[PATCH] "PowerPC64" AES improve syntax - nettle-bugs

29 Aug 2020

This patch adds "VSR" macro to improve the syntax of assembly code, I will
create a separate patch for gcm-hash since it hasn't merged yet to the
master. I also removed the TODO from README because I tried to use
"lxv/stxv" in POWER9 instead of  "lxvd2x/stxvd2x" but gcc produced
"lxvd2x/stxvd2x" in the binary. I'm not sure if it's variant issue of gcc
but this will be problematic since "lxvd2x/stxvd2x" need  permuting in
little-endian mode while "lxv/stxv" is endianness aware.
---
 powerpc64/README                      |  2 -
 powerpc64/machine.m4                  |  4 ++
 powerpc64/p8/aes-decrypt-internal.asm | 97
++++++++++++++++-------------------
 powerpc64/p8/aes-encrypt-internal.asm | 97
++++++++++++++++-------------------
 4 files changed, 90 insertions(+), 110 deletions(-)

diff --git a/powerpc64/README b/powerpc64/README
index 5410791f..7301953b 100644
--- a/powerpc64/README
+++ b/powerpc64/README
@@ -53,8 +53,6 @@ in [3] to see an example of accessing unaligned storage
operands.
 "lxvd2x/stxvd2x" can be used to load/store data into unaligned storage
 operands but permuting is needed for loading and storing data in
 little-endian mode VSX registers are defined with "X" suffix
-TODO: use architecture 3.0 instructions "lxv/stxv" instead for POWER9
-      and newer
Function Prologue
diff --git a/powerpc64/machine.m4 b/powerpc64/machine.m4
index 2f91adec..b76bb8b1 100644
--- a/powerpc64/machine.m4
+++ b/powerpc64/machine.m4
@@ -22,6 +22,10 @@ define(<EPILOGUE>,
 <.size .C_NAME($1), . - .C_NAME($1)
 .size C_NAME($1), . - .C_NAME($1)>)>)
+C Get vector-scalar register from vector register
+C VSR(VR)
+define(<VSR>,<32+$1>)
+
 C Load the quadword in DATA_SRC storage into
 C VEC_DST. GPR is general-purpose register
 C used to obtain the effective address of
diff --git a/powerpc64/p8/aes-decrypt-internal.asm
b/powerpc64/p8/aes-decrypt-internal.asm
index 7d518cd9..bfedb32b 100644
--- a/powerpc64/p8/aes-decrypt-internal.asm
+++ b/powerpc64/p8/aes-decrypt-internal.asm
@@ -1,4 +1,4 @@
-C powerpc64/P8/aes-decrypt-internal.asm
+C powerpc64/p8/aes-decrypt-internal.asm
ifelse(<
    Copyright (C) 2020 Mamone Tarsha
@@ -52,16 +52,6 @@ define(<S5>, <7>)
 define(<S6>, <8>)
 define(<S7>, <9>)
-define(<KX>, <33>)
-define(<S0X>, <34>)
-define(<S1X>, <35>)
-define(<S2X>, <36>)
-define(<S3X>, <37>)
-define(<S4X>, <38>)
-define(<S5X>, <39>)
-define(<S6X>, <40>)
-define(<S7X>, <41>)
-
 C ZERO vector register is used in place of RoundKey
 C for vncipher instruction because the order of InvMixColumns
 C and Xor processes are flipped in that instruction.
