• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# salsa20_pm.s version 20051229
2# D. J. Bernstein
3# Public domain.
4
5#include <linux/linkage.h>
6
7.text
8
9# enter salsa20_encrypt_bytes
10ENTRY(salsa20_encrypt_bytes)
11	mov	%esp,%eax
12	and	$31,%eax
13	add	$256,%eax
14	sub	%eax,%esp
15	# eax_stack = eax
16	movl	%eax,80(%esp)
17	# ebx_stack = ebx
18	movl	%ebx,84(%esp)
19	# esi_stack = esi
20	movl	%esi,88(%esp)
21	# edi_stack = edi
22	movl	%edi,92(%esp)
23	# ebp_stack = ebp
24	movl	%ebp,96(%esp)
25	# x = arg1
26	movl	4(%esp,%eax),%edx
27	# m = arg2
28	movl	8(%esp,%eax),%esi
29	# out = arg3
30	movl	12(%esp,%eax),%edi
31	# bytes = arg4
32	movl	16(%esp,%eax),%ebx
33	# bytes -= 0
34	sub	$0,%ebx
35	# goto done if unsigned<=
36	jbe	._done
37._start:
38	# in0 = *(uint32 *) (x + 0)
39	movl	0(%edx),%eax
40	# in1 = *(uint32 *) (x + 4)
41	movl	4(%edx),%ecx
42	# in2 = *(uint32 *) (x + 8)
43	movl	8(%edx),%ebp
44	# j0 = in0
45	movl	%eax,164(%esp)
46	# in3 = *(uint32 *) (x + 12)
47	movl	12(%edx),%eax
48	# j1 = in1
49	movl	%ecx,168(%esp)
50	# in4 = *(uint32 *) (x + 16)
51	movl	16(%edx),%ecx
52	# j2 = in2
53	movl	%ebp,172(%esp)
54	# in5 = *(uint32 *) (x + 20)
55	movl	20(%edx),%ebp
56	# j3 = in3
57	movl	%eax,176(%esp)
58	# in6 = *(uint32 *) (x + 24)
59	movl	24(%edx),%eax
60	# j4 = in4
61	movl	%ecx,180(%esp)
62	# in7 = *(uint32 *) (x + 28)
63	movl	28(%edx),%ecx
64	# j5 = in5
65	movl	%ebp,184(%esp)
66	# in8 = *(uint32 *) (x + 32)
67	movl	32(%edx),%ebp
68	# j6 = in6
69	movl	%eax,188(%esp)
70	# in9 = *(uint32 *) (x + 36)
71	movl	36(%edx),%eax
72	# j7 = in7
73	movl	%ecx,192(%esp)
74	# in10 = *(uint32 *) (x + 40)
75	movl	40(%edx),%ecx
76	# j8 = in8
77	movl	%ebp,196(%esp)
78	# in11 = *(uint32 *) (x + 44)
79	movl	44(%edx),%ebp
80	# j9 = in9
81	movl	%eax,200(%esp)
82	# in12 = *(uint32 *) (x + 48)
83	movl	48(%edx),%eax
84	# j10 = in10
85	movl	%ecx,204(%esp)
86	# in13 = *(uint32 *) (x + 52)
87	movl	52(%edx),%ecx
88	# j11 = in11
89	movl	%ebp,208(%esp)
90	# in14 = *(uint32 *) (x + 56)
91	movl	56(%edx),%ebp
92	# j12 = in12
93	movl	%eax,212(%esp)
94	# in15 = *(uint32 *) (x + 60)
95	movl	60(%edx),%eax
96	# j13 = in13
97	movl	%ecx,216(%esp)
98	# j14 = in14
99	movl	%ebp,220(%esp)
100	# j15 = in15
101	movl	%eax,224(%esp)
102	# x_backup = x
103	movl	%edx,64(%esp)
104._bytesatleast1:
105	#   bytes - 64
106	cmp	$64,%ebx
107	#   goto nocopy if unsigned>=
108	jae	._nocopy
109	#     ctarget = out
110	movl	%edi,228(%esp)
111	#     out = &tmp
112	leal	0(%esp),%edi
113	#     i = bytes
114	mov	%ebx,%ecx
115	#     while (i) { *out++ = *m++; --i }
116	rep	movsb
117	#     out = &tmp
118	leal	0(%esp),%edi
119	#     m = &tmp
120	leal	0(%esp),%esi
121._nocopy:
122	#   out_backup = out
123	movl	%edi,72(%esp)
124	#   m_backup = m
125	movl	%esi,68(%esp)
126	#   bytes_backup = bytes
127	movl	%ebx,76(%esp)
128	#   in0 = j0
129	movl	164(%esp),%eax
130	#   in1 = j1
131	movl	168(%esp),%ecx
132	#   in2 = j2
133	movl	172(%esp),%edx
134	#   in3 = j3
135	movl	176(%esp),%ebx
136	#   x0 = in0
137	movl	%eax,100(%esp)
