*** empty log message ***

Rev: nettle/x86/sha1-f1-noexp.nlms:1.1

nettle/x86/sha1-f1-noexp.nlms

+/* The f1 phase of sha1, without expansion */
+/* !!! arch x86_32 */
+/* !!! signature n */
+/* !!! count 0 mod 5 */
+
+/* Run with loopmix -f -s -m -i -b sha1-f1-noexpand.nlms */
+
+changequote(<,>)dnl
+
+/* Current version can be loop-mixed down to 29 cycles. */
+define(<SA>,<%eax>)
+define(<SB>,<%ebx>)
+define(<SC>,<%ecx>)
+define(<SD>,<%edx>)
+define(<SE>,<%ebp>)
+define(<DATA>,<%esp>)
+define(<T1>,<%edi>)
+define(<T2>,<%esi>)
+dnl define(<KVALUE>,<%esi>)
+define(<COUNT>, <84(%esp)>)
+
+define(<K1VALUE>, <0x5A827999>) 
+
+dnl Expands to 4*i, or to the empty string if i is zero
+define(<OFFSET>, <ifelse($1,0,,eval(4*$1))>)
+
+dnl The F1 round sets
+dnl
+dnl e += (a <<< 5) + (d ^ (b & (c ^ d))) + k + w
+dnl 
+dnl Access inputs in order d, c, b, a, to give maximum time to
+dnl have values ready.
+
+dnl Current version can be loopmixed down to just over 4 cycles.
+define(<ROUND_F1_NOEXP>, <
+	mov	$4, T2
+	xor	$3, T2
+	and	$2, T2
+	xor	$4, T2
+	rol	<$>30, $2
+	mov	$1, T1
+	rol	<$>5, T1
+	add	OFFSET($6) (DATA), $5
+	add	T2, $5
+	lea	K1VALUE (T1, $5), $5
+>)
+
+.text
+.p2align 4,15
+.globl loop_entry
+loop_entry:
+	push	%ebx		
+	push	%ebp		
+	push	%esi		
+	push	%edi		
+
+	sub	$64, %esp
+
+.align 32
+loop_begin:
+	ROUND_F1_NOEXP(SA, SB, SC, SD, SE, 20)
+	ROUND_F1_NOEXP(SE, SA, SB, SC, SD, 21)
+	ROUND_F1_NOEXP(SD, SE, SA, SB, SC, 22)
+	ROUND_F1_NOEXP(SC, SD, SE, SA, SB, 23)
+	ROUND_F1_NOEXP(SB, SC, SD, SE, SA, 24)
+	sub	  $5, COUNT
+	jnz	  loop_begin
+
+loop_end:
+	add	$64, %esp
+	pop	%edi
+	pop	%esi
+	pop	%ebp
+	pop	%ebx
+	ret
+