Maamoun TK maamoun.tk@googlemail.com writes:
For the first approach I can think of this method: lxvd2x VSR(C0),0,DATA IF_LE(` vperm C0,C0,C0,LE_MASK ') slwi LENGTH,LENGTH,4 (Shift left 4 bitls because vsro get bit[121:124]) vspltisb v10,-1 (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) mtvrwz v11,LENGTH (LENGTH in bit[57:60]) xxspltd VSR(v11),VSR(v11),0 (LENGTH in bit[121:124]) vsro v10,v10,v11 (Sift right by octet) vnot v10,v10 vand C0,C0,v10
I'm having some difficulty following along. Is this a loop, part of a loop, or is there some vector load instruction that lets you pass a byte length?
I recommend the third approach so we don't have to deal with the leftover bytes in the upcoming implementations but the problem is that gcm_init_key() initialize the table for the compatible gcm_hash() function,
If we go this way, the power assembly file would have to provide an implementation of gcm_gf_mul, compatible with its gcm_init_key. It would do essentially the same thing as the single-block part of gcm_hash. But approach 1 is fine too, if it doesn't get too complicated.
Your recent mails have not included actual patches, neither inline, nor as attachments. E.g., https://lists.lysator.liu.se/pipermail/nettle-bugs/2020/009234.html. (The mailist software might discard some attachments, but content-type: text/x-patch and the like should be fine). If your mail client doesn't cooperate, feel free to create a pull request on git.lysator.liu.se instead (and ping the list).
Regards, /Niels