138	#   x1 = in1
139	movl	%ecx,104(%esp)
140	#   x2 = in2
141	movl	%edx,108(%esp)
142	#   x3 = in3
143	movl	%ebx,112(%esp)
144	#   in4 = j4
145	movl	180(%esp),%eax
146	#   in5 = j5
147	movl	184(%esp),%ecx
148	#   in6 = j6
149	movl	188(%esp),%edx
150	#   in7 = j7
151	movl	192(%esp),%ebx
152	#   x4 = in4
153	movl	%eax,116(%esp)
154	#   x5 = in5
155	movl	%ecx,120(%esp)
156	#   x6 = in6
157	movl	%edx,124(%esp)
158	#   x7 = in7
159	movl	%ebx,128(%esp)
160	#   in8 = j8
161	movl	196(%esp),%eax
162	#   in9 = j9
163	movl	200(%esp),%ecx
164	#   in10 = j10
165	movl	204(%esp),%edx
166	#   in11 = j11
167	movl	208(%esp),%ebx
168	#   x8 = in8
169	movl	%eax,132(%esp)
170	#   x9 = in9
171	movl	%ecx,136(%esp)
172	#   x10 = in10
173	movl	%edx,140(%esp)
174	#   x11 = in11
175	movl	%ebx,144(%esp)
176	#   in12 = j12
177	movl	212(%esp),%eax
178	#   in13 = j13
179	movl	216(%esp),%ecx
180	#   in14 = j14
181	movl	220(%esp),%edx
182	#   in15 = j15
183	movl	224(%esp),%ebx
184	#   x12 = in12
185	movl	%eax,148(%esp)
186	#   x13 = in13
187	movl	%ecx,152(%esp)
188	#   x14 = in14
189	movl	%edx,156(%esp)
190	#   x15 = in15
191	movl	%ebx,160(%esp)
192	#   i = 20
193	mov	$20,%ebp
194	# p = x0
195	movl	100(%esp),%eax
196	# s = x5
197	movl	120(%esp),%ecx
198	# t = x10
199	movl	140(%esp),%edx
200	# w = x15
201	movl	160(%esp),%ebx
202._mainloop:
203	# x0 = p
204	movl	%eax,100(%esp)
205	# 				x10 = t
206	movl	%edx,140(%esp)
207	# p += x12
208	addl	148(%esp),%eax
209	# 		x5 = s
210	movl	%ecx,120(%esp)
211	# 				t += x6
212	addl	124(%esp),%edx
213	# 						x15 = w
214	movl	%ebx,160(%esp)
215	# 		r = x1
216	movl	104(%esp),%esi
217	# 		r += s
218	add	%ecx,%esi
219	# 						v = x11
220	movl	144(%esp),%edi
221	# 						v += w
222	add	%ebx,%edi
223	# p <<<= 7
224	rol	$7,%eax
225	# p ^= x4
226	xorl	116(%esp),%eax
227	# 				t <<<= 7
228	rol	$7,%edx
229	# 				t ^= x14
230	xorl	156(%esp),%edx
231	# 		r <<<= 7
232	rol	$7,%esi
233	# 		r ^= x9
234	xorl	136(%esp),%esi
235	# 						v <<<= 7
236	rol	$7,%edi
237	# 						v ^= x3
238	xorl	112(%esp),%edi
239	# x4 = p
240	movl	%eax,116(%esp)
241	# 				x14 = t
242	movl	%edx,156(%esp)
243	# p += x0
244	addl	100(%esp),%eax
245	# 		x9 = r
246	movl	%esi,136(%esp)
247	# 				t += x10
248	addl	140(%esp),%edx
249	# 						x3 = v
250	movl	%edi,112(%esp)
251	# p <<<= 9
252	rol	$9,%eax
253	# p ^= x8
254	xorl	132(%esp),%eax
255	# 				t <<<= 9
256	rol	$9,%edx
257	# 				t ^= x2
258	xorl	108(%esp),%edx
259	# 		s += r
260	add	%esi,%ecx
261	# 		s <<<= 9
262	rol	$9,%ecx
263	# 		s ^= x13
264	xorl	152(%esp),%ecx
265	# 						w += v
266	add	%edi,%ebx
267	# 						w <<<= 9
268	rol	$9,%ebx
269	# 						w ^= x7
270	xorl	128(%esp),%ebx
271	# x8 = p
272	movl	%eax,132(%esp)
273	# 				x2 = t
274	movl	%edx,108(%esp)
275	# p += x4
276	addl	116(%esp),%eax
277	# 		x13 = s
278	movl	%ecx,152(%esp)
279	# 				t += x14
280	addl	156(%esp),%edx
281	# 						x7 = w
282	movl	%ebx,128(%esp)
283	# p <<<= 13
284	rol	$13,%eax
285	# p ^= x12
286	xorl	148(%esp),%eax
287	# 				t <<<= 13
288	rol	$13,%edx
289	# 				t ^= x6
290	xorl	124(%esp),%edx
