3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
10 # Multi-buffer SHA1 procedure processes n buffers in parallel by
11 # placing buffer data to designated lane of SIMD register. n is
12 # naturally limited to 4 on pre-AVX2 processors and to 8 on
13 # AVX2-capable processors such as Haswell.
15 # this +aesni(*) sha1 aesni-sha1 gain
16 # -------------------------------------------------------------------
17 # Westmere(**) 10.4/n +1.28=3.88(n=4) 5.44 6.58 +70%
18 # Atom(**) 18.9/n +3.93=8.66(n=4) 10.0 14.0 +62%
19 # Sandy Bridge (8.16 +5.15=13.3)/n 4.99 5.98 +80%
20 # Ivy Bridge (8.03 +5.14=13.2)/n 4.60 5.54 +68%
21 # Haswell(***) (8.96 +5.00=14.0)/n 3.57 4.55 +160%
22 # Bulldozer (9.75 +5.76=15.5)/n 5.95 6.37 +64%
24 # (*) multi-block CBC encrypt with 128-bit key;
25 # (**) (HASH+AES)/n does not apply to Westmere for n>3 and Atom,
26 # because of lower AES-NI instruction throughput;
27 # (***) "this" is for n=8, when we gather twice as much data, result
28 # for n=4 is 7.98+4.44=12.4;
32 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
34 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
36 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
37 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
38 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
39 die "can't locate x86_64-xlate.pl";
43 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
44 =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
45 $avx = ($1>=2.19) + ($1>=2.22);
48 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
49 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
50 $avx = ($1>=2.09) + ($1>=2.10);
53 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
54 `ml64 2>&1` =~ /Version ([0-9]+)\./) {
55 $avx = ($1>=10) + ($1>=11);
58 open OUT,"| \"$^X\" $xlate $flavour $output";
61 # void sha1_multi_block (
62 # struct { unsigned int A[8];
66 # unsigned int E[8]; } *ctx,
67 # struct { void *ptr; int blocks; } inp[8],
68 # int num); /* 1 or 2 */
70 $ctx="%rdi"; # 1st arg
71 $inp="%rsi"; # 2nd arg
73 @ptr=map("%r$_",(8..11));
76 @V=($A,$B,$C,$D,$E)=map("%xmm$_",(0..4));
77 ($t0,$t1,$t2,$t3,$tx)=map("%xmm$_",(5..9));
78 @Xi=map("%xmm$_",(10..14));
86 $off %= 16; $off *= $REG_SZ;
87 $off<256 ? "$off-128(%rax)" : "$off-256-128(%rbx)";
91 my ($i,$a,$b,$c,$d,$e)=@_;
95 $code.=<<___ if ($i==0);
97 lea `16*4`(@ptr[0]),@ptr[0]
98 movd (@ptr[1]),@Xi[2] # borrow @Xi[2]
99 lea `16*4`(@ptr[1]),@ptr[1]
100 movd (@ptr[2]),@Xi[3] # borrow @Xi[3]
101 lea `16*4`(@ptr[2]),@ptr[2]
102 movd (@ptr[3]),@Xi[4] # borrow @Xi[4]
103 lea `16*4`(@ptr[3]),@ptr[3]
104 punpckldq @Xi[3],@Xi[0]
105 movd `4*$j-16*4`(@ptr[0]),@Xi[1]
106 punpckldq @Xi[4],@Xi[2]
107 movd `4*$j-16*4`(@ptr[1]),$t3
108 punpckldq @Xi[2],@Xi[0]
