3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
10 # Multi-buffer SHA256 procedure processes n buffers in parallel by
11 # placing buffer data to designated lane of SIMD register. n is
12 # naturally limited to 4 on pre-AVX2 processors and to 8 on
13 # AVX2-capable processors such as Haswell.
15 # this +aesni(i) sha256 aesni-sha256 gain(iv)
16 # -------------------------------------------------------------------
17 # Westmere(ii) 23.3/n +1.28=7.11(n=4) 12.3 +3.75=16.1 +126%
18 # Atom(ii) 39.1/n +3.93=13.7(n=4) 20.8 +5.69=26.5 +93%
19 # Sandy Bridge (20.5 +5.15=25.7)/n 11.6 13.0 +103%
20 # Ivy Bridge (20.4 +5.14=25.5)/n 10.3 11.6 +82%
21 # Haswell(iii) (21.0 +5.00=26.0)/n 7.80 8.79 +170%
22 # Bulldozer (21.6 +5.76=27.4)/n 13.6 13.7 +100%
24 # (i) multi-block CBC encrypt with 128-bit key;
25 # (ii) (HASH+AES)/n does not apply to Westmere for n>3 and Atom,
26 # because of lower AES-NI instruction throughput, nor is there
27 # AES-NI-SHA256 stitch for these processors;
28 # (iii) "this" is for n=8, when we gather twice as much data, result
29 # for n=4 is 20.3+4.44=24.7;
30 # (iv) improvement coefficients in real-life application are somewhat
31 # lower and range from 75% to 130% (on Haswell);
35 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
37 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
39 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
40 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
41 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
42 die "can't locate x86_64-xlate.pl";
46 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
47 =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
48 $avx = ($1>=2.19) + ($1>=2.22);
51 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
52 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
53 $avx = ($1>=2.09) + ($1>=2.10);
56 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
57 `ml64 2>&1` =~ /Version ([0-9]+)\./) {
58 $avx = ($1>=10) + ($1>=11);
61 open OUT,"| \"$^X\" $xlate $flavour $output";
64 # void sha256_multi_block (
65 # struct { unsigned int A[8];
72 # unsigned int H[8]; } *ctx,
73 # struct { void *ptr; int blocks; } inp[8],
74 # int num); /* 1 or 2 */
76 $ctx="%rdi"; # 1st arg
77 $inp="%rsi"; # 2nd arg
78 $num="%edx"; # 3rd arg
79 @ptr=map("%r$_",(8..11));
82 @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("%xmm$_",(8..15));
83 ($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%xmm$_",(0..7));
90 $off %= 16; $off *= $REG_SZ;
91 $off<256 ? "$off-128(%rax)" : "$off-256-128(%rbx)";
95 my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
97 $code.=<<___ if ($i<15);
98 movd `4*$i`(@ptr[0]),$Xi
99 movd `4*$i`(@ptr[1]),$t1
100 movd `4*$i`(@ptr[2]),$t2
101 movd `4*$i`(@ptr[3]),$t3
107 $code.=<<___ if ($i==15);
108 movd `4*$i`(@ptr[0]),$Xi
109 lea `16*4`(@ptr[0]),@ptr[0]
