[deliverable/linux.git] / arch / x86 / crypto / salsa20-x86_64-asm_64.S

#include <linux/linkage.h>

# enter salsa20_encrypt_bytes
ENTRY(salsa20_encrypt_bytes)
	mov	%rsp,%r11
	and	$31,%r11
	add	$256,%r11
	sub	%r11,%rsp
	# x = arg1
	mov	%rdi,%r8
	# m = arg2
	mov	%rsi,%rsi
	# out = arg3
	mov	%rdx,%rdi
	# bytes = arg4
	mov	%rcx,%rdx
	#               unsigned>? bytes - 0
	cmp	$0,%rdx
	# comment:fp stack unchanged by jump
	# goto done if !unsigned>
	jbe	._done
	# comment:fp stack unchanged by fallthrough
# start:
._start:
	# r11_stack = r11
	movq	%r11,0(%rsp)
	# r12_stack = r12
	movq	%r12,8(%rsp)
	# r13_stack = r13
	movq	%r13,16(%rsp)
	# r14_stack = r14
	movq	%r14,24(%rsp)
	# r15_stack = r15
	movq	%r15,32(%rsp)
	# rbx_stack = rbx
	movq	%rbx,40(%rsp)
	# rbp_stack = rbp
	movq	%rbp,48(%rsp)
	# in0 = *(uint64 *) (x + 0)
	movq	0(%r8),%rcx
	# in2 = *(uint64 *) (x + 8)
	movq	8(%r8),%r9
	# in4 = *(uint64 *) (x + 16)
	movq	16(%r8),%rax
	# in6 = *(uint64 *) (x + 24)
	movq	24(%r8),%r10
	# in8 = *(uint64 *) (x + 32)
	movq	32(%r8),%r11
	# in10 = *(uint64 *) (x + 40)
	movq	40(%r8),%r12
	# in12 = *(uint64 *) (x + 48)
	movq	48(%r8),%r13
	# in14 = *(uint64 *) (x + 56)
	movq	56(%r8),%r14
	# j0 = in0
	movq	%rcx,56(%rsp)
	# j2 = in2
	movq	%r9,64(%rsp)
	# j4 = in4
	movq	%rax,72(%rsp)
	# j6 = in6
	movq	%r10,80(%rsp)
	# j8 = in8
	movq	%r11,88(%rsp)
	# j10 = in10
	movq	%r12,96(%rsp)
	# j12 = in12
	movq	%r13,104(%rsp)
	# j14 = in14
	movq	%r14,112(%rsp)
	# x_backup = x
	movq	%r8,120(%rsp)
# bytesatleast1:
._bytesatleast1:
	#                   unsigned<? bytes - 64
	cmp	$64,%rdx
	# comment:fp stack unchanged by jump
	#   goto nocopy if !unsigned<
	jae	._nocopy
	#     ctarget = out
	movq	%rdi,128(%rsp)
	#     out = &tmp
	leaq	192(%rsp),%rdi
	#     i = bytes
	mov	%rdx,%rcx
	#     while (i) { *out++ = *m++; --i }
	rep	movsb
	#     out = &tmp
	leaq	192(%rsp),%rdi
	#     m = &tmp
	leaq	192(%rsp),%rsi
	# comment:fp stack unchanged by fallthrough
#   nocopy:
._nocopy:
	#   out_backup = out
	movq	%rdi,136(%rsp)
	#   m_backup = m
	movq	%rsi,144(%rsp)
	#   bytes_backup = bytes
	movq	%rdx,152(%rsp)
	#   x1 = j0
	movq	56(%rsp),%rdi
	#   x0 = x1
	mov	%rdi,%rdx
	#   (uint64) x1 >>= 32
	shr	$32,%rdi
	#   		x3 = j2
	movq	64(%rsp),%rsi
	#   		x2 = x3
	mov	%rsi,%rcx
	#   		(uint64) x3 >>= 32
	shr	$32,%rsi
	#   x5 = j4
	movq	72(%rsp),%r8
	#   x4 = x5
	mov	%r8,%r9
	#   (uint64) x5 >>= 32
	shr	$32,%r8
	#   x5_stack = x5
	movq	%r8,160(%rsp)
	#   		x7 = j6
	movq	80(%rsp),%r8
	#   		x6 = x7
	mov	%r8,%rax
	#   		(uint64) x7 >>= 32
	shr	$32,%r8
	#   x9 = j8
	movq	88(%rsp),%r10
	#   x8 = x9
	mov	%r10,%r11
	#   (uint64) x9 >>= 32
	shr	$32,%r10
	#   		x11 = j10
	movq	96(%rsp),%r12
	#   		x10 = x11
	mov	%r12,%r13
	#   		x10_stack = x10
	movq	%r13,168(%rsp)
	#   		(uint64) x11 >>= 32
	shr	$32,%r12
	#   x13 = j12
	movq	104(%rsp),%r13
	#   x12 = x13
	mov	%r13,%r14
	#   (uint64) x13 >>= 32
	shr	$32,%r13
	#   		x15 = j14
	movq	112(%rsp),%r15
	#   		x14 = x15
	mov	%r15,%rbx
	#   		(uint64) x15 >>= 32
	shr	$32,%r15
	#   		x15_stack = x15
	movq	%r15,176(%rsp)
	#   i = 20
	mov	$20,%r15
#   mainloop:
._mainloop:
	#   i_backup = i
	movq	%r15,184(%rsp)
	# 		x5 = x5_stack
	movq	160(%rsp),%r15
	# a = x12 + x0
	lea	(%r14,%rdx),%rbp
	# (uint32) a <<<= 7
	rol	$7,%ebp
	# x4 ^= a
	xor	%rbp,%r9
	# 		b = x1 + x5
	lea	(%rdi,%r15),%rbp
	# 		(uint32) b <<<= 7
	rol	$7,%ebp
	# 		x9 ^= b
	xor	%rbp,%r10
	# a = x0 + x4
	lea	(%rdx,%r9),%rbp
	# (uint32) a <<<= 9
	rol	$9,%ebp
	# x8 ^= a
	xor	%rbp,%r11
	# 		b = x5 + x9
	lea	(%r15,%r10),%rbp
	# 		(uint32) b <<<= 9
	rol	$9,%ebp
	# 		x13 ^= b
	xor	%rbp,%r13
	# a = x4 + x8
	lea	(%r9,%r11),%rbp
	# (uint32) a <<<= 13
	rol	$13,%ebp
	# x12 ^= a
	xor	%rbp,%r14
	# 		b = x9 + x13
	lea	(%r10,%r13),%rbp
	# 		(uint32) b <<<= 13
	rol	$13,%ebp
	# 		x1 ^= b
	xor	%rbp,%rdi
	# a = x8 + x12
	lea	(%r11,%r14),%rbp
	# (uint32) a <<<= 18
	rol	$18,%ebp
	# x0 ^= a
	xor	%rbp,%rdx
	# 		b = x13 + x1
	lea	(%r13,%rdi),%rbp
	# 		(uint32) b <<<= 18
	rol	$18,%ebp
	# 		x5 ^= b
	xor	%rbp,%r15
	# 				x10 = x10_stack
	movq	168(%rsp),%rbp
	# 		x5_stack = x5
	movq	%r15,160(%rsp)
	# 				c = x6 + x10
	lea	(%rax,%rbp),%r15
	# 				(uint32) c <<<= 7
	rol	$7,%r15d
	# 				x14 ^= c
	xor	%r15,%rbx
	# 				c = x10 + x14
	lea	(%rbp,%rbx),%r15
	# 				(uint32) c <<<= 9
	rol	$9,%r15d
	# 				x2 ^= c
	xor	%r15,%rcx
	# 				c = x14 + x2
	lea	(%rbx,%rcx),%r15
	# 				(uint32) c <<<= 13
	rol	$13,%r15d
	# 				x6 ^= c
	xor	%r15,%rax
	# 				c = x2 + x6
	lea	(%rcx,%rax),%r15
	# 				(uint32) c <<<= 18
	rol	$18,%r15d
	# 				x10 ^= c
	xor	%r15,%rbp
	# 						x15 = x15_stack
	movq	176(%rsp),%r15
	# 				x10_stack = x10
	movq	%rbp,168(%rsp)
	# 						d = x11 + x15
	lea	(%r12,%r15),%rbp
