eor3 $res1b, $ctr_t0b, $ctr0b, $t1.16b @ AES block 8k+8 - result
ext $t0.16b, $acc_lb, $acc_lb, #8 @ prepare final partial tag
- ldp $h6q, $h7q, [$current_tag, #160] @ load h6k | h5k
+ ldp $h6q, $h7q, [$current_tag, #160] @ load h6l | h6h
ext $h6.16b, $h6.16b, $h6.16b, #8
ext $h7.16b, $h7.16b, $h7.16b, #8
- ldp $h78kq, $h8q, [$current_tag, #192] @ load h7l | h7h
+ ldp $h78kq, $h8q, [$current_tag, #192] @ load h8k | h7k
ext $h8.16b, $h8.16b, $h8.16b, #8
cmp $main_end_input_ptr, #112
b.gt .L128_enc_blocks_more_than_7
st1 { $res1b}, [$output_ptr], #16 @ AES final-3 block - store result
- ldr $h4q, [$current_tag, #112] @ load h4l | h4h
+ ldr $h4q, [$current_tag, #112] @ load h4l | h4h
ext $h4.16b, $h4.16b, $h4.16b, #8
rev64 $res0b, $res1b @ GHASH final-3 block
movi $t0.8b, #0 @ supress further partial tag feed in
ins $rk4v.d[0], $res0.d[1] @ GHASH final-3 block - mid
- ldr $h34kq, [$current_tag, #96] @ load h4k | h3k
+ ldr $h34kq, [$current_tag, #96] @ load h4k | h3k
pmull $rk3q1, $res0.1d, $h4.1d @ GHASH final-3 block - low
ldr $ctr_t1q, [$input_ptr], #16 @ AES final-2 block - load plaintext
ldr $ctr_t1q, [$input_ptr], #16 @ AES final-1 block - load plaintext
ins $rk4v.d[0], $res0.d[1] @ GHASH final-2 block - mid
- ldr $h3q, [$current_tag, #80] @ load h3l | h3h
+ ldr $h3q, [$current_tag, #80] @ load h3l | h3h
ext $h3.16b, $h3.16b, $h3.16b, #8
movi $t0.8b, #0 @ supress further partial tag feed in
st1 { $res1b}, [$output_ptr], #16 @ AES final-1 block - store result
- ldr $h2q, [$current_tag, #64] @ load h2l | h2h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
rev64 $res0b, $res1b @ GHASH final-1 block
ldr $ctr_t1q, [$input_ptr], #16 @ AES final block - load plaintext
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-1 block - mid
- ldr $h12kq, [$current_tag, #48] @ load h2k | h1k
+ ldr $h12kq, [$current_tag, #48] @ load h2k | h1k
ins $rk4v.d[1], $rk4v.d[0] @ GHASH final-1 block - mid
ins $t0.d[0], $res0.d[1] @ GHASH final block - mid
eor $t0.8b, $t0.8b, $res0.8b @ GHASH final block - mid
- ldr $h1q, [$current_tag, #32] @ load h1l | h1h
+ ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
pmull $t0.1q, $t0.1d, $h12k.1d @ GHASH final block - mid
ldp $rk0q, $rk1q, [$cc, #0] @ load rk0, rk1
sub $main_end_input_ptr, $main_end_input_ptr, #1 @ byte_len - 1
- mov $constant_temp, #0x100000000 @ set up counter increment
+ mov $constant_temp, #0x100000000 @ set up counter increment
movi $rctr_inc.16b, #0x0
mov $rctr_inc.d[1], $constant_temp
ld1 { $acc_lb}, [$current_tag]
b.ge .L128_dec_prepretail @ do prepretail
.L128_dec_main_loop: @ main loop start
- ldr $h7q, [$current_tag, #176] @ load h7l | h7h
+ ldr $h7q, [$current_tag, #176] @ load h7l | h7h
ext $h7.16b, $h7.16b, $h7.16b, #8
- ldr $h8q, [$current_tag, #208] @ load h7l | h7h
+ ldr $h8q, [$current_tag, #208] @ load h8l | h8h
ext $h8.16b, $h8.16b, $h8.16b, #8
rev64 $res1b, $res1b @ GHASH block 8k+1
rev32 $ctr6.16b, $rtmp_ctr.16b @ CTR block 8k+14
add $rtmp_ctr.4s, $rtmp_ctr.4s, $rctr_inc.4s @ CTR block 8k+14
ldr $h56kq, [$current_tag, #144] @ load h6k | h5k
- ldr $h78kq, [$current_tag, #192] @ load h6k | h5k
+ ldr $h78kq, [$current_tag, #192] @ load h8k | h7k
pmull2 $t0.1q, $res1.2d, $h7.2d @ GHASH block 8k+1 - high
pmull2 $acc_h.1q, $res0.2d, $h8.2d @ GHASH block 8k - high
trn1 $t3.2d, $res3.2d, $res2.2d @ GHASH block 8k+2, 8k+3 - mid
aese $ctr7b, $rk1 \n aesmc $ctr7b, $ctr7b @ AES block 8k+15 - round 1
- pmull $h6.1q, $res2.1d, $h6.1d @ GHASH block 8k+2 - low
+ pmull $h6.1q, $res2.1d, $h6.1d @ GHASH block 8k+2 - low
trn2 $res2.2d, $res3.2d, $res2.2d @ GHASH block 8k+2, 8k+3 - mid
pmull2 $acc_m.1q, $res0.2d, $h78k.2d @ GHASH block 8k - mid
eor $res2.16b, $res2.16b, $t3.16b @ GHASH block 8k+2, 8k+3 - mid
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
eor $acc_mb, $acc_mb, $h78k.16b @ GHASH block 8k+1 - mid
rev64 $res0b, $res0b @ GHASH block 8k
rev64 $res2b, $res2b @ GHASH block 8k+2
- rev32 $ctr5.16b, $rtmp_ctr.16b @ CTR block 8k+13
+ rev32 $ctr5.16b, $rtmp_ctr.16b @ CTR block 8k+13
ldp $rk0q, $rk1q, [$cc, #0] @ load rk0, rk1
ldr $h7q, [$current_tag, #176] @ load h7l | h7h
rev64 $res6b, $res6b @ GHASH block 8k+6
ldr $h56kq, [$current_tag, #144] @ load h6k | h5k
- ldr $h78kq, [$current_tag, #192] @ load h6k | h5k
+ ldr $h78kq, [$current_tag, #192] @ load h8k | h7k
rev32 $ctr6.16b, $rtmp_ctr.16b @ CTR block 8k+14
add $rtmp_ctr.4s, $rtmp_ctr.4s, $rctr_inc.4s @ CTR block 8k+14
aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 8k+9 - round 0
aese $ctr5b, $rk0 \n aesmc $ctr5b, $ctr5b @ AES block 8k+13 - round 0
- pmull2 $acc_m.1q, $res0.2d, $h78k.2d @ GHASH block 8k - mid
+ pmull2 $acc_m.1q, $res0.2d, $h78k.2d @ GHASH block 8k - mid
pmull $h78k.1q, $res0.1d, $h78k.1d @ GHASH block 8k+1 - mid
pmull $h5.1q, $res3.1d, $h5.1d @ GHASH block 8k+3 - low
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
eor3 $acc_mb, $acc_mb, $h56k.16b, $t3.16b @ GHASH block 8k+2, 8k+3 - mid
cmp $main_end_input_ptr, #112
- ldp $h78kq, $h8q, [$current_tag, #192] @ load h7l | h7h
+ ldp $h78kq, $h8q, [$current_tag, #192] @ load h8k | h7k
ext $h8.16b, $h8.16b, $h8.16b, #8
ldr $res1q, [$input_ptr], #16 @ AES block 8k+8 - load ciphertext
ext $h5.16b, $h5.16b, $h5.16b, #8
ext $t0.16b, $acc_lb, $acc_lb, #8 @ prepare final partial tag
- ldp $h6q, $h7q, [$current_tag, #160] @ load h6k | h5k
+ ldp $h6q, $h7q, [$current_tag, #160] @ load h6l | h6h
ext $h6.16b, $h6.16b, $h6.16b, #8
ext $h7.16b, $h7.16b, $h7.16b, #8
st1 { $res4b}, [$output_ptr], #16 @ AES final-1 block - store result
rev64 $res0b, $res1b @ GHASH final-1 block
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
eor $res0b, $res0b, $t0.16b @ feed in partial tag
aese $ctr5b, $rk4 \n aesmc $ctr5b, $ctr5b @ AES block 5 - round 4
aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 5
- ldp $rk6q, $rk7q, [$cc, #96] @ load rk6, rk7
+ ldp $rk6q, $rk7q, [$cc, #96] @ load rk6, rk7
aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 5
aese $ctr4b, $rk5 \n aesmc $ctr4b, $ctr4b @ AES block 4 - round 5
ldr $h4q, [$current_tag, #112] @ load h4l | h4h
ext $h4.16b, $h4.16b, $h4.16b, #8
- pmull2 $acc_m.1q, $res0.2d, $h78k.2d @ GHASH block 8k - mid
+ pmull2 $acc_m.1q, $res0.2d, $h78k.2d @ GHASH block 8k - mid
pmull $h78k.1q, $res0.1d, $h78k.1d @ GHASH block 8k+1 - mid
pmull $h5.1q, $res3.1d, $h5.1d @ GHASH block 8k+3 - low
aese $ctr4b, $rk5 \n aesmc $ctr4b, $ctr4b @ AES block 8k+12 - round 5
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
ldp $rk6q, $rk7q, [$cc, #96] @ load rk6, rk7
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
