1#! /usr/bin/env perl 2# SPDX-License-Identifier: GPL-2.0 3 4# This code is taken from CRYPTOGAMs[1] and is included here using the option 5# in the license to distribute the code under the GPL. Therefore this program 6# is free software; you can redistribute it and/or modify it under the terms of 7# the GNU General Public License version 2 as published by the Free Software 8# Foundation. 9# 10# [1] https://www.openssl.org/~appro/cryptogams/ 11 12# Copyright (c) 2006-2017, CRYPTOGAMS by <appro@openssl.org> 13# All rights reserved. 14# 15# Redistribution and use in source and binary forms, with or without 16# modification, are permitted provided that the following conditions 17# are met: 18# 19# * Redistributions of source code must retain copyright notices, 20# this list of conditions and the following disclaimer. 21# 22# * Redistributions in binary form must reproduce the above 23# copyright notice, this list of conditions and the following 24# disclaimer in the documentation and/or other materials 25# provided with the distribution. 26# 27# * Neither the name of the CRYPTOGAMS nor the names of its 28# copyright holder and contributors may be used to endorse or 29# promote products derived from this software without specific 30# prior written permission. 31# 32# ALTERNATIVELY, provided that this notice is retained in full, this 33# product may be distributed under the terms of the GNU General Public 34# License (GPL), in which case the provisions of the GPL apply INSTEAD OF 35# those given above. 36# 37# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS 38# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 39# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 40# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 41# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 42# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 43# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 44# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 45# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 46# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 47# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 48 49# ==================================================================== 50# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL 51# project. The module is, however, dual licensed under OpenSSL and 52# CRYPTOGAMS licenses depending on where you obtain it. For further 53# details see http://www.openssl.org/~appro/cryptogams/. 54# ==================================================================== 55# 56# This module implements support for AES instructions as per PowerISA 57# specification version 2.07, first implemented by POWER8 processor. 58# The module is endian-agnostic in sense that it supports both big- 59# and little-endian cases. Data alignment in parallelizable modes is 60# handled with VSX loads and stores, which implies MSR.VSX flag being 61# set. It should also be noted that ISA specification doesn't prohibit 62# alignment exceptions for these instructions on page boundaries. 63# Initially alignment was handled in pure AltiVec/VMX way [when data 64# is aligned programmatically, which in turn guarantees exception- 65# free execution], but it turned to hamper performance when vcipher 66# instructions are interleaved. It's reckoned that eventual 67# misalignment penalties at page boundaries are in average lower 68# than additional overhead in pure AltiVec approach. 69# 70# May 2016 71# 72# Add XTS subroutine, 9x on little- and 12x improvement on big-endian 73# systems were measured. 74# 75###################################################################### 76# Current large-block performance in cycles per byte processed with 77# 128-bit key (less is better). 78# 79# CBC en-/decrypt CTR XTS 80# POWER8[le] 3.96/0.72 0.74 1.1 81# POWER8[be] 3.75/0.65 0.66 1.0 82 83$flavour = shift; 84 85if ($flavour =~ /64/) { 86 $SIZE_T =8; 87 $LRSAVE =2*$SIZE_T; 88 $STU ="stdu"; 89 $POP ="ld"; 90 $PUSH ="std"; 91 $UCMP ="cmpld"; 92 $SHL ="sldi"; 93} elsif ($flavour =~ /32/) { 94 $SIZE_T =4; 95 $LRSAVE =$SIZE_T; 96 $STU ="stwu"; 97 $POP ="lwz"; 98 $PUSH ="stw"; 99 $UCMP ="cmplw"; 100 $SHL ="slwi"; 101} else { die "nonsense $flavour"; } 102 103$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0; 104 105$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; 106( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or 107( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or 108die "can't locate ppc-xlate.pl"; 109 110open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; 111 112$FRAME=8*$SIZE_T; 113$prefix="aes_p8"; 114 115$sp="r1"; 116$vrsave="r12"; 117 118######################################################################### 119{{{ # Key setup procedures # 120my ($inp,$bits,$out,$ptr,$cnt,$rounds)=map("r$_",(3..8)); 121my ($zero,$in0,$in1,$key,$rcon,$mask,$tmp)=map("v$_",(0..6)); 122my ($stage,$outperm,$outmask,$outhead,$outtail)=map("v$_",(7..11)); 123 124$code.=<<___; 125.machine "any" 126 127.text 128 129.align 7 130rcon: 131.long 0x01000000, 0x01000000, 0x01000000, 0x01000000 ?rev 132.long 0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000 ?rev 133.long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev 134.long 0,0,0,0 ?asis 135Lconsts: 136 mflr r0 137 bcl 20,31,\$+4 138 mflr $ptr #vvvvv "distance between . and rcon 139 addi $ptr,$ptr,-0x48 140 mtlr r0 141 blr 142 .long 0 143 .byte 0,12,0x14,0,0,0,0,0 144.asciz "AES for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>" 145 146.globl .${prefix}_set_encrypt_key 147Lset_encrypt_key: 148 mflr r11 149 $PUSH r11,$LRSAVE($sp) 150 151 li $ptr,-1 152 ${UCMP}i $inp,0 153 beq- Lenc_key_abort # if ($inp==0) return -1; 154 ${UCMP}i $out,0 155 beq- Lenc_key_abort # if ($out==0) return -1; 156 li $ptr,-2 157 cmpwi $bits,128 158 blt- Lenc_key_abort 159 cmpwi $bits,256 160 bgt- Lenc_key_abort 161 andi. r0,$bits,0x3f 162 bne- Lenc_key_abort 163 164 lis r0,0xfff0 165 mfspr $vrsave,256 166 mtspr 256,r0 167 168 bl Lconsts 169 mtlr r11 170 171 neg r9,$inp 172 lvx $in0,0,$inp 173 addi $inp,$inp,15 # 15 is not typo 174 lvsr $key,0,r9 # borrow $key 175 li r8,0x20 176 cmpwi $bits,192 177 lvx $in1,0,$inp 178 le?vspltisb $mask,0x0f # borrow $mask 179 lvx $rcon,0,$ptr 180 le?vxor $key,$key,$mask # adjust for byte swap 181 lvx $mask,r8,$ptr 182 addi $ptr,$ptr,0x10 183 vperm $in0,$in0,$in1,$key # align [and byte swap in LE] 184 li $cnt,8 185 vxor $zero,$zero,$zero 186 mtctr $cnt 187 188 ?lvsr $outperm,0,$out 189 vspltisb $outmask,-1 190 lvx $outhead,0,$out 191 ?vperm $outmask,$zero,$outmask,$outperm 192 193 blt Loop128 194 addi $inp,$inp,8 195 beq L192 196 addi $inp,$inp,8 197 b L256 198 199.align 4 200Loop128: 201 vperm $key,$in0,$in0,$mask # rotate-n-splat 202 vsldoi $tmp,$zero,$in0,12 # >>32 203 vperm $outtail,$in0,$in0,$outperm # rotate 204 vsel $stage,$outhead,$outtail,$outmask 205 vmr $outhead,$outtail 206 vcipherlast $key,$key,$rcon 207 stvx $stage,0,$out 208 addi $out,$out,16 209 210 vxor $in0,$in0,$tmp 211 vsldoi $tmp,$zero,$tmp,12 # >>32 212 vxor $in0,$in0,$tmp 213 vsldoi $tmp,$zero,$tmp,12 # >>32 214 vxor $in0,$in0,$tmp 215 vadduwm $rcon,$rcon,$rcon 216 vxor $in0,$in0,$key 217 bdnz Loop128 218 219 lvx $rcon,0,$ptr # last two round keys 220 221 vperm $key,$in0,$in0,$mask # rotate-n-splat 222 vsldoi $tmp,$zero,$in0,12 # >>32 223 vperm $outtail,$in0,$in0,$outperm # rotate 224 vsel $stage,$outhead,$outtail,$outmask 225 vmr $outhead,$outtail 226 vcipherlast $key,$key,$rcon 227 stvx $stage,0,$out 228 addi $out,$out,16 229 230 vxor $in0,$in0,$tmp 231 vsldoi $tmp,$zero,$tmp,12 # >>32 232 vxor $in0,$in0,$tmp 233 vsldoi $tmp,$zero,$tmp,12 # >>32 234 vxor $in0,$in0,$tmp 235 vadduwm $rcon,$rcon,$rcon 236 vxor $in0,$in0,$key 237 238 vperm $key,$in0,$in0,$mask # rotate-n-splat 239 vsldoi $tmp,$zero,$in0,12 # >>32 240 vperm $outtail,$in0,$in0,$outperm # rotate 241 vsel $stage,$outhead,$outtail,$outmask 242 vmr $outhead,$outtail 243 vcipherlast $key,$key,$rcon 244 stvx $stage,0,$out 245 addi $out,$out,16 246 247 vxor $in0,$in0,$tmp 248 vsldoi $tmp,$zero,$tmp,12 # >>32 249 vxor $in0,$in0,$tmp 250 vsldoi $tmp,$zero,$tmp,12 # >>32 251 vxor $in0,$in0,$tmp 252 vxor $in0,$in0,$key 253 vperm $outtail,$in0,$in0,$outperm # rotate 254 vsel $stage,$outhead,$outtail,$outmask 255 vmr $outhead,$outtail 256 stvx $stage,0,$out 257 258 addi $inp,$out,15 # 15 is not typo 259 addi $out,$out,0x50 260 261 li $rounds,10 262 b Ldone 263 264.align 4 265L192: 266 lvx $tmp,0,$inp 267 li $cnt,4 268 vperm $outtail,$in0,$in0,$outperm # rotate 269 vsel $stage,$outhead,$outtail,$outmask 270 vmr $outhead,$outtail 271 stvx $stage,0,$out 272 addi $out,$out,16 273 vperm $in1,$in1,$tmp,$key # align [and byte swap in LE] 274 vspltisb $key,8 # borrow $key 275 mtctr $cnt 276 vsububm $mask,$mask,$key # adjust the mask 277 278Loop192: 279 vperm $key,$in1,$in1,$mask # roate-n-splat 280 vsldoi $tmp,$zero,$in0,12 # >>32 281 vcipherlast $key,$key,$rcon 282 283 vxor $in0,$in0,$tmp 284 vsldoi $tmp,$zero,$tmp,12 # >>32 285 vxor $in0,$in0,$tmp 286 vsldoi $tmp,$zero,$tmp,12 # >>32 287 vxor $in0,$in0,$tmp 288 289 vsldoi $stage,$zero,$in1,8 290 vspltw $tmp,$in0,3 291 vxor $tmp,$tmp,$in1 292 vsldoi $in1,$zero,$in1,12 # >>32 293 vadduwm $rcon,$rcon,$rcon 294 vxor $in1,$in1,$tmp 295 vxor $in0,$in0,$key 296 vxor $in1,$in1,$key 297 vsldoi $stage,$stage,$in0,8 298 299 vperm $key,$in1,$in1,$mask # rotate-n-splat 300 vsldoi $tmp,$zero,$in0,12 # >>32 301 vperm $outtail,$stage,$stage,$outperm # rotate 302 vsel $stage,$outhead,$outtail,$outmask 303 vmr $outhead,$outtail 304 vcipherlast $key,$key,$rcon 305 stvx $stage,0,$out 306 addi $out,$out,16 307 308 vsldoi $stage,$in0,$in1,8 309 vxor $in0,$in0,$tmp 310 vsldoi $tmp,$zero,$tmp,12 # >>32 311 vperm $outtail,$stage,$stage,$outperm # rotate 312 vsel $stage,$outhead,$outtail,$outmask 313 vmr $outhead,$outtail 314 vxor $in0,$in0,$tmp 315 vsldoi $tmp,$zero,$tmp,12 # >>32 316 vxor $in0,$in0,$tmp 317 stvx $stage,0,$out 318 addi $out,$out,16 319 320 vspltw $tmp,$in0,3 321 vxor $tmp,$tmp,$in1 322 vsldoi $in1,$zero,$in1,12 # >>32 323 vadduwm $rcon,$rcon,$rcon 324 vxor $in1,$in1,$tmp 325 vxor $in0,$in0,$key 326 vxor $in1,$in1,$key 327 vperm $outtail,$in0,$in0,$outperm # rotate 328 vsel $stage,$outhead,$outtail,$outmask 329 vmr $outhead,$outtail 330 stvx $stage,0,$out 331 addi $inp,$out,15 # 15 is not typo 332 addi $out,$out,16 333 bdnz Loop192 334 335 li $rounds,12 336 addi $out,$out,0x20 337 b Ldone 338 339.align 4 340L256: 341 lvx $tmp,0,$inp 342 li $cnt,7 343 li $rounds,14 344 vperm $outtail,$in0,$in0,$outperm # rotate 345 vsel $stage,$outhead,$outtail,$outmask 346 vmr $outhead,$outtail 347 stvx $stage,0,$out 348 addi $out,$out,16 349 vperm $in1,$in1,$tmp,$key # align [and byte swap in LE] 350 mtctr $cnt 351 352Loop256: 353 vperm $key,$in1,$in1,$mask # rotate-n-splat 354 vsldoi $tmp,$zero,$in0,12 # >>32 355 vperm $outtail,$in1,$in1,$outperm # rotate 356 vsel $stage,$outhead,$outtail,$outmask 357 vmr $outhead,$outtail 358 vcipherlast $key,$key,$rcon 359 stvx $stage,0,$out 360 addi $out,$out,16 361 362 vxor $in0,$in0,$tmp 363 vsldoi $tmp,$zero,$tmp,12 # >>32 364 vxor $in0,$in0,$tmp 365 vsldoi $tmp,$zero,$tmp,12 # >>32 366 vxor $in0,$in0,$tmp 367 vadduwm $rcon,$rcon,$rcon 368 vxor $in0,$in0,$key 369 vperm $outtail,$in0,$in0,$outperm # rotate 370 vsel $stage,$outhead,$outtail,$outmask 371 vmr $outhead,$outtail 372 stvx $stage,0,$out 373 addi $inp,$out,15 # 15 is not typo 374 addi $out,$out,16 375 bdz Ldone 376 377 vspltw $key,$in0,3 # just splat 378 vsldoi $tmp,$zero,$in1,12 # >>32 379 vsbox $key,$key 380 381 vxor $in1,$in1,$tmp 382 vsldoi $tmp,$zero,$tmp,12 # >>32 383 vxor $in1,$in1,$tmp 384 vsldoi $tmp,$zero,$tmp,12 # >>32 385 vxor $in1,$in1,$tmp 386 387 vxor $in1,$in1,$key 388 b Loop256 389 390.align 4 391Ldone: 392 lvx $in1,0,$inp # redundant in aligned case 393 vsel $in1,$outhead,$in1,$outmask 394 stvx $in1,0,$inp 395 li $ptr,0 396 mtspr 256,$vrsave 397 stw $rounds,0($out) 398 399Lenc_key_abort: 400 mr r3,$ptr 401 blr 402 .long 0 403 .byte 0,12,0x14,1,0,0,3,0 404 .long 0 405.size .${prefix}_set_encrypt_key,.-.${prefix}_set_encrypt_key 406 407.globl .${prefix}_set_decrypt_key 408 $STU $sp,-$FRAME($sp) 409 mflr r10 410 $PUSH r10,$FRAME+$LRSAVE($sp) 411 bl Lset_encrypt_key 412 mtlr r10 413 414 cmpwi r3,0 415 bne- Ldec_key_abort 416 417 slwi $cnt,$rounds,4 418 subi $inp,$out,240 # first round key 419 srwi $rounds,$rounds,1 420 add $out,$inp,$cnt # last round key 421 mtctr $rounds 422 423Ldeckey: 424 lwz r0, 0($inp) 425 lwz r6, 4($inp) 426 lwz r7, 8($inp) 427 lwz r8, 12($inp) 428 addi $inp,$inp,16 429 lwz r9, 0($out) 430 lwz r10,4($out) 431 lwz r11,8($out) 432 lwz r12,12($out) 433 stw r0, 0($out) 434 stw r6, 4($out) 435 stw r7, 8($out) 436 stw r8, 12($out) 437 subi $out,$out,16 438 stw r9, -16($inp) 439 stw r10,-12($inp) 440 stw r11,-8($inp) 441 stw r12,-4($inp) 442 bdnz Ldeckey 443 444 xor r3,r3,r3 # return value 445Ldec_key_abort: 446 addi $sp,$sp,$FRAME 447 blr 448 .long 0 449 .byte 0,12,4,1,0x80,0,3,0 450 .long 0 451.size .${prefix}_set_decrypt_key,.-.${prefix}_set_decrypt_key 452___ 453}}} 454######################################################################### 455{{{ # Single block en- and decrypt procedures # 456sub gen_block () { 457my $dir = shift; 458my $n = $dir eq "de" ? "n" : ""; 459my ($inp,$out,$key,$rounds,$idx)=map("r$_",(3..7)); 460 461$code.=<<___; 462.globl .