Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
keccak1600-armv4.pl 15.7 KB
Newer Older
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 
my @C = map("r$_",(0..9));
my @E = map("r$_",(10..12,14));

my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20));
my @D = map(8*$_, (25..29));
my @T = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (30,35));

$code.=<<___;
.text

.type	iotas,%object
.align	5
iotas:
	.long	0x00000001, 0x00000000
	.long	0x00000000, 0x00000089
	.long	0x00000000, 0x8000008b
	.long	0x00000000, 0x80008080
	.long	0x00000001, 0x0000008b
	.long	0x00000001, 0x00008000
	.long	0x00000001, 0x80008088
	.long	0x00000001, 0x80000082
	.long	0x00000000, 0x0000000b
	.long	0x00000000, 0x0000000a
	.long	0x00000001, 0x00008082
	.long	0x00000000, 0x00008003
	.long	0x00000001, 0x0000808b
	.long	0x00000001, 0x8000000b
	.long	0x00000001, 0x8000008a
	.long	0x00000001, 0x80000081
	.long	0x00000000, 0x80000081
	.long	0x00000000, 0x80000008
	.long	0x00000000, 0x00000083
	.long	0x00000000, 0x80008003
	.long	0x00000001, 0x80008088
	.long	0x00000000, 0x80000088
	.long	0x00000001, 0x00008000
	.long	0x00000000, 0x80008082
.size	iostas,.-iotas

.global	KeccakF1600
.type	KeccakF1600, %function
.align	5
KeccakF1600:
	eor	r1,r1,r1
	stmdb	sp!,{r0,r1,r4-r12,lr}
	sub	sp,sp,#320			@ space for A[5][5],D[5],T[2][5]

	add	@E[0],r0,#$A[1][0]
	add	@E[1],sp,#$A[1][0]
	mov	@E[2],r0
	ldmia	@E[0]!,{@C[0]-@C[9]}		@ copy A[5][5] to stack
	stmia	@E[1]!,{@C[0]-@C[9]}
	ldmia	@E[0]!,{@C[0]-@C[9]}
	stmia	@E[1]!,{@C[0]-@C[9]}
	ldmia	@E[0]!,{@C[0]-@C[9]}
	stmia	@E[1]!,{@C[0]-@C[9]}
	ldmia	@E[0],{@C[0]-@C[9]}
	stmia	@E[1],{@C[0]-@C[9]}
	ldmia	@E[2],{@C[0]-@C[9]}
	stmia	sp,{@C[0]-@C[9]}
	add	@E[0],sp,#$A[1][0]
	b	.Lround

.align	4
.Lround:
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[1][0..1]
	eor	@C[0],@C[0],@E[0]
	 add	@E[0],sp,#$A[1][2]
	eor	@C[1],@C[1],@E[1]
	eor	@C[2],@C[2],@E[2]
	eor	@C[3],@C[3],@E[3]
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[1][2..3]
	eor	@C[4],@C[4],@E[0]
	 add	@E[0],sp,#$A[1][4]
	eor	@C[5],@C[5],@E[1]
	eor	@C[6],@C[6],@E[2]
	eor	@C[7],@C[7],@E[3]
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[1][4]..A[2][0]
	eor	@C[8],@C[8],@E[0]
	 add	@E[0],sp,#$A[2][1]
	eor	@C[9],@C[9],@E[1]
	eor	@C[0],@C[0],@E[2]
	eor	@C[1],@C[1],@E[3]
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[2][1..2]
	eor	@C[2],@C[2],@E[0]
	 add	@E[0],sp,#$A[2][3]
	eor	@C[3],@C[3],@E[1]
	eor	@C[4],@C[4],@E[2]
	eor	@C[5],@C[5],@E[3]
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[2][3..4]
	eor	@C[6],@C[6],@E[0]
	 add	@E[0],sp,#$A[3][0]
	eor	@C[7],@C[7],@E[1]
	eor	@C[8],@C[8],@E[2]
	eor	@C[9],@C[9],@E[3]
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[3][0..1]
	eor	@C[0],@C[0],@E[0]
	 add	@E[0],sp,#$A[3][2]
	eor	@C[1],@C[1],@E[1]
	eor	@C[2],@C[2],@E[2]
	eor	@C[3],@C[3],@E[3]
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[3][2..3]
	eor	@C[4],@C[4],@E[0]
	 add	@E[0],sp,#$A[3][4]
	eor	@C[5],@C[5],@E[1]
	eor	@C[6],@C[6],@E[2]
	eor	@C[7],@C[7],@E[3]
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[3][4]..A[4][0]
	eor	@C[8],@C[8],@E[0]
	 add	@E[0],sp,#$A[4][1]
	eor	@C[9],@C[9],@E[1]
	eor	@C[0],@C[0],@E[2]
	eor	@C[1],@C[1],@E[3]
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[4][1..2]
	eor	@C[2],@C[2],@E[0]
	 add	@E[0],sp,#$A[4][3]
	eor	@C[3],@C[3],@E[1]
	eor	@C[4],@C[4],@E[2]
	eor	@C[5],@C[5],@E[3]
	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[4][3..4]
	eor	@C[6],@C[6],@E[0]
	eor	@C[7],@C[7],@E[1]
	eor	@C[8],@C[8],@E[2]
	eor	@C[9],@C[9],@E[3]

