CoCalc -- ghashp10-ppc.pl

GitHub Repository: torvalds/linux
Path: blob/master/arch/powerpc/crypto/ghashp10-ppc.pl
²⁶⁴⁵¹ views
1
#!/usr/bin/env perl
2
# SPDX-License-Identifier: GPL-2.0
3

4
# This code is taken from the OpenSSL project but the author (Andy Polyakov)
5
# has relicensed it under the GPLv2. Therefore this program is free software;
6
# you can redistribute it and/or modify it under the terms of the GNU General
7
# Public License version 2 as published by the Free Software Foundation.
8
#
9
# The original headers, including the original license headers, are
10
# included below for completeness.
11

12
# ====================================================================
13
# Written by Andy Polyakov <[email protected]> for the OpenSSL
14
# project. The module is, however, dual licensed under OpenSSL and
15
# CRYPTOGAMS licenses depending on where you obtain it. For further
16
# details see https://www.openssl.org/~appro/cryptogams/.
17
# ====================================================================
18
#
19
# GHASH for PowerISA v2.07.
20
#
21
# July 2014
22
#
23
# Accurate performance measurements are problematic, because it's
24
# always virtualized setup with possibly throttled processor.
25
# Relative comparison is therefore more informative. This initial
26
# version is ~2.1x slower than hardware-assisted AES-128-CTR, ~12x
27
# faster than "4-bit" integer-only compiler-generated 64-bit code.
28
# "Initial version" means that there is room for futher improvement.
29

30
$flavour=shift;
31
$output =shift;
32

33
if ($flavour =~ /64/) {
34
	$SIZE_T=8;
35
	$LRSAVE=2*$SIZE_T;
36
	$STU="stdu";
37
	$POP="ld";
38
	$PUSH="std";
39
} elsif ($flavour =~ /32/) {
40
	$SIZE_T=4;
41
	$LRSAVE=$SIZE_T;
42
	$STU="stwu";
43
	$POP="lwz";
44
	$PUSH="stw";
45
} else { die "nonsense $flavour"; }
46

47
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
48
( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
49
( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
50
die "can't locate ppc-xlate.pl";
51

52
open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
53

54
my ($Xip,$Htbl,$inp,$len)=map("r$_",(3..6));	# argument block
55

56
my ($Xl,$Xm,$Xh,$IN)=map("v$_",(0..3));
57
my ($zero,$t0,$t1,$t2,$xC2,$H,$Hh,$Hl,$lemask)=map("v$_",(4..12));
58
my ($Xl1,$Xm1,$Xh1,$IN1,$H2,$H2h,$H2l)=map("v$_",(13..19));
59
my $vrsave="r12";
60
my ($t4,$t5,$t6) = ($Hl,$H,$Hh);
61

62
$code=<<___;
63
.machine	"any"
64

65
.text
66

67
.globl	.gcm_init_p10
68
	lis		r0,0xfff0
69
	li		r8,0x10
70
	mfspr		$vrsave,256
71
	li		r9,0x20
72
	mtspr		256,r0
73
	li		r10,0x30
74
	lvx_u		$H,0,r4			# load H
75
	le?xor		r7,r7,r7
76
	le?addi		r7,r7,0x8		# need a vperm start with 08
77
	le?lvsr		5,0,r7
78
	le?vspltisb	6,0x0f
79
	le?vxor		5,5,6			# set a b-endian mask
80
	le?vperm	$H,$H,$H,5
81

82
	vspltisb	$xC2,-16		# 0xf0
83
	vspltisb	$t0,1			# one
84
	vaddubm		$xC2,$xC2,$xC2		# 0xe0
85
	vxor		$zero,$zero,$zero
86
	vor		$xC2,$xC2,$t0		# 0xe1
87
	vsldoi		$xC2,$xC2,$zero,15	# 0xe1...
88
	vsldoi		$t1,$zero,$t0,1		# ...1
89
	vaddubm		$xC2,$xC2,$xC2		# 0xc2...
90
	vspltisb	$t2,7
91
	vor		$xC2,$xC2,$t1		# 0xc2....01
92
	vspltb		$t1,$H,0		# most significant byte
93
	vsl		$H,$H,$t0		# H<<=1
94
	vsrab		$t1,$t1,$t2		# broadcast carry bit
95
	vand		$t1,$t1,$xC2
96
	vxor		$H,$H,$t1		# twisted H
97