${prefix}_${dir}crypt 463 lwz $rounds,240($key) 464 lis r0,0xfc00 465 mfspr $vrsave,256 466 li $idx,15 # 15 is not typo 467 mtspr 256,r0 468 469 lvx v0,0,$inp 470 neg r11,$out 471 lvx v1,$idx,$inp 472 lvsl v2,0,$inp # inpperm 473 le?vspltisb v4,0x0f 474 ?lvsl v3,0,r11 # outperm 475 le?vxor v2,v2,v4 476 li $idx,16 477 vperm v0,v0,v1,v2 # align [and byte swap in LE] 478 lvx v1,0,$key 479 ?lvsl v5,0,$key # keyperm 480 srwi $rounds,$rounds,1 481 lvx v2,$idx,$key 482 addi $idx,$idx,16 483 subi $rounds,$rounds,1 484 ?vperm v1,v1,v2,v5 # align round key 485 486 vxor v0,v0,v1 487 lvx v1,$idx,$key 488 addi $idx,$idx,16 489 mtctr $rounds 490 491Loop_${dir}c: 492 ?vperm v2,v2,v1,v5 493 v${n}cipher v0,v0,v2 494 lvx v2,$idx,$key 495 addi $idx,$idx,16 496 ?vperm v1,v1,v2,v5 497 v${n}cipher v0,v0,v1 498 lvx v1,$idx,$key 499 addi $idx,$idx,16 500 bdnz Loop_${dir}c 501 502 ?vperm v2,v2,v1,v5 503 v${n}cipher v0,v0,v2 504 lvx v2,$idx,$key 505 ?vperm v1,v1,v2,v5 506 v${n}cipherlast v0,v0,v1 507 508 vspltisb v2,-1 509 vxor v1,v1,v1 510 li $idx,15 # 15 is not typo 511 ?vperm v2,v1,v2,v3 # outmask 512 le?vxor v3,v3,v4 513 lvx v1,0,$out # outhead 514 vperm v0,v0,v0,v3 # rotate [and byte swap in LE] 515 vsel v1,v1,v0,v2 516 lvx v4,$idx,$out 517 stvx v1,0,$out 518 vsel v0,v0,v4,v2 519 stvx v0,$idx,$out 520 521 mtspr 256,$vrsave 522 blr 523 .long 0 524 .byte 0,12,0x14,0,0,0,3,0 525 .long 0 526.size .${prefix}_${dir}crypt,.-.${prefix}_${dir}crypt 527___ 528} 529&gen_block("en"); 530&gen_block("de"); 531}}} 532######################################################################### 533{{{ # CBC en- and decrypt procedures # 534my ($inp,$out,$len,$key,$ivp,$enc,$rounds,$idx)=map("r$_",(3..10)); 535my ($rndkey0,$rndkey1,$inout,$tmp)= map("v$_",(0..3)); 536my ($ivec,$inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm)= 537 map("v$_",(4..10)); 538$code.=<<___; 539.globl .${prefix}_cbc_encrypt 540 ${UCMP}i $len,16 541 bltlr- 542 543 cmpwi $enc,0 # test direction 544 lis r0,0xffe0 545 mfspr $vrsave,256 546 mtspr 256,r0 547 548 li $idx,15 549 vxor $rndkey0,$rndkey0,$rndkey0 550 le?vspltisb $tmp,0x0f 551 552 lvx $ivec,0,$ivp # load [unaligned] iv 553 lvsl $inpperm,0,$ivp 554 lvx $inptail,$idx,$ivp 555 le?vxor $inpperm,$inpperm,$tmp 556 vperm $ivec,$ivec,$inptail,$inpperm 557 558 neg r11,$inp 559 ?lvsl $keyperm,0,$key # prepare for unaligned key 560 lwz $rounds,240($key) 561 562 lvsr $inpperm,0,r11 # prepare for unaligned load 563 lvx $inptail,0,$inp 564 addi $inp,$inp,15 # 15 is not typo 565 le?vxor $inpperm,$inpperm,$tmp 566 567 ?lvsr $outperm,0,$out # prepare for unaligned store 568 vspltisb $outmask,-1 569 lvx $outhead,0,$out 570 ?vperm $outmask,$rndkey0,$outmask,$outperm 571 le?vxor $outperm,$outperm,$tmp 572 573 srwi $rounds,$rounds,1 574 li $idx,16 575 subi $rounds,$rounds,1 576 beq Lcbc_dec 577 578Lcbc_enc: 579 vmr $inout,$inptail 580 lvx $inptail,0,$inp 581 addi $inp,$inp,16 582 mtctr $rounds 583 subi $len,$len,16 # len-=16 584 585 lvx $rndkey0,0,$key 586 vperm $inout,$inout,$inptail,$inpperm 587 lvx $rndkey1,$idx,$key 588 addi $idx,$idx,16 589 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 590 vxor $inout,$inout,$rndkey0 591 lvx $rndkey0,$idx,$key 592 addi $idx,$idx,16 593 vxor $inout,$inout,$ivec 594 595Loop_cbc_enc: 596 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 597 vcipher $inout,$inout,$rndkey1 598 lvx $rndkey1,$idx,$key 599 addi $idx,$idx,16 600 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 601 vcipher $inout,$inout,$rndkey0 602 lvx $rndkey0,$idx,$key 603 addi $idx,$idx,16 604 bdnz Loop_cbc_enc 605 606 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 607 vcipher $inout,$inout,$rndkey1 608 lvx $rndkey1,$idx,$key 609 li $idx,16 610 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 611 vcipherlast $ivec,$inout,$rndkey0 612 ${UCMP}i $len,16 613 614 vperm $tmp,$ivec,$ivec,$outperm 615 vsel $inout,$outhead,$tmp,$outmask 616 vmr $outhead,$tmp 617 stvx $inout,0,$out 618 addi $out,$out,16 619 bge Lcbc_enc 620 621 b Lcbc_done 622 623.align 4 624Lcbc_dec: 625 ${UCMP}i $len,128 626 bge _aesp8_cbc_decrypt8x 627 vmr $tmp,$inptail 628 lvx $inptail,0,$inp 629 addi $inp,$inp,16 630 mtctr $rounds 631 subi $len,$len,16 # len-=16 632 633 lvx $rndkey0,0,$key 634 vperm $tmp,$tmp,$inptail,$inpperm 635 lvx $rndkey1,$idx,$key 636 addi $idx,$idx,16 637 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 638 vxor $inout,$tmp,$rndkey0 639 lvx $rndkey0,$idx,$key 640 addi $idx,$idx,16 641 642Loop_cbc_dec: 643 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 644 vncipher $inout,$inout,$rndkey1 645 lvx $rndkey1,$idx,$key 646 addi $idx,$idx,16 647 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 648 vncipher $inout,$inout,$rndkey0 649 lvx $rndkey0,$idx,$key 650 addi $idx,$idx,16 651 bdnz Loop_cbc_dec 652 653 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 654 vncipher $inout,$inout,$rndkey1 655 lvx $rndkey1,$idx,$key 656 li $idx,16 657 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 658 vncipherlast $inout,$inout,$rndkey0 659 ${UCMP}i $len,16 660 661 vxor $inout,$inout,$ivec 662 vmr $ivec,$tmp 663 vperm $tmp,$inout,$inout,$outperm 664 vsel $inout,$outhead,$tmp,$outmask 665 vmr $outhead,$tmp 666 stvx $inout,0,$out 667 addi $out,$out,16 668 bge Lcbc_dec 669 670Lcbc_done: 671 addi $out,$out,-1 672 lvx $inout,0,$out # redundant in aligned case 673 vsel $inout,$outhead,$inout,$outmask 674 stvx $inout,0,$out 675 676 neg $enc,$ivp # write [unaligned] iv 677 li $idx,15 # 15 is not typo 678 vxor $rndkey0,$rndkey0,$rndkey0 679 vspltisb $outmask,-1 680 le?vspltisb $tmp,0x0f 681 ?lvsl $outperm,0,$enc 682 ?vperm $outmask,$rndkey0,$outmask,$outperm 683 le?vxor $outperm,$outperm,$tmp 684 lvx $outhead,0,$ivp 685 vperm $ivec,$ivec,$ivec,$outperm 686 vsel $inout,$outhead,$ivec,$outmask 687 lvx $inptail,$idx,$ivp 688 stvx $inout,0,$ivp 689 vsel $inout,$ivec,$inptail,$outmask 690 stvx $inout,$idx,$ivp 691 692 mtspr 256,$vrsave 693 blr 694 .long 0 695 .byte 0,12,0x14,0,0,0,6,0 696 .long 0 697___ 698######################################################################### 699{{ # Optimized CBC decrypt procedure # 700my $key_="r11"; 701my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31)); 702my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10..13)); 703my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(14..21)); 704my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys 705 # v26-v31 last 6 round keys 706my ($tmp,$keyperm)=($in3,$in4); # aliases with "caller", redundant assignment 707 708$code.=<<___; 709.align 5 710_aesp8_cbc_decrypt8x: 711 $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) 712 li r10,`$FRAME+8*16+15` 713 li r11,`$FRAME+8*16+31` 714 stvx v20,r10,$sp # ABI says so 715 addi r10,r10,32 716 stvx v21,r11,$sp 717 addi r11,r11,32 718 stvx v22,r10,$sp 719 addi r10,r10,32 720 stvx v23,r11,$sp 721 addi r11,r11,32 722 stvx v24,r10,$sp 723 addi r10,r10,32 724 stvx v25,r11,$sp 725 addi r11,r11,32 726 stvx v26,r10,$sp 727 addi r10,r10,32 728 stvx v27,r11,$sp 729 addi r11,r11,32 730 stvx v28,r10,$sp 731 addi r10,r10,32 732 stvx v29,r11,$sp 733 addi r11,r11,32 734 stvx v30,r10,$sp 735 stvx v31,r11,$sp 736 li r0,-1 737 stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave 738 li $x10,0x10 739 $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) 740 li $x20,0x20 741 $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) 742 li $x30,0x30 743 $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) 744 li $x40,0x40 745 $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) 746 li $x50,0x50 747 $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) 748 li $x60,0x60 749 $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) 750 li $x70,0x70 751 mtspr 256,r0 752 753 subi $rounds,$rounds,3 # -4 in total 754 subi $len,$len,128 # bias 755 756 lvx $rndkey0,$x00,$key # load key schedule 757 lvx v30,$x10,$key 758 addi $key,$key,0x20 759 lvx v31,$x00,$key 760 ?vperm $rndkey0,$rndkey0,v30,$keyperm 761 addi $key_,$sp,$FRAME+15 762 mtctr $rounds 763 764Load_cbc_dec_key: 765 ?vperm v24,v30,v31,$keyperm 766 lvx v30,$x10,$key 767 addi $key,$key,0x20 768 stvx v24,$x00,$key_ # off-load round[1] 769 ?vperm v25,v31,v30,$keyperm 770 lvx v31,$x00,$key 771 stvx v25,$x10,$key_ # off-load round[2] 772 addi $key_,$key_,0x20 773 bdnz Load_cbc_dec_key 774 775 lvx v26,$x10,$key 776 ?vperm v24,v30,v31,$keyperm 777 lvx v27,$x20,$key 778 stvx v24,$x00,$key_ # off-load round[3] 779 ?vperm v25,v31,v26,$keyperm 780 lvx v28,$x30,$key 781 stvx v25,$x10,$key_ # off-load round[4] 782 addi $key_,$sp,$FRAME+15 # rewind $key_ 783 ?vperm v26,v26,v27,$keyperm 784 lvx v29,$x40,$key 785 ?vperm v27,v27,v28,$keyperm 786 lvx v30,$x50,$key 787 ?vperm v28,v28,v29,$keyperm 788 lvx v31,$x60,$key 789 ?vperm v29,v29,v30,$keyperm 790 lvx $out0,$x70,$key # borrow $out0 791 ?vperm v30,v30,v31,$keyperm 792 lvx v24,$x00,$key_ # pre-load round[1] 793 ?vperm v31,v31,$out0,$keyperm 794 lvx v25,$x10,$key_ # pre-load round[2] 795 796 #lvx $inptail,0,$inp # "caller" already did this 797 #addi $inp,$inp,15 # 15 is not typo 798 subi $inp,$inp,15 # undo "caller" 799 800 le?li $idx,8 801 lvx_u $in0,$x00,$inp # load first 8 "words" 802 le?lvsl $inpperm,0,$idx 803 le?vspltisb $tmp,0x0f 804 lvx_u $in1,$x10,$inp 805 le?vxor $inpperm,$inpperm,$tmp # transform for lvx_u/stvx_u 806 lvx_u $in2,$x20,$inp 807 le?vperm $in0,$in0,$in0,$inpperm 808 lvx_u $in3,$x30,$inp 809 le?vperm $in1,$in1,$in1,$inpperm 810 lvx_u $in4,$x40,$inp 811 le?vperm $in2,$in2,$in2,$inpperm 812 vxor $out0,$in0,$rndkey0 813 lvx_u $in5,$x50,$inp 814 le?vperm $in3,$in3,$in3,$inpperm 815 vxor $out1,$in1,$rndkey0 816 lvx_u $in6,$x60,$inp 817 le?vperm $in4,$in4,$in4,$inpperm 818 vxor $out2,$in2,$rndkey0 819 lvx_u $in7,$x70,$inp 820 addi $inp,$inp,0x80 821 le?vperm $in5,$in5,$in5,$inpperm 822 vxor $out3,$in3,$rndkey0 823 le?vperm $in6,$in6,$in6,$inpperm 824 vxor $out4,$in4,$rndkey0 825 le?vperm $in7,$in7,$in7,$inpperm 826 vxor $out5,$in5,$rndkey0 827 vxor $out6,$in6,$rndkey0 828 vxor $out7,$in7,$rndkey0 829 830 mtctr $rounds 831 b Loop_cbc_dec8x 832.align 5 833Loop_cbc_dec8x: 834 vncipher $out0,$out0,v24 835 vncipher $out1,$out1,v24 836 vncipher $out2,$out2,v24 837 vncipher $out3,$out3,v24 838 vncipher $out4,$out4,v24 839 vncipher $out5,$out5,v24 840 vncipher $out6,$out6,v24 841 vncipher $out7,$out7,v24 842 lvx v24,$x20,$key_ # round[3] 843 addi $key_,$key_,0x20 844 845 vncipher $out0,$out0,v25 846 vncipher $out1,$out1,v25 847 vncipher $out2,$out2,v25 848 vncipher $out3,$out3,v25 849 vncipher $out4,$out4,v25 850 vncipher $out5,$out5,v25 851 vncipher $out6,$out6,v25 852 vncipher $out7,$out7,v25 853 lvx v25,$x10,$key_ # round[4] 854 bdnz Loop_cbc_dec8x 855 856 subic $len,$len,128 # $len-=128 857 vncipher $out0,$out0,v24 858 vncipher $out1,$out1,v24 859 vncipher $out2,$out2,v24 860 vncipher $out3,$out3,v24 861 vncipher $out4,$out4,v24 862 vncipher $out5,$out5,v24 863 vncipher $out6,$out6,v24 864 vncipher $out7,$out7,v24 865 866 subfe. r0,r0,r0 # borrow?-1:0 867 vncipher $out0,$out0,v25 868 vncipher $out1,$out1,v25 869 vncipher $out2,$out2,v25 870 vncipher $out3,$out3,v25 871 vncipher $out4,$out4,v25 872 vncipher $out5,$out5,v25 873 vncipher $out6,$out6,v25 874 vncipher $out7,$out7,v25 875 876 and r0,r0,$len 877 vncipher $out0,$out0,v26 878 vncipher $out1,$out1,v26 879 vncipher $out2,$out2,v26 880 vncipher $out3,$out3,v26 881 vncipher $out4,$out4,v26 882 vncipher $out5,$out5,v26 883 vncipher $out6,$out6,v26 884 vncipher $out7,$out7,v26 885 886 add $inp,$inp,r0 # $inp is adjusted in such 887 # way that at exit from the 888 # loop inX-in7 are loaded 889 # with last "words" 890 vncipher $out0,$out0,v27 891 vncipher $out1,$out1,v27 892 vncipher $out2,$out2,v27 893 vncipher $out3,$out3,v27 894 vncipher $out4,$out4,v27 895 vncipher $out5,$out5,v27 896 vncipher $out6,$out6,v27 897 vncipher $out7,$out7,v27 898 899 addi $key_,$sp,$FRAME+15 # rewind $key_ 900 vncipher $out0,$out0,v28 901 vncipher $out1,$out1,v28 902 vncipher $out2,$out2,v28 903 vncipher $out3,$out3,v28 904 vncipher $out4,$out4,v28 905 vncipher $out5,$out5,v28 906 vncipher $out6,$out6,v28 907 vncipher $out7,$out7,v28 908 lvx v24,$x00,$key_ # re-pre-load round[1] 909 910 vncipher $out0,$out0,v29 911 vncipher $out1,$out1,v29 912 vncipher $out2,$out2,v29 913 vncipher $out3,$out3,v29 914 vncipher $out4,$out4,v29 915 vncipher $out5,$out5,v29 916 vncipher $out6,$out6,v29 917 vncipher $out7,$out7,v29 918 lvx v25,$x10,$key_ # re-pre-load round[2] 919 920 vncipher $out0,$out0,v30 921 vxor $ivec,$ivec,v31 # xor with last round key 922 vncipher $out1,$out1,v30 923 vxor $in0,$in0,v31 924 vncipher $out2,$out2,v30 925 vxor $in1,$in1,v31 926 vncipher $out3,$out3,v30 927 vxor $in2,$in2,v31 928 vncipher $out4,$out4,v30 929 vxor $in3,$in3,v31 930 vncipher $out5,$out5,v30 931 vxor $in4,$in4,v31 932 vncipher $out6,$out6,v30 933 vxor $in5,$in5,v31 934 vncipher $out7,$out7,v30 935 vxor $in6,$in6,v31 936 937 vncipherlast $out0,$out0,$ivec 938 vncipherlast $out1,$out1,$in0 939 lvx_u $in0,$x00,$inp # load next input block 940 vncipherlast $out2,$out2,$in1 941 lvx_u $in1,$x10,$inp 942 vncipherlast $out3,$out3,$in2 943 le?vperm $in0,$in0,$in0,$inpperm 944 lvx_u $in2,$x20,$inp 945 vncipherlast $out4,$out4,$in3 946 le?vperm $in1,$in1,$in1,$inpperm 947 lvx_u $in3,$x30,$inp 948 vncipherlast $out5,$out5,$in4 949 le?vperm $in2,$in2,$in2,$inpperm 950 lvx_u $in4,$x40,$inp 951 vncipherlast $out6,$out6,$in5 952 le?vperm $in3,$in3,$in3,$inpperm 953 lvx_u $in5,$x50,$inp 954 vncipherlast $out7,$out7,$in6 955 le?vperm $in4,$in4,$in4,$inpperm 956 lvx_u $in6,$x60,$inp 957 vmr $ivec,$in7 958 le?vperm $in5,$in5,$in5,$inpperm 959 lvx_u $in7,$x70,$inp 960 addi $inp,$inp,0x80 961 962 le?vperm $out0,$out0,$out0,$inpperm 963 le?vperm $out1,$out1,$out1,$inpperm 964 stvx_u $out0,$x00,$out 965 le?vperm $in6,$in6,$in6,$inpperm 966 vxor $out0,$in0,$rndkey0 967 le?vperm $out2,$out2,$out2,$inpperm 968 stvx_u $out1,$x10,$out 969 le?vperm $in7,$in7,$in7,$inpperm 970 vxor $out1,$in1,$rndkey0 971 le?vperm $out3,$out3,$out3,$inpperm 972 stvx_u $out2,$x20,$out 973 vxor $out2,$in2,$rndkey0 974 le?vperm $out4,$out4,$out4,$inpperm 975 stvx_u $out3,$x30,$out 976 vxor $out3,$in3,$rndkey0 977 le?vperm $out5,$out5,$out5,$inpperm 978 stvx_u $out4,$x40,$out 979 vxor $out4,$in4,$rndkey0 980 le?vperm $out6,$out6,$out6,$inpperm 981 stvx_u $out5,$x50,$out 982 vxor $out5,$in5,$rndkey0 983 le?vperm $out7,$out7,$out7,$inpperm 984 stvx_u $out6,$x60,$out 985 vxor $out6,$in6,$rndkey0 986 stvx_u $out7,$x70,$out 987 addi $out,$out,0x80 988 vxor $out7,$in7,$rndkey0 989 990 mtctr $rounds 991 beq Loop_cbc_dec8x # did $len-=128 borrow? 