aese $ctr4b, $rk3 \n aesmc $ctr4b, $ctr4b @ AES block 8k+12 - round 3
rev64 $res4b, $res4b @ GHASH block 8k+4 (t0, t1, and t2 free)
ldr $ctr_t0q, [$input_ptr], #16 @ AES block 8k+8 - l3ad plaintext
- ldp $h78kq, $h8q, [$current_tag, #192] @ load h8l | h8h
+ ldp $h78kq, $h8q, [$current_tag, #192] @ load h8k | h7k
ext $h8.16b, $h8.16b, $h8.16b, #8
mov $t1.16b, $rk12
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 8k+11 - round 5
aese $ctr5b, $rk5 \n aesmc $ctr5b, $ctr5b @ AES block 8k+13 - round 5
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
eor $acc_mb, $acc_mb, $h78k.16b @ GHASH block 8k+1 - mid
aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 8k+10 - round 3
ext $h5.16b, $h5.16b, $h5.16b, #8
ldr $res1q, [$input_ptr], #16 @ AES block 8k+8 - load ciphertext
- ldp $h78kq, $h8q, [$current_tag, #192] @ load h8l | h8h
+ ldp $h78kq, $h8q, [$current_tag, #192] @ load h8k | h7k
ext $h8.16b, $h8.16b, $h8.16b, #8
mov $t1.16b, $rk12
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 8k+10 - round 7
eor3 $acc_mb, $acc_mb, $h56k.16b, $t3.16b @ GHASH block 8k+2, 8k+3 - mid
pmull $h4.1q, $res4.1d, $h4.1d @ GHASH block 8k+4 - low
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
ldp $rk8q, $rk9q, [$cc, #128] @ load rk8, rk9
ins $rk4v.d[1], $rk4v.d[0] @ GHASH final-5 block - mid
ldr $ctr_t1q, [$input_ptr], #16 @ AES final-4 block - load plaintext
- pmull $rk3q1, $res0.1d, $h6.1d @ GHASH final-5 block - low
+ pmull $rk3q1, $res0.1d, $h6.1d @ GHASH final-5 block - low
pmull2 $rk4v.1q, $rk4v.2d, $h56k.2d @ GHASH final-5 block - mid
movi $t0.8b, #0 @ supress further partial tag feed in
st1 { $res1b}, [$output_ptr], #16 @ AES final-1 block - store result
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
rev64 $res0b, $res1b @ GHASH final-1 block
ldr $ctr_t1q, [$input_ptr], #16 @ AES final block - load plaintext
aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 2
aese $ctr4b, $rk2 \n aesmc $ctr4b, $ctr4b @ AES block 4 - round 2
- ldp $rk4q, $rk5q, [$cc, #64] @ load rk4, rk5
+ ldp $rk4q, $rk5q, [$cc, #64] @ load rk4, rk5
aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 3
aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 3
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
eor3 $acc_mb, $acc_mb, $h56k.16b, $t3.16b @ GHASH block 8k+2, 8k+3 - mid
aese $ctr7b, $rk7 \n aesmc $ctr7b, $ctr7b @ AES block 8k+15 - round 7
eor3 $acc_lb, $acc_lb, $h6.16b, $h5.16b @ GHASH block 8k+2, 8k+3 - low
ldr $h1q, [$current_tag, #32] @ load h1l | h1h
ext $h1.16b, $h1.16b, $h1.16b, #8
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
aese $ctr7b, $rk4 \n aesmc $ctr7b, $ctr7b @ AES block 8k+15 - round 4
ldr $res1q, [$input_ptr], #16 @ AES block 8k+8 - load ciphertext
- ldp $h78kq, $h8q, [$current_tag, #192] @ load h8l | h8h
+ ldp $h78kq, $h8q, [$current_tag, #192] @ load h8k | h7k
ext $h8.16b, $h8.16b, $h8.16b, #8
mov $t1.16b, $rk14
eor $res0b, $res0b, $t0.16b @ feed in partial tag
ins $rk4v.d[0], $res0.d[1] @ GHASH final-1 block - mid
- ldr $h2q, [$current_tag, #64] @ load h1l | h1h
+ ldr $h2q, [$current_tag, #64] @ load h2l | h2h
ext $h2.16b, $h2.16b, $h2.16b, #8
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-1 block - mid
projects / thirdparty / openssl.git / commitdiff
