~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/arch/x86/crypto/camellia-aesni-avx2-asm_64.S

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /arch/x86/crypto/camellia-aesni-avx2-asm_64.S (Architecture mips) and /arch/sparc64/crypto/camellia-aesni-avx2-asm_64.S (Architecture sparc64)


  1 /* SPDX-License-Identifier: GPL-2.0-or-later *    
  2 /*                                                
  3  * x86_64/AVX2/AES-NI assembler implementation    
  4  *                                                
  5  * Copyright © 2013 Jussi Kivilinna <jussi.kiv    
  6  */                                               
  7                                                   
  8 #include <linux/linkage.h>                        
  9 #include <asm/frame.h>                            
 10                                                   
 11 #define CAMELLIA_TABLE_BYTE_LEN 272               
 12                                                   
 13 /* struct camellia_ctx: */                        
 14 #define key_table 0                               
 15 #define key_length CAMELLIA_TABLE_BYTE_LEN        
 16                                                   
 17 /* register macros */                             
 18 #define CTX %rdi                                  
 19 #define RIO %r8                                   
 20                                                   
 21 /*********************************************    
 22   helper macros                                   
 23  *********************************************    
 24 #define filter_8bit(x, lo_t, hi_t, mask4bit, t    
 25         vpand x, mask4bit, tmp0; \                
 26         vpandn x, mask4bit, x; \                  
 27         vpsrld $4, x, x; \                        
 28         \                                         
 29         vpshufb tmp0, lo_t, tmp0; \               
 30         vpshufb x, hi_t, x; \                     
 31         vpxor tmp0, x, x;                         
 32                                                   
 33 #define ymm0_x xmm0                               
 34 #define ymm1_x xmm1                               
 35 #define ymm2_x xmm2                               
 36 #define ymm3_x xmm3                               
 37 #define ymm4_x xmm4                               
 38 #define ymm5_x xmm5                               
 39 #define ymm6_x xmm6                               
 40 #define ymm7_x xmm7                               
 41 #define ymm8_x xmm8                               
 42 #define ymm9_x xmm9                               
 43 #define ymm10_x xmm10                             
 44 #define ymm11_x xmm11                             
 45 #define ymm12_x xmm12                             
 46 #define ymm13_x xmm13                             
 47 #define ymm14_x xmm14                             
 48 #define ymm15_x xmm15                             
 49                                                   
 50 /*********************************************    
 51   32-way camellia                                 
 52  *********************************************    
 53                                                   
 54 /*                                                
 55  * IN:                                            
 56  *   x0..x7: byte-sliced AB state                 
 57  *   mem_cd: register pointer storing CD state    
 58  *   key: index for key material                  
 59  * OUT:                                           
 60  *   x0..x7: new byte-sliced CD state             
 61  */                                               
 62 #define roundsm32(x0, x1, x2, x3, x4, x5, x6,     
 63                   t7, mem_cd, key) \              
 64         /* \                                      
 65          * S-function with AES subbytes \         
 66          */ \                                     
 67         vbroadcasti128 .Linv_shift_row(%rip),     
 68         vpbroadcastd .L0f0f0f0f(%rip), t7; \      
 69         vbroadcasti128 .Lpre_tf_lo_s1(%rip), t    
 70         vbroadcasti128 .Lpre_tf_hi_s1(%rip), t    
 71         vbroadcasti128 .Lpre_tf_lo_s4(%rip), t    
 72         vbroadcasti128 .Lpre_tf_hi_s4(%rip), t    
 73         \                                         
 74         /* AES inverse shift rows */ \            
 75         vpshufb t4, x0, x0; \                     
 76         vpshufb t4, x7, x7; \                     
 77         vpshufb t4, x3, x3; \                     
 78         vpshufb t4, x6, x6; \                     
 79         vpshufb t4, x2, x2; \                     
 80         vpshufb t4, x5, x5; \                     
 81         vpshufb t4, x1, x1; \                     
 82         vpshufb t4, x4, x4; \                     
 83         \                                         
 84         /* prefilter sboxes 1, 2 and 3 */ \       
 85         /* prefilter sbox 4 */ \                  
 86         filter_8bit(x0, t5, t6, t7, t4); \        
 87         filter_8bit(x7, t5, t6, t7, t4); \        
 88         vextracti128 $1, x0, t0##_x; \            
 89         vextracti128 $1, x7, t1##_x; \            
 90         filter_8bit(x3, t2, t3, t7, t4); \        
 91         filter_8bit(x6, t2, t3, t7, t4); \        
 92         vextracti128 $1, x3, t3##_x; \            
 93         vextracti128 $1, x6, t2##_x; \            
 94         filter_8bit(x2, t5, t6, t7, t4); \        
 95         filter_8bit(x5, t5, t6, t7, t4); \        
 96         filter_8bit(x1, t5, t6, t7, t4); \        
 97         filter_8bit(x4, t5, t6, t7, t4); \        
 98         \                                         
 99         vpxor t4##_x, t4##_x, t4##_x; \           
100         \                                         
101         /* AES subbytes + AES shift rows */ \     
102         vextracti128 $1, x2, t6##_x; \            
103         vextracti128 $1, x5, t5##_x; \            
104         vaesenclast t4##_x, x0##_x, x0##_x; \     
105         vaesenclast t4##_x, t0##_x, t0##_x; \     
106         vinserti128 $1, t0##_x, x0, x0; \         
107         vaesenclast t4##_x, x7##_x, x7##_x; \     
108         vaesenclast t4##_x, t1##_x, t1##_x; \     