992 993 addic. $len,$len,128 994 beq Lcbc_dec8x_done 995 nop 996 nop 997 998Loop_cbc_dec8x_tail: # up to 7 "words" tail... 999 vncipher $out1,$out1,v24 1000 vncipher $out2,$out2,v24 1001 vncipher $out3,$out3,v24 1002 vncipher $out4,$out4,v24 1003 vncipher $out5,$out5,v24 1004 vncipher $out6,$out6,v24 1005 vncipher $out7,$out7,v24 1006 lvx v24,$x20,$key_ # round[3] 1007 addi $key_,$key_,0x20 1008 1009 vncipher $out1,$out1,v25 1010 vncipher $out2,$out2,v25 1011 vncipher $out3,$out3,v25 1012 vncipher $out4,$out4,v25 1013 vncipher $out5,$out5,v25 1014 vncipher $out6,$out6,v25 1015 vncipher $out7,$out7,v25 1016 lvx v25,$x10,$key_ # round[4] 1017 bdnz Loop_cbc_dec8x_tail 1018 1019 vncipher $out1,$out1,v24 1020 vncipher $out2,$out2,v24 1021 vncipher $out3,$out3,v24 1022 vncipher $out4,$out4,v24 1023 vncipher $out5,$out5,v24 1024 vncipher $out6,$out6,v24 1025 vncipher $out7,$out7,v24 1026 1027 vncipher $out1,$out1,v25 1028 vncipher $out2,$out2,v25 1029 vncipher $out3,$out3,v25 1030 vncipher $out4,$out4,v25 1031 vncipher $out5,$out5,v25 1032 vncipher $out6,$out6,v25 1033 vncipher $out7,$out7,v25 1034 1035 vncipher $out1,$out1,v26 1036 vncipher $out2,$out2,v26 1037 vncipher $out3,$out3,v26 1038 vncipher $out4,$out4,v26 1039 vncipher $out5,$out5,v26 1040 vncipher $out6,$out6,v26 1041 vncipher $out7,$out7,v26 1042 1043 vncipher $out1,$out1,v27 1044 vncipher $out2,$out2,v27 1045 vncipher $out3,$out3,v27 1046 vncipher $out4,$out4,v27 1047 vncipher $out5,$out5,v27 1048 vncipher $out6,$out6,v27 1049 vncipher $out7,$out7,v27 1050 1051 vncipher $out1,$out1,v28 1052 vncipher $out2,$out2,v28 1053 vncipher $out3,$out3,v28 1054 vncipher $out4,$out4,v28 1055 vncipher $out5,$out5,v28 1056 vncipher $out6,$out6,v28 1057 vncipher $out7,$out7,v28 1058 1059 vncipher $out1,$out1,v29 1060 vncipher $out2,$out2,v29 1061 vncipher $out3,$out3,v29 1062 vncipher $out4,$out4,v29 1063 vncipher $out5,$out5,v29 1064 vncipher $out6,$out6,v29 1065 vncipher $out7,$out7,v29 1066 1067 vncipher $out1,$out1,v30 1068 vxor $ivec,$ivec,v31 # last round key 1069 vncipher $out2,$out2,v30 1070 vxor $in1,$in1,v31 1071 vncipher $out3,$out3,v30 1072 vxor $in2,$in2,v31 1073 vncipher $out4,$out4,v30 1074 vxor $in3,$in3,v31 1075 vncipher $out5,$out5,v30 1076 vxor $in4,$in4,v31 1077 vncipher $out6,$out6,v30 1078 vxor $in5,$in5,v31 1079 vncipher $out7,$out7,v30 1080 vxor $in6,$in6,v31 1081 1082 cmplwi $len,32 # switch($len) 1083 blt Lcbc_dec8x_one 1084 nop 1085 beq Lcbc_dec8x_two 1086 cmplwi $len,64 1087 blt Lcbc_dec8x_three 1088 nop 1089 beq Lcbc_dec8x_four 1090 cmplwi $len,96 1091 blt Lcbc_dec8x_five 1092 nop 1093 beq Lcbc_dec8x_six 1094 1095Lcbc_dec8x_seven: 1096 vncipherlast $out1,$out1,$ivec 1097 vncipherlast $out2,$out2,$in1 1098 vncipherlast $out3,$out3,$in2 1099 vncipherlast $out4,$out4,$in3 1100 vncipherlast $out5,$out5,$in4 1101 vncipherlast $out6,$out6,$in5 1102 vncipherlast $out7,$out7,$in6 1103 vmr $ivec,$in7 1104 1105 le?vperm $out1,$out1,$out1,$inpperm 1106 le?vperm $out2,$out2,$out2,$inpperm 1107 stvx_u $out1,$x00,$out 1108 le?vperm $out3,$out3,$out3,$inpperm 1109 stvx_u $out2,$x10,$out 1110 le?vperm $out4,$out4,$out4,$inpperm 1111 stvx_u $out3,$x20,$out 1112 le?vperm $out5,$out5,$out5,$inpperm 1113 stvx_u $out4,$x30,$out 1114 le?vperm $out6,$out6,$out6,$inpperm 1115 stvx_u $out5,$x40,$out 1116 le?vperm $out7,$out7,$out7,$inpperm 1117 stvx_u $out6,$x50,$out 1118 stvx_u $out7,$x60,$out 1119 addi $out,$out,0x70 1120 b Lcbc_dec8x_done 1121 1122.align 5 1123Lcbc_dec8x_six: 1124 vncipherlast $out2,$out2,$ivec 1125 vncipherlast $out3,$out3,$in2 1126 vncipherlast $out4,$out4,$in3 1127 vncipherlast $out5,$out5,$in4 1128 vncipherlast $out6,$out6,$in5 1129 vncipherlast $out7,$out7,$in6 1130 vmr $ivec,$in7 1131 1132 le?vperm $out2,$out2,$out2,$inpperm 1133 le?vperm $out3,$out3,$out3,$inpperm 1134 stvx_u $out2,$x00,$out 1135 le?vperm $out4,$out4,$out4,$inpperm 1136 stvx_u $out3,$x10,$out 1137 le?vperm $out5,$out5,$out5,$inpperm 1138 stvx_u $out4,$x20,$out 1139 le?vperm $out6,$out6,$out6,$inpperm 1140 stvx_u $out5,$x30,$out 1141 le?vperm $out7,$out7,$out7,$inpperm 1142 stvx_u $out6,$x40,$out 1143 stvx_u $out7,$x50,$out 1144 addi $out,$out,0x60 1145 b Lcbc_dec8x_done 1146 1147.align 5 1148Lcbc_dec8x_five: 1149 vncipherlast $out3,$out3,$ivec 1150 vncipherlast $out4,$out4,$in3 1151 vncipherlast $out5,$out5,$in4 1152 vncipherlast $out6,$out6,$in5 1153 vncipherlast $out7,$out7,$in6 1154 vmr $ivec,$in7 1155 1156 le?vperm $out3,$out3,$out3,$inpperm 1157 le?vperm $out4,$out4,$out4,$inpperm 1158 stvx_u $out3,$x00,$out 1159 le?vperm $out5,$out5,$out5,$inpperm 1160 stvx_u $out4,$x10,$out 1161 le?vperm $out6,$out6,$out6,$inpperm 1162 stvx_u $out5,$x20,$out 1163 le?vperm $out7,$out7,$out7,$inpperm 1164 stvx_u $out6,$x30,$out 1165 stvx_u $out7,$x40,$out 1166 addi $out,$out,0x50 1167 b Lcbc_dec8x_done 1168 1169.align 5 1170Lcbc_dec8x_four: 1171 vncipherlast $out4,$out4,$ivec 1172 vncipherlast $out5,$out5,$in4 1173 vncipherlast $out6,$out6,$in5 1174 vncipherlast $out7,$out7,$in6 1175 vmr $ivec,$in7 1176 1177 le?vperm $out4,$out4,$out4,$inpperm 1178 le?vperm $out5,$out5,$out5,$inpperm 1179 stvx_u $out4,$x00,$out 1180 le?vperm $out6,$out6,$out6,$inpperm 1181 stvx_u $out5,$x10,$out 1182 le?vperm $out7,$out7,$out7,$inpperm 1183 stvx_u $out6,$x20,$out 1184 stvx_u $out7,$x30,$out 1185 addi $out,$out,0x40 1186 b Lcbc_dec8x_done 1187 1188.align 5 1189Lcbc_dec8x_three: 1190 vncipherlast $out5,$out5,$ivec 1191 vncipherlast $out6,$out6,$in5 1192 vncipherlast $out7,$out7,$in6 1193 vmr $ivec,$in7 1194 1195 le?vperm $out5,$out5,$out5,$inpperm 1196 le?vperm $out6,$out6,$out6,$inpperm 1197 stvx_u $out5,$x00,$out 1198 le?vperm $out7,$out7,$out7,$inpperm 1199 stvx_u $out6,$x10,$out 1200 stvx_u $out7,$x20,$out 1201 addi $out,$out,0x30 1202 b Lcbc_dec8x_done 1203 1204.align 5 1205Lcbc_dec8x_two: 1206 vncipherlast $out6,$out6,$ivec 1207 vncipherlast $out7,$out7,$in6 1208 vmr $ivec,$in7 1209 1210 le?vperm $out6,$out6,$out6,$inpperm 1211 le?vperm $out7,$out7,$out7,$inpperm 1212 stvx_u $out6,$x00,$out 1213 stvx_u $out7,$x10,$out 1214 addi $out,$out,0x20 1215 b Lcbc_dec8x_done 1216 1217.align 5 1218Lcbc_dec8x_one: 1219 vncipherlast $out7,$out7,$ivec 1220 vmr $ivec,$in7 1221 1222 le?vperm $out7,$out7,$out7,$inpperm 1223 stvx_u $out7,0,$out 1224 addi $out,$out,0x10 1225 1226Lcbc_dec8x_done: 1227 le?vperm $ivec,$ivec,$ivec,$inpperm 1228 stvx_u $ivec,0,$ivp # write [unaligned] iv 1229 1230 li r10,`$FRAME+15` 1231 li r11,`$FRAME+31` 1232 stvx $inpperm,r10,$sp # wipe copies of round keys 1233 addi r10,r10,32 1234 stvx $inpperm,r11,$sp 1235 addi r11,r11,32 1236 stvx $inpperm,r10,$sp 1237 addi r10,r10,32 1238 stvx $inpperm,r11,$sp 1239 addi r11,r11,32 1240 stvx $inpperm,r10,$sp 1241 addi r10,r10,32 1242 stvx $inpperm,r11,$sp 1243 addi r11,r11,32 1244 stvx $inpperm,r10,$sp 1245 addi r10,r10,32 1246 stvx $inpperm,r11,$sp 1247 addi r11,r11,32 1248 1249 mtspr 256,$vrsave 1250 lvx v20,r10,$sp # ABI says so 1251 addi r10,r10,32 1252 lvx v21,r11,$sp 1253 addi r11,r11,32 1254 lvx v22,r10,$sp 1255 addi r10,r10,32 1256 lvx v23,r11,$sp 1257 addi r11,r11,32 1258 lvx v24,r10,$sp 1259 addi r10,r10,32 1260 lvx v25,r11,$sp 1261 addi r11,r11,32 1262 lvx v26,r10,$sp 1263 addi r10,r10,32 1264 lvx v27,r11,$sp 1265 addi r11,r11,32 1266 lvx v28,r10,$sp 1267 addi r10,r10,32 1268 lvx v29,r11,$sp 1269 addi r11,r11,32 1270 lvx v30,r10,$sp 1271 lvx v31,r11,$sp 1272 $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) 1273 $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) 1274 $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) 1275 $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) 1276 $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) 1277 $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) 1278 addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` 1279 blr 1280 .long 0 1281 .byte 0,12,0x14,0,0x80,6,6,0 1282 .long 0 1283.size .${prefix}_cbc_encrypt,.-.${prefix}_cbc_encrypt 1284___ 1285}} }}} 1286 1287######################################################################### 1288{{{ # CTR procedure[s] # 1289my ($inp,$out,$len,$key,$ivp,$x10,$rounds,$idx)=map("r$_",(3..10)); 1290my ($rndkey0,$rndkey1,$inout,$tmp)= map("v$_",(0..3)); 1291my ($ivec,$inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm,$one)= 1292 map("v$_",(4..11)); 1293my $dat=$tmp; 1294 1295$code.=<<___; 1296.globl .${prefix}_ctr32_encrypt_blocks 1297 ${UCMP}i $len,1 1298 bltlr- 1299 1300 lis r0,0xfff0 1301 mfspr $vrsave,256 1302 mtspr 256,r0 1303 1304 li $idx,15 1305 vxor $rndkey0,$rndkey0,$rndkey0 1306 le?vspltisb $tmp,0x0f 1307 1308 lvx $ivec,0,$ivp # load [unaligned] iv 1309 lvsl $inpperm,0,$ivp 1310 lvx $inptail,$idx,$ivp 1311 vspltisb $one,1 1312 le?vxor $inpperm,$inpperm,$tmp 1313 vperm $ivec,$ivec,$inptail,$inpperm 1314 vsldoi $one,$rndkey0,$one,1 1315 1316 neg r11,$inp 1317 ?lvsl $keyperm,0,$key # prepare for unaligned key 1318 lwz $rounds,240($key) 1319 1320 lvsr $inpperm,0,r11 # prepare for unaligned load 1321 lvx $inptail,0,$inp 1322 addi $inp,$inp,15 # 15 is not typo 1323 le?vxor $inpperm,$inpperm,$tmp 1324 1325 srwi $rounds,$rounds,1 1326 li $idx,16 1327 subi $rounds,$rounds,1 1328 1329 ${UCMP}i $len,8 1330 bge _aesp8_ctr32_encrypt8x 1331 1332 ?lvsr $outperm,0,$out # prepare for unaligned store 1333 vspltisb $outmask,-1 1334 lvx $outhead,0,$out 1335 ?vperm $outmask,$rndkey0,$outmask,$outperm 1336 le?vxor $outperm,$outperm,$tmp 1337 1338 lvx $rndkey0,0,$key 1339 mtctr $rounds 1340 lvx $rndkey1,$idx,$key 1341 addi $idx,$idx,16 1342 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 1343 vxor $inout,$ivec,$rndkey0 1344 lvx $rndkey0,$idx,$key 1345 addi $idx,$idx,16 1346 b Loop_ctr32_enc 1347 1348.align 5 1349Loop_ctr32_enc: 1350 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 1351 vcipher $inout,$inout,$rndkey1 1352 lvx $rndkey1,$idx,$key 1353 addi $idx,$idx,16 1354 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 1355 vcipher $inout,$inout,$rndkey0 1356 lvx $rndkey0,$idx,$key 1357 addi $idx,$idx,16 1358 bdnz Loop_ctr32_enc 1359 1360 vadduqm $ivec,$ivec,$one 1361 vmr $dat,$inptail 1362 lvx $inptail,0,$inp 1363 addi $inp,$inp,16 1364 subic. $len,$len,1 # blocks-- 1365 1366 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 1367 vcipher $inout,$inout,$rndkey1 1368 lvx $rndkey1,$idx,$key 1369 vperm $dat,$dat,$inptail,$inpperm 1370 li $idx,16 1371 ?vperm $rndkey1,$rndkey0,$rndkey1,$keyperm 1372 lvx $rndkey0,0,$key 1373 vxor $dat,$dat,$rndkey1 # last round key 1374 vcipherlast $inout,$inout,$dat 1375 1376 lvx $rndkey1,$idx,$key 1377 addi $idx,$idx,16 1378 vperm $inout,$inout,$inout,$outperm 1379 vsel $dat,$outhead,$inout,$outmask 1380 mtctr $rounds 1381 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 1382 vmr $outhead,$inout 1383 vxor $inout,$ivec,$rndkey0 1384 lvx $rndkey0,$idx,$key 1385 addi $idx,$idx,16 1386 stvx $dat,0,$out 1387 addi $out,$out,16 1388 bne Loop_ctr32_enc 1389 1390 addi $out,$out,-1 1391 lvx $inout,0,$out # redundant in aligned case 1392 vsel $inout,$outhead,$inout,$outmask 1393 stvx $inout,0,$out 1394 1395 mtspr 256,$vrsave 1396 blr 1397 .long 0 1398 .byte 0,12,0x14,0,0,0,6,0 1399 .long 0 1400___ 1401######################################################################### 1402{{ # Optimized CTR procedure # 1403my $key_="r11"; 1404my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31)); 1405my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10,12..14)); 1406my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(15..22)); 1407my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys 1408 # v26-v31 last 6 round keys 1409my ($tmp,$keyperm)=($in3,$in4); # aliases with "caller", redundant assignment 1410my ($two,$three,$four)=($outhead,$outperm,$outmask); 1411 1412$code.