| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/Java/Openjdk/src/hotspot/cpu/x86/ (Sun/Oracle ©) Datei vom 13.11.2022 mit Größe 127 kB |
|
Quelle stubGenerator_x86_64_aes.cpp Sprache: C |
|||||||||
|
/*
* Copyright (c) 2019, 2021, Intel Corporation. All rights reserved. * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. * */ #include "precompiled.hpp" #include "asm/assembler.hpp" #include "asm/assembler.inline.hpp" #include "runtime/stubRoutines.hpp" #include "macroAssembler_x86.hpp" #include "stubGenerator_x86_64.hpp" #define __ _masm-> #ifdef PRODUCT #define BLOCK_COMMENT(str) /* nothing */ #else #define BLOCK_COMMENT(str) __ block_comment(str) #endif // PRODUCT #define BIND(label) bind(label); BLOCK_COMMENT(#label ":") // Constants const int AESBlockSize = 16; // Shuffle mask for fixing up 128-bit words consisting of big-endian 32-bit integers. ATTRIBUTE_ALIGNED(16) uint64_t KEY_SHUFFLE_MASK[] = { 0x0405060700010203UL, 0x0C0D0E0F08090A0BUL }; static address key_shuffle_mask_addr() { return (address)KEY_SHUFFLE_MASK; } // Shuffle mask for big-endian 128-bit integers. ATTRIBUTE_ALIGNED(64) uint64_t COUNTER_SHUFFLE_MASK[] = { 0x08090A0B0C0D0E0FUL, 0x0001020304050607UL, 0x08090A0B0C0D0E0FUL, 0x0001020304050607UL, 0x08090A0B0C0D0E0FUL, 0x0001020304050607UL, 0x08090A0B0C0D0E0FUL, 0x0001020304050607UL, }; static address counter_shuffle_mask_addr() { return (address)COUNTER_SHUFFLE_MASK; } // This mask is used for incrementing counter value ATTRIBUTE_ALIGNED(64) uint64_t COUNTER_MASK_LINC0[] = { 0x0000000000000000UL, 0x0000000000000000UL, 0x0000000000000001UL, 0x0000000000000000UL, 0x0000000000000002UL, 0x0000000000000000UL, 0x0000000000000003UL, 0x0000000000000000UL, }; static address counter_mask_linc0_addr() { return (address)COUNTER_MASK_LINC0; } ATTRIBUTE_ALIGNED(16) uint64_t COUNTER_MASK_LINC1[] = { 0x0000000000000001UL, 0x0000000000000000UL, }; static address counter_mask_linc1_addr() { return (address)COUNTER_MASK_LINC1; } ATTRIBUTE_ALIGNED(64) uint64_t COUNTER_MASK_LINC4[] = { 0x0000000000000004UL, 0x0000000000000000UL, 0x0000000000000004UL, 0x0000000000000000UL, 0x0000000000000004UL, 0x0000000000000000UL, 0x0000000000000004UL, 0x0000000000000000UL, }; static address counter_mask_linc4_addr() { return (address)COUNTER_MASK_LINC4; } ATTRIBUTE_ALIGNED(64) uint64_t COUNTER_MASK_LINC8[] = { 0x0000000000000008UL, 0x0000000000000000UL, 0x0000000000000008UL, 0x0000000000000000UL, 0x0000000000000008UL, 0x0000000000000000UL, 0x0000000000000008UL, 0x0000000000000000UL, }; static address counter_mask_linc8_addr() { return (address)COUNTER_MASK_LINC8; } ATTRIBUTE_ALIGNED(64) uint64_t COUNTER_MASK_LINC16[] = { 0x0000000000000010UL, 0x0000000000000000UL, 0x0000000000000010UL, 0x0000000000000000UL, 0x0000000000000010UL, 0x0000000000000000UL, 0x0000000000000010UL, 0x0000000000000000UL, }; static address counter_mask_linc16_addr() { return (address)COUNTER_MASK_LINC16; } ATTRIBUTE_ALIGNED(64) uint64_t COUNTER_MASK_LINC32[] = { 0x0000000000000020UL, 0x0000000000000000UL, 0x0000000000000020UL, 0x0000000000000000UL, 0x0000000000000020UL, 0x0000000000000000UL, 0x0000000000000020UL, 0x0000000000000000UL, }; static address counter_mask_linc32_addr() { return (address)COUNTER_MASK_LINC32; } ATTRIBUTE_ALIGNED(64) uint64_t GHASH_POLYNOMIAL_REDUCTION[] = { 0x00000001C2000000UL, 0xC200000000000000UL, 0x00000001C2000000UL, 0xC200000000000000UL, 0x00000001C2000000UL, 0xC200000000000000UL, 0x00000001C2000000UL, 0xC200000000000000UL, }; static address ghash_polynomial_reduction_addr() { return (address)GHASH_POLYNOMIAL_REDUCTION; } ATTRIBUTE_ALIGNED(16) uint64_t GHASH_POLYNOMIAL_TWO_ONE[] = { 0x0000000000000001UL, 0x0000000100000000UL, }; static address ghash_polynomial_two_one_addr() { return (address)GHASH_POLYNOMIAL_TWO_ONE; } // AES intrinsic stubs void StubGenerator::generate_aes_stubs() { if (UseAESIntrinsics) { StubRoutines::_aescrypt_encryptBlock = generate_aescrypt_encryptBlock(); StubRoutines::_aescrypt_decryptBlock = generate_aescrypt_decryptBlock(); StubRoutines::_cipherBlockChaining_encryptAESCrypt = generate_cipherBlockChaining_ if (VM_Version::supports_avx512_vaes() && VM_Version::supports_avx512vl() && VM_Version:: StubRoutines::_cipherBlockChaining_decryptAESCrypt = generate_cipherBlockChaining_ StubRoutines::_electronicCodeBook_encryptAESCrypt = generate_electronicCodeBook_en StubRoutines::_electronicCodeBook_decryptAESCrypt = generate_electronicCodeBook_de StubRoutines::_galoisCounterMode_AESCrypt = generate_galoisCounterMode_AESCrypt(); } else { StubRoutines::_cipherBlockChaining_decryptAESCrypt = generate_cipherBlockChaining_ } } if (UseAESCTRIntrinsics) { if (VM_Version::supports_avx512_vaes() && VM_Version::supports_avx512bw() && VM_Version:: StubRoutines::_counterMode_AESCrypt = generate_counterMode_VectorAESCrypt(); } else { StubRoutines::_counterMode_AESCrypt = generate_counterMode_AESCrypt_Parallel(); } } } // Vector AES Galois Counter Mode implementation. // // Inputs: Windows | Linux // in = rcx (c_rarg0) | rsi (c_rarg0) // len = rdx (c_rarg1) | rdi (c_rarg1) // ct = r8 (c_rarg2) | rdx (c_rarg2) // out = r9 (c_rarg3) | rcx (c_rarg3) // key = r10 | r8 (c_rarg4) // state = r13 | r9 (c_rarg5) // subkeyHtbl = r14 | r11 // counter = rsi | r12 // // Output: // rax - number of processed bytes address StubGenerator::generate_galoisCounterMode_AESCrypt() { __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "galoisCounterMode_AESCrypt"); address start = __ pc(); const Register in = c_rarg0; const Register len = c_rarg1; const Register ct = c_rarg2; const Register out = c_rarg3; // and updated with the incremented counter in the end #ifndef _WIN64 const Register key = c_rarg4; const Register state = c_rarg5; const Address subkeyH_mem(rbp, 2 * wordSize); const Register subkeyHtbl = r11; const Register avx512_subkeyHtbl = r13; const Address counter_mem(rbp, 3 * wordSize); const Register counter = r12; #else const Address key_mem(rbp, 6 * wordSize); const Register key = r10; const Address state_mem(rbp, 7 * wordSize); const Register state = r13; const Address subkeyH_mem(rbp, 8 * wordSize); const Register subkeyHtbl = r14; const Register avx512_subkeyHtbl = r12; const Address counter_mem(rbp, 9 * wordSize); const Register counter = rsi; #endif __ enter(); // Save state before entering routine __ push(r12); __ push(r13); __ push(r14); __ push(r15); __ push(rbx); #ifdef _WIN64 // on win64, fill len_reg from stack position __ push(rsi); __ movptr(key, key_mem); __ movptr(state, state_mem); #endif __ movptr(subkeyHtbl, subkeyH_mem); __ movptr(counter, counter_mem); // Save rbp and rsp __ push(rbp); __ movq(rbp, rsp); // Align stack __ andq(rsp, -64); __ subptr(rsp, 96 * longSize); // Create space on the stack for htbl entries __ movptr(avx512_subkeyHtbl, rsp); aesgcm_encrypt(in, len, ct, out, key, state, subkeyHtbl, avx512_subkeyHtbl, counter); __ vzeroupper(); __ movq(rsp, rbp); __ pop(rbp); // Restore state before leaving routine #ifdef _WIN64 __ pop(rsi); #endif __ pop(rbx); __ pop(r15); __ pop(r14); __ pop(r13); __ pop(r12); __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); return start; } // Vector AES Counter implementation address StubGenerator::generate_counterMode_VectorAESCrypt() { __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "counterMode_AESCrypt"); address start = __ pc(); const Register from = c_rarg0; // source