/freebsd-current/crypto/openssl/crypto/modes/asm/ |
H A D | ghash-x86_64.pl | 138 $Xi="%rdi"; 262 movzb 15($Xi),$Zlo 265 &loop ($Xi); 267 mov $Zlo,8($Xi) 268 mov $Zhi,($Xi) 345 &mov ($Zlo,"8($Xi)"); 346 &mov ($Zhi,"0($Xi)"); 356 &mov ("($Xi)",$Zhi); 357 &mov ("8($Xi)","%rdx"); 392 &mov ($dat,"$j($Xi)") i [all...] |
H A D | ghash-x86.pl | 273 &mov ($inp,&wparam(0)); # load Xi 276 &mov ($Zhh,&DWP(0,$inp)); # load Xi[16] 283 &mov (&DWP(0,"esp"),$Zhh); # copy Xi[16] on stack 306 &mov ($Zll,&wparam(0)); # load Xi 313 &mov ($Zhh,&DWP(0,$Zll)); # load Xi[16] 344 &mov ($inp,&wparam(0)); # load Xi 434 &mov ($inp,&wparam(0)); # load Xi 446 &mov ($inp,&wparam(0)); # load Xi 458 &mov ($Zhh,&wparam(0)); # load Xi 472 &mov ($Zll,&DWP(12,$Zhh)); # load Xi[1 [all...] |
H A D | ghash-s390x.pl | 67 $Xi="%r2"; # argument block 103 la %r1,0($Xi) # H lies right after Xi in gcm128_context 115 aghi $Xi,-1 120 lg $Zlo,8+1($Xi) # Xi 136 la %r1,0($Xi) # H lies right after Xi in gcm128_context 149 aghi $Xi,-1 154 lg $Zlo,8+1($Xi) # X [all...] |
H A D | aesni-gcm-x86_64.pl | 83 $Z0,$Z1,$Z2,$Z3,$Xi) = map("%xmm$_",(0..8)); 141 vpxor $Z0,$Xi,$Xi # modulo-scheduled 152 vpxor 16+8(%rsp),$Xi,$Xi # modulo-scheduled [vpxor $Z3,$Xi,$Xi] 216 vpxor 0x70+8(%rsp),$Xi,$Xi # accumulate I[0] 230 vpclmulqdq \$0x10,$Hkey,$Xi, [all...] |
H A D | ghash-c64xplus.pl | 66 || MV $Xip,${xip} ; reassign Xi 70 || LDBU *++${xip}[15],$x1 ; Xi[15] 72 || LDBU *--${xip},$x0 ; Xi[14] 94 || MV $Xip,${xip} ; reassign Xi 113 || [B0] XOR $H0x,$Z0,$Z0 ; Xi^=inp 118 || [B0] SHRU $Z1,24,$xia ; Xi[15], avoid cross-path stall 120 || [B0] SHRU $Z1,16,$x0 ; Xi[14] 125 || [B0] MV $Z0,$xia ; Xi[15], avoid cross-path stall 127 || [B0] SHRU $Z0,8,$x0 ; Xi[14] 163 XORMPY $H0,$xia,$H0x ; 0 ; H��(Xi[ [all...] |
H A D | ghash-sparcv9.pl | 77 $Xi="%i0"; # input argument block 109 ldub [$Xi+15],$xi0 110 ldub [$Xi+14],$xi1 159 ldub [$Xi+$cnt],$xi1 211 stx $Zlo,[$Xi+8] 213 stx $Zhi,[$Xi] 231 stx $Zlo,[$Xi+8] 233 stx $Zhi,[$Xi] 249 ldub [$Xi+15],$nlo 261 ldub [$Xi [all...] |
H A D | ghash-parisc.pl | 63 $Xi="%r26"; # argument block 135 ldb 15($Xi),$nlo 147 ldb 14($Xi),$nlo 176 ldbx $cnt($Xi),$nlo 216 std $Zll,8($Xi) 217 std $Zhh,0($Xi) 226 ldb 15($Xi),$nlo 239 ldb 14($Xi),$nlo 270 ldbx $cnt($Xi),$nlo 325 stw $Zll,12($Xi) [all...] |
H A D | ghashv8-armx.pl | 63 $Xi="x0"; # argument block 211 # void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]); 213 # input: Xi - current hash value; 215 # output: Xi - next hash value Xi; 227 vld1.64 {$t1},[$Xi] @ load Xi 236 vpmull.p64 $Xl,$H,$IN @ H.lo��Xi.lo 238 vpmull2.p64 $Xh,$H,$IN @ H.hi��Xi.hi 239 vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)��(Xi [all...] |
H A D | ghash-armv4.pl | 98 $Xi="r0"; # argument block 126 str $_,[$Xi,#$i] 128 str $_,[$Xi,#$i] 131 strb $_,[$Xi,#$i+3] 133 strb $Tlh,[$Xi,#$i+2] 135 strb $Thl,[$Xi,#$i+1] 136 strb $Thh,[$Xi,#$i] 197 ldrb $nhi,[$Xi,#15] 215 ldrb $nhi,[$Xi,#14] 254 ldrplb $Tll,[$Xi, [all...] |
/freebsd-current/crypto/openssl/crypto/sha/asm/ |
H A D | sha1-mb-x86_64.pl | 101 @Xi=map("%xmm$_",(10..14)); 107 @Xi=map("%xmm$_",(0..4)); 140 movd (@ptr[0]),@Xi[0] 142 movd (@ptr[1]),@Xi[2] # borrow @Xi[2] 144 movd (@ptr[2]),@Xi[3] # borrow @Xi[3] 146 movd (@ptr[3]),@Xi[4] # borrow @Xi[4] 148 punpckldq @Xi[ [all...] |
