aix_ppc32.s

cryptlib安全工具包

	lwz	r7,12(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[7],b[2],c1,c2,c3);
	lwz	r6,28(r4)
	lwz	r7,8(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
	stw	r10,36(r3)	#r[9]=c1;
					#mul_add_c(a[7],b[3],c2,c3,c1);
	lwz	r7,12(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r0
					#mul_add_c(a[6],b[4],c2,c3,c1);
	lwz	r6,24(r4)
	lwz	r7,16(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[5],b[5],c2,c3,c1);
	lwz	r6,20(r4)
	lwz	r7,20(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[4],b[6],c2,c3,c1);
	lwz	r6,16(r4)
	lwz	r7,24(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[3],b[7],c2,c3,c1);
	lwz	r6,12(r4)
	lwz	r7,28(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
	stw	r11,40(r3)	#r[10]=c2;
					#mul_add_c(a[4],b[7],c3,c1,c2);
	lwz	r6,16(r4)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r0
					#mul_add_c(a[5],b[6],c3,c1,c2);
	lwz	r6,20(r4)
	lwz	r7,24(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[6],b[5],c3,c1,c2);
	lwz	r6,24(r4)
	lwz	r7,20(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[7],b[4],c3,c1,c2);
	lwz	r6,28(r4)
	lwz	r7,16(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
	stw	r12,44(r3)	#r[11]=c3;
					#mul_add_c(a[7],b[5],c1,c2,c3);
	lwz	r7,20(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r0
					#mul_add_c(a[6],b[6],c1,c2,c3);
	lwz	r6,24(r4)
	lwz	r7,24(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[5],b[7],c1,c2,c3);
	lwz	r6,20(r4)
	lwz	r7,28(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
	stw	r10,48(r3)	#r[12]=c1;
					#mul_add_c(a[6],b[7],c2,c3,c1);
	lwz	r6,24(r4)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r0
					#mul_add_c(a[7],b[6],c2,c3,c1);
	lwz	r6,28(r4)
	lwz	r7,24(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
	stw	r11,52(r3)	#r[13]=c2;
					#mul_add_c(a[7],b[7],c3,c1,c2);
	lwz	r7,28(r5)
	mullw	r8,r6,r7
	mulhwu	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	stw	r12,56(r3)	#r[14]=c3;
	stw	r10,60(r3)	#r[15]=c1;
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_sub_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#
#
.align	4
.bn_sub_words:
#
#	Handcoded version of bn_sub_words
#
#BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
#
#	r3 = r
#	r4 = a
#	r5 = b
#	r6 = n
#
#       Note:	No loop unrolling done since this is not a performance
#               critical loop.

	xor	r0,r0,r0	#set r0 = 0
#
#	check for r6 = 0 AND set carry bit.
#
	subfc.	r7,r0,r6        # If r6 is 0 then result is 0.
				# if r6 > 0 then result !=0
				# In either case carry bit is set.
	bc	BO_IF,CR0_EQ,Lppcasm_sub_adios
	addi	r4,r4,-4
	addi	r3,r3,-4
	addi	r5,r5,-4
	mtctr	r6
Lppcasm_sub_mainloop:	
	lwzu	r7,4(r4)
	lwzu	r8,4(r5)
	subfe	r6,r8,r7	# r6 = r7+carry bit + onescomplement(r8)
				# if carry = 1 this is r7-r8. Else it
				# is r7-r8 -1 as we need.
	stwu	r6,4(r3)
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop
Lppcasm_sub_adios:	
	subfze	r3,r0		# if carry bit is set then r3 = 0 else -1
	andi.	r3,r3,1         # keep only last bit.
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000


#
#	NOTE:	The following label name should be changed to
#		"bn_add_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_add_words:
#
#	Handcoded version of bn_add_words
#
#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
#
#	r3 = r
#	r4 = a
#	r5 = b
#	r6 = n
#
#       Note:	No loop unrolling done since this is not a performance
#               critical loop.