	# 						(uint32) d <<<= 7
	rol	$7,%ebp
	# 						x3 ^= d
	xor	%rbp,%rsi
	# 						d = x15 + x3
	lea	(%r15,%rsi),%rbp
	# 						(uint32) d <<<= 9
	rol	$9,%ebp
	# 						x7 ^= d
	xor	%rbp,%r8
	# 						d = x3 + x7
	lea	(%rsi,%r8),%rbp
	# 						(uint32) d <<<= 13
	rol	$13,%ebp
	# 						x11 ^= d
	xor	%rbp,%r12
	# 						d = x7 + x11
	lea	(%r8,%r12),%rbp
	# 						(uint32) d <<<= 18
	rol	$18,%ebp
	# 						x15 ^= d
	xor	%rbp,%r15
	# 						x15_stack = x15
	movq	%r15,176(%rsp)
	# 		x5 = x5_stack
	movq	160(%rsp),%r15
	# a = x3 + x0
	lea	(%rsi,%rdx),%rbp
	# (uint32) a <<<= 7
	rol	$7,%ebp
	# x1 ^= a
	xor	%rbp,%rdi
	# 		b = x4 + x5
	lea	(%r9,%r15),%rbp
	# 		(uint32) b <<<= 7
	rol	$7,%ebp
	# 		x6 ^= b
	xor	%rbp,%rax
	# a = x0 + x1
	lea	(%rdx,%rdi),%rbp
	# (uint32) a <<<= 9
	rol	$9,%ebp
	# x2 ^= a
	xor	%rbp,%rcx
	# 		b = x5 + x6
	lea	(%r15,%rax),%rbp
	# 		(uint32) b <<<= 9
	rol	$9,%ebp
	# 		x7 ^= b
	xor	%rbp,%r8
	# a = x1 + x2
	lea	(%rdi,%rcx),%rbp
	# (uint32) a <<<= 13
	rol	$13,%ebp
	# x3 ^= a
	xor	%rbp,%rsi
	# 		b = x6 + x7
	lea	(%rax,%r8),%rbp
	# 		(uint32) b <<<= 13
	rol	$13,%ebp
	# 		x4 ^= b
	xor	%rbp,%r9
	# a = x2 + x3
	lea	(%rcx,%rsi),%rbp
	# (uint32) a <<<= 18
	rol	$18,%ebp
	# x0 ^= a
	xor	%rbp,%rdx
	# 		b = x7 + x4
	lea	(%r8,%r9),%rbp
	# 		(uint32) b <<<= 18
	rol	$18,%ebp
	# 		x5 ^= b
	xor	%rbp,%r15
	# 				x10 = x10_stack
	movq	168(%rsp),%rbp
	# 		x5_stack = x5
	movq	%r15,160(%rsp)
	# 				c = x9 + x10
	lea	(%r10,%rbp),%r15
	# 				(uint32) c <<<= 7
	rol	$7,%r15d
	# 				x11 ^= c
	xor	%r15,%r12
	# 				c = x10 + x11
	lea	(%rbp,%r12),%r15
	# 				(uint32) c <<<= 9
	rol	$9,%r15d
	# 				x8 ^= c
	xor	%r15,%r11
	# 				c = x11 + x8
	lea	(%r12,%r11),%r15
	# 				(uint32) c <<<= 13
	rol	$13,%r15d
	# 				x9 ^= c
	xor	%r15,%r10
	# 				c = x8 + x9
	lea	(%r11,%r10),%r15
	# 				(uint32) c <<<= 18
	rol	$18,%r15d
	# 				x10 ^= c
	xor	%r15,%rbp
	# 						x15 = x15_stack
	movq	176(%rsp),%r15
	# 				x10_stack = x10
	movq	%rbp,168(%rsp)
	# 						d = x14 + x15
	lea	(%rbx,%r15),%rbp
	# 						(uint32) d <<<= 7
	rol	$7,%ebp
	# 						x12 ^= d
	xor	%rbp,%r14
	# 						d = x15 + x12
	lea	(%r15,%r14),%rbp
	# 						(uint32) d <<<= 9
	rol	$9,%ebp
	# 						x13 ^= d
	xor	%rbp,%r13
	# 						d = x12 + x13
	lea	(%r14,%r13),%rbp
	# 						(uint32) d <<<= 13
	rol	$13,%ebp
	# 						x14 ^= d
	xor	%rbp,%rbx
	# 						d = x13 + x14
	lea	(%r13,%rbx),%rbp
	# 						(uint32) d <<<= 18
	rol	$18,%ebp
	# 						x15 ^= d
	xor	%rbp,%r15
	# 						x15_stack = x15
	movq	%r15,176(%rsp)
	# 		x5 = x5_stack
	movq	160(%rsp),%r15
	# a = x12 + x0
	lea	(%r14,%rdx),%rbp
	# (uint32) a <<<= 7
	rol	$7,%ebp
	# x4 ^= a
	xor	%rbp,%r9
	# 		b = x1 + x5
	lea	(%rdi,%r15),%rbp
	# 		(uint32) b <<<= 7
	rol	$7,%ebp
	# 		x9 ^= b
	xor	%rbp,%r10
	# a = x0 + x4
	lea	(%rdx,%r9),%rbp
	# (uint32) a <<<= 9
	rol	$9,%ebp
	# x8 ^= a
	xor	%rbp,%r11
	# 		b = x5 + x9
	lea	(%r15,%r10),%rbp
	# 		(uint32) b <<<= 9
	rol	$9,%ebp
	# 		x13 ^= b
	xor	%rbp,%r13
	# a = x4 + x8
	lea	(%r9,%r11),%rbp
	# (uint32) a <<<= 13
	rol	$13,%ebp
	# x12 ^= a
	xor	%rbp,%r14
	# 		b = x9 + x13
	lea	(%r10,%r13),%rbp
	# 		(uint32) b <<<= 13
	rol	$13,%ebp
	# 		x1 ^= b
	xor	%rbp,%rdi
	# a = x8 + x12
	lea	(%r11,%r14),%rbp
	# (uint32) a <<<= 18
	rol	$18,%ebp
	# x0 ^= a
	xor	%rbp,%rdx
	# 		b = x13 + x1
	lea	(%r13,%rdi),%rbp
	# 		(uint32) b <<<= 18
	rol	$18,%ebp
	# 		x5 ^= b
	xor	%rbp,%r15
	# 				x10 = x10_stack
	movq	168(%rsp),%rbp
	# 		x5_stack = x5
	movq	%r15,160(%rsp)
	# 				c = x6 + x10
	lea	(%rax,%rbp),%r15
	# 				(uint32) c <<<= 7
	rol	$7,%r15d
	# 				x14 ^= c
	xor	%r15,%rbx
	# 				c = x10 + x14
	lea	(%rbp,%rbx),%r15
	# 				(uint32) c <<<= 9
	rol	$9,%r15d
	# 				x2 ^= c
	xor	%r15,%rcx
	# 				c = x14 + x2
	lea	(%rbx,%rcx),%r15
	# 				(uint32) c <<<= 13
	rol	$13,%r15d
	# 				x6 ^= c
	xor	%r15,%rax
	# 				c = x2 + x6
	lea	(%rcx,%rax),%r15
	# 				(uint32) c <<<= 18
	rol	$18,%r15d
	# 				x10 ^= c
	xor	%r15,%rbp
	# 						x15 = x15_stack
	movq	176(%rsp),%r15
	# 				x10_stack = x10
	movq	%rbp,168(%rsp)
	# 						d = x11 + x15
	lea	(%r12,%r15),%rbp
	# 						(uint32) d <<<= 7
	rol	$7,%ebp
	# 						x3 ^= d
	xor	%rbp,%rsi
	# 						d = x15 + x3
	lea	(%r15,%rsi),%rbp
	# 						(uint32) d <<<= 9
	rol	$9,%ebp
	# 						x7 ^= d
	xor	%rbp,%r8
	# 						d = x3 + x7
	lea	(%rsi,%r8),%rbp
	# 						(uint32) d <<<= 13
	rol	$13,%ebp
	# 						x11 ^= d
	xor	%rbp,%r12
	# 						d = x7 + x11
	lea	(%r8,%r12),%rbp
	# 						(uint32) d <<<= 18
	rol	$18,%ebp
	# 						x15 ^= d
	xor	%rbp,%r15
	# 						x15_stack = x15
	movq	%r15,176(%rsp)
	# 		x5 = x5_stack
	movq	160(%rsp),%r15
	# a = x3 + x0
	lea	(%rsi,%rdx),%rbp
	# (uint32) a <<<= 7
	rol	$7,%ebp
	# x1 ^= a
	xor	%rbp,%rdi
	# 		b = x4 + x5
	lea	(%r9,%r15),%rbp
	# 		(uint32) b <<<= 7