110 movd `4*$i`(@ptr[1]),$t1
111 lea `16*4`(@ptr[1]),@ptr[1]
112 movd `4*$i`(@ptr[2]),$t2
113 lea `16*4`(@ptr[2]),@ptr[2]
114 movd `4*$i`(@ptr[3]),$t3
115 lea `16*4`(@ptr[3]),@ptr[3]
127 movdqa $Xi,`&Xi_off($i)`
133 paddd `32*($i%8)-128`($Tbl),$Xi # Xi+=K[round]
139 movdqa $e,$axb # borrow $axb
146 pxor $t3,$sigma # Sigma1(e)
149 paddd $sigma,$Xi # Xi+=Sigma1(e)
150 pxor $axb,$t1 # Ch(e,f,g)
154 pxor $a,$axb # a^b, b^c in next round
158 paddd $t1,$Xi # Xi+=Ch(e,f,g)
168 pxor $bxc,$h # h=Maj(a,b,c)=Ch(a^b,c,b)
170 pxor $t3,$sigma # Sigma0(a)
173 paddd $sigma,$h # h+=Sigma0(a)
175 $code.=<<___ if (($i%8)==7);
176 lea `32*8`($Tbl),$Tbl
178 ($axb,$bxc)=($bxc,$axb);
185 movdqa `&Xi_off($i+1)`,$Xn
186 paddd `&Xi_off($i+9)`,$Xi # Xi+=X[i+9]
194 movdqa `&Xi_off($i+14)`,$t1
198 movdqa $t1,$axb # borrow $axb
206 pxor $t3,$sigma # sigma0(X[i+1])
208 paddd $sigma,$Xi # Xi+=sigma0(e)
214 pxor $t2,$t1 # sigma0(X[i+14])
215 paddd $t1,$Xi # Xi+=sigma1(X[i+14])
224 .extern OPENSSL_ia32cap_P
226 .globl sha256_multi_block
227 .type sha256_multi_block,\@function,3
231 $code.=<<___ if ($avx);
232 mov OPENSSL_ia32cap_P+4(%rip),%rcx
241 $code.=<<___ if ($win64);
244 movaps %xmm7,0x10(%rsp)
245 movaps %xmm8,0x20(%rsp)
246 movaps %xmm9,0x30(%rsp)
247 movaps %xmm10,-0x78(%rax)
248 movaps %xmm11,-0x68(%rax)
249 movaps %xmm12,-0x58(%rax)
250 movaps %xmm13,-0x48(%rax)
251 movaps %xmm14,-0x38(%rax)
252 movaps %xmm15,-0x28(%rax)
255 sub \$`$REG_SZ*18`, %rsp
257 mov %rax,`$REG_SZ*17`(%rsp) # original %rsp
258 lea K256+128(%rip),$Tbl
259 lea `$REG_SZ*16`(%rsp),%rbx
260 lea 0x80($ctx),$ctx # size optimization
263 mov $num,`$REG_SZ*17+8`(%rsp) # original $num
266 for($i=0;$i<4;$i++) {
268 mov `16*$i+0`($inp),@ptr[$i] # input pointer
269 mov `16*$i+8`($inp),%ecx # number of blocks
271 cmovg %ecx,$num # find maximum
273 mov %ecx,`4*$i`(%rbx) # initialize counters
274 cmovle $Tbl,@ptr[$i] # cancel input
281 movdqu 0x00-0x80($ctx),$A # load context
283 movdqu 0x20-0x80($ctx),$B
284 movdqu 0x40-0x80($ctx),$C
285 movdqu 0x60-0x80($ctx),$D
286 movdqu 0x80-0x80($ctx),$E
287 movdqu 0xa0-0x80($ctx),$F
288 movdqu 0xc0-0x80($ctx),$G
289 movdqu 0xe0-0x80($ctx),$H
290 movdqu .Lpbswap(%rip),$Xn
296 pxor $B,$bxc # magic seed
298 for($i=0;$i<16;$i++) { &ROUND_00_15($i,@V); unshift(@V,pop(@V)); }
300 movdqu `&Xi_off($i)`,$Xi
306 for(;$i<32;$i++) { &ROUND_16_XX($i,@V); unshift(@V,pop(@V)); }
312 lea K256+128(%rip),$Tbl
314 movdqa (%rbx),$sigma # pull counters
315 cmp 4*0(%rbx),%ecx # examine counters
317 cmovge $Tbl,@ptr[0] # cancel input
322 pcmpgtd $t1,$Xn # mask value
325 paddd $Xn,$sigma # counters--
328 movdqu 0x00-0x80($ctx),$t1
330 movdqu 0x20-0x80($ctx),$t2
332 movdqu 0x40-0x80($ctx),$t3
334 movdqu 0x60-0x80($ctx),$Xi
337 movdqu 0x80-0x80($ctx),$t1
340 movdqu 0xa0-0x80($ctx),$t2
343 movdqu 0xc0-0x80($ctx),$t3
346 movdqu 0xe0-0x80($ctx),$Xi
350 movdqu $A,0x00-0x80($ctx)
352 movdqu $B,0x20-0x80($ctx)
354 movdqu $C,0x40-0x80($ctx)
355 movdqu $D,0x60-0x80($ctx)
356 movdqu $E,0x80-0x80($ctx)
357 movdqu $F,0xa0-0x80($ctx)
358 movdqu $G,0xc0-0x80($ctx)
359 movdqu $H,0xe0-0x80($ctx)
361 movdqa $sigma,(%rbx) # save counters
362 movdqa .Lpbswap(%rip),$Xn
366 mov `$REG_SZ*17+8`(%rsp),$num
367 lea $REG_SZ($ctx),$ctx
368 lea `16*$REG_SZ/4`($inp),$inp
373 mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
375 $code.=<<___ if ($win64);
376 movaps -0xb8(%rax),%xmm6
377 movaps -0xa8(%rax),%xmm7
378 movaps -0x98(%rax),%xmm8
379 movaps -0x88(%rax),%xmm9
380 movaps -0x78(%rax),%xmm10
381 movaps -0x68(%rax),%xmm11
382 movaps -0x58(%rax),%xmm12
383 movaps -0x48(%rax),%xmm13
384 movaps -0x38(%rax),%xmm14
385 movaps -0x28(%rax),%xmm15
392 .size sha256_multi_block,.-sha256_multi_block
395 sub ROUND_00_15_avx {
396 my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
398 $code.=<<___ if ($i<15 && $REG_SZ==16);
399 vmovd `4*$i`(@ptr[0]),$Xi
400 vmovd `4*$i`(@ptr[1]),$t1
401 vpinsrd \$1,`4*$i`(@ptr[2]),$Xi,$Xi
402 vpinsrd \$1,`4*$i`(@ptr[3]),$t1,$t1
403 vpunpckldq $t1,$Xi,$Xi
406 $code.=<<___ if ($i==15 && $REG_SZ==16);
407 vmovd `4*$i`(@ptr[0]),$Xi
408 lea `16*4`(@ptr[0]),@ptr[0]
409 vmovd `4*$i`(@ptr[1]),$t1
410 lea `16*4`(@ptr[1]),@ptr[1]
411 vpinsrd \$1,`4*$i`(@ptr[2]),$Xi,$Xi
412 lea `16*4`(@ptr[2]),@ptr[2]
413 vpinsrd \$1,`4*$i`(@ptr[3]),$t1,$t1
414 lea `16*4`(@ptr[3]),@ptr[3]
415 vpunpckldq $t1,$Xi,$Xi
418 $code.=<<___ if ($i<15 && $REG_SZ==32);
419 vmovd `4*$i`(@ptr[0]),$Xi
420 vmovd `4*$i`(@ptr[4]),$t1
421 vmovd `4*$i`(@ptr[1]),$t2
422 vmovd `4*$i`(@ptr[5]),$t3
423 vpinsrd \$1,`4*$i`(@ptr[2]),$Xi,$Xi
424 vpinsrd \$1,`4*$i`(@ptr[6]),$t1,$t1
425 vpinsrd \$1,`4*$i`(@ptr[3]),$t2,$t2
426 vpunpckldq $t2,$Xi,$Xi
427 vpinsrd \$1,`4*$i`(@ptr[7]),$t3,$t3
428 vpunpckldq $t3,$t1,$t1
429 vinserti128 $t1,$Xi,$Xi
432 $code.=<<___ if ($i==15 && $REG_SZ==32);
433 vmovd `4*$i`(@ptr[0]),$Xi
434 lea `16*4`(@ptr[0]),@ptr[0]
435 vmovd `4*$i`(@ptr[4]),$t1
436 lea `16*4`(@ptr[4]),@ptr[4]
437 vmovd `4*$i`(@ptr[1]),$t2
438 lea `16*4`(@ptr[1]),@ptr[1]
439 vmovd `4*$i`(@ptr[5]),$t3
440 lea `16*4`(@ptr[5]),@ptr[5]
441 vpinsrd \$1,`4*$i`(@ptr[2]),$Xi,$Xi
442 lea `16*4`(@ptr[2]),@ptr[2]
443 vpinsrd \$1,`4*$i`(@ptr[6]),$t1,$t1
444 lea `16*4`(@ptr[6]),@ptr[6]
445 vpinsrd \$1,`4*$i`(@ptr[3]),$t2,$t2
446 lea `16*4`(@ptr[3]),@ptr[3]
447 vpunpckldq $t2,$Xi,$Xi
448 vpinsrd \$1,`4*$i`(@ptr[7]),$t3,$t3
449 lea `16*4`(@ptr[7]),@ptr[7]
450 vpunpckldq $t3,$t1,$t1
451 vinserti128 $t1,$Xi,$Xi
457 vmovdqu $Xi,`&Xi_off($i)`
458 vpaddd $h,$Xi,$Xi # Xi+=h
461 vpxor $t3,$sigma,$sigma
463 vpaddd `32*($i%8)-128`($Tbl),$Xi,$Xi # Xi+=K[round]
464 vpxor $t2,$sigma,$sigma
467 vpxor $t3,$sigma,$sigma
470 vpand $f,$e,$axb # borrow $axb
471 vpxor $t2,$sigma,$sigma
473 vpsrld \$2,$a,$h # borrow $h
474 vpxor $t3,$sigma,$sigma # Sigma1(e)
476 vpxor $axb,$t1,$t1 # Ch(e,f,g)
477 vpxor $a,$b,$axb # a^b, b^c in next round
479 vpaddd $sigma,$Xi,$Xi # Xi+=Sigma1(e)
483 vpaddd $t1,$Xi,$Xi # Xi+=Ch(e,f,g)
488 vpxor $t3,$sigma,$sigma
490 vpxor $bxc,$b,$h # h=Maj(a,b,c)=Ch(a^b,c,b)
491 vpaddd $Xi,$d,$d # d+=Xi
492 vpxor $t2,$sigma,$sigma
493 vpxor $t3,$sigma,$sigma # Sigma0(a)
495 vpaddd $Xi,$h,$h # h+=Xi
496 vpaddd $sigma,$h,$h # h+=Sigma0(a)
498 $code.=<<___ if (($i%8)==7);
501 ($axb,$bxc)=($bxc,$axb);
504 sub ROUND_16_XX_avx {
508 vmovdqu `&Xi_off($i+1)`,$Xn
509 vpaddd `&Xi_off($i+9)`,$Xi,$Xi # Xi+=X[i+9]
511 vpsrld \$3,$Xn,$sigma
514 vpxor $t2,$sigma,$sigma
516 vpxor $t3,$sigma,$sigma
518 vmovdqu `&Xi_off($i+14)`,$t1
519 vpsrld \$10,$t1,$axb # borrow $axb
521 vpxor $t2,$sigma,$sigma
523 vpxor $t3,$sigma,$sigma # sigma0(X[i+1])
525 vpaddd $sigma,$Xi,$Xi # Xi+=sigma0(e)
526 vpxor $t2,$axb,$sigma
528 vpxor $t3,$sigma,$sigma
530 vpxor $t2,$sigma,$sigma
531 vpxor $t3,$sigma,$sigma # sigma0(X[i+14])
532 vpaddd $sigma,$Xi,$Xi # Xi+=sigma1(X[i+14])
534 &ROUND_00_15_avx($i,@_);
539 .type sha256_multi_block_avx,\@function,3
541 sha256_multi_block_avx:
544 $code.=<<___ if ($avx>1);
559 $code.=<<___ if ($win64);
562 movaps %xmm7,0x10(%rsp)
563 movaps %xmm8,0x20(%rsp)
564 movaps %xmm9,0x30(%rsp)
565 movaps %xmm10,-0x78(%rax)
566 movaps %xmm11,-0x68(%rax)
567 movaps %xmm12,-0x58(%rax)
568 movaps %xmm13,-0x48(%rax)
569 movaps %xmm14,-0x38(%rax)
570 movaps %xmm15,-0x28(%rax)
573 sub \$`$REG_SZ*18`, %rsp
575 mov %rax,`$REG_SZ*17`(%rsp) # original %rsp
576 lea K256+128(%rip),$Tbl
577 lea `$REG_SZ*16`(%rsp),%rbx
578 lea 0x80($ctx),$ctx # size optimization
581 mov $num,`$REG_SZ*17+8`(%rsp) # original $num
584 for($i=0;$i<4;$i++) {
586 mov `16*$i+0`($inp),@ptr[$i] # input pointer
587 mov `16*$i+8`($inp),%ecx # number of blocks
589 cmovg %ecx,$num # find maximum
591 mov %ecx,`4*$i`(%rbx) # initialize counters
592 cmovle $Tbl,@ptr[$i] # cancel input
599 vmovdqu 0x00-0x80($ctx),$A # load context
601 vmovdqu 0x20-0x80($ctx),$B
602 vmovdqu 0x40-0x80($ctx),$C
603 vmovdqu 0x60-0x80($ctx),$D
604 vmovdqu 0x80-0x80($ctx),$E
605 vmovdqu 0xa0-0x80($ctx),$F
606 vmovdqu 0xc0-0x80($ctx),$G
607 vmovdqu 0xe0-0x80($ctx),$H
608 vmovdqu .Lpbswap(%rip),$Xn
613 vpxor $B,$C,$bxc # magic seed
615 for($i=0;$i<16;$i++) { &ROUND_00_15_avx($i,@V); unshift(@V,pop(@V)); }
617 vmovdqu `&Xi_off($i)`,$Xi
623 for(;$i<32;$i++) { &ROUND_16_XX_avx($i,@V); unshift(@V,pop(@V)); }
629 lea K256+128(%rip),$Tbl
631 for($i=0;$i<4;$i++) {
633 cmp `4*$i`(%rbx),%ecx # examine counters
634 cmovge $Tbl,@ptr[$i] # cancel input
638 vmovdqa (%rbx),$sigma # pull counters
641 vpcmpgtd $t1,$Xn,$Xn # mask value
642 vpaddd $Xn,$sigma,$sigma # counters--
644 vmovdqu 0x00-0x80($ctx),$t1
646 vmovdqu 0x20-0x80($ctx),$t2
648 vmovdqu 0x40-0x80($ctx),$t3
