1int64 a
2
3int64 arg1
4int64 arg2
5int64 arg3
6int64 arg4
7input arg1
8input arg2
9input arg3
10input arg4
11
12int64 k
13int64 kbits
14int64 iv
15
16int64 i
17
18int64 x
19int64 m
20int64 out
21int64 bytes
22
23int6464 diag0
24int6464 diag1
25int6464 diag2
26int6464 diag3
27# situation at beginning of first round:
28# diag0: x0 x5 x10 x15
29# diag1: x12 x1 x6 x11
30# diag2: x8 x13 x2 x7
31# diag3: x4 x9 x14 x3
32# situation at beginning of second round:
33# diag0: x0 x5 x10 x15
34# diag1: x1 x6 x11 x12
35# diag2: x2 x7 x8 x13
36# diag3: x3 x4 x9 x14
37
38int6464 a0
39int6464 a1
40int6464 a2
41int6464 a3
42int6464 a4
43int6464 a5
44int6464 a6
45int6464 a7
46int6464 b0
47int6464 b1
48int6464 b2
49int6464 b3
50int6464 b4
51int6464 b5
52int6464 b6
53int6464 b7
54
55int64 in0
56int64 in1
57int64 in2
58int64 in3
59int64 in4
60int64 in5
61int64 in6
62int64 in7
63int64 in8
64int64 in9
65int64 in10
66int64 in11
67int64 in12
68int64 in13
69int64 in14
70int64 in15
71
72stack512 tmp
73
74int64 ctarget
75stack64 bytes_backup
76
77
78enter ECRYPT_keystream_bytes
79
80x = arg1
81m = arg2
82out = m
83bytes = arg3
84
85              unsigned>? bytes - 0
86goto done if !unsigned>
87
88a = 0
89i = bytes
90while (i) { *out++ = a; --i }
91out -= bytes
92
93goto start
94
95
96enter ECRYPT_decrypt_bytes
97
98x = arg1
99m = arg2
100out = arg3
101bytes = arg4
102
103              unsigned>? bytes - 0
104goto done if !unsigned>
105
106goto start
107
108
109enter ECRYPT_encrypt_bytes
110
111x = arg1
112m = arg2
113out = arg3
114bytes = arg4
115
116              unsigned>? bytes - 0
117goto done if !unsigned>
118
119
120start:
121
122
123bytesatleast1:
124
125                  unsigned<? bytes - 64
126  goto nocopy if !unsigned<
127
128    ctarget = out
129
130    out = &tmp
131    i = bytes
132    while (i) { *out++ = *m++; --i }
133    out = &tmp
134    m = &tmp
135
136  nocopy:
137
138bytes_backup = bytes
139
140
141diag0 = *(int128 *) (x + 0)
142diag1 = *(int128 *) (x + 16)
143diag2 = *(int128 *) (x + 32)
144diag3 = *(int128 *) (x + 48)
145
146
147            	a0 = diag1
148i = 20
149
150mainloop:
151
152uint32323232	a0 += diag0
153				a1 = diag0
154            	b0 = a0
155uint32323232	a0 <<= 7
156uint32323232	b0 >>= 25
157                diag3 ^= a0
158
159                diag3 ^= b0
160
161uint32323232			a1 += diag3
162						a2 = diag3
163            			b1 = a1
164uint32323232			a1 <<= 9
165uint32323232			b1 >>= 23
166				diag2 ^= a1
167		diag3 <<<= 32
168				diag2 ^= b1
169
170uint32323232					a2 += diag2
171								a3 = diag2
172            					b2 = a2
173uint32323232					a2 <<= 13
174uint32323232					b2 >>= 19
175						diag1 ^= a2
176				diag2 <<<= 64
177						diag1 ^= b2
178
179uint32323232							a3 += diag1
180		a4 = diag3
181            							b3 = a3
182uint32323232							a3 <<= 18
183uint32323232							b3 >>= 14
184								diag0 ^= a3
185						diag1 <<<= 96
186								diag0 ^= b3
187
188uint32323232	a4 += diag0
189				a5 = diag0
190            	b4 = a4
191uint32323232	a4 <<= 7
192uint32323232	b4 >>= 25
193                diag1 ^= a4
194
195                diag1 ^= b4
196
197uint32323232			a5 += diag1
198						a6 = diag1
199            			b5 = a5
200uint32323232			a5 <<= 9
201uint32323232			b5 >>= 23
202				diag2 ^= a5
203		diag1 <<<= 32
204				diag2 ^= b5
205
206uint32323232					a6 += diag2
207								a7 = diag2