array address const Register to = c_rarg1; // destination array address const Register key = c_rarg2; // key array address r8 const Register counter = c_rarg3; // counter byte array initialized from counter array addres // and updated with the incremented counter in the end #ifndef _WIN64 const Register len_reg = c_rarg4; const Register saved_encCounter_start = c_rarg5; const Register used_addr = r10; const Address used_mem(rbp, 2 * wordSize); const Register used = r11; #else const Address len_mem(rbp, 6 * wordSize); // length is on stack on Win64 const Address saved_encCounter_mem(rbp, 7 * wordSize); // saved encrypted counter is on stac const Address used_mem(rbp, 8 * wordSize); // used length is on stack on Win64 const Register len_reg = r10; // pick the first volatile windows register const Register saved_encCounter_start = r11; const Register used_addr = r13; const Register used = r14; #endif __ enter(); // Save state before entering routine __ push(r12); __ push(r13); __ push(r14); __ push(r15); #ifdef _WIN64 // on win64, fill len_reg from stack position __ movl(len_reg, len_mem); __ movptr(saved_encCounter_start, saved_encCounter_mem); __ movptr(used_addr, used_mem); __ movl(used, Address(used_addr, 0)); #else __ push(len_reg); // Save __ movptr(used_addr, used_mem); __ movl(used, Address(used_addr, 0)); #endif __ push(rbx); aesctr_encrypt(from, to, key, counter, len_reg, used, used_addr, saved_encCounter_start __ vzeroupper(); // Restore state before leaving routine __ pop(rbx); #ifdef _WIN64 __ movl(rax, len_mem); // return length #else __ pop(rax); // return length #endif __ pop(r15); __ pop(r14); __ pop(r13); __ pop(r12); __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); return start; } // This is a version of CTR/AES crypt which does 6 blocks in a loop at a time // to hide instruction latency // // Arguments: // // Inputs: // c_rarg0 - source byte array address // c_rarg1 - destination byte array address // c_rarg2 - K (key) in little endian int array // c_rarg3 - counter vector byte array address // Linux // c_rarg4 - input length // c_rarg5 - saved encryptedCounter start // rbp + 6 * wordSize - saved used length // Windows // rbp + 6 * wordSize - input length // rbp + 7 * wordSize - saved encryptedCounter start // rbp + 8 * wordSize - saved used length // // Output: // rax - input length // address StubGenerator::generate_counterMode_AESCrypt_Parallel() { assert(UseAES, "need AES instructions and misaligned SSE support"); __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "counterMode_AESCrypt"); address start = __ pc(); const Register from = c_rarg0; // source array address const Register to = c_rarg1; // destination array address const Register key = c_rarg2; // key array address const Register counter = c_rarg3; // counter byte array initialized from counter array addres // and updated with the incremented counter in the end #ifndef _WIN64 const Register len_reg = c_rarg4; const Register saved_encCounter_start = c_rarg5; const Register used_addr = r10; const Address used_mem(rbp, 2 * wordSize); const Register used = r11; #else const Address len_mem(rbp, 6 * wordSize); // length is on stack on Win64 const Address saved_encCounter_mem(rbp, 7 * wordSize); // length is on stack on Win64 const Address used_mem(rbp, 8 * wordSize); // length is on stack on Win64 const Register len_reg = r10; // pick the first volatile windows register const Register saved_encCounter_start = r11; const Register used_addr = r13; const Register used = r14; #endif const Register pos = rax; const int PARALLEL_FACTOR = 6; const XMMRegister xmm_counter_shuf_mask = xmm0; const XMMRegister xmm_key_shuf_mask = xmm1; // used temporarily to swap key bytes up front const XMMRegister xmm_curr_counter = xmm2; const XMMRegister xmm_key_tmp0 = xmm3; const XMMRegister xmm_key_tmp1 = xmm4; // registers holding the four results in the parallelized loop const XMMRegister xmm_result0 = xmm5; const XMMRegister xmm_result1 = xmm6; const XMMRegister xmm_result2 = xmm7; const XMMRegister xmm_result3 = xmm8; const XMMRegister xmm_result4 = xmm9; const XMMRegister xmm_result5 = xmm10; const XMMRegister xmm_from0 = xmm11; const XMMRegister xmm_from1 = xmm12; const XMMRegister xmm_from2 = xmm13; const XMMRegister xmm_from3 = xmm14; //the last one is xmm14. we have to preserve it on WIN64. const XMMRegister xmm_from4 = xmm3; //reuse xmm3~4. Because xmm_key_tmp0~1 are useless when const XMMRegister xmm_from5 = xmm4; //for key_128, key_192, key_256 const int rounds[3] = {10, 12, 14}; Label L_exit_preLoop, L_preLoop_start; Label L_multiBlock_loopTop[3]; Label L_singleBlockLoopTop[3]; Label L__incCounter[3][6]; //for 6 blocks Label L__incCounter_single[3]; //for single block, key128, key192, key256 Label L_processTail_insr[3], L_processTail_4_insr[3], L_processTail_2_insr[3], L_pro Label L_processTail_4_extr[3], L_processTail_2_extr[3], L_processTail_1_extr[3], L_p Label L_exit; __ enter(); // required for proper stackwalking of RuntimeStub frame #ifdef _WIN64 // allocate spill slots for r13, r14 enum { saved_r13_offset, saved_r14_offset }; __ subptr(rsp, 2 * wordSize); __ movptr(Address(rsp, saved_r13_offset * wordSize), r13); __ movptr(Address(rsp, saved_r14_offset * wordSize), r14); // on win64, fill len_reg from stack position __ movl(len_reg, len_mem); __ movptr(saved_encCounter_start, saved_encCounter_mem); __ movptr(used_addr, used_mem); __ movl(used, Address(used_addr, 0)); #else __ push(len_reg); // Save __ movptr(used_addr, used_mem); __ movl(used, Address(used_addr, 0)); #endif __ push(rbx); // Save RBX __ movdqu(xmm_curr_counter, Address(counter, 0x00)); // initialize counter with initial c __ movdqu(xmm_counter_shuf_mask, ExternalAddress(counter_shuffle_mask_addr()), pos / __ pshufb(xmm_curr_counter, xmm_counter_shuf_mask); //counter is shuffled __ movptr(pos, 0); // Use the partially used encrpyted counter from last invocation __ BIND(L_preLoop_start); __ cmpptr(used, 16); __ jcc(Assembler::aboveEqual, L_exit_preLoop); __ cmpptr(len_reg, 0); __ jcc(Assembler::lessEqual, L_exit_preLoop); __ movb(rbx, Address(saved_encCounter_start, used)); __ xorb(rbx, Address(from, pos)); __ movb(Address(to, pos), rbx); __ addptr(pos, 1); __ addptr(used, 1); __ subptr(len_reg, 1); __ jmp(L_preLoop_start); __ BIND(L_exit_preLoop); __ movl(Address(used_addr, 0), used); // key length could be only {11, 13, 15} * 4 = {44, 52, 60} __ movdqu(xmm_key_shuf_mask, ExternalAddress(key_shuffle_mask_addr()), rbx /*rscratc __ movl(rbx, Address(key, arrayOopDesc::length_offset_in_bytes() - arrayOopDesc::base __ cmpl(rbx, 52); __ jcc(Assembler::equal, L_multiBlock_loopTop[1]); __ cmpl(rbx, 60); __ jcc(Assembler::equal, L_multiBlock_loopTop[2]); #define CTR_DoSix(opc, src_reg) \ __ opc(xmm_result0, src_reg); \ __ opc(xmm_result1, src_reg); \ __ opc(xmm_result2, src_reg); \ __ opc(xmm_result3, src_reg); \ __ opc(xmm_result4, src_reg); \ __ opc(xmm_result5, src_reg); // k == 0 : generate code for key_128 // k == 1 : generate code for key_192 // k == 2 : generate code for key_256 for (int k = 0; k < 3; ++k) { //multi blocks starts here __ align(OptoLoopAlignment); __ BIND(L_multiBlock_loopTop[k]); __ cmpptr(len_reg, PARALLEL_FACTOR * AESBlockSize); // see if at least PARALLEL_FACTOR bloc __ jcc(Assembler::less, L_singleBlockLoopTop[k]); load_key(xmm_key_tmp0, key, 0x00, xmm_key_shuf_mask); //load, then