3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
10 # Poly1305 hash for MIPS64.
14 # Numbers are cycles per processed byte with poly1305_blocks alone.
17 # R1x000 5.64/+120% (big-endian)
18 # Octeon II 3.80/+280% (little-endian)
20 ######################################################################
21 # There is a number of MIPS ABI in use, O32 and N32/64 are most
22 # widely used. Then there is a new contender: NUBI. It appears that if
23 # one picks the latter, it's possible to arrange code in ABI neutral
24 # manner. Therefore let's stick to NUBI register layout:
26 ($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
27 ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
28 ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
29 ($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
31 # The return value is placed in $a0. Following coding rules facilitate
34 # - never ever touch $tp, "thread pointer", former $gp [o32 can be
35 # excluded from the rule, because it's specified volatile];
36 # - copy return value to $t0, former $v0 [or to $a0 if you're adapting
38 # - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
40 # For reference here is register layout for N32/64 MIPS ABIs:
42 # ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
43 # ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
44 # ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
45 # ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
46 # ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
50 ######################################################################
52 $flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
54 die "MIPS64 only" unless ($flavour =~ /64|n32/i);
56 $v0 = ($flavour =~ /nubi/i) ? $a0 : $t0;
57 $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0x0003f000" : "0x00030000";
59 ($ctx,$inp,$len,$padbit) = ($a0,$a1,$a2,$a3);
60 ($in0,$in1,$tmp0,$tmp1,$tmp2,$tmp3,$tmp4) = ($a4,$a5,$a6,$a7,$at,$t0,$t1);
93 # if defined(_MIPS_ARCH_MIPS64R2)
94 dsbh $in0,$in0 # byte swap
101 or $tmp0,$tmp2 # 0x000000FF000000FF
103 and $tmp1,$in0,$tmp0 # byte swap
111 dsll $tmp0,8 # 0x0000FF000000FF00
138 daddiu $tmp0,-1 # 0ffffffc0fffffff
141 daddiu $tmp0,-3 # 0ffffffc0ffffffc
147 daddu $tmp0,$in1 # s1 = r1 + (r1 >> 2)
156 my ($h0,$h1,$h2,$r0,$r1,$s1,$d0,$d1,$d2) =
157 ($s0,$s1,$s2,$s3,$s4,$s5,$in0,$in1,$t2);
161 .globl poly1305_blocks
165 dsrl $len,4 # number of complete blocks
170 .mask $SAVED_REGS_MASK,-8
175 $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
184 ld $h0,0($ctx) # load hash value
188 ld $r0,24($ctx) # load key
193 ldl $in0,0+MSB($inp) # load input
200 # if defined(_MIPS_ARCH_MIPS64R2)
201 dsbh $in0,$in0 # byte swap
208 or $tmp0,$tmp2 # 0x000000FF000000FF
210 and $tmp1,$in0,$tmp0 # byte swap
218 dsll $tmp0,8 # 0x0000FF000000FF00
241 daddu $h0,$in0 # accumulate input
247 dmultu $r0,$h0 # h0*r0
253 dmultu $s1,$h1 # h1*5*r1
259 dmultu $r1,$h0 # h0*r1
267 dmultu $r0,$h1 # h1*r0
274 dmultu $s1,$h2 # h2*5*r1
279 dmultu $r0,$h2 # h2*r0
289 li $tmp0,-4 # final reduction
302 sd $h0,0($ctx) # store hash value
307 ld $s5,0($sp) # epilogue
310 $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi epilogue
326 my ($ctx,$mac,$nonce) = ($a0,$a1,$a2);
340 daddiu $in0,$tmp0,5 # compare to modulus
342 daddu $in1,$tmp1,$tmp3
343 sltu $tmp3,$in1,$tmp3
344 daddu $tmp2,$tmp2,$tmp3
346 dsrl $tmp2,2 # see if it carried/borrowed
347 dsubu $tmp2,$zero,$tmp2
348 nor $tmp3,$zero,$tmp2
357 lwu $tmp0,0($nonce) # load nonce
366 daddu $in0,$tmp0 # accumulate nonce
368 sltu $tmp0,$in0,$tmp0
371 dsrl $tmp0,$in0,8 # write mac value
406 .asciiz "Poly1305 for MIPS64, CRYPTOGAMS by <appro\@openssl.org>"
411 $output=pop and open STDOUT,">$output";