291	# 		r += s
292	add	%ecx,%esi
293	# 		r <<<= 13
294	rol	$13,%esi
295	# 		r ^= x1
296	xorl	104(%esp),%esi
297	# 						v += w
298	add	%ebx,%edi
299	# 						v <<<= 13
300	rol	$13,%edi
301	# 						v ^= x11
302	xorl	144(%esp),%edi
303	# x12 = p
304	movl	%eax,148(%esp)
305	# 				x6 = t
306	movl	%edx,124(%esp)
307	# p += x8
308	addl	132(%esp),%eax
309	# 		x1 = r
310	movl	%esi,104(%esp)
311	# 				t += x2
312	addl	108(%esp),%edx
313	# 						x11 = v
314	movl	%edi,144(%esp)
315	# p <<<= 18
316	rol	$18,%eax
317	# p ^= x0
318	xorl	100(%esp),%eax
319	# 				t <<<= 18
320	rol	$18,%edx
321	# 				t ^= x10
322	xorl	140(%esp),%edx
323	# 		s += r
324	add	%esi,%ecx
325	# 		s <<<= 18
326	rol	$18,%ecx
327	# 		s ^= x5
328	xorl	120(%esp),%ecx
329	# 						w += v
330	add	%edi,%ebx
331	# 						w <<<= 18
332	rol	$18,%ebx
333	# 						w ^= x15
334	xorl	160(%esp),%ebx
335	# x0 = p
336	movl	%eax,100(%esp)
337	# 				x10 = t
338	movl	%edx,140(%esp)
339	# p += x3
340	addl	112(%esp),%eax
341	# p <<<= 7
342	rol	$7,%eax
343	# 		x5 = s
344	movl	%ecx,120(%esp)
345	# 				t += x9
346	addl	136(%esp),%edx
347	# 						x15 = w
348	movl	%ebx,160(%esp)
349	# 		r = x4
350	movl	116(%esp),%esi
351	# 		r += s
352	add	%ecx,%esi
353	# 						v = x14
354	movl	156(%esp),%edi
355	# 						v += w
356	add	%ebx,%edi
357	# p ^= x1
358	xorl	104(%esp),%eax
359	# 				t <<<= 7
360	rol	$7,%edx
361	# 				t ^= x11
362	xorl	144(%esp),%edx
363	# 		r <<<= 7
364	rol	$7,%esi
365	# 		r ^= x6
366	xorl	124(%esp),%esi
367	# 						v <<<= 7
368	rol	$7,%edi
369	# 						v ^= x12
370	xorl	148(%esp),%edi
371	# x1 = p
372	movl	%eax,104(%esp)
373	# 				x11 = t
374	movl	%edx,144(%esp)
375	# p += x0
376	addl	100(%esp),%eax
377	# 		x6 = r
378	movl	%esi,124(%esp)
379	# 				t += x10
380	addl	140(%esp),%edx
381	# 						x12 = v
382	movl	%edi,148(%esp)
383	# p <<<= 9
384	rol	$9,%eax
385	# p ^= x2
386	xorl	108(%esp),%eax
387	# 				t <<<= 9
388	rol	$9,%edx
389	# 				t ^= x8
390	xorl	132(%esp),%edx
391	# 		s += r
392	add	%esi,%ecx
393	# 		s <<<= 9
394	rol	$9,%ecx
395	# 		s ^= x7
396	xorl	128(%esp),%ecx
397	# 						w += v
398	add	%edi,%ebx
399	# 						w <<<= 9
400	rol	$9,%ebx
401	# 						w ^= x13
402	xorl	152(%esp),%ebx
403	# x2 = p
404	movl	%eax,108(%esp)
405	# 				x8 = t
406	movl	%edx,132(%esp)
407	# p += x1
408	addl	104(%esp),%eax
409	# 		x7 = s
410	movl	%ecx,128(%esp)
411	# 				t += x11
412	addl	144(%esp),%edx
413	# 						x13 = w
414	movl	%ebx,152(%esp)
415	# p <<<= 13
416	rol	$13,%eax
417	# p ^= x3
418	xorl	112(%esp),%eax
419	# 				t <<<= 13
420	rol	$13,%edx
421	# 				t ^= x9
422	xorl	136(%esp),%edx
423	# 		r += s
424	add	%ecx,%esi
425	# 		r <<<= 13
426	rol	$13,%esi
427	# 		r ^= x4
428	xorl	116(%esp),%esi
429	# 						v += w
430	add	%ebx,%edi
431	# 						v <<<= 13
432	rol	$13,%edi
433	# 						v ^= x14
434	xorl	156(%esp),%edi
435	# x3 = p
436	movl	%eax,112(%esp)
437	# 				x9 = t
438	movl	%edx,136(%esp)
439	# p += x2
440	addl	108(%esp),%eax
441	# 		x4 = r
442	movl	%esi,116(%esp)
443	# 				t += x8
444	addl	132(%esp),%edx
445	# 						x14 = v
446	movl	%edi,156(%esp)
