• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#include <openssl/arm_arch.h>
2
3@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
4@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 PMULL
5@ instructions are in aesv8-armx.pl.)
6
7
8.text
9#if defined(__thumb2__) || defined(__clang__)
10.syntax	unified
11#endif
12#if defined(__thumb2__)
13.thumb
14#else
15.code	32
16#endif
17
18#ifdef  __clang__
19#define ldrplb  ldrbpl
20#define ldrneb  ldrbne
21#endif
22
23
24.align	5
25rem_4bit:
26.short	0x0000,0x1C20,0x3840,0x2460
27.short	0x7080,0x6CA0,0x48C0,0x54E0
28.short	0xE100,0xFD20,0xD940,0xC560
29.short	0x9180,0x8DA0,0xA9C0,0xB5E0
30
31
32#ifdef __thumb2__
33.thumb_func	rem_4bit_get
34#endif
35rem_4bit_get:
36#if defined(__thumb2__)
37	adr	r2,rem_4bit
38#else
39	sub	r2,pc,#8+32	@ &rem_4bit
40#endif
41	b	Lrem_4bit_got
42	nop
43	nop
44
45
46.globl	_gcm_ghash_4bit
47.private_extern	_gcm_ghash_4bit
48#ifdef __thumb2__
49.thumb_func	_gcm_ghash_4bit
50#endif
51.align	4
52_gcm_ghash_4bit:
53#if defined(__thumb2__)
54	adr	r12,rem_4bit
55#else
56	sub	r12,pc,#8+48		@ &rem_4bit
57#endif
58	add	r3,r2,r3		@ r3 to point at the end
59	stmdb	sp!,{r3,r4,r5,r6,r7,r8,r9,r10,r11,lr}		@ save r3/end too
60
61	ldmia	r12,{r4,r5,r6,r7,r8,r9,r10,r11}		@ copy rem_4bit ...
62	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11}		@ ... to stack
63
64	ldrb	r12,[r2,#15]
65	ldrb	r14,[r0,#15]
66Louter:
67	eor	r12,r12,r14
68	and	r14,r12,#0xf0
69	and	r12,r12,#0x0f
70	mov	r3,#14
71
72	add	r7,r1,r12,lsl#4
73	ldmia	r7,{r4,r5,r6,r7}	@ load Htbl[nlo]
74	add	r11,r1,r14
75	ldrb	r12,[r2,#14]
76
77	and	r14,r4,#0xf		@ rem
78	ldmia	r11,{r8,r9,r10,r11}	@ load Htbl[nhi]
79	add	r14,r14,r14
80	eor	r4,r8,r4,lsr#4
81	ldrh	r8,[sp,r14]		@ rem_4bit[rem]
82	eor	r4,r4,r5,lsl#28
83	ldrb	r14,[r0,#14]
84	eor	r5,r9,r5,lsr#4
85	eor	r5,r5,r6,lsl#28
86	eor	r6,r10,r6,lsr#4
87	eor	r6,r6,r7,lsl#28
88	eor	r7,r11,r7,lsr#4
89	eor	r12,r12,r14
90	and	r14,r12,#0xf0
91	and	r12,r12,#0x0f
92	eor	r7,r7,r8,lsl#16
93
94Linner:
95	add	r11,r1,r12,lsl#4
96	and	r12,r4,#0xf		@ rem
97	subs	r3,r3,#1
98	add	r12,r12,r12
99	ldmia	r11,{r8,r9,r10,r11}	@ load Htbl[nlo]
100	eor	r4,r8,r4,lsr#4
101	eor	r4,r4,r5,lsl#28
102	eor	r5,r9,r5,lsr#4
103	eor	r5,r5,r6,lsl#28
104	ldrh	r8,[sp,r12]		@ rem_4bit[rem]
105	eor	r6,r10,r6,lsr#4
106#ifdef	__thumb2__
107	it	pl
108#endif
109	ldrplb	r12,[r2,r3]
110	eor	r6,r6,r7,lsl#28
