1 my @C = map("r$_",(0..9));
2 my @E = map("r$_",(10..12,14));
4 my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20));
5 my @D = map(8*$_, (25..29));
6 my @T = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (30,35));
14 .long 0x00000001, 0x00000000
15 .long 0x00000000, 0x00000089
16 .long 0x00000000, 0x8000008b
17 .long 0x00000000, 0x80008080
18 .long 0x00000001, 0x0000008b
19 .long 0x00000001, 0x00008000
20 .long 0x00000001, 0x80008088
21 .long 0x00000001, 0x80000082
22 .long 0x00000000, 0x0000000b
23 .long 0x00000000, 0x0000000a
24 .long 0x00000001, 0x00008082
25 .long 0x00000000, 0x00008003
26 .long 0x00000001, 0x0000808b
27 .long 0x00000001, 0x8000000b
28 .long 0x00000001, 0x8000008a
29 .long 0x00000001, 0x80000081
30 .long 0x00000000, 0x80000081
31 .long 0x00000000, 0x80000008
32 .long 0x00000000, 0x00000083
33 .long 0x00000000, 0x80008003
34 .long 0x00000001, 0x80008088
35 .long 0x00000000, 0x80000088
36 .long 0x00000001, 0x00008000
37 .long 0x00000000, 0x80008082
41 .type KeccakF1600, %function
45 stmdb sp!,{r0,r1,r4-r12,lr}
46 sub sp,sp,#320 @ space for A[5][5],D[5],T[2][5]
48 add @E[0],r0,#$A[1][0]
49 add @E[1],sp,#$A[1][0]
51 ldmia @E[0]!,{@C[0]-@C[9]} @ copy A[5][5] to stack
52 stmia @E[1]!,{@C[0]-@C[9]}
53 ldmia @E[0]!,{@C[0]-@C[9]}
54 stmia @E[1]!,{@C[0]-@C[9]}
55 ldmia @E[0]!,{@C[0]-@C[9]}
56 stmia @E[1]!,{@C[0]-@C[9]}
57 ldmia @E[0],{@C[0]-@C[9]}
58 stmia @E[1],{@C[0]-@C[9]}
59 ldmia @E[2],{@C[0]-@C[9]}
60 stmia sp,{@C[0]-@C[9]}
61 add @E[0],sp,#$A[1][0]
66 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[1][0..1]
68 add @E[0],sp,#$A[1][2]
72 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[1][2..3]
74 add @E[0],sp,#$A[1][4]
78 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[1][4]..A[2][0]
80 add @E[0],sp,#$A[2][1]
84 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[2][1..2]
86 add @E[0],sp,#$A[2][3]
90 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[2][3..4]
92 add @E[0],sp,#$A[3][0]
96 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[3][0..1]
98 add @E[0],sp,#$A[3][2]
100 eor @C[2],@C[2],@E[2]
101 eor @C[3],@C[3],@E[3]
102 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[3][2..3]
103 eor @C[4],@C[4],@E[0]
104 add @E[0],sp,#$A[3][4]
105 eor @C[5],@C[5],@E[1]
106 eor @C[6],@C[6],@E[2]
107 eor @C[7],@C[7],@E[3]
108 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[3][4]..A[4][0]