	eor	@E[0],@C[0],@C[5],ror#32-1	@ E[0] = ROL64(C[2], 1) ^ C[0];
	eor	@E[1],@C[1],@C[4]
	str	@E[0],[sp,#$D[1]]		@ D[1] = E[0]
	eor	@E[2],@C[6],@C[1],ror#32-1	@ E[1] = ROL64(C[0], 1) ^ C[3];
	str	@E[1],[sp,#$D[1]+4]
	eor	@E[3],@C[7],@C[0]
	str	@E[2],[sp,#$D[4]]		@ D[4] = E[1]
	eor	@C[0],@C[8],@C[3],ror#32-1	@ C[0] = ROL64(C[1], 1) ^ C[4];
	str	@E[3],[sp,#$D[4]+4]
	eor	@C[1],@C[9],@C[2]
	str	@C[0],[sp,#$D[0]]		@ D[0] = C[0]
	eor	@C[2],@C[2],@C[7],ror#32-1	@ C[1] = ROL64(C[3], 1) ^ C[1];
	str	@C[1],[sp,#$D[0]+4]
	eor	@C[3],@C[3],@C[6]
	str	@C[2],[sp,#$D[2]]		@ D[2] = C[1]
	eor	@C[4],@C[4],@C[9],ror#32-1	@ C[2] = ROL64(C[4], 1) ^ C[2];
	str	@C[3],[sp,#$D[2]+4]
	eor	@C[5],@C[5],@C[8]
	str	@C[4],[sp,#$D[3]]		@ D[3] = C[2]
	str	@C[5],[sp,#$D[3]+4]

	ldr	@C[8],[sp,#$A[3][0]]
	ldr	@C[9],[sp,#$A[3][0]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
149 150 
	ldr	@C[6],[sp,#$A[0][1]]
	ldr	@C[7],[sp,#$A[0][1]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
151 152 153 
	eor	@C[8],@C[8],@C[0]
	eor	@C[9],@C[9],@C[1]
	str	@C[8],[sp,#$T[0][0]]		@ T[0][0] = A[3][0] ^ C[0]; /* borrow T[0][0] */
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
154 
	ldr	@C[8],[sp,#$A[0][2]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
155 
	str	@C[9],[sp,#$T[0][0]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
156 
	ldr	@C[9],[sp,#$A[0][2]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
157 158 159 
	eor	@C[6],@C[6],@E[0]
	eor	@C[7],@C[7],@E[1]
	str	@C[6],[sp,#$T[0][1]]		@ T[0][1] = A[0][1] ^ E[0]; /* D[1] */
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
160 
	ldr	@C[6],[sp,#$A[0][3]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
161 
	str	@C[7],[sp,#$T[0][1]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
162 
	ldr	@C[7],[sp,#$A[0][3]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
163 164 165 
	eor	@C[8],@C[8],@C[2]
	eor	@C[9],@C[9],@C[3]
	str	@C[8],[sp,#$T[0][2]]		@ T[0][2] = A[0][2] ^ C[1]; /* D[2] */
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
166 
	ldr	@C[8],[sp,#$A[0][4]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
167 
	str	@C[9],[sp,#$T[0][2]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
168 
	ldr	@C[9],[sp,#$A[0][4]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
169 170 171 172 
	eor	@C[6],@C[6],@C[4]
	eor	@C[7],@C[7],@C[5]
	str	@C[6],[sp,#$T[0][3]]		@ T[0][3] = A[0][3] ^ C[2]; /* D[3] */
	eor	@C[8],@C[8],@E[2]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
173 
	str	@C[7],[sp,#$T[0][3]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
174 175 176 177 178 179 
	eor	@C[9],@C[9],@E[3]
	str	@C[8],[sp,#$T[0][4]]		@ T[0][4] = A[0][4] ^ E[1]; /* D[4] */
	str	@C[9],[sp,#$T[0][4]+4]