H A D | sha1-586.pl | 564 my $Xi=4; # 4xSIMD Xupdate round, start pre-seeded 565 my @X=map("xmm$_",(4..7,0..3)); # pre-seeded for $Xi=4 678 sub Xupdate_ssse3_16_31() # recall that $Xi starts with 4 693 &movdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer 711 &movdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU 740 &movdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5); # restore X[] from backtrace buffer 748 &movdqa (@X[4],&QWP(112-16+16*(($Xi)/5),"esp")); # K_XX_XX 753 &pshufd (@X[1],@X[-3&7],0xee) if ($Xi<7); # was &movdqa (@X[1],@X[-2&7]) 754 &pshufd (@X[3],@X[-1&7],0xee) if ($Xi [all...] |
H A D | sha256-mb-x86_64.pl | 104 ($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%xmm$_",(0..7)); 119 movd `4*$i`(@ptr[0]),$Xi 123 punpckldq $t2,$Xi 125 punpckldq $t1,$Xi 128 movd `4*$i`(@ptr[0]),$Xi 136 punpckldq $t2,$Xi 138 punpckldq $t1,$Xi 142 `"pshufb $Xn,$Xi" if ($i<=15 && ($i&1)==0)` 144 `"pshufb $Xn,$Xi" if ($i<=15 && ($i&1)==1)` 148 movdqa $Xi,` [all...] |
H A D | sha1-thumb.pl | 46 $Xi="r12"; 139 mov $Xi,sp 176 mov $t0,$Xi 181 mov $Xi,$t1 187 cmp $Xi,$t0 193 mov $Xi,$t1 199 cmp $Xi,$t0 207 mov $Xi,$t1 213 cmp $Xi,$t0 217 mov $Xi,s [all...] |
H A D | sha1-armv4-large.pl | 108 $Xi="r14"; 114 ldr $t0,[$Xi,#15*4] 115 ldr $t1,[$Xi,#13*4] 116 ldr $t2,[$Xi,#7*4] 118 ldr $t3,[$Xi,#2*4] 125 str $t0,[$Xi,#-4]! 158 str $t0,[$Xi,#-4]! 226 mov $Xi,sp 239 teq $Xi,$t3 241 teq $Xi,s [all...] |
H A D | sha1-sparcv9.pl | 40 $Xi="%g4"; 62 my $xi=($i&1)?@X[($i/2)%8]:$Xi; 80 " srlx @X[(($i+1)/2)%8],32,$Xi\n"; 99 sllx @X[($j+6)%8],32,$Xi ! Xupdate($i) 104 or $tmp1,$Xi,$Xi 106 xor $Xi,@X[$j%8],@X[$j%8] 107 srlx @X[$j%8],31,$Xi 109 and $Xi,$rot1m,$Xi [all...] |
H A D | sha1-sparcv9a.pl | 64 $Xi="%o7"; 158 ld [$Xfer+`4*($i%16)`],$Xi 166 add $Xi,$e,$e 177 ld [$Xfer+`4*($i%16)`],$Xi 186 add $Xi,$e,$e 210 ld [$Xfer+`4*($i%16)`],$Xi 223 add $Xi,$e,$e 228 ld [$Xfer+`4*($i%16)`],$Xi 243 add $Xi,$e,$e 248 ld [$Xfer+`4*($i%16)`],$Xi [all...] |
/freebsd-current/sys/crypto/openssl/arm/ |
H A D | ossl_aes_gcm.c | 29 void gcm_init_neon(__uint128_t Htable[16], const uint64_t Xi[2]); 30 void gcm_gmult_neon(uint64_t Xi[2], const __uint128_t Htable[16]); 31 void gcm_ghash_neon(uint64_t Xi[2], const __uint128_t Htable[16], 73 ctx->gcm.Xi.u[0] = 0; 74 ctx->gcm.Xi.u[1] = 0; 93 gcm_gmult_neon(ctx->gcm.Xi.u, ctx->gcm.Htable); 100 ctx->gcm.Xi.u[0] ^= alen; 101 ctx->gcm.Xi.u[1] ^= clen; 102 gcm_gmult_neon(ctx->gcm.Xi.u, ctx->gcm.Htable); 104 ctx->gcm.Xi [all...] |
H A D | ghashv8-armx.S | 69 vld1.64 {q9},[r0] @ load Xi 78 INST(0x86,0x0e,0xa8,0xf2) @ pmull q0,q12,q3 @ H.lo��Xi.lo 80 INST(0x87,0x4e,0xa9,0xf2) @ pmull2 q2,q12,q3 @ H.hi��Xi.hi 81 INST(0xa2,0x2e,0xaa,0xf2) @ pmull q1,q13,q9 @ (H.lo+H.hi)��(Xi.lo+Xi.hi) 102 vst1.64 {q0},[r0] @ write out Xi 111 vld1.64 {q0},[r0] @ load [rotated] Xi 132 vext.8 q0,q0,q0,#8 @ rotate Xi 146 veor q3,q3,q0 @ I[i]^=Xi 156 INST(0x86,0x0e,0xac,0xf2) @ pmull q0,q14,q3 @ H^2.lo��Xi [all...] |
/freebsd-current/crypto/openssl/providers/implementations/ciphers/ |