	rol	$7,%ebp
	# 		x6 ^= b
	xor	%rbp,%rax
	# a = x0 + x1
	lea	(%rdx,%rdi),%rbp
	# (uint32) a <<<= 9
	rol	$9,%ebp
	# x2 ^= a
	xor	%rbp,%rcx
	# 		b = x5 + x6
	lea	(%r15,%rax),%rbp
	# 		(uint32) b <<<= 9
	rol	$9,%ebp
	# 		x7 ^= b
	xor	%rbp,%r8
	# a = x1 + x2
	lea	(%rdi,%rcx),%rbp
	# (uint32) a <<<= 13
	rol	$13,%ebp
	# x3 ^= a
	xor	%rbp,%rsi
	# 		b = x6 + x7
	lea	(%rax,%r8),%rbp
	# 		(uint32) b <<<= 13
	rol	$13,%ebp
	# 		x4 ^= b
	xor	%rbp,%r9
	# a = x2 + x3
	lea	(%rcx,%rsi),%rbp
	# (uint32) a <<<= 18
	rol	$18,%ebp
	# x0 ^= a
	xor	%rbp,%rdx
	# 		b = x7 + x4
	lea	(%r8,%r9),%rbp
	# 		(uint32) b <<<= 18
	rol	$18,%ebp
	# 		x5 ^= b
	xor	%rbp,%r15
	# 				x10 = x10_stack
	movq	168(%rsp),%rbp
	# 		x5_stack = x5
	movq	%r15,160(%rsp)
	# 				c = x9 + x10
	lea	(%r10,%rbp),%r15
	# 				(uint32) c <<<= 7
	rol	$7,%r15d
	# 				x11 ^= c
	xor	%r15,%r12
	# 				c = x10 + x11
	lea	(%rbp,%r12),%r15
	# 				(uint32) c <<<= 9
	rol	$9,%r15d
	# 				x8 ^= c
	xor	%r15,%r11
	# 				c = x11 + x8
	lea	(%r12,%r11),%r15
	# 				(uint32) c <<<= 13
	rol	$13,%r15d
	# 				x9 ^= c
	xor	%r15,%r10
	# 				c = x8 + x9
	lea	(%r11,%r10),%r15
	# 				(uint32) c <<<= 18
	rol	$18,%r15d
	# 				x10 ^= c
	xor	%r15,%rbp
	# 						x15 = x15_stack
	movq	176(%rsp),%r15
	# 				x10_stack = x10
	movq	%rbp,168(%rsp)
	# 						d = x14 + x15
	lea	(%rbx,%r15),%rbp
	# 						(uint32) d <<<= 7
	rol	$7,%ebp
	# 						x12 ^= d
	xor	%rbp,%r14
	# 						d = x15 + x12
	lea	(%r15,%r14),%rbp
	# 						(uint32) d <<<= 9
	rol	$9,%ebp
	# 						x13 ^= d
	xor	%rbp,%r13
	# 						d = x12 + x13
	lea	(%r14,%r13),%rbp
	# 						(uint32) d <<<= 13
	rol	$13,%ebp
	# 						x14 ^= d
	xor	%rbp,%rbx
	# 						d = x13 + x14
	lea	(%r13,%rbx),%rbp
	# 						(uint32) d <<<= 18
	rol	$18,%ebp
	# 						x15 ^= d
	xor	%rbp,%r15
	# 						x15_stack = x15
	movq	%r15,176(%rsp)
	#   i = i_backup
	movq	184(%rsp),%r15
	#                  unsigned>? i -= 4
	sub	$4,%r15
	# comment:fp stack unchanged by jump
	# goto mainloop if unsigned>
	ja	._mainloop
	#   (uint32) x2 += j2
	addl	64(%rsp),%ecx
	#   x3 <<= 32
	shl	$32,%rsi
	#   x3 += j2
	addq	64(%rsp),%rsi
	#   (uint64) x3 >>= 32
	shr	$32,%rsi
	#   x3 <<= 32
	shl	$32,%rsi
	#   x2 += x3
	add	%rsi,%rcx
	#   (uint32) x6 += j6
	addl	80(%rsp),%eax
	#   x7 <<= 32
	shl	$32,%r8
	#   x7 += j6
	addq	80(%rsp),%r8
	#   (uint64) x7 >>= 32
	shr	$32,%r8
	#   x7 <<= 32
	shl	$32,%r8
	#   x6 += x7
	add	%r8,%rax
	#   (uint32) x8 += j8
	addl	88(%rsp),%r11d
	#   x9 <<= 32
	shl	$32,%r10
	#   x9 += j8
	addq	88(%rsp),%r10
	#   (uint64) x9 >>= 32
	shr	$32,%r10
	#   x9 <<= 32
	shl	$32,%r10
	#   x8 += x9
	add	%r10,%r11
	#   (uint32) x12 += j12
	addl	104(%rsp),%r14d
	#   x13 <<= 32
	shl	$32,%r13
	#   x13 += j12
	addq	104(%rsp),%r13
	#   (uint64) x13 >>= 32
	shr	$32,%r13
	#   x13 <<= 32
	shl	$32,%r13
	#   x12 += x13
	add	%r13,%r14
	#   (uint32) x0 += j0
	addl	56(%rsp),%edx
	#   x1 <<= 32
	shl	$32,%rdi
	#   x1 += j0
	addq	56(%rsp),%rdi
	#   (uint64) x1 >>= 32
	shr	$32,%rdi
	#   x1 <<= 32
	shl	$32,%rdi
	#   x0 += x1
	add	%rdi,%rdx
	#   x5 = x5_stack
	movq	160(%rsp),%rdi
	#   (uint32) x4 += j4
	addl	72(%rsp),%r9d
	#   x5 <<= 32
	shl	$32,%rdi
	#   x5 += j4
	addq	72(%rsp),%rdi
	#   (uint64) x5 >>= 32
	shr	$32,%rdi
	#   x5 <<= 32
	shl	$32,%rdi
	#   x4 += x5
	add	%rdi,%r9
	#   x10 = x10_stack
	movq	168(%rsp),%r8
	#   (uint32) x10 += j10
	addl	96(%rsp),%r8d
	#   x11 <<= 32
	shl	$32,%r12
	#   x11 += j10
	addq	96(%rsp),%r12
	#   (uint64) x11 >>= 32
	shr	$32,%r12
	#   x11 <<= 32
	shl	$32,%r12
	#   x10 += x11
	add	%r12,%r8
	#   x15 = x15_stack
	movq	176(%rsp),%rdi
	#   (uint32) x14 += j14
	addl	112(%rsp),%ebx
	#   x15 <<= 32
	shl	$32,%rdi
	#   x15 += j14
	addq	112(%rsp),%rdi
	#   (uint64) x15 >>= 32
	shr	$32,%rdi
	#   x15 <<= 32
	shl	$32,%rdi
	#   x14 += x15
	add	%rdi,%rbx
	#   out = out_backup
	movq	136(%rsp),%rdi
	#   m = m_backup
	movq	144(%rsp),%rsi
	#   x0 ^= *(uint64 *) (m + 0)
	xorq	0(%rsi),%rdx
	#   *(uint64 *) (out + 0) = x0
	movq	%rdx,0(%rdi)
	#   x2 ^= *(uint64 *) (m + 8)
	xorq	8(%rsi),%rcx
	#   *(uint64 *) (out + 8) = x2
	movq	%rcx,8(%rdi)
	#   x4 ^= *(uint64 *) (m + 16)
	xorq	16(%rsi),%r9
	#   *(uint64 *) (out + 16) = x4
	movq	%r9,16(%rdi)
	#   x6 ^= *(uint64 *) (m + 24)
	xorq	24(%rsi),%rax
	#   *(uint64 *) (out + 24) = x6
	movq	%rax,24(%rdi)
	#   x8 ^= *(uint64 *) (m + 32)
	xorq	32(%rsi),%r11
	#   *(uint64 *) (out + 32) = x8
	movq	%r11,32(%rdi)
	#   x10 ^= *(uint64 *) (m + 40)
	xorq	40(%rsi),%r8
	#   *(uint64 *) (out + 40) = x10
	movq	%r8,40(%rdi)
	#   x12 ^= *(uint64 *) (m + 48)
	xorq	48(%rsi),%r14
	#   *(uint64 *) (out + 48) = x12
	movq	%r14,48(%rdi)
	#   x14 ^= *(uint64 *) (m + 56)
	xorq	56(%rsi),%rbx
	#   *(uint64 *) (out + 56) = x14
	movq	%rbx,56(%rdi)
	#   bytes = bytes_backup