447	# p <<<= 18
448	rol	$18,%eax
449	# p ^= x0
450	xorl	100(%esp),%eax
451	# 				t <<<= 18
452	rol	$18,%edx
453	# 				t ^= x10
454	xorl	140(%esp),%edx
455	# 		s += r
456	add	%esi,%ecx
457	# 		s <<<= 18
458	rol	$18,%ecx
459	# 		s ^= x5
460	xorl	120(%esp),%ecx
461	# 						w += v
462	add	%edi,%ebx
463	# 						w <<<= 18
464	rol	$18,%ebx
465	# 						w ^= x15
466	xorl	160(%esp),%ebx
467	# x0 = p
468	movl	%eax,100(%esp)
469	# 				x10 = t
470	movl	%edx,140(%esp)
471	# p += x12
472	addl	148(%esp),%eax
473	# 		x5 = s
474	movl	%ecx,120(%esp)
475	# 				t += x6
476	addl	124(%esp),%edx
477	# 						x15 = w
478	movl	%ebx,160(%esp)
479	# 		r = x1
480	movl	104(%esp),%esi
481	# 		r += s
482	add	%ecx,%esi
483	# 						v = x11
484	movl	144(%esp),%edi
485	# 						v += w
486	add	%ebx,%edi
487	# p <<<= 7
488	rol	$7,%eax
489	# p ^= x4
490	xorl	116(%esp),%eax
491	# 				t <<<= 7
492	rol	$7,%edx
493	# 				t ^= x14
494	xorl	156(%esp),%edx
495	# 		r <<<= 7
496	rol	$7,%esi
497	# 		r ^= x9
498	xorl	136(%esp),%esi
499	# 						v <<<= 7
500	rol	$7,%edi
501	# 						v ^= x3
502	xorl	112(%esp),%edi
503	# x4 = p
504	movl	%eax,116(%esp)
505	# 				x14 = t
506	movl	%edx,156(%esp)
507	# p += x0
508	addl	100(%esp),%eax
509	# 		x9 = r
510	movl	%esi,136(%esp)
511	# 				t += x10
512	addl	140(%esp),%edx
513	# 						x3 = v
514	movl	%edi,112(%esp)
515	# p <<<= 9
516	rol	$9,%eax
517	# p ^= x8
518	xorl	132(%esp),%eax
519	# 				t <<<= 9
520	rol	$9,%edx
521	# 				t ^= x2
522	xorl	108(%esp),%edx
523	# 		s += r
524	add	%esi,%ecx
525	# 		s <<<= 9
526	rol	$9,%ecx
527	# 		s ^= x13
528	xorl	152(%esp),%ecx
529	# 						w += v
530	add	%edi,%ebx
531	# 						w <<<= 9
532	rol	$9,%ebx
533	# 						w ^= x7
534	xorl	128(%esp),%ebx
535	# x8 = p
536	movl	%eax,132(%esp)
537	# 				x2 = t
538	movl	%edx,108(%esp)
539	# p += x4
540	addl	116(%esp),%eax
541	# 		x13 = s
542	movl	%ecx,152(%esp)
543	# 				t += x14
544	addl	156(%esp),%edx
545	# 						x7 = w
546	movl	%ebx,128(%esp)
547	# p <<<= 13
548	rol	$13,%eax
549	# p ^= x12
550	xorl	148(%esp),%eax
551	# 				t <<<= 13
552	rol	$13,%edx
553	# 				t ^= x6
554	xorl	124(%esp),%edx
555	# 		r += s
556	add	%ecx,%esi
557	# 		r <<<= 13
558	rol	$13,%esi
559	# 		r ^= x1
560	xorl	104(%esp),%esi
561	# 						v += w
562	add	%ebx,%edi
563	# 						v <<<= 13
564	rol	$13,%edi
565	# 						v ^= x11
566	xorl	144(%esp),%edi
567	# x12 = p
568	movl	%eax,148(%esp)
569	# 				x6 = t
570	movl	%edx,124(%esp)
571	# p += x8
572	addl	132(%esp),%eax
573	# 		x1 = r
574	movl	%esi,104(%esp)
575	# 				t += x2
576	addl	108(%esp),%edx
577	# 						x11 = v
578	movl	%edi,144(%esp)
579	# p <<<= 18
580	rol	$18,%eax
581	# p ^= x0
582	xorl	100(%esp),%eax
583	# 				t <<<= 18
584	rol	$18,%edx
585	# 				t ^= x10
586	xorl	140(%esp),%edx
587	# 		s += r
588	add	%esi,%ecx
589	# 		s <<<= 18
590	rol	$18,%ecx
591	# 		s ^= x5
592	xorl	120(%esp),%ecx
593	# 						w += v
594	add	%edi,%ebx
595	# 						w <<<= 18
596	rol	$18,%ebx
597	# 						w ^= x15
598	xorl	160(%esp),%ebx
599	# x0 = p
600	movl	%eax,100(%esp)
601	# 				x10 = t
602	movl	%edx,140(%esp)
