Home
last modified time | relevance | path

Searched refs:Xi (Results 1 – 25 of 55) sorted by relevance

123

/src/crypto/openssl/crypto/modes/asm/
H A Dghash-x86_64.pl138 $Xi="%rdi";
261 movzb 15($Xi),$Zlo
264 &loop ($Xi);
266 mov $Zlo,8($Xi)
267 mov $Zhi,($Xi)
343 &mov ($Zlo,"8($Xi)");
344 &mov ($Zhi,"0($Xi)");
354 &mov ("($Xi)",$Zhi);
355 &mov ("8($Xi)","%rdx");
390 &mov ($dat,"$j($Xi)") if (--$j%4==0);
[all …]
H A Dghash-x86.pl838 ($Xi,$Xhi)=("xmm0","xmm1"); $Hkey="xmm2";
845 my ($Xhi,$Xi,$Hkey,$HK)=@_;
847 &movdqa ($Xhi,$Xi); #
848 &pshufd ($T1,$Xi,0b01001110);
850 &pxor ($T1,$Xi); #
854 &pclmulqdq ($Xi,$Hkey,0x00); #######
857 &xorps ($T1,$Xi); #
864 &pxor ($Xi,$T2); #
873 my ($Xhi,$Xi,$Hkey)=@_;
875 &movdqa ($T1,$Xi); #
[all …]
H A Daesni-gcm-x86_64.pl85 $Z0,$Z1,$Z2,$Z3,$Xi) = map("%xmm$_",(0..8));
143 vpxor $Z0,$Xi,$Xi # modulo-scheduled
154 vpxor 16+8(%rsp),$Xi,$Xi # modulo-scheduled [vpxor $Z3,$Xi,$Xi]
218 vpxor 0x70+8(%rsp),$Xi,$Xi # accumulate I[0]
232 vpclmulqdq \$0x10,$Hkey,$Xi,$Z1
235 vpclmulqdq \$0x01,$Hkey,$Xi,$T1
239 vpclmulqdq \$0x00,$Hkey,$Xi,$T2
242 vpclmulqdq \$0x11,$Hkey,$Xi,$Xi
257 vpxor $Xi,$Z3,$Z3
347 vmovdqu $Z3,16+8(%rsp) # postpone vpxor $Z3,$Xi,$Xi
[all …]
H A Dghash-riscv64.pl147 my ($Xi,$Htable,$x0,$x1,$y0,$y1) = ("a0","a1","a4","a5","a6","a7");
156 ld $x0, 0($Xi)
157 ld $x1, 8($Xi)
196 sd $x0, 0($Xi)
197 sd $x1, 8($Xi)
204 my ($Xi,$Htable,$x0,$x1,$y0,$y1) = ("a0","a1","a4","a5","a6","a7");
213 ld $x0, 0($Xi)
214 ld $x1, 8($Xi)
253 sd $x0, 0($Xi)
254 sd $x1, 8($Xi)
[all …]
H A Dghash-s390x.pl67 $Xi="%r2"; # argument block
96 aghi $Xi,-1
101 lg $Zlo,8+1($Xi) # Xi
121 lmg %r0,%r1,0($Xi)
130 stmg %r0,%r1,0($Xi)
141 aghi $Xi,-1
146 lg $Zlo,8+1($Xi) # Xi
147 lg $Zhi,0+1($Xi)
153 stg $Zlo,8+1($Xi)
154 stg $Zhi,0+1($Xi)
[all …]
H A Dghash-armv4.pl98 $Xi="r0"; # argument block
126 str $_,[$Xi,#$i]
128 str $_,[$Xi,#$i]
131 strb $_,[$Xi,#$i+3]
133 strb $Tlh,[$Xi,#$i+2]
135 strb $Thl,[$Xi,#$i+1]
136 strb $Thh,[$Xi,#$i]
197 ldrb $nhi,[$Xi,#15]
215 ldrb $nhi,[$Xi,#14]
254 ldrplb $Tll,[$Xi,$cnt]
[all …]
H A Dghash-riscv64-zvkb-zvbc.pl124 my ($Xi,$Htable,$TMP0,$TMP1,$TMP2,$TMP3,$TMP4) = ("a0","a1","t0","t1","t2","t3","t4");
141 add $Xi, $Xi, 8
146 @{[vlse64_v $V5, $Xi, $TMP4]} # vlse64.v v5, (a0), t4
229 @{[vsse64_v $V2, $Xi, $TMP4]} # vsse64.v v2, (a0), t4
245 my ($Xi,$Htable,$inp,$len,$TMP0,$TMP1,$TMP2,$TMP3,$M8,$TMP5,$TMP6) = ("a0","a1","a2","a3","t0","t1"…
261 add $Xi, $Xi, 8
267 @{[vlse64_v $V5, $Xi, $M8]} # vlse64.v v5, (a0), t4
362 @{[vsse64_v $V5, $Xi, $M8]} # vsse64.v v2, (a0), t4
H A Dghash-riscv64-zvkg.pl113 my ($Xi,$Htable) = ("a0","a1");
123 @{[vle32_v $VD, $Xi]}
125 @{[vse32_v $VD, $Xi]}
141 my ($Xi,$Htable,$inp,$len) = ("a0","a1","a2","a3");
151 @{[vle32_v $vXi, $Xi]}