109 eor @C[8],@C[8],@E[0]
110 add @E[0],sp,#$A[4][1]
111 eor @C[9],@C[9],@E[1]
112 eor @C[0],@C[0],@E[2]
113 eor @C[1],@C[1],@E[3]
114 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[4][1..2]
115 eor @C[2],@C[2],@E[0]
116 add @E[0],sp,#$A[4][3]
117 eor @C[3],@C[3],@E[1]
118 eor @C[4],@C[4],@E[2]
119 eor @C[5],@C[5],@E[3]
120 ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[4][3..4]
121 eor @C[6],@C[6],@E[0]
122 eor @C[7],@C[7],@E[1]
123 eor @C[8],@C[8],@E[2]
124 eor @C[9],@C[9],@E[3]
126 eor @E[0],@C[0],@C[5],ror#32-1 @ E[0] = ROL64(C[2], 1) ^ C[0];
127 eor @E[1],@C[1],@C[4]
128 str @E[0],[sp,#$D[1]] @ D[1] = E[0]
129 eor @E[2],@C[6],@C[1],ror#32-1 @ E[1] = ROL64(C[0], 1) ^ C[3];
130 str @E[1],[sp,#$D[1]+4]
131 eor @E[3],@C[7],@C[0]
132 str @E[2],[sp,#$D[4]] @ D[4] = E[1]
133 eor @C[0],@C[8],@C[3],ror#32-1 @ C[0] = ROL64(C[1], 1) ^ C[4];
134 str @E[3],[sp,#$D[4]+4]
135 eor @C[1],@C[9],@C[2]
136 str @C[0],[sp,#$D[0]] @ D[0] = C[0]
137 eor @C[2],@C[2],@C[7],ror#32-1 @ C[1] = ROL64(C[3], 1) ^ C[1];
138 str @C[1],[sp,#$D[0]+4]
139 eor @C[3],@C[3],@C[6]
140 str @C[2],[sp,#$D[2]] @ D[2] = C[1]
141 eor @C[4],@C[4],@C[9],ror#32-1 @ C[2] = ROL64(C[4], 1) ^ C[2];
142 str @C[3],[sp,#$D[2]+4]
143 eor @C[5],@C[5],@C[8]
144 str @C[4],[sp,#$D[3]] @ D[3] = C[2]
145 str @C[5],[sp,#$D[3]+4]
147 ldr @C[8],[sp,#$A[3][0]]
148 ldr @C[9],[sp,#$A[3][0]+4]
149 eor @C[8],@C[8],@C[0]
150 eor @C[9],@C[9],@C[1]
151 str @C[8],[sp,#$T[0][0]] @ T[0][0] = A[3][0] ^ C[0]; /* borrow T[0][0] */
152 str @C[9],[sp,#$T[0][0]+4]
153 ldr @C[6],[sp,#$A[0][1]]
154 ldr @C[7],[sp,#$A[0][1]+4]
155 eor @C[6],@C[6],@E[0]
156 eor @C[7],@C[7],@E[1]
157 str @C[6],[sp,#$T[0][1]] @ T[0][1] = A[0][1] ^ E[0]; /* D[1] */
158 str @C[7],[sp,#$T[0][1]+4]
159 ldr @C[8],[sp,#$A[0][2]]
160 ldr @C[9],[sp,#$A[0][2]+4]
161 eor @C[8],@C[8],@C[2]
162 eor @C[9],@C[9],@C[3]
163 str @C[8],[sp,#$T[0][2]] @ T[0][2] = A[0][2] ^ C[1]; /* D[2] */
164 str @C[9],[sp,#$T[0][2]+4]
165 ldr @C[6],[sp,#$A[0][3]]
166 ldr @C[7],[sp,#$A[0][3]+4]
167 eor @C[6],@C[6],@C[4]
168 eor @C[7],@C[7],@C[5]
169 str @C[6],[sp,#$T[0][3]] @ T[0][3] = A[0][3] ^ C[2]; /* D[3] */
170 str @C[7],[sp,#$T[0][3]+4]
171 ldr @C[8],[sp,#$A[0][4]]
172 ldr @C[9],[sp,#$A[0][4]+4]
173 eor @C[8],@C[8],@E[2]
174 eor @C[9],@C[9],@E[3]
175 str @C[8],[sp,#$T[0][4]] @ T[0][4] = A[0][4] ^ E[1]; /* D[4] */
176 str @C[9],[sp,#$T[0][4]+4]
