|
Packit |
c4476c |
#! /usr/bin/env perl
|
|
Packit |
c4476c |
# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
# Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
# this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
# in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
# https://www.openssl.org/source/license.html
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
# ====================================================================
|
|
Packit |
c4476c |
# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
|
|
Packit |
c4476c |
# project. The module is, however, dual licensed under OpenSSL and
|
|
Packit |
c4476c |
# CRYPTOGAMS licenses depending on where you obtain it. For further
|
|
Packit |
c4476c |
# details see http://www.openssl.org/~appro/cryptogams/.
|
|
Packit |
c4476c |
# ====================================================================
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
# AES-NI-CTR+GHASH stitch.
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
# February 2013
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
# OpenSSL GCM implementation is organized in such way that its
|
|
Packit |
c4476c |
# performance is rather close to the sum of its streamed components,
|
|
Packit |
c4476c |
# in the context parallelized AES-NI CTR and modulo-scheduled
|
|
Packit |
c4476c |
# PCLMULQDQ-enabled GHASH. Unfortunately, as no stitch implementation
|
|
Packit |
c4476c |
# was observed to perform significantly better than the sum of the
|
|
Packit |
c4476c |
# components on contemporary CPUs, the effort was deemed impossible to
|
|
Packit |
c4476c |
# justify. This module is based on combination of Intel submissions,
|
|
Packit |
c4476c |
# [1] and [2], with MOVBE twist suggested by Ilya Albrekht and Max
|
|
Packit |
c4476c |
# Locktyukhin of Intel Corp. who verified that it reduces shuffles
|
|
Packit |
c4476c |
# pressure with notable relative improvement, achieving 1.0 cycle per
|
|
Packit |
c4476c |
# byte processed with 128-bit key on Haswell processor, 0.74 - on
|
|
Packit |
c4476c |
# Broadwell, 0.63 - on Skylake... [Mentioned results are raw profiled
|
|
Packit |
c4476c |
# measurements for favourable packet size, one divisible by 96.
|
|
Packit |
c4476c |
# Applications using the EVP interface will observe a few percent
|
|
Packit |
c4476c |
# worse performance.]
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
# Knights Landing processes 1 byte in 1.25 cycles (measured with EVP).
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
# [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest
|
|
Packit |
c4476c |
# [2] http://www.intel.com/content/dam/www/public/us/en/documents/software-support/enabling-high-performance-gcm.pdf
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
$flavour = shift;
|
|
Packit |
c4476c |
$output = shift;
|
|
Packit |
c4476c |
if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
|
|
Packit |
c4476c |
( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
|
|
Packit |
c4476c |
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
|
|
Packit |
c4476c |
die "can't locate x86_64-xlate.pl";
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
|
|
Packit |
c4476c |
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
|
|
Packit |
c4476c |
$avx = ($1>=2.20) + ($1>=2.22);
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
|
|
Packit |
c4476c |
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
|
|
Packit |
c4476c |
$avx = ($1>=2.09) + ($1>=2.10);
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
|
Packit |
c4476c |
`ml64 2>&1` =~ /Version ([0-9]+)\./) {
|
|
Packit |
c4476c |
$avx = ($1>=10) + ($1>=11);
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
|
|
Packit |
c4476c |
$avx = ($2>=3.0) + ($2>3.0);
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
|
|
Packit |
c4476c |
*STDOUT=*OUT;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if ($avx>1) {{{
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
($inp,$out,$len,$key,$ivp,$Xip)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
($Ii,$T1,$T2,$Hkey,
|
|
Packit |
c4476c |
$Z0,$Z1,$Z2,$Z3,$Xi) = map("%xmm$_",(0..8));
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
($inout0,$inout1,$inout2,$inout3,$inout4,$inout5,$rndkey) = map("%xmm$_",(9..15));
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
($counter,$rounds,$ret,$const,$in0,$end0)=("%ebx","%ebp","%r10","%r11","%r14","%r15");
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
$code=<<___;
|
|
Packit |
c4476c |
.text
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.type _aesni_ctr32_ghash_6x,\@abi-omnipotent
|
|
Packit |
c4476c |
.align 32
|
|
Packit |
c4476c |
_aesni_ctr32_ghash_6x:
|
|
Packit |
c4476c |
.cfi_startproc
|
|
Packit |
c4476c |
vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb
|
|
Packit |
c4476c |
sub \$6,$len
|
|
Packit |
c4476c |
vpxor $Z0,$Z0,$Z0 # $Z0 = 0
|
|
Packit |
c4476c |
vmovdqu 0x00-0x80($key),$rndkey
|
|
Packit |
c4476c |
vpaddb $T2,$T1,$inout1
|
|
Packit |
c4476c |
vpaddb $T2,$inout1,$inout2
|
|
Packit |
c4476c |
vpaddb $T2,$inout2,$inout3
|
|
Packit |
c4476c |
vpaddb $T2,$inout3,$inout4
|
|
Packit |
c4476c |
vpaddb $T2,$inout4,$inout5
|
|
Packit |
c4476c |
vpxor $rndkey,$T1,$inout0
|
|
Packit |
c4476c |
vmovdqu $Z0,16+8(%rsp) # "$Z3" = 0
|
|
Packit |
c4476c |
jmp .Loop6x
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.align 32
|
|
Packit |
c4476c |
.Loop6x:
|
|
Packit |
c4476c |
add \$`6<<24`,$counter
|
|
Packit |
c4476c |
jc .Lhandle_ctr32 # discard $inout[1-5]?
|
|
Packit |
c4476c |
vmovdqu 0x00-0x20($Xip),$Hkey # $Hkey^1
|
|
Packit |
c4476c |
vpaddb $T2,$inout5,$T1 # next counter value
|
|
Packit |
c4476c |
vpxor $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
vpxor $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.Lresume_ctr32:
|
|
Packit |
c4476c |
vmovdqu $T1,($ivp) # save next counter value
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$Hkey,$Z3,$Z1
|
|
Packit |
c4476c |
vpxor $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
vmovups 0x10-0x80($key),$T2 # borrow $T2 for $rndkey
|
|
Packit |
c4476c |
vpclmulqdq \$0x01,$Hkey,$Z3,$Z2
|
|
Packit |
c4476c |
xor %r12,%r12
|
|
Packit |
c4476c |
cmp $in0,$end0
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vaesenc $T2,$inout0,$inout0