@@ -70,7 +60,6 @@ define(<ZERO>, <10>)
.file "aes-decrypt-internal.asm"
-IF_LE(<.abiversion 2>)
 .text
C _aes_decrypt(unsigned rounds, const uint32_t *keys,
@@ -109,17 +98,17 @@ PROLOGUE(_nettle_aes_decrypt)
.align 5
 Lx8_loop:
- lxvd2x KX,0,KEYS
+ lxvd2x VSR(K),0,KEYS
  vperm   K,K,K,swap_mask
- lxvd2x S0X,0,SRC
- lxvd2x S1X,25,SRC
- lxvd2x S2X,26,SRC
- lxvd2x S3X,27,SRC
- lxvd2x S4X,28,SRC
- lxvd2x S5X,29,SRC
- lxvd2x S6X,30,SRC
- lxvd2x S7X,31,SRC
+ lxvd2x VSR(S0),0,SRC
+ lxvd2x VSR(S1),25,SRC
+ lxvd2x VSR(S2),26,SRC
+ lxvd2x VSR(S3),27,SRC
+ lxvd2x VSR(S4),28,SRC
+ lxvd2x VSR(S5),29,SRC
+ lxvd2x VSR(S6),30,SRC
+ lxvd2x VSR(S7),31,SRC
IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S1,S1,S1,swap_mask
@@ -143,7 +132,7 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  li 10,0x10
 .align 5
 L8x_round_loop:
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm   K,K,K,swap_mask
  vncipher S0,S0,ZERO
  vncipher S1,S1,ZERO
@@ -164,7 +153,7 @@ L8x_round_loop:
  addi 10,10,0x10
  bdnz L8x_round_loop
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm   K,K,K,swap_mask
  vncipherlast S0,S0,K
  vncipherlast S1,S1,K
@@ -184,14 +173,14 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S6,S6,S6,swap_mask
  vperm S7,S7,S7,swap_mask>)
- stxvd2x S0X,0,DST
- stxvd2x S1X,25,DST
- stxvd2x S2X,26,DST
- stxvd2x S3X,27,DST
- stxvd2x S4X,28,DST
- stxvd2x S5X,29,DST
- stxvd2x S6X,30,DST
- stxvd2x S7X,31,DST
+ stxvd2x VSR(S0),0,DST
+ stxvd2x VSR(S1),25,DST
+ stxvd2x VSR(S2),26,DST
+ stxvd2x VSR(S3),27,DST
+ stxvd2x VSR(S4),28,DST
+ stxvd2x VSR(S5),29,DST
+ stxvd2x VSR(S6),30,DST
+ stxvd2x VSR(S7),31,DST
addi SRC,SRC,0x80
  addi DST,DST,0x80
@@ -213,16 +202,16 @@ L4x:
  cmpldi   5,0
  beq   L2x
- lxvd2x   KX,0,KEYS
+ lxvd2x   VSR(K),0,KEYS
  vperm   K,K,K,swap_mask
- lxvd2x S0X,0,SRC
+ lxvd2x VSR(S0),0,SRC
  li  9,0x10
- lxvd2x S1X,9,SRC
+ lxvd2x VSR(S1),9,SRC
  addi   9,9,0x10
- lxvd2x S2X,9,SRC
+ lxvd2x VSR(S2),9,SRC
  addi   9,9,0x10
- lxvd2x S3X,9,SRC
+ lxvd2x VSR(S3),9,SRC
IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S1,S1,S1,swap_mask
@@ -238,7 +227,7 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  li 10,0x10
 .align 5
 L4x_round_loop:
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vncipher S0,S0,ZERO
  vncipher S1,S1,ZERO
@@ -251,7 +240,7 @@ L4x_round_loop:
  addi   10,10,0x10
  bdnz  L4x_round_loop
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm   K,K,K,swap_mask
  vncipherlast S0,S0,K
  vncipherlast S1,S1,K
@@ -263,13 +252,13 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S2,S2,S2,swap_mask
  vperm S3,S3,S3,swap_mask>)
- stxvd2x S0X,0,DST
+ stxvd2x VSR(S0),0,DST
  li  9,0x10
- stxvd2x S1X,9,DST
+ stxvd2x VSR(S1),9,DST
  addi   9,9,0x10
- stxvd2x S2X,9,DST
+ stxvd2x VSR(S2),9,DST
  addi  9,9,0x10
- stxvd2x S3X,9,DST
+ stxvd2x VSR(S3),9,DST
addi   SRC,SRC,0x40
  addi   DST,DST,0x40
@@ -281,12 +270,12 @@ L2x:
  cmpldi  5,0
  beq   L1x
- lxvd2x KX,0,KEYS
+ lxvd2x VSR(K),0,KEYS
  vperm K,K,K,swap_mask
- lxvd2x S0X,0,SRC
+ lxvd2x VSR(S0),0,SRC
  li   9,0x10
- lxvd2x S1X,9,SRC
+ lxvd2x VSR(S1),9,SRC
IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S1,S1,S1,swap_mask>)
@@ -298,7 +287,7 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  li  10,0x10
 .align 5
 L2x_round_loop:
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vncipher S0,S0,ZERO
  vncipher S1,S1,ZERO
@@ -307,7 +296,7 @@ L2x_round_loop:
  addi   10,10,0x10
  bdnz   L2x_round_loop
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vncipherlast S0,S0,K
  vncipherlast S1,S1,K
@@ -315,9 +304,9 @@ L2x_round_loop:
 IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S1,S1,S1,swap_mask>)
- stxvd2x S0X,0,DST
+ stxvd2x VSR(S0),0,DST
  li  9,0x10
- stxvd2x S1X,9,DST
+ stxvd2x VSR(S1),9,DST
addi   SRC,SRC,0x20
  addi   DST,DST,0x20
@@ -328,10 +317,10 @@ L1x:
  cmpldi LENGTH,0
  beq   Ldone
- lxvd2x KX,0,KEYS
+ lxvd2x VSR(K),0,KEYS
  vperm   K,K,K,swap_mask
- lxvd2x S0X,0,SRC
+ lxvd2x VSR(S0),0,SRC
IF_LE(<vperm S0,S0,S0,swap_mask>)
@@ -341,20 +330,20 @@ IF_LE(<vperm S0,S0,S0,swap_mask>)
  li   10,0x10
 .align 5
 L1x_round_loop:
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vncipher S0,S0,ZERO
  vxor   S0,S0,K
  addi   10,10,0x10
  bdnz   L1x_round_loop
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vncipherlast S0,S0,K
IF_LE(<vperm S0,S0,S0,swap_mask>)
- stxvd2x S0X,0,DST
+ stxvd2x VSR(S0),0,DST
Ldone:
  blr
diff --git a/powerpc64/p8/aes-encrypt-internal.asm
b/powerpc64/p8/aes-encrypt-internal.asm
index c696a4a3..67c7e597 100644
--- a/powerpc64/p8/aes-encrypt-internal.asm
+++ b/powerpc64/p8/aes-encrypt-internal.asm
@@ -1,4 +1,4 @@
-C powerpc64/P8/aes-encrypt-internal.asm
+C powerpc64/p8/aes-encrypt-internal.asm
ifelse(<
    Copyright (C) 2020 Mamone Tarsha
@@ -52,19 +52,8 @@ define(<S5>, <7>)
 define(<S6>, <8>)
 define(<S7>, <9>)
-define(<KX>, <33>)
-define(<S0X>, <34>)
-define(<S1X>, <35>)
-define(<S2X>, <36>)
-define(<S3X>, <37>)
-define(<S4X>, <38>)
-define(<S5X>, <39>)
-define(<S6X>, <40>)
-define(<S7X>, <41>)
-
 .file "aes-encrypt-internal.asm"
-IF_LE(<.abiversion 2>)
 .text
C _aes_encrypt(unsigned rounds, const uint32_t *keys,
@@ -101,17 +90,17 @@ PROLOGUE(_nettle_aes_encrypt)
.align 5
 Lx8_loop:
- lxvd2x KX,0,KEYS
+ lxvd2x VSR(K),0,KEYS
  vperm   K,K,K,swap_mask
- lxvd2x S0X,0,SRC
- lxvd2x S1X,25,SRC
- lxvd2x S2X,26,SRC
- lxvd2x S3X,27,SRC
- lxvd2x S4X,28,SRC
- lxvd2x S5X,29,SRC
- lxvd2x S6X,30,SRC
- lxvd2x S7X,31,SRC
+ lxvd2x VSR(S0),0,SRC
+ lxvd2x VSR(S1),25,SRC
+ lxvd2x VSR(S2),26,SRC
+ lxvd2x VSR(S3),27,SRC
+ lxvd2x VSR(S4),28,SRC
+ lxvd2x VSR(S5),29,SRC
+ lxvd2x VSR(S6),30,SRC
+ lxvd2x VSR(S7),31,SRC
IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S1,S1,S1,swap_mask
@@ -135,7 +124,7 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  li 10,0x10
 .align 5
 L8x_round_loop:
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm   K,K,K,swap_mask
  vcipher S0,S0,K
  vcipher S1,S1,K
@@ -148,7 +137,7 @@ L8x_round_loop:
  addi 10,10,0x10
  bdnz L8x_round_loop
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm   K,K,K,swap_mask
  vcipherlast S0,S0,K
  vcipherlast S1,S1,K
@@ -168,14 +157,14 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S6,S6,S6,swap_mask