	xor	r0,r0,r0
#
#	check for r6 = 0. Is this needed?
#
	addic.	r6,r6,0		#test r6 and clear carry bit.
	bc	BO_IF,CR0_EQ,Lppcasm_add_adios
	addi	r4,r4,-4
	addi	r3,r3,-4
	addi	r5,r5,-4
	mtctr	r6
Lppcasm_add_mainloop:	
	lwzu	r7,4(r4)
	lwzu	r8,4(r5)
	adde	r8,r7,r8
	stwu	r8,4(r3)
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop
Lppcasm_add_adios:	
	addze	r3,r0			#return carry bit.
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_div_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_div_words:
#
#	This is a cleaned up version of code generated by
#	the AIX compiler. The only optimization is to use
#	the PPC instruction to count leading zeros instead
#	of call to num_bits_word. Since this was compiled
#	only at level -O2 we can possibly squeeze it more?
#	
#	r3 = h
#	r4 = l
#	r5 = d
	
	cmplwi	0,r5,0			# compare r5 and 0
	bc	BO_IF_NOT,CR0_EQ,Lppcasm_div1	# proceed if d!=0
	li	r3,-1			# d=0 return -1
	bclr	BO_ALWAYS,CR0_LT	
Lppcasm_div1:
	xor	r0,r0,r0		#r0=0
	li	r8,32
	cntlzw.	r7,r5			#r7 = num leading 0s in d.
	bc	BO_IF,CR0_EQ,Lppcasm_div2	#proceed if no leading zeros
	subf	r8,r7,r8		#r8 = BN_num_bits_word(d)
	srw.	r9,r3,r8		#are there any bits above r8'th?
	tw	16,r9,r0		#if there're, signal to dump core...
Lppcasm_div2:
	cmpl	0,0,r3,r5			#h>=d?
	bc	BO_IF,CR0_LT,Lppcasm_div3	#goto Lppcasm_div3 if not
	subf	r3,r5,r3		#h-=d ; 
Lppcasm_div3:				#r7 = BN_BITS2-i. so r7=i
	cmpi	0,0,r7,0		# is (i == 0)?
	bc	BO_IF,CR0_EQ,Lppcasm_div4
	slw	r3,r3,r7		# h = (h<< i)
	srw	r8,r4,r8		# r8 = (l >> BN_BITS2 -i)
	slw	r5,r5,r7		# d<<=i
	or	r3,r3,r8		# h = (h<<i)|(l>>(BN_BITS2-i))
	slw	r4,r4,r7		# l <<=i
Lppcasm_div4:
	srwi	r9,r5,16		# r9 = dh
					# dl will be computed when needed
					# as it saves registers.
	li	r6,2			#r6=2
	mtctr	r6			#counter will be in count.
Lppcasm_divouterloop: 
	srwi	r8,r3,16		#r8 = (h>>BN_BITS4)
	srwi	r11,r4,16	#r11= (l&BN_MASK2h)>>BN_BITS4
					# compute here for innerloop.
	cmpl	0,0,r8,r9			# is (h>>BN_BITS4)==dh
	bc	BO_IF_NOT,CR0_EQ,Lppcasm_div5	# goto Lppcasm_div5 if not

	li	r8,-1
	clrlwi	r8,r8,16		#q = BN_MASK2l 
	b	Lppcasm_div6
Lppcasm_div5:
	divwu	r8,r3,r9		#q = h/dh
Lppcasm_div6:
	mullw	r12,r9,r8		#th = q*dh
	clrlwi	r10,r5,16	#r10=dl
	mullw	r6,r8,r10		#tl = q*dl
	
