| OLD | NEW |
|---|
| 1 #if defined(__aarch64__) | 1 #if defined(__aarch64__) |
| 2 #include "arm_arch.h" | 2 #include <openssl/arm_arch.h> |
| 3 | 3 |
| 4 .text | 4 .text |
| 5 #if !defined(__clang__) | 5 #if !defined(__clang__) |
| 6 .arch armv8-a+crypto | 6 .arch armv8-a+crypto |
| 7 #endif | 7 #endif |
| 8 .globl gcm_init_v8 | 8 .globl gcm_init_v8 |
| 9 .hidden gcm_init_v8 |
| 9 .type gcm_init_v8,%function | 10 .type gcm_init_v8,%function |
| 10 .align 4 | 11 .align 4 |
| 11 gcm_init_v8: | 12 gcm_init_v8: |
| 12 ld1 {v17.2d},[x1] //load input H | 13 ld1 {v17.2d},[x1] //load input H |
| 13 movi v19.16b,#0xe1 | 14 movi v19.16b,#0xe1 |
| 14 shl v19.2d,v19.2d,#57 //0xc2.0 | 15 shl v19.2d,v19.2d,#57 //0xc2.0 |
| 15 ext v3.16b,v17.16b,v17.16b,#8 | 16 ext v3.16b,v17.16b,v17.16b,#8 |
| 16 ushr v18.2d,v19.2d,#63 | 17 ushr v18.2d,v19.2d,#63 |
| 17 dup v17.4s,v17.s[1] | 18 dup v17.4s,v17.s[1] |
| 18 ext v16.16b,v18.16b,v19.16b,#8 //t0=0xc2....01 | 19 ext v16.16b,v18.16b,v19.16b,#8 //t0=0xc2....01 |
| (...skipping 30 matching lines...) Expand all Loading... |
| 49 eor v22.16b,v0.16b,v18.16b | 50 eor v22.16b,v0.16b,v18.16b |
| 50 | 51 |
| 51 ext v17.16b,v22.16b,v22.16b,#8 //Karatsuba pre-processi
ng | 52 ext v17.16b,v22.16b,v22.16b,#8 //Karatsuba pre-processi
ng |
| 52 eor v17.16b,v17.16b,v22.16b | 53 eor v17.16b,v17.16b,v22.16b |
| 53 ext v21.16b,v16.16b,v17.16b,#8 //pack Karatsuba pre-pro
cessed | 54 ext v21.16b,v16.16b,v17.16b,#8 //pack Karatsuba pre-pro
cessed |
| 54 st1 {v21.2d,v22.2d},[x0] //store Htable[1..2] | 55 st1 {v21.2d,v22.2d},[x0] //store Htable[1..2] |
| 55 | 56 |
| 56 ret | 57 ret |
| 57 .size gcm_init_v8,.-gcm_init_v8 | 58 .size gcm_init_v8,.-gcm_init_v8 |
| 58 .globl gcm_gmult_v8 | 59 .globl gcm_gmult_v8 |
| 60 .hidden gcm_gmult_v8 |
| 59 .type gcm_gmult_v8,%function | 61 .type gcm_gmult_v8,%function |
| 60 .align 4 | 62 .align 4 |
| 61 gcm_gmult_v8: | 63 gcm_gmult_v8: |
| 62 ld1 {v17.2d},[x0] //load Xi | 64 ld1 {v17.2d},[x0] //load Xi |
| 63 movi v19.16b,#0xe1 | 65 movi v19.16b,#0xe1 |
| 64 ld1 {v20.2d,v21.2d},[x1] //load twisted H, ... | 66 ld1 {v20.2d,v21.2d},[x1] //load twisted H, ... |
| 65 shl v19.2d,v19.2d,#57 | 67 shl v19.2d,v19.2d,#57 |
| 66 #ifndef __ARMEB__ | 68 #ifndef __ARMEB__ |
| 67 rev64 v17.16b,v17.16b | 69 rev64 v17.16b,v17.16b |
| 68 #endif | 70 #endif |
| 69 ext v3.16b,v17.16b,v17.16b,#8 | 71 ext v3.16b,v17.16b,v17.16b,#8 |
| 70 | 72 |
| 71 » pmull» v0.1q,v20.1d,v3.1d» » //H.lo·Xi.lo | 73 » pmull» v0.1q,v20.1d,v3.1d» » //H.lo·Xi.lo |
