Commit a6451ce5 authored by Niels Möller's avatar Niels Möller

ARM assembly for ecc_224_modp.

parent eb046c27
2013-03-01 Niels Möller <nisse@lysator.liu.se>
* ecc-224.c: Check HAVE_NATIVE_ecc_224_modp, and use native
version if available.
* armv7/ecc-224-modp.asm: New file, 4.5 time speedup over C
version.
* configure.ac (asm_optional_list): Added ecc-224-modp.asm.
(OPT_ASM_SOURCES): Fixed assignment.
......
C nettle, low-level cryptographics library
C
C Copyright (C) 2013, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C the Free Software Foundation; either version 2.1 of the License, or (at your
C option) any later version.
C
C The nettle library is distributed in the hope that it will be useful, but
C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
C License for more details.
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
C MA 02111-1301, USA.
.file "ecc-224-modp.asm"
.arm
define(<RP>, <r1>)
define(<H>, <r0>) C Overlaps unused ecc argument
define(<T0>, <r2>)
define(<T1>, <r3>)
define(<T2>, <r4>)
define(<T3>, <r5>)
define(<T4>, <r6>)
define(<T5>, <r7>)
define(<T6>, <r8>)
define(<N3>, <r10>)
define(<L0>, <r11>)
define(<L1>, <r12>)
define(<L2>, <lr>)
C ecc_224_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
.text
.align 2
PROLOGUE(nettle_ecc_224_modp)
push {r4,r5,r6,r7,r8,r10,r11,lr}
add L2, RP, #28
ldm L2, {T0,T1,T2,T3,T4,T5,T6}
mov H, #0
adds T0, T0, T4
adcs T1, T1, T5
adcs T2, T2, T6
adc H, H, #0
C This switch from adcs to sbcs takes carry into account with
C correct sign, but it always subtracts 1 too much. We arrange
C to also add B^7 + 1 below, so the effect is adding p. This
C addition of p also ensures that the result never is
C negative.
sbcs N3, T3, T0
sbcs T4, T4, T1
sbcs T5, T5, T2
sbcs T6, T6, H
mov H, #1 C This is the B^7
sbc H, #0
subs T6, T6, T3
sbc H, #0
C Now subtract from low half
ldm RP!, {L0,L1,L2}
C Clear carry, with the sbcs, this is the 1.
adds RP, #0
sbcs T0, L0, T0
sbcs T1, L1, T1
sbcs T2, L2, T2
ldm RP!, {T3,L0,L1,L2}
sbcs T3, T3, N3
sbcs T4, L0, T4
sbcs T5, L1, T5
sbcs T6, L2, T6
rsc H, H, #0
C Now -2 <= H <= 0 is the borrow, so subtract (B^3 - 1) |H|
C Use (B^3 - 1) H = <H, H, H> if -1 <=H <= 0, and
C (B^3 - 1) H = <1,B-1, B-1, B-2> if H = -2
subs T0, T0, H
asr L1, H, #1
sbcs T1, T1, L1
eor H, H, L1
sbcs T2, T2, L1
sbcs T3, T3, H
sbcs T4, T4, #0
sbcs T5, T5, #0
sbcs T6, T6, #0
sbcs H, H, H
C Final borrow, subtract (B^3 - 1) |H|
subs T0, T0, H
sbcs T1, T1, H
sbcs T2, T2, H
sbcs T3, T3, #0
sbcs T4, T4, #0
sbcs T5, T5, #0
sbcs T6, T6, #0
stmdb RP, {T0,T1,T2,T3,T4,T5,T6}
pop {r4,r5,r6,r7,r8,r10,r11,pc}
EPILOGUE(nettle_ecc_224_modp)
......@@ -30,7 +30,17 @@
#include "ecc-internal.h"
#if HAVE_NATIVE_ecc_224_modp
#define USE_REDC 0
#define ecc_224_modp nettle_ecc_224_modp
void
ecc_224_modp (const struct ecc_curve *ecc, mp_limb_t *rp);
#else
#define USE_REDC (ECC_REDC_SIZE != 0)
#define ecc_224_modp ecc_generic_modp
#endif
#include "ecc-224.h"
......@@ -49,9 +59,9 @@ const struct ecc_curve nettle_secp_224r1 =
ecc_q,
ecc_g,
ecc_redc_g,
ecc_generic_modp,
ecc_224_modp,
ecc_generic_redc,
USE_REDC ? ecc_generic_redc : ecc_generic_modp,
USE_REDC ? ecc_generic_redc : ecc_224_modp,
ecc_generic_modq,
ecc_Bmodp,
ecc_Bmodp_shifted,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment