2017-05-27 14:30:11 -05:00
|
|
|
// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
|
|
|
|
// Use of this source code is governed by a license that can be
|
|
|
|
// found in the LICENSE file.
|
|
|
|
|
|
|
|
// +build amd64,!gccgo,!appengine,!nacl
|
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
#include "const.s"
|
|
|
|
#include "macro.s"
|
|
|
|
|
|
|
|
// FINALIZE xors len bytes from src and block using
|
|
|
|
// the temp. registers t0 and t1 and writes the result
|
|
|
|
// to dst.
|
|
|
|
#define FINALIZE(dst, src, block, len, t0, t1) \
|
|
|
|
XORQ t0, t0; \
|
|
|
|
XORQ t1, t1; \
|
|
|
|
FINALIZE_LOOP:; \
|
|
|
|
MOVB 0(src), t0; \
|
|
|
|
MOVB 0(block), t1; \
|
|
|
|
XORQ t0, t1; \
|
|
|
|
MOVB t1, 0(dst); \
|
|
|
|
INCQ src; \
|
|
|
|
INCQ block; \
|
|
|
|
INCQ dst; \
|
|
|
|
DECQ len; \
|
|
|
|
JG FINALIZE_LOOP \
|
|
|
|
|
|
|
|
#define Dst DI
|
|
|
|
#define Nonce AX
|
|
|
|
#define Key BX
|
|
|
|
#define Rounds DX
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
// func initialize(state *[64]byte, key []byte, nonce *[16]byte)
|
|
|
|
TEXT ·initialize(SB), 4, $0-40
|
|
|
|
MOVQ state+0(FP), Dst
|
|
|
|
MOVQ key+8(FP), Key
|
|
|
|
MOVQ nonce+32(FP), Nonce
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVOU ·sigma<>(SB), X0
|
|
|
|
MOVOU 0*16(Key), X1
|
|
|
|
MOVOU 1*16(Key), X2
|
|
|
|
MOVOU 0*16(Nonce), X3
|
|
|
|
|
|
|
|
MOVOU X0, 0*16(Dst)
|
|
|
|
MOVOU X1, 1*16(Dst)
|
|
|
|
MOVOU X2, 2*16(Dst)
|
|
|
|
MOVOU X3, 3*16(Dst)
|
|
|
|
RET
|
2017-07-27 17:11:56 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
// func hChaCha20AVX(out *[32]byte, nonce *[16]byte, key *[32]byte)
|
|
|
|
TEXT ·hChaCha20AVX(SB), 4, $0-24
|
|
|
|
MOVQ out+0(FP), Dst
|
|
|
|
MOVQ nonce+8(FP), Nonce
|
|
|
|
MOVQ key+16(FP), Key
|
|
|
|
|
|
|
|
VMOVDQU ·sigma<>(SB), X0
|
|
|
|
VMOVDQU 0*16(Key), X1
|
|
|
|
VMOVDQU 1*16(Key), X2
|
|
|
|
VMOVDQU 0*16(Nonce), X3
|
|
|
|
VMOVDQU ·rol16_AVX2<>(SB), X5
|
|
|
|
VMOVDQU ·rol8_AVX2<>(SB), X6
|
|
|
|
MOVQ $20, Rounds
|
|
|
|
|
|
|
|
CHACHA_LOOP:
|
|
|
|
CHACHA_QROUND_AVX(X0, X1, X2, X3, X4, X5, X6)
|
|
|
|
CHACHA_SHUFFLE_AVX(X1, X2, X3)
|
|
|
|
CHACHA_QROUND_AVX(X0, X1, X2, X3, X4, X5, X6)
|
|
|
|
CHACHA_SHUFFLE_AVX(X3, X2, X1)
|
|
|
|
SUBQ $2, Rounds
|
|
|
|
JNZ CHACHA_LOOP
|
|
|
|
|
|
|
|
VMOVDQU X0, 0*16(Dst)
|
|
|
|
VMOVDQU X3, 1*16(Dst)
|
|
|
|
VZEROUPPER
|
|
|
|
RET
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
// func hChaCha20SSE2(out *[32]byte, nonce *[16]byte, key *[32]byte)
|
|
|
|
TEXT ·hChaCha20SSE2(SB), 4, $0-24
|
|
|
|
MOVQ out+0(FP), Dst
|
|
|
|
MOVQ nonce+8(FP), Nonce
|
|
|
|
MOVQ key+16(FP), Key
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVOU ·sigma<>(SB), X0
|
|
|
|
MOVOU 0*16(Key), X1
|
|
|
|
MOVOU 1*16(Key), X2
|
|
|
|
MOVOU 0*16(Nonce), X3
|
|
|
|
MOVQ $20, Rounds
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_LOOP:
|
|
|
|
CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
|
|
|
|
CHACHA_SHUFFLE_SSE(X1, X2, X3)
|
|
|
|
CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
|
|
|
|
CHACHA_SHUFFLE_SSE(X3, X2, X1)
|
|
|
|
SUBQ $2, Rounds
|
|
|
|
JNZ CHACHA_LOOP
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVOU X0, 0*16(Dst)
|
|
|
|
MOVOU X3, 1*16(Dst)
|
|
|
|
RET
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
// func hChaCha20SSSE3(out *[32]byte, nonce *[16]byte, key *[32]byte)
|
|
|
|
TEXT ·hChaCha20SSSE3(SB), 4, $0-24
|
|
|
|
MOVQ out+0(FP), Dst
|
|
|
|
MOVQ nonce+8(FP), Nonce
|
|
|
|
MOVQ key+16(FP), Key
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVOU ·sigma<>(SB), X0
|
|
|
|
MOVOU 0*16(Key), X1
|
|
|
|
MOVOU 1*16(Key), X2
|
|
|
|
MOVOU 0*16(Nonce), X3
|
|
|
|
MOVOU ·rol16<>(SB), X5
|
|
|
|
MOVOU ·rol8<>(SB), X6
|
|
|
|
MOVQ $20, Rounds
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
chacha_loop:
|
|
|
|
CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, X5, X6)
|
|
|
|
CHACHA_SHUFFLE_SSE(X1, X2, X3)
|
|
|
|
CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, X5, X6)
|
|
|
|
CHACHA_SHUFFLE_SSE(X3, X2, X1)
|
|
|
|
SUBQ $2, Rounds
|
|
|
|
JNZ chacha_loop
|
|
|
|
|
|
|
|
MOVOU X0, 0*16(Dst)
|
|
|
|
MOVOU X3, 1*16(Dst)
|
|
|
|
RET
|
|
|
|
|
|
|
|
#undef Dst
|
|
|
|
#undef Nonce
|
|
|
|
#undef Key
|
|
|
|
#undef Rounds
|
|
|
|
|
|
|
|
#define Dst DI
|
|
|
|
#define Src SI
|
|
|
|
#define Len R12
|
|
|
|