208            					b6 = a6
209uint32323232					a6 <<= 13
210uint32323232					b6 >>= 19
211						diag3 ^= a6
212				diag2 <<<= 64
213						diag3 ^= b6
214
215uint32323232							a7 += diag3
216		a0 = diag1
217            							b7 = a7
218uint32323232							a7 <<= 18
219uint32323232							b7 >>= 14
220								diag0 ^= a7
221						diag3 <<<= 96
222								diag0 ^= b7
223
224
225uint32323232	a0 += diag0
226				a1 = diag0
227            	b0 = a0
228uint32323232	a0 <<= 7
229uint32323232	b0 >>= 25
230                diag3 ^= a0
231
232                diag3 ^= b0
233
234uint32323232			a1 += diag3
235						a2 = diag3
236            			b1 = a1
237uint32323232			a1 <<= 9
238uint32323232			b1 >>= 23
239				diag2 ^= a1
240		diag3 <<<= 32
241				diag2 ^= b1
242
243uint32323232					a2 += diag2
244								a3 = diag2
245            					b2 = a2
246uint32323232					a2 <<= 13
247uint32323232					b2 >>= 19
248						diag1 ^= a2
249				diag2 <<<= 64
250						diag1 ^= b2
251
252uint32323232							a3 += diag1
253		a4 = diag3
254            							b3 = a3
255uint32323232							a3 <<= 18
256uint32323232							b3 >>= 14
257								diag0 ^= a3
258						diag1 <<<= 96
259								diag0 ^= b3
260
261uint32323232	a4 += diag0
262				a5 = diag0
263            	b4 = a4
264uint32323232	a4 <<= 7
265uint32323232	b4 >>= 25
266                diag1 ^= a4
267
268                diag1 ^= b4
269
270uint32323232			a5 += diag1
271						a6 = diag1
272            			b5 = a5
273uint32323232			a5 <<= 9
274uint32323232			b5 >>= 23
275				diag2 ^= a5
276		diag1 <<<= 32
277				diag2 ^= b5
278
279uint32323232					a6 += diag2
280								a7 = diag2
281            					b6 = a6
282uint32323232					a6 <<= 13
283uint32323232					b6 >>= 19
284						diag3 ^= a6
285				diag2 <<<= 64
286						diag3 ^= b6
287                 unsigned>? i -= 4
288uint32323232							a7 += diag3
289		a0 = diag1
290            							b7 = a7
291uint32323232							a7 <<= 18
292uint32323232							b7 >>= 14
293								diag0 ^= a7
294						diag3 <<<= 96
295								diag0 ^= b7
296goto mainloop if unsigned>
297
298
299uint32323232 diag0 += *(int128 *) (x + 0)
300uint32323232 diag1 += *(int128 *) (x + 16)
301uint32323232 diag2 += *(int128 *) (x + 32)
302uint32323232 diag3 += *(int128 *) (x + 48)
303
304
305in0 = diag0
306in12 = diag1
307in8 = diag2
308in4 = diag3
309diag0 <<<= 96
310diag1 <<<= 96
311diag2 <<<= 96
312diag3 <<<= 96
313(uint32) in0 ^= *(uint32 *) (m + 0)
314(uint32) in12 ^= *(uint32 *) (m + 48)
315(uint32) in8 ^= *(uint32 *) (m + 32)
316(uint32) in4 ^= *(uint32 *) (m + 16)
317*(uint32 *) (out + 0) = in0
318*(uint32 *) (out + 48) = in12
319*(uint32 *) (out + 32) = in8
320*(uint32 *) (out + 16) = in4
321
322in5 = diag0
323in1 = diag1
324in13 = diag2
325in9 = diag3
326diag0 <<<= 96
327diag1 <<<= 96
328diag2 <<<= 96
329diag3 <<<= 96
330(uint32) in5 ^= *(uint32 *) (m + 20)
331(uint32) in1 ^= *(uint32 *) (m + 4)
332(uint32) in13 ^= *(uint32 *) (m + 52)
333(uint32) in9 ^= *(uint32 *) (m + 36)
334*(uint32 *) (out + 20) = in5
335*(uint32 *) (out + 4) = in1
336*(uint32 *) (out + 52) = in13
337*(uint32 *) (out + 36) = in9
338
339in10 = diag0
340in6 = diag1
341in2 = diag2
342in14 = diag3
343diag0 <<<= 96
344diag1 <<<= 96
345diag2 <<<= 96
346diag3 <<<= 96
347(uint32) in10 ^= *(uint32 *) (m + 40)
348(uint32) in6 ^= *(uint32 *) (m + 24)
349(uint32) in2 ^= *(uint32 *) (m + 8)