603	# p += x3
604	addl	112(%esp),%eax
605	# p <<<= 7
606	rol	$7,%eax
607	# 		x5 = s
608	movl	%ecx,120(%esp)
609	# 				t += x9
610	addl	136(%esp),%edx
611	# 						x15 = w
612	movl	%ebx,160(%esp)
613	# 		r = x4
614	movl	116(%esp),%esi
615	# 		r += s
616	add	%ecx,%esi
617	# 						v = x14
618	movl	156(%esp),%edi
619	# 						v += w
620	add	%ebx,%edi
621	# p ^= x1
622	xorl	104(%esp),%eax
623	# 				t <<<= 7
624	rol	$7,%edx
625	# 				t ^= x11
626	xorl	144(%esp),%edx
627	# 		r <<<= 7
628	rol	$7,%esi
629	# 		r ^= x6
630	xorl	124(%esp),%esi
631	# 						v <<<= 7
632	rol	$7,%edi
633	# 						v ^= x12
634	xorl	148(%esp),%edi
635	# x1 = p
636	movl	%eax,104(%esp)
637	# 				x11 = t
638	movl	%edx,144(%esp)
639	# p += x0
640	addl	100(%esp),%eax
641	# 		x6 = r
642	movl	%esi,124(%esp)
643	# 				t += x10
644	addl	140(%esp),%edx
645	# 						x12 = v
646	movl	%edi,148(%esp)
647	# p <<<= 9
648	rol	$9,%eax
649	# p ^= x2
650	xorl	108(%esp),%eax
651	# 				t <<<= 9
652	rol	$9,%edx
653	# 				t ^= x8
654	xorl	132(%esp),%edx
655	# 		s += r
656	add	%esi,%ecx
657	# 		s <<<= 9
658	rol	$9,%ecx
659	# 		s ^= x7
660	xorl	128(%esp),%ecx
661	# 						w += v
662	add	%edi,%ebx
663	# 						w <<<= 9
664	rol	$9,%ebx
665	# 						w ^= x13
666	xorl	152(%esp),%ebx
667	# x2 = p
668	movl	%eax,108(%esp)
669	# 				x8 = t
670	movl	%edx,132(%esp)
671	# p += x1
672	addl	104(%esp),%eax
673	# 		x7 = s
674	movl	%ecx,128(%esp)
675	# 				t += x11
676	addl	144(%esp),%edx
677	# 						x13 = w
678	movl	%ebx,152(%esp)
679	# p <<<= 13
680	rol	$13,%eax
681	# p ^= x3
682	xorl	112(%esp),%eax
683	# 				t <<<= 13
684	rol	$13,%edx
685	# 				t ^= x9
686	xorl	136(%esp),%edx
687	# 		r += s
688	add	%ecx,%esi
689	# 		r <<<= 13
690	rol	$13,%esi
691	# 		r ^= x4
692	xorl	116(%esp),%esi
693	# 						v += w
694	add	%ebx,%edi
695	# 						v <<<= 13
696	rol	$13,%edi
697	# 						v ^= x14
698	xorl	156(%esp),%edi
699	# x3 = p
700	movl	%eax,112(%esp)
701	# 				x9 = t
702	movl	%edx,136(%esp)
703	# p += x2
704	addl	108(%esp),%eax
705	# 		x4 = r
706	movl	%esi,116(%esp)
707	# 				t += x8
708	addl	132(%esp),%edx
709	# 						x14 = v
710	movl	%edi,156(%esp)
711	# p <<<= 18
712	rol	$18,%eax
713	# p ^= x0
714	xorl	100(%esp),%eax
715	# 				t <<<= 18
716	rol	$18,%edx
717	# 				t ^= x10
718	xorl	140(%esp),%edx
719	# 		s += r
720	add	%esi,%ecx
721	# 		s <<<= 18
722	rol	$18,%ecx
723	# 		s ^= x5
724	xorl	120(%esp),%ecx
725	# 						w += v
726	add	%edi,%ebx
727	# 						w <<<= 18
728	rol	$18,%ebx
729	# 						w ^= x15
730	xorl	160(%esp),%ebx
731	# i -= 4
732	sub	$4,%ebp
733	# goto mainloop if unsigned >
734	ja	._mainloop
735	# x0 = p
736	movl	%eax,100(%esp)
737	# x5 = s
738	movl	%ecx,120(%esp)
739	# x10 = t
740	movl	%edx,140(%esp)
741	# x15 = w
742	movl	%ebx,160(%esp)
743	#   out = out_backup
744	movl	72(%esp),%edi
745	#   m = m_backup
746	movl	68(%esp),%esi
747	#   in0 = x0
748	movl	100(%esp),%eax
749	#   in1 = x1
750	movl	104(%esp),%ecx
751	#   in0 += j0
752	addl	164(%esp),%eax
753	#   in1 += j1
754	addl	168(%esp),%ecx
755	#   in0 ^= *(uint32 *) (m + 0)
756	xorl	0(%esi),%eax
