diff options
Diffstat (limited to 'x86_64/pclmul/ghash-set-key.asm')
-rw-r--r-- | x86_64/pclmul/ghash-set-key.asm | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/x86_64/pclmul/ghash-set-key.asm b/x86_64/pclmul/ghash-set-key.asm index 3a7a976a..863ee244 100644 --- a/x86_64/pclmul/ghash-set-key.asm +++ b/x86_64/pclmul/ghash-set-key.asm @@ -39,12 +39,15 @@ define(`BSWAP', `%xmm1') define(`H', `%xmm2') define(`D', `%xmm3') define(`T', `%xmm4') -define(`MASK', `%xmm5') +define(`R', `%xmm5') +define(`M', `%xmm6') +define(`F', `%xmm7') +define(`MASK', `%xmm7') C void _ghash_set_key (struct gcm_key *ctx, const union nettle_block16 *key) PROLOGUE(_nettle_ghash_set_key) - W64_ENTRY(2, 6) + W64_ENTRY(2, 8) movdqa .Lpolynomial(%rip), P movdqa .Lbswap(%rip), BSWAP movups (KEY), H @@ -63,11 +66,35 @@ PROLOGUE(_nettle_ghash_set_key) movups H, (CTX) C Set D = x^{-64} H = {H0, H1} + P1 H0 + movdqa H, T + pshufd $0x4e, H, D C Swap H0, H1 + pclmullqhqdq P, T + pxor T, D + movups D, 16(CTX) + + movdqa H, M + movdqa H, F + movdqa H, T + pclmulhqlqdq H, T C H0 * M1 + pclmulhqhqdq H, M C H1 * M1 + pclmullqlqdq D, F C D0 * M0 + pclmullqhqdq D, H C D1 * M0 + pxor T, F + pxor M, H + + pshufd $0x4e, F, T C Swap halves of F + pxor T, H + pclmullqhqdq P, F + pxor F, H + movups H, 32(CTX) + + C Set D2 = x^{-64} H^2 = {H0, H1} + P1 H0 pshufd $0x4e, H, D C Swap H0, H1 pclmullqhqdq P, H pxor H, D - movups D, 16(CTX) - W64_EXIT(2, 6) + movups D, 48(CTX) + + W64_EXIT(2, 8) ret EPILOGUE(_nettle_ghash_set_key) |