Bug 1559012 - Improve GCM perfomance using PMULL2 r=KevinJacobs,jcj

This implementation is from the paper of https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf

benchmark of `bltest -E -m aes_gcm -i tests/aes_gcm/plaintext10 -v tests/aes_gcm/iv10  -k tests/aes_gcm/key10 -5 10` on Cortex-A72 (AWS a1)
### Before
```
#     mode          in symmkey  opreps  cxreps     context          op   time(sec)     thrgput
 aes_gcm_e       265Mb     192      4M       0       0.000   10000.000      10.000        26Mb
```
### After
```
#     mode          in symmkey  opreps  cxreps     context          op   time(sec)     thrgput
 aes_gcm_e       659Mb     192     11M       0       0.000   10000.000      10.000        65Mb
```

Differential Revision: https://phabricator.services.mozilla.com/D34995

1 files changed, 6 insertions, 0 deletions

diff --git a/lib/freebl/gcm.h b/lib/freebl/gcm.h
index 42ef0f717..49a9ec9fa 100644
--- a/lib/freebl/gcm.h
+++ b/lib/freebl/gcm.h
@@ -26,6 +26,10 @@
 #endif /* NSS_DISABLE_SSE2 */
 #endif
 
+#ifdef __aarch64__
+#include <arm_neon.h>
+#endif
+
 SEC_BEGIN_PROTOS
 
 #ifdef HAVE_INT128_SUPPORT
@@ -61,6 +65,8 @@ typedef SECStatus (*ghash_t)(gcmHashContext *, const unsigned char *,
 pre_align struct gcmHashContextStr {
 #ifdef NSS_X86_OR_X64
     __m128i x, h;
+#elif defined(__aarch64__)
+    uint64x2_t x, h;
 #endif
     uint64_t x_low, x_high, h_high, h_low;
     unsigned char buffer[MAX_BLOCK_SIZE];