	ldr	@C[6],[sp,#$A[3][3]]
	ldr	@C[7],[sp,#$A[3][3]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
180 181 
	ldr	@C[8],[sp,#$A[4][4]]
	ldr	@C[9],[sp,#$A[4][4]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
182 183 184 
	eor	@C[4],@C[4],@C[6]
	eor	@C[5],@C[5],@C[7]
	ror	@C[7],@C[4],#32-10		@ C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]);   /* D[3] */
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
185 
	ldr	@C[4],[sp,#$A[0][0]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
186 
	ror	@C[6],@C[5],#32-11
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
187 
	ldr	@C[5],[sp,#$A[0][0]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
188 189 190 
	eor	@C[8],@C[8],@E[2]
	eor	@C[9],@C[9],@E[3]
	ror	@C[8],@C[8],#32-7		@ C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]);   /* D[4] */
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
191 
	ldr	@E[2],[sp,#$A[2][2]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
192 
	ror	@C[9],@C[9],#32-7
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
193 
	ldr	@E[3],[sp,#$A[2][2]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
194 195 196 197 
	eor	@C[0],@C[0],@C[4]
	eor	@C[1],@C[1],@C[5]		@ C[0] =       A[0][0] ^ C[0]; /* rotate by 0 */  /* D[0] */
	eor	@E[2],@E[2],@C[2]
	ldr	@C[2],[sp,#$A[1][1]]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
198 
	eor	@E[3],@E[3],@C[3]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
199 
	ldr	@C[3],[sp,#$A[1][1]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
200 
	ror	@C[5],@E[2],#32-21		@ C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]);   /* D[2] */
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
201 
	eor	@C[2],@C[2],@E[0]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
202 203 
	ror	@C[4],@E[3],#32-22
	 adr	@E[0],iotas
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
204 
	eor	@C[3],@C[3],@E[1]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
205 
	 ldr	@E[1],[sp,#320+4]		@ load counter
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
206 207 208 209 210 211 
	ror	@C[2],@C[2],#32-22		@ C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]);   /* D[1] */
	ror	@C[3],@C[3],#32-22

	add	@E[0],@E[0],@E[1]
	ldr	@E[2],[@E[0],#0]
	add	@E[1],@E[1],#8
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
212 
	ldr	@E[3],[@E[0],#4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
213 
	cmp	@E[1],#192
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
214 
	str	@E[1],[sp,#320+4]		@ store counter
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 

