2 # Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
12 # project. The module is, however, dual licensed under OpenSSL and
13 # CRYPTOGAMS licenses depending on where you obtain it. For further
14 # details see http://www.openssl.org/~appro/cryptogams/.
15 # ====================================================================
19 # Performance in cycles per processed byte and improvement coefficient
20 # over code generated with "default" compiler:
22 # hardware-assisted software(*)
23 # Apple A7 2.31 4.13 (+14%)
24 # Cortex-A53 2.24 8.03 (+97%)
25 # Cortex-A57 2.35 7.88 (+74%)
26 # Denver 2.13 3.97 (+0%)(**)
29 # (*) Software results are presented mostly for reference purposes.
30 # (**) Keep in mind that Denver relies on binary translation, which
31 # optimizes compiler output at run-time.
36 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
37 ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
38 ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
39 die "can't locate arm-xlate.pl";
41 open OUT,"| \"$^X\" $xlate $flavour $output";
44 ($ctx,$inp,$num)=("x0","x1","x2");
45 @Xw=map("w$_",(3..17,19));
46 @Xx=map("x$_",(3..17,19));
47 @V=($A,$B,$C,$D,$E)=map("w$_",(20..24));
48 ($t0,$t1,$t2,$K)=map("w$_",(25..28));
52 my ($i,$a,$b,$c,$d,$e)=@_;
55 $code.=<<___ if ($i<15 && !($i&1));
56 lsr @Xx[$i+1],@Xx[$i],#32
58 $code.=<<___ if ($i<14 && !($i&1));
59 ldr @Xx[$i+2],[$inp,#`($i+2)*4-64`]
61 $code.=<<___ if ($i<14 && ($i&1));
63 ror @Xx[$i+1],@Xx[$i+1],#32
65 rev32 @Xx[$i+1],@Xx[$i+1]
68 $code.=<<___ if ($i<14);
72 add $d,$d,$K // future e+=K
74 add $e,$e,$t2 // e+=rot(a,5)
76 add $d,$d,@Xw[($i+1)&15] // future e+=X[i]
77 add $e,$e,$t0 // e+=F(b,c,d)
79 $code.=<<___ if ($i==19);
81 movk $K,#0x6ed9,lsl#16
83 $code.=<<___ if ($i>=14);
84 eor @Xw[$j],@Xw[$j],@Xw[($j+2)&15]
88 eor @Xw[$j],@Xw[$j],@Xw[($j+8)&15]
89 add $d,$d,$K // future e+=K
91 add $e,$e,$t2 // e+=rot(a,5)
92 eor @Xw[$j],@Xw[$j],@Xw[($j+13)&15]
94 add $d,$d,@Xw[($i+1)&15] // future e+=X[i]
95 add $e,$e,$t0 // e+=F(b,c,d)
96 ror @Xw[$j],@Xw[$j],#31
101 my ($i,$a,$b,$c,$d,$e)=@_;
104 $code.=<<___ if ($i==59);
106 movk $K,#0xca62,lsl#16
111 eor @Xw[$j],@Xw[$j],@Xw[($j+2)&15]
114 add $d,$d,$K // future e+=K
115 eor @Xw[$j],@Xw[$j],@Xw[($j+8)&15]
116 add $e,$e,$t2 // e+=rot(a,5)
119 eor @Xw[$j],@Xw[$j],@Xw[($j+13)&15]
120 add $d,$d,@Xw[($i+1)&15] // future e+=X[i]
121 add $e,$e,$t0 // e+=F(b,c,d)
122 ror @Xw[$j],@Xw[$j],#31
127 my ($i,$a,$b,$c,$d,$e)=@_;
130 $code.=<<___ if ($i==39);
132 movk $K,#0x8f1b,lsl#16
134 $code.=<<___ if ($i<78);
135 eor @Xw[$j],@Xw[$j],@Xw[($j+2)&15]
138 add $d,$d,$K // future e+=K
139 eor @Xw[$j],@Xw[$j],@Xw[($j+8)&15]
141 add $e,$e,$t2 // e+=rot(a,5)
143 eor @Xw[$j],@Xw[$j],@Xw[($j+13)&15]
144 add $d,$d,@Xw[($i+1)&15] // future e+=X[i]
145 add $e,$e,$t0 // e+=F(b,c,d)
146 ror @Xw[$j],@Xw[$j],#31
148 $code.=<<___ if ($i==78);
149 ldp @Xw[1],@Xw[2],[$ctx]
152 add $d,$d,$K // future e+=K
154 add $e,$e,$t2 // e+=rot(a,5)
156 add $d,$d,@Xw[($i+1)&15] // future e+=X[i]
157 add $e,$e,$t0 // e+=F(b,c,d)
159 $code.=<<___ if ($i==79);
160 ldp @Xw[3],@Xw[4],[$ctx,#8]
164 add $e,$e,$t2 // e+=rot(a,5)
166 ldr @Xw[5],[$ctx,#16]
167 add $e,$e,$t0 // e+=F(b,c,d)
172 #include "arm_arch.h"
176 .extern OPENSSL_armcap_P
177 .globl sha1_block_data_order
178 .type sha1_block_data_order,%function
180 sha1_block_data_order:
182 ldrsw x16,.LOPENSSL_armcap_P
184 ldr x16,.LOPENSSL_armcap_P
186 adr x17,.LOPENSSL_armcap_P
192 stp x29,x30,[sp,#-96]!
