @ Maj(a,b,c)
200 add r10,r10,r0,ror#2 @ h+=Sigma0(a)
201 @ add r10,r10,r12 @ h+=Maj(a,b,c)
205 str r1,[sp,#17*4] @ make room for r1
208 add r10,r10,r12 @ h+=Maj(a,b,c) from the past
209 eor r0,r0,r6,ror#19 @ Sigma1(e)
214 @ ldrb r2,[r1,#3] @ 2
215 add r10,r10,r12 @ h+=Maj(a,b,c) from the past
222 str r1,[sp,#17*4] @ make room for r1
226 eor r0,r0,r6,ror#19 @ Sigma1(e)
228 ldr r12,[r14],#4 @ *K256++
229 add r9,r9,r2 @ h+=X[i]
232 add r9,r9,r0,ror#6 @ h+=Sigma1(e)
234 add r9,r9,r12 @ h+=K256[i]
235 eor r2,r2,r8 @ Ch(e,f,g)
236 eor r0,r10,r10,ror#11
237 add r9,r9,r2 @ h+=Ch(e,f,g)
240 cmp r12,#0xf2 @ done?
244 ldr r2,[r1],#4 @ prefetch
248 eor r12,r10,r11 @ a^b, b^c in next round
250 ldr r2,[sp,#4*4] @ from future BODY_16_xx
251 eor r12,r10,r11 @ a^b, b^c in next round
252 ldr r1,[sp,#1*4] @ from future BODY_16_xx
254 eor r0,r0,r10,ror#20 @ Sigma0(a)
255 and r3,r3,r12 @ (b^c)&=(a^b)
257 eor r3,r3,r11 @ Maj(a,b,c)
258 add r9,r9,r0,ror#2 @ h+=Sigma0(a)
259 @ add r9,r9,r3 @ h+=Maj(a,b,c)
263 str r1,[sp,#17*4] @ make room for r1
266 add r9,r9,r3 @ h+=Maj(a,b,c) from the past
267 eor r0,r0,r5,ror#19 @ Sigma1(e)
272 @ ldrb r2,[r1,#3] @ 3
273 add r9,r9,r3 @ h+=Maj(a,b,c) from the past
280 str r1,[sp,#17*4] @ make room for r1
284 eor r0,r0,r5,ror#19 @ Sigma1(e)
286 ldr r3,[r14],#4 @ *K256++
287 add r8,r8,r2 @ h+=X[i]
290 add r8,r8,r0,ror#6 @ h+=Sigma1(e)
292 add r8,r8,r3 @ h+=K256[i]
293 eor r2,r2,r7 @ Ch(e,f,g)
295 add r8,r8,r2 @ h+=Ch(e,f,g)
302 ldr r2,[r1],#4 @ prefetch
306 eor r3,r9,r10 @ a^b, b^c in next round
308 ldr r2,[sp,#5*4] @ from future BODY_16_xx
309 eor r3,r9,r10 @ a^b, b^c in next round
310 ldr r1,[sp,#2*4] @ from future BODY_16_xx
312 eor r0,r0,r9,ror#20 @ Sigma0(a)
313 and r12,r12,r3 @ (b^c)&=(a^b)
315 eor r12,r12,r10 @ Maj(a,b,c)
316 add r8,r8,r0,ror#2 @ h+=Sigma0(a)
317 @ add r8,r8,r12 @ h+=Maj(a,b,c)
321 str r1,[sp,#17*4] @ make room for r1
324 add r8,r8,r12 @ h+=Maj(a,b,c) from the past
325 eor r0,r0,r4,ror#19 @ Sigma1(e)
330 @ ldrb r2,[r1,#3] @ 4
331 add r8,r8,r12 @ h+=Maj(a,b,c) from the past
338 str r1,[sp,#17*4] @ make room for r1
342 eor r0,r0,r4,ror#19 @ Sigma1(e)
344 ldr r12,[r14],#4 @ *K256++
345 add r7,r7,r2 @ h+=X[i]
348 add r7,r7,r0,ror#6 @ h+=Sigma1(e)
350 add r7,r7,r12 @ h+=K256[i]
351 eor r2,r2,r6 @ Ch(e,f,g)
353 add r7,r7,r2 @ h+=Ch(e,f,g)
356 cmp r12,#0xf2 @ done?
360 ldr r2,[r1],#4 @ prefetch
364 eor r12,r8,r9 @ a^b, b^c in next round
366 ldr r2,[sp,#6*4] @ from future BODY_16_xx
367 eor r12,r8,r9 @ a^b, b^c in next round
368 ldr r1,[sp,#3*4] @ from future BODY_16_xx
370 eor r0,r0,r8,ror#20 @ Sigma0(a)
371 and r3,r3,r12 @ (b^c)&=(a^b)
372 add r11,r11,r7 @ d+=h
373 eor r3,r3,r9 @ Maj(a,b,c)
374 add r7,r7,r0,ror#2 @ h+=Sigma0(a)
375 @ add r7,r7,r3 @ h+=Maj(a,b,c)
379 str r1,[sp,#17*4] @ make room for r1
382 add r7,r7,r3 @ h+=Maj(a,b,c) from the past
383 eor r0,r0,r11,ror#19 @ Sigma1(e)
388 @ ldrb r2,[r1,#3] @ 5
389 add r7,r7,r3 @ h+=Maj(a,b,c) from the past
396 str r1,[sp,#17*4] @ make room for r1
400 eor r0,r0,r11,ror#19 @ Sigma1(e)
402 ldr r3,[r14],#4 @ *K256++
403 add r6,r6,r2 @ h+=X[i]
406 add r6,r6,r0,ror#6 @ h+=Sigma1(e)
408 add r6,r6,r3 @ h+=K256[i]
409 eor r2,r2,r5 @ Ch(e,f,g)
411 add r6,r6,r2 @ h+=Ch(e,f,g)
418 ldr r2,[r1],#4 @ prefetch
422 eor r3,r7,r8 @ a^b, b^c in next round
424 ldr r2,[sp,#7*4] @ from future BODY_16_xx
425 eor r3,r7,r8 @ a^b, b^c in next round
426 ldr r1,[sp,#4*4] @ from future BODY_16_xx
428 eor r0,r0,r7,ror#20 @ Sigma0(a)
429 and r12,r12,r3 @ (b^c)&=(a^b)
430 add r10,r10,r6 @ d+=h
431 eor r12,r12,r8 @ Maj(a,b,c)
432 add r6,r6,r0,ror#2 @ h+=Sigma0(a)
433 @ add r6,r6,r12 @ h+=Maj(a,b,c)
437 str r1,[sp,#17*4] @ make room for r1
440 add r6,r6,r12 @ h+=Maj(a,b,c) from the past
441 eor r0,r0,r10,ror#19 @ Sigma1(e)
446 @ ldrb r2,[r1,#3] @ 6
447 add r6,r6,r12 @ h+=Maj(a,b,c) from the past
454 str r1,[sp,#17*4] @ make room for r1
458 eor r0,r0,r10,ror#19 @ Sigma1(e)
460 ldr r12,[r14],#4 @ *K256++
461 add r5,r5,r2 @ h+=X[i]
464 add r5,r5,r0,ror#6 @ h+=Sigma1(e)
466 add r5,r5,r12 @ h+=K256[i]
467 eor r2,r2,r4 @ Ch(e,f,g)
469 add r5,r5,r2 @ h+=Ch(e,f,g)
472 cmp r12,#0xf2 @ done?