109         vinserti128 $1, t1##_x, x7, x7; \         
110         vaesenclast t4##_x, x3##_x, x3##_x; \     
111         vaesenclast t4##_x, t3##_x, t3##_x; \     
112         vinserti128 $1, t3##_x, x3, x3; \         
113         vaesenclast t4##_x, x6##_x, x6##_x; \     
114         vaesenclast t4##_x, t2##_x, t2##_x; \     
115         vinserti128 $1, t2##_x, x6, x6; \         
116         vextracti128 $1, x1, t3##_x; \            
117         vextracti128 $1, x4, t2##_x; \            
118         vbroadcasti128 .Lpost_tf_lo_s1(%rip),     
119         vbroadcasti128 .Lpost_tf_hi_s1(%rip),     
120         vaesenclast t4##_x, x2##_x, x2##_x; \     
121         vaesenclast t4##_x, t6##_x, t6##_x; \     
122         vinserti128 $1, t6##_x, x2, x2; \         
123         vaesenclast t4##_x, x5##_x, x5##_x; \     
124         vaesenclast t4##_x, t5##_x, t5##_x; \     
125         vinserti128 $1, t5##_x, x5, x5; \         
126         vaesenclast t4##_x, x1##_x, x1##_x; \     
127         vaesenclast t4##_x, t3##_x, t3##_x; \     
128         vinserti128 $1, t3##_x, x1, x1; \         
129         vaesenclast t4##_x, x4##_x, x4##_x; \     
130         vaesenclast t4##_x, t2##_x, t2##_x; \     
131         vinserti128 $1, t2##_x, x4, x4; \         
132         \                                         
133         /* postfilter sboxes 1 and 4 */ \         
134         vbroadcasti128 .Lpost_tf_lo_s3(%rip),     
135         vbroadcasti128 .Lpost_tf_hi_s3(%rip),     
136         filter_8bit(x0, t0, t1, t7, t6); \        
137         filter_8bit(x7, t0, t1, t7, t6); \        
138         filter_8bit(x3, t0, t1, t7, t6); \        
139         filter_8bit(x6, t0, t1, t7, t6); \        
140         \                                         
141         /* postfilter sbox 3 */ \                 
142         vbroadcasti128 .Lpost_tf_lo_s2(%rip),     
143         vbroadcasti128 .Lpost_tf_hi_s2(%rip),     
144         filter_8bit(x2, t2, t3, t7, t6); \        
145         filter_8bit(x5, t2, t3, t7, t6); \        
146         \                                         
147         vpbroadcastq key, t0; /* higher 64-bit    
148         \                                         
149         /* postfilter sbox 2 */ \                 
150         filter_8bit(x1, t4, t5, t7, t2); \        
151         filter_8bit(x4, t4, t5, t7, t2); \        
152         vpxor t7, t7, t7; \                       
153         \                                         
154         vpsrldq $1, t0, t1; \                     
155         vpsrldq $2, t0, t2; \                     
156         vpshufb t7, t1, t1; \                     
157         vpsrldq $3, t0, t3; \                     
158         \                                         
159         /* P-function */ \                        
160         vpxor x5, x0, x0; \                       
161         vpxor x6, x1, x1; \                       
162         vpxor x7, x2, x2; \                       
163         vpxor x4, x3, x3; \                       
164         \                                         
165         vpshufb t7, t2, t2; \                     
166         vpsrldq $4, t0, t4; \                     
167         vpshufb t7, t3, t3; \                     
168         vpsrldq $5, t0, t5; \                     
169         vpshufb t7, t4, t4; \                     
170         \                                         
171         vpxor x2, x4, x4; \                       
172         vpxor x3, x5, x5; \                       
173         vpxor x0, x6, x6; \                       
174         vpxor x1, x7, x7; \                       
175         \                                         
176         vpsrldq $6, t0, t6; \                     
177         vpshufb t7, t5, t5; \                     
178         vpshufb t7, t6, t6; \                     
179         \                                         
180         vpxor x7, x0, x0; \                       
181         vpxor x4, x1, x1; \                       
182         vpxor x5, x2, x2; \                       
183         vpxor x6, x3, x3; \                       
184         \                                         
185         vpxor x3, x4, x4; \                       
186         vpxor x0, x5, x5; \                       
187         vpxor x1, x6, x6; \                       
188         vpxor x2, x7, x7; /* note: high and lo    
189         \                                         
190         /* Add key material and result to CD (    
191         \                                         
192         vpxor t6, x1, x1; \                       
193         vpxor 5 * 32(mem_cd), x1, x1; \           
194         \                                         
195         vpsrldq $7, t0, t6; \                     
196         vpshufb t7, t0, t0; \                     
197         vpshufb t7, t6, t7; \                     
198         \                                         
199         vpxor t7, x0, x0; \                       
200         vpxor 4 * 32(mem_cd), x0, x0; \           
201         \                                         
202         vpxor t5, x2, x2; \                       
203         vpxor 6 * 32(mem_cd), x2, x2; \           
204         \                                         
205         vpxor t4, x3, x3; \                       
206         vpxor 7 * 32(mem_cd), x3, x3; \           
207         \                                         
208         vpxor t3, x4, x4; \                       
209         vpxor 0 * 32(mem_cd), x4, x4; \           
210         \                                         
211         vpxor t2, x5, x5; \                       
212         vpxor 1 * 32(mem_cd), x5, x5; \           
213         \                                         
214         vpxor t1, x6, x6; \                       
215         vpxor 2 * 32(mem_cd), x6, x6; \           
216         \                                         
217         vpxor t0, x7, x7; \                       
218         vpxor 3 * 32(mem_cd), x7, x7;             
219                                                   
220 /*                                                
221  * Size optimization... with inlined roundsm32    
222  * larger and would only marginally faster.       
