Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
phcoder
/
grub-savannah-mirror
zrkadlo https://git.savannah.gnu.org/git/grub.git
Pridať medzi pozorované 1
Hviezda 0
Fork 0
Súbory Issues 0 Wiki
Branch: master
Branche Tagy
grub-savanna...
/
grub-core
/
lib
/
libgcrypt
/
cipher
/
sm3-aarch64.S

sm3-aarch64.S 23 KB
Permanentný odkaz História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661 
  1. /* sm3-aarch64.S - ARMv8/AArch64 accelerated SM3 transform function
    2. 

  2.  *
    3. 

  3.  * Copyright (C) 2021 Jussi Kivilinna <jussi.kivilinna@iki.fi>
    4. 

  4.  *
    5. 

  5.  * This file is part of Libgcrypt.
    6. 

  6.  *
    7. 

  7.  * Libgcrypt is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU Lesser General Public License as
    9. 

  9.  * published by the Free Software Foundation; either version 2.1 of
    10. 

  10.  * the License, or (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * Libgcrypt is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU Lesser General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU Lesser General Public
    18. 

  18.  * License along with this program; if not, see <http://www.gnu.org/licenses/>.
    19. 

  19.  */
    20. 

  20. 

  21. #include "asm-common-aarch64.h"
    22. 

  22. 

  23. #if defined(__AARCH64EL__) && \
    24. 

  24.     defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) && \
    25. 

  25.     defined(HAVE_GCC_INLINE_ASM_AARCH64_NEON) && \
    26. 

  26.     defined(USE_SM3)
    27. 

  27. 

  28. .cpu generic+simd
    29. 

  29. 

  30. /* Constants */
    31. 

  31. 

  32. SECTION_RODATA
    33. 

  33. .align 4
    34. 

  34. ELF(.type _gcry_sm3_aarch64_consts,@object)
    35. 

  35. _gcry_sm3_aarch64_consts:
    36. 

  36. .LKtable:
    37. 

  37.   .long 0x79cc4519, 0xf3988a32, 0xe7311465, 0xce6228cb
    38. 

  38.   .long 0x9cc45197, 0x3988a32f, 0x7311465e, 0xe6228cbc
    39. 

  39.   .long 0xcc451979, 0x988a32f3, 0x311465e7, 0x6228cbce
    40. 

  40.   .long 0xc451979c, 0x88a32f39, 0x11465e73, 0x228cbce6
    41. 

  41.   .long 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c
    42. 

  42.   .long 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce
    43. 

  43.   .long 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec
    44. 

  44.   .long 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5
    45. 

  45.   .long 0x7a879d8a, 0xf50f3b14, 0xea1e7629, 0xd43cec53
    46. 

  46.   .long 0xa879d8a7, 0x50f3b14f, 0xa1e7629e, 0x43cec53d
    47. 

  47.   .long 0x879d8a7a, 0x0f3b14f5, 0x1e7629ea, 0x3cec53d4
    48. 

  48.   .long 0x79d8a7a8, 0xf3b14f50, 0xe7629ea1, 0xcec53d43
    49. 

  49.   .long 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c
    50. 

  50.   .long 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce
    51. 

  51.   .long 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec
    52. 

  52.   .long 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5
    53. 

  53. ELF(.size _gcry_sm3_aarch64_consts,.-_gcry_sm3_aarch64_consts)
    54. 

  54. 

  55. /* Context structure */
    56. 

  56. 

  57. #define state_h0 0
    58. 

  58. #define state_h1 4
    59. 

  59. #define state_h2 8
    60. 

  60. #define state_h3 12
    61. 

  61. #define state_h4 16
    62. 

  62. #define state_h5 20
    63. 

  63. #define state_h6 24
    64. 

  64. #define state_h7 28
    65. 

  65. 

  66. /* Stack structure */
    67. 

  67. 

  68. #define STACK_W_SIZE        (32 * 2 * 3)
    69. 

  69. 

  70. #define STACK_W             (0)
    71. 

  71. #define STACK_SIZE          (STACK_W + STACK_W_SIZE)
    72. 

  72. 

  73. /* Register macros */
    74. 

  74. 

  75. #define RSTATE x0
    76. 

  76. #define RDATA  x1
    77. 

  77. #define RNBLKS x2
    78. 

  78. #define RKPTR  x28
    79. 

  79. #define RFRAME x29
    80. 

  80. 

  81. #define ra w3
    82. 

  82. #define rb w4
    83. 

  83. #define rc w5
    84. 

  84. #define rd w6
    85. 

  85. #define re w7
    86. 

  86. #define rf w8
    87. 

  87. #define rg w9
    88. 

  88. #define rh w10
    89. 

  89. 

  90. #define t0 w11
    91. 

  91. #define t1 w12
    92. 

  92. #define t2 w13
    93. 

  93. #define t3 w14
    94. 

  94. #define t4 w15
    95. 

  95. #define t5 w16
    96. 

  96. #define t6 w17
    97. 

  97. 

  98. #define k_even w19
    99. 

  99. #define k_odd w20
    100. 

  100. 

  101. #define addr0 x21
    102. 

  102. #define addr1 x22
    103. 

  103. 

  104. #define s0 w23
    105. 

  105. #define s1 w24
    106. 

  106. #define s2 w25
    107. 

  107. #define s3 w26
    108. 

  108. 

  109. #define W0 v0
    110. 

  110. #define W1 v1
    111. 

  111. #define W2 v2
    112. 

  112. #define W3 v3
    113. 

  113. #define W4 v4
    114. 

  114. #define W5 v5
    115. 

  115. 

  116. #define XTMP0 v6
    117. 

  117. #define XTMP1 v7
    118. 

  118. #define XTMP2 v16
    119. 

