Source code

Revision control

Copy as Markdown

Other Tools

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# vs0 - vs15 : buffer for xor
# vs32 - vs47 (v0 - v15) : 4 "converted" states
# vs48 - vs51 (v16 - v19) : original state
# vs52 - vs55 (v20 - v23) : "converted" constants
# vs56 (v24) : "converted" counter
# vs57 (v25) : increment for "converted" counter
# vs60 - vs63 (v28 - v31) : constants for rotate left or vpermxor
#define r0 0
#define sp 1
#define r2 2
#define rSIZE 3
#define rDST 4
#define rSRC 5
#define rKEY 6
#define rNONCE 7
#define rCNTR 8
#define r9 9
#define r10 10
#define r11 11
#define r12 12
#define r13 13
#define r14 14
#define r15 15
#define r16 16
#define r17 17
#define r18 18
#define r19 19
#define r20 20
#define r21 21
#define r22 22
#define r23 23
#define r24 24
#define r25 25
#define r26 26
#define r27 27
#define r28 28
#define r29 29
#define r30 30
#define r31 31
#define v0 0
#define v1 1
#define v2 2
#define v3 3
#define v4 4
#define v5 5
#define v6 6
#define v7 7
#define v8 8
#define v9 9
#define v10 10
#define v11 11
#define v12 12
#define v13 13
#define v14 14
#define v15 15
#define v16 16
#define v17 17
#define v18 18
#define v19 19
#define v20 20
#define v21 21
#define v22 22
#define v23 23
#define v24 24
#define v25 25
#define v26 26
#define v27 27
#define v28 28
#define v29 29
#define v30 30
#define v31 31
#define vs0 0
#define vs1 1
#define vs2 2
#define vs3 3
#define vs4 4
#define vs5 5
#define vs6 6
#define vs7 7
#define vs8 8
#define vs9 9
#define vs10 10
#define vs11 11
#define vs12 12
#define vs13 13
#define vs14 14
#define vs15 15
#define vs16 16
#define vs17 17
#define vs18 18
#define vs19 19
#define vs20 20
#define vs21 21
#define vs22 22
#define vs23 23
#define vs24 24
#define vs25 25
#define vs26 26
#define vs27 27
#define vs28 28
#define vs29 29
#define vs30 30
#define vs31 31
#define vs32 32
#define vs33 33
#define vs34 34
#define vs35 35
#define vs36 36
#define vs37 37
#define vs38 38
#define vs39 39
#define vs40 40
#define vs41 41
#define vs42 42
#define vs43 43
#define vs44 44
#define vs45 45
#define vs46 46
#define vs47 47
#define vs48 48
#define vs49 49
#define vs50 50
#define vs51 51
#define vs52 52
#define vs53 53
#define vs54 54
#define vs55 55
#define vs56 56
#define vs57 57
#define vs58 58
#define vs59 59
#define vs60 60
#define vs61 61
#define vs62 62
#define vs63 63
.abiversion 2