	bic	@E[0],@C[4],@C[2]
	bic	@E[1],@C[5],@C[3]
	eor	@E[0],@E[0],@C[0]
	eor	@E[1],@E[1],@C[1]
	eor	@E[0],@E[0],@E[2]
	eor	@E[1],@E[1],@E[3]
	str	@E[0],[sp,#$A[0][0]]		@ A[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
	bic	@E[2],@C[6],@C[4]
	str	@E[1],[sp,#$A[0][0]+4]
	bic	@E[3],@C[7],@C[5]
	eor	@E[2],@E[2],@C[2]
	eor	@E[3],@E[3],@C[3]
	str	@E[2],[sp,#$A[0][1]]		@ A[0][1] = C[1] ^ (~C[2] & C[3]);
	bic	@E[0],@C[8],@C[6]
	str	@E[3],[sp,#$A[0][1]+4]
	bic	@E[1],@C[9],@C[7]
	eor	@E[0],@E[0],@C[4]
	eor	@E[1],@E[1],@C[5]
	str	@E[0],[sp,#$A[0][2]]		@ A[0][2] = C[2] ^ (~C[3] & C[4]);
	bic	@E[2],@C[0],@C[8]
	str	@E[1],[sp,#$A[0][2]+4]
	bic	@E[3],@C[1],@C[9]
	eor	@E[2],@E[2],@C[6]
	eor	@E[3],@E[3],@C[7]
	str	@E[2],[sp,#$A[0][3]]		@ A[0][3] = C[3] ^ (~C[4] & C[0]);
	bic	@E[0],@C[2],@C[0]
	str	@E[3],[sp,#$A[0][3]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
243 
	 add	@E[3],sp,#$D[0]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
244 245 246 247 248 249 250 251 252 253 254 
	bic	@E[1],@C[3],@C[1]
	eor	@E[0],@E[0],@C[8]
	eor	@E[1],@E[1],@C[9]
	str	@E[0],[sp,#$A[0][4]]		@ A[0][4] = C[4] ^ (~C[0] & C[1]);
	str	@E[1],[sp,#$A[0][4]+4]

	ldmia	@E[3],{@C[6]-@C[9],@E[0],@E[1],@E[2],@E[3]}	@ D[0..3]
	ldr	@C[4],[sp,#$D[4]]
	ldr	@C[5],[sp,#$D[4]+4]
	ldr	@C[0],[sp,#$A[1][0]]
	ldr	@C[1],[sp,#$A[1][0]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
255 256 
	ldr	@C[2],[sp,#$A[2][1]]
	ldr	@C[3],[sp,#$A[2][1]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
257 258 259 
	eor	@C[0],@C[0],@C[6]
	eor	@C[1],@C[1],@C[7]
	str	@C[0],[sp,#$T[1][0]]		@ T[1][0] = A[1][0] ^ (C[3] = D[0]);
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
260 
	add	@C[0],sp,#$A[1][2]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
261 262 263 264 265 266 267 268 269 
	str	@C[1],[sp,#$T[1][0]+4]
	eor	@C[2],@C[2],@C[8]
	eor	@C[3],@C[3],@C[9]
	str	@C[2],[sp,#$T[1][1]]		@ T[1][1] = A[2][1] ^ (C[4] = D[1]); /* borrow T[1][1] */
	str	@C[3],[sp,#$T[1][1]+4]
	ldmia	@C[0],{@C[0]-@C[3]}		@ A[1][2..3]
	eor	@C[0],@C[0],@E[0]
	eor	@C[1],@C[1],@E[1]
	str	@C[0],[sp,#$T[1][2]]		@ T[1][2] = A[1][2] ^ (E[0] = D[2]);
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
270 
	ldr	@C[0],[sp,#$A[2][4]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
271 
	str	@C[1],[sp,#$T[1][2]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
272 
	ldr	@C[1],[sp,#$A[2][4]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
273 274 275 
	eor	@C[2],@C[2],@E[2]
	eor	@C[3],@C[3],@E[3]
	str	@C[2],[sp,#$T[1][3]]		@ T[1][3] = A[1][3] ^ (E[1] = D[3]);
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
276 
	 ldr	@C[2],[sp,#$T[0][3]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
277 
	str	@C[3],[sp,#$T[1][3]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
278 
	 ldr	@C[3],[sp,#$T[0][3]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
279 
	eor	@C[0],@C[0],@C[4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
280 
	 ldr	@E[2],[sp,#$A[1][4]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
281 
	eor	@C[1],@C[1],@C[5]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
282 
	 ldr	@E[3],[sp,#$A[1][4]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
283 284 285 
	str	@C[0],[sp,#$T[1][4]]		@ T[1][4] = A[2][4] ^ (C[2] = D[4]); /* borrow T[1][4] */