  119. #define XTMP3 v17
    120. 

  120. #define XTMP4 v18
    121. 

  121. #define XTMP5 v19
    122. 

  122. #define XTMP6 v20
    123. 

  123. 

  124. /* Helper macros. */
    125. 

  125. 

  126. #define _(...) /*_*/
    127. 

  127. 

  128. #define clear_vec(x) \
    129. 

  129.         movi x.8h, #0;
    130. 

  130. 

  131. #define rolw(o, a, n) \
    132. 

  132.         ror o, a, #(32 - n);
    133. 

  133. 

  134. /* Round function macros. */
    135. 

  135. 

  136. #define GG1_1(x, y, z, o, t) \
    137. 

  137.         eor o, x, y;
    138. 

  138. #define GG1_2(x, y, z, o, t) \
    139. 

  139.         eor o, o, z;
    140. 

  140. #define GG1_3(x, y, z, o, t)
    141. 

  141. 

  142. #define FF1_1(x, y, z, o, t) GG1_1(x, y, z, o, t)
    143. 

  143. #define FF1_2(x, y, z, o, t)
    144. 

  144. #define FF1_3(x, y, z, o, t) GG1_2(x, y, z, o, t)
    145. 

  145. 

  146. #define GG2_1(x, y, z, o, t) \
    147. 

  147.         bic o, z, x;
    148. 

  148. #define GG2_2(x, y, z, o, t) \
    149. 

  149.         and t, y, x;
    150. 

  150. #define GG2_3(x, y, z, o, t) \
    151. 

  151.         eor o, o, t;
    152. 

  152. 

  153. #define FF2_1(x, y, z, o, t) \
    154. 

  154.         eor o, x, y;
    155. 

  155. #define FF2_2(x, y, z, o, t) \
    156. 

  156.         and t, x, y; \
    157. 

  157.         and o, o, z;
    158. 

  158. #define FF2_3(x, y, z, o, t) \
    159. 

  159.         eor o, o, t;
    160. 

  160. 

  161. #define R(i, a, b, c, d, e, f, g, h, k, K_LOAD, round, widx, wtype, IOP, iop_param) \
    162. 

  162.         K_LOAD(round); \
    163. 

  163.         ldr t5, [sp, #(wtype##_W1_ADDR(round, widx))]; \
    164. 

  164.         rolw(t0, a, 12);                              /* rol(a, 12) => t0 */ \
    165. 

  165.       IOP(1, iop_param); \
    166. 

  166.         FF##i##_1(a, b, c, t1, t2); \
    167. 

  167.         ldr t6, [sp, #(wtype##_W1W2_ADDR(round, widx))]; \
    168. 

  168.         add k, k, e; \
    169. 

  169.       IOP(2, iop_param); \
    170. 

  170.         GG##i##_1(e, f, g, t3, t4); \
    171. 

  171.         FF##i##_2(a, b, c, t1, t2); \
    172. 

  172.       IOP(3, iop_param); \
    173. 

  173.         add k, k, t0; \
    174. 

  174.         add h, h, t5; \
    175. 

  175.         add d, d, t6;                                 /* w1w2 + d => d */ \
    176. 

  176.       IOP(4, iop_param); \
    177. 

  177.         rolw(k, k, 7);                                /* rol (t0 + e + t), 7) => k */ \
    178. 

  178.         GG##i##_2(e, f, g, t3, t4); \
    179. 

  179.         add h, h, k;                                  /* h + w1 + k => h */ \
    180. 

  180.       IOP(5, iop_param); \
    181. 

  181.         FF##i##_3(a, b, c, t1, t2); \
    182. 

  182.         eor t0, t0, k;                                /* k ^ t0 => t0 */ \
    183. 

  183.         GG##i##_3(e, f, g, t3, t4); \
    184. 

  184.         add d, d, t1;                                 /* FF(a,b,c) + d => d */ \
    185. 

  185.       IOP(6, iop_param); \
    186. 

  186.         add t3, t3, h;                                /* GG(e,f,g) + h => t3 */ \
    187. 

  187.         rolw(b, b, 9);                                /* rol(b, 9) => b */ \
    188. 

  188.         eor h, t3, t3, ror #(32-9); \
    189. 

  189.       IOP(7, iop_param); \
    190. 

  190.         add d, d, t0;                                 /* t0 + d => d */ \
    191. 

  191.         rolw(f, f, 19);                               /* rol(f, 19) => f */ \
    192. 

  192.       IOP(8, iop_param); \
    193. 

  193.         eor h, h, t3, ror #(32-17);                   /* P0(t3) => h */ \
    194. 

  194. 

  195. #define R1(a, b, c, d, e, f, g, h, k, K_LOAD, round, widx, wtype, IOP, iop_param) \
    196. 

  196.         R(1, ##a, ##b, ##c, ##d, ##e, ##f, ##g, ##h, ##k, K_LOAD, round, widx, wtype, IOP, iop_param)
    197. 

  197. 

  198. #define R2(a, b, c, d, e, f, g, h, k, K_LOAD, round, widx, wtype, IOP, iop_param) \
    199. 

  199.         R(2, ##a, ##b, ##c, ##d, ##e, ##f, ##g, ##h, ##k, K_LOAD, round, widx, wtype, IOP, iop_param)
    200. 

  200. 

  201. #define KL(round) \
    202. 

  202.         ldp k_even, k_odd, [RKPTR, #(4*(round))];
    203. 

  203. 

  204. /* Input expansion macros. */
    205. 

  205. 

  206. /* Byte-swapped input address. */
    207. 

  207. #define IW_W_ADDR(round, widx, offs) \
    208. 

  208.         (STACK_W + ((round) / 4) * 64 + (offs) + ((widx) * 4))
    209. 

  209. 