757	#   in1 ^= *(uint32 *) (m + 4)
758	xorl	4(%esi),%ecx
759	#   *(uint32 *) (out + 0) = in0
760	movl	%eax,0(%edi)
761	#   *(uint32 *) (out + 4) = in1
762	movl	%ecx,4(%edi)
763	#   in2 = x2
764	movl	108(%esp),%eax
765	#   in3 = x3
766	movl	112(%esp),%ecx
767	#   in2 += j2
768	addl	172(%esp),%eax
769	#   in3 += j3
770	addl	176(%esp),%ecx
771	#   in2 ^= *(uint32 *) (m + 8)
772	xorl	8(%esi),%eax
773	#   in3 ^= *(uint32 *) (m + 12)
774	xorl	12(%esi),%ecx
775	#   *(uint32 *) (out + 8) = in2
776	movl	%eax,8(%edi)
777	#   *(uint32 *) (out + 12) = in3
778	movl	%ecx,12(%edi)
779	#   in4 = x4
780	movl	116(%esp),%eax
781	#   in5 = x5
782	movl	120(%esp),%ecx
783	#   in4 += j4
784	addl	180(%esp),%eax
785	#   in5 += j5
786	addl	184(%esp),%ecx
787	#   in4 ^= *(uint32 *) (m + 16)
788	xorl	16(%esi),%eax
789	#   in5 ^= *(uint32 *) (m + 20)
790	xorl	20(%esi),%ecx
791	#   *(uint32 *) (out + 16) = in4
792	movl	%eax,16(%edi)
793	#   *(uint32 *) (out + 20) = in5
794	movl	%ecx,20(%edi)
795	#   in6 = x6
796	movl	124(%esp),%eax
797	#   in7 = x7
798	movl	128(%esp),%ecx
799	#   in6 += j6
800	addl	188(%esp),%eax
801	#   in7 += j7
802	addl	192(%esp),%ecx
803	#   in6 ^= *(uint32 *) (m + 24)
804	xorl	24(%esi),%eax
805	#   in7 ^= *(uint32 *) (m + 28)
806	xorl	28(%esi),%ecx
807	#   *(uint32 *) (out + 24) = in6
808	movl	%eax,24(%edi)
809	#   *(uint32 *) (out + 28) = in7
810	movl	%ecx,28(%edi)
811	#   in8 = x8
812	movl	132(%esp),%eax
813	#   in9 = x9
814	movl	136(%esp),%ecx
815	#   in8 += j8
816	addl	196(%esp),%eax
817	#   in9 += j9
818	addl	200(%esp),%ecx
819	#   in8 ^= *(uint32 *) (m + 32)
820	xorl	32(%esi),%eax
821	#   in9 ^= *(uint32 *) (m + 36)
822	xorl	36(%esi),%ecx
823	#   *(uint32 *) (out + 32) = in8
824	movl	%eax,32(%edi)
825	#   *(uint32 *) (out + 36) = in9
826	movl	%ecx,36(%edi)
827	#   in10 = x10
828	movl	140(%esp),%eax
829	#   in11 = x11
830	movl	144(%esp),%ecx
831	#   in10 += j10
832	addl	204(%esp),%eax
833	#   in11 += j11
834	addl	208(%esp),%ecx
835	#   in10 ^= *(uint32 *) (m + 40)
836	xorl	40(%esi),%eax
837	#   in11 ^= *(uint32 *) (m + 44)
838	xorl	44(%esi),%ecx
839	#   *(uint32 *) (out + 40) = in10
840	movl	%eax,40(%edi)
841	#   *(uint32 *) (out + 44) = in11
842	movl	%ecx,44(%edi)
843	#   in12 = x12
844	movl	148(%esp),%eax
845	#   in13 = x13
846	movl	152(%esp),%ecx
847	#   in12 += j12
848	addl	212(%esp),%eax
849	#   in13 += j13
850	addl	216(%esp),%ecx
851	#   in12 ^= *(uint32 *) (m + 48)
852	xorl	48(%esi),%eax
853	#   in13 ^= *(uint32 *) (m + 52)
854	xorl	52(%esi),%ecx
855	#   *(uint32 *) (out + 48) = in12
856	movl	%eax,48(%edi)
857	#   *(uint32 *) (out + 52) = in13
858	movl	%ecx,52(%edi)
859	#   in14 = x14
860	movl	156(%esp),%eax
861	#   in15 = x15
862	movl	160(%esp),%ecx
863	#   in14 += j14
864	addl	220(%esp),%eax
865	#   in15 += j15
866	addl	224(%esp),%ecx
867	#   in14 ^= *(uint32 *) (m + 56)
868	xorl	56(%esi),%eax
869	#   in15 ^= *(uint32 *) (m + 60)
870	xorl	60(%esi),%ecx
871	#   *(uint32 *) (out + 56) = in14
872	movl	%eax,56(%edi)
873	#   *(uint32 *) (out + 60) = in15