#define Rounds DX
|
|
|
|
#define Buffer BX
|
|
|
|
#define State AX
|
|
|
|
#define Stack SP
|
|
|
|
#define SavedSP R8
|
|
|
|
#define Tmp0 R9
|
|
|
|
#define Tmp1 R10
|
|
|
|
#define Tmp2 R11
|
|
|
|
|
|
|
|
// func xorKeyStreamSSE2(dst, src []byte, block, state *[64]byte, rounds int) int
|
|
|
|
TEXT ·xorKeyStreamSSE2(SB), 4, $112-80
|
|
|
|
MOVQ dst_base+0(FP), Dst
|
|
|
|
MOVQ src_base+24(FP), Src
|
|
|
|
MOVQ block+48(FP), Buffer
|
|
|
|
MOVQ state+56(FP), State
|
|
|
|
MOVQ rounds+64(FP), Rounds
|
|
|
|
MOVQ src_len+32(FP), Len
|
|
|
|
|
|
|
|
MOVOU 0*16(State), X0
|
|
|
|
MOVOU 1*16(State), X1
|
|
|
|
MOVOU 2*16(State), X2
|
|
|
|
MOVOU 3*16(State), X3
|
|
|
|
|
|
|
|
MOVQ Stack, SavedSP
|
|
|
|
ADDQ $16, Stack
|
|
|
|
ANDQ $-16, Stack
|
|
|
|
|
|
|
|
TESTQ Len, Len
|
|
|
|
JZ DONE
|
|
|
|
|
|
|
|
MOVOU ·one<>(SB), X4
|
|
|
|
MOVO X0, 0*16(Stack)
|
|
|
|
MOVO X1, 1*16(Stack)
|
|
|
|
MOVO X2, 2*16(Stack)
|
|
|
|
MOVO X3, 3*16(Stack)
|
|
|
|
MOVO X4, 4*16(Stack)
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JLE GENERATE_KEYSTREAM_64
|
|
|
|
CMPQ Len, $128
|
|
|
|
JLE GENERATE_KEYSTREAM_128
|
|
|
|
CMPQ Len, $192
|
|
|
|
JLE GENERATE_KEYSTREAM_192
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_256:
|
2017-07-27 17:11:56 -05:00
|
|
|
MOVO X0, X12
|
|
|
|
MOVO X1, X13
|
|
|
|
MOVO X2, X14
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVO X3, X15
|
|
|
|
PADDQ 4*16(Stack), X15
|
2017-07-27 17:11:56 -05:00
|
|
|
MOVO X0, X8
|
|
|
|
MOVO X1, X9
|
|
|
|
MOVO X2, X10
|
|
|
|
MOVO X15, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X11
|
|
|
|
MOVO X0, X4
|
|
|
|
MOVO X1, X5
|
|
|
|
MOVO X2, X6
|
|
|
|
MOVO X11, X7
|
|
|
|
PADDQ 4*16(Stack), X7
|
|
|
|
MOVQ Rounds, Tmp0
|
2017-07-27 17:11:56 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVO X3, 3*16(Stack) // Save X3
|
2017-07-27 17:11:56 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_LOOP_256:
|
|
|
|
MOVO X4, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
|
|
|
|
CHACHA_QROUND_SSE2(X12, X13, X14, X15, X4)
|
|
|
|
MOVO 5*16(Stack), X4
|
|
|
|
MOVO X0, 5*16(Stack)
|
2017-07-27 17:11:56 -05:00
|
|
|
CHACHA_QROUND_SSE2(X8, X9, X10, X11, X0)
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
|
|
|
|
MOVO 5*16(Stack), X0
|
|
|
|
CHACHA_SHUFFLE_SSE(X1, X2, X3)
|
|
|
|
CHACHA_SHUFFLE_SSE(X13, X14, X15)
|
|
|
|
CHACHA_SHUFFLE_SSE(X9, X10, X11)
|
|
|
|
CHACHA_SHUFFLE_SSE(X5, X6, X7)
|
|
|
|
MOVO X4, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_SSE2(X0, X1, X2, X3, X4)
|
|
|
|
CHACHA_QROUND_SSE2(X12, X13, X14, X15, X4)
|
|
|
|
MOVO 5*16(Stack), X4
|
|
|
|
MOVO X0, 5*16(Stack)
|
2017-07-27 17:11:56 -05:00
|
|
|
CHACHA_QROUND_SSE2(X8, X9, X10, X11, X0)
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
|
|
|
|
MOVO 5*16(Stack), X0
|
|
|
|
CHACHA_SHUFFLE_SSE(X3, X2, X1)
|
|
|
|
CHACHA_SHUFFLE_SSE(X15, X14, X13)
|
|
|
|
CHACHA_SHUFFLE_SSE(X11, X10, X9)
|
|
|
|
CHACHA_SHUFFLE_SSE(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_256
|
|
|
|
|
|
|
|
PADDL 0*16(Stack), X0
|
|
|
|
PADDL 1*16(Stack), X1
|
|
|
|
PADDL 2*16(Stack), X2
|
|
|
|
PADDL 3*16(Stack), X3
|
|
|
|
MOVO X4, 5*16(Stack) // Save X4
|
|
|
|
XOR_SSE(Dst, Src, 0, X0, X1, X2, X3, X4)
|
|
|
|
MOVO 5*16(Stack), X4 // Restore X4
|
|
|
|
|
|
|
|
MOVO 0*16(Stack), X0
|
|
|
|
MOVO 1*16(Stack), X1
|
|
|
|
MOVO 2*16(Stack), X2
|
|
|
|
MOVO 3*16(Stack), X3
|
|
|
|
PADDQ 4*16(Stack), X3
|
2017-07-27 17:11:56 -05:00
|
|
|
|
|
|
|
PADDL X0, X12
|
|
|
|
PADDL X1, X13
|
|
|
|
PADDL X2, X14
|
|
|
|
PADDL X3, X15
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
2017-07-27 17:11:56 -05:00
|
|
|
PADDL X0, X8
|
|
|
|
PADDL X1, X9
|
|
|
|
PADDL X2, X10
|
|
|
|
PADDL X3, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
2017-07-27 17:11:56 -05:00
|
|
|
PADDL X0, X4
|
|
|
|
PADDL X1, X5
|
|
|
|
PADDL X2, X6
|
|
|
|
PADDL X3, X7
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 64, X12, X13, X14, X15, X0)
|
|
|
|
XOR_SSE(Dst, Src, 128, X8, X9, X10, X11, X0)
|
|
|
|
MOVO 0*16(Stack), X0 // Restore X0
|
|
|
|
ADDQ $192, Dst
|
|
|
|
ADDQ $192, Src
|
|
|
|
SUBQ $192, Len
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
JZ DONE
|
|
|
|
CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
|
|
|
|
JLE GENERATE_KEYSTREAM_64
|
|
|
|
CMPQ Len, $128 // If 64 < Len <= 128 -> gen. only 128 byte keystream.