  210. /* Expanded input address. */
    211. 

  211. #define XW_W_ADDR(round, widx, offs) \
    212. 

  212.         (STACK_W + ((((round) / 3) - 4) % 2) * 64 + (offs) + ((widx) * 4))
    213. 

  213. 

  214. /* Rounds 1-12, byte-swapped input block addresses. */
    215. 

  215. #define IW_W1_ADDR(round, widx)   IW_W_ADDR(round, widx, 32)
    216. 

  216. #define IW_W1W2_ADDR(round, widx) IW_W_ADDR(round, widx, 48)
    217. 

  217. 

  218. /* Rounds 1-12, expanded input block addresses. */
    219. 

  219. #define XW_W1_ADDR(round, widx)   XW_W_ADDR(round, widx, 0)
    220. 

  220. #define XW_W1W2_ADDR(round, widx) XW_W_ADDR(round, widx, 16)
    221. 

  221. 

  222. /* Input block loading.
    223. 

  223.  * Interleaving within round function needed for in-order CPUs. */
    224. 

  224. #define LOAD_W_VEC_1_1() \
    225. 

  225.         add addr0, sp, #IW_W1_ADDR(0, 0);
    226. 

  226. #define LOAD_W_VEC_1_2() \
    227. 

  227.         add addr1, sp, #IW_W1_ADDR(4, 0);
    228. 

  228. #define LOAD_W_VEC_1_3() \
    229. 

  229.         ld1 {W0.16b}, [RDATA], #16;
    230. 

  230. #define LOAD_W_VEC_1_4() \
    231. 

  231.         ld1 {W1.16b}, [RDATA], #16;
    232. 

  232. #define LOAD_W_VEC_1_5() \
    233. 

  233.         ld1 {W2.16b}, [RDATA], #16;
    234. 

  234. #define LOAD_W_VEC_1_6() \
    235. 

  235.         ld1 {W3.16b}, [RDATA], #16;
    236. 

  236. #define LOAD_W_VEC_1_7() \
    237. 

  237.         rev32 XTMP0.16b, W0.16b;
    238. 

  238. #define LOAD_W_VEC_1_8() \
    239. 

  239.         rev32 XTMP1.16b, W1.16b;
    240. 

  240. #define LOAD_W_VEC_2_1() \
    241. 

  241.         rev32 XTMP2.16b, W2.16b;
    242. 

  242. #define LOAD_W_VEC_2_2() \
    243. 

  243.         rev32 XTMP3.16b, W3.16b;
    244. 

  244. #define LOAD_W_VEC_2_3() \
    245. 

  245.         eor XTMP4.16b, XTMP1.16b, XTMP0.16b;
    246. 

  246. #define LOAD_W_VEC_2_4() \
    247. 

  247.         eor XTMP5.16b, XTMP2.16b, XTMP1.16b;
    248. 

  248. #define LOAD_W_VEC_2_5() \
    249. 

  249.         st1 {XTMP0.16b}, [addr0], #16;
    250. 

  250. #define LOAD_W_VEC_2_6() \
    251. 

  251.         st1 {XTMP4.16b}, [addr0]; \
    252. 

  252.         add addr0, sp, #IW_W1_ADDR(8, 0);
    253. 

  253. #define LOAD_W_VEC_2_7() \
    254. 

  254.         eor XTMP6.16b, XTMP3.16b, XTMP2.16b;
    255. 

  255. #define LOAD_W_VEC_2_8() \
    256. 

  256.         ext W0.16b, XTMP0.16b, XTMP0.16b, #8;  /* W0: xx, w0, xx, xx */
    257. 

  257. #define LOAD_W_VEC_3_1() \
    258. 

  258.         mov W2.16b, XTMP1.16b;                 /* W2: xx, w6, w5, w4 */
    259. 

  259. #define LOAD_W_VEC_3_2() \
    260. 

  260.         st1 {XTMP1.16b}, [addr1], #16;
    261. 

  261. #define LOAD_W_VEC_3_3() \
    262. 

  262.         st1 {XTMP5.16b}, [addr1]; \
    263. 

  263.         ext W1.16b, XTMP0.16b, XTMP0.16b, #4;  /* W1: xx, w3, w2, w1 */
    264. 

  264. #define LOAD_W_VEC_3_4() \
    265. 

  265.         ext W3.16b, XTMP1.16b, XTMP2.16b, #12; /* W3: xx, w9, w8, w7 */
    266. 

  266. #define LOAD_W_VEC_3_5() \
    267. 

  267.         ext W4.16b, XTMP2.16b, XTMP3.16b, #8;  /* W4: xx, w12, w11, w10 */
    268. 

  268. #define LOAD_W_VEC_3_6() \
    269. 

  269.         st1 {XTMP2.16b}, [addr0], #16;
    270. 

  270. #define LOAD_W_VEC_3_7() \
    271. 

  271.         st1 {XTMP6.16b}, [addr0];
    272. 

  272. #define LOAD_W_VEC_3_8() \
    273. 

  273.         ext W5.16b, XTMP3.16b, XTMP3.16b, #4;  /* W5: xx, w15, w14, w13 */
    274. 

  274. 

  275. #define LOAD_W_VEC_1(iop_num, ...) \
    276. 

  276.         LOAD_W_VEC_1_##iop_num()
    277. 

  277. #define LOAD_W_VEC_2(iop_num, ...) \
    278. 

  278.         LOAD_W_VEC_2_##iop_num()
    279. 

  279. #define LOAD_W_VEC_3(iop_num, ...) \
    280. 

  280.         LOAD_W_VEC_3_##iop_num()
    281. 

  281. 

  282. /* Message scheduling. Note: 3 words per vector register.
    283. 

  283.  * Interleaving within round function needed for in-order CPUs. */
    284. 

