2 # Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
12 # project. The module is, however, dual licensed under OpenSSL and
13 # CRYPTOGAMS licenses depending on where you obtain it. For further
14 # details see http://www.openssl.org/~appro/cryptogams/.
15 # ====================================================================
17 # SHA256/512 for PowerISA v2.07.
19 # Accurate performance measurements are problematic, because it's
20 # always virtualized setup with possibly throttled processor.
21 # Relative comparison is therefore more informative. This module is
22 # ~60% faster than integer-only sha512-ppc.pl. To anchor to something
23 # else, SHA256 is 24% slower than sha1-ppc.pl and 2.5x slower than
24 # hardware-assisted aes-128-cbc encrypt. SHA512 is 20% faster than
25 # sha1-ppc.pl and 1.6x slower than aes-128-cbc. Another interesting
26 # result is degree of computational resources' utilization. POWER8 is
27 # "massively multi-threaded chip" and difference between single- and
28 # maximum multi-process benchmark results tells that utlization is
29 # whooping 94%. For sha512-ppc.pl we get [not unimpressive] 84% and
30 # for sha1-ppc.pl - 73%. 100% means that multi-process result equals
31 # to single-process one, given that all threads end up on the same
37 if ($flavour =~ /64/) {
43 } elsif ($flavour =~ /32/) {
49 } else { die "nonsense $flavour"; }
51 $LENDIAN=($flavour=~/le/);
53 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
54 ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
55 ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
56 die "can't locate ppc-xlate.pl";
58 open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
60 if ($output =~ /512/) {
72 $func="sha${bits}_block_p8";
85 ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,10,26..31));
86 $x00=0 if ($flavour =~ /osx/);
88 @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7));
89 @X=map("v$_",(8..23));
90 ($Ki,$Func,$S0,$S1,$s0,$s1,$lemask)=map("v$_",(24..31));
93 my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
96 $code.=<<___ if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1));
97 lvx_u @X[$i+1],0,$inp ; load X[i] in advance
100 $code.=<<___ if ($i<16 && ($i%(16/$SZ)));
101 vsldoi @X[$i],@X[$i-1],@X[$i-1],$SZ
103 $code.=<<___ if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0);
104 vperm @X[$i],@X[$i],@X[$i],$lemask
107 `"vshasigma${sz} $s0,@X[($j+1)%16],0,0" if ($i>=15)`
108 vsel $Func,$g,$f,$e ; Ch(e,f,g)
109 vshasigma${sz} $S1,$e,1,15 ; Sigma1(e)
110 vaddu${sz}m $h,$h,@X[$i%16] ; h+=X[i]
111 vshasigma${sz} $S0,$a,1,0 ; Sigma0(a)
112 `"vshasigma${sz} $s1,@X[($j+14)%16],0,15" if ($i>=15)`
113 vaddu${sz}m $h,$h,$Func ; h+=Ch(e,f,g)
115 `"vaddu${sz}m @X[$j],@X[$j],@X[($j+9)%16]" if ($i>=15)`
116 vaddu${sz}m $h,$h,$S1 ; h+=Sigma1(e)
117 vsel $Func,$b,$c,$Func ; Maj(a,b,c)
118 vaddu${sz}m $g,$g,$Ki ; future h+=K[i]
119 vaddu${sz}m $d,$d,$h ; d+=h
120 vaddu${sz}m $S0,$S0,$Func ; Sigma0(a)+Maj(a,b,c)
121 `"vaddu${sz}m @X[$j],@X[$j],$s0" if ($i>=15)`
122 lvx $Ki,$idx,$Tbl ; load next K[i]
124 vaddu${sz}m $h,$h,$S0 ; h+=Sigma0(a)+Maj(a,b,c)
125 `"vaddu${sz}m @X[$j],@X[$j],$s1" if ($i>=15)`
136 $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
138 li r10,`$FRAME+8*16+15`
139 li r11,`$FRAME+8*16+31`
140 stvx v20,r10,$sp # ABI says so
164 stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave
166 $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp)
168 $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp)
170 $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp)
172 $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp)
174 $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp)
176 $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp)
178 $PUSH $lrsave,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp)
182 addi $offload,$sp,$FRAME+15
184 $code.=<<___ if ($LENDIAN);
188 vxor $lemask,$lemask,$Ki
190 $code.=<<___ if ($SZ==4);
193 vsldoi $B,$A,$A,4 # unpack
200 $code.=<<___ if ($SZ==8);
204 vsldoi $B,$A,$A,8 # unpack
211 li r0,`($rounds-16)/16` # inner loop counter
219 stvx $A,$x00,$offload # offload $A-$H
220 stvx $B,$x10,$offload
221 stvx $C,$x20,$offload
222 stvx $D,$x30,$offload
223 stvx $E,$x40,$offload
224 stvx $F,$x50,$offload
225 stvx $G,$x60,$offload
226 stvx $H,$x70,$offload
227 vaddu${sz}m $H,$H,$Ki # h+K[i]
231 for ($i=0;$i<16;$i++) { &ROUND($i,@V); unshift(@V,pop(@V)); }
238 for (;$i<32;$i++) { &ROUND($i,@V); unshift(@V,pop(@V)); }
242 lvx @X[2],$x00,$offload
244 lvx @X[3],$x10,$offload
245 vaddu${sz}m $A,$A,@X[2]
246 lvx @X[4],$x20,$offload
247 vaddu${sz}m $B,$B,@X[3]
248 lvx @X[5],$x30,$offload
249 vaddu${sz}m $C,$C,@X[4]
250 lvx @X[6],$x40,$offload
251 vaddu${sz}m $D,$D,@X[5]
252 lvx @X[7],$x50,$offload
253 vaddu${sz}m $E,$E,@X[6]
254 lvx @X[8],$x60,$offload
255 vaddu${sz}m $F,$F,@X[7]
256 lvx @X[9],$x70,$offload
257 vaddu${sz}m $G,$G,@X[8]
258 vaddu${sz}m $H,$H,@X[9]
261 $code.=<<___ if ($SZ==4);
264 vperm $A,$A,$B,$Ki # pack the answer
274 $code.=<<___ if ($SZ==8);
275 vperm $A,$A,$B,$Ki # pack the answer
285 li r10,`$FRAME+8*16+15`
287 li r11,`$FRAME+8*16+31`
289 lvx v20,r10,$sp # ABI says so
311 $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp)
312 $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp)
313 $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp)
314 $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp)
315 $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp)
316 $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp)
317 addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T`
320 .byte 0,12,4,1,0x80,6,3,0
325 # Ugly hack here, because PPC assembler syntax seem to vary too
326 # much from platforms to platform...
332 mflr $Tbl ; vvvvvv "distance" between . and 1st data entry
333 addi $Tbl,$Tbl,`64-8`
337 .byte 0,12,0x14,0,0,0,0,0
343 foreach(@_) { $code.=".quad $_,$_\n"; }
346 "0x428a2f98d728ae22","0x7137449123ef65cd",
347 "0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc",
348 "0x3956c25bf348b538","0x59f111f1b605d019",
349 "0x923f82a4af194f9b","0xab1c5ed5da6d8118",
350 "0xd807aa98a3030242","0x12835b0145706fbe",
351 "0x243185be4ee4b28c","0x550c7dc3d5ffb4e2",
352 "0x72be5d74f27b896f","0x80deb1fe3b1696b1",
353 "0x9bdc06a725c71235","0xc19bf174cf692694",
354 "0xe49b69c19ef14ad2","0xefbe4786384f25e3",