  vperm S7,S7,S7,swap_mask>)
- stxvd2x S0X,0,DST
- stxvd2x S1X,25,DST
- stxvd2x S2X,26,DST
- stxvd2x S3X,27,DST
- stxvd2x S4X,28,DST
- stxvd2x S5X,29,DST
- stxvd2x S6X,30,DST
- stxvd2x S7X,31,DST
+ stxvd2x VSR(S0),0,DST
+ stxvd2x VSR(S1),25,DST
+ stxvd2x VSR(S2),26,DST
+ stxvd2x VSR(S3),27,DST
+ stxvd2x VSR(S4),28,DST
+ stxvd2x VSR(S5),29,DST
+ stxvd2x VSR(S6),30,DST
+ stxvd2x VSR(S7),31,DST
addi SRC,SRC,0x80
  addi DST,DST,0x80
@@ -197,16 +186,16 @@ L4x:
  cmpldi   5,0
  beq   L2x
- lxvd2x   KX,0,KEYS
+ lxvd2x   VSR(K),0,KEYS
  vperm   K,K,K,swap_mask
- lxvd2x S0X,0,SRC
+ lxvd2x VSR(S0),0,SRC
  li  9,0x10
- lxvd2x S1X,9,SRC
+ lxvd2x VSR(S1),9,SRC
  addi   9,9,0x10
- lxvd2x S2X,9,SRC
+ lxvd2x VSR(S2),9,SRC
  addi   9,9,0x10
- lxvd2x S3X,9,SRC
+ lxvd2x VSR(S3),9,SRC
IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S1,S1,S1,swap_mask
@@ -222,7 +211,7 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  li 10,0x10
 .align 5
 L4x_round_loop:
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vcipher S0,S0,K
  vcipher S1,S1,K
@@ -231,7 +220,7 @@ L4x_round_loop:
  addi   10,10,0x10
  bdnz  L4x_round_loop
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm   K,K,K,swap_mask
  vcipherlast S0,S0,K
  vcipherlast S1,S1,K
@@ -243,13 +232,13 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S2,S2,S2,swap_mask
  vperm S3,S3,S3,swap_mask>)
- stxvd2x S0X,0,DST
+ stxvd2x VSR(S0),0,DST
  li  9,0x10
- stxvd2x S1X,9,DST
+ stxvd2x VSR(S1),9,DST
  addi   9,9,0x10
- stxvd2x S2X,9,DST
+ stxvd2x VSR(S2),9,DST
  addi  9,9,0x10
- stxvd2x S3X,9,DST
+ stxvd2x VSR(S3),9,DST
addi   SRC,SRC,0x40
  addi   DST,DST,0x40
@@ -261,12 +250,12 @@ L2x:
  cmpldi  5,0
  beq   L1x
- lxvd2x KX,0,KEYS
+ lxvd2x VSR(K),0,KEYS
  vperm K,K,K,swap_mask
- lxvd2x S0X,0,SRC
+ lxvd2x VSR(S0),0,SRC
  li   9,0x10
- lxvd2x S1X,9,SRC
+ lxvd2x VSR(S1),9,SRC
IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S1,S1,S1,swap_mask>)
@@ -278,14 +267,14 @@ IF_LE(<vperm S0,S0,S0,swap_mask
  li  10,0x10
 .align 5
 L2x_round_loop:
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vcipher S0,S0,K
  vcipher S1,S1,K
  addi   10,10,0x10
  bdnz   L2x_round_loop
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vcipherlast S0,S0,K
  vcipherlast S1,S1,K
@@ -293,9 +282,9 @@ L2x_round_loop:
 IF_LE(<vperm S0,S0,S0,swap_mask
  vperm S1,S1,S1,swap_mask>)
- stxvd2x S0X,0,DST
+ stxvd2x VSR(S0),0,DST
  li  9,0x10
- stxvd2x S1X,9,DST
+ stxvd2x VSR(S1),9,DST
addi   SRC,SRC,0x20
  addi   DST,DST,0x20
@@ -306,10 +295,10 @@ L1x:
  cmpldi LENGTH,0
  beq   Ldone
- lxvd2x KX,0,KEYS
+ lxvd2x VSR(K),0,KEYS
  vperm   K,K,K,swap_mask
- lxvd2x S0X,0,SRC
+ lxvd2x VSR(S0),0,SRC
IF_LE(<vperm S0,S0,S0,swap_mask>)
@@ -319,19 +308,19 @@ IF_LE(<vperm S0,S0,S0,swap_mask>)
  li   10,0x10
 .align 5
 L1x_round_loop:
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vcipher S0,S0,K
  addi   10,10,0x10
  bdnz   L1x_round_loop
- lxvd2x KX,10,KEYS
+ lxvd2x VSR(K),10,KEYS
  vperm  K,K,K,swap_mask
  vcipherlast S0,S0,K
IF_LE(<vperm S0,S0,S0,swap_mask>)
- stxvd2x S0X,0,DST
+ stxvd2x VSR(S0),0,DST
Ldone:
  blr
-- 
2.17.1

    