	ror	@C[0],@C[2],#32-14		@ C[0] = ROL64(T[0][3],        rhotates[0][3]);
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
286 
	 str	@C[1],[sp,#$T[1][4]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
287 288 
	ror	@C[1],@C[3],#32-14
	eor	@C[2],@E[2],@C[4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
289 
	ldr	@C[4],[sp,#$A[2][0]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
290 
	eor	@C[3],@E[3],@C[5]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
291 
	ldr	@C[5],[sp,#$A[2][0]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
292 
	ror	@C[2],@C[2],#32-10		@ C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]);   /* D[4] */
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
293 
	ldr	@E[2],[sp,#$A[3][1]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
294 
	ror	@C[3],@C[3],#32-10
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
295 
	ldr	@E[3],[sp,#$A[3][1]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
296 297 298 299 
	eor	@C[6],@C[6],@C[4]
	eor	@C[7],@C[7],@C[5]
	ror	@C[5],@C[6],#32-1		@ C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]);   /* D[0] */
	eor	@E[2],@E[2],@C[8]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
300 
	ror	@C[4],@C[7],#32-2
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
301 
	ldr	@C[8],[sp,#$A[4][2]]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
302 
	eor	@E[3],@E[3],@C[9]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
303 
	ldr	@C[9],[sp,#$A[4][2]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
304 
	ror	@C[7],@E[2],#32-22		@ C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]);   /* D[1] */
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
305 
	eor	@E[0],@E[0],@C[8]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
306 
	ror	@C[6],@E[3],#32-23
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
307 308 309 310 
	eor	@E[1],@E[1],@C[9]
	ror	@C[9],@E[0],#32-30		@ C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]);   /* D[2] */

	bic	@E[0],@C[4],@C[2]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
311 
	 ror	@C[8],@E[1],#32-31
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 
	bic	@E[1],@C[5],@C[3]
	eor	@E[0],@E[0],@C[0]
	eor	@E[1],@E[1],@C[1]
	str	@E[0],[sp,#$A[1][0]]		@ A[1][0] = C[0] ^ (~C[1] & C[2])
	bic	@E[2],@C[6],@C[4]
	str	@E[1],[sp,#$A[1][0]+4]
	bic	@E[3],@C[7],@C[5]
	eor	@E[2],@E[2],@C[2]
	eor	@E[3],@E[3],@C[3]
	str	@E[2],[sp,#$A[1][1]]		@ A[1][1] = C[1] ^ (~C[2] & C[3]);
	bic	@E[0],@C[8],@C[6]
	str	@E[3],[sp,#$A[1][1]+4]
	bic	@E[1],@C[9],@C[7]
	eor	@E[0],@E[0],@C[4]
	eor	@E[1],@E[1],@C[5]
	str	@E[0],[sp,#$A[1][2]]		@ A[1][2] = C[2] ^ (~C[3] & C[4]);
	bic	@E[2],@C[0],@C[8]
	str	@E[1],[sp,#$A[1][2]+4]
	bic	@E[3],@C[1],@C[9]
	eor	@E[2],@E[2],@C[6]
	eor	@E[3],@E[3],@C[7]
	str	@E[2],[sp,#$A[1][3]]		@ A[1][3] = C[3] ^ (~C[4] & C[0]);
	bic	@E[0],@C[2],@C[0]
	str	@E[3],[sp,#$A[1][3]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
336 
	 add	@E[3],sp,#$D[3]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
337 
	bic	@E[1],@C[3],@C[1]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
338 
	 ldr	@C[1],[sp,#$T[0][1]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
339 
	eor	@E[0],@E[0],@C[8]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
340 
	 ldr	@C[0],[sp,#$T[0][1]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
341 342 343 344 345 346 347 348 
	eor	@E[1],@E[1],@C[9]
	str	@E[0],[sp,#$A[1][4]]		@ A[1][4] = C[4] ^ (~C[0] & C[1]);
	str	@E[1],[sp,#$A[1][4]+4]