|
|
|
|
JLE GENERATE_KEYSTREAM_128
|
|
|
|
CMPQ Len, $192 // If Len > 192 -> repeat, otherwise Len > 128 && Len <= 192 -> gen. 192 byte keystream
|
|
|
|
JG GENERATE_KEYSTREAM_256
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_192:
|
|
|
|
MOVO X0, X12
|
|
|
|
MOVO X1, X13
|
|
|
|
MOVO X2, X14
|
|
|
|
MOVO X3, X15
|
|
|
|
MOVO X0, X8
|
|
|
|
MOVO X1, X9
|
|
|
|
MOVO X2, X10
|
|
|
|
MOVO X3, X11
|
|
|
|
PADDQ 4*16(Stack), X11
|
|
|
|
MOVO X0, X4
|
|
|
|
MOVO X1, X5
|
|
|
|
MOVO X2, X6
|
|
|
|
MOVO X11, X7
|
|
|
|
PADDQ 4*16(Stack), X7
|
|
|
|
MOVQ Rounds, Tmp0
|
2017-07-27 17:11:56 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_LOOP_192:
|
|
|
|
CHACHA_QROUND_SSE2(X12, X13, X14, X15, X0)
|
|
|
|
CHACHA_QROUND_SSE2(X8, X9, X10, X11, X0)
|
|
|
|
CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
|
|
|
|
CHACHA_SHUFFLE_SSE(X13, X14, X15)
|
|
|
|
CHACHA_SHUFFLE_SSE(X9, X10, X11)
|
|
|
|
CHACHA_SHUFFLE_SSE(X5, X6, X7)
|
|
|
|
CHACHA_QROUND_SSE2(X12, X13, X14, X15, X0)
|
|
|
|
CHACHA_QROUND_SSE2(X8, X9, X10, X11, X0)
|
|
|
|
CHACHA_QROUND_SSE2(X4, X5, X6, X7, X0)
|
|
|
|
CHACHA_SHUFFLE_SSE(X15, X14, X13)
|
|
|
|
CHACHA_SHUFFLE_SSE(X11, X10, X9)
|
|
|
|
CHACHA_SHUFFLE_SSE(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_192
|
|
|
|
|
|
|
|
MOVO 0*16(Stack), X0 // Restore X0
|
|
|
|
PADDL X0, X12
|
|
|
|
PADDL X1, X13
|
|
|
|
PADDL X2, X14
|
|
|
|
PADDL X3, X15
|
|
|
|
PADDQ 4*16(Stack), X3
|
2017-07-27 17:11:56 -05:00
|
|
|
PADDL X0, X8
|
|
|
|
PADDL X1, X9
|
|
|
|
PADDL X2, X10
|
|
|
|
PADDL X3, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
PADDL X0, X4
|
|
|
|
PADDL X1, X5
|
|
|
|
PADDL X2, X6
|
|
|
|
PADDL X3, X7
|
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X12, X13, X14, X15, X0)
|
|
|
|
XOR_SSE(Dst, Src, 64, X8, X9, X10, X11, X0)
|
|
|
|
MOVO 0*16(Stack), X0 // Restore X0
|
|
|
|
ADDQ $128, Dst
|
|
|
|
ADDQ $128, Src
|
|
|
|
SUBQ $128, Len
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
JZ DONE
|
|
|
|
CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
|
|
|
|
JLE GENERATE_KEYSTREAM_64
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_128:
|
2017-07-27 17:11:56 -05:00
|
|
|
MOVO X0, X8
|
|
|
|
MOVO X1, X9
|
|
|
|
MOVO X2, X10
|
|
|
|
MOVO X3, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVO X0, X4
|
|
|
|
MOVO X1, X5
|
|
|
|
MOVO X2, X6
|
|
|
|
MOVO X3, X7
|
|
|
|
PADDQ 4*16(Stack), X7
|
|
|
|
MOVQ Rounds, Tmp0
|
2017-07-27 17:11:56 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_LOOP_128:
|
2017-07-27 17:11:56 -05:00
|
|
|
CHACHA_QROUND_SSE2(X8, X9, X10, X11, X12)
|
|
|
|
CHACHA_QROUND_SSE2(X4, X5, X6, X7, X12)
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_SHUFFLE_SSE(X9, X10, X11)
|
|
|
|
CHACHA_SHUFFLE_SSE(X5, X6, X7)
|
2017-07-27 17:11:56 -05:00
|
|
|
CHACHA_QROUND_SSE2(X8, X9, X10, X11, X12)
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_QROUND_SSE2(X4, X5, X6, X7, X12)
|
|
|
|
CHACHA_SHUFFLE_SSE(X11, X10, X9)
|
|
|
|
CHACHA_SHUFFLE_SSE(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_128
|
2017-07-27 17:11:56 -05:00
|
|
|
|
|
|
|
PADDL X0, X8
|
|
|
|
PADDL X1, X9
|
|
|
|
PADDL X2, X10
|
|
|
|
PADDL X3, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
PADDL X0, X4
|
|
|
|
PADDL X1, X5
|
|
|
|
PADDL X2, X6
|
|
|
|
PADDL X3, X7
|
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X8, X9, X10, X11, X12)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
JZ DONE // If Len == 0 -> DONE, otherwise Len <= 64 -> gen 64 byte keystream
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_64:
|
|
|
|
MOVO X0, X4
|
|
|
|
MOVO X1, X5
|
|
|
|
MOVO X2, X6
|
|
|
|
MOVO X3, X7
|
|
|
|
MOVQ Rounds, Tmp0
|
|
|
|
|
|
|
|
CHACHA_LOOP_64:
|
|
|
|
CHACHA_QROUND_SSE2(X4, X5, X6, X7, X8)
|
|
|
|
CHACHA_SHUFFLE_SSE(X5, X6, X7)
|
|
|
|
CHACHA_QROUND_SSE2(X4, X5, X6, X7, X8)
|
|
|
|
CHACHA_SHUFFLE_SSE(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_64
|
2017-07-27 17:11:56 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDL X0, X4
|
|
|
|
PADDL X1, X5
|
|
|
|
PADDL X2, X6
|
|
|
|
PADDL X3, X7
|
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Src
|
|
|
|
ADDQ $64, Dst
|
|
|
|
SUBQ $64, Len
|
|
|
|
JMP DONE // jump directly to DONE - there is no keystream to buffer, Len == 0 always true.