Lppcasm_divinnerloop:
	subf	r10,r12,r3		#t = h -th
	srwi	r7,r10,16	#r7= (t &BN_MASK2H), sort of...
	addic.	r7,r7,0			#test if r7 == 0. used below.
					# now want to compute
					# r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4)
					# the following 2 instructions do that
	slwi	r7,r10,16	# r7 = (t<<BN_BITS4)
	or	r7,r7,r11		# r7|=((l&BN_MASK2h)>>BN_BITS4)
	cmpl	1,0,r6,r7			# compare (tl <= r7)
	bc	BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit
	bc	BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit
	addi	r8,r8,-1		#q--
	subf	r12,r9,r12		#th -=dh
	clrlwi	r10,r5,16	#r10=dl. t is no longer needed in loop.
	subf	r6,r10,r6		#tl -=dl
	b	Lppcasm_divinnerloop
Lppcasm_divinnerexit:
	srwi	r10,r6,16	#t=(tl>>BN_BITS4)
	slwi	r11,r6,16	#tl=(tl<<BN_BITS4)&BN_MASK2h;
	cmpl	1,0,r4,r11		# compare l and tl
	add	r12,r12,r10		# th+=t
	bc	BO_IF_NOT,CR1_FX,Lppcasm_div7  # if (l>=tl) goto Lppcasm_div7
	addi	r12,r12,1		# th++
Lppcasm_div7:
	subf	r11,r11,r4		#r11=l-tl
	cmpl	1,0,r3,r12		#compare h and th
	bc	BO_IF_NOT,CR1_FX,Lppcasm_div8	#if (h>=th) goto Lppcasm_div8
	addi	r8,r8,-1		# q--
	add	r3,r5,r3		# h+=d
Lppcasm_div8:
	subf	r12,r12,r3		#r12 = h-th
	slwi	r4,r11,16	#l=(l&BN_MASK2l)<<BN_BITS4
					# want to compute
					# h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2
					# the following 2 instructions will do this.
	insrwi	r11,r12,16,16	# r11 is the value we want rotated 32/2.
	rotlwi	r3,r11,16	# rotate by 32/2 and store in r3
	bc	BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ;
	slwi	r0,r8,16		#ret =q<<BN_BITS4
	b	Lppcasm_divouterloop
Lppcasm_div9:
	or	r3,r8,r0
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_sqr_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#
.align	4
.bn_sqr_words:
#
#	Optimized version of bn_sqr_words
#
#	void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
#
#	r3 = r
#	r4 = a
#	r5 = n
#
#	r6 = a[i].
#	r7,r8 = product.
#
#	No unrolling done here. Not performance critical.

	addic.	r5,r5,0			#test r5.
	bc	BO_IF,CR0_EQ,Lppcasm_sqr_adios
	addi	r4,r4,-4
	addi	r3,r3,-4
	mtctr	r5
Lppcasm_sqr_mainloop:	
					#sqr(r[0],r[1],a[0]);
	lwzu	r6,4(r4)
	mullw	r7,r6,r6
	mulhwu  r8,r6,r6
	stwu	r7,4(r3)
	stwu	r8,4(r3)
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop
Lppcasm_sqr_adios:	
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000


#
#	NOTE:	The following label name should be changed to
#		"bn_mul_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4	
.bn_mul_words:
#
# BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
#
# r3 = rp
# r4 = ap
# r5 = num
# r6 = w
	xor	r0,r0,r0
	xor	r12,r12,r12		# used for carry
	rlwinm.	r7,r5,30,2,31		# num >> 2
	bc	BO_IF,CR0_EQ,Lppcasm_mw_REM
	mtctr	r7
Lppcasm_mw_LOOP:	
					#mul(rp[0],ap[0],w,c1);
	lwz	r8,0(r4)
	mullw	r9,r6,r8
	mulhwu  r10,r6,r8
	addc	r9,r9,r12
	#addze	r10,r10			#carry is NOT ignored.
					#will be taken care of
					#in second spin below
					#using adde.
	stw	r9,0(r3)
					#mul(rp[1],ap[1],w,c1);
	lwz	r8,4(r4)	
	mullw	r11,r6,r8
	mulhwu  r12,r6,r8
	adde	r11,r11,r10
	#addze	r12,r12
	stw	r11,4(r3)
					#mul(rp[2],ap[2],w,c1);
	lwz	r8,8(r4)
	mullw	r9,r6,r8
	mulhwu  r10,r6,r8
	adde	r9,r9,r12
	#addze	r10,r10
	stw	r9,8(r3)
					#mul_add(rp[3],ap[3],w,c1);
	lwz	r8,12(r4)
	mullw	r11,r6,r8
	mulhwu  r12,r6,r8
	adde	r11,r11,r10
	addze	r12,r12			#this spin we collect carry into
					#r12
	stw	r11,12(r3)
	
	addi	r3,r3,16
	addi	r4,r4,16
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP

Lppcasm_mw_REM:
	andi.	r5,r5,0x3
	bc	BO_IF,CR0_EQ,Lppcasm_mw_OVER
					#mul(rp[0],ap[0],w,c1);
	lwz	r8,0(r4)
	mullw	r9,r6,r8
	mulhwu  r10,r6,r8
	addc	r9,r9,r12
	addze	r10,r10
	stw	r9,0(r3)
	addi	r12,r10,0
	
	addi	r5,r5,-1
	cmpli	0,0,r5,0
	bc	BO_IF,CR0_EQ,Lppcasm_mw_OVER

	
					#mul(rp[1],ap[1],w,c1);
	lwz	r8,4(r4)	
	mullw	r9,r6,r8
	mulhwu  r10,r6,r8
	addc	r9,r9,r12
	addze	r10,r10
	stw	r9,4(r3)
	addi	r12,r10,0
	
	addi	r5,r5,-1
	cmpli	0,0,r5,0
	bc	BO_IF,CR0_EQ,Lppcasm_mw_OVER
	
					#mul_add(rp[2],ap[2],w,c1);
	lwz	r8,8(r4)
	mullw	r9,r6,r8
	mulhwu  r10,r6,r8
	addc	r9,r9,r12
	addze	r10,r10
	stw	r9,8(r3)
	addi	r12,r10,0
		