	ldr	@C[2],[sp,#$T[1][2]]
	ldr	@C[3],[sp,#$T[1][2]+4]
	ldmia	@E[3],{@E[0]-@E[2],@E[3]}	@ D[3..4]
	ldr	@C[4],[sp,#$A[2][3]]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
349 
	ror	@C[0],@C[0],#32-1		@ C[0] = ROL64(T[0][1],        rhotates[0][1]);
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
350 
	ldr	@C[5],[sp,#$A[2][3]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
351 352 353 354 
	ror	@C[2],@C[2],#32-3		@ C[1] = ROL64(T[1][2],        rhotates[1][2]);
	ldr	@C[6],[sp,#$A[3][4]]
	ror	@C[3],@C[3],#32-3
	ldr	@C[7],[sp,#$A[3][4]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
355 
	eor	@E[0],@E[0],@C[4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
356 
	ldr	@C[8],[sp,#$A[4][0]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
357 
	eor	@E[1],@E[1],@C[5]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
358 
	ldr	@C[9],[sp,#$A[4][0]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
359 
	ror	@C[5],@E[0],#32-12		@ C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
360 
	ldr	@E[0],[sp,#$D[0]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
361 
	ror	@C[4],@E[1],#32-13
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
362 
	ldr	@E[1],[sp,#$D[0]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
363 364 365 366 
	eor	@C[6],@C[6],@E[2]
	eor	@C[7],@C[7],@E[3]
	ror	@C[6],@C[6],#32-4		@ C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
	eor	@C[8],@C[8],@E[0]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
367 
	ror	@C[7],@C[7],#32-4
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
368 369 370 371 
	eor	@C[9],@C[9],@E[1]
	ror	@C[8],@C[8],#32-9		@ C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);

	bic	@E[0],@C[4],@C[2]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
372 
	 ror	@C[9],@C[9],#32-9
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 
	bic	@E[1],@C[5],@C[3]
	eor	@E[0],@E[0],@C[0]
	eor	@E[1],@E[1],@C[1]
	str	@E[0],[sp,#$A[2][0]]		@ A[2][0] = C[0] ^ (~C[1] & C[2])
	bic	@E[2],@C[6],@C[4]
	str	@E[1],[sp,#$A[2][0]+4]
	bic	@E[3],@C[7],@C[5]
	eor	@E[2],@E[2],@C[2]
	eor	@E[3],@E[3],@C[3]
	str	@E[2],[sp,#$A[2][1]]		@ A[2][1] = C[1] ^ (~C[2] & C[3]);
	bic	@E[0],@C[8],@C[6]
	str	@E[3],[sp,#$A[2][1]+4]
	bic	@E[1],@C[9],@C[7]
	eor	@E[0],@E[0],@C[4]
	eor	@E[1],@E[1],@C[5]
	str	@E[0],[sp,#$A[2][2]]		@ A[2][2] = C[2] ^ (~C[3] & C[4]);
	bic	@E[2],@C[0],@C[8]
	str	@E[1],[sp,#$A[2][2]+4]
	bic	@E[3],@C[1],@C[9]
	eor	@E[2],@E[2],@C[6]
	eor	@E[3],@E[3],@C[7]
	str	@E[2],[sp,#$A[2][3]]		@ A[2][3] = C[3] ^ (~C[4] & C[0]);
	bic	@E[0],@C[2],@C[0]
	str	@E[3],[sp,#$A[2][3]+4]
	bic	@E[1],@C[3],@C[1]
	eor	@E[0],@E[0],@C[8]
	eor	@E[1],@E[1],@C[9]
	str	@E[0],[sp,#$A[2][4]]		@ A[2][4] = C[4] ^ (~C[0] & C[1]);
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
401 
	 add	@C[2],sp,#$T[1][0]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
402 403 
	str	@E[1],[sp,#$A[2][4]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
404 
	add	@E[3],sp,#$D[2]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
405 406 
	ldr	@C[1],[sp,#$T[0][4]]
	ldr	@C[0],[sp,#$T[0][4]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
407 408 
	ldmia	@C[2],{@C[2]-@C[5]}		@ T[1][0..1]
	ldmia	@E[3],{@E[0]-@E[2],@E[3]}	@ D[2..3]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
409 
	ror	@C[1],@C[1],#32-13		@ C[0] = ROL64(T[0][4],        rhotates[0][4]);
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
410 
	ldr	@C[6],[sp,#$A[3][2]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
411 
	ror	@C[0],@C[0],#32-14
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
412 
	ldr	@C[7],[sp,#$A[3][2]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
413 
	ror	@C[2],@C[2],#32-18		@ C[1] = ROL64(T[1][0],        rhotates[1][0]);
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
414 
	ldr	@C[8],[sp,#$A[4][3]]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
415 
	ror	@C[3],@C[3],#32-18
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
416 
	ldr	@C[9],[sp,#$A[4][3]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
417 418 
	ror	@C[4],@C[4],#32-5		@ C[2] = ROL64(T[1][1],        rhotates[2][1]); /* originally A[2][1] */
	eor	@E[0],@E[0],@C[6]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
419 
	ror	@C[5],@C[5],#32-5
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
420 421 422 
	eor	@E[1],@E[1],@C[7]
	ror	@C[7],@E[0],#32-7		@ C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
	eor	@C[8],@C[8],@E[2]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
423 
	ror	@C[6],@E[1],#32-8
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
424 425 426 427 
	eor	@C[9],@C[9],@E[3]
	ror	@C[8],@C[8],#32-28		@ C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);