160 @{[vse32_v $vXi, $Xi]}
H A Dghash-parisc.pl63 $Xi="%r26"; # argument block
134 ldb 15($Xi),$nlo
146 ldb 14($Xi),$nlo
175 ldbx $cnt($Xi),$nlo
215 std $Zll,8($Xi)
216 std $Zhh,0($Xi)
224 ldb 15($Xi),$nlo
237 ldb 14($Xi),$nlo
268 ldbx $cnt($Xi),$nlo
323 stw $Zll,12($Xi)
[all …]
/src/crypto/openssl/crypto/sha/asm/
H A Dsha1-mb-x86_64.pl101 @Xi=map("%xmm$_",(10..14));
107 @Xi=map("%xmm$_",(0..4));
140 movd (@ptr[0]),@Xi[0]
142 movd (@ptr[1]),@Xi[2] # borrow @Xi[2]
144 movd (@ptr[2]),@Xi[3] # borrow @Xi[3]
146 movd (@ptr[3]),@Xi[4] # borrow @Xi[4]
148 punpckldq @Xi[3],@Xi[0]
149 movd `4*$j-16*4`(@ptr[0]),@Xi[1]
150 punpckldq @Xi[4],@Xi[2]
152 punpckldq @Xi[2],@Xi[0]
[all …]
H A Dsha256-mb-x86_64.pl104 ($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%xmm$_",(0..7));
119 movd `4*$i`(@ptr[0]),$Xi
123 punpckldq $t2,$Xi
125 punpckldq $t1,$Xi
128 movd `4*$i`(@ptr[0]),$Xi
136 punpckldq $t2,$Xi
138 punpckldq $t1,$Xi
142 `"pshufb $Xn,$Xi" if ($i<=15 && ($i&1)==0)`
144 `"pshufb $Xn,$Xi" if ($i<=15 && ($i&1)==1)`
148 movdqa $Xi,`&Xi_off($i)`
[all …]
H A Dsha1-armv4-large.pl108 $Xi="r14";
114 ldr $t0,[$Xi,#15*4]
115 ldr $t1,[$Xi,#13*4]
116 ldr $t2,[$Xi,#7*4]
118 ldr $t3,[$Xi,#2*4]
125 str $t0,[$Xi,#-4]!
158 str $t0,[$Xi,#-4]!
226 mov $Xi,sp
239 teq $Xi,$t3
241 teq $Xi,sp
[all …]
H A Dsha1-thumb.pl46 $Xi="r12";
139 mov $Xi,sp
176 mov $t0,$Xi
181 mov $Xi,$t1
187 cmp $Xi,$t0
193 mov $Xi,$t1
199 cmp $Xi,$t0
207 mov $Xi,$t1
213 cmp $Xi,$t0
217 mov $Xi,sp
H A Dsha1-x86_64.pl479 my $Xi=4;
616 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
651 &movdqa (@Tx[2],eval(2*16*(($Xi)/5)-64)."($K_XX_XX)"); # K_XX_XX
657 &pshufd (@Tx[1],@X[-1&7],0xee) if ($Xi==7); # was &movdqa (@Tx[0],@X[-1&7]) in Xupdate_ssse3_32_79
661 $Xi++; push(@X,shift(@X)); # "rotate" X[]
671 eval(shift(@insns)) if ($Xi==8);
673 eval(shift(@insns)) if ($Xi==8);
685 if ($Xi%5) {
688 &movdqa (@Tx[2],eval(2*16*($Xi/5)-64)."($K_XX_XX)");
704 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
[all …]
H A Dsha1-586.pl564 my $Xi=4; # 4xSIMD Xupdate round, start pre-seeded
693 &movdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer
711 &movdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU
740 &movdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5); # restore X[] from backtrace buffer
748 &movdqa (@X[4],&QWP(112-16+16*(($Xi)/5),"esp")); # K_XX_XX
753 &pshufd (@X[1],@X[-3&7],0xee) if ($Xi<7); # was &movdqa (@X[1],@X[-2&7])
754 &pshufd (@X[3],@X[-1&7],0xee) if ($Xi==7);
760 $Xi++; push(@X,shift(@X)); # "rotate" X[]
777 &movdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]); # save X[] to backtrace buffer
781 if ($Xi%5) {
[all …]
H A Dsha1-sparcv9.pl40 $Xi="%g4";
62 my $xi=($i&1)?@X[($i/2)%8]:$Xi;