|
|
|
|
|
|
|
|
BUFFER_KEYSTREAM:
|
|
|
|
MOVOU X4, 0*16(Buffer)
|
|
|
|
MOVOU X5, 1*16(Buffer)
|
|
|
|
MOVOU X6, 2*16(Buffer)
|
|
|
|
MOVOU X7, 3*16(Buffer)
|
|
|
|
MOVQ Len, Tmp0
|
|
|
|
FINALIZE(Dst, Src, Buffer, Tmp0, Tmp1, Tmp2)
|
|
|
|
|
|
|
|
DONE:
|
|
|
|
MOVQ SavedSP, Stack // Restore stack pointer
|
|
|
|
MOVOU X3, 3*16(State)
|
|
|
|
MOVQ Len, ret+72(FP)
|
2017-07-27 17:11:56 -05:00
|
|
|
RET
|
2017-05-27 14:30:11 -05:00
|
|
|
|
|
|
|
// func xorKeyStreamSSSE3(dst, src []byte, block, state *[64]byte, rounds int) int
|
2017-07-27 17:11:56 -05:00
|
|
|
TEXT ·xorKeyStreamSSSE3(SB), 4, $144-80
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVQ dst_base+0(FP), Dst
|
|
|
|
MOVQ src_base+24(FP), Src
|
|
|
|
MOVQ block+48(FP), Buffer
|
|
|
|
MOVQ state+56(FP), State
|
|
|
|
MOVQ rounds+64(FP), Rounds
|
|
|
|
MOVQ src_len+32(FP), Len
|
|
|
|
|
|
|
|
MOVOU 0*16(State), X0
|
|
|
|
MOVOU 1*16(State), X1
|
|
|
|
MOVOU 2*16(State), X2
|
|
|
|
MOVOU 3*16(State), X3
|
|
|
|
|
|
|
|
MOVQ Stack, SavedSP
|
|
|
|
ADDQ $16, Stack
|
|
|
|
ANDQ $-16, Stack
|
|
|
|
|
|
|
|
TESTQ Len, Len
|
|
|
|
JZ DONE
|
|
|
|
|
|
|
|
MOVOU ·one<>(SB), X4
|
|
|
|
MOVOU ·rol16<>(SB), X5
|
|
|
|
MOVOU ·rol8<>(SB), X6
|
|
|
|
MOVO X0, 0*16(Stack)
|
|
|
|
MOVO X1, 1*16(Stack)
|
|
|
|
MOVO X2, 2*16(Stack)
|
|
|
|
MOVO X3, 3*16(Stack)
|
|
|
|
MOVO X4, 4*16(Stack)
|
|
|
|
MOVO X5, 6*16(Stack)
|
|
|
|
MOVO X6, 7*16(Stack)
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JLE GENERATE_KEYSTREAM_64
|
|
|
|
CMPQ Len, $128
|
|
|
|
JLE GENERATE_KEYSTREAM_128
|
|
|
|
CMPQ Len, $192
|
|
|
|
JLE GENERATE_KEYSTREAM_192
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_256:
|
2017-07-27 17:11:56 -05:00
|
|
|
MOVO X0, X12
|
|
|
|
MOVO X1, X13
|
|
|
|
MOVO X2, X14
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVO X3, X15
|
|
|
|
PADDQ 4*16(Stack), X15
|
2017-07-27 17:11:56 -05:00
|
|
|
MOVO X0, X8
|
|
|
|
MOVO X1, X9
|
|
|
|
MOVO X2, X10
|
|
|
|
MOVO X15, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X11
|
|
|
|
MOVO X0, X4
|
|
|
|
MOVO X1, X5
|
|
|
|
MOVO X2, X6
|
|
|
|
MOVO X11, X7
|
|
|
|
PADDQ 4*16(Stack), X7
|
|
|
|
MOVQ Rounds, Tmp0
|
|
|
|
|
|
|
|
MOVO X3, 3*16(Stack) // Save X3
|
|
|
|
|
|
|
|
CHACHA_LOOP_256:
|
|
|
|
MOVO X4, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, 6*16(Stack), 7*16(Stack))
|
|
|
|
CHACHA_QROUND_SSSE3(X12, X13, X14, X15, X4, 6*16(Stack), 7*16(Stack))
|
|
|
|
MOVO 5*16(Stack), X4
|
|
|
|
MOVO X0, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X0, 6*16(Stack), 7*16(Stack))
|
|
|
|
CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X0, 6*16(Stack), 7*16(Stack))
|
|
|
|
MOVO 5*16(Stack), X0
|
|
|
|
CHACHA_SHUFFLE_SSE(X1, X2, X3)
|
|
|
|
CHACHA_SHUFFLE_SSE(X13, X14, X15)
|
|
|
|
CHACHA_SHUFFLE_SSE(X9, X10, X11)
|
|
|
|
CHACHA_SHUFFLE_SSE(X5, X6, X7)
|
|
|
|
MOVO X4, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_SSSE3(X0, X1, X2, X3, X4, 6*16(Stack), 7*16(Stack))
|
|
|
|
CHACHA_QROUND_SSSE3(X12, X13, X14, X15, X4, 6*16(Stack), 7*16(Stack))
|
|
|
|
MOVO 5*16(Stack), X4
|
|
|
|
MOVO X0, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X0, 6*16(Stack), 7*16(Stack))
|
|
|
|
CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X0, 6*16(Stack), 7*16(Stack))
|
|
|
|
MOVO 5*16(Stack), X0
|
|
|
|
CHACHA_SHUFFLE_SSE(X3, X2, X1)
|
|
|
|
CHACHA_SHUFFLE_SSE(X15, X14, X13)
|
|
|
|
CHACHA_SHUFFLE_SSE(X11, X10, X9)
|
|
|
|
CHACHA_SHUFFLE_SSE(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_256
|
|
|
|
|
|
|
|
PADDL 0*16(Stack), X0
|
|
|
|
PADDL 1*16(Stack), X1
|
|
|
|
PADDL 2*16(Stack), X2
|
|
|
|
PADDL 3*16(Stack), X3
|
|
|
|
MOVO X4, 5*16(Stack) // Save X4
|
|
|
|
XOR_SSE(Dst, Src, 0, X0, X1, X2, X3, X4)
|
|
|
|
MOVO 5*16(Stack), X4 // Restore X4
|
|
|
|
|
|
|
|
MOVO 0*16(Stack), X0
|
|
|
|
MOVO 1*16(Stack), X1
|
|
|
|
MOVO 2*16(Stack), X2
|
|
|
|
MOVO 3*16(Stack), X3
|
|
|
|
PADDQ 4*16(Stack), X3
|
2017-07-27 17:11:56 -05:00
|
|
|
|
|
|
|
PADDL X0, X12
|
|
|
|
PADDL X1, X13
|
|
|
|
PADDL X2, X14
|
|
|
|
PADDL X3, X15
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
2017-07-27 17:11:56 -05:00
|
|
|
PADDL X0, X8
|
|
|
|
PADDL X1, X9
|
|
|
|
PADDL X2, X10
|
|
|
|
PADDL X3, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
2017-07-27 17:11:56 -05:00
|
|
|
PADDL X0, X4
|
|
|
|
PADDL X1, X5
|
|
|
|
PADDL X2, X6
|
|
|
|
PADDL X3, X7
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 64, X12, X13, X14, X15, X0)
|
|
|
|
XOR_SSE(Dst, Src, 128, X8, X9, X10, X11, X0)
|
|
|
|
MOVO 0*16(Stack), X0 // Restore X0
|
|
|
|
ADDQ $192, Dst
|
|
|
|
ADDQ $192, Src
|
|
|
|
SUBQ $192, Len
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
JZ DONE
|
|
|
|
CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
|
|
|
|
JLE GENERATE_KEYSTREAM_64
|
|
|
|
CMPQ Len, $128 // If 64 < Len <= 128 -> gen. only 128 byte keystream.
