search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'trace-printf-v6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/trace...
[drm/drm-misc.git] / arch / powerpc / crypto / ghashp10-ppc.pl
blob27a6b0bec645f9ae4e457fcbdbe0bccda07dc71e
1 #!/usr/bin/env perl
2 # SPDX-License-Identifier: GPL-2.0
3
4 # This code is taken from the OpenSSL project but the author (Andy Polyakov)
5 # has relicensed it under the GPLv2. Therefore this program is free software;
6 # you can redistribute it and/or modify it under the terms of the GNU General
7 # Public License version 2 as published by the Free Software Foundation.
8 #
9 # The original headers, including the original license headers, are
10 # included below for completeness.
11
12 # ====================================================================
13 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
14 # project. The module is, however, dual licensed under OpenSSL and
15 # CRYPTOGAMS licenses depending on where you obtain it. For further
16 # details see https://www.openssl.org/~appro/cryptogams/.
17 # ====================================================================
18 #
19 # GHASH for PowerISA v2.07.
20 #
21 # July 2014
22 #
23 # Accurate performance measurements are problematic, because it's
24 # always virtualized setup with possibly throttled processor.
25 # Relative comparison is therefore more informative. This initial
26 # version is ~2.1x slower than hardware-assisted AES-128-CTR, ~12x
27 # faster than "4-bit" integer-only compiler-generated 64-bit code.
28 # "Initial version" means that there is room for futher improvement.
29
30 $flavour=shift;
31 $output =shift;
32
33 if ($flavour =~ /64/) {
34 $SIZE_T=8;
35 $LRSAVE=2*$SIZE_T;
36 $STU="stdu";
37 $POP="ld";
38 $PUSH="std";
39 } elsif ($flavour =~ /32/) {
40 $SIZE_T=4;
41 $LRSAVE=$SIZE_T;
42 $STU="stwu";
43 $POP="lwz";
44 $PUSH="stw";
45 } else { die "nonsense $flavour"; }
46
47 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
48 ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
49 ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
50 die "can't locate ppc-xlate.pl";
51
52 open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
53
54 my ($Xip,$Htbl,$inp,$len)=map("r$_",(3..6)); # argument block
55
56 my ($Xl,$Xm,$Xh,$IN)=map("v$_",(0..3));
57 my ($zero,$t0,$t1,$t2,$xC2,$H,$Hh,$Hl,$lemask)=map("v$_",(4..12));
58 my ($Xl1,$Xm1,$Xh1,$IN1,$H2,$H2h,$H2l)=map("v$_",(13..19));
59 my $vrsave="r12";
60 my ($t4,$t5,$t6) = ($Hl,$H,$Hh);
61
62 $code=<<___;
63 .machine "any"
64
65 .text
66
67 .globl .gcm_init_p10
68 lis r0,0xfff0
69 li r8,0x10
70 mfspr $vrsave,256
71 li r9,0x20
72 mtspr 256,r0
73 li r10,0x30
74 lvx_u $H,0,r4 # load H
75 le?xor r7,r7,r7
76 le?addi r7,r7,0x8 # need a vperm start with 08
77 le?lvsr 5,0,r7
78 le?vspltisb 6,0x0f
79 le?vxor 5,5,6 # set a b-endian mask
80 le?vperm $H,$H,$H,5
81
82 vspltisb $xC2,-16 # 0xf0
83 vspltisb $t0,1 # one
84 vaddubm $xC2,$xC2,$xC2 # 0xe0
85 vxor $zero,$zero,$zero
86 vor $xC2,$xC2,$t0 # 0xe1
87 vsldoi $xC2,$xC2,$zero,15 # 0xe1...
88 vsldoi $t1,$zero,$t0,1 # ...1
89 vaddubm $xC2,$xC2,$xC2 # 0xc2...
90 vspltisb $t2,7
91 vor $xC2,$xC2,$t1 # 0xc2....01
92 vspltb $t1,$H,0 # most significant byte
93 vsl $H,$H,$t0 # H<<=1
94 vsrab $t1,$t1,$t2 # broadcast carry bit
95 vand $t1,$t1,$xC2
96 vxor $H,$H,$t1 # twisted H
97
98 vsldoi $H,$H,$H,8 # twist even more ...
99 vsldoi $xC2,$zero,$xC2,8 # 0xc2.0
100 vsldoi $Hl,$zero,$H,8 # ... and split
101 vsldoi $Hh,$H,$zero,8
102
103 stvx_u $xC2,0,r3 # save pre-computed table
104 stvx_u $Hl,r8,r3
105 stvx_u $H, r9,r3
106 stvx_u $Hh,r10,r3
107
108 mtspr 256,$vrsave
109 blr
110 .long 0
111 .byte 0,12,0x14,0,0,0,2,0
112 .long 0
113 .size .gcm_init_p10,.-.gcm_init_p10
114
115 .globl .gcm_init_htable
116 lis r0,0xfff0
117 li r8,0x10
118 mfspr $vrsave,256
119 li r9,0x20
120 mtspr 256,r0
121 li r10,0x30
122 lvx_u $H,0,r4 # load H
123
124 vspltisb $xC2,-16 # 0xf0
125 vspltisb $t0,1 # one
126 vaddubm $xC2,$xC2,$xC2 # 0xe0
127 vxor $zero,$zero,$zero
128 vor $xC2,$xC2,$t0 # 0xe1
129 vsldoi $xC2,$xC2,$zero,15 # 0xe1...
