src/third_party/openssl/openssl/crypto/bn/asm/armv4-gf2m.S - cobalt - Git at Google

 #include "arm_arch.h"

 .text
 .code	32

 #if __ARM_ARCH__>=7
 .fpu	neon

 .type	mul_1x1_neon,%function
 .align	5
 mul_1x1_neon:
 	vshl.u64	d2,d16,#8	@ q1-q3 are slided
 	vmull.p8	q0,d16,d17	@ a·bb
 	vshl.u64	d4,d16,#16
 	vmull.p8	q1,d2,d17	@ a<<8·bb
 	vshl.u64	d6,d16,#24
 	vmull.p8	q2,d4,d17	@ a<<16·bb
 	vshr.u64	d2,#8
 	vmull.p8	q3,d6,d17	@ a<<24·bb
 	vshl.u64	d3,#24
 	veor		d0,d2
 	vshr.u64	d4,#16
 	veor		d0,d3
 	vshl.u64	d5,#16
 	veor		d0,d4
 	vshr.u64	d6,#24
 	veor		d0,d5
 	vshl.u64	d7,#8
 	veor		d0,d6
 	veor		d0,d7
 	.word	0xe12fff1e
 .size	mul_1x1_neon,.-mul_1x1_neon
 #endif
 .type	mul_1x1_ialu,%function
 .align	5
 mul_1x1_ialu:
 	mov	r4,#0
 	bic	r5,r1,#3<<30		@ a1=a&0x3fffffff
 	str	r4,[sp,#0]		@ tab[0]=0
 	add	r6,r5,r5		@ a2=a1<<1
 	str	r5,[sp,#4]		@ tab[1]=a1
 	eor	r7,r5,r6		@ a1^a2
 	str	r6,[sp,#8]		@ tab[2]=a2
 	mov	r8,r5,lsl#2		@ a4=a1<<2
 	str	r7,[sp,#12]		@ tab[3]=a1^a2
 	eor	r9,r5,r8		@ a1^a4
 	str	r8,[sp,#16]		@ tab[4]=a4
 	eor	r4,r6,r8		@ a2^a4
 	str	r9,[sp,#20]		@ tab[5]=a1^a4
 	eor	r7,r7,r8		@ a1^a2^a4
 	str	r4,[sp,#24]		@ tab[6]=a2^a4
 	and	r8,r12,r0,lsl#2
 	str	r7,[sp,#28]		@ tab[7]=a1^a2^a4

 	and	r9,r12,r0,lsr#1
 	ldr	r5,[sp,r8]		@ tab[b       & 0x7]
 	and	r8,r12,r0,lsr#4
 	ldr	r7,[sp,r9]		@ tab[b >>  3 & 0x7]
 	and	r9,r12,r0,lsr#7
 	ldr	r6,[sp,r8]		@ tab[b >>  6 & 0x7]
 	eor	r5,r5,r7,lsl#3	@ stall
 	mov	r4,r7,lsr#29
 	ldr	r7,[sp,r9]		@ tab[b >>  9 & 0x7]

 	and	r8,r12,r0,lsr#10
 	eor	r5,r5,r6,lsl#6
 	eor	r4,r4,r6,lsr#26
 	ldr	r6,[sp,r8]		@ tab[b >> 12 & 0x7]

 	and	r9,r12,r0,lsr#13
 	eor	r5,r5,r7,lsl#9
 	eor	r4,r4,r7,lsr#23
 	ldr	r7,[sp,r9]		@ tab[b >> 15 & 0x7]

 	and	r8,r12,r0,lsr#16
 	eor	r5,r5,r6,lsl#12
 	eor	r4,r4,r6,lsr#20
 	ldr	r6,[sp,r8]		@ tab[b >> 18 & 0x7]

 	and	r9,r12,r0,lsr#19
 	eor	r5,r5,r7,lsl#15
 	eor	r4,r4,r7,lsr#17
 	ldr	r7,[sp,r9]		@ tab[b >> 21 & 0x7]

 	and	r8,r12,r0,lsr#22
 	eor	r5,r5,r6,lsl#18
 	eor	r4,r4,r6,lsr#14
 	ldr	r6,[sp,r8]		@ tab[b >> 24 & 0x7]

