RubyGems - pq_crypto - Versions diffs - 0.3.2 → 0.5.0 - Mend

pq_crypto 0.3.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (328) hide show

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm.S ADDED Viewed

@@ -0,0 +1,987 @@
+/*
+ * Copyright (c) The mlkem-native project authors
+ * Copyright (c) The mldsa-native project authors
+ * Copyright (c) 2021-2022 Arm Limited
+ * Copyright (c) 2022 Matthias Kannwischer
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+// Author: Hanno Becker <hannobecker@posteo.de>
+// Author: Matthias Kannwischer <matthias@kannwischer.eu>
+/*yaml
+  Name: keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm
+  Description: AArch64 hybrid scalar/vector implementation of Keccak-f[1600] permutation for four sequential states with ARMv8.4-A optimizations
+  Signature: void mld_keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm(uint64_t state[100], const uint64_t rc[24])
+  ABI:
+    x0:
+      type: buffer
+      size_bytes: 800
+      permissions: read/write
+      c_parameter: uint64_t state[100]
+      description: Four sequential Keccak states (state0[25], state1[25], state2[25], state3[25])
+    x1:
+      type: buffer
+      size_bytes: 192
+      permissions: read-only
+      c_parameter: const uint64_t rc[24]
+      description: Round constants (24 x uint64_t)
+  Stack:
+    bytes: 224
+    description: register preservation and temporary storage
+*/
+#include "../../../../common.h"
+#if defined(MLD_FIPS202_AARCH64_NEED_X4_V8A_V84A_SCALAR_HYBRID) && \
+    !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)
+#if defined(__ARM_FEATURE_SHA3)
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/fips202/aarch64/src/keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+#if defined(__ELF__)
+.section .note.GNU-stack,"",@progbits
+#endif
+.text
+.balign 4
+.global MLD_ASM_NAMESPACE(keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm)
+MLD_ASM_FN_SYMBOL(keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm)
+        .cfi_startproc
+        sub	sp, sp, #0xe0
+        .cfi_adjust_cfa_offset 0xe0
+        stp	x19, x20, [sp, #0x30]
+        .cfi_rel_offset x19, 0x30
+        .cfi_rel_offset x20, 0x38
+        stp	x21, x22, [sp, #0x40]
+        .cfi_rel_offset x21, 0x40
+        .cfi_rel_offset x22, 0x48
+        stp	x23, x24, [sp, #0x50]
+        .cfi_rel_offset x23, 0x50
+        .cfi_rel_offset x24, 0x58
+        stp	x25, x26, [sp, #0x60]
+        .cfi_rel_offset x25, 0x60
+        .cfi_rel_offset x26, 0x68
+        stp	x27, x28, [sp, #0x70]
+        .cfi_rel_offset x27, 0x70
+        .cfi_rel_offset x28, 0x78
+        stp	x29, x30, [sp, #0x80]
+        .cfi_rel_offset x29, 0x80
+        .cfi_rel_offset x30, 0x88
+        stp	d8, d9, [sp, #0x90]
+        .cfi_rel_offset d8, 0x90
+        .cfi_rel_offset d9, 0x98
+        stp	d10, d11, [sp, #0xa0]
+        .cfi_rel_offset d10, 0xa0
+        .cfi_rel_offset d11, 0xa8
+        stp	d12, d13, [sp, #0xb0]
+        .cfi_rel_offset d12, 0xb0
+        .cfi_rel_offset d13, 0xb8
+        stp	d14, d15, [sp, #0xc0]
+        .cfi_rel_offset d14, 0xc0
+        .cfi_rel_offset d15, 0xc8
+        mov	x29, x1
+        mov	x30, #0x0               // =0
+        str	x30, [sp, #0x20]
+        str	x29, [sp, #0x8]
+        str	x29, [sp, #0x10]
+        str	x0, [sp]
+        add	x4, x0, #0xc8
+        ldp	q25, q26, [x0], #0x20
+        ld1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v0.2d, v25.2d, v27.2d
+        trn2	v1.2d, v25.2d, v27.2d
+        trn1	v2.2d, v26.2d, v28.2d
+        trn2	v3.2d, v26.2d, v28.2d
+        ldp	q25, q26, [x0], #0x20
+        ld1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v4.2d, v25.2d, v27.2d
+        trn2	v5.2d, v25.2d, v27.2d
+        trn1	v6.2d, v26.2d, v28.2d
+        trn2	v7.2d, v26.2d, v28.2d
+        ldp	q25, q26, [x0], #0x20
+        ld1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v8.2d, v25.2d, v27.2d
+        trn2	v9.2d, v25.2d, v27.2d
+        trn1	v10.2d, v26.2d, v28.2d
+        trn2	v11.2d, v26.2d, v28.2d
+        ldp	q25, q26, [x0], #0x20
+        ld1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v12.2d, v25.2d, v27.2d
+        trn2	v13.2d, v25.2d, v27.2d
+        trn1	v14.2d, v26.2d, v28.2d
+        trn2	v15.2d, v26.2d, v28.2d
+        ldp	q25, q26, [x0], #0x20