increase counters CTR_DoSix(movdqa, xmm_curr_counter); inc_counter(rbx, xmm_result1, 0x01, L__incCounter[k][0]); inc_counter(rbx, xmm_result2, 0x02, L__incCounter[k][1]); inc_counter(rbx, xmm_result3, 0x03, L__incCounter[k][2]); inc_counter(rbx, xmm_result4, 0x04, L__incCounter[k][3]); inc_counter(rbx, xmm_result5, 0x05, L__incCounter[k][4]); inc_counter(rbx, xmm_curr_counter, 0x06, L__incCounter[k][5]); CTR_DoSix(pshufb, xmm_counter_shuf_mask); // after increased, shuffled counters back for CTR_DoSix(pxor, xmm_key_tmp0); //PXOR with Round 0 key //load two ROUND_KEYs at a time for (int i = 1; i < rounds[k]; ) { load_key(xmm_key_tmp1, key, (0x10 * i), xmm_key_shuf_mask); load_key(xmm_key_tmp0, key, (0x10 * (i+1)), xmm_key_shuf_mask); CTR_DoSix(aesenc, xmm_key_tmp1); i++; if (i != rounds[k]) { CTR_DoSix(aesenc, xmm_key_tmp0); } else { CTR_DoSix(aesenclast, xmm_key_tmp0); } i++; } // get next PARALLEL_FACTOR blocks into xmm_result registers __ movdqu(xmm_from0, Address(from, pos, Address::times_1, 0 * AESBlockSize)); __ movdqu(xmm_from1, Address(from, pos, Address::times_1, 1 * AESBlockSize)); __ movdqu(xmm_from2, Address(from, pos, Address::times_1, 2 * AESBlockSize)); __ movdqu(xmm_from3, Address(from, pos, Address::times_1, 3 * AESBlockSize)); __ movdqu(xmm_from4, Address(from, pos, Address::times_1, 4 * AESBlockSize)); __ movdqu(xmm_from5, Address(from, pos, Address::times_1, 5 * AESBlockSize)); __ pxor(xmm_result0, xmm_from0); __ pxor(xmm_result1, xmm_from1); __ pxor(xmm_result2, xmm_from2); __ pxor(xmm_result3, xmm_from3); __ pxor(xmm_result4, xmm_from4); __ pxor(xmm_result5, xmm_from5); // store 6 results into the next 64 bytes of output __ movdqu(Address(to, pos, Address::times_1, 0 * AESBlockSize), xmm_result0); __ movdqu(Address(to, pos, Address::times_1, 1 * AESBlockSize), xmm_result1); __ movdqu(Address(to, pos, Address::times_1, 2 * AESBlockSize), xmm_result2); __ movdqu(Address(to, pos, Address::times_1, 3 * AESBlockSize), xmm_result3); __ movdqu(Address(to, pos, Address::times_1, 4 * AESBlockSize), xmm_result4); __ movdqu(Address(to, pos, Address::times_1, 5 * AESBlockSize), xmm_result5); __ addptr(pos, PARALLEL_FACTOR * AESBlockSize); // increase the length of crypt text __ subptr(len_reg, PARALLEL_FACTOR * AESBlockSize); // decrease the remaining length __ jmp(L_multiBlock_loopTop[k]); // singleBlock starts here __ align(OptoLoopAlignment); __ BIND(L_singleBlockLoopTop[k]); __ cmpptr(len_reg, 0); __ jcc(Assembler::lessEqual, L_exit); load_key(xmm_key_tmp0, key, 0x00, xmm_key_shuf_mask); __ movdqa(xmm_result0, xmm_curr_counter); inc_counter(rbx, xmm_curr_counter, 0x01, L__incCounter_single[k]); __ pshufb(xmm_result0, xmm_counter_shuf_mask); __ pxor(xmm_result0, xmm_key_tmp0); for (int i = 1; i < rounds[k]; i++) { load_key(xmm_key_tmp0, key, (0x10 * i), xmm_key_shuf_mask); __ aesenc(xmm_result0, xmm_key_tmp0); } load_key(xmm_key_tmp0, key, (rounds[k] * 0x10), xmm_key_shuf_mask); __ aesenclast(xmm_result0, xmm_key_tmp0); __ cmpptr(len_reg, AESBlockSize); __ jcc(Assembler::less, L_processTail_insr[k]); __ movdqu(xmm_from0, Address(from, pos, Address::times_1, 0 * AESBlockSize)); __ pxor(xmm_result0, xmm_from0); __ movdqu(Address(to, pos, Address::times_1, 0 * AESBlockSize), xmm_result0); __ addptr(pos, AESBlockSize); __ subptr(len_reg, AESBlockSize); __ jmp(L_singleBlockLoopTop[k]); __ BIND(L_processTail_insr[k]); // Process the tail part of the input array __ addptr(pos, len_reg); // 1. Insert bytes from src array into xmm_from0 register __ testptr(len_reg, 8); __ jcc(Assembler::zero, L_processTail_4_insr[k]); __ subptr(pos,8); __ pinsrq(xmm_from0, Address(from, pos), 0); __ BIND(L_processTail_4_insr[k]); __ testptr(len_reg, 4); __ jcc(Assembler::zero, L_processTail_2_insr[k]); __ subptr(pos,4); __ pslldq(xmm_from0, 4); __ pinsrd(xmm_from0, Address(from, pos), 0); __ BIND(L_processTail_2_insr[k]); __ testptr(len_reg, 2); __ jcc(Assembler::zero, L_processTail_1_insr[k]); __ subptr(pos, 2); __ pslldq(xmm_from0, 2); __ pinsrw(xmm_from0, Address(from, pos), 0); __ BIND(L_processTail_1_insr[k]); __ testptr(len_reg, 1); __ jcc(Assembler::zero, L_processTail_exit_insr[k]); __ subptr(pos, 1); __ pslldq(xmm_from0, 1); __ pinsrb(xmm_from0, Address(from, pos), 0); __ BIND(L_processTail_exit_insr[k]); __ movdqu(Address(saved_encCounter_start, 0), xmm_result0); // 2. Perform pxor of the encr __ pxor(xmm_result0, xmm_from0); // Also the encrypted counter is saved for next invocation. __ testptr(len_reg, 8); __ jcc(Assembler::zero, L_processTail_4_extr[k]); // 3. Extract bytes from xmm_result0 in __ pextrq(Address(to, pos), xmm_result0, 0); __ psrldq(xmm_result0, 8); __ addptr(pos, 8); __ BIND(L_processTail_4_extr[k]); __ testptr(len_reg, 4); __ jcc(Assembler::zero, L_processTail_2_extr[k]); __ pextrd(Address(to, pos), xmm_result0, 0); __ psrldq(xmm_result0, 4); __ addptr(pos, 4); __ BIND(L_processTail_2_extr[k]); __ testptr(len_reg, 2); __ jcc(Assembler::zero, L_processTail_1_extr[k]); __ pextrw(Address(to, pos), xmm_result0, 0); __ psrldq(xmm_result0, 2); __ addptr(pos, 2); __ BIND(L_processTail_1_extr[k]); __ testptr(len_reg, 1); __ jcc(Assembler::zero, L_processTail_exit_extr[k]); __ pextrb(Address(to, pos), xmm_result0, 0); __ BIND(L_processTail_exit_extr[k]); __ movl(Address(used_addr, 0), len_reg); __ jmp(L_exit); } __ BIND(L_exit); __ pshufb(xmm_curr_counter, xmm_counter_shuf_mask); //counter is shuffled back. __ movdqu(Address(counter, 0), xmm_curr_counter); //save counter back __ pop(rbx); // pop the saved RBX. #ifdef _WIN64 __ movl(rax, len_mem); __ movptr(r13, Address(rsp, saved_r13_offset * wordSize)); __ movptr(r14, Address(rsp, saved_r14_offset * wordSize)); __ addptr(rsp, 2 * wordSize); #else __ pop(rax); // return 'len' #endif __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); return start; } address StubGenerator::generate_cipherBlockChaining_decryptVectorAESCrypt() { assert(VM_Version::supports_avx512_vaes(), "need AES instructions and misaligned __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "cipherBlockChaining_decryptAESCrypt"); address start = __ pc(); const Register from = c_rarg0; // source array address const Register to = c_rarg1; // destination array address const Register key = c_rarg2; // key array address const Register rvec = c_rarg3; // r byte array initialized from initvector array address // and left with the results of the last encryption block #ifndef _WIN64 const Register len_reg = c_rarg4; // src len (must be multiple of blocksize 16) #else const Address len_mem(rbp, 6 * wordSize); // length is on stack on Win64 const Register len_reg = r11; // pick the volatile windows register #endif Label Loop, Loop1, L_128, L_256, L_192, KEY_192, KEY_256, Loop2, Lcbc_dec_rem_loop, Lcbc_dec_rem_last, Lcbc_dec_ret, Lcbc_dec_rem, Lcbc_exit; __ enter(); #ifdef _WIN64 // on win64, fill len_reg from stack position __ movl(len_reg, len_mem); #else __ push(len_reg); // Save #endif __ push(rbx); __ vzeroupper(); // Temporary variable declaration for swapping key bytes const XMMRegister xmm_key_shuf_mask = xmm1; __ movdqu(xmm_key_shuf_mask, ExternalAddress(key_shuffle_mask_addr()), rbx /*rscratc // Calculate number of rounds from key size: 44 for 10-rounds, 52 for 12-rounds, 60 for 14-round const Register rounds = rbx; __ movl(rounds, Address(key, arrayOopDesc::length_offset_in_bytes() - arrayOopDesc::b const XMMRegister IV = xmm0; // Load IV and broadcast value to 512-bits __ evbroadcasti64x2(IV, Address(rvec, 0), Assembler::AVX_512bit); // Temporary variables for storing round keys const XMMRegister RK0 = xmm30; const XMMRegister RK1 = xmm9; const XMMRegister RK2 = xmm18; const XMMRegister RK3 = xmm19; const XMMRegister RK4 = xmm20; const XMMRegister RK5 = xmm21; const XMMRegister RK6 = xmm22; const XMMRegister RK7 = xmm23; const XMMRegister RK8 = xmm24; const XMMRegister RK9 = xmm25; const XMMRegister RK10 = xmm26; // Load and shuffle key // the java expanded key ordering is rotated one position from what we want // so we start from 1*16 here and hit 0*16 last ev_load_key(RK1, key, 1 * 16, xmm_key_shuf_mask); ev_load_key(RK2, key, 2 * 16, xmm_key_shuf_mask); ev_load_key(RK3, key, 3 * 16, xmm_key_shuf_mask); ev_load_key(RK4, key, 4 * 16, xmm_key_shuf_mask); ev_load_key(RK5, key, 5 * 16, xmm_key_shuf_mask); ev_load_key(RK6, key, 6 * 16, xmm_key_shuf_mask); ev_load_key(RK7, key, 7 * 16, xmm_key_shuf_mask); ev_load_key(RK8, key, 8 * 16, xmm_key_shuf_mask); ev_load_key(RK9, key, 9 * 16, xmm_key_shuf_mask); ev_load_key(RK10, key, 10 * 16, xmm_key_shuf_mask); ev_load_key(RK0, key, 0*16, xmm_key_shuf_mask); // Variables for storing source cipher text const XMMRegister S0 = xmm10; const XMMRegister S1 = xmm11; const XMMRegister S2 = xmm12; const XMMRegister S3 = xmm13; const XMMRegister S4 = xmm14; const XMMRegister S5 = xmm15; const XMMRegister S6 = xmm16; const XMMRegister S7 = xmm17; // Variables for storing decrypted text const XMMRegister B0 = xmm1; const XMMRegister B1 = xmm2; const XMMRegister B2 = xmm3; const XMMRegister B3 = xmm4; const XMMRegister B4 = xmm5; const XMMRegister B5 = xmm6; const XMMRegister B6 = xmm7; const XMMRegister B7 = xmm8; __ cmpl(rounds, 44); __ jcc(Assembler::greater, KEY_192); __ jmp(Loop); __ BIND(KEY_192); const XMMRegister RK11 = xmm27; const XMMRegister RK12 = xmm28; ev_load_key(RK11, key, 11*16, xmm_key_shuf_mask); ev_load_key(RK12, key, 12*16, xmm_key_shuf_mask); __ cmpl(rounds, 52); __ jcc(Assembler::greater, KEY_256); __ jmp(Loop); __ BIND(KEY_256); const XMMRegister RK13 = xmm29; const XMMRegister RK14 = xmm31; ev_load_key(RK13, key, 13*16, xmm_key_shuf_mask); ev_load_key(RK14, key, 14*16, xmm_key_shuf_mask); __ BIND(Loop); __ cmpl(len_reg, 512); __ jcc(Assembler::below, Lcbc_dec_rem); __ BIND(Loop1); __ subl(len_reg, 512); __ evmovdquq(S0, Address(from, 0 * 64), Assembler::AVX_512bit); __ evmovdquq(S1, Address(from, 1 * 64), Assembler::AVX_512bit); __ evmovdquq(S2, Address(from, 2 * 64), Assembler::AVX_512bit); __ evmovdquq(S3, Address(from, 3 * 64), Assembler::AVX_512bit); __ evmovdquq(S4, Address(from, 4 * 64), Assembler::AVX_512bit); __ evmovdquq(S5, Address(from, 5 * 64), Assembler::AVX_512bit); __ evmovdquq(S6, Address(from, 6 * 64), Assembler::AVX_512bit); __ evmovdquq(S7, Address(from, 7 * 64), Assembler::AVX_512bit); __ leaq(from, Address(from, 8 * 64)); __ evpxorq(B0, S0, RK1, Assembler::AVX_512bit); __ evpxorq(B1, S1, RK1, Assembler::AVX_512bit); __ evpxorq(B2, S2, RK1, Assembler::AVX_512bit); __ evpxorq(B3, S3, RK1, Assembler::AVX_512bit); __ evpxorq(B4, S4, RK1, Assembler::AVX_512bit); __ evpxorq(B5, S5, RK1, Assembler::AVX_512bit); __ evpxorq(B6, S6, RK1, Assembler::AVX_512bit); __ evpxorq(B7, S7, RK1, Assembler::AVX_512bit); __ evalignq(IV, S0, IV, 0x06); __ evalignq(S0, S1, S0, 0x06); __ evalignq(S1, S2, S1, 0x06); __ evalignq(S2, S3, S2, 0x06); __ evalignq(S3, S4, S3, 0x06); __ evalignq(S4, S5, S4, 0x06); __ evalignq(S5, S6, S5, 0x06); __ evalignq(S6, S7, S6, 0x06); roundDec(RK2); roundDec(RK3); roundDec(RK4); roundDec(RK5); roundDec(RK6); roundDec(RK7); roundDec(RK8); roundDec(RK9); roundDec(RK10); __ cmpl(rounds, 44); __ jcc(Assembler::belowEqual, L_128); roundDec(RK11); roundDec(RK12); __ cmpl(rounds, 52); __ jcc(Assembler::belowEqual, L_192); roundDec(RK13); roundDec(RK14); __ BIND(L_256); roundDeclast(RK0); __ jmp(Loop2); __ BIND(L_128); roundDeclast(RK0); __ jmp(Loop2); __ BIND(L_192); roundDeclast(RK0); __ BIND(Loop2); __ evpxorq(B0, B0, IV, Assembler::AVX_512bit); __ evpxorq(B1, B1, S0, Assembler::AVX_512bit); __ evpxorq(B2, B2, S1, Assembler::AVX_512bit); __ evpxorq(B3, B3, S2, Assembler::AVX_512bit); __ evpxorq(B4, B4, S3, Assembler::AVX_512bit); __ evpxorq(B5, B5, S4, Assembler::AVX_512bit); __ evpxorq(B6, B6, S5, Assembler::AVX_512bit); __ evpxorq(B7, B7, S6, Assembler::AVX_512bit); __ evmovdquq(IV, S7, Assembler::AVX_512bit); __ evmovdquq(Address(to, 0 * 64), B0, Assembler::AVX_512bit); __ evmovdquq(Address(to, 1 * 64), B1, Assembler::AVX_512bit); __ evmovdquq(Address(to, 2 * 64), B2, Assembler::AVX_512bit); __ evmovdquq(Address(to, 3 * 64), B3, Assembler::AVX_512bit); __ evmovdquq(Address(to, 4 * 64), B4, Assembler::AVX_512bit); __ evmovdquq(Address(to, 5 * 64), B5, Assembler::AVX_512bit); __ evmovdquq(Address(to, 6 * 64), B6, Assembler::AVX_512bit); __ evmovdquq(Address(to, 7 * 64), B7, Assembler::AVX_512bit); __ leaq(to, Address(to, 8 * 64)); __ jmp(Loop); __ BIND(Lcbc_dec_rem); __ evshufi64x2(IV, IV, IV, 0x03, Assembler::AVX_512bit); __ BIND(Lcbc_dec_rem_loop); __ subl(len_reg, 16); __ jcc(Assembler::carrySet, Lcbc_dec_ret); __ movdqu(S0, Address(from, 0)); __ evpxorq(B0, S0, RK1, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK2, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK3, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK4, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK5, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK6, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK7, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK8, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK9, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK10, Assembler::AVX_512bit); __ cmpl(rounds, 44); __ jcc(Assembler::belowEqual, Lcbc_dec_rem_last); __ vaesdec(B0, B0, RK11, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK12, Assembler::AVX_512bit); __ cmpl(rounds, 52); __ jcc(Assembler::belowEqual, Lcbc_dec_rem_last); __ vaesdec(B0, B0, RK13, Assembler::AVX_512bit); __ vaesdec(B0, B0, RK14, Assembler::AVX_512bit); __ BIND(Lcbc_dec_rem_last); __ vaesdeclast(B0, B0, RK0, Assembler::AVX_512bit); __ evpxorq(B0, B0, IV, Assembler::AVX_512bit); __ evmovdquq(IV, S0, Assembler::AVX_512bit); __ movdqu(Address(to, 0), B0); __ leaq(from, Address(from, 16)); __ leaq(to, Address(to, 16)); __ jmp(Lcbc_dec_rem_loop); __ BIND(Lcbc_dec_ret); __ movdqu(Address(rvec, 0), IV); // Zero out the round keys __ evpxorq(RK0, RK0, RK0, Assembler::AVX_512bit); __ evpxorq(RK1, RK1, RK1, Assembler::AVX_512bit); __ evpxorq(RK2, RK2, RK2, Assembler::AVX_512bit); __ evpxorq(RK3, RK3, RK3, Assembler::AVX_512bit); __ evpxorq(RK4, RK4, RK4, Assembler::AVX_512bit); __ evpxorq(RK5, RK5, RK5, Assembler::AVX_512bit); __ evpxorq(RK6, RK6, RK6, Assembler::AVX_512bit); __ evpxorq(RK7, RK7, RK7, Assembler::AVX_512bit); __ evpxorq(RK8, RK8, RK8, Assembler::AVX_512bit); __ evpxorq(RK9, RK9, RK9, Assembler::AVX_512bit); __ evpxorq(RK10, RK10, RK10, Assembler::AVX_512bit); __ cmpl(rounds, 44); __ jcc(Assembler::belowEqual, Lcbc_exit); __ evpxorq(RK11, RK11, RK11, Assembler::AVX_512bit); __ evpxorq(RK12, RK12, RK12, Assembler::AVX_512bit); __ cmpl(rounds, 52); __ jcc(Assembler::belowEqual, Lcbc_exit); __ evpxorq(RK13, RK13, RK13, Assembler::AVX_512bit); __ evpxorq(RK14, RK14, RK14, Assembler::AVX_512bit); __ BIND(Lcbc_exit); __ vzeroupper(); __ pop(rbx); #ifdef _WIN64 __ movl(rax, len_mem); #else __ pop(rax); // return length #endif __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); return start; } // Arguments: // // Inputs: // c_rarg0 - source byte array address // c_rarg1 - destination byte array address // c_rarg2 - K (key) in little endian int array // address StubGenerator::generate_aescrypt_encryptBlock() { assert(UseAES, "need AES instructions and misaligned SSE support"); __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "aescrypt_encryptBlock"); Label L_doLast; address start = __ pc(); const Register from = c_rarg0; // source array address const Register to = c_rarg1; // destination array address const Register key = c_rarg2; // key array address const Register keylen = rax; const XMMRegister xmm_result = xmm0; const XMMRegister xmm_key_shuf_mask = xmm1; // On win64 xmm6-xmm15 must be preserved so don't use them. const XMMRegister xmm_temp1 = xmm2; const XMMRegister xmm_temp2 = xmm3; const XMMRegister xmm_temp3 = xmm4; const XMMRegister xmm_temp4 = xmm5; __ enter(); // required for proper stackwalking of RuntimeStub frame // keylen could be only {11, 13, 15} * 4 = {44, 52, 60} __ movl(keylen, Address(key, arrayOopDesc::length_offset_in_bytes() - arrayOopDesc::b __ movdqu(xmm_key_shuf_mask, ExternalAddress(key_shuffle_mask_addr()), r10 /*rscratc __ movdqu(xmm_result, Address(from, 0)); // get 16 bytes of input // For encryption, the java expanded key ordering is just what we need // we don't know if the key is aligned, hence not using load-execute form load_key(xmm_temp1, key, 0x00, xmm_key_shuf_mask); __ pxor(xmm_result, xmm_temp1); load_key(xmm_temp1, key, 0x10, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0x20, xmm_key_shuf_mask); load_key(xmm_temp3, key, 0x30, xmm_key_shuf_mask); load_key(xmm_temp4, key, 0x40, xmm_key_shuf_mask); __ aesenc(xmm_result, xmm_temp1); __ aesenc(xmm_result, xmm_temp2); __ aesenc(xmm_result, xmm_temp3); __ aesenc(xmm_result, xmm_temp4); load_key(xmm_temp1, key, 0x50, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0x60, xmm_key_shuf_mask); load_key(xmm_temp3, key, 0x70, xmm_key_shuf_mask); load_key(xmm_temp4, key, 0x80, xmm_key_shuf_mask); __ aesenc(xmm_result, xmm_temp1); __ aesenc(xmm_result, xmm_temp2); __ aesenc(xmm_result, xmm_temp3); __ aesenc(xmm_result, xmm_temp4); load_key(xmm_temp1, key, 0x90, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0xa0, xmm_key_shuf_mask); __ cmpl(keylen, 44); __ jccb(Assembler::equal, L_doLast); __ aesenc(xmm_result, xmm_temp1); __ aesenc(xmm_result, xmm_temp2); load_key(xmm_temp1, key, 0xb0, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0xc0, xmm_key_shuf_mask); __ cmpl(keylen, 52); __ jccb(Assembler::equal, L_doLast); __ aesenc(xmm_result, xmm_temp1); __ aesenc(xmm_result, xmm_temp2); load_key(xmm_temp1, key, 0xd0, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0xe0, xmm_key_shuf_mask); __ BIND(L_doLast); __ aesenc(xmm_result, xmm_temp1); __ aesenclast(xmm_result, xmm_temp2); __ movdqu(Address(to, 0), xmm_result); // store the result __ xorptr(rax, rax); // return 0 __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); return start; } // Arguments: // // Inputs: // c_rarg0 - source byte array address // c_rarg1 - destination byte array address // c_rarg2 - K (key) in little endian int array // address StubGenerator::generate_aescrypt_decryptBlock() { assert(UseAES, "need AES instructions and misaligned SSE support"); __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "aescrypt_decryptBlock"); Label L_doLast; address start = __ pc(); const Register from = c_rarg0; // source array address const Register to = c_rarg1; // destination array address const Register key = c_rarg2; // key array address const Register keylen = rax; const XMMRegister xmm_result = xmm0; const XMMRegister xmm_key_shuf_mask = xmm1; // On win64 xmm6-xmm15 must be preserved so don't use them. const XMMRegister xmm_temp1 = xmm2; const XMMRegister xmm_temp2 = xmm3; const XMMRegister xmm_temp3 = xmm4; const XMMRegister xmm_temp4 = xmm5; __ enter(); // required for proper stackwalking of RuntimeStub frame // keylen could be only {11, 13, 15} * 4 = {44, 52, 60} __ movl(keylen, Address(key, arrayOopDesc::length_offset_in_bytes() - arrayOopDesc::b __ movdqu(xmm_key_shuf_mask, ExternalAddress(key_shuffle_mask_addr()), r10 /*rscratc __ movdqu(xmm_result, Address(from, 0)); // for decryption java expanded key ordering is rotated one position from what we want // so we start from 0x10 here and hit 0x00 last // we don't know if the key is aligned, hence not using load-execute form load_key(xmm_temp1, key, 0x10, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0x20, xmm_key_shuf_mask); load_key(xmm_temp3, key, 0x30, xmm_key_shuf_mask); load_key(xmm_temp4, key, 0x40, xmm_key_shuf_mask); __ pxor (xmm_result, xmm_temp1); __ aesdec(xmm_result, xmm_temp2); __ aesdec(xmm_result, xmm_temp3); __ aesdec(xmm_result, xmm_temp4); load_key(xmm_temp1, key, 0x50, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0x60, xmm_key_shuf_mask); load_key(xmm_temp3, key, 0x70, xmm_key_shuf_mask); load_key(xmm_temp4, key, 0x80, xmm_key_shuf_mask); __ aesdec(xmm_result, xmm_temp1); __ aesdec(xmm_result, xmm_temp2); __ aesdec(xmm_result, xmm_temp3); __ aesdec(xmm_result, xmm_temp4); load_key(xmm_temp1, key, 0x90, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0xa0, xmm_key_shuf_mask); load_key(xmm_temp3, key, 0x00, xmm_key_shuf_mask); __ cmpl(keylen, 44); __ jccb(Assembler::equal, L_doLast); __ aesdec(xmm_result, xmm_temp1); __ aesdec(xmm_result, xmm_temp2); load_key(xmm_temp1, key, 0xb0, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0xc0, xmm_key_shuf_mask); __ cmpl(keylen, 52); __ jccb(Assembler::equal, L_doLast); __ aesdec(xmm_result, xmm_temp1); __ aesdec(xmm_result, xmm_temp2); load_key(xmm_temp1, key, 0xd0, xmm_key_shuf_mask); load_key(xmm_temp2, key, 0xe0, xmm_key_shuf_mask); __ BIND(L_doLast); __ aesdec(xmm_result, xmm_temp1); __ aesdec(xmm_result, xmm_temp2); // for decryption the aesdeclast operation is always on key+0x00 __ aesdeclast(xmm_result, xmm_temp3); __ movdqu(Address(to, 0), xmm_result); // store the result __ xorptr(rax, rax); // return 0 __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); return start; } // Arguments: // // Inputs: // c_rarg0 - source byte array address // c_rarg1 - destination byte array address // c_rarg2 - K (key) in little endian int array // c_rarg3 - r vector byte array address // c_rarg4 - input length // // Output: // rax - input length // address StubGenerator::generate_cipherBlockChaining_encryptAESCrypt() { assert(UseAES, "need AES instructions and misaligned SSE support"); __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "cipherBlockChaining_encryptAESCrypt"); address start = __ pc(); Label L_exit, L_key_192_256, L_key_256, L_loopTop_128, L_loopTop_192, L_loopTop_256; const Register from = c_rarg0; // source array address const Register to = c_rarg1; // destination array address const Register key = c_rarg2; // key array address const Register rvec = c_rarg3; // r byte array initialized from initvector array address // and left with the results of the last encryption block #ifdef _WIN64 const Address len_mem(rbp, 6 * wordSize); // length is on stack on Win64 const Register len_reg = r11; // pick the volatile windows