=<<___; 1413.align 5 1414_aesp8_ctr32_encrypt8x: 1415 $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) 1416 li r10,`$FRAME+8*16+15` 1417 li r11,`$FRAME+8*16+31` 1418 stvx v20,r10,$sp # ABI says so 1419 addi r10,r10,32 1420 stvx v21,r11,$sp 1421 addi r11,r11,32 1422 stvx v22,r10,$sp 1423 addi r10,r10,32 1424 stvx v23,r11,$sp 1425 addi r11,r11,32 1426 stvx v24,r10,$sp 1427 addi r10,r10,32 1428 stvx v25,r11,$sp 1429 addi r11,r11,32 1430 stvx v26,r10,$sp 1431 addi r10,r10,32 1432 stvx v27,r11,$sp 1433 addi r11,r11,32 1434 stvx v28,r10,$sp 1435 addi r10,r10,32 1436 stvx v29,r11,$sp 1437 addi r11,r11,32 1438 stvx v30,r10,$sp 1439 stvx v31,r11,$sp 1440 li r0,-1 1441 stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave 1442 li $x10,0x10 1443 $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) 1444 li $x20,0x20 1445 $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) 1446 li $x30,0x30 1447 $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) 1448 li $x40,0x40 1449 $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) 1450 li $x50,0x50 1451 $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) 1452 li $x60,0x60 1453 $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) 1454 li $x70,0x70 1455 mtspr 256,r0 1456 1457 subi $rounds,$rounds,3 # -4 in total 1458 1459 lvx $rndkey0,$x00,$key # load key schedule 1460 lvx v30,$x10,$key 1461 addi $key,$key,0x20 1462 lvx v31,$x00,$key 1463 ?vperm $rndkey0,$rndkey0,v30,$keyperm 1464 addi $key_,$sp,$FRAME+15 1465 mtctr $rounds 1466 1467Load_ctr32_enc_key: 1468 ?vperm v24,v30,v31,$keyperm 1469 lvx v30,$x10,$key 1470 addi $key,$key,0x20 1471 stvx v24,$x00,$key_ # off-load round[1] 1472 ?vperm v25,v31,v30,$keyperm 1473 lvx v31,$x00,$key 1474 stvx v25,$x10,$key_ # off-load round[2] 1475 addi $key_,$key_,0x20 1476 bdnz Load_ctr32_enc_key 1477 1478 lvx v26,$x10,$key 1479 ?vperm v24,v30,v31,$keyperm 1480 lvx v27,$x20,$key 1481 stvx v24,$x00,$key_ # off-load round[3] 1482 ?vperm v25,v31,v26,$keyperm 1483 lvx v28,$x30,$key 1484 stvx v25,$x10,$key_ # off-load round[4] 1485 addi $key_,$sp,$FRAME+15 # rewind $key_ 1486 ?vperm v26,v26,v27,$keyperm 1487 lvx v29,$x40,$key 1488 ?vperm v27,v27,v28,$keyperm 1489 lvx v30,$x50,$key 1490 ?vperm v28,v28,v29,$keyperm 1491 lvx v31,$x60,$key 1492 ?vperm v29,v29,v30,$keyperm 1493 lvx $out0,$x70,$key # borrow $out0 1494 ?vperm v30,v30,v31,$keyperm 1495 lvx v24,$x00,$key_ # pre-load round[1] 1496 ?vperm v31,v31,$out0,$keyperm 1497 lvx v25,$x10,$key_ # pre-load round[2] 1498 1499 vadduqm $two,$one,$one 1500 subi $inp,$inp,15 # undo "caller" 1501 $SHL $len,$len,4 1502 1503 vadduqm $out1,$ivec,$one # counter values ... 1504 vadduqm $out2,$ivec,$two 1505 vxor $out0,$ivec,$rndkey0 # ... xored with rndkey[0] 1506 le?li $idx,8 1507 vadduqm $out3,$out1,$two 1508 vxor $out1,$out1,$rndkey0 1509 le?lvsl $inpperm,0,$idx 1510 vadduqm $out4,$out2,$two 1511 vxor $out2,$out2,$rndkey0 1512 le?vspltisb $tmp,0x0f 1513 vadduqm $out5,$out3,$two 1514 vxor $out3,$out3,$rndkey0 1515 le?vxor $inpperm,$inpperm,$tmp # transform for lvx_u/stvx_u 1516 vadduqm $out6,$out4,$two 1517 vxor $out4,$out4,$rndkey0 1518 vadduqm $out7,$out5,$two 1519 vxor $out5,$out5,$rndkey0 1520 vadduqm $ivec,$out6,$two # next counter value 1521 vxor $out6,$out6,$rndkey0 1522 vxor $out7,$out7,$rndkey0 1523 1524 mtctr $rounds 1525 b Loop_ctr32_enc8x 1526.align 5 1527Loop_ctr32_enc8x: 1528 vcipher $out0,$out0,v24 1529 vcipher $out1,$out1,v24 1530 vcipher $out2,$out2,v24 1531 vcipher $out3,$out3,v24 1532 vcipher $out4,$out4,v24 1533 vcipher $out5,$out5,v24 1534 vcipher $out6,$out6,v24 1535 vcipher $out7,$out7,v24 1536Loop_ctr32_enc8x_middle: 1537 lvx v24,$x20,$key_ # round[3] 1538 addi $key_,$key_,0x20 1539 1540 vcipher $out0,$out0,v25 1541 vcipher $out1,$out1,v25 1542 vcipher $out2,$out2,v25 1543 vcipher $out3,$out3,v25 1544 vcipher $out4,$out4,v25 1545 vcipher $out5,$out5,v25 1546 vcipher $out6,$out6,v25 1547 vcipher $out7,$out7,v25 1548 lvx v25,$x10,$key_ # round[4] 1549 bdnz Loop_ctr32_enc8x 1550 1551 subic r11,$len,256 # $len-256, borrow $key_ 1552 vcipher $out0,$out0,v24 1553 vcipher $out1,$out1,v24 1554 vcipher $out2,$out2,v24 1555 vcipher $out3,$out3,v24 1556 vcipher $out4,$out4,v24 1557 vcipher $out5,$out5,v24 1558 vcipher $out6,$out6,v24 1559 vcipher $out7,$out7,v24 1560 1561 subfe r0,r0,r0 # borrow?-1:0 1562 vcipher $out0,$out0,v25 1563 vcipher $out1,$out1,v25 1564 vcipher $out2,$out2,v25 1565 vcipher $out3,$out3,v25 1566 vcipher $out4,$out4,v25 1567 vcipher $out5,$out5,v25 1568 vcipher $out6,$out6,v25 1569 vcipher $out7,$out7,v25 1570 1571 and r0,r0,r11 1572 addi $key_,$sp,$FRAME+15 # rewind $key_ 1573 vcipher $out0,$out0,v26 1574 vcipher $out1,$out1,v26 1575 vcipher $out2,$out2,v26 1576 vcipher $out3,$out3,v26 1577 vcipher $out4,$out4,v26 1578 vcipher $out5,$out5,v26 1579 vcipher $out6,$out6,v26 1580 vcipher $out7,$out7,v26 1581 lvx v24,$x00,$key_ # re-pre-load round[1] 1582 1583 subic $len,$len,129 # $len-=129 1584 vcipher $out0,$out0,v27 1585 addi $len,$len,1 # $len-=128 really 1586 vcipher $out1,$out1,v27 1587 vcipher $out2,$out2,v27 1588 vcipher $out3,$out3,v27 1589 vcipher $out4,$out4,v27 1590 vcipher $out5,$out5,v27 1591 vcipher $out6,$out6,v27 1592 vcipher $out7,$out7,v27 1593 lvx v25,$x10,$key_ # re-pre-load round[2] 1594 1595 vcipher $out0,$out0,v28 1596 lvx_u $in0,$x00,$inp # load input 1597 vcipher $out1,$out1,v28 1598 lvx_u $in1,$x10,$inp 1599 vcipher $out2,$out2,v28 1600 lvx_u $in2,$x20,$inp 1601 vcipher $out3,$out3,v28 1602 lvx_u $in3,$x30,$inp 1603 vcipher $out4,$out4,v28 1604 lvx_u $in4,$x40,$inp 1605 vcipher $out5,$out5,v28 1606 lvx_u $in5,$x50,$inp 1607 vcipher $out6,$out6,v28 1608 lvx_u $in6,$x60,$inp 1609 vcipher $out7,$out7,v28 1610 lvx_u $in7,$x70,$inp 1611 addi $inp,$inp,0x80 1612 1613 vcipher $out0,$out0,v29 1614 le?vperm $in0,$in0,$in0,$inpperm 1615 vcipher $out1,$out1,v29 1616 le?vperm $in1,$in1,$in1,$inpperm 1617 vcipher $out2,$out2,v29 1618 le?vperm $in2,$in2,$in2,$inpperm 1619 vcipher $out3,$out3,v29 1620 le?vperm $in3,$in3,$in3,$inpperm 1621 vcipher $out4,$out4,v29 1622 le?vperm $in4,$in4,$in4,$inpperm 1623 vcipher $out5,$out5,v29 1624 le?vperm $in5,$in5,$in5,$inpperm 1625 vcipher $out6,$out6,v29 1626 le?vperm $in6,$in6,$in6,$inpperm 1627 vcipher $out7,$out7,v29 1628 le?vperm $in7,$in7,$in7,$inpperm 1629 1630 add $inp,$inp,r0 # $inp is adjusted in such 1631 # way that at exit from the 1632 # loop inX-in7 are loaded 1633 # with last "words" 1634 subfe. r0,r0,r0 # borrow?-1:0 1635 vcipher $out0,$out0,v30 1636 vxor $in0,$in0,v31 # xor with last round key 1637 vcipher $out1,$out1,v30 1638 vxor $in1,$in1,v31 1639 vcipher $out2,$out2,v30 1640 vxor $in2,$in2,v31 1641 vcipher $out3,$out3,v30 1642 vxor $in3,$in3,v31 1643 vcipher $out4,$out4,v30 1644 vxor $in4,$in4,v31 1645 vcipher $out5,$out5,v30 1646 vxor $in5,$in5,v31 1647 vcipher $out6,$out6,v30 1648 vxor $in6,$in6,v31 1649 vcipher $out7,$out7,v30 1650 vxor $in7,$in7,v31 1651 1652 bne Lctr32_enc8x_break # did $len-129 borrow? 1653 1654 vcipherlast $in0,$out0,$in0 1655 vcipherlast $in1,$out1,$in1 1656 vadduqm $out1,$ivec,$one # counter values ... 1657 vcipherlast $in2,$out2,$in2 1658 vadduqm $out2,$ivec,$two 1659 vxor $out0,$ivec,$rndkey0 # ... xored with rndkey[0] 1660 vcipherlast $in3,$out3,$in3 1661 vadduqm $out3,$out1,$two 1662 vxor $out1,$out1,$rndkey0 1663 vcipherlast $in4,$out4,$in4 1664 vadduqm $out4,$out2,$two 1665 vxor $out2,$out2,$rndkey0 1666 vcipherlast $in5,$out5,$in5 1667 vadduqm $out5,$out3,$two 1668 vxor $out3,$out3,$rndkey0 1669 vcipherlast $in6,$out6,$in6 1670 vadduqm $out6,$out4,$two 1671 vxor $out4,$out4,$rndkey0 1672 vcipherlast $in7,$out7,$in7 1673 vadduqm $out7,$out5,$two 1674 vxor $out5,$out5,$rndkey0 1675 le?vperm $in0,$in0,$in0,$inpperm 1676 vadduqm $ivec,$out6,$two # next counter value 1677 vxor $out6,$out6,$rndkey0 1678 le?vperm $in1,$in1,$in1,$inpperm 1679 vxor $out7,$out7,$rndkey0 1680 mtctr $rounds 1681 1682 vcipher $out0,$out0,v24 1683 stvx_u $in0,$x00,$out 1684 le?vperm $in2,$in2,$in2,$inpperm 1685 vcipher $out1,$out1,v24 1686 stvx_u $in1,$x10,$out 1687 le?vperm $in3,$in3,$in3,$inpperm 1688 vcipher $out2,$out2,v24 1689 stvx_u $in2,$x20,$out 1690 le?vperm $in4,$in4,$in4,$inpperm 1691 vcipher $out3,$out3,v24 1692 stvx_u $in3,$x30,$out 1693 le?vperm $in5,$in5,$in5,$inpperm 1694 vcipher $out4,$out4,v24 1695 stvx_u $in4,$x40,$out 1696 le?vperm $in6,$in6,$in6,$inpperm 1697 vcipher $out5,$out5,v24 1698 stvx_u $in5,$x50,$out 1699 le?vperm $in7,$in7,$in7,$inpperm 1700 vcipher $out6,$out6,v24 1701 stvx_u $in6,$x60,$out 1702 vcipher $out7,$out7,v24 1703 stvx_u $in7,$x70,$out 1704 addi $out,$out,0x80 1705 1706 b Loop_ctr32_enc8x_middle 1707 1708.align 5 1709Lctr32_enc8x_break: 1710 cmpwi $len,-0x60 1711 blt Lctr32_enc8x_one 1712 nop 1713 beq Lctr32_enc8x_two 1714 cmpwi $len,-0x40 1715 blt Lctr32_enc8x_three 1716 nop 1717 beq Lctr32_enc8x_four 1718 cmpwi $len,-0x20 1719 blt Lctr32_enc8x_five 1720 nop 1721 beq Lctr32_enc8x_six 1722 cmpwi $len,0x00 1723 blt Lctr32_enc8x_seven 1724 1725Lctr32_enc8x_eight: 1726 vcipherlast $out0,$out0,$in0 1727 vcipherlast $out1,$out1,$in1 1728 vcipherlast $out2,$out2,$in2 1729 vcipherlast $out3,$out3,$in3 1730 vcipherlast $out4,$out4,$in4 1731 vcipherlast $out5,$out5,$in5 1732 vcipherlast $out6,$out6,$in6 1733 vcipherlast $out7,$out7,$in7 1734 1735 le?vperm $out0,$out0,$out0,$inpperm 1736 le?vperm $out1,$out1,$out1,$inpperm 1737 stvx_u $out0,$x00,$out 1738 le?vperm $out2,$out2,$out2,$inpperm 1739 stvx_u $out1,$x10,$out 1740 le?vperm $out3,$out3,$out3,$inpperm 1741 stvx_u $out2,$x20,$out 1742 le?vperm $out4,$out4,$out4,$inpperm 1743 stvx_u $out3,$x30,$out 1744 le?vperm $out5,$out5,$out5,$inpperm 1745 stvx_u $out4,$x40,$out 1746 le?vperm $out6,$out6,$out6,$inpperm 1747 stvx_u $out5,$x50,$out 1748 le?vperm $out7,$out7,$out7,$inpperm 1749 stvx_u $out6,$x60,$out 1750 stvx_u $out7,$x70,$out 1751 addi $out,$out,0x80 1752 b Lctr32_enc8x_done 1753 1754.align 5 1755Lctr32_enc8x_seven: 1756 vcipherlast $out0,$out0,$in1 1757 vcipherlast $out1,$out1,$in2 1758 vcipherlast $out2,$out2,$in3 1759 vcipherlast $out3,$out3,$in4 1760 vcipherlast $out4,$out4,$in5 1761 vcipherlast $out5,$out5,$in6 1762 vcipherlast $out6,$out6,$in7 1763 1764 le?vperm $out0,$out0,$out0,$inpperm 1765 le?vperm $out1,$out1,$out1,$inpperm 1766 stvx_u $out0,$x00,$out 1767 le?vperm $out2,$out2,$out2,$inpperm 1768 stvx_u $out1,$x10,$out 1769 le?vperm $out3,$out3,$out3,$inpperm 1770 stvx_u $out2,$x20,$out 1771 le?vperm $out4,$out4,$out4,$inpperm 1772 stvx_u $out3,$x30,$out 1773 le?vperm $out5,$out5,$out5,$inpperm 1774 stvx_u $out4,$x40,$out 1775 le?vperm $out6,$out6,$out6,$inpperm 1776 stvx_u $out5,$x50,$out 1777 stvx_u $out6,$x60,$out 1778 addi $out,$out,0x70 1779 b Lctr32_enc8x_done 1780 1781.align 5 1782Lctr32_enc8x_six: 1783 vcipherlast $out0,$out0,$in2 1784 vcipherlast $out1,$out1,$in3 1785 vcipherlast $out2,$out2,$in4 1786 vcipherlast $out3,$out3,$in5 1787 vcipherlast $out4,$out4,$in6 1788 vcipherlast $out5,$out5,$in7 1789 1790 le?vperm $out0,$out0,$out0,$inpperm 1791 le?vperm $out1,$out1,$out1,$inpperm 1792 stvx_u $out0,$x00,$out 1793 le?vperm $out2,$out2,$out2,$inpperm 1794 stvx_u $out1,$x10,$out 1795 le?vperm $out3,$out3,$out3,$inpperm 1796 stvx_u $out2,$x20,$out 1797 le?vperm $out4,$out4,$out4,$inpperm 1798 stvx_u $out3,$x30,$out 1799 le?vperm $out5,$out5,$out5,$inpperm 1800 stvx_u $out4,$x40,$out 1801 stvx_u $out5,$x50,$out 1802 addi $out,$out,0x60 1803 b Lctr32_enc8x_done 1804 1805.align 5 1806Lctr32_enc8x_five: 1807 vcipherlast $out0,$out0,$in3 1808 vcipherlast $out1,$out1,$in4 1809 vcipherlast $out2,$out2,$in5 1810 vcipherlast $out3,$out3,$in6 1811 vcipherlast $out4,$out4,$in7 1812 1813 le?vperm $out0,$out0,$out0,$inpperm 1814 le?vperm $out1,$out1,$out1,$inpperm 1815 stvx_u $out0,$x00,$out 1816 le?vperm $out2,$out2,$out2,$inpperm 1817 stvx_u $out1,$x10,$out 1818 le?vperm $out3,$out3,$out3,$inpperm 1819 stvx_u $out2,$x20,$out 1820 le?vperm $out4,$out4,$out4,$inpperm 1821 stvx_u $out3,$x30,$out 1822 stvx_u $out4,$x40,$out 1823 addi $out,$out,0x50 1824 b Lctr32_enc8x_done 1825 1826.align 5 1827Lctr32_enc8x_four: 1828 vcipherlast $out0,$out0,$in4 1829 vcipherlast $out1,$out1,$in5 1830 vcipherlast $out2,$out2,$in6 1831 vcipherlast $out3,$out3,$in7 1832 1833 le?vperm $out0,$out0,$out0,$inpperm 1834 le?vperm $out1,$out1,$out1,$inpperm 1835 stvx_u $out0,$x00,$out 1836 le?vperm $out2,$out2,$out2,$inpperm 1837 stvx_u $out1,$x10,$out 1838 le?vperm $out3,$out3,$out3,$inpperm 1839 stvx_u $out2,$x20,$out 1840 stvx_u $out3,$x30,$out 1841 addi $out,$out,0x40 1842 b Lctr32_enc8x_done 1843 1844.align 5 1845Lctr32_enc8x_three: 1846 vcipherlast $out0,$out0,$in5 1847 vcipherlast $out1,$out1,$in6 1848 vcipherlast $out2,$out2,$in7 1849 1850 le?vperm $out0,$out0,$out0,$inpperm 1851 le?vperm $out1,$out1,$out1,$inpperm 1852 stvx_u $out0,$x00,$out 1853 le?vperm $out2,$out2,$out2,$inpperm 1854 stvx_u $out1,$x10,$out 1855 stvx_u $out2,$x20,$out 1856 addi $out,$out,0x30 1857 b Lctr32_enc8x_done 1858 1859.align 5 1860Lctr32_enc8x_two: 1861 vcipherlast $out0,$out0,$in6 1862 vcipherlast $out1,$out1,$in7 1863 1864 le?vperm $out0,$out0,$out0,$inpperm 1865 le?vperm $out1,$out1,$out1,$inpperm 1866 stvx_u $out0,$x00,$out 1867 stvx_u $out1,$x10,$out 1868 addi $out,$out,0x20 1869 b Lctr32_enc8x_done 1870 1871.align 5 1872Lctr32_enc8x_one: 1873 vcipherlast $out0,$out0,$in7 1874 1875 le?vperm $out0,$out0,$out0,$inpperm 1876 stvx_u $out0,0,$out 1877 addi $out,$out,0x10 1878 1879Lctr32_enc8x_done: 1880 li r10,`$FRAME+15` 1881 li r11,`$FRAME+31` 1882 stvx $inpperm,r10,$sp # wipe copies of round keys 1883 addi r10,r10,32 1884 stvx $inpperm,r11,$sp 1885 addi r11,r11,32 1886 stvx $inpperm,r10,$sp 1887 addi r10,r10,32 1888 stvx $inpperm,r11,$sp 1889 addi r11,r11,32 1890 stvx $inpperm,r10,$sp 1891 addi r10,r10,32 1892 stvx $inpperm,r11,$sp 1893 addi r11,r11,32 1894 stvx $inpperm,r10,$sp 1895 addi r10,r10,32 1896 stvx $inpperm,r11,$sp 1897 addi r11,r11,32 1898 1899 mtspr 256,$vrsave 1900 lvx v20,r10,$sp # ABI says so 1901 addi r10,r10,32 1902 lvx v21,r11,$sp 1903 addi r11,r11,32 1904 lvx v22,r10,$sp 1905 addi r10,r10,32 1906 lvx v23,r11,$sp 1907 addi r11,r11,32 1908 lvx v24,r10,$sp 1909 addi r10,r10,32 1910 lvx v25,r11,$sp 1911 addi r11,r11,32 1912 lvx v26,r10,$sp 1913 addi r10,r10,32 1914 lvx v27,r11,$sp 1915 addi r11,r11,32 1916 lvx v28,r10,$sp 1917 addi r10,r10,32 1918 lvx v29,r11,$sp 1919 addi r11,r11,32 1920 lvx v30,r10,$sp 1921 lvx v31,r11,$sp 1922 $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) 1923 $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) 1924 $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) 1925 $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) 1926 $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) 1927 $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) 1928 addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` 1929 blr 1930 .long 0 1931 .byte 0,12,0x14,0,0x80,6,6,0 1932 .long 0 1933.size .