3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
10 # GHASH for for PowerISA v2.07.
14 # Initial version is 2.27x slower than hardware-assisted AES-128-CTR,
15 # 11x faster than "4-bit" integer-only compiler-generated 64-bit code.
20 if ($flavour =~ /64/) {
26 } elsif ($flavour =~ /32/) {
32 } else { die "nonsense $flavour"; }
34 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
35 ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
36 ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
37 die "can't locate ppc-xlate.pl";
39 open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
41 my ($Xip,$Htbl,$inp,$len)=map("r$_",(3..6)); # argument block
43 my ($Xl,$Xm,$Xh,$IN)=map("v$_",(0..3));
44 my ($zero,$t0,$t1,$t2,$xC2,$H,$Hh,$Hl,$lemask)=map("v$_",(4..12));
61 lvx_u $H,0,r4 # load H
63 vspltisb $xC2,-16 # 0xf0
65 vaddubm $xC2,$xC2,$xC2 # 0xe0
66 vxor $zero,$zero,$zero
67 vor $xC2,$xC2,$t0 # 0xe1
68 vsldoi $xC2,$xC2,$zero,15 # 0xe1...
69 vsldoi $t1,$zero,$t0,1 # ...1
70 vaddubm $xC2,$xC2,$xC2 # 0xc2...
72 vor $xC2,$xC2,$t1 # 0xc2....01
73 vspltb $t1,$H,0 # most significant byte
75 vsrab $t1,$t1,$t2 # broadcast carry bit
77 vxor $H,$H,$t1 # twisted H
79 vsldoi $H,$H,$H,8 # twist even more ...
80 vsldoi $xC2,$zero,$xC2,8 # 0xc2.0
81 vsldoi $Hl,$zero,$H,8 # ... and split
84 stvx_u $xC2,0,r3 # save pre-computed table
92 .byte 0,12,0x14,0,0,0,2,0
94 .size .gcm_init_p8,.-.gcm_init_p8
105 lvx_u $IN,0,$Xip # load Xi
107 lvx_u $Hl,r8,$Htbl # load pre-computed table
108 le?lvsl $lemask,r0,r0
112 le?vxor $lemask,$lemask,$t0
114 le?vperm $IN,$IN,$IN,$lemask
115 vxor $zero,$zero,$zero
117 vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo
118 vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi
119 vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi
121 vpmsumd $t2,$Xl,$xC2 # 1st phase
123 vsldoi $t0,$Xm,$zero,8
124 vsldoi $t1,$zero,$Xm,8
131 vsldoi $t1,$Xl,$Xl,8 # 2nd phase
136 le?vperm $Xl,$Xl,$Xl,$lemask
137 stvx_u $Xl,0,$Xip # write out Xi
142 .byte 0,12,0x14,0,0,0,2,0
144 .size .gcm_gmult_p8,.-.gcm_gmult_p8
155 lvx_u $Xl,0,$Xip # load Xi
157 lvx_u $Hl,r8,$Htbl # load pre-computed table
158 le?lvsl $lemask,r0,r0
162 le?vxor $lemask,$lemask,$t0
164 le?vperm $Xl,$Xl,$Xl,$lemask
165 vxor $zero,$zero,$zero
170 le?vperm $IN,$IN,$IN,$lemask
178 vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo
179 subfe. r0,r0,r0 # borrow?-1:0
180 vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi
182 vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi
185 vpmsumd $t2,$Xl,$xC2 # 1st phase
187 vsldoi $t0,$Xm,$zero,8
188 vsldoi $t1,$zero,$Xm,8
197 vsldoi $t1,$Xl,$Xl,8 # 2nd phase
200 le?vperm $IN,$IN,$IN,$lemask
202 beq Loop # did $len-=16 borrow?
204 le?vperm $Xl,$Xl,$Xl,$lemask
205 stvx_u $Xl,0,$Xip # write out Xi
210 .byte 0,12,0x14,0,0,0,4,0
212 .size .gcm_ghash_p8,.-.gcm_ghash_p8
214 .asciz "GHASH for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
218 foreach (split("\n",$code)) {
219 if ($flavour =~ /le$/o) { # little-endian
229 close STDOUT; # enforce flush