|
|
Packit |
c4476c |
vmovdqu 0x30+8(%rsp),$Ii # I[4]
|
|
Packit |
c4476c |
vpxor $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Hkey,$Z3,$T1
|
|
Packit |
c4476c |
vaesenc $T2,$inout1,$inout1
|
|
Packit |
c4476c |
vpxor $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
setnc %r12b
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Hkey,$Z3,$Z3
|
|
Packit |
c4476c |
vaesenc $T2,$inout2,$inout2
|
|
Packit |
c4476c |
vmovdqu 0x10-0x20($Xip),$Hkey # $Hkey^2
|
|
Packit |
c4476c |
neg %r12
|
|
Packit |
c4476c |
vaesenc $T2,$inout3,$inout3
|
|
Packit |
c4476c |
vpxor $Z1,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Hkey,$Ii,$Z1
|
|
Packit |
c4476c |
vpxor $Z0,$Xi,$Xi # modulo-scheduled
|
|
Packit |
c4476c |
vaesenc $T2,$inout4,$inout4
|
|
Packit |
c4476c |
vpxor $Z1,$T1,$Z0
|
|
Packit |
c4476c |
and \$0x60,%r12
|
|
Packit |
c4476c |
vmovups 0x20-0x80($key),$rndkey
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$Hkey,$Ii,$T1
|
|
Packit |
c4476c |
vaesenc $T2,$inout5,$inout5
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpclmulqdq \$0x01,$Hkey,$Ii,$T2
|
|
Packit |
c4476c |
lea ($in0,%r12),$in0
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vpxor 16+8(%rsp),$Xi,$Xi # modulo-scheduled [vpxor $Z3,$Xi,$Xi]
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Hkey,$Ii,$Hkey
|
|
Packit |
c4476c |
vmovdqu 0x40+8(%rsp),$Ii # I[3]
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
movbe 0x58($in0),%r13
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
movbe 0x50($in0),%r12
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
mov %r13,0x20+8(%rsp)
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
mov %r12,0x28+8(%rsp)
|
|
Packit |
c4476c |
vmovdqu 0x30-0x20($Xip),$Z1 # borrow $Z1 for $Hkey^3
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovups 0x30-0x80($key),$rndkey
|
|
Packit |
c4476c |
vpxor $T1,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Z1,$Ii,$T1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vpxor $T2,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$Z1,$Ii,$T2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
vpxor $Hkey,$Z3,$Z3
|
|
Packit |
c4476c |
vpclmulqdq \$0x01,$Z1,$Ii,$Hkey
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Z1,$Ii,$Z1
|
|
Packit |
c4476c |
vmovdqu 0x50+8(%rsp),$Ii # I[2]
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
vpxor $T1,$Z0,$Z0
|
|
Packit |
c4476c |
vmovdqu 0x40-0x20($Xip),$T1 # borrow $T1 for $Hkey^4
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovups 0x40-0x80($key),$rndkey
|
|
Packit |
c4476c |
vpxor $T2,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$T1,$Ii,$T2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vpxor $Hkey,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$T1,$Ii,$Hkey
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
movbe 0x48($in0),%r13
|
|
Packit |
c4476c |
vpxor $Z1,$Z3,$Z3
|
|
Packit |
c4476c |
vpclmulqdq \$0x01,$T1,$Ii,$Z1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
movbe 0x40($in0),%r12
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$T1,$Ii,$T1
|
|
Packit |
c4476c |
vmovdqu 0x60+8(%rsp),$Ii # I[1]
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
mov %r13,0x30+8(%rsp)
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
mov %r12,0x38+8(%rsp)
|
|
Packit |
c4476c |
vpxor $T2,$Z0,$Z0
|
|
Packit |
c4476c |
vmovdqu 0x60-0x20($Xip),$T2 # borrow $T2 for $Hkey^5
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovups 0x50-0x80($key),$rndkey
|
|
Packit |
c4476c |
vpxor $Hkey,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$T2,$Ii,$Hkey
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vpxor $Z1,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$T2,$Ii,$Z1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
movbe 0x38($in0),%r13
|
|
Packit |
c4476c |
vpxor $T1,$Z3,$Z3
|
|
Packit |
c4476c |
vpclmulqdq \$0x01,$T2,$Ii,$T1
|
|
Packit |
c4476c |
vpxor 0x70+8(%rsp),$Xi,$Xi # accumulate I[0]
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
movbe 0x30($in0),%r12
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$T2,$Ii,$T2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
mov %r13,0x40+8(%rsp)
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
mov %r12,0x48+8(%rsp)
|
|
Packit |
c4476c |
vpxor $Hkey,$Z0,$Z0
|
|
Packit |
c4476c |
vmovdqu 0x70-0x20($Xip),$Hkey # $Hkey^6
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovups 0x60-0x80($key),$rndkey
|
|
Packit |
c4476c |
vpxor $Z1,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$Hkey,$Xi,$Z1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vpxor $T1,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x01,$Hkey,$Xi,$T1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
movbe 0x28($in0),%r13
|
|
Packit |
c4476c |
vpxor $T2,$Z3,$Z3
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Hkey,$Xi,$T2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
movbe 0x20($in0),%r12
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Hkey,$Xi,$Xi
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
mov %r13,0x50+8(%rsp)
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
mov %r12,0x58+8(%rsp)
|
|
Packit |
c4476c |
vpxor $Z1,$Z2,$Z2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
vpxor $T1,$Z2,$Z2
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovups 0x70-0x80($key),$rndkey
|
|
Packit |
c4476c |
vpslldq \$8,$Z2,$Z1
|
|
Packit |
c4476c |
vpxor $T2,$Z0,$Z0
|
|
Packit |
c4476c |
vmovdqu 0x10($const),$Hkey # .Lpoly
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vpxor $Xi,$Z3,$Z3
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
vpxor $Z1,$Z0,$Z0
|
|
Packit |
c4476c |
movbe 0x18($in0),%r13
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
movbe 0x10($in0),%r12
|
|
Packit |
c4476c |
vpalignr \$8,$Z0,$Z0,$Ii # 1st phase
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$Hkey,$Z0,$Z0
|
|
Packit |
c4476c |
mov %r13,0x60+8(%rsp)
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
mov %r12,0x68+8(%rsp)
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
vmovups 0x80-0x80($key),$T1 # borrow $T1 for $rndkey
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vaesenc $T1,$inout0,$inout0
|
|
Packit |
c4476c |
vmovups 0x90-0x80($key),$rndkey
|
|
Packit |
c4476c |
vaesenc $T1,$inout1,$inout1
|
|
Packit |
c4476c |
vpsrldq \$8,$Z2,$Z2