178 ldr @C[6],[sp,#$A[3][3]]
179 ldr @C[7],[sp,#$A[3][3]+4]
180 eor @C[4],@C[4],@C[6]
181 eor @C[5],@C[5],@C[7]
182 ror @C[7],@C[4],#32-10 @ C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */
183 ror @C[6],@C[5],#32-11
184 ldr @C[8],[sp,#$A[4][4]]
185 ldr @C[9],[sp,#$A[4][4]+4]
186 eor @C[8],@C[8],@E[2]
187 eor @C[9],@C[9],@E[3]
188 ror @C[8],@C[8],#32-7 @ C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */
189 ror @C[9],@C[9],#32-7
190 ldr @C[4],[sp,#$A[0][0]]
191 ldr @C[5],[sp,#$A[0][0]+4]
192 eor @C[0],@C[0],@C[4]
193 eor @C[1],@C[1],@C[5] @ C[0] = A[0][0] ^ C[0]; /* rotate by 0 */ /* D[0] */
194 ldr @E[2],[sp,#$A[2][2]]
195 ldr @E[3],[sp,#$A[2][2]+4]
196 eor @E[2],@E[2],@C[2]
197 eor @E[3],@E[3],@C[3]
198 ror @C[5],@E[2],#32-21 @ C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */
199 ror @C[4],@E[3],#32-22
200 ldr @C[2],[sp,#$A[1][1]]
201 ldr @C[3],[sp,#$A[1][1]+4]
202 eor @C[2],@C[2],@E[0]
203 eor @C[3],@C[3],@E[1]
204 ror @C[2],@C[2],#32-22 @ C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]); /* D[1] */
205 ror @C[3],@C[3],#32-22
208 ldr @E[1],[sp,#320+4] @ load counter
209 add @E[0],@E[0],@E[1]
213 str @E[1],[sp,#320+4] @ store counter
216 bic @E[0],@C[4],@C[2]
217 bic @E[1],@C[5],@C[3]
218 eor @E[0],@E[0],@C[0]
219 eor @E[1],@E[1],@C[1]
220 eor @E[0],@E[0],@E[2]
221 eor @E[1],@E[1],@E[3]
222 str @E[0],[sp,#$A[0][0]] @ A[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
223 bic @E[2],@C[6],@C[4]
224 str @E[1],[sp,#$A[0][0]+4]
225 bic @E[3],@C[7],@C[5]
226 eor @E[2],@E[2],@C[2]
227 eor @E[3],@E[3],@C[3]
228 str @E[2],[sp,#$A[0][1]] @ A[0][1] = C[1] ^ (~C[2] & C[3]);
229 bic @E[0],@C[8],@C[6]
230 str @E[3],[sp,#$A[0][1]+4]
231 bic @E[1],@C[9],@C[7]
232 eor @E[0],@E[0],@C[4]
233 eor @E[1],@E[1],@C[5]
234 str @E[0],[sp,#$A[0][2]] @ A[0][2] = C[2] ^ (~C[3] & C[4]);
235 bic @E[2],@C[0],@C[8]
236 str @E[1],[sp,#$A[0][2]+4]
237 bic @E[3],@C[1],@C[9]
238 eor @E[2],@E[2],@C[6]
239 eor @E[3],@E[3],@C[7]
240 str @E[2],[sp,#$A[0][3]] @ A[0][3] = C[3] ^ (~C[4] & C[0]);
241 bic @E[0],@C[2],@C[0]
242 str @E[3],[sp,#$A[0][3]+4]
243 bic @E[1],@C[3],@C[1]
244 eor @E[0],@E[0],@C[8]
245 eor @E[1],@E[1],@C[9]
246 str @E[0],[sp,#$A[0][4]] @ A[0][4] = C[4] ^ (~C[0] & C[1]);
247 str @E[1],[sp,#$A[0][4]+4]
250 ldmia @E[3],{@C[6]-@C[9],@E[0],@E[1],@E[2],@E[3]} @ D[0..3]
251 ldr @C[4],[sp,#$D[4]]