+        ld1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v16.2d, v25.2d, v27.2d
+        trn2	v17.2d, v25.2d, v27.2d
+        trn1	v18.2d, v26.2d, v28.2d
+        trn2	v19.2d, v26.2d, v28.2d
+        ldp	q25, q26, [x0], #0x20
+        ld1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v20.2d, v25.2d, v27.2d
+        trn2	v21.2d, v25.2d, v27.2d
+        trn1	v22.2d, v26.2d, v28.2d
+        trn2	v23.2d, v26.2d, v28.2d
+        ldr	d25, [x0]
+        ldr	d27, [x4]
+        trn1	v24.2d, v25.2d, v27.2d
+        sub	x0, x0, #0xc0
+        add	x0, x0, #0x190
+        ldp	x1, x6, [x0]
+        ldp	x11, x16, [x0, #0x10]
+        ldp	x21, x2, [x0, #0x20]
+        ldp	x7, x12, [x0, #0x30]
+        ldp	x17, x22, [x0, #0x40]
+        ldp	x3, x8, [x0, #0x50]
+        ldp	x13, x28, [x0, #0x60]
+        ldp	x23, x4, [x0, #0x70]
+        ldp	x9, x14, [x0, #0x80]
+        ldp	x19, x24, [x0, #0x90]
+        ldp	x5, x10, [x0, #0xa0]
+        ldp	x15, x20, [x0, #0xb0]
+        ldr	x25, [x0, #0xc0]
+        sub	x0, x0, #0x190
+Lkeccak_f1600_x4_v8a_v84a_scalar_hybrid_initial:
+        eor	x30, x24, x25
+        eor	x27, x9, x10
+        eor3	v30.16b, v0.16b, v5.16b, v10.16b
+        eor	v30.16b, v30.16b, v15.16b
+        eor	x0, x30, x21
+        eor	x26, x27, x6
+        eor	v30.16b, v30.16b, v20.16b
+        eor	x27, x26, x7
+        eor	x29, x0, x22
+        eor3	v29.16b, v1.16b, v6.16b, v11.16b
+        eor	x26, x29, x23
+        eor	x29, x4, x5
+        eor	v29.16b, v29.16b, v16.16b
+        eor	x30, x29, x1
+        eor	x0, x27, x8
+        eor	v29.16b, v29.16b, v21.16b
+        eor	x29, x30, x2
+        eor	x30, x19, x20
+        eor3	v28.16b, v2.16b, v7.16b, v12.16b
+        eor	x30, x30, x16
+        eor	x27, x26, x0, ror #63
+        eor	v28.16b, v28.16b, v17.16b
+        eor	x4, x4, x27
+        eor	x30, x30, x17
+        eor	v28.16b, v28.16b, v22.16b
+        eor	x30, x30, x28
+        eor	x29, x29, x3
+        eor3	v27.16b, v3.16b, v8.16b, v13.16b
+        eor	x0, x0, x30, ror #63
+        eor	x30, x30, x29, ror #63
+        eor	v27.16b, v27.16b, v18.16b
+        eor	x22, x22, x30
+        eor	v27.16b, v27.16b, v23.16b
+        eor	x23, x23, x30
+        str	x23, [sp, #0xd0]
+        eor3	v26.16b, v4.16b, v9.16b, v14.16b
+        eor	x23, x14, x15
+        eor	x14, x14, x0
+        eor	v26.16b, v26.16b, v19.16b
+        eor	x23, x23, x11
+        eor	x15, x15, x0
+        eor	v26.16b, v26.16b, v24.16b
+        eor	x1, x1, x27
+        eor	x23, x23, x12
+        rax1	v25.2d, v30.2d, v28.2d
+        eor	x23, x23, x13
+        eor	x11, x11, x0
+        add	v31.2d, v26.2d, v26.2d
+        eor	x29, x29, x23, ror #63
+        eor	x23, x23, x26, ror #63
+        sri	v31.2d, v26.2d, #0x3f
+        eor	x26, x13, x0
+        eor	x13, x28, x23
+        eor	v28.16b, v31.16b, v28.16b
+        eor	x28, x24, x30
+        eor	x24, x16, x23
+        rax1	v26.2d, v26.2d, v29.2d
+        eor	x16, x21, x30
+        eor	x21, x25, x30
+        add	v31.2d, v27.2d, v27.2d
+        eor	x30, x19, x23
+        sri	v31.2d, v27.2d, #0x3f
+        eor	x19, x20, x23
+        eor	x20, x17, x23
+        eor	v29.16b, v31.16b, v29.16b
+        eor	x17, x12, x0
+        eor	x0, x2, x27
+        rax1	v27.2d, v27.2d, v30.2d
+        eor	x2, x6, x29
+        eor	x6, x8, x29
+        eor	v30.16b, v0.16b, v26.16b
+        bic	x8, x28, x13, ror #47
+        eor	x12, x3, x27
+        eor	v31.16b, v2.16b, v29.16b
+        bic	x3, x13, x17, ror #19
+        eor	x5, x5, x27
+        shl	v0.2d, v31.2d, #0x3e
+        ldr	x27, [sp, #0xd0]
+        bic	x25, x17, x2, ror #5
+        sri	v0.2d, v31.2d, #0x2
+        eor	x9, x9, x29
+        eor	x23, x25, x5, ror #52
+        xar	v2.2d, v12.2d, v29.2d, #0x15
+        eor	x3, x3, x2, ror #24
+        eor	x8, x8, x17, ror #2
+        eor	v31.16b, v13.16b, v28.16b
+        eor	x17, x10, x29
+        bic	x25, x12, x22, ror #47
+        shl	v12.2d, v31.2d, #0x19
+        eor	x29, x7, x29
+        bic	x10, x4, x27, ror #2
+        sri	v12.2d, v31.2d, #0x27
+        bic	x7, x5, x28, ror #10
+        xar	v13.2d, v19.2d, v27.2d, #0x38
+        eor	x10, x10, x20, ror #50
+        eor	x13, x7, x13, ror #57
+        eor	v31.16b, v23.16b, v28.16b
+        bic	x7, x2, x5, ror #47
+        eor	x2, x25, x24, ror #39
+        shl	v19.2d, v31.2d, #0x38