	movq	152(%rsp),%rdx
	#   in8 = j8
	movq	88(%rsp),%rcx
	#   in8 += 1
	add	$1,%rcx
	#   j8 = in8
	movq	%rcx,88(%rsp)
	#                          unsigned>? unsigned<? bytes - 64
	cmp	$64,%rdx
	# comment:fp stack unchanged by jump
	#   goto bytesatleast65 if unsigned>
	ja	._bytesatleast65
	# comment:fp stack unchanged by jump
	#     goto bytesatleast64 if !unsigned<
	jae	._bytesatleast64
	#       m = out
	mov	%rdi,%rsi
	#       out = ctarget
	movq	128(%rsp),%rdi
	#       i = bytes
	mov	%rdx,%rcx
	#       while (i) { *out++ = *m++; --i }
	rep	movsb
	# comment:fp stack unchanged by fallthrough
#     bytesatleast64:
._bytesatleast64:
	#     x = x_backup
	movq	120(%rsp),%rdi
	#     in8 = j8
	movq	88(%rsp),%rsi
	#     *(uint64 *) (x + 32) = in8
	movq	%rsi,32(%rdi)
	#     r11 = r11_stack
	movq	0(%rsp),%r11
	#     r12 = r12_stack
	movq	8(%rsp),%r12
	#     r13 = r13_stack
	movq	16(%rsp),%r13
	#     r14 = r14_stack
	movq	24(%rsp),%r14
	#     r15 = r15_stack
	movq	32(%rsp),%r15
	#     rbx = rbx_stack
	movq	40(%rsp),%rbx
	#     rbp = rbp_stack
	movq	48(%rsp),%rbp
	# comment:fp stack unchanged by fallthrough
#     done:
._done:
	#     leave
	add	%r11,%rsp
	mov	%rdi,%rax
	mov	%rsi,%rdx
	ret
#   bytesatleast65:
._bytesatleast65:
	#   bytes -= 64
	sub	$64,%rdx
	#   out += 64
	add	$64,%rdi
	#   m += 64
	add	$64,%rsi
	# comment:fp stack unchanged by jump
	# goto bytesatleast1
	jmp	._bytesatleast1
ENDPROC(salsa20_encrypt_bytes)

# enter salsa20_keysetup
ENTRY(salsa20_keysetup)
	mov	%rsp,%r11
	and	$31,%r11
	add	$256,%r11
	sub	%r11,%rsp
	#   k = arg2
	mov	%rsi,%rsi
	#   kbits = arg3
	mov	%rdx,%rdx
	#   x = arg1
	mov	%rdi,%rdi
	#   in0 = *(uint64 *) (k + 0)
	movq	0(%rsi),%r8
	#   in2 = *(uint64 *) (k + 8)
	movq	8(%rsi),%r9
	#   *(uint64 *) (x + 4) = in0
	movq	%r8,4(%rdi)
	#   *(uint64 *) (x + 12) = in2
	movq	%r9,12(%rdi)
	#                    unsigned<? kbits - 256
	cmp	$256,%rdx
	# comment:fp stack unchanged by jump
	#   goto kbits128 if unsigned<
	jb	._kbits128
#   kbits256:
._kbits256:
	#     in10 = *(uint64 *) (k + 16)
	movq	16(%rsi),%rdx
	#     in12 = *(uint64 *) (k + 24)
	movq	24(%rsi),%rsi
	#     *(uint64 *) (x + 44) = in10
	movq	%rdx,44(%rdi)
	#     *(uint64 *) (x + 52) = in12
	movq	%rsi,52(%rdi)
	#     in0 = 1634760805
	mov	$1634760805,%rsi
	#     in4 = 857760878
	mov	$857760878,%rdx
	#     in10 = 2036477234
	mov	$2036477234,%rcx
	#     in14 = 1797285236
	mov	$1797285236,%r8
	#     *(uint32 *) (x + 0) = in0
	movl	%esi,0(%rdi)
	#     *(uint32 *) (x + 20) = in4
	movl	%edx,20(%rdi)
	#     *(uint32 *) (x + 40) = in10
	movl	%ecx,40(%rdi)
	#     *(uint32 *) (x + 60) = in14
	movl	%r8d,60(%rdi)
	# comment:fp stack unchanged by jump
	#   goto keysetupdone
	jmp	._keysetupdone
#   kbits128:
._kbits128:
	#     in10 = *(uint64 *) (k + 0)
	movq	0(%rsi),%rdx
	#     in12 = *(uint64 *) (k + 8)
	movq	8(%rsi),%rsi
	#     *(uint64 *) (x + 44) = in10
	movq	%rdx,44(%rdi)
	#     *(uint64 *) (x + 52) = in12
	movq	%rsi,52(%rdi)
	#     in0 = 1634760805
	mov	$1634760805,%rsi
	#     in4 = 824206446
	mov	$824206446,%rdx
	#     in10 = 2036477238
	mov	$2036477238,%rcx
	#     in14 = 1797285236
	mov	$1797285236,%r8
	#     *(uint32 *) (x + 0) = in0
	movl	%esi,0(%rdi)
	#     *(uint32 *) (x + 20) = in4
	movl	%edx,20(%rdi)
	#     *(uint32 *) (x + 40) = in10
	movl	%ecx,40(%rdi)
	#     *(uint32 *) (x + 60) = in14
	movl	%r8d,60(%rdi)
#   keysetupdone:
._keysetupdone:
	# leave
	add	%r11,%rsp
	mov	%rdi,%rax
	mov	%rsi,%rdx
	ret
ENDPROC(salsa20_keysetup)

# enter salsa20_ivsetup
ENTRY(salsa20_ivsetup)
	mov	%rsp,%r11
	and	$31,%r11
	add	$256,%r11
	sub	%r11,%rsp
	#   iv = arg2
	mov	%rsi,%rsi
	#   x = arg1
	mov	%rdi,%rdi
	#   in6 = *(uint64 *) (iv + 0)
	movq	0(%rsi),%rsi
	#   in8 = 0
	mov	$0,%r8
	#   *(uint64 *) (x + 24) = in6
	movq	%rsi,24(%rdi)
	#   *(uint64 *) (x + 32) = in8
	movq	%r8,32(%rdi)
	# leave
	add	%r11,%rsp
	mov	%rdi,%rax
	mov	%rsi,%rdx
	ret
ENDPROC(salsa20_ivsetup)
Commit	Line	Data
04443808 JK	1	#include <linux/linkage.h>
	2
	3	# enter salsa20_encrypt_bytes
	4	ENTRY(salsa20_encrypt_bytes)
9a7dafbb TSH	5	mov %rsp,%r11
	6	and $31,%r11
	7	add $256,%r11
	8	sub %r11,%rsp
	9	# x = arg1
	10	mov %rdi,%r8
	11	# m = arg2
	12	mov %rsi,%rsi
	13	# out = arg3
	14	mov %rdx,%rdi
	15	# bytes = arg4
	16	mov %rcx,%rdx
	17	# unsigned>? bytes - 0
	18	cmp $0,%rdx
	19	# comment:fp stack unchanged by jump
	20	# goto done if !unsigned>
	21	jbe ._done
	22	# comment:fp stack unchanged by fallthrough
	23	# start:
	24	._start:
	25	# r11_stack = r11
	26	movq %r11,0(%rsp)
	27	# r12_stack = r12
	28	movq %r12,8(%rsp)
	29	# r13_stack = r13
	30	movq %r13,16(%rsp)
	31	# r14_stack = r14
	32	movq %r14,24(%rsp)
	33	# r15_stack = r15
