2 # Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
12 # project. The module is, however, dual licensed under OpenSSL and
13 # CRYPTOGAMS licenses depending on where you obtain it. For further
14 # details see http://www.openssl.org/~appro/cryptogams/.
15 # ====================================================================
17 # SHA256/512 for PowerISA v2.07.
19 # Accurate performance measurements are problematic, because it's
20 # always virtualized setup with possibly throttled processor.
21 # Relative comparison is therefore more informative. This module is
22 # ~60% faster than integer-only sha512-ppc.pl. To anchor to something
23 # else, SHA256 is 24% slower than sha1-ppc.pl and 2.5x slower than
24 # hardware-assisted aes-128-cbc encrypt. SHA512 is 20% faster than
25 # sha1-ppc.pl and 1.6x slower than aes-128-cbc. Another interesting
26 # result is degree of computational resources' utilization. POWER8 is
27 # "massively multi-threaded chip" and difference between single- and
28 # maximum multi-process benchmark results tells that utilization is
29 # whooping 94%. For sha512-ppc.pl we get [not unimpressive] 84% and
30 # for sha1-ppc.pl - 73%. 100% means that multi-process result equals
31 # to single-process one, given that all threads end up on the same
34 ######################################################################
35 # Believed-to-be-accurate results in cycles per processed byte [on
36 # little-endian system]. Numbers in square brackets are for 64-bit
37 # build of sha512-ppc.pl, presented for reference.
40 # SHA256 9.7 [15.8] 11.2 [12.5]
41 # SHA512 6.1 [10.3] 7.0 [7.9]
46 if ($flavour =~ /64/) {
52 } elsif ($flavour =~ /32/) {
58 } else { die "nonsense $flavour"; }
60 $LENDIAN=($flavour=~/le/);
62 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
63 ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
64 ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
65 die "can't locate ppc-xlate.pl";
67 open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
69 if ($output =~ /512/) {
81 $func="sha${bits}_block_p8";
82 $LOCALS=8*$SIZE_T+8*16;
83 $FRAME=$LOCALS+9*16+6*$SIZE_T;
95 @I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70) = (0,map("r$_",(10,26..31)));
97 @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7));
98 @X=map("v$_",(8..19,24..27));
99 ($Ki,$Func,$Sigma,$lemask)=map("v$_",(28..31));
102 my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
106 $code.=<<___ if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1));
107 lvx_u @X[$i+1],0,$inp ; load X[i] in advance
110 $code.=<<___ if ($i<16 && ($i%(16/$SZ)));
111 vsldoi @X[$i],@X[$i-1],@X[$i-1],$SZ
113 $code.=<<___ if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0);
114 vperm @X[$i],@X[$i],@X[$i],$lemask
116 $code.=<<___ if ($i>=15);
117 vshasigma${sz} $Sigma,@X[($j+1)%16],0,0
