1*0957b409SSimon J. Gerraty /*
2*0957b409SSimon J. Gerraty * Copyright (c) 2017 Thomas Pornin <pornin@bolet.org>
3*0957b409SSimon J. Gerraty *
4*0957b409SSimon J. Gerraty * Permission is hereby granted, free of charge, to any person obtaining
5*0957b409SSimon J. Gerraty * a copy of this software and associated documentation files (the
6*0957b409SSimon J. Gerraty * "Software"), to deal in the Software without restriction, including
7*0957b409SSimon J. Gerraty * without limitation the rights to use, copy, modify, merge, publish,
8*0957b409SSimon J. Gerraty * distribute, sublicense, and/or sell copies of the Software, and to
9*0957b409SSimon J. Gerraty * permit persons to whom the Software is furnished to do so, subject to
10*0957b409SSimon J. Gerraty * the following conditions:
11*0957b409SSimon J. Gerraty *
12*0957b409SSimon J. Gerraty * The above copyright notice and this permission notice shall be
13*0957b409SSimon J. Gerraty * included in all copies or substantial portions of the Software.
14*0957b409SSimon J. Gerraty *
15*0957b409SSimon J. Gerraty * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16*0957b409SSimon J. Gerraty * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17*0957b409SSimon J. Gerraty * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18*0957b409SSimon J. Gerraty * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19*0957b409SSimon J. Gerraty * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20*0957b409SSimon J. Gerraty * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21*0957b409SSimon J. Gerraty * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22*0957b409SSimon J. Gerraty * SOFTWARE.
23*0957b409SSimon J. Gerraty */
24*0957b409SSimon J. Gerraty
25*0957b409SSimon J. Gerraty #define BR_POWER_ASM_MACROS 1
26*0957b409SSimon J. Gerraty #include "inner.h"
27*0957b409SSimon J. Gerraty
28*0957b409SSimon J. Gerraty #if BR_POWER8
29*0957b409SSimon J. Gerraty
30*0957b409SSimon J. Gerraty /* see bearssl_block.h */
31*0957b409SSimon J. Gerraty void
br_aes_pwr8_cbcenc_init(br_aes_pwr8_cbcenc_keys * ctx,const void * key,size_t len)32*0957b409SSimon J. Gerraty br_aes_pwr8_cbcenc_init(br_aes_pwr8_cbcenc_keys *ctx,
33*0957b409SSimon J. Gerraty const void *key, size_t len)
34*0957b409SSimon J. Gerraty {
35*0957b409SSimon J. Gerraty ctx->vtable = &br_aes_pwr8_cbcenc_vtable;
36*0957b409SSimon J. Gerraty ctx->num_rounds = br_aes_pwr8_keysched(ctx->skey.skni, key, len);
37*0957b409SSimon J. Gerraty }
38*0957b409SSimon J. Gerraty
39*0957b409SSimon J. Gerraty static void
cbcenc_128(const unsigned char * sk,const unsigned char * iv,unsigned char * buf,size_t len)40*0957b409SSimon J. Gerraty cbcenc_128(const unsigned char *sk,
41*0957b409SSimon J. Gerraty const unsigned char *iv, unsigned char *buf, size_t len)
42*0957b409SSimon J. Gerraty {
43*0957b409SSimon J. Gerraty long cc;
44*0957b409SSimon J. Gerraty