111	eor	r7,r11,r7,lsr#4
112
113	add	r11,r1,r14
114	and	r14,r4,#0xf		@ rem
115	eor	r7,r7,r8,lsl#16	@ ^= rem_4bit[rem]
116	add	r14,r14,r14
117	ldmia	r11,{r8,r9,r10,r11}	@ load Htbl[nhi]
118	eor	r4,r8,r4,lsr#4
119#ifdef	__thumb2__
120	it	pl
121#endif
122	ldrplb	r8,[r0,r3]
123	eor	r4,r4,r5,lsl#28
124	eor	r5,r9,r5,lsr#4
125	ldrh	r9,[sp,r14]
126	eor	r5,r5,r6,lsl#28
127	eor	r6,r10,r6,lsr#4
128	eor	r6,r6,r7,lsl#28
129#ifdef	__thumb2__
130	it	pl
131#endif
132	eorpl	r12,r12,r8
133	eor	r7,r11,r7,lsr#4
134#ifdef	__thumb2__
135	itt	pl
136#endif
137	andpl	r14,r12,#0xf0
138	andpl	r12,r12,#0x0f
139	eor	r7,r7,r9,lsl#16	@ ^= rem_4bit[rem]
140	bpl	Linner
141
142	ldr	r3,[sp,#32]		@ re-load r3/end
143	add	r2,r2,#16
144	mov	r14,r4
145#if __ARM_ARCH__>=7 && defined(__ARMEL__)
146	rev	r4,r4
147	str	r4,[r0,#12]
148#elif defined(__ARMEB__)
149	str	r4,[r0,#12]
150#else
151	mov	r9,r4,lsr#8
152	strb	r4,[r0,#12+3]
153	mov	r10,r4,lsr#16
154	strb	r9,[r0,#12+2]
155	mov	r11,r4,lsr#24
156	strb	r10,[r0,#12+1]
157	strb	r11,[r0,#12]
158#endif
159	cmp	r2,r3
160#if __ARM_ARCH__>=7 && defined(__ARMEL__)
161	rev	r5,r5
162	str	r5,[r0,#8]
163#elif defined(__ARMEB__)
164	str	r5,[r0,#8]
165#else
166	mov	r9,r5,lsr#8
167	strb	r5,[r0,#8+3]
168	mov	r10,r5,lsr#16
169	strb	r9,[r0,#8+2]
170	mov	r11,r5,lsr#24
171	strb	r10,[r0,#8+1]
172	strb	r11,[r0,#8]
173#endif
174
175#ifdef __thumb2__
176	it	ne
177#endif
178	ldrneb	r12,[r2,#15]
179#if __ARM_ARCH__>=7 && defined(__ARMEL__)
180	rev	r6,r6
181	str	r6,[r0,#4]
182#elif defined(__ARMEB__)
183	str	r6,[r0,#4]
184#else
185	mov	r9,r6,lsr#8
186	strb	r6,[r0,#4+3]
187	mov	r10,r6,lsr#16
188	strb	r9,[r0,#4+2]
189	mov	r11,r6,lsr#24
190	strb	r10,[r0,#4+1]
191	strb	r11,[r0,#4]
192#endif
193
194#if __ARM_ARCH__>=7 && defined(__ARMEL__)
195	rev	r7,r7
196	str	r7,[r0,#0]
197#elif defined(__ARMEB__)
198	str	r7,[r0,#0]
199#else
200	mov	r9,r7,lsr#8
201	strb	r7,[r0,#0+3]
202	mov	r10,r7,lsr#16
203	strb	r9,[r0,#0+2]
204	mov	r11,r7,lsr#24
205	strb	r10,[r0,#0+1]
206	strb	r11,[r0,#0]
207#endif
208
209	bne	Louter
210
211	add	sp,sp,#36
212#if __ARM_ARCH__>=5
213	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc}
214#else
215	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr}
216	tst	lr,#1
217	moveq	pc,lr			@ be binary compatible with V4, yet
218.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
219#endif
220
221
222.globl	_gcm_gmult_4bit
223.private_extern	_gcm_gmult_4bit