98
	vsldoi		$H,$H,$H,8		# twist even more ...
99
	vsldoi		$xC2,$zero,$xC2,8	# 0xc2.0
100
	vsldoi		$Hl,$zero,$H,8		# ... and split
101
	vsldoi		$Hh,$H,$zero,8
102

103
	stvx_u		$xC2,0,r3		# save pre-computed table
104
	stvx_u		$Hl,r8,r3
105
	stvx_u		$H, r9,r3
106
	stvx_u		$Hh,r10,r3
107

108
	mtspr		256,$vrsave
109
	blr
110
	.long		0
111
	.byte		0,12,0x14,0,0,0,2,0
112
	.long		0
113
.size	.gcm_init_p10,.-.gcm_init_p10
114

115
.globl	.gcm_init_htable
116
	lis		r0,0xfff0
117
	li		r8,0x10
118
	mfspr		$vrsave,256
119
	li		r9,0x20
120
	mtspr		256,r0
121
	li		r10,0x30
122
	lvx_u		$H,0,r4			# load H
123

124
	vspltisb	$xC2,-16		# 0xf0
125
	vspltisb	$t0,1			# one
126
	vaddubm		$xC2,$xC2,$xC2		# 0xe0
127
	vxor		$zero,$zero,$zero
128
	vor		$xC2,$xC2,$t0		# 0xe1
129
	vsldoi		$xC2,$xC2,$zero,15	# 0xe1...
130
	vsldoi		$t1,$zero,$t0,1		# ...1
131
	vaddubm		$xC2,$xC2,$xC2		# 0xc2...
132
	vspltisb	$t2,7
133
	vor		$xC2,$xC2,$t1		# 0xc2....01
134
	vspltb		$t1,$H,0		# most significant byte
135
	vsl		$H,$H,$t0		# H<<=1
136
	vsrab		$t1,$t1,$t2		# broadcast carry bit
137
	vand		$t1,$t1,$xC2
138
	vxor		$IN,$H,$t1		# twisted H
139

140
	vsldoi		$H,$IN,$IN,8		# twist even more ...
141
	vsldoi		$xC2,$zero,$xC2,8	# 0xc2.0
142
	vsldoi		$Hl,$zero,$H,8		# ... and split
143
	vsldoi		$Hh,$H,$zero,8
144

145
	stvx_u		$xC2,0,r3		# save pre-computed table
146
	stvx_u		$Hl,r8,r3
147
	li		r8,0x40
148
	stvx_u		$H, r9,r3
149
	li		r9,0x50
150
	stvx_u		$Hh,r10,r3
151
	li		r10,0x60
152

153
	vpmsumd		$Xl,$IN,$Hl		# H.lo·H.lo
154
	vpmsumd		$Xm,$IN,$H		# H.hi·H.lo+H.lo·H.hi
155
	vpmsumd		$Xh,$IN,$Hh		# H.hi·H.hi
156

157
	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
158

159
	vsldoi		$t0,$Xm,$zero,8
160
	vsldoi		$t1,$zero,$Xm,8
161
	vxor		$Xl,$Xl,$t0
162
	vxor		$Xh,$Xh,$t1
163

164
	vsldoi		$Xl,$Xl,$Xl,8
165
	vxor		$Xl,$Xl,$t2
166

167
	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
168
	vpmsumd		$Xl,$Xl,$xC2
169
	vxor		$t1,$t1,$Xh
170
	vxor		$IN1,$Xl,$t1
171

172
	vsldoi		$H2,$IN1,$IN1,8
173
	vsldoi		$H2l,$zero,$H2,8
174
	vsldoi		$H2h,$H2,$zero,8
175

176
	stvx_u		$H2l,r8,r3		# save H^2
177
	li		r8,0x70
178
	stvx_u		$H2,r9,r3
179
	li		r9,0x80
180
	stvx_u		$H2h,r10,r3
181
	li		r10,0x90
182