|
|
Packit |
c4476c |
vaesenc $T1,$inout2,$inout2
|
|
Packit |
c4476c |
vpxor $Z2,$Z3,$Z3
|
|
Packit |
c4476c |
vaesenc $T1,$inout3,$inout3
|
|
Packit |
c4476c |
vpxor $Ii,$Z0,$Z0
|
|
Packit |
c4476c |
movbe 0x08($in0),%r13
|
|
Packit |
c4476c |
vaesenc $T1,$inout4,$inout4
|
|
Packit |
c4476c |
movbe 0x00($in0),%r12
|
|
Packit |
c4476c |
vaesenc $T1,$inout5,$inout5
|
|
Packit |
c4476c |
vmovups 0xa0-0x80($key),$T1
|
|
Packit |
c4476c |
cmp \$11,$rounds
|
|
Packit |
c4476c |
jb .Lenc_tail # 128-bit key
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vaesenc $T1,$inout0,$inout0
|
|
Packit |
c4476c |
vaesenc $T1,$inout1,$inout1
|
|
Packit |
c4476c |
vaesenc $T1,$inout2,$inout2
|
|
Packit |
c4476c |
vaesenc $T1,$inout3,$inout3
|
|
Packit |
c4476c |
vaesenc $T1,$inout4,$inout4
|
|
Packit |
c4476c |
vmovups 0xb0-0x80($key),$rndkey
|
|
Packit |
c4476c |
vaesenc $T1,$inout5,$inout5
|
|
Packit |
c4476c |
vmovups 0xc0-0x80($key),$T1
|
|
Packit |
c4476c |
je .Lenc_tail # 192-bit key
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vaesenc $T1,$inout0,$inout0
|
|
Packit |
c4476c |
vaesenc $T1,$inout1,$inout1
|
|
Packit |
c4476c |
vaesenc $T1,$inout2,$inout2
|
|
Packit |
c4476c |
vaesenc $T1,$inout3,$inout3
|
|
Packit |
c4476c |
vaesenc $T1,$inout4,$inout4
|
|
Packit |
c4476c |
vmovups 0xd0-0x80($key),$rndkey
|
|
Packit |
c4476c |
vaesenc $T1,$inout5,$inout5
|
|
Packit |
c4476c |
vmovups 0xe0-0x80($key),$T1
|
|
Packit |
c4476c |
jmp .Lenc_tail # 256-bit key
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.align 32
|
|
Packit |
c4476c |
.Lhandle_ctr32:
|
|
Packit |
c4476c |
vmovdqu ($const),$Ii # borrow $Ii for .Lbswap_mask
|
|
Packit |
c4476c |
vpshufb $Ii,$T1,$Z2 # byte-swap counter
|
|
Packit |
c4476c |
vmovdqu 0x30($const),$Z1 # borrow $Z1, .Ltwo_lsb
|
|
Packit |
c4476c |
vpaddd 0x40($const),$Z2,$inout1 # .Lone_lsb
|
|
Packit |
c4476c |
vpaddd $Z1,$Z2,$inout2
|
|
Packit |
c4476c |
vmovdqu 0x00-0x20($Xip),$Hkey # $Hkey^1
|
|
Packit |
c4476c |
vpaddd $Z1,$inout1,$inout3
|
|
Packit |
c4476c |
vpshufb $Ii,$inout1,$inout1
|
|
Packit |
c4476c |
vpaddd $Z1,$inout2,$inout4
|
|
Packit |
c4476c |
vpshufb $Ii,$inout2,$inout2
|
|
Packit |
c4476c |
vpxor $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
vpaddd $Z1,$inout3,$inout5
|
|
Packit |
c4476c |
vpshufb $Ii,$inout3,$inout3
|
|
Packit |
c4476c |
vpxor $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
vpaddd $Z1,$inout4,$T1 # byte-swapped next counter value
|
|
Packit |
c4476c |
vpshufb $Ii,$inout4,$inout4
|
|
Packit |
c4476c |
vpshufb $Ii,$inout5,$inout5
|
|
Packit |
c4476c |
vpshufb $Ii,$T1,$T1 # next counter value
|
|
Packit |
c4476c |
jmp .Lresume_ctr32
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.align 32
|
|
Packit |
c4476c |
.Lenc_tail:
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vmovdqu $Z3,16+8(%rsp) # postpone vpxor $Z3,$Xi,$Xi
|
|
Packit |
c4476c |
vpalignr \$8,$Z0,$Z0,$Xi # 2nd phase
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$Hkey,$Z0,$Z0
|
|
Packit |
c4476c |
vpxor 0x00($inp),$T1,$T2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
vpxor 0x10($inp),$T1,$Ii
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
vpxor 0x20($inp),$T1,$Z1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
vpxor 0x30($inp),$T1,$Z2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
vpxor 0x40($inp),$T1,$Z3
|
|
Packit |
c4476c |
vpxor 0x50($inp),$T1,$Hkey
|
|
Packit |
c4476c |
vmovdqu ($ivp),$T1 # load next counter value
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vaesenclast $T2,$inout0,$inout0
|
|
Packit |
c4476c |
vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb
|
|
Packit |
c4476c |
vaesenclast $Ii,$inout1,$inout1
|
|
Packit |
c4476c |
vpaddb $T2,$T1,$Ii
|
|
Packit |
c4476c |
mov %r13,0x70+8(%rsp)
|
|
Packit |
c4476c |
lea 0x60($inp),$inp
|
|
Packit |
c4476c |
vaesenclast $Z1,$inout2,$inout2
|
|
Packit |
c4476c |
vpaddb $T2,$Ii,$Z1
|
|
Packit |
c4476c |
mov %r12,0x78+8(%rsp)
|
|
Packit |
c4476c |
lea 0x60($out),$out
|
|
Packit |
c4476c |
vmovdqu 0x00-0x80($key),$rndkey
|
|
Packit |
c4476c |
vaesenclast $Z2,$inout3,$inout3
|
|
Packit |
c4476c |
vpaddb $T2,$Z1,$Z2
|
|
Packit |
c4476c |
vaesenclast $Z3, $inout4,$inout4
|
|
Packit |
c4476c |
vpaddb $T2,$Z2,$Z3
|
|
Packit |
c4476c |
vaesenclast $Hkey,$inout5,$inout5
|
|
Packit |
c4476c |
vpaddb $T2,$Z3,$Hkey
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
add \$0x60,$ret
|
|
Packit |
c4476c |
sub \$0x6,$len
|
|
Packit |
c4476c |
jc .L6x_done
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovups $inout0,-0x60($out) # save output
|
|
Packit |
c4476c |
vpxor $rndkey,$T1,$inout0
|
|
Packit |
c4476c |
vmovups $inout1,-0x50($out)
|
|
Packit |
c4476c |
vmovdqa $Ii,$inout1 # 0 latency
|
|
Packit |
c4476c |
vmovups $inout2,-0x40($out)
|
|
Packit |
c4476c |
vmovdqa $Z1,$inout2 # 0 latency
|
|
Packit |
c4476c |
vmovups $inout3,-0x30($out)
|
|
Packit |
c4476c |
vmovdqa $Z2,$inout3 # 0 latency
|
|
Packit |
c4476c |
vmovups $inout4,-0x20($out)
|
|
Packit |
c4476c |
vmovdqa $Z3,$inout4 # 0 latency
|
|
Packit |
c4476c |
vmovups $inout5,-0x10($out)
|
|
Packit |
c4476c |
vmovdqa $Hkey,$inout5 # 0 latency
|
|
Packit |
c4476c |
vmovdqu 0x20+8(%rsp),$Z3 # I[5]
|
|
Packit |
c4476c |
jmp .Loop6x
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.L6x_done:
|
|
Packit |
c4476c |
vpxor 16+8(%rsp),$Xi,$Xi # modulo-scheduled
|
|
Packit |
c4476c |
vpxor $Z0,$Xi,$Xi # modulo-scheduled
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
ret
|
|
Packit |
c4476c |
.cfi_endproc
|
|
Packit |
c4476c |
.size _aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
######################################################################
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
# size_t aesni_gcm_[en|de]crypt(const void *inp, void *out, size_t len,
|
|
Packit |
c4476c |
# const AES_KEY *key, unsigned char iv[16],
|
|
Packit |
c4476c |
# struct { u128 Xi,H,Htbl[9]; } *Xip);
|
|
Packit |
c4476c |
$code.=<<___;
|
|
Packit |
c4476c |
.globl aesni_gcm_decrypt
|
|
Packit |
c4476c |
.type aesni_gcm_decrypt,\@function,6
|
|
Packit |
c4476c |
.align 32
|
|
Packit |
c4476c |
aesni_gcm_decrypt:
|
|
Packit |
c4476c |
.cfi_startproc
|
|
Packit |
c4476c |
xor $ret,$ret
|
|
Packit |
c4476c |
cmp \$0x60,$len # minimal accepted length
|
|
Packit |
c4476c |
jb .Lgcm_dec_abort