476 ldr r2,[r1],#4 @ prefetch
480 eor r12,r6,r7 @ a^b, b^c in next round
482 ldr r2,[sp,#8*4] @ from future BODY_16_xx
483 eor r12,r6,r7 @ a^b, b^c in next round
484 ldr r1,[sp,#5*4] @ from future BODY_16_xx
486 eor r0,r0,r6,ror#20 @ Sigma0(a)
487 and r3,r3,r12 @ (b^c)&=(a^b)
489 eor r3,r3,r7 @ Maj(a,b,c)
490 add r5,r5,r0,ror#2 @ h+=Sigma0(a)
491 @ add r5,r5,r3 @ h+=Maj(a,b,c)
495 str r1,[sp,#17*4] @ make room for r1
498 add r5,r5,r3 @ h+=Maj(a,b,c) from the past
499 eor r0,r0,r9,ror#19 @ Sigma1(e)
504 @ ldrb r2,[r1,#3] @ 7
505 add r5,r5,r3 @ h+=Maj(a,b,c) from the past
512 str r1,[sp,#17*4] @ make room for r1
516 eor r0,r0,r9,ror#19 @ Sigma1(e)
518 ldr r3,[r14],#4 @ *K256++
519 add r4,r4,r2 @ h+=X[i]
522 add r4,r4,r0,ror#6 @ h+=Sigma1(e)
524 add r4,r4,r3 @ h+=K256[i]
525 eor r2,r2,r11 @ Ch(e,f,g)
527 add r4,r4,r2 @ h+=Ch(e,f,g)
534 ldr r2,[r1],#4 @ prefetch
538 eor r3,r5,r6 @ a^b, b^c in next round
540 ldr r2,[sp,#9*4] @ from future BODY_16_xx
541 eor r3,r5,r6 @ a^b, b^c in next round
542 ldr r1,[sp,#6*4] @ from future BODY_16_xx
544 eor r0,r0,r5,ror#20 @ Sigma0(a)
545 and r12,r12,r3 @ (b^c)&=(a^b)
547 eor r12,r12,r6 @ Maj(a,b,c)
548 add r4,r4,r0,ror#2 @ h+=Sigma0(a)
549 @ add r4,r4,r12 @ h+=Maj(a,b,c)
553 str r1,[sp,#17*4] @ make room for r1
556 add r4,r4,r12 @ h+=Maj(a,b,c) from the past
557 eor r0,r0,r8,ror#19 @ Sigma1(e)
562 @ ldrb r2,[r1,#3] @ 8
563 add r4,r4,r12 @ h+=Maj(a,b,c) from the past
570 str r1,[sp,#17*4] @ make room for r1
574 eor r0,r0,r8,ror#19 @ Sigma1(e)
576 ldr r12,[r14],#4 @ *K256++
577 add r11,r11,r2 @ h+=X[i]
580 add r11,r11,r0,ror#6 @ h+=Sigma1(e)
582 add r11,r11,r12 @ h+=K256[i]
583 eor r2,r2,r10 @ Ch(e,f,g)
585 add r11,r11,r2 @ h+=Ch(e,f,g)
588 cmp r12,#0xf2 @ done?
592 ldr r2,[r1],#4 @ prefetch
596 eor r12,r4,r5 @ a^b, b^c in next round
598 ldr r2,[sp,#10*4] @ from future BODY_16_xx
599 eor r12,r4,r5 @ a^b, b^c in next round
600 ldr r1,[sp,#7*4] @ from future BODY_16_xx
602 eor r0,r0,r4,ror#20 @ Sigma0(a)
603 and r3,r3,r12 @ (b^c)&=(a^b)
605 eor r3,r3,r5 @ Maj(a,b,c)
606 add r11,r11,r0,ror#2 @ h+=Sigma0(a)
607 @ add r11,r11,r3 @ h+=Maj(a,b,c)
611 str r1,[sp,#17*4] @ make room for r1
614 add r11,r11,r3 @ h+=Maj(a,b,c) from the past
615 eor r0,r0,r7,ror#19 @ Sigma1(e)
620 @ ldrb r2,[r1,#3] @ 9
621 add r11,r11,r3 @ h+=Maj(a,b,c) from the past
628 str r1,[sp,#17*4] @ make room for r1
632 eor r0,r0,r7,ror#19 @ Sigma1(e)
634 ldr r3,[r14],#4 @ *K256++
635 add r10,r10,r2 @ h+=X[i]
638 add r10,r10,r0,ror#6 @ h+=Sigma1(e)
640 add r10,r10,r3 @ h+=K256[i]
641 eor r2,r2,r9 @ Ch(e,f,g)
642 eor r0,r11,r11,ror#11
643 add r10,r10,r2 @ h+=Ch(e,f,g)
650 ldr r2,[r1],#4 @ prefetch
654 eor r3,r11,r4 @ a^b, b^c in next round
656 ldr r2,[sp,#11*4] @ from future BODY_16_xx
657 eor r3,r11,r4 @ a^b, b^c in next round
658 ldr r1,[sp,#8*4] @ from future BODY_16_xx
660 eor r0,r0,r11,ror#20 @ Sigma0(a)
661 and r12,r12,r3 @ (b^c)&=(a^b)
663 eor r12,r12,r4 @ Maj(a,b,c)
664 add r10,r10,r0,ror#2 @ h+=Sigma0(a)
665 @ add r10,r10,r12 @ h+=Maj(a,b,c)
667 @ ldr r2,[r1],#4 @ 10
669 str r1,[sp,#17*4] @ make room for r1
672 add r10,r10,r12 @ h+=Maj(a,b,c) from the past
673 eor r0,r0,r6,ror#19 @ Sigma1(e)
678 @ ldrb r2,[r1,#3] @ 10
679 add r10,r10,r12 @ h+=Maj(a,b,c) from the past
686 str r1,[sp,#17*4] @ make room for r1
690 eor r0,r0,r6,ror#19 @ Sigma1(e)
692 ldr r12,[r14],#4 @ *K256++
693 add r9,r9,r2 @ h+=X[i]
696 add r9,r9,r0,ror#6 @ h+=Sigma1(e)
698 add r9,r9,r12 @ h+=K256[i]
699 eor r2,r2,r8 @ Ch(e,f,g)
700 eor r0,r10,r10,ror#11
701 add r9,r9,r2 @ h+=Ch(e,f,g)
704 cmp r12,#0xf2 @ done?