${prefix}_ctr32_encrypt_blocks,.-.${prefix}_ctr32_encrypt_blocks 1934___ 1935}} }}} 1936 1937######################################################################### 1938{{{ # XTS procedures # 1939# int aes_p8_xts_[en|de]crypt(const char *inp, char *out, size_t len, # 1940# const AES_KEY *key1, const AES_KEY *key2, # 1941# [const] unsigned char iv[16]); # 1942# If $key2 is NULL, then a "tweak chaining" mode is engaged, in which # 1943# input tweak value is assumed to be encrypted already, and last tweak # 1944# value, one suitable for consecutive call on same chunk of data, is # 1945# written back to original buffer. In addition, in "tweak chaining" # 1946# mode only complete input blocks are processed. # 1947 1948my ($inp,$out,$len,$key1,$key2,$ivp,$rounds,$idx) = map("r$_",(3..10)); 1949my ($rndkey0,$rndkey1,$inout) = map("v$_",(0..2)); 1950my ($output,$inptail,$inpperm,$leperm,$keyperm) = map("v$_",(3..7)); 1951my ($tweak,$seven,$eighty7,$tmp,$tweak1) = map("v$_",(8..12)); 1952my $taillen = $key2; 1953 1954 ($inp,$idx) = ($idx,$inp); # reassign 1955 1956$code.=<<___; 1957.globl .${prefix}_xts_encrypt 1958 mr $inp,r3 # reassign 1959 li r3,-1 1960 ${UCMP}i $len,16 1961 bltlr- 1962 1963 lis r0,0xfff0 1964 mfspr r12,256 # save vrsave 1965 li r11,0 1966 mtspr 256,r0 1967 1968 vspltisb $seven,0x07 # 0x070707..07 1969 le?lvsl $leperm,r11,r11 1970 le?vspltisb $tmp,0x0f 1971 le?vxor $leperm,$leperm,$seven 1972 1973 li $idx,15 1974 lvx $tweak,0,$ivp # load [unaligned] iv 1975 lvsl $inpperm,0,$ivp 1976 lvx $inptail,$idx,$ivp 1977 le?vxor $inpperm,$inpperm,$tmp 1978 vperm $tweak,$tweak,$inptail,$inpperm 1979 1980 neg r11,$inp 1981 lvsr $inpperm,0,r11 # prepare for unaligned load 1982 lvx $inout,0,$inp 1983 addi $inp,$inp,15 # 15 is not typo 1984 le?vxor $inpperm,$inpperm,$tmp 1985 1986 ${UCMP}i $key2,0 # key2==NULL? 1987 beq Lxts_enc_no_key2 1988 1989 ?lvsl $keyperm,0,$key2 # prepare for unaligned key 1990 lwz $rounds,240($key2) 1991 srwi $rounds,$rounds,1 1992 subi $rounds,$rounds,1 1993 li $idx,16 1994 1995 lvx $rndkey0,0,$key2 1996 lvx $rndkey1,$idx,$key2 1997 addi $idx,$idx,16 1998 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 1999 vxor $tweak,$tweak,$rndkey0 2000 lvx $rndkey0,$idx,$key2 2001 addi $idx,$idx,16 2002 mtctr $rounds 2003 2004Ltweak_xts_enc: 2005 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2006 vcipher $tweak,$tweak,$rndkey1 2007 lvx $rndkey1,$idx,$key2 2008 addi $idx,$idx,16 2009 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2010 vcipher $tweak,$tweak,$rndkey0 2011 lvx $rndkey0,$idx,$key2 2012 addi $idx,$idx,16 2013 bdnz Ltweak_xts_enc 2014 2015 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2016 vcipher $tweak,$tweak,$rndkey1 2017 lvx $rndkey1,$idx,$key2 2018 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2019 vcipherlast $tweak,$tweak,$rndkey0 2020 2021 li $ivp,0 # don't chain the tweak 2022 b Lxts_enc 2023 2024Lxts_enc_no_key2: 2025 li $idx,-16 2026 and $len,$len,$idx # in "tweak chaining" 2027 # mode only complete 2028 # blocks are processed 2029Lxts_enc: 2030 lvx $inptail,0,$inp 2031 addi $inp,$inp,16 2032 2033 ?lvsl $keyperm,0,$key1 # prepare for unaligned key 2034 lwz $rounds,240($key1) 2035 srwi $rounds,$rounds,1 2036 subi $rounds,$rounds,1 2037 li $idx,16 2038 2039 vslb $eighty7,$seven,$seven # 0x808080..80 2040 vor $eighty7,$eighty7,$seven # 0x878787..87 2041 vspltisb $tmp,1 # 0x010101..01 2042 vsldoi $eighty7,$eighty7,$tmp,15 # 0x870101..01 2043 2044 ${UCMP}i $len,96 2045 bge _aesp8_xts_encrypt6x 2046 2047 andi. $taillen,$len,15 2048 subic r0,$len,32 2049 subi $taillen,$taillen,16 2050 subfe r0,r0,r0 2051 and r0,r0,$taillen 2052 add $inp,$inp,r0 2053 2054 lvx $rndkey0,0,$key1 2055 lvx $rndkey1,$idx,$key1 2056 addi $idx,$idx,16 2057 vperm $inout,$inout,$inptail,$inpperm 2058 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2059 vxor $inout,$inout,$tweak 2060 vxor $inout,$inout,$rndkey0 2061 lvx $rndkey0,$idx,$key1 2062 addi $idx,$idx,16 2063 mtctr $rounds 2064 b Loop_xts_enc 2065 2066.align 5 2067Loop_xts_enc: 2068 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2069 vcipher $inout,$inout,$rndkey1 2070 lvx $rndkey1,$idx,$key1 2071 addi $idx,$idx,16 2072 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2073 vcipher $inout,$inout,$rndkey0 2074 lvx $rndkey0,$idx,$key1 2075 addi $idx,$idx,16 2076 bdnz Loop_xts_enc 2077 2078 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2079 vcipher $inout,$inout,$rndkey1 2080 lvx $rndkey1,$idx,$key1 2081 li $idx,16 2082 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2083 vxor $rndkey0,$rndkey0,$tweak 2084 vcipherlast $output,$inout,$rndkey0 2085 2086 le?vperm $tmp,$output,$output,$leperm 2087 be?nop 2088 le?stvx_u $tmp,0,$out 2089 be?stvx_u $output,0,$out 2090 addi $out,$out,16 2091 2092 subic. $len,$len,16 2093 beq Lxts_enc_done 2094 2095 vmr $inout,$inptail 2096 lvx $inptail,0,$inp 2097 addi $inp,$inp,16 2098 lvx $rndkey0,0,$key1 2099 lvx $rndkey1,$idx,$key1 2100 addi $idx,$idx,16 2101 2102 subic r0,$len,32 2103 subfe r0,r0,r0 2104 and r0,r0,$taillen 2105 add $inp,$inp,r0 2106 2107 vsrab $tmp,$tweak,$seven # next tweak value 2108 vaddubm $tweak,$tweak,$tweak 2109 vsldoi $tmp,$tmp,$tmp,15 2110 vand $tmp,$tmp,$eighty7 2111 vxor $tweak,$tweak,$tmp 2112 2113 vperm $inout,$inout,$inptail,$inpperm 2114 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2115 vxor $inout,$inout,$tweak 2116 vxor $output,$output,$rndkey0 # just in case $len<16 2117 vxor $inout,$inout,$rndkey0 2118 lvx $rndkey0,$idx,$key1 2119 addi $idx,$idx,16 2120 2121 mtctr $rounds 2122 ${UCMP}i $len,16 2123 bge Loop_xts_enc 2124 2125 vxor $output,$output,$tweak 2126 lvsr $inpperm,0,$len # $inpperm is no longer needed 2127 vxor $inptail,$inptail,$inptail # $inptail is no longer needed 2128 vspltisb $tmp,-1 2129 vperm $inptail,$inptail,$tmp,$inpperm 2130 vsel $inout,$inout,$output,$inptail 2131 2132 subi r11,$out,17 2133 subi $out,$out,16 2134 mtctr $len 2135 li $len,16 2136Loop_xts_enc_steal: 2137 lbzu r0,1(r11) 2138 stb r0,16(r11) 2139 bdnz Loop_xts_enc_steal 2140 2141 mtctr $rounds 2142 b Loop_xts_enc # one more time... 2143 2144Lxts_enc_done: 2145 ${UCMP}i $ivp,0 2146 beq Lxts_enc_ret 2147 2148 vsrab $tmp,$tweak,$seven # next tweak value 2149 vaddubm $tweak,$tweak,$tweak 2150 vsldoi $tmp,$tmp,$tmp,15 2151 vand $tmp,$tmp,$eighty7 2152 vxor $tweak,$tweak,$tmp 2153 2154 le?vperm $tweak,$tweak,$tweak,$leperm 2155 stvx_u $tweak,0,$ivp 2156 2157Lxts_enc_ret: 2158 mtspr 256,r12 # restore vrsave 2159 li r3,0 2160 blr 2161 .long 0 2162 .byte 0,12,0x04,0,0x80,6,6,0 2163 .long 0 2164.size .${prefix}_xts_encrypt,.-.${prefix}_xts_encrypt 2165 2166.globl .${prefix}_xts_decrypt 2167 mr $inp,r3 # reassign 2168 li r3,-1 2169 ${UCMP}i $len,16 2170 bltlr- 2171 2172 lis r0,0xfff8 2173 mfspr r12,256 # save vrsave 2174 li r11,0 2175 mtspr 256,r0 2176 2177 andi. r0,$len,15 2178 neg r0,r0 2179 andi. r0,r0,16 2180 sub $len,$len,r0 2181 2182 vspltisb $seven,0x07 # 0x070707..07 2183 le?lvsl $leperm,r11,r11 2184 le?vspltisb $tmp,0x0f 2185 le?vxor $leperm,$leperm,$seven 2186 2187 li $idx,15 2188 lvx $tweak,0,$ivp # load [unaligned] iv 2189 lvsl $inpperm,0,$ivp 2190 lvx $inptail,$idx,$ivp 2191 le?vxor $inpperm,$inpperm,$tmp 2192 vperm $tweak,$tweak,$inptail,$inpperm 2193 2194 neg r11,$inp 2195 lvsr $inpperm,0,r11 # prepare for unaligned load 2196 lvx $inout,0,$inp 2197 addi $inp,$inp,15 # 15 is not typo 2198 le?vxor $inpperm,$inpperm,$tmp 2199 2200 ${UCMP}i $key2,0 # key2==NULL? 2201 beq Lxts_dec_no_key2 2202 2203 ?lvsl $keyperm,0,$key2 # prepare for unaligned key 2204 lwz $rounds,240($key2) 2205 srwi $rounds,$rounds,1 2206 subi $rounds,$rounds,1 2207 li $idx,16 2208 2209 lvx $rndkey0,0,$key2 2210 lvx $rndkey1,$idx,$key2 2211 addi $idx,$idx,16 2212 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2213 vxor $tweak,$tweak,$rndkey0 2214 lvx $rndkey0,$idx,$key2 2215 addi $idx,$idx,16 2216 mtctr $rounds 2217 2218Ltweak_xts_dec: 2219 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2220 vcipher $tweak,$tweak,$rndkey1 2221 lvx $rndkey1,$idx,$key2 2222 addi $idx,$idx,16 2223 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2224 vcipher $tweak,$tweak,$rndkey0 2225 lvx $rndkey0,$idx,$key2 2226 addi $idx,$idx,16 2227 bdnz Ltweak_xts_dec 2228 2229 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2230 vcipher $tweak,$tweak,$rndkey1 2231 lvx $rndkey1,$idx,$key2 2232 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2233 vcipherlast $tweak,$tweak,$rndkey0 2234 2235 li $ivp,0 # don't chain the tweak 2236 b Lxts_dec 2237 2238Lxts_dec_no_key2: 2239 neg $idx,$len 2240 andi. $idx,$idx,15 2241 add $len,$len,$idx # in "tweak chaining" 2242 # mode only complete 2243 # blocks are processed 2244Lxts_dec: 2245 lvx $inptail,0,$inp 2246 addi $inp,$inp,16 2247 2248 ?lvsl $keyperm,0,$key1 # prepare for unaligned key 2249 lwz $rounds,240($key1) 2250 srwi $rounds,$rounds,1 2251 subi $rounds,$rounds,1 2252 li $idx,16 2253 2254 vslb $eighty7,$seven,$seven # 0x808080..80 2255 vor $eighty7,$eighty7,$seven # 0x878787..87 2256 vspltisb $tmp,1 # 0x010101..01 2257 vsldoi $eighty7,$eighty7,$tmp,15 # 0x870101..01 2258 2259 ${UCMP}i $len,96 2260 bge _aesp8_xts_decrypt6x 2261 2262 lvx $rndkey0,0,$key1 2263 lvx $rndkey1,$idx,$key1 2264 addi $idx,$idx,16 2265 vperm $inout,$inout,$inptail,$inpperm 2266 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2267 vxor $inout,$inout,$tweak 2268 vxor $inout,$inout,$rndkey0 2269 lvx $rndkey0,$idx,$key1 2270 addi $idx,$idx,16 2271 mtctr $rounds 2272 2273 ${UCMP}i $len,16 2274 blt Ltail_xts_dec 2275 be?b Loop_xts_dec 2276 2277.align 5 2278Loop_xts_dec: 2279 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2280 vncipher $inout,$inout,$rndkey1 2281 lvx $rndkey1,$idx,$key1 2282 addi $idx,$idx,16 2283 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2284 vncipher $inout,$inout,$rndkey0 2285 lvx $rndkey0,$idx,$key1 2286 addi $idx,$idx,16 2287 bdnz Loop_xts_dec 2288 2289 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2290 vncipher $inout,$inout,$rndkey1 2291 lvx $rndkey1,$idx,$key1 2292 li $idx,16 2293 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2294 vxor $rndkey0,$rndkey0,$tweak 2295 vncipherlast $output,$inout,$rndkey0 2296 2297 le?vperm $tmp,$output,$output,$leperm 2298 be?nop 2299 le?stvx_u $tmp,0,$out 2300 be?stvx_u $output,0,$out 2301 addi $out,$out,16 2302 2303 subic. $len,$len,16 2304 beq Lxts_dec_done 2305 2306 vmr $inout,$inptail 2307 lvx $inptail,0,$inp 2308 addi $inp,$inp,16 2309 lvx $rndkey0,0,$key1 2310 lvx $rndkey1,$idx,$key1 2311 addi $idx,$idx,16 2312 2313 vsrab $tmp,$tweak,$seven # next tweak value 2314 vaddubm $tweak,$tweak,$tweak 2315 vsldoi $tmp,$tmp,$tmp,15 2316 vand $tmp,$tmp,$eighty7 2317 vxor $tweak,$tweak,$tmp 2318 2319 vperm $inout,$inout,$inptail,$inpperm 2320 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2321 vxor $inout,$inout,$tweak 2322 vxor $inout,$inout,$rndkey0 2323 lvx $rndkey0,$idx,$key1 2324 addi $idx,$idx,16 2325 2326 mtctr $rounds 2327 ${UCMP}i $len,16 2328 bge Loop_xts_dec 2329 2330Ltail_xts_dec: 2331 vsrab $tmp,$tweak,$seven # next tweak value 2332 vaddubm $tweak1,$tweak,$tweak 2333 vsldoi $tmp,$tmp,$tmp,15 2334 vand $tmp,$tmp,$eighty7 2335 vxor $tweak1,$tweak1,$tmp 2336 2337 subi $inp,$inp,16 2338 add $inp,$inp,$len 2339 2340 vxor $inout,$inout,$tweak # :-( 2341 vxor $inout,$inout,$tweak1 # :-) 2342 2343Loop_xts_dec_short: 2344 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2345 vncipher $inout,$inout,$rndkey1 2346 lvx $rndkey1,$idx,$key1 2347 addi $idx,$idx,16 2348 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2349 vncipher $inout,$inout,$rndkey0 2350 lvx $rndkey0,$idx,$key1 2351 addi $idx,$idx,16 2352 bdnz Loop_xts_dec_short 2353 2354 ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm 2355 vncipher $inout,$inout,$rndkey1 2356 lvx $rndkey1,$idx,$key1 2357 li $idx,16 2358 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2359 vxor $rndkey0,$rndkey0,$tweak1 2360 vncipherlast $output,$inout,$rndkey0 2361 2362 le?vperm $tmp,$output,$output,$leperm 2363 be?nop 2364 le?stvx_u $tmp,0,$out 2365 be?stvx_u $output,0,$out 2366 2367 vmr $inout,$inptail 2368 lvx $inptail,0,$inp 2369 #addi $inp,$inp,16 2370 lvx $rndkey0,0,$key1 2371 lvx $rndkey1,$idx,$key1 2372 addi $idx,$idx,16 2373 vperm $inout,$inout,$inptail,$inpperm 2374 ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm 2375 2376 lvsr $inpperm,0,$len # $inpperm is no longer needed 2377 vxor $inptail,$inptail,$inptail # $inptail is no longer needed 2378 vspltisb $tmp,-1 2379 vperm $inptail,$inptail,$tmp,$inpperm 2380 vsel $inout,$inout,$output,$inptail 2381 2382 vxor $rndkey0,$rndkey0,$tweak 2383 vxor $inout,$inout,$rndkey0 2384 lvx $rndkey0,$idx,$key1 2385 addi $idx,$idx,16 2386 2387 subi r11,$out,1 2388 mtctr $len 2389 li $len,16 2390Loop_xts_dec_steal: 2391 lbzu r0,1(r11) 2392 stb r0,16(r11) 2393 bdnz Loop_xts_dec_steal 2394 2395 mtctr $rounds 2396 b Loop_xts_dec # one more time... 2397 2398Lxts_dec_done: 2399 ${UCMP}i $ivp,0 2400 beq Lxts_dec_ret 2401 2402 vsrab $tmp,$tweak,$seven # next tweak value 2403 vaddubm $tweak,$tweak,$tweak 2404 vsldoi $tmp,$tmp,$tmp,15 2405 vand $tmp,$tmp,$eighty7 2406 vxor $tweak,$tweak,$tmp 2407 2408 le?vperm $tweak,$tweak,$tweak,$leperm 2409 stvx_u $tweak,0,$ivp 2410 2411Lxts_dec_ret: 2412 mtspr 256,r12 # restore vrsave 2413 li r3,0 2414 blr 2415 .long 0 2416 .byte 0,12,0x04,0,0x80,6,6,0 2417 .long 0 2418.size .