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
lea (%rsp),%rax # save stack pointer
|
|
Packit |
c4476c |
.cfi_def_cfa_register %rax
|
|
Packit |
c4476c |
push %rbx
|
|
Packit |
c4476c |
.cfi_push %rbx
|
|
Packit |
c4476c |
push %rbp
|
|
Packit |
c4476c |
.cfi_push %rbp
|
|
Packit |
c4476c |
push %r12
|
|
Packit |
c4476c |
.cfi_push %r12
|
|
Packit |
c4476c |
push %r13
|
|
Packit |
c4476c |
.cfi_push %r13
|
|
Packit |
c4476c |
push %r14
|
|
Packit |
c4476c |
.cfi_push %r14
|
|
Packit |
c4476c |
push %r15
|
|
Packit |
c4476c |
.cfi_push %r15
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
$code.=<<___ if ($win64);
|
|
Packit |
c4476c |
lea -0xa8(%rsp),%rsp
|
|
Packit |
c4476c |
movaps %xmm6,-0xd8(%rax)
|
|
Packit |
c4476c |
movaps %xmm7,-0xc8(%rax)
|
|
Packit |
c4476c |
movaps %xmm8,-0xb8(%rax)
|
|
Packit |
c4476c |
movaps %xmm9,-0xa8(%rax)
|
|
Packit |
c4476c |
movaps %xmm10,-0x98(%rax)
|
|
Packit |
c4476c |
movaps %xmm11,-0x88(%rax)
|
|
Packit |
c4476c |
movaps %xmm12,-0x78(%rax)
|
|
Packit |
c4476c |
movaps %xmm13,-0x68(%rax)
|
|
Packit |
c4476c |
movaps %xmm14,-0x58(%rax)
|
|
Packit |
c4476c |
movaps %xmm15,-0x48(%rax)
|
|
Packit |
c4476c |
.Lgcm_dec_body:
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
$code.=<<___;
|
|
Packit |
c4476c |
vzeroupper
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovdqu ($ivp),$T1 # input counter value
|
|
Packit |
c4476c |
add \$-128,%rsp
|
|
Packit |
c4476c |
mov 12($ivp),$counter
|
|
Packit |
c4476c |
lea .Lbswap_mask(%rip),$const
|
|
Packit |
c4476c |
lea -0x80($key),$in0 # borrow $in0
|
|
Packit |
c4476c |
mov \$0xf80,$end0 # borrow $end0
|
|
Packit |
c4476c |
vmovdqu ($Xip),$Xi # load Xi
|
|
Packit |
c4476c |
and \$-128,%rsp # ensure stack alignment
|
|
Packit |
c4476c |
vmovdqu ($const),$Ii # borrow $Ii for .Lbswap_mask
|
|
Packit |
c4476c |
lea 0x80($key),$key # size optimization
|
|
Packit |
c4476c |
lea 0x20+0x20($Xip),$Xip # size optimization
|
|
Packit |
c4476c |
mov 0xf0-0x80($key),$rounds
|
|
Packit |
c4476c |
vpshufb $Ii,$Xi,$Xi
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
and $end0,$in0
|
|
Packit |
c4476c |
and %rsp,$end0
|
|
Packit |
c4476c |
sub $in0,$end0
|
|
Packit |
c4476c |
jc .Ldec_no_key_aliasing
|
|
Packit |
c4476c |
cmp \$768,$end0
|
|
Packit |
c4476c |
jnc .Ldec_no_key_aliasing
|
|
Packit |
c4476c |
sub $end0,%rsp # avoid aliasing with key
|
|
Packit |
c4476c |
.Ldec_no_key_aliasing:
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovdqu 0x50($inp),$Z3 # I[5]
|
|
Packit |
c4476c |
lea ($inp),$in0
|
|
Packit |
c4476c |
vmovdqu 0x40($inp),$Z0
|
|
Packit |
c4476c |
lea -0xc0($inp,$len),$end0
|
|
Packit |
c4476c |
vmovdqu 0x30($inp),$Z1
|
|
Packit |
c4476c |
shr \$4,$len
|
|
Packit |
c4476c |
xor $ret,$ret
|
|
Packit |
c4476c |
vmovdqu 0x20($inp),$Z2
|
|
Packit |
c4476c |
vpshufb $Ii,$Z3,$Z3 # passed to _aesni_ctr32_ghash_6x
|
|
Packit |
c4476c |
vmovdqu 0x10($inp),$T2
|
|
Packit |
c4476c |
vpshufb $Ii,$Z0,$Z0
|
|
Packit |
c4476c |
vmovdqu ($inp),$Hkey
|
|
Packit |
c4476c |
vpshufb $Ii,$Z1,$Z1
|
|
Packit |
c4476c |
vmovdqu $Z0,0x30(%rsp)
|
|
Packit |
c4476c |
vpshufb $Ii,$Z2,$Z2
|
|
Packit |
c4476c |
vmovdqu $Z1,0x40(%rsp)
|
|
Packit |
c4476c |
vpshufb $Ii,$T2,$T2
|
|
Packit |
c4476c |
vmovdqu $Z2,0x50(%rsp)
|
|
Packit |
c4476c |
vpshufb $Ii,$Hkey,$Hkey
|
|
Packit |
c4476c |
vmovdqu $T2,0x60(%rsp)
|
|
Packit |
c4476c |
vmovdqu $Hkey,0x70(%rsp)
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
call _aesni_ctr32_ghash_6x
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovups $inout0,-0x60($out) # save output
|
|
Packit |
c4476c |
vmovups $inout1,-0x50($out)
|
|
Packit |
c4476c |
vmovups $inout2,-0x40($out)
|
|
Packit |
c4476c |
vmovups $inout3,-0x30($out)
|
|
Packit |
c4476c |
vmovups $inout4,-0x20($out)
|
|
Packit |
c4476c |
vmovups $inout5,-0x10($out)
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpshufb ($const),$Xi,$Xi # .Lbswap_mask
|
|
Packit |
c4476c |
vmovdqu $Xi,-0x40($Xip) # output Xi
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vzeroupper
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
$code.=<<___ if ($win64);
|
|
Packit |
c4476c |
movaps -0xd8(%rax),%xmm6
|
|
Packit |
c4476c |
movaps -0xc8(%rax),%xmm7
|
|
Packit |
c4476c |
movaps -0xb8(%rax),%xmm8
|
|
Packit |
c4476c |
movaps -0xa8(%rax),%xmm9
|
|
Packit |
c4476c |
movaps -0x98(%rax),%xmm10
|
|
Packit |
c4476c |
movaps -0x88(%rax),%xmm11
|
|
Packit |
c4476c |
movaps -0x78(%rax),%xmm12
|
|
Packit |
c4476c |
movaps -0x68(%rax),%xmm13
|
|
Packit |
c4476c |
movaps -0x58(%rax),%xmm14
|
|
Packit |
c4476c |
movaps -0x48(%rax),%xmm15
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
$code.=<<___;
|
|
Packit |
c4476c |
mov -48(%rax),%r15
|
|
Packit |
c4476c |
.cfi_restore %r15
|
|
Packit |
c4476c |
mov -40(%rax),%r14
|
|
Packit |
c4476c |
.cfi_restore %r14
|
|
Packit |
c4476c |
mov -32(%rax),%r13
|
|
Packit |
c4476c |
.cfi_restore %r13
|
|
Packit |
c4476c |
mov -24(%rax),%r12
|
|
Packit |
c4476c |
.cfi_restore %r12
|
|
Packit |
c4476c |
mov -16(%rax),%rbp
|
|
Packit |
c4476c |
.cfi_restore %rbp
|
|
Packit |
c4476c |
mov -8(%rax),%rbx
|
|
Packit |
c4476c |
.cfi_restore %rbx
|
|
Packit |
c4476c |
lea (%rax),%rsp # restore %rsp
|
|
Packit |
c4476c |
.cfi_def_cfa_register %rsp
|
|
Packit |
c4476c |
.Lgcm_dec_abort:
|
|
Packit |
c4476c |
mov $ret,%rax # return value
|
|
Packit |
c4476c |
ret
|
|
Packit |
c4476c |
.cfi_endproc
|
|
Packit |
c4476c |
.size aesni_gcm_decrypt,.-aesni_gcm_decrypt
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
$code.=<<___;
|
|
Packit |
c4476c |
.type _aesni_ctr32_6x,\@abi-omnipotent
|
|
Packit |
c4476c |
.align 32
|
|
Packit |
c4476c |
_aesni_ctr32_6x:
|
|
Packit |
c4476c |
.cfi_startproc
|
|
Packit |
c4476c |
vmovdqu 0x00-0x80($key),$Z0 # borrow $Z0 for $rndkey
|
|
Packit |
c4476c |
vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb
|
|
Packit |
c4476c |
lea -1($rounds),%r13
|
|
Packit |
c4476c |
vmovups 0x10-0x80($key),$rndkey
|
|
Packit |
c4476c |
lea 0x20-0x80($key),%r12
|
|
Packit |
c4476c |
vpxor $Z0,$T1,$inout0
|
|
Packit |
c4476c |
add \$`6<<24`,$counter
|
|
Packit |
c4476c |
jc .Lhandle_ctr32_2
|
|
Packit |
c4476c |
vpaddb $T2,$T1,$inout1
|
|
Packit |
c4476c |
vpaddb $T2,$inout1,$inout2
|
|
Packit |
c4476c |
vpxor $Z0,$inout1,$inout1
|
|
Packit |
c4476c |