+        bic	x25, x20, x11, ror #57
+        bic	x5, x17, x4, ror #25
+        sri	v19.2d, v31.2d, #0x8
+        eor	x25, x25, x17, ror #53
+        bic	x17, x11, x17, ror #60
+        xar	v23.2d, v15.2d, v26.2d, #0x17
+        eor	x28, x7, x28, ror #57
+        bic	x7, x9, x12, ror #42
+        eor	v31.16b, v1.16b, v25.16b
+        eor	x7, x7, x22, ror #25
+        bic	x22, x22, x24, ror #56
+        shl	v15.2d, v31.2d, #0x1
+        bic	x24, x24, x15, ror #31
+        eor	x22, x22, x15, ror #23
+        sri	v15.2d, v31.2d, #0x3f
+        bic	x20, x27, x20, ror #48
+        bic	x15, x15, x9, ror #16
+        xar	v1.2d, v8.2d, v28.2d, #0x9
+        eor	x12, x15, x12, ror #58
+        eor	x15, x5, x27, ror #27
+        eor	v31.16b, v16.16b, v25.16b
+        eor	x5, x20, x11, ror #41
+        shl	v8.2d, v31.2d, #0x2d
+        ldr	x11, [sp, #0x8]
+        eor	x20, x17, x4, ror #21
+        sri	v8.2d, v31.2d, #0x13
+        eor	x17, x24, x9, ror #47
+        mov	x24, #0x1               // =1
+        xar	v16.2d, v7.2d, v29.2d, #0x3a
+        bic	x9, x0, x16, ror #9
+        str	x24, [sp, #0x18]
+        eor	v31.16b, v10.16b, v26.16b
+        bic	x24, x29, x1, ror #44
+        bic	x27, x1, x21, ror #50
+        shl	v7.2d, v31.2d, #0x3
+        bic	x4, x26, x29, ror #63
+        eor	x1, x1, x4, ror #21
+        sri	v7.2d, v31.2d, #0x3d
+        ldr	x11, [x11]
+        bic	x4, x21, x30, ror #57
+        xar	v10.2d, v3.2d, v28.2d, #0x24
+        eor	x21, x24, x21, ror #30
+        eor	x24, x9, x19, ror #44
+        eor	v31.16b, v18.16b, v28.16b
+        bic	x9, x14, x6, ror #5
+        eor	x9, x9, x0, ror #43
+        shl	v3.2d, v31.2d, #0x15
+        bic	x0, x6, x0, ror #38
+        eor	x1, x1, x11
+        sri	v3.2d, v31.2d, #0x2b
+        eor	x11, x4, x26, ror #35
+        eor	x4, x0, x16, ror #47
+        xar	v18.2d, v17.2d, v29.2d, #0x31
+        bic	x0, x16, x19, ror #35
+        eor	v31.16b, v11.16b, v25.16b
+        eor	x16, x27, x30, ror #43
+        bic	x27, x30, x26, ror #42
+        shl	v17.2d, v31.2d, #0xa
+        bic	x26, x19, x14, ror #41
+        eor	x19, x0, x14, ror #12
+        sri	v17.2d, v31.2d, #0x36
+        eor	x14, x26, x6, ror #46
+        eor	x6, x27, x29, ror #41
+        xar	v11.2d, v9.2d, v27.2d, #0x2c
+        eor	x0, x15, x11, ror #52
+        eor	x0, x0, x13, ror #48
+        eor	v31.16b, v22.16b, v29.16b
+        eor	x26, x8, x9, ror #57
+        eor	x27, x0, x14, ror #10
+        shl	v9.2d, v31.2d, #0x3d
+        eor	x29, x16, x28, ror #63
+        eor	x26, x26, x6, ror #51
+        sri	v9.2d, v31.2d, #0x3
+        eor	x30, x23, x22, ror #50
+        eor	x0, x26, x10, ror #31
+        xar	v22.2d, v14.2d, v27.2d, #0x19
+        eor	x29, x29, x19, ror #37
+        eor	x27, x27, x12, ror #5
+        eor	v31.16b, v20.16b, v26.16b
+        eor	x30, x30, x24, ror #34
+        eor	x0, x0, x7, ror #27
+        shl	v14.2d, v31.2d, #0x12
+        eor	x26, x30, x21, ror #26
+        sri	v14.2d, v31.2d, #0x2e
+        eor	x26, x26, x25, ror #15
+        ror	x30, x27, #0x3e
+        xar	v20.2d, v4.2d, v27.2d, #0x25
+        eor	x30, x30, x26, ror #57
+        ror	x26, x26, #0x3a
+        eor	v31.16b, v24.16b, v27.16b
+        eor	x16, x30, x16
+        eor	x28, x30, x28, ror #63
+        shl	v4.2d, v31.2d, #0xe
+        str	x28, [sp, #0xd0]
+        eor	x29, x29, x17, ror #36
+        sri	v4.2d, v31.2d, #0x32
+        eor	x28, x1, x2, ror #61
+        eor	x19, x30, x19, ror #37
+        xar	v24.2d, v21.2d, v25.2d, #0x3e
+        eor	x29, x29, x20, ror #2
+        eor	x28, x28, x4, ror #54
+        eor	v31.16b, v5.16b, v26.16b
+        eor	x26, x26, x0, ror #55
+        eor	x28, x28, x3, ror #39
+        shl	v21.2d, v31.2d, #0x24
+        eor	x28, x28, x5, ror #25
+        ror	x0, x0, #0x38
+        sri	v21.2d, v31.2d, #0x1c
+        eor	x0, x0, x29, ror #63
+        eor	x27, x28, x27, ror #61
+        xar	v27.2d, v6.2d, v25.2d, #0x14
+        eor	x13, x0, x13, ror #46
+        eor	x28, x29, x28, ror #63
+        bic	v31.16b, v7.16b, v11.16b
+        eor	x29, x30, x20, ror #2
+        eor	v5.16b, v31.16b, v10.16b
+        eor	x20, x26, x3, ror #39
+        eor	x11, x0, x11, ror #50
+        bcax	v6.16b, v11.16b, v8.16b, v7.16b
+        eor	x25, x28, x25, ror #9
+        eor	x3, x28, x21, ror #20