${prefix}_xts_decrypt,.-.${prefix}_xts_decrypt 2419___ 2420######################################################################### 2421{{ # Optimized XTS procedures # 2422my $key_=$key2; 2423my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31)); 2424 $x00=0 if ($flavour =~ /osx/); 2425my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5)); 2426my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16)); 2427my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22)); 2428my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys 2429 # v26-v31 last 6 round keys 2430my ($keyperm)=($out0); # aliases with "caller", redundant assignment 2431my $taillen=$x70; 2432 2433$code.=<<___; 2434.align 5 2435_aesp8_xts_encrypt6x: 2436 $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) 2437 mflr r11 2438 li r7,`$FRAME+8*16+15` 2439 li r3,`$FRAME+8*16+31` 2440 $PUSH r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp) 2441 stvx v20,r7,$sp # ABI says so 2442 addi r7,r7,32 2443 stvx v21,r3,$sp 2444 addi r3,r3,32 2445 stvx v22,r7,$sp 2446 addi r7,r7,32 2447 stvx v23,r3,$sp 2448 addi r3,r3,32 2449 stvx v24,r7,$sp 2450 addi r7,r7,32 2451 stvx v25,r3,$sp 2452 addi r3,r3,32 2453 stvx v26,r7,$sp 2454 addi r7,r7,32 2455 stvx v27,r3,$sp 2456 addi r3,r3,32 2457 stvx v28,r7,$sp 2458 addi r7,r7,32 2459 stvx v29,r3,$sp 2460 addi r3,r3,32 2461 stvx v30,r7,$sp 2462 stvx v31,r3,$sp 2463 li r0,-1 2464 stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave 2465 li $x10,0x10 2466 $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) 2467 li $x20,0x20 2468 $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) 2469 li $x30,0x30 2470 $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) 2471 li $x40,0x40 2472 $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) 2473 li $x50,0x50 2474 $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) 2475 li $x60,0x60 2476 $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) 2477 li $x70,0x70 2478 mtspr 256,r0 2479 2480 subi $rounds,$rounds,3 # -4 in total 2481 2482 lvx $rndkey0,$x00,$key1 # load key schedule 2483 lvx v30,$x10,$key1 2484 addi $key1,$key1,0x20 2485 lvx v31,$x00,$key1 2486 ?vperm $rndkey0,$rndkey0,v30,$keyperm 2487 addi $key_,$sp,$FRAME+15 2488 mtctr $rounds 2489 2490Load_xts_enc_key: 2491 ?vperm v24,v30,v31,$keyperm 2492 lvx v30,$x10,$key1 2493 addi $key1,$key1,0x20 2494 stvx v24,$x00,$key_ # off-load round[1] 2495 ?vperm v25,v31,v30,$keyperm 2496 lvx v31,$x00,$key1 2497 stvx v25,$x10,$key_ # off-load round[2] 2498 addi $key_,$key_,0x20 2499 bdnz Load_xts_enc_key 2500 2501 lvx v26,$x10,$key1 2502 ?vperm v24,v30,v31,$keyperm 2503 lvx v27,$x20,$key1 2504 stvx v24,$x00,$key_ # off-load round[3] 2505 ?vperm v25,v31,v26,$keyperm 2506 lvx v28,$x30,$key1 2507 stvx v25,$x10,$key_ # off-load round[4] 2508 addi $key_,$sp,$FRAME+15 # rewind $key_ 2509 ?vperm v26,v26,v27,$keyperm 2510 lvx v29,$x40,$key1 2511 ?vperm v27,v27,v28,$keyperm 2512 lvx v30,$x50,$key1 2513 ?vperm v28,v28,v29,$keyperm 2514 lvx v31,$x60,$key1 2515 ?vperm v29,v29,v30,$keyperm 2516 lvx $twk5,$x70,$key1 # borrow $twk5 2517 ?vperm v30,v30,v31,$keyperm 2518 lvx v24,$x00,$key_ # pre-load round[1] 2519 ?vperm v31,v31,$twk5,$keyperm 2520 lvx v25,$x10,$key_ # pre-load round[2] 2521 2522 vperm $in0,$inout,$inptail,$inpperm 2523 subi $inp,$inp,31 # undo "caller" 2524 vxor $twk0,$tweak,$rndkey0 2525 vsrab $tmp,$tweak,$seven # next tweak value 2526 vaddubm $tweak,$tweak,$tweak 2527 vsldoi $tmp,$tmp,$tmp,15 2528 vand $tmp,$tmp,$eighty7 2529 vxor $out0,$in0,$twk0 2530 vxor $tweak,$tweak,$tmp 2531 2532 lvx_u $in1,$x10,$inp 2533 vxor $twk1,$tweak,$rndkey0 2534 vsrab $tmp,$tweak,$seven # next tweak value 2535 vaddubm $tweak,$tweak,$tweak 2536 vsldoi $tmp,$tmp,$tmp,15 2537 le?vperm $in1,$in1,$in1,$leperm 2538 vand $tmp,$tmp,$eighty7 2539 vxor $out1,$in1,$twk1 2540 vxor $tweak,$tweak,$tmp 2541 2542 lvx_u $in2,$x20,$inp 2543 andi. $taillen,$len,15 2544 vxor $twk2,$tweak,$rndkey0 2545 vsrab $tmp,$tweak,$seven # next tweak value 2546 vaddubm $tweak,$tweak,$tweak 2547 vsldoi $tmp,$tmp,$tmp,15 2548 le?vperm $in2,$in2,$in2,$leperm 2549 vand $tmp,$tmp,$eighty7 2550 vxor $out2,$in2,$twk2 2551 vxor $tweak,$tweak,$tmp 2552 2553 lvx_u $in3,$x30,$inp 2554 sub $len,$len,$taillen 2555 vxor $twk3,$tweak,$rndkey0 2556 vsrab $tmp,$tweak,$seven # next tweak value 2557 vaddubm $tweak,$tweak,$tweak 2558 vsldoi $tmp,$tmp,$tmp,15 2559 le?vperm $in3,$in3,$in3,$leperm 2560 vand $tmp,$tmp,$eighty7 2561 vxor $out3,$in3,$twk3 2562 vxor $tweak,$tweak,$tmp 2563 2564 lvx_u $in4,$x40,$inp 2565 subi $len,$len,0x60 2566 vxor $twk4,$tweak,$rndkey0 2567 vsrab $tmp,$tweak,$seven # next tweak value 2568 vaddubm $tweak,$tweak,$tweak 2569 vsldoi $tmp,$tmp,$tmp,15 2570 le?vperm $in4,$in4,$in4,$leperm 2571 vand $tmp,$tmp,$eighty7 2572 vxor $out4,$in4,$twk4 2573 vxor $tweak,$tweak,$tmp 2574 2575 lvx_u $in5,$x50,$inp 2576 addi $inp,$inp,0x60 2577 vxor $twk5,$tweak,$rndkey0 2578 vsrab $tmp,$tweak,$seven # next tweak value 2579 vaddubm $tweak,$tweak,$tweak 2580 vsldoi $tmp,$tmp,$tmp,15 2581 le?vperm $in5,$in5,$in5,$leperm 2582 vand $tmp,$tmp,$eighty7 2583 vxor $out5,$in5,$twk5 2584 vxor $tweak,$tweak,$tmp 2585 2586 vxor v31,v31,$rndkey0 2587 mtctr $rounds 2588 b Loop_xts_enc6x 2589 2590.align 5 2591Loop_xts_enc6x: 2592 vcipher $out0,$out0,v24 2593 vcipher $out1,$out1,v24 2594 vcipher $out2,$out2,v24 2595 vcipher $out3,$out3,v24 2596 vcipher $out4,$out4,v24 2597 vcipher $out5,$out5,v24 2598 lvx v24,$x20,$key_ # round[3] 2599 addi $key_,$key_,0x20 2600 2601 vcipher $out0,$out0,v25 2602 vcipher $out1,$out1,v25 2603 vcipher $out2,$out2,v25 2604 vcipher $out3,$out3,v25 2605 vcipher $out4,$out4,v25 2606 vcipher $out5,$out5,v25 2607 lvx v25,$x10,$key_ # round[4] 2608 bdnz Loop_xts_enc6x 2609 2610 subic $len,$len,96 # $len-=96 2611 vxor $in0,$twk0,v31 # xor with last round key 2612 vcipher $out0,$out0,v24 2613 vcipher $out1,$out1,v24 2614 vsrab $tmp,$tweak,$seven # next tweak value 2615 vxor $twk0,$tweak,$rndkey0 2616 vaddubm $tweak,$tweak,$tweak 2617 vcipher $out2,$out2,v24 2618 vcipher $out3,$out3,v24 2619 vsldoi $tmp,$tmp,$tmp,15 2620 vcipher $out4,$out4,v24 2621 vcipher $out5,$out5,v24 2622 2623 subfe. r0,r0,r0 # borrow?-1:0 2624 vand $tmp,$tmp,$eighty7 2625 vcipher $out0,$out0,v25 2626 vcipher $out1,$out1,v25 2627 vxor $tweak,$tweak,$tmp 2628 vcipher $out2,$out2,v25 2629 vcipher $out3,$out3,v25 2630 vxor $in1,$twk1,v31 2631 vsrab $tmp,$tweak,$seven # next tweak value 2632 vxor $twk1,$tweak,$rndkey0 2633 vcipher $out4,$out4,v25 2634 vcipher $out5,$out5,v25 2635 2636 and r0,r0,$len 2637 vaddubm $tweak,$tweak,$tweak 2638 vsldoi $tmp,$tmp,$tmp,15 2639 vcipher $out0,$out0,v26 2640 vcipher $out1,$out1,v26 2641 vand $tmp,$tmp,$eighty7 2642 vcipher $out2,$out2,v26 2643 vcipher $out3,$out3,v26 2644 vxor $tweak,$tweak,$tmp 2645 vcipher $out4,$out4,v26 2646 vcipher $out5,$out5,v26 2647 2648 add $inp,$inp,r0 # $inp is adjusted in such 2649 # way that at exit from the 2650 # loop inX-in5 are loaded 2651 # with last "words" 2652 vxor $in2,$twk2,v31 2653 vsrab $tmp,$tweak,$seven # next tweak value 2654 vxor $twk2,$tweak,$rndkey0 2655 vaddubm $tweak,$tweak,$tweak 2656 vcipher $out0,$out0,v27 2657 vcipher $out1,$out1,v27 2658 vsldoi $tmp,$tmp,$tmp,15 2659 vcipher $out2,$out2,v27 2660 vcipher $out3,$out3,v27 2661 vand $tmp,$tmp,$eighty7 2662 vcipher $out4,$out4,v27 2663 vcipher $out5,$out5,v27 2664 2665 addi $key_,$sp,$FRAME+15 # rewind $key_ 2666 vxor $tweak,$tweak,$tmp 2667 vcipher $out0,$out0,v28 2668 vcipher $out1,$out1,v28 2669 vxor $in3,$twk3,v31 2670 vsrab $tmp,$tweak,$seven # next tweak value 2671 vxor $twk3,$tweak,$rndkey0 2672 vcipher $out2,$out2,v28 2673 vcipher $out3,$out3,v28 2674 vaddubm $tweak,$tweak,$tweak 2675 vsldoi $tmp,$tmp,$tmp,15 2676 vcipher $out4,$out4,v28 2677 vcipher $out5,$out5,v28 2678 lvx v24,$x00,$key_ # re-pre-load round[1] 2679 vand $tmp,$tmp,$eighty7 2680 2681 vcipher $out0,$out0,v29 2682 vcipher $out1,$out1,v29 2683 vxor $tweak,$tweak,$tmp 2684 vcipher $out2,$out2,v29 2685 vcipher $out3,$out3,v29 2686 vxor $in4,$twk4,v31 2687 vsrab $tmp,$tweak,$seven # next tweak value 2688 vxor $twk4,$tweak,$rndkey0 2689 vcipher $out4,$out4,v29 2690 vcipher $out5,$out5,v29 2691 lvx v25,$x10,$key_ # re-pre-load round[2] 2692 vaddubm $tweak,$tweak,$tweak 2693 vsldoi $tmp,$tmp,$tmp,15 2694 2695 vcipher $out0,$out0,v30 2696 vcipher $out1,$out1,v30 2697 vand $tmp,$tmp,$eighty7 2698 vcipher $out2,$out2,v30 2699 vcipher $out3,$out3,v30 2700 vxor $tweak,$tweak,$tmp 2701 vcipher $out4,$out4,v30 2702 vcipher $out5,$out5,v30 2703 vxor $in5,$twk5,v31 2704 vsrab $tmp,$tweak,$seven # next tweak value 2705 vxor $twk5,$tweak,$rndkey0 2706 2707 vcipherlast $out0,$out0,$in0 2708 lvx_u $in0,$x00,$inp # load next input block 2709 vaddubm $tweak,$tweak,$tweak 2710 vsldoi $tmp,$tmp,$tmp,15 2711 vcipherlast $out1,$out1,$in1 2712 lvx_u $in1,$x10,$inp 2713 vcipherlast $out2,$out2,$in2 2714 le?vperm $in0,$in0,$in0,$leperm 2715 lvx_u $in2,$x20,$inp 2716 vand $tmp,$tmp,$eighty7 2717 vcipherlast $out3,$out3,$in3 2718 le?vperm $in1,$in1,$in1,$leperm 2719 lvx_u $in3,$x30,$inp 2720 vcipherlast $out4,$out4,$in4 2721 le?vperm $in2,$in2,$in2,$leperm 2722 lvx_u $in4,$x40,$inp 2723 vxor $tweak,$tweak,$tmp 2724 vcipherlast $tmp,$out5,$in5 # last block might be needed 2725 # in stealing mode 2726 le?vperm $in3,$in3,$in3,$leperm 2727 lvx_u $in5,$x50,$inp 2728 addi $inp,$inp,0x60 2729 le?vperm $in4,$in4,$in4,$leperm 2730 le?vperm $in5,$in5,$in5,$leperm 2731 2732 le?vperm $out0,$out0,$out0,$leperm 2733 le?vperm $out1,$out1,$out1,$leperm 2734 stvx_u $out0,$x00,$out # store output 2735 vxor $out0,$in0,$twk0 2736 le?vperm $out2,$out2,$out2,$leperm 2737 stvx_u $out1,$x10,$out 2738 vxor $out1,$in1,$twk1 2739 le?vperm $out3,$out3,$out3,$leperm 2740 stvx_u $out2,$x20,$out 2741 vxor $out2,$in2,$twk2 2742 le?vperm $out4,$out4,$out4,$leperm 2743 stvx_u $out3,$x30,$out 2744 vxor $out3,$in3,$twk3 2745 le?vperm $out5,$tmp,$tmp,$leperm 2746 stvx_u $out4,$x40,$out 2747 vxor $out4,$in4,$twk4 2748 le?stvx_u $out5,$x50,$out 2749 be?stvx_u $tmp, $x50,$out 2750 vxor $out5,$in5,$twk5 2751 addi $out,$out,0x60 2752 2753 mtctr $rounds 2754 beq Loop_xts_enc6x # did $len-=96 borrow? 2755 2756 addic. $len,$len,0x60 2757 beq Lxts_enc6x_zero 2758 cmpwi $len,0x20 2759 blt Lxts_enc6x_one 2760 nop 2761 beq Lxts_enc6x_two 2762 cmpwi $len,0x40 2763 blt Lxts_enc6x_three 2764 nop 2765 beq Lxts_enc6x_four 2766 2767Lxts_enc6x_five: 2768 vxor $out0,$in1,$twk0 2769 vxor $out1,$in2,$twk1 2770 vxor $out2,$in3,$twk2 2771 vxor $out3,$in4,$twk3 2772 vxor $out4,$in5,$twk4 2773 2774 bl _aesp8_xts_enc5x 2775 2776 le?vperm $out0,$out0,$out0,$leperm 2777 vmr $twk0,$twk5 # unused tweak 2778 le?vperm $out1,$out1,$out1,$leperm 2779 stvx_u $out0,$x00,$out # store output 2780 le?vperm $out2,$out2,$out2,$leperm 2781 stvx_u $out1,$x10,$out 2782 le?vperm $out3,$out3,$out3,$leperm 2783 stvx_u $out2,$x20,$out 2784 vxor $tmp,$out4,$twk5 # last block prep for stealing 2785 le?vperm $out4,$out4,$out4,$leperm 2786 stvx_u $out3,$x30,$out 2787 stvx_u $out4,$x40,$out 2788 addi $out,$out,0x50 2789 bne Lxts_enc6x_steal 2790 b Lxts_enc6x_done 2791 2792.align 4 2793Lxts_enc6x_four: 2794 vxor $out0,$in2,$twk0 2795 vxor $out1,$in3,$twk1 2796 vxor $out2,$in4,$twk2 2797 vxor $out3,$in5,$twk3 2798 vxor $out4,$out4,$out4 2799 2800 bl _aesp8_xts_enc5x 2801 2802 le?vperm $out0,$out0,$out0,$leperm 2803 vmr $twk0,$twk4 # unused tweak 2804 le?vperm $out1,$out1,$out1,$leperm 2805 stvx_u $out0,$x00,$out # store output 2806 le?vperm $out2,$out2,$out2,$leperm 2807 stvx_u $out1,$x10,$out 2808 vxor $tmp,$out3,$twk4 # last block prep for stealing 2809 le?vperm $out3,$out3,$out3,$leperm 2810 stvx_u $out2,$x20,$out 2811 stvx_u $out3,$x30,$out 2812 addi $out,$out,0x40 2813 bne Lxts_enc6x_steal 2814 b Lxts_enc6x_done 2815 2816.align 4 2817Lxts_enc6x_three: 2818 vxor $out0,$in3,$twk0 2819 vxor $out1,$in4,$twk1 2820 vxor $out2,$in5,$twk2 2821 vxor $out3,$out3,$out3 2822 vxor $out4,$out4,$out4 2823 2824 bl _aesp8_xts_enc5x 2825 2826 le?vperm $out0,$out0,$out0,$leperm 2827 vmr $twk0,$twk3 # unused tweak 2828 le?vperm $out1,$out1,$out1,$leperm 2829 stvx_u $out0,$x00,$out # store output 2830 vxor $tmp,$out2,$twk3 # last block prep for stealing 2831 le?vperm $out2,$out2,$out2,$leperm 