vpaddb $T2,$inout2,$inout3
|
|
Packit |
c4476c |
vpxor $Z0,$inout2,$inout2
|
|
Packit |
c4476c |
vpaddb $T2,$inout3,$inout4
|
|
Packit |
c4476c |
vpxor $Z0,$inout3,$inout3
|
|
Packit |
c4476c |
vpaddb $T2,$inout4,$inout5
|
|
Packit |
c4476c |
vpxor $Z0,$inout4,$inout4
|
|
Packit |
c4476c |
vpaddb $T2,$inout5,$T1
|
|
Packit |
c4476c |
vpxor $Z0,$inout5,$inout5
|
|
Packit |
c4476c |
jmp .Loop_ctr32
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.align 16
|
|
Packit |
c4476c |
.Loop_ctr32:
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
vmovups (%r12),$rndkey
|
|
Packit |
c4476c |
lea 0x10(%r12),%r12
|
|
Packit |
c4476c |
dec %r13d
|
|
Packit |
c4476c |
jnz .Loop_ctr32
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovdqu (%r12),$Hkey # last round key
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout0,$inout0
|
|
Packit |
c4476c |
vpxor 0x00($inp),$Hkey,$Z0
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout1,$inout1
|
|
Packit |
c4476c |
vpxor 0x10($inp),$Hkey,$Z1
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout2,$inout2
|
|
Packit |
c4476c |
vpxor 0x20($inp),$Hkey,$Z2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout3,$inout3
|
|
Packit |
c4476c |
vpxor 0x30($inp),$Hkey,$Xi
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout4,$inout4
|
|
Packit |
c4476c |
vpxor 0x40($inp),$Hkey,$T2
|
|
Packit |
c4476c |
vaesenc $rndkey,$inout5,$inout5
|
|
Packit |
c4476c |
vpxor 0x50($inp),$Hkey,$Hkey
|
|
Packit |
c4476c |
lea 0x60($inp),$inp
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vaesenclast $Z0,$inout0,$inout0
|
|
Packit |
c4476c |
vaesenclast $Z1,$inout1,$inout1
|
|
Packit |
c4476c |
vaesenclast $Z2,$inout2,$inout2
|
|
Packit |
c4476c |
vaesenclast $Xi,$inout3,$inout3
|
|
Packit |
c4476c |
vaesenclast $T2,$inout4,$inout4
|
|
Packit |
c4476c |
vaesenclast $Hkey,$inout5,$inout5
|
|
Packit |
c4476c |
vmovups $inout0,0x00($out)
|
|
Packit |
c4476c |
vmovups $inout1,0x10($out)
|
|
Packit |
c4476c |
vmovups $inout2,0x20($out)
|
|
Packit |
c4476c |
vmovups $inout3,0x30($out)
|
|
Packit |
c4476c |
vmovups $inout4,0x40($out)
|
|
Packit |
c4476c |
vmovups $inout5,0x50($out)
|
|
Packit |
c4476c |
lea 0x60($out),$out
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
ret
|
|
Packit |
c4476c |
.align 32
|
|
Packit |
c4476c |
.Lhandle_ctr32_2:
|
|
Packit |
c4476c |
vpshufb $Ii,$T1,$Z2 # byte-swap counter
|
|
Packit |
c4476c |
vmovdqu 0x30($const),$Z1 # borrow $Z1, .Ltwo_lsb
|
|
Packit |
c4476c |
vpaddd 0x40($const),$Z2,$inout1 # .Lone_lsb
|
|
Packit |
c4476c |
vpaddd $Z1,$Z2,$inout2
|
|
Packit |
c4476c |
vpaddd $Z1,$inout1,$inout3
|
|
Packit |
c4476c |
vpshufb $Ii,$inout1,$inout1
|
|
Packit |
c4476c |
vpaddd $Z1,$inout2,$inout4
|
|
Packit |
c4476c |
vpshufb $Ii,$inout2,$inout2
|
|
Packit |
c4476c |
vpxor $Z0,$inout1,$inout1
|
|
Packit |
c4476c |
vpaddd $Z1,$inout3,$inout5
|
|
Packit |
c4476c |
vpshufb $Ii,$inout3,$inout3
|
|
Packit |
c4476c |
vpxor $Z0,$inout2,$inout2
|
|
Packit |
c4476c |
vpaddd $Z1,$inout4,$T1 # byte-swapped next counter value
|
|
Packit |
c4476c |
vpshufb $Ii,$inout4,$inout4
|
|
Packit |
c4476c |
vpxor $Z0,$inout3,$inout3
|
|
Packit |
c4476c |
vpshufb $Ii,$inout5,$inout5
|
|
Packit |
c4476c |
vpxor $Z0,$inout4,$inout4
|
|
Packit |
c4476c |
vpshufb $Ii,$T1,$T1 # next counter value
|
|
Packit |
c4476c |
vpxor $Z0,$inout5,$inout5
|
|
Packit |
c4476c |
jmp .Loop_ctr32
|
|
Packit |
c4476c |
.cfi_endproc
|
|
Packit |
c4476c |
.size _aesni_ctr32_6x,.-_aesni_ctr32_6x
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.globl aesni_gcm_encrypt
|
|
Packit |
c4476c |
.type aesni_gcm_encrypt,\@function,6
|
|
Packit |
c4476c |
.align 32
|
|
Packit |
c4476c |
aesni_gcm_encrypt:
|
|
Packit |
c4476c |
.cfi_startproc
|
|
Packit |
c4476c |
xor $ret,$ret
|
|
Packit |
c4476c |
cmp \$0x60*3,$len # minimal accepted length
|
|
Packit |
c4476c |
jb .Lgcm_enc_abort
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
lea (%rsp),%rax # save stack pointer
|
|
Packit |
c4476c |
.cfi_def_cfa_register %rax
|
|
Packit |
c4476c |
push %rbx
|
|
Packit |
c4476c |
.cfi_push %rbx
|
|
Packit |
c4476c |
push %rbp
|
|
Packit |
c4476c |
.cfi_push %rbp
|
|
Packit |
c4476c |
push %r12
|
|
Packit |
c4476c |
.cfi_push %r12
|
|
Packit |
c4476c |
push %r13
|
|
Packit |
c4476c |
.cfi_push %r13
|
|
Packit |
c4476c |
push %r14
|
|
Packit |
c4476c |
.cfi_push %r14
|
|
Packit |
c4476c |
push %r15
|
|
Packit |
c4476c |
.cfi_push %r15
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
$code.=<<___ if ($win64);
|
|
Packit |
c4476c |
lea -0xa8(%rsp),%rsp
|
|
Packit |
c4476c |
movaps %xmm6,-0xd8(%rax)
|
|
Packit |
c4476c |
movaps %xmm7,-0xc8(%rax)
|
|
Packit |
c4476c |
movaps %xmm8,-0xb8(%rax)
|
|
Packit |
c4476c |
movaps %xmm9,-0xa8(%rax)
|
|
Packit |
c4476c |
movaps %xmm10,-0x98(%rax)
|
|
Packit |
c4476c |
movaps %xmm11,-0x88(%rax)
|
|
Packit |
c4476c |
movaps %xmm12,-0x78(%rax)
|
|
Packit |
c4476c |
movaps %xmm13,-0x68(%rax)
|
|
Packit |
c4476c |
movaps %xmm14,-0x58(%rax)
|
|
Packit |
c4476c |
movaps %xmm15,-0x48(%rax)
|
|
Packit |
c4476c |
.Lgcm_enc_body:
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
$code.=<<___;
|
|
Packit |
c4476c |
vzeroupper
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovdqu ($ivp),$T1 # input counter value
|
|
Packit |
c4476c |
add \$-128,%rsp
|
|
Packit |
c4476c |
mov 12($ivp),$counter
|
|
Packit |
c4476c |
lea .Lbswap_mask(%rip),$const
|
|
Packit |
c4476c |
lea -0x80($key),$in0 # borrow $in0
|
|
Packit |
c4476c |
mov \$0xf80,$end0 # borrow $end0
|
|
Packit |
c4476c |
lea 0x80($key),$key # size optimization
|
|
Packit |
c4476c |
vmovdqu ($const),$Ii # borrow $Ii for .Lbswap_mask
|
|
Packit |
c4476c |
and \$-128,%rsp # ensure stack alignment
|
|
Packit |
c4476c |
mov 0xf0-0x80($key),$rounds
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
and $end0,$in0
|
|
Packit |
c4476c |
and %rsp,$end0
|
|
Packit |
c4476c |
sub $in0,$end0
|
|
Packit |
c4476c |
jc .Lenc_no_key_aliasing
|
|
Packit |
c4476c |
cmp \$768,$end0
|
|
Packit |
c4476c |
jnc .Lenc_no_key_aliasing
|
|
Packit |
c4476c |
sub $end0,%rsp # avoid aliasing with key
|
|
Packit |
c4476c |
.Lenc_no_key_aliasing:
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
lea ($out),$in0
|
|
Packit |
c4476c |
lea -0xc0($out,$len),$end0
|
|
Packit |
c4476c |
shr \$4,$len
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