223  */                                               
224 SYM_FUNC_START_LOCAL(roundsm32_x0_x1_x2_x3_x4_    
225         roundsm32(%ymm0, %ymm1, %ymm2, %ymm3,     
226                   %ymm8, %ymm9, %ymm10, %ymm11    
227                   %rcx, (%r9));                   
228         RET;                                      
229 SYM_FUNC_END(roundsm32_x0_x1_x2_x3_x4_x5_x6_x7    
230                                                   
231 SYM_FUNC_START_LOCAL(roundsm32_x4_x5_x6_x7_x0_    
232         roundsm32(%ymm4, %ymm5, %ymm6, %ymm7,     
233                   %ymm12, %ymm13, %ymm14, %ymm    
234                   %rax, (%r9));                   
235         RET;                                      
236 SYM_FUNC_END(roundsm32_x4_x5_x6_x7_x0_x1_x2_x3    
237                                                   
238 /*                                                
239  * IN/OUT:                                        
240  *  x0..x7: byte-sliced AB state preloaded        
241  *  mem_ab: byte-sliced AB state in memory        
242  *  mem_cb: byte-sliced CD state in memory        
243  */                                               
244 #define two_roundsm32(x0, x1, x2, x3, x4, x5,     
245                       y6, y7, mem_ab, mem_cd,     
246         leaq (key_table + (i) * 8)(CTX), %r9;     
247         call roundsm32_x0_x1_x2_x3_x4_x5_x6_x7    
248         \                                         
249         vmovdqu x0, 4 * 32(mem_cd); \             
250         vmovdqu x1, 5 * 32(mem_cd); \             
251         vmovdqu x2, 6 * 32(mem_cd); \             
252         vmovdqu x3, 7 * 32(mem_cd); \             
253         vmovdqu x4, 0 * 32(mem_cd); \             
254         vmovdqu x5, 1 * 32(mem_cd); \             
255         vmovdqu x6, 2 * 32(mem_cd); \             
256         vmovdqu x7, 3 * 32(mem_cd); \             
257         \                                         
258         leaq (key_table + ((i) + (dir)) * 8)(C    
259         call roundsm32_x4_x5_x6_x7_x0_x1_x2_x3    
260         \                                         
261         store_ab(x0, x1, x2, x3, x4, x5, x6, x    
262                                                   
263 #define dummy_store(x0, x1, x2, x3, x4, x5, x6    
264                                                   
265 #define store_ab_state(x0, x1, x2, x3, x4, x5,    
266         /* Store new AB state */ \                
267         vmovdqu x4, 4 * 32(mem_ab); \             
268         vmovdqu x5, 5 * 32(mem_ab); \             
269         vmovdqu x6, 6 * 32(mem_ab); \             
270         vmovdqu x7, 7 * 32(mem_ab); \             
271         vmovdqu x0, 0 * 32(mem_ab); \             
272         vmovdqu x1, 1 * 32(mem_ab); \             
273         vmovdqu x2, 2 * 32(mem_ab); \             
274         vmovdqu x3, 3 * 32(mem_ab);               
275                                                   
276 #define enc_rounds32(x0, x1, x2, x3, x4, x5, x    
277                       y6, y7, mem_ab, mem_cd,     
278         two_roundsm32(x0, x1, x2, x3, x4, x5,     
279                       y6, y7, mem_ab, mem_cd,     
280         two_roundsm32(x0, x1, x2, x3, x4, x5,     
281                       y6, y7, mem_ab, mem_cd,     
282         two_roundsm32(x0, x1, x2, x3, x4, x5,     
283                       y6, y7, mem_ab, mem_cd,     
284                                                   
285 #define dec_rounds32(x0, x1, x2, x3, x4, x5, x    
286                       y6, y7, mem_ab, mem_cd,     
287         two_roundsm32(x0, x1, x2, x3, x4, x5,     
288                       y6, y7, mem_ab, mem_cd,     
289         two_roundsm32(x0, x1, x2, x3, x4, x5,     
290                       y6, y7, mem_ab, mem_cd,     
291         two_roundsm32(x0, x1, x2, x3, x4, x5,     
292                       y6, y7, mem_ab, mem_cd,     
293                                                   
294 /*                                                
295  * IN:                                            
296  *  v0..3: byte-sliced 32-bit integers            
297  * OUT:                                           
298  *  v0..3: (IN <<< 1)                             
299  */                                               
300 #define rol32_1_32(v0, v1, v2, v3, t0, t1, t2,    
301         vpcmpgtb v0, zero, t0; \                  
302         vpaddb v0, v0, v0; \                      
303         vpabsb t0, t0; \                          
304         \                                         
305         vpcmpgtb v1, zero, t1; \                  
306         vpaddb v1, v1, v1; \                      
307         vpabsb t1, t1; \                          
308         \                                         
309         vpcmpgtb v2, zero, t2; \                  
310         vpaddb v2, v2, v2; \                      
311         vpabsb t2, t2; \                          
312         \                                         
313         vpor t0, v1, v1; \                        
314         \                                         
315         vpcmpgtb v3, zero, t0; \                  
316         vpaddb v3, v3, v3; \                      
317         vpabsb t0, t0; \                          
318         \                                         
319         vpor t1, v2, v2; \                        
320         vpor t2, v3, v3; \                        
321         vpor t0, v0, v0;                          
322                                                   
323 /*                                                
324  * IN:                                            
325  *   r: byte-sliced AB state in memory            
326  *   l: byte-sliced CD state in memory            
327  * OUT:                                           
328  *   x0..x7: new byte-sliced CD state             
329  */                                               
330 #define fls32(l, l0, l1, l2, l3, l4, l5, l6, l    
331               tt1, tt2, tt3, kll, klr, krl, kr    
332         /* \                                      
333          * t0 = kll; \                            
334          * t0 &= ll; \                            
335          * lr ^= rol32(t0, 1); \                  
336          */ \                                     
337         vpbroadcastd kll, t0; /* only lowest 3    
338         vpxor tt0, tt0, tt0; \                    
339         vpshufb tt0, t0, t3; \                    
340         vpsrldq $1, t0, t0; \                     
341         vpshufb tt0, t0, t2; \                    
342         vpsrldq $1, t0, t0; \                     
343         vpshufb tt0, t0, t1; \                    
344         vpsrldq $1, t0, t0; \                     
345         vpshufb tt0, t0, t0; \                    
346         \                                         
347         vpand l0, t0, t0; \                       
348         vpand l1, t1, t1; \                       
349         vpand l2, t2, t2; \                       
350         vpand l3, t3, t3; \                       
351         \                                         
352         rol32_1_32(t3, t2, t1, t0, tt1, tt2, t    
353         \                                         
354         vpxor l4, t0, l4; \                       
355         vpbroadcastd krr, t0; /* only lowest 3    
356         vmovdqu l4, 4 * 32(l); \                  
357         vpxor l5, t1, l5; \                       
358         vmovdqu l5, 5 * 32(l); \                  
359         vpxor l6, t2, l6; \                       
360         vmovdqu l6, 6 * 32(l); \                  
361         vpxor l7, t3, l7; \                       
362         vmovdqu l7, 7 * 32(l); \                  
363         \                                         
364         /* \                                      
365          * t2 = krr; \                            
366          * t2 |= rr; \                            
367          * rl ^= t2; \                            
368          */ \                                     
369         \                                         
370         vpshufb tt0, t0, t3; \                    
371         vpsrldq $1, t0, t0; \                     
372         vpshufb tt0, t0, t2; \                    
373         vpsrldq $1, t0, t0; \                     
374         vpshufb tt0, t0, t1; \                    
375         vpsrldq $1, t0, t0; \                     
376         vpshufb tt0, t0, t0; \                    
377         \                                         
378         vpor 4 * 32(r), t0, t0; \                 
379         vpor 5 * 32(r), t1, t1; \                 
380         vpor 6 * 32(r), t2, t2; \                 
381         vpor 7 * 32(r), t3, t3; \                 
382         \                                         
383         vpxor 0 * 32(r), t0, t0; \                
384         vpxor 1 * 32(r), t1, t1; \                
385         vpxor 2 * 32(r), t2, t2; \                
386         vpxor 3 * 32(r), t3, t3; \                
387         vmovdqu t0, 0 * 32(r); \                  
388         vpbroadcastd krl, t0; /* only lowest 3    
389         vmovdqu t1, 1 * 32(r); \                  
390         vmovdqu t2, 2 * 32(r); \                  
391         vmovdqu t3, 3 * 32(r); \                  
392         \                                         
393         /* \                                      
394          * t2 = krl; \                            
395          * t2 &= rl; \                            
396          * rr ^= rol32(t2, 1); \                  
397          */ \                                     
398         vpshufb tt0, t0, t3; \                    
399         vpsrldq $1, t0, t0; \                     
400         vpshufb tt0, t0, t2; \                    
401         vpsrldq $1, t0, t0; \                     
402         vpshufb tt0, t0, t1; \                    
403         vpsrldq $1, t0, t0; \                     
404         vpshufb tt0, t0, t0; \                    
405         \                                         
406         vpand 0 * 32(r), t0, t0; \                
407         vpand 1 * 32(r), t1, t1; \                
408         vpand 2 * 32(r), t2, t2; \                
409         vpand 3 * 32(r), t3, t3; \                
410         \                                         
411         rol32_1_32(t3, t2, t1, t0, tt1, tt2, t    
412         \                                         
413         vpxor 4 * 32(r), t0, t0; \                
414         vpxor 5 * 32(r), t1, t1; \                
415         vpxor 6 * 32(r), t2, t2; \                
416         vpxor 7 * 32(r), t3, t3; \                
417         vmovdqu t0, 4 * 32(r); \                  
418         vpbroadcastd klr, t0; /* only lowest 3    
419         vmovdqu t1, 5 * 32(r); \                  
420         vmovdqu t2, 6 * 32(r); \                  
421         vmovdqu t3, 7 * 32(r); \                  
422         \                                         
423         /* \                                      
424          * t0 = klr; \                            
425          * t0 |= lr; \                            
426          * ll ^= t0; \                            
427          */ \                                     
428         \                                         
429         vpshufb tt0, t0, t3; \                    
430         vpsrldq $1, t0, t0; \                     
431         vpshufb tt0, t0, t2; \                    
432         vpsrldq $1, t0, t0; \                     
433         vpshufb tt0, t0, t1; \                    
434         vpsrldq $1, t0, t0; \                     
435         vpshufb tt0, t0, t0; \                    
436         \                                         
437         vpor l4, t0, t0; \                        
438         vpor l5, t1, t1; \                        
439         vpor l6, t2, t2; \                        
440         vpor l7, t3, t3; \                        
441         \                                         
442         vpxor l0, t0, l0; \                       
443         vmovdqu l0, 0 * 32(l); \                  
444         vpxor l1, t1, l1; \                       
445         vmovdqu l1, 1 * 32(l); \                  
446         vpxor l2, t2, l2; \                       
447         vmovdqu l2, 2 * 32(l); \                  
448         vpxor l3, t3, l3; \                       
449         vmovdqu l3, 3 * 32(l);                    
450                                                   
451 #define transpose_4x4(x0, x1, x2, x3, t1, t2)     
452         vpunpckhdq x1, x0, t2; \                  
453         vpunpckldq x1, x0, x0; \                  
454         \                                         
455         vpunpckldq x3, x2, t1; \                  
456         vpunpckhdq x3, x2, x2; \                  
457         \                                         
458         vpunpckhqdq t1, x0, x1; \                 
459         vpunpcklqdq t1, x0, x0; \                 
460         \                                         
461         vpunpckhqdq x2, t2, x3; \                 
462         vpunpcklqdq x2, t2, x2;                   
463                                                   
464 #define byteslice_16x16b_fast(a0, b0, c0, d0,     
465                               a3, b3, c3, d3,     
466         vmovdqu d2, st0; \                        
467         vmovdqu d3, st1; \                        
468         transpose_4x4(a0, a1, a2, a3, d2, d3);    
469         transpose_4x4(b0, b1, b2, b3, d2, d3);    
470         vmovdqu st0, d2; \                        
471         vmovdqu st1, d3; \                        
472         \                                         
473         vmovdqu a0, st0; \                        
474         vmovdqu a1, st1; \                        
475         transpose_4x4(c0, c1, c2, c3, a0, a1);    
476         transpose_4x4(d0, d1, d2, d3, a0, a1);    
477         \                                         
478         vbroadcasti128 .Lshufb_16x16b(%rip), a    
479         vmovdqu st1, a1; \                        
480         vpshufb a0, a2, a2; \                     
481         vpshufb a0, a3, a3; \                     
482         vpshufb a0, b0, b0; \                     
483         vpshufb a0, b1, b1; \                     
484         vpshufb a0, b2, b2; \                     
485         vpshufb a0, b3, b3; \                     
486         vpshufb a0, a1, a1; \                     
487         vpshufb a0, c0, c0; \                     
488         vpshufb a0, c1, c1; \                     
489         vpshufb a0, c2, c2; \                     
490         vpshufb a0, c3, c3; \                     
491         vpshufb a0, d0, d0; \                     
492         vpshufb a0, d1, d1; \                     
493         vpshufb a0, d2, d2; \                     
494         vpshufb a0, d3, d3; \                     
495         vmovdqu d3, st1; \                        
496         vmovdqu st0, d3; \                        
497         vpshufb a0, d3, a0; \                     