	34	movq %r15,32(%rsp)
	35	# rbx_stack = rbx
	36	movq %rbx,40(%rsp)
	37	# rbp_stack = rbp
	38	movq %rbp,48(%rsp)
	39	# in0 = (uint64 ) (x + 0)
	40	movq 0(%r8),%rcx
	41	# in2 = (uint64 ) (x + 8)
	42	movq 8(%r8),%r9
	43	# in4 = (uint64 ) (x + 16)
	44	movq 16(%r8),%rax
	45	# in6 = (uint64 ) (x + 24)
	46	movq 24(%r8),%r10
	47	# in8 = (uint64 ) (x + 32)
	48	movq 32(%r8),%r11
	49	# in10 = (uint64 ) (x + 40)
	50	movq 40(%r8),%r12
	51	# in12 = (uint64 ) (x + 48)
	52	movq 48(%r8),%r13
	53	# in14 = (uint64 ) (x + 56)
	54	movq 56(%r8),%r14
	55	# j0 = in0
	56	movq %rcx,56(%rsp)
	57	# j2 = in2
	58	movq %r9,64(%rsp)
	59	# j4 = in4
	60	movq %rax,72(%rsp)
	61	# j6 = in6
	62	movq %r10,80(%rsp)
	63	# j8 = in8
	64	movq %r11,88(%rsp)
	65	# j10 = in10
	66	movq %r12,96(%rsp)
	67	# j12 = in12
	68	movq %r13,104(%rsp)
69	# j14 = in14
70	movq %r14,112(%rsp)
71	# x_backup = x
72	movq %r8,120(%rsp)
73	# bytesatleast1:
74	._bytesatleast1:
75	# unsigned<? bytes - 64
76	cmp $64,%rdx
77	# comment:fp stack unchanged by jump
78	# goto nocopy if !unsigned<
79	jae ._nocopy
80	# ctarget = out
81	movq %rdi,128(%rsp)
82	# out = &tmp
83	leaq 192(%rsp),%rdi
84	# i = bytes
85	mov %rdx,%rcx
86	# while (i) { out++ = m++; --i }
87	rep movsb
88	# out = &tmp
89	leaq 192(%rsp),%rdi
90	# m = &tmp
91	leaq 192(%rsp),%rsi
92	# comment:fp stack unchanged by fallthrough
93	# nocopy:
94	._nocopy:
95	# out_backup = out
96	movq %rdi,136(%rsp)
97	# m_backup = m
98	movq %rsi,144(%rsp)
99	# bytes_backup = bytes
100	movq %rdx,152(%rsp)
101	# x1 = j0
102	movq 56(%rsp),%rdi
103	# x0 = x1
104	mov %rdi,%rdx
105	# (uint64) x1 >>= 32
106	shr $32,%rdi
107	# x3 = j2
108	movq 64(%rsp),%rsi
109	# x2 = x3
110	mov %rsi,%rcx
111	# (uint64) x3 >>= 32
112	shr $32,%rsi
113	# x5 = j4
114	movq 72(%rsp),%r8
115	# x4 = x5
116	mov %r8,%r9
117	# (uint64) x5 >>= 32
118	shr $32,%r8
119	# x5_stack = x5
120	movq %r8,160(%rsp)
121	# x7 = j6
122	movq 80(%rsp),%r8
123	# x6 = x7
124	mov %r8,%rax
125	# (uint64) x7 >>= 32
126	shr $32,%r8
127	# x9 = j8
128	movq 88(%rsp),%r10
129	# x8 = x9
130	mov %r10,%r11
131	# (uint64) x9 >>= 32
132	shr $32,%r10
133	# x11 = j10
134	movq 96(%rsp),%r12
135	# x10 = x11
136	mov %r12,%r13
137	# x10_stack = x10
138	movq %r13,168(%rsp)
139	# (uint64) x11 >>= 32
140	shr $32,%r12
141	# x13 = j12
142	movq 104(%rsp),%r13
143	# x12 = x13
144	mov %r13,%r14
145	# (uint64) x13 >>= 32
146	shr $32,%r13
147	# x15 = j14
148	movq 112(%rsp),%r15
149	# x14 = x15
150	mov %r15,%rbx
151	# (uint64) x15 >>= 32
152	shr $32,%r15
153	# x15_stack = x15
154	movq %r15,176(%rsp)
155	# i = 20
156	mov $20,%r15
157	# mainloop:
158	._mainloop:
159	# i_backup = i
160	movq %r15,184(%rsp)
161	# x5 = x5_stack
162	movq 160(%rsp),%r15
163	# a = x12 + x0
164	lea (%r14,%rdx),%rbp
165	# (uint32) a <<<= 7
166	rol $7,%ebp
167	# x4 ^= a
168	xor %rbp,%r9
169	# b = x1 + x5
170	lea (%rdi,%r15),%rbp
171	# (uint32) b <<<= 7
172	rol $7,%ebp
173	# x9 ^= b
174	xor %rbp,%r10
175	# a = x0 + x4
176	lea (%rdx,%r9),%rbp
177	# (uint32) a <<<= 9
178	rol $9,%ebp
179	# x8 ^= a
180	xor %rbp,%r11
181	# b = x5 + x9
182	lea (%r15,%r10),%rbp
183	# (uint32) b <<<= 9
184	rol $9,%ebp
185	# x13 ^= b
186	xor %rbp,%r13
187	# a = x4 + x8
188	lea (%r9,%r11),%rbp
189	# (uint32) a <<<= 13
190	rol $13,%ebp
191	# x12 ^= a
192	xor %rbp,%r14
193	# b = x9 + x13
194	lea (%r10,%r13),%rbp
195	# (uint32) b <<<= 13
196	rol $13,%ebp
197	# x1 ^= b
198	xor %rbp,%rdi
199	# a = x8 + x12
200	lea (%r11,%r14),%rbp
201	# (uint32) a <<<= 18
202	rol $18,%ebp
203	# x0 ^= a
204	xor %rbp,%rdx
205	# b = x13 + x1
206	lea (%r13,%rdi),%rbp
207	# (uint32) b <<<= 18
208	rol $18,%ebp
209	# x5 ^= b
210	xor %rbp,%r15
211	# x10 = x10_stack
212	movq 168(%rsp),%rbp
213	# x5_stack = x5
214	movq %r15,160(%rsp)
215	# c = x6 + x10
216	lea (%rax,%rbp),%r15
217	# (uint32) c <<<= 7
218	rol $7,%r15d
219	# x14 ^= c
220	xor %r15,%rbx
221	# c = x10 + x14
222	lea (%rbp,%rbx),%r15
223	# (uint32) c <<<= 9
224	rol $9,%r15d
225	# x2 ^= c
226	xor %r15,%rcx
227	# c = x14 + x2
228	lea (%rbx,%rcx),%r15
229	# (uint32) c <<<= 13
230	rol $13,%r15d
231	# x6 ^= c
232	xor %r15,%rax
233	# c = x2 + x6
234	lea (%rcx,%rax),%r15
235	# (uint32) c <<<= 18
236	rol $18,%r15d
237	# x10 ^= c
238	xor %r15,%rbp
239	# x15 = x15_stack
240	movq 176(%rsp),%r15
241	# x10_stack = x10
242	movq %rbp,168(%rsp)
243	# d = x11 + x15
244	lea (%r12,%r15),%rbp
245	# (uint32) d <<<= 7
246	rol $7,%ebp
247	# x3 ^= d
248	xor %rbp,%rsi
249	# d = x15 + x3
250	lea (%r15,%rsi),%rbp
251	# (uint32) d <<<= 9
252	rol $9,%ebp
253	# x7 ^= d
254	xor %rbp,%r8
255	# d = x3 + x7
256	lea (%rsi,%r8),%rbp
257	# (uint32) d <<<= 13
258	rol $13,%ebp
259	# x11 ^= d
260	xor %rbp,%r12
261	# d = x7 + x11
262	lea (%r8,%r12),%rbp