call _aesni_ctr32_6x
|
|
Packit |
c4476c |
vpshufb $Ii,$inout0,$Xi # save bswapped output on stack
|
|
Packit |
c4476c |
vpshufb $Ii,$inout1,$T2
|
|
Packit |
c4476c |
vmovdqu $Xi,0x70(%rsp)
|
|
Packit |
c4476c |
vpshufb $Ii,$inout2,$Z0
|
|
Packit |
c4476c |
vmovdqu $T2,0x60(%rsp)
|
|
Packit |
c4476c |
vpshufb $Ii,$inout3,$Z1
|
|
Packit |
c4476c |
vmovdqu $Z0,0x50(%rsp)
|
|
Packit |
c4476c |
vpshufb $Ii,$inout4,$Z2
|
|
Packit |
c4476c |
vmovdqu $Z1,0x40(%rsp)
|
|
Packit |
c4476c |
vpshufb $Ii,$inout5,$Z3 # passed to _aesni_ctr32_ghash_6x
|
|
Packit |
c4476c |
vmovdqu $Z2,0x30(%rsp)
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
call _aesni_ctr32_6x
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovdqu ($Xip),$Xi # load Xi
|
|
Packit |
c4476c |
lea 0x20+0x20($Xip),$Xip # size optimization
|
|
Packit |
c4476c |
sub \$12,$len
|
|
Packit |
c4476c |
mov \$0x60*2,$ret
|
|
Packit |
c4476c |
vpshufb $Ii,$Xi,$Xi
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
call _aesni_ctr32_ghash_6x
|
|
Packit |
c4476c |
vmovdqu 0x20(%rsp),$Z3 # I[5]
|
|
Packit |
c4476c |
vmovdqu ($const),$Ii # borrow $Ii for .Lbswap_mask
|
|
Packit |
c4476c |
vmovdqu 0x00-0x20($Xip),$Hkey # $Hkey^1
|
|
Packit |
c4476c |
vpunpckhqdq $Z3,$Z3,$T1
|
|
Packit |
c4476c |
vmovdqu 0x20-0x20($Xip),$rndkey # borrow $rndkey for $HK
|
|
Packit |
c4476c |
vmovups $inout0,-0x60($out) # save output
|
|
Packit |
c4476c |
vpshufb $Ii,$inout0,$inout0 # but keep bswapped copy
|
|
Packit |
c4476c |
vpxor $Z3,$T1,$T1
|
|
Packit |
c4476c |
vmovups $inout1,-0x50($out)
|
|
Packit |
c4476c |
vpshufb $Ii,$inout1,$inout1
|
|
Packit |
c4476c |
vmovups $inout2,-0x40($out)
|
|
Packit |
c4476c |
vpshufb $Ii,$inout2,$inout2
|
|
Packit |
c4476c |
vmovups $inout3,-0x30($out)
|
|
Packit |
c4476c |
vpshufb $Ii,$inout3,$inout3
|
|
Packit |
c4476c |
vmovups $inout4,-0x20($out)
|
|
Packit |
c4476c |
vpshufb $Ii,$inout4,$inout4
|
|
Packit |
c4476c |
vmovups $inout5,-0x10($out)
|
|
Packit |
c4476c |
vpshufb $Ii,$inout5,$inout5
|
|
Packit |
c4476c |
vmovdqu $inout0,0x10(%rsp) # free $inout0
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
{ my ($HK,$T3)=($rndkey,$inout0);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
$code.=<<___;
|
|
Packit |
c4476c |
vmovdqu 0x30(%rsp),$Z2 # I[4]
|
|
Packit |
c4476c |
vmovdqu 0x10-0x20($Xip),$Ii # borrow $Ii for $Hkey^2
|
|
Packit |
c4476c |
vpunpckhqdq $Z2,$Z2,$T2
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Hkey,$Z3,$Z1
|
|
Packit |
c4476c |
vpxor $Z2,$T2,$T2
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Hkey,$Z3,$Z3
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$HK,$T1,$T1
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovdqu 0x40(%rsp),$T3 # I[3]
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Ii,$Z2,$Z0
|
|
Packit |
c4476c |
vmovdqu 0x30-0x20($Xip),$Hkey # $Hkey^3
|
|
Packit |
c4476c |
vpxor $Z1,$Z0,$Z0
|
|
Packit |
c4476c |
vpunpckhqdq $T3,$T3,$Z1
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Ii,$Z2,$Z2
|
|
Packit |
c4476c |
vpxor $T3,$Z1,$Z1
|
|
Packit |
c4476c |
vpxor $Z3,$Z2,$Z2
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$HK,$T2,$T2
|
|
Packit |
c4476c |
vmovdqu 0x50-0x20($Xip),$HK
|
|
Packit |
c4476c |
vpxor $T1,$T2,$T2
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovdqu 0x50(%rsp),$T1 # I[2]
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Hkey,$T3,$Z3
|
|
Packit |
c4476c |
vmovdqu 0x40-0x20($Xip),$Ii # borrow $Ii for $Hkey^4
|
|
Packit |
c4476c |
vpxor $Z0,$Z3,$Z3
|
|
Packit |
c4476c |
vpunpckhqdq $T1,$T1,$Z0
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Hkey,$T3,$T3
|
|
Packit |
c4476c |
vpxor $T1,$Z0,$Z0
|
|
Packit |
c4476c |
vpxor $Z2,$T3,$T3
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$HK,$Z1,$Z1
|
|
Packit |
c4476c |
vpxor $T2,$Z1,$Z1
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovdqu 0x60(%rsp),$T2 # I[1]
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Ii,$T1,$Z2
|
|
Packit |
c4476c |
vmovdqu 0x60-0x20($Xip),$Hkey # $Hkey^5
|
|
Packit |
c4476c |
vpxor $Z3,$Z2,$Z2
|
|
Packit |
c4476c |
vpunpckhqdq $T2,$T2,$Z3
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Ii,$T1,$T1
|
|
Packit |
c4476c |
vpxor $T2,$Z3,$Z3
|
|
Packit |
c4476c |
vpxor $T3,$T1,$T1
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$HK,$Z0,$Z0
|
|
Packit |
c4476c |
vmovdqu 0x80-0x20($Xip),$HK
|
|
Packit |
c4476c |
vpxor $Z1,$Z0,$Z0
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpxor 0x70(%rsp),$Xi,$Xi # accumulate I[0]
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Hkey,$T2,$Z1
|
|
Packit |
c4476c |
vmovdqu 0x70-0x20($Xip),$Ii # borrow $Ii for $Hkey^6
|
|
Packit |
c4476c |
vpunpckhqdq $Xi,$Xi,$T3
|
|
Packit |
c4476c |
vpxor $Z2,$Z1,$Z1
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Hkey,$T2,$T2
|
|
Packit |
c4476c |
vpxor $Xi,$T3,$T3
|
|
Packit |
c4476c |
vpxor $T1,$T2,$T2
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$HK,$Z3,$Z3
|
|
Packit |
c4476c |
vpxor $Z0,$Z3,$Z0
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Ii,$Xi,$Z2
|
|
Packit |
c4476c |
vmovdqu 0x00-0x20($Xip),$Hkey # $Hkey^1
|
|
Packit |
c4476c |
vpunpckhqdq $inout5,$inout5,$T1
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Ii,$Xi,$Xi
|
|
Packit |
c4476c |
vpxor $inout5,$T1,$T1
|
|
Packit |
c4476c |
vpxor $Z1,$Z2,$Z1
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$HK,$T3,$T3
|
|
Packit |
c4476c |
vmovdqu 0x20-0x20($Xip),$HK
|
|
Packit |
c4476c |
vpxor $T2,$Xi,$Z3
|
|
Packit |
c4476c |
vpxor $Z0,$T3,$Z2
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vmovdqu 0x10-0x20($Xip),$Ii # borrow $Ii for $Hkey^2
|
|
Packit |
c4476c |
vpxor $Z1,$Z3,$T3 # aggregated Karatsuba post-processing
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Hkey,$inout5,$Z0
|
|
Packit |
c4476c |
vpxor $T3,$Z2,$Z2
|
|
Packit |
c4476c |
vpunpckhqdq $inout4,$inout4,$T2
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Hkey,$inout5,$inout5
|
|
Packit |
c4476c |
vpxor $inout4,$T2,$T2
|
|
Packit |
c4476c |
vpslldq \$8,$Z2,$T3
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$HK,$T1,$T1
|
|
Packit |
c4476c |
vpxor $T3,$Z1,$Xi
|
|
Packit |
c4476c |
vpsrldq \$8,$Z2,$Z2
|
|
Packit |
c4476c |
vpxor $Z2,$Z3,$Z3
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Ii,$inout4,$Z1
|
|
Packit |
c4476c |
vmovdqu 0x30-0x20($Xip),$Hkey # $Hkey^3