 	and	r9,r12,r0,lsr#25
 	eor	r5,r5,r7,lsl#21
 	eor	r4,r4,r7,lsr#11
 	ldr	r7,[sp,r9]		@ tab[b >> 27 & 0x7]

 	tst	r1,#1<<30
 	and	r8,r12,r0,lsr#28
 	eor	r5,r5,r6,lsl#24
 	eor	r4,r4,r6,lsr#8
 	ldr	r6,[sp,r8]		@ tab[b >> 30      ]

 	eorne	r5,r5,r0,lsl#30
 	eorne	r4,r4,r0,lsr#2
 	tst	r1,#1<<31
 	eor	r5,r5,r7,lsl#27
 	eor	r4,r4,r7,lsr#5
 	eorne	r5,r5,r0,lsl#31
 	eorne	r4,r4,r0,lsr#1
 	eor	r5,r5,r6,lsl#30
 	eor	r4,r4,r6,lsr#2

 	mov	pc,lr
 .size	mul_1x1_ialu,.-mul_1x1_ialu
 .global	bn_GF2m_mul_2x2
 .type	bn_GF2m_mul_2x2,%function
 .align	5
 bn_GF2m_mul_2x2:
 #if __ARM_ARCH__>=7
 	ldr	r12,.LOPENSSL_armcap
 .Lpic:	ldr	r12,[pc,r12]
 	tst	r12,#1
 	beq	.Lialu

 	veor	d18,d18
 	vmov.32	d19,r3,r3		@ two copies of b1
 	vmov.32	d18[0],r1		@ a1

 	veor	d20,d20
 	vld1.32	d21[],[sp,:32]	@ two copies of b0
 	vmov.32	d20[0],r2		@ a0
 	mov	r12,lr

 	vmov	d16,d18
 	vmov	d17,d19
 	bl	mul_1x1_neon		@ a1·b1
 	vmov	d22,d0

 	vmov	d16,d20
 	vmov	d17,d21
 	bl	mul_1x1_neon		@ a0·b0
 	vmov	d23,d0

 	veor	d16,d20,d18
 	veor	d17,d21,d19
 	veor	d20,d23,d22
 	bl	mul_1x1_neon		@ (a0+a1)·(b0+b1)

 	veor	d0,d20			@ (a0+a1)·(b0+b1)-a0·b0-a1·b1
 	vshl.u64 d1,d0,#32
 	vshr.u64 d0,d0,#32
 	veor	d23,d1
 	veor	d22,d0
 	vst1.32	{d23[0]},[r0,:32]!
 	vst1.32	{d23[1]},[r0,:32]!
 	vst1.32	{d22[0]},[r0,:32]!
 	vst1.32	{d22[1]},[r0,:32]
 	bx	r12
 .align	4
 .Lialu:
 #endif
 	stmdb	sp!,{r4-r10,lr}
 	mov	r10,r0			@ reassign 1st argument
 	mov	r0,r3			@ r0=b1
 	ldr	r3,[sp,#32]		@ load b0
 	mov	r12,#7<<2
 	sub	sp,sp,#32		@ allocate tab[8]

 	bl	mul_1x1_ialu		@ a1·b1
 	str	r5,[r10,#8]
 	str	r4,[r10,#12]

 	eor	r0,r0,r3		@ flip b0 and b1
 	 eor	r1,r1,r2		@ flip a0 and a1
 	eor	r3,r3,r0
 	 eor	r2,r2,r1
 	eor	r0,r0,r3
 	 eor	r1,r1,r2
 	bl	mul_1x1_ialu		@ a0·b0
 	str	r5,[r10]
 	str	r4,[r10,#4]

 	eor	r1,r1,r2
 	eor	r0,r0,r3
 	bl	mul_1x1_ialu		@ (a1+a0)·(b1+b0)
 	ldmia	r10,{r6-r9}
 	eor	r5,r5,r4
 	eor	r4,r4,r7
 	eor	r5,r5,r6
 	eor	r4,r4,r8
 	eor	r5,r5,r9
 	eor	r4,r4,r9
 	str	r4,[r10,#8]
 	eor	r5,r5,r4
 	add	sp,sp,#32		@ destroy tab[8]
 	str	r5,[r10,#4]