  284. #define SCHED_W_1_1(round, w0, w1, w2, w3, w4, w5) \
    285. 

  285.         /* Load (w[i - 16]) => XTMP0 */ \
    286. 

  286.         /* Load (w[i - 13]) => XTMP5 */ \
    287. 

  287.         ext XTMP0.16b, w0.16b, w0.16b, #12;    /* XTMP0: w0, xx, xx, xx */
    288. 

  288. #define SCHED_W_1_2(round, w0, w1, w2, w3, w4, w5) \
    289. 

  289.         ext XTMP5.16b, w1.16b, w1.16b, #12;
    290. 

  290. #define SCHED_W_1_3(round, w0, w1, w2, w3, w4, w5) \
    291. 

  291.         ext XTMP0.16b, XTMP0.16b, w1.16b, #12; /* XTMP0: xx, w2, w1, w0 */
    292. 

  292. #define SCHED_W_1_4(round, w0, w1, w2, w3, w4, w5) \
    293. 

  293.         ext XTMP5.16b, XTMP5.16b, w2.16b, #12;
    294. 

  294. #define SCHED_W_1_5(round, w0, w1, w2, w3, w4, w5) \
    295. 

  295.         /* w[i - 9] == w3 */ \
    296. 

  296.         /* W3 ^ XTMP0 => XTMP0 */ \
    297. 

  297.         eor XTMP0.16b, XTMP0.16b, w3.16b;
    298. 

  298. #define SCHED_W_1_6(round, w0, w1, w2, w3, w4, w5) \
    299. 

  299.         /* w[i - 3] == w5 */ \
    300. 

  300.         /* rol(XMM5, 15) ^ XTMP0 => XTMP0 */ \
    301. 

  301.         /* rol(XTMP5, 7) => XTMP1 */ \
    302. 

  302.         add addr0, sp, #XW_W1_ADDR((round), 0); \
    303. 

  303.         shl XTMP2.4s, w5.4s, #15;
    304. 

  304. #define SCHED_W_1_7(round, w0, w1, w2, w3, w4, w5) \
    305. 

  305.         shl XTMP1.4s, XTMP5.4s, #7;
    306. 

  306. #define SCHED_W_1_8(round, w0, w1, w2, w3, w4, w5) \
    307. 

  307.         sri XTMP2.4s, w5.4s, #(32-15);
    308. 

  308. #define SCHED_W_2_1(round, w0, w1, w2, w3, w4, w5) \
    309. 

  309.         sri XTMP1.4s, XTMP5.4s, #(32-7);
    310. 

  310. #define SCHED_W_2_2(round, w0, w1, w2, w3, w4, w5) \
    311. 

  311.         eor XTMP0.16b, XTMP0.16b, XTMP2.16b;
    312. 

  312. #define SCHED_W_2_3(round, w0, w1, w2, w3, w4, w5) \
    313. 

  313.         /* w[i - 6] == W4 */ \
    314. 

  314.         /* W4 ^ XTMP1 => XTMP1 */ \
    315. 

  315.         eor XTMP1.16b, XTMP1.16b, w4.16b;
    316. 

  316. #define SCHED_W_2_4(round, w0, w1, w2, w3, w4, w5) \
    317. 

  317.         /* P1(XTMP0) ^ XTMP1 => W0 */ \
    318. 

  318.         shl XTMP3.4s, XTMP0.4s, #15;
    319. 

  319. #define SCHED_W_2_5(round, w0, w1, w2, w3, w4, w5) \
    320. 

  320.         shl XTMP4.4s, XTMP0.4s, #23;
    321. 

  321. #define SCHED_W_2_6(round, w0, w1, w2, w3, w4, w5) \
    322. 

  322.         eor w0.16b, XTMP1.16b, XTMP0.16b;
    323. 

  323. #define SCHED_W_2_7(round, w0, w1, w2, w3, w4, w5) \
    324. 

  324.         sri XTMP3.4s, XTMP0.4s, #(32-15);
    325. 

  325. #define SCHED_W_2_8(round, w0, w1, w2, w3, w4, w5) \
    326. 

  326.         sri XTMP4.4s, XTMP0.4s, #(32-23);
    327. 

  327. #define SCHED_W_3_1(round, w0, w1, w2, w3, w4, w5) \
    328. 

  328.         eor w0.16b, w0.16b, XTMP3.16b;
    329. 

  329. #define SCHED_W_3_2(round, w0, w1, w2, w3, w4, w5) \
    330. 

  330.         /* Load (w[i - 3]) => XTMP2 */ \
    331. 

  331.         ext XTMP2.16b, w4.16b, w4.16b, #12;
    332. 

  332. #define SCHED_W_3_3(round, w0, w1, w2, w3, w4, w5) \
    333. 

  333.         eor w0.16b, w0.16b, XTMP4.16b;
    334. 

  334. #define SCHED_W_3_4(round, w0, w1, w2, w3, w4, w5) \
    335. 

  335.         ext XTMP2.16b, XTMP2.16b, w5.16b, #12;
    336. 

  336. #define SCHED_W_3_5(round, w0, w1, w2, w3, w4, w5) \
    337. 

  337.         /* W1 ^ W2 => XTMP3 */ \
    338. 

  338.         eor XTMP3.16b, XTMP2.16b, w0.16b;
    339. 

  339. #define SCHED_W_3_6(round, w0, w1, w2, w3, w4, w5)
    340. 

  340. #define SCHED_W_3_7(round, w0, w1, w2, w3, w4, w5) \
    341. 

  341.         st1 { XTMP2.16b-XTMP3.16b }, [addr0];
    342. 

  342. #define SCHED_W_3_8(round, w0, w1, w2, w3, w4, w5)
    343. 

  343. 

