Niels Möller <ni...@lysator.liu.se> writes: > Below is an updated version of gcm-aes-encrypt.asm, seems to work for > me, and uses fewer of the regular registers. Some comments and > questions: > > 1. What about the vsrX registers, 0 <= X < 32? They are used to copy > values from and to the v registers (aka vsrX, 32 <= X < 64), e.g., > > xxlor vs1, VSR(S0), VSR(S0) > > Can those registers be used freely, and how?
I've asked in a different forum, and as far as I understand, registers vs0-vs13 free to use ("volatile"), because half of each corresponds to a volatile floating point register (fpr0-fpr13). While registers vs14-vs31 need to be saved and restored if used (the halves corresponding to fpr14-fpr31 are non-volatile, so in principle, it would be sufficent to save and restore those halves). > 2. From my reading of the ELF v2 ABI spec, there's a "protected zone" > below the stack pointer that can be used freely for storage. Is that > right? Or maybe that's only for te ELFv2 ABI? That appears to be the same in ELFv1 ABI, see https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html#STACK One other question: In the counter updates, > C increase ctr value as input to aes_encrypt > vaddudm S1, S0, CNT1 > vaddudm S2, S1, CNT1 > vaddudm S3, S2, CNT1 > vaddudm S4, S3, CNT1 > vaddudm S5, S4, CNT1 > vaddudm S6, S5, CNT1 > vaddudm S7, S6, CNT1 shouldn't that be vadduwm (32-bit word addition, rather than 64-bit dword addition)? As I understand it, gcm uses a 32-bit counter, which should wrap around without any carry to higher bits if the initial value is just below 2^32. Regards, /Niels -- Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se