252 ldr @C[5],[sp,#$D[4]+4]
253 ldr @C[0],[sp,#$A[1][0]]
254 ldr @C[1],[sp,#$A[1][0]+4]
255 eor @C[0],@C[0],@C[6]
256 eor @C[1],@C[1],@C[7]
257 str @C[0],[sp,#$T[1][0]] @ T[1][0] = A[1][0] ^ (C[3] = D[0]);
258 str @C[1],[sp,#$T[1][0]+4]
259 ldr @C[2],[sp,#$A[2][1]]
260 ldr @C[3],[sp,#$A[2][1]+4]
261 eor @C[2],@C[2],@C[8]
262 eor @C[3],@C[3],@C[9]
263 str @C[2],[sp,#$T[1][1]] @ T[1][1] = A[2][1] ^ (C[4] = D[1]); /* borrow T[1][1] */
264 str @C[3],[sp,#$T[1][1]+4]
265 add @C[0],sp,#$A[1][2]
266 ldmia @C[0],{@C[0]-@C[3]} @ A[1][2..3]
267 eor @C[0],@C[0],@E[0]
268 eor @C[1],@C[1],@E[1]
269 str @C[0],[sp,#$T[1][2]] @ T[1][2] = A[1][2] ^ (E[0] = D[2]);
270 str @C[1],[sp,#$T[1][2]+4]
271 eor @C[2],@C[2],@E[2]
272 eor @C[3],@C[3],@E[3]
273 str @C[2],[sp,#$T[1][3]] @ T[1][3] = A[1][3] ^ (E[1] = D[3]);
274 str @C[3],[sp,#$T[1][3]+4]
275 ldr @C[0],[sp,#$A[2][4]]
276 ldr @C[1],[sp,#$A[2][4]+4]
277 eor @C[0],@C[0],@C[4]
278 eor @C[1],@C[1],@C[5]
279 str @C[0],[sp,#$T[1][4]] @ T[1][4] = A[2][4] ^ (C[2] = D[4]); /* borrow T[1][4] */
280 str @C[1],[sp,#$T[1][4]+4]
282 ldr @C[2],[sp,#$T[0][3]]
283 ldr @C[3],[sp,#$T[0][3]+4]
284 ror @C[0],@C[2],#32-14 @ C[0] = ROL64(T[0][3], rhotates[0][3]);
285 ror @C[1],@C[3],#32-14
286 ldr @E[2],[sp,#$A[1][4]]
287 ldr @E[3],[sp,#$A[1][4]+4]
288 eor @C[2],@E[2],@C[4]
289 eor @C[3],@E[3],@C[5]
290 ror @C[2],@C[2],#32-10 @ C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]); /* D[4] */
291 ror @C[3],@C[3],#32-10
292 ldr @C[4],[sp,#$A[2][0]]
293 ldr @C[5],[sp,#$A[2][0]+4]
294 eor @C[6],@C[6],@C[4]
295 eor @C[7],@C[7],@C[5]
296 ror @C[5],@C[6],#32-1 @ C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]); /* D[0] */
297 ror @C[4],@C[7],#32-2
298 ldr @E[2],[sp,#$A[3][1]]
299 ldr @E[3],[sp,#$A[3][1]+4]
300 eor @E[2],@E[2],@C[8]
301 eor @E[3],@E[3],@C[9]
302 ror @C[7],@E[2],#32-22 @ C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]); /* D[1] */
303 ror @C[6],@E[3],#32-23
304 ldr @C[8],[sp,#$A[4][2]]
305 ldr @C[9],[sp,#$A[4][2]+4]
306 eor @E[0],@E[0],@C[8]
307 eor @E[1],@E[1],@C[9]
308 ror @C[9],@E[0],#32-30 @ C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]); /* D[2] */
309 ror @C[8],@E[1],#32-31
311 bic @E[0],@C[4],@C[2]
312 bic @E[1],@C[5],@C[3]
313 eor @E[0],@E[0],@C[0]
314 eor @E[1],@E[1],@C[1]
315 str @E[0],[sp,#$A[1][0]] @ A[1][0] = C[0] ^ (~C[1] & C[2])
316 bic @E[2],@C[6],@C[4]
317 str @E[1],[sp,#$A[1][0]+4]