650 vmovdqu 0x60-0x80($ctx),$Xi
653 vmovdqu 0x80-0x80($ctx),$t1
656 vmovdqu 0xa0-0x80($ctx),$t2
659 vmovdqu 0xc0-0x80($ctx),$t3
662 vmovdqu 0xe0-0x80($ctx),$Xi
666 vmovdqu $A,0x00-0x80($ctx)
668 vmovdqu $B,0x20-0x80($ctx)
670 vmovdqu $C,0x40-0x80($ctx)
671 vmovdqu $D,0x60-0x80($ctx)
672 vmovdqu $E,0x80-0x80($ctx)
673 vmovdqu $F,0xa0-0x80($ctx)
674 vmovdqu $G,0xc0-0x80($ctx)
675 vmovdqu $H,0xe0-0x80($ctx)
677 vmovdqu $sigma,(%rbx) # save counters
678 vmovdqu .Lpbswap(%rip),$Xn
682 mov `$REG_SZ*17+8`(%rsp),$num
683 lea $REG_SZ($ctx),$ctx
684 lea `16*$REG_SZ/4`($inp),$inp
689 mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
692 $code.=<<___ if ($win64);
693 movaps -0xb8(%rax),%xmm6
694 movaps -0xa8(%rax),%xmm7
695 movaps -0x98(%rax),%xmm8
696 movaps -0x88(%rax),%xmm9
697 movaps -0x78(%rax),%xmm10
698 movaps -0x68(%rax),%xmm11
699 movaps -0x58(%rax),%xmm12
700 movaps -0x48(%rax),%xmm13
701 movaps -0x38(%rax),%xmm14
702 movaps -0x28(%rax),%xmm15
709 .size sha256_multi_block_avx,.-sha256_multi_block_avx
712 $code =~ s/\`([^\`]*)\`/eval $1/gem;
715 @ptr=map("%r$_",(12..15,8..11));
717 @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("%ymm$_",(8..15));
718 ($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%ymm$_",(0..7));
721 .type sha256_multi_block_avx2,\@function,3
723 sha256_multi_block_avx2:
733 $code.=<<___ if ($win64);
736 movaps %xmm7,0x10(%rsp)
737 movaps %xmm8,0x20(%rsp)
738 movaps %xmm9,0x30(%rsp)
739 movaps %xmm10,0x40(%rsp)
740 movaps %xmm11,0x50(%rsp)
741 movaps %xmm12,-0x78(%rax)
742 movaps %xmm13,-0x68(%rax)
743 movaps %xmm14,-0x58(%rax)
744 movaps %xmm15,-0x48(%rax)
747 sub \$`$REG_SZ*18`, %rsp
749 mov %rax,`$REG_SZ*17`(%rsp) # original %rsp
750 lea K256+128(%rip),$Tbl
751 lea 0x80($ctx),$ctx # size optimization
754 mov $num,`$REG_SZ*17+8`(%rsp) # original $num
756 lea `$REG_SZ*16`(%rsp),%rbx
758 for($i=0;$i<8;$i++) {
760 mov `16*$i+0`($inp),@ptr[$i] # input pointer
761 mov `16*$i+8`($inp),%ecx # number of blocks
763 cmovg %ecx,$num # find maximum
765 mov %ecx,`4*$i`(%rbx) # initialize counters
766 cmovle $Tbl,@ptr[$i] # cancel input
770 vmovdqu 0x00-0x80($ctx),$A # load context
772 vmovdqu 0x20-0x80($ctx),$B
773 lea 256+128(%rsp),%rbx
774 vmovdqu 0x40-0x80($ctx),$C
775 vmovdqu 0x60-0x80($ctx),$D
776 vmovdqu 0x80-0x80($ctx),$E
777 vmovdqu 0xa0-0x80($ctx),$F
778 vmovdqu 0xc0-0x80($ctx),$G
779 vmovdqu 0xe0-0x80($ctx),$H
780 vmovdqu .Lpbswap(%rip),$Xn
785 vpxor $B,$C,$bxc # magic seed
787 for($i=0;$i<16;$i++) { &ROUND_00_15_avx($i,@V); unshift(@V,pop(@V)); }
789 vmovdqu `&Xi_off($i)`,$Xi
795 for(;$i<32;$i++) { &ROUND_16_XX_avx($i,@V); unshift(@V,pop(@V)); }
801 lea `$REG_SZ*16`(%rsp),%rbx
802 lea K256+128(%rip),$Tbl
804 for($i=0;$i<8;$i++) {
806 cmp `4*$i`(%rbx),%ecx # examine counters
807 cmovge $Tbl,@ptr[$i] # cancel input
811 vmovdqa (%rbx),$sigma # pull counters