.section ".data"
.align 5
lblock: .skip 256
cnts0: .long 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
cnts1: .long 0x61707865, 0x61707865, 0x61707865, 0x61707865
cnts2: .long 0x3320646e, 0x3320646e, 0x3320646e, 0x3320646e
cnts3: .long 0x79622d32, 0x79622d32, 0x79622d32, 0x79622d32
cnts4: .long 0x6b206574, 0x6b206574, 0x6b206574, 0x6b206574
st4: .long 0, 0, 0, 0
cntr: .long 0, 0, 0, 0
incr: .long 4, 4, 4, 4
rotl1: .long 0x22330011, 0x66774455, 0xAABB8899, 0xEEFFCCDD
rotl2: .long 12, 12, 12, 12
rotl3: .long 0x11223300, 0x55667744, 0x99AABB88, 0xDDEEFFCC
rotl4: .long 7, 7, 7, 7
.section ".text"
.align 5
.globl chacha20vsx
.type chacha20vsx, @function
chacha20vsx:
# prologue
addis 2, r12, .TOC.-chacha20vsx@ha
addi 2, 2, .TOC.-chacha20vsx@l
.localentry chacha20vsx, .-chacha20vsx
std r14, -8(sp)
std r15, -16(sp)
std r16, -24(sp)
std r17, -32(sp)
std r18, -40(sp)
std r19, -48(sp)
std r20, -56(sp)
std r21, -64(sp)
std r22, -72(sp)
std r23, -80(sp)
std r24, -88(sp)
std r25, -96(sp)
std r26, -104(sp)
std r27, -112(sp)
std r28, -120(sp)
std r29, -128(sp)
std r30, -136(sp)
std r31, -144(sp)
addi r14, sp, -160
li r16, -16
li r17, -32
li r18, -48
li r19, -64
li r20, -80
li r21, -96
li r22, -112
li r23, -128
li r24, -144
li r25, -160
li r26, -176
li r27, -192
li r28, -208
# save f14, f15
stxvw4x vs14, 0, r14
stxvw4x vs15, r16, r14
# save v20 - v31
stxvw4x vs52, r17, r14
stxvw4x vs53, r18, r14
stxvw4x vs54, r19, r14
stxvw4x vs55, r20, r14
stxvw4x vs56, r21, r14
stxvw4x vs57, r22, r14
stxvw4x vs58, r23, r14
stxvw4x vs59, r24, r14
stxvw4x vs60, r25, r14
stxvw4x vs61, r26, r14
stxvw4x vs62, r27, r14
stxvw4x vs63, r28, r14
# offset in src/dst
li r17, 16
li r18, 32
li r19, 48
li r20, 64
li r21, 80
li r22, 96
li r23, 112
li r24, 128
li r25, 144
li r26, 160
li r27, 176
li r28, 192
li r29, 208
li r30, 224
li r31, 240
# load const's address
addis r14, 2, cnts0@toc@ha
addi r14, r14, cnts0@toc@l
# save nonce to st4
lwz r15, 0(rNONCE)
stw r15, 84(r14)
lwz r15, 4(rNONCE)
stw r15, 88(r14)
lwz r15, 8(rNONCE)
stw r15, 92(r14)
# load state to vectors
lxvw4x vs48, 0, r14
lxvw4x vs49, 0, rKEY
lxvw4x vs50, r17, rKEY
lxvw4x vs51, r21, r14
# load consts for x4 rounds
lxvw4x vs52, r17, r14
lxvw4x vs53, r18, r14
lxvw4x vs54, r19, r14
lxvw4x vs55, r20, r14
# counter
stw rCNTR, 96(r14)
addi rCNTR, rCNTR, 1
stw rCNTR, 100(r14)
addi rCNTR, rCNTR, 1
stw rCNTR, 104(r14)
addi rCNTR, rCNTR, 1