109 movd `4*$j-16*4`(@ptr[2]),$t2
112 $code.=<<___ if ($i<14); # just load input
113 movd `4*$j-16*4`(@ptr[3]),$t1
116 paddd $K,$e # e+=K_00_19
126 movdqa @Xi[0],`&Xi_off($i)`
127 paddd @Xi[0],$e # e+=X[i]
128 movd `4*$k-16*4`(@ptr[0]),@Xi[2]
130 pxor $t1,$t0 # Ch(b,c,d)
133 por $t3,$t2 # rol(a,5)
134 movd `4*$k-16*4`(@ptr[1]),$t3
136 paddd $t0,$e # e+=Ch(b,c,d)
139 paddd $t2,$e # e+=rol(a,5)
140 movd `4*$j-16*4`(@ptr[2]),$t2
142 por $t1,$b # b=rol(b,30)
144 $code.=<<___ if ($i==14); # just load input
145 movd `4*$j-16*4`(@ptr[3]),$t1
148 paddd $K,$e # e+=K_00_19
158 movdqa @Xi[0],`&Xi_off($i)`
159 paddd @Xi[0],$e # e+=X[i]
161 pxor $t1,$t0 # Ch(b,c,d)
164 por $t3,$t2 # rol(a,5)
166 paddd $t0,$e # e+=Ch(b,c,d)
169 paddd $t2,$e # e+=rol(a,5)
171 por $t1,$b # b=rol(b,30)
173 $code.=<<___ if ($i>=13 && $i<15);
174 movdqa `&Xi_off($j+2)`,@Xi[3] # preload "X[2]"
176 $code.=<<___ if ($i>=15); # apply Xupdate
177 pxor @Xi[-2],@Xi[1] # "X[13]"
178 movdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]"
181 pxor `&Xi_off($j+8)`,@Xi[1]
182 paddd $K,$e # e+=K_00_19
194 movdqa @Xi[0],`&Xi_off($i)`
195 paddd @Xi[0],$e # e+=X[i]
197 pxor $t1,$t0 # Ch(b,c,d)
200 por $t3,$t2 # rol(a,5)
202 paddd $t0,$e # e+=Ch(b,c,d)
205 paddd $t2,$e # e+=rol(a,5)
206 por $tx,@Xi[1] # rol \$1,@Xi[1]
207 por $t1,$b # b=rol(b,30)
209 push(@Xi,shift(@Xi));
213 my ($i,$a,$b,$c,$d,$e)=@_;
216 $code.=<<___ if ($i<79);
217 pxor @Xi[-2],@Xi[1] # "X[13]"
218 movdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]"
222 pxor `&Xi_off($j+8)`,@Xi[1]
223 paddd $K,$e # e+=K_20_39
229 $code.=<<___ if ($i<72);
230 movdqa @Xi[0],`&Xi_off($i)`
232 $code.=<<___ if ($i<79);
233 paddd @Xi[0],$e # e+=X[i]
236 pxor $c,$t0 # Parity(b,c,d)
241 por $t3,$t2 # rol(a,5)
243 paddd $t0,$e # e+=Parity(b,c,d)
247 paddd $t2,$e # e+=rol(a,5)
248 por $tx,@Xi[1] # rol(@Xi[1],1)
249 por $t1,$b # b=rol(b,30)
251 $code.=<<___ if ($i==79);
253 paddd $K,$e # e+=K_20_39
259 paddd @Xi[0],$e # e+=X[i]
262 pxor $c,$t0 # Parity(b,c,d)
265 por $t3,$t2 # rol(a,5)
266 paddd $t0,$e # e+=Parity(b,c,d)
269 paddd $t2,$e # e+=rol(a,5)
270 por $t1,$b # b=rol(b,30)
272 push(@Xi,shift(@Xi));
276 my ($i,$a,$b,$c,$d,$e)=@_;
280 pxor @Xi[-2],@Xi[1] # "X[13]"
281 movdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]"
285 pxor `&Xi_off($j+8)`,@Xi[1]
287 paddd $K,$e # e+=K_40_59
298 movdqa @Xi[0],`&Xi_off($i)`
299 paddd @Xi[0],$e # e+=X[i]
300 por $t3,$t2 # rol(a,5)
307 paddd $t0,$e # e+=Maj(b,d,c)
310 paddd $t2,$e # e+=rol(a,5)
311 por $tx,@Xi[1] # rol(@X[1],1)
312 por $t1,$b # b=rol(b,30)
314 push(@Xi,shift(@Xi));
320 .extern OPENSSL_ia32cap_P
322 .globl sha1_multi_block
323 .type sha1_multi_block,\@function,3
327 $code.=<<___ if ($avx);
328 mov OPENSSL_ia32cap_P+4(%rip),%rcx
