--- /dev/null
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+//
+// ARM version of md5block.go
+
+#include "../../../cmd/ld/textflag.h"
+
+// SHA1 block routine. See sha1block.go for Go equivalent.
+//
+// There are 80 rounds of 4 types:
+// - rounds 0-15 are type 1 and load data (ROUND1 macro).
+// - rounds 16-19 are type 1 and do not load data (ROUND1x macro).
+// - rounds 20-39 are type 2 and do not load data (ROUND2 macro).
+// - rounds 40-59 are type 3 and do not load data (ROUND3 macro).
+// - rounds 60-79 are type 4 and do not load data (ROUND4 macro).
+//
+// Each round loads or shuffles the data, then computes a per-round
+// function of b, c, d, and then mixes the result into and rotates the
+// five registers a, b, c, d, e holding the intermediate results.
+//
+// The register rotation is implemented by rotating the arguments to
+// the round macros instead of by explicit move instructions.
+
+// Register definitions
+data = 0 // Pointer to incoming data
+const = 1 // Current constant for SHA round
+a = 2 // SHA1 accumulator
+b = 3 // SHA1 accumulator
+c = 4 // SHA1 accumulator
+d = 5 // SHA1 accumulator
+e = 6 // SHA1 accumulator
+t0 = 7 // Temporary
+t1 = 8 // Temporary
+// r9, r10 are forbidden
+// r11 is OK provided you check the assembler that no synthetic instructions use it
+t2 = 11 // Temporary
+ctr = 12 // loop counter
+w = 14 // point to w buffer
+
+// func block(dig *digest, p []byte)
+// 0(FP) is *digest
+// 4(FP) is p.array (struct Slice)
+// 8(FP) is p.len
+//12(FP) is p.cap
+//
+// Stack frame
+p_end = -4 // -4(SP) pointer to the end of data
+p_data = p_end - 4 // -8(SP) current data pointer
+w_buf = p_data - 4*80 // -328(SP) 80 words temporary buffer w uint32[80]
+saved = w_buf - 4*5 // -348(SP) saved sha1 registers a,b,c,d,e - these must be last
+// Total size +4 for saved LR is 352
+
+ // w[i] = p[j]<<24 | p[j+1]<<16 | p[j+2]<<8 | p[j+3]
+ // e += w[i]
+#define LOAD(e) \
+ MOVBU 2(R(data)), R(t0) ; \
+ MOVBU 3(R(data)), R(t1) ; \
+ MOVBU 1(R(data)), R(t2) ; \
+ ORR R(t0)<<8, R(t1), R(t0) ; \
+ MOVBU.P 4(R(data)), R(t1) ; \
+ ORR R(t2)<<16, R(t0), R(t0) ; \
+ ORR R(t1)<<24, R(t0), R(t0) ; \
+ MOVW.P R(t0), 4(R(w)) ; \
+ ADD R(t0), R(e), R(e)
+
+ // tmp := w[(i-3)&0xf] ^ w[(i-8)&0xf] ^ w[(i-14)&0xf] ^ w[(i)&0xf]
+ // w[i&0xf] = tmp<<1 | tmp>>(32-1)
+ // e += w[i&0xf]
+#define SHUFFLE(e) \
+ MOVW (-16*4)(R(w)), R(t0) ; \
+ MOVW (-14*4)(R(w)), R(t1) ; \
+ MOVW (-8*4)(R(w)), R(t2) ; \
+ EOR R(t0), R(t1), R(t0) ; \
+ MOVW (-3*4)(R(w)), R(t1) ; \
+ EOR R(t2), R(t0), R(t0) ; \
+ EOR R(t0), R(t1), R(t0) ; \
+ MOVW R(t0)@>(32-1), R(t0) ; \
+ MOVW.P R(t0), 4(R(w)) ; \
+ ADD R(t0), R(e), R(e)
+
+ // t1 = (b & c) | ((~b) & d)
+#define FUNC1(a, b, c, d, e) \
+ MVN R(b), R(t1) ; \
+ AND R(b), R(c), R(t0) ; \
+ AND R(d), R(t1), R(t1) ; \
+ ORR R(t0), R(t1), R(t1)
+