205 ldr @Xx[0],[$inp],#64
208 movk $K,#0x5a82,lsl#16
210 ror $Xx[0],@Xx[0],#32
214 add $E,$E,$K // warm it up
217 for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
218 for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
219 for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
220 for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
239 .size sha1_block_data_order,.-sha1_block_data_order
242 my ($ABCD,$E,$E0,$E1)=map("v$_.16b",(0..3));
243 my @MSG=map("v$_.16b",(4..7));
244 my @Kxx=map("v$_.4s",(16..19));
245 my ($W0,$W1)=("v20.4s","v21.4s");
246 my $ABCD_SAVE="v22.16b";
249 .type sha1_block_armv8,%function
253 stp x29,x30,[sp,#-16]!
258 ld1.32 {$ABCD},[$ctx],#16
259 ld1.32 {$E}[0],[$ctx]
261 ld1.32 {@Kxx[0]-@Kxx[3]},[x4]
264 ld1 {@MSG[0]-@MSG[3]},[$inp],#64
266 rev32 @MSG[0],@MSG[0]
267 rev32 @MSG[1],@MSG[1]
269 add.i32 $W0,@Kxx[0],@MSG[0]
270 rev32 @MSG[2],@MSG[2]
271 orr $ABCD_SAVE,$ABCD,$ABCD // offload
273 add.i32 $W1,@Kxx[0],@MSG[1]
274 rev32 @MSG[3],@MSG[3]
276 sha1c $ABCD,$E,$W0 // 0
277 add.i32 $W0,@Kxx[$j],@MSG[2]
278 sha1su0 @MSG[0],@MSG[1],@MSG[2]
280 for ($j=0,$i=1;$i<20-3;$i++) {
281 my $f=("c","p","m","p")[$i/5];
283 sha1h $E0,$ABCD // $i
285 add.i32 $W1,@Kxx[$j],@MSG[3]
286 sha1su1 @MSG[0],@MSG[3]
288 $code.=<<___ if ($i<20-4);
289 sha1su0 @MSG[1],@MSG[2],@MSG[3]
291 ($E0,$E1)=($E1,$E0); ($W0,$W1)=($W1,$W0);
292 push(@MSG,shift(@MSG)); $j++ if ((($i+3)%5)==0);
295 sha1h $E0,$ABCD // $i
297 add.i32 $W1,@Kxx[$j],@MSG[3]
299 sha1h $E1,$ABCD // 18
302 sha1h $E0,$ABCD // 19
306 add.i32 $ABCD,$ABCD,$ABCD_SAVE
310 st1.32 {$ABCD},[$ctx],#16
311 st1.32 {$E}[0],[$ctx]
315 .size sha1_block_armv8,.-sha1_block_armv8
318 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 //K_00_19
319 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 //K_20_39
320 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc //K_40_59
321 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 //K_60_79
324 .long OPENSSL_armcap_P-.
326 .quad OPENSSL_armcap_P-.
328 .asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
330 .comm OPENSSL_armcap_P,4,4
335 "sha1c" => 0x5e000000, "sha1p" => 0x5e001000,
336 "sha1m" => 0x5e002000, "sha1su0" => 0x5e003000,
337 "sha1h" => 0x5e280800, "sha1su1" => 0x5e281800 );
340 my ($mnemonic,$arg)=@_;
342 $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
344 sprintf ".inst\t0x%08x\t//%s %s",
345 $opcode{$mnemonic}|$1|($2<<5)|($3<<16),
350 foreach(split("\n",$code)) {
352 s/\`([^\`]*)\`/eval($1)/geo;
354 s/\b(sha1\w+)\s+([qv].*)/unsha1($1,$2)/geo;
356 s/\.\w?32\b//o and s/\.16b/\.4s/go;
357 m/(ld|st)1[^\[]+\[0\]/o and s/\.4s/\.s/go;