337 $code.=<<___ if ($win64);
340 movaps %xmm7,0x10(%rsp)
341 movaps %xmm8,0x20(%rsp)
342 movaps %xmm9,0x30(%rsp)
343 movaps %xmm10,-0x78(%rax)
344 movaps %xmm11,-0x68(%rax)
345 movaps %xmm12,-0x58(%rax)
346 movaps %xmm13,-0x48(%rax)
347 movaps %xmm14,-0x38(%rax)
348 movaps %xmm15,-0x28(%rax)
351 sub \$`$REG_SZ*18`,%rsp
353 mov %rax,`$REG_SZ*17`(%rsp) # original %rsp
354 lea K_XX_XX(%rip),$Tbl
355 lea `$REG_SZ*16`(%rsp),%rbx
358 mov $num,`$REG_SZ*17+8`(%rsp) # original $num
361 for($i=0;$i<4;$i++) {
363 mov `16*$i+0`($inp),@ptr[$i] # input pointer
364 mov `16*$i+8`($inp),%ecx # number of blocks
366 cmovg %ecx,$num # find maximum
368 mov %ecx,`4*$i`(%rbx) # initialize counters
369 cmovle $Tbl,@ptr[$i] # cancel input
376 movdqu 0x00($ctx),$A # load context
382 movdqa 0x60($Tbl),$tx # pbswap_mask
388 $code.=" movdqa -0x20($Tbl),$K\n"; # K_00_19
389 for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
390 $code.=" movdqa 0x00($Tbl),$K\n"; # K_20_39
391 for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
392 $code.=" movdqa 0x20($Tbl),$K\n"; # K_40_59
393 for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
394 $code.=" movdqa 0x40($Tbl),$K\n"; # K_60_79
395 for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
397 movdqa (%rbx),@Xi[0] # pull counters
399 cmp 4*0(%rbx),%ecx # examinte counters
401 cmovge $Tbl,@ptr[0] # cancel input
406 pcmpgtd $t2,@Xi[1] # mask value
409 paddd @Xi[1],@Xi[0] # counters--
412 movdqu 0x00($ctx),$t0
414 movdqu 0x20($ctx),$t1
417 movdqu 0x40($ctx),$t2
420 movdqu 0x60($ctx),$t3
423 movdqu 0x80($ctx),$tx
433 movdqa @Xi[0],(%rbx) # save counters
434 movdqa 0x60($Tbl),$tx # pbswap_mask
438 mov `$REG_SZ*17+8`(%rsp),$num
439 lea $REG_SZ($ctx),$ctx
440 lea `16*$REG_SZ/4`($inp),$inp
445 mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
447 $code.=<<___ if ($win64);
448 movaps -0xb8(%rax),%xmm6
449 movaps -0xa8(%rax),%xmm7
450 movaps -0x98(%rax),%xmm8
451 movaps -0x88(%rax),%xmm9
452 movaps -0x78(%rax),%xmm10
453 movaps -0x68(%rax),%xmm11
454 movaps -0x58(%rax),%xmm12
455 movaps -0x48(%rax),%xmm13
456 movaps -0x38(%rax),%xmm14
457 movaps -0x28(%rax),%xmm15
464 .size sha1_multi_block,.-sha1_multi_block
469 my ($i,$a,$b,$c,$d,$e)=@_;
472 my $vpack = $REG_SZ==16 ? "vpunpckldq" : "vinserti128";
473 my $ptr_n = $REG_SZ==16 ? @ptr[1] : @ptr[4];
475 $code.=<<___ if ($i==0 && $REG_SZ==16);
476 vmovd (@ptr[0]),@Xi[0]
477 lea `16*4`(@ptr[0]),@ptr[0]
478 vmovd (@ptr[1]),@Xi[2] # borrow Xi[2]
479 lea `16*4`(@ptr[1]),@ptr[1]
480 vpinsrd \$1,(@ptr[2]),@Xi[0],@Xi[0]
481 lea `16*4`(@ptr[2]),@ptr[2]
482 vpinsrd \$1,(@ptr[3]),@Xi[2],@Xi[2]
483 lea `16*4`(@ptr[3]),@ptr[3]
484 vmovd `4*$j-16*4`(@ptr[0]),@Xi[1]
485 vpunpckldq @Xi[2],@Xi[0],@Xi[0]
486 vmovd `4*$j-16*4`($ptr_n),$t3
