1 C nettle, low-level cryptographics library
3 C Copyright (C) 2013, Niels Möller
5 C The nettle library is free software; you can redistribute it and/or modify
6 C it under the terms of the GNU Lesser General Public License as published by
7 C the Free Software Foundation; either version 2.1 of the License, or (at your
8 C option) any later version.
10 C The nettle library is distributed in the hope that it will be useful, but
11 C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
13 C License for more details.
15 C You should have received a copy of the GNU Lesser General Public License
16 C along with the nettle library; see the file COPYING.LIB. If not, write to
17 C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
20 .file "ecc-224-modp.asm"
24 define(<H>, <r0>) C Overlaps unused ecc argument
38 C ecc_224_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
42 PROLOGUE(nettle_ecc_224_modp)
43 push {r4,r5,r6,r7,r8,r10,r11,lr}
46 ldm L2, {T0,T1,T2,T3,T4,T5,T6}
54 C This switch from adcs to sbcs takes carry into account with
55 C correct sign, but it always subtracts 1 too much. We arrange
56 C to also add B^7 + 1 below, so the effect is adding p. This
57 C addition of p also ensures that the result never is
64 mov H, #1 C This is the B^7
69 C Now subtract from low half
72 C Clear carry, with the sbcs, this is the 1.
78 ldm RP!, {T3,L0,L1,L2}
85 C Now -2 <= H <= 0 is the borrow, so subtract (B^3 - 1) |H|
86 C Use (B^3 - 1) H = <H, H, H> if -1 <=H <= 0, and
87 C (B^3 - 1) H = <1,B-1, B-1, B-2> if H = -2
99 C Final borrow, subtract (B^3 - 1) |H|
108 stmdb RP, {T0,T1,T2,T3,T4,T5,T6}
110 pop {r4,r5,r6,r7,r8,r10,r11,pc}
111 EPILOGUE(nettle_ecc_224_modp)