	bic	@E[0],@C[4],@C[2]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
428 
	 ror	@C[9],@C[9],#32-28
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 
	bic	@E[1],@C[5],@C[3]
	eor	@E[0],@E[0],@C[0]
	eor	@E[1],@E[1],@C[1]
	str	@E[0],[sp,#$A[3][0]]		@ A[3][0] = C[0] ^ (~C[1] & C[2])
	bic	@E[2],@C[6],@C[4]
	str	@E[1],[sp,#$A[3][0]+4]
	bic	@E[3],@C[7],@C[5]
	eor	@E[2],@E[2],@C[2]
	eor	@E[3],@E[3],@C[3]
	str	@E[2],[sp,#$A[3][1]]		@ A[3][1] = C[1] ^ (~C[2] & C[3]);
	bic	@E[0],@C[8],@C[6]
	str	@E[3],[sp,#$A[3][1]+4]
	bic	@E[1],@C[9],@C[7]
	eor	@E[0],@E[0],@C[4]
	eor	@E[1],@E[1],@C[5]
	str	@E[0],[sp,#$A[3][2]]		@ A[3][2] = C[2] ^ (~C[3] & C[4]);
	bic	@E[2],@C[0],@C[8]
	str	@E[1],[sp,#$A[3][2]+4]
	bic	@E[3],@C[1],@C[9]
	eor	@E[2],@E[2],@C[6]
	eor	@E[3],@E[3],@C[7]
	str	@E[2],[sp,#$A[3][3]]		@ A[3][3] = C[3] ^ (~C[4] & C[0]);
	bic	@E[0],@C[2],@C[0]
	str	@E[3],[sp,#$A[3][3]+4]
	bic	@E[1],@C[3],@C[1]
	eor	@E[0],@E[0],@C[8]
	eor	@E[1],@E[1],@C[9]
	str	@E[0],[sp,#$A[3][4]]		@ A[3][4] = C[4] ^ (~C[0] & C[1]);
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
457 
	 add	@E[3],sp,#$T[1][3]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
458 459 460 461 462 463 
	str	@E[1],[sp,#$A[3][4]+4]

	ldr	@C[0],[sp,#$T[0][2]]
	ldr	@C[1],[sp,#$T[0][2]+4]
	ldmia	@E[3],{@E[0]-@E[2],@E[3]}	@ T[1][3..4]
	ldr	@C[7],[sp,#$T[0][0]]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
464 
	ror	@C[0],@C[0],#32-31		@ C[0] = ROL64(T[0][2],        rhotates[0][2]);
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
465 
	ldr	@C[6],[sp,#$T[0][0]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
466 
	ror	@C[1],@C[1],#32-31
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
467 
	ldr	@C[8],[sp,#$A[4][1]]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
468 
	ror	@C[3],@E[0],#32-27		@ C[1] = ROL64(T[1][3],        rhotates[1][3]);
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
469 
	ldr	@E[0],[sp,#$D[1]]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
470 471 472 
	ror	@C[2],@E[1],#32-28
	ldr	@C[9],[sp,#$A[4][1]+4]
	ror	@C[5],@E[2],#32-19		@ C[2] = ROL64(T[1][4],        rhotates[2][4]); /* originally A[2][4] */
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
473 
	ldr	@E[1],[sp,#$D[1]+4]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
474 
	ror	@C[4],@E[3],#32-20
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
475 
	eor	@C[8],@C[8],@E[0]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
476 
	ror	@C[7],@C[7],#32-20		@ C[3] = ROL64(T[0][0],        rhotates[3][0]); /* originally A[3][0] */
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
477 
	eor	@C[9],@C[9],@E[1]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
478 
	ror	@C[6],@C[6],#32-21
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
479 480 