487 vpshufb $tx,@Xi[0],@Xi[0]
489 $code.=<<___ if ($i<15 && $REG_SZ==16); # just load input
490 vpinsrd \$1,`4*$j-16*4`(@ptr[2]),@Xi[1],@Xi[1]
491 vpinsrd \$1,`4*$j-16*4`(@ptr[3]),$t3,$t3
493 $code.=<<___ if ($i==0 && $REG_SZ==32);
494 vmovd (@ptr[0]),@Xi[0]
495 lea `16*4`(@ptr[0]),@ptr[0]
496 vmovd (@ptr[4]),@Xi[2] # borrow Xi[2]
497 lea `16*4`(@ptr[4]),@ptr[4]
499 lea `16*4`(@ptr[1]),@ptr[1]
501 lea `16*4`(@ptr[5]),@ptr[5]
502 vpinsrd \$1,(@ptr[2]),@Xi[0],@Xi[0]
503 lea `16*4`(@ptr[2]),@ptr[2]
504 vpinsrd \$1,(@ptr[6]),@Xi[2],@Xi[2]
505 lea `16*4`(@ptr[6]),@ptr[6]
506 vpinsrd \$1,(@ptr[3]),$t2,$t2
507 lea `16*4`(@ptr[3]),@ptr[3]
508 vpunpckldq $t2,@Xi[0],@Xi[0]
509 vpinsrd \$1,(@ptr[7]),$t1,$t1
510 lea `16*4`(@ptr[7]),@ptr[7]
511 vpunpckldq $t1,@Xi[2],@Xi[2]
512 vmovd `4*$j-16*4`(@ptr[0]),@Xi[1]
513 vinserti128 @Xi[2],@Xi[0],@Xi[0]
514 vmovd `4*$j-16*4`($ptr_n),$t3
515 vpshufb $tx,@Xi[0],@Xi[0]
517 $code.=<<___ if ($i<15 && $REG_SZ==32); # just load input
518 vmovd `4*$j-16*4`(@ptr[1]),$t2
519 vmovd `4*$j-16*4`(@ptr[5]),$t1
520 vpinsrd \$1,`4*$j-16*4`(@ptr[2]),@Xi[1],@Xi[1]
521 vpinsrd \$1,`4*$j-16*4`(@ptr[6]),$t3,$t3
522 vpinsrd \$1,`4*$j-16*4`(@ptr[3]),$t2,$t2
523 vpunpckldq $t2,@Xi[1],@Xi[1]
524 vpinsrd \$1,`4*$j-16*4`(@ptr[7]),$t1,$t1
525 vpunpckldq $t1,$t3,$t3
527 $code.=<<___ if ($i<14);
528 vpaddd $K,$e,$e # e+=K_00_19
533 vmovdqa @Xi[0],`&Xi_off($i)`
534 vpaddd @Xi[0],$e,$e # e+=X[i]
535 $vpack $t3,@Xi[1],@Xi[1]
537 vpxor $t1,$t0,$t0 # Ch(b,c,d)
538 vmovd `4*$k-16*4`(@ptr[0]),@Xi[2]
541 vpor $t3,$t2,$t2 # rol(a,5)
542 vmovd `4*$k-16*4`($ptr_n),$t3
543 vpaddd $t0,$e,$e # e+=Ch(b,c,d)
546 vpaddd $t2,$e,$e # e+=rol(a,5)
547 vpshufb $tx,@Xi[1],@Xi[1]
548 vpor $t1,$b,$b # b=rol(b,30)
550 $code.=<<___ if ($i==14);
551 vpaddd $K,$e,$e # e+=K_00_19
556 vmovdqa @Xi[0],`&Xi_off($i)`
557 vpaddd @Xi[0],$e,$e # e+=X[i]
558 $vpack $t3,@Xi[1],@Xi[1]
560 vpxor $t1,$t0,$t0 # Ch(b,c,d)
563 vpor $t3,$t2,$t2 # rol(a,5)
564 vpaddd $t0,$e,$e # e+=Ch(b,c,d)
567 vpaddd $t2,$e,$e # e+=rol(a,5)
568 vpshufb $tx,@Xi[1],@Xi[1]
569 vpor $t1,$b,$b # b=rol(b,30)
571 $code.=<<___ if ($i>=13 && $i<15);
572 vmovdqa `&Xi_off($j+2)`,@Xi[3] # preload "X[2]"
574 $code.=<<___ if ($i>=15); # apply Xupdate
575 vpxor @Xi[-2],@Xi[1],@Xi[1] # "X[13]"
576 vmovdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]"
578 vpaddd $K,$e,$e # e+=K_00_19
583 vmovdqa @Xi[0],`&Xi_off($i)`
584 vpaddd @Xi[0],$e,$e # e+=X[i]
585 vpxor `&Xi_off($j+8)`,@Xi[1],@Xi[1]
587 vpxor $t1,$t0,$t0 # Ch(b,c,d)
588 vpxor @Xi[3],@Xi[1],@Xi[1]
591 vpor $t3,$t2,$t2 # rol(a,5)
592 vpaddd $t0,$e,$e # e+=Ch(b,c,d)
593 vpsrld \$31,@Xi[1],$tx
594 vpaddd @Xi[1],@Xi[1],@Xi[1]
597 vpaddd $t2,$e,$e # e+=rol(a,5)
598 vpor $tx,@Xi[1],@Xi[1] # rol \$1,@Xi[1]
