From patchwork Tue Aug 21 16:46:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 144745 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp5500135ljj; Tue, 21 Aug 2018 09:46:43 -0700 (PDT) X-Google-Smtp-Source: AA+uWPyUEBeF1tq9P1MqlJWG0ufaO/hm4QjU3RbbGa1jTSsW2wEPxSCC2gCEe2TzajMFNJaNVW18 X-Received: by 2002:a63:cd4c:: with SMTP id a12-v6mr48520853pgj.15.1534870003359; Tue, 21 Aug 2018 09:46:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534870003; cv=none; d=google.com; s=arc-20160816; b=vy7Ze7qmnjfRcD1lppn05j1FKwjixzYbFYcd1tLYmfj6DgJkzZkTXjlSBcKpLlVfQ6 v9eZsgNWt2WsNopI7k+ygUA55qzDVEWvd1d9Pm1Is4eAO6j+oqdRRkMIcb8BdRPX7cBO 5pQDKBqS2FtZchi/W66G9H8GVj+/YUkE8K2q//daKgC2rLDP2B+eZFKApYse8LWRAVtq NHvyzp09VAs+P8kJYfp5auI77OiAmQ9dV3CJDdNXREK+jaIdRIF3VasZlsRaJt7DtyLw ImUZPZtEhzhDaivJrO4e+Es2TDwV/iUcqstP3WH6LAidmQYAISqyfy3FaC6g4ozk52lY 0ihA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=GAdyM4/n79tcWOyIneBtm4DVaLfiUdoUXk+BfQ9BAIU=; b=kqpDQOYRCY8QuK0ZcSPVxIBaUIOG+9VkQ1WYKBRvv9M96ZFn8FGoaErQ2lZ9gFjDd/ BTeryIpOURXE+aZHRgWPKiosoW+XD1fUfRz+5RWR7nyu3K8F1tk+h/hdbm+3XLkG5DB2 RpzAOZsSpO8qfL8xa0J/GfozSuizc6mueP2+4sriN+A+lgCWyhXSyyMNoQaJiHUy4xIS rgKAIn2+OYNebqdtEXapyVDQ0M9U44Ai3TNK2dxKO0L1btSnXqdY+32+OnwV7Ex9b3nI tl/d25aZT4iZ+FMsFNrVdmosOlHqx4HSJD1OgUrAEWpCK7gKElBAh7AM/MjA2BfnMFFa gCTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=M8wHoRW2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d8-v6si7735154pln.29.2018.08.21.09.46.43; Tue, 21 Aug 2018 09:46:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=M8wHoRW2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726612AbeHUUHf (ORCPT + 2 others); Tue, 21 Aug 2018 16:07:35 -0400 Received: from mail-lf1-f68.google.com ([209.85.167.68]:42802 "EHLO mail-lf1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726553AbeHUUHf (ORCPT ); Tue, 21 Aug 2018 16:07:35 -0400 Received: by mail-lf1-f68.google.com with SMTP id z11-v6so11768455lff.9 for ; Tue, 21 Aug 2018 09:46:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=GAdyM4/n79tcWOyIneBtm4DVaLfiUdoUXk+BfQ9BAIU=; b=M8wHoRW2kTRrc7OXtegF2G5SlBKud/IiXpImOzC+Hs/FhvAi1d7bU+xd+RG3dcFzwf IUMk8Kup5O8cPROjlPWCA6wLgSVk2QLX6fp3KIObJzaEi8hrRL/i1OFCBgL/FiOecCM1 tyh2QMZt9SJLpneHxmjouSARdMIe1Liygaqd0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=GAdyM4/n79tcWOyIneBtm4DVaLfiUdoUXk+BfQ9BAIU=; b=E4nuN7JIxUVGN85dI8WjcqJKF/CEhSuu+NIQIeG7bYjBf8JwmKGzmfDPD6IchoabgG 33nfekStKnp2q34UC1AcBWn06upFives+4DAWQTStMHgX0Ji1a3HjaaSmw/GFilwWgBg jqspWHZEWWGpfwuB2Xf9jyQ8DiQvA4A/Vk7ds6ot27YpsSz2OtwEs0cNgW4fL5UchL73 DsS2crXt5J9N/s51bKzbTxQEmJU8RZ7MOx33/D0nf4VM/hfe4y0JhGo5qUb66a9E3wVg