118 vaddu${sz}m @X[$j],@X[$j],$Sigma
119 vshasigma${sz} $Sigma,@X[($j+14)%16],0,15
120 vaddu${sz}m @X[$j],@X[$j],$Sigma
121 vaddu${sz}m @X[$j],@X[$j],@X[($j+9)%16]
124 vaddu${sz}m $h,$h,@X[$i%16] ; h+=X[i]
125 vsel $Func,$g,$f,$e ; Ch(e,f,g)
126 vaddu${sz}m $g,$g,$Ki ; future h+=K[i]
127 vaddu${sz}m $h,$h,$Func ; h+=Ch(e,f,g)
128 vshasigma${sz} $Sigma,$e,1,15 ; Sigma1(e)
129 vaddu${sz}m $h,$h,$Sigma ; h+=Sigma1(e)
131 vsel $Func,$b,$c,$Func ; Maj(a,b,c)
132 vaddu${sz}m $d,$d,$h ; d+=h
133 vshasigma${sz} $Sigma,$a,1,0 ; Sigma0(a)
134 vaddu${sz}m $Sigma,$Sigma,$Func ; Sigma0(a)+Maj(a,b,c)
135 vaddu${sz}m $h,$h,$Sigma ; h+=Sigma0(a)+Maj(a,b,c)
136 lvx $Ki,@I[$k],$idx ; load next K[i]
138 $code.=<<___ if ($k == 7);
150 $STU $sp,-$FRAME($sp)
154 stvx v24,r10,$sp # ABI says so
169 li r11,-4096+255 # 0xfffff0ff
170 stw $vrsave,`$FRAME-6*$SIZE_T-4`($sp) # save vrsave
172 $PUSH r26,`$FRAME-6*$SIZE_T`($sp)
174 $PUSH r27,`$FRAME-5*$SIZE_T`($sp)
176 $PUSH r28,`$FRAME-4*$SIZE_T`($sp)
178 $PUSH r29,`$FRAME-3*$SIZE_T`($sp)
180 $PUSH r30,`$FRAME-2*$SIZE_T`($sp)
182 $PUSH r31,`$FRAME-1*$SIZE_T`($sp)
184 $PUSH $lrsave,`$FRAME+$LRSAVE`($sp)
188 addi $offload,$sp,`8*$SIZE_T+15`
190 $code.=<<___ if ($LENDIAN);
194 vxor $lemask,$lemask,$Ki
196 $code.=<<___ if ($SZ==4);
199 vsldoi $B,$A,$A,4 # unpack
206 $code.=<<___ if ($SZ==8);
210 vsldoi $B,$A,$A,8 # unpack
217 li r0,`($rounds-16)/16` # inner loop counter
224 mr $idx,$Tbl # copy $Tbl
225 stvx $A,$x00,$offload # offload $A-$H
226 stvx $B,$x10,$offload
227 stvx $C,$x20,$offload
228 stvx $D,$x30,$offload
229 stvx $E,$x40,$offload
230 stvx $F,$x50,$offload
231 stvx $G,$x60,$offload
232 stvx $H,$x70,$offload
233 vaddu${sz}m $H,$H,$Ki # h+K[i]
236 for ($i=0;$i<16;$i++) { &ROUND($i,@V); unshift(@V,pop(@V)); }
243 for (;$i<32;$i++) { &ROUND($i,@V); unshift(@V,pop(@V)); }
247 lvx @X[2],$x00,$offload
249 lvx @X[3],$x10,$offload
250 vaddu${sz}m $A,$A,@X[2]
251 lvx @X[4],$x20,$offload
252 vaddu${sz}m $B,$B,@X[3]
253 lvx @X[5],$x30,$offload
254 vaddu${sz}m $C,$C,@X[4]
255 lvx @X[6],$x40,$offload
256 vaddu${sz}m $D,$D,@X[5]
257 lvx @X[7],$x50,$offload
258 vaddu${sz}m $E,$E,@X[6]
259 lvx @X[8],$x60,$offload
260 vaddu${sz}m $F,$F,@X[7]
261 lvx @X[9],$x70,$offload
262 vaddu${sz}m $G,$G,@X[8]
263 vaddu${sz}m $H,$H,@X[9]
266 $code.=<<___ if ($SZ==4);
268 vperm $A,$A,$B,$Ki # pack the answer
278 $code.=<<___ if ($SZ==8);
279 vperm $A,$A,$B,$Ki # pack the answer
293 lvx v24,r10,$sp # ABI says so
307 $POP r26,`$FRAME-6*$SIZE_T`($sp)
308 $POP r27,`$FRAME-5*$SIZE_T`($sp)
309 $POP r28,`$FRAME-4*$SIZE_T`($sp)
310 $POP r29,`$FRAME-3*$SIZE_T`($sp)
311 $POP r30,`$FRAME-2*$SIZE_T`($sp)
312 $POP r31,`$FRAME-1*$SIZE_T`($sp)
316 .byte 0,12,4,1,0x80,6,3,0
321 # Ugly hack here, because PPC assembler syntax seem to vary too
322 # much from platforms to platform...