874	movl	%ecx,60(%edi)
875	#   bytes = bytes_backup
876	movl	76(%esp),%ebx
877	#   in8 = j8
878	movl	196(%esp),%eax
879	#   in9 = j9
880	movl	200(%esp),%ecx
881	#   in8 += 1
882	add	$1,%eax
883	#   in9 += 0 + carry
884	adc	$0,%ecx
885	#   j8 = in8
886	movl	%eax,196(%esp)
887	#   j9 = in9
888	movl	%ecx,200(%esp)
889	#   bytes - 64
890	cmp	$64,%ebx
891	#   goto bytesatleast65 if unsigned>
892	ja	._bytesatleast65
893	#     goto bytesatleast64 if unsigned>=
894	jae	._bytesatleast64
895	#       m = out
896	mov	%edi,%esi
897	#       out = ctarget
898	movl	228(%esp),%edi
899	#       i = bytes
900	mov	%ebx,%ecx
901	#       while (i) { *out++ = *m++; --i }
902	rep	movsb
903._bytesatleast64:
904	#     x = x_backup
905	movl	64(%esp),%eax
906	#     in8 = j8
907	movl	196(%esp),%ecx
908	#     in9 = j9
909	movl	200(%esp),%edx
910	#     *(uint32 *) (x + 32) = in8
911	movl	%ecx,32(%eax)
912	#     *(uint32 *) (x + 36) = in9
913	movl	%edx,36(%eax)
914._done:
915	#     eax = eax_stack
916	movl	80(%esp),%eax
917	#     ebx = ebx_stack
918	movl	84(%esp),%ebx
919	#     esi = esi_stack
920	movl	88(%esp),%esi
921	#     edi = edi_stack
922	movl	92(%esp),%edi
923	#     ebp = ebp_stack
924	movl	96(%esp),%ebp
925	#     leave
926	add	%eax,%esp
927	ret
928._bytesatleast65:
929	#   bytes -= 64
930	sub	$64,%ebx
931	#   out += 64
932	add	$64,%edi
933	#   m += 64
934	add	$64,%esi
935	# goto bytesatleast1
936	jmp	._bytesatleast1
937ENDPROC(salsa20_encrypt_bytes)
938
939# enter salsa20_keysetup
940ENTRY(salsa20_keysetup)
941	mov	%esp,%eax
942	and	$31,%eax
943	add	$256,%eax
944	sub	%eax,%esp
945	#   eax_stack = eax
946	movl	%eax,64(%esp)
947	#   ebx_stack = ebx
948	movl	%ebx,68(%esp)
949	#   esi_stack = esi
950	movl	%esi,72(%esp)
951	#   edi_stack = edi
952	movl	%edi,76(%esp)
953	#   ebp_stack = ebp
954	movl	%ebp,80(%esp)
955	#   k = arg2
956	movl	8(%esp,%eax),%ecx
957	#   kbits = arg3
958	movl	12(%esp,%eax),%edx
959	#   x = arg1
960	movl	4(%esp,%eax),%eax
961	#   in1 = *(uint32 *) (k + 0)
962	movl	0(%ecx),%ebx
963	#   in2 = *(uint32 *) (k + 4)
964	movl	4(%ecx),%esi
965	#   in3 = *(uint32 *) (k + 8)
966	movl	8(%ecx),%edi
967	#   in4 = *(uint32 *) (k + 12)
968	movl	12(%ecx),%ebp
969	#   *(uint32 *) (x + 4) = in1
970	movl	%ebx,4(%eax)
971	#   *(uint32 *) (x + 8) = in2
972	movl	%esi,8(%eax)
973	#   *(uint32 *) (x + 12) = in3
974	movl	%edi,12(%eax)
975	#   *(uint32 *) (x + 16) = in4
976	movl	%ebp,16(%eax)
977	#   kbits - 256
978	cmp	$256,%edx
979	#   goto kbits128 if unsigned<
980	jb	._kbits128
981._kbits256:
982	#     in11 = *(uint32 *) (k + 16)
983	movl	16(%ecx),%edx
984	#     in12 = *(uint32 *) (k + 20)
985	movl	20(%ecx),%ebx
986	#     in13 = *(uint32 *) (k + 24)
987	movl	24(%ecx),%esi
988	#     in14 = *(uint32 *) (k + 28)
989	movl	28(%ecx),%ecx
990	#     *(uint32 *) (x + 44) = in11
991	movl	%edx,44(%eax)
992	#     *(uint32 *) (x + 48) = in12
993	movl	%ebx,48(%eax)
994	#     *(uint32 *) (x + 52) = in13
995	movl	%esi,52(%eax)
996	#     *(uint32 *) (x + 56) = in14
997	movl	%ecx,56(%eax)
998	#     in0 = 1634760805
