Commit 933c4cef authored by Niels Möller's avatar Niels Möller

ARM assembly for ecc_521_modp.

parent 16768e1f
2013-03-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac (asm_optional_list): Added ecc-521-modp.asm.
* ecc-521.c: Check HAVE_NATIVE_ecc_521_modp, and use native
version if available.
* armv7/ecc-521-modp.asm: New file, 2 time speedup over C version.
2013-03-04 Niels Möller <nisse@lysator.liu.se>
* configure.ac (asm_optional_list): Added ecc-384-modp.asm. Deleted
bogus reference to $asm_search_list.
* ecc-384.c: Check HAVE_NATIVE_ecc_384_modp, and use native
version if available.
* armv7/ecc-384-modp.asm: New file, 3 time speedup over C version.
......
C nettle, low-level cryptographics library
C
C Copyright (C) 2013, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C the Free Software Foundation; either version 2.1 of the License, or (at your
C option) any later version.
C
C The nettle library is distributed in the hope that it will be useful, but
C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
C License for more details.
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
C MA 02111-1301, USA.
.file "ecc-521-modp.asm"
.arm
define(<HP>, <r0>)
define(<RP>, <r1>)
define(<T0>, <r2>)
define(<T1>, <r3>)
define(<T2>, <r4>)
define(<F0>, <r5>)
define(<F1>, <r6>)
define(<F2>, <r7>)
define(<F3>, <r8>)
define(<H>, <r12>)
define(<N>, <lr>)
C ecc_521_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
.text
.Lc511:
.int 511
.align 2
PROLOGUE(nettle_ecc_521_modp)
push {r4,r5,r6,r7,r8,lr}
C Use that B^17 = 2^23 (mod p)
ldr F3, [RP, #+68] C 17
add HP, RP, #72 C 18
ldr T0, [RP] C 0
adds T0, T0, F3, lsl #23
str T0, [RP], #+4
mov N, #5
C 5 iterations, reading limbs 18-20, 21-23, 24-26, 27-29, 30-32
C and adding to limbs 1-3, 4-6, 7-9, 19-12, 13-15
.Loop:
ldm RP, {T0,T1,T2} C 1+3*k -- 3+3*k
lsr F0, F3, #9
ldm HP!, {F1,F2,F3} C 18+3*k -- 20+3*k
orr F0, F0, F1, lsl #23
lsr F1, F1, #9
orr F1, F1, F2, lsl #23
lsr F2, F2, #9
orr F2, F2, F3, lsl #23
adcs T0, T0, F0
adcs T1, T1, F1
adcs T2, T2, F2
sub N, N, #1
stm RP!,{T0,T1,T2}
teq N, #0
bne .Loop
ldr F0, [RP], #-64 C 16
ldr F1, [HP] C 33
ldr T0, .Lc511
C Handling of high limbs
C F0 = rp[16] + carry in + F3 >> 9
adcs F0, F0, F3, lsr #9
C Copy low 9 bits to H, then shift right including carry
and H, F0, T0
rrx F0, F0
lsr F0, F0, #8
C Add in F1 = rp[33], with weight 2^1056 = 2^14
adds F0, F0, F1, lsl #14
lsr F1, F1, #18
adc F1, F1, #0
ldm RP, {T0, T1} C 0-1
adds T0, T0, F0
adcs T1, T1, F1
stm RP!, {T0, T1}
ldm RP, {T0,T1,T2,F0,F1,F2,F3} C 2-8
adcs T0, T0, #0
adcs T1, T1, #0
adcs T2, T2, #0
adcs F0, F0, #0
adcs F1, F1, #0
adcs F2, F2, #0
adcs F3, F3, #0
stm RP!, {T0,T1,T2,F0,F1,F2,F3} C 2-8
ldm RP, {T0,T1,T2,F0,F1,F2,F3} C 9-15
adcs T0, T0, #0
adcs T1, T1, #0
adcs T2, T2, #0
adcs F0, F0, #0
adcs F1, F1, #0
adcs F2, F2, #0
adcs F3, F3, #0
adcs H, H, #0
stm RP, {T0,T1,T2,F0,F1,F2,F3,H} C 9-16
pop {r4,r5,r6,r7,r8,pc}
EPILOGUE(nettle_ecc_521_modp)
......@@ -250,7 +250,8 @@ asm_replace_list="aes-encrypt-internal.asm aes-decrypt-internal.asm \
asm_optional_list=""
if test "x$enable_public_key" = "xyes" ; then
asm_optional_list="ecc-192-modp.asm ecc-224-modp.asm ecc-256-redc.asm ecc-384-modp.asm"
asm_optional_list="ecc-192-modp.asm ecc-224-modp.asm ecc-256-redc.asm \
ecc-384-modp.asm ecc-521-modp.asm"
fi
OPT_ASM_SOURCES=""
......
......@@ -34,6 +34,13 @@
#include "ecc-521.h"
#if HAVE_NATIVE_ecc_521_modp
#define ecc_521_modp nettle_ecc_521_modp
void
ecc_521_modp (const struct ecc_curve *ecc, mp_limb_t *rp);
#else
#define B_SHIFT (521 % GMP_NUMB_BITS)
#define BMODP_SHIFT (GMP_NUMB_BITS - B_SHIFT)
#define BMODP ((mp_limb_t) 1 << BMODP_SHIFT)
......@@ -56,6 +63,7 @@ ecc_521_modp (const struct ecc_curve *ecc UNUSED, mp_limb_t *rp)
& (((mp_limb_t) 1 << B_SHIFT)-1))
+ sec_add_1 (rp, rp, ECC_LIMB_SIZE - 1, hi);
}
#endif
const struct ecc_curve nettle_secp_521r1 =
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment