deps/openssl/config/archs/linux32-s390x/asm/crypto/modes/ghash-s390x.S


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

.text

.globl	gcm_gmult_4bit
.align	32
gcm_gmult_4bit:
	stm	%r6,%r14,6*4(%r15)

	aghi	%r2,-1
	lghi	%r5,1
	lghi	%r13,120
	larl	%r14,rem_4bit

	lg	%r1,8+1(%r2)		# Xi
	j	.Lgmult_shortcut
.type	gcm_gmult_4bit,@function
.size	gcm_gmult_4bit,(.-gcm_gmult_4bit)

.globl	gcm_ghash_4bit
.align	32
gcm_ghash_4bit:
	larl	%r1,OPENSSL_s390xcap_P
	lg	%r0,24(%r1)	# load second word of kimd capabilities vector
	tmhh	%r0,0x4000	# check for function 65
	jz	.Lsoft_ghash
	lghi	%r0,65		# function 65
	la	%r1,0(%r2)	# H lies right after Xi in gcm128_context
	.long	0xb93e0004	# kimd %r0,%r4
	brc	1,.-4		# pay attention to "partial completion"
	br	%r14
.align	32
.Lsoft_ghash:
	llgfr	%r5,%r5
	stm	%r6,%r14,6*4(%r15)

	aghi	%r2,-1
	srlg	%r5,%r5,4
	lghi	%r13,120
	larl	%r14,rem_4bit

	lg	%r1,8+1(%r2)		# Xi
	lg	%r0,0+1(%r2)
	lghi	%r12,0
.Louter:
	xg	%r0,0(%r4)		# Xi ^= inp
	xg	%r1,8(%r4)
	xgr	%r0,%r12
	stg	%r1,8+1(%r2)
	stg	%r0,0+1(%r2)

.Lgmult_shortcut:
	lghi	%r12,0xf0
	sllg	%r8,%r1,4
	srlg	%r10,%r1,8		# extract second byte
	ngr	%r8,%r12
	lgr	%r9,%r1
	lghi	%r11,14
	ngr	%r9,%r12

	lg	%r1,8(%r8,%r3)
	lg	%r0,0(%r8,%r3)

	sllg	%r8,%r10,4
	sllg	%r6,%r1,3
	ngr	%r8,%r12
	ngr	%r6,%r13
	ngr	%r10,%r12

	sllg	%r12,%r0,60
	srlg	%r1,%r1,4
	srlg	%r0,%r0,4
	xg	%r1,8(%r9,%r3)
	xg	%r0,0(%r9,%r3)
	lgr	%r9,%r10
	sllg	%r7,%r1,3
	xgr	%r1,%r12
	ngr	%r7,%r13
	sllg	%r12,%r0,60
	j	.Lghash_inner
.align	16
.Lghash_inner:
	srlg	%r1,%r1,4
	srlg	%r0,%r0,4
	xg	%r1,8(%r8,%r3)
	llgc	%r10,0(%r11,%r2)
	xg	%r0,0(%r8,%r3)
	sllg	%r8,%r10,4
	xg	%r0,0(%r6,%r14)
	nill	%r8,0xf0
	sllg	%r6,%r1,3
	xgr	%r1,%r12
	ngr	%r6,%r13
	nill	%r10,0xf0

	sllg	%r12,%r0,60
	srlg	%r1,%r1,4
	srlg	%r0,%r0,4
	xg	%r1,8(%r9,%r3)
	xg	%r0,0(%r9,%r3)
	lgr	%r9,%r10
	xg	%r0,0(%r7,%r14)
	sllg	%r7,%r1,3
	xgr	%r1,%r12
	ngr	%r7,%r13
	sllg	%r12,%r0,60
	brct	%r11,.Lghash_inner

	srlg	%r1,%r1,4
	srlg	%r0,%r0,4
	xg	%r1,8(%r8,%r3)
	xg	%r0,0(%r8,%r3)
	sllg	%r10,%r1,3
	xg	%r0,0(%r6,%r14)
	xgr	%r1,%r12
	ngr	%r10,%r13

	sllg	%r12,%r0,60
	srlg	%r1,%r1,4
	srlg	%r0,%r0,4
	xg	%r1,8(%r9,%r3)
	xg	%r0,0(%r9,%r3)
	xgr	%r1,%r12
	xg	%r0,0(%r7,%r14)

	lg	%r12,0(%r10,%r14)
	la	%r4,16(%r4)
	sllg	%r12,%r12,4		# correct last rem_4bit[rem]
	brctg	%r5,.Louter

	xgr	%r0,%r12
	stg	%r1,8+1(%r2)
	stg	%r0,0+1(%r2)
	lm	%r6,%r14,6*4(%r15)
	br	%r14
.type	gcm_ghash_4bit,@function
.size	gcm_ghash_4bit,(.-gcm_ghash_4bit)

.align	64
rem_4bit:
	.long	0,0,29491200,0,58982400,0,38141952,0
	.long	117964800,0,113901568,0,76283904,0,88997888,0
	.long	235929600,0,265420800,0,227803136,0,206962688,0
	.long	152567808,0,148504576,0,177995776,0,190709760,0
.type	rem_4bit,@object
.size	rem_4bit,(.-rem_4bit)
.string	"GHASH for s390x, CRYPTOGAMS by <appro@openssl.org>"