  344. #define SCHED_W_W0W1W2W3W4W5_1(iop_num, round) \
    345. 

  345.         SCHED_W_1_##iop_num(round, W0, W1, W2, W3, W4, W5)
    346. 

  346. #define SCHED_W_W0W1W2W3W4W5_2(iop_num, round) \
    347. 

  347.         SCHED_W_2_##iop_num(round, W0, W1, W2, W3, W4, W5)
    348. 

  348. #define SCHED_W_W0W1W2W3W4W5_3(iop_num, round) \
    349. 

  349.         SCHED_W_3_##iop_num(round, W0, W1, W2, W3, W4, W5)
    350. 

  350. 

  351. #define SCHED_W_W1W2W3W4W5W0_1(iop_num, round) \
    352. 

  352.         SCHED_W_1_##iop_num(round, W1, W2, W3, W4, W5, W0)
    353. 

  353. #define SCHED_W_W1W2W3W4W5W0_2(iop_num, round) \
    354. 

  354.         SCHED_W_2_##iop_num(round, W1, W2, W3, W4, W5, W0)
    355. 

  355. #define SCHED_W_W1W2W3W4W5W0_3(iop_num, round) \
    356. 

  356.         SCHED_W_3_##iop_num(round, W1, W2, W3, W4, W5, W0)
    357. 

  357. 

  358. #define SCHED_W_W2W3W4W5W0W1_1(iop_num, round) \
    359. 

  359.         SCHED_W_1_##iop_num(round, W2, W3, W4, W5, W0, W1)
    360. 

  360. #define SCHED_W_W2W3W4W5W0W1_2(iop_num, round) \
    361. 

  361.         SCHED_W_2_##iop_num(round, W2, W3, W4, W5, W0, W1)
    362. 

  362. #define SCHED_W_W2W3W4W5W0W1_3(iop_num, round) \
    363. 

  363.         SCHED_W_3_##iop_num(round, W2, W3, W4, W5, W0, W1)
    364. 

  364. 

  365. #define SCHED_W_W3W4W5W0W1W2_1(iop_num, round) \
    366. 

  366.         SCHED_W_1_##iop_num(round, W3, W4, W5, W0, W1, W2)
    367. 

  367. #define SCHED_W_W3W4W5W0W1W2_2(iop_num, round) \
    368. 

  368.         SCHED_W_2_##iop_num(round, W3, W4, W5, W0, W1, W2)
    369. 

  369. #define SCHED_W_W3W4W5W0W1W2_3(iop_num, round) \
    370. 

  370.         SCHED_W_3_##iop_num(round, W3, W4, W5, W0, W1, W2)
    371. 

  371. 

  372. #define SCHED_W_W4W5W0W1W2W3_1(iop_num, round) \
    373. 

  373.         SCHED_W_1_##iop_num(round, W4, W5, W0, W1, W2, W3)
    374. 

  374. #define SCHED_W_W4W5W0W1W2W3_2(iop_num, round) \
    375. 

  375.         SCHED_W_2_##iop_num(round, W4, W5, W0, W1, W2, W3)
    376. 

  376. #define SCHED_W_W4W5W0W1W2W3_3(iop_num, round) \
    377. 

  377.         SCHED_W_3_##iop_num(round, W4, W5, W0, W1, W2, W3)
    378. 

  378. 

  379. #define SCHED_W_W5W0W1W2W3W4_1(iop_num, round) \
    380. 

  380.         SCHED_W_1_##iop_num(round, W5, W0, W1, W2, W3, W4)
    381. 

  381. #define SCHED_W_W5W0W1W2W3W4_2(iop_num, round) \
    382. 

  382.         SCHED_W_2_##iop_num(round, W5, W0, W1, W2, W3, W4)
    383. 

  383. #define SCHED_W_W5W0W1W2W3W4_3(iop_num, round) \
    384. 

  384.         SCHED_W_3_##iop_num(round, W5, W0, W1, W2, W3, W4)
    385. 

  385. 

  386. 

  387. .text
    388. 

  388. 

  389. /*
    390. 

  390.  * Transform nblks*64 bytes (nblks*16 32-bit words) at DATA.
    391. 

  391.  *
    392. 

  392.  * unsigned int
    393. 

  393.  * _gcry_sm3_transform_aarch64 (void *ctx, const unsigned char *data,
    394. 

  394.  *                              size_t nblks)
    395. 

  395.  */
    396. 

  396. .align 4
    397. 

  397. .globl _gcry_sm3_transform_aarch64
    398. 

  398. ELF(.type _gcry_sm3_transform_aarch64,%function;)
    399. 

  399. _gcry_sm3_transform_aarch64:
    400. 

  400.   CFI_STARTPROC();
    401. 

  401. 

  402.   ldp ra, rb, [RSTATE, #0];
    403. 

  403.   ldp rc, rd, [RSTATE, #8];
    404. 

  404.   ldp re, rf, [RSTATE, #16];
    405. 

  405.   ldp rg, rh, [RSTATE, #24];
    406. 

  406. 

  407.   stp x28, x29, [sp, #-16]!;
    408. 

  408.   CFI_ADJUST_CFA_OFFSET(16);
    409. 

  409.   CFI_REG_ON_STACK(28, 0);
    410. 

  410.   CFI_REG_ON_STACK(29, 8);
    411. 

  411.   stp x19, x20, [sp, #-16]!;
    412. 

  412.   CFI_ADJUST_CFA_OFFSET(16);
    413. 

  413.   CFI_REG_ON_STACK(19, 0);
    414. 

  414.   CFI_REG_ON_STACK(20, 8);
    415. 

  415.   stp x21, x22, [sp, #-16]!;
    416. 