2832 stvx_u $out1,$x10,$out 2833 stvx_u $out2,$x20,$out 2834 addi $out,$out,0x30 2835 bne Lxts_enc6x_steal 2836 b Lxts_enc6x_done 2837 2838.align 4 2839Lxts_enc6x_two: 2840 vxor $out0,$in4,$twk0 2841 vxor $out1,$in5,$twk1 2842 vxor $out2,$out2,$out2 2843 vxor $out3,$out3,$out3 2844 vxor $out4,$out4,$out4 2845 2846 bl _aesp8_xts_enc5x 2847 2848 le?vperm $out0,$out0,$out0,$leperm 2849 vmr $twk0,$twk2 # unused tweak 2850 vxor $tmp,$out1,$twk2 # last block prep for stealing 2851 le?vperm $out1,$out1,$out1,$leperm 2852 stvx_u $out0,$x00,$out # store output 2853 stvx_u $out1,$x10,$out 2854 addi $out,$out,0x20 2855 bne Lxts_enc6x_steal 2856 b Lxts_enc6x_done 2857 2858.align 4 2859Lxts_enc6x_one: 2860 vxor $out0,$in5,$twk0 2861 nop 2862Loop_xts_enc1x: 2863 vcipher $out0,$out0,v24 2864 lvx v24,$x20,$key_ # round[3] 2865 addi $key_,$key_,0x20 2866 2867 vcipher $out0,$out0,v25 2868 lvx v25,$x10,$key_ # round[4] 2869 bdnz Loop_xts_enc1x 2870 2871 add $inp,$inp,$taillen 2872 cmpwi $taillen,0 2873 vcipher $out0,$out0,v24 2874 2875 subi $inp,$inp,16 2876 vcipher $out0,$out0,v25 2877 2878 lvsr $inpperm,0,$taillen 2879 vcipher $out0,$out0,v26 2880 2881 lvx_u $in0,0,$inp 2882 vcipher $out0,$out0,v27 2883 2884 addi $key_,$sp,$FRAME+15 # rewind $key_ 2885 vcipher $out0,$out0,v28 2886 lvx v24,$x00,$key_ # re-pre-load round[1] 2887 2888 vcipher $out0,$out0,v29 2889 lvx v25,$x10,$key_ # re-pre-load round[2] 2890 vxor $twk0,$twk0,v31 2891 2892 le?vperm $in0,$in0,$in0,$leperm 2893 vcipher $out0,$out0,v30 2894 2895 vperm $in0,$in0,$in0,$inpperm 2896 vcipherlast $out0,$out0,$twk0 2897 2898 vmr $twk0,$twk1 # unused tweak 2899 vxor $tmp,$out0,$twk1 # last block prep for stealing 2900 le?vperm $out0,$out0,$out0,$leperm 2901 stvx_u $out0,$x00,$out # store output 2902 addi $out,$out,0x10 2903 bne Lxts_enc6x_steal 2904 b Lxts_enc6x_done 2905 2906.align 4 2907Lxts_enc6x_zero: 2908 cmpwi $taillen,0 2909 beq Lxts_enc6x_done 2910 2911 add $inp,$inp,$taillen 2912 subi $inp,$inp,16 2913 lvx_u $in0,0,$inp 2914 lvsr $inpperm,0,$taillen # $in5 is no more 2915 le?vperm $in0,$in0,$in0,$leperm 2916 vperm $in0,$in0,$in0,$inpperm 2917 vxor $tmp,$tmp,$twk0 2918Lxts_enc6x_steal: 2919 vxor $in0,$in0,$twk0 2920 vxor $out0,$out0,$out0 2921 vspltisb $out1,-1 2922 vperm $out0,$out0,$out1,$inpperm 2923 vsel $out0,$in0,$tmp,$out0 # $tmp is last block, remember? 2924 2925 subi r30,$out,17 2926 subi $out,$out,16 2927 mtctr $taillen 2928Loop_xts_enc6x_steal: 2929 lbzu r0,1(r30) 2930 stb r0,16(r30) 2931 bdnz Loop_xts_enc6x_steal 2932 2933 li $taillen,0 2934 mtctr $rounds 2935 b Loop_xts_enc1x # one more time... 2936 2937.align 4 2938Lxts_enc6x_done: 2939 ${UCMP}i $ivp,0 2940 beq Lxts_enc6x_ret 2941 2942 vxor $tweak,$twk0,$rndkey0 2943 le?vperm $tweak,$tweak,$tweak,$leperm 2944 stvx_u $tweak,0,$ivp 2945 2946Lxts_enc6x_ret: 2947 mtlr r11 2948 li r10,`$FRAME+15` 2949 li r11,`$FRAME+31` 2950 stvx $seven,r10,$sp # wipe copies of round keys 2951 addi r10,r10,32 2952 stvx $seven,r11,$sp 2953 addi r11,r11,32 2954 stvx $seven,r10,$sp 2955 addi r10,r10,32 2956 stvx $seven,r11,$sp 2957 addi r11,r11,32 2958 stvx $seven,r10,$sp 2959 addi r10,r10,32 2960 stvx $seven,r11,$sp 2961 addi r11,r11,32 2962 stvx $seven,r10,$sp 2963 addi r10,r10,32 2964 stvx $seven,r11,$sp 2965 addi r11,r11,32 2966 2967 mtspr 256,$vrsave 2968 lvx v20,r10,$sp # ABI says so 2969 addi r10,r10,32 2970 lvx v21,r11,$sp 2971 addi r11,r11,32 2972 lvx v22,r10,$sp 2973 addi r10,r10,32 2974 lvx v23,r11,$sp 2975 addi r11,r11,32 2976 lvx v24,r10,$sp 2977 addi r10,r10,32 2978 lvx v25,r11,$sp 2979 addi r11,r11,32 2980 lvx v26,r10,$sp 2981 addi r10,r10,32 2982 lvx v27,r11,$sp 2983 addi r11,r11,32 2984 lvx v28,r10,$sp 2985 addi r10,r10,32 2986 lvx v29,r11,$sp 2987 addi r11,r11,32 2988 lvx v30,r10,$sp 2989 lvx v31,r11,$sp 2990 $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) 2991 $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) 2992 $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) 2993 $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) 2994 $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) 2995 $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) 2996 addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` 2997 blr 2998 .long 0 2999 .byte 0,12,0x04,1,0x80,6,6,0 3000 .long 0 3001 3002.align 5 3003_aesp8_xts_enc5x: 3004 vcipher $out0,$out0,v24 3005 vcipher $out1,$out1,v24 3006 vcipher $out2,$out2,v24 3007 vcipher $out3,$out3,v24 3008 vcipher $out4,$out4,v24 3009 lvx v24,$x20,$key_ # round[3] 3010 addi $key_,$key_,0x20 3011 3012 vcipher $out0,$out0,v25 3013 vcipher $out1,$out1,v25 3014 vcipher $out2,$out2,v25 3015 vcipher $out3,$out3,v25 3016 vcipher $out4,$out4,v25 3017 lvx v25,$x10,$key_ # round[4] 3018 bdnz _aesp8_xts_enc5x 3019 3020 add $inp,$inp,$taillen 3021 cmpwi $taillen,0 3022 vcipher $out0,$out0,v24 3023 vcipher $out1,$out1,v24 3024 vcipher $out2,$out2,v24 3025 vcipher $out3,$out3,v24 3026 vcipher $out4,$out4,v24 3027 3028 subi $inp,$inp,16 3029 vcipher $out0,$out0,v25 3030 vcipher $out1,$out1,v25 3031 vcipher $out2,$out2,v25 3032 vcipher $out3,$out3,v25 3033 vcipher $out4,$out4,v25 3034 vxor $twk0,$twk0,v31 3035 3036 vcipher $out0,$out0,v26 3037 lvsr $inpperm,r0,$taillen # $in5 is no more 3038 vcipher $out1,$out1,v26 3039 vcipher $out2,$out2,v26 3040 vcipher $out3,$out3,v26 3041 vcipher $out4,$out4,v26 3042 vxor $in1,$twk1,v31 3043 3044 vcipher $out0,$out0,v27 3045 lvx_u $in0,0,$inp 3046 vcipher $out1,$out1,v27 3047 vcipher $out2,$out2,v27 3048 vcipher $out3,$out3,v27 3049 vcipher $out4,$out4,v27 3050 vxor $in2,$twk2,v31 3051 3052 addi $key_,$sp,$FRAME+15 # rewind $key_ 3053 vcipher $out0,$out0,v28 3054 vcipher $out1,$out1,v28 3055 vcipher $out2,$out2,v28 3056 vcipher $out3,$out3,v28 3057 vcipher $out4,$out4,v28 3058 lvx v24,$x00,$key_ # re-pre-load round[1] 3059 vxor $in3,$twk3,v31 3060 3061 vcipher $out0,$out0,v29 3062 le?vperm $in0,$in0,$in0,$leperm 3063 vcipher $out1,$out1,v29 3064 vcipher $out2,$out2,v29 3065 vcipher $out3,$out3,v29 3066 vcipher $out4,$out4,v29 3067 lvx v25,$x10,$key_ # re-pre-load round[2] 3068 vxor $in4,$twk4,v31 3069 3070 vcipher $out0,$out0,v30 3071 vperm $in0,$in0,$in0,$inpperm 3072 vcipher $out1,$out1,v30 3073 vcipher $out2,$out2,v30 3074 vcipher $out3,$out3,v30 3075 vcipher $out4,$out4,v30 3076 3077 vcipherlast $out0,$out0,$twk0 3078 vcipherlast $out1,$out1,$in1 3079 vcipherlast $out2,$out2,$in2 3080 vcipherlast $out3,$out3,$in3 3081 vcipherlast $out4,$out4,$in4 3082 blr 3083 .long 0 3084 .byte 0,12,0x14,0,0,0,0,0 3085 3086.align 5 3087_aesp8_xts_decrypt6x: 3088 $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) 3089 mflr r11 3090 li r7,`$FRAME+8*16+15` 3091 li r3,`$FRAME+8*16+31` 3092 $PUSH r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp) 3093 stvx v20,r7,$sp # ABI says so 3094 addi r7,r7,32 3095 stvx v21,r3,$sp 3096 addi r3,r3,32 3097 stvx v22,r7,$sp 3098 addi r7,r7,32 3099 stvx v23,r3,$sp 3100 addi r3,r3,32 3101 stvx v24,r7,$sp 3102 addi r7,r7,32 3103 stvx v25,r3,$sp 3104 addi r3,r3,32 3105 stvx v26,r7,$sp 3106 addi r7,r7,32 3107 stvx v27,r3,$sp 3108 addi r3,r3,32 3109 stvx v28,r7,$sp 3110 addi r7,r7,32 3111 stvx v29,r3,$sp 3112 addi r3,r3,32 3113 stvx v30,r7,$sp 3114 stvx v31,r3,$sp 3115 li r0,-1 3116 stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave 3117 li $x10,0x10 3118 $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) 3119 li $x20,0x20 3120 $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) 3121 li $x30,0x30 3122 $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) 3123 li $x40,0x40 3124 $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) 3125 li $x50,0x50 3126 $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) 3127 li $x60,0x60 3128 $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) 3129 li $x70,0x70 3130 mtspr 256,r0 3131 3132 subi $rounds,$rounds,3 # -4 in total 3133 3134 lvx $rndkey0,$x00,$key1 # load key schedule 3135 lvx v30,$x10,$key1 3136 addi $key1,$key1,0x20 3137 lvx v31,$x00,$key1 3138 ?vperm $rndkey0,$rndkey0,v30,$keyperm 3139 addi $key_,$sp,$FRAME+15 3140 mtctr $rounds 3141 3142Load_xts_dec_key: 3143 ?vperm v24,v30,v31,$keyperm 3144 lvx v30,$x10,$key1 3145 addi $key1,$key1,0x20 3146 stvx v24,$x00,$key_ # off-load round[1] 3147 ?vperm v25,v31,v30,$keyperm 3148 lvx v31,$x00,$key1 3149 stvx v25,$x10,$key_ # off-load round[2] 3150 addi $key_,$key_,0x20 3151 bdnz Load_xts_dec_key 3152 3153 lvx v26,$x10,$key1 3154 ?vperm v24,v30,v31,$keyperm 3155 lvx v27,$x20,$key1 3156 stvx v24,$x00,$key_ # off-load round[3] 3157 ?vperm v25,v31,v26,$keyperm 3158 lvx v28,$x30,$key1 3159 stvx v25,$x10,$key_ # off-load round[4] 3160 addi $key_,$sp,$FRAME+15 # rewind $key_ 3161 ?vperm v26,v26,v27,$keyperm 3162 lvx v29,$x40,$key1 3163 ?vperm v27,v27,v28,$keyperm 3164 lvx v30,$x50,$key1 3165 ?vperm v28,v28,v29,$keyperm 3166 lvx v31,$x60,$key1 3167 ?vperm v29,v29,v30,$keyperm 3168 lvx $twk5,$x70,$key1 # borrow $twk5 3169 ?vperm v30,v30,v31,$keyperm 3170 lvx v24,$x00,$key_ # pre-load round[1] 3171 ?vperm v31,v31,$twk5,$keyperm 3172 lvx v25,$x10,$key_ # pre-load round[2] 3173 3174 vperm $in0,$inout,$inptail,$inpperm 3175 subi $inp,$inp,31 # undo "caller" 3176 vxor $twk0,$tweak,$rndkey0 3177 vsrab $tmp,$tweak,$seven # next tweak value 3178 vaddubm $tweak,$tweak,$tweak 3179 vsldoi $tmp,$tmp,$tmp,15 3180 vand $tmp,$tmp,$eighty7 3181 vxor $out0,$in0,$twk0 3182 vxor $tweak,$tweak,$tmp 3183 3184 lvx_u $in1,$x10,$inp 3185 vxor $twk1,$tweak,$rndkey0 3186 vsrab $tmp,$tweak,$seven # next tweak value 3187 vaddubm $tweak,$tweak,$tweak 3188 vsldoi $tmp,$tmp,$tmp,15 3189 le?vperm $in1,$in1,$in1,$leperm 3190 vand $tmp,$tmp,$eighty7 3191 vxor $out1,$in1,$twk1 3192 vxor $tweak,$tweak,$tmp 3193 3194 lvx_u $in2,$x20,$inp 3195 andi. $taillen,$len,15 3196 vxor $twk2,$tweak,$rndkey0 3197 vsrab $tmp,$tweak,$seven # next tweak value 3198 vaddubm $tweak,$tweak,$tweak 3199 vsldoi $tmp,$tmp,$tmp,15 3200 le?vperm $in2,$in2,$in2,$leperm 3201 vand $tmp,$tmp,$eighty7 3202 vxor $out2,$in2,$twk2 3203 vxor $tweak,$tweak,$tmp 3204 3205 lvx_u $in3,$x30,$inp 3206 sub $len,$len,$taillen 3207 vxor $twk3,$tweak,$rndkey0 3208 vsrab $tmp,$tweak,$seven # next tweak value 3209 vaddubm $tweak,$tweak,$tweak 3210 vsldoi $tmp,$tmp,$tmp,15 3211 le?vperm $in3,$in3,$in3,$leperm 3212 vand $tmp,$tmp,$eighty7 3213 vxor $out3,$in3,$twk3 3214 vxor $tweak,$tweak,$tmp 3215 3216 lvx_u $in4,$x40,$inp 3217 subi $len,$len,0x60 3218 vxor $twk4,$tweak,$rndkey0 3219 vsrab $tmp,$tweak,$seven # next tweak value 3220 vaddubm $tweak,$tweak,$tweak 3221 vsldoi $tmp,$tmp,$tmp,15 3222 le?vperm $in4,$in4,$in4,$leperm 3223 vand $tmp,$tmp,$eighty7 3224 vxor $out4,$in4,$twk4 3225 vxor $tweak,$tweak,$tmp 3226 3227 lvx_u $in5,$x50,$inp 3228 addi $inp,$inp,0x60 3229 vxor $twk5,$tweak,$rndkey0 3230 vsrab $tmp,$tweak,$seven # next tweak value 3231 vaddubm $tweak,$tweak,$tweak 3232 vsldoi $tmp,$tmp,$tmp,15 3233 le?vperm $in5,$in5,$in5,$leperm 3234 vand $tmp,$tmp,$eighty7 3235 vxor $out5,$in5,$twk5 3236 vxor $tweak,$tweak,$tmp 3237 3238 vxor v31,v31,$rndkey0 3239 mtctr $rounds 3240 b Loop_xts_dec6x 3241 3242.align 5 3243Loop_xts_dec6x: 3244 vncipher $out0,$out0,v24 3245 vncipher $out1,$out1,v24 3246 vncipher $out2,$out2,v24 3247 vncipher $out3,$out3,v24 3248 vncipher $out4,$out4,v24 3249 vncipher $out5,$out5,v24 3250 lvx v24,$x20,$key_ # round[3] 3251 addi $key_,$key_,0x20 3252 3253 vncipher $out0,$out0,v25 3254 vncipher $out1,$out1,v25 3255 vncipher $out2,$out2,v25 3256 vncipher $out3,$out3,v25 3257 vncipher $out4,$out4,v25 3258 vncipher $out5,$out5,v25 3259 lvx v25,$x10,$key_ # round[4] 3260 bdnz Loop_xts_dec6x 3261 3262 subic $len,$len,96 # $len-=96 3263 vxor $in0,$twk0,v31 # xor with last round key 3264 vncipher $out0,$out0,v24 3265 vncipher $out1,$out1,v24 3266 vsrab $tmp,$tweak,$seven # next tweak value 3267 vxor $twk0,$tweak,$rndkey0 3268 vaddubm $tweak,$tweak,$tweak 3269 vncipher $out2,$out2,v24 3270 vncipher $out3,$out3,v24 3271 vsldoi $tmp,$tmp,$tmp,15 3272 vncipher $out4,$out4,v24 3273 vncipher $out5,$out5,v24 3274 3275 subfe. r0,r0,r0 # borrow?