498         vmovdqu d2, st0; \                        
499         \                                         
500         transpose_4x4(a0, b0, c0, d0, d2, d3);    
501         transpose_4x4(a1, b1, c1, d1, d2, d3);    
502         vmovdqu st0, d2; \                        
503         vmovdqu st1, d3; \                        
504         \                                         
505         vmovdqu b0, st0; \                        
506         vmovdqu b1, st1; \                        
507         transpose_4x4(a2, b2, c2, d2, b0, b1);    
508         transpose_4x4(a3, b3, c3, d3, b0, b1);    
509         vmovdqu st0, b0; \                        
510         vmovdqu st1, b1; \                        
511         /* does not adjust output bytes inside    
512                                                   
513 /* load blocks to registers and apply pre-whit    
514 #define inpack32_pre(x0, x1, x2, x3, x4, x5, x    
515                      y6, y7, rio, key) \          
516         vpbroadcastq key, x0; \                   
517         vpshufb .Lpack_bswap(%rip), x0, x0; \     
518         \                                         
519         vpxor 0 * 32(rio), x0, y7; \              
520         vpxor 1 * 32(rio), x0, y6; \              
521         vpxor 2 * 32(rio), x0, y5; \              
522         vpxor 3 * 32(rio), x0, y4; \              
523         vpxor 4 * 32(rio), x0, y3; \              
524         vpxor 5 * 32(rio), x0, y2; \              
525         vpxor 6 * 32(rio), x0, y1; \              
526         vpxor 7 * 32(rio), x0, y0; \              
527         vpxor 8 * 32(rio), x0, x7; \              
528         vpxor 9 * 32(rio), x0, x6; \              
529         vpxor 10 * 32(rio), x0, x5; \             
530         vpxor 11 * 32(rio), x0, x4; \             
531         vpxor 12 * 32(rio), x0, x3; \             
532         vpxor 13 * 32(rio), x0, x2; \             
533         vpxor 14 * 32(rio), x0, x1; \             
534         vpxor 15 * 32(rio), x0, x0;               
535                                                   
536 /* byteslice pre-whitened blocks and store to     
537 #define inpack32_post(x0, x1, x2, x3, x4, x5,     
538                       y6, y7, mem_ab, mem_cd)     
539         byteslice_16x16b_fast(x0, x1, x2, x3,     
540                               y4, y5, y6, y7,     
541         \                                         
542         vmovdqu x0, 0 * 32(mem_ab); \             
543         vmovdqu x1, 1 * 32(mem_ab); \             
544         vmovdqu x2, 2 * 32(mem_ab); \             
545         vmovdqu x3, 3 * 32(mem_ab); \             
546         vmovdqu x4, 4 * 32(mem_ab); \             
547         vmovdqu x5, 5 * 32(mem_ab); \             
548         vmovdqu x6, 6 * 32(mem_ab); \             
549         vmovdqu x7, 7 * 32(mem_ab); \             
550         vmovdqu y0, 0 * 32(mem_cd); \             
551         vmovdqu y1, 1 * 32(mem_cd); \             
552         vmovdqu y2, 2 * 32(mem_cd); \             
553         vmovdqu y3, 3 * 32(mem_cd); \             
554         vmovdqu y4, 4 * 32(mem_cd); \             
555         vmovdqu y5, 5 * 32(mem_cd); \             
556         vmovdqu y6, 6 * 32(mem_cd); \             
557         vmovdqu y7, 7 * 32(mem_cd);               
558                                                   
559 /* de-byteslice, apply post-whitening and stor    
560 #define outunpack32(x0, x1, x2, x3, x4, x5, x6    
561                     y5, y6, y7, key, stack_tmp    
562         byteslice_16x16b_fast(y0, y4, x0, x4,     
563                               y3, y7, x3, x7,     
564         \                                         
565         vmovdqu x0, stack_tmp0; \                 
566         \                                         
567         vpbroadcastq key, x0; \                   
568         vpshufb .Lpack_bswap(%rip), x0, x0; \     
569         \                                         
570         vpxor x0, y7, y7; \                       
571         vpxor x0, y6, y6; \                       
572         vpxor x0, y5, y5; \                       
573         vpxor x0, y4, y4; \                       
574         vpxor x0, y3, y3; \                       
575         vpxor x0, y2, y2; \                       
576         vpxor x0, y1, y1; \                       
577         vpxor x0, y0, y0; \                       
578         vpxor x0, x7, x7; \                       
579         vpxor x0, x6, x6; \                       
580         vpxor x0, x5, x5; \                       
581         vpxor x0, x4, x4; \                       
582         vpxor x0, x3, x3; \                       
583         vpxor x0, x2, x2; \                       
584         vpxor x0, x1, x1; \                       
585         vpxor stack_tmp0, x0, x0;                 
586                                                   
587 #define write_output(x0, x1, x2, x3, x4, x5, x    
588                      y6, y7, rio) \               
589         vmovdqu x0, 0 * 32(rio); \                
590         vmovdqu x1, 1 * 32(rio); \                
591         vmovdqu x2, 2 * 32(rio); \                
592         vmovdqu x3, 3 * 32(rio); \                
593         vmovdqu x4, 4 * 32(rio); \                
594         vmovdqu x5, 5 * 32(rio); \                
595         vmovdqu x6, 6 * 32(rio); \                
596         vmovdqu x7, 7 * 32(rio); \                
597         vmovdqu y0, 8 * 32(rio); \                
598         vmovdqu y1, 9 * 32(rio); \                
599         vmovdqu y2, 10 * 32(rio); \               
600         vmovdqu y3, 11 * 32(rio); \               
601         vmovdqu y4, 12 * 32(rio); \               
602         vmovdqu y5, 13 * 32(rio); \               
603         vmovdqu y6, 14 * 32(rio); \               
604         vmovdqu y7, 15 * 32(rio);                 
605                                                   
606                                                   
607 .section        .rodata.cst32.shufb_16x16b, "a    
608 .align 32                                         
609 #define SHUFB_BYTES(idx) \                        
610         0 + (idx), 4 + (idx), 8 + (idx), 12 +     
611 .Lshufb_16x16b:                                   
612         .byte SHUFB_BYTES(0), SHUFB_BYTES(1),     
613         .byte SHUFB_BYTES(0), SHUFB_BYTES(1),     
614                                                   
615 .section        .rodata.cst32.pack_bswap, "aM"    
616 .align 32                                         
617 .Lpack_bswap:                                     
618         .long 0x00010203, 0x04050607, 0x808080    
619         .long 0x00010203, 0x04050607, 0x808080    
620                                                   
621 /* NB: section is mergeable, all elements must    
622 .section        .rodata.cst16, "aM", @progbits    
623 .align 16                                         
624                                                   
625 /*                                                
626  * pre-SubByte transform                          
627  *                                                
628  * pre-lookup for sbox1, sbox2, sbox3:            
629  *   swap_bitendianness(                          
630  *       isom_map_camellia_to_aes(                
631  *           camellia_f(                          
632  *               swap_bitendianess(in)            
633  *           )                                    
634  *       )                                        
635  *   )                                            