| 72 eor v17.16b,v17.16b,v3.16b //Karatsuba pre-processing | 74 eor v17.16b,v17.16b,v3.16b //Karatsuba pre-processing |
| 73 » pmull2» v2.1q,v20.2d,v3.2d» » //H.hi·Xi.hi | 75 » pmull2» v2.1q,v20.2d,v3.2d» » //H.hi·Xi.hi |
| 74 » pmull» v1.1q,v21.1d,v17.1d» » //(H.lo+H.hi)·(Xi.lo+Xi.hi) | 76 » pmull» v1.1q,v21.1d,v17.1d» » //(H.lo+H.hi)·(Xi.lo+Xi.hi) |
| 75 | 77 |
| 76 ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-process
ing | 78 ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-process
ing |
| 77 eor v18.16b,v0.16b,v2.16b | 79 eor v18.16b,v0.16b,v2.16b |
| 78 eor v1.16b,v1.16b,v17.16b | 80 eor v1.16b,v1.16b,v17.16b |
| 79 eor v1.16b,v1.16b,v18.16b | 81 eor v1.16b,v1.16b,v18.16b |
| 80 pmull v18.1q,v0.1d,v19.1d //1st phase of reduction | 82 pmull v18.1q,v0.1d,v19.1d //1st phase of reduction |
| 81 | 83 |
| 82 ins v2.d[0],v1.d[1] | 84 ins v2.d[0],v1.d[1] |
| 83 ins v1.d[1],v0.d[0] | 85 ins v1.d[1],v0.d[0] |
| 84 eor v0.16b,v1.16b,v18.16b | 86 eor v0.16b,v1.16b,v18.16b |
| 85 | 87 |
| 86 ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction | 88 ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction |
| 87 pmull v0.1q,v0.1d,v19.1d | 89 pmull v0.1q,v0.1d,v19.1d |
| 88 eor v18.16b,v18.16b,v2.16b | 90 eor v18.16b,v18.16b,v2.16b |
| 89 eor v0.16b,v0.16b,v18.16b | 91 eor v0.16b,v0.16b,v18.16b |
| 90 | 92 |
| 91 #ifndef __ARMEB__ | 93 #ifndef __ARMEB__ |
| 92 rev64 v0.16b,v0.16b | 94 rev64 v0.16b,v0.16b |
| 93 #endif | 95 #endif |
| 94 ext v0.16b,v0.16b,v0.16b,#8 | 96 ext v0.16b,v0.16b,v0.16b,#8 |
| 95 st1 {v0.2d},[x0] //write out Xi | 97 st1 {v0.2d},[x0] //write out Xi |
| 96 | 98 |
| 97 ret | 99 ret |
| 98 .size gcm_gmult_v8,.-gcm_gmult_v8 | 100 .size gcm_gmult_v8,.-gcm_gmult_v8 |
| 99 .globl gcm_ghash_v8 | 101 .globl gcm_ghash_v8 |
| 102 .hidden gcm_ghash_v8 |
| 100 .type gcm_ghash_v8,%function | 103 .type gcm_ghash_v8,%function |
| 101 .align 4 | 104 .align 4 |
| 102 gcm_ghash_v8: | 105 gcm_ghash_v8: |
| 103 ld1 {v0.2d},[x0] //load [rotated] Xi | 106 ld1 {v0.2d},[x0] //load [rotated] Xi |
| 104 //"[rotated]" means that | 107 //"[rotated]" means that |
| 105 //loaded value would have | 108 //loaded value would have |
| 106 //to be rotated in order to | 109 //to be rotated in order to |
| 107 //make it appear as in | 110 //make it appear as in |
| 108 //alorithm specification | 111 //alorithm specification |
| 109 subs x3,x3,#32 //see if x3 is 32 or larger | 112 subs x3,x3,#32 //see if x3 is 32 or larger |
| (...skipping 18 matching lines...) Expand all Loading... |
| 128 rev64 v0.16b,v0.16b | 131 rev64 v0.16b,v0.16b |