708 ldr r2,[r1],#4 @ prefetch
712 eor r12,r10,r11 @ a^b, b^c in next round
714 ldr r2,[sp,#12*4] @ from future BODY_16_xx
715 eor r12,r10,r11 @ a^b, b^c in next round
716 ldr r1,[sp,#9*4] @ from future BODY_16_xx
718 eor r0,r0,r10,ror#20 @ Sigma0(a)
719 and r3,r3,r12 @ (b^c)&=(a^b)
721 eor r3,r3,r11 @ Maj(a,b,c)
722 add r9,r9,r0,ror#2 @ h+=Sigma0(a)
723 @ add r9,r9,r3 @ h+=Maj(a,b,c)
725 @ ldr r2,[r1],#4 @ 11
727 str r1,[sp,#17*4] @ make room for r1
730 add r9,r9,r3 @ h+=Maj(a,b,c) from the past
731 eor r0,r0,r5,ror#19 @ Sigma1(e)
736 @ ldrb r2,[r1,#3] @ 11
737 add r9,r9,r3 @ h+=Maj(a,b,c) from the past
744 str r1,[sp,#17*4] @ make room for r1
748 eor r0,r0,r5,ror#19 @ Sigma1(e)
750 ldr r3,[r14],#4 @ *K256++
751 add r8,r8,r2 @ h+=X[i]
754 add r8,r8,r0,ror#6 @ h+=Sigma1(e)
756 add r8,r8,r3 @ h+=K256[i]
757 eor r2,r2,r7 @ Ch(e,f,g)
759 add r8,r8,r2 @ h+=Ch(e,f,g)
766 ldr r2,[r1],#4 @ prefetch
770 eor r3,r9,r10 @ a^b, b^c in next round
772 ldr r2,[sp,#13*4] @ from future BODY_16_xx
773 eor r3,r9,r10 @ a^b, b^c in next round
774 ldr r1,[sp,#10*4] @ from future BODY_16_xx
776 eor r0,r0,r9,ror#20 @ Sigma0(a)
777 and r12,r12,r3 @ (b^c)&=(a^b)
779 eor r12,r12,r10 @ Maj(a,b,c)
780 add r8,r8,r0,ror#2 @ h+=Sigma0(a)
781 @ add r8,r8,r12 @ h+=Maj(a,b,c)
783 @ ldr r2,[r1],#4 @ 12
785 str r1,[sp,#17*4] @ make room for r1
788 add r8,r8,r12 @ h+=Maj(a,b,c) from the past
789 eor r0,r0,r4,ror#19 @ Sigma1(e)
794 @ ldrb r2,[r1,#3] @ 12
795 add r8,r8,r12 @ h+=Maj(a,b,c) from the past
802 str r1,[sp,#17*4] @ make room for r1
806 eor r0,r0,r4,ror#19 @ Sigma1(e)
808 ldr r12,[r14],#4 @ *K256++
809 add r7,r7,r2 @ h+=X[i]
812 add r7,r7,r0,ror#6 @ h+=Sigma1(e)
814 add r7,r7,r12 @ h+=K256[i]
815 eor r2,r2,r6 @ Ch(e,f,g)
817 add r7,r7,r2 @ h+=Ch(e,f,g)
820 cmp r12,#0xf2 @ done?
824 ldr r2,[r1],#4 @ prefetch
828 eor r12,r8,r9 @ a^b, b^c in next round
830 ldr r2,[sp,#14*4] @ from future BODY_16_xx
831 eor r12,r8,r9 @ a^b, b^c in next round
832 ldr r1,[sp,#11*4] @ from future BODY_16_xx
834 eor r0,r0,r8,ror#20 @ Sigma0(a)
835 and r3,r3,r12 @ (b^c)&=(a^b)
836 add r11,r11,r7 @ d+=h
837 eor r3,r3,r9 @ Maj(a,b,c)
838 add r7,r7,r0,ror#2 @ h+=Sigma0(a)
839 @ add r7,r7,r3 @ h+=Maj(a,b,c)
841 @ ldr r2,[r1],#4 @ 13
843 str r1,[sp,#17*4] @ make room for r1
846 add r7,r7,r3 @ h+=Maj(a,b,c) from the past
847 eor r0,r0,r11,ror#19 @ Sigma1(e)
852 @ ldrb r2,[r1,#3] @ 13
853 add r7,r7,r3 @ h+=Maj(a,b,c) from the past
860 str r1,[sp,#17*4] @ make room for r1
864 eor r0,r0,r11,ror#19 @ Sigma1(e)
866 ldr r3,[r14],#4 @ *K256++
867 add r6,r6,r2 @ h+=X[i]
870 add r6,r6,r0,ror#6 @ h+=Sigma1(e)
872 add r6,r6,r3 @ h+=K256[i]
873 eor r2,r2,r5 @ Ch(e,f,g)
875 add r6,r6,r2 @ h+=Ch(e,f,g)
882 ldr r2,[r1],#4 @ prefetch
886 eor r3,r7,r8 @ a^b, b^c in next round
888 ldr r2,[sp,#15*4] @ from future BODY_16_xx
889 eor r3,r7,r8 @ a^b, b^c in next round
890 ldr r1,[sp,#12*4] @ from future BODY_16_xx
892 eor r0,r0,r7,ror#20 @ Sigma0(a)
893 and r12,r12,r3 @ (b^c)&=(a^b)
894 add r10,r10,r6 @ d+=h
895 eor r12,r12,r8 @ Maj(a,b,c)
896 add r6,r6,r0,ror#2 @ h+=Sigma0(a)
897 @ add r6,r6,r12 @ h+=Maj(a,b,c)
899 @ ldr r2,[r1],#4 @ 14
901 str r1,[sp,#17*4] @ make room for r1
904 add r6,r6,r12 @ h+=Maj(a,b,c) from the past
905 eor r0,r0,r10,ror#19 @ Sigma1(e)
910 @ ldrb r2,[r1,#3] @ 14
911 add r6,r6,r12 @ h+=Maj(a,b,c) from the past
918 str r1,[sp,#17*4] @ make room for r1
922 eor r0,r0,r10,ror#19 @ Sigma1(e)
924 ldr r12,[r14],#4 @ *K256++
925 add r5,r5,r2 @ h+=X[i]
928 add r5,r5,r0,ror#6 @ h+=Sigma1(e)
930 add r5,r5,r12 @ h+=K256[i]
931 eor r2,r2,r4 @ Ch(e,f,g)
933 add r5,r5,r2 @ h+=Ch(e,f,g)
936 cmp r12,#0xf2 @ done?
940 ldr r2,[r1],#4 @ prefetch
944 eor r12,r6,r7 @ a^b, b^c in next round
946 ldr r2,[sp,#0*4] @ from future BODY_16_xx
947 eor r12,r6,r7 @ a^b, b^c in next round
948 ldr r1,[sp,#13*4] @ from future BODY_16_xx
950 eor r0,r0,r6,ror#20 @ Sigma0(a)
951 and r3,r3,r12 @ (b^c)&=(a^b)
953 eor r3,r3,r7 @ Maj(a,b,c)
954 add r5,r5,r0,ror#2 @ h+=Sigma0(a)
955 @ add r5,r5,r3 @ h+=Maj(a,b,c)
957 @ ldr r2,[r1],#4 @ 15
959 str r1,[sp,#17*4] @ make room for r1
962 add r5,r5,r3 @ h+=Maj(a,b,c) from the past
963 eor r0,r0,r9,ror#19 @ Sigma1(e)
968 @ ldrb r2,[r1,#3] @ 15
969 add r5,r5,r3 @ h+=Maj(a,b,c) from the past
976 str r1,[sp,#17*4] @ make room for r1
980 eor r0,r0,r9,ror#19 @ Sigma1(e)
982 ldr r3,[r14],#4 @ *K256++
983 add r4,r4,r2 @ h+=X[i]
986 add r4,r4,r0,ror#6 @ h+=Sigma1(e)
988 add r4,r4,r3 @ h+=K256[i]
989 eor r2,r2,r11 @ Ch(e,f,g)
991 add r4,r4,r2 @ h+=Ch(e,f,g)
998 ldr r2,[r1],#4 @ prefetch
1002 eor r3,r5,r6 @ a^b, b^c in next round
1004 ldr r2,[sp,#1*4] @ from future BODY_16_xx
1005 eor r3,r5,r6 @ a^b, b^c in next round
1006 ldr r1,[sp,#14*4] @ from future BODY_16_xx
1008 eor r0,r0,r5,ror#20 @ Sigma0(a)
1009 and r12,r12,r3 @ (b^c)&=(a^b)
1011 eor r12,r12,r6 @ Maj(a,b,c)
1012 add r4,r4,r0,ror#2 @ h+=Sigma0(a)
1013 @ add r4,r4,r12 @ h+=Maj(a,b,c)
1015 @ ldr r2,[sp,#1*4] @ 16
1018 add r4,r4,r12 @ h+=Maj(a,b,c) from the past
1021 eor r12,r12,r1,ror#19
1022 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1024 eor r12,r12,r1,lsr#10 @ sigma1(X[i+14])
1028 eor r0,r8,r8,ror#5 @ from BODY_00_15
1030 eor r0,r0,r8,ror#19 @ Sigma1(e)
1032 ldr r12,[r14],#4 @ *K256++
1033 add r11,r11,r2 @ h+=X[i]
1036 add r11,r11,r0,ror#6 @ h+=Sigma1(e)
1038 add r11,r11,r12 @ h+=K256[i]
1039 eor r2,r2,r10 @ Ch(e,f,g)
1041 add r11,r11,r2 @ h+=Ch(e,f,g)
1044 cmp r12,#0xf2 @ done?