45*0957b409SSimon J. Gerraty #if BR_POWER8_LE
46*0957b409SSimon J. Gerraty static const uint32_t idx2be[] = {
47*0957b409SSimon J. Gerraty 0x03020100, 0x07060504, 0x0B0A0908, 0x0F0E0D0C
48*0957b409SSimon J. Gerraty };
49*0957b409SSimon J. Gerraty #endif
50*0957b409SSimon J. Gerraty
51*0957b409SSimon J. Gerraty cc = 0;
52*0957b409SSimon J. Gerraty asm volatile (
53*0957b409SSimon J. Gerraty
54*0957b409SSimon J. Gerraty /*
55*0957b409SSimon J. Gerraty * Load subkeys into v0..v10
56*0957b409SSimon J. Gerraty */
57*0957b409SSimon J. Gerraty lxvw4x(32, %[cc], %[sk])
58*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
59*0957b409SSimon J. Gerraty lxvw4x(33, %[cc], %[sk])
60*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
61*0957b409SSimon J. Gerraty lxvw4x(34, %[cc], %[sk])
62*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
63*0957b409SSimon J. Gerraty lxvw4x(35, %[cc], %[sk])
64*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
65*0957b409SSimon J. Gerraty lxvw4x(36, %[cc], %[sk])
66*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
67*0957b409SSimon J. Gerraty lxvw4x(37, %[cc], %[sk])
68*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
69*0957b409SSimon J. Gerraty lxvw4x(38, %[cc], %[sk])
70*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
71*0957b409SSimon J. Gerraty lxvw4x(39, %[cc], %[sk])
72*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
73*0957b409SSimon J. Gerraty lxvw4x(40, %[cc], %[sk])
74*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
75*0957b409SSimon J. Gerraty lxvw4x(41, %[cc], %[sk])
76*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
77*0957b409SSimon J. Gerraty lxvw4x(42, %[cc], %[sk])
78*0957b409SSimon J. Gerraty
79*0957b409SSimon J. Gerraty #if BR_POWER8_LE
80*0957b409SSimon J. Gerraty /*
81*0957b409SSimon J. Gerraty * v15 = constant for byteswapping words
82*0957b409SSimon J. Gerraty */
83*0957b409SSimon J. Gerraty lxvw4x(47, 0, %[idx2be])
84*0957b409SSimon J. Gerraty #endif
85*0957b409SSimon J. Gerraty /*
86*0957b409SSimon J. Gerraty * Load IV into v16.
87*0957b409SSimon J. Gerraty */
88*0957b409SSimon J. Gerraty lxvw4x(48, 0, %[iv])
89*0957b409SSimon J. Gerraty #if BR_POWER8_LE
90*0957b409SSimon J. Gerraty vperm(16, 16, 16, 15)
91*0957b409SSimon J. Gerraty #endif
92*0957b409SSimon J. Gerraty
93*0957b409SSimon J. Gerraty mtctr(%[num_blocks])
94*0957b409SSimon J. Gerraty label(loop)
95*0957b409SSimon J. Gerraty /*
96*0957b409SSimon J. Gerraty * Load next plaintext word and XOR with current IV.
97*0957b409SSimon J. Gerraty */
98*0957b409SSimon J. Gerraty lxvw4x(49, 0, %[buf])
99*0957b409SSimon J. Gerraty #if BR_POWER8_LE
100*0957b409SSimon J. Gerraty vperm(17, 17, 17, 15)
101*0957b409SSimon J. Gerraty #endif
102*0957b409SSimon J. Gerraty vxor(16, 16, 17)
103*0957b409SSimon J. Gerraty
104*0957b409SSimon J. Gerraty /*
105*0957b409SSimon J. Gerraty * Encrypt the block.