register #else const Register len_reg = c_rarg4; // src len (must be multiple of blocksize 16) #endif const Register pos = rax; // xmm register assignments for the loops below const XMMRegister xmm_result = xmm0; const XMMRegister xmm_temp = xmm1; // keys 0-10 preloaded into xmm2-xmm12 const int XMM_REG_NUM_KEY_FIRST = 2; const int XMM_REG_NUM_KEY_LAST = 15; const XMMRegister xmm_key0 = as_XMMRegister(XMM_REG_NUM_KEY_FIRST); const XMMRegister xmm_key10 = as_XMMRegister(XMM_REG_NUM_KEY_FIRST+10); const XMMRegister xmm_key11 = as_XMMRegister(XMM_REG_NUM_KEY_FIRST+11); const XMMRegister xmm_key12 = as_XMMRegister(XMM_REG_NUM_KEY_FIRST+12); const XMMRegister xmm_key13 = as_XMMRegister(XMM_REG_NUM_KEY_FIRST+13); __ enter(); // required for proper stackwalking of RuntimeStub frame #ifdef _WIN64 // on win64, fill len_reg from stack position __ movl(len_reg, len_mem); #else __ push(len_reg); // Save #endif const XMMRegister xmm_key_shuf_mask = xmm_temp; // used temporarily to swap key bytes up fron __ movdqu(xmm_key_shuf_mask, ExternalAddress(key_shuffle_mask_addr()), r10 /*rscratc // load up xmm regs xmm2 thru xmm12 with key 0x00 - 0xa0 for (int rnum = XMM_REG_NUM_KEY_FIRST, offset = 0x00; rnum <= XMM_REG_NUM_KEY_FIRST+10; rnum load_key(as_XMMRegister(rnum), key, offset, xmm_key_shuf_mask); offset += 0x10; } __ movdqu(xmm_result, Address(rvec, 0x00)); // initialize xmm_result with r vec // now split to different paths depending on the keylen (len in ints of AESCrypt.KLE array (52=1 __ movl(rax, Address(key, arrayOopDesc::length_offset_in_bytes() - arrayOopDesc::base __ cmpl(rax, 44); __ jcc(Assembler::notEqual, L_key_192_256); // 128 bit code follows here __ movptr(pos, 0); __ align(OptoLoopAlignment); __ BIND(L_loopTop_128); __ movdqu(xmm_temp, Address(from, pos, Address::times_1, 0)); // get next 16 bytes of input __ pxor (xmm_result, xmm_temp); // xor with the current r vector __ pxor (xmm_result, xmm_key0); // do the aes rounds for (int rnum = XMM_REG_NUM_KEY_FIRST + 1; rnum <= XMM_REG_NUM_KEY_FIRST + 9; rnum++) { __ aesenc(xmm_result, as_XMMRegister(rnum)); } __ aesenclast(xmm_result, xmm_key10); __ movdqu(Address(to, pos, Address::times_1, 0), xmm_result); // store into the next 16 byte // no need to store r to memory until we exit __ addptr(pos, AESBlockSize); __ subptr(len_reg, AESBlockSize); __ jcc(Assembler::notEqual, L_loopTop_128); __ BIND(L_exit); __ movdqu(Address(rvec, 0), xmm_result); // final value of r stored in rvec of CipherBlockCha #ifdef _WIN64 __ movl(rax, len_mem); #else __ pop(rax); // return length #endif __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); __ BIND(L_key_192_256); // here rax = len in ints of AESCrypt.KLE array (52=192, or 60=256) load_key(xmm_key11, key, 0xb0, xmm_key_shuf_mask); load_key(xmm_key12, key, 0xc0, xmm_key_shuf_mask); __ cmpl(rax, 52); __ jcc(Assembler::notEqual, L_key_256); // 192-bit code follows here (could be changed to use more xmm registers) __ movptr(pos, 0); __ align(OptoLoopAlignment); __ BIND(L_loopTop_192); __ movdqu(xmm_temp, Address(from, pos, Address::times_1, 0)); // get next 16 bytes of input __ pxor (xmm_result, xmm_temp); // xor with the current r vector __ pxor (xmm_result, xmm_key0); // do the aes rounds for (int rnum = XMM_REG_NUM_KEY_FIRST + 1; rnum <= XMM_REG_NUM_KEY_FIRST + 11; rnum++) { __ aesenc(xmm_result, as_XMMRegister(rnum)); } __ aesenclast(xmm_result, xmm_key12); __ movdqu(Address(to, pos, Address::times_1, 0), xmm_result); // store into the next 16 byte // no need to store r to memory until we exit __ addptr(pos, AESBlockSize); __ subptr(len_reg, AESBlockSize); __ jcc(Assembler::notEqual, L_loopTop_192); __ jmp(L_exit); __ BIND(L_key_256); // 256-bit code follows here (could be changed to use more xmm registers) load_key(xmm_key13, key, 0xd0, xmm_key_shuf_mask); __ movptr(pos, 0); __ align(OptoLoopAlignment); __ BIND(L_loopTop_256); __ movdqu(xmm_temp, Address(from, pos, Address::times_1, 0)); // get next 16 bytes of input __ pxor (xmm_result, xmm_temp); // xor with the current r vector __ pxor (xmm_result, xmm_key0); // do the aes rounds for (int rnum = XMM_REG_NUM_KEY_FIRST + 1; rnum <= XMM_REG_NUM_KEY_FIRST + 13; rnum++) { __ aesenc(xmm_result, as_XMMRegister(rnum)); } load_key(xmm_temp, key, 0xe0, r10 /*rscratch*/); __ aesenclast(xmm_result, xmm_temp); __ movdqu(Address(to, pos, Address::times_1, 0), xmm_result); // store into the next 16 byte // no need to store r to memory until we exit __ addptr(pos, AESBlockSize); __ subptr(len_reg, AESBlockSize); __ jcc(Assembler::notEqual, L_loopTop_256); __ jmp(L_exit); return start; } // This is a version of CBC/AES Decrypt which does 4 blocks in a loop at a time // to hide instruction latency // // Arguments: // // Inputs: // c_rarg0 - source byte array address // c_rarg1 - destination byte array address // c_rarg2 - K (key) in little endian int array // c_rarg3 - r vector byte array address // c_rarg4 - input length // // Output: // rax - input length // address StubGenerator::generate_cipherBlockChaining_decryptAESCrypt_Parallel() { assert(UseAES, "need AES instructions and misaligned SSE support"); __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "cipherBlockChaining_decryptAESCrypt"); address start = __ pc(); const Register from = c_rarg0; // source array address const Register to = c_rarg1; // destination array address const Register key = c_rarg2; // key array address const Register rvec = c_rarg3; // r byte array initialized from initvector array address // and left with the results of the last encryption block #ifndef _WIN64 const Register len_reg = c_rarg4; // src len (must be multiple of blocksize 16) #else const Address len_mem(rbp, 6 * wordSize); // length is on stack on Win64 const Register len_reg = r11; // pick the volatile windows register #endif const Register pos = rax; const int PARALLEL_FACTOR = 4; const int ROUNDS[3] = { 10, 12, 14 }; // aes rounds for key128, key192, key256 Label L_exit; Label L_singleBlock_loopTopHead[3]; // 128, 192, 256 Label L_singleBlock_loopTopHead2[3]; // 128, 192, 256 Label L_singleBlock_loopTop[3]; // 128, 192, 256 Label L_multiBlock_loopTopHead[3]; // 128, 192, 256 Label L_multiBlock_loopTop[3]; // 128, 192, 256 // keys 0-10 preloaded into xmm5-xmm15 const int XMM_REG_NUM_KEY_FIRST = 5; const int XMM_REG_NUM_KEY_LAST = 15; const XMMRegister xmm_key_first = as_XMMRegister(XMM_REG_NUM_KEY_FIRST); const XMMRegister xmm_key_last = as_XMMRegister(XMM_REG_NUM_KEY_LAST); __ enter(); // required for proper stackwalking of RuntimeStub frame #ifdef _WIN64 // on win64, fill len_reg from stack position __ movl(len_reg, len_mem); #else __ push(len_reg); // Save #endif __ push(rbx); // the java expanded key ordering is rotated one position from what we want // so we start from 0x10 here and hit 0x00 last const XMMRegister xmm_key_shuf_mask = xmm1; // used temporarily to swap key bytes up front __ movdqu(xmm_key_shuf_mask, ExternalAddress(key_shuffle_mask_addr()), rbx /*rscratc // load up xmm regs 5 thru 15 with key 0x10 - 0xa0 - 0x00 for (int rnum = XMM_REG_NUM_KEY_FIRST, offset = 0x10; rnum < XMM_REG_NUM_KEY_LAST; rnum++) { load_key(as_XMMRegister(rnum), key, offset, xmm_key_shuf_mask); offset += 0x10; } load_key(xmm_key_last, key, 0x00, xmm_key_shuf_mask); const XMMRegister xmm_prev_block_cipher = xmm1; // holds cipher of previous block // registers holding the four