318 bic @E[3],@C[7],@C[5]
319 eor @E[2],@E[2],@C[2]
320 eor @E[3],@E[3],@C[3]
321 str @E[2],[sp,#$A[1][1]] @ A[1][1] = C[1] ^ (~C[2] & C[3]);
322 bic @E[0],@C[8],@C[6]
323 str @E[3],[sp,#$A[1][1]+4]
324 bic @E[1],@C[9],@C[7]
325 eor @E[0],@E[0],@C[4]
326 eor @E[1],@E[1],@C[5]
327 str @E[0],[sp,#$A[1][2]] @ A[1][2] = C[2] ^ (~C[3] & C[4]);
328 bic @E[2],@C[0],@C[8]
329 str @E[1],[sp,#$A[1][2]+4]
330 bic @E[3],@C[1],@C[9]
331 eor @E[2],@E[2],@C[6]
332 eor @E[3],@E[3],@C[7]
333 str @E[2],[sp,#$A[1][3]] @ A[1][3] = C[3] ^ (~C[4] & C[0]);
334 bic @E[0],@C[2],@C[0]
335 str @E[3],[sp,#$A[1][3]+4]
336 bic @E[1],@C[3],@C[1]
337 eor @E[0],@E[0],@C[8]
338 eor @E[1],@E[1],@C[9]
339 str @E[0],[sp,#$A[1][4]] @ A[1][4] = C[4] ^ (~C[0] & C[1]);
340 str @E[1],[sp,#$A[1][4]+4]
342 ldr @C[1],[sp,#$T[0][1]]
343 ldr @C[0],[sp,#$T[0][1]+4]
344 ror @C[0],@C[0],#32-1 @ C[0] = ROL64(T[0][1], rhotates[0][1]);
345 ldr @C[2],[sp,#$T[1][2]]
346 ldr @C[3],[sp,#$T[1][2]+4]
347 ror @C[2],@C[2],#32-3 @ C[1] = ROL64(T[1][2], rhotates[1][2]);
348 ror @C[3],@C[3],#32-3
350 ldmia @E[3],{@E[0]-@E[2],@E[3]} @ D[3..4]
351 ldr @C[4],[sp,#$A[2][3]]
352 ldr @C[5],[sp,#$A[2][3]+4]
353 eor @E[0],@E[0],@C[4]
354 eor @E[1],@E[1],@C[5]
355 ror @C[5],@E[0],#32-12 @ C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
356 ror @C[4],@E[1],#32-13
357 ldr @C[6],[sp,#$A[3][4]]
358 ldr @C[7],[sp,#$A[3][4]+4]
359 eor @C[6],@C[6],@E[2]
360 eor @C[7],@C[7],@E[3]
361 ror @C[6],@C[6],#32-4 @ C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
362 ror @C[7],@C[7],#32-4
363 ldr @C[8],[sp,#$A[4][0]]
364 ldr @C[9],[sp,#$A[4][0]+4]
365 ldr @E[0],[sp,#$D[0]]
366 ldr @E[1],[sp,#$D[0]+4]
367 eor @C[8],@C[8],@E[0]
368 eor @C[9],@C[9],@E[1]
369 ror @C[8],@C[8],#32-9 @ C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
370 ror @C[9],@C[9],#32-9
372 bic @E[0],@C[4],@C[2]
373 bic @E[1],@C[5],@C[3]
374 eor @E[0],@E[0],@C[0]
375 eor @E[1],@E[1],@C[1]
376 str @E[0],[sp,#$A[2][0]] @ A[2][0] = C[0] ^ (~C[1] & C[2])
377 bic @E[2],@C[6],@C[4]
378 str @E[1],[sp,#$A[2][0]+4]
379 bic @E[3],@C[7],@C[5]
380 eor @E[2],@E[2],@C[2]
381 eor @E[3],@E[3],@C[3]
382 str @E[2],[sp,#$A[2][1]] @ A[2][1] = C[1] ^ (~C[2] & C[3]);
383 bic @E[0],@C[8],@C[6]
384 str @E[3],[sp,#$A[2][1]+4]
385 bic @E[1],@C[9],@C[7]
386 eor @E[0],@E[0],@C[4]
387 eor @E[1],@E[1],@C[5]
388 str @E[0],[sp,#$A[2][2]] @ A[2][2] = C[2] ^ (~C[3] & C[4]);