999	mov	$1634760805,%ecx
1000	#     in5 = 857760878
1001	mov	$857760878,%edx
1002	#     in10 = 2036477234
1003	mov	$2036477234,%ebx
1004	#     in15 = 1797285236
1005	mov	$1797285236,%esi
1006	#     *(uint32 *) (x + 0) = in0
1007	movl	%ecx,0(%eax)
1008	#     *(uint32 *) (x + 20) = in5
1009	movl	%edx,20(%eax)
1010	#     *(uint32 *) (x + 40) = in10
1011	movl	%ebx,40(%eax)
1012	#     *(uint32 *) (x + 60) = in15
1013	movl	%esi,60(%eax)
1014	#   goto keysetupdone
1015	jmp	._keysetupdone
1016._kbits128:
1017	#     in11 = *(uint32 *) (k + 0)
1018	movl	0(%ecx),%edx
1019	#     in12 = *(uint32 *) (k + 4)
1020	movl	4(%ecx),%ebx
1021	#     in13 = *(uint32 *) (k + 8)
1022	movl	8(%ecx),%esi
1023	#     in14 = *(uint32 *) (k + 12)
1024	movl	12(%ecx),%ecx
1025	#     *(uint32 *) (x + 44) = in11
1026	movl	%edx,44(%eax)
1027	#     *(uint32 *) (x + 48) = in12
1028	movl	%ebx,48(%eax)
1029	#     *(uint32 *) (x + 52) = in13
1030	movl	%esi,52(%eax)
1031	#     *(uint32 *) (x + 56) = in14
1032	movl	%ecx,56(%eax)
1033	#     in0 = 1634760805
1034	mov	$1634760805,%ecx
1035	#     in5 = 824206446
1036	mov	$824206446,%edx
1037	#     in10 = 2036477238
1038	mov	$2036477238,%ebx
1039	#     in15 = 1797285236
1040	mov	$1797285236,%esi
1041	#     *(uint32 *) (x + 0) = in0
1042	movl	%ecx,0(%eax)
1043	#     *(uint32 *) (x + 20) = in5
1044	movl	%edx,20(%eax)
1045	#     *(uint32 *) (x + 40) = in10
1046	movl	%ebx,40(%eax)
1047	#     *(uint32 *) (x + 60) = in15
1048	movl	%esi,60(%eax)
1049._keysetupdone:
1050	#   eax = eax_stack
1051	movl	64(%esp),%eax
1052	#   ebx = ebx_stack
1053	movl	68(%esp),%ebx
1054	#   esi = esi_stack
1055	movl	72(%esp),%esi
1056	#   edi = edi_stack
1057	movl	76(%esp),%edi
1058	#   ebp = ebp_stack
1059	movl	80(%esp),%ebp
1060	# leave
1061	add	%eax,%esp
1062	ret
1063ENDPROC(salsa20_keysetup)
1064
1065# enter salsa20_ivsetup
1066ENTRY(salsa20_ivsetup)
1067	mov	%esp,%eax
1068	and	$31,%eax
1069	add	$256,%eax
1070	sub	%eax,%esp
1071	#   eax_stack = eax
1072	movl	%eax,64(%esp)
1073	#   ebx_stack = ebx
1074	movl	%ebx,68(%esp)
1075	#   esi_stack = esi
1076	movl	%esi,72(%esp)
1077	#   edi_stack = edi
1078	movl	%edi,76(%esp)
1079	#   ebp_stack = ebp
1080	movl	%ebp,80(%esp)
1081	#   iv = arg2
1082	movl	8(%esp,%eax),%ecx
1083	#   x = arg1
1084	movl	4(%esp,%eax),%eax
1085	#   in6 = *(uint32 *) (iv + 0)
1086	movl	0(%ecx),%edx
1087	#   in7 = *(uint32 *) (iv + 4)
1088	movl	4(%ecx),%ecx
1089	#   in8 = 0
1090	mov	$0,%ebx
1091	#   in9 = 0
1092	mov	$0,%esi
1093	#   *(uint32 *) (x + 24) = in6
1094	movl	%edx,24(%eax)
1095	#   *(uint32 *) (x + 28) = in7
1096	movl	%ecx,28(%eax)
1097	#   *(uint32 *) (x + 32) = in8
1098	movl	%ebx,32(%eax)
1099	#   *(uint32 *) (x + 36) = in9
1100	movl	%esi,36(%eax)
1101	#   eax = eax_stack
1102	movl	64(%esp),%eax
1103	#   ebx = ebx_stack
1104	movl	68(%esp),%ebx
1105	#   esi = esi_stack
1106	movl	72(%esp),%esi
1107	#   edi = edi_stack
1108	movl	76(%esp),%edi
1109	#   ebp = ebp_stack
1110	movl	80(%esp),%ebp
1111	# leave
1112	add	%eax,%esp
1113	ret
1114ENDPROC(salsa20_ivsetup)
1115