| 129 #endif | 132 #endif |
| 130 ext v3.16b,v16.16b,v16.16b,#8 //rotate I[0] | 133 ext v3.16b,v16.16b,v16.16b,#8 //rotate I[0] |
| 131 b.lo .Lodd_tail_v8 //x3 was less than 32 | 134 b.lo .Lodd_tail_v8 //x3 was less than 32 |
| 132 ld1 {v17.2d},[x2],x12 //load [rotated] I[1] | 135 ld1 {v17.2d},[x2],x12 //load [rotated] I[1] |
| 133 #ifndef __ARMEB__ | 136 #ifndef __ARMEB__ |
| 134 rev64 v17.16b,v17.16b | 137 rev64 v17.16b,v17.16b |
| 135 #endif | 138 #endif |
| 136 ext v7.16b,v17.16b,v17.16b,#8 | 139 ext v7.16b,v17.16b,v17.16b,#8 |
| 137 eor v3.16b,v3.16b,v0.16b //I[i]^=Xi | 140 eor v3.16b,v3.16b,v0.16b //I[i]^=Xi |
| 138 » pmull» v4.1q,v20.1d,v7.1d» » //H·Ii+1 | 141 » pmull» v4.1q,v20.1d,v7.1d» » //H·Ii+1 |
| 139 eor v17.16b,v17.16b,v7.16b //Karatsuba pre-processing | 142 eor v17.16b,v17.16b,v7.16b //Karatsuba pre-processing |
| 140 pmull2 v6.1q,v20.2d,v7.2d | 143 pmull2 v6.1q,v20.2d,v7.2d |
| 141 b .Loop_mod2x_v8 | 144 b .Loop_mod2x_v8 |
| 142 | 145 |
| 143 .align 4 | 146 .align 4 |
| 144 .Loop_mod2x_v8: | 147 .Loop_mod2x_v8: |
| 145 ext v18.16b,v3.16b,v3.16b,#8 | 148 ext v18.16b,v3.16b,v3.16b,#8 |
| 146 subs x3,x3,#32 //is there more data? | 149 subs x3,x3,#32 //is there more data? |
| 147 » pmull» v0.1q,v22.1d,v3.1d» » //H^2.lo·Xi.lo | 150 » pmull» v0.1q,v22.1d,v3.1d» » //H^2.lo·Xi.lo |
| 148 csel x12,xzr,x12,lo //is it time to zero x12? | 151 csel x12,xzr,x12,lo //is it time to zero x12? |
| 149 | 152 |
| 150 pmull v5.1q,v21.1d,v17.1d | 153 pmull v5.1q,v21.1d,v17.1d |
| 151 eor v18.16b,v18.16b,v3.16b //Karatsuba pre-processing | 154 eor v18.16b,v18.16b,v3.16b //Karatsuba pre-processing |
| 152 » pmull2» v2.1q,v22.2d,v3.2d» » //H^2.hi·Xi.hi | 155 » pmull2» v2.1q,v22.2d,v3.2d» » //H^2.hi·Xi.hi |
| 153 eor v0.16b,v0.16b,v4.16b //accumulate | 156 eor v0.16b,v0.16b,v4.16b //accumulate |
| 154 » pmull2» v1.1q,v21.2d,v18.2d» » //(H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) | 157 » pmull2» v1.1q,v21.2d,v18.2d» » //(H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) |
| 155 ld1 {v16.2d},[x2],x12 //load [rotated] I[i+2] | 158 ld1 {v16.2d},[x2],x12 //load [rotated] I[i+2] |
| 156 | 159 |
| 157 eor v2.16b,v2.16b,v6.16b | 160 eor v2.16b,v2.16b,v6.16b |
| 158 csel x12,xzr,x12,eq //is it time to zero x12? | 161 csel x12,xzr,x12,eq //is it time to zero x12? |
| 159 eor v1.16b,v1.16b,v5.16b | 162 eor v1.16b,v1.16b,v5.16b |
| 160 | 163 |
| 161 ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-process
ing | 164 ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-process
ing |