599 vpor $t1,$b,$b # b=rol(b,30)
601 push(@Xi,shift(@Xi));
605 my ($i,$a,$b,$c,$d,$e)=@_;
608 $code.=<<___ if ($i<79);
609 vpxor @Xi[-2],@Xi[1],@Xi[1] # "X[13]"
610 vmovdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]"
613 vpaddd $K,$e,$e # e+=K_20_39
616 $code.=<<___ if ($i<72);
617 vmovdqa @Xi[0],`&Xi_off($i)`
619 $code.=<<___ if ($i<79);
620 vpaddd @Xi[0],$e,$e # e+=X[i]
621 vpxor `&Xi_off($j+8)`,@Xi[1],@Xi[1]
623 vpxor $c,$t0,$t0 # Parity(b,c,d)
624 vpxor @Xi[3],@Xi[1],@Xi[1]
627 vpor $t3,$t2,$t2 # rol(a,5)
628 vpaddd $t0,$e,$e # e+=Parity(b,c,d)
629 vpsrld \$31,@Xi[1],$tx
630 vpaddd @Xi[1],@Xi[1],@Xi[1]
633 vpaddd $t2,$e,$e # e+=rol(a,5)
634 vpor $tx,@Xi[1],@Xi[1] # rol(@Xi[1],1)
635 vpor $t1,$b,$b # b=rol(b,30)
637 $code.=<<___ if ($i==79);
639 vpaddd $K,$e,$e # e+=K_20_39
643 vpaddd @Xi[0],$e,$e # e+=X[i]
644 vpxor $c,$t0,$t0 # Parity(b,c,d)
647 vpor $t3,$t2,$t2 # rol(a,5)
648 vpaddd $t0,$e,$e # e+=Parity(b,c,d)
651 vpaddd $t2,$e,$e # e+=rol(a,5)
652 vpor $t1,$b,$b # b=rol(b,30)
654 push(@Xi,shift(@Xi));
658 my ($i,$a,$b,$c,$d,$e)=@_;
662 vpxor @Xi[-2],@Xi[1],@Xi[1] # "X[13]"
663 vmovdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]"
665 vpaddd $K,$e,$e # e+=K_40_59
668 vpxor `&Xi_off($j+8)`,@Xi[1],@Xi[1]
673 vpxor @Xi[3],@Xi[1],@Xi[1]
675 vmovdqu @Xi[0],`&Xi_off($i)`
676 vpaddd @Xi[0],$e,$e # e+=X[i]
677 vpor $t3,$t2,$t2 # rol(a,5)
678 vpsrld \$31,@Xi[1],$tx
680 vpaddd @Xi[1],@Xi[1],@Xi[1]
683 vpaddd $t0,$e,$e # e+=Maj(b,d,c)
686 vpaddd $t2,$e,$e # e+=rol(a,5)
687 vpor $tx,@Xi[1],@Xi[1] # rol(@X[1],1)
688 vpor $t1,$b,$b # b=rol(b,30)
690 push(@Xi,shift(@Xi));
694 .type sha1_multi_block_avx,\@function,3
696 sha1_multi_block_avx:
699 $code.=<<___ if ($avx>1);
714 $code.=<<___ if ($win64);
717 movaps %xmm7,0x10(%rsp)
718 movaps %xmm8,0x20(%rsp)
719 movaps %xmm9,0x30(%rsp)
720 movaps %xmm10,-0x78(%rax)
721 movaps %xmm11,-0x68(%rax)
722 movaps %xmm12,-0x58(%rax)
723 movaps %xmm13,-0x48(%rax)
724 movaps %xmm14,-0x38(%rax)
725 movaps %xmm15,-0x28(%rax)
728 sub \$`$REG_SZ*18`, %rsp
730 mov %rax,`$REG_SZ*17`(%rsp) # original %rsp
731 lea K_XX_XX(%rip),$Tbl
732 lea `$REG_SZ*16`(%rsp),%rbx
736 mov $num,`$REG_SZ*17+8`(%rsp) # original $num
739 for($i=0;$i<4;$i++) {
741 mov `16*$i+0`($inp),@ptr[$i] # input pointer
742 mov `16*$i+8`($inp),%ecx # number of blocks
744 cmovg %ecx,$num # find maximum
746 mov %ecx,`4*$i`(%rbx) # initialize counters
747 cmovle $Tbl,@ptr[$i] # cancel input
754 vmovdqu 0x00($ctx),$A # load context
756 vmovdqu 0x20($ctx),$B
757 vmovdqu 0x40($ctx),$C
758 vmovdqu 0x60($ctx),$D
759 vmovdqu 0x80($ctx),$E
760 vmovdqu 0x60($Tbl),$tx # pbswap_mask
766 $code.=" vmovdqa -0x20($Tbl),$K\n"; # K_00_19
767 for($i=0;$i<20;$i++) { &BODY_00_19_avx($i,@V); unshift(@V,pop(@V)); }