224#ifdef __thumb2__
225.thumb_func	_gcm_gmult_4bit
226#endif
227_gcm_gmult_4bit:
228	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr}
229	ldrb	r12,[r0,#15]
230	b	rem_4bit_get
231Lrem_4bit_got:
232	and	r14,r12,#0xf0
233	and	r12,r12,#0x0f
234	mov	r3,#14
235
236	add	r7,r1,r12,lsl#4
237	ldmia	r7,{r4,r5,r6,r7}	@ load Htbl[nlo]
238	ldrb	r12,[r0,#14]
239
240	add	r11,r1,r14
241	and	r14,r4,#0xf		@ rem
242	ldmia	r11,{r8,r9,r10,r11}	@ load Htbl[nhi]
243	add	r14,r14,r14
244	eor	r4,r8,r4,lsr#4
245	ldrh	r8,[r2,r14]	@ rem_4bit[rem]
246	eor	r4,r4,r5,lsl#28
247	eor	r5,r9,r5,lsr#4
248	eor	r5,r5,r6,lsl#28
249	eor	r6,r10,r6,lsr#4
250	eor	r6,r6,r7,lsl#28
251	eor	r7,r11,r7,lsr#4
252	and	r14,r12,#0xf0
253	eor	r7,r7,r8,lsl#16
254	and	r12,r12,#0x0f
255
256Loop:
257	add	r11,r1,r12,lsl#4
258	and	r12,r4,#0xf		@ rem
259	subs	r3,r3,#1
260	add	r12,r12,r12
261	ldmia	r11,{r8,r9,r10,r11}	@ load Htbl[nlo]
262	eor	r4,r8,r4,lsr#4
263	eor	r4,r4,r5,lsl#28
264	eor	r5,r9,r5,lsr#4
265	eor	r5,r5,r6,lsl#28
266	ldrh	r8,[r2,r12]	@ rem_4bit[rem]
267	eor	r6,r10,r6,lsr#4
268#ifdef	__thumb2__
269	it	pl
270#endif
271	ldrplb	r12,[r0,r3]
272	eor	r6,r6,r7,lsl#28
273	eor	r7,r11,r7,lsr#4
274
275	add	r11,r1,r14
276	and	r14,r4,#0xf		@ rem
277	eor	r7,r7,r8,lsl#16	@ ^= rem_4bit[rem]
278	add	r14,r14,r14
279	ldmia	r11,{r8,r9,r10,r11}	@ load Htbl[nhi]
280	eor	r4,r8,r4,lsr#4
281	eor	r4,r4,r5,lsl#28
282	eor	r5,r9,r5,lsr#4
283	ldrh	r8,[r2,r14]	@ rem_4bit[rem]
284	eor	r5,r5,r6,lsl#28
285	eor	r6,r10,r6,lsr#4
286	eor	r6,r6,r7,lsl#28
287	eor	r7,r11,r7,lsr#4
288#ifdef	__thumb2__
289	itt	pl
290#endif
291	andpl	r14,r12,#0xf0
292	andpl	r12,r12,#0x0f
293	eor	r7,r7,r8,lsl#16	@ ^= rem_4bit[rem]
294	bpl	Loop
295#if __ARM_ARCH__>=7 && defined(__ARMEL__)
296	rev	r4,r4
297	str	r4,[r0,#12]
298#elif defined(__ARMEB__)
299	str	r4,[r0,#12]
300#else
301	mov	r9,r4,lsr#8
302	strb	r4,[r0,#12+3]
303	mov	r10,r4,lsr#16
304	strb	r9,[r0,#12+2]
305	mov	r11,r4,lsr#24
306	strb	r10,[r0,#12+1]
307	strb	r11,[r0,#12]
308#endif
309
310#if __ARM_ARCH__>=7 && defined(__ARMEL__)
311	rev	r5,r5
312	str	r5,[r0,#8]
313#elif defined(__ARMEB__)
314	str	r5,[r0,#8]
315#else
316	mov	r9,r5,lsr#8
317	strb	r5,[r0,#8+3]
318	mov	r10,r5,lsr#16
319	strb	r9,[r0,#8+2]
320	mov	r11,r5,lsr#24
321	strb	r10,[r0,#8+1]
322	strb	r11,[r0,#8]
323#endif
324
325#if __ARM_ARCH__>=7 && defined(__ARMEL__)
326	rev	r6,r6
327	str	r6,[r0,#4]
328#elif defined(__ARMEB__)