Lppcasm_mw_OVER:	
	addi	r3,r12,0
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_mul_add_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_mul_add_words:
#
# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
#
# r3 = rp
# r4 = ap
# r5 = num
# r6 = w
#
# empirical evidence suggests that unrolled version performs best!!
#
	xor	r0,r0,r0		#r0 = 0
	xor	r12,r12,r12  		#r12 = 0 . used for carry		
	rlwinm.	r7,r5,30,2,31		# num >> 2
	bc	BO_IF,CR0_EQ,Lppcasm_maw_leftover	# if (num < 4) go LPPCASM_maw_leftover
	mtctr	r7
Lppcasm_maw_mainloop:	
					#mul_add(rp[0],ap[0],w,c1);
	lwz	r8,0(r4)
	lwz	r11,0(r3)
	mullw	r9,r6,r8
	mulhwu  r10,r6,r8
	addc	r9,r9,r12		#r12 is carry.
	addze	r10,r10
	addc	r9,r9,r11
	#addze	r10,r10
					#the above instruction addze
					#is NOT needed. Carry will NOT
					#be ignored. It's not affected
					#by multiply and will be collected
					#in the next spin
	stw	r9,0(r3)
	
					#mul_add(rp[1],ap[1],w,c1);
	lwz	r8,4(r4)	
	lwz	r9,4(r3)
	mullw	r11,r6,r8
	mulhwu  r12,r6,r8
	adde	r11,r11,r10		#r10 is carry.
	addze	r12,r12
	addc	r11,r11,r9
	#addze	r12,r12
	stw	r11,4(r3)
	
					#mul_add(rp[2],ap[2],w,c1);
	lwz	r8,8(r4)
	mullw	r9,r6,r8
	lwz	r11,8(r3)
	mulhwu  r10,r6,r8
	adde	r9,r9,r12
	addze	r10,r10
	addc	r9,r9,r11
	#addze	r10,r10
	stw	r9,8(r3)
	
					#mul_add(rp[3],ap[3],w,c1);
	lwz	r8,12(r4)
	mullw	r11,r6,r8
	lwz	r9,12(r3)
	mulhwu  r12,r6,r8
	adde	r11,r11,r10
	addze	r12,r12
	addc	r11,r11,r9
	addze	r12,r12
	stw	r11,12(r3)
	addi	r3,r3,16
	addi	r4,r4,16
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop
	
Lppcasm_maw_leftover:
	andi.	r5,r5,0x3
	bc	BO_IF,CR0_EQ,Lppcasm_maw_adios
	addi	r3,r3,-4
	addi	r4,r4,-4
					#mul_add(rp[0],ap[0],w,c1);
	mtctr	r5
	lwzu	r8,4(r4)
	mullw	r9,r6,r8
	mulhwu  r10,r6,r8
	lwzu	r11,4(r3)
	addc	r9,r9,r11
	addze	r10,r10
	addc	r9,r9,r12
	addze	r12,r10
	stw	r9,0(r3)
	
	bc	BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
					#mul_add(rp[1],ap[1],w,c1);
	lwzu	r8,4(r4)	
	mullw	r9,r6,r8
	mulhwu  r10,r6,r8
	lwzu	r11,4(r3)
	addc	r9,r9,r11
	addze	r10,r10
	addc	r9,r9,r12
	addze	r12,r10
	stw	r9,0(r3)
	
	bc	BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
					#mul_add(rp[2],ap[2],w,c1);
	lwzu	r8,4(r4)
	mullw	r9,r6,r8
	mulhwu  r10,r6,r8
	lwzu	r11,4(r3)
	addc	r9,r9,r11
	addze	r10,r10
	addc	r9,r9,r12
	addze	r12,r10
	stw	r9,0(r3)
		
Lppcasm_maw_adios:	
	addi	r3,r12,0
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000
	.align	4