stw rCNTR, 108(r14)
lxvw4x vs56, r22, r14
# load increment
lxvw4x vs57, r23, r14
# load rotl to vectors
lxvw4x vs60, r24, r14
lxvw4x vs61, r25, r14
lxvw4x vs62, r26, r14
lxvw4x vs63, r27, r14
# counter for loop = size/256
li r15, 256
divdu. r16, rSIZE, r15
beq lastblock
mtctr r16
mainloop:
# init 16 vectors (4 states x4)
vor v0, v20, v20
vor v1, v21, v21
vor v2, v22, v22
vor v3, v23, v23
vspltw v4, v17, v0
vspltw v5, v17, v1
vspltw v6, v17, v2
vspltw v7, v17, v3
vspltw v8, v18, v0
vspltw v9, v18, v1
vspltw v10, v18, v2
vspltw v11, v18, v3
vor v12, v24, v24
vspltw v13, v19, v1
vspltw v14, v19, v2
vspltw v15, v19, v3
.macro _plus a b_y b_x
vadduwm \a, \a, \b_y*4+(\b_x)%4
vadduwm \a+1, \a+1, \b_y*4+(\b_x+1)%4
vadduwm \a+2, \a+2, \b_y*4+(\b_x+2)%4
vadduwm \a+3, \a+3, \b_y*4+(\b_x+3)%4
.endm
.macro _xor a b_y b_x
vxor \a, \a, \b_y*4+(\b_x)%4
vxor \a+1, \a+1, \b_y*4+(\b_x+1)%4
vxor \a+2, \a+2, \b_y*4+(\b_x+2)%4
vxor \a+3, \a+3, \b_y*4+(\b_x+3)%4
.endm
.macro _rotl a b
vrlw \a, \a, \b
vrlw \a+1, \a+1, \b
vrlw \a+2, \a+2, \b
vrlw \a+3, \a+3, \b
.endm
.macro _pxor a b_y b_x c
vpermxor \a, \a, \b_y*4+(\b_x)%4, \c
vpermxor \a+1, \a+1, \b_y*4+(\b_x+1)%4, \c
vpermxor \a+2, \a+2, \b_y*4+(\b_x+2)%4, \c
vpermxor \a+3, \a+3, \b_y*4+(\b_x+3)%4, \c
.endm
# 00 01 02 03
# 04 05 06 07
# 08 09 10 11
# 12 13 14 15
.macro doubleround
# column round
_plus v0, v1, v0 # a+=b
_pxor v12, v0, v0, v28 # d^=a; d<<<=16
_plus v8, v3, v0 # c+=d
_xor v4, v2, v0 # b^=c
_rotl v4, v29 # b<<<=12
_plus v0, v1, v0 # a+=b
_pxor v12, v0, v0, v30 # d^=a; d<<<=8
_plus v8, v3, v0 # c+=d
_xor v4, v2, v0 # b^=c
_rotl v4, v31 # b<<<=7
# diagonal round
_plus v0, v1, v1 # a+=b
_pxor v12, v0, v1, v28 # d^=a; d<<<=16
_plus v8, v3, v1 # c+=d
_xor v4, v2, v1 # b^=c
_rotl v4, v29 # b<<<=12
_plus v0, v1, v1 # a+=b
_pxor v12, v0, v1, v30 # d^=a; d<<<=8
_plus v8, v3, v1 # c+=d
_xor v4, v2, v1 # b^=c
_rotl v4, v31 # b<<<=7
.endm
doubleround # 1
doubleround # 2
doubleround # 3
doubleround # 4
doubleround # 5
doubleround # 6
doubleround # 7
doubleround # 8
doubleround # 9
doubleround # 10
# counter += original counter
vadduwm v12, v12, v24
.macro convert a
vmrgew 26, 0+\a, 1+\a
vmrgew 27, 2+\a, 3+\a
vmrgow 0+\a, 0+\a, 1+\a
vmrgow 2+\a, 2+\a, 3+\a
xxmrghd 33+\a, 32+\a, 34+\a
xxmrgld 35+\a, 32+\a, 34+\a
xxmrghd 32+\a, 58, 59
xxmrgld 34+\a, 58, 59
.endm
convert 0
convert 4
convert 8
convert 12
.macro addition a
vadduwm 0+\a, 0+\a, 16