768 $code.=" vmovdqa 0x00($Tbl),$K\n"; # K_20_39
769 for(;$i<40;$i++) { &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
770 $code.=" vmovdqa 0x20($Tbl),$K\n"; # K_40_59
771 for(;$i<60;$i++) { &BODY_40_59_avx($i,@V); unshift(@V,pop(@V)); }
772 $code.=" vmovdqa 0x40($Tbl),$K\n"; # K_60_79
773 for(;$i<80;$i++) { &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
777 for($i=0;$i<4;$i++) {
779 cmp `4*$i`(%rbx),%ecx # examine counters
780 cmovge $Tbl,@ptr[$i] # cancel input
784 vmovdqu (%rbx),$t0 # pull counters
787 vpcmpgtd $t2,$t1,$t1 # mask value
788 vpaddd $t1,$t0,$t0 # counters--
792 vpaddd 0x00($ctx),$A,$A
794 vpaddd 0x20($ctx),$B,$B
796 vpaddd 0x40($ctx),$C,$C
798 vpaddd 0x60($ctx),$D,$D
799 vpaddd 0x80($ctx),$E,$E
800 vmovdqu $A,0x00($ctx)
801 vmovdqu $B,0x20($ctx)
802 vmovdqu $C,0x40($ctx)
803 vmovdqu $D,0x60($ctx)
804 vmovdqu $E,0x80($ctx)
806 vmovdqu $t0,(%rbx) # save counters
807 vmovdqu 0x60($Tbl),$tx # pbswap_mask
811 mov `$REG_SZ*17+8`(%rsp),$num
812 lea $REG_SZ($ctx),$ctx
813 lea `16*$REG_SZ/4`($inp),$inp
818 mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
821 $code.=<<___ if ($win64);
822 movaps -0xb8(%rax),%xmm6
823 movaps -0xa8(%rax),%xmm7
824 movaps -0x98(%rax),%xmm8
825 movaps -0x88(%rax),%xmm9
826 movaps -0x78(%rax),%xmm10
827 movaps -0x68(%rax),%xmm11
828 movaps -0x58(%rax),%xmm12
829 movaps -0x48(%rax),%xmm13
830 movaps -0x38(%rax),%xmm14
831 movaps -0x28(%rax),%xmm15
838 .size sha1_multi_block_avx,.-sha1_multi_block_avx
842 $code =~ s/\`([^\`]*)\`/eval $1/gem;
846 @ptr=map("%r$_",(12..15,8..11));
848 @V=($A,$B,$C,$D,$E)=map("%ymm$_",(0..4));
849 ($t0,$t1,$t2,$t3,$tx)=map("%ymm$_",(5..9));
850 @Xi=map("%ymm$_",(10..14));
854 .type sha1_multi_block_avx2,\@function,3
856 sha1_multi_block_avx2:
866 $code.=<<___ if ($win64);
869 movaps %xmm7,0x10(%rsp)
870 movaps %xmm8,0x20(%rsp)
871 movaps %xmm9,0x30(%rsp)
872 movaps %xmm10,0x40(%rsp)
873 movaps %xmm11,0x50(%rsp)
874 movaps %xmm12,-0x78(%rax)
875 movaps %xmm13,-0x68(%rax)
876 movaps %xmm14,-0x58(%rax)
877 movaps %xmm15,-0x48(%rax)
880 sub \$`$REG_SZ*18`, %rsp
882 mov %rax,`$REG_SZ*17`(%rsp) # original %rsp
883 lea K_XX_XX(%rip),$Tbl
888 mov $num,`$REG_SZ*17+8`(%rsp) # original $num
890 lea `$REG_SZ*16`(%rsp),%rbx
892 for($i=0;$i<8;$i++) {
894 mov `16*$i+0`($inp),@ptr[$i] # input pointer
895 mov `16*$i+8`($inp),%ecx # number of blocks
897 cmovg %ecx,$num # find maximum
899 mov %ecx,`4*$i`(%rbx) # initialize counters
900 cmovle $Tbl,@ptr[$i] # cancel input
904 vmovdqu 0x00($ctx),$A # load context
906 vmovdqu 0x20($ctx),$B
907 lea 256+128(%rsp),%rbx
908 vmovdqu 0x40($ctx),$C
909 vmovdqu 0x60($ctx),$D
910 vmovdqu 0x80($ctx),$E
911 vmovdqu 0x60($Tbl),$tx # pbswap_mask
917 $code.=" vmovdqa -0x20($Tbl),$K\n"; # K_00_19