263	# (uint32) d <<<= 18
264	rol $18,%ebp
265	# x15 ^= d
266	xor %rbp,%r15
267	# x15_stack = x15
268	movq %r15,176(%rsp)
269	# x5 = x5_stack
270	movq 160(%rsp),%r15
271	# a = x3 + x0
272	lea (%rsi,%rdx),%rbp
273	# (uint32) a <<<= 7
274	rol $7,%ebp
275	# x1 ^= a
276	xor %rbp,%rdi
277	# b = x4 + x5
278	lea (%r9,%r15),%rbp
279	# (uint32) b <<<= 7
280	rol $7,%ebp
281	# x6 ^= b
282	xor %rbp,%rax
283	# a = x0 + x1
284	lea (%rdx,%rdi),%rbp
285	# (uint32) a <<<= 9
286	rol $9,%ebp
287	# x2 ^= a
288	xor %rbp,%rcx
289	# b = x5 + x6
290	lea (%r15,%rax),%rbp
291	# (uint32) b <<<= 9
292	rol $9,%ebp
293	# x7 ^= b
294	xor %rbp,%r8
295	# a = x1 + x2
296	lea (%rdi,%rcx),%rbp
297	# (uint32) a <<<= 13
298	rol $13,%ebp
299	# x3 ^= a
300	xor %rbp,%rsi
301	# b = x6 + x7
302	lea (%rax,%r8),%rbp
303	# (uint32) b <<<= 13
304	rol $13,%ebp
305	# x4 ^= b
306	xor %rbp,%r9
307	# a = x2 + x3
308	lea (%rcx,%rsi),%rbp
309	# (uint32) a <<<= 18
310	rol $18,%ebp
311	# x0 ^= a
312	xor %rbp,%rdx
313	# b = x7 + x4
314	lea (%r8,%r9),%rbp
315	# (uint32) b <<<= 18
316	rol $18,%ebp
317	# x5 ^= b
318	xor %rbp,%r15
319	# x10 = x10_stack
320	movq 168(%rsp),%rbp
321	# x5_stack = x5
322	movq %r15,160(%rsp)
323	# c = x9 + x10
324	lea (%r10,%rbp),%r15
325	# (uint32) c <<<= 7
326	rol $7,%r15d
327	# x11 ^= c
328	xor %r15,%r12
329	# c = x10 + x11
330	lea (%rbp,%r12),%r15
331	# (uint32) c <<<= 9
332	rol $9,%r15d
333	# x8 ^= c
334	xor %r15,%r11
335	# c = x11 + x8
336	lea (%r12,%r11),%r15
337	# (uint32) c <<<= 13
338	rol $13,%r15d
339	# x9 ^= c
340	xor %r15,%r10
341	# c = x8 + x9
342	lea (%r11,%r10),%r15
343	# (uint32) c <<<= 18
344	rol $18,%r15d
345	# x10 ^= c
346	xor %r15,%rbp
347	# x15 = x15_stack
348	movq 176(%rsp),%r15
349	# x10_stack = x10
350	movq %rbp,168(%rsp)
351	# d = x14 + x15
352	lea (%rbx,%r15),%rbp
353	# (uint32) d <<<= 7
354	rol $7,%ebp
355	# x12 ^= d
356	xor %rbp,%r14
357	# d = x15 + x12
358	lea (%r15,%r14),%rbp
359	# (uint32) d <<<= 9
360	rol $9,%ebp
361	# x13 ^= d
362	xor %rbp,%r13
363	# d = x12 + x13
364	lea (%r14,%r13),%rbp
365	# (uint32) d <<<= 13
366	rol $13,%ebp
367	# x14 ^= d
368	xor %rbp,%rbx
369	# d = x13 + x14
370	lea (%r13,%rbx),%rbp
371	# (uint32) d <<<= 18
372	rol $18,%ebp
373	# x15 ^= d
374	xor %rbp,%r15
375	# x15_stack = x15
376	movq %r15,176(%rsp)
377	# x5 = x5_stack
378	movq 160(%rsp),%r15
379	# a = x12 + x0
380	lea (%r14,%rdx),%rbp
381	# (uint32) a <<<= 7
382	rol $7,%ebp
383	# x4 ^= a
384	xor %rbp,%r9
385	# b = x1 + x5
386	lea (%rdi,%r15),%rbp
387	# (uint32) b <<<= 7
388	rol $7,%ebp
389	# x9 ^= b
390	xor %rbp,%r10
391	# a = x0 + x4
392	lea (%rdx,%r9),%rbp
393	# (uint32) a <<<= 9
394	rol $9,%ebp
395	# x8 ^= a
396	xor %rbp,%r11
397	# b = x5 + x9
398	lea (%r15,%r10),%rbp
399	# (uint32) b <<<= 9
400	rol $9,%ebp
401	# x13 ^= b
402	xor %rbp,%r13
403	# a = x4 + x8
404	lea (%r9,%r11),%rbp
405	# (uint32) a <<<= 13
406	rol $13,%ebp
407	# x12 ^= a
408	xor %rbp,%r14
409	# b = x9 + x13
410	lea (%r10,%r13),%rbp
411	# (uint32) b <<<= 13
412	rol $13,%ebp
413	# x1 ^= b
414	xor %rbp,%rdi
415	# a = x8 + x12
416	lea (%r11,%r14),%rbp
417	# (uint32) a <<<= 18
418	rol $18,%ebp
419	# x0 ^= a
420	xor %rbp,%rdx
421	# b = x13 + x1
422	lea (%r13,%rdi),%rbp
423	# (uint32) b <<<= 18
424	rol $18,%ebp
425	# x5 ^= b
426	xor %rbp,%r15
427	# x10 = x10_stack
428	movq 168(%rsp),%rbp
429	# x5_stack = x5
430	movq %r15,160(%rsp)
431	# c = x6 + x10
432	lea (%rax,%rbp),%r15
433	# (uint32) c <<<= 7
434	rol $7,%r15d
435	# x14 ^= c
436	xor %r15,%rbx
437	# c = x10 + x14
438	lea (%rbp,%rbx),%r15
439	# (uint32) c <<<= 9
440	rol $9,%r15d
441	# x2 ^= c
442	xor %r15,%rcx
443	# c = x14 + x2
444	lea (%rbx,%rcx),%r15
445	# (uint32) c <<<= 13
446	rol $13,%r15d
447	# x6 ^= c
448	xor %r15,%rax
449	# c = x2 + x6
450	lea (%rcx,%rax),%r15
451	# (uint32) c <<<= 18
452	rol $18,%r15d
453	# x10 ^= c
454	xor %r15,%rbp
455	# x15 = x15_stack
456	movq 176(%rsp),%r15
457	# x10_stack = x10
458	movq %rbp,168(%rsp)
459	# d = x11 + x15
460	lea (%r12,%r15),%rbp
461	# (uint32) d <<<= 7
462	rol $7,%ebp
463	# x3 ^= d
464	xor %rbp,%rsi
465	# d = x15 + x3
466	lea (%r15,%rsi),%rbp
467	# (uint32) d <<<= 9
468	rol $9,%ebp
469	# x7 ^= d
470	xor %rbp,%r8
471	# d = x3 + x7
472	lea (%rsi,%r8),%rbp
473	# (uint32) d <<<= 13
474	rol $13,%ebp
475	# x11 ^= d
476	xor %rbp,%r12
477	# d = x7 + x11
478	lea (%r8,%r12),%rbp
479	# (uint32) d <<<= 18
480	rol $18,%ebp
481	# x15 ^= d
482	xor %rbp,%r15
483	# x15_stack = x15
484	movq %r15,176(%rsp)
485	# x5 = x5_stack
486	movq 160(%rsp),%r15
487	# a = x3 + x0
488	lea (%rsi,%rdx),%rbp
489	# (uint32) a <<<= 7
490	rol $7,%ebp
491	# x1 ^= a
492	xor %rbp,%rdi
493	# b = x4 + x5
494	lea (%r9,%r15),%rbp
495	# (uint32) b <<<= 7
496	rol $7,%ebp