-1:0 3276 vand $tmp,$tmp,$eighty7 3277 vncipher $out0,$out0,v25 3278 vncipher $out1,$out1,v25 3279 vxor $tweak,$tweak,$tmp 3280 vncipher $out2,$out2,v25 3281 vncipher $out3,$out3,v25 3282 vxor $in1,$twk1,v31 3283 vsrab $tmp,$tweak,$seven # next tweak value 3284 vxor $twk1,$tweak,$rndkey0 3285 vncipher $out4,$out4,v25 3286 vncipher $out5,$out5,v25 3287 3288 and r0,r0,$len 3289 vaddubm $tweak,$tweak,$tweak 3290 vsldoi $tmp,$tmp,$tmp,15 3291 vncipher $out0,$out0,v26 3292 vncipher $out1,$out1,v26 3293 vand $tmp,$tmp,$eighty7 3294 vncipher $out2,$out2,v26 3295 vncipher $out3,$out3,v26 3296 vxor $tweak,$tweak,$tmp 3297 vncipher $out4,$out4,v26 3298 vncipher $out5,$out5,v26 3299 3300 add $inp,$inp,r0 # $inp is adjusted in such 3301 # way that at exit from the 3302 # loop inX-in5 are loaded 3303 # with last "words" 3304 vxor $in2,$twk2,v31 3305 vsrab $tmp,$tweak,$seven # next tweak value 3306 vxor $twk2,$tweak,$rndkey0 3307 vaddubm $tweak,$tweak,$tweak 3308 vncipher $out0,$out0,v27 3309 vncipher $out1,$out1,v27 3310 vsldoi $tmp,$tmp,$tmp,15 3311 vncipher $out2,$out2,v27 3312 vncipher $out3,$out3,v27 3313 vand $tmp,$tmp,$eighty7 3314 vncipher $out4,$out4,v27 3315 vncipher $out5,$out5,v27 3316 3317 addi $key_,$sp,$FRAME+15 # rewind $key_ 3318 vxor $tweak,$tweak,$tmp 3319 vncipher $out0,$out0,v28 3320 vncipher $out1,$out1,v28 3321 vxor $in3,$twk3,v31 3322 vsrab $tmp,$tweak,$seven # next tweak value 3323 vxor $twk3,$tweak,$rndkey0 3324 vncipher $out2,$out2,v28 3325 vncipher $out3,$out3,v28 3326 vaddubm $tweak,$tweak,$tweak 3327 vsldoi $tmp,$tmp,$tmp,15 3328 vncipher $out4,$out4,v28 3329 vncipher $out5,$out5,v28 3330 lvx v24,$x00,$key_ # re-pre-load round[1] 3331 vand $tmp,$tmp,$eighty7 3332 3333 vncipher $out0,$out0,v29 3334 vncipher $out1,$out1,v29 3335 vxor $tweak,$tweak,$tmp 3336 vncipher $out2,$out2,v29 3337 vncipher $out3,$out3,v29 3338 vxor $in4,$twk4,v31 3339 vsrab $tmp,$tweak,$seven # next tweak value 3340 vxor $twk4,$tweak,$rndkey0 3341 vncipher $out4,$out4,v29 3342 vncipher $out5,$out5,v29 3343 lvx v25,$x10,$key_ # re-pre-load round[2] 3344 vaddubm $tweak,$tweak,$tweak 3345 vsldoi $tmp,$tmp,$tmp,15 3346 3347 vncipher $out0,$out0,v30 3348 vncipher $out1,$out1,v30 3349 vand $tmp,$tmp,$eighty7 3350 vncipher $out2,$out2,v30 3351 vncipher $out3,$out3,v30 3352 vxor $tweak,$tweak,$tmp 3353 vncipher $out4,$out4,v30 3354 vncipher $out5,$out5,v30 3355 vxor $in5,$twk5,v31 3356 vsrab $tmp,$tweak,$seven # next tweak value 3357 vxor $twk5,$tweak,$rndkey0 3358 3359 vncipherlast $out0,$out0,$in0 3360 lvx_u $in0,$x00,$inp # load next input block 3361 vaddubm $tweak,$tweak,$tweak 3362 vsldoi $tmp,$tmp,$tmp,15 3363 vncipherlast $out1,$out1,$in1 3364 lvx_u $in1,$x10,$inp 3365 vncipherlast $out2,$out2,$in2 3366 le?vperm $in0,$in0,$in0,$leperm 3367 lvx_u $in2,$x20,$inp 3368 vand $tmp,$tmp,$eighty7 3369 vncipherlast $out3,$out3,$in3 3370 le?vperm $in1,$in1,$in1,$leperm 3371 lvx_u $in3,$x30,$inp 3372 vncipherlast $out4,$out4,$in4 3373 le?vperm $in2,$in2,$in2,$leperm 3374 lvx_u $in4,$x40,$inp 3375 vxor $tweak,$tweak,$tmp 3376 vncipherlast $out5,$out5,$in5 3377 le?vperm $in3,$in3,$in3,$leperm 3378 lvx_u $in5,$x50,$inp 3379 addi $inp,$inp,0x60 3380 le?vperm $in4,$in4,$in4,$leperm 3381 le?vperm $in5,$in5,$in5,$leperm 3382 3383 le?vperm $out0,$out0,$out0,$leperm 3384 le?vperm $out1,$out1,$out1,$leperm 3385 stvx_u $out0,$x00,$out # store output 3386 vxor $out0,$in0,$twk0 3387 le?vperm $out2,$out2,$out2,$leperm 3388 stvx_u $out1,$x10,$out 3389 vxor $out1,$in1,$twk1 3390 le?vperm $out3,$out3,$out3,$leperm 3391 stvx_u $out2,$x20,$out 3392 vxor $out2,$in2,$twk2 3393 le?vperm $out4,$out4,$out4,$leperm 3394 stvx_u $out3,$x30,$out 3395 vxor $out3,$in3,$twk3 3396 le?vperm $out5,$out5,$out5,$leperm 3397 stvx_u $out4,$x40,$out 3398 vxor $out4,$in4,$twk4 3399 stvx_u $out5,$x50,$out 3400 vxor $out5,$in5,$twk5 3401 addi $out,$out,0x60 3402 3403 mtctr $rounds 3404 beq Loop_xts_dec6x # did $len-=96 borrow? 3405 3406 addic. $len,$len,0x60 3407 beq Lxts_dec6x_zero 3408 cmpwi $len,0x20 3409 blt Lxts_dec6x_one 3410 nop 3411 beq Lxts_dec6x_two 3412 cmpwi $len,0x40 3413 blt Lxts_dec6x_three 3414 nop 3415 beq Lxts_dec6x_four 3416 3417Lxts_dec6x_five: 3418 vxor $out0,$in1,$twk0 3419 vxor $out1,$in2,$twk1 3420 vxor $out2,$in3,$twk2 3421 vxor $out3,$in4,$twk3 3422 vxor $out4,$in5,$twk4 3423 3424 bl _aesp8_xts_dec5x 3425 3426 le?vperm $out0,$out0,$out0,$leperm 3427 vmr $twk0,$twk5 # unused tweak 3428 vxor $twk1,$tweak,$rndkey0 3429 le?vperm $out1,$out1,$out1,$leperm 3430 stvx_u $out0,$x00,$out # store output 3431 vxor $out0,$in0,$twk1 3432 le?vperm $out2,$out2,$out2,$leperm 3433 stvx_u $out1,$x10,$out 3434 le?vperm $out3,$out3,$out3,$leperm 3435 stvx_u $out2,$x20,$out 3436 le?vperm $out4,$out4,$out4,$leperm 3437 stvx_u $out3,$x30,$out 3438 stvx_u $out4,$x40,$out 3439 addi $out,$out,0x50 3440 bne Lxts_dec6x_steal 3441 b Lxts_dec6x_done 3442 3443.align 4 3444Lxts_dec6x_four: 3445 vxor $out0,$in2,$twk0 3446 vxor $out1,$in3,$twk1 3447 vxor $out2,$in4,$twk2 3448 vxor $out3,$in5,$twk3 3449 vxor $out4,$out4,$out4 3450 3451 bl _aesp8_xts_dec5x 3452 3453 le?vperm $out0,$out0,$out0,$leperm 3454 vmr $twk0,$twk4 # unused tweak 3455 vmr $twk1,$twk5 3456 le?vperm $out1,$out1,$out1,$leperm 3457 stvx_u $out0,$x00,$out # store output 3458 vxor $out0,$in0,$twk5 3459 le?vperm $out2,$out2,$out2,$leperm 3460 stvx_u $out1,$x10,$out 3461 le?vperm $out3,$out3,$out3,$leperm 3462 stvx_u $out2,$x20,$out 3463 stvx_u $out3,$x30,$out 3464 addi $out,$out,0x40 3465 bne Lxts_dec6x_steal 3466 b Lxts_dec6x_done 3467 3468.align 4 3469Lxts_dec6x_three: 3470 vxor $out0,$in3,$twk0 3471 vxor $out1,$in4,$twk1 3472 vxor $out2,$in5,$twk2 3473 vxor $out3,$out3,$out3 3474 vxor $out4,$out4,$out4 3475 3476 bl _aesp8_xts_dec5x 3477 3478 le?vperm $out0,$out0,$out0,$leperm 3479 vmr $twk0,$twk3 # unused tweak 3480 vmr $twk1,$twk4 3481 le?vperm $out1,$out1,$out1,$leperm 3482 stvx_u $out0,$x00,$out # store output 3483 vxor $out0,$in0,$twk4 3484 le?vperm $out2,$out2,$out2,$leperm 3485 stvx_u $out1,$x10,$out 3486 stvx_u $out2,$x20,$out 3487 addi $out,$out,0x30 3488 bne Lxts_dec6x_steal 3489 b Lxts_dec6x_done 3490 3491.align 4 3492Lxts_dec6x_two: 3493 vxor $out0,$in4,$twk0 3494 vxor $out1,$in5,$twk1 3495 vxor $out2,$out2,$out2 3496 vxor $out3,$out3,$out3 3497 vxor $out4,$out4,$out4 3498 3499 bl _aesp8_xts_dec5x 3500 3501 le?vperm $out0,$out0,$out0,$leperm 3502 vmr $twk0,$twk2 # unused tweak 3503 vmr $twk1,$twk3 3504 le?vperm $out1,$out1,$out1,$leperm 3505 stvx_u $out0,$x00,$out # store output 3506 vxor $out0,$in0,$twk3 3507 stvx_u $out1,$x10,$out 3508 addi $out,$out,0x20 3509 bne Lxts_dec6x_steal 3510 b Lxts_dec6x_done 3511 3512.align 4 3513Lxts_dec6x_one: 3514 vxor $out0,$in5,$twk0 3515 nop 3516Loop_xts_dec1x: 3517 vncipher $out0,$out0,v24 3518 lvx v24,$x20,$key_ # round[3] 3519 addi $key_,$key_,0x20 3520 3521 vncipher $out0,$out0,v25 3522 lvx v25,$x10,$key_ # round[4] 3523 bdnz Loop_xts_dec1x 3524 3525 subi r0,$taillen,1 3526 vncipher $out0,$out0,v24 3527 3528 andi. r0,r0,16 3529 cmpwi $taillen,0 3530 vncipher $out0,$out0,v25 3531 3532 sub $inp,$inp,r0 3533 vncipher $out0,$out0,v26 3534 3535 lvx_u $in0,0,$inp 3536 vncipher $out0,$out0,v27 3537 3538 addi $key_,$sp,$FRAME+15 # rewind $key_ 3539 vncipher $out0,$out0,v28 3540 lvx v24,$x00,$key_ # re-pre-load round[1] 3541 3542 vncipher $out0,$out0,v29 3543 lvx v25,$x10,$key_ # re-pre-load round[2] 3544 vxor $twk0,$twk0,v31 3545 3546 le?vperm $in0,$in0,$in0,$leperm 3547 vncipher $out0,$out0,v30 3548 3549 mtctr $rounds 3550 vncipherlast $out0,$out0,$twk0 3551 3552 vmr $twk0,$twk1 # unused tweak 3553 vmr $twk1,$twk2 3554 le?vperm $out0,$out0,$out0,$leperm 3555 stvx_u $out0,$x00,$out # store output 3556 addi $out,$out,0x10 3557 vxor $out0,$in0,$twk2 3558 bne Lxts_dec6x_steal 3559 b Lxts_dec6x_done 3560 3561.align 4 3562Lxts_dec6x_zero: 3563 cmpwi $taillen,0 3564 beq Lxts_dec6x_done 3565 3566 lvx_u $in0,0,$inp 3567 le?vperm $in0,$in0,$in0,$leperm 3568 vxor $out0,$in0,$twk1 3569Lxts_dec6x_steal: 3570 vncipher $out0,$out0,v24 3571 lvx v24,$x20,$key_ # round[3] 3572 addi $key_,$key_,0x20 3573 3574 vncipher $out0,$out0,v25 3575 lvx v25,$x10,$key_ # round[4] 3576 bdnz Lxts_dec6x_steal 3577 3578 add $inp,$inp,$taillen 3579 vncipher $out0,$out0,v24 3580 3581 cmpwi $taillen,0 3582 vncipher $out0,$out0,v25 3583 3584 lvx_u $in0,0,$inp 3585 vncipher $out0,$out0,v26 3586 3587 lvsr $inpperm,0,$taillen # $in5 is no more 3588 vncipher $out0,$out0,v27 3589 3590 addi $key_,$sp,$FRAME+15 # rewind $key_ 3591 vncipher $out0,$out0,v28 3592 lvx v24,$x00,$key_ # re-pre-load round[1] 3593 3594 vncipher $out0,$out0,v29 3595 lvx v25,$x10,$key_ # re-pre-load round[2] 3596 vxor $twk1,$twk1,v31 3597 3598 le?vperm $in0,$in0,$in0,$leperm 3599 vncipher $out0,$out0,v30 3600 3601 vperm $in0,$in0,$in0,$inpperm 3602 vncipherlast $tmp,$out0,$twk1 3603 3604 le?vperm $out0,$tmp,$tmp,$leperm 3605 le?stvx_u $out0,0,$out 3606 be?stvx_u $tmp,0,$out 3607 3608 vxor $out0,$out0,$out0 3609 vspltisb $out1,-1 3610 vperm $out0,$out0,$out1,$inpperm 3611 vsel $out0,$in0,$tmp,$out0 3612 vxor $out0,$out0,$twk0 3613 3614 subi r30,$out,1 3615 mtctr $taillen 3616Loop_xts_dec6x_steal: 3617 lbzu r0,1(r30) 3618 stb r0,16(r30) 3619 bdnz Loop_xts_dec6x_steal 3620 3621 li $taillen,0 3622 mtctr $rounds 3623 b Loop_xts_dec1x # one more time... 3624 3625.align 4 3626Lxts_dec6x_done: 3627 ${UCMP}i $ivp,0 3628 beq Lxts_dec6x_ret 3629 3630 vxor $tweak,$twk0,$rndkey0 3631 le?vperm $tweak,$tweak,$tweak,$leperm 3632 stvx_u $tweak,0,$ivp 3633 3634Lxts_dec6x_ret: 3635 mtlr r11 3636 li r10,`$FRAME+15` 3637 li r11,`$FRAME+31` 3638 stvx $seven,r10,$sp # wipe copies of round keys 3639 addi r10,r10,32 3640 stvx $seven,r11,$sp 3641 addi r11,r11,32 3642 stvx $seven,r10,$sp 3643 addi r10,r10,32 3644 stvx $seven,r11,$sp 3645 addi r11,r11,32 3646 stvx $seven,r10,$sp 3647 addi r10,r10,32 3648 stvx $seven,r11,$sp 3649 addi r11,r11,32 3650 stvx $seven,r10,$sp 3651 addi r10,r10,32 3652 stvx $seven,r11,$sp 3653 addi r11,r11,32 3654 3655 mtspr 256,$vrsave 3656 lvx v20,r10,$sp # ABI says so 3657 addi r10,r10,32 3658 lvx v21,r11,$sp 3659 addi r11,r11,32 3660 lvx v22,r10,$sp 3661 addi r10,r10,32 3662 lvx v23,r11,$sp 3663 addi r11,r11,32 3664 lvx v24,r10,$sp 3665 addi r10,r10,32 3666 lvx v25,r11,$sp 3667 addi r11,r11,32 3668 lvx v26,r10,$sp 3669 addi r10,r10,32 3670 lvx v27,r11,$sp 3671 addi r11,r11,32 3672 lvx v28,r10,$sp 3673 addi r10,r10,32 3674 lvx v29,r11,$sp 3675 addi r11,r11,32 3676 lvx v30,r10,$sp 3677 lvx v31,r11,$sp 3678 $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) 3679 $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) 3680 $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) 3681 $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) 3682 $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) 3683 $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) 3684 addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` 3685 blr 3686 .long 0 3687 .byte 0,12,0x04,1,0x80,6,6,0 3688 .long 0 3689 3690.align 5 3691_aesp8_xts_dec5x: 3692 vncipher $out0,$out0,v24 3693 vncipher $out1,$out1,v24 3694 vncipher $out2,$out2,v24 3695 vncipher $out3,$out3,v24 3696 vncipher $out4,$out4,v24 3697 lvx v24,$x20,$key_ # round[3] 3698 addi $key_,$key_,0x20 3699 3700 vncipher $out0,$out0,v25 3701 vncipher $out1,$out1,v25 3702 vncipher $out2,$out2,v25 3703 vncipher $out3,$out3,v25 3704 vncipher $out4,$out4,v25 3705 lvx v25,$x10,$key_ # round[4] 3706 bdnz _aesp8_xts_dec5x 3707 3708 subi r0,$taillen,1 3709 vncipher $out0,$out0,v24 3710 vncipher $out1,$out1,v24 3711 vncipher $out2,$out2,v24 3712 vncipher $out3,$out3,v24 3713 vncipher $out4,$out4,v24 3714 3715 andi. r0,r0,16 3716 cmpwi $taillen,0 3717 vncipher $out0,$out0,v25 3718 vncipher $out1,$out1,v25 3719 vncipher $out2,$out2,v25 3720 vncipher $out3,$out3,v25 3721 vncipher $out4,$out4,v25 3722 vxor $twk0,$twk0,v31 3723 3724 sub $inp,$inp,r0 3725 vncipher $out0,$out0,v26 3726 vncipher $out1,$out1,v26 3727 vncipher $out2,$out2,v26 3728 vncipher $out3,$out3,v26 3729 vncipher $out4,$out4,v26 3730 vxor $in1,$twk1,v31 3731 3732 vncipher $out0,$out0,v27 3733 lvx_u $in0,0,$inp 3734 vncipher $out1,$out1,v27 3735 vncipher $out2,$out2,v27 3736 vncipher $out3,$out3,v27 3737 vncipher $out4,$out4,v27 3738 vxor $in2,$twk2,v31 3739 3740 addi $key_,$sp,$FRAME+15 # rewind $key_ 3741 vncipher $out0,$out0,v28 3742 vncipher $out1,$out1,v28 3743 vncipher $out2,$out2,v28 3744 vncipher $out3,$out3,v28 3745 vncipher $out4,$out4,v28 3746 lvx v24,$x00,$key_ # re-pre-load round[1] 3747 vxor $in3,$twk3,v31 3748 3749 vncipher $out0,$out0,v29 3750 le?vperm $in0,$in0,$in0,$leperm 3751 vncipher $out1,$out1,v29 3752 vncipher $out2,$out2,v29 3753 vncipher $out3,$out3,v29 3754 vncipher $out4,$out4,v29 3755 lvx v25,$x10,$key_ # re-pre-load round[2] 3756 vxor $in4,$twk4,v31 3757 3758 vncipher $out0,$out0,v30 3759 vncipher $out1,$out1,v30 3760 vncipher $out2,$out2,v30 3761 vncipher $out3,$out3,v30 3762 vncipher $out4,$out4,v30 3763 3764 vncipherlast $out0,$out0,$twk0 3765 vncipherlast $out1,$out1,$in1 3766 vncipherlast $out2,$out2,$in2 3767 vncipherlast $out3,$out3,$in3 3768 vncipherlast $out4,$out4,$in4 3769 mtctr $rounds 3770 blr 3771 .long 0 3772 .byte 0,12,0x14,0,0,0,0,0 3773___ 3774}} }}} 3775 3776my $consts=1; 3777foreach(split("\n",$code)) { 3778 s/\`([^\`]*)\`/eval($1)/geo; 3779 3780 # constants table endian-specific conversion 3781 if ($consts && m/\.(long|byte)\s+(.+)\s+(\?[a-z]*)$/o) { 3782 my $conv=$3; 3783 my @bytes=(); 3784 3785 # convert to endian-agnostic format 3786 if ($1 eq "long") { 3787 foreach (split(/,\s*/,$2)) { 3788 my $l = /^0/?oct:int; 3789 push @bytes,($l>>24)&0xff,($l>>16)&0xff,($l>>8)&0xff,$l&0xff; 3790 } 3791 } else { 3792 @bytes = map(/^0/?oct:int,split(/,\s*/,$2)); 3793 } 3794 3795 # little-endian conversion 3796 if ($flavour =~ /le$/o) { 3797 SWITCH: for($conv) { 3798 /\?inv/ && do { @bytes=map($_^0xf,@bytes); last; }; 3799 /\?rev/ && do { @bytes=reverse(@bytes); last; }; 3800 } 3801 } 3802 3803 #emit 3804 print ".byte\t",join(',',map (sprintf("0x%02x",$_),@bytes)),"\n"; 3805 next; 3806 } 3807 $consts=0 if (m/Lconsts:/o); # end of table 3808 3809 # instructions prefixed with '?' are endian-specific and need 3810 # to be adjusted accordingly... 3811 if ($flavour =~ /le$/o) { # little-endian 3812 s/le\?//o or 3813 s/be\?/#be#/o or 3814 s/\?lvsr/lvsl/o or 3815 s/\?lvsl/lvsr/o or 3816 s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/o or 3817 s/\?(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/o or 3818 s/\?(vspltw\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9])/$1$2 3-$3/o; 3819 } else { # big-endian 3820 s/le\?/#le#/o or 3821 s/be\?//o or 3822 s/\?([a-z]+)/$1/o; 3823 } 3824 3825 print $_,"\n"; 3826} 3827 3828close STDOUT; 3829