+        bic	v31.16b, v9.16b, v8.16b
+        eor	x21, x26, x1
+        eor	x9, x27, x9, ror #49
+        eor	v7.16b, v31.16b, v7.16b
+        eor	x24, x28, x24, ror #28
+        eor	x1, x30, x17, ror #36
+        bcax	v8.16b, v8.16b, v10.16b, v9.16b
+        eor	x14, x0, x14, ror #8
+        eor	x22, x28, x22, ror #44
+        bic	v31.16b, v11.16b, v10.16b
+        eor	x8, x27, x8, ror #56
+        eor	x17, x27, x7, ror #19
+        eor	v9.16b, v31.16b, v9.16b
+        eor	x15, x0, x15, ror #62
+        bic	x7, x20, x22, ror #47
+        bcax	v10.16b, v15.16b, v12.16b, v16.16b
+        eor	x4, x26, x4, ror #54
+        eor	x0, x0, x12, ror #3
+        bic	v31.16b, v13.16b, v12.16b
+        eor	x28, x28, x23, ror #58
+        eor	x23, x26, x2, ror #61
+        eor	v11.16b, v31.16b, v16.16b
+        eor	x26, x26, x5, ror #25
+        bcax	v12.16b, v12.16b, v14.16b, v13.16b
+        eor	x2, x7, x16, ror #39
+        bic	x7, x9, x20, ror #42
+        bic	v31.16b, v15.16b, v14.16b
+        bic	x30, x15, x9, ror #16
+        eor	x7, x7, x22, ror #25
+        eor	v13.16b, v31.16b, v13.16b
+        eor	x12, x30, x20, ror #58
+        bic	x20, x22, x16, ror #56
+        bic	v31.16b, v16.16b, v15.16b
+        eor	x30, x27, x6, ror #43
+        eor	x22, x20, x15, ror #23
+        eor	v14.16b, v31.16b, v14.16b
+        bic	x6, x19, x13, ror #42
+        eor	x6, x6, x17, ror #41
+        bcax	v15.16b, v20.16b, v17.16b, v21.16b
+        bic	x5, x13, x17, ror #63
+        eor	x5, x21, x5, ror #21
+        bic	v31.16b, v18.16b, v17.16b
+        bic	x17, x17, x21, ror #44
+        eor	x27, x27, x10, ror #23
+        eor	v16.16b, v31.16b, v21.16b
+        bic	x21, x21, x25, ror #50
+        bic	x20, x27, x4, ror #25
+        bcax	v17.16b, v17.16b, v19.16b, v18.16b
+        bic	x10, x16, x15, ror #31
+        eor	x16, x21, x19, ror #43
+        bic	v31.16b, v20.16b, v19.16b
+        eor	x21, x17, x25, ror #30
+        bic	x19, x25, x19, ror #57
+        eor	v18.16b, v31.16b, v18.16b
+        ldr	x25, [sp, #0x18]
+        bcax	v19.16b, v19.16b, v21.16b, v20.16b
+        eor	x17, x10, x9, ror #47
+        ldr	x9, [sp, #0x8]
+        bic	v31.16b, v22.16b, v1.16b
+        eor	x15, x20, x28, ror #27
+        bic	x20, x4, x28, ror #2
+        eor	v20.16b, v31.16b, v0.16b
+        eor	x10, x20, x1, ror #50
+        bic	x20, x11, x27, ror #60
+        bcax	v21.16b, v1.16b, v23.16b, v22.16b
+        eor	x20, x20, x4, ror #21
+        bic	x4, x28, x1, ror #48
+        bic	v31.16b, v24.16b, v23.16b
+        bic	x1, x1, x11, ror #57
+        ldr	x28, [x9, x25, lsl #3]
+        eor	v22.16b, v31.16b, v22.16b
+        ldr	x9, [sp, #0xd0]
+        add	x25, x25, #0x1
+        bcax	v23.16b, v23.16b, v0.16b, v24.16b
+        str	x25, [sp, #0x18]
+        cmp	x25, #0x17
+        bic	v31.16b, v1.16b, v0.16b
+        eor	x25, x1, x27, ror #53
+        bic	x27, x30, x26, ror #47
+        eor	v24.16b, v31.16b, v24.16b
+        eor	x1, x5, x28
+        eor	x5, x4, x11, ror #41
+        bcax	v0.16b, v30.16b, v2.16b, v27.16b
+        eor	x11, x19, x13, ror #35
+        bic	v31.16b, v3.16b, v2.16b
+        bic	x13, x26, x24, ror #10
+        eor	x28, x27, x24, ror #57
+        eor	v1.16b, v31.16b, v27.16b
+        bic	x27, x24, x9, ror #47
+        bic	x19, x23, x3, ror #9
+        bcax	v2.16b, v2.16b, v4.16b, v3.16b
+        bic	x4, x29, x14, ror #41
+        eor	x24, x19, x29, ror #44
+        bic	v31.16b, v30.16b, v4.16b
+        bic	x29, x3, x29, ror #35
+        eor	x13, x13, x9, ror #57
+        eor	v3.16b, v31.16b, v3.16b
+        eor	x19, x29, x14, ror #12
+        bic	x29, x9, x0, ror #19
+        bcax	v4.16b, v4.16b, v27.16b, v30.16b
+        bic	x14, x14, x8, ror #5
+        eor	x9, x14, x23, ror #43
+        eor	x14, x4, x8, ror #46
+        bic	x23, x8, x23, ror #38
+        eor	x8, x27, x0, ror #2
+        eor	x4, x23, x3, ror #47
+        bic	x3, x0, x30, ror #5
+        eor	x23, x3, x26, ror #52
+        eor	x3, x29, x30, ror #24
+        ldr	x30, [sp, #0x10]
+        ld1r	{ v28.2d }, [x30], #8
+        str	x30, [sp, #0x10]
+        eor	v0.16b, v0.16b, v28.16b
+Lkeccak_f1600_x4_v8a_v84a_scalar_hybrid_loop:
+        eor	x0, x15, x11, ror #52
+        eor	x0, x0, x13, ror #48
+        eor3	v30.16b, v0.16b, v5.16b, v10.16b
+        eor	v30.16b, v30.16b, v15.16b
