Lines Matching +full:- +full:15 +full:v
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
15 // load the words on-demand.
59 // Execute a quarter-round of BLAKE2s by mixing two columns or two diagonals.
61 // columns/diagonals. s0-s1 are the word offsets to the message words the first
62 // column/diagonal needs, and likewise s2-s3 for the second column/diagonal.
113 // Execute one round of BLAKE2s by updating the state matrix v[0..15]. v[0..9]
115 // spilling v[8..9], then to v[9..15], then to the message block. r10-r12 and
116 // r14 are free to use. The macro arguments s0-s15 give the order in which the
132 // (v[0], v[4], v[8], v[12]) and (v[1], v[5], v[9], v[13]).
133 __ldrd r10, r11, sp, 16 // load v[12] and v[13]
140 // (v[2], v[6], v[10], v[14]) and (v[3], v[7], v[11], v[15]).
141 __ldrd r8, r9, sp, 8 // load v[10] and v[11]
142 __ldrd r10, r11, sp, 24 // load v[14] and v[15]
145 str r10, [sp, #24] // store v[14]
146 // v[10], v[11], and v[15] are used below, so no need to store them yet.
152 // (v[0], v[5], v[10], v[15]) and (v[1], v[6], v[11], v[12]).
153 ldr r10, [sp, #16] // load v[12]
161 // (v[2], v[7], v[8], v[13]) and (v[3], v[4], v[9], v[14]).
162 __ldrd r8, r9, sp, 0 // load v[8] and v[9]
163 __ldrd r10, r11, sp, 20 // load v[13] and v[14]
180 push {r0-r2,r4-r11,lr} // keep this an even number
200 ldmia r1!, {r2-r9}
202 stmia r12!, {r2-r9}
203 ldmia r1!, {r2-r9}
205 stmia r12, {r2-r9}
209 // Calculate v[8..15]. Push v[9..15] onto the stack, and leave space
210 // for spilling v[8..9]. Leave v[8..9] in r8-r9.
213 ldmia r12!, {r8-r9} // load IV[0..1]
215 ldm r12, {r2-r7} // load IV[3..7]
216 eor r4, r4, r10 // v[12] = IV[4] ^ t[0]
217 eor r5, r5, r11 // v[13] = IV[5] ^ t[1]
218 eor r6, r6, r0 // v[14] = IV[6] ^ f[0]
219 eor r7, r7, r1 // v[15] = IV[7] ^ f[1]
220 push {r2-r7} // push v[9..15]
221 sub sp, sp, #8 // leave space for v[8..9]
223 // Load h[0..7] == v[0..7].
224 ldm r14, {r0-r7}
230 _blake2s_round 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
231 _blake2s_round 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3
232 _blake2s_round 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4
233 _blake2s_round 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8
234 _blake2s_round 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13
235 _blake2s_round 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9
236 _blake2s_round 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11
237 _blake2s_round 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10
238 _blake2s_round 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5
239 _blake2s_round 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0
244 // h[i] ^= v[i] ^ v[i + 8];
247 add sp, sp, #8 // v[8..9] are already loaded.
248 pop {r10-r11} // load v[10..11]
253 ldm r14, {r8-r11} // load h[0..3]
258 stmia r14!, {r0-r3} // store new h[0..3]
259 ldm r14, {r0-r3} // load old h[4..7]
260 pop {r8-r11} // load v[12..15]
270 stm r14, {r0-r3} // store new h[4..7]
274 // 64. So we can simply set it to 64 without re-loading it.
277 subs r2, r2, #1 // nblocks--
281 pop {r0-r2,r4-r11,pc}
283 // The next message block (pointed to by r1) isn't 4-byte aligned, so it
285 // by r12) using an alternative method. r2-r9 are free to use.