80 " srlx @X[(($i+1)/2)%8],32,$Xi\n";
99 sllx @X[($j+6)%8],32,$Xi ! Xupdate($i)
104 or $tmp1,$Xi,$Xi
106 xor $Xi,@X[$j%8],@X[$j%8]
107 srlx @X[$j%8],31,$Xi
109 and $Xi,$rot1m,$Xi
112 or $Xi,@X[$j%8],@X[$j%8]
124 $xi=$Xi;
[all …]
H A Dsha1-sparcv9a.pl64 $Xi="%o7";
158 ld [$Xfer+`4*($i%16)`],$Xi
166 add $Xi,$e,$e
177 ld [$Xfer+`4*($i%16)`],$Xi
186 add $Xi,$e,$e
210 ld [$Xfer+`4*($i%16)`],$Xi
223 add $Xi,$e,$e
228 ld [$Xfer+`4*($i%16)`],$Xi
243 add $Xi,$e,$e
248 ld [$Xfer+`4*($i%16)`],$Xi
[all …]
/src/crypto/openssl/crypto/modes/
H A Dgcm128.c168 static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) in gcm_gmult_4bit()
175 nlo = ((const u8 *)Xi)[15]; in gcm_gmult_4bit()
197 nlo = ((const u8 *)Xi)[cnt]; in gcm_gmult_4bit()
215 Xi[0] = BSWAP8(Z.hi); in gcm_gmult_4bit()
216 Xi[1] = BSWAP8(Z.lo); in gcm_gmult_4bit()
218 u8 *p = (u8 *)Xi; in gcm_gmult_4bit()
230 Xi[0] = Z.hi; in gcm_gmult_4bit()
231 Xi[1] = Z.lo; in gcm_gmult_4bit()
246 static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], in gcm_ghash_4bit()
256 nlo = ((const u8 *)Xi)[15]; in gcm_ghash_4bit()
[all …]
/src/sys/crypto/openssl/
H A Dossl_aes_gcm.c44 const void *key, unsigned char ivec[16], uint64_t *Xi);
46 const void *key, unsigned char ivec[16], uint64_t *Xi);
51 void GCM_init(__uint128_t Htable[16], uint64_t Xi[2]);
52 void GCM_gmult(uint64_t Xi[2], const __uint128_t Htable[16]);
53 void GCM_ghash(uint64_t Xi[2], const __uint128_t Htable[16], const void *in,
67 const void *key, unsigned char ivec[16], uint64_t *Xi);
69 const void *key, unsigned char ivec[16], uint64_t *Xi);
76 void GCM_init(__uint128_t Htable[16], uint64_t Xi[2]);
77 void GCM_gmult(uint64_t Xi[2], const __uint128_t Htable[16]);
78 void GCM_ghash(uint64_t Xi[2], const __uint128_t Htable[16], const void *in,
[all …]
/src/sys/crypto/openssl/arm/
H A Dossl_aes_gcm_neon.c29 void gcm_init_neon(__uint128_t Htable[16], const uint64_t Xi[2]);
30 void gcm_gmult_neon(uint64_t Xi[2], const __uint128_t Htable[16]);
31 void gcm_ghash_neon(uint64_t Xi[2], const __uint128_t Htable[16],
73 ctx->gcm.Xi.u[0] = 0; in gcm_setiv()
74 ctx->gcm.Xi.u[1] = 0; in gcm_setiv()
93 gcm_gmult_neon(ctx->gcm.Xi.u, ctx->gcm.Htable); in gcm_finish()
100 ctx->gcm.Xi.u[0] ^= alen; in gcm_finish()
101 ctx->gcm.Xi.u[1] ^= clen; in gcm_finish()
102 gcm_gmult_neon(ctx->gcm.Xi.u, ctx->gcm.Htable); in gcm_finish()
104 ctx->gcm.Xi.u[0] ^= ctx->gcm.EK0.u[0]; in gcm_finish()
[all …]
H A Dghashv8-armx.S69 vld1.64 {q9},[r0] @ load Xi
78 INST(0x86,0x0e,0xa8,0xf2) @ pmull q0,q12,q3 @ H.lo·Xi.lo
80 INST(0x87,0x4e,0xa9,0xf2) @ pmull2 q2,q12,q3 @ H.hi·Xi.hi
81 INST(0xa2,0x2e,0xaa,0xf2) @ pmull q1,q13,q9 @ (H.lo+H.hi)·(Xi.lo+Xi.hi)
102 vst1.64 {q0},[r0] @ write out Xi
111 vld1.64 {q0},[r0] @ load [rotated] Xi