355 "0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65",
356 "0x2de92c6f592b0275","0x4a7484aa6ea6e483",
357 "0x5cb0a9dcbd41fbd4","0x76f988da831153b5",
358 "0x983e5152ee66dfab","0xa831c66d2db43210",
359 "0xb00327c898fb213f","0xbf597fc7beef0ee4",
360 "0xc6e00bf33da88fc2","0xd5a79147930aa725",
361 "0x06ca6351e003826f","0x142929670a0e6e70",
362 "0x27b70a8546d22ffc","0x2e1b21385c26c926",
363 "0x4d2c6dfc5ac42aed","0x53380d139d95b3df",
364 "0x650a73548baf63de","0x766a0abb3c77b2a8",
365 "0x81c2c92e47edaee6","0x92722c851482353b",
366 "0xa2bfe8a14cf10364","0xa81a664bbc423001",
367 "0xc24b8b70d0f89791","0xc76c51a30654be30",
368 "0xd192e819d6ef5218","0xd69906245565a910",
369 "0xf40e35855771202a","0x106aa07032bbd1b8",
370 "0x19a4c116b8d2d0c8","0x1e376c085141ab53",
371 "0x2748774cdf8eeb99","0x34b0bcb5e19b48a8",
372 "0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb",
373 "0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3",
374 "0x748f82ee5defb2fc","0x78a5636f43172f60",
375 "0x84c87814a1f0ab72","0x8cc702081a6439ec",
376 "0x90befffa23631e28","0xa4506cebde82bde9",
377 "0xbef9a3f7b2c67915","0xc67178f2e372532b",
378 "0xca273eceea26619c","0xd186b8c721c0c207",
379 "0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178",
380 "0x06f067aa72176fba","0x0a637dc5a2c898a6",
381 "0x113f9804bef90dae","0x1b710b35131c471b",
382 "0x28db77f523047d84","0x32caab7b40c72493",
383 "0x3c9ebe0a15c9bebc","0x431d67c49c100d4c",
384 "0x4cc5d4becb3e42b6","0x597f299cfc657e2a",
385 "0x5fcb6fab3ad6faec","0x6c44198c4a475817","0");
386 $code.=<<___ if (!$LENDIAN);
387 .quad 0x0001020304050607,0x1011121314151617
389 $code.=<<___ if ($LENDIAN); # quad-swapped
390 .quad 0x1011121314151617,0x0001020304050607
394 foreach(@_) { $code.=".long $_,$_,$_,$_\n"; }
397 "0x428a2f98","0x71374491","0xb5c0fbcf","0xe9b5dba5",
398 "0x3956c25b","0x59f111f1","0x923f82a4","0xab1c5ed5",
399 "0xd807aa98","0x12835b01","0x243185be","0x550c7dc3",
400 "0x72be5d74","0x80deb1fe","0x9bdc06a7","0xc19bf174",
401 "0xe49b69c1","0xefbe4786","0x0fc19dc6","0x240ca1cc",
402 "0x2de92c6f","0x4a7484aa","0x5cb0a9dc","0x76f988da",
403 "0x983e5152","0xa831c66d","0xb00327c8","0xbf597fc7",
404 "0xc6e00bf3","0xd5a79147","0x06ca6351","0x14292967",
405 "0x27b70a85","0x2e1b2138","0x4d2c6dfc","0x53380d13",
406 "0x650a7354","0x766a0abb","0x81c2c92e","0x92722c85",
407 "0xa2bfe8a1","0xa81a664b","0xc24b8b70","0xc76c51a3",
408 "0xd192e819","0xd6990624","0xf40e3585","0x106aa070",
409 "0x19a4c116","0x1e376c08","0x2748774c","0x34b0bcb5",
410 "0x391c0cb3","0x4ed8aa4a","0x5b9cca4f","0x682e6ff3",
411 "0x748f82ee","0x78a5636f","0x84c87814","0x8cc70208",
412 "0x90befffa","0xa4506ceb","0xbef9a3f7","0xc67178f2","0");
413 $code.=<<___ if (!$LENDIAN);
414 .long 0x00010203,0x10111213,0x10111213,0x10111213
415 .long 0x00010203,0x04050607,0x10111213,0x10111213
416 .long 0x00010203,0x04050607,0x08090a0b,0x10111213
418 $code.=<<___ if ($LENDIAN); # word-swapped
419 .long 0x10111213,0x10111213,0x10111213,0x00010203
420 .long 0x10111213,0x10111213,0x04050607,0x00010203
421 .long 0x10111213,0x08090a0b,0x04050607,0x00010203
425 .asciz "SHA${bits} for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
429 $code =~ s/\`([^\`]*)\`/eval $1/gem;