Crypt-Bear
view release on metacpan or search on metacpan
src/symcipher/aes_pwr8_ctrcbc.c view on Meta::CPAN
vxor(16, 16, 17) \
BLOCK_ENCRYPT_ ## size(16) \
addi(%[buf], %[buf], 16) \
\
bdnz(loop) \
\
/* \
* Write back new CBC-MAC value. \
*/ \
BYTESWAP(16) \
stxvw4x(48, %[cc], %[cbcmac]) \
\
: [cc] "+b" (cc), [buf] "+b" (buf) \
: [sk] "b" (sk), [cbcmac] "b" (cbcmac), [num_blocks] "b" (num_blocks) \
BYTESWAP_REG \
: "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", \
"v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", \
"v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", \
"v30", "ctr", "memory" \
); \
}
MKCBCMAC(128)
MKCBCMAC(192)
MKCBCMAC(256)
#define MKENCRYPT(size) \
static void \
ctrcbc_ ## size ## _encrypt(const unsigned char *sk, \
unsigned char *ctr, unsigned char *cbcmac, unsigned char *buf, \
size_t num_blocks) \
{ \
long cc; \
\
cc = 0; \
asm volatile ( \
\
/* \
* Load subkeys into v0..v10 \
*/ \
LOAD_SUBKEYS_ ## size \
li(%[cc], 0) \
\
BYTESWAP_INIT \
INCR_128_INIT \
\
/* \
* Load current CTR counter into v16, and current \
* CBC-MAC IV into v17. \
*/ \
lxvw4x(48, %[cc], %[ctr]) \
lxvw4x(49, %[cc], %[cbcmac]) \
BYTESWAP(16) \
BYTESWAP(17) \
\
/* \
* At each iteration, we do two parallel encryption: \
* - new counter value for encryption of the next block; \
* - CBC-MAC over the previous encrypted block. \
* Thus, each plaintext block implies two AES instances, \
* over two successive iterations. This requires a single \
* counter encryption before the loop, and a single \
* CBC-MAC encryption after the loop. \
*/ \
\
/* \
* Encrypt first block (into v20). \
*/ \
lxvw4x(52, %[cc], %[buf]) \
BYTESWAP(20) \
INCR_128(22, 16) \
BLOCK_ENCRYPT_ ## size(16) \
vxor(20, 20, 16) \
BYTESWAPX(21, 20) \
stxvw4x(53, %[cc], %[buf]) \
vand(16, 22, 22) \
addi(%[buf], %[buf], 16) \
\
/* \
* Load loop counter; skip the loop if there is only \
* one block in total (already handled by the boundary \
* conditions). \
*/ \
mtctr(%[num_blocks]) \
bdz(fastexit) \
\
label(loop) \
/* \
* Upon loop entry: \
* v16 counter value for next block \
* v17 current CBC-MAC value \
* v20 encrypted previous block \
*/ \
vxor(17, 17, 20) \
INCR_128(22, 16) \
lxvw4x(52, %[cc], %[buf]) \
BYTESWAP(20) \
BLOCK_ENCRYPT_X2_ ## size(16, 17) \
vxor(20, 20, 16) \
BYTESWAPX(21, 20) \
stxvw4x(53, %[cc], %[buf]) \
addi(%[buf], %[buf], 16) \
vand(16, 22, 22) \
\
bdnz(loop) \
\
label(fastexit) \
vxor(17, 17, 20) \
BLOCK_ENCRYPT_ ## size(17) \
BYTESWAP(16) \
BYTESWAP(17) \
stxvw4x(48, %[cc], %[ctr]) \
stxvw4x(49, %[cc], %[cbcmac]) \
\
: [cc] "+b" (cc), [buf] "+b" (buf) \
: [sk] "b" (sk), [ctr] "b" (ctr), [cbcmac] "b" (cbcmac), \
[num_blocks] "b" (num_blocks), [ctrinc] "b" (ctrinc) \
BYTESWAP_REG \
: "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", \
"v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", \
"v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", \
( run in 0.822 second using v1.01-cache-2.11-cpan-71847e10f99 )