1047 # if __ARM_ARCH__>=7
1048 ldr r2,[r1],#4 @ prefetch
1052 eor r12,r4,r5 @ a^b, b^c in next round
1054 ldr r2,[sp,#2*4] @ from future BODY_16_xx
1055 eor r12,r4,r5 @ a^b, b^c in next round
1056 ldr r1,[sp,#15*4] @ from future BODY_16_xx
1058 eor r0,r0,r4,ror#20 @ Sigma0(a)
1059 and r3,r3,r12 @ (b^c)&=(a^b)
1060 add r7,r7,r11 @ d+=h
1061 eor r3,r3,r5 @ Maj(a,b,c)
1062 add r11,r11,r0,ror#2 @ h+=Sigma0(a)
1063 @ add r11,r11,r3 @ h+=Maj(a,b,c)
1064 @ ldr r2,[sp,#2*4] @ 17
1067 add r11,r11,r3 @ h+=Maj(a,b,c) from the past
1071 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1073 eor r3,r3,r1,lsr#10 @ sigma1(X[i+14])
1077 eor r0,r7,r7,ror#5 @ from BODY_00_15
1079 eor r0,r0,r7,ror#19 @ Sigma1(e)
1081 ldr r3,[r14],#4 @ *K256++
1082 add r10,r10,r2 @ h+=X[i]
1085 add r10,r10,r0,ror#6 @ h+=Sigma1(e)
1087 add r10,r10,r3 @ h+=K256[i]
1088 eor r2,r2,r9 @ Ch(e,f,g)
1089 eor r0,r11,r11,ror#11
1090 add r10,r10,r2 @ h+=Ch(e,f,g)
1093 cmp r3,#0xf2 @ done?
1096 # if __ARM_ARCH__>=7
1097 ldr r2,[r1],#4 @ prefetch
1101 eor r3,r11,r4 @ a^b, b^c in next round
1103 ldr r2,[sp,#3*4] @ from future BODY_16_xx
1104 eor r3,r11,r4 @ a^b, b^c in next round
1105 ldr r1,[sp,#0*4] @ from future BODY_16_xx
1107 eor r0,r0,r11,ror#20 @ Sigma0(a)
1108 and r12,r12,r3 @ (b^c)&=(a^b)
1109 add r6,r6,r10 @ d+=h
1110 eor r12,r12,r4 @ Maj(a,b,c)
1111 add r10,r10,r0,ror#2 @ h+=Sigma0(a)
1112 @ add r10,r10,r12 @ h+=Maj(a,b,c)
1113 @ ldr r2,[sp,#3*4] @ 18
1116 add r10,r10,r12 @ h+=Maj(a,b,c) from the past
1119 eor r12,r12,r1,ror#19
1120 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1122 eor r12,r12,r1,lsr#10 @ sigma1(X[i+14])
1126 eor r0,r6,r6,ror#5 @ from BODY_00_15
1128 eor r0,r0,r6,ror#19 @ Sigma1(e)
1130 ldr r12,[r14],#4 @ *K256++
1131 add r9,r9,r2 @ h+=X[i]
1134 add r9,r9,r0,ror#6 @ h+=Sigma1(e)
1136 add r9,r9,r12 @ h+=K256[i]
1137 eor r2,r2,r8 @ Ch(e,f,g)
1138 eor r0,r10,r10,ror#11
1139 add r9,r9,r2 @ h+=Ch(e,f,g)
1142 cmp r12,#0xf2 @ done?
1145 # if __ARM_ARCH__>=7
1146 ldr r2,[r1],#4 @ prefetch
1150 eor r12,r10,r11 @ a^b, b^c in next round
1152 ldr r2,[sp,#4*4] @ from future BODY_16_xx
1153 eor r12,r10,r11 @ a^b, b^c in next round
1154 ldr r1,[sp,#1*4] @ from future BODY_16_xx
1156 eor r0,r0,r10,ror#20 @ Sigma0(a)
1157 and r3,r3,r12 @ (b^c)&=(a^b)
1159 eor r3,r3,r11 @ Maj(a,b,c)
1160 add r9,r9,r0,ror#2 @ h+=Sigma0(a)
1161 @ add r9,r9,r3 @ h+=Maj(a,b,c)
1162 @ ldr r2,[sp,#4*4] @ 19
1165 add r9,r9,r3 @ h+=Maj(a,b,c) from the past
1169 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1171 eor r3,r3,r1,lsr#10 @ sigma1(X[i+14])
1175 eor r0,r5,r5,ror#5 @ from BODY_00_15
1177 eor r0,r0,r5,ror#19 @ Sigma1(e)
1179 ldr r3,[r14],#4 @ *K256++
1180 add r8,r8,r2 @ h+=X[i]
1183 add r8,r8,r0,ror#6 @ h+=Sigma1(e)
1185 add r8,r8,r3 @ h+=K256[i]
1186 eor r2,r2,r7 @ Ch(e,f,g)
1188 add r8,r8,r2 @ h+=Ch(e,f,g)
1191 cmp r3,#0xf2 @ done?
1194 # if __ARM_ARCH__>=7
1195 ldr r2,[r1],#4 @ prefetch
1199 eor r3,r9,r10 @ a^b, b^c in next round
1201 ldr r2,[sp,#5*4] @ from future BODY_16_xx
1202 eor r3,r9,r10 @ a^b, b^c in next round
1203 ldr r1,[sp,#2*4] @ from future BODY_16_xx
1205 eor r0,r0,r9,ror#20 @ Sigma0(a)
1206 and r12,r12,r3 @ (b^c)&=(a^b)
1208 eor r12,r12,r10 @ Maj(a,b,c)
1209 add r8,r8,r0,ror#2 @ h+=Sigma0(a)
1210 @ add r8,r8,r12 @ h+=Maj(a,b,c)
1211 @ ldr r2,[sp,#5*4] @ 20
1214 add r8,r8,r12 @ h+=Maj(a,b,c) from the past
1217 eor r12,r12,r1,ror#19
1218 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1220 eor r12,r12,r1,lsr#10 @ sigma1(X[i+14])
1224 eor r0,r4,r4,ror#5 @ from BODY_00_15
1226 eor r0,r0,r4,ror#19 @ Sigma1(e)
1228 ldr r12,[r14],#4 @ *K256++
1229 add r7,r7,r2 @ h+=X[i]
1232 add r7,r7,r0,ror#6 @ h+=Sigma1(e)
1234 add r7,r7,r12 @ h+=K256[i]
1235 eor r2,r2,r6 @ Ch(e,f,g)
1237 add r7,r7,r2 @ h+=Ch(e,f,g)
1240 cmp r12,#0xf2 @ done?