+        eor	x26, x8, x9, ror #57
+        eor	x27, x0, x14, ror #10
+        eor	v30.16b, v30.16b, v20.16b
+        eor	x29, x16, x28, ror #63
+        eor	x26, x26, x6, ror #51
+        eor3	v29.16b, v1.16b, v6.16b, v11.16b
+        eor	x30, x23, x22, ror #50
+        eor	x0, x26, x10, ror #31
+        eor	v29.16b, v29.16b, v16.16b
+        eor	x29, x29, x19, ror #37
+        eor	x27, x27, x12, ror #5
+        eor	v29.16b, v29.16b, v21.16b
+        eor	x30, x30, x24, ror #34
+        eor	x0, x0, x7, ror #27
+        eor3	v28.16b, v2.16b, v7.16b, v12.16b
+        eor	x26, x30, x21, ror #26
+        eor	x26, x26, x25, ror #15
+        eor	v28.16b, v28.16b, v17.16b
+        ror	x30, x27, #0x3e
+        eor	x30, x30, x26, ror #57
+        eor	v28.16b, v28.16b, v22.16b
+        ror	x26, x26, #0x3a
+        eor	x16, x30, x16
+        eor3	v27.16b, v3.16b, v8.16b, v13.16b
+        eor	x28, x30, x28, ror #63
+        str	x28, [sp, #0xd0]
+        eor	v27.16b, v27.16b, v18.16b
+        eor	x29, x29, x17, ror #36
+        eor	x28, x1, x2, ror #61
+        eor	v27.16b, v27.16b, v23.16b
+        eor	x19, x30, x19, ror #37
+        eor	x29, x29, x20, ror #2
+        eor3	v26.16b, v4.16b, v9.16b, v14.16b
+        eor	x28, x28, x4, ror #54
+        eor	x26, x26, x0, ror #55
+        eor	v26.16b, v26.16b, v19.16b
+        eor	x28, x28, x3, ror #39
+        eor	x28, x28, x5, ror #25
+        eor	v26.16b, v26.16b, v24.16b
+        ror	x0, x0, #0x38
+        eor	x0, x0, x29, ror #63
+        rax1	v25.2d, v30.2d, v28.2d
+        eor	x27, x28, x27, ror #61
+        eor	x13, x0, x13, ror #46
+        add	v31.2d, v26.2d, v26.2d
+        eor	x28, x29, x28, ror #63
+        eor	x29, x30, x20, ror #2
+        sri	v31.2d, v26.2d, #0x3f
+        eor	x20, x26, x3, ror #39
+        eor	x11, x0, x11, ror #50
+        eor	v28.16b, v31.16b, v28.16b
+        eor	x25, x28, x25, ror #9
+        eor	x3, x28, x21, ror #20
+        rax1	v26.2d, v26.2d, v29.2d
+        eor	x21, x26, x1
+        add	v31.2d, v27.2d, v27.2d
+        eor	x9, x27, x9, ror #49
+        eor	x24, x28, x24, ror #28
+        sri	v31.2d, v27.2d, #0x3f
+        eor	x1, x30, x17, ror #36
+        eor	x14, x0, x14, ror #8
+        eor	v29.16b, v31.16b, v29.16b
+        eor	x22, x28, x22, ror #44
+        eor	x8, x27, x8, ror #56
+        rax1	v27.2d, v27.2d, v30.2d
+        eor	x17, x27, x7, ror #19
+        eor	x15, x0, x15, ror #62
+        eor	v30.16b, v0.16b, v26.16b
+        bic	x7, x20, x22, ror #47
+        eor	x4, x26, x4, ror #54
+        eor	v31.16b, v2.16b, v29.16b
+        eor	x0, x0, x12, ror #3
+        eor	x28, x28, x23, ror #58
+        shl	v0.2d, v31.2d, #0x3e
+        eor	x23, x26, x2, ror #61
+        eor	x26, x26, x5, ror #25
+        sri	v0.2d, v31.2d, #0x2
+        eor	x2, x7, x16, ror #39
+        bic	x7, x9, x20, ror #42
+        xar	v2.2d, v12.2d, v29.2d, #0x15
+        bic	x30, x15, x9, ror #16
+        eor	x7, x7, x22, ror #25
+        eor	v31.16b, v13.16b, v28.16b
+        eor	x12, x30, x20, ror #58
+        bic	x20, x22, x16, ror #56
+        shl	v12.2d, v31.2d, #0x19
+        eor	x30, x27, x6, ror #43
+        eor	x22, x20, x15, ror #23
+        sri	v12.2d, v31.2d, #0x27
+        bic	x6, x19, x13, ror #42
+        eor	x6, x6, x17, ror #41
+        xar	v13.2d, v19.2d, v27.2d, #0x38
+        bic	x5, x13, x17, ror #63
+        eor	x5, x21, x5, ror #21
+        eor	v31.16b, v23.16b, v28.16b
+        bic	x17, x17, x21, ror #44
+        eor	x27, x27, x10, ror #23
+        shl	v19.2d, v31.2d, #0x38
+        bic	x21, x21, x25, ror #50
+        bic	x20, x27, x4, ror #25
+        sri	v19.2d, v31.2d, #0x8
+        bic	x10, x16, x15, ror #31
+        eor	x16, x21, x19, ror #43
+        xar	v23.2d, v15.2d, v26.2d, #0x17
+        eor	x21, x17, x25, ror #30
+        bic	x19, x25, x19, ror #57
+        eor	v31.16b, v1.16b, v25.16b
+        ldr	x25, [sp, #0x18]
+        eor	x17, x10, x9, ror #47
+        shl	v15.2d, v31.2d, #0x1
+        ldr	x9, [sp, #0x8]
+        sri	v15.2d, v31.2d, #0x3f
+        eor	x15, x20, x28, ror #27
+        bic	x20, x4, x28, ror #2
+        xar	v1.2d, v8.2d, v28.2d, #0x9
+        eor	x10, x20, x1, ror #50
+        bic	x20, x11, x27, ror #60
+        eor	v31.16b, v16.16b, v25.16b
+        eor	x20, x20, x4, ror #21
+        bic	x4, x28, x1, ror #48