130 vsldoi $t1,$zero,$t0,1 # ...1
131 vaddubm $xC2,$xC2,$xC2 # 0xc2...
132 vspltisb $t2,7
133 vor $xC2,$xC2,$t1 # 0xc2....01
134 vspltb $t1,$H,0 # most significant byte
135 vsl $H,$H,$t0 # H<<=1
136 vsrab $t1,$t1,$t2 # broadcast carry bit
137 vand $t1,$t1,$xC2
138 vxor $IN,$H,$t1 # twisted H
139
140 vsldoi $H,$IN,$IN,8 # twist even more ...
141 vsldoi $xC2,$zero,$xC2,8 # 0xc2.0
142 vsldoi $Hl,$zero,$H,8 # ... and split
143 vsldoi $Hh,$H,$zero,8
144
145 stvx_u $xC2,0,r3 # save pre-computed table
146 stvx_u $Hl,r8,r3
147 li r8,0x40
148 stvx_u $H, r9,r3
149 li r9,0x50
150 stvx_u $Hh,r10,r3
151 li r10,0x60
152
153 vpmsumd $Xl,$IN,$Hl # H.lo·H.lo
154 vpmsumd $Xm,$IN,$H # H.hi·H.lo+H.lo·H.hi
155 vpmsumd $Xh,$IN,$Hh # H.hi·H.hi
156
157 vpmsumd $t2,$Xl,$xC2 # 1st reduction phase
158
159 vsldoi $t0,$Xm,$zero,8
160 vsldoi $t1,$zero,$Xm,8
161 vxor $Xl,$Xl,$t0
162 vxor $Xh,$Xh,$t1
163
164 vsldoi $Xl,$Xl,$Xl,8
165 vxor $Xl,$Xl,$t2
166
167 vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
168 vpmsumd $Xl,$Xl,$xC2
169 vxor $t1,$t1,$Xh
170 vxor $IN1,$Xl,$t1
171
172 vsldoi $H2,$IN1,$IN1,8
173 vsldoi $H2l,$zero,$H2,8
174 vsldoi $H2h,$H2,$zero,8
175
176 stvx_u $H2l,r8,r3 # save H^2
177 li r8,0x70
178 stvx_u $H2,r9,r3
179 li r9,0x80
180 stvx_u $H2h,r10,r3
181 li r10,0x90
182
183 vpmsumd $Xl,$IN,$H2l # H.lo·H^2.lo
184 vpmsumd $Xl1,$IN1,$H2l # H^2.lo·H^2.lo
185 vpmsumd $Xm,$IN,$H2 # H.hi·H^2.lo+H.lo·H^2.hi
186 vpmsumd $Xm1,$IN1,$H2 # H^2.hi·H^2.lo+H^2.lo·H^2.hi
187 vpmsumd $Xh,$IN,$H2h # H.hi·H^2.hi
188 vpmsumd $Xh1,$IN1,$H2h # H^2.hi·H^2.hi
189
190 vpmsumd $t2,$Xl,$xC2 # 1st reduction phase
191 vpmsumd $t6,$Xl1,$xC2 # 1st reduction phase
192
193 vsldoi $t0,$Xm,$zero,8
194 vsldoi $t1,$zero,$Xm,8
195 vsldoi $t4,$Xm1,$zero,8
196 vsldoi $t5,$zero,$Xm1,8
197 vxor $Xl,$Xl,$t0
198 vxor $Xh,$Xh,$t1
199 vxor $Xl1,$Xl1,$t4
200 vxor $Xh1,$Xh1,$t5
201
202 vsldoi $Xl,$Xl,$Xl,8
203 vsldoi $Xl1,$Xl1,$Xl1,8
204 vxor $Xl,$Xl,$t2
205 vxor $Xl1,$Xl1,$t6
206
207 vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
208 vsldoi $t5,$Xl1,$Xl1,8 # 2nd reduction phase
209 vpmsumd $Xl,$Xl,$xC2
210 vpmsumd $Xl1,$Xl1,$xC2
211 vxor $t1,$t1,$Xh
212 vxor $t5,$t5,$Xh1
213 vxor $Xl,$Xl,$t1
214 vxor $Xl1,$Xl1,$t5
215
216 vsldoi $H,$Xl,$Xl,8
217 vsldoi $H2,$Xl1,$Xl1,8
218 vsldoi $Hl,$zero,$H,8
219 vsldoi $Hh,$H,$zero,8
220 vsldoi $H2l,$zero,$H2,8
221 vsldoi $H2h,$H2,$zero,8
222
223 stvx_u $Hl,r8,r3 # save H^3
224 li r8,0xa0
225 stvx_u $H,r9,r3
226 li r9,0xb0
227 stvx_u $Hh,r10,r3
228 li r10,0xc0
229 stvx_u $H2l,r8,r3 # save H^4
230 stvx_u $H2,r9,r3
231 stvx_u $H2h,r10,r3
232
233 mtspr 256,$vrsave
234 blr
235 .long 0
236 .byte 0,12,0x14,0,0,0,2,0
237 .long 0
238 .size .gcm_init_htable,.-.gcm_init_htable
239
240 .globl .gcm_gmult_p10
241 lis r0,0xfff8
242 li r8,0x10
243 mfspr $vrsave,256
244 li r9,0x20
245 mtspr 256,r0
246 li r10,0x30
247 lvx_u $IN,0,$Xip # load Xi