 #if __ARM_ARCH__>=5
 	ldmia	sp!,{r4-r10,pc}
 #else
 	ldmia	sp!,{r4-r10,lr}
 	tst	lr,#1
 	moveq	pc,lr			@ be binary compatible with V4, yet
 	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
 #endif
 .size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
 #if __ARM_ARCH__>=7
 .align	5
 .LOPENSSL_armcap:
 .word	OPENSSL_armcap_P-(.Lpic+8)
 #endif
 .asciz	"GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by <appro@openssl.org>"
 .align	5

 .comm	OPENSSL_armcap_P,4,4
	#include "arm_arch.h"

	.text
	.code 32

	#if __ARM_ARCH__>=7
	.fpu neon

	.type mul_1x1_neon,%function
	.align 5
	mul_1x1_neon:
	vshl.u64 d2,d16,#8 @ q1-q3 are slided
	vmull.p8 q0,d16,d17 @ a·bb
	vshl.u64 d4,d16,#16
	vmull.p8 q1,d2,d17 @ a<<8·bb
	vshl.u64 d6,d16,#24
	vmull.p8 q2,d4,d17 @ a<<16·bb
	vshr.u64 d2,#8
	vmull.p8 q3,d6,d17 @ a<<24·bb
	vshl.u64 d3,#24
	veor d0,d2
	vshr.u64 d4,#16
	veor d0,d3
	vshl.u64 d5,#16
	veor d0,d4
	vshr.u64 d6,#24
	veor d0,d5
	vshl.u64 d7,#8
	veor d0,d6
	veor d0,d7
	.word 0xe12fff1e
	.size mul_1x1_neon,.-mul_1x1_neon
	#endif
	.type mul_1x1_ialu,%function
	.align 5
	mul_1x1_ialu:
	mov r4,#0
	bic r5,r1,#3<<30 @ a1=a&0x3fffffff
	str r4,[sp,#0] @ tab[0]=0
	add r6,r5,r5 @ a2=a1<<1
	str r5,[sp,#4] @ tab[1]=a1
	eor r7,r5,r6 @ a1^a2
	str r6,[sp,#8] @ tab[2]=a2
	mov r8,r5,lsl#2 @ a4=a1<<2
	str r7,[sp,#12] @ tab[3]=a1^a2
	eor r9,r5,r8 @ a1^a4
	str r8,[sp,#16] @ tab[4]=a4
	eor r4,r6,r8 @ a2^a4
	str r9,[sp,#20] @ tab[5]=a1^a4
	eor r7,r7,r8 @ a1^a2^a4
	str r4,[sp,#24] @ tab[6]=a2^a4
	and r8,r12,r0,lsl#2
	str r7,[sp,#28] @ tab[7]=a1^a2^a4

	and r9,r12,r0,lsr#1
	ldr r5,[sp,r8] @ tab[b & 0x7]
	and r8,r12,r0,lsr#4
	ldr r7,[sp,r9] @ tab[b >> 3 & 0x7]
	and r9,r12,r0,lsr#7
	ldr r6,[sp,r8] @ tab[b >> 6 & 0x7]
	eor r5,r5,r7,lsl#3 @ stall
	mov r4,r7,lsr#29
	ldr r7,[sp,r9] @ tab[b >> 9 & 0x7]

	and r8,r12,r0,lsr#10
	eor r5,r5,r6,lsl#6
	eor r4,r4,r6,lsr#26
	ldr r6,[sp,r8] @ tab[b >> 12 & 0x7]

	and r9,r12,r0,lsr#13
	eor r5,r5,r7,lsl#9
	eor r4,r4,r7,lsr#23
	ldr r7,[sp,r9] @ tab[b >> 15 & 0x7]

	and r8,r12,r0,lsr#16
	eor r5,r5,r6,lsl#12
	eor r4,r4,r6,lsr#20
	ldr r6,[sp,r8] @ tab[b >> 18 & 0x7]

	and r9,r12,r0,lsr#19
	eor r5,r5,r7,lsl#15
	eor r4,r4,r7,lsr#17
	ldr r7,[sp,r9] @ tab[b >> 21 & 0x7]

	and r8,r12,r0,lsr#22
	eor r5,r5,r6,lsl#18
	eor r4,r4,r6,lsr#14
	ldr r6,[sp,r8] @ tab[b >> 24 & 0x7]