350(uint32) in14 ^= *(uint32 *) (m + 56)
351*(uint32 *) (out + 40) = in10
352*(uint32 *) (out + 24) = in6
353*(uint32 *) (out + 8) = in2
354*(uint32 *) (out + 56) = in14
355
356in15 = diag0
357in11 = diag1
358in7 = diag2
359in3 = diag3
360(uint32) in15 ^= *(uint32 *) (m + 60)
361(uint32) in11 ^= *(uint32 *) (m + 44)
362(uint32) in7 ^= *(uint32 *) (m + 28)
363(uint32) in3 ^= *(uint32 *) (m + 12)
364*(uint32 *) (out + 60) = in15
365*(uint32 *) (out + 44) = in11
366*(uint32 *) (out + 28) = in7
367*(uint32 *) (out + 12) = in3
368
369
370bytes = bytes_backup
371
372  in8 = *(uint32 *) (x + 32)
373  in9 = *(uint32 *) (x + 52)
374  in8 += 1
375  in9 <<= 32
376  in8 += in9
377  *(uint32 *) (x + 32) = in8
378  (uint64) in8 >>= 32
379  *(uint32 *) (x + 52) = in8
380
381
382                         unsigned>? unsigned<? bytes - 64
383  goto bytesatleast65 if unsigned>
384
385    goto bytesatleast64 if !unsigned<
386      m = out
387      out = ctarget
388      i = bytes
389      while (i) { *out++ = *m++; --i }
390    bytesatleast64:
391    done:
392
393    leave
394
395  bytesatleast65:
396
397  bytes -= 64
398  out += 64
399  m += 64
400goto bytesatleast1
401
402
403enter ECRYPT_init
404leave
405
406
407enter ECRYPT_keysetup
408
409  k = arg2
410  kbits = arg3
411  x = arg1
412
413# situation at beginning of first round:
414# diag0: x0 x5 x10 x15
415# diag1: x12 x1 x6 x11
416# diag2: x8 x13 x2 x7
417# diag3: x4 x9 x14 x3
418
419  in1 = *(uint32 *) (k + 0)
420  in2 = *(uint32 *) (k + 4)
421  in3 = *(uint32 *) (k + 8)
422  in4 = *(uint32 *) (k + 12)
423  *(uint32 *) (x + 20) = in1
424  *(uint32 *) (x + 40) = in2
425  *(uint32 *) (x + 60) = in3
426  *(uint32 *) (x + 48) = in4
427
428                   unsigned<? kbits - 256
429  goto kbits128 if unsigned<
430
431  kbits256:
432
433    in11 = *(uint32 *) (k + 16)
434    in12 = *(uint32 *) (k + 20)
435    in13 = *(uint32 *) (k + 24)
436    in14 = *(uint32 *) (k + 28)
437    *(uint32 *) (x + 28) = in11
438    *(uint32 *) (x + 16) = in12
439    *(uint32 *) (x + 36) = in13
440    *(uint32 *) (x + 56) = in14
441
442    in0 = 1634760805
443    in5 = 857760878
444    in10 = 2036477234
445    in15 = 1797285236
446    *(uint32 *) (x + 0) = in0
447    *(uint32 *) (x + 4) = in5
448    *(uint32 *) (x + 8) = in10
449    *(uint32 *) (x + 12) = in15
450
451  goto keysetupdone
452
453  kbits128:
454
455    in11 = *(uint32 *) (k + 0)
456    in12 = *(uint32 *) (k + 4)
457    in13 = *(uint32 *) (k + 8)
458    in14 = *(uint32 *) (k + 12)
459    *(uint32 *) (x + 28) = in11
460    *(uint32 *) (x + 16) = in12
461    *(uint32 *) (x + 36) = in13
462    *(uint32 *) (x + 56) = in14
463
464    in0 = 1634760805
465    in5 = 824206446
466    in10 = 2036477238
467    in15 = 1797285236
468    *(uint32 *) (x + 0) = in0
469    *(uint32 *) (x + 4) = in5
470    *(uint32 *) (x + 8) = in10
471    *(uint32 *) (x + 12) = in15
472
473  keysetupdone:
474
475leave
476
477
478enter ECRYPT_ivsetup
479
480  iv = arg2
481  x = arg1
482
483# situation at beginning of first round:
484# diag0: x0 x5 x10 x15
485# diag1: x12 x1 x6 x11
486# diag2: x8 x13 x2 x7
487# diag3: x4 x9 x14 x3
488
489  in6 = *(uint32 *) (iv + 0)
490  in7 = *(uint32 *) (iv + 4)
491  in8 = 0
492  in9 = 0
493  *(uint32 *) (x + 24) = in6
494  *(uint32 *) (x + 44) = in7
495  *(uint32 *) (x + 32) = in8
496  *(uint32 *) (x + 52) = in9
497
498leave
499