vadduwm 4+\a, 4+\a, 17
vadduwm 8+\a, 8+\a, 18
vadduwm 12+\a, 12+\a, 19
.endm
addition 0
addition 1
addition 2
addition 3
# load text/cipher
lxvw4x vs0, 0, rSRC
lxvw4x vs1, r17, rSRC
lxvw4x vs2, r18, rSRC
lxvw4x vs3, r19, rSRC
lxvw4x vs4, r20, rSRC
lxvw4x vs5, r21, rSRC
lxvw4x vs6, r22, rSRC
lxvw4x vs7, r23, rSRC
lxvw4x vs8, r24, rSRC
lxvw4x vs9, r25, rSRC
lxvw4x vs10, r26, rSRC
lxvw4x vs11, r27, rSRC
lxvw4x vs12, r28, rSRC
lxvw4x vs13, r29, rSRC
lxvw4x vs14, r30, rSRC
lxvw4x vs15, r31, rSRC
# xor (encrypt/decrypt)
xxlxor vs0, vs0, vs32
xxlxor vs1, vs1, vs36
xxlxor vs2, vs2, vs40
xxlxor vs3, vs3, vs44
xxlxor vs4, vs4, vs33
xxlxor vs5, vs5, vs37
xxlxor vs6, vs6, vs41
xxlxor vs7, vs7, vs45
xxlxor vs8, vs8, vs34
xxlxor vs9, vs9, vs38
xxlxor vs10, vs10, vs42
xxlxor vs11, vs11, vs46
xxlxor vs12, vs12, vs35
xxlxor vs13, vs13, vs39
xxlxor vs14, vs14, vs43
xxlxor vs15, vs15, vs47
# store cipher/text
stxvw4x vs0, 0, rDST
stxvw4x vs1, r17, rDST
stxvw4x vs2, r18, rDST
stxvw4x vs3, r19, rDST
stxvw4x vs4, r20, rDST
stxvw4x vs5, r21, rDST
stxvw4x vs6, r22, rDST
stxvw4x vs7, r23, rDST
stxvw4x vs8, r24, rDST
stxvw4x vs9, r25, rDST
stxvw4x vs10, r26, rDST
stxvw4x vs11, r27, rDST
stxvw4x vs12, r28, rDST
stxvw4x vs13, r29, rDST
stxvw4x vs14, r30, rDST
stxvw4x vs15, r31, rDST
# src/dst increment
addi rSRC, rSRC, 256
addi rDST, rDST, 256
# counter increment
vadduwm v24, v24, v25
bdnz mainloop
lastblock:
# reminder
mulld r16, r16, r15
subf. r16, r16, rSIZE
# check reminder
beq exitsub
addi r14, r14, -256
# last block x4
# init 16 vectors (4 states x4)
vor v0, v20, v20
vor v1, v21, v21
vor v2, v22, v22
vor v3, v23, v23
vspltw v4, v17, v0
vspltw v5, v17, v1
vspltw v6, v17, v2
vspltw v7, v17, v3
vspltw v8, v18, v0
vspltw v9, v18, v1
vspltw v10, v18, v2
vspltw v11, v18, v3
vor v12, v24, v24
vspltw v13, v19, v1
vspltw v14, v19, v2
vspltw v15, v19, v3
doubleround # 1
doubleround # 2
doubleround # 3
doubleround # 4
doubleround # 5
doubleround # 6
doubleround # 7
doubleround # 8
doubleround # 9
doubleround # 10
vadduwm v12, v12, v24
convert 0
convert 4
convert 8
convert 12
addition 0
addition 1
addition 2
addition 3
# store vectors
stxvw4x vs32, 0, r14
stxvw4x vs36, r17, r14
stxvw4x vs40, r18, r14
stxvw4x vs44, r19, r14
stxvw4x vs33, r20, r14
stxvw4x vs37, r21, r14
stxvw4x vs41, r22, r14
stxvw4x vs45, r23, r14
stxvw4x vs34, r24, r14
stxvw4x vs38, r25, r14
stxvw4x vs42, r26, r14