|
|
|
|
JLE GENERATE_KEYSTREAM_128
|
|
|
|
CMPQ Len, $192 // If Len > 192 -> repeat, otherwise Len > 128 && Len <= 192 -> gen. 192 byte keystream
|
|
|
|
JG GENERATE_KEYSTREAM_256
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_192:
|
|
|
|
MOVO X0, X12
|
|
|
|
MOVO X1, X13
|
|
|
|
MOVO X2, X14
|
|
|
|
MOVO X3, X15
|
|
|
|
MOVO X0, X8
|
|
|
|
MOVO X1, X9
|
|
|
|
MOVO X2, X10
|
|
|
|
MOVO X3, X11
|
|
|
|
PADDQ 4*16(Stack), X11
|
|
|
|
MOVO X0, X4
|
|
|
|
MOVO X1, X5
|
|
|
|
MOVO X2, X6
|
|
|
|
MOVO X11, X7
|
|
|
|
PADDQ 4*16(Stack), X7
|
|
|
|
MOVQ Rounds, Tmp0
|
|
|
|
|
|
|
|
MOVO 6*16(Stack), X1 // Load 16 bit rotate-left constant
|
|
|
|
MOVO 7*16(Stack), X2 // Load 8 bit rotate-left constant
|
|
|
|
|
|
|
|
CHACHA_LOOP_192:
|
|
|
|
CHACHA_QROUND_SSSE3(X12, X13, X14, X15, X0, X1, X2)
|
|
|
|
CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X0, X1, X2)
|
|
|
|
CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X0, X1, X2)
|
|
|
|
CHACHA_SHUFFLE_SSE(X13, X14, X15)
|
|
|
|
CHACHA_SHUFFLE_SSE(X9, X10, X11)
|
|
|
|
CHACHA_SHUFFLE_SSE(X5, X6, X7)
|
|
|
|
CHACHA_QROUND_SSSE3(X12, X13, X14, X15, X0, X1, X2)
|
|
|
|
CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X0, X1, X2)
|
|
|
|
CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X0, X1, X2)
|
|
|
|
CHACHA_SHUFFLE_SSE(X15, X14, X13)
|
|
|
|
CHACHA_SHUFFLE_SSE(X11, X10, X9)
|
|
|
|
CHACHA_SHUFFLE_SSE(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_192
|
|
|
|
|
|
|
|
MOVO 0*16(Stack), X0 // Restore X0
|
|
|
|
MOVO 1*16(Stack), X1 // Restore X1
|
|
|
|
MOVO 2*16(Stack), X2 // Restore X2
|
|
|
|
PADDL X0, X12
|
|
|
|
PADDL X1, X13
|
|
|
|
PADDL X2, X14
|
|
|
|
PADDL X3, X15
|
|
|
|
PADDQ 4*16(Stack), X3
|
2017-07-27 17:11:56 -05:00
|
|
|
PADDL X0, X8
|
|
|
|
PADDL X1, X9
|
|
|
|
PADDL X2, X10
|
|
|
|
PADDL X3, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
PADDL X0, X4
|
|
|
|
PADDL X1, X5
|
|
|
|
PADDL X2, X6
|
|
|
|
PADDL X3, X7
|
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X12, X13, X14, X15, X0)
|
|
|
|
XOR_SSE(Dst, Src, 64, X8, X9, X10, X11, X0)
|
|
|
|
MOVO 0*16(Stack), X0 // Restore X0
|
|
|
|
ADDQ $128, Dst
|
|
|
|
ADDQ $128, Src
|
|
|
|
SUBQ $128, Len
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
JZ DONE
|
|
|
|
CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
|
|
|
|
JLE GENERATE_KEYSTREAM_64
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_128:
|
2017-07-27 17:11:56 -05:00
|
|
|
MOVO X0, X8
|
|
|
|
MOVO X1, X9
|
|
|
|
MOVO X2, X10
|
|
|
|
MOVO X3, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVO X0, X4
|
|
|
|
MOVO X1, X5
|
|
|
|
MOVO X2, X6
|
|
|
|
MOVO X3, X7
|
|
|
|
PADDQ 4*16(Stack), X7
|
|
|
|
MOVQ Rounds, Tmp0
|
2017-07-27 17:11:56 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
MOVO 6*16(Stack), X13 // Load 16 bit rotate-left constant
|
|
|
|
MOVO 7*16(Stack), X14 // Load 8 bit rotate-left constant
|
2017-07-27 17:11:56 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_LOOP_128:
|
2017-07-27 17:11:56 -05:00
|
|
|
CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X12, X13, X14)
|
|
|
|
CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X12, X13, X14)
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_SHUFFLE_SSE(X9, X10, X11)
|
|
|
|
CHACHA_SHUFFLE_SSE(X5, X6, X7)
|
2017-07-27 17:11:56 -05:00
|
|
|
CHACHA_QROUND_SSSE3(X8, X9, X10, X11, X12, X13, X14)
|
2018-09-02 16:18:54 -05:00
|
|
|
CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X12, X13, X14)
|
|
|
|
CHACHA_SHUFFLE_SSE(X11, X10, X9)
|
|
|
|
CHACHA_SHUFFLE_SSE(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_128
|
2017-07-27 17:11:56 -05:00
|
|
|
|
|
|
|
PADDL X0, X8
|
|
|
|
PADDL X1, X9
|
|
|
|
PADDL X2, X10
|
|
|
|
PADDL X3, X11
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
PADDL X0, X4
|
|
|
|
PADDL X1, X5
|
|
|
|
PADDL X2, X6
|
|
|
|
PADDL X3, X7
|
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X8, X9, X10, X11, X12)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
JZ DONE // If Len == 0 -> DONE, otherwise Len <= 64 -> gen 64 byte keystream
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_64:
|
|
|
|
MOVO X0, X4
|
|
|
|
MOVO X1, X5
|
|
|
|
MOVO X2, X6
|
|
|
|
MOVO X3, X7
|
|
|
|
MOVQ Rounds, Tmp0
|
|
|
|
|
|
|
|
MOVO 6*16(Stack), X9 // Load 16 bit rotate-left constant
|
|
|
|
MOVO 7*16(Stack), X10 // Load 8 bit rotate-left constant
|
|
|
|
|
|
|
|
CHACHA_LOOP_64:
|
|
|
|
CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X8, X9, X10)
|
|
|
|
CHACHA_SHUFFLE_SSE(X5, X6, X7)
|
|
|
|
CHACHA_QROUND_SSSE3(X4, X5, X6, X7, X8, X9, X10)
|
|
|
|
CHACHA_SHUFFLE_SSE(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_64
|
2017-07-27 17:11:56 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
PADDL X0, X4
|
|
|
|
PADDL X1, X5
|
|
|
|
PADDL X2, X6
|
|
|
|
PADDL X3, X7
|
|
|
|
PADDQ 4*16(Stack), X3
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_SSE(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Src
|
|
|
|
ADDQ $64, Dst
|
|
|
|
SUBQ $64, Len
|
|
|
|
JMP DONE // jump directly to DONE - there is no keystream to buffer, Len == 0 always true.