328 mflr $Tbl ; vvvvvv "distance" between . and 1st data entry
329 addi $Tbl,$Tbl,`64-8`
333 .byte 0,12,0x14,0,0,0,0,0
339 foreach(@_) { $code.=".quad $_,$_\n"; }
342 "0x428a2f98d728ae22","0x7137449123ef65cd",
343 "0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc",
344 "0x3956c25bf348b538","0x59f111f1b605d019",
345 "0x923f82a4af194f9b","0xab1c5ed5da6d8118",
346 "0xd807aa98a3030242","0x12835b0145706fbe",
347 "0x243185be4ee4b28c","0x550c7dc3d5ffb4e2",
348 "0x72be5d74f27b896f","0x80deb1fe3b1696b1",
349 "0x9bdc06a725c71235","0xc19bf174cf692694",
350 "0xe49b69c19ef14ad2","0xefbe4786384f25e3",
351 "0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65",
352 "0x2de92c6f592b0275","0x4a7484aa6ea6e483",
353 "0x5cb0a9dcbd41fbd4","0x76f988da831153b5",
354 "0x983e5152ee66dfab","0xa831c66d2db43210",
355 "0xb00327c898fb213f","0xbf597fc7beef0ee4",
356 "0xc6e00bf33da88fc2","0xd5a79147930aa725",
357 "0x06ca6351e003826f","0x142929670a0e6e70",
358 "0x27b70a8546d22ffc","0x2e1b21385c26c926",
359 "0x4d2c6dfc5ac42aed","0x53380d139d95b3df",
360 "0x650a73548baf63de","0x766a0abb3c77b2a8",
361 "0x81c2c92e47edaee6","0x92722c851482353b",
362 "0xa2bfe8a14cf10364","0xa81a664bbc423001",
363 "0xc24b8b70d0f89791","0xc76c51a30654be30",
364 "0xd192e819d6ef5218","0xd69906245565a910",
365 "0xf40e35855771202a","0x106aa07032bbd1b8",
366 "0x19a4c116b8d2d0c8","0x1e376c085141ab53",
367 "0x2748774cdf8eeb99","0x34b0bcb5e19b48a8",
368 "0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb",
369 "0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3",
370 "0x748f82ee5defb2fc","0x78a5636f43172f60",
371 "0x84c87814a1f0ab72","0x8cc702081a6439ec",
372 "0x90befffa23631e28","0xa4506cebde82bde9",
373 "0xbef9a3f7b2c67915","0xc67178f2e372532b",
374 "0xca273eceea26619c","0xd186b8c721c0c207",
375 "0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178",
376 "0x06f067aa72176fba","0x0a637dc5a2c898a6",
377 "0x113f9804bef90dae","0x1b710b35131c471b",
378 "0x28db77f523047d84","0x32caab7b40c72493",
379 "0x3c9ebe0a15c9bebc","0x431d67c49c100d4c",
380 "0x4cc5d4becb3e42b6","0x597f299cfc657e2a",
381 "0x5fcb6fab3ad6faec","0x6c44198c4a475817","0");
382 $code.=<<___ if (!$LENDIAN);
383 .quad 0x0001020304050607,0x1011121314151617
385 $code.=<<___ if ($LENDIAN); # quad-swapped
386 .quad 0x1011121314151617,0x0001020304050607
390 foreach(@_) { $code.=".long $_,$_,$_,$_\n"; }
393 "0x428a2f98","0x71374491","0xb5c0fbcf","0xe9b5dba5",
394 "0x3956c25b","0x59f111f1","0x923f82a4","0xab1c5ed5",
395 "0xd807aa98","0x12835b01","0x243185be","0x550c7dc3",
396 "0x72be5d74","0x80deb1fe","0x9bdc06a7","0xc19bf174",
397 "0xe49b69c1","0xefbe4786","0x0fc19dc6","0x240ca1cc",
398 "0x2de92c6f","0x4a7484aa","0x5cb0a9dc","0x76f988da",
399 "0x983e5152","0xa831c66d","0xb00327c8","0xbf597fc7",
400 "0xc6e00bf3","0xd5a79147","0x06ca6351","0x14292967",
401 "0x27b70a85","0x2e1b2138","0x4d2c6dfc","0x53380d13",
402 "0x650a7354","0x766a0abb","0x81c2c92e","0x92722c85",
403 "0xa2bfe8a1","0xa81a664b","0xc24b8b70","0xc76c51a3",
404 "0xd192e819","0xd6990624","0xf40e3585","0x106aa070",
405 "0x19a4c116","0x1e376c08","0x2748774c","0x34b0bcb5",
406 "0x391c0cb3","0x4ed8aa4a","0x5b9cca4f","0x682e6ff3",
407 "0x748f82ee","0x78a5636f","0x84c87814","0x8cc70208",
408 "0x90befffa","0xa4506ceb","0xbef9a3f7","0xc67178f2","0");
409 $code.=<<___ if (!$LENDIAN);
410 .long 0x00010203,0x10111213,0x10111213,0x10111213
411 .long 0x00010203,0x04050607,0x10111213,0x10111213
412 .long 0x00010203,0x04050607,0x08090a0b,0x10111213
414 $code.=<<___ if ($LENDIAN); # word-swapped
415 .long 0x10111213,0x10111213,0x10111213,0x00010203
416 .long 0x10111213,0x10111213,0x04050607,0x00010203
417 .long 0x10111213,0x08090a0b,0x04050607,0x00010203
421 .asciz "SHA${bits} for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
425 $code =~ s/\`([^\`]*)\`/eval $1/gem;