497	# x6 ^= b
498	xor %rbp,%rax
499	# a = x0 + x1
500	lea (%rdx,%rdi),%rbp
501	# (uint32) a <<<= 9
502	rol $9,%ebp
503	# x2 ^= a
504	xor %rbp,%rcx
505	# b = x5 + x6
506	lea (%r15,%rax),%rbp
507	# (uint32) b <<<= 9
508	rol $9,%ebp
509	# x7 ^= b
510	xor %rbp,%r8
511	# a = x1 + x2
512	lea (%rdi,%rcx),%rbp
513	# (uint32) a <<<= 13
514	rol $13,%ebp
515	# x3 ^= a
516	xor %rbp,%rsi
517	# b = x6 + x7
518	lea (%rax,%r8),%rbp
519	# (uint32) b <<<= 13
520	rol $13,%ebp
521	# x4 ^= b
522	xor %rbp,%r9
523	# a = x2 + x3
524	lea (%rcx,%rsi),%rbp
525	# (uint32) a <<<= 18
526	rol $18,%ebp
527	# x0 ^= a
528	xor %rbp,%rdx
529	# b = x7 + x4
530	lea (%r8,%r9),%rbp
531	# (uint32) b <<<= 18
532	rol $18,%ebp
533	# x5 ^= b
534	xor %rbp,%r15
535	# x10 = x10_stack
536	movq 168(%rsp),%rbp
537	# x5_stack = x5
538	movq %r15,160(%rsp)
539	# c = x9 + x10
540	lea (%r10,%rbp),%r15
541	# (uint32) c <<<= 7
542	rol $7,%r15d
543	# x11 ^= c
544	xor %r15,%r12
545	# c = x10 + x11
546	lea (%rbp,%r12),%r15
547	# (uint32) c <<<= 9
548	rol $9,%r15d
549	# x8 ^= c
550	xor %r15,%r11
551	# c = x11 + x8
552	lea (%r12,%r11),%r15
553	# (uint32) c <<<= 13
554	rol $13,%r15d
555	# x9 ^= c
556	xor %r15,%r10
557	# c = x8 + x9
558	lea (%r11,%r10),%r15
559	# (uint32) c <<<= 18
560	rol $18,%r15d
561	# x10 ^= c
562	xor %r15,%rbp
563	# x15 = x15_stack
564	movq 176(%rsp),%r15
565	# x10_stack = x10
566	movq %rbp,168(%rsp)
567	# d = x14 + x15
568	lea (%rbx,%r15),%rbp
569	# (uint32) d <<<= 7
570	rol $7,%ebp
571	# x12 ^= d
572	xor %rbp,%r14
573	# d = x15 + x12
574	lea (%r15,%r14),%rbp
575	# (uint32) d <<<= 9
576	rol $9,%ebp
577	# x13 ^= d
578	xor %rbp,%r13
579	# d = x12 + x13
580	lea (%r14,%r13),%rbp
581	# (uint32) d <<<= 13
582	rol $13,%ebp
583	# x14 ^= d
584	xor %rbp,%rbx
585	# d = x13 + x14
586	lea (%r13,%rbx),%rbp
587	# (uint32) d <<<= 18
588	rol $18,%ebp
589	# x15 ^= d
590	xor %rbp,%r15
591	# x15_stack = x15
592	movq %r15,176(%rsp)
593	# i = i_backup
594	movq 184(%rsp),%r15
595	# unsigned>? i -= 4
596	sub $4,%r15
597	# comment:fp stack unchanged by jump
598	# goto mainloop if unsigned>
599	ja ._mainloop
600	# (uint32) x2 += j2
601	addl 64(%rsp),%ecx
602	# x3 <<= 32
603	shl $32,%rsi
604	# x3 += j2
605	addq 64(%rsp),%rsi
606	# (uint64) x3 >>= 32
607	shr $32,%rsi
608	# x3 <<= 32
609	shl $32,%rsi
610	# x2 += x3
611	add %rsi,%rcx
612	# (uint32) x6 += j6
613	addl 80(%rsp),%eax
614	# x7 <<= 32
615	shl $32,%r8
616	# x7 += j6
617	addq 80(%rsp),%r8
618	# (uint64) x7 >>= 32
619	shr $32,%r8
620	# x7 <<= 32
621	shl $32,%r8
622	# x6 += x7
623	add %r8,%rax
624	# (uint32) x8 += j8
625	addl 88(%rsp),%r11d
626	# x9 <<= 32
627	shl $32,%r10
628	# x9 += j8
629	addq 88(%rsp),%r10
630	# (uint64) x9 >>= 32
631	shr $32,%r10
632	# x9 <<= 32
633	shl $32,%r10
634	# x8 += x9
635	add %r10,%r11
636	# (uint32) x12 += j12
637	addl 104(%rsp),%r14d
638	# x13 <<= 32
639	shl $32,%r13
640	# x13 += j12
641	addq 104(%rsp),%r13
642	# (uint64) x13 >>= 32
643	shr $32,%r13
644	# x13 <<= 32
645	shl $32,%r13
646	# x12 += x13
647	add %r13,%r14
648	# (uint32) x0 += j0
649	addl 56(%rsp),%edx
650	# x1 <<= 32
651	shl $32,%rdi
652	# x1 += j0
653	addq 56(%rsp),%rdi
654	# (uint64) x1 >>= 32
655	shr $32,%rdi
656	# x1 <<= 32
657	shl $32,%rdi
658	# x0 += x1
659	add %rdi,%rdx
660	# x5 = x5_stack
661	movq 160(%rsp),%rdi
662	# (uint32) x4 += j4
663	addl 72(%rsp),%r9d
664	# x5 <<= 32
665	shl $32,%rdi
666	# x5 += j4
667	addq 72(%rsp),%rdi
668	# (uint64) x5 >>= 32
669	shr $32,%rdi
670	# x5 <<= 32
671	shl $32,%rdi
672	# x4 += x5
673	add %rdi,%r9
674	# x10 = x10_stack
675	movq 168(%rsp),%r8
676	# (uint32) x10 += j10
677	addl 96(%rsp),%r8d
678	# x11 <<= 32
679	shl $32,%r12
680	# x11 += j10
681	addq 96(%rsp),%r12
682	# (uint64) x11 >>= 32
683	shr $32,%r12
684	# x11 <<= 32
685	shl $32,%r12
686	# x10 += x11
687	add %r12,%r8
688	# x15 = x15_stack
689	movq 176(%rsp),%rdi
690	# (uint32) x14 += j14
691	addl 112(%rsp),%ebx
692	# x15 <<= 32
693	shl $32,%rdi
694	# x15 += j14
695	addq 112(%rsp),%rdi
696	# (uint64) x15 >>= 32
697	shr $32,%rdi
698	# x15 <<= 32
699	shl $32,%rdi
700	# x14 += x15
701	add %rdi,%rbx
702	# out = out_backup
703	movq 136(%rsp),%rdi
704	# m = m_backup
705	movq 144(%rsp),%rsi
706	# x0 ^= (uint64 ) (m + 0)
707	xorq 0(%rsi),%rdx
708	# (uint64 ) (out + 0) = x0
709	movq %rdx,0(%rdi)
710	# x2 ^= (uint64 ) (m + 8)
711	xorq 8(%rsi),%rcx
712	# (uint64 ) (out + 8) = x2
713	movq %rcx,8(%rdi)
714	# x4 ^= (uint64 ) (m + 16)
715	xorq 16(%rsi),%r9
716	# (uint64 ) (out + 16) = x4
717	movq %r9,16(%rdi)
718	# x6 ^= (uint64 ) (m + 24)
719	xorq 24(%rsi),%rax
720	# (uint64 ) (out + 24) = x6
721	movq %rax,24(%rdi)
722	# x8 ^= (uint64 ) (m + 32)
723	xorq 32(%rsi),%r11
724	# (uint64 ) (out + 32) = x8