106*0957b409SSimon J. Gerraty */
107*0957b409SSimon J. Gerraty vxor(16, 16, 0)
108*0957b409SSimon J. Gerraty vcipher(16, 16, 1)
109*0957b409SSimon J. Gerraty vcipher(16, 16, 2)
110*0957b409SSimon J. Gerraty vcipher(16, 16, 3)
111*0957b409SSimon J. Gerraty vcipher(16, 16, 4)
112*0957b409SSimon J. Gerraty vcipher(16, 16, 5)
113*0957b409SSimon J. Gerraty vcipher(16, 16, 6)
114*0957b409SSimon J. Gerraty vcipher(16, 16, 7)
115*0957b409SSimon J. Gerraty vcipher(16, 16, 8)
116*0957b409SSimon J. Gerraty vcipher(16, 16, 9)
117*0957b409SSimon J. Gerraty vcipherlast(16, 16, 10)
118*0957b409SSimon J. Gerraty
119*0957b409SSimon J. Gerraty /*
120*0957b409SSimon J. Gerraty * Store back result (with byteswap)
121*0957b409SSimon J. Gerraty */
122*0957b409SSimon J. Gerraty #if BR_POWER8_LE
123*0957b409SSimon J. Gerraty vperm(17, 16, 16, 15)
124*0957b409SSimon J. Gerraty stxvw4x(49, 0, %[buf])
125*0957b409SSimon J. Gerraty #else
126*0957b409SSimon J. Gerraty stxvw4x(48, 0, %[buf])
127*0957b409SSimon J. Gerraty #endif
128*0957b409SSimon J. Gerraty addi(%[buf], %[buf], 16)
129*0957b409SSimon J. Gerraty
130*0957b409SSimon J. Gerraty bdnz(loop)
131*0957b409SSimon J. Gerraty
132*0957b409SSimon J. Gerraty : [cc] "+b" (cc), [buf] "+b" (buf)
133*0957b409SSimon J. Gerraty : [sk] "b" (sk), [iv] "b" (iv), [num_blocks] "b" (len >> 4)
134*0957b409SSimon J. Gerraty #if BR_POWER8_LE
135*0957b409SSimon J. Gerraty , [idx2be] "b" (idx2be)
136*0957b409SSimon J. Gerraty #endif
137*0957b409SSimon J. Gerraty : "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9",
138*0957b409SSimon J. Gerraty "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19",
139*0957b409SSimon J. Gerraty "ctr", "memory"
140*0957b409SSimon J. Gerraty );
141*0957b409SSimon J. Gerraty }
142*0957b409SSimon J. Gerraty
143*0957b409SSimon J. Gerraty static void
cbcenc_192(const unsigned char * sk,const unsigned char * iv,unsigned char * buf,size_t len)144*0957b409SSimon J. Gerraty cbcenc_192(const unsigned char *sk,
145*0957b409SSimon J. Gerraty const unsigned char *iv, unsigned char *buf, size_t len)
146*0957b409SSimon J. Gerraty {
147*0957b409SSimon J. Gerraty long cc;
148*0957b409SSimon J. Gerraty
149*0957b409SSimon J. Gerraty #if BR_POWER8_LE
150*0957b409SSimon J. Gerraty static const uint32_t idx2be[] = {
151*0957b409SSimon J. Gerraty 0x03020100, 0x07060504, 0x0B0A0908, 0x0F0E0D0C
152*0957b409SSimon J. Gerraty };
153*0957b409SSimon J. Gerraty #endif
154*0957b409SSimon J. Gerraty
155*0957b409SSimon J. Gerraty cc = 0;
156*0957b409SSimon J. Gerraty asm volatile (
157*0957b409SSimon J. Gerraty
158*0957b409SSimon J. Gerraty /*
159*0957b409SSimon J. Gerraty * Load subkeys into v0..v12
160*0957b409SSimon J. Gerraty */
161*0957b409SSimon J. Gerraty lxvw4x(32, %[cc], %[sk])
162*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
163*0957b409SSimon J. Gerraty lxvw4x(33, %[cc], %[sk])
164*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
165*0957b409SSimon J. Gerraty lxvw4x(34, %[cc], %[sk])
166*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
167*0957b409SSimon J. Gerraty lxvw4x(35, %[cc], %[sk])
168*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
169*0957b409SSimon J. Gerraty lxvw4x(36, %[cc], %[sk])
170*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
171*0957b409SSimon J. Gerraty lxvw4x(37, %[cc], %[sk])
172*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
173*0957b409SSimon J. Gerraty lxvw4x(38, %[cc], %[sk])
174*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
175*0957b409SSimon J. Gerraty lxvw4x(39, %[cc], %[sk])
176*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
177*0957b409SSimon J. Gerraty lxvw4x(40, %[cc], %[sk])
178*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
179*0957b409SSimon J. Gerraty lxvw4x(41, %[cc], %[sk])
180*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
181*0957b409SSimon J. Gerraty lxvw4x(42, %[cc], %[sk])
182*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
183*0957b409SSimon J. Gerraty lxvw4x(43, %[cc], %[sk])
184*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
185*0957b409SSimon J. Gerraty lxvw4x(44, %[cc], %[sk])
186*0957b409SSimon J. Gerraty
187*0957b409SSimon J. Gerraty #if BR_POWER8_LE
188*0957b409SSimon J. Gerraty /*
189*0957b409SSimon J. Gerraty * v15 = constant for byteswapping words
190*0957b409SSimon J. Gerraty */
191*0957b409SSimon J. Gerraty lxvw4x(47, 0, %[idx2be])
192*0957b409SSimon J. Gerraty #endif
193*0957b409SSimon J. Gerraty /*
194*0957b409SSimon J. Gerraty * Load IV into v16.