	and r9,r12,r0,lsr#25
	eor r5,r5,r7,lsl#21
	eor r4,r4,r7,lsr#11
	ldr r7,[sp,r9] @ tab[b >> 27 & 0x7]

	tst r1,#1<<30
	and r8,r12,r0,lsr#28
	eor r5,r5,r6,lsl#24
	eor r4,r4,r6,lsr#8
	ldr r6,[sp,r8] @ tab[b >> 30 ]

	eorne r5,r5,r0,lsl#30
	eorne r4,r4,r0,lsr#2
	tst r1,#1<<31
	eor r5,r5,r7,lsl#27
	eor r4,r4,r7,lsr#5
	eorne r5,r5,r0,lsl#31
	eorne r4,r4,r0,lsr#1
	eor r5,r5,r6,lsl#30
	eor r4,r4,r6,lsr#2

	mov pc,lr
	.size mul_1x1_ialu,.-mul_1x1_ialu
	.global bn_GF2m_mul_2x2
	.type bn_GF2m_mul_2x2,%function
	.align 5
	bn_GF2m_mul_2x2:
	#if __ARM_ARCH__>=7
	ldr r12,.LOPENSSL_armcap
	.Lpic: ldr r12,[pc,r12]
	tst r12,#1
	beq .Lialu

	veor d18,d18
	vmov.32 d19,r3,r3 @ two copies of b1
	vmov.32 d18[0],r1 @ a1

	veor d20,d20
	vld1.32 d21[],[sp,:32] @ two copies of b0
	vmov.32 d20[0],r2 @ a0
	mov r12,lr

	vmov d16,d18
	vmov d17,d19
	bl mul_1x1_neon @ a1·b1
	vmov d22,d0

	vmov d16,d20
	vmov d17,d21
	bl mul_1x1_neon @ a0·b0
	vmov d23,d0

	veor d16,d20,d18
	veor d17,d21,d19
	veor d20,d23,d22
	bl mul_1x1_neon @ (a0+a1)·(b0+b1)

	veor d0,d20 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
	vshl.u64 d1,d0,#32
	vshr.u64 d0,d0,#32
	veor d23,d1
	veor d22,d0
	vst1.32 {d23[0]},[r0,:32]!
	vst1.32 {d23[1]},[r0,:32]!
	vst1.32 {d22[0]},[r0,:32]!
	vst1.32 {d22[1]},[r0,:32]
	bx r12
	.align 4
	.Lialu:
	#endif
	stmdb sp!,{r4-r10,lr}
	mov r10,r0 @ reassign 1st argument
	mov r0,r3 @ r0=b1
	ldr r3,[sp,#32] @ load b0
	mov r12,#7<<2
	sub sp,sp,#32 @ allocate tab[8]

	bl mul_1x1_ialu @ a1·b1
	str r5,[r10,#8]
	str r4,[r10,#12]

	eor r0,r0,r3 @ flip b0 and b1
	eor r1,r1,r2 @ flip a0 and a1
	eor r3,r3,r0
	eor r2,r2,r1
	eor r0,r0,r3
	eor r1,r1,r2
	bl mul_1x1_ialu @ a0·b0
	str r5,[r10]
	str r4,[r10,#4]

	eor r1,r1,r2
	eor r0,r0,r3
	bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
	ldmia r10,{r6-r9}
	eor r5,r5,r4
	eor r4,r4,r7
	eor r5,r5,r6
	eor r4,r4,r8
	eor r5,r5,r9
	eor r4,r4,r9
	str r4,[r10,#8]
	eor r5,r5,r4
	add sp,sp,#32 @ destroy tab[8]
	str r5,[r10,#4]

	#if __ARM_ARCH__>=5
	ldmia sp!,{r4-r10,pc}
	#else
	ldmia sp!,{r4-r10,lr}
	tst lr,#1
	moveq pc,lr @ be binary compatible with V4, yet
	.word 0xe12fff1e @ interoperable with Thumb ISA:-)
	#endif
	.size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
	#if __ARM_ARCH__>=7
	.align 5
	.LOPENSSL_armcap:
	.word OPENSSL_armcap_P-(.Lpic+8)
	#endif
	.asciz "GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by <appro@openssl.org>"
	.align 5

	.comm OPENSSL_armcap_P,4,4