gcm_ghash_v8: Simplification

In the context of the change, t0 and IN are the same after ``` veor $IN,$t0,$t2 @ inp^=Xi veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi ``` Moreover, after all of ``` vpmull2.p64 $Xl,$H,$IN @ H.lo·Xi.lo vext.8 $IN, $IN, $IN, aws#8 veor $t1,$t1,$IN @ Karatsuba pre-processing vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) vext.8 $IN, $IN, $IN, aws#8 ``` `IN` is unchanged because it was swapped twice, and t1 only feeds into the computation of Xm and is not used further afterwards. Hence, the above is equivalent to ``` vpmull2.p64 $Xl,$H,$IN @ H.lo·Xi.lo vext.8 $t1, $IN, $IN, aws#8 veor $t1,$t1,$IN @ Karatsuba pre-processing vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) ``` removing one `vext`.
hanno-becker · Jan 16, 2024 · a1f5f8c · a1f5f8c
1 parent 7d52545
commit a1f5f8c
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/crypto/fipsmodule/modes/asm/ghashv8-armx.pl b/crypto/fipsmodule/modes/asm/ghashv8-armx.pl
@@ -484,15 +484,13 @@
 .Lodd_tail_v8:
 	vext.8		$t2,$Xl,$Xl,#8
 	veor		$IN,$t0,$t2		@ inp^=Xi
-	veor		$t1,$t0,$t2		@ $t1 is rotated inp^Xi
 
         vpmull2.p64	$Xl,$H,$IN		@ H.lo·Xi.lo
-        vext.8          $IN, $IN, $IN, #8
+        vext.8          $t1, $IN, $IN, #8
 
 	veor		$t1,$t1,$IN		@ Karatsuba pre-processing
 	vpmull.p64	$Xm,$Hhl,$t1		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
 
-        vext.8          $IN, $IN, $IN, #8
         vpmull.p64	$Xh,$H,$IN		@ H.hi·Xi.hi
         vext.8          $IN, $IN, $IN, #8