329	str	r6,[r0,#4]
330#else
331	mov	r9,r6,lsr#8
332	strb	r6,[r0,#4+3]
333	mov	r10,r6,lsr#16
334	strb	r9,[r0,#4+2]
335	mov	r11,r6,lsr#24
336	strb	r10,[r0,#4+1]
337	strb	r11,[r0,#4]
338#endif
339
340#if __ARM_ARCH__>=7 && defined(__ARMEL__)
341	rev	r7,r7
342	str	r7,[r0,#0]
343#elif defined(__ARMEB__)
344	str	r7,[r0,#0]
345#else
346	mov	r9,r7,lsr#8
347	strb	r7,[r0,#0+3]
348	mov	r10,r7,lsr#16
349	strb	r9,[r0,#0+2]
350	mov	r11,r7,lsr#24
351	strb	r10,[r0,#0+1]
352	strb	r11,[r0,#0]
353#endif
354
355#if __ARM_ARCH__>=5
356	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc}
357#else
358	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr}
359	tst	lr,#1
360	moveq	pc,lr			@ be binary compatible with V4, yet
361.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
362#endif
363
364#if __ARM_MAX_ARCH__>=7
365
366
367
368.globl	_gcm_init_neon
369.private_extern	_gcm_init_neon
370#ifdef __thumb2__
371.thumb_func	_gcm_init_neon
372#endif
373.align	4
374_gcm_init_neon:
375	vld1.64	d7,[r1]!		@ load H
376	vmov.i8	q8,#0xe1
377	vld1.64	d6,[r1]
378	vshl.i64	d17,#57
379	vshr.u64	d16,#63		@ t0=0xc2....01
380	vdup.8	q9,d7[7]
381	vshr.u64	d26,d6,#63
382	vshr.s8	q9,#7			@ broadcast carry bit
383	vshl.i64	q3,q3,#1
384	vand	q8,q8,q9
385	vorr	d7,d26		@ H<<<=1
386	veor	q3,q3,q8		@ twisted H
387	vstmia	r0,{q3}
388
389	bx	lr					@ bx lr
390
391
392.globl	_gcm_gmult_neon
393.private_extern	_gcm_gmult_neon
394#ifdef __thumb2__
395.thumb_func	_gcm_gmult_neon
396#endif
397.align	4
398_gcm_gmult_neon:
399	vld1.64	d7,[r0]!		@ load Xi
400	vld1.64	d6,[r0]!
401	vmov.i64	d29,#0x0000ffffffffffff
402	vldmia	r1,{d26,d27}	@ load twisted H
403	vmov.i64	d30,#0x00000000ffffffff
404#ifdef __ARMEL__
405	vrev64.8	q3,q3
406#endif
407	vmov.i64	d31,#0x000000000000ffff
408	veor	d28,d26,d27		@ Karatsuba pre-processing
409	mov	r3,#16
410	b	Lgmult_neon
411
412
413.globl	_gcm_ghash_neon
414.private_extern	_gcm_ghash_neon
415#ifdef __thumb2__
416.thumb_func	_gcm_ghash_neon
417#endif
418.align	4
419_gcm_ghash_neon:
420	vld1.64	d1,[r0]!		@ load Xi
421	vld1.64	d0,[r0]!
422	vmov.i64	d29,#0x0000ffffffffffff
423	vldmia	r1,{d26,d27}	@ load twisted H
424	vmov.i64	d30,#0x00000000ffffffff
425#ifdef __ARMEL__
426	vrev64.8	q0,q0
427#endif
428	vmov.i64	d31,#0x000000000000ffff
429	veor	d28,d26,d27		@ Karatsuba pre-processing
430
431Loop_neon:
432	vld1.64	d7,[r2]!		@ load inp
433	vld1.64	d6,[r2]!