814 vpcmpgtd $t1,$Xn,$Xn # mask value
815 vpaddd $Xn,$sigma,$sigma # counters--
817 vmovdqu 0x00-0x80($ctx),$t1
819 vmovdqu 0x20-0x80($ctx),$t2
821 vmovdqu 0x40-0x80($ctx),$t3
823 vmovdqu 0x60-0x80($ctx),$Xi
826 vmovdqu 0x80-0x80($ctx),$t1
829 vmovdqu 0xa0-0x80($ctx),$t2
832 vmovdqu 0xc0-0x80($ctx),$t3
835 vmovdqu 0xe0-0x80($ctx),$Xi
839 vmovdqu $A,0x00-0x80($ctx)
841 vmovdqu $B,0x20-0x80($ctx)
843 vmovdqu $C,0x40-0x80($ctx)
844 vmovdqu $D,0x60-0x80($ctx)
845 vmovdqu $E,0x80-0x80($ctx)
846 vmovdqu $F,0xa0-0x80($ctx)
847 vmovdqu $G,0xc0-0x80($ctx)
848 vmovdqu $H,0xe0-0x80($ctx)
850 vmovdqu $sigma,(%rbx) # save counters
851 lea 256+128(%rsp),%rbx
852 vmovdqu .Lpbswap(%rip),$Xn
856 #mov `$REG_SZ*17+8`(%rsp),$num
857 #lea $REG_SZ($ctx),$ctx
858 #lea `16*$REG_SZ/4`($inp),$inp
860 #jnz .Loop_grande_avx2
863 mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
866 $code.=<<___ if ($win64);
867 movaps -0xd8(%rax),%xmm6
868 movaps -0xc8(%rax),%xmm7
869 movaps -0xb8(%rax),%xmm8
870 movaps -0xa8(%rax),%xmm9
871 movaps -0x98(%rax),%xmm10
872 movaps -0x88(%rax),%xmm11
873 movaps -0x78(%rax),%xmm12
874 movaps -0x68(%rax),%xmm13
875 movaps -0x58(%rax),%xmm14
876 movaps -0x48(%rax),%xmm15
887 .size sha256_multi_block_avx2,.-sha256_multi_block_avx2
902 &TABLE( 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,
903 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
904 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,
905 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
906 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,
907 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
908 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,
909 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
910 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,
911 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
912 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,
913 0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
914 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,
915 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
916 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,
917 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 );
920 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap
921 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap
924 foreach (split("\n",$code)) {
925 s/\`([^\`]*)\`/eval($1)/ge;
927 s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or
928 s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go or
929 s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+),%ymm([0-9]+)/$1$2%xmm$3,%xmm$4/go or
930 s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or
931 s/\b(vinserti128)\b(\s+)%ymm/$1$2\$1,%xmm/go or
932 s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go;
projects / openssl.git / blob