1243 # if __ARM_ARCH__>=7
1244 ldr r2,[r1],#4 @ prefetch
1248 eor r12,r8,r9 @ a^b, b^c in next round
1250 ldr r2,[sp,#6*4] @ from future BODY_16_xx
1251 eor r12,r8,r9 @ a^b, b^c in next round
1252 ldr r1,[sp,#3*4] @ from future BODY_16_xx
1254 eor r0,r0,r8,ror#20 @ Sigma0(a)
1255 and r3,r3,r12 @ (b^c)&=(a^b)
1256 add r11,r11,r7 @ d+=h
1257 eor r3,r3,r9 @ Maj(a,b,c)
1258 add r7,r7,r0,ror#2 @ h+=Sigma0(a)
1259 @ add r7,r7,r3 @ h+=Maj(a,b,c)
1260 @ ldr r2,[sp,#6*4] @ 21
1263 add r7,r7,r3 @ h+=Maj(a,b,c) from the past
1267 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1269 eor r3,r3,r1,lsr#10 @ sigma1(X[i+14])
1273 eor r0,r11,r11,ror#5 @ from BODY_00_15
1275 eor r0,r0,r11,ror#19 @ Sigma1(e)
1277 ldr r3,[r14],#4 @ *K256++
1278 add r6,r6,r2 @ h+=X[i]
1281 add r6,r6,r0,ror#6 @ h+=Sigma1(e)
1283 add r6,r6,r3 @ h+=K256[i]
1284 eor r2,r2,r5 @ Ch(e,f,g)
1286 add r6,r6,r2 @ h+=Ch(e,f,g)
1289 cmp r3,#0xf2 @ done?
1292 # if __ARM_ARCH__>=7
1293 ldr r2,[r1],#4 @ prefetch
1297 eor r3,r7,r8 @ a^b, b^c in next round
1299 ldr r2,[sp,#7*4] @ from future BODY_16_xx
1300 eor r3,r7,r8 @ a^b, b^c in next round
1301 ldr r1,[sp,#4*4] @ from future BODY_16_xx
1303 eor r0,r0,r7,ror#20 @ Sigma0(a)
1304 and r12,r12,r3 @ (b^c)&=(a^b)
1305 add r10,r10,r6 @ d+=h
1306 eor r12,r12,r8 @ Maj(a,b,c)
1307 add r6,r6,r0,ror#2 @ h+=Sigma0(a)
1308 @ add r6,r6,r12 @ h+=Maj(a,b,c)
1309 @ ldr r2,[sp,#7*4] @ 22
1312 add r6,r6,r12 @ h+=Maj(a,b,c) from the past
1315 eor r12,r12,r1,ror#19
1316 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1318 eor r12,r12,r1,lsr#10 @ sigma1(X[i+14])
1322 eor r0,r10,r10,ror#5 @ from BODY_00_15
1324 eor r0,r0,r10,ror#19 @ Sigma1(e)
1326 ldr r12,[r14],#4 @ *K256++
1327 add r5,r5,r2 @ h+=X[i]
1330 add r5,r5,r0,ror#6 @ h+=Sigma1(e)
1332 add r5,r5,r12 @ h+=K256[i]
1333 eor r2,r2,r4 @ Ch(e,f,g)
1335 add r5,r5,r2 @ h+=Ch(e,f,g)
1338 cmp r12,#0xf2 @ done?
1341 # if __ARM_ARCH__>=7
1342 ldr r2,[r1],#4 @ prefetch
1346 eor r12,r6,r7 @ a^b, b^c in next round
1348 ldr r2,[sp,#8*4] @ from future BODY_16_xx
1349 eor r12,r6,r7 @ a^b, b^c in next round
1350 ldr r1,[sp,#5*4] @ from future BODY_16_xx
1352 eor r0,r0,r6,ror#20 @ Sigma0(a)
1353 and r3,r3,r12 @ (b^c)&=(a^b)
1355 eor r3,r3,r7 @ Maj(a,b,c)
1356 add r5,r5,r0,ror#2 @ h+=Sigma0(a)
1357 @ add r5,r5,r3 @ h+=Maj(a,b,c)
1358 @ ldr r2,[sp,#8*4] @ 23
1361 add r5,r5,r3 @ h+=Maj(a,b,c) from the past
1365 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1367 eor r3,r3,r1,lsr#10 @ sigma1(X[i+14])
1371 eor r0,r9,r9,ror#5 @ from BODY_00_15
1373 eor r0,r0,r9,ror#19 @ Sigma1(e)
1375 ldr r3,[r14],#4 @ *K256++
1376 add r4,r4,r2 @ h+=X[i]
1379 add r4,r4,r0,ror#6 @ h+=Sigma1(e)
1381 add r4,r4,r3 @ h+=K256[i]
1382 eor r2,r2,r11 @ Ch(e,f,g)
1384 add r4,r4,r2 @ h+=Ch(e,f,g)
1387 cmp r3,#0xf2 @ done?
1390 # if __ARM_ARCH__>=7
1391 ldr r2,[r1],#4 @ prefetch
1395 eor r3,r5,r6 @ a^b, b^c in next round
1397 ldr r2,[sp,#9*4] @ from future BODY_16_xx
1398 eor r3,r5,r6 @ a^b, b^c in next round
1399 ldr r1,[sp,#6*4] @ from future BODY_16_xx
1401 eor r0,r0,r5,ror#20 @ Sigma0(a)
1402 and r12,r12,r3 @ (b^c)&=(a^b)
1404 eor r12,r12,r6 @ Maj(a,b,c)
1405 add r4,r4,r0,ror#2 @ h+=Sigma0(a)
1406 @ add r4,r4,r12 @ h+=Maj(a,b,c)
1407 @ ldr r2,[sp,#9*4] @ 24
1410 add r4,r4,r12 @ h+=Maj(a,b,c) from the past
1413 eor r12,r12,r1,ror#19
1414 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1416 eor r12,r12,r1,lsr#10 @ sigma1(X[i+14])
1420 eor r0,r8,r8,ror#5 @ from BODY_00_15
1422 eor r0,r0,r8,ror#19 @ Sigma1(e)
1424 ldr r12,[r14],#4 @ *K256++
1425 add r11,r11,r2 @ h+=X[i]
1428 add r11,r11,r0,ror#6 @ h+=Sigma1(e)
1430 add r11,r11,r12 @ h+=K256[i]
1431 eor r2,r2,r10 @ Ch(e,f,g)
1433 add r11,r11,r2 @ h+=Ch(e,f,g)
1436 cmp r12,#0xf2 @ done?