195*0957b409SSimon J. Gerraty */
196*0957b409SSimon J. Gerraty lxvw4x(48, 0, %[iv])
197*0957b409SSimon J. Gerraty #if BR_POWER8_LE
198*0957b409SSimon J. Gerraty vperm(16, 16, 16, 15)
199*0957b409SSimon J. Gerraty #endif
200*0957b409SSimon J. Gerraty
201*0957b409SSimon J. Gerraty mtctr(%[num_blocks])
202*0957b409SSimon J. Gerraty label(loop)
203*0957b409SSimon J. Gerraty /*
204*0957b409SSimon J. Gerraty * Load next plaintext word and XOR with current IV.
205*0957b409SSimon J. Gerraty */
206*0957b409SSimon J. Gerraty lxvw4x(49, 0, %[buf])
207*0957b409SSimon J. Gerraty #if BR_POWER8_LE
208*0957b409SSimon J. Gerraty vperm(17, 17, 17, 15)
209*0957b409SSimon J. Gerraty #endif
210*0957b409SSimon J. Gerraty vxor(16, 16, 17)
211*0957b409SSimon J. Gerraty
212*0957b409SSimon J. Gerraty /*
213*0957b409SSimon J. Gerraty * Encrypt the block.
214*0957b409SSimon J. Gerraty */
215*0957b409SSimon J. Gerraty vxor(16, 16, 0)
216*0957b409SSimon J. Gerraty vcipher(16, 16, 1)
217*0957b409SSimon J. Gerraty vcipher(16, 16, 2)
218*0957b409SSimon J. Gerraty vcipher(16, 16, 3)
219*0957b409SSimon J. Gerraty vcipher(16, 16, 4)
220*0957b409SSimon J. Gerraty vcipher(16, 16, 5)
221*0957b409SSimon J. Gerraty vcipher(16, 16, 6)
222*0957b409SSimon J. Gerraty vcipher(16, 16, 7)
223*0957b409SSimon J. Gerraty vcipher(16, 16, 8)
224*0957b409SSimon J. Gerraty vcipher(16, 16, 9)
225*0957b409SSimon J. Gerraty vcipher(16, 16, 10)
226*0957b409SSimon J. Gerraty vcipher(16, 16, 11)
227*0957b409SSimon J. Gerraty vcipherlast(16, 16, 12)
228*0957b409SSimon J. Gerraty
229*0957b409SSimon J. Gerraty /*
230*0957b409SSimon J. Gerraty * Store back result (with byteswap)
231*0957b409SSimon J. Gerraty */
232*0957b409SSimon J. Gerraty #if BR_POWER8_LE
233*0957b409SSimon J. Gerraty vperm(17, 16, 16, 15)
234*0957b409SSimon J. Gerraty stxvw4x(49, 0, %[buf])
235*0957b409SSimon J. Gerraty #else
236*0957b409SSimon J. Gerraty stxvw4x(48, 0, %[buf])
237*0957b409SSimon J. Gerraty #endif
238*0957b409SSimon J. Gerraty addi(%[buf], %[buf], 16)
239*0957b409SSimon J. Gerraty
240*0957b409SSimon J. Gerraty bdnz(loop)
241*0957b409SSimon J. Gerraty
242*0957b409SSimon J. Gerraty : [cc] "+b" (cc), [buf] "+b" (buf)
243*0957b409SSimon J. Gerraty : [sk] "b" (sk), [iv] "b" (iv), [num_blocks] "b" (len >> 4)
244*0957b409SSimon J. Gerraty #if BR_POWER8_LE
245*0957b409SSimon J. Gerraty , [idx2be] "b" (idx2be)
246*0957b409SSimon J. Gerraty #endif
247*0957b409SSimon J. Gerraty : "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9",
248*0957b409SSimon J. Gerraty "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19",
249*0957b409SSimon J. Gerraty "ctr", "memory"
250*0957b409SSimon J. Gerraty );
251*0957b409SSimon J. Gerraty }
252*0957b409SSimon J. Gerraty
253*0957b409SSimon J. Gerraty static void