H A D | cipher_aes_gcm_hw_armv8.inc | 16 const void *key, unsigned char ivec[16], u64 *Xi) 25 aes_gcm_enc_128_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key); 28 aes_gcm_enc_192_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key); 31 aes_gcm_enc_256_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key); 38 const void *key, unsigned char ivec[16], u64 *Xi) 47 aes_gcm_dec_128_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key); 50 aes_gcm_dec_192_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key); 53 aes_gcm_dec_256_kernel(in, align_bytes * 8, out, (uint64_t *)Xi, ivec, key);
|
/freebsd-current/crypto/openssl/crypto/modes/ |
H A D | gcm128.c | 104 static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) argument 107 const u8 *xi = (const u8 *)Xi + 15; 181 if ((u8 *)Xi == xi) 197 Xi[0] = BSWAP8(Z.hi); 198 Xi[1] = BSWAP8(Z.lo); 200 u8 *p = (u8 *)Xi; 212 Xi[0] = Z.hi; 213 Xi[1] = Z.lo; 217 # define GCM_MUL(ctx) gcm_gmult_8bit(ctx->Xi.u,ctx->Htable) 300 static void gcm_gmult_4bit(u64 Xi[ argument 375 gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len) argument 562 gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) argument [all...] |
/freebsd-current/sys/crypto/armv8/ |
H A D | armv8_crypto.h | 60 void gcm_init_v8(__uint128_val_t Htable[16], const uint64_t Xi[2]); 61 void gcm_gmult_v8(uint64_t Xi[2], const __uint128_val_t Htable[16]); 62 void gcm_ghash_v8(uint64_t Xi[2], const __uint128_val_t Htable[16], const uint8_t *inp, size_t len);
|
H A D | armv8_crypto_wrap.c | 323 __uint128_val_t Xi; member in struct:armv8_gcm_state 348 memset(s->Xi.c, 0, sizeof(s->Xi.c)); 351 gcm_ghash_v8(s->Xi.u, Htable, authdata, authdatalen - trailer); 357 gcm_ghash_v8(s->Xi.u, Htable, block, AES_BLOCK_LEN); 369 gcm_ghash_v8(s->Xi.u, Htable, s->lenblock.c, AES_BLOCK_LEN); 371 s->Xi.u[0] ^= s->EK0.u[0]; 372 s->Xi.u[1] ^= s->EK0.u[1]; 427 gcm_ghash_v8(s.Xi.u, Htable, block, seglen); 435 gcm_ghash_v8(s.Xi [all...] |
/freebsd-current/sys/crypto/openssl/amd64/ |
H A D | ossl_aes_gcm.c | 50 memcpy(tag, ctx->gcm.Xi.c, len); 53 void ossl_gcm_gmult_avx512(uint64_t Xi[2], void *gcm128ctx); 82 ctx->gcm.Xi.u[0] = 0; /* AAD hash */ 83 ctx->gcm.Xi.u[1] = 0; 118 ctx->gcm.Xi.c[15 - ares] ^= *(aad++); 124 ossl_gcm_gmult_avx512(ctx->gcm.Xi.u, ctx); 143 ctx->gcm.Xi.c[15 - i] ^= aad[i]; 165 ossl_gcm_gmult_avx512(ctx->gcm.Xi.u, ctx); 209 return timingsafe_bcmp(ctx->gcm.Xi.c, tag, len); 224 const void *key, unsigned char ivec[16], uint64_t *Xi); [all...] |
/freebsd-current/crypto/openssl/include/crypto/ |
H A D | aes_platform.h | 109 uint64_t *Xi, unsigned char ivec[16], const void *key); 111 uint64_t *Xi, unsigned char ivec[16], const void *key); 113 uint64_t *Xi, unsigned char ivec[16], const void *key); 115 uint64_t *Xi, unsigned char ivec[16], const void *key); 117 uint64_t *Xi, unsigned char ivec[16], const void *key); 119 uint64_t *Xi, unsigned char ivec[16], const void *key); 121 unsigned char ivec[16], u64 *Xi); 123 unsigned char ivec[16], u64 *Xi); 124 void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); 221 const void *key, unsigned char ivec[16], u64 *Xi); [all...] |
/freebsd-current/sys/crypto/openssl/ |
H A D | ossl_aes_gcm.h | 61 } Yi, EKi, EK0, len, Xi, H; member in struct:ossl_gcm_context::__anon21
|