1439 # if __ARM_ARCH__>=7
1440 ldr r2,[r1],#4 @ prefetch
1444 eor r12,r4,r5 @ a^b, b^c in next round
1446 ldr r2,[sp,#10*4] @ from future BODY_16_xx
1447 eor r12,r4,r5 @ a^b, b^c in next round
1448 ldr r1,[sp,#7*4] @ from future BODY_16_xx
1450 eor r0,r0,r4,ror#20 @ Sigma0(a)
1451 and r3,r3,r12 @ (b^c)&=(a^b)
1452 add r7,r7,r11 @ d+=h
1453 eor r3,r3,r5 @ Maj(a,b,c)
1454 add r11,r11,r0,ror#2 @ h+=Sigma0(a)
1455 @ add r11,r11,r3 @ h+=Maj(a,b,c)
1456 @ ldr r2,[sp,#10*4] @ 25
1459 add r11,r11,r3 @ h+=Maj(a,b,c) from the past
1463 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1465 eor r3,r3,r1,lsr#10 @ sigma1(X[i+14])
1469 eor r0,r7,r7,ror#5 @ from BODY_00_15
1471 eor r0,r0,r7,ror#19 @ Sigma1(e)
1473 ldr r3,[r14],#4 @ *K256++
1474 add r10,r10,r2 @ h+=X[i]
1477 add r10,r10,r0,ror#6 @ h+=Sigma1(e)
1479 add r10,r10,r3 @ h+=K256[i]
1480 eor r2,r2,r9 @ Ch(e,f,g)
1481 eor r0,r11,r11,ror#11
1482 add r10,r10,r2 @ h+=Ch(e,f,g)
1485 cmp r3,#0xf2 @ done?
1488 # if __ARM_ARCH__>=7
1489 ldr r2,[r1],#4 @ prefetch
1493 eor r3,r11,r4 @ a^b, b^c in next round
1495 ldr r2,[sp,#11*4] @ from future BODY_16_xx
1496 eor r3,r11,r4 @ a^b, b^c in next round
1497 ldr r1,[sp,#8*4] @ from future BODY_16_xx
1499 eor r0,r0,r11,ror#20 @ Sigma0(a)
1500 and r12,r12,r3 @ (b^c)&=(a^b)
1501 add r6,r6,r10 @ d+=h
1502 eor r12,r12,r4 @ Maj(a,b,c)
1503 add r10,r10,r0,ror#2 @ h+=Sigma0(a)
1504 @ add r10,r10,r12 @ h+=Maj(a,b,c)
1505 @ ldr r2,[sp,#11*4] @ 26
1508 add r10,r10,r12 @ h+=Maj(a,b,c) from the past
1511 eor r12,r12,r1,ror#19
1512 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1514 eor r12,r12,r1,lsr#10 @ sigma1(X[i+14])
1518 eor r0,r6,r6,ror#5 @ from BODY_00_15
1520 eor r0,r0,r6,ror#19 @ Sigma1(e)
1522 ldr r12,[r14],#4 @ *K256++
1523 add r9,r9,r2 @ h+=X[i]
1526 add r9,r9,r0,ror#6 @ h+=Sigma1(e)
1528 add r9,r9,r12 @ h+=K256[i]
1529 eor r2,r2,r8 @ Ch(e,f,g)
1530 eor r0,r10,r10,ror#11
1531 add r9,r9,r2 @ h+=Ch(e,f,g)
1534 cmp r12,#0xf2 @ done?
1537 # if __ARM_ARCH__>=7
1538 ldr r2,[r1],#4 @ prefetch
1542 eor r12,r10,r11 @ a^b, b^c in next round
1544 ldr r2,[sp,#12*4] @ from future BODY_16_xx
1545 eor r12,r10,r11 @ a^b, b^c in next round
1546 ldr r1,[sp,#9*4] @ from future BODY_16_xx
1548 eor r0,r0,r10,ror#20 @ Sigma0(a)
1549 and r3,r3,r12 @ (b^c)&=(a^b)
1551 eor r3,r3,r11 @ Maj(a,b,c)
1552 add r9,r9,r0,ror#2 @ h+=Sigma0(a)
1553 @ add r9,r9,r3 @ h+=Maj(a,b,c)
1554 @ ldr r2,[sp,#12*4] @ 27
1557 add r9,r9,r3 @ h+=Maj(a,b,c) from the past
1561 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1563 eor r3,r3,r1,lsr#10 @ sigma1(X[i+14])
1567 eor r0,r5,r5,ror#5 @ from BODY_00_15
1569 eor r0,r0,r5,ror#19 @ Sigma1(e)
1571 ldr r3,[r14],#4 @ *K256++
1572 add r8,r8,r2 @ h+=X[i]
1575 add r8,r8,r0,ror#6 @ h+=Sigma1(e)
1577 add r8,r8,r3 @ h+=K256[i]
1578 eor r2,r2,r7 @ Ch(e,f,g)
1580 add r8,r8,r2 @ h+=Ch(e,f,g)
1583 cmp r3,#0xf2 @ done?
1586 # if __ARM_ARCH__>=7
1587 ldr r2,[r1],#4 @ prefetch
1591 eor r3,r9,r10 @ a^b, b^c in next round
1593 ldr r2,[sp,#13*4] @ from future BODY_16_xx
1594 eor r3,r9,r10 @ a^b, b^c in next round
1595 ldr r1,[sp,#10*4] @ from future BODY_16_xx
1597 eor r0,r0,r9,ror#20 @ Sigma0(a)
1598 and r12,r12,r3 @ (b^c)&=(a^b)
1600 eor r12,r12,r10 @ Maj(a,b,c)
1601 add r8,r8,r0,ror#2 @ h+=Sigma0(a)
1602 @ add r8,r8,r12 @ h+=Maj(a,b,c)
1603 @ ldr r2,[sp,#13*4] @ 28
1606 add r8,r8,r12 @ h+=Maj(a,b,c) from the past
1609 eor r12,r12,r1,ror#19
1610 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1612 eor r12,r12,r1,lsr#10 @ sigma1(X[i+14])
1616 eor r0,r4,r4,ror#5 @ from BODY_00_15
1618 eor r0,r0,r4,ror#19 @ Sigma1(e)
1620 ldr r12,[r14],#4 @ *K256++
1621 add r7,r7,r2 @ h+=X[i]
1624 add r7,r7,r0,ror#6 @ h+=Sigma1(e)
1626 add r7,r7,r12 @ h+=K256[i]
1627 eor r2,r2,r6 @ Ch(e,f,g)
1629 add r7,r7,r2 @ h+=Ch(e,f,g)
1632 cmp r12,#0xf2 @ done?
1635 # if __ARM_ARCH__>=7
1636 ldr r2,[r1],#4 @ prefetch
1640 eor r12,r8,r9 @ a^b, b^c in next round
1642 ldr r2,[sp,#14*4] @ from future BODY_16_xx
1643 eor r12,r8,r9 @ a^b, b^c in next round
1644 ldr r1,[sp,#11*4] @ from future BODY_16_xx
1646 eor r0,r0,r8,ror#20 @ Sigma0(a)
1647 and r3,r3,r12 @ (b^c)&=(a^b)
1648 add r11,r11,r7 @ d+=h
1649 eor r3,r3,r9 @ Maj(a,b,c)
1650 add r7,r7,r0,ror#2 @ h+=Sigma0(a)
1651 @ add r7,r7,r3 @ h+=Maj(a,b,c)
1652 @ ldr r2,[sp,#14*4] @ 29
1655 add r7,r7,r3 @ h+=Maj(a,b,c) from the past
1659 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1661 eor r3,r3,r1,lsr#10 @ sigma1(X[i+14])
1665 eor r0,r11,r11,ror#5 @ from BODY_00_15
1667 eor r0,r0,r11,ror#19 @ Sigma1(e)
1669 ldr r3,[r14],#4 @ *K256++
1670 add r6,r6,r2 @ h+=X[i]
1673 add r6,r6,r0,ror#6 @ h+=Sigma1(e)
1675 add r6,r6,r3 @ h+=K256[i]
1676 eor r2,r2,r5 @ Ch(e,f,g)
1678 add r6,r6,r2 @ h+=Ch(e,f,g)
1681 cmp r3,#0xf2 @ done?