725	movq %r11,32(%rdi)
726	# x10 ^= (uint64 ) (m + 40)
727	xorq 40(%rsi),%r8
728	# (uint64 ) (out + 40) = x10
729	movq %r8,40(%rdi)
730	# x12 ^= (uint64 ) (m + 48)
731	xorq 48(%rsi),%r14
732	# (uint64 ) (out + 48) = x12
733	movq %r14,48(%rdi)
734	# x14 ^= (uint64 ) (m + 56)
735	xorq 56(%rsi),%rbx
736	# (uint64 ) (out + 56) = x14
737	movq %rbx,56(%rdi)
738	# bytes = bytes_backup
739	movq 152(%rsp),%rdx
740	# in8 = j8
741	movq 88(%rsp),%rcx
742	# in8 += 1
743	add $1,%rcx
744	# j8 = in8
745	movq %rcx,88(%rsp)
746	# unsigned>? unsigned<? bytes - 64
747	cmp $64,%rdx
748	# comment:fp stack unchanged by jump
749	# goto bytesatleast65 if unsigned>
750	ja ._bytesatleast65
751	# comment:fp stack unchanged by jump
752	# goto bytesatleast64 if !unsigned<
753	jae ._bytesatleast64
754	# m = out
755	mov %rdi,%rsi
756	# out = ctarget
757	movq 128(%rsp),%rdi
758	# i = bytes
759	mov %rdx,%rcx
760	# while (i) { out++ = m++; --i }
761	rep movsb
762	# comment:fp stack unchanged by fallthrough
763	# bytesatleast64:
764	._bytesatleast64:
765	# x = x_backup
766	movq 120(%rsp),%rdi
767	# in8 = j8
768	movq 88(%rsp),%rsi
769	# (uint64 ) (x + 32) = in8
770	movq %rsi,32(%rdi)
771	# r11 = r11_stack
772	movq 0(%rsp),%r11
773	# r12 = r12_stack
774	movq 8(%rsp),%r12
775	# r13 = r13_stack
776	movq 16(%rsp),%r13
777	# r14 = r14_stack
778	movq 24(%rsp),%r14
779	# r15 = r15_stack
780	movq 32(%rsp),%r15
781	# rbx = rbx_stack
782	movq 40(%rsp),%rbx
783	# rbp = rbp_stack
784	movq 48(%rsp),%rbp
785	# comment:fp stack unchanged by fallthrough
786	# done:
787	._done:
788	# leave
789	add %r11,%rsp
790	mov %rdi,%rax
791	mov %rsi,%rdx
792	ret
793	# bytesatleast65:
794	._bytesatleast65:
795	# bytes -= 64
796	sub $64,%rdx
797	# out += 64
798	add $64,%rdi
799	# m += 64
800	add $64,%rsi
801	# comment:fp stack unchanged by jump
802	# goto bytesatleast1
803	jmp ._bytesatleast1
04443808 JK	804	ENDPROC(salsa20_encrypt_bytes)
	805
	806	# enter salsa20_keysetup
	807	ENTRY(salsa20_keysetup)
9a7dafbb TSH	808	mov %rsp,%r11
	809	and $31,%r11
	810	add $256,%r11
	811	sub %r11,%rsp
	812	# k = arg2
	813	mov %rsi,%rsi
	814	# kbits = arg3
	815	mov %rdx,%rdx
	816	# x = arg1
	817	mov %rdi,%rdi
	818	# in0 = (uint64 ) (k + 0)
	819	movq 0(%rsi),%r8
	820	# in2 = (uint64 ) (k + 8)
	821	movq 8(%rsi),%r9
	822	# (uint64 ) (x + 4) = in0
	823	movq %r8,4(%rdi)
	824	# (uint64 ) (x + 12) = in2
	825	movq %r9,12(%rdi)
	826	# unsigned<? kbits - 256
	827	cmp $256,%rdx
	828	# comment:fp stack unchanged by jump
	829	# goto kbits128 if unsigned<
	830	jb ._kbits128
	831	# kbits256:
	832	._kbits256:
	833	# in10 = (uint64 ) (k + 16)
	834	movq 16(%rsi),%rdx
	835	# in12 = (uint64 ) (k + 24)
	836	movq 24(%rsi),%rsi
	837	# (uint64 ) (x + 44) = in10
	838	movq %rdx,44(%rdi)
	839	# (uint64 ) (x + 52) = in12
	840	movq %rsi,52(%rdi)
	841	# in0 = 1634760805
	842	mov $1634760805,%rsi
	843	# in4 = 857760878
	844	mov $857760878,%rdx
	845	# in10 = 2036477234
	846	mov $2036477234,%rcx
	847	# in14 = 1797285236
	848	mov $1797285236,%r8
	849	# (uint32 ) (x + 0) = in0
	850	movl %esi,0(%rdi)
	851	# (uint32 ) (x + 20) = in4
	852	movl %edx,20(%rdi)
	853	# (uint32 ) (x + 40) = in10
	854	movl %ecx,40(%rdi)
	855	# (uint32 ) (x + 60) = in14
	856	movl %r8d,60(%rdi)
	857	# comment:fp stack unchanged by jump
	858	# goto keysetupdone
	859	jmp ._keysetupdone
	860	# kbits128:
	861	._kbits128:
	862	# in10 = (uint64 ) (k + 0)
	863	movq 0(%rsi),%rdx
	864	# in12 = (uint64 ) (k + 8)
	865	movq 8(%rsi),%rsi
	866	# (uint64 ) (x + 44) = in10
	867	movq %rdx,44(%rdi)
	868	# (uint64 ) (x + 52) = in12
	869	movq %rsi,52(%rdi)
	870	# in0 = 1634760805
	871	mov $1634760805,%rsi
872	# in4 = 824206446
873	mov $824206446,%rdx
874	# in10 = 2036477238
875	mov $2036477238,%rcx
876	# in14 = 1797285236
877	mov $1797285236,%r8
878	# (uint32 ) (x + 0) = in0
879	movl %esi,0(%rdi)
880	# (uint32 ) (x + 20) = in4
881	movl %edx,20(%rdi)
882	# (uint32 ) (x + 40) = in10
883	movl %ecx,40(%rdi)
884	# (uint32 ) (x + 60) = in14
885	movl %r8d,60(%rdi)
886	# keysetupdone:
887	._keysetupdone:
888	# leave
889	add %r11,%rsp
890	mov %rdi,%rax
891	mov %rsi,%rdx
892	ret
04443808 JK	893	ENDPROC(salsa20_keysetup)
	894
	895	# enter salsa20_ivsetup
	896	ENTRY(salsa20_ivsetup)
9a7dafbb TSH	897	mov %rsp,%r11
	898	and $31,%r11
	899	add $256,%r11
	900	sub %r11,%rsp
	901	# iv = arg2
	902	mov %rsi,%rsi
	903	# x = arg1
	904	mov %rdi,%rdi
	905	# in6 = (uint64 ) (iv + 0)
	906	movq 0(%rsi),%rsi
	907	# in8 = 0
	908	mov $0,%r8
	909	# (uint64 ) (x + 24) = in6
	910	movq %rsi,24(%rdi)
	911	# (uint64 ) (x + 32) = in8
	912	movq %r8,32(%rdi)
	913	# leave
	914	add %r11,%rsp
	915	mov %rdi,%rax
	916	mov %rsi,%rdx
	917	ret
04443808	918	ENDPROC(salsa20_ivsetup)