+        shl	v8.2d, v31.2d, #0x2d
+        bic	x1, x1, x11, ror #57
+        ldr	x28, [x9, x25, lsl #3]
+        sri	v8.2d, v31.2d, #0x13
+        ldr	x9, [sp, #0xd0]
+        add	x25, x25, #0x1
+        xar	v16.2d, v7.2d, v29.2d, #0x3a
+        str	x25, [sp, #0x18]
+        cmp	x25, #0x17
+        eor	v31.16b, v10.16b, v26.16b
+        eor	x25, x1, x27, ror #53
+        bic	x27, x30, x26, ror #47
+        shl	v7.2d, v31.2d, #0x3
+        eor	x1, x5, x28
+        eor	x5, x4, x11, ror #41
+        sri	v7.2d, v31.2d, #0x3d
+        eor	x11, x19, x13, ror #35
+        bic	x13, x26, x24, ror #10
+        xar	v10.2d, v3.2d, v28.2d, #0x24
+        eor	x28, x27, x24, ror #57
+        bic	x27, x24, x9, ror #47
+        eor	v31.16b, v18.16b, v28.16b
+        bic	x19, x23, x3, ror #9
+        bic	x4, x29, x14, ror #41
+        shl	v3.2d, v31.2d, #0x15
+        eor	x24, x19, x29, ror #44
+        bic	x29, x3, x29, ror #35
+        sri	v3.2d, v31.2d, #0x2b
+        eor	x13, x13, x9, ror #57
+        eor	x19, x29, x14, ror #12
+        xar	v18.2d, v17.2d, v29.2d, #0x31
+        bic	x29, x9, x0, ror #19
+        bic	x14, x14, x8, ror #5
+        eor	v31.16b, v11.16b, v25.16b
+        eor	x9, x14, x23, ror #43
+        eor	x14, x4, x8, ror #46
+        shl	v17.2d, v31.2d, #0xa
+        bic	x23, x8, x23, ror #38
+        eor	x8, x27, x0, ror #2
+        sri	v17.2d, v31.2d, #0x36
+        eor	x4, x23, x3, ror #47
+        bic	x3, x0, x30, ror #5
+        xar	v11.2d, v9.2d, v27.2d, #0x2c
+        eor	x23, x3, x26, ror #52
+        eor	x3, x29, x30, ror #24
+        eor	v31.16b, v22.16b, v29.16b
+        eor	x0, x15, x11, ror #52
+        shl	v9.2d, v31.2d, #0x3d
+        eor	x0, x0, x13, ror #48
+        eor	x26, x8, x9, ror #57
+        sri	v9.2d, v31.2d, #0x3
+        eor	x27, x0, x14, ror #10
+        eor	x29, x16, x28, ror #63
+        xar	v22.2d, v14.2d, v27.2d, #0x19
+        eor	x26, x26, x6, ror #51
+        eor	x30, x23, x22, ror #50
+        eor	v31.16b, v20.16b, v26.16b
+        eor	x0, x26, x10, ror #31
+        eor	x29, x29, x19, ror #37
+        shl	v14.2d, v31.2d, #0x12
+        eor	x27, x27, x12, ror #5
+        eor	x30, x30, x24, ror #34
+        sri	v14.2d, v31.2d, #0x2e
+        eor	x0, x0, x7, ror #27
+        eor	x26, x30, x21, ror #26
+        xar	v20.2d, v4.2d, v27.2d, #0x25
+        eor	x26, x26, x25, ror #15
+        ror	x30, x27, #0x3e
+        eor	v31.16b, v24.16b, v27.16b
+        eor	x30, x30, x26, ror #57
+        ror	x26, x26, #0x3a
+        shl	v4.2d, v31.2d, #0xe
+        eor	x16, x30, x16
+        eor	x28, x30, x28, ror #63
+        sri	v4.2d, v31.2d, #0x32
+        str	x28, [sp, #0xd0]
+        eor	x29, x29, x17, ror #36
+        xar	v24.2d, v21.2d, v25.2d, #0x3e
+        eor	x28, x1, x2, ror #61
+        eor	x19, x30, x19, ror #37
+        eor	v31.16b, v5.16b, v26.16b
+        eor	x29, x29, x20, ror #2
+        eor	x28, x28, x4, ror #54
+        shl	v21.2d, v31.2d, #0x24
+        eor	x26, x26, x0, ror #55
+        eor	x28, x28, x3, ror #39
+        sri	v21.2d, v31.2d, #0x1c
+        eor	x28, x28, x5, ror #25
+        ror	x0, x0, #0x38
+        xar	v27.2d, v6.2d, v25.2d, #0x14
+        eor	x0, x0, x29, ror #63
+        eor	x27, x28, x27, ror #61
+        bic	v31.16b, v7.16b, v11.16b
+        eor	x13, x0, x13, ror #46
+        eor	x28, x29, x28, ror #63
+        eor	v5.16b, v31.16b, v10.16b
+        eor	x29, x30, x20, ror #2
+        eor	x20, x26, x3, ror #39
+        bcax	v6.16b, v11.16b, v8.16b, v7.16b
+        eor	x11, x0, x11, ror #50
+        eor	x25, x28, x25, ror #9
+        bic	v31.16b, v9.16b, v8.16b
+        eor	x3, x28, x21, ror #20
+        eor	v7.16b, v31.16b, v7.16b
+        eor	x21, x26, x1
+        eor	x9, x27, x9, ror #49
+        bcax	v8.16b, v8.16b, v10.16b, v9.16b
+        eor	x24, x28, x24, ror #28
+        eor	x1, x30, x17, ror #36
+        bic	v31.16b, v11.16b, v10.16b
+        eor	x14, x0, x14, ror #8
+        eor	x22, x28, x22, ror #44
+        eor	v9.16b, v31.16b, v9.16b
+        eor	x8, x27, x8, ror #56
+        eor	x17, x27, x7, ror #19
+        bcax	v10.16b, v15.16b, v12.16b, v16.16b
+        eor	x15, x0, x15, ror #62
+        bic	x7, x20, x22, ror #47
+        bic	v31.16b, v13.16b, v12.16b
+        eor	x4, x26, x4, ror #54
+        eor	x0, x0, x12, ror #3
+        eor	v11.16b, v31.16b, v16.16b