| 162 eor v18.16b,v0.16b,v2.16b | 165 eor v18.16b,v0.16b,v2.16b |
| 163 eor v1.16b,v1.16b,v17.16b | 166 eor v1.16b,v1.16b,v17.16b |
| 164 ld1 {v17.2d},[x2],x12 //load [rotated] I[i+3] | 167 ld1 {v17.2d},[x2],x12 //load [rotated] I[i+3] |
| 165 #ifndef __ARMEB__ | 168 #ifndef __ARMEB__ |
| 166 rev64 v16.16b,v16.16b | 169 rev64 v16.16b,v16.16b |
| 167 #endif | 170 #endif |
| 168 eor v1.16b,v1.16b,v18.16b | 171 eor v1.16b,v1.16b,v18.16b |
| 169 pmull v18.1q,v0.1d,v19.1d //1st phase of reduction | 172 pmull v18.1q,v0.1d,v19.1d //1st phase of reduction |
| 170 | 173 |
| 171 #ifndef __ARMEB__ | 174 #ifndef __ARMEB__ |
| 172 rev64 v17.16b,v17.16b | 175 rev64 v17.16b,v17.16b |
| 173 #endif | 176 #endif |
| 174 ins v2.d[0],v1.d[1] | 177 ins v2.d[0],v1.d[1] |
| 175 ins v1.d[1],v0.d[0] | 178 ins v1.d[1],v0.d[0] |
| 176 ext v7.16b,v17.16b,v17.16b,#8 | 179 ext v7.16b,v17.16b,v17.16b,#8 |
| 177 ext v3.16b,v16.16b,v16.16b,#8 | 180 ext v3.16b,v16.16b,v16.16b,#8 |
| 178 eor v0.16b,v1.16b,v18.16b | 181 eor v0.16b,v1.16b,v18.16b |
| 179 » pmull» v4.1q,v20.1d,v7.1d» » //H·Ii+1 | 182 » pmull» v4.1q,v20.1d,v7.1d» » //H·Ii+1 |
| 180 eor v3.16b,v3.16b,v2.16b //accumulate v3.16b early | 183 eor v3.16b,v3.16b,v2.16b //accumulate v3.16b early |
| 181 | 184 |
| 182 ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction | 185 ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction |
| 183 pmull v0.1q,v0.1d,v19.1d | 186 pmull v0.1q,v0.1d,v19.1d |
| 184 eor v3.16b,v3.16b,v18.16b | 187 eor v3.16b,v3.16b,v18.16b |
| 185 eor v17.16b,v17.16b,v7.16b //Karatsuba pre-processing | 188 eor v17.16b,v17.16b,v7.16b //Karatsuba pre-processing |
| 186 eor v3.16b,v3.16b,v0.16b | 189 eor v3.16b,v3.16b,v0.16b |
| 187 pmull2 v6.1q,v20.2d,v7.2d | 190 pmull2 v6.1q,v20.2d,v7.2d |
| 188 b.hs .Loop_mod2x_v8 //there was at least 32 more bytes | 191 b.hs .Loop_mod2x_v8 //there was at least 32 more bytes |
| 189 | 192 |
| 190 eor v2.16b,v2.16b,v18.16b | 193 eor v2.16b,v2.16b,v18.16b |
| 191 ext v3.16b,v16.16b,v16.16b,#8 //re-construct v3.16b | 194 ext v3.16b,v16.16b,v16.16b,#8 //re-construct v3.16b |
| 192 adds x3,x3,#32 //re-construct x3 | 195 adds x3,x3,#32 //re-construct x3 |
| 193 eor v0.16b,v0.16b,v2.16b //re-construct v0.16b | 196 eor v0.16b,v0.16b,v2.16b //re-construct v0.16b |
| 194 b.eq .Ldone_v8 //is x3 zero? | 197 b.eq .Ldone_v8 //is x3 zero? |
| 195 .Lodd_tail_v8: | 198 .Lodd_tail_v8: |
| 196 ext v18.16b,v0.16b,v0.16b,#8 | 199 ext v18.16b,v0.16b,v0.16b,#8 |
| 197 eor v3.16b,v3.16b,v0.16b //inp^=Xi | 200 eor v3.16b,v3.16b,v0.16b //inp^=Xi |