|
|
|
|
|
|
|
|
BUFFER_KEYSTREAM:
|
|
|
|
MOVOU X4, 0*16(Buffer)
|
|
|
|
MOVOU X5, 1*16(Buffer)
|
|
|
|
MOVOU X6, 2*16(Buffer)
|
|
|
|
MOVOU X7, 3*16(Buffer)
|
|
|
|
MOVQ Len, Tmp0
|
|
|
|
FINALIZE(Dst, Src, Buffer, Tmp0, Tmp1, Tmp2)
|
|
|
|
|
|
|
|
DONE:
|
|
|
|
MOVQ SavedSP, Stack // Restore stack pointer
|
|
|
|
MOVOU X3, 3*16(State)
|
|
|
|
MOVQ Len, ret+72(FP)
|
2017-07-27 17:11:56 -05:00
|
|
|
RET
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
// func xorKeyStreamAVX(dst, src []byte, block, state *[64]byte, rounds int) int
|
|
|
|
TEXT ·xorKeyStreamAVX(SB), 4, $144-80
|
|
|
|
MOVQ dst_base+0(FP), Dst
|
|
|
|
MOVQ src_base+24(FP), Src
|
|
|
|
MOVQ block+48(FP), Buffer
|
|
|
|
MOVQ state+56(FP), State
|
|
|
|
MOVQ rounds+64(FP), Rounds
|
|
|
|
MOVQ src_len+32(FP), Len
|
|
|
|
|
|
|
|
VMOVDQU 0*16(State), X0
|
|
|
|
VMOVDQU 1*16(State), X1
|
|
|
|
VMOVDQU 2*16(State), X2
|
|
|
|
VMOVDQU 3*16(State), X3
|
|
|
|
|
|
|
|
MOVQ Stack, SavedSP
|
|
|
|
ADDQ $16, Stack
|
|
|
|
ANDQ $-16, Stack
|
|
|
|
|
|
|
|
TESTQ Len, Len
|
|
|
|
JZ DONE
|
|
|
|
|
|
|
|
VMOVDQU ·one<>(SB), X4
|
|
|
|
VMOVDQU ·rol16<>(SB), X5
|
|
|
|
VMOVDQU ·rol8<>(SB), X6
|
|
|
|
VMOVDQA X0, 0*16(Stack)
|
|
|
|
VMOVDQA X1, 1*16(Stack)
|
|
|
|
VMOVDQA X2, 2*16(Stack)
|
|
|
|
VMOVDQA X3, 3*16(Stack)
|
|
|
|
VMOVDQA X4, 4*16(Stack)
|
|
|
|
VMOVDQA X5, 6*16(Stack)
|
|
|
|
VMOVDQA X6, 7*16(Stack)
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JLE GENERATE_KEYSTREAM_64
|
|
|
|
CMPQ Len, $128
|
|
|
|
JLE GENERATE_KEYSTREAM_128
|
|
|
|
CMPQ Len, $192
|
|
|
|
JLE GENERATE_KEYSTREAM_192
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_256:
|
|
|
|
VMOVDQA X0, X12
|
|
|
|
VMOVDQA X1, X13
|
|
|
|
VMOVDQA X2, X14
|
|
|
|
VMOVDQA X3, X15
|
|
|
|
VPADDQ 4*16(Stack), X15, X15
|
|
|
|
VMOVDQA X0, X8
|
|
|
|
VMOVDQA X1, X9
|
|
|
|
VMOVDQA X2, X10
|
|
|
|
VMOVDQA X15, X11
|
|
|
|
VPADDQ 4*16(Stack), X11, X11
|
|
|
|
VMOVDQA X0, X4
|
|
|
|
VMOVDQA X1, X5
|
|
|
|
VMOVDQA X2, X6
|
|
|
|
VMOVDQA X11, X7
|
|
|
|
VPADDQ 4*16(Stack), X7, X7
|
|
|
|
MOVQ Rounds, Tmp0
|
|
|
|
|
|
|
|
VMOVDQA X3, 3*16(Stack) // Save X3
|
|
|
|
|
|
|
|
CHACHA_LOOP_256:
|
|
|
|
VMOVDQA X4, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_AVX(X0, X1, X2, X3, X4, 6*16(Stack), 7*16(Stack))
|
|
|
|
CHACHA_QROUND_AVX(X12, X13, X14, X15, X4, 6*16(Stack), 7*16(Stack))
|
|
|
|
VMOVDQA 5*16(Stack), X4
|
|
|
|
VMOVDQA X0, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_AVX(X8, X9, X10, X11, X0, 6*16(Stack), 7*16(Stack))
|
|
|
|
CHACHA_QROUND_AVX(X4, X5, X6, X7, X0, 6*16(Stack), 7*16(Stack))
|
|
|
|
VMOVDQA 5*16(Stack), X0
|
|
|
|
CHACHA_SHUFFLE_AVX(X1, X2, X3)
|
|
|
|
CHACHA_SHUFFLE_AVX(X13, X14, X15)
|
|
|
|
CHACHA_SHUFFLE_AVX(X9, X10, X11)
|
|
|
|
CHACHA_SHUFFLE_AVX(X5, X6, X7)
|
|
|
|
VMOVDQA X4, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_AVX(X0, X1, X2, X3, X4, 6*16(Stack), 7*16(Stack))
|
|
|
|
CHACHA_QROUND_AVX(X12, X13, X14, X15, X4, 6*16(Stack), 7*16(Stack))
|
|
|
|
VMOVDQA 5*16(Stack), X4
|
|
|
|
VMOVDQA X0, 5*16(Stack)
|
|
|
|
CHACHA_QROUND_AVX(X8, X9, X10, X11, X0, 6*16(Stack), 7*16(Stack))
|
|
|
|
CHACHA_QROUND_AVX(X4, X5, X6, X7, X0, 6*16(Stack), 7*16(Stack))
|
|
|
|
VMOVDQA 5*16(Stack), X0
|
|
|
|
CHACHA_SHUFFLE_AVX(X3, X2, X1)
|
|
|
|
CHACHA_SHUFFLE_AVX(X15, X14, X13)
|
|
|
|
CHACHA_SHUFFLE_AVX(X11, X10, X9)
|
|
|
|
CHACHA_SHUFFLE_AVX(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_256
|
|
|
|
|
|
|
|
VPADDD 0*16(Stack), X0, X0
|
|
|
|
VPADDD 1*16(Stack), X1, X1
|
|
|
|
VPADDD 2*16(Stack), X2, X2
|
|
|
|
VPADDD 3*16(Stack), X3, X3
|
|
|
|
VMOVDQA X4, 5*16(Stack) // Save X4
|
|
|
|
XOR_AVX(Dst, Src, 0, X0, X1, X2, X3, X4)
|
|
|
|