cbcenc_256(const unsigned char * sk,const unsigned char * iv,unsigned char * buf,size_t len)254*0957b409SSimon J. Gerraty cbcenc_256(const unsigned char *sk,
255*0957b409SSimon J. Gerraty const unsigned char *iv, unsigned char *buf, size_t len)
256*0957b409SSimon J. Gerraty {
257*0957b409SSimon J. Gerraty long cc;
258*0957b409SSimon J. Gerraty
259*0957b409SSimon J. Gerraty #if BR_POWER8_LE
260*0957b409SSimon J. Gerraty static const uint32_t idx2be[] = {
261*0957b409SSimon J. Gerraty 0x03020100, 0x07060504, 0x0B0A0908, 0x0F0E0D0C
262*0957b409SSimon J. Gerraty };
263*0957b409SSimon J. Gerraty #endif
264*0957b409SSimon J. Gerraty
265*0957b409SSimon J. Gerraty cc = 0;
266*0957b409SSimon J. Gerraty asm volatile (
267*0957b409SSimon J. Gerraty
268*0957b409SSimon J. Gerraty /*
269*0957b409SSimon J. Gerraty * Load subkeys into v0..v14
270*0957b409SSimon J. Gerraty */
271*0957b409SSimon J. Gerraty lxvw4x(32, %[cc], %[sk])
272*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
273*0957b409SSimon J. Gerraty lxvw4x(33, %[cc], %[sk])
274*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
275*0957b409SSimon J. Gerraty lxvw4x(34, %[cc], %[sk])
276*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
277*0957b409SSimon J. Gerraty lxvw4x(35, %[cc], %[sk])
278*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
279*0957b409SSimon J. Gerraty lxvw4x(36, %[cc], %[sk])
280*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
281*0957b409SSimon J. Gerraty lxvw4x(37, %[cc], %[sk])
282*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
283*0957b409SSimon J. Gerraty lxvw4x(38, %[cc], %[sk])
284*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
285*0957b409SSimon J. Gerraty lxvw4x(39, %[cc], %[sk])
286*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
287*0957b409SSimon J. Gerraty lxvw4x(40, %[cc], %[sk])
288*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
289*0957b409SSimon J. Gerraty lxvw4x(41, %[cc], %[sk])
290*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
291*0957b409SSimon J. Gerraty lxvw4x(42, %[cc], %[sk])
292*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
293*0957b409SSimon J. Gerraty lxvw4x(43, %[cc], %[sk])
294*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
295*0957b409SSimon J. Gerraty lxvw4x(44, %[cc], %[sk])
296*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
297*0957b409SSimon J. Gerraty lxvw4x(45, %[cc], %[sk])
298*0957b409SSimon J. Gerraty addi(%[cc], %[cc], 16)
299*0957b409SSimon J. Gerraty lxvw4x(46, %[cc], %[sk])
300*0957b409SSimon J. Gerraty
301*0957b409SSimon J. Gerraty #if BR_POWER8_LE
302*0957b409SSimon J. Gerraty /*
303*0957b409SSimon J. Gerraty * v15 = constant for byteswapping words
304*0957b409SSimon J. Gerraty */
305*0957b409SSimon J. Gerraty lxvw4x(47, 0, %[idx2be])
306*0957b409SSimon J. Gerraty #endif
307*0957b409SSimon J. Gerraty /*
308*0957b409SSimon J. Gerraty * Load IV into v16.