|
|
Packit |
c4476c |
vpxor $Z0,$Z1,$Z1
|
|
Packit |
c4476c |
vpunpckhqdq $inout3,$inout3,$T3
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Ii,$inout4,$inout4
|
|
Packit |
c4476c |
vpxor $inout3,$T3,$T3
|
|
Packit |
c4476c |
vpxor $inout5,$inout4,$inout4
|
|
Packit |
c4476c |
vpalignr \$8,$Xi,$Xi,$inout5 # 1st phase
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$HK,$T2,$T2
|
|
Packit |
c4476c |
vmovdqu 0x50-0x20($Xip),$HK
|
|
Packit |
c4476c |
vpxor $T1,$T2,$T2
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Hkey,$inout3,$Z0
|
|
Packit |
c4476c |
vmovdqu 0x40-0x20($Xip),$Ii # borrow $Ii for $Hkey^4
|
|
Packit |
c4476c |
vpxor $Z1,$Z0,$Z0
|
|
Packit |
c4476c |
vpunpckhqdq $inout2,$inout2,$T1
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Hkey,$inout3,$inout3
|
|
Packit |
c4476c |
vpxor $inout2,$T1,$T1
|
|
Packit |
c4476c |
vpxor $inout4,$inout3,$inout3
|
|
Packit |
c4476c |
vxorps 0x10(%rsp),$Z3,$Z3 # accumulate $inout0
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$HK,$T3,$T3
|
|
Packit |
c4476c |
vpxor $T2,$T3,$T3
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,0x10($const),$Xi,$Xi
|
|
Packit |
c4476c |
vxorps $inout5,$Xi,$Xi
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Ii,$inout2,$Z1
|
|
Packit |
c4476c |
vmovdqu 0x60-0x20($Xip),$Hkey # $Hkey^5
|
|
Packit |
c4476c |
vpxor $Z0,$Z1,$Z1
|
|
Packit |
c4476c |
vpunpckhqdq $inout1,$inout1,$T2
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Ii,$inout2,$inout2
|
|
Packit |
c4476c |
vpxor $inout1,$T2,$T2
|
|
Packit |
c4476c |
vpalignr \$8,$Xi,$Xi,$inout5 # 2nd phase
|
|
Packit |
c4476c |
vpxor $inout3,$inout2,$inout2
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$HK,$T1,$T1
|
|
Packit |
c4476c |
vmovdqu 0x80-0x20($Xip),$HK
|
|
Packit |
c4476c |
vpxor $T3,$T1,$T1
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vxorps $Z3,$inout5,$inout5
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,0x10($const),$Xi,$Xi
|
|
Packit |
c4476c |
vxorps $inout5,$Xi,$Xi
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Hkey,$inout1,$Z0
|
|
Packit |
c4476c |
vmovdqu 0x70-0x20($Xip),$Ii # borrow $Ii for $Hkey^6
|
|
Packit |
c4476c |
vpxor $Z1,$Z0,$Z0
|
|
Packit |
c4476c |
vpunpckhqdq $Xi,$Xi,$T3
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Hkey,$inout1,$inout1
|
|
Packit |
c4476c |
vpxor $Xi,$T3,$T3
|
|
Packit |
c4476c |
vpxor $inout2,$inout1,$inout1
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$HK,$T2,$T2
|
|
Packit |
c4476c |
vpxor $T1,$T2,$T2
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpclmulqdq \$0x00,$Ii,$Xi,$Z1
|
|
Packit |
c4476c |
vpclmulqdq \$0x11,$Ii,$Xi,$Z3
|
|
Packit |
c4476c |
vpxor $Z0,$Z1,$Z1
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$HK,$T3,$Z2
|
|
Packit |
c4476c |
vpxor $inout1,$Z3,$Z3
|
|
Packit |
c4476c |
vpxor $T2,$Z2,$Z2
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpxor $Z1,$Z3,$Z0 # aggregated Karatsuba post-processing
|
|
Packit |
c4476c |
vpxor $Z0,$Z2,$Z2
|
|
Packit |
c4476c |
vpslldq \$8,$Z2,$T1
|
|
Packit |
c4476c |
vmovdqu 0x10($const),$Hkey # .Lpoly
|
|
Packit |
c4476c |
vpsrldq \$8,$Z2,$Z2
|
|
Packit |
c4476c |
vpxor $T1,$Z1,$Xi
|
|
Packit |
c4476c |
vpxor $Z2,$Z3,$Z3
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpalignr \$8,$Xi,$Xi,$T2 # 1st phase
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$Hkey,$Xi,$Xi
|
|
Packit |
c4476c |
vpxor $T2,$Xi,$Xi
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vpalignr \$8,$Xi,$Xi,$T2 # 2nd phase
|
|
Packit |
c4476c |
vpclmulqdq \$0x10,$Hkey,$Xi,$Xi
|
|
Packit |
c4476c |
vpxor $Z3,$T2,$T2
|
|
Packit |
c4476c |
vpxor $T2,$Xi,$Xi
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
$code.=<<___;
|
|
Packit |
c4476c |
vpshufb ($const),$Xi,$Xi # .Lbswap_mask
|
|
Packit |
c4476c |
vmovdqu $Xi,-0x40($Xip) # output Xi
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
vzeroupper
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
$code.=<<___ if ($win64);
|
|
Packit |
c4476c |
movaps -0xd8(%rax),%xmm6
|
|
Packit |
c4476c |
movaps -0xc8(%rax),%xmm7
|
|
Packit |
c4476c |
movaps -0xb8(%rax),%xmm8
|
|
Packit |
c4476c |
movaps -0xa8(%rax),%xmm9
|
|
Packit |
c4476c |
movaps -0x98(%rax),%xmm10
|
|
Packit |
c4476c |
movaps -0x88(%rax),%xmm11
|
|
Packit |
c4476c |
movaps -0x78(%rax),%xmm12
|
|
Packit |
c4476c |
movaps -0x68(%rax),%xmm13
|
|
Packit |
c4476c |
movaps -0x58(%rax),%xmm14
|
|
Packit |
c4476c |
movaps -0x48(%rax),%xmm15
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
$code.=<<___;
|
|
Packit |
c4476c |
mov -48(%rax),%r15
|
|
Packit |
c4476c |
.cfi_restore %r15
|
|
Packit |
c4476c |
mov -40(%rax),%r14
|
|
Packit |
c4476c |
.cfi_restore %r14
|
|
Packit |
c4476c |
mov -32(%rax),%r13
|
|
Packit |
c4476c |
.cfi_restore %r13
|
|
Packit |
c4476c |
mov -24(%rax),%r12
|
|
Packit |
c4476c |
.cfi_restore %r12
|
|
Packit |
c4476c |
mov -16(%rax),%rbp
|
|
Packit |
c4476c |
.cfi_restore %rbp
|
|
Packit |
c4476c |
mov -8(%rax),%rbx
|
|
Packit |
c4476c |
.cfi_restore %rbx
|
|
Packit |
c4476c |
lea (%rax),%rsp # restore %rsp
|
|
Packit |
c4476c |
.cfi_def_cfa_register %rsp
|
|
Packit |
c4476c |
.Lgcm_enc_abort:
|
|
Packit |
c4476c |
mov $ret,%rax # return value
|
|
Packit |
c4476c |
ret
|
|
Packit |
c4476c |
.cfi_endproc
|
|
Packit |
c4476c |
.size aesni_gcm_encrypt,.-aesni_gcm_encrypt
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
$code.=<<___;
|
|
Packit |
c4476c |
.align 64
|
|
Packit |
c4476c |
.Lbswap_mask:
|
|
Packit |
c4476c |
.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
|
|
Packit |
c4476c |
.Lpoly:
|
|
Packit |
c4476c |
.byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
|
|
Packit |
c4476c |
.Lone_msb:
|
|
Packit |
c4476c |
.byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
|
|
Packit |
c4476c |
.Ltwo_lsb:
|
|
Packit |
c4476c |
.byte 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
|
|
Packit |
c4476c |
.Lone_lsb:
|
|
Packit |
c4476c |
.byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
|
|
Packit |
c4476c |
.asciz "AES-NI GCM module for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
|
|
Packit |
c4476c |
.align 64
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
if ($win64) {
|
|
Packit |
c4476c |
$rec="%rcx";
|
|
Packit |
c4476c |
$frame="%rdx";
|
|
Packit |
c4476c |
$context="%r8";
|
|
Packit |
c4476c |
$disp="%r9";
