1 // Copyright 2019 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 //go:build gc && !purego
6
7 #include "textflag.h"
8
9 // This was ported from the amd64 implementation.
10
11 #define POLY1305_ADD(msg, h0, h1, h2, t0, t1, t2) \
12 MOVD (msg), t0; \
13 MOVD 8(msg), t1; \
14 MOVD $1, t2; \
15 ADDC t0, h0, h0; \
16 ADDE t1, h1, h1; \
17 ADDE t2, h2; \
18 ADD $16, msg
19
20 #define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3, t4, t5) \
21 MULLD r0, h0, t0; \
22 MULHDU r0, h0, t1; \
23 MULLD r0, h1, t4; \
24 MULHDU r0, h1, t5; \
25 ADDC t4, t1, t1; \
26 MULLD r0, h2, t2; \
27 MULHDU r1, h0, t4; \
28 MULLD r1, h0, h0; \
29 ADDE t5, t2, t2; \
30 ADDC h0, t1, t1; \
31 MULLD h2, r1, t3; \
32 ADDZE t4, h0; \
33 MULHDU r1, h1, t5; \
34 MULLD r1, h1, t4; \
35 ADDC t4, t2, t2; \
36 ADDE t5, t3, t3; \
37 ADDC h0, t2, t2; \
38 MOVD $-4, t4; \
39 ADDZE t3; \
40 RLDICL $0, t2, $62, h2; \
41 AND t2, t4, h0; \
42 ADDC t0, h0, h0; \
43 ADDE t3, t1, h1; \
44 SLD $62, t3, t4; \
45 SRD $2, t2; \
46 ADDZE h2; \
47 OR t4, t2, t2; \
48 SRD $2, t3; \
49 ADDC t2, h0, h0; \
50 ADDE t3, h1, h1; \
51 ADDZE h2
52
53 DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
54 DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
55 GLOBL ·poly1305Mask<>(SB), RODATA, $16
56
57 // func update(state *[7]uint64, msg []byte)
58 TEXT ·update(SB), $0-32
59 MOVD state+0(FP), R3
60 MOVD msg_base+8(FP), R4
61 MOVD msg_len+16(FP), R5
62
63 MOVD 0(R3), R8 // h0
64 MOVD 8(R3), R9 // h1
65 MOVD 16(R3), R10 // h2
66 MOVD 24(R3), R11 // r0
67 MOVD 32(R3), R12 // r1
68
69 CMP R5, $16
70 BLT bytes_between_0_and_15
71
72 loop:
73 POLY1305_ADD(R4, R8, R9, R10, R20, R21, R22)
74
75 PCALIGN $16
76 multiply:
77 POLY1305_MUL(R8, R9, R10, R11, R12, R16, R17, R18, R14, R20, R21)
78 ADD $-16, R5
79 CMP R5, $16
80 BGE loop
81
82 bytes_between_0_and_15:
83 CMP R5, $0
84 BEQ done
85 MOVD $0, R16 // h0
86 MOVD $0, R17 // h1
87
88 flush_buffer:
89 CMP R5, $8
90 BLE just1
91
92 MOVD $8, R21
93 SUB R21, R5, R21
94
95 // Greater than 8 -- load the rightmost remaining bytes in msg
96 // and put into R17 (h1)
97 MOVD (R4)(R21), R17
98 MOVD $16, R22
99
100 // Find the offset to those bytes
101 SUB R5, R22, R22
102 SLD $3, R22
103
104 // Shift to get only the bytes in msg
105 SRD R22, R17, R17
106
107 // Put 1 at high end
108 MOVD $1, R23
109 SLD $3, R21
110 SLD R21, R23, R23
111 OR R23, R17, R17
112
113 // Remainder is 8
114 MOVD $8, R5
115
116 just1:
117 CMP R5, $8
118 BLT less8
119
120 // Exactly 8
121 MOVD (R4), R16
122
123 CMP R17, $0
124
125 // Check if we've already set R17; if not
126 // set 1 to indicate end of msg.
127 BNE carry
128 MOVD $1, R17
129 BR carry
130
131 less8:
132 MOVD $0, R16 // h0
133 MOVD $0, R22 // shift count
134 CMP R5, $4
135 BLT less4
136 MOVWZ (R4), R16
137 ADD $4, R4
138 ADD $-4, R5
139 MOVD $32, R22
140
141 less4:
142 CMP R5, $2
143 BLT less2
144 MOVHZ (R4), R21
145 SLD R22, R21, R21
146 OR R16, R21, R16
147 ADD $16, R22
148 ADD $-2, R5
149 ADD $2, R4
150
151 less2:
152 CMP R5, $0
153 BEQ insert1
154 MOVBZ (R4), R21
155 SLD R22, R21, R21
156 OR R16, R21, R16
157 ADD $8, R22
158
159 insert1:
160 // Insert 1 at end of msg
161 MOVD $1, R21
162 SLD R22, R21, R21
163 OR R16, R21, R16
164
165 carry:
166 // Add new values to h0, h1, h2
167 ADDC R16, R8
168 ADDE R17, R9
169 ADDZE R10, R10
170 MOVD $16, R5
171 ADD R5, R4
172 BR multiply
173
174 done:
175 // Save h0, h1, h2 in state
176 MOVD R8, 0(R3)
177 MOVD R9, 8(R3)
178 MOVD R10, 16(R3)
179 RET
180
View as plain text