  416.   CFI_ADJUST_CFA_OFFSET(16);
    417. 

  417.   CFI_REG_ON_STACK(21, 0);
    418. 

  418.   CFI_REG_ON_STACK(22, 8);
    419. 

  419.   stp x23, x24, [sp, #-16]!;
    420. 

  420.   CFI_ADJUST_CFA_OFFSET(16);
    421. 

  421.   CFI_REG_ON_STACK(23, 0);
    422. 

  422.   CFI_REG_ON_STACK(24, 8);
    423. 

  423.   stp x25, x26, [sp, #-16]!;
    424. 

  424.   CFI_ADJUST_CFA_OFFSET(16);
    425. 

  425.   CFI_REG_ON_STACK(25, 0);
    426. 

  426.   CFI_REG_ON_STACK(26, 8);
    427. 

  427.   mov RFRAME, sp;
    428. 

  428.   CFI_DEF_CFA_REGISTER(RFRAME);
    429. 

  429. 

  430.   sub addr0, sp, #STACK_SIZE;
    431. 

  431.   GET_DATA_POINTER(RKPTR, .LKtable);
    432. 

  432.   and sp, addr0, #(~63);
    433. 

  433. 

  434.   /* Preload first block. */
    435. 

  435.   LOAD_W_VEC_1(1, 0);
    436. 

  436.   LOAD_W_VEC_1(2, 0);
    437. 

  437.   LOAD_W_VEC_1(3, 0);
    438. 

  438.   LOAD_W_VEC_1(4, 0);
    439. 

  439.   LOAD_W_VEC_1(5, 0);
    440. 

  440.   LOAD_W_VEC_1(6, 0);
    441. 

  441.   LOAD_W_VEC_1(7, 0);
    442. 

  442.   LOAD_W_VEC_1(8, 0);
    443. 

  443.   LOAD_W_VEC_2(1, 0);
    444. 

  444.   LOAD_W_VEC_2(2, 0);
    445. 

  445.   LOAD_W_VEC_2(3, 0);
    446. 

  446.   LOAD_W_VEC_2(4, 0);
    447. 

  447.   LOAD_W_VEC_2(5, 0);
    448. 

  448.   LOAD_W_VEC_2(6, 0);
    449. 

  449.   LOAD_W_VEC_2(7, 0);
    450. 

  450.   LOAD_W_VEC_2(8, 0);
    451. 

  451.   LOAD_W_VEC_3(1, 0);
    452. 

  452.   LOAD_W_VEC_3(2, 0);
    453. 

  453.   LOAD_W_VEC_3(3, 0);
    454. 

  454.   LOAD_W_VEC_3(4, 0);
    455. 

  455.   LOAD_W_VEC_3(5, 0);
    456. 

  456.   LOAD_W_VEC_3(6, 0);
    457. 

  457.   LOAD_W_VEC_3(7, 0);
    458. 

  458.   LOAD_W_VEC_3(8, 0);
    459. 

  459. 

  460. .balign 16
    461. 

  461. .Loop:
    462. 

  462.   /* Transform 0-3 */
    463. 

  463.   R1(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 0, 0, IW, _, 0);
    464. 

  464.   R1(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  1, 1, IW, _, 0);
    465. 

  465.   R1(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 2, 2, IW, _, 0);
    466. 

  466.   R1(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  3, 3, IW, _, 0);
    467. 

  467. 

  468.   /* Transform 4-7 + Precalc 12-14 */
    469. 

  469.   R1(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 4, 0, IW, _, 0);
    470. 

  470.   R1(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  5, 1, IW, _, 0);
    471. 

  471.   R1(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 6, 2, IW, SCHED_W_W0W1W2W3W4W5_1, 12);
    472. 

  472.   R1(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  7, 3, IW, SCHED_W_W0W1W2W3W4W5_2, 12);
    473. 

  473. 

  474.   /* Transform 8-11 + Precalc 12-17 */
    475. 

  475.   R1(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 8, 0, IW, SCHED_W_W0W1W2W3W4W5_3, 12);
    476. 

  476.   R1(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  9, 1, IW, SCHED_W_W1W2W3W4W5W0_1, 15);
    477. 

  477.   R1(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 10, 2, IW, SCHED_W_W1W2W3W4W5W0_2, 15);
    478. 

  478.   R1(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  11, 3, IW, SCHED_W_W1W2W3W4W5W0_3, 15);
    479. 

  479. 

  480.   /* Transform 12-14 + Precalc 18-20 */
    481. 

  481.   R1(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 12, 0, XW, SCHED_W_W2W3W4W5W0W1_1, 18);
    482. 

  482.   R1(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  13, 1, XW, SCHED_W_W2W3W4W5W0W1_2, 18);
    483. 

  483.   R1(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 14, 2, XW, SCHED_W_W2W3W4W5W0W1_3, 18);
    484. 

  484. 

  485.   /* Transform 15-17 + Precalc 21-23 */
    486. 

  486.   R1(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  15, 0, XW, SCHED_W_W3W4W5W0W1W2_1, 21);
    487. 

  487.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 16, 1, XW, SCHED_W_W3W4W5W0W1W2_2, 21);
    488. 

  488.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  17, 2, XW, SCHED_W_W3W4W5W0W1W2_3, 21);
    489. 

  489. 

  490.   /* Transform 18-20 + Precalc 24-26 */
    491. 

  491.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 18, 0, XW, SCHED_W_W4W5W0W1W2W3_1, 24)
    492. 

  492.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  19, 1, XW, SCHED_W_W4W5W0W1W2W3_2, 24)
    493. 

  493.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 20, 2, XW, SCHED_W_W4W5W0W1W2W3_3, 24)
    494. 

  494. 

  495.   /* Transform 21-23 + Precalc 27-29 */
    496. 

  496.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  21, 0, XW, SCHED_W_W5W0W1W2W3W4_1, 27)
    497. 