434#ifdef __ARMEL__
435	vrev64.8	q3,q3
436#endif
437	veor	q3,q0			@ inp^=Xi
438Lgmult_neon:
439	vext.8	d16, d26, d26, #1	@ A1
440	vmull.p8	q8, d16, d6		@ F = A1*B
441	vext.8	d0, d6, d6, #1	@ B1
442	vmull.p8	q0, d26, d0		@ E = A*B1
443	vext.8	d18, d26, d26, #2	@ A2
444	vmull.p8	q9, d18, d6		@ H = A2*B
445	vext.8	d22, d6, d6, #2	@ B2
446	vmull.p8	q11, d26, d22		@ G = A*B2
447	vext.8	d20, d26, d26, #3	@ A3
448	veor	q8, q8, q0		@ L = E + F
449	vmull.p8	q10, d20, d6		@ J = A3*B
450	vext.8	d0, d6, d6, #3	@ B3
451	veor	q9, q9, q11		@ M = G + H
452	vmull.p8	q0, d26, d0		@ I = A*B3
453	veor	d16, d16, d17	@ t0 = (L) (P0 + P1) << 8
454	vand	d17, d17, d29
455	vext.8	d22, d6, d6, #4	@ B4
456	veor	d18, d18, d19	@ t1 = (M) (P2 + P3) << 16
457	vand	d19, d19, d30
458	vmull.p8	q11, d26, d22		@ K = A*B4
459	veor	q10, q10, q0		@ N = I + J
460	veor	d16, d16, d17
461	veor	d18, d18, d19
462	veor	d20, d20, d21	@ t2 = (N) (P4 + P5) << 24
463	vand	d21, d21, d31
464	vext.8	q8, q8, q8, #15
465	veor	d22, d22, d23	@ t3 = (K) (P6 + P7) << 32
466	vmov.i64	d23, #0
467	vext.8	q9, q9, q9, #14
468	veor	d20, d20, d21
469	vmull.p8	q0, d26, d6		@ D = A*B
470	vext.8	q11, q11, q11, #12
471	vext.8	q10, q10, q10, #13
472	veor	q8, q8, q9
473	veor	q10, q10, q11
474	veor	q0, q0, q8
475	veor	q0, q0, q10
476	veor	d6,d6,d7	@ Karatsuba pre-processing
477	vext.8	d16, d28, d28, #1	@ A1
478	vmull.p8	q8, d16, d6		@ F = A1*B
479	vext.8	d2, d6, d6, #1	@ B1
480	vmull.p8	q1, d28, d2		@ E = A*B1
481	vext.8	d18, d28, d28, #2	@ A2
482	vmull.p8	q9, d18, d6		@ H = A2*B
483	vext.8	d22, d6, d6, #2	@ B2
484	vmull.p8	q11, d28, d22		@ G = A*B2
485	vext.8	d20, d28, d28, #3	@ A3
486	veor	q8, q8, q1		@ L = E + F
487	vmull.p8	q10, d20, d6		@ J = A3*B
488	vext.8	d2, d6, d6, #3	@ B3
489	veor	q9, q9, q11		@ M = G + H
490	vmull.p8	q1, d28, d2		@ I = A*B3
491	veor	d16, d16, d17	@ t0 = (L) (P0 + P1) << 8
492	vand	d17, d17, d29
493	vext.8	d22, d6, d6, #4	@ B4
494	veor	d18, d18, d19	@ t1 = (M) (P2 + P3) << 16
495	vand	d19, d19, d30
496	vmull.p8	q11, d28, d22		@ K = A*B4
497	veor	q10, q10, q1		@ N = I + J
498	veor	d16, d16, d17
499	veor	d18, d18, d19
500	veor	d20, d20, d21	@ t2 = (N) (P4 + P5) << 24
501	vand	d21, d21, d31
502	vext.8	q8, q8, q8, #15
503	veor	d22, d22, d23	@ t3 = (K) (P6 + P7) << 32