+ // t1 = b ^ c ^ d
+#define FUNC2(a, b, c, d, e) \
+ EOR R(b), R(c), R(t1) ; \
+ EOR R(d), R(t1), R(t1)
+
+ // t1 = (b & c) | (b & d) | (c & d) =
+ // t1 = (b & c) | ((b | c) & d)
+#define FUNC3(a, b, c, d, e) \
+ ORR R(b), R(c), R(t0) ; \
+ AND R(b), R(c), R(t1) ; \
+ AND R(d), R(t0), R(t0) ; \
+ ORR R(t0), R(t1), R(t1)
+
+#define FUNC4 FUNC2
+
+ // a5 := a<<5 | a>>(32-5)
+ // b = b<<30 | b>>(32-30)
+ // e = a5 + t1 + e + const
+#define MIX(a, b, c, d, e) \
+ ADD R(t1), R(e), R(e) ; \
+ MOVW R(b)@>(32-30), R(b) ; \
+ ADD R(a)@>(32-5), R(e), R(e) ; \
+ ADD R(const), R(e), R(e)
+
+#define ROUND1(a, b, c, d, e) \
+ LOAD(e) ; \
+ FUNC1(a, b, c, d, e) ; \
+ MIX(a, b, c, d, e)
+
+#define ROUND1x(a, b, c, d, e) \
+ SHUFFLE(e) ; \
+ FUNC1(a, b, c, d, e) ; \
+ MIX(a, b, c, d, e)
+
+#define ROUND2(a, b, c, d, e) \
+ SHUFFLE(e) ; \
+ FUNC2(a, b, c, d, e) ; \
+ MIX(a, b, c, d, e)
+
+#define ROUND3(a, b, c, d, e) \
+ SHUFFLE(e) ; \
+ FUNC3(a, b, c, d, e) ; \
+ MIX(a, b, c, d, e)
+
+#define ROUND4(a, b, c, d, e) \
+ SHUFFLE(e) ; \
+ FUNC4(a, b, c, d, e) ; \
+ MIX(a, b, c, d, e)
+
+
+// func block(dig *digest, p []byte)
+TEXT ·block(SB), 0, $352-16
+ MOVW p+4(FP), R(data) // pointer to the data
+ MOVW p_len+8(FP), R(t0) // number of bytes
+ ADD R(data), R(t0)
+ MOVW R(t0), p_end(SP) // pointer to end of data
+
+ // Load up initial SHA1 accumulator
+ MOVW dig+0(FP), R(t0)
+ MOVM.IA (R(t0)), [R(a),R(b),R(c),R(d),R(e)]
+
+loop:
+ // Save registers at SP+4 onwards
+ MOVM.IB [R(a),R(b),R(c),R(d),R(e)], (R13)
+
+ MOVW $w_buf(SP), R(w)
+ MOVW $0x5A827999, R(const)
+ MOVW $3, R(ctr)
+loop1: ROUND1(a, b, c, d, e)
+ ROUND1(e, a, b, c, d)
+ ROUND1(d, e, a, b, c)
+ ROUND1(c, d, e, a, b)
+ ROUND1(b, c, d, e, a)
+ SUB.S $1, R(ctr)
+ BNE loop1
+
+ ROUND1(a, b, c, d, e)
+ ROUND1x(e, a, b, c, d)
+ ROUND1x(d, e, a, b, c)
+ ROUND1x(c, d, e, a, b)
+ ROUND1x(b, c, d, e, a)
+
+ MOVW $0x6ED9EBA1, R(const)
+ MOVW $4, R(ctr)
+loop2: ROUND2(a, b, c, d, e)
+ ROUND2(e, a, b, c, d)
+ ROUND2(d, e, a, b, c)
+ ROUND2(c, d, e, a, b)
+ ROUND2(b, c, d, e, a)
+ SUB.S $1, R(ctr)
+ BNE loop2
+
+ MOVW $0x8F1BBCDC, R(const)
+ MOVW $4, R(ctr)
+loop3: ROUND3(a, b, c, d, e)
+ ROUND3(e, a, b, c, d)
+ ROUND3(d, e, a, b, c)
+ ROUND3(c, d, e, a, b)
+ ROUND3(b, c, d, e, a)
+ SUB.S $1, R(ctr)
+ BNE loop3
+
+ MOVW $0xCA62C1D6, R(const)
+ MOVW $4, R(ctr)
+loop4: ROUND4(a, b, c, d, e)
+ ROUND4(e, a, b, c, d)
+ ROUND4(d, e, a, b, c)
+ ROUND4(c, d, e, a, b)
+ ROUND4(b, c, d, e, a)
+ SUB.S $1, R(ctr)
+ BNE loop4
+
+ // Accumulate - restoring registers from SP+4
+ MOVM.IB (R13), [R(t0),R(t1),R(t2),R(ctr),R(w)]
+ ADD R(t0), R(a)
+ ADD R(t1), R(b)
+ ADD R(t2), R(c)
+ ADD R(ctr), R(d)
+ ADD R(w), R(e)
+
+ MOVW p_end(SP), R(t0)
+ CMP R(t0), R(data)
+ BLO loop
+
+ // Save final SHA1 accumulator
+ MOVW dig+0(FP), R(t0)
+ MOVM.IA [R(a),R(b),R(c),R(d),R(e)], (R(t0))
+
+ RET