132 vext.8 q0,q0,q0,#8 @ rotate Xi
146 veor q3,q3,q0 @ I[i]^=Xi
156 INST(0x86,0x0e,0xac,0xf2) @ pmull q0,q14,q3 @ H^2.lo·Xi.lo
162 INST(0x87,0x4e,0xad,0xf2) @ pmull2 q2,q14,q3 @ H^2.hi·Xi.hi
[all …]
/src/crypto/openssl/providers/implementations/ciphers/
H A Dcipher_aes_gcm_hw_armv8.inc16 const void *key, unsigned char ivec[16], u64 *Xi)
24 … unroll8_eor3_aes_gcm_enc_128_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key);
26 aes_gcm_enc_128_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key);
31 … unroll8_eor3_aes_gcm_enc_192_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key);
33 aes_gcm_enc_192_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key);
38 … unroll8_eor3_aes_gcm_enc_256_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key);
40 aes_gcm_enc_256_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key);
48 const void *key, unsigned char ivec[16], u64 *Xi)
56 … unroll8_eor3_aes_gcm_dec_128_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key);
58 aes_gcm_dec_128_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key);
[all …]
H A Dcipher_aes_gcm_hw_vaes_avx512.inc42 void ossl_gcm_gmult_avx512(u64 Xi[2], const void *gcm128ctx);
68 gcmctx->Xi.u[0] = 0; /* AAD hash */
69 gcmctx->Xi.u[1] = 0;
112 gcmctx->Xi.c[15 - ares] ^= *(aad++);
118 ossl_gcm_gmult_avx512(gcmctx->Xi.u, gcmctx);
137 gcmctx->Xi.c[15 - i] ^= aad[i];
159 ossl_gcm_gmult_avx512(gcmctx->Xi.u, gcmctx);
184 memcpy(tag, gcmctx->Xi.c,
185 ctx->taglen <= sizeof(gcmctx->Xi.c) ? ctx->taglen :
186 sizeof(gcmctx->Xi.c));
[all …]
/src/crypto/openssl/include/crypto/
H A Daes_platform.h85 u64 *Xi);
88 u64 *Xi);
90 void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len);
128 uint64_t *Xi, unsigned char ivec[16], const void *key);
130 uint64_t *Xi, unsigned char ivec[16], const void *key);
132 uint64_t *Xi, unsigned char ivec[16], const void *key);
134 uint64_t *Xi, unsigned char ivec[16], const void *key);
136 uint64_t *Xi, unsigned char ivec[16], const void *key);
138 uint64_t *Xi, unsigned char ivec[16], const void *key);
140 uint64_t *Xi, unsigned char ivec[16], const void *key);
[all …]
/src/sys/crypto/openssl/amd64/
H A Dossl_aes_gcm_avx512.c47 memcpy(tag, ctx->gcm.Xi.c, len); in gcm_tag()
50 void ossl_gcm_gmult_avx512(uint64_t Xi[2], void *gcm128ctx);
79 ctx->gcm.Xi.u[0] = 0; /* AAD hash */ in gcm_setiv_avx512()
80 ctx->gcm.Xi.u[1] = 0; in gcm_setiv_avx512()
115 ctx->gcm.Xi.c[15 - ares] ^= *(aad++); in gcm_aad_avx512()
121 ossl_gcm_gmult_avx512(ctx->gcm.Xi.u, ctx); in gcm_aad_avx512()
140 ctx->gcm.Xi.c[15 - i] ^= aad[i]; in gcm_aad_avx512()
162 ossl_gcm_gmult_avx512(ctx->gcm.Xi.u, ctx); in _gcm_encrypt_avx512()
206 return timingsafe_bcmp(ctx->gcm.Xi.c, tag, len); in gcm_finish_avx512()

123