636  *                                                
637  * (note: '⊕ 0xc5' inside camellia_f())         
638  */                                               
639 .Lpre_tf_lo_s1:                                   
640         .byte 0x45, 0xe8, 0x40, 0xed, 0x2e, 0x    
641         .byte 0x4b, 0xe6, 0x4e, 0xe3, 0x20, 0x    
642 .Lpre_tf_hi_s1:                                   
643         .byte 0x00, 0x51, 0xf1, 0xa0, 0x8a, 0x    
644         .byte 0x09, 0x58, 0xf8, 0xa9, 0x83, 0x    
645                                                   
646 /*                                                
647  * pre-SubByte transform                          
648  *                                                
649  * pre-lookup for sbox4:                          
650  *   swap_bitendianness(                          
651  *       isom_map_camellia_to_aes(                
652  *           camellia_f(                          
653  *               swap_bitendianess(in <<< 1)      
654  *           )                                    
655  *       )                                        
656  *   )                                            
657  *                                                
658  * (note: '⊕ 0xc5' inside camellia_f())         
659  */                                               
660 .Lpre_tf_lo_s4:                                   
661         .byte 0x45, 0x40, 0x2e, 0x2b, 0x4b, 0x    
662         .byte 0x14, 0x11, 0x7f, 0x7a, 0x1a, 0x    
663 .Lpre_tf_hi_s4:                                   
664         .byte 0x00, 0xf1, 0x8a, 0x7b, 0x09, 0x    
665         .byte 0xad, 0x5c, 0x27, 0xd6, 0xa4, 0x    
666                                                   
667 /*                                                
668  * post-SubByte transform                         
669  *                                                
670  * post-lookup for sbox1, sbox4:                  
671  *  swap_bitendianness(                           
672  *      camellia_h(                               
673  *          isom_map_aes_to_camellia(             
674  *              swap_bitendianness(               
675  *                  aes_inverse_affine_transfo    
676  *              )                                 
677  *          )                                     
678  *      )                                         
679  *  )                                             
680  *                                                
681  * (note: '⊕ 0x6e' inside camellia_h())         
682  */                                               
683 .Lpost_tf_lo_s1:                                  
684         .byte 0x3c, 0xcc, 0xcf, 0x3f, 0x32, 0x    
685         .byte 0xdc, 0x2c, 0x2f, 0xdf, 0xd2, 0x    
686 .Lpost_tf_hi_s1:                                  
687         .byte 0x00, 0xf9, 0x86, 0x7f, 0xd7, 0x    
688         .byte 0xa4, 0x5d, 0x22, 0xdb, 0x73, 0x    
689                                                   
690 /*                                                
691  * post-SubByte transform                         
692  *                                                
693  * post-lookup for sbox2:                         
694  *  swap_bitendianness(                           
695  *      camellia_h(                               
696  *          isom_map_aes_to_camellia(             
697  *              swap_bitendianness(               
698  *                  aes_inverse_affine_transfo    
699  *              )                                 
700  *          )                                     
701  *      )                                         
702  *  ) <<< 1                                       
703  *                                                
704  * (note: '⊕ 0x6e' inside camellia_h())         
705  */                                               
706 .Lpost_tf_lo_s2:                                  
707         .byte 0x78, 0x99, 0x9f, 0x7e, 0x64, 0x    
708         .byte 0xb9, 0x58, 0x5e, 0xbf, 0xa5, 0x    
709 .Lpost_tf_hi_s2:                                  
710         .byte 0x00, 0xf3, 0x0d, 0xfe, 0xaf, 0x    
711         .byte 0x49, 0xba, 0x44, 0xb7, 0xe6, 0x    
712                                                   
713 /*                                                
714  * post-SubByte transform                         
715  *                                                
716  * post-lookup for sbox3:                         
717  *  swap_bitendianness(                           
718  *      camellia_h(                               
719  *          isom_map_aes_to_camellia(             
720  *              swap_bitendianness(               
721  *                  aes_inverse_affine_transfo    
722  *              )                                 
723  *          )                                     
724  *      )                                         
725  *  ) >>> 1                                       
726  *                                                
727  * (note: '⊕ 0x6e' inside camellia_h())         
728  */                                               
729 .Lpost_tf_lo_s3:                                  
730         .byte 0x1e, 0x66, 0xe7, 0x9f, 0x19, 0x    
731         .byte 0x6e, 0x16, 0x97, 0xef, 0x69, 0x    
732 .Lpost_tf_hi_s3:                                  
733         .byte 0x00, 0xfc, 0x43, 0xbf, 0xeb, 0x    
734         .byte 0x52, 0xae, 0x11, 0xed, 0xb9, 0x    
735                                                   
736 /* For isolating SubBytes from AESENCLAST, inv    
737 .Linv_shift_row:                                  
738         .byte 0x00, 0x0d, 0x0a, 0x07, 0x04, 0x    
739         .byte 0x08, 0x05, 0x02, 0x0f, 0x0c, 0x    
740                                                   
741 .section        .rodata.cst4.L0f0f0f0f, "aM",     
742 .align 4                                          
743 /* 4-bit mask */                                  
744 .L0f0f0f0f:                                       
745         .long 0x0f0f0f0f                          
746                                                   
747 .text                                             
748                                                   
749 SYM_FUNC_START_LOCAL(__camellia_enc_blk32)        
750         /* input:                                 
751          *      %rdi: ctx, CTX                    
752          *      %rax: temporary storage, 512 b    
753          *      %ymm0..%ymm15: 32 plaintext bl    
754          * output:                                
755          *      %ymm0..%ymm15: 32 encrypted bl    
756          *       7, 8, 6, 5, 4, 3, 2, 1, 0, 15    
757          */                                       
758         FRAME_BEGIN                               
759                                                   
760         leaq 8 * 32(%rax), %rcx;                  
761                                                   
762         inpack32_post(%ymm0, %ymm1, %ymm2, %ym    
763                       %ymm8, %ymm9, %ymm10, %y    
764                       %ymm15, %rax, %rcx);        
765                                                   
766         enc_rounds32(%ymm0, %ymm1, %ymm2, %ymm    
767                      %ymm8, %ymm9, %ymm10, %ym    
768                      %ymm15, %rax, %rcx, 0);      
769                                                   
770         fls32(%rax, %ymm0, %ymm1, %ymm2, %ymm3    
771               %rcx, %ymm8, %ymm9, %ymm10, %ymm    
772               %ymm15,                             
773               ((key_table + (8) * 8) + 0)(CTX)    