1684 # if __ARM_ARCH__>=7
1685 ldr r2,[r1],#4 @ prefetch
1689 eor r3,r7,r8 @ a^b, b^c in next round
1691 ldr r2,[sp,#15*4] @ from future BODY_16_xx
1692 eor r3,r7,r8 @ a^b, b^c in next round
1693 ldr r1,[sp,#12*4] @ from future BODY_16_xx
1695 eor r0,r0,r7,ror#20 @ Sigma0(a)
1696 and r12,r12,r3 @ (b^c)&=(a^b)
1697 add r10,r10,r6 @ d+=h
1698 eor r12,r12,r8 @ Maj(a,b,c)
1699 add r6,r6,r0,ror#2 @ h+=Sigma0(a)
1700 @ add r6,r6,r12 @ h+=Maj(a,b,c)
1701 @ ldr r2,[sp,#15*4] @ 30
1704 add r6,r6,r12 @ h+=Maj(a,b,c) from the past
1707 eor r12,r12,r1,ror#19
1708 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1710 eor r12,r12,r1,lsr#10 @ sigma1(X[i+14])
1714 eor r0,r10,r10,ror#5 @ from BODY_00_15
1716 eor r0,r0,r10,ror#19 @ Sigma1(e)
1718 ldr r12,[r14],#4 @ *K256++
1719 add r5,r5,r2 @ h+=X[i]
1722 add r5,r5,r0,ror#6 @ h+=Sigma1(e)
1724 add r5,r5,r12 @ h+=K256[i]
1725 eor r2,r2,r4 @ Ch(e,f,g)
1727 add r5,r5,r2 @ h+=Ch(e,f,g)
1730 cmp r12,#0xf2 @ done?
1733 # if __ARM_ARCH__>=7
1734 ldr r2,[r1],#4 @ prefetch
1738 eor r12,r6,r7 @ a^b, b^c in next round
1740 ldr r2,[sp,#0*4] @ from future BODY_16_xx
1741 eor r12,r6,r7 @ a^b, b^c in next round
1742 ldr r1,[sp,#13*4] @ from future BODY_16_xx
1744 eor r0,r0,r6,ror#20 @ Sigma0(a)
1745 and r3,r3,r12 @ (b^c)&=(a^b)
1747 eor r3,r3,r7 @ Maj(a,b,c)
1748 add r5,r5,r0,ror#2 @ h+=Sigma0(a)
1749 @ add r5,r5,r3 @ h+=Maj(a,b,c)
1750 @ ldr r2,[sp,#0*4] @ 31
1753 add r5,r5,r3 @ h+=Maj(a,b,c) from the past
1757 eor r0,r0,r2,lsr#3 @ sigma0(X[i+1])
1759 eor r3,r3,r1,lsr#10 @ sigma1(X[i+14])
1763 eor r0,r9,r9,ror#5 @ from BODY_00_15
1765 eor r0,r0,r9,ror#19 @ Sigma1(e)
1767 ldr r3,[r14],#4 @ *K256++
1768 add r4,r4,r2 @ h+=X[i]
1771 add r4,r4,r0,ror#6 @ h+=Sigma1(e)
1773 add r4,r4,r3 @ h+=K256[i]
1774 eor r2,r2,r11 @ Ch(e,f,g)
1776 add r4,r4,r2 @ h+=Ch(e,f,g)
1779 cmp r3,#0xf2 @ done?
1782 # if __ARM_ARCH__>=7
1783 ldr r2,[r1],#4 @ prefetch
1787 eor r3,r5,r6 @ a^b, b^c in next round
1789 ldr r2,[sp,#1*4] @ from future BODY_16_xx
1790 eor r3,r5,r6 @ a^b, b^c in next round
1791 ldr r1,[sp,#14*4] @ from future BODY_16_xx
1793 eor r0,r0,r5,ror#20 @ Sigma0(a)
1794 and r12,r12,r3 @ (b^c)&=(a^b)
1796 eor r12,r12,r6 @ Maj(a,b,c)
1797 add r4,r4,r0,ror#2 @ h+=Sigma0(a)
1798 @ add r4,r4,r12 @ h+=Maj(a,b,c)
1800 ite eq @ Thumb2 thing, sanity check in ARM
1802 ldreq r3,[sp,#16*4] @ pull ctx
1805 add r4,r4,r12 @ h+=Maj(a,b,c) from the past
1820 ldr r1,[sp,#17*4] @ pull inp
1821 ldr r12,[sp,#18*4] @ pull inp+len
1824 stmia r3,{r4,r5,r6,r7,r8,r9,r10,r11}
1826 sub r14,r14,#256 @ rewind Ktbl
1829 add sp,sp,#19*4 @ destroy frame
1831 ldmia sp!,{r4-r11,pc}
1833 ldmia sp!,{r4-r11,lr}
1835 moveq pc,lr @ be binary compatible with V4, yet
1836 .word 0xe12fff1e @ interoperable with Thumb ISA:-)
1838 .size zfs_sha256_block_armv7,.-zfs_sha256_block_armv7
1840 #if __ARM_ARCH__ >= 7
1844 .globl zfs_sha256_block_neon
1845 .type zfs_sha256_block_neon,%function
1848 zfs_sha256_block_neon:
1850 stmdb sp!,{r4-r12,lr}
1854 bic r11,r11,#15 @ align for 128-bit stores
1857 add r2,r1,r2,lsl#6 @ len to point at the end of inp
1863 vld1.32 {q8},[r14,:128]!
1864 vld1.32 {q9},[r14,:128]!
1865 vld1.32 {q10},[r14,:128]!
1866 vld1.32 {q11},[r14,:128]!
1867 vrev32.8 q0,q0 @ yes, even on
1869 vrev32.8 q1,q1 @ big-endian
1875 str r12,[sp,#76] @ save original sp
1878 vst1.32 {q8},[r1,:128]!
1880 vst1.32 {q9},[r1,:128]!
1882 vst1.32 {q10},[r1,:128]!
1883 vst1.32 {q11},[r1,:128]!
1901 eor r12,r0,r8,ror#19
1906 add r11,r11,r12,ror#6
1916 add r11,r11,r0,ror#2
1928 eor r0,r11,r11,ror#11
1931 add r10,r10,r3,ror#6
1934 eor r0,r0,r11,ror#20
1942 add r10,r10,r0,ror#2
1952 eor r12,r0,r6,ror#19
1954 eor r0,r10,r10,ror#11
1960 eor r0,r0,r10,ror#20
1969 vld1.32 {q8},[r14,:128]!
1989 vst1.32 {q8},[r1,:128]!
1999 eor r12,r0,r4,ror#19
2020 eor r0,r11,r11,ror#5
2025 eor r3,r0,r11,ror#19
2046 eor r0,r10,r10,ror#5
2050 eor r12,r0,r10,ror#19
2067 vld1.32 {q8},[r14,:128]!
2087 vst1.32 {q8},[r1,:128]!