389 bic @E[2],@C[0],@C[8]
390 str @E[1],[sp,#$A[2][2]+4]
391 bic @E[3],@C[1],@C[9]
392 eor @E[2],@E[2],@C[6]
393 eor @E[3],@E[3],@C[7]
394 str @E[2],[sp,#$A[2][3]] @ A[2][3] = C[3] ^ (~C[4] & C[0]);
395 bic @E[0],@C[2],@C[0]
396 str @E[3],[sp,#$A[2][3]+4]
397 bic @E[1],@C[3],@C[1]
398 eor @E[0],@E[0],@C[8]
399 eor @E[1],@E[1],@C[9]
400 str @E[0],[sp,#$A[2][4]] @ A[2][4] = C[4] ^ (~C[0] & C[1]);
401 str @E[1],[sp,#$A[2][4]+4]
403 ldr @C[1],[sp,#$T[0][4]]
404 ldr @C[0],[sp,#$T[0][4]+4]
405 ror @C[1],@C[1],#32-13 @ C[0] = ROL64(T[0][4], rhotates[0][4]);
406 ror @C[0],@C[0],#32-14
407 add @C[2],sp,#$T[1][0]
408 ldmia @C[2],{@C[2]-@C[5]} @ T[1][0..1]
409 ror @C[2],@C[2],#32-18 @ C[1] = ROL64(T[1][0], rhotates[1][0]);
410 ror @C[3],@C[3],#32-18
411 ror @C[4],@C[4],#32-5 @ C[2] = ROL64(T[1][1], rhotates[2][1]); /* originally A[2][1] */
412 ror @C[5],@C[5],#32-5
414 ldmia @E[3],{@E[0]-@E[2],@E[3]} @ D[2..3]
415 ldr @C[6],[sp,#$A[3][2]]
416 ldr @C[7],[sp,#$A[3][2]+4]
417 eor @E[0],@E[0],@C[6]
418 eor @E[1],@E[1],@C[7]
419 ror @C[7],@E[0],#32-7 @ C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
420 ror @C[6],@E[1],#32-8
421 ldr @C[8],[sp,#$A[4][3]]
422 ldr @C[9],[sp,#$A[4][3]+4]
423 eor @C[8],@C[8],@E[2]
424 eor @C[9],@C[9],@E[3]
425 ror @C[8],@C[8],#32-28 @ C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
426 ror @C[9],@C[9],#32-28
428 bic @E[0],@C[4],@C[2]
429 bic @E[1],@C[5],@C[3]
430 eor @E[0],@E[0],@C[0]
431 eor @E[1],@E[1],@C[1]
432 str @E[0],[sp,#$A[3][0]] @ A[3][0] = C[0] ^ (~C[1] & C[2])
433 bic @E[2],@C[6],@C[4]
434 str @E[1],[sp,#$A[3][0]+4]
435 bic @E[3],@C[7],@C[5]
436 eor @E[2],@E[2],@C[2]
437 eor @E[3],@E[3],@C[3]
438 str @E[2],[sp,#$A[3][1]] @ A[3][1] = C[1] ^ (~C[2] & C[3]);
439 bic @E[0],@C[8],@C[6]
440 str @E[3],[sp,#$A[3][1]+4]
441 bic @E[1],@C[9],@C[7]
442 eor @E[0],@E[0],@C[4]
443 eor @E[1],@E[1],@C[5]
444 str @E[0],[sp,#$A[3][2]] @ A[3][2] = C[2] ^ (~C[3] & C[4]);
445 bic @E[2],@C[0],@C[8]
446 str @E[1],[sp,#$A[3][2]+4]
447 bic @E[3],@C[1],@C[9]
448 eor @E[2],@E[2],@C[6]
449 eor @E[3],@E[3],@C[7]
450 str @E[2],[sp,#$A[3][3]] @ A[3][3] = C[3] ^ (~C[4] & C[0]);
451 bic @E[0],@C[2],@C[0]
452 str @E[3],[sp,#$A[3][3]+4]
453 bic @E[1],@C[3],@C[1]
454 eor @E[0],@E[0],@C[8]
455 eor @E[1],@E[1],@C[9]
456 str @E[0],[sp,#$A[3][4]] @ A[3][4] = C[4] ^ (~C[0] & C[1]);
457 str @E[1],[sp,#$A[3][4]+4]