+        eor	x28, x28, x23, ror #58
+        eor	x23, x26, x2, ror #61
+        bcax	v12.16b, v12.16b, v14.16b, v13.16b
+        eor	x26, x26, x5, ror #25
+        eor	x2, x7, x16, ror #39
+        bic	v31.16b, v15.16b, v14.16b
+        bic	x7, x9, x20, ror #42
+        bic	x30, x15, x9, ror #16
+        eor	v13.16b, v31.16b, v13.16b
+        eor	x7, x7, x22, ror #25
+        eor	x12, x30, x20, ror #58
+        bic	v31.16b, v16.16b, v15.16b
+        bic	x20, x22, x16, ror #56
+        eor	x30, x27, x6, ror #43
+        eor	v14.16b, v31.16b, v14.16b
+        eor	x22, x20, x15, ror #23
+        bic	x6, x19, x13, ror #42
+        bcax	v15.16b, v20.16b, v17.16b, v21.16b
+        eor	x6, x6, x17, ror #41
+        bic	x5, x13, x17, ror #63
+        bic	v31.16b, v18.16b, v17.16b
+        eor	x5, x21, x5, ror #21
+        bic	x17, x17, x21, ror #44
+        eor	v16.16b, v31.16b, v21.16b
+        eor	x27, x27, x10, ror #23
+        bic	x21, x21, x25, ror #50
+        bcax	v17.16b, v17.16b, v19.16b, v18.16b
+        bic	x20, x27, x4, ror #25
+        bic	x10, x16, x15, ror #31
+        bic	v31.16b, v20.16b, v19.16b
+        eor	x16, x21, x19, ror #43
+        eor	x21, x17, x25, ror #30
+        eor	v18.16b, v31.16b, v18.16b
+        bic	x19, x25, x19, ror #57
+        ldr	x25, [sp, #0x18]
+        bcax	v19.16b, v19.16b, v21.16b, v20.16b
+        eor	x17, x10, x9, ror #47
+        bic	v31.16b, v22.16b, v1.16b
+        ldr	x9, [sp, #0x8]
+        eor	x15, x20, x28, ror #27
+        eor	v20.16b, v31.16b, v0.16b
+        bic	x20, x4, x28, ror #2
+        eor	x10, x20, x1, ror #50
+        bcax	v21.16b, v1.16b, v23.16b, v22.16b
+        bic	x20, x11, x27, ror #60
+        eor	x20, x20, x4, ror #21
+        bic	v31.16b, v24.16b, v23.16b
+        bic	x4, x28, x1, ror #48
+        bic	x1, x1, x11, ror #57
+        eor	v22.16b, v31.16b, v22.16b
+        ldr	x28, [x9, x25, lsl #3]
+        ldr	x9, [sp, #0xd0]
+        bcax	v23.16b, v23.16b, v0.16b, v24.16b
+        add	x25, x25, #0x1
+        str	x25, [sp, #0x18]
+        bic	v31.16b, v1.16b, v0.16b
+        cmp	x25, #0x17
+        eor	x25, x1, x27, ror #53
+        eor	v24.16b, v31.16b, v24.16b
+        bic	x27, x30, x26, ror #47
+        eor	x1, x5, x28
+        bcax	v0.16b, v30.16b, v2.16b, v27.16b
+        eor	x5, x4, x11, ror #41
+        eor	x11, x19, x13, ror #35
+        bic	v31.16b, v3.16b, v2.16b
+        bic	x13, x26, x24, ror #10
+        eor	x28, x27, x24, ror #57
+        eor	v1.16b, v31.16b, v27.16b
+        bic	x27, x24, x9, ror #47
+        bic	x19, x23, x3, ror #9
+        bcax	v2.16b, v2.16b, v4.16b, v3.16b
+        bic	x4, x29, x14, ror #41
+        eor	x24, x19, x29, ror #44
+        bic	v31.16b, v30.16b, v4.16b
+        bic	x29, x3, x29, ror #35
+        eor	x13, x13, x9, ror #57
+        eor	v3.16b, v31.16b, v3.16b
+        eor	x19, x29, x14, ror #12
+        bic	x29, x9, x0, ror #19
+        bcax	v4.16b, v4.16b, v27.16b, v30.16b
+        bic	x14, x14, x8, ror #5
+        eor	x9, x14, x23, ror #43
+        eor	x14, x4, x8, ror #46
+        bic	x23, x8, x23, ror #38
+        eor	x8, x27, x0, ror #2
+        eor	x4, x23, x3, ror #47
+        bic	x3, x0, x30, ror #5
+        eor	x23, x3, x26, ror #52
+        eor	x3, x29, x30, ror #24
+        ldr	x30, [sp, #0x10]
+        ld1r	{ v28.2d }, [x30], #8
+        str	x30, [sp, #0x10]
+        eor	v0.16b, v0.16b, v28.16b
+Lkeccak_f1600_x4_v8a_v84a_scalar_hybrid_loop_end:
+        b.le	Lkeccak_f1600_x4_v8a_v84a_scalar_hybrid_loop
+        ror	x2, x2, #0x3d
+        ror	x3, x3, #0x27
+        ror	x4, x4, #0x36
+        ror	x5, x5, #0x19
+        ror	x6, x6, #0x2b
+        ror	x7, x7, #0x13
+        ror	x8, x8, #0x38
+        ror	x9, x9, #0x31
+        ror	x10, x10, #0x17
+        ror	x11, x11, #0x32
+        ror	x12, x12, #0x3
+        ror	x13, x13, #0x2e
+        ror	x14, x14, #0x8
+        ror	x15, x15, #0x3e
+        ror	x17, x17, #0x24
+        ror	x28, x28, #0x3f
+        ror	x19, x19, #0x25
+        ror	x20, x20, #0x2
+        ror	x21, x21, #0x14
+        ror	x22, x22, #0x2c
+        ror	x23, x23, #0x3a
+        ror	x24, x24, #0x1c
+        ror	x25, x25, #0x9
+        ldr	x30, [sp, #0x20]
+        cmp	x30, #0x1
+        b.eq	Lkeccak_f1600_x4_v8a_v84a_scalar_hybrid_done
+        mov	x30, #0x1               // =1
