new repo

[bytom/vapor.git] / vendor / golang.org / x / crypto / poly1305 / sum_amd64.s

// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// +build amd64,!gccgo,!appengine

#include "textflag.h"

#define POLY1305_ADD(msg, h0, h1, h2) \
        ADDQ 0(msg), h0;  \
        ADCQ 8(msg), h1;  \
        ADCQ $1, h2;      \
        LEAQ 16(msg), msg

#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3) \
        MOVQ  r0, AX;                  \
        MULQ  h0;                      \
        MOVQ  AX, t0;                  \
        MOVQ  DX, t1;                  \
        MOVQ  r0, AX;                  \
        MULQ  h1;                      \
        ADDQ  AX, t1;                  \
        ADCQ  $0, DX;                  \
        MOVQ  r0, t2;                  \
        IMULQ h2, t2;                  \
        ADDQ  DX, t2;                  \
                                       \
        MOVQ  r1, AX;                  \
        MULQ  h0;                      \
        ADDQ  AX, t1;                  \
        ADCQ  $0, DX;                  \
        MOVQ  DX, h0;                  \
        MOVQ  r1, t3;                  \
        IMULQ h2, t3;                  \
        MOVQ  r1, AX;                  \
        MULQ  h1;                      \
        ADDQ  AX, t2;                  \
        ADCQ  DX, t3;                  \
        ADDQ  h0, t2;                  \
        ADCQ  $0, t3;                  \
                                       \
        MOVQ  t0, h0;                  \
        MOVQ  t1, h1;                  \
        MOVQ  t2, h2;                  \
        ANDQ  $3, h2;                  \
        MOVQ  t2, t0;                  \
        ANDQ  $0xFFFFFFFFFFFFFFFC, t0; \
        ADDQ  t0, h0;                  \
        ADCQ  t3, h1;                  \
        ADCQ  $0, h2;                  \
        SHRQ  $2, t3, t2;              \
        SHRQ  $2, t3;                  \
        ADDQ  t2, h0;                  \
        ADCQ  t3, h1;                  \
        ADCQ  $0, h2

DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
GLOBL ·poly1305Mask<>(SB), RODATA, $16

// func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]key)
TEXT ·poly1305(SB), $0-32
        MOVQ out+0(FP), DI
        MOVQ m+8(FP), SI
        MOVQ mlen+16(FP), R15
        MOVQ key+24(FP), AX

        MOVQ 0(AX), R11
        MOVQ 8(AX), R12
        ANDQ ·poly1305Mask<>(SB), R11   // r0
        ANDQ ·poly1305Mask<>+8(SB), R12 // r1
        XORQ R8, R8                    // h0
        XORQ R9, R9                    // h1
        XORQ R10, R10                  // h2

        CMPQ R15, $16
        JB   bytes_between_0_and_15

loop:
        POLY1305_ADD(SI, R8, R9, R10)

multiply:
        POLY1305_MUL(R8, R9, R10, R11, R12, BX, CX, R13, R14)
        SUBQ $16, R15
        CMPQ R15, $16
        JAE  loop

bytes_between_0_and_15:
        TESTQ R15, R15
        JZ    done
        MOVQ  $1, BX
        XORQ  CX, CX
        XORQ  R13, R13
        ADDQ  R15, SI

flush_buffer:
        SHLQ $8, BX, CX
        SHLQ $8, BX
        MOVB -1(SI), R13
        XORQ R13, BX
        DECQ SI
        DECQ R15
        JNZ  flush_buffer

        ADDQ BX, R8
        ADCQ CX, R9
        ADCQ $0, R10
        MOVQ $16, R15
        JMP  multiply

done:
        MOVQ    R8, AX
        MOVQ    R9, BX
        SUBQ    $0xFFFFFFFFFFFFFFFB, AX
        SBBQ    $0xFFFFFFFFFFFFFFFF, BX
        SBBQ    $3, R10
        CMOVQCS R8, AX
        CMOVQCS R9, BX
        MOVQ    key+24(FP), R8
        ADDQ    16(R8), AX
        ADCQ    24(R8), BX

        MOVQ AX, 0(DI)
        MOVQ BX, 8(DI)
        RET