  497.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 22, 1, XW, SCHED_W_W5W0W1W2W3W4_2, 27)
    498. 

  498.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  23, 2, XW, SCHED_W_W5W0W1W2W3W4_3, 27)
    499. 

  499. 

  500.   /* Transform 24-26 + Precalc 30-32 */
    501. 

  501.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 24, 0, XW, SCHED_W_W0W1W2W3W4W5_1, 30)
    502. 

  502.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  25, 1, XW, SCHED_W_W0W1W2W3W4W5_2, 30)
    503. 

  503.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 26, 2, XW, SCHED_W_W0W1W2W3W4W5_3, 30)
    504. 

  504. 

  505.   /* Transform 27-29 + Precalc 33-35 */
    506. 

  506.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  27, 0, XW, SCHED_W_W1W2W3W4W5W0_1, 33)
    507. 

  507.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 28, 1, XW, SCHED_W_W1W2W3W4W5W0_2, 33)
    508. 

  508.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  29, 2, XW, SCHED_W_W1W2W3W4W5W0_3, 33)
    509. 

  509. 

  510.   /* Transform 30-32 + Precalc 36-38 */
    511. 

  511.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 30, 0, XW, SCHED_W_W2W3W4W5W0W1_1, 36)
    512. 

  512.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  31, 1, XW, SCHED_W_W2W3W4W5W0W1_2, 36)
    513. 

  513.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 32, 2, XW, SCHED_W_W2W3W4W5W0W1_3, 36)
    514. 

  514. 

  515.   /* Transform 33-35 + Precalc 39-41 */
    516. 

  516.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  33, 0, XW, SCHED_W_W3W4W5W0W1W2_1, 39)
    517. 

  517.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 34, 1, XW, SCHED_W_W3W4W5W0W1W2_2, 39)
    518. 

  518.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  35, 2, XW, SCHED_W_W3W4W5W0W1W2_3, 39)
    519. 

  519. 

  520.   /* Transform 36-38 + Precalc 42-44 */
    521. 

  521.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 36, 0, XW, SCHED_W_W4W5W0W1W2W3_1, 42)
    522. 

  522.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  37, 1, XW, SCHED_W_W4W5W0W1W2W3_2, 42)
    523. 

  523.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 38, 2, XW, SCHED_W_W4W5W0W1W2W3_3, 42)
    524. 

  524. 

  525.   /* Transform 39-41 + Precalc 45-47 */
    526. 

  526.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  39, 0, XW, SCHED_W_W5W0W1W2W3W4_1, 45)
    527. 

  527.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 40, 1, XW, SCHED_W_W5W0W1W2W3W4_2, 45)
    528. 

  528.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  41, 2, XW, SCHED_W_W5W0W1W2W3W4_3, 45)
    529. 

  529. 

  530.   /* Transform 42-44 + Precalc 48-50 */
    531. 

  531.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 42, 0, XW, SCHED_W_W0W1W2W3W4W5_1, 48)
    532. 

  532.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  43, 1, XW, SCHED_W_W0W1W2W3W4W5_2, 48)
    533. 

  533.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 44, 2, XW, SCHED_W_W0W1W2W3W4W5_3, 48)
    534. 

  534. 

  535.   /* Transform 45-47 + Precalc 51-53 */
    536. 

  536.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  45, 0, XW, SCHED_W_W1W2W3W4W5W0_1, 51)
    537. 

  537.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 46, 1, XW, SCHED_W_W1W2W3W4W5W0_2, 51)
    538. 

  538.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  47, 2, XW, SCHED_W_W1W2W3W4W5W0_3, 51)
    539. 

  539. 

  540.   /* Transform 48-50 + Precalc 54-56 */
    541. 

  541.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 48, 0, XW, SCHED_W_W2W3W4W5W0W1_1, 54)
    542. 

  542.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  49, 1, XW, SCHED_W_W2W3W4W5W0W1_2, 54)
    543. 

  543.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 50, 2, XW, SCHED_W_W2W3W4W5W0W1_3, 54)
    544. 

  544. 

  545.   /* Transform 51-53 + Precalc 57-59 */
    546. 

  546.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  51, 0, XW, SCHED_W_W3W4W5W0W1W2_1, 57)
    547. 

  547.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 52, 1, XW, SCHED_W_W3W4W5W0W1W2_2, 57)
    548. 

  548.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  53, 2, XW, SCHED_W_W3W4W5W0W1W2_3, 57)
    549. 

  549. 

  550.   /* Transform 54-56 + Precalc 60-62 */
    551. 

  551.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 54, 0, XW, SCHED_W_W4W5W0W1W2W3_1, 60)
    552. 

  552.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  55, 1, XW, SCHED_W_W4W5W0W1W2W3_2, 60)
    553. 

  553.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 56, 2, XW, SCHED_W_W4W5W0W1W2W3_3, 60)
    554. 

  554. 

  555.   /* Transform 57-59 + Precalc 63 */
    556. 

  556.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  57, 0, XW, SCHED_W_W5W0W1W2W3W4_1, 63)
    557. 

  557.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 58, 1, XW, SCHED_W_W5W0W1W2W3W4_2, 63)
    558. 

  558.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  59, 2, XW, SCHED_W_W5W0W1W2W3W4_3, 63)
    559. 

  559. 

  560.   /* Transform 60 */
    561. 

  561.   R2(ra, rb, rc, rd, re, rf, rg, rh, k_even, KL, 60, 0, XW, _, _);
    562. 

  562.   subs RNBLKS, RNBLKS, #1;
    563. 

  563.   b.eq .Lend;
    564. 

  564. 

  565.   /* Transform 61-63 + Preload next block */
    566. 

  566.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  61, 1, XW, LOAD_W_VEC_1, _);
    567. 

