crypto/aes: Avo port of gcm_amd64.s

This implementation utilizes the same registers found in the reference
implementation, aiming to produce a minimal semantic diff between the
Avo-generated output and the original hand-written assembly.

To verify the Avo implementation, the reference and Avo-generated
assembly files are fed to `go tool asm`, capturing the debug output into
corresponding temp files. The debug output contains supplementary
metadata (line numbers, instruction offsets, and source file references)
that must be removed in order to obtain a semantic diff of the two
files. This is accomplished via a small utility script written in awk.

The reference assembly file does not specify a frame size for some of
the defined assembly functions. Avo automatically infers the frame size
when generating TEXT directives, leading to a diff on those lines. Some
metadata not included in the reference assembly has also been added,
which leads to a diff in the lines where that parameter symbol is
referenced.

Commands used to verify Avo output:

GOROOT=$(go env GOROOT)
ASM_PATH="src/crypto/aes/gcm_amd64.s"
REFERENCE="54fe0fd43fcf8609666c16ae6d15ed92873b1564"

go tool asm -o /dev/null -I "$GOROOT"/src/runtime -debug \
  <(git cat-file -p "$REFERENCE:$ASM_PATH") \
  > /tmp/reference.s

go tool asm -o /dev/null -I "$GOROOT"/src/runtime -debug \
  "$ASM_PATH" \
  > /tmp/avo.s

normalize(){
  awk '{
    $1=$2=$3="";
    print substr($0,4)
  }'
}

diff <(normalize < /tmp/reference.s) <(normalize < /tmp/avo.s)

1c1
< TEXT <unlinkable>.gcmAesFinish(SB), NOSPLIT, $0
---
> TEXT <unlinkable>.gcmAesFinish(SB), NOSPLIT, $0-40
44c44
< TEXT <unlinkable>.gcmAesInit(SB), NOSPLIT, $0
---
> TEXT <unlinkable>.gcmAesInit(SB), NOSPLIT, $0-32
131c131
< TEXT <unlinkable>.gcmAesData(SB), NOSPLIT, $0
---
> TEXT <unlinkable>.gcmAesData(SB), NOSPLIT, $0-40
325c325
< MOVQ dst+8(FP), DX
---
> MOVQ dst_base+8(FP), DX
1207c1207
< MOVQ dst+8(FP), SI
---
> MOVQ dst_base+8(FP), SI

Change-Id: Iad8f8c6ea5d50ac093c8535adc9d23fbf2612fc2
Reviewed-on: https://go-review.googlesource.com/c/go/+/601462
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

src/cmd/compile/internal/types2/stdlib_test.go

@@ -355,6 +355,7 @@ var excluded = map[string]bool{
 	"builtin": true,
 
 	// go.dev/issue/46027: some imports are missing for this submodule.
+	"crypto/aes/_asm/gcm":                     true,
 	"crypto/internal/bigmod/_asm":             true,
 	"crypto/internal/edwards25519/field/_asm": true,
 	"crypto/md5/_asm":                         true,

src/crypto/aes/_asm/gcm/go.mod

@@ -0,0 +1,11 @@
+module std/crypto/aes/_asm/gcm
+
+go 1.24
+
+require github.com/mmcloughlin/avo v0.6.0
+
+require (
+	golang.org/x/mod v0.20.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/tools v0.24.0 // indirect
+)

src/crypto/aes/_asm/gcm/go.sum

@@ -0,0 +1,8 @@
+github.com/mmcloughlin/avo v0.6.0 h1:QH6FU8SKoTLaVs80GA8TJuLNkUYl4VokHKlPhVDg4YY=
+github.com/mmcloughlin/avo v0.6.0/go.mod h1:8CoAGaCSYXtCPR+8y18Y9aB/kxb8JSS6FRI7mSkvD+8=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
+golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=

src/go/types/stdlib_test.go

@@ -357,6 +357,7 @@ var excluded = map[string]bool{
 	"builtin": true,
 
 	// See go.dev/issue/46027: some imports are missing for this submodule.
+	"crypto/aes/_asm/gcm":                     true,
 	"crypto/internal/bigmod/_asm":             true,
 	"crypto/internal/edwards25519/field/_asm": true,
 	"crypto/md5/_asm":                         true,