VMOVDQA 5*16(Stack), X4 // Restore X4
|
|
|
|
|
|
|
|
VMOVDQA 0*16(Stack), X0
|
|
|
|
VMOVDQA 1*16(Stack), X1
|
|
|
|
VMOVDQA 2*16(Stack), X2
|
|
|
|
VMOVDQA 3*16(Stack), X3
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
|
|
|
|
VPADDD X0, X12, X12
|
|
|
|
VPADDD X1, X13, X13
|
|
|
|
VPADDD X2, X14, X14
|
|
|
|
VPADDD X3, X15, X15
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
VPADDD X0, X8, X8
|
|
|
|
VPADDD X1, X9, X9
|
|
|
|
VPADDD X2, X10, X10
|
|
|
|
VPADDD X3, X11, X11
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
VPADDD X0, X4, X4
|
|
|
|
VPADDD X1, X5, X5
|
|
|
|
VPADDD X2, X6, X6
|
|
|
|
VPADDD X3, X7, X7
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
|
|
|
|
XOR_AVX(Dst, Src, 64, X12, X13, X14, X15, X0)
|
|
|
|
XOR_AVX(Dst, Src, 128, X8, X9, X10, X11, X0)
|
|
|
|
VMOVDQA 0*16(Stack), X0 // Restore X0
|
|
|
|
ADDQ $192, Dst
|
|
|
|
ADDQ $192, Src
|
|
|
|
SUBQ $192, Len
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_AVX(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
JZ DONE
|
|
|
|
CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
|
|
|
|
JLE GENERATE_KEYSTREAM_64
|
|
|
|
CMPQ Len, $128 // If 64 < Len <= 128 -> gen. only 128 byte keystream.
|
|
|
|
JLE GENERATE_KEYSTREAM_128
|
|
|
|
CMPQ Len, $192 // If Len > 192 -> repeat, otherwise Len > 128 && Len <= 192 -> gen. 192 byte keystream
|
|
|
|
JG GENERATE_KEYSTREAM_256
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_192:
|
|
|
|
VMOVDQA X0, X12
|
|
|
|
VMOVDQA X1, X13
|
|
|
|
VMOVDQA X2, X14
|
|
|
|
VMOVDQA X3, X15
|
|
|
|
VMOVDQA X0, X8
|
|
|
|
VMOVDQA X1, X9
|
|
|
|
VMOVDQA X2, X10
|
|
|
|
VMOVDQA X3, X11
|
|
|
|
VPADDQ 4*16(Stack), X11, X11
|
|
|
|
VMOVDQA X0, X4
|
|
|
|
VMOVDQA X1, X5
|
|
|
|
VMOVDQA X2, X6
|
|
|
|
VMOVDQA X11, X7
|
|
|
|
VPADDQ 4*16(Stack), X7, X7
|
|
|
|
MOVQ Rounds, Tmp0
|
|
|
|
|
|
|
|
VMOVDQA 6*16(Stack), X1 // Load 16 bit rotate-left constant
|
|
|
|
VMOVDQA 7*16(Stack), X2 // Load 8 bit rotate-left constant
|
|
|
|
|
|
|
|
CHACHA_LOOP_192:
|
|
|
|
CHACHA_QROUND_AVX(X12, X13, X14, X15, X0, X1, X2)
|
|
|
|
CHACHA_QROUND_AVX(X8, X9, X10, X11, X0, X1, X2)
|
|
|
|
CHACHA_QROUND_AVX(X4, X5, X6, X7, X0, X1, X2)
|
|
|
|
CHACHA_SHUFFLE_AVX(X13, X14, X15)
|
|
|
|
CHACHA_SHUFFLE_AVX(X9, X10, X11)
|
|
|
|
CHACHA_SHUFFLE_AVX(X5, X6, X7)
|
|
|
|
CHACHA_QROUND_AVX(X12, X13, X14, X15, X0, X1, X2)
|
|
|
|
CHACHA_QROUND_AVX(X8, X9, X10, X11, X0, X1, X2)
|
|
|
|
CHACHA_QROUND_AVX(X4, X5, X6, X7, X0, X1, X2)
|
|
|
|
CHACHA_SHUFFLE_AVX(X15, X14, X13)
|
|
|
|
CHACHA_SHUFFLE_AVX(X11, X10, X9)
|
|
|
|
CHACHA_SHUFFLE_AVX(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_192
|
|
|
|
|
|
|
|
VMOVDQA 0*16(Stack), X0 // Restore X0
|
|
|
|
VMOVDQA 1*16(Stack), X1 // Restore X1
|
|
|
|
VMOVDQA 2*16(Stack), X2 // Restore X2
|
|
|
|
VPADDD X0, X12, X12
|
|
|
|
VPADDD X1, X13, X13
|
|
|
|
VPADDD X2, X14, X14
|
|
|
|
VPADDD X3, X15, X15
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
VPADDD X0, X8, X8
|
|
|
|
VPADDD X1, X9, X9
|
|
|
|
VPADDD X2, X10, X10
|
|
|
|
VPADDD X3, X11, X11
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
VPADDD X0, X4, X4
|
|
|
|
VPADDD X1, X5, X5
|
|
|
|
VPADDD X2, X6, X6
|
|
|
|
VPADDD X3, X7, X7
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
|
|
|
|
XOR_AVX(Dst, Src, 0, X12, X13, X14, X15, X0)
|
|
|
|
XOR_AVX(Dst, Src, 64, X8, X9, X10, X11, X0)
|
|
|
|
VMOVDQA 0*16(Stack), X0 // Restore X0
|
|
|
|
ADDQ $128, Dst
|
|
|
|
ADDQ $128, Src
|
|
|
|
SUBQ $128, Len
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_AVX(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
JZ DONE
|
|
|
|
CMPQ Len, $64 // If Len <= 64 -> gen. only 64 byte keystream.