NCziE5MoV3g0N92e6J2qK7WQgMiHGY2yFwL9QeZvgoc4VRfXdyAEnHNfA6fLYa7kpbaZ o/qw== X-Gm-Message-State: AOUpUlHiLL+89fqxG5wzCJWtNKIIz5qXitcnWfCYbcAq4sqDxyTHGYJv c81FCm32hgIxMX64Q4fmiJcodHTOzkrG2g11 X-Received: by 2002:a19:e991:: with SMTP id j17-v6mr16234235lfk.112.1534869999900; Tue, 21 Aug 2018 09:46:39 -0700 (PDT) Received: from localhost.localdomain ([148.122.187.2]) by smtp.gmail.com with ESMTPSA id g86-v6sm122217ljf.5.2018.08.21.09.46.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Aug 2018 09:46:39 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Nick Desaulniers Subject: [PATCH] crypto: arm64/aes-modes - get rid of literal load of addend vector Date: Tue, 21 Aug 2018 18:46:14 +0200 Message-Id: <20180821164614.31513-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Replace the literal load of the addend vector with a sequence that composes it using immediates. While at it, tweak the code that refers to it so it does not clobber the register, so we can take the load out of the loop as well. This results in generally better code, but also works around a Clang issue, whose integrated assembler does not implement the GNU ARM asm syntax completely, and does not support the =literal notation for FP registers. Cc: Nick Desaulniers Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/aes-modes.S | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) -- 2.17.1 Reviewed-by: Nick Desaulniers diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S index 483a7130cf0e..e966620ee230 100644 --- a/arch/arm64/crypto/aes-modes.S +++ b/arch/arm64/crypto/aes-modes.S @@ -225,6 +225,14 @@ AES_ENTRY(aes_ctr_encrypt) enc_prepare w22, x21, x6 ld1 {v4.16b}, [x24] + /* compose addend vector { 1, 2, 3, 0 } in v8.4s */ + movi v7.4h, #1 + movi v8.4h, #2 + uaddl v6.4s, v7.4h, v8.4h + zip1 v8.8h, v7.8h, v8.8h + zip1 v8.4s, v8.4s, v6.4s + zip2 v8.8h, v8.8h, v7.8h + umov x6, v4.d[1] /* keep swabbed ctr in reg */ rev x6, x6 .LctrloopNx: @@ -232,17 +240,16 @@ AES_ENTRY(aes_ctr_encrypt) bmi .Lctr1x cmn w6, #4 /* 32 bit overflow? */ bcs .Lctr1x - ldr q8, =0x30000000200000001 /* addends 1,2,3[,0] */ dup v7.4s, w6 mov v0.16b, v4.16b add v7.4s, v7.4s, v8.4s mov v1.16b, v4.16b - rev32 v8.16b, v7.16b + rev32 v7.16b, v7.16b mov v2.16b, v4.16b mov v3.16b, v4.16b - mov v1.s[3], v8.s[0] - mov v2.s[3], v8.s[1] - mov v3.s[3], v8.s[2] + mov v1.s[3], v7.s[0] + mov v2.s[3], v7.s[1] + mov v3.s[3], v7.s[2] ld1 {v5.16b-v7.16b}, [x20], #48 /* get 3 input blocks */ bl aes_encrypt_block4x eor v0.16b, v5.16b, v0.16b @@ -296,7 +303,6 @@ AES_ENTRY(aes_ctr_encrypt) ins v4.d[0], x7 b .Lctrcarrydone AES_ENDPROC(aes_ctr_encrypt) - .ltorg /*