183
	vpmsumd		$Xl,$IN,$H2l		# H.lo·H^2.lo
184
	 vpmsumd	$Xl1,$IN1,$H2l		# H^2.lo·H^2.lo
185
	vpmsumd		$Xm,$IN,$H2		# H.hi·H^2.lo+H.lo·H^2.hi
186
	 vpmsumd	$Xm1,$IN1,$H2		# H^2.hi·H^2.lo+H^2.lo·H^2.hi
187
	vpmsumd		$Xh,$IN,$H2h		# H.hi·H^2.hi
188
	 vpmsumd	$Xh1,$IN1,$H2h		# H^2.hi·H^2.hi
189

190
	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
191
	 vpmsumd	$t6,$Xl1,$xC2		# 1st reduction phase
192

193
	vsldoi		$t0,$Xm,$zero,8
194
	vsldoi		$t1,$zero,$Xm,8
195
	 vsldoi		$t4,$Xm1,$zero,8
196
	 vsldoi		$t5,$zero,$Xm1,8
197
	vxor		$Xl,$Xl,$t0
198
	vxor		$Xh,$Xh,$t1
199
	 vxor		$Xl1,$Xl1,$t4
200
	 vxor		$Xh1,$Xh1,$t5
201

202
	vsldoi		$Xl,$Xl,$Xl,8
203
	 vsldoi		$Xl1,$Xl1,$Xl1,8
204
	vxor		$Xl,$Xl,$t2
205
	 vxor		$Xl1,$Xl1,$t6
206

207
	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
208
	 vsldoi		$t5,$Xl1,$Xl1,8		# 2nd reduction phase
209
	vpmsumd		$Xl,$Xl,$xC2
210
	 vpmsumd	$Xl1,$Xl1,$xC2
211
	vxor		$t1,$t1,$Xh
212
	 vxor		$t5,$t5,$Xh1
213
	vxor		$Xl,$Xl,$t1
214
	 vxor		$Xl1,$Xl1,$t5
215

216
	vsldoi		$H,$Xl,$Xl,8
217
	 vsldoi		$H2,$Xl1,$Xl1,8
218
	vsldoi		$Hl,$zero,$H,8
219
	vsldoi		$Hh,$H,$zero,8
220
	 vsldoi		$H2l,$zero,$H2,8
221
	 vsldoi		$H2h,$H2,$zero,8
222

223
	stvx_u		$Hl,r8,r3		# save H^3
224
	li		r8,0xa0
225
	stvx_u		$H,r9,r3
226
	li		r9,0xb0
227
	stvx_u		$Hh,r10,r3
228
	li		r10,0xc0
229
	 stvx_u		$H2l,r8,r3		# save H^4
230
	 stvx_u		$H2,r9,r3
231
	 stvx_u		$H2h,r10,r3
232

233
	mtspr		256,$vrsave
234
	blr
235
	.long		0
236
	.byte		0,12,0x14,0,0,0,2,0
237
	.long		0
238
.size	.gcm_init_htable,.-.gcm_init_htable
239

240
.globl	.gcm_gmult_p10
241
	lis		r0,0xfff8
242
	li		r8,0x10
243
	mfspr		$vrsave,256
244
	li		r9,0x20
245
	mtspr		256,r0
246
	li		r10,0x30
247
	lvx_u		$IN,0,$Xip		# load Xi
248

249
	lvx_u		$Hl,r8,$Htbl		# load pre-computed table
250
	 le?lvsl	$lemask,r0,r0
251
	lvx_u		$H, r9,$Htbl
252
	 le?vspltisb	$t0,0x07
253
	lvx_u		$Hh,r10,$Htbl
254
	 le?vxor	$lemask,$lemask,$t0
255
	lvx_u		$xC2,0,$Htbl
256
	 le?vperm	$IN,$IN,$IN,$lemask
257
	vxor		$zero,$zero,$zero
258

259
	vpmsumd		$Xl,$IN,$Hl		# H.lo·Xi.lo
260
	vpmsumd		$Xm,$IN,$H		# H.hi·Xi.lo+H.lo·Xi.hi
261
	vpmsumd		$Xh,$IN,$Hh		# H.hi·Xi.hi
262

263
	vpmsumd		$t2,$Xl,$xC2		# 1st phase
264

265
	vsldoi		$t0,$Xm,$zero,8
266
	vsldoi		$t1,$zero,$Xm,8
267
	vxor		$Xl,$Xl,$t0
268
	vxor		$Xh,$Xh,$t1
269