309*0957b409SSimon J. Gerraty */
310*0957b409SSimon J. Gerraty lxvw4x(48, 0, %[iv])
311*0957b409SSimon J. Gerraty #if BR_POWER8_LE
312*0957b409SSimon J. Gerraty vperm(16, 16, 16, 15)
313*0957b409SSimon J. Gerraty #endif
314*0957b409SSimon J. Gerraty
315*0957b409SSimon J. Gerraty mtctr(%[num_blocks])
316*0957b409SSimon J. Gerraty label(loop)
317*0957b409SSimon J. Gerraty /*
318*0957b409SSimon J. Gerraty * Load next plaintext word and XOR with current IV.
319*0957b409SSimon J. Gerraty */
320*0957b409SSimon J. Gerraty lxvw4x(49, 0, %[buf])
321*0957b409SSimon J. Gerraty #if BR_POWER8_LE
322*0957b409SSimon J. Gerraty vperm(17, 17, 17, 15)
323*0957b409SSimon J. Gerraty #endif
324*0957b409SSimon J. Gerraty vxor(16, 16, 17)
325*0957b409SSimon J. Gerraty
326*0957b409SSimon J. Gerraty /*
327*0957b409SSimon J. Gerraty * Encrypt the block.
328*0957b409SSimon J. Gerraty */
329*0957b409SSimon J. Gerraty vxor(16, 16, 0)
330*0957b409SSimon J. Gerraty vcipher(16, 16, 1)
331*0957b409SSimon J. Gerraty vcipher(16, 16, 2)
332*0957b409SSimon J. Gerraty vcipher(16, 16, 3)
333*0957b409SSimon J. Gerraty vcipher(16, 16, 4)
334*0957b409SSimon J. Gerraty vcipher(16, 16, 5)
335*0957b409SSimon J. Gerraty vcipher(16, 16, 6)
336*0957b409SSimon J. Gerraty vcipher(16, 16, 7)
337*0957b409SSimon J. Gerraty vcipher(16, 16, 8)
338*0957b409SSimon J. Gerraty vcipher(16, 16, 9)
339*0957b409SSimon J. Gerraty vcipher(16, 16, 10)
340*0957b409SSimon J. Gerraty vcipher(16, 16, 11)
341*0957b409SSimon J. Gerraty vcipher(16, 16, 12)
342*0957b409SSimon J. Gerraty vcipher(16, 16, 13)
343*0957b409SSimon J. Gerraty vcipherlast(16, 16, 14)
344*0957b409SSimon J. Gerraty
345*0957b409SSimon J. Gerraty /*
346*0957b409SSimon J. Gerraty * Store back result (with byteswap)
347*0957b409SSimon J. Gerraty */
348*0957b409SSimon J. Gerraty #if BR_POWER8_LE
349*0957b409SSimon J. Gerraty vperm(17, 16, 16, 15)
350*0957b409SSimon J. Gerraty stxvw4x(49, 0, %[buf])
351*0957b409SSimon J. Gerraty #else
352*0957b409SSimon J. Gerraty stxvw4x(48, 0, %[buf])
353*0957b409SSimon J. Gerraty #endif
354*0957b409SSimon J. Gerraty addi(%[buf], %[buf], 16)
355*0957b409SSimon J. Gerraty
356*0957b409SSimon J. Gerraty bdnz(loop)
357*0957b409SSimon J. Gerraty
358*0957b409SSimon J. Gerraty : [cc] "+b" (cc), [buf] "+b" (buf)
359*0957b409SSimon J. Gerraty : [sk] "b" (sk), [iv] "b" (iv), [num_blocks] "b" (len >> 4)
360*0957b409SSimon J. Gerraty #if BR_POWER8_LE
361*0957b409SSimon J. Gerraty , [idx2be] "b" (idx2be)
362*0957b409SSimon J. Gerraty #endif
363*0957b409SSimon J. Gerraty : "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9",
364*0957b409SSimon J. Gerraty "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19",
365*0957b409SSimon J. Gerraty "ctr", "memory"