	bic	@E[0],@C[4],@C[2]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
481 
	 ror	@C[8],@C[8],#32-1		@ C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
482 
	bic	@E[1],@C[5],@C[3]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
483 
	 ror	@C[9],@C[9],#32-1
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 
	eor	@E[0],@E[0],@C[0]
	eor	@E[1],@E[1],@C[1]
	str	@E[0],[sp,#$A[4][0]]		@ A[4][0] = C[0] ^ (~C[1] & C[2])
	bic	@E[2],@C[6],@C[4]
	str	@E[1],[sp,#$A[4][0]+4]
	bic	@E[3],@C[7],@C[5]
	eor	@E[2],@E[2],@C[2]
	eor	@E[3],@E[3],@C[3]
	str	@E[2],[sp,#$A[4][1]]		@ A[4][1] = C[1] ^ (~C[2] & C[3]);
	bic	@E[0],@C[8],@C[6]
	str	@E[3],[sp,#$A[4][1]+4]
	bic	@E[1],@C[9],@C[7]
	eor	@E[0],@E[0],@C[4]
	eor	@E[1],@E[1],@C[5]
	str	@E[0],[sp,#$A[4][2]]		@ A[4][2] = C[2] ^ (~C[3] & C[4]);
	bic	@E[2],@C[0],@C[8]
	str	@E[1],[sp,#$A[4][2]+4]
	bic	@E[3],@C[1],@C[9]
	eor	@E[2],@E[2],@C[6]
	eor	@E[3],@E[3],@C[7]
	str	@E[2],[sp,#$A[4][3]]		@ A[4][3] = C[3] ^ (~C[4] & C[0]);
	bic	@E[0],@C[2],@C[0]
A
sha/asm/keccak1600-armv4.pl: optimization based on profiler feedback.  
Andy Polyakov 已提交
506 
	str	@E[3],[sp,#$A[4][3]+4]
A
Add sha/asm/keccak1600-armv4.pl.  
Andy Polyakov 已提交
507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 
	bic	@E[1],@C[3],@C[1]
	eor	@E[2],@E[0],@C[8]
	 add	@E[0],sp,#$A[1][0]
	eor	@E[3],@E[1],@C[9]
	 ldmia	sp,{@C[0]-@C[9]}		@ A[0][0..5]
	str	@E[2],[sp,#$A[4][4]]		@ A[4][4] = C[4] ^ (~C[0] & C[1]);
	str	@E[3],[sp,#$A[4][4]+4]

	blo	.Lround

	ldr	@E[1],[sp,#320]			@ restore pointer to A
	stmia	@E[1]!,{@C[0]-@C[9]}		@ copy A[5][5] from stack
	ldmia	@E[0]!,{@C[0]-@C[9]}
	stmia	@E[1]!,{@C[0]-@C[9]}
	ldmia	@E[0]!,{@C[0]-@C[9]}
	stmia	@E[1]!,{@C[0]-@C[9]}
	ldmia	@E[0]!,{@C[0]-@C[9]}
	stmia	@E[1]!,{@C[0]-@C[9]}
	ldmia	@E[0],{@C[0]-@C[9]}
	stmia	@E[1],{@C[0]-@C[9]}

	add	sp,sp,#320+8
	ldmia	sp!,{r4-r12,pc}
.size	KeccakF1600,.-KeccakF1600
___
print $code;