2097 eor r12,r0,r8,ror#19
2102 add r11,r11,r12,ror#6
2112 add r11,r11,r0,ror#2
2124 eor r0,r11,r11,ror#11
2127 add r10,r10,r3,ror#6
2130 eor r0,r0,r11,ror#20
2138 add r10,r10,r0,ror#2
2148 eor r12,r0,r6,ror#19
2150 eor r0,r10,r10,ror#11
2156 eor r0,r0,r10,ror#20
2165 vld1.32 {q8},[r14,:128]!
2185 vst1.32 {q8},[r1,:128]!
2195 eor r12,r0,r4,ror#19
2216 eor r0,r11,r11,ror#5
2221 eor r3,r0,r11,ror#19
2242 eor r0,r10,r10,ror#5
2246 eor r12,r0,r10,ror#19
2263 vld1.32 {q8},[r14,:128]!
2283 vst1.32 {q8},[r1,:128]!
2286 teq r2,#0 @ check for K256 terminator
2293 sub r14,r14,#256 @ rewind r14
2296 subeq r1,r1,#64 @ avoid SEGV
2297 vld1.8 {q0},[r1]! @ load next input block
2308 vld1.32 {q8},[r14,:128]!
2310 eor r12,r0,r8,ror#19
2314 add r11,r11,r12,ror#6
2322 add r11,r11,r0,ror#2
2330 eor r0,r11,r11,ror#11
2332 add r10,r10,r3,ror#6
2334 eor r0,r0,r11,ror#20
2339 add r10,r10,r0,ror#2
2346 eor r12,r0,r6,ror#19
2347 eor r0,r10,r10,ror#11
2351 eor r0,r0,r10,ror#20
2375 vst1.32 {q8},[r1,:128]!
2380 vld1.32 {q8},[r14,:128]!
2382 eor r12,r0,r4,ror#19
2398 eor r0,r11,r11,ror#5
2401 eor r3,r0,r11,ror#19
2415 eor r0,r10,r10,ror#5
2418 eor r12,r0,r10,ror#19
2447 vst1.32 {q8},[r1,:128]!
2452 vld1.32 {q8},[r14,:128]!
2454 eor r12,r0,r8,ror#19
2458 add r11,r11,r12,ror#6
2466 add r11,r11,r0,ror#2
2474 eor r0,r11,r11,ror#11
2476 add r10,r10,r3,ror#6
2478 eor r0,r0,r11,ror#20
2483 add r10,r10,r0,ror#2
2490 eor r12,r0,r6,ror#19
2491 eor r0,r10,r10,ror#11
2495 eor r0,r0,r10,ror#20
2519 vst1.32 {q8},[r1,:128]!
2524 vld1.32 {q8},[r14,:128]!
2526 eor r12,r0,r4,ror#19
2542 eor r0,r11,r11,ror#5
2545 eor r3,r0,r11,ror#19
2559 eor r0,r10,r10,ror#5
2562 eor r12,r0,r10,ror#19
2591 vst1.32 {q8},[r1,:128]!
2593 add r4,r4,r12 @ h+=Maj(a,b,c) from the past
2597 add r4,r4,r0 @ accumulate
2619 ldreq sp,[sp,#76] @ restore original sp
2624 ldmia sp!,{r4-r12,pc}
2625 .size zfs_sha256_block_neon,.-zfs_sha256_block_neon
2627 # if defined(__thumb2__)
2628 # define INST(a,b,c,d) .byte c,d|0xc,a,b
2630 # define INST(a,b,c,d) .byte a,b,c,d
2633 .globl zfs_sha256_block_armv8
2634 .type zfs_sha256_block_armv8,%function
2636 zfs_sha256_block_armv8:
2638 vld1.32 {q0,q1},[r0]
2640 add r2,r1,r2,lsl#6 @ len to point at the end of inp
2645 vld1.8 {q8-q9},[r1]!
2646 vld1.8 {q10-q11},[r1]!
2652 vmov q14,q0 @ offload
2657 INST(0xe2,0x03,0xfa,0xf3) @ sha256su0 q8,q9
2659 INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12
2660 INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12
2661 INST(0xe6,0x0c,0x64,0xf3) @ sha256su1 q8,q10,q11
2664 INST(0xe4,0x23,0xfa,0xf3) @ sha256su0 q9,q10
2666 INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13
2667 INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13
2668 INST(0xe0,0x2c,0x66,0xf3) @ sha256su1 q9,q11,q8
2670 vadd.i32 q12,q12,q10
2671 INST(0xe6,0x43,0xfa,0xf3) @ sha256su0 q10,q11
2673 INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12
2674 INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12
2675 INST(0xe2,0x4c,0x60,0xf3) @ sha256su1 q10,q8,q9
2677 vadd.i32 q13,q13,q11
2678 INST(0xe0,0x63,0xfa,0xf3) @ sha256su0 q11,q8
2680 INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13
2681 INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13
2682 INST(0xe4,0x6c,0x62,0xf3) @ sha256su1 q11,q9,q10
2685 INST(0xe2,0x03,0xfa,0xf3) @ sha256su0 q8,q9
2687 INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12
2688 INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12
2689 INST(0xe6,0x0c,0x64,0xf3) @ sha256su1 q8,q10,q11
2692 INST(0xe4,0x23,0xfa,0xf3) @ sha256su0 q9,q10
2694 INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13
2695 INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13
2696 INST(0xe0,0x2c,0x66,0xf3) @ sha256su1 q9,q11,q8
2698 vadd.i32 q12,q12,q10
2699 INST(0xe6,0x43,0xfa,0xf3) @ sha256su0 q10,q11
2701 INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12
2702 INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12
2703 INST(0xe2,0x4c,0x60,0xf3) @ sha256su1 q10,q8,q9
2705 vadd.i32 q13,q13,q11
2706 INST(0xe0,0x63,0xfa,0xf3) @ sha256su0 q11,q8
2708 INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13
2709 INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13
2710 INST(0xe4,0x6c,0x62,0xf3) @ sha256su1 q11,q9,q10
2713 INST(0xe2,0x03,0xfa,0xf3) @ sha256su0 q8,q9
2715 INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12
2716 INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12
2717 INST(0xe6,0x0c,0x64,0xf3) @ sha256su1 q8,q10,q11
2720 INST(0xe4,0x23,0xfa,0xf3) @ sha256su0 q9,q10
2722 INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13
2723 INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13
2724 INST(0xe0,0x2c,0x66,0xf3) @ sha256su1 q9,q11,q8
2726 vadd.i32 q12,q12,q10
2727 INST(0xe6,0x43,0xfa,0xf3) @ sha256su0 q10,q11
2729 INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12
2730 INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12
2731 INST(0xe2,0x4c,0x60,0xf3) @ sha256su1 q10,q8,q9
2733 vadd.i32 q13,q13,q11
2734 INST(0xe0,0x63,0xfa,0xf3) @ sha256su0 q11,q8
2736 INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13
2737 INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13
2738 INST(0xe4,0x6c,0x62,0xf3) @ sha256su1 q11,q9,q10
2742 INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12
2743 INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12
2748 INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13
2749 INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13
2752 vadd.i32 q12,q12,q10
2753 sub r3,r3,#256-16 @ rewind
2755 INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12
2756 INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12
2758 vadd.i32 q13,q13,q11
2760 INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13
2761 INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13
2768 vst1.32 {q0,q1},[r0]
2771 .size zfs_sha256_block_armv8,.-zfs_sha256_block_armv8
2773 #endif // #if __ARM_ARCH__ >= 7
2774 #endif // #if defined(__arm__)