774               ((key_table + (8) * 8) + 4)(CTX)    
775               ((key_table + (8) * 8) + 8)(CTX)    
776               ((key_table + (8) * 8) + 12)(CTX    
777                                                   
778         enc_rounds32(%ymm0, %ymm1, %ymm2, %ymm    
779                      %ymm8, %ymm9, %ymm10, %ym    
780                      %ymm15, %rax, %rcx, 8);      
781                                                   
782         fls32(%rax, %ymm0, %ymm1, %ymm2, %ymm3    
783               %rcx, %ymm8, %ymm9, %ymm10, %ymm    
784               %ymm15,                             
785               ((key_table + (16) * 8) + 0)(CTX    
786               ((key_table + (16) * 8) + 4)(CTX    
787               ((key_table + (16) * 8) + 8)(CTX    
788               ((key_table + (16) * 8) + 12)(CT    
789                                                   
790         enc_rounds32(%ymm0, %ymm1, %ymm2, %ymm    
791                      %ymm8, %ymm9, %ymm10, %ym    
792                      %ymm15, %rax, %rcx, 16);     
793                                                   
794         movl $24, %r8d;                           
795         cmpl $16, key_length(CTX);                
796         jne .Lenc_max32;                          
797                                                   
798 .Lenc_done:                                       
799         /* load CD for output */                  
800         vmovdqu 0 * 32(%rcx), %ymm8;              
801         vmovdqu 1 * 32(%rcx), %ymm9;              
802         vmovdqu 2 * 32(%rcx), %ymm10;             
803         vmovdqu 3 * 32(%rcx), %ymm11;             
804         vmovdqu 4 * 32(%rcx), %ymm12;             
805         vmovdqu 5 * 32(%rcx), %ymm13;             
806         vmovdqu 6 * 32(%rcx), %ymm14;             
807         vmovdqu 7 * 32(%rcx), %ymm15;             
808                                                   
809         outunpack32(%ymm0, %ymm1, %ymm2, %ymm3    
810                     %ymm8, %ymm9, %ymm10, %ymm    
811                     %ymm15, (key_table)(CTX, %    
812                                                   
813         FRAME_END                                 
814         RET;                                      
815                                                   
816 .align 8                                          
817 .Lenc_max32:                                      
818         movl $32, %r8d;                           
819                                                   
820         fls32(%rax, %ymm0, %ymm1, %ymm2, %ymm3    
821               %rcx, %ymm8, %ymm9, %ymm10, %ymm    
822               %ymm15,                             
823               ((key_table + (24) * 8) + 0)(CTX    
824               ((key_table + (24) * 8) + 4)(CTX    
825               ((key_table + (24) * 8) + 8)(CTX    
826               ((key_table + (24) * 8) + 12)(CT    
827                                                   
828         enc_rounds32(%ymm0, %ymm1, %ymm2, %ymm    
829                      %ymm8, %ymm9, %ymm10, %ym    
830                      %ymm15, %rax, %rcx, 24);     
831                                                   
832         jmp .Lenc_done;                           
833 SYM_FUNC_END(__camellia_enc_blk32)                
834                                                   
835 SYM_FUNC_START_LOCAL(__camellia_dec_blk32)        
836         /* input:                                 
837          *      %rdi: ctx, CTX                    
838          *      %rax: temporary storage, 512 b    
839          *      %r8d: 24 for 16 byte key, 32 f    
840          *      %ymm0..%ymm15: 16 encrypted bl    
841          * output:                                
842          *      %ymm0..%ymm15: 16 plaintext bl    
843          *       7, 8, 6, 5, 4, 3, 2, 1, 0, 15    
844          */                                       
845         FRAME_BEGIN                               
846                                                   
847         leaq 8 * 32(%rax), %rcx;                  
848                                                   
849         inpack32_post(%ymm0, %ymm1, %ymm2, %ym    
850                       %ymm8, %ymm9, %ymm10, %y    
851                       %ymm15, %rax, %rcx);        
852                                                   
853         cmpl $32, %r8d;                           
854         je .Ldec_max32;                           
855                                                   
856 .Ldec_max24:                                      
857         dec_rounds32(%ymm0, %ymm1, %ymm2, %ymm    
858                      %ymm8, %ymm9, %ymm10, %ym    
859                      %ymm15, %rax, %rcx, 16);     
860                                                   
861         fls32(%rax, %ymm0, %ymm1, %ymm2, %ymm3    
862               %rcx, %ymm8, %ymm9, %ymm10, %ymm    
863               %ymm15,                             
864               ((key_table + (16) * 8) + 8)(CTX    
865               ((key_table + (16) * 8) + 12)(CT    
866               ((key_table + (16) * 8) + 0)(CTX    
867               ((key_table + (16) * 8) + 4)(CTX    
868                                                   
869         dec_rounds32(%ymm0, %ymm1, %ymm2, %ymm    
870                      %ymm8, %ymm9, %ymm10, %ym    
871                      %ymm15, %rax, %rcx, 8);      
872                                                   
873         fls32(%rax, %ymm0, %ymm1, %ymm2, %ymm3    
874               %rcx, %ymm8, %ymm9, %ymm10, %ymm    
875               %ymm15,                             
876               ((key_table + (8) * 8) + 8)(CTX)    
877               ((key_table + (8) * 8) + 12)(CTX    
878               ((key_table + (8) * 8) + 0)(CTX)    
879               ((key_table + (8) * 8) + 4)(CTX)    
880                                                   
881         dec_rounds32(%ymm0, %ymm1, %ymm2, %ymm    
882                      %ymm8, %ymm9, %ymm10, %ym    
883                      %ymm15, %rax, %rcx, 0);      
884                                                   
885         /* load CD for output */                  
886         vmovdqu 0 * 32(%rcx), %ymm8;              
887         vmovdqu 1 * 32(%rcx), %ymm9;              
888         vmovdqu 2 * 32(%rcx), %ymm10;             
889         vmovdqu 3 * 32(%rcx), %ymm11;             
890         vmovdqu 4 * 32(%rcx), %ymm12;             
891         vmovdqu 5 * 32(%rcx), %ymm13;             
892         vmovdqu 6 * 32(%rcx), %ymm14;             
893         vmovdqu 7 * 32(%rcx), %ymm15;             
894                                                   
895         outunpack32(%ymm0, %ymm1, %ymm2, %ymm3    
896                     %ymm8, %ymm9, %ymm10, %ymm    
897                     %ymm15, (key_table)(CTX),     
898                                                   
899         FRAME_END                                 
900         RET;                                      
901                                                   
902 .align 8                                          
903 .Ldec_max32:                                      
904         dec_rounds32(%ymm0, %ymm1, %ymm2, %ymm    
905                      %ymm8, %ymm9, %ymm10, %ym    
906                      %ymm15, %rax, %rcx, 24);     
907                                                   
908         fls32(%rax, %ymm0, %ymm1, %ymm2, %ymm3    
909               %rcx, %ymm8, %ymm9, %ymm10, %ymm    
910               %ymm15,                             