504	vmov.i64	d23, #0
505	vext.8	q9, q9, q9, #14
506	veor	d20, d20, d21
507	vmull.p8	q1, d28, d6		@ D = A*B
508	vext.8	q11, q11, q11, #12
509	vext.8	q10, q10, q10, #13
510	veor	q8, q8, q9
511	veor	q10, q10, q11
512	veor	q1, q1, q8
513	veor	q1, q1, q10
514	vext.8	d16, d27, d27, #1	@ A1
515	vmull.p8	q8, d16, d7		@ F = A1*B
516	vext.8	d4, d7, d7, #1	@ B1
517	vmull.p8	q2, d27, d4		@ E = A*B1
518	vext.8	d18, d27, d27, #2	@ A2
519	vmull.p8	q9, d18, d7		@ H = A2*B
520	vext.8	d22, d7, d7, #2	@ B2
521	vmull.p8	q11, d27, d22		@ G = A*B2
522	vext.8	d20, d27, d27, #3	@ A3
523	veor	q8, q8, q2		@ L = E + F
524	vmull.p8	q10, d20, d7		@ J = A3*B
525	vext.8	d4, d7, d7, #3	@ B3
526	veor	q9, q9, q11		@ M = G + H
527	vmull.p8	q2, d27, d4		@ I = A*B3
528	veor	d16, d16, d17	@ t0 = (L) (P0 + P1) << 8
529	vand	d17, d17, d29
530	vext.8	d22, d7, d7, #4	@ B4
531	veor	d18, d18, d19	@ t1 = (M) (P2 + P3) << 16
532	vand	d19, d19, d30
533	vmull.p8	q11, d27, d22		@ K = A*B4
534	veor	q10, q10, q2		@ N = I + J
535	veor	d16, d16, d17
536	veor	d18, d18, d19
537	veor	d20, d20, d21	@ t2 = (N) (P4 + P5) << 24
538	vand	d21, d21, d31
539	vext.8	q8, q8, q8, #15
540	veor	d22, d22, d23	@ t3 = (K) (P6 + P7) << 32
541	vmov.i64	d23, #0
542	vext.8	q9, q9, q9, #14
543	veor	d20, d20, d21
544	vmull.p8	q2, d27, d7		@ D = A*B
545	vext.8	q11, q11, q11, #12
546	vext.8	q10, q10, q10, #13
547	veor	q8, q8, q9
548	veor	q10, q10, q11
549	veor	q2, q2, q8
550	veor	q2, q2, q10
551	veor	q1,q1,q0		@ Karatsuba post-processing
552	veor	q1,q1,q2
553	veor	d1,d1,d2
554	veor	d4,d4,d3	@ Xh|Xl - 256-bit result
555
556	@ equivalent of reduction_avx from ghash-x86_64.pl
557	vshl.i64	q9,q0,#57		@ 1st phase
558	vshl.i64	q10,q0,#62
559	veor	q10,q10,q9		@
560	vshl.i64	q9,q0,#63
561	veor	q10, q10, q9		@
562	veor	d1,d1,d20	@
563	veor	d4,d4,d21
564
565	vshr.u64	q10,q0,#1		@ 2nd phase
566	veor	q2,q2,q0
567	veor	q0,q0,q10		@
568	vshr.u64	q10,q10,#6
569	vshr.u64	q0,q0,#1		@
570	veor	q0,q0,q2		@
571	veor	q0,q0,q10		@
572
573	subs	r3,#16
574	bne	Loop_neon
575
576#ifdef __ARMEL__
577	vrev64.8	q0,q0
578#endif
579	sub	r0,#16
580	vst1.64	d1,[r0]!		@ write out Xi
581	vst1.64	d0,[r0]
582
583	bx	lr					@ bx lr
584
585#endif
586.byte	71,72,65,83,72,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
587.align	2
588.align	2
589