270
	vsldoi		$Xl,$Xl,$Xl,8
271
	vxor		$Xl,$Xl,$t2
272

273
	vsldoi		$t1,$Xl,$Xl,8		# 2nd phase
274
	vpmsumd		$Xl,$Xl,$xC2
275
	vxor		$t1,$t1,$Xh
276
	vxor		$Xl,$Xl,$t1
277

278
	le?vperm	$Xl,$Xl,$Xl,$lemask
279
	stvx_u		$Xl,0,$Xip		# write out Xi
280

281
	mtspr		256,$vrsave
282
	blr
283
	.long		0
284
	.byte		0,12,0x14,0,0,0,2,0
285
	.long		0
286
.size	.gcm_gmult_p10,.-.gcm_gmult_p10
287

288
.globl	.gcm_ghash_p10
289
	lis		r0,0xfff8
290
	li		r8,0x10
291
	mfspr		$vrsave,256
292
	li		r9,0x20
293
	mtspr		256,r0
294
	li		r10,0x30
295
	lvx_u		$Xl,0,$Xip		# load Xi
296

297
	lvx_u		$Hl,r8,$Htbl		# load pre-computed table
298
	 le?lvsl	$lemask,r0,r0
299
	lvx_u		$H, r9,$Htbl
300
	 le?vspltisb	$t0,0x07
301
	lvx_u		$Hh,r10,$Htbl
302
	 le?vxor	$lemask,$lemask,$t0
303
	lvx_u		$xC2,0,$Htbl
304
	 le?vperm	$Xl,$Xl,$Xl,$lemask
305
	vxor		$zero,$zero,$zero
306

307
	lvx_u		$IN,0,$inp
308
	addi		$inp,$inp,16
309
	subi		$len,$len,16
310
	 le?vperm	$IN,$IN,$IN,$lemask
311
	vxor		$IN,$IN,$Xl
312
	b		Loop
313

314
.align	5
315
Loop:
316
	 subic		$len,$len,16
317
	vpmsumd		$Xl,$IN,$Hl		# H.lo·Xi.lo
318
	 subfe.		r0,r0,r0		# borrow?-1:0
319
	vpmsumd		$Xm,$IN,$H		# H.hi·Xi.lo+H.lo·Xi.hi
320
	 and		r0,r0,$len
321
	vpmsumd		$Xh,$IN,$Hh		# H.hi·Xi.hi
322
	 add		$inp,$inp,r0
323

324
	vpmsumd		$t2,$Xl,$xC2		# 1st phase
325

326
	vsldoi		$t0,$Xm,$zero,8
327
	vsldoi		$t1,$zero,$Xm,8
328
	vxor		$Xl,$Xl,$t0
329
	vxor		$Xh,$Xh,$t1
330

331
	vsldoi		$Xl,$Xl,$Xl,8
332
	vxor		$Xl,$Xl,$t2
333
	 lvx_u		$IN,0,$inp
334
	 addi		$inp,$inp,16
335

336
	vsldoi		$t1,$Xl,$Xl,8		# 2nd phase
337
	vpmsumd		$Xl,$Xl,$xC2
338
	 le?vperm	$IN,$IN,$IN,$lemask
339
	vxor		$t1,$t1,$Xh
340
	vxor		$IN,$IN,$t1
341
	vxor		$IN,$IN,$Xl
342
	beq		Loop			# did $len-=16 borrow?
343

344
	vxor		$Xl,$Xl,$t1
345
	le?vperm	$Xl,$Xl,$Xl,$lemask
346
	stvx_u		$Xl,0,$Xip		# write out Xi
347

348
	mtspr		256,$vrsave
349
	blr
350
	.long		0
351
	.byte		0,12,0x14,0,0,0,4,0
352
	.long		0
353
.size	.gcm_ghash_p10,.-.gcm_ghash_p10
354

355
.asciz  "GHASH for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
356
.align  2
357
___
358

359
foreach (split("\n",$code)) {
360
	if ($flavour =~ /le$/o) {	# little-endian
361
	    s/le\?//o		or
362
	    s/be\?/#be#/o;
363
	} else {
364
	    s/le\?/#le#/o	or
365
	    s/be\?//o;
366
	}
367
	print $_,"\n";
368
}
369

370
close STDOUT; # enforce flush
371

372
Product

Resources

Company