918 for($i=0;$i<20;$i++) { &BODY_00_19_avx($i,@V); unshift(@V,pop(@V)); }
919 $code.=" vmovdqa 0x00($Tbl),$K\n"; # K_20_39
920 for(;$i<40;$i++) { &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
921 $code.=" vmovdqa 0x20($Tbl),$K\n"; # K_40_59
922 for(;$i<60;$i++) { &BODY_40_59_avx($i,@V); unshift(@V,pop(@V)); }
923 $code.=" vmovdqa 0x40($Tbl),$K\n"; # K_60_79
924 for(;$i<80;$i++) { &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
927 lea `$REG_SZ*16`(%rsp),%rbx
929 for($i=0;$i<8;$i++) {
931 cmp `4*$i`(%rbx),%ecx # examine counters
932 cmovge $Tbl,@ptr[$i] # cancel input
936 vmovdqu (%rbx),$t0 # pull counters
939 vpcmpgtd $t2,$t1,$t1 # mask value
940 vpaddd $t1,$t0,$t0 # counters--
944 vpaddd 0x00($ctx),$A,$A
946 vpaddd 0x20($ctx),$B,$B
948 vpaddd 0x40($ctx),$C,$C
950 vpaddd 0x60($ctx),$D,$D
951 vpaddd 0x80($ctx),$E,$E
952 vmovdqu $A,0x00($ctx)
953 vmovdqu $B,0x20($ctx)
954 vmovdqu $C,0x40($ctx)
955 vmovdqu $D,0x60($ctx)
956 vmovdqu $E,0x80($ctx)
958 vmovdqu $t0,(%rbx) # save counters
959 lea 256+128(%rsp),%rbx
960 vmovdqu 0x60($Tbl),$tx # pbswap_mask
964 #mov `$REG_SZ*17+8`(%rsp),$num
965 #lea $REG_SZ($ctx),$ctx
966 #lea `16*$REG_SZ/4`($inp),$inp
968 #jnz .Loop_grande_avx2
971 mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
974 $code.=<<___ if ($win64);
975 movaps -0xd8(%rax),%xmm6
976 movaps -0xc8(%rax),%xmm7
977 movaps -0xb8(%rax),%xmm8
978 movaps -0xa8(%rax),%xmm9
979 movaps -0x98(%rax),%xmm10
980 movaps -0x88(%rax),%xmm11
981 movaps -0x78(%rax),%xmm12
982 movaps -0x68(%rax),%xmm13
983 movaps -0x58(%rax),%xmm14
984 movaps -0x48(%rax),%xmm15
995 .size sha1_multi_block_avx2,.-sha1_multi_block_avx2
1001 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1002 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1004 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1005 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1006 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1007 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1008 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1009 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1010 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap
1011 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap
1014 foreach (split("\n",$code)) {
1015 s/\`([^\`]*)\`/eval($1)/ge;
1017 s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or
1018 s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go or
1019 s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+),%ymm([0-9]+)/$1$2%xmm$3,%xmm$4/go or
1020 s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or
1021 s/\b(vinserti128)\b(\s+)%ymm/$1$2\$1,%xmm/go or
1022 s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go;
projects / openssl.git / blob