gcm_s390x.s raw
1 // Copyright 2016 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 //go:build !purego
6
7 #include "textflag.h"
8
9 // func cryptBlocksGCM(fn code, key, dst, src, buf []byte, cnt *[16]byte)
10 TEXT ·cryptBlocksGCM(SB),NOSPLIT,$0-112
11 MOVD src_len+64(FP), R0
12 MOVD buf_base+80(FP), R1
13 MOVD cnt+104(FP), R12
14 LMG (R12), R2, R3
15
16 // Check that the src size is less than or equal to the buffer size.
17 MOVD buf_len+88(FP), R4
18 CMP R0, R4
19 BGT crash
20
21 // Check that the src size is a multiple of 16-bytes.
22 MOVD R0, R4
23 AND $0xf, R4
24 BLT crash // non-zero
25
26 // Check that the src size is less than or equal to the dst size.
27 MOVD dst_len+40(FP), R4
28 CMP R0, R4
29 BGT crash
30
31 MOVD R2, R4
32 MOVD R2, R6
33 MOVD R2, R8
34 MOVD R3, R5
35 MOVD R3, R7
36 MOVD R3, R9
37 ADDW $1, R5
38 ADDW $2, R7
39 ADDW $3, R9
40 incr:
41 CMP R0, $64
42 BLT tail
43 STMG R2, R9, (R1)
44 ADDW $4, R3
45 ADDW $4, R5
46 ADDW $4, R7
47 ADDW $4, R9
48 MOVD $64(R1), R1
49 SUB $64, R0
50 BR incr
51 tail:
52 CMP R0, $0
53 BEQ crypt
54 STMG R2, R3, (R1)
55 ADDW $1, R3
56 MOVD $16(R1), R1
57 SUB $16, R0
58 BR tail
59 crypt:
60 STMG R2, R3, (R12) // update next counter value
61 MOVD fn+0(FP), R0 // function code (encryption)
62 MOVD key_base+8(FP), R1 // key
63 MOVD buf_base+80(FP), R2 // counter values
64 MOVD dst_base+32(FP), R4 // dst
65 MOVD src_base+56(FP), R6 // src
66 MOVD src_len+64(FP), R7 // len
67 loop:
68 KMCTR R4, R2, R6 // cipher message with counter (KMCTR)
69 BVS loop // branch back if interrupted
70 RET
71 crash:
72 MOVD $0, (R0)
73 RET
74
75
76 // func ghashAsm(key *gcmHashKey, hash *[16]byte, data []byte)
77 TEXT ·ghashAsm(SB),NOSPLIT,$32-40
78 MOVD $65, R0 // GHASH function code
79 MOVD key+0(FP), R2
80 LMG (R2), R6, R7
81 MOVD hash+8(FP), R8
82 LMG (R8), R4, R5
83 MOVD $params-32(SP), R1
84 STMG R4, R7, (R1)
85 LMG data+16(FP), R2, R3 // R2=base, R3=len
86 loop:
87 KIMD R0, R2 // compute intermediate message digest (KIMD)
88 BVS loop // branch back if interrupted
89 MVC $16, (R1), (R8)
90 MOVD $0, R0
91 RET
92
93 // func kmaGCM(fn int, key, dst, src, aad []byte, tag *[16]byte, cnt *[gcmBlockSize]byte)
94 TEXT ·kmaGCM(SB),NOSPLIT,$112-120
95 MOVD fn+0(FP), R0
96 MOVD $params-112(SP), R1
97
98 // load ptr/len pairs
99 LMG dst+32(FP), R2, R3 // R2=base R3=len
100 LMG src+56(FP), R4, R5 // R4=base R5=len
101 LMG aad+80(FP), R6, R7 // R6=base R7=len
102
103 // setup parameters
104 MOVD cnt+112(FP), R8
105 XC $12, (R1), (R1) // reserved
106 MVC $4, 12(R8), 12(R1) // set chain value
107 MVC $16, (R8), 64(R1) // set initial counter value
108 XC $32, 16(R1), 16(R1) // set hash subkey and tag
109 SLD $3, R7, R12
110 MOVD R12, 48(R1) // set total AAD length
111 SLD $3, R5, R12
112 MOVD R12, 56(R1) // set total plaintext/ciphertext length
113
114 LMG key+8(FP), R8, R9 // R8=base R9=len
115 MVC $16, (R8), 80(R1) // set key
116 CMPBEQ R9, $16, kma
117 MVC $8, 16(R8), 96(R1)
118 CMPBEQ R9, $24, kma
119 MVC $8, 24(R8), 104(R1)
120
121 kma:
122 KMA R2, R6, R4 // Cipher Message with Authentication
123 BVS kma
124
125 MOVD tag+104(FP), R2
126 MVC $16, 16(R1), 0(R2) // copy tag to output
127 MOVD cnt+112(FP), R8
128 MVC $4, 12(R1), 12(R8) // update counter value
129
130 RET
131