366*0957b409SSimon J. Gerraty );
367*0957b409SSimon J. Gerraty }
368*0957b409SSimon J. Gerraty
369*0957b409SSimon J. Gerraty /* see bearssl_block.h */
370*0957b409SSimon J. Gerraty void
br_aes_pwr8_cbcenc_run(const br_aes_pwr8_cbcenc_keys * ctx,void * iv,void * data,size_t len)371*0957b409SSimon J. Gerraty br_aes_pwr8_cbcenc_run(const br_aes_pwr8_cbcenc_keys *ctx,
372*0957b409SSimon J. Gerraty void *iv, void *data, size_t len)
373*0957b409SSimon J. Gerraty {
374*0957b409SSimon J. Gerraty if (len > 0) {
375*0957b409SSimon J. Gerraty switch (ctx->num_rounds) {
376*0957b409SSimon J. Gerraty case 10:
377*0957b409SSimon J. Gerraty cbcenc_128(ctx->skey.skni, iv, data, len);
378*0957b409SSimon J. Gerraty break;
379*0957b409SSimon J. Gerraty case 12:
380*0957b409SSimon J. Gerraty cbcenc_192(ctx->skey.skni, iv, data, len);
381*0957b409SSimon J. Gerraty break;
382*0957b409SSimon J. Gerraty default:
383*0957b409SSimon J. Gerraty cbcenc_256(ctx->skey.skni, iv, data, len);
384*0957b409SSimon J. Gerraty break;
385*0957b409SSimon J. Gerraty }
386*0957b409SSimon J. Gerraty memcpy(iv, (unsigned char *)data + (len - 16), 16);
387*0957b409SSimon J. Gerraty }
388*0957b409SSimon J. Gerraty }
389*0957b409SSimon J. Gerraty
390*0957b409SSimon J. Gerraty /* see bearssl_block.h */
391*0957b409SSimon J. Gerraty const br_block_cbcenc_class br_aes_pwr8_cbcenc_vtable = {
392*0957b409SSimon J. Gerraty sizeof(br_aes_pwr8_cbcenc_keys),
393*0957b409SSimon J. Gerraty 16,
394*0957b409SSimon J. Gerraty 4,
395*0957b409SSimon J. Gerraty (void (*)(const br_block_cbcenc_class **, const void *, size_t))
396*0957b409SSimon J. Gerraty &br_aes_pwr8_cbcenc_init,
397*0957b409SSimon J. Gerraty (void (*)(const br_block_cbcenc_class *const *, void *, void *, size_t))
398*0957b409SSimon J. Gerraty &br_aes_pwr8_cbcenc_run
399*0957b409SSimon J. Gerraty };
400*0957b409SSimon J. Gerraty
401*0957b409SSimon J. Gerraty /* see bearssl_block.h */
402*0957b409SSimon J. Gerraty const br_block_cbcenc_class *
br_aes_pwr8_cbcenc_get_vtable(void)403*0957b409SSimon J. Gerraty br_aes_pwr8_cbcenc_get_vtable(void)
404*0957b409SSimon J. Gerraty {
405*0957b409SSimon J. Gerraty return br_aes_pwr8_supported() ? &br_aes_pwr8_cbcenc_vtable : NULL;
406*0957b409SSimon J. Gerraty }
407*0957b409SSimon J. Gerraty
408*0957b409SSimon J. Gerraty #else
409*0957b409SSimon J. Gerraty
410*0957b409SSimon J. Gerraty /* see bearssl_block.h */
411*0957b409SSimon J. Gerraty const br_block_cbcenc_class *
br_aes_pwr8_cbcenc_get_vtable(void)412*0957b409SSimon J. Gerraty br_aes_pwr8_cbcenc_get_vtable(void)
413*0957b409SSimon J. Gerraty {
414*0957b409SSimon J. Gerraty return NULL;
415*0957b409SSimon J. Gerraty }
416*0957b409SSimon J. Gerraty
417*0957b409SSimon J. Gerraty #endif
418