  567.   ldp s0, s1, [RSTATE, #0];
    568. 

  568.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 62, 2, XW, LOAD_W_VEC_2, _);
    569. 

  569.   ldp s2, s3, [RSTATE, #8];
    570. 

  570.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  63, 0, XW, LOAD_W_VEC_3, _);
    571. 

  571. 

  572.   /* Update the chaining variables. */
    573. 

  573.   eor ra, ra, s0;
    574. 

  574.   eor rb, rb, s1;
    575. 

  575.   ldp s0, s1, [RSTATE, #16];
    576. 

  576.   eor rc, rc, s2;
    577. 

  577.   ldp k_even, k_odd, [RSTATE, #24];
    578. 

  578.   eor rd, rd, s3;
    579. 

  579.   eor re, re, s0;
    580. 

  580.   stp ra, rb, [RSTATE, #0];
    581. 

  581.   eor rf, rf, s1;
    582. 

  582.   stp rc, rd, [RSTATE, #8];
    583. 

  583.   eor rg, rg, k_even;
    584. 

  584.   stp re, rf, [RSTATE, #16];
    585. 

  585.   eor rh, rh, k_odd;
    586. 

  586.   stp rg, rh, [RSTATE, #24];
    587. 

  587.   b .Loop;
    588. 

  588. 

  589. .Lend:
    590. 

  590.   /* Transform 61-63 */
    591. 

  591.   R2(rd, ra, rb, rc, rh, re, rf, rg, k_odd,  _,  61, 1, XW, _, _);
    592. 

  592.   ldp s0, s1, [RSTATE, #0];
    593. 

  593.   R2(rc, rd, ra, rb, rg, rh, re, rf, k_even, KL, 62, 2, XW, _, _);
    594. 

  594.   ldp s2, s3, [RSTATE, #8];
    595. 

  595.   R2(rb, rc, rd, ra, rf, rg, rh, re, k_odd,  _,  63, 0, XW, _, _);
    596. 

  596. 

  597.   /* Update the chaining variables. */
    598. 

  598.   eor ra, ra, s0;
    599. 

  599.   clear_vec(W0);
    600. 

  600.   eor rb, rb, s1;
    601. 

  601.   clear_vec(W1);
    602. 

  602.   ldp s0, s1, [RSTATE, #16];
    603. 

  603.   clear_vec(W2);
    604. 

  604.   eor rc, rc, s2;
    605. 

  605.   clear_vec(W3);
    606. 

  606.   ldp k_even, k_odd, [RSTATE, #24];
    607. 

  607.   clear_vec(W4);
    608. 

  608.   eor rd, rd, s3;
    609. 

  609.   clear_vec(W5);
    610. 

  610.   eor re, re, s0;
    611. 

  611.   clear_vec(XTMP0);
    612. 

  612.   stp ra, rb, [RSTATE, #0];
    613. 

  613.   clear_vec(XTMP1);
    614. 

  614.   eor rf, rf, s1;
    615. 

  615.   clear_vec(XTMP2);
    616. 

  616.   stp rc, rd, [RSTATE, #8];
    617. 

  617.   clear_vec(XTMP3);
    618. 

  618.   eor rg, rg, k_even;
    619. 

  619.   clear_vec(XTMP4);
    620. 

  620.   stp re, rf, [RSTATE, #16];
    621. 

  621.   clear_vec(XTMP5);
    622. 

  622.   eor rh, rh, k_odd;
    623. 

  623.   clear_vec(XTMP6);
    624. 

  624.   stp rg, rh, [RSTATE, #24];
    625. 

  625. 

  626.   /* Clear message expansion area */
    627. 

  627.   add addr0, sp, #STACK_W;
    628. 

  628.   eor x0, x0, x0; // stack burned
    629. 

  629.   st1 {W0.16b-W3.16b}, [addr0], #64;
    630. 

  630.   st1 {W0.16b-W3.16b}, [addr0], #64;
    631. 

  631.   st1 {W0.16b-W3.16b}, [addr0];
    632. 

  632. 

  633.   mov sp, RFRAME;
    634. 

  634.   CFI_DEF_CFA_REGISTER(sp);
    635. 

  635. 

  636.   ldp x25, x26, [sp], #16;
    637. 

  637.   CFI_ADJUST_CFA_OFFSET(-16);
    638. 

  638.   CFI_RESTORE(x25);
    639. 

  639.   CFI_RESTORE(x26);
    640. 

  640.   ldp x23, x24, [sp], #16;
    641. 

  641.   CFI_ADJUST_CFA_OFFSET(-16);
    642. 

  642.   CFI_RESTORE(x23);
    643. 

  643.   CFI_RESTORE(x24);
    644. 

  644.   ldp x21, x22, [sp], #16;
    645. 

  645.   CFI_ADJUST_CFA_OFFSET(-16);
    646. 

  646.   CFI_RESTORE(x21);
    647. 

  647.   CFI_RESTORE(x22);
    648. 

  648.   ldp x19, x20, [sp], #16;
    649. 

  649.   CFI_ADJUST_CFA_OFFSET(-16);
    650. 

  650.   CFI_RESTORE(x19);
    651. 

  651.   CFI_RESTORE(x20);
    652. 

  652.   ldp x28, x29, [sp], #16;
    653. 

  653.   CFI_ADJUST_CFA_OFFSET(-16);
    654. 

  654.   CFI_RESTORE(x28);
    655. 

  655.   CFI_RESTORE(x29);
    656. 

  656.   ret_spec_stop
    657. 

  657.   CFI_ENDPROC();
    658. 

  658. ELF(.size _gcry_sm3_transform_aarch64, .-_gcry_sm3_transform_aarch64;)
    659. 

  659. 

  660. #endif
    661. 

  661.