results in the parallelized loop const XMMRegister xmm_result0 = xmm0; const XMMRegister xmm_result1 = xmm2; const XMMRegister xmm_result2 = xmm3; const XMMRegister xmm_result3 = xmm4; __ movdqu(xmm_prev_block_cipher, Address(rvec, 0x00)); // initialize with initial rvec __ xorptr(pos, pos); // now split to different paths depending on the keylen (len in ints of AESCrypt.KLE array (52=1 __ movl(rbx, Address(key, arrayOopDesc::length_offset_in_bytes() - arrayOopDesc::base __ cmpl(rbx, 52); __ jcc(Assembler::equal, L_multiBlock_loopTopHead[1]); __ cmpl(rbx, 60); __ jcc(Assembler::equal, L_multiBlock_loopTopHead[2]); #define DoFour(opc, src_reg) \ __ opc(xmm_result0, src_reg); \ __ opc(xmm_result1, src_reg); \ __ opc(xmm_result2, src_reg); \ __ opc(xmm_result3, src_reg); \ for (int k = 0; k < 3; ++k) { __ BIND(L_multiBlock_loopTopHead[k]); if (k != 0) { __ cmpptr(len_reg, PARALLEL_FACTOR * AESBlockSize); // see if at least 4 blocks left __ jcc(Assembler::less, L_singleBlock_loopTopHead2[k]); } if (k == 1) { __ subptr(rsp, 6 * wordSize); __ movdqu(Address(rsp, 0), xmm15); //save last_key from xmm15 load_key(xmm15, key, 0xb0, rbx /*rscratch*/); // 0xb0; 192-bit key goes up to 0xc0 __ movdqu(Address(rsp, 2 * wordSize), xmm15); load_key(xmm1, key, 0xc0, rbx /*rscratch*/); // 0xc0; __ movdqu(Address(rsp, 4 * wordSize), xmm1); } else if (k == 2) { __ subptr(rsp, 10 * wordSize); __ movdqu(Address(rsp, 0), xmm15); //save last_key from xmm15 load_key(xmm15, key, 0xd0, rbx /*rscratch*/); // 0xd0; 256-bit key goes up to 0xe0 __ movdqu(Address(rsp, 6 * wordSize), xmm15); load_key(xmm1, key, 0xe0, rbx /*rscratch*/); // 0xe0; __ movdqu(Address(rsp, 8 * wordSize), xmm1); load_key(xmm15, key, 0xb0, rbx /*rscratch*/); // 0xb0; __ movdqu(Address(rsp, 2 * wordSize), xmm15); load_key(xmm1, key, 0xc0, rbx /*rscratch*/); // 0xc0; __ movdqu(Address(rsp, 4 * wordSize), xmm1); } __ align(OptoLoopAlignment); __ BIND(L_multiBlock_loopTop[k]); __ cmpptr(len_reg, PARALLEL_FACTOR * AESBlockSize); // see if at least 4 blocks left __ jcc(Assembler::less, L_singleBlock_loopTopHead[k]); if (k != 0) { __ movdqu(xmm15, Address(rsp, 2 * wordSize)); __ movdqu(xmm1, Address(rsp, 4 * wordSize)); } __ movdqu(xmm_result0, Address(from, pos, Address::times_1, 0 * AESBlockSize)); // get nex __ movdqu(xmm_result1, Address(from, pos, Address::times_1, 1 * AESBlockSize)); __ movdqu(xmm_result2, Address(from, pos, Address::times_1, 2 * AESBlockSize)); __ movdqu(xmm_result3, Address(from, pos, Address::times_1, 3 * AESBlockSize)); DoFour(pxor, xmm_key_first); if (k == 0) { for (int rnum = 1; rnum < ROUNDS[k]; rnum++) { DoFour(aesdec, as_XMMRegister(rnum + XMM_REG_NUM_KEY_FIRST)); } DoFour(aesdeclast, xmm_key_last); } else if (k == 1) { for (int rnum = 1; rnum <= ROUNDS[k]-2; rnum++) { DoFour(aesdec, as_XMMRegister(rnum + XMM_REG_NUM_KEY_FIRST)); } __ movdqu(xmm_key_last, Address(rsp, 0)); // xmm15 needs to be loaded again. DoFour(aesdec, xmm1); // key : 0xc0 __ movdqu(xmm_prev_block_cipher, Address(rvec, 0x00)); // xmm1 needs to be loaded again DoFour(aesdeclast, xmm_key_last); } else if (k == 2) { for (int rnum = 1; rnum <= ROUNDS[k] - 4; rnum++) { DoFour(aesdec, as_XMMRegister(rnum + XMM_REG_NUM_KEY_FIRST)); } DoFour(aesdec, xmm1); // key : 0xc0 __ movdqu(xmm15, Address(rsp, 6 * wordSize)); __ movdqu(xmm1, Address(rsp, 8 * wordSize)); DoFour(aesdec, xmm15); // key : 0xd0 __ movdqu(xmm_key_last, Address(rsp, 0)); // xmm15 needs to be loaded again. DoFour(aesdec, xmm1); // key : 0xe0 __ movdqu(xmm_prev_block_cipher, Address(rvec, 0x00)); // xmm1 needs to be loaded again DoFour(aesdeclast, xmm_key_last); } // for each result, xor with the r vector of previous cipher block __ pxor(xmm_result0, xmm_prev_block_cipher); __ movdqu(xmm_prev_block_cipher, Address(from, pos, Address::times_1, 0 * AESBlockSize) __ pxor(xmm_result1, xmm_prev_block_cipher); __ movdqu(xmm_prev_block_cipher, Address(from, pos, Address::times_1, 1 * AESBlockSize) __ pxor(xmm_result2, xmm_prev_block_cipher); __ movdqu(xmm_prev_block_cipher, Address(from, pos, Address::times_1, 2 * AESBlockSize) __ pxor(xmm_result3, xmm_prev_block_cipher); __ movdqu(xmm_prev_block_cipher, Address(from, pos, Address::times_1, 3 * AESBlockSize) if (k != 0) { __ movdqu(Address(rvec, 0x00), xmm_prev_block_cipher); } __ movdqu(Address(to, pos, Address::times_1, 0 * AESBlockSize), xmm_result0); // store 4 re __ movdqu(Address(to, pos, Address::times_1, 1 * AESBlockSize), xmm_result1); __ movdqu(Address(to, pos, Address::times_1, 2 * AESBlockSize), xmm_result2); __ movdqu(Address(to, pos, Address::times_1, 3 * AESBlockSize), xmm_result3); __ addptr(pos, PARALLEL_FACTOR * AESBlockSize); __ subptr(len_reg, PARALLEL_FACTOR * AESBlockSize); __ jmp(L_multiBlock_loopTop[k]); // registers used in the non-parallelized loops // xmm register assignments for the loops below const XMMRegister xmm_result = xmm0; const XMMRegister xmm_prev_block_cipher_save = xmm2; const XMMRegister xmm_key11 = xmm3; const XMMRegister xmm_key12 = xmm4; const XMMRegister key_tmp = xmm4; __ BIND(L_singleBlock_loopTopHead[k]); if (k == 1) { __ addptr(rsp, 6 * wordSize); } else if (k == 2) { __ addptr(rsp, 10 * wordSize); } __ cmpptr(len_reg, 0); // any blocks left?? __ jcc(Assembler::equal, L_exit); __ BIND(L_singleBlock_loopTopHead2[k]); if (k == 1) { load_key(xmm_key11, key, 0xb0, rbx /*rscratch*/); // 0xb0; 192-bit key goes up to 0xc0 load_key(xmm_key12, key, 0xc0, rbx /*rscratch*/); // 0xc0; 192-bit key goes up to 0xc0 } if (k == 2) { load_key(xmm_key11, key, 0xb0, rbx /*rscratch*/); // 0xb0; 256-bit key goes up to 0xe0 } __ align(OptoLoopAlignment); __ BIND(L_singleBlock_loopTop[k]); __ movdqu(xmm_result, Address(from, pos, Address::times_1, 0)); // get next 16 bytes of ciph __ movdqa(xmm_prev_block_cipher_save, xmm_result); // save for next r vector __ pxor(xmm_result, xmm_key_first); // do the aes dec rounds for (int rnum = 1; rnum <= 9 ; rnum++) { __ aesdec(xmm_result, as_XMMRegister(rnum + XMM_REG_NUM_KEY_FIRST)); } if (k == 1) { __ aesdec(xmm_result, xmm_key11); __ aesdec(xmm_result, xmm_key12); } if (k == 2) { __ aesdec(xmm_result, xmm_key11); load_key(key_tmp, key, 0xc0, rbx /*rscratch*/); __ aesdec(xmm_result, key_tmp); load_key(key_tmp, key, 0xd0, rbx /*rscratch*/); __ aesdec(xmm_result, key_tmp); load_key(key_tmp, key, 0xe0, rbx /*rscratch*/); __ aesdec(xmm_result, key_tmp); } __ aesdeclast(xmm_result, xmm_key_last); // xmm15 always came from key+0 __ pxor(xmm_result, xmm_prev_block_cipher); // xor with the current r vector __ movdqu(Address(to, pos, Address::times_1, 0), xmm_result); // store into the next 16 byte // no need to store r to memory until we exit __ movdqa(xmm_prev_block_cipher, xmm_prev_block_cipher_save); // set up next r vector wit __ addptr(pos, AESBlockSize); __ subptr(len_reg, AESBlockSize); __ jcc(Assembler::notEqual, L_singleBlock_loopTop[k]); if (k != 2) { __ jmp(L_exit); } } //for 128/192/256 __ BIND(L_exit); __ movdqu(Address(rvec, 0), xmm_prev_block_cipher); // final value of r stored in rvec of Cip __ pop(rbx); #ifdef _WIN64 __ movl(rax, len_mem); #else __ pop(rax); // return length #endif __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); return start; } address StubGenerator::generate_electronicCodeBook_encryptAESCrypt() { __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "electronicCodeBook_encryptAESCrypt"); address start = __ pc(); const Register from = c_rarg0; // source array address const Register to = c_rarg1; // destination array address const Register key = c_rarg2; // key array address const Register len = c_rarg3; // src len (must be multiple of blocksize 16) __ enter(); // required for proper stackwalking of RuntimeStub frame aesecb_encrypt(from, to, key, len); __ vzeroupper(); __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); return start; } address StubGenerator::generate_electronicCodeBook_decryptAESCrypt() { __ align(CodeEntryAlignment); StubCodeMark mark(this, "StubRoutines", "electronicCodeBook_decryptAESCrypt"); address start = __ pc(); const Register from = c_rarg0; // source array address const Register to = c_rarg1; // destination array address const Register key = c_rarg2; // key array address const Register len = c_rarg3; // src len (must be multiple of blocksize 16) __ enter(); // required for proper stackwalking of RuntimeStub frame aesecb_decrypt(from, to, key, len); __ vzeroupper(); __ leave(); // required for proper stackwalking of RuntimeStub frame __ ret(0); return start; } // Utility routine for increase 128bit counter (iv in CTR mode) void StubGenerator::inc_counter(Register reg, XMMRegister xmmdst, int inc_delta, Label&&n __ pextrq(reg, xmmdst, 0x0); __ addq(reg, inc_delta); __ pinsrq(xmmdst, reg, 0x0); __ jcc(Assembler::carryClear, next_block); // jump if no carry __ pextrq(reg, xmmdst, 0x01); // Carry __ addq(reg, 0x01); __ pinsrq(xmmdst, reg, 0x01); //Carry end __ BIND(next_block); // next instruction } void StubGenerator::roundEnc(XMMRegister key, int rnum) { for (int xmm_reg_no = 0; xmm_reg_no <=rnum; xmm_reg_no++) { __ vaesenc(as_XMMRegister(xmm_reg_no), as_XMMRegister(xmm_reg_no), key, Assembler::A } } void StubGenerator::lastroundEnc(XMMRegister key, int rnum) { for (int xmm_reg_no = 0; xmm_reg_no <=rnum; xmm_reg_no++) { __ vaesenclast(as_XMMRegister(xmm_reg_no), as_XMMRegister(xmm_reg_no), key, Assemble } } void StubGenerator::roundDec(XMMRegister key, int rnum) { for (int xmm_reg_no = 0; xmm_reg_no <=rnum; xmm_reg_no++) { __ vaesdec(as_XMMRegister(xmm_reg_no), as_XMMRegister(xmm_reg_no), key, Assembler::A } } void StubGenerator::lastroundDec(XMMRegister key, int rnum) { for (int xmm_reg_no = 0; xmm_reg_no <=rnum; xmm_reg_no++) { __ vaesdeclast(as_XMMRegister(xmm_reg_no), as_XMMRegister(xmm_reg_no), key, Assemble } } void StubGenerator::roundDec(XMMRegister xmm_reg) { __ vaesdec(xmm1, xmm1, xmm_reg, Assembler::AVX_512bit); __ vaesdec(xmm2, xmm2, xmm_reg, Assembler::AVX_512bit); __ vaesdec(xmm3, xmm3, xmm_reg, Assembler::AVX_512bit); __ vaesdec(xmm4, xmm4, xmm_reg, Assembler::AVX_512bit); __ vaesdec(xmm5, xmm5, xmm_reg, Assembler::AVX_512bit); __ vaesdec(xmm6, xmm6, xmm_reg, Assembler::AVX_512bit); __ vaesdec(xmm7, xmm7, xmm_reg, Assembler::AVX_512bit); __ vaesdec(xmm8, xmm8, xmm_reg, Assembler::AVX_512bit); } void StubGenerator::roundDeclast(XMMRegister xmm_reg) { __ vaesdeclast(xmm1, xmm1, xmm_reg, Assembler::AVX_512bit); __ vaesdeclast(xmm2, xmm2, xmm_reg, Assembler::AVX_512bit); __ vaesdeclast(xmm3, xmm3, xmm_reg, Assembler::AVX_512bit); __ vaesdeclast(xmm4, xmm4, xmm_reg, Assembler::AVX_512bit); __ vaesdeclast(xmm5, xmm5, xmm_reg, Assembler::AVX_512bit); __ vaesdeclast(xmm6, xmm6, xmm_reg, Assembler::AVX_512bit); __ vaesdeclast(xmm7, xmm7, xmm_reg, Assembler::AVX_512bit); __ vaesdeclast(xmm8, xmm8, xmm_reg, Assembler::AVX_512bit); } // Utility routine for loading a 128-bit key word in little endian format void StubGenerator::load_key(XMMRegister xmmdst, Register key, int offset, XMMRegister x __ movdqu(xmmdst, Address(key, offset)); __ pshufb(xmmdst, xmm_shuf_mask); } void StubGenerator::load_key(XMMRegister xmmdst, Register key, int offset, Register rscr __ movdqu(xmmdst, Address(key, offset)); __ pshufb(xmmdst, ExternalAddress(key_shuffle_mask_addr()), rscratch); } void StubGenerator::ev_load_key(XMMRegister xmmdst, Register key, int offset, XMMRegist __ movdqu(xmmdst, Address(key, offset)); __ pshufb(xmmdst, xmm_shuf_mask); __ evshufi64x2(xmmdst, xmmdst, xmmdst, 0x0, Assembler::AVX_512bit); } void StubGenerator::ev_load_key(XMMRegister xmmdst, Register key, int offset, Register r __ movdqu(xmmdst, Address(key, offset)); __ pshufb(xmmdst, ExternalAddress(key_shuffle_mask_addr()), rscratch); __ evshufi64x2(xmmdst, xmmdst, xmmdst, 0x0, Assembler::AVX_512bit); } // AES-ECB Encrypt Operation void StubGenerator::aesecb_encrypt(Register src_addr, Register dest_addr, Register key const Register pos = rax; const Register rounds = r12; Label NO_PARTS, LOOP, Loop_start, LOOP2, AES192, END_LOOP, AES256, REMAINDER, LAST2, END, K __ push(r13); __ push(r12); // For EVEX with VL and BW, provide a standard mask, VL = 128 will guide the merge // context for the registers used, where all instructions below are using 128-bit mode // On EVEX without VL and BW, these instructions will all be AVX. if (VM_Version::supports_avx512vlbw()) { __ movl(rax, 0xffff); __ kmovql(k1, rax); } __ push(len); // Save __ push(rbx); __ vzeroupper(); __ xorptr(pos, pos); // Calculate number of rounds based on key length(128, 192, 256):44 for 10-rounds, 52 for 12-ro __ movl(rounds, Address(key, arrayOopDesc::length_offset_in_bytes() - arrayOopDesc::b // Load Key shuf mask const XMMRegister xmm_key_shuf_mask = xmm31; // used temporarily to swap key bytes up front __ movdqu(xmm_key_shuf_mask, ExternalAddress(key_shuffle_mask_addr()), rbx /*rscratc // Load and shuffle key based on number of rounds ev_load_key(xmm8, key, 0 * 16, xmm_key_shuf_mask); ev_load_key(xmm9, key, 1 * 16, xmm_key_shuf_mask); ev_load_key(xmm10, key, 2 * 16, xmm_key_shuf_mask); ev_load_key(xmm23, key, 3 * 16, xmm_key_shuf_mask); ev_load_key(xmm12, key, 4 * 16, xmm_key_shuf_mask); ev_load_key(xmm13, key, 5 * 16, xmm_key_shuf_mask); ev_load_key(xmm14, key, 6 * 16, xmm_key_shuf_mask); ev_load_key(xmm15, key, 7 * 16, xmm_key_shuf_mask); ev_load_key(xmm16, key, 8 * 16, xmm_key_shuf_mask); ev_load_key(xmm17, key, 9 * 16, xmm_key_shuf_mask); ev_load_key(xmm24, key, 10 * 16, xmm_key_shuf_mask); __ cmpl(rounds, 52); __ jcc(Assembler::greaterEqual, KEY_192); __ jmp(Loop_start); __ bind(KEY_192); ev_load_key(xmm19, key, 11 * 16, xmm_key_shuf_mask); ev_load_key(xmm20, key, 12 * 16, xmm_key_shuf_mask); __ cmpl(rounds, 60); __ jcc(Assembler::equal, KEY_256); __ jmp(Loop_start); __ bind(KEY_256); ev_load_key(xmm21, key, 13 * 16, xmm_key_shuf_mask); ev_load_key(xmm22, key, 14 * 16, xmm_key_shuf_mask); __ bind(Loop_start); __ movq(rbx, len); // Divide length by 16 to convert it to number of blocks __ shrq(len, 4); __ shlq(rbx, 60); __ jcc(Assembler::equal, NO_PARTS); __ addq(len, 1); // Check if number of blocks is greater than or equal to 32 // If true, 512 bytes are processed at a time (code marked by label LOOP) // If not, 16 bytes are processed (code marked by REMAINDER label) __ bind(NO_PARTS); __ movq(rbx, len); __ shrq(len, 5); __ jcc(Assembler::equal, REMAINDER); __ movl(r13, len); // Compute number of blocks that will be processed 512 bytes at a time // Subtract this from the total number of blocks which will then be processed by REMAINDER loop __ shlq(r13, 5); __ subq(rbx, r13); //Begin processing 512 bytes __ bind(LOOP); --> -------------------- --> maximum size reached --> -------------------- ¤ Dauer der Verarbeitung: 0.21 Sekunden (vorverarbeitet) ¤*© Formatika GbR, Deutschland |
|
2026-03-28