| 198 eor v17.16b,v16.16b,v18.16b //v17.16b is rotated inp^Xi | 201 eor v17.16b,v16.16b,v18.16b //v17.16b is rotated inp^Xi |
| 199 | 202 |
| 200 » pmull» v0.1q,v20.1d,v3.1d» » //H.lo·Xi.lo | 203 » pmull» v0.1q,v20.1d,v3.1d» » //H.lo·Xi.lo |
| 201 eor v17.16b,v17.16b,v3.16b //Karatsuba pre-processing | 204 eor v17.16b,v17.16b,v3.16b //Karatsuba pre-processing |
| 202 » pmull2» v2.1q,v20.2d,v3.2d» » //H.hi·Xi.hi | 205 » pmull2» v2.1q,v20.2d,v3.2d» » //H.hi·Xi.hi |
| 203 » pmull» v1.1q,v21.1d,v17.1d» » //(H.lo+H.hi)·(Xi.lo+Xi.hi) | 206 » pmull» v1.1q,v21.1d,v17.1d» » //(H.lo+H.hi)·(Xi.lo+Xi.hi) |
| 204 | 207 |
| 205 ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-process
ing | 208 ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-process
ing |
| 206 eor v18.16b,v0.16b,v2.16b | 209 eor v18.16b,v0.16b,v2.16b |
| 207 eor v1.16b,v1.16b,v17.16b | 210 eor v1.16b,v1.16b,v17.16b |
| 208 eor v1.16b,v1.16b,v18.16b | 211 eor v1.16b,v1.16b,v18.16b |
| 209 pmull v18.1q,v0.1d,v19.1d //1st phase of reduction | 212 pmull v18.1q,v0.1d,v19.1d //1st phase of reduction |
| 210 | 213 |
| 211 ins v2.d[0],v1.d[1] | 214 ins v2.d[0],v1.d[1] |
| 212 ins v1.d[1],v0.d[0] | 215 ins v1.d[1],v0.d[0] |
| 213 eor v0.16b,v1.16b,v18.16b | 216 eor v0.16b,v1.16b,v18.16b |
| 214 | 217 |
| 215 ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction | 218 ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction |
| 216 pmull v0.1q,v0.1d,v19.1d | 219 pmull v0.1q,v0.1d,v19.1d |
| 217 eor v18.16b,v18.16b,v2.16b | 220 eor v18.16b,v18.16b,v2.16b |
| 218 eor v0.16b,v0.16b,v18.16b | 221 eor v0.16b,v0.16b,v18.16b |
| 219 | 222 |
| 220 .Ldone_v8: | 223 .Ldone_v8: |
| 221 #ifndef __ARMEB__ | 224 #ifndef __ARMEB__ |
| 222 rev64 v0.16b,v0.16b | 225 rev64 v0.16b,v0.16b |
| 223 #endif | 226 #endif |
| 224 ext v0.16b,v0.16b,v0.16b,#8 | 227 ext v0.16b,v0.16b,v0.16b,#8 |
| 225 st1 {v0.2d},[x0] //write out Xi | 228 st1 {v0.2d},[x0] //write out Xi |
| 226 | 229 |
| 227 ret | 230 ret |
| 228 .size gcm_ghash_v8,.-gcm_ghash_v8 | 231 .size gcm_ghash_v8,.-gcm_ghash_v8 |
| 229 .byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79
,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,4
6,111,114,103,62,0 | 232 .byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79
,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,4
6,111,114,103,62,0 |
| 230 .align 2 | 233 .align 2 |
| 231 .align 2 | 234 .align 2 |
| 232 #endif | 235 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2219933002:
Land BoringSSL roll on master (Closed)
Base URL: git@github.com:dart-lang/sdk.git@master