911               ((key_table + (24) * 8) + 8)(CTX    
912               ((key_table + (24) * 8) + 12)(CT    
913               ((key_table + (24) * 8) + 0)(CTX    
914               ((key_table + (24) * 8) + 4)(CTX    
915                                                   
916         jmp .Ldec_max24;                          
917 SYM_FUNC_END(__camellia_dec_blk32)                
918                                                   
919 SYM_FUNC_START(camellia_ecb_enc_32way)            
920         /* input:                                 
921          *      %rdi: ctx, CTX                    
922          *      %rsi: dst (32 blocks)             
923          *      %rdx: src (32 blocks)             
924          */                                       
925         FRAME_BEGIN                               
926                                                   
927         vzeroupper;                               
928                                                   
929         inpack32_pre(%ymm0, %ymm1, %ymm2, %ymm    
930                      %ymm8, %ymm9, %ymm10, %ym    
931                      %ymm15, %rdx, (key_table)    
932                                                   
933         /* now dst can be used as temporary bu    
934         movq    %rsi, %rax;                       
935                                                   
936         call __camellia_enc_blk32;                
937                                                   
938         write_output(%ymm7, %ymm6, %ymm5, %ymm    
939                      %ymm15, %ymm14, %ymm13, %    
940                      %ymm8, %rsi);                
941                                                   
942         vzeroupper;                               
943                                                   
944         FRAME_END                                 
945         RET;                                      
946 SYM_FUNC_END(camellia_ecb_enc_32way)              
947                                                   
948 SYM_FUNC_START(camellia_ecb_dec_32way)            
949         /* input:                                 
950          *      %rdi: ctx, CTX                    
951          *      %rsi: dst (32 blocks)             
952          *      %rdx: src (32 blocks)             
953          */                                       
954         FRAME_BEGIN                               
955                                                   
956         vzeroupper;                               
957                                                   
958         cmpl $16, key_length(CTX);                
959         movl $32, %r8d;                           
960         movl $24, %eax;                           
961         cmovel %eax, %r8d; /* max */              
962                                                   
963         inpack32_pre(%ymm0, %ymm1, %ymm2, %ymm    
964                      %ymm8, %ymm9, %ymm10, %ym    
965                      %ymm15, %rdx, (key_table)    
966                                                   
967         /* now dst can be used as temporary bu    
968         movq    %rsi, %rax;                       
969                                                   
970         call __camellia_dec_blk32;                
971                                                   
972         write_output(%ymm7, %ymm6, %ymm5, %ymm    
973                      %ymm15, %ymm14, %ymm13, %    
974                      %ymm8, %rsi);                
975                                                   
976         vzeroupper;                               
977                                                   
978         FRAME_END                                 
979         RET;                                      
980 SYM_FUNC_END(camellia_ecb_dec_32way)              
981                                                   
982 SYM_FUNC_START(camellia_cbc_dec_32way)            
983         /* input:                                 
984          *      %rdi: ctx, CTX                    
985          *      %rsi: dst (32 blocks)             
986          *      %rdx: src (32 blocks)             
987          */                                       
988         FRAME_BEGIN                               
989         subq $(16 * 32), %rsp;                    
990                                                   
991         vzeroupper;                               
992                                                   
993         cmpl $16, key_length(CTX);                
994         movl $32, %r8d;                           
995         movl $24, %eax;                           
996         cmovel %eax, %r8d; /* max */              
997                                                   
998         inpack32_pre(%ymm0, %ymm1, %ymm2, %ymm    
999                      %ymm8, %ymm9, %ymm10, %ym    
1000                      %ymm15, %rdx, (key_table    
1001                                                  
1002         cmpq %rsi, %rdx;                         
1003         je .Lcbc_dec_use_stack;                  
1004                                                  
1005         /* dst can be used as temporary stora    
1006         movq %rsi, %rax;                         
1007         jmp .Lcbc_dec_continue;                  
1008                                                  
1009 .Lcbc_dec_use_stack:                             
1010         /*                                       
1011          * dst still in-use (because dst == s    
1012          * storage.                              
1013          */                                      
1014         movq %rsp, %rax;                         
1015                                                  
1016 .Lcbc_dec_continue:                              
1017         call __camellia_dec_blk32;               
1018                                                  
1019         vmovdqu %ymm7, (%rax);                   
1020         vpxor %ymm7, %ymm7, %ymm7;               
1021         vinserti128 $1, (%rdx), %ymm7, %ymm7;    
1022         vpxor (%rax), %ymm7, %ymm7;              
1023         vpxor (0 * 32 + 16)(%rdx), %ymm6, %ym    
1024         vpxor (1 * 32 + 16)(%rdx), %ymm5, %ym    
1025         vpxor (2 * 32 + 16)(%rdx), %ymm4, %ym    
1026         vpxor (3 * 32 + 16)(%rdx), %ymm3, %ym    
1027         vpxor (4 * 32 + 16)(%rdx), %ymm2, %ym    
1028         vpxor (5 * 32 + 16)(%rdx), %ymm1, %ym    
1029         vpxor (6 * 32 + 16)(%rdx), %ymm0, %ym    
1030         vpxor (7 * 32 + 16)(%rdx), %ymm15, %y    
1031         vpxor (8 * 32 + 16)(%rdx), %ymm14, %y    
1032         vpxor (9 * 32 + 16)(%rdx), %ymm13, %y    
1033         vpxor (10 * 32 + 16)(%rdx), %ymm12, %    
1034         vpxor (11 * 32 + 16)(%rdx), %ymm11, %    
1035         vpxor (12 * 32 + 16)(%rdx), %ymm10, %    
1036         vpxor (13 * 32 + 16)(%rdx), %ymm9, %y    
1037         vpxor (14 * 32 + 16)(%rdx), %ymm8, %y    
1038         write_output(%ymm7, %ymm6, %ymm5, %ym    
1039                      %ymm15, %ymm14, %ymm13,     
1040                      %ymm8, %rsi);               
1041                                                  
1042         vzeroupper;                              
1043                                                  
1044         addq $(16 * 32), %rsp;                   
1045         FRAME_END                                
1046         RET;                                     
1047 SYM_FUNC_END(camellia_cbc_dec_32way)             
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php