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
$code.=<<___
|
|
Packit |
c4476c |
.extern __imp_RtlVirtualUnwind
|
|
Packit |
c4476c |
.type gcm_se_handler,\@abi-omnipotent
|
|
Packit |
c4476c |
.align 16
|
|
Packit |
c4476c |
gcm_se_handler:
|
|
Packit |
c4476c |
push %rsi
|
|
Packit |
c4476c |
push %rdi
|
|
Packit |
c4476c |
push %rbx
|
|
Packit |
c4476c |
push %rbp
|
|
Packit |
c4476c |
push %r12
|
|
Packit |
c4476c |
push %r13
|
|
Packit |
c4476c |
push %r14
|
|
Packit |
c4476c |
push %r15
|
|
Packit |
c4476c |
pushfq
|
|
Packit |
c4476c |
sub \$64,%rsp
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov 120($context),%rax # pull context->Rax
|
|
Packit |
c4476c |
mov 248($context),%rbx # pull context->Rip
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov 8($disp),%rsi # disp->ImageBase
|
|
Packit |
c4476c |
mov 56($disp),%r11 # disp->HandlerData
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov 0(%r11),%r10d # HandlerData[0]
|
|
Packit |
c4476c |
lea (%rsi,%r10),%r10 # prologue label
|
|
Packit |
c4476c |
cmp %r10,%rbx # context->Rip
|
|
Packit |
c4476c |
jb .Lcommon_seh_tail
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov 152($context),%rax # pull context->Rsp
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov 4(%r11),%r10d # HandlerData[1]
|
|
Packit |
c4476c |
lea (%rsi,%r10),%r10 # epilogue label
|
|
Packit |
c4476c |
cmp %r10,%rbx # context->Rip>=epilogue label
|
|
Packit |
c4476c |
jae .Lcommon_seh_tail
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov 120($context),%rax # pull context->Rax
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov -48(%rax),%r15
|
|
Packit |
c4476c |
mov -40(%rax),%r14
|
|
Packit |
c4476c |
mov -32(%rax),%r13
|
|
Packit |
c4476c |
mov -24(%rax),%r12
|
|
Packit |
c4476c |
mov -16(%rax),%rbp
|
|
Packit |
c4476c |
mov -8(%rax),%rbx
|
|
Packit |
c4476c |
mov %r15,240($context)
|
|
Packit |
c4476c |
mov %r14,232($context)
|
|
Packit |
c4476c |
mov %r13,224($context)
|
|
Packit |
c4476c |
mov %r12,216($context)
|
|
Packit |
c4476c |
mov %rbp,160($context)
|
|
Packit |
c4476c |
mov %rbx,144($context)
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
lea -0xd8(%rax),%rsi # %xmm save area
|
|
Packit |
c4476c |
lea 512($context),%rdi # & context.Xmm6
|
|
Packit |
c4476c |
mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax)
|
|
Packit |
c4476c |
.long 0xa548f3fc # cld; rep movsq
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.Lcommon_seh_tail:
|
|
Packit |
c4476c |
mov 8(%rax),%rdi
|
|
Packit |
c4476c |
mov 16(%rax),%rsi
|
|
Packit |
c4476c |
mov %rax,152($context) # restore context->Rsp
|
|
Packit |
c4476c |
mov %rsi,168($context) # restore context->Rsi
|
|
Packit |
c4476c |
mov %rdi,176($context) # restore context->Rdi
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov 40($disp),%rdi # disp->ContextRecord
|
|
Packit |
c4476c |
mov $context,%rsi # context
|
|
Packit |
c4476c |
mov \$154,%ecx # sizeof(CONTEXT)
|
|
Packit |
c4476c |
.long 0xa548f3fc # cld; rep movsq
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov $disp,%rsi
|
|
Packit |
c4476c |
xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
|
|
Packit |
c4476c |
mov 8(%rsi),%rdx # arg2, disp->ImageBase
|
|
Packit |
c4476c |
mov 0(%rsi),%r8 # arg3, disp->ControlPc
|
|
Packit |
c4476c |
mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
|
|
Packit |
c4476c |
mov 40(%rsi),%r10 # disp->ContextRecord
|
|
Packit |
c4476c |
lea 56(%rsi),%r11 # &disp->HandlerData
|
|
Packit |
c4476c |
lea 24(%rsi),%r12 # &disp->EstablisherFrame
|
|
Packit |
c4476c |
mov %r10,32(%rsp) # arg5
|
|
Packit |
c4476c |
mov %r11,40(%rsp) # arg6
|
|
Packit |
c4476c |
mov %r12,48(%rsp) # arg7
|
|
Packit |
c4476c |
mov %rcx,56(%rsp) # arg8, (NULL)
|
|
Packit |
c4476c |
call *__imp_RtlVirtualUnwind(%rip)
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
mov \$1,%eax # ExceptionContinueSearch
|
|
Packit |
c4476c |
add \$64,%rsp
|
|
Packit |
c4476c |
popfq
|
|
Packit |
c4476c |
pop %r15
|
|
Packit |
c4476c |
pop %r14
|
|
Packit |
c4476c |
pop %r13
|
|
Packit |
c4476c |
pop %r12
|
|
Packit |
c4476c |
pop %rbp
|
|
Packit |
c4476c |
pop %rbx
|
|
Packit |
c4476c |
pop %rdi
|
|
Packit |
c4476c |
pop %rsi
|
|
Packit |
c4476c |
ret
|
|
Packit |
c4476c |
.size gcm_se_handler,.-gcm_se_handler
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.section .pdata
|
|
Packit |
c4476c |
.align 4
|
|
Packit |
c4476c |
.rva .LSEH_begin_aesni_gcm_decrypt
|
|
Packit |
c4476c |
.rva .LSEH_end_aesni_gcm_decrypt
|
|
Packit |
c4476c |
.rva .LSEH_gcm_dec_info
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.rva .LSEH_begin_aesni_gcm_encrypt
|
|
Packit |
c4476c |
.rva .LSEH_end_aesni_gcm_encrypt
|
|
Packit |
c4476c |
.rva .LSEH_gcm_enc_info
|
|
Packit |
c4476c |
.section .xdata
|
|
Packit |
c4476c |
.align 8
|
|
Packit |
c4476c |
.LSEH_gcm_dec_info:
|
|
Packit |
c4476c |
.byte 9,0,0,0
|
|
Packit |
c4476c |
.rva gcm_se_handler
|
|
Packit |
c4476c |
.rva .Lgcm_dec_body,.Lgcm_dec_abort
|
|
Packit |
c4476c |
.LSEH_gcm_enc_info:
|
|
Packit |
c4476c |
.byte 9,0,0,0
|
|
Packit |
c4476c |
.rva gcm_se_handler
|
|
Packit |
c4476c |
.rva .Lgcm_enc_body,.Lgcm_enc_abort
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
}}} else {{{
|
|
Packit |
c4476c |
$code=<<___; # assembler is too old
|
|
Packit |
c4476c |
.text
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.globl aesni_gcm_encrypt
|
|
Packit |
c4476c |
.type aesni_gcm_encrypt,\@abi-omnipotent
|
|
Packit |
c4476c |
aesni_gcm_encrypt:
|
|
Packit |
c4476c |
.cfi_startproc
|
|
Packit |
c4476c |
xor %eax,%eax
|
|
Packit |
c4476c |
ret
|
|
Packit |
c4476c |
.cfi_endproc
|
|
Packit |
c4476c |
.size aesni_gcm_encrypt,.-aesni_gcm_encrypt
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
.globl aesni_gcm_decrypt
|
|
Packit |
c4476c |
.type aesni_gcm_decrypt,\@abi-omnipotent
|
|
Packit |
c4476c |
aesni_gcm_decrypt:
|
|
Packit |
c4476c |
.cfi_startproc
|
|
Packit |
c4476c |
xor %eax,%eax
|
|
Packit |
c4476c |
ret
|
|
Packit |
c4476c |
.cfi_endproc
|
|
Packit |
c4476c |
.size aesni_gcm_decrypt,.-aesni_gcm_decrypt
|
|
Packit |
c4476c |
___
|
|
Packit |
c4476c |
}}}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
print $code;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
close STDOUT or die "error closing STDOUT: $!";
|