stxvw4x vs46, r27, r14
stxvw4x vs35, r28, r14
stxvw4x vs39, r29, r14
stxvw4x vs43, r30, r14
stxvw4x vs47, r31, r14
mtctr r16
addi rSIZE, r14, -1
addi rSRC, rSRC, -1
addi rDST, rDST, -1
xorlast:
lbzu r15, 1(rSIZE)
lbzu r16, 1(rSRC)
xor r15, r15, r16
stbu r15, 1(rDST)
bdnz xorlast
# zeroing last block
xxlxor vs0, vs0, vs0
stxvw4x vs0, 0, r14
stxvw4x vs0, r17, r14
stxvw4x vs0, r18, r14
stxvw4x vs0, r19, r14
stxvw4x vs0, r20, r14
stxvw4x vs0, r21, r14
stxvw4x vs0, r22, r14
stxvw4x vs0, r23, r14
stxvw4x vs0, r24, r14
stxvw4x vs0, r25, r14
stxvw4x vs0, r26, r14
stxvw4x vs0, r27, r14
stxvw4x vs0, r28, r14
stxvw4x vs0, r29, r14
stxvw4x vs0, r30, r14
stxvw4x vs0, r31, r14
exitsub:
# zeroing volatile registers
xxlxor vs0, vs0, vs0
xxlxor vs1, vs1, vs1
xxlxor vs2, vs2, vs2
xxlxor vs3, vs3, vs3
xxlxor vs4, vs4, vs4
xxlxor vs5, vs5, vs5
xxlxor vs6, vs6, vs6
xxlxor vs7, vs7, vs7
xxlxor vs8, vs8, vs8
xxlxor vs9, vs9, vs9
xxlxor vs10, vs10, vs10
xxlxor vs11, vs11, vs11
xxlxor vs12, vs12, vs12
xxlxor vs13, vs13, vs13
xxlxor vs32, vs32, vs32
xxlxor vs33, vs33, vs33
xxlxor vs34, vs34, vs34
xxlxor vs35, vs35, vs35
xxlxor vs36, vs36, vs36
xxlxor vs37, vs37, vs37
xxlxor vs38, vs38, vs38
xxlxor vs39, vs39, vs39
xxlxor vs40, vs40, vs40
xxlxor vs41, vs41, vs41
xxlxor vs42, vs42, vs42
xxlxor vs43, vs43, vs43
xxlxor vs44, vs44, vs44
xxlxor vs45, vs45, vs45
xxlxor vs46, vs46, vs46
xxlxor vs47, vs47, vs47
xxlxor vs48, vs48, vs48
xxlxor vs49, vs49, vs49
xxlxor vs50, vs50, vs50
xxlxor vs51, vs51, vs51
li rSIZE, 0
li rDST, 0
li rSRC, 0
li rKEY, 0
li rNONCE, 0
li rCNTR, 0
# epilogue
addi r14, sp, -160
li r16, -16
li r17, -32
li r18, -48
li r19, -64
li r20, -80
li r21, -96
li r22, -112
li r23, -128
li r24, -144
li r25, -160
li r26, -176
li r27, -192
li r28, -208
# load f14, f15
lxvw4x vs14, 0, r14
lxvw4x vs15, r16, r14
# load v20 - v31
lxvw4x vs52, r17, r14
lxvw4x vs53, r18, r14
lxvw4x vs54, r19, r14
lxvw4x vs55, r20, r14
lxvw4x vs56, r21, r14
lxvw4x vs57, r22, r14
lxvw4x vs58, r23, r14
lxvw4x vs59, r24, r14
lxvw4x vs60, r25, r14
lxvw4x vs61, r26, r14
lxvw4x vs62, r27, r14
lxvw4x vs63, r28, r14
ld r14, -8(sp)
ld r15, -16(sp)
ld r16, -24(sp)
ld r17, -32(sp)
ld r18, -40(sp)
ld r19, -48(sp)
ld r20, -56(sp)
ld r21, -64(sp)
ld r22, -72(sp)
ld r23, -80(sp)
ld r24, -88(sp)
ld r25, -96(sp)
ld r26, -104(sp)
ld r27, -112(sp)
ld r28, -120(sp)
ld r29, -128(sp)
ld r30, -136(sp)
ld r31, -144(sp)
blr