459 ldr @C[0],[sp,#$T[0][2]]
460 ldr @C[1],[sp,#$T[0][2]+4]
461 ror @C[0],@C[0],#32-31 @ C[0] = ROL64(T[0][2], rhotates[0][2]);
462 ror @C[1],@C[1],#32-31
463 add @E[3],sp,#$T[1][3]
464 ldmia @E[3],{@E[0]-@E[2],@E[3]} @ T[1][3..4]
465 ror @C[3],@E[0],#32-27 @ C[1] = ROL64(T[1][3], rhotates[1][3]);
466 ror @C[2],@E[1],#32-28
467 ror @C[5],@E[2],#32-19 @ C[2] = ROL64(T[1][4], rhotates[2][4]); /* originally A[2][4] */
468 ror @C[4],@E[3],#32-20
469 ldr @C[7],[sp,#$T[0][0]]
470 ldr @C[6],[sp,#$T[0][0]+4]
471 ror @C[7],@C[7],#32-20 @ C[3] = ROL64(T[0][0], rhotates[3][0]); /* originally A[3][0] */
472 ror @C[6],@C[6],#32-21
473 ldr @C[8],[sp,#$A[4][1]]
474 ldr @C[9],[sp,#$A[4][1]+4]
475 ldr @E[0],[sp,#$D[1]]
476 ldr @E[1],[sp,#$D[1]+4]
477 eor @C[8],@C[8],@E[0]
478 eor @C[9],@C[9],@E[1]
479 ror @C[8],@C[8],#32-1 @ C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
480 ror @C[9],@C[9],#32-1
482 bic @E[0],@C[4],@C[2]
483 bic @E[1],@C[5],@C[3]
484 eor @E[0],@E[0],@C[0]
485 eor @E[1],@E[1],@C[1]
486 str @E[0],[sp,#$A[4][0]] @ A[4][0] = C[0] ^ (~C[1] & C[2])
487 bic @E[2],@C[6],@C[4]
488 str @E[1],[sp,#$A[4][0]+4]
489 bic @E[3],@C[7],@C[5]
490 eor @E[2],@E[2],@C[2]
491 eor @E[3],@E[3],@C[3]
492 str @E[2],[sp,#$A[4][1]] @ A[4][1] = C[1] ^ (~C[2] & C[3]);
493 bic @E[0],@C[8],@C[6]
494 str @E[3],[sp,#$A[4][1]+4]
495 bic @E[1],@C[9],@C[7]
496 eor @E[0],@E[0],@C[4]
497 eor @E[1],@E[1],@C[5]
498 str @E[0],[sp,#$A[4][2]] @ A[4][2] = C[2] ^ (~C[3] & C[4]);
499 bic @E[2],@C[0],@C[8]
500 str @E[1],[sp,#$A[4][2]+4]
501 bic @E[3],@C[1],@C[9]
502 eor @E[2],@E[2],@C[6]
503 eor @E[3],@E[3],@C[7]
504 str @E[2],[sp,#$A[4][3]] @ A[4][3] = C[3] ^ (~C[4] & C[0]);
505 str @E[3],[sp,#$A[4][3]+4]
506 bic @E[0],@C[2],@C[0]
507 bic @E[1],@C[3],@C[1]
508 eor @E[2],@E[0],@C[8]
509 add @E[0],sp,#$A[1][0]
510 eor @E[3],@E[1],@C[9]
511 ldmia sp,{@C[0]-@C[9]} @ A[0][0..5]
512 str @E[2],[sp,#$A[4][4]] @ A[4][4] = C[4] ^ (~C[0] & C[1]);
513 str @E[3],[sp,#$A[4][4]+4]
517 ldr @E[1],[sp,#320] @ restore pointer to A
518 stmia @E[1]!,{@C[0]-@C[9]} @ copy A[5][5] from stack
519 ldmia @E[0]!,{@C[0]-@C[9]}
520 stmia @E[1]!,{@C[0]-@C[9]}
521 ldmia @E[0]!,{@C[0]-@C[9]}
522 stmia @E[1]!,{@C[0]-@C[9]}
523 ldmia @E[0]!,{@C[0]-@C[9]}
524 stmia @E[1]!,{@C[0]-@C[9]}
525 ldmia @E[0],{@C[0]-@C[9]}
526 stmia @E[1],{@C[0]-@C[9]}
529 ldmia sp!,{r4-r12,pc}
530 .size KeccakF1600,.-KeccakF1600