|
|
|
|
JLE GENERATE_KEYSTREAM_64
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_128:
|
|
|
|
VMOVDQA X0, X8
|
|
|
|
VMOVDQA X1, X9
|
|
|
|
VMOVDQA X2, X10
|
|
|
|
VMOVDQA X3, X11
|
|
|
|
VMOVDQA X0, X4
|
|
|
|
VMOVDQA X1, X5
|
|
|
|
VMOVDQA X2, X6
|
|
|
|
VMOVDQA X3, X7
|
|
|
|
VPADDQ 4*16(Stack), X7, X7
|
|
|
|
MOVQ Rounds, Tmp0
|
|
|
|
|
|
|
|
VMOVDQA 6*16(Stack), X13 // Load 16 bit rotate-left constant
|
|
|
|
VMOVDQA 7*16(Stack), X14 // Load 8 bit rotate-left constant
|
|
|
|
|
|
|
|
CHACHA_LOOP_128:
|
|
|
|
CHACHA_QROUND_AVX(X8, X9, X10, X11, X12, X13, X14)
|
|
|
|
CHACHA_QROUND_AVX(X4, X5, X6, X7, X12, X13, X14)
|
|
|
|
CHACHA_SHUFFLE_AVX(X9, X10, X11)
|
|
|
|
CHACHA_SHUFFLE_AVX(X5, X6, X7)
|
|
|
|
CHACHA_QROUND_AVX(X8, X9, X10, X11, X12, X13, X14)
|
|
|
|
CHACHA_QROUND_AVX(X4, X5, X6, X7, X12, X13, X14)
|
|
|
|
CHACHA_SHUFFLE_AVX(X11, X10, X9)
|
|
|
|
CHACHA_SHUFFLE_AVX(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_128
|
|
|
|
|
|
|
|
VPADDD X0, X8, X8
|
|
|
|
VPADDD X1, X9, X9
|
|
|
|
VPADDD X2, X10, X10
|
|
|
|
VPADDD X3, X11, X11
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
VPADDD X0, X4, X4
|
|
|
|
VPADDD X1, X5, X5
|
|
|
|
VPADDD X2, X6, X6
|
|
|
|
VPADDD X3, X7, X7
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
|
|
|
|
XOR_AVX(Dst, Src, 0, X8, X9, X10, X11, X12)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_AVX(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Dst
|
|
|
|
ADDQ $64, Src
|
|
|
|
SUBQ $64, Len
|
|
|
|
JZ DONE // If Len == 0 -> DONE, otherwise Len <= 64 -> gen 64 byte keystream
|
|
|
|
|
|
|
|
GENERATE_KEYSTREAM_64:
|
|
|
|
VMOVDQA X0, X4
|
|
|
|
VMOVDQA X1, X5
|
|
|
|
VMOVDQA X2, X6
|
|
|
|
VMOVDQA X3, X7
|
|
|
|
MOVQ Rounds, Tmp0
|
|
|
|
|
|
|
|
VMOVDQA 6*16(Stack), X9 // Load 16 bit rotate-left constant
|
|
|
|
VMOVDQA 7*16(Stack), X10 // Load 8 bit rotate-left constant
|
|
|
|
|
|
|
|
CHACHA_LOOP_64:
|
|
|
|
CHACHA_QROUND_AVX(X4, X5, X6, X7, X8, X9, X10)
|
|
|
|
CHACHA_SHUFFLE_AVX(X5, X6, X7)
|
|
|
|
CHACHA_QROUND_AVX(X4, X5, X6, X7, X8, X9, X10)
|
|
|
|
CHACHA_SHUFFLE_AVX(X7, X6, X5)
|
|
|
|
SUBQ $2, Tmp0
|
|
|
|
JNZ CHACHA_LOOP_64
|
|
|
|
|
|
|
|
VPADDD X0, X4, X4
|
|
|
|
VPADDD X1, X5, X5
|
|
|
|
VPADDD X2, X6, X6
|
|
|
|
VPADDD X3, X7, X7
|
|
|
|
VPADDQ 4*16(Stack), X3, X3
|
|
|
|
|
|
|
|
CMPQ Len, $64
|
|
|
|
JL BUFFER_KEYSTREAM
|
|
|
|
|
|
|
|
XOR_AVX(Dst, Src, 0, X4, X5, X6, X7, X8)
|
|
|
|
ADDQ $64, Src
|
|
|
|
ADDQ $64, Dst
|
|
|
|
SUBQ $64, Len
|
|
|
|
JMP DONE // jump directly to DONE - there is no keystream to buffer, Len == 0 always true.
|
|
|
|
|
|
|
|
BUFFER_KEYSTREAM:
|
|
|
|
VMOVDQU X4, 0*16(Buffer)
|
|
|
|
VMOVDQU X5, 1*16(Buffer)
|
|
|
|
VMOVDQU X6, 2*16(Buffer)
|
|
|
|
VMOVDQU X7, 3*16(Buffer)
|
|
|
|
MOVQ Len, Tmp0
|
|
|
|
FINALIZE(Dst, Src, Buffer, Tmp0, Tmp1, Tmp2)
|
|
|
|
|
|
|
|
DONE:
|
|
|
|
MOVQ SavedSP, Stack // Restore stack pointer
|
|
|
|
VMOVDQU X3, 3*16(State)
|
|
|
|
VZEROUPPER
|
|
|
|
MOVQ Len, ret+72(FP)
|
2017-07-27 17:11:56 -05:00
|
|
|
RET
|
2017-05-27 14:30:11 -05:00
|
|
|
|
2018-09-02 16:18:54 -05:00
|
|
|
#undef Dst
|
|
|
|
#undef Src
|
|
|
|
#undef Len
|
|
|
|
#undef Rounds
|
|
|
|
#undef Buffer
|
|
|
|
#undef State
|
|
|
|
#undef Stack
|
|
|
|
#undef SavedSP
|
|
|
|
#undef Tmp0
|
|
|
|
#undef Tmp1
|
|
|
|
#undef Tmp2
|