248
249 lvx_u $Hl,r8,$Htbl # load pre-computed table
250 le?lvsl $lemask,r0,r0
251 lvx_u $H, r9,$Htbl
252 le?vspltisb $t0,0x07
253 lvx_u $Hh,r10,$Htbl
254 le?vxor $lemask,$lemask,$t0
255 lvx_u $xC2,0,$Htbl
256 le?vperm $IN,$IN,$IN,$lemask
257 vxor $zero,$zero,$zero
258
259 vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo
260 vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi
261 vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi
262
263 vpmsumd $t2,$Xl,$xC2 # 1st phase
264
265 vsldoi $t0,$Xm,$zero,8
266 vsldoi $t1,$zero,$Xm,8
267 vxor $Xl,$Xl,$t0
268 vxor $Xh,$Xh,$t1
269
270 vsldoi $Xl,$Xl,$Xl,8
271 vxor $Xl,$Xl,$t2
272
273 vsldoi $t1,$Xl,$Xl,8 # 2nd phase
274 vpmsumd $Xl,$Xl,$xC2
275 vxor $t1,$t1,$Xh
276 vxor $Xl,$Xl,$t1
277
278 le?vperm $Xl,$Xl,$Xl,$lemask
279 stvx_u $Xl,0,$Xip # write out Xi
280
281 mtspr 256,$vrsave
282 blr
283 .long 0
284 .byte 0,12,0x14,0,0,0,2,0
285 .long 0
286 .size .gcm_gmult_p10,.-.gcm_gmult_p10
287
288 .globl .gcm_ghash_p10
289 lis r0,0xfff8
290 li r8,0x10
291 mfspr $vrsave,256
292 li r9,0x20
293 mtspr 256,r0
294 li r10,0x30
295 lvx_u $Xl,0,$Xip # load Xi
296
297 lvx_u $Hl,r8,$Htbl # load pre-computed table
298 le?lvsl $lemask,r0,r0
299 lvx_u $H, r9,$Htbl
300 le?vspltisb $t0,0x07
301 lvx_u $Hh,r10,$Htbl
302 le?vxor $lemask,$lemask,$t0
303 lvx_u $xC2,0,$Htbl
304 le?vperm $Xl,$Xl,$Xl,$lemask
305 vxor $zero,$zero,$zero
306
307 lvx_u $IN,0,$inp
308 addi $inp,$inp,16
309 subi $len,$len,16
310 le?vperm $IN,$IN,$IN,$lemask
311 vxor $IN,$IN,$Xl
312 b Loop
313
314 .align 5
315 Loop:
316 subic $len,$len,16
317 vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo
318 subfe. r0,r0,r0 # borrow?-1:0
319 vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi
320 and r0,r0,$len
321 vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi
322 add $inp,$inp,r0
323
324 vpmsumd $t2,$Xl,$xC2 # 1st phase
325
326 vsldoi $t0,$Xm,$zero,8
327 vsldoi $t1,$zero,$Xm,8
328 vxor $Xl,$Xl,$t0
329 vxor $Xh,$Xh,$t1
330
331 vsldoi $Xl,$Xl,$Xl,8
332 vxor $Xl,$Xl,$t2
333 lvx_u $IN,0,$inp
334 addi $inp,$inp,16
335
336 vsldoi $t1,$Xl,$Xl,8 # 2nd phase
337 vpmsumd $Xl,$Xl,$xC2
338 le?vperm $IN,$IN,$IN,$lemask
339 vxor $t1,$t1,$Xh
340 vxor $IN,$IN,$t1
341 vxor $IN,$IN,$Xl
342 beq Loop # did $len-=16 borrow?
343
344 vxor $Xl,$Xl,$t1
345 le?vperm $Xl,$Xl,$Xl,$lemask
346 stvx_u $Xl,0,$Xip # write out Xi
347
348 mtspr 256,$vrsave
349 blr
350 .long 0
351 .byte 0,12,0x14,0,0,0,4,0
352 .long 0
353 .size .gcm_ghash_p10,.-.gcm_ghash_p10
354
355 .asciz "GHASH for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
356 .align 2
357 ___
358
359 foreach (split("\n",$code)) {
360 if ($flavour =~ /le$/o) { # little-endian
361 s/le\?//o or
362 s/be\?/#be#/o;
363 } else {
364 s/le\?/#le#/o or
365 s/be\?//o;
366 }
367 print $_,"\n";
368 }
369
370 close STDOUT; # enforce flush
Kernel DRM miscellaneous fixes and cross-tree changes