+        str	x30, [sp, #0x20]
+        ldr	x0, [sp]
+        add	x0, x0, #0x190
+        stp	x1, x6, [x0]
+        stp	x11, x16, [x0, #0x10]
+        stp	x21, x2, [x0, #0x20]
+        stp	x7, x12, [x0, #0x30]
+        stp	x17, x22, [x0, #0x40]
+        stp	x3, x8, [x0, #0x50]
+        stp	x13, x28, [x0, #0x60]
+        stp	x23, x4, [x0, #0x70]
+        stp	x9, x14, [x0, #0x80]
+        stp	x19, x24, [x0, #0x90]
+        stp	x5, x10, [x0, #0xa0]
+        stp	x15, x20, [x0, #0xb0]
+        str	x25, [x0, #0xc0]
+        sub	x0, x0, #0x190
+        add	x0, x0, #0x258
+        ldp	x1, x6, [x0]
+        ldp	x11, x16, [x0, #0x10]
+        ldp	x21, x2, [x0, #0x20]
+        ldp	x7, x12, [x0, #0x30]
+        ldp	x17, x22, [x0, #0x40]
+        ldp	x3, x8, [x0, #0x50]
+        ldp	x13, x28, [x0, #0x60]
+        ldp	x23, x4, [x0, #0x70]
+        ldp	x9, x14, [x0, #0x80]
+        ldp	x19, x24, [x0, #0x90]
+        ldp	x5, x10, [x0, #0xa0]
+        ldp	x15, x20, [x0, #0xb0]
+        ldr	x25, [x0, #0xc0]
+        sub	x0, x0, #0x258
+        b	Lkeccak_f1600_x4_v8a_v84a_scalar_hybrid_initial
+Lkeccak_f1600_x4_v8a_v84a_scalar_hybrid_done:
+        ldr	x0, [sp]
+        add	x0, x0, #0x258
+        stp	x1, x6, [x0]
+        stp	x11, x16, [x0, #0x10]
+        stp	x21, x2, [x0, #0x20]
+        stp	x7, x12, [x0, #0x30]
+        stp	x17, x22, [x0, #0x40]
+        stp	x3, x8, [x0, #0x50]
+        stp	x13, x28, [x0, #0x60]
+        stp	x23, x4, [x0, #0x70]
+        stp	x9, x14, [x0, #0x80]
+        stp	x19, x24, [x0, #0x90]
+        stp	x5, x10, [x0, #0xa0]
+        stp	x15, x20, [x0, #0xb0]
+        str	x25, [x0, #0xc0]
+        sub	x0, x0, #0x258
+        add	x4, x0, #0xc8
+        trn1	v25.2d, v0.2d, v1.2d
+        trn1	v26.2d, v2.2d, v3.2d
+        stp	q25, q26, [x0], #0x20
+        trn2	v27.2d, v0.2d, v1.2d
+        trn2	v28.2d, v2.2d, v3.2d
+        st1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v25.2d, v4.2d, v5.2d
+        trn1	v26.2d, v6.2d, v7.2d
+        stp	q25, q26, [x0], #0x20
+        trn2	v27.2d, v4.2d, v5.2d
+        trn2	v28.2d, v6.2d, v7.2d
+        st1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v25.2d, v8.2d, v9.2d
+        trn1	v26.2d, v10.2d, v11.2d
+        stp	q25, q26, [x0], #0x20
+        trn2	v27.2d, v8.2d, v9.2d
+        trn2	v28.2d, v10.2d, v11.2d
+        st1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v25.2d, v12.2d, v13.2d
+        trn1	v26.2d, v14.2d, v15.2d
+        stp	q25, q26, [x0], #0x20
+        trn2	v27.2d, v12.2d, v13.2d
+        trn2	v28.2d, v14.2d, v15.2d
+        st1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v25.2d, v16.2d, v17.2d
+        trn1	v26.2d, v18.2d, v19.2d
+        stp	q25, q26, [x0], #0x20
+        trn2	v27.2d, v16.2d, v17.2d
+        trn2	v28.2d, v18.2d, v19.2d
+        st1	{ v27.2d, v28.2d }, [x4], #32
+        trn1	v25.2d, v20.2d, v21.2d
+        trn1	v26.2d, v22.2d, v23.2d
+        stp	q25, q26, [x0], #0x20
+        trn2	v27.2d, v20.2d, v21.2d
+        trn2	v28.2d, v22.2d, v23.2d
+        st1	{ v27.2d, v28.2d }, [x4], #32
+        str	d24, [x0]
+        trn2	v25.2d, v24.2d, v24.2d
+        str	d25, [x4]
+        ldp	d8, d9, [sp, #0x90]
+        .cfi_restore d8
+        .cfi_restore d9
+        ldp	d10, d11, [sp, #0xa0]
+        .cfi_restore d10
+        .cfi_restore d11
+        ldp	d12, d13, [sp, #0xb0]
+        .cfi_restore d12
+        .cfi_restore d13
+        ldp	d14, d15, [sp, #0xc0]
+        .cfi_restore d14
+        .cfi_restore d15
+        ldp	x19, x20, [sp, #0x30]
+        .cfi_restore x19
+        .cfi_restore x20
+        ldp	x21, x22, [sp, #0x40]
+        .cfi_restore x21
+        .cfi_restore x22
+        ldp	x23, x24, [sp, #0x50]
+        .cfi_restore x23
+        .cfi_restore x24
+        ldp	x25, x26, [sp, #0x60]
+        .cfi_restore x25
+        .cfi_restore x26
+        ldp	x27, x28, [sp, #0x70]
+        .cfi_restore x27
+        .cfi_restore x28
+        ldp	x29, x30, [sp, #0x80]
+        .cfi_restore x29
+        .cfi_restore x30
+        add	sp, sp, #0xe0
+        .cfi_adjust_cfa_offset -0xe0
+        ret
+        .cfi_endproc
+MLD_ASM_FN_SIZE(keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm)
+#endif /* __ARM_FEATURE_SHA3 */
+#endif /* MLD_FIPS202_AARCH64_NEED_X4_V8A_V